@rapay/mcp-server 1.2.6 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/handlers.js +39 -11
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/dist/tools.d.ts +3 -2
- package/dist/tools.js +29 -4
- package/package.json +1 -1
package/dist/handlers.js
CHANGED
|
@@ -38,6 +38,7 @@ const MAX_OUTPUT_SIZE = 1024 * 1024; // 1MB
|
|
|
38
38
|
const RATE_LIMITS = {
|
|
39
39
|
ra_send: { windowMs: 60000, maxCalls: 1 },
|
|
40
40
|
ra_refund: { windowMs: 60000, maxCalls: 5 },
|
|
41
|
+
ra_add_card: { windowMs: 60000, maxCalls: 5 },
|
|
41
42
|
ra_balance: { windowMs: 60000, maxCalls: 10 },
|
|
42
43
|
ra_history: { windowMs: 60000, maxCalls: 10 },
|
|
43
44
|
ra_whoami: { windowMs: 60000, maxCalls: 20 },
|
|
@@ -268,6 +269,9 @@ export async function handleToolCall(toolName, args) {
|
|
|
268
269
|
case "ra_send":
|
|
269
270
|
result = await executeSend(args);
|
|
270
271
|
break;
|
|
272
|
+
case "ra_add_card":
|
|
273
|
+
result = await executeAddCard();
|
|
274
|
+
break;
|
|
271
275
|
case "ra_refund":
|
|
272
276
|
result = await executeRefund();
|
|
273
277
|
break;
|
|
@@ -335,24 +339,35 @@ function parseCliError(error) {
|
|
|
335
339
|
retryable: false,
|
|
336
340
|
};
|
|
337
341
|
}
|
|
338
|
-
// Account not linked
|
|
339
|
-
if (message.includes("not linked") || message.includes("link-bank")) {
|
|
340
|
-
return {
|
|
341
|
-
error: "account_not_linked",
|
|
342
|
-
code: "ACCOUNT_NOT_LINKED",
|
|
343
|
-
message: "Stripe account not linked. Run 'ra link-bank' first.",
|
|
344
|
-
retryable: false,
|
|
345
|
-
};
|
|
346
|
-
}
|
|
347
342
|
// Session expired or invalid (from server-side session management)
|
|
348
|
-
//
|
|
343
|
+
// MUST be checked BEFORE "no payment method" and "account not linked" blocks,
|
|
344
|
+
// because session-expired messages can mention "ra add-card" and "ra link-bank"
|
|
345
|
+
// which would cause misclassification if checked after those blocks.
|
|
349
346
|
const is401Error = /(?:status|code|http)[^0-9]{0,10}401/i.test(message) ||
|
|
350
347
|
/401[^a-z]{0,10}(?:unauthorized|unauthenticated)/i.test(message);
|
|
351
348
|
if (message.includes("session expired") || message.includes("SESSION_EXPIRED") || message.includes("session invalid") || is401Error) {
|
|
352
349
|
return {
|
|
353
350
|
error: "session_expired",
|
|
354
351
|
code: "SESSION_EXPIRED",
|
|
355
|
-
message: "Session expired. Run 'ra link-bank' to re-authenticate.",
|
|
352
|
+
message: "Session expired. Run 'ra link-bank' or 'ra add-card' to re-authenticate.",
|
|
353
|
+
retryable: false,
|
|
354
|
+
};
|
|
355
|
+
}
|
|
356
|
+
// No payment method configured (card or bank)
|
|
357
|
+
if (message.includes("No payment method") || message.includes("No card saved")) {
|
|
358
|
+
return {
|
|
359
|
+
error: "no_payment_method",
|
|
360
|
+
code: "NO_PAYMENT_METHOD",
|
|
361
|
+
message: "No payment method configured. The user needs to run `ra add-card` to save a credit card, or `ra link-bank` to connect a bank account.",
|
|
362
|
+
retryable: false,
|
|
363
|
+
};
|
|
364
|
+
}
|
|
365
|
+
// Account not linked (legacy)
|
|
366
|
+
if (message.includes("not linked") || message.includes("link-bank")) {
|
|
367
|
+
return {
|
|
368
|
+
error: "account_not_linked",
|
|
369
|
+
code: "ACCOUNT_NOT_LINKED",
|
|
370
|
+
message: "No payment method configured. Run 'ra add-card' to save a card, or 'ra link-bank' to connect a bank account.",
|
|
356
371
|
retryable: false,
|
|
357
372
|
};
|
|
358
373
|
}
|
|
@@ -548,6 +563,19 @@ async function executeSend(args) {
|
|
|
548
563
|
];
|
|
549
564
|
return executeCliCommand(cliArgs);
|
|
550
565
|
}
|
|
566
|
+
/**
|
|
567
|
+
* Execute ra add-card command
|
|
568
|
+
* This requires browser interaction — the AI agent should prompt the user
|
|
569
|
+
*/
|
|
570
|
+
function executeAddCard() {
|
|
571
|
+
return JSON.stringify({
|
|
572
|
+
status: "user_action_required",
|
|
573
|
+
message: "Saving a credit card requires browser interaction. " +
|
|
574
|
+
"Please ask the user to run `ra add-card` in their terminal. " +
|
|
575
|
+
"This will open Stripe Checkout where they can securely save their card.",
|
|
576
|
+
command: "ra add-card",
|
|
577
|
+
}, null, 2);
|
|
578
|
+
}
|
|
551
579
|
/**
|
|
552
580
|
* Execute ra refund command (opens Stripe Dashboard)
|
|
553
581
|
*/
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
package/dist/tools.d.ts
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Ra Pay MCP Server - Tool Definitions
|
|
3
3
|
*
|
|
4
|
-
*
|
|
4
|
+
* 8 Tools:
|
|
5
5
|
* - 2 Payment Operations (SENSITIVE)
|
|
6
|
+
* - 1 Account Setup Operation
|
|
6
7
|
* - 5 Query/Navigation Operations (Read-only)
|
|
7
8
|
*
|
|
8
9
|
* Note: ra_subscribe removed in v1.2.0 for compliance (Session 53)
|
|
@@ -11,7 +12,7 @@
|
|
|
11
12
|
*/
|
|
12
13
|
import type { Tool } from "@modelcontextprotocol/sdk/types.js";
|
|
13
14
|
/**
|
|
14
|
-
* All
|
|
15
|
+
* All 8 tools combined
|
|
15
16
|
*/
|
|
16
17
|
export declare const TOOLS: Tool[];
|
|
17
18
|
/**
|
package/dist/tools.js
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Ra Pay MCP Server - Tool Definitions
|
|
3
3
|
*
|
|
4
|
-
*
|
|
4
|
+
* 8 Tools:
|
|
5
5
|
* - 2 Payment Operations (SENSITIVE)
|
|
6
|
+
* - 1 Account Setup Operation
|
|
6
7
|
* - 5 Query/Navigation Operations (Read-only)
|
|
7
8
|
*
|
|
8
9
|
* Note: ra_subscribe removed in v1.2.0 for compliance (Session 53)
|
|
@@ -87,6 +88,30 @@ const PAYMENT_TOOLS = [
|
|
|
87
88
|
},
|
|
88
89
|
},
|
|
89
90
|
];
|
|
91
|
+
/**
|
|
92
|
+
* Account setup operations
|
|
93
|
+
*/
|
|
94
|
+
const SETUP_TOOLS = [
|
|
95
|
+
{
|
|
96
|
+
name: "ra_add_card",
|
|
97
|
+
description: "Save a credit card for sending payments. This requires the user to interact with a browser " +
|
|
98
|
+
"— the AI agent should prompt the user to run `ra add-card` in their terminal. " +
|
|
99
|
+
"The user's card is saved securely via Stripe Checkout (Ra Pay never sees card data). " +
|
|
100
|
+
"After saving a card, the user can send payments with `ra send` without needing a full Stripe Connect account.",
|
|
101
|
+
inputSchema: {
|
|
102
|
+
type: "object",
|
|
103
|
+
properties: {},
|
|
104
|
+
required: [],
|
|
105
|
+
},
|
|
106
|
+
annotations: {
|
|
107
|
+
title: "Save Card",
|
|
108
|
+
readOnlyHint: false,
|
|
109
|
+
destructiveHint: false,
|
|
110
|
+
idempotentHint: true,
|
|
111
|
+
openWorldHint: true,
|
|
112
|
+
},
|
|
113
|
+
},
|
|
114
|
+
];
|
|
90
115
|
/**
|
|
91
116
|
* Query operations - Read-only, no SENSITIVE marker needed
|
|
92
117
|
*/
|
|
@@ -186,9 +211,9 @@ const QUERY_TOOLS = [
|
|
|
186
211
|
},
|
|
187
212
|
];
|
|
188
213
|
/**
|
|
189
|
-
* All
|
|
214
|
+
* All 8 tools combined
|
|
190
215
|
*/
|
|
191
|
-
export const TOOLS = [...PAYMENT_TOOLS, ...QUERY_TOOLS];
|
|
216
|
+
export const TOOLS = [...PAYMENT_TOOLS, ...SETUP_TOOLS, ...QUERY_TOOLS];
|
|
192
217
|
/**
|
|
193
218
|
* Tool names that require user confirmation (SENSITIVE operations)
|
|
194
219
|
*/
|
|
@@ -216,7 +241,7 @@ export function isSensitiveTool(toolName) {
|
|
|
216
241
|
*
|
|
217
242
|
* Last updated: 2026-02-08 (Session 64 added annotations to hash)
|
|
218
243
|
*/
|
|
219
|
-
const EXPECTED_TOOL_HASH = "
|
|
244
|
+
const EXPECTED_TOOL_HASH = "4c1b95d9b088c1ec";
|
|
220
245
|
/**
|
|
221
246
|
* Compute the integrity hash of the tool definitions
|
|
222
247
|
* Hash is based on tool names, input schemas, and annotations (deterministic)
|
package/package.json
CHANGED