paygate-mcp 0.1.4 → 0.6.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 walker77
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,12 +1,19 @@
 # paygate-mcp
 
-Monetize any MCP server with one command. Add API key auth, per-tool pricing, rate limiting, and usage metering to any Model Context Protocol server.
+[![CI](https://github.com/walker77/paygate-mcp/actions/workflows/ci.yml/badge.svg)](https://github.com/walker77/paygate-mcp/actions/workflows/ci.yml)
+[![npm version](https://img.shields.io/npm/v/paygate-mcp.svg)](https://www.npmjs.com/package/paygate-mcp)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+Monetize any MCP server with one command. Add API key auth, per-tool pricing, rate limiting, and usage metering to any Model Context Protocol server. Zero dependencies. Zero config. Zero code changes.
 
 ## Quick Start
 
 ```bash
-# Wrap any MCP server with pay-per-call billing
+# Wrap a local MCP server (stdio transport)
 npx paygate-mcp wrap --server "npx @modelcontextprotocol/server-filesystem /tmp"
+
+# Gate a remote MCP server (Streamable HTTP transport)
+npx paygate-mcp wrap --remote-url "https://my-server.example.com/mcp" --price 5
 ```
 
 That's it. Your MCP server is now gated behind API keys with credit-based billing.
@@ -16,19 +23,21 @@ That's it. Your MCP server is now gated behind API keys with credit-based billin
 PayGate sits between AI agents and your MCP server:
 
 ```
-Agent → PayGate (auth + billing) → Your MCP Server
+Agent → PayGate (auth + billing) → Your MCP Server (stdio or HTTP)
 ```
 
 - **API Key Auth** — Clients need a valid `X-API-Key` to call tools
 - **Credit Billing** — Each tool call costs credits (configurable per-tool)
 - **Rate Limiting** — Sliding window per-key rate limits
 - **Usage Metering** — Track who called what, when, and how much they spent
+- **Two Transports** — Wrap local servers via stdio or remote servers via Streamable HTTP
 - **Shadow Mode** — Log everything without enforcing payment (for testing)
-- **Zero Config** — Works with any MCP server that uses stdio transport
+- **Persistent Storage** — Keys and credits survive restarts with `--state-file`
+- **Zero Dependencies** — No external npm packages. Uses only Node.js built-ins.
 
 ## Usage
 
-### Start a Gated Server
+### Wrap a Local MCP Server (stdio)
 
 ```bash
 # Default: 1 credit per call, 60 calls/min, port 3402
@@ -50,6 +59,26 @@ npx paygate-mcp wrap \
 npx paygate-mcp wrap --server "node server.js" --shadow
 ```
 
+### Gate a Remote MCP Server (Streamable HTTP)
+
+Gate any remote MCP server that supports the [Streamable HTTP transport](https://modelcontextprotocol.io/specification/2025-03-26/basic/transports#streamable-http) (MCP spec 2025-03-26):
+
+```bash
+npx paygate-mcp wrap --remote-url "https://my-mcp-server.example.com/mcp"
+
+# With custom pricing
+npx paygate-mcp wrap \
+  --remote-url "https://api.example.com/mcp" \
+  --price 5 \
+  --tool-price "gpt4:20,search:2"
+```
+
+The proxy handles:
+- JSON-RPC forwarding via HTTP POST
+- SSE (text/event-stream) response parsing
+- `Mcp-Session-Id` session management
+- Graceful session cleanup (HTTP DELETE on shutdown)
+
 When started, you'll see your admin key in the console. Save it.
 
 ### Create API Keys
@@ -87,6 +116,54 @@ curl -X POST http://localhost:3402/topup \
   -d '{"key": "CLIENT_API_KEY", "credits": 500}'
 ```
 
+### Check Balance (Client Self-Service)
+
+```bash
+curl http://localhost:3402/balance \
+  -H "X-API-Key: CLIENT_API_KEY"
+```
+
+Returns credits, total spent, call count, and last used timestamp. If spending limits are set, also returns current daily/monthly spend and limits. Clients can check their own balance without needing admin access.
+
+### Set Spending Limits (Admin)
+
+```bash
+# Set daily and monthly credit caps for a key
+curl -X POST http://localhost:3402/keys/limits \
+  -H "Content-Type: application/json" \
+  -H "X-Admin-Key: YOUR_ADMIN_KEY" \
+  -d '{"key": "CLIENT_API_KEY", "dailyLimit": 50, "monthlyLimit": 500}'
+```
+
+Prevents runaway AI agents from draining credits. When a key's daily or monthly spend reaches its cap, further tool calls are denied until the next day/month (UTC). Set to 0 for unlimited.
+
+You can also set limits when creating a key:
+
+```bash
+curl -X POST http://localhost:3402/keys \
+  -H "Content-Type: application/json" \
+  -H "X-Admin-Key: YOUR_ADMIN_KEY" \
+  -d '{"name": "agent-key", "credits": 1000, "dailyLimit": 50, "monthlyLimit": 500}'
+```
+
+### Export Usage Data (Admin)
+
+```bash
+# JSON export
+curl http://localhost:3402/usage \
+  -H "X-Admin-Key: YOUR_ADMIN_KEY"
+
+# CSV export (for spreadsheet/billing import)
+curl "http://localhost:3402/usage?format=csv" \
+  -H "X-Admin-Key: YOUR_ADMIN_KEY"
+
+# Filter by date
+curl "http://localhost:3402/usage?since=2025-01-01T00:00:00Z" \
+  -H "X-Admin-Key: YOUR_ADMIN_KEY"
+```
+
+Returns per-call usage events with tool name, credits charged, and timestamps. API keys are masked in output.
+
 ### Check Status
 
 ```bash
@@ -96,16 +173,31 @@ curl http://localhost:3402/status \
 
 Returns active keys, usage stats, per-tool breakdown, and deny reasons.
 
+### Admin Dashboard
+
+Open the web dashboard in your browser:
+
+```
+http://localhost:3402/dashboard
+```
+
+A real-time admin UI for managing keys, viewing usage, and monitoring tool calls. Enter your admin key to authenticate. Features auto-refresh every 30s, top tools chart, activity feed, and key creation/management.
+
 ## API Reference
 
 | Endpoint | Method | Auth | Description |
 |----------|--------|------|-------------|
 | `/mcp` | POST | `X-API-Key` | JSON-RPC 2.0 proxy to wrapped MCP server |
+| `/balance` | GET | `X-API-Key` | Client self-service — check own credits |
 | `/keys` | POST | `X-Admin-Key` | Create a new API key with credits |
 | `/keys` | GET | `X-Admin-Key` | List all keys (masked) |
 | `/topup` | POST | `X-Admin-Key` | Add credits to an existing key |
 | `/keys/revoke` | POST | `X-Admin-Key` | Revoke an API key |
+| `/keys/limits` | POST | `X-Admin-Key` | Set daily/monthly spending limits |
+| `/usage` | GET | `X-Admin-Key` | Export usage data (JSON or CSV) |
 | `/status` | GET | `X-Admin-Key` | Full dashboard with usage stats |
+| `/dashboard` | GET | None (admin key in-browser) | Real-time admin web dashboard |
+| `/stripe/webhook` | POST | Stripe Signature | Auto-top-up credits on payment |
 | `/` | GET | None | Health check |
 
 ### Free Methods
@@ -116,18 +208,24 @@ These MCP methods pass through without auth or billing:
 ## CLI Options
 
 ```
---server <cmd>      MCP server command to wrap (required)
---port <n>          HTTP port (default: 3402)
---price <n>         Default credits per tool call (default: 1)
---rate-limit <n>    Max calls/min per key (default: 60, 0=unlimited)
---name <s>          Server display name
---shadow            Shadow mode — log without enforcing payment
---admin-key <s>     Set admin key (default: auto-generated)
---tool-price <t:n>  Per-tool price (e.g. "search:5,generate:10")
---import-key <k:c>  Import existing key with credits (e.g. "pg_abc:100")
---state-file <path> Persist keys/credits to a JSON file (survives restarts)
+--server <cmd>       MCP server command to wrap via stdio
+--remote-url <url>   Remote MCP server URL (Streamable HTTP transport)
+--port <n>           HTTP port (default: 3402)
+--price <n>          Default credits per tool call (default: 1)
+--rate-limit <n>     Max calls/min per key (default: 60, 0=unlimited)
+--name <s>           Server display name
+--shadow             Shadow mode — log without enforcing payment
+--admin-key <s>      Set admin key (default: auto-generated)
+--tool-price <t:n>   Per-tool price (e.g. "search:5,generate:10")
+--import-key <k:c>   Import existing key with credits (e.g. "pg_abc:100")
+--state-file <path>  Persist keys/credits to a JSON file (survives restarts)
+--stripe-secret <s>  Stripe webhook signing secret (enables /stripe/webhook)
+--daily-limit <n>    Default daily credit limit per key (0=unlimited)
+--monthly-limit <n>  Default monthly credit limit per key (0=unlimited)
 ```
 
+> **Note:** Use `--server` OR `--remote-url`, not both.
+
 ### Persistent Storage
 
 Add `--state-file` to save API keys and credits to disk. Data survives server restarts.
@@ -136,11 +234,39 @@ Add `--state-file` to save API keys and credits to disk. Data survives server re
 npx paygate-mcp wrap --server "your-mcp-server" --state-file ~/.paygate/state.json
 ```
 
+### Stripe Integration
+
+Connect Stripe to automatically top up credits when customers pay:
+
+```bash
+npx paygate-mcp wrap \
+  --server "your-mcp-server" \
+  --state-file ~/.paygate/state.json \
+  --stripe-secret "whsec_your_stripe_webhook_secret"
+```
+
+**Setup:**
+1. Create a Stripe Checkout Session with metadata:
+   - `paygate_api_key` — the customer's API key (e.g. `pg_abc123...`)
+   - `paygate_credits` — credits to add on payment (e.g. `500`)
+2. Point your Stripe webhook to `https://your-server/stripe/webhook`
+3. Subscribe to `checkout.session.completed` and `invoice.payment_succeeded` events
+
+When a customer completes payment, credits are automatically added to their API key. Subscriptions auto-renew credits on each billing cycle.
+
+**Security:**
+- HMAC-SHA256 signature verification (Stripe's v1 scheme)
+- Timing-safe comparison to prevent timing attacks
+- 5-minute timestamp tolerance to prevent replay attacks
+- Payment status verification (only `paid` triggers credits)
+- Zero dependencies — uses Node.js built-in `crypto`
+
 ## Programmatic API
 
 ```typescript
-import { PayGateServer } from 'paygate-mcp';
+import { PayGateServer, HttpMcpProxy } from 'paygate-mcp';
 
+// Wrap a local server (stdio)
 const server = new PayGateServer({
   serverCommand: 'npx',
   serverArgs: ['@modelcontextprotocol/server-filesystem', '/tmp'],
@@ -151,6 +277,13 @@ const server = new PayGateServer({
   },
 });
 
+// Or gate a remote server (Streamable HTTP)
+const remoteServer = new PayGateServer({
+  serverCommand: '',
+  port: 3402,
+  defaultCreditsPerCall: 5,
+}, undefined, undefined, 'https://my-mcp-server.example.com/mcp');
+
 const { port, adminKey } = await server.start();
 ```
 
@@ -162,21 +295,33 @@ const { port, adminKey } = await server.start();
 - 1MB request body limit
 - Input sanitization on all endpoints
 - Admin key never exposed in responses
+- API keys never forwarded to remote servers (HTTP transport)
 - Rate limiting is per-key, concurrent-safe
+- Stripe webhook signature verification (HMAC-SHA256, timing-safe)
+- Per-key daily/monthly spending caps (budget protection)
+- Dashboard uses safe DOM methods (textContent/createElement) — no innerHTML
+- Red-teamed with 78 adversarial security tests across 9 passes
 
 ## Current Limitations
 
-- **In-memory by default** — Without `--state-file`, data lives in memory and is lost on restart. Use `--state-file` for persistence.
-- **Credits are not real money** — Credits are just integers. There is no payment processor integration yet.
 - **Single process** — No clustering or horizontal scaling.
-- **Stdio transport only** — The wrapped MCP server must use stdio (most do).
+- **No response size limits for HTTP transport** — Large responses from remote servers are forwarded as-is.
+
+## Roadmap
 
-Persistent storage and Stripe integration are on the roadmap.
+- [x] Persistent storage (`--state-file`)
+- [x] Streamable HTTP transport (`--remote-url`)
+- [x] Stripe webhook integration (`--stripe-secret`)
+- [x] Client self-service balance check (`/balance`)
+- [x] Usage data export — JSON and CSV (`/usage`)
+- [x] Admin web dashboard (`/dashboard`)
+- [x] Per-key spending limits — daily/monthly budget caps
+- [ ] Multi-tenant mode
 
 ## Requirements
 
 - Node.js >= 18.0.0
-- Any MCP server that uses stdio transport
+- Zero external dependencies
 
 ## License
 

package/dist/cli.js

@@ -36,25 +36,34 @@ function printUsage() {
   paygate-mcp — Monetize any MCP server with one command.
 
   USAGE:
-    paygate-mcp wrap --server <command> [options]
+    paygate-mcp wrap --server <command> [options]     # stdio transport
+    paygate-mcp wrap --remote-url <url> [options]     # Streamable HTTP transport
 
   OPTIONS:
-    --server <cmd>      MCP server command to wrap (required)
-                        e.g. "npx @modelcontextprotocol/server-filesystem /"
-    --port <n>          HTTP port (default: 3402)
-    --price <n>         Default credits per tool call (default: 1)
-    --rate-limit <n>    Max calls/min per key (default: 60, 0=unlimited)
-    --name <s>          Server display name (default: "PayGate MCP Server")
-    --shadow            Shadow mode — log but don't enforce payment
-    --admin-key <s>     Set admin key (default: auto-generated)
-    --tool-price <t:n>  Per-tool price override (e.g. "search:5,generate:10")
-    --import-key <k:c>  Import an existing API key with credits (e.g. "pg_abc123:100")
-    --state-file <path> Persist keys/credits to a JSON file (survives restarts)
+    --server <cmd>       MCP server command to wrap via stdio (required unless --remote-url)
+                         e.g. "npx @modelcontextprotocol/server-filesystem /"
+    --remote-url <url>   Remote MCP server URL (Streamable HTTP transport)
+                         e.g. "https://my-mcp-server.example.com/mcp"
+    --port <n>           HTTP port (default: 3402)
+    --price <n>          Default credits per tool call (default: 1)
+    --rate-limit <n>     Max calls/min per key (default: 60, 0=unlimited)
+    --name <s>           Server display name (default: "PayGate MCP Server")
+    --shadow             Shadow mode — log but don't enforce payment
+    --admin-key <s>      Set admin key (default: auto-generated)
+    --tool-price <t:n>   Per-tool price override (e.g. "search:5,generate:10")
+    --import-key <k:c>   Import an existing API key with credits (e.g. "pg_abc123:100")
+    --state-file <path>  Persist keys/credits to a JSON file (survives restarts)
+    --stripe-secret <s>  Stripe webhook signing secret (enables /stripe/webhook endpoint)
+    --daily-limit <n>    Default daily credit limit per key (0=unlimited)
+    --monthly-limit <n>  Default monthly credit limit per key (0=unlimited)
 
   EXAMPLES:
-    # Wrap a filesystem MCP server
+    # Wrap a local MCP server (stdio transport)
     paygate-mcp wrap --server "npx @modelcontextprotocol/server-filesystem /tmp"
 
+    # Gate a remote MCP server (Streamable HTTP transport)
+    paygate-mcp wrap --remote-url "https://my-server.example.com/mcp" --price 5
+
     # Custom pricing and rate limit
     paygate-mcp wrap --server "python my-server.py" --price 2 --rate-limit 30
 
@@ -82,15 +91,24 @@ async function main() {
     switch (command) {
         case 'wrap': {
             const serverCmd = flags['server'];
-            if (!serverCmd) {
-                console.error('Error: --server is required.\n');
+            const remoteUrl = flags['remote-url'];
+            if (!serverCmd && !remoteUrl) {
+                console.error('Error: --server or --remote-url is required.\n');
                 printUsage();
                 process.exit(1);
             }
-            // Parse server command into command + args
-            const parts = serverCmd.split(/\s+/);
-            const serverCommand = parts[0];
-            const serverArgs = parts.slice(1);
+            if (serverCmd && remoteUrl) {
+                console.error('Error: use --server OR --remote-url, not both.\n');
+                process.exit(1);
+            }
+            // Parse server command into command + args (stdio mode)
+            let serverCommand = '';
+            let serverArgs = [];
+            if (serverCmd) {
+                const parts = serverCmd.split(/\s+/);
+                serverCommand = parts[0];
+                serverArgs = parts.slice(1);
+            }
             const port = parseInt(flags['port'] || '3402', 10);
             const price = parseInt(flags['price'] || '1', 10);
             const rateLimit = parseInt(flags['rate-limit'] || '60', 10);
@@ -99,6 +117,7 @@ async function main() {
             const adminKey = flags['admin-key'];
             const toolPricing = flags['tool-price'] ? parseToolPricing(flags['tool-price']) : {};
             const stateFile = flags['state-file'];
+            const stripeSecret = flags['stripe-secret'];
             const server = new server_1.PayGateServer({
                 serverCommand,
                 serverArgs,
@@ -108,7 +127,7 @@ async function main() {
                 name,
                 shadowMode: !!shadowMode,
                 toolPricing,
-            }, adminKey, stateFile);
+            }, adminKey, stateFile, remoteUrl, stripeSecret);
             // Import keys if specified
             if (flags['import-key']) {
                 const pairs = flags['import-key'].split(',');
@@ -136,18 +155,20 @@ async function main() {
   ║                                                  ║
   ║  Endpoint:   http://localhost:${String(result.port).padEnd(5)}              ║
   ║  Admin Key:  ${result.adminKey.slice(0, 20)}...       ║
-  ║  Wrapping:   ${serverCmd.slice(0, 35).padEnd(35)}║
+  ║  Backend:    ${(remoteUrl ? 'HTTP → ' + remoteUrl.slice(0, 28) : 'stdio → ' + (serverCmd || '').slice(0, 27)).padEnd(35)}║
   ║                                                  ║
   ║  Pricing:    ${String(price).padEnd(3)} credit(s) per tool call       ║
   ║  Rate Limit: ${String(rateLimit).padEnd(3)} calls/min per key          ║
   ║  Shadow:     ${String(!!shadowMode).padEnd(5)}                            ║
   ║  Persist:    ${(stateFile ? stateFile.slice(0, 33) : 'off (in-memory)').padEnd(35)}║
+  ║  Stripe:     ${(stripeSecret ? 'enabled (/stripe/webhook)' : 'off').padEnd(35)}║
   ║                                                  ║
   ╠══════════════════════════════════════════════════╣
-  ║  POST /mcp     — JSON-RPC (X-API-Key header)    ║
-  ║  GET  /status  — Dashboard (X-Admin-Key header)  ║
-  ║  POST /keys    — Create key (X-Admin-Key header) ║
-  ║  POST /topup   — Add credits (X-Admin-Key header)║
+  ║  POST /mcp       — JSON-RPC (X-API-Key header)  ║
+  ║  GET  /dashboard — Admin web UI (open in browser)║
+  ║  GET  /balance   — Client balance (X-API-Key)    ║
+  ║  POST /keys      — Create key (X-Admin-Key)      ║
+  ║  POST /topup     — Add credits (X-Admin-Key)     ║
   ╚══════════════════════════════════════════════════╝
 `);
                 console.log(`  Admin key (save this): ${result.adminKey}\n`);
@@ -166,7 +187,7 @@ async function main() {
         case 'version':
         case '--version':
         case '-v':
-            console.log('paygate-mcp v0.1.4');
+            console.log('paygate-mcp v0.6.0');
             break;
         default:
             console.error(`Unknown command: ${command}\n`);

package/dist/cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AACA;;;;;;;;GAQG;;AAEH,qCAAyC;AAGzC,gFAAgF;AAEhF,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IAClC,MAAM,KAAK,GAA2B,EAAE,CAAC;IAEzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnC,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;gBAClB,CAAC,EAAE,CAAC;YACN,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BX,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,MAAM,OAAO,GAAgC,EAAE,CAAC;IAChD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,IAAI,IAAI,QAAQ,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;QAC3E,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,gFAAgF;AAEhF,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnD,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,MAAM,SAAS,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC;YAClC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;gBAChD,UAAU,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,2CAA2C;YAC3C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACrC,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAElC,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;YAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,oBAAoB,CAAC;YACnD,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,KAAK,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,SAAS,IAAI,QAAQ,IAAI,KAAK,CAAC;YACpG,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,CAAC;YACpC,MAAM,WAAW,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACrF,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC;YAEtC,MAAM,MAAM,GAAG,IAAI,sBAAa,CAAC;gBAC/B,aAAa;gBACb,UAAU;gBACV,IAAI;gBACJ,qBAAqB,EAAE,KAAK;gBAC5B,qBAAqB,EAAE,SAAS;gBAChC,IAAI;gBACJ,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,WAAW;aACZ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;YAExB,2BAA2B;YAC3B,IAAI,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;gBACxB,MAAM,KAAK,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC7C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC1C,IAAI,GAAG,IAAI,UAAU,EAAE,CAAC;wBACtB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;oBACvF,CAAC;gBACH,CAAC;YACH,CAAC;YAED,2BAA2B;YAC3B,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;gBAC1B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;gBAClC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC;YACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;gBACpC,OAAO,CAAC,GAAG,CAAC;;;;;oCAKgB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBAC9C,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;mBAC5B,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;;mBAEjC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBACvB,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBAC3B,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBAC9B,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;;;;;;;;CAQrF,CAAC,CAAC;gBACK,OAAO,CAAC,GAAG,CAAC,4BAA4B,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;YAC/D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,IAAI;YACP,UAAU,EAAE,CAAC;YACb,MAAM;QAER,KAAK,SAAS,CAAC;QACf,KAAK,WAAW,CAAC;QACjB,KAAK,IAAI;YACP,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;YAClC,MAAM;QAER;YACE,OAAO,CAAC,KAAK,CAAC,oBAAoB,OAAO,IAAI,CAAC,CAAC;YAC/C,UAAU,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AACA;;;;;;;;GAQG;;AAEH,qCAAyC;AAGzC,gFAAgF;AAEhF,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IAClC,MAAM,KAAK,GAA2B,EAAE,CAAC;IAEzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnC,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;gBAClB,CAAC,EAAE,CAAC;YACN,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCX,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,MAAM,OAAO,GAAgC,EAAE,CAAC;IAChD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,IAAI,IAAI,QAAQ,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;QAC3E,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,gFAAgF;AAEhF,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnD,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,MAAM,SAAS,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC;YAClC,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC;YAEtC,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC7B,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;gBAChE,UAAU,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;gBAC3B,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;gBAClE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,wDAAwD;YACxD,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,IAAI,UAAU,GAAa,EAAE,CAAC;YAC9B,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBACrC,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACzB,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC9B,CAAC;YAED,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;YAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,oBAAoB,CAAC;YACnD,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,KAAK,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,SAAS,IAAI,QAAQ,IAAI,KAAK,CAAC;YACpG,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,CAAC;YACpC,MAAM,WAAW,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACrF,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC;YACtC,MAAM,YAAY,GAAG,KAAK,CAAC,eAAe,CAAC,CAAC;YAE5C,MAAM,MAAM,GAAG,IAAI,sBAAa,CAAC;gBAC/B,aAAa;gBACb,UAAU;gBACV,IAAI;gBACJ,qBAAqB,EAAE,KAAK;gBAC5B,qBAAqB,EAAE,SAAS;gBAChC,IAAI;gBACJ,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,WAAW;aACZ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;YAEjD,2BAA2B;YAC3B,IAAI,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;gBACxB,MAAM,KAAK,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC7C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC1C,IAAI,GAAG,IAAI,UAAU,EAAE,CAAC;wBACtB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;oBACvF,CAAC;gBACH,CAAC;YACH,CAAC;YAED,2BAA2B;YAC3B,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;gBAC1B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;gBAClC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC;YACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;gBACpC,OAAO,CAAC,GAAG,CAAC;;;;;oCAKgB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBAC9C,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;mBAC5B,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;;mBAEzG,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBACvB,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBAC3B,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBAC9B,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;mBACnE,CAAC,YAAY,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;;;;;;;;;CASjF,CAAC,CAAC;gBACK,OAAO,CAAC,GAAG,CAAC,4BAA4B,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;YAC/D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,IAAI;YACP,UAAU,EAAE,CAAC;YACb,MAAM;QAER,KAAK,SAAS,CAAC;QACf,KAAK,WAAW,CAAC;QACjB,KAAK,IAAI;YACP,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;YAClC,MAAM;QAER;YACE,OAAO,CAAC,KAAK,CAAC,oBAAoB,OAAO,IAAI,CAAC,CAAC;YAC/C,UAAU,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/dashboard.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Admin Dashboard — Embedded HTML dashboard for PayGate MCP.
+ *
+ * Served at GET /dashboard. Admin key entered via browser prompt.
+ * Uses only inline CSS and vanilla JS — no external dependencies.
+ * All dynamic content is escaped to prevent XSS.
+ *
+ * Features:
+ *   - Overview cards: active keys, total calls, credits spent, denied
+ *   - Top tools breakdown (bar chart)
+ *   - Recent activity feed
+ *   - Key management (create, revoke, top-up)
+ *   - Auto-refresh every 30s
+ */
+export declare function getDashboardHtml(serverName: string): string;
+//# sourceMappingURL=dashboard.d.ts.map

package/dist/dashboard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dashboard.d.ts","sourceRoot":"","sources":["../src/dashboard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAyZ3D"}