Package Exports
- @gatefare/mcp
- @gatefare/mcp/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@gatefare/mcp) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@gatefare/mcp
Give your AI agent a wallet and a marketplace.
@gatefare/mcpis a Model Context Protocol server that connects Claude Desktop, Cursor, or any MCP-compatible agent to the Gatefare catalog of paid HTTP APIs. Payments settle as USDC on Base via the open x402 standard — no SaaS keys, no subscriptions, no escrow. Non-custodial: signing happens locally; the private key never leaves your machine.

┌─────────────┐ ┌──────────────┐ ┌─────────────────┐
│ Claude / │ MCP stdio │ @gatefare/mcp│ HTTP + x402 │ gatefare.io │
│ Cursor / │ ─────────────► │ (this repo)│ ─────────────► │ proxy + │
│ your agent │ │ │ │ catalog │
└─────────────┘ └──────┬───────┘ └─────────────────┘
│
│ EIP-3009 sign
▼
┌─────────────┐
│ Base USDC │
└─────────────┘Quick start
1. Drop into your client
Claude Desktop — ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"gatefare": {
"command": "npx",
"args": ["-y", "@gatefare/mcp"]
}
}
}Cursor — ~/.cursor/mcp.json or project-level .cursor/mcp.json:
{
"mcpServers": {
"gatefare": {
"command": "npx",
"args": ["-y", "@gatefare/mcp"]
}
}
}Restart the client. The agent now has 5 read-only tools — discovery + safety. Try:
"Search Gatefare for weather APIs."
2. Add a wallet to make paid calls
Add env to the same config:
{
"mcpServers": {
"gatefare": {
"command": "npx",
"args": ["-y", "@gatefare/mcp"],
"env": {
"WALLET_PRIVATE_KEY": "0xYOUR_KEY",
"WALLET_BUDGET_USD": "5.00"
}
}
}
}Buyer tools (call_api, get_wallet_balance, estimate_cost) become available. The
WALLET_BUDGET_USD cap is a runtime safety net — for a hard cap, fund the wallet with
only what you're willing to spend.
"What's London's weather right now? Spend up to $0.001."
3. (Optional) Publish your own APIs
Get a PAT at gatefare.io/dashboard/tokens and add:
"env": {
"GATEFARE_PAT": "gfpat_..."
}Publisher tools (register_api, list_my_apis, update_api, get_revenue,
distribute) appear.
"Publish my API at https://api.example.com/sentiment for $0.001 per call."
Tools
13 tools across 4 domains. Tools auto-register based on which env vars are set — the agent never sees a tool it can't use.
Discovery — always available
| Tool | Description |
|---|---|
gatefare.search_apis |
Full-text search the catalog with filters (price, category, sort) |
gatefare.get_api |
Full details for one API by slug or handle/urlName |
gatefare.list_categories |
All categories with API counts |
gatefare.suggest |
Autocomplete suggestions for a query string |
Buyer — needs WALLET_PRIVATE_KEY
| Tool | Description |
|---|---|
gatefare.call_api |
Make a paid call. Handles 402 → sign → retry automatically |
gatefare.get_wallet_balance |
USDC + ETH on Base, plus remaining runtime budget |
gatefare.estimate_cost |
Project total cost for N planned calls |
Publisher — needs GATEFARE_PAT
| Tool | Description |
|---|---|
gatefare.register_api |
Publish a new paid API |
gatefare.list_my_apis |
Your published APIs with stats |
gatefare.update_api |
Edit metadata, price, target URL |
gatefare.get_revenue |
Revenue time series + totals |
gatefare.distribute |
Trigger on-chain distribute() payout (destructive) |
Safety — always available
| Tool | Description |
|---|---|
gatefare.report_abuse |
Report a malicious / stolen API (DMCA, fraud, malware…) |
Configuration
| Var | Default | Required for |
|---|---|---|
GATEFARE_BASE_URL |
https://gatefare.io |
— (override for self-hosted) |
WALLET_PRIVATE_KEY |
— | Any buyer tool |
WALLET_BUDGET_USD |
unlimited | Optional spend cap |
WALLET_NETWORK |
eip155:8453 |
eip155:84532 for Sepolia testnet |
GATEFARE_PAT |
— | Any publisher tool |
LOG_LEVEL |
info |
debug for verbose stderr |
Examples
Discover & buy in one breath (Claude Desktop)
You: Find me a sub-$0.001 weather API and call it for "Tokyo".
Claude: Calling
gatefare.search_apiswithmax_price: 0.001…
Founddemo-weatherby @alice at $0.001/call.
Callinggatefare.call_apiwithslug: "demo-weather",query: {city: "Tokyo"}…
Tokyo is 22°C, partly cloudy. Paid 0.001 USDC. Receipt:settled-tx-0x9a…
Programmatic — Python agent
from mcp import ClientSession, StdioServerParameters
from mcp.client.stdio import stdio_client
server = StdioServerParameters(
command="npx",
args=["-y", "@gatefare/mcp"],
env={"WALLET_PRIVATE_KEY": "0x...", "WALLET_BUDGET_USD": "1.00"},
)
async with stdio_client(server) as (r, w):
async with ClientSession(r, w) as s:
await s.initialize()
result = await s.call_tool(
"gatefare.call_api",
arguments={"slug": "demo-weather", "query": {"city": "Tokyo"}},
)
print(result.content[0].text)See examples/ for runnable variants: Claude Desktop, Cursor, Python,
TypeScript, and a pure-discovery walkthrough.
Not building an AI agent? Picking the right tool
If you want to pay for x402 APIs from a backend (no agent), use Coinbase's
official x402 SDKs — x402-python (PyPI), coinbase/x402/go, …/java, or
@x402/fetch. They handle the
payment flow; you don't need this MCP server.
If you want to browse the Gatefare catalog from any language, hit the
REST API directly: gatefare.io/api/catalog
(OpenAPI 3.1 spec).
Full breakdown of which tool fits which use case in
docs/integrations.md.
Direct CLI (for debugging)
# Run the server in foreground; talks JSON-RPC over stdio.
npx -y @gatefare/mcp
# In another terminal, send a frame:
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | \
npx -y @gatefare/mcpErrors
Tool results include isError: true and a structured body
{ error: <code>, message: <human>, details?: <any> }. Codes are stable —
agents can switch on them for retry / surfacing logic.
| Code | Meaning |
|---|---|
INVALID_INPUT |
Input failed zod validation |
WALLET_NOT_CONFIGURED |
Set WALLET_PRIVATE_KEY for buyer tools |
PAT_NOT_CONFIGURED |
Set GATEFARE_PAT for publisher tools |
BUDGET_EXHAUSTED |
Runtime budget cap hit |
INSUFFICIENT_BALANCE |
Wallet doesn't have enough USDC |
PRICE_TOO_HIGH |
Server's price exceeds your max_price |
API_NOT_FOUND |
Slug doesn't exist or is suspended |
UPSTREAM_ERROR |
Paid API returned non-2xx, or its 402 was malformed |
RATE_LIMITED |
Gatefare rate-limited the request |
NETWORK_ERROR |
Could not reach Gatefare |
GATEFARE_API_ERROR |
Gatefare returned a 4xx / 5xx |
How it works (the 30-second version)
- The agent calls
gatefare.call_api { slug: "demo-weather", … }. - We
GET https://gatefare.io/p/demo-weather(no payment yet). - The Gatefare proxy returns 402 Payment Required with
accepts: [{network, payTo, maxAmountRequired, …}]. - We sign an EIP-3009
transferWithAuthorizationfor that exact amount and recipient on the configured network. - We retry the request with the signed
X-Paymentheader (base64-encoded JSON, x402 v2). - Gatefare verifies the signature, settles the USDC transfer, and proxies the call to the upstream API.
- We hand the upstream response (and a payment receipt) back to the agent.
The signature is single-use, time-bounded, and never leaves your machine for any
purpose other than this exact transfer to this exact payTo. The private key
is never logged.
Security
- Non-custodial. Private keys live in your env, signing happens locally, no Gatefare service ever sees them.
- Network confusion-resistant. A malicious gateway returning Sepolia-only requirements to a mainnet user is rejected — we never sign for a chain the user didn't configure.
- Cryptographically random nonces. No
Date.now()-based collisions. - Validity window clamped to 1 hour even if the server requests more.
- Strict input validation. Slugs are
^[a-z0-9_-]+$and URL-encoded; no path traversal.targetUrlblocksfile://,localhost, cloud metadata IPs,.local, and.internalhosts at registration time. - Secret hygiene. Tests assert that the private key and PAT never appear in stderr / stdout, ever.
Development
git clone https://github.com/gatefareio/mcp-server.git
cd mcp-server
npm install
npm run typecheck
npm test # 138 unit tests
npm run test:e2e # 10 e2e tests against live gatefare.io (set GATEFARE_E2E=1)
npm run buildTo use a local checkout in your client config:
npm link
# in claude_desktop_config.json:
# "command": "gatefare-mcp"Architecture
src/
├── index.ts # entry — wires stdio transport
├── server.ts # McpServer instance + tool registration
├── config.ts # env parsing, capability detection
├── client.ts # REST client (wraps fetch)
├── x402.ts # 402 parsing + EIP-3009 signing
├── types.ts # shared types + GatefareError
└── tools/
├── discovery.ts # search_apis, get_api, list_categories, suggest
├── buyer.ts # call_api, get_wallet_balance, estimate_cost
├── publisher.ts # register_api, list_my_apis, update_api, get_revenue, distribute
└── safety.ts # report_abuseTest layout
tests/
├── config.test.ts # env parsing edges
├── client.test.ts # HTTP client error mapping
├── x402.test.ts # signing + parsing primitives
├── x402-flow.test.ts # full 402 → sign → retry handshake (mocked fetch)
├── server.test.ts # capability-driven tool registration
├── init.test.ts # subprocess: bootstrap, env crashes, secret leakage
├── stdio-protocol.test.ts # stdout pollution + recovery from tool errors
├── stability.test.ts # 100 concurrent calls, memory baseline, ReDoS
├── tools/
│ ├── discovery.test.ts
│ ├── buyer.test.ts
│ ├── buyer-flow.test.ts
│ ├── publisher.test.ts
│ └── safety.test.ts
└── integration/
└── e2e.test.ts # real gatefare.io, gated by GATEFARE_E2E=1Contributing
Issues and PRs welcome. See CONTRIBUTING.md for the workflow, style guide, and how to add a new tool.
License
MIT © Gatefare
Links
- 🌐 Marketplace: gatefare.io
- 📚 API docs: gatefare.io/docs
- 🤖 LLM context (single file): gatefare.io/llms-full.txt
- 📐 OpenAPI spec: gatefare.io/openapi.json
- 🐦 Twitter: @Gatefareio
- 🔌 Model Context Protocol: modelcontextprotocol.io
- 💸 x402 standard: x402.org