@attesso/mcp 1.0.0

package/README.md

@@ -0,0 +1,136 @@
+# @attesso/mcp
+
+MCP (Model Context Protocol) server for Attesso agent payments. Exposes payment tools for AI assistants like Claude Desktop.
+
+## Installation
+
+```bash
+npm install @attesso/mcp
+```
+
+## Claude Desktop Setup
+
+Add to your Claude Desktop configuration (`~/Library/Application Support/Claude/claude_desktop_config.json` on macOS):
+
+```json
+{
+  "mcpServers": {
+    "attesso": {
+      "command": "npx",
+      "args": ["@attesso/mcp"],
+      "env": {
+        "ATTESSO_API_KEY": "sk_bot_..."
+      }
+    }
+  }
+}
+```
+
+Restart Claude Desktop after updating the configuration.
+
+## Available Tools
+
+### Read Operations
+
+| Tool | Description |
+|------|-------------|
+| `attesso_get_mandate` | Get mandate details (status, limits, restrictions) |
+| `attesso_get_balance` | Quick balance check - available amount and status |
+| `attesso_get_payment` | Check payment status and details |
+| `attesso_get_passport` | Get passport token for merchant authentication |
+
+### Write Operations
+
+| Tool | Description |
+|------|-------------|
+| `attesso_execute_payment` | Execute a payment against a mandate |
+| `attesso_capture` | Capture an authorized payment with final amount |
+| `attesso_cancel` | Cancel authorization and release held funds |
+
+## Environment Variables
+
+| Variable | Description | Required |
+|----------|-------------|----------|
+| `ATTESSO_API_KEY` | Bot API key (`sk_bot_*` or `sk_test_*`) | Yes |
+| `ATTESSO_BASE_URL` | Custom API URL | No |
+| `ATTESSO_MANDATE_ID` | Default mandate ID for all operations | No |
+| `ATTESSO_READ_ONLY` | Set to `"true"` to disable write operations | No |
+
+## Programmatic Usage
+
+```typescript
+import { createAttessoMCPServer } from '@attesso/mcp';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+
+const server = createAttessoMCPServer({
+  apiKey: process.env.ATTESSO_API_KEY,
+  mandateId: 'mandate_xyz',  // Optional: pre-configure mandate
+  readOnlyMode: false,       // Optional: disable write operations
+});
+
+const transport = new StdioServerTransport();
+await server.connect(transport);
+```
+
+## Security Notes
+
+1. **API Keys**: Only use bot keys (`sk_bot_*`) or test keys (`sk_test_*`) with MCP. Never use user or management keys.
+
+2. **Mandate Creation**: Mandates require user biometric authentication (FaceID/TouchID) and cannot be created via MCP. The user must pre-authorize a mandate before the AI assistant can use it.
+
+3. **Read-Only Mode**: For monitoring dashboards or status checks, enable read-only mode to prevent accidental payments:
+   ```json
+   {
+     "env": {
+       "ATTESSO_API_KEY": "sk_bot_...",
+       "ATTESSO_READ_ONLY": "true"
+     }
+   }
+   ```
+
+4. **Idempotency**: Payment operations automatically generate idempotency keys for safe retries.
+
+## Example Conversation
+
+**User**: What's my balance on mandate_abc123?
+
+**Claude** (calls `attesso_get_balance`):
+```json
+{
+  "available": 50000,
+  "currency": "USD",
+  "status": "active"
+}
+```
+
+**Claude**: You have $500.00 available on that mandate.
+
+---
+
+**User**: Book me a flight to NYC for $347
+
+**Claude** (calls `attesso_execute_payment`):
+```json
+{
+  "id": "pay_xyz789",
+  "mandateId": "mandate_abc123",
+  "amount": 34700,
+  "merchant": "United Airlines",
+  "status": "completed"
+}
+```
+
+**Claude**: Done! I've charged $347.00 to United Airlines. Payment ID: pay_xyz789.
+
+## Related Packages
+
+- [`@attesso/sdk`](https://www.npmjs.com/package/@attesso/sdk) - API client with Vercel AI SDK integration
+- [`@attesso/types`](https://www.npmjs.com/package/@attesso/types) - TypeScript types
+
+## Documentation
+
+Full documentation: https://www.attesso.com/docs
+
+## License
+
+MIT

package/dist/bin/attesso-mcp.d.ts

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+/**
+ * CLI entry point for Attesso MCP Server
+ *
+ * Run with: npx @attesso/mcp
+ *
+ * Configuration via environment variables:
+ * - ATTESSO_API_KEY: Your Attesso bot API key (sk_bot_*)
+ * - ATTESSO_BASE_URL: Optional custom API URL
+ * - ATTESSO_MANDATE_ID: Optional default mandate ID
+ * - ATTESSO_READ_ONLY: Set to "true" for read-only mode
+ */
+export {};
+//# sourceMappingURL=attesso-mcp.d.ts.map

package/dist/bin/attesso-mcp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"attesso-mcp.d.ts","sourceRoot":"","sources":["../../bin/attesso-mcp.ts"],"names":[],"mappings":";AACA;;;;;;;;;;GAUG"}

package/dist/bin/attesso-mcp.js

@@ -0,0 +1,39 @@
+#!/usr/bin/env node
+/**
+ * CLI entry point for Attesso MCP Server
+ *
+ * Run with: npx @attesso/mcp
+ *
+ * Configuration via environment variables:
+ * - ATTESSO_API_KEY: Your Attesso bot API key (sk_bot_*)
+ * - ATTESSO_BASE_URL: Optional custom API URL
+ * - ATTESSO_MANDATE_ID: Optional default mandate ID
+ * - ATTESSO_READ_ONLY: Set to "true" for read-only mode
+ */
+import { createAttessoMCPServer } from '../src/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+async function main() {
+    const config = {
+        apiKey: process.env.ATTESSO_API_KEY,
+        baseUrl: process.env.ATTESSO_BASE_URL,
+        mandateId: process.env.ATTESSO_MANDATE_ID,
+        readOnlyMode: process.env.ATTESSO_READ_ONLY === 'true',
+    };
+    const server = createAttessoMCPServer(config);
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    // Handle graceful shutdown
+    process.on('SIGINT', async () => {
+        await server.close();
+        process.exit(0);
+    });
+    process.on('SIGTERM', async () => {
+        await server.close();
+        process.exit(0);
+    });
+}
+main().catch((error) => {
+    console.error('Failed to start Attesso MCP server:', error);
+    process.exit(1);
+});
+//# sourceMappingURL=attesso-mcp.js.map

package/dist/bin/attesso-mcp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"attesso-mcp.js","sourceRoot":"","sources":["../../bin/attesso-mcp.ts"],"names":[],"mappings":";AACA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG;QACb,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe;QACnC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB;QACrC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB;QACzC,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM;KACvD,CAAC;IAEF,MAAM,MAAM,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAE7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,2BAA2B;IAC3B,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;QAC9B,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;QAC/B,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;IAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/src/index.d.ts

@@ -0,0 +1,44 @@
+/**
+ * @attesso/mcp - MCP Server for Attesso Agent Payments
+ *
+ * Exposes Attesso payment tools via the Model Context Protocol (MCP),
+ * enabling AI assistants like Claude Desktop to execute payments
+ * within user-authorized mandates.
+ *
+ * @example Claude Desktop configuration (claude_desktop_config.json)
+ * ```json
+ * {
+ *   "mcpServers": {
+ *     "attesso": {
+ *       "command": "npx",
+ *       "args": ["@attesso/mcp"],
+ *       "env": {
+ *         "ATTESSO_API_KEY": "sk_bot_..."
+ *       }
+ *     }
+ *   }
+ * }
+ * ```
+ *
+ * @example Programmatic usage
+ * ```typescript
+ * import { createAttessoMCPServer } from '@attesso/mcp';
+ * import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+ *
+ * const server = createAttessoMCPServer({
+ *   mandateId: 'mandate_xyz',  // Optional: pre-configure mandate
+ *   readOnlyMode: false,       // Optional: disable write operations
+ * });
+ *
+ * const transport = new StdioServerTransport();
+ * await server.connect(transport);
+ * ```
+ *
+ * @packageDocumentation
+ */
+export { createAttessoMCPServer } from './server.js';
+export type { AttessoMCPServerConfig } from './server.js';
+export { schemas } from './schemas.js';
+export { toolDefinitions, getToolByName, getReadOnlyTools, getAllTools } from './tools.js';
+export type { ToolDefinition } from './tools.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,YAAY,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAC1D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC3F,YAAY,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC"}

package/dist/src/index.js

@@ -0,0 +1,42 @@
+/**
+ * @attesso/mcp - MCP Server for Attesso Agent Payments
+ *
+ * Exposes Attesso payment tools via the Model Context Protocol (MCP),
+ * enabling AI assistants like Claude Desktop to execute payments
+ * within user-authorized mandates.
+ *
+ * @example Claude Desktop configuration (claude_desktop_config.json)
+ * ```json
+ * {
+ *   "mcpServers": {
+ *     "attesso": {
+ *       "command": "npx",
+ *       "args": ["@attesso/mcp"],
+ *       "env": {
+ *         "ATTESSO_API_KEY": "sk_bot_..."
+ *       }
+ *     }
+ *   }
+ * }
+ * ```
+ *
+ * @example Programmatic usage
+ * ```typescript
+ * import { createAttessoMCPServer } from '@attesso/mcp';
+ * import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+ *
+ * const server = createAttessoMCPServer({
+ *   mandateId: 'mandate_xyz',  // Optional: pre-configure mandate
+ *   readOnlyMode: false,       // Optional: disable write operations
+ * });
+ *
+ * const transport = new StdioServerTransport();
+ * await server.connect(transport);
+ * ```
+ *
+ * @packageDocumentation
+ */
+export { createAttessoMCPServer } from './server.js';
+export { schemas } from './schemas.js';
+export { toolDefinitions, getToolByName, getReadOnlyTools, getAllTools } from './tools.js';
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAErD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC"}

package/dist/src/schemas.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Zod schemas for MCP tool inputs.
+ * These define the parameters each tool accepts.
+ */
+import { z } from 'zod';
+export declare const schemas: {
+    getMandate: z.ZodObject<{
+        mandateId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        mandateId: string;
+    }, {
+        mandateId: string;
+    }>;
+    executePayment: z.ZodObject<{
+        mandateId: z.ZodString;
+        amount: z.ZodNumber;
+        merchant: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        mandateId: string;
+        amount: number;
+        merchant: string;
+    }, {
+        mandateId: string;
+        amount: number;
+        merchant: string;
+    }>;
+    getPayment: z.ZodObject<{
+        paymentId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        paymentId: string;
+    }, {
+        paymentId: string;
+    }>;
+    getPassport: z.ZodObject<{
+        mandateId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        mandateId: string;
+    }, {
+        mandateId: string;
+    }>;
+    capture: z.ZodObject<{
+        paymentId: z.ZodString;
+        amount: z.ZodNumber;
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    }, "strip", z.ZodTypeAny, {
+        amount: number;
+        paymentId: string;
+        metadata?: Record<string, string> | undefined;
+    }, {
+        amount: number;
+        paymentId: string;
+        metadata?: Record<string, string> | undefined;
+    }>;
+    cancel: z.ZodObject<{
+        paymentId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        paymentId: string;
+    }, {
+        paymentId: string;
+    }>;
+    checkBalance: z.ZodObject<{
+        mandateId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        mandateId: string;
+    }, {
+        mandateId: string;
+    }>;
+};
+export type GetMandateInput = z.infer<typeof schemas.getMandate>;
+export type ExecutePaymentInput = z.infer<typeof schemas.executePayment>;
+export type GetPaymentInput = z.infer<typeof schemas.getPayment>;
+export type GetPassportInput = z.infer<typeof schemas.getPassport>;
+export type CaptureInput = z.infer<typeof schemas.capture>;
+export type CancelInput = z.infer<typeof schemas.cancel>;
+export type CheckBalanceInput = z.infer<typeof schemas.checkBalance>;
+//# sourceMappingURL=schemas.d.ts.map

package/dist/src/schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../../src/schemas.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgCnB,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC;AACjE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,OAAO,CAAC,cAAc,CAAC,CAAC;AACzE,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC;AACjE,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,OAAO,CAAC,WAAW,CAAC,CAAC;AACnE,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC;AAC3D,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;AACzD,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,OAAO,CAAC,YAAY,CAAC,CAAC"}

package/dist/src/schemas.js

@@ -0,0 +1,33 @@
+/**
+ * Zod schemas for MCP tool inputs.
+ * These define the parameters each tool accepts.
+ */
+import { z } from 'zod';
+export const schemas = {
+    getMandate: z.object({
+        mandateId: z.string().describe('The unique identifier of the mandate to retrieve'),
+    }),
+    executePayment: z.object({
+        mandateId: z.string().describe('The mandate ID authorizing this payment'),
+        amount: z.number().positive().describe('Amount to charge in cents (e.g., 34700 for $347.00)'),
+        merchant: z.string().describe('Name of the merchant receiving payment'),
+    }),
+    getPayment: z.object({
+        paymentId: z.string().describe('The unique identifier of the payment to retrieve'),
+    }),
+    getPassport: z.object({
+        mandateId: z.string().describe('The mandate ID to generate a passport for'),
+    }),
+    capture: z.object({
+        paymentId: z.string().describe('The payment ID to capture'),
+        amount: z.number().positive().describe('Final amount to capture in cents (must be <= authorized amount)'),
+        metadata: z.record(z.string()).optional().describe('Optional metadata to attach to the capture'),
+    }),
+    cancel: z.object({
+        paymentId: z.string().describe('The payment ID to cancel and release funds'),
+    }),
+    checkBalance: z.object({
+        mandateId: z.string().describe('The mandate ID to check remaining balance for'),
+    }),
+};
+//# sourceMappingURL=schemas.js.map

package/dist/src/schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.js","sourceRoot":"","sources":["../../src/schemas.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC;QACnB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kDAAkD,CAAC;KACnF,CAAC;IAEF,cAAc,EAAE,CAAC,CAAC,MAAM,CAAC;QACvB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;QACzE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qDAAqD,CAAC;QAC7F,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;KACxE,CAAC;IAEF,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC;QACnB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kDAAkD,CAAC;KACnF,CAAC;IAEF,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;QACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;KAC5E,CAAC;IAEF,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC;QAChB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;QAC3D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iEAAiE,CAAC;QACzG,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;KACjG,CAAC;IAEF,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;KAC7E,CAAC;IAEF,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+CAA+C,CAAC;KAChF,CAAC;CACH,CAAC"}

package/dist/src/server.d.ts

@@ -0,0 +1,53 @@
+/**
+ * MCP Server Factory for Attesso
+ *
+ * Creates an MCP server that exposes Attesso payment tools.
+ * Used by Claude Desktop and other MCP-compatible AI assistants.
+ */
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+export interface AttessoMCPServerConfig {
+    /**
+     * Attesso API key. Falls back to ATTESSO_API_KEY env var.
+     * Only accepts bot keys (sk_bot_*) for security.
+     */
+    apiKey?: string;
+    /**
+     * Base URL for the Attesso API.
+     * @default "https://api.attesso.com"
+     */
+    baseUrl?: string;
+    /**
+     * If provided, use this mandate ID for all operations.
+     * Useful for pre-configured agents with a known mandate.
+     */
+    mandateId?: string;
+    /**
+     * If true, only expose read-only tools (get_mandate, get_balance, get_payment, get_passport).
+     * Write operations (execute_payment, capture, cancel) will not be available.
+     * @default false
+     */
+    readOnlyMode?: boolean;
+}
+/**
+ * Creates an Attesso MCP server with the specified configuration.
+ *
+ * @example Basic usage with Claude Desktop
+ * ```typescript
+ * import { createAttessoMCPServer } from '@attesso/mcp';
+ * import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+ *
+ * const server = createAttessoMCPServer();
+ * const transport = new StdioServerTransport();
+ * await server.connect(transport);
+ * ```
+ *
+ * @example With configuration
+ * ```typescript
+ * const server = createAttessoMCPServer({
+ *   mandateId: 'mandate_xyz',
+ *   readOnlyMode: true,
+ * });
+ * ```
+ */
+export declare function createAttessoMCPServer(config?: AttessoMCPServerConfig): Server;
+//# sourceMappingURL=server.d.ts.map

package/dist/src/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAwBnE,MAAM,WAAW,sBAAsB;IACrC;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,GAAE,sBAA2B,GAAG,MAAM,CAmIlF"}

package/dist/src/server.js

@@ -0,0 +1,201 @@
+/**
+ * MCP Server Factory for Attesso
+ *
+ * Creates an MCP server that exposes Attesso payment tools.
+ * Used by Claude Desktop and other MCP-compatible AI assistants.
+ */
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
+import { AttessoClient, AttessoError } from '@attesso/sdk';
+import { randomUUID } from 'crypto';
+import { getToolByName, getReadOnlyTools, getAllTools, } from './tools.js';
+/**
+ * Creates an Attesso MCP server with the specified configuration.
+ *
+ * @example Basic usage with Claude Desktop
+ * ```typescript
+ * import { createAttessoMCPServer } from '@attesso/mcp';
+ * import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+ *
+ * const server = createAttessoMCPServer();
+ * const transport = new StdioServerTransport();
+ * await server.connect(transport);
+ * ```
+ *
+ * @example With configuration
+ * ```typescript
+ * const server = createAttessoMCPServer({
+ *   mandateId: 'mandate_xyz',
+ *   readOnlyMode: true,
+ * });
+ * ```
+ */
+export function createAttessoMCPServer(config = {}) {
+    const apiKey = config.apiKey ?? process.env.ATTESSO_API_KEY;
+    // Validate API key format (only bot keys allowed)
+    if (apiKey && !apiKey.startsWith('sk_bot_') && !apiKey.startsWith('sk_test_')) {
+        console.error('Warning: Attesso MCP server should use bot keys (sk_bot_*) or test keys (sk_test_*)');
+    }
+    const client = new AttessoClient({
+        apiKey,
+        baseUrl: config.baseUrl,
+    });
+    const defaultMandateId = config.mandateId;
+    const readOnlyMode = config.readOnlyMode ?? false;
+    // Get tools based on mode
+    const availableTools = readOnlyMode ? getReadOnlyTools() : getAllTools();
+    const server = new Server({
+        name: 'attesso',
+        version: '1.0.0',
+    }, {
+        capabilities: {
+            tools: {},
+        },
+    });
+    // Handle list_tools request
+    server.setRequestHandler(ListToolsRequestSchema, async () => {
+        const tools = availableTools.map((tool) => ({
+            name: tool.name,
+            description: tool.description,
+            inputSchema: tool.inputSchema,
+        }));
+        return { tools };
+    });
+    // Handle call_tool request
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const { name, arguments: args } = request.params;
+        const toolDef = getToolByName(name);
+        if (!toolDef) {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({ error: `Unknown tool: ${name}` }),
+                    },
+                ],
+                isError: true,
+            };
+        }
+        // Check read-only mode
+        if (readOnlyMode && toolDef.isWriteOperation) {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({
+                            error: 'Write operations are disabled in read-only mode',
+                            tool: name,
+                        }),
+                    },
+                ],
+                isError: true,
+            };
+        }
+        // Validate input
+        const parseResult = toolDef.zodSchema.safeParse(args);
+        if (!parseResult.success) {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({
+                            error: 'Invalid input',
+                            details: parseResult.error.format(),
+                        }),
+                    },
+                ],
+                isError: true,
+            };
+        }
+        try {
+            const result = await executeToolCall(client, name, parseResult.data, defaultMandateId);
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify(result, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (error) {
+            const errorMessage = error instanceof AttessoError
+                ? { code: error.code, message: error.message }
+                : error instanceof Error
+                    ? { error: error.message }
+                    : { error: 'Unknown error' };
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify(errorMessage),
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+    return server;
+}
+/**
+ * Execute a tool call against the Attesso API.
+ */
+async function executeToolCall(client, toolName, input, defaultMandateId) {
+    switch (toolName) {
+        case 'attesso_get_mandate': {
+            const { mandateId } = input;
+            const id = mandateId ?? defaultMandateId;
+            if (!id) {
+                throw new AttessoError('MANDATE_NOT_FOUND', 'mandateId is required');
+            }
+            return client.getMandate(id);
+        }
+        case 'attesso_get_balance': {
+            const { mandateId } = input;
+            const id = mandateId ?? defaultMandateId;
+            if (!id) {
+                throw new AttessoError('MANDATE_NOT_FOUND', 'mandateId is required');
+            }
+            const mandate = await client.getMandate(id);
+            return {
+                available: mandate.maxAmount,
+                currency: mandate.currency,
+                status: mandate.status,
+            };
+        }
+        case 'attesso_get_payment': {
+            const { paymentId } = input;
+            return client.getPayment(paymentId);
+        }
+        case 'attesso_get_passport': {
+            const { mandateId } = input;
+            const id = mandateId ?? defaultMandateId;
+            if (!id) {
+                throw new AttessoError('MANDATE_NOT_FOUND', 'mandateId is required');
+            }
+            return client.getPassport(id);
+        }
+        case 'attesso_execute_payment': {
+            const { mandateId, amount, merchant } = input;
+            const id = mandateId ?? defaultMandateId;
+            if (!id) {
+                throw new AttessoError('MANDATE_NOT_FOUND', 'mandateId is required');
+            }
+            // Generate idempotency key for safe retries
+            const idempotencyKey = `mcp_${randomUUID()}`;
+            // Note: idempotency key would be passed as header in production
+            return client.executePayment({ mandateId: id, amount, merchant });
+        }
+        case 'attesso_capture': {
+            const { paymentId, amount, metadata } = input;
+            return client.capture(paymentId, { amount, metadata });
+        }
+        case 'attesso_cancel': {
+            const { paymentId } = input;
+            return client.cancel(paymentId);
+        }
+        default:
+            throw new Error(`Unknown tool: ${toolName}`);
+    }
+}
+//# sourceMappingURL=server.js.map

package/dist/src/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GAEvB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAEL,aAAa,EACb,gBAAgB,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AAsCpB;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,sBAAsB,CAAC,SAAiC,EAAE;IACxE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAE5D,kDAAkD;IAClD,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9E,OAAO,CAAC,KAAK,CACX,qFAAqF,CACtF,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC;QAC/B,MAAM;QACN,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,MAAM,CAAC,SAAS,CAAC;IAC1C,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,KAAK,CAAC;IAElD,0BAA0B;IAC1B,MAAM,cAAc,GAAG,YAAY,CAAC,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAEzE,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;QACE,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;SACV;KACF,CACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,KAAK,GAAW,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAClD,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,WAAW,EAAE,IAAI,CAAC,WAAkC;SACrD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,KAAK,EAAE,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,2BAA2B;IAC3B,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QAEjD,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;QACpC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;qBACzD;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,uBAAuB;QACvB,IAAI,YAAY,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC7C,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,KAAK,EAAE,iDAAiD;4BACxD,IAAI,EAAE,IAAI;yBACX,CAAC;qBACH;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,iBAAiB;QACjB,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,KAAK,EAAE,eAAe;4BACtB,OAAO,EAAE,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE;yBACpC,CAAC;qBACH;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAClC,MAAM,EACN,IAAI,EACJ,WAAW,CAAC,IAAI,EAChB,gBAAgB,CACjB,CAAC;YAEF,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;qBACtC;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAChB,KAAK,YAAY,YAAY;gBAC3B,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE;gBAC9C,CAAC,CAAC,KAAK,YAAY,KAAK;oBACtB,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE;oBAC1B,CAAC,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;YAEnC,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;qBACnC;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,MAAqB,EACrB,QAAgB,EAChB,KAAc,EACd,gBAAyB;IAEzB,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,qBAAqB,CAAC,CAAC,CAAC;YAC3B,MAAM,EAAE,SAAS,EAAE,GAAG,KAAwB,CAAC;YAC/C,MAAM,EAAE,GAAG,SAAS,IAAI,gBAAgB,CAAC;YACzC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACR,MAAM,IAAI,YAAY,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC;YACvE,CAAC;YACD,OAAO,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC/B,CAAC;QAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;YAC3B,MAAM,EAAE,SAAS,EAAE,GAAG,KAA0B,CAAC;YACjD,MAAM,EAAE,GAAG,SAAS,IAAI,gBAAgB,CAAC;YACzC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACR,MAAM,IAAI,YAAY,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC;YACvE,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YAC5C,OAAO;gBACL,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC;QACJ,CAAC;QAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;YAC3B,MAAM,EAAE,SAAS,EAAE,GAAG,KAAwB,CAAC;YAC/C,OAAO,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC;QAED,KAAK,sBAAsB,CAAC,CAAC,CAAC;YAC5B,MAAM,EAAE,SAAS,EAAE,GAAG,KAAyB,CAAC;YAChD,MAAM,EAAE,GAAG,SAAS,IAAI,gBAAgB,CAAC;YACzC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACR,MAAM,IAAI,YAAY,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC;YACvE,CAAC;YACD,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAChC,CAAC;QAED,KAAK,yBAAyB,CAAC,CAAC,CAAC;YAC/B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,KAA4B,CAAC;YACrE,MAAM,EAAE,GAAG,SAAS,IAAI,gBAAgB,CAAC;YACzC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACR,MAAM,IAAI,YAAY,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC;YACvE,CAAC;YACD,4CAA4C;YAC5C,MAAM,cAAc,GAAG,OAAO,UAAU,EAAE,EAAE,CAAC;YAC7C,gEAAgE;YAChE,OAAO,MAAM,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,KAAK,iBAAiB,CAAC,CAAC,CAAC;YACvB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAqB,CAAC;YAC9D,OAAO,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACzD,CAAC;QAED,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,MAAM,EAAE,SAAS,EAAE,GAAG,KAAoB,CAAC;YAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;QAED;YACE,MAAM,IAAI,KAAK,CAAC,iBAAiB,QAAQ,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC"}

package/dist/src/tools.d.ts

@@ -0,0 +1,26 @@
+/**
+ * MCP Tool Definitions for Attesso
+ *
+ * Defines the 7 tools exposed via MCP:
+ * - attesso_get_mandate (read)
+ * - attesso_get_balance (read)
+ * - attesso_get_payment (read)
+ * - attesso_get_passport (read)
+ * - attesso_execute_payment (write)
+ * - attesso_capture (write)
+ * - attesso_cancel (write)
+ */
+import { z } from 'zod';
+import { zodToJsonSchema } from 'zod-to-json-schema';
+export interface ToolDefinition {
+    name: string;
+    description: string;
+    inputSchema: ReturnType<typeof zodToJsonSchema>;
+    zodSchema: z.ZodType;
+    isWriteOperation: boolean;
+}
+export declare const toolDefinitions: ToolDefinition[];
+export declare function getToolByName(name: string): ToolDefinition | undefined;
+export declare function getReadOnlyTools(): ToolDefinition[];
+export declare function getAllTools(): ToolDefinition[];
+//# sourceMappingURL=tools.d.ts.map

package/dist/src/tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAGrD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,UAAU,CAAC,OAAO,eAAe,CAAC,CAAC;IAChD,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC;IACrB,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED,eAAO,MAAM,eAAe,EAAE,cAAc,EAwE3C,CAAC;AAEF,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAEtE;AAED,wBAAgB,gBAAgB,IAAI,cAAc,EAAE,CAEnD;AAED,wBAAgB,WAAW,IAAI,cAAc,EAAE,CAE9C"}

package/dist/src/tools.js

@@ -0,0 +1,89 @@
+/**
+ * MCP Tool Definitions for Attesso
+ *
+ * Defines the 7 tools exposed via MCP:
+ * - attesso_get_mandate (read)
+ * - attesso_get_balance (read)
+ * - attesso_get_payment (read)
+ * - attesso_get_passport (read)
+ * - attesso_execute_payment (write)
+ * - attesso_capture (write)
+ * - attesso_cancel (write)
+ */
+import { zodToJsonSchema } from 'zod-to-json-schema';
+import { schemas } from './schemas.js';
+export const toolDefinitions = [
+    // Read operations
+    {
+        name: 'attesso_get_mandate',
+        description: 'Get details about a spending mandate including the maximum amount, status, and restrictions. ' +
+            'Use this to check how much money is available before making a purchase.',
+        inputSchema: zodToJsonSchema(schemas.getMandate, 'GetMandateInput'),
+        zodSchema: schemas.getMandate,
+        isWriteOperation: false,
+    },
+    {
+        name: 'attesso_get_balance',
+        description: 'Quickly check how much money is available to spend on a mandate. ' +
+            'Returns the maximum amount and current status.',
+        inputSchema: zodToJsonSchema(schemas.checkBalance, 'CheckBalanceInput'),
+        zodSchema: schemas.checkBalance,
+        isWriteOperation: false,
+    },
+    {
+        name: 'attesso_get_payment',
+        description: 'Get the status and details of a specific payment. ' +
+            'Use this to verify a payment was successful or check its current status.',
+        inputSchema: zodToJsonSchema(schemas.getPayment, 'GetPaymentInput'),
+        zodSchema: schemas.getPayment,
+        isWriteOperation: false,
+    },
+    {
+        name: 'attesso_get_passport',
+        description: 'Get a passport token that proves authorized spending power to merchants. ' +
+            'Some merchants require this for fast-lane checkout without additional verification. ' +
+            'The passport includes solvency proof and reputation data.',
+        inputSchema: zodToJsonSchema(schemas.getPassport, 'GetPassportInput'),
+        zodSchema: schemas.getPassport,
+        isWriteOperation: false,
+    },
+    // Write operations
+    {
+        name: 'attesso_execute_payment',
+        description: "Execute a payment to purchase something. The payment will be charged against the user's pre-authorized mandate. " +
+            'Amount must be in cents (e.g., 34700 for $347.00). ' +
+            'Only call this after finding the best deal and confirming the price.',
+        inputSchema: zodToJsonSchema(schemas.executePayment, 'ExecutePaymentInput'),
+        zodSchema: schemas.executePayment,
+        isWriteOperation: true,
+    },
+    {
+        name: 'attesso_capture',
+        description: 'Capture a previously authorized payment with the final amount. ' +
+            'Use this when the exact price is known (e.g., after finding the best flight). ' +
+            'The capture amount must be less than or equal to the authorized amount. ' +
+            'Any excess funds are automatically released.',
+        inputSchema: zodToJsonSchema(schemas.capture, 'CaptureInput'),
+        zodSchema: schemas.capture,
+        isWriteOperation: true,
+    },
+    {
+        name: 'attesso_cancel',
+        description: 'Cancel an authorization and release the held funds back to the user. ' +
+            "Use this when a purchase won't proceed (e.g., no suitable options found, user changed mind). " +
+            'Always cancel unused authorizations promptly.',
+        inputSchema: zodToJsonSchema(schemas.cancel, 'CancelInput'),
+        zodSchema: schemas.cancel,
+        isWriteOperation: true,
+    },
+];
+export function getToolByName(name) {
+    return toolDefinitions.find((t) => t.name === name);
+}
+export function getReadOnlyTools() {
+    return toolDefinitions.filter((t) => !t.isWriteOperation);
+}
+export function getAllTools() {
+    return toolDefinitions;
+}
+//# sourceMappingURL=tools.js.map

package/dist/src/tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.js","sourceRoot":"","sources":["../../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAUvC,MAAM,CAAC,MAAM,eAAe,GAAqB;IAC/C,kBAAkB;IAClB;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EACT,+FAA+F;YAC/F,yEAAyE;QAC3E,WAAW,EAAE,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,iBAAiB,CAAC;QACnE,SAAS,EAAE,OAAO,CAAC,UAAU;QAC7B,gBAAgB,EAAE,KAAK;KACxB;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EACT,mEAAmE;YACnE,gDAAgD;QAClD,WAAW,EAAE,eAAe,CAAC,OAAO,CAAC,YAAY,EAAE,mBAAmB,CAAC;QACvE,SAAS,EAAE,OAAO,CAAC,YAAY;QAC/B,gBAAgB,EAAE,KAAK;KACxB;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EACT,oDAAoD;YACpD,0EAA0E;QAC5E,WAAW,EAAE,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,iBAAiB,CAAC;QACnE,SAAS,EAAE,OAAO,CAAC,UAAU;QAC7B,gBAAgB,EAAE,KAAK;KACxB;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EACT,2EAA2E;YAC3E,sFAAsF;YACtF,2DAA2D;QAC7D,WAAW,EAAE,eAAe,CAAC,OAAO,CAAC,WAAW,EAAE,kBAAkB,CAAC;QACrE,SAAS,EAAE,OAAO,CAAC,WAAW;QAC9B,gBAAgB,EAAE,KAAK;KACxB;IAED,mBAAmB;IACnB;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EACT,kHAAkH;YAClH,qDAAqD;YACrD,sEAAsE;QACxE,WAAW,EAAE,eAAe,CAAC,OAAO,CAAC,cAAc,EAAE,qBAAqB,CAAC;QAC3E,SAAS,EAAE,OAAO,CAAC,cAAc;QACjC,gBAAgB,EAAE,IAAI;KACvB;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EACT,iEAAiE;YACjE,gFAAgF;YAChF,0EAA0E;YAC1E,8CAA8C;QAChD,WAAW,EAAE,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,cAAc,CAAC;QAC7D,SAAS,EAAE,OAAO,CAAC,OAAO;QAC1B,gBAAgB,EAAE,IAAI;KACvB;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EACT,uEAAuE;YACvE,+FAA+F;YAC/F,+CAA+C;QACjD,WAAW,EAAE,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,aAAa,CAAC;QAC3D,SAAS,EAAE,OAAO,CAAC,MAAM;QACzB,gBAAgB,EAAE,IAAI;KACvB;CACF,CAAC;AAEF,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;AACtD,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/package.json

@@ -0,0 +1,68 @@
+{
+  "name": "@attesso/mcp",
+  "version": "1.0.0",
+  "description": "MCP server for Attesso agent payments. Exposes payment tools for AI assistants like Claude Desktop.",
+  "author": "Attesso",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/attesso/attesso"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "type": "module",
+  "bin": {
+    "attesso-mcp": "./dist/bin/attesso-mcp.js"
+  },
+  "main": "./dist/src/index.js",
+  "types": "./dist/src/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/src/index.d.ts",
+      "import": "./dist/src/index.js",
+      "require": "./dist/src/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "clean": "rm -rf dist",
+    "test": "vitest run"
+  },
+  "keywords": [
+    "attesso",
+    "mcp",
+    "model-context-protocol",
+    "ai-agents",
+    "payments",
+    "claude",
+    "llm"
+  ],
+  "dependencies": {
+    "@attesso/sdk": "workspace:*",
+    "@attesso/types": "workspace:*",
+    "@modelcontextprotocol/sdk": "^1.25.0",
+    "zod-to-json-schema": "^3.23.0"
+  },
+  "peerDependencies": {
+    "zod": ">=3.25.0"
+  },
+  "peerDependenciesMeta": {
+    "zod": {
+      "optional": false
+    }
+  },
+  "devDependencies": {
+    "typescript": "^5.7.0",
+    "vitest": "^2.1.0",
+    "zod": "^3.25.0"
+  }
+}