npm - @quackai/q402-mcp - Versions diffs - 0.8.24 → 0.8.26 - Mend

@quackai/q402-mcp 0.8.24 → 0.8.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +55 -8
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -211,7 +211,7 @@ var isValidPrivateKey = (s) => typeof s === "string" && PRIVATE_KEY_RE.test(s);
 // package.json
 var package_default = {
   name: "@quackai/q402-mcp",
-  version: "0.8.24",
+  version: "0.8.26",
   description: "MCP server for Q402 \u2014 gasless USDC/USDT/RLUSD payments on 10 EVM chains + Chainlink CCIP USDC bridge on the eth/avax/arbitrum triangle, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.",
   mcpName: "io.github.bitgett/q402-mcp",
   keywords: [
@@ -1116,7 +1116,16 @@ async function runPay(input) {
     to: input.to.toLowerCase(),
     amount: input.amount,
     token: input.token,
-    ...input.hookParams?.splits ? { splits: input.hookParams.splits.map((s) => ({ r: s.recipient.toLowerCase(), bps: s.bps })) } : {}
+    // Bind the funding source too — the user is consenting to spend from THIS
+    // wallet, so a different walletMode/walletId needs a fresh preview.
+    wm: effectiveMode,
+    wid: (input.walletId ?? "").toLowerCase(),
+    ...input.hookParams?.splits ? { splits: input.hookParams.splits.map((s) => ({ r: s.recipient.toLowerCase(), bps: s.bps })) } : {},
+    // Bind the settlement-gating hooks too — a ConditionalOracle gate or a
+    // ReputationGate materially changes WHEN/IF money moves, so dropping or
+    // altering them after the preview must invalidate consent.
+    ...input.hookParams?.condition ? { cond: { kind: input.hookParams.condition.kind, op: input.hookParams.condition.op, value: input.hookParams.condition.value, feed: input.hookParams.condition.feed ?? null } } : {},
+    ...input.hookParams?.recipientAgentId ? { ragent: input.hookParams.recipientAgentId } : {}
   };
   const consent = checkConsent(consentIntent, input.consentToken);
   if (!consent.ok) {
@@ -1530,7 +1539,10 @@ async function runBatchPay(input) {
     t: "batch",
     chain: input.chain,
     token: input.token,
-    recipients: input.recipients.map((r) => ({ to: r.to.toLowerCase(), amount: r.amount }))
+    recipients: input.recipients.map((r) => ({ to: r.to.toLowerCase(), amount: r.amount })),
+    // Bind the funding source too (see q402_pay).
+    wm: input.walletMode ?? "",
+    wid: (input.walletId ?? "").toLowerCase()
   };
   const consent = checkConsent(consentIntent, input.consentToken);
   if (!consent.ok) {
@@ -3262,7 +3274,12 @@ async function runBridgeSend(input) {
     src: input.src,
     dst: input.dst,
     amount: input.amount,
-    feeToken: input.feeToken === "native" ? "native" : "LINK"
+    feeToken: input.feeToken === "native" ? "native" : "LINK",
+    // Bind the fee ceiling too — it bounds what the user actually pays, so it
+    // must not be addable/changeable after the preview.
+    maxFeeRaw: input.maxFeeRaw ?? null,
+    // Bind the funding wallet too (see q402_pay).
+    wid: (input.walletId ?? "").toLowerCase()
   };
   const consent = checkConsent(consentIntent, input.consentToken);
   if (input.confirm !== true || !consent.ok) {
@@ -3641,6 +3658,9 @@ var YieldDepositInputSchema = z16.object({
   ),
   confirm: z16.boolean().optional().describe(
     "MUST be true to actually supply funds. Set this only after the user has explicitly approved this exact deposit (amount, token, chain, wallet) in the conversation. When omitted or false the tool previews the action and does NOT move any funds."
+  ),
+  consentToken: z16.string().optional().describe(
+    "Two-phase consent. LEAVE UNSET on the first call: the tool previews the deposit (no funds move) and returns a consentToken. Relay the preview to the user, get an explicit yes, then re-call with confirm:true AND this consentToken. The token is re-derived from (chain, token, amount, wallet) and refused on mismatch, so a previewed deposit can't be swapped."
   )
 });
 var YIELD_DEPOSIT_TOOL = {
@@ -3674,6 +3694,10 @@ var YIELD_DEPOSIT_TOOL = {
       confirm: {
         type: "boolean",
         description: "MUST be true to actually supply funds \u2014 set only after the user explicitly approved this exact deposit in chat. Omit (or false) to preview without moving funds."
+      },
+      consentToken: {
+        type: "string",
+        description: "Two-phase consent token. Leave unset on the first call to get a preview + token; re-call with confirm:true AND this token after the user approves. Bound to (chain, token, amount, wallet) and refused on mismatch."
       }
     },
     required: ["token", "amount"],
@@ -3692,12 +3716,20 @@ async function runYieldDeposit(input) {
   }
   const walletId = typeof input.walletId === "string" && input.walletId.length > 0 ? input.walletId.toLowerCase() : CONFIG.walletId ?? void 0;
   const idempotencyKey = typeof input.idempotencyKey === "string" && input.idempotencyKey.length > 0 ? input.idempotencyKey : hexlify2(randomBytes2(32));
-  if (input.confirm !== true) {
+  const consentIntent = {
+    t: "yield-deposit",
+    chain: input.chain,
+    token: input.token,
+    amount: input.amount,
+    walletId: walletId ?? null
+  };
+  const consent = checkConsent(consentIntent, input.consentToken);
+  if (input.confirm !== true || !consent.ok) {
     const walletDesc = walletId ? `wallet ${walletId}` : "your default Agent Wallet";
     return {
       content: [{
         type: "text",
-        text: `Will supply ${input.amount} ${input.token} into Aave on ${input.chain} from ${walletDesc}. This MOVES FUNDS. Re-call with confirm:true to execute.`
+        text: `Will supply ${input.amount} ${input.token} into Aave on ${input.chain} from ${walletDesc}. This MOVES FUNDS. Confirm with the user, then re-call with confirm:true AND consentToken="${consent.expected}".`
       }]
     };
   }
@@ -3821,6 +3853,9 @@ var YieldWithdrawInputSchema = z17.object({
   ),
   confirm: z17.boolean().optional().describe(
     "MUST be true to actually withdraw funds. Set this only after the user has explicitly approved this exact withdrawal (amount, token, chain, wallet) in the conversation. When omitted or false the tool previews the action and does NOT move any funds."
+  ),
+  consentToken: z17.string().optional().describe(
+    "Two-phase consent. LEAVE UNSET on the first call: the tool previews the withdrawal (no funds move) and returns a consentToken. Relay the preview to the user, get an explicit yes, then re-call with confirm:true AND this consentToken. The token is re-derived from (chain, token, amount, wallet)."
   )
 });
 var YIELD_WITHDRAW_TOOL = {
@@ -3854,6 +3889,10 @@ var YIELD_WITHDRAW_TOOL = {
       confirm: {
         type: "boolean",
         description: "MUST be true to actually withdraw funds \u2014 set only after the user explicitly approved this exact withdrawal in chat. Omit (or false) to preview without moving funds."
+      },
+      consentToken: {
+        type: "string",
+        description: "Two-phase consent token. Leave unset on the first call to get a preview + token; re-call with confirm:true AND this token after the user approves. Bound to (chain, token, amount, wallet)."
       }
     },
     required: ["token", "amount"],
@@ -3873,12 +3912,20 @@ async function runYieldWithdraw(input) {
   const walletId = typeof input.walletId === "string" && input.walletId.length > 0 ? input.walletId.toLowerCase() : CONFIG.walletId ?? void 0;
   const idempotencyKey = typeof input.idempotencyKey === "string" && input.idempotencyKey.length > 0 ? input.idempotencyKey : hexlify3(randomBytes3(32));
   const amountDesc = input.amount === "max" ? "the FULL position" : `${input.amount} ${input.token}`;
-  if (input.confirm !== true) {
+  const consentIntent = {
+    t: "yield-withdraw",
+    chain: input.chain,
+    token: input.token,
+    amount: input.amount,
+    walletId: walletId ?? null
+  };
+  const consent = checkConsent(consentIntent, input.consentToken);
+  if (input.confirm !== true || !consent.ok) {
     const walletDesc = walletId ? `wallet ${walletId}` : "your default Agent Wallet";
     return {
       content: [{
         type: "text",
-        text: `Will withdraw ${amountDesc} from Aave on ${input.chain} back to ${walletDesc}. This MOVES FUNDS. Re-call with confirm:true to execute.`
+        text: `Will withdraw ${amountDesc} from Aave on ${input.chain} back to ${walletDesc}. This MOVES FUNDS. Confirm with the user, then re-call with confirm:true AND consentToken="${consent.expected}".`
       }]
     };
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@quackai/q402-mcp",
-  "version": "0.8.24",
+  "version": "0.8.26",
   "description": "MCP server for Q402 — gasless USDC/USDT/RLUSD payments on 10 EVM chains + Chainlink CCIP USDC bridge on the eth/avax/arbitrum triangle, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.",
   "mcpName": "io.github.bitgett/q402-mcp",
   "keywords": [