npm - @scriptmasterlabs/mcp-x402 - Versions diffs - 2.0.0 - Mend

@scriptmasterlabs/mcp-x402 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (304) hide show

package/.env.example +35 -0
package/.github/workflows/ci.yml +59 -0
package/.github/workflows/keepalive.yml +31 -0
package/.well-known/agentcard.json +34 -0
package/CONTRIBUTING.md +76 -0
package/Dockerfile +19 -0
package/LICENSE +21 -0
package/README.md +304 -0
package/agents.json +67 -0
package/dist/lib/chains/base.d.ts +10 -0
package/dist/lib/chains/base.d.ts.map +1 -0
package/dist/lib/chains/base.js +73 -0
package/dist/lib/chains/base.js.map +1 -0
package/dist/lib/chains/solana.d.ts +10 -0
package/dist/lib/chains/solana.d.ts.map +1 -0
package/dist/lib/chains/solana.js +49 -0
package/dist/lib/chains/solana.js.map +1 -0
package/dist/lib/chains/xrpl.d.ts +10 -0
package/dist/lib/chains/xrpl.d.ts.map +1 -0
package/dist/lib/chains/xrpl.js +55 -0
package/dist/lib/chains/xrpl.js.map +1 -0
package/dist/lib/credit/bureau.d.ts +10 -0
package/dist/lib/credit/bureau.d.ts.map +1 -0
package/dist/lib/credit/bureau.js +58 -0
package/dist/lib/credit/bureau.js.map +1 -0
package/dist/lib/sml-api/agentcard.d.ts +17 -0
package/dist/lib/sml-api/agentcard.d.ts.map +1 -0
package/dist/lib/sml-api/agentcard.js +30 -0
package/dist/lib/sml-api/agentcard.js.map +1 -0
package/dist/lib/sml-api/backtest.d.ts +22 -0
package/dist/lib/sml-api/backtest.d.ts.map +1 -0
package/dist/lib/sml-api/backtest.js +28 -0
package/dist/lib/sml-api/backtest.js.map +1 -0
package/dist/lib/sml-api/brokers.d.ts +40 -0
package/dist/lib/sml-api/brokers.d.ts.map +1 -0
package/dist/lib/sml-api/brokers.js +128 -0
package/dist/lib/sml-api/brokers.js.map +1 -0
package/dist/lib/sml-api/copytrader.d.ts +11 -0
package/dist/lib/sml-api/copytrader.d.ts.map +1 -0
package/dist/lib/sml-api/copytrader.js +30 -0
package/dist/lib/sml-api/copytrader.js.map +1 -0
package/dist/lib/sml-api/crawl.d.ts +20 -0
package/dist/lib/sml-api/crawl.d.ts.map +1 -0
package/dist/lib/sml-api/crawl.js +32 -0
package/dist/lib/sml-api/crawl.js.map +1 -0
package/dist/lib/sml-api/echo.d.ts +10 -0
package/dist/lib/sml-api/echo.d.ts.map +1 -0
package/dist/lib/sml-api/echo.js +23 -0
package/dist/lib/sml-api/echo.js.map +1 -0
package/dist/lib/sml-api/forge.d.ts +11 -0
package/dist/lib/sml-api/forge.d.ts.map +1 -0
package/dist/lib/sml-api/forge.js +29 -0
package/dist/lib/sml-api/forge.js.map +1 -0
package/dist/lib/sml-api/ftd.d.ts +18 -0
package/dist/lib/sml-api/ftd.d.ts.map +1 -0
package/dist/lib/sml-api/ftd.js +43 -0
package/dist/lib/sml-api/ftd.js.map +1 -0
package/dist/lib/sml-api/ghost.d.ts +13 -0
package/dist/lib/sml-api/ghost.d.ts.map +1 -0
package/dist/lib/sml-api/ghost.js +29 -0
package/dist/lib/sml-api/ghost.js.map +1 -0
package/dist/lib/sml-api/launchpad.d.ts +20 -0
package/dist/lib/sml-api/launchpad.d.ts.map +1 -0
package/dist/lib/sml-api/launchpad.js +31 -0
package/dist/lib/sml-api/launchpad.js.map +1 -0
package/dist/lib/sml-api/leviathan.d.ts +22 -0
package/dist/lib/sml-api/leviathan.d.ts.map +1 -0
package/dist/lib/sml-api/leviathan.js +33 -0
package/dist/lib/sml-api/leviathan.js.map +1 -0
package/dist/lib/sml-api/nexus.d.ts +18 -0
package/dist/lib/sml-api/nexus.d.ts.map +1 -0
package/dist/lib/sml-api/nexus.js +40 -0
package/dist/lib/sml-api/nexus.js.map +1 -0
package/dist/lib/sml-api/proof402.d.ts +6 -0
package/dist/lib/sml-api/proof402.d.ts.map +1 -0
package/dist/lib/sml-api/proof402.js +30 -0
package/dist/lib/sml-api/proof402.js.map +1 -0
package/dist/lib/sml-api/rails.d.ts +12 -0
package/dist/lib/sml-api/rails.d.ts.map +1 -0
package/dist/lib/sml-api/rails.js +29 -0
package/dist/lib/sml-api/rails.js.map +1 -0
package/dist/lib/sml-api/shadow.d.ts +15 -0
package/dist/lib/sml-api/shadow.d.ts.map +1 -0
package/dist/lib/sml-api/shadow.js +27 -0
package/dist/lib/sml-api/shadow.js.map +1 -0
package/dist/lib/sml-api/squeezeos.d.ts +21 -0
package/dist/lib/sml-api/squeezeos.d.ts.map +1 -0
package/dist/lib/sml-api/squeezeos.js +97 -0
package/dist/lib/sml-api/squeezeos.js.map +1 -0
package/dist/lib/sml-api/xdeo.d.ts +13 -0
package/dist/lib/sml-api/xdeo.d.ts.map +1 -0
package/dist/lib/sml-api/xdeo.js +34 -0
package/dist/lib/sml-api/xdeo.js.map +1 -0
package/dist/lib/sml-api/xmit.d.ts +13 -0
package/dist/lib/sml-api/xmit.d.ts.map +1 -0
package/dist/lib/sml-api/xmit.js +34 -0
package/dist/lib/sml-api/xmit.js.map +1 -0
package/dist/server/health.d.ts +16 -0
package/dist/server/health.d.ts.map +1 -0
package/dist/server/health.js +39 -0
package/dist/server/health.js.map +1 -0
package/dist/server/index.d.ts +3 -0
package/dist/server/index.d.ts.map +1 -0
package/dist/server/index.js +193 -0
package/dist/server/index.js.map +1 -0
package/dist/server/payments/ap2.d.ts +17 -0
package/dist/server/payments/ap2.d.ts.map +1 -0
package/dist/server/payments/ap2.js +75 -0
package/dist/server/payments/ap2.js.map +1 -0
package/dist/server/payments/receipt.d.ts +28 -0
package/dist/server/payments/receipt.d.ts.map +1 -0
package/dist/server/payments/receipt.js +60 -0
package/dist/server/payments/receipt.js.map +1 -0
package/dist/server/payments/router.d.ts +23 -0
package/dist/server/payments/router.d.ts.map +1 -0
package/dist/server/payments/router.js +69 -0
package/dist/server/payments/router.js.map +1 -0
package/dist/server/payments/wallet.d.ts +18 -0
package/dist/server/payments/wallet.d.ts.map +1 -0
package/dist/server/payments/wallet.js +107 -0
package/dist/server/payments/wallet.js.map +1 -0
package/dist/server/payments/x402.d.ts +29 -0
package/dist/server/payments/x402.d.ts.map +1 -0
package/dist/server/payments/x402.js +122 -0
package/dist/server/payments/x402.js.map +1 -0
package/dist/server/registry/catalog.d.ts +12 -0
package/dist/server/registry/catalog.d.ts.map +1 -0
package/dist/server/registry/catalog.js +55 -0
package/dist/server/registry/catalog.js.map +1 -0
package/dist/server/registry/discovery.d.ts +16 -0
package/dist/server/registry/discovery.d.ts.map +1 -0
package/dist/server/registry/discovery.js +33 -0
package/dist/server/registry/discovery.js.map +1 -0
package/dist/server/registry/pricing.d.ts +10 -0
package/dist/server/registry/pricing.d.ts.map +1 -0
package/dist/server/registry/pricing.js +66 -0
package/dist/server/registry/pricing.js.map +1 -0
package/dist/server/security/acl.d.ts +28 -0
package/dist/server/security/acl.d.ts.map +1 -0
package/dist/server/security/acl.js +36 -0
package/dist/server/security/acl.js.map +1 -0
package/dist/server/security/audit.d.ts +15 -0
package/dist/server/security/audit.d.ts.map +1 -0
package/dist/server/security/audit.js +77 -0
package/dist/server/security/audit.js.map +1 -0
package/dist/server/security/rate-limit.d.ts +12 -0
package/dist/server/security/rate-limit.d.ts.map +1 -0
package/dist/server/security/rate-limit.js +72 -0
package/dist/server/security/rate-limit.js.map +1 -0
package/dist/server/security/sandbox.d.ts +7 -0
package/dist/server/security/sandbox.d.ts.map +1 -0
package/dist/server/security/sandbox.js +42 -0
package/dist/server/security/sandbox.js.map +1 -0
package/dist/server/tools/agentcard.d.ts +3 -0
package/dist/server/tools/agentcard.d.ts.map +1 -0
package/dist/server/tools/agentcard.js +118 -0
package/dist/server/tools/agentcard.js.map +1 -0
package/dist/server/tools/backtest.d.ts +3 -0
package/dist/server/tools/backtest.d.ts.map +1 -0
package/dist/server/tools/backtest.js +112 -0
package/dist/server/tools/backtest.js.map +1 -0
package/dist/server/tools/brokers.d.ts +3 -0
package/dist/server/tools/brokers.d.ts.map +1 -0
package/dist/server/tools/brokers.js +223 -0
package/dist/server/tools/brokers.js.map +1 -0
package/dist/server/tools/copytrader.d.ts +3 -0
package/dist/server/tools/copytrader.d.ts.map +1 -0
package/dist/server/tools/copytrader.js +90 -0
package/dist/server/tools/copytrader.js.map +1 -0
package/dist/server/tools/crawl.d.ts +3 -0
package/dist/server/tools/crawl.d.ts.map +1 -0
package/dist/server/tools/crawl.js +60 -0
package/dist/server/tools/crawl.js.map +1 -0
package/dist/server/tools/discovery.d.ts +3 -0
package/dist/server/tools/discovery.d.ts.map +1 -0
package/dist/server/tools/discovery.js +188 -0
package/dist/server/tools/discovery.js.map +1 -0
package/dist/server/tools/echo.d.ts +3 -0
package/dist/server/tools/echo.d.ts.map +1 -0
package/dist/server/tools/echo.js +48 -0
package/dist/server/tools/echo.js.map +1 -0
package/dist/server/tools/forge.d.ts +3 -0
package/dist/server/tools/forge.d.ts.map +1 -0
package/dist/server/tools/forge.js +77 -0
package/dist/server/tools/forge.js.map +1 -0
package/dist/server/tools/ftd.d.ts +3 -0
package/dist/server/tools/ftd.d.ts.map +1 -0
package/dist/server/tools/ftd.js +70 -0
package/dist/server/tools/ftd.js.map +1 -0
package/dist/server/tools/ghost.d.ts +3 -0
package/dist/server/tools/ghost.d.ts.map +1 -0
package/dist/server/tools/ghost.js +83 -0
package/dist/server/tools/ghost.js.map +1 -0
package/dist/server/tools/index.d.ts +3 -0
package/dist/server/tools/index.d.ts.map +1 -0
package/dist/server/tools/index.js +44 -0
package/dist/server/tools/index.js.map +1 -0
package/dist/server/tools/launchpad.d.ts +3 -0
package/dist/server/tools/launchpad.d.ts.map +1 -0
package/dist/server/tools/launchpad.js +151 -0
package/dist/server/tools/launchpad.js.map +1 -0
package/dist/server/tools/leviathan.d.ts +3 -0
package/dist/server/tools/leviathan.d.ts.map +1 -0
package/dist/server/tools/leviathan.js +73 -0
package/dist/server/tools/leviathan.js.map +1 -0
package/dist/server/tools/nexus.d.ts +3 -0
package/dist/server/tools/nexus.d.ts.map +1 -0
package/dist/server/tools/nexus.js +65 -0
package/dist/server/tools/nexus.js.map +1 -0
package/dist/server/tools/proof402.d.ts +3 -0
package/dist/server/tools/proof402.d.ts.map +1 -0
package/dist/server/tools/proof402.js +74 -0
package/dist/server/tools/proof402.js.map +1 -0
package/dist/server/tools/rails.d.ts +3 -0
package/dist/server/tools/rails.d.ts.map +1 -0
package/dist/server/tools/rails.js +82 -0
package/dist/server/tools/rails.js.map +1 -0
package/dist/server/tools/shadow.d.ts +3 -0
package/dist/server/tools/shadow.d.ts.map +1 -0
package/dist/server/tools/shadow.js +114 -0
package/dist/server/tools/shadow.js.map +1 -0
package/dist/server/tools/squeezeos.d.ts +3 -0
package/dist/server/tools/squeezeos.d.ts.map +1 -0
package/dist/server/tools/squeezeos.js +231 -0
package/dist/server/tools/squeezeos.js.map +1 -0
package/dist/server/tools/xdeo.d.ts +3 -0
package/dist/server/tools/xdeo.d.ts.map +1 -0
package/dist/server/tools/xdeo.js +58 -0
package/dist/server/tools/xdeo.js.map +1 -0
package/dist/server/tools/xmit.d.ts +3 -0
package/dist/server/tools/xmit.d.ts.map +1 -0
package/dist/server/tools/xmit.js +59 -0
package/dist/server/tools/xmit.js.map +1 -0
package/docker-compose.yml +50 -0
package/llms.txt +70 -0
package/package.json +77 -0
package/render.yaml +39 -0
package/sdk/mcp-x402-sdk/package.json +18 -0
package/sdk/mcp-x402-sdk/src/index.ts +118 -0
package/sdk/mcp-x402-sdk/tsconfig.json +14 -0
package/server.json +60 -0
package/services/backtest_service.py +176 -0
package/src/lib/chains/base.ts +77 -0
package/src/lib/chains/solana.ts +59 -0
package/src/lib/chains/xrpl.ts +63 -0
package/src/lib/credit/bureau.ts +65 -0
package/src/lib/sml-api/agentcard.ts +40 -0
package/src/lib/sml-api/backtest.ts +47 -0
package/src/lib/sml-api/brokers.ts +160 -0
package/src/lib/sml-api/copytrader.ts +33 -0
package/src/lib/sml-api/crawl.ts +44 -0
package/src/lib/sml-api/echo.ts +28 -0
package/src/lib/sml-api/forge.ts +33 -0
package/src/lib/sml-api/ftd.ts +53 -0
package/src/lib/sml-api/ghost.ts +35 -0
package/src/lib/sml-api/launchpad.ts +43 -0
package/src/lib/sml-api/leviathan.ts +49 -0
package/src/lib/sml-api/nexus.ts +50 -0
package/src/lib/sml-api/proof402.ts +27 -0
package/src/lib/sml-api/rails.ts +34 -0
package/src/lib/sml-api/shadow.ts +35 -0
package/src/lib/sml-api/squeezeos.ts +95 -0
package/src/lib/sml-api/xdeo.ts +40 -0
package/src/lib/sml-api/xmit.ts +40 -0
package/src/server/health.ts +52 -0
package/src/server/index.ts +206 -0
package/src/server/payments/ap2.ts +99 -0
package/src/server/payments/receipt.ts +85 -0
package/src/server/payments/router.ts +110 -0
package/src/server/payments/wallet.ts +123 -0
package/src/server/payments/x402.ts +162 -0
package/src/server/registry/catalog.ts +61 -0
package/src/server/registry/discovery.ts +39 -0
package/src/server/registry/pricing.ts +76 -0
package/src/server/security/acl.ts +42 -0
package/src/server/security/audit.ts +94 -0
package/src/server/security/rate-limit.ts +84 -0
package/src/server/security/sandbox.ts +40 -0
package/src/server/tools/agentcard.ts +134 -0
package/src/server/tools/backtest.ts +119 -0
package/src/server/tools/brokers.ts +250 -0
package/src/server/tools/copytrader.ts +104 -0
package/src/server/tools/crawl.ts +70 -0
package/src/server/tools/discovery.ts +202 -0
package/src/server/tools/echo.ts +58 -0
package/src/server/tools/forge.ts +87 -0
package/src/server/tools/ftd.ts +88 -0
package/src/server/tools/ghost.ts +93 -0
package/src/server/tools/index.ts +42 -0
package/src/server/tools/launchpad.ts +173 -0
package/src/server/tools/leviathan.ts +81 -0
package/src/server/tools/nexus.ts +76 -0
package/src/server/tools/proof402.ts +87 -0
package/src/server/tools/rails.ts +92 -0
package/src/server/tools/shadow.ts +128 -0
package/src/server/tools/squeezeos.ts +312 -0
package/src/server/tools/xdeo.ts +67 -0
package/src/server/tools/xmit.ts +68 -0
package/tests/integration/e2e.test.ts +51 -0
package/tests/unit/payments.test.ts +49 -0
package/tests/unit/security.test.ts +92 -0
package/tests/unit/tools.test.ts +42 -0
package/tsconfig.json +21 -0
package/vitest.config.ts +20 -0

package/.env.example ADDED Viewed

@@ -0,0 +1,35 @@
+# === TRANSPORT ===
+# stdio (default, for Claude Code) or sse (remote/Cursor)
+MCP_TRANSPORT=stdio
+MCP_SSE_PORT=3402
+# === SML API ===
+# Base URL for ScriptMasterLabs APIs
+SML_API_BASE=https://api.scriptmasterlabs.com
+SML_MTLS_CERT_PATH=./certs/client.crt
+SML_MTLS_KEY_PATH=./certs/client.key
+SML_MTLS_CA_PATH=./certs/sml-ca.crt
+# === WALLET (stored in OS keychain — env only for CI/testnet) ===
+# NEVER use in production — use OS keychain instead
+# CI_WALLET_SEED=your-bip39-mnemonic-here
+# === CHAINS ===
+BASE_RPC_URL=https://mainnet.base.org
+BASE_SEPOLIA_RPC_URL=https://sepolia.base.org
+XRPL_RPC_URL=wss://xrplcluster.com
+SOLANA_RPC_URL=https://api.mainnet-beta.solana.com
+# === SPEND LIMITS ===
+DAILY_SPEND_CAP_USD=50
+AUTO_APPROVE_THRESHOLD_USD=1
+PRICE_CACHE_TTL_MS=60000
+# === AUDIT ===
+AUDIT_LOG_PATH=./audit.log
+# === CREDIT BUREAU ===
+MIN_CREDIT_SCORE=300
+# === TESTNET ===
+TESTNET=false

package/.github/workflows/ci.yml ADDED Viewed

@@ -0,0 +1,59 @@
+name: mcp-x402 CI
+on:
+  push:
+    paths:
+      - 'mcp-x402/**'
+  pull_request:
+    paths:
+      - 'mcp-x402/**'
+defaults:
+  run:
+    working-directory: mcp-x402
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'npm'
+          cache-dependency-path: mcp-x402/package-lock.json
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+      - name: Type check
+        run: npm run typecheck
+      - name: Unit tests
+        run: npm run test:unit
+      - name: Upload coverage
+        uses: codecov/codecov-action@v4
+        with:
+          directory: mcp-x402/coverage
+          flags: mcp-x402
+        continue-on-error: true
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+      - name: Build
+        run: npm run build
+      - name: Docker build
+        run: docker build -t mcp-x402:ci .

package/.github/workflows/keepalive.yml ADDED Viewed

@@ -0,0 +1,31 @@
+name: mcp-x402 Keepalive
+# Pings the SSE health endpoint every 14 minutes to prevent cold starts
+# on free-tier Render instances (which sleep after 15 minutes of inactivity).
+on:
+  schedule:
+    - cron: '*/14 * * * *'  # every 14 minutes, 24/7
+  workflow_dispatch:        # allow manual trigger
+jobs:
+  ping:
+    runs-on: ubuntu-latest
+    timeout-minutes: 2
+    steps:
+      - name: Ping mcp-x402 health endpoint
+        env:
+          MCP_X402_URL: ${{ secrets.MCP_X402_URL }}
+        run: |
+          URL="${MCP_X402_URL:-https://mcp-x402.scriptmasterlabs.com}"
+          STATUS=$(curl -s -o /dev/null -w "%{http_code}" --max-time 30 "${URL}/health")
+          echo "Health check HTTP ${STATUS} — ${URL}/health"
+          if [ "$STATUS" != "200" ]; then
+            echo "::warning::Health check returned HTTP ${STATUS}. Service may be degraded."
+          fi
+      - name: Ping SqueezeOS keepalive (ecosystem dependency)
+        run: |
+          curl -s --max-time 30 https://squeezeos-api.onrender.com/api/status > /dev/null || true
+          curl -s --max-time 30 https://four02proof.onrender.com/health > /dev/null || true
+          curl -s --max-time 30 https://ghost-layer.onrender.com/health > /dev/null || true
+          echo "Ecosystem keepalives sent."

package/.well-known/agentcard.json ADDED Viewed

@@ -0,0 +1,34 @@
+{
+  "schema_version": "agentcard/v1",
+  "id": "mcp-x402.scriptmasterlabs.com",
+  "name": "mcp-x402",
+  "description": "ScriptMasterLabs autonomous payment MCP server. Institutional financial intelligence via x402.",
+  "version": "1.0.0",
+  "author": {
+    "name": "ScriptMasterLabs",
+    "url": "https://scriptmasterlabs.com",
+    "did": "did:web:scriptmasterlabs.com"
+  },
+  "capabilities": [
+    "x402-payment",
+    "ap2-mandate",
+    "multi-chain",
+    "credit-bureau",
+    "mcp-stdio",
+    "mcp-sse"
+  ],
+  "endpoints": {
+    "mcp": "https://mcp-x402.scriptmasterlabs.com",
+    "health": "https://mcp-x402.scriptmasterlabs.com/health",
+    "agents": "https://mcp-x402.scriptmasterlabs.com/agents.json",
+    "llms": "https://mcp-x402.scriptmasterlabs.com/llms.txt"
+  },
+  "payment": {
+    "protocol": "x402",
+    "proof_endpoint": "https://four02proof.onrender.com/v1/receipt"
+  },
+  "identity": {
+    "verification": "ed25519",
+    "public_key_url": "https://mcp-x402.scriptmasterlabs.com/.well-known/public-key.pem"
+  }
+}

package/CONTRIBUTING.md ADDED Viewed

@@ -0,0 +1,76 @@
+# Contributing to mcp-x402
+Thank you for contributing to the first MCP server that pays for itself.
+## Values (SDVOSB)
+ScriptMasterLabs is a Service-Disabled Veteran-Owned Small Business (SDVOSB). We hold these values:
+- **Integrity** — No fake data, no simulated values, no shortcuts.
+- **Transparency** — Every line of code is auditable. Every dollar spent is receipted.
+- **Accountability** — If a payment goes through, there's a SHA-256 chained audit entry.
+- **Service** — We build for operators and agents who need institutional-grade tools.
+## Getting Started
+```bash
+git clone https://github.com/timwal78/sml_portfolio
+cd mcp-x402
+npm install
+npm run build
+npm test
+```
+## Non-Negotiables (from the build spec)
+Before opening a PR, verify:
+- [ ] N1: No private keys stored outside OS keychain
+- [ ] N2: mTLS configured on all SML API calls
+- [ ] N3: No PII or raw filing content in logs
+- [ ] N4: Zod validation on 100% of new inputs
+- [ ] N5: Audit log entries are SHA-256 HMAC chained
+- [ ] N6: AP2 mandate verified before every paid call
+- [ ] N7: 402Proof receipt returned with every transaction
+- [ ] N8: Credit Bureau score checked for auto-approve
+- [ ] N9: $50 daily spend cap enforced
+- [ ] N10: Integration tests use Base Sepolia only
+- [ ] N11: End-to-end latency target <3s on Base
+- [ ] N12: Price cache refreshed within 60s
+- [ ] N13: Multi-chain fallback within 500ms
+## Code Style
+- TypeScript strict mode. No `any`.
+- Zod schemas for every external input.
+- No `eval()`, no `Function()`, no `require()` with dynamic strings.
+- No raw SQL (if DB is ever added, use parameterized queries).
+- Comments only when the WHY is non-obvious.
+## Pull Request Checklist
+- [ ] `npm run typecheck` passes
+- [ ] `npm test` passes with 90%+ coverage
+- [ ] No new dependencies without justification
+- [ ] Security: no new environment variable fallbacks for secrets
+- [ ] Updated `CATALOG` and `agents.json` if adding a new tool
+- [ ] Tool count in README updated
+## Adding a New Tool
+1. Add to `src/server/tools/<name>.ts`
+2. Register in `src/server/tools/index.ts`
+3. Add SML API client in `src/lib/sml-api/<name>.ts`
+4. Add to `CATALOG` in `src/server/registry/catalog.ts`
+5. Add price to `BASE_PRICES` in `src/server/registry/pricing.ts`
+6. Update `agents.json` and `llms.txt`
+7. Add unit tests in `tests/unit/tools.test.ts`
+## Reporting Security Issues
+Email: timothy.walton45@gmail.com
+Do NOT open a public GitHub issue for security vulnerabilities.
+## License
+MIT. All contributions are MIT licensed.

package/Dockerfile ADDED Viewed

@@ -0,0 +1,19 @@
+FROM node:22-alpine AS builder
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci --ignore-scripts
+COPY tsconfig.json ./
+COPY src/ ./src/
+RUN npm run build
+FROM node:22-alpine AS runner
+WORKDIR /app
+RUN apk add --no-cache dbus libsecret
+COPY package*.json ./
+RUN npm ci --omit=dev --ignore-scripts
+COPY --from=builder /app/dist ./dist
+COPY agents.json llms.txt .well-known/ ./
+EXPOSE 3402
+ENV NODE_ENV=production
+USER node
+CMD ["node", "dist/server/index.js"]

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 ScriptMasterLabs
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,304 @@
+# mcp-x402 — The First MCP Server That Pays for Itself
+[![npm](https://img.shields.io/npm/v/@scriptmasterlabs/mcp-x402)](https://www.npmjs.com/package/@scriptmasterlabs/mcp-x402)
+[![MIT License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
+[![Tests](https://github.com/timwal78/sml_portfolio/actions/workflows/mcp-x402-ci.yml/badge.svg)](https://github.com/timwal78/sml_portfolio/actions)
+> **Demo video:** [30-second walkthrough](#) — coming within 48h of launch.
+AI agents should pay for their own data — instantly, autonomously, compliantly. `mcp-x402` makes that real.
+```bash
+npx @scriptmasterlabs/mcp-x402
+```
+---
+## Why MCP Servers Are Broken (The Manifesto)
+Every MCP server connecting to paid APIs today requires:
+- A human to set up API keys
+- A human to manage billing
+- A human to top up credits when they run out
+- A human to rotate keys when they expire
+This defeats the entire point of autonomous agents. If your agent has to stop and ask a human for a credit card, it's not autonomous — it's a very expensive chatbot.
+**We built the machine-native alternative.**
+`mcp-x402` is the first MCP server where agents provision their own wallets, negotiate prices on-chain, pay autonomously, and receive cryptographic receipts — all without human intervention. The agent's credit score goes up every time it successfully transacts. It builds financial reputation the same way humans do.
+This is the infrastructure layer that makes truly autonomous AI agents possible.
+---
+## One-Line Install
+```bash
+npm i -g @scriptmasterlabs/mcp-x402
+```
+Add to your Claude Code `~/.claude/config.json`:
+```json
+{
+  "mcpServers": {
+    "sml": {
+      "command": "npx",
+      "args": ["@scriptmasterlabs/mcp-x402"]
+    }
+  }
+}
+```
+For Cursor (SSE mode), add to your MCP settings:
+```json
+{
+  "mcp-x402": {
+    "url": "http://localhost:3402/sse"
+  }
+}
+```
+Then run: `MCP_TRANSPORT=sse npx @scriptmasterlabs/mcp-x402`
+---
+## Architecture
+```
+Claude / Cursor
+     │
+     ▼ MCP Protocol (stdio / SSE)
+  mcp-x402 Server
+     ├─ Input validation (Zod, 100% coverage)
+     ├─ Rate limiter (100/min per tool)
+     ├─ AP2 Mandate check (deny-by-default)
+     ├─ Credit Bureau check (min score 300)
+     ├─ Price registry (60s max cache)
+     ├─ x402 payment engine
+     │    ├─ Base USDC (preferred, <3s)
+     │    ├─ XRPL RLUSD (500ms fallback)
+     │    └─ Solana USDC (last resort)
+     ├─ 402Proof receipt generation
+     ├─ SML API call (mTLS)
+     └─ Append-only SHA-256 audit log
+     │
+     ▼ Result + receipt_id back to agent
+```
+---
+## The 6 Tools
+### `leviathan_signal` — $0.05 USDC | AP2 required
+Institutional-grade squeeze signals. Multi-engine verdict (OracleEngine + RDT + SML Fractal Cascade).
+```typescript
+await use_mcp_tool('sml', 'leviathan_signal', {
+  ticker: 'MSTR',
+  signal_type: 'squeeze',
+  min_confidence: 75
+});
+// Returns: signal verdict + confidence + receipt_id
+```
+### `xmit_edgar_decode` — $0.02 USDC | AP2 required
+Parse SEC DEF 14A / 13F / 13D filings. Raw text never leaves SML servers.
+```typescript
+await use_mcp_tool('sml', 'xmit_edgar_decode', {
+  filing_url: 'https://www.sec.gov/Archives/edgar/data/...',
+  parse_target: 'executive_pay',
+  format: 'json'
+});
+```
+### `xdeo_earnings_estimate` — $0.02 USDC | AP2 required
+Decentralized earnings oracle. Earns +2 Credit Bureau points per successful call.
+```typescript
+await use_mcp_tool('sml', 'xdeo_earnings_estimate', {
+  ticker: 'NVDA',
+  fiscal_quarter: 'Q12025',
+  estimate_type: 'all'
+});
+```
+### `ftd_threshold_scan` — Alerts FREE / Full $0.05 USDC
+SEC Reg SHO FTD spike detection. 15-minute cache.
+```typescript
+// Free tier:
+await use_mcp_tool('sml', 'ftd_threshold_scan', { scan_type: 'alerts' });
+// Paid tier:
+await use_mcp_tool('sml', 'ftd_threshold_scan', { scan_type: 'full', min_spike_multiplier: 3 });
+```
+### `nexus_agent_hire` — Query FREE / Hire 5% commission
+Agent marketplace. Find and hire specialized AI agents.
+```typescript
+// Free query:
+await use_mcp_tool('sml', 'nexus_agent_hire', { capability: 'options flow analysis', max_budget: '1.00', action: 'query' });
+// Hire:
+await use_mcp_tool('sml', 'nexus_agent_hire', { action: 'hire', agent_id: 'agent_abc', max_budget: '0.50' });
+```
+### `crawl_paid_fetch` — $0.005 USDC
+Pay-per-fetch web scraping. Humans bypass automatically.
+```typescript
+await use_mcp_tool('sml', 'crawl_paid_fetch', {
+  url: 'https://example.com/data',
+  extract: 'tables'
+});
+```
+---
+## Payment Flow
+1. **Discover** — Agent reads `agents.json` or `llms.txt`, sees tool prices
+2. **Authorize** — AP2 mandate checked. Credit Bureau score ≥ 300 auto-approves
+3. **Pay** — x402 stablecoin on cheapest/fastest chain (<3s on Base)
+4. **Prove** — 402Proof receipt in every response
+5. **Earn** — Credit Bureau score updates after success
+Every successful tool call returns a `_meta` block:
+```json
+{
+  "_meta": {
+    "receipt_id": "uuid-here",
+    "tx_hash": "0xabc...",
+    "chain": "base",
+    "amount_paid": "0.05 USDC",
+    "timestamp": 1750000000000
+  }
+}
+```
+---
+## SDK — For MCP Server Authors
+Install in one line:
+```bash
+npm i @scriptmasterlabs/mcp-x402-sdk
+```
+Drop into any MCP server in 5 lines:
+```typescript
+import { x402Payment } from '@scriptmasterlabs/mcp-x402-sdk';
+server.tool(
+  'my_paid_tool',
+  myInputSchema,
+  x402Payment({
+    price: '0.01',
+    currency: 'USDC',
+    inputSchema: MyZodSchema,
+    handler: async (input, receipt) => ({
+      content: [{ type: 'text', text: JSON.stringify({ result: await myApi(input), receipt }) }],
+    }),
+  }),
+);
+```
+That's it. The SDK handles wallet provisioning, AP2 mandate, chain routing, receipts, and audit logging.
+---
+## Security
+| Requirement | Implementation |
+|-------------|----------------|
+| Keys in OS keychain only | `keytar` — macOS Keychain / Windows DPAPI / Linux Secret Service |
+| mTLS on SML APIs | Pinned cert via `node-forge` |
+| No PII in logs | Wallet addresses hashed (SHA-256 prefix), filing content redacted |
+| Zod on all inputs | 100% coverage, validated before any execution |
+| Append-only audit log | SHA-256 HMAC chained log, 7-day local + cloud backup |
+| AP2 mandate required | Verified before every paid call, fail-closed |
+| 402Proof receipt | Every transaction, registered with proof server |
+| Credit Bureau check | min score 300 for auto-approve |
+| $50 daily spend cap | Per wallet, enforced in-process |
+| Testnet in CI | Base Sepolia only, max $0.10 test value |
+| <3s end-to-end | Base mainnet target, 500ms multi-chain fallback |
+---
+## Environment Variables
+See [`.env.example`](.env.example) for the full list. Key variables:
+```bash
+MCP_TRANSPORT=stdio          # stdio (Claude Code) or sse (Cursor/remote)
+SML_API_BASE=https://api.scriptmasterlabs.com
+BASE_RPC_URL=https://mainnet.base.org
+XRPL_RPC_URL=wss://xrplcluster.com
+DAILY_SPEND_CAP_USD=50
+AUTO_APPROVE_THRESHOLD_USD=1
+TESTNET=false                # Set true + CI_WALLET_SEED for CI
+```
+**Private keys**: Stored in your OS keychain automatically on first run. Never in env vars.
+---
+## Running Locally
+```bash
+git clone https://github.com/timwal78/sml_portfolio
+cd mcp-x402
+npm install
+npm run build
+npm start
+```
+With Docker:
+```bash
+docker build -t mcp-x402 .
+docker run -p 3402:3402 -e MCP_TRANSPORT=sse mcp-x402
+```
+---
+## Testing
+```bash
+npm test              # All unit tests
+npm run test:coverage # Coverage report (target: 90%)
+TESTNET=true CI_WALLET_SEED="your mnemonic" npm run test:integration
+```
+---
+## Ecosystem
+| Service | URL | Role |
+|---------|-----|------|
+| SqueezeOS API | `squeezeos-api.onrender.com` | Market intelligence |
+| 402Proof | `four02proof.onrender.com` | Payment receipts + Credit Bureau |
+| Ghost Layer | `ghost-layer.onrender.com` | XRPL+Base toll gateway |
+| ScriptMasterLabs | `scriptmasterlabs.com` | Operator homepage |
+---
+## MOAT
+- Only MCP server with live x402 + AP2 + multi-chain production stack
+- Only one with Agent Credit Bureau (300–850 scores)
+- Only one backed by live financial intelligence marketplace
+- Only one with SDVOSB federal credibility
+- MIT licensed. No proprietary core.
+---
+## License
+MIT — see [LICENSE](LICENSE)
+Owner: [@TimmyCrypto78](https://github.com/timwal78) / ScriptMasterLabs
+Launch Target: 2026-07-02
+Target: 50K GitHub stars, 5K npm weekly downloads

package/agents.json ADDED Viewed

@@ -0,0 +1,67 @@
+{
+  "schema_version": "v1",
+  "name": "mcp-x402",
+  "description": "ScriptMasterLabs MCP server. AI agents pay for institutional financial intelligence autonomously via x402 stablecoin payments on Base, XRPL, and Solana.",
+  "url": "https://github.com/timwal78/sml_portfolio/tree/main/mcp-x402",
+  "provider": {
+    "name": "ScriptMasterLabs",
+    "url": "https://scriptmasterlabs.com",
+    "contact": "timothy.walton45@gmail.com"
+  },
+  "version": "1.0.0",
+  "mcp": {
+    "transport": ["stdio", "sse"],
+    "endpoint": "https://mcp-x402.scriptmasterlabs.com"
+  },
+  "payment": {
+    "protocol": "x402",
+    "chains": ["base", "xrpl", "solana"],
+    "currencies": ["USDC", "RLUSD"],
+    "mandate": "ap2",
+    "credit_bureau": "https://four02proof.onrender.com/v1/score"
+  },
+  "tools": [
+    {
+      "name": "leviathan_signal",
+      "description": "Institutional-grade squeeze signals. Proprietary multi-engine verdict for any ticker.",
+      "price": "0.05",
+      "currency": "USDC",
+      "ap2_required": true
+    },
+    {
+      "name": "xmit_edgar_decode",
+      "description": "Parse SEC DEF 14A / 13F / 13D filings. Raw text never leaves SML servers.",
+      "price": "0.02",
+      "currency": "USDC",
+      "ap2_required": true
+    },
+    {
+      "name": "xdeo_earnings_estimate",
+      "description": "Decentralized earnings oracle. +2 bureau_score on success.",
+      "price": "0.02",
+      "currency": "USDC",
+      "ap2_required": true
+    },
+    {
+      "name": "ftd_threshold_scan",
+      "description": "SEC Reg SHO FTD data. Alerts free; full data 0.05 USDC.",
+      "price": "0.05",
+      "currency": "USDC",
+      "free_tier": "alerts_only",
+      "cache_ttl": 900
+    },
+    {
+      "name": "nexus_agent_hire",
+      "description": "Agent marketplace. Query free; hire charges 5% commission.",
+      "price": "commission_5pct",
+      "currency": "USDC",
+      "free_tier": "query_only"
+    },
+    {
+      "name": "crawl_paid_fetch",
+      "description": "Pay-per-fetch scraping. Humans bypass free.",
+      "price": "0.005",
+      "currency": "USDC"
+    }
+  ]
+}

package/dist/lib/chains/base.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { RouteParams } from '../../server/payments/router.js';
+export declare class BaseChain {
+    private static instance;
+    private readonly testnet;
+    private constructor();
+    static getInstance(): BaseChain;
+    sendPayment(params: RouteParams): Promise<string>;
+    private getPrivateKey;
+}
+//# sourceMappingURL=base.d.ts.map

package/dist/lib/chains/base.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../../../src/lib/chains/base.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAoBnE,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAY;IACnC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAElC,OAAO;IAIP,MAAM,CAAC,WAAW,IAAI,SAAS;IAOzB,WAAW,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC;YA2BzC,aAAa;CAQ5B"}