@guiie/buda-mcp 1.5.2 → 1.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/.github/workflows/publish.yml +17 -7
  2. package/CHANGELOG.md +52 -0
  3. package/PUBLISH_CHECKLIST.md +55 -42
  4. package/dist/client.d.ts.map +1 -1
  5. package/dist/client.js +6 -1
  6. package/dist/http.js +32 -17
  7. package/dist/tools/arbitrage.d.ts.map +1 -1
  8. package/dist/tools/arbitrage.js +11 -0
  9. package/dist/tools/batch_orders.d.ts +1 -1
  10. package/dist/tools/batch_orders.d.ts.map +1 -1
  11. package/dist/tools/batch_orders.js +2 -2
  12. package/dist/tools/cancel_all_orders.d.ts +1 -1
  13. package/dist/tools/cancel_all_orders.d.ts.map +1 -1
  14. package/dist/tools/cancel_all_orders.js +2 -2
  15. package/dist/tools/cancel_order.d.ts +1 -1
  16. package/dist/tools/cancel_order.d.ts.map +1 -1
  17. package/dist/tools/cancel_order.js +2 -2
  18. package/dist/tools/cancel_order_by_client_id.d.ts +1 -1
  19. package/dist/tools/cancel_order_by_client_id.d.ts.map +1 -1
  20. package/dist/tools/cancel_order_by_client_id.js +2 -2
  21. package/dist/tools/lightning.d.ts +1 -1
  22. package/dist/tools/lightning.d.ts.map +1 -1
  23. package/dist/tools/lightning.js +9 -3
  24. package/dist/tools/place_order.d.ts +1 -1
  25. package/dist/tools/place_order.d.ts.map +1 -1
  26. package/dist/tools/place_order.js +2 -2
  27. package/dist/tools/receive_addresses.d.ts +1 -1
  28. package/dist/tools/receive_addresses.d.ts.map +1 -1
  29. package/dist/tools/receive_addresses.js +2 -2
  30. package/dist/tools/remittances.d.ts +1 -1
  31. package/dist/tools/remittances.d.ts.map +1 -1
  32. package/dist/tools/remittances.js +3 -3
  33. package/dist/tools/withdrawals.d.ts +1 -1
  34. package/dist/tools/withdrawals.d.ts.map +1 -1
  35. package/dist/tools/withdrawals.js +7 -3
  36. package/dist/utils.d.ts +2 -0
  37. package/dist/utils.d.ts.map +1 -1
  38. package/dist/utils.js +10 -5
  39. package/package.json +2 -1
  40. package/server.json +2 -2
  41. package/src/client.ts +9 -1
  42. package/src/http.ts +33 -17
  43. package/src/tools/arbitrage.ts +12 -0
  44. package/src/tools/batch_orders.ts +6 -2
  45. package/src/tools/cancel_all_orders.ts +6 -2
  46. package/src/tools/cancel_order.ts +6 -2
  47. package/src/tools/cancel_order_by_client_id.ts +6 -2
  48. package/src/tools/lightning.ts +14 -4
  49. package/src/tools/place_order.ts +6 -2
  50. package/src/tools/receive_addresses.ts +6 -2
  51. package/src/tools/remittances.ts +7 -3
  52. package/src/tools/withdrawals.ts +11 -3
  53. package/src/utils.ts +10 -4
package/dist/tools/place_order.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"place_order.d.ts","sourceRoot":"","sources":["../../src/tools/place_order.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,UAAU,EAAgB,MAAM,cAAc,CAAC;AAKxD,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmEtB,CAAC;AAEF,KAAK,cAAc,GAAG;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,KAAK,GAAG,KAAK,CAAC;IACpB,UAAU,EAAE,OAAO,GAAG,QAAQ,CAAC;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,cAAc,EACpB,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAsLhF;AAED,wBAAgB,QAAQ,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,GAAG,IAAI,CA4DpE"}
1
+ {"version":3,"file":"place_order.d.ts","sourceRoot":"","sources":["../../src/tools/place_order.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,UAAU,EAAgB,MAAM,cAAc,CAAC;AAKxD,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmEtB,CAAC;AAEF,KAAK,cAAc,GAAG;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,KAAK,GAAG,KAAK,CAAC;IACpB,UAAU,EAAE,OAAO,GAAG,QAAQ,CAAC;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,cAAc,EACpB,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAsLhF;AAED,wBAAgB,QAAQ,CACtB,MAAM,EAAE,SAAS,EACjB,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,IAAI,CA4DN"}
package/dist/tools/place_order.js CHANGED
@@ -226,7 +226,7 @@ export async function handlePlaceOrder(args, client, transport = "stdio") {
226
226
  return result;
227
227
  }
228
228
  }
229
- export function register(server, client) {
229
+ export function register(server, client, transport = "stdio") {
230
230
  server.tool(toolSchema.name, toolSchema.description, {
231
231
  market_id: z
232
232
  .string()
@@ -276,6 +276,6 @@ export function register(server, client) {
276
276
  .string()
277
277
  .describe("Safety confirmation. Must equal exactly 'CONFIRM' (case-sensitive) to execute the order. " +
278
278
  "Any other value will reject the request without placing an order."),
279
- }, (args) => handlePlaceOrder(args, client));
279
+ }, (args) => handlePlaceOrder(args, client, transport));
280
280
  }
281
281
  //# sourceMappingURL=place_order.js.map
package/dist/tools/receive_addresses.d.ts CHANGED
@@ -79,5 +79,5 @@ export declare function handleCreateReceiveAddress(args: {
79
79
  }>;
80
80
  isError?: boolean;
81
81
  }>;
82
- export declare function register(server: McpServer, client: BudaClient): void;
82
+ export declare function register(server: McpServer, client: BudaClient, transport?: "http" | "stdio"): void;
83
83
  //# sourceMappingURL=receive_addresses.d.ts.map
package/dist/tools/receive_addresses.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"receive_addresses.d.ts","sourceRoot":"","sources":["../../src/tools/receive_addresses.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,UAAU,EAAgB,MAAM,cAAc,CAAC;AAKxD,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;CAwB1C,CAAC;AAEF,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;CAiB1C,CAAC;AAEF,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;CAoBvC,CAAC;AAYF,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,EAC1B,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAqChF;AAED,wBAAsB,uBAAuB,CAC3C,IAAI,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,EACtC,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CA4BhF;AAED,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,kBAAkB,EAAE,MAAM,CAAA;CAAE,EACtD,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CA8ChF;AAED,wBAAgB,QAAQ,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,GAAG,IAAI,CA+BpE"}
1
+ {"version":3,"file":"receive_addresses.d.ts","sourceRoot":"","sources":["../../src/tools/receive_addresses.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,UAAU,EAAgB,MAAM,cAAc,CAAC;AAKxD,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;CAwB1C,CAAC;AAEF,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;CAiB1C,CAAC;AAEF,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;CAoBvC,CAAC;AAYF,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,EAC1B,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAqChF;AAED,wBAAsB,uBAAuB,CAC3C,IAAI,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,EACtC,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CA4BhF;AAED,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,kBAAkB,EAAE,MAAM,CAAA;CAAE,EACtD,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CA8ChF;AAED,wBAAgB,QAAQ,CACtB,MAAM,EAAE,SAAS,EACjB,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,IAAI,CA+BN"}
package/dist/tools/receive_addresses.js CHANGED
@@ -167,7 +167,7 @@ export async function handleCreateReceiveAddress(args, client, transport = "stdi
167
167
  return result;
168
168
  }
169
169
  }
170
- export function register(server, client) {
170
+ export function register(server, client, transport = "stdio") {
171
171
  server.tool(listReceiveAddressesToolSchema.name, listReceiveAddressesToolSchema.description, {
172
172
  currency: z.string().min(2).max(10).describe("Currency code (e.g. 'BTC', 'ETH')."),
173
173
  }, (args) => handleListReceiveAddresses(args, client));
@@ -180,6 +180,6 @@ export function register(server, client) {
180
180
  confirmation_token: z
181
181
  .string()
182
182
  .describe("Safety confirmation. Must equal exactly 'CONFIRM' (case-sensitive) to generate a new address."),
183
- }, (args) => handleCreateReceiveAddress(args, client));
183
+ }, (args) => handleCreateReceiveAddress(args, client, transport));
184
184
  }
185
185
  //# sourceMappingURL=receive_addresses.js.map
package/dist/tools/remittances.d.ts CHANGED
@@ -116,5 +116,5 @@ export declare function handleAcceptRemittanceQuote(args: {
116
116
  }>;
117
117
  isError?: boolean;
118
118
  }>;
119
- export declare function register(server: McpServer, client: BudaClient): void;
119
+ export declare function register(server: McpServer, client: BudaClient, transport?: "http" | "stdio"): void;
120
120
  //# sourceMappingURL=remittances.d.ts.map
package/dist/tools/remittances.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"remittances.d.ts","sourceRoot":"","sources":["../../src/tools/remittances.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,UAAU,EAAgB,MAAM,cAAc,CAAC;AAMxD,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;CAoBrC,CAAC;AAEF,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;CAiCrC,CAAC;AAEF,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;CAuB3C,CAAC;AAEF,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;CAiBnC,CAAC;AAgBF,wBAAsB,qBAAqB,CACzC,IAAI,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,EACrC,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAoChF;AAED,wBAAsB,mBAAmB,CACvC,IAAI,EAAE;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAgBhF;AAED,wBAAsB,qBAAqB,CACzC,IAAI,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,kBAAkB,EAAE,MAAM,CAAA;CAAE,EAC5F,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAiDhF;AAED,wBAAsB,2BAA2B,CAC/C,IAAI,EAAE;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,kBAAkB,EAAE,MAAM,CAAA;CAAE,EAChD,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAoChF;AAED,wBAAgB,QAAQ,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,GAAG,IAAI,CA2CpE"}
1
+ {"version":3,"file":"remittances.d.ts","sourceRoot":"","sources":["../../src/tools/remittances.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,UAAU,EAAgB,MAAM,cAAc,CAAC;AAMxD,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;CAoBrC,CAAC;AAEF,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;CAiCrC,CAAC;AAEF,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;CAuB3C,CAAC;AAEF,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;CAiBnC,CAAC;AAgBF,wBAAsB,qBAAqB,CACzC,IAAI,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,EACrC,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAoChF;AAED,wBAAsB,mBAAmB,CACvC,IAAI,EAAE;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAgBhF;AAED,wBAAsB,qBAAqB,CACzC,IAAI,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,kBAAkB,EAAE,MAAM,CAAA;CAAE,EAC5F,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAiDhF;AAED,wBAAsB,2BAA2B,CAC/C,IAAI,EAAE;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,kBAAkB,EAAE,MAAM,CAAA;CAAE,EAChD,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAoChF;AAED,wBAAgB,QAAQ,CACtB,MAAM,EAAE,SAAS,EACjB,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,IAAI,CA2CN"}
package/dist/tools/remittances.js CHANGED
@@ -236,7 +236,7 @@ export async function handleAcceptRemittanceQuote(args, client, transport = "std
236
236
  return result;
237
237
  }
238
238
  }
239
- export function register(server, client) {
239
+ export function register(server, client, transport = "stdio") {
240
240
  server.tool(listRemittancesToolSchema.name, listRemittancesToolSchema.description, {
241
241
  per: z.number().int().min(1).max(300).optional().describe("Results per page (default: 20, max: 300)."),
242
242
  page: z.number().int().min(1).optional().describe("Page number (default: 1)."),
@@ -251,10 +251,10 @@ export function register(server, client) {
251
251
  confirmation_token: z
252
252
  .string()
253
253
  .describe("Safety confirmation. Must equal exactly 'CONFIRM' (case-sensitive) to create the quote."),
254
- }, (args) => handleQuoteRemittance(args, client));
254
+ }, (args) => handleQuoteRemittance(args, client, transport));
255
255
  server.tool(acceptRemittanceQuoteToolSchema.name, acceptRemittanceQuoteToolSchema.description, {
256
256
  id: z.number().int().positive().describe("The numeric ID of the remittance quote to accept."),
257
257
  confirmation_token: z.string().describe("Must be 'CONFIRM' to proceed. Any other value aborts."),
258
- }, (args) => handleAcceptRemittanceQuote(args, client));
258
+ }, (args) => handleAcceptRemittanceQuote(args, client, transport));
259
259
  }
260
260
  //# sourceMappingURL=remittances.js.map
package/dist/tools/withdrawals.d.ts CHANGED
@@ -88,6 +88,6 @@ export declare function handleCreateWithdrawal(args: CreateWithdrawalArgs, clien
88
88
  }>;
89
89
  isError?: boolean;
90
90
  }>;
91
- export declare function register(server: McpServer, client: BudaClient): void;
91
+ export declare function register(server: McpServer, client: BudaClient, transport?: "http" | "stdio"): void;
92
92
  export {};
93
93
  //# sourceMappingURL=withdrawals.d.ts.map
package/dist/tools/withdrawals.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"withdrawals.d.ts","sourceRoot":"","sources":["../../src/tools/withdrawals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,UAAU,EAAgB,MAAM,cAAc,CAAC;AAMxD,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;CA8B1C,CAAC;AAEF,KAAK,wBAAwB,GAAG;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,mBAAmB,GAAG,SAAS,GAAG,WAAW,GAAG,UAAU,GAAG,SAAS,CAAC;IAC/E,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAqBF,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,wBAAwB,EAC9B,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CA+ChF;AAED,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuBtC,CAAC;AAEF,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,oBAAoB,EAC1B,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAkGhF;AAED,wBAAgB,QAAQ,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,GAAG,IAAI,CA+BpE"}
1
+ {"version":3,"file":"withdrawals.d.ts","sourceRoot":"","sources":["../../src/tools/withdrawals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,UAAU,EAAgB,MAAM,cAAc,CAAC;AAMxD,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;CA8B1C,CAAC;AAEF,KAAK,wBAAwB,GAAG;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,mBAAmB,GAAG,SAAS,GAAG,WAAW,GAAG,UAAU,GAAG,SAAS,CAAC;IAC/E,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAqBF,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,wBAAwB,EAC9B,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CA+ChF;AAED,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuBtC,CAAC;AAEF,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,oBAAoB,EAC1B,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAkGhF;AAED,wBAAgB,QAAQ,CACtB,MAAM,EAAE,SAAS,EACjB,MAAM,EAAE,UAAU,EAClB,SAAS,GAAE,MAAM,GAAG,OAAiB,GACpC,IAAI,CAmCN"}
package/dist/tools/withdrawals.js CHANGED
@@ -201,7 +201,7 @@ export async function handleCreateWithdrawal(args, client, transport = "stdio")
201
201
  return result;
202
202
  }
203
203
  }
204
- export function register(server, client) {
204
+ export function register(server, client, transport = "stdio") {
205
205
  server.tool(getWithdrawalHistoryToolSchema.name, getWithdrawalHistoryToolSchema.description, {
206
206
  currency: z.string().min(2).max(10).describe("Currency code (e.g. 'BTC', 'CLP')."),
207
207
  state: z
@@ -215,11 +215,15 @@ export function register(server, client) {
215
215
  currency: z.string().min(2).max(10).describe("Currency code (e.g. 'BTC', 'CLP')."),
216
216
  amount: z.number().positive().describe("Withdrawal amount."),
217
217
  address: z.string().optional().describe("Destination crypto address. Mutually exclusive with bank_account_id."),
218
- network: z.string().optional().describe("Blockchain network for crypto withdrawals (e.g. 'bitcoin', 'ethereum')."),
218
+ network: z
219
+ .string()
220
+ .regex(/^[a-z][a-z0-9-]{1,29}$/, "Must be a lowercase alphanumeric network identifier (e.g. 'bitcoin', 'ethereum').")
221
+ .optional()
222
+ .describe("Blockchain network for crypto withdrawals (e.g. 'bitcoin', 'ethereum')."),
219
223
  bank_account_id: z.number().int().positive().optional().describe("Fiat bank account ID. Mutually exclusive with address."),
220
224
  confirmation_token: z
221
225
  .string()
222
226
  .describe("Safety confirmation. Must equal exactly 'CONFIRM' (case-sensitive) to execute."),
223
- }, (args) => handleCreateWithdrawal(args, client));
227
+ }, (args) => handleCreateWithdrawal(args, client, transport));
224
228
  }
225
229
  //# sourceMappingURL=withdrawals.js.map
package/dist/utils.d.ts CHANGED
@@ -1,6 +1,8 @@
1
1
  import type { Amount, OhlcvCandle } from "./types.js";
2
2
  /**
3
3
  * Constant-time string comparison to prevent timing attacks on bearer tokens.
4
+ * Both strings are written into equal-length buffers before comparing so that
5
+ * neither token length nor content can be inferred from execution time.
4
6
  */
5
7
  export declare function safeTokenEqual(a: string, b: string): boolean;
6
8
  /**
package/dist/utils.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEtD;;GAEG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAK5D;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CACzB,GAAG,EAAE,MAAM,GAAG,SAAS,EACvB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM,GACX,MAAM,CASR;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAIjF;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAI/E;AAWD;;;;GAIG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,EAC3C,MAAM,EAAE,MAAM,GACb,WAAW,EAAE,CAoCf"}
1
+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEtD;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAS5D;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CACzB,GAAG,EAAE,MAAM,GAAG,SAAS,EACvB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM,GACX,MAAM,CASR;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAIjF;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAI/E;AAWD;;;;GAIG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,EAC3C,MAAM,EAAE,MAAM,GACb,WAAW,EAAE,CAoCf"}
package/dist/utils.js CHANGED
@@ -1,13 +1,18 @@
1
1
  import { timingSafeEqual } from "crypto";
2
2
  /**
3
3
  * Constant-time string comparison to prevent timing attacks on bearer tokens.
4
+ * Both strings are written into equal-length buffers before comparing so that
5
+ * neither token length nor content can be inferred from execution time.
4
6
  */
5
7
  export function safeTokenEqual(a, b) {
6
- const aBuf = Buffer.from(a);
7
- const bBuf = Buffer.from(b);
8
- if (aBuf.length !== bBuf.length)
9
- return false;
10
- return timingSafeEqual(aBuf, bBuf);
8
+ const aByteLen = Buffer.byteLength(a);
9
+ const bByteLen = Buffer.byteLength(b);
10
+ const maxLen = Math.max(aByteLen, bByteLen);
11
+ const aBuf = Buffer.alloc(maxLen);
12
+ const bBuf = Buffer.alloc(maxLen);
13
+ aBuf.write(a);
14
+ bBuf.write(b);
15
+ return timingSafeEqual(aBuf, bBuf) && aByteLen === bByteLen;
11
16
  }
12
17
  /**
13
18
  * Parses a raw string (from an environment variable) as an integer within [min, max].
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@guiie/buda-mcp",
3
- "version": "1.5.2",
3
+ "version": "1.5.4",
4
4
  "mcpName": "io.github.gtorreal/buda-mcp",
5
5
  "description": "MCP server for Buda.com's public cryptocurrency exchange API (Chile, Colombia, Peru)",
6
6
  "type": "module",
@@ -50,6 +50,7 @@
50
50
  "@modelcontextprotocol/sdk": "^1.29.0",
51
51
  "express": "^5.2.1",
52
52
  "express-rate-limit": "^8.3.2",
53
+ "helmet": "^8.1.0",
53
54
  "zod": "^4.3.6"
54
55
  },
55
56
  "devDependencies": {
package/server.json CHANGED
@@ -6,12 +6,12 @@
6
6
  "url": "https://github.com/gtorreal/buda-mcp",
7
7
  "source": "github"
8
8
  },
9
- "version": "1.5.2",
9
+ "version": "1.5.4",
10
10
  "packages": [
11
11
  {
12
12
  "registryType": "npm",
13
13
  "identifier": "@guiie/buda-mcp",
14
- "version": "1.5.2",
14
+ "version": "1.5.4",
15
15
  "transport": {
16
16
  "type": "stdio"
17
17
  }
package/src/client.ts CHANGED
@@ -113,7 +113,15 @@ export class BudaClient {
113
113
  } catch {
114
114
  // ignore parse error, use statusText
115
115
  }
116
- throw new BudaApiError(response.status, path, `Buda API ${response.status}: ${detail}`);
116
+ // Log full upstream detail server-side only — never forward to MCP caller
117
+ process.stderr.write(
118
+ JSON.stringify({ buda_api_error: true, status: response.status, path, detail }) + "\n",
119
+ );
120
+ const clientMsg =
121
+ response.status === 429
122
+ ? `Rate limit exceeded on ${path}. Retry later.`
123
+ : `Buda API error ${response.status} on ${path}.`;
124
+ throw new BudaApiError(response.status, path, clientMsg);
117
125
  }
118
126
  return response.json() as Promise<T>;
119
127
  }
package/src/http.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import express from "express";
2
+ import helmet from "helmet";
2
3
  import rateLimit from "express-rate-limit";
3
4
  import { McpServer, ResourceTemplate } from "@modelcontextprotocol/sdk/server/mcp.js";
4
5
  import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
@@ -140,22 +141,22 @@ function createServer(): McpServer {
140
141
  if (authEnabled) {
141
142
  balances.register(server, client);
142
143
  orders.register(server, client);
143
- placeOrder.register(server, client);
144
- cancelOrder.register(server, client);
144
+ placeOrder.register(server, client, "http");
145
+ cancelOrder.register(server, client, "http");
145
146
  deadMansSwitch.register(server, client, "http");
146
147
  account.register(server, client);
147
148
  balance.register(server, client);
148
149
  orderLookup.register(server, client);
149
150
  networkFees.register(server, client);
150
151
  deposits.register(server, client);
151
- withdrawals.register(server, client);
152
- receiveAddresses.register(server, client);
153
- remittances.register(server, client);
152
+ withdrawals.register(server, client, "http");
153
+ receiveAddresses.register(server, client, "http");
154
+ remittances.register(server, client, "http");
154
155
  remittanceRecipients.register(server, client);
155
- cancelAllOrders.register(server, client);
156
- cancelOrderByClientId.register(server, client);
157
- batchOrders.register(server, client);
158
- lightning.register(server, client);
156
+ cancelAllOrders.register(server, client, "http");
157
+ cancelOrderByClientId.register(server, client, "http");
158
+ batchOrders.register(server, client, "http");
159
+ lightning.register(server, client, "http");
159
160
  }
160
161
 
161
162
  // MCP Resources
@@ -231,10 +232,15 @@ function createServer(): McpServer {
231
232
  }
232
233
 
233
234
  const app = express();
234
- // Required for correct client IP detection behind Railway's reverse proxy.
235
- // Without this, express-rate-limit sees the proxy IP instead of the real client.
235
+ app.use(helmet());
236
+ // CORS: intentionally not configured. This server is designed for server-to-server MCP
237
+ // communication only (AI agents, Claude Desktop, etc.) — not for browser clients.
238
+ // Helmet already sets X-Content-Type-Options, X-Frame-Options, and related headers.
239
+ // trust proxy: 1 = trust exactly one hop (Railway's reverse proxy).
240
+ // If Cloudflare or another proxy is added in front, increment this value.
241
+ // Affects: req.ip and express-rate-limit client IP detection.
236
242
  app.set("trust proxy", 1);
237
- app.use(express.json());
243
+ app.use(express.json({ limit: "10kb" }));
238
244
 
239
245
  const MCP_AUTH_TOKEN = process.env.MCP_AUTH_TOKEN;
240
246
 
@@ -269,6 +275,14 @@ const mcpRateLimiter = rateLimit({
269
275
  message: { error: "Too many requests. Retry after 60 seconds.", code: "RATE_LIMITED" },
270
276
  });
271
277
 
278
+ const staticRateLimiter = rateLimit({
279
+ windowMs: 60_000,
280
+ max: 60,
281
+ standardHeaders: true,
282
+ legacyHeaders: false,
283
+ message: { error: "Too many requests.", code: "RATE_LIMITED" },
284
+ });
285
+
272
286
  function mcpAuthMiddleware(
273
287
  req: express.Request,
274
288
  res: express.Response,
@@ -286,19 +300,21 @@ function mcpAuthMiddleware(
286
300
  next();
287
301
  }
288
302
 
289
- // Health check for Railway / uptime monitors
290
- app.get("/health", (_req, res) => {
303
+ // Health check for Railway / uptime monitors.
304
+ // version is intentionally omitted to avoid fingerprinting by unauthenticated callers.
305
+ app.get("/health", staticRateLimiter, (_req, res) => {
291
306
  res.json({
292
307
  status: "ok",
293
308
  server: "buda-mcp",
294
- version: VERSION,
295
309
  auth_mode: authEnabled ? "authenticated" : "public",
296
310
  });
297
311
  });
298
312
 
299
313
  // Smithery static server card — assembled programmatically from tool definitions.
300
314
  // Adding a new tool only requires exporting its toolSchema; this handler needs no changes.
301
- app.get("/.well-known/mcp/server-card.json", (_req, res) => {
315
+ // When auth is enabled, the server card is gated behind the same bearer token as /mcp
316
+ // to avoid leaking the full tool schema to unauthenticated callers.
317
+ app.get("/.well-known/mcp/server-card.json", staticRateLimiter, mcpAuthMiddleware, (_req, res) => {
302
318
  res.json({
303
319
  serverInfo: { name: "buda-mcp", version: VERSION },
304
320
  authentication: { required: authEnabled },
@@ -342,7 +358,7 @@ app.get("/mcp", mcpRateLimiter, mcpAuthMiddleware, async (req, res) => {
342
358
  await transport.handleRequest(req, res);
343
359
  });
344
360
 
345
- app.delete("/mcp", async (_req, res) => {
361
+ app.delete("/mcp", mcpRateLimiter, mcpAuthMiddleware, async (_req, res) => {
346
362
  res.status(405).json({ error: "Sessions not supported (stateless server)" });
347
363
  });
348
364
 
package/src/tools/arbitrage.ts CHANGED
@@ -2,6 +2,7 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
2
2
  import { z } from "zod";
3
3
  import { BudaClient, BudaApiError } from "../client.js";
4
4
  import { MemoryCache, CACHE_TTL } from "../cache.js";
5
+ import { validateCurrency } from "../validation.js";
5
6
  import type { AllTickersResponse, Ticker } from "../types.js";
6
7
 
7
8
  export const toolSchema = {
@@ -51,6 +52,14 @@ export async function handleArbitrageOpportunities(
51
52
  client: BudaClient,
52
53
  cache: MemoryCache,
53
54
  ): Promise<{ content: Array<{ type: "text"; text: string }>; isError?: boolean }> {
55
+ const currencyError = validateCurrency(base_currency);
56
+ if (currencyError) {
57
+ return {
58
+ content: [{ type: "text", text: JSON.stringify({ error: currencyError, code: "INVALID_CURRENCY" }) }],
59
+ isError: true,
60
+ };
61
+ }
62
+
54
63
  try {
55
64
  const base = base_currency.toUpperCase();
56
65
  const data = await cache.getOrFetch<AllTickersResponse>(
@@ -187,6 +196,9 @@ export function register(server: McpServer, client: BudaClient, cache: MemoryCac
187
196
  {
188
197
  base_currency: z
189
198
  .string()
199
+ .min(2)
200
+ .max(10)
201
+ .regex(/^[A-Z0-9]+$/i, "Must be 2–10 alphanumeric characters (e.g. 'BTC', 'ETH').")
190
202
  .describe("Base asset to scan (e.g. 'BTC', 'ETH', 'XRP')."),
191
203
  threshold_pct: z
192
204
  .number()
package/src/tools/batch_orders.ts CHANGED
@@ -219,7 +219,11 @@ export async function handlePlaceBatchOrders(
219
219
  };
220
220
  }
221
221
 
222
- export function register(server: McpServer, client: BudaClient): void {
222
+ export function register(
223
+ server: McpServer,
224
+ client: BudaClient,
225
+ transport: "http" | "stdio" = "stdio",
226
+ ): void {
223
227
  server.tool(
224
228
  toolSchema.name,
225
229
  toolSchema.description,
@@ -244,6 +248,6 @@ export function register(server: McpServer, client: BudaClient): void {
244
248
  "Safety confirmation. Must equal exactly 'CONFIRM' (case-sensitive) to execute.",
245
249
  ),
246
250
  },
247
- (args) => handlePlaceBatchOrders(args, client),
251
+ (args) => handlePlaceBatchOrders(args, client, transport),
248
252
  );
249
253
  }
package/src/tools/cancel_all_orders.ts CHANGED
@@ -94,7 +94,11 @@ export async function handleCancelAllOrders(
94
94
  }
95
95
  }
96
96
 
97
- export function register(server: McpServer, client: BudaClient): void {
97
+ export function register(
98
+ server: McpServer,
99
+ client: BudaClient,
100
+ transport: "http" | "stdio" = "stdio",
101
+ ): void {
98
102
  server.tool(
99
103
  toolSchema.name,
100
104
  toolSchema.description,
@@ -110,6 +114,6 @@ export function register(server: McpServer, client: BudaClient): void {
110
114
  "Any other value will reject the request without canceling.",
111
115
  ),
112
116
  },
113
- (args) => handleCancelAllOrders(args, client),
117
+ (args) => handleCancelAllOrders(args, client, transport),
114
118
  );
115
119
  }
package/src/tools/cancel_order.ts CHANGED
@@ -78,7 +78,11 @@ export async function handleCancelOrder(
78
78
  }
79
79
  }
80
80
 
81
- export function register(server: McpServer, client: BudaClient): void {
81
+ export function register(
82
+ server: McpServer,
83
+ client: BudaClient,
84
+ transport: "http" | "stdio" = "stdio",
85
+ ): void {
82
86
  server.tool(
83
87
  toolSchema.name,
84
88
  toolSchema.description,
@@ -95,6 +99,6 @@ export function register(server: McpServer, client: BudaClient): void {
95
99
  "Any other value will reject the request without canceling.",
96
100
  ),
97
101
  },
98
- (args) => handleCancelOrder(args, client),
102
+ (args) => handleCancelOrder(args, client, transport),
99
103
  );
100
104
  }
package/src/tools/cancel_order_by_client_id.ts CHANGED
@@ -112,7 +112,11 @@ export async function handleCancelOrderByClientId(
112
112
  }
113
113
  }
114
114
 
115
- export function register(server: McpServer, client: BudaClient): void {
115
+ export function register(
116
+ server: McpServer,
117
+ client: BudaClient,
118
+ transport: "http" | "stdio" = "stdio",
119
+ ): void {
116
120
  server.tool(
117
121
  toolSchema.name,
118
122
  toolSchema.description,
@@ -128,6 +132,6 @@ export function register(server: McpServer, client: BudaClient): void {
128
132
  "Any other value will reject the request without canceling.",
129
133
  ),
130
134
  },
131
- (args) => handleCancelOrderByClientId(args, client),
135
+ (args) => handleCancelOrderByClientId(args, client, transport),
132
136
  );
133
137
  }
package/src/tools/lightning.ts CHANGED
@@ -140,7 +140,13 @@ export async function handleLightningWithdrawal(
140
140
  },
141
141
  ],
142
142
  };
143
- logAudit({ ts: new Date().toISOString(), tool: "lightning_withdrawal", transport, args_summary: {}, success: true });
143
+ logAudit({
144
+ ts: new Date().toISOString(),
145
+ tool: "lightning_withdrawal",
146
+ transport,
147
+ args_summary: { amount_btc: amount.value },
148
+ success: true,
149
+ });
144
150
  return result;
145
151
  } catch (err) {
146
152
  const msg =
@@ -148,7 +154,7 @@ export async function handleLightningWithdrawal(
148
154
  ? { error: err.message, code: err.status }
149
155
  : { error: String(err), code: "UNKNOWN" };
150
156
  const result = { content: [{ type: "text" as const, text: JSON.stringify(msg) }], isError: true as const };
151
- logAudit({ ts: new Date().toISOString(), tool: "lightning_withdrawal", transport, args_summary: {}, success: false, error_code: msg.code });
157
+ logAudit({ ts: new Date().toISOString(), tool: "lightning_withdrawal", transport, args_summary: {}, success: false, error_code: msg.code as string | number });
152
158
  return result;
153
159
  }
154
160
  }
@@ -204,7 +210,11 @@ export async function handleCreateLightningInvoice(
204
210
  }
205
211
  }
206
212
 
207
- export function register(server: McpServer, client: BudaClient): void {
213
+ export function register(
214
+ server: McpServer,
215
+ client: BudaClient,
216
+ transport: "http" | "stdio" = "stdio",
217
+ ): void {
208
218
  server.tool(
209
219
  lightningWithdrawalToolSchema.name,
210
220
  lightningWithdrawalToolSchema.description,
@@ -220,7 +230,7 @@ export function register(server: McpServer, client: BudaClient): void {
220
230
  "Any other value will reject the request without paying.",
221
231
  ),
222
232
  },
223
- (args) => handleLightningWithdrawal(args, client),
233
+ (args) => handleLightningWithdrawal(args, client, transport),
224
234
  );
225
235
 
226
236
  server.tool(
package/src/tools/place_order.ts CHANGED
@@ -277,7 +277,11 @@ export async function handlePlaceOrder(
277
277
  }
278
278
  }
279
279
 
280
- export function register(server: McpServer, client: BudaClient): void {
280
+ export function register(
281
+ server: McpServer,
282
+ client: BudaClient,
283
+ transport: "http" | "stdio" = "stdio",
284
+ ): void {
281
285
  server.tool(
282
286
  toolSchema.name,
283
287
  toolSchema.description,
@@ -335,6 +339,6 @@ export function register(server: McpServer, client: BudaClient): void {
335
339
  "Any other value will reject the request without placing an order.",
336
340
  ),
337
341
  },
338
- (args) => handlePlaceOrder(args, client),
342
+ (args) => handlePlaceOrder(args, client, transport),
339
343
  );
340
344
  }
package/src/tools/receive_addresses.ts CHANGED
@@ -209,7 +209,11 @@ export async function handleCreateReceiveAddress(
209
209
  }
210
210
  }
211
211
 
212
- export function register(server: McpServer, client: BudaClient): void {
212
+ export function register(
213
+ server: McpServer,
214
+ client: BudaClient,
215
+ transport: "http" | "stdio" = "stdio",
216
+ ): void {
213
217
  server.tool(
214
218
  listReceiveAddressesToolSchema.name,
215
219
  listReceiveAddressesToolSchema.description,
@@ -238,6 +242,6 @@ export function register(server: McpServer, client: BudaClient): void {
238
242
  .string()
239
243
  .describe("Safety confirmation. Must equal exactly 'CONFIRM' (case-sensitive) to generate a new address."),
240
244
  },
241
- (args) => handleCreateReceiveAddress(args, client),
245
+ (args) => handleCreateReceiveAddress(args, client, transport),
242
246
  );
243
247
  }
package/src/tools/remittances.ts CHANGED
@@ -280,7 +280,11 @@ export async function handleAcceptRemittanceQuote(
280
280
  }
281
281
  }
282
282
 
283
- export function register(server: McpServer, client: BudaClient): void {
283
+ export function register(
284
+ server: McpServer,
285
+ client: BudaClient,
286
+ transport: "http" | "stdio" = "stdio",
287
+ ): void {
284
288
  server.tool(
285
289
  listRemittancesToolSchema.name,
286
290
  listRemittancesToolSchema.description,
@@ -311,7 +315,7 @@ export function register(server: McpServer, client: BudaClient): void {
311
315
  .string()
312
316
  .describe("Safety confirmation. Must equal exactly 'CONFIRM' (case-sensitive) to create the quote."),
313
317
  },
314
- (args) => handleQuoteRemittance(args, client),
318
+ (args) => handleQuoteRemittance(args, client, transport),
315
319
  );
316
320
 
317
321
  server.tool(
@@ -321,6 +325,6 @@ export function register(server: McpServer, client: BudaClient): void {
321
325
  id: z.number().int().positive().describe("The numeric ID of the remittance quote to accept."),
322
326
  confirmation_token: z.string().describe("Must be 'CONFIRM' to proceed. Any other value aborts."),
323
327
  },
324
- (args) => handleAcceptRemittanceQuote(args, client),
328
+ (args) => handleAcceptRemittanceQuote(args, client, transport),
325
329
  );
326
330
  }
package/src/tools/withdrawals.ts CHANGED
@@ -254,7 +254,11 @@ export async function handleCreateWithdrawal(
254
254
  }
255
255
  }
256
256
 
257
- export function register(server: McpServer, client: BudaClient): void {
257
+ export function register(
258
+ server: McpServer,
259
+ client: BudaClient,
260
+ transport: "http" | "stdio" = "stdio",
261
+ ): void {
258
262
  server.tool(
259
263
  getWithdrawalHistoryToolSchema.name,
260
264
  getWithdrawalHistoryToolSchema.description,
@@ -277,12 +281,16 @@ export function register(server: McpServer, client: BudaClient): void {
277
281
  currency: z.string().min(2).max(10).describe("Currency code (e.g. 'BTC', 'CLP')."),
278
282
  amount: z.number().positive().describe("Withdrawal amount."),
279
283
  address: z.string().optional().describe("Destination crypto address. Mutually exclusive with bank_account_id."),
280
- network: z.string().optional().describe("Blockchain network for crypto withdrawals (e.g. 'bitcoin', 'ethereum')."),
284
+ network: z
285
+ .string()
286
+ .regex(/^[a-z][a-z0-9-]{1,29}$/, "Must be a lowercase alphanumeric network identifier (e.g. 'bitcoin', 'ethereum').")
287
+ .optional()
288
+ .describe("Blockchain network for crypto withdrawals (e.g. 'bitcoin', 'ethereum')."),
281
289
  bank_account_id: z.number().int().positive().optional().describe("Fiat bank account ID. Mutually exclusive with address."),
282
290
  confirmation_token: z
283
291
  .string()
284
292
  .describe("Safety confirmation. Must equal exactly 'CONFIRM' (case-sensitive) to execute."),
285
293
  },
286
- (args) => handleCreateWithdrawal(args, client),
294
+ (args) => handleCreateWithdrawal(args, client, transport),
287
295
  );
288
296
  }