npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@three-ws/agentcore-payments-mcp

v0.1.2

Published

Platform-managed agent payment sessions — create a budget, pay any x402 endpoint without holding a private key. Governed by spend limits, URL allowlists, and per-tx ceilings. The agent proposes spend; three.ws governance enforces policy.

Downloads

296

Readme

@three-ws/agentcore-payments-mcp

MCP server for three.ws Agent Payment Sessions — govern agent x402 spending without exposing private keys.

Concept

The agent does not hold a wallet. It proposes spend. Governance enforces policy.

A Payment Session is a budget envelope you fund once from your three.ws credits. You hand an agent the session bearer token; the agent calls paid x402 endpoints through this server. The platform's wallet signs every transaction. The session's allowlist, per-transaction ceiling, and total budget are enforced atomically on the server — the agent can never overspend.

Quick start

# Configure
export THREE_WS_SESSION="__Host-sid=<your-session-cookie>"
export PAYMENT_SESSION_TOKEN="pss_<session-id>_<random>"

# Run
npx @three-ws/agentcore-payments-mcp

MCP client config (~/.cursor/mcp.json, Claude Desktop, etc.):

{
  "mcpServers": {
    "three-ws-payments": {
      "command": "npx",
      "args": ["-y", "@three-ws/agentcore-payments-mcp"],
      "env": {
        "THREE_WS_SESSION": "__Host-sid=...",
        "PAYMENT_SESSION_TOKEN": "pss_..."
      }
    }
  }
}

Environment variables

| Variable | Required | Description | |---|---|---| | THREE_WS_SESSION | For session management tools | Browser session cookie (__Host-sid=...) for creating/listing/cancelling sessions | | PAYMENT_SESSION_TOKEN | For pay_with_session default | Bearer token returned when you created a session; passed as the default when no inline token is provided | | THREE_WS_BASE | No | Base URL (default: https://three.ws) | | THREE_WS_TIMEOUT_MS | No | Request timeout in ms (default: 30000) |

Tools

create_payment_session

Create a new session funded from your credits.

{
  "budget_usd": 10.00,
  "label": "Research agent — June sprint",
  "expiry_seconds": 86400,
  "max_per_tx_usd": 0.50,
  "allowed_hosts": ["api.example.com", "data.provider.io"],
  "network": "solana"
}

Returns { session, token }. The token is shown once — store it immediately.

pay_with_session

Pay an x402 endpoint using a session token. The platform wallet signs; your session's policy is enforced.

{
  "url": "https://api.example.com/data",
  "method": "GET",
  "session_token": "pss_...",
  "idempotency_key": "run-42-fetch-data"
}

Returns { ok, paid, result, payment, session } with the tx hash, explorer link, and updated budget.

If session_token is omitted, the PAYMENT_SESSION_TOKEN env var is used.

check_payment_session

Inspect a session's budget, status, and recent payments.

{ "session_id": "...", "include_executions": true }

list_payment_sessions

List all sessions for the authenticated user, with aggregate stats.

{ "status": "active", "limit": 20 }

cancel_payment_session

Cancel a session and refund the un-spent budget to your credits.

{ "session_id": "..." }

Network support

| Session network | Platform payer | USDC contract | |---|---|---| | solana (default) | X402_AGENT_SOLANA_SECRET_BASE58 | Solana mainnet USDC | | base | X402_EVM_AGENT_PRIVATE_KEY | Base mainnet USDC (0x8335…) |

Integrating with @three-ws/x402-mcp

The existing pay_and_call tool in @three-ws/x402-mcp now accepts session_token directly:

{
  "url": "https://api.example.com/endpoint",
  "session_token": "pss_...",
  "confirm": true
}

This routes the payment through /api/pay/execute instead of signing locally — the session's governance policy applies.

Session lifecycle

create (budget debited from credits)
  └─ active → pay_with_session calls spend against budget
       ├─ exhausted (budget fully consumed)
       ├─ expired (TTL elapsed — cron refunds remaining budget)
       └─ cancelled (manual — remaining budget refunded immediately)

Security properties

  • No key exposure: the session token is a time-bounded, HMAC-signed grant. Compromising it lets an attacker spend up to the remaining budget at allowed hosts — nothing more.
  • Atomic budget enforcement: concurrent payments use a SQL UPDATE … WHERE remaining >= amount RETURNING — two simultaneous requests can never collectively overspend.
  • Allowlist: if allowed_hosts is set, the governor rejects any request to a host not on the list before signing.
  • Per-transaction cap: max_per_tx_usd prevents a single large payment draining the entire budget.
  • SSRF protection: all x402 target URLs are validated against a public-IP allowlist and DNS-resolved server-side before any payment is signed.