@rapay/mcp-server 1.1.4

package/README.md

@@ -0,0 +1,277 @@
+# Ra Pay MCP Server
+
+MCP (Model Context Protocol) server for AI agent payment automation. Enables Claude Desktop, Claude API, and ChatGPT to execute payments via Ra Pay CLI.
+
+**Status:** Perplexity Security Review APPROVED (98% confidence)
+
+## Features
+
+- 6 MVP tools for payment operations
+- Subprocess isolation (credentials never leave keyring)
+- Response sanitization (prevents prompt injection)
+- Rate limiting (1 payment/min, 10 queries/min)
+- Audit logging
+
+## Installation
+
+### Prerequisites
+
+- Node.js 18+
+- Ra Pay CLI installed and authenticated (`ra link-bank`)
+
+### Setup
+
+```bash
+cd rapay/mcp-server
+npm install
+npm run build
+```
+
+### Claude Desktop Configuration
+
+**macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json`
+
+```json
+{
+  "mcpServers": {
+    "rapay": {
+      "command": "node",
+      "args": ["/Users/yourname/rapay/mcp-server/dist/index.js"]
+    }
+  }
+}
+```
+
+**Windows:** `%APPDATA%\Claude\claude_desktop_config.json`
+
+```json
+{
+  "mcpServers": {
+    "rapay": {
+      "command": "node",
+      "args": ["C:\\Users\\yourname\\rapay\\mcp-server\\dist\\index.js"]
+    }
+  }
+}
+```
+
+**With custom CLI path:**
+
+```json
+{
+  "mcpServers": {
+    "rapay": {
+      "command": "node",
+      "args": ["/path/to/rapay/mcp-server/dist/index.js"],
+      "env": {
+        "RAPAY_CLI_PATH": "/custom/path/to/ra"
+      }
+    }
+  }
+}
+```
+
+After adding, restart Claude Desktop. You should see "rapay" in the MCP servers list.
+
+## Tools
+
+### Payment Operations (SENSITIVE)
+
+| Tool | Description |
+|------|-------------|
+| `ra_send` | Execute a payment transaction |
+| `ra_subscribe` | Create a subscription for a customer |
+| `ra_refund` | Open Stripe Dashboard for refunds |
+
+### Query Operations
+
+| Tool | Description |
+|------|-------------|
+| `ra_balance` | Check available balance |
+| `ra_history` | Get transaction history |
+| `ra_whoami` | Check account status |
+
+## Security
+
+### Subprocess Isolation
+
+MCP server spawns Ra Pay CLI as subprocess. Credentials remain in OS keyring - MCP server never sees them directly.
+
+### Response Sanitization
+
+All CLI output is sanitized to prevent prompt injection:
+- ANSI escape sequences removed
+- System markers filtered (`[SYSTEM]`, `[USER]`, etc.)
+- Control characters stripped
+
+### Rate Limiting
+
+Defense-in-depth layer at MCP level:
+
+| Tool | Limit |
+|------|-------|
+| `ra_send` | 1 per 60 seconds |
+| `ra_subscribe` | 1 per 60 seconds |
+| `ra_refund` | 5 per 60 seconds |
+| `ra_balance` | 10 per 60 seconds |
+| `ra_history` | 10 per 60 seconds |
+| `ra_whoami` | 20 per 60 seconds |
+
+Note: Backend also enforces velocity controls (account-tier daily limits).
+
+## Privacy & Data Storage
+
+Ra Pay is designed as a "dumb pipe" to Stripe:
+
+**What Ra Pay stores:**
+- Your user ID
+- Your Stripe account ID (encrypted)
+- Action logs: "payment sent", "balance checked" (no amounts)
+- Transaction audit trail with Stripe transfer IDs
+
+**What Ra Pay does NOT store:**
+- Your payment amounts
+- Recipient details
+- Payment descriptions
+- Your account balance
+- Any personally identifiable information (Stripe handles KYC)
+
+**What MCP server adds:**
+- Client type tracking ("called via Claude Desktop")
+- Tool call audit logs (same privacy level as above)
+- No new PII storage
+
+## Configuration
+
+### Environment Variables
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `RAPAY_CLI_PATH` | Path to Ra Pay CLI executable | `ra` |
+
+### Audit Logging
+
+Logs are written to `~/.rapay/mcp-audit.log` with 7-day retention:
+- Tool name, timestamp, duration
+- Result (success/error/rate_limited)
+- Sanitized inputs (amounts redacted, emails masked)
+
+## Error Handling
+
+### Error Codes
+
+| Code | Description | Retryable |
+|------|-------------|-----------|
+| `RATE_LIMIT_EXCEEDED` | MCP rate limit hit | No (wait) |
+| `CLI_NOT_FOUND` | Ra Pay CLI not installed | No |
+| `TOS_ACCEPTANCE_REQUIRED` | ToS not accepted | No |
+| `ACCOUNT_NOT_LINKED` | Stripe account not linked | No |
+| `VELOCITY_EXCEEDED` | Daily limit exceeded | No |
+| `TIMEOUT` | Request timed out | Yes |
+| `NETWORK_ERROR` | Network connectivity issue | Yes |
+| `EXECUTION_FAILED` | Generic CLI error | No |
+
+### Rate Limit Error
+
+```json
+{
+  "error": "rate_limit_exceeded",
+  "code": "RATE_LIMIT_EXCEEDED",
+  "message": "Too many requests. Please wait 60 seconds.",
+  "retry_after_seconds": 60,
+  "retryable": false
+}
+```
+
+### CLI Not Found Error
+
+```json
+{
+  "error": "cli_not_found",
+  "code": "CLI_NOT_FOUND",
+  "message": "Ra Pay CLI not found. Please install it first.",
+  "retryable": false
+}
+```
+
+### ToS Required Error
+
+```json
+{
+  "error": "tos_required",
+  "code": "TOS_ACCEPTANCE_REQUIRED",
+  "message": "Terms of Service must be accepted. Run 'ra accept-tos' first.",
+  "retryable": false
+}
+```
+
+### For Claude API Callers: Exponential Backoff
+
+If you receive `RATE_LIMIT_EXCEEDED`, implement exponential backoff:
+
+```typescript
+const maxRetries = 3;
+let delay = 60; // seconds
+
+for (let attempt = 0; attempt < maxRetries; attempt++) {
+  try {
+    return await mcp.callTool('ra_send', params);
+  } catch (error) {
+    if (error.code === 'RATE_LIMIT_EXCEEDED') {
+      console.log(`Rate limited. Waiting ${delay}s before retry...`);
+      await sleep(delay * 1000);
+      delay *= 2; // exponential backoff
+    } else {
+      throw error;
+    }
+  }
+}
+
+// DO NOT:
+// - Retry immediately (wastes time, still rate limited)
+// - Retry more than 3 times (indicates genuine rate limit)
+// - Ignore retry_after_seconds field
+```
+
+Note: MCP rate limiting is client-side defense-in-depth. Backend also enforces velocity controls per account tier.
+
+## Data Flow
+
+```
+You (Claude Desktop/API)
+    |
+    v
+MCP Server (this package)
+    | - Logs tool calls (no amounts/PII)
+    | - Rate limits requests
+    | - Sanitizes responses
+    v
+Ra Pay CLI (subprocess)
+    | - Credentials in OS keyring
+    | - Adds replay protection
+    v
+Ra Pay Backend
+    | - Validates requests
+    | - Enforces velocity limits
+    v
+Stripe API
+    | - Owns all PII
+    | - Processes payments
+    v
+Recipient's Bank
+```
+
+All sensitive data flows directly to Stripe. Ra Pay only records that an action occurred.
+
+## Development
+
+```bash
+npm run dev    # Watch mode
+npm run build  # Build
+npm run lint   # Lint
+npm run test   # Test
+```
+
+## License
+
+MIT

package/dist/audit.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Ra Pay MCP Server - Audit Logging
+ *
+ * Local audit logging for MCP tool calls.
+ * Logs to ~/.rapay/mcp-audit.log (7-day retention per plan)
+ *
+ * @see MCP-SERVER-PLAN.md - Audit Logging Scope
+ */
+/**
+ * Audit log entry structure (matches Perplexity-approved format)
+ */
+export interface AuditLogEntry {
+    timestamp: string;
+    tool_name: string;
+    user_id: string;
+    inputs: Record<string, unknown>;
+    result: "success" | "error" | "rate_limited";
+    duration_ms: number;
+    client_type: string;
+    error_code?: string;
+    error_message?: string;
+}
+/**
+ * Write an audit log entry
+ *
+ * @param entry - Audit log entry to write
+ */
+export declare function writeAuditLog(entry: AuditLogEntry): Promise<void>;
+/**
+ * Create an audit log entry for a tool call
+ *
+ * @param toolName - Name of the tool called
+ * @param inputs - Tool input arguments (sanitized)
+ * @param startTime - Start time of the call
+ * @param result - Result of the call
+ * @param errorInfo - Optional error information
+ */
+export declare function createAuditEntry(toolName: string, inputs: Record<string, unknown>, startTime: number, result: "success" | "error" | "rate_limited", errorInfo?: {
+    code?: string;
+    message?: string;
+}): AuditLogEntry;
+/**
+ * Clean up old audit logs (7-day retention)
+ * Call periodically to prevent unbounded log growth
+ */
+export declare function cleanupOldLogs(): Promise<void>;
+//# sourceMappingURL=audit.d.ts.map

package/dist/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,MAAM,EAAE,SAAS,GAAG,OAAO,GAAG,cAAc,CAAC;IAC7C,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AA+BD;;;;GAIG;AACH,wBAAsB,aAAa,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAiBvE;AAED;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,SAAS,GAAG,OAAO,GAAG,cAAc,EAC5C,SAAS,CAAC,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9C,aAAa,CAsBf;AAuDD;;;GAGG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAepD"}

package/dist/audit.js

@@ -0,0 +1,149 @@
+/**
+ * Ra Pay MCP Server - Audit Logging
+ *
+ * Local audit logging for MCP tool calls.
+ * Logs to ~/.rapay/mcp-audit.log (7-day retention per plan)
+ *
+ * @see MCP-SERVER-PLAN.md - Audit Logging Scope
+ */
+import { appendFile, mkdir, stat } from "fs/promises";
+import { homedir } from "os";
+import { join } from "path";
+/**
+ * Get the audit log directory path
+ */
+function getAuditLogDir() {
+    return join(homedir(), ".rapay");
+}
+/**
+ * Get the audit log file path
+ */
+function getAuditLogPath() {
+    return join(getAuditLogDir(), "mcp-audit.log");
+}
+/**
+ * Ensure audit log directory exists
+ */
+async function ensureAuditDir() {
+    const dir = getAuditLogDir();
+    try {
+        await mkdir(dir, { recursive: true });
+    }
+    catch (error) {
+        // Directory already exists, ignore
+        if (error.code !== "EEXIST") {
+            throw error;
+        }
+    }
+}
+/**
+ * Write an audit log entry
+ *
+ * @param entry - Audit log entry to write
+ */
+export async function writeAuditLog(entry) {
+    try {
+        await ensureAuditDir();
+        // Format as JSON line (one entry per line)
+        const logLine = JSON.stringify(entry) + "\n";
+        await appendFile(getAuditLogPath(), logLine, { encoding: "utf-8" });
+        // Also log to stderr for debugging
+        console.error(`[AUDIT] ${entry.timestamp} tool=${entry.tool_name} result=${entry.result} duration=${entry.duration_ms}ms`);
+    }
+    catch (error) {
+        // Log error but don't fail the request
+        console.error("[AUDIT] Failed to write audit log:", error);
+    }
+}
+/**
+ * Create an audit log entry for a tool call
+ *
+ * @param toolName - Name of the tool called
+ * @param inputs - Tool input arguments (sanitized)
+ * @param startTime - Start time of the call
+ * @param result - Result of the call
+ * @param errorInfo - Optional error information
+ */
+export function createAuditEntry(toolName, inputs, startTime, result, errorInfo) {
+    const endTime = Date.now();
+    // Sanitize inputs - remove sensitive data
+    const sanitizedInputs = sanitizeInputsForAudit(inputs);
+    const entry = {
+        timestamp: new Date().toISOString(),
+        tool_name: toolName,
+        user_id: "local", // MCP server doesn't have user context; CLI has it
+        inputs: sanitizedInputs,
+        result,
+        duration_ms: endTime - startTime,
+        client_type: "mcp-server",
+    };
+    if (errorInfo) {
+        entry.error_code = errorInfo.code;
+        entry.error_message = errorInfo.message;
+    }
+    return entry;
+}
+/**
+ * Sanitize inputs for audit logging
+ * Removes/masks sensitive data per privacy model
+ *
+ * @param inputs - Raw input arguments
+ * @returns Sanitized inputs safe for logging
+ */
+function sanitizeInputsForAudit(inputs) {
+    const sanitized = {};
+    for (const [key, value] of Object.entries(inputs)) {
+        // Skip null/undefined
+        if (value == null)
+            continue;
+        // Mask email addresses
+        if (key === "customer_email" && typeof value === "string") {
+            sanitized[key] = maskEmail(value);
+            continue;
+        }
+        // Don't log amounts (privacy - dumb pipe model)
+        if (key === "amount") {
+            sanitized[key] = "[redacted]";
+            continue;
+        }
+        // Don't log business purpose details (privacy)
+        if (key === "business_purpose" && typeof value === "string") {
+            sanitized[key] = `[${value.length} chars]`;
+            continue;
+        }
+        // Log other fields as-is (recipient_id, price_id, limit, etc.)
+        sanitized[key] = value;
+    }
+    return sanitized;
+}
+/**
+ * Mask email address for logging
+ * john.doe@example.com -> j***@example.com
+ */
+function maskEmail(email) {
+    const [local, domain] = email.split("@");
+    if (!domain)
+        return "[invalid-email]";
+    const maskedLocal = local.length > 0 ? local[0] + "***" : "***";
+    return `${maskedLocal}@${domain}`;
+}
+/**
+ * Clean up old audit logs (7-day retention)
+ * Call periodically to prevent unbounded log growth
+ */
+export async function cleanupOldLogs() {
+    try {
+        const logPath = getAuditLogPath();
+        const stats = await stat(logPath);
+        const sevenDaysAgo = Date.now() - 7 * 24 * 60 * 60 * 1000;
+        if (stats.mtimeMs < sevenDaysAgo) {
+            // Log file is older than 7 days
+            // In production, would rotate/archive; for MVP, just note it
+            console.error(`[AUDIT] Log file older than 7 days, consider rotation to ${logPath}.old`);
+        }
+    }
+    catch (error) {
+        // File doesn't exist or other error, ignore
+    }
+}
+//# sourceMappingURL=audit.js.map

package/dist/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAiB5B;;GAEG;AACH,SAAS,cAAc;IACrB,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAS,eAAe;IACtB,OAAO,IAAI,CAAC,cAAc,EAAE,EAAE,eAAe,CAAC,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc;IAC3B,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,mCAAmC;QACnC,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACvD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,KAAoB;IACtD,IAAI,CAAC;QACH,MAAM,cAAc,EAAE,CAAC;QAEvB,2CAA2C;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;QAE7C,MAAM,UAAU,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAEpE,mCAAmC;QACnC,OAAO,CAAC,KAAK,CACX,WAAW,KAAK,CAAC,SAAS,SAAS,KAAK,CAAC,SAAS,WAAW,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,WAAW,IAAI,CAC5G,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,uCAAuC;QACvC,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,MAA+B,EAC/B,SAAiB,EACjB,MAA4C,EAC5C,SAA+C;IAE/C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE3B,0CAA0C;IAC1C,MAAM,eAAe,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;IAEvD,MAAM,KAAK,GAAkB;QAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,SAAS,EAAE,QAAQ;QACnB,OAAO,EAAE,OAAO,EAAE,mDAAmD;QACrE,MAAM,EAAE,eAAe;QACvB,MAAM;QACN,WAAW,EAAE,OAAO,GAAG,SAAS;QAChC,WAAW,EAAE,YAAY;KAC1B,CAAC;IAEF,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,CAAC,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC;QAClC,KAAK,CAAC,aAAa,GAAG,SAAS,CAAC,OAAO,CAAC;IAC1C,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,SAAS,sBAAsB,CAC7B,MAA+B;IAE/B,MAAM,SAAS,GAA4B,EAAE,CAAC;IAE9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,sBAAsB;QACtB,IAAI,KAAK,IAAI,IAAI;YAAE,SAAS;QAE5B,uBAAuB;QACvB,IAAI,GAAG,KAAK,gBAAgB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC1D,SAAS,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAClC,SAAS;QACX,CAAC;QAED,gDAAgD;QAChD,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;YACrB,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAC9B,SAAS;QACX,CAAC;QAED,+CAA+C;QAC/C,IAAI,GAAG,KAAK,kBAAkB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC5D,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,KAAK,CAAC,MAAM,SAAS,CAAC;YAC3C,SAAS;QACX,CAAC;QAED,+DAA+D;QAC/D,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACzB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,SAAS,SAAS,CAAC,KAAa;IAC9B,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM;QAAE,OAAO,iBAAiB,CAAC;IAEtC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;IAChE,OAAO,GAAG,WAAW,IAAI,MAAM,EAAE,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;QAElC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAE1D,IAAI,KAAK,CAAC,OAAO,GAAG,YAAY,EAAE,CAAC;YACjC,gCAAgC;YAChC,6DAA6D;YAC7D,OAAO,CAAC,KAAK,CAAC,4DAA4D,OAAO,MAAM,CAAC,CAAC;QAC3F,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,4CAA4C;IAC9C,CAAC;AACH,CAAC"}

package/dist/handlers.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Ra Pay MCP Server - Tool Handlers
+ *
+ * Subprocess isolation layer: MCP spawns CLI, never sees credentials.
+ * Credentials stored in file with restricted permissions (~/.rapay/config.toml, mode 0600).
+ * Only CLI accesses them. Note: File storage used for Windows/MSYS2 compatibility (v1.3.0+).
+ *
+ * @see MCP-SERVER-PLAN.md - Security Requirements
+ */
+/**
+ * Rate limit error response (matches Perplexity-approved format)
+ */
+export interface RateLimitError {
+    error: "rate_limit_exceeded";
+    code: "RATE_LIMIT_EXCEEDED";
+    message: string;
+    retry_after_seconds: number;
+    retryable: false;
+}
+/**
+ * Tool argument types
+ */
+export interface SendArgs {
+    amount: number;
+    recipient_id: string;
+    business_purpose: string;
+    user_confirmed?: boolean;
+}
+export interface SubscribeArgs {
+    price_id: string;
+    customer_email: string;
+}
+export interface HistoryArgs {
+    limit?: number;
+}
+export type ToolArgs = SendArgs | SubscribeArgs | HistoryArgs | Record<string, never>;
+/**
+ * Execute a tool and return the result
+ *
+ * @param toolName - Name of the MCP tool to execute
+ * @param args - Tool arguments
+ * @returns Sanitized CLI output or error
+ */
+export declare function handleToolCall(toolName: string, args: ToolArgs): Promise<string>;
+//# sourceMappingURL=handlers.d.ts.map

package/dist/handlers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../src/handlers.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAqGH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,qBAAqB,CAAC;IAC7B,IAAI,EAAE,qBAAqB,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,SAAS,EAAE,KAAK,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,aAAa,GAAG,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AA+FtF;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,QAAQ,GACb,OAAO,CAAC,MAAM,CAAC,CA+EjB"}