Add x402/MPP auto-payment to MCP server tools

New paid-fetch module reads the local allowance and wraps fetch with
@x402/fetch (Base USDC) or mppx (Tempo pathUSD) payment interceptor.
Six MCP tools now pay automatically on 402 instead of returning
informational text — matching CLI behavior. Falls back gracefully
when no allowance is configured.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: MajorTal

src/paid-fetch.test.ts

@@ -0,0 +1,120 @@
+import { describe, it, beforeEach, afterEach, mock } from "node:test";
+import assert from "node:assert/strict";
+import { mkdtempSync, writeFileSync, rmSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+
+const originalFetch = globalThis.fetch;
+let tempDir: string;
+
+beforeEach(() => {
+  tempDir = mkdtempSync(join(tmpdir(), "run402-paid-fetch-test-"));
+  process.env.RUN402_CONFIG_DIR = tempDir;
+  process.env.RUN402_API_BASE = "https://test-api.run402.com";
+});
+
+afterEach(() => {
+  globalThis.fetch = originalFetch;
+  rmSync(tempDir, { recursive: true, force: true });
+  delete process.env.RUN402_CONFIG_DIR;
+  delete process.env.RUN402_API_BASE;
+});
+
+describe("setupPaidFetch", () => {
+  it("returns null when no allowance file exists", async () => {
+    const { setupPaidFetch, _resetPaidFetchCache } = await import(`./paid-fetch.js?t=${Date.now()}`);
+    _resetPaidFetchCache();
+    const result = await setupPaidFetch();
+    assert.equal(result, null);
+  });
+
+  it("returns null when allowance exists but payment libs fail to import", async () => {
+    // Write an allowance file so readAllowance succeeds
+    writeFileSync(
+      join(tempDir, "allowance.json"),
+      JSON.stringify({
+        address: "0x1234567890abcdef1234567890abcdef12345678",
+        privateKey: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80",
+        created: "2026-01-01T00:00:00Z",
+        funded: true,
+        rail: "x402",
+      }),
+    );
+
+    // The test environment doesn't have @x402/fetch etc. installed as real modules,
+    // so setupPaidFetch should catch the import error and return null
+    const { setupPaidFetch, _resetPaidFetchCache } = await import(`./paid-fetch.js?t=${Date.now()}`);
+    _resetPaidFetchCache();
+    const result = await setupPaidFetch();
+    // May be null (import fails) or a function (if libs are available in dev)
+    assert.ok(result === null || typeof result === "function");
+  });
+});
+
+describe("paidApiRequest", () => {
+  it("falls back to bare apiRequest when no allowance", async () => {
+    // No allowance file → paidApiRequest should just call apiRequest
+    globalThis.fetch = (async () =>
+      new Response(JSON.stringify({ ok: true }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      })) as typeof fetch;
+
+    const { paidApiRequest, _resetPaidFetchCache } = await import(`./paid-fetch.js?t=${Date.now()}`);
+    _resetPaidFetchCache();
+    const result = await paidApiRequest("/test");
+    assert.equal(result.ok, true);
+    assert.equal(result.status, 200);
+  });
+
+  it("returns is402 when no paid fetch and server returns 402", async () => {
+    // No allowance → no paid fetch → 402 passes through
+    globalThis.fetch = (async () =>
+      new Response(
+        JSON.stringify({ x402: { price: "$0.10" } }),
+        { status: 402, headers: { "Content-Type": "application/json" } },
+      )) as typeof fetch;
+
+    const { paidApiRequest, _resetPaidFetchCache } = await import(`./paid-fetch.js?t=${Date.now()}`);
+    _resetPaidFetchCache();
+    const result = await paidApiRequest("/test");
+    assert.equal(result.ok, false);
+    assert.equal(result.is402, true);
+    assert.equal(result.status, 402);
+  });
+
+  it("caches setupPaidFetch result across calls", async () => {
+    globalThis.fetch = (async () =>
+      new Response(JSON.stringify({ ok: true }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      })) as typeof fetch;
+
+    const mod = await import(`./paid-fetch.js?t=${Date.now()}`);
+    mod._resetPaidFetchCache();
+
+    // First call initializes cache
+    await mod.paidApiRequest("/test1");
+    // Second call should reuse cache (no re-initialization)
+    await mod.paidApiRequest("/test2");
+
+    // If we got here without error, caching works
+    assert.ok(true);
+  });
+
+  it("restores globalThis.fetch after call", async () => {
+    const myFetch = (async () =>
+      new Response(JSON.stringify({ ok: true }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      })) as typeof fetch;
+    globalThis.fetch = myFetch;
+
+    const { paidApiRequest, _resetPaidFetchCache } = await import(`./paid-fetch.js?t=${Date.now()}`);
+    _resetPaidFetchCache();
+    await paidApiRequest("/test");
+
+    // globalThis.fetch should be restored to our myFetch
+    assert.equal(globalThis.fetch, myFetch);
+  });
+});

src/paid-fetch.ts

@@ -0,0 +1,92 @@
+/**
+ * Paid fetch for MCP server — reads the local allowance, branches on rail
+ * (x402 vs mpp), returns a wrapped fetch that intercepts 402 responses,
+ * signs payment, and retries automatically.
+ *
+ * Returns null when no allowance is configured or payment libraries are
+ * unavailable (graceful degradation).
+ */
+
+import { readAllowance } from "./allowance.js";
+import { apiRequest } from "./client.js";
+import type { ApiResponse, ApiRequestOptions } from "./client.js";
+
+type FetchFn = typeof globalThis.fetch;
+
+/**
+ * Create a payment-wrapping fetch function from the local allowance.
+ * Returns null if no allowance exists or payment libraries fail to load.
+ */
+export async function setupPaidFetch(): Promise<FetchFn | null> {
+  const allowance = readAllowance();
+  if (!allowance) return null;
+
+  try {
+    if (allowance.rail === "mpp") {
+      // mppx is an optional peer — use variable to skip TS module resolution
+      const mppxMod = "mppx/client";
+      const { Mppx, tempo }: any = await import(/* webpackIgnore: true */ mppxMod);
+      const { privateKeyToAccount } = await import("viem/accounts");
+      const account = privateKeyToAccount(allowance.privateKey as `0x${string}`);
+      const mppx = Mppx.create({
+        polyfill: false,
+        methods: [tempo({ account })],
+      });
+      return mppx.fetch as FetchFn;
+    }
+
+    // Default: x402
+    const { privateKeyToAccount } = await import("viem/accounts");
+    const { createPublicClient, http } = await import("viem");
+    const { base, baseSepolia } = await import("viem/chains");
+    const { x402Client, wrapFetchWithPayment } = await import("@x402/fetch");
+    const { ExactEvmScheme } = await import("@x402/evm/exact/client");
+    const { toClientEvmSigner } = await import("@x402/evm");
+
+    const account = privateKeyToAccount(allowance.privateKey as `0x${string}`);
+    const mainnetClient = createPublicClient({ chain: base, transport: http() });
+    const sepoliaClient = createPublicClient({ chain: baseSepolia, transport: http() });
+
+    const client = new x402Client();
+    client.register("eip155:8453", new ExactEvmScheme(toClientEvmSigner(account, mainnetClient)));
+    client.register("eip155:84532", new ExactEvmScheme(toClientEvmSigner(account, sepoliaClient)));
+
+    return wrapFetchWithPayment(fetch, client) as FetchFn;
+  } catch {
+    // Payment libraries not available — degrade gracefully
+    return null;
+  }
+}
+
+/** Cached paid fetch — initialized lazily on first call */
+let cachedPaidFetch: FetchFn | null | undefined;
+
+/**
+ * Like apiRequest, but uses the paid fetch wrapper when available.
+ * Falls back to bare apiRequest when no allowance is configured.
+ */
+export async function paidApiRequest(
+  path: string,
+  opts: ApiRequestOptions = {},
+): Promise<ApiResponse> {
+  if (cachedPaidFetch === undefined) {
+    cachedPaidFetch = await setupPaidFetch();
+  }
+
+  if (!cachedPaidFetch) {
+    return apiRequest(path, opts);
+  }
+
+  const originalFetch = globalThis.fetch;
+  globalThis.fetch = cachedPaidFetch;
+  try {
+    return await apiRequest(path, opts);
+  } finally {
+    globalThis.fetch = originalFetch;
+  }
+}
+
+/** Reset cached state — exposed for testing only */
+export function _resetPaidFetchCache(): void {
+  cachedPaidFetch = undefined;
+}

src/tools/bundle-deploy.ts

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { apiRequest } from "../client.js";
+import { paidApiRequest } from "../paid-fetch.js";
 import { formatApiError, projectNotFound } from "../errors.js";
 import { requireAllowanceAuth } from "../allowance-auth.js";
 import { getProject } from "../keystore.js";
@@ -74,7 +74,7 @@ export async function handleBundleDeploy(args: {
   const auth = requireAllowanceAuth("/deploy/v1");
   if ("error" in auth) return auth.error;
 
-  const res = await apiRequest("/deploy/v1", {
+  const res = await paidApiRequest("/deploy/v1", {
     method: "POST",
     headers: { ...auth.headers },
     body: {
@@ -88,6 +88,33 @@ export async function handleBundleDeploy(args: {
     },
   });
 
+  if (res.is402) {
+    const body = res.body as Record<string, unknown>;
+    const lines = [
+      `## Payment Required`,
+      ``,
+      `To deploy this bundle, an x402 payment is needed.`,
+      ``,
+    ];
+    if (body.x402) {
+      lines.push(`**Payment details:**`);
+      lines.push("```json");
+      lines.push(JSON.stringify(body.x402, null, 2));
+      lines.push("```");
+    } else {
+      lines.push(`**Server response:**`);
+      lines.push("```json");
+      lines.push(JSON.stringify(body, null, 2));
+      lines.push("```");
+    }
+    lines.push(``);
+    lines.push(
+      `The user's agent allowance or payment agent must send the required amount. ` +
+      `Once payment is confirmed, retry this tool call.`,
+    );
+    return { content: [{ type: "text", text: lines.join("\n") }] };
+  }
+
   if (!res.ok) return formatApiError(res, "deploying bundle");
 
   const body = res.body as {

src/tools/deploy-function.ts

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { apiRequest } from "../client.js";
+import { paidApiRequest } from "../paid-fetch.js";
 import { getProject } from "../keystore.js";
 import { formatApiError, projectNotFound } from "../errors.js";
 
@@ -34,7 +34,7 @@ export async function handleDeployFunction(args: {
   const project = getProject(args.project_id);
   if (!project) return projectNotFound(args.project_id);
 
-  const res = await apiRequest(`/projects/v1/admin/${args.project_id}/functions`, {
+  const res = await paidApiRequest(`/projects/v1/admin/${args.project_id}/functions`, {
     method: "POST",
     headers: {
       Authorization: `Bearer ${project.service_key}`,

src/tools/generate-image.ts

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { apiRequest } from "../client.js";
+import { paidApiRequest } from "../paid-fetch.js";
 import { formatApiError } from "../errors.js";
 
 export const generateImageSchema = {
@@ -21,7 +21,7 @@ export async function handleGenerateImage(args: {
 }> {
   const aspect = args.aspect || "square";
 
-  const res = await apiRequest("/generate-image/v1", {
+  const res = await paidApiRequest("/generate-image/v1", {
     method: "POST",
     body: { prompt: args.prompt, aspect },
   });

src/tools/invoke-function.ts

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { apiRequest } from "../client.js";
+import { paidApiRequest } from "../paid-fetch.js";
 import { getProject } from "../keystore.js";
 import { formatApiError, projectNotFound } from "../errors.js";
 
@@ -38,7 +38,7 @@ export async function handleInvokeFunction(args: {
 
   const startTime = Date.now();
 
-  const res = await apiRequest(`/functions/v1/${args.name}`, {
+  const res = await paidApiRequest(`/functions/v1/${args.name}`, {
     method,
     headers: requestHeaders,
     body: method !== "GET" && method !== "HEAD" ? args.body : undefined,

src/tools/provision.ts

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { apiRequest } from "../client.js";
+import { paidApiRequest } from "../paid-fetch.js";
 import { saveProject, setActiveProjectId } from "../keystore.js";
 import { formatApiError } from "../errors.js";
 import { requireAllowanceAuth } from "../allowance-auth.js";
@@ -25,12 +25,39 @@ export async function handleProvision(args: {
   const tier = args.tier || "prototype";
   const name = args.name;
 
-  const res = await apiRequest("/projects/v1", {
+  const res = await paidApiRequest("/projects/v1", {
     method: "POST",
     headers: { ...auth.headers },
     body: { tier, name },
   });
 
+  if (res.is402) {
+    const body = res.body as Record<string, unknown>;
+    const lines = [
+      `## Payment Required`,
+      ``,
+      `To provision a **${tier}** project, an x402 payment is needed.`,
+      ``,
+    ];
+    if (body.x402) {
+      lines.push(`**Payment details:**`);
+      lines.push("```json");
+      lines.push(JSON.stringify(body.x402, null, 2));
+      lines.push("```");
+    } else {
+      lines.push(`**Server response:**`);
+      lines.push("```json");
+      lines.push(JSON.stringify(body, null, 2));
+      lines.push("```");
+    }
+    lines.push(``);
+    lines.push(
+      `The user's agent allowance or payment agent must send the required amount. ` +
+      `Once payment is confirmed, retry this tool call.`,
+    );
+    return { content: [{ type: "text", text: lines.join("\n") }] };
+  }
+
   if (!res.ok) return formatApiError(res, "provisioning project");
 
   const body = res.body as {

src/tools/set-tier.ts

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { apiRequest } from "../client.js";
+import { paidApiRequest } from "../paid-fetch.js";
 import { formatApiError } from "../errors.js";
 
 export const setTierSchema = {
@@ -11,7 +11,7 @@ export const setTierSchema = {
 export async function handleSetTier(args: {
   tier: string;
 }): Promise<{ content: Array<{ type: "text"; text: string }>; isError?: boolean }> {
-  const res = await apiRequest(`/tiers/v1/${args.tier}`, {
+  const res = await paidApiRequest(`/tiers/v1/${args.tier}`, {
     method: "POST",
     body: {},
   });