@true402.dev/mcp-server 0.5.0 → 0.7.0

package/dist/index.js

@@ -22,7 +22,7 @@ const SERVER_URL = process.env.SERVER_URL ?? "https://true402.dev/api";
 const WALLET_PRIVATE_KEY = process.env.WALLET_PRIVATE_KEY;
 const server = new McpServer({
     name: "true402",
-    version: "0.5.0",
+    version: "0.7.0",
 });
 // Start server with stdio transport
 async function main() {

package/dist/x402-pay.d.ts

@@ -47,6 +47,22 @@ export interface EVMPaymentRequirement {
         version?: string;
     };
 }
+/**
+ * Guard a 402 requirement BEFORE signing: a hostile/buggy server must not make the wallet sign a
+ * draining amount or an off-spec asset. Returns a refusal string, or null if the payment is allowed.
+ * - amount must be ≤ `maxUsdc` (the client-side spend ceiling, MAX_PAYMENT_USDC).
+ * - asset must be the canonical USDC on a supported chain (no arbitrary token/verifyingContract).
+ */
+export declare function assessRequirement(req: EVMPaymentRequirement, maxUsdc: number): string | null;
+/**
+ * Parse the MAX_PAYMENT_USDC ceiling FAIL-CLOSED: unset → the 0.10 default; a non-numeric or negative
+ * value (e.g. the European comma-decimal "0,10" → NaN) clamps to 0 = refuse ALL auto-pay, never
+ * disables the only wallet-drain guard.
+ */
+export declare function parseMaxUsdc(raw: string | undefined): number;
+/** Refuse to send a signed payment over cleartext (the X-PAYMENT header would be interceptable).
+ *  Returns a refusal string, or null if the URL is https (or localhost for dev). */
+export declare function requireSecureUrl(url: string): string | null;
 /**
  * Sign an EIP-3009 TransferWithAuthorization and return the x402 payment
  * payload. The EIP-712 domain is derived from the requirement (network +

package/dist/x402-pay.js

@@ -65,6 +65,73 @@ function resolveChainId(network) {
         }
     }
 }
+// Canonical USDC per chain — the ONLY token/chain this client will ever sign a payment for, so a
+// hostile or buggy server cannot redirect the wallet's signature to an arbitrary token/chain.
+const USDC_BY_CHAIN = {
+    8453: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", // Base mainnet
+    84532: "0x036CbD53842c5426634e7929541eC2318f3dCF7e", // Base Sepolia
+    1: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48", // Ethereum mainnet
+};
+/**
+ * Guard a 402 requirement BEFORE signing: a hostile/buggy server must not make the wallet sign a
+ * draining amount or an off-spec asset. Returns a refusal string, or null if the payment is allowed.
+ * - amount must be ≤ `maxUsdc` (the client-side spend ceiling, MAX_PAYMENT_USDC).
+ * - asset must be the canonical USDC on a supported chain (no arbitrary token/verifyingContract).
+ */
+export function assessRequirement(req, maxUsdc) {
+    const raw = req.amount ?? req.maxAmountRequired;
+    if (raw === undefined)
+        return "the 402 has no amount; refusing to sign.";
+    let amountUsdc;
+    try {
+        amountUsdc = Number(BigInt(raw)) / 1e6; // USDC has 6 decimals
+    }
+    catch {
+        return "the 402 amount is unparseable; refusing to sign.";
+    }
+    if (!Number.isFinite(amountUsdc) || amountUsdc < 0)
+        return "the 402 amount is invalid; refusing to sign.";
+    // `maxUsdc` is a finite, non-negative invariant (see parseMaxUsdc) — the comparison ALWAYS runs, so
+    // a misconfigured ceiling can never silently disable the cap (maxUsdc=0 refuses everything).
+    if (amountUsdc > maxUsdc) {
+        return `refusing to auto-pay $${amountUsdc} USDC — it exceeds the MAX_PAYMENT_USDC ceiling of $${maxUsdc}. Raise MAX_PAYMENT_USDC if this is intended.`;
+    }
+    const usdc = USDC_BY_CHAIN[resolveChainId(req.network)];
+    if (!usdc || (req.asset ?? "").toLowerCase() !== usdc.toLowerCase()) {
+        return "refusing to pay: the 402's asset/network is not canonical USDC on a supported Base network.";
+    }
+    return null;
+}
+/**
+ * Parse the MAX_PAYMENT_USDC ceiling FAIL-CLOSED: unset → the 0.10 default; a non-numeric or negative
+ * value (e.g. the European comma-decimal "0,10" → NaN) clamps to 0 = refuse ALL auto-pay, never
+ * disables the only wallet-drain guard.
+ */
+export function parseMaxUsdc(raw) {
+    if (raw === undefined)
+        return 0.1;
+    const n = Number(raw);
+    if (Number.isFinite(n) && n >= 0)
+        return n;
+    console.error(`true402 MCP: MAX_PAYMENT_USDC='${raw}' is not a valid number — refusing ALL auto-pay. Set a numeric value like 0.10.`);
+    return 0;
+}
+/** Refuse to send a signed payment over cleartext (the X-PAYMENT header would be interceptable).
+ *  Returns a refusal string, or null if the URL is https (or localhost for dev). */
+export function requireSecureUrl(url) {
+    let u;
+    try {
+        u = new URL(url);
+    }
+    catch {
+        return `invalid SERVER_URL: ${url}`;
+    }
+    const local = u.hostname === "localhost" || u.hostname === "127.0.0.1" || u.hostname === "::1";
+    if (u.protocol !== "https:" && !local) {
+        return `refusing to send a signed payment over cleartext (${u.protocol}//${u.hostname}); use an https SERVER_URL (or localhost for dev).`;
+    }
+    return null;
+}
 /**
  * Sign an EIP-3009 TransferWithAuthorization and return the x402 payment
  * payload. The EIP-712 domain is derived from the requirement (network +
@@ -78,7 +145,14 @@ export async function signEIP3009Payment(privateKey, requirement) {
     const account = privateKeyToAccount(key);
     const now = Math.floor(Date.now() / 1000);
     const validAfter = BigInt(now - 60); // valid 60s in the past (clock skew tolerance)
-    const validBefore = BigInt(now + requirement.maxTimeoutSeconds);
+    // Validate + bound the signed window: maxTimeoutSeconds arrives via JSON and may be a string
+    // (`now + "999"` would string-concat); a hostile 402 must not keep the authorization broadcastable
+    // far into the future. Coerce, reject garbage, cap at 10 minutes.
+    const timeout = Number(requirement.maxTimeoutSeconds);
+    if (!Number.isInteger(timeout) || timeout <= 0) {
+        throw new Error("Payment requirement has an invalid maxTimeoutSeconds");
+    }
+    const validBefore = BigInt(now + Math.min(timeout, 600));
     // Generate a random nonce (bytes32)
     const randomBytes = new Uint8Array(32);
     crypto.getRandomValues(randomBytes);
@@ -150,6 +224,10 @@ export async function signEIP3009Payment(privateKey, requirement) {
  */
 export async function payAndFetch(baseUrl, path, body, walletPrivateKey) {
     const url = `${baseUrl}${path}`;
+    // Step 0: never sign/send a payment over cleartext (X-PAYMENT would be interceptable).
+    const insecure = requireSecureUrl(url);
+    if (insecure)
+        return { ok: false, message: insecure };
     // Step 1: first request, no payment header.
     let firstResponse;
     try {
@@ -210,6 +288,13 @@ export async function payAndFetch(baseUrl, path, body, walletPrivateKey) {
             ].join("\n"),
         };
     }
+    // Spend ceiling + asset/network pin: a hostile server must not make our wallet sign a draining
+    // amount or a payment to an arbitrary token/chain. Refuse BEFORE signing.
+    const maxUsdc = parseMaxUsdc(process.env.MAX_PAYMENT_USDC);
+    const refusal = assessRequirement(evmRequirement, maxUsdc);
+    if (refusal) {
+        return { ok: false, paymentRequired: true, message: refusal };
+    }
     // Step 4: sign the EIP-3009 authorization and base64-encode the payload.
     let xPaymentHeader;
     try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@true402.dev/mcp-server",
-  "version": "0.5.0",
+  "version": "0.7.0",
   "mcpName": "dev.true402/mcp-server",
   "description": "MCP server for the true402 machine-native marketplace — pay-per-call AI + web + Base on-chain tools over x402 (USDC on Base): LLM inference, SEO/GEO audit, web extract, link preview, robots/AI-crawler check, security headers, and on-chain DeFi trading signals (token rug/honeypot safety, new token pairs, liquidity-pull/rug alerts, whale swaps).",
   "type": "module",
@@ -16,6 +16,7 @@
     "build": "tsc",
     "start": "node dist/index.js",
     "dev": "tsx src/index.ts",
+    "test": "vitest run",
     "prepublishOnly": "npm run build"
   },
   "keywords": [
@@ -51,7 +52,8 @@
   "devDependencies": {
     "@types/node": "^22.0.0",
     "tsx": "^4.19.0",
-    "typescript": "^5.7.0"
+    "typescript": "^5.7.0",
+    "vitest": "^2.1.0"
   },
   "engines": {
     "node": ">=20.0.0"