@scriptmasterlabs/mcp-x402 2.1.0 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.well-known/agentcard.json +34 -34
- package/.well-known/ai.txt +32 -32
- package/CONTRIBUTING.md +76 -76
- package/LICENSE +21 -21
- package/README.md +304 -304
- package/agents.json +81 -81
- package/ai/faq.json +74 -74
- package/ai/summary.json +157 -157
- package/dist/server/apm/capabilities.d.ts +31 -0
- package/dist/server/apm/capabilities.d.ts.map +1 -0
- package/dist/server/apm/capabilities.js +157 -0
- package/dist/server/apm/capabilities.js.map +1 -0
- package/dist/server/apm/execute.d.ts +18 -0
- package/dist/server/apm/execute.d.ts.map +1 -0
- package/dist/server/apm/execute.js +37 -0
- package/dist/server/apm/execute.js.map +1 -0
- package/dist/server/apm/matcher.d.ts +17 -0
- package/dist/server/apm/matcher.d.ts.map +1 -0
- package/dist/server/apm/matcher.js +71 -0
- package/dist/server/apm/matcher.js.map +1 -0
- package/dist/server/apm/quote.d.ts +53 -0
- package/dist/server/apm/quote.d.ts.map +1 -0
- package/dist/server/apm/quote.js +82 -0
- package/dist/server/apm/quote.js.map +1 -0
- package/dist/server/apm/schema.d.ts +109 -0
- package/dist/server/apm/schema.d.ts.map +1 -0
- package/dist/server/apm/schema.js +31 -0
- package/dist/server/apm/schema.js.map +1 -0
- package/dist/server/payments/agent-payment.d.ts +71 -0
- package/dist/server/payments/agent-payment.d.ts.map +1 -0
- package/dist/server/payments/agent-payment.js +112 -0
- package/dist/server/payments/agent-payment.js.map +1 -0
- package/dist/server/payments/x402.d.ts +26 -0
- package/dist/server/payments/x402.d.ts.map +1 -1
- package/dist/server/payments/x402.js +112 -3
- package/dist/server/payments/x402.js.map +1 -1
- package/dist/server/registry/backends.d.ts +29 -0
- package/dist/server/registry/backends.d.ts.map +1 -0
- package/dist/server/registry/backends.js +61 -0
- package/dist/server/registry/backends.js.map +1 -0
- package/dist/server/registry/pricing.d.ts.map +1 -1
- package/dist/server/registry/pricing.js +25 -24
- package/dist/server/registry/pricing.js.map +1 -1
- package/dist/server/tools/apm-execute.d.ts +3 -0
- package/dist/server/tools/apm-execute.d.ts.map +1 -0
- package/dist/server/tools/apm-execute.js +94 -0
- package/dist/server/tools/apm-execute.js.map +1 -0
- package/dist/server/tools/apm.d.ts +3 -0
- package/dist/server/tools/apm.d.ts.map +1 -0
- package/dist/server/tools/apm.js +135 -0
- package/dist/server/tools/apm.js.map +1 -0
- package/dist/server/tools/discovery.d.ts.map +1 -1
- package/dist/server/tools/discovery.js +20 -27
- package/dist/server/tools/discovery.js.map +1 -1
- package/dist/server/tools/index.d.ts.map +1 -1
- package/dist/server/tools/index.js +4 -0
- package/dist/server/tools/index.js.map +1 -1
- package/dist/server/tools/squeezeos.d.ts.map +1 -1
- package/dist/server/tools/squeezeos.js +25 -7
- package/dist/server/tools/squeezeos.js.map +1 -1
- package/eslint.config.mjs +28 -0
- package/llms.txt +170 -170
- package/package.json +78 -78
- package/server.json +24 -52
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* APM matcher — deterministic, pure functions that turn an agent's stated need
|
|
4
|
+
* into a ranked list of SML capabilities with per-constraint fit. No randomness,
|
|
5
|
+
* no network: live-status is injected by the caller.
|
|
6
|
+
*/
|
|
7
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
8
|
+
exports.tokenize = tokenize;
|
|
9
|
+
exports.scoreCapability = scoreCapability;
|
|
10
|
+
exports.evaluateFit = evaluateFit;
|
|
11
|
+
exports.matchManifest = matchManifest;
|
|
12
|
+
function tokenize(text) {
|
|
13
|
+
return text.toLowerCase().match(/[a-z0-9]+/g) ?? [];
|
|
14
|
+
}
|
|
15
|
+
/** Keyword overlap score between a need and a capability. Tag hits weigh double. */
|
|
16
|
+
function scoreCapability(cap, needTokens) {
|
|
17
|
+
const haystack = new Set([
|
|
18
|
+
...cap.tags,
|
|
19
|
+
...tokenize(cap.tool),
|
|
20
|
+
...tokenize(cap.summary),
|
|
21
|
+
...tokenize(cap.product),
|
|
22
|
+
]);
|
|
23
|
+
const tagSet = new Set(cap.tags);
|
|
24
|
+
let score = 0;
|
|
25
|
+
for (const token of needTokens) {
|
|
26
|
+
if (haystack.has(token))
|
|
27
|
+
score += 1;
|
|
28
|
+
if (tagSet.has(token))
|
|
29
|
+
score += 1; // tags are the strongest signal
|
|
30
|
+
}
|
|
31
|
+
return score;
|
|
32
|
+
}
|
|
33
|
+
function evaluateFit(cap, c) {
|
|
34
|
+
const price = c.max_price_usd === undefined || Number(cap.basePrice) <= c.max_price_usd;
|
|
35
|
+
const chain = !cap.paid ||
|
|
36
|
+
c.chains_accepted === undefined ||
|
|
37
|
+
c.chains_accepted.length === 0 ||
|
|
38
|
+
cap.paymentChains.some((ch) => c.chains_accepted.includes(ch));
|
|
39
|
+
const freshness = c.max_freshness_sec === undefined || cap.freshnessSec <= c.max_freshness_sec;
|
|
40
|
+
const attribution = c.needs_attribution !== true || cap.attribution === true;
|
|
41
|
+
return { price, chain, freshness, attribution };
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Rank capabilities against a need. Returns only positive-score matches,
|
|
45
|
+
* sorted by score desc, then price asc. `live` is the set of online product keys.
|
|
46
|
+
*/
|
|
47
|
+
function matchManifest(need, constraints, capabilities, live) {
|
|
48
|
+
const tokens = tokenize(need);
|
|
49
|
+
return capabilities
|
|
50
|
+
.map((cap) => {
|
|
51
|
+
const score = scoreCapability(cap, tokens);
|
|
52
|
+
const fits = evaluateFit(cap, constraints);
|
|
53
|
+
return {
|
|
54
|
+
tool: cap.tool,
|
|
55
|
+
product: cap.product,
|
|
56
|
+
summary: cap.summary,
|
|
57
|
+
paid: cap.paid,
|
|
58
|
+
price_usd: cap.basePrice,
|
|
59
|
+
payment_chains: cap.paymentChains,
|
|
60
|
+
freshness_sec: cap.freshnessSec,
|
|
61
|
+
attribution: cap.attribution,
|
|
62
|
+
live: live.has(cap.product),
|
|
63
|
+
score,
|
|
64
|
+
fits,
|
|
65
|
+
meets_all_constraints: fits.price && fits.chain && fits.freshness && fits.attribution,
|
|
66
|
+
};
|
|
67
|
+
})
|
|
68
|
+
.filter((m) => m.score > 0)
|
|
69
|
+
.sort((a, b) => b.score - a.score || Number(a.price_usd) - Number(b.price_usd));
|
|
70
|
+
}
|
|
71
|
+
//# sourceMappingURL=matcher.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"matcher.js","sourceRoot":"","sources":["../../../src/server/apm/matcher.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAKH,4BAEC;AAGD,0CAcC;AAED,kCAgBC;AAMD,sCA8BC;AAzED,SAAgB,QAAQ,CAAC,IAAY;IACnC,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;AACtD,CAAC;AAED,oFAAoF;AACpF,SAAgB,eAAe,CAAC,GAAe,EAAE,UAAoB;IACnE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAS;QAC/B,GAAG,GAAG,CAAC,IAAI;QACX,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;QACrB,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC;QACxB,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC;KACzB,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;QAC/B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,KAAK,IAAI,CAAC,CAAC;QACpC,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,KAAK,IAAI,CAAC,CAAC,CAAC,gCAAgC;IACrE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAgB,WAAW,CAAC,GAAe,EAAE,CAAc;IACzD,MAAM,KAAK,GACT,CAAC,CAAC,aAAa,KAAK,SAAS,IAAI,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,aAAa,CAAC;IAE5E,MAAM,KAAK,GACT,CAAC,GAAG,CAAC,IAAI;QACT,CAAC,CAAC,eAAe,KAAK,SAAS;QAC/B,CAAC,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC;QAC9B,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,eAAgB,CAAC,QAAQ,CAAC,EAAgC,CAAC,CAAC,CAAC;IAEhG,MAAM,SAAS,GACb,CAAC,CAAC,iBAAiB,KAAK,SAAS,IAAI,GAAG,CAAC,YAAY,IAAI,CAAC,CAAC,iBAAiB,CAAC;IAE/E,MAAM,WAAW,GAAG,CAAC,CAAC,iBAAiB,KAAK,IAAI,IAAI,GAAG,CAAC,WAAW,KAAK,IAAI,CAAC;IAE7E,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC;AAClD,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAC3B,IAAY,EACZ,WAAwB,EACxB,YAA0B,EAC1B,IAAiB;IAEjB,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAE9B,OAAO,YAAY;SAChB,GAAG,CAAC,CAAC,GAAG,EAAe,EAAE;QACxB,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3C,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAC3C,OAAO;YACL,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,cAAc,EAAE,GAAG,CAAC,aAAa;YACjC,aAAa,EAAE,GAAG,CAAC,YAAY;YAC/B,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC;YAC3B,KAAK;YACL,IAAI;YACJ,qBAAqB,EACnB,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,WAAW;SACjE,CAAC;IACJ,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;SAC1B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;AACpF,CAAC"}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* APM price-locked quote — a real, verifiable HMAC-signed quote.
|
|
3
|
+
*
|
|
4
|
+
* The quote binds {tool, price, chains, brokerage, expiry} so an agent can rely on
|
|
5
|
+
* the price for `ttl_sec`. Signed with HMAC-SHA256 over a canonical payload using
|
|
6
|
+
* APM_QUOTE_SECRET. If the secret is unset, the quote is still issued but marked
|
|
7
|
+
* `signed: false` (honest signalling — never a fake signature).
|
|
8
|
+
*/
|
|
9
|
+
export interface QuoteTerms {
|
|
10
|
+
tool: string;
|
|
11
|
+
price_usd: string;
|
|
12
|
+
payment_chains: string[];
|
|
13
|
+
brokerage_commission_pct: number;
|
|
14
|
+
ttl_sec: number;
|
|
15
|
+
agent_id?: string;
|
|
16
|
+
}
|
|
17
|
+
export interface SignedQuote {
|
|
18
|
+
quote_id: string;
|
|
19
|
+
tool: string;
|
|
20
|
+
price_usd: string;
|
|
21
|
+
currency: 'USDC';
|
|
22
|
+
payment_chains: string[];
|
|
23
|
+
brokerage_commission_pct: number;
|
|
24
|
+
agent_id: string | null;
|
|
25
|
+
issued_at: string;
|
|
26
|
+
expires_at: string;
|
|
27
|
+
algo: 'HMAC-SHA256';
|
|
28
|
+
signature: string;
|
|
29
|
+
signed: boolean;
|
|
30
|
+
canonical: string;
|
|
31
|
+
}
|
|
32
|
+
export declare function createQuote(terms: QuoteTerms): SignedQuote;
|
|
33
|
+
/** Verify a quote's signature against APM_QUOTE_SECRET. Returns false if unsigned/unset. */
|
|
34
|
+
export declare function verifyQuote(canonical: string, signature: string): boolean;
|
|
35
|
+
export interface ParsedQuote {
|
|
36
|
+
tool: string;
|
|
37
|
+
price_usd: string;
|
|
38
|
+
currency: string;
|
|
39
|
+
payment_chains: string[];
|
|
40
|
+
brokerage_commission_pct: number;
|
|
41
|
+
agent_id: string | null;
|
|
42
|
+
issued_at: string;
|
|
43
|
+
expires_at: string;
|
|
44
|
+
}
|
|
45
|
+
export interface QuoteCheck {
|
|
46
|
+
valid: boolean;
|
|
47
|
+
expired: boolean;
|
|
48
|
+
reason?: string;
|
|
49
|
+
quote?: ParsedQuote;
|
|
50
|
+
}
|
|
51
|
+
/** Verify a quote's signature AND parse it, reporting expiry. Used by apm_execute. */
|
|
52
|
+
export declare function verifyAndParseQuote(canonical: string, signature: string): QuoteCheck;
|
|
53
|
+
//# sourceMappingURL=quote.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"quote.d.ts","sourceRoot":"","sources":["../../../src/server/apm/quote.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,wBAAwB,EAAE,MAAM,CAAC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,wBAAwB,EAAE,MAAM,CAAC;IACjC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,aAAa,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAOD,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,WAAW,CAuC1D;AAED,4FAA4F;AAC5F,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAQzE;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,wBAAwB,EAAE,MAAM,CAAC;IACjC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED,sFAAsF;AACtF,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,UAAU,CAYpF"}
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* APM price-locked quote — a real, verifiable HMAC-signed quote.
|
|
4
|
+
*
|
|
5
|
+
* The quote binds {tool, price, chains, brokerage, expiry} so an agent can rely on
|
|
6
|
+
* the price for `ttl_sec`. Signed with HMAC-SHA256 over a canonical payload using
|
|
7
|
+
* APM_QUOTE_SECRET. If the secret is unset, the quote is still issued but marked
|
|
8
|
+
* `signed: false` (honest signalling — never a fake signature).
|
|
9
|
+
*/
|
|
10
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
+
exports.createQuote = createQuote;
|
|
12
|
+
exports.verifyQuote = verifyQuote;
|
|
13
|
+
exports.verifyAndParseQuote = verifyAndParseQuote;
|
|
14
|
+
const node_crypto_1 = require("node:crypto");
|
|
15
|
+
function canonicalize(payload) {
|
|
16
|
+
// Deterministic: sorted top-level keys (array form selects + orders keys).
|
|
17
|
+
return JSON.stringify(payload, Object.keys(payload).sort());
|
|
18
|
+
}
|
|
19
|
+
function createQuote(terms) {
|
|
20
|
+
const issuedMs = Date.now();
|
|
21
|
+
const expiresMs = issuedMs + terms.ttl_sec * 1000;
|
|
22
|
+
const payload = {
|
|
23
|
+
tool: terms.tool,
|
|
24
|
+
price_usd: terms.price_usd,
|
|
25
|
+
currency: 'USDC',
|
|
26
|
+
payment_chains: [...terms.payment_chains].sort(),
|
|
27
|
+
brokerage_commission_pct: terms.brokerage_commission_pct,
|
|
28
|
+
agent_id: terms.agent_id ?? null,
|
|
29
|
+
issued_at: new Date(issuedMs).toISOString(),
|
|
30
|
+
expires_at: new Date(expiresMs).toISOString(),
|
|
31
|
+
};
|
|
32
|
+
const canonical = canonicalize(payload);
|
|
33
|
+
const quoteId = (0, node_crypto_1.createHash)('sha256').update(canonical).digest('hex').slice(0, 24);
|
|
34
|
+
const secret = process.env['APM_QUOTE_SECRET'] ?? '';
|
|
35
|
+
const signed = secret.length > 0;
|
|
36
|
+
const signature = signed
|
|
37
|
+
? (0, node_crypto_1.createHmac)('sha256', secret).update(canonical).digest('hex')
|
|
38
|
+
: '';
|
|
39
|
+
return {
|
|
40
|
+
quote_id: quoteId,
|
|
41
|
+
tool: payload.tool,
|
|
42
|
+
price_usd: payload.price_usd,
|
|
43
|
+
currency: payload.currency,
|
|
44
|
+
payment_chains: payload.payment_chains,
|
|
45
|
+
brokerage_commission_pct: payload.brokerage_commission_pct,
|
|
46
|
+
agent_id: payload.agent_id,
|
|
47
|
+
issued_at: payload.issued_at,
|
|
48
|
+
expires_at: payload.expires_at,
|
|
49
|
+
algo: 'HMAC-SHA256',
|
|
50
|
+
signature,
|
|
51
|
+
signed,
|
|
52
|
+
canonical,
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
/** Verify a quote's signature against APM_QUOTE_SECRET. Returns false if unsigned/unset. */
|
|
56
|
+
function verifyQuote(canonical, signature) {
|
|
57
|
+
const secret = process.env['APM_QUOTE_SECRET'] ?? '';
|
|
58
|
+
if (!secret || !signature)
|
|
59
|
+
return false;
|
|
60
|
+
const expected = (0, node_crypto_1.createHmac)('sha256', secret).update(canonical).digest('hex');
|
|
61
|
+
const a = Buffer.from(expected, 'hex');
|
|
62
|
+
const b = Buffer.from(signature, 'hex');
|
|
63
|
+
if (a.length !== b.length)
|
|
64
|
+
return false;
|
|
65
|
+
return (0, node_crypto_1.timingSafeEqual)(a, b);
|
|
66
|
+
}
|
|
67
|
+
/** Verify a quote's signature AND parse it, reporting expiry. Used by apm_execute. */
|
|
68
|
+
function verifyAndParseQuote(canonical, signature) {
|
|
69
|
+
if (!verifyQuote(canonical, signature)) {
|
|
70
|
+
return { valid: false, expired: false, reason: 'signature_invalid_or_unsigned' };
|
|
71
|
+
}
|
|
72
|
+
let parsed;
|
|
73
|
+
try {
|
|
74
|
+
parsed = JSON.parse(canonical);
|
|
75
|
+
}
|
|
76
|
+
catch {
|
|
77
|
+
return { valid: false, expired: false, reason: 'canonical_unparseable' };
|
|
78
|
+
}
|
|
79
|
+
const expired = Date.now() > new Date(parsed.expires_at).getTime();
|
|
80
|
+
return { valid: true, expired, quote: parsed };
|
|
81
|
+
}
|
|
82
|
+
//# sourceMappingURL=quote.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"quote.js","sourceRoot":"","sources":["../../../src/server/apm/quote.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAkCH,kCAuCC;AAGD,kCAQC;AAqBD,kDAYC;AAnHD,6CAAsE;AA2BtE,SAAS,YAAY,CAAC,OAAgC;IACpD,2EAA2E;IAC3E,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,SAAgB,WAAW,CAAC,KAAiB;IAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAG,QAAQ,GAAG,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;IAElD,MAAM,OAAO,GAAG;QACd,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,MAAe;QACzB,cAAc,EAAE,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC,IAAI,EAAE;QAChD,wBAAwB,EAAE,KAAK,CAAC,wBAAwB;QACxD,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,IAAI;QAChC,SAAS,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE;QAC3C,UAAU,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;KAC9C,CAAC;IAEF,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAElF,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,MAAM;QACtB,CAAC,CAAC,IAAA,wBAAU,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QAC9D,CAAC,CAAC,EAAE,CAAC;IAEP,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;QAC1D,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,IAAI,EAAE,aAAa;QACnB,SAAS;QACT,MAAM;QACN,SAAS;KACV,CAAC;AACJ,CAAC;AAED,4FAA4F;AAC5F,SAAgB,WAAW,CAAC,SAAiB,EAAE,SAAiB;IAC9D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;IACrD,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IACxC,MAAM,QAAQ,GAAG,IAAA,wBAAU,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9E,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IACvC,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACxC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,IAAA,6BAAe,EAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC/B,CAAC;AAoBD,sFAAsF;AACtF,SAAgB,mBAAmB,CAAC,SAAiB,EAAE,SAAiB;IACtE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,CAAC;QACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;IACnF,CAAC;IACD,IAAI,MAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAgB,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IAC3E,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;IACnE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AACjD,CAAC"}
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Agent Preference Manifest (APM) — the "ask, don't tell" schema.
|
|
3
|
+
*
|
|
4
|
+
* An agent declares what it NEEDS; SML answers with matching live tools.
|
|
5
|
+
* These types double as the published APM standard.
|
|
6
|
+
*/
|
|
7
|
+
import { z } from 'zod';
|
|
8
|
+
export declare const ChainEnum: z.ZodEnum<["base", "xrpl", "solana"]>;
|
|
9
|
+
export declare const ConstraintsSchema: z.ZodObject<{
|
|
10
|
+
/** Max USD the agent will pay per downstream tool call. */
|
|
11
|
+
max_price_usd: z.ZodOptional<z.ZodNumber>;
|
|
12
|
+
/** Payment chains the agent accepts. Empty/omitted = any. */
|
|
13
|
+
chains_accepted: z.ZodOptional<z.ZodArray<z.ZodEnum<["base", "xrpl", "solana"]>, "many">>;
|
|
14
|
+
/** Max acceptable data staleness, in seconds. */
|
|
15
|
+
max_freshness_sec: z.ZodOptional<z.ZodNumber>;
|
|
16
|
+
/** Require tools that cite authoritative sources. */
|
|
17
|
+
needs_attribution: z.ZodOptional<z.ZodBoolean>;
|
|
18
|
+
/** Agent's expected credit-score floor (informational; payment layer enforces >=300). */
|
|
19
|
+
min_credit_score: z.ZodOptional<z.ZodNumber>;
|
|
20
|
+
}, "strip", z.ZodTypeAny, {
|
|
21
|
+
max_price_usd?: number | undefined;
|
|
22
|
+
chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
|
|
23
|
+
max_freshness_sec?: number | undefined;
|
|
24
|
+
needs_attribution?: boolean | undefined;
|
|
25
|
+
min_credit_score?: number | undefined;
|
|
26
|
+
}, {
|
|
27
|
+
max_price_usd?: number | undefined;
|
|
28
|
+
chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
|
|
29
|
+
max_freshness_sec?: number | undefined;
|
|
30
|
+
needs_attribution?: boolean | undefined;
|
|
31
|
+
min_credit_score?: number | undefined;
|
|
32
|
+
}>;
|
|
33
|
+
export declare const ManifestSchema: z.ZodObject<{
|
|
34
|
+
need: z.ZodString;
|
|
35
|
+
mode: z.ZodDefault<z.ZodEnum<["preview", "contract"]>>;
|
|
36
|
+
wallet_address: z.ZodOptional<z.ZodString>;
|
|
37
|
+
agent_id: z.ZodOptional<z.ZodString>;
|
|
38
|
+
constraints: z.ZodOptional<z.ZodObject<{
|
|
39
|
+
/** Max USD the agent will pay per downstream tool call. */
|
|
40
|
+
max_price_usd: z.ZodOptional<z.ZodNumber>;
|
|
41
|
+
/** Payment chains the agent accepts. Empty/omitted = any. */
|
|
42
|
+
chains_accepted: z.ZodOptional<z.ZodArray<z.ZodEnum<["base", "xrpl", "solana"]>, "many">>;
|
|
43
|
+
/** Max acceptable data staleness, in seconds. */
|
|
44
|
+
max_freshness_sec: z.ZodOptional<z.ZodNumber>;
|
|
45
|
+
/** Require tools that cite authoritative sources. */
|
|
46
|
+
needs_attribution: z.ZodOptional<z.ZodBoolean>;
|
|
47
|
+
/** Agent's expected credit-score floor (informational; payment layer enforces >=300). */
|
|
48
|
+
min_credit_score: z.ZodOptional<z.ZodNumber>;
|
|
49
|
+
}, "strip", z.ZodTypeAny, {
|
|
50
|
+
max_price_usd?: number | undefined;
|
|
51
|
+
chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
|
|
52
|
+
max_freshness_sec?: number | undefined;
|
|
53
|
+
needs_attribution?: boolean | undefined;
|
|
54
|
+
min_credit_score?: number | undefined;
|
|
55
|
+
}, {
|
|
56
|
+
max_price_usd?: number | undefined;
|
|
57
|
+
chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
|
|
58
|
+
max_freshness_sec?: number | undefined;
|
|
59
|
+
needs_attribution?: boolean | undefined;
|
|
60
|
+
min_credit_score?: number | undefined;
|
|
61
|
+
}>>;
|
|
62
|
+
}, "strip", z.ZodTypeAny, {
|
|
63
|
+
mode: "preview" | "contract";
|
|
64
|
+
need: string;
|
|
65
|
+
wallet_address?: string | undefined;
|
|
66
|
+
agent_id?: string | undefined;
|
|
67
|
+
constraints?: {
|
|
68
|
+
max_price_usd?: number | undefined;
|
|
69
|
+
chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
|
|
70
|
+
max_freshness_sec?: number | undefined;
|
|
71
|
+
needs_attribution?: boolean | undefined;
|
|
72
|
+
min_credit_score?: number | undefined;
|
|
73
|
+
} | undefined;
|
|
74
|
+
}, {
|
|
75
|
+
need: string;
|
|
76
|
+
mode?: "preview" | "contract" | undefined;
|
|
77
|
+
wallet_address?: string | undefined;
|
|
78
|
+
agent_id?: string | undefined;
|
|
79
|
+
constraints?: {
|
|
80
|
+
max_price_usd?: number | undefined;
|
|
81
|
+
chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
|
|
82
|
+
max_freshness_sec?: number | undefined;
|
|
83
|
+
needs_attribution?: boolean | undefined;
|
|
84
|
+
min_credit_score?: number | undefined;
|
|
85
|
+
} | undefined;
|
|
86
|
+
}>;
|
|
87
|
+
export type Manifest = z.infer<typeof ManifestSchema>;
|
|
88
|
+
export type Constraints = z.infer<typeof ConstraintsSchema>;
|
|
89
|
+
export interface ConstraintFit {
|
|
90
|
+
price: boolean;
|
|
91
|
+
chain: boolean;
|
|
92
|
+
freshness: boolean;
|
|
93
|
+
attribution: boolean;
|
|
94
|
+
}
|
|
95
|
+
export interface ScoredMatch {
|
|
96
|
+
tool: string;
|
|
97
|
+
product: string;
|
|
98
|
+
summary: string;
|
|
99
|
+
paid: boolean;
|
|
100
|
+
price_usd: string;
|
|
101
|
+
payment_chains: string[];
|
|
102
|
+
freshness_sec: number;
|
|
103
|
+
attribution: boolean;
|
|
104
|
+
live: boolean;
|
|
105
|
+
score: number;
|
|
106
|
+
fits: ConstraintFit;
|
|
107
|
+
meets_all_constraints: boolean;
|
|
108
|
+
}
|
|
109
|
+
//# sourceMappingURL=schema.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../src/server/apm/schema.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,SAAS,uCAAqC,CAAC;AAE5D,eAAO,MAAM,iBAAiB;IAC5B,2DAA2D;;IAE3D,6DAA6D;;IAE7D,iDAAiD;;IAEjD,qDAAqD;;IAErD,yFAAyF;;;;;;;;;;;;;;EAEzF,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;;QAZzB,2DAA2D;;QAE3D,6DAA6D;;QAE7D,iDAAiD;;QAEjD,qDAAqD;;QAErD,yFAAyF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAUzF,CAAC;AAEH,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AACtD,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,aAAa,CAAC;IACpB,qBAAqB,EAAE,OAAO,CAAC;CAChC"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Agent Preference Manifest (APM) — the "ask, don't tell" schema.
|
|
4
|
+
*
|
|
5
|
+
* An agent declares what it NEEDS; SML answers with matching live tools.
|
|
6
|
+
* These types double as the published APM standard.
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.ManifestSchema = exports.ConstraintsSchema = exports.ChainEnum = void 0;
|
|
10
|
+
const zod_1 = require("zod");
|
|
11
|
+
exports.ChainEnum = zod_1.z.enum(['base', 'xrpl', 'solana']);
|
|
12
|
+
exports.ConstraintsSchema = zod_1.z.object({
|
|
13
|
+
/** Max USD the agent will pay per downstream tool call. */
|
|
14
|
+
max_price_usd: zod_1.z.number().nonnegative().optional(),
|
|
15
|
+
/** Payment chains the agent accepts. Empty/omitted = any. */
|
|
16
|
+
chains_accepted: zod_1.z.array(exports.ChainEnum).optional(),
|
|
17
|
+
/** Max acceptable data staleness, in seconds. */
|
|
18
|
+
max_freshness_sec: zod_1.z.number().int().nonnegative().optional(),
|
|
19
|
+
/** Require tools that cite authoritative sources. */
|
|
20
|
+
needs_attribution: zod_1.z.boolean().optional(),
|
|
21
|
+
/** Agent's expected credit-score floor (informational; payment layer enforces >=300). */
|
|
22
|
+
min_credit_score: zod_1.z.number().int().optional(),
|
|
23
|
+
});
|
|
24
|
+
exports.ManifestSchema = zod_1.z.object({
|
|
25
|
+
need: zod_1.z.string().min(2).max(500),
|
|
26
|
+
mode: zod_1.z.enum(['preview', 'contract']).default('preview'),
|
|
27
|
+
wallet_address: zod_1.z.string().optional(),
|
|
28
|
+
agent_id: zod_1.z.string().optional(),
|
|
29
|
+
constraints: exports.ConstraintsSchema.optional(),
|
|
30
|
+
});
|
|
31
|
+
//# sourceMappingURL=schema.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../src/server/apm/schema.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,6BAAwB;AAEX,QAAA,SAAS,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;AAE/C,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,2DAA2D;IAC3D,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAClD,6DAA6D;IAC7D,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,iBAAS,CAAC,CAAC,QAAQ,EAAE;IAC9C,iDAAiD;IACjD,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAC5D,qDAAqD;IACrD,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACzC,yFAAyF;IACzF,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CAC9C,CAAC,CAAC;AAEU,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAChC,IAAI,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IACxD,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,WAAW,EAAE,yBAAiB,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAC"}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Agent-payment enforcement gate — the REAL x402 model.
|
|
3
|
+
*
|
|
4
|
+
* Today the gateway "pays itself" (gateway wallet -> SML receiver) and serves paid
|
|
5
|
+
* tools regardless, so they're effectively free. This gate flips that to the correct
|
|
6
|
+
* flow: tool call -> 402 challenge (invoice) -> agent pays from ITS wallet -> agent
|
|
7
|
+
* re-calls with tx_hash -> we VERIFY via 402Proof -> serve.
|
|
8
|
+
*
|
|
9
|
+
* Safety: OFF by default (ENFORCE_AGENT_PAYMENT). When off, nothing here runs and
|
|
10
|
+
* existing behavior is unchanged. When on, each paid tool needs its 402Proof endpoint
|
|
11
|
+
* UUID (PROOF402_ENDPOINT_<TOOL>); without it the gate fails CLOSED (never serves free).
|
|
12
|
+
*
|
|
13
|
+
* NOTE: isVerified() interprets the 402Proof /v1/verify response defensively. Confirm
|
|
14
|
+
* the exact success contract against the live 402Proof service before going live.
|
|
15
|
+
*/
|
|
16
|
+
export declare function isAgentPaymentEnforced(): boolean;
|
|
17
|
+
/** Resolve a tool's 402Proof endpoint UUID. Real values come from env. */
|
|
18
|
+
export declare function resolveEndpointId(toolName: string): string | undefined;
|
|
19
|
+
/** Defensive success check for the 402Proof /v1/verify response. */
|
|
20
|
+
export declare function isVerified(resp: unknown): boolean;
|
|
21
|
+
export interface PaymentProof {
|
|
22
|
+
txHash: string;
|
|
23
|
+
}
|
|
24
|
+
export type GateResult = {
|
|
25
|
+
status: 'paid';
|
|
26
|
+
txHash: string;
|
|
27
|
+
detail: unknown;
|
|
28
|
+
} | {
|
|
29
|
+
status: 'payment_required';
|
|
30
|
+
endpointId: string;
|
|
31
|
+
payTo: string;
|
|
32
|
+
amount: string;
|
|
33
|
+
invoice?: unknown;
|
|
34
|
+
instructions: string;
|
|
35
|
+
} | {
|
|
36
|
+
status: 'payment_invalid';
|
|
37
|
+
endpointId: string;
|
|
38
|
+
detail: unknown;
|
|
39
|
+
} | {
|
|
40
|
+
status: 'unconfigured';
|
|
41
|
+
toolName: string;
|
|
42
|
+
};
|
|
43
|
+
/**
|
|
44
|
+
* Enforce agent payment for a tool call. Returns a discriminated result; the caller
|
|
45
|
+
* (executeX402Payment) translates it into a served response, a 402 challenge, or a
|
|
46
|
+
* rejection. Never serves on anything but {status:'paid'}.
|
|
47
|
+
*/
|
|
48
|
+
export declare function enforceAgentPayment(params: {
|
|
49
|
+
toolName: string;
|
|
50
|
+
price: string;
|
|
51
|
+
paymentProof?: PaymentProof;
|
|
52
|
+
}): Promise<GateResult>;
|
|
53
|
+
/** Thrown by executeX402Payment when the agent must pay before the tool runs. */
|
|
54
|
+
export declare class PaymentRequiredError extends Error {
|
|
55
|
+
readonly gate: Extract<GateResult, {
|
|
56
|
+
status: 'payment_required';
|
|
57
|
+
}>;
|
|
58
|
+
constructor(gate: Extract<GateResult, {
|
|
59
|
+
status: 'payment_required';
|
|
60
|
+
}>);
|
|
61
|
+
}
|
|
62
|
+
/** Thrown when the agent's payment proof fails 402Proof verification. */
|
|
63
|
+
export declare class PaymentUnverifiedError extends Error {
|
|
64
|
+
readonly gate: Extract<GateResult, {
|
|
65
|
+
status: 'payment_invalid';
|
|
66
|
+
}>;
|
|
67
|
+
constructor(gate: Extract<GateResult, {
|
|
68
|
+
status: 'payment_invalid';
|
|
69
|
+
}>);
|
|
70
|
+
}
|
|
71
|
+
//# sourceMappingURL=agent-payment.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"agent-payment.d.ts","sourceRoot":"","sources":["../../../src/server/payments/agent-payment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAKH,wBAAgB,sBAAsB,IAAI,OAAO,CAEhD;AAED,0EAA0E;AAC1E,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAItE;AAOD,oEAAoE;AACpE,wBAAgB,UAAU,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAOjD;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,UAAU,GAClB;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAE,GACnD;IAAE,MAAM,EAAE,kBAAkB,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,GAC1H;IAAE,MAAM,EAAE,iBAAiB,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAE,GAClE;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjD;;;;GAIG;AACH,wBAAsB,mBAAmB,CAAC,MAAM,EAAE;IAChD,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B,GAAG,OAAO,CAAC,UAAU,CAAC,CAmCtB;AAED,iFAAiF;AACjF,qBAAa,oBAAqB,SAAQ,KAAK;aACjB,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE;QAAE,MAAM,EAAE,kBAAkB,CAAA;KAAE,CAAC;gBAAzD,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE;QAAE,MAAM,EAAE,kBAAkB,CAAA;KAAE,CAAC;CAItF;AAED,yEAAyE;AACzE,qBAAa,sBAAuB,SAAQ,KAAK;aACnB,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE;QAAE,MAAM,EAAE,iBAAiB,CAAA;KAAE,CAAC;gBAAxD,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE;QAAE,MAAM,EAAE,iBAAiB,CAAA;KAAE,CAAC;CAIrF"}
|
|
@@ -0,0 +1,112 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Agent-payment enforcement gate — the REAL x402 model.
|
|
4
|
+
*
|
|
5
|
+
* Today the gateway "pays itself" (gateway wallet -> SML receiver) and serves paid
|
|
6
|
+
* tools regardless, so they're effectively free. This gate flips that to the correct
|
|
7
|
+
* flow: tool call -> 402 challenge (invoice) -> agent pays from ITS wallet -> agent
|
|
8
|
+
* re-calls with tx_hash -> we VERIFY via 402Proof -> serve.
|
|
9
|
+
*
|
|
10
|
+
* Safety: OFF by default (ENFORCE_AGENT_PAYMENT). When off, nothing here runs and
|
|
11
|
+
* existing behavior is unchanged. When on, each paid tool needs its 402Proof endpoint
|
|
12
|
+
* UUID (PROOF402_ENDPOINT_<TOOL>); without it the gate fails CLOSED (never serves free).
|
|
13
|
+
*
|
|
14
|
+
* NOTE: isVerified() interprets the 402Proof /v1/verify response defensively. Confirm
|
|
15
|
+
* the exact success contract against the live 402Proof service before going live.
|
|
16
|
+
*/
|
|
17
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
|
+
exports.PaymentUnverifiedError = exports.PaymentRequiredError = void 0;
|
|
19
|
+
exports.isAgentPaymentEnforced = isAgentPaymentEnforced;
|
|
20
|
+
exports.resolveEndpointId = resolveEndpointId;
|
|
21
|
+
exports.isVerified = isVerified;
|
|
22
|
+
exports.enforceAgentPayment = enforceAgentPayment;
|
|
23
|
+
const proof402_js_1 = require("../../lib/sml-api/proof402.js");
|
|
24
|
+
const x402_js_1 = require("./x402.js");
|
|
25
|
+
function isAgentPaymentEnforced() {
|
|
26
|
+
return (process.env['ENFORCE_AGENT_PAYMENT'] ?? '').toLowerCase() === 'true';
|
|
27
|
+
}
|
|
28
|
+
/** Resolve a tool's 402Proof endpoint UUID. Real values come from env. */
|
|
29
|
+
function resolveEndpointId(toolName) {
|
|
30
|
+
const fromEnv = process.env[`PROOF402_ENDPOINT_${toolName.toUpperCase()}`];
|
|
31
|
+
if (fromEnv && fromEnv.length > 0)
|
|
32
|
+
return fromEnv;
|
|
33
|
+
return ENDPOINT_MAP[toolName];
|
|
34
|
+
}
|
|
35
|
+
/** Built-in endpoint UUIDs. EMPTY by default — fill via env or here once registered. */
|
|
36
|
+
const ENDPOINT_MAP = {
|
|
37
|
+
// squeezeos_council: '<real-402proof-endpoint-uuid>',
|
|
38
|
+
};
|
|
39
|
+
/** Defensive success check for the 402Proof /v1/verify response. */
|
|
40
|
+
function isVerified(resp) {
|
|
41
|
+
if (resp === null || typeof resp !== 'object')
|
|
42
|
+
return false;
|
|
43
|
+
const r = resp;
|
|
44
|
+
if (r['error'])
|
|
45
|
+
return false;
|
|
46
|
+
if (r['verified'] === true || r['valid'] === true || r['ok'] === true)
|
|
47
|
+
return true;
|
|
48
|
+
const status = typeof r['status'] === 'string' ? r['status'].toLowerCase() : '';
|
|
49
|
+
return status === 'confirmed' || status === 'verified' || status === 'paid';
|
|
50
|
+
}
|
|
51
|
+
/**
|
|
52
|
+
* Enforce agent payment for a tool call. Returns a discriminated result; the caller
|
|
53
|
+
* (executeX402Payment) translates it into a served response, a 402 challenge, or a
|
|
54
|
+
* rejection. Never serves on anything but {status:'paid'}.
|
|
55
|
+
*/
|
|
56
|
+
async function enforceAgentPayment(params) {
|
|
57
|
+
const endpointId = resolveEndpointId(params.toolName);
|
|
58
|
+
if (!endpointId) {
|
|
59
|
+
return { status: 'unconfigured', toolName: params.toolName };
|
|
60
|
+
}
|
|
61
|
+
// No proof yet -> issue a 402 challenge (invoice is best-effort).
|
|
62
|
+
if (!params.paymentProof?.txHash) {
|
|
63
|
+
let invoice;
|
|
64
|
+
try {
|
|
65
|
+
invoice = await proof402_js_1.Proof402API.invoice(endpointId);
|
|
66
|
+
}
|
|
67
|
+
catch {
|
|
68
|
+
invoice = undefined;
|
|
69
|
+
}
|
|
70
|
+
return {
|
|
71
|
+
status: 'payment_required',
|
|
72
|
+
endpointId,
|
|
73
|
+
payTo: (0, x402_js_1.getPaymentReceiver)(),
|
|
74
|
+
amount: params.price,
|
|
75
|
+
invoice,
|
|
76
|
+
instructions: `Payment required. Pay ${params.price} USDC/RLUSD to ${(0, x402_js_1.getPaymentReceiver)()} (or per the invoice), then re-call this tool with payment_proof.tx_hash set to your payment transaction hash.`,
|
|
77
|
+
};
|
|
78
|
+
}
|
|
79
|
+
// Proof provided -> verify the agent's on-chain payment via 402Proof.
|
|
80
|
+
let resp;
|
|
81
|
+
try {
|
|
82
|
+
resp = await proof402_js_1.Proof402API.verify(params.paymentProof.txHash, endpointId);
|
|
83
|
+
}
|
|
84
|
+
catch (err) {
|
|
85
|
+
return { status: 'payment_invalid', endpointId, detail: { error: String(err) } };
|
|
86
|
+
}
|
|
87
|
+
if (isVerified(resp)) {
|
|
88
|
+
return { status: 'paid', txHash: params.paymentProof.txHash, detail: resp };
|
|
89
|
+
}
|
|
90
|
+
return { status: 'payment_invalid', endpointId, detail: resp };
|
|
91
|
+
}
|
|
92
|
+
/** Thrown by executeX402Payment when the agent must pay before the tool runs. */
|
|
93
|
+
class PaymentRequiredError extends Error {
|
|
94
|
+
gate;
|
|
95
|
+
constructor(gate) {
|
|
96
|
+
super('payment_required');
|
|
97
|
+
this.gate = gate;
|
|
98
|
+
this.name = 'PaymentRequiredError';
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
exports.PaymentRequiredError = PaymentRequiredError;
|
|
102
|
+
/** Thrown when the agent's payment proof fails 402Proof verification. */
|
|
103
|
+
class PaymentUnverifiedError extends Error {
|
|
104
|
+
gate;
|
|
105
|
+
constructor(gate) {
|
|
106
|
+
super('payment_unverified');
|
|
107
|
+
this.gate = gate;
|
|
108
|
+
this.name = 'PaymentUnverifiedError';
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
exports.PaymentUnverifiedError = PaymentUnverifiedError;
|
|
112
|
+
//# sourceMappingURL=agent-payment.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"agent-payment.js","sourceRoot":"","sources":["../../../src/server/payments/agent-payment.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AAKH,wDAEC;AAGD,8CAIC;AAQD,gCAOC;AAiBD,kDAuCC;AAnFD,+DAA4D;AAC5D,uCAA+C;AAE/C,SAAgB,sBAAsB;IACpC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;AAC/E,CAAC;AAED,0EAA0E;AAC1E,SAAgB,iBAAiB,CAAC,QAAgB;IAChD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAC3E,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IAClD,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED,wFAAwF;AACxF,MAAM,YAAY,GAA2B;AAC3C,sDAAsD;CACvD,CAAC;AAEF,oEAAoE;AACpE,SAAgB,UAAU,CAAC,IAAa;IACtC,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5D,MAAM,CAAC,GAAG,IAA+B,CAAC;IAC1C,IAAI,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7B,IAAI,CAAC,CAAC,UAAU,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACnF,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC,QAAQ,CAAY,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5F,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,UAAU,IAAI,MAAM,KAAK,MAAM,CAAC;AAC9E,CAAC;AAYD;;;;GAIG;AACI,KAAK,UAAU,mBAAmB,CAAC,MAIzC;IACC,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC/D,CAAC;IAED,kEAAkE;IAClE,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;QACjC,IAAI,OAAgB,CAAC;QACrB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,yBAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,SAAS,CAAC;QACtB,CAAC;QACD,OAAO;YACL,MAAM,EAAE,kBAAkB;YAC1B,UAAU;YACV,KAAK,EAAE,IAAA,4BAAkB,GAAE;YAC3B,MAAM,EAAE,MAAM,CAAC,KAAK;YACpB,OAAO;YACP,YAAY,EAAE,yBAAyB,MAAM,CAAC,KAAK,kBAAkB,IAAA,4BAAkB,GAAE,gHAAgH;SAC1M,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,IAAa,CAAC;IAClB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,yBAAW,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC1E,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;IACnF,CAAC;IACD,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IAC9E,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACjE,CAAC;AAED,iFAAiF;AACjF,MAAa,oBAAqB,SAAQ,KAAK;IACjB;IAA5B,YAA4B,IAAyD;QACnF,KAAK,CAAC,kBAAkB,CAAC,CAAC;QADA,SAAI,GAAJ,IAAI,CAAqD;QAEnF,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AALD,oDAKC;AAED,yEAAyE;AACzE,MAAa,sBAAuB,SAAQ,KAAK;IACnB;IAA5B,YAA4B,IAAwD;QAClF,KAAK,CAAC,oBAAoB,CAAC,CAAC;QADF,SAAI,GAAJ,IAAI,CAAoD;QAElF,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AALD,wDAKC"}
|
|
@@ -4,16 +4,29 @@ export declare const PaymentConfigSchema: z.ZodObject<{
|
|
|
4
4
|
currency: z.ZodEnum<["USDC", "RLUSD"]>;
|
|
5
5
|
toolName: z.ZodString;
|
|
6
6
|
walletAddress: z.ZodOptional<z.ZodString>;
|
|
7
|
+
paymentProof: z.ZodOptional<z.ZodObject<{
|
|
8
|
+
txHash: z.ZodString;
|
|
9
|
+
}, "strip", z.ZodTypeAny, {
|
|
10
|
+
txHash: string;
|
|
11
|
+
}, {
|
|
12
|
+
txHash: string;
|
|
13
|
+
}>>;
|
|
7
14
|
}, "strip", z.ZodTypeAny, {
|
|
8
15
|
currency: "USDC" | "RLUSD";
|
|
9
16
|
price: string;
|
|
10
17
|
toolName: string;
|
|
11
18
|
walletAddress?: string | undefined;
|
|
19
|
+
paymentProof?: {
|
|
20
|
+
txHash: string;
|
|
21
|
+
} | undefined;
|
|
12
22
|
}, {
|
|
13
23
|
currency: "USDC" | "RLUSD";
|
|
14
24
|
price: string;
|
|
15
25
|
toolName: string;
|
|
16
26
|
walletAddress?: string | undefined;
|
|
27
|
+
paymentProof?: {
|
|
28
|
+
txHash: string;
|
|
29
|
+
} | undefined;
|
|
17
30
|
}>;
|
|
18
31
|
export type PaymentConfig = z.infer<typeof PaymentConfigSchema>;
|
|
19
32
|
export interface PaymentResult {
|
|
@@ -25,5 +38,18 @@ export interface PaymentResult {
|
|
|
25
38
|
timestamp: number;
|
|
26
39
|
walletAddress: string;
|
|
27
40
|
}
|
|
41
|
+
/** Resolve the address that collects USDC for paid tool calls. */
|
|
42
|
+
export declare function getPaymentReceiver(): string;
|
|
28
43
|
export declare function executeX402Payment(config: PaymentConfig): Promise<PaymentResult>;
|
|
44
|
+
/**
|
|
45
|
+
* Brokered payment for APM-executed tools (apm_execute). The amount is the
|
|
46
|
+
* price-locked quote value + brokerage; its integrity is guaranteed by the
|
|
47
|
+
* SML-signed quote verified upstream — NOT by the price registry. Mirrors the
|
|
48
|
+
* settlement steps of executeX402Payment (cap, credit, AP2, route, receipt).
|
|
49
|
+
* Never call without a verified, unexpired quote.
|
|
50
|
+
*/
|
|
51
|
+
export declare function executeBrokeredPayment(params: {
|
|
52
|
+
amount: string;
|
|
53
|
+
toolName: string;
|
|
54
|
+
}): Promise<PaymentResult>;
|
|
29
55
|
//# sourceMappingURL=x402.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"x402.d.ts","sourceRoot":"","sources":["../../../src/server/payments/x402.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"x402.d.ts","sourceRoot":"","sources":["../../../src/server/payments/x402.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAUxB,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQ9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;CACvB;AAgBD,kEAAkE;AAClE,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C;AAqBD,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,aAAa,GACpB,OAAO,CAAC,aAAa,CAAC,CAoJxB;AAED;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,OAAO,CAAC,aAAa,CAAC,CA8DzB"}
|