MCP server by Dempty-glitch
Z-ZERO MCP: Payment Infrastructure for the Agentic Commerce Era 💳🤖
Z-ZERO is not a checkout bot. It is the payment nervous system for a future where AI Agents buy, sell, and transact autonomously — with privacy, accountability, and zero trust.
The World is Changing
Agentic Commerce is coming. AI Agents today can plan, reason, and code — but they are financially blind. They cannot hold money, make payments, or prove their trustworthiness. Every purchase still requires a human to copy-paste a credit card number.
This is the bottleneck we break.
What Matters NOW vs. LATER
| Today (2025-2026) | Tomorrow (2027+) | |---|---| | Websites are built for humans — Agents must automate button clicks | Websites/APIs will be AI-native — clicking becomes trivial | | Payment = filling out checkout forms | Payment = standardized Agent-to-Merchant protocol | | Trust = human approves each transaction | Trust = Agent Score — verifiable purchase history |
Z-ZERO solves TODAY's problems (automated checkout, JIT cards, browser injection) — but the real long-term value is in what we build along the way.
Built with Tether WDK
Z-ZERO is powered by the Tether Wallet Development Kit (WDK) at its core:
| WDK Feature Used | How Z-ZERO Uses It | |---|---| | ERC-4337 Account Abstraction | Smart Wallets with gasless USDT transactions via Candide Paymaster | | Mnemonic Key Management | AES-256-GCM encrypted mnemonics, Backend-Signer architecture | | Multi-Chain Support | Ethereum (ERC-4337 gasless) + Tron (GasFree gasless) | | USDT-Native | All balances, transfers, and gas fees denominated in USDT | | On-Chain Balance | Real-time USDT balance queries — no off-chain ledger needed |
Z-ZERO demonstrates that WDK can power a full autonomous payment ecosystem — from wallet creation to on-chain settlement — without users ever touching a private key or paying gas in native tokens.
The Vision: Three Pillars
1. 🧠 Shopping Intelligence Data
Every agent transaction generates structured knowledge: what was bought, from where, at what price, success/failure patterns, merchant behavior. This data — anonymized and aggregated — becomes a shared brain that makes every agent smarter over time.
2. 💳 AI Payment MCP — The Open Standard
Z-ZERO's MCP server is a protocol, not just a product. We believe the standard for "how AI Agents pay" should be open-source, community-driven, and interoperable.
- Any AI platform (Claude, GPT, Cursor, custom agents) can plug in
- Any payment rail (Visa, USDT, USDC, future CBDCs) can be added
- The protocol itself should be a public standard
3. 🏅 KYA — Know Your Agent (Agent Reputation)
Just as KYC verifies humans, KYA verifies AI Agents. Every agent builds a trackable reputation:
- Buyer Score: Purchase reliability, budget discipline
- Seller Score: Merchant trustworthiness
- Privacy-preserving: On-chain attestations, not raw data exposure
"The question is not 'can this agent pay?' — it is 'should I trust this agent to pay?'"
Quick Start
Install (One Command)
npx z-zero-mcp-server
Add to Claude Desktop
{
"mcpServers": {
"openclaw": {
"command": "npx",
"args": ["-y", "z-zero-mcp-server@latest"],
"env": {
"Z_ZERO_API_KEY": "zk_live_your_passport_key_here"
}
}
}
}
Get Your Passport Key
- Go to clawcard.store
- Login with Google
- Navigate to Agents Dashboard → Copy your
zk_live_XXXkey
How It Works
The Dual Gateway Architecture
┌─────────────────────────────────────────────────────────┐
│ HUMAN OWNER │
│ Deposits USDT → Manages Keys → Sets Budgets │
│ clawcard.store (Dashboard) │
└────────────────────────┬────────────────────────────────┘
│
┌──────────┴──────────┐
│ Z-ZERO Backend │
│ (Vercel + Supabase) │
│ WDK + A_Partner │
└──────────┬──────────┘
│
┌────────────────────────┴────────────────────────────────┐
│ AI AGENT │
│ Claude / Cursor / Any MCP-compatible Agent │
│ Uses OpenClaw MCP → Pays with JIT tokens │
│ 🛡 Never sees private keys or card numbers │
└─────────────────────────────────────────────────────────┘
Three Payment Paths (Smart Routing)
The MCP automatically detects whether a merchant accepts crypto or fiat and routes payment through the optimal path:
| Path | When | How | Gas | |---|---|---|---| | Visa JIT Card | Merchant accepts cards only | Single-use card → Playwright auto-fill | Free | | Crypto (Gasless) | Merchant accepts USDT, AA wallet | WDK ERC-4337 Paymaster → on-chain | ~$0.01 | | Crypto (EOA) | Imported wallet | Direct ethers.js transfer | ETH gas |
MCP Tools
| Tool | Description |
|---|---|
| check_balance | Query USDT wallet balance |
| list_cards | View card aliases and limits |
| request_payment_token | Generate JIT single-use Visa card |
| execute_payment | Auto-fill checkout form via Playwright |
| auto_pay_checkout | Smart Routing — auto-detect crypto vs fiat |
| cancel_payment_token | Cancel unused token, refund to wallet |
| set_api_key | Hot-swap Passport Key without restart |
| get_deposit_addresses | Get addresses to top up balance |
| request_human_approval | Pause for human decision on edge cases |
Core Principles
| Principle | What it means | |---|---| | Agents deserve sovereignty | Your agent, your wallet, your data — not locked into a platform | | Privacy is non-negotiable | Zero-knowledge payments. Agent transacts without leaking personal info | | Protocols should be public | The MCP payment standard should be open-source and community-governed | | Zero-Trust by default | Even a hacked agent cannot drain a wallet — backend holds the keys |
Security: "Never See, Never Touch"
- AI Agent never holds private keys (Backend-Signer architecture)
- Card numbers exist only in RAM for 30ms during injection
- Mnemonics are AES-256-GCM encrypted, stored server-side
- Prompt Injection? Even a compromised agent can only spend 1 pre-authorized transaction
Tech Stack
| Layer | Technology | |---|---| | Frontend/API | Next.js 16, React 19, Tailwind CSS | | Database | Supabase (PostgreSQL + Auth + RLS) | | Blockchain | Tether WDK, ERC-4337, ethers.js, TronWeb | | Card Issuing | A_Partner Issuing API (JIT Visa) | | AI Protocol | MCP SDK, Playwright | | Deploy | Vercel (dashboard), npm (MCP package) |
Project Status (March 2026)
| Metric | Value |
|---|---|
| Live URL | clawcard.store |
| MCP Package | z-zero-mcp-server v1.1.2 on npm |
| Codebase | ~11,000 lines TypeScript |
| Security | 50 bugs fixed (100%), 25 pentest scenarios passed |
| Checkout Success | ~85% (with AI-powered hints) |
| Chains | Ethereum (ERC-4337 gasless) + Tron (GasFree) |
| Wallet Types | Smart (AA gasless) + Imported (EOA) |
Learn More
- Quick Start Guide — Get your agent paying in 60 seconds
- Technical Deep Dive — Architecture, timeline, and full roadmap
📁 Project Structure
Z-Zero-mcp/
├── mcp-server/ # MCP Server source (npm: z-zero-mcp-server)
├── dashboard/ # Z-ZERO Dashboard (Next.js, Vercel)
├── docs/ # Architecture, FAQ, Security Model, Workflows
│ ├── architecture.md # System design with Mermaid diagrams
│ ├── FAQ.md # 20 Q&As — business logic & security
│ ├── security_model.md
│ └── workflows/ # Release SOP
├── hackathon/ # Hackathon submission materials
├── AUDIT_REPORT.md # Security audit — 50 bugs, 25 pentests, 4 reviewers
├── ROADMAP.md # Product roadmap
├── CHANGELOG.md # Release history
├── SECURITY.md # Vulnerability reporting policy
└── LICENSE # MIT
Contributing
We believe the standard for AI Agent payments should be community-driven. Issues, PRs, and discussions are welcome.
License
MIT
"We are building the payment rails for a world where AI Agents are the primary shoppers — and we believe those rails should be open, private, and trustworthy."
Hackathon: Tether Hackathon Galactica — WDK Edition 1