troxy-cli 1.4.8 → 1.4.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/api.js +2 -1
- package/src/mcp-server.js +64 -7
package/package.json
CHANGED
package/src/api.js
CHANGED
|
@@ -52,8 +52,9 @@ export const api = {
|
|
|
52
52
|
createToken: (jwt, b) => request('POST', '/tokens', { jwt, body: b }),
|
|
53
53
|
revokeToken: (jwt, id) => request('DELETE', `/tokens/${id}`, { jwt }),
|
|
54
54
|
|
|
55
|
-
// Evaluate (agent API key)
|
|
55
|
+
// Evaluate + confirm (agent API key)
|
|
56
56
|
evaluate: (body, apiKey) => request('POST', '/evaluate', { apiKey, body }),
|
|
57
|
+
confirmPayment: (auditId, body, apiKey) => request('POST', `/payments/${auditId}/confirm`, { apiKey, body }),
|
|
57
58
|
|
|
58
59
|
// MCP heartbeat (agent API key)
|
|
59
60
|
mcpHeartbeat: (apiKey, agentName) => request('POST', '/mcp/heartbeat', { apiKey, body: agentName ? { agent_name: agentName } : undefined }),
|
package/src/mcp-server.js
CHANGED
|
@@ -6,6 +6,7 @@ import {
|
|
|
6
6
|
} from '@modelcontextprotocol/sdk/types.js';
|
|
7
7
|
import { loadConfig } from './config.js';
|
|
8
8
|
import { evaluatePayment, api } from './api.js';
|
|
9
|
+
const confirmPayment = (auditId, body, apiKey) => api.confirmPayment(auditId, body, apiKey);
|
|
9
10
|
|
|
10
11
|
export async function runMcp() {
|
|
11
12
|
const config = loadConfig();
|
|
@@ -30,13 +31,49 @@ export async function runMcp() {
|
|
|
30
31
|
'If the decision is BLOCK, abort the transaction and inform the user. ' +
|
|
31
32
|
'If the decision is ESCALATE, the response includes an approval_token. Wait for the user to approve, then call evaluate_payment again with the same payment details PLUS the approval_token field. The second call will return ALLOW without re-escalating. ' +
|
|
32
33
|
'If the decision is NOTIFY, proceed but the user will be notified. ' +
|
|
33
|
-
'When calling evaluate_payment, use the merchant\'s domain name as merchant_name when available (e.g. "amazon.com", "indigobloom.co.il") — this ensures consistent matching against policies.'
|
|
34
|
+
'When calling evaluate_payment, use the merchant\'s domain name as merchant_name when available (e.g. "amazon.com", "indigobloom.co.il") — this ensures consistent matching against policies. ' +
|
|
35
|
+
'After every ALLOW or NOTIFY decision, attempt the payment, then call confirm_payment with the audit_id and the outcome (success/failed/cancelled). Always include a reason when the charge fails.',
|
|
34
36
|
},
|
|
35
37
|
{ capabilities: { tools: {} } },
|
|
36
38
|
);
|
|
37
39
|
|
|
38
40
|
server.setRequestHandler(ListToolsRequestSchema, async () => ({
|
|
39
41
|
tools: [
|
|
42
|
+
{
|
|
43
|
+
name: 'confirm_payment',
|
|
44
|
+
description:
|
|
45
|
+
'Report the actual outcome of a payment attempt to Troxy. ' +
|
|
46
|
+
'Call this after every ALLOW or NOTIFY decision, once you know whether the charge succeeded or failed. ' +
|
|
47
|
+
'This is required for accurate audit logs — without it, approved payments show as unconfirmed.',
|
|
48
|
+
inputSchema: {
|
|
49
|
+
type: 'object',
|
|
50
|
+
required: ['audit_id', 'status'],
|
|
51
|
+
properties: {
|
|
52
|
+
audit_id: {
|
|
53
|
+
type: 'string',
|
|
54
|
+
description: 'The audit_id returned by evaluate_payment',
|
|
55
|
+
},
|
|
56
|
+
status: {
|
|
57
|
+
type: 'string',
|
|
58
|
+
enum: ['success', 'failed', 'cancelled'],
|
|
59
|
+
description: 'Outcome of the charge attempt',
|
|
60
|
+
},
|
|
61
|
+
provider: {
|
|
62
|
+
type: 'string',
|
|
63
|
+
enum: ['stripe', 'paypal', 'other'],
|
|
64
|
+
description: 'Payment provider used (optional, defaults to "other")',
|
|
65
|
+
},
|
|
66
|
+
provider_transaction_id: {
|
|
67
|
+
type: 'string',
|
|
68
|
+
description: 'Provider transaction ID, e.g. Stripe pi_xxx (optional)',
|
|
69
|
+
},
|
|
70
|
+
reason: {
|
|
71
|
+
type: 'string',
|
|
72
|
+
description: 'Reason for failure or cancellation, e.g. "card declined", "iframe blocked", "timeout" (optional but recommended on failure)',
|
|
73
|
+
},
|
|
74
|
+
},
|
|
75
|
+
},
|
|
76
|
+
},
|
|
40
77
|
{
|
|
41
78
|
name: 'evaluate_payment',
|
|
42
79
|
description:
|
|
@@ -77,11 +114,31 @@ export async function runMcp() {
|
|
|
77
114
|
}));
|
|
78
115
|
|
|
79
116
|
server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
80
|
-
|
|
81
|
-
|
|
117
|
+
const toolName = request.params.name;
|
|
118
|
+
const args = request.params.arguments ?? {};
|
|
119
|
+
|
|
120
|
+
if (toolName === 'confirm_payment') {
|
|
121
|
+
const { audit_id, status, provider, provider_transaction_id, reason } = args;
|
|
122
|
+
try {
|
|
123
|
+
await confirmPayment(audit_id, { status, provider, provider_transaction_id, reason }, apiKey);
|
|
124
|
+
const detail = provider_transaction_id ? ` Transaction ID: ${provider_transaction_id}.` : '';
|
|
125
|
+
const why = reason ? ` Reason: ${reason}.` : '';
|
|
126
|
+
return {
|
|
127
|
+
content: [{ type: 'text', text: `✓ Payment outcome recorded: ${status}.${detail}${why} (audit: ${audit_id})` }],
|
|
128
|
+
isError: false,
|
|
129
|
+
};
|
|
130
|
+
} catch (err) {
|
|
131
|
+
return {
|
|
132
|
+
content: [{ type: 'text', text: `Troxy confirm_payment error: ${err.message}` }],
|
|
133
|
+
isError: true,
|
|
134
|
+
};
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
if (toolName !== 'evaluate_payment') {
|
|
139
|
+
throw new Error(`Unknown tool: ${toolName}`);
|
|
82
140
|
}
|
|
83
141
|
|
|
84
|
-
const args = request.params.arguments ?? {};
|
|
85
142
|
if (agentName && !args.agent) args.agent = agentName;
|
|
86
143
|
const result = await evaluatePayment(args, apiKey);
|
|
87
144
|
|
|
@@ -97,16 +154,16 @@ export async function runMcp() {
|
|
|
97
154
|
|
|
98
155
|
switch (decision) {
|
|
99
156
|
case 'ALLOW':
|
|
100
|
-
text = `✓ Payment approved.${policy ? ` Policy matched: "${policy}".` : ''} (audit: ${audit_id})
|
|
157
|
+
text = `✓ Payment approved.${policy ? ` Policy matched: "${policy}".` : ''} (audit: ${audit_id})\n\nAfter the charge attempt completes, call confirm_payment with audit_id "${audit_id}" and status "success", "failed", or "cancelled".`;
|
|
101
158
|
break;
|
|
102
159
|
case 'BLOCK':
|
|
103
160
|
text = `✗ Payment blocked by policy "${policy}". Do not proceed with this payment. (audit: ${audit_id})`;
|
|
104
161
|
break;
|
|
105
162
|
case 'ESCALATE':
|
|
106
|
-
text = `⏳ Payment requires human approval — a request has been sent to the account owner. Do not proceed until approved.\n\nApproval token: ${approval_token}\n\
|
|
163
|
+
text = `⏳ Payment requires human approval — a request has been sent to the account owner. Do not proceed until approved.\n\nApproval token: ${approval_token}\n\nWait for the owner to approve in the Troxy dashboard, then tell me "I approved it" or "continue" so I can proceed. Once you do, I will call evaluate_payment again with the same payment details and approval_token: "${approval_token}". (audit: ${audit_id})`;
|
|
107
164
|
break;
|
|
108
165
|
case 'NOTIFY':
|
|
109
|
-
text = `✓ Payment approved with notification. Policy matched: "${policy}". (audit: ${audit_id})
|
|
166
|
+
text = `✓ Payment approved with notification. Policy matched: "${policy}". (audit: ${audit_id})\n\nAfter the charge attempt completes, call confirm_payment with audit_id "${audit_id}" and status "success", "failed", or "cancelled".`;
|
|
110
167
|
break;
|
|
111
168
|
default:
|
|
112
169
|
text = JSON.stringify(result);
|