Safe-by-design USDC and x402 payment plugin for Hermes Agent
hermes-payguard is an early-stage Python project in the AI payments / x402 ecosystem. It currently has 11 GitHub stars and 2 forks.
Hermes PayGuard is a standalone Hermes plugin for safe-by-design USDC and x402 payments.
It does not patch Hermes core. It installs as an add-on and gives Hermes payment tools with an explicit operator boundary:
payguard approve <intent-id>.docs/installation.mddocs/operator-guide.mddocs/cctp-executor.mddocs/architecture.mdPayGuard follows the same trust-boundary philosophy as CaMeL Guard, but adapted to payments.
The key implementation detail is that approval is external to the model loop. Hermes can stage payment intents, but a separate operator command creates the approval stamp:
payguard approve <intent-id>
That avoids the weakest version of “agent-approved its own payment.”
Clone the repo and symlink it into Hermes' plugin directory:
git clone https://github.com/nativ3ai/hermes-payguard.git
mkdir -p ~/.hermes/plugins
ln -sfn /path/to/hermes-payguard ~/.hermes/plugins/hermes-payguard
pip install -e /path/to/hermes-payguard
pip install hermes-payguard
Quick path:
git clone https://github.com/nativ3ai/hermes-payguard.git
cd hermes-payguard
pip install -e .
payguard install-plugin
payguard init-policy
payguard doctor
Create ~/.hermes/payguard/policy.yaml:
mode: enforce
network_profile: mainnet
asset: USDC
default_chain: BASE
per_payment_limit_usdc: 100
micro_auto_approve_limit_usdc: 0.05
allowed_circle_recipients:
- "0x1111111111111111111111111111111111111111"
allowed_cctp_destination_chains: []
allowed_x402_hosts:
- 127.0.0.1
- localhost
allow_unlisted_cctp_destinations: true
Then set the relevant env vars.
Mainnet is the default. To force testnet defaults instead:
export PAYGUARD_ENV="testnet"
That switches the default Circle and x402 profiles to:
default_chain=BASE-SEPOLIACIRCLE_API_BASE_URL=https://api-sandbox.circle.comCIRCLE_CCTP_API_BASE_URL=https://iris-api-sandbox.circle.comPAYGUARD_X402_NETWORK=eip155:84532export CIRCLE_API_KEY="..."
export CIRCLE_ENTITY_SECRET_CIPHERTEXT="..."
export CIRCLE_WALLET_ID="..."
export CIRCLE_TOKEN_ID="..."
export CIRCLE_API_KEY="..."
export CIRCLE_X_USER_TOKEN="..."
export CCTP_EXECUTOR_URL="https://your-burn-executor.internal/execute-cctp"
CCTP_EXECUTOR_URL is the boundary between PayGuard and the actual source-chain burn signer. PayGuard handles:
The executor is responsible for submitting the actual burn transaction and returning a transactionHash.
export PAYGUARD_EVM_PRIVATE_KEY="0x..."
export PAYGUARD_X402_NETWORK="eip155:8453"
payguard_prepare_usdc_transfer.payguard approve <intent-id>
payguard_execute_payment_intent.For tiny x402 payments below the configured threshold, payguard_fetch_paid_url can auto-pay without a separate approval stamp.
Natural prompts Hermes can handle once the plugin is installed:
Prepare a 12.5 USDC transfer to 0xabc... on Circle developer-controlled wallets for vendor invoice March-20.
Prepare a 50 USDC CCTP transfer from BASE to ARBITRUM for 0xabc..., use standard finality, and stage it for approval.
Fetch the paid x402 URL https://example.com/premium if the micropayment is below policy limits.
Verified locally:
Detailed notes:
payguard_prepare_usdc_transferpayguard_prepare_cctp_transferpayguard_execute_payment_intentpayguard_get_payment_intentpayguard_list_payment_intentspayguard_fetch_paid_urlpip install -e .[test]
pytest -q
The test suite includes: