{"id":28051,"library":"pop-pay","title":"pop-pay","description":"pop-pay is a runtime security layer for AI agent commerce. It provides a drop-in CLI and MCP server to block hallucinated purchases and keep card credentials out of agent context. Current version is 0.8.9, and it follows an active release cadence with security hardening and documentation updates.","status":"active","version":"0.8.9","language":"python","source_language":"en","source_url":"https://github.com/100xPercent/pop-pay-python","tags":["ai","security","commerce","agent","vault","guardrails"],"install":[{"cmd":"pip install pop-pay","lang":"bash","label":"Install from PyPI"}],"dependencies":[],"imports":[{"note":"","wrong":"","symbol":"PopPay","correct":"from pop_pay import PopPay"},{"note":"","wrong":"","symbol":"create_guardrails","correct":"from pop_pay import create_guardrails"},{"note":"","wrong":"","symbol":"inject_payment_info","correct":"from pop_pay import inject_payment_info"},{"note":"initialize_vault is a module-level function under pop_pay.vault, not directly on the package.","wrong":"from pop_pay import initialize_vault","symbol":"initialize_vault","correct":"from pop_pay.vault import initialize_vault"}],"quickstart":{"code":"from pop_pay import PopPay, create_guardrails, inject_payment_info\nfrom pop_pay.vault import initialize_vault\n\n# Initialize vault (passphrase stored in env var)\ninitialize_vault()\n\n# Create guardrails with allowed vendor domains\napp = PopPay(guardrails=create_guardrails(allowed_vendors=[\"stripe.com\", \"shopify.com\"]))\n\n# Inject payment info into a checkout form (after domain verification)\ninject_payment_info(page_url=\"https://stripe.com/checkout\", card_number=os.environ.get('CARD_NUMBER', ''))\n\n# Run the MCP server\napp.run_mcp()","lang":"python","description":"Initialize the vault, set guardrails, inject credentials, and start MCP server."},"warnings":[{"fix":"Ensure all agents use pop-pay >= 0.6.0 with same passphrase.","message":"Passphrase vault mode (v0.6.0+) requires a passphrase; vault created without passphrase cannot be read by older versions.","severity":"breaking","affected_versions":"<0.6.0 or >=0.6.0 if mixing vaults"},{"fix":"Always set allowed_vendors in guardrails and ensure the agent navigates to the correct domain before calling inject_payment_info.","message":"inject_payment_info verifies current page domain against guardrails BEFORE injection. If domain check fails, injection is blocked silently.","severity":"gotcha","affected_versions":">=0.6.0"},{"fix":"Do not rely on database storage for card data; use vault with passphrase.","message":"SQLite storage of card_number/cvv was removed in v0.6.0. The issued_seals table no longer contains full card details.","severity":"deprecated","affected_versions":">=0.6.0"},{"fix":"Use 'pip install pop-pay' for Python library; CLI install via npm or brew available for Node.js users.","message":"The CLI tool is named 'pop-pay' but the Python package import uses underscore: pop_pay. Commands like 'pop-pay init' require the CLI, not the Python module.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-09T00:00:00.000Z","next_check":"2026-08-07T00:00:00.000Z","problems":[{"fix":"Run 'pip install pop-pay' to install the correct package.","cause":"Installed the wrong package or used wrong install command.","error":"ModuleNotFoundError: No module named 'pop_pay'"},{"fix":"Use 'from pop_pay.vault import initialize_vault' instead.","cause":"initialize_vault is not a top-level export; it's under pop_pay.vault.","error":"AttributeError: module 'pop_pay' has no attribute 'initialize_vault'"},{"fix":"Call 'initialize_vault()' at startup, ensuring the passphrase is set via environment variable or interactive input.","cause":"Vault must be initialized with a passphrase before any credential operations.","error":"pop_pay.vault.VaultError: Vault not initialized"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}