402-mcp 3.15.0 → 3.15.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -1
- package/llms-full.txt +22 -0
- package/llms.txt +7 -0
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -79,7 +79,7 @@ For detailed architecture and payment flow diagrams, see [docs/architecture.md](
|
|
|
79
79
|
| `CREDENTIAL_STORE` | `~/.402-mcp/credentials.json` | Persistent macaroon/credential storage |
|
|
80
80
|
| `TRANSPORT` | `stdio` | Transport mode: `stdio` or `http` |
|
|
81
81
|
| `PORT` | 3402 | HTTP server port (when `TRANSPORT=http`) |
|
|
82
|
-
| `TRANSPORT_PREFERENCE` | `
|
|
82
|
+
| `TRANSPORT_PREFERENCE` | `onion,hns,https,http` | Preferred transport order for multi-URL services (comma-separated) |
|
|
83
83
|
| `TOR_PROXY` | - | SOCKS5 proxy for `.onion` addresses (e.g. `socks5h://127.0.0.1:9050`) |
|
|
84
84
|
| `SOCKS_PROXY` | - | Generic SOCKS5 proxy for all requests when set |
|
|
85
85
|
| `HNS_GATEWAY_URL` | - | HTTP gateway for Handshake (`.hns`) domains (e.g. `https://hns.to`) |
|
|
@@ -126,6 +126,15 @@ Three payment rails, tried in priority order:
|
|
|
126
126
|
|
|
127
127
|
The agent can override the method per-call, or you can configure only the methods you want.
|
|
128
128
|
|
|
129
|
+
`l402-fetch` handles four HTTP 402 challenge variants transparently:
|
|
130
|
+
|
|
131
|
+
| Protocol | Challenge header | Payment |
|
|
132
|
+
|----------|-----------------|---------|
|
|
133
|
+
| **L402** | `WWW-Authenticate: L402` | Lightning invoice via wallet stack |
|
|
134
|
+
| **IETF Payment** (`draft-ryan-httpauth-payment-01`) | `WWW-Authenticate: Payment` | Lightning invoice via wallet stack |
|
|
135
|
+
| **xCashu** (NUT-18) | `X-Cashu: creqA…` | Ecash token sent directly (requires Cashu wallet) |
|
|
136
|
+
| **x402** | `X-Payment-Required: x402` | On-chain EVM transfer; surfaced to human with EIP-681 deeplink |
|
|
137
|
+
|
|
129
138
|
## Safety
|
|
130
139
|
|
|
131
140
|
`MAX_AUTO_PAY_SATS` caps any single autonomous payment. Above this limit, the agent must ask the human for approval. The agent can read this limit via `l402-config` and factor it into purchasing decisions.
|
|
@@ -174,6 +183,23 @@ Built by [@forgesworn](https://github.com/forgesworn).
|
|
|
174
183
|
|
|
175
184
|
---
|
|
176
185
|
|
|
186
|
+
## Part of the ForgeSworn Toolkit
|
|
187
|
+
|
|
188
|
+
[ForgeSworn](https://forgesworn.dev) builds open-source cryptographic identity, payments, and coordination tools for Nostr.
|
|
189
|
+
|
|
190
|
+
| Library | What it does |
|
|
191
|
+
|---------|-------------|
|
|
192
|
+
| [nsec-tree](https://github.com/forgesworn/nsec-tree) | Deterministic sub-identity derivation |
|
|
193
|
+
| [ring-sig](https://github.com/forgesworn/ring-sig) | SAG/LSAG ring signatures on secp256k1 |
|
|
194
|
+
| [range-proof](https://github.com/forgesworn/range-proof) | Pedersen commitment range proofs |
|
|
195
|
+
| [canary-kit](https://github.com/forgesworn/canary-kit) | Coercion-resistant spoken verification |
|
|
196
|
+
| [spoken-token](https://github.com/forgesworn/spoken-token) | Human-speakable verification tokens |
|
|
197
|
+
| [toll-booth](https://github.com/forgesworn/toll-booth) | L402 payment middleware |
|
|
198
|
+
| [geohash-kit](https://github.com/forgesworn/geohash-kit) | Geohash toolkit with polygon coverage |
|
|
199
|
+
| [nostr-attestations](https://github.com/forgesworn/nostr-attestations) | NIP-VA verifiable attestations |
|
|
200
|
+
| [dominion](https://github.com/forgesworn/dominion) | Epoch-based encrypted access control |
|
|
201
|
+
| [nostr-veil](https://github.com/forgesworn/nostr-veil) | Privacy-preserving Web of Trust |
|
|
202
|
+
|
|
177
203
|
## Licence
|
|
178
204
|
|
|
179
205
|
[MIT](LICENSE)
|
package/llms-full.txt
CHANGED
|
@@ -79,6 +79,15 @@ src/
|
|
|
79
79
|
detect.ts # Detect toll-booth vs generic L402 servers
|
|
80
80
|
bolt11.ts # Decode BOLT11 invoices (amount extraction)
|
|
81
81
|
challenge-cache.ts # Cache parsed challenges for l402-pay
|
|
82
|
+
x402/
|
|
83
|
+
parse.ts # Detect X-Payment-Required: x402 header; parse EVM challenge
|
|
84
|
+
payment.ts # Format payment request with EIP-681 deeplink for human payment
|
|
85
|
+
xcashu/
|
|
86
|
+
parse.ts # Detect X-Cashu header; parse NUT-18 payment request
|
|
87
|
+
payment.ts # Autonomous ecash payment: coin-select, send exact token amount
|
|
88
|
+
ietf-payment/
|
|
89
|
+
parse.ts # Detect/parse WWW-Authenticate: Payment challenges (draft-ryan-httpauth-payment-01)
|
|
90
|
+
credential.ts # Build Authorization: Payment base64url credential after Lightning payment
|
|
82
91
|
store/
|
|
83
92
|
credentials.ts # Encrypted credential persistence (JSON)
|
|
84
93
|
cashu-tokens.ts # Cashu token store (add/remove/balance)
|
|
@@ -266,6 +275,19 @@ The L402 protocol is an extension of HTTP 402 (Payment Required):
|
|
|
266
275
|
|
|
267
276
|
402-mcp handles steps 2–5 automatically within `l402-fetch`.
|
|
268
277
|
|
|
278
|
+
## Supported 402 Protocol Variants
|
|
279
|
+
|
|
280
|
+
`l402-fetch` detects and handles four HTTP 402 challenge variants. Detection order in source: L402, x402, xCashu, IETF Payment.
|
|
281
|
+
|
|
282
|
+
| Protocol | Detection | Credential sent | Autonomous? |
|
|
283
|
+
|----------|-----------|----------------|-------------|
|
|
284
|
+
| **L402** | `WWW-Authenticate: L402 macaroon=…, invoice=…` | `Authorization: L402 <macaroon>:<preimage>` | Yes (NWC or Cashu) |
|
|
285
|
+
| **IETF Payment** (`draft-ryan-httpauth-payment-01`) | `WWW-Authenticate: Payment id=… method=lightning …` | `Authorization: Payment <base64url-json>` | Yes (NWC or Cashu) |
|
|
286
|
+
| **xCashu** (NUT-18) | `X-Cashu: creqA<base64url>` | `X-Cashu: <cashuB-token>` | Yes (Cashu wallet only) |
|
|
287
|
+
| **x402** | `X-Payment-Required: x402` + JSON body | Human presents EIP-681 deeplink | No — on-chain EVM; surfaced to human |
|
|
288
|
+
|
|
289
|
+
xCashu uses coin selection via `wallet.send(amount, proofs, { includeFees: true })` and restores change proofs to the token store. IETF Payment decodes the base64url charge request to extract the BOLT11 invoice, then pays it through the normal wallet stack and wraps the preimage in a JSON credential.
|
|
290
|
+
|
|
269
291
|
## Wallet Priority and Resolution
|
|
270
292
|
|
|
271
293
|
Wallets are tried in order: NWC → Cashu → Human. The first wallet that succeeds is used.
|
package/llms.txt
CHANGED
|
@@ -120,6 +120,13 @@ Three payment rails are tried in priority order:
|
|
|
120
120
|
|
|
121
121
|
The agent can override the payment method per-call, or you can configure only the methods you want available.
|
|
122
122
|
|
|
123
|
+
`l402-fetch` handles four HTTP 402 challenge variants transparently:
|
|
124
|
+
|
|
125
|
+
- **L402** (`WWW-Authenticate: L402`) — the primary protocol; Lightning invoice paid via the wallet stack.
|
|
126
|
+
- **IETF Payment** (`WWW-Authenticate: Payment`, `draft-ryan-httpauth-payment-01`) — alternative Lightning path; builds a base64url credential after payment.
|
|
127
|
+
- **xCashu** (`X-Cashu: creqA…`, NUT-18) — autonomous ecash payment; selects and sends the exact token amount without a Lightning round-trip.
|
|
128
|
+
- **x402** (`X-Payment-Required: x402`) — on-chain EVM payment; surfaces an EIP-681 deeplink to the human (no autonomous settlement).
|
|
129
|
+
|
|
123
130
|
## Safety Model
|
|
124
131
|
|
|
125
132
|
Two safety primitives protect against runaway spending:
|
package/package.json
CHANGED