npm - @quackai/q402-mcp - Versions diffs - 0.4.1 → 0.4.3 - Mend

@quackai/q402-mcp 0.4.1 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1,192 +1,209 @@
-# @quackai/q402-mcp
-> MCP server for Q402 — gasless USDC, USDT, and RLUSD payments across 8 EVM chains, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.
-[![npm](https://img.shields.io/npm/v/@quackai/q402-mcp.svg)](https://www.npmjs.com/package/@quackai/q402-mcp)
-[![license](https://img.shields.io/npm/l/@quackai/q402-mcp.svg)](./LICENSE)
-> **🎟️ Free trial available (2026-05-19 → 2026-06-30)** — 2,000 gasless transactions on BNB Chain (USDC + USDT), 30-day window, no card. One wallet signature: <https://q402.quackai.ai>.
->
-> **Trial-scope policy:** API keys minted under the free-trial program (`plan: "trial"`) are restricted to BNB Chain with USDC/USDT — server-side enforcement, returns `403 TRIAL_BNB_ONLY` otherwise. **Paid API keys see the full 8-chain matrix at all times.**
-Claude can now reason about stablecoin payments end to end — quote a transfer across 8 chains, pick the cheapest route, and (optionally) settle the transaction over [Q402](https://q402.quackai.ai)'s EIP-7702 relayer infrastructure. The recipient receives the full amount; the sender pays $0 in gas.
----
-## Quick start
-The server speaks stdio MCP, so any MCP-compatible client can use it. The two paths verified end-to-end today are **Claude (Desktop / Code)** and **OpenAI Codex CLI**.
-### Claude Desktop / Claude Code
-```bash
-claude mcp add q402 -- npx -y @quackai/q402-mcp
-```
-Or edit `claude_desktop_config.json` directly:
-```json
-{
-  "mcpServers": {
-    "q402": {
-      "command": "npx",
-      "args": ["-y", "@quackai/q402-mcp"]
-    }
-  }
-}
-```
-Restart Claude Desktop and ask:
-> *"Compare gas costs to send 50 USDC to vitalik.eth across all 8 Q402 chains."*
-### OpenAI Codex CLI
-Three install paths — pick the one that matches your workflow.
-**(a) Codex plugin marketplace** (recommended — bundles the MCP config so users don't write TOML):
-```bash
-codex plugin marketplace add bitgett/q402-mcp
-codex /plugins        # browse and install "q402"
-```
-This repo carries a Codex plugin manifest at [`.codex-plugin/plugin.json`](./.codex-plugin/plugin.json) and a marketplace catalog at [`.agents/plugins/marketplace.json`](./.agents/plugins/marketplace.json), so any signed-in Codex user can register it as a marketplace source and install with one click.
-**(b) Single MCP server via `codex mcp add`** (no plugin wrapper — just register the stdio server):
-```bash
-codex mcp add q402 -- npx -y @quackai/q402-mcp
-```
-**(c) Direct `~/.codex/config.toml` edit** (`.codex/config.toml` for per-project scope):
-```toml
-[mcp_servers.q402]
-command = "npx"
-args = ["-y", "@quackai/q402-mcp"]
-startup_timeout_sec = 20.0
-```
-To enable real on-chain payments, pass the three live-mode env vars **explicitly** under `env` — Codex does **not** forward host env vars by default:
-```toml
-[mcp_servers.q402]
-command = "npx"
-args = ["-y", "@quackai/q402-mcp"]
-startup_timeout_sec = 20.0
-env = {
-  Q402_API_KEY              = "q402_live_...",
-  Q402_PRIVATE_KEY          = "0xabc...",
-  Q402_ENABLE_REAL_PAYMENTS = "1",
-  Q402_MAX_AMOUNT_PER_CALL  = "5",
-}
-```
-> If you'd rather not inline secrets in `config.toml`, use the `env_vars` allow-list form to forward specific names from your shell environment instead — see the [Codex config reference](https://developers.openai.com/codex/config-reference) for the full schema.
-Then run `codex` and ask the same kind of question. The first call may take a few seconds while `npx` warms its cache; subsequent calls are instant.
-### Any other MCP client
-The server has no client-specific code. If your client speaks stdio MCP, point it at `npx -y @quackai/q402-mcp` and the five tools listed below will appear.
----
-> `Q402_RELAY_BASE_URL` overrides the relay endpoint. Set it explicitly when running against a self-hosted Q402 deployment or a non-canonical environment.
----
-## Tools exposed
-| Tool | Auth | Purpose |
-|---|---|---|
-| `q402_quote` | none | Compare gas cost and supported tokens across chains. Read-only. |
-| `q402_balance` | API key | Verify the API key and report its plan tier + remaining quota credits (live vs sandbox). |
-| `q402_pay` | API key + private key + flag | Send a gasless payment to a single recipient. **Sandbox by default** — see [Sandbox vs live mode](#sandbox-vs-live-mode). |
-| `q402_batch_pay` | API key + private key + flag | Send a gasless payment to **multiple** recipients in one call on a single chain × token. Trial keys: 5 rows max. Paid keys: 20 rows max. **Supported chains: avax, bnb, eth, mantle, injective, monad** (default EIP-7702 mode). xlayer + stable are NOT batchable — use `q402_pay` in a loop for those. Same sandbox gating as `q402_pay`. **Rate-limit note:** the inner `/api/relay` budget (30/min per key) is consumed per row, so a paid 20-row batch leaves ~10 inner slots for the next minute. |
-| `q402_receipt` | none | Look up a Trust Receipt by `rct_…` id and locally verify its ECDSA signature against the relayer EOA. Returns the public settlement record + a `verified` boolean. *receiptId-only today; tx-hash lookup reserved for a future release.* |
-`q402_pay` and `q402_batch_pay` follow a "confirm in chat first" contract: the tool description instructs the model to never call it without explicit user approval of the recipient address(es), amount(s), chain, and token. For batch calls the user must approve the **full batch**, not the individual rows.
-`q402_receipt` is the natural follow-up: after `q402_pay` returns a `receiptUrl`, hand the agent the `rct_…` id and ask *"verify this receipt"* — the tool re-runs the same canonical-JSON + EIP-191 recovery the receipt page does in the browser, so the verification doesn't depend on trusting any UI. Example prompts that work today:
-> *"Pay 0.10 USDT on BNB to vitalik.eth, then verify the receipt."*
-> *"Is `rct_afa5f50bc49a65ebba3b28ab` a real Q402 receipt? Verify the signature."*
-> Per-chain gas tank balances and full transaction history live in the [dashboard](https://q402.quackai.ai/dashboard) — those endpoints require a wallet signature, not a bare API key, so the MCP server points the agent there instead of exposing them.
----
-## Sandbox vs live mode
-By default the MCP server operates in **sandbox mode**: `q402_pay` returns a deterministic-looking fake transaction hash, no funds move, no gas-tank credit is consumed. That makes it safe to plug into any MCP client without worrying about an LLM hallucinating a payment.
-To enable real on-chain transactions, **all three** environment variables must be set:
-```bash
-Q402_API_KEY=q402_live_...           # live-tier key from /dashboard
-Q402_PRIVATE_KEY=0xabc...            # signer for the payer EOA
-Q402_ENABLE_REAL_PAYMENTS=1          # explicit opt-in
-```
-Anything missing → automatic sandbox fallback with a hint pointing at what to set.
-### Hard caps
-Two additional guards run before every payment regardless of mode:
-| Env var | Default | Effect |
-|---|---|---|
-| `Q402_MAX_AMOUNT_PER_CALL` | `5` | Reject any single call where `amount > N` USD-equivalent. |
-| `Q402_ALLOWED_RECIPIENTS` | (empty = off) | Comma-separated address allowlist. When set, all other recipients are rejected. |
-Combined with the `confirm: true` argument the tool requires, this means the model needs (a) explicit user OK in chat, (b) amount ≤ cap, (c) recipient on allowlist if one exists, (d) all three live-mode env vars set, before a single wei moves.
----
-## Configuration reference
-| Env var | Required for | Notes |
-|---|---|---|
-| `Q402_API_KEY` | balance, live-pay | Issue at https://q402.quackai.ai/dashboard. `q402_test_*` keys keep sandbox on. |
-| `Q402_PRIVATE_KEY` | live-pay | Signer for the payer EOA. **Never share. Never paste in chat.** |
-| `Q402_ENABLE_REAL_PAYMENTS` | live-pay | Set to `1` to opt in. Any other value (or unset) → sandbox. |
-| `Q402_MAX_AMOUNT_PER_CALL` | optional | USD-equivalent cap. Defaults to `5`. |
-| `Q402_ALLOWED_RECIPIENTS` | optional | Comma-separated lowercase addresses. Defaults to no allowlist. |
-| `Q402_RELAY_BASE_URL` | optional | Defaults to `https://q402.quackai.ai/api`. Override for self-hosted Q402. |
----
-## Supported chains
-| Chain | Chain ID | Token(s) | Notes |
-|---|---|---|---|
-| BNB Chain | 56 | USDC, USDT | |
-| Ethereum | 1 | USDC, USDT, **RLUSD** | L1 — gas is volatile, quote is a snapshot. RLUSD (Ripple USD, NY DFS regulated, decimals 18) Ethereum-only. |
-| Avalanche C-Chain | 43114 | USDC, USDT | |
-| X Layer | 196 | USDC, USDT | |
-| Stable | 988 | USDT0 (USDC and USDT both alias) | Gas paid in USDT0. |
-| Mantle | 5000 | USDC, USDT0 | LayerZero OFT USDT0 since 2025-11-27. |
-| Injective EVM | 1776 | USDT only | Native USDC via Circle CCTP announced for Q2 2026. |
----
-## Why this exists
-x402 standardised "402 Payment Required" semantics for AI agents but the official Coinbase facilitator only covers a few chains and assumes ERC-3009 token support — which excludes BNB USDT, Mantle USDT0, Injective USDT, and the chains where most stablecoin volume actually lives.
-Q402 implements the same payer experience (single signature, $0 gas, instant settlement) on all 7 of those chains using EIP-7702 delegated execution, which works with any ERC-20. This MCP server makes that infrastructure addressable from Claude itself.
-If you want to dig into how the wire protocol differs from x402, see [Q402 docs](https://q402.quackai.ai/docs).
----
-## Repository
-Source code: https://github.com/bitgett/q402-mcp
-Issues / requests: https://github.com/bitgett/q402-mcp/issues
-## License
-Apache-2.0 — see [LICENSE](./LICENSE).
+# @quackai/q402-mcp
+> MCP server for Q402 — gasless USDC, USDT, and RLUSD payments across 8 EVM chains, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.
+[![npm](https://img.shields.io/npm/v/@quackai/q402-mcp.svg)](https://www.npmjs.com/package/@quackai/q402-mcp)
+[![license](https://img.shields.io/npm/l/@quackai/q402-mcp.svg)](./LICENSE)
+> **🎟️ Free trial available (2026-05-19 → 2026-06-30)** — 2,000 gasless transactions on BNB Chain (USDC + USDT), 30-day window, no card. One wallet signature: <https://q402.quackai.ai>.
+>
+> **Trial-scope policy:** API keys minted under the free-trial program (`plan: "trial"`) are restricted to BNB Chain with USDC/USDT — server-side enforcement, returns `403 TRIAL_BNB_ONLY` otherwise. **Paid API keys see the full 8-chain matrix at all times.**
+Claude can now reason about stablecoin payments end to end — quote a transfer across 8 chains, pick the cheapest route, and (optionally) settle the transaction over [Q402](https://q402.quackai.ai)'s EIP-7702 relayer infrastructure. The recipient receives the full amount; the sender pays $0 in gas.
+---
+## Quick start
+The server speaks stdio MCP, so any MCP-compatible client can use it. The two paths verified end-to-end today are **Claude (Desktop / Code)** and **OpenAI Codex CLI**.
+### Claude Desktop / Claude Code
+```bash
+claude mcp add q402 -- npx -y @quackai/q402-mcp
+```
+Or edit `claude_desktop_config.json` directly:
+```json
+{
+  "mcpServers": {
+    "q402": {
+      "command": "npx",
+      "args": ["-y", "@quackai/q402-mcp"]
+    }
+  }
+}
+```
+Restart Claude Desktop and ask:
+> *"Compare gas costs to send 50 USDC to vitalik.eth across all 8 Q402 chains."*
+### OpenAI Codex CLI
+Three install paths — pick the one that matches your workflow.
+**(a) Codex plugin marketplace** (recommended — bundles the MCP config so users don't write TOML):
+```bash
+codex plugin marketplace add bitgett/q402-mcp
+codex /plugins        # browse and install "q402"
+```
+This repo carries a Codex plugin manifest at [`.codex-plugin/plugin.json`](./.codex-plugin/plugin.json) and a marketplace catalog at [`.agents/plugins/marketplace.json`](./.agents/plugins/marketplace.json), so any signed-in Codex user can register it as a marketplace source and install with one click.
+**(b) Single MCP server via `codex mcp add`** (no plugin wrapper — just register the stdio server):
+```bash
+codex mcp add q402 -- npx -y @quackai/q402-mcp
+```
+**(c) Direct `~/.codex/config.toml` edit** (`.codex/config.toml` for per-project scope):
+```toml
+[mcp_servers.q402]
+command = "npx"
+args = ["-y", "@quackai/q402-mcp"]
+startup_timeout_sec = 20.0
+```
+To enable real on-chain payments, pass the three live-mode env vars **explicitly** under `env` — Codex does **not** forward host env vars by default:
+```toml
+[mcp_servers.q402]
+command = "npx"
+args = ["-y", "@quackai/q402-mcp"]
+startup_timeout_sec = 20.0
+env = {
+  # Two-key model (v0.4.3+): set whichever applies — both is best.
+  # The server auto-routes by chain: BNB → trial key, else multichain key.
+  Q402_TRIAL_API_KEY        = "q402_live_trial_...",   # BNB-only sponsored
+  Q402_MULTICHAIN_API_KEY   = "q402_live_...",         # paid 8-chain
+  # Legacy fallback — used if neither scoped key above is set.
+  Q402_API_KEY              = "q402_live_...",
+  Q402_PRIVATE_KEY          = "0xabc...",
+  Q402_ENABLE_REAL_PAYMENTS = "1",
+  Q402_MAX_AMOUNT_PER_CALL  = "5",
+}
+```
+> If you'd rather not inline secrets in `config.toml`, use the `env_vars` allow-list form to forward specific names from your shell environment instead — see the [Codex config reference](https://developers.openai.com/codex/config-reference) for the full schema.
+Then run `codex` and ask the same kind of question. The first call may take a few seconds while `npx` warms its cache; subsequent calls are instant.
+### Any other MCP client
+The server has no client-specific code. If your client speaks stdio MCP, point it at `npx -y @quackai/q402-mcp` and the five tools listed below will appear.
+---
+> `Q402_RELAY_BASE_URL` overrides the relay endpoint. Set it explicitly when running against a self-hosted Q402 deployment or a non-canonical environment.
+---
+## Tools exposed
+| Tool | Auth | Purpose |
+|---|---|---|
+| `q402_quote` | none | Compare gas cost and supported tokens across chains. Read-only. |
+| `q402_balance` | API key | Verify the API key and report its plan tier + remaining quota credits (live vs sandbox). |
+| `q402_pay` | API key + private key + flag | Send a gasless payment to a single recipient. **Sandbox by default** — see [Sandbox vs live mode](#sandbox-vs-live-mode). |
+| `q402_batch_pay` | API key + private key + flag | Send a gasless payment to **multiple** recipients in one call on a single chain × token. Trial keys: 5 rows max. Paid keys: 20 rows max. **Supported chains: avax, bnb, eth, mantle, injective, monad** (default EIP-7702 mode). xlayer + stable are NOT batchable — use `q402_pay` in a loop for those. Same sandbox gating as `q402_pay`. **Rate-limit note:** the inner `/api/relay` budget (30/min per key) is consumed per row, so a paid 20-row batch leaves ~10 inner slots for the next minute. |
+| `q402_receipt` | none | Look up a Trust Receipt by `rct_…` id and locally verify its ECDSA signature against the relayer EOA. Returns the public settlement record + a `verified` boolean. *receiptId-only today; tx-hash lookup reserved for a future release.* |
+`q402_pay` and `q402_batch_pay` follow a "confirm in chat first" contract: the tool description instructs the model to never call it without explicit user approval of the recipient address(es), amount(s), chain, and token. For batch calls the user must approve the **full batch**, not the individual rows.
+`q402_receipt` is the natural follow-up: after `q402_pay` returns a `receiptUrl`, hand the agent the `rct_…` id and ask *"verify this receipt"* — the tool re-runs the same canonical-JSON + EIP-191 recovery the receipt page does in the browser, so the verification doesn't depend on trusting any UI. Example prompts that work today:
+> *"Pay 0.10 USDT on BNB to vitalik.eth, then verify the receipt."*
+> *"Is `rct_afa5f50bc49a65ebba3b28ab` a real Q402 receipt? Verify the signature."*
+> Per-chain gas tank balances and full transaction history live in the [dashboard](https://q402.quackai.ai/dashboard) — those endpoints require a wallet signature, not a bare API key, so the MCP server points the agent there instead of exposing them.
+---
+## Sandbox vs live mode
+By default the MCP server operates in **sandbox mode**: `q402_pay` returns a deterministic-looking fake transaction hash, no funds move, no gas-tank credit is consumed. That makes it safe to plug into any MCP client without worrying about an LLM hallucinating a payment.
+To enable real on-chain transactions, the resolved API key must be live (`q402_live_*`), `Q402_PRIVATE_KEY` must be set, and `Q402_ENABLE_REAL_PAYMENTS=1`:
+```bash
+# Two-key model (v0.4.3+) — set whichever applies. Both is best.
+# Auto-routing: chain="bnb" → trial key (if set), otherwise multichain key.
+# Override per call with keyScope: "auto" | "trial" | "multichain".
+Q402_TRIAL_API_KEY=q402_live_trial_...     # BNB-only sponsored Trial key
+Q402_MULTICHAIN_API_KEY=q402_live_...      # paid 8-chain key (per-chain Gas Tank)
+# Legacy fallback. Used for both scopes when the two above are unset —
+# pre-v0.4.3 users keep working without any config change.
+Q402_API_KEY=q402_live_...
+Q402_PRIVATE_KEY=0xabc...                  # signer for the payer EOA
+Q402_ENABLE_REAL_PAYMENTS=1                # explicit opt-in
+```
+Anything missing for the resolved scope → automatic sandbox fallback with a hint pointing at what to set.
+### Hard caps
+Two additional guards run before every payment regardless of mode:
+| Env var | Default | Effect |
+|---|---|---|
+| `Q402_MAX_AMOUNT_PER_CALL` | `5` | Reject any single call where `amount > N` USD-equivalent. |
+| `Q402_ALLOWED_RECIPIENTS` | (empty = off) | Comma-separated address allowlist. When set, all other recipients are rejected. |
+Combined with the `confirm: true` argument the tool requires, this means the model needs (a) explicit user OK in chat, (b) amount ≤ cap, (c) recipient on allowlist if one exists, (d) all three live-mode env vars set, before a single wei moves.
+---
+## Configuration reference
+| Env var | Required for | Notes |
+|---|---|---|
+| `Q402_TRIAL_API_KEY` | live-pay (BNB) | BNB-only sponsored Trial key. Free at https://q402.quackai.ai/event. Used automatically for `chain="bnb"` when set. |
+| `Q402_MULTICHAIN_API_KEY` | live-pay (8-chain) | Paid 8-chain key. Get one at https://q402.quackai.ai/payment. Used for all non-BNB chains and for BNB when no Trial key is set. |
+| `Q402_API_KEY` | legacy fallback | Pre-v0.4.3 single-env path. Used for both scopes when the two above are unset. Keep set if you only have one key. |
+| `Q402_PRIVATE_KEY` | live-pay | Signer for the payer EOA. **Never share. Never paste in chat.** |
+| `Q402_ENABLE_REAL_PAYMENTS` | live-pay | Set to `1` to opt in. Any other value (or unset) → sandbox. |
+| `Q402_MAX_AMOUNT_PER_CALL` | optional | USD-equivalent cap. Defaults to `5`. |
+| `Q402_ALLOWED_RECIPIENTS` | optional | Comma-separated lowercase addresses. Defaults to no allowlist. |
+| `Q402_RELAY_BASE_URL` | optional | Defaults to `https://q402.quackai.ai/api`. Override for self-hosted Q402. |
+---
+## Supported chains
+| Chain | Chain ID | Token(s) | Notes |
+|---|---|---|---|
+| BNB Chain | 56 | USDC, USDT | |
+| Ethereum | 1 | USDC, USDT, **RLUSD** | L1 — gas is volatile, quote is a snapshot. RLUSD (Ripple USD, NY DFS regulated, decimals 18) Ethereum-only. |
+| Avalanche C-Chain | 43114 | USDC, USDT | |
+| X Layer | 196 | USDC, USDT | |
+| Stable | 988 | USDT0 (USDC and USDT both alias) | Gas paid in USDT0. |
+| Mantle | 5000 | USDC, USDT0 | LayerZero OFT USDT0 since 2025-11-27. |
+| Injective EVM | 1776 | USDT only | Native USDC via Circle CCTP announced for Q2 2026. |
+| Monad | 143 | USDC, USDT0 | Native Circle USDC (CCTP V2) + USDT0 (LayerZero OFT). |
+---
+## Why this exists
+x402 standardised "402 Payment Required" semantics for AI agents but the official Coinbase facilitator only covers a few chains and assumes ERC-3009 token support — which excludes BNB USDT, Mantle USDT0, Injective USDT, and the chains where most stablecoin volume actually lives.
+Q402 implements the same payer experience (single signature, $0 gas, instant settlement) on all 8 of those chains using EIP-7702 delegated execution, which works with any ERC-20. This MCP server makes that infrastructure addressable from Claude itself.
+If you want to dig into how the wire protocol differs from x402, see [Q402 docs](https://q402.quackai.ai/docs).
+---
+## Repository
+Source code: https://github.com/bitgett/q402-mcp
+Issues / requests: https://github.com/bitgett/q402-mcp/issues
+## License
+Apache-2.0 — see [LICENSE](./LICENSE).

package/dist/index.js CHANGED Viewed

@@ -29,12 +29,18 @@ function parseMaxAmount(raw) {
   return n;
 }
 function loadConfig() {
-  const apiKey = process.env.Q402_API_KEY ?? null;
+  const trialApiKey = process.env.Q402_TRIAL_API_KEY ?? null;
+  const multichainApiKey = process.env.Q402_MULTICHAIN_API_KEY ?? null;
+  const legacyApiKey = process.env.Q402_API_KEY ?? null;
+  const apiKey = multichainApiKey ?? trialApiKey ?? legacyApiKey;
   const apiKeyKind = classifyApiKey(apiKey);
   const privateKey = process.env.Q402_PRIVATE_KEY ?? null;
   const realPaymentsRequested = process.env.Q402_ENABLE_REAL_PAYMENTS === "1";
   const live = realPaymentsRequested && apiKeyKind === "live" && typeof privateKey === "string" && privateKey.length > 0;
   return {
+    trialApiKey,
+    multichainApiKey,
+    legacyApiKey,
     apiKey,
     apiKeyKind,
     privateKey,
@@ -46,6 +52,35 @@ function loadConfig() {
   };
 }
 var CONFIG = loadConfig();
+function resolveApiKey(chain, scope = "auto") {
+  const effectiveScope = scope === "auto" ? chain === "bnb" && CONFIG.trialApiKey ? "trial" : "multichain" : scope;
+  if (effectiveScope === "trial") {
+    if (chain !== "bnb") {
+      throw new Error(
+        `Trial API Key supports BNB Chain only \u2014 got "${chain}". Use a Multichain API Key (set Q402_MULTICHAIN_API_KEY) for ${chain} and other paid chains, or omit keyScope to let the server auto-pick.`
+      );
+    }
+    const key2 = CONFIG.trialApiKey ?? CONFIG.legacyApiKey;
+    if (!key2) {
+      throw new Error(
+        "keyScope='trial' was requested but neither Q402_TRIAL_API_KEY nor Q402_API_KEY is set. Get a Trial key at https://q402.quackai.ai/event."
+      );
+    }
+    return { apiKey: key2, scope: "trial", fromLegacyFallback: !CONFIG.trialApiKey };
+  }
+  const key = CONFIG.multichainApiKey ?? CONFIG.legacyApiKey;
+  if (!key) {
+    throw new Error(
+      "keyScope='multichain' was requested but neither Q402_MULTICHAIN_API_KEY nor Q402_API_KEY is set. Activate a paid plan at https://q402.quackai.ai/payment to get one."
+    );
+  }
+  return { apiKey: key, scope: "multichain", fromLegacyFallback: !CONFIG.multichainApiKey };
+}
+function isLiveModeFor(resolved) {
+  if (!CONFIG.realPaymentsRequested) return false;
+  if (!CONFIG.privateKey) return false;
+  return resolved.apiKey.startsWith("q402_live_");
+}
 // src/tools/quote.ts
 import { z } from "zod";
@@ -628,6 +663,9 @@ var PayInputSchema = z2.object({
   token: z2.enum(["USDC", "USDT", "RLUSD"]).describe(
     "Stablecoin symbol. USDC / USDT supported on most chains (Injective is USDT-only). RLUSD (Ripple USD, NY DFS regulated, decimals 18) is Ethereum-only."
   ),
+  keyScope: z2.enum(["auto", "trial", "multichain"]).optional().describe(
+    'Which API key to use. "auto" (default) picks the Trial key for BNB when Q402_TRIAL_API_KEY is set, and the Multichain key otherwise. "trial" forces the BNB-only sponsored key. "multichain" forces the paid 8-chain key.'
+  ),
   confirm: z2.literal(true).describe(
     "MUST be true. Prove the user explicitly approved this exact recipient and amount in the conversation right before this tool was called. Setting this to true on behalf of the user without confirmation is a violation of the tool contract."
   )
@@ -666,18 +704,22 @@ async function runPay(input) {
   if (CONFIG.allowedRecipients.length > 0) {
     guardsApplied.push(`recipient_allowlist[${CONFIG.allowedRecipients.length}]`);
   }
-  if (CONFIG.mode === "sandbox") {
+  const scopeRequest = input.keyScope ?? "auto";
+  const resolved = resolveApiKey(input.chain, scopeRequest);
+  guardsApplied.push(`scope=${resolved.scope}${resolved.fromLegacyFallback ? "(legacy)" : ""}`);
+  const live = isLiveModeFor(resolved);
+  if (!live) {
     const result2 = sandboxPay(chain, {
       to: input.to,
       amount: input.amount,
       token: input.token
     });
     guardsApplied.push("mode=sandbox");
-    const setupHint = describeSandboxReason();
+    const setupHint = describeSandboxReason(resolved.apiKey);
     return { result: result2, guardsApplied, setupHint };
   }
   const client = new Q402NodeClient({
-    apiKey: CONFIG.apiKey,
+    apiKey: resolved.apiKey,
     privateKey: CONFIG.privateKey,
     chain,
     relayBaseUrl: CONFIG.relayBaseUrl
@@ -690,9 +732,9 @@ async function runPay(input) {
   guardsApplied.push("mode=live");
   return { result, guardsApplied };
 }
-function describeSandboxReason() {
+function describeSandboxReason(resolvedKey) {
   const missing = [];
-  if (CONFIG.apiKeyKind !== "live") missing.push("Q402_API_KEY (must start with q402_live_)");
+  if (!resolvedKey.startsWith("q402_live_")) missing.push("a live API key (must start with q402_live_)");
   if (!CONFIG.privateKey) missing.push("Q402_PRIVATE_KEY");
   if (!CONFIG.realPaymentsRequested) missing.push("Q402_ENABLE_REAL_PAYMENTS=1");
   if (missing.length === 0) return "Sandbox mode active (no env state change needed).";
@@ -700,7 +742,7 @@ function describeSandboxReason() {
 }
 var PAY_TOOL = {
   name: "q402_pay",
-  description: `Send a gasless USDC, USDT, or RLUSD payment via Q402. Scope depends on the API key tier: trial keys (q402_live_* with plan='trial') are restricted to chain: "bnb" + token "USDC" or "USDT" (server returns TRIAL_BNB_ONLY for anything else). Paid keys can relay across the full 8-chain matrix \u2014 avax, bnb, eth, xlayer, stable, mantle, injective, monad \u2014 with USDC/USDT supported on most chains, RLUSD on Ethereum only, and Injective USDT-only. SANDBOX BY DEFAULT \u2014 no funds move unless Q402_API_KEY (live tier), Q402_PRIVATE_KEY, and Q402_ENABLE_REAL_PAYMENTS=1 are all set. The recipient receives the full amount; the sender pays $0 in gas. ALWAYS get explicit user confirmation of the exact recipient address, amount, chain, and token in conversation immediately before calling this tool.`,
+  description: "Send a gasless USDC, USDT, or RLUSD payment via Q402. Uses Q402_TRIAL_API_KEY (BNB-only sponsored Trial) when chain='bnb' and the Trial env is set, and Q402_MULTICHAIN_API_KEY (paid 8-chain) otherwise. Set keyScope='trial' or 'multichain' to force one explicitly. Trial keys reject any non-BNB chain server-side with TRIAL_BNB_ONLY. Multichain keys cover avax, bnb, eth, xlayer, stable, mantle, injective, monad \u2014 USDC/USDT on most chains, RLUSD on Ethereum only, Injective USDT-only. SANDBOX BY DEFAULT \u2014 no funds move unless the resolved key is a live key (q402_live_*), Q402_PRIVATE_KEY is set, and Q402_ENABLE_REAL_PAYMENTS=1. The recipient receives the full amount; the sender pays $0 in gas. ALWAYS get explicit user confirmation of the exact recipient address, amount, chain, and token in conversation immediately before calling this tool.",
   inputSchema: {
     type: "object",
     properties: {
@@ -722,6 +764,11 @@ var PAY_TOOL = {
         enum: ["USDC", "USDT", "RLUSD"],
         description: "Stablecoin to send. USDC / USDT supported on most chains; Injective is USDT-only. RLUSD (Ripple USD, NY DFS regulated, decimals 18) is Ethereum-only."
       },
+      keyScope: {
+        type: "string",
+        enum: ["auto", "trial", "multichain"],
+        description: 'Which API key to use. "auto" (default) picks Trial for BNB when Q402_TRIAL_API_KEY is set, Multichain otherwise. "trial" forces the BNB-only sponsored key. "multichain" forces the paid 8-chain key.'
+      },
       confirm: {
         type: "boolean",
         const: true,
@@ -752,6 +799,9 @@ var BatchPayInputSchema = z3.object({
   ).min(1, "recipients must contain at least one row").max(CLIENT_RECIPIENT_CAP, `recipients cannot exceed ${CLIENT_RECIPIENT_CAP} (server enforces tighter cap by key scope)`).describe(
     `Array of {to, amount} pairs. All recipients share the same chain and token. Trial keys: max ${RECIPIENT_LIMIT_TRIAL} rows. Paid keys: max ${RECIPIENT_LIMIT_PAID} rows.`
   ),
+  keyScope: z3.enum(["auto", "trial", "multichain"]).optional().describe(
+    'Which API key to use. "auto" (default) picks Trial for BNB when Q402_TRIAL_API_KEY is set, Multichain otherwise. Trial forces the BNB-only sponsored key; "multichain" forces the paid 8-chain key.'
+  ),
   confirm: z3.literal(true).describe(
     "MUST be true. The user must have explicitly approved this exact set of recipients, amounts, chain, and token in the conversation right before this tool was called. Setting confirm=true on behalf of the user without that approval is a violation of the tool contract."
   )
@@ -796,21 +846,26 @@ async function runBatchPay(input) {
   if (CONFIG.allowedRecipients.length > 0) {
     guardsApplied.push(`recipient_allowlist[${CONFIG.allowedRecipients.length}]`);
   }
-  if (CONFIG.mode === "sandbox") {
+  const scopeRequest = input.keyScope ?? "auto";
+  const resolved = resolveApiKey(input.chain, scopeRequest);
+  guardsApplied.push(`scope=${resolved.scope}${resolved.fromLegacyFallback ? "(legacy)" : ""}`);
+  const live = isLiveModeFor(resolved);
+  if (!live) {
     const sandboxResults = input.recipients.map(
       (r) => sandboxPay(chain, { to: r.to, amount: r.amount, token: input.token })
     );
     guardsApplied.push("mode=sandbox");
+    const reason = describeSandboxReason2(resolved.apiKey);
     return {
       mode: "sandbox",
       status: "sandbox",
-      result: { sandbox: sandboxResults, reason: describeSandboxReason2() },
+      result: { sandbox: sandboxResults, reason },
       guardsApplied,
-      setupHint: describeSandboxReason2()
+      setupHint: reason
     };
   }
   const client = new Q402NodeClient({
-    apiKey: CONFIG.apiKey,
+    apiKey: resolved.apiKey,
     privateKey: CONFIG.privateKey,
     chain,
     relayBaseUrl: CONFIG.relayBaseUrl
@@ -849,9 +904,9 @@ async function runBatchPay(input) {
     throw err;
   }
 }
-function describeSandboxReason2() {
+function describeSandboxReason2(resolvedKey) {
   const missing = [];
-  if (CONFIG.apiKeyKind !== "live") missing.push("Q402_API_KEY (must start with q402_live_)");
+  if (!resolvedKey.startsWith("q402_live_")) missing.push("a live API key (must start with q402_live_)");
   if (!CONFIG.privateKey) missing.push("Q402_PRIVATE_KEY");
   if (!CONFIG.realPaymentsRequested) missing.push("Q402_ENABLE_REAL_PAYMENTS=1");
   if (missing.length === 0) return "Sandbox mode active (no env state change needed).";
@@ -859,7 +914,7 @@ function describeSandboxReason2() {
 }
 var BATCH_PAY_TOOL = {
   name: "q402_batch_pay",
-  description: `Send gasless payments to MULTIPLE recipients on a single chain \xD7 token in one call. Trial keys (q402_live_* with plan='trial'): max ${RECIPIENT_LIMIT_TRIAL} recipients per call, BNB Chain + USDC/USDT only. Paid keys: max ${RECIPIENT_LIMIT_PAID} recipients per call across 6 EIP-7702 default chains (avax, bnb, eth, mantle, injective, monad). xlayer + stable are NOT batchable \u2014 use q402_pay in a loop. SANDBOX BY DEFAULT \u2014 real on-chain TX only when Q402_API_KEY (live), Q402_PRIVATE_KEY, and Q402_ENABLE_REAL_PAYMENTS=1 are all set. Every recipient receives the full amount; the sender pays $0 in gas for the entire batch. ALWAYS get explicit user confirmation of the complete recipient + amount list, chain, and token in conversation immediately before calling this tool \u2014 the user must approve the full batch, not the individual rows.`,
+  description: `Send gasless payments to MULTIPLE recipients on a single chain \xD7 token in one call. Uses Q402_TRIAL_API_KEY for chain='bnb' when the Trial env is set, Q402_MULTICHAIN_API_KEY otherwise. Set keyScope='trial' or 'multichain' to force one. Trial keys: max ${RECIPIENT_LIMIT_TRIAL} recipients per call, BNB Chain + USDC/USDT only. Multichain keys: max ${RECIPIENT_LIMIT_PAID} recipients per call across 6 EIP-7702 default chains (avax, bnb, eth, mantle, injective, monad). xlayer + stable are NOT batchable \u2014 use q402_pay in a loop. SANDBOX BY DEFAULT \u2014 real on-chain TX only when the resolved key is live (q402_live_*), Q402_PRIVATE_KEY is set, and Q402_ENABLE_REAL_PAYMENTS=1. Every recipient receives the full amount; the sender pays $0 in gas for the entire batch. ALWAYS get explicit user confirmation of the complete recipient + amount list, chain, and token in conversation immediately before calling this tool \u2014 the user must approve the full batch, not the individual rows.`,
   inputSchema: {
     type: "object",
     properties: {
@@ -897,6 +952,11 @@ var BATCH_PAY_TOOL = {
           additionalProperties: false
         }
       },
+      keyScope: {
+        type: "string",
+        enum: ["auto", "trial", "multichain"],
+        description: 'Which API key to use. "auto" (default) picks Trial for BNB when Q402_TRIAL_API_KEY is set, Multichain otherwise.'
+      },
       confirm: {
         type: "boolean",
         const: true,
@@ -915,39 +975,64 @@ function mask(key) {
   if (!key || key.length < 12) return null;
   return `${key.slice(0, 12)}\u2026${key.slice(-4)}`;
 }
-async function runBalance() {
-  if (CONFIG.apiKeyKind === "missing") {
-    return {
-      apiKeyKind: "missing",
-      apiKeyMasked: null,
-      dashboardUrl: "https://q402.quackai.ai/dashboard",
-      setupHint: "Set Q402_API_KEY to a key issued at https://q402.quackai.ai/dashboard. Test-tier keys (q402_test_*) work too \u2014 they show sandbox quota."
-    };
-  }
+async function verifyOne(apiKey) {
   const resp = await fetch(`${CONFIG.relayBaseUrl}/keys/verify`, {
     method: "POST",
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ apiKey: CONFIG.apiKey })
+    body: JSON.stringify({ apiKey })
   });
-  const verifyJson = resp.ok ? await resp.json() : { error: `HTTP ${resp.status}` };
+  return resp.ok ? await resp.json() : { error: `HTTP ${resp.status}` };
+}
+function extractTrial(verifyJson) {
   const v = verifyJson;
-  const trialMeta = v && v.isTrial && typeof v.trialExpiresAt === "string" ? {
+  if (!v || !v.isTrial || typeof v.trialExpiresAt !== "string") return void 0;
+  return {
     daysLeft: typeof v.trialDaysLeft === "number" ? v.trialDaysLeft : 0,
     expiresAt: v.trialExpiresAt,
     creditsRemaining: typeof v.remainingCredits === "number" ? v.remainingCredits : 0,
     signupUrl: "https://q402.quackai.ai"
-  } : void 0;
+  };
+}
+async function runBalance() {
+  const targets = [];
+  if (CONFIG.trialApiKey) targets.push({ scope: "trial", key: CONFIG.trialApiKey });
+  if (CONFIG.multichainApiKey) targets.push({ scope: "multichain", key: CONFIG.multichainApiKey });
+  if (targets.length === 0 && CONFIG.legacyApiKey) {
+    targets.push({ scope: "legacy", key: CONFIG.legacyApiKey });
+  }
+  if (targets.length === 0) {
+    return {
+      apiKeyKind: "missing",
+      apiKeyMasked: null,
+      scopes: [],
+      dashboardUrl: "https://q402.quackai.ai/dashboard",
+      setupHint: "Set Q402_TRIAL_API_KEY (BNB-only sponsored, free at /event) and/or Q402_MULTICHAIN_API_KEY (paid 8-chain from /dashboard). Single-env legacy: Q402_API_KEY also works."
+    };
+  }
+  const scopes = await Promise.all(
+    targets.map(async ({ scope, key }) => {
+      const verify = await verifyOne(key);
+      return {
+        scope,
+        apiKeyMasked: mask(key) ?? key,
+        verify,
+        trial: extractTrial(verify)
+      };
+    })
+  );
+  const primary = scopes.find((s) => s.scope === "multichain") ?? scopes.find((s) => s.scope === "trial") ?? scopes[0];
   return {
     apiKeyKind: CONFIG.apiKeyKind,
-    apiKeyMasked: mask(CONFIG.apiKey),
-    verify: verifyJson,
-    dashboardUrl: "https://q402.quackai.ai/dashboard",
-    ...trialMeta ? { trial: trialMeta } : {}
+    apiKeyMasked: primary.apiKeyMasked,
+    verify: primary.verify,
+    trial: primary.trial,
+    scopes,
+    dashboardUrl: "https://q402.quackai.ai/dashboard"
   };
 }
 var BALANCE_TOOL = {
   name: "q402_balance",
-  description: "Verify the configured API key and report its plan tier (live vs sandbox vs trial). Read-only. When the key is on the free trial, returns the days-left and credits-remaining summary so the agent can surface it. Free trial available at https://q402.quackai.ai \u2014 2,000 gasless TX over 30 days, one wallet signature. For per-chain gas tank balances, point the user at https://q402.quackai.ai/dashboard \u2014 those need a wallet signature, not a bare key.",
+  description: "Verify the configured API key(s) and report each one's plan tier (live vs sandbox vs trial). Read-only. When both Q402_TRIAL_API_KEY and Q402_MULTICHAIN_API_KEY are set, returns BOTH summaries so the agent can show the user trial credits AND paid credits in one view. For trial-scoped keys, returns days-left + credits-remaining for the trial allotment. Free trial available at https://q402.quackai.ai/event \u2014 2,000 gasless TX over 30 days. For per-chain gas tank balances, point the user at https://q402.quackai.ai/dashboard \u2014 those need a wallet signature, not a bare key.",
   inputSchema: {
     type: "object",
     properties: {},
@@ -1120,7 +1205,7 @@ var RECEIPT_TOOL = {
 // src/index.ts
 var PACKAGE_NAME = "@quackai/q402-mcp";
-var PACKAGE_VERSION = "0.4.1";
+var PACKAGE_VERSION = "0.4.2";
 function jsonText(value) {
   return { type: "text", text: JSON.stringify(value, null, 2) };
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@quackai/q402-mcp",
-  "version": "0.4.1",
+  "version": "0.4.3",
   "description": "MCP server for Q402 — gasless USDC, USDT, and RLUSD payments across 8 EVM chains, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.",
   "mcpName": "io.github.bitgett/q402-mcp",
   "keywords": [