@blockrun/mcp 0.7.1 → 0.8.0

package/dist/index.js

@@ -597,15 +597,17 @@ Actions:
 - edit: Transform an existing image using img2img
 
 Generation models:
-- zai/cogview-4 ($0.02) \u2014 Zhipu CogView-4, photorealistic, great for detailed scenes
+- zai/cogview-4 ($0.015) \u2014 Zhipu CogView-4, photorealistic, great for detailed scenes
+- xai/grok-imagine-image ($0.02) \u2014 xAI Grok Imagine, stylized, fast
+- xai/grok-imagine-image-pro ($0.07) \u2014 xAI Grok Imagine Pro, higher quality
+- openai/gpt-image-1 ($0.02-0.04) \u2014 GPT native image generation
 - openai/dall-e-3 ($0.04-0.08) \u2014 High quality, prompt adherence
-- together/flux-schnell ($0.02) \u2014 Fast, stylized
-- google/nano-banana \u2014 Google image model
+- google/nano-banana ($0.05) \u2014 Google image model
 Edit models: openai/gpt-image-1 (default for edits)`,
       inputSchema: {
         prompt: z4.string().describe("Image description or edit instructions"),
         action: z4.enum(["generate", "edit"]).optional().default("generate").describe("generate: create from text; edit: transform existing image"),
-        model: z4.enum(["zai/cogview-4", "openai/dall-e-3", "together/flux-schnell", "google/nano-banana", "openai/gpt-image-1"]).optional().describe("Model to use (default: dall-e-3 for generate, gpt-image-1 for edit). zai/cogview-4 is Zhipu's photorealistic model."),
+        model: z4.enum(["zai/cogview-4", "openai/dall-e-3", "together/flux-schnell", "google/nano-banana", "openai/gpt-image-1", "xai/grok-imagine-image", "xai/grok-imagine-image-pro"]).optional().describe("Model to use (default: dall-e-3 for generate, gpt-image-1 for edit). xai/grok-imagine-image is stylized and fast; xai/grok-imagine-image-pro is higher quality."),
         image: z4.string().optional().describe("Source image for edit action: base64-encoded image or URL"),
         size: z4.enum(["1024x1024", "1792x1024", "1024x1792"]).optional().default("1024x1024"),
         quality: z4.enum(["standard", "hd"]).optional().default("standard")
@@ -804,8 +806,144 @@ async function fetchWithTimeout(url, options, timeoutMs) {
   }
 }
 
-// src/tools/search.ts
+// src/tools/video.ts
 import { z as z6 } from "zod";
+import { privateKeyToAccount as privateKeyToAccount2 } from "viem/accounts";
+import {
+  createPaymentPayload as createPaymentPayload2,
+  parsePaymentRequired as parsePaymentRequired2,
+  extractPaymentDetails as extractPaymentDetails2
+} from "@blockrun/llm";
+var BLOCKRUN_API2 = "https://blockrun.ai/api";
+var VIDEO_TIMEOUT = 3e5;
+function registerVideoTool(server) {
+  server.registerTool(
+    "blockrun_video",
+    {
+      description: `Generate short AI videos via BlockRun x402.
+
+Uses xAI's Grok Imagine Video to turn a text prompt (and optional seed image) into an 8-second MP4 clip. The call blocks until the video is ready (30-120s typical).
+
+Model: xai/grok-imagine-video ($0.05/sec, 8s default -> $0.42/clip)
+
+Returns a permanent blockrun-hosted MP4 URL (the gateway mirrors the asset to GCS so URLs don't expire).`,
+      inputSchema: {
+        prompt: z6.string().describe("Text description of the video to generate. E.g. 'a red apple slowly spinning on a wooden table', 'a hummingbird hovering near a red flower, ultra slow motion'"),
+        image_url: z6.string().url().optional().describe("Optional seed image URL for image-to-video generation"),
+        duration_seconds: z6.number().int().min(1).max(60).optional().describe("Duration to bill for (defaults to the model's 8s default). Must not exceed max_duration_seconds."),
+        model: z6.enum(["xai/grok-imagine-video"]).optional().default("xai/grok-imagine-video").describe("Video model to use")
+      }
+    },
+    async ({ prompt, image_url, duration_seconds, model }) => {
+      try {
+        const privateKey = getOrCreateWalletKey();
+        const account = privateKeyToAccount2(privateKey);
+        const url = `${BLOCKRUN_API2}/v1/videos/generations`;
+        const body = { model, prompt };
+        if (image_url) body.image_url = image_url;
+        if (duration_seconds !== void 0) body.duration_seconds = duration_seconds;
+        const resp402 = await fetchWithTimeout2(url, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify(body)
+        }, 15e3);
+        if (resp402.status !== 402) {
+          const data2 = await resp402.json();
+          throw new Error(`Expected 402, got ${resp402.status}: ${JSON.stringify(data2)}`);
+        }
+        const prHeader = resp402.headers.get("payment-required") || resp402.headers.get("PAYMENT-REQUIRED");
+        if (!prHeader) throw new Error("No PAYMENT-REQUIRED header in 402 response");
+        const paymentRequired = parsePaymentRequired2(prHeader);
+        const details = extractPaymentDetails2(paymentRequired);
+        const paymentPayload = await createPaymentPayload2(
+          privateKey,
+          account.address,
+          details.recipient,
+          details.amount,
+          details.network || "eip155:8453",
+          {
+            resourceUrl: details.resource?.url || url,
+            resourceDescription: details.resource?.description || "BlockRun Video Generation",
+            maxTimeoutSeconds: details.maxTimeoutSeconds || 300,
+            extra: details.extra
+          }
+        );
+        const resp = await fetchWithTimeout2(url, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            "PAYMENT-SIGNATURE": paymentPayload
+          },
+          body: JSON.stringify(body)
+        }, VIDEO_TIMEOUT);
+        if (resp.status === 402) {
+          throw new Error("Payment rejected. Check your wallet balance.");
+        }
+        if (!resp.ok) {
+          const errBody = await resp.json().catch(() => ({ error: "Request failed" }));
+          throw new Error(`API error ${resp.status}: ${JSON.stringify(errBody)}`);
+        }
+        const data = await resp.json();
+        const clip = data.data?.[0];
+        if (!clip?.url) throw new Error("No video URL in response");
+        const txHash = resp.headers.get("X-Payment-Receipt") || resp.headers.get("x-payment-receipt");
+        const lines = [
+          `\u{1F3AC} Video ready!`,
+          `URL: ${clip.url}`,
+          `Duration: ${clip.duration_seconds ? `${clip.duration_seconds}s` : "8s"}`,
+          `Model: ${data.model || model}`,
+          ...clip.backed_up ? [`Backed up to BlockRun storage (URL is permanent)`] : clip.source_url ? [`Source URL: ${clip.source_url}`] : [],
+          ...clip.request_id ? [`Request ID: ${clip.request_id}`] : [],
+          ...txHash ? [`Tx: ${txHash}`] : []
+        ];
+        return {
+          content: [{ type: "text", text: lines.join("\n") }],
+          structuredContent: {
+            url: clip.url,
+            ...clip.source_url ? { source_url: clip.source_url } : {},
+            duration_seconds: clip.duration_seconds,
+            model: data.model || model,
+            ...clip.request_id ? { request_id: clip.request_id } : {},
+            ...clip.backed_up !== void 0 ? { backed_up: clip.backed_up } : {},
+            ...txHash ? { txHash } : {}
+          }
+        };
+      } catch (err) {
+        const errMsg = err instanceof Error ? err.message : String(err);
+        if (errMsg.includes("balance") || errMsg.includes("payment") || errMsg.includes("402") || errMsg.includes("rejected")) {
+          return {
+            content: [{ type: "text", text: `Video generation requires payment. Run blockrun_wallet with action: "setup" for funding instructions.
+Error: ${errMsg}` }],
+            isError: true
+          };
+        }
+        if (errMsg.includes("abort") || errMsg.includes("timeout") || errMsg.includes("Timeout") || errMsg.includes("timed out")) {
+          return {
+            content: [{ type: "text", text: `Video generation timed out. xAI's async job didn't complete in time \u2014 please try again.
+Error: ${errMsg}` }],
+            isError: true
+          };
+        }
+        return {
+          content: [{ type: "text", text: formatError(`Video generation failed: ${errMsg}`) }],
+          isError: true
+        };
+      }
+    }
+  );
+}
+async function fetchWithTimeout2(url, options, timeoutMs) {
+  const controller = new AbortController();
+  const id = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    return await fetch(url, { ...options, signal: controller.signal });
+  } finally {
+    clearTimeout(id);
+  }
+}
+
+// src/tools/search.ts
+import { z as z7 } from "zod";
 function registerSearchTool(server) {
   server.registerTool(
     "blockrun_search",
@@ -817,11 +955,11 @@ Pricing: ~$0.01/search
 
 Returns a summary with cited sources.`,
       inputSchema: {
-        query: z6.string().describe("Search query"),
-        sources: z6.array(z6.enum(["web", "x", "news"])).optional().describe("Sources to search (default: web + x + news)"),
-        max_results: z6.number().optional().default(10).describe("Max results per source (1-20)"),
-        from_date: z6.string().optional().describe("Start date filter (YYYY-MM-DD)"),
-        to_date: z6.string().optional().describe("End date filter (YYYY-MM-DD)")
+        query: z7.string().describe("Search query"),
+        sources: z7.array(z7.enum(["web", "x", "news"])).optional().describe("Sources to search (default: web + x + news)"),
+        max_results: z7.number().optional().default(10).describe("Max results per source (1-20)"),
+        from_date: z7.string().optional().describe("Start date filter (YYYY-MM-DD)"),
+        to_date: z7.string().optional().describe("End date filter (YYYY-MM-DD)")
       }
     },
     async ({ query, sources, max_results, from_date, to_date }) => {
@@ -849,7 +987,7 @@ Returns a summary with cited sources.`,
 }
 
 // src/tools/exa.ts
-import { z as z7 } from "zod";
+import { z as z8 } from "zod";
 function registerExaTool(server) {
   server.registerTool(
     "blockrun_exa",
@@ -862,14 +1000,14 @@ Actions:
 - contents: Fetch full Markdown text from URLs, ready for LLM context ($0.002/URL)
 - similar: Find pages semantically similar to a given URL ($0.01/call)`,
       inputSchema: {
-        action: z7.enum(["search", "answer", "contents", "similar"]).describe("Action to perform"),
-        query: z7.string().optional().describe("Natural language query (for search/answer)"),
-        url: z7.string().optional().describe("Reference URL to find similar pages (for similar action)"),
-        urls: z7.array(z7.string()).optional().describe("URLs to fetch content from (for contents action, up to 100)"),
-        num_results: z7.number().optional().describe("Number of results to return (default: 10)"),
-        category: z7.string().optional().describe("Category filter: 'news', 'research paper', 'company', 'tweet', 'github', 'pdf'"),
-        include_domains: z7.array(z7.string()).optional().describe("Only search within these domains"),
-        exclude_domains: z7.array(z7.string()).optional().describe("Exclude these domains from results")
+        action: z8.enum(["search", "answer", "contents", "similar"]).describe("Action to perform"),
+        query: z8.string().optional().describe("Natural language query (for search/answer)"),
+        url: z8.string().optional().describe("Reference URL to find similar pages (for similar action)"),
+        urls: z8.array(z8.string()).optional().describe("URLs to fetch content from (for contents action, up to 100)"),
+        num_results: z8.number().optional().describe("Number of results to return (default: 10)"),
+        category: z8.string().optional().describe("Category filter: 'news', 'research paper', 'company', 'tweet', 'github', 'pdf'"),
+        include_domains: z8.array(z8.string()).optional().describe("Only search within these domains"),
+        exclude_domains: z8.array(z8.string()).optional().describe("Exclude these domains from results")
       }
     },
     async ({ action, query, url, urls, num_results, category, include_domains, exclude_domains }) => {
@@ -922,7 +1060,7 @@ Actions:
 }
 
 // src/tools/markets.ts
-import { z as z8 } from "zod";
+import { z as z9 } from "zod";
 function registerMarketsTool(server) {
   server.registerTool(
     "blockrun_markets",
@@ -937,15 +1075,15 @@ Example paths:
 
 $0.001/call.`,
       inputSchema: {
-        path: z8.string().describe("Endpoint path, e.g. 'polymarket/events', 'kalshi/markets/KXBTC-25MAR14'"),
-        params: z8.record(z8.string(), z8.string()).optional().describe("Query parameters for GET requests"),
-        body: z8.any().optional().describe("JSON body for POST queries (triggers pmQuery)")
+        path: z9.string().describe("Endpoint path, e.g. 'polymarket/events', 'kalshi/markets/KXBTC-25MAR14'"),
+        params: z9.record(z9.string(), z9.string()).optional().describe("Query parameters for GET requests"),
+        body: z9.any().optional().describe("JSON body for POST queries (triggers pmQuery)")
       }
     },
-    async ({ path: path2, params, body }) => {
+    async ({ path: path3, params, body }) => {
       try {
         const llm = getClient();
-        const result = body ? await llm.pmQuery(path2, body) : await llm.pm(path2, params);
+        const result = body ? await llm.pmQuery(path3, body) : await llm.pm(path3, params);
         return {
           content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
           structuredContent: result
@@ -962,7 +1100,7 @@ $0.001/call.`,
 }
 
 // src/tools/dex.ts
-import { z as z9 } from "zod";
+import { z as z10 } from "zod";
 function registerDexTool(server) {
   server.registerTool(
     "blockrun_dex",
@@ -979,10 +1117,10 @@ Examples:
   blockrun_dex({ token: "So11...xxx" })    -> Get specific token data
   blockrun_dex({ symbol: "PEPE" })         -> Search by symbol`,
       inputSchema: {
-        query: z9.string().optional().describe("Search query (token name, symbol, or address)"),
-        token: z9.string().optional().describe("Token address for direct lookup"),
-        symbol: z9.string().optional().describe("Token symbol to search"),
-        chain: z9.string().optional().describe("Filter by chain (ethereum, solana, base, etc.)")
+        query: z10.string().optional().describe("Search query (token name, symbol, or address)"),
+        token: z10.string().optional().describe("Token address for direct lookup"),
+        symbol: z10.string().optional().describe("Token symbol to search"),
+        chain: z10.string().optional().describe("Filter by chain (ethereum, solana, base, etc.)")
       }
     },
     async ({ query, token, symbol, chain }) => {
@@ -1042,6 +1180,93 @@ ${lines.join("\n\n")}` }],
   );
 }
 
+// src/tools/modal.ts
+import { z as z11 } from "zod";
+var MODAL_GPU_TYPES = ["T4", "L4", "A10G", "A100", "A100-80GB", "H100"];
+function registerModalTool(server) {
+  server.registerTool(
+    "blockrun_modal",
+    {
+      description: `Run isolated code in a BlockRun-hosted Modal sandbox.
+
+Use this when you need:
+- a disposable remote container
+- GPU access
+- a clean environment that will not affect the local machine
+- a safer place to run untrusted or heavy code
+
+Prefer local tools for normal repo work. Modal is best for isolation or remote execution.
+
+Pricing:
+- create: $0.01
+- exec/status/terminate: $0.001 each`,
+      inputSchema: {
+        action: z11.enum(["create", "exec", "status", "terminate"]).describe(
+          "Sandbox action to perform"
+        ),
+        sandbox_id: z11.string().optional().describe("Sandbox ID returned by a previous create"),
+        command: z11.array(z11.string()).optional().describe('Command array for exec, for example ["python", "-c", "print(2+2)"]'),
+        image: z11.string().optional().describe("Container image for create (default: python:3.11)"),
+        timeout: z11.number().optional().describe("Timeout in seconds for create or exec"),
+        cpu: z11.number().optional().describe("CPU cores for create"),
+        memory: z11.number().optional().describe("Memory in MB for create"),
+        gpu: z11.enum(MODAL_GPU_TYPES).optional().describe("Optional GPU type for create"),
+        setup_commands: z11.array(z11.string()).optional().describe("Shell commands to run during sandbox setup")
+      }
+    },
+    async ({ action, sandbox_id, command, image, timeout, cpu, memory, gpu, setup_commands }) => {
+      try {
+        const llm = getClient();
+        const req = llm;
+        let result;
+        switch (action) {
+          case "create":
+            result = await req.requestWithPaymentRaw("/v1/modal/sandbox/create", {
+              image,
+              timeout,
+              cpu,
+              memory,
+              gpu,
+              setup_commands
+            });
+            break;
+          case "exec":
+            if (!sandbox_id) throw new Error("sandbox_id required for exec action");
+            if (!command?.length) throw new Error("command array required for exec action");
+            result = await req.requestWithPaymentRaw("/v1/modal/sandbox/exec", {
+              sandbox_id,
+              command,
+              timeout
+            });
+            break;
+          case "status":
+            if (!sandbox_id) throw new Error("sandbox_id required for status action");
+            result = await req.requestWithPaymentRaw("/v1/modal/sandbox/status", { sandbox_id });
+            break;
+          case "terminate":
+            if (!sandbox_id) throw new Error("sandbox_id required for terminate action");
+            result = await req.requestWithPaymentRaw("/v1/modal/sandbox/terminate", {
+              sandbox_id
+            });
+            break;
+          default:
+            throw new Error(`Unknown action: ${String(action)}`);
+        }
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+          structuredContent: result
+        };
+      } catch (err) {
+        const errMsg = err instanceof Error ? err.message : String(err);
+        return {
+          content: [{ type: "text", text: formatError(errMsg) }],
+          isError: true
+        };
+      }
+    }
+  );
+}
+
 // src/mcp-handler.ts
 function initializeMcpServer(server) {
   const budget = { limit: null, spent: 0, calls: 0, agents: /* @__PURE__ */ new Map() };
@@ -1051,10 +1276,12 @@ function initializeMcpServer(server) {
   registerModelsTool(server, modelCache);
   registerImageTool(server);
   registerMusicTool(server);
+  registerVideoTool(server);
   registerSearchTool(server);
   registerExaTool(server);
   registerMarketsTool(server);
   registerDexTool(server);
+  registerModalTool(server);
   server.registerResource(
     "wallet",
     "blockrun://wallet",
@@ -1090,8 +1317,90 @@ function initializeMcpServer(server) {
   );
 }
 
+// src/utils/key-leak-scanner.ts
+import fs2 from "fs";
+import path2 from "path";
+import os2 from "os";
+function looksLikeRawPrivateKey(value) {
+  if (typeof value !== "string") return false;
+  if (/^0x[0-9a-fA-F]{64}$/.test(value)) return true;
+  if (value.length >= 80 && value.length <= 100 && /^[1-9A-HJ-NP-Za-km-z]+$/.test(value)) return true;
+  return false;
+}
+function walk(obj, file, jsonPath, out) {
+  if (obj === null || typeof obj !== "object") return;
+  if (Array.isArray(obj)) {
+    obj.forEach((v, i) => walk(v, file, `${jsonPath}[${i}]`, out));
+    return;
+  }
+  for (const [k, v] of Object.entries(obj)) {
+    const next = jsonPath ? `${jsonPath}.${k}` : k;
+    if (/wallet[-_ ]?key|private[-_ ]?key|secret/i.test(k) && looksLikeRawPrivateKey(v)) {
+      out.push({ file, path: next });
+    } else if (looksLikeRawPrivateKey(v)) {
+      out.push({ file, path: next });
+    }
+    walk(v, file, next, out);
+  }
+}
+function scanFile(file) {
+  try {
+    if (!fs2.existsSync(file)) return [];
+    const raw = fs2.readFileSync(file, "utf-8");
+    const data = JSON.parse(raw);
+    const out = [];
+    walk(data, file, "", out);
+    return out;
+  } catch {
+    return [];
+  }
+}
+function warnOnLeakedKeys() {
+  const home = os2.homedir();
+  const candidates = [
+    path2.join(home, ".claude.json"),
+    path2.join(home, "Library", "Application Support", "Claude", "claude_desktop_config.json"),
+    path2.join(home, ".config", "claude", "claude_desktop_config.json"),
+    path2.join(home, "AppData", "Roaming", "Claude", "claude_desktop_config.json")
+  ];
+  const findings = [];
+  for (const f of candidates) findings.push(...scanFile(f));
+  if (findings.length === 0) return false;
+  const bar = "\u2550".repeat(72);
+  console.error("");
+  console.error(`\x1B[31m${bar}`);
+  console.error("  \u{1F6A8} WALLET PRIVATE KEY DETECTED IN CONFIG FILE");
+  console.error(bar + "\x1B[0m");
+  console.error("");
+  console.error("  Your config contains what looks like a raw wallet private key.");
+  console.error("  Private keys should NEVER be stored in these files \u2014 they get");
+  console.error("  backed up to iCloud / Dropbox / Time Machine, synced across");
+  console.error("  machines, and readable by anything that can read your config.");
+  console.error("");
+  console.error("  Found in:");
+  for (const f of findings) {
+    console.error(`    \xB7 ${f.file}`);
+    console.error(`      at: ${f.path}`);
+  }
+  console.error("");
+  console.error("  RECOMMENDED ACTIONS:");
+  console.error("    1. Treat this key as compromised. Rotate your wallet:");
+  console.error("       - Create a new wallet");
+  console.error("       - Transfer remaining USDC to the new address");
+  console.error("       - Retire the old key");
+  console.error("    2. Remove the X-Wallet-Key entries from your config.");
+  console.error("    3. Reconnect using the local package (signs locally, key");
+  console.error("       never leaves your machine):");
+  console.error("         claude mcp remove blockrun");
+  console.error("         claude mcp add blockrun npx -y @blockrun/mcp@latest");
+  console.error("");
+  console.error("  Details: https://github.com/BlockRunAI/blockrun-mcp-server/issues/1");
+  console.error("");
+  return true;
+}
+
 // src/index.ts
-var VERSION = "0.6.8";
+var VERSION = "0.7.2";
 async function checkForUpdate() {
   try {
     const resp = await fetch("https://registry.npmjs.org/@blockrun/mcp/latest", {
@@ -1106,6 +1415,7 @@ async function checkForUpdate() {
   }
 }
 async function main() {
+  warnOnLeakedKeys();
   const server = new McpServer({
     name: "blockrun-mcp",
     version: VERSION

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blockrun/mcp",
-  "version": "0.7.1",
+  "version": "0.8.0",
   "mcpName": "io.github.BlockRunAI/blockrun-mcp",
   "description": "BlockRun MCP Server - Give your AI agent web search, deep research, prediction markets, crypto data, X/Twitter intelligence. Paid via x402 micropayments.",
   "type": "module",