@rapay/mcp-server 1.1.4

package/dist/sanitize.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Ra Pay MCP Server - Response Sanitization
+ *
+ * Security layer to prevent prompt injection attacks.
+ * Filters out system markers and malicious patterns from CLI output.
+ * Includes Unicode NFC normalization to prevent homoglyph attacks.
+ *
+ * @see MCP-SERVER-PLAN.md - Security Requirements
+ */
+/**
+ * Sanitize MCP response to prevent injection attacks
+ *
+ * @param response - Raw CLI output string
+ * @returns Sanitized string safe for MCP response
+ */
+export declare function sanitizeResponse(response: string): string;
+/**
+ * Sanitize error messages
+ * More aggressive filtering for error output which may contain stack traces
+ *
+ * @param error - Error message or stack trace
+ * @returns Sanitized error message
+ */
+export declare function sanitizeError(error: string): string;
+/**
+ * Validate that a string doesn't contain injection attempts
+ * Returns true if safe, false if suspicious
+ *
+ * @param input - String to validate
+ * @returns Boolean indicating if input is safe
+ */
+export declare function isInputSafe(input: string): boolean;
+/**
+ * Sanitize JSON output specifically
+ * Ensures JSON structure is preserved while removing dangerous content
+ *
+ * @param jsonString - JSON string from CLI
+ * @returns Sanitized JSON string
+ */
+export declare function sanitizeJsonResponse(jsonString: string): string;
+//# sourceMappingURL=sanitize.d.ts.map

package/dist/sanitize.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../src/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAuEH;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAyBzD;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAYnD;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAWlD;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAa/D"}

package/dist/sanitize.js

@@ -0,0 +1,172 @@
+/**
+ * Ra Pay MCP Server - Response Sanitization
+ *
+ * Security layer to prevent prompt injection attacks.
+ * Filters out system markers and malicious patterns from CLI output.
+ * Includes Unicode NFC normalization to prevent homoglyph attacks.
+ *
+ * @see MCP-SERVER-PLAN.md - Security Requirements
+ */
+/**
+ * Normalize Unicode text to NFC (Canonical Composition) form.
+ * This prevents homoglyph attacks using decomposed characters.
+ * Example: "é" (U+00E9) vs "e" + "́" (U+0065 + U+0301) are normalized to same form.
+ *
+ * Note: This doesn't catch cross-script homoglyphs (Cyrillic а vs Latin a)
+ * but handles decomposed character attacks which are more common.
+ */
+function normalizeUnicode(text) {
+    return text.normalize("NFC");
+}
+/**
+ * Patterns that could be used for prompt injection
+ * These are filtered from all CLI output before returning to MCP clients
+ */
+const INJECTION_PATTERNS = [
+    /\[SYSTEM\]/gi,
+    /\[USER\]/gi,
+    /\[ASSISTANT\]/gi,
+    /\[INST\]/gi,
+    /\[\/INST\]/gi,
+    /<\|im_start\|>/gi,
+    /<\|im_end\|>/gi,
+    /<\|system\|>/gi,
+    /<\|user\|>/gi,
+    /<\|assistant\|>/gi,
+    /<<SYS>>/gi,
+    /<<\/SYS>>/gi,
+    /Human:/gi,
+    /Assistant:/gi,
+];
+/**
+ * ANSI escape sequence pattern
+ * Matches all ANSI terminal formatting codes
+ */
+const ANSI_PATTERN = /\x1b\[[0-9;]*[a-zA-Z]/g;
+/**
+ * Control character pattern (except newlines and tabs)
+ */
+const CONTROL_CHARS_PATTERN = /[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]/g;
+/**
+ * Unicode Tags pattern (U+E0000-U+E007F)
+ * These are invisible characters that can be used for:
+ * - Hidden text attacks (invisible instructions)
+ * - Watermarking attacks
+ * - Bypass detection systems
+ *
+ * Range: U+E0000 (TAG NULL) through U+E007F (TAG DELETE)
+ * These map to ASCII 0x00-0x7F but render invisibly
+ */
+const UNICODE_TAGS_PATTERN = /[\u{E0000}-\u{E007F}]/gu;
+/**
+ * Additional invisible Unicode characters that could be abused
+ * - Zero Width Space (U+200B)
+ * - Zero Width Non-Joiner (U+200C)
+ * - Zero Width Joiner (U+200D)
+ * - Word Joiner (U+2060)
+ * - Left-to-Right Mark (U+200E)
+ * - Right-to-Left Mark (U+200F)
+ * - Invisible Separator (U+2063)
+ * - Invisible Plus (U+2064)
+ */
+const INVISIBLE_CHARS_PATTERN = /[\u200B-\u200F\u2060-\u2064\uFEFF]/g;
+/**
+ * Sanitize MCP response to prevent injection attacks
+ *
+ * @param response - Raw CLI output string
+ * @returns Sanitized string safe for MCP response
+ */
+export function sanitizeResponse(response) {
+    // Step 0: Normalize Unicode to NFC form (prevents decomposed homoglyph attacks)
+    let sanitized = normalizeUnicode(response);
+    // Step 1: Remove ANSI escape sequences (terminal colors/formatting)
+    sanitized = sanitized.replace(ANSI_PATTERN, "");
+    // Step 2: Remove prompt injection patterns
+    for (const pattern of INJECTION_PATTERNS) {
+        sanitized = sanitized.replace(pattern, "");
+    }
+    // Step 3: Remove control characters (keep \n and \t)
+    sanitized = sanitized.replace(CONTROL_CHARS_PATTERN, "");
+    // Step 4: Remove Unicode Tags (invisible hidden text)
+    sanitized = sanitized.replace(UNICODE_TAGS_PATTERN, "");
+    // Step 5: Remove other invisible Unicode characters
+    sanitized = sanitized.replace(INVISIBLE_CHARS_PATTERN, "");
+    // Step 6: Trim whitespace
+    sanitized = sanitized.trim();
+    return sanitized;
+}
+/**
+ * Sanitize error messages
+ * More aggressive filtering for error output which may contain stack traces
+ *
+ * @param error - Error message or stack trace
+ * @returns Sanitized error message
+ */
+export function sanitizeError(error) {
+    let sanitized = sanitizeResponse(error);
+    // Remove file paths that might leak system info
+    sanitized = sanitized.replace(/[A-Z]:\\[^\s]+/gi, "[path]"); // Windows paths
+    sanitized = sanitized.replace(/\/(?:home|Users|var|tmp)[^\s]+/gi, "[path]"); // Unix paths
+    // Remove potential stack traces
+    sanitized = sanitized.replace(/at .+:\d+:\d+/g, ""); // JS stack traces
+    sanitized = sanitized.replace(/\s+at .+\(.+\)/g, ""); // Node.js stack traces
+    return sanitized.trim();
+}
+/**
+ * Validate that a string doesn't contain injection attempts
+ * Returns true if safe, false if suspicious
+ *
+ * @param input - String to validate
+ * @returns Boolean indicating if input is safe
+ */
+export function isInputSafe(input) {
+    // Normalize Unicode before checking (prevents decomposed homoglyph attacks)
+    const normalized = normalizeUnicode(input);
+    for (const pattern of INJECTION_PATTERNS) {
+        pattern.lastIndex = 0; // Reset stateful global regex before each test
+        if (pattern.test(normalized)) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Sanitize JSON output specifically
+ * Ensures JSON structure is preserved while removing dangerous content
+ *
+ * @param jsonString - JSON string from CLI
+ * @returns Sanitized JSON string
+ */
+export function sanitizeJsonResponse(jsonString) {
+    try {
+        // Parse and re-stringify to ensure valid JSON
+        const parsed = JSON.parse(jsonString);
+        // Recursively sanitize string values
+        const sanitized = sanitizeObject(parsed);
+        return JSON.stringify(sanitized, null, 2);
+    }
+    catch {
+        // If not valid JSON, sanitize as regular string
+        return sanitizeResponse(jsonString);
+    }
+}
+/**
+ * Recursively sanitize object string values
+ */
+function sanitizeObject(obj) {
+    if (typeof obj === "string") {
+        return sanitizeResponse(obj);
+    }
+    if (Array.isArray(obj)) {
+        return obj.map(sanitizeObject);
+    }
+    if (obj !== null && typeof obj === "object") {
+        const result = {};
+        for (const [key, value] of Object.entries(obj)) {
+            result[sanitizeResponse(key)] = sanitizeObject(value);
+        }
+        return result;
+    }
+    return obj;
+}
+//# sourceMappingURL=sanitize.js.map

package/dist/sanitize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize.js","sourceRoot":"","sources":["../src/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;;;;;GAOG;AACH,SAAS,gBAAgB,CAAC,IAAY;IACpC,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,MAAM,kBAAkB,GAAG;IACzB,cAAc;IACd,YAAY;IACZ,iBAAiB;IACjB,YAAY;IACZ,cAAc;IACd,kBAAkB;IAClB,gBAAgB;IAChB,gBAAgB;IAChB,cAAc;IACd,mBAAmB;IACnB,WAAW;IACX,aAAa;IACb,UAAU;IACV,cAAc;CACf,CAAC;AAEF;;;GAGG;AACH,MAAM,YAAY,GAAG,wBAAwB,CAAC;AAE9C;;GAEG;AACH,MAAM,qBAAqB,GAAG,oCAAoC,CAAC;AAEnE;;;;;;;;;GASG;AACH,MAAM,oBAAoB,GAAG,yBAAyB,CAAC;AAEvD;;;;;;;;;;GAUG;AACH,MAAM,uBAAuB,GAAG,qCAAqC,CAAC;AAEtE;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,gFAAgF;IAChF,IAAI,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAE3C,oEAAoE;IACpE,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IAEhD,2CAA2C;IAC3C,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,qDAAqD;IACrD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC;IAEzD,sDAAsD;IACtD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;IAExD,oDAAoD;IACpD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;IAE3D,0BAA0B;IAC1B,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IAE7B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,IAAI,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAExC,gDAAgD;IAChD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC,CAAC,gBAAgB;IAC7E,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,kCAAkC,EAAE,QAAQ,CAAC,CAAC,CAAC,aAAa;IAE1F,gCAAgC;IAChC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CAAC,kBAAkB;IACvE,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB;IAE7E,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,4EAA4E;IAC5E,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAE3C,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,CAAE,+CAA+C;QACvE,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7B,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAkB;IACrD,IAAI,CAAC;QACH,8CAA8C;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAEtC,qCAAqC;QACrC,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QAEzC,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,gDAAgD;QAChD,OAAO,gBAAgB,CAAC,UAAU,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,GAAY;IAClC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACjC,CAAC;IAED,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/tools.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Ra Pay MCP Server - Tool Definitions
+ *
+ * 6 MVP Tools (Perplexity-approved):
+ * - 3 Payment Operations (SENSITIVE)
+ * - 3 Query Operations (Read-only)
+ *
+ * @see MCP-SERVER-PLAN.md for full specification
+ */
+import type { Tool } from "@modelcontextprotocol/sdk/types.js";
+/**
+ * All 6 MVP tools combined
+ */
+export declare const TOOLS: Tool[];
+/**
+ * Tool names that require user confirmation (SENSITIVE operations)
+ */
+export declare const SENSITIVE_TOOLS: Set<string>;
+/**
+ * Check if a tool is a sensitive payment operation
+ */
+export declare function isSensitiveTool(toolName: string): boolean;
+/**
+ * Compute the integrity hash of the tool definitions
+ * Hash is based on tool names and their input schemas (deterministic)
+ */
+export declare function computeToolHash(): string;
+/**
+ * Verify tool definitions haven't been tampered with
+ * Returns true if hash matches expected value
+ */
+export declare function verifyToolIntegrity(): {
+    valid: boolean;
+    hash: string;
+    expected: string;
+};
+/**
+ * Log tool integrity status (for debugging)
+ */
+export declare function logToolIntegrity(): void;
+//# sourceMappingURL=tools.d.ts.map

package/dist/tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAmI/D;;GAEG;AACH,eAAO,MAAM,KAAK,EAAE,IAAI,EAAuC,CAAC;AAEhE;;GAEG;AACH,eAAO,MAAM,eAAe,aAAoD,CAAC;AAEjF;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAEzD;AAoBD;;;GAGG;AACH,wBAAgB,eAAe,IAAI,MAAM,CAWxC;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CASxF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAYvC"}

package/dist/tools.js

@@ -0,0 +1,209 @@
+/**
+ * Ra Pay MCP Server - Tool Definitions
+ *
+ * 6 MVP Tools (Perplexity-approved):
+ * - 3 Payment Operations (SENSITIVE)
+ * - 3 Query Operations (Read-only)
+ *
+ * @see MCP-SERVER-PLAN.md for full specification
+ */
+import { createHash } from "crypto";
+/**
+ * Payment operations - marked SENSITIVE for MCP client approval UI
+ */
+const PAYMENT_TOOLS = [
+    {
+        name: "ra_send",
+        description: "SENSITIVE: Send a payment. TWO-STEP PROCESS REQUIRED: " +
+            "Step 1: Call with user_confirmed=false to get fee preview (NO payment is made). " +
+            "Step 2: Show the fee_breakdown from the response to the user and ask them to confirm. " +
+            "Step 3: ONLY after user explicitly approves the fee, call again with user_confirmed=true. " +
+            "A 5% Ra Pay application fee applies. The preview shows exact fees before any money moves. " +
+            "COMPLIANCE SCREENING REQUIRED: Before processing, you MUST verify the business_purpose does NOT contain: " +
+            "(1) P2P patterns: friend, family, roommate, reimbursement for personal expenses, splitting bills, payback, loan, gift, birthday, holiday " +
+            "(2) Money laundering red flags: gift cards, prepaid cards, cryptocurrency purchase, wire transfer " +
+            "(3) Vague purposes: 'for services', 'payment', 'transfer' without specifics " +
+            "(4) Gibberish: repetitive characters (aaaa), random letters (adlkfjal), or repeated words (test test test). " +
+            "If detected, WARN the user that Ra Pay is for business transactions only and ask them to provide a legitimate business purpose.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                amount: {
+                    type: "number",
+                    description: "Amount to send in USD cents (e.g., 10000 = $100.00). Minimum: 100 cents ($1.00)",
+                },
+                recipient_id: {
+                    type: "string",
+                    description: "Stripe connected account ID (format: acct_xxx). Must be a valid Stripe account.",
+                    pattern: "^acct_[a-zA-Z0-9]+$",
+                },
+                business_purpose: {
+                    type: "string",
+                    description: "Business purpose for this payment (10-200 characters). Required for compliance. " +
+                        "Must describe actual goods or services rendered (e.g., 'Logo design work', 'API consulting'). " +
+                        "REJECT purposes containing: friend, family, roommate, reimbursement, loan, gift, birthday, " +
+                        "gift card, prepaid card, splitting bills, payback, personal expense, crypto, bitcoin. " +
+                        "ALSO REJECT gibberish: repetitive chars (aaaa), random letters, repeated words (test test test). " +
+                        "Ra Pay is a B2B payment platform - NOT for peer-to-peer transfers. " +
+                        "Valid examples: 'Freelance development work - Invoice #123', 'API consulting services - March 2026'. " +
+                        "Invalid examples: 'Lunch reimbursement', 'Gift for friend', 'Gift cards for team', 'aaaaaaaaaa', 'asdfghjkl'.",
+                    minLength: 10,
+                    maxLength: 200,
+                },
+                user_confirmed: {
+                    type: "boolean",
+                    description: "REQUIRED. Must be false on first call to get fee preview. " +
+                        "Only set to true AFTER showing user the fee_breakdown and getting their explicit approval.",
+                },
+            },
+            required: ["amount", "recipient_id", "business_purpose", "user_confirmed"],
+        },
+    },
+    {
+        name: "ra_subscribe",
+        description: "SENSITIVE: Create a subscription for a customer. Sets up recurring payments using a Stripe price. " +
+            "Requires explicit user confirmation. Use 'ra create-price' to create prices first.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                price_id: {
+                    type: "string",
+                    description: "Stripe price ID (format: price_xxx). Create prices with 'ra create-price' command.",
+                    pattern: "^price_[a-zA-Z0-9]+$",
+                },
+                customer_email: {
+                    type: "string",
+                    description: "Customer email address for the subscription",
+                    format: "email",
+                },
+            },
+            required: ["price_id", "customer_email"],
+        },
+    },
+    {
+        name: "ra_refund",
+        description: "SENSITIVE: Open Stripe Dashboard to process refunds. " +
+            "For security, refunds are processed through the Stripe Dashboard interface. " +
+            "This opens your browser to the refund management page.",
+        inputSchema: {
+            type: "object",
+            properties: {},
+            required: [],
+        },
+    },
+];
+/**
+ * Query operations - Read-only, no SENSITIVE marker needed
+ */
+const QUERY_TOOLS = [
+    {
+        name: "ra_balance",
+        description: "Check available balance in your Ra Pay account. " +
+            "Returns current balance, pending amounts, and payout schedule.",
+        inputSchema: {
+            type: "object",
+            properties: {},
+            required: [],
+        },
+    },
+    {
+        name: "ra_history",
+        description: "Get transaction history from your Ra Pay account. " +
+            "Returns recent payments, subscriptions, and refunds with timestamps and status.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                limit: {
+                    type: "number",
+                    description: "Number of transactions to retrieve (default: 10, max: 100)",
+                    minimum: 1,
+                    maximum: 100,
+                },
+            },
+            required: [],
+        },
+    },
+    {
+        name: "ra_whoami",
+        description: "Check account status and identity. " +
+            "Returns user ID, Stripe account status, verification status, and account tier.",
+        inputSchema: {
+            type: "object",
+            properties: {},
+            required: [],
+        },
+    },
+];
+/**
+ * All 6 MVP tools combined
+ */
+export const TOOLS = [...PAYMENT_TOOLS, ...QUERY_TOOLS];
+/**
+ * Tool names that require user confirmation (SENSITIVE operations)
+ */
+export const SENSITIVE_TOOLS = new Set(["ra_send", "ra_subscribe", "ra_refund"]);
+/**
+ * Check if a tool is a sensitive payment operation
+ */
+export function isSensitiveTool(toolName) {
+    return SENSITIVE_TOOLS.has(toolName);
+}
+/**
+ * Tool Integrity Verification
+ *
+ * Generates a SHA-256 hash of the tool definitions to detect tampering.
+ * This hash should match the expected value from the official release.
+ */
+/**
+ * Expected hash of tool definitions (update when tools change)
+ * This is the SHA-256 hash of the sorted tool names and their input schemas.
+ *
+ * To regenerate after modifying tools:
+ * 1. Run the MCP server with RAPAY_DEBUG=1
+ * 2. The computed hash will be logged
+ * 3. Update this constant with the new hash
+ */
+const EXPECTED_TOOL_HASH = "pending-initial-release";
+/**
+ * Compute the integrity hash of the tool definitions
+ * Hash is based on tool names and their input schemas (deterministic)
+ */
+export function computeToolHash() {
+    // Create a deterministic representation of tools
+    const toolData = TOOLS.map((tool) => ({
+        name: tool.name,
+        inputSchema: tool.inputSchema,
+    }))
+        .sort((a, b) => a.name.localeCompare(b.name))
+        .map((t) => JSON.stringify(t))
+        .join("|");
+    return createHash("sha256").update(toolData).digest("hex").substring(0, 16);
+}
+/**
+ * Verify tool definitions haven't been tampered with
+ * Returns true if hash matches expected value
+ */
+export function verifyToolIntegrity() {
+    const computedHash = computeToolHash();
+    const isValid = EXPECTED_TOOL_HASH === "pending-initial-release" || computedHash === EXPECTED_TOOL_HASH;
+    return {
+        valid: isValid,
+        hash: computedHash,
+        expected: EXPECTED_TOOL_HASH,
+    };
+}
+/**
+ * Log tool integrity status (for debugging)
+ */
+export function logToolIntegrity() {
+    const { valid, hash, expected } = verifyToolIntegrity();
+    if (process.env.RAPAY_DEBUG) {
+        console.error(`[TOOL_INTEGRITY] Computed hash: ${hash}`);
+        console.error(`[TOOL_INTEGRITY] Expected hash: ${expected}`);
+    }
+    if (!valid) {
+        console.error(`[SECURITY WARNING] Tool definitions may have been modified!`);
+        console.error(`[SECURITY WARNING] Expected: ${expected}, Got: ${hash}`);
+    }
+}
+//# sourceMappingURL=tools.js.map

package/dist/tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.js","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC;;GAEG;AACH,MAAM,aAAa,GAAW;IAC5B;QACE,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,wDAAwD;YACnE,kFAAkF;YAClF,wFAAwF;YACxF,4FAA4F;YAC5F,4FAA4F;YAC5F,2GAA2G;YAC3G,2IAA2I;YAC3I,oGAAoG;YACpG,8EAA8E;YAC9E,8GAA8G;YAC9G,iIAAiI;QACnI,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,iFAAiF;iBAC/F;gBACD,YAAY,EAAE;oBACZ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,iFAAiF;oBAC9F,OAAO,EAAE,qBAAqB;iBAC/B;gBACD,gBAAgB,EAAE;oBAChB,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,kFAAkF;wBAC7F,gGAAgG;wBAChG,6FAA6F;wBAC7F,wFAAwF;wBACxF,mGAAmG;wBACnG,qEAAqE;wBACrE,uGAAuG;wBACvG,+GAA+G;oBACjH,SAAS,EAAE,EAAE;oBACb,SAAS,EAAE,GAAG;iBACf;gBACD,cAAc,EAAE;oBACd,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,4DAA4D;wBACvE,4FAA4F;iBAC/F;aACF;YACD,QAAQ,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,kBAAkB,EAAE,gBAAgB,CAAC;SAC3E;KACF;IACD;QACE,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,oGAAoG;YAC/G,oFAAoF;QACtF,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,oFAAoF;oBACjG,OAAO,EAAE,sBAAsB;iBAChC;gBACD,cAAc,EAAE;oBACd,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,6CAA6C;oBAC1D,MAAM,EAAE,OAAO;iBAChB;aACF;YACD,QAAQ,EAAE,CAAC,UAAU,EAAE,gBAAgB,CAAC;SACzC;KACF;IACD;QACE,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,uDAAuD;YAClE,8EAA8E;YAC9E,wDAAwD;QAC1D,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,EAAE;SACb;KACF;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,GAAW;IAC1B;QACE,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,kDAAkD;YAC7D,gEAAgE;QAClE,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,EAAE;SACb;KACF;IACD;QACE,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,oDAAoD;YAC/D,iFAAiF;QACnF,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,4DAA4D;oBACzE,OAAO,EAAE,CAAC;oBACV,OAAO,EAAE,GAAG;iBACb;aACF;YACD,QAAQ,EAAE,EAAE;SACb;KACF;IACD;QACE,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,qCAAqC;YAChD,gFAAgF;QAClF,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,EAAE;SACb;KACF;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,KAAK,GAAW,CAAC,GAAG,aAAa,EAAE,GAAG,WAAW,CAAC,CAAC;AAEhE;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC,CAAC;AAEjF;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,OAAO,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACvC,CAAC;AAED;;;;;GAKG;AAEH;;;;;;;;GAQG;AACH,MAAM,kBAAkB,GAAG,yBAAyB,CAAC;AAErD;;;GAGG;AACH,MAAM,UAAU,eAAe;IAC7B,iDAAiD;IACjD,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACpC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,WAAW,EAAE,IAAI,CAAC,WAAW;KAC9B,CAAC,CAAC;SACA,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;SAC5C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;SAC7B,IAAI,CAAC,GAAG,CAAC,CAAC;IAEb,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,kBAAkB,KAAK,yBAAyB,IAAI,YAAY,KAAK,kBAAkB,CAAC;IAExG,OAAO;QACL,KAAK,EAAE,OAAO;QACd,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,kBAAkB;KAC7B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,mBAAmB,EAAE,CAAC;IAExD,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,mCAAmC,IAAI,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,KAAK,CAAC,mCAAmC,QAAQ,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;QAC7E,OAAO,CAAC,KAAK,CAAC,gCAAgC,QAAQ,UAAU,IAAI,EAAE,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC"}

package/package.json

@@ -0,0 +1,67 @@
+{
+  "name": "@rapay/mcp-server",
+  "version": "1.1.4",
+  "description": "Ra Pay MCP Server for Claude Desktop and Claude Code - AI Agent Payment Infrastructure",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "rapay-mcp-server": "dist/index.js",
+    "@rapay/mcp-server": "dist/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node dist/index.js",
+    "lint": "eslint src/",
+    "test": "vitest",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "rapay",
+    "payments",
+    "stripe",
+    "ai-agents",
+    "claude",
+    "automation"
+  ],
+  "author": "Ra Pay",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Ra-Pay-AI/rapay"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "peerDependencies": {
+    "@rapay/cli": "^1.3.0"
+  },
+  "peerDependenciesMeta": {
+    "@rapay/cli": {
+      "optional": true
+    }
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "cross-spawn": "^7.0.6"
+  },
+  "devDependencies": {
+    "@types/node": "^20.10.0",
+    "@types/cross-spawn": "^6.0.6",
+    "typescript": "^5.3.0",
+    "vitest": "^1.0.0",
+    "eslint": "^8.55.0",
+    "@typescript-eslint/eslint-plugin": "^6.13.0",
+    "@typescript-eslint/parser": "^6.13.0"
+  },
+  "files": [
+    "dist/",
+    "README.md"
+  ]
+}