Skip to content

goodmeta/agent-verifier

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
examples
examples
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

@goodmeta/agent-verifier

Can this agent spend $X on Y right now? One function call.

import { checkPolicy } from "@goodmeta/agent-verifier"

const result = checkPolicy(policy, {
  agentId: "agent-1",
  amount: 4500,
  idempotencyKey: "tx-1",
})
// → { approved: true, remaining: { budget: 15500 } }
// → { approved: false, reason: "BUDGET_EXCEEDED", detail: "$45 exceeds remaining $30" }

Or with the hosted verifier (cross-agent budget tracking):

import { VerifierClient } from "@goodmeta/agent-verifier"

const verifier = new VerifierClient({ apiKey: "gm_live_..." })
const { approved, verificationId } = await verifier.verify(mandate, {
  amount: "3000",
  idempotencyKey: "tx-1",
})

Why

Agents need spending limits. Without them, a runaway agent generates unlimited charges. This library answers one question before every transaction:

Is this agent authorized to spend this amount?

  • Budget caps — $200/month, $50 max per transaction
  • Scope restrictions — allowed API codes, allowed customers, blocklists
  • Cross-agent tracking — one budget across multiple services (hosted mode)
  • Rail-agnostic — works with Stripe, x402, MPP, bank transfers, anything

Install

npm install @goodmeta/agent-verifier

Usage

Policy-based verification

No crypto, no signatures. Define spending rules, check against them. Good for billing systems, MCP servers, internal tools.

import { checkPolicy, type SpendingPolicy } from "@goodmeta/agent-verifier"

const policy: SpendingPolicy = {
  agentId: "billing-agent",
  budgetTotal: 20_000, // $200/month
  budgetPeriod: "monthly",
  constraints: {
    maxPerEvent: 5_000, // $50 per event
    allowedCodes: ["api_calls", "compute"],
  },
}

// ✅ approved
checkPolicy(policy, {
  agentId: "billing-agent",
  amount: 4_500,
  idempotencyKey: "tx-1",
})
// → { approved: true, remaining: { budget: 15500, period: "monthly" } }

// ❌ over per-event limit
checkPolicy(policy, {
  agentId: "billing-agent",
  amount: 6_000,
  idempotencyKey: "tx-2",
})
// → { approved: false, reason: "AMOUNT_EXCEEDED", detail: "$60.00 exceeds per-event max $50.00" }

// ❌ code not allowed
checkPolicy(policy, {
  agentId: "billing-agent",
  amount: 3_000,
  metadata: { code: "storage" },
  idempotencyKey: "tx-3",
})
// → { approved: false, reason: "CODE_NOT_ALLOWED", detail: 'Code "storage" not in allowed list' }

AP2 mandate verification

For agents carrying AP2 cryptographic mandates (Google, 60+ partners). Verifies EIP-712 signatures and checks constraints.

import {
  verifyIntentSignature,
  checkConstraints,
} from "@goodmeta/agent-verifier"

// verify the mandate signature is real
const sig = await verifyIntentSignature(mandate)
if (!sig.valid) throw new Error(sig.error)

// check spending constraints
const check = checkConstraints(mandate, {
  amount: "3000",
  merchantId: "merchant-1",
})
if (!check.valid) throw new Error(check.error)

Hosted verifier

When one agent's budget spans multiple services — Mistral AND Groq AND CoreWeave — a shared verifier tracks the total spend. Self-hosted verification can't do this because each service only sees its own transactions.

import { VerifierClient } from "@goodmeta/agent-verifier"

const verifier = new VerifierClient({
  apiKey: "gm_live_...",
  baseUrl: "https://verifier.goodmeta.co",
})

// verify + place budget hold
const { approved, verificationId } = await verifier.verify(mandate, {
  amount: "3000",
  currency: "USDC",
  idempotencyKey: "order-123",
})

if (approved) {
  // settle via any payment rail
  const payment = await charge(/* stripe, x402, mpp, bank */)

  await verifier.settle(verificationId!, {
    success: payment.ok,
    transactionId: payment.id,
    rail: "card",
  })
}

API

Policy

Function Description
checkPolicy(policy, request, currentSpend?) Check a spending request against policy constraints

AP2 mandates

Function Description
verifyIntentSignature(mandate) Verify EIP-712 signature on an Intent Mandate
verifyCartSignature(mandate) Verify EIP-712 signature on a Cart Mandate
checkConstraints(mandate, tx) Check budget, merchant, category, and temporal constraints
signIntentMandate(mandate, account) User signs autonomous spending authority
signCartMandate(mandate, account) Merchant signs price commitment
approveCartMandate(mandate, account) User approves a specific purchase

Hosted verifier client

Method Description
verifier.verify(mandate, tx) Verify with full mandate object + place budget hold
verifier.verifyById(mandateId, tx) Verify by ID (agent passes ID, verifier has mandate on file)
verifier.settle(id, result) Confirm payment or release hold
verifier.getMandateState(id) Query budget, tx count, and history

Related

  • AP2 — Agent payment authorization by Google (60+ partners)
  • MPP — Machine Payments Protocol by Tempo + Stripe
  • x402 — HTTP-native agent payments by Coinbase

License

MIT — Good Meta

About

Agent spending verification — budget caps, spending policies, and cross-agent budget tracking. Works with AP2, MPP, x402, or any payment rail.

www.npmjs.com/package/@goodmeta/agent-verifier

Topics

mpp ai-agents ap2 x402 agent-payments spending-verification

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages