Universal Crypto MCP

INTEGRATIONS_AUTOMATION_AUDIT.md•29 KiB

# Integrations, Agents & Automation Audit **Audit Date:** January 30, 2026 **Auditor:** Integrations, Agents & Automation Specialist **Repository:** nirholas/universal-crypto-mcp **Scope:** packages/integrations, packages/agents, packages/automation, packages/novel, packages/generators, vendor/, xeepy/ --- ## Section 1: Executive Summary ### Overview of Integration Capabilities The Universal Crypto MCP repository demonstrates an **extensive integration architecture** encompassing 60+ third-party services, AI agents, automation workflows, and novel experimental features. The integrations span multiple categories: - **Exchange APIs:** 12 cryptocurrency exchanges (Binance, Coinbase, Kraken, OKX, Bybit, KuCoin, Gemini, Bitfinex, HTX, Gate.io, MEXC, Bitget) - **Data Providers:** 5 analytics providers (CoinGecko, DeFiLlama, CryptoCompare, Messari, Glassnode) - **External MCP Servers:** 28+ community MCP server integrations for various blockchains - **Agent Types:** 3 distinct agent frameworks (Agenti, UCAI, DeFi Agents) - **Automation Tools:** Social media bots, dust sweeping, volume generation ### Key Findings and Concerns | Category | Status | Concern Level | |----------|--------|---------------| | Integration Coverage | ⚠️ Moderate | Many integrations are scaffolded but lack full implementation | | Agent Safety | 🔴 High | Missing guardrails and human-in-the-loop mechanisms | | Rate Limiting | 🔴 High | Minimal rate limiting implementation across integrations | | Error Handling | ⚠️ Moderate | Inconsistent error handling patterns | | Secret Management | ⚠️ Moderate | Environment variables used but no vault integration | | Retry Logic | 🔴 High | Almost no retry logic found in API clients | | Testing | 🔴 High | Limited integration test coverage | ### Integration Maturity Assessment **Overall Maturity: Level 2/5 (Initial/Developing)** The repository shows strong vision and architecture planning but lacks production-ready implementation in many areas. Most integrations follow consistent patterns but require significant hardening before deployment. --- ## Section 2: Integrations Package Analysis ### Supported Third-Party Services The `/packages/integrations/` directory is organized into three main categories: #### 1. API MCP Servers (`api-mcp-servers/`) - **CoinGecko MCP Server:** Fully implemented with 7 tools (get_coin_price, get_coin_market_data, get_trending_coins, search_coins, get_global_market_data, get_coin_history, get_exchanges) #### 2. External APIs (`external-apis/`) | Provider | Type | Implementation Status | |----------|------|----------------------| | Gemini | Exchange | ✅ Full | | Bitfinex | Exchange | ✅ Full | | HTX | Exchange | ✅ Full | | Gate.io | Exchange | ✅ Full | | MEXC | Exchange | ✅ Full | | Bitget | Exchange | ✅ Full with HMAC signing | | CryptoCompare | Data | ✅ Full with rate limit support | | Messari | Data | ✅ Full | | Glassnode | Data | ✅ Full | #### 3. External MCP Servers (`external-mcp/`) 28 integrated MCP servers covering: - **Block Explorers:** Etherscan, Polygonscan, BSCscan, Arbitrum, Optimism, Base - **DEX Tools:** DeFiLlama MCP, DEX Aggregator MCP - **Analytics:** Dune Analytics, Nansen, Arkham Intelligence - **Multi-Chain:** Solana Agent Kit, Cosmos Hub, NEAR, Aptos, Sui, Polkadot, Cardano ### Integration Patterns Used The codebase employs several integration patterns: 1. **Adapter Pattern** - Base adapter class with standardized interface: ```typescript // packages/integrations/README.md shows adapter pattern export class ProjectAdapter extends MCPServerAdapter { protected getUpstreamTools() { ... } protected async executeUpstreamTool(name: string, args: any) { ... } } ``` 2. **Direct API Clients** - HTTP clients for exchange APIs with HMAC signature authentication 3. **Git Subtree Integration** - Vendoring external repositories with preserved history ### Authentication Handling Authentication is handled per-integration with varying approaches: | Integration | Auth Method | Storage | |------------|-------------|---------| | CoinGecko | API Key Header | Environment variable (`COINGECKO_API_KEY`) | | Bitget | HMAC-SHA256 | Credentials object (apiKey, apiSecret, passphrase) | | Dune Analytics | API Key | Environment variable + constructor param | | Etherscan | API Key | Constructor parameter | **⚠️ CONCERN:** No centralized credential management or vault integration found. ### Rate Limiting Strategies **Critical Finding:** Rate limiting is **largely absent** from the codebase. - Only CryptoCompare integration has a `getRateLimits()` function - No token bucket or sliding window implementations found - README mentions rate limiting as a planned feature but not implemented ### Error Handling Consistency Error handling patterns vary significantly: - **CoinGecko MCP:** Uses try/catch with axios, returns structured error responses - **Bitget API:** No error handling in HTTP request functions - **External MCP servers:** Basic try/catch with console.error logging ### Retry Logic Patterns **Critical Finding:** **No retry logic** found in any integration. No evidence of: - Exponential backoff - Circuit breakers - Retry policies for transient failures ### Webhook Handling No webhook handling mechanisms found in the integrations package. ### Data Transformation/Normalization Some type definitions exist for normalization: - Shared types exported from `external-apis/index.ts` - Standardized interfaces (Ticker, Orderbook, Balance, Order) across exchanges ### Integration Testing Approach **Finding:** Test coverage appears limited. - `/packages/generators/discovery/src/__tests__/` exists - No test files found in `packages/integrations/` --- ## Section 3: Agents Package Deep Dive ### Agent Architecture Overview The agents package contains four sub-packages with a layered architecture: ``` packages/agents/ ├── agenti/ # Core agent framework (base abstraction) ├── ucai/ # Universal Crypto AI (multi-chain specialist) ├── defi-agents/ # DeFi-specialized agents └── library/ # 505+ agent definitions (empty in scan) ``` ### Agent Types Implemented #### 1. Agenti (Base Agent Framework) Located at `packages/agents/agenti/src/agent.ts`: ```typescript export class Agent { private config: AgentConfig; constructor(config: AgentConfig) { ... } getName(): string { ... } getDescription(): string { ... } getCoreVersion(): string { ... } } ``` **Assessment:** Minimal implementation - serves as a base class but lacks action execution, decision-making, or tool calling. #### 2. UCAI (Universal Crypto AI) Located at `packages/agents/ucai/src/ucai.ts`: ```typescript export class UCAIAgent { private config: UCAIConfig; getChains(): string[] { ... } getCapabilities(): string[] { ... } } ``` **Assessment:** Configuration container only - no execution logic implemented. #### 3. DeFi Agents Located at `packages/agents/defi-agents/src/index.ts`: Provides factory functions: - `createYieldAgent(name, chains)` - Yield optimization capabilities - `createTradingAgent(name, chains)` - Swap/bridge capabilities - `createPortfolioAgent(name, chains)` - Portfolio management capabilities **Assessment:** Type-safe configuration but no actual trading/yield logic implemented. ### Decision-Making Logic **Critical Finding:** No decision-making logic implemented in any agent class. The agents are currently "configuration holders" without: - Action selection algorithms - Strategy evaluation - Market condition analysis - Risk assessment logic ### State Management State management is minimal: - Agents store configuration in private `config` fields - No persistent state storage - No state machine implementations - No event sourcing patterns ### Memory/Context Handling No memory or context handling found: - No conversation history - No long-term memory systems - No vector storage integration - No context window management ### Tool/Function Calling Patterns From `packages/agents/agenti/README.md`: ```typescript agent.addTools(defineTools({ greet: { description: 'Greet a user', parameters: { name: { type: 'string', required: true } }, handler: async ({ name }) => `Hello, ${name}!`, }, })); ``` **Assessment:** Tool definition API exists but no tools are actually registered in the source code. ### LLM Integration No direct LLM integration found in the agents package. The README mentions AI capabilities but no actual OpenAI/Anthropic/Ollama integration code exists in the agents source. ### Agent Communication Patterns No inter-agent communication patterns implemented: - No pub/sub messaging - No shared event bus - No agent orchestration ### Autonomy Levels and Guardrails **🔴 CRITICAL CONCERN:** No guardrails implemented. Missing safeguards: - No maximum transaction size limits - No spending caps - No portfolio allocation constraints - No approval workflows for large transactions - No kill switches ### Human-in-the-Loop Mechanisms **🔴 CRITICAL CONCERN:** No human-in-the-loop mechanisms found. The codebase lacks: - Approval queues for significant actions - Confirmation prompts before execution - Manual override capabilities - Audit logging for human review --- ## Section 4: Automation Package Review ### Package Structure ``` packages/automation/ ├── mcp-monitor/ # Empty - monitoring tools ├── social/ # Twitter/X automation (XActions) ├── social-python/ # Python-based social tools ├── sweep/ # Dust sweeper (multi-chain) ├── volume/ # Boosty volume generation platform ``` ### Workflow Definitions #### Sweep Workflow The dust sweeper in `packages/automation/sweep/` provides: - Multi-chain dust scanning (8 chains) - ERC-4337 gasless transactions - DeFi yield routing (Aave, Yearn, Beefy, Lido, Jito) - Cross-chain consolidation Source structure: ``` sweep/src/ ├── api/ # API endpoints ├── config/ # Configuration ├── db/ # Database schemas ├── queue/ # Job queuing ├── services/ # Core services ├── workers.ts # Background workers ``` #### Volume Generation Workflow The Boosty platform in `packages/automation/volume/` is a comprehensive DeFi automation system: ``` volume/packages/ ├── combined/ # Unified interface ├── core-blockchain/ # Chain interactions ├── mcp-server/ # MCP protocol server ├── orchestrator/ # Workflow coordination ├── trading-engine/ # Trade execution ├── wallet-manager/ # HD wallet management └── 7 more packages... ``` ### Trigger Mechanisms Found trigger patterns: - **Scheduled jobs:** Volume campaigns with time-based triggers - **Event-driven:** WebSocket subscriptions for price alerts - **Manual:** CLI commands and API endpoints ### Scheduling Capabilities From the volume package, scheduling includes: - Campaign scheduling with start/end times - Transaction spacing (gaussian distribution for "organic" patterns) - Daily volume targets with time distribution ### Conditional Logic Handling Limited conditional logic found: - Basic if/else for trade decisions - Campaign state machine (idle, running, paused, stopped, error) ### Action Execution Patterns Execution follows a pipeline: 1. Intent parsing (natural language) 2. Parameter validation 3. Transaction building 4. Simulation (optional) 5. Execution with confirmation ### Error Recovery in Workflows Database schema shows retry support: ```sql status VARCHAR(20) CHECK (status IN ('pending', 'processing', 'completed', 'failed', 'retry')) retry_count INTEGER DEFAULT 0 ``` However, actual retry logic implementation is minimal. ### Workflow Persistence PostgreSQL-based persistence: - Campaign state tracking - Transaction history - Wallet management data ### Monitoring and Observability Limited monitoring: - Console.error for logging - Database status fields - No Prometheus/Grafana integration in automation package ### Scalability Considerations Architecture supports scaling: - Worker-based job processing - Redis for job queuing - Database for state persistence - But no horizontal scaling documentation --- ## Section 5: MCP Server Integration Analysis ### MCP Protocol Compliance The project follows the Model Context Protocol specification: From `server.json`: ```json { "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json", "name": "io.github.nirholas/universal-crypto-mcp", "version": "0.1.0" } ``` ### Tool Definitions and Schemas CoinGecko MCP server example of proper tool definition: ```typescript { name: 'get_coin_price', description: 'Get current price of cryptocurrency in multiple currencies', inputSchema: { type: 'object', properties: { coin_id: { type: 'string', description: 'CoinGecko coin ID' }, vs_currencies: { type: 'string', default: 'usd' } }, required: ['coin_id'] } } ``` ### Resource Handling Resources are properly defined in the agenti framework: ```typescript agent.addResources({ 'config://settings': { name: 'Agent Settings', mimeType: 'application/json', read: async () => JSON.stringify({ mode: 'production' }) } }); ``` ### Prompt Templates Prompt templates supported: ```typescript agent.addPrompts({ 'analyze-code': { name: 'Code Analysis', arguments: [{ name: 'code', required: true }], template: ({ code }) => `Analyze this code: ${code}` } }); ``` ### Server Configuration Server configuration properly documented: - Environment variables for secrets - Transport type: stdio (primary) - Package registry: npm with @nirholas scope ### Transport Mechanisms Supported transports: - **stdio** - Standard input/output (primary) - **HTTP** - For web-based integrations - **WebSocket** - For real-time streaming (in xeepy) ### Error Responses Standard MCP error response pattern: ```typescript } catch (error) { const errorMessage = error instanceof Error ? error.message : 'Unknown error'; return { content: [{ type: 'text', text: JSON.stringify({ error: errorMessage }) }], isError: true }; } ``` ### Capability Negotiation Capabilities declared in server setup: ```typescript this.server = new Server({ name: 'server-name', version: '1.0.0' }, { capabilities: { tools: {} } }); ``` --- ## Section 6: Generators Package Review ### Generator Types Available ``` packages/generators/ ├── abi-to-mcp/ # Smart contract ABI → MCP tools ├── discovery/ # MCP server discovery & analysis ├── doc-extractor/ # Documentation extraction ├── intel/ # Intelligence gathering ├── playground/ # Interactive testing ├── registry/ # Tool registry (Lyra) ├── repo-to-mcp/ # GitHub repo → MCP server └── web3-playground/ # Web3 development sandbox ``` ### Template Systems Used The repo-to-mcp generator uses: - Template-based code generation - Configuration-driven output - Multiple output formats (TypeScript, Python) ### Discovery Package Details The discovery system (`packages/generators/discovery/`) provides: ```typescript export class ToolDiscovery { private github: GitHubSource; private npm: NpmSource; private ai: AIAnalyzer; async discover(options: DiscoveryOptions): Promise<DiscoveryResult[]> { ... } async analyzeGitHubRepo(owner: string, repo: string): Promise<DiscoveryResult> { ... } } ``` Features: - GitHub API integration for MCP server discovery - NPM registry scanning - AI-powered analysis of repository suitability - Crypto/DeFi keyword filtering ### Output Validation Limited validation found: - TypeScript type checking - JSON schema validation for outputs - No runtime validation of generated code ### Configuration Options Discovery options: ```typescript interface DiscoveryOptions { sources?: DiscoverySource[]; limit?: number; dryRun?: boolean; outputDir?: string; maxAgeMonths?: number; } ``` ### Extensibility Patterns Generators follow plugin architecture: - Source adapters (GitHub, NPM) - AI analyzers for decision making - Template customization ### Generated Code Quality Generated code follows consistent patterns but: - No automatic linting of output - No test generation - No documentation generation --- ## Section 7: Novel Features Assessment ### Experimental Features Inventory | Feature | Location | Status | Description | |---------|----------|--------|-------------| | Temporal Oracles | `novel/temporal-oracles/` | 📝 Scaffolded | Time-locked data revelation | | Reputation Graphs | `novel/reputation-graphs/` | 🔨 Partial | Multi-dimensional reputation scoring | | Intent Solver | `novel/intent-solver/` | 🔨 Partial | Constraint-based transaction routing | | Privacy Pools | `novel/privacy-pools/` | 🔨 Partial | Compliant privacy with ZK proofs | | Quantum Resistant | `novel/quantum-resistant/` | 📝 Scaffolded | Post-quantum cryptography | | Memecoin Trader | `novel/memecoin-trader/` | ✅ Implemented | Solana memecoin trading bot | ### Stability Assessment | Feature | Stability | Notes | |---------|-----------|-------| | Intent Solver | Alpha | Core types defined, routing not implemented | | Privacy Pools | Alpha | Data structures defined, ZK proofs mocked | | Reputation Graphs | Alpha | Basic graph operations, no persistence | | Quantum Resistant | Proof of Concept | No real PQ algorithms | | Memecoin Trader | Beta | Most complete, has risk management | ### Feature Flags Usage **Finding:** No feature flag system implemented. No evidence of: - LaunchDarkly integration - Environment-based feature toggles - Gradual rollout mechanisms ### Migration Paths No migration tooling or versioning strategy for novel features. ### Documentation Quality README files exist for each novel feature with: - Concept explanations - Code examples - Architecture descriptions However, missing: - API documentation - Security considerations - Performance benchmarks ### Risk Assessment | Feature | Risk Level | Reason | |---------|------------|--------| | Memecoin Trader | 🔴 High | Real money trading with limited guardrails | | Privacy Pools | ⚠️ Medium | Regulatory implications, mocked cryptography | | Intent Solver | ⚠️ Medium | Could route transactions incorrectly | | Quantum Resistant | 🟢 Low | Not used in production | --- ## Section 8: Vendor Dependencies Audit ### Vendored Package Inventory ``` vendor/ ├── INTEGRATION-GUIDE.md # Integration documentation ├── README.md # Overview └── ethers-integration/ # ethers.js v6 ├── ATTRIBUTION.md ├── LICENSE (MIT) └── README.md ``` ### Version Tracking Current vendored packages: | Package | Version | Source | Last Updated | |---------|---------|--------|--------------| | ethers.js | v6.x | npm dependency | Referenced | **Note:** ethers.js is actually an npm dependency, not vendored source code. The vendor directory contains documentation only. ### Security Vulnerabilities **Finding:** No vulnerability scanning found for vendored code. Missing: - Snyk integration - npm audit configuration - Dependabot for vendor directory ### License Compliance The vendor guide correctly emphasizes license compliance: ```markdown ## Step 1: Verify License Compatibility ✅ MIT ✅ BSD ✅ Apache 2.0 ❌ GPL (not compatible) ``` All checked integrations use compatible licenses (MIT/Apache 2.0). ### Update Frequency No automated update mechanism for vendored dependencies: - Manual subtree updates required - No changelog tracking - No version pinning enforcement ### Patch Management No patch management process documented: - No security advisory monitoring - No hotfix procedures - No rollback capabilities --- ## Section 9: API Design Consistency ### Interface Consistency Across Integrations Exchange APIs follow consistent patterns: ```typescript // All exchanges export similar interfaces export interface [Exchange]Credentials { apiKey: string; apiSecret: string; // Optional: passphrase } export interface [Exchange]Ticker { symbol: string; price: string; volume: string; // ... } ``` ### Naming Conventions Generally consistent: - **Classes:** PascalCase (e.g., `CoinGeckoMCPServer`, `DeFiAgent`) - **Functions:** camelCase (e.g., `createAgent`, `getDecayedScore`) - **Types:** PascalCase with descriptive names - **Constants:** UPPER_SNAKE_CASE (e.g., `COINGECKO_API`, `CRYPTO_KEYWORDS`) **Inconsistencies found:** - Some files use `interface` vs `type` interchangeably - Mixed use of `.js` and `.ts` extensions in imports ### Error Format Standardization **Inconsistent error handling:** Pattern 1 (MCP servers): ```typescript return { content: [{ type: 'text', text: JSON.stringify({ error: msg }) }], isError: true }; ``` Pattern 2 (API clients): ```typescript throw new Error(`Error message`); ``` Pattern 3 (Some integrations): ```typescript console.error('Error:', error); ``` **Recommendation:** Standardize on a single error response format. ### Response Structure Patterns API responses lack standardization: - Some return raw data - Some return wrapped objects - No consistent envelope pattern ### Pagination Handling **Finding:** No pagination handling found in most integrations. CryptoCompare is an exception with limit/offset support. ### Versioning Strategy MCP server versioning follows semantic versioning: ```json { "version": "0.1.0" } ``` No API versioning found for individual integrations. --- ## Section 10: Observability & Monitoring ### Logging Implementations Multiple logging patterns found: 1. **Console-based:** Most packages use `console.log/error` 2. **Logger class:** Some packages have Logger utilities: ```typescript static debug(...args: any[]) { if (process.env.DEBUG) console.error("[DEBUG]", ...args) } ``` 3. **Loguru (Python):** Xeepy uses structured logging: ```python from loguru import logger ``` ### Metrics Collection **Finding:** No standardized metrics collection. - Prometheus configuration file exists in `xeepy/prometheus.yml` - No metrics instrumentation in TypeScript packages - No custom metrics defined ### Tracing Support **Finding:** No distributed tracing implemented. Missing: - OpenTelemetry integration - Trace context propagation - Span collection ### Health Checks Limited health check implementations: Xeepy API: ```markdown - **Health Check**: http://localhost:8000/health ``` No health checks in MCP servers or other packages. ### Alerting Integration **Finding:** No alerting configuration found. No integration with: - PagerDuty - Opsgenie - Email alerts - Slack notifications ### Dashboard Availability Xeepy mentions dashboards: ```markdown - **Comprehensive Dashboard** - Real-time analytics and metrics ``` No Grafana dashboards or visualization configurations found in the repository. --- ## Section 11: Issues & Recommendations Table | Priority | Issue | Location | Description | Recommended Fix | |----------|-------|----------|-------------|-----------------| | 🔴 Critical | No rate limiting | `packages/integrations/**` | API clients can overwhelm external services | Implement token bucket rate limiter per API | | 🔴 Critical | No retry logic | `packages/integrations/**` | Transient failures cause complete failure | Add exponential backoff with jitter | | 🔴 Critical | No agent guardrails | `packages/agents/**` | Autonomous agents lack safety limits | Add spending limits, approval queues, kill switches | | 🔴 Critical | No human-in-the-loop | `packages/agents/**`, `packages/automation/**` | High-value actions execute without approval | Implement confirmation workflows | | 🔴 Critical | Secrets in env vars | All packages | No vault integration, secrets in environment | Integrate HashiCorp Vault or AWS Secrets Manager | | ⚠️ High | Inconsistent error handling | All packages | Multiple error patterns, hard to debug | Create shared error handling library | | ⚠️ High | No timeout handling | `packages/integrations/**` | HTTP requests can hang indefinitely | Add configurable timeouts (default 30s) | | ⚠️ High | Limited test coverage | All packages | Most packages lack integration tests | Add minimum 70% coverage requirement | | ⚠️ High | No observability | `packages/**` | No metrics, tracing, or structured logging | Implement OpenTelemetry | | ⚠️ Medium | Empty agent implementations | `packages/agents/**` | Agent classes are configuration-only | Implement actual decision/execution logic | | ⚠️ Medium | No pagination | `packages/integrations/**` | Large result sets can't be retrieved | Implement cursor-based pagination | | ⚠️ Medium | Hardcoded API endpoints | Various | Some endpoints are hardcoded strings | Move to configuration | | ⚠️ Medium | No feature flags | `packages/novel/**` | Experimental features always enabled | Implement feature flag system | | ⚠️ Medium | No webhook handling | `packages/integrations/**` | Can't receive external events | Add webhook endpoints and handlers | | 🟡 Low | Inconsistent naming | All packages | Some files use different conventions | Establish and enforce style guide | | 🟡 Low | No API versioning | `packages/integrations/**` | Breaking changes can't be managed | Add versioning headers/paths | | 🟡 Low | Limited documentation | Various | Some packages lack API docs | Generate TypeDoc documentation | | 🟡 Low | No changelog automation | All packages | Manual changelog maintenance | Implement conventional commits + auto-changelog | --- ## Section 12: Action Items Summary ### Critical Improvements Needed 1. **Implement Rate Limiting Framework** - Create shared rate limiter utility in `packages/shared/` - Apply to all external API integrations - Configure per-API limits based on provider documentation 2. **Add Retry Logic with Circuit Breakers** - Implement exponential backoff library - Add circuit breaker pattern for failing services - Create retry policies per integration 3. **Agent Safety Mechanisms** - Add transaction size limits - Implement approval workflows for large transactions - Create kill switch functionality - Add portfolio allocation constraints 4. **Secrets Management** - Remove secrets from environment variables for production - Integrate with secrets management solution - Implement secret rotation ### Integration Gaps to Address 1. **Missing Rate Limit Implementations** - Priority: Bitget, Gate.io, MEXC (high-frequency trading) 2. **Timeout Handling** - Add 30-second default timeout to all HTTP clients - Make timeout configurable per request 3. **Webhook Support** - Add webhook receivers for exchange notifications - Implement signature validation - Add retry queue for failed deliveries 4. **Pagination Support** - Add cursor-based pagination to exchange APIs - Implement automatic page fetching for large datasets ### Agent Safety Improvements 1. **Guardrails Implementation** ```typescript interface AgentGuardrails { maxTransactionValue: bigint; dailySpendingLimit: bigint; allowedChains: string[]; allowedProtocols: string[]; requireApprovalAbove: bigint; } ``` 2. **Human-in-the-Loop** - Approval queue for transactions > $1000 - Manual confirmation for new addresses - Audit log for all actions 3. **Emergency Stop** - Global kill switch - Per-agent pause capability - Automatic stop on loss thresholds ### Documentation Needs 1. **API Documentation** - Generate TypeDoc for all packages - Add JSDoc comments to all public functions - Create integration guides 2. **Security Documentation** - Document authentication flows - Create threat model - Add security best practices guide 3. **Runbook Creation** - Incident response procedures - Debugging guides - Rollback procedures --- ## Appendix A: Package Dependency Map ``` packages/integrations/ ├── @modelcontextprotocol/sdk ├── axios └── crypto (Node.js built-in) packages/agents/ ├── @universal-crypto-mcp/core └── @modelcontextprotocol/sdk packages/automation/ ├── drizzle-orm (sweep) ├── hono (sweep) ├── @solana/web3.js (volume) └── Various DEX SDKs packages/novel/ ├── viem └── @universal-crypto-mcp/core packages/generators/ ├── @anthropic-ai/sdk ├── openai └── octokit ``` ## Appendix B: External API Endpoints | Integration | Base URL | Version | |------------|----------|---------| | CoinGecko | https://api.coingecko.com/api/v3 | v3 | | Bitget | https://api.bitget.com | v2 | | CryptoCompare | https://min-api.cryptocompare.com | v1 | | Dune | https://api.dune.com | v1 | | Etherscan | https://api.etherscan.io | v2 | ## Appendix C: Environment Variables Reference | Variable | Package | Required | Secret | |----------|---------|----------|--------| | COINGECKO_API_KEY | integrations/api-mcp-servers | No | Yes | | DUNE_API_KEY | integrations/external-mcp | Yes | Yes | | PRIVATE_KEY | Various | Context | Yes | | ALCHEMY_API_KEY | core | No | Yes | | TWITTER_API_KEY | automation/social | Yes | Yes | | OPENAI_API_KEY | generators | No | Yes | | ANTHROPIC_API_KEY | generators | No | Yes | --- **End of Audit Report** *This audit was conducted by Agent 4 (Integrations, Agents & Automation Specialist) on January 30, 2026. The findings represent a point-in-time assessment and should be re-evaluated as the codebase evolves.*

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/nirholas/universal-crypto-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

INTEGRATIONS_AUTOMATION_AUDIT.md•29 KiB