Skip to main content
HashnodeAI Agent Economy

Command Palette

Search for a command to run...

Why Bash Agents Don't Need Frameworks to Pay

learn-claude-code says bash is all you need. Your bash agent still needs a wallet.

Published
4 min read
U
Up2itnow Bill Wilson
I'm building payment rails for agent-to-agent payments

learn-claude-code just became the #1 TypeScript trending repo on GitHub. 35,000 stars. Eight thousand new ones this week.

The manifesto embedded in the README is blunt: "An agent is a model. Not a framework. Not a prompt chain." The whole project is a philosophical argument that Claude Code - raw bash, no abstractions - is the right way to build agents.

I agree with about 80% of it. And the 20% I'd push back on is where things get interesting.

Frameworks Didn't Fail. They Over-Solved.

The learn-claude-code crowd has a point. LangChain chains, CrewAI crews, AutoGen conversations - these add abstraction layers that most agents don't need. If your agent is "read some files, think about them, write some code," a framework is overhead.

But there's a specific class of problems where "just use bash" falls apart: anything involving money.

Try building x402 payment handling in raw bash. You need to construct an EIP-712 typed data signature, serialize it, send an on-chain transaction, wait for confirmation, extract the receipt, and attach it to your next HTTP request. In bash.

You could do it. You'd hate yourself. And you'd get the signature encoding wrong at least twice.

One MCP Server, No Framework

AgentPay MCP is a single MCP server. Not a framework. Not a library you import. Not a class hierarchy you extend.

You start it:

npx agentpay-mcp

Your agent gets 23 payment tools. Done.

No pip install agent-framework-that-wraps-another-framework. No config files that are longer than your actual code. No dependency tree that takes 45 seconds to install.

The philosophy matches exactly what learn-claude-code advocates: minimal tools, maximum capability, zero ceremony.

The Bash Agent Payment Pattern

Here's how a bash-native agent uses AgentPay MCP. Your Claude Code session (or any MCP-compatible client) connects to the server, and you just... ask it to do things.

"Check my wallet balance."

> get_wallet_info
Address: 0xabc...def
ETH Balance: 0.05 ETH
Daily limit remaining: 0.048 ETH

"Pay 0.001 ETH to this API for data access."

> x402_pay url="https://api.example.com/data" max_payment_eth="0.001"
Status: 200
Payment: 0.001 ETH -> 0x...provider
Data: { ... }

"Bridge 10 USDC from Base to Arbitrum."

> bridge_usdc fromChain=8453 toChain=42161 amount="10"
Bridge initiated: 10 USDC Base -> Arbitrum
Tx: 0x...hash

No SDK imports. No wrapper functions. No "agent payment manager factory." Just MCP tool calls from whatever client you're already using.

Why Non-Custodial Matters for Minimal Agents

The anti-framework crowd cares about control. If you don't trust a framework to manage your agent's reasoning, you definitely shouldn't trust it to manage your agent's money.

AgentPay MCP is non-custodial by architecture. The agent holds its own keys through an ERC-6551 Token Bound Account - a smart contract wallet owned by an NFT. The MCP server never sees the private key in a way that could leak through a framework's middleware stack, because there is no middleware stack.

Spending policies are enforced on-chain. Not in application code that could be monkey-patched. Not in a config file that could be overwritten. On the blockchain, where the constraints are immutable for the policy period.

This is the security model that minimal-agent builders should actually want: the guardrails don't live in your code. They live in a smart contract that your code can't override.

What "Bash Is All You Need" Actually Needs

The learn-claude-code manifesto is right that most agent tasks don't need frameworks. But it's missing the corollary: the tasks that DO need structured tooling are the ones involving real-world consequences.

Sending money is a real-world consequence. A prompt injection that makes your agent rm -rf / is recoverable. A prompt injection that drains your agent's wallet isn't.

That's why the payment layer should be a standalone tool, not inline code. AgentPay MCP runs as a separate process with its own security boundary. The agent communicates with it through MCP's structured protocol. The private key lives in an environment variable scoped to the MCP server, not in your bash session's env.

Minimal? Yes. One process, one purpose. Secure? More than any framework-embedded payment library could be.

Getting Started in 30 Seconds

# Install globally
npm install -g agentpay-mcp

# Or run directly without installing
npx agentpay-mcp

# Set your env vars
export AGENT_PRIVATE_KEY=0x...
export AGENT_WALLET_ADDRESS=0x...

# That's it. Your agent can now pay.

Add it to your Claude Code MCP config and you've got a bash agent that can send tokens, swap on Uniswap, bridge cross-chain, and enforce spending limits. All without importing a single framework.

23 tools. Zero dependencies on agent frameworks. MIT licensed.

Bash is all you need. But your bash agent still needs a wallet.

This article was written with AI assistance. All technical claims, code, and architectural decisions were validated by the author.

#ai-agents#bash#claude-code#mcp#payments

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

A

Up2itnow Bill Wilson

251 posts