@quackai/q402-mcp 0.8.19 → 0.8.21

package/dist/index.js

@@ -130,8 +130,7 @@ function loadConfig() {
   const walletId = typeof walletIdRaw === "string" && walletIdRaw.length > 0 ? walletIdRaw.toLowerCase() : null;
   const realPaymentsRequested = ENV.Q402_ENABLE_REAL_PAYMENTS === "1";
   const anyLiveKey = classifyApiKey(trialApiKey) === "live" || classifyApiKey(multichainApiKey) === "live" || classifyApiKey(legacyApiKey) === "live";
-  const hasAnySignerKey = typeof privateKey === "string" && privateKey.length > 0 || typeof agenticPrivateKey === "string" && agenticPrivateKey.length > 0;
-  const live = realPaymentsRequested && anyLiveKey && hasAnySignerKey;
+  const live = realPaymentsRequested && anyLiveKey;
   return {
     trialApiKey,
     multichainApiKey,
@@ -212,7 +211,7 @@ var isValidPrivateKey = (s) => typeof s === "string" && PRIVATE_KEY_RE.test(s);
 // package.json
 var package_default = {
   name: "@quackai/q402-mcp",
-  version: "0.8.19",
+  version: "0.8.21",
   description: "MCP server for Q402 \u2014 gasless USDC/USDT/RLUSD payments on 10 EVM chains + Chainlink CCIP USDC bridge on the eth/avax/arbitrum triangle, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.",
   mcpName: "io.github.bitgett/q402-mcp",
   keywords: [
@@ -1648,6 +1647,21 @@ async function runBatchPay(input) {
     const data = await resp.json().catch(() => ({}));
     if (!resp.ok) {
       const errMsg = data && typeof data === "object" && "error" in data ? String(data.error) : `relay_http_${resp.status}`;
+      if (data.status === "uncertain") {
+        return {
+          mode: "live",
+          status: "settlement_uncertain",
+          guardsApplied: [
+            ...guardsApplied,
+            "wallet=agentic-server",
+            "mode=live",
+            `http=${resp.status}`
+          ],
+          senderWallet,
+          error: errMsg,
+          setupHint: "The relay did not confirm whether these payments settled \u2014 they MAY have been sent. DO NOT retry this batch; verify the recipients' on-chain balances first. Re-sending could double-pay."
+        };
+      }
       return {
         mode: "live",
         status: "aborted",
@@ -3414,7 +3428,7 @@ var YieldPositionsInputSchema = z15.object({
 });
 var YIELD_POSITIONS_TOOL = {
   name: "q402_yield_positions",
-  description: "READ-ONLY \u2014 show the Agent Wallet's current Q402 Yield (Aave) lending positions. Returns each position's protocol, chain, asset, market address, balance, principal, accrued interest, and supply APY, plus the aggregate total supplied in USD. Authenticated by the configured live Multichain API key \u2014 no private key required and no funds move. BNB CHAIN ONLY \u2014 Q402 Yield supports BNB Chain today. walletId is OPTIONAL: omit it and the server reads the owner's default Agent Wallet (resolved from the API key); pass one only when the owner holds more than one wallet. An optional chain filter is also accepted. Use this whenever the user asks 'how much am I earning?' or 'what are my open lending positions?'",
+  description: "READ-ONLY \u2014 show the Agent Wallet's current Q402 Yield (Aave) lending positions. Returns each position's protocol, chain, asset, market address, CURRENT supplied position value (the live aToken balance, in token units), and live supply APY, plus the aggregate current value in USD. Authenticated by the configured live Multichain API key \u2014 no private key required and no funds move. BNB CHAIN ONLY \u2014 Q402 Yield supports BNB Chain today. DOES NOT report principal or accrued earnings as separate numbers \u2014 the aToken balance already includes accrued interest but is not broken out, so do NOT claim a specific 'earnings/profit/interest earned' figure from this tool; report only the current position value and the APY. walletId is OPTIONAL: omit it and the server reads the owner's default Agent Wallet (resolved from the API key); pass one only when the owner holds more than one wallet. An optional chain filter is also accepted. Use this whenever the user asks 'what is my position worth?', 'what's my current yield balance / APY?', or 'what are my open lending positions?'",
   inputSchema: {
     type: "object",
     properties: {
@@ -3483,7 +3497,7 @@ async function runYieldPositions(input) {
   const unavailableChains = Array.isArray(data.unavailableChains) ? data.unavailableChains : [];
   const hasUnavailable = data.unavailable === true || unavailableChains.length > 0;
   const unavailableNote = hasUnavailable ? ` Some chains could not be read this cycle${unavailableChains.length ? ` (${unavailableChains.join(", ")})` : ""} \u2014 this snapshot may be incomplete; retry before treating a balance as zero.` : "";
-  const summary = positions.length ? `Total supplied: $${(data.totalSuppliedUsd ?? 0).toFixed(2)} across ${positions.length} position(s).${unavailableNote}` : hasUnavailable ? `No positions returned, but a read failure occurred${unavailableChains.length ? ` on ${unavailableChains.join(", ")}` : ""} \u2014 this is NOT a confirmed empty position; retry.` : "No open Q402 Yield positions for this wallet.";
+  const summary = positions.length ? `Total current position value: $${(data.totalSuppliedUsd ?? 0).toFixed(2)} across ${positions.length} position(s) (live aToken balance incl. accrued interest; earnings are not broken out).${unavailableNote}` : hasUnavailable ? `No positions returned, but a read failure occurred${unavailableChains.length ? ` on ${unavailableChains.join(", ")}` : ""} \u2014 this is NOT a confirmed empty position; retry.` : "No open Q402 Yield positions for this wallet.";
   return {
     content: [
       { type: "text", text: summary },
@@ -3491,11 +3505,23 @@ async function runYieldPositions(input) {
         type: "text",
         text: JSON.stringify({
           walletId: data.walletId ?? walletId ?? null,
+          // Surface only what's real: the current position value (live aToken
+          // balance) + APY. `principal`/`accrued` come back null from this
+          // Phase-0 read, so they're included ONLY when the server actually
+          // populated them — never as a null placeholder that reads like a
+          // real (zero) earnings figure.
           positions: positions.map((p) => ({
-            ...p,
-            supplyApyPct: Math.round(p.supplyApy * 100 * 100) / 100
+            protocol: p.protocol,
+            chain: p.chain,
+            asset: p.asset,
+            marketAddress: p.marketAddress,
+            currentValue: p.balance,
+            supplyApy: p.supplyApy,
+            supplyApyPct: Math.round(p.supplyApy * 100 * 100) / 100,
+            ...p.principal != null ? { principal: p.principal } : {},
+            ...p.accrued != null ? { accrued: p.accrued } : {}
           })),
-          totalSuppliedUsd: data.totalSuppliedUsd ?? null,
+          totalCurrentValueUsd: data.totalSuppliedUsd ?? null,
           asOf: data.asOf ?? null,
           unavailable: hasUnavailable,
           unavailableChains
@@ -3516,7 +3542,7 @@ var YieldDepositInputSchema = z16.object({
     "Optional Agent Wallet address to supply from (max 10 per owner). Omit to use Q402_AGENT_WALLET_ADDRESS env, then the owner's default wallet (resolved server-side from the API key)."
   ),
   idempotencyKey: z16.string().optional().describe(
-    "Optional durable idempotency key for this logical deposit. When omitted the tool generates a FRESH random key per invocation, so each call executes a distinct deposit (two intentional same-amount deposits both run, and a re-deposit after a withdrawal is NOT replayed). Pass your own STABLE key only when you want retry-safety: re-calling with the same key replays the first result instead of double-supplying."
+    'Optional durable idempotency key for this logical deposit. When omitted the tool generates a FRESH random key per invocation, so each call executes a distinct deposit (two intentional same-amount deposits both run, and a re-deposit after a withdrawal is NOT replayed). Pass your own STABLE key only when you want retry-safety: re-calling with the same key replays the first result instead of double-supplying. IMPORTANT: if a call returns status="uncertain" (timeout / unconfirmed broadcast), it echoes back the idempotencyKey it used \u2014 pass THAT exact value here to safely resume the same deposit instead of starting a new one.'
   ),
   confirm: z16.boolean().optional().describe(
     "MUST be true to actually supply funds. Set this only after the user has explicitly approved this exact deposit (amount, token, chain, wallet) in the conversation. When omitted or false the tool previews the action and does NOT move any funds."
@@ -3524,7 +3550,7 @@ var YieldDepositInputSchema = z16.object({
 });
 var YIELD_DEPOSIT_TOOL = {
   name: "q402_yield_deposit",
-  description: "WRITE \u2014 MOVES FUNDS. Supplies the Agent Wallet's stablecoin (USDC / USDT) into Aave V3 (Q402 Yield) so it starts earning supply APY. Server-managed Agent Wallet path (Mode C): authenticated by the configured live Multichain API key \u2014 the server holds the encrypted key, signs the Aave supply, and sponsors gas. BNB CHAIN ONLY \u2014 Q402 Yield supports BNB Chain today; ETH / AVAX and other chains are not yet available. \n\nREQUIRES CONFIRMATION \u2014 like q402_pay, this tool refuses to execute unless `confirm: true` is set. Call it FIRST without confirm to get a one-line preview of exactly what will happen (amount, token, chain, wallet); show that to the user, get explicit approval, THEN re-call with confirm:true. Never set confirm:true on the user's behalf without that approval. \n\nSANDBOX BY DEFAULT \u2014 like q402_pay, no funds move unless a live Multichain key (q402_live_*) is configured AND Q402_ENABLE_REAL_PAYMENTS=1. Without both, confirm:true returns a sandbox preview (no on-chain supply) with a setup hint \u2014 confirm:true alone does NOT move real funds. \n\nUse q402_yield_reserves first to show available markets + APY, and q402_yield_positions afterward to confirm the supplied balance.",
+  description: "WRITE \u2014 MOVES FUNDS. Supplies the Agent Wallet's stablecoin (USDC / USDT) into Aave V3 (Q402 Yield) so it starts earning supply APY. Server-managed Agent Wallet path (Mode C): authenticated by the configured live Multichain API key \u2014 the server holds the encrypted key, signs the Aave supply, and sponsors gas. BNB CHAIN ONLY \u2014 Q402 Yield supports BNB Chain today; ETH / AVAX and other chains are not yet available. \n\nREQUIRES CONFIRMATION \u2014 like q402_pay, this tool refuses to execute unless `confirm: true` is set. Call it FIRST without confirm to get a one-line preview of exactly what will happen (amount, token, chain, wallet); show that to the user, get explicit approval, THEN re-call with confirm:true. Never set confirm:true on the user's behalf without that approval. \n\nSANDBOX BY DEFAULT \u2014 like q402_pay, no funds move unless a live Multichain key (q402_live_*) is configured AND Q402_ENABLE_REAL_PAYMENTS=1. Without both, confirm:true returns a sandbox preview (no on-chain supply) with a setup hint \u2014 confirm:true alone does NOT move real funds. \n\nRETRY SAFETY \u2014 on a timeout or an unconfirmed broadcast the tool returns status=\"uncertain\" and echoes back the idempotencyKey it used. The deposit MAY have settled, so do NOT blindly call again \u2014 that starts a NEW deposit and can double-supply. To resume the SAME operation, re-call with idempotencyKey set to the echoed value; the server dedupes on it and replays the original result. \n\nUse q402_yield_reserves first to show available markets + APY, and q402_yield_positions afterward to confirm the supplied balance.",
   inputSchema: {
     type: "object",
     properties: {
@@ -3548,7 +3574,7 @@ var YIELD_DEPOSIT_TOOL = {
       },
       idempotencyKey: {
         type: "string",
-        description: "Optional durable idempotency key. Omit and the tool generates a FRESH random key per invocation, so every call executes a distinct deposit. Pass your own STABLE key only for opt-in retry-safety \u2014 re-calling with the same key replays the first result instead of double-supplying."
+        description: 'Optional durable idempotency key. Omit and the tool generates a FRESH random key per invocation, so every call executes a distinct deposit. Pass your own STABLE key only for opt-in retry-safety \u2014 re-calling with the same key replays the first result instead of double-supplying. If a call returns status="uncertain", it echoes the idempotencyKey it used \u2014 pass that exact value back here to resume the same deposit rather than start a new one.'
       },
       confirm: {
         type: "boolean",
@@ -3631,13 +3657,43 @@ async function runYieldDeposit(input) {
     return {
       content: [{
         type: "text",
-        text: `Yield deposit failed: ${e instanceof Error ? e.message : String(e)}. Retry in a moment.`
+        text: JSON.stringify({
+          status: "uncertain",
+          success: false,
+          action: "yield_deposit",
+          chain: input.chain,
+          token: input.token,
+          amount: input.amount,
+          idempotencyKey,
+          error: e instanceof Error ? e.message : String(e),
+          message: `Network error before a confirmed response \u2014 the deposit may or may not have been submitted. Do NOT start a new deposit. To safely resume THIS operation, retry with idempotencyKey="${idempotencyKey}" (the server dedupes on it, so a retry that already landed replays the original result instead of double-supplying).`
+        }, null, 2)
       }],
       isError: true
     };
   }
   const data = await res.json().catch(() => ({}));
   if (!res.ok) {
+    if (res.status === 502) {
+      return {
+        content: [{
+          type: "text",
+          text: JSON.stringify({
+            status: "uncertain",
+            success: false,
+            action: "yield_deposit",
+            chain: input.chain,
+            token: input.token,
+            amount: input.amount,
+            idempotencyKey,
+            txHash: data.txHash ?? null,
+            error: data.error ?? "settlement_uncertain",
+            message: `Broadcast but unconfirmed \u2014 the deposit may have settled on-chain. Do NOT blindly start a new deposit. Verify on-chain first; if you must retry, reuse idempotencyKey="${idempotencyKey}" so the server resumes THIS operation (replays the original result) instead of supplying again.`
+          }, null, 2)
+        }],
+        isError: true
+      };
+    }
     return {
       content: [{
         type: "text",
@@ -3666,7 +3722,7 @@ var YieldWithdrawInputSchema = z17.object({
     "Optional Agent Wallet address to withdraw to (max 10 per owner). Omit to use Q402_AGENT_WALLET_ADDRESS env, then the owner's default wallet (resolved server-side from the API key)."
   ),
   idempotencyKey: z17.string().optional().describe(
-    "Optional durable idempotency key for this logical withdrawal. When omitted the tool generates a FRESH random key per invocation, so each call executes a distinct withdrawal (a re-deposit followed by another `withdraw max` is NOT replayed). Pass your own STABLE key only when you want retry-safety: re-calling with the same key replays the first result instead of double-withdrawing."
+    'Optional durable idempotency key for this logical withdrawal. When omitted the tool generates a FRESH random key per invocation, so each call executes a distinct withdrawal (a re-deposit followed by another `withdraw max` is NOT replayed). Pass your own STABLE key only when you want retry-safety: re-calling with the same key replays the first result instead of double-withdrawing. IMPORTANT: if a call returns status="uncertain" (timeout / unconfirmed broadcast), it echoes back the idempotencyKey it used \u2014 pass THAT exact value here to safely resume the same withdrawal instead of starting a new one.'
   ),
   confirm: z17.boolean().optional().describe(
     "MUST be true to actually withdraw funds. Set this only after the user has explicitly approved this exact withdrawal (amount, token, chain, wallet) in the conversation. When omitted or false the tool previews the action and does NOT move any funds."
@@ -3674,7 +3730,7 @@ var YieldWithdrawInputSchema = z17.object({
 });
 var YIELD_WITHDRAW_TOOL = {
   name: "q402_yield_withdraw",
-  description: 'WRITE \u2014 MOVES FUNDS. Withdraws the Agent Wallet\'s supplied stablecoin (USDC / USDT) out of Aave V3 (Q402 Yield) back to the Agent Wallet. Pass amount="max" to withdraw the FULL position. Server-managed Agent Wallet path (Mode C): authenticated by the configured live Multichain API key \u2014 the server holds the encrypted key, signs the Aave withdraw, and sponsors gas. BNB CHAIN ONLY \u2014 Q402 Yield supports BNB Chain today; ETH / AVAX and other chains are not yet available. \n\nREQUIRES CONFIRMATION \u2014 like q402_pay, this tool refuses to execute unless `confirm: true` is set. Call it FIRST without confirm to get a one-line preview of exactly what will happen (amount, token, chain, wallet); show that to the user, get explicit approval, THEN re-call with confirm:true. Never set confirm:true on the user\'s behalf without that approval. \n\nSANDBOX BY DEFAULT \u2014 like q402_pay, no funds move unless a live Multichain key (q402_live_*) is configured AND Q402_ENABLE_REAL_PAYMENTS=1. Without both, confirm:true returns a sandbox preview (no on-chain withdraw) with a setup hint \u2014 confirm:true alone does NOT move real funds. \n\nUse q402_yield_positions first to see the current position size (especially before an amount="max" withdrawal).',
+  description: 'WRITE \u2014 MOVES FUNDS. Withdraws the Agent Wallet\'s supplied stablecoin (USDC / USDT) out of Aave V3 (Q402 Yield) back to the Agent Wallet. Pass amount="max" to withdraw the FULL position. Server-managed Agent Wallet path (Mode C): authenticated by the configured live Multichain API key \u2014 the server holds the encrypted key, signs the Aave withdraw, and sponsors gas. BNB CHAIN ONLY \u2014 Q402 Yield supports BNB Chain today; ETH / AVAX and other chains are not yet available. \n\nREQUIRES CONFIRMATION \u2014 like q402_pay, this tool refuses to execute unless `confirm: true` is set. Call it FIRST without confirm to get a one-line preview of exactly what will happen (amount, token, chain, wallet); show that to the user, get explicit approval, THEN re-call with confirm:true. Never set confirm:true on the user\'s behalf without that approval. \n\nSANDBOX BY DEFAULT \u2014 like q402_pay, no funds move unless a live Multichain key (q402_live_*) is configured AND Q402_ENABLE_REAL_PAYMENTS=1. Without both, confirm:true returns a sandbox preview (no on-chain withdraw) with a setup hint \u2014 confirm:true alone does NOT move real funds. \n\nRETRY SAFETY \u2014 on a timeout or an unconfirmed broadcast the tool returns status="uncertain" and echoes back the idempotencyKey it used. The withdrawal MAY have settled, so do NOT blindly call again \u2014 that starts a NEW withdrawal and can double-withdraw. To resume the SAME operation, re-call with idempotencyKey set to the echoed value; the server dedupes on it and replays the original result. \n\nUse q402_yield_positions first to see the current position size (especially before an amount="max" withdrawal).',
   inputSchema: {
     type: "object",
     properties: {
@@ -3698,7 +3754,7 @@ var YIELD_WITHDRAW_TOOL = {
       },
       idempotencyKey: {
         type: "string",
-        description: "Optional durable idempotency key. Omit and the tool generates a FRESH random key per invocation, so every call executes a distinct withdrawal. Pass your own STABLE key only for opt-in retry-safety \u2014 re-calling with the same key replays the first result instead of double-withdrawing."
+        description: 'Optional durable idempotency key. Omit and the tool generates a FRESH random key per invocation, so every call executes a distinct withdrawal. Pass your own STABLE key only for opt-in retry-safety \u2014 re-calling with the same key replays the first result instead of double-withdrawing. If a call returns status="uncertain", it echoes the idempotencyKey it used \u2014 pass that exact value back here to resume the same withdrawal rather than start a new one.'
       },
       confirm: {
         type: "boolean",
@@ -3782,13 +3838,43 @@ async function runYieldWithdraw(input) {
     return {
       content: [{
         type: "text",
-        text: `Yield withdraw failed: ${e instanceof Error ? e.message : String(e)}. Retry in a moment.`
+        text: JSON.stringify({
+          status: "uncertain",
+          success: false,
+          action: "yield_withdraw",
+          chain: input.chain,
+          token: input.token,
+          amount: input.amount,
+          idempotencyKey,
+          error: e instanceof Error ? e.message : String(e),
+          message: `Network error before a confirmed response \u2014 the withdrawal may or may not have been submitted. Do NOT start a new withdrawal. To safely resume THIS operation, retry with idempotencyKey="${idempotencyKey}" (the server dedupes on it, so a retry that already landed replays the original result instead of double-withdrawing).`
+        }, null, 2)
       }],
       isError: true
     };
   }
   const data = await res.json().catch(() => ({}));
   if (!res.ok) {
+    if (res.status === 502) {
+      return {
+        content: [{
+          type: "text",
+          text: JSON.stringify({
+            status: "uncertain",
+            success: false,
+            action: "yield_withdraw",
+            chain: input.chain,
+            token: input.token,
+            amount: input.amount,
+            idempotencyKey,
+            txHash: data.txHash ?? null,
+            error: data.error ?? "settlement_uncertain",
+            message: `Broadcast but unconfirmed \u2014 the withdrawal may have settled on-chain. Do NOT blindly start a new withdrawal. Verify on-chain first; if you must retry, reuse idempotencyKey="${idempotencyKey}" so the server resumes THIS operation (replays the original result) instead of withdrawing again.`
+          }, null, 2)
+        }],
+        isError: true
+      };
+    }
     return {
       content: [{
         type: "text",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@quackai/q402-mcp",
-  "version": "0.8.19",
+  "version": "0.8.21",
   "description": "MCP server for Q402 — gasless USDC/USDT/RLUSD payments on 10 EVM chains + Chainlink CCIP USDC bridge on the eth/avax/arbitrum triangle, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.",
   "mcpName": "io.github.bitgett/q402-mcp",
   "keywords": [