
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@codespar/mcp-ap2
Advanced tools
MCP server for AP2 — Google's Agent-to-Agent Payment Protocol (authorization, audit, trust)
Alpha release — published under the
alphanpm dist-tag. Endpoint paths follow public docs and BACEN/provider conventions but have not been fully live-validated. Pin exact versions during0.x.x-alpha. Install withnpm install <pkg>@alpha.
MCP server for AP2 — Google's Agent-to-Agent Payment Protocol (authorization, audit, and trust for agentic payments)
AP2 (Agent-to-Agent Payment Protocol) is Google's open framework for authorization, audit, and trust in agentic payments. It answers the critical questions: Who authorized this payment? What limits apply? What's the full audit trail?
With 60+ partners including Visa, Mastercard, Stripe, PayPal, and Square, AP2 is the emerging standard for agent payment governance.
Add to ~/.config/claude/claude_desktop_config.json:
{
"mcpServers": {
"ap2": {
"command": "npx",
"args": ["-y", "@codespar/mcp-ap2"],
"env": {
"AP2_API_KEY": "your-key",
"AP2_AGENT_ID": "your-agent-id"
}
}
}
}
claude mcp add ap2 -- npx @codespar/mcp-ap2
Add to .cursor/mcp.json or .vscode/mcp.json:
{
"servers": {
"ap2": {
"command": "npx",
"args": ["-y", "@codespar/mcp-ap2"],
"env": {
"AP2_API_KEY": "your-key",
"AP2_AGENT_ID": "your-agent-id"
}
}
}
}
| Tool | Purpose |
|---|---|
register_agent | Register an AI agent as a trusted payer in the AP2 network. |
get_agent | Get agent registration details, trust status, and current spend usage |
list_agents | List registered agents with optional filters |
revoke_agent | Revoke an agent's payment authorization. |
authorize_payment | Request payment authorization with scoped limits. |
get_authorization | Get authorization details including status, limits, and expiry |
list_authorizations | List payment authorizations with optional filters |
execute_payment | Execute an authorized payment. |
get_audit_trail | Get the complete audit trail for a transaction — every authorization, approval, execution, and settlement e... |
list_audit_events | List audit events across all transactions with filters |
list_payment_methods | List available payment methods from AP2 partner network (Visa, Mastercard, Stripe, PayPal, etc.) |
get_transaction | Get full transaction details including authorization, execution, and settlement status |
list_transactions | List transactions with optional filters |
create_intent_mandate | Create an AP2 intent mandate — a Verifiable Credential expressing the user's intent to delegate a transacti... |
create_cart_mandate | Create an AP2 cart mandate — a signed, locked-cart commitment from a merchant binding line items, totals, a... |
create_payment_mandate | Create an AP2 payment mandate — the final Verifiable Credential authorizing settlement against a cart mandate. |
verify_credential | Verify a Verifiable Credential (intent, cart, or payment mandate). |
create_presentation | Create a Verifiable Presentation bundling one or more credentials (e.g. |
verify_presentation | Verify a Verifiable Presentation and all embedded credentials, including holder binding and challenge nonce. |
resolve_did | Resolve a Decentralized Identifier (DID) to its DID document via the AP2 universal resolver. |
create_receipt | Create a signed receipt for a settled payment — a tamper-evident record linking transaction, mandates, and... |
verify_receipt | Verify a receipt's signature, issuer, and chain back to the originating mandates. |
AP2 uses a Bearer API key and requires a registered Agent ID.
AP2 provides a sandbox environment for testing. Set AP2_SANDBOX=true to use it.
| Variable | Required | Description |
|---|---|---|
AP2_API_KEY | Yes | API key from AP2 |
AP2_AGENT_ID | Yes | Registered agent ID |
AP2_SANDBOX | No | Set to true for sandbox mode |
create_policy — Define reusable authorization policiesdelegate_authority — Allow agent-to-agent authorization delegationget_spend_report — Get spend analytics and reportsWant to contribute? Open a PR or request a tool.
Need governance, budget limits, and audit trails for agent payments? CodeSpar Enterprise adds policy engine, payment routing, and compliance templates on top of these MCP servers.
MIT
FAQs
MCP server for AP2 — Google's Agent-to-Agent Payment Protocol (authorization, audit, trust)
The npm package @codespar/mcp-ap2 receives a total of 44 weekly downloads. As such, @codespar/mcp-ap2 popularity was classified as not popular.
We found that @codespar/mcp-ap2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.