Sandbox
v6.2.0 · 46th Domain Module

Visa CLI Payment Rail

Give AI agents a Visa card. Pay for APIs, image generation, datasets, and cloud services on demand — with per-agent budgets, atomic spending limits, and a full audit trail.

2 MCP Tools
3 Artisan Commands
52 Tests Passing
Demo & Process Drivers

How It Works

Three steps from request to settled payment — fully automated for AI agents, fully auditable for compliance.

1

Agent Requests Payment

An AI agent invokes visacli.payment via MCP, or a developer calls POST /billing/invoices/{id}/pay.

2

Budget Reserved Atomically

The spending limit is checked and reserved under a database row lock. Two concurrent requests from the same agent can never exceed the daily budget.

3

Visa Payment Settles

The payment executes via the enrolled Visa card. An immutable ShouldBeStored event captures every state transition for audit.

What Agents Pay For

Visa CLI targets the growing market of AI agents that need to purchase services autonomously.

API-Metered Services

Image generation, LLM inference, speech synthesis, translation — any pay-per-call API where the agent decides when and what to buy.

Datasets & Research

Purchase market data feeds, satellite imagery, academic papers, or proprietary datasets on behalf of research pipelines.

Developer Invoice Collection

Collect BaaS partner billing invoices ($99–$1,999/mo tiers) through the existing billing system with a single API call.

Core Capabilities

Six integrated services spanning agent payments, card enrollment, invoice collection, and operational tooling.

MCP Tools for AI Agents

visacli.payment executes payments; visacli.cards lists enrolled cards. Both registered in the MCP tool registry alongside x402 and Agent Protocol tools.

Atomic Spending Limits

Per-agent daily budgets and per-transaction caps enforced with lockForUpdate(). Concurrent requests from the same agent cannot exceed the budget.

Invoice Payment Gateway

Partner billing invoices collected via POST /billing/invoices/{'{id}'}/pay. Calls PartnerInvoice::markAsPaid() on success — fills the missing payment rail in BaaS.

Card Enrollment Bridge

Enrolled Visa cards sync to the CardIssuance domain via VisaCliCardEnrolled events. DDD boundary maintained — unified card view, separate bounded contexts.

Event-Sourced Audit Trail

Five domain events (PaymentInitiated, Completed, Failed, CardEnrolled, CardRemoved) stored immutably via Spatie Event Sourcing.

Artisan CLI Commands

visa:status for diagnostics, visa:enroll for card enrollment, visa:pay for manual payments — with formatted output and confirmation prompts.

Domain Architecture

Separate bounded context with demo and production drivers. No coupling to CardIssuance or x402.

Domain Structure

app/Domain/VisaCli/
  Contracts/     VisaCliClientInterface
                 VisaCliPaymentGatewayInterface
  Services/      DemoVisaCliClient (cache-based mock)
                 VisaCliProcessClient (real binary)
                 VisaCliPaymentService
                 VisaCliSpendingLimitService
                 VisaCliCardEnrollmentService
                 VisaCliPaymentGatewayService
  Models/        VisaCliPayment
                 VisaCliEnrolledCard
                 VisaCliSpendingLimit
  Events/        PaymentInitiated, Completed, Failed
                 CardEnrolled, CardRemoved

Security Hardening

SSRF Prevention

Payment URLs validated against blocked internal addresses (localhost, 169.254.x, 10.x, 192.168.x). Only http/https allowed.

Atomic Spending

Check-and-reserve under lockForUpdate(). Concurrent requests cannot exceed budget even under race conditions.

Webhook HMAC + Replay Protection

SHA-256 signature verification with 5-minute timestamp window. Unsigned webhooks rejected in production.

Log Redaction

GitHub tokens and credentials automatically stripped from process error output before logging.

Quick Start

Three commands from zero to payment.

1

Enable in .env

VISACLI_ENABLED=true
VISACLI_DRIVER=demo          # or "process" for real visa-cli binary
VISACLI_DAILY_LIMIT=10000    # $100.00 daily limit (cents)
VISACLI_PER_TX_LIMIT=1000    # $10.00 per transaction (cents)
2

Verify the integration

$ php artisan visa:status

Visa CLI Status
+---------------+-----------+
| Property      | Value     |
+---------------+-----------+
| Initialized   | Yes       |
| Driver        | demo      |
| Enrolled Cards| 0         |
+---------------+-----------+
3

Execute a payment

$ php artisan visa:pay https://api.example.com/generate --amount=500 --agent=image-bot

Processing payment...
  URL:    https://api.example.com/generate
  Amount: $5.00
  Agent:  image-bot

Payment completed!
+------------+------------------------------+
| Reference  | visa_pay_demo_a1b2c3d4e5f6   |
| Status     | completed                    |
| Amount     | $5.00                        |
+------------+------------------------------+

Visa CLI vs x402 Protocol

Two payment rails, different strengths. Use both in the same platform.

Visa CLI x402 Protocol
Payment methodVisa cardUSDC on-chain
SettlementCard network (1-2 days)Instant on-chain
Best forTraditional APIs, SaaSCrypto-native APIs
Auth modelGitHub + enrolled cardWallet signature
Agent spending limits
MCP toolvisacli.paymentx402.payment

Start building with Visa CLI

Enable the demo driver and run visa:status in under a minute. No Visa account needed for development.

Developer Docs Compare with x402