MCP Adapter

The MCP adapter exposes PQSafe payment capabilities as a Model Context Protocol tool. Any MCP host (Claude Desktop, Claude Code, or any MCP-compatible runtime) can authorize and dispatch payments without needing to import the SDK directly.

What is MCP?

MCP (Model Context Protocol) is Anthropic’s open standard for connecting AI models to external tools and services. The PQSafe MCP server exposes a pqsafe_pay tool that any MCP host can call.

MCP server setup

The PQSafe MCP server lives in ~/Projects/pqsafe/mcp-server/. To run it:

cd ~/Projects/pqsafe/mcp-server
npm install
npm run build

Add to your MCP host config (e.g., Claude Desktop ~/.claude/settings.json):

{
  "mcpServers": {
    "pqsafe": {
      "command": "node",
      "args": ["/path/to/pqsafe/mcp-server/dist/index.js"],
      "env": {
        "PQSAFE_ISSUER_KEY": "pk_live_...",
        "PQSAFE_DEFAULT_RAIL": "airwallex",
        "AIRWALLEX_CLIENT_ID": "...",
        "AIRWALLEX_API_KEY": "..."
      }
    }
  }
}

Tool schema

Once connected, the MCP host sees this tool:

{
  "name": "pqsafe_pay",
  "description": "Execute a post-quantum-authorized payment via PQSafe AgentPay. Payments are bounded by the active spend envelope — amount, recipient, and rail are all cryptographically enforced.",
  "inputSchema": {
    "type": "object",
    "properties": {
      "recipient": {
        "type": "string",
        "description": "Payment recipient domain or address (must be in envelope allowlist)"
      },
      "amount": {
        "type": "number",
        "description": "Payment amount in envelope currency (must be ≤ envelope maxAmount)"
      },
      "memo": {
        "type": "string",
        "description": "Payment memo — appears in ledger and bank statement"
      },
      "rail": {
        "type": "string",
        "enum": ["airwallex", "wise", "stripe", "usdc-base", "x402"],
        "description": "Payment rail (must be in envelope allowedRails)"
      }
    },
    "required": ["recipient", "amount", "memo"]
  }
}

Envelope management via MCP

The MCP server also exposes envelope management tools:

Tool	Description
pqsafe_create_envelope	Create and sign a new spend envelope
pqsafe_revoke_envelope	Revoke an envelope by ID
pqsafe_check_envelope	Inspect the current envelope bounds
pqsafe_get_ledger	Retrieve recent ledger entries

Tip

When using PQSafe via MCP with Claude, you can instruct Claude directly: “Pay $25 to vendor.com for invoice #123 via PQSafe.” Claude calls the pqsafe_pay tool and the envelope enforces all authorization bounds — no code changes needed.

Example MCP session

User: Pay the Cloudflare invoice for $47.50

Claude: I'll use PQSafe to pay the Cloudflare invoice.

[Calling pqsafe_pay]
  recipient: "cloudflare.com"
  amount: 47.50
  memo: "Cloudflare invoice — April 2026"
  rail: "stripe"

[Tool result]
  status: "settled"
  txId: "txn_stripe_ch_3Qx..."
  ledgerHash: "0xa3f9c2..."

The Cloudflare invoice for $47.50 has been paid successfully.
Transaction ID: txn_stripe_ch_3Qx...
The payment has been recorded in the PQSafe ledger.

Security model

The MCP adapter inherits all PQSafe envelope guarantees:

• The envelope is created and signed at server startup (not per-request)
• The MCP server validates all tool calls against the active envelope before dispatching
• The envelope’s allowedRecipients, maxAmount, and allowedRails cannot be overridden via MCP
• The host agent (Claude) can only call what the envelope permits

Next steps

• x402 Adapter — HTTP 402 micropayments via MCP
• LangChain Adapter — tool calling for LangChain agents
• SpendEnvelope concept — understand authorization bounds