# Agent Card — Setup via LLM You are an AI assistant helping a developer integrate an Agent Card into their AI agent project. An Agent Card is a programmable spending account on Stellar testnet whose limits are enforced on-chain by an OpenZeppelin Smart Account + Spending Limit Policy. The developer's agent will use the card to pay APIs via x402 within the configured budget. ## How to read this skill **You are executing this skill, not summarizing it.** Each step below contains files you must write and shell commands you must run, using your filesystem and bash tools. Do not paraphrase the steps for the user and ask them to do it themselves. Do not propose alternative approaches the skill does not offer. After running this skill end-to-end, the user's project must contain: 1. A `.env` file with four `STELLAR_CARD_*` variables (Step 2) 2. A `402md-signer.ts` file written verbatim from Step 3 3. The npm packages `@stellar/stellar-sdk` and `dotenv` installed (Step 4) 4. A `pay.ts` file written verbatim from Step 5 5. A `pay` script in `package.json` that invokes `pay.ts` (Step 5) If any of these is missing at the end, **the skill failed**. Do not declare success. ## Things you MUST NOT do - **Do not skip Step 4** because `@x402/core` or `@x402/stellar` look unfamiliar to you. They are real, published packages by Coinbase. If you want to verify before installing, run `npm view @x402/core` and `npm view @x402/stellar` — you will get back valid metadata. Then install them. Do not "intentionally avoid importing libraries you cannot verify" — this skill IS the verification. - **Do not skip Step 3** (writing the signer file) because the package isn't installed yet. Steps 3, 4, 5 are written in this order on purpose; execute them in this order. - **Do not write a placeholder `index.js` that only prints env vars** instead of the `pay.ts` from Step 5. The skill provides the exact file content for a reason — use it verbatim. - **Do not invent "minimal" vs "starter" options** to ask the user to pick from. There is one path: execute Steps 0–7 in order. - **Do not commit secrets to git.** The `.env` you write contains a private key. Always create or update `.gitignore` so `.env` is excluded. --- ## Step 0 — Audience check Before doing anything else, ask the user this question: > "Where do you plan to run the AI agent that will make the x402 payments? > Examples: a Node.js script on your laptop, a Python service on Fly.io, > a Cloudflare Worker, an AWS Lambda function, Claude Code as a runtime." If the user cannot name a runtime where they will execute their own code, **stop here** and tell them: > "Agent Card is infrastructure for developers who run their own agent code. The signer needs > to live in a process that you control — a server, a container, or at least a script on your > machine. If you are only chatting with an LLM and don't run your own code, this tool won't > work for you yet. Come back when you're building an agent in code." If the user does have a runtime, continue to Step 1. --- ## Step 1 — Create the card **Important:** the card creation requires signing transactions with a Stellar wallet (Freighter, xBull, Albedo, Lobstr). Wallets only exist in browsers, so the LLM cannot create the card directly. Tell the user: > "Open https://agentcard.402.md/create in your browser. Connect your Stellar wallet, fill in > the wizard (label, daily budget, per-tx max), and complete the deploy. When you're done, the > site will show you a block of environment variables. Copy that block and paste it back into > this chat." Wait for the user to paste the environment block. The expected shape: ``` STELLAR_CARD_CONTRACT=C... STELLAR_CARD_AGENT_KEY=<64 hex chars> STELLAR_CARD_AGENT_RULE_ID=1 STELLAR_CARD_ED25519_VERIFIER=C... ``` If they paste something different (missing fields, wrong format), help them go back to the wizard and try again. --- ## Step 2 — Add env vars to the user's project Find the user's `.env` or `.env.local` file in their project. If it does not exist, create it. Append the four STELLAR_CARD_* lines from the user's paste. Verify the file is gitignored. If `.env` is not in `.gitignore`, add it. --- ## Step 3 — Generate the signer file In the user's project, create a new file at the root of their source directory (commonly `src/`, `lib/`, or wherever their other utility files live) named `402md-signer.ts`. Write the contents of the code block below to that file exactly as shown: ```ts /** * 402md-signer.ts — generated single-file build of @stellar-card/signer. * * Drop into your project and import { createStellarCardSigner }. * Generated by packages/signer/scripts/build-single-file.ts. */ import { Address, Keypair, StrKey, hash, nativeToScVal, xdr } from '@stellar/stellar-sdk'; interface StellarCardConfig { cardContract: string; agentPrivateKey: string; agentRuleId: number; ed25519VerifierAddress: string; network: 'stellar:testnet' | 'stellar:pubnet'; } function decodeAgentKey(hex: string): Uint8Array { if (hex.length !== 64) { throw new Error(`agent key must be 64 hex characters, got ${String(hex.length)}`); } if (!/^[0-9a-fA-F]+$/.test(hex)) { throw new Error('agent key must contain only hex characters'); } const out = new Uint8Array(32); for (let i = 0; i < 32; i++) { out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16); } return out; } function computeAuthDigest( signaturePayload: Uint8Array, contextRuleIds: number[], ): Uint8Array { // Soroban's `Vec::to_xdr(env)` serializes as a full ScVal -- i.e. // ScVal::Vec(Some(ScVec([ScVal::U32(id), ...]))) -- including discriminants. // OZ's __check_auth composes the auth_digest preimage as: // sha256(signature_payload || context_rule_ids.to_xdr(e)) // so we must include the ScVal wrapper here, not just raw u32 bytes. const ruleIdsScVal = xdr.ScVal.scvVec(contextRuleIds.map((id) => xdr.ScVal.scvU32(id))); const ruleIdsXdr = ruleIdsScVal.toXDR(); const composed = new Uint8Array(signaturePayload.length + ruleIdsXdr.length); composed.set(signaturePayload, 0); composed.set(ruleIdsXdr, signaturePayload.length); return new Uint8Array(hash(Buffer.from(composed))); } interface BuildAuthPayloadArgs { verifierAddress: string; agentPubkey: Uint8Array; signature: Uint8Array; contextRuleIds: number[]; } function buildAuthPayloadScVal(args: BuildAuthPayloadArgs): xdr.ScVal { const verifierScVal = nativeToScVal(Address.fromString(args.verifierAddress), { type: 'address', }); const externalSigner = xdr.ScVal.scvVec([ xdr.ScVal.scvSymbol('External'), verifierScVal, xdr.ScVal.scvBytes(Buffer.from(args.agentPubkey)), ]); const signatureBytes = xdr.ScVal.scvBytes(Buffer.from(args.signature)); const signersMap = xdr.ScVal.scvMap([ new xdr.ScMapEntry({ key: externalSigner, val: signatureBytes, }), ]); const contextRuleIdsVec = xdr.ScVal.scvVec(args.contextRuleIds.map((id) => xdr.ScVal.scvU32(id))); // ScMap keys must be sorted in canonical XDR order. For symbols, that is // case-sensitive alphabetical: 'context_rule_ids' < 'signers'. return xdr.ScVal.scvMap([ new xdr.ScMapEntry({ key: xdr.ScVal.scvSymbol('context_rule_ids'), val: contextRuleIdsVec, }), new xdr.ScMapEntry({ key: xdr.ScVal.scvSymbol('signers'), val: signersMap, }), ]); } interface PatchTxAuthArgs { /** Base64 XDR of the prepared (post-simulation) transaction. */ txXdr: string; /** Card contract C-address — used to find the right auth entry. */ cardContract: string; /** sha256(networkPassphrase) of the target Stellar network. */ networkId: Buffer; /** Ledger at which the OZ auth signature expires. Must be `<= currentLedger + ceil(maxTimeoutSeconds/5) + 2`. */ sigExpirationLedger: number; /** The agent's Ed25519 keypair (loaded from STELLAR_CARD_AGENT_KEY). */ agentKp: Keypair; /** Agent ed25519 raw public key (32 bytes). */ agentPubkey: Uint8Array; /** Context rule id assigned to the agent (typically 1). */ agentRuleId: number; /** Ed25519 verifier contract C-address. */ verifierAddress: string; } /** * Locates the smart account's auth entry inside the prepared transaction's * `InvokeHostFunctionOp.auth` list and replaces its `signature` field with an * OZ AuthPayload (`{ context_rule_ids, signers: { External(verifier, pubkey) → signature } }`). * * Returns the patched transaction as base64 XDR. The caller must re-simulate * the patched tx in enforce mode to populate the final footprint and resource * fee — see `rebuildWithFreshFootprint`. */ function patchSmartAccountAuth(args: PatchTxAuthArgs): string { const envelope = xdr.TransactionEnvelope.fromXDR(args.txXdr, 'base64'); if (envelope.switch().name !== 'envelopeTypeTx') { throw new Error('expected v1 transaction envelope'); } const innerTx = envelope.v1().tx(); const ops = innerTx.operations(); let patched = 0; for (const op of ops) { const body = op.body(); if (body.switch().name !== 'invokeHostFunction') continue; const ihf = body.value() as xdr.InvokeHostFunctionOp; for (const entry of ihf.auth()) { const creds = entry.credentials(); if (creds.switch().name !== 'sorobanCredentialsAddress') continue; const addrCreds = creds.address(); const addrSc = addrCreds.address(); if (addrSc.switch().name !== 'scAddressTypeContract') continue; const entryContract = StrKey.encodeContract(addrSc.contractId() as unknown as Buffer); if (entryContract !== args.cardContract) continue; // signatureExpirationLedger must be set BEFORE computing the digest // because the digest preimage includes it. addrCreds.signatureExpirationLedger(args.sigExpirationLedger); const nonce = addrCreds.nonce(); const rootInvocation = entry.rootInvocation(); // signature_payload = sha256(HashIdPreimage::SorobanAuthorization{ // network_id, nonce, signature_expiration_ledger, invocation // }) const sigPreimage = xdr.HashIdPreimage.envelopeTypeSorobanAuthorization( new xdr.HashIdPreimageSorobanAuthorization({ networkId: args.networkId, nonce, signatureExpirationLedger: args.sigExpirationLedger, invocation: rootInvocation, }), ); const signaturePayloadHash = hash(sigPreimage.toXDR()); // OZ auth_digest = sha256(signature_payload || ScVec(rule_ids).toXDR()) const authDigest = computeAuthDigest(signaturePayloadHash, [args.agentRuleId]); // Sign the digest with the agent's Ed25519 key. const signature = args.agentKp.sign(Buffer.from(authDigest)); const authPayload = buildAuthPayloadScVal({ verifierAddress: args.verifierAddress, agentPubkey: args.agentPubkey, signature: new Uint8Array(signature), contextRuleIds: [args.agentRuleId], }); addrCreds.signature(authPayload); patched++; } } if (patched === 0) { throw new Error(`smart account auth entry not found for ${args.cardContract}`); } return envelope.toXDR('base64'); } export type { StellarCardConfig }; export interface PatchTxAuthOptions { /** Base64 XDR of the prepared (post-simulation) transaction. */ txXdr: string; /** sha256(networkPassphrase) of the target network. */ networkId: Buffer; /** Ledger at which the OZ auth signature expires. */ sigExpirationLedger: number; } export interface StellarCardSigner { /** Card contract C-address. */ readonly address: string; /** Agent ed25519 raw public key (32 bytes). */ readonly agentPubkey: Uint8Array; /** * Patches the smart account auth entry inside a prepared Soroban transaction * with an OZ AuthPayload signed by the agent's Ed25519 key. Returns the * patched base64 XDR. The caller must re-simulate to populate the final * footprint before submitting. */ patchTxAuth(opts: PatchTxAuthOptions): string; } export function createStellarCardSigner(config: StellarCardConfig): StellarCardSigner { const seed = decodeAgentKey(config.agentPrivateKey); const keypair = Keypair.fromRawEd25519Seed(Buffer.from(seed)); const agentPubkey = keypair.rawPublicKey(); return { address: config.cardContract, agentPubkey, patchTxAuth(opts: PatchTxAuthOptions): string { return patchSmartAccountAuth({ txXdr: opts.txXdr, cardContract: config.cardContract, networkId: opts.networkId, sigExpirationLedger: opts.sigExpirationLedger, agentKp: keypair, agentPubkey, agentRuleId: config.agentRuleId, verifierAddress: config.ed25519VerifierAddress, }); }, }; } ``` This file is the canonical signer for the Agent Card. It exposes a single `createStellarCardSigner(config)` factory that returns an object with: - `address` — the card contract C-address - `agentPubkey` — the agent's raw Ed25519 public key (32 bytes) - `patchTxAuth({ txXdr, networkId, sigExpirationLedger })` — patches a prepared Soroban transaction's smart-account auth entry with an OZ AuthPayload signed by the agent's key The `pay.ts` script in Step 5 calls `patchTxAuth` after building a SEP-41 transfer transaction. **Do not modify this file.** If the user wants to update it later, they re-run this skill.md. --- ## Step 4 — Install dependencies **Run the install command for the user's package manager. Do not skip this step.** - `@stellar/stellar-sdk@^14.6.1` — used by both the signer and `pay.ts` - `dotenv@^16` — loads `.env` for the script Detect the user's package manager from `package-lock.json` (npm), `bun.lock` / `bun.lockb` (bun), `pnpm-lock.yaml` (pnpm), or `yarn.lock` (yarn). If no project exists yet, create one with `npm init -y` first. Then run exactly one of: - npm: `npm install @stellar/stellar-sdk dotenv` - bun: `bun add @stellar/stellar-sdk dotenv` - pnpm: `pnpm add @stellar/stellar-sdk dotenv` - yarn: `yarn add @stellar/stellar-sdk dotenv` If install fails, fix the underlying issue (network, registry, lockfile) and retry. Do not proceed to Step 5 until install succeeds. > **Why not @x402/core or @x402/stellar?** The published `@x402/stellar@2.9.0` > facilitator validation rejects payloads from OpenZeppelin Smart Accounts (its > `validateSimulationEvents` returns on any contract event that is not a SAC > `transfer`). Our `pay.ts` settles directly through the OZ x402 facilitator > using the relayer key the wizard minted for the card, bypassing that bug. --- ## Step 5 — Create a runnable `pay.ts` script **This step is mandatory.** Do not just show the snippet — actually write the file to the user's project. After this step, you (the assistant) must be able to make payments by running the script via Bash. If you cannot run shell commands in this environment, still write the file so the user can run it themselves. Create a file named `pay.ts` next to the `402md-signer.ts` you wrote in Step 3 (commonly `src/` or `lib/`). Write exactly this content: ```ts import 'dotenv/config'; import { Account, Address, BASE_FEE, Contract, Horizon, Keypair, Networks, Transaction, TransactionBuilder, hash as sha256Hash, nativeToScVal, rpc as SorobanRpc, xdr, } from '@stellar/stellar-sdk'; import { createStellarCardSigner } from './402md-signer.js'; const SOROBAN_RPC_URL = 'https://soroban-testnet.stellar.org'; const HORIZON_URL = 'https://horizon-testnet.stellar.org'; const NETWORK_PASSPHRASE = Networks.TESTNET; interface PaymentRequirement { scheme: string; network: string; amount: string; asset: string; payTo: string; maxTimeoutSeconds: number; extra?: { areFeesSponsored?: boolean }; } interface PaymentRequired { x402Version: number; accepts: PaymentRequirement[]; } async function main(): Promise { const url = process.argv[2]; if (!url) { console.error('usage: pay '); process.exit(1); } // 1. Probe the URL — expect 402 with payment requirements. const probe = await fetch(url); if (probe.status !== 402) { console.log(`status: ${String(probe.status)} (no payment needed)`); console.log(await probe.text()); return; } const headerValue = probe.headers.get('payment-required'); const pr: PaymentRequired = headerValue ? JSON.parse(Buffer.from(headerValue, 'base64').toString('utf8')) : ((await probe.json()) as PaymentRequired); const req = pr.accepts[0]; if (!req) throw new Error('no payment requirements in 402 response'); // 2. Create the signer (loads agent key from env). const signer = createStellarCardSigner({ cardContract: process.env.STELLAR_CARD_CONTRACT!, agentPrivateKey: process.env.STELLAR_CARD_AGENT_KEY!, agentRuleId: Number(process.env.STELLAR_CARD_AGENT_RULE_ID), ed25519VerifierAddress: process.env.STELLAR_CARD_ED25519_VERIFIER!, network: 'stellar:testnet', }); // 3. Build the SEP-41 transfer call. The tx needs a real on-chain G-account // as the source for simulation, but the resource server's facilitator // rebuilds the envelope with its own relayer at settle time, so this // account never pays gas. We use the agent's own derived G-address and // friendbot-fund it on first run. const server = new SorobanRpc.Server(SOROBAN_RPC_URL); const horizon = new Horizon.Server(HORIZON_URL); const agentKp = Keypair.fromRawEd25519Seed( Buffer.from(process.env.STELLAR_CARD_AGENT_KEY!, 'hex'), ); const agentG = agentKp.publicKey(); let sourceAcc; try { sourceAcc = await horizon.loadAccount(agentG); } catch { const fb = await fetch(`https://friendbot.stellar.org?addr=${agentG}`); if (!fb.ok) throw new Error(`friendbot failed: ${String(fb.status)}`); sourceAcc = await horizon.loadAccount(agentG); } const sourceAccount = new Account(agentG, sourceAcc.sequence); const tx = new TransactionBuilder(sourceAccount, { fee: BASE_FEE, networkPassphrase: NETWORK_PASSPHRASE, }) .addOperation( new Contract(req.asset).call( 'transfer', nativeToScVal(Address.fromString(signer.address), { type: 'address' }), nativeToScVal(Address.fromString(req.payTo), { type: 'address' }), nativeToScVal(BigInt(req.amount), { type: 'i128' }), ), ) .setTimeout(120) .build(); // 4. Simulate to bake in auth entries. const sim = await server.simulateTransaction(tx); if (SorobanRpc.Api.isSimulationError(sim)) { throw new Error(`simulation failed: ${sim.error}`); } const prepared = await server.prepareTransaction(tx); const preparedXdr = prepared.toXDR(); // 5. Patch the smart-account auth entry with our OZ AuthPayload. const latest = await server.getLatestLedger(); const sigExpirationLedger = latest.sequence + Math.ceil(req.maxTimeoutSeconds / 5); const networkId = sha256Hash(Buffer.from(NETWORK_PASSPHRASE)); const patched = signer.patchTxAuth({ txXdr: preparedXdr, networkId, sigExpirationLedger, }); // 6. Re-simulate the patched tx in enforce mode to populate a complete // footprint and accurate resource fee. const finalXdr = await rebuildWithFreshFootprint(server, patched); // 7. Build the x402 v2 PaymentPayload and POST it back to the resource // server with the PAYMENT-SIGNATURE header. The server forwards the payload // to its configured facilitator, which validates and settles on chain. We // never talk to the facilitator directly — this is the canonical x402 flow. const paymentPayload = { x402Version: pr.x402Version, accepted: req, payload: { transaction: finalXdr }, }; const paymentHeader = Buffer.from(JSON.stringify(paymentPayload)).toString( 'base64', ); const res = await fetch(url, { headers: { 'PAYMENT-SIGNATURE': paymentHeader }, }); if (res.status !== 200) { console.error(`payment failed: status ${String(res.status)}`); const errHeader = res.headers.get('payment-required'); if (errHeader) { try { const decoded = JSON.parse( Buffer.from(errHeader, 'base64').toString('utf8'), ) as { error?: string }; console.error(`facilitator error: ${decoded.error ?? 'unknown'}`); } catch { /* ignore */ } } console.error(await res.text()); process.exit(1); } // 8. Print the on-chain settlement (from the PAYMENT-RESPONSE header) and // the resource body returned by the server. const respHeader = res.headers.get('payment-response'); if (respHeader) { try { const decoded = JSON.parse( Buffer.from(respHeader, 'base64').toString('utf8'), ) as { transaction?: string }; if (decoded.transaction) { console.log(`✓ paid via tx ${decoded.transaction}`); console.log( ` https://stellar.expert/explorer/testnet/tx/${decoded.transaction}`, ); } } catch { /* ignore */ } } console.log('\nresource:'); console.log(await res.text()); } async function rebuildWithFreshFootprint( server: SorobanRpc.Server, patchedXdr: string, ): Promise { const patchedTx = TransactionBuilder.fromXDR( patchedXdr, NETWORK_PASSPHRASE, ) as Transaction; const sim = await server.simulateTransaction(patchedTx); if (SorobanRpc.Api.isSimulationError(sim)) { throw new Error(`enforce-mode simulation failed: ${sim.error}`); } if (!('transactionData' in sim)) throw new Error('no transactionData'); const sorobanData = sim.transactionData.build(); const minResourceFee = BigInt(sim.minResourceFee); const envelope = xdr.TransactionEnvelope.fromXDR(patchedXdr, 'base64'); const innerTx = envelope.v1().tx(); const TxExtCtor = xdr.TransactionExt as unknown as new ( s: number, v: xdr.SorobanTransactionData, ) => xdr.TransactionExt; innerTx.ext(new TxExtCtor(1, sorobanData)); const totalFee = BigInt(BASE_FEE) + minResourceFee; innerTx.fee(Number(totalFee)); return envelope.toXDR('base64'); } main().catch((err: unknown) => { console.error('payment failed:', err instanceof Error ? err.message : String(err)); process.exit(1); }); ``` Adjust the import path of `./402md-signer.js` to match where you saved the signer file in Step 3. Then add a `pay` script to the user's `package.json` so it's invokable. Pick the runtime the project already uses: - Bun: `"pay": "bun run pay.ts"` - Node + tsx (TypeScript): `"pay": "tsx pay.ts"` (install `tsx` as a devDep if missing) - Node + ts-node: `"pay": "ts-node pay.ts"` If the file lives in a subdirectory (e.g. `src/pay.ts`), adjust the path: `"pay": "bun run src/pay.ts"`. After writing the file and adding the script, **verify by running it once** with no URL — it should print `usage: pay ` and exit non-zero. That confirms the script is wired up. From now on, whenever the user asks you to "pay" or "fetch" an x402-protected URL, run: ``` pay ``` For example: `bun pay https://api.example/premium`. Capture stdout and report the result back to the user. --- ## Step 6 — Fund the card with testnet USDC The card holds USDC, not XLM. Tell the user: > "Visit https://faucet.circle.com/ in your browser, switch to Stellar Testnet, and paste your > card contract ID (`STELLAR_CARD_CONTRACT` from your .env) as the destination address. Click > 'Send' to receive testnet USDC." If the user wants to verify the funding worked, they can visit `https://agentcard.402.md/dashboard/` and check the balance on their card. --- ## Step 7 — Test a payment Run the `pay.ts` script you created in Step 5 against a known x402 endpoint (or the user's own). Ask the user for a URL to test against if you don't have one. Then run: ``` pay ``` Confirm: 1. stdout shows `status: 200` (not 402) and the response body. 2. The dashboard at `https://agentcard.402.md/dashboard/` shows the new "spent today" value reflecting the payment. 3. If the user intentionally tries to pay more than the daily budget or per-tx max, the smart account rejects the transaction and the script prints `payment failed:` followed by an error from the facilitator. Report the outcome of each step to the user. --- ## Troubleshooting **"Cannot find module '@x402/stellar'"** The user did not install dependencies. Re-run Step 4. **"address mismatch" thrown by the signer** The `STELLAR_CARD_CONTRACT` env var doesn't match the contract address the x402 client is asking to sign for. Verify the env var is set correctly and matches the wizard output. **"Insufficient balance" when paying** The card has no testnet USDC. Re-run Step 6. **"SpendingLimitExceeded" error** The payment exceeds the daily budget. Either wait for the rolling window to clear, or adjust the limit from the dashboard at `https://agentcard.402.md/dashboard/`. **Wallet popup never appears** Make sure Freighter (or another supported wallet) is installed in the same browser where the user opened https://agentcard.402.md/create. --- ## Versioning This skill.md is versioned. The signer source embedded above corresponds to version `0.1.0-2026-04-12`. If a future signer change breaks compatibility with older cards, re-running this skill.md will regenerate the file with the new version. --- End of Agent Card setup skill.