Server data from the Official MCP Registry
Multi-tenant HTTP 402 infrastructure gateway and stdio MCP server for machine payments.
Multi-tenant HTTP 402 infrastructure gateway and stdio MCP server for machine payments.
This MCP server is designed to facilitate real financial transactions (USDC stablecoin transfers) on the Base L2 blockchain. It contains multiple critical security vulnerabilities including hardcoded wallet addresses that collect fees, direct exposure of private keys through MCP tools available to AI agents, and a payment gateway that processes real cryptocurrency. The codebase demonstrates patterns consistent with financial credential theft and unauthorized fund routing, making it extremely dangerous to deploy. Supply chain analysis found 1 known vulnerability in dependencies (0 critical, 1 high severity). Package verification found 1 issue (1 critical, 0 high severity).
8 files analyzed Β· 20 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-seob5285-alt-x402-facilitator-proxy": {
"args": [
"-y",
"x402-facilitator-proxy"
],
"command": "npx"
}
}
}From the project's GitHub README.
A decentralized, autonomous payment infrastructure for API monetization on Base L2 with programmatic fee routing and agent-compatible settlement protocols.
The X402 Facilitator Proxy implements a complete multi-tenant payment gateway that enables merchants to monetize APIs through HTTP 402 "Payment Required" responses, while autonomous agents can seamlessly settle transactions using USDC on Base L2.
x402-facilitator-proxy/
βββ src/ # Core Cloudflare Worker Engine
β βββ index.ts # Main proxy gateway endpoint
β βββ backend/automation/
β βββ sweeper.ts # Automated fee collection
βββ x402-client-sdk/ # Core Interface Rails
β βββ src/
β β βββ client-library.ts # TypeScript SDK
β β βββ mcp-server.ts # Model Context Protocol Server
β βββ package.json # SDK dependencies
β βββ tsconfig.json # TypeScript configuration
βββ templates/ # Integration Templates
βββ express-middleware/
β βββ x402-guard.js # Merchant-Side API Gating
βββ langchain-ts/
β βββ agent.ts # TypeScript Agent Template
β βββ package.json # LangChain dependencies
β βββ README.md # Setup instructions
βββ crewai-python/
βββ agent.py # Python Agent Template
The core backend (src/index.ts) operates as a serverless payment verification gateway deployed on Cloudflare's edge network:
https://x402-facilitator-proxy.seob5285.workers.dev/api/v1/verify-and-settle0x2E3DADfb314718849A93c49A78618E586c3b2C60Key Features:
The MCP server (x402-client-sdk/src/mcp-server.ts) provides a standardized interface for AI agents to interact with the payment system:
# Start the MCP server locally via stdio
npm run mcp:start
Protocol Features:
The Express middleware (templates/express-middleware/x402-guard.js) enables merchants to protect APIs with HTTP 402 challenges:
import { x402TollboothGuard } from './templates/express-middleware/x402-guard.js';
app.use('/api/premium', x402TollboothGuard("0.10", "0xYourWalletAddress"));
Middleware Behavior:
templates/langchain-ts/agent.ts)import { createPaymentAgent } from './templates/langchain-ts/agent.js';
const agent = await createPaymentAgent();
const result = await agent.invoke({
input: JSON.stringify({
agentPrivateKey: process.env.AGENT_PRIVATE_KEY,
developerWallet: "0x742d35Cc6297C24aE0E4838C4667C02693C4cB36",
amountUSD: "0.10"
})
});
templates/crewai-python/agent.py)from templates.crewai_python.agent import X402PaymentAgent
agent = X402PaymentAgent()
result = agent.process_payment({
"agent_private_key": os.getenv("AGENT_PRIVATE_KEY"),
"developer_wallet": "0x742d35Cc6297C24aE0E4838C4667C02693C4cB36",
"amount_usd": "0.10"
})
npm install
npm run deploy
cd x402-client-sdk
npm install
npm run mcp:start
# Copy the Express middleware to your project
cp templates/express-middleware/x402-guard.js your-project/middleware/
# Install in your Express app
import { x402TollboothGuard } from './middleware/x402-guard.js';
app.use('/api/protected', x402TollboothGuard("0.05", "0xYourWallet"));
# For TypeScript/LangChain agents
cd templates/langchain-ts
npm install
npm run dev
# For Python/CrewAI agents
cd templates/crewai-python
pip install -r requirements.txt
python agent.py
β οΈ NEVER HARDCODE PRIVATE KEYS IN REPOSITORY FILES
All sensitive credentials must be managed through secure environment variables:
# Set via Cloudflare Workers dashboard or wrangler
wrangler secret put FACILITATOR_PRIVATE_KEY
wrangler secret put PLATFORM_VAULT_ADDRESS
Create .env files for local testing:
# .env (root directory - for Cloudflare Worker development)
FACILITATOR_PRIVATE_KEY=0x1234567890abcdef...
PLATFORM_VAULT_ADDRESS=0x2E3DADfb314718849A93c49A78618E586c3b2C60
# Agent execution environments
AGENT_PRIVATE_KEY=0xabcdef1234567890...
OPENAI_API_KEY=sk-...
process.env.AGENT_PRIVATE_KEYos.getenv("AGENT_PRIVATE_KEY")https://x402-facilitator-proxy.seob5285.workers.dev/api/v1/verify-and-settle0x2E3DADfb314718849A93c49A78618E586c3b2C600x833589fCD6eDb6E08f4c7C32d4f71b54bda02913)graph TD
A[Agent API Call] --> B{HTTP 402?}
B -->|Yes| C[Parse Payment Requirements]
C --> D[Execute USDC Split Transfer]
D --> E[Submit to Proxy Gateway]
E --> F[Retry Original Request]
F --> G[Access Granted]
B -->|No| G
# Core proxy development
npm run dev # Start local development server
npm run deploy # Deploy to Cloudflare Workers
npm run cf-typegen # Generate Cloudflare types
# SDK development
cd x402-client-sdk
npm run build # Build TypeScript SDK
npm run mcp:start # Start MCP server
# Template testing
cd templates/langchain-ts
npm run dev # Test TypeScript agent
cd templates/crewai-python
python agent.py # Test Python agent
# Automated fee collection
npm run sweep # Execute fee sweeping automation
This project is licensed under the MIT License - enabling open-source innovation while maintaining platform sustainability through programmatic fee routing.
Built for the autonomous economy. Powered by Base L2. Secured by multi-tenant verification.
Be the first to review this server!
by Modelcontextprotocol Β· Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno Β· Developer Tools
Toleno Network MCP Server β Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace Β· Developer Tools
Create, build, and publish Python MCP servers to PyPI β conversationally.