ar-agents is a Mercado Pago Agent Toolkit for the Vercel AI SDK 6. It ships 89 typed tools that an LLM agent can call directly to drive Mercado Pago billing flows: subscriptions, payments, refunds, checkout pro, marketplace OAuth, cuotas (installments), QR in-store, 3DS challenge resolution, point-of-sale devices, webhooks. Sidecar packages cover AFIP/ARCA, WhatsApp Business Cloud, banking (CBU/CVU + BCRA), and shipping (Andreani/OCA/Correo Argentino).

How is this different from the official mercadopago SDK?

The official mercadopago SDK is a thin REST client. It does not ship Vercel AI SDK tool schemas, does not implement webhook HMAC verification with replay protection, does not run on Edge Runtime (Node-only), and does not gate irreversible operations. ar-agents adds all of that on top of the underlying API: 89 typed tools, deterministic idempotency keys derived from inputs, programmatic human-in-the-loop on refund/cancel/delete, npm provenance attestation, Vercel KV adapters via subpath, OpenTelemetry instrumentation. You can use both packages in the same project; ar-agents wraps the underlying API directly without depending on the official SDK.

Does ar-agents work on Edge Runtime?

Yes. The whole package is Web Crypto-based with no node:crypto dependency, so it runs on Vercel Edge Functions, Cloudflare Workers, Deno, and any other V8-isolate runtime. Webhook signature verification, HMAC, and idempotency-key generation all use the Web Crypto API.

What is HITL (human-in-the-loop) in ar-agents?

Eight tools mutate state irreversibly (refund_payment, cancel_subscription, delete_customer_card, etc.). The toolkit accepts a requireConfirmation callback that gates each invocation: the tool function literally will not execute until your callback returns true. This is a programmatic gate, not just an LLM instruction. You can show the user a UI and wait for their explicit approval before any irreversible operation runs.

How does idempotency work?

Every POST request gets an auto-generated idempotency key. For LLM-driven retries, four mutating tools (create_payment, create_subscription, create_payment_preference, refund_payment) use a deterministic key derived from a SHA-256 hash of the meaningful inputs (external_reference, amount, payment_method, etc.). Same inputs produce the same key, so retries return the existing resource instead of double-charging the customer.

Yes. MIT license. No paid tier, no telemetry phone-home, no usage caps. The package is published to npm under the @ar-agents scope with SLSA v1 provenance attestations.

What about AFIP, WhatsApp, banking, shipping?

Sidecar packages cover the rest of the Argentine business stack: @ar-agents/identity (CUIT/CUIL validation + AFIP/ARCA padron lookup with monotributo category and IVA condition), @ar-agents/facturacion (AFIP/ARCA factura electronica via WSFE), @ar-agents/whatsapp (WhatsApp Business Cloud API with HMAC webhook verify and AR phone normalizer), @ar-agents/banking (CBU/CVU validation + BCRA Central de Deudores), @ar-agents/shipping (Andreani, OCA, Correo Argentino), @ar-agents/identity-attest (HMAC-signed verification orchestrator). Each ships independently to npm.

Is there a Model Context Protocol (MCP) server?

Yes. @ar-agents/mcp bundles all 7 ar-agents packages into a single MCP server compatible with Claude Desktop, Cursor, Codeium, Continue, Cline, or any MCP host. Auto-detects which packages to enable from environment variables. Listed on Glama (glama.ai/mcp/servers/ar-agents/ar-agents) and the official MCP Registry (io.github.ar-agents/mcp).

ar-agents, operational briefing for the Argentine state

For the advisor who receives this link from Sturzenegger, Reidel, Subsec TIC, AAIP, or any agency related to the sociedades-IA regime. Designed to be read in a single 10-minute pass and forwarded internally with confidence.

Executive summary · 3 lines

I'm an independent Argentine developer. I built the technical reference implementation for the sociedades-IA regime the Minister announced on April 28: 17 npm packages + 5 technical specs (CC-BY-4.0) + a forensic cryptographic audit log.
I'm not selling anything to the state today. The code is MIT and will stay MIT. I'm bringing concrete proposals, not requests: see section 6.
I'm available for 30-minute technical meetings, no fees. If the ministry afterward finds a support or services agreement useful, there's a separate commercial tier at /cloud. Open source and the commercial tier are separate by design.

1 · Who I am

Naza, 26, monotributista category A (IT services), based in Monte Grande, Buenos Aires. No formal legal training. No state funding, no private funding, no contracts with intelligence or security services. Documented work at github.com/naza00000. Previously built Astro (astro.ar) and Publi (publi.ar), two AI consumer products in Argentina; this project is infrastructure, not a consumer product.

2 · What I built, technically

17 npm packages under @ar-agents/* with MIT license. They cover 16 of the 17 operational pieces an Argentine AI corporation needs to operate end-to-end (identity / signing / money / customer ops / Official Gazette monitoring / corporate registry). The missing piece (registering a client app on TAD/GDE) requires government authorization with no public process.
5 RFCs published under CC-BY-4.0, technical-normative proposals that legislation can incorporate cite-by-reference. Suggested text for the articulado at /legislation.
Forensic audit log dual-signed with HMAC-SHA256 + Ed25519. Any agency (regulator, court expert, AAIP) can verify without asking the operator for the private key. Technical details at /auditor (printable 1-pager) + /architecture/audit-log (code-level deep-dive).
Immutable citation generator (/cite): BibTeX, APA and Chicago anchored to a GitHub commit hash. Lets the law's articulado cite a specific RFC version without relying on the mutable canonical URL. Zenodo immutable DOI is on the roadmap.
International comparison (/jurisdictions), side-by-side analysis with Wyoming DAO LLC, Marshall Islands MIDAO, Estonia e-Residency, Singapore VCC + AI Verify, and EU AI Act Art. 50.

3 · What this saves the Ministry

Prior technical work: the 5 RFCs cover the operational decisions any regulatory design would have to make anyway. Honest estimate: 4-6 months of technical definition + peer review already done, published, and open to public comment on GitHub Discussions.
Citable open-source reference: the articulado can use cite-by-reference instead of transcribing technical specs into the law. If the spec evolves, it doesn't require reopening the legislative debate, the law pins the cite to a specific version (commit hash or Zenodo DOI).
Reference implementation any AI corp can use on day 1 of the law: no license fee, no single-vendor dependency, no lock-in. Lowers adoption friction.
Quantitative international comparison to ground competitive positioning. If the ministry needs to publicly defend “Argentina vs Wyoming vs Estonia vs Marshall Islands”, the data is already organized.

4 · What this is NOT

This is not a commercial project selling to the state. The code is MIT, the site is free, the demo is public, the RFCs are CC-BY-4.0. Any consultancy (Globant, Accenture, BGH) can implement it for a client without asking me. If in the future there are paid services (managed hosting, SLA support, key custody), they live separately at /cloud , but the base infrastructure stays free by design.
This is not professional legal opinion. I'm not a licensed lawyer. The RFCs are technical drafts that need review by specialists (corporate law, AAIP, evidentiary law) before any legislative adoption. That's why I published /co-sign: open invitation for Argentine scholars and jurists to add co-authorship without commercial commitment.
This is not an intelligence / state security proposal. The manifesto is explicit: civil-commercial-OSS, I don't participate in intelligence or security service contracts. If the state needs Palantir-grade tooling, there are other places; this project stays in the civil layer.
This is not a token / DAO / crypto play. No governance token, no yield farming, no on-chain treasury. The differentiation from $SAIRI / WAGMI.law is explicit at /jurisdictions.

5 · Honest limitations (what a skeptical advisor would find first)

Single maintainer. If I'm out, the project slows. Mitigations: MIT code on public GitHub with full history; npm provenance attestations; Zenodo (CERN) RFC archival on the roadmap for 20+ year preservation. Any consultancy could take the code and give it continuity tomorrow.
Infrastructure runs on foreign providers (Vercel US, Upstash sa-east-1, npm US, GitHub US). For civil use it's not blocking, but for production regulated by Argentine LPDP (25.326) it requires either a DPA with each provider or migration to AR residency. /cloud contemplates a “Government tier” with AR residency + auditable HSM as a planned path, not a solution today.
The registry has 5 entries, all mine. The /registry is honest about this. It shows the reference implementation + 4 demos by the author, not an ecosystem. The law doesn't exist yet; real operators appear when the regime appears.
RFCs are in draft status. The specs are in draft-01. Next stage requires review by external co-signers (jurist + scholar) and immutable archival on Zenodo. Citing them in the final articulado of a law before they reach stable status is not recommended; for preparatory legislative discussion, it is.

6 · What I'm proposing (not asking for)

In order from least to most institutional commitment:

Awareness on the Minister's team that the reference implementation exists, before the articulado is drafted. Avoids technical assumptions that contradict the stack that already works. Zero commitment.
30-minute technical meeting with whomever the ministry designates (Subsec TIC, Minister's advisor, Deregulation Sandbox team). No fees, no commercial agenda. Live demo, open code, hard questions welcome.
Open TAD/GDE for programmatic client-app registration. This is the only technical piece that depends on the state and that I can't solve alone. If the ministry includes this in the reform scope, the programmatic AI-corp incorporation cycle closes.
Eventual reference in the articulado to existing specs. If after review by specialists (step 7) some RFC is considered incorporable, the ministry can cite it via immutable commit hash or Zenodo DOI. No exclusivity commitment, the cite points to a public CC-BY-4.0 document.

7 · Why I need this to circulate before the bill is drafted

A bill drafted without technical input tends to fix definitions that later complicate implementation: obsolete cryptographic standards, digital-identity assumptions that clash with OIDC/PKCE, retention requirements that ignore how an append-only audit log actually works. The 5 RFCs cover those decisions from the code side. If we get there before the articulado draft, we avoid costly reversals; if we arrive after, the errors crystallize.

This isn't lobbying. It's one developer writing to the advisor who received this link, saying: there's useful material here, it's open, it costs nothing to use or ignore, it's worth a look before deciding.

8 · Contact

Naza
Email: naza@naza.ar: reply within 48h.
Monte Grande, Buenos Aires.
GitHub: @naza00000 · Twitter: @nazaclemente.

For assistants / secretariats: schedule 30 minutes by video call (Google Meet preferred, Zoom and Teams also fine). No NDA needed, all material is public under MIT + CC-BY-4.0.

9 · Supporting material

/to-the-minister: personal open letter, CC0, 2026-05-09.
/legislation: technical synthesis with suggested cite-by-reference text.
/auditor: printable 1-pager for regulators.
/jurisdictions: comparison with Wyoming / Marshall / Estonia / Singapore.
/rfcs/001 a /rfcs/005: the 5 technical specs.
/play: interactive demo, 30 seconds, no setup.
/registry: public registry with honest disclosure.
/security: STRIDE + OWASP LLM Top 10 threat model.
/cloud: commercial tier (separate from the open source).

Operational briefing for the Argentine state.