@dominusnode/mcp-server 1.0.0

package/dist/src/token-manager.js

@@ -0,0 +1,192 @@
+const TOKEN_REFRESH_BUFFER_MS = 60_000;
+// Maximum response body size for token endpoint responses (1MB)
+const MAX_TOKEN_RESPONSE_BYTES = 1_048_576;
+export class TokenManager {
+    accessToken = null;
+    refreshTokenValue = null;
+    refreshPromise = null;
+    apiUrl;
+    apiKey = null;
+    constructor(apiUrl) {
+        this.apiUrl = apiUrl;
+    }
+    async initialize(apiKey) {
+        this.apiKey = apiKey;
+        const res = await fetch(`${this.apiUrl}/api/auth/verify-key`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "User-Agent": "dominusnode-mcp-server/1.0.0",
+                "X-DominusNode-Agent": "mcp", // MCP identification
+            },
+            body: JSON.stringify({ apiKey }),
+            signal: AbortSignal.timeout(30_000),
+            redirect: "error", // Reject redirects — prevents credential leakage
+        });
+        if (!res.ok) {
+            // Cancel body instead of buffering — prevents OOM from oversized error response
+            await res.body?.cancel();
+            throw new Error(`Failed to verify API key (HTTP ${res.status})`);
+        }
+        // Response size limit to prevent OOM
+        const verifyText = await res.text();
+        if (verifyText.length > MAX_TOKEN_RESPONSE_BYTES) {
+            throw new Error("Token verification response too large");
+        }
+        // Backend returns { token, refreshToken } — accept both field names
+        const data = safeJsonParse(verifyText);
+        const accessToken = data.accessToken ?? data.token;
+        if (!accessToken) {
+            throw new Error("No access token in verify-key response");
+        }
+        // Route through setTokens to enforce type+length validation
+        this.setTokens(accessToken, data.refreshToken);
+    }
+    isExpired(token) {
+        try {
+            const parts = token.split(".");
+            if (parts.length !== 3)
+                return true;
+            const payload = JSON.parse(Buffer.from(parts[1].replace(/-/g, "+").replace(/_/g, "/"), "base64").toString());
+            // Strip prototype pollution keys from JWT payload
+            if (payload && typeof payload === "object") {
+                for (const key of ["__proto__", "constructor", "prototype"]) {
+                    delete payload[key];
+                }
+            }
+            // Validate exp is a finite number — undefined/NaN comparison always returns false
+            if (typeof payload.exp !== "number" || !Number.isFinite(payload.exp))
+                return true;
+            return payload.exp * 1000 < Date.now() + TOKEN_REFRESH_BUFFER_MS;
+        }
+        catch {
+            return true;
+        }
+    }
+    async getValidToken() {
+        if (this.accessToken && !this.isExpired(this.accessToken)) {
+            return this.accessToken;
+        }
+        return this.forceRefresh();
+    }
+    // Rate limit forceRefresh to prevent self-inflicted DDoS
+    lastRefreshAttempt = 0;
+    static MIN_REFRESH_INTERVAL_MS = 5_000; // 5 seconds between refreshes
+    async forceRefresh() {
+        if (!this.refreshTokenValue && !this.apiKey) {
+            throw new Error("No refresh token or API key available — cannot recover");
+        }
+        // Prevent refresh amplification — min 5s between attempts
+        const now = Date.now();
+        if (now - this.lastRefreshAttempt < TokenManager.MIN_REFRESH_INTERVAL_MS) {
+            if (this.accessToken)
+                return this.accessToken;
+            throw new Error("Token refresh rate limited — try again shortly");
+        }
+        this.lastRefreshAttempt = now;
+        if (this.refreshPromise)
+            return this.refreshPromise;
+        this.refreshPromise = (async () => {
+            try {
+                // Try refresh token first if available
+                if (this.refreshTokenValue) {
+                    const res = await fetch(`${this.apiUrl}/api/auth/refresh`, {
+                        method: "POST",
+                        headers: {
+                            "Content-Type": "application/json",
+                            "User-Agent": "dominusnode-mcp-server/1.0.0",
+                            "X-DominusNode-Agent": "mcp", // MCP identification
+                        },
+                        body: JSON.stringify({ refreshToken: this.refreshTokenValue }),
+                        signal: AbortSignal.timeout(30_000),
+                        redirect: "error", // Reject redirects
+                    });
+                    if (res.ok) {
+                        const refreshText = await res.text();
+                        if (refreshText.length > MAX_TOKEN_RESPONSE_BYTES) {
+                            throw new Error("Token refresh response too large");
+                        }
+                        // Backend returns { token, refreshToken } — accept both field names
+                        const data = safeJsonParse(refreshText);
+                        const accessToken = data.accessToken ?? data.token;
+                        if (!accessToken) {
+                            throw new Error("No access token in refresh response");
+                        }
+                        // Route through setTokens to enforce type+length validation
+                        this.setTokens(accessToken, data.refreshToken ?? this.refreshTokenValue);
+                        return this.accessToken;
+                    }
+                    // Cancel body instead of buffering — prevents OOM from oversized error response
+                    await res.body?.cancel();
+                }
+                // Fallback: re-initialize with stored API key
+                if (this.apiKey) {
+                    await this.initialize(this.apiKey);
+                    return this.accessToken;
+                }
+                throw new Error("Token refresh failed and no API key available for re-initialization");
+            }
+            catch (err) {
+                // Only null tokens, NOT apiKey — allows future recovery
+                this.accessToken = null;
+                this.refreshTokenValue = null;
+                throw err;
+            }
+            finally {
+                this.refreshPromise = null;
+            }
+        })();
+        return this.refreshPromise;
+    }
+    /** Store tokens from external auth flow (e.g., registration, wallet auth in bootstrap mode) */
+    setTokens(accessToken, refreshToken) {
+        // Validate token type and length before storage
+        if (typeof accessToken !== "string" || typeof refreshToken !== "string") {
+            throw new Error("Tokens must be strings");
+        }
+        if (!accessToken || !refreshToken) {
+            throw new Error("Tokens cannot be empty");
+        }
+        if (accessToken.length > 10_000 || refreshToken.length > 10_000) {
+            throw new Error("Token exceeds maximum length");
+        }
+        this.accessToken = accessToken;
+        this.refreshTokenValue = refreshToken;
+    }
+    clear() {
+        // Best-effort credential clearing. JavaScript strings are immutable and
+        // garbage-collected — old values persist in memory until GC reclaims them.
+        // True memory zeroing is not possible in Node.js. This is a known limitation.
+        // For maximum security, keep token lifetimes short (15min access, 7d refresh).
+        this.accessToken = null;
+        this.refreshTokenValue = null;
+        this.refreshPromise = null;
+        this.apiKey = null;
+    }
+}
+const DANGEROUS_KEYS = new Set(["__proto__", "constructor", "prototype"]);
+// Depth limit prevents stack overflow on deeply nested JSON
+function stripDangerousKeys(obj, depth = 0) {
+    if (depth > 50 || !obj || typeof obj !== "object")
+        return;
+    if (Array.isArray(obj)) {
+        for (const item of obj)
+            stripDangerousKeys(item, depth + 1);
+        return;
+    }
+    const record = obj;
+    for (const key of Object.keys(record)) {
+        if (DANGEROUS_KEYS.has(key)) {
+            delete record[key];
+        }
+        else if (record[key] && typeof record[key] === "object") {
+            stripDangerousKeys(record[key], depth + 1);
+        }
+    }
+}
+function safeJsonParse(text) {
+    const parsed = JSON.parse(text);
+    stripDangerousKeys(parsed);
+    return parsed;
+}
+//# sourceMappingURL=token-manager.js.map

package/dist/src/token-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../../src/token-manager.ts"],"names":[],"mappings":"AAAA,MAAM,uBAAuB,GAAG,MAAM,CAAC;AAEvC,gEAAgE;AAChE,MAAM,wBAAwB,GAAG,SAAS,CAAC;AAE3C,MAAM,OAAO,YAAY;IACf,WAAW,GAAkB,IAAI,CAAC;IAClC,iBAAiB,GAAkB,IAAI,CAAC;IACxC,cAAc,GAA2B,IAAI,CAAC;IAC9C,MAAM,CAAS;IACf,MAAM,GAAkB,IAAI,CAAC;IAErC,YAAY,MAAc;QACxB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAc;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,sBAAsB,EAAE;YAC5D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,YAAY,EAAE,8BAA8B;gBAC5C,qBAAqB,EAAE,KAAK,EAAE,qBAAqB;aACpD;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;YAChC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;YACnC,QAAQ,EAAE,OAAO,EAAE,iDAAiD;SACrE,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,gFAAgF;YAChF,MAAM,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,kCAAkC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;QACnE,CAAC;QAED,qCAAqC;QACrC,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QACpC,IAAI,UAAU,CAAC,MAAM,GAAG,wBAAwB,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,oEAAoE;QACpE,MAAM,IAAI,GAAG,aAAa,CAAiE,UAAU,CAAC,CAAC;QACvG,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,KAAK,CAAC;QACnD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QACD,4DAA4D;QAC5D,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACjD,CAAC;IAED,SAAS,CAAC,KAAa;QACrB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YACpC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CACjF,CAAC;YACF,kDAAkD;YAClD,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC3C,KAAK,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,CAAC;oBAC5D,OAAQ,OAAmC,CAAC,GAAG,CAAC,CAAC;gBACnD,CAAC;YACH,CAAC;YACD,kFAAkF;YAClF,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAC;YAClF,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,uBAAuB,CAAC;QACnE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1B,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,EAAE,CAAC;IAC7B,CAAC;IAED,yDAAyD;IACjD,kBAAkB,GAAG,CAAC,CAAC;IACvB,MAAM,CAAU,uBAAuB,GAAG,KAAK,CAAC,CAAC,8BAA8B;IAEvF,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,CAAC;QAED,0DAA0D;QAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,GAAG,GAAG,IAAI,CAAC,kBAAkB,GAAG,YAAY,CAAC,uBAAuB,EAAE,CAAC;YACzE,IAAI,IAAI,CAAC,WAAW;gBAAE,OAAO,IAAI,CAAC,WAAW,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,kBAAkB,GAAG,GAAG,CAAC;QAE9B,IAAI,IAAI,CAAC,cAAc;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC;QAEpD,IAAI,CAAC,cAAc,GAAG,CAAC,KAAK,IAAI,EAAE;YAChC,IAAI,CAAC;gBACH,uCAAuC;gBACvC,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,mBAAmB,EAAE;wBACzD,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE;4BACP,cAAc,EAAE,kBAAkB;4BAClC,YAAY,EAAE,8BAA8B;4BAC5C,qBAAqB,EAAE,KAAK,EAAE,qBAAqB;yBACpD;wBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC;wBAC9D,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;wBACnC,QAAQ,EAAE,OAAO,EAAE,mBAAmB;qBACvC,CAAC,CAAC;oBAEH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;wBACX,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;wBACrC,IAAI,WAAW,CAAC,MAAM,GAAG,wBAAwB,EAAE,CAAC;4BAClD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;wBACtD,CAAC;wBACD,oEAAoE;wBACpE,MAAM,IAAI,GAAG,aAAa,CAAkE,WAAW,CAAC,CAAC;wBACzG,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,KAAK,CAAC;wBACnD,IAAI,CAAC,WAAW,EAAE,CAAC;4BACjB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;wBACzD,CAAC;wBACD,4DAA4D;wBAC5D,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,iBAAkB,CAAC,CAAC;wBAC1E,OAAO,IAAI,CAAC,WAAY,CAAC;oBAC3B,CAAC;oBAED,gFAAgF;oBAChF,MAAM,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;gBAC3B,CAAC;gBAED,8CAA8C;gBAC9C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;oBAChB,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBACnC,OAAO,IAAI,CAAC,WAAY,CAAC;gBAC3B,CAAC;gBAED,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;YACzF,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,wDAAwD;gBACxD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;gBACxB,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;gBAC9B,MAAM,GAAG,CAAC;YACZ,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;YAC7B,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED,+FAA+F;IAC/F,SAAS,CAAC,WAAmB,EAAE,YAAoB;QACjD,gDAAgD;QAChD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,WAAW,CAAC,MAAM,GAAG,MAAM,IAAI,YAAY,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,iBAAiB,GAAG,YAAY,CAAC;IACxC,CAAC;IAED,KAAK;QACH,wEAAwE;QACxE,2EAA2E;QAC3E,8EAA8E;QAC9E,+EAA+E;QAC/E,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAC9B,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;;AAGH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC;AAE1E,4DAA4D;AAC5D,SAAS,kBAAkB,CAAC,GAAY,EAAE,KAAK,GAAG,CAAC;IACjD,IAAI,KAAK,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO;IAC1D,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,MAAM,IAAI,IAAI,GAAG;YAAE,kBAAkB,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QAC5D,OAAO;IACT,CAAC;IACD,MAAM,MAAM,GAAG,GAA8B,CAAC;IAC9C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACtC,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;aAAM,IAAI,MAAM,CAAC,GAAG,CAAC,IAAI,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1D,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAI,IAAY;IACpC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAChC,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC3B,OAAO,MAAW,CAAC;AACrB,CAAC"}

package/dist/src/tools/account.d.ts

@@ -0,0 +1,6 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { HttpClient } from "../http-client.js";
+/** @internal Exported for testing only — clears rate limit state */
+export declare function _resetBootstrapSignupLimits(): void;
+export declare function registerAccountTools(server: McpServer, httpClient: HttpClient): void;
+//# sourceMappingURL=account.d.ts.map

package/dist/src/tools/account.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"account.d.ts","sourceRoot":"","sources":["../../../src/tools/account.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAUpD,oEAAoE;AACpE,wBAAgB,2BAA2B,IAAI,IAAI,CAGlD;AA+BD,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,GAAG,IAAI,CAgVpF"}

package/dist/src/tools/account.js

@@ -0,0 +1,329 @@
+import { z } from "zod";
+// Stricter rate limit for account creation in bootstrap mode.
+// The backend has per-IP limits (3 accounts/hour) but the MCP server should
+// also limit to prevent a compromised MCP client from spamming registration.
+const BOOTSTRAP_SIGNUP_MAX = 5;
+const BOOTSTRAP_SIGNUP_WINDOW_MS = 3600_000; // 1 hour
+const signupTimestamps = [];
+/** @internal Exported for testing only — clears rate limit state */
+export function _resetBootstrapSignupLimits() {
+    signupTimestamps.length = 0;
+    loginTimestamps.length = 0;
+}
+// Rate limit login attempts to prevent brute-force via MCP client
+const LOGIN_MAX = 10;
+const LOGIN_WINDOW_MS = 900_000; // 15 minutes
+const loginTimestamps = [];
+function checkLoginLimit() {
+    const now = Date.now();
+    while (loginTimestamps.length > 0 && now - loginTimestamps[0] > LOGIN_WINDOW_MS) {
+        loginTimestamps.shift();
+    }
+    if (loginTimestamps.length > 100)
+        loginTimestamps.length = 100;
+    if (loginTimestamps.length >= LOGIN_MAX)
+        return false;
+    loginTimestamps.push(now);
+    return true;
+}
+function checkBootstrapSignupLimit() {
+    const now = Date.now();
+    // Remove expired entries
+    while (signupTimestamps.length > 0 && now - signupTimestamps[0] > BOOTSTRAP_SIGNUP_WINDOW_MS) {
+        signupTimestamps.shift();
+    }
+    // Hard cap prevents unbounded growth under pathological clock skew
+    if (signupTimestamps.length > 100)
+        signupTimestamps.length = 100;
+    if (signupTimestamps.length >= BOOTSTRAP_SIGNUP_MAX)
+        return false;
+    signupTimestamps.push(now);
+    return true;
+}
+export function registerAccountTools(server, httpClient) {
+    server.tool("dominusnode_get_account_info", "Get account details including email, admin status, and email verification.", {}, async () => {
+        try {
+            const info = await httpClient.get("/api/auth/me");
+            const user = info.user;
+            const text = [
+                `User ID: ${user.id}`,
+                `Email: ${user.email}`,
+                `Email Verified: ${user.email_verified ? "yes" : "no"}`,
+                `Admin: ${user.is_admin ? "yes" : "no"}`,
+                user.wallet_address ? `Wallet: ${user.wallet_address}` : null,
+            ].filter(Boolean).join("\n");
+            return { content: [{ type: "text", text }] };
+        }
+        catch (err) {
+            return {
+                isError: true,
+                content: [{ type: "text", text: `Error: ${err instanceof Error ? err.message : String(err)}` }],
+            };
+        }
+    });
+    server.tool("dominusnode_register", "Register a new Dominus Node account. Returns access token for immediate use. Use this when the AI agent needs to create its own proxy account. The free tier includes 10 connections and 1GB bandwidth — no payment required.", {
+        email: z.string().email().describe("Email address for the new account"),
+        password: z.string().min(8).max(128).describe("Password (min 8 characters)"),
+    }, async (args) => {
+        try {
+            if (!checkBootstrapSignupLimit()) {
+                return { isError: true, content: [{ type: "text", text: "Account creation rate limit exceeded (max 5 per hour). Please try again later." }] };
+            }
+            const data = await httpClient.post("/api/auth/register", { email: args.email, password: args.password }, false);
+            // Store tokens so subsequent authenticated calls work (bootstrap mode)
+            if (data.token && data.refreshToken) {
+                httpClient.storeTokens(data.token, data.refreshToken);
+            }
+            // Email is auto-verified server-side for MCP agents (X-DominusNode-Agent header).
+            // Payments (crypto) are immediately available. Stripe requires browser checkout.
+            const text = [
+                `Account created successfully!`,
+                `Email: ${data.user.email}`,
+                `User ID: ${data.user.id}`,
+                `Email: auto-verified (MCP agent)`,
+                ``,
+                `You are now authenticated. Crypto payments enabled (11 currencies).`,
+                `Next steps:`,
+                `1. Use dominusnode_setup to create an account + API key in one step (recommended)`,
+                `   Or set DOMINUSNODE_API_KEY and restart to unlock dominusnode_create_key`,
+                `2. Free tier: 10 connections, 1GB bandwidth — no payment needed`,
+                `3. Use dominusnode_pay_crypto to add funds for premium bandwidth`,
+            ].join("\n");
+            return { content: [{ type: "text", text }] };
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            // Handle 403 "slots full" — suggest waitlist
+            if (msg.includes("403") || msg.toLowerCase().includes("slot") || msg.toLowerCase().includes("capacity")) {
+                return {
+                    isError: true,
+                    content: [{ type: "text", text: `All alpha registration slots are full.\n\nUse dominusnode_check_slots to see availability, or dominusnode_join_waitlist to get notified when a slot opens.` }],
+                };
+            }
+            return {
+                isError: true,
+                content: [{ type: "text", text: `Registration error: ${msg}` }],
+            };
+        }
+    });
+    server.tool("dominusnode_login", "Login to an existing Dominus Node account with email and password.", {
+        email: z.string().email().describe("Account email"),
+        password: z.string().min(1).max(128).describe("Account password"),
+    }, async (args) => {
+        // Rate limit login attempts to prevent brute-force via MCP client
+        if (!checkLoginLimit()) {
+            return {
+                isError: true,
+                content: [{ type: "text", text: "Login rate limit exceeded. Try again in 15 minutes." }],
+            };
+        }
+        try {
+            const data = await httpClient.post("/api/auth/login", { email: args.email, password: args.password }, false);
+            // Store tokens so subsequent authenticated calls work (bootstrap mode)
+            if (data.token && data.refreshToken) {
+                httpClient.storeTokens(data.token, data.refreshToken);
+            }
+            const text = [
+                `Logged in successfully!`,
+                `Email: ${data.user.email}`,
+                `User ID: ${data.user.id}`,
+            ].join("\n");
+            return { content: [{ type: "text", text }] };
+        }
+        catch (err) {
+            return {
+                isError: true,
+                content: [{ type: "text", text: `Login error: ${err instanceof Error ? err.message : String(err)}` }],
+            };
+        }
+    });
+    server.tool("dominusnode_setup", "One-shot setup: register a new account, create an API key, and return proxy config. Perfect for AI agents that need to bootstrap proxy access from scratch.", {
+        email: z.string().email().describe("Email address for the new account"),
+        password: z.string().min(8).max(128).describe("Password (min 8 characters)"),
+        key_label: z.string().min(1).max(100).default("ai-agent").describe("Label for the API key"),
+    }, async (args) => {
+        try {
+            if (!checkBootstrapSignupLimit()) {
+                return { isError: true, content: [{ type: "text", text: "Account creation rate limit exceeded (max 5 per hour). Please try again later." }] };
+            }
+            // Step 1: Register
+            // Email is auto-verified server-side for MCP agents (X-DominusNode-Agent header)
+            const reg = await httpClient.post("/api/auth/register", { email: args.email, password: args.password }, false);
+            // Store tokens from registration so subsequent authenticated calls work (bootstrap mode)
+            if (reg.token && reg.refreshToken) {
+                httpClient.storeTokens(reg.token, reg.refreshToken);
+            }
+            // Step 2: Create API key (using the newly acquired auth)
+            let keyData;
+            try {
+                keyData = await httpClient.post("/api/keys", { label: args.key_label });
+            }
+            catch (keyErr) {
+                // Account was created but key creation failed — tell the agent clearly
+                const text = [
+                    `Account created but API key creation failed.`,
+                    ``,
+                    `Account:`,
+                    `  Email: ${reg.user.email}`,
+                    `  User ID: ${reg.user.id}`,
+                    ``,
+                    `You are authenticated. To create an API key:`,
+                    `  1. Set DOMINUSNODE_API_KEY env var and restart to unlock dominusnode_create_key`,
+                    `  2. Or use dominusnode_login to re-authenticate and retry`,
+                    ``,
+                    `Error: ${keyErr instanceof Error ? keyErr.message : String(keyErr)}`,
+                ].join("\n");
+                return { isError: true, content: [{ type: "text", text }] };
+            }
+            const text = [
+                `Dominus Node account setup complete!`,
+                ``,
+                `Account:`,
+                `  Email: ${reg.user.email}`,
+                `  User ID: ${reg.user.id}`,
+                `  Email: auto-verified (MCP agent)`,
+                ``,
+                `API Key (save now — shown only once):`,
+                `  Key: ${keyData.key}`,
+                `  Label: ${keyData.label}`,
+                ``,
+                `Proxy Usage:`,
+                `  curl -x http://auto:<YOUR_API_KEY>@proxy.dominusnode.com:8080 https://httpbin.org/ip`,
+                ``,
+                `Free tier: 10 connections, 1GB bandwidth.`,
+                `Payments: use dominusnode_pay_crypto to add funds (10 crypto currencies).`,
+                `Set DOMINUSNODE_API_KEY=<your key above> and restart to unlock all 56 tools.`,
+            ].join("\n");
+            return { content: [{ type: "text", text }] };
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            // Handle 403 "slots full" — suggest waitlist
+            if (msg.includes("403") || msg.toLowerCase().includes("slot") || msg.toLowerCase().includes("capacity")) {
+                return {
+                    isError: true,
+                    content: [{ type: "text", text: `All alpha registration slots are full.\n\nUse dominusnode_check_slots to see availability, or dominusnode_join_waitlist to get notified when a slot opens.` }],
+                };
+            }
+            return {
+                isError: true,
+                content: [{ type: "text", text: `Setup error: ${msg}` }],
+            };
+        }
+    });
+    // ─── Password change ──────────────────────────────────────────────
+    const PASSWORD_CHANGE_MAX = 5;
+    const PASSWORD_CHANGE_WINDOW_MS = 3600_000; // 1 hour
+    const passwordChangeTimestamps = [];
+    function checkPasswordChangeLimit() {
+        const now = Date.now();
+        while (passwordChangeTimestamps.length > 0 && now - passwordChangeTimestamps[0] > PASSWORD_CHANGE_WINDOW_MS) {
+            passwordChangeTimestamps.shift();
+        }
+        if (passwordChangeTimestamps.length > 100)
+            passwordChangeTimestamps.length = 100;
+        if (passwordChangeTimestamps.length >= PASSWORD_CHANGE_MAX)
+            return false;
+        passwordChangeTimestamps.push(now);
+        return true;
+    }
+    server.tool("dominusnode_update_password", "Change the account password. Requires the current password for verification. Wallet-only accounts cannot use this. All existing API keys and refresh tokens are revoked on success.", {
+        current_password: z.string().min(1).max(128).describe("Current account password"),
+        new_password: z.string().min(8).max(128).describe("New password (min 8 characters)"),
+    }, async (args) => {
+        if (!checkPasswordChangeLimit()) {
+            return {
+                isError: true,
+                content: [{ type: "text", text: "Password change rate limit exceeded (max 5 per hour). Please try again later." }],
+            };
+        }
+        try {
+            await httpClient.post("/api/auth/change-password", {
+                currentPassword: args.current_password,
+                newPassword: args.new_password,
+            });
+            const text = [
+                `Password changed successfully.`,
+                ``,
+                `All existing API keys and refresh tokens have been revoked for security.`,
+                `You will need to create new API keys and re-authenticate.`,
+            ].join("\n");
+            return { content: [{ type: "text", text }] };
+        }
+        catch (err) {
+            return {
+                isError: true,
+                content: [{ type: "text", text: `Error changing password: ${err instanceof Error ? err.message : String(err)}` }],
+            };
+        }
+    });
+    // Rate limit verify_email to prevent brute-force enumeration
+    const VERIFY_EMAIL_MAX = 10;
+    const VERIFY_EMAIL_WINDOW_MS = 900_000; // 15 minutes
+    const verifyEmailTimestamps = [];
+    function checkVerifyEmailLimit() {
+        const now = Date.now();
+        while (verifyEmailTimestamps.length > 0 && now - verifyEmailTimestamps[0] > VERIFY_EMAIL_WINDOW_MS) {
+            verifyEmailTimestamps.shift();
+        }
+        if (verifyEmailTimestamps.length > 100)
+            verifyEmailTimestamps.length = 100;
+        if (verifyEmailTimestamps.length >= VERIFY_EMAIL_MAX)
+            return false;
+        verifyEmailTimestamps.push(now);
+        return true;
+    }
+    // Rate limit resend_verification
+    const RESEND_MAX = 3;
+    const RESEND_WINDOW_MS = 900_000; // 15 minutes
+    const resendTimestamps = [];
+    function checkResendLimit() {
+        const now = Date.now();
+        while (resendTimestamps.length > 0 && now - resendTimestamps[0] > RESEND_WINDOW_MS) {
+            resendTimestamps.shift();
+        }
+        if (resendTimestamps.length > 100)
+            resendTimestamps.length = 100;
+        if (resendTimestamps.length >= RESEND_MAX)
+            return false;
+        resendTimestamps.push(now);
+        return true;
+    }
+    server.tool("dominusnode_verify_email", "Verify your email address using a verification token. The token is returned when registering via API/MCP. Email verification is required before you can make payments (Stripe or crypto). Wallet-authenticated accounts are auto-verified and do not need this.", {
+        token: z.string().min(32).max(128).describe("Email verification token from registration response"),
+    }, async (args) => {
+        if (!checkVerifyEmailLimit()) {
+            return { isError: true, content: [{ type: "text", text: "Email verification rate limit exceeded. Try again in 15 minutes." }] };
+        }
+        try {
+            await httpClient.post("/api/auth/verify-email", { token: args.token }, false);
+            return {
+                content: [{ type: "text", text: "Email verified successfully! You can now use dominusnode_pay_crypto to add funds to your wallet." }],
+            };
+        }
+        catch (err) {
+            return {
+                isError: true,
+                content: [{ type: "text", text: `Verification failed: ${err instanceof Error ? err.message : String(err)}` }],
+            };
+        }
+    });
+    server.tool("dominusnode_resend_verification", "Resend the email verification link. Use this if you registered with email/password but the verification email didn't arrive. Requires authentication (login first).", {}, async () => {
+        if (!checkResendLimit()) {
+            return { isError: true, content: [{ type: "text", text: "Resend verification rate limit exceeded. Try again in 15 minutes." }] };
+        }
+        try {
+            const data = await httpClient.post("/api/auth/resend-verification", {});
+            return {
+                content: [{ type: "text", text: data.message }],
+            };
+        }
+        catch (err) {
+            return {
+                isError: true,
+                content: [{ type: "text", text: `Error: ${err instanceof Error ? err.message : String(err)}` }],
+            };
+        }
+    });
+}
+//# sourceMappingURL=account.js.map

package/dist/src/tools/account.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"account.js","sourceRoot":"","sources":["../../../src/tools/account.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,8DAA8D;AAC9D,4EAA4E;AAC5E,6EAA6E;AAC7E,MAAM,oBAAoB,GAAG,CAAC,CAAC;AAC/B,MAAM,0BAA0B,GAAG,QAAQ,CAAC,CAAC,SAAS;AACtD,MAAM,gBAAgB,GAAa,EAAE,CAAC;AAEtC,oEAAoE;AACpE,MAAM,UAAU,2BAA2B;IACzC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC;IAC5B,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,kEAAkE;AAClE,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,eAAe,GAAG,OAAO,CAAC,CAAC,aAAa;AAC9C,MAAM,eAAe,GAAa,EAAE,CAAC;AAErC,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,GAAG,eAAe,CAAC,CAAC,CAAC,GAAG,eAAe,EAAE,CAAC;QAChF,eAAe,CAAC,KAAK,EAAE,CAAC;IAC1B,CAAC;IACD,IAAI,eAAe,CAAC,MAAM,GAAG,GAAG;QAAE,eAAe,CAAC,MAAM,GAAG,GAAG,CAAC;IAC/D,IAAI,eAAe,CAAC,MAAM,IAAI,SAAS;QAAE,OAAO,KAAK,CAAC;IACtD,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,yBAAyB;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,yBAAyB;IACzB,OAAO,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,GAAG,gBAAgB,CAAC,CAAC,CAAC,GAAG,0BAA0B,EAAE,CAAC;QAC7F,gBAAgB,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IACD,mEAAmE;IACnE,IAAI,gBAAgB,CAAC,MAAM,GAAG,GAAG;QAAE,gBAAgB,CAAC,MAAM,GAAG,GAAG,CAAC;IACjE,IAAI,gBAAgB,CAAC,MAAM,IAAI,oBAAoB;QAAE,OAAO,KAAK,CAAC;IAClE,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3B,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,MAAiB,EAAE,UAAsB;IAC5E,MAAM,CAAC,IAAI,CACT,8BAA8B,EAC9B,4EAA4E,EAC5E,EAAE,EACF,KAAK,IAAI,EAAE;QACT,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,GAAG,CAAc,cAAc,CAAC,CAAC;YAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,MAAM,IAAI,GAAG;gBACX,YAAY,IAAI,CAAC,EAAE,EAAE;gBACrB,UAAU,IAAI,CAAC,KAAK,EAAE;gBACtB,mBAAmB,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;gBACvD,UAAU,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;gBACxC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI;aAC9D,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;aAChG,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,+NAA+N,EAC/N;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;QACvE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,6BAA6B,CAAC;KAC7E,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,IAAI,CAAC;YACH,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;gBACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,gFAAgF,EAAE,CAAC,EAAE,CAAC;YAChJ,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,CAChC,oBAAoB,EACpB,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,EAC9C,KAAK,CACN,CAAC;YACF,uEAAuE;YACvE,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YACxD,CAAC;YAED,kFAAkF;YAClF,iFAAiF;YACjF,MAAM,IAAI,GAAG;gBACX,+BAA+B;gBAC/B,UAAU,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;gBAC3B,YAAY,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;gBAC1B,kCAAkC;gBAClC,EAAE;gBACF,qEAAqE;gBACrE,aAAa;gBACb,mFAAmF;gBACnF,4EAA4E;gBAC5E,iEAAiE;gBACjE,kEAAkE;aACnE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,6CAA6C;YAC7C,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBACxG,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,4JAA4J,EAAE,CAAC;iBAChM,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,uBAAuB,GAAG,EAAE,EAAE,CAAC;aAChE,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,oEAAoE,EACpE;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;QACnD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC;KAClE,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,kEAAkE;QAClE,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YACvB,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,qDAAqD,EAAE,CAAC;aACzF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,CAChC,iBAAiB,EACjB,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,EAC9C,KAAK,CACN,CAAC;YACF,uEAAuE;YACvE,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,IAAI,GAAG;gBACX,yBAAyB;gBACzB,UAAU,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;gBAC3B,YAAY,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;aAC3B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;aACtG,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,6JAA6J,EAC7J;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;QACvE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,6BAA6B,CAAC;QAC5E,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uBAAuB,CAAC;KAC5F,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,IAAI,CAAC;YACH,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;gBACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,gFAAgF,EAAE,CAAC,EAAE,CAAC;YAChJ,CAAC;YACD,mBAAmB;YACnB,iFAAiF;YACjF,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,IAAI,CAC/B,oBAAoB,EACpB,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,EAC9C,KAAK,CACN,CAAC;YAEF,yFAAyF;YACzF,IAAI,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;gBAClC,UAAU,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC;YACtD,CAAC;YAED,yDAAyD;YACzD,IAAI,OAAmD,CAAC;YACxD,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAC7B,WAAW,EACX,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,CAC1B,CAAC;YACJ,CAAC;YAAC,OAAO,MAAM,EAAE,CAAC;gBAChB,uEAAuE;gBACvE,MAAM,IAAI,GAAG;oBACX,8CAA8C;oBAC9C,EAAE;oBACF,UAAU;oBACV,YAAY,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE;oBAC5B,cAAc,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE;oBAC3B,EAAE;oBACF,8CAA8C;oBAC9C,mFAAmF;oBACnF,4DAA4D;oBAC5D,EAAE;oBACF,UAAU,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;iBACtE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACb,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YAC9D,CAAC;YAED,MAAM,IAAI,GAAG;gBACX,sCAAsC;gBACtC,EAAE;gBACF,UAAU;gBACV,YAAY,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE;gBAC5B,cAAc,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE;gBAC3B,oCAAoC;gBACpC,EAAE;gBACF,uCAAuC;gBACvC,UAAU,OAAO,CAAC,GAAG,EAAE;gBACvB,YAAY,OAAO,CAAC,KAAK,EAAE;gBAC3B,EAAE;gBACF,cAAc;gBACd,wFAAwF;gBACxF,EAAE;gBACF,2CAA2C;gBAC3C,2EAA2E;gBAC3E,8EAA8E;aAC/E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,6CAA6C;YAC7C,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBACxG,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,4JAA4J,EAAE,CAAC;iBAChM,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,GAAG,EAAE,EAAE,CAAC;aACzD,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,qEAAqE;IACrE,MAAM,mBAAmB,GAAG,CAAC,CAAC;IAC9B,MAAM,yBAAyB,GAAG,QAAQ,CAAC,CAAC,SAAS;IACrD,MAAM,wBAAwB,GAAa,EAAE,CAAC;IAC9C,SAAS,wBAAwB;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,OAAO,wBAAwB,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,GAAG,wBAAwB,CAAC,CAAC,CAAC,GAAG,yBAAyB,EAAE,CAAC;YAC5G,wBAAwB,CAAC,KAAK,EAAE,CAAC;QACnC,CAAC;QACD,IAAI,wBAAwB,CAAC,MAAM,GAAG,GAAG;YAAE,wBAAwB,CAAC,MAAM,GAAG,GAAG,CAAC;QACjF,IAAI,wBAAwB,CAAC,MAAM,IAAI,mBAAmB;YAAE,OAAO,KAAK,CAAC;QACzE,wBAAwB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,IAAI,CACT,6BAA6B,EAC7B,qLAAqL,EACrL;QACE,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,0BAA0B,CAAC;QACjF,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC;KACrF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,IAAI,CAAC,wBAAwB,EAAE,EAAE,CAAC;YAChC,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,+EAA+E,EAAE,CAAC;aACnH,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,IAAI,CAAC,2BAA2B,EAAE;gBACjD,eAAe,EAAE,IAAI,CAAC,gBAAgB;gBACtC,WAAW,EAAE,IAAI,CAAC,YAAY;aAC/B,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG;gBACX,gCAAgC;gBAChC,EAAE;gBACF,0EAA0E;gBAC1E,2DAA2D;aAC5D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;aAClH,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,6DAA6D;IAC7D,MAAM,gBAAgB,GAAG,EAAE,CAAC;IAC5B,MAAM,sBAAsB,GAAG,OAAO,CAAC,CAAC,aAAa;IACrD,MAAM,qBAAqB,GAAa,EAAE,CAAC;IAC3C,SAAS,qBAAqB;QAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,OAAO,qBAAqB,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,GAAG,qBAAqB,CAAC,CAAC,CAAC,GAAG,sBAAsB,EAAE,CAAC;YACnG,qBAAqB,CAAC,KAAK,EAAE,CAAC;QAChC,CAAC;QACD,IAAI,qBAAqB,CAAC,MAAM,GAAG,GAAG;YAAE,qBAAqB,CAAC,MAAM,GAAG,GAAG,CAAC;QAC3E,IAAI,qBAAqB,CAAC,MAAM,IAAI,gBAAgB;YAAE,OAAO,KAAK,CAAC;QACnE,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iCAAiC;IACjC,MAAM,UAAU,GAAG,CAAC,CAAC;IACrB,MAAM,gBAAgB,GAAG,OAAO,CAAC,CAAC,aAAa;IAC/C,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,SAAS,gBAAgB;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,OAAO,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,GAAG,gBAAgB,CAAC,CAAC,CAAC,GAAG,gBAAgB,EAAE,CAAC;YACnF,gBAAgB,CAAC,KAAK,EAAE,CAAC;QAC3B,CAAC;QACD,IAAI,gBAAgB,CAAC,MAAM,GAAG,GAAG;YAAE,gBAAgB,CAAC,MAAM,GAAG,GAAG,CAAC;QACjE,IAAI,gBAAgB,CAAC,MAAM,IAAI,UAAU;YAAE,OAAO,KAAK,CAAC;QACxD,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,IAAI,CACT,0BAA0B,EAC1B,iQAAiQ,EACjQ;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,qDAAqD,CAAC;KACnG,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,IAAI,CAAC,qBAAqB,EAAE,EAAE,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,kEAAkE,EAAE,CAAC,EAAE,CAAC;QAClI,CAAC;QACD,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC;YAC9E,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,kGAAkG,EAAE,CAAC;aACtI,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,wBAAwB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;aAC9G,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,iCAAiC,EACjC,qKAAqK,EACrK,EAAE,EACF,KAAK,IAAI,EAAE;QACT,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC;YACxB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,mEAAmE,EAAE,CAAC,EAAE,CAAC;QACnI,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,CAAsB,+BAA+B,EAAE,EAAE,CAAC,CAAC;YAC7F,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;aAChD,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;aAChG,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/src/tools/agent-wallet.d.ts

@@ -0,0 +1,5 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { HttpClient } from "../http-client.js";
+import type { McpConfig } from "../config.js";
+export declare function registerAgentWalletTools(server: McpServer, httpClient: HttpClient, config: McpConfig): void;
+//# sourceMappingURL=agent-wallet.d.ts.map

package/dist/src/tools/agent-wallet.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-wallet.d.ts","sourceRoot":"","sources":["../../../src/tools/agent-wallet.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAmB9C,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,GAAG,IAAI,CAmf3G"}