CCM
/MCP
SkillsMCPMarketplacesDigestToolsAdvertise

This week in Claude

Every Monday: Claude Code, Agent SDK, MCP, and the Anthropic platform moves worth your time.

Skills by Category
Frontend DevelopmentBackend & APIsTesting & QASecurityDevOps & CI/CDGit & Pull RequestsDocumentationCode Review & QualityAI & Agent BuildingSkill Development
MCP Servers by Category
Sales & MarketingWeb & Browser AutomationDatabasesAI & LLM ToolsCloud & InfrastructureCommunication & MessagingDeveloper ToolsDesign & CreativeDocuments & KnowledgeSearch & Web Crawling
Marketplaces by Category
AI Agents & OrchestrationLLM IntegrationDevelopment ToolsFrontend & UIBackend & APIsDatabasesTesting & Code QualityDevOps & CloudSecurity & ComplianceGit & Version Control

Claude Code Marketplaces

Discover Claude Code plugins, extensions, and tools. Automatically updated directory of Anthropic Claude AI marketplaces with development tools, productivity plugins, and integrations.

Resources

  • Browse Skills
  • Browse MCP Servers
  • Browse Marketplaces
  • Plugins Reference

Community

  • About
  • Tools
  • Feedback
  • Privacy Policy
  • Advertise

Built for the Claude Code community with Claude Code by @mertduzgun

Independent project, not affiliated with Anthropic

Presidio Hardened X402 Mcp

presidio-v/presidio-hardened-x402-mcp
1STDIOregistry active
Summary

Gives agents three gates to run before signing x402 payments: `screen_payment_metadata` redacts PII from URLs and description text, `check_payment_policy` enforces per-call and daily spending caps, and `check_payment_replay` blocks duplicate payments via HMAC fingerprinting. Wraps the presidio-hardened-x402 library in process by default, so no PII leaves the agent host. You can optionally point it at a remote screening service with `PRESIDIO_X402_MCP_REMOTE_BASE_URL` for centralized audit. Designed to compose with x402station and Coinbase x402 MCP servers in the flow right before pay(). Policy and replay checks record state on call, so sequence them immediately before payment execution. The screening step is read-only and safe to run multiple times.

CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →

presidio-hardened-x402-mcp

PyPI version Python GitHub release License: MIT CI

Pre-payment safety gate for x402 — agents call screen_payment_metadata(...), check_payment_policy(...), and check_payment_replay(...) before signing, catching PII, budget overruns, and duplicate payments before metadata or money leaves the agent host.

Part of the presidio-hardened-* toolkit family. Thin MCP (Model Context Protocol) adapter over the presidio-hardened-x402 library, pinned for parent 0.7.x compatibility (presidio-hardened-x402>=0.7.0,<0.8.0).

Why this exists

x402 agentic payments routinely carry user-supplied free text — descriptions, memos, query-string parameters — straight through to merchants and facilitators. When an LLM agent generates that text, it can include PII the user never intended to share. Once the merchant logs it, retention is their decision, not yours.

This MCP server gives agents a small default-deny gate before payment leaves the agent host. Three tools expose the parent library's stable pre-payment controls: PII redaction, spending policy, and replay detection. They are designed to compose with payment-execution and endpoint-safety MCP servers (x402station, Coinbase x402, Sardis, ...), while newer parent-library surfaces such as evidence-ref@1 verification and the v0.7.0 SLO broker stay in the Python library unless an MCP tool explicitly wraps them later.

Install & configure

Requires Python ≥ 3.10. Distributed on PyPI; recommended invocation via uvx (no global install).

Claude Desktop / Claude Code

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent on your platform:

{
  "mcpServers": {
    "presidio-x402": {
      "command": "uvx",
      "args": ["presidio-hardened-x402-mcp"]
    }
  }
}

Cursor / Windsurf / Continue

Same shape — every MCP host accepts command / args / env. See your editor's MCP-server docs for the config-file path.

Environment variables

All optional. Defaults give a zero-config in-process mode with no quota, no network, and no PII storage.

VariablePurposeDefault
PRESIDIO_X402_MCP_MODEregex (zero-setup) or nlp (needs [nlp] extra + a spaCy model)regex
PRESIDIO_X402_MCP_MAX_PER_CALL_USDMax USD per single payment (policy gate)unset → no limit
PRESIDIO_X402_MCP_DAILY_LIMIT_USDMax USD per rolling window (policy gate)unset → no limit
PRESIDIO_X402_MCP_PER_ENDPOINT_JSONPer-endpoint cap, e.g. '{"api.foo.com": 5.00}'unset
PRESIDIO_X402_MCP_WINDOW_SECONDSRolling window for the daily limit86400
PRESIDIO_X402_MCP_AGENT_IDLabel written into audit recordsunset
PRESIDIO_X402_MCP_REPLAY_TTLFingerprint cache TTL (seconds)300
PRESIDIO_X402_MCP_REDIS_URLUse Redis for replay state instead of in-memoryunset
PRESIDIO_X402_MCP_AUDIT_PATHAppend-only JSON-L audit log path; omit to disableunset
PRESIDIO_X402_MCP_LOG_LEVELDEBUG / INFO / WARNING / ERRORINFO
PRESIDIO_X402_MCP_REMOTE_BASE_URLEnable HTTP-proxy mode for tool 1 — see Modesunset
PRESIDIO_X402_MCP_REMOTE_API_KEYAPI key for the remote screening serviceunset
PRESIDIO_X402_FINGERPRINT_KEY32-byte hex key for cross-process replay detectionunset (per-process)
PRESIDIO_X402_CHAIN_KEY32-byte hex key for cross-process audit-chain HMACunset (per-process)
PRESIDIO_X402_REQUIRE_FINGERPRINT_KEYFail startup if replay key is absent or invalidunset
PRESIDIO_X402_REQUIRE_CHAIN_KEYFail startup if audit-chain key is absent or invalidunset

Generate cross-process keys with openssl rand -hex 32.

Tools

screen_payment_metadata(resource_url, description, reason, entities?)

Detects and redacts PII in payment metadata. No side effects — safe to call repeatedly.

// Input
{
  "resource_url": "https://api.foo.com/u/jane@example.com",
  "description": "monthly fee for jane@example.com",
  "reason": ""
}

// Output
{
  "redacted_resource_url": "https://api.foo.com/u/<EMAIL_ADDRESS>",
  "redacted_description": "monthly fee for <EMAIL_ADDRESS>",
  "redacted_reason": "",
  "entities_found": [
    { "entity_type": "EMAIL_ADDRESS", "field": "resource_url", "count": 1 },
    { "entity_type": "EMAIL_ADDRESS", "field": "description", "count": 1 }
  ],
  "mode": "in_process"
}

entities (optional list of Presidio entity types) narrows detection to a whitelist. Field-length caps mirror the screening-api wire contract that remains stable through parent 0.7.x: resource_url ≤ 2048, description ≤ 4096, reason ≤ 4096 characters. Oversized inputs raise ValueError.

check_payment_policy(resource_url, amount_usd)

Spending-policy gate. Records the spend on success — call exactly once, immediately before payment. Skipping the actual payment after a successful check inflates the daily-limit ledger until the window rolls over.

// Input
{ "resource_url": "https://api.foo.com/x", "amount_usd": 1.50 }

// Output (allowed)
{ "allowed": true }

// Output (denied — over per-call limit of $5.00)
{ "allowed": false, "reason": "...", "limit_usd": 5.00, "amount_usd": 6.00 }

check_payment_replay(resource_url, pay_to, amount, currency, deadline_seconds)

Duplicate-payment gate via HMAC-SHA256 fingerprint of the canonical fields. Records the fingerprint on success — call exactly once, immediately before payment.

amount is a string to preserve precision. Cross-process detection requires PRESIDIO_X402_FINGERPRINT_KEY (and optionally PRESIDIO_X402_MCP_REDIS_URL); otherwise each MCP server process keeps its own in-memory store.

// Input
{
  "resource_url": "https://api.foo.com/x",
  "pay_to": "0xabc...",
  "amount": "1.50",
  "currency": "USDC",
  "deadline_seconds": 1700000000
}

// Output (first seen)
{ "is_replay": false, "fingerprint": "29aaf60f..." }

// Output (duplicate within TTL)
{ "is_replay": true, "fingerprint": "29aaf60f..." }

Modes

In-process (default). Wraps the local presidio-hardened-x402 library in the same process as the MCP server. No network, no API key, no quota. PII never leaves the agent host. Use this unless you have a specific reason not to.

HTTP-proxy. When both PRESIDIO_X402_MCP_REMOTE_BASE_URL and PRESIDIO_X402_MCP_REMOTE_API_KEY are set, screen_payment_metadata calls /v1/screen on the configured host (e.g. https://screen.presidio-group.eu) for centralized audit. On auth / quota / network failure, returns a structured { "error": "auth_error" | "rate_limit" | "unavailable", "detail": ..., "mode": "remote" } — never silently falls back to in-process. Tools 2 and 3 always stay in-process.

Composability

Designed to slot into agent flows alongside payment-execution and endpoint-safety MCP servers:

agent intent: pay https://api.foo.com/x with 1.50 USDC
    │
    ├─ x402station    preflight(url)            ← is the ENDPOINT safe? (decoys, dead, traps)
    │
    ├─ presidio-x402  screen_payment_metadata   ← is the PAYLOAD safe? (PII)
    ├─ presidio-x402  check_payment_policy      ← within budget?
    ├─ presidio-x402  check_payment_replay      ← not a duplicate?
    │
    └─ pay()

screen_payment_metadata is read-only and safe to interleave anywhere. The policy and replay gates record state on call — sequence them immediately before payment.

Combined snippet: preflight → screen → pay

Endpoint-safety and payload-safety are independent signals — calling both is what you actually want before signing. Configure the two MCP servers side-by-side:

{
  "mcpServers": {
    "x402station":   { "command": "npx", "args": ["-y", "x402station-mcp"],
                       "env": { "AGENT_PRIVATE_KEY": "0x…" } },
    "presidio-x402": { "command": "uvx", "args": ["presidio-hardened-x402-mcp"] }
  }
}

Agent flow before signing a payment (pseudocode — each step is one MCP tool call):

# 1. endpoint safety: is the URL trustworthy? (x402station-mcp)
pf = preflight(url)
if not pf["ok"]:
    abort(reason=pf["warnings"])              # decoy / zombie / dead / price-trap

# 2. payload safety: redact PII before it leaves the host (presidio-x402)
s = screen_payment_metadata(resource_url=url, description=description, reason="")
url, description = s["redacted_resource_url"], s["redacted_description"]

# 3. spend gates: record-on-success, call exactly once each (presidio-x402)
if not check_payment_policy(url, amount_usd)["allowed"]:
    abort(reason="policy")
if check_payment_replay(url, pay_to, amount, currency, deadline_seconds)["is_replay"]:
    abort(reason="replay")

# 4. sign + pay
pay(url, amount, description=description)

The two servers are developed independently, on purpose — keeping the signals uncorrelated is the point. See x402station-mcp for the preflight tool's full output schema and warning catalog.

Notes for developers

  • Logs go to stderr (MCP clients capture stderr). stdout is reserved for JSON-RPC frames.
  • The package is a thin adapter. All security logic lives in presidio-hardened-x402 — read its docs for the entity-type catalog, policy semantics, evidence-ref verification, SLO broker, and audit-chain details.
  • This MCP release intentionally exposes the same three tools as 0.1.1; the compatibility update is dependency and metadata alignment with parent 0.7.x, not a promotion of the full parent SLO/evidence surface into MCP.
  • When testing via mcp-inspector --cli, bare numeric --tool-arg amount=1.50 is auto-coerced to a float and rejected by the schema. Real MCP clients send proper JSON types; the tool's amount argument is a string to preserve precision.
  • Local dev: uv venv && uv pip install -e ".[dev]" && pytest tests/.

License

MIT. See LICENSE.

Links

  • This repo: https://github.com/presidio-v/presidio-hardened-x402-mcp
  • Issues: https://github.com/presidio-v/presidio-hardened-x402-mcp/issues
  • Parent library: https://github.com/presidio-v/presidio-hardened-x402
  • Library on PyPI: https://pypi.org/project/presidio-hardened-x402/
  • Requirements: PRESIDIO-REQ.md
  • Security policy: SECURITY.md
  • MCP spec: https://modelcontextprotocol.io
  • x402: https://x402.org

SDLC

This repository is developed under the Presidio hardened-family SDLC: https://github.com/presidio-v/presidio-hardened-docs/blob/main/sdlc/sdlc-report.md.

Featured
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
Categories
Finance & Commerce
Registryactive
Packagepresidio-hardened-x402-mcp
TransportSTDIO
UpdatedMay 31, 2026
View on GitHub

Related Finance & Commerce MCP Servers

View all →
Shopify Subscription Reconciliation MCP (Recharge Edition)

io.github.shelvick/shopify-subscription-reconciliation

Reconcile Shopify orders against Recharge subscription charges and Stripe payouts.
Google Ads

zleventer/google-ads-mcp

MCP server for Google Ads — 22 tools for spend diagnosis, impression share, and asset performance.
1
Meok Stripe Acp Checkout Mcp

csoai-org/meok-stripe-acp-checkout-mcp

MEOK Stripe ACP Checkout MCP — ChatGPT shopping bridge. Issues + verifies + signs Stripe Agentic
Stripe Billing Mcp

csoai-org/stripe-billing-mcp

stripe-billing-mcp MCP server by MEOK AI Labs
Google Ads

io.github.mharnett/google-ads

Google Ads MCP with MCC support: 35 tools for campaigns, keywords, reporting, GAQL.
Google Ads Mcp

co.pipeboard/google-ads-mcp

Google Ads automation with AI: analyze performance, manage campaigns, optimize bids.