@crestdeploymentsystems/trusted-fetch 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +58 -0
- package/index.mjs +33 -0
- package/package.json +25 -0
package/README.md
ADDED
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# @crestdeploymentsystems/trusted-fetch
|
|
2
|
+
|
|
3
|
+
x402 payments with pre-payment trust verification. Drop-in replacement for `@x402/fetch` that checks service trust before sending money.
|
|
4
|
+
|
|
5
|
+
## Install
|
|
6
|
+
|
|
7
|
+
```bash
|
|
8
|
+
npm install @crestdeploymentsystems/trusted-fetch
|
|
9
|
+
```
|
|
10
|
+
|
|
11
|
+
## Usage
|
|
12
|
+
|
|
13
|
+
```javascript
|
|
14
|
+
import { wrapFetchWithPayment } from "@x402/fetch";
|
|
15
|
+
import { createTrustedFetch } from "@crestdeploymentsystems/trusted-fetch";
|
|
16
|
+
|
|
17
|
+
// Your normal x402 setup
|
|
18
|
+
const fetchWithPayment = wrapFetchWithPayment(fetch, client);
|
|
19
|
+
|
|
20
|
+
// Wrap it with trust verification
|
|
21
|
+
const trustedFetch = createTrustedFetch(fetchWithPayment, {
|
|
22
|
+
threshold: 50, // minimum trust score (0-100)
|
|
23
|
+
onCheck: (url, trust) => console.log(`${url}: ${trust.score}/${trust.grade}`),
|
|
24
|
+
onRefuse: (url, trust) => console.log(`Refused to pay ${url}: score too low`),
|
|
25
|
+
});
|
|
26
|
+
|
|
27
|
+
// Use exactly like fetchWithPayment -- but safe
|
|
28
|
+
const res = await trustedFetch("https://some-x402-service.com/api/data", {
|
|
29
|
+
method: "GET",
|
|
30
|
+
});
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
## How it works
|
|
34
|
+
|
|
35
|
+
Before every x402 payment, `trustedFetch` calls [supership.crestsystems.ai/check](https://supership.crestsystems.ai/check) to get a trust score for the service. If the score is below your threshold, the payment is refused and an error is thrown. Your money stays in your wallet.
|
|
36
|
+
|
|
37
|
+
The check is free. Skipping it is expensive.
|
|
38
|
+
|
|
39
|
+
## Options
|
|
40
|
+
|
|
41
|
+
| Option | Default | Description |
|
|
42
|
+
|--------|---------|-------------|
|
|
43
|
+
| `threshold` | 50 | Minimum trust score (0-100) to proceed with payment |
|
|
44
|
+
| `checkUrl` | supership.crestsystems.ai/check | Trust check endpoint |
|
|
45
|
+
| `onCheck` | null | Callback after every trust check |
|
|
46
|
+
| `onRefuse` | null | Callback when payment is refused |
|
|
47
|
+
|
|
48
|
+
## Why
|
|
49
|
+
|
|
50
|
+
Agents making x402 payments have no way to know if a service is trustworthy before paying. `trusted-fetch` adds a pre-flight trust check that protects against:
|
|
51
|
+
- Scam services that take payment and return nothing
|
|
52
|
+
- Services with known security issues
|
|
53
|
+
- Newly deployed services with no track record
|
|
54
|
+
- Services that have degraded since you last called them
|
|
55
|
+
|
|
56
|
+
## Built by
|
|
57
|
+
|
|
58
|
+
[Crest Deployment Systems](https://crestsystems.ai) -- deploying scalable intelligence.
|
package/index.mjs
ADDED
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
const SUPERSHIP_CHECK = "https://supership.crestsystems.ai/check";
|
|
2
|
+
const DEFAULT_THRESHOLD = 50;
|
|
3
|
+
|
|
4
|
+
export function createTrustedFetch(fetchWithPayment, options = {}) {
|
|
5
|
+
const threshold = options.threshold ?? DEFAULT_THRESHOLD;
|
|
6
|
+
const checkUrl = options.checkUrl ?? SUPERSHIP_CHECK;
|
|
7
|
+
const onRefuse = options.onRefuse ?? null;
|
|
8
|
+
const onCheck = options.onCheck ?? null;
|
|
9
|
+
|
|
10
|
+
return async function trustedFetch(url, init) {
|
|
11
|
+
const serviceUrl = new URL(url).origin;
|
|
12
|
+
|
|
13
|
+
let trust;
|
|
14
|
+
try {
|
|
15
|
+
const checkRes = await fetch(`${checkUrl}?url=${encodeURIComponent(serviceUrl)}`);
|
|
16
|
+
trust = await checkRes.json();
|
|
17
|
+
} catch {
|
|
18
|
+
trust = { score: 0, grade: "F", recommendation: "unknown", confidence_debt: ["check_failed"] };
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
if (onCheck) onCheck(serviceUrl, trust);
|
|
22
|
+
|
|
23
|
+
if (trust.score < threshold) {
|
|
24
|
+
const reason = `Trust score ${trust.score}/${trust.grade} below threshold ${threshold}. Recommendation: ${trust.recommendation}. Confidence debt: ${(trust.confidence_debt || []).join(", ")}`;
|
|
25
|
+
if (onRefuse) onRefuse(serviceUrl, trust, reason);
|
|
26
|
+
throw new Error(`[trusted-fetch] Payment refused: ${reason}`);
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
return fetchWithPayment(url, init);
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
export { SUPERSHIP_CHECK, DEFAULT_THRESHOLD };
|
package/package.json
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@crestdeploymentsystems/trusted-fetch",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"mcpName": "io.github.andysalvo/trusted-fetch",
|
|
5
|
+
"description": "x402 fetch with pre-payment trust check. Drop-in replacement for @x402/fetch that calls supership before paying.",
|
|
6
|
+
"type": "module",
|
|
7
|
+
"main": "./index.mjs",
|
|
8
|
+
"exports": {
|
|
9
|
+
".": "./index.mjs"
|
|
10
|
+
},
|
|
11
|
+
"keywords": ["x402", "trust", "security", "preflight", "supership", "agent", "payment", "fetch"],
|
|
12
|
+
"author": "Crest Deployment Systems LLC",
|
|
13
|
+
"license": "Apache-2.0",
|
|
14
|
+
"repository": {
|
|
15
|
+
"type": "git",
|
|
16
|
+
"url": "https://github.com/andysalvo/trusted-fetch.git"
|
|
17
|
+
},
|
|
18
|
+
"homepage": "https://supership.crestsystems.ai",
|
|
19
|
+
"peerDependencies": {
|
|
20
|
+
"@x402/fetch": ">=0.1.0"
|
|
21
|
+
},
|
|
22
|
+
"engines": {
|
|
23
|
+
"node": ">=18.0.0"
|
|
24
|
+
}
|
|
25
|
+
}
|