npm - @valeo-mcp/server - Versions diffs - 1.0.0 - Mend

@valeo-mcp/server 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,1216 @@
+// src/config.ts
+import bs58 from "bs58";
+function loadConfig() {
+  const privateKey = process.env.VALEO_PRIVATE_KEY;
+  if (!privateKey) {
+    throw new Error(
+      "VALEO_PRIVATE_KEY is required.\n  For Base/EVM: set a 0x-prefixed hex private key (66 chars)\n  For Solana: set a base58-encoded secret key\n  Example: VALEO_PRIVATE_KEY=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"
+    );
+  }
+  const chain = process.env.VALEO_CHAIN || "base";
+  const validChains = ["base", "base-sepolia", "solana", "solana-devnet"];
+  if (!validChains.includes(chain)) {
+    throw new Error(`VALEO_CHAIN must be one of: ${validChains.join(", ")}. Got: "${chain}"`);
+  }
+  if (chain.startsWith("base")) {
+    if (!privateKey.startsWith("0x") || privateKey.length !== 66) {
+      throw new Error(
+        `EVM private key must start with 0x and be 66 characters. Got ${privateKey.length} chars.`
+      );
+    }
+  } else {
+    try {
+      const decoded = bs58.decode(privateKey);
+      if (decoded.length !== 64) {
+        throw new Error(`Solana secret key must decode to 64 bytes. Got ${decoded.length}.`);
+      }
+    } catch (e) {
+      const err = e instanceof Error ? e : new Error(String(e));
+      throw new Error(`Invalid Solana private key (base58 decode failed): ${err.message}`);
+    }
+  }
+  return {
+    privateKey,
+    chain,
+    aceApiKey: process.env.VALEO_ACE_API_KEY || void 0,
+    aceBaseUrl: process.env.VALEO_ACE_BASE_URL || "https://api.agentcreditengine.com",
+    sentinelApiKey: process.env.VALEO_SENTINEL_API_KEY || void 0,
+    sentinelBaseUrl: process.env.VALEO_SENTINEL_BASE_URL || "https://sentinel.valeocash.com",
+    four02mdBaseUrl: process.env.VALEO_402MD_BASE_URL || "https://402md.valeoprotocol.io",
+    facilitatorUrl: process.env.VALEO_FACILITATOR_URL || "https://x402.org/facilitator",
+    defaultMaxPerCall: parseFloat(process.env.VALEO_MAX_PER_CALL || "1.00"),
+    defaultDailyLimit: parseFloat(process.env.VALEO_DAILY_LIMIT || "50.00"),
+    defaultSessionLimit: parseFloat(process.env.VALEO_SESSION_LIMIT || "10.00")
+  };
+}
+// src/budget/manager.ts
+var BudgetManager = class {
+  config;
+  sessionSpent = 0;
+  dailySpent = 0;
+  dailyResetAt;
+  constructor(valeoConfig) {
+    this.config = {
+      maxPerCall: valeoConfig.defaultMaxPerCall,
+      dailyLimit: valeoConfig.defaultDailyLimit,
+      sessionLimit: valeoConfig.defaultSessionLimit,
+      blockedEndpoints: [],
+      allowedEndpoints: []
+    };
+    this.dailyResetAt = this.getNextMidnightUTC();
+  }
+  getNextMidnightUTC() {
+    const now = /* @__PURE__ */ new Date();
+    const tomorrow = new Date(Date.UTC(now.getUTCFullYear(), now.getUTCMonth(), now.getUTCDate() + 1));
+    return tomorrow.getTime();
+  }
+  checkDailyReset() {
+    if (Date.now() >= this.dailyResetAt) {
+      this.dailySpent = 0;
+      this.dailyResetAt = this.getNextMidnightUTC();
+    }
+  }
+  canSpend(amount, endpoint) {
+    this.checkDailyReset();
+    if (this.config.allowedEndpoints.length > 0) {
+      const allowed = this.config.allowedEndpoints.some((pattern) => this.matchWildcard(endpoint, pattern));
+      if (!allowed) {
+        return {
+          allowed: false,
+          reason: `Endpoint "${endpoint}" is not in the allowlist. Use set_budget to update allowed_endpoints.`
+        };
+      }
+    }
+    if (this.config.allowedEndpoints.length === 0 && this.config.blockedEndpoints.length > 0) {
+      const blocked = this.config.blockedEndpoints.some((pattern) => this.matchWildcard(endpoint, pattern));
+      if (blocked) {
+        return {
+          allowed: false,
+          reason: `Endpoint "${endpoint}" is blocked. Use set_budget to update blocked_endpoints.`
+        };
+      }
+    }
+    if (amount > this.config.maxPerCall) {
+      return {
+        allowed: false,
+        reason: `Call costs $${amount.toFixed(4)} but max_per_call is $${this.config.maxPerCall.toFixed(2)}. Use set_budget to increase.`
+      };
+    }
+    if (this.sessionSpent + amount > this.config.sessionLimit) {
+      return {
+        allowed: false,
+        reason: `Session limit reached. Spent $${this.sessionSpent.toFixed(4)} of $${this.config.sessionLimit.toFixed(2)}. Use set_budget to increase session_limit.`
+      };
+    }
+    if (this.dailySpent + amount > this.config.dailyLimit) {
+      return {
+        allowed: false,
+        reason: `Daily limit reached. Spent $${this.dailySpent.toFixed(4)} of $${this.config.dailyLimit.toFixed(2)} today. Use set_budget to increase daily_limit.`
+      };
+    }
+    return { allowed: true };
+  }
+  recordSpend(amount) {
+    this.checkDailyReset();
+    this.sessionSpent += amount;
+    this.dailySpent += amount;
+  }
+  getStatus() {
+    this.checkDailyReset();
+    return {
+      config: { ...this.config },
+      spending: {
+        session: this.sessionSpent,
+        today: this.dailySpent,
+        remainingSession: Math.max(0, this.config.sessionLimit - this.sessionSpent),
+        remainingDaily: Math.max(0, this.config.dailyLimit - this.dailySpent)
+      }
+    };
+  }
+  updateConfig(updates) {
+    if (updates.maxPerCall !== void 0) this.config.maxPerCall = updates.maxPerCall;
+    if (updates.dailyLimit !== void 0) this.config.dailyLimit = updates.dailyLimit;
+    if (updates.sessionLimit !== void 0) this.config.sessionLimit = updates.sessionLimit;
+    if (updates.blockedEndpoints !== void 0) this.config.blockedEndpoints = updates.blockedEndpoints;
+    if (updates.allowedEndpoints !== void 0) this.config.allowedEndpoints = updates.allowedEndpoints;
+  }
+  matchWildcard(value, pattern) {
+    const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+    return new RegExp(`^${escaped}$`, "i").test(value);
+  }
+};
+// src/receipts/store.ts
+import { randomUUID } from "crypto";
+var ReceiptStore = class {
+  receipts = [];
+  add(data) {
+    const receipt = {
+      ...data,
+      id: randomUUID(),
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    this.receipts.push(receipt);
+    return receipt;
+  }
+  getAll(options) {
+    let results = [...this.receipts];
+    if (options?.since) {
+      const sinceTime = new Date(options.since).getTime();
+      results = results.filter((r) => new Date(r.timestamp).getTime() >= sinceTime);
+    }
+    if (options?.endpoint) {
+      const ep = options.endpoint.toLowerCase();
+      results = results.filter((r) => r.endpoint.toLowerCase().includes(ep));
+    }
+    results.sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime());
+    if (options?.limit) {
+      results = results.slice(0, options.limit);
+    }
+    return results;
+  }
+  getTotalSpent() {
+    return this.receipts.filter((r) => r.status === "settled").reduce((sum, r) => sum + r.amount, 0);
+  }
+  getTotalSpentToday() {
+    const startOfDayUTC = /* @__PURE__ */ new Date();
+    startOfDayUTC.setUTCHours(0, 0, 0, 0);
+    const startMs = startOfDayUTC.getTime();
+    return this.receipts.filter((r) => r.status === "settled" && new Date(r.timestamp).getTime() >= startMs).reduce((sum, r) => sum + r.amount, 0);
+  }
+};
+// src/clients/x402-base.ts
+import { wrapFetchWithPayment } from "x402-fetch";
+import { createWalletClient, createPublicClient, http, parseAbi } from "viem";
+import { privateKeyToAccount } from "viem/accounts";
+import { base, baseSepolia } from "viem/chains";
+var ERC20_BALANCE_ABI = parseAbi(["function balanceOf(address owner) view returns (uint256)"]);
+var USDC_ADDRESSES = {
+  base: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+  "base-sepolia": "0x036CbD53842c5426634e7929541eC2318f3dCF7e"
+};
+var X402BaseClient = class {
+  walletClient;
+  publicClient;
+  walletAddress;
+  chainName;
+  constructor(privateKey, chain) {
+    this.chainName = chain;
+    const chainConfig = chain === "base" ? base : baseSepolia;
+    const account = privateKeyToAccount(privateKey);
+    this.walletAddress = account.address;
+    this.walletClient = createWalletClient({
+      account,
+      chain: chainConfig,
+      transport: http()
+    });
+    this.publicClient = createPublicClient({
+      chain: chainConfig,
+      transport: http()
+    });
+  }
+  createPaidFetch(maxUsd) {
+    const maxValue = maxUsd !== void 0 ? BigInt(Math.round(maxUsd * 1e6)) : void 0;
+    return wrapFetchWithPayment(globalThis.fetch, this.walletClient, maxValue);
+  }
+  async getUsdcBalance() {
+    const usdcAddress = USDC_ADDRESSES[this.chainName];
+    const balance = await this.publicClient.readContract({
+      address: usdcAddress,
+      abi: ERC20_BALANCE_ABI,
+      functionName: "balanceOf",
+      args: [this.walletAddress]
+    });
+    return (Number(balance) / 1e6).toFixed(6);
+  }
+  async getEthBalance() {
+    const balance = await this.publicClient.getBalance({
+      address: this.walletAddress
+    });
+    return (Number(balance) / 1e18).toFixed(6);
+  }
+  getAddress() {
+    return this.walletAddress;
+  }
+  getChain() {
+    return this.chainName;
+  }
+};
+// src/clients/x402-solana.ts
+import { createX402Client } from "x402-solana";
+import { Connection, Keypair, PublicKey } from "@solana/web3.js";
+import { getAssociatedTokenAddress, getAccount } from "@solana/spl-token";
+import bs582 from "bs58";
+var USDC_MINTS = {
+  solana: new PublicKey("EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"),
+  "solana-devnet": new PublicKey("4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU")
+};
+var X402SolanaClient = class {
+  keypair;
+  connection;
+  network;
+  constructor(privateKeyBase58, chain, rpcUrl) {
+    this.keypair = Keypair.fromSecretKey(bs582.decode(privateKeyBase58));
+    this.network = chain;
+    const defaultRpc = chain === "solana" ? "https://api.mainnet-beta.solana.com" : "https://api.devnet.solana.com";
+    this.connection = new Connection(rpcUrl || defaultRpc);
+  }
+  createPaidFetch(maxUsd) {
+    const amount = maxUsd !== void 0 ? BigInt(Math.round(maxUsd * 1e6)) : BigInt(0);
+    const client = createX402Client({
+      wallet: {
+        address: this.keypair.publicKey.toBase58(),
+        signTransaction: async (tx) => {
+          tx.sign([this.keypair]);
+          return tx;
+        }
+      },
+      network: this.network,
+      amount
+    });
+    const inner = client.fetch.bind(client);
+    return ((input, init) => inner(input, {
+      ...init,
+      signal: init?.signal ?? AbortSignal.timeout(15e3)
+    }));
+  }
+  async getUsdcBalance() {
+    const mint = USDC_MINTS[this.network];
+    try {
+      const ata = await getAssociatedTokenAddress(mint, this.keypair.publicKey);
+      const account = await getAccount(this.connection, ata);
+      return (Number(account.amount) / 1e6).toFixed(6);
+    } catch {
+      return "0.000000";
+    }
+  }
+  async getSolBalance() {
+    const balance = await this.connection.getBalance(this.keypair.publicKey);
+    return (balance / 1e9).toFixed(4);
+  }
+  getAddress() {
+    return this.keypair.publicKey.toBase58();
+  }
+  getChain() {
+    return this.network;
+  }
+};
+// src/clients/ace.ts
+var ACEClient = class {
+  baseUrl;
+  apiKey;
+  constructor(baseUrl, apiKey) {
+    this.baseUrl = baseUrl.replace(/\/$/, "");
+    this.apiKey = apiKey;
+  }
+  async request(method, path, body) {
+    const response = await fetch(`${this.baseUrl}${path}`, {
+      method,
+      headers: {
+        Authorization: `Bearer ${this.apiKey}`,
+        "Content-Type": "application/json"
+      },
+      body: body ? JSON.stringify(body) : void 0,
+      signal: AbortSignal.timeout(15e3)
+    });
+    const text = await response.text();
+    let data;
+    try {
+      data = JSON.parse(text);
+    } catch {
+      data = { raw: text };
+    }
+    if (!response.ok) {
+      const rec = data;
+      const msg = rec?.message ?? rec?.error ?? response.statusText;
+      throw new Error(`ACE API error (${response.status}): ${String(msg)}`);
+    }
+    return data;
+  }
+  async requestCredit(amount, walletAddress, purpose) {
+    return this.request("POST", "/api/v1/credit/request", {
+      amount,
+      walletAddress,
+      purpose
+    });
+  }
+  async repayLoan(loanId, amount) {
+    return this.request("POST", `/api/v1/loans/${encodeURIComponent(loanId)}/repay`, {
+      ...amount !== void 0 ? { amount } : {}
+    });
+  }
+  async getLoans() {
+    return this.request("GET", "/api/v1/loans");
+  }
+};
+// src/clients/sentinel.ts
+var SentinelClient = class {
+  baseUrl;
+  apiKey;
+  constructor(baseUrl, apiKey) {
+    this.baseUrl = baseUrl.replace(/\/$/, "");
+    this.apiKey = apiKey;
+  }
+  async getTransactions(options) {
+    const params = new URLSearchParams();
+    if (options?.limit !== void 0) params.set("limit", String(options.limit));
+    if (options?.since) params.set("since", options.since);
+    if (options?.endpoint) params.set("endpoint", options.endpoint);
+    const qs = params.toString();
+    const response = await fetch(`${this.baseUrl}/api/v1/transactions${qs ? `?${qs}` : ""}`, {
+      headers: { Authorization: `Bearer ${this.apiKey}` },
+      signal: AbortSignal.timeout(15e3)
+    });
+    const text = await response.text();
+    let data;
+    try {
+      data = JSON.parse(text);
+    } catch {
+      data = { raw: text };
+    }
+    if (!response.ok) {
+      throw new Error(`Sentinel API error (${response.status}): ${JSON.stringify(data).slice(0, 200)}`);
+    }
+    return data;
+  }
+};
+// src/clients/four02md.ts
+var Four02mdClient = class {
+  baseUrl;
+  constructor(baseUrl) {
+    this.baseUrl = baseUrl.replace(/\/$/, "");
+  }
+  async search(options) {
+    const params = new URLSearchParams();
+    if (options?.query) params.set("q", options.query);
+    if (options?.category) params.set("category", options.category);
+    if (options?.chain && options.chain !== "any") params.set("chain", options.chain);
+    const qs = params.toString();
+    const response = await fetch(`${this.baseUrl}/api/manifests${qs ? `?${qs}` : ""}`, {
+      signal: AbortSignal.timeout(15e3)
+    });
+    const text = await response.text();
+    let data;
+    try {
+      data = JSON.parse(text);
+    } catch {
+      data = { raw: text };
+    }
+    if (!response.ok) {
+      throw new Error(`402.md API error (${response.status}): ${JSON.stringify(data).slice(0, 200)}`);
+    }
+    if (options?.maxPrice && data !== null && typeof data === "object" && "results" in data) {
+      const root = data;
+      const results = root.results;
+      if (Array.isArray(results)) {
+        const filtered = results.filter((manifest) => {
+          const endpoints = manifest.endpoints;
+          if (!endpoints) return true;
+          return endpoints.some((ep) => {
+            const priceStr = String(ep.price ?? "0").replace("$", "");
+            const n = parseFloat(priceStr);
+            return !Number.isNaN(n) && n <= (options.maxPrice ?? Infinity);
+          });
+        });
+        root.results = filtered;
+      }
+    }
+    return data;
+  }
+  async getManifest(domain) {
+    const response = await fetch(`${this.baseUrl}/api/manifests/${encodeURIComponent(domain)}`, {
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!response.ok) {
+      throw new Error(`Manifest not found for ${domain}`);
+    }
+    return response.json();
+  }
+};
+// src/server.ts
+import { readFileSync } from "fs";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+// src/tools/pay.ts
+import { decodeXPaymentResponse } from "x402-fetch";
+// src/tools/helpers.ts
+function jsonResult(data) {
+  return {
+    content: [{ type: "text", text: JSON.stringify(data, null, 2) }]
+  };
+}
+function jsonError(message, suggestion) {
+  return {
+    content: [
+      {
+        type: "text",
+        text: JSON.stringify({ error: true, message, suggestion }, null, 2)
+      }
+    ],
+    isError: true
+  };
+}
+function getBudgetRemaining(ctx) {
+  const s = ctx.budget.getStatus();
+  return {
+    session: s.spending.remainingSession,
+    daily: s.spending.remainingDaily
+  };
+}
+// src/tools/pay.ts
+function buildRequestInit(method, headers, body) {
+  const h = new Headers();
+  h.set("Accept", "application/json, text/plain, */*");
+  if (headers) {
+    for (const [k, v] of Object.entries(headers)) {
+      h.set(k, v);
+    }
+  }
+  if (body !== void 0 && method !== "GET" && method !== "HEAD") {
+    if (!h.has("Content-Type")) {
+      h.set("Content-Type", "application/json");
+    }
+  }
+  return {
+    method,
+    headers: h,
+    ...body !== void 0 && method !== "GET" && method !== "HEAD" ? { body } : {}
+  };
+}
+async function fetchWithRetry(url, base2) {
+  const run = () => fetch(url, { ...base2, signal: AbortSignal.timeout(15e3) });
+  try {
+    return await run();
+  } catch {
+    return await run();
+  }
+}
+function parseX402FromBody(body) {
+  if (!body || typeof body !== "object") return null;
+  const o = body;
+  const accepts = o.accepts;
+  if (!Array.isArray(accepts) || accepts.length === 0) return null;
+  const first = accepts[0];
+  const raw = first.maxAmountRequired;
+  if (raw === void 0 || raw === null) return null;
+  let maxAmountAtomic;
+  try {
+    maxAmountAtomic = BigInt(String(raw));
+  } catch {
+    return null;
+  }
+  const priceUsd = Number(maxAmountAtomic) / 1e6;
+  const payTo = typeof first.payTo === "string" ? first.payTo : "";
+  let description = "";
+  if (typeof first.extra === "object" && first.extra !== null && "description" in first.extra) {
+    description = String(first.extra.description ?? "");
+  } else if (typeof first.description === "string") {
+    description = first.description;
+  }
+  const network = typeof first.network === "string" ? first.network : "";
+  return { priceUsd, maxAmountAtomic, payTo, description, chainLabel: network };
+}
+async function parseBodyData(response) {
+  const ct = response.headers.get("content-type") ?? "";
+  const text = await response.text();
+  if (ct.includes("application/json")) {
+    try {
+      return JSON.parse(text);
+    } catch {
+      return text;
+    }
+  }
+  return text;
+}
+function isInsufficientFunds(err) {
+  const s = err instanceof Error ? err.message : String(err);
+  const lower = s.toLowerCase();
+  return lower.includes("insufficient") || lower.includes("balance") || lower.includes("exceeds maximum") || lower.includes("funds");
+}
+async function payTool(ctx, input) {
+  const { url, method, headers, body } = input;
+  const routeOnly = ctx.budget.canSpend(0, url);
+  if (!routeOnly.allowed) {
+    return jsonError(routeOnly.reason ?? "Request blocked by budget rules.", "Use set_budget to adjust allowlists, blocklists, or limits.");
+  }
+  const baseInit = buildRequestInit(method, headers, body);
+  let first;
+  try {
+    first = await fetchWithRetry(url, baseInit);
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    return jsonError(
+      `Network error calling ${url}: ${msg}`,
+      "Check connectivity and URL. Retry the pay tool once the endpoint is reachable."
+    );
+  }
+  if (first.status !== 402) {
+    if (!first.ok) {
+      const snippet = (await first.text()).slice(0, 500);
+      return jsonError(
+        `HTTP ${first.status} from ${url}: ${snippet}`,
+        "The endpoint returned an error without requesting payment. Fix the URL, method, headers, or body, or authenticate if required."
+      );
+    }
+    let data2;
+    try {
+      data2 = await parseBodyData(first);
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      return jsonError(`Failed to read response body: ${msg}`, "Retry the pay tool or inspect the endpoint response format.");
+    }
+    return jsonResult({
+      success: true,
+      data: data2,
+      payment: null,
+      budget_remaining: getBudgetRemaining(ctx)
+    });
+  }
+  let bodyJson;
+  try {
+    bodyJson = await first.json();
+  } catch {
+    return jsonError(
+      "Received HTTP 402 but could not parse JSON payment requirements.",
+      "Use estimate_cost to inspect the endpoint, or verify the server implements x402 with a JSON 402 body."
+    );
+  }
+  const pricing = parseX402FromBody(bodyJson);
+  if (!pricing) {
+    return jsonError(
+      "Could not extract x402 payment requirements from 402 response.",
+      "Use estimate_cost on this URL to debug pricing, or contact the API provider."
+    );
+  }
+  const spendCheck = ctx.budget.canSpend(pricing.priceUsd, url);
+  if (!spendCheck.allowed) {
+    return jsonError(
+      spendCheck.reason ?? "Payment blocked by budget.",
+      "Use set_budget to increase limits, or use spending_history to review past spend."
+    );
+  }
+  const maxPerCallUsd = ctx.budget.getStatus().config.maxPerCall;
+  const paidFetch = ctx.x402Client.createPaidFetch(maxPerCallUsd);
+  let paid;
+  try {
+    paid = await paidFetch(url, baseInit);
+  } catch (e) {
+    if (isInsufficientFunds(e)) {
+      return jsonError(
+        e instanceof Error ? e.message : String(e),
+        "Use wallet_balance to confirm USDC and gas, then get_credit if ACE is configured, or add funds to the wallet."
+      );
+    }
+    return jsonError(
+      e instanceof Error ? e.message : String(e),
+      "Payment or signing failed. Verify VALEO_PRIVATE_KEY, chain, and endpoint compatibility with x402."
+    );
+  }
+  if (!paid.ok) {
+    let errText;
+    try {
+      errText = await paid.text();
+    } catch {
+      errText = "";
+    }
+    return jsonError(
+      `Paid request failed with HTTP ${paid.status}: ${errText.slice(0, 500)}`,
+      "The resource may require different parameters after payment. Check the API documentation."
+    );
+  }
+  let data;
+  try {
+    data = await parseBodyData(paid);
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    return jsonError(`Paid response could not be read: ${msg}`, "Retry the pay tool; the payment may still have settled on-chain.");
+  }
+  let txHash;
+  const payHeader = paid.headers.get("x-payment-response") ?? paid.headers.get("X-PAYMENT-RESPONSE") ?? void 0;
+  if (payHeader) {
+    try {
+      const decoded = decodeXPaymentResponse(payHeader);
+      if (decoded?.transaction) {
+        txHash = String(decoded.transaction);
+      }
+    } catch {
+    }
+  }
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const payment = {
+    amount: pricing.priceUsd.toFixed(6),
+    currency: "USDC",
+    chain: ctx.config.chain,
+    endpoint: url,
+    timestamp,
+    ...txHash ? { txHash } : {}
+  };
+  ctx.receipts.add({
+    endpoint: url,
+    method,
+    amount: pricing.priceUsd,
+    currency: "USDC",
+    chain: ctx.config.chain,
+    status: "settled",
+    responseStatus: paid.status,
+    ...txHash ? { txHash } : {}
+  });
+  ctx.budget.recordSpend(pricing.priceUsd);
+  return jsonResult({
+    success: true,
+    data,
+    payment,
+    budget_remaining: getBudgetRemaining(ctx)
+  });
+}
+// src/tools/wallet-balance.ts
+var EVM_CHAINS = /* @__PURE__ */ new Set(["base", "base-sepolia"]);
+var SOL_CHAINS = /* @__PURE__ */ new Set(["solana", "solana-devnet"]);
+function familyOf(chain) {
+  if (EVM_CHAINS.has(chain)) return "evm";
+  if (SOL_CHAINS.has(chain)) return "solana";
+  return "evm";
+}
+async function walletBalanceTool(ctx, input) {
+  const target = input.chain ?? ctx.config.chain;
+  if (familyOf(target) !== familyOf(ctx.config.chain)) {
+    return jsonError(
+      `Cannot check ${target} balance: configured VALEO_CHAIN is ${ctx.config.chain}. The same private key cannot be used for both EVM and Solana.`,
+      "Run a separate MCP server instance with VALEO_CHAIN set to the target chain family and a key for that chain."
+    );
+  }
+  try {
+    if (target === "base" || target === "base-sepolia") {
+      const client2 = new X402BaseClient(ctx.config.privateKey, target);
+      const usdc2 = await client2.getUsdcBalance();
+      const eth = await client2.getEthBalance();
+      return jsonResult({
+        chain: target,
+        wallet: client2.getAddress(),
+        usdc: usdc2,
+        gas_token: `${eth} ETH`,
+        budget_remaining: getBudgetRemaining(ctx)
+      });
+    }
+    const client = new X402SolanaClient(
+      ctx.config.privateKey,
+      target,
+      process.env.VALEO_SOLANA_RPC_URL
+    );
+    const usdc = await client.getUsdcBalance();
+    const sol = await client.getSolBalance();
+    return jsonResult({
+      chain: target,
+      wallet: client.getAddress(),
+      usdc,
+      gas_token: `${sol} SOL`,
+      budget_remaining: getBudgetRemaining(ctx)
+    });
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    return jsonError(
+      `Failed to read balances: ${msg}`,
+      "Verify VALEO_PRIVATE_KEY matches the chain, RPC is reachable, and try wallet_balance again."
+    );
+  }
+}
+// src/tools/get-credit.ts
+function pickString(obj, keys) {
+  for (const k of keys) {
+    const v = obj[k];
+    if (typeof v === "string" && v.length > 0) return v;
+  }
+  return void 0;
+}
+async function getCreditTool(ctx, input) {
+  if (!ctx.aceClient) {
+    return jsonError(
+      "ACE integration not configured. Set VALEO_ACE_API_KEY environment variable.",
+      "Get an API key at https://agentcreditengine.com and add VALEO_ACE_API_KEY to your MCP server env."
+    );
+  }
+  const wallet = ctx.x402Client.getAddress();
+  try {
+    const raw = await ctx.aceClient.requestCredit(input.amount, wallet, input.purpose);
+    if (!raw || typeof raw !== "object") {
+      return jsonResult({
+        approved: true,
+        note: "ACE returned a non-object response; raw payload attached.",
+        raw,
+        message: "Credit request completed; verify balances with wallet_balance."
+      });
+    }
+    const o = raw;
+    const approved = typeof o.approved === "boolean" ? o.approved : typeof o.status === "string" ? o.status.toLowerCase() === "approved" : true;
+    if (!approved) {
+      return jsonResult({
+        approved: false,
+        reason: pickString(o, ["reason", "message", "error"]) ?? "Credit not approved",
+        current_exposure: pickString(o, ["current_exposure", "currentExposure"]),
+        max_exposure: pickString(o, ["max_exposure", "maxExposure"]),
+        raw_note: "See raw for full ACE response.",
+        raw: o
+      });
+    }
+    return jsonResult({
+      approved: true,
+      loan_id: pickString(o, ["loan_id", "loanId", "id"]),
+      amount: pickString(o, ["amount", "credit_amount", "creditAmount"]) ?? String(input.amount),
+      currency: pickString(o, ["currency"]) ?? "USDC",
+      fee: pickString(o, ["fee"]),
+      total_repayment: pickString(o, ["total_repayment", "totalRepayment"]),
+      auto_repay: typeof o.auto_repay === "boolean" ? o.auto_repay : typeof o.autoRepay === "boolean" ? o.autoRepay : true,
+      message: pickString(o, ["message"]) ?? `${pickString(o, ["amount"]) ?? input.amount} USDC credited. Auto-repayment may apply per ACE terms.`,
+      raw: o
+    });
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    return jsonError(
+      msg,
+      "Verify VALEO_ACE_API_KEY, wallet address, and ACE account status; retry or contact ACE support."
+    );
+  }
+}
+// src/tools/repay-credit.ts
+function pickString2(obj, keys) {
+  for (const k of keys) {
+    const v = obj[k];
+    if (typeof v === "string" && v.length > 0) return v;
+  }
+  return void 0;
+}
+async function repayCreditTool(ctx, input) {
+  if (!ctx.aceClient) {
+    return jsonError(
+      "ACE integration not configured. Set VALEO_ACE_API_KEY environment variable.",
+      "Get an API key at https://agentcreditengine.com and add VALEO_ACE_API_KEY to your MCP server env."
+    );
+  }
+  try {
+    const raw = await ctx.aceClient.repayLoan(input.loan_id, input.amount);
+    if (!raw || typeof raw !== "object") {
+      return jsonResult({
+        success: true,
+        note: "ACE returned a non-object response.",
+        raw
+      });
+    }
+    const o = raw;
+    return jsonResult({
+      success: true,
+      loan_id: input.loan_id,
+      status: pickString2(o, ["status", "state"]) ?? "submitted",
+      message: pickString2(o, ["message"]) ?? "Repayment request processed.",
+      raw: o
+    });
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    return jsonError(msg, "Verify loan_id, ACE balance, and VALEO_ACE_API_KEY; retry repay_credit.");
+  }
+}
+// src/tools/spending-history.ts
+function receiptToRow(r) {
+  return {
+    timestamp: r.timestamp,
+    endpoint: r.endpoint,
+    amount: String(r.amount),
+    currency: r.currency,
+    chain: r.chain,
+    status: r.status,
+    ...r.txHash ? { receipt_hash: r.txHash } : {}
+  };
+}
+function normalizeSentinelPayload(data) {
+  if (!data || typeof data !== "object") {
+    return { transactions: [], extra: { raw: data } };
+  }
+  const o = data;
+  const txs = o.transactions ?? o.data ?? o.items ?? o.results;
+  if (Array.isArray(txs)) {
+    return {
+      transactions: txs.map((t) => typeof t === "object" && t !== null ? t : { value: t }),
+      extra: { ...o, transactions: void 0, data: void 0, items: void 0, results: void 0 }
+    };
+  }
+  return { transactions: [], extra: o };
+}
+async function spendingHistoryTool(ctx, input) {
+  const totalSession = ctx.receipts.getTotalSpent();
+  const totalToday = ctx.receipts.getTotalSpentToday();
+  if (ctx.sentinelClient) {
+    try {
+      const raw = await ctx.sentinelClient.getTransactions({
+        limit: input.limit,
+        since: input.since,
+        endpoint: input.endpoint
+      });
+      const { transactions, extra } = normalizeSentinelPayload(raw);
+      const mapped = transactions.map((t) => ({
+        timestamp: String(t.timestamp ?? t.created_at ?? t.time ?? ""),
+        endpoint: String(t.endpoint ?? t.url ?? t.resource ?? ""),
+        amount: String(t.amount ?? t.value ?? ""),
+        currency: String(t.currency ?? "USDC"),
+        chain: String(t.chain ?? t.network ?? ""),
+        status: String(t.status ?? "settled"),
+        ...t.receipt_hash || t.receiptHash ? { receipt_hash: String(t.receipt_hash ?? t.receiptHash) } : {}
+      }));
+      return jsonResult({
+        source: "sentinel",
+        total_spent_session: totalSession.toFixed(2),
+        total_spent_today: totalToday.toFixed(2),
+        transaction_count: mapped.length,
+        transactions: mapped,
+        sentinel_meta: extra
+      });
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      return jsonError(
+        msg,
+        "Check VALEO_SENTINEL_API_KEY and network access. You can temporarily rely on session receipts without Sentinel."
+      );
+    }
+  }
+  const local = ctx.receipts.getAll({
+    limit: input.limit,
+    since: input.since,
+    endpoint: input.endpoint
+  });
+  return jsonResult({
+    source: "session",
+    note: "Showing session-only data. Configure VALEO_SENTINEL_API_KEY for full historical audit trail.",
+    total_spent_session: totalSession.toFixed(2),
+    total_spent_today: totalToday.toFixed(2),
+    transaction_count: local.length,
+    transactions: local.map(receiptToRow)
+  });
+}
+// src/tools/discover-apis.ts
+async function discoverApisTool(ctx, input) {
+  try {
+    const data = await ctx.four02mdClient.search({
+      query: input.query,
+      category: input.category,
+      chain: input.chain,
+      maxPrice: input.max_price
+    });
+    let total = 0;
+    if (data && typeof data === "object" && "results" in data) {
+      const r = data.results;
+      if (Array.isArray(r)) total = r.length;
+    }
+    return jsonResult({
+      ...typeof data === "object" && data !== null ? data : { results: data },
+      total,
+      tip: "Use the pay tool with any endpoint URL to make a paid call."
+    });
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    return jsonError(msg, "Verify 402.md registry availability and VALEO_402MD_BASE_URL; retry discover_apis.");
+  }
+}
+// src/tools/set-budget.ts
+function setBudgetTool(ctx, input) {
+  ctx.budget.updateConfig({
+    ...input.max_per_call !== void 0 ? { maxPerCall: input.max_per_call } : {},
+    ...input.daily_limit !== void 0 ? { dailyLimit: input.daily_limit } : {},
+    ...input.session_limit !== void 0 ? { sessionLimit: input.session_limit } : {},
+    ...input.blocked_endpoints !== void 0 ? { blockedEndpoints: input.blocked_endpoints } : {},
+    ...input.allowed_endpoints !== void 0 ? { allowedEndpoints: input.allowed_endpoints } : {}
+  });
+  const st = ctx.budget.getStatus();
+  return jsonResult({
+    updated: true,
+    budget: {
+      max_per_call: st.config.maxPerCall,
+      daily_limit: st.config.dailyLimit,
+      session_limit: st.config.sessionLimit,
+      blocked_endpoints: st.config.blockedEndpoints,
+      allowed_endpoints: st.config.allowedEndpoints
+    },
+    current_spending: {
+      session: st.spending.session,
+      today: st.spending.today,
+      remaining_session: st.spending.remainingSession,
+      remaining_daily: st.spending.remainingDaily
+    }
+  });
+}
+// src/tools/estimate-cost.ts
+function parseX402FromBody2(body) {
+  if (!body || typeof body !== "object") return null;
+  const o = body;
+  const accepts = o.accepts;
+  if (!Array.isArray(accepts) || accepts.length === 0) return null;
+  const first = accepts[0];
+  const raw = first.maxAmountRequired;
+  if (raw === void 0 || raw === null) return null;
+  let maxAmountAtomic;
+  try {
+    maxAmountAtomic = BigInt(String(raw));
+  } catch {
+    return null;
+  }
+  const priceUsd = Number(maxAmountAtomic) / 1e6;
+  const payTo = typeof first.payTo === "string" ? first.payTo : "";
+  let description = "";
+  if (typeof first.extra === "object" && first.extra !== null && "description" in first.extra) {
+    description = String(first.extra.description ?? "");
+  } else if (typeof first.description === "string") {
+    description = first.description;
+  }
+  const network = typeof first.network === "string" ? first.network : "";
+  const asset = typeof first.asset === "string" ? first.asset : "USDC";
+  return {
+    priceUsd,
+    payTo,
+    description,
+    chainLabel: network,
+    currency: asset.length > 20 ? "USDC" : asset
+  };
+}
+async function estimateCostTool(ctx, input) {
+  const { url } = input;
+  let res;
+  try {
+    res = await fetch(url, {
+      method: "GET",
+      signal: AbortSignal.timeout(15e3),
+      headers: { Accept: "application/json, text/plain, */*" }
+    });
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    return jsonError(
+      `Probe failed for ${url}: ${msg}`,
+      "Check the URL, network, and TLS. Retry estimate_cost or use pay after confirming connectivity."
+    );
+  }
+  if (res.status === 200) {
+    const budgetCheck = ctx.budget.canSpend(0, url);
+    return jsonResult({
+      url,
+      requires_payment: false,
+      within_budget: budgetCheck.allowed,
+      wallet_can_afford: true,
+      wallet_balance: await readUsdcBalance(ctx).catch(() => "unknown"),
+      note: "Endpoint returned 200 without requesting payment (free or already authorized)."
+    });
+  }
+  if (res.status === 402) {
+    let bodyJson;
+    try {
+      bodyJson = await res.json();
+    } catch {
+      return jsonError(
+        "HTTP 402 but body is not valid JSON.",
+        "Inspect the endpoint manually or contact the provider for x402 pricing format."
+      );
+    }
+    const pricing = parseX402FromBody2(bodyJson);
+    if (!pricing) {
+      return jsonError(
+        "Could not parse x402 pricing from 402 response.",
+        "Use pay with a small budget to test, or inspect the raw 402 JSON from the server."
+      );
+    }
+    const spend = ctx.budget.canSpend(pricing.priceUsd, url);
+    let walletBalanceStr = "0";
+    let walletCanAfford = false;
+    try {
+      walletBalanceStr = await readUsdcBalance(ctx);
+      const bal = parseFloat(walletBalanceStr);
+      walletCanAfford = !Number.isNaN(bal) && bal + 1e-9 >= pricing.priceUsd;
+    } catch {
+      walletCanAfford = false;
+    }
+    return jsonResult({
+      url,
+      requires_payment: true,
+      price: `$${pricing.priceUsd.toFixed(6)}`,
+      currency: pricing.currency,
+      chain: pricing.chainLabel || ctx.config.chain,
+      pay_to: pricing.payTo,
+      description: pricing.description,
+      within_budget: spend.allowed,
+      wallet_can_afford: walletCanAfford,
+      wallet_balance: walletBalanceStr,
+      ...spend.allowed ? {} : { budget_reason: spend.reason }
+    });
+  }
+  const snippet = (await res.text()).slice(0, 400);
+  return jsonResult({
+    url,
+    requires_payment: false,
+    http_status: res.status,
+    body_snippet: snippet,
+    within_budget: ctx.budget.canSpend(0, url).allowed,
+    wallet_can_afford: true,
+    wallet_balance: await readUsdcBalance(ctx).catch(() => "unknown"),
+    note: "Non-402 response; endpoint may require auth, be misconfigured, or be unavailable."
+  });
+}
+async function readUsdcBalance(ctx) {
+  return ctx.x402Client.getUsdcBalance();
+}
+// src/server.ts
+function readPackageVersion() {
+  const here = typeof __dirname !== "undefined" ? __dirname : dirname(fileURLToPath(import.meta.url));
+  const pkgPath = join(here, "..", "package.json");
+  const raw = readFileSync(pkgPath, "utf8");
+  return JSON.parse(raw).version;
+}
+var pkgVersion = readPackageVersion();
+async function createAndRunMcpServer(ctx) {
+  const server = new McpServer({
+    name: "valeo",
+    version: pkgVersion
+  });
+  server.tool(
+    "pay",
+    "Call any x402-enabled paid API endpoint. Automatically handles payment negotiation, signing, and settlement.",
+    {
+      url: z.string().describe("The full URL of the x402 API endpoint"),
+      method: z.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).default("GET"),
+      headers: z.record(z.string()).optional(),
+      body: z.string().optional()
+    },
+    async (args) => payTool(ctx, args)
+  );
+  server.tool(
+    "wallet_balance",
+    "Check the current USDC balance of the agent's wallet on the configured chain (Base or Solana). Also shows ETH or SOL for gas.",
+    {
+      chain: z.enum(["base", "base-sepolia", "solana", "solana-devnet"]).optional()
+    },
+    async (args) => walletBalanceTool(ctx, args)
+  );
+  server.tool(
+    "get_credit",
+    "Borrow USDC from Valeo ACE when wallet balance is insufficient. Requires VALEO_ACE_API_KEY.",
+    {
+      amount: z.number().describe("Amount of USDC to borrow"),
+      purpose: z.string().optional().describe("Brief description of what the credit is for")
+    },
+    async (args) => getCreditTool(ctx, args)
+  );
+  server.tool(
+    "repay_credit",
+    "Manually repay an outstanding ACE credit line.",
+    {
+      loan_id: z.string().describe("The loan ID to repay"),
+      amount: z.number().optional().describe("Amount to repay. Omit for full balance.")
+    },
+    async (args) => repayCreditTool(ctx, args)
+  );
+  server.tool(
+    "spending_history",
+    "View recent spending history via Sentinel (if configured) or session receipts.",
+    {
+      limit: z.number().default(20).describe("Number of recent transactions"),
+      since: z.string().optional().describe("ISO timestamp \u2014 only show transactions after this time"),
+      endpoint: z.string().optional().describe("Filter by endpoint URL substring")
+    },
+    async (args) => spendingHistoryTool(ctx, args)
+  );
+  server.tool(
+    "discover_apis",
+    "Search the 402.md registry for x402-enabled APIs by keyword, category, or chain.",
+    {
+      query: z.string().optional(),
+      category: z.string().optional(),
+      max_price: z.number().optional(),
+      chain: z.enum(["base", "solana", "any"]).default("any")
+    },
+    async (args) => discoverApisTool(ctx, args)
+  );
+  server.tool(
+    "set_budget",
+    "Configure per-call, daily, and session spending limits and optional endpoint allow/block lists.",
+    {
+      max_per_call: z.number().optional(),
+      daily_limit: z.number().optional(),
+      session_limit: z.number().optional(),
+      blocked_endpoints: z.array(z.string()).optional(),
+      allowed_endpoints: z.array(z.string()).optional()
+    },
+    async (args) => setBudgetTool(ctx, args)
+  );
+  server.tool(
+    "estimate_cost",
+    "Probe an x402 endpoint for pricing without paying (GET, no payment header).",
+    {
+      url: z.string().describe("The x402 endpoint URL to probe")
+    },
+    async (args) => estimateCostTool(ctx, args)
+  );
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  console.error("\u2713 Valeo MCP server running");
+  console.error(`  Chain: ${ctx.config.chain}`);
+  console.error(`  Wallet: ${ctx.x402Client.getAddress()}`);
+  console.error(`  ACE: ${ctx.aceClient ? "enabled" : "not configured"}`);
+  console.error(`  Sentinel: ${ctx.sentinelClient ? "enabled" : "not configured"}`);
+  console.error(`  Budget: $${ctx.config.defaultSessionLimit}/session, $${ctx.config.defaultDailyLimit}/day`);
+}
+// src/index.ts
+async function main() {
+  const config = loadConfig();
+  const budget = new BudgetManager(config);
+  const receipts = new ReceiptStore();
+  const x402Client = config.chain.startsWith("solana") ? new X402SolanaClient(
+    config.privateKey,
+    config.chain,
+    process.env.VALEO_SOLANA_RPC_URL
+  ) : new X402BaseClient(config.privateKey, config.chain);
+  const aceClient = config.aceApiKey ? new ACEClient(config.aceBaseUrl, config.aceApiKey) : null;
+  const sentinelClient = config.sentinelApiKey ? new SentinelClient(config.sentinelBaseUrl, config.sentinelApiKey) : null;
+  const four02mdClient = new Four02mdClient(config.four02mdBaseUrl);
+  const ctx = {
+    config,
+    budget,
+    receipts,
+    x402Client,
+    aceClient,
+    sentinelClient,
+    four02mdClient
+  };
+  await createAndRunMcpServer(ctx);
+}
+process.on("uncaughtException", (err) => {
+  console.error("Uncaught exception:", err);
+  process.exit(1);
+});
+process.on("unhandledRejection", (reason) => {
+  console.error("Unhandled rejection:", reason);
+  process.exit(1);
+});
+main().catch((err) => {
+  const msg = err instanceof Error ? err.message : String(err);
+  console.error("Fatal startup error:", msg);
+  process.exit(1);
+});
+export {
+  loadConfig
+};
+//# sourceMappingURL=index.mjs.map