Runtime security layer for AI agent commerce. Card credentials inject into the browser via CDP — never enter the agent's context window.
This config will be passed to Cursor on install. Inspect `command`, `args`, and `env` before continuing.
{
"command": "npx",
"args": [
"-y",
"pop-pay",
"launch-mcp"
],
"env": {
"POP_CDP_URL": "http://localhost:9222",
"POP_ALLOWED_CATEGORIES": "[\"aws\",\"cloudflare\"]",
"POP_MAX_PER_TX": "100.0",
"POP_MAX_DAILY": "500.0",
"POP_GUARDRAIL_ENGINE": "keyword"
}
}