@shroud-fi/mcp-server 0.1.0

package/dist/esm/http.js

@@ -0,0 +1,177 @@
+/**
+ * HTTP transport for the MCP server.
+ *
+ * Uses node:http to stay zero-dep. Exposes three endpoints:
+ *   POST /auth/challenge   → mint EIP-191 challenge
+ *   POST /mcp              → JSON-RPC framed MCP body (auth-gated)
+ *   GET  /healthz          → public liveness ping
+ *
+ * Auth rules:
+ *   - /auth/challenge      public (clients need a way to get a challenge)
+ *   - /mcp                 requires X-Shroudfi-Wallet + X-Shroudfi-Nonce +
+ *                          X-Shroudfi-Signature headers. Signature is verified,
+ *                          consumed (single-use), allow-list checked.
+ *   - /healthz             public
+ *
+ * Privacy invariants:
+ *   - Signatures never logged or echoed.
+ *   - Errors are short tag strings; no body bytes, no key bytes.
+ *   - Allow-list is enforced when SHROUDFI_MCP_HTTP_ALLOWED_WALLETS is set;
+ *     when empty, ANY EIP-191 wallet may authenticate. Operators MUST set
+ *     the allow-list in production.
+ */
+import { createServer } from 'node:http';
+import { isHex } from 'viem';
+import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+import { ALL_TOOLS, findTool } from './tools/index.js';
+import { createAuthCache } from './auth.js';
+import { buildContextFromConfig, loadBootstrapConfigFromEnv } from './config.js';
+import { McpInvalidArgsError, McpServerError, McpUnauthorizedError } from './errors.js';
+const HEADER_WALLET = 'x-shroudfi-wallet';
+const HEADER_NONCE = 'x-shroudfi-nonce';
+const HEADER_SIGNATURE = 'x-shroudfi-signature';
+const JSON_HEADERS = { 'content-type': 'application/json' };
+async function readJsonBody(req) {
+    const chunks = [];
+    for await (const chunk of req) {
+        chunks.push(chunk);
+        if (Buffer.concat(chunks).length > 1_048_576) {
+            throw new McpInvalidArgsError();
+        }
+    }
+    const raw = Buffer.concat(chunks).toString('utf-8');
+    if (raw.length === 0)
+        return {};
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        throw new McpInvalidArgsError();
+    }
+}
+function send(res, status, body) {
+    res.writeHead(status, JSON_HEADERS);
+    res.end(JSON.stringify(body));
+}
+async function authenticate(req, authCache, allowList) {
+    const wallet = req.headers[HEADER_WALLET];
+    const nonce = req.headers[HEADER_NONCE];
+    const sig = req.headers[HEADER_SIGNATURE];
+    if (typeof wallet !== 'string' ||
+        typeof nonce !== 'string' ||
+        typeof sig !== 'string') {
+        throw new McpUnauthorizedError();
+    }
+    if (!isHex(wallet) || wallet.length !== 42)
+        throw new McpUnauthorizedError();
+    if (!isHex(nonce))
+        throw new McpUnauthorizedError();
+    if (!isHex(sig))
+        throw new McpUnauthorizedError();
+    const walletLc = wallet.toLowerCase();
+    if (allowList.size > 0 && !allowList.has(walletLc)) {
+        throw new McpUnauthorizedError();
+    }
+    await authCache.verifyAndConsume({
+        wallet: walletLc,
+        nonce: nonce,
+        signature: sig,
+    });
+    return walletLc;
+}
+/**
+ * Direct JSON-RPC-ish dispatch — we expose the same RPC envelope MCP uses but
+ * over a synchronous request/response cycle (no SSE in v1). Clients send:
+ *   { method: 'tools/list', params: {} }
+ *   { method: 'tools/call', params: { name, arguments } }
+ */
+async function dispatch(ctx, body) {
+    if (typeof body !== 'object' ||
+        body === null ||
+        !('method' in body) ||
+        typeof body.method !== 'string') {
+        throw new McpInvalidArgsError();
+    }
+    const method = body.method;
+    const params = (body.params ?? {});
+    if (method === 'tools/list') {
+        ListToolsRequestSchema.parse({ method, params });
+        return {
+            tools: ALL_TOOLS.map((t) => ({
+                name: t.name,
+                description: t.description,
+                inputSchema: t.inputSchema,
+            })),
+        };
+    }
+    if (method === 'tools/call') {
+        const parsed = CallToolRequestSchema.parse({ method, params });
+        const tool = findTool(parsed.params.name);
+        if (tool === undefined) {
+            throw new McpInvalidArgsError();
+        }
+        const args = parsed.params.arguments ?? {};
+        const result = await tool.handler(ctx, args);
+        return {
+            content: [{ type: 'text', text: JSON.stringify(result) }],
+        };
+    }
+    throw new McpInvalidArgsError();
+}
+export async function runHttpServer(opts) {
+    const bootstrap = opts.bootstrap ?? loadBootstrapConfigFromEnv();
+    const ctx = buildContextFromConfig(bootstrap);
+    const authCache = createAuthCache();
+    const allowList = bootstrap.httpAllowedWallets;
+    const server = createServer((req, res) => {
+        void handleRequest(req, res, ctx, authCache, allowList).catch((err) => {
+            if (err instanceof McpServerError) {
+                send(res, 400, { ok: false, code: err.code });
+                return;
+            }
+            send(res, 500, { ok: false, code: 'internal_error' });
+        });
+    });
+    await new Promise((resolve) => {
+        server.listen(opts.port, () => resolve());
+    });
+    return {
+        close: () => new Promise((resolve, reject) => {
+            server.close((err) => (err ? reject(err) : resolve()));
+        }),
+    };
+}
+async function handleRequest(req, res, ctx, authCache, allowList) {
+    const url = req.url ?? '/';
+    const method = req.method ?? 'GET';
+    if (url === '/healthz' && method === 'GET') {
+        send(res, 200, { ok: true });
+        return;
+    }
+    if (url === '/auth/challenge' && method === 'POST') {
+        const body = (await readJsonBody(req));
+        if (typeof body.wallet !== 'string' ||
+            !isHex(body.wallet) ||
+            body.wallet.length !== 42) {
+            throw new McpInvalidArgsError();
+        }
+        const challenge = authCache.issue(body.wallet.toLowerCase());
+        send(res, 200, {
+            ok: true,
+            wallet: challenge.wallet,
+            nonce: challenge.nonce,
+            message: challenge.message,
+            expiresAtMs: challenge.expiresAtMs,
+        });
+        return;
+    }
+    if (url === '/mcp' && method === 'POST') {
+        await authenticate(req, authCache, allowList);
+        const body = await readJsonBody(req);
+        const result = await dispatch(ctx, body);
+        send(res, 200, { ok: true, result });
+        return;
+    }
+    send(res, 404, { ok: false, code: 'not_found' });
+}
+//# sourceMappingURL=http.js.map

package/dist/esm/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAE,YAAY,EAA6C,MAAM,WAAW,CAAC;AAEpF,OAAO,EAAE,KAAK,EAAE,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,oCAAoC,CAAC;AACnG,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAkB,MAAM,WAAW,CAAC;AAC5D,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC;AAEjF,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAExF,MAAM,aAAa,GAAG,mBAAmB,CAAC;AAC1C,MAAM,YAAY,GAAG,kBAAkB,CAAC;AACxC,MAAM,gBAAgB,GAAG,sBAAsB,CAAC;AAEhD,MAAM,YAAY,GAAG,EAAE,cAAc,EAAE,kBAAkB,EAAW,CAAC;AAOrE,KAAK,UAAU,YAAY,CAAC,GAAoB;IAC9C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC;QAC7B,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;YAC7C,MAAM,IAAI,mBAAmB,EAAE,CAAC;QAClC,CAAC;IACH,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACpD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAChC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,mBAAmB,EAAE,CAAC;IAClC,CAAC;AACH,CAAC;AAED,SAAS,IAAI,CAAC,GAAmB,EAAE,MAAc,EAAE,IAAa;IAC9D,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IACpC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,GAAoB,EACpB,SAAoB,EACpB,SAAqC;IAErC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC1C,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,OAAO,KAAK,KAAK,QAAQ;QACzB,OAAO,GAAG,KAAK,QAAQ,EACvB,CAAC;QACD,MAAM,IAAI,oBAAoB,EAAE,CAAC;IACnC,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,oBAAoB,EAAE,CAAC;IAC7E,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,oBAAoB,EAAE,CAAC;IACpD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;QAAE,MAAM,IAAI,oBAAoB,EAAE,CAAC;IAClD,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,EAAmB,CAAC;IACvD,IAAI,SAAS,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,oBAAoB,EAAE,CAAC;IACnC,CAAC;IACD,MAAM,SAAS,CAAC,gBAAgB,CAAC;QAC/B,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE,KAAY;QACnB,SAAS,EAAE,GAAU;KACtB,CAAC,CAAC;IACH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,QAAQ,CACrB,GAAqB,EACrB,IAAa;IAEb,IACE,OAAO,IAAI,KAAK,QAAQ;QACxB,IAAI,KAAK,IAAI;QACb,CAAC,CAAC,QAAQ,IAAI,IAAI,CAAC;QACnB,OAAQ,IAA4B,CAAC,MAAM,KAAK,QAAQ,EACxD,CAAC;QACD,MAAM,IAAI,mBAAmB,EAAE,CAAC;IAClC,CAAC;IACD,MAAM,MAAM,GAAI,IAA2B,CAAC,MAAM,CAAC;IACnD,MAAM,MAAM,GAAG,CAAE,IAA6B,CAAC,MAAM,IAAI,EAAE,CAAY,CAAC;IAExE,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;QAC5B,sBAAsB,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3B,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,WAAW,EAAE,CAAC,CAAC,WAAW;aAC3B,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAC/D,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,MAAM,IAAI,mBAAmB,EAAE,CAAC;QAClC,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC7C,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;SAC1D,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,mBAAmB,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAA0B;IAG5D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,0BAA0B,EAAE,CAAC;IACjE,MAAM,GAAG,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,MAAM,SAAS,GAAG,SAAS,CAAC,kBAAkB,CAAC;IAE/C,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACvC,KAAK,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACpE,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;gBAClC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YACD,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,KAAK,EAAE,GAAG,EAAE,CACV,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACpC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC;KACL,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,GAAoB,EACpB,GAAmB,EACnB,GAAqB,EACrB,SAAoB,EACpB,SAAqC;IAErC,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;IAC3B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC;IAEnC,IAAI,GAAG,KAAK,UAAU,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QAC3C,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7B,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,iBAAiB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACnD,MAAM,IAAI,GAAG,CAAC,MAAM,YAAY,CAAC,GAAG,CAAC,CAAwB,CAAC;QAC9D,IACE,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ;YAC/B,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;YACnB,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,EAAE,EACzB,CAAC;YACD,MAAM,IAAI,mBAAmB,EAAE,CAAC;QAClC,CAAC;QACD,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAmB,CAAC,CAAC;QAC9E,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;YACb,EAAE,EAAE,IAAI;YACR,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,WAAW,EAAE,SAAS,CAAC,WAAW;SACnC,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,MAAM,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACxC,MAAM,YAAY,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACzC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;AACnD,CAAC"}

package/dist/esm/index.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Public barrel — @shroud-fi/mcp-server.
+ *
+ * Two consumption paths:
+ *   - `import { runStdioServer } from '@shroud-fi/mcp-server'` for stdio bin.
+ *   - `import { runHttpServer } from '@shroud-fi/mcp-server/http'` for HTTP.
+ *   - `import { ALL_TOOLS } from '@shroud-fi/mcp-server/tools'` to embed the
+ *     tool registry into a host MCP server you already own.
+ */
+export { runStdioServer } from './stdio.js';
+export { runHttpServer } from './http.js';
+export { buildMcpServer } from './server.js';
+export { buildContextFromConfig, loadBootstrapConfigFromEnv, readHttpPortFromEnv, } from './config.js';
+export { createAuthCache } from './auth.js';
+export { ALL_TOOLS, findTool } from './tools/index.js';
+export type { McpTool, McpToolResult, McpServerContext, McpServerBootstrapConfig, Eip191Challenge, } from './types.js';
+export { McpServerError, McpConfigError, McpUnauthorizedError, McpToolNotFoundError, McpInvalidArgsError, McpExecutionError, McpEip191ChallengeExpiredError, McpEip191SignatureInvalidError, } from './errors.js';
+export { SHROUDFI_MCP_SERVER_NAME, SHROUDFI_MCP_SERVER_VERSION, } from './constants.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/esm/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EACL,sBAAsB,EACtB,0BAA0B,EAC1B,mBAAmB,GACpB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACvD,YAAY,EACV,OAAO,EACP,aAAa,EACb,gBAAgB,EAChB,wBAAwB,EACxB,eAAe,GAChB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,iBAAiB,EACjB,8BAA8B,EAC9B,8BAA8B,GAC/B,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,wBAAwB,EACxB,2BAA2B,GAC5B,MAAM,gBAAgB,CAAC"}

package/dist/esm/index.js

@@ -0,0 +1,18 @@
+/**
+ * Public barrel — @shroud-fi/mcp-server.
+ *
+ * Two consumption paths:
+ *   - `import { runStdioServer } from '@shroud-fi/mcp-server'` for stdio bin.
+ *   - `import { runHttpServer } from '@shroud-fi/mcp-server/http'` for HTTP.
+ *   - `import { ALL_TOOLS } from '@shroud-fi/mcp-server/tools'` to embed the
+ *     tool registry into a host MCP server you already own.
+ */
+export { runStdioServer } from './stdio.js';
+export { runHttpServer } from './http.js';
+export { buildMcpServer } from './server.js';
+export { buildContextFromConfig, loadBootstrapConfigFromEnv, readHttpPortFromEnv, } from './config.js';
+export { createAuthCache } from './auth.js';
+export { ALL_TOOLS, findTool } from './tools/index.js';
+export { McpServerError, McpConfigError, McpUnauthorizedError, McpToolNotFoundError, McpInvalidArgsError, McpExecutionError, McpEip191ChallengeExpiredError, McpEip191SignatureInvalidError, } from './errors.js';
+export { SHROUDFI_MCP_SERVER_NAME, SHROUDFI_MCP_SERVER_VERSION, } from './constants.js';
+//# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EACL,sBAAsB,EACtB,0BAA0B,EAC1B,mBAAmB,GACpB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAQvD,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,iBAAiB,EACjB,8BAA8B,EAC9B,8BAA8B,GAC/B,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,wBAAwB,EACxB,2BAA2B,GAC5B,MAAM,gBAAgB,CAAC"}

package/dist/esm/server.d.ts

@@ -0,0 +1,14 @@
+/**
+ * MCP server core — wires our tool registry into the official MCP SDK.
+ *
+ * Transport-agnostic: this function builds the configured Server instance.
+ * stdio.ts and http.ts each connect it to their respective transport.
+ */
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import type { McpServerContext } from './types.js';
+/**
+ * Build a configured MCP Server. The caller plugs in a transport via
+ * `server.connect(transport)` once this returns.
+ */
+export declare function buildMcpServer(ctx: McpServerContext): Server;
+//# sourceMappingURL=server.d.ts.map

package/dist/esm/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAYnE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,gBAAgB,GAAG,MAAM,CA6E5D"}

package/dist/esm/server.js

@@ -0,0 +1,89 @@
+/**
+ * MCP server core — wires our tool registry into the official MCP SDK.
+ *
+ * Transport-agnostic: this function builds the configured Server instance.
+ * stdio.ts and http.ts each connect it to their respective transport.
+ */
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
+import { ALL_TOOLS, findTool } from './tools/index.js';
+import { SHROUDFI_MCP_SERVER_NAME, SHROUDFI_MCP_SERVER_VERSION, } from './constants.js';
+import { McpInvalidArgsError, McpToolNotFoundError, McpServerError } from './errors.js';
+/**
+ * Build a configured MCP Server. The caller plugs in a transport via
+ * `server.connect(transport)` once this returns.
+ */
+export function buildMcpServer(ctx) {
+    const server = new Server({
+        name: SHROUDFI_MCP_SERVER_NAME,
+        version: SHROUDFI_MCP_SERVER_VERSION,
+    }, {
+        capabilities: {
+            tools: {},
+        },
+    });
+    server.setRequestHandler(ListToolsRequestSchema, async () => {
+        const tools = ALL_TOOLS.map((t) => ({
+            name: t.name,
+            description: t.description,
+            inputSchema: t.inputSchema,
+        }));
+        return { tools };
+    });
+    server.setRequestHandler(CallToolRequestSchema, async (req) => {
+        const name = req.params.name;
+        const tool = findTool(name);
+        if (tool === undefined) {
+            throw new McpToolNotFoundError();
+        }
+        try {
+            const args = (req.params.arguments ?? {});
+            const result = await tool.handler(ctx, args);
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify(result),
+                    },
+                ],
+            };
+        }
+        catch (err) {
+            if (err instanceof McpInvalidArgsError || err instanceof McpToolNotFoundError) {
+                return {
+                    isError: true,
+                    content: [
+                        {
+                            type: 'text',
+                            text: JSON.stringify({ ok: false, code: err.code, message: err.message }),
+                        },
+                    ],
+                };
+            }
+            if (err instanceof McpServerError) {
+                return {
+                    isError: true,
+                    content: [
+                        {
+                            type: 'text',
+                            text: JSON.stringify({ ok: false, code: err.code, message: err.message }),
+                        },
+                    ],
+                };
+            }
+            // Wrap unexpected error — short tag only, never the raw .message.
+            const code = err?.name ?? 'execution_failed';
+            return {
+                isError: true,
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({ ok: false, code, message: 'Tool execution failed' }),
+                    },
+                ],
+            };
+        }
+    });
+    return server;
+}
+//# sourceMappingURL=server.js.map

package/dist/esm/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GAEvB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EACL,wBAAwB,EACxB,2BAA2B,GAC5B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAGxF;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,GAAqB;IAClD,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,2BAA2B;KACrC,EACD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;SACV;KACF,CACF,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,KAAK,GAAc,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC7C,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,WAAW,EAAE,CAAC,CAAC,WAAqC;SACrD,CAAC,CAAC,CAAC;QACJ,OAAO,EAAE,KAAK,EAAE,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC5D,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;QAC7B,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5B,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,MAAM,IAAI,oBAAoB,EAAE,CAAC;QACnC,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAAY,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC7C,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;qBAC7B;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,mBAAmB,IAAI,GAAG,YAAY,oBAAoB,EAAE,CAAC;gBAC9E,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;yBAC1E;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;gBAClC,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;yBAC1E;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,kEAAkE;YAClE,MAAM,IAAI,GAAI,GAAyB,EAAE,IAAI,IAAI,kBAAkB,CAAC;YACpE,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;qBAC5E;iBACF;aACF,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/esm/stdio.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Stdio transport entry point.
+ *
+ * Reads operator config from env, builds the agent context, attaches the
+ * MCP server to stdin/stdout. Used by `.mcp.json` config in Claude Code,
+ * Cursor, Windsurf, Zed AI, etc.
+ */
+export declare function runStdioServer(): Promise<void>;
+//# sourceMappingURL=stdio.d.ts.map

package/dist/esm/stdio.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../../src/stdio.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAMpD"}

package/dist/esm/stdio.js

@@ -0,0 +1,18 @@
+/**
+ * Stdio transport entry point.
+ *
+ * Reads operator config from env, builds the agent context, attaches the
+ * MCP server to stdin/stdout. Used by `.mcp.json` config in Claude Code,
+ * Cursor, Windsurf, Zed AI, etc.
+ */
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { buildContextFromConfig, loadBootstrapConfigFromEnv } from './config.js';
+import { buildMcpServer } from './server.js';
+export async function runStdioServer() {
+    const bootstrap = loadBootstrapConfigFromEnv();
+    const ctx = buildContextFromConfig(bootstrap);
+    const server = buildMcpServer(ctx);
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+//# sourceMappingURL=stdio.js.map

package/dist/esm/stdio.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio.js","sourceRoot":"","sources":["../../src/stdio.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,SAAS,GAAG,0BAA0B,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC"}

package/dist/esm/tools/balance.d.ts

@@ -0,0 +1,9 @@
+/**
+ * shroud_balance — read ETH and (optionally) ERC-20 balance for a wallet.
+ *
+ * Defaults to the agent's operator wallet. Pass `address` to query a different
+ * one (e.g. a stealth address whose private key was just recovered).
+ */
+import type { McpTool } from '../types.js';
+export declare const shroudBalanceTool: McpTool;
+//# sourceMappingURL=balance.d.ts.map

package/dist/esm/tools/balance.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"balance.d.ts","sourceRoot":"","sources":["../../../src/tools/balance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAiB,MAAM,aAAa,CAAC;AAW1D,eAAO,MAAM,iBAAiB,EAAE,OA6C/B,CAAC"}

package/dist/esm/tools/balance.js

@@ -0,0 +1,58 @@
+/**
+ * shroud_balance — read ETH and (optionally) ERC-20 balance for a wallet.
+ *
+ * Defaults to the agent's operator wallet. Pass `address` to query a different
+ * one (e.g. a stealth address whose private key was just recovered).
+ */
+import { z } from 'zod';
+import { ERC20Abi } from '@shroud-fi/transport';
+import { McpInvalidArgsError } from '../errors.js';
+import { AddressSchema } from './schema.js';
+const ArgsSchema = z
+    .object({
+    address: AddressSchema.optional(),
+    token: AddressSchema.optional(),
+})
+    .strict();
+export const shroudBalanceTool = {
+    name: 'shroud_balance',
+    description: 'Read the ETH balance and (optionally) a single ERC-20 balance for a wallet. Defaults to the operator wallet. Returns wei-denominated strings.',
+    inputSchema: {
+        type: 'object',
+        additionalProperties: false,
+        properties: {
+            address: { type: 'string', pattern: '^0x[0-9a-fA-F]{40}$' },
+            token: { type: 'string', pattern: '^0x[0-9a-fA-F]{40}$' },
+        },
+    },
+    async handler(ctx, raw) {
+        const parsed = ArgsSchema.safeParse(raw ?? {});
+        if (!parsed.success) {
+            throw new McpInvalidArgsError();
+        }
+        const target = (parsed.data.address ?? ctx.walletAddress);
+        if (target === undefined) {
+            throw new McpInvalidArgsError();
+        }
+        const ethBal = await ctx.transport.publicClient.getBalance({
+            address: target,
+        });
+        const out = {
+            ok: true,
+            address: target,
+            ethWei: ethBal.toString(),
+        };
+        if (parsed.data.token !== undefined) {
+            const tokenBal = (await ctx.transport.publicClient.readContract({
+                address: parsed.data.token,
+                abi: ERC20Abi,
+                functionName: 'balanceOf',
+                args: [target],
+            }));
+            out.token = parsed.data.token;
+            out.tokenBaseUnits = tokenBal.toString();
+        }
+        return out;
+    },
+};
+//# sourceMappingURL=balance.js.map

package/dist/esm/tools/balance.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"balance.js","sourceRoot":"","sources":["../../../src/tools/balance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAEhD,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,UAAU,GAAG,CAAC;KACjB,MAAM,CAAC;IACN,OAAO,EAAE,aAAa,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,aAAa,CAAC,QAAQ,EAAE;CAChC,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,iBAAiB,GAAY;IACxC,IAAI,EAAE,gBAAgB;IACtB,WAAW,EACT,+IAA+I;IACjJ,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,oBAAoB,EAAE,KAAK;QAC3B,UAAU,EAAE;YACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;YAC3D,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;SAC1D;KACF;IACD,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;QACpB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,mBAAmB,EAAE,CAAC;QAClC,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,GAAG,CAAC,aAAa,CAE3C,CAAC;QACd,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,mBAAmB,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,UAAU,CAAC;YACzD,OAAO,EAAE,MAAM;SAChB,CAAC,CAAC;QAEH,MAAM,GAAG,GAA4B;YACnC,EAAE,EAAE,IAAI;YACR,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE;SAC1B,CAAC;QACF,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,CAAC,MAAM,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,YAAY,CAAC;gBAC9D,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,KAAsB;gBAC3C,GAAG,EAAE,QAAQ;gBACb,YAAY,EAAE,WAAW;gBACzB,IAAI,EAAE,CAAC,MAAM,CAAC;aACf,CAAC,CAAW,CAAC;YACd,GAAG,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;YAC9B,GAAG,CAAC,cAAc,GAAG,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,GAAoB,CAAC;IAC9B,CAAC;CACF,CAAC"}

package/dist/esm/tools/index.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Tool registry. Add new tools here so both stdio + http transports pick them up.
+ */
+import type { McpTool } from '../types.js';
+import { shroudRegisterTool } from './register.js';
+import { shroudSendTool } from './send.js';
+import { shroudSendToWalletTool } from './send-to-wallet.js';
+import { shroudReceiveTool } from './receive.js';
+import { shroudSweepTool } from './sweep.js';
+import { shroudBalanceTool } from './balance.js';
+import { shroudStatusTool } from './status.js';
+import { shroudX402PayTool } from './x402-pay.js';
+import { shroudX402ServeTool } from './x402-serve.js';
+export declare const ALL_TOOLS: readonly McpTool[];
+export declare function findTool(name: string): McpTool | undefined;
+export { shroudRegisterTool, shroudSendTool, shroudSendToWalletTool, shroudReceiveTool, shroudSweepTool, shroudBalanceTool, shroudStatusTool, shroudX402PayTool, shroudX402ServeTool, };
+//# sourceMappingURL=index.d.ts.map

package/dist/esm/tools/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/tools/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAEtD,eAAO,MAAM,SAAS,EAAE,SAAS,OAAO,EAUvC,CAAC;AAEF,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAE1D;AAED,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,sBAAsB,EACtB,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,GACpB,CAAC"}

package/dist/esm/tools/index.js

@@ -0,0 +1,28 @@
+/**
+ * Tool registry. Add new tools here so both stdio + http transports pick them up.
+ */
+import { shroudRegisterTool } from './register.js';
+import { shroudSendTool } from './send.js';
+import { shroudSendToWalletTool } from './send-to-wallet.js';
+import { shroudReceiveTool } from './receive.js';
+import { shroudSweepTool } from './sweep.js';
+import { shroudBalanceTool } from './balance.js';
+import { shroudStatusTool } from './status.js';
+import { shroudX402PayTool } from './x402-pay.js';
+import { shroudX402ServeTool } from './x402-serve.js';
+export const ALL_TOOLS = [
+    shroudRegisterTool,
+    shroudSendTool,
+    shroudSendToWalletTool,
+    shroudReceiveTool,
+    shroudSweepTool,
+    shroudBalanceTool,
+    shroudStatusTool,
+    shroudX402PayTool,
+    shroudX402ServeTool,
+];
+export function findTool(name) {
+    return ALL_TOOLS.find((t) => t.name === name);
+}
+export { shroudRegisterTool, shroudSendTool, shroudSendToWalletTool, shroudReceiveTool, shroudSweepTool, shroudBalanceTool, shroudStatusTool, shroudX402PayTool, shroudX402ServeTool, };
+//# sourceMappingURL=index.js.map

package/dist/esm/tools/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/tools/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAEtD,MAAM,CAAC,MAAM,SAAS,GAAuB;IAC3C,kBAAkB;IAClB,cAAc;IACd,sBAAsB;IACtB,iBAAiB;IACjB,eAAe;IACf,iBAAiB;IACjB,gBAAgB;IAChB,iBAAiB;IACjB,mBAAmB;CACpB,CAAC;AAEF,MAAM,UAAU,QAAQ,CAAC,IAAY;IACnC,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;AAChD,CAAC;AAED,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,sBAAsB,EACtB,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,GACpB,CAAC"}

package/dist/esm/tools/receive.d.ts

@@ -0,0 +1,13 @@
+/**
+ * shroud_receive — scan a block range for incoming stealth payments to the
+ * configured agent. Stateless: caller supplies fromBlock + toBlock; server
+ * returns every detection in that window.
+ *
+ * Privacy: stealthPrivateKey is exposed in the response because the caller is
+ * the same operator that holds the spending key in the server process — the
+ * key was derived from their own seed. The MCP transport must be local stdio
+ * or authenticated HTTP (EIP-191) to keep this safe. See HTTP transport gate.
+ */
+import type { McpTool } from '../types.js';
+export declare const shroudReceiveTool: McpTool;
+//# sourceMappingURL=receive.d.ts.map

package/dist/esm/tools/receive.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"receive.d.ts","sourceRoot":"","sources":["../../../src/tools/receive.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,KAAK,EAAE,OAAO,EAAiB,MAAM,aAAa,CAAC;AAc1D,eAAO,MAAM,iBAAiB,EAAE,OA4E/B,CAAC"}

package/dist/esm/tools/receive.js

@@ -0,0 +1,97 @@
+/**
+ * shroud_receive — scan a block range for incoming stealth payments to the
+ * configured agent. Stateless: caller supplies fromBlock + toBlock; server
+ * returns every detection in that window.
+ *
+ * Privacy: stealthPrivateKey is exposed in the response because the caller is
+ * the same operator that holds the spending key in the server process — the
+ * key was derived from their own seed. The MCP transport must be local stdio
+ * or authenticated HTTP (EIP-191) to keep this safe. See HTTP transport gate.
+ */
+import { z } from 'zod';
+import { createScanner } from '@shroud-fi/scanning';
+import { McpInvalidArgsError } from '../errors.js';
+import { Uint256StringSchema, toBigInt } from './schema.js';
+const ArgsSchema = z
+    .object({
+    fromBlock: Uint256StringSchema,
+    toBlock: z.union([Uint256StringSchema, z.literal('latest')]).optional(),
+    finality: z.enum(['unsafe', 'safe', 'finalized']).optional(),
+    /** Hard cap on detections returned in a single call. Defaults to 100. */
+    limit: z.number().int().positive().max(1000).optional(),
+})
+    .strict();
+export const shroudReceiveTool = {
+    name: 'shroud_receive',
+    description: 'Scan a block range for incoming stealth payments to the agent. Returns the list of detections (each includes stealthAddress, ephemeralPubKey, stealthPrivateKey, txHash, blockNumber). Stateless: caller drives the cursor by passing fromBlock + toBlock.',
+    inputSchema: {
+        type: 'object',
+        additionalProperties: false,
+        properties: {
+            fromBlock: { type: 'string', pattern: '^\\d+$' },
+            toBlock: { oneOf: [{ type: 'string', pattern: '^\\d+$' }, { const: 'latest' }] },
+            finality: { type: 'string', enum: ['unsafe', 'safe', 'finalized'] },
+            limit: { type: 'integer', minimum: 1, maximum: 1000 },
+        },
+        required: ['fromBlock'],
+    },
+    async handler(ctx, raw) {
+        const parsed = ArgsSchema.safeParse(raw);
+        if (!parsed.success) {
+            throw new McpInvalidArgsError();
+        }
+        const { fromBlock, toBlock, finality, limit } = parsed.data;
+        const fromB = toBigInt(fromBlock);
+        let toB;
+        if (toBlock === undefined || toBlock === 'latest') {
+            const tag = finality === 'finalized'
+                ? 'finalized'
+                : finality === 'safe'
+                    ? 'safe'
+                    : 'latest';
+            const block = await ctx.transport.publicClient.getBlock({ blockTag: tag });
+            toB = block.number ?? fromB;
+        }
+        else {
+            toB = toBigInt(toBlock);
+        }
+        if (toB < fromB) {
+            return { ok: true, fromBlock: fromB.toString(), toBlock: toB.toString(), detections: [] };
+        }
+        const scanner = createScanner({
+            transport: ctx.transport,
+            scanningKey: ctx.agent.identity.keys.scanningKey,
+            spendingKey: ctx.agent.identity.keys.spendingKey,
+            startBlock: fromB,
+            ...(finality !== undefined ? { finality } : {}),
+        });
+        const out = [];
+        const cap = limit ?? 100;
+        try {
+            for await (const d of scanner.scanRange(fromB, toB)) {
+                out.push({
+                    stealthAddress: d.stealthAddress,
+                    ephemeralPubKey: d.ephemeralPubKey,
+                    stealthPrivateKey: d.stealthPrivateKey,
+                    txHash: d.txHash,
+                    blockNumber: d.blockNumber.toString(),
+                    blockHash: d.blockHash,
+                    logIndex: d.logIndex,
+                    finality: d.finality,
+                });
+                if (out.length >= cap)
+                    break;
+            }
+        }
+        finally {
+            scanner.close();
+        }
+        return {
+            ok: true,
+            fromBlock: fromB.toString(),
+            toBlock: toB.toString(),
+            detections: out,
+        };
+    },
+};
+//# sourceMappingURL=receive.js.map