@true402.dev/mcp-server 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +1 -1
- package/dist/x402-pay.d.ts +10 -0
- package/dist/x402-pay.js +62 -0
- package/package.json +4 -2
package/dist/index.js
CHANGED
|
@@ -22,7 +22,7 @@ const SERVER_URL = process.env.SERVER_URL ?? "https://true402.dev/api";
|
|
|
22
22
|
const WALLET_PRIVATE_KEY = process.env.WALLET_PRIVATE_KEY;
|
|
23
23
|
const server = new McpServer({
|
|
24
24
|
name: "true402",
|
|
25
|
-
version: "0.
|
|
25
|
+
version: "0.6.0",
|
|
26
26
|
});
|
|
27
27
|
// Start server with stdio transport
|
|
28
28
|
async function main() {
|
package/dist/x402-pay.d.ts
CHANGED
|
@@ -47,6 +47,16 @@ export interface EVMPaymentRequirement {
|
|
|
47
47
|
version?: string;
|
|
48
48
|
};
|
|
49
49
|
}
|
|
50
|
+
/**
|
|
51
|
+
* Guard a 402 requirement BEFORE signing: a hostile/buggy server must not make the wallet sign a
|
|
52
|
+
* draining amount or an off-spec asset. Returns a refusal string, or null if the payment is allowed.
|
|
53
|
+
* - amount must be ≤ `maxUsdc` (the client-side spend ceiling, MAX_PAYMENT_USDC).
|
|
54
|
+
* - asset must be the canonical USDC on a supported chain (no arbitrary token/verifyingContract).
|
|
55
|
+
*/
|
|
56
|
+
export declare function assessRequirement(req: EVMPaymentRequirement, maxUsdc: number): string | null;
|
|
57
|
+
/** Refuse to send a signed payment over cleartext (the X-PAYMENT header would be interceptable).
|
|
58
|
+
* Returns a refusal string, or null if the URL is https (or localhost for dev). */
|
|
59
|
+
export declare function requireSecureUrl(url: string): string | null;
|
|
50
60
|
/**
|
|
51
61
|
* Sign an EIP-3009 TransferWithAuthorization and return the x402 payment
|
|
52
62
|
* payload. The EIP-712 domain is derived from the requirement (network +
|
package/dist/x402-pay.js
CHANGED
|
@@ -65,6 +65,57 @@ function resolveChainId(network) {
|
|
|
65
65
|
}
|
|
66
66
|
}
|
|
67
67
|
}
|
|
68
|
+
// Canonical USDC per chain — the ONLY token/chain this client will ever sign a payment for, so a
|
|
69
|
+
// hostile or buggy server cannot redirect the wallet's signature to an arbitrary token/chain.
|
|
70
|
+
const USDC_BY_CHAIN = {
|
|
71
|
+
8453: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", // Base mainnet
|
|
72
|
+
84532: "0x036CbD53842c5426634e7929541eC2318f3dCF7e", // Base Sepolia
|
|
73
|
+
1: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48", // Ethereum mainnet
|
|
74
|
+
};
|
|
75
|
+
/**
|
|
76
|
+
* Guard a 402 requirement BEFORE signing: a hostile/buggy server must not make the wallet sign a
|
|
77
|
+
* draining amount or an off-spec asset. Returns a refusal string, or null if the payment is allowed.
|
|
78
|
+
* - amount must be ≤ `maxUsdc` (the client-side spend ceiling, MAX_PAYMENT_USDC).
|
|
79
|
+
* - asset must be the canonical USDC on a supported chain (no arbitrary token/verifyingContract).
|
|
80
|
+
*/
|
|
81
|
+
export function assessRequirement(req, maxUsdc) {
|
|
82
|
+
const raw = req.amount ?? req.maxAmountRequired;
|
|
83
|
+
if (raw === undefined)
|
|
84
|
+
return "the 402 has no amount; refusing to sign.";
|
|
85
|
+
let amountUsdc;
|
|
86
|
+
try {
|
|
87
|
+
amountUsdc = Number(BigInt(raw)) / 1e6; // USDC has 6 decimals
|
|
88
|
+
}
|
|
89
|
+
catch {
|
|
90
|
+
return "the 402 amount is unparseable; refusing to sign.";
|
|
91
|
+
}
|
|
92
|
+
if (!Number.isFinite(amountUsdc) || amountUsdc < 0)
|
|
93
|
+
return "the 402 amount is invalid; refusing to sign.";
|
|
94
|
+
if (Number.isFinite(maxUsdc) && amountUsdc > maxUsdc) {
|
|
95
|
+
return `refusing to auto-pay $${amountUsdc} USDC — it exceeds the MAX_PAYMENT_USDC ceiling of $${maxUsdc}. Raise MAX_PAYMENT_USDC if this is intended.`;
|
|
96
|
+
}
|
|
97
|
+
const usdc = USDC_BY_CHAIN[resolveChainId(req.network)];
|
|
98
|
+
if (!usdc || (req.asset ?? "").toLowerCase() !== usdc.toLowerCase()) {
|
|
99
|
+
return "refusing to pay: the 402's asset/network is not canonical USDC on a supported Base network.";
|
|
100
|
+
}
|
|
101
|
+
return null;
|
|
102
|
+
}
|
|
103
|
+
/** Refuse to send a signed payment over cleartext (the X-PAYMENT header would be interceptable).
|
|
104
|
+
* Returns a refusal string, or null if the URL is https (or localhost for dev). */
|
|
105
|
+
export function requireSecureUrl(url) {
|
|
106
|
+
let u;
|
|
107
|
+
try {
|
|
108
|
+
u = new URL(url);
|
|
109
|
+
}
|
|
110
|
+
catch {
|
|
111
|
+
return `invalid SERVER_URL: ${url}`;
|
|
112
|
+
}
|
|
113
|
+
const local = u.hostname === "localhost" || u.hostname === "127.0.0.1" || u.hostname === "::1";
|
|
114
|
+
if (u.protocol !== "https:" && !local) {
|
|
115
|
+
return `refusing to send a signed payment over cleartext (${u.protocol}//${u.hostname}); use an https SERVER_URL (or localhost for dev).`;
|
|
116
|
+
}
|
|
117
|
+
return null;
|
|
118
|
+
}
|
|
68
119
|
/**
|
|
69
120
|
* Sign an EIP-3009 TransferWithAuthorization and return the x402 payment
|
|
70
121
|
* payload. The EIP-712 domain is derived from the requirement (network +
|
|
@@ -150,6 +201,10 @@ export async function signEIP3009Payment(privateKey, requirement) {
|
|
|
150
201
|
*/
|
|
151
202
|
export async function payAndFetch(baseUrl, path, body, walletPrivateKey) {
|
|
152
203
|
const url = `${baseUrl}${path}`;
|
|
204
|
+
// Step 0: never sign/send a payment over cleartext (X-PAYMENT would be interceptable).
|
|
205
|
+
const insecure = requireSecureUrl(url);
|
|
206
|
+
if (insecure)
|
|
207
|
+
return { ok: false, message: insecure };
|
|
153
208
|
// Step 1: first request, no payment header.
|
|
154
209
|
let firstResponse;
|
|
155
210
|
try {
|
|
@@ -210,6 +265,13 @@ export async function payAndFetch(baseUrl, path, body, walletPrivateKey) {
|
|
|
210
265
|
].join("\n"),
|
|
211
266
|
};
|
|
212
267
|
}
|
|
268
|
+
// Spend ceiling + asset/network pin: a hostile server must not make our wallet sign a draining
|
|
269
|
+
// amount or a payment to an arbitrary token/chain. Refuse BEFORE signing.
|
|
270
|
+
const maxUsdc = Number(process.env.MAX_PAYMENT_USDC ?? "0.10");
|
|
271
|
+
const refusal = assessRequirement(evmRequirement, maxUsdc);
|
|
272
|
+
if (refusal) {
|
|
273
|
+
return { ok: false, paymentRequired: true, message: refusal };
|
|
274
|
+
}
|
|
213
275
|
// Step 4: sign the EIP-3009 authorization and base64-encode the payload.
|
|
214
276
|
let xPaymentHeader;
|
|
215
277
|
try {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@true402.dev/mcp-server",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.6.0",
|
|
4
4
|
"mcpName": "dev.true402/mcp-server",
|
|
5
5
|
"description": "MCP server for the true402 machine-native marketplace — pay-per-call AI + web + Base on-chain tools over x402 (USDC on Base): LLM inference, SEO/GEO audit, web extract, link preview, robots/AI-crawler check, security headers, and on-chain DeFi trading signals (token rug/honeypot safety, new token pairs, liquidity-pull/rug alerts, whale swaps).",
|
|
6
6
|
"type": "module",
|
|
@@ -16,6 +16,7 @@
|
|
|
16
16
|
"build": "tsc",
|
|
17
17
|
"start": "node dist/index.js",
|
|
18
18
|
"dev": "tsx src/index.ts",
|
|
19
|
+
"test": "vitest run",
|
|
19
20
|
"prepublishOnly": "npm run build"
|
|
20
21
|
},
|
|
21
22
|
"keywords": [
|
|
@@ -51,7 +52,8 @@
|
|
|
51
52
|
"devDependencies": {
|
|
52
53
|
"@types/node": "^22.0.0",
|
|
53
54
|
"tsx": "^4.19.0",
|
|
54
|
-
"typescript": "^5.7.0"
|
|
55
|
+
"typescript": "^5.7.0",
|
|
56
|
+
"vitest": "^2.1.0"
|
|
55
57
|
},
|
|
56
58
|
"engines": {
|
|
57
59
|
"node": ">=20.0.0"
|