npm - z-zero-mcp-server - Versions diffs - 1.0.4 → 1.0.6 - Mend

z-zero-mcp-server 1.0.4 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,80 +1,105 @@
 # OpenClaw: Z-ZERO AI Agent MCP Server
-A Zero-Trust Payment Protocol built specifically for AI Agents utilizing the Model Context Protocol (MCP). Use this to give your local agents (Claude, Cursor, AutoGPT) the power to make real-world purchases securely.
+A Zero-Trust Payment Protocol built specifically for AI Agents using the [Model Context Protocol (MCP)](https://modelcontextprotocol.io). Give your local agents (Claude, Cursor, AntiGravity) the ability to make real-world purchases — securely, without ever seeing a real card number.
-## The Concept (Tokenized JIT Payments)
-This MCP server acts as an "Invisible Bridge" for your AI Agents. Instead of giving your LLM direct access to a 16-digit credit card number (which triggers safety filters and risks prompt injection theft), the AI only handles **temporary, single-use tokens**.
+## How It Works
-The local MCP client resolves the token securely in RAM, injects the real card data directly into the payment form (via Playwright), and clicks "Pay". The virtual card and token are burned milliseconds later.
+Instead of giving your AI direct access to a credit card number, OpenClaw issues **temporary, single-use JIT tokens**. The token is resolved in RAM, Playwright injects the card data directly into the payment form, and the virtual card is burned milliseconds later. Your AI never sees the PAN, CVV, or expiry.
-## Getting Started
+---
-### 1. Requirements
-- **Node.js** (v18+)
-- **Git**
-- **Z-ZERO Passport Key** (Get yours at [clawcard.store/dashboard/agents](https://clawcard.store/dashboard/agents))
+## Quick Install (Recommended)
-### 2. Installation
 ```bash
-git clone https://github.com/openclaw/z-zero-mcp-server.git
-cd z-zero-mcp-server
-npm install
-npx playwright install chromium
-npm run build
+npx z-zero-mcp-server
 ```
-### 3. Integration into AI Tools
-#### Claude Desktop
-Add the following to your `~/Library/Application Support/Claude/claude_desktop_config.json`:
+Add to your Claude Desktop config (`~/Library/Application Support/Claude/claude_desktop_config.json`):
 ```json
 {
   "mcpServers": {
     "openclaw": {
-      "command": "node",
-      "args": ["/ABSOLUTE/PATH/TO/z-zero-mcp-server/dist/index.js"],
+      "command": "npx",
+      "args": ["-y", "z-zero-mcp-server@latest"],
       "env": {
-        "Z_ZERO_API_KEY": "your_passport_key_here",
-        "Z_ZERO_API_BASE_URL": "https://clawcard.store"
+        "Z_ZERO_API_KEY": "zk_live_your_passport_key_here"
       }
     }
   }
 }
 ```
-#### Cursor / IDEs
-1. Go to **Settings** > **Cursor Settings** > **Features** > **MCP**.
-2. Click **+ Add New MCP Server**.
-3. Name: `openclaw`
-4. Type: `command`
-5. Command: `env Z_ZERO_API_KEY=your_passport_key_here node /ABSOLUTE/PATH/TO/z-zero-mcp-server/dist/index.js`
+Get your Passport Key at: **[clawcard.store/dashboard/agents](https://www.clawcard.store/dashboard/agents)**
-## Available Tools
-- `list_cards`: View available virtual card aliases and balances.
-- `check_balance`: Query a specific card's real-time balance.
-- `request_payment_token`: Generate a JIT auth token for a specific amount.
-- `execute_payment`: Securely auto-fills checkout URLs and executes the payment.
-- `get_deposit_addresses`: Get your unique addresses to top up your balance.
+---
-## Troubleshooting
+## Requirements
-### Error: "Z_ZERO_API_KEY is missing"
-If your AI Agent reports this error, it means the `Z_ZERO_API_KEY` environment variable is not set correctly in your MCP configuration.
-1.  Go to [clawcard.store/dashboard/agents](https://clawcard.store/dashboard/agents).
-2.  Generate or Copy your **Passport Key** (starts with `zk_live_`).
-3.  Ensure it is correctly pasted into your `claude_desktop_config.json` or your IDE's MCP settings.
-4.  **Restart** your AI Agent (Claude Desktop or IDE) for the changes to take effect.
+- **Node.js v18+** — [nodejs.org](https://nodejs.org)
+- **Passport Key** — starts with `zk_live_`, get it from the dashboard above
+---
+## Available MCP Tools
+| Tool | Description |
+|------|-------------|
+| `list_cards` | View your virtual card aliases and balances |
+| `check_balance` | Query a specific card's real-time balance |
+| `get_deposit_addresses` | Get deposit addresses to top up your balance |
+| `request_payment_token` | Generate a JIT auth token for a specific amount |
+| `execute_payment` | Auto-fill checkout form and execute payment |
+| `cancel_payment_token` | Cancel unused token, refund to wallet |
+| `request_human_approval` | Pause and ask human for approval |
+---
+## REST API Reference
+The Z-ZERO backend is hosted at `https://www.clawcard.store`. All endpoints require a `Bearer` token using your Passport Key.
+> ⚠️ **Use the MCP tools above instead of calling REST directly.** If you must call REST, use the exact paths below.
+### `GET /api/tokens/cards`
+Returns your card list, balance, and deposit addresses.
+```bash
+curl -X GET "https://www.clawcard.store/api/tokens/cards" \
+  -H "Authorization: Bearer zk_live_your_key"
+```
+**Aliases (also work):**
+- `GET /api/v1/cards` ← for agents that guess REST-style paths
+### `POST /api/tokens/issue`
+Issue a JIT payment token.
+### `POST /api/tokens/resolve`
+Resolve a token to card data (server-side only).
+### `POST /api/tokens/burn`
+Burn a used token.
+### `POST /api/tokens/cancel`
+Cancel an unused token (refunds balance).
 ---
 ## Troubleshooting
-### Error: "Z_ZERO_API_KEY is missing"
-This error means your AI Agent (Claude/Cursor) doesn't have your **Passport Key** yet.
-1. Go to [clawcard.store/dashboard/agents](https://clawcard.store/dashboard/agents).
-2. Copy your **Passport Key** (starts with `zk_live_`).
-3. Add it to your config (e.g., `claude_desktop_config.json`) as `Z_ZERO_API_KEY`.
-4. **Restart** your AI Agent (Claude Desktop or IDE).
+### "Z_ZERO_API_KEY is missing"
+1. Go to [clawcard.store/dashboard/agents](https://www.clawcard.store/dashboard/agents)
+2. Copy your Passport Key (starts with `zk_live_`)
+3. Add it to your config as `Z_ZERO_API_KEY`
+4. **Restart** Claude Desktop / Cursor
+### "Invalid API Key" (401)
+- Double-check you copied the full key (e.g. `zk_live_c0g3l`)
+- Make sure there are no extra spaces or line breaks
+### "404 Not Found" on `/api/v1/cards`
+- This is a legacy path alias — it should now work. If not, use `/api/tokens/cards` directly.
+---
-*Security Note: OpenClaw never stores your Passport Key. It is passed via environment variables and card data exists only in RAM during execution.*
+*Security: OpenClaw never stores your Passport Key. It is passed via environment variables and card data exists only in volatile RAM during execution.*

package/dist/api_backend.js CHANGED Viewed

@@ -11,11 +11,11 @@ exports.resolveTokenRemote = resolveTokenRemote;
 exports.burnTokenRemote = burnTokenRemote;
 exports.cancelTokenRemote = cancelTokenRemote;
 exports.refundUnderspendRemote = refundUnderspendRemote;
-const API_BASE_URL = process.env.Z_ZERO_API_BASE_URL || "https://clawcard.store";
+const API_BASE_URL = process.env.Z_ZERO_API_BASE_URL || "https://www.clawcard.store";
 const PASSPORT_KEY = process.env.Z_ZERO_API_KEY || "";
 if (!PASSPORT_KEY) {
     console.error("❌ ERROR: Z_ZERO_API_KEY (Passport Key) is missing!");
-    console.error("🔐 Please get your Passport Key from: https://clawcard.store/dashboard/agents");
+    console.error("🔐 Please get your Passport Key from: https://www.clawcard.store/dashboard/agents");
     console.error("🛠️ Setup: Ensure 'Z_ZERO_API_KEY' is set in your environment variables.");
 }
 async function apiRequest(endpoint, method = 'GET', body = null) {
@@ -71,6 +71,9 @@ async function issueTokenRemote(cardAlias, amount, merchant) {
     });
     if (!data)
         return null;
+    // Forward API errors (402 insufficient, 429 max cards, etc.)
+    if (data.error)
+        return data;
     // Adapt Dashboard API response to MCP expected format
     return {
         token: data.token,
@@ -78,7 +81,7 @@ async function issueTokenRemote(cardAlias, amount, merchant) {
         amount: amount,
         merchant: merchant,
         created_at: Date.now(),
-        ttl_seconds: 1800, // Matching Dashboard TTL
+        ttl_seconds: 1800,
         used: false
     };
 }

package/dist/index.js CHANGED Viewed

@@ -26,19 +26,32 @@ server.tool("list_cards", "List all available virtual card aliases and their bal
             content: [{
                     type: "text",
                     text: "❌ AUTHENTICATION REQUIRED: Your Z_ZERO_API_KEY (Passport Key) is missing from the MCP configuration.\n\n" +
-                        "👉 Please GET your key here: https://clawcard.store/dashboard/agents\n" +
+                        "👉 Please GET your key here: https://www.clawcard.store/dashboard/agents\n" +
                         "👉 Then SET it as the 'Z_ZERO_API_KEY' environment variable in your AI tool (Claude Desktop/Cursor) and RESTART the tool."
                 }],
             isError: true
         };
     }
+    if (data?.error) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `❌ API ERROR: ${data.message || data.error}\n\nCould not fetch cards. Please verify your Passport Key is correct.`
+                }],
+            isError: true
+        };
+    }
     const cards = data?.cards || [];
+    const activeTokens = data?.active_tokens || [];
+    const recentTokens = data?.recent_tokens || [];
     return {
         content: [
             {
                 type: "text",
                 text: JSON.stringify({
                     cards,
+                    active_tokens: activeTokens,
+                    recent_tokens: recentTokens,
                     note: "Use card aliases to request payment tokens. Never ask for real card numbers.",
                 }, null, 2),
             },
@@ -59,7 +72,7 @@ server.tool("check_balance", "Check the remaining balance of a virtual card by i
             content: [{
                     type: "text",
                     text: "❌ AUTHENTICATION REQUIRED: Your Z_ZERO_API_KEY (Passport Key) is missing from the MCP configuration.\n\n" +
-                        "👉 Please GET your key here: https://clawcard.store/dashboard/agents\n" +
+                        "👉 Please GET your key here: https://www.clawcard.store/dashboard/agents\n" +
                         "👉 Then SET it as the 'Z_ZERO_API_KEY' environment variable and RESTART."
                 }],
             isError: true
@@ -95,7 +108,7 @@ server.tool("get_deposit_addresses", "Get your unique deposit addresses for EVM
             content: [{
                     type: "text",
                     text: "❌ AUTHENTICATION REQUIRED: Your Z_ZERO_API_KEY (Passport Key) is missing from the MCP configuration.\n\n" +
-                        "👉 Please GET your key here: https://clawcard.store/dashboard/agents\n" +
+                        "👉 Please GET your key here: https://www.clawcard.store/dashboard/agents\n" +
                         "👉 Then SET it as the 'Z_ZERO_API_KEY' environment variable and RESTART."
                 }],
             isError: true
@@ -107,7 +120,7 @@ server.tool("get_deposit_addresses", "Get your unique deposit addresses for EVM
             content: [
                 {
                     type: "text",
-                    text: "Failed to retrieve deposit addresses. Please ensure your Z_ZERO_API_KEY (Passport Key) is valid. You can find it at https://clawcard.store/dashboard/agents",
+                    text: "Failed to retrieve deposit addresses. Please ensure your Z_ZERO_API_KEY (Passport Key) is valid. You can find it at https://www.clawcard.store/dashboard/agents",
                 },
             ],
             isError: true,
@@ -158,12 +171,22 @@ server.tool("request_payment_token", "Request a temporary payment token for a sp
             content: [{
                     type: "text",
                     text: "❌ AUTHENTICATION REQUIRED: Your Z_ZERO_API_KEY (Passport Key) is missing from the MCP configuration.\n\n" +
-                        "👉 Please GET your key here: https://clawcard.store/dashboard/agents"
+                        "👉 Please GET your key here: https://www.clawcard.store/dashboard/agents"
                 }],
             isError: true
         };
     }
     if (!token || token.error) {
+        // Show actual API error if available (e.g. 429 max cards, 402 insufficient)
+        if (token?.message) {
+            return {
+                content: [{
+                        type: "text",
+                        text: `❌ ${token.message}`
+                    }],
+                isError: true,
+            };
+        }
         const balanceData = await (0, api_backend_js_1.getBalanceRemote)(card_alias);
         const balance = balanceData?.balance;
         return {
@@ -218,7 +241,7 @@ server.tool("execute_payment", "Execute a payment using a temporary token. This
             content: [{
                     type: "text",
                     text: "❌ AUTHENTICATION REQUIRED: Your Z_ZERO_API_KEY (Passport Key) is missing from the MCP configuration.\n\n" +
-                        "👉 Please GET your key here: https://clawcard.store/dashboard/agents"
+                        "👉 Please GET your key here: https://www.clawcard.store/dashboard/agents"
                 }],
             isError: true
         };
@@ -261,7 +284,7 @@ server.tool("execute_payment", "Execute a payment using a temporary token. This
 // ============================================================
 // TOOL 5: Cancel payment token (returns funds to wallet)
 // ============================================================
-server.tool("cancel_payment_token", "Cancel a payment token that has not been used yet. This will cancel the Airwallex card and refund the full amount back to the wallet. Use this when: (1) checkout price is higher than token amount, (2) purchase is no longer needed, or (3) human requests cancellation. IMPORTANT: Do NOT auto-cancel without human awareness — always inform the human first.", {
+server.tool("cancel_payment_token", "Cancel a payment token that has not been used yet. This will cancel the virtual card at the issuing network and refund the full amount back to the wallet. Use this when: (1) checkout price is higher than token amount, (2) purchase is no longer needed, or (3) human requests cancellation. IMPORTANT: Do NOT auto-cancel without human awareness — always inform the human first.", {
     token: zod_1.z
         .string()
         .describe("The payment token to cancel"),
@@ -275,7 +298,7 @@ server.tool("cancel_payment_token", "Cancel a payment token that has not been us
             content: [{
                     type: "text",
                     text: "❌ AUTHENTICATION REQUIRED: Your Z_ZERO_API_KEY (Passport Key) is missing from the MCP configuration.\n\n" +
-                        "👉 Please GET your key here: https://clawcard.store/dashboard/agents"
+                        "👉 Please GET your key here: https://www.clawcard.store/dashboard/agents"
                 }],
             isError: true
         };

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
     "name": "z-zero-mcp-server",
-    "version": "1.0.4",
-    "description": "Z-ZERO MCP Server — Secure JIT Virtual Card Payment tools for AI Agents (Claude, AutoGPT, CrewAI) — Real Airwallex Mastercards",
+    "version": "1.0.6",
+    "description": "Z-ZERO MCP Server — Secure JIT Virtual Card Payment tools for AI Agents (Claude, Cursor, AutoGPT) — Real Single-Use Visa Cards",
     "main": "dist/index.js",
     "bin": "dist/index.js",
     "scripts": {