# PQSafe AgentPay > Post-quantum signed spend authorization for AI agents — the Okta-for-AI-agents pattern. ## Machine-readable formats - [Homepage (Markdown)](https://pqsafe.xyz/index.md): full homepage content as clean markdown - [Agent Payments Handbook (Markdown)](https://pqsafe.xyz/handbook/index.md): complete developer guide - [OpenClaw Skill (Markdown)](https://pqsafe.xyz/openclaw-skill/index.md): pqsafe.pay.v1 skill documentation - [FIDO Open Letter (Markdown)](https://pqsafe.xyz/fido-pq-letter/index.md): open letter to FIDO Payments TWG - [AP2-PQ Profile RFC (Markdown)](https://pqsafe.xyz/ap2-pq-rfc/index.md): full JOSE header parameter specification - [SpendEnvelope Verifier (Markdown)](https://pqsafe.xyz/verify/index.md): verifier tool documentation - [OpenAPI spec](https://pqsafe.xyz/openapi.yaml): machine-readable API definition - [Agent manifest](https://pqsafe.xyz/.well-known/agent.json): agent capability declaration - [MCP manifest](https://pqsafe.xyz/.well-known/mcp.json): MCP server discovery PQSafe AgentPay lets a human issue a cryptographically bounded SpendEnvelope to an AI agent. Every envelope is signed with ML-DSA-65 (NIST FIPS 204, signature size 3,309 bytes), specifying the agent identity, maximum spend amount, allowed recipients, validity window, and optional rail. The agent carries the signed envelope to a payment router that verifies the ML-DSA-65 signature, enforces the constraints, and executes across one of five rails: Airwallex, Wise, Stripe, USDC-Base, or x402. An optional on-chain commitment step hashes the envelope to the Arbitrum Sepolia SpendEnvelope Registry for an immutable audit trail. YC S26 applicant. Contact: raymond@pqsafe.xyz ## Core docs - [Agent Payments Handbook](https://pqsafe.xyz/handbook/): Full developer guide — envelope lifecycle, rail selection, key management, Arbitrum registry, quickstart examples in TypeScript and Python. - [Public Envelope Verifier](https://pqsafe.xyz/verify/): Browser-based tool to verify any ML-DSA-65 signed SpendEnvelope without running any code. - [Ledger API](https://ledger.pqsafe.xyz): Read-only envelope ledger — look up any committed envelope by ID. - [Demo environment](https://demo.pqsafe.xyz): Live sandbox — create, sign, verify, and execute test envelopes against live sandbox rails (Airwallex + Wise). - [OpenAPI spec](https://pqsafe.xyz/openapi.yaml): Machine-readable API definition for the verifier and ledger endpoints. ## Standards & policy - [AP2-PQ Profile v1 — canonical spec](https://pqsafe.xyz/spec/ap2-pq-v1/): Canonical specification page for the AP2-PQ profile. Defines PQ-SignedSpendEnvelope wire format (JSON Schema Draft 2020-12), ML-DSA-65 signing protocol (JCS → SHA-256 fingerprint → ML-DSA-65), 7-check verification procedure, and conformance test vectors. Status: Informational. FIDO Agentic Auth TWG submission pending. Any rail integrator claiming AP2-PQ compatibility must cite this URL. - [AP2-PQ conformance test vectors](https://pqsafe.xyz/spec/ap2-pq-test-vectors-v1.json): Machine-readable JSON — 5 positive + 1 negative (TC-N1 exposes pqcrypto 0.4.0 silent-accept bug). Normative source for interoperability testing. - [FIDO Alliance open letter](https://pqsafe.xyz/fido-pq-letter/): Open letter to the FIDO Alliance Payments TWG (chaired by Mastercard + Visa) proposing the AP2-PQ profile — post-quantum extension to FIDO AP2 for agent-initiated payments. - [AP2-PQ RFC draft](https://pqsafe.xyz/ap2-pq-rfc/): Public RFC-style proposal for AP2-aligned post-quantum payment authorization. Donated to FIDO Alliance 2026-04-28. - Standards: NIST FIPS 204 (final), NIST IR 8547 (initial public draft), HKMA Quantum Preparedness Index Feb 2026, PSD2 Article 69. ## SDK packages ### npm (TypeScript / Node.js) - [@pqsafe/agent-pay v0.1.1](https://www.npmjs.com/package/@pqsafe/agent-pay): Core TypeScript SDK — createEnvelope, signEnvelope, verifyEnvelope, executeAgentPayment, commitToArbitrum. Works in Node.js and edge runtimes. - [@pqsafe/openclaw v0.1.0](https://www.npmjs.com/package/@pqsafe/openclaw): OpenClaw skill registry integration — publish and discover agent payment skills. - [@pqsafe/mcp-server v0.1.0](https://www.npmjs.com/package/@pqsafe/mcp-server): MCP server exposing PQSafe tools to Claude Desktop, Cursor, and any MCP-compatible host. Run with: `npx -y @pqsafe/mcp-server` - [@pqsafe/mastra v0.1.1](https://www.npmjs.com/package/@pqsafe/mastra): Mastra framework integration for PQSafe payment steps. ### PyPI (Python) - [pqsafe-agent-pay](https://pypi.org/project/pqsafe-agent-pay/): Core Python SDK — envelope creation, ML-DSA-65 signing/verification, rail execution. - [langchain-pqsafe](https://pypi.org/project/langchain-pqsafe/): LangChain tool integration for PQSafe payments. - [crewai-pqsafe](https://pypi.org/project/crewai-pqsafe/): CrewAI integration for agent payment authorization. ## OpenClaw skill - [OpenClaw Skill page](https://pqsafe.xyz/openclaw-skill/): PQSafe listed in OpenClaw — 367K stars, 50K+ tools, 180K devs. Skill allows any OpenClaw-compatible agent to call PQSafe payment tools. - [OpenClaw Skill page (Simplified Chinese)](https://pqsafe.xyz/zh-CN/openclaw-skill/): Full Simplified Chinese landing page for the PQSafe OpenClaw skill — same technical content as the English version, localized for CN-commercial market entry. ## Source & verification - [GitHub — PQSafe/pqsafe](https://github.com/PQSafe/pqsafe): Main monorepo. 518 tests passing across 5 sub-packages. - [GitHub — PQSafe/ap2-pq-test-vectors](https://github.com/PQSafe/ap2-pq-test-vectors): ML-DSA-65 test vectors for AP2-PQ interoperability testing. - [Arbitrum Sepolia contract](https://sepolia.arbiscan.io/address/0x142bA5626bf8B032EB0B59052421C42595417F5d): SpendEnvelopeRegistry.sol — verified on Arbiscan. ## Distribution stats - [Distribution telemetry](https://pqsafe.xyz/stats/): Live npm + PyPI download counters. Auto-updated daily. Intentionally raw pre-launch numbers. - [Stats JSON](https://pqsafe.xyz/stats/v1/index.json): Machine-readable download data — npm (4 published packages), PyPI (3 packages), GitHub stars/forks/issues. ## Security - [Security overview](https://pqsafe.xyz/security/): Responsible disclosure, bug bounty, and contact channels. - [Security policy](https://pqsafe.xyz/security/policy/): In-scope systems, vulnerability classes, 90-day disclosure timeline, Immunefi bug bounty (launching May 2026). - [security.txt](https://pqsafe.xyz/.well-known/security.txt): RFC 9116 machine-readable disclosure policy. - Security contact: security@pqsafe.xyz - Sensitive reports: https://github.com/PQSafe/pqsafe/security/advisories/new (encrypted, private channel) ## Updates - [Blog index](https://pqsafe.xyz/blog/): Chronological list of production deployments, SDK releases, and standards progress. - [Real ML-DSA-65 verifier deployed at api.pqsafe.xyz (2026-05-05)](https://pqsafe.xyz/blog/2026-05-05-real-ml-dsa-verifier-deployed/): The /v1/mandates/verify stub is gone. Real mldsa65.verify() from @noble/post-quantum in production. 3,309-byte signature validation. Six conformance test vectors published. Run: npx @pqsafe/conformance --endpoint https://api.pqsafe.xyz/v1/mandates/verify - [Atom feed](https://pqsafe.xyz/feed.xml): Subscribe to all future posts. ## Optional - [Privacy policy](https://pqsafe.xyz/privacy/): Data handling and retention policy. - Contact: raymond@pqsafe.xyz