@nordsym/apiclaw 1.5.8 → 1.5.10

package/scripts/test-whitelist-v2.sh

@@ -0,0 +1,128 @@
+#!/bin/bash
+# Test script for APIClaw Whitelist v2.0
+# Tests whitelist, access control, and analytics
+
+set -e
+
+echo "🧪 APIClaw Whitelist v2.0 Test Suite"
+echo "===================================="
+echo ""
+
+API_URL="${APICLAW_API_URL:-http://localhost:3000}"
+
+# Colors
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+function test_case() {
+  local name=$1
+  local expected=$2
+  local cmd=$3
+  
+  echo -n "Testing: $name ... "
+  
+  response=$(eval "$cmd" 2>&1)
+  status=$?
+  
+  if echo "$response" | grep -q "$expected"; then
+    echo -e "${GREEN}✓ PASS${NC}"
+    return 0
+  else
+    echo -e "${RED}✗ FAIL${NC}"
+    echo "  Expected: $expected"
+    echo "  Got: $response"
+    return 1
+  fi
+}
+
+echo "1. Test Whitelist Authorization"
+echo "--------------------------------"
+
+# Test 1: Whitelisted agent (namespaced)
+test_case \
+  "Namespaced agent (hivr:bytebee) authorized" \
+  "200\|success" \
+  "curl -s '$API_URL/api/discover?query=web&agentId=hivr:bytebee'"
+
+# Test 2: Whitelisted agent (legacy format)
+test_case \
+  "Legacy agent (bytebee) authorized" \
+  "200\|success" \
+  "curl -s '$API_URL/api/discover?query=web&agentId=bytebee'"
+
+# Test 3: Unauthorized agent
+test_case \
+  "Unauthorized agent denied" \
+  "403\|Unauthorized\|Access Denied" \
+  "curl -s '$API_URL/api/discover?query=web&agentId=hacker:evil'"
+
+echo ""
+echo "2. Test Access Control"
+echo "----------------------"
+
+# Test 4: Hivr agent accessing allowed provider
+test_case \
+  "Hivr agent accessing brave_search (allowed)" \
+  "200\|success" \
+  "curl -s -X POST '$API_URL/api/call_api' -H 'Content-Type: application/json' -d '{\"agentId\":\"hivr:bytebee\",\"provider\":\"brave_search\",\"action\":\"search\",\"params\":{\"query\":\"test\"}}'"
+
+# Test 5: Restricted access (if NordSym configured)
+# This will fail if NordSym not configured yet, which is OK
+echo -n "Testing: NordSym agent restricted access ... "
+if curl -s -X POST "$API_URL/api/call_api" \
+  -H "Content-Type: application/json" \
+  -d '{"agentId":"nordsym:test","provider":"restricted_api","action":"call","params":{}}' \
+  | grep -q "403\|Access Denied\|not whitelisted"; then
+  echo -e "${GREEN}✓ PASS${NC} (correctly denied)"
+else
+  echo -e "${YELLOW}⊘ SKIP${NC} (NordSym not configured)"
+fi
+
+echo ""
+echo "3. Test Analytics"
+echo "-----------------"
+
+# Test 6: Product field in logs
+if [ -f ~/.apiclaw/logs/api-calls.jsonl ]; then
+  recent_logs=$(tail -5 ~/.apiclaw/logs/api-calls.jsonl)
+  
+  echo -n "Testing: Product field in logs ... "
+  if echo "$recent_logs" | grep -q '"product":"hivr"'; then
+    echo -e "${GREEN}✓ PASS${NC}"
+  else
+    echo -e "${YELLOW}⊘ WARN${NC} (no recent Hivr calls logged)"
+  fi
+else
+  echo -e "${YELLOW}⊘ SKIP${NC} (no log file yet)"
+fi
+
+echo ""
+echo "4. Test Cache Behavior"
+echo "----------------------"
+
+# Test 7: Multiple requests use cache
+echo -n "Testing: Cache performance ... "
+start=$(date +%s%N)
+for i in {1..5}; do
+  curl -s "$API_URL/api/discover?query=web&agentId=hivr:bytebee" > /dev/null
+done
+end=$(date +%s%N)
+elapsed=$(( (end - start) / 1000000 )) # Convert to ms
+
+if [ $elapsed -lt 1000 ]; then
+  echo -e "${GREEN}✓ PASS${NC} (${elapsed}ms for 5 requests)"
+else
+  echo -e "${YELLOW}⊘ WARN${NC} (${elapsed}ms - cache might not be working)"
+fi
+
+echo ""
+echo "===================================="
+echo "Test suite complete!"
+echo ""
+echo "Next steps:"
+echo "1. Check logs: tail -f ~/.apiclaw/logs/api-calls.jsonl"
+echo "2. Monitor analytics for product field"
+echo "3. Add NordSym product source when ready"
+echo ""

package/src/access-control.ts

@@ -0,0 +1,174 @@
+/**
+ * Access Control System
+ * Controls which products/agents can access which providers
+ * 
+ * Rules format:
+ * - Wildcard: "hivr:*" = all Hivr agents
+ * - Specific: "hivr:bytebee" = only ByteBee
+ * - Product-level: "nordsym:*" = all NordSym agents
+ * 
+ * Provider wildcards:
+ * - "*" = all providers
+ * - "brave_*" = all Brave providers
+ * - Specific: ["brave_search", "groq"]
+ */
+
+interface AccessRule {
+  agentPattern: string;
+  allowedProviders: string[];
+  description?: string;
+}
+
+// Default access rules
+// These can be moved to Convex table for dynamic updates
+const DEFAULT_RULES: AccessRule[] = [
+  {
+    agentPattern: 'hivr:*',
+    allowedProviders: ['*'], // Hivr gets everything
+    description: 'All Hivr bees get full access',
+  },
+  {
+    agentPattern: 'nordsym:*',
+    allowedProviders: ['brave_search', 'groq', 'replicate'],
+    description: 'NordSym team gets selected providers',
+  },
+  // Add more rules as needed
+];
+
+// Cache for compiled rules
+let compiledRules: {
+  pattern: RegExp;
+  providers: string[];
+}[] | null = null;
+
+/**
+ * Compile agentPattern to RegExp
+ */
+function compilePattern(pattern: string): RegExp {
+  // Convert wildcard pattern to regex
+  // "hivr:*" → /^hivr:.+$/
+  // "hivr:byte*" → /^hivr:byte.+$/
+  const escaped = pattern
+    .replace(/[.+^${}()|[\]\\]/g, '\\$&') // Escape regex chars
+    .replace(/\*/g, '.+'); // Replace * with .+
+  
+  return new RegExp(`^${escaped}$`, 'i');
+}
+
+/**
+ * Compile all rules (cache for performance)
+ */
+function compileRules(): void {
+  compiledRules = DEFAULT_RULES.map(rule => ({
+    pattern: compilePattern(rule.agentPattern),
+    providers: rule.allowedProviders,
+  }));
+}
+
+/**
+ * Check if provider matches pattern
+ */
+function matchesProvider(provider: string, pattern: string): boolean {
+  if (pattern === '*') return true;
+  if (pattern.endsWith('*')) {
+    const prefix = pattern.slice(0, -1);
+    return provider.startsWith(prefix);
+  }
+  return provider === pattern;
+}
+
+/**
+ * Check if agentId is allowed to access provider
+ */
+export function canAccessProvider(agentId: string, provider: string): boolean {
+  if (!compiledRules) {
+    compileRules();
+  }
+  
+  const normalized = agentId.toLowerCase().trim();
+  const normalizedProvider = provider.toLowerCase().trim();
+  
+  // Find matching rule
+  for (const rule of compiledRules!) {
+    if (rule.pattern.test(normalized)) {
+      // Check if provider is allowed
+      for (const providerPattern of rule.providers) {
+        if (matchesProvider(normalizedProvider, providerPattern)) {
+          return true;
+        }
+      }
+      // Rule matched but provider not in allowlist
+      return false;
+    }
+  }
+  
+  // No rule matched = deny by default
+  console.warn(`[Access Control] No rule for ${normalized}`);
+  return false;
+}
+
+/**
+ * Get allowed providers for agentId
+ */
+export function getAllowedProviders(agentId: string): string[] {
+  if (!compiledRules) {
+    compileRules();
+  }
+  
+  const normalized = agentId.toLowerCase().trim();
+  
+  // Find matching rule
+  for (const rule of compiledRules!) {
+    if (rule.pattern.test(normalized)) {
+      return rule.providers;
+    }
+  }
+  
+  return [];
+}
+
+/**
+ * Add new access rule (runtime)
+ */
+export function addAccessRule(rule: AccessRule): void {
+  DEFAULT_RULES.push(rule);
+  compiledRules = null; // Force recompile
+  console.log(`[Access Control] Added rule for ${rule.agentPattern}`);
+}
+
+/**
+ * Get all access rules (for debugging/admin)
+ */
+export function getAccessRules(): AccessRule[] {
+  return [...DEFAULT_RULES];
+}
+
+/**
+ * Check if agentId + provider combination is allowed
+ * Combines whitelist check + access control
+ */
+export async function isAllowed(
+  agentId: string | undefined,
+  provider: string
+): Promise<{ allowed: boolean; reason?: string }> {
+  if (!agentId) {
+    return { allowed: false, reason: 'No agentId provided' };
+  }
+  
+  // First check: Is agent whitelisted?
+  const { isAuthorized } = await import('./product-whitelist.js');
+  const whitelisted = await isAuthorized(agentId);
+  
+  if (!whitelisted) {
+    return { allowed: false, reason: 'Agent not whitelisted' };
+  }
+  
+  // Second check: Does agent have access to this provider?
+  const hasAccess = canAccessProvider(agentId, provider);
+  
+  if (!hasAccess) {
+    return { allowed: false, reason: 'Provider not in access list' };
+  }
+  
+  return { allowed: true };
+}

package/src/analytics.ts

@@ -18,6 +18,10 @@ export interface APICallLog {
   success: boolean;
   latencyMs?: number;
   error?: string;
+  metadata?: {
+    product?: string;
+    [key: string]: any;
+  };
 }
 
 // Log directory
@@ -86,6 +90,7 @@ async function sendToConvex(log: APICallLog): Promise<void> {
         latencyMs: log.latencyMs,
         error: log.error,
         timestamp: log.timestamp,
+        ...log.metadata, // Include product and any other metadata
       },
     });
   } catch (e) {

package/src/bin-http.ts

@@ -0,0 +1,45 @@
+#!/usr/bin/env node
+/**
+ * APIClaw HTTP API Server - Standalone executable
+ * Usage: apiclaw-http [--port 3000]
+ */
+
+import { startHTTPServer } from './http-api.js';
+
+const args = process.argv.slice(2);
+let port = 3000;
+
+// Parse args
+for (let i = 0; i < args.length; i++) {
+  if (args[i] === '--port' || args[i] === '-p') {
+    port = parseInt(args[i + 1] || '3000');
+    i++;
+  } else if (args[i] === '--help' || args[i] === '-h') {
+    console.log(`
+🦞 APIClaw HTTP API Server
+
+Usage:
+  apiclaw-http [options]
+
+Options:
+  --port, -p <port>    Port to listen on (default: 3000)
+  --help, -h           Show this help
+
+Examples:
+  apiclaw-http
+  apiclaw-http --port 8080
+
+Endpoints:
+  GET  /api/discover?query=...&agentId=...
+  POST /api/call_api
+       Body: { provider, action, params, agentId }
+  GET  /health
+
+Auth:
+  Whitelist-based for Hivr bees. Contact admin@nordsym.com for access.
+`);
+    process.exit(0);
+  }
+}
+
+startHTTPServer(port);

package/src/credentials.ts

@@ -167,6 +167,22 @@ const providers: Record<string, ProviderCredential> = {
       return null;
     },
   },
+
+  apilayer: {
+    type: 'api_key',
+    get(): APICredentials | null {
+      const env = loadEnvFile('apilayer.env');
+      // Return all keys — handler picks the right one per action
+      const keys: Record<string, string> = {};
+      for (const [k, v] of Object.entries(env)) {
+        if (k.startsWith('APILAYER_') && v) {
+          keys[k] = v;
+        }
+      }
+      if (Object.keys(keys).length === 0) return null;
+      return { type: 'api_key', api_key: keys.APILAYER_EXCHANGERATE_KEY || '', ...keys } as any;
+    },
+  },
 };
 
 /**
@@ -215,6 +231,10 @@ export function hasRealCredentials(providerId: string): boolean {
     const env = loadEnvFile('e2b.env');
     return !!(env.E2B_API_KEY || process.env.E2B_API_KEY);
   }
+  if (providerId === 'apilayer') {
+    const env = loadEnvFile('apilayer.env');
+    return !!(env.APILAYER_EXCHANGERATE_KEY || process.env.APILAYER_EXCHANGERATE_KEY);
+  }
   return false;
 }
 

package/src/execute.ts

@@ -402,6 +402,21 @@ const apiEndpoints: Record<string, Record<string, { url: string; method: string;
     run_code: { url: 'https://api.e2b.dev/v1/sandboxes', method: 'POST' },
     run_shell: { url: 'https://api.e2b.dev/v1/sandboxes', method: 'POST' },
   },
+  apilayer: {
+    exchange_rates: { url: 'https://api.apilayer.com/exchangerates_data/latest', method: 'GET' },
+    market_data: { url: 'http://api.marketstack.com/v1/eod', method: 'GET' },
+    aviation: { url: 'http://api.aviationstack.com/v1/flights', method: 'GET' },
+    pdf_generate: { url: 'https://api.pdflayer.com/api/convert', method: 'GET' },
+    screenshot: { url: 'https://api.screenshotlayer.com/api/capture', method: 'GET' },
+    verify_email: { url: 'https://api.apilayer.com/email_verification/check', method: 'GET' },
+    verify_number: { url: 'https://api.apilayer.com/number_verification/validate', method: 'GET' },
+    vat_check: { url: 'http://apilayer.net/api/validate', method: 'GET' },
+    world_news: { url: 'https://api.apilayer.com/world_news/search-news', method: 'GET' },
+    finance_news: { url: 'https://api.apilayer.com/financelayer/news', method: 'GET' },
+    scrape: { url: 'https://api.apilayer.com/adv_scraper/scraper', method: 'GET' },
+    image_crop: { url: 'https://api.apilayer.com/image_crop/crop', method: 'GET' },
+    skills: { url: 'https://api.apilayer.com/skills', method: 'GET' },
+  },
 };
 
 /**
@@ -1644,6 +1659,238 @@ const handlers: Record<string, Record<string, (params: any, creds: any) => Promi
       };
     },
   },
+
+  // APILayer - 14 APIs via one provider
+  apilayer: {
+    // Helper to pick the right key per action
+    exchange_rates: async (params, creds) => {
+      const key = creds.APILAYER_EXCHANGERATE_KEY || creds.api_key;
+      const { base = 'USD', symbols, date } = params;
+      const endpoint = date ? 'historical' : 'latest';
+      const url = new URL(`https://api.apilayer.com/exchangerates_data/${endpoint}`);
+      url.searchParams.set('base', base);
+      if (symbols) url.searchParams.set('symbols', symbols);
+      if (date) url.searchParams.set('date', date);
+
+      const response = await fetchWithRetry(url.toString(), {
+        headers: { 'apikey': key },
+      }, { provider: 'apilayer', action: 'exchange_rates' });
+
+      const data = await response.json() as Record<string, unknown>;
+      if (!response.ok) return createErrorResult('apilayer', 'exchange_rates', (data.message as string) || 'Request failed', statusToErrorCode(response.status));
+      return { success: true, provider: 'apilayer', action: 'exchange_rates', data };
+    },
+
+    market_data: async (params, creds) => {
+      const key = creds.APILAYER_MARKETSTACK_KEY || creds.api_key;
+      const { symbols, date_from, date_to, limit = 10 } = params;
+      if (!symbols) return createErrorResult('apilayer', 'market_data', 'Missing required param: symbols', ERROR_CODES.INVALID_PARAMS);
+
+      const url = new URL('http://api.marketstack.com/v1/eod');
+      url.searchParams.set('access_key', key);
+      url.searchParams.set('symbols', symbols);
+      url.searchParams.set('limit', limit.toString());
+      if (date_from) url.searchParams.set('date_from', date_from);
+      if (date_to) url.searchParams.set('date_to', date_to);
+
+      const response = await fetchWithRetry(url.toString(), {}, { provider: 'apilayer', action: 'market_data' });
+      const data = await response.json() as Record<string, unknown>;
+      if (!response.ok) return createErrorResult('apilayer', 'market_data', (data.error as any)?.message || 'Request failed', statusToErrorCode(response.status));
+      return { success: true, provider: 'apilayer', action: 'market_data', data };
+    },
+
+    aviation: async (params, creds) => {
+      const key = creds.APILAYER_AVIATIONSTACK_KEY || creds.api_key;
+      const { flight_iata, dep_iata, arr_iata, airline_iata } = params;
+      const url = new URL('http://api.aviationstack.com/v1/flights');
+      url.searchParams.set('access_key', key);
+      if (flight_iata) url.searchParams.set('flight_iata', flight_iata);
+      if (dep_iata) url.searchParams.set('dep_iata', dep_iata);
+      if (arr_iata) url.searchParams.set('arr_iata', arr_iata);
+      if (airline_iata) url.searchParams.set('airline_iata', airline_iata);
+
+      const response = await fetchWithRetry(url.toString(), {}, { provider: 'apilayer', action: 'aviation' });
+      const data = await response.json() as Record<string, unknown>;
+      if (!response.ok) return createErrorResult('apilayer', 'aviation', 'Request failed', statusToErrorCode(response.status));
+      return { success: true, provider: 'apilayer', action: 'aviation', data };
+    },
+
+    pdf_generate: async (params, creds) => {
+      const key = creds.APILAYER_PDFLAYER_KEY || creds.api_key;
+      const { document_url, document_html, page_size = 'A4' } = params;
+      if (!document_url && !document_html) return createErrorResult('apilayer', 'pdf_generate', 'Missing: document_url or document_html', ERROR_CODES.INVALID_PARAMS);
+
+      const url = new URL('https://api.pdflayer.com/api/convert');
+      url.searchParams.set('access_key', key);
+      url.searchParams.set('page_size', page_size);
+      if (document_url) url.searchParams.set('document_url', document_url);
+      if (document_html) url.searchParams.set('document_html', document_html);
+
+      const response = await fetchWithRetry(url.toString(), {}, { provider: 'apilayer', action: 'pdf_generate' });
+      const contentType = response.headers.get('content-type') || '';
+      if (contentType.includes('application/pdf')) {
+        return { success: true, provider: 'apilayer', action: 'pdf_generate', data: { message: 'PDF generated', content_type: 'application/pdf', size: response.headers.get('content-length') } };
+      }
+      const data = await response.json() as Record<string, unknown>;
+      if (!response.ok) return createErrorResult('apilayer', 'pdf_generate', (data.error as any)?.info || 'Request failed', statusToErrorCode(response.status));
+      return { success: true, provider: 'apilayer', action: 'pdf_generate', data };
+    },
+
+    screenshot: async (params, creds) => {
+      const key = creds.APILAYER_SCREENSHOTLAYER_KEY || creds.api_key;
+      const { url: targetUrl, viewport = '1440x900', fullpage = 0 } = params;
+      if (!targetUrl) return createErrorResult('apilayer', 'screenshot', 'Missing required param: url', ERROR_CODES.INVALID_PARAMS);
+
+      const url = new URL('https://api.screenshotlayer.com/api/capture');
+      url.searchParams.set('access_key', key);
+      url.searchParams.set('url', targetUrl);
+      url.searchParams.set('viewport', viewport);
+      url.searchParams.set('fullpage', fullpage.toString());
+
+      const response = await fetchWithRetry(url.toString(), {}, { provider: 'apilayer', action: 'screenshot' });
+      const contentType = response.headers.get('content-type') || '';
+      if (contentType.includes('image/')) {
+        return { success: true, provider: 'apilayer', action: 'screenshot', data: { message: 'Screenshot captured', content_type: contentType, url: url.toString() } };
+      }
+      const data = await response.json() as Record<string, unknown>;
+      return { success: true, provider: 'apilayer', action: 'screenshot', data };
+    },
+
+    verify_email: async (params, creds) => {
+      const key = creds.APILAYER_EMAILVERIFY_KEY || creds.api_key;
+      const { email } = params;
+      if (!email) return createErrorResult('apilayer', 'verify_email', 'Missing required param: email', ERROR_CODES.INVALID_PARAMS);
+
+      const url = new URL('https://api.apilayer.com/email_verification/check');
+      url.searchParams.set('email', email);
+
+      const response = await fetchWithRetry(url.toString(), {
+        headers: { 'apikey': key },
+      }, { provider: 'apilayer', action: 'verify_email' });
+      const data = await response.json() as Record<string, unknown>;
+      if (!response.ok) return createErrorResult('apilayer', 'verify_email', 'Request failed', statusToErrorCode(response.status));
+      return { success: true, provider: 'apilayer', action: 'verify_email', data };
+    },
+
+    verify_number: async (params, creds) => {
+      const key = creds.APILAYER_NUMVERIFY_KEY || creds.api_key;
+      const { number } = params;
+      if (!number) return createErrorResult('apilayer', 'verify_number', 'Missing required param: number', ERROR_CODES.INVALID_PARAMS);
+
+      const url = new URL('https://api.apilayer.com/number_verification/validate');
+      url.searchParams.set('number', number);
+
+      const response = await fetchWithRetry(url.toString(), {
+        headers: { 'apikey': key },
+      }, { provider: 'apilayer', action: 'verify_number' });
+      const data = await response.json() as Record<string, unknown>;
+      if (!response.ok) return createErrorResult('apilayer', 'verify_number', 'Request failed', statusToErrorCode(response.status));
+      return { success: true, provider: 'apilayer', action: 'verify_number', data };
+    },
+
+    vat_check: async (params, creds) => {
+      const key = creds.APILAYER_VATLAYER_KEY || creds.api_key;
+      const { vat_number } = params;
+      if (!vat_number) return createErrorResult('apilayer', 'vat_check', 'Missing required param: vat_number', ERROR_CODES.INVALID_PARAMS);
+
+      const url = new URL('http://apilayer.net/api/validate');
+      url.searchParams.set('access_key', key);
+      url.searchParams.set('vat_number', vat_number);
+
+      const response = await fetchWithRetry(url.toString(), {}, { provider: 'apilayer', action: 'vat_check' });
+      const data = await response.json() as Record<string, unknown>;
+      if (!response.ok) return createErrorResult('apilayer', 'vat_check', 'Request failed', statusToErrorCode(response.status));
+      return { success: true, provider: 'apilayer', action: 'vat_check', data };
+    },
+
+    world_news: async (params, creds) => {
+      const key = creds.APILAYER_WORLDNEWS_KEY || creds.api_key;
+      const { text, source_countries, language = 'en', number = 5 } = params;
+
+      const url = new URL('https://api.apilayer.com/world_news/search-news');
+      if (text) url.searchParams.set('text', text);
+      if (source_countries) url.searchParams.set('source-countries', source_countries);
+      url.searchParams.set('language', language);
+      url.searchParams.set('number', number.toString());
+
+      const response = await fetchWithRetry(url.toString(), {
+        headers: { 'apikey': key },
+      }, { provider: 'apilayer', action: 'world_news' });
+      const data = await response.json() as Record<string, unknown>;
+      if (!response.ok) return createErrorResult('apilayer', 'world_news', 'Request failed', statusToErrorCode(response.status));
+      return { success: true, provider: 'apilayer', action: 'world_news', data };
+    },
+
+    finance_news: async (params, creds) => {
+      const key = creds.APILAYER_FINANCENEWS_KEY || creds.api_key;
+      const { tickers, text, number = 5 } = params;
+
+      const url = new URL('https://api.apilayer.com/financelayer/news');
+      if (tickers) url.searchParams.set('tickers', tickers);
+      if (text) url.searchParams.set('keywords', text);
+      url.searchParams.set('limit', number.toString());
+
+      const response = await fetchWithRetry(url.toString(), {
+        headers: { 'apikey': key },
+      }, { provider: 'apilayer', action: 'finance_news' });
+      const data = await response.json() as Record<string, unknown>;
+      if (!response.ok) return createErrorResult('apilayer', 'finance_news', 'Request failed', statusToErrorCode(response.status));
+      return { success: true, provider: 'apilayer', action: 'finance_news', data };
+    },
+
+    scrape: async (params, creds) => {
+      const key = creds.APILAYER_SCRAPER_KEY || creds.api_key;
+      const { url: targetUrl } = params;
+      if (!targetUrl) return createErrorResult('apilayer', 'scrape', 'Missing required param: url', ERROR_CODES.INVALID_PARAMS);
+
+      const url = new URL('https://api.apilayer.com/adv_scraper/scraper');
+      url.searchParams.set('url', targetUrl);
+
+      const response = await fetchWithRetry(url.toString(), {
+        headers: { 'apikey': key },
+      }, { provider: 'apilayer', action: 'scrape' });
+      const data = await response.json() as Record<string, unknown>;
+      if (!response.ok) return createErrorResult('apilayer', 'scrape', 'Request failed', statusToErrorCode(response.status));
+      return { success: true, provider: 'apilayer', action: 'scrape', data };
+    },
+
+    image_crop: async (params, creds) => {
+      const key = creds.APILAYER_IMAGECROP_KEY || creds.api_key;
+      const { url: imageUrl, width, height } = params;
+      if (!imageUrl) return createErrorResult('apilayer', 'image_crop', 'Missing required param: url', ERROR_CODES.INVALID_PARAMS);
+
+      const url = new URL('https://api.apilayer.com/image_crop/crop');
+      url.searchParams.set('url', imageUrl);
+      if (width) url.searchParams.set('width', width.toString());
+      if (height) url.searchParams.set('height', height.toString());
+
+      const response = await fetchWithRetry(url.toString(), {
+        headers: { 'apikey': key },
+      }, { provider: 'apilayer', action: 'image_crop' });
+      const contentType = response.headers.get('content-type') || '';
+      if (contentType.includes('image/')) {
+        return { success: true, provider: 'apilayer', action: 'image_crop', data: { message: 'Image cropped', content_type: contentType } };
+      }
+      const data = await response.json() as Record<string, unknown>;
+      return { success: true, provider: 'apilayer', action: 'image_crop', data };
+    },
+
+    skills: async (params, creds) => {
+      const key = creds.APILAYER_SKILLAPI_KEY || creds.api_key;
+      const { q } = params;
+      if (!q) return createErrorResult('apilayer', 'skills', 'Missing required param: q', ERROR_CODES.INVALID_PARAMS);
+
+      const url = new URL('https://api.apilayer.com/skills');
+      url.searchParams.set('q', q);
+
+      const response = await fetchWithRetry(url.toString(), {
+        headers: { 'apikey': key },
+      }, { provider: 'apilayer', action: 'skills' });
+      const data = await response.json() as Record<string, unknown>;
+      if (!response.ok) return createErrorResult('apilayer', 'skills', 'Request failed', statusToErrorCode(response.status));
+      return { success: true, provider: 'apilayer', action: 'skills', data };
+    },
+  },
 };
 
 // Get available actions for a provider (static handlers only)