@scriptmasterlabs/mcp-x402 2.1.1 → 2.1.2

package/dist/server/apm/schema.d.ts

@@ -0,0 +1,109 @@
+/**
+ * Agent Preference Manifest (APM) — the "ask, don't tell" schema.
+ *
+ * An agent declares what it NEEDS; SML answers with matching live tools.
+ * These types double as the published APM standard.
+ */
+import { z } from 'zod';
+export declare const ChainEnum: z.ZodEnum<["base", "xrpl", "solana"]>;
+export declare const ConstraintsSchema: z.ZodObject<{
+    /** Max USD the agent will pay per downstream tool call. */
+    max_price_usd: z.ZodOptional<z.ZodNumber>;
+    /** Payment chains the agent accepts. Empty/omitted = any. */
+    chains_accepted: z.ZodOptional<z.ZodArray<z.ZodEnum<["base", "xrpl", "solana"]>, "many">>;
+    /** Max acceptable data staleness, in seconds. */
+    max_freshness_sec: z.ZodOptional<z.ZodNumber>;
+    /** Require tools that cite authoritative sources. */
+    needs_attribution: z.ZodOptional<z.ZodBoolean>;
+    /** Agent's expected credit-score floor (informational; payment layer enforces >=300). */
+    min_credit_score: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    max_price_usd?: number | undefined;
+    chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
+    max_freshness_sec?: number | undefined;
+    needs_attribution?: boolean | undefined;
+    min_credit_score?: number | undefined;
+}, {
+    max_price_usd?: number | undefined;
+    chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
+    max_freshness_sec?: number | undefined;
+    needs_attribution?: boolean | undefined;
+    min_credit_score?: number | undefined;
+}>;
+export declare const ManifestSchema: z.ZodObject<{
+    need: z.ZodString;
+    mode: z.ZodDefault<z.ZodEnum<["preview", "contract"]>>;
+    wallet_address: z.ZodOptional<z.ZodString>;
+    agent_id: z.ZodOptional<z.ZodString>;
+    constraints: z.ZodOptional<z.ZodObject<{
+        /** Max USD the agent will pay per downstream tool call. */
+        max_price_usd: z.ZodOptional<z.ZodNumber>;
+        /** Payment chains the agent accepts. Empty/omitted = any. */
+        chains_accepted: z.ZodOptional<z.ZodArray<z.ZodEnum<["base", "xrpl", "solana"]>, "many">>;
+        /** Max acceptable data staleness, in seconds. */
+        max_freshness_sec: z.ZodOptional<z.ZodNumber>;
+        /** Require tools that cite authoritative sources. */
+        needs_attribution: z.ZodOptional<z.ZodBoolean>;
+        /** Agent's expected credit-score floor (informational; payment layer enforces >=300). */
+        min_credit_score: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        max_price_usd?: number | undefined;
+        chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
+        max_freshness_sec?: number | undefined;
+        needs_attribution?: boolean | undefined;
+        min_credit_score?: number | undefined;
+    }, {
+        max_price_usd?: number | undefined;
+        chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
+        max_freshness_sec?: number | undefined;
+        needs_attribution?: boolean | undefined;
+        min_credit_score?: number | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    mode: "preview" | "contract";
+    need: string;
+    wallet_address?: string | undefined;
+    agent_id?: string | undefined;
+    constraints?: {
+        max_price_usd?: number | undefined;
+        chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
+        max_freshness_sec?: number | undefined;
+        needs_attribution?: boolean | undefined;
+        min_credit_score?: number | undefined;
+    } | undefined;
+}, {
+    need: string;
+    mode?: "preview" | "contract" | undefined;
+    wallet_address?: string | undefined;
+    agent_id?: string | undefined;
+    constraints?: {
+        max_price_usd?: number | undefined;
+        chains_accepted?: ("base" | "xrpl" | "solana")[] | undefined;
+        max_freshness_sec?: number | undefined;
+        needs_attribution?: boolean | undefined;
+        min_credit_score?: number | undefined;
+    } | undefined;
+}>;
+export type Manifest = z.infer<typeof ManifestSchema>;
+export type Constraints = z.infer<typeof ConstraintsSchema>;
+export interface ConstraintFit {
+    price: boolean;
+    chain: boolean;
+    freshness: boolean;
+    attribution: boolean;
+}
+export interface ScoredMatch {
+    tool: string;
+    product: string;
+    summary: string;
+    paid: boolean;
+    price_usd: string;
+    payment_chains: string[];
+    freshness_sec: number;
+    attribution: boolean;
+    live: boolean;
+    score: number;
+    fits: ConstraintFit;
+    meets_all_constraints: boolean;
+}
+//# sourceMappingURL=schema.d.ts.map

package/dist/server/apm/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../src/server/apm/schema.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,SAAS,uCAAqC,CAAC;AAE5D,eAAO,MAAM,iBAAiB;IAC5B,2DAA2D;;IAE3D,6DAA6D;;IAE7D,iDAAiD;;IAEjD,qDAAqD;;IAErD,yFAAyF;;;;;;;;;;;;;;EAEzF,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;;QAZzB,2DAA2D;;QAE3D,6DAA6D;;QAE7D,iDAAiD;;QAEjD,qDAAqD;;QAErD,yFAAyF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAUzF,CAAC;AAEH,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AACtD,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,aAAa,CAAC;IACpB,qBAAqB,EAAE,OAAO,CAAC;CAChC"}

package/dist/server/apm/schema.js

@@ -0,0 +1,31 @@
+"use strict";
+/**
+ * Agent Preference Manifest (APM) — the "ask, don't tell" schema.
+ *
+ * An agent declares what it NEEDS; SML answers with matching live tools.
+ * These types double as the published APM standard.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ManifestSchema = exports.ConstraintsSchema = exports.ChainEnum = void 0;
+const zod_1 = require("zod");
+exports.ChainEnum = zod_1.z.enum(['base', 'xrpl', 'solana']);
+exports.ConstraintsSchema = zod_1.z.object({
+    /** Max USD the agent will pay per downstream tool call. */
+    max_price_usd: zod_1.z.number().nonnegative().optional(),
+    /** Payment chains the agent accepts. Empty/omitted = any. */
+    chains_accepted: zod_1.z.array(exports.ChainEnum).optional(),
+    /** Max acceptable data staleness, in seconds. */
+    max_freshness_sec: zod_1.z.number().int().nonnegative().optional(),
+    /** Require tools that cite authoritative sources. */
+    needs_attribution: zod_1.z.boolean().optional(),
+    /** Agent's expected credit-score floor (informational; payment layer enforces >=300). */
+    min_credit_score: zod_1.z.number().int().optional(),
+});
+exports.ManifestSchema = zod_1.z.object({
+    need: zod_1.z.string().min(2).max(500),
+    mode: zod_1.z.enum(['preview', 'contract']).default('preview'),
+    wallet_address: zod_1.z.string().optional(),
+    agent_id: zod_1.z.string().optional(),
+    constraints: exports.ConstraintsSchema.optional(),
+});
+//# sourceMappingURL=schema.js.map

package/dist/server/apm/schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../src/server/apm/schema.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,6BAAwB;AAEX,QAAA,SAAS,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;AAE/C,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,2DAA2D;IAC3D,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAClD,6DAA6D;IAC7D,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,iBAAS,CAAC,CAAC,QAAQ,EAAE;IAC9C,iDAAiD;IACjD,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAC5D,qDAAqD;IACrD,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACzC,yFAAyF;IACzF,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CAC9C,CAAC,CAAC;AAEU,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAChC,IAAI,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IACxD,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,WAAW,EAAE,yBAAiB,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAC"}

package/dist/server/health.d.ts

@@ -0,0 +1,16 @@
+import type { Request, Response } from 'express';
+export interface HealthStatus {
+    status: 'ok' | 'degraded';
+    version: string;
+    transport: string;
+    uptime_seconds: number;
+    uptime_human: string;
+    timestamp: string;
+    checks: {
+        process: 'ok';
+        memory_mb: number;
+        memory_ok: boolean;
+    };
+}
+export declare function healthHandler(_req: Request, res: Response): void;
+//# sourceMappingURL=health.d.ts.map

package/dist/server/health.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../src/server/health.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAIjD,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,IAAI,GAAG,UAAU,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE;QACN,OAAO,EAAE,IAAI,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,OAAO,CAAC;KACpB,CAAC;CACH;AAaD,wBAAgB,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,IAAI,CAsBhE"}

package/dist/server/health.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.healthHandler = healthHandler;
+const startTime = Date.now();
+function formatUptime(ms) {
+    const s = Math.floor(ms / 1000);
+    const m = Math.floor(s / 60);
+    const h = Math.floor(m / 60);
+    const d = Math.floor(h / 24);
+    if (d > 0)
+        return `${d}d ${h % 24}h ${m % 60}m`;
+    if (h > 0)
+        return `${h}h ${m % 60}m ${s % 60}s`;
+    if (m > 0)
+        return `${m}m ${s % 60}s`;
+    return `${s}s`;
+}
+function healthHandler(_req, res) {
+    const uptimeMs = Date.now() - startTime;
+    const memMb = Math.round(process.memoryUsage().rss / 1024 / 1024);
+    const memOk = memMb < 450; // warn if approaching 512MB container limit
+    const body = {
+        status: memOk ? 'ok' : 'degraded',
+        version: process.env['npm_package_version'] ?? '1.0.0',
+        transport: process.env['MCP_TRANSPORT'] ?? 'stdio',
+        uptime_seconds: Math.floor(uptimeMs / 1000),
+        uptime_human: formatUptime(uptimeMs),
+        timestamp: new Date().toISOString(),
+        checks: {
+            process: 'ok',
+            memory_mb: memMb,
+            memory_ok: memOk,
+        },
+    };
+    // Return 200 even if degraded — let the orchestrator decide.
+    // Only return 5xx if the process itself is fundamentally broken.
+    res.status(200).json(body);
+}
+//# sourceMappingURL=health.js.map

package/dist/server/health.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.js","sourceRoot":"","sources":["../../src/server/health.ts"],"names":[],"mappings":";;AA6BA,sCAsBC;AAjDD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AAgB7B,SAAS,YAAY,CAAC,EAAU;IAC9B,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7B,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7B,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC;IAChD,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC;IAChD,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC;IACrC,OAAO,GAAG,CAAC,GAAG,CAAC;AACjB,CAAC;AAED,SAAgB,aAAa,CAAC,IAAa,EAAE,GAAa;IACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,KAAK,GAAG,GAAG,CAAC,CAAC,4CAA4C;IAEvE,MAAM,IAAI,GAAiB;QACzB,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU;QACjC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,OAAO;QACtD,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,OAAO;QAClD,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC;QAC3C,YAAY,EAAE,YAAY,CAAC,QAAQ,CAAC;QACpC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,MAAM,EAAE;YACN,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,KAAK;YAChB,SAAS,EAAE,KAAK;SACjB;KACF,CAAC;IAEF,6DAA6D;IAC7D,iEAAiE;IACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC"}

package/dist/server/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/server/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":""}

package/dist/server/index.js

@@ -0,0 +1,322 @@
+#!/usr/bin/env node
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const mcp_js_1 = require("@modelcontextprotocol/sdk/server/mcp.js");
+const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
+const sse_js_1 = require("@modelcontextprotocol/sdk/server/sse.js");
+const streamableHttp_js_1 = require("@modelcontextprotocol/sdk/server/streamableHttp.js");
+const express_1 = __importDefault(require("express"));
+const crypto_1 = require("crypto");
+const cors_1 = __importDefault(require("cors"));
+const index_js_1 = require("./tools/index.js");
+const audit_js_1 = require("./security/audit.js");
+const rate_limit_js_1 = require("./security/rate-limit.js");
+const health_js_1 = require("./health.js");
+const VERSION = '1.0.0';
+async function createServer() {
+    const server = new mcp_js_1.McpServer({ name: 'mcp-x402', version: VERSION }, { capabilities: { tools: {} } });
+    await (0, index_js_1.registerTools)(server);
+    return server;
+}
+async function runStdio() {
+    const server = await createServer();
+    const transport = new stdio_js_1.StdioServerTransport();
+    await server.connect(transport);
+    audit_js_1.AuditLogger.getInstance().info('server_start', { transport: 'stdio', version: VERSION });
+    const shutdown = async () => {
+        audit_js_1.AuditLogger.getInstance().info('server_stop', { transport: 'stdio' });
+        await server.close();
+        process.exit(0);
+    };
+    process.on('SIGINT', shutdown);
+    process.on('SIGTERM', shutdown);
+    // Keep stdio process alive — reconnect on unexpected transport close
+    process.stdin.on('end', () => {
+        audit_js_1.AuditLogger.getInstance().warn('stdio_stdin_end', {});
+        process.exit(0);
+    });
+}
+async function runSSE() {
+    const app = (0, express_1.default)();
+    const port = parseInt(process.env['MCP_SSE_PORT'] ?? '3402', 10);
+    app.use((0, cors_1.default)({ origin: process.env['CORS_ORIGIN'] ?? '*' }));
+    app.use(express_1.default.json({ limit: '1mb' }));
+    // Health endpoint — hit every 30s by Docker healthcheck + keepalive cron
+    app.get('/health', health_js_1.healthHandler);
+    // Wallet info — shows the server's derived wallet address (safe to expose, no private key)
+    app.get('/wallet', async (_req, res) => {
+        const { WalletManager } = await import('./payments/wallet.js');
+        const wallet = await WalletManager.getInstance().getOrCreateWallet();
+        res.json({ address: wallet.address, chain: wallet.chain, note: 'Fund this address with USDC on Base to enable outbound payments.' });
+    });
+    app.get('/agents.json', (_req, res) => {
+        res.sendFile('agents.json', { root: process.cwd() });
+    });
+    app.get('/llms.txt', (_req, res) => {
+        res.sendFile('llms.txt', { root: process.cwd() });
+    });
+    app.get('/.well-known/agentcard.json', (_req, res) => {
+        res.sendFile('.well-known/agentcard.json', { root: process.cwd() });
+    });
+    // Root handler — service discovery for agents hitting / directly
+    app.get('/', (_req, res) => {
+        res.json({
+            name: 'mcp-x402',
+            version: VERSION,
+            description: 'The x402 Amazon — 43+ tools, pay-per-call via XRPL. scriptmasterlabs.com',
+            status: 'online',
+            transport: 'streamable-http + sse',
+            endpoints: {
+                mcp_streamable: 'POST /mcp',
+                sse_connect: 'GET /sse',
+                sse_messages: 'POST /messages',
+                health: 'GET /health',
+                agentCard: 'GET /.well-known/agentcard.json',
+                llms: 'GET /llms.txt',
+            },
+            links: {
+                github: 'https://github.com/Timwal78/SML_Portfolio/tree/main/mcp-x402',
+                homepage: 'https://scriptmasterlabs.com',
+            },
+        });
+    });
+    // --- MONETIZATION FLYWHEEL (Credit Bureau & Paid Endpoints) ---
+    const creditScores = new Map();
+    const freeTierUsage = new Map();
+    function getScore(did) {
+        if (!creditScores.has(did))
+            creditScores.set(did, 300);
+        return creditScores.get(did);
+    }
+    function recordPaidCall(did) {
+        const score = getScore(did) + 5;
+        const newScore = Math.min(score, 850);
+        creditScores.set(did, newScore);
+        return newScore;
+    }
+    const COUNCIL_PRICE = "0.10";
+    const VIP_PRICE = "0.08";
+    const PLATINUM_PRICE = "0.06";
+    async function agentDidMiddleware(req, res, next) {
+        const proofHeader = req.headers["x-payment-proof"];
+        let agentDid = req.headers["x-agent-did"];
+        if (!agentDid && proofHeader) {
+            try {
+                const proof = JSON.parse(Buffer.from(proofHeader, "base64").toString("utf8"));
+                agentDid = `did:poi:xrpl:${proof.payer}`;
+            }
+            catch { }
+        }
+        if (!agentDid) {
+            agentDid = `did:anonymous:${req.ip?.replace(/[:.]/g, "-")}`;
+        }
+        req.agentDid = agentDid;
+        next();
+    }
+    async function freeTierRateLimit(req, res, next) {
+        const did = req.agentDid;
+        const today = new Date().toISOString().slice(0, 10);
+        let usage = freeTierUsage.get(did) || { count: 0, date: today };
+        if (usage.date !== today)
+            usage = { count: 0, date: today };
+        usage.count++;
+        freeTierUsage.set(did, usage);
+        if (usage.count > 3) {
+            res.status(429).json({
+                error: "free_tier_exhausted",
+                message: "Free tier limit: 3 calls/day. Upgrade via x402 payment.",
+                upgradeEndpoint: "/api/council",
+                price: COUNCIL_PRICE,
+                currency: "RLUSD",
+                network: process.env['XRPL_NETWORK'] ?? "xrpl-mainnet",
+                yourScore: getScore(did)
+            });
+            return;
+        }
+        next();
+    }
+    async function dynamicPriceGate(req, res, next) {
+        const did = req.agentDid || "did:anonymous";
+        const score = getScore(did);
+        const proofHeader = req.headers["x-payment-proof"];
+        if (proofHeader) {
+            next();
+            return;
+        }
+        const price = score >= 800 ? PLATINUM_PRICE : score >= 700 ? VIP_PRICE : COUNCIL_PRICE;
+        const receivingAddress = process.env['XRPL_RECEIVING_ADDRESS'];
+        if (!receivingAddress) {
+            res.status(503).json({ error: 'payment_not_configured', message: 'XRPL_RECEIVING_ADDRESS not set' });
+            return;
+        }
+        const requirements = {
+            destination: receivingAddress,
+            amount: price,
+            currency: "RLUSD",
+            network: process.env['XRPL_NETWORK'] ?? "xrpl-mainnet",
+            description: `SqueezeOS Premium — ${price} RLUSD (Score: ${score})`,
+            expiresAt: new Date(Date.now() + 60000).toISOString()
+        };
+        const encoded = Buffer.from(JSON.stringify(requirements)).toString("base64");
+        res.status(402).setHeader("X-Payment-Requirements", encoded).json({
+            error: "payment_required",
+            protocol: "x402",
+            price,
+            currency: "RLUSD",
+            agentCreditScore: score,
+            vipEligible: score >= 700,
+            requirements
+        });
+    }
+    app.get("/api/beastmode", agentDidMiddleware, freeTierRateLimit, (req, res) => {
+        const score = getScore(req.agentDid);
+        res.json({
+            tool: "beastmode", tier: "free",
+            result: { status: "Awaiting Data", note: "Free tier preview only. Full scan requires /api/beastmode/full (0.10 RLUSD)", agentCreditScore: score },
+            watermark: "ScriptMasterLabs — mcp-x402"
+        });
+    });
+    app.get("/api/demo/council", agentDidMiddleware, freeTierRateLimit, (req, res) => {
+        const score = getScore(req.agentDid);
+        res.json({
+            tool: "council_demo", tier: "free", councilMember: "RISK_SENTINEL",
+            response: "Awaiting Data — connect wallet and pay for full council verdict.", agentCreditScore: score,
+            watermark: "ScriptMasterLabs — mcp-x402"
+        });
+    });
+    app.get("/api/credit-score", agentDidMiddleware, (req, res) => {
+        const did = req.agentDid;
+        const score = getScore(did);
+        res.json({ agentDid: did, creditScore: score, scale: "300-850", benefits: { "700+": "VIP 0.08 RLUSD", "800+": "Platinum 0.06 RLUSD" } });
+    });
+    app.post("/api/council", agentDidMiddleware, dynamicPriceGate, (req, res) => {
+        const newScore = recordPaidCall(req.agentDid);
+        res.json({
+            tool: "council", tier: "paid", consensus: "Awaiting Data", agentCreditScore: newScore, scoreGained: "+5",
+            note: "Route to SqueezeOS council endpoint for live verdict"
+        });
+    });
+    app.post("/api/beastmode/full", agentDidMiddleware, dynamicPriceGate, (req, res) => {
+        const newScore = recordPaidCall(req.agentDid);
+        res.json({
+            tool: "beastmode_full", tier: "paid", scan: "Awaiting Data",
+            agentCreditScore: newScore, scoreGained: "+5"
+        });
+    });
+    // Streamable HTTP transport — used by claude.ai web connectors
+    const streamableTransports = new Map();
+    app.post('/mcp', async (req, res) => {
+        const sessionId = req.headers['mcp-session-id'];
+        let transport = sessionId ? streamableTransports.get(sessionId) : undefined;
+        if (!transport) {
+            const newSessionId = (0, crypto_1.randomUUID)();
+            transport = new streamableHttp_js_1.StreamableHTTPServerTransport({ sessionIdGenerator: () => newSessionId });
+            streamableTransports.set(newSessionId, transport);
+            transport.onclose = () => streamableTransports.delete(newSessionId);
+            const server = await createServer();
+            await server.connect(transport);
+            audit_js_1.AuditLogger.getInstance().info('mcp_connect', { sessionId: newSessionId });
+        }
+        await transport.handleRequest(req, res, req.body);
+    });
+    // GET /mcp with no session returns service info instead of 404
+    app.get('/mcp', async (req, res) => {
+        const sessionId = req.headers['mcp-session-id'];
+        const transport = sessionId ? streamableTransports.get(sessionId) : undefined;
+        if (!transport) {
+            res.json({
+                name: 'mcp-x402',
+                version: VERSION,
+                protocol: 'MCP/streamable-http',
+                status: 'ready',
+                tools: '43+ tools available',
+                how_to_connect: 'POST /mcp with a JSON-RPC initialize request',
+                sse_alternative: 'GET /sse for legacy SSE transport',
+                health: '/health',
+                homepage: 'https://scriptmasterlabs.com',
+            });
+            return;
+        }
+        await transport.handleRequest(req, res);
+    });
+    app.delete('/mcp', async (req, res) => {
+        const sessionId = req.headers['mcp-session-id'];
+        const transport = sessionId ? streamableTransports.get(sessionId) : undefined;
+        if (!transport) {
+            res.status(404).json({ error: 'session_not_found' });
+            return;
+        }
+        await transport.handleRequest(req, res);
+    });
+    const transports = new Map();
+    const rateLimiter = rate_limit_js_1.RateLimiter.getInstance();
+    app.get('/sse', async (req, res) => {
+        const clientIp = req.ip ?? 'unknown';
+        if (!rateLimiter.checkIp(clientIp)) {
+            res.status(429).json({ error: 'rate_limit_exceeded', retry_after: 60 });
+            return;
+        }
+        const transport = new sse_js_1.SSEServerTransport('/messages', res);
+        const sessionId = transport.sessionId;
+        transports.set(sessionId, transport);
+        const server = await createServer();
+        await server.connect(transport);
+        audit_js_1.AuditLogger.getInstance().info('sse_connect', { sessionId, clientIp });
+        res.on('close', async () => {
+            transports.delete(sessionId);
+            audit_js_1.AuditLogger.getInstance().info('sse_disconnect', { sessionId });
+            await server.close();
+        });
+    });
+    app.post('/messages', async (req, res) => {
+        const sessionId = req.query['sessionId'];
+        if (!sessionId) {
+            res.status(400).json({ error: 'missing_session_id' });
+            return;
+        }
+        const transport = transports.get(sessionId);
+        if (!transport) {
+            res.status(404).json({ error: 'session_not_found' });
+            return;
+        }
+        await transport.handlePostMessage(req, res);
+    });
+    const httpServer = await new Promise((resolve) => {
+        const s = app.listen(port, () => resolve(s));
+    });
+    audit_js_1.AuditLogger.getInstance().info('server_start', { transport: 'sse', port, version: VERSION });
+    console.error(`[mcp-x402] listening on :${port} — health: http://localhost:${port}/health`);
+    const shutdown = async () => {
+        audit_js_1.AuditLogger.getInstance().info('server_stop', { transport: 'sse' });
+        for (const [id] of transports) {
+            audit_js_1.AuditLogger.getInstance().info('sse_force_close', { sessionId: id });
+        }
+        httpServer.close(() => process.exit(0));
+        setTimeout(() => process.exit(1), 10_000).unref();
+    };
+    process.on('SIGINT', shutdown);
+    process.on('SIGTERM', shutdown);
+    process.on('uncaughtException', (err) => {
+        audit_js_1.AuditLogger.getInstance().error('uncaught_exception', { error: String(err), stack: err.stack ?? '' });
+    });
+    process.on('unhandledRejection', (reason) => {
+        audit_js_1.AuditLogger.getInstance().error('unhandledRejection', { reason: String(reason) });
+    });
+}
+const transport = process.env['MCP_TRANSPORT'] ?? 'stdio';
+if (transport === 'sse') {
+    runSSE().catch((err) => {
+        console.error('[mcp-x402] fatal:', err);
+        process.exit(1);
+    });
+}
+else {
+    runStdio().catch((err) => {
+        console.error('[mcp-x402] fatal:', err);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/server/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":";;;;;;AACA,oEAAoE;AACpE,wEAAiF;AACjF,oEAA6E;AAC7E,0FAAmG;AACnG,sDAA8B;AAC9B,mCAAoC;AACpC,gDAAwB;AACxB,+CAAiD;AACjD,kDAAkD;AAClD,4DAAuD;AACvD,2CAA4C;AAE5C,MAAM,OAAO,GAAG,OAAO,CAAC;AAExB,KAAK,UAAU,YAAY;IACzB,MAAM,MAAM,GAAG,IAAI,kBAAS,CAC1B,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,EACtC,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IACF,MAAM,IAAA,wBAAa,EAAC,MAAM,CAAC,CAAC;IAC5B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,QAAQ;IACrB,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,sBAAW,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IAEzF,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,sBAAW,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QACtE,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEhC,qEAAqE;IACrE,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;QAC3B,sBAAW,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;QACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,MAAM;IACnB,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IACtB,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IAEjE,GAAG,CAAC,GAAG,CAAC,IAAA,cAAI,EAAC,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC;IAC7D,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAExC,yEAAyE;IACzE,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,yBAAa,CAAC,CAAC;IAElC,2FAA2F;IAC3F,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;QACrC,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,CAAC,iBAAiB,EAAE,CAAC;QACrE,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,kEAAkE,EAAE,CAAC,CAAC;IACvI,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACpC,GAAG,CAAC,QAAQ,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACjC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACnD,GAAG,CAAC,QAAQ,CAAC,4BAA4B,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,iEAAiE;IACjE,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACzB,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,OAAO;YAChB,WAAW,EAAE,0EAA0E;YACvF,MAAM,EAAE,QAAQ;YAChB,SAAS,EAAE,uBAAuB;YAClC,SAAS,EAAE;gBACT,cAAc,EAAE,WAAW;gBAC3B,WAAW,EAAE,UAAU;gBACvB,YAAY,EAAE,gBAAgB;gBAC9B,MAAM,EAAE,aAAa;gBACrB,SAAS,EAAE,iCAAiC;gBAC5C,IAAI,EAAE,eAAe;aACtB;YACD,KAAK,EAAE;gBACL,MAAM,EAAE,8DAA8D;gBACtE,QAAQ,EAAE,8BAA8B;aACzC;SACF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,iEAAiE;IAEjE,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAI,GAAG,EAA2C,CAAC;IAEzE,SAAS,QAAQ,CAAC,GAAW;QAC3B,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACvD,OAAO,YAAY,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;IAChC,CAAC;IAED,SAAS,cAAc,CAAC,GAAW;QACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACtC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAChC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,CAAC;IAC7B,MAAM,SAAS,GAAG,MAAM,CAAC;IACzB,MAAM,cAAc,GAAG,MAAM,CAAC;IAE9B,KAAK,UAAU,kBAAkB,CAAC,GAAoB,EAAE,GAAqB,EAAE,IAA0B;QACvG,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAuB,CAAC;QACzE,IAAI,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAuB,CAAC;QAEhE,IAAI,CAAC,QAAQ,IAAI,WAAW,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC9E,QAAQ,GAAG,gBAAgB,KAAK,CAAC,KAAK,EAAE,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC,CAAC,CAAC;QACb,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,QAAQ,GAAG,iBAAiB,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;QAC9D,CAAC;QACA,GAAW,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACjC,IAAI,EAAE,CAAC;IACT,CAAC;IAED,KAAK,UAAU,iBAAiB,CAAC,GAAoB,EAAE,GAAqB,EAAE,IAA0B;QACtG,MAAM,GAAG,GAAI,GAAW,CAAC,QAAQ,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpD,IAAI,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QAChE,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK;YAAE,KAAK,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QAE5D,KAAK,CAAC,KAAK,EAAE,CAAC;QACd,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAE9B,IAAI,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,qBAAqB;gBAC5B,OAAO,EAAE,yDAAyD;gBAClE,eAAe,EAAE,cAAc;gBAC/B,KAAK,EAAE,aAAa;gBACpB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,cAAc;gBACtD,SAAS,EAAE,QAAQ,CAAC,GAAG,CAAC;aACzB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,IAAI,EAAE,CAAC;IACT,CAAC;IAED,KAAK,UAAU,gBAAgB,CAAC,GAAoB,EAAE,GAAqB,EAAE,IAA0B;QACrG,MAAM,GAAG,GAAI,GAAW,CAAC,QAAQ,IAAI,eAAe,CAAC;QACrD,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAEnD,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,KAAK,IAAI,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC;QACvF,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QAC/D,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC,CAAC;YACrG,OAAO;QACT,CAAC;QACD,MAAM,YAAY,GAAG;YACnB,WAAW,EAAE,gBAAgB;YAC7B,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,cAAc;YACtD,WAAW,EAAE,uBAAuB,KAAK,kBAAkB,KAAK,GAAG;YACnE,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,WAAW,EAAE;SACtD,CAAC;QAEF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC7E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC;YAChE,KAAK,EAAE,kBAAkB;YACzB,QAAQ,EAAE,MAAM;YAChB,KAAK;YACL,QAAQ,EAAE,OAAO;YACjB,gBAAgB,EAAE,KAAK;YACvB,WAAW,EAAE,KAAK,IAAI,GAAG;YACzB,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC5E,MAAM,KAAK,GAAG,QAAQ,CAAE,GAAW,CAAC,QAAQ,CAAC,CAAC;QAC9C,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM;YAC/B,MAAM,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,6EAA6E,EAAE,gBAAgB,EAAE,KAAK,EAAE;YACjJ,SAAS,EAAE,6BAA6B;SACzC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC/E,MAAM,KAAK,GAAG,QAAQ,CAAE,GAAW,CAAC,QAAQ,CAAC,CAAC;QAC9C,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,eAAe;YAClE,QAAQ,EAAE,kEAAkE,EAAE,gBAAgB,EAAE,KAAK;YACrG,SAAS,EAAE,6BAA6B;SACzC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,kBAAkB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC5D,MAAM,GAAG,GAAI,GAAW,CAAC,QAAQ,CAAC;QAClC,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC5B,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,qBAAqB,EAAE,EAAE,CAAC,CAAC;IAC3I,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC1E,MAAM,QAAQ,GAAG,cAAc,CAAE,GAAW,CAAC,QAAQ,CAAC,CAAC;QACvD,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,gBAAgB,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI;YACxG,IAAI,EAAE,sDAAsD;SAC7D,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACjF,MAAM,QAAQ,GAAG,cAAc,CAAE,GAAW,CAAC,QAAQ,CAAC,CAAC;QACvD,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe;YAC3D,gBAAgB,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI;SAC9C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,+DAA+D;IAC/D,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAyC,CAAC;IAE9E,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAE5E,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,IAAA,mBAAU,GAAE,CAAC;YAClC,SAAS,GAAG,IAAI,iDAA6B,CAAC,EAAE,kBAAkB,EAAE,GAAG,EAAE,CAAC,YAAY,EAAE,CAAC,CAAC;YAC1F,oBAAoB,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;YAClD,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,oBAAoB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YACpE,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;YACpC,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,sBAAW,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,+DAA+D;IAC/D,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACjC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC9E,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,GAAG,CAAC,IAAI,CAAC;gBACP,IAAI,EAAE,UAAU;gBAChB,OAAO,EAAE,OAAO;gBAChB,QAAQ,EAAE,qBAAqB;gBAC/B,MAAM,EAAE,OAAO;gBACf,KAAK,EAAE,qBAAqB;gBAC5B,cAAc,EAAE,8CAA8C;gBAC9D,eAAe,EAAE,mCAAmC;gBACpD,MAAM,EAAE,SAAS;gBACjB,QAAQ,EAAE,8BAA8B;aACzC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACpC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC9E,IAAI,CAAC,SAAS,EAAE,CAAC;YAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAAC,OAAO;QAAC,CAAC;QACjF,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,IAAI,GAAG,EAA8B,CAAC;IACzD,MAAM,WAAW,GAAG,2BAAW,CAAC,WAAW,EAAE,CAAC;IAE9C,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QACrC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC;YACxE,OAAO;QACT,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,2BAAkB,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC;QACtC,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;QACpC,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,sBAAW,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;QACvE,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YACzB,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC7B,sBAAW,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;YAChE,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACvC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,CAAuB,CAAC;QAC/D,IAAI,CAAC,SAAS,EAAE,CAAC;YAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC;YAAC,OAAO;QAAC,CAAC;QAClF,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,SAAS,EAAE,CAAC;YAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAAC,OAAO;QAAC,CAAC;QACjF,MAAM,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,MAAM,IAAI,OAAO,CAClC,CAAC,OAAO,EAAE,EAAE;QACV,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC,CACF,CAAC;IAEF,sBAAW,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IAC7F,OAAO,CAAC,KAAK,CAAC,4BAA4B,IAAI,+BAA+B,IAAI,SAAS,CAAC,CAAC;IAE5F,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,sBAAW,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,KAAK,MAAM,CAAC,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC;YAC9B,sBAAW,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;IACpD,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEhC,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,GAAG,EAAE,EAAE;QACtC,sBAAW,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC,CAAC;IACxG,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,EAAE;QAC1C,sBAAW,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC;AAC1D,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;IACxB,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACrB,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;QACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;KAAM,CAAC;IACN,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACvB,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;QACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/server/payments/agent-payment.d.ts

@@ -0,0 +1,71 @@
+/**
+ * Agent-payment enforcement gate — the REAL x402 model.
+ *
+ * Today the gateway "pays itself" (gateway wallet -> SML receiver) and serves paid
+ * tools regardless, so they're effectively free. This gate flips that to the correct
+ * flow: tool call -> 402 challenge (invoice) -> agent pays from ITS wallet -> agent
+ * re-calls with tx_hash -> we VERIFY via 402Proof -> serve.
+ *
+ * Safety: OFF by default (ENFORCE_AGENT_PAYMENT). When off, nothing here runs and
+ * existing behavior is unchanged. When on, each paid tool needs its 402Proof endpoint
+ * UUID (PROOF402_ENDPOINT_<TOOL>); without it the gate fails CLOSED (never serves free).
+ *
+ * NOTE: isVerified() interprets the 402Proof /v1/verify response defensively. Confirm
+ * the exact success contract against the live 402Proof service before going live.
+ */
+export declare function isAgentPaymentEnforced(): boolean;
+/** Resolve a tool's 402Proof endpoint UUID. Real values come from env. */
+export declare function resolveEndpointId(toolName: string): string | undefined;
+/** Defensive success check for the 402Proof /v1/verify response. */
+export declare function isVerified(resp: unknown): boolean;
+export interface PaymentProof {
+    txHash: string;
+}
+export type GateResult = {
+    status: 'paid';
+    txHash: string;
+    detail: unknown;
+} | {
+    status: 'payment_required';
+    endpointId: string;
+    payTo: string;
+    amount: string;
+    invoice?: unknown;
+    instructions: string;
+} | {
+    status: 'payment_invalid';
+    endpointId: string;
+    detail: unknown;
+} | {
+    status: 'unconfigured';
+    toolName: string;
+};
+/**
+ * Enforce agent payment for a tool call. Returns a discriminated result; the caller
+ * (executeX402Payment) translates it into a served response, a 402 challenge, or a
+ * rejection. Never serves on anything but {status:'paid'}.
+ */
+export declare function enforceAgentPayment(params: {
+    toolName: string;
+    price: string;
+    paymentProof?: PaymentProof;
+}): Promise<GateResult>;
+/** Thrown by executeX402Payment when the agent must pay before the tool runs. */
+export declare class PaymentRequiredError extends Error {
+    readonly gate: Extract<GateResult, {
+        status: 'payment_required';
+    }>;
+    constructor(gate: Extract<GateResult, {
+        status: 'payment_required';
+    }>);
+}
+/** Thrown when the agent's payment proof fails 402Proof verification. */
+export declare class PaymentUnverifiedError extends Error {
+    readonly gate: Extract<GateResult, {
+        status: 'payment_invalid';
+    }>;
+    constructor(gate: Extract<GateResult, {
+        status: 'payment_invalid';
+    }>);
+}
+//# sourceMappingURL=agent-payment.d.ts.map

package/dist/server/payments/agent-payment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-payment.d.ts","sourceRoot":"","sources":["../../../src/server/payments/agent-payment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAKH,wBAAgB,sBAAsB,IAAI,OAAO,CAEhD;AAED,0EAA0E;AAC1E,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAItE;AAOD,oEAAoE;AACpE,wBAAgB,UAAU,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAOjD;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,UAAU,GAClB;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAE,GACnD;IAAE,MAAM,EAAE,kBAAkB,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,GAC1H;IAAE,MAAM,EAAE,iBAAiB,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAE,GAClE;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjD;;;;GAIG;AACH,wBAAsB,mBAAmB,CAAC,MAAM,EAAE;IAChD,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B,GAAG,OAAO,CAAC,UAAU,CAAC,CAmCtB;AAED,iFAAiF;AACjF,qBAAa,oBAAqB,SAAQ,KAAK;aACjB,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE;QAAE,MAAM,EAAE,kBAAkB,CAAA;KAAE,CAAC;gBAAzD,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE;QAAE,MAAM,EAAE,kBAAkB,CAAA;KAAE,CAAC;CAItF;AAED,yEAAyE;AACzE,qBAAa,sBAAuB,SAAQ,KAAK;aACnB,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE;QAAE,MAAM,EAAE,iBAAiB,CAAA;KAAE,CAAC;gBAAxD,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE;QAAE,MAAM,EAAE,iBAAiB,CAAA;KAAE,CAAC;CAIrF"}