npm - @rapay/mcp-server - Versions diffs - 1.2.3 → 1.2.5 - Mend

@rapay/mcp-server 1.2.3 → 1.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 MCP Contributors
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md CHANGED Viewed

@@ -1,343 +1,153 @@
-# Ra Pay MCP Server
-MCP (Model Context Protocol) server for AI agent payment automation. Enables Claude Desktop, Claude API, and ChatGPT to execute payments via Ra Pay CLI.
-**Status:** Perplexity Security Review APPROVED (98% confidence)
-## Features
-- 6 MVP tools for payment operations
-- Subprocess isolation (credentials never leave keyring)
-- Response sanitization (prevents prompt injection)
-- Rate limiting (1 payment/min, 10 queries/min)
-- Audit logging
-## Installation
-### Prerequisites
-- Node.js 18+
-- Ra Pay CLI installed and authenticated (`ra link-bank`)
-### Setup
-```bash
-cd rapay/mcp-server
-npm install
-npm run build
-```
-### Claude Desktop Configuration
-**macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json`
-```json
-{
-  "mcpServers": {
-    "rapay": {
-      "command": "node",
-      "args": ["/Users/yourname/rapay/mcp-server/dist/index.js"]
-    }
-  }
-}
-```
-**Windows:** `%APPDATA%\Claude\claude_desktop_config.json`
-```json
-{
-  "mcpServers": {
-    "rapay": {
-      "command": "node",
-      "args": ["C:\\Users\\yourname\\rapay\\mcp-server\\dist\\index.js"]
-    }
-  }
-}
-```
-**With custom CLI path:**
-```json
-{
-  "mcpServers": {
-    "rapay": {
-      "command": "node",
-      "args": ["/path/to/rapay/mcp-server/dist/index.js"],
-      "env": {
-        "RAPAY_CLI_PATH": "/custom/path/to/ra"
-      }
-    }
-  }
-}
-```
-After adding, restart Claude Desktop. You should see "rapay" in the MCP servers list.
-## Tools
-### Payment Operations (SENSITIVE)
-| Tool | Description |
-|------|-------------|
-| `ra_send` | Execute a payment transaction |
-| `ra_subscribe` | Create a subscription for a customer |
-| `ra_refund` | Open Stripe Dashboard for refunds |
-### Query Operations
-| Tool | Description |
-|------|-------------|
-| `ra_balance` | Check available balance |
-| `ra_history` | Get transaction history |
-| `ra_whoami` | Check account status |
-## Security
-### Subprocess Isolation
-MCP server spawns Ra Pay CLI as subprocess. Credentials remain in OS keyring - MCP server never sees them directly.
-### Response Sanitization
-All CLI output is sanitized to prevent prompt injection:
-- ANSI escape sequences removed
-- System markers filtered (`[SYSTEM]`, `[USER]`, etc.)
-- Control characters stripped
-### Rate Limiting
-Defense-in-depth layer at MCP level:
-| Tool | Limit |
-|------|-------|
-| `ra_send` | 1 per 60 seconds |
-| `ra_subscribe` | 1 per 60 seconds |
-| `ra_refund` | 5 per 60 seconds |
-| `ra_balance` | 10 per 60 seconds |
-| `ra_history` | 10 per 60 seconds |
-| `ra_whoami` | 20 per 60 seconds |
-Note: Backend also enforces velocity controls (account-tier daily limits).
-## Privacy & Data Storage
-Ra Pay is designed as a "dumb pipe" to Stripe:
-**What Ra Pay stores:**
-- Your user ID
-- Your Stripe account ID (encrypted)
-- Action logs: "payment sent", "balance checked" (no amounts)
-- Transaction audit trail with Stripe transfer IDs
-**What Ra Pay does NOT store:**
-- Your payment amounts
-- Recipient details
-- Payment descriptions
-- Your account balance
-- Any personally identifiable information (Stripe handles KYC)
-**What MCP server adds:**
-- Client type tracking ("called via Claude Desktop")
-- Tool call audit logs (same privacy level as above)
-- No new PII storage
-## Configuration
-### Environment Variables
-| Variable | Description | Default |
-|----------|-------------|---------|
-| `RAPAY_CLI_PATH` | Path to Ra Pay CLI executable | `ra` |
-### Audit Logging
-Logs are written to `~/.rapay/mcp-audit.log` with 7-day retention:
-- Tool name, timestamp, duration
-- Result (success/error/rate_limited)
-- Sanitized inputs (amounts redacted, emails masked)
-## Error Handling
-### Error Codes
-| Code | Description | Retryable |
-|------|-------------|-----------|
-| `RATE_LIMIT_EXCEEDED` | MCP rate limit hit | No (wait) |
-| `CLI_NOT_FOUND` | Ra Pay CLI not installed | No |
-| `TOS_ACCEPTANCE_REQUIRED` | ToS not accepted | No |
-| `ACCOUNT_NOT_LINKED` | Stripe account not linked | No |
-| `VELOCITY_EXCEEDED` | Daily limit exceeded | No |
-| `TIMEOUT` | Request timed out | Yes |
-| `NETWORK_ERROR` | Network connectivity issue | Yes |
-| `EXECUTION_FAILED` | Generic CLI error | No |
-### Rate Limit Error
-```json
-{
-  "error": "rate_limit_exceeded",
-  "code": "RATE_LIMIT_EXCEEDED",
-  "message": "Too many requests. Please wait 60 seconds.",
-  "retry_after_seconds": 60,
-  "retryable": false
-}
-```
-### CLI Not Found Error
-```json
-{
-  "error": "cli_not_found",
-  "code": "CLI_NOT_FOUND",
-  "message": "Ra Pay CLI not found. Please install it first.",
-  "retryable": false
-}
-```
-### ToS Required Error
-```json
-{
-  "error": "tos_required",
-  "code": "TOS_ACCEPTANCE_REQUIRED",
-  "message": "Terms of Service must be accepted. Run 'ra accept-tos' first.",
-  "retryable": false
-}
-```
-### For Claude API Callers: Exponential Backoff
-If you receive `RATE_LIMIT_EXCEEDED`, implement exponential backoff:
-```typescript
-const maxRetries = 3;
-let delay = 60; // seconds
-for (let attempt = 0; attempt < maxRetries; attempt++) {
-  try {
-    return await mcp.callTool('ra_send', params);
-  } catch (error) {
-    if (error.code === 'RATE_LIMIT_EXCEEDED') {
-      console.log(`Rate limited. Waiting ${delay}s before retry...`);
-      await sleep(delay * 1000);
-      delay *= 2; // exponential backoff
-    } else {
-      throw error;
-    }
-  }
-}
-// DO NOT:
-// - Retry immediately (wastes time, still rate limited)
-// - Retry more than 3 times (indicates genuine rate limit)
-// - Ignore retry_after_seconds field
-```
-Note: MCP rate limiting is client-side defense-in-depth. Backend also enforces velocity controls per account tier.
-## Data Flow
-```
-You (Claude Desktop/API)
-    |
-    v
-MCP Server (this package)
-    | - Logs tool calls (no amounts/PII)
-    | - Rate limits requests
-    | - Sanitizes responses
-    v
-Ra Pay CLI (subprocess)
-    | - Credentials in OS keyring
-    | - Adds replay protection
-    v
-Ra Pay Backend
-    | - Validates requests
-    | - Enforces velocity limits
-    v
-Stripe API
-    | - Owns all PII
-    | - Processes payments
-    v
-Recipient's Bank
-```
-All sensitive data flows directly to Stripe. Ra Pay only records that an action occurred.
-## Security Model
-This section documents the security posture of the published npm package.
-### What's Published to npm
-| Category | Included | Excluded |
-|----------|----------|----------|
-| Compiled JavaScript | Yes | - |
-| TypeScript declarations | Yes | - |
-| Source maps (.js.map) | No | Excluded for code privacy |
-| Source code (src/) | No | Development only |
-### Intentionally Public Information
-| Metadata | Value | Rationale |
-|----------|-------|-----------|
-| Repository | github.com/Ra-Pay-AI/rapay | Open source by design |
-| Author | Ra Pay | Company name |
-| License | MIT | Standard permissive license |
-| Keywords | mcp, payments, stripe, claude | Discoverability |
-### Security Features Exposed (By Design)
-These are documented for users and do not represent vulnerabilities:
-- **Rate limiting rules** - Users need to know limits to implement backoff
-- **Error codes** - Required for proper error handling
-- **Tool schemas** - Required by MCP protocol specification
-- **Audit log location** (~/.rapay/mcp-audit.log) - Users may need to inspect
-### What Is NOT Exposed
-| Category | Protection |
-|----------|------------|
-| API keys/secrets | Never in code (OS keyring only) |
-| Backend URLs | Only public rapay.ai endpoints |
-| User data | Subprocess isolation, never in MCP process |
-| Payment amounts | Redacted as `[redacted]` in all logs |
-| Email addresses | Masked (j***@example.com) in audit logs |
-### Subprocess Isolation Model
-```
-┌─────────────────────┐
-│  AI Agent (Claude)  │
-└─────────┬───────────┘
-          │ MCP Protocol (stdio)
-          ▼
-┌─────────────────────┐
-│  MCP Server (npm)   │  ← No credentials here
-│  - Rate limiting    │
-│  - Input validation │
-│  - Response sanitize│
-└─────────┬───────────┘
-          │ Spawns subprocess
-          ▼
-┌─────────────────────┐
-│  Ra Pay CLI         │  ← Credentials in OS keyring
-│  - Session tokens   │
-│  - Stripe API calls │
-└─────────────────────┘
-```
-The MCP server never has access to credentials. All sensitive operations are delegated to the CLI subprocess, which reads credentials directly from the OS keyring.
-## Development
-```bash
-npm run dev    # Watch mode
-npm run build  # Build
-npm run lint   # Lint
-npm run test   # Test
-```
-## License
-MIT
+# MCP Registry
+The MCP registry provides MCP clients with a list of MCP servers, like an app store for MCP servers.
+[**📤 Publish my MCP server**](docs/modelcontextprotocol-io/quickstart.mdx) | [**⚡️ Live API docs**](https://registry.modelcontextprotocol.io/docs) | [**👀 Ecosystem vision**](docs/design/ecosystem-vision.md) | 📖 **[Full documentation](./docs)**
+## Development Status
+**2025-10-24 update**: The Registry API has entered an **API freeze (v0.1)** 🎉. For the next month or more, the API will remain stable with no breaking changes, allowing integrators to confidently implement support. This freeze applies to v0.1 while development continues on v0. We'll use this period to validate the API in real-world integrations and gather feedback to shape v1 for general availability. Thank you to everyone for your contributions and patience—your involvement has been key to getting us here!
+**2025-09-08 update**: The registry has launched in preview 🎉 ([announcement blog post](https://blog.modelcontextprotocol.io/posts/2025-09-08-mcp-registry-preview/)). While the system is now more stable, this is still a preview release and breaking changes or data resets may occur. A general availability (GA) release will follow later. We'd love your feedback in [GitHub discussions](https://github.com/modelcontextprotocol/registry/discussions/new?category=ideas) or in the [#registry-dev Discord](https://discord.com/channels/1358869848138059966/1369487942862504016) ([joining details here](https://modelcontextprotocol.io/community/communication)).
+Current key maintainers:
+- **Adam Jones** (Anthropic) [@domdomegg](https://github.com/domdomegg)
+- **Tadas Antanavicius** (PulseMCP) [@tadasant](https://github.com/tadasant)
+- **Toby Padilla** (GitHub) [@toby](https://github.com/toby)
+- **Radoslav (Rado) Dimitrov** (Stacklok) [@rdimitrov](https://github.com/rdimitrov)
+## Contributing
+We use multiple channels for collaboration - see [modelcontextprotocol.io/community/communication](https://modelcontextprotocol.io/community/communication).
+Often (but not always) ideas flow through this pipeline:
+- **[Discord](https://modelcontextprotocol.io/community/communication)** - Real-time community discussions
+- **[Discussions](https://github.com/modelcontextprotocol/registry/discussions)** - Propose and discuss product/technical requirements
+- **[Issues](https://github.com/modelcontextprotocol/registry/issues)** - Track well-scoped technical work
+- **[Pull Requests](https://github.com/modelcontextprotocol/registry/pulls)** - Contribute work towards issues
+### Quick start:
+#### Pre-requisites
+- **Docker**
+- **Go 1.24.x**
+- **ko** - Container image builder for Go ([installation instructions](https://ko.build/install/))
+- **golangci-lint v2.4.0**
+#### Running the server
+```bash
+# Start full development environment
+make dev-compose
+```
+This starts the registry at [`localhost:8080`](http://localhost:8080) with PostgreSQL. The database uses ephemeral storage and is reset each time you restart the containers, ensuring a clean state for development and testing.
+**Note:** The registry uses [ko](https://ko.build) to build container images. The `make dev-compose` command automatically builds the registry image with ko and loads it into your local Docker daemon before starting the services.
+By default, the registry seeds from the production API with a filtered subset of servers (to keep startup fast). This ensures your local environment mirrors production behavior and all seed data passes validation. For offline development you can seed from a file without validation with `MCP_REGISTRY_SEED_FROM=data/seed.json MCP_REGISTRY_ENABLE_REGISTRY_VALIDATION=false make dev-compose`.
+The setup can be configured with environment variables in [docker-compose.yml](./docker-compose.yml) - see [.env.example](./.env.example) for a reference.
+<details>
+<summary>Alternative: Running a pre-built Docker image</summary>
+Pre-built Docker images are automatically published to GitHub Container Registry:
+```bash
+# Run latest stable release
+docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:latest
+# Run latest from main branch (continuous deployment)
+docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:main
+# Run specific release version
+docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:v1.0.0
+# Run development build from main branch
+docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:main-20250906-abc123d
+```
+**Available tags:**
+- **Releases**: `latest`, `v1.0.0`, `v1.1.0`, etc.
+- **Continuous**: `main` (latest main branch build)
+- **Development**: `main-<date>-<sha>` (specific commit builds)
+</details>
+#### Publishing a server
+To publish a server, we've built a simple CLI. You can use it with:
+```bash
+# Build the latest CLI
+make publisher
+# Use it!
+./bin/mcp-publisher --help
+```
+See [the publisher guide](./docs/modelcontextprotocol-io/quickstart.mdx) for more details.
+#### Other commands
+```bash
+# Run lint, unit tests and integration tests
+make check
+```
+There are also a few more helpful commands for development. Run `make help` to learn more, or look in [Makefile](./Makefile).
+<!--
+For Claude and other AI tools: Always prefer make targets over custom commands where possible.
+-->
+## Architecture
+### Project Structure
+```
+├── cmd/                     # Application entry points
+│   └── publisher/           # Server publishing tool
+├── data/                    # Seed data
+├── deploy/                  # Deployment configuration (Pulumi)
+├── docs/                    # Documentation
+├── internal/                # Private application code
+│   ├── api/                 # HTTP handlers and routing
+│   ├── auth/                # Authentication (GitHub OAuth, JWT, namespace blocking)
+│   ├── config/              # Configuration management
+│   ├── database/            # Data persistence (PostgreSQL)
+│   ├── service/             # Business logic
+│   ├── telemetry/           # Metrics and monitoring
+│   └── validators/          # Input validation
+├── pkg/                     # Public packages
+│   ├── api/                 # API types and structures
+│   │   └── v0/              # Version 0 API types
+│   └── model/               # Data models for server.json
+├── scripts/                 # Development and testing scripts
+├── tests/                   # Integration tests
+└── tools/                   # CLI tools and utilities
+    └── validate-*.sh        # Schema validation tools
+```
+### Authentication
+Publishing supports multiple authentication methods:
+- **GitHub OAuth** - For publishing by logging into GitHub
+- **GitHub OIDC** - For publishing from GitHub Actions
+- **DNS verification** - For proving ownership of a domain and its subdomains
+- **HTTP verification** - For proving ownership of a domain
+The registry validates namespace ownership when publishing. E.g. to publish...:
+- `io.github.domdomegg/my-cool-mcp` you must login to GitHub as `domdomegg`, or be in a GitHub Action on domdomegg's repos
+- `me.adamjones/my-cool-mcp` you must prove ownership of `adamjones.me` via DNS or HTTP challenge
+## Community Projects
+Check out [community projects](docs/community-projects.md) to explore notable registry-related work created by the community.
+## More documentation
+See the [documentation](./docs) for more details if your question has not been answered here!

package/dist/index.d.ts CHANGED Viewed

@@ -13,5 +13,5 @@
  * - Privacy preserved (dumb pipe model intact)
  * - No blockers
  */
-export declare const SERVER_VERSION = "1.2.3";
+export declare const SERVER_VERSION = "1.2.5";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js CHANGED Viewed

@@ -23,7 +23,7 @@ import { checkForUpdates } from "./version-check.js";
  * Server metadata
  */
 const SERVER_NAME = "rapay-mcp";
-export const SERVER_VERSION = "1.2.3";
+export const SERVER_VERSION = "1.2.5";
 /**
  * Initialize MCP server
  */

package/dist/tools.d.ts CHANGED Viewed

@@ -24,7 +24,7 @@ export declare const SENSITIVE_TOOLS: Set<string>;
 export declare function isSensitiveTool(toolName: string): boolean;
 /**
  * Compute the integrity hash of the tool definitions
- * Hash is based on tool names and their input schemas (deterministic)
+ * Hash is based on tool names, input schemas, and annotations (deterministic)
  */
 export declare function computeToolHash(): string;
 /**

package/dist/tools.js CHANGED Viewed

@@ -60,6 +60,13 @@ const PAYMENT_TOOLS = [
             },
             required: ["amount", "recipient_id", "business_purpose", "user_confirmed"],
         },
+        annotations: {
+            title: "Send Payment",
+            readOnlyHint: false,
+            destructiveHint: true,
+            idempotentHint: false,
+            openWorldHint: true,
+        },
     },
     {
         name: "ra_refund",
@@ -71,6 +78,13 @@ const PAYMENT_TOOLS = [
             properties: {},
             required: [],
         },
+        annotations: {
+            title: "Process Refund",
+            readOnlyHint: false,
+            destructiveHint: true,
+            idempotentHint: false,
+            openWorldHint: true,
+        },
     },
 ];
 /**
@@ -86,6 +100,13 @@ const QUERY_TOOLS = [
             properties: {},
             required: [],
         },
+        annotations: {
+            title: "Check Balance",
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: true,
+        },
     },
     {
         name: "ra_history",
@@ -103,6 +124,13 @@ const QUERY_TOOLS = [
             },
             required: [],
         },
+        annotations: {
+            title: "Transaction History",
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: true,
+        },
     },
     {
         name: "ra_whoami",
@@ -113,6 +141,13 @@ const QUERY_TOOLS = [
             properties: {},
             required: [],
         },
+        annotations: {
+            title: "Account Info",
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: true,
+        },
     },
     {
         name: "ra_dashboard",
@@ -123,6 +158,13 @@ const QUERY_TOOLS = [
             properties: {},
             required: [],
         },
+        annotations: {
+            title: "Open Dashboard",
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: true,
+        },
     },
     {
         name: "ra_dispute",
@@ -134,6 +176,13 @@ const QUERY_TOOLS = [
             properties: {},
             required: [],
         },
+        annotations: {
+            title: "Manage Disputes",
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: true,
+        },
     },
 ];
 /**
@@ -158,25 +207,26 @@ export function isSensitiveTool(toolName) {
  */
 /**
  * Expected hash of tool definitions (update when tools change)
- * This is the SHA-256 hash of the sorted tool names and their input schemas.
+ * This is the SHA-256 hash of the sorted tool names, input schemas, and annotations.
  *
  * To regenerate after modifying tools:
  * 1. Run: cd mcp-server && npm run build
  * 2. Run: RAPAY_DEBUG=1 node dist/index.js (will log computed hash)
  * 3. Update this constant with the new hash
  *
- * Last updated: 2026-02-07 (Session 62 added ra_dashboard + ra_dispute)
+ * Last updated: 2026-02-08 (Session 64 added annotations to hash)
  */
-const EXPECTED_TOOL_HASH = "dde200868f33fd4d";
+const EXPECTED_TOOL_HASH = "f5d8adb129c9c36d";
 /**
  * Compute the integrity hash of the tool definitions
- * Hash is based on tool names and their input schemas (deterministic)
+ * Hash is based on tool names, input schemas, and annotations (deterministic)
  */
 export function computeToolHash() {
     // Create a deterministic representation of tools
     const toolData = TOOLS.map((tool) => ({
         name: tool.name,
         inputSchema: tool.inputSchema,
+        annotations: tool.annotations ?? null,
     }))
         .sort((a, b) => a.name.localeCompare(b.name))
         .map((t) => JSON.stringify(t))

package/package.json CHANGED Viewed

@@ -1,6 +1,7 @@
 {
   "name": "@rapay/mcp-server",
-  "version": "1.2.3",
+  "version": "1.2.5",
+  "mcpName": "ai.rapay/mcp-server",
   "description": "Ra Pay MCP Server for Claude Desktop and Claude Code - AI Agent Payment Infrastructure",
   "type": "module",
   "main": "dist/index.js",
@@ -49,7 +50,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.0.0",
+    "@modelcontextprotocol/sdk": "^1.11.0",
     "cross-spawn": "^7.0.6"
   },
   "devDependencies": {