Found in upstream: our negative test vector TC1 exposed a real defect in pqcrypto 0.4.0 — the library accepted a tampered ML-DSA-65 message as valid. We documented the bug in verify_negative.py, published the fix recommendation (use noble-post-quantum for authoritative ML-DSA rejection), and shipped both repositories open-source. No other agent-payment vendor has surfaced an upstream library bug via published test vectors.
Your agent is mid-task and needs Perplexity Pro. It checks its SpendEnvelope — a cryptographically signed budget — PQSafe issues a virtual Visa via Airwallex, the agent pays, and resumes. No human logs in. Spending cap enforced at the SDK and Airwallex API layer. Any SaaS accepting Visa is instantly PQSafe-compatible. Every authorization is signed with ML-DSA-65 (NIST FIPS 204) — quantum-safe from day one, ready for the post-quantum mandate every regulated institution eventually faces.
Click any link to verify. Last updated 2026-05-05.
Three lines of code to give your agent a signed, capped, multi-rail wallet.
30 seconds
npm i @pqsafe/agent-pay or
pip install pqsafe.
Native plugins for LangChain, CrewAI, and Mastra ship in the same package.
One call
createEnvelope({ maxAmount, currency, allowedRecipients })
returns a budget signed with ML-DSA-65 (NIST FIPS 204). Amount cap, payee allowlist, and TTL enforced cryptographically — your agent cannot exceed any of them.
Instant
executeAgentPayment(signed, { recipient, amount })
routes the payment through Airwallex, Wise, Stripe, or USDC-Base, returns a real transfer UUID, and writes a signed receipt your auditor can verify seven years from now.
NIST issued a mandate in 2024 to migrate away from RSA and ECDSA. Google's Willow chip demonstrated quantum supremacy. Shor's algorithm will crack secp256k1 — the key curve used by Bitcoin, Ethereum, and every major wallet — once fault-tolerant quantum hardware arrives.
CRYSTALS-Dilithium (ML-DSA-65) is NIST FIPS 204 standardized. Based on hard lattice problems — unbreakable by Shor's algorithm. 1952-byte public keys, 3309-byte signatures. Security Level 3: equivalent to AES-192. Built for real-world production use.
CRYSTALS-Kyber (ML-KEM-768) is NIST FIPS 203 standardized — the post-quantum Key Encapsulation Mechanism. Enables quantum-safe encrypted key exchange. AES-192 equivalent security. Already deployed by Apple, Google, and Cloudflare. Coming to @pqsafe/agent-pay in Q3 2026.
ML-DSA-65 chosen over ML-DSA-44 (insufficient for 7-year audit retention) and ML-DSA-87 (signature 85% larger, kills mobile/edge use). Tradeoffs, not defaults.
# Powered by @noble/post-quantum — audited, zero-dependency, pure TypeScript
Native SDKs for Python and TypeScript. Same API, same envelope model, same post-quantum guarantees.
Drop-in plugins for LangChain, LangGraph, CrewAI, Mastra, Vercel AI, Pydantic AI, AutoGen, LlamaIndex, and Anthropic SDK. One import away from spend-safe agents.
Adds AgentPayTool to any LangChain agent. The tool issues a signed spend envelope before every payment call — no envelope, no spend.
Wraps any CrewAI Task with a spend envelope. The crew can only spend what you authorized — per-task budget ceilings enforced cryptographically.
Native Mastra tool integration. Attach pqsafePayTool to any Mastra agent definition — envelope creation and multi-rail routing handled automatically.
Wraps any LangGraph node with a spend envelope checkpoint — every state transition that moves money requires a signed mandate before it executes.
Drop-in tool for the ai package — adds a signed pqsafePay tool to any model.generateText or model.streamText call.
Type-safe Pydantic-AI tool that validates payment intents at the model boundary — invalid envelopes never reach the rail. Pairs with Pydantic models for spend policies.
Multi-agent AutoGen workflows get a shared spend envelope across all agents — one budget, cryptographically enforced, no matter how many agents touch the conversation.
Adds an AgentPayTool to any LlamaIndex agent or ReActAgent — turns retrieval-driven workflows into spend-safe payment workflows.
PQSafe plugs into OpenClaw, Mastra, LangChain, CrewAI, and Claude Code. One import adds ML-DSA-65 signed spend envelopes to any agent stack — five distribution surfaces in total.
Native OpenClaw skill that wraps AgentPay.authorize() — adds PQSafe spend gating to any OpenClaw agent in a single tool registration, no custom middleware needed.
Attach pqsafePayTool to any Mastra agent definition — envelope creation and multi-rail payment routing handled automatically, with full TypeScript types.
MCP server that exposes PQ-safe payment tools to any MCP host — Claude Desktop, Cursor, or any app that speaks the Model Context Protocol. One global install, instant PQ hardening.
Adds AgentPayTool to any LangChain agent — issues a signed spend envelope before every payment call. No envelope, no spend.
Wraps any CrewAI Task with a spend envelope — per-task budget ceilings enforced cryptographically, ML-DSA-65 signed before execution.
Auto-loaded into any Claude Code session via the plugin directory. Three slash commands — /pqsafe-create, /pqsafe-verify, /pqsafe-revoke — plus a payment-reviewer sub-agent that audits payment tool calls before they execute.
Three facts that make May 2026 the specific moment for post-quantum agent payment infrastructure.
Google contributed AP2 (Agent Payments Protocol) to the FIDO Alliance. The standards-track foundation for agent payments now exists, and FIDO’s Payments TWG is actively scoping its post-quantum profile. The window to influence the standard is open — and closing.
HKMA published its Quantum Preparedness Index — the first named regulator with a formal PQ-readiness framework for licensed financial institutions. Every HKMA-licensed payment processor now has a regulatory obligation to plan for post-quantum migration. PQSafe is the only SDK that makes that plan executable today.
Sumsub reports 180% year-on-year growth in KYA (Know Your Agent) demand from regulated platforms. The receiver-side compliance market is forming faster than the agent-side authorization layer can supply. PQSafe sits at that intersection — post-quantum signatures (ML-DSA-65) wrapping the AP2 envelope format, with first-class FIDO TWG engagement.
Stripe ACP and Google AP2 answer "is this agent allowed to spend?" PQSafe also answers "can a regulator verify it seven years from now?"
| Feature |
PQ
PQSafe
|
Stripe ACP | Google AP2 |
|---|---|---|---|
| Spend cap enforcement | ✓ Cryptographic envelope | Per-token limit | Mandate-based |
| Signature algorithm | ML-DSA-65 (FIPS 204) | ECDSA | ECDSA |
| Post-quantum safe | ✓ Yes | ✗ No | ✗ No |
| 7-year audit-grade receipt | ✓ Signed SpendEnvelope | Stripe-hosted log | No standard |
| Multi-rail routing | Airwallex · Wise · Stripe · USDC | Stripe only | Google Pay only |
| Vendor lock-in | ✓ MIT, self-host | Stripe account required | Google Cloud required |
| Framework plugins | LangChain · CrewAI · Mastra | Stripe SDK | Vertex AI |
The 7-year audit window is the timer: HKMA, MAS, FCA, and FFIEC all mandate 7-year retention for financial transaction records. Every payment your agent signs with ECDSA today must remain verifiable in 2033 — well inside the window quantum hardware is expected to break it. PQSafe is the only stack where the signature is post-quantum from day one.
Ready to see it working end-to-end?
Try the SpendEnvelope demo at demo.pqsafe.xyzFree for the builders who create agents. Revenue-generating for the platforms that receive agent payments.
Sign spending budgets before every payment call. Your agent cannot exceed what you authorized — enforced cryptographically at the SDK layer, not by policy.
npm install @pqsafe/agent-pay — up in 30 seconds
Drop-in receiver verification. Build a compliance evidence chain — signed envelope + replay-resistant nonce — that satisfies HKMA, MAS, or FCA audit requirements for seven years.
Every line of cryptographic code is open for inspection. No proprietary black boxes. No telemetry. No cloud dependencies. Your keys, your code, your security.
Signed spend envelopes & multi-rail router for AI agents
Join the builders who refuse to let a human login be the bottleneck for every autonomous workflow. PQSafe AgentPay is free, open source, and post-quantum from day one.