@forum-labs/payfetch 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +467 -0
- package/dist/bin/payfetch-mcp.d.ts +2 -0
- package/dist/bin/payfetch-mcp.js +9 -0
- package/dist/bin/payfetch.d.ts +2 -0
- package/dist/bin/payfetch.js +126 -0
- package/dist/src/config.d.ts +35 -0
- package/dist/src/config.js +170 -0
- package/dist/src/core/budget.d.ts +62 -0
- package/dist/src/core/budget.js +236 -0
- package/dist/src/core/constants.d.ts +66 -0
- package/dist/src/core/constants.js +115 -0
- package/dist/src/core/fs.d.ts +14 -0
- package/dist/src/core/fs.js +104 -0
- package/dist/src/core/integrity.d.ts +23 -0
- package/dist/src/core/integrity.js +150 -0
- package/dist/src/core/ledger.d.ts +149 -0
- package/dist/src/core/ledger.js +357 -0
- package/dist/src/core/notes.d.ts +22 -0
- package/dist/src/core/notes.js +24 -0
- package/dist/src/core/pipeline.d.ts +143 -0
- package/dist/src/core/pipeline.js +795 -0
- package/dist/src/core/policy.d.ts +57 -0
- package/dist/src/core/policy.js +224 -0
- package/dist/src/core/transport.d.ts +93 -0
- package/dist/src/core/transport.js +364 -0
- package/dist/src/guards/index.d.ts +4 -0
- package/dist/src/guards/index.js +3 -0
- package/dist/src/guards/internal.d.ts +17 -0
- package/dist/src/guards/internal.js +74 -0
- package/dist/src/guards/safety.d.ts +2 -0
- package/dist/src/guards/safety.js +94 -0
- package/dist/src/guards/trust.d.ts +2 -0
- package/dist/src/guards/trust.js +79 -0
- package/dist/src/guards/types.d.ts +59 -0
- package/dist/src/guards/types.js +20 -0
- package/dist/src/index.d.ts +58 -0
- package/dist/src/index.js +151 -0
- package/dist/src/mcp/server.d.ts +6 -0
- package/dist/src/mcp/server.js +125 -0
- package/dist/src/mcp/tools.d.ts +46 -0
- package/dist/src/mcp/tools.js +321 -0
- package/dist/src/payer/mpp.d.ts +7 -0
- package/dist/src/payer/mpp.js +13 -0
- package/dist/src/payer/parse402.d.ts +6 -0
- package/dist/src/payer/parse402.js +169 -0
- package/dist/src/payer/signer_cdp.d.ts +14 -0
- package/dist/src/payer/signer_cdp.js +64 -0
- package/dist/src/payer/signer_local.d.ts +8 -0
- package/dist/src/payer/signer_local.js +14 -0
- package/dist/src/payer/types.d.ts +99 -0
- package/dist/src/payer/types.js +10 -0
- package/dist/src/payer/x402.d.ts +23 -0
- package/dist/src/payer/x402.js +165 -0
- package/dist/src/report/report.d.ts +162 -0
- package/dist/src/report/report.js +220 -0
- package/mcpb/manifest.json +104 -0
- package/package.json +72 -0
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
{
|
|
2
|
+
"manifest_version": "0.2",
|
|
3
|
+
"name": "payfetch",
|
|
4
|
+
"display_name": "payfetch",
|
|
5
|
+
"version": "1.0.0",
|
|
6
|
+
"description": "Buy-side paying-fetch client: fetch URLs and pay HTTP 402 (x402) paywalls automatically, under operator-owned spending policy (caps, allow/deny lists, human approval, trust checks, receipts). Non-custodial — bring your own wallet.",
|
|
7
|
+
"long_description": "payfetch lets an AI agent fetch a URL and, if it returns HTTP 402 (x402 protocol), pay for it automatically WITHIN a policy the operator controls: per-call / per-day / per-host / lifetime spend caps, host allow/deny lists, a human-approval threshold, a default-ON trust check against the Forum Labs trust API, and an immutable local receipt for every attempt. The agent can never raise its own limits. Keys are never transmitted or logged. Directory submission is not offered (payment connectors are policy-blocked); this bundle is for MANUAL install only.",
|
|
8
|
+
"author": {
|
|
9
|
+
"name": "Forum Labs"
|
|
10
|
+
},
|
|
11
|
+
"server": {
|
|
12
|
+
"type": "node",
|
|
13
|
+
"entry_point": "server/payfetch-mcp.mjs",
|
|
14
|
+
"mcp_config": {
|
|
15
|
+
"command": "node",
|
|
16
|
+
"args": ["${__dirname}/server/payfetch-mcp.mjs"],
|
|
17
|
+
"env": {
|
|
18
|
+
"PAYFETCH_PRIVATE_KEY": "${user_config.private_key}",
|
|
19
|
+
"PAYFETCH_KEY_FILE": "${user_config.key_file}",
|
|
20
|
+
"PAYFETCH_CDP_API_KEY_ID": "${user_config.cdp_api_key_id}",
|
|
21
|
+
"PAYFETCH_CDP_API_KEY_SECRET": "${user_config.cdp_api_key_secret}",
|
|
22
|
+
"PAYFETCH_CDP_WALLET_SECRET": "${user_config.cdp_wallet_secret}",
|
|
23
|
+
"PAYFETCH_CDP_ACCOUNT_NAME": "${user_config.cdp_account_name}",
|
|
24
|
+
"PAYFETCH_DATA_DIR": "${user_config.data_dir}",
|
|
25
|
+
"PAYFETCH_TEST_MODE": "${user_config.test_mode}",
|
|
26
|
+
"PAYFETCH_APPROVER": "${user_config.approver}",
|
|
27
|
+
"PAYFETCH_VIA": "${user_config.via}"
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
},
|
|
31
|
+
"tools": [
|
|
32
|
+
{ "name": "paid_fetch", "description": "Fetch a URL, paying an HTTP 402 (x402) paywall automatically within policy." },
|
|
33
|
+
{ "name": "payment_quote", "description": "Check what a paid URL costs and whether policy would allow paying it, without paying." },
|
|
34
|
+
{ "name": "spend_status", "description": "Show today's spending: totals, remaining budgets, holds, recent payments." },
|
|
35
|
+
{ "name": "list_receipts", "description": "Query the local payment receipt ledger (audit trail)." },
|
|
36
|
+
{ "name": "approve_pending", "description": "List or resolve payments waiting for human approval (queue mode)." }
|
|
37
|
+
],
|
|
38
|
+
"user_config": {
|
|
39
|
+
"private_key": {
|
|
40
|
+
"type": "string",
|
|
41
|
+
"title": "Wallet private key (0x-hex)",
|
|
42
|
+
"description": "Signer option 1 of 3. A 0x-hex EVM private key. SECRET — stored in the OS keychain, never transmitted or logged. Use a DEDICATED low-balance wallet. Set exactly ONE signer option.",
|
|
43
|
+
"sensitive": true,
|
|
44
|
+
"required": false
|
|
45
|
+
},
|
|
46
|
+
"key_file": {
|
|
47
|
+
"type": "file",
|
|
48
|
+
"title": "Wallet key file",
|
|
49
|
+
"description": "Signer option 1 (alt): path to a file containing a 0x-hex private key. REFUSED at startup if the file is group/world-readable — chmod 600 it.",
|
|
50
|
+
"required": false
|
|
51
|
+
},
|
|
52
|
+
"cdp_api_key_id": {
|
|
53
|
+
"type": "string",
|
|
54
|
+
"title": "CDP API key id",
|
|
55
|
+
"description": "Signer option 3 of 3 (Coinbase CDP server wallet, YOUR account). Requires all three CDP fields. SECRET.",
|
|
56
|
+
"sensitive": true,
|
|
57
|
+
"required": false
|
|
58
|
+
},
|
|
59
|
+
"cdp_api_key_secret": {
|
|
60
|
+
"type": "string",
|
|
61
|
+
"title": "CDP API key secret",
|
|
62
|
+
"description": "Coinbase CDP API key secret. SECRET — stored in the OS keychain.",
|
|
63
|
+
"sensitive": true,
|
|
64
|
+
"required": false
|
|
65
|
+
},
|
|
66
|
+
"cdp_wallet_secret": {
|
|
67
|
+
"type": "string",
|
|
68
|
+
"title": "CDP wallet secret",
|
|
69
|
+
"description": "Coinbase CDP wallet secret. SECRET — stored in the OS keychain.",
|
|
70
|
+
"sensitive": true,
|
|
71
|
+
"required": false
|
|
72
|
+
},
|
|
73
|
+
"cdp_account_name": {
|
|
74
|
+
"type": "string",
|
|
75
|
+
"title": "CDP account name (optional)",
|
|
76
|
+
"description": "Optional named CDP EVM account. Defaults to a stable name so the same buyer wallet is resolved across restarts.",
|
|
77
|
+
"required": false
|
|
78
|
+
},
|
|
79
|
+
"data_dir": {
|
|
80
|
+
"type": "directory",
|
|
81
|
+
"title": "Data directory",
|
|
82
|
+
"description": "Where the receipt ledger, state, and config.json live. Defaults to ~/.payfetch.",
|
|
83
|
+
"required": false
|
|
84
|
+
},
|
|
85
|
+
"test_mode": {
|
|
86
|
+
"type": "string",
|
|
87
|
+
"title": "Test mode (set to 1 to enable)",
|
|
88
|
+
"description": "When set to any value, marks receipts test:true and refuses Base MAINNET quotes (Base Sepolia only). Leave blank for production.",
|
|
89
|
+
"required": false
|
|
90
|
+
},
|
|
91
|
+
"approver": {
|
|
92
|
+
"type": "string",
|
|
93
|
+
"title": "Approval authority (set to 1 to enable)",
|
|
94
|
+
"description": "Set to 1 to grant this session approval authority. NOTE: for safety, the server REFUSES TO START if this is set together with a queue-capable approval mode (approval.mode 'queue', or 'elicit' with elicitFallback 'queue') — the agent must not approve its own payments. The supported human gate is elicit-to-human. Blank = list-only.",
|
|
95
|
+
"required": false
|
|
96
|
+
},
|
|
97
|
+
"via": {
|
|
98
|
+
"type": "string",
|
|
99
|
+
"title": "Embedding framework slug (optional)",
|
|
100
|
+
"description": "Optional 'via=' attribution tag sent on trust/safety guard calls only.",
|
|
101
|
+
"required": false
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
}
|
package/package.json
ADDED
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@forum-labs/payfetch",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"mcpName": "io.github.forum-labs/payfetch",
|
|
5
|
+
"description": "Buy-side x402/HTTP-402 paying-fetch client for AI agents, under operator-owned spending policy (caps, allow/deny, human approval, trust checks, local receipts). Non-custodial.",
|
|
6
|
+
"keywords": [
|
|
7
|
+
"x402",
|
|
8
|
+
"http-402",
|
|
9
|
+
"mcp",
|
|
10
|
+
"ai-agent",
|
|
11
|
+
"payments",
|
|
12
|
+
"usdc",
|
|
13
|
+
"base",
|
|
14
|
+
"spending-controls",
|
|
15
|
+
"paywall"
|
|
16
|
+
],
|
|
17
|
+
"homepage": "https://forum-labs.com",
|
|
18
|
+
"repository": {
|
|
19
|
+
"type": "git",
|
|
20
|
+
"url": "git+https://github.com/forum-labs/payfetch.git"
|
|
21
|
+
},
|
|
22
|
+
"bugs": "https://github.com/forum-labs/payfetch/issues",
|
|
23
|
+
"license": "MIT",
|
|
24
|
+
"author": "Forum Labs",
|
|
25
|
+
"type": "module",
|
|
26
|
+
"engines": {
|
|
27
|
+
"node": ">=22"
|
|
28
|
+
},
|
|
29
|
+
"publishConfig": {
|
|
30
|
+
"access": "public"
|
|
31
|
+
},
|
|
32
|
+
"main": "dist/src/index.js",
|
|
33
|
+
"types": "dist/src/index.d.ts",
|
|
34
|
+
"exports": {
|
|
35
|
+
".": {
|
|
36
|
+
"types": "./dist/src/index.d.ts",
|
|
37
|
+
"default": "./dist/src/index.js"
|
|
38
|
+
}
|
|
39
|
+
},
|
|
40
|
+
"bin": {
|
|
41
|
+
"payfetch-mcp": "dist/bin/payfetch-mcp.js",
|
|
42
|
+
"payfetch": "dist/bin/payfetch.js"
|
|
43
|
+
},
|
|
44
|
+
"files": [
|
|
45
|
+
"dist",
|
|
46
|
+
"README.md",
|
|
47
|
+
"LICENSE",
|
|
48
|
+
"mcpb/manifest.json"
|
|
49
|
+
],
|
|
50
|
+
"scripts": {
|
|
51
|
+
"build": "tsc -p tsconfig.build.json",
|
|
52
|
+
"build:mcpb": "node mcpb/build.mjs",
|
|
53
|
+
"test": "vitest run",
|
|
54
|
+
"typecheck": "tsc --noEmit",
|
|
55
|
+
"prepublishOnly": "npm run build && npm run typecheck && npm test"
|
|
56
|
+
},
|
|
57
|
+
"devDependencies": {
|
|
58
|
+
"@anthropic-ai/mcpb": "^2.1.2",
|
|
59
|
+
"@types/node": "^22",
|
|
60
|
+
"esbuild": "^0.28.1",
|
|
61
|
+
"tsx": "^4",
|
|
62
|
+
"typescript": "^5",
|
|
63
|
+
"vitest": "^4"
|
|
64
|
+
},
|
|
65
|
+
"dependencies": {
|
|
66
|
+
"@coinbase/cdp-sdk": "1.51.2",
|
|
67
|
+
"@modelcontextprotocol/sdk": "1.29.0",
|
|
68
|
+
"@x402/core": "2.17.0",
|
|
69
|
+
"undici": "8.5.0",
|
|
70
|
+
"viem": "2.54.1"
|
|
71
|
+
}
|
|
72
|
+
}
|