ar-agents is open-source infrastructure for Argentina's coming 'sociedades de IA' (AI-corporation) regime: 36 npm packages and 221 typed Vercel AI SDK 6 tools that let an AI agent incorporate and operate as an Argentine company end-to-end, identity (CUIT/ARCA), digital signing, money (Mercado Pago, the flagship package, with 89 tools), e-invoicing (AFIP/ARCA), banking (CBU/CVU + BCRA), WhatsApp Business, shipping (Andreani/OCA/Correo), gazette monitoring (Boletín Oficial), corporate registry (IGJ), plus 6 RFCs and an HMAC + Ed25519 audit log. MIT (code) + CC-BY-4.0 (specs).

How is this different from the official mercadopago SDK?

The official mercadopago SDK is a thin REST client. It does not ship Vercel AI SDK tool schemas, does not implement webhook HMAC verification with replay protection, does not run on Edge Runtime (Node-only), and does not gate irreversible operations. ar-agents adds all of that on top of the underlying API: 89 typed tools, deterministic idempotency keys derived from inputs, programmatic human-in-the-loop on refund/cancel/delete, npm provenance attestation, Vercel KV adapters via subpath, OpenTelemetry instrumentation. You can use both packages in the same project; ar-agents wraps the underlying API directly without depending on the official SDK.

Does ar-agents work on Edge Runtime?

Yes. The whole package is Web Crypto-based with no node:crypto dependency, so it runs on Vercel Edge Functions, Cloudflare Workers, Deno, and any other V8-isolate runtime. Webhook signature verification, HMAC, and idempotency-key generation all use the Web Crypto API.

What is HITL (human-in-the-loop) in ar-agents?

Eight tools mutate state irreversibly (refund_payment, cancel_subscription, delete_customer_card, etc.). The toolkit accepts a requireConfirmation callback that gates each invocation: the tool function literally will not execute until your callback returns true. This is a programmatic gate, not just an LLM instruction. You can show the user a UI and wait for their explicit approval before any irreversible operation runs.

How does idempotency work?

Every POST request gets an auto-generated idempotency key. For LLM-driven retries, four mutating tools (create_payment, create_subscription, create_payment_preference, refund_payment) use a deterministic key derived from a SHA-256 hash of the meaningful inputs (external_reference, amount, payment_method, etc.). Same inputs produce the same key, so retries return the existing resource instead of double-charging the customer.

Yes. MIT license. No paid tier, no telemetry phone-home, no usage caps. The package is published to npm under the @ar-agents scope with SLSA v1 provenance attestations.

What about AFIP, WhatsApp, banking, shipping?

Sidecar packages cover the rest of the Argentine business stack: @ar-agents/identity (CUIT/CUIL validation + AFIP/ARCA padron lookup with monotributo category and IVA condition), @ar-agents/facturacion (AFIP/ARCA factura electronica via WSFE), @ar-agents/whatsapp (WhatsApp Business Cloud API with HMAC webhook verify and AR phone normalizer), @ar-agents/banking (CBU/CVU validation + BCRA Central de Deudores), @ar-agents/shipping (Andreani, OCA, Correo Argentino), @ar-agents/identity-attest (HMAC-signed verification orchestrator). Each ships independently to npm.

Is there a Model Context Protocol (MCP) server?

Yes. @ar-agents/mcp bundles the ar-agents toolkit into a single MCP server compatible with Claude Desktop, Cursor, Codeium, Continue, Cline, or any MCP host. Auto-detects which packages to enable from environment variables. Listed on Glama (glama.ai/mcp/servers/ar-agents/ar-agents) and the official MCP Registry (io.github.ar-agents/mcp).

ar-agents, open infrastructure for AI corporations in Argentina

Short version: this site exists to make agent activity auditable, not to track humans. We keep signed logs of tool calls because that is the product. We keep nothing else.

What we collect

The hosted endpoints on this site (the playground at /play, the remote MCP endpoint at /api/mcp, the x402-priced APIs, and the Auditor) write each tool call to an append-only audit log. An entry contains: a timestamp, the tool name, the inputs and outputs exactly as provided in the call, a session id, and a cryptographic signature (HMAC-SHA256, optionally Ed25519). That is the whole record. If you send personal data as a tool input (for example a CUIT you type into the playground), it lands in that log as provided.

We do not use cookies for tracking, analytics trackers, or fingerprinting. Standard server logs (IP addresses, request metadata) are handled by our hosting provider, Vercel, under its own retention. Audit entries are stored in Vercel KV (Upstash).

Retention

Playground and public demo sessions expire automatically after 7 days. Paid Auditor sessions are business records and are retained, by design: a public proof link that disappears would defeat the product. In-memory rate-limit counters live only for the duration of a serverless instance.

What we never do

We do not sell data. We do not share it with advertisers. There are no third-party ads on this site. Audit logs are used for exactly what the documentation says: forensic verification of agent activity, by you or by anyone you hand a session link to.

Your choices

Do not submit real personal data to the public demos; synthetic data works just as well. To ask about or request deletion of a specific audit session, write to naza@naza.ar with the session id. Note that durable (paid) sessions may be retained where they constitute business records.

Governing law

This site is operated from Argentina and governed by Argentine law, including Ley 25.326 de Protección de los Datos Personales.

Nota en español: este sitio guarda registros firmados de las llamadas a herramientas (timestamps, nombre de la herramienta, inputs y outputs, session id) porque ese registro auditable es el producto. No usamos cookies de tracking, no vendemos datos, no hay publicidad de terceros. Sesiones de demo expiran a los 7 días; las sesiones pagas del Auditor se conservan. Contacto: naza@naza.ar.

Scope

This policy covers ar-agents.ar and its hosted API endpoints. The open-source @ar-agents/* npm packages run on your own infrastructure and send us nothing.

Privacy policy