@dupecom/botcha-cloudflare 0.20.2 → 0.23.0

package/dist/dashboard/api.js

@@ -471,83 +471,30 @@ function formatTimeBucket(timestamp, period) {
         return timestamp.substring(0, 16);
     }
 }
-// ============ MOCK DATA (when CF_API_TOKEN not configured) ============
-function renderSampleBanner() {
-    return `<div class="sample-banner">Sample data — analytics will appear here once production traffic flows</div>`;
-}
-function renderSampleLegend(title, period) {
-    return `${title} (${period})<span class="sample-tag">SAMPLE</span>`;
-}
-function renderMockOverview(period) {
-    return `${renderSampleBanner()}
-  <div class="dashboard-grid">
-    ${renderStatCard('1,247', 'Challenges Generated')}
-    ${renderStatCard('1,089', 'Verifications')}
-    ${renderStatCard('94%', 'Success Rate', 'text-success')}
-    ${renderStatCard('127ms', 'Avg Solve Time')}
-    ${renderStatCard('3', 'Rate Limits Hit', 'text-warning')}
-    ${renderStatCard('0', 'Errors')}
+// ============ EMPTY STATES (when CF_API_TOKEN not configured or no data yet) ============
+const EMPTY_MSG = `<div style="color:var(--text-muted);font-size:0.75rem;padding:1.5rem 0;text-align:center;">No data yet — analytics will appear here once traffic flows.</div>`;
+function renderMockOverview(_period) {
+    return `<div class="dashboard-grid">
+    ${renderStatCard('—', 'Challenges Generated')}
+    ${renderStatCard('—', 'Verifications')}
+    ${renderStatCard('—', 'Success Rate')}
+    ${renderStatCard('—', 'Avg Solve Time')}
+    ${renderStatCard('—', 'Rate Limits Hit')}
+    ${renderStatCard('—', 'Errors')}
   </div>`;
 }
 function renderMockVolume(period) {
-    const items = [
-        { name: '00:00', value: 42, maxValue: 89 },
-        { name: '04:00', value: 15, maxValue: 89 },
-        { name: '08:00', value: 67, maxValue: 89 },
-        { name: '12:00', value: 89, maxValue: 89 },
-        { name: '16:00', value: 73, maxValue: 89 },
-        { name: '20:00', value: 55, maxValue: 89 },
-    ];
-    return `<fieldset>
-    <legend>${renderSampleLegend('Request Volume', period)}</legend>
-    ${renderBarChart(items)}
-  </fieldset>`;
+    return `<fieldset><legend>Request Volume (${period})</legend>${EMPTY_MSG}</fieldset>`;
 }
 function renderMockTypes(period) {
-    const items = [
-        { name: 'hybrid (412 ok / 18 fail)', value: 430, maxValue: 430 },
-        { name: 'speed (389 ok / 12 fail)', value: 401, maxValue: 430 },
-        { name: 'reasoning (256 ok / 45 fail)', value: 301, maxValue: 430 },
-        { name: 'standard (22 ok / 5 fail)', value: 27, maxValue: 430 },
-    ];
-    return `<fieldset>
-    <legend>${renderSampleLegend('Challenge Types', period)}</legend>
-    ${renderBarChart(items)}
-  </fieldset>`;
+    return `<fieldset><legend>Challenge Types (${period})</legend>${EMPTY_MSG}</fieldset>`;
 }
 function renderMockPerformance(period) {
-    return `<fieldset>
-    <legend>${renderSampleLegend('Performance', period)}</legend>
-    <table>
-      <thead>
-        <tr>
-          <th>Type</th><th>Count</th><th>Avg Solve</th><th>p50</th><th>p95</th><th>Min</th><th>Max</th><th>Avg Response</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr><td><span class="badge badge-info">speed</span></td><td>389</td><td>127ms</td><td>112ms</td><td>289ms</td><td>45ms</td><td>498ms</td><td>12ms</td></tr>
-        <tr><td><span class="badge badge-info">hybrid</span></td><td>412</td><td>1,845ms</td><td>1,620ms</td><td>4,200ms</td><td>890ms</td><td>8,500ms</td><td>15ms</td></tr>
-        <tr><td><span class="badge badge-info">reasoning</span></td><td>256</td><td>4,230ms</td><td>3,800ms</td><td>8,900ms</td><td>1,200ms</td><td>28,000ms</td><td>18ms</td></tr>
-      </tbody>
-    </table>
-  </fieldset>`;
+    return `<fieldset><legend>Performance (${period})</legend>${EMPTY_MSG}</fieldset>`;
 }
 function renderMockErrors(period) {
-    return `<fieldset>
-    <legend>${renderSampleLegend('Errors & Rate Limits', period)}</legend>
-    <div class="alert alert-success">No errors or rate limits</div>
-  </fieldset>`;
+    return `<fieldset><legend>Errors & Rate Limits (${period})</legend>${EMPTY_MSG}</fieldset>`;
 }
 function renderMockGeo(period) {
-    const items = [
-        { name: 'US', value: 523, maxValue: 523 },
-        { name: 'DE', value: 189, maxValue: 523 },
-        { name: 'JP', value: 134, maxValue: 523 },
-        { name: 'GB', value: 98, maxValue: 523 },
-        { name: 'FR', value: 67, maxValue: 523 },
-    ];
-    return `<fieldset>
-    <legend>${renderSampleLegend('Top Countries', period)}</legend>
-    ${renderBarChart(items)}
-  </fieldset>`;
+    return `<fieldset><legend>Top Countries (${period})</legend>${EMPTY_MSG}</fieldset>`;
 }

package/dist/dashboard/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/dashboard/auth.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAOvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAKjD,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,EAAE,WAAW,CAAC;IAClB,SAAS,CAAC,EAAE,sBAAsB,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,SAAS,GAAG;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAIF;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAc5F;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAQhE;AAID;;;;;;;;;GASG;AACH,eAAO,MAAM,oBAAoB,EAAE,iBAAiB,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAC;IAAC,SAAS,EAAE,SAAS,CAAA;CAAE,CAmChG,CAAC;AAIF;;;;;GAKG;AACH,wBAAsB,4BAA4B,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;oEA2CpF;AAgDD;;;;;GAKG;AACH,wBAAsB,yBAAyB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;;oEAwBjF;AAID;;;;GAIG;AACH,wBAAsB,yBAAyB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;oEAEjF;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;;oEA4B9E;AAID;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,qBA2E5E;AAED;;;;GAIG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFA4B9E;AAID;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFAyBnE;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFAGpE;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,gBAAgB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFA2BxE;AA4BD;;;;;;GAMG;AACH,wBAAsB,eAAe,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,qBAgFvE"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/dashboard/auth.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAOvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAKjD,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,EAAE,WAAW,CAAC;IAClB,SAAS,CAAC,EAAE,sBAAsB,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,SAAS,GAAG;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAIF;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAc5F;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAQhE;AAID;;;;;;;;;GASG;AACH,eAAO,MAAM,oBAAoB,EAAE,iBAAiB,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAC;IAAC,SAAS,EAAE,SAAS,CAAA;CAAE,CAmChG,CAAC;AAIF;;;;;GAKG;AACH,wBAAsB,4BAA4B,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;oEA2CpF;AAgDD;;;;;GAKG;AACH,wBAAsB,yBAAyB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;;oEAwBjF;AAID;;;;GAIG;AACH,wBAAsB,yBAAyB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;oEAEjF;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;;oEA4B9E;AAID;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,qBA2E5E;AAED;;;;GAIG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFA4B9E;AAID;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFAyBnE;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFAGpE;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,gBAAgB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFA2BxE;AA4BD;;;;;;GAMG;AACH,wBAAsB,eAAe,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,qBA4CvE"}

package/dist/dashboard/auth.js

@@ -6,7 +6,7 @@ import { validateAppSecret, getAppByEmail } from '../apps';
 import { sendEmail, recoveryEmail } from '../email';
 import { checkRateLimit, getClientIP } from '../rate-limit';
 import { generateDeviceCode, storeDeviceCode, redeemDeviceCode } from './device-code';
-import { LoginLayout, Card, Divider } from './layout';
+import { LoginLayout, Card } from './layout';
 // ============ SESSION HELPERS ============
 /**
  * Generate a 1-hour dashboard session JWT for the given app_id.
@@ -31,7 +31,7 @@ export async function generateSessionToken(appId, jwtSecret) {
  */
 export function setSessionCookie(c, token) {
     setCookie(c, 'botcha_session', token, {
-        path: '/dashboard',
+        path: '/',
         httpOnly: true,
         secure: true,
         sameSite: 'Lax',
@@ -63,19 +63,19 @@ export const requireDashboardAuth = async (c, next) => {
         const isApi = c.req.header('Accept')?.includes('application/json') ||
             c.req.header('HX-Request');
         if (isApi) {
-            return c.json({ error: 'Authentication required', login: '/dashboard/login' }, 401);
+            return c.json({ error: 'Authentication required', login: '/login' }, 401);
         }
-        return c.redirect('/dashboard/login');
+        return c.redirect('/login');
     }
     const result = await verifyToken(sessionToken, c.env.JWT_SECRET, c.env);
     if (!result.valid || !result.payload?.app_id) {
-        deleteCookie(c, 'botcha_session', { path: '/dashboard' });
+        deleteCookie(c, 'botcha_session', { path: '/' });
         const isApi = c.req.header('Accept')?.includes('application/json') ||
             c.req.header('HX-Request');
         if (isApi) {
-            return c.json({ error: 'Session expired', login: '/dashboard/login' }, 401);
+            return c.json({ error: 'Session expired', login: '/login' }, 401);
         }
-        return c.redirect('/dashboard/login');
+        return c.redirect('/login');
     }
     c.set('dashboardAppId', result.payload.app_id);
     await next();
@@ -284,7 +284,7 @@ export async function handleDeviceCodeRedeem(c) {
     }
     const sessionToken = await generateSessionToken(data.app_id, c.env.JWT_SECRET);
     setSessionCookie(c, sessionToken);
-    return c.redirect('/dashboard');
+    return c.redirect('/account');
 }
 // ============ LEGACY LOGIN (app_id + app_secret) ============
 /**
@@ -309,7 +309,7 @@ export async function handleLogin(c) {
         }
         const sessionToken = await generateSessionToken(trimmedAppId, c.env.JWT_SECRET);
         setSessionCookie(c, sessionToken);
-        return c.redirect('/dashboard');
+        return c.redirect('/account');
     }
     catch (error) {
         console.error('Login error:', error);
@@ -320,8 +320,8 @@ export async function handleLogin(c) {
  * GET /dashboard/logout
  */
 export async function handleLogout(c) {
-    deleteCookie(c, 'botcha_session', { path: '/dashboard' });
-    return c.redirect('/dashboard/login');
+    deleteCookie(c, 'botcha_session', { path: '/' });
+    return c.redirect('/login');
 }
 // ============ EMAIL LOGIN (session re-entry) ============
 /**
@@ -361,7 +361,7 @@ export async function handleEmailLogin(c) {
     return c.redirect('/dashboard/code?email_sent=1');
 }
 // ============ LOGIN PAGE ============
-const DASHBOARD_PROMPT = `Run: curl -s https://botcha.ai -H 'Accept: application/json' — then follow the instructions to verify yourself and get me a dashboard login code for botcha.ai.`;
+const DASHBOARD_PROMPT = `Run: curl -s https://botcha.ai -H 'Accept: application/json' — then follow the instructions to verify yourself and get me a login code for botcha.ai.`;
 const COPY_ICON_SVG = `<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="square" stroke-linejoin="miter"><rect x="9" y="9" width="13" height="13" rx="0"/><path d="M5 15H4a1 1 0 0 1-1-1V4a1 1 0 0 1 1-1h10a1 1 0 0 1 1 1v1"/></svg>`;
 const CHECK_ICON_SVG = `<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="square" stroke-linejoin="miter"><polyline points="20 6 9 17 4 12"/></svg>`;
 const LOGIN_COPY_SCRIPT = `
@@ -395,10 +395,10 @@ export async function renderLoginPage(c) {
     const errorMap = {
         email_missing: 'Please enter your email address.',
     };
-    return c.html(_jsxs(LoginLayout, { title: "Dashboard Login - BOTCHA", children: [_jsx("a", { href: "/", class: "ascii-logo", children: `██████╗  ██████╗ ████████╗ ██████╗██╗  ██╗ █████╗
+    return c.html(_jsxs(LoginLayout, { title: "Login - BOTCHA", children: [_jsx("a", { href: "/", class: "ascii-logo", children: `██████╗  ██████╗ ████████╗ ██████╗██╗  ██╗ █████╗
 ██╔══██╗██╔═══██╗╚══██╔══╝██╔════╝██║  ██║██╔══██╗
 ██████╔╝██║   ██║   ██║   ██║     ███████║███████║
 ██╔══██╗██║   ██║   ██║   ██║     ██╔══██║██╔══██║
 ██████╔╝╚██████╔╝   ██║   ╚██████╗██║  ██║██║  ██║
-╚═════╝  ╚═════╝    ╚═╝    ╚═════╝╚═╝  ╚═╝╚═╝  ╚═╝` }), _jsxs("p", { class: "text-muted", style: "text-align: center; font-size: 0.75rem; margin: -1rem 0 2rem;", children: ['>', "_\u00A0dashboard login"] }), _jsx("p", { class: "text-muted", style: "font-size: 0.6875rem; text-transform: uppercase; letter-spacing: 0.15em; text-align: center; margin-bottom: 0.625rem;", children: "Paste this into your AI agent" }), _jsx("div", { class: "card", style: "margin-bottom: 1.5rem;", children: _jsx("div", { class: "card-body", children: _jsxs("button", { id: "dash-prompt-btn", onclick: "copyDashPrompt()", type: "button", class: "card-inner", style: "display: block; width: 100%; padding: 1.5rem; border: none; border-radius: 0; cursor: pointer; font-family: var(--font); text-align: left; text-transform: none; letter-spacing: normal; box-shadow: none; transition: background 0.2s;", children: [_jsx("code", { id: "dash-prompt", style: "font-size: 0.9375rem; font-weight: 700; color: var(--accent); line-height: 1.5; display: block; background: none; border: none; padding: 0;", children: DASHBOARD_PROMPT }), _jsxs("span", { id: "dash-copy-label", style: "display: flex; align-items: center; gap: 0.375rem; margin-top: 1rem; font-size: 0.6875rem; font-weight: 500; color: var(--text-muted); text-transform: uppercase; letter-spacing: 0.1em; transition: color 0.2s;", children: [_jsx("span", { id: "dash-copy-icon", style: "display: flex; transition: color 0.2s;", dangerouslySetInnerHTML: { __html: COPY_ICON_SVG } }), _jsx("span", { id: "dash-copy-text", children: "Click to copy" })] })] }) }) }), _jsx("p", { class: "text-muted", style: "font-size: 0.75rem; text-align: center; line-height: 1.8; margin-bottom: 1.5rem; padding: 0 2rem;", children: "Your agent solves a challenge, gets a code, and gives you a link." }), _jsx(Divider, { text: "returning user?" }), _jsx("form", { method: "post", action: "/dashboard/email-login", children: _jsxs(Card, { title: "Email Login", children: [error === 'email_missing' && (_jsx("div", { class: "error-message", children: errorMap[error] })), _jsx("p", { class: "text-muted mb-2", style: "font-size: 0.75rem;", children: "Enter the email you used when creating your app. We'll send a login code to your inbox." }), _jsxs("div", { class: "form-group", children: [_jsx("label", { for: "email", children: "Email" }), _jsx("input", { type: "email", id: "email", name: "email", placeholder: "you@example.com", required: true, autocomplete: "email" })] }), _jsxs("button", { type: "submit", children: ["Email Me a Code ", '>'] })] }) }), _jsx("script", { dangerouslySetInnerHTML: { __html: LOGIN_COPY_SCRIPT } })] }));
+╚═════╝  ╚═════╝    ╚═╝    ╚═════╝╚═╝  ╚═╝╚═╝  ╚═╝` }), _jsxs("p", { class: "text-muted", style: "text-align: center; font-size: 0.75rem; margin: -1rem 0 2rem;", children: ['>', "_\u00A0login"] }), _jsx("form", { method: "post", action: "/dashboard/email-login", children: _jsxs(Card, { title: "Email Login", children: [error === 'email_missing' && (_jsx("div", { class: "error-message", children: errorMap[error] })), _jsx("p", { class: "text-muted mb-2", style: "font-size: 0.75rem;", children: "Enter the email you used when creating your app. We'll send a login code to your inbox." }), _jsxs("div", { class: "form-group", children: [_jsx("label", { for: "email", children: "Email" }), _jsx("input", { type: "email", id: "email", name: "email", placeholder: "you@example.com", required: true, autocomplete: "email" })] }), _jsxs("button", { type: "submit", children: ["Email Me a Code ", '>'] })] }) }), _jsxs("p", { class: "text-muted", style: "font-size: 0.75rem; text-align: center; margin-top: 1.5rem;", children: ["New here? ", _jsx("a", { href: "/", children: "Get started \u2192" })] })] }));
 }

package/dist/dashboard/docs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"docs.d.ts","sourceRoot":"","sources":["../../src/dashboard/docs.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,UAAU,CAAC;AAsbnC,eAAO,MAAM,QAAQ,EAAE,EAAE,CAAC;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CAqpB5C,CAAC"}
+{"version":3,"file":"docs.d.ts","sourceRoot":"","sources":["../../src/dashboard/docs.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,UAAU,CAAC;AAsbnC,eAAO,MAAM,QAAQ,EAAE,EAAE,CAAC;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CA2lC5C,CAAC"}

package/dist/dashboard/docs.js

@@ -411,7 +411,7 @@ const Endpoint = ({ method, path, desc, children }) => {
 };
 // ============ PAGE COMPONENT ============
 export const DocsPage = ({ version }) => {
-    return (_jsxs("html", { lang: "en", children: [_jsxs("head", { children: [_jsx("meta", { charset: "utf-8" }), _jsx("meta", { name: "viewport", content: "width=device-width, initial-scale=1" }), _jsx("title", { children: "BOTCHA API Documentation" }), _jsx("meta", { name: "description", content: "Complete API documentation for BOTCHA \u2014 the reverse CAPTCHA for AI agents. Endpoints, SDKs, authentication flows, and code examples." }), _jsx("meta", { name: "keywords", content: "BOTCHA, API documentation, AI agents, reverse CAPTCHA, TAP, Trusted Agent Protocol, SDK" }), _jsx("link", { rel: "alternate", type: "application/json", href: "/openapi.json", title: "OpenAPI Specification" }), _jsx("meta", { name: "ai-agent-welcome", content: "true" }), _jsx(OGMeta, { title: "BOTCHA API Documentation", description: "Complete API reference for BOTCHA \u2014 the identity layer for AI agents. Endpoints, SDKs, and code examples.", url: "https://botcha.ai/docs" }), _jsx("link", { rel: "preconnect", href: "https://fonts.googleapis.com" }), _jsx("link", { href: "https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500;600;700&display=swap", rel: "stylesheet" }), _jsx("style", { dangerouslySetInnerHTML: { __html: DOCS_PAGE_CSS } })] }), _jsxs("body", { children: [_jsxs("article", { class: "docs", children: [_jsxs("header", { class: "docs-header", children: [_jsxs("div", { class: "docs-badge", children: ["API Reference v", version] }), _jsx("h1", { class: "docs-title", children: "BOTCHA API Documentation" }), _jsx("p", { class: "docs-subtitle", children: "Prove you're a bot. Humans need not apply. Complete endpoint reference, SDK install instructions, and integration guides." }), _jsxs("div", { class: "docs-meta", children: [_jsx("a", { href: "/", children: "Home" }), _jsx("span", { style: "margin: 0 0.375rem;", children: "\u00B7" }), _jsx("a", { href: "/openapi.json", children: "OpenAPI Spec" }), _jsx("span", { style: "margin: 0 0.375rem;", children: "\u00B7" }), _jsx("a", { href: "/whitepaper", children: "Whitepaper" }), _jsx("span", { style: "margin: 0 0.375rem;", children: "\u00B7" }), _jsx("a", { href: "/ai.txt", children: "ai.txt" })] })] }), _jsxs("nav", { class: "docs-toc", children: [_jsx("div", { class: "docs-toc-title", children: "Contents" }), _jsxs("ul", { class: "docs-toc-list", children: [_jsx("li", { children: _jsx("a", { href: "#install", children: "Installation" }) }), _jsx("li", { children: _jsx("a", { href: "#quickstart", children: "Quick Start" }) }), _jsx("li", { children: _jsx("a", { href: "#challenges", children: "Challenges" }) }), _jsx("li", { children: _jsx("a", { href: "#authentication", children: "Authentication (Tokens)" }) }), _jsx("li", { children: _jsx("a", { href: "#apps", children: "Apps (Multi-Tenant)" }) }), _jsx("li", { children: _jsx("a", { href: "#agents", children: "Agent Registry" }) }), _jsx("li", { children: _jsx("a", { href: "#tap", children: "TAP (Trusted Agent Protocol)" }) }), _jsx("li", { children: _jsx("a", { href: "#delegation", children: "Delegation Chains" }) }), _jsx("li", { children: _jsx("a", { href: "#attestation", children: "Capability Attestation" }) }), _jsx("li", { children: _jsx("a", { href: "#reputation", children: "Agent Reputation" }) }), _jsx("li", { children: _jsx("a", { href: "#invoices", children: "Invoices (402 Micropayments)" }) }), _jsx("li", { children: _jsx("a", { href: "#verification", children: "Verification" }) }), _jsx("li", { children: _jsx("a", { href: "#discovery", children: "Discovery & Keys" }) }), _jsx("li", { children: _jsx("a", { href: "#ratelimits", children: "Rate Limits" }) })] })] }), _jsxs("section", { id: "install", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Installation" }), _jsx("p", { class: "docs-section-desc", children: "Client SDKs for TypeScript and Python. Server-side verification middleware available separately." }), _jsxs("div", { class: "docs-install-grid", children: [_jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "npm (TypeScript)" }), _jsx("pre", { children: _jsx("code", { children: "npm install @dupecom/botcha" }) })] }), _jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "PyPI (Python)" }), _jsx("pre", { children: _jsx("code", { children: "pip install botcha" }) })] }), _jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "Verify Middleware (TS)" }), _jsx("pre", { children: _jsx("code", { children: "npm install @dupecom/botcha-verify" }) })] }), _jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "Verify Middleware (Python)" }), _jsx("pre", { children: _jsx("code", { children: "pip install botcha-verify" }) })] }), _jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "CLI" }), _jsx("pre", { children: _jsx("code", { children: "npm install -g @dupecom/botcha-cli" }) })] }), _jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "Base URL" }), _jsx("pre", { children: _jsx("code", { children: "https://botcha.ai" }) })] })] })] }), _jsxs("section", { id: "quickstart", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Quick Start" }), _jsx("p", { class: "docs-section-desc", children: "Verify yourself as an AI agent in four steps. No registration required." }), _jsxs("div", { class: "docs-quickstart-step", children: [_jsx("span", { class: "docs-quickstart-num", children: "1" }), _jsxs("div", { class: "docs-quickstart-content", children: [_jsx("p", { children: "Get a challenge (hybrid by default \u2014 speed + reasoning)" }), _jsx("pre", { children: _jsx("code", { children: "curl https://botcha.ai/v1/challenges" }) })] })] }), _jsxs("div", { class: "docs-quickstart-step", children: [_jsx("span", { class: "docs-quickstart-num", children: "2" }), _jsxs("div", { class: "docs-quickstart-content", children: [_jsx("p", { children: "Solve the speed component: compute SHA-256 of each number, return first 8 hex chars" }), _jsx("pre", { children: _jsx("code", { children: `# For each problem.num, compute:
+    return (_jsxs("html", { lang: "en", children: [_jsxs("head", { children: [_jsx("meta", { charset: "utf-8" }), _jsx("meta", { name: "viewport", content: "width=device-width, initial-scale=1" }), _jsx("title", { children: "BOTCHA API Documentation" }), _jsx("meta", { name: "description", content: "Complete API documentation for BOTCHA \u2014 the reverse CAPTCHA for AI agents. Endpoints, SDKs, authentication flows, and code examples." }), _jsx("meta", { name: "keywords", content: "BOTCHA, API documentation, AI agents, reverse CAPTCHA, TAP, Trusted Agent Protocol, SDK" }), _jsx("link", { rel: "alternate", type: "application/json", href: "/openapi.json", title: "OpenAPI Specification" }), _jsx("meta", { name: "ai-agent-welcome", content: "true" }), _jsx(OGMeta, { title: "BOTCHA API Documentation", description: "Complete API reference for BOTCHA \u2014 the identity layer for AI agents. Endpoints, SDKs, and code examples.", url: "https://botcha.ai/docs" }), _jsx("link", { rel: "preconnect", href: "https://fonts.googleapis.com" }), _jsx("link", { href: "https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500;600;700&display=swap", rel: "stylesheet" }), _jsx("style", { dangerouslySetInnerHTML: { __html: DOCS_PAGE_CSS } })] }), _jsxs("body", { children: [_jsxs("article", { class: "docs", children: [_jsxs("header", { class: "docs-header", children: [_jsxs("div", { class: "docs-badge", children: ["API Reference v", version] }), _jsx("h1", { class: "docs-title", children: "BOTCHA API Documentation" }), _jsx("p", { class: "docs-subtitle", children: "Prove you're a bot. Humans need not apply. Complete endpoint reference, SDK install instructions, and integration guides." }), _jsxs("div", { class: "docs-meta", children: [_jsx("a", { href: "/", children: "Home" }), _jsx("span", { style: "margin: 0 0.375rem;", children: "\u00B7" }), _jsx("a", { href: "/openapi.json", children: "OpenAPI Spec" }), _jsx("span", { style: "margin: 0 0.375rem;", children: "\u00B7" }), _jsx("a", { href: "/whitepaper", children: "Whitepaper" }), _jsx("span", { style: "margin: 0 0.375rem;", children: "\u00B7" }), _jsx("a", { href: "/ai.txt", children: "ai.txt" })] })] }), _jsxs("nav", { class: "docs-toc", children: [_jsx("div", { class: "docs-toc-title", children: "Contents" }), _jsxs("ul", { class: "docs-toc-list", children: [_jsx("li", { children: _jsx("a", { href: "#install", children: "Installation" }) }), _jsx("li", { children: _jsx("a", { href: "#quickstart", children: "Quick Start" }) }), _jsx("li", { children: _jsx("a", { href: "#challenges", children: "Challenges" }) }), _jsx("li", { children: _jsx("a", { href: "#authentication", children: "Authentication (Tokens)" }) }), _jsx("li", { children: _jsx("a", { href: "#apps", children: "Apps (Multi-Tenant)" }) }), _jsx("li", { children: _jsx("a", { href: "#agents", children: "Agent Registry" }) }), _jsx("li", { children: _jsx("a", { href: "#tap", children: "TAP (Trusted Agent Protocol)" }) }), _jsx("li", { children: _jsx("a", { href: "#delegation", children: "Delegation Chains" }) }), _jsx("li", { children: _jsx("a", { href: "#attestation", children: "Capability Attestation" }) }), _jsx("li", { children: _jsx("a", { href: "#reputation", children: "Agent Reputation" }) }), _jsx("li", { children: _jsx("a", { href: "#webhooks", children: "Webhooks" }) }), _jsx("li", { children: _jsx("a", { href: "#x402", children: "x402 Payment Gating" }) }), _jsx("li", { children: _jsx("a", { href: "#ans", children: "Agent Name Service (ANS)" }) }), _jsx("li", { children: _jsx("a", { href: "#didvc", children: "DID / Verifiable Credentials" }) }), _jsx("li", { children: _jsx("a", { href: "#a2a", children: "A2A Agent Card Attestation" }) }), _jsx("li", { children: _jsx("a", { href: "#oidca", children: "OIDC-A Attestation" }) }), _jsx("li", { children: _jsx("a", { href: "#invoices", children: "Invoices (402 Micropayments)" }) }), _jsx("li", { children: _jsx("a", { href: "#verification", children: "Verification" }) }), _jsx("li", { children: _jsx("a", { href: "#discovery", children: "Discovery & Keys" }) }), _jsx("li", { children: _jsx("a", { href: "#mcp", children: "MCP Server" }) }), _jsx("li", { children: _jsx("a", { href: "#ratelimits", children: "Rate Limits" }) })] })] }), _jsxs("section", { id: "install", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Installation" }), _jsx("p", { class: "docs-section-desc", children: "Client SDKs for TypeScript and Python. Server-side verification middleware available separately." }), _jsxs("div", { class: "docs-install-grid", children: [_jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "npm (TypeScript)" }), _jsx("pre", { children: _jsx("code", { children: "npm install @dupecom/botcha" }) })] }), _jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "PyPI (Python)" }), _jsx("pre", { children: _jsx("code", { children: "pip install botcha" }) })] }), _jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "Verify Middleware (TS)" }), _jsx("pre", { children: _jsx("code", { children: "npm install @dupecom/botcha-verify" }) })] }), _jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "Verify Middleware (Python)" }), _jsx("pre", { children: _jsx("code", { children: "pip install botcha-verify" }) })] }), _jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "CLI" }), _jsx("pre", { children: _jsx("code", { children: "npm install -g @dupecom/botcha-cli" }) })] }), _jsxs("div", { class: "docs-install-card", children: [_jsx("div", { class: "docs-install-card-title", children: "Base URL" }), _jsx("pre", { children: _jsx("code", { children: "https://botcha.ai" }) })] })] })] }), _jsxs("section", { id: "quickstart", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Quick Start" }), _jsx("p", { class: "docs-section-desc", children: "Verify yourself as an AI agent in four steps. No registration required." }), _jsxs("div", { class: "docs-quickstart-step", children: [_jsx("span", { class: "docs-quickstart-num", children: "1" }), _jsxs("div", { class: "docs-quickstart-content", children: [_jsx("p", { children: "Get a challenge (hybrid by default \u2014 speed + reasoning)" }), _jsx("pre", { children: _jsx("code", { children: "curl https://botcha.ai/v1/challenges" }) })] })] }), _jsxs("div", { class: "docs-quickstart-step", children: [_jsx("span", { class: "docs-quickstart-num", children: "2" }), _jsxs("div", { class: "docs-quickstart-content", children: [_jsx("p", { children: "Solve the speed component: compute SHA-256 of each number, return first 8 hex chars" }), _jsx("pre", { children: _jsx("code", { children: `# For each problem.num, compute:
 echo -n "42" | sha256sum | cut -c1-8
 # => "73475cb4"` }) })] })] }), _jsxs("div", { class: "docs-quickstart-step", children: [_jsx("span", { class: "docs-quickstart-num", children: "3" }), _jsxs("div", { class: "docs-quickstart-content", children: [_jsx("p", { children: "Submit your solution" }), _jsx("pre", { children: _jsx("code", { children: `curl -X POST https://botcha.ai/v1/challenges/{id}/verify \\
   -H "Content-Type: application/json" \\
@@ -507,7 +507,7 @@ async with BotchaClient() as client:
   "operator": "my-company",
   "version": "1.0.0",
   "app_id": "app_..."
-}` }) })] }), _jsx(Endpoint, { method: "GET", path: "/v1/agents/:id", desc: "Get agent by ID (public, no auth)" }), _jsx(Endpoint, { method: "GET", path: "/v1/agents", desc: "List agents for your app (auth required)" })] }), _jsxs("section", { id: "tap", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "TAP (Trusted Agent Protocol)" }), _jsxs("p", { class: "docs-section-desc", children: ["Enterprise-grade cryptographic agent auth using HTTP Message Signatures (RFC 9421). Register agents with public keys, scope capabilities, and create time-limited sessions. Based on ", _jsx("a", { href: "https://developer.visa.com/capabilities/trusted-agent-protocol/overview", children: "Visa's TAP" }), "."] }), _jsxs(Endpoint, { method: "POST", path: "/v1/agents/register/tap", desc: "Register TAP agent with public key", children: [_jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{
+}` }) })] }), _jsx(Endpoint, { method: "GET", path: "/v1/agents/:id", desc: "Get agent by ID (public, no auth)" }), _jsx(Endpoint, { method: "GET", path: "/v1/agents", desc: "List agents for your app (auth required)" })] }), _jsxs("section", { id: "tap", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "TAP (Trusted Agent Protocol)" }), _jsxs("p", { class: "docs-section-desc", children: ["Enterprise-grade cryptographic agent auth using", ' ', _jsx("a", { href: "https://www.rfc-editor.org/rfc/rfc9421", target: "_blank", rel: "noopener", children: "HTTP Message Signatures (RFC 9421)" }), ". Register agents with public keys, scope capabilities, and create time-limited sessions. Based on ", _jsx("a", { href: "https://developer.visa.com/capabilities/trusted-agent-protocol/overview", target: "_blank", rel: "noopener", children: "Visa's TAP" }), "."] }), _jsxs(Endpoint, { method: "POST", path: "/v1/agents/register/tap", desc: "Register TAP agent with public key", children: [_jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{
   "name": "shopping-agent",
   "public_key": "<Ed25519 public key>",
   "signature_algorithm": "ed25519",
@@ -547,7 +547,150 @@ async with BotchaClient() as client:
   "category": "commerce",
   "action": "purchase_completed",
   "metadata": { "amount": 29.99 }
-}` }) })] }), _jsx(Endpoint, { method: "GET", path: "/v1/reputation/:agent_id/events", desc: "List events (?category=&limit=)" }), _jsx(Endpoint, { method: "POST", path: "/v1/reputation/:agent_id/reset", desc: "Reset reputation (admin)" })] }), _jsxs("section", { id: "invoices", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Invoices (402 Micropayments)" }), _jsx("p", { class: "docs-section-desc", children: "Create invoices for gated content using the 402 Payment Required flow. Supports Browsing IOU verification for agent commerce." }), _jsx(Endpoint, { method: "POST", path: "/v1/invoices", desc: "Create invoice for gated content" }), _jsx(Endpoint, { method: "GET", path: "/v1/invoices/:id", desc: "Get invoice details" }), _jsx(Endpoint, { method: "POST", path: "/v1/invoices/:id/verify-iou", desc: "Verify Browsing IOU" })] }), _jsxs("section", { id: "verification", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Verification" }), _jsx("p", { class: "docs-section-desc", children: "Cross-cutting verification endpoints for validating delegation chains, attestation tokens, consumer identities, and payment containers." }), _jsx(Endpoint, { method: "POST", path: "/v1/verify/delegation", desc: "Verify entire delegation chain" }), _jsx(Endpoint, { method: "POST", path: "/v1/verify/attestation", desc: "Verify attestation + check capability" }), _jsx(Endpoint, { method: "POST", path: "/v1/verify/consumer", desc: "Verify Agentic Consumer (Layer 2)" }), _jsx(Endpoint, { method: "POST", path: "/v1/verify/payment", desc: "Verify Payment Container (Layer 3)" })] }), _jsxs("section", { id: "discovery", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Discovery & Keys" }), _jsx("p", { class: "docs-section-desc", children: "Standard discovery endpoints for AI agents and key management infrastructure." }), _jsx(Endpoint, { method: "GET", path: "/.well-known/jwks", desc: "JWK Set for TAP agents (Visa spec)" }), _jsx(Endpoint, { method: "GET", path: "/v1/keys", desc: "List keys (?keyID= for Visa compat)" }), _jsx(Endpoint, { method: "GET", path: "/v1/keys/:keyId", desc: "Get specific key by ID" }), _jsx(Endpoint, { method: "GET", path: "/openapi.json", desc: "OpenAPI 3.1.0 specification" }), _jsx(Endpoint, { method: "GET", path: "/ai.txt", desc: "AI agent discovery file" }), _jsx(Endpoint, { method: "GET", path: "/.well-known/ai-plugin.json", desc: "AI plugin manifest" }), _jsx(Endpoint, { method: "GET", path: "/health", desc: "Health check" })] }), _jsxs("section", { id: "dashboard-auth", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Dashboard Auth" }), _jsx("p", { class: "docs-section-desc", children: "Agent-first authentication for the metrics dashboard. Agents solve challenges and generate device codes for their human operators." }), _jsx(Endpoint, { method: "POST", path: "/v1/auth/device-code", desc: "Get challenge for device code flow" }), _jsx(Endpoint, { method: "POST", path: "/v1/auth/device-code/verify", desc: "Solve challenge, get BOTCHA-XXXX code" }), _jsx(Endpoint, { method: "GET", path: "/dashboard", desc: "Metrics dashboard (login required)" })] }), _jsxs("section", { id: "ratelimits", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Rate Limits" }), _jsx("p", { class: "docs-section-desc", children: "Free tier includes generous rate limits. Each app gets an isolated rate limit bucket. Rate limit headers are included on every response." }), _jsxs("div", { class: "docs-rate-limit", children: [_jsxs("div", { class: "docs-rate-limit-item", children: [_jsx("div", { class: "docs-rate-limit-value", children: "100" }), "challenges / hour / IP"] }), _jsxs("div", { class: "docs-rate-limit-item", children: [_jsx("div", { class: "docs-rate-limit-value", children: "1 hr" }), "access token lifetime"] }), _jsxs("div", { class: "docs-rate-limit-item", children: [_jsx("div", { class: "docs-rate-limit-value", children: "1 hr" }), "refresh token lifetime"] })] }), _jsxs("div", { class: "docs-flow", children: [_jsx("div", { class: "docs-flow-title", children: "Response Headers" }), _jsx("pre", { children: _jsx("code", { children: `X-RateLimit-Limit: 100
+}` }) })] }), _jsx(Endpoint, { method: "GET", path: "/v1/reputation/:agent_id/events", desc: "List events (?category=&limit=)" }), _jsx(Endpoint, { method: "POST", path: "/v1/reputation/:agent_id/reset", desc: "Reset reputation (admin)" })] }), _jsxs("section", { id: "webhooks", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Webhooks" }), _jsxs("p", { class: "docs-section-desc", children: ["Register per-app webhook endpoints to receive signed event deliveries. Events are delivered as HTTP POST with an ", _jsx("code", { children: "X-Botcha-Signature" }), " header (HMAC-SHA256). Supported events: ", _jsx("code", { children: "agent.tap.registered" }), ", ", _jsx("code", { children: "token.created" }), ",", ' ', _jsx("code", { children: "token.revoked" }), ", ", _jsx("code", { children: "tap.session.created" }), ",", ' ', _jsx("code", { children: "delegation.created" }), ", ", _jsx("code", { children: "delegation.revoked" }), "."] }), _jsxs(Endpoint, { method: "POST", path: "/v1/webhooks", desc: "Register webhook endpoint", children: [_jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "url": "https://my-app.example/webhooks/botcha",
+  "events": ["token.created", "delegation.created"],
+  "app_id": "app_..."
+}` }) }), _jsx("div", { class: "docs-label", children: "Response" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "webhook_id": "wh_...",
+  "url": "https://my-app.example/webhooks/botcha",
+  "signing_secret": "whsec_...",  // shown ONCE — save it!
+  "events": ["token.created", "delegation.created"],
+  "enabled": true
+}` }) })] }), _jsx(Endpoint, { method: "GET", path: "/v1/webhooks", desc: "List webhooks for your app" }), _jsx(Endpoint, { method: "GET", path: "/v1/webhooks/:id", desc: "Get webhook details" }), _jsxs(Endpoint, { method: "PUT", path: "/v1/webhooks/:id", desc: "Update webhook (URL, events, enabled)", children: [_jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "url": "https://my-app.example/webhooks/botcha-v2",
+  "events": ["token.created", "tap.session.created"],
+  "enabled": true
+}` }) })] }), _jsx(Endpoint, { method: "DELETE", path: "/v1/webhooks/:id", desc: "Delete webhook + secret + delivery logs" }), _jsxs(Endpoint, { method: "POST", path: "/v1/webhooks/:id/test", desc: "Send signed test event", children: [_jsx("p", { children: "Sends a test payload to your endpoint so you can verify signature verification logic." }), _jsx("div", { class: "docs-label", children: "Response" }), _jsx("pre", { children: _jsx("code", { children: `{ "success": true, "delivery_id": "dlv_..." }` }) })] }), _jsx(Endpoint, { method: "GET", path: "/v1/webhooks/:id/deliveries", desc: "List last 100 delivery attempts" }), _jsxs("div", { class: "docs-flow", children: [_jsx("div", { class: "docs-flow-title", children: "Signature Verification (Node.js)" }), _jsx("pre", { children: _jsx("code", { children: `import crypto from 'crypto';
+
+function verifyBotchaWebhook(body: string, signature: string, secret: string): boolean {
+  const expected = crypto
+    .createHmac('sha256', secret)
+    .update(body)
+    .digest('hex');
+  return crypto.timingSafeEqual(
+    Buffer.from(signature),
+    Buffer.from(expected)
+  );
+}` }) })] })] }), _jsxs("section", { id: "x402", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "x402 Payment Gating" }), _jsxs("p", { class: "docs-section-desc", children: [_jsx("a", { href: "https://x402.org/", target: "_blank", rel: "noopener", children: "x402" }), " micropayment flow using USDC on Base. Agents pay $0.001 USDC instead of solving a challenge. Full x402 standard compatibility \u2014 no puzzle required when payment proof is included."] }), _jsxs("div", { class: "docs-flow", children: [_jsx("div", { class: "docs-flow-title", children: "x402 Payment Flow" }), _jsxs("div", { class: "docs-flow-step", children: [_jsx("span", { class: "docs-flow-arrow", children: "1." }), _jsxs("span", { children: [_jsx("code", { children: "GET /v1/x402/challenge" }), " \u2014 receive 402 with payment terms"] })] }), _jsxs("div", { class: "docs-flow-step", children: [_jsx("span", { class: "docs-flow-arrow", children: "2." }), _jsx("span", { children: "Agent pays $0.001 USDC on Base to BOTCHA's address" })] }), _jsxs("div", { class: "docs-flow-step", children: [_jsx("span", { class: "docs-flow-arrow", children: "3." }), _jsxs("span", { children: ["Retry with ", _jsx("code", { children: "X-Payment: <proof>" }), " header"] })] }), _jsxs("div", { class: "docs-flow-step", children: [_jsx("span", { class: "docs-flow-arrow", children: "4." }), _jsxs("span", { children: ["Receive ", _jsx("code", { children: "access_token" }), " \u2014 no puzzle solved"] })] })] }), _jsxs(Endpoint, { method: "GET", path: "/v1/x402/info", desc: "Payment config discovery", children: [_jsx("div", { class: "docs-label", children: "Response" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "amount": "0.001",
+  "currency": "USDC",
+  "chain": "base",
+  "recipient": "0xBOTCHA..."
+}` }) })] }), _jsx(Endpoint, { method: "GET", path: "/v1/x402/challenge", desc: "Initiate x402 payment flow", children: _jsxs("p", { children: ["Returns a ", _jsx("code", { children: "402 Payment Required" }), " with payment terms on first call. Re-request with ", _jsx("code", { children: "X-Payment" }), " header to receive a BOTCHA token."] }) }), _jsxs(Endpoint, { method: "POST", path: "/v1/x402/verify-payment", desc: "Verify raw x402 payment proof", children: [_jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{ "payment_proof": "0x...", "chain": "base" }` }) })] }), _jsx(Endpoint, { method: "POST", path: "/v1/x402/webhook", desc: "Settlement notifications from x402 facilitators" }), _jsx(Endpoint, { method: "GET", path: "/agent-only/x402", desc: "Demo: requires BOTCHA token AND x402 payment" })] }), _jsxs("section", { id: "ans", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Agent Name Service (ANS)" }), _jsxs("p", { class: "docs-section-desc", children: ["BOTCHA as a verification layer for the", ' ', _jsx("a", { href: "https://www.godaddy.com/engineering/2024/12/16/agent-name-service/", target: "_blank", rel: "noopener", children: "GoDaddy-led ANS standard" }), ". DNS-based agent identity lookup with BOTCHA-issued ownership badges."] }), _jsx(Endpoint, { method: "GET", path: "/v1/ans/botcha", desc: "BOTCHA's own ANS identity record" }), _jsxs(Endpoint, { method: "GET", path: "/v1/ans/resolve/:name", desc: "DNS-based ANS lookup by name", children: [_jsx("p", { children: "Resolves an agent name to its ANS record via DNS TXT lookup." }), _jsx("div", { class: "docs-label", children: "Response Example" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "name": "my-agent.agents",
+  "agent_url": "https://myagent.example",
+  "botcha_verified": true,
+  "badge": "eyJ..."
+}` }) })] }), _jsx(Endpoint, { method: "GET", path: "/v1/ans/resolve/lookup", desc: "Alternate DNS lookup via ?name= query param" }), _jsx(Endpoint, { method: "GET", path: "/v1/ans/discover", desc: "List BOTCHA-verified ANS agents" }), _jsx(Endpoint, { method: "GET", path: "/v1/ans/nonce/:name", desc: "Get nonce for ownership proof (auth required)", children: _jsxs("p", { children: ["Requires ", _jsx("code", { children: "Authorization: Bearer" }), " token. Returns a one-time nonce for ownership verification."] }) }), _jsxs(Endpoint, { method: "POST", path: "/v1/ans/verify", desc: "Verify ANS ownership \u2192 issue BOTCHA badge", children: [_jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "name": "my-agent.agents",
+  "agent_url": "https://myagent.example",
+  "nonce": "<nonce from GET /v1/ans/nonce/:name>",
+  "proof": "<signed nonce>"
+}` }) }), _jsx("div", { class: "docs-label", children: "Response" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "success": true,
+  "badge": "eyJ...",  // BOTCHA-issued ANS badge JWT
+  "name": "my-agent.agents"
+}` }) })] })] }), _jsxs("section", { id: "didvc", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "DID / Verifiable Credentials" }), _jsxs("p", { class: "docs-section-desc", children: ["BOTCHA as a", ' ', _jsx("a", { href: "https://www.w3.org/TR/did-core/", target: "_blank", rel: "noopener", children: "W3C DID" }), ' ', "/", ' ', _jsx("a", { href: "https://www.w3.org/TR/vc-data-model/", target: "_blank", rel: "noopener", children: "VC" }), ' ', "issuer (", _jsx("code", { children: "did:web:botcha.ai" }), "). Issues portable W3C Verifiable Credential JWTs that any party can verify without contacting BOTCHA \u2014 just resolve the DID Document and check against the JWKS."] }), _jsxs("div", { class: "docs-flow", children: [_jsx("div", { class: "docs-flow-title", children: "VC Issuance Flow" }), _jsxs("div", { class: "docs-flow-step", children: [_jsx("span", { class: "docs-flow-arrow", children: "1." }), _jsx("span", { children: "Solve a BOTCHA challenge \u2192 receive Bearer token" })] }), _jsxs("div", { class: "docs-flow-step", children: [_jsx("span", { class: "docs-flow-arrow", children: "2." }), _jsxs("span", { children: [_jsx("code", { children: "POST /v1/credentials/issue" }), " \u2192 receive VC JWT"] })] }), _jsxs("div", { class: "docs-flow-step", children: [_jsx("span", { class: "docs-flow-arrow", children: "3." }), _jsx("span", { children: "Present VC JWT to any relying party" })] }), _jsxs("div", { class: "docs-flow-step", children: [_jsx("span", { class: "docs-flow-arrow", children: "4." }), _jsxs("span", { children: ["Relying party verifies via ", _jsx("code", { children: "POST /v1/credentials/verify" }), " (or local JWK verification)"] })] })] }), _jsxs(Endpoint, { method: "GET", path: "/.well-known/did.json", desc: "BOTCHA DID Document (did:web:botcha.ai)", children: [_jsx("div", { class: "docs-label", children: "Response Shape" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "@context": ["https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/jws-2020/v1"],
+  "id": "did:web:botcha.ai",
+  "verificationMethod": [{
+    "id": "did:web:botcha.ai#key-1",
+    "type": "JsonWebKey2020",
+    "controller": "did:web:botcha.ai",
+    "publicKeyJwk": { ... }
+  }],
+  "authentication": ["did:web:botcha.ai#key-1"],
+  "assertionMethod": ["did:web:botcha.ai#key-1"]
+}` }) })] }), _jsx(Endpoint, { method: "GET", path: "/.well-known/jwks", desc: "JWK Set (used for VC verification)" }), _jsx(Endpoint, { method: "GET", path: "/.well-known/jwks.json", desc: "JWK Set alias (some resolvers append .json)" }), _jsxs(Endpoint, { method: "POST", path: "/v1/credentials/issue", desc: "Issue a W3C VC JWT", children: [_jsxs("p", { children: ["Requires ", _jsx("code", { children: "Authorization: Bearer <botcha-token>" }), "."] }), _jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "subject": {
+    "agentType": "llm",
+    "verifiedAt": "2026-02-20T00:00:00Z"
+  },
+  "type": ["VerifiableCredential", "BotchaVerification"],
+  "ttl_seconds": 3600
+}` }) }), _jsx("div", { class: "docs-label", children: "Response" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "vc": "eyJ...",  // signed W3C VC JWT
+  "expires_at": 1770940000
+}` }) })] }), _jsxs(Endpoint, { method: "POST", path: "/v1/credentials/verify", desc: "Verify any BOTCHA-issued VC JWT", children: [_jsx("p", { children: "Public endpoint \u2014 no auth required. Verifies signature and expiry." }), _jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{ "vc": "eyJ..." }` }) }), _jsx("div", { class: "docs-label", children: "Response" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "valid": true,
+  "payload": {
+    "iss": "did:web:botcha.ai",
+    "sub": "agent_abc123",
+    "vc": { "type": ["VerifiableCredential", "BotchaVerification"], ... }
+  }
+}` }) })] }), _jsx(Endpoint, { method: "GET", path: "/v1/dids/:did/resolve", desc: "Resolve did:web DIDs", children: _jsxs("p", { children: ["Resolves any ", _jsx("code", { children: "did:web" }), " DID to its DID Document via HTTP discovery."] }) })] }), _jsxs("section", { id: "a2a", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "A2A Agent Card Attestation" }), _jsxs("p", { class: "docs-section-desc", children: ["BOTCHA as a trust seal issuer for the", ' ', _jsx("a", { href: "https://google.github.io/A2A/", target: "_blank", rel: "noopener", children: "Google A2A protocol" }), ". Any agent with an A2A Agent Card can submit it to BOTCHA for a tamper-evident trust seal that third parties can verify without contacting BOTCHA again."] }), _jsx(Endpoint, { method: "GET", path: "/.well-known/agent.json", desc: "BOTCHA's own A2A Agent Card" }), _jsx(Endpoint, { method: "GET", path: "/v1/a2a/agent-card", desc: "BOTCHA's A2A Agent Card (alias)" }), _jsxs(Endpoint, { method: "POST", path: "/v1/a2a/attest", desc: "Attest an agent card \u2192 receive trust seal", children: [_jsxs("p", { children: ["Requires ", _jsx("code", { children: "Authorization: Bearer" }), " token."] }), _jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "card": {
+    "name": "My Commerce Agent",
+    "url": "https://myagent.example",
+    "version": "1.0.0",
+    "capabilities": { "streaming": false },
+    "skills": [{ "id": "browse", "name": "Browse" }]
+  },
+  "duration_seconds": 86400,
+  "trust_level": "verified"
+}` }) }), _jsx("div", { class: "docs-label", children: "Response" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "success": true,
+  "attestation": {
+    "attestation_id": "...",
+    "trust_level": "verified",
+    "token": "eyJ..."
+  },
+  "attested_card": {
+    "name": "My Commerce Agent",
+    "extensions": {
+      "botcha_attestation": { "token": "eyJ...", "card_hash": "..." }
+    }
+  }
+}` }) })] }), _jsxs(Endpoint, { method: "POST", path: "/v1/a2a/verify-card", desc: "Verify an attested card (tamper-evident check)", children: [_jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "card": {
+    "...": "...",
+    "extensions": { "botcha_attestation": { "token": "eyJ..." } }
+  }
+}` }) })] }), _jsx(Endpoint, { method: "POST", path: "/v1/a2a/verify-agent", desc: "Verify agent by card or agent_url" }), _jsx(Endpoint, { method: "GET", path: "/v1/a2a/trust-level/:agent_url", desc: "Get current trust level for an agent URL" }), _jsx(Endpoint, { method: "GET", path: "/v1/a2a/cards", desc: "Registry browse \u2014 list all attested cards" }), _jsx(Endpoint, { method: "GET", path: "/v1/a2a/cards/:id", desc: "Get specific attested card by ID" })] }), _jsxs("section", { id: "oidca", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "OIDC-A Attestation" }), _jsxs("p", { class: "docs-section-desc", children: ["Enterprise agent authentication chains using", ' ', _jsx("a", { href: "https://www.rfc-editor.org/rfc/rfc9334", target: "_blank", rel: "noopener", children: "Entity Attestation Tokens (EAT / RFC 9334)" }), ' ', "and", ' ', _jsx("a", { href: "https://openid.net/specs/openid-connect-core-1_0.html", target: "_blank", rel: "noopener", children: "OIDC-A" }), ' ', "agent claims. Enables the chain: human \u2192 enterprise IdP \u2192 BOTCHA \u2192 agent."] }), _jsx(Endpoint, { method: "GET", path: "/.well-known/oauth-authorization-server", desc: "OAuth/OIDC-A discovery document" }), _jsxs(Endpoint, { method: "POST", path: "/v1/attestation/eat", desc: "Issue Entity Attestation Token (EAT)", children: [_jsxs("p", { children: ["Requires ", _jsx("code", { children: "Authorization: Bearer" }), " token. Returns a signed ", _jsx("a", { href: "https://www.rfc-editor.org/rfc/rfc9334", target: "_blank", rel: "noopener", children: "EAT JWT (RFC 9334)" }), " for presentation to relying parties."] }), _jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "nonce": "optional-client-nonce",
+  "agent_model": "gpt-5",
+  "ttl_seconds": 900,
+  "verification_method": "speed-challenge"
+}` }) }), _jsx("div", { class: "docs-label", children: "Response" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "token": "eyJ...",  // EAT JWT (RFC 9334)
+  "expires_at": 1770937000
+}` }) })] }), _jsxs(Endpoint, { method: "POST", path: "/v1/attestation/oidc-agent-claims", desc: "Issue OIDC-A agent claims block", children: [_jsxs("p", { children: ["Returns an ", _jsx("a", { href: "https://openid.net/specs/openid-connect-core-1_0.html", target: "_blank", rel: "noopener", children: "OIDC-A" }), " claims block JWT suitable for inclusion in OAuth2 token responses."] }), _jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "agent_model": "gpt-5",
+  "agent_version": "1.0.0",
+  "agent_capabilities": ["agent:tool-use"],
+  "agent_operator": "Acme Corp",
+  "human_oversight_required": true,
+  "task_id": "task-123",
+  "task_purpose": "invoice reconciliation",
+  "nonce": "optional-client-nonce"
+}` }) })] }), _jsxs(Endpoint, { method: "POST", path: "/v1/auth/agent-grant", desc: "Initiate OAuth2-style agent grant flow", children: [_jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "scope": "agent:read openid",
+  "human_oversight_required": true,
+  "agent_model": "gpt-5",
+  "agent_operator": "Acme Corp",
+  "task_purpose": "invoice reconciliation"
+}` }) }), _jsx("div", { class: "docs-label", children: "Response" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "grant_id": "grant_...",
+  "token": "eyJ...",       // signed grant token
+  "status": "pending",
+  "oversight_url": "https://botcha.ai/oversight/GRANT-XXXX"
+}` }) })] }), _jsx(Endpoint, { method: "GET", path: "/v1/auth/agent-grant/:id/status", desc: "Poll agent grant status" }), _jsxs(Endpoint, { method: "POST", path: "/v1/auth/agent-grant/:id/resolve", desc: "Approve or reject grant", children: [_jsx("div", { class: "docs-label", children: "Request Body" }), _jsx("pre", { children: _jsx("code", { children: `{ "decision": "approved" }` }) })] }), _jsx(Endpoint, { method: "GET", path: "/v1/oidc/userinfo", desc: "OIDC-A UserInfo endpoint", children: _jsxs("p", { children: ["Requires ", _jsx("code", { children: "Authorization: Bearer" }), " token. Returns OIDC-A UserInfo claims for the authenticated agent."] }) })] }), _jsxs("section", { id: "invoices", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Invoices (402 Micropayments)" }), _jsx("p", { class: "docs-section-desc", children: "Create invoices for gated content using the 402 Payment Required flow. Supports Browsing IOU verification for agent commerce." }), _jsx(Endpoint, { method: "POST", path: "/v1/invoices", desc: "Create invoice for gated content" }), _jsx(Endpoint, { method: "GET", path: "/v1/invoices/:id", desc: "Get invoice details" }), _jsx(Endpoint, { method: "POST", path: "/v1/invoices/:id/verify-iou", desc: "Verify Browsing IOU" })] }), _jsxs("section", { id: "verification", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Verification" }), _jsx("p", { class: "docs-section-desc", children: "Cross-cutting verification endpoints for validating delegation chains, attestation tokens, consumer identities, and payment containers." }), _jsx(Endpoint, { method: "POST", path: "/v1/verify/delegation", desc: "Verify entire delegation chain" }), _jsx(Endpoint, { method: "POST", path: "/v1/verify/attestation", desc: "Verify attestation + check capability" }), _jsx(Endpoint, { method: "POST", path: "/v1/verify/consumer", desc: "Verify Agentic Consumer (Layer 2)" }), _jsx(Endpoint, { method: "POST", path: "/v1/verify/payment", desc: "Verify Payment Container (Layer 3)" })] }), _jsxs("section", { id: "discovery", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Discovery & Keys" }), _jsx("p", { class: "docs-section-desc", children: "Standard discovery endpoints for AI agents and key management infrastructure." }), _jsx(Endpoint, { method: "GET", path: "/.well-known/jwks", desc: "JWK Set for TAP agents (Visa spec)" }), _jsx(Endpoint, { method: "GET", path: "/v1/keys", desc: "List keys (?keyID= for Visa compat)" }), _jsx(Endpoint, { method: "GET", path: "/v1/keys/:keyId", desc: "Get specific key by ID" }), _jsx(Endpoint, { method: "GET", path: "/openapi.json", desc: "OpenAPI 3.1.0 specification" }), _jsx(Endpoint, { method: "GET", path: "/ai.txt", desc: "AI agent discovery file" }), _jsx(Endpoint, { method: "GET", path: "/.well-known/ai-plugin.json", desc: "AI plugin manifest" }), _jsx(Endpoint, { method: "GET", path: "/health", desc: "Health check" })] }), _jsxs("section", { id: "mcp", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "MCP Server" }), _jsxs("p", { class: "docs-section-desc", children: ["BOTCHA exposes its full API reference as a", ' ', _jsx("a", { href: "https://modelcontextprotocol.io/specification/2025-03-26", target: "_blank", rel: "noopener", children: "Model Context Protocol (MCP 2025-03-26)" }), ' ', "server. Point any MCP-compatible client at", ' ', _jsx("code", { children: "https://botcha.ai/mcp" }), " to ask questions about features, endpoints, and get code examples. No authentication required \u2014 it's a read-only documentation server."] }), _jsx(Endpoint, { method: "GET", path: "/.well-known/mcp.json", desc: "MCP discovery document \u2014 lists server name, version, transport, and available tools" }), _jsx(Endpoint, { method: "GET", path: "/mcp", desc: "MCP server info (server name, version, tool list) \u2014 useful for debugging" }), _jsx(Endpoint, { method: "POST", path: "/mcp", desc: "MCP JSON-RPC 2.0 endpoint \u2014 all tool calls go here" }), _jsx("h3", { class: "docs-subsection-title", style: "margin-top: 1.5rem;", children: "Available Tools" }), _jsx("div", { class: "docs-table-wrap", children: _jsxs("table", { class: "docs-table", children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Tool" }), _jsx("th", { children: "Description" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: _jsx("code", { children: "list_features" }) }), _jsx("td", { children: "List all 17 BOTCHA features with category and summary" })] }), _jsxs("tr", { children: [_jsx("td", { children: _jsx("code", { children: "get_feature" }) }), _jsx("td", { children: "Full detail on a feature \u2014 endpoints, spec links, usage notes" })] }), _jsxs("tr", { children: [_jsx("td", { children: _jsx("code", { children: "search_docs" }) }), _jsx("td", { children: "Keyword search across all features and endpoint descriptions" })] }), _jsxs("tr", { children: [_jsx("td", { children: _jsx("code", { children: "list_endpoints" }) }), _jsx("td", { children: "All 25+ API endpoints grouped by category" })] }), _jsxs("tr", { children: [_jsx("td", { children: _jsx("code", { children: "get_endpoint" }) }), _jsx("td", { children: "Auth requirements, parameters, request/response shape for one endpoint" })] }), _jsxs("tr", { children: [_jsx("td", { children: _jsx("code", { children: "get_example" }) }), _jsx("td", { children: "Code example for a feature in TypeScript, Python, or curl" })] })] })] }) }), _jsx("h3", { class: "docs-subsection-title", style: "margin-top: 1.5rem;", children: "Quick Start" }), _jsx("p", { class: "docs-section-desc", children: "Add to your Claude Desktop or Claude Code config:" }), _jsx("pre", { children: _jsx("code", { children: `{
+  "mcpServers": {
+    "botcha": {
+      "type": "http",
+      "url": "https://botcha.ai/mcp"
+    }
+  }
+}` }) }), _jsx("p", { class: "docs-section-desc", style: "margin-top: 1rem;", children: "Or call it directly with curl:" }), _jsx("pre", { children: _jsx("code", { children: `# List all features
+curl -X POST https://botcha.ai/mcp \\
+  -H "Content-Type: application/json" \\
+  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"list_features","arguments":{}}}'
+
+# Get code example in Python
+curl -X POST https://botcha.ai/mcp \\
+  -H "Content-Type: application/json" \\
+  -d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"get_example","arguments":{"feature":"tap","language":"python"}}}'` }) })] }), _jsxs("section", { id: "dashboard-auth", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Dashboard Auth" }), _jsx("p", { class: "docs-section-desc", children: "Agent-first authentication for the metrics dashboard. Agents solve challenges and generate device codes for their human operators." }), _jsx(Endpoint, { method: "POST", path: "/v1/auth/device-code", desc: "Get challenge for device code flow" }), _jsx(Endpoint, { method: "POST", path: "/v1/auth/device-code/verify", desc: "Solve challenge, get BOTCHA-XXXX code" }), _jsx(Endpoint, { method: "GET", path: "/dashboard", desc: "Metrics dashboard (login required)" })] }), _jsxs("section", { id: "ratelimits", class: "docs-section", children: [_jsx("h2", { class: "docs-section-title", children: "Rate Limits" }), _jsx("p", { class: "docs-section-desc", children: "Free tier includes generous rate limits. Each app gets an isolated rate limit bucket. Rate limit headers are included on every response." }), _jsxs("div", { class: "docs-rate-limit", children: [_jsxs("div", { class: "docs-rate-limit-item", children: [_jsx("div", { class: "docs-rate-limit-value", children: "100" }), "challenges / hour / IP"] }), _jsxs("div", { class: "docs-rate-limit-item", children: [_jsx("div", { class: "docs-rate-limit-value", children: "1 hr" }), "access token lifetime"] }), _jsxs("div", { class: "docs-rate-limit-item", children: [_jsx("div", { class: "docs-rate-limit-value", children: "1 hr" }), "refresh token lifetime"] })] }), _jsxs("div", { class: "docs-flow", children: [_jsx("div", { class: "docs-flow-title", children: "Response Headers" }), _jsx("pre", { children: _jsx("code", { children: `X-RateLimit-Limit: 100
 X-RateLimit-Remaining: 97
 X-RateLimit-Reset: 2026-02-15T12:00:00.000Z
 X-Botcha-Version: ${version}

package/dist/dashboard/layout.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"layout.d.ts","sourceRoot":"","sources":["../../src/dashboard/layout.tsx"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAKtD;;;;GAIG;AACH,eAAO,MAAM,MAAM,EAAE,EAAE,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAuBA,CAAC;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,IAAI,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAmBzF,CAAC;AAIF;;;GAGG;AACH,eAAO,MAAM,YAAY,EAAE,EAAE,CAAC;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAmCjD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,EAAE,EAAE,CAAC;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAExC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAqCvG,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwBnF,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,aAAa,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAiDpE,CAAC"}
+{"version":3,"file":"layout.d.ts","sourceRoot":"","sources":["../../src/dashboard/layout.tsx"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAKtD;;;;GAIG;AACH,eAAO,MAAM,MAAM,EAAE,EAAE,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAuBA,CAAC;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,IAAI,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAmBzF,CAAC;AAIF;;;GAGG;AACH,eAAO,MAAM,YAAY,EAAE,EAAE,CAAC;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAmCjD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,EAAE,EAAE,CAAC;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAExC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAsCvG,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwBnF,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,aAAa,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAiDpE,CAAC"}

package/dist/dashboard/layout.js

@@ -32,7 +32,7 @@ export const Card = ({ children, title, badge, class: className, }) => {
  */
 export const GlobalFooter = ({ version = '0.15.0' }) => {
     const year = new Date().getFullYear();
-    return (_jsx("footer", { class: "global-footer", children: _jsxs("div", { class: "global-footer-inner", children: [_jsx("a", { href: "/dashboard", class: "global-footer-dashboard", children: "Dashboard" }), _jsxs("div", { class: "global-footer-links", children: [_jsxs("span", { children: ["v", version] }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://botcha.ai", children: "botcha.ai" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "/docs", children: "Docs" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "/whitepaper", children: "Whitepaper" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "/openapi.json", children: "OpenAPI" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "/ai.txt", children: "ai.txt" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://github.com/dupe-com/botcha", children: "GitHub" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://www.npmjs.com/package/@dupecom/botcha", children: "npm" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://pypi.org/project/botcha/", children: "PyPI" })] }), _jsxs("div", { class: "global-footer-legal", children: ["\u00A9 ", year, " ", _jsx("a", { href: "https://dupe.com", children: "Dupe.com" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), "Free and open source", _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://github.com/i8ramin", children: "@i8ramin" })] })] }) }));
+    return (_jsx("footer", { class: "global-footer", children: _jsxs("div", { class: "global-footer-inner", children: [_jsx("a", { href: "/account", class: "global-footer-dashboard", children: "Account" }), _jsxs("div", { class: "global-footer-links", children: [_jsxs("span", { children: ["v", version] }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://botcha.ai", children: "botcha.ai" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "/docs", children: "Docs" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "/whitepaper", children: "Whitepaper" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "/openapi.json", children: "OpenAPI" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "/ai.txt", children: "ai.txt" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://github.com/dupe-com/botcha", children: "GitHub" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://www.npmjs.com/package/@dupecom/botcha", children: "npm" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://pypi.org/project/botcha/", children: "PyPI" })] }), _jsxs("div", { class: "global-footer-legal", children: ["\u00A9 ", year, " ", _jsx("a", { href: "https://dupe.com", children: "Dupe.com" }), _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), "Free and open source", _jsx("span", { class: "global-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://github.com/i8ramin", children: "@i8ramin" })] })] }) }));
 };
 /**
  * Divider with centered text, used between sections on auth pages.
@@ -43,7 +43,7 @@ export const Divider = ({ text }) => (_jsx("div", { class: "divider", children:
  * Used for authenticated dashboard pages
  */
 export const DashboardLayout = ({ children, title, appId, version }) => {
-    return (_jsxs("html", { lang: "en", children: [_jsxs("head", { children: [_jsx("meta", { charset: "utf-8" }), _jsx("meta", { name: "viewport", content: "width=device-width, initial-scale=1" }), _jsx("title", { children: title || 'BOTCHA Dashboard' }), _jsx(OGMeta, { url: "https://botcha.ai/dashboard" }), _jsx("link", { rel: "preconnect", href: "https://fonts.googleapis.com" }), _jsx("link", { href: "https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500;600;700&display=swap", rel: "stylesheet" }), _jsx("style", { dangerouslySetInnerHTML: { __html: DASHBOARD_CSS } }), _jsx("script", { src: "https://unpkg.com/htmx.org@2.0.4" })] }), _jsxs("body", { children: [_jsx("nav", { class: "dashboard-nav", children: _jsxs("div", { class: "nav-container", children: [_jsx("a", { href: "/dashboard", class: "nav-logo", children: "BOTCHA" }), appId && (_jsxs(_Fragment, { children: [_jsx("span", { class: "nav-app-id", children: appId }), _jsx("a", { href: "/dashboard/logout", class: "nav-link", children: "Logout" })] }))] }) }), _jsx("main", { class: "dashboard-main", children: children }), _jsx(GlobalFooter, { version: version })] })] }));
+    return (_jsxs("html", { lang: "en", children: [_jsxs("head", { children: [_jsx("meta", { charset: "utf-8" }), _jsx("meta", { name: "viewport", content: "width=device-width, initial-scale=1" }), _jsx("title", { children: title || 'BOTCHA Dashboard' }), _jsx(OGMeta, { url: "https://botcha.ai/dashboard" }), _jsx("link", { rel: "preconnect", href: "https://fonts.googleapis.com" }), _jsx("link", { href: "https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500;600;700&display=swap", rel: "stylesheet" }), _jsx("style", { dangerouslySetInnerHTML: { __html: DASHBOARD_CSS } }), _jsx("script", { src: "https://unpkg.com/htmx.org@2.0.4" })] }), _jsxs("body", { children: [_jsx("nav", { class: "dashboard-nav", children: _jsxs("div", { class: "nav-container", children: [_jsx("a", { href: "/dashboard", class: "nav-logo", children: "BOTCHA" }), appId && (_jsxs(_Fragment, { children: [_jsx("span", { class: "nav-app-id", children: appId }), _jsx("a", { href: "/account", class: "nav-link", children: "Account" }), _jsx("a", { href: "/dashboard/logout", class: "nav-link", children: "Logout" })] }))] }) }), _jsx("main", { class: "dashboard-main", children: children }), _jsx(GlobalFooter, { version: version })] })] }));
 };
 /**
  * Login/auth layout without navigation

package/dist/dashboard/mcp-setup.d.ts

@@ -0,0 +1,15 @@
+/**
+ * BOTCHA MCP Setup Page
+ *
+ * Served at GET /mcp for browser (HTML) requests via content negotiation.
+ * MCP clients hitting POST /mcp get the JSON-RPC server instead.
+ *
+ * Shows one-liner install commands and per-tool config snippets with
+ * copy-to-clipboard buttons for Claude Code, Claude Desktop, OpenCode,
+ * Cursor, Windsurf, and generic .mcp.json.
+ */
+import type { FC } from 'hono/jsx';
+export declare const MCPSetupPage: FC<{
+    version?: string;
+}>;
+//# sourceMappingURL=mcp-setup.d.ts.map

package/dist/dashboard/mcp-setup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-setup.d.ts","sourceRoot":"","sources":["../../src/dashboard/mcp-setup.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,UAAU,CAAC;AAgXnC,eAAO,MAAM,YAAY,EAAE,EAAE,CAAC;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAkQjD,CAAC"}