ar-agents is a Mercado Pago Agent Toolkit for the Vercel AI SDK 6. It ships 89 typed tools that an LLM agent can call directly to drive Mercado Pago billing flows: subscriptions, payments, refunds, checkout pro, marketplace OAuth, cuotas (installments), QR in-store, 3DS challenge resolution, point-of-sale devices, webhooks. Sidecar packages cover AFIP/ARCA, WhatsApp Business Cloud, banking (CBU/CVU + BCRA), and shipping (Andreani/OCA/Correo Argentino).

How is this different from the official mercadopago SDK?

The official mercadopago SDK is a thin REST client. It does not ship Vercel AI SDK tool schemas, does not implement webhook HMAC verification with replay protection, does not run on Edge Runtime (Node-only), and does not gate irreversible operations. ar-agents adds all of that on top of the underlying API: 89 typed tools, deterministic idempotency keys derived from inputs, programmatic human-in-the-loop on refund/cancel/delete, npm provenance attestation, Vercel KV adapters via subpath, OpenTelemetry instrumentation. You can use both packages in the same project; ar-agents wraps the underlying API directly without depending on the official SDK.

Does ar-agents work on Edge Runtime?

Yes. The whole package is Web Crypto-based with no node:crypto dependency, so it runs on Vercel Edge Functions, Cloudflare Workers, Deno, and any other V8-isolate runtime. Webhook signature verification, HMAC, and idempotency-key generation all use the Web Crypto API.

What is HITL (human-in-the-loop) in ar-agents?

Eight tools mutate state irreversibly (refund_payment, cancel_subscription, delete_customer_card, etc.). The toolkit accepts a requireConfirmation callback that gates each invocation: the tool function literally will not execute until your callback returns true. This is a programmatic gate, not just an LLM instruction. You can show the user a UI and wait for their explicit approval before any irreversible operation runs.

How does idempotency work?

Every POST request gets an auto-generated idempotency key. For LLM-driven retries, four mutating tools (create_payment, create_subscription, create_payment_preference, refund_payment) use a deterministic key derived from a SHA-256 hash of the meaningful inputs (external_reference, amount, payment_method, etc.). Same inputs produce the same key, so retries return the existing resource instead of double-charging the customer.

Yes. MIT license. No paid tier, no telemetry phone-home, no usage caps. The package is published to npm under the @ar-agents scope with SLSA v1 provenance attestations.

What about AFIP, WhatsApp, banking, shipping?

Sidecar packages cover the rest of the Argentine business stack: @ar-agents/identity (CUIT/CUIL validation + AFIP/ARCA padron lookup with monotributo category and IVA condition), @ar-agents/facturacion (AFIP/ARCA factura electronica via WSFE), @ar-agents/whatsapp (WhatsApp Business Cloud API with HMAC webhook verify and AR phone normalizer), @ar-agents/banking (CBU/CVU validation + BCRA Central de Deudores), @ar-agents/shipping (Andreani, OCA, Correo Argentino), @ar-agents/identity-attest (HMAC-signed verification orchestrator). Each ships independently to npm.

Is there a Model Context Protocol (MCP) server?

Yes. @ar-agents/mcp bundles all 7 ar-agents packages into a single MCP server compatible with Claude Desktop, Cursor, Codeium, Continue, Cline, or any MCP host. Auto-detects which packages to enable from environment variables. Listed on Glama (glama.ai/mcp/servers/ar-agents/ar-agents) and the official MCP Registry (io.github.ar-agents/mcp).

/operator-quickstart · 15 minutes

From deployed to listed in 15 minutes.

You already deployed your sociedad-IA (or are about to via the wizard or the starter). This page is the rest: env vars, conformance pipeline, public registry. Run end-to-end in 15 minutes; if any step fails, every check has a remediation pointer.

Wire the audit-log env vars

~3 min

On your Vercel project (or wherever you deployed), set these six environment variables under Production:

AUDIT_HMAC_SECRET            <random 32+ char base64>          # RFC-004 v1 HMAC key
AUDIT_ED25519_PRIVATE_KEY    <PKCS8 base64url>                # RFC-005 § 4 private key
AUDIT_ED25519_PUBLIC_KEY     <SPKI base64url>                 # for self-verify
AUDIT_ED25519_KEY_ID         your-sociedad-key-2026-05        # matches keys.json
KV_REST_API_URL              https://*.upstash.io             # audit-log storage
KV_REST_API_TOKEN            <your token>

Generate the Ed25519 keypair via cookbook recipe 29 — it prints both the public-keys JSON (drop into your repo at public/.well-known/sociedad-ia/keys.json) and the private key (paste into the env var above).

Publish your /.well-known/agents.json

~2 min

Drop this file at public/.well-known/agents.jsonin your deployment's root. Replace the placeholders.

{
  "$schema": "https://ar-agents.vercel.app/schemas/agents.v1.json",
  "name": "<your-sociedad-name>",
  "homepage": "https://your-sociedad.example",
  "license": "MIT",
  "issuer": {
    "jurisdiction": "AR",
    "type": "sociedad-ia",
    "operatorName": "<your full legal name>",
    "operatorCuit": "20-12345678-9",
    "supervisionRegime": "rfc-001-v1",
    "denominacion": "<your sociedad's denominación social>"
  },
  "rfcConformance": [
    "rfc-001-v1",
    "rfc-002-v1",
    "rfc-004-draft",
    "rfc-005-draft"
  ],
  "auditEndpoints": {
    "auditRead":   "https://your-sociedad.example/api/play/audit/{sessionId}",
    "auditVerify": "https://your-sociedad.example/api/play/audit/{sessionId}?verify=1",
    "auditCsv":    "https://your-sociedad.example/api/play/audit/{sessionId}/csv"
  }
}

If your deployment doesn't run audit endpoints (e.g. you're a single-library demo), drop rfc-004-draft + the auditEndpoints block from the manifest. The certifier honors what you claim: skipping checks for unclaimed RFCs, failing only on overclaim.

Redeploy + verify

~3 min

Trigger a redeploy so the env vars + the well-known files are picked up. Then run the certifier:

# Run the public certifier against your URL
curl "https://ar-agents.vercel.app/api/certifier?url=https://your-sociedad.example" \
  | jq '.score, .rating, .rfcConformance'

Expect score: 100, rating: "A". If the score is lower, the per-check breakdown tells you which check failed + how to fix it. Run recipe 28 (operator readiness) for a more detailed pre-launch breakdown.

Run a session to populate the audit log

~2 min

With the env vars wired, any appendAudit() call in your app will write an entry with both hmac (RFC-004 v1) and signature (RFC-005 v1 Ed25519) fields. Run a session through your app, then verify:

# Read the session with HMAC + Ed25519 verification
curl "https://your-sociedad.example/api/play/audit/SESSION_ID?verify=1" | jq '.verification'

# Expected output:
# {
#   "total": N,
#   "verified": N,                        ← HMAC verified
#   "tampered": 0,
#   "hmacWired": true,
#   "signedAsymmetric": N,                ← entries dual-signed
#   "signedAsymmetricVerified": N         ← Ed25519 verified offline
# }

Submit to /registro

~5 min

Run cookbook recipe 30 with a config JSON describing your sociedad. It will:

Run recipe 28 (operator readiness) — must pass readiness: "ready" or "almost".
Run recipe 26 (certifier) — must score ≥ 60 (rating C+).
Validate honesty heuristics (CUIT format, demo-vs-productive disclosure language).
Print a copy-paste Markdown PR body for the registry submission.

Open a PR against github.com/ar-agents/ar-agents modifying apps/landing/src/app/registro/page.tsx with the entry. Merge typically within hours; live in /registro on the next build (~1h).

What you get when you finish

A green A · 100/100 cert badge for your sociedad — embeddable in your own site via https://ar-agents.vercel.app/api/cert-badge?url=YOUR_URL
A row on the public /registro with a live conformance sparkline (populated by the daily Vercel cron at /api/auto-monitor).
Audit-log entries dual-signed with HMAC + Ed25519, verifiable offline using your public key at /.well-known/sociedad-ia/keys.json.
A quarterly compliance report can be generated by running recipe 25 against your sessionIds.

If something breaks

Open an issue at github.com/ar-agents/ar-agents/issues with: your sociedad URL + the certifier output (curl https://ar-agents.vercel.app/api/certifier?url=YOUR_URL). The per-check breakdown narrows the cause quickly.