@quackai/q402-mcp 0.8.32 → 0.8.33

package/README.md

@@ -184,9 +184,9 @@ Then export the values in `~/.zshrc` / `~/.bashrc`. See the [Codex config refere
 | `q402_yield_positions` | api key | Show the Agent Wallet's open Q402 Yield positions (balance, principal, accrued interest, APY) + total supplied in USD. Mode C. |
 | `q402_yield_deposit` | live mode | Supply the Agent Wallet's USDC/USDT into Aave V3 (Q402 Yield) to earn supply APY. Mode C, BNB-only. Requires `confirm: true`; sandbox-by-default. |
 | `q402_yield_withdraw` | live mode | Withdraw supplied USDC/USDT out of Aave V3 back to the Agent Wallet (`amount: "max"` = full position). Mode C, BNB-only. Requires `confirm: true`; sandbox-by-default. |
-| `q402_request_create` | api key | Publish a payment request (invoice). No funds move — returns a shareable `/pay` link + `req_…` id. Recipient defaults to the Agent Wallet. |
+| `q402_request_create` | api key | Publish a payment request (invoice). No funds move; returns a shareable `/pay` link + `req_…` id. Recipient defaults to the Agent Wallet. |
 | `q402_request_status` | none | Look up a payment request by `req_…` id (amount, token, chain, recipient, status). Read-only; `notFound` instead of throwing. |
-| `q402_request_pay` | live mode | Pay a request gaslessly from the payer's own Agent Wallet (Mode C). Terms come from the stored request — can't be redirected. Requires `confirm: true`. |
+| `q402_request_pay` | live mode | Pay a request gaslessly from the payer's own Agent Wallet (Mode C). Terms come from the stored request, so they can't be redirected. Two-phase consent (same as `q402_pay`). |
 
 `q402_pay` + `q402_batch_pay` + `q402_bridge_send` + `q402_yield_deposit` + `q402_yield_withdraw` + `q402_request_pay` require explicit in-chat confirmation. Batch confirmation = full batch, not per-row.
 

package/dist/index.js

@@ -211,7 +211,7 @@ var isValidPrivateKey = (s) => typeof s === "string" && PRIVATE_KEY_RE.test(s);
 // package.json
 var package_default = {
   name: "@quackai/q402-mcp",
-  version: "0.8.32",
+  version: "0.8.33",
   description: "MCP server for Q402 \u2014 gasless USDC/USDT/RLUSD payments on 10 EVM chains + Chainlink CCIP USDC bridge on the eth/avax/arbitrum triangle, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.",
   mcpName: "io.github.bitgett/q402-mcp",
   keywords: [
@@ -279,7 +279,9 @@ var package_default = {
     access: "public"
   },
   overrides: {
-    esbuild: "^0.28.1"
+    esbuild: "^0.28.1",
+    ws: "^8.21.0",
+    hono: "^4.12.25"
   }
 };
 
@@ -4945,7 +4947,10 @@ import { z as z27 } from "zod";
 var RequestPayInputSchema = z27.object({
   requestId: z27.string().regex(/^req_[0-9a-f]{24}$/, "requestId must match req_<24-hex>").describe("The payment request to pay (req_ + 24 hex). Get it from a /pay link, a 402 response, or whoever billed you."),
   confirm: z27.literal(true).describe(
-    "REQUIRED. Must be literally `true`. Paying a request moves real funds from your Agent Wallet. Echo back the amount + token + recipient + chain from q402_request_status, get an explicit user yes, and ONLY then call with confirm:true. Same guard as q402_pay."
+    "REQUIRED. Must be literally `true`. Acknowledges this moves real funds from your Agent Wallet."
+  ),
+  consentToken: z27.string().optional().describe(
+    'Two-phase consent, identical to q402_pay. Call FIRST WITHOUT it: the tool moves no money and returns status="needs_consent" with a `preview` of the exact payment plus a `consentToken`. Relay the preview to the user, get an explicit yes, then re-call with the SAME requestId PLUS this consentToken. The token is re-derived from the request\'s terms, so a previewed payment cannot be swapped for a different one. confirm:true alone does NOT fire a payment.'
   ),
   walletId: z27.string().optional().describe("Optional lowercased Agent Wallet address to pay from when you hold multiple. Defaults to Q402_AGENT_WALLET_ADDRESS, then the server default.")
 });
@@ -4973,6 +4978,31 @@ async function runRequestPay(input) {
   if (CONFIG.allowedRecipients.length > 0 && !CONFIG.allowedRecipients.includes(req.recipient.toLowerCase())) {
     return { ok: false, status: "not_payable", requestId: req.id, txHash: null, receiptId: null, ...terms, error: "RECIPIENT_NOT_ALLOWED", message: `Recipient ${req.recipient} is not in Q402_ALLOWED_RECIPIENTS.` };
   }
+  const consentIntent = {
+    t: "request_pay",
+    requestId: req.id,
+    to: req.recipient.toLowerCase(),
+    amount: req.amount,
+    token: req.token,
+    chain: req.chain
+  };
+  const consent = checkConsent(consentIntent, input.consentToken);
+  if (!consent.ok) {
+    return {
+      ok: false,
+      status: "needs_consent",
+      requestId: req.id,
+      txHash: null,
+      receiptId: null,
+      ...terms,
+      message: "Relay this preview to the user and get an explicit yes, then re-call with the same requestId plus consentToken. No funds moved.",
+      needsConsent: {
+        status: "needs_confirmation",
+        preview: `Pay ${req.amount} ${req.token} to ${req.recipient} on ${req.chain} (request ${req.id}).`,
+        consentToken: consent.expected
+      }
+    };
+  }
   const resolved = resolveApiKey(req.chain, "auto");
   if (!resolved.apiKey || !resolved.apiKey.startsWith("q402_live_")) {
     return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@quackai/q402-mcp",
-  "version": "0.8.32",
+  "version": "0.8.33",
   "description": "MCP server for Q402 — gasless USDC/USDT/RLUSD payments on 10 EVM chains + Chainlink CCIP USDC bridge on the eth/avax/arbitrum triangle, callable from Claude (Desktop / Code), OpenAI Codex CLI, and any other Model Context Protocol client.",
   "mcpName": "io.github.bitgett/q402-mcp",
   "keywords": [
@@ -68,6 +68,8 @@
     "access": "public"
   },
   "overrides": {
-    "esbuild": "^0.28.1"
+    "esbuild": "^0.28.1",
+    "ws": "^8.21.0",
+    "hono": "^4.12.25"
   }
 }