@quackai/q402-mcp 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +7 -1
  2. package/dist/index.js +5 -5
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -41,11 +41,17 @@ You'll get a ranked breakdown immediately — no API key, no signup, no funds at
41
41
  | Tool | Auth | Purpose |
42
42
  |---|---|---|
43
43
  | `q402_quote` | none | Compare gas cost and supported tokens across chains. Read-only. |
44
- | `q402_balance` | API key | Verify the API key and report its plan tier (live vs sandbox). |
44
+ | `q402_balance` | API key | Verify the API key and report its plan tier + remaining quota credits (live vs sandbox). |
45
45
  | `q402_pay` | API key + private key + flag | Send a gasless payment. **Sandbox by default** — see [Sandbox vs live mode](#sandbox-vs-live-mode). |
46
+ | `q402_receipt` | none | Look up a Trust Receipt by `rct_…` id and locally verify its ECDSA signature against the relayer EOA. Returns the public settlement record + a `verified` boolean. *receiptId-only today; tx-hash lookup reserved for a future release.* |
46
47
 
47
48
  `q402_pay` follows a "confirm in chat first" contract: the tool description instructs the model to never call it without explicit user approval of the recipient address, amount, chain, and token.
48
49
 
50
+ `q402_receipt` is the natural follow-up: after `q402_pay` returns a `receiptUrl`, hand the agent the `rct_…` id and ask *"verify this receipt"* — the tool re-runs the same canonical-JSON + EIP-191 recovery the receipt page does in the browser, so the verification doesn't depend on trusting any UI. Example prompts that work today:
51
+
52
+ > *"Pay 0.10 USDT on BNB to vitalik.eth, then verify the receipt."*
53
+ > *"Is `rct_afa5f50bc49a65ebba3b28ab` a real Q402 receipt? Verify the signature."*
54
+
49
55
  > Per-chain gas tank balances and full transaction history live in the [dashboard](https://q402.quackai.ai/dashboard) — those endpoints require a wallet signature, not a bare API key, so the MCP server points the agent there instead of exposing them.
50
56
 
51
57
  ---
package/dist/index.js CHANGED
@@ -658,7 +658,7 @@ function pageBase() {
658
658
  }
659
659
  async function runReceipt(input) {
660
660
  const apiBase = receiptApiBase();
661
- let receiptId = input.receiptId ?? null;
661
+ const receiptId = input.receiptId ?? null;
662
662
  if (!receiptId && input.txHash) {
663
663
  return {
664
664
  receiptId: null,
@@ -713,19 +713,19 @@ async function runReceipt(input) {
713
713
  }
714
714
  var RECEIPT_TOOL = {
715
715
  name: "q402_receipt",
716
- description: "Look up a Q402 Trust Receipt by its rct_\u2026 id and return the settlement record + a locally-verified ECDSA boolean (the tool re-runs the same hash recovery the receipt page does in the browser). Read-only; no API key required. Use after q402_pay to give the user a shareable verified-by-Q402 URL, or to independently verify a receipt id someone shared with you.",
716
+ description: "Look up a Q402 Trust Receipt by its rct_\u2026 receiptId and return the settlement record + a locally-verified ECDSA boolean (the tool re-runs the same canonical-JSON + EIP-191 recovery the receipt page does in the browser). Read-only; no API key required. Use after q402_pay to give the user a shareable verified-by-Q402 URL, or to independently verify a receipt id someone shared with you. **receiptId is required**; passing only txHash returns notFound (tx \u2192 receiptId lookup is reserved for a future release).",
717
717
  inputSchema: {
718
718
  type: "object",
719
719
  properties: {
720
720
  receiptId: {
721
721
  type: "string",
722
722
  pattern: "^rct_[0-9a-f]{24}$",
723
- description: "Receipt id (rct_ + 24 hex chars). Returned by q402_pay; also visible at the end of any /receipt/ URL."
723
+ description: "Receipt id (rct_ + 24 hex chars). Returned by q402_pay; also visible at the end of any /receipt/ URL. This is the only path that resolves today."
724
724
  },
725
725
  txHash: {
726
726
  type: "string",
727
727
  pattern: "^0x[0-9a-fA-F]{64}$",
728
- description: "Optional on-chain tx hash. Reserved for a future tx \u2192 receipt index; today the tool returns notFound when only txHash is given."
728
+ description: "Reserved for a future tx \u2192 receipt index. Today this is unimplemented and the tool returns notFound when only txHash is provided. Pass receiptId instead."
729
729
  }
730
730
  },
731
731
  additionalProperties: false
@@ -734,7 +734,7 @@ var RECEIPT_TOOL = {
734
734
 
735
735
  // src/index.ts
736
736
  var PACKAGE_NAME = "@quackai/q402-mcp";
737
- var PACKAGE_VERSION = "0.2.0";
737
+ var PACKAGE_VERSION = "0.2.1";
738
738
  function jsonText(value) {
739
739
  return { type: "text", text: JSON.stringify(value, null, 2) };
740
740
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@quackai/q402-mcp",
3
- "version": "0.2.0",
3
+ "version": "0.2.1",
4
4
  "description": "MCP server for Q402 — gasless USDC and USDT payments across 7 EVM chains, callable directly from Claude Desktop and any other Model Context Protocol client.",
5
5
  "mcpName": "io.github.bitgett/q402-mcp",
6
6
  "keywords": [