@rapay/mcp-server 1.1.4

package/dist/handlers.js

@@ -0,0 +1,495 @@
+/**
+ * Ra Pay MCP Server - Tool Handlers
+ *
+ * Subprocess isolation layer: MCP spawns CLI, never sees credentials.
+ * Credentials stored in file with restricted permissions (~/.rapay/config.toml, mode 0600).
+ * Only CLI accesses them. Note: File storage used for Windows/MSYS2 compatibility (v1.3.0+).
+ *
+ * @see MCP-SERVER-PLAN.md - Security Requirements
+ */
+import spawn from "cross-spawn";
+import { sanitizeError, sanitizeJsonResponse } from "./sanitize.js";
+import { writeAuditLog, createAuditEntry } from "./audit.js";
+/**
+ * CLI executable path - can be overridden via environment variable
+ * Security: Only allow absolute paths or "ra" (resolved via PATH)
+ */
+const CLI_PATH = (() => {
+    const envPath = process.env.RAPAY_CLI_PATH;
+    if (!envPath)
+        return "ra";
+    // Security: Only allow absolute paths to prevent path traversal
+    // On Windows, absolute paths start with drive letter (C:\) or UNC (\\)
+    // On Unix, absolute paths start with /
+    const isAbsolute = envPath.startsWith("/") ||
+        /^[A-Za-z]:[/\\]/.test(envPath) ||
+        envPath.startsWith("\\\\");
+    if (!isAbsolute) {
+        console.error(`[SECURITY] RAPAY_CLI_PATH must be absolute path, got: ${envPath}`);
+        return "ra"; // Fall back to PATH resolution
+    }
+    return envPath;
+})();
+/**
+ * Maximum output size in bytes (1MB)
+ * Prevents memory exhaustion from malicious or runaway CLI output
+ */
+const MAX_OUTPUT_SIZE = 1024 * 1024; // 1MB
+const RATE_LIMITS = {
+    ra_send: { windowMs: 60000, maxCalls: 1 },
+    ra_subscribe: { windowMs: 60000, maxCalls: 1 },
+    ra_refund: { windowMs: 60000, maxCalls: 5 },
+    ra_balance: { windowMs: 60000, maxCalls: 10 },
+    ra_history: { windowMs: 60000, maxCalls: 10 },
+    ra_whoami: { windowMs: 60000, maxCalls: 20 },
+};
+/**
+ * In-memory rate limiter
+ * Per MCP server instance (each Claude Desktop has its own limits)
+ */
+class RateLimiter {
+    calls = new Map();
+    isAllowed(toolName) {
+        const config = RATE_LIMITS[toolName];
+        if (!config)
+            return true; // Unknown tools pass through
+        const now = Date.now();
+        const windowStart = now - config.windowMs;
+        // Get existing calls for this tool
+        const toolCalls = this.calls.get(toolName) || [];
+        // Filter to calls within window
+        const recentCalls = toolCalls.filter((t) => t > windowStart);
+        if (recentCalls.length >= config.maxCalls) {
+            return false;
+        }
+        // Record this call
+        recentCalls.push(now);
+        this.calls.set(toolName, recentCalls);
+        return true;
+    }
+    getRetryAfter(toolName) {
+        const config = RATE_LIMITS[toolName];
+        if (!config)
+            return 0;
+        const toolCalls = this.calls.get(toolName) || [];
+        if (toolCalls.length === 0)
+            return 0;
+        const oldestCall = Math.min(...toolCalls);
+        const retryAfter = Math.ceil((oldestCall + config.windowMs - Date.now()) / 1000);
+        return Math.max(0, retryAfter);
+    }
+}
+const rateLimiter = new RateLimiter();
+/**
+ * Input validation errors
+ */
+class ValidationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "ValidationError";
+    }
+}
+/**
+ * Validate ra_send arguments (defense-in-depth)
+ * MCP SDK validates schema, this is additional layer
+ */
+function validateSendArgs(args) {
+    // Amount validation
+    if (typeof args.amount !== "number" || !Number.isFinite(args.amount)) {
+        throw new ValidationError("Amount must be a valid number");
+    }
+    if (args.amount < 100) {
+        throw new ValidationError("Minimum amount is 100 cents ($1.00)");
+    }
+    if (args.amount > 100000000) {
+        throw new ValidationError("Maximum amount is $1,000,000");
+    }
+    if (!Number.isInteger(args.amount)) {
+        throw new ValidationError("Amount must be a whole number of cents");
+    }
+    // Recipient ID validation
+    if (typeof args.recipient_id !== "string") {
+        throw new ValidationError("Recipient ID must be a string");
+    }
+    if (!/^acct_[a-zA-Z0-9]+$/.test(args.recipient_id)) {
+        throw new ValidationError("Invalid recipient ID format (expected acct_xxx)");
+    }
+    // Business purpose validation
+    if (typeof args.business_purpose !== "string") {
+        throw new ValidationError("Business purpose must be a string");
+    }
+    if (args.business_purpose.length < 10) {
+        throw new ValidationError("Business purpose must be at least 10 characters");
+    }
+    if (args.business_purpose.length > 200) {
+        throw new ValidationError("Business purpose must be at most 200 characters");
+    }
+}
+/**
+ * Validate ra_subscribe arguments
+ */
+function validateSubscribeArgs(args) {
+    // Price ID validation
+    if (typeof args.price_id !== "string") {
+        throw new ValidationError("Price ID must be a string");
+    }
+    if (!/^price_[a-zA-Z0-9]+$/.test(args.price_id)) {
+        throw new ValidationError("Invalid price ID format (expected price_xxx)");
+    }
+    // Email validation (basic check, Stripe validates further)
+    if (typeof args.customer_email !== "string") {
+        throw new ValidationError("Customer email must be a string");
+    }
+    if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(args.customer_email)) {
+        throw new ValidationError("Invalid email format");
+    }
+    if (args.customer_email.length > 254) {
+        throw new ValidationError("Email address too long");
+    }
+}
+/**
+ * Validate ra_history arguments
+ */
+function validateHistoryArgs(args) {
+    if (args.limit !== undefined) {
+        if (typeof args.limit !== "number" || !Number.isFinite(args.limit)) {
+            throw new ValidationError("Limit must be a valid number");
+        }
+        if (!Number.isInteger(args.limit)) {
+            throw new ValidationError("Limit must be a whole number");
+        }
+        if (args.limit < 1) {
+            throw new ValidationError("Limit must be at least 1");
+        }
+        if (args.limit > 100) {
+            throw new ValidationError("Limit must be at most 100");
+        }
+    }
+}
+/**
+ * Execute a tool and return the result
+ *
+ * @param toolName - Name of the MCP tool to execute
+ * @param args - Tool arguments
+ * @returns Sanitized CLI output or error
+ */
+export async function handleToolCall(toolName, args) {
+    const startTime = Date.now();
+    // Check rate limit
+    if (!rateLimiter.isAllowed(toolName)) {
+        const retryAfter = rateLimiter.getRetryAfter(toolName);
+        const error = {
+            error: "rate_limit_exceeded",
+            code: "RATE_LIMIT_EXCEEDED",
+            message: `Too many requests. Please wait ${retryAfter} seconds.`,
+            retry_after_seconds: retryAfter,
+            retryable: false,
+        };
+        // Log rate limit to audit
+        const auditEntry = createAuditEntry(toolName, args, startTime, "rate_limited", { code: "RATE_LIMIT_EXCEEDED", message: error.message });
+        await writeAuditLog(auditEntry);
+        return JSON.stringify(error, null, 2);
+    }
+    try {
+        let result;
+        switch (toolName) {
+            case "ra_send":
+                result = await executeSend(args);
+                break;
+            case "ra_subscribe":
+                result = await executeSubscribe(args);
+                break;
+            case "ra_refund":
+                result = await executeRefund();
+                break;
+            case "ra_balance":
+                result = await executeBalance();
+                break;
+            case "ra_history":
+                result = await executeHistory(args);
+                break;
+            case "ra_whoami":
+                result = await executeWhoami();
+                break;
+            default:
+                throw new Error(`Unknown tool: ${toolName}`);
+        }
+        // Log successful execution to audit
+        const auditEntry = createAuditEntry(toolName, args, startTime, "success");
+        await writeAuditLog(auditEntry);
+        return result;
+    }
+    catch (error) {
+        // Parse error for structured response
+        const errorInfo = parseCliError(error);
+        // Log error to audit
+        const auditEntry = createAuditEntry(toolName, args, startTime, "error", { code: errorInfo.code, message: errorInfo.message });
+        await writeAuditLog(auditEntry);
+        return JSON.stringify(errorInfo, null, 2);
+    }
+}
+/**
+ * Parse CLI error into structured response
+ */
+function parseCliError(error) {
+    const message = error instanceof Error ? error.message : String(error);
+    // Input validation error (from our defense-in-depth validation)
+    if (error instanceof ValidationError) {
+        return {
+            error: "validation_error",
+            code: "VALIDATION_ERROR",
+            message: message,
+            retryable: false,
+        };
+    }
+    // CLI not found
+    if (message.includes("ENOENT") || message.includes("not found")) {
+        return {
+            error: "cli_not_found",
+            code: "CLI_NOT_FOUND",
+            message: "Ra Pay CLI not found. Please install it first: https://rapay.ai/docs/install",
+            retryable: false,
+        };
+    }
+    // ToS not accepted
+    if (message.includes("TOS_ACCEPTANCE_REQUIRED") || message.includes("accept-tos")) {
+        return {
+            error: "tos_required",
+            code: "TOS_ACCEPTANCE_REQUIRED",
+            message: "Terms of Service must be accepted. Run 'ra accept-tos' first.",
+            retryable: false,
+        };
+    }
+    // Account not linked
+    if (message.includes("not linked") || message.includes("link-bank")) {
+        return {
+            error: "account_not_linked",
+            code: "ACCOUNT_NOT_LINKED",
+            message: "Stripe account not linked. Run 'ra link-bank' first.",
+            retryable: false,
+        };
+    }
+    // Session expired or invalid (from server-side session management)
+    // Tightened 401 regex to avoid false positives (e.g., matching "401 Main St")
+    const is401Error = /(?:status|code|http)[^0-9]{0,10}401/i.test(message) ||
+        /401[^a-z]{0,10}(?:unauthorized|unauthenticated)/i.test(message);
+    if (message.includes("session expired") || message.includes("SESSION_EXPIRED") || message.includes("session invalid") || is401Error) {
+        return {
+            error: "session_expired",
+            code: "SESSION_EXPIRED",
+            message: "Session expired. Run 'ra link-bank' to re-authenticate.",
+            retryable: false,
+        };
+    }
+    // Velocity limit (backend limit)
+    if (message.includes("velocity") || message.includes("daily limit")) {
+        return {
+            error: "velocity_exceeded",
+            code: "VELOCITY_EXCEEDED",
+            message: "Daily transaction limit exceeded for your account tier.",
+            retryable: false,
+        };
+    }
+    // Timeout
+    if (message.includes("timed out") || message.includes("timeout")) {
+        return {
+            error: "timeout",
+            code: "TIMEOUT",
+            message: "Request timed out. Please try again.",
+            retryable: true,
+        };
+    }
+    // Network error
+    if (message.includes("network") || message.includes("ECONNREFUSED") || message.includes("ETIMEDOUT")) {
+        return {
+            error: "network_error",
+            code: "NETWORK_ERROR",
+            message: "Network error. Please check your connection and try again.",
+            retryable: true,
+        };
+    }
+    // Generic error
+    return {
+        error: "execution_failed",
+        code: "EXECUTION_FAILED",
+        message: sanitizeError(message),
+        retryable: false,
+    };
+}
+/**
+ * Execute Ra Pay CLI command as subprocess
+ * CLI inherits environment (credentials in keyring)
+ * MCP server never sees credentials directly
+ *
+ * Security measures:
+ * - Output size limited to MAX_OUTPUT_SIZE (1MB)
+ * - Timeout enforced (default 30s)
+ * - stderr sanitized and logged for debugging
+ *
+ * @param args - CLI arguments
+ * @param timeoutMs - Timeout in milliseconds (default: 30s)
+ * @returns Sanitized stdout
+ */
+async function executeCliCommand(args, timeoutMs = 30000) {
+    return new Promise((resolve, reject) => {
+        const child = spawn(CLI_PATH, args, {
+            stdio: ["pipe", "pipe", "pipe"],
+            env: { ...process.env }, // Inherit environment for keyring access
+            // cross-spawn handles Windows .cmd wrappers automatically
+        });
+        let stdout = "";
+        let stderr = "";
+        let outputTruncated = false;
+        // Set timeout
+        const timeout = setTimeout(() => {
+            child.kill("SIGTERM");
+            reject(new Error("Command timed out"));
+        }, timeoutMs);
+        child.stdout?.on("data", (data) => {
+            const chunk = data.toString();
+            if (stdout.length + chunk.length > MAX_OUTPUT_SIZE) {
+                // Truncate to prevent memory exhaustion
+                stdout += chunk.substring(0, MAX_OUTPUT_SIZE - stdout.length);
+                outputTruncated = true;
+                child.kill("SIGTERM"); // Stop runaway process
+            }
+            else {
+                stdout += chunk;
+            }
+        });
+        child.stderr?.on("data", (data) => {
+            const chunk = data.toString();
+            // Cap stderr collection at 10KB (for error messages only)
+            if (stderr.length < 10240) {
+                stderr += chunk.substring(0, 10240 - stderr.length);
+            }
+        });
+        child.on("close", (code) => {
+            clearTimeout(timeout);
+            // Log stderr for debugging (sanitized, truncated)
+            if (stderr.length > 0) {
+                const sanitizedStderr = sanitizeError(stderr).substring(0, 500);
+                console.error(`[CLI_STDERR] ${sanitizedStderr}`);
+            }
+            if (outputTruncated) {
+                reject(new Error("Output exceeded 1MB limit and was truncated"));
+                return;
+            }
+            if (code === 0) {
+                // Sanitize successful output
+                resolve(sanitizeJsonResponse(stdout));
+            }
+            else {
+                // Sanitize error output
+                const errorMsg = stderr || `Command failed with code ${code}`;
+                reject(new Error(sanitizeError(errorMsg)));
+            }
+        });
+        child.on("error", (error) => {
+            clearTimeout(timeout);
+            // Log spawn errors for debugging
+            const errorType = error.message.includes("ENOENT") ? "CLI_NOT_FOUND" : "CLI_SPAWN_ERROR";
+            console.error(`[${errorType}] ${sanitizeError(error.message)}`);
+            reject(new Error(sanitizeError(error.message)));
+        });
+    });
+}
+/**
+ * Execute ra send command
+ * CLI handles: validation, confirmation, nonce generation, API call
+ *
+ * Two-step flow for fee disclosure compliance:
+ * 1. First call (user_confirmed=false): Returns fee preview, no payment executed
+ * 2. Second call (user_confirmed=true): Executes payment after user approves fee
+ */
+async function executeSend(args) {
+    // Validate inputs (defense-in-depth, MCP SDK also validates)
+    validateSendArgs(args);
+    // Convert cents to dollars for CLI (CLI expects dollar amount)
+    const amountDollars = args.amount / 100;
+    // Calculate fee breakdown (5% Ra Pay application fee)
+    const rapayFee = amountDollars * 0.05;
+    const recipientReceives = amountDollars - rapayFee;
+    // If not confirmed, return fee preview (no payment executed)
+    // This ensures fee is disclosed BEFORE user authorizes payment
+    if (!args.user_confirmed) {
+        return JSON.stringify({
+            status: "confirmation_required",
+            message: "Please confirm this payment with the user before proceeding.",
+            payment_details: {
+                amount: amountDollars,
+                currency: "USD",
+                recipient: args.recipient_id,
+                purpose: args.business_purpose,
+            },
+            fee_breakdown: {
+                rapay_fee: rapayFee,
+                rapay_fee_percent: "5%",
+                recipient_receives: recipientReceives,
+            },
+            next_step: "Call ra_send again with user_confirmed=true after user approves the fee breakdown.",
+        }, null, 2);
+    }
+    // User confirmed - execute payment
+    const cliArgs = [
+        "send",
+        String(amountDollars),
+        "USD",
+        "to",
+        args.recipient_id,
+        "--for",
+        args.business_purpose,
+        "--json",
+        "--confirm", // Only passed when user_confirmed=true
+    ];
+    return executeCliCommand(cliArgs);
+}
+/**
+ * Execute ra subscribe command
+ */
+async function executeSubscribe(args) {
+    // Validate inputs (defense-in-depth, MCP SDK also validates)
+    validateSubscribeArgs(args);
+    const cliArgs = [
+        "subscribe",
+        args.price_id,
+        args.customer_email,
+        "--json",
+        "--confirm", // Skip CLI confirmation (MCP client handles approval)
+    ];
+    return executeCliCommand(cliArgs);
+}
+/**
+ * Execute ra refund command (opens Stripe Dashboard)
+ */
+async function executeRefund() {
+    const cliArgs = ["refund", "--json"];
+    return executeCliCommand(cliArgs);
+}
+/**
+ * Execute ra balance command
+ */
+async function executeBalance() {
+    const cliArgs = ["balance", "--json"];
+    return executeCliCommand(cliArgs);
+}
+/**
+ * Execute ra history command
+ */
+async function executeHistory(args) {
+    // Validate inputs (defense-in-depth, MCP SDK also validates)
+    validateHistoryArgs(args);
+    const cliArgs = ["history", "--json"];
+    if (args.limit) {
+        cliArgs.push("--limit", String(args.limit));
+    }
+    return executeCliCommand(cliArgs);
+}
+/**
+ * Execute ra whoami command
+ */
+async function executeWhoami() {
+    const cliArgs = ["whoami", "--json"];
+    return executeCliCommand(cliArgs);
+}
+//# sourceMappingURL=handlers.js.map

package/dist/handlers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handlers.js","sourceRoot":"","sources":["../src/handlers.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,MAAM,aAAa,CAAC;AAChC,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE7D;;;GAGG;AACH,MAAM,QAAQ,GAAG,CAAC,GAAG,EAAE;IACrB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC3C,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,gEAAgE;IAChE,uEAAuE;IACvE,uCAAuC;IACvC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC/B,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAE9C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,yDAAyD,OAAO,EAAE,CAAC,CAAC;QAClF,OAAO,IAAI,CAAC,CAAC,+BAA+B;IAC9C,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC,EAAE,CAAC;AAEL;;;GAGG;AACH,MAAM,eAAe,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,MAAM;AAY3C,MAAM,WAAW,GAAoC;IACnD,OAAO,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE;IACzC,YAAY,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE;IAC9C,SAAS,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE;IAC3C,UAAU,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE;IAC7C,UAAU,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE;IAC7C,SAAS,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE;CAC7C,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW;IACP,KAAK,GAA0B,IAAI,GAAG,EAAE,CAAC;IAEjD,SAAS,CAAC,QAAgB;QACxB,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC,CAAC,6BAA6B;QAEvD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC;QAE1C,mCAAmC;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEjD,gCAAgC;QAChC,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC;QAE7D,IAAI,WAAW,CAAC,MAAM,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,mBAAmB;QACnB,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAEtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,aAAa,CAAC,QAAgB;QAC5B,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM;YAAE,OAAO,CAAC,CAAC;QAEtB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACjD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,CAAC,CAAC;QAErC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,GAAG,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QAEjF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACjC,CAAC;CACF;AAED,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;AAkCtC;;GAEG;AACH,MAAM,eAAgB,SAAQ,KAAK;IACjC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,IAAc;IACtC,oBAAoB;IACpB,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,eAAe,CAAC,+BAA+B,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACtB,MAAM,IAAI,eAAe,CAAC,qCAAqC,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC5B,MAAM,IAAI,eAAe,CAAC,8BAA8B,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,eAAe,CAAC,wCAAwC,CAAC,CAAC;IACtE,CAAC;IAED,0BAA0B;IAC1B,IAAI,OAAO,IAAI,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,eAAe,CAAC,+BAA+B,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,eAAe,CAAC,iDAAiD,CAAC,CAAC;IAC/E,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,IAAI,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,eAAe,CAAC,mCAAmC,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,eAAe,CAAC,iDAAiD,CAAC,CAAC;IAC/E,CAAC;IACD,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACvC,MAAM,IAAI,eAAe,CAAC,iDAAiD,CAAC,CAAC;IAC/E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,IAAmB;IAChD,sBAAsB;IACtB,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,eAAe,CAAC,2BAA2B,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,eAAe,CAAC,8CAA8C,CAAC,CAAC;IAC5E,CAAC;IAED,2DAA2D;IAC3D,IAAI,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,eAAe,CAAC,iCAAiC,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,eAAe,CAAC,sBAAsB,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACrC,MAAM,IAAI,eAAe,CAAC,wBAAwB,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,IAAiB;IAC5C,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC7B,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACnE,MAAM,IAAI,eAAe,CAAC,8BAA8B,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,eAAe,CAAC,8BAA8B,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,eAAe,CAAC,0BAA0B,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,GAAG,GAAG,EAAE,CAAC;YACrB,MAAM,IAAI,eAAe,CAAC,2BAA2B,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,IAAc;IAEd,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,mBAAmB;IACnB,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,WAAW,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACvD,MAAM,KAAK,GAAmB;YAC5B,KAAK,EAAE,qBAAqB;YAC5B,IAAI,EAAE,qBAAqB;YAC3B,OAAO,EAAE,kCAAkC,UAAU,WAAW;YAChE,mBAAmB,EAAE,UAAU;YAC/B,SAAS,EAAE,KAAK;SACjB,CAAC;QAEF,0BAA0B;QAC1B,MAAM,UAAU,GAAG,gBAAgB,CACjC,QAAQ,EACR,IAA+B,EAC/B,SAAS,EACT,cAAc,EACd,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CACxD,CAAC;QACF,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;QAEhC,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,CAAC;QACH,IAAI,MAAc,CAAC;QAEnB,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,SAAS;gBACZ,MAAM,GAAG,MAAM,WAAW,CAAC,IAAgB,CAAC,CAAC;gBAC7C,MAAM;YACR,KAAK,cAAc;gBACjB,MAAM,GAAG,MAAM,gBAAgB,CAAC,IAAqB,CAAC,CAAC;gBACvD,MAAM;YACR,KAAK,WAAW;gBACd,MAAM,GAAG,MAAM,aAAa,EAAE,CAAC;gBAC/B,MAAM;YACR,KAAK,YAAY;gBACf,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;gBAChC,MAAM;YACR,KAAK,YAAY;gBACf,MAAM,GAAG,MAAM,cAAc,CAAC,IAAmB,CAAC,CAAC;gBACnD,MAAM;YACR,KAAK,WAAW;gBACd,MAAM,GAAG,MAAM,aAAa,EAAE,CAAC;gBAC/B,MAAM;YACR;gBACE,MAAM,IAAI,KAAK,CAAC,iBAAiB,QAAQ,EAAE,CAAC,CAAC;QACjD,CAAC;QAED,oCAAoC;QACpC,MAAM,UAAU,GAAG,gBAAgB,CACjC,QAAQ,EACR,IAA+B,EAC/B,SAAS,EACT,SAAS,CACV,CAAC;QACF,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;QAEhC,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,sCAAsC;QACtC,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QAEvC,qBAAqB;QACrB,MAAM,UAAU,GAAG,gBAAgB,CACjC,QAAQ,EACR,IAA+B,EAC/B,SAAS,EACT,OAAO,EACP,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CACrD,CAAC;QACF,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;QAEhC,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAYD;;GAEG;AACH,SAAS,aAAa,CAAC,KAAc;IACnC,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEvE,gEAAgE;IAChE,IAAI,KAAK,YAAY,eAAe,EAAE,CAAC;QACrC,OAAO;YACL,KAAK,EAAE,kBAAkB;YACzB,IAAI,EAAE,kBAAkB;YACxB,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,gBAAgB;IAChB,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAChE,OAAO;YACL,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,8EAA8E;YACvF,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,mBAAmB;IACnB,IAAI,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAClF,OAAO;YACL,KAAK,EAAE,cAAc;YACrB,IAAI,EAAE,yBAAyB;YAC/B,OAAO,EAAE,+DAA+D;YACxE,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,qBAAqB;IACrB,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACpE,OAAO;YACL,KAAK,EAAE,oBAAoB;YAC3B,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,sDAAsD;YAC/D,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,8EAA8E;IAC9E,MAAM,UAAU,GAAG,sCAAsC,CAAC,IAAI,CAAC,OAAO,CAAC;QACpD,kDAAkD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpF,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,UAAU,EAAE,CAAC;QACpI,OAAO;YACL,KAAK,EAAE,iBAAiB;YACxB,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,yDAAyD;YAClE,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACpE,OAAO;YACL,KAAK,EAAE,mBAAmB;YAC1B,IAAI,EAAE,mBAAmB;YACzB,OAAO,EAAE,yDAAyD;YAClE,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,UAAU;IACV,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,sCAAsC;YAC/C,SAAS,EAAE,IAAI;SAChB,CAAC;IACJ,CAAC;IAED,gBAAgB;IAChB,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACrG,OAAO;YACL,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,4DAA4D;YACrE,SAAS,EAAE,IAAI;SAChB,CAAC;IACJ,CAAC;IAED,gBAAgB;IAChB,OAAO;QACL,KAAK,EAAE,kBAAkB;QACzB,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC;QAC/B,SAAS,EAAE,KAAK;KACjB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,KAAK,UAAU,iBAAiB,CAC9B,IAAc,EACd,YAAoB,KAAK;IAEzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE;YAClC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,yCAAyC;YAClE,0DAA0D;SAC3D,CAAC,CAAC;QAEH,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,eAAe,GAAG,KAAK,CAAC;QAE5B,cAAc;QACd,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;YAC9B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtB,MAAM,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC;QACzC,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACxC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9B,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,eAAe,EAAE,CAAC;gBACnD,wCAAwC;gBACxC,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;gBAC9D,eAAe,GAAG,IAAI,CAAC;gBACvB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,uBAAuB;YAChD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC;YAClB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACxC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9B,0DAA0D;YAC1D,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;YACtD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAmB,EAAE,EAAE;YACxC,YAAY,CAAC,OAAO,CAAC,CAAC;YAEtB,kDAAkD;YAClD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,MAAM,eAAe,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBAChE,OAAO,CAAC,KAAK,CAAC,gBAAgB,eAAe,EAAE,CAAC,CAAC;YACnD,CAAC;YAED,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,CAAC,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC,CAAC;gBACjE,OAAO;YACT,CAAC;YAED,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,6BAA6B;gBAC7B,OAAO,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC;YACxC,CAAC;iBAAM,CAAC;gBACN,wBAAwB;gBACxB,MAAM,QAAQ,GAAG,MAAM,IAAI,4BAA4B,IAAI,EAAE,CAAC;gBAC9D,MAAM,CAAC,IAAI,KAAK,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAY,EAAE,EAAE;YACjC,YAAY,CAAC,OAAO,CAAC,CAAC;YAEtB,iCAAiC;YACjC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,iBAAiB,CAAC;YACzF,OAAO,CAAC,KAAK,CAAC,IAAI,SAAS,KAAK,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAEhE,MAAM,CAAC,IAAI,KAAK,CAAC,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,WAAW,CAAC,IAAc;IACvC,6DAA6D;IAC7D,gBAAgB,CAAC,IAAI,CAAC,CAAC;IAEvB,+DAA+D;IAC/D,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC;IAExC,sDAAsD;IACtD,MAAM,QAAQ,GAAG,aAAa,GAAG,IAAI,CAAC;IACtC,MAAM,iBAAiB,GAAG,aAAa,GAAG,QAAQ,CAAC;IAEnD,6DAA6D;IAC7D,+DAA+D;IAC/D,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,SAAS,CACnB;YACE,MAAM,EAAE,uBAAuB;YAC/B,OAAO,EACL,8DAA8D;YAChE,eAAe,EAAE;gBACf,MAAM,EAAE,aAAa;gBACrB,QAAQ,EAAE,KAAK;gBACf,SAAS,EAAE,IAAI,CAAC,YAAY;gBAC5B,OAAO,EAAE,IAAI,CAAC,gBAAgB;aAC/B;YACD,aAAa,EAAE;gBACb,SAAS,EAAE,QAAQ;gBACnB,iBAAiB,EAAE,IAAI;gBACvB,kBAAkB,EAAE,iBAAiB;aACtC;YACD,SAAS,EACP,oFAAoF;SACvF,EACD,IAAI,EACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,MAAM,OAAO,GAAG;QACd,MAAM;QACN,MAAM,CAAC,aAAa,CAAC;QACrB,KAAK;QACL,IAAI;QACJ,IAAI,CAAC,YAAY;QACjB,OAAO;QACP,IAAI,CAAC,gBAAgB;QACrB,QAAQ;QACR,WAAW,EAAE,uCAAuC;KACrD,CAAC;IAEF,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAAC,IAAmB;IACjD,6DAA6D;IAC7D,qBAAqB,CAAC,IAAI,CAAC,CAAC;IAE5B,MAAM,OAAO,GAAG;QACd,WAAW;QACX,IAAI,CAAC,QAAQ;QACb,IAAI,CAAC,cAAc;QACnB,QAAQ;QACR,WAAW,EAAE,sDAAsD;KACpE,CAAC;IAEF,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa;IAC1B,MAAM,OAAO,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACrC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc;IAC3B,MAAM,OAAO,GAAG,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACtC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,IAAiB;IAC7C,6DAA6D;IAC7D,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAE1B,MAAM,OAAO,GAAG,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEtC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa;IAC1B,MAAM,OAAO,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACrC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,17 @@
+#!/usr/bin/env node
+/**
+ * Ra Pay MCP Server - Entry Point
+ *
+ * MCP (Model Context Protocol) server for AI agent payment automation.
+ * Wraps Ra Pay CLI as subprocess, never sees credentials directly.
+ *
+ * @see MCP-SERVER-PLAN.md for full specification
+ * @see https://modelcontextprotocol.io for MCP protocol documentation
+ *
+ * Perplexity Security Review: APPROVED (98% confidence)
+ * - All 5 security gaps addressed
+ * - Privacy preserved (dumb pipe model intact)
+ * - No blockers
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;GAaG"}

package/dist/index.js

@@ -0,0 +1,111 @@
+#!/usr/bin/env node
+/**
+ * Ra Pay MCP Server - Entry Point
+ *
+ * MCP (Model Context Protocol) server for AI agent payment automation.
+ * Wraps Ra Pay CLI as subprocess, never sees credentials directly.
+ *
+ * @see MCP-SERVER-PLAN.md for full specification
+ * @see https://modelcontextprotocol.io for MCP protocol documentation
+ *
+ * Perplexity Security Review: APPROVED (98% confidence)
+ * - All 5 security gaps addressed
+ * - Privacy preserved (dumb pipe model intact)
+ * - No blockers
+ */
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { TOOLS, logToolIntegrity } from "./tools.js";
+import { handleToolCall } from "./handlers.js";
+/**
+ * Server metadata
+ */
+const SERVER_NAME = "rapay-mcp";
+const SERVER_VERSION = "1.1.3";
+/**
+ * Initialize MCP server
+ */
+const server = new Server({
+    name: SERVER_NAME,
+    version: SERVER_VERSION,
+}, {
+    capabilities: {
+        tools: {},
+    },
+});
+/**
+ * Handle tools/list request
+ * Returns all 6 MVP tools with their schemas
+ */
+server.setRequestHandler(ListToolsRequestSchema, async () => {
+    return {
+        tools: TOOLS,
+    };
+});
+/**
+ * Handle tools/call request
+ * Executes the requested tool via CLI subprocess
+ */
+server.setRequestHandler(CallToolRequestSchema, async (request) => {
+    const { name, arguments: args } = request.params;
+    try {
+        // Execute tool and get sanitized result
+        const result = await handleToolCall(name, args || {});
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: result,
+                },
+            ],
+        };
+    }
+    catch (error) {
+        // Return error as MCP error response
+        const errorMessage = error instanceof Error ? error.message : "Unknown error occurred";
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({
+                        error: "tool_execution_failed",
+                        code: "TOOL_EXECUTION_FAILED",
+                        message: errorMessage,
+                        retryable: false,
+                    }, null, 2),
+                },
+            ],
+            isError: true,
+        };
+    }
+});
+/**
+ * Start the MCP server with stdio transport
+ */
+async function main() {
+    const transport = new StdioServerTransport();
+    // Log to stderr (stdout is reserved for MCP protocol)
+    console.error(`[${SERVER_NAME}] Starting Ra Pay MCP Server v${SERVER_VERSION}`);
+    console.error(`[${SERVER_NAME}] Transport: stdio`);
+    console.error(`[${SERVER_NAME}] Tools: ${TOOLS.map((t) => t.name).join(", ")}`);
+    // Verify tool integrity on startup
+    logToolIntegrity();
+    await server.connect(transport);
+    console.error(`[${SERVER_NAME}] Server running`);
+}
+// Handle graceful shutdown
+process.on("SIGINT", () => {
+    console.error(`[${SERVER_NAME}] Shutting down...`);
+    process.exit(0);
+});
+process.on("SIGTERM", () => {
+    console.error(`[${SERVER_NAME}] Shutting down...`);
+    process.exit(0);
+});
+// Start server
+main().catch((error) => {
+    console.error(`[${SERVER_NAME}] Fatal error:`, error);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACrD,OAAO,EAAE,cAAc,EAAY,MAAM,eAAe,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,GAAG,WAAW,CAAC;AAChC,MAAM,cAAc,GAAG,OAAO,CAAC;AAE/B;;GAEG;AACH,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;IACE,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,cAAc;CACxB,EACD;IACE,YAAY,EAAE;QACZ,KAAK,EAAE,EAAE;KACV;CACF,CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;IAC1D,OAAO;QACL,KAAK,EAAE,KAAK;KACb,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;IAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAEjD,IAAI,CAAC;QACH,wCAAwC;QACxC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,EAAG,IAAiB,IAAI,EAAE,CAAC,CAAC;QAEpE,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,MAAM;iBACb;aACF;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,qCAAqC;QACrC,MAAM,YAAY,GAChB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC;QAEpE,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;wBACE,KAAK,EAAE,uBAAuB;wBAC9B,IAAI,EAAE,uBAAuB;wBAC7B,OAAO,EAAE,YAAY;wBACrB,SAAS,EAAE,KAAK;qBACjB,EACD,IAAI,EACJ,CAAC,CACF;iBACF;aACF;YACD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;GAEG;AACH,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAE7C,sDAAsD;IACtD,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,iCAAiC,cAAc,EAAE,CAAC,CAAC;IAChF,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,oBAAoB,CAAC,CAAC;IACnD,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,YAAY,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEhF,mCAAmC;IACnC,gBAAgB,EAAE,CAAC;IAEnB,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,kBAAkB,CAAC,CAAC;AACnD,CAAC;AAED,2BAA2B;AAC3B,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;IACxB,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,oBAAoB,CAAC,CAAC;IACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;IACzB,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,oBAAoB,CAAC,CAAC;IACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,eAAe;AACf,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,gBAAgB,EAAE,KAAK,CAAC,CAAC;IACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}