npm - @shroud-fi/mcp-server - Versions diffs - 0.1.0 - Mend

@shroud-fi/mcp-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (183) hide show

package/LICENSE +21 -0
package/README.md +130 -0
package/dist/cjs/auth.d.ts +41 -0
package/dist/cjs/auth.d.ts.map +1 -0
package/dist/cjs/auth.js +103 -0
package/dist/cjs/auth.js.map +1 -0
package/dist/cjs/bin/http.d.ts +7 -0
package/dist/cjs/bin/http.d.ts.map +1 -0
package/dist/cjs/bin/http.js +24 -0
package/dist/cjs/bin/http.js.map +1 -0
package/dist/cjs/bin/stdio.d.ts +9 -0
package/dist/cjs/bin/stdio.d.ts.map +1 -0
package/dist/cjs/bin/stdio.js +15 -0
package/dist/cjs/bin/stdio.js.map +1 -0
package/dist/cjs/config.d.ts +22 -0
package/dist/cjs/config.d.ts.map +1 -0
package/dist/cjs/config.js +180 -0
package/dist/cjs/config.js.map +1 -0
package/dist/cjs/constants.d.ts +29 -0
package/dist/cjs/constants.d.ts.map +1 -0
package/dist/cjs/constants.js +35 -0
package/dist/cjs/constants.js.map +1 -0
package/dist/cjs/errors.d.ts +43 -0
package/dist/cjs/errors.d.ts.map +1 -0
package/dist/cjs/errors.js +72 -0
package/dist/cjs/errors.js.map +1 -0
package/dist/cjs/http.d.ts +32 -0
package/dist/cjs/http.d.ts.map +1 -0
package/dist/cjs/http.js +180 -0
package/dist/cjs/http.js.map +1 -0
package/dist/cjs/index.d.ts +19 -0
package/dist/cjs/index.d.ts.map +1 -0
package/dist/cjs/index.js +40 -0
package/dist/cjs/index.js.map +1 -0
package/dist/cjs/package.json +1 -0
package/dist/cjs/server.d.ts +14 -0
package/dist/cjs/server.d.ts.map +1 -0
package/dist/cjs/server.js +92 -0
package/dist/cjs/server.js.map +1 -0
package/dist/cjs/stdio.d.ts +9 -0
package/dist/cjs/stdio.d.ts.map +1 -0
package/dist/cjs/stdio.js +21 -0
package/dist/cjs/stdio.js.map +1 -0
package/dist/cjs/tools/balance.d.ts +9 -0
package/dist/cjs/tools/balance.d.ts.map +1 -0
package/dist/cjs/tools/balance.js +61 -0
package/dist/cjs/tools/balance.js.map +1 -0
package/dist/cjs/tools/index.d.ts +17 -0
package/dist/cjs/tools/index.d.ts.map +1 -0
package/dist/cjs/tools/index.js +40 -0
package/dist/cjs/tools/index.js.map +1 -0
package/dist/cjs/tools/receive.d.ts +13 -0
package/dist/cjs/tools/receive.d.ts.map +1 -0
package/dist/cjs/tools/receive.js +100 -0
package/dist/cjs/tools/receive.js.map +1 -0
package/dist/cjs/tools/register.d.ts +9 -0
package/dist/cjs/tools/register.d.ts.map +1 -0
package/dist/cjs/tools/register.js +36 -0
package/dist/cjs/tools/register.js.map +1 -0
package/dist/cjs/tools/schema.d.ts +18 -0
package/dist/cjs/tools/schema.d.ts.map +1 -0
package/dist/cjs/tools/schema.js +25 -0
package/dist/cjs/tools/schema.js.map +1 -0
package/dist/cjs/tools/send-to-wallet.d.ts +9 -0
package/dist/cjs/tools/send-to-wallet.d.ts.map +1 -0
package/dist/cjs/tools/send-to-wallet.js +60 -0
package/dist/cjs/tools/send-to-wallet.js.map +1 -0
package/dist/cjs/tools/send.d.ts +9 -0
package/dist/cjs/tools/send.d.ts.map +1 -0
package/dist/cjs/tools/send.js +68 -0
package/dist/cjs/tools/send.js.map +1 -0
package/dist/cjs/tools/status.d.ts +6 -0
package/dist/cjs/tools/status.d.ts.map +1 -0
package/dist/cjs/tools/status.js +39 -0
package/dist/cjs/tools/status.js.map +1 -0
package/dist/cjs/tools/sweep.d.ts +14 -0
package/dist/cjs/tools/sweep.d.ts.map +1 -0
package/dist/cjs/tools/sweep.js +119 -0
package/dist/cjs/tools/sweep.js.map +1 -0
package/dist/cjs/tools/x402-pay.d.ts +14 -0
package/dist/cjs/tools/x402-pay.d.ts.map +1 -0
package/dist/cjs/tools/x402-pay.js +78 -0
package/dist/cjs/tools/x402-pay.js.map +1 -0
package/dist/cjs/tools/x402-serve.d.ts +17 -0
package/dist/cjs/tools/x402-serve.d.ts.map +1 -0
package/dist/cjs/tools/x402-serve.js +133 -0
package/dist/cjs/tools/x402-serve.js.map +1 -0
package/dist/cjs/types.d.ts +66 -0
package/dist/cjs/types.d.ts.map +1 -0
package/dist/cjs/types.js +6 -0
package/dist/cjs/types.js.map +1 -0
package/dist/esm/auth.d.ts +41 -0
package/dist/esm/auth.d.ts.map +1 -0
package/dist/esm/auth.js +99 -0
package/dist/esm/auth.js.map +1 -0
package/dist/esm/bin/http.d.ts +7 -0
package/dist/esm/bin/http.d.ts.map +1 -0
package/dist/esm/bin/http.js +22 -0
package/dist/esm/bin/http.js.map +1 -0
package/dist/esm/bin/stdio.d.ts +9 -0
package/dist/esm/bin/stdio.d.ts.map +1 -0
package/dist/esm/bin/stdio.js +13 -0
package/dist/esm/bin/stdio.js.map +1 -0
package/dist/esm/config.d.ts +22 -0
package/dist/esm/config.d.ts.map +1 -0
package/dist/esm/config.js +175 -0
package/dist/esm/config.js.map +1 -0
package/dist/esm/constants.d.ts +29 -0
package/dist/esm/constants.d.ts.map +1 -0
package/dist/esm/constants.js +32 -0
package/dist/esm/constants.js.map +1 -0
package/dist/esm/errors.d.ts +43 -0
package/dist/esm/errors.d.ts.map +1 -0
package/dist/esm/errors.js +61 -0
package/dist/esm/errors.js.map +1 -0
package/dist/esm/http.d.ts +32 -0
package/dist/esm/http.d.ts.map +1 -0
package/dist/esm/http.js +177 -0
package/dist/esm/http.js.map +1 -0
package/dist/esm/index.d.ts +19 -0
package/dist/esm/index.d.ts.map +1 -0
package/dist/esm/index.js +18 -0
package/dist/esm/index.js.map +1 -0
package/dist/esm/server.d.ts +14 -0
package/dist/esm/server.d.ts.map +1 -0
package/dist/esm/server.js +89 -0
package/dist/esm/server.js.map +1 -0
package/dist/esm/stdio.d.ts +9 -0
package/dist/esm/stdio.d.ts.map +1 -0
package/dist/esm/stdio.js +18 -0
package/dist/esm/stdio.js.map +1 -0
package/dist/esm/tools/balance.d.ts +9 -0
package/dist/esm/tools/balance.d.ts.map +1 -0
package/dist/esm/tools/balance.js +58 -0
package/dist/esm/tools/balance.js.map +1 -0
package/dist/esm/tools/index.d.ts +17 -0
package/dist/esm/tools/index.d.ts.map +1 -0
package/dist/esm/tools/index.js +28 -0
package/dist/esm/tools/index.js.map +1 -0
package/dist/esm/tools/receive.d.ts +13 -0
package/dist/esm/tools/receive.d.ts.map +1 -0
package/dist/esm/tools/receive.js +97 -0
package/dist/esm/tools/receive.js.map +1 -0
package/dist/esm/tools/register.d.ts +9 -0
package/dist/esm/tools/register.d.ts.map +1 -0
package/dist/esm/tools/register.js +33 -0
package/dist/esm/tools/register.js.map +1 -0
package/dist/esm/tools/schema.d.ts +18 -0
package/dist/esm/tools/schema.d.ts.map +1 -0
package/dist/esm/tools/schema.js +21 -0
package/dist/esm/tools/schema.js.map +1 -0
package/dist/esm/tools/send-to-wallet.d.ts +9 -0
package/dist/esm/tools/send-to-wallet.d.ts.map +1 -0
package/dist/esm/tools/send-to-wallet.js +57 -0
package/dist/esm/tools/send-to-wallet.js.map +1 -0
package/dist/esm/tools/send.d.ts +9 -0
package/dist/esm/tools/send.d.ts.map +1 -0
package/dist/esm/tools/send.js +65 -0
package/dist/esm/tools/send.js.map +1 -0
package/dist/esm/tools/status.d.ts +6 -0
package/dist/esm/tools/status.d.ts.map +1 -0
package/dist/esm/tools/status.js +36 -0
package/dist/esm/tools/status.js.map +1 -0
package/dist/esm/tools/sweep.d.ts +14 -0
package/dist/esm/tools/sweep.d.ts.map +1 -0
package/dist/esm/tools/sweep.js +116 -0
package/dist/esm/tools/sweep.js.map +1 -0
package/dist/esm/tools/x402-pay.d.ts +14 -0
package/dist/esm/tools/x402-pay.d.ts.map +1 -0
package/dist/esm/tools/x402-pay.js +75 -0
package/dist/esm/tools/x402-pay.js.map +1 -0
package/dist/esm/tools/x402-serve.d.ts +17 -0
package/dist/esm/tools/x402-serve.d.ts.map +1 -0
package/dist/esm/tools/x402-serve.js +130 -0
package/dist/esm/tools/x402-serve.js.map +1 -0
package/dist/esm/types.d.ts +66 -0
package/dist/esm/types.d.ts.map +1 -0
package/dist/esm/types.js +5 -0
package/dist/esm/types.js.map +1 -0
package/dist/tsconfig.cjs.tsbuildinfo +1 -0
package/dist/tsconfig.esm.tsbuildinfo +1 -0
package/dist/tsconfig.tsbuildinfo +1 -0
package/package.json +81 -0

package/dist/cjs/tools/sweep.js ADDED Viewed

@@ -0,0 +1,119 @@
+"use strict";
+/**
+ * shroud_sweep — sweep a previously-detected stealth address to a destination.
+ *
+ * Caller passes the detection bundle returned by shroud_receive (stealth
+ * address + stealth private key + ephemeral pub key + tx coords). We
+ * reconstruct a minimal DetectedPayment and dispatch to agent.sweep.
+ *
+ * Optional flags:
+ *   - viaRelayer + token → Gelato ERC-20 gasless sweep
+ *   - viaRelayer (ETH) → EIP-7702 ETH gasless sweep (requires selfHostEndpoint)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.shroudSweepTool = void 0;
+const zod_1 = require("zod");
+const errors_js_1 = require("../errors.js");
+const schema_js_1 = require("./schema.js");
+const HexSchema = zod_1.z.string().regex(/^0x[0-9a-fA-F]+$/);
+const Hex32Schema = zod_1.z.string().regex(/^0x[0-9a-fA-F]{64}$/);
+const ArgsSchema = zod_1.z
+    .object({
+    detection: zod_1.z.object({
+        stealthAddress: schema_js_1.AddressSchema,
+        ephemeralPubKey: HexSchema,
+        stealthPrivateKey: Hex32Schema,
+        txHash: Hex32Schema,
+        blockNumber: schema_js_1.Uint256StringSchema,
+        blockHash: Hex32Schema,
+        logIndex: zod_1.z.number().int().nonnegative(),
+        finality: zod_1.z.enum(['safe', 'finalized']).optional(),
+    }),
+    destination: schema_js_1.AddressSchema,
+    token: schema_js_1.AddressSchema.optional(),
+    viaRelayer: zod_1.z.boolean().optional(),
+    ethRelayerEndpoint: zod_1.z.string().url().optional(),
+})
+    .strict();
+exports.shroudSweepTool = {
+    name: 'shroud_sweep',
+    description: 'Sweep a detected stealth address to a destination wallet. Pass the detection object returned by shroud_receive. Omit `token` for ETH; pass `token` for an ERC-20. Set `viaRelayer: true` for gasless sweep (ERC-20 → Gelato; ETH → requires `ethRelayerEndpoint` to a self-host relayer).',
+    inputSchema: {
+        type: 'object',
+        additionalProperties: false,
+        properties: {
+            detection: {
+                type: 'object',
+                additionalProperties: false,
+                properties: {
+                    stealthAddress: { type: 'string', pattern: '^0x[0-9a-fA-F]{40}$' },
+                    ephemeralPubKey: { type: 'string', pattern: '^0x[0-9a-fA-F]+$' },
+                    stealthPrivateKey: { type: 'string', pattern: '^0x[0-9a-fA-F]{64}$' },
+                    txHash: { type: 'string', pattern: '^0x[0-9a-fA-F]{64}$' },
+                    blockNumber: { type: 'string', pattern: '^\\d+$' },
+                    blockHash: { type: 'string', pattern: '^0x[0-9a-fA-F]{64}$' },
+                    logIndex: { type: 'integer', minimum: 0 },
+                    finality: { type: 'string', enum: ['safe', 'finalized'] },
+                },
+                required: [
+                    'stealthAddress',
+                    'ephemeralPubKey',
+                    'stealthPrivateKey',
+                    'txHash',
+                    'blockNumber',
+                    'blockHash',
+                    'logIndex',
+                ],
+            },
+            destination: { type: 'string', pattern: '^0x[0-9a-fA-F]{40}$' },
+            token: { type: 'string', pattern: '^0x[0-9a-fA-F]{40}$' },
+            viaRelayer: { type: 'boolean' },
+            ethRelayerEndpoint: { type: 'string' },
+        },
+        required: ['detection', 'destination'],
+    },
+    async handler(ctx, raw) {
+        const parsed = ArgsSchema.safeParse(raw);
+        if (!parsed.success) {
+            throw new errors_js_1.McpInvalidArgsError();
+        }
+        const { detection, destination, token, viaRelayer, ethRelayerEndpoint } = parsed.data;
+        const dp = {
+            stealthAddress: detection.stealthAddress,
+            ephemeralPubKey: detection.ephemeralPubKey,
+            stealthPrivateKey: detection.stealthPrivateKey,
+            txHash: detection.txHash,
+            blockNumber: (0, schema_js_1.toBigInt)(detection.blockNumber),
+            blockHash: detection.blockHash,
+            logIndex: detection.logIndex,
+            finality: detection.finality ?? 'safe',
+        };
+        const sweepOpts = {};
+        if (token !== undefined)
+            sweepOpts.token = token;
+        if (viaRelayer === true) {
+            sweepOpts.viaRelayer = true;
+            if (ethRelayerEndpoint !== undefined) {
+                sweepOpts.ethRelayerOptions = { selfHostEndpoint: ethRelayerEndpoint };
+            }
+        }
+        const result = await ctx.agent.sweep(dp, destination, sweepOpts);
+        const swept = result.swept;
+        const out = {
+            ok: true,
+            txHash: swept.txHash,
+            destination: swept.destination,
+        };
+        if (swept.token !== undefined)
+            out.token = swept.token;
+        if (swept.blockNumber !== undefined) {
+            out.blockNumber = swept.blockNumber.toString();
+        }
+        if (swept.taskId !== undefined)
+            out.taskId = swept.taskId;
+        if (swept.status !== undefined)
+            out.status = swept.status;
+        return out;
+    },
+};
+//# sourceMappingURL=sweep.js.map

package/dist/cjs/tools/sweep.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sweep.js","sourceRoot":"","sources":["../../../src/tools/sweep.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAEH,6BAAwB;AAGxB,4CAAmD;AACnD,2CAA2E;AAE3E,MAAM,SAAS,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;AACvD,MAAM,WAAW,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;AAE5D,MAAM,UAAU,GAAG,OAAC;KACjB,MAAM,CAAC;IACN,SAAS,EAAE,OAAC,CAAC,MAAM,CAAC;QAClB,cAAc,EAAE,yBAAa;QAC7B,eAAe,EAAE,SAAS;QAC1B,iBAAiB,EAAE,WAAW;QAC9B,MAAM,EAAE,WAAW;QACnB,WAAW,EAAE,+BAAmB;QAChC,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;QACxC,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,QAAQ,EAAE;KACnD,CAAC;IACF,WAAW,EAAE,yBAAa;IAC1B,KAAK,EAAE,yBAAa,CAAC,QAAQ,EAAE;IAC/B,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClC,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CAChD,CAAC;KACD,MAAM,EAAE,CAAC;AAEC,QAAA,eAAe,GAAY;IACtC,IAAI,EAAE,cAAc;IACpB,WAAW,EACT,2RAA2R;IAC7R,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,oBAAoB,EAAE,KAAK;QAC3B,UAAU,EAAE;YACV,SAAS,EAAE;gBACT,IAAI,EAAE,QAAQ;gBACd,oBAAoB,EAAE,KAAK;gBAC3B,UAAU,EAAE;oBACV,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;oBAClE,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,kBAAkB,EAAE;oBAChE,iBAAiB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;oBACrE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;oBAC1D,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE;oBAClD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;oBAC7D,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE;oBACzC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE;iBAC1D;gBACD,QAAQ,EAAE;oBACR,gBAAgB;oBAChB,iBAAiB;oBACjB,mBAAmB;oBACnB,QAAQ;oBACR,aAAa;oBACb,WAAW;oBACX,UAAU;iBACX;aACF;YACD,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;YAC/D,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;YACzD,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;YAC/B,kBAAkB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;SACvC;QACD,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,CAAC;KACvC;IACD,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;QACpB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,+BAAmB,EAAE,CAAC;QAClC,CAAC;QACD,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE,UAAU,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC;QAEtF,MAAM,EAAE,GAAoB;YAC1B,cAAc,EAAE,SAAS,CAAC,cAA+B;YACzD,eAAe,EAAE,SAAS,CAAC,eAAgC;YAC3D,iBAAiB,EAAE,SAAS,CAAC,iBAAkC;YAC/D,MAAM,EAAE,SAAS,CAAC,MAAuB;YACzC,WAAW,EAAE,IAAA,oBAAQ,EAAC,SAAS,CAAC,WAAW,CAAC;YAC5C,SAAS,EAAE,SAAS,CAAC,SAA0B;YAC/C,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,QAAQ,EAAE,SAAS,CAAC,QAAQ,IAAI,MAAM;SACvC,CAAC;QAEF,MAAM,SAAS,GAA0C,EAAE,CAAC;QAC5D,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS,CAAC,KAAK,GAAG,KAAsB,CAAC;QAClE,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACxB,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC;YAC5B,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;gBACrC,SAAS,CAAC,iBAAiB,GAAG,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,CAAC;YACzE,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,KAAK,CAClC,EAAE,EACF,WAA4B,EAC5B,SAAS,CACV,CAAC;QACF,MAAM,KAAK,GAAG,MAAM,CAAC,KAAgC,CAAC;QACtD,MAAM,GAAG,GAA4B;YACnC,EAAE,EAAE,IAAI;YACR,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC;QACF,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS;YAAE,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;QACvD,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACpC,GAAG,CAAC,WAAW,GAAI,KAAK,CAAC,WAAsB,CAAC,QAAQ,EAAE,CAAC;QAC7D,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS;YAAE,GAAG,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QAC1D,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS;YAAE,GAAG,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QAC1D,OAAO,GAAoB,CAAC;IAC9B,CAAC;CACF,CAAC"}

package/dist/cjs/tools/x402-pay.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * shroud_x402_pay — one-shot HTTP 402 client.
+ *
+ * Fetches a URL; if the server responds 402, the SDK signs an EIP-3009
+ * USDC transferWithAuthorization and retries automatically. Returns the
+ * server's final status, the body (if JSON-decodable), and the settled
+ * tx hash exposed via X-PAYMENT-RESPONSE when present.
+ *
+ * `maxPriceUsdcAtomic` is a hard safety cap. If the server demands more,
+ * the SDK throws X402AmountMismatchError without signing.
+ */
+import type { McpTool } from '../types.js';
+export declare const shroudX402PayTool: McpTool;
+//# sourceMappingURL=x402-pay.d.ts.map

package/dist/cjs/tools/x402-pay.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"x402-pay.d.ts","sourceRoot":"","sources":["../../../src/tools/x402-pay.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAiB,MAAM,aAAa,CAAC;AAc1D,eAAO,MAAM,iBAAiB,EAAE,OAiD/B,CAAC"}

package/dist/cjs/tools/x402-pay.js ADDED Viewed

@@ -0,0 +1,78 @@
+"use strict";
+/**
+ * shroud_x402_pay — one-shot HTTP 402 client.
+ *
+ * Fetches a URL; if the server responds 402, the SDK signs an EIP-3009
+ * USDC transferWithAuthorization and retries automatically. Returns the
+ * server's final status, the body (if JSON-decodable), and the settled
+ * tx hash exposed via X-PAYMENT-RESPONSE when present.
+ *
+ * `maxPriceUsdcAtomic` is a hard safety cap. If the server demands more,
+ * the SDK throws X402AmountMismatchError without signing.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.shroudX402PayTool = void 0;
+const zod_1 = require("zod");
+const x402_1 = require("@shroud-fi/x402");
+const errors_js_1 = require("../errors.js");
+const schema_js_1 = require("./schema.js");
+const ArgsSchema = zod_1.z
+    .object({
+    url: zod_1.z.string().url(),
+    method: zod_1.z.enum(['GET', 'POST', 'PUT', 'PATCH', 'DELETE']).optional(),
+    body: zod_1.z.string().optional(),
+    headers: zod_1.z.record(zod_1.z.string()).optional(),
+    maxPriceUsdcAtomic: schema_js_1.Uint256StringSchema.optional(),
+})
+    .strict();
+exports.shroudX402PayTool = {
+    name: 'shroud_x402_pay',
+    description: 'Fetch an HTTP URL. If the server responds 402, the SDK auto-signs EIP-3009 USDC payment using the agent operator wallet and retries. Returns final status, response body (if any), and settled tx hash (if X-PAYMENT-RESPONSE was returned). `maxPriceUsdcAtomic` caps how much the client will pay (base units, 6 decimals).',
+    inputSchema: {
+        type: 'object',
+        additionalProperties: false,
+        properties: {
+            url: { type: 'string' },
+            method: { type: 'string', enum: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE'] },
+            body: { type: 'string' },
+            headers: { type: 'object', additionalProperties: { type: 'string' } },
+            maxPriceUsdcAtomic: { type: 'string', pattern: '^\\d+$' },
+        },
+        required: ['url'],
+    },
+    async handler(ctx, raw) {
+        const parsed = ArgsSchema.safeParse(raw);
+        if (!parsed.success) {
+            throw new errors_js_1.McpInvalidArgsError();
+        }
+        const { url, method, body, headers, maxPriceUsdcAtomic } = parsed.data;
+        const client = (0, x402_1.createX402Client)({ transport: ctx.transport });
+        const init = {
+            method: method ?? 'GET',
+            ...(headers !== undefined ? { headers } : {}),
+            ...(body !== undefined ? { body } : {}),
+            ...(maxPriceUsdcAtomic !== undefined
+                ? { maxPriceAtomic: (0, schema_js_1.toBigInt)(maxPriceUsdcAtomic) }
+                : {}),
+        };
+        const response = await client.fetch(url, init);
+        const text = await response.text();
+        let json;
+        try {
+            json = JSON.parse(text);
+        }
+        catch {
+            json = null;
+        }
+        return {
+            ok: response.ok,
+            status: response.status,
+            bodyText: text.length > 4096 ? text.slice(0, 4096) : text,
+            bodyJson: json,
+            ...(response.x402Settlement !== undefined
+                ? { settledTxHash: response.x402Settlement.txHash }
+                : {}),
+        };
+    },
+};
+//# sourceMappingURL=x402-pay.js.map

package/dist/cjs/tools/x402-pay.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"x402-pay.js","sourceRoot":"","sources":["../../../src/tools/x402-pay.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAEH,6BAAwB;AACxB,0CAAmD;AAEnD,4CAAmD;AACnD,2CAA4D;AAE5D,MAAM,UAAU,GAAG,OAAC;KACjB,MAAM,CAAC;IACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACrB,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxC,kBAAkB,EAAE,+BAAmB,CAAC,QAAQ,EAAE;CACnD,CAAC;KACD,MAAM,EAAE,CAAC;AAEC,QAAA,iBAAiB,GAAY;IACxC,IAAI,EAAE,iBAAiB;IACvB,WAAW,EACT,+TAA+T;IACjU,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,oBAAoB,EAAE,KAAK;QAC3B,UAAU,EAAE;YACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACvB,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE;YAC3E,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACxB,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;YACrE,kBAAkB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE;SAC1D;QACD,QAAQ,EAAE,CAAC,KAAK,CAAC;KAClB;IACD,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;QACpB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,+BAAmB,EAAE,CAAC;QAClC,CAAC;QACD,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC;QACvE,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;QAC9D,MAAM,IAAI,GAA8C;YACtD,MAAM,EAAE,MAAM,IAAI,KAAK;YACvB,GAAG,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7C,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,kBAAkB,KAAK,SAAS;gBAClC,CAAC,CAAC,EAAE,cAAc,EAAE,IAAA,oBAAQ,EAAC,kBAAkB,CAAC,EAAE;gBAClD,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC/C,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,IAAa,CAAC;QAClB,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,GAAG,IAAI,CAAC;QACd,CAAC;QACD,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,QAAQ,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI;YACzD,QAAQ,EAAE,IAAI;YACd,GAAG,CAAC,QAAQ,CAAC,cAAc,KAAK,SAAS;gBACvC,CAAC,CAAC,EAAE,aAAa,EAAE,QAAQ,CAAC,cAAc,CAAC,MAAM,EAAE;gBACnD,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/cjs/tools/x402-serve.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * shroud_x402_serve — server-side x402 primitives.
+ *
+ * One tool, two ops:
+ *   - op: 'challenge' → mint a 402 challenge bundle (headers + body) the
+ *     caller serves from their own HTTP framework. Each challenge derives a
+ *     FRESH stealth payTo address.
+ *   - op: 'verify' → verify a client's signed X-PAYMENT payload against a
+ *     prior challenge. Skip-facilitator mode by default — caller settles
+ *     the EIP-3009 authorization on-chain themselves.
+ *
+ * Caller is responsible for transport (Express/Fastify/Next/etc) — this
+ * stays framework-agnostic.
+ */
+import type { McpTool } from '../types.js';
+export declare const shroudX402ServeTool: McpTool;
+//# sourceMappingURL=x402-serve.d.ts.map

package/dist/cjs/tools/x402-serve.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"x402-serve.d.ts","sourceRoot":"","sources":["../../../src/tools/x402-serve.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAKH,OAAO,KAAK,EAAE,OAAO,EAAiB,MAAM,aAAa,CAAC;AA+B1D,eAAO,MAAM,mBAAmB,EAAE,OA4FjC,CAAC"}

package/dist/cjs/tools/x402-serve.js ADDED Viewed

@@ -0,0 +1,133 @@
+"use strict";
+/**
+ * shroud_x402_serve — server-side x402 primitives.
+ *
+ * One tool, two ops:
+ *   - op: 'challenge' → mint a 402 challenge bundle (headers + body) the
+ *     caller serves from their own HTTP framework. Each challenge derives a
+ *     FRESH stealth payTo address.
+ *   - op: 'verify' → verify a client's signed X-PAYMENT payload against a
+ *     prior challenge. Skip-facilitator mode by default — caller settles
+ *     the EIP-3009 authorization on-chain themselves.
+ *
+ * Caller is responsible for transport (Express/Fastify/Next/etc) — this
+ * stays framework-agnostic.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.shroudX402ServeTool = void 0;
+const zod_1 = require("zod");
+const x402_1 = require("@shroud-fi/x402");
+const transport_1 = require("@shroud-fi/transport");
+const errors_js_1 = require("../errors.js");
+const schema_js_1 = require("./schema.js");
+const ChallengeArgs = zod_1.z
+    .object({
+    op: zod_1.z.literal('challenge'),
+    resource: zod_1.z.string().min(1),
+    description: zod_1.z.string().optional(),
+    priceUsdcAtomic: schema_js_1.Uint256StringSchema.optional(),
+})
+    .strict();
+const VerifyArgs = zod_1.z
+    .object({
+    op: zod_1.z.literal('verify'),
+    signedPayloadBase64: zod_1.z.string().min(1),
+    challenge: zod_1.z.object({
+        body: zod_1.z.object({
+            x402Version: zod_1.z.literal(2),
+            error: zod_1.z.string(),
+            accepts: zod_1.z.array(zod_1.z.any()),
+        }),
+        headers: zod_1.z.record(zod_1.z.string()),
+    }),
+    skipFacilitator: zod_1.z.boolean().optional(),
+})
+    .strict();
+const ArgsSchema = zod_1.z.discriminatedUnion('op', [ChallengeArgs, VerifyArgs]);
+exports.shroudX402ServeTool = {
+    name: 'shroud_x402_serve',
+    description: 'Server-side x402 primitives. `op: "challenge"` mints a fresh 402 challenge (headers + body + per-call stealth payTo); caller attaches to their HTTP response. `op: "verify"` verifies a client X-PAYMENT payload against a prior challenge. Defaults to skip-facilitator mode (caller settles on-chain themselves).',
+    inputSchema: {
+        type: 'object',
+        oneOf: [
+            {
+                properties: {
+                    op: { const: 'challenge' },
+                    resource: { type: 'string' },
+                    description: { type: 'string' },
+                    priceUsdcAtomic: { type: 'string', pattern: '^\\d+$' },
+                },
+                required: ['op', 'resource'],
+            },
+            {
+                properties: {
+                    op: { const: 'verify' },
+                    signedPayloadBase64: { type: 'string' },
+                    challenge: { type: 'object' },
+                    skipFacilitator: { type: 'boolean' },
+                },
+                required: ['op', 'signedPayloadBase64', 'challenge'],
+            },
+        ],
+    },
+    async handler(ctx, raw) {
+        const parsed = ArgsSchema.safeParse(raw);
+        if (!parsed.success) {
+            throw new errors_js_1.McpInvalidArgsError();
+        }
+        const usdc = (0, transport_1.getUSDC)(ctx.chainId);
+        if (usdc === undefined) {
+            throw new errors_js_1.McpInvalidArgsError();
+        }
+        const server = (0, x402_1.createX402Server)({
+            transport: ctx.transport,
+            chainId: ctx.chainId,
+            recipientMetaAddress: ctx.agent.metaAddressEncoded,
+            asset: usdc,
+            defaultPriceAtomic: parsed.data.op === 'challenge' && parsed.data.priceUsdcAtomic !== undefined
+                ? BigInt(parsed.data.priceUsdcAtomic)
+                : 10000n,
+        });
+        if (parsed.data.op === 'challenge') {
+            const args = {
+                resource: parsed.data.resource,
+            };
+            if (parsed.data.description !== undefined)
+                args.description = parsed.data.description;
+            if (parsed.data.priceUsdcAtomic !== undefined) {
+                args.priceAtomic = BigInt(parsed.data.priceUsdcAtomic);
+            }
+            const ch = await server.challenge(args);
+            return {
+                ok: true,
+                status: ch.status,
+                headers: ch.headers,
+                body: ch.body,
+                announcement: ch.announcement,
+            };
+        }
+        // op === 'verify' — caller round-trips the same shape they received from
+        // the challenge op. Cast through unknown so the schema declaration stays
+        // permissive (zod already ran structural checks).
+        const verifyResult = await server.verify({
+            signedPayload: parsed.data.signedPayloadBase64,
+            challenge: parsed.data.challenge,
+            skipFacilitator: parsed.data.skipFacilitator ?? true,
+        });
+        if (verifyResult.valid) {
+            return {
+                ok: true,
+                valid: true,
+                ...(verifyResult.settledTxHash !== undefined
+                    ? { settledTxHash: verifyResult.settledTxHash }
+                    : {}),
+            };
+        }
+        return {
+            ok: true,
+            valid: false,
+            error: verifyResult.error,
+        };
+    },
+};
+//# sourceMappingURL=x402-serve.js.map

package/dist/cjs/tools/x402-serve.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"x402-serve.js","sourceRoot":"","sources":["../../../src/tools/x402-serve.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAEH,6BAAwB;AACxB,0CAAmD;AACnD,oDAA+C;AAE/C,4CAAmD;AACnD,2CAAkD;AAElD,MAAM,aAAa,GAAG,OAAC;KACpB,MAAM,CAAC;IACN,EAAE,EAAE,OAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IAC1B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,eAAe,EAAE,+BAAmB,CAAC,QAAQ,EAAE;CAChD,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,UAAU,GAAG,OAAC;KACjB,MAAM,CAAC;IACN,EAAE,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IACvB,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,SAAS,EAAE,OAAC,CAAC,MAAM,CAAC;QAClB,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC;YACb,WAAW,EAAE,OAAC,CAAC,OAAO,CAAC,CAAC,CAAC;YACzB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;YACjB,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,GAAG,EAAE,CAAC;SAC1B,CAAC;QACF,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;KAC9B,CAAC;IACF,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,UAAU,GAAG,OAAC,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC,CAAC;AAE9D,QAAA,mBAAmB,GAAY;IAC1C,IAAI,EAAE,mBAAmB;IACzB,WAAW,EACT,qTAAqT;IACvT,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,KAAK,EAAE;YACL;gBACE,UAAU,EAAE;oBACV,EAAE,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE;oBAC1B,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC5B,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC/B,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE;iBACvD;gBACD,QAAQ,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC;aAC7B;YACD;gBACE,UAAU,EAAE;oBACV,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE;oBACvB,mBAAmB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACvC,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC7B,eAAe,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;iBACrC;gBACD,QAAQ,EAAE,CAAC,IAAI,EAAE,qBAAqB,EAAE,WAAW,CAAC;aACrD;SACF;KACF;IACD,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;QACpB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,+BAAmB,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,IAAI,GAAG,IAAA,mBAAO,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,MAAM,IAAI,+BAAmB,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC;YAC9B,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,oBAAoB,EAAE,GAAG,CAAC,KAAK,CAAC,kBAAkB;YAClD,KAAK,EAAE,IAAqB;YAC5B,kBAAkB,EAChB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,WAAW,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,KAAK,SAAS;gBACzE,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC;gBACrC,CAAC,CAAC,MAAO;SACd,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,WAAW,EAAE,CAAC;YACnC,MAAM,IAAI,GAA2C;gBACnD,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ;aAC/B,CAAC;YACF,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,KAAK,SAAS;gBAAE,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC;YACtF,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBAC9C,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACzD,CAAC;YACD,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACxC,OAAO;gBACL,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,EAAE,CAAC,MAAM;gBACjB,OAAO,EAAE,EAAE,CAAC,OAAO;gBACnB,IAAI,EAAE,EAAE,CAAC,IAAI;gBACb,YAAY,EAAE,EAAE,CAAC,YAAY;aAC9B,CAAC;QACJ,CAAC;QAED,yEAAyE;QACzE,yEAAyE;QACzE,kDAAkD;QAClD,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC;YACvC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,mBAAmB;YAC9C,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAEN;YACjB,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,IAAI,IAAI;SACrD,CAAC,CAAC;QACH,IAAI,YAAY,CAAC,KAAK,EAAE,CAAC;YACvB,OAAO;gBACL,EAAE,EAAE,IAAI;gBACR,KAAK,EAAE,IAAI;gBACX,GAAG,CAAC,YAAY,CAAC,aAAa,KAAK,SAAS;oBAC1C,CAAC,CAAC,EAAE,aAAa,EAAE,YAAY,CAAC,aAAa,EAAE;oBAC/C,CAAC,CAAC,EAAE,CAAC;aACR,CAAC;QACJ,CAAC;QACD,OAAO;YACL,EAAE,EAAE,IAAI;YACR,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,YAAY,CAAC,KAAK;SAC1B,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/cjs/types.d.ts ADDED Viewed

@@ -0,0 +1,66 @@
+/**
+ * Public types for @shroud-fi/mcp-server.
+ */
+import type { Hex } from 'viem';
+import type { ShroudAgent } from '@shroud-fi/agent-runtime';
+import type { ShroudFiTransport } from '@shroud-fi/transport';
+/**
+ * Resolved server context — what every tool handler receives.
+ *
+ * Built once by createMcpServer/bootstrap and reused for every tool call.
+ * No mutable state lives here; the scanner cursor is owned by the agent.
+ */
+export interface McpServerContext {
+    readonly agent: ShroudAgent;
+    readonly transport: ShroudFiTransport;
+    readonly chainId: number;
+    /** Resolution of the operator's signing wallet, when present. */
+    readonly walletAddress: `0x${string}` | undefined;
+}
+/** JSON-safe tool result shape. MCP wraps this in a `content` array. */
+export interface McpToolResult {
+    readonly ok: boolean;
+    readonly [k: string]: unknown;
+}
+/**
+ * Minimal tool descriptor. We mirror the MCP SDK shape but stay decoupled so
+ * tests can exercise tools without spinning up the full MCP server.
+ */
+export interface McpTool {
+    readonly name: string;
+    readonly description: string;
+    readonly inputSchema: object;
+    readonly handler: (ctx: McpServerContext, args: unknown) => Promise<McpToolResult>;
+}
+/**
+ * EIP-191 challenge record. The HTTP transport caches outstanding challenges
+ * keyed by client wallet address until they expire or are consumed.
+ */
+export interface Eip191Challenge {
+    readonly wallet: `0x${string}`;
+    readonly nonce: Hex;
+    readonly issuedAtMs: number;
+    readonly expiresAtMs: number;
+    readonly message: string;
+}
+/** Resolved server bootstrap config. */
+export interface McpServerBootstrapConfig {
+    readonly chainId: number;
+    readonly rpcUrl: string;
+    readonly privateKey: Hex | undefined;
+    readonly startBlock: bigint;
+    /**
+     * Optional 32-byte deterministic master seed. When supplied, the
+     * ShroudAgent's stealth meta-address derivation is identical across every
+     * process that loads this config — required for multi-surface deployments
+     * (MCP + REST + UI) to agree on the operator's recipient identity. When
+     * undefined, ShroudAgent generates a random seed per boot.
+     */
+    readonly masterSeed: Uint8Array | undefined;
+    /**
+     * If non-empty, the HTTP transport rejects every authenticated request
+     * whose recovered wallet is not in this set. Stdio transport ignores it.
+     */
+    readonly httpAllowedWallets: ReadonlySet<`0x${string}`>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/cjs/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IACtC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,iEAAiE;IACjE,QAAQ,CAAC,aAAa,EAAE,KAAK,MAAM,EAAE,GAAG,SAAS,CAAC;CACnD;AAED,wEAAwE;AACxE,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CAC/B;AAED;;;GAGG;AACH,MAAM,WAAW,OAAO;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,CAChB,GAAG,EAAE,gBAAgB,EACrB,IAAI,EAAE,OAAO,KACV,OAAO,CAAC,aAAa,CAAC,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC;IACpB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,wCAAwC;AACxC,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,UAAU,EAAE,GAAG,GAAG,SAAS,CAAC;IACrC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B;;;;;;OAMG;IACH,QAAQ,CAAC,UAAU,EAAE,UAAU,GAAG,SAAS,CAAC;IAC5C;;;OAGG;IACH,QAAQ,CAAC,kBAAkB,EAAE,WAAW,CAAC,KAAK,MAAM,EAAE,CAAC,CAAC;CACzD"}

package/dist/cjs/types.js ADDED Viewed

@@ -0,0 +1,6 @@
+"use strict";
+/**
+ * Public types for @shroud-fi/mcp-server.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/cjs/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":";AAAA;;GAEG"}

package/dist/esm/auth.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * EIP-191 challenge-response auth for the HTTP transport.
+ *
+ * Flow:
+ *   1. Client POSTs /auth/challenge with their wallet address.
+ *   2. Server returns a fresh nonce + a canonical message string.
+ *   3. Client signs message with personal_sign / signMessage (EIP-191).
+ *   4. Client sends every subsequent request with:
+ *        X-Shroudfi-Wallet:    <0x… EOA>
+ *        X-Shroudfi-Nonce:     <nonce returned at step 2>
+ *        X-Shroudfi-Signature: <0x… hex sig>
+ *   5. Server recovers, checks address match + expiry + allow-list.
+ *
+ * The signature is single-shot — once verifyAndConsume returns true for a
+ * nonce, the cache entry is deleted, so the same signed challenge cannot be
+ * replayed.
+ *
+ * Privacy: signature bytes never appear in logs, error messages, or response
+ * bodies. Errors are short tags only.
+ */
+import type { Hex } from 'viem';
+import type { Eip191Challenge } from './types.js';
+export interface AuthCache {
+    issue(wallet: `0x${string}`): Eip191Challenge;
+    verifyAndConsume(args: {
+        wallet: `0x${string}`;
+        nonce: Hex;
+        signature: Hex;
+    }): Promise<void>;
+    /** Test seam — drop expired entries. Called automatically on every op. */
+    prune(now?: number): void;
+    /** Returns the current size — test seam. */
+    size(): number;
+}
+declare function buildMessage(wallet: `0x${string}`, nonce: Hex, issuedAtMs: number): string;
+export declare function createAuthCache(ttlMs?: number): AuthCache;
+export declare const __auth_test__: {
+    buildMessage: typeof buildMessage;
+};
+export {};
+//# sourceMappingURL=auth.d.ts.map

package/dist/esm/auth.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAIH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAOhC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,WAAW,SAAS;IACxB,KAAK,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,GAAG,eAAe,CAAC;IAC9C,gBAAgB,CAAC,IAAI,EAAE;QACrB,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;QACtB,KAAK,EAAE,GAAG,CAAC;QACX,SAAS,EAAE,GAAG,CAAC;KAChB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClB,0EAA0E;IAC1E,KAAK,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,4CAA4C;IAC5C,IAAI,IAAI,MAAM,CAAC;CAChB;AAID,iBAAS,YAAY,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAWnF;AAED,wBAAgB,eAAe,CAC7B,KAAK,GAAE,MAAgC,GACtC,SAAS,CAgEX;AAED,eAAO,MAAM,aAAa;;CAAmB,CAAC"}

package/dist/esm/auth.js ADDED Viewed

@@ -0,0 +1,99 @@
+/**
+ * EIP-191 challenge-response auth for the HTTP transport.
+ *
+ * Flow:
+ *   1. Client POSTs /auth/challenge with their wallet address.
+ *   2. Server returns a fresh nonce + a canonical message string.
+ *   3. Client signs message with personal_sign / signMessage (EIP-191).
+ *   4. Client sends every subsequent request with:
+ *        X-Shroudfi-Wallet:    <0x… EOA>
+ *        X-Shroudfi-Nonce:     <nonce returned at step 2>
+ *        X-Shroudfi-Signature: <0x… hex sig>
+ *   5. Server recovers, checks address match + expiry + allow-list.
+ *
+ * The signature is single-shot — once verifyAndConsume returns true for a
+ * nonce, the cache entry is deleted, so the same signed challenge cannot be
+ * replayed.
+ *
+ * Privacy: signature bytes never appear in logs, error messages, or response
+ * bodies. Errors are short tags only.
+ */
+import { randomBytes } from 'node:crypto';
+import { recoverMessageAddress } from 'viem';
+import { EIP191_CHALLENGE_TTL_MS } from './constants.js';
+import { McpEip191ChallengeExpiredError, McpEip191SignatureInvalidError, McpUnauthorizedError, } from './errors.js';
+const SHROUDFI_DOMAIN_MARK = 'ShroudFi MCP HTTP authentication';
+function buildMessage(wallet, nonce, issuedAtMs) {
+    // The message is deliberately self-describing so a wallet UI shows the
+    // user the exact intent before signing. The nonce is the only random
+    // piece — it ties the signature to a single server-issued challenge.
+    return [
+        SHROUDFI_DOMAIN_MARK,
+        `Wallet: ${wallet}`,
+        `Nonce: ${nonce}`,
+        `Issued: ${new Date(issuedAtMs).toISOString()}`,
+        'Sign to prove control of this wallet.',
+    ].join('\n');
+}
+export function createAuthCache(ttlMs = EIP191_CHALLENGE_TTL_MS) {
+    const store = new Map();
+    function makeKey(wallet, nonce) {
+        return `${wallet.toLowerCase()}|${nonce.toLowerCase()}`;
+    }
+    function prune(now = Date.now()) {
+        for (const [k, v] of store) {
+            if (v.expiresAtMs <= now)
+                store.delete(k);
+        }
+    }
+    return {
+        issue(wallet) {
+            prune();
+            const nonceBytes = randomBytes(16);
+            const nonce = `0x${nonceBytes.toString('hex')}`;
+            const now = Date.now();
+            const ch = {
+                wallet: wallet.toLowerCase(),
+                nonce,
+                issuedAtMs: now,
+                expiresAtMs: now + ttlMs,
+                message: buildMessage(wallet.toLowerCase(), nonce, now),
+            };
+            store.set(makeKey(ch.wallet, ch.nonce), ch);
+            return ch;
+        },
+        async verifyAndConsume({ wallet, nonce, signature }) {
+            // Don't prune before lookup — we want callers to see the explicit
+            // `auth_challenge_expired` code when their nonce has timed out, instead
+            // of an indistinguishable `unauthorized`.
+            const key = makeKey(wallet, nonce);
+            const ch = store.get(key);
+            if (ch === undefined) {
+                throw new McpUnauthorizedError();
+            }
+            if (ch.expiresAtMs <= Date.now()) {
+                store.delete(key);
+                throw new McpEip191ChallengeExpiredError();
+            }
+            let recovered;
+            try {
+                recovered = await recoverMessageAddress({
+                    message: ch.message,
+                    signature,
+                });
+            }
+            catch {
+                throw new McpEip191SignatureInvalidError();
+            }
+            if (recovered.toLowerCase() !== ch.wallet.toLowerCase()) {
+                throw new McpEip191SignatureInvalidError();
+            }
+            // Single-use: consume the nonce so the signed challenge can't be replayed.
+            store.delete(key);
+        },
+        prune,
+        size: () => store.size,
+    };
+}
+export const __auth_test__ = { buildMessage };
+//# sourceMappingURL=auth.js.map

package/dist/esm/auth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,qBAAqB,EAAE,MAAM,MAAM,CAAC;AAE7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EACL,8BAA8B,EAC9B,8BAA8B,EAC9B,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAgBrB,MAAM,oBAAoB,GAAG,kCAAkC,CAAC;AAEhE,SAAS,YAAY,CAAC,MAAqB,EAAE,KAAU,EAAE,UAAkB;IACzE,uEAAuE;IACvE,qEAAqE;IACrE,qEAAqE;IACrE,OAAO;QACL,oBAAoB;QACpB,WAAW,MAAM,EAAE;QACnB,UAAU,KAAK,EAAE;QACjB,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,EAAE;QAC/C,uCAAuC;KACxC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,QAAgB,uBAAuB;IAEvC,MAAM,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IAEjD,SAAS,OAAO,CAAC,MAAqB,EAAE,KAAU;QAChD,OAAO,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;IAC1D,CAAC;IAED,SAAS,KAAK,CAAC,MAAc,IAAI,CAAC,GAAG,EAAE;QACrC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;YAC3B,IAAI,CAAC,CAAC,WAAW,IAAI,GAAG;gBAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,CAAC,MAAM;YACV,KAAK,EAAE,CAAC;YACR,MAAM,UAAU,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YACnC,MAAM,KAAK,GAAQ,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,EAAE,GAAoB;gBAC1B,MAAM,EAAE,MAAM,CAAC,WAAW,EAAmB;gBAC7C,KAAK;gBACL,UAAU,EAAE,GAAG;gBACf,WAAW,EAAE,GAAG,GAAG,KAAK;gBACxB,OAAO,EAAE,YAAY,CAAC,MAAM,CAAC,WAAW,EAAmB,EAAE,KAAK,EAAE,GAAG,CAAC;aACzE,CAAC;YACF,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5C,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,KAAK,CAAC,gBAAgB,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE;YACjD,kEAAkE;YAClE,wEAAwE;YACxE,0CAA0C;YAC1C,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACnC,MAAM,EAAE,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;gBACrB,MAAM,IAAI,oBAAoB,EAAE,CAAC;YACnC,CAAC;YACD,IAAI,EAAE,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACjC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAClB,MAAM,IAAI,8BAA8B,EAAE,CAAC;YAC7C,CAAC;YAED,IAAI,SAAwB,CAAC;YAC7B,IAAI,CAAC;gBACH,SAAS,GAAG,MAAM,qBAAqB,CAAC;oBACtC,OAAO,EAAE,EAAE,CAAC,OAAO;oBACnB,SAAS;iBACV,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,8BAA8B,EAAE,CAAC;YAC7C,CAAC;YACD,IAAI,SAAS,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxD,MAAM,IAAI,8BAA8B,EAAE,CAAC;YAC7C,CAAC;YAED,2EAA2E;YAC3E,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;QAED,KAAK;QACL,IAAI,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI;KACvB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,YAAY,EAAE,CAAC"}

package/dist/esm/bin/http.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+/**
+ * HTTP transport bin. Reads SHROUDFI_MCP_HTTP_PORT (default 7070) via the
+ * config module, boots the HTTP server, parks until SIGINT/SIGTERM.
+ */
+export {};
+//# sourceMappingURL=http.d.ts.map

package/dist/esm/bin/http.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../../src/bin/http.ts"],"names":[],"mappings":";AACA;;;GAGG"}