z-zero-mcp-server 1.0.1 → 1.0.2

package/dist/index.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 "use strict";
-// Z-ZERO MCP Server (z-zero-mcp-server)
+// Z-ZERO MCP Server (z-zero-mcp-server) v1.0.2
 // Exposes secure JIT payment tools to AI Agents via Model Context Protocol
-// Connected to Z-ZERO Supabase backend via Z_ZERO_API_KEY
+// Now connected to REAL Airwallex Issuing API — produces real Mastercards
 Object.defineProperty(exports, "__esModule", { value: true });
 const mcp_js_1 = require("@modelcontextprotocol/sdk/server/mcp.js");
 const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
@@ -14,7 +14,7 @@ const playwright_bridge_js_1 = require("./playwright_bridge.js");
 // ============================================================
 const server = new mcp_js_1.McpServer({
     name: "z-zero-mcp-server",
-    version: "1.0.0",
+    version: "1.0.2",
 });
 // ============================================================
 // TOOL 1: List available cards (safe - no sensitive data)
@@ -63,16 +63,17 @@ server.tool("check_balance", "Check the remaining balance of a virtual card by i
     };
 });
 // ============================================================
-// TOOL 3: Request a temporary payment token
+// TOOL 3: Request a temporary payment token (issues real JIT card)
 // ============================================================
-server.tool("request_payment_token", "Request a temporary payment token for a specific amount. The token is valid for 15 minutes and locked to the specified amount. Use this token with execute_payment to complete a purchase.", {
+server.tool("request_payment_token", "Request a temporary payment token for a specific amount. A real single-use virtual Mastercard is issued via Airwallex. The token is valid for 30 minutes. Min: $1, Max: $100. Use this token with execute_payment to complete a purchase.", {
     card_alias: zod_1.z
         .string()
         .describe("Which card to charge, e.g. 'Card_01'"),
     amount: zod_1.z
         .number()
-        .positive()
-        .describe("Amount in USD to authorize"),
+        .min(1, "Minimum amount is $1.00")
+        .max(100, "Maximum amount is $100.00")
+        .describe("Amount in USD to authorize (min: $1, max: $100)"),
     merchant: zod_1.z
         .string()
         .describe("Name or URL of the merchant/service being purchased"),
@@ -85,7 +86,7 @@ server.tool("request_payment_token", "Request a temporary payment token for a sp
                 {
                     type: "text",
                     text: balance
-                        ? `Insufficient balance. Card "${card_alias}" has $${balance.balance} but you requested $${amount}.`
+                        ? `Insufficient balance. Card "${card_alias}" has $${balance.balance} but you requested $${amount}. Or amount is outside the $1-$100 limit.`
                         : `Card "${card_alias}" not found or API key is invalid.`,
                 },
             ],
@@ -102,7 +103,8 @@ server.tool("request_payment_token", "Request a temporary payment token for a sp
                     amount: token.amount,
                     merchant: token.merchant,
                     expires_at: expiresAt,
-                    instructions: "Use this token with execute_payment tool within 15 minutes.",
+                    real_card_issued: !!token.airwallex_card_id,
+                    instructions: "Use this token with execute_payment within 30 minutes. IMPORTANT: If the actual checkout price is HIGHER than the token amount, do NOT proceed — call cancel_payment_token first and request a new token with the correct amount.",
                 }, null, 2),
             },
         ],
@@ -119,15 +121,19 @@ server.tool("execute_payment", "Execute a payment using a temporary token. This
         .string()
         .url()
         .describe("The full URL of the checkout/payment page"),
-}, async ({ token, checkout_url }) => {
+    actual_amount: zod_1.z
+        .number()
+        .optional()
+        .describe("The actual final amount on the checkout page. If different from token amount, system will auto-refund the difference."),
+}, async ({ token, checkout_url, actual_amount }) => {
     // Step 1: Resolve token → card data (RAM only)
-    const cardData = (0, supabase_backend_js_1.resolveTokenRemote)(token);
+    const cardData = await (0, supabase_backend_js_1.resolveTokenRemote)(token);
     if (!cardData) {
         return {
             content: [
                 {
                     type: "text",
-                    text: "Payment failed: Token is invalid, expired, or already used. Request a new token.",
+                    text: "Payment failed: Token is invalid, expired, cancelled, or already used. Request a new token.",
                 },
             ],
             isError: true,
@@ -135,9 +141,13 @@ server.tool("execute_payment", "Execute a payment using a temporary token. This
     }
     // Step 2: Use Playwright to inject card into checkout form
     const result = await (0, playwright_bridge_js_1.fillCheckoutForm)(checkout_url, cardData);
-    // Step 3: Burn the token + deduct from Supabase wallet
+    // Step 3: Burn the token (wallet was pre-debited at issue time)
     await (0, supabase_backend_js_1.burnTokenRemote)(token);
-    // Step 4: Return result (NEVER includes card numbers)
+    // Step 4: Refund underspend if actual amount was less than token amount
+    if (actual_amount !== undefined && result.success) {
+        await (0, supabase_backend_js_1.refundUnderspendRemote)(token, actual_amount);
+    }
+    // Step 5: Return result (NEVER includes card numbers)
     return {
         content: [
             {
@@ -154,13 +164,93 @@ server.tool("execute_payment", "Execute a payment using a temporary token. This
     };
 });
 // ============================================================
+// TOOL 5: Cancel payment token (returns funds to wallet)
+// ============================================================
+server.tool("cancel_payment_token", "Cancel a payment token that has not been used yet. This will cancel the Airwallex card and refund the full amount back to the wallet. Use this when: (1) checkout price is higher than token amount, (2) purchase is no longer needed, or (3) human requests cancellation. IMPORTANT: Do NOT auto-cancel without human awareness — always inform the human first.", {
+    token: zod_1.z
+        .string()
+        .describe("The payment token to cancel"),
+    reason: zod_1.z
+        .string()
+        .describe("Reason for cancellation, e.g. 'Price mismatch: checkout shows $20 but token is $15'"),
+}, async ({ token, reason }) => {
+    const result = await (0, supabase_backend_js_1.cancelTokenRemote)(token);
+    if (!result.success) {
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: "Cancellation failed: Token not found, already used, or already cancelled.",
+                },
+            ],
+            isError: true,
+        };
+    }
+    return {
+        content: [
+            {
+                type: "text",
+                text: JSON.stringify({
+                    cancelled: true,
+                    refunded_amount: result.refunded_amount,
+                    reason,
+                    message: `Token cancelled. $${result.refunded_amount} has been returned to the wallet. You may request a new token with the correct amount.`,
+                }, null, 2),
+            },
+        ],
+    };
+});
+// ============================================================
+// TOOL 6: Request human approval (Human-in-the-loop)
+// ============================================================
+server.tool("request_human_approval", "Request human approval before proceeding with an action that requires human judgment. Use this when: (1) checkout price is higher than token amount and you need authorization for a new token, (2) any unusual or irreversible action is required. This PAUSES the bot and waits for human decision.", {
+    situation: zod_1.z
+        .string()
+        .describe("Clear description of what the bot found, e.g. 'Checkout shows $20 total (includes $3 tax) but current token is only $15'"),
+    current_token: zod_1.z
+        .string()
+        .optional()
+        .describe("Current active token ID if any"),
+    recommended_action: zod_1.z
+        .string()
+        .describe("What the bot recommends doing, e.g. 'Cancel current $15 token and issue a new $20 token'"),
+    alternative_action: zod_1.z
+        .string()
+        .optional()
+        .describe("Alternative option if available"),
+}, async ({ situation, current_token, recommended_action, alternative_action }) => {
+    // This tool surfaces the situation to the human operator via the MCP interface.
+    // The LLM host (Claude/AutoGPT) will pause and show this to the user.
+    const message = [
+        "⚠️  HUMAN APPROVAL REQUIRED",
+        "",
+        `📋 Situation: ${situation}`,
+        current_token ? `🎫 Current Token: ${current_token}` : "",
+        `✅ Recommended: ${recommended_action}`,
+        alternative_action ? `🔄 Alternative: ${alternative_action}` : "",
+        "",
+        "Please respond with one of:",
+        '• "approve" — proceed with recommended action',
+        '• "deny" — cancel and do nothing',
+        '• Custom instruction — e.g. "issue new token for $22 instead"',
+    ].filter(Boolean).join("\n");
+    return {
+        content: [
+            {
+                type: "text",
+                text: message,
+            },
+        ],
+    };
+});
+// ============================================================
 // START SERVER
 // ============================================================
 async function main() {
     const transport = new stdio_js_1.StdioServerTransport();
     await server.connect(transport);
-    console.error("🔐 Z-ZERO MCP Server running...");
-    console.error("Connected to: Supabase backend");
-    console.error("Tools: list_cards, check_balance, request_payment_token, execute_payment");
+    console.error("🔐 Z-ZERO MCP Server v1.0.2 running...");
+    console.error("Backend: Supabase + Airwallex Issuing API (Real JIT Cards)");
+    console.error("Tools: list_cards, check_balance, request_payment_token, execute_payment, cancel_payment_token, request_human_approval");
 }
 main().catch(console.error);

package/dist/supabase_backend.d.ts

@@ -1,4 +1,8 @@
 import type { CardData, PaymentToken } from "./types.js";
+interface ExtendedToken extends PaymentToken {
+    airwallex_card_id?: string;
+    cancelled?: boolean;
+}
 export declare function listCardsRemote(): Promise<Array<{
     alias: string;
     balance: number;
@@ -8,6 +12,12 @@ export declare function getBalanceRemote(cardAlias: string): Promise<{
     balance: number;
     currency: string;
 } | null>;
-export declare function issueTokenRemote(cardAlias: string, amount: number, merchant: string, ttlSeconds?: number): Promise<PaymentToken | null>;
-export declare function resolveTokenRemote(tokenId: string): CardData | null;
+export declare function issueTokenRemote(cardAlias: string, amount: number, merchant: string, ttlSeconds?: number): Promise<ExtendedToken | null>;
+export declare function resolveTokenRemote(tokenId: string): Promise<CardData | null>;
+export declare function cancelTokenRemote(tokenId: string): Promise<{
+    success: boolean;
+    refunded_amount: number;
+}>;
 export declare function burnTokenRemote(tokenId: string): Promise<boolean>;
+export declare function refundUnderspendRemote(tokenId: string, actualSpent: number): Promise<void>;
+export {};

package/dist/supabase_backend.js

@@ -1,7 +1,7 @@
 "use strict";
-// Z-ZERO Supabase Backend
-// Replaces mock_backend.ts - connects to real Supabase database
-// Card data is looked up from the 'cards' table via Z_ZERO_API_KEY
+// Z-ZERO Supabase Backend v2
+// Connects to real Supabase DB + Airwallex Issuing API for real JIT Mastercards
+// Card data is looked up via Z_ZERO_API_KEY, cards are issued via Airwallex
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -10,11 +10,13 @@ exports.listCardsRemote = listCardsRemote;
 exports.getBalanceRemote = getBalanceRemote;
 exports.issueTokenRemote = issueTokenRemote;
 exports.resolveTokenRemote = resolveTokenRemote;
+exports.cancelTokenRemote = cancelTokenRemote;
 exports.burnTokenRemote = burnTokenRemote;
+exports.refundUnderspendRemote = refundUnderspendRemote;
 const supabase_js_1 = require("@supabase/supabase-js");
 const crypto_1 = __importDefault(require("crypto"));
 // ============================================================
-// SUPABASE CLIENT (reads env vars at runtime)
+// SUPABASE CLIENT
 // ============================================================
 const SUPABASE_URL = process.env.Z_ZERO_SUPABASE_URL || process.env.NEXT_PUBLIC_SUPABASE_URL || "";
 const SUPABASE_ANON_KEY = process.env.Z_ZERO_SUPABASE_ANON_KEY || process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY || "";
@@ -22,21 +24,52 @@ const API_KEY = process.env.Z_ZERO_API_KEY || "";
 if (!SUPABASE_URL || !SUPABASE_ANON_KEY) {
     console.error("❌ Missing Z_ZERO_SUPABASE_URL or Z_ZERO_SUPABASE_ANON_KEY env vars");
 }
-if (!API_KEY) {
-    console.error("⚠️  Missing Z_ZERO_API_KEY — some tools will be limited");
-}
 const supabase = (0, supabase_js_1.createClient)(SUPABASE_URL, SUPABASE_ANON_KEY);
 // ============================================================
-// IN-MEMORY TOKEN STORE (tokens never hit the database)
+// AIRWALLEX CONFIG
 // ============================================================
+const AIRWALLEX_API_KEY = process.env.Z_ZERO_AIRWALLEX_API_KEY || "";
+const AIRWALLEX_CLIENT_ID = process.env.Z_ZERO_AIRWALLEX_CLIENT_ID || "";
+const AIRWALLEX_ENV = process.env.Z_ZERO_AIRWALLEX_ENV || "demo";
+const AIRWALLEX_BASE = AIRWALLEX_ENV === "prod"
+    ? "https://api.airwallex.com/api/v1"
+    : "https://api-demo.airwallex.com/api/v1";
+// Cached auth token for Airwallex (avoids re-login per call)
+let airwallexToken = null;
+let airwallexTokenExpiry = 0;
+async function getAirwallexToken() {
+    if (!AIRWALLEX_API_KEY || !AIRWALLEX_CLIENT_ID)
+        return null;
+    if (airwallexToken && Date.now() < airwallexTokenExpiry)
+        return airwallexToken;
+    try {
+        const res = await fetch(`${AIRWALLEX_BASE}/authentication/login`, {
+            method: "POST",
+            headers: {
+                "x-api-key": AIRWALLEX_API_KEY,
+                "x-client-id": AIRWALLEX_CLIENT_ID,
+                "Content-Type": "application/json",
+            },
+        });
+        if (!res.ok)
+            throw new Error(await res.text());
+        const data = await res.json();
+        airwallexToken = data.token;
+        airwallexTokenExpiry = Date.now() + 25 * 60 * 1000; // 25 min cache
+        return airwallexToken;
+    }
+    catch (err) {
+        console.error("[AIRWALLEX] Auth failed:", err);
+        return null;
+    }
+}
 const tokenStore = new Map();
 // ============================================================
-// RESOLVE API KEY → USER + WALLET INFO
+// RESOLVE API KEY → USER INFO
 // ============================================================
 async function resolveApiKey() {
     if (!API_KEY)
         return null;
-    // Lookup card by its stored key (card_number_encrypted stores the api key for now)
     const { data: card, error } = await supabase
         .from("cards")
         .select("id, alias, user_id, allocated_limit_usd, is_active")
@@ -44,10 +77,9 @@ async function resolveApiKey() {
         .eq("is_active", true)
         .single();
     if (error || !card) {
-        console.error("API Key not found or card is inactive:", error?.message);
+        console.error("API Key not found:", error?.message);
         return null;
     }
-    // Get wallet balance for this user
     const { data: wallet } = await supabase
         .from("wallets")
         .select("balance")
@@ -61,17 +93,13 @@ async function resolveApiKey() {
     };
 }
 // ============================================================
-// PUBLIC API (mirrors mock_backend.ts interface)
+// PUBLIC API
 // ============================================================
 async function listCardsRemote() {
     const info = await resolveApiKey();
     if (!info)
         return [];
-    return [{
-            alias: info.cardAlias,
-            balance: info.walletBalance,
-            currency: "USD",
-        }];
+    return [{ alias: info.cardAlias, balance: info.walletBalance, currency: "USD" }];
 }
 async function getBalanceRemote(cardAlias) {
     const info = await resolveApiKey();
@@ -79,37 +107,132 @@ async function getBalanceRemote(cardAlias) {
         return null;
     return { balance: info.walletBalance, currency: "USD" };
 }
-async function issueTokenRemote(cardAlias, amount, merchant, ttlSeconds = 900) {
+async function issueTokenRemote(cardAlias, amount, merchant, ttlSeconds = 1800 // 30 minutes default
+) {
+    // 1. Validate business rules
+    if (amount < 1) {
+        console.error("[ISSUE] Card amount must be at least $1.00");
+        return null;
+    }
+    if (amount > 100) {
+        console.error("[ISSUE] Card amount exceeds $100 maximum limit");
+        return null;
+    }
+    // 2. Resolve user from API key
     const info = await resolveApiKey();
     if (!info)
         return null;
     if (info.cardAlias !== cardAlias)
         return null;
-    if (info.walletBalance < amount)
+    if (info.walletBalance < amount) {
+        console.error(`[ISSUE] Insufficient balance: $${info.walletBalance} < $${amount}`);
         return null;
+    }
+    const tokenId = `z_jit_${crypto_1.default.randomBytes(8).toString("hex")}`;
+    // 3. Try to create a REAL Airwallex card
+    let airwallexCardId;
+    const airwallexAuth = await getAirwallexToken();
+    if (airwallexAuth) {
+        try {
+            const expiryTime = new Date(Date.now() + 30 * 60 * 1000).toISOString();
+            const payload = {
+                request_id: tokenId,
+                issue_to: "ORGANISATION",
+                name_on_card: "Z-ZERO AI AGENT",
+                form_factor: "VIRTUAL",
+                primary_currency: "USD",
+                valid_to: expiryTime,
+                authorization_controls: {
+                    allowed_transaction_count: "SINGLE",
+                    transaction_limits: {
+                        currency: "USD",
+                        limits: [{ amount, interval: "ALL_TIME" }],
+                    },
+                },
+            };
+            const res = await fetch(`${AIRWALLEX_BASE}/issuing/cards/create`, {
+                method: "POST",
+                headers: {
+                    Authorization: `Bearer ${airwallexAuth}`,
+                    "Content-Type": "application/json",
+                },
+                body: JSON.stringify(payload),
+            });
+            if (res.ok) {
+                const data = await res.json();
+                airwallexCardId = data.card_id;
+                console.error(`[AIRWALLEX] ✅ Real card issued: ${data.card_id} for $${amount}`);
+            }
+            else {
+                const errText = await res.text();
+                console.error("[AIRWALLEX] Card creation failed:", errText);
+                // Fall through — will still create token but without real card ID
+            }
+        }
+        catch (err) {
+            console.error("[AIRWALLEX] Error creating card:", err);
+        }
+    }
+    else {
+        console.error("[AIRWALLEX] No auth token — running in mock mode");
+    }
     const token = {
-        token: `temp_auth_${crypto_1.default.randomBytes(6).toString("hex")}`,
+        token: tokenId,
         card_alias: cardAlias,
         amount,
         merchant,
         created_at: Date.now(),
         ttl_seconds: ttlSeconds,
         used: false,
+        cancelled: false,
+        airwallex_card_id: airwallexCardId,
     };
-    tokenStore.set(token.token, token);
+    tokenStore.set(tokenId, token);
+    // 4. Pre-hold the amount in Supabase (deduct immediately, refund on cancel or underspend)
+    const newBalance = info.walletBalance - amount;
+    await supabase
+        .from("wallets")
+        .update({ balance: newBalance })
+        .eq("user_id", info.userId);
+    console.error(`[ISSUE] Token ${tokenId} created. Balance: $${info.walletBalance} → $${newBalance}`);
     return token;
 }
-function resolveTokenRemote(tokenId) {
+async function resolveTokenRemote(tokenId) {
     const token = tokenStore.get(tokenId);
-    if (!token || token.used)
+    if (!token || token.used || token.cancelled)
         return null;
     const age = (Date.now() - token.created_at) / 1000;
     if (age > token.ttl_seconds) {
         tokenStore.delete(tokenId);
         return null;
     }
-    // In Phase 2 this will return a real Airwallex JIT card
-    // For now, returns a Stripe test card for sandbox testing
+    // Try to fetch REAL card details from Airwallex
+    if (token.airwallex_card_id) {
+        const airwallexAuth = await getAirwallexToken();
+        if (airwallexAuth) {
+            try {
+                const res = await fetch(`${AIRWALLEX_BASE}/issuing/cards/${token.airwallex_card_id}`, {
+                    headers: { Authorization: `Bearer ${airwallexAuth}` },
+                });
+                if (res.ok) {
+                    const data = await res.json();
+                    console.error("[AIRWALLEX] ✅ Real card details fetched.");
+                    return {
+                        number: data.card_number || "4242424242424242",
+                        exp_month: data.expiry_month || "12",
+                        exp_year: data.expiry_year || "2030",
+                        cvv: data.cvv || "123",
+                        name: data.name_on_card || "Z-ZERO AI AGENT",
+                    };
+                }
+            }
+            catch (err) {
+                console.error("[AIRWALLEX] Failed to fetch card details:", err);
+            }
+        }
+    }
+    // Fallback to Stripe test card (demo/sandbox mode)
+    console.error("[AIRWALLEX] ⚠️ Using test card fallback (4242...)");
     return {
         number: "4242424242424242",
         exp_month: "12",
@@ -118,20 +241,56 @@ function resolveTokenRemote(tokenId) {
         name: "Z-ZERO Agent",
     };
 }
-async function burnTokenRemote(tokenId) {
+async function cancelTokenRemote(tokenId) {
     const token = tokenStore.get(tokenId);
-    if (!token)
-        return false;
-    token.used = true;
-    // Deduct from Supabase wallet balance
+    if (!token || token.used || token.cancelled) {
+        return { success: false, refunded_amount: 0 };
+    }
+    // Mark token as cancelled in memory
+    token.cancelled = true;
+    // Cancel the Airwallex card (if one was issued)
+    if (token.airwallex_card_id) {
+        const airwallexAuth = await getAirwallexToken();
+        if (airwallexAuth) {
+            try {
+                await fetch(`${AIRWALLEX_BASE}/issuing/cards/${token.airwallex_card_id}/deactivate`, {
+                    method: "POST",
+                    headers: { Authorization: `Bearer ${airwallexAuth}`, "Content-Type": "application/json" },
+                    body: JSON.stringify({ cancellation_reason: "CANCELLED_BY_USER" }),
+                });
+                console.error(`[AIRWALLEX] Card ${token.airwallex_card_id} cancelled.`);
+            }
+            catch (err) {
+                console.error("[AIRWALLEX] Failed to cancel card:", err);
+            }
+        }
+    }
+    // Refund the held amount back to wallet
     const info = await resolveApiKey();
     if (info) {
-        const newBalance = info.walletBalance - token.amount;
+        const currentBalanceRes = await supabase
+            .from("wallets")
+            .select("balance")
+            .eq("user_id", info.userId)
+            .single();
+        const currentBalance = Number(currentBalanceRes.data?.balance || 0);
         await supabase
             .from("wallets")
-            .update({ balance: newBalance })
+            .update({ balance: currentBalance + token.amount })
             .eq("user_id", info.userId);
-        // Log the transaction
+        console.error(`[CANCEL] Refunded $${token.amount}. New balance: $${currentBalance + token.amount}`);
+    }
+    setTimeout(() => tokenStore.delete(tokenId), 5000);
+    return { success: true, refunded_amount: token.amount };
+}
+async function burnTokenRemote(tokenId) {
+    const token = tokenStore.get(tokenId);
+    if (!token || token.cancelled)
+        return false;
+    token.used = true;
+    // Log the transaction — NOTE: wallet was already debited at issue time
+    const info = await resolveApiKey();
+    if (info) {
         await supabase.from("transactions").insert({
             card_id: info.cardId,
             amount: token.amount,
@@ -142,3 +301,26 @@ async function burnTokenRemote(tokenId) {
     setTimeout(() => tokenStore.delete(tokenId), 5000);
     return true;
 }
+// Handle underspend: called when transaction amount < token amount
+async function refundUnderspendRemote(tokenId, actualSpent) {
+    const token = tokenStore.get(tokenId);
+    if (!token)
+        return;
+    const overheld = token.amount - actualSpent;
+    if (overheld <= 0)
+        return;
+    const info = await resolveApiKey();
+    if (!info)
+        return;
+    const currentBalanceRes = await supabase
+        .from("wallets")
+        .select("balance")
+        .eq("user_id", info.userId)
+        .single();
+    const currentBalance = Number(currentBalanceRes.data?.balance || 0);
+    await supabase
+        .from("wallets")
+        .update({ balance: currentBalance + overheld })
+        .eq("user_id", info.userId);
+    console.error(`[REFUND] Underspend refunded: $${overheld} (Spent $${actualSpent} of $${token.amount})`);
+}

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "z-zero-mcp-server",
-    "version": "1.0.1",
-    "description": "Z-ZERO MCP Server — Secure JIT Virtual Card Payment tools for AI Agents (Claude, AutoGPT, CrewAI)",
+    "version": "1.0.2",
+    "description": "Z-ZERO MCP Server — Secure JIT Virtual Card Payment tools for AI Agents (Claude, AutoGPT, CrewAI) — Real Airwallex Mastercards",
     "main": "dist/index.js",
     "bin": "dist/index.js",
     "scripts": {