npm - @scriptmasterlabs/mcp-x402 - Versions diffs - 2.0.2 → 2.1.1 - Mend

@scriptmasterlabs/mcp-x402 2.0.2 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (323) hide show

package/.well-known/x402.json +37 -0
package/LICENSE +57 -21
package/README.md +262 -304
package/dist/index.d.ts +12 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +9 -0
package/dist/index.js.map +1 -0
package/dist/mcp-wrapper.d.ts +71 -0
package/dist/mcp-wrapper.d.ts.map +1 -0
package/dist/mcp-wrapper.js +104 -0
package/dist/mcp-wrapper.js.map +1 -0
package/dist/x402-middleware.d.ts +76 -0
package/dist/x402-middleware.d.ts.map +1 -0
package/dist/x402-middleware.js +113 -0
package/dist/x402-middleware.js.map +1 -0
package/dist/xrpl-facilitator.d.ts +77 -0
package/dist/xrpl-facilitator.d.ts.map +1 -0
package/dist/xrpl-facilitator.js +156 -0
package/dist/xrpl-facilitator.js.map +1 -0
package/llms.txt +108 -70
package/package.json +65 -78
package/schema.jsonld +97 -0
package/.env.example +0 -35
package/.github/workflows/ci.yml +0 -59
package/.github/workflows/keepalive.yml +0 -31
package/.well-known/agentcard.json +0 -34
package/CONTRIBUTING.md +0 -76
package/Dockerfile +0 -19
package/agents.json +0 -67
package/dist/lib/chains/base.d.ts +0 -10
package/dist/lib/chains/base.d.ts.map +0 -1
package/dist/lib/chains/base.js +0 -73
package/dist/lib/chains/base.js.map +0 -1
package/dist/lib/chains/solana.d.ts +0 -10
package/dist/lib/chains/solana.d.ts.map +0 -1
package/dist/lib/chains/solana.js +0 -49
package/dist/lib/chains/solana.js.map +0 -1
package/dist/lib/chains/xrpl.d.ts +0 -10
package/dist/lib/chains/xrpl.d.ts.map +0 -1
package/dist/lib/chains/xrpl.js +0 -55
package/dist/lib/chains/xrpl.js.map +0 -1
package/dist/lib/credit/bureau.d.ts +0 -10
package/dist/lib/credit/bureau.d.ts.map +0 -1
package/dist/lib/credit/bureau.js +0 -58
package/dist/lib/credit/bureau.js.map +0 -1
package/dist/lib/sml-api/agentcard.d.ts +0 -17
package/dist/lib/sml-api/agentcard.d.ts.map +0 -1
package/dist/lib/sml-api/agentcard.js +0 -30
package/dist/lib/sml-api/agentcard.js.map +0 -1
package/dist/lib/sml-api/backtest.d.ts +0 -22
package/dist/lib/sml-api/backtest.d.ts.map +0 -1
package/dist/lib/sml-api/backtest.js +0 -28
package/dist/lib/sml-api/backtest.js.map +0 -1
package/dist/lib/sml-api/brokers.d.ts +0 -40
package/dist/lib/sml-api/brokers.d.ts.map +0 -1
package/dist/lib/sml-api/brokers.js +0 -128
package/dist/lib/sml-api/brokers.js.map +0 -1
package/dist/lib/sml-api/copytrader.d.ts +0 -11
package/dist/lib/sml-api/copytrader.d.ts.map +0 -1
package/dist/lib/sml-api/copytrader.js +0 -30
package/dist/lib/sml-api/copytrader.js.map +0 -1
package/dist/lib/sml-api/crawl.d.ts +0 -20
package/dist/lib/sml-api/crawl.d.ts.map +0 -1
package/dist/lib/sml-api/crawl.js +0 -32
package/dist/lib/sml-api/crawl.js.map +0 -1
package/dist/lib/sml-api/echo.d.ts +0 -10
package/dist/lib/sml-api/echo.d.ts.map +0 -1
package/dist/lib/sml-api/echo.js +0 -23
package/dist/lib/sml-api/echo.js.map +0 -1
package/dist/lib/sml-api/forge.d.ts +0 -11
package/dist/lib/sml-api/forge.d.ts.map +0 -1
package/dist/lib/sml-api/forge.js +0 -29
package/dist/lib/sml-api/forge.js.map +0 -1
package/dist/lib/sml-api/ftd.d.ts +0 -18
package/dist/lib/sml-api/ftd.d.ts.map +0 -1
package/dist/lib/sml-api/ftd.js +0 -43
package/dist/lib/sml-api/ftd.js.map +0 -1
package/dist/lib/sml-api/ghost.d.ts +0 -13
package/dist/lib/sml-api/ghost.d.ts.map +0 -1
package/dist/lib/sml-api/ghost.js +0 -29
package/dist/lib/sml-api/ghost.js.map +0 -1
package/dist/lib/sml-api/launchpad.d.ts +0 -20
package/dist/lib/sml-api/launchpad.d.ts.map +0 -1
package/dist/lib/sml-api/launchpad.js +0 -31
package/dist/lib/sml-api/launchpad.js.map +0 -1
package/dist/lib/sml-api/leviathan.d.ts +0 -22
package/dist/lib/sml-api/leviathan.d.ts.map +0 -1
package/dist/lib/sml-api/leviathan.js +0 -33
package/dist/lib/sml-api/leviathan.js.map +0 -1
package/dist/lib/sml-api/nexus.d.ts +0 -18
package/dist/lib/sml-api/nexus.d.ts.map +0 -1
package/dist/lib/sml-api/nexus.js +0 -40
package/dist/lib/sml-api/nexus.js.map +0 -1
package/dist/lib/sml-api/proof402.d.ts +0 -6
package/dist/lib/sml-api/proof402.d.ts.map +0 -1
package/dist/lib/sml-api/proof402.js +0 -30
package/dist/lib/sml-api/proof402.js.map +0 -1
package/dist/lib/sml-api/rails.d.ts +0 -12
package/dist/lib/sml-api/rails.d.ts.map +0 -1
package/dist/lib/sml-api/rails.js +0 -29
package/dist/lib/sml-api/rails.js.map +0 -1
package/dist/lib/sml-api/shadow.d.ts +0 -15
package/dist/lib/sml-api/shadow.d.ts.map +0 -1
package/dist/lib/sml-api/shadow.js +0 -27
package/dist/lib/sml-api/shadow.js.map +0 -1
package/dist/lib/sml-api/squeezeos.d.ts +0 -21
package/dist/lib/sml-api/squeezeos.d.ts.map +0 -1
package/dist/lib/sml-api/squeezeos.js +0 -97
package/dist/lib/sml-api/squeezeos.js.map +0 -1
package/dist/lib/sml-api/xdeo.d.ts +0 -13
package/dist/lib/sml-api/xdeo.d.ts.map +0 -1
package/dist/lib/sml-api/xdeo.js +0 -34
package/dist/lib/sml-api/xdeo.js.map +0 -1
package/dist/lib/sml-api/xmit.d.ts +0 -13
package/dist/lib/sml-api/xmit.d.ts.map +0 -1
package/dist/lib/sml-api/xmit.js +0 -34
package/dist/lib/sml-api/xmit.js.map +0 -1
package/dist/server/health.d.ts +0 -16
package/dist/server/health.d.ts.map +0 -1
package/dist/server/health.js +0 -39
package/dist/server/health.js.map +0 -1
package/dist/server/index.d.ts +0 -3
package/dist/server/index.d.ts.map +0 -1
package/dist/server/index.js +0 -199
package/dist/server/index.js.map +0 -1
package/dist/server/payments/ap2.d.ts +0 -17
package/dist/server/payments/ap2.d.ts.map +0 -1
package/dist/server/payments/ap2.js +0 -77
package/dist/server/payments/ap2.js.map +0 -1
package/dist/server/payments/receipt.d.ts +0 -28
package/dist/server/payments/receipt.d.ts.map +0 -1
package/dist/server/payments/receipt.js +0 -60
package/dist/server/payments/receipt.js.map +0 -1
package/dist/server/payments/router.d.ts +0 -23
package/dist/server/payments/router.d.ts.map +0 -1
package/dist/server/payments/router.js +0 -69
package/dist/server/payments/router.js.map +0 -1
package/dist/server/payments/wallet.d.ts +0 -18
package/dist/server/payments/wallet.d.ts.map +0 -1
package/dist/server/payments/wallet.js +0 -107
package/dist/server/payments/wallet.js.map +0 -1
package/dist/server/payments/x402.d.ts +0 -29
package/dist/server/payments/x402.d.ts.map +0 -1
package/dist/server/payments/x402.js +0 -138
package/dist/server/payments/x402.js.map +0 -1
package/dist/server/registry/catalog.d.ts +0 -12
package/dist/server/registry/catalog.d.ts.map +0 -1
package/dist/server/registry/catalog.js +0 -55
package/dist/server/registry/catalog.js.map +0 -1
package/dist/server/registry/discovery.d.ts +0 -16
package/dist/server/registry/discovery.d.ts.map +0 -1
package/dist/server/registry/discovery.js +0 -33
package/dist/server/registry/discovery.js.map +0 -1
package/dist/server/registry/pricing.d.ts +0 -10
package/dist/server/registry/pricing.d.ts.map +0 -1
package/dist/server/registry/pricing.js +0 -123
package/dist/server/registry/pricing.js.map +0 -1
package/dist/server/security/acl.d.ts +0 -28
package/dist/server/security/acl.d.ts.map +0 -1
package/dist/server/security/acl.js +0 -36
package/dist/server/security/acl.js.map +0 -1
package/dist/server/security/audit.d.ts +0 -15
package/dist/server/security/audit.d.ts.map +0 -1
package/dist/server/security/audit.js +0 -77
package/dist/server/security/audit.js.map +0 -1
package/dist/server/security/rate-limit.d.ts +0 -12
package/dist/server/security/rate-limit.d.ts.map +0 -1
package/dist/server/security/rate-limit.js +0 -72
package/dist/server/security/rate-limit.js.map +0 -1
package/dist/server/security/sandbox.d.ts +0 -7
package/dist/server/security/sandbox.d.ts.map +0 -1
package/dist/server/security/sandbox.js +0 -42
package/dist/server/security/sandbox.js.map +0 -1
package/dist/server/tools/agentcard.d.ts +0 -3
package/dist/server/tools/agentcard.d.ts.map +0 -1
package/dist/server/tools/agentcard.js +0 -118
package/dist/server/tools/agentcard.js.map +0 -1
package/dist/server/tools/backtest.d.ts +0 -3
package/dist/server/tools/backtest.d.ts.map +0 -1
package/dist/server/tools/backtest.js +0 -112
package/dist/server/tools/backtest.js.map +0 -1
package/dist/server/tools/brokers.d.ts +0 -3
package/dist/server/tools/brokers.d.ts.map +0 -1
package/dist/server/tools/brokers.js +0 -223
package/dist/server/tools/brokers.js.map +0 -1
package/dist/server/tools/copytrader.d.ts +0 -3
package/dist/server/tools/copytrader.d.ts.map +0 -1
package/dist/server/tools/copytrader.js +0 -90
package/dist/server/tools/copytrader.js.map +0 -1
package/dist/server/tools/crawl.d.ts +0 -3
package/dist/server/tools/crawl.d.ts.map +0 -1
package/dist/server/tools/crawl.js +0 -60
package/dist/server/tools/crawl.js.map +0 -1
package/dist/server/tools/discovery.d.ts +0 -3
package/dist/server/tools/discovery.d.ts.map +0 -1
package/dist/server/tools/discovery.js +0 -188
package/dist/server/tools/discovery.js.map +0 -1
package/dist/server/tools/echo.d.ts +0 -3
package/dist/server/tools/echo.d.ts.map +0 -1
package/dist/server/tools/echo.js +0 -48
package/dist/server/tools/echo.js.map +0 -1
package/dist/server/tools/forge.d.ts +0 -3
package/dist/server/tools/forge.d.ts.map +0 -1
package/dist/server/tools/forge.js +0 -77
package/dist/server/tools/forge.js.map +0 -1
package/dist/server/tools/ftd.d.ts +0 -3
package/dist/server/tools/ftd.d.ts.map +0 -1
package/dist/server/tools/ftd.js +0 -70
package/dist/server/tools/ftd.js.map +0 -1
package/dist/server/tools/ghost.d.ts +0 -3
package/dist/server/tools/ghost.d.ts.map +0 -1
package/dist/server/tools/ghost.js +0 -83
package/dist/server/tools/ghost.js.map +0 -1
package/dist/server/tools/index.d.ts +0 -3
package/dist/server/tools/index.d.ts.map +0 -1
package/dist/server/tools/index.js +0 -44
package/dist/server/tools/index.js.map +0 -1
package/dist/server/tools/launchpad.d.ts +0 -3
package/dist/server/tools/launchpad.d.ts.map +0 -1
package/dist/server/tools/launchpad.js +0 -151
package/dist/server/tools/launchpad.js.map +0 -1
package/dist/server/tools/leviathan.d.ts +0 -3
package/dist/server/tools/leviathan.d.ts.map +0 -1
package/dist/server/tools/leviathan.js +0 -73
package/dist/server/tools/leviathan.js.map +0 -1
package/dist/server/tools/nexus.d.ts +0 -3
package/dist/server/tools/nexus.d.ts.map +0 -1
package/dist/server/tools/nexus.js +0 -65
package/dist/server/tools/nexus.js.map +0 -1
package/dist/server/tools/proof402.d.ts +0 -3
package/dist/server/tools/proof402.d.ts.map +0 -1
package/dist/server/tools/proof402.js +0 -74
package/dist/server/tools/proof402.js.map +0 -1
package/dist/server/tools/rails.d.ts +0 -3
package/dist/server/tools/rails.d.ts.map +0 -1
package/dist/server/tools/rails.js +0 -82
package/dist/server/tools/rails.js.map +0 -1
package/dist/server/tools/shadow.d.ts +0 -3
package/dist/server/tools/shadow.d.ts.map +0 -1
package/dist/server/tools/shadow.js +0 -114
package/dist/server/tools/shadow.js.map +0 -1
package/dist/server/tools/squeezeos.d.ts +0 -3
package/dist/server/tools/squeezeos.d.ts.map +0 -1
package/dist/server/tools/squeezeos.js +0 -231
package/dist/server/tools/squeezeos.js.map +0 -1
package/dist/server/tools/xdeo.d.ts +0 -3
package/dist/server/tools/xdeo.d.ts.map +0 -1
package/dist/server/tools/xdeo.js +0 -58
package/dist/server/tools/xdeo.js.map +0 -1
package/dist/server/tools/xmit.d.ts +0 -3
package/dist/server/tools/xmit.d.ts.map +0 -1
package/dist/server/tools/xmit.js +0 -59
package/dist/server/tools/xmit.js.map +0 -1
package/docker-compose.yml +0 -50
package/mcp-publisher.exe +0 -0
package/render.yaml +0 -39
package/sdk/mcp-x402-sdk/package.json +0 -18
package/sdk/mcp-x402-sdk/src/index.ts +0 -118
package/sdk/mcp-x402-sdk/tsconfig.json +0 -14
package/server.json +0 -48
package/services/backtest_service.py +0 -176
package/src/lib/chains/base.ts +0 -77
package/src/lib/chains/solana.ts +0 -59
package/src/lib/chains/xrpl.ts +0 -63
package/src/lib/credit/bureau.ts +0 -65
package/src/lib/sml-api/agentcard.ts +0 -40
package/src/lib/sml-api/backtest.ts +0 -47
package/src/lib/sml-api/brokers.ts +0 -160
package/src/lib/sml-api/copytrader.ts +0 -33
package/src/lib/sml-api/crawl.ts +0 -44
package/src/lib/sml-api/echo.ts +0 -28
package/src/lib/sml-api/forge.ts +0 -33
package/src/lib/sml-api/ftd.ts +0 -53
package/src/lib/sml-api/ghost.ts +0 -35
package/src/lib/sml-api/launchpad.ts +0 -43
package/src/lib/sml-api/leviathan.ts +0 -49
package/src/lib/sml-api/nexus.ts +0 -50
package/src/lib/sml-api/proof402.ts +0 -27
package/src/lib/sml-api/rails.ts +0 -34
package/src/lib/sml-api/shadow.ts +0 -35
package/src/lib/sml-api/squeezeos.ts +0 -95
package/src/lib/sml-api/xdeo.ts +0 -40
package/src/lib/sml-api/xmit.ts +0 -40
package/src/server/health.ts +0 -52
package/src/server/index.ts +0 -213
package/src/server/payments/ap2.ts +0 -101
package/src/server/payments/receipt.ts +0 -85
package/src/server/payments/router.ts +0 -110
package/src/server/payments/wallet.ts +0 -123
package/src/server/payments/x402.ts +0 -177
package/src/server/registry/catalog.ts +0 -61
package/src/server/registry/discovery.ts +0 -39
package/src/server/registry/pricing.ts +0 -133
package/src/server/security/acl.ts +0 -42
package/src/server/security/audit.ts +0 -94
package/src/server/security/rate-limit.ts +0 -84
package/src/server/security/sandbox.ts +0 -40
package/src/server/tools/agentcard.ts +0 -134
package/src/server/tools/backtest.ts +0 -119
package/src/server/tools/brokers.ts +0 -250
package/src/server/tools/copytrader.ts +0 -104
package/src/server/tools/crawl.ts +0 -70
package/src/server/tools/discovery.ts +0 -202
package/src/server/tools/echo.ts +0 -58
package/src/server/tools/forge.ts +0 -87
package/src/server/tools/ftd.ts +0 -88
package/src/server/tools/ghost.ts +0 -93
package/src/server/tools/index.ts +0 -42
package/src/server/tools/launchpad.ts +0 -173
package/src/server/tools/leviathan.ts +0 -81
package/src/server/tools/nexus.ts +0 -76
package/src/server/tools/proof402.ts +0 -87
package/src/server/tools/rails.ts +0 -92
package/src/server/tools/shadow.ts +0 -128
package/src/server/tools/squeezeos.ts +0 -312
package/src/server/tools/xdeo.ts +0 -67
package/src/server/tools/xmit.ts +0 -68
package/tests/integration/e2e.test.ts +0 -51
package/tests/unit/payments.test.ts +0 -49
package/tests/unit/security.test.ts +0 -92
package/tests/unit/tools.test.ts +0 -42
package/tsconfig.json +0 -21
package/vitest.config.ts +0 -20

package/src/lib/sml-api/shadow.ts DELETED Viewed

@@ -1,35 +0,0 @@
-const SHADOW_BASE = process.env['SHADOW_DESK_URL'] ?? 'https://shadow-desk.onrender.com';
-const SHADOW_ADMIN_KEY = process.env['SHADOW_ADMIN_API_KEY'] ?? '';
-async function shadowPost(path: string, body: unknown): Promise<unknown> {
-  const headers: Record<string, string> = {
-    'Accept': 'application/json',
-    'Content-Type': 'application/json',
-  };
-  if (SHADOW_ADMIN_KEY) headers['X-Admin-Key'] = SHADOW_ADMIN_KEY;
-  const res = await fetch(`${SHADOW_BASE}${path}`, {
-    method: 'POST',
-    headers,
-    body: JSON.stringify(body),
-    signal: AbortSignal.timeout(15_000),
-  });
-  if (!res.ok) throw new Error(`Shadow Desk POST ${path}: HTTP ${res.status}`);
-  return res.json();
-}
-export interface ShadowQueryParams {
-  query: string;
-  context?: string;
-  walletAddress: string;
-}
-export interface ShadowIngestParams {
-  source: string;
-  payload: unknown;
-  walletAddress: string;
-}
-export const ShadowDeskAPI = {
-  query: (params: ShadowQueryParams) => shadowPost('/query', params),
-  ingest: (params: ShadowIngestParams) => shadowPost('/ingest', params),
-};

package/src/lib/sml-api/squeezeos.ts DELETED Viewed

@@ -1,95 +0,0 @@
-import { createHmac } from 'crypto';
-const SQUEEZEOS_BASE = process.env['SQUEEZEOS_BASE_URL'] ?? 'https://squeezeos-api.onrender.com';
-const PROOF402_SECRET = process.env['PROOF402_TOKEN_SECRET'] ?? '';
-// Endpoint UUIDs — override via env vars if they change
-const ENDPOINT_UUIDS: Record<string, string> = {
-  council: process.env['SQUEEZEOS_UUID_COUNCIL'] ?? '12a0e7a1-0000-0000-0000-000000000001',
-  scan: process.env['SQUEEZEOS_UUID_SCAN'] ?? '160cf28d-0000-0000-0000-000000000002',
-  options: process.env['SQUEEZEOS_UUID_OPTIONS'] ?? 'c951a374-0000-0000-0000-000000000003',
-  iwm: process.env['SQUEEZEOS_UUID_IWM'] ?? '60f48ce0-0000-0000-0000-000000000004',
-  marketplace_read: process.env['SQUEEZEOS_UUID_MARKETPLACE_READ'] ?? 'd1a2b3c4-0000-0000-0000-000000000005',
-};
-/**
- * Generate a SqueezeOS JWT for a premium endpoint.
- * Format: base64(json).HMAC-SHA256(secret, encoded)
- */
-export function generateSqueezeOSToken(endpointKey: string, walletAddress: string): string {
-  const eid = ENDPOINT_UUIDS[endpointKey];
-  if (!eid) throw new Error(`Unknown SqueezeOS endpoint key: ${endpointKey}`);
-  if (!PROOF402_SECRET) throw new Error('PROOF402_TOKEN_SECRET is not set — cannot mint SqueezeOS JWT');
-  const payload = {
-    eid,
-    wlt: walletAddress,
-    iid: `mcp-x402-${Date.now()}`,
-    exp: Math.floor(Date.now() / 1000) + 3600, // 1 hour
-  };
-  const encoded = Buffer.from(JSON.stringify(payload)).toString('base64url');
-  const sig = createHmac('sha256', PROOF402_SECRET).update(encoded).digest('hex');
-  return `${encoded}.${sig}`;
-}
-async function squeezeGet(path: string, token?: string): Promise<unknown> {
-  const headers: Record<string, string> = { 'Accept': 'application/json' };
-  if (token) headers['X-Payment-Token'] = token;
-  const res = await fetch(`${SQUEEZEOS_BASE}${path}`, {
-    headers,
-    signal: AbortSignal.timeout(15_000),
-  });
-  if (!res.ok) throw new Error(`SqueezeOS GET ${path}: HTTP ${res.status}`);
-  return res.json();
-}
-async function squeezePost(path: string, body: unknown, token?: string): Promise<unknown> {
-  const headers: Record<string, string> = {
-    'Accept': 'application/json',
-    'Content-Type': 'application/json',
-  };
-  if (token) headers['X-Payment-Token'] = token;
-  const res = await fetch(`${SQUEEZEOS_BASE}${path}`, {
-    method: 'POST',
-    headers,
-    body: JSON.stringify(body),
-    signal: AbortSignal.timeout(15_000),
-  });
-  if (!res.ok) throw new Error(`SqueezeOS POST ${path}: HTTP ${res.status}`);
-  return res.json();
-}
-export const SqueezeOSAPI = {
-  // FREE
-  preview: (symbol: string) => squeezeGet(`/api/preview/${encodeURIComponent(symbol)}`),
-  history: (symbol?: string) => squeezeGet(symbol ? `/api/history/${encodeURIComponent(symbol)}` : '/api/history'),
-  oracle: (symbol?: string) => squeezeGet(symbol ? `/api/oracle/${encodeURIComponent(symbol)}` : '/api/oracle'),
-  ftd: () => squeezeGet('/api/ftd'),
-  status: () => squeezeGet('/api/status'),
-  demo: () => squeezeGet('/api/demo'),
-  marketplaceBrowse: () => squeezeGet('/api/marketplace'),
-  futuresLeaderboard: () => squeezeGet('/api/futures/leaderboard'),
-  // PAID — caller must supply walletAddress so we can mint the token
-  council: (symbol: string, walletAddress: string) => {
-    const token = generateSqueezeOSToken('council', walletAddress);
-    return squeezePost('/api/council', { symbol }, token);
-  },
-  scan: (walletAddress: string) => {
-    const token = generateSqueezeOSToken('scan', walletAddress);
-    return squeezeGet('/api/scan', token);
-  },
-  options: (walletAddress: string) => {
-    const token = generateSqueezeOSToken('options', walletAddress);
-    return squeezeGet('/api/options', token);
-  },
-  iwm: (walletAddress: string) => {
-    const token = generateSqueezeOSToken('iwm', walletAddress);
-    return squeezeGet('/api/iwm', token);
-  },
-  marketplaceRead: (listingId: string, walletAddress: string) => {
-    const token = generateSqueezeOSToken('marketplace_read', walletAddress);
-    return squeezePost('/api/marketplace/read', { listing_id: listingId }, token);
-  },
-};

package/src/lib/sml-api/xdeo.ts DELETED Viewed

@@ -1,40 +0,0 @@
-export interface XdeoEstimateParams {
-  ticker: string;
-  fiscalQuarter: string;
-  estimateType: 'eps' | 'revenue' | 'guidance' | 'all';
-}
-export class XdeoClient {
-  private static instance: XdeoClient;
-  private readonly baseUrl: string;
-  private constructor() {
-    this.baseUrl = process.env['SML_API_BASE'] ?? 'https://api.scriptmasterlabs.com';
-  }
-  static getInstance(): XdeoClient {
-    if (!XdeoClient.instance) {
-      XdeoClient.instance = new XdeoClient();
-    }
-    return XdeoClient.instance;
-  }
-  async getEstimate(params: XdeoEstimateParams): Promise<unknown> {
-    const res = await fetch(`${this.baseUrl}/xdeo/v1/estimate`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        ticker: params.ticker,
-        fiscal_quarter: params.fiscalQuarter,
-        estimate_type: params.estimateType,
-      }),
-      signal: AbortSignal.timeout(10_000),
-    });
-    if (!res.ok) {
-      throw new Error(`xDEO API error: HTTP ${res.status}`);
-    }
-    return res.json();
-  }
-}

package/src/lib/sml-api/xmit.ts DELETED Viewed

@@ -1,40 +0,0 @@
-export interface XmitDecodeParams {
-  filingUrl: string;
-  parseTarget: 'executive_pay' | 'holdings' | 'ownership_changes' | 'all';
-  format: 'json' | 'markdown';
-}
-export class XmitClient {
-  private static instance: XmitClient;
-  private readonly baseUrl: string;
-  private constructor() {
-    this.baseUrl = process.env['SML_API_BASE'] ?? 'https://api.scriptmasterlabs.com';
-  }
-  static getInstance(): XmitClient {
-    if (!XmitClient.instance) {
-      XmitClient.instance = new XmitClient();
-    }
-    return XmitClient.instance;
-  }
-  async decode(params: XmitDecodeParams): Promise<unknown> {
-    const res = await fetch(`${this.baseUrl}/xmit/v1/decode`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        filing_url: params.filingUrl,
-        parse_target: params.parseTarget,
-        format: params.format,
-      }),
-      signal: AbortSignal.timeout(30_000),
-    });
-    if (!res.ok) {
-      throw new Error(`xMIT API error: HTTP ${res.status}`);
-    }
-    return res.json();
-  }
-}

package/src/server/health.ts DELETED Viewed

@@ -1,52 +0,0 @@
-import type { Request, Response } from 'express';
-const startTime = Date.now();
-export interface HealthStatus {
-  status: 'ok' | 'degraded';
-  version: string;
-  transport: string;
-  uptime_seconds: number;
-  uptime_human: string;
-  timestamp: string;
-  checks: {
-    process: 'ok';
-    memory_mb: number;
-    memory_ok: boolean;
-  };
-}
-function formatUptime(ms: number): string {
-  const s = Math.floor(ms / 1000);
-  const m = Math.floor(s / 60);
-  const h = Math.floor(m / 60);
-  const d = Math.floor(h / 24);
-  if (d > 0) return `${d}d ${h % 24}h ${m % 60}m`;
-  if (h > 0) return `${h}h ${m % 60}m ${s % 60}s`;
-  if (m > 0) return `${m}m ${s % 60}s`;
-  return `${s}s`;
-}
-export function healthHandler(_req: Request, res: Response): void {
-  const uptimeMs = Date.now() - startTime;
-  const memMb = Math.round(process.memoryUsage().rss / 1024 / 1024);
-  const memOk = memMb < 450; // warn if approaching 512MB container limit
-  const body: HealthStatus = {
-    status: memOk ? 'ok' : 'degraded',
-    version: process.env['npm_package_version'] ?? '1.0.0',
-    transport: process.env['MCP_TRANSPORT'] ?? 'stdio',
-    uptime_seconds: Math.floor(uptimeMs / 1000),
-    uptime_human: formatUptime(uptimeMs),
-    timestamp: new Date().toISOString(),
-    checks: {
-      process: 'ok',
-      memory_mb: memMb,
-      memory_ok: memOk,
-    },
-  };
-  // Return 200 even if degraded — let the orchestrator decide.
-  // Only return 5xx if the process itself is fundamentally broken.
-  res.status(200).json(body);
-}

package/src/server/index.ts DELETED Viewed

@@ -1,213 +0,0 @@
-#!/usr/bin/env node
-import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
-import { SSEServerTransport } from '@modelcontextprotocol/sdk/server/sse.js';
-import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
-import express from 'express';
-import { randomUUID } from 'crypto';
-import cors from 'cors';
-import { registerTools } from './tools/index.js';
-import { AuditLogger } from './security/audit.js';
-import { RateLimiter } from './security/rate-limit.js';
-import { healthHandler } from './health.js';
-const VERSION = '1.0.0';
-async function createServer(): Promise<McpServer> {
-  const server = new McpServer(
-    { name: 'mcp-x402', version: VERSION },
-    { capabilities: { tools: {} } },
-  );
-  await registerTools(server);
-  return server;
-}
-async function runStdio(): Promise<void> {
-  const server = await createServer();
-  const transport = new StdioServerTransport();
-  await server.connect(transport);
-  AuditLogger.getInstance().info('server_start', { transport: 'stdio', version: VERSION });
-  const shutdown = async () => {
-    AuditLogger.getInstance().info('server_stop', { transport: 'stdio' });
-    await server.close();
-    process.exit(0);
-  };
-  process.on('SIGINT', shutdown);
-  process.on('SIGTERM', shutdown);
-  // Keep stdio process alive
-  process.stdin.on('end', () => {
-    AuditLogger.getInstance().warn('stdio_stdin_end', {});
-    process.exit(0);
-  });
-}
-async function runSSE(): Promise<void> {
-  const app = express();
-  const port = parseInt(process.env['MCP_SSE_PORT'] ?? '3402', 10);
-  app.use(cors({ origin: process.env['CORS_ORIGIN'] ?? '*' }));
-  app.use(express.json({ limit: '1mb' }));
-  // Health endpoint
-  app.get('/health', healthHandler);
-  // Wallet info — shows the server's derived wallet address (safe to expose, no private key)
-  app.get('/wallet', async (_req, res) => {
-    const { WalletManager } = await import('./payments/wallet.js');
-    const wallet = await WalletManager.getInstance().getOrCreateWallet();
-    res.json({ address: wallet.address, chain: wallet.chain, note: 'Fund this address with USDC on Base to enable outbound payments.' });
-  });
-  app.get('/agents.json', (_req, res) => {
-    res.sendFile('agents.json', { root: process.cwd() });
-  });
-  app.get('/llms.txt', (_req, res) => {
-    res.sendFile('llms.txt', { root: process.cwd() });
-  });
-  app.get('/.well-known/agentcard.json', (_req, res) => {
-    res.sendFile('.well-known/agentcard.json', { root: process.cwd() });
-  });
-  // FIX: Root handler — was 404, now returns service discovery
-  app.get('/', (_req, res) => {
-    res.json({
-      name: 'mcp-x402',
-      version: VERSION,
-      description: 'The x402 Amazon — 43+ tools, pay-per-call via XRPL. scriptmasterlabs.com',
-      status: 'online',
-      transport: 'streamable-http + sse',
-      endpoints: {
-        mcp_streamable: 'POST /mcp',
-        sse_connect: 'GET /sse',
-        sse_messages: 'POST /messages',
-        health: 'GET /health',
-        agentCard: 'GET /.well-known/agentcard.json',
-        llms: 'GET /llms.txt',
-      },
-      links: {
-        github: 'https://github.com/Timwal78/SML_Portfolio/tree/main/mcp-x402',
-        homepage: 'https://scriptmasterlabs.com',
-      },
-    });
-  });
-  // Streamable HTTP transport — claude.ai web connectors
-  const streamableTransports = new Map<string, StreamableHTTPServerTransport>();
-  app.post('/mcp', async (req, res) => {
-    const sessionId = req.headers['mcp-session-id'] as string | undefined;
-    let transport = sessionId ? streamableTransports.get(sessionId) : undefined;
-    if (!transport) {
-      const newSessionId = randomUUID();
-      transport = new StreamableHTTPServerTransport({ sessionIdGenerator: () => newSessionId });
-      streamableTransports.set(newSessionId, transport);
-      transport.onclose = () => streamableTransports.delete(newSessionId);
-      const server = await createServer();
-      await server.connect(transport);
-      AuditLogger.getInstance().info('mcp_connect', { sessionId: newSessionId });
-    }
-    await transport.handleRequest(req, res, req.body);
-  });
-  // FIX: GET /mcp with no session was 404, now returns service info
-  app.get('/mcp', async (req, res) => {
-    const sessionId = req.headers['mcp-session-id'] as string | undefined;
-    const transport = sessionId ? streamableTransports.get(sessionId) : undefined;
-    if (!transport) {
-      res.json({
-        name: 'mcp-x402',
-        version: VERSION,
-        protocol: 'MCP/streamable-http',
-        status: 'ready',
-        tools: '43+ tools available',
-        how_to_connect: 'POST /mcp with a JSON-RPC initialize request',
-        sse_alternative: 'GET /sse for legacy SSE transport',
-        health: '/health',
-        homepage: 'https://scriptmasterlabs.com',
-      });
-      return;
-    }
-    await transport.handleRequest(req, res);
-  });
-  app.delete('/mcp', async (req, res) => {
-    const sessionId = req.headers['mcp-session-id'] as string | undefined;
-    const transport = sessionId ? streamableTransports.get(sessionId) : undefined;
-    if (!transport) { res.status(404).json({ error: 'session_not_found' }); return; }
-    await transport.handleRequest(req, res);
-  });
-  const transports = new Map<string, SSEServerTransport>();
-  const rateLimiter = RateLimiter.getInstance();
-  app.get('/sse', async (req, res) => {
-    const clientIp = req.ip ?? 'unknown';
-    if (!rateLimiter.checkIp(clientIp)) {
-      res.status(429).json({ error: 'rate_limit_exceeded', retry_after: 60 });
-      return;
-    }
-    const transport = new SSEServerTransport('/messages', res);
-    const sessionId = transport.sessionId;
-    transports.set(sessionId, transport);
-    const server = await createServer();
-    await server.connect(transport);
-    AuditLogger.getInstance().info('sse_connect', { sessionId, clientIp });
-    res.on('close', async () => {
-      transports.delete(sessionId);
-      AuditLogger.getInstance().info('sse_disconnect', { sessionId });
-      await server.close();
-    });
-  });
-  app.post('/messages', async (req, res) => {
-    const sessionId = req.query['sessionId'] as string | undefined;
-    if (!sessionId) { res.status(400).json({ error: 'missing_session_id' }); return; }
-    const transport = transports.get(sessionId);
-    if (!transport) { res.status(404).json({ error: 'session_not_found' }); return; }
-    await transport.handlePostMessage(req, res);
-  });
-  const httpServer = await new Promise<ReturnType<typeof app.listen>>(
-    (resolve) => {
-      const s = app.listen(port, () => resolve(s));
-    },
-  );
-  AuditLogger.getInstance().info('server_start', { transport: 'sse', port, version: VERSION });
-  console.error(`[mcp-x402] listening on :${port} — health: http://localhost:${port}/health`);
-  const shutdown = async () => {
-    AuditLogger.getInstance().info('server_stop', { transport: 'sse' });
-    for (const [id] of transports) {
-      AuditLogger.getInstance().info('sse_force_close', { sessionId: id });
-    }
-    httpServer.close(() => process.exit(0));
-    setTimeout(() => process.exit(1), 10_000).unref();
-  };
-  process.on('SIGINT', shutdown);
-  process.on('SIGTERM', shutdown);
-  process.on('uncaughtException', (err) => {
-    AuditLogger.getInstance().error('uncaught_exception', { error: String(err), stack: err.stack ?? '' });
-  });
-  process.on('unhandledRejection', (reason) => {
-    AuditLogger.getInstance().error('unhandledRejection', { reason: String(reason) });
-  });
-}
-const transport = process.env['MCP_TRANSPORT'] ?? 'stdio';
-if (transport === 'sse') {
-  runSSE().catch((err) => {
-    console.error('[mcp-x402] fatal:', err);
-    process.exit(1);
-  });
-} else {
-  runStdio().catch((err) => {
-    console.error('[mcp-x402] fatal:', err);
-    process.exit(1);
-  });
-}

package/src/server/payments/ap2.ts DELETED Viewed

@@ -1,101 +0,0 @@
-import { AuditLogger } from '../security/audit.js';
-export interface MandateParams {
-  maxAmount: string;
-  currency: string;
-  toolName: string;
-}
-interface MandateCache {
-  valid: boolean;
-  expiresAt: number;
-}
-// In-memory mandate cache — 5 minute TTL per wallet+tool combination
-const mandateCache = new Map<string, MandateCache>();
-export class AP2Client {
-  private static instance: AP2Client;
-  private readonly baseUrl: string;
-  private constructor() {
-    this.baseUrl = process.env['SML_API_BASE'] ?? 'https://api.scriptmasterlabs.com';
-  }
-  static getInstance(): AP2Client {
-    if (!AP2Client.instance) {
-      AP2Client.instance = new AP2Client();
-    }
-    return AP2Client.instance;
-  }
-  async verifyMandate(wallet: string, params: MandateParams): Promise<boolean> {
-    const cacheKey = `${wallet}:${params.toolName}:${params.currency}`;
-    const cached = mandateCache.get(cacheKey);
-    if (cached && cached.expiresAt > Date.now()) {
-      return cached.valid;
-    }
-    const audit = AuditLogger.getInstance();
-    try {
-      const controller = new AbortController();
-      const timeout = setTimeout(() => controller.abort(), 5000);
-      const res = await fetch(`${this.baseUrl}/ap2/v1/mandate/verify`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          wallet,
-          max_amount: params.maxAmount,
-          currency: params.currency,
-          tool: params.toolName,
-        }),
-        signal: controller.signal,
-      });
-      clearTimeout(timeout);
-      if (!res.ok) {
-        audit.warn('ap2_mandate_http_error', { status: res.status, wallet });
-        mandateCache.set(cacheKey, { valid: false, expiresAt: Date.now() + 60_000 });
-        return false;
-      }
-      const body = (await res.json()) as { valid: boolean; expires_in?: number };
-      const ttl = (body.expires_in ?? 300) * 1000;
-      mandateCache.set(cacheKey, { valid: body.valid, expiresAt: Date.now() + ttl });
-      return body.valid;
-    } catch (err) {
-      audit.error('ap2_mandate_error', { error: String(err), wallet });
-      // Fail open when AP2 service is unreachable — log and allow
-      audit.warn('ap2_mandate_fallback', { wallet, tool: params.toolName, note: 'AP2 unreachable, auto-approving' });
-      mandateCache.set(cacheKey, { valid: true, expiresAt: Date.now() + 60_000 });
-      return true;
-    }
-  }
-  async createMandate(
-    wallet: string,
-    params: { dailyCap: string; currency: string },
-  ): Promise<string> {
-    const res = await fetch(`${this.baseUrl}/ap2/v1/mandate/create`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        wallet,
-        daily_cap: params.dailyCap,
-        currency: params.currency,
-      }),
-    });
-    if (!res.ok) {
-      throw new Error(`AP2 mandate creation failed: HTTP ${res.status}`);
-    }
-    const body = (await res.json()) as { mandate_id: string };
-    return body.mandate_id;
-  }
-}

package/src/server/payments/receipt.ts DELETED Viewed

@@ -1,85 +0,0 @@
-import { createHash, randomUUID } from 'crypto';
-import { AuditLogger } from '../security/audit.js';
-export interface ReceiptInput {
-  txHash: string;
-  chain: string;
-  amount: string;
-  currency: string;
-  tool: string;
-  wallet: string;
-}
-export interface Receipt {
-  id: string;
-  txHash: string;
-  chain: string;
-  amount: string;
-  currency: string;
-  tool: string;
-  wallet: string;
-  issuedAt: number;
-  hash: string;
-}
-export class ReceiptStore {
-  private static instance: ReceiptStore;
-  private readonly baseUrl: string;
-  private constructor() {
-    this.baseUrl = process.env['SML_API_BASE'] ?? 'https://api.scriptmasterlabs.com';
-  }
-  static getInstance(): ReceiptStore {
-    if (!ReceiptStore.instance) {
-      ReceiptStore.instance = new ReceiptStore();
-    }
-    return ReceiptStore.instance;
-  }
-  async create(input: ReceiptInput): Promise<Receipt> {
-    const id = randomUUID();
-    const issuedAt = Date.now();
-    // Content hash for tamper detection
-    const hash = createHash('sha256')
-      .update(`${id}:${input.txHash}:${input.chain}:${input.amount}:${input.currency}:${input.tool}:${input.wallet}:${issuedAt}`)
-      .digest('hex');
-    const receipt: Receipt = { id, ...input, issuedAt, hash };
-    // Attempt to register with 402Proof server (N7)
-    try {
-      await this.registerWithProofServer(receipt);
-    } catch (err) {
-      // Log but don't fail — local receipt is still valid
-      AuditLogger.getInstance().warn('proof_server_register_fail', { error: String(err), receiptId: id });
-    }
-    AuditLogger.getInstance().info('receipt_issued', { receiptId: id, tool: input.tool });
-    return receipt;
-  }
-  private async registerWithProofServer(receipt: Receipt): Promise<void> {
-    const proofUrl = process.env['PROOF402_URL'] ?? 'https://four02proof.onrender.com';
-    const res = await fetch(`${proofUrl}/v1/receipt`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        receipt_id: receipt.id,
-        tx_hash: receipt.txHash,
-        chain: receipt.chain,
-        amount: receipt.amount,
-        currency: receipt.currency,
-        tool: receipt.tool,
-        wallet: receipt.wallet,
-        issued_at: receipt.issuedAt,
-        hash: receipt.hash,
-      }),
-    });
-    if (!res.ok) {
-      throw new Error(`402Proof server returned HTTP ${res.status}`);
-    }
-  }
-}