z-zero-mcp-server 1.0.7 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/dist/api_backend.js +44 -11
  2. package/dist/index.js +440 -37
  3. package/dist/lib/extract-total-price.d.ts +9 -0
  4. package/dist/lib/extract-total-price.js +127 -0
  5. package/dist/lib/key-store.d.ts +13 -0
  6. package/dist/lib/key-store.js +38 -0
  7. package/dist/lib/web3-detector.d.ts +20 -0
  8. package/dist/lib/web3-detector.js +182 -0
  9. package/dist/lib/with-timeout.d.ts +21 -0
  10. package/dist/lib/with-timeout.js +45 -0
  11. package/dist/playwright_bridge.d.ts +1 -0
  12. package/dist/playwright_bridge.js +34 -2
  13. package/dist/types.d.ts +1 -0
  14. package/dist/wdk_backend.d.ts +9 -0
  15. package/dist/wdk_backend.js +228 -0
  16. package/package.json +2 -2
package/dist/api_backend.js CHANGED
@@ -11,16 +11,18 @@ exports.resolveTokenRemote = resolveTokenRemote;
11
11
  exports.burnTokenRemote = burnTokenRemote;
12
12
  exports.cancelTokenRemote = cancelTokenRemote;
13
13
  exports.refundUnderspendRemote = refundUnderspendRemote;
14
+ const key_store_js_1 = require("./lib/key-store.js");
14
15
  const API_BASE_URL = process.env.Z_ZERO_API_BASE_URL || "https://www.clawcard.store";
15
- const PASSPORT_KEY = process.env.Z_ZERO_API_KEY || "";
16
- if (!PASSPORT_KEY) {
16
+ const INTERNAL_SECRET = process.env.Z_ZERO_INTERNAL_SECRET || "";
17
+ if (!(0, key_store_js_1.hasPassportKey)()) {
17
18
  console.error("❌ ERROR: Z_ZERO_API_KEY (Passport Key) is missing!");
18
- console.error("🔐 Please get your Passport Key from: https://www.clawcard.store/dashboard/agents");
19
- console.error("🛠️ Setup: Ensure 'Z_ZERO_API_KEY' is set in your environment variables.");
19
+ console.error("🔐 Get your key: https://www.clawcard.store/dashboard/agents");
20
+ console.error("🛠️ Or call the set_api_key MCP tool to set it without restarting.");
20
21
  }
21
22
  async function apiRequest(endpoint, method = 'GET', body = null) {
23
+ const PASSPORT_KEY = (0, key_store_js_1.getPassportKey)(); // ✅ Hot-swap: read key dynamically each request
22
24
  if (!PASSPORT_KEY) {
23
- return { error: "AUTH_REQUIRED", message: "Z_ZERO_API_KEY is missing. Human needs to set it in MCP config." };
25
+ return { error: "AUTH_REQUIRED", message: "Z_ZERO_API_KEY is missing. Call set_api_key tool or set it in MCP config and restart." };
24
26
  }
25
27
  const url = `${API_BASE_URL.replace(/\/$/, '')}${endpoint}`;
26
28
  try {
@@ -44,6 +46,34 @@ async function apiRequest(endpoint, method = 'GET', body = null) {
44
46
  return { error: "NETWORK_ERROR", message: err.message };
45
47
  }
46
48
  }
49
+ // Internal API calls that require INTERNAL_SECRET (resolve PAN, burn token)
50
+ async function internalApiRequest(endpoint, method, body) {
51
+ if (!INTERNAL_SECRET) {
52
+ console.error("[MCP] Z_ZERO_INTERNAL_SECRET is missing — cannot call secure endpoints");
53
+ return { error: "CONFIG_ERROR", message: "INTERNAL_SECRET not configured" };
54
+ }
55
+ const url = `${API_BASE_URL.replace(/\/$/, '')}${endpoint}`;
56
+ try {
57
+ const res = await fetch(url, {
58
+ method,
59
+ headers: {
60
+ "x-internal-secret": INTERNAL_SECRET,
61
+ "Content-Type": "application/json",
62
+ },
63
+ body: body ? JSON.stringify(body) : null,
64
+ });
65
+ if (!res.ok) {
66
+ const err = await res.json().catch(() => ({ error: res.statusText }));
67
+ console.error(`[INTERNAL API ERROR] ${endpoint}:`, err.error);
68
+ return { error: "API_ERROR", message: err.error || res.statusText };
69
+ }
70
+ return await res.json();
71
+ }
72
+ catch (err) {
73
+ console.error(`[NETWORK ERROR] ${endpoint}:`, err.message);
74
+ return { error: "NETWORK_ERROR", message: err.message };
75
+ }
76
+ }
47
77
  async function listCardsRemote() {
48
78
  return await apiRequest('/api/tokens/cards', 'GET');
49
79
  }
@@ -90,24 +120,27 @@ async function issueTokenRemote(cardAlias, amount, merchant) {
90
120
  };
91
121
  }
92
122
  async function resolveTokenRemote(token) {
93
- const data = await apiRequest('/api/tokens/resolve', 'POST', { token });
94
- if (!data)
95
- return null;
123
+ // Uses INTERNAL_SECRET this endpoint returns real PAN/CVV
124
+ const data = await internalApiRequest('/api/tokens/resolve', 'POST', { token });
125
+ if (!data || data.error)
126
+ return data;
96
127
  return {
97
128
  number: data.number,
98
129
  exp_month: data.exp?.split('/')[0] || "12",
99
130
  exp_year: "20" + (data.exp?.split('/')[1] || "30"),
100
131
  cvv: data.cvv || "123",
101
- name: data.name || "Z-ZERO AI AGENT"
132
+ name: data.name || "Z-ZERO AI AGENT",
133
+ authorized_amount: data.authorized_amount ? Number(data.authorized_amount) : undefined,
102
134
  };
103
135
  }
104
136
  async function burnTokenRemote(token, receipt_id) {
105
- const data = await apiRequest('/api/tokens/burn', 'POST', {
137
+ // Uses INTERNAL_SECRET burn endpoint requires it
138
+ const data = await internalApiRequest('/api/tokens/burn', 'POST', {
106
139
  token,
107
140
  receipt_id,
108
141
  success: true
109
142
  });
110
- return !!data;
143
+ return !!data && !data.error;
111
144
  }
112
145
  async function cancelTokenRemote(token) {
113
146
  const data = await apiRequest('/api/tokens/cancel', 'POST', { token });