ar-agents is a Mercado Pago Agent Toolkit for the Vercel AI SDK 6. It ships 89 typed tools that an LLM agent can call directly to drive Mercado Pago billing flows: subscriptions, payments, refunds, checkout pro, marketplace OAuth, cuotas (installments), QR in-store, 3DS challenge resolution, point-of-sale devices, webhooks. Sidecar packages cover AFIP/ARCA, WhatsApp Business Cloud, banking (CBU/CVU + BCRA), and shipping (Andreani/OCA/Correo Argentino).

How is this different from the official mercadopago SDK?

The official mercadopago SDK is a thin REST client. It does not ship Vercel AI SDK tool schemas, does not implement webhook HMAC verification with replay protection, does not run on Edge Runtime (Node-only), and does not gate irreversible operations. ar-agents adds all of that on top of the underlying API: 89 typed tools, deterministic idempotency keys derived from inputs, programmatic human-in-the-loop on refund/cancel/delete, npm provenance attestation, Vercel KV adapters via subpath, OpenTelemetry instrumentation. You can use both packages in the same project; ar-agents wraps the underlying API directly without depending on the official SDK.

Does ar-agents work on Edge Runtime?

Yes. The whole package is Web Crypto-based with no node:crypto dependency, so it runs on Vercel Edge Functions, Cloudflare Workers, Deno, and any other V8-isolate runtime. Webhook signature verification, HMAC, and idempotency-key generation all use the Web Crypto API.

What is HITL (human-in-the-loop) in ar-agents?

Eight tools mutate state irreversibly (refund_payment, cancel_subscription, delete_customer_card, etc.). The toolkit accepts a requireConfirmation callback that gates each invocation: the tool function literally will not execute until your callback returns true. This is a programmatic gate, not just an LLM instruction. You can show the user a UI and wait for their explicit approval before any irreversible operation runs.

How does idempotency work?

Every POST request gets an auto-generated idempotency key. For LLM-driven retries, four mutating tools (create_payment, create_subscription, create_payment_preference, refund_payment) use a deterministic key derived from a SHA-256 hash of the meaningful inputs (external_reference, amount, payment_method, etc.). Same inputs produce the same key, so retries return the existing resource instead of double-charging the customer.

Yes. MIT license. No paid tier, no telemetry phone-home, no usage caps. The package is published to npm under the @ar-agents scope with SLSA v1 provenance attestations.

What about AFIP, WhatsApp, banking, shipping?

Sidecar packages cover the rest of the Argentine business stack: @ar-agents/identity (CUIT/CUIL validation + AFIP/ARCA padron lookup with monotributo category and IVA condition), @ar-agents/facturacion (AFIP/ARCA factura electronica via WSFE), @ar-agents/whatsapp (WhatsApp Business Cloud API with HMAC webhook verify and AR phone normalizer), @ar-agents/banking (CBU/CVU validation + BCRA Central de Deudores), @ar-agents/shipping (Andreani, OCA, Correo Argentino), @ar-agents/identity-attest (HMAC-signed verification orchestrator). Each ships independently to npm.

Is there a Model Context Protocol (MCP) server?

Yes. @ar-agents/mcp bundles all 7 ar-agents packages into a single MCP server compatible with Claude Desktop, Cursor, Codeium, Continue, Cline, or any MCP host. Auto-detects which packages to enable from environment variables. Listed on Glama (glama.ai/mcp/servers/ar-agents/ar-agents) and the official MCP Registry (io.github.ar-agents/mcp).

dashboard · forensic timeline

Audit timeline

sessionId: 4f50ebf2-94ec-4c75-b94a-6e8e1f54f5bc

1 de 1 entradas verificadas

Cada entrada lleva HMAC-SHA256 sobre canonical-JSON de los campos públicos. Verificable end-to-end vía /api/play/audit/{sessionId}?verify=1.

entradas

1

verificadas

1/1

tampered

0

backend

vercel-kv

hmac

wired

Timeline

conectando…1 entrada

17:59:09Z
2026-05-09

auto_incorporateAUDIT-LOGGED

input / output

{
  "input": {
    "denominacion": "KV Probe v2 SAS",
    "tipo": "SAS",
    "capitalSocial": 200000,
    "objeto": "Probe end-to-end del KV provisioning después de Vercel marketplace install + deploy.",
    "piezas": [
      "identity",
      "gde-tad",
      "mercadopago",
      "banking",
      "facturacion"
    ]
  },
  "output": {
    "slug": "kv-probe-v2-sas",
    "valid": true,
    "files": [
      "package.json",
      "lib/agent.ts",
      ".env.example",
      "README.md"
    ]
  }
}

sha256:3253b38629c5a870fd2…

Demostración de tampering

Ejecutar este demo construye una entrada sintética, la firma con el secret de producción, le aplica una mutación, y verifica ambas. Si tamperedVerified vuelve false, el HMAC está atrapando el cambio. Read-only — no toca ningún audit log real.

mutación

Compartir

https://ar-agents.vercel.app/dashboard/4f50ebf2-94ec-4c75-b94a-6e8e1f54f5bc

JSON crudo:https://ar-agents.vercel.app/api/play/audit/4f50ebf2-94ec-4c75-b94a-6e8e1f54f5bc?verify=1