You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@rapay/mcp-server

Package Overview
Dependencies
Maintainers
1
Versions
18
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@rapay/mcp-server - npm Package Compare versions

Comparing version
1.2.6
 to
1.3.0
+39
-11
dist/handlers.js

@@ -41,2 +41,3 @@ /**

ra_refund: { windowMs: 60000, maxCalls: 5 },
ra_add_card: { windowMs: 60000, maxCalls: 5 },
ra_balance: { windowMs: 60000, maxCalls: 10 },

@@ -272,2 +273,5 @@ ra_history: { windowMs: 60000, maxCalls: 10 },

break;
case "ra_add_card":
result = await executeAddCard();
break;
case "ra_refund":

@@ -340,13 +344,6 @@ result = await executeRefund();

}
// Account not linked
if (message.includes("not linked") || message.includes("link-bank")) {
return {
error: "account_not_linked",
code: "ACCOUNT_NOT_LINKED",
message: "Stripe account not linked. Run 'ra link-bank' first.",
retryable: false,
};
}
// Session expired or invalid (from server-side session management)
// Tightened 401 regex to avoid false positives (e.g., matching "401 Main St")
// MUST be checked BEFORE "no payment method" and "account not linked" blocks,
// because session-expired messages can mention "ra add-card" and "ra link-bank"
// which would cause misclassification if checked after those blocks.
const is401Error = /(?:status|code|http)[^0-9]{0,10}401/i.test(message) ||

@@ -358,6 +355,24 @@ /401[^a-z]{0,10}(?:unauthorized|unauthenticated)/i.test(message);

code: "SESSION_EXPIRED",
message: "Session expired. Run 'ra link-bank' to re-authenticate.",
message: "Session expired. Run 'ra link-bank' or 'ra add-card' to re-authenticate.",
retryable: false,
};
}
// No payment method configured (card or bank)
if (message.includes("No payment method") || message.includes("No card saved")) {
return {
error: "no_payment_method",
code: "NO_PAYMENT_METHOD",
message: "No payment method configured. The user needs to run `ra add-card` to save a credit card, or `ra link-bank` to connect a bank account.",
retryable: false,
};
}
// Account not linked (legacy)
if (message.includes("not linked") || message.includes("link-bank")) {
return {
error: "account_not_linked",
code: "ACCOUNT_NOT_LINKED",
message: "No payment method configured. Run 'ra add-card' to save a card, or 'ra link-bank' to connect a bank account.",
retryable: false,
};
}
// Velocity limit (backend limit)

@@ -556,2 +571,15 @@ if (message.includes("velocity") || message.includes("daily limit")) {

/**
* Execute ra add-card command
* This requires browser interaction — the AI agent should prompt the user
*/
function executeAddCard() {
return JSON.stringify({
status: "user_action_required",
message: "Saving a credit card requires browser interaction. " +
"Please ask the user to run `ra add-card` in their terminal. " +
"This will open Stripe Checkout where they can securely save their card.",
command: "ra add-card",
}, null, 2);
}
/**
* Execute ra refund command (opens Stripe Dashboard)

@@ -558,0 +586,0 @@ */

+1
-1
dist/index.d.ts

@@ -16,3 +16,3 @@ #!/usr/bin/env node

*/
export declare const SERVER_VERSION = "1.2.6";
export declare const SERVER_VERSION = "1.3.0";
//# sourceMappingURL=index.d.ts.map
+1
-1
dist/index.js

@@ -26,3 +26,3 @@ #!/usr/bin/env node

const SERVER_NAME = "rapay-mcp";
export const SERVER_VERSION = "1.2.6";
export const SERVER_VERSION = "1.3.0";
/**

@@ -29,0 +29,0 @@ * Initialize MCP server

+3
-2
dist/tools.d.ts
/**
* Ra Pay MCP Server - Tool Definitions
*
* 7 Tools:
* 8 Tools:
* - 2 Payment Operations (SENSITIVE)
* - 1 Account Setup Operation
* - 5 Query/Navigation Operations (Read-only)

@@ -14,3 +15,3 @@ *

/**
* All 7 tools combined
* All 8 tools combined
*/

@@ -17,0 +18,0 @@ export declare const TOOLS: Tool[];

+29
-4
dist/tools.js
/**
* Ra Pay MCP Server - Tool Definitions
*
* 7 Tools:
* 8 Tools:
* - 2 Payment Operations (SENSITIVE)
* - 1 Account Setup Operation
* - 5 Query/Navigation Operations (Read-only)

@@ -91,2 +92,26 @@ *

/**
* Account setup operations
*/
const SETUP_TOOLS = [
{
name: "ra_add_card",
description: "Save a credit card for sending payments. This requires the user to interact with a browser " +
"— the AI agent should prompt the user to run `ra add-card` in their terminal. " +
"The user's card is saved securely via Stripe Checkout (Ra Pay never sees card data). " +
"After saving a card, the user can send payments with `ra send` without needing a full Stripe Connect account.",
inputSchema: {
type: "object",
properties: {},
required: [],
},
annotations: {
title: "Save Card",
readOnlyHint: false,
destructiveHint: false,
idempotentHint: true,
openWorldHint: true,
},
},
];
/**
* Query operations - Read-only, no SENSITIVE marker needed

@@ -190,5 +215,5 @@ */

/**
* All 7 tools combined
* All 8 tools combined
*/
export const TOOLS = [...PAYMENT_TOOLS, ...QUERY_TOOLS];
export const TOOLS = [...PAYMENT_TOOLS, ...SETUP_TOOLS, ...QUERY_TOOLS];
/**

@@ -221,3 +246,3 @@ * Tool names that require user confirmation (SENSITIVE operations)

*/
const EXPECTED_TOOL_HASH = "f5d8adb129c9c36d";
const EXPECTED_TOOL_HASH = "4c1b95d9b088c1ec";
/**

@@ -224,0 +249,0 @@ * Compute the integrity hash of the tool definitions

+1
-1
package.json
{
"name": "@rapay/mcp-server",
"version": "1.2.6",
"version": "1.3.0",
"mcpName": "ai.rapay/mcp-server",

@@ -5,0 +5,0 @@ "description": "Ra Pay MCP Server for Claude Desktop and Claude Code - AI Agent Payment Infrastructure",