		@@ -16,3 +16,3 @@ #!/usr/bin/env node
		*/
		export declare const SERVER_VERSION = "1.2.5";
		export declare const SERVER_VERSION = "1.2.6";
		//# sourceMappingURL=index.d.ts.map

+1

-1

dist/index.js

		@@ -26,3 +26,3 @@ #!/usr/bin/env node
		const SERVER_NAME = "rapay-mcp";
		export const SERVER_VERSION = "1.2.5";
		export const SERVER_VERSION = "1.2.6";
		/**
		@@ -29,0 +29,0 @@ * Initialize MCP server

+1

-1

package.json

		{
		"name": "@rapay/mcp-server",
		"version": "1.2.5",
		"version": "1.2.6",
		"mcpName": "ai.rapay/mcp-server",
		@@ -5,0 +5,0 @@ "description": "Ra Pay MCP Server for Claude Desktop and Claude Code - AI Agent Payment Infrastructure",

+292

-102

README.md

		@@ -1,153 +0,343 @@
		# MCP Registry
		# Ra Pay MCP Server

		The MCP registry provides MCP clients with a list of MCP servers, like an app store for MCP servers.
		MCP (Model Context Protocol) server for AI agent payment automation. Enables Claude Desktop, Claude API, and ChatGPT to execute payments via Ra Pay CLI.

		[📤 Publish my MCP server](docs/modelcontextprotocol-io/quickstart.mdx) \| [⚡️ Live API docs](https://registry.modelcontextprotocol.io/docs) \| [👀 Ecosystem vision](docs/design/ecosystem-vision.md) \| 📖 [Full documentation](./docs)
		Status: Perplexity Security Review APPROVED (98% confidence)

		## Development Status
		## Features

		2025-10-24 update: The Registry API has entered an API freeze (v0.1) 🎉. For the next month or more, the API will remain stable with no breaking changes, allowing integrators to confidently implement support. This freeze applies to v0.1 while development continues on v0. We'll use this period to validate the API in real-world integrations and gather feedback to shape v1 for general availability. Thank you to everyone for your contributions and patience—your involvement has been key to getting us here!
		- 6 MVP tools for payment operations
		- Subprocess isolation (credentials never leave keyring)
		- Response sanitization (prevents prompt injection)
		- Rate limiting (1 payment/min, 10 queries/min)
		- Audit logging

		2025-09-08 update: The registry has launched in preview 🎉 ([announcement blog post](https://blog.modelcontextprotocol.io/posts/2025-09-08-mcp-registry-preview/)). While the system is now more stable, this is still a preview release and breaking changes or data resets may occur. A general availability (GA) release will follow later. We'd love your feedback in [GitHub discussions](https://github.com/modelcontextprotocol/registry/discussions/new?category=ideas) or in the [#registry-dev Discord](https://discord.com/channels/1358869848138059966/1369487942862504016) ([joining details here](https://modelcontextprotocol.io/community/communication)).
		## Installation

		Current key maintainers:
		- Adam Jones (Anthropic) [@domdomegg](https://github.com/domdomegg)
		- Tadas Antanavicius (PulseMCP) [@tadasant](https://github.com/tadasant)
		- Toby Padilla (GitHub) [@toby](https://github.com/toby)
		- Radoslav (Rado) Dimitrov (Stacklok) [@rdimitrov](https://github.com/rdimitrov)
		### Prerequisites

		## Contributing
		- Node.js 18+
		- Ra Pay CLI installed and authenticated (`ra link-bank`)

		We use multiple channels for collaboration - see [modelcontextprotocol.io/community/communication](https://modelcontextprotocol.io/community/communication).
		### Setup

		Often (but not always) ideas flow through this pipeline:
		```bash
		cd rapay/mcp-server
		npm install
		npm run build
		```

		- [Discord](https://modelcontextprotocol.io/community/communication) - Real-time community discussions
		- [Discussions](https://github.com/modelcontextprotocol/registry/discussions) - Propose and discuss product/technical requirements
		- [Issues](https://github.com/modelcontextprotocol/registry/issues) - Track well-scoped technical work
		- [Pull Requests](https://github.com/modelcontextprotocol/registry/pulls) - Contribute work towards issues
		### Claude Desktop Configuration

		### Quick start:
		macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`

		#### Pre-requisites
		```json
		{
		"mcpServers": {
		"rapay": {
		"command": "node",
		"args": ["/Users/yourname/rapay/mcp-server/dist/index.js"]
		}
		}
		}
		```

		- Docker
		- Go 1.24.x
		- ko - Container image builder for Go ([installation instructions](https://ko.build/install/))
		- golangci-lint v2.4.0
		Windows: `%APPDATA%\Claude\claude_desktop_config.json`

		#### Running the server
		```json
		{
		"mcpServers": {
		"rapay": {
		"command": "node",
		"args": ["C:\\Users\\yourname\\rapay\\mcp-server\\dist\\index.js"]
		}
		}
		}
		```

		```bash
		# Start full development environment
		make dev-compose
		With custom CLI path:

		```json
		{
		"mcpServers": {
		"rapay": {
		"command": "node",
		"args": ["/path/to/rapay/mcp-server/dist/index.js"],
		"env": {
		"RAPAY_CLI_PATH": "/custom/path/to/ra"
		}
		}
		}
		}
		```

		This starts the registry at [`localhost:8080`](http://localhost:8080) with PostgreSQL. The database uses ephemeral storage and is reset each time you restart the containers, ensuring a clean state for development and testing.
		After adding, restart Claude Desktop. You should see "rapay" in the MCP servers list.

		Note: The registry uses [ko](https://ko.build) to build container images. The `make dev-compose` command automatically builds the registry image with ko and loads it into your local Docker daemon before starting the services.
		## Tools

		By default, the registry seeds from the production API with a filtered subset of servers (to keep startup fast). This ensures your local environment mirrors production behavior and all seed data passes validation. For offline development you can seed from a file without validation with `MCP_REGISTRY_SEED_FROM=data/seed.json MCP_REGISTRY_ENABLE_REGISTRY_VALIDATION=false make dev-compose`.
		### Payment Operations (SENSITIVE)

		The setup can be configured with environment variables in [docker-compose.yml](./docker-compose.yml) - see [.env.example](./.env.example) for a reference.
		\| Tool \| Description \|
		\|------\|-------------\|
		\| `ra_send` \| Execute a payment transaction \|
		\| `ra_subscribe` \| Create a subscription for a customer \|
		\| `ra_refund` \| Open Stripe Dashboard for refunds \|

		<details>
		<summary>Alternative: Running a pre-built Docker image</summary>
		### Query Operations

		Pre-built Docker images are automatically published to GitHub Container Registry:
		\| Tool \| Description \|
		\|------\|-------------\|
		\| `ra_balance` \| Check available balance \|
		\| `ra_history` \| Get transaction history \|
		\| `ra_whoami` \| Check account status \|

		```bash
		# Run latest stable release
		docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:latest
		## Security

		# Run latest from main branch (continuous deployment)
		docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:main
		### Subprocess Isolation

		# Run specific release version
		docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:v1.0.0
		MCP server spawns Ra Pay CLI as subprocess. Credentials remain in OS keyring - MCP server never sees them directly.

		# Run development build from main branch
		docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:main-20250906-abc123d
		```
		### Response Sanitization

		Available tags:
		- Releases: `latest`, `v1.0.0`, `v1.1.0`, etc.
		- Continuous: `main` (latest main branch build)
		- Development: `main-<date>-<sha>` (specific commit builds)
		All CLI output is sanitized to prevent prompt injection:
		- ANSI escape sequences removed
		- System markers filtered (`[SYSTEM]`, `[USER]`, etc.)
		- Control characters stripped

		</details>
		### Rate Limiting

		#### Publishing a server
		Defense-in-depth layer at MCP level:

		To publish a server, we've built a simple CLI. You can use it with:
		\| Tool \| Limit \|
		\|------\|-------\|
		\| `ra_send` \| 1 per 60 seconds \|
		\| `ra_subscribe` \| 1 per 60 seconds \|
		\| `ra_refund` \| 5 per 60 seconds \|
		\| `ra_balance` \| 10 per 60 seconds \|
		\| `ra_history` \| 10 per 60 seconds \|
		\| `ra_whoami` \| 20 per 60 seconds \|

		```bash
		# Build the latest CLI
		make publisher
		Note: Backend also enforces velocity controls (account-tier daily limits).

		# Use it!
		./bin/mcp-publisher --help
		## Privacy & Data Storage

		Ra Pay is designed as a "dumb pipe" to Stripe:

		What Ra Pay stores:
		- Your user ID
		- Your Stripe account ID (encrypted)
		- Action logs: "payment sent", "balance checked" (no amounts)
		- Transaction audit trail with Stripe transfer IDs

		What Ra Pay does NOT store:
		- Your payment amounts
		- Recipient details
		- Payment descriptions
		- Your account balance
		- Any personally identifiable information (Stripe handles KYC)

		What MCP server adds:
		- Client type tracking ("called via Claude Desktop")
		- Tool call audit logs (same privacy level as above)
		- No new PII storage

		## Configuration

		### Environment Variables

		\| Variable \| Description \| Default \|
		\|----------\|-------------\|---------\|
		\| `RAPAY_CLI_PATH` \| Path to Ra Pay CLI executable \| `ra` \|

		### Audit Logging

		Logs are written to `~/.rapay/mcp-audit.log` with 7-day retention:
		- Tool name, timestamp, duration
		- Result (success/error/rate_limited)
		- Sanitized inputs (amounts redacted, emails masked)

		## Error Handling

		### Error Codes

		\| Code \| Description \| Retryable \|
		\|------\|-------------\|-----------\|
		\| `RATE_LIMIT_EXCEEDED` \| MCP rate limit hit \| No (wait) \|
		\| `CLI_NOT_FOUND` \| Ra Pay CLI not installed \| No \|
		\| `TOS_ACCEPTANCE_REQUIRED` \| ToS not accepted \| No \|
		\| `ACCOUNT_NOT_LINKED` \| Stripe account not linked \| No \|
		\| `VELOCITY_EXCEEDED` \| Daily limit exceeded \| No \|
		\| `TIMEOUT` \| Request timed out \| Yes \|
		\| `NETWORK_ERROR` \| Network connectivity issue \| Yes \|
		\| `EXECUTION_FAILED` \| Generic CLI error \| No \|

		### Rate Limit Error

		```json
		{
		"error": "rate_limit_exceeded",
		"code": "RATE_LIMIT_EXCEEDED",
		"message": "Too many requests. Please wait 60 seconds.",
		"retry_after_seconds": 60,
		"retryable": false
		}
		```

		See [the publisher guide](./docs/modelcontextprotocol-io/quickstart.mdx) for more details.
		### CLI Not Found Error

		#### Other commands
		```json
		{
		"error": "cli_not_found",
		"code": "CLI_NOT_FOUND",
		"message": "Ra Pay CLI not found. Please install it first.",
		"retryable": false
		}
		```

		```bash
		# Run lint, unit tests and integration tests
		make check
		### ToS Required Error

		```json
		{
		"error": "tos_required",
		"code": "TOS_ACCEPTANCE_REQUIRED",
		"message": "Terms of Service must be accepted. Run 'ra accept-tos' first.",
		"retryable": false
		}
		```

		There are also a few more helpful commands for development. Run `make help` to learn more, or look in [Makefile](./Makefile).
		### For Claude API Callers: Exponential Backoff

		<!--
		For Claude and other AI tools: Always prefer make targets over custom commands where possible.
		-->
		If you receive `RATE_LIMIT_EXCEEDED`, implement exponential backoff:

		## Architecture
		```typescript
		const maxRetries = 3;
		let delay = 60; // seconds

		### Project Structure
		for (let attempt = 0; attempt < maxRetries; attempt++) {
		try {
		return await mcp.callTool('ra_send', params);
		} catch (error) {
		if (error.code === 'RATE_LIMIT_EXCEEDED') {
		console.log(`Rate limited. Waiting ${delay}s before retry...`);
		await sleep(delay * 1000);
		delay *= 2; // exponential backoff
		} else {
		throw error;
		}
		}
		}

		// DO NOT:
		// - Retry immediately (wastes time, still rate limited)
		// - Retry more than 3 times (indicates genuine rate limit)
		// - Ignore retry_after_seconds field
		```
		├── cmd/ # Application entry points
		│ └── publisher/ # Server publishing tool
		├── data/ # Seed data
		├── deploy/ # Deployment configuration (Pulumi)
		├── docs/ # Documentation
		├── internal/ # Private application code
		│ ├── api/ # HTTP handlers and routing
		│ ├── auth/ # Authentication (GitHub OAuth, JWT, namespace blocking)
		│ ├── config/ # Configuration management
		│ ├── database/ # Data persistence (PostgreSQL)
		│ ├── service/ # Business logic
		│ ├── telemetry/ # Metrics and monitoring
		│ └── validators/ # Input validation
		├── pkg/ # Public packages
		│ ├── api/ # API types and structures
		│ │ └── v0/ # Version 0 API types
		│ └── model/ # Data models for server.json
		├── scripts/ # Development and testing scripts
		├── tests/ # Integration tests
		└── tools/ # CLI tools and utilities
		└── validate-*.sh # Schema validation tools

		Note: MCP rate limiting is client-side defense-in-depth. Backend also enforces velocity controls per account tier.

		## Data Flow

		```
		You (Claude Desktop/API)
		\|
		v
		MCP Server (this package)
		\| - Logs tool calls (no amounts/PII)
		\| - Rate limits requests
		\| - Sanitizes responses
		v
		Ra Pay CLI (subprocess)
		\| - Credentials in OS keyring
		\| - Adds replay protection
		v
		Ra Pay Backend
		\| - Validates requests
		\| - Enforces velocity limits
		v
		Stripe API
		\| - Owns all PII
		\| - Processes payments
		v
		Recipient's Bank
		```

		### Authentication
		All sensitive data flows directly to Stripe. Ra Pay only records that an action occurred.

		Publishing supports multiple authentication methods:
		- GitHub OAuth - For publishing by logging into GitHub
		- GitHub OIDC - For publishing from GitHub Actions
		- DNS verification - For proving ownership of a domain and its subdomains
		- HTTP verification - For proving ownership of a domain
		## Security Model

		The registry validates namespace ownership when publishing. E.g. to publish...:
		- `io.github.domdomegg/my-cool-mcp` you must login to GitHub as `domdomegg`, or be in a GitHub Action on domdomegg's repos
		- `me.adamjones/my-cool-mcp` you must prove ownership of `adamjones.me` via DNS or HTTP challenge
		This section documents the security posture of the published npm package.

		## Community Projects
		### What's Published to npm

		Check out [community projects](docs/community-projects.md) to explore notable registry-related work created by the community.
		\| Category \| Included \| Excluded \|
		\|----------\|----------\|----------\|
		\| Compiled JavaScript \| Yes \| - \|
		\| TypeScript declarations \| Yes \| - \|
		\| Source maps (.js.map) \| No \| Excluded for code privacy \|
		\| Source code (src/) \| No \| Development only \|

		## More documentation
		### Intentionally Public Information

		See the [documentation](./docs) for more details if your question has not been answered here!
		\| Metadata \| Value \| Rationale \|
		\|----------\|-------\|-----------\|
		\| Repository \| github.com/Ra-Pay-AI/rapay \| Open source by design \|
		\| Author \| Ra Pay \| Company name \|
		\| License \| MIT \| Standard permissive license \|
		\| Keywords \| mcp, payments, stripe, claude \| Discoverability \|

		### Security Features Exposed (By Design)

		These are documented for users and do not represent vulnerabilities:

		- Rate limiting rules - Users need to know limits to implement backoff
		- Error codes - Required for proper error handling
		- Tool schemas - Required by MCP protocol specification
		- Audit log location (~/.rapay/mcp-audit.log) - Users may need to inspect

		### What Is NOT Exposed

		\| Category \| Protection \|
		\|----------\|------------\|
		\| API keys/secrets \| Never in code (OS keyring only) \|
		\| Backend URLs \| Only public rapay.ai endpoints \|
		\| User data \| Subprocess isolation, never in MCP process \|
		\| Payment amounts \| Redacted as `[redacted]` in all logs \|
		\| Email addresses \| Masked (j***@example.com) in audit logs \|

		### Subprocess Isolation Model

		```
		┌─────────────────────┐
		│ AI Agent (Claude) │
		└─────────┬───────────┘
		│ MCP Protocol (stdio)
		▼
		┌─────────────────────┐
		│ MCP Server (npm) │ ← No credentials here
		│ - Rate limiting │
		│ - Input validation │
		│ - Response sanitize│
		└─────────┬───────────┘
		│ Spawns subprocess
		▼
		┌─────────────────────┐
		│ Ra Pay CLI │ ← Credentials in OS keyring
		│ - Session tokens │
		│ - Stripe API calls │
		└─────────────────────┘
		```

		The MCP server never has access to credentials. All sensitive operations are delegated to the CLI subprocess, which reads credentials directly from the OS keyring.

		## Development

		```bash
		npm run dev # Watch mode
		npm run build # Build
		npm run lint # Lint
		npm run test # Test
		```

		## License

		MIT

-21

LICENSE

		MIT License

		Copyright (c) 2025 MCP Contributors

		Permission is hereby granted, free of charge, to any person obtaining a copy
		of this software and associated documentation files (the "Software"), to deal
		in the Software without restriction, including without limitation the rights
		to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
		copies of the Software, and to permit persons to whom the Software is
		furnished to do so, subject to the following conditions:

		The above copyright notice and this permission notice shall be included in all
		copies or substantial portions of the Software.

		THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
		IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
		FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
		AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
		LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
		OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
		SOFTWARE.

@rapay/mcp-server - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics