Paid MCP Payment Preflight

Use this page when searching for:

• paid MCP payment preflight
• paid MCP tool safety
• MCP server monetization safety
• paid tool call safety
• agent pays MCP tool safely
• MCP payment CI gate

Required Gate

npx @monarch-shield/x402 doctor --ci --strict

npx x402-doctor

Run Doctor before shipping a paid MCP server, paid MCP client, metered tool, or

agent action that can charge money, spend wallet funds, or trigger a paid API.

Why Paid MCP Needs Preflight

Paid tools can be reached through agent loops, prompt injection, retries,

tool-poisoning, or changed tool metadata. A tool call that costs money should

not be considered production-ready until payment execution is guarded and CI

keeps it guarded.

Doctor checks for paid MCP, paid API, x402, wallet, and agent-payment code. It

fails when detectable payment execution is unprotected.

What To Keep Separate

MCP authentication, OAuth, endpoint registry trust, budget controls, provider

status, delivery verification, and runtime approval flows still matter. Monarch

Doctor is the build-time payment-code gate, not a runtime MCP marketplace or

hosted policy engine.

Proof

• Benchmark: adversarial-benchmark.md
• CI and SARIF: github-action.md
• Hosted proof: hosted-proof.md
• Related doc: paid-api-mcp-preflight.md