cryptoiz-mcp 4.16.14 → 4.16.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +27 -1
- package/package.json +1 -1
- package/setup.js +1 -1
package/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
'use strict';
|
|
2
|
-
var VERSION = 'v4.16.
|
|
2
|
+
var VERSION = 'v4.16.15';
|
|
3
3
|
var GATEWAY = 'https://rehqwsypjnjirhuiapqh.supabase.co/functions/v1/mcp-x402-gateway';
|
|
4
4
|
// FIX v4.16.12: route ALL paid tools to gateway. Per-tool endpoints (mcp-alpha-scanner etc.)
|
|
5
5
|
// have stale hardcoded fee payer that breaks after Dexter key rotation. Gateway has dynamic
|
|
@@ -165,7 +165,33 @@ function clientHeaders(extra) {
|
|
|
165
165
|
return h;
|
|
166
166
|
}
|
|
167
167
|
|
|
168
|
+
// v4.16.14: input validation per tool — defense in depth, server-side double-validates.
|
|
169
|
+
function validateArgs(toolName, args) {
|
|
170
|
+
if (args == null) return {}; // Empty args ok
|
|
171
|
+
if (typeof args !== 'object' || Array.isArray(args)) {
|
|
172
|
+
throw new Error('Invalid args: expected object, got ' + typeof args);
|
|
173
|
+
}
|
|
174
|
+
var clean = {};
|
|
175
|
+
if (toolName === 'get_whale_divergence') {
|
|
176
|
+
if (args.timeframe != null) {
|
|
177
|
+
if (typeof args.timeframe !== 'string') throw new Error('timeframe must be string');
|
|
178
|
+
if (args.timeframe !== '4h' && args.timeframe !== '1d') throw new Error("timeframe must be '4h' or '1d'");
|
|
179
|
+
clean.timeframe = args.timeframe;
|
|
180
|
+
}
|
|
181
|
+
} else if (toolName === 'get_token_ca') {
|
|
182
|
+
if (args.name == null) throw new Error('name is required for get_token_ca');
|
|
183
|
+
if (typeof args.name !== 'string') throw new Error('name must be string');
|
|
184
|
+
var trimmed = args.name.trim();
|
|
185
|
+
if (trimmed.length < 1 || trimmed.length > 64) throw new Error('name length must be 1-64 chars');
|
|
186
|
+
if (!/^[a-zA-Z0-9 _\-\$\.\u00c0-\uffff]+$/.test(trimmed)) throw new Error('name contains invalid chars');
|
|
187
|
+
clean.name = trimmed;
|
|
188
|
+
}
|
|
189
|
+
// Other tools accept no args — anything passed is silently dropped.
|
|
190
|
+
return clean;
|
|
191
|
+
}
|
|
192
|
+
|
|
168
193
|
async function callTool(toolName, args) {
|
|
194
|
+
args = validateArgs(toolName, args);
|
|
169
195
|
var queryParts = ['tool=' + toolName];
|
|
170
196
|
if (toolName === 'get_whale_divergence' && args && args.timeframe) queryParts.push('tf=' + args.timeframe);
|
|
171
197
|
if (toolName === 'get_token_ca' && args && args.name) queryParts.push('name=' + encodeURIComponent(args.name));
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cryptoiz-mcp",
|
|
3
|
-
"version": "4.16.
|
|
3
|
+
"version": "4.16.15",
|
|
4
4
|
"description": "CryptoIZ MCP Server - Solana DEX whale intelligence (alpha, divergence, accumulation, BTC regime). Recommended install: npx agentcash add https://mcp.cryptoiz.org. x402 V2 + Dexter gas-sponsored payments.",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"type": "commonjs",
|
package/setup.js
CHANGED