@quackai/q402-mcp 0.3.14 → 0.4.1

package/README.md

@@ -1,192 +1,192 @@
-# @quackai/q402-mcp
-
-> MCP server for Q402 — gasless USDC, USDT, and RLUSD payments across 7 EVM chains, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.
-
-[![npm](https://img.shields.io/npm/v/@quackai/q402-mcp.svg)](https://www.npmjs.com/package/@quackai/q402-mcp)
-[![license](https://img.shields.io/npm/l/@quackai/q402-mcp.svg)](./LICENSE)
-
-> **🎟️ Free trial available (2026-05-19 → 2026-06-30)** — 2,000 gasless transactions on BNB Chain (USDC + USDT), 30-day window, no card. One wallet signature: <https://q402.quackai.ai>.
->
-> **Trial-scope policy:** API keys minted under the free-trial program (`plan: "trial"`) are restricted to BNB Chain with USDC/USDT — server-side enforcement, returns `403 TRIAL_BNB_ONLY` otherwise. **Paid API keys see the full 7-chain matrix at all times.**
-
-Claude can now reason about stablecoin payments end to end — quote a transfer across 7 chains, pick the cheapest route, and (optionally) settle the transaction over [Q402](https://q402.quackai.ai)'s EIP-7702 relayer infrastructure. The recipient receives the full amount; the sender pays $0 in gas.
-
----
-
-## Quick start
-
-The server speaks stdio MCP, so any MCP-compatible client can use it. The two paths verified end-to-end today are **Claude (Desktop / Code)** and **OpenAI Codex CLI**.
-
-### Claude Desktop / Claude Code
-
-```bash
-claude mcp add q402 -- npx -y @quackai/q402-mcp
-```
-
-Or edit `claude_desktop_config.json` directly:
-
-```json
-{
-  "mcpServers": {
-    "q402": {
-      "command": "npx",
-      "args": ["-y", "@quackai/q402-mcp"]
-    }
-  }
-}
-```
-
-Restart Claude Desktop and ask:
-
-> *"Compare gas costs to send 50 USDC to vitalik.eth across all 7 Q402 chains."*
-
-### OpenAI Codex CLI
-
-Three install paths — pick the one that matches your workflow.
-
-**(a) Codex plugin marketplace** (recommended — bundles the MCP config so users don't write TOML):
-
-```bash
-codex plugin marketplace add bitgett/q402-mcp
-codex /plugins        # browse and install "q402"
-```
-
-This repo carries a Codex plugin manifest at [`.codex-plugin/plugin.json`](./.codex-plugin/plugin.json) and a marketplace catalog at [`.agents/plugins/marketplace.json`](./.agents/plugins/marketplace.json), so any signed-in Codex user can register it as a marketplace source and install with one click.
-
-**(b) Single MCP server via `codex mcp add`** (no plugin wrapper — just register the stdio server):
-
-```bash
-codex mcp add q402 -- npx -y @quackai/q402-mcp
-```
-
-**(c) Direct `~/.codex/config.toml` edit** (`.codex/config.toml` for per-project scope):
-
-```toml
-[mcp_servers.q402]
-command = "npx"
-args = ["-y", "@quackai/q402-mcp"]
-startup_timeout_sec = 20.0
-```
-
-To enable real on-chain payments, pass the three live-mode env vars **explicitly** under `env` — Codex does **not** forward host env vars by default:
-
-```toml
-[mcp_servers.q402]
-command = "npx"
-args = ["-y", "@quackai/q402-mcp"]
-startup_timeout_sec = 20.0
-env = {
-  Q402_API_KEY              = "q402_live_...",
-  Q402_PRIVATE_KEY          = "0xabc...",
-  Q402_ENABLE_REAL_PAYMENTS = "1",
-  Q402_MAX_AMOUNT_PER_CALL  = "5",
-}
-```
-
-> If you'd rather not inline secrets in `config.toml`, use the `env_vars` allow-list form to forward specific names from your shell environment instead — see the [Codex config reference](https://developers.openai.com/codex/config-reference) for the full schema.
-
-Then run `codex` and ask the same kind of question. The first call may take a few seconds while `npx` warms its cache; subsequent calls are instant.
-
-### Any other MCP client
-
-The server has no client-specific code. If your client speaks stdio MCP, point it at `npx -y @quackai/q402-mcp` and the four tools listed below will appear.
-
----
-
-> **🚧 Sprint window (BNB-focus, 2026-05-19 → 2026-06-30)** — `0.3.13` ships with the default `Q402_RELAY_BASE_URL` pointing at the sprint preview deploy. That's the deploy currently issuing trial keys and where the matching subscription records live. Once the sprint branch is merged into `main` and `q402.quackai.ai` serves the sprint code, the default will flip back to the canonical site in `0.4.0`. Set `Q402_RELAY_BASE_URL` explicitly in env if you want to override.
-
----
-
-## Tools exposed
-
-| Tool | Auth | Purpose |
-|---|---|---|
-| `q402_quote` | none | Compare gas cost and supported tokens across chains. Read-only. |
-| `q402_balance` | API key | Verify the API key and report its plan tier + remaining quota credits (live vs sandbox). |
-| `q402_pay` | API key + private key + flag | Send a gasless payment to a single recipient. **Sandbox by default** — see [Sandbox vs live mode](#sandbox-vs-live-mode). |
-| `q402_batch_pay` | API key + private key + flag | Send a gasless payment to **multiple** recipients in one call on a single chain × token. Trial keys: 5 rows max. Paid keys: 20 rows max. **Supported chains: avax, bnb, eth, mantle, injective** (default EIP-7702 mode). xlayer + stable are NOT batchable — use `q402_pay` in a loop for those. Same sandbox gating as `q402_pay`. **Rate-limit note:** the inner `/api/relay` budget (30/min per key) is consumed per row, so a paid 20-row batch leaves ~10 inner slots for the next minute. |
-| `q402_receipt` | none | Look up a Trust Receipt by `rct_…` id and locally verify its ECDSA signature against the relayer EOA. Returns the public settlement record + a `verified` boolean. *receiptId-only today; tx-hash lookup reserved for a future release.* |
-
-`q402_pay` and `q402_batch_pay` follow a "confirm in chat first" contract: the tool description instructs the model to never call it without explicit user approval of the recipient address(es), amount(s), chain, and token. For batch calls the user must approve the **full batch**, not the individual rows.
-
-`q402_receipt` is the natural follow-up: after `q402_pay` returns a `receiptUrl`, hand the agent the `rct_…` id and ask *"verify this receipt"* — the tool re-runs the same canonical-JSON + EIP-191 recovery the receipt page does in the browser, so the verification doesn't depend on trusting any UI. Example prompts that work today:
-
-> *"Pay 0.10 USDT on BNB to vitalik.eth, then verify the receipt."*  
-> *"Is `rct_afa5f50bc49a65ebba3b28ab` a real Q402 receipt? Verify the signature."*
-
-> Per-chain gas tank balances and full transaction history live in the [dashboard](https://q402.quackai.ai/dashboard) — those endpoints require a wallet signature, not a bare API key, so the MCP server points the agent there instead of exposing them.
-
----
-
-## Sandbox vs live mode
-
-By default the MCP server operates in **sandbox mode**: `q402_pay` returns a deterministic-looking fake transaction hash, no funds move, no gas-tank credit is consumed. That makes it safe to plug into any MCP client without worrying about an LLM hallucinating a payment.
-
-To enable real on-chain transactions, **all three** environment variables must be set:
-
-```bash
-Q402_API_KEY=q402_live_...           # live-tier key from /dashboard
-Q402_PRIVATE_KEY=0xabc...            # signer for the payer EOA
-Q402_ENABLE_REAL_PAYMENTS=1          # explicit opt-in
-```
-
-Anything missing → automatic sandbox fallback with a hint pointing at what to set.
-
-### Hard caps
-
-Two additional guards run before every payment regardless of mode:
-
-| Env var | Default | Effect |
-|---|---|---|
-| `Q402_MAX_AMOUNT_PER_CALL` | `5` | Reject any single call where `amount > N` USD-equivalent. |
-| `Q402_ALLOWED_RECIPIENTS` | (empty = off) | Comma-separated address allowlist. When set, all other recipients are rejected. |
-
-Combined with the `confirm: true` argument the tool requires, this means the model needs (a) explicit user OK in chat, (b) amount ≤ cap, (c) recipient on allowlist if one exists, (d) all three live-mode env vars set, before a single wei moves.
-
----
-
-## Configuration reference
-
-| Env var | Required for | Notes |
-|---|---|---|
-| `Q402_API_KEY` | balance, live-pay | Issue at https://q402.quackai.ai/dashboard. `q402_test_*` keys keep sandbox on. |
-| `Q402_PRIVATE_KEY` | live-pay | Signer for the payer EOA. **Never share. Never paste in chat.** |
-| `Q402_ENABLE_REAL_PAYMENTS` | live-pay | Set to `1` to opt in. Any other value (or unset) → sandbox. |
-| `Q402_MAX_AMOUNT_PER_CALL` | optional | USD-equivalent cap. Defaults to `5`. |
-| `Q402_ALLOWED_RECIPIENTS` | optional | Comma-separated lowercase addresses. Defaults to no allowlist. |
-| `Q402_RELAY_BASE_URL` | optional | Defaults to `https://q402.quackai.ai/api`. Override for self-hosted Q402. |
-
----
-
-## Supported chains
-
-| Chain | Chain ID | Token(s) | Notes |
-|---|---|---|---|
-| BNB Chain | 56 | USDC, USDT | |
-| Ethereum | 1 | USDC, USDT, **RLUSD** | L1 — gas is volatile, quote is a snapshot. RLUSD (Ripple USD, NY DFS regulated, decimals 18) Ethereum-only. |
-| Avalanche C-Chain | 43114 | USDC, USDT | |
-| X Layer | 196 | USDC, USDT | |
-| Stable | 988 | USDT0 (USDC and USDT both alias) | Gas paid in USDT0. |
-| Mantle | 5000 | USDC, USDT0 | LayerZero OFT USDT0 since 2025-11-27. |
-| Injective EVM | 1776 | USDT only | Native USDC via Circle CCTP announced for Q2 2026. |
-
----
-
-## Why this exists
-
-x402 standardised "402 Payment Required" semantics for AI agents but the official Coinbase facilitator only covers a few chains and assumes ERC-3009 token support — which excludes BNB USDT, Mantle USDT0, Injective USDT, and the chains where most stablecoin volume actually lives.
-
-Q402 implements the same payer experience (single signature, $0 gas, instant settlement) on all 7 of those chains using EIP-7702 delegated execution, which works with any ERC-20. This MCP server makes that infrastructure addressable from Claude itself.
-
-If you want to dig into how the wire protocol differs from x402, see [Q402 docs](https://q402.quackai.ai/docs).
-
----
-
-## Repository
-
-Source code: https://github.com/bitgett/q402-mcp
-Issues / requests: https://github.com/bitgett/q402-mcp/issues
-
-## License
-
-Apache-2.0 — see [LICENSE](./LICENSE).
+# @quackai/q402-mcp
+
+> MCP server for Q402 — gasless USDC, USDT, and RLUSD payments across 8 EVM chains, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.
+
+[![npm](https://img.shields.io/npm/v/@quackai/q402-mcp.svg)](https://www.npmjs.com/package/@quackai/q402-mcp)
+[![license](https://img.shields.io/npm/l/@quackai/q402-mcp.svg)](./LICENSE)
+
+> **🎟️ Free trial available (2026-05-19 → 2026-06-30)** — 2,000 gasless transactions on BNB Chain (USDC + USDT), 30-day window, no card. One wallet signature: <https://q402.quackai.ai>.
+>
+> **Trial-scope policy:** API keys minted under the free-trial program (`plan: "trial"`) are restricted to BNB Chain with USDC/USDT — server-side enforcement, returns `403 TRIAL_BNB_ONLY` otherwise. **Paid API keys see the full 8-chain matrix at all times.**
+
+Claude can now reason about stablecoin payments end to end — quote a transfer across 8 chains, pick the cheapest route, and (optionally) settle the transaction over [Q402](https://q402.quackai.ai)'s EIP-7702 relayer infrastructure. The recipient receives the full amount; the sender pays $0 in gas.
+
+---
+
+## Quick start
+
+The server speaks stdio MCP, so any MCP-compatible client can use it. The two paths verified end-to-end today are **Claude (Desktop / Code)** and **OpenAI Codex CLI**.
+
+### Claude Desktop / Claude Code
+
+```bash
+claude mcp add q402 -- npx -y @quackai/q402-mcp
+```
+
+Or edit `claude_desktop_config.json` directly:
+
+```json
+{
+  "mcpServers": {
+    "q402": {
+      "command": "npx",
+      "args": ["-y", "@quackai/q402-mcp"]
+    }
+  }
+}
+```
+
+Restart Claude Desktop and ask:
+
+> *"Compare gas costs to send 50 USDC to vitalik.eth across all 8 Q402 chains."*
+
+### OpenAI Codex CLI
+
+Three install paths — pick the one that matches your workflow.
+
+**(a) Codex plugin marketplace** (recommended — bundles the MCP config so users don't write TOML):
+
+```bash
+codex plugin marketplace add bitgett/q402-mcp
+codex /plugins        # browse and install "q402"
+```
+
+This repo carries a Codex plugin manifest at [`.codex-plugin/plugin.json`](./.codex-plugin/plugin.json) and a marketplace catalog at [`.agents/plugins/marketplace.json`](./.agents/plugins/marketplace.json), so any signed-in Codex user can register it as a marketplace source and install with one click.
+
+**(b) Single MCP server via `codex mcp add`** (no plugin wrapper — just register the stdio server):
+
+```bash
+codex mcp add q402 -- npx -y @quackai/q402-mcp
+```
+
+**(c) Direct `~/.codex/config.toml` edit** (`.codex/config.toml` for per-project scope):
+
+```toml
+[mcp_servers.q402]
+command = "npx"
+args = ["-y", "@quackai/q402-mcp"]
+startup_timeout_sec = 20.0
+```
+
+To enable real on-chain payments, pass the three live-mode env vars **explicitly** under `env` — Codex does **not** forward host env vars by default:
+
+```toml
+[mcp_servers.q402]
+command = "npx"
+args = ["-y", "@quackai/q402-mcp"]
+startup_timeout_sec = 20.0
+env = {
+  Q402_API_KEY              = "q402_live_...",
+  Q402_PRIVATE_KEY          = "0xabc...",
+  Q402_ENABLE_REAL_PAYMENTS = "1",
+  Q402_MAX_AMOUNT_PER_CALL  = "5",
+}
+```
+
+> If you'd rather not inline secrets in `config.toml`, use the `env_vars` allow-list form to forward specific names from your shell environment instead — see the [Codex config reference](https://developers.openai.com/codex/config-reference) for the full schema.
+
+Then run `codex` and ask the same kind of question. The first call may take a few seconds while `npx` warms its cache; subsequent calls are instant.
+
+### Any other MCP client
+
+The server has no client-specific code. If your client speaks stdio MCP, point it at `npx -y @quackai/q402-mcp` and the five tools listed below will appear.
+
+---
+
+> `Q402_RELAY_BASE_URL` overrides the relay endpoint. Set it explicitly when running against a self-hosted Q402 deployment or a non-canonical environment.
+
+---
+
+## Tools exposed
+
+| Tool | Auth | Purpose |
+|---|---|---|
+| `q402_quote` | none | Compare gas cost and supported tokens across chains. Read-only. |
+| `q402_balance` | API key | Verify the API key and report its plan tier + remaining quota credits (live vs sandbox). |
+| `q402_pay` | API key + private key + flag | Send a gasless payment to a single recipient. **Sandbox by default** — see [Sandbox vs live mode](#sandbox-vs-live-mode). |
+| `q402_batch_pay` | API key + private key + flag | Send a gasless payment to **multiple** recipients in one call on a single chain × token. Trial keys: 5 rows max. Paid keys: 20 rows max. **Supported chains: avax, bnb, eth, mantle, injective, monad** (default EIP-7702 mode). xlayer + stable are NOT batchable — use `q402_pay` in a loop for those. Same sandbox gating as `q402_pay`. **Rate-limit note:** the inner `/api/relay` budget (30/min per key) is consumed per row, so a paid 20-row batch leaves ~10 inner slots for the next minute. |
+| `q402_receipt` | none | Look up a Trust Receipt by `rct_…` id and locally verify its ECDSA signature against the relayer EOA. Returns the public settlement record + a `verified` boolean. *receiptId-only today; tx-hash lookup reserved for a future release.* |
+
+`q402_pay` and `q402_batch_pay` follow a "confirm in chat first" contract: the tool description instructs the model to never call it without explicit user approval of the recipient address(es), amount(s), chain, and token. For batch calls the user must approve the **full batch**, not the individual rows.
+
+`q402_receipt` is the natural follow-up: after `q402_pay` returns a `receiptUrl`, hand the agent the `rct_…` id and ask *"verify this receipt"* — the tool re-runs the same canonical-JSON + EIP-191 recovery the receipt page does in the browser, so the verification doesn't depend on trusting any UI. Example prompts that work today:
+
+> *"Pay 0.10 USDT on BNB to vitalik.eth, then verify the receipt."*  
+> *"Is `rct_afa5f50bc49a65ebba3b28ab` a real Q402 receipt? Verify the signature."*
+
+> Per-chain gas tank balances and full transaction history live in the [dashboard](https://q402.quackai.ai/dashboard) — those endpoints require a wallet signature, not a bare API key, so the MCP server points the agent there instead of exposing them.
+
+---
+
+## Sandbox vs live mode
+
+By default the MCP server operates in **sandbox mode**: `q402_pay` returns a deterministic-looking fake transaction hash, no funds move, no gas-tank credit is consumed. That makes it safe to plug into any MCP client without worrying about an LLM hallucinating a payment.
+
+To enable real on-chain transactions, **all three** environment variables must be set:
+
+```bash
+Q402_API_KEY=q402_live_...           # live-tier key from /dashboard
+Q402_PRIVATE_KEY=0xabc...            # signer for the payer EOA
+Q402_ENABLE_REAL_PAYMENTS=1          # explicit opt-in
+```
+
+Anything missing → automatic sandbox fallback with a hint pointing at what to set.
+
+### Hard caps
+
+Two additional guards run before every payment regardless of mode:
+
+| Env var | Default | Effect |
+|---|---|---|
+| `Q402_MAX_AMOUNT_PER_CALL` | `5` | Reject any single call where `amount > N` USD-equivalent. |
+| `Q402_ALLOWED_RECIPIENTS` | (empty = off) | Comma-separated address allowlist. When set, all other recipients are rejected. |
+
+Combined with the `confirm: true` argument the tool requires, this means the model needs (a) explicit user OK in chat, (b) amount ≤ cap, (c) recipient on allowlist if one exists, (d) all three live-mode env vars set, before a single wei moves.
+
+---
+
+## Configuration reference
+
+| Env var | Required for | Notes |
+|---|---|---|
+| `Q402_API_KEY` | balance, live-pay | Issue at https://q402.quackai.ai/dashboard. `q402_test_*` keys keep sandbox on. |
+| `Q402_PRIVATE_KEY` | live-pay | Signer for the payer EOA. **Never share. Never paste in chat.** |
+| `Q402_ENABLE_REAL_PAYMENTS` | live-pay | Set to `1` to opt in. Any other value (or unset) → sandbox. |
+| `Q402_MAX_AMOUNT_PER_CALL` | optional | USD-equivalent cap. Defaults to `5`. |
+| `Q402_ALLOWED_RECIPIENTS` | optional | Comma-separated lowercase addresses. Defaults to no allowlist. |
+| `Q402_RELAY_BASE_URL` | optional | Defaults to `https://q402.quackai.ai/api`. Override for self-hosted Q402. |
+
+---
+
+## Supported chains
+
+| Chain | Chain ID | Token(s) | Notes |
+|---|---|---|---|
+| BNB Chain | 56 | USDC, USDT | |
+| Ethereum | 1 | USDC, USDT, **RLUSD** | L1 — gas is volatile, quote is a snapshot. RLUSD (Ripple USD, NY DFS regulated, decimals 18) Ethereum-only. |
+| Avalanche C-Chain | 43114 | USDC, USDT | |
+| X Layer | 196 | USDC, USDT | |
+| Stable | 988 | USDT0 (USDC and USDT both alias) | Gas paid in USDT0. |
+| Mantle | 5000 | USDC, USDT0 | LayerZero OFT USDT0 since 2025-11-27. |
+| Injective EVM | 1776 | USDT only | Native USDC via Circle CCTP announced for Q2 2026. |
+
+---
+
+## Why this exists
+
+x402 standardised "402 Payment Required" semantics for AI agents but the official Coinbase facilitator only covers a few chains and assumes ERC-3009 token support — which excludes BNB USDT, Mantle USDT0, Injective USDT, and the chains where most stablecoin volume actually lives.
+
+Q402 implements the same payer experience (single signature, $0 gas, instant settlement) on all 7 of those chains using EIP-7702 delegated execution, which works with any ERC-20. This MCP server makes that infrastructure addressable from Claude itself.
+
+If you want to dig into how the wire protocol differs from x402, see [Q402 docs](https://q402.quackai.ai/docs).
+
+---
+
+## Repository
+
+Source code: https://github.com/bitgett/q402-mcp
+Issues / requests: https://github.com/bitgett/q402-mcp/issues
+
+## License
+
+Apache-2.0 — see [LICENSE](./LICENSE).

package/dist/index.js

@@ -10,7 +10,7 @@ import {
 
 // src/config.ts
 import { isAddress } from "ethers";
-var DEFAULT_RELAY_BASE = "https://q402-institutional-git-feat-bnb-f-e317ee-bitgett-7677s-projects.vercel.app/api";
+var DEFAULT_RELAY_BASE = "https://q402.quackai.ai/api";
 var DEFAULT_MAX_AMOUNT = 5;
 function classifyApiKey(k) {
   if (!k) return "missing";
@@ -58,7 +58,8 @@ var CHAIN_KEYS = [
   "xlayer",
   "stable",
   "mantle",
-  "injective"
+  "injective",
+  "monad"
 ];
 var CHAIN_CONFIG = {
   avax: {
@@ -161,6 +162,20 @@ var CHAIN_CONFIG = {
     supportedTokens: ["USDT"],
     approxGasCostUsd: 4e-3,
     note: "USDT only until Circle CCTP native USDC ships (announced for Q2 2026)."
+  },
+  monad: {
+    key: "monad",
+    name: "Monad",
+    chainId: 143,
+    domainName: "Q402 Monad",
+    implContract: "0x39Ba9520718eE069D7f72882FF4C28a5Ea8a2acC",
+    gasToken: "MON",
+    explorer: "https://monadscan.com",
+    // Native Circle USDC via CCTP V2 (not bridged) + USDT0 (LayerZero OFT).
+    usdc: { address: "0x754704Bc059F8C67012fEd69BC8A327a5aafb603", decimals: 6 },
+    usdt: { address: "0xe7cd86e13AC4309349F30B3435a9d337750fC82D", decimals: 6 },
+    supportedTokens: ["USDC", "USDT"],
+    approxGasCostUsd: 2e-3
   }
 };
 var BNB_FOCUS_MODE = false;
@@ -198,8 +213,8 @@ var QuoteInputSchema = z.object({
   token: z.enum(["USDC", "USDT", "RLUSD"]).optional().describe(
     'Optional token filter. USDC / USDT are supported on most chains; RLUSD (Ripple USD, NY DFS regulated, decimals 18) is Ethereum-only \u2014 passing RLUSD here narrows the quote to chain="eth".'
   ),
-  chain: z.enum(["avax", "bnb", "eth", "xlayer", "stable", "mantle", "injective"]).optional().describe(
-    "Optional chain filter. When omitted, all 7 chains are compared and ranked by gas cost."
+  chain: z.enum(["avax", "bnb", "eth", "xlayer", "stable", "mantle", "injective", "monad"]).optional().describe(
+    "Optional chain filter. When omitted, all 8 chains are compared and ranked by gas cost."
   )
 });
 function quoteForChain(cfg) {
@@ -240,7 +255,7 @@ function runQuote(input) {
 }
 var QUOTE_TOOL = {
   name: "q402_quote",
-  description: "Compare gas costs and supported tokens across the 7 chains Q402 relays for (avax, bnb, eth, xlayer, stable, mantle, injective). Trial-tier API keys see BNB-only quotes (q402_pay enforces the same scope server-side); paid-tier keys see the full matrix including RLUSD on Ethereum and Injective USDT-only. Read-only \u2014 no API key needed, no funds move. Use this before q402_pay so the user sees what's currently routable on their tier.",
+  description: "Compare gas costs and supported tokens across the 8 chains Q402 relays for (avax, bnb, eth, xlayer, stable, mantle, injective, monad). Trial-tier API keys see BNB-only quotes (q402_pay enforces the same scope server-side); paid-tier keys see the full matrix including RLUSD on Ethereum and Injective USDT-only. Read-only \u2014 no API key needed, no funds move. Use this before q402_pay so the user sees what's currently routable on their tier.",
   // Plain JSON schema mirroring the Zod schema above; MCP servers receive parameters as JSON.
   inputSchema: {
     type: "object",
@@ -257,7 +272,7 @@ var QUOTE_TOOL = {
       chain: {
         type: "string",
         enum: CHAIN_KEYS,
-        description: "Optional chain filter; omit to compare all 7."
+        description: "Optional chain filter; omit to compare all 8."
       }
     },
     required: ["amount"],
@@ -281,11 +296,12 @@ import {
 var DEFAULT_RPC = {
   1: "https://ethereum.publicnode.com",
   56: "https://bsc-dataseed1.binance.org/",
-  43114: "https://api.avax.network/ext/bc/C/rpc",
+  143: "https://rpc.monad.xyz",
   196: "https://rpc.xlayer.tech",
   988: "https://rpc.stable.xyz",
+  1776: "https://sentry.evm-rpc.injective.network/",
   5e3: "https://rpc.mantle.xyz",
-  1776: "https://sentry.evm-rpc.injective.network/"
+  43114: "https://api.avax.network/ext/bc/C/rpc"
 };
 var TRANSFER_AUTH_TYPES = {
   TransferAuthorization: [
@@ -480,7 +496,7 @@ var Q402NodeClient = class _Q402NodeClient {
     }
     if (chain.key === "xlayer" || chain.key === "stable") {
       throw new Error(
-        `batchPay does not yet support chain "${chain.key}". Supported batch chains: avax, bnb, eth, mantle, injective (default EIP-7702 mode). For "${chain.key}" use pay() in a client-side loop.`
+        `batchPay does not yet support chain "${chain.key}". Supported batch chains: avax, bnb, eth, mantle, injective, monad (default EIP-7702 mode). For "${chain.key}" use pay() in a client-side loop.`
       );
     }
     const rpcUrl = this.opts.rpcUrl ?? DEFAULT_RPC[chain.chainId];
@@ -606,7 +622,7 @@ function sandboxPay(chain, input) {
 
 // src/tools/pay.ts
 var PayInputSchema = z2.object({
-  chain: z2.enum(["avax", "bnb", "eth", "xlayer", "stable", "mantle", "injective"]),
+  chain: z2.enum(["avax", "bnb", "eth", "xlayer", "stable", "mantle", "injective", "monad"]),
   to: z2.string().refine(isAddress2, "to must be a valid 0x-prefixed EVM address").describe("Recipient EVM address (0x + 40 hex)."),
   amount: z2.string().regex(/^\d+(\.\d+)?$/, "amount must be a positive decimal string").describe('Human-readable decimal amount, e.g. "5.00".'),
   token: z2.enum(["USDC", "USDT", "RLUSD"]).describe(
@@ -684,7 +700,7 @@ function describeSandboxReason() {
 }
 var PAY_TOOL = {
   name: "q402_pay",
-  description: `Send a gasless USDC, USDT, or RLUSD payment via Q402. Scope depends on the API key tier: trial keys (q402_live_* with plan='trial') are restricted to chain: "bnb" + token "USDC" or "USDT" (server returns TRIAL_BNB_ONLY for anything else). Paid keys can relay across the full 7-chain matrix \u2014 avax, bnb, eth, xlayer, stable, mantle, injective \u2014 with USDC/USDT supported on most chains, RLUSD on Ethereum only, and Injective USDT-only. SANDBOX BY DEFAULT \u2014 no funds move unless Q402_API_KEY (live tier), Q402_PRIVATE_KEY, and Q402_ENABLE_REAL_PAYMENTS=1 are all set. The recipient receives the full amount; the sender pays $0 in gas. ALWAYS get explicit user confirmation of the exact recipient address, amount, chain, and token in conversation immediately before calling this tool.`,
+  description: `Send a gasless USDC, USDT, or RLUSD payment via Q402. Scope depends on the API key tier: trial keys (q402_live_* with plan='trial') are restricted to chain: "bnb" + token "USDC" or "USDT" (server returns TRIAL_BNB_ONLY for anything else). Paid keys can relay across the full 8-chain matrix \u2014 avax, bnb, eth, xlayer, stable, mantle, injective, monad \u2014 with USDC/USDT supported on most chains, RLUSD on Ethereum only, and Injective USDT-only. SANDBOX BY DEFAULT \u2014 no funds move unless Q402_API_KEY (live tier), Q402_PRIVATE_KEY, and Q402_ENABLE_REAL_PAYMENTS=1 are all set. The recipient receives the full amount; the sender pays $0 in gas. ALWAYS get explicit user confirmation of the exact recipient address, amount, chain, and token in conversation immediately before calling this tool.`,
   inputSchema: {
     type: "object",
     properties: {
@@ -724,7 +740,7 @@ var RECIPIENT_LIMIT_TRIAL = 5;
 var RECIPIENT_LIMIT_PAID = 20;
 var CLIENT_RECIPIENT_CAP = RECIPIENT_LIMIT_PAID;
 var BatchPayInputSchema = z3.object({
-  chain: z3.enum(["avax", "bnb", "eth", "mantle", "injective"]),
+  chain: z3.enum(["avax", "bnb", "eth", "mantle", "injective", "monad"]),
   token: z3.enum(["USDC", "USDT", "RLUSD"]).describe(
     "Stablecoin symbol. USDC / USDT supported on most chains (Injective is USDT-only). RLUSD (Ripple USD, NY DFS regulated, decimals 18) is Ethereum-only. The same token applies to every recipient in the batch."
   ),
@@ -843,7 +859,7 @@ function describeSandboxReason2() {
 }
 var BATCH_PAY_TOOL = {
   name: "q402_batch_pay",
-  description: `Send gasless payments to MULTIPLE recipients on a single chain \xD7 token in one call. Trial keys (q402_live_* with plan='trial'): max ${RECIPIENT_LIMIT_TRIAL} recipients per call, BNB Chain + USDC/USDT only. Paid keys: max ${RECIPIENT_LIMIT_PAID} recipients per call across 5 EIP-7702 default chains (avax, bnb, eth, mantle, injective). xlayer + stable are NOT batchable \u2014 use q402_pay in a loop. SANDBOX BY DEFAULT \u2014 real on-chain TX only when Q402_API_KEY (live), Q402_PRIVATE_KEY, and Q402_ENABLE_REAL_PAYMENTS=1 are all set. Every recipient receives the full amount; the sender pays $0 in gas for the entire batch. ALWAYS get explicit user confirmation of the complete recipient + amount list, chain, and token in conversation immediately before calling this tool \u2014 the user must approve the full batch, not the individual rows.`,
+  description: `Send gasless payments to MULTIPLE recipients on a single chain \xD7 token in one call. Trial keys (q402_live_* with plan='trial'): max ${RECIPIENT_LIMIT_TRIAL} recipients per call, BNB Chain + USDC/USDT only. Paid keys: max ${RECIPIENT_LIMIT_PAID} recipients per call across 6 EIP-7702 default chains (avax, bnb, eth, mantle, injective, monad). xlayer + stable are NOT batchable \u2014 use q402_pay in a loop. SANDBOX BY DEFAULT \u2014 real on-chain TX only when Q402_API_KEY (live), Q402_PRIVATE_KEY, and Q402_ENABLE_REAL_PAYMENTS=1 are all set. Every recipient receives the full amount; the sender pays $0 in gas for the entire batch. ALWAYS get explicit user confirmation of the complete recipient + amount list, chain, and token in conversation immediately before calling this tool \u2014 the user must approve the full batch, not the individual rows.`,
   inputSchema: {
     type: "object",
     properties: {
@@ -852,7 +868,7 @@ var BATCH_PAY_TOOL = {
         // Narrower than the full chain set — xlayer and stable are NOT batchable
         // (chain-specific nonce field shapes). Use q402_pay in a loop for
         // those chains.
-        enum: ["avax", "bnb", "eth", "mantle", "injective"],
+        enum: ["avax", "bnb", "eth", "mantle", "injective", "monad"],
         description: "Target chain. Applies to every recipient in the batch. xlayer + stable are NOT supported here \u2014 use q402_pay in a loop."
       },
       token: {
@@ -1104,7 +1120,7 @@ var RECEIPT_TOOL = {
 
 // src/index.ts
 var PACKAGE_NAME = "@quackai/q402-mcp";
-var PACKAGE_VERSION = "0.3.14";
+var PACKAGE_VERSION = "0.4.1";
 function jsonText(value) {
   return { type: "text", text: JSON.stringify(value, null, 2) };
 }

package/package.json

@@ -1,69 +1,69 @@
-{
-  "name": "@quackai/q402-mcp",
-  "version": "0.3.14",
-  "description": "MCP server for Q402 — gasless USDC, USDT, and RLUSD payments across 7 EVM chains, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.",
-  "mcpName": "io.github.bitgett/q402-mcp",
-  "keywords": [
-    "mcp",
-    "model-context-protocol",
-    "claude",
-    "claude-desktop",
-    "claude-code",
-    "codex",
-    "openai-codex",
-    "cline",
-    "q402",
-    "x402",
-    "stablecoin",
-    "usdc",
-    "usdt",
-    "rlusd",
-    "ripple",
-    "gasless",
-    "eip-7702",
-    "payments",
-    "ai-agents"
-  ],
-  "type": "module",
-  "main": "dist/index.js",
-  "bin": {
-    "q402-mcp": "dist/index.js"
-  },
-  "files": [
-    "dist",
-    "README.md",
-    "LICENSE"
-  ],
-  "engines": {
-    "node": ">=18.18"
-  },
-  "scripts": {
-    "build": "tsup",
-    "dev": "tsup --watch",
-    "prepublishOnly": "npm run build",
-    "start": "node dist/index.js"
-  },
-  "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.29.0",
-    "ethers": "^6.16.0",
-    "zod": "^3.23.8"
-  },
-  "devDependencies": {
-    "@types/node": "^20.11.0",
-    "tsup": "^8.3.0",
-    "typescript": "^5.5.0"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/bitgett/q402-mcp.git"
-  },
-  "homepage": "https://q402.quackai.ai/claude",
-  "bugs": {
-    "url": "https://github.com/bitgett/q402-mcp/issues"
-  },
-  "license": "Apache-2.0",
-  "author": "David Lee <davidlee@quackai.ai>",
-  "publishConfig": {
-    "access": "public"
-  }
-}
+{
+  "name": "@quackai/q402-mcp",
+  "version": "0.4.1",
+  "description": "MCP server for Q402 — gasless USDC, USDT, and RLUSD payments across 8 EVM chains, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.",
+  "mcpName": "io.github.bitgett/q402-mcp",
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "claude",
+    "claude-desktop",
+    "claude-code",
+    "codex",
+    "openai-codex",
+    "cline",
+    "q402",
+    "x402",
+    "stablecoin",
+    "usdc",
+    "usdt",
+    "rlusd",
+    "ripple",
+    "gasless",
+    "eip-7702",
+    "payments",
+    "ai-agents"
+  ],
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "q402-mcp": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=18.18"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "prepublishOnly": "npm run build",
+    "start": "node dist/index.js"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "ethers": "^6.16.0",
+    "zod": "^3.23.8"
+  },
+  "devDependencies": {
+    "@types/node": "^20.11.0",
+    "tsup": "^8.3.0",
+    "typescript": "^5.5.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/bitgett/q402-mcp.git"
+  },
+  "homepage": "https://q402.quackai.ai/claude",
+  "bugs": {
+    "url": "https://github.com/bitgett/q402-mcp/issues"
+  },
+  "license": "Apache-2.0",
+  "author": "David Lee <davidlee@quackai.ai>",
+  "publishConfig": {
+    "access": "public"
+  }
+}