@keeperhub/wallet 0.1.11 → 0.1.12

package/dist/mcp-server.js

@@ -0,0 +1,1184 @@
+// src/mcp-server.ts
+import { readFileSync } from "fs";
+import { dirname as dirname3, join as join3 } from "path";
+import { fileURLToPath } from "url";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+
+// src/balance.ts
+import {
+  createPublicClient,
+  erc20Abi,
+  formatUnits,
+  http
+} from "viem";
+
+// src/chains.ts
+import { defineChain } from "viem";
+import { base } from "viem/chains";
+var tempo = defineChain({
+  id: 4217,
+  name: "Tempo",
+  nativeCurrency: { decimals: 18, name: "Ether", symbol: "ETH" },
+  rpcUrls: {
+    default: {
+      http: [process.env.TEMPO_RPC_URL ?? "https://rpc.tempo.xyz"]
+    }
+  },
+  blockExplorers: {
+    default: { name: "Tempo Explorer", url: "https://explorer.tempo.xyz" }
+  }
+});
+var BASE_USDC = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
+var TEMPO_USDC_E = "0x20c000000000000000000000b9537d11c60e8b50";
+
+// src/balance.ts
+var USDC_DECIMALS = 6;
+async function checkBalance(wallet, opts = {}) {
+  const baseClient = opts.baseClient ?? createPublicClient({
+    chain: base,
+    transport: http()
+  });
+  const tempoClient = opts.tempoClient ?? createPublicClient({
+    chain: tempo,
+    transport: http()
+  });
+  const [baseRaw, tempoRaw] = await Promise.all([
+    baseClient.readContract({
+      address: BASE_USDC,
+      abi: erc20Abi,
+      functionName: "balanceOf",
+      args: [wallet.walletAddress]
+    }),
+    tempoClient.readContract({
+      address: TEMPO_USDC_E,
+      abi: erc20Abi,
+      functionName: "balanceOf",
+      args: [wallet.walletAddress]
+    })
+  ]);
+  return {
+    base: {
+      chain: "base",
+      token: "USDC",
+      amount: formatUnits(baseRaw, USDC_DECIMALS),
+      address: wallet.walletAddress
+    },
+    tempo: {
+      chain: "tempo",
+      token: "USDC.e",
+      amount: formatUnits(tempoRaw, USDC_DECIMALS),
+      address: wallet.walletAddress
+    }
+  };
+}
+
+// src/fund.ts
+var EVM_ADDRESS_RE = /^0x[0-9a-fA-F]{40}$/;
+var COINBASE_HOST = "pay.coinbase.com";
+var COINBASE_PATH = "/buy/select-asset";
+function fund(walletAddress) {
+  if (!EVM_ADDRESS_RE.test(walletAddress)) {
+    throw new Error(`Invalid EVM wallet address: ${walletAddress}`);
+  }
+  const params = new URLSearchParams({
+    defaultNetwork: "base",
+    defaultAsset: "USDC",
+    addresses: JSON.stringify({ [walletAddress]: ["base"] }),
+    presetCryptoAmount: "5"
+  });
+  const coinbaseOnrampUrl = `https://${COINBASE_HOST}${COINBASE_PATH}?${params.toString()}`;
+  const disclaimer = "If the Coinbase page does not pre-fill, paste your address manually. For Tempo USDC.e, transfer from an exchange or another wallet to the address above -- Onramp does not support Tempo directly. Coinbase sessionToken URLs are the 2025+ canonical form; legacy query-param URLs may drop prefill on some accounts.";
+  return {
+    coinbaseOnrampUrl,
+    tempoAddress: walletAddress,
+    disclaimer
+  };
+}
+
+// src/mpp-detect.ts
+var MPP_PREFIX = "Payment ";
+function parseMppChallenge(response) {
+  const header = response.headers.get("WWW-Authenticate");
+  if (!header) {
+    return null;
+  }
+  if (!header.startsWith(MPP_PREFIX)) {
+    return null;
+  }
+  const serialized = header.slice(MPP_PREFIX.length).trim();
+  if (serialized.length === 0) {
+    return null;
+  }
+  return { serialized };
+}
+
+// src/payment-signer.ts
+import { randomBytes as randomBytes2 } from "crypto";
+
+// src/hmac.ts
+import { createHash, createHmac } from "crypto";
+function computeSignature(secret, method, path, subOrgId, body, timestamp) {
+  const bodyDigest = createHash("sha256").update(body).digest("hex");
+  const signingString = `${method}
+${path}
+${subOrgId}
+${bodyDigest}
+${timestamp}`;
+  return createHmac("sha256", secret).update(signingString).digest("hex");
+}
+function buildHmacHeaders(secret, method, path, subOrgId, body) {
+  const timestamp = String(Math.floor(Date.now() / 1e3));
+  const signature = computeSignature(
+    secret,
+    method,
+    path,
+    subOrgId,
+    body,
+    timestamp
+  );
+  return {
+    "X-KH-Sub-Org": subOrgId,
+    "X-KH-Timestamp": timestamp,
+    "X-KH-Signature": signature
+  };
+}
+
+// src/types.ts
+var KeeperHubError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "KeeperHubError";
+    this.code = code;
+  }
+};
+var WalletConfigMissingError = class extends Error {
+  constructor() {
+    super(
+      "Wallet config not found at ~/.keeperhub/wallet.json. Run `npx @keeperhub/wallet add` to provision."
+    );
+    this.name = "WalletConfigMissingError";
+  }
+};
+var WalletConfigCorruptError = class extends Error {
+  path;
+  constructor(path, reason) {
+    super(
+      `Wallet config at ${path} is unreadable: ${reason}. Repair the file by hand or delete it to re-provision a new wallet (this will abandon any funds held in the current wallet).`
+    );
+    this.name = "WalletConfigCorruptError";
+    this.path = path;
+  }
+};
+
+// src/client.ts
+var TRAILING_SLASH = /\/$/;
+function defaultCodeForStatus(status) {
+  if (status === 401) {
+    return "HMAC_INVALID";
+  }
+  if (status === 403) {
+    return "POLICY_BLOCKED";
+  }
+  if (status === 404) {
+    return "NOT_FOUND";
+  }
+  if (status === 502) {
+    return "TURNKEY_UPSTREAM";
+  }
+  return `HTTP_${status}`;
+}
+var KeeperHubClient = class {
+  baseUrl;
+  fetchImpl;
+  wallet;
+  constructor(wallet, opts = {}) {
+    this.wallet = wallet;
+    const envBase = process.env.KEEPERHUB_API_URL;
+    this.baseUrl = (opts.baseUrl ?? envBase ?? "https://app.keeperhub.com").replace(TRAILING_SLASH, "");
+    this.fetchImpl = opts.fetch ?? globalThis.fetch;
+  }
+  /**
+   * HMAC-signed POST/GET to any /api/agentic-wallet/* route except
+   * /provision. Path MUST start with a leading slash. Body is
+   * JSON.stringify'd (or the empty string for GET).
+   *
+   * Error mapping: non-2xx/non-202 surface as `KeeperHubError(code,
+   * message)` where `code` is the server-supplied field or the default
+   * taxonomy (`HMAC_INVALID`, `POLICY_BLOCKED`, `NOT_FOUND`,
+   * `TURNKEY_UPSTREAM`, `HTTP_<status>`). 202 ask-tier surfaces as an
+   * AskTierResponse envelope.
+   */
+  async request(method, path, body) {
+    const bodyStr = body === void 0 ? "" : JSON.stringify(body);
+    const hmacHeaders = buildHmacHeaders(
+      this.wallet.hmacSecret,
+      method,
+      path,
+      this.wallet.subOrgId,
+      bodyStr
+    );
+    const headers = method === "POST" ? { ...hmacHeaders, "content-type": "application/json" } : { ...hmacHeaders };
+    const response = await this.fetchImpl(`${this.baseUrl}${path}`, {
+      method,
+      headers,
+      body: method === "POST" ? bodyStr : void 0
+    });
+    if (response.status === 202) {
+      const data = await response.json();
+      return { _status: 202, approvalRequestId: data.approvalRequestId };
+    }
+    if (!response.ok) {
+      let code = "UNKNOWN";
+      let message = `HTTP ${response.status}`;
+      try {
+        const data = await response.json();
+        code = data.code ?? defaultCodeForStatus(response.status);
+        message = data.error ?? message;
+      } catch {
+      }
+      throw new KeeperHubError(code, message);
+    }
+    return await response.json();
+  }
+};
+
+// src/storage.ts
+import { randomBytes } from "crypto";
+import { chmod, mkdir, readFile, rename, writeFile } from "fs/promises";
+import { homedir } from "os";
+import { dirname, join } from "path";
+async function readWalletConfig() {
+  const walletPath = join(homedir(), ".keeperhub", "wallet.json");
+  let raw;
+  try {
+    raw = await readFile(walletPath, "utf-8");
+  } catch (err) {
+    if (err.code === "ENOENT") {
+      throw new WalletConfigMissingError();
+    }
+    throw err;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (err) {
+    const reason = err instanceof Error ? err.message : String(err);
+    throw new WalletConfigCorruptError(walletPath, reason);
+  }
+  if (!(parsed.subOrgId && parsed.walletAddress && parsed.hmacSecret)) {
+    throw new WalletConfigCorruptError(walletPath, "missing required fields");
+  }
+  return parsed;
+}
+async function writeWalletConfig(config) {
+  const walletPath = join(homedir(), ".keeperhub", "wallet.json");
+  await mkdir(dirname(walletPath), { recursive: true, mode: 448 });
+  const suffix = randomBytes(8).toString("hex");
+  const tmpPath = `${walletPath}.${process.pid}.${suffix}.tmp`;
+  await writeFile(tmpPath, JSON.stringify(config, null, 2), { mode: 384 });
+  await chmod(tmpPath, 384);
+  await rename(tmpPath, walletPath);
+}
+
+// src/workflow-slug.ts
+var KEEPERHUB_WORKFLOW_RE = /\/api\/mcp\/workflows\/([a-zA-Z0-9_-]+)\/call(?:\/?)(?:\?|$|#)/;
+function extractKeeperHubWorkflowSlug(url) {
+  if (!url || url.length === 0) {
+    return { ok: false, reason: "EMPTY_URL" };
+  }
+  const match = KEEPERHUB_WORKFLOW_RE.exec(url);
+  if (!match || !match[1]) {
+    return { ok: false, reason: "URL_PATTERN_MISMATCH" };
+  }
+  return { ok: true, slug: match[1] };
+}
+
+// src/x402-detect.ts
+function isX402Shape(value) {
+  if (typeof value !== "object" || value === null) {
+    return false;
+  }
+  const v = value;
+  if (v.x402Version !== 2) {
+    return false;
+  }
+  if (!Array.isArray(v.accepts) || v.accepts.length === 0) {
+    return false;
+  }
+  const first = v.accepts[0];
+  if (first.scheme !== "exact") {
+    return false;
+  }
+  return true;
+}
+async function parseX402Challenge(response) {
+  const headerB64 = response.headers.get("PAYMENT-REQUIRED");
+  if (headerB64) {
+    try {
+      const decoded = JSON.parse(
+        Buffer.from(headerB64, "base64").toString("utf-8")
+      );
+      if (isX402Shape(decoded)) {
+        return decoded;
+      }
+    } catch {
+    }
+  }
+  try {
+    const clone = response.clone();
+    const body = await clone.json();
+    if (isX402Shape(body)) {
+      return body;
+    }
+  } catch {
+  }
+  return null;
+}
+
+// src/payment-signer.ts
+var TEMPO_CHAIN_ID = 4217;
+var DEFAULT_APPROVAL_POLL = { intervalMs: 2e3, maxAttempts: 150 };
+var VALID_AFTER_PAST_SLACK_SECONDS = 60;
+var NONCE_BYTES = 32;
+async function sleep(ms) {
+  await new Promise((resolve) => setTimeout(resolve, ms));
+}
+function selectProtocol(x402, mpp, hint) {
+  const h = hint ?? "auto";
+  if (h === "x402") {
+    if (!x402) {
+      throw new KeeperHubError(
+        "X402_NOT_OFFERED",
+        "x402 is not offered by this endpoint"
+      );
+    }
+    return "x402";
+  }
+  if (h === "mpp") {
+    if (!mpp) {
+      throw new KeeperHubError(
+        "MPP_NOT_OFFERED",
+        "mpp is not offered by this endpoint"
+      );
+    }
+    return "mpp";
+  }
+  if (x402) return "x402";
+  if (mpp) return "mpp";
+  return null;
+}
+function createPaymentSigner(opts = {}) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  const walletLoader = opts.walletLoader ?? readWalletConfig;
+  const clientFactory = opts.clientFactory ?? ((wallet) => new KeeperHubClient(wallet, { fetch: fetchImpl }));
+  const pollCfg = opts.approval ?? DEFAULT_APPROVAL_POLL;
+  async function signOrPoll(client, body) {
+    const result = await client.request(
+      "POST",
+      "/api/agentic-wallet/sign",
+      body
+    );
+    if ("_status" in result && result._status === 202) {
+      const approvalRequestId = result.approvalRequestId;
+      for (let attempt = 0; attempt < pollCfg.maxAttempts; attempt++) {
+        await sleep(pollCfg.intervalMs);
+        const status = await client.request(
+          "GET",
+          `/api/agentic-wallet/approval-request/${approvalRequestId}`
+        );
+        if ("status" in status && status.status !== "pending") {
+          if (status.status === "rejected") {
+            throw new KeeperHubError(
+              "APPROVAL_REJECTED",
+              "User rejected the operation"
+            );
+          }
+          const retry = await client.request(
+            "POST",
+            "/api/agentic-wallet/sign",
+            body
+          );
+          if ("_status" in retry) {
+            throw new KeeperHubError(
+              "APPROVAL_LOOP",
+              "Sign returned 202 again after approval"
+            );
+          }
+          return retry.signature;
+        }
+      }
+      throw new KeeperHubError(
+        "APPROVAL_TIMEOUT",
+        `No human response within ${pollCfg.intervalMs * pollCfg.maxAttempts}ms`
+      );
+    }
+    return result.signature;
+  }
+  async function payViaMpp(response, mpp, wallet, retry) {
+    const slug = extractKeeperHubWorkflowSlug(response.url);
+    if (!slug.ok) {
+      throw new KeeperHubError(
+        "UNSUPPORTED_RECIPIENT",
+        `This wallet only signs payments for KeeperHub workflows. The 402 came from a URL that does not match /api/mcp/workflows/<slug>/call (reason: ${slug.reason}). See KEEP-311 for generic x402 support.`
+      );
+    }
+    const client = clientFactory(wallet);
+    const signature = await signOrPoll(client, {
+      chain: "tempo",
+      workflowSlug: slug.slug,
+      paymentChallenge: {
+        kind: "mpp",
+        serialized: mpp.serialized,
+        chainId: TEMPO_CHAIN_ID
+      }
+    });
+    const headers = new Headers(retry?.headers);
+    headers.set("Authorization", `Payment ${signature}`);
+    return fetchImpl(response.url, {
+      method: retry?.method ?? "POST",
+      headers,
+      body: retry?.body ?? void 0
+    });
+  }
+  async function payViaX402(response, x402, wallet, retry) {
+    const accept = x402.accepts[0];
+    if (!accept) {
+      throw new KeeperHubError(
+        "X402_EMPTY_ACCEPTS",
+        "x402 challenge has no accepts entries"
+      );
+    }
+    const slug = extractKeeperHubWorkflowSlug(x402.resource.url || response.url);
+    if (!slug.ok) {
+      throw new KeeperHubError(
+        "UNSUPPORTED_RECIPIENT",
+        `This wallet only signs payments for KeeperHub workflows. The 402 came from a URL that does not match /api/mcp/workflows/<slug>/call (reason: ${slug.reason}). See KEEP-311 for generic x402 support.`
+      );
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    const validAfter = now - VALID_AFTER_PAST_SLACK_SECONDS;
+    const validBefore = now + accept.maxTimeoutSeconds;
+    const nonce = `0x${randomBytes2(NONCE_BYTES).toString("hex")}`;
+    const client = clientFactory(wallet);
+    const signature = await signOrPoll(client, {
+      chain: "base",
+      workflowSlug: slug.slug,
+      paymentChallenge: {
+        kind: "x402",
+        payTo: accept.payTo,
+        amount: accept.amount,
+        validAfter,
+        validBefore,
+        nonce
+      }
+    });
+    const paymentSigPayload = {
+      x402Version: 2,
+      accepted: accept,
+      payload: {
+        signature,
+        authorization: {
+          from: wallet.walletAddress,
+          to: accept.payTo,
+          value: accept.amount,
+          validAfter: String(validAfter),
+          validBefore: String(validBefore),
+          nonce
+        }
+      }
+    };
+    const paymentSigHeader = Buffer.from(
+      JSON.stringify(paymentSigPayload)
+    ).toString("base64");
+    const retryUrl = x402.resource.url || response.url;
+    const headers = new Headers(retry?.headers);
+    headers.set("PAYMENT-SIGNATURE", paymentSigHeader);
+    return fetchImpl(retryUrl, {
+      method: retry?.method ?? "POST",
+      headers,
+      body: retry?.body ?? void 0
+    });
+  }
+  async function pay(response, options) {
+    if (response.status !== 402) {
+      return response;
+    }
+    const x402 = await parseX402Challenge(response);
+    const mpp = parseMppChallenge(response);
+    if (!(x402 || mpp)) {
+      return response;
+    }
+    const wallet = await walletLoader();
+    const protocol = selectProtocol(x402, mpp, options?.paymentHint);
+    if (protocol === "x402") {
+      return payViaX402(response, x402, wallet, options);
+    }
+    if (protocol === "mpp") {
+      return payViaMpp(response, mpp, wallet, options);
+    }
+    return response;
+  }
+  return {
+    pay,
+    async fetch(input, init) {
+      const first = await fetchImpl(input, init);
+      if (first.status !== 402) {
+        return first;
+      }
+      return pay(first, {
+        body: init?.body ?? void 0,
+        headers: init?.headers,
+        method: init?.method,
+        paymentHint: init?.paymentHint
+      });
+    }
+  };
+}
+var paymentSigner = createPaymentSigner();
+
+// src/provision.ts
+var TRAILING_SLASH2 = /\/$/;
+var WALLET_ADDRESS_PATTERN = /^0x[a-fA-F0-9]{40}$/;
+var ProvisionResponseInvalidError = class extends Error {
+  code = "PROVISION_RESPONSE_INVALID";
+  constructor(message) {
+    super(message);
+    this.name = "ProvisionResponseInvalidError";
+  }
+};
+var ProvisionHttpError = class extends Error {
+  code = "PROVISION_HTTP_ERROR";
+  status;
+  body;
+  constructor(status, body) {
+    super(`provision failed: HTTP ${status}: ${body}`);
+    this.name = "ProvisionHttpError";
+    this.status = status;
+    this.body = body;
+  }
+};
+function resolveBaseUrl(override) {
+  const candidate = override ?? process.env.KEEPERHUB_API_URL ?? "https://app.keeperhub.com";
+  return candidate.replace(TRAILING_SLASH2, "");
+}
+function isNonEmptyString(value) {
+  return typeof value === "string" && value.length > 0;
+}
+function validateProvisionResponse(data) {
+  if (typeof data !== "object" || data === null) {
+    throw new ProvisionResponseInvalidError(
+      "provision response is not an object"
+    );
+  }
+  const { subOrgId, walletAddress, hmacSecret } = data;
+  if (!(isNonEmptyString(subOrgId) && isNonEmptyString(walletAddress) && isNonEmptyString(hmacSecret))) {
+    throw new ProvisionResponseInvalidError(
+      "provision response missing subOrgId, walletAddress, or hmacSecret"
+    );
+  }
+  if (!WALLET_ADDRESS_PATTERN.test(walletAddress)) {
+    throw new ProvisionResponseInvalidError(
+      `provision response walletAddress is not a valid 0x-prefixed 40-hex address: ${walletAddress}`
+    );
+  }
+  return {
+    subOrgId,
+    walletAddress,
+    hmacSecret
+  };
+}
+async function provisionWallet(options = {}) {
+  const baseUrl = resolveBaseUrl(options.baseUrl);
+  const fetchImpl = options.fetchImpl ?? globalThis.fetch;
+  const response = await fetchImpl(`${baseUrl}/api/agentic-wallet/provision`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: "{}",
+    signal: AbortSignal.timeout(3e4)
+  });
+  if (!response.ok) {
+    const text = await response.text();
+    throw new ProvisionHttpError(response.status, text);
+  }
+  const raw = await response.json();
+  const data = validateProvisionResponse(raw);
+  await writeWalletConfig(data);
+  return data;
+}
+
+// src/safety-config.ts
+import { chmod as chmod2, mkdir as mkdir2, readFile as readFile2, writeFile as writeFile2 } from "fs/promises";
+import { homedir as homedir2 } from "os";
+import { dirname as dirname2, join as join2 } from "path";
+var DEFAULT_SAFETY_CONFIG = {
+  auto_approve_max_usd: 5,
+  ask_threshold_usd: 50,
+  block_threshold_usd: 100,
+  allowlisted_contracts: [
+    "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913",
+    // Base USDC
+    "0x20c000000000000000000000b9537d11c60e8b50"
+    // Tempo USDC.e
+  ]
+};
+function getSafetyPath() {
+  return join2(homedir2(), ".keeperhub", "safety.json");
+}
+async function loadSafetyConfig() {
+  const path = getSafetyPath();
+  let raw;
+  try {
+    raw = await readFile2(path, "utf-8");
+  } catch (err) {
+    if (err.code === "ENOENT") {
+      await mkdir2(dirname2(path), { recursive: true, mode: 448 });
+      await writeFile2(path, JSON.stringify(DEFAULT_SAFETY_CONFIG, null, 2), {
+        mode: 420
+      });
+      await chmod2(path, 420);
+      return DEFAULT_SAFETY_CONFIG;
+    }
+    throw err;
+  }
+  const parsed = JSON.parse(raw);
+  return validateAndMerge(parsed);
+}
+var THRESHOLD_KEYS = [
+  "auto_approve_max_usd",
+  "ask_threshold_usd",
+  "block_threshold_usd"
+];
+function validateAndMerge(partial) {
+  const merged = {
+    auto_approve_max_usd: partial.auto_approve_max_usd ?? DEFAULT_SAFETY_CONFIG.auto_approve_max_usd,
+    ask_threshold_usd: partial.ask_threshold_usd ?? DEFAULT_SAFETY_CONFIG.ask_threshold_usd,
+    block_threshold_usd: partial.block_threshold_usd ?? DEFAULT_SAFETY_CONFIG.block_threshold_usd,
+    allowlisted_contracts: partial.allowlisted_contracts ?? DEFAULT_SAFETY_CONFIG.allowlisted_contracts
+  };
+  for (const key of THRESHOLD_KEYS) {
+    const v = merged[key];
+    if (!(Number.isFinite(v) && v >= 0)) {
+      throw new Error(
+        `safety.json: ${key} must be a non-negative finite number; got ${String(v)}`
+      );
+    }
+  }
+  if (merged.ask_threshold_usd < merged.auto_approve_max_usd) {
+    throw new Error(
+      "safety.json: ask_threshold_usd must be >= auto_approve_max_usd"
+    );
+  }
+  if (merged.block_threshold_usd < merged.ask_threshold_usd) {
+    throw new Error(
+      "safety.json: block_threshold_usd must be >= ask_threshold_usd"
+    );
+  }
+  if (!Array.isArray(merged.allowlisted_contracts)) {
+    throw new Error("safety.json: allowlisted_contracts must be an array");
+  }
+  merged.allowlisted_contracts = merged.allowlisted_contracts.map(
+    (a) => a.toLowerCase()
+  );
+  return merged;
+}
+
+// src/mcp-server.ts
+var BODY_TEXT_CAP_BYTES = 256 * 1024;
+var USDC_DECIMALS2 = 1e6;
+var HTTP_TIMEOUT_MS = 3e4;
+var ACCEPT_CONTROL_CHARS_RE = (
+  // biome-ignore lint/suspicious/noControlCharactersInRegex: deliberately matching control chars + Unicode separators + bidi-overrides to neutralise log-injection / hidden-text vectors before rendering upstream-supplied strings
+  /[\u0000-\u001f\u007f-\u009f\u2028\u2029\u200b-\u200f\u202a-\u202e]/g
+);
+var KEEPERHUB_BASE_URL_TRAILING = /\/$/;
+function resolveKeeperhubBaseUrl() {
+  const candidate = process.env.KEEPERHUB_API_URL ?? "https://app.keeperhub.com";
+  return candidate.replace(KEEPERHUB_BASE_URL_TRAILING, "");
+}
+function readPackageVersion() {
+  try {
+    const here = dirname3(fileURLToPath(import.meta.url));
+    const pkgPath = join3(here, "..", "package.json");
+    const raw = readFileSync(pkgPath, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (typeof parsed.version === "string" && parsed.version.length > 0) {
+      return parsed.version;
+    }
+  } catch {
+  }
+  return "0.0.0";
+}
+function sanitise(input) {
+  return input.replace(ACCEPT_CONTROL_CHARS_RE, "");
+}
+function logEvent(event, data) {
+  const entry = {
+    level: "info",
+    event,
+    ts: (/* @__PURE__ */ new Date()).toISOString(),
+    ...data
+  };
+  process.stderr.write(`${JSON.stringify(entry)}
+`);
+}
+async function withToolLogging(toolName, fn) {
+  const startMs = Date.now();
+  logEvent("mcp.tool.called", { tool: toolName });
+  try {
+    const result = await fn();
+    logEvent("mcp.tool.completed", {
+      tool: toolName,
+      duration_ms: Date.now() - startMs,
+      success: true
+    });
+    return result;
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    logEvent("mcp.tool.error", {
+      tool: toolName,
+      duration_ms: Date.now() - startMs,
+      success: false,
+      error: message
+    });
+    throw error;
+  }
+}
+function structuredError(payload) {
+  return {
+    content: [{ type: "text", text: JSON.stringify(payload) }],
+    isError: true
+  };
+}
+function structuredOk(payload) {
+  return {
+    content: [{ type: "text", text: JSON.stringify(payload) }]
+  };
+}
+function defaultDeps() {
+  return {
+    readWalletConfig,
+    provisionWallet: () => provisionWallet(),
+    loadSafetyConfig,
+    checkBalance: (wallet) => checkBalance(wallet),
+    paymentSigner,
+    fetchImpl: globalThis.fetch
+  };
+}
+var provisionInflight = null;
+async function ensureWallet(deps) {
+  try {
+    const wallet = await deps.readWalletConfig();
+    return {
+      provisioned: false,
+      walletAddress: wallet.walletAddress,
+      subOrgId: wallet.subOrgId,
+      hmacSecret: wallet.hmacSecret
+    };
+  } catch (err) {
+    if (err instanceof WalletConfigCorruptError) {
+      throw err;
+    }
+    if (!(err instanceof WalletConfigMissingError)) {
+      throw err;
+    }
+    if (provisionInflight === null) {
+      provisionInflight = (async () => {
+        try {
+          const minted = await deps.provisionWallet();
+          logEvent("mcp.wallet.provisioned", {
+            walletAddress: minted.walletAddress
+          });
+          return minted;
+        } finally {
+          provisionInflight = null;
+        }
+      })();
+    }
+    const wallet = await provisionInflight;
+    return {
+      provisioned: true,
+      walletAddress: wallet.walletAddress,
+      subOrgId: wallet.subOrgId,
+      hmacSecret: wallet.hmacSecret
+    };
+  }
+}
+function resetProvisionInflightForTests() {
+  provisionInflight = null;
+}
+function microUsdcToUsd(microUsdc) {
+  return Number(microUsdc) / USDC_DECIMALS2;
+}
+function extractX402AmountMicro(x402) {
+  if (!x402) {
+    return null;
+  }
+  let min = null;
+  for (const accept of x402.accepts) {
+    if (!/^\d+$/.test(accept.amount)) {
+      continue;
+    }
+    const candidate = BigInt(accept.amount);
+    if (min === null || candidate < min) {
+      min = candidate;
+    }
+  }
+  return min;
+}
+function parseUsdcAmount(decimal) {
+  const match = /^(\d+)(?:\.(\d+))?$/.exec(decimal);
+  if (!match) {
+    return null;
+  }
+  const whole = match[1] ?? "0";
+  const fracRaw = match[2] ?? "";
+  const fracPadded = `${fracRaw}000000`.slice(0, 6);
+  try {
+    return BigInt(whole) * BigInt(USDC_DECIMALS2) + BigInt(fracPadded);
+  } catch {
+    return null;
+  }
+}
+function pickResponseFormat(requested, contentType) {
+  if (requested) {
+    return requested;
+  }
+  const ct = contentType.toLowerCase();
+  if (ct.startsWith("text/") || ct.includes("json") || ct.includes("xml") || ct.includes("yaml")) {
+    return "text";
+  }
+  return "base64";
+}
+var callWorkflowInputSchema = {
+  slug: z.string().min(1).describe("KeeperHub workflow slug"),
+  body: z.record(z.string(), z.unknown()).optional().describe("JSON body forwarded to the workflow's input schema"),
+  paymentHint: z.enum(["auto", "x402", "mpp"]).optional().describe(
+    "Payment protocol preference. 'auto' (default) prefers x402 when offered, MPP otherwise."
+  ),
+  responseFormat: z.enum(["text", "base64", "json"]).optional().describe(
+    "How to render the response body. Defaults to 'text'. Non-text content-types force base64."
+  )
+};
+async function loadSafetyOrError(deps) {
+  try {
+    return { safety: await deps.loadSafetyConfig() };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return {
+      error: structuredError({
+        code: "SAFETY_CONFIG_INVALID",
+        message: sanitise(
+          `~/.keeperhub/safety.json is unreadable: ${message}. Repair the file by hand or delete it to fall back to defaults.`
+        )
+      })
+    };
+  }
+}
+function classifyFetchError(err) {
+  if (err instanceof Error) {
+    if (err.name === "AbortError" || err.name === "TimeoutError") {
+      return {
+        code: "UPSTREAM_TIMEOUT",
+        message: `Upstream request exceeded ${HTTP_TIMEOUT_MS}ms (${err.message}). Try again, or check https://status.keeperhub.com.`
+      };
+    }
+    if (err instanceof TypeError && err.message.includes("fetch failed")) {
+      const cause = typeof err.cause?.code === "string" ? err.cause.code : void 0;
+      return {
+        code: "UPSTREAM_UNREACHABLE",
+        message: `Could not reach KeeperHub upstream (${cause ?? err.message}). Check your network connectivity, then retry.`
+      };
+    }
+  }
+  return null;
+}
+function toolErrorEnvelope(err) {
+  if (err instanceof WalletConfigCorruptError) {
+    return structuredError({
+      code: "WALLET_CONFIG_CORRUPT",
+      message: sanitise(err.message),
+      path: err.path
+    });
+  }
+  if (err instanceof KeeperHubError) {
+    return structuredError({
+      code: err.code,
+      message: sanitise(err.message)
+    });
+  }
+  const fetchClassification = classifyFetchError(err);
+  if (fetchClassification) {
+    return structuredError({
+      code: fetchClassification.code,
+      message: sanitise(fetchClassification.message)
+    });
+  }
+  const message = err instanceof Error ? err.message : String(err);
+  return structuredError({
+    code: "INTERNAL_ERROR",
+    message: sanitise(message)
+  });
+}
+async function handleCallWorkflow(args, deps) {
+  const safetyResult = await loadSafetyOrError(deps);
+  if ("error" in safetyResult) {
+    return safetyResult.error;
+  }
+  const { safety } = safetyResult;
+  let ensured;
+  try {
+    ensured = await ensureWallet(deps);
+  } catch (err) {
+    return toolErrorEnvelope(err);
+  }
+  const baseUrl = resolveKeeperhubBaseUrl();
+  const url = `${baseUrl}/api/mcp/workflows/${encodeURIComponent(args.slug)}/call`;
+  const bodyJson = JSON.stringify(args.body ?? {});
+  let probe;
+  try {
+    probe = await deps.fetchImpl(url, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: bodyJson,
+      signal: AbortSignal.timeout(HTTP_TIMEOUT_MS)
+    });
+  } catch (err) {
+    return toolErrorEnvelope(err);
+  }
+  if (probe.status === 402) {
+    const x402 = await parseX402Challenge(probe);
+    const mpp = parseMppChallenge(probe);
+    const amountMicro = extractX402AmountMicro(x402);
+    if (amountMicro !== null) {
+      const blockMicro = BigInt(
+        Math.round(safety.block_threshold_usd * USDC_DECIMALS2)
+      );
+      if (amountMicro > blockMicro) {
+        const attemptedUsd = microUsdcToUsd(amountMicro);
+        return structuredError({
+          code: "POLICY_BLOCKED",
+          message: sanitise(
+            `Payment of ${attemptedUsd} USD exceeds local safety cap of ${safety.block_threshold_usd} USD (block_threshold_usd in ~/.keeperhub/safety.json).`
+          ),
+          threshold_usd: safety.block_threshold_usd,
+          attempted_usd: attemptedUsd,
+          ...ensured.provisioned ? {
+            provisioned: true,
+            walletAddress: ensured.walletAddress,
+            fundingUrl: fund(ensured.walletAddress).coinbaseOnrampUrl
+          } : {}
+        });
+      }
+      const balanceSnap = await deps.checkBalance({
+        subOrgId: ensured.subOrgId,
+        walletAddress: ensured.walletAddress,
+        hmacSecret: ensured.hmacSecret
+      });
+      const baseBalance = parseUsdcAmount(balanceSnap.base.amount);
+      if (baseBalance !== null && baseBalance < amountMicro) {
+        const fundInfo = fund(ensured.walletAddress);
+        return structuredError({
+          code: "INSUFFICIENT_FUNDS",
+          message: sanitise(
+            `Wallet ${ensured.walletAddress} has ${balanceSnap.base.amount} Base USDC; payment requires ${microUsdcToUsd(amountMicro)} USD.`
+          ),
+          needed_usd: microUsdcToUsd(amountMicro),
+          balance_usd: Number(balanceSnap.base.amount),
+          funding_url: fundInfo.coinbaseOnrampUrl,
+          walletAddress: ensured.walletAddress,
+          ...ensured.provisioned ? { provisioned: true } : {}
+        });
+      }
+    }
+    if (!(x402 || mpp)) {
+      const text = await probe.text();
+      return structuredError({
+        code: "PAYMENT_REQUIRED_UNPARSEABLE",
+        message: sanitise(
+          `Upstream returned 402 with no parseable x402 or MPP challenge. Body: ${text.slice(0, 512)}`
+        )
+      });
+    }
+  }
+  let final;
+  try {
+    final = await deps.paymentSigner.fetch(url, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: bodyJson,
+      paymentHint: args.paymentHint ?? "auto",
+      signal: AbortSignal.timeout(HTTP_TIMEOUT_MS)
+    });
+  } catch (err) {
+    const env = toolErrorEnvelope(err);
+    if (ensured.provisioned && env.isError) {
+      const parsed = JSON.parse(env.content[0]?.text ?? "{}");
+      return structuredError({
+        ...parsed,
+        provisioned: true,
+        walletAddress: ensured.walletAddress,
+        fundingUrl: fund(ensured.walletAddress).coinbaseOnrampUrl
+      });
+    }
+    return env;
+  }
+  const paid = probe.status === 402 && final.status !== 402;
+  const protocolUsed = paid ? final.headers.get("x402-protocol") ?? "x402" : void 0;
+  const HEADER_ALLOWLIST = /* @__PURE__ */ new Set([
+    "content-type",
+    "content-length",
+    "x402-protocol",
+    "x-execution-id",
+    "execution-id",
+    "x-ratelimit-limit",
+    "x-ratelimit-remaining",
+    "x-ratelimit-reset",
+    "retry-after"
+  ]);
+  const headersOut = {};
+  for (const [k, v] of final.headers.entries()) {
+    if (HEADER_ALLOWLIST.has(k.toLowerCase())) {
+      headersOut[k] = v;
+    }
+  }
+  const executionId = final.headers.get("x-execution-id") ?? final.headers.get("execution-id");
+  const contentType = final.headers.get("content-type") ?? "";
+  const responseFormat = pickResponseFormat(args.responseFormat, contentType);
+  const buf = Buffer.from(await final.arrayBuffer());
+  const truncated = buf.byteLength > BODY_TEXT_CAP_BYTES;
+  const sliced = truncated ? buf.subarray(0, BODY_TEXT_CAP_BYTES) : buf;
+  let bodyOut;
+  if (responseFormat === "base64") {
+    bodyOut = sliced.toString("base64");
+  } else {
+    bodyOut = sliced.toString("utf-8");
+    if (responseFormat === "json") {
+      try {
+        const reparsed = JSON.parse(bodyOut);
+        bodyOut = JSON.stringify(reparsed);
+      } catch {
+      }
+    }
+  }
+  const result = {
+    status: final.status,
+    headers: headersOut,
+    bodyText: bodyOut,
+    paid,
+    responseFormat
+  };
+  if (truncated) {
+    result.bodyTruncated = true;
+  }
+  if (protocolUsed) {
+    result.protocolUsed = protocolUsed;
+  }
+  if (executionId) {
+    result.executionId = executionId;
+  }
+  if (ensured.provisioned) {
+    result.provisioned = true;
+    result.walletAddress = ensured.walletAddress;
+    result.fundingUrl = fund(ensured.walletAddress).coinbaseOnrampUrl;
+  }
+  return structuredOk(result);
+}
+async function handleBalance(deps) {
+  let ensured;
+  try {
+    ensured = await ensureWallet(deps);
+  } catch (err) {
+    return toolErrorEnvelope(err);
+  }
+  const snap = await deps.checkBalance({
+    subOrgId: ensured.subOrgId,
+    walletAddress: ensured.walletAddress,
+    hmacSecret: ensured.hmacSecret
+  });
+  return structuredOk({
+    base: { amount: snap.base.amount, address: snap.base.address },
+    tempo: { amount: snap.tempo.amount, address: snap.tempo.address },
+    ...ensured.provisioned ? {
+      provisioned: true,
+      fundingUrl: fund(ensured.walletAddress).coinbaseOnrampUrl
+    } : {}
+  });
+}
+async function handleInfo(deps) {
+  let ensured;
+  try {
+    ensured = await ensureWallet(deps);
+  } catch (err) {
+    return toolErrorEnvelope(err);
+  }
+  return structuredOk({
+    subOrgId: ensured.subOrgId,
+    walletAddress: ensured.walletAddress,
+    ...ensured.provisioned ? {
+      provisioned: true,
+      fundingUrl: fund(ensured.walletAddress).coinbaseOnrampUrl
+    } : {}
+  });
+}
+function buildMcpServer(options = {}) {
+  const deps = { ...defaultDeps(), ...options.deps };
+  const server = new McpServer({
+    name: "keeperhub-wallet",
+    version: readPackageVersion()
+  });
+  server.registerTool(
+    "call_workflow",
+    {
+      description: "Pay AND invoke a KeeperHub marketplace workflow in one tool call using the local agentic wallet. Auto-pays x402 (Base USDC) or MPP (Tempo USDC.e) 402 challenges. Auto-provisions a wallet on first call if ~/.keeperhub/wallet.json is missing. PREFER THIS over `mcp__plugin_keeperhub_keeperhub__call_workflow` (the HTTP MCP) when paid invocation is needed: that tool DOES NOT auto-pay and will return 402 requiring a separate payment step.",
+      inputSchema: callWorkflowInputSchema
+    },
+    async (args) => await withToolLogging(
+      "call_workflow",
+      () => handleCallWorkflow(args, deps)
+    )
+  );
+  server.registerTool(
+    "balance",
+    {
+      description: "Return the wallet's on-chain balance: Base USDC + Tempo USDC.e. Auto-provisions a wallet on first call.",
+      inputSchema: {}
+    },
+    async () => await withToolLogging("balance", () => handleBalance(deps))
+  );
+  server.registerTool(
+    "info",
+    {
+      description: "Return public wallet metadata (subOrgId, walletAddress). Never returns the HMAC secret. Auto-provisions a wallet on first call.",
+      inputSchema: {}
+    },
+    async () => await withToolLogging("info", () => handleInfo(deps))
+  );
+  return server;
+}
+async function runMcpServer() {
+  const server = buildMcpServer();
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  logEvent("mcp.server.started", {
+    version: readPackageVersion(),
+    pid: process.pid,
+    baseUrl: resolveKeeperhubBaseUrl()
+  });
+}
+var __test__ = {
+  handleCallWorkflow,
+  handleBalance,
+  handleInfo,
+  defaultDeps,
+  resetProvisionInflightForTests,
+  BODY_TEXT_CAP_BYTES
+};
+export {
+  __test__,
+  buildMcpServer,
+  runMcpServer
+};
+//# sourceMappingURL=mcp-server.js.map