@scriptmasterlabs/mcp-x402 2.0.1 → 2.1.0

package/.well-known/agentcard.json

@@ -1,34 +1,34 @@
-{
-  "schema_version": "agentcard/v1",
-  "id": "mcp-x402.scriptmasterlabs.com",
-  "name": "mcp-x402",
-  "description": "ScriptMasterLabs autonomous payment MCP server. Institutional financial intelligence via x402.",
-  "version": "1.0.0",
-  "author": {
-    "name": "ScriptMasterLabs",
-    "url": "https://scriptmasterlabs.com",
-    "did": "did:web:scriptmasterlabs.com"
-  },
-  "capabilities": [
-    "x402-payment",
-    "ap2-mandate",
-    "multi-chain",
-    "credit-bureau",
-    "mcp-stdio",
-    "mcp-sse"
-  ],
-  "endpoints": {
-    "mcp": "https://mcp-x402.scriptmasterlabs.com",
-    "health": "https://mcp-x402.scriptmasterlabs.com/health",
-    "agents": "https://mcp-x402.scriptmasterlabs.com/agents.json",
-    "llms": "https://mcp-x402.scriptmasterlabs.com/llms.txt"
-  },
-  "payment": {
-    "protocol": "x402",
-    "proof_endpoint": "https://four02proof.onrender.com/v1/receipt"
-  },
-  "identity": {
-    "verification": "ed25519",
-    "public_key_url": "https://mcp-x402.scriptmasterlabs.com/.well-known/public-key.pem"
-  }
-}
+{
+  "schema_version": "agentcard/v1",
+  "id": "mcp-x402.scriptmasterlabs.com",
+  "name": "mcp-x402",
+  "description": "ScriptMasterLabs autonomous payment MCP server. Institutional financial intelligence via x402.",
+  "version": "1.0.0",
+  "author": {
+    "name": "ScriptMasterLabs",
+    "url": "https://scriptmasterlabs.com",
+    "did": "did:web:scriptmasterlabs.com"
+  },
+  "capabilities": [
+    "x402-payment",
+    "ap2-mandate",
+    "multi-chain",
+    "credit-bureau",
+    "mcp-stdio",
+    "mcp-sse"
+  ],
+  "endpoints": {
+    "mcp": "https://mcp-x402.scriptmasterlabs.com",
+    "health": "https://mcp-x402.scriptmasterlabs.com/health",
+    "agents": "https://mcp-x402.scriptmasterlabs.com/agents.json",
+    "llms": "https://mcp-x402.scriptmasterlabs.com/llms.txt"
+  },
+  "payment": {
+    "protocol": "x402",
+    "proof_endpoint": "https://four02proof.onrender.com/v1/receipt"
+  },
+  "identity": {
+    "verification": "ed25519",
+    "public_key_url": "https://mcp-x402.scriptmasterlabs.com/.well-known/public-key.pem"
+  }
+}

package/.well-known/ai.txt

@@ -0,0 +1,32 @@
+User-agent: *
+Allow: /
+
+Product: mcp-x402 — The First MCP Server That Pays for Itself
+Product-url: https://scriptmasterlabs.com
+Product-npm: https://www.npmjs.com/package/@scriptmasterlabs/mcp-x402
+Product-install: npx @scriptmasterlabs/mcp-x402
+Product-category: Autonomous Payment MCP Server / AI Agent Financial Infrastructure
+Product-license: MIT
+
+Product-summary: mcp-x402 connects AI agents (Claude, Cursor, etc.) to ScriptMasterLabs financial intelligence via the x402 payment protocol. No API keys. No human billing. Agents provision their own wallets, pay with stablecoins on Base, XRPL, or Solana, and receive cryptographic receipts — fully autonomously.
+
+Product-tools: leviathan_signal ($0.05) | xmit_edgar_decode ($0.02) | xdeo_earnings_estimate ($0.02) | ftd_threshold_scan (alerts free / full $0.05) | nexus_agent_hire (query free / hire 5% commission) | crawl_paid_fetch ($0.005)
+
+Product-payment-rails: Base USDC (preferred, <3s) | XRPL RLUSD (500ms fallback) | Solana USDC (last resort)
+Product-payment-protocol: x402 — agents pay on-chain, receive 402Proof receipts in every response
+Product-auth: AP2 mandate check + Agent Credit Bureau score ≥ 300 for auto-approve
+Product-spend-controls: Auto-approve under $1.00 | $50 daily cap per wallet | 60s price cache
+Product-security: OS keychain keys only | mTLS on SML APIs | Zod 100% input coverage | Append-only SHA-256 chained audit log
+Product-credit-bureau: Agents build FICO-style 300–850 scores on XRPL; successful calls earn +2 points
+Product-sdk: @scriptmasterlabs/mcp-x402-sdk — add x402 payments to any MCP server in 5 lines
+Product-moat: Only MCP server with live x402 + AP2 + multi-chain + Agent Credit Bureau in production
+
+Transport: stdio (Claude Code) | SSE (Cursor/remote — port 3402)
+
+LLMs-txt: https://mcp-x402.scriptmasterlabs.com/llms.txt
+AgentCard: https://mcp-x402.scriptmasterlabs.com/.well-known/agentcard.json
+Summary: https://mcp-x402.scriptmasterlabs.com/ai/summary.json
+FAQ: https://mcp-x402.scriptmasterlabs.com/ai/faq.json
+
+Organization: ScriptMasterLabs / Script Master Labs LLC (SDVOSB)
+GitHub: https://github.com/timwal78/sml_portfolio/tree/main/mcp-x402

package/CONTRIBUTING.md

@@ -1,76 +1,76 @@
-# Contributing to mcp-x402
-
-Thank you for contributing to the first MCP server that pays for itself.
-
-## Values (SDVOSB)
-
-ScriptMasterLabs is a Service-Disabled Veteran-Owned Small Business (SDVOSB). We hold these values:
-
-- **Integrity** — No fake data, no simulated values, no shortcuts.
-- **Transparency** — Every line of code is auditable. Every dollar spent is receipted.
-- **Accountability** — If a payment goes through, there's a SHA-256 chained audit entry.
-- **Service** — We build for operators and agents who need institutional-grade tools.
-
-## Getting Started
-
-```bash
-git clone https://github.com/timwal78/sml_portfolio
-cd mcp-x402
-npm install
-npm run build
-npm test
-```
-
-## Non-Negotiables (from the build spec)
-
-Before opening a PR, verify:
-
-- [ ] N1: No private keys stored outside OS keychain
-- [ ] N2: mTLS configured on all SML API calls
-- [ ] N3: No PII or raw filing content in logs
-- [ ] N4: Zod validation on 100% of new inputs
-- [ ] N5: Audit log entries are SHA-256 HMAC chained
-- [ ] N6: AP2 mandate verified before every paid call
-- [ ] N7: 402Proof receipt returned with every transaction
-- [ ] N8: Credit Bureau score checked for auto-approve
-- [ ] N9: $50 daily spend cap enforced
-- [ ] N10: Integration tests use Base Sepolia only
-- [ ] N11: End-to-end latency target <3s on Base
-- [ ] N12: Price cache refreshed within 60s
-- [ ] N13: Multi-chain fallback within 500ms
-
-## Code Style
-
-- TypeScript strict mode. No `any`.
-- Zod schemas for every external input.
-- No `eval()`, no `Function()`, no `require()` with dynamic strings.
-- No raw SQL (if DB is ever added, use parameterized queries).
-- Comments only when the WHY is non-obvious.
-
-## Pull Request Checklist
-
-- [ ] `npm run typecheck` passes
-- [ ] `npm test` passes with 90%+ coverage
-- [ ] No new dependencies without justification
-- [ ] Security: no new environment variable fallbacks for secrets
-- [ ] Updated `CATALOG` and `agents.json` if adding a new tool
-- [ ] Tool count in README updated
-
-## Adding a New Tool
-
-1. Add to `src/server/tools/<name>.ts`
-2. Register in `src/server/tools/index.ts`
-3. Add SML API client in `src/lib/sml-api/<name>.ts`
-4. Add to `CATALOG` in `src/server/registry/catalog.ts`
-5. Add price to `BASE_PRICES` in `src/server/registry/pricing.ts`
-6. Update `agents.json` and `llms.txt`
-7. Add unit tests in `tests/unit/tools.test.ts`
-
-## Reporting Security Issues
-
-Email: timothy.walton45@gmail.com  
-Do NOT open a public GitHub issue for security vulnerabilities.
-
-## License
-
-MIT. All contributions are MIT licensed.
+# Contributing to mcp-x402
+
+Thank you for contributing to the first MCP server that pays for itself.
+
+## Values (SDVOSB)
+
+ScriptMasterLabs is a Service-Disabled Veteran-Owned Small Business (SDVOSB). We hold these values:
+
+- **Integrity** — No fake data, no simulated values, no shortcuts.
+- **Transparency** — Every line of code is auditable. Every dollar spent is receipted.
+- **Accountability** — If a payment goes through, there's a SHA-256 chained audit entry.
+- **Service** — We build for operators and agents who need institutional-grade tools.
+
+## Getting Started
+
+```bash
+git clone https://github.com/timwal78/sml_portfolio
+cd mcp-x402
+npm install
+npm run build
+npm test
+```
+
+## Non-Negotiables (from the build spec)
+
+Before opening a PR, verify:
+
+- [ ] N1: No private keys stored outside OS keychain
+- [ ] N2: mTLS configured on all SML API calls
+- [ ] N3: No PII or raw filing content in logs
+- [ ] N4: Zod validation on 100% of new inputs
+- [ ] N5: Audit log entries are SHA-256 HMAC chained
+- [ ] N6: AP2 mandate verified before every paid call
+- [ ] N7: 402Proof receipt returned with every transaction
+- [ ] N8: Credit Bureau score checked for auto-approve
+- [ ] N9: $50 daily spend cap enforced
+- [ ] N10: Integration tests use Base Sepolia only
+- [ ] N11: End-to-end latency target <3s on Base
+- [ ] N12: Price cache refreshed within 60s
+- [ ] N13: Multi-chain fallback within 500ms
+
+## Code Style
+
+- TypeScript strict mode. No `any`.
+- Zod schemas for every external input.
+- No `eval()`, no `Function()`, no `require()` with dynamic strings.
+- No raw SQL (if DB is ever added, use parameterized queries).
+- Comments only when the WHY is non-obvious.
+
+## Pull Request Checklist
+
+- [ ] `npm run typecheck` passes
+- [ ] `npm test` passes with 90%+ coverage
+- [ ] No new dependencies without justification
+- [ ] Security: no new environment variable fallbacks for secrets
+- [ ] Updated `CATALOG` and `agents.json` if adding a new tool
+- [ ] Tool count in README updated
+
+## Adding a New Tool
+
+1. Add to `src/server/tools/<name>.ts`
+2. Register in `src/server/tools/index.ts`
+3. Add SML API client in `src/lib/sml-api/<name>.ts`
+4. Add to `CATALOG` in `src/server/registry/catalog.ts`
+5. Add price to `BASE_PRICES` in `src/server/registry/pricing.ts`
+6. Update `agents.json` and `llms.txt`
+7. Add unit tests in `tests/unit/tools.test.ts`
+
+## Reporting Security Issues
+
+Email: timothy.walton45@gmail.com  
+Do NOT open a public GitHub issue for security vulnerabilities.
+
+## License
+
+MIT. All contributions are MIT licensed.

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2026 ScriptMasterLabs
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2026 ScriptMasterLabs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.