paygate-mcp 0.6.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +177 -33
- package/dist/cli.d.ts +1 -2
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +76 -39
- package/dist/cli.js.map +1 -1
- package/dist/gate.d.ts +30 -2
- package/dist/gate.d.ts.map +1 -1
- package/dist/gate.js +122 -17
- package/dist/gate.js.map +1 -1
- package/dist/http-proxy.d.ts.map +1 -1
- package/dist/http-proxy.js +13 -2
- package/dist/http-proxy.js.map +1 -1
- package/dist/index.d.ts +2 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -1
- package/dist/index.js.map +1 -1
- package/dist/proxy.d.ts.map +1 -1
- package/dist/proxy.js +27 -5
- package/dist/proxy.js.map +1 -1
- package/dist/rate-limiter.d.ts +9 -0
- package/dist/rate-limiter.d.ts.map +1 -1
- package/dist/rate-limiter.js +36 -0
- package/dist/rate-limiter.js.map +1 -1
- package/dist/server.d.ts +3 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +137 -33
- package/dist/server.js.map +1 -1
- package/dist/store.d.ts +35 -38
- package/dist/store.d.ts.map +1 -1
- package/dist/store.js +92 -108
- package/dist/store.js.map +1 -1
- package/dist/types.d.ts +12 -8
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +2 -0
- package/dist/types.js.map +1 -1
- package/dist/webhook.d.ts +21 -0
- package/dist/webhook.d.ts.map +1 -0
- package/dist/webhook.js +89 -0
- package/dist/webhook.js.map +1 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -28,9 +28,16 @@ Agent → PayGate (auth + billing) → Your MCP Server (stdio or HTTP)
|
|
|
28
28
|
|
|
29
29
|
- **API Key Auth** — Clients need a valid `X-API-Key` to call tools
|
|
30
30
|
- **Credit Billing** — Each tool call costs credits (configurable per-tool)
|
|
31
|
-
- **Rate Limiting** — Sliding window per-key rate limits
|
|
31
|
+
- **Rate Limiting** — Sliding window per-key rate limits + per-tool rate limits
|
|
32
32
|
- **Usage Metering** — Track who called what, when, and how much they spent
|
|
33
33
|
- **Two Transports** — Wrap local servers via stdio or remote servers via Streamable HTTP
|
|
34
|
+
- **Per-Tool ACL** — Whitelist/blacklist tools per API key (enterprise access control)
|
|
35
|
+
- **Per-Tool Rate Limits** — Independent rate limits per tool, not just global
|
|
36
|
+
- **Key Expiry (TTL)** — Auto-expire API keys after a set time
|
|
37
|
+
- **Spending Limits** — Cap total spend per API key to prevent runaway costs
|
|
38
|
+
- **Refund on Failure** — Automatically refund credits when downstream tool calls fail
|
|
39
|
+
- **Webhook Events** — POST batched usage events to any URL for external billing/alerting
|
|
40
|
+
- **Config File Mode** — Load all settings from a JSON file (`--config`)
|
|
34
41
|
- **Shadow Mode** — Log everything without enforcing payment (for testing)
|
|
35
42
|
- **Persistent Storage** — Keys and credits survive restarts with `--state-file`
|
|
36
43
|
- **Zero Dependencies** — No external npm packages. Uses only Node.js built-ins.
|
|
@@ -123,28 +130,7 @@ curl http://localhost:3402/balance \
|
|
|
123
130
|
-H "X-API-Key: CLIENT_API_KEY"
|
|
124
131
|
```
|
|
125
132
|
|
|
126
|
-
Returns credits, total spent, call count, and last used timestamp.
|
|
127
|
-
|
|
128
|
-
### Set Spending Limits (Admin)
|
|
129
|
-
|
|
130
|
-
```bash
|
|
131
|
-
# Set daily and monthly credit caps for a key
|
|
132
|
-
curl -X POST http://localhost:3402/keys/limits \
|
|
133
|
-
-H "Content-Type: application/json" \
|
|
134
|
-
-H "X-Admin-Key: YOUR_ADMIN_KEY" \
|
|
135
|
-
-d '{"key": "CLIENT_API_KEY", "dailyLimit": 50, "monthlyLimit": 500}'
|
|
136
|
-
```
|
|
137
|
-
|
|
138
|
-
Prevents runaway AI agents from draining credits. When a key's daily or monthly spend reaches its cap, further tool calls are denied until the next day/month (UTC). Set to 0 for unlimited.
|
|
139
|
-
|
|
140
|
-
You can also set limits when creating a key:
|
|
141
|
-
|
|
142
|
-
```bash
|
|
143
|
-
curl -X POST http://localhost:3402/keys \
|
|
144
|
-
-H "Content-Type: application/json" \
|
|
145
|
-
-H "X-Admin-Key: YOUR_ADMIN_KEY" \
|
|
146
|
-
-d '{"name": "agent-key", "credits": 1000, "dailyLimit": 50, "monthlyLimit": 500}'
|
|
147
|
-
```
|
|
133
|
+
Returns credits, total spent, call count, and last used timestamp. Clients can check their own balance without needing admin access.
|
|
148
134
|
|
|
149
135
|
### Export Usage Data (Admin)
|
|
150
136
|
|
|
@@ -188,12 +174,14 @@ A real-time admin UI for managing keys, viewing usage, and monitoring tool calls
|
|
|
188
174
|
| Endpoint | Method | Auth | Description |
|
|
189
175
|
|----------|--------|------|-------------|
|
|
190
176
|
| `/mcp` | POST | `X-API-Key` | JSON-RPC 2.0 proxy to wrapped MCP server |
|
|
191
|
-
| `/balance` | GET | `X-API-Key` | Client self-service — check own credits |
|
|
192
|
-
| `/keys` | POST | `X-Admin-Key` | Create
|
|
193
|
-
| `/keys` | GET | `X-Admin-Key` | List all keys (masked) |
|
|
177
|
+
| `/balance` | GET | `X-API-Key` | Client self-service — check own credits, ACL, expiry |
|
|
178
|
+
| `/keys` | POST | `X-Admin-Key` | Create API key (with ACL, expiry, credits) |
|
|
179
|
+
| `/keys` | GET | `X-Admin-Key` | List all keys (masked, with expiry status) |
|
|
194
180
|
| `/topup` | POST | `X-Admin-Key` | Add credits to an existing key |
|
|
195
181
|
| `/keys/revoke` | POST | `X-Admin-Key` | Revoke an API key |
|
|
196
|
-
| `/keys/
|
|
182
|
+
| `/keys/acl` | POST | `X-Admin-Key` | Set tool ACL (whitelist/blacklist) on a key |
|
|
183
|
+
| `/keys/expiry` | POST | `X-Admin-Key` | Set or remove key expiry (TTL) |
|
|
184
|
+
| `/limits` | POST | `X-Admin-Key` | Set spending limit on a key |
|
|
197
185
|
| `/usage` | GET | `X-Admin-Key` | Export usage data (JSON or CSV) |
|
|
198
186
|
| `/status` | GET | `X-Admin-Key` | Full dashboard with usage stats |
|
|
199
187
|
| `/dashboard` | GET | None (admin key in-browser) | Real-time admin web dashboard |
|
|
@@ -220,8 +208,9 @@ These MCP methods pass through without auth or billing:
|
|
|
220
208
|
--import-key <k:c> Import existing key with credits (e.g. "pg_abc:100")
|
|
221
209
|
--state-file <path> Persist keys/credits to a JSON file (survives restarts)
|
|
222
210
|
--stripe-secret <s> Stripe webhook signing secret (enables /stripe/webhook)
|
|
223
|
-
--
|
|
224
|
-
--
|
|
211
|
+
--webhook-url <url> POST batched usage events to this URL
|
|
212
|
+
--refund-on-failure Refund credits when downstream tool call fails
|
|
213
|
+
--config <path> Load settings from a JSON config file
|
|
225
214
|
```
|
|
226
215
|
|
|
227
216
|
> **Note:** Use `--server` OR `--remote-url`, not both.
|
|
@@ -261,6 +250,150 @@ When a customer completes payment, credits are automatically added to their API
|
|
|
261
250
|
- Payment status verification (only `paid` triggers credits)
|
|
262
251
|
- Zero dependencies — uses Node.js built-in `crypto`
|
|
263
252
|
|
|
253
|
+
### Per-Tool ACL (Access Control)
|
|
254
|
+
|
|
255
|
+
Control which tools each API key can access:
|
|
256
|
+
|
|
257
|
+
```bash
|
|
258
|
+
# Create a key that can only access search and read tools
|
|
259
|
+
curl -X POST http://localhost:3402/keys \
|
|
260
|
+
-H "Content-Type: application/json" \
|
|
261
|
+
-H "X-Admin-Key: YOUR_ADMIN_KEY" \
|
|
262
|
+
-d '{"name": "limited-client", "credits": 100, "allowedTools": ["search", "read_file"]}'
|
|
263
|
+
|
|
264
|
+
# Create a key with specific tools blocked
|
|
265
|
+
curl -X POST http://localhost:3402/keys \
|
|
266
|
+
-H "Content-Type: application/json" \
|
|
267
|
+
-H "X-Admin-Key: YOUR_ADMIN_KEY" \
|
|
268
|
+
-d '{"name": "safe-client", "credits": 100, "deniedTools": ["delete_file", "admin_reset"]}'
|
|
269
|
+
|
|
270
|
+
# Update ACL on an existing key
|
|
271
|
+
curl -X POST http://localhost:3402/keys/acl \
|
|
272
|
+
-H "Content-Type: application/json" \
|
|
273
|
+
-H "X-Admin-Key: YOUR_ADMIN_KEY" \
|
|
274
|
+
-d '{"key": "CLIENT_API_KEY", "allowedTools": ["search"], "deniedTools": ["admin"]}'
|
|
275
|
+
```
|
|
276
|
+
|
|
277
|
+
- **allowedTools** (whitelist): Only these tools are accessible. Empty = all tools.
|
|
278
|
+
- **deniedTools** (blacklist): These tools are always denied. Applied after allowedTools.
|
|
279
|
+
- ACL also filters `tools/list` — clients only see their permitted tools.
|
|
280
|
+
|
|
281
|
+
### Per-Tool Rate Limits
|
|
282
|
+
|
|
283
|
+
Set independent rate limits per tool (on top of the global limit):
|
|
284
|
+
|
|
285
|
+
```json
|
|
286
|
+
{
|
|
287
|
+
"toolPricing": {
|
|
288
|
+
"expensive_analyze": { "creditsPerCall": 10, "rateLimitPerMin": 5 },
|
|
289
|
+
"search": { "creditsPerCall": 1, "rateLimitPerMin": 30 },
|
|
290
|
+
"cheap_read": { "creditsPerCall": 1 }
|
|
291
|
+
}
|
|
292
|
+
}
|
|
293
|
+
```
|
|
294
|
+
|
|
295
|
+
Per-tool limits are enforced independently per API key. A key can be rate-limited on one tool while still accessing others. The global `--rate-limit` applies across all tools.
|
|
296
|
+
|
|
297
|
+
### Key Expiry (TTL)
|
|
298
|
+
|
|
299
|
+
Create API keys that auto-expire:
|
|
300
|
+
|
|
301
|
+
```bash
|
|
302
|
+
# Create a key that expires in 1 hour (3600 seconds)
|
|
303
|
+
curl -X POST http://localhost:3402/keys \
|
|
304
|
+
-H "Content-Type: application/json" \
|
|
305
|
+
-H "X-Admin-Key: YOUR_ADMIN_KEY" \
|
|
306
|
+
-d '{"name": "trial-user", "credits": 50, "expiresIn": 3600}'
|
|
307
|
+
|
|
308
|
+
# Create a key with a specific expiry date
|
|
309
|
+
curl -X POST http://localhost:3402/keys \
|
|
310
|
+
-H "Content-Type: application/json" \
|
|
311
|
+
-H "X-Admin-Key: YOUR_ADMIN_KEY" \
|
|
312
|
+
-d '{"name": "quarterly", "credits": 1000, "expiresAt": "2026-06-01T00:00:00Z"}'
|
|
313
|
+
|
|
314
|
+
# Set or extend expiry on an existing key
|
|
315
|
+
curl -X POST http://localhost:3402/keys/expiry \
|
|
316
|
+
-H "Content-Type: application/json" \
|
|
317
|
+
-H "X-Admin-Key: YOUR_ADMIN_KEY" \
|
|
318
|
+
-d '{"key": "CLIENT_API_KEY", "expiresIn": 86400}'
|
|
319
|
+
|
|
320
|
+
# Remove expiry (key never expires)
|
|
321
|
+
curl -X POST http://localhost:3402/keys/expiry \
|
|
322
|
+
-H "Content-Type: application/json" \
|
|
323
|
+
-H "X-Admin-Key: YOUR_ADMIN_KEY" \
|
|
324
|
+
-d '{"key": "CLIENT_API_KEY", "expiresAt": null}'
|
|
325
|
+
```
|
|
326
|
+
|
|
327
|
+
Expired keys return a clear `api_key_expired` error. Admins can extend or remove expiry at any time.
|
|
328
|
+
|
|
329
|
+
### Spending Limits
|
|
330
|
+
|
|
331
|
+
Cap the total credits any API key can spend:
|
|
332
|
+
|
|
333
|
+
```bash
|
|
334
|
+
# Set a spending limit on a key (admin only)
|
|
335
|
+
curl -X POST http://localhost:3402/limits \
|
|
336
|
+
-H "Content-Type: application/json" \
|
|
337
|
+
-H "X-Admin-Key: YOUR_ADMIN_KEY" \
|
|
338
|
+
-d '{"key": "CLIENT_API_KEY", "spendingLimit": 500}'
|
|
339
|
+
|
|
340
|
+
# Check remaining budget
|
|
341
|
+
curl http://localhost:3402/balance -H "X-API-Key: CLIENT_API_KEY"
|
|
342
|
+
# → { "spendingLimit": 500, "remainingBudget": 350, ... }
|
|
343
|
+
```
|
|
344
|
+
|
|
345
|
+
Set `spendingLimit` to `0` for unlimited. When a key hits its limit, tool calls are denied with a clear error.
|
|
346
|
+
|
|
347
|
+
### Refund on Failure
|
|
348
|
+
|
|
349
|
+
Automatically return credits when a downstream tool call fails:
|
|
350
|
+
|
|
351
|
+
```bash
|
|
352
|
+
npx paygate-mcp wrap --server "node server.js" --refund-on-failure
|
|
353
|
+
```
|
|
354
|
+
|
|
355
|
+
Credits are deducted before the tool call. If the wrapped server returns an error, credits are refunded and `totalSpent` / `totalCalls` are rolled back. Prevents charging users for failed operations.
|
|
356
|
+
|
|
357
|
+
### Webhook Events
|
|
358
|
+
|
|
359
|
+
POST usage events to any external URL for billing, alerting, or analytics:
|
|
360
|
+
|
|
361
|
+
```bash
|
|
362
|
+
npx paygate-mcp wrap --server "node server.js" --webhook-url "https://billing.example.com/events"
|
|
363
|
+
```
|
|
364
|
+
|
|
365
|
+
Events are batched (up to 10 per POST) and flushed every 5 seconds. Each event includes tool name, credits charged, API key, and timestamp. Fire-and-forget with one retry on failure.
|
|
366
|
+
|
|
367
|
+
### Config File Mode
|
|
368
|
+
|
|
369
|
+
Load all settings from a JSON file instead of CLI flags:
|
|
370
|
+
|
|
371
|
+
```bash
|
|
372
|
+
npx paygate-mcp wrap --config paygate.json
|
|
373
|
+
```
|
|
374
|
+
|
|
375
|
+
Example `paygate.json`:
|
|
376
|
+
```json
|
|
377
|
+
{
|
|
378
|
+
"serverCommand": "npx",
|
|
379
|
+
"serverArgs": ["@modelcontextprotocol/server-filesystem", "/tmp"],
|
|
380
|
+
"port": 3402,
|
|
381
|
+
"defaultCreditsPerCall": 2,
|
|
382
|
+
"globalRateLimitPerMin": 30,
|
|
383
|
+
"webhookUrl": "https://billing.example.com/events",
|
|
384
|
+
"refundOnFailure": true,
|
|
385
|
+
"stateFile": "~/.paygate/state.json",
|
|
386
|
+
"toolPricing": {
|
|
387
|
+
"premium_analyze": { "creditsPerCall": 10 }
|
|
388
|
+
},
|
|
389
|
+
"importKeys": {
|
|
390
|
+
"pg_abc123def456": 500
|
|
391
|
+
}
|
|
392
|
+
}
|
|
393
|
+
```
|
|
394
|
+
|
|
395
|
+
CLI flags override config file values when both are specified.
|
|
396
|
+
|
|
264
397
|
## Programmatic API
|
|
265
398
|
|
|
266
399
|
```typescript
|
|
@@ -298,9 +431,12 @@ const { port, adminKey } = await server.start();
|
|
|
298
431
|
- API keys never forwarded to remote servers (HTTP transport)
|
|
299
432
|
- Rate limiting is per-key, concurrent-safe
|
|
300
433
|
- Stripe webhook signature verification (HMAC-SHA256, timing-safe)
|
|
301
|
-
- Per-key daily/monthly spending caps (budget protection)
|
|
302
434
|
- Dashboard uses safe DOM methods (textContent/createElement) — no innerHTML
|
|
303
|
-
-
|
|
435
|
+
- Webhook URLs masked in status output
|
|
436
|
+
- Spending limits enforced with integer arithmetic (no float bypass)
|
|
437
|
+
- Per-tool ACL enforcement (whitelist + blacklist, sanitized inputs)
|
|
438
|
+
- Key expiry with fail-closed behavior (expired = denied)
|
|
439
|
+
- Red-teamed with 101 adversarial security tests across 14 passes
|
|
304
440
|
|
|
305
441
|
## Current Limitations
|
|
306
442
|
|
|
@@ -315,8 +451,16 @@ const { port, adminKey } = await server.start();
|
|
|
315
451
|
- [x] Client self-service balance check (`/balance`)
|
|
316
452
|
- [x] Usage data export — JSON and CSV (`/usage`)
|
|
317
453
|
- [x] Admin web dashboard (`/dashboard`)
|
|
318
|
-
- [x] Per-key spending limits
|
|
319
|
-
- [
|
|
454
|
+
- [x] Per-key spending limits (`/limits`)
|
|
455
|
+
- [x] Webhook events (`--webhook-url`)
|
|
456
|
+
- [x] Refund on failure (`--refund-on-failure`)
|
|
457
|
+
- [x] Config file mode (`--config`)
|
|
458
|
+
- [x] Per-tool ACL — whitelist/blacklist tools per key
|
|
459
|
+
- [x] Per-tool rate limits — independent limits per tool
|
|
460
|
+
- [x] Key expiry (TTL) — auto-expire API keys
|
|
461
|
+
- [ ] Multi-server mode — wrap N MCP servers behind one PayGate
|
|
462
|
+
- [ ] Client SDK — `@paygate-mcp/client` with auto 402 retry
|
|
463
|
+
- [ ] OAuth 2.1 — MCP spec mandates it for production
|
|
320
464
|
|
|
321
465
|
## Requirements
|
|
322
466
|
|
package/dist/cli.d.ts
CHANGED
|
@@ -5,8 +5,7 @@
|
|
|
5
5
|
* Usage:
|
|
6
6
|
* npx paygate-mcp wrap --server "npx my-mcp-server" --port 3402
|
|
7
7
|
* npx paygate-mcp wrap --server "python server.py" --price 2 --rate-limit 30
|
|
8
|
-
* npx paygate-mcp
|
|
9
|
-
* npx paygate-mcp status
|
|
8
|
+
* npx paygate-mcp wrap --config paygate.json
|
|
10
9
|
*/
|
|
11
10
|
export {};
|
|
12
11
|
//# sourceMappingURL=cli.d.ts.map
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG"}
|
package/dist/cli.js
CHANGED
|
@@ -6,11 +6,21 @@
|
|
|
6
6
|
* Usage:
|
|
7
7
|
* npx paygate-mcp wrap --server "npx my-mcp-server" --port 3402
|
|
8
8
|
* npx paygate-mcp wrap --server "python server.py" --price 2 --rate-limit 30
|
|
9
|
-
* npx paygate-mcp
|
|
10
|
-
* npx paygate-mcp status
|
|
9
|
+
* npx paygate-mcp wrap --config paygate.json
|
|
11
10
|
*/
|
|
12
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
13
12
|
const server_1 = require("./server");
|
|
13
|
+
const fs_1 = require("fs");
|
|
14
|
+
const path_1 = require("path");
|
|
15
|
+
const PKG_VERSION = (() => {
|
|
16
|
+
try {
|
|
17
|
+
const pkg = JSON.parse((0, fs_1.readFileSync)((0, path_1.join)(__dirname, '..', 'package.json'), 'utf-8'));
|
|
18
|
+
return pkg.version || '0.0.0';
|
|
19
|
+
}
|
|
20
|
+
catch {
|
|
21
|
+
return '0.0.0';
|
|
22
|
+
}
|
|
23
|
+
})();
|
|
14
24
|
// ─── Helpers ─────────────────────────────────────────────────────────────────
|
|
15
25
|
function parseArgs(argv) {
|
|
16
26
|
const command = argv[2] || 'help';
|
|
@@ -38,24 +48,26 @@ function printUsage() {
|
|
|
38
48
|
USAGE:
|
|
39
49
|
paygate-mcp wrap --server <command> [options] # stdio transport
|
|
40
50
|
paygate-mcp wrap --remote-url <url> [options] # Streamable HTTP transport
|
|
51
|
+
paygate-mcp wrap --config <path> [options] # load from config file
|
|
41
52
|
|
|
42
53
|
OPTIONS:
|
|
43
|
-
--server <cmd>
|
|
44
|
-
|
|
45
|
-
--remote-url <url>
|
|
46
|
-
|
|
47
|
-
--
|
|
48
|
-
--
|
|
49
|
-
--
|
|
50
|
-
--
|
|
51
|
-
--
|
|
52
|
-
--
|
|
53
|
-
--
|
|
54
|
-
--
|
|
55
|
-
--
|
|
56
|
-
--
|
|
57
|
-
--
|
|
58
|
-
--
|
|
54
|
+
--server <cmd> MCP server command to wrap via stdio (required unless --remote-url or --config)
|
|
55
|
+
e.g. "npx @modelcontextprotocol/server-filesystem /"
|
|
56
|
+
--remote-url <url> Remote MCP server URL (Streamable HTTP transport)
|
|
57
|
+
e.g. "https://my-mcp-server.example.com/mcp"
|
|
58
|
+
--config <path> Load all settings from a JSON file
|
|
59
|
+
--port <n> HTTP port (default: 3402)
|
|
60
|
+
--price <n> Default credits per tool call (default: 1)
|
|
61
|
+
--rate-limit <n> Max calls/min per key (default: 60, 0=unlimited)
|
|
62
|
+
--name <s> Server display name (default: "PayGate MCP Server")
|
|
63
|
+
--shadow Shadow mode — log but don't enforce payment
|
|
64
|
+
--admin-key <s> Set admin key (default: auto-generated)
|
|
65
|
+
--tool-price <t:n> Per-tool price override (e.g. "search:5,generate:10")
|
|
66
|
+
--import-key <k:c> Import an existing API key with credits (e.g. "pg_abc123:100")
|
|
67
|
+
--state-file <path> Persist keys/credits to a JSON file (survives restarts)
|
|
68
|
+
--stripe-secret <s> Stripe webhook signing secret (enables /stripe/webhook endpoint)
|
|
69
|
+
--webhook-url <url> POST usage events to this URL (batched)
|
|
70
|
+
--refund-on-failure Refund credits when downstream tool call fails
|
|
59
71
|
|
|
60
72
|
EXAMPLES:
|
|
61
73
|
# Wrap a local MCP server (stdio transport)
|
|
@@ -70,8 +82,8 @@ function printUsage() {
|
|
|
70
82
|
# Shadow mode (observe without enforcing)
|
|
71
83
|
paygate-mcp wrap --server "node server.js" --shadow
|
|
72
84
|
|
|
73
|
-
#
|
|
74
|
-
paygate-mcp wrap --
|
|
85
|
+
# Load config from file
|
|
86
|
+
paygate-mcp wrap --config paygate.json
|
|
75
87
|
`);
|
|
76
88
|
}
|
|
77
89
|
function parseToolPricing(input) {
|
|
@@ -90,10 +102,22 @@ async function main() {
|
|
|
90
102
|
const { command, flags } = parseArgs(process.argv);
|
|
91
103
|
switch (command) {
|
|
92
104
|
case 'wrap': {
|
|
93
|
-
|
|
94
|
-
|
|
105
|
+
// Load config file if specified
|
|
106
|
+
let fileConfig = {};
|
|
107
|
+
if (flags['config']) {
|
|
108
|
+
try {
|
|
109
|
+
const raw = (0, fs_1.readFileSync)(flags['config'], 'utf-8');
|
|
110
|
+
fileConfig = JSON.parse(raw);
|
|
111
|
+
}
|
|
112
|
+
catch (err) {
|
|
113
|
+
console.error(`Error loading config file: ${err.message}`);
|
|
114
|
+
process.exit(1);
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
const serverCmd = flags['server'] || (fileConfig.serverCommand ? [fileConfig.serverCommand, ...(fileConfig.serverArgs || [])].join(' ') : '');
|
|
118
|
+
const remoteUrl = flags['remote-url'] || fileConfig.remoteUrl;
|
|
95
119
|
if (!serverCmd && !remoteUrl) {
|
|
96
|
-
console.error('Error: --server
|
|
120
|
+
console.error('Error: --server, --remote-url, or --config is required.\n');
|
|
97
121
|
printUsage();
|
|
98
122
|
process.exit(1);
|
|
99
123
|
}
|
|
@@ -102,22 +126,24 @@ async function main() {
|
|
|
102
126
|
process.exit(1);
|
|
103
127
|
}
|
|
104
128
|
// Parse server command into command + args (stdio mode)
|
|
105
|
-
let serverCommand = '';
|
|
106
|
-
let serverArgs = [];
|
|
107
|
-
if (
|
|
108
|
-
const parts =
|
|
129
|
+
let serverCommand = fileConfig.serverCommand || '';
|
|
130
|
+
let serverArgs = fileConfig.serverArgs || [];
|
|
131
|
+
if (flags['server']) {
|
|
132
|
+
const parts = flags['server'].split(/\s+/);
|
|
109
133
|
serverCommand = parts[0];
|
|
110
134
|
serverArgs = parts.slice(1);
|
|
111
135
|
}
|
|
112
|
-
const port = parseInt(flags['port'] ||
|
|
113
|
-
const price = parseInt(flags['price'] ||
|
|
114
|
-
const rateLimit = parseInt(flags['rate-limit'] ||
|
|
115
|
-
const name = flags['name'] || 'PayGate MCP Server';
|
|
116
|
-
const shadowMode = flags['shadow'] === 'true' || flags['shadow'] === undefined
|
|
117
|
-
const adminKey = flags['admin-key'];
|
|
118
|
-
const toolPricing = flags['tool-price'] ? parseToolPricing(flags['tool-price']) : {};
|
|
119
|
-
const stateFile = flags['state-file'];
|
|
120
|
-
const stripeSecret = flags['stripe-secret'];
|
|
136
|
+
const port = parseInt(flags['port'] || String(fileConfig.port || 3402), 10);
|
|
137
|
+
const price = parseInt(flags['price'] || String(fileConfig.defaultCreditsPerCall || 1), 10);
|
|
138
|
+
const rateLimit = parseInt(flags['rate-limit'] || String(fileConfig.globalRateLimitPerMin || 60), 10);
|
|
139
|
+
const name = flags['name'] || fileConfig.serverCommand && 'PayGate MCP Server' || 'PayGate MCP Server';
|
|
140
|
+
const shadowMode = flags['shadow'] === 'true' || ('shadow' in flags && flags['shadow'] === undefined) || fileConfig.shadowMode || false;
|
|
141
|
+
const adminKey = flags['admin-key'] || fileConfig.adminKey;
|
|
142
|
+
const toolPricing = flags['tool-price'] ? parseToolPricing(flags['tool-price']) : (fileConfig.toolPricing || {});
|
|
143
|
+
const stateFile = flags['state-file'] || fileConfig.stateFile;
|
|
144
|
+
const stripeSecret = flags['stripe-secret'] || fileConfig.stripeWebhookSecret;
|
|
145
|
+
const webhookUrl = flags['webhook-url'] || fileConfig.webhookUrl || null;
|
|
146
|
+
const refundOnFailure = flags['refund-on-failure'] === 'true' || 'refund-on-failure' in flags || fileConfig.refundOnFailure || false;
|
|
121
147
|
const server = new server_1.PayGateServer({
|
|
122
148
|
serverCommand,
|
|
123
149
|
serverArgs,
|
|
@@ -127,8 +153,10 @@ async function main() {
|
|
|
127
153
|
name,
|
|
128
154
|
shadowMode: !!shadowMode,
|
|
129
155
|
toolPricing,
|
|
156
|
+
webhookUrl,
|
|
157
|
+
refundOnFailure: !!refundOnFailure,
|
|
130
158
|
}, adminKey, stateFile, remoteUrl, stripeSecret);
|
|
131
|
-
// Import keys
|
|
159
|
+
// Import keys from CLI flags
|
|
132
160
|
if (flags['import-key']) {
|
|
133
161
|
const pairs = flags['import-key'].split(',');
|
|
134
162
|
for (const pair of pairs) {
|
|
@@ -138,6 +166,12 @@ async function main() {
|
|
|
138
166
|
}
|
|
139
167
|
}
|
|
140
168
|
}
|
|
169
|
+
// Import keys from config file
|
|
170
|
+
if (fileConfig.importKeys) {
|
|
171
|
+
for (const [key, credits] of Object.entries(fileConfig.importKeys)) {
|
|
172
|
+
server.gate.store.importKey(key, 'imported', credits);
|
|
173
|
+
}
|
|
174
|
+
}
|
|
141
175
|
// Handle graceful shutdown
|
|
142
176
|
const shutdown = async () => {
|
|
143
177
|
console.log('\nShutting down...');
|
|
@@ -155,13 +189,15 @@ async function main() {
|
|
|
155
189
|
║ ║
|
|
156
190
|
║ Endpoint: http://localhost:${String(result.port).padEnd(5)} ║
|
|
157
191
|
║ Admin Key: ${result.adminKey.slice(0, 20)}... ║
|
|
158
|
-
║ Backend: ${(remoteUrl ? 'HTTP → ' + remoteUrl.slice(0, 28) : 'stdio → ' + (serverCmd ||
|
|
192
|
+
║ Backend: ${(remoteUrl ? 'HTTP → ' + remoteUrl.slice(0, 28) : 'stdio → ' + (serverCmd || serverCommand).slice(0, 27)).padEnd(35)}║
|
|
159
193
|
║ ║
|
|
160
194
|
║ Pricing: ${String(price).padEnd(3)} credit(s) per tool call ║
|
|
161
195
|
║ Rate Limit: ${String(rateLimit).padEnd(3)} calls/min per key ║
|
|
162
196
|
║ Shadow: ${String(!!shadowMode).padEnd(5)} ║
|
|
163
197
|
║ Persist: ${(stateFile ? stateFile.slice(0, 33) : 'off (in-memory)').padEnd(35)}║
|
|
164
198
|
║ Stripe: ${(stripeSecret ? 'enabled (/stripe/webhook)' : 'off').padEnd(35)}║
|
|
199
|
+
║ Refund: ${String(!!refundOnFailure).padEnd(35)}║
|
|
200
|
+
║ Webhook: ${(webhookUrl ? webhookUrl.slice(0, 33) : 'off').padEnd(35)}║
|
|
165
201
|
║ ║
|
|
166
202
|
╠══════════════════════════════════════════════════╣
|
|
167
203
|
║ POST /mcp — JSON-RPC (X-API-Key header) ║
|
|
@@ -169,6 +205,7 @@ async function main() {
|
|
|
169
205
|
║ GET /balance — Client balance (X-API-Key) ║
|
|
170
206
|
║ POST /keys — Create key (X-Admin-Key) ║
|
|
171
207
|
║ POST /topup — Add credits (X-Admin-Key) ║
|
|
208
|
+
║ POST /limits — Set spending limit (Admin) ║
|
|
172
209
|
╚══════════════════════════════════════════════════╝
|
|
173
210
|
`);
|
|
174
211
|
console.log(` Admin key (save this): ${result.adminKey}\n`);
|
|
@@ -187,7 +224,7 @@ async function main() {
|
|
|
187
224
|
case 'version':
|
|
188
225
|
case '--version':
|
|
189
226
|
case '-v':
|
|
190
|
-
console.log(
|
|
227
|
+
console.log(`paygate-mcp v${PKG_VERSION}`);
|
|
191
228
|
break;
|
|
192
229
|
default:
|
|
193
230
|
console.error(`Unknown command: ${command}\n`);
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AACA
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AACA;;;;;;;GAOG;;AAEH,qCAAyC;AAEzC,2BAAkC;AAClC,+BAA4B;AAE5B,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QACrF,OAAO,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,OAAO,CAAC;IAAC,CAAC;AAC7B,CAAC,CAAC,EAAE,CAAC;AAEL,gFAAgF;AAEhF,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IAClC,MAAM,KAAK,GAA2B,EAAE,CAAC;IAEzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnC,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;gBAClB,CAAC,EAAE,CAAC;YACN,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CX,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,MAAM,OAAO,GAAgC,EAAE,CAAC;IAChD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,IAAI,IAAI,QAAQ,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;QAC3E,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAmBD,gFAAgF;AAEhF,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnD,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,gCAAgC;YAChC,IAAI,UAAU,GAAe,EAAE,CAAC;YAChC,IAAI,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpB,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC;oBACnD,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC/B,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,KAAK,CAAC,8BAA+B,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;oBACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,MAAM,SAAS,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,EAAE,GAAG,CAAC,UAAU,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC9I,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC;YAE9D,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC7B,OAAO,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;gBAC3E,UAAU,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;gBAC3B,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;gBAClE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,wDAAwD;YACxD,IAAI,aAAa,GAAG,UAAU,CAAC,aAAa,IAAI,EAAE,CAAC;YACnD,IAAI,UAAU,GAAa,UAAU,CAAC,UAAU,IAAI,EAAE,CAAC;YACvD,IAAI,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpB,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC3C,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACzB,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC9B,CAAC;YAED,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5E,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,qBAAqB,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5F,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,qBAAqB,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YACtG,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,aAAa,IAAI,oBAAoB,IAAI,oBAAoB,CAAC;YACvG,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,KAAK,MAAM,IAAI,CAAC,QAAQ,IAAI,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,SAAS,CAAC,IAAI,UAAU,CAAC,UAAU,IAAI,KAAK,CAAC;YACxI,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC;YAC3D,MAAM,WAAW,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;YACjH,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC;YAC9D,MAAM,YAAY,GAAG,KAAK,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,mBAAmB,CAAC;YAC9E,MAAM,UAAU,GAAG,KAAK,CAAC,aAAa,CAAC,IAAI,UAAU,CAAC,UAAU,IAAI,IAAI,CAAC;YACzE,MAAM,eAAe,GAAG,KAAK,CAAC,mBAAmB,CAAC,KAAK,MAAM,IAAI,mBAAmB,IAAI,KAAK,IAAI,UAAU,CAAC,eAAe,IAAI,KAAK,CAAC;YAErI,MAAM,MAAM,GAAG,IAAI,sBAAa,CAAC;gBAC/B,aAAa;gBACb,UAAU;gBACV,IAAI;gBACJ,qBAAqB,EAAE,KAAK;gBAC5B,qBAAqB,EAAE,SAAS;gBAChC,IAAI;gBACJ,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,WAAW;gBACX,UAAU;gBACV,eAAe,EAAE,CAAC,CAAC,eAAe;aACnC,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;YAEjD,6BAA6B;YAC7B,IAAI,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;gBACxB,MAAM,KAAK,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC7C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC1C,IAAI,GAAG,IAAI,UAAU,EAAE,CAAC;wBACtB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;oBACvF,CAAC;gBACH,CAAC;YACH,CAAC;YAED,+BAA+B;YAC/B,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;gBAC1B,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBACnE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;gBACxD,CAAC;YACH,CAAC;YAED,2BAA2B;YAC3B,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;gBAC1B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;gBAClC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC;YACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;gBACpC,OAAO,CAAC,GAAG,CAAC;;;;;oCAKgB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBAC9C,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;mBAC5B,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,SAAS,IAAI,aAAa,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;;mBAEpH,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBACvB,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBAC3B,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;mBAC9B,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;mBACnE,CAAC,YAAY,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;mBAC/D,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;mBACpC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;;;;;;;;;;CAU3E,CAAC,CAAC;gBACK,OAAO,CAAC,GAAG,CAAC,4BAA4B,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;YAC/D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,IAAI;YACP,UAAU,EAAE,CAAC;YACb,MAAM;QAER,KAAK,SAAS,CAAC;QACf,KAAK,WAAW,CAAC;QACjB,KAAK,IAAI;YACP,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAC;YAC3C,MAAM;QAER;YACE,OAAO,CAAC,KAAK,CAAC,oBAAoB,OAAO,IAAI,CAAC,CAAC;YAC/C,UAAU,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
package/dist/gate.d.ts
CHANGED
|
@@ -5,24 +5,42 @@
|
|
|
5
5
|
* 1. API key validity
|
|
6
6
|
* 2. Credit balance
|
|
7
7
|
* 3. Rate limit
|
|
8
|
+
* 4. Spending limit
|
|
8
9
|
*
|
|
9
10
|
* Fail-closed: any check failure => DENY.
|
|
10
11
|
* Shadow mode: log but don't enforce (always ALLOW).
|
|
11
12
|
*/
|
|
12
|
-
import { PayGateConfig, GateDecision, ToolCallParams } from './types';
|
|
13
|
+
import { PayGateConfig, GateDecision, ToolCallParams, ApiKeyRecord } from './types';
|
|
13
14
|
import { KeyStore } from './store';
|
|
14
15
|
import { RateLimiter } from './rate-limiter';
|
|
15
16
|
import { UsageMeter } from './meter';
|
|
17
|
+
import { WebhookEmitter } from './webhook';
|
|
16
18
|
export declare class Gate {
|
|
17
19
|
readonly store: KeyStore;
|
|
18
20
|
readonly rateLimiter: RateLimiter;
|
|
19
21
|
readonly meter: UsageMeter;
|
|
22
|
+
readonly webhook: WebhookEmitter | null;
|
|
20
23
|
private readonly config;
|
|
21
24
|
constructor(config: PayGateConfig, statePath?: string);
|
|
22
25
|
/**
|
|
23
26
|
* Evaluate a tool call request.
|
|
24
27
|
*/
|
|
25
28
|
evaluate(apiKey: string | null, toolCall: ToolCallParams): GateDecision;
|
|
29
|
+
/**
|
|
30
|
+
* Check if a tool call is allowed by the key's ACL.
|
|
31
|
+
*/
|
|
32
|
+
private checkToolAcl;
|
|
33
|
+
/**
|
|
34
|
+
* Filter a tools list based on a key's ACL. Used by proxies for tools/list filtering.
|
|
35
|
+
* Returns null if no filtering needed (no API key or no ACL configured).
|
|
36
|
+
*/
|
|
37
|
+
filterToolsForKey(apiKey: string | null, tools: Array<{
|
|
38
|
+
name: string;
|
|
39
|
+
[k: string]: unknown;
|
|
40
|
+
}>): Array<{
|
|
41
|
+
name: string;
|
|
42
|
+
[k: string]: unknown;
|
|
43
|
+
}> | null;
|
|
26
44
|
/**
|
|
27
45
|
* Check if a method is free (no auth required).
|
|
28
46
|
*/
|
|
@@ -38,8 +56,9 @@ export declare class Gate {
|
|
|
38
56
|
name: string;
|
|
39
57
|
shadowMode: boolean;
|
|
40
58
|
activeKeys: number;
|
|
41
|
-
keys: (Omit<
|
|
59
|
+
keys: (Omit<ApiKeyRecord, "key"> & {
|
|
42
60
|
keyPrefix: string;
|
|
61
|
+
expired: boolean;
|
|
43
62
|
})[];
|
|
44
63
|
usage: import("./types").UsageSummary;
|
|
45
64
|
eventCount: number;
|
|
@@ -47,8 +66,17 @@ export declare class Gate {
|
|
|
47
66
|
defaultCreditsPerCall: number;
|
|
48
67
|
globalRateLimitPerMin: number;
|
|
49
68
|
toolPricing: Record<string, import("./types").ToolPricing>;
|
|
69
|
+
refundOnFailure: boolean;
|
|
70
|
+
webhookUrl: string | null;
|
|
50
71
|
};
|
|
51
72
|
};
|
|
73
|
+
/**
|
|
74
|
+
* Refund credits for a failed tool call.
|
|
75
|
+
* Only used when refundOnFailure is enabled.
|
|
76
|
+
*/
|
|
77
|
+
refund(apiKey: string, toolName: string, credits: number): void;
|
|
78
|
+
/** Whether refund-on-failure is enabled */
|
|
79
|
+
get refundOnFailure(): boolean;
|
|
52
80
|
destroy(): void;
|
|
53
81
|
private recordEvent;
|
|
54
82
|
}
|
package/dist/gate.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gate.d.ts","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"gate.d.ts","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,aAAa,EAAE,YAAY,EAAc,cAAc,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAChG,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3C,qBAAa,IAAI;IACf,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,cAAc,GAAG,IAAI,CAAC;IACxC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;gBAE3B,MAAM,EAAE,aAAa,EAAE,SAAS,CAAC,EAAE,MAAM;IAQrD;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,QAAQ,EAAE,cAAc,GAAG,YAAY;IAyGvE;;OAEG;IACH,OAAO,CAAC,YAAY;IAgBpB;;;OAGG;IACH,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC,GAAG,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC,GAAG,IAAI;IAmBpJ;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAIrC;;OAEG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAMtC;;OAEG;IACH,SAAS;;;;;;;;;;;;;;;;;;IAkBT;;;OAGG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAW/D,2CAA2C;IAC3C,IAAI,eAAe,IAAI,OAAO,CAE7B;IAED,OAAO,IAAI,IAAI;IAKf,OAAO,CAAC,WAAW;CAgBpB"}
|