Bridge AP2 (Agent Payments Protocol) and x402 agent-payment mandates into wire-valid ISO 20022 pain.001 / pacs.008 records, with spending-cap, expiry and authorisation guardrails. Includes an MCP server.
Project description
ap2-iso20022: Agent-payment mandates → wire-valid ISO 20022
Bridge AP2 (Google's Agent Payments Protocol) and x402
(Coinbase's HTTP-402) mandates into ISO 20022 pain.001 / pacs.008 records —
with spending-cap, expiry and authorisation guardrails, and an MCP
server. These agentic-payment protocols authorise a payment; this library
turns that authorisation into the bank-rail message that actually settles it
— the rail the card networks and stablecoins don't cover.
Latest release: v0.0.1 — 5 MCP tools over stdio, pure-Python (only
mcp), 100% branch coverage, for Python 3.10+. Output feeds straight intopain001/pacs008to generate wire-valid XML. Part of the ISO 20022 MCP suite.
Why
An agent with a signed AP2 mandate (or an x402 payment authorisation) can prove
it's allowed to pay — but nothing in those protocols emits the pain.001 a
bank needs to move the money. ap2-iso20022 is that missing hop. And because
moving money is consequential, it only transforms and validates — producing
the ISO record is deliberately separate from generating and sending it, so the
actual payment stays an explicit, guarded step.
Install
pip install ap2-iso20022
# or run the MCP server without installing:
uvx ap2-iso20022
MCP client config (e.g. Claude Desktop):
{
"mcpServers": {
"ap2-iso20022": {
"command": "ap2-iso20022-mcp"
}
}
}
Flow: normalise → guardrail → convert
from ap2_iso20022 import bridge
# 1. Normalise the protocol payload into a canonical mandate.
mandate = bridge.from_ap2({
"intent_id": "AP2-CoffeeRun-7",
"payer": "Alice's Shopping Agent",
"payer_account": "DE89370400440532013000",
"merchant_name": "Blue Bottle Coffee",
"payee_account": "GB29NWBK60161331926819",
"amount": "12.50", "currency": "EUR", "memo": "oat latte",
"spending_limit": "50.00",
"signature": "eyJ...", "signature_type": "jws",
})
# 2. Guardrail before it becomes a payment.
check = bridge.check_mandate(mandate, as_of="2026-03-02T09:00:00")
assert check["ok"] # required fields ok, within cap, not expired, signed
# 3. Convert to a pain.001 record that feeds pain001 -> wire-valid XML.
record = bridge.to_pain001(mandate) # exact pain001 field names + JSON number amounts
Tools
| Tool | What it does |
|---|---|
normalize_ap2 |
AP2 mandate payload → canonical mandate. |
normalize_x402 |
x402 payment payload → canonical mandate. |
check_mandate |
Guardrail: required fields, spending cap, expiry (with as_of), authorisation proof. |
to_pain001 |
Canonical mandate → pain.001 record (customer credit transfer). |
to_pacs008 |
Canonical mandate → pacs.008 record (FI-to-FI). |
The output field names and types match what pain001 / pacs008 expect
(validated against their JSON schemas), so to_pain001(mandate) → pain001
generate_message → XSD-valid pain.001 with no glue.
Guardrails
check_mandate returns {ok, violations, warnings}:
- required fields — payer/payee name + account, amount, currency
- spending cap —
amount <= max_amountwhen a cap is present - expiry — refuses an expired mandate when you pass
as_of - authorisation proof — warns when no
proof_type/proof_valueis present
It never moves money; it tells you whether the mandate is safe to act on.
The suite
Part of a family of vendor-neutral, Python-native ISO 20022 MCP servers:
iso20022-mcp— unified gateway across the families.pain001-mcp·pacs008-mcp— generate the XML this bridge feeds.reconcile-mcp— statement/payment reconciliation.camt-exceptions— E&I messages (cancellation, investigation).
Development
git clone https://github.com/sebastienrousseau/ap2-iso20022
cd ap2-iso20022
python -m venv .venv && . .venv/bin/activate
pip install -e . && pip install pytest pytest-cov ruff black mypy
pytest # 100% branch coverage gate
ruff check ap2_iso20022 tests && black --check ap2_iso20022 tests && mypy ap2_iso20022
Licence
Licensed under the Apache License, Version 2.0.
mcp-name: io.github.sebastienrousseau/ap2-iso20022
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ap2_iso20022-0.0.1.tar.gz.
File metadata
- Download URL: ap2_iso20022-0.0.1.tar.gz
- Upload date:
- Size: 11.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b556269e43c9bb91f8ef491fba377d0c27549667041bd8f6f731fc92443ef900
|
|
| MD5 |
bab1b53591c1a970e97f10e70b2ec09d
|
|
| BLAKE2b-256 |
fdec93a8481cceda903d41c8a46e05f5c66833ace0a3c599897013206a67f379
|
Provenance
The following attestation bundles were made for ap2_iso20022-0.0.1.tar.gz:
Publisher:
release.yml on sebastienrousseau/ap2-iso20022
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ap2_iso20022-0.0.1.tar.gz -
Subject digest:
b556269e43c9bb91f8ef491fba377d0c27549667041bd8f6f731fc92443ef900 - Sigstore transparency entry: 2153754614
- Sigstore integration time:
-
Permalink:
sebastienrousseau/ap2-iso20022@18eba90de9ed60744236fa2a8400a9ac523f4cdf -
Branch / Tag:
refs/tags/v0.0.1 - Owner: https://github.com/sebastienrousseau
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@18eba90de9ed60744236fa2a8400a9ac523f4cdf -
Trigger Event:
push
-
Statement type:
File details
Details for the file ap2_iso20022-0.0.1-py3-none-any.whl.
File metadata
- Download URL: ap2_iso20022-0.0.1-py3-none-any.whl
- Upload date:
- Size: 14.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
036a4b882d32fad4c7c604f237fe382d581df6efdad43d2dcbcb92b562291ee8
|
|
| MD5 |
be2179e59c86a42ad5fa278cdca6c0c3
|
|
| BLAKE2b-256 |
29afdc4cc31db6a9df70768c6d91c1c22bb0a0b6c4bd002e75ac10f0544cbcf6
|
Provenance
The following attestation bundles were made for ap2_iso20022-0.0.1-py3-none-any.whl:
Publisher:
release.yml on sebastienrousseau/ap2-iso20022
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ap2_iso20022-0.0.1-py3-none-any.whl -
Subject digest:
036a4b882d32fad4c7c604f237fe382d581df6efdad43d2dcbcb92b562291ee8 - Sigstore transparency entry: 2153754660
- Sigstore integration time:
-
Permalink:
sebastienrousseau/ap2-iso20022@18eba90de9ed60744236fa2a8400a9ac523f4cdf -
Branch / Tag:
refs/tags/v0.0.1 - Owner: https://github.com/sebastienrousseau
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@18eba90de9ed60744236fa2a8400a9ac523f4cdf -
Trigger Event:
push
-
Statement type: