@quackai/q402-mcp 0.8.20 → 0.8.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +2 -2
  2. package/dist/index.js +18 -4
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
  [![npm](https://img.shields.io/npm/v/@quackai/q402-mcp.svg)](https://www.npmjs.com/package/@quackai/q402-mcp)
6
6
  [![license](https://img.shields.io/npm/l/@quackai/q402-mcp.svg)](./LICENSE)
7
7
 
8
- > **🎟️ Free trial available (2026-05-19 2026-06-30)** — 2,000 gasless transactions on BNB Chain (USDC + USDT), 30-day window, no card. One wallet signature: <https://q402.quackai.ai>.
8
+ > **Free trial available (through 2026-06-30)** — 2,000 gasless transactions on BNB Chain (USDC + USDT), 30-day window, no card. One wallet signature: <https://q402.quackai.ai>.
9
9
  >
10
10
  > **Trial-scope policy:** API keys minted under the free-trial program (`plan: "trial"`) are restricted to BNB Chain with USDC/USDT — server-side enforcement, returns `403 TRIAL_BNB_ONLY` otherwise. **Paid API keys see the full 10-chain matrix at all times.**
11
11
 
@@ -66,7 +66,7 @@ The agent runs `q402_doctor`. On first install:
66
66
  | Mode | Env | Signer | Notes |
67
67
  |---|---|---|---|
68
68
  | **A** | `Q402_PRIVATE_KEY` | MetaMask EOA, local | Simplest. Shows "Smart account" after first use (reversible via `q402_clear_delegation`). |
69
- | **B** | `Q402_AGENTIC_PRIVATE_KEY` | Agent Wallet, local | Export PK from the [dashboard](https://q402.quackai.ai/dashboard) Agent tab. MetaMask untouched. |
69
+ | **B** | `Q402_AGENTIC_PRIVATE_KEY` | Agent Wallet, local | Export PK from the [dashboard](https://q402.quackai.ai/dashboard) Wallets → Danger Zone → Export private key. MetaMask untouched. |
70
70
  | **C** | (just an API key) | Agent Wallet, server-managed | No PK on the client. One-shot pays accept Trial or Multichain keys; recurring needs Multichain on every chain (BNB included). |
71
71
 
72
72
  When more than one mode is set, `q402_pay` asks the user which to use. Picker: `walletMode = "agentic-server" \| "agentic-local" \| "eoa"`.
package/dist/index.js CHANGED
@@ -130,8 +130,7 @@ function loadConfig() {
130
130
  const walletId = typeof walletIdRaw === "string" && walletIdRaw.length > 0 ? walletIdRaw.toLowerCase() : null;
131
131
  const realPaymentsRequested = ENV.Q402_ENABLE_REAL_PAYMENTS === "1";
132
132
  const anyLiveKey = classifyApiKey(trialApiKey) === "live" || classifyApiKey(multichainApiKey) === "live" || classifyApiKey(legacyApiKey) === "live";
133
- const hasAnySignerKey = typeof privateKey === "string" && privateKey.length > 0 || typeof agenticPrivateKey === "string" && agenticPrivateKey.length > 0;
134
- const live = realPaymentsRequested && anyLiveKey && hasAnySignerKey;
133
+ const live = realPaymentsRequested && anyLiveKey;
135
134
  return {
136
135
  trialApiKey,
137
136
  multichainApiKey,
@@ -212,7 +211,7 @@ var isValidPrivateKey = (s) => typeof s === "string" && PRIVATE_KEY_RE.test(s);
212
211
  // package.json
213
212
  var package_default = {
214
213
  name: "@quackai/q402-mcp",
215
- version: "0.8.20",
214
+ version: "0.8.22",
216
215
  description: "MCP server for Q402 \u2014 gasless USDC/USDT/RLUSD payments on 10 EVM chains + Chainlink CCIP USDC bridge on the eth/avax/arbitrum triangle, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.",
217
216
  mcpName: "io.github.bitgett/q402-mcp",
218
217
  keywords: [
@@ -1648,6 +1647,21 @@ async function runBatchPay(input) {
1648
1647
  const data = await resp.json().catch(() => ({}));
1649
1648
  if (!resp.ok) {
1650
1649
  const errMsg = data && typeof data === "object" && "error" in data ? String(data.error) : `relay_http_${resp.status}`;
1650
+ if (data.status === "uncertain") {
1651
+ return {
1652
+ mode: "live",
1653
+ status: "settlement_uncertain",
1654
+ guardsApplied: [
1655
+ ...guardsApplied,
1656
+ "wallet=agentic-server",
1657
+ "mode=live",
1658
+ `http=${resp.status}`
1659
+ ],
1660
+ senderWallet,
1661
+ error: errMsg,
1662
+ setupHint: "The relay did not confirm whether these payments settled \u2014 they MAY have been sent. DO NOT retry this batch; verify the recipients' on-chain balances first. Re-sending could double-pay."
1663
+ };
1664
+ }
1651
1665
  return {
1652
1666
  mode: "live",
1653
1667
  status: "aborted",
@@ -3087,7 +3101,7 @@ var BridgeSendInputSchema = z11.object({
3087
3101
  });
3088
3102
  var BRIDGE_SEND_TOOL = {
3089
3103
  name: "q402_bridge_send",
3090
- description: "Execute a Chainlink CCIP USDC bridge across the 3-chain triangle (eth/avax/arbitrum) on behalf of the user's server-managed Agentic Wallet (Mode C). Sandbox-by-default \u2014 returns a synthetic messageId unless `sandbox: false` is passed AND Q402_ENABLE_REAL_PAYMENTS=1 AND a live Multichain API key is configured. The server signs ccipSend with the Agent Wallet's encrypted PK, auto-funds source-chain gas from the user's Gas Tank, and debits both the auto- fund cost and the CCIP fee per the bridge's settled receipt. REQUIRES CONFIRMATION \u2014 like q402_pay and q402_yield_deposit, a LIVE bridge (sandbox: false) refuses to execute unless confirm: true is set. Call it first WITHOUT confirm to get a one-line preview (src, dst, amount, fee token); show that to the user, get explicit approval, THEN re-call with sandbox: false AND confirm: true. Never set confirm: true on the user's behalf. Recommended flow: q402_bridge_quote first \u2192 preview + confirm cost with the user \u2192 q402_bridge_send with sandbox: false, confirm: true. Live mode needs a Multichain subscription; trial keys are rejected. If the bridge returns AGENT_WALLET_DELEGATED, run q402_clear_delegation on the source chain first.",
3104
+ description: "Execute a Chainlink CCIP USDC bridge across the 3-chain triangle (eth/avax/arbitrum) on behalf of the user's server-managed Agentic Wallet (Mode C). Sandbox-by-default \u2014 returns a synthetic messageId unless `sandbox: false` is passed AND Q402_ENABLE_REAL_PAYMENTS=1 AND a live Multichain API key is configured. The server signs ccipSend with the Agent Wallet's encrypted PK, auto-funds source-chain gas from the user's Gas Tank, and debits both the auto- fund cost and the CCIP fee per the bridge's settled receipt. REQUIRES CONFIRMATION \u2014 like q402_pay and q402_yield_deposit, a LIVE bridge (sandbox: false) refuses to execute unless confirm: true is set. Call it first WITHOUT confirm to get a one-line preview (src, dst, amount, fee token); show that to the user, get explicit approval, THEN re-call with sandbox: false AND confirm: true. Never set confirm: true on the user's behalf. Recommended flow: q402_bridge_quote first \u2192 preview + confirm cost with the user \u2192 q402_bridge_send with sandbox: false, confirm: true. Live mode needs a Multichain subscription; trial keys are rejected. If the bridge returns AGENT_WALLET_DELEGATED, clear the delegation first: server-managed Agent Wallets (Mode C / API key) use the Clear delegation button on the dashboard; local-key modes (Q402_PRIVATE_KEY set) can run q402_clear_delegation.",
3091
3105
  inputSchema: {
3092
3106
  type: "object",
3093
3107
  properties: {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@quackai/q402-mcp",
3
- "version": "0.8.20",
3
+ "version": "0.8.22",
4
4
  "description": "MCP server for Q402 — gasless USDC/USDT/RLUSD payments on 10 EVM chains + Chainlink CCIP USDC bridge on the eth/avax/arbitrum triangle, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.",
5
5
  "mcpName": "io.github.bitgett/q402-mcp",
6
6
  "keywords": [