npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@proofxhq/agentpass

v1.3.0

Published

The credit check for AI agents. Trust scoring, signed payments, spend limits, and compliance for autonomous agents.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

proofxhqproofxhq

Keywords

ai-agentstrust-scoringpaymentsecdsasigned-paymentsmcpmcpsagent-securityspend-limitscompliancestripeautonomous-agentscredit-check

Readme

agentpass

The credit check for AI agents. Trust scoring, signed payments, spend limits, and compliance for autonomous agents.

Zero dependencies. Works with any agent framework.

The Problem

AI agents are making payments autonomously via Stripe MPP, but:

  • No way to check if an agent is trustworthy before letting it pay
  • No per-agent spend limits at the protocol level
  • No proof which agent authorised which payment
  • No audit trail linking agent identity to transactions
  • A captured payment request can be replayed

AgentPass solves this. Platforms query agent trust before granting access -- the same way a bank checks your credit score before approving a loan.

Install

npm install @proofxhq/agentpass

Quick Start

const { Client, register } = require('@proofxhq/agentpass');

// 1. Register (once)
const account = await register({
  email: '[email protected]',
  name: 'Your Name',
  password: 'SecurePass123!',
  company: 'Your Company'
});

// 2. Create client
const client = new Client({
  apiKey: account.apiKey
});

// 3. Create an agent
const agent = await client.createAgent({
  name: 'procurement-bot',
  scope: ['payments']
});

// 4. Make a payment (trust-checked, signed, audited)
const tx = await client.pay({
  agentId: agent.id,
  to: 'aws.amazon.com',
  amount: 5000,       // $50.00 in cents
  currency: 'usd',
  description: 'EC2 instance'
});

Trust Levels

Agents earn spending authority through proven behaviour:

| Level | Score | Per Transaction | Daily Limit | Use Case | |-------|-------|----------------|-------------|----------| | L0 | 0-19 | $0 | $0 | No financial access | | L1 | 20-39 | $10 | $50 | Micro-payments | | L2 | 40-59 | $100 | $500 | Standard transactions | | L3 | 60-79 | $1,000 | $5,000 | Enterprise purchasing | | L4 | 80-100 | $50,000 | $200,000 | Full access (audited) |

Trust score is computed from 5 weighted dimensions: code attestation, execution success, behavioural consistency, operational tenure, and anomaly history.

Public Trust API

Any platform can check an agent's trust -- no auth required:

curl https://agentpass.co.uk/api/public/trust/agent_abc123
{
  "agentId": "agent_abc123",
  "status": "ACTIVE",
  "trust": { "score": 73, "level": 3, "label": "L3" },
  "recommendation": "ALLOW",
  "spendLimits": { "perTransaction": 100000, "daily": 500000 }
}

Security

Every transaction is ECDSA P-256 signed, replay protected, hash-chained, and anomaly scanned.

Additional protections:

  • Developer-level aggregate spend limits (Sybil protection)
  • Self-dealing detection (zero trust credit for circular payments)
  • Dormancy auto-demotion (30/60/90 day inactivity penalties)
  • Promotion rate limiting (minimum days at each level)
  • Limit probing detection (near-boundary pattern blocking)
  • Rate limiting on all endpoints

API Reference

// Agents
await client.createAgent({ name: 'bot', scope: ['payments'] });
await client.listAgents();
await client.getPassport(agentId);
await client.revokeAgent(agentId);

// Payments
await client.pay({ agentId, to, amount, currency });
await client.agentPay(fromId, toId, amount);
await client.listTransactions();

// Trust
await client.trustScore(agentId);
await client.trustReport(agentId);
await client.trustEvents(agentId);

// Wallet
await client.balance();
await client.topup({ amount: 100000 });

Error Handling

const { TrustLimitError, InsufficientFundsError, ReplayError } = require('@proofxhq/agentpass');

try {
  await client.pay({ agentId, to, amount: 999999, currency: 'usd' });
} catch (err) {
  if (err instanceof TrustLimitError) {
    // "Payment exceeds trust level L2 tx limit"
  }
}

How It Fits

Your AI Agent
    |
    v
AgentPass (trust check + sign + limit + audit)
    |
    v
Stripe / Payment Processor

Standards

  • Signing: ECDSA P-256
  • Audit: JSON + RFC 5424 syslog
  • Based on MCPS Internet-Draft (IETF)
  • Patent pending: CSAI-PAT-003

License

MIT

Links