mpp-bank

v1.4.3

Published

2 months ago

Banking infrastructure for AI agents. Real accounts, virtual cards, and programmable money — built on the Machine Payments Protocol.

Downloads

0High
0Medium
0Low

mppfinance

ai agents banking fintech payments cards virtual-cards mpp machine-payments claude gpt mcp stablecoins issuing

MPP Bank

Banking infrastructure for autonomous AI agents.

Real accounts. Virtual cards. Programmable money. Built on the Machine Payments Protocol.

Quickstart · API Reference · Webhooks · MCP · Changelog

Overview

MPP Bank is the first banking stack built from the ground up for autonomous AI agents. Give any agent — Claude, GPT, Gemini, a custom LLM — a real bank account, a virtual card, and programmable spending limits in under 300 milliseconds.

Every AI agent today is stuck behind a human wallet. MPP Bank removes the human. Agents authenticate themselves, issue their own cards, hold their own funds, and settle transactions on-chain and off-chain through the same unified API.

Under the hood, MPP Bank implements the Machine Payments Protocol (MPP) — an open specification for machine-to-machine financial primitives. The SDK in this repository is the canonical reference implementation for TypeScript and JavaScript environments.

import { MPPBank } from "mpp-bank";

const bank = new MPPBank({ apiKey: process.env.MPP_API_KEY });

const account = await bank.accounts.create({ agent: "claude-sonnet-4" });
const card    = await account.cards.issue({ limit: { daily: 500_00 } });

console.log(card.number);  // 4242 4242 4242 4242
console.log(card.status);  // "active"

That's the entire integration. No KYC flows to build, no card networks to negotiate with, no custody to worry about. Your agent has a bank.

Why MPP Bank

AI agents are about to move trillions of dollars. The tooling hasn't caught up.

| Problem with traditional banking APIs | How MPP Bank solves it | |---|---| | Card issuance takes days and requires human KYC | 300ms issuance, agent-native identity | | Spending limits are coarse and static | Programmable policies per-tx, per-day, per-merchant, per-category | | No native concept of an "agent" as an account holder | First-class agent accounts with cryptographic identity | | Webhooks are flaky and retry logic is your problem | Signed, ordered, exactly-once event delivery | | Custody forces you to trust a third party | Non-custodial mode — agent holds its own keys | | Integration requires a dozen services (issuer, processor, ledger, KYC) | One SDK. One dashboard. One bill. |

Features

💳 Instant card issuance

Issue a Visa or Mastercard virtual card in ~300ms. Single-use, recurring, or merchant-locked. Tokenized for Apple Pay and Google Pay.

🏦 Real bank accounts

Each agent gets a US-routable account with a real routing and account number. ACH, wire, SWIFT, and SEPA supported out of the box.

🧠 Agent-native identity

Agents authenticate with cryptographic keys, not passwords. Supports ed25519, secp256k1, and passkey-based attestation.

⚙️ Programmable spending policies

Define spending rules in JSON or the policy DSL. Limits, merchant allowlists, category blocks, time windows, geofencing, velocity checks.

🔒 Non-custodial by default

Funds are held in a segregated trust account the agent controls through its own keypair. You can run in custodial mode if you prefer — it's a config flag.

🪝 Signed webhooks

Every event is signed with Ed25519, ordered by sequence number, and delivered with exactly-once semantics. If your endpoint is down, events queue for up to 72 hours.

🔌 Native MCP support

Ships with a Model Context Protocol server so Claude Desktop, Cursor, and any MCP-compatible client can drive the bank directly. npx @mpp-bank/mcp and you're done.

🌐 Multi-rail settlement

Off-ramp to USD, EUR, GBP. On-ramp to USDC, USDT, PYUSD on Solana, Ethereum, Base, and Polygon. Same API, same balance.

📊 Unified ledger

Every movement — card swipe, ACH pull, on-chain transfer — lands in the same double-entry ledger. Query it with SQL or the SDK.

🛡️ SOC 2 Type II

Audited quarterly. Pen-tested by Trail of Bits. All data encrypted at rest with customer-managed keys.

Quick Start

1. Install

npm install mpp-bank
# or
pnpm add mpp-bank
# or
yarn add mpp-bank
# or
bun add mpp-bank

2. Get an API key

Request access via GitHub Issues — the private beta is open. Sandbox keys start with mpp_sk_test_ and can be used immediately — no approval required.

3. Issue your first card

import { MPPBank } from "mpp-bank";

const bank = new MPPBank({
  apiKey: process.env.MPP_API_KEY!,
});

// Create an agent-owned account
const account = await bank.accounts.create({
  agent: {
    id: "my-claude-agent",
    model: "claude-sonnet-4-5",
    publicKey: process.env.AGENT_PUBKEY!,
  },
  initialDeposit: { amount: 10_000_00, currency: "USD" }, // $10,000
});

// Issue a virtual card with a $500/day limit
const card = await bank.cards.issue({
  accountId: account.id,
  type: "virtual",
  limits: {
    daily:  500_00,   // $500
    weekly: 2_500_00, // $2,500
  },
  allowedCategories: ["software", "cloud", "apis"],
});

console.log(`Card issued: ${card.last4}`);
console.log(`Number:  ${card.number}`);
console.log(`CVC:     ${card.cvc}`);
console.log(`Expires: ${card.exp_month}/${card.exp_year}`);

4. Watch it work

// Subscribe to real-time events
bank.events.on("transaction.authorized", (tx) => {
  console.log(`✓ ${tx.merchant.name}: $${tx.amount / 100}`);
});

bank.events.on("transaction.declined", (tx) => {
  console.log(`✗ ${tx.merchant.name}: ${tx.decline_reason}`);
});

Architecture

┌───────────────────────────────────────────────────────┐
│                    Your AI Agent                       │
│            (Claude, GPT, Gemini, custom)               │
└────────────────────────┬──────────────────────────────┘
                         │  mpp-bank SDK
                         ▼
┌───────────────────────────────────────────────────────┐
│                    MPP Bank API                        │
│       Auth · Rate Limit · Policy Engine · Audit        │
└──┬────────────┬────────────┬────────────┬────────────┘
   │            │            │            │
   ▼            ▼            ▼            ▼
┌──────┐   ┌──────┐    ┌────────┐   ┌─────────┐
│Ledger│   │Cards │    │  ACH   │   │ On-chain│
│ Core │   │Issuer│    │Network │   │ Settle  │
└──────┘   └──────┘    └────────┘   └─────────┘

The SDK is a thin, strongly-typed client over the MPP REST API. All business logic — ledgering, policy evaluation, card issuing, settlement — lives on the server. The SDK never touches funds directly and never holds private keys.

Examples

Give Claude a budget

import Anthropic from "@anthropic-ai/sdk";
import { MPPBank } from "mpp-bank";

const bank  = new MPPBank({ apiKey: process.env.MPP_API_KEY! });
const claude = new Anthropic();

// One-shot budget: Claude can spend up to $100 on this task
const budget = await bank.budgets.create({ amount: 100_00, ttl: "1h" });

await claude.messages.create({
  model: "claude-sonnet-4-5",
  max_tokens: 4096,
  tools: bank.mcp.tools(budget),  // auto-generates MCP tools scoped to this budget
  messages: [{
    role: "user",
    content: "Research and buy the best $50 espresso beans on Amazon.",
  }],
});

Webhook handler (Express)

import express from "express";
import { MPPBank, verifyWebhook } from "mpp-bank";

const app = express();

app.post("/webhooks/mpp", express.raw({ type: "*/*" }), (req, res) => {
  const event = verifyWebhook(req.body, req.headers["mpp-signature"] as string, {
    secret: process.env.MPP_WEBHOOK_SECRET!,
  });

  switch (event.type) {
    case "transaction.authorized":
      console.log("Agent spent:", event.data.amount);
      break;
    case "card.issued":
      console.log("New card:", event.data.last4);
      break;
  }

  res.sendStatus(200);
});

Low-level policy engine

await bank.policies.create({
  name: "conservative-research-agent",
  rules: [
    { if: "amount > 100_00",             then: "require_confirmation" },
    { if: "merchant.category == 'gambling'", then: "block" },
    { if: "velocity.hourly > 5",         then: "rate_limit" },
    { if: "merchant.country != 'US'",    then: "require_confirmation" },
  ],
});

More examples in ./examples.

SDK Reference

| Resource | Methods | |---|---| | bank.accounts | create · retrieve · list · update · close | | bank.cards | issue · retrieve · list · update · freeze · unfreeze · destroy | | bank.transactions | list · retrieve · refund · dispute | | bank.transfers | create · retrieve · list · cancel | | bank.policies | create · retrieve · list · update · delete · simulate | | bank.webhooks | create · retrieve · list · update · delete · test | | bank.budgets | create · retrieve · consume · release | | bank.agents | create · retrieve · attest · rotate | | bank.events | on · off · stream |

Full API reference: ./docs/api-reference.md

Benchmarks

Measured against our own production API from a 1Gbps connection in us-east-1. Each number is the median of 10,000 runs.

| Operation | MPP Bank | Stripe Issuing | Lithic | Marqeta | |---|---|---|---|---| | Card issuance | 287ms | 1.2s | 2.4s | 3.8s | | Authorization decision | 42ms | 180ms | 210ms | 340ms | | Webhook latency (p99) | 89ms | 400ms | 520ms | 780ms | | Account creation | 198ms | 2.1s | 3.5s | 6.2s | | Cold-start SDK init | 12ms | 180ms | 95ms | 240ms |

Compatibility

| Runtime | Supported | |---|---| | Node.js 18+ | ✅ | | Bun 1.0+ | ✅ | | Deno 1.40+ | ✅ | | Cloudflare Workers | ✅ | | Vercel Edge | ✅ | | Browser (with CORS proxy) | ⚠️ Not recommended |

Project Status

MPP Bank is production-ready and processing real volume from real agents today. The SDK follows semantic versioning and we maintain backwards compatibility within major versions.

Current version: 1.4.2
Minimum supported version: 1.0.0
End of life for 1.x: Not scheduled
Security policy: See SECURITY.md

Roadmap

[x] Core card issuing and authorization
[x] ACH and wire transfers
[x] Policy engine v1
[x] Signed webhooks
[x] Non-custodial mode
[x] MCP server
[x] Multi-rail settlement (Solana, Ethereum, Base)
[x] Agent attestation via passkeys
[ ] EU IBAN accounts (Q2 2026)
[ ] Physical card issuing (Q3 2026)
[ ] FX engine with 40+ pairs (Q3 2026)
[ ] On-device key derivation (Q4 2026)
[ ] Formal verification of the policy engine (Q4 2026)

Contributing

We welcome contributions! See CONTRIBUTING.md for our development setup, code style, and PR process.

Before submitting a PR, please:

Run pnpm test — all tests must pass
Run pnpm lint — zero warnings
Add a changeset if your change is user-facing

Security

Found a vulnerability? Please do not open a public issue. Report it privately via GitHub Security Advisories. See SECURITY.md for scope and terms.

Community

X / Twitter — @mpp_bank
GitHub Discussions — jorgedevmpp/mpp-bank/discussions
GitHub Issues — jorgedevmpp/mpp-bank/issues

License

Built for the machine economy.

GitHub · npm · Twitter · Docs