@toromarket/mcp-server 0.2.2 → 0.2.3

package/dist/index.cjs

@@ -27,7 +27,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 var import_server = require("@modelcontextprotocol/sdk/server/index.js");
 var import_stdio = require("@modelcontextprotocol/sdk/server/stdio.js");
 var import_types = require("@modelcontextprotocol/sdk/types.js");
-var import_sdk9 = require("@toromarket/sdk");
+var import_sdk6 = require("@toromarket/sdk");
 
 // src/tools/definitions.ts
 var import_zod = require("zod");
@@ -2999,17 +2999,11 @@ async function executeTool(client, baseUrl2, name, rawArgs, options) {
     }
     case "get_compliance_status": {
       const me = await client.auth.me();
-      const complianceStatus = options?.complianceGate?.getStatus() ?? {
-        enabled: false,
-        flags: { velocityWarning: false, regionBlocked: false, largeTransaction: false },
-        velocity: { tradesLastMinute: 0, sessionVolume: 0 },
-        region: null,
-        blockedRegions: []
-      };
+      const compliance = await client.auth.complianceStatus();
       return {
         trustTier: me.trustTier,
         trustScore: me.trustScore,
-        compliance: complianceStatus
+        compliance
       };
     }
     // Registry tools
@@ -3378,6 +3372,18 @@ function classifyError(error) {
     if (error.code === "NETWORK_ERROR") {
       return { error: error.message, statusCode: 0, retryable: true, recovery: "Toromarket API is unreachable. Check that the server is running." };
     }
+    if (error.code === "SPENDING_LIMIT") {
+      return { error: error.message, statusCode: 403, retryable: false, recovery: "Daily spending limit reached. Read-only tools still work. Call get_upgrade_url to increase your limit." };
+    }
+    if (error.code === "SPOOFING_DETECTED") {
+      return { error: error.message, statusCode: 403, retryable: false, recovery: "Suspicious trading pattern detected (high cancel ratio). Slow down and wait 30 seconds." };
+    }
+    if (error.code === "REGISTRATION_THROTTLE") {
+      return { error: error.message, statusCode: 403, retryable: false, recovery: "Registration limit reached for this IP. Use authenticate to log in to an existing account." };
+    }
+    if (error.code === "RATE_LIMITED") {
+      return { error: error.message, statusCode: 429, retryable: true, recovery: "Rate limit exceeded. Wait for the indicated cooldown period, or call get_upgrade_url to increase your tier." };
+    }
     if (status >= 500) {
       return { error: error.message, statusCode: status, retryable: true, recovery: "Server error. Try again in a few seconds." };
     }
@@ -3711,28 +3717,8 @@ function createLogger(level = "info") {
   };
 }
 
-// src/middleware/registration.ts
-var import_sdk3 = require("@toromarket/sdk");
-var RegistrationThrottle = class {
-  hasRegistered = false;
-  async beforeExecute(toolName, _args) {
-    if (toolName === "register_agent" && this.hasRegistered) {
-      throw new import_sdk3.ToromarketError(
-        "Only one account can be registered per session. Use authenticate to log in to an existing account.",
-        403,
-        "REGISTRATION_THROTTLE"
-      );
-    }
-  }
-  async afterExecute(toolName, _args, _result, error) {
-    if (toolName === "register_agent" && !error) {
-      this.hasRegistered = true;
-    }
-  }
-};
-
 // src/middleware/rate-limiter.ts
-var import_sdk4 = require("@toromarket/sdk");
+var import_sdk3 = require("@toromarket/sdk");
 var ORDER_TOOLS = /* @__PURE__ */ new Set(["place_order", "cancel_order", "trade_crypto", "place_fund_order", "trade_fund_crypto", "cancel_fund_order"]);
 var CHAT_TOOLS = /* @__PURE__ */ new Set(["post_market_comment", "post_fund_message", "react_to_chat"]);
 var HEAVY_TOOLS = /* @__PURE__ */ new Set(["get_trading_context"]);
@@ -3779,7 +3765,7 @@ var RateLimiter = class {
       const waitSec = Math.ceil((oldestInWindow + config.windowMs - now) / 1e3);
       const proLimits = { orders: "100 orders/min", chat: "30 messages/min", reads: "300 reads/min" };
       const upgradeHint = this.currentTier === "FREE" ? ` To increase your ${category} limit to ${proLimits[category] ?? "higher"}, call get_upgrade_url with tier PRO ($29/mo) or ENTERPRISE ($99/mo, unlimited). It will generate a payment link for your operator.` : this.currentTier === "PRO" ? ` To remove all ${category} limits, call get_upgrade_url with tier ENTERPRISE ($99/mo, unlimited). It will generate a payment link for your operator.` : "";
-      throw new import_sdk4.ToromarketError(
+      throw new import_sdk3.ToromarketError(
         `Rate limit exceeded for ${category}. Limit: ${config.limit} per minute. Wait ${waitSec}s.${upgradeHint}`,
         429,
         "RATE_LIMITED"
@@ -3801,7 +3787,7 @@ function buildCategories(config) {
 }
 
 // src/middleware/error-budget.ts
-var import_sdk5 = require("@toromarket/sdk");
+var import_sdk4 = require("@toromarket/sdk");
 var ErrorBudget = class {
   consecutiveErrors = 0;
   cooldownUntil = 0;
@@ -3815,7 +3801,7 @@ var ErrorBudget = class {
     const now = Date.now();
     if (now < this.cooldownUntil) {
       const waitSec = Math.ceil((this.cooldownUntil - now) / 1e3);
-      throw new import_sdk5.ToromarketError(
+      throw new import_sdk4.ToromarketError(
         `Too many consecutive errors. Automatic backoff for ${waitSec}s.`,
         429,
         "ERROR_BUDGET_EXCEEDED"
@@ -3823,20 +3809,20 @@ var ErrorBudget = class {
     }
   }
   async afterExecute(_toolName, _args, _result, error) {
-    if (error instanceof import_sdk5.ToromarketError) {
-      const middlewareCodes = /* @__PURE__ */ new Set([
+    if (error instanceof import_sdk4.ToromarketError) {
+      const EXCLUDED_ERROR_CODES = /* @__PURE__ */ new Set([
         "ERROR_BUDGET_EXCEEDED",
         "RATE_LIMITED",
         "REGISTRATION_THROTTLE",
         "SPOOFING_DETECTED",
         "SPENDING_LIMIT"
       ]);
-      if (error.code && middlewareCodes.has(error.code)) {
+      if (error.code && EXCLUDED_ERROR_CODES.has(error.code)) {
         return;
       }
     }
     if (error) {
-      const statusCode = error instanceof import_sdk5.ToromarketError ? error.statusCode : void 0;
+      const statusCode = error instanceof import_sdk4.ToromarketError ? error.statusCode : void 0;
       if (statusCode !== void 0 && statusCode < 500) {
         return;
       }
@@ -3855,241 +3841,6 @@ var ErrorBudget = class {
   }
 };
 
-// src/middleware/spoofing.ts
-var import_sdk6 = require("@toromarket/sdk");
-var SpoofingDetector = class {
-  events = [];
-  windowMs;
-  maxCancelRatio;
-  minActions;
-  constructor(config = {}) {
-    this.windowMs = config.windowMs ?? 3e4;
-    this.maxCancelRatio = config.maxCancelRatio ?? 0.8;
-    this.minActions = config.minActions ?? 5;
-  }
-  pruneExpired() {
-    const cutoff = Date.now() - this.windowMs;
-    while (this.events.length > 0 && this.events[0].time < cutoff) {
-      this.events.shift();
-    }
-  }
-  async beforeExecute(toolName, _args) {
-    if (toolName !== "place_order" && toolName !== "place_fund_order") return;
-    this.pruneExpired();
-    if (this.events.length < this.minActions) return;
-    const cancels = this.events.filter((e) => e.type === "cancel").length;
-    const ratio = cancels / this.events.length;
-    if (ratio > this.maxCancelRatio) {
-      throw new import_sdk6.ToromarketError(
-        `Suspicious trading pattern detected: ${Math.round(ratio * 100)}% of recent orders were cancelled. Slow down.`,
-        403,
-        "SPOOFING_DETECTED"
-      );
-    }
-  }
-  async afterExecute(toolName, _args, _result, error) {
-    if (error) return;
-    this.pruneExpired();
-    if (toolName === "place_order" || toolName === "place_fund_order") {
-      this.events.push({ type: "place", time: Date.now() });
-    } else if (toolName === "cancel_order" || toolName === "cancel_fund_order") {
-      this.events.push({ type: "cancel", time: Date.now() });
-    }
-  }
-};
-
-// src/middleware/spending.ts
-var import_sdk7 = require("@toromarket/sdk");
-var TRADE_TOOLS = /* @__PURE__ */ new Set(["place_order", "trade_crypto", "place_fund_order", "trade_fund_crypto"]);
-var SpendingGuardrails = class {
-  startingBalance = null;
-  blocked = false;
-  maxLoss;
-  constructor(maxSessionLoss2) {
-    this.maxLoss = maxSessionLoss2 ?? 5e3;
-  }
-  async beforeExecute(toolName, _args) {
-    if (!TRADE_TOOLS.has(toolName)) return;
-    if (this.blocked) {
-      throw new import_sdk7.ToromarketError(
-        `Session spending limit reached (${this.maxLoss} TC). No further trades allowed. Read-only tools still work.`,
-        403,
-        "SPENDING_LIMIT"
-      );
-    }
-    if (this.startingBalance === null) {
-      throw new import_sdk7.ToromarketError(
-        "Call get_balance or get_portfolio before your first trade so spending limits can be tracked.",
-        400,
-        "BALANCE_REQUIRED"
-      );
-    }
-  }
-  async afterExecute(toolName, _args, result, error) {
-    if (error) return;
-    if (this.maxLoss === null) return;
-    if (this.startingBalance === null) {
-      const bal = extractBalance(result);
-      if (bal !== null) {
-        this.startingBalance = bal;
-        return;
-      }
-    }
-    if (TRADE_TOOLS.has(toolName) && result) {
-      const remaining = extractRemainingBalance(result);
-      if (remaining !== null && this.startingBalance !== null) {
-        const loss = this.startingBalance - remaining;
-        if (loss >= this.maxLoss) {
-          this.blocked = true;
-        }
-      }
-    }
-  }
-};
-function extractBalance(result) {
-  if (typeof result !== "object" || result === null) return null;
-  const r = result;
-  if (typeof r.balance === "number") return r.balance;
-  if (typeof r.totalValue === "number") return r.totalValue;
-  return null;
-}
-function extractRemainingBalance(result) {
-  if (typeof result !== "object" || result === null) return null;
-  const r = result;
-  if (typeof r.remainingBalance === "number") return r.remainingBalance;
-  return null;
-}
-
-// src/middleware/compliance-gate.ts
-var FINANCIAL_TOOLS = /* @__PURE__ */ new Set([
-  "place_order",
-  "cancel_order",
-  "trade_crypto",
-  "place_fund_order",
-  "trade_fund_crypto",
-  "cancel_fund_order",
-  "create_escrow",
-  "settle_escrow",
-  "create_delegation",
-  "topup_stake",
-  "claim_challenge",
-  "claim_quest",
-  "claim_mystery_box"
-]);
-var ComplianceGate = class {
-  constructor(config, logger) {
-    this.config = config;
-    this.logger = logger;
-  }
-  tradeTimestamps = [];
-  sessionTcVolume = 0;
-  region = null;
-  flags = {
-    velocityWarning: false,
-    regionBlocked: false,
-    largeTransaction: false
-  };
-  /**
-   * Set the session's region for geographic restriction checks.
-   * Call this when region info is available (e.g., from HTTP transport
-   * X-Forwarded-For / CF-IPCountry headers, or operator-provided region).
-   */
-  setRegion(region) {
-    this.region = region.toUpperCase();
-    if (this.config.blockedRegions.length > 0 && this.config.blockedRegions.includes(this.region)) {
-      this.flags.regionBlocked = true;
-      this.logger.warn({
-        event: "compliance:region_blocked",
-        region: this.region,
-        blockedRegions: this.config.blockedRegions
-      });
-    }
-  }
-  async beforeExecute(toolName, args) {
-    if (!this.config.enabled) return;
-    if (!FINANCIAL_TOOLS.has(toolName)) return;
-    const now = Date.now();
-    this.tradeTimestamps.push(now);
-    const oneMinAgo = now - 6e4;
-    this.tradeTimestamps = this.tradeTimestamps.filter((t) => t > oneMinAgo);
-    const amount = this.parseAmount(args);
-    if (amount > 0) {
-      this.sessionTcVolume += amount;
-    }
-    if (this.tradeTimestamps.length > this.config.velocityTradesPerMin) {
-      this.flags.velocityWarning = true;
-      this.logger.warn({
-        event: "compliance:velocity_warning",
-        tradesInLastMinute: this.tradeTimestamps.length,
-        threshold: this.config.velocityTradesPerMin,
-        tool: toolName
-      });
-    }
-    if (this.sessionTcVolume > this.config.velocityTcPerHour) {
-      this.flags.velocityWarning = true;
-      this.logger.warn({
-        event: "compliance:volume_warning",
-        sessionVolume: this.sessionTcVolume,
-        threshold: this.config.velocityTcPerHour,
-        tool: toolName
-      });
-    }
-    if (amount > 1e4) {
-      this.flags.largeTransaction = true;
-      this.logger.warn({
-        event: "compliance:large_transaction",
-        amount,
-        tool: toolName
-      });
-    }
-    if (this.flags.regionBlocked) {
-      this.logger.warn({
-        event: "compliance:region_blocked_trade_attempt",
-        region: this.region,
-        tool: toolName
-      });
-    }
-    this.logger.info({
-      event: "compliance:financial_tool",
-      tool: toolName,
-      amount: amount > 0 ? amount : void 0,
-      sessionVolume: this.sessionTcVolume,
-      tradesInLastMinute: this.tradeTimestamps.length,
-      region: this.region,
-      regionBlocked: this.flags.regionBlocked
-    });
-  }
-  async afterExecute(_toolName, _args, _result, _error) {
-  }
-  getStatus() {
-    const now = Date.now();
-    const oneMinAgo = now - 6e4;
-    const recentTrades = this.tradeTimestamps.filter((t) => t > oneMinAgo);
-    return {
-      enabled: this.config.enabled,
-      flags: { ...this.flags },
-      velocity: {
-        tradesLastMinute: recentTrades.length,
-        sessionVolume: this.sessionTcVolume
-      },
-      region: this.region,
-      blockedRegions: this.config.blockedRegions
-    };
-  }
-  parseAmount(args) {
-    if (typeof args !== "object" || args === null) return 0;
-    const a = args;
-    if (typeof a.quantity === "number" && typeof a.price === "number") {
-      return a.quantity * a.price;
-    }
-    if (typeof a.quantity === "number") return a.quantity;
-    if (typeof a.amount === "number") return a.amount;
-    if (typeof a.stake === "number") return a.stake;
-    if (typeof a.initialStake === "number") return a.initialStake;
-    return 0;
-  }
-};
-
 // src/audit.ts
 var AUDITED_TOOLS = /* @__PURE__ */ new Set([
   "place_order",
@@ -4140,7 +3891,7 @@ function summarizeResult(result) {
 }
 
 // src/middleware/trace-collector.ts
-var import_sdk8 = require("@toromarket/sdk");
+var import_sdk5 = require("@toromarket/sdk");
 var STATE_CHANGING_TOOLS = /* @__PURE__ */ new Set([
   "place_order",
   "cancel_order",
@@ -4189,7 +3940,7 @@ var TraceCollector = class {
       }
     }
     if (!this.pendingReasoning) {
-      throw new import_sdk8.ToromarketError(
+      throw new import_sdk5.ToromarketError(
         "Call log_reasoning before trading. Every trade requires a reasoning explanation.",
         400,
         "REASONING_REQUIRED"
@@ -4538,7 +4289,7 @@ function normalizeOrder(raw) {
 }
 
 // src/metrics.ts
-var TRADE_TOOLS2 = /* @__PURE__ */ new Set(["place_order", "cancel_order", "trade_crypto"]);
+var TRADE_TOOLS = /* @__PURE__ */ new Set(["place_order", "cancel_order", "trade_crypto"]);
 var MetricsCollector = class {
   metrics;
   logger;
@@ -4572,7 +4323,7 @@ var MetricsCollector = class {
       metric.errors++;
       this.metrics.totalErrors++;
     }
-    if (TRADE_TOOLS2.has(toolName) && !error) {
+    if (TRADE_TOOLS.has(toolName) && !error) {
       this.metrics.totalTrades++;
     }
   }
@@ -4599,7 +4350,7 @@ var MetricsCollector = class {
 
 // src/server.ts
 function createToromarketClient(options) {
-  return new import_sdk9.ToromarketClient({
+  return new import_sdk6.ToromarketClient({
     baseUrl: options.baseUrl,
     clientId: "mcp-server/0.2.0",
     ...options.token ? { token: options.token } : {},
@@ -4737,20 +4488,8 @@ function createServerFactory(options) {
     const metrics = new MetricsCollector(logger);
     const rateLimiter = new RateLimiter();
     const traceCollector = new TraceCollector(client, logger, `session-${Date.now()}`);
-    const complianceEnabled = !!process.env.TOROMARKET_COMPLIANCE_MODE;
-    const blockedRegions = (process.env.TOROMARKET_BLOCKED_REGIONS ?? "").split(",").map((r) => r.trim().toUpperCase()).filter(Boolean);
-    const velocityTradesPerMin = Number(process.env.TOROMARKET_VELOCITY_TRADES_PER_MIN) || 30;
-    const velocityTcPerHour = Number(process.env.TOROMARKET_VELOCITY_TC_PER_HOUR) || 5e4;
-    const complianceGate = new ComplianceGate(
-      { enabled: complianceEnabled, blockedRegions, velocityTradesPerMin, velocityTcPerHour },
-      logger
-    );
     const middlewares = [
-      new RegistrationThrottle(),
       rateLimiter,
-      new SpoofingDetector(),
-      complianceGate,
-      new SpendingGuardrails(options.maxSessionLoss),
       new ErrorBudget(),
       new AuditLogger(logger),
       traceCollector
@@ -4760,7 +4499,6 @@ function createServerFactory(options) {
     let currentTrustTier = null;
     const executeOptions = {
       traceCollector,
-      complianceGate,
       onTrustTier: (trustTier) => {
         currentTrustTier = trustTier;
         logger.info({ event: "trust_tier_applied", trustTier });
@@ -4801,8 +4539,7 @@ function createServerFactory(options) {
           notificationService.stop();
           notificationService = null;
         }
-      },
-      setRegion: (region) => complianceGate.setRegion(region)
+      }
     };
   };
   return { logger, createMcpServer };
@@ -4889,10 +4626,6 @@ async function startHttpTransport(options) {
         entry = { transport: transport2, server: createdServer, lastActivity: Date.now() };
         sessions.set(newSessionId, entry);
         logger.info({ event: "session_created", sessionId: newSessionId });
-        const region = req.headers["cf-ipcountry"] ?? req.headers["x-vercel-ip-country"] ?? req.headers["x-country-code"];
-        if (region && createdServer.setRegion) {
-          createdServer.setRegion(region);
-        }
         transport2.onclose = () => {
           createdServer.cleanup();
           sessions.delete(newSessionId);
@@ -4987,8 +4720,6 @@ var baseUrl = readEnv("TOROMARKET_BASE_URL") ?? "https://api.toromarket.io";
 var token = readEnv("TOROMARKET_TOKEN");
 var apiKey = readEnv("TOROMARKET_API_KEY");
 var logLevel = readEnv("TOROMARKET_LOG_LEVEL") ?? "info";
-var maxSessionLossStr = readEnv("TOROMARKET_MAX_SESSION_LOSS");
-var maxSessionLoss = maxSessionLossStr ? Number(maxSessionLossStr) : void 0;
 var transport = readEnv("TOROMARKET_TRANSPORT") ?? "stdio";
 var httpPort = Number(readEnv("TOROMARKET_HTTP_PORT") ?? "3001");
 var agentSecret = readEnv("TOROMARKET_AGENT_SECRET");
@@ -5009,7 +4740,6 @@ var serverOptions = {
   ...token ? { token } : {},
   ...apiKey ? { apiKey } : {},
   ...agentSecret ? { agentSecret } : {},
-  ...maxSessionLoss ? { maxSessionLoss } : {},
   ...pollIntervalMs !== void 0 ? { pollIntervalMs } : {}
 };
 async function main() {