Updates

What's new in Agentcard — new features, improvements, and fixes, shipped continuously.

Added
  • You can now redeem a promo code to add credit straight to your wallet — just ask your agent to redeem it
  • During identity verification over iMessage, you can now just send a photo of your ID right in the chat instead of using a separate upload link — Agentcard figures out the document type and country automatically, and the verification link now opens a phone-friendly screen
  • The 'Buy Me Anything' iMessage line can now do everything your agent can do on Agentcard — check your balance, review transactions, handle identity verification — not just shop
  • If you stop partway through identity verification, you'll now get a reminder email with a link to pick up right where you left off; the ID-number question also asks for the right thing based on your document's country (a Social Security Number only for US-issued IDs)
Improved
  • Funding your wallet now sends two texts: one confirming your money was received and is settling, then a second once it's actually credited and ready to spend — instead of one early text that arrived before the funds could actually be used
  • The shopping agent now always tells you what it's doing right before a longer step, like starting identity verification or looking up a menu, instead of sometimes going quiet for 10-20 seconds
  • Identity verification now skips a screen that asked you to re-confirm information you'd already given earlier in the conversation
  • Cards issued through a company's connected app, or by an organization, are no longer capped by the personal-plan card-count and per-card limits — only the company's own billing controls apply
Fixed
  • Fixed a security gap where a company's API key could, in some cases, reach an individual user's personal account — cards, wallet balance, and orders — instead of staying scoped to the company's own integration
  • Closed a gap where, if a certain legacy payment-webhook setting were ever left blank, a forged webhook request could have triggered a real refund or settlement
  • Fixed several cart bugs: adding items in quick succession could fork your order into duplicate carts, a cart that got silently reset could lose every item except the newest one, and some new guest sessions couldn't hold more than one item at all
  • Fixed a bug where ordering an item with a required choice (like a drink size) could get stuck looping forever instead of completing or clearly failing
  • Fixed a bug where switching from browsing as a guest to your real account mid-checkout could ship your order to an old saved address instead of the one you'd just chosen
  • Fixed a bug where a shopping request over iMessage that took a bit longer to complete could incorrectly tell you it failed, even though it finished successfully in the background
  • Fixed a bug where a routine deploy could cause the iMessage concierge to suddenly lose track of what you were just talking about mid-conversation
  • Fixed a bug where items added to your cart before connecting a merchant account could vanish once you connected, instead of carrying over
  • Fixed identity verification asking for your phone number again, even when you'd already verified it at sign-in
  • Fixed the shopping agent bringing up identity verification before you'd even said what you wanted to buy — it now only comes up once you're actually ready to check out
  • Fixed a bug where the link to add funds to your wallet could be silently invalidated by link-preview scanning before you had a chance to tap it
  • Fixed a same-day issue where approval-gated purchases were wrongly denied even after being approved
  • Fixed a bug where an end-customer of a connected company app could be wrongly asked to upgrade to a paid plan after their first order, even though the company — not the individual — pays for usage
Added
  • You can now sign in with just your phone number — a text with a one-time code — as an alternative to email, both when connecting your account to a company's app and in the 'Buy Me Anything' iMessage concierge, which verifies you this way before shopping on your behalf instead of quietly creating an account for you behind the scenes
  • A second, self-hosted option for identity verification is being built out behind the scenes, running invisibly alongside today's verification flow — groundwork for a more resilient identity check, with no change to how you verify today
  • Groundwork is being laid for Agentcard to open and manage a merchant account on your behalf automatically instead of asking you to connect one you already have — not turned on for anyone yet, but the foundation for shopping at more places without a manual connect step
  • Ask your agent for a full account snapshot — plan, subscription status, and identity verification progress — or a breakdown of your spending grouped by how it was paid (wallet balance, saved card, and more)
  • The company integration wizard (the `agent-cards-admin` CLI) can now run non-interactively, so a coding agent or CI pipeline can complete company onboarding end to end instead of needing a human at the keyboard
  • Behind the scenes, groundwork was laid to safely merge two accounts belonging to the same person (say, one made by email and one made by phone) into a single account — not available to anyone yet, but a step toward automatically resolving duplicate accounts
Improved
  • The 'Buy Me Anything' concierge now remembers your name and delivery address across visits, so a returning conversation can offer to ship to "your usual place" instead of asking you to repeat yourself
  • A brand-new 'Buy Me Anything' conversation now gets an instant reply while your account finishes setting up in the background, instead of waiting on setup before you hear anything
Fixed
  • Fixed an intermittent bug where a restaurant search could briefly return the wrong results, a cart item could fail to add right after a successful search, or a checkout could get stuck — browsing and checkout are reliable again
  • Fixed a bug where signing up with a different capitalization of the same email address (e.g. Name@example.com vs name@example.com) could create a second, duplicate account instead of reusing the existing one
  • Fixed a gap where a company's connected app (OAuth) could issue real, live-money cards even without an active paid subscription — brought in line with API keys, which already required one
  • A reply containing a table now renders as readable lines over iMessage instead of raw markdown table syntax
  • Fixed a same-day regression, caught before it spread, where flight booking and saved traveler profiles briefly stopped working in the buy agent following an internal engine update
  • Fixed a bug where a backend restart could make the 'Buy Me Anything' concierge lose track of cards it had created for you in an earlier session
Added
  • Identity verification now happens right inside the connect flow — after you link a merchant, you fill out a short identity form (with address autocomplete) and complete a photo ID check without leaving Agentcard, instead of being routed to a separate page to track down
  • The 'Buy Me Anything' concierge can now send and receive photos over iMessage — a team member can share a picture with you mid-conversation, and a photo you send back is visible to the team helping with your order
  • The buy agent can now describe a restaurant's full menu, organized by category with item descriptions, so a question like "what pizzas do you have?" gets an instant answer instead of a search
Improved
  • While your agent is working on something over iMessage, the "typing…" indicator now stays on for the whole turn instead of disappearing after its first reply
  • If a team member steps into your 'Buy Me Anything' conversation and then goes quiet, it now automatically hands back to the AI agent after a few hours instead of leaving you waiting indefinitely
  • There's now a single Agentcard API address — api.agentcard.sh — for both testing and live use; which mode you're in is decided by your API key (sk_test_ vs sk_live_), not by which URL you call
Fixed
  • Sending a photo with no caption in the 'Buy Me Anything' chat now gets a clear "tell me what you'd like" response instead of being silently treated as an order
  • Fixed a bug where an address lookup could fail with a false authorization error during checkout — this could show up as a misleading store-outage message, or leave a guest session stuck at the delivery-address step
  • Fixed a cart error on certain build-your-own items (e.g. picking a required topping) that could incorrectly appear as a site outage instead of asking you to complete the choice
  • Fixed a bug where a single-use card that closed automatically right after being spent could keep showing a small leftover balance instead of $0
  • Fixed a rare timing issue where issuing several cards for the same account at nearly the same moment could mint more cards than your available balance actually covered
  • Fixed a security issue where an organization admin could, in rare cases, remove or change the role of a member belonging to a different organization than their own
  • Hardened outbound webhook delivery against a security issue where a configured webhook URL could be pointed at internal network addresses
  • Fixed a bug where the shopping concierge over iMessage stopped replying to every message after an underlying AI model upgrade
Added
  • Connecting your Agentcard account to a company's app now happens on its own dedicated site — a rebuilt connect and sign-in experience with a cleaner authorization screen that clearly shows which app is requesting access and what it can do before you approve it
Improved
  • Gift orders now default to letting the recipient enter their own delivery address by text, instead of requiring you to already know where they live; the recipient also now gets an SMS when their order is on the way
  • Checkout now gives a clear, actionable message when a scheduled delivery window fills up, instead of a generic error that made your agent keep retrying the same unavailable time slot
  • Adding a brand-new delivery address is now more reliable — a flaky first lookup while validating the address no longer fails the whole request
Fixed
  • Fixed an intermittent issue where a brand-new guest session could get stuck right at the delivery-address step; sessions are now verified as fully working before they're ever handed to you, so this class of dead-end can no longer happen
Added
  • Browse and build a cart before signing in — search restaurants, add items, and see your order build up as a guest, then connect your account only when you're ready to check out
  • The buy agent's replies now stream in as they're written instead of arriving in one burst at the end, so you see progress ("let me find that...") while it's still working instead of waiting for the whole turn to finish
  • Richer replies over iMessage — the buy agent can react with a tapback to a quick "yes," send a celebration effect when your order is confirmed, and (in limited testing) offer a native poll for simple choices
  • B2B companies can now onboard cardholders who only have an email on file, with no phone number required
  • The buy agent can now check your wallet balance directly, so it can tell you whether a top-up has landed instead of leaving you guessing
  • You'll now get a text the moment a wallet top-up finishes landing, instead of having to ask
  • After paying to fund your wallet, you now see a clear "payment complete" confirmation screen
Improved
  • Buy conversations now remember what your agent already looked up across messages, instead of re-searching and re-adding the same items on every follow-up — this also fixes a case where a scheduled order could loop endlessly asking you to confirm
  • Hitting your monthly card limit during checkout now gives a clear, plan-aware explanation and a way to upgrade on the spot, instead of a confusing message that could tell you to upgrade to the plan you're already on
  • Identity verification pages now open with your real name left blank instead of a placeholder like "iMessage User" — since the page requires your legal name to match your ID, a stray placeholder could otherwise cause verification to fail
  • Identity verification now asks for and prefills your real email and phone number where we have them, instead of a synthesized placeholder address, so the hosted verification page starts filled in correctly
  • A clearer message now appears if your identity verification is rejected because you already verified through Agentcard elsewhere, instead of a generic dead-end pointing you back to the website
  • Buy agent replies sent one line at a time over iMessage now read like natural status updates ("one sec, pulling up your addresses...") instead of sometimes sounding like a question that's about to be answered by the next line
Added
  • The CLI `buy` command now runs a full local AI agent — it connects directly to your Agentcard MCP server and exposes every tool (shopping, wallet, cards, KYC, connections, support) to the model, so you can shop, fund your wallet, check balances, and manage your account all in one conversational session without a separate MCP host
  • The buy agent can now fund your wallet on the spot when an order comes up short — if checkout is declined because you need more USDC, the agent opens a hosted funding session (Apple Pay / Google Pay) and walks you through phone verification if it is your first time, rather than stopping with a dead-end message
  • Shop for anything over iMessage — text the 'Buy Me Anything' number with what you want and an AI concierge handles the conversation, gathers your order details, and routes it for fulfillment; a Stripe payment link is sent to you once your order is ready to charge
Improved
  • In-flight wallet deposits are now visible while funds are still confirming — right after you fund, there is a brief window where money has left your funding source but has not yet landed in your wallet; the wallet view, `get_wallet`, and the CLI now show the in-transit amount as 'confirming' so your balance looks right throughout the transfer instead of dropping to zero
  • Saved delivery addresses in the buy chat are now shown in pages — the first 3 appear immediately and the rest are available on request, keeping the conversation readable when you have many addresses on file
  • The buy chat now keeps your cart, address, and order state across the full session — previously each message could lose track of what was already in your cart or re-ask for an address you had already set; the conversation is now threaded end to end so nothing gets repeated
  • Buy chat output is now clean plain text — tool names are hidden, internal markers are stripped, and the model no longer wraps text in Markdown asterisks that appear as raw symbols in the terminal
Fixed
  • Card issuance now checks your true available balance before approving — previously, funds already reserved by your other open cards were counted as available, so a $30 wallet with a live $10 card could still mint another $30 card; Agentcard now subtracts those reserved amounts first and shows you the correct net figure
  • The verification code is now described as an email everywhere — the code is delivered by email, but the CLI prompt and OTP email subject were saying it was sent to your phone; messaging across the verification email, CLI flow, and funding-gate prompts now correctly names email as the delivery channel
Added
  • Agentcard now runs on a rebuilt card-issuing rail — we re-platformed the entire issuing stack end to end, with embedded wallets you fund directly, a faster identity check, and a clean one-time cutover that carries your existing cards across automatically. It's the foundation for real wallet funding and broader card coverage, and it rolls out behind the scenes with no change to how you create or use cards today
Improved
  • The wallet and account view now shows your true spending power alongside incoming deposits — wallet funding movements appear as green credits in the transaction list, so you can see money in as well as money out
  • The `buy` tool now checks out correctly for wallet-funded accounts — the checkout flow was routing card creation through a path that didn't know about the current issuer, causing failures at the payment step; all buy checkouts now go through a single issuer-aware minter
  • Cards minted during a `buy` checkout are now attributed to the OAuth connection that created them — previously they were left with no owner, which caused `close_card` and `list_cards` to 404 on cards you had just minted via the buy flow
Fixed
  • The CLI no longer declares KYC rejected while you are still working through the verification page — statuses like `requires_input` are now treated as in-progress and polling continues until a real verdict arrives
  • Your card list no longer shows sandbox or test cards when you are in production mode — cards are now filtered to match the mode of the caller
  • Orders are now confirmed as fully placed before being reported as successful — we verify the order actually landed in your account, so a placement that's silently dropped is caught and surfaced as a failure rather than a phantom success
  • A `buy` checkout order that placed but was never charged no longer holds your wallet balance indefinitely — the reconciliation job now cross-checks against the payment ledger and releases the reservation when no charge is found
Added
  • Send an order as a gift — tell your agent a recipient's name and phone number and the order is delivered to them (or sent as a link so they enter their own address)
  • Locale meal subscriptions are now available in the `buy` tool — connect once and your agent can browse the menu, manage your subscription, and pause or cancel it
  • B2B cardholders can now complete identity verification through your application — Agentcard starts a Stripe Identity session scoped to the individual, and card issuance on live keys is only unlocked once the end user has verified
  • The `buy` tool now covers the full shopping lifecycle: unlink a merchant, track an order, set item substitution preferences, manage a monthly budget, and skip or unskip upcoming subscription deliveries — all conversationally
  • Seven new MCP tools bring the consumer MCP server to full CLI parity: `start_kyc`, `get_kyc_status`, `get_settings`, `update_settings`, `revoke_connection`, `buy_connect`, and `buy_connect_status`
  • The `buy` tool now handles onboarding inline — if a B2B end user is missing KYC or a payment method, the tool returns direct links to complete each step without any extra calls from your application
  • KYC is now enforced in sandbox mode using Stripe Identity's test mode — sandbox (`sk_test_`) integrations go through the same verification flow as production, with test-mode sessions that can never satisfy a live issuance check and vice versa
Improved
  • The `wizard` command now handles full onboarding in one pass — it signs up or logs in, creates your organization, mints a confidential OAuth client, and writes the client secret and sandbox API key directly into your app's env file, never into the LLM prompt
  • Flight bookings no longer need a separate connect step — the flights merchant is linked automatically to your account the moment you ask to search or book
  • The `wizard` command now registers every Agentcard MCP tool in your integration dynamically instead of a fixed subset — tools added in future releases are picked up automatically with no code changes on your side
Fixed
  • Identity verification now shows the exact reason a document was rejected (e.g. 'the document is invalid') instead of a generic photo hint, and suggests trying a different ID type
  • Address selection no longer gets stuck in a retry loop when the agent refers to an address by its position in the list instead of its id — the position is now resolved to the correct saved address automatically
Added
  • Cancel a booked flight and get a refund — your agent can quote the refund amount before cancelling, then issue it back to your original payment method; non-refundable fares are handled cleanly
  • Confidential OAuth clients — `agent-cards-admin` now issues a `client_secret` by default when you create an OAuth client, so your server-side app authenticates the token exchange instead of relying on PKCE alone
  • Subscription gate on card issuance — paid-plan accounts with a lapsed or cancelled subscription are now blocked from issuing new cards immediately, with a direct link to reactivate; free-plan and test-mode accounts are unaffected
Improved
  • The `agent-cards-admin wizard` command now shows a live progress UI as the integration agent works through your codebase
  • Multi-turn buy conversations are faster and more reliable — the agent carries resolved store, item, and option ids across turns instead of re-deriving them on every message, eliminating a loop that could trigger ~12 redundant calls per customization
Fixed
  • Identity verification webhooks no longer get orphaned — previous retries created new verification sessions and overwrote the stored session id, silently dropping completed webhooks and stranding users at 'KYC required' indefinitely; ~98 accounts unblocked
  • Good Eggs delivery windows are parsed correctly again after a site update changed the page structure — closed time slots are also filtered out so only bookable windows appear
  • Declining a checkout no longer erroneously consumes a free-order quota — the free slot is returned if the card mint step fails
  • A `do_not_honor` decline is now correctly attributed to the card issuer rather than Stripe's fraud system, so the error message points you in the right direction
  • Cart items whose ids differ between search results and the live cart are now resolved by name — previously these mismatches caused item-not-found errors when modifying a cart
  • OAuth clients that don't send an RFC 8707 resource indicator no longer get a 500 at token exchange — the missing field is now accepted, unblocking some MCP clients
Added
  • New Slack app for shopping — install the Agentcard Buy bot to your Slack workspace and DM it in plain language to place orders directly from Slack
Improved
  • The buy flow checks payment readiness before you build a cart — if your account is missing KYC, a phone number, or a payment method, your agent tells you upfront with every missing step and how to fix each one, instead of failing at checkout
  • Restaurant search now picks the right location when a store name matches multiple categories — results are filtered to the correct type (e.g. food vs. pharmacy) before presenting options
Fixed
  • Checkout now sizes the card with a small buffer over the confirmed cart total, preventing declines when the final charge runs slightly over the pre-checkout estimate
  • Connecting a merchant account with a non-US phone number no longer gets stuck — the country code is selected correctly for any supported country
  • B2B API calls that send explicit `null` on optional body fields no longer return a validation error
Added
  • Book flights end to end — tell your agent where and when you want to fly and it searches real flights, confirms the fare, and pays from your Agentcard balance, no separate login or connect step required
  • Save a traveler profile so flight bookings reuse your details instead of re-asking every time
  • Good Eggs is now a first-class merchant in the `buy` tool — order groceries the same conversational way as any other store, with its own address and scheduling flow
  • New `list_all_transactions` tool (MCP + CLI) returns every transaction across all your cards in one list, each row tagged with the card it belongs to
  • The Agentcard Pay Chrome extension can now reveal a card's full number, expiry, and CVC on demand from the cards list, and the post-creation screen adds See card and Fill card buttons
Improved
  • Consumer test mode has been removed — every card you create is now a live, real-money card funded by your saved payment method, with no mode toggle to manage
Fixed
  • Connecting to an MCP client is more reliable — expired or rotated tokens now return a clean re-authentication signal instead of failing, so clients stop retry-storming
  • Editing the quantity of a customized item in a cart (e.g. a build-your-own order) now works correctly instead of erroring
  • Removed a false "something went wrong" error that could appear after a successful merchant connection
Fixed
  • Identity verification no longer hangs — if a verification doesn't pass, your agent now tells you it failed and how to retry instead of waiting indefinitely
Added
  • Watch a live demo: an AI agent placing a real food-delivery order from Claude, with the checkout paid by an Agentcard virtual card — a real order completed end to end
Added
  • Connect a merchant through a hosted, Plaid-style login — you sign in to the store in a secure browser view and Agentcard seals the session for your agent, with a mobile-friendly login form
  • Free-plan accounts now get one free real order to try AgentCard end-to-end — after that, browsing stays open and a clear upgrade prompt appears when you go to order; paid plans are unlimited and test mode is never gated
Improved
  • Beta and waitlist wording has been removed from user-facing messaging — AgentCard is generally available
  • Clearer errors when finishing a connect flow fails, with a tighter timeout so a stuck connection surfaces quickly instead of hanging
Added
  • New conversational `buy` tool — tell your agent what to order in plain language ("order a caesar salad from Zuni") and it runs the whole flow: finds the store, builds the cart, asks for your delivery address, and confirms the total before checkout. Available over MCP, in the CLI (`agent-cards buy`), and via a short connect link
  • New Pro plan at $100/mo — 50 cards per month with up to $1,000 per card — selectable from the CLI, MCP, and dashboard
  • Order tracking — check the status and ETA of a placed order
  • Scheduled delivery — pick a delivery time at checkout instead of ordering for right now
  • Set a default delivery address and per-item substitution preferences so reorders and checkouts use your saved choices
  • Tip your delivery driver directly at checkout
Improved
  • Checkout is more reliable — orders use a stable idempotency key and are uniquely scoped per client, so a retry can never accidentally place a duplicate order
  • Carts self-heal — if a store drops a line item or a cart goes stale, AgentCard rebuilds it from the live cart instead of failing, including duplicate reorder lines and quantity edits
Fixed
  • Your agent can no longer fabricate an order-placement or order-status claim — it only reports an order as placed once checkout actually succeeds
  • Fixed a connect loop that could leave the merchant-connection flow stuck
Improved
  • Cards created for a purchase are now sized to the exact order total, including the pinned tip, so the charge always goes through cleanly
  • Documentation, the API integration guide, and CLI help were overhauled to fix points where agents previously got stuck setting up and using AgentCard
Fixed
  • Hardened the purchase money-path — idempotency, ledger accuracy, spend policy, and cart handling fixes prevent a charge from being double-counted or wrongly reversed, with a reconciliation safety net that confirms each charge and repairs any pending state
  • OAuth sign-in now works correctly for more MCP clients — discovery is fixed and the authorization step is properly separated, so connecting from clients like Kilo no longer fails
Added
  • You can now link external service accounts to AgentCard over OAuth — each connected account gets its own isolated card, so spending and limits never bleed across the agents and services you've connected, and known clients are recognized automatically
Improved
  • The OAuth consent and magic-link sign-in screens now show the actual app requesting access instead of always saying "Claude", so you can see exactly which client you're authorizing
Fixed
  • Refunds now go back to your original funding card instead of being stranded — a refund that previously landed in the wrong place is returned to the source it was paid from
  • Company onboarding is more reliable — the email action button is no longer blocked from opening, and onboarding-completion webhooks are no longer dropped when a delivery has to be retried
  • The CLI now retries transient network errors while waiting on a result instead of giving up, so a brief connection blip no longer aborts the command
Added
  • New CLI command `agent-cards cards close <id>` to close a specific card directly from the terminal
  • New CLI commands `agent-cards payment-method list` and `agent-cards payment-method default` to view your funding methods and choose which one is used by default
Improved
  • The MCP server now matches the API and CLI feature-for-feature — switching between test and live mode, listing and defaulting payment methods, and cancelling a plan are all available to agents over MCP
  • The CLI `mode` command is now listed in `--help` and no longer prints a misleading beta notice
Fixed
  • Slack Connect channel setup for new company accounts is now resilient to Slack rate limits — invites are paced and retried instead of being silently lost, and re-running setup reuses the existing channel rather than failing or sending a duplicate invite
Improved
  • All transactional emails redesigned to the dark agentcard.sh brand — magic links, approval requests, card and transaction notifications, billing emails, and onboarding sequences now share one consistent look
  • Every standalone browser page — auth verification, OAuth success, approvals, funding, identity verification, and subscription pages — now matches the dark agentcard.sh design instead of using bare HTML
Added
  • New company accounts now get a shared Slack Connect channel with the AgentCard team, created automatically when the organization is set up — the founders join and your billing contact is invited
  • Company accounts now receive an onboarding email from the founder when the organization is created — the team counterpart of the welcome email individual users already get
Added
  • Card creation now sends a confirmation email — just like transactions and card closures — whenever a card is created via the API, CLI, MCP, or dashboard; you can opt out per account in your notification settings
Improved
  • Test mode is now called "test mode" everywhere — CLI banners and docs no longer say "sandbox", making it clearer that new accounts start in test mode and go live with `agent-cards mode prod`
Fixed
  • Single-use cards now close the moment they're charged, so a follow-up charge is no longer wrongly declined as "card closed" while the card still showed as open
  • Closing a card after a purchase no longer occasionally fails — an already-closed card is now treated as a successful close
  • A declined charge caused by card-network fraud throttling no longer removes your funding card, and the decline message now suggests paying with Apple Pay or Google Pay instead
Improved
  • `agent-cards-admin keys list` now shows each API key's age and flags keys overdue for rotation, with a reminder to rotate stale ones
Fixed
  • Production API keys are no longer revoked without warning — orgs now get an email when a subscription goes past due (keys keep working through the billing grace period) and a notice if keys are eventually revoked
  • Rotating an API key now keeps the old key valid for 24 hours, so in-flight requests using the previous key don't fail the instant you rotate
  • Revoking or rotating an API key now only affects keys that belong to your own organization
Improved
  • The MCP server and CLI welcome screen now tell you that new accounts start in test mode and show the exact `agent-cards mode prod` command to switch to live
  • Sign-ups using disposable email addresses are now blocked, and repeated sign-up attempts from the same IP are rate-limited
Added
  • New users now receive a welcome email from the founder the first time they verify their magic link and sign in
Added
  • `get_plan` and `upgrade_plan` MCP tools — agents can now read your current plan, card limits, and monthly usage, and kick off a Stripe Checkout upgrade to Basic directly from a conversation
Improved
  • `create_card` is now plan-aware — when you hit a card limit, the error message points the agent at `get_plan` and `upgrade_plan` instead of showing a generic limit message
Fixed
  • Database connections are now automatically refreshed when AWS rotates RDS credentials — long-running Vercel instances that previously produced 503 errors after a rotation now recover on their own without a redeploy
Improved
  • Blog refreshed and restyled across all posts
  • About page updated with black-and-white portraits of our angel investors and founders
  • Agent-discovery metadata refreshed — agent.txt, llms.txt, and the .well-known endpoints (agent-card, agent-skills, API catalog, and MCP server card) now reflect current capabilities
Fixed
  • Webhook auto-disable now measures the 7-day failure window from the start of the current failure streak — not the endpoint's age — so a long-idle endpoint is no longer disabled on its first failed delivery, and the clock resets the moment a delivery succeeds
Improved
  • Admin dashboard now shows decline analytics — top decline reasons, declines by merchant, and a caller-type breakdown (human vs agent) so you can see exactly why and where transactions are being declined
Added
  • Outbound webhooks for the Public API — organizations can now subscribe to card, cardholder, transaction, and balance events via signed HTTP POST instead of polling. Supports 10 event types, 5-stage automatic retries, and endpoint auto-disable after 7 consecutive days of failures
  • AgentCard-Signature header on all webhook deliveries — timestamped HMAC-SHA256 signature (t=…,v1=…) makes payloads replay-safe and easy to verify in any language
  • `agent-cards-admin webhooks` command group — list, create, update, delete, reveal and rotate secrets, and inspect delivery history from the CLI
  • CLI auth now validates your stored token before any command runs — stale or revoked keys are caught immediately with an interactive re-login prompt instead of a mid-command error
Fixed
  • card.updated events now fire on balance changes — webhook subscribers previously received no notification when a transaction settled and updated the card balance
Improved
  • Backend and MCP server migrated from Railway to Vercel with AWS RDS Postgres — more reliable infrastructure with auto-scaling, advisory-lock-safe cron jobs, and DB-backed webhook retry queues
Fixed
  • Sandbox and live Stripe customer IDs are now stored separately — mixing a sandbox API key with a live cardholder row no longer returns a 500
Improved
  • Card issuance is now exclusively through Privacy.com — Stripe Issuing code paths have been removed, simplifying the backend and eliminating a source of confusion between providers
Added
  • Test mode — new accounts default to test mode, where card creation uses fully in-process sandboxing with no payment method, KYC, or plan limits required. Switch modes with `agent-cards mode [test|prod]`
Fixed
  • CLI card creation no longer prompts for confirmation when the backend requests approval — you're already at the keyboard, so approvals are auto-resolved immediately
Fixed
  • Sandbox API keys now mock card issuance entirely — sandbox_priv_ cards with deterministic 4242 PANs are returned instead of minting real cards
  • CLI login no longer hits rate limits during magic-link polling — /auth/me is now excluded from the auth rate limiter
  • Admin CLI shows actionable recovery steps on an invalid API key error — previously showed a terse message with no path forward
Improved
  • Identity verification now requires a selfie that matches your document — the KYC session is rejected if the photo doesn't match
  • `cards details` now shows the billing address — agents filling checkout forms no longer need to look it up separately
Fixed
  • KYC start no longer returns a 500 on Stripe errors — upstream failures are now caught and return a proper error response
Fixed
  • Sandbox payment intents are now routed correctly — webhook handlers and card close no longer fail with "No such payment_intent" on sandbox cards
  • Closing a card is now idempotent — concurrent close attempts no longer throw an error when the payment intent is already in a terminal state
Added
  • Identity verification — card creation now requires a government-issued ID, verified via Stripe Identity. Your name and date of birth are populated automatically from the verified document
Added
  • Org subscriptions — organizations can now subscribe to a paid plan via the admin CLI (`subscribe`), unlocking production API keys (`sk_live_`)
  • Production vs sandbox mode switching — `agent-cards-admin env` lets you switch between environments and all subsequent commands use the right API and key prefix automatically
Fixed
  • Admin CLI now defaults to the production API — previously defaulted to sandbox, causing cryptic JSON parse errors on first run
Improved
  • Unhandled async errors across all routes now fail fast with a proper response instead of timing out
Fixed
  • auth/me and slack/install endpoints returned errors in some environments — both now respond correctly
Added
  • Promotion codes — discount codes can now be applied when upgrading to a paid plan at checkout
Improved
  • Transactional emails, approval pages, and MCP consent page updated with a cleaner monospaced design
  • Support emails now route to Slack in real-time — human replies from Slack are sent back as email replies automatically
  • MCP server now listed on Glama — discoverable by agents browsing the MCP directory
Fixed
  • Approval route errors now return a proper response instead of hanging — unhandled async failures are caught across all routes
Added
  • CLI auto-upgrade — `agent-cards` now checks for new versions on each run and upgrades itself automatically
  • Uptime monitoring across all API endpoints — incidents are detected and tracked automatically
Improved
  • Card list now shows full card IDs and creation dates — easier to identify and reference specific cards
Fixed
  • CLI update check no longer runs during the `update` command itself, preventing a redundant loop
Added
  • Subscription plans — choose a plan that fits your usage, billed via Stripe with lifecycle emails at each stage
  • Monthly card usage shown in `agent-cards plan` — see how many cards you've created this billing period
Improved
  • Transactional emails, approval pages, and the MCP consent page updated to match the new Agentcard design
Improved
  • Card issuance upgraded — more reliable authorization and faster card delivery
  • CLI help output redesigned with grouped commands, examples, and a step-by-step 'How it works' flow
Fixed
  • Sandbox cardholder creation now uses the correct individual type to avoid issuing rejections
Added
  • Remove payment method — available from the CLI, MCP, and backend API
  • Sandbox mock services fully wired — card creation and payments in sandbox mode are fully isolated
Added
  • Refund endpoint for card transactions — admins can issue refunds directly via the API
  • Structured error codes for card creation and transaction failures — easier to handle errors programmatically
Improved
  • Card notification emails now sent to all org admins in addition to the cardholder
  • Spend limit and balance are validated before a transaction is processed — clearer errors on failure
Fixed
  • Stale card cleanup now correctly handles cards with a 2-hour timeout
Added
  • sk_live_ API key support — production keys now work alongside sandbox sk_test_ keys
Fixed
  • IP blocklist now correctly handles IPv6-mapped addresses and proxy headers
Added
  • Webhook notifications for card events — get notified when cards are created, authorized, or closed
Added
  • Slack integration — link your account, create cards with /card, and receive DM notifications for transactions and closures
  • Card creation requests in Slack require approval — admins are prompted in-channel before a card is issued
Improved
  • Cards are now debit cards — updated across all product copy and documentation
Improved
  • setup-mcp now automatically prompts new users to sign up — no extra steps to get started from the CLI
Added
  • Agentcard Pay Chrome extension — lets your AI agent detect checkout pages in the browser and fill card details automatically
  • pay_checkout, detect_checkout, and fill_card MCP tools — agents can now complete purchases end-to-end without manual card entry
  • Billing address collected at card creation and shown in card details
Improved
  • Payment method declines now return detailed error messages — failed methods are auto-removed so you can retry with a new one
  • Phone number is now required at signup to meet identity verification requirements
  • Card limit lowered to $50 — clearer upgrade messaging shown when the limit is hit
Added
  • Payment method onboarding — add a debit or credit card once and use it to fund all future cards
  • Hold-based card funding — funds are held on your payment method at card creation, captured when used, and released when the card is closed
  • Real-time authorization webhook — transactions are confirmed in real time
Improved
  • Wallet and x402 removed — funding is now handled directly via your saved payment method for a simpler flow
  • Stale cards are automatically cleaned up and the MCP and CLI messaging updated to reflect the new funding model
Added
  • Sandbox test mode is now live — create sk_test_ API keys and integrate against api.agentcard.sh without real charges (test vs live is decided by the key prefix, same base URL)
  • REST API under /api/v1/ — organizations, cardholders, and wallets accessible via API key
  • Unified Cardholder model — identity, wallet, and cards all scoped to a named cardholder
  • Admin CLI for managing organizations, API keys, and team members
  • Multi-key management in the CLI — store and switch between API keys with `keys set`
  • API key authentication for CLI login — use your API key instead of email magic link
Added
  • Transaction history — view past charges per card in the CLI (`cards transactions`) and via MCP (`list_transactions`)
  • AI auto-reply in support chat — common questions answered instantly without waiting for a human
  • IN_USE card status shown while a transaction is being authorized
Improved
  • Full card lifecycle handled — declines, reversals, expirations, and refunds all tracked correctly
  • Rate limits relaxed to reduce false positives for normal usage patterns
Fixed
  • Card creation no longer crashes after collecting user info for the first time
  • Closed cards now behave correctly and sandbox mode removed to match production behavior
Added
  • fund_wallet MCP tool — agents can now top up your wallet balance directly
  • wallet balance and wallet fund commands added to the CLI
  • User info collection during card creation — the CLI and MCP now guide you through submitting identity details on first use
  • ChatGPT app store compatibility — Agentcard now works as a ChatGPT plugin
Improved
  • MCP tools now include safety annotations so agents understand which actions are read-only vs. destructive
  • Card creation returns a checkout URL when your wallet balance is too low — no more silent failures
Fixed
  • MCP create_card now correctly handles the 202 approval-pending response
  • One-time use card cancellation now uses native lifecycle controls
Added
  • Wallet system — fund a wallet balance once, then create cards instantly without a new checkout each time
  • Real card issuance — physical-network virtual cards backed by your wallet
  • Inline approval flow for CLI and MCP — approve or deny card requests without leaving your terminal or chat
Improved
  • Card limits enforced — $500 maximum per card, up to 5 active cards at a time
Fixed
  • Nurture email sequence now respects step delays correctly — emails send in the right order at the right time
  • Failed nurture emails are now retried after delivery errors instead of being silently dropped
Added
  • Chip logo with robot face easter egg across the site and dashboard
  • OAuth 2.1 support — connect Agentcard directly to Claude.ai as a native connector
  • MCP server now has a favicon so it appears with the Agentcard icon in Claude.ai
  • Waitlist reactivation email campaign for users who signed up but haven't gotten started
Improved
  • Onboarding email sequence expanded to 4 steps with bounce filtering — fewer failed deliveries
  • OAuth magic link emails now use the same polished template as all other Agentcard emails
Fixed
  • OAuth magic link verification now works correctly regardless of middleware order
Added
  • MCP package published to npm as @agent-cards/mcp with auto-sync from monorepo
  • Rewritten MCP README with quick setup instructions and clearer product description
Improved
  • MCP bumped to v0.2.1
Added
  • MCP auto-discovery via .well-known/mcp/server-card.json endpoint
Added
  • Automated nurture emails to help you get started after signup
  • Clear decline reasons shown when a transaction is rejected — in CLI, MCP, and email
Improved
  • Content and technical optimizations for AI search engine visibility (GEO)
Fixed
  • Admin CORS headers now included on rate-limited responses
  • MCP server deploy now targets the correct service
Added
  • Full merchant category detection — every transaction now shows what it was spent on
  • Enhanced security controls — detailed audit trail for all card activity
Improved
  • Support notifications now include more context so issues get resolved faster
  • Login attempt limits relaxed — fewer lockouts during normal use
  • Better error messages when creating cards that need approval
Fixed
  • CLI no longer crashes when creating a card that requires approval
Added
  • Live support chat directly from the CLI and MCP
  • Agents now request your approval before taking sensitive actions
Improved
  • Cards are clearly marked as single-use — they close automatically after the first transaction
Added
  • setup-mcp command in CLI — connect your AI agent to Agentcard in one step