@builtbyecho/public-api-finder 0.1.0 → 0.5.1

package/README.md

@@ -2,14 +2,20 @@
 
 Find free/public APIs for agents, prototypes, demos, and integrations.
 
-Powered by the curated [`public-api-lists/public-api-lists`](https://github.com/public-api-lists/public-api-lists) JSON dataset.
+Powered by multiple sources plus a curated best-known API layer:
+
+- [`public-api-lists/public-api-lists`](https://github.com/public-api-lists/public-api-lists) for fast curated JSON discovery
+- [`public-apis/public-apis`](https://github.com/public-apis/public-apis) for the larger canonical README list
+- [`APIs-guru/openapi-directory`](https://github.com/APIs-guru/openapi-directory) for OpenAPI-backed APIs
 
 ## Quick start
 
 ```bash
-npx @builtbyecho/public-api-finder "weather forecast" --no-auth --https
-npx @builtbyecho/public-api-finder "crypto prices" --category Cryptocurrency --limit 5
-npx @builtbyecho/public-api-finder "jobs" --json
+npx --yes --package=@builtbyecho/public-api-finder -- public-api-finder "weather forecast" --no-auth --https
+npx --yes --package=@builtbyecho/public-api-finder -- public-api-finder "crypto prices" --category Cryptocurrency --limit 5
+npx --yes --package=@builtbyecho/public-api-finder -- public-api-finder "jobs" --json
+npx --yes --package=@builtbyecho/public-api-finder -- public-api-finder "payments" --openapi
+npx --yes --package=@builtbyecho/public-api-finder -- public-api-finder "weather forecast" --no-auth --https --check
 ```
 
 ## Why
@@ -24,16 +30,109 @@ The package includes an agent skill at:
 skills/public-api-finder/SKILL.md
 ```
 
-The skill tells agents to prefer the CLI first, then live-check docs/endpoints before building.
+The skill tells agents to prefer the CLI first, then live-check docs/endpoints before building. Use `--check` when you want the CLI to annotate whether each result URL is reachable right now.
 
 ## CLI options
 
 ```text
 --category <name>  Filter by category substring
+--source <name>    Filter by source: public-api-lists, public-apis, apis-guru, curated
 --no-auth          Only APIs with Auth = No
 --https            Only HTTPS APIs
 --cors <value>     Filter by CORS: Yes, No, Unknown
+--openapi          Only APIs with OpenAPI specs
 --limit <n>        Max results
+--check            Live-check result URLs and annotate reachability
 --json             Emit JSON
 --refresh          Refresh cache
 ```
+
+## Bankr x402 endpoint
+
+This repo includes a Bankr x402 Cloud endpoint scaffold at:
+
+```text
+x402/public-api-finder/index.ts
+bankr.x402.json
+```
+
+It is configured as a paid `POST` endpoint at **$0.01 USDC per successful request** on Base. Deploy it with Bankr when ready:
+
+```bash
+bankr x402 deploy public-api-finder
+```
+
+The endpoint accepts:
+
+```json
+{
+  "query": "weather forecast no auth cors",
+  "limit": 5,
+  "noAuth": true,
+  "https": true,
+  "cors": "Yes"
+}
+```
+
+Suggested Bankr App prompt after deployment:
+
+```text
+Build me a public app called Public API Finder. It should have a search box,
+filters for no-auth, HTTPS, CORS, category, and result limit, and a green
+button labeled “Pay $0.01 & Pull”. When clicked, call my x402 endpoint
+https://x402.bankr.bot/<my-wallet>/public-api-finder with bankr.x402.fetch,
+show the Bankr payment confirmation, then render ranked API cards with name,
+category, auth, CORS, URL, score, and description. Make it public/unlisted so
+I can share it with the Bankr team.
+```
+
+## Hosted app / Bankr-ready credits
+
+The package also includes a tiny zero-dependency hosted API and landing page:
+
+```bash
+npm start
+# http://localhost:8787
+```
+
+Pricing model: **1 credit = 1 successful enriched pull**. The default public price is `$0.01` per pull, so a 100-credit top-up is `$1.00`.
+
+### API
+
+```bash
+# Create a Bankr-ready top-up order
+curl -X POST http://localhost:8787/api/credits/topup \
+  -H 'content-type: application/json' \
+  -H 'x-api-key: acct_demo' \
+  -d '{"credits":100}'
+
+# Search, spending 1 credit only when results are returned
+curl -X POST http://localhost:8787/api/search \
+  -H 'content-type: application/json' \
+  -H 'x-api-key: acct_demo' \
+  -d '{"query":"weather forecast no auth cors","noAuth":true,"https":true,"cors":"Yes"}'
+```
+
+Top-ups currently return Bankr payment instructions and create a pending order. After confirming payment, grant credits with an admin token:
+
+```bash
+PUBLIC_API_FINDER_ADMIN_TOKEN=secret npm start
+
+curl -X POST http://localhost:8787/api/admin/credits \
+  -H 'content-type: application/json' \
+  -H 'x-admin-token: secret' \
+  -d '{"account":"acct_demo","credits":100,"paymentRef":"bankr-tx-or-job-id"}'
+```
+
+Environment knobs:
+
+```text
+PORT                              Server port, default 8787
+PUBLIC_API_FINDER_STATE           Ledger JSON path, default ./state/public-api-finder-ledger.json
+PUBLIC_API_FINDER_PULL_PRICE_CENTS Price per pull, default 1
+PUBLIC_API_FINDER_CREDITS_PER_PULL Credits charged per successful search, default 1
+PUBLIC_API_FINDER_ADMIN_TOKEN      Required for manual credit grants
+BANKR_RECEIVE_ADDRESS              Address shown in Bankr payment instructions
+BANKR_NETWORK                      Default Base
+BANKR_ASSET                        Default USDC
+```

package/bankr.x402.json

@@ -0,0 +1,38 @@
+{
+  "network": "base",
+  "currency": "USDC",
+  "services": {
+    "public-api-finder": {
+      "price": "0.01",
+      "currency": "USDC",
+      "network": "base",
+      "methods": ["POST"],
+      "paymentScheme": "exact",
+      "description": "Find and rank free/public APIs for agents and app builders from a natural-language query.",
+      "schema": {
+        "input": {
+          "type": "object",
+          "properties": {
+            "query": { "type": "string", "description": "Natural-language API need, e.g. weather forecast no auth cors" },
+            "limit": { "type": "number", "description": "Max results, 1-20" },
+            "category": { "type": "string", "description": "Optional category substring" },
+            "noAuth": { "type": "boolean", "description": "Only return APIs with no auth/key requirement" },
+            "https": { "type": "boolean", "description": "Only return HTTPS APIs" },
+            "cors": { "type": "string", "description": "Filter CORS value: Yes, No, Unknown" }
+          },
+          "required": ["query"]
+        },
+        "output": {
+          "type": "object",
+          "properties": {
+            "query": { "type": "string" },
+            "price": { "type": "string" },
+            "charged": { "type": "boolean" },
+            "resultCount": { "type": "number" },
+            "results": { "type": "array" }
+          }
+        }
+      }
+    }
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@builtbyecho/public-api-finder",
-  "version": "0.1.0",
+  "version": "0.5.1",
   "description": "Find free/public APIs for agents and prototypes.",
   "type": "module",
   "bin": {
@@ -8,12 +8,17 @@
   },
   "files": [
     "src/",
+    "scripts/",
     "skills/",
+    "x402/",
+    "bankr.x402.json",
     "README.md",
     "LICENSE"
   ],
   "scripts": {
-    "test": "node --test"
+    "test": "node --test",
+    "start": "node src/app.js",
+    "eval:quality": "node scripts/eval-quality.mjs"
   },
   "keywords": [
     "ai",

package/scripts/eval-quality.mjs

@@ -0,0 +1,127 @@
+#!/usr/bin/env node
+import { spawnSync } from 'node:child_process';
+
+const cases = [
+  { q: 'free frontend-safe weather alerts for US cities', args: ['--no-auth','--https','--cors','Yes'], expectCategory: /weather/i, expectAnyName: /weather|meteo|pirate/i },
+  { q: 'global weather forecast hourly no key browser', args: [], expectCategory: /weather/i, expectAuth: 'No', expectCors: 'Yes' },
+  { q: 'rain radar severe weather alerts us no signup', args: [], expectCategory: /weather/i, expectAuth: 'No' },
+  { q: 'crypto token metadata logos contract addresses', args: ['--category','Cryptocurrency'], expectCategory: /cryptocurrency/i, expectAnyName: /coinmarketcap|coingecko|coinpaprika|coinbase/i },
+  { q: 'ethereum gas prices no auth', args: [], expectCategory: /cryptocurrency|blockchain/i, expectAuth: 'No' },
+  { q: 'solana token price market cap dex no key', args: [], expectCategory: /cryptocurrency/i },
+  { q: 'intraday stock candles historical OHLC forex', args: [], expectCategory: /finance/i, expectAnyName: /polygon|twelve|alpha|finnhub/i },
+  { q: 'free stock quote API no auth', args: [], expectCategory: /finance/i, expectAuth: 'No' },
+  { q: 'company fundamentals earnings financial statements', args: [], expectCategory: /finance/i },
+  { q: 'reverse geocode lat lon to address no auth', args: ['--https'], expectCategory: /geocoding|location/i, expectAuth: 'No', expectAnyName: /nominatim|geocode/i },
+  { q: 'map tiles routing distance matrix places', args: [], expectCategory: /geocoding|location|maps/i, expectAnyName: /mapbox|openstreetmap|google|here|tomtom/i },
+  { q: 'timezone from latitude longitude no auth', args: [], expectCategory: /geocoding|location/i },
+  { q: 'remote developer jobs salary company listings', args: [], expectCategory: /jobs/i, expectAnyName: /adzuna|graphql|usajobs|search.gov/i },
+  { q: 'nba player stats team standings no auth', args: [], expectCategory: /sports/i, expectAuth: 'No', expectAnyName: /balldontlie|nba/i },
+  { q: 'soccer fixtures odds standings predictions api key', args: [], expectCategory: /sports/i, expectAnyName: /football|sports/i },
+  { q: 'anime character search images ratings no auth cors', args: ['--no-auth','--https'], expectCategory: /anime/i, expectAuth: 'No', expectAnyName: /jikan/i },
+  { q: 'movie database posters cast ratings imdb', args: [], expectCategory: /media|video|entertainment/i, expectAnyName: /tmdb|omdb/i },
+  { q: 'tv episode schedule cast search no auth', args: [], expectCategory: /video|media|entertainment/i, expectAnyName: /tvmaze|tmdb/i },
+  { q: 'news article search by topic and country', args: [], expectCategory: /news/i, expectAnyName: /news api|gnews|currents|guardian/i },
+  { q: 'election campaign finance donations candidates', args: [], expectCategory: /government|open data/i, expectAnyName: /fec|data.gov/i },
+  { q: 'congress bills votes representatives civic data', args: [], expectCategory: /government|open data/i },
+  { q: 'food barcode ingredients allergens nutrition no auth cors', args: ['--no-auth','--https'], expectCategory: /food/i, expectAuth: 'No', expectAnyName: /open food facts/i },
+  { q: 'checkout subscriptions invoices payments openapi', args: ['--openapi'], expectCategory: /payments|openapi/i, expectAnyName: /stripe|payments/i },
+  { q: 'validate disposable email mx deliverability', args: [], expectCategory: /email/i, expectAnyName: /abstract|mailbox|email/i },
+  { q: 'ip reputation vpn proxy privacy detection', args: ['--https'], expectCategory: /security|geocoding|location/i, expectAnyName: /ipqualityscore|proxycheck|ipinfo/i },
+  { q: 'word synonyms antonyms dictionary pronunciation', args: [], expectCategory: /dictionar|education/i, expectAnyName: /dictionary|wordsapi|wordnik|merriam/i },
+  { q: 'meal planning recipes by ingredients nutrition', args: [], expectCategory: /food/i, expectAnyName: /spoonacular|edamam|themealdb|open food/i },
+  { q: 'air quality by coordinates pollutant measurements', args: [], expectCategory: /environment|science|weather/i, expectAnyName: /openaq|air quality|aqicn/i },
+  { q: 'historical currency exchange rates no auth cors', args: ['--no-auth','--https'], expectCategory: /currency exchange/i, expectAuth: 'No', expectAnyName: /frankfurter|currency/i },
+  { q: 'public holidays by country next long weekend no auth', args: ['--no-auth','--https'], expectCategory: /calendar|date/i, expectAuth: 'No', expectAnyName: /nager|holiday/i },
+  { q: 'fake ecommerce cart products users for frontend demo', args: ['--no-auth','--https'], expectCategory: /test data|shopping/i, expectAuth: 'No', expectAnyName: /fake store|dummyjson|jsonplaceholder/i },
+  { q: 'gtfs transit stops routes realtime departures', args: [], expectCategory: /transport|transit/i, expectAnyName: /transitland|transport|mbta|transportapi/i },
+  { q: 'openapi spec for sms messaging send text', args: ['--openapi'], expectCategory: /communication|messaging|telecom|openapi/i, expectAnyName: /twilio|message|sms/i },
+  { q: 'file upload storage s3 compatible openapi', args: ['--openapi'], expectCategory: /cloud|storage|openapi/i, expectAnyName: /amazon|s3|storage|backblaze|management/i },
+  { q: 'public domain books search authors covers no auth', args: ['--no-auth','--https'], expectCategory: /books|education|open data/i, expectAuth: 'No', expectAnyName: /open library|google books|gutendex/i },
+  { q: 'podcast search episodes rss metadata', args: [], expectCategory: /podcasts|media|entertainment|music/i, expectAnyName: /podcast|listen notes|itunes/i },
+  { q: 'carbon intensity electricity grid emissions by region', args: [], expectCategory: /environment|science|open data/i, expectAnyName: /carbon|electricity|emissions/i },
+  { q: 'domain whois dns records ssl certificate lookup', args: [], expectCategory: /security|development|openapi/i, expectAnyName: /whois|dns|ssl|certificate/i },
+  { q: 'qr code generation api no auth', args: ['--no-auth','--https'], expectCategory: /development|utility|tools|test data|openapi/i, expectAuth: 'No', expectAnyName: /qr/i },
+  { q: 'shorten urls branded links analytics', args: [], expectCategory: /development|url shortener|utility|openapi/i, expectAnyName: /bitly|short/i },
+  { q: 'i need a free api for avatars profile pictures placeholder users no key', args: [], expectCategory: /test data|social|development|media/i, expectAuth: 'No', expectAnyName: /random user|dicebear|avatar|ui faces|placeholder/i },
+  { q: 'generate identicon avatar svg from wallet address no auth cors', args: [], expectAuth: 'No', expectAnyName: /avatar|dicebear|boring|identicon|blockies/i },
+  { q: 'nft metadata by contract token id ethereum polygon', args: [], expectCategory: /cryptocurrency|blockchain|openapi/i, expectAnyName: /alchemy|moralis|opensea|coinmarketcap|coinbase/i },
+  { q: 'wallet balance transactions erc20 transfers api', args: [], expectCategory: /cryptocurrency|blockchain|openapi/i, expectAnyName: /etherscan|alchemy|moralis|covalent|block/i },
+  { q: 'restaurant places nearby search opening hours photos', args: [], expectCategory: /geocoding|location|food|openapi/i, expectAnyName: /google|mapbox|foursquare|yelp|places/i },
+  { q: 'vehicle vin decode recall safety data no auth', args: [], expectCategory: /transportation|government|open data/i, expectAnyName: /nhtsa|vin|vehicle/i },
+  { q: 'license plate lookup vehicle owner', args: [], expectCategory: /transportation|government|openapi/i },
+  { q: 'address autocomplete typeahead places browser cors', args: [], expectCategory: /geocoding|location/i, expectCors: 'Yes', expectAnyName: /mapbox|nominatim|geo/i },
+  { q: 'free image search photos unsplash alternative no key', args: [], expectCategory: /photography|media|images|entertainment/i, expectAuth: 'No', expectAnyName: /pexels|pixabay|unsplash|wikimedia|openverse/i },
+  { q: 'cat images random dog facts no auth', args: [], expectAuth: 'No', expectAnyName: /cat|dog|thecatapi|dog ceo/i },
+  { q: 'jokes memes random quote api no auth', args: [], expectAuth: 'No', expectAnyName: /joke|meme|quote/i },
+  { q: 'translation language detect text api free', args: [], expectCategory: /language|translation|text analysis|openapi/i, expectAnyName: /libretranslate|google|microsoft|detect/i },
+  { q: 'sentiment analysis text moderation toxicity api', args: [], expectCategory: /machine learning|text analysis|ai|openapi/i, expectAnyName: /sentiment|moderation|toxicity|perspective/i },
+  { q: 'sms no twilio cheaper alternative openapi', args: ['--openapi'], expectCategory: /communication|messaging|telecom|openapi/i, expectAnyName: /sms|message|telnyx|vonage|messagebird|plivo/i },
+  { q: 'stripe alternative payments for crypto checkout x402', args: [], expectCategory: /payments|cryptocurrency|financial/i, expectAnyName: /stripe|paypal|coinbase|commerce|payment/i },
+  { q: 'calendar events create google calendar openapi oauth', args: ['--openapi'], expectCategory: /calendar|openapi/i, expectAnyName: /google|calendar/i },
+  { q: 'send email transactional api openapi', args: ['--openapi'], expectCategory: /email|communication|openapi/i, expectAnyName: /sendgrid|mailgun|postmark|resend|email/i },
+  { q: 'package tracking shipment carrier tracking no auth', args: [], expectCategory: /tracking|logistics|commerce|openapi/i, expectAnyName: /tracking|shippo|aftership|ups|fedex/i },
+  { q: 'open source vulnerability CVE lookup package security', args: [], expectCategory: /security|development|open data/i, expectAnyName: /nvd|cve|osv|security/i },
+  { q: 'github repo stars issues commits api no auth', args: [], expectCategory: /development|open data/i, expectAnyName: /github|gitlab/i },
+  { q: 'npm package downloads version metadata no key', args: [], expectCategory: /development|open data/i, expectAuth: 'No', expectAnyName: /npm|libraries.io|package/i },
+  { q: 'docker image tags vulnerabilities registry api', args: [], expectCategory: /development|security|openapi/i, expectAnyName: /docker|registry|hub|security/i },
+  { q: 'exchange rates but not crypto fiat only no auth', args: [], expectCategory: /currency exchange/i, expectAuth: 'No' },
+  { q: 'crypto prices but not stocks no auth', args: [], expectCategory: /cryptocurrency/i, expectAuth: 'No' },
+  { q: 'weather not climate current conditions no auth', args: [], expectCategory: /weather/i, expectAuth: 'No' },
+  { q: 'login oauth user profile social auth api openid', args: [], expectCategory: /authentication|security|development|openapi/i, expectAnyName: /auth0|clerk|okta|openid|oauth|google/i },
+  { q: 'create temporary email inbox receive messages api no auth', args: [], expectCategory: /email|test data|communication/i, expectAnyName: /mail|email|inbox|temp/i },
+  { q: 'sms verification otp phone number lookup api', args: [], expectCategory: /communication|messaging|telecom|security/i, expectAnyName: /twilio|vonage|telnyx|numverify|phone/i },
+  { q: 'phone number validation carrier line type country lookup', args: [], expectCategory: /communication|telecom|security|openapi/i, expectAnyName: /numverify|twilio|phone|abstract/i },
+  { q: 'bank routing number iban validation payments', args: [], expectCategory: /financial|finance|payments|openapi/i, expectAnyName: /iban|bank|routing|plaid|stripe/i },
+  { q: 'plaid alternative bank account transactions finance api', args: [], expectCategory: /finance|financial|payments|openapi/i, expectAnyName: /plaid|teller|truelayer|bank/i },
+  { q: 'tax rates sales tax by address api', args: [], expectCategory: /finance|government|commerce|openapi/i, expectAnyName: /tax|avalara|taxjar/i },
+  { q: 'address validation normalize usps deliverability api', args: [], expectCategory: /geocoding|location|openapi/i, expectAnyName: /smarty|usps|lob|address|geocod/i },
+  { q: 'timezone offset daylight savings from coordinates', args: [], expectCategory: /geocoding|location|time/i, expectAnyName: /timezone|timezonedb|ipgeolocation|google|abstract/i },
+  { q: 'public records business entity secretary of state api', args: [], expectCategory: /government|open data|business/i, expectAnyName: /opencorporates|business|company|data.gov/i },
+  { q: 'company enrichment domain employees logo api', args: [], expectCategory: /business|openapi|development|marketing/i, expectAnyName: /clearbit|brandfetch|company|logo|domain/i },
+  { q: 'logo from domain brand colors api no auth', args: [], expectCategory: /business|media|development|marketing/i, expectAnyName: /brandfetch|clearbit|logo|favicon/i },
+  { q: 'favicon screenshot website preview api', args: [], expectCategory: /development|media|utility|openapi/i, expectAnyName: /screenshot|favicon|microlink|urlbox/i },
+  { q: 'website metadata link preview open graph api no auth', args: [], expectCategory: /development|media|utility|openapi/i, expectAnyName: /microlink|linkpreview|metadata|open graph/i },
+  { q: 'pdf generation html to pdf api', args: [], expectCategory: /documents|development|utility|openapi/i, expectAnyName: /pdf|document/i },
+  { q: 'ocr extract text from image receipt api', args: [], expectCategory: /machine learning|ai|documents|openapi/i, expectAnyName: /ocr|vision|mindee|google|azure/i },
+  { q: 'speech to text transcription audio api', args: [], expectCategory: /ai|machine learning|audio|openapi/i, expectAnyName: /whisper|assemblyai|deepgram|speech/i },
+  { q: 'text to speech voice generation api', args: [], expectCategory: /ai|audio|machine learning|openapi/i, expectAnyName: /elevenlabs|speech|voice|tts/i },
+  { q: 'image generation ai api stable diffusion', args: [], expectCategory: /ai|machine learning|media|openapi/i, expectAnyName: /stability|openai|replicate|image/i },
+  { q: 'moderate images nudity violence safe search api', args: [], expectCategory: /ai|machine learning|security|openapi/i, expectAnyName: /moderation|sightengine|vision|safe/i },
+  { q: 'blockchain wallet risk sanctions screening api', args: [], expectCategory: /cryptocurrency|security|finance/i, expectAnyName: /chainalysis|trm|sanction|wallet|elliptic/i },
+  { q: 'sanctions ofac pep screening person company api', args: [], expectCategory: /security|government|finance|openapi/i, expectAnyName: /ofac|sanction|opensanctions|pep/i },
+  { q: 'zipcode to city state county demographics no auth', args: [], expectCategory: /geocoding|government|open data/i, expectAuth: 'No', expectAnyName: /zippopotam|census|zip|postal/i },
+  { q: 'school district boundary by address api', args: [], expectCategory: /education|government|geocoding|open data/i, expectAnyName: /school|district|census/i },
+  { q: 'real estate property value rent estimate api', args: [], expectCategory: /real estate|property|openapi|finance/i, expectAnyName: /rentcast|zillow|attom|real estate|property/i },
+  { q: 'mortgage rates loan calculator api', args: [], expectCategory: /finance|financial|real estate|openapi/i, expectAnyName: /mortgage|loan|rate/i },
+  { q: 'flight status airport arrivals departures api', args: [], expectCategory: /transportation|travel|openapi/i, expectAnyName: /aviation|flight|airport|amadeus/i },
+  { q: 'hotel search booking availability api', args: [], expectCategory: /travel|commerce|openapi/i, expectAnyName: /hotel|booking|amadeus/i },
+  { q: 'recipe from pantry ingredients avoid allergens api', args: [], expectCategory: /food/i, expectAnyName: /spoonacular|edamam|recipe|meal/i },
+  { q: 'calorie macro nutrition label parse api', args: [], expectCategory: /food|health|openapi/i, expectAnyName: /nutrition|edamam|spoonacular|food/i },
+
+];
+
+let failures = 0;
+for (const [i, c] of cases.entries()) {
+  const res = spawnSync(process.execPath, ['src/cli.js', c.q, ...c.args, '--limit', '5', '--json'], { encoding: 'utf8' });
+  if (res.status !== 0) {
+    failures++;
+    console.log(`FAIL ${i+1} ${c.q}: command failed ${res.stderr}`);
+    continue;
+  }
+  const rows = JSON.parse(res.stdout);
+  const top = rows[0];
+  const top3 = rows.slice(0,3);
+  const checks = [];
+  if (!top) checks.push('no results');
+  if (top && c.expectCategory && !c.expectCategory.test(top.category || '')) checks.push(`top category ${top.category} !~ ${c.expectCategory}`);
+  if (top && c.expectAuth && top.auth !== c.expectAuth) checks.push(`top auth ${top.auth} != ${c.expectAuth}`);
+  if (top && c.expectCors && top.cors !== c.expectCors) checks.push(`top cors ${top.cors} != ${c.expectCors}`);
+  if (c.expectAnyName && !top3.some(r => c.expectAnyName.test(r.name || '') || c.expectAnyName.test(r.description || '') || c.expectAnyName.test(r.url || ''))) checks.push(`top3 missing ${c.expectAnyName}`);
+  const ok = checks.length === 0;
+  if (!ok) failures++;
+  console.log(`${ok ? 'PASS' : 'FAIL'} ${i+1}. ${c.q}`);
+  rows.slice(0,3).forEach((r, idx) => console.log(`  ${idx+1}. ${r.name} | ${r.category} | auth=${r.auth} | cors=${r.cors} | score=${r.score}`));
+  if (!ok) console.log(`  Reasons: ${checks.join('; ')}`);
+}
+console.log(`\n${cases.length - failures}/${cases.length} passed`);
+process.exitCode = failures ? 1 : 0;

package/skills/public-api-finder/SKILL.md

@@ -5,14 +5,16 @@ description: Find and evaluate free/public APIs for projects, demos, agents, pro
 
 # Public API Finder
 
-Use this skill when a task needs a public API candidate. The agent-friendly path is the CLI first, then live-check docs/endpoints before coding.
+Use this skill when a task needs a public API candidate. The CLI searches multiple sources: public-api-lists, public-apis, APIs.guru OpenAPI directory, and a curated best-known API layer for common domains like crypto, stocks, weather, maps, jobs, sports, media, news, government, and commerce. Use the CLI first, then live-check docs/endpoints before coding.
 
 ## Quick command
 
 ```bash
-npx @builtbyecho/public-api-finder "weather forecast" --no-auth --https
-npx @builtbyecho/public-api-finder "crypto prices" --category Cryptocurrency --limit 5
-npx @builtbyecho/public-api-finder "jobs" --json
+npx --yes --package=@builtbyecho/public-api-finder -- public-api-finder "weather forecast" --no-auth --https
+npx --yes --package=@builtbyecho/public-api-finder -- public-api-finder "crypto prices" --category Cryptocurrency --limit 5
+npx --yes --package=@builtbyecho/public-api-finder -- public-api-finder "jobs" --json
+npx --yes --package=@builtbyecho/public-api-finder -- public-api-finder "payments" --openapi
+npx --yes --package=@builtbyecho/public-api-finder -- public-api-finder "weather forecast" --no-auth --https --check
 ```
 
 If npm is unavailable, use the bundled fallback script:
@@ -33,9 +35,10 @@ Recommend 2-5 APIs. Include:
 - HTTPS/CORS notes
 - One caveat to verify: rate limits, pricing, docs freshness, uptime, or terms
 - Minimal example request only after checking docs/live endpoint
+- OpenAPI URL when available
 
 ## Heuristics
 
 Prefer APIs that are HTTPS-enabled, no-auth or simple API key, CORS `Yes` for frontend demos, well documented, and narrowly suited to the task.
 
-The curated list is not a production-readiness guarantee. Always verify before building around an API.
+The curated list is not a production-readiness guarantee. Always verify before building around an API. Use `--check` for a quick live reachability check, but still inspect docs, terms, auth, and rate limits before committing to an integration.

package/src/app.js

@@ -0,0 +1,263 @@
+import { createServer as createHttpServer } from 'node:http';
+import { readFile, writeFile } from 'node:fs/promises';
+import { dirname, join } from 'node:path';
+import { mkdir } from 'node:fs/promises';
+import { randomUUID } from 'node:crypto';
+import { searchApis } from './cli.js';
+
+const DEFAULT_PULL_PRICE_CENTS = 1;
+const DEFAULT_CREDITS_PER_PULL = 1;
+
+function json(res, status, body, headers = {}) {
+  const payload = JSON.stringify(body, null, 2);
+  res.writeHead(status, {
+    'content-type': 'application/json; charset=utf-8',
+    'cache-control': 'no-store',
+    ...headers,
+  });
+  res.end(payload);
+}
+
+function html(res, body) {
+  res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' });
+  res.end(body);
+}
+
+async function readJson(req) {
+  const chunks = [];
+  for await (const chunk of req) chunks.push(chunk);
+  if (!chunks.length) return {};
+  const raw = Buffer.concat(chunks).toString('utf8');
+  try {
+    return JSON.parse(raw);
+  } catch {
+    const err = new Error('Invalid JSON body');
+    err.status = 400;
+    throw err;
+  }
+}
+
+function accountFromRequest(req, body = {}) {
+  const auth = req.headers.authorization || '';
+  const bearer = auth.match(/^Bearer\s+(.+)$/i)?.[1];
+  return String(body.account || req.headers['x-api-key'] || bearer || '').trim();
+}
+
+function assertAccount(account) {
+  if (!account) {
+    const err = new Error('Missing account. Pass X-API-Key, Authorization: Bearer, or body.account.');
+    err.status = 401;
+    throw err;
+  }
+}
+
+class CreditLedger {
+  constructor(path) {
+    this.path = path;
+    this.data = null;
+  }
+
+  async load() {
+    if (this.data) return this.data;
+    try {
+      this.data = JSON.parse(await readFile(this.path, 'utf8'));
+    } catch {
+      this.data = { version: 1, accounts: {}, topups: {}, events: [] };
+    }
+    return this.data;
+  }
+
+  async save() {
+    await mkdir(dirname(this.path), { recursive: true });
+    await writeFile(this.path, JSON.stringify(this.data, null, 2));
+  }
+
+  async balance(account) {
+    const data = await this.load();
+    return data.accounts[account]?.credits || 0;
+  }
+
+  async grant(account, credits, meta = {}) {
+    assertAccount(account);
+    if (!Number.isFinite(credits) || credits <= 0) {
+      const err = new Error('credits must be a positive number');
+      err.status = 400;
+      throw err;
+    }
+    const data = await this.load();
+    data.accounts[account] ||= { credits: 0, createdAt: new Date().toISOString() };
+    data.accounts[account].credits += credits;
+    data.accounts[account].updatedAt = new Date().toISOString();
+    data.events.push({ id: randomUUID(), type: 'grant', account, credits, meta, at: new Date().toISOString() });
+    await this.save();
+    return data.accounts[account].credits;
+  }
+
+  async spend(account, credits, meta = {}) {
+    assertAccount(account);
+    const data = await this.load();
+    const current = data.accounts[account]?.credits || 0;
+    if (current < credits) {
+      const err = new Error(`Insufficient credits: need ${credits}, have ${current}`);
+      err.status = 402;
+      err.code = 'INSUFFICIENT_CREDITS';
+      err.balance = current;
+      throw err;
+    }
+    data.accounts[account].credits = current - credits;
+    data.accounts[account].updatedAt = new Date().toISOString();
+    data.events.push({ id: randomUUID(), type: 'spend', account, credits, meta, at: new Date().toISOString() });
+    await this.save();
+    return data.accounts[account].credits;
+  }
+
+  async createTopup(account, credits, usdCents, meta = {}) {
+    assertAccount(account);
+    const id = `topup_${randomUUID()}`;
+    const data = await this.load();
+    data.topups[id] = {
+      id,
+      account,
+      credits,
+      usdCents,
+      status: 'pending',
+      meta,
+      createdAt: new Date().toISOString(),
+    };
+    data.events.push({ id: randomUUID(), type: 'topup.created', account, topupId: id, credits, usdCents, meta, at: new Date().toISOString() });
+    await this.save();
+    return data.topups[id];
+  }
+}
+
+function bankrInstructions(topup, env) {
+  const receiveAddress = env.BANKR_RECEIVE_ADDRESS || env.PUBLIC_API_FINDER_RECEIVE_ADDRESS || 'SET_BANKR_RECEIVE_ADDRESS';
+  const dollars = (topup.usdCents / 100).toFixed(2);
+  return {
+    provider: 'bankr',
+    status: 'pending_manual_confirmation',
+    receiveAddress,
+    network: env.BANKR_NETWORK || 'Base',
+    asset: env.BANKR_ASSET || 'USDC',
+    memo: topup.id,
+    prompt: `Send $${dollars} ${env.BANKR_ASSET || 'USDC'} on ${env.BANKR_NETWORK || 'Base'} to ${receiveAddress} for ${topup.credits} Public API Finder credits. Memo/order id: ${topup.id}`,
+  };
+}
+
+function landingPage() {
+  return `<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8" />
+<meta name="viewport" content="width=device-width,initial-scale=1" />
+<title>Public API Finder</title>
+<style>
+body{font-family:Inter,ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",sans-serif;margin:0;background:#07111f;color:#e6f7ff}main{max-width:900px;margin:0 auto;padding:64px 24px}.eyebrow{color:#74e7ff;font-weight:700;letter-spacing:.08em;text-transform:uppercase}h1{font-size:clamp(42px,8vw,84px);line-height:.92;margin:12px 0 18px}p{font-size:20px;line-height:1.55;color:#b9d6e2}.card{background:rgba(255,255,255,.07);border:1px solid rgba(116,231,255,.25);border-radius:24px;padding:24px;margin-top:24px;box-shadow:0 24px 80px rgba(0,0,0,.35)}code{background:rgba(0,0,0,.35);padding:2px 6px;border-radius:7px}.grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(220px,1fr));gap:16px}.price{font-size:36px;font-weight:800;color:#fff}.muted{color:#87a9b8;font-size:15px}</style>
+</head>
+<body><main>
+<div class="eyebrow">Agent-native API discovery</div>
+<h1>Find the right public API in one pull.</h1>
+<p>Public API Finder ranks free/public APIs for prototypes, agents, and app builders. The CLI is free. The hosted API uses credits designed for Bankr-powered top-ups.</p>
+<div class="grid">
+<section class="card"><div class="price">$0.01</div><p>per successful enriched pull</p><p class="muted">1 credit = 1 ranked API search result set.</p></section>
+<section class="card"><h2>Try the API</h2><p><code>POST /api/search</code><br/>Use <code>X-API-Key</code>, spend 1 credit only when results return.</p></section>
+<section class="card"><h2>Bankr-ready</h2><p><code>POST /api/credits/topup</code><br/>Creates a Bankr payment prompt and pending credit order.</p></section>
+</div>
+</main></body></html>`;
+}
+
+export function createApp(options = {}) {
+  const env = options.env || process.env;
+  const ledger = options.ledger || new CreditLedger(options.statePath || env.PUBLIC_API_FINDER_STATE || join(process.cwd(), 'state', 'public-api-finder-ledger.json'));
+  const pullPriceCents = Number(env.PUBLIC_API_FINDER_PULL_PRICE_CENTS || DEFAULT_PULL_PRICE_CENTS);
+  const creditsPerPull = Number(env.PUBLIC_API_FINDER_CREDITS_PER_PULL || DEFAULT_CREDITS_PER_PULL);
+  const freeSearches = String(env.PUBLIC_API_FINDER_FREE_SEARCH || '').toLowerCase() === 'true';
+
+  return createHttpServer(async (req, res) => {
+    try {
+      const url = new URL(req.url || '/', 'http://localhost');
+      if (req.method === 'GET' && url.pathname === '/') return html(res, landingPage());
+      if (req.method === 'GET' && url.pathname === '/api/health') return json(res, 200, { ok: true, service: 'public-api-finder' });
+
+      if (req.method === 'GET' && url.pathname === '/api/credits') {
+        const account = accountFromRequest(req, Object.fromEntries(url.searchParams));
+        assertAccount(account);
+        return json(res, 200, { account, credits: await ledger.balance(account) });
+      }
+
+      if (req.method === 'POST' && url.pathname === '/api/credits/topup') {
+        const body = await readJson(req);
+        const account = accountFromRequest(req, body);
+        assertAccount(account);
+        const credits = Math.max(1, Math.floor(Number(body.credits || 100)));
+        const usdCents = Math.max(1, Math.floor(Number(body.usdCents || credits * pullPriceCents)));
+        const topup = await ledger.createTopup(account, credits, usdCents, { source: 'bankr', requestedBy: body.requestedBy || null });
+        return json(res, 201, { topup, payment: bankrInstructions(topup, env) });
+      }
+
+      if (req.method === 'POST' && url.pathname === '/api/admin/credits') {
+        if (!env.PUBLIC_API_FINDER_ADMIN_TOKEN || req.headers['x-admin-token'] !== env.PUBLIC_API_FINDER_ADMIN_TOKEN) {
+          return json(res, 403, { error: 'Forbidden' });
+        }
+        const body = await readJson(req);
+        const account = String(body.account || '').trim();
+        const credits = Math.floor(Number(body.credits || 0));
+        const balance = await ledger.grant(account, credits, { reason: body.reason || 'admin grant', paymentRef: body.paymentRef || null });
+        return json(res, 200, { account, credits: balance });
+      }
+
+      if (req.method === 'POST' && url.pathname === '/api/search') {
+        const body = await readJson(req);
+        const account = accountFromRequest(req, body);
+        assertAccount(account);
+        if (!body.query || typeof body.query !== 'string') return json(res, 400, { error: 'query is required' });
+        const results = await searchApis({
+          query: body.query,
+          category: body.category,
+          source: body.source,
+          noAuth: body.noAuth,
+          https: body.https,
+          openapi: body.openapi,
+          cors: body.cors,
+          limit: body.limit || 8,
+          check: body.check,
+          refresh: body.refresh,
+        });
+        let remaining = await ledger.balance(account);
+        let chargedCredits = 0;
+        if (!freeSearches && results.length) {
+          remaining = await ledger.spend(account, creditsPerPull, { query: body.query, resultCount: results.length });
+          chargedCredits = creditsPerPull;
+        }
+        return json(res, 200, {
+          query: body.query,
+          results,
+          billing: {
+            account,
+            chargedCredits,
+            remainingCredits: remaining,
+            unitPriceCents: pullPriceCents,
+            note: chargedCredits ? 'charged for successful enriched pull' : 'not charged',
+          },
+        });
+      }
+
+      return json(res, 404, { error: 'Not found' });
+    } catch (err) {
+      return json(res, err.status || 500, {
+        error: err.message || 'Internal server error',
+        code: err.code,
+        balance: err.balance,
+      });
+    }
+  });
+}
+
+export { CreditLedger };
+
+if (process.argv[1] && import.meta.url === new URL(process.argv[1], 'file:').href) {
+  const port = Number(process.env.PORT || 8787);
+  createApp().listen(port, () => {
+    console.log(`public-api-finder app listening on http://localhost:${port}`);
+  });
+}