@rickydata/agent0-mcp 0.1.0

package/tests/sdk-client.test.ts

@@ -0,0 +1,143 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+
+// Mock agent0-sdk before importing the module under test
+vi.mock("agent0-sdk", () => {
+  const MockSDK = vi.fn().mockImplementation(() => ({
+    searchAgents: vi.fn(),
+    getAgent: vi.fn(),
+  }));
+  return { SDK: MockSDK };
+});
+
+import {
+  getReadOnlySDK,
+  getAuthenticatedSDK,
+  setDerivedKey,
+  hasAuthentication,
+  getCurrentChainId,
+  setChainId,
+  getAuthStatus,
+} from "../src/auth/sdk-client.js";
+import { SDK } from "agent0-sdk";
+
+describe("sdk-client", () => {
+  const origEnv = { ...process.env };
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    // Reset module state by clearing cached SDK instances
+    setChainId(11155111);
+    delete process.env.ERC8004_PRIVATE_KEY;
+    delete process.env.ERC8004_DERIVED_KEY;
+  });
+
+  afterEach(() => {
+    process.env = { ...origEnv };
+  });
+
+  describe("getReadOnlySDK", () => {
+    it("returns an SDK instance", () => {
+      const sdk = getReadOnlySDK();
+      expect(sdk).toBeDefined();
+      expect(SDK).toHaveBeenCalled();
+    });
+
+    it("caches the SDK for the same chain", () => {
+      const sdk1 = getReadOnlySDK();
+      const sdk2 = getReadOnlySDK();
+      expect(sdk1).toBe(sdk2);
+    });
+
+    it("creates new SDK for a different chain", () => {
+      const sdk1 = getReadOnlySDK(1);
+      const sdk2 = getReadOnlySDK(8453);
+      // Different chain IDs should create different instances
+      // (though the second call changes the cached chain)
+      expect(SDK).toHaveBeenCalledTimes(2);
+    });
+
+    it("passes chainId to SDK config", () => {
+      getReadOnlySDK(8453);
+      expect(SDK).toHaveBeenCalledWith(
+        expect.objectContaining({ chainId: 8453 }),
+      );
+    });
+  });
+
+  describe("getAuthenticatedSDK", () => {
+    it("returns null when no private key is available", () => {
+      const sdk = getAuthenticatedSDK();
+      expect(sdk).toBeNull();
+    });
+
+    it("returns SDK when ERC8004_PRIVATE_KEY env is set", () => {
+      process.env.ERC8004_PRIVATE_KEY = "0x1234";
+      const sdk = getAuthenticatedSDK();
+      expect(sdk).not.toBeNull();
+    });
+
+    it("returns SDK when ERC8004_DERIVED_KEY env is set", () => {
+      process.env.ERC8004_DERIVED_KEY = "0xabcd";
+      const sdk = getAuthenticatedSDK();
+      expect(sdk).not.toBeNull();
+    });
+
+    it("returns SDK after setDerivedKey is called", () => {
+      setDerivedKey("0xdeadbeef");
+      const sdk = getAuthenticatedSDK();
+      expect(sdk).not.toBeNull();
+    });
+  });
+
+  describe("hasAuthentication", () => {
+    it("returns true with env key", () => {
+      process.env.ERC8004_PRIVATE_KEY = "0x1234";
+      expect(hasAuthentication()).toBe(true);
+    });
+
+    it("returns true after setDerivedKey", () => {
+      setDerivedKey("0xdeadbeef");
+      expect(hasAuthentication()).toBe(true);
+    });
+  });
+
+  describe("getCurrentChainId / setChainId", () => {
+    it("defaults to 11155111", () => {
+      expect(getCurrentChainId()).toBe(11155111);
+    });
+
+    it("setChainId updates the current chain", () => {
+      setChainId(8453);
+      expect(getCurrentChainId()).toBe(8453);
+    });
+  });
+
+  describe("getAuthStatus", () => {
+    it("returns env source when ERC8004_PRIVATE_KEY set", () => {
+      process.env.ERC8004_PRIVATE_KEY = "0x1234";
+      const status = getAuthStatus();
+      expect(status.hasKey).toBe(true);
+      expect(status.source).toBe("env:ERC8004_PRIVATE_KEY");
+      expect(status.isReadOnly).toBe(false);
+    });
+
+    it("returns derived source after setDerivedKey", () => {
+      setDerivedKey("0xdeadbeef");
+      const status = getAuthStatus();
+      expect(status.source).toBe("derived");
+    });
+
+    it("includes current chainId", () => {
+      setChainId(8453);
+      const status = getAuthStatus();
+      expect(status.chainId).toBe(8453);
+    });
+
+    it("env key takes priority over derived key", () => {
+      setDerivedKey("0xdeadbeef");
+      process.env.ERC8004_PRIVATE_KEY = "0x1234";
+      const status = getAuthStatus();
+      expect(status.source).toBe("env:ERC8004_PRIVATE_KEY");
+    });
+  });
+});

package/tests/tool-router.test.ts

@@ -0,0 +1,28 @@
+import { describe, it, expect } from "vitest";
+import { TOOLS, handleToolCall } from "../src/tools/index.js";
+
+describe("tool router", () => {
+  it("TOOLS is an array", () => {
+    expect(Array.isArray(TOOLS)).toBe(true);
+  });
+
+  it("returns error for unknown tool name", async () => {
+    const result = await handleToolCall("nonexistent_tool", {});
+    expect(result).toEqual({ error: "Unknown tool: nonexistent_tool" });
+  });
+
+  it("all tools have required MCP fields", () => {
+    for (const tool of TOOLS) {
+      expect(tool.name).toBeTypeOf("string");
+      expect(tool.name.length).toBeGreaterThan(0);
+      expect(tool.description).toBeTypeOf("string");
+      expect(tool.inputSchema).toBeDefined();
+    }
+  });
+
+  it("no duplicate tool names", () => {
+    const names = TOOLS.map((t) => t.name);
+    const unique = new Set(names);
+    expect(unique.size).toBe(names.length);
+  });
+});

package/tests/trust-labels.test.ts

@@ -0,0 +1,229 @@
+import { describe, it, expect } from "vitest";
+import { computeTrustLabel } from "../src/utils/trust-labels.js";
+
+describe("computeTrustLabel", () => {
+  // =========================================================================
+  // 1. "Untrusted" — count >= 5 AND avg < -50
+  // =========================================================================
+  describe("Untrusted (count >= 5, avg < -50)", () => {
+    it("matches at exact boundary: count=5, avg=-51", () => {
+      const result = computeTrustLabel(5, -51);
+      expect(result.label).toBe("Untrusted");
+      expect(result.emoji).toBe("\u{1F534}");
+      expect(result.display).toContain("-51/100");
+      expect(result.display).toContain("5 reviews");
+    });
+
+    it("matches with extreme values: count=100, avg=-100", () => {
+      expect(computeTrustLabel(100, -100).label).toBe("Untrusted");
+    });
+
+    it("does NOT match at avg=-50 exactly (not < -50)", () => {
+      expect(computeTrustLabel(5, -50).label).not.toBe("Untrusted");
+    });
+
+    it("does NOT match with count=4 even if avg is very low", () => {
+      // count < 5 means this rule is skipped; falls to "Caution" (avg < 0)
+      expect(computeTrustLabel(4, -80).label).toBe("Caution");
+    });
+  });
+
+  // =========================================================================
+  // 2. "Caution" — avg < 0 (catches everything with negative avg not already Untrusted)
+  // =========================================================================
+  describe("Caution (avg < 0)", () => {
+    it("matches at avg=-1 with any count", () => {
+      const result = computeTrustLabel(1, -1);
+      expect(result.label).toBe("Caution");
+      expect(result.emoji).toBe("\u{1F7E0}");
+    });
+
+    it("matches at avg=-50 with count=5 (boundary not caught by Untrusted)", () => {
+      // Untrusted requires avg < -50, so avg=-50 falls through to Caution
+      expect(computeTrustLabel(5, -50).label).toBe("Caution");
+    });
+
+    it("matches with count=0 and avg=-10", () => {
+      expect(computeTrustLabel(0, -10).label).toBe("Caution");
+    });
+
+    it("does NOT match at avg=0 exactly", () => {
+      expect(computeTrustLabel(1, 0).label).not.toBe("Caution");
+    });
+  });
+
+  // =========================================================================
+  // 3. "Highly Trusted" — count >= 20 AND avg >= 80
+  // =========================================================================
+  describe("Highly Trusted (count >= 20, avg >= 80)", () => {
+    it("matches at exact boundary: count=20, avg=80", () => {
+      const result = computeTrustLabel(20, 80);
+      expect(result.label).toBe("Highly Trusted");
+      expect(result.emoji).toBe("\u2B50");
+      expect(result.display).toContain("80/100");
+      expect(result.display).toContain("20 reviews");
+    });
+
+    it("matches with high values: count=1000, avg=100", () => {
+      expect(computeTrustLabel(1000, 100).label).toBe("Highly Trusted");
+    });
+
+    it("does NOT match with count=19 even if avg=100", () => {
+      // Falls to Trusted (count >= 10, avg >= 70)
+      expect(computeTrustLabel(19, 100).label).toBe("Trusted");
+    });
+
+    it("does NOT match with avg=79 even if count=100", () => {
+      // Falls to Trusted (count >= 10, avg >= 70)
+      expect(computeTrustLabel(100, 79).label).toBe("Trusted");
+    });
+  });
+
+  // =========================================================================
+  // 4. "Trusted" — count >= 10 AND avg >= 70
+  // =========================================================================
+  describe("Trusted (count >= 10, avg >= 70)", () => {
+    it("matches at exact boundary: count=10, avg=70", () => {
+      const result = computeTrustLabel(10, 70);
+      expect(result.label).toBe("Trusted");
+      expect(result.emoji).toBe("\u{1F7E2}");
+    });
+
+    it("matches at count=19, avg=79 (just below Highly Trusted)", () => {
+      expect(computeTrustLabel(19, 79).label).toBe("Trusted");
+    });
+
+    it("does NOT match with count=9", () => {
+      // Falls to Established (count >= 5, avg >= 50)
+      expect(computeTrustLabel(9, 70).label).toBe("Established");
+    });
+
+    it("does NOT match with avg=69", () => {
+      // Falls to Established (count >= 5, avg >= 50) if count >= 5
+      expect(computeTrustLabel(10, 69).label).toBe("Established");
+    });
+  });
+
+  // =========================================================================
+  // 5. "Established" — count >= 5 AND avg >= 50
+  // =========================================================================
+  describe("Established (count >= 5, avg >= 50)", () => {
+    it("matches at exact boundary: count=5, avg=50", () => {
+      const result = computeTrustLabel(5, 50);
+      expect(result.label).toBe("Established");
+      expect(result.emoji).toBe("\u{1F7E2}");
+    });
+
+    it("matches at count=9, avg=69 (just below Trusted)", () => {
+      expect(computeTrustLabel(9, 69).label).toBe("Established");
+    });
+
+    it("does NOT match with count=4", () => {
+      // Falls to Emerging (count > 0)
+      expect(computeTrustLabel(4, 50).label).toBe("Emerging");
+    });
+
+    it("does NOT match with avg=49", () => {
+      // Falls to Emerging (count > 0)
+      expect(computeTrustLabel(5, 49).label).toBe("Emerging");
+    });
+  });
+
+  // =========================================================================
+  // 6. "Emerging" — count > 0
+  // =========================================================================
+  describe("Emerging (count > 0)", () => {
+    it("matches with count=1, avg=0", () => {
+      const result = computeTrustLabel(1, 0);
+      expect(result.label).toBe("Emerging");
+      expect(result.emoji).toBe("\u{1F535}");
+    });
+
+    it("matches with count=4, avg=49 (below Established threshold)", () => {
+      expect(computeTrustLabel(4, 49).label).toBe("Emerging");
+    });
+
+    it("matches with count=1, avg=99 (high avg but low count)", () => {
+      expect(computeTrustLabel(1, 99).label).toBe("Emerging");
+    });
+
+    it("does NOT match with count=0", () => {
+      expect(computeTrustLabel(0, 0).label).not.toBe("Emerging");
+    });
+  });
+
+  // =========================================================================
+  // 7. "No Data" — count = 0 (fallback)
+  // =========================================================================
+  describe("No Data (count = 0)", () => {
+    it("matches with count=0, avg=0", () => {
+      const result = computeTrustLabel(0, 0);
+      expect(result.label).toBe("No Data");
+      expect(result.emoji).toBe("\u26AA");
+      expect(result.display).toBe("\u26AA No Data -- 0/100 (0 reviews)");
+    });
+
+    it("matches with count=0 regardless of avg value", () => {
+      // avg could be anything when count=0, but avg < 0 check comes first
+      // count=0, avg=50 -> avg is not < -50 (skip Untrusted), avg is not < 0 (skip Caution),
+      // count < 20 (skip HT), count < 10 (skip T), count < 5 (skip E), count = 0 (skip Emerging) -> No Data
+      expect(computeTrustLabel(0, 50).label).toBe("No Data");
+    });
+
+    it("Caution takes priority over No Data when avg < 0 and count = 0", () => {
+      // count=0, avg=-10 -> Untrusted: count < 5 NO; Caution: avg < 0 YES
+      expect(computeTrustLabel(0, -10).label).toBe("Caution");
+    });
+  });
+
+  // =========================================================================
+  // First-match-wins ordering verification
+  // =========================================================================
+  describe("first-match-wins ordering", () => {
+    it("Untrusted beats Caution when both could match", () => {
+      // count=5, avg=-60: matches Untrusted (count>=5, avg<-50) AND Caution (avg<0)
+      expect(computeTrustLabel(5, -60).label).toBe("Untrusted");
+    });
+
+    it("Highly Trusted beats Trusted when both could match", () => {
+      // count=20, avg=80: matches HT AND Trusted AND Established
+      expect(computeTrustLabel(20, 80).label).toBe("Highly Trusted");
+    });
+
+    it("Trusted beats Established when both could match", () => {
+      // count=10, avg=70: matches Trusted AND Established
+      expect(computeTrustLabel(10, 70).label).toBe("Trusted");
+    });
+  });
+
+  // =========================================================================
+  // Display string format
+  // =========================================================================
+  describe("display string format", () => {
+    it("formats correctly for Untrusted", () => {
+      const r = computeTrustLabel(10, -80);
+      expect(r.display).toBe("\u{1F534} Untrusted -- -80/100 (10 reviews)");
+    });
+
+    it("formats correctly for Caution", () => {
+      const r = computeTrustLabel(3, -25);
+      expect(r.display).toBe("\u{1F7E0} Caution -- -25/100 (3 reviews)");
+    });
+
+    it("formats correctly for Highly Trusted", () => {
+      const r = computeTrustLabel(50, 95);
+      expect(r.display).toBe("\u2B50 Highly Trusted -- 95/100 (50 reviews)");
+    });
+
+    it("formats correctly for Emerging", () => {
+      const r = computeTrustLabel(2, 40);
+      expect(r.display).toBe("\u{1F535} Emerging -- 40/100 (2 reviews)");
+    });
+
+    it("No Data always shows 0/100 (0 reviews)", () => {
+      expect(computeTrustLabel(0, 0).display).toBe(
+        "\u26AA No Data -- 0/100 (0 reviews)",
+      );
+    });
+  });
+});

package/tests/validation.test.ts

@@ -0,0 +1,132 @@
+import { describe, it, expect } from "vitest";
+import {
+  isValidAddress,
+  isValidBytes32,
+  isValidChainId,
+} from "../src/utils/validation.js";
+
+describe("isValidAddress", () => {
+  it("accepts a valid lowercase address", () => {
+    expect(isValidAddress("0x75992f829df3b5d515d70db0f77a98171ce261ef")).toBe(
+      true,
+    );
+  });
+
+  it("accepts a valid checksummed address", () => {
+    expect(isValidAddress("0x75992f829DF3B5d515D70DB0f77A98171cE261EF")).toBe(
+      true,
+    );
+  });
+
+  it("rejects address without 0x prefix", () => {
+    expect(isValidAddress("75992f829df3b5d515d70db0f77a98171ce261ef")).toBe(
+      false,
+    );
+  });
+
+  it("rejects address that is too short", () => {
+    expect(isValidAddress("0x75992f829df3b5d515d70db0f77a98171ce261e")).toBe(
+      false,
+    );
+  });
+
+  it("rejects address that is too long", () => {
+    expect(isValidAddress("0x75992f829df3b5d515d70db0f77a98171ce261efff")).toBe(
+      false,
+    );
+  });
+
+  it("rejects address with non-hex characters", () => {
+    expect(isValidAddress("0x75992f829df3b5d515d70db0f77a98171ce261eG")).toBe(
+      false,
+    );
+  });
+
+  it("rejects empty string", () => {
+    expect(isValidAddress("")).toBe(false);
+  });
+
+  it("rejects 0x alone", () => {
+    expect(isValidAddress("0x")).toBe(false);
+  });
+});
+
+describe("isValidBytes32", () => {
+  it("accepts a valid bytes32 hex string", () => {
+    const validBytes32 =
+      "0x0000000000000000000000000000000000000000000000000000000000000001";
+    expect(isValidBytes32(validBytes32)).toBe(true);
+  });
+
+  it("accepts uppercase hex", () => {
+    const validBytes32 =
+      "0xABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789";
+    expect(isValidBytes32(validBytes32)).toBe(true);
+  });
+
+  it("rejects without 0x prefix", () => {
+    expect(
+      isValidBytes32(
+        "0000000000000000000000000000000000000000000000000000000000000001",
+      ),
+    ).toBe(false);
+  });
+
+  it("rejects too short", () => {
+    expect(
+      isValidBytes32(
+        "0x000000000000000000000000000000000000000000000000000000000000001",
+      ),
+    ).toBe(false);
+  });
+
+  it("rejects too long", () => {
+    expect(
+      isValidBytes32(
+        "0x00000000000000000000000000000000000000000000000000000000000000011",
+      ),
+    ).toBe(false);
+  });
+
+  it("rejects non-hex characters", () => {
+    expect(
+      isValidBytes32(
+        "0xGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG",
+      ),
+    ).toBe(false);
+  });
+});
+
+describe("isValidChainId", () => {
+  it("accepts 1 (Ethereum mainnet)", () => {
+    expect(isValidChainId(1)).toBe(true);
+  });
+
+  it("accepts 8453 (Base)", () => {
+    expect(isValidChainId(8453)).toBe(true);
+  });
+
+  it("accepts large chain ID", () => {
+    expect(isValidChainId(999999)).toBe(true);
+  });
+
+  it("rejects 0", () => {
+    expect(isValidChainId(0)).toBe(false);
+  });
+
+  it("rejects negative numbers", () => {
+    expect(isValidChainId(-1)).toBe(false);
+  });
+
+  it("rejects non-integer", () => {
+    expect(isValidChainId(1.5)).toBe(false);
+  });
+
+  it("rejects NaN", () => {
+    expect(isValidChainId(NaN)).toBe(false);
+  });
+
+  it("rejects Infinity", () => {
+    expect(isValidChainId(Infinity)).toBe(false);
+  });
+});

package/tests/wallet-derivation.test.ts

@@ -0,0 +1,109 @@
+import { describe, it, expect, vi } from "vitest";
+
+// Mock ethers to avoid needing a real crypto environment
+vi.mock("ethers", () => ({
+  ethers: {
+    getBytes: vi.fn((hex: string) =>
+      Uint8Array.from(Buffer.from(hex.replace("0x", ""), "hex")),
+    ),
+    hexlify: vi.fn((bytes: Uint8Array) =>
+      "0x" + Buffer.from(bytes).toString("hex"),
+    ),
+    Wallet: vi.fn().mockImplementation((key: string) => ({
+      address: "0xDerived" + key.slice(2, 10),
+      privateKey: key,
+    })),
+    verifyMessage: vi.fn().mockReturnValue("0xSignerAddress"),
+  },
+}));
+
+import {
+  getDerivationMessage,
+  deriveWalletFromSignature,
+  verifyDerivationSignature,
+} from "../src/auth/wallet-derivation.js";
+
+describe("wallet-derivation", () => {
+  describe("getDerivationMessage", () => {
+    it("returns a non-empty string", () => {
+      const msg = getDerivationMessage();
+      expect(typeof msg).toBe("string");
+      expect(msg.length).toBeGreaterThan(0);
+    });
+
+    it("is deterministic (no nonces/timestamps)", () => {
+      const msg1 = getDerivationMessage();
+      const msg2 = getDerivationMessage();
+      expect(msg1).toBe(msg2);
+    });
+
+    it("contains ERC-8004 context", () => {
+      expect(getDerivationMessage()).toContain("ERC-8004");
+    });
+
+    it("contains safety notice about funds", () => {
+      expect(getDerivationMessage()).toContain(
+        "does not grant access to your funds",
+      );
+    });
+  });
+
+  describe("deriveWalletFromSignature", () => {
+    it("returns address and privateKey", () => {
+      // Use a valid-looking hex signature (65 bytes = 130 hex chars)
+      const sig =
+        "0x" + "ab".repeat(65);
+      const wallet = deriveWalletFromSignature(sig);
+      expect(wallet.address).toBeTypeOf("string");
+      expect(wallet.privateKey).toBeTypeOf("string");
+      expect(wallet.privateKey).toMatch(/^0x/);
+    });
+
+    it("is deterministic: same signature -> same key", () => {
+      const sig = "0x" + "cd".repeat(65);
+      const w1 = deriveWalletFromSignature(sig);
+      const w2 = deriveWalletFromSignature(sig);
+      expect(w1.privateKey).toBe(w2.privateKey);
+      expect(w1.address).toBe(w2.address);
+    });
+
+    it("different signatures -> different keys", () => {
+      const sig1 = "0x" + "aa".repeat(65);
+      const sig2 = "0x" + "bb".repeat(65);
+      const w1 = deriveWalletFromSignature(sig1);
+      const w2 = deriveWalletFromSignature(sig2);
+      expect(w1.privateKey).not.toBe(w2.privateKey);
+    });
+
+    it("throws for empty signature", () => {
+      expect(() => deriveWalletFromSignature("")).toThrow("Invalid signature");
+    });
+
+    it("throws for signature without 0x prefix", () => {
+      expect(() => deriveWalletFromSignature("abcdef")).toThrow(
+        "Invalid signature",
+      );
+    });
+  });
+
+  describe("verifyDerivationSignature", () => {
+    it("returns true when signer matches expected address", () => {
+      // Mock is set to return "0xSignerAddress"
+      expect(
+        verifyDerivationSignature("0xabc123", "0xSignerAddress"),
+      ).toBe(true);
+    });
+
+    it("is case-insensitive for address comparison", () => {
+      expect(
+        verifyDerivationSignature("0xabc123", "0xsigneraddress"),
+      ).toBe(true);
+    });
+
+    it("returns false when signer does not match", () => {
+      expect(
+        verifyDerivationSignature("0xabc123", "0xDifferentAddress"),
+      ).toBe(false);
+    });
+  });
+});

package/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src"
+  },
+  "include": ["src"]
+}

package/vitest.config.ts

@@ -0,0 +1,8 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    include: ["tests/**/*.test.ts"],
+    testTimeout: 15_000,
+  },
+});