@scriptmasterlabs/mcp-x402 2.0.2 → 2.1.1

package/dist/server/security/acl.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"acl.js","sourceRoot":"","sources":["../../../src/server/security/acl.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAEX,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IACpC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,QAAQ,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACrC,CAAC,CAAC;AAIH,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,2BAA2B,EAAE,wBAAwB,CAAC,CAAC,CAAC;AAEpF,MAAa,GAAG;IACN,MAAM,CAAC,QAAQ,CAAM;IAE7B,gBAAuB,CAAC;IAExB,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAClB,GAAG,CAAC,QAAQ,GAAG,IAAI,GAAG,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,GAAG,CAAC,QAAQ,CAAC;IACtB,CAAC;IAED,MAAM,CAAC,QAAgB;QACrB,OAAO,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED,eAAe,CAAC,QAAgB;QAC9B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAED,WAAW,CAAC,QAAgB;QAC1B,6CAA6C;QAC7C,OAAO,CAAC,kBAAkB,EAAE,mBAAmB,EAAE,wBAAwB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAChG,CAAC;IAED,cAAc,CAAC,SAAiB;QAC9B,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AA5BD,kBA4BC"}

package/dist/server/security/audit.d.ts

@@ -1,15 +0,0 @@
-export declare class AuditLogger {
-    private static instance;
-    private seq;
-    private prevHash;
-    private readonly logPath;
-    private readonly hmacSecret;
-    private constructor();
-    static getInstance(): AuditLogger;
-    private log;
-    private redact;
-    info(event: string, data?: Record<string, unknown>): void;
-    warn(event: string, data?: Record<string, unknown>): void;
-    error(event: string, data?: Record<string, unknown>): void;
-}
-//# sourceMappingURL=audit.d.ts.map

package/dist/server/security/audit.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../../src/server/security/audit.ts"],"names":[],"mappings":"AAiBA,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAc;IACrC,OAAO,CAAC,GAAG,CAAK;IAChB,OAAO,CAAC,QAAQ,CAAsE;IACtF,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IAEpC,OAAO;IAKP,MAAM,CAAC,WAAW,IAAI,WAAW;IAOjC,OAAO,CAAC,GAAG;IA8BX,OAAO,CAAC,MAAM;IAgBd,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,IAAI;IAI7D,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,IAAI;IAI7D,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,IAAI;CAG/D"}

package/dist/server/security/audit.js

@@ -1,77 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuditLogger = void 0;
-const crypto_1 = require("crypto");
-const fs_1 = require("fs");
-// Append-only SHA-256 chained audit log (N5)
-// Each entry includes the hash of the previous entry — tampering breaks the chain.
-class AuditLogger {
-    static instance;
-    seq = 0;
-    prevHash = '0000000000000000000000000000000000000000000000000000000000000000';
-    logPath;
-    hmacSecret;
-    constructor() {
-        this.logPath = process.env['AUDIT_LOG_PATH'] ?? './audit.log';
-        this.hmacSecret = process.env['AUDIT_HMAC_SECRET'] ?? 'mcp-x402-audit-secret';
-    }
-    static getInstance() {
-        if (!AuditLogger.instance) {
-            AuditLogger.instance = new AuditLogger();
-        }
-        return AuditLogger.instance;
-    }
-    log(level, event, data) {
-        const seq = ++this.seq;
-        const ts = Date.now();
-        // Redact PII (N3): hash wallet addresses, never log raw filing content
-        const safeData = this.redact(data);
-        const payload = JSON.stringify({ seq, ts, level, event, data: safeData, prev_hash: this.prevHash });
-        const hash = (0, crypto_1.createHmac)('sha256', this.hmacSecret).update(payload).digest('hex');
-        const entry = {
-            seq,
-            ts,
-            level,
-            event,
-            data: safeData,
-            prev_hash: this.prevHash,
-            hash,
-        };
-        this.prevHash = hash;
-        try {
-            (0, fs_1.appendFileSync)(this.logPath, JSON.stringify(entry) + '\n', 'utf8');
-        }
-        catch {
-            // If log write fails, emit to stderr but don't crash
-            process.stderr.write(`[audit-fail] ${JSON.stringify(entry)}\n`);
-        }
-    }
-    redact(data) {
-        const out = {};
-        for (const [k, v] of Object.entries(data)) {
-            if (k === 'wallet' || k === 'address') {
-                // Hash wallet addresses (N3)
-                out[k] = (0, crypto_1.createHash)('sha256').update(String(v)).digest('hex').slice(0, 16) + '...';
-            }
-            else if (k === 'content' || k === 'raw_text' || k === 'filing') {
-                // Never log raw filing data (N3)
-                out[k] = '[REDACTED]';
-            }
-            else {
-                out[k] = v;
-            }
-        }
-        return out;
-    }
-    info(event, data = {}) {
-        this.log('info', event, data);
-    }
-    warn(event, data = {}) {
-        this.log('warn', event, data);
-    }
-    error(event, data = {}) {
-        this.log('error', event, data);
-    }
-}
-exports.AuditLogger = AuditLogger;
-//# sourceMappingURL=audit.js.map

package/dist/server/security/audit.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../src/server/security/audit.ts"],"names":[],"mappings":";;;AAAA,mCAAgD;AAChD,2BAAoC;AAcpC,6CAA6C;AAC7C,mFAAmF;AACnF,MAAa,WAAW;IACd,MAAM,CAAC,QAAQ,CAAc;IAC7B,GAAG,GAAG,CAAC,CAAC;IACR,QAAQ,GAAG,kEAAkE,CAAC;IACrE,OAAO,CAAS;IAChB,UAAU,CAAS;IAEpC;QACE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,aAAa,CAAC;QAC9D,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,uBAAuB,CAAC;IAChF,CAAC;IAED,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,WAAW,CAAC,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAEO,GAAG,CAAC,KAAe,EAAE,KAAa,EAAE,IAA6B;QACvE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC;QACvB,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEtB,uEAAuE;QACvE,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAEnC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACpG,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,KAAK,GAAa;YACtB,GAAG;YACH,EAAE;YACF,KAAK;YACL,KAAK;YACL,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,IAAI;SACL,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QAErB,IAAI,CAAC;YACH,IAAA,mBAAc,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;QACrE,CAAC;QAAC,MAAM,CAAC;YACP,qDAAqD;YACrD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,IAA6B;QAC1C,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACtC,6BAA6B;gBAC7B,GAAG,CAAC,CAAC,CAAC,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC;YACrF,CAAC;iBAAM,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjE,iCAAiC;gBACjC,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,IAAI,CAAC,KAAa,EAAE,OAAgC,EAAE;QACpD,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC;IAED,IAAI,CAAC,KAAa,EAAE,OAAgC,EAAE;QACpD,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,KAAa,EAAE,OAAgC,EAAE;QACrD,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IACjC,CAAC;CACF;AA5ED,kCA4EC"}

package/dist/server/security/rate-limit.d.ts

@@ -1,12 +0,0 @@
-export declare class RateLimiter {
-    private static instance;
-    private readonly toolBuckets;
-    private readonly walletBuckets;
-    private readonly ipBuckets;
-    private constructor();
-    static getInstance(): RateLimiter;
-    checkTool(toolName: string): boolean;
-    checkWallet(wallet: string): boolean;
-    checkIp(ip: string): boolean;
-}
-//# sourceMappingURL=rate-limit.d.ts.map

package/dist/server/security/rate-limit.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../../src/server/security/rate-limit.ts"],"names":[],"mappings":"AAaA,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAkC;IAC9D,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAkC;IAChE,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAyD;IAEnF,OAAO;IAEP,MAAM,CAAC,WAAW,IAAI,WAAW;IAOjC,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAqBpC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAqBpC,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;CAa7B"}

package/dist/server/security/rate-limit.js

@@ -1,72 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.RateLimiter = void 0;
-const PER_TOOL_MINUTE_LIMIT = 100;
-const PER_WALLET_DAY_LIMIT = 1000;
-const IP_MINUTE_LIMIT = 200;
-function nowMs() {
-    return Date.now();
-}
-class RateLimiter {
-    static instance;
-    toolBuckets = new Map();
-    walletBuckets = new Map();
-    ipBuckets = new Map();
-    constructor() { }
-    static getInstance() {
-        if (!RateLimiter.instance) {
-            RateLimiter.instance = new RateLimiter();
-        }
-        return RateLimiter.instance;
-    }
-    checkTool(toolName) {
-        const now = nowMs();
-        let bucket = this.toolBuckets.get(toolName);
-        if (!bucket) {
-            bucket = {
-                minute: { count: 0, resetAt: now + 60_000 },
-                day: { count: 0, resetAt: now + 86_400_000 },
-            };
-            this.toolBuckets.set(toolName, bucket);
-        }
-        if (now > bucket.minute.resetAt) {
-            bucket.minute = { count: 0, resetAt: now + 60_000 };
-        }
-        if (bucket.minute.count >= PER_TOOL_MINUTE_LIMIT)
-            return false;
-        bucket.minute.count++;
-        return true;
-    }
-    checkWallet(wallet) {
-        const now = nowMs();
-        let bucket = this.walletBuckets.get(wallet);
-        if (!bucket) {
-            bucket = {
-                minute: { count: 0, resetAt: now + 60_000 },
-                day: { count: 0, resetAt: now + 86_400_000 },
-            };
-            this.walletBuckets.set(wallet, bucket);
-        }
-        if (now > bucket.day.resetAt) {
-            bucket.day = { count: 0, resetAt: now + 86_400_000 };
-        }
-        if (bucket.day.count >= PER_WALLET_DAY_LIMIT)
-            return false;
-        bucket.day.count++;
-        return true;
-    }
-    checkIp(ip) {
-        const now = nowMs();
-        let entry = this.ipBuckets.get(ip);
-        if (!entry || now > entry.resetAt) {
-            entry = { count: 0, resetAt: now + 60_000 };
-            this.ipBuckets.set(ip, entry);
-        }
-        if (entry.count >= IP_MINUTE_LIMIT)
-            return false;
-        entry.count++;
-        return true;
-    }
-}
-exports.RateLimiter = RateLimiter;
-//# sourceMappingURL=rate-limit.js.map

package/dist/server/security/rate-limit.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"rate-limit.js","sourceRoot":"","sources":["../../../src/server/security/rate-limit.ts"],"names":[],"mappings":";;;AAKA,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAClC,MAAM,eAAe,GAAG,GAAG,CAAC;AAE5B,SAAS,KAAK;IACZ,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC;AACpB,CAAC;AAED,MAAa,WAAW;IACd,MAAM,CAAC,QAAQ,CAAc;IACpB,WAAW,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC7C,aAAa,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC/C,SAAS,GAAG,IAAI,GAAG,EAA8C,CAAC;IAEnF,gBAAuB,CAAC;IAExB,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,WAAW,CAAC,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAED,SAAS,CAAC,QAAgB;QACxB,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;QACpB,IAAI,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG;gBACP,MAAM,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,EAAE;gBAC3C,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,UAAU,EAAE;aAC7C,CAAC;YACF,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAChC,MAAM,CAAC,MAAM,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,EAAE,CAAC;QACtD,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,qBAAqB;YAAE,OAAO,KAAK,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,WAAW,CAAC,MAAc;QACxB,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;QACpB,IAAI,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAE5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG;gBACP,MAAM,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,EAAE;gBAC3C,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,UAAU,EAAE;aAC7C,CAAC;YACF,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAC7B,MAAM,CAAC,GAAG,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,UAAU,EAAE,CAAC;QACvD,CAAC;QAED,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,oBAAoB;YAAE,OAAO,KAAK,CAAC;QAC3D,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,EAAU;QAChB,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;QACpB,IAAI,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEnC,IAAI,CAAC,KAAK,IAAI,GAAG,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;YAClC,KAAK,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,EAAE,CAAC;YAC5C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAChC,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,IAAI,eAAe;YAAE,OAAO,KAAK,CAAC;QACjD,KAAK,CAAC,KAAK,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAtED,kCAsEC"}

package/dist/server/security/sandbox.d.ts

@@ -1,7 +0,0 @@
-import { z } from 'zod';
-export declare class Sandbox {
-    static validate<T>(schema: z.ZodType<T>, input: unknown): T;
-    static validateUrl(raw: string): URL;
-    static sanitizeApiResponse(text: string): string;
-}
-//# sourceMappingURL=sandbox.d.ts.map

package/dist/server/security/sandbox.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../../src/server/security/sandbox.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,qBAAa,OAAO;IAClB,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,GAAG,CAAC;IAY3D,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG;IAcpC,MAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;CAQjD"}

package/dist/server/security/sandbox.js

@@ -1,42 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Sandbox = void 0;
-// Sandboxed input validation layer — all tool inputs pass through here before execution.
-// No eval(), no dynamic require(), no raw SQL (N4 enforcement at schema layer).
-class Sandbox {
-    static validate(schema, input) {
-        const result = schema.safeParse(input);
-        if (!result.success) {
-            const issues = result.error.issues
-                .map((i) => `${i.path.join('.')}: ${i.message}`)
-                .join('; ');
-            throw new Error(`Input validation failed: ${issues}`);
-        }
-        return result.data;
-    }
-    // Ensure URL is http/https only — no file://, data://, javascript:
-    static validateUrl(raw) {
-        let url;
-        try {
-            url = new URL(raw);
-        }
-        catch {
-            throw new Error(`Invalid URL: ${raw}`);
-        }
-        if (url.protocol !== 'http:' && url.protocol !== 'https:') {
-            throw new Error(`Disallowed URL protocol: ${url.protocol}`);
-        }
-        return url;
-    }
-    // Strip any response content that looks like a prompt injection attempt
-    static sanitizeApiResponse(text) {
-        // Remove common injection markers
-        return text
-            .replace(/<\/?system>/gi, '')
-            .replace(/\[INST\]/gi, '')
-            .replace(/\[\/?INST\]/gi, '')
-            .slice(0, 50_000); // Hard cap on returned content size
-    }
-}
-exports.Sandbox = Sandbox;
-//# sourceMappingURL=sandbox.js.map

package/dist/server/security/sandbox.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../../src/server/security/sandbox.ts"],"names":[],"mappings":";;;AAEA,yFAAyF;AACzF,gFAAgF;AAChF,MAAa,OAAO;IAClB,MAAM,CAAC,QAAQ,CAAI,MAAoB,EAAE,KAAc;QACrD,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM;iBAC/B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;iBAC/C,IAAI,CAAC,IAAI,CAAC,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,MAAM,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;IAED,mEAAmE;IACnE,MAAM,CAAC,WAAW,CAAC,GAAW;QAC5B,IAAI,GAAQ,CAAC;QACb,IAAI,CAAC;YACH,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,wEAAwE;IACxE,MAAM,CAAC,mBAAmB,CAAC,IAAY;QACrC,kCAAkC;QAClC,OAAO,IAAI;aACR,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC;aAC5B,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;aACzB,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC;aAC5B,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,oCAAoC;IAC3D,CAAC;CACF;AAnCD,0BAmCC"}

package/dist/server/tools/agentcard.d.ts

@@ -1,3 +0,0 @@
-import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-export declare function registerAgentCard(server: McpServer): void;
-//# sourceMappingURL=agentcard.d.ts.map

package/dist/server/tools/agentcard.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"agentcard.d.ts","sourceRoot":"","sources":["../../../src/server/tools/agentcard.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AA0BzE,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA0GzD"}

package/dist/server/tools/agentcard.js

@@ -1,118 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.registerAgentCard = registerAgentCard;
-const zod_1 = require("zod");
-const x402_js_1 = require("../payments/x402.js");
-const rate_limit_js_1 = require("../security/rate-limit.js");
-const sandbox_js_1 = require("../security/sandbox.js");
-const audit_js_1 = require("../security/audit.js");
-const pricing_js_1 = require("../registry/pricing.js");
-const agentcard_js_1 = require("../../lib/sml-api/agentcard.js");
-const LookupSchema = zod_1.z.object({
-    identifier: zod_1.z.string().min(1),
-});
-const VerifySchema = zod_1.z.object({
-    wallet_address: zod_1.z.string().min(10),
-    message: zod_1.z.string().min(1),
-    signature: zod_1.z.string().min(1),
-});
-const MintSchema = zod_1.z.object({
-    wallet_address: zod_1.z.string().min(10),
-    name: zod_1.z.string().min(1).max(64),
-    did: zod_1.z.string().optional(),
-    metadata: zod_1.z.record(zod_1.z.unknown()).optional(),
-    payment_wallet: zod_1.z.string().optional(),
-});
-function registerAgentCard(server) {
-    const audit = audit_js_1.AuditLogger.getInstance();
-    // ── FREE: agentcard_lookup ─────────────────────────────────────────────────
-    server.tool('agentcard_lookup', {
-        identifier: zod_1.z.string().describe('Agent wallet address or DID to look up.'),
-    }, async (rawArgs) => {
-        const { identifier } = sandbox_js_1.Sandbox.validate(LookupSchema, rawArgs);
-        if (!rate_limit_js_1.RateLimiter.getInstance().checkTool('agentcard_lookup')) {
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'rate_limit_exceeded', retry_after: 60 }) }], isError: true };
-        }
-        try {
-            const data = await agentcard_js_1.AgentCardAPI.lookup(identifier);
-            audit.info('agentcard_lookup', { identifier });
-            return { content: [{ type: 'text', text: JSON.stringify(data) }] };
-        }
-        catch (err) {
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'api_error', message: String(err) }) }], isError: true };
-        }
-    });
-    // ── FREE: agentcard_verify ─────────────────────────────────────────────────
-    server.tool('agentcard_verify', {
-        wallet_address: zod_1.z.string().describe('Agent wallet address that signed the message.'),
-        message: zod_1.z.string().describe('Original message that was signed.'),
-        signature: zod_1.z.string().describe('Ed25519 signature (hex or base64).'),
-    }, async (rawArgs) => {
-        const args = sandbox_js_1.Sandbox.validate(VerifySchema, rawArgs);
-        if (!rate_limit_js_1.RateLimiter.getInstance().checkTool('agentcard_verify')) {
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'rate_limit_exceeded', retry_after: 60 }) }], isError: true };
-        }
-        try {
-            const data = await agentcard_js_1.AgentCardAPI.verify({
-                walletAddress: args.wallet_address,
-                message: args.message,
-                signature: args.signature,
-            });
-            audit.info('agentcard_verify', { wallet_address: args.wallet_address });
-            return { content: [{ type: 'text', text: JSON.stringify(data) }] };
-        }
-        catch (err) {
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'api_error', message: String(err) }) }], isError: true };
-        }
-    });
-    // ── PAID: agentcard_mint (0.01 USDC) ──────────────────────────────────────
-    server.tool('agentcard_mint', {
-        wallet_address: zod_1.z.string().describe('XRPL wallet address for the new agent identity.'),
-        name: zod_1.z.string().describe('Human-readable agent name (max 64 chars).'),
-        did: zod_1.z.string().describe('Optional DID (decentralized identifier) for the agent.'),
-        metadata: zod_1.z.record(zod_1.z.unknown()).describe('Optional metadata object (capabilities, version, etc.).'),
-        payment_wallet: zod_1.z.string().describe('Wallet to pay x402 fee from (defaults to wallet_address).'),
-    }, async (rawArgs) => {
-        const args = sandbox_js_1.Sandbox.validate(MintSchema, rawArgs);
-        const paymentWallet = args.payment_wallet ?? args.wallet_address;
-        if (!rate_limit_js_1.RateLimiter.getInstance().checkTool('agentcard_mint')) {
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'rate_limit_exceeded', retry_after: 60 }) }], isError: true };
-        }
-        await pricing_js_1.PriceRegistry.getInstance().seedDefaults();
-        const price = await pricing_js_1.PriceRegistry.getInstance().getPrice('agentcard_mint');
-        if (!price) {
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'price_unavailable' }) }], isError: true };
-        }
-        let payment;
-        try {
-            payment = await (0, x402_js_1.executeX402Payment)({ price, currency: 'USDC', toolName: 'agentcard_mint', walletAddress: paymentWallet });
-        }
-        catch (err) {
-            audit.warn('agentcard_mint_payment_fail', { error: String(err) });
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'payment_failed', message: String(err) }) }], isError: true };
-        }
-        try {
-            const data = await agentcard_js_1.AgentCardAPI.mint({
-                walletAddress: args.wallet_address,
-                name: args.name,
-                did: args.did,
-                metadata: args.metadata,
-            });
-            audit.info('agentcard_mint_success', { name: args.name, receiptId: payment.receiptId });
-            return {
-                content: [{
-                        type: 'text',
-                        text: JSON.stringify({
-                            data,
-                            _meta: { receipt_id: payment.receiptId, tx_hash: payment.txHash, chain: payment.chain, amount_paid: `${payment.amountPaid} ${payment.currency}`, timestamp: payment.timestamp },
-                        }),
-                    }],
-            };
-        }
-        catch (err) {
-            audit.error('agentcard_mint_api_fail', { error: String(err) });
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'api_error', message: String(err) }) }], isError: true };
-        }
-    });
-}
-//# sourceMappingURL=agentcard.js.map

package/dist/server/tools/agentcard.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"agentcard.js","sourceRoot":"","sources":["../../../src/server/tools/agentcard.ts"],"names":[],"mappings":";;AA2BA,8CA0GC;AArID,6BAAwB;AAExB,iDAAyD;AACzD,6DAAwD;AACxD,uDAAiD;AACjD,mDAAmD;AACnD,uDAAuD;AACvD,iEAA8D;AAE9D,MAAM,YAAY,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5B,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC9B,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5B,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAClC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7B,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1B,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAClC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAC/B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,QAAQ,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC1C,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH,SAAgB,iBAAiB,CAAC,MAAiB;IACjD,MAAM,KAAK,GAAG,sBAAW,CAAC,WAAW,EAAE,CAAC;IAExC,8EAA8E;IAC9E,MAAM,CAAC,IAAI,CACT,kBAAkB,EAClB;QACE,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;KAC3E,EACD,KAAK,EAAE,OAAO,EAAE,EAAE;QAChB,MAAM,EAAE,UAAU,EAAE,GAAG,oBAAO,CAAC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC/D,IAAI,CAAC,2BAAW,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC7D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACjI,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,2BAAY,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YACnD,KAAK,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;YAC/C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACrE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC5H,CAAC;IACH,CAAC,CACF,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,IAAI,CACT,kBAAkB,EAClB;QACE,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+CAA+C,CAAC;QACpF,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;QACjE,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;KACrE,EACD,KAAK,EAAE,OAAO,EAAE,EAAE;QAChB,MAAM,IAAI,GAAG,oBAAO,CAAC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACrD,IAAI,CAAC,2BAAW,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC7D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACjI,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,2BAAY,CAAC,MAAM,CAAC;gBACrC,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAC,CAAC;YACH,KAAK,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;YACxE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACrE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC5H,CAAC;IACH,CAAC,CACF,CAAC;IAEF,6EAA6E;IAC7E,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB;QACE,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC;QACtF,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;QACtE,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wDAAwD,CAAC;QAClF,QAAQ,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,yDAAyD,CAAC;QACnG,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2DAA2D,CAAC;KACjG,EACD,KAAK,EAAE,OAAO,EAAE,EAAE;QAChB,MAAM,IAAI,GAAG,oBAAO,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,aAAa,GAAG,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,CAAC;QAEjE,IAAI,CAAC,2BAAW,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC3D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACjI,CAAC;QAED,MAAM,0BAAa,CAAC,WAAW,EAAE,CAAC,YAAY,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,MAAM,0BAAa,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QAC3E,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC9G,CAAC;QAED,IAAI,OAAO,CAAC;QACZ,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,IAAA,4BAAkB,EAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;QAC5H,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAClE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACjI,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,2BAAY,CAAC,IAAI,CAAC;gBACnC,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;aACxB,CAAC,CAAC;YACH,KAAK,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;YACxF,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,IAAI;4BACJ,KAAK,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE;yBAChL,CAAC;qBACH,CAAC;aACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC5H,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/server/tools/backtest.d.ts

@@ -1,3 +0,0 @@
-import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-export declare function registerBacktest(server: McpServer): void;
-//# sourceMappingURL=backtest.d.ts.map

package/dist/server/tools/backtest.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"backtest.d.ts","sourceRoot":"","sources":["../../../src/server/tools/backtest.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AA2BzE,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA0FxD"}

package/dist/server/tools/backtest.js

@@ -1,112 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.registerBacktest = registerBacktest;
-const zod_1 = require("zod");
-const x402_js_1 = require("../payments/x402.js");
-const rate_limit_js_1 = require("../security/rate-limit.js");
-const sandbox_js_1 = require("../security/sandbox.js");
-const audit_js_1 = require("../security/audit.js");
-const pricing_js_1 = require("../registry/pricing.js");
-const backtest_js_1 = require("../../lib/sml-api/backtest.js");
-const BacktestSchema = zod_1.z.object({
-    ticker: zod_1.z.string().min(1).max(10).toUpperCase(),
-    lookback_days: zod_1.z.number().int().min(30).max(1260).default(252),
-    fees: zod_1.z.number().min(0).max(0.05).default(0.001),
-    slippage: zod_1.z.number().min(0).max(0.05).default(0.0005),
-    momentum_window: zod_1.z.number().int().min(2).max(50).default(10),
-    momentum_threshold: zod_1.z.number().min(0).max(0.1).default(0.001),
-    wallet_address: zod_1.z.string().optional(),
-});
-const ValidateSchema = zod_1.z.object({
-    ticker: zod_1.z.string().min(1).max(10).toUpperCase(),
-    lookback_days: zod_1.z.number().int().min(60).max(1260).default(504),
-    train_ratio: zod_1.z.number().min(0.5).max(0.9).default(0.7),
-    fees: zod_1.z.number().min(0).max(0.05).default(0.001),
-    slippage: zod_1.z.number().min(0).max(0.05).default(0.0005),
-    wallet_address: zod_1.z.string().optional(),
-});
-function registerBacktest(server) {
-    const audit = audit_js_1.AuditLogger.getInstance();
-    // ── backtest_run — full backtest on live price data (FREE) ─────────────────
-    server.tool('backtest_run', {
-        ticker: zod_1.z.string().describe('Ticker symbol (e.g. NVDA, SPY, GME)'),
-        lookback_days: zod_1.z.number().describe('Days of history to backtest (30–1260, default 252)'),
-        fees: zod_1.z.number().describe('Round-trip commission rate (default 0.001 = 0.1%)'),
-        slippage: zod_1.z.number().describe('Slippage per side (default 0.0005)'),
-        momentum_window: zod_1.z.number().describe('Momentum rolling window in days (default 10)'),
-        momentum_threshold: zod_1.z.number().describe('Minimum momentum to enter long (default 0.001)'),
-        wallet_address: zod_1.z.string().describe('Agent wallet address (optional)'),
-    }, async (rawArgs) => {
-        const args = sandbox_js_1.Sandbox.validate(BacktestSchema, rawArgs);
-        if (!rate_limit_js_1.RateLimiter.getInstance().checkTool('backtest_run')) {
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'rate_limit_exceeded' }) }], isError: true };
-        }
-        try {
-            const result = await backtest_js_1.BacktestAPI.backtest({
-                ticker: args.ticker,
-                lookback_days: args.lookback_days,
-                fees: args.fees,
-                slippage: args.slippage,
-                momentum_window: args.momentum_window,
-                momentum_threshold: args.momentum_threshold,
-            });
-            audit.info('backtest_run_success', { ticker: args.ticker });
-            return { content: [{ type: 'text', text: JSON.stringify(result) }] };
-        }
-        catch (err) {
-            audit.warn('backtest_run_fail', { error: String(err) });
-            return { content: [{ type: 'text', text: JSON.stringify({ error: String(err) }) }], isError: true };
-        }
-    });
-    // ── backtest_validate — walk-forward OOS validation ($0.02) ───────────────
-    server.tool('backtest_validate', {
-        ticker: zod_1.z.string().describe('Ticker symbol to validate'),
-        lookback_days: zod_1.z.number().describe('Total history window (60–1260, default 504 = 2 years)'),
-        train_ratio: zod_1.z.number().describe('Train/test split ratio (default 0.7 = 70% in-sample)'),
-        fees: zod_1.z.number().describe('Round-trip commission rate (default 0.001)'),
-        slippage: zod_1.z.number().describe('Slippage per side (default 0.0005)'),
-        wallet_address: zod_1.z.string().describe('Agent wallet for x402 payment (AP2 required)'),
-    }, async (rawArgs) => {
-        const args = sandbox_js_1.Sandbox.validate(ValidateSchema, rawArgs);
-        if (!rate_limit_js_1.RateLimiter.getInstance().checkTool('backtest_validate')) {
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'rate_limit_exceeded' }) }], isError: true };
-        }
-        await pricing_js_1.PriceRegistry.getInstance().seedDefaults();
-        const price = await pricing_js_1.PriceRegistry.getInstance().getPrice('backtest_validate');
-        if (!price) {
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'price_unavailable' }) }], isError: true };
-        }
-        let payment;
-        try {
-            payment = await (0, x402_js_1.executeX402Payment)({ price, currency: 'USDC', toolName: 'backtest_validate', walletAddress: args.wallet_address });
-        }
-        catch (err) {
-            audit.warn('backtest_validate_payment_fail', { error: String(err) });
-            return { content: [{ type: 'text', text: JSON.stringify({ error: 'payment_failed', message: String(err) }) }], isError: true };
-        }
-        try {
-            const result = await backtest_js_1.BacktestAPI.walkForward({
-                ticker: args.ticker,
-                lookback_days: args.lookback_days,
-                train_ratio: args.train_ratio,
-                fees: args.fees,
-                slippage: args.slippage,
-            });
-            audit.info('backtest_validate_success', { ticker: args.ticker });
-            return {
-                content: [{
-                        type: 'text',
-                        text: JSON.stringify({
-                            ...result,
-                            _meta: { receipt_id: payment.receiptId, tx_hash: payment.txHash, chain: payment.chain, amount_paid: `${payment.amountPaid} ${payment.currency}` },
-                        }),
-                    }],
-            };
-        }
-        catch (err) {
-            audit.warn('backtest_validate_fail', { error: String(err) });
-            return { content: [{ type: 'text', text: JSON.stringify({ error: String(err) }) }], isError: true };
-        }
-    });
-}
-//# sourceMappingURL=backtest.js.map

package/dist/server/tools/backtest.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"backtest.js","sourceRoot":"","sources":["../../../src/server/tools/backtest.ts"],"names":[],"mappings":";;AA4BA,4CA0FC;AAtHD,6BAAwB;AAExB,iDAAyD;AACzD,6DAAwD;AACxD,uDAAiD;AACjD,mDAAmD;AACnD,uDAAuD;AACvD,+DAA4D;AAE5D,MAAM,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE;IAC/C,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAC9D,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAChD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACrD,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAC5D,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAC7D,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE;IAC/C,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAC9D,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IACtD,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAChD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACrD,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH,SAAgB,gBAAgB,CAAC,MAAiB;IAChD,MAAM,KAAK,GAAG,sBAAW,CAAC,WAAW,EAAE,CAAC;IAExC,8EAA8E;IAC9E,MAAM,CAAC,IAAI,CACT,cAAc,EACd;QACE,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;QAClE,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oDAAoD,CAAC;QACxF,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mDAAmD,CAAC;QAC9E,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;QACnE,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;QACpF,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC;QACzF,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;KACvE,EACD,KAAK,EAAE,OAAO,EAAE,EAAE;QAChB,MAAM,IAAI,GAAG,oBAAO,CAAC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,2BAAW,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,cAAc,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAChH,CAAC;QACD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,yBAAW,CAAC,QAAQ,CAAC;gBACxC,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,eAAe,EAAE,IAAI,CAAC,eAAe;gBACrC,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;aAC5C,CAAC,CAAC;YACH,KAAK,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YAC5D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;QACvE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACxD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACtG,CAAC;IACH,CAAC,CACF,CAAC;IAEF,6EAA6E;IAC7E,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB;QACE,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;QACxD,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uDAAuD,CAAC;QAC3F,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sDAAsD,CAAC;QACxF,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;QACvE,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;QACnE,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;KACpF,EACD,KAAK,EAAE,OAAO,EAAE,EAAE;QAChB,MAAM,IAAI,GAAG,oBAAO,CAAC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,2BAAW,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC9D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAChH,CAAC;QACD,MAAM,0BAAa,CAAC,WAAW,EAAE,CAAC,YAAY,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,MAAM,0BAAa,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAC9E,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC9G,CAAC;QACD,IAAI,OAAO,CAAC;QACZ,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,IAAA,4BAAkB,EAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,mBAAmB,EAAE,aAAa,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QACrI,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACrE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACjI,CAAC;QACD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,yBAAW,CAAC,WAAW,CAAC;gBAC3C,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;aACxB,CAAC,CAAC;YACH,KAAK,CAAC,IAAI,CAAC,2BAA2B,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YACjE,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,GAAI,MAAiB;4BACrB,KAAK,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,QAAQ,EAAE,EAAE;yBAClJ,CAAC;qBACH,CAAC;aACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACtG,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/server/tools/brokers.d.ts

@@ -1,3 +0,0 @@
-import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-export declare function registerBrokers(server: McpServer): void;
-//# sourceMappingURL=brokers.d.ts.map

package/dist/server/tools/brokers.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"brokers.d.ts","sourceRoot":"","sources":["../../../src/server/tools/brokers.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AA8CzE,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA0MvD"}