shabaaspay-mcp-server 1.0.1

package/dist/enricher/status-analyzer.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.analyzeStatus = analyzeStatus;
+function parseExtendedStatusStatus(extendedStatus) {
+    if (!extendedStatus)
+        return undefined;
+    const parts = extendedStatus
+        .split("-")
+        .map((p) => p.trim())
+        .filter(Boolean);
+    if (parts.length < 4)
+        return undefined;
+    return parts[3]?.toLowerCase();
+}
+function analyzeStatus(status, extendedStatus) {
+    const warnings = [];
+    const normalizedStatus = (status || "").toLowerCase().trim();
+    const extStatus = parseExtendedStatusStatus(extendedStatus);
+    if (!normalizedStatus && extStatus) {
+        warnings.push("Status was empty so status was inferred from extended status");
+    }
+    const effectiveStatus = normalizedStatus || extStatus || "unknown";
+    if (extStatus && normalizedStatus && extStatus !== normalizedStatus) {
+        warnings.push("Status differs from extended status. Treat as requiring manual verification");
+    }
+    switch (effectiveStatus) {
+        case "active":
+            return {
+                displayStatus: "Active",
+                canInitiatePayment: true,
+                warnings: warnings.length ? warnings : undefined,
+            };
+        case "created":
+        case "pending":
+            warnings.push("Payer must authorise the PayTo agreement in their banking app before any debit can occur");
+            return {
+                displayStatus: effectiveStatus === "created" ? "Created" : "Pending authorisation",
+                canInitiatePayment: false,
+                warnings,
+            };
+        case "suspended":
+            warnings.push("Agreement is suspended. Do not initiate payments until it returns to active");
+            return {
+                displayStatus: "Suspended",
+                canInitiatePayment: false,
+                warnings,
+            };
+        case "cancelled":
+        case "canceled":
+            warnings.push("Agreement is cancelled. A new agreement is required to take payments");
+            return {
+                displayStatus: "Cancelled",
+                canInitiatePayment: false,
+                warnings,
+            };
+        case "expired":
+            warnings.push("Agreement is expired. A new agreement is required to take payments");
+            return {
+                displayStatus: "Expired",
+                canInitiatePayment: false,
+                warnings,
+            };
+        default:
+            warnings.push(`Unknown status: ${effectiveStatus}. Please verify before proceeding`);
+            return {
+                displayStatus: effectiveStatus,
+                canInitiatePayment: false,
+                warnings,
+            };
+    }
+}

package/dist/enricher/summary-generator.d.ts

@@ -0,0 +1,8 @@
+import { PaymentAgreement } from "../types/index.js";
+type StatusAnalysis = {
+    displayStatus: string;
+    canInitiatePayment: boolean;
+    warnings?: string[];
+};
+export declare function generateSummary(agreement: PaymentAgreement, statusAnalysis: StatusAnalysis, business?: any): string;
+export {};

package/dist/enricher/summary-generator.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateSummary = generateSummary;
+function generateSummary(agreement, statusAnalysis, business) {
+    const parts = [];
+    if (business?.meaning) {
+        parts.push(business.meaning);
+    }
+    else {
+        parts.push(`Payment agreement status is ${statusAnalysis.displayStatus || agreement.status}`);
+    }
+    const maxAmount = agreement.maximum_amount ? Number(agreement.maximum_amount) : undefined;
+    if (typeof maxAmount === "number" && !Number.isNaN(maxAmount)) {
+        const freq = business?.cadence?.frequency ? String(business.cadence.frequency).toLowerCase() : undefined;
+        parts.push(freq ? `Maximum debit is AUD ${maxAmount} per ${freq}` : `Maximum debit is AUD ${maxAmount}`);
+    }
+    const createdAt = safeDate(agreement.created_at);
+    if (createdAt)
+        parts.push(`Created on ${formatDate(createdAt)}`);
+    const endAt = safeDate(agreement.end_date);
+    if (endAt)
+        parts.push(`Ends on ${formatDate(endAt)}`);
+    if (business?.timing?.isExpiringSoon) {
+        parts.push("Agreement is expiring soon");
+    }
+    if (statusAnalysis.warnings && statusAnalysis.warnings.length > 0) {
+        parts.push(`Warnings: ${statusAnalysis.warnings.join("; ")}`);
+    }
+    return parts.join(". ") + ".";
+}
+function safeDate(value) {
+    if (!value)
+        return null;
+    const d = new Date(value);
+    if (Number.isNaN(d.getTime()))
+        return null;
+    return d;
+}
+function formatDate(date) {
+    return date.toLocaleDateString("en-AU", {
+        year: "numeric",
+        month: "short",
+        day: "2-digit",
+    });
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const index_js_1 = require("./config/index.js");
+const stdio_server_js_1 = require("./server/stdio-server.js");
+async function main() {
+    try {
+        // Load configuration
+        const config = (0, index_js_1.loadConfig)();
+        // Create and start server
+        const server = new stdio_server_js_1.StdioMcpServer(config);
+        await server.start();
+        // Handle shutdown
+        process.on('SIGINT', () => {
+            console.error('\n[STDIO] Shutting down gracefully...');
+            process.exit(0);
+        });
+        process.on('SIGTERM', () => {
+            console.error('\n[STDIO] Shutting down gracefully...');
+            process.exit(0);
+        });
+    }
+    catch (error) {
+        console.error('[STDIO] Fatal error:', error);
+        process.exit(1);
+    }
+}
+main();

package/dist/security/auth.d.ts

@@ -0,0 +1,4 @@
+import { Config } from '../config/index.js';
+export declare function validateApiKey(providedKey: string, config: Config): boolean;
+export declare function extractBearerToken(authHeader?: string): string | null;
+export declare function generateApiKey(): string;

package/dist/security/auth.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateApiKey = validateApiKey;
+exports.extractBearerToken = extractBearerToken;
+exports.generateApiKey = generateApiKey;
+function validateApiKey(providedKey, config) {
+    // If no MCP HTTP API key is configured, HTTP mode is effectively unauthenticated.
+    // For production deployments, you should set MCP_HTTP_API_KEY.
+    if (!config.mcpHttpApiKey)
+        return true;
+    return providedKey === config.mcpHttpApiKey;
+}
+function extractBearerToken(authHeader) {
+    if (!authHeader)
+        return null;
+    // Only accept raw tokens (no "Bearer" prefix)
+    if (/^Bearer\s+/i.test(authHeader)) {
+        return null;
+    }
+    return authHeader.trim() || null;
+}
+function generateApiKey() {
+    // For demo purposes - in production, use proper key generation
+    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+    let key = '';
+    for (let i = 0; i < 32; i++) {
+        key += chars.charAt(Math.floor(Math.random() * chars.length));
+    }
+    return key;
+}

package/dist/security/policy.d.ts

@@ -0,0 +1,18 @@
+export interface ClientPolicy {
+    client_id: string;
+    status: 'active' | 'suspended';
+    allowed_tools: string[];
+    environment: 'sandbox' | 'production';
+    admin?: boolean;
+}
+type PolicyLookupResult = {
+    policy: ClientPolicy;
+    rejection?: undefined;
+} | {
+    policy?: undefined;
+    rejection: string;
+};
+export declare function lookupClientPolicy(token: string, environment: 'sandbox' | 'production', policyJson?: string): PolicyLookupResult;
+export declare function isToolAllowed(policy: ClientPolicy, toolName: string): boolean;
+export declare function isAdmin(policy: ClientPolicy): boolean;
+export {};

package/dist/security/policy.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.lookupClientPolicy = lookupClientPolicy;
+exports.isToolAllowed = isToolAllowed;
+exports.isAdmin = isAdmin;
+function parsePolicyTable(policyJson) {
+    if (!policyJson)
+        return {};
+    try {
+        const parsed = JSON.parse(policyJson);
+        if (typeof parsed === 'object' && parsed)
+            return parsed;
+    }
+    catch {
+        // ignore parse errors, return empty
+    }
+    return {};
+}
+function lookupClientPolicy(token, environment, policyJson) {
+    const table = parsePolicyTable(policyJson);
+    const policy = table[token];
+    if (!policy)
+        return { rejection: 'unknown_client' };
+    if (policy.status !== 'active')
+        return { rejection: 'suspended' };
+    if (policy.environment !== environment)
+        return { rejection: 'environment_mismatch' };
+    return { policy };
+}
+function isToolAllowed(policy, toolName) {
+    return policy.allowed_tools.includes('*') || policy.allowed_tools.includes(toolName);
+}
+function isAdmin(policy) {
+    return !!policy.admin;
+}

package/dist/security/rate-limiter.d.ts

@@ -0,0 +1,13 @@
+export declare class RateLimiter {
+    private limits;
+    private perMinuteLimit;
+    private perHourLimit;
+    constructor(perMinuteLimit: number, perHourLimit: number);
+    checkLimit(identifier: string, timeWindow: 'minute' | 'hour'): {
+        allowed: boolean;
+        limit: number;
+        remaining: number;
+        reset: number;
+    };
+    private cleanup;
+}

package/dist/security/rate-limiter.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RateLimiter = void 0;
+class RateLimiter {
+    limits = new Map();
+    perMinuteLimit;
+    perHourLimit;
+    constructor(perMinuteLimit, perHourLimit) {
+        this.perMinuteLimit = perMinuteLimit;
+        this.perHourLimit = perHourLimit;
+        // Cleanup old entries every 5 minutes
+        setInterval(() => this.cleanup(), 5 * 60 * 1000);
+    }
+    checkLimit(identifier, timeWindow) {
+        const now = Date.now();
+        const key = `${identifier}:${timeWindow}`;
+        const limit = timeWindow === 'minute' ? this.perMinuteLimit : this.perHourLimit;
+        const windowMs = timeWindow === 'minute' ? 60 * 1000 : 60 * 60 * 1000;
+        let entry = this.limits.get(key);
+        // Create or reset entry
+        if (!entry || now >= entry.resetTime) {
+            entry = {
+                count: 0,
+                resetTime: now + windowMs,
+            };
+            this.limits.set(key, entry);
+        }
+        // Check if limit exceeded
+        if (entry.count >= limit) {
+            return {
+                allowed: false,
+                limit,
+                remaining: 0,
+                reset: entry.resetTime,
+            };
+        }
+        // Increment counter
+        entry.count++;
+        return {
+            allowed: true,
+            limit,
+            remaining: limit - entry.count,
+            reset: entry.resetTime,
+        };
+    }
+    cleanup() {
+        const now = Date.now();
+        for (const [key, entry] of this.limits.entries()) {
+            if (now >= entry.resetTime) {
+                this.limits.delete(key);
+            }
+        }
+    }
+}
+exports.RateLimiter = RateLimiter;

package/dist/security/validator.d.ts

@@ -0,0 +1,6 @@
+import { ZodSchema } from 'zod';
+export declare function validateInput<T>(schema: ZodSchema<T>, data: unknown): {
+    success: boolean;
+    data?: T;
+    errors?: string[];
+};

package/dist/security/validator.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateInput = validateInput;
+const zod_1 = require("zod");
+function validateInput(schema, data) {
+    try {
+        const validated = schema.parse(data);
+        return { success: true, data: validated };
+    }
+    catch (error) {
+        if (error instanceof zod_1.z.ZodError) {
+            return {
+                success: false,
+                errors: error.errors.map(e => `${e.path.join('.')}: ${e.message}`),
+            };
+        }
+        return {
+            success: false,
+            errors: ['Unknown validation error'],
+        };
+    }
+}

package/dist/server/http-server.d.ts

@@ -0,0 +1,28 @@
+import { Config } from '../config/index.js';
+export declare class HttpMcpServer {
+    private server;
+    private tools;
+    private rateLimiter;
+    private config;
+    private mcpServer;
+    private mcpTransport;
+    constructor(config: Config);
+    private handleRequest;
+    private healthResponse;
+    private handleMcpTransport;
+    private parseBody;
+    private authenticate;
+    private authenticateHeaders;
+    private getClientIdentifier;
+    private getClientIdentifierFromHeaders;
+    private routeRequest;
+    private corsHeaders;
+    private corsResponse;
+    private rateLimitResponse;
+    private errorResponse;
+    private sendResponse;
+    private logStructured;
+    private setupMcpHandlers;
+    start(): Promise<void>;
+    stop(): Promise<void>;
+}