@scriptmasterlabs/mcp-x402 2.0.0

package/dist/server/registry/catalog.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CATALOG = void 0;
+exports.getToolMeta = getToolMeta;
+exports.CATALOG = [
+    {
+        name: 'leviathan_signal',
+        description: 'Institutional-grade squeeze signals. Multi-engine verdict for any ticker.',
+        price: '0.05',
+        currency: 'USDC',
+        ap2Required: true,
+    },
+    {
+        name: 'xmit_edgar_decode',
+        description: 'Parse SEC DEF 14A / 13F / 13D filings. Raw text never leaves SML servers.',
+        price: '0.02',
+        currency: 'USDC',
+        ap2Required: true,
+    },
+    {
+        name: 'xdeo_earnings_estimate',
+        description: 'Decentralized earnings oracle. +2 bureau_score on success.',
+        price: '0.02',
+        currency: 'USDC',
+        ap2Required: true,
+    },
+    {
+        name: 'ftd_threshold_scan',
+        description: 'SEC Reg SHO FTD data. Alerts free; full data 0.05 USDC. 15-min cache.',
+        price: '0.05',
+        currency: 'USDC',
+        ap2Required: false,
+        freeTier: 'alerts_only',
+        cacheTtl: 900,
+    },
+    {
+        name: 'nexus_agent_hire',
+        description: 'Agent marketplace. Query free; hire charges 5% commission.',
+        price: '0.00',
+        currency: 'USDC',
+        ap2Required: false,
+        freeTier: 'query_only',
+    },
+    {
+        name: 'crawl_paid_fetch',
+        description: 'Pay-per-fetch scraping. Humans bypass free.',
+        price: '0.005',
+        currency: 'USDC',
+        ap2Required: false,
+    },
+];
+function getToolMeta(name) {
+    return exports.CATALOG.find((t) => t.name === name);
+}
+//# sourceMappingURL=catalog.js.map

package/dist/server/registry/catalog.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"catalog.js","sourceRoot":"","sources":["../../../src/server/registry/catalog.ts"],"names":[],"mappings":";;;AA0DA,kCAEC;AAlDY,QAAA,OAAO,GAAe;IACjC;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,2EAA2E;QACxF,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,IAAI;KAClB;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,2EAA2E;QACxF,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,IAAI;KAClB;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,4DAA4D;QACzE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,IAAI;KAClB;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,uEAAuE;QACpF,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,KAAK;QAClB,QAAQ,EAAE,aAAa;QACvB,QAAQ,EAAE,GAAG;KACd;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,4DAA4D;QACzE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,KAAK;QAClB,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,6CAA6C;QAC1D,KAAK,EAAE,OAAO;QACd,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,KAAK;KACnB;CACF,CAAC;AAEF,SAAgB,WAAW,CAAC,IAAY;IACtC,OAAO,eAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;AAC9C,CAAC"}

package/dist/server/registry/discovery.d.ts

@@ -0,0 +1,16 @@
+interface AgentsJson {
+    schema_version: string;
+    name: string;
+    tools: unknown[];
+}
+export declare class Discovery {
+    private static instance;
+    private agentsJson;
+    private llmsTxt;
+    private constructor();
+    static getInstance(): Discovery;
+    getAgentsJson(): AgentsJson;
+    getLlmsTxt(): string;
+}
+export {};
+//# sourceMappingURL=discovery.d.ts.map

package/dist/server/registry/discovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../../src/server/registry/discovery.ts"],"names":[],"mappings":"AAGA,UAAU,UAAU;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,OAAO,EAAE,CAAC;CAClB;AAED,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAY;IACnC,OAAO,CAAC,UAAU,CAA2B;IAC7C,OAAO,CAAC,OAAO,CAAuB;IAEtC,OAAO;IAEP,MAAM,CAAC,WAAW,IAAI,SAAS;IAO/B,aAAa,IAAI,UAAU;IAQ3B,UAAU,IAAI,MAAM;CAOrB"}

package/dist/server/registry/discovery.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Discovery = void 0;
+const fs_1 = require("fs");
+const path_1 = require("path");
+class Discovery {
+    static instance;
+    agentsJson = null;
+    llmsTxt = null;
+    constructor() { }
+    static getInstance() {
+        if (!Discovery.instance) {
+            Discovery.instance = new Discovery();
+        }
+        return Discovery.instance;
+    }
+    getAgentsJson() {
+        if (!this.agentsJson) {
+            const path = (0, path_1.join)(process.cwd(), 'agents.json');
+            this.agentsJson = JSON.parse((0, fs_1.readFileSync)(path, 'utf8'));
+        }
+        return this.agentsJson;
+    }
+    getLlmsTxt() {
+        if (!this.llmsTxt) {
+            const path = (0, path_1.join)(process.cwd(), 'llms.txt');
+            this.llmsTxt = (0, fs_1.readFileSync)(path, 'utf8');
+        }
+        return this.llmsTxt;
+    }
+}
+exports.Discovery = Discovery;
+//# sourceMappingURL=discovery.js.map

package/dist/server/registry/discovery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../../../src/server/registry/discovery.ts"],"names":[],"mappings":";;;AAAA,2BAAkC;AAClC,+BAA4B;AAQ5B,MAAa,SAAS;IACZ,MAAM,CAAC,QAAQ,CAAY;IAC3B,UAAU,GAAsB,IAAI,CAAC;IACrC,OAAO,GAAkB,IAAI,CAAC;IAEtC,gBAAuB,CAAC;IAExB,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,SAAS,CAAC,QAAQ,GAAG,IAAI,SAAS,EAAE,CAAC;QACvC,CAAC;QACD,OAAO,SAAS,CAAC,QAAQ,CAAC;IAC5B,CAAC;IAED,aAAa;QACX,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,GAAG,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,CAAC,CAAC;YAChD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,IAAI,EAAE,MAAM,CAAC,CAAe,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,UAAU;QACR,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,GAAG,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;YAC7C,IAAI,CAAC,OAAO,GAAG,IAAA,iBAAY,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;CACF;AA7BD,8BA6BC"}

package/dist/server/registry/pricing.d.ts

@@ -0,0 +1,10 @@
+export declare class PriceRegistry {
+    private static instance;
+    private readonly cache;
+    private readonly baseUrl;
+    private constructor();
+    static getInstance(): PriceRegistry;
+    getPrice(toolName: string): Promise<string | null>;
+    seedDefaults(): void;
+}
+//# sourceMappingURL=pricing.d.ts.map

package/dist/server/registry/pricing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pricing.d.ts","sourceRoot":"","sources":["../../../src/server/registry/pricing.ts"],"names":[],"mappings":"AAgBA,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAgB;IACvC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAkC;IACxD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IAEjC,OAAO;IAIP,MAAM,CAAC,WAAW,IAAI,aAAa;IAO7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAmCxD,YAAY,IAAI,IAAI;CAQrB"}

package/dist/server/registry/pricing.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PriceRegistry = void 0;
+const PRICE_CACHE_TTL = parseInt(process.env['PRICE_CACHE_TTL_MS'] ?? '60000', 10);
+const BASE_PRICES = {
+    leviathan_signal: '0.05',
+    xmit_edgar_decode: '0.02',
+    xdeo_earnings_estimate: '0.02',
+    ftd_threshold_scan: '0.05',
+    nexus_agent_hire: '0.00', // commission-based
+    crawl_paid_fetch: '0.005',
+};
+class PriceRegistry {
+    static instance;
+    cache = new Map();
+    baseUrl;
+    constructor() {
+        this.baseUrl = process.env['SML_API_BASE'] ?? 'https://api.scriptmasterlabs.com';
+    }
+    static getInstance() {
+        if (!PriceRegistry.instance) {
+            PriceRegistry.instance = new PriceRegistry();
+        }
+        return PriceRegistry.instance;
+    }
+    async getPrice(toolName) {
+        const cached = this.cache.get(toolName);
+        const now = Date.now();
+        if (cached && now - cached.fetchedAt < PRICE_CACHE_TTL) {
+            return cached.price;
+        }
+        // Fetch live price from SML pricing API
+        try {
+            const res = await fetch(`${this.baseUrl}/pricing/v1/tool/${toolName}`, {
+                signal: AbortSignal.timeout(3000),
+            });
+            if (res.ok) {
+                const body = (await res.json());
+                this.cache.set(toolName, { price: body.price, fetchedAt: now });
+                return body.price;
+            }
+        }
+        catch {
+            // Fall through to hardcoded baseline
+        }
+        // Use hardcoded baseline if API unavailable
+        const fallback = BASE_PRICES[toolName];
+        if (fallback !== undefined) {
+            // Cache fallback for 30s (half normal TTL) to retry sooner
+            this.cache.set(toolName, { price: fallback, fetchedAt: now - PRICE_CACHE_TTL / 2 });
+            return fallback;
+        }
+        // Price unknown and cache stale (N12) — reject
+        return null;
+    }
+    seedDefaults() {
+        const now = Date.now();
+        for (const [tool, price] of Object.entries(BASE_PRICES)) {
+            if (!this.cache.has(tool)) {
+                this.cache.set(tool, { price, fetchedAt: now });
+            }
+        }
+    }
+}
+exports.PriceRegistry = PriceRegistry;
+//# sourceMappingURL=pricing.js.map

package/dist/server/registry/pricing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pricing.js","sourceRoot":"","sources":["../../../src/server/registry/pricing.ts"],"names":[],"mappings":";;;AAAA,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;AAEnF,MAAM,WAAW,GAA2B;IAC1C,gBAAgB,EAAE,MAAM;IACxB,iBAAiB,EAAE,MAAM;IACzB,sBAAsB,EAAE,MAAM;IAC9B,kBAAkB,EAAE,MAAM;IAC1B,gBAAgB,EAAE,MAAM,EAAE,mBAAmB;IAC7C,gBAAgB,EAAE,OAAO;CAC1B,CAAC;AAOF,MAAa,aAAa;IAChB,MAAM,CAAC,QAAQ,CAAgB;IACtB,KAAK,GAAG,IAAI,GAAG,EAAuB,CAAC;IACvC,OAAO,CAAS;IAEjC;QACE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,kCAAkC,CAAC;IACnF,CAAC;IAED,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;YAC5B,aAAa,CAAC,QAAQ,GAAG,IAAI,aAAa,EAAE,CAAC;QAC/C,CAAC;QACD,OAAO,aAAa,CAAC,QAAQ,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,QAAgB;QAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,IAAI,MAAM,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,GAAG,eAAe,EAAE,CAAC;YACvD,OAAO,MAAM,CAAC,KAAK,CAAC;QACtB,CAAC;QAED,wCAAwC;QACxC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,oBAAoB,QAAQ,EAAE,EAAE;gBACrE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;aAClC,CAAC,CAAC;YAEH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;gBACX,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;gBACrD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;gBAChE,OAAO,IAAI,CAAC,KAAK,CAAC;YACpB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,qCAAqC;QACvC,CAAC;QAED,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,2DAA2D;YAC3D,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC,CAAC;YACpF,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,+CAA+C;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY;QACV,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YACxD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;CACF;AA3DD,sCA2DC"}

package/dist/server/security/acl.d.ts

@@ -0,0 +1,28 @@
+import { z } from 'zod';
+export declare const ToolACLSchema: z.ZodObject<{
+    toolName: z.ZodString;
+    walletAddress: z.ZodOptional<z.ZodString>;
+    creditScore: z.ZodOptional<z.ZodNumber>;
+    paidTier: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    toolName: string;
+    paidTier: boolean;
+    walletAddress?: string | undefined;
+    creditScore?: number | undefined;
+}, {
+    toolName: string;
+    walletAddress?: string | undefined;
+    creditScore?: number | undefined;
+    paidTier?: boolean | undefined;
+}>;
+export type ToolACL = z.infer<typeof ToolACLSchema>;
+export declare class ACL {
+    private static instance;
+    private constructor();
+    static getInstance(): ACL;
+    isFree(toolName: string): boolean;
+    requiresPayment(toolName: string): boolean;
+    requiresAP2(toolName: string): boolean;
+    minCreditScore(_toolName: string): number;
+}
+//# sourceMappingURL=acl.d.ts.map

package/dist/server/security/acl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"acl.d.ts","sourceRoot":"","sources":["../../../src/server/security/acl.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;EAKxB,CAAC;AAEH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAIpD,qBAAa,GAAG;IACd,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAM;IAE7B,OAAO;IAEP,MAAM,CAAC,WAAW,IAAI,GAAG;IAOzB,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAIjC,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAI1C,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAKtC,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;CAG1C"}

package/dist/server/security/acl.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ACL = exports.ToolACLSchema = void 0;
+const zod_1 = require("zod");
+exports.ToolACLSchema = zod_1.z.object({
+    toolName: zod_1.z.string(),
+    walletAddress: zod_1.z.string().optional(),
+    creditScore: zod_1.z.number().optional(),
+    paidTier: zod_1.z.boolean().default(false),
+});
+const FREE_TOOLS = new Set(['ftd_threshold_scan_alerts', 'nexus_agent_hire_query']);
+class ACL {
+    static instance;
+    constructor() { }
+    static getInstance() {
+        if (!ACL.instance) {
+            ACL.instance = new ACL();
+        }
+        return ACL.instance;
+    }
+    isFree(toolName) {
+        return FREE_TOOLS.has(toolName);
+    }
+    requiresPayment(toolName) {
+        return !this.isFree(toolName);
+    }
+    requiresAP2(toolName) {
+        // leviathan, xmit, xdeo require AP2 per spec
+        return ['leviathan_signal', 'xmit_edgar_decode', 'xdeo_earnings_estimate'].includes(toolName);
+    }
+    minCreditScore(_toolName) {
+        return 300;
+    }
+}
+exports.ACL = ACL;
+//# sourceMappingURL=acl.js.map

package/dist/server/security/acl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"acl.js","sourceRoot":"","sources":["../../../src/server/security/acl.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAEX,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IACpC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,QAAQ,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACrC,CAAC,CAAC;AAIH,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,2BAA2B,EAAE,wBAAwB,CAAC,CAAC,CAAC;AAEpF,MAAa,GAAG;IACN,MAAM,CAAC,QAAQ,CAAM;IAE7B,gBAAuB,CAAC;IAExB,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAClB,GAAG,CAAC,QAAQ,GAAG,IAAI,GAAG,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,GAAG,CAAC,QAAQ,CAAC;IACtB,CAAC;IAED,MAAM,CAAC,QAAgB;QACrB,OAAO,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED,eAAe,CAAC,QAAgB;QAC9B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAED,WAAW,CAAC,QAAgB;QAC1B,6CAA6C;QAC7C,OAAO,CAAC,kBAAkB,EAAE,mBAAmB,EAAE,wBAAwB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAChG,CAAC;IAED,cAAc,CAAC,SAAiB;QAC9B,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AA5BD,kBA4BC"}

package/dist/server/security/audit.d.ts

@@ -0,0 +1,15 @@
+export declare class AuditLogger {
+    private static instance;
+    private seq;
+    private prevHash;
+    private readonly logPath;
+    private readonly hmacSecret;
+    private constructor();
+    static getInstance(): AuditLogger;
+    private log;
+    private redact;
+    info(event: string, data?: Record<string, unknown>): void;
+    warn(event: string, data?: Record<string, unknown>): void;
+    error(event: string, data?: Record<string, unknown>): void;
+}
+//# sourceMappingURL=audit.d.ts.map

package/dist/server/security/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../../src/server/security/audit.ts"],"names":[],"mappings":"AAiBA,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAc;IACrC,OAAO,CAAC,GAAG,CAAK;IAChB,OAAO,CAAC,QAAQ,CAAsE;IACtF,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IAEpC,OAAO;IAKP,MAAM,CAAC,WAAW,IAAI,WAAW;IAOjC,OAAO,CAAC,GAAG;IA8BX,OAAO,CAAC,MAAM;IAgBd,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,IAAI;IAI7D,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,IAAI;IAI7D,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,IAAI;CAG/D"}

package/dist/server/security/audit.js

@@ -0,0 +1,77 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditLogger = void 0;
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+// Append-only SHA-256 chained audit log (N5)
+// Each entry includes the hash of the previous entry — tampering breaks the chain.
+class AuditLogger {
+    static instance;
+    seq = 0;
+    prevHash = '0000000000000000000000000000000000000000000000000000000000000000';
+    logPath;
+    hmacSecret;
+    constructor() {
+        this.logPath = process.env['AUDIT_LOG_PATH'] ?? './audit.log';
+        this.hmacSecret = process.env['AUDIT_HMAC_SECRET'] ?? 'mcp-x402-audit-secret';
+    }
+    static getInstance() {
+        if (!AuditLogger.instance) {
+            AuditLogger.instance = new AuditLogger();
+        }
+        return AuditLogger.instance;
+    }
+    log(level, event, data) {
+        const seq = ++this.seq;
+        const ts = Date.now();
+        // Redact PII (N3): hash wallet addresses, never log raw filing content
+        const safeData = this.redact(data);
+        const payload = JSON.stringify({ seq, ts, level, event, data: safeData, prev_hash: this.prevHash });
+        const hash = (0, crypto_1.createHmac)('sha256', this.hmacSecret).update(payload).digest('hex');
+        const entry = {
+            seq,
+            ts,
+            level,
+            event,
+            data: safeData,
+            prev_hash: this.prevHash,
+            hash,
+        };
+        this.prevHash = hash;
+        try {
+            (0, fs_1.appendFileSync)(this.logPath, JSON.stringify(entry) + '\n', 'utf8');
+        }
+        catch {
+            // If log write fails, emit to stderr but don't crash
+            process.stderr.write(`[audit-fail] ${JSON.stringify(entry)}\n`);
+        }
+    }
+    redact(data) {
+        const out = {};
+        for (const [k, v] of Object.entries(data)) {
+            if (k === 'wallet' || k === 'address') {
+                // Hash wallet addresses (N3)
+                out[k] = (0, crypto_1.createHash)('sha256').update(String(v)).digest('hex').slice(0, 16) + '...';
+            }
+            else if (k === 'content' || k === 'raw_text' || k === 'filing') {
+                // Never log raw filing data (N3)
+                out[k] = '[REDACTED]';
+            }
+            else {
+                out[k] = v;
+            }
+        }
+        return out;
+    }
+    info(event, data = {}) {
+        this.log('info', event, data);
+    }
+    warn(event, data = {}) {
+        this.log('warn', event, data);
+    }
+    error(event, data = {}) {
+        this.log('error', event, data);
+    }
+}
+exports.AuditLogger = AuditLogger;
+//# sourceMappingURL=audit.js.map

package/dist/server/security/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../src/server/security/audit.ts"],"names":[],"mappings":";;;AAAA,mCAAgD;AAChD,2BAAoC;AAcpC,6CAA6C;AAC7C,mFAAmF;AACnF,MAAa,WAAW;IACd,MAAM,CAAC,QAAQ,CAAc;IAC7B,GAAG,GAAG,CAAC,CAAC;IACR,QAAQ,GAAG,kEAAkE,CAAC;IACrE,OAAO,CAAS;IAChB,UAAU,CAAS;IAEpC;QACE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,aAAa,CAAC;QAC9D,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,uBAAuB,CAAC;IAChF,CAAC;IAED,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,WAAW,CAAC,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAEO,GAAG,CAAC,KAAe,EAAE,KAAa,EAAE,IAA6B;QACvE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC;QACvB,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEtB,uEAAuE;QACvE,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAEnC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACpG,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,KAAK,GAAa;YACtB,GAAG;YACH,EAAE;YACF,KAAK;YACL,KAAK;YACL,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,IAAI;SACL,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QAErB,IAAI,CAAC;YACH,IAAA,mBAAc,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;QACrE,CAAC;QAAC,MAAM,CAAC;YACP,qDAAqD;YACrD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,IAA6B;QAC1C,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACtC,6BAA6B;gBAC7B,GAAG,CAAC,CAAC,CAAC,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC;YACrF,CAAC;iBAAM,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjE,iCAAiC;gBACjC,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,IAAI,CAAC,KAAa,EAAE,OAAgC,EAAE;QACpD,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC;IAED,IAAI,CAAC,KAAa,EAAE,OAAgC,EAAE;QACpD,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,KAAa,EAAE,OAAgC,EAAE;QACrD,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IACjC,CAAC;CACF;AA5ED,kCA4EC"}

package/dist/server/security/rate-limit.d.ts

@@ -0,0 +1,12 @@
+export declare class RateLimiter {
+    private static instance;
+    private readonly toolBuckets;
+    private readonly walletBuckets;
+    private readonly ipBuckets;
+    private constructor();
+    static getInstance(): RateLimiter;
+    checkTool(toolName: string): boolean;
+    checkWallet(wallet: string): boolean;
+    checkIp(ip: string): boolean;
+}
+//# sourceMappingURL=rate-limit.d.ts.map

package/dist/server/security/rate-limit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../../src/server/security/rate-limit.ts"],"names":[],"mappings":"AAaA,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAkC;IAC9D,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAkC;IAChE,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAyD;IAEnF,OAAO;IAEP,MAAM,CAAC,WAAW,IAAI,WAAW;IAOjC,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAqBpC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAqBpC,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;CAa7B"}

package/dist/server/security/rate-limit.js

@@ -0,0 +1,72 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RateLimiter = void 0;
+const PER_TOOL_MINUTE_LIMIT = 100;
+const PER_WALLET_DAY_LIMIT = 1000;
+const IP_MINUTE_LIMIT = 200;
+function nowMs() {
+    return Date.now();
+}
+class RateLimiter {
+    static instance;
+    toolBuckets = new Map();
+    walletBuckets = new Map();
+    ipBuckets = new Map();
+    constructor() { }
+    static getInstance() {
+        if (!RateLimiter.instance) {
+            RateLimiter.instance = new RateLimiter();
+        }
+        return RateLimiter.instance;
+    }
+    checkTool(toolName) {
+        const now = nowMs();
+        let bucket = this.toolBuckets.get(toolName);
+        if (!bucket) {
+            bucket = {
+                minute: { count: 0, resetAt: now + 60_000 },
+                day: { count: 0, resetAt: now + 86_400_000 },
+            };
+            this.toolBuckets.set(toolName, bucket);
+        }
+        if (now > bucket.minute.resetAt) {
+            bucket.minute = { count: 0, resetAt: now + 60_000 };
+        }
+        if (bucket.minute.count >= PER_TOOL_MINUTE_LIMIT)
+            return false;
+        bucket.minute.count++;
+        return true;
+    }
+    checkWallet(wallet) {
+        const now = nowMs();
+        let bucket = this.walletBuckets.get(wallet);
+        if (!bucket) {
+            bucket = {
+                minute: { count: 0, resetAt: now + 60_000 },
+                day: { count: 0, resetAt: now + 86_400_000 },
+            };
+            this.walletBuckets.set(wallet, bucket);
+        }
+        if (now > bucket.day.resetAt) {
+            bucket.day = { count: 0, resetAt: now + 86_400_000 };
+        }
+        if (bucket.day.count >= PER_WALLET_DAY_LIMIT)
+            return false;
+        bucket.day.count++;
+        return true;
+    }
+    checkIp(ip) {
+        const now = nowMs();
+        let entry = this.ipBuckets.get(ip);
+        if (!entry || now > entry.resetAt) {
+            entry = { count: 0, resetAt: now + 60_000 };
+            this.ipBuckets.set(ip, entry);
+        }
+        if (entry.count >= IP_MINUTE_LIMIT)
+            return false;
+        entry.count++;
+        return true;
+    }
+}
+exports.RateLimiter = RateLimiter;
+//# sourceMappingURL=rate-limit.js.map

package/dist/server/security/rate-limit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limit.js","sourceRoot":"","sources":["../../../src/server/security/rate-limit.ts"],"names":[],"mappings":";;;AAKA,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAClC,MAAM,eAAe,GAAG,GAAG,CAAC;AAE5B,SAAS,KAAK;IACZ,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC;AACpB,CAAC;AAED,MAAa,WAAW;IACd,MAAM,CAAC,QAAQ,CAAc;IACpB,WAAW,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC7C,aAAa,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC/C,SAAS,GAAG,IAAI,GAAG,EAA8C,CAAC;IAEnF,gBAAuB,CAAC;IAExB,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,WAAW,CAAC,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAED,SAAS,CAAC,QAAgB;QACxB,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;QACpB,IAAI,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG;gBACP,MAAM,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,EAAE;gBAC3C,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,UAAU,EAAE;aAC7C,CAAC;YACF,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAChC,MAAM,CAAC,MAAM,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,EAAE,CAAC;QACtD,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,qBAAqB;YAAE,OAAO,KAAK,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,WAAW,CAAC,MAAc;QACxB,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;QACpB,IAAI,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAE5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG;gBACP,MAAM,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,EAAE;gBAC3C,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,UAAU,EAAE;aAC7C,CAAC;YACF,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAC7B,MAAM,CAAC,GAAG,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,UAAU,EAAE,CAAC;QACvD,CAAC;QAED,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,oBAAoB;YAAE,OAAO,KAAK,CAAC;QAC3D,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,EAAU;QAChB,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;QACpB,IAAI,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEnC,IAAI,CAAC,KAAK,IAAI,GAAG,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;YAClC,KAAK,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,EAAE,CAAC;YAC5C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAChC,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,IAAI,eAAe;YAAE,OAAO,KAAK,CAAC;QACjD,KAAK,CAAC,KAAK,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAtED,kCAsEC"}

package/dist/server/security/sandbox.d.ts

@@ -0,0 +1,7 @@
+import { z } from 'zod';
+export declare class Sandbox {
+    static validate<T>(schema: z.ZodType<T>, input: unknown): T;
+    static validateUrl(raw: string): URL;
+    static sanitizeApiResponse(text: string): string;
+}
+//# sourceMappingURL=sandbox.d.ts.map

package/dist/server/security/sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../../src/server/security/sandbox.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,qBAAa,OAAO;IAClB,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,GAAG,CAAC;IAY3D,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG;IAcpC,MAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;CAQjD"}

package/dist/server/security/sandbox.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Sandbox = void 0;
+// Sandboxed input validation layer — all tool inputs pass through here before execution.
+// No eval(), no dynamic require(), no raw SQL (N4 enforcement at schema layer).
+class Sandbox {
+    static validate(schema, input) {
+        const result = schema.safeParse(input);
+        if (!result.success) {
+            const issues = result.error.issues
+                .map((i) => `${i.path.join('.')}: ${i.message}`)
+                .join('; ');
+            throw new Error(`Input validation failed: ${issues}`);
+        }
+        return result.data;
+    }
+    // Ensure URL is http/https only — no file://, data://, javascript:
+    static validateUrl(raw) {
+        let url;
+        try {
+            url = new URL(raw);
+        }
+        catch {
+            throw new Error(`Invalid URL: ${raw}`);
+        }
+        if (url.protocol !== 'http:' && url.protocol !== 'https:') {
+            throw new Error(`Disallowed URL protocol: ${url.protocol}`);
+        }
+        return url;
+    }
+    // Strip any response content that looks like a prompt injection attempt
+    static sanitizeApiResponse(text) {
+        // Remove common injection markers
+        return text
+            .replace(/<\/?system>/gi, '')
+            .replace(/\[INST\]/gi, '')
+            .replace(/\[\/?INST\]/gi, '')
+            .slice(0, 50_000); // Hard cap on returned content size
+    }
+}
+exports.Sandbox = Sandbox;
+//# sourceMappingURL=sandbox.js.map

package/dist/server/security/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../../src/server/security/sandbox.ts"],"names":[],"mappings":";;;AAEA,yFAAyF;AACzF,gFAAgF;AAChF,MAAa,OAAO;IAClB,MAAM,CAAC,QAAQ,CAAI,MAAoB,EAAE,KAAc;QACrD,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM;iBAC/B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;iBAC/C,IAAI,CAAC,IAAI,CAAC,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,MAAM,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;IAED,mEAAmE;IACnE,MAAM,CAAC,WAAW,CAAC,GAAW;QAC5B,IAAI,GAAQ,CAAC;QACb,IAAI,CAAC;YACH,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,wEAAwE;IACxE,MAAM,CAAC,mBAAmB,CAAC,IAAY;QACrC,kCAAkC;QAClC,OAAO,IAAI;aACR,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC;aAC5B,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;aACzB,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC;aAC5B,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,oCAAoC;IAC3D,CAAC;CACF;AAnCD,0BAmCC"}

package/dist/server/tools/agentcard.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+export declare function registerAgentCard(server: McpServer): void;
+//# sourceMappingURL=agentcard.d.ts.map

package/dist/server/tools/agentcard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agentcard.d.ts","sourceRoot":"","sources":["../../../src/server/tools/agentcard.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AA0BzE,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA0GzD"}