ar-agents is a Mercado Pago Agent Toolkit for the Vercel AI SDK 6. It ships 89 typed tools that an LLM agent can call directly to drive Mercado Pago billing flows: subscriptions, payments, refunds, checkout pro, marketplace OAuth, cuotas (installments), QR in-store, 3DS challenge resolution, point-of-sale devices, webhooks. Sidecar packages cover AFIP/ARCA, WhatsApp Business Cloud, banking (CBU/CVU + BCRA), and shipping (Andreani/OCA/Correo Argentino).

How is this different from the official mercadopago SDK?

The official mercadopago SDK is a thin REST client. It does not ship Vercel AI SDK tool schemas, does not implement webhook HMAC verification with replay protection, does not run on Edge Runtime (Node-only), and does not gate irreversible operations. ar-agents adds all of that on top of the underlying API: 89 typed tools, deterministic idempotency keys derived from inputs, programmatic human-in-the-loop on refund/cancel/delete, npm provenance attestation, Vercel KV adapters via subpath, OpenTelemetry instrumentation. You can use both packages in the same project; ar-agents wraps the underlying API directly without depending on the official SDK.

Does ar-agents work on Edge Runtime?

Yes. The whole package is Web Crypto-based with no node:crypto dependency, so it runs on Vercel Edge Functions, Cloudflare Workers, Deno, and any other V8-isolate runtime. Webhook signature verification, HMAC, and idempotency-key generation all use the Web Crypto API.

What is HITL (human-in-the-loop) in ar-agents?

Eight tools mutate state irreversibly (refund_payment, cancel_subscription, delete_customer_card, etc.). The toolkit accepts a requireConfirmation callback that gates each invocation: the tool function literally will not execute until your callback returns true. This is a programmatic gate, not just an LLM instruction. You can show the user a UI and wait for their explicit approval before any irreversible operation runs.

How does idempotency work?

Every POST request gets an auto-generated idempotency key. For LLM-driven retries, four mutating tools (create_payment, create_subscription, create_payment_preference, refund_payment) use a deterministic key derived from a SHA-256 hash of the meaningful inputs (external_reference, amount, payment_method, etc.). Same inputs produce the same key, so retries return the existing resource instead of double-charging the customer.

Yes. MIT license. No paid tier, no telemetry phone-home, no usage caps. The package is published to npm under the @ar-agents scope with SLSA v1 provenance attestations.

What about AFIP, WhatsApp, banking, shipping?

Sidecar packages cover the rest of the Argentine business stack: @ar-agents/identity (CUIT/CUIL validation + AFIP/ARCA padron lookup with monotributo category and IVA condition), @ar-agents/facturacion (AFIP/ARCA factura electronica via WSFE), @ar-agents/whatsapp (WhatsApp Business Cloud API with HMAC webhook verify and AR phone normalizer), @ar-agents/banking (CBU/CVU validation + BCRA Central de Deudores), @ar-agents/shipping (Andreani, OCA, Correo Argentino), @ar-agents/identity-attest (HMAC-signed verification orchestrator). Each ships independently to npm.

Is there a Model Context Protocol (MCP) server?

Yes. @ar-agents/mcp bundles all 7 ar-agents packages into a single MCP server compatible with Claude Desktop, Cursor, Codeium, Continue, Cline, or any MCP host. Auto-detects which packages to enable from environment variables. Listed on Glama (glama.ai/mcp/servers/ar-agents/ar-agents) and the official MCP Registry (io.github.ar-agents/mcp).

/certifier · live · no install

RFC conformance certifier.

Paste any base URL. The certifier fetches its public endpoints + scores RFC-002 + RFC-004 conformance in seconds. Score 0-100 with per-check breakdown. No setup. No install. Run against your sociedad-IA, or someone else's, or this site itself.

Base URLSample sessionId (optional, defaults to demo-public-ar-001)

Runs ~9 HTTP checks against the target. Cached 60s per URL.

What this checks

RFC-002: /.well-known/agents.json exists + has issuer.jurisdiction + endpoints.auditRead + rfcConformance.
RFC-004: audit-read endpoint responds, verify=1 returns counts, CSV export works.
Tooling: OpenAPI 3.x spec available, sitemap present, security headers (HSTS + X-Content-Type-Options).
Discovery: /api/discovery alt path responds.

What this does NOT check

HMAC validity, the certifier relies on the target's own verify=1 endpoint. To verify independently, fetch the entries + the public key (RFC-004 § 5) + run the cryptographic check client-side.
Business legitimacy, passing 100/100 means the technical scaffolding is in place. It does NOT mean the sociedad-IA is doing legal business; that's the regulator's job.
Operational health, endpoint up/down at this moment ≠ ran legitimately for 6 months. Use cookbook recipe 25 for the long-horizon view.

Programmatic access

Hit the API directly. Same checks, same scoring, no UI:

curl "https://ar-agents.ar/api/certifier?url=https://your-sociedad.vercel.app"
curl "https://ar-agents.ar/api/certifier?url=...&sessionId=abc12345"