npm - agentpay-mcp - Versions diffs - 4.1.10 → 4.1.16 - Mend

agentpay-mcp 4.1.10 → 4.1.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/dist/utils/wallet-action-preflight-profile.js ADDED Viewed

@@ -0,0 +1,151 @@
+"use strict";
+/**
+ * Wallet-action MCP preflight helpers.
+ *
+ * Wallet-action MCP servers can expose transfers, swaps, energy buys, and other
+ * irreversible actions. Buyer agents should require simulation, spend caps,
+ * resource caps, allowlists, and approval copy before any signature is made.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.evaluateWalletActionPreflight = evaluateWalletActionPreflight;
+exports.buildTronWalletActionPreflightExample = buildTronWalletActionPreflightExample;
+function parseAmount(value) {
+    const cleaned = value.replace(/,/g, '').trim();
+    const parsed = Number(cleaned);
+    return Number.isFinite(parsed) ? parsed : Number.NaN;
+}
+function includesCaseInsensitive(values, value) {
+    return values.map((entry) => entry.toLowerCase()).includes(value.toLowerCase());
+}
+function requireText(value, label, failures) {
+    if (!value || !value.trim())
+        failures.push(`${label} is required.`);
+}
+function evaluateWalletActionPreflight(profile) {
+    const failures = [];
+    const warnings = [];
+    if (profile.schema !== 'agentpay-wallet-action-preflight/v1')
+        failures.push('schema must be agentpay-wallet-action-preflight/v1.');
+    requireText(profile.source.name, 'source.name', failures);
+    requireText(profile.source.observedAt, 'source.observedAt', failures);
+    requireText(profile.action.asset, 'action.asset', failures);
+    requireText(profile.action.amount, 'action.amount', failures);
+    requireText(profile.action.recipient, 'action.recipient', failures);
+    requireText(profile.simulation.expectedOutcome, 'simulation.expectedOutcome', failures);
+    requireText(profile.approvalCopy.title, 'approvalCopy.title', failures);
+    requireText(profile.approvalCopy.summary, 'approvalCopy.summary', failures);
+    requireText(profile.approvalCopy.irreversibleWarning, 'approvalCopy.irreversibleWarning', failures);
+    if (!profile.simulation.required)
+        failures.push('simulation.required must be true.');
+    if (profile.simulation.status !== 'passed')
+        failures.push(`simulation status ${profile.simulation.status} is not passed.`);
+    if (profile.action.irreversible !== true)
+        failures.push('wallet-action preflight applies to irreversible actions and must declare irreversible=true.');
+    const actionAmount = parseAmount(profile.action.amount);
+    const perActionCap = parseAmount(profile.policy.perActionSpendCap);
+    const networkFee = parseAmount(profile.simulation.resourceEstimate.maxNetworkFee);
+    const maxNetworkFee = parseAmount(profile.policy.resourceCaps.maxNetworkFee);
+    if (Number.isNaN(actionAmount))
+        failures.push('action.amount must be numeric.');
+    if (Number.isNaN(perActionCap))
+        failures.push('policy.perActionSpendCap must be numeric.');
+    if (!Number.isNaN(actionAmount) && !Number.isNaN(perActionCap) && actionAmount > perActionCap) {
+        failures.push(`action amount ${profile.action.amount} exceeds per-action cap ${profile.policy.perActionSpendCap}.`);
+    }
+    if (Number.isNaN(networkFee))
+        failures.push('simulation.resourceEstimate.maxNetworkFee must be numeric.');
+    if (Number.isNaN(maxNetworkFee))
+        failures.push('policy.resourceCaps.maxNetworkFee must be numeric.');
+    if (!Number.isNaN(networkFee) && !Number.isNaN(maxNetworkFee) && networkFee > maxNetworkFee) {
+        failures.push(`network fee ${profile.simulation.resourceEstimate.maxNetworkFee} exceeds cap ${profile.policy.resourceCaps.maxNetworkFee}.`);
+    }
+    if (profile.policy.resourceCaps.maxEnergy !== undefined && profile.simulation.resourceEstimate.energy !== undefined && profile.simulation.resourceEstimate.energy > profile.policy.resourceCaps.maxEnergy) {
+        failures.push(`energy ${profile.simulation.resourceEstimate.energy} exceeds cap ${profile.policy.resourceCaps.maxEnergy}.`);
+    }
+    if (profile.policy.resourceCaps.maxBandwidth !== undefined && profile.simulation.resourceEstimate.bandwidth !== undefined && profile.simulation.resourceEstimate.bandwidth > profile.policy.resourceCaps.maxBandwidth) {
+        failures.push(`bandwidth ${profile.simulation.resourceEstimate.bandwidth} exceeds cap ${profile.policy.resourceCaps.maxBandwidth}.`);
+    }
+    if (!includesCaseInsensitive(profile.policy.allowedAssets, profile.action.asset)) {
+        failures.push(`asset ${profile.action.asset} is not allowlisted.`);
+    }
+    if (!includesCaseInsensitive(profile.policy.allowedRecipients, profile.action.recipient)) {
+        failures.push(`recipient ${profile.action.recipient} is not allowlisted.`);
+    }
+    if (profile.approvalCopy.lineItems.length < 4) {
+        failures.push('approvalCopy.lineItems must include recipient, amount, simulation, and resource-cost lines.');
+    }
+    if (!profile.policy.requireHumanApproval) {
+        warnings.push('Human approval is disabled. Irreversible wallet actions should normally require approval copy review.');
+    }
+    const approvalPrompt = [
+        profile.approvalCopy.title,
+        profile.approvalCopy.summary,
+        ...profile.approvalCopy.lineItems.map((item) => `- ${item}`),
+        profile.approvalCopy.irreversibleWarning,
+    ].join('\n');
+    const ok = failures.length === 0;
+    return {
+        ok,
+        decision: ok ? 'allow' : 'deny',
+        failures,
+        warnings,
+        approvalPrompt,
+    };
+}
+function buildTronWalletActionPreflightExample() {
+    return {
+        schema: 'agentpay-wallet-action-preflight/v1',
+        source: {
+            name: 'merx-mcp market signal',
+            repo: 'nicosmall503/merx-mcp',
+            evidenceUrl: 'https://github.com/nicosmall503/merx-mcp',
+            observedAt: '2026-05-05T01:10:00.000Z',
+        },
+        action: {
+            kind: 'resource_purchase',
+            chainNamespace: 'tvm',
+            chainId: 'tron-mainnet',
+            asset: 'TRX',
+            amount: '12.5',
+            recipient: 'TAllowlistedRecipient111111111111111111111',
+            nonce: 'simulation-required-before-nonce-lock',
+            irreversible: true,
+        },
+        simulation: {
+            required: true,
+            status: 'passed',
+            simulationId: 'merx-style-tron-resource-sim-2026-05-05',
+            expectedOutcome: 'Buy bandwidth or energy for one allowlisted wallet action without transferring custody.',
+            resourceEstimate: {
+                feeAsset: 'TRX',
+                maxNetworkFee: '1.0',
+                energy: 25000,
+                bandwidth: 600,
+            },
+        },
+        policy: {
+            perActionSpendCap: '25',
+            dailyChainSpendCap: '100',
+            allowedRecipients: ['TAllowlistedRecipient111111111111111111111'],
+            allowedAssets: ['TRX', 'USDT', 'USDC', 'USDD'],
+            resourceCaps: {
+                maxNetworkFee: '2.5',
+                maxEnergy: 50000,
+                maxBandwidth: 1000,
+            },
+            requireHumanApproval: true,
+        },
+        approvalCopy: {
+            title: 'Approve TRON wallet resource purchase?',
+            summary: 'AgentPay detected an irreversible wallet-action request. Simulation passed and policy caps are satisfied.',
+            lineItems: [
+                'Recipient: TAllowlistedRecipient111111111111111111111',
+                'Amount: 12.5 TRX, cap 25 TRX per action',
+                'Simulation: merx-style-tron-resource-sim-2026-05-05 passed',
+                'Resource cost: max 1.0 TRX network fee, 25,000 energy, 600 bandwidth',
+            ],
+            irreversibleWarning: 'Signing will authorize an irreversible TRON resource purchase. Decline if recipient, amount, or resource estimate differs from the intended task.',
+        },
+    };
+}
+//# sourceMappingURL=wallet-action-preflight-profile.js.map

package/dist/utils/wallet-action-preflight-profile.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wallet-action-preflight-profile.js","sourceRoot":"","sources":["../../src/utils/wallet-action-preflight-profile.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AA+EH,sEA2EC;AAED,sFAuDC;AAlJD,SAAS,WAAW,CAAC,KAAa;IAChC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/B,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;AACvD,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAgB,EAAE,KAAa;IAC9D,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,WAAW,CAAC,KAAa,EAAE,KAAa,EAAE,QAAkB;IACnE,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QAAE,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,eAAe,CAAC,CAAC;AACtE,CAAC;AAED,SAAgB,6BAA6B,CAAC,OAAqC;IACjF,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,OAAO,CAAC,MAAM,KAAK,qCAAqC;QAAE,QAAQ,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IACnI,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC;IAC1D,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,mBAAmB,EAAE,QAAQ,CAAC,CAAC;IACtE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;IAC5D,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;IAC9D,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,kBAAkB,EAAE,QAAQ,CAAC,CAAC;IACpE,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,eAAe,EAAE,4BAA4B,EAAE,QAAQ,CAAC,CAAC;IACxF,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,oBAAoB,EAAE,QAAQ,CAAC,CAAC;IACxE,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,EAAE,sBAAsB,EAAE,QAAQ,CAAC,CAAC;IAC5E,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,mBAAmB,EAAE,kCAAkC,EAAE,QAAQ,CAAC,CAAC;IAEpG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ;QAAE,QAAQ,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;IACrF,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,KAAK,QAAQ;QAAE,QAAQ,CAAC,IAAI,CAAC,qBAAqB,OAAO,CAAC,UAAU,CAAC,MAAM,iBAAiB,CAAC,CAAC;IAC3H,IAAI,OAAO,CAAC,MAAM,CAAC,YAAY,KAAK,IAAI;QAAE,QAAQ,CAAC,IAAI,CAAC,6FAA6F,CAAC,CAAC;IAEvJ,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAClF,MAAM,aAAa,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;IAE7E,IAAI,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC;QAAE,QAAQ,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAChF,IAAI,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC;QAAE,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC3F,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,YAAY,GAAG,YAAY,EAAE,CAAC;QAC9F,QAAQ,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,MAAM,CAAC,MAAM,2BAA2B,OAAO,CAAC,MAAM,CAAC,iBAAiB,GAAG,CAAC,CAAC;IACtH,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;QAAE,QAAQ,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;IAC1G,IAAI,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC;QAAE,QAAQ,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IACrG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,UAAU,GAAG,aAAa,EAAE,CAAC;QAC5F,QAAQ,CAAC,IAAI,CAAC,eAAe,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,aAAa,gBAAgB,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,aAAa,GAAG,CAAC,CAAC;IAC9I,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,MAAM,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;QAC1M,QAAQ,CAAC,IAAI,CAAC,UAAU,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,MAAM,gBAAgB,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS,GAAG,CAAC,CAAC;IAC9H,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,YAAY,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC;QACtN,QAAQ,CAAC,IAAI,CAAC,aAAa,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,SAAS,gBAAgB,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,YAAY,GAAG,CAAC,CAAC;IACvI,CAAC;IAED,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACjF,QAAQ,CAAC,IAAI,CAAC,SAAS,OAAO,CAAC,MAAM,CAAC,KAAK,sBAAsB,CAAC,CAAC;IACrE,CAAC;IAED,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QACzF,QAAQ,CAAC,IAAI,CAAC,aAAa,OAAO,CAAC,MAAM,CAAC,SAAS,sBAAsB,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC,6FAA6F,CAAC,CAAC;IAC/G,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;QACzC,QAAQ,CAAC,IAAI,CAAC,uGAAuG,CAAC,CAAC;IACzH,CAAC;IAED,MAAM,cAAc,GAAG;QACrB,OAAO,CAAC,YAAY,CAAC,KAAK;QAC1B,OAAO,CAAC,YAAY,CAAC,OAAO;QAC5B,GAAG,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5D,OAAO,CAAC,YAAY,CAAC,mBAAmB;KACzC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC;IACjC,OAAO;QACL,EAAE;QACF,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;QAC/B,QAAQ;QACR,QAAQ;QACR,cAAc;KACf,CAAC;AACJ,CAAC;AAED,SAAgB,qCAAqC;IACnD,OAAO;QACL,MAAM,EAAE,qCAAqC;QAC7C,MAAM,EAAE;YACN,IAAI,EAAE,wBAAwB;YAC9B,IAAI,EAAE,uBAAuB;YAC7B,WAAW,EAAE,0CAA0C;YACvD,UAAU,EAAE,0BAA0B;SACvC;QACD,MAAM,EAAE;YACN,IAAI,EAAE,mBAAmB;YACzB,cAAc,EAAE,KAAK;YACrB,OAAO,EAAE,cAAc;YACvB,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,4CAA4C;YACvD,KAAK,EAAE,uCAAuC;YAC9C,YAAY,EAAE,IAAI;SACnB;QACD,UAAU,EAAE;YACV,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,QAAQ;YAChB,YAAY,EAAE,yCAAyC;YACvD,eAAe,EAAE,yFAAyF;YAC1G,gBAAgB,EAAE;gBAChB,QAAQ,EAAE,KAAK;gBACf,aAAa,EAAE,KAAK;gBACpB,MAAM,EAAE,KAAK;gBACb,SAAS,EAAE,GAAG;aACf;SACF;QACD,MAAM,EAAE;YACN,iBAAiB,EAAE,IAAI;YACvB,kBAAkB,EAAE,KAAK;YACzB,iBAAiB,EAAE,CAAC,4CAA4C,CAAC;YACjE,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC9C,YAAY,EAAE;gBACZ,aAAa,EAAE,KAAK;gBACpB,SAAS,EAAE,KAAK;gBAChB,YAAY,EAAE,IAAI;aACnB;YACD,oBAAoB,EAAE,IAAI;SAC3B;QACD,YAAY,EAAE;YACZ,KAAK,EAAE,wCAAwC;YAC/C,OAAO,EAAE,2GAA2G;YACpH,SAAS,EAAE;gBACT,uDAAuD;gBACvD,yCAAyC;gBACzC,4DAA4D;gBAC5D,sEAAsE;aACvE;YACD,mBAAmB,EAAE,mJAAmJ;SACzK;KACF,CAAC;AACJ,CAAC"}

package/dist/utils/x402-chain-neutral-gateway-profile.d.ts ADDED Viewed

@@ -0,0 +1,66 @@
+/**
+ * Chain-neutral x402 gateway profile helpers.
+ *
+ * Paid MCP discovery is moving from one Base endpoint to profile documents that
+ * describe every supported payment rail, settlement/facilitator boundary,
+ * trial/refund policy, and directory manifest path. These helpers validate that
+ * profile shape without assuming every x402 payment rail is EVM-compatible.
+ */
+export type X402NetworkNamespace = 'eip155' | 'solana' | 'tvm' | 'ton' | 'other';
+export type X402NetworkDescriptor = {
+    network: string;
+    name: string;
+    gateway: string;
+    namespace?: X402NetworkNamespace;
+    settlementAsset?: string;
+    settlementChainId?: number | string;
+    notes?: string;
+};
+export type X402TrialPolicy = {
+    enabled: boolean;
+    calls?: number;
+    description: string;
+};
+export type X402RefundPolicy = {
+    supported: boolean;
+    mode: 'automatic' | 'manual' | 'none';
+    description: string;
+};
+export type X402DirectoryManifests = {
+    wellKnownX402: string;
+    glama?: string;
+    smithery?: string;
+    mcpCatalog?: string;
+    openapi?: string;
+    llmsTxt?: string;
+};
+export type X402ChainNeutralGatewayProfile = {
+    serviceName: string;
+    x402Version: number | string;
+    paymentHeader: 'Payment-Signature';
+    receiptHeader: 'payment-response';
+    networks: X402NetworkDescriptor[];
+    facilitator?: string;
+    settlement: {
+        custody: 'non-custodial' | 'facilitator' | 'managed' | 'unknown';
+        description: string;
+    };
+    trial: X402TrialPolicy;
+    refund: X402RefundPolicy;
+    manifests: X402DirectoryManifests;
+};
+export type X402ChainNeutralGatewayProfileReport = {
+    serviceName: string;
+    networkNamespaces: X402NetworkNamespace[];
+    hasEvmNetwork: boolean;
+    hasNonEvmNetwork: boolean;
+    hasDirectoryManifests: boolean;
+    hasExplicitTrialPolicy: boolean;
+    hasExplicitRefundPolicy: boolean;
+    hasSettlementMetadata: boolean;
+    issues: string[];
+};
+export declare function inferX402NetworkNamespace(network: string): X402NetworkNamespace;
+export declare function validateX402ChainNeutralGatewayProfile(profile: X402ChainNeutralGatewayProfile): X402ChainNeutralGatewayProfileReport;
+export declare function buildAgentPayChainNeutralGatewayProfile(): X402ChainNeutralGatewayProfile;
+//# sourceMappingURL=x402-chain-neutral-gateway-profile.d.ts.map

package/dist/utils/x402-chain-neutral-gateway-profile.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"x402-chain-neutral-gateway-profile.d.ts","sourceRoot":"","sources":["../../src/utils/x402-chain-neutral-gateway-profile.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,MAAM,oBAAoB,GAAG,QAAQ,GAAG,QAAQ,GAAG,KAAK,GAAG,KAAK,GAAG,OAAO,CAAC;AAEjF,MAAM,MAAM,qBAAqB,GAAG;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,oBAAoB,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACpC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,OAAO,CAAC;IACnB,IAAI,EAAE,WAAW,GAAG,QAAQ,GAAG,MAAM,CAAC;IACtC,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,8BAA8B,GAAG;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,aAAa,EAAE,mBAAmB,CAAC;IACnC,aAAa,EAAE,kBAAkB,CAAC;IAClC,QAAQ,EAAE,qBAAqB,EAAE,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE;QACV,OAAO,EAAE,eAAe,GAAG,aAAa,GAAG,SAAS,GAAG,SAAS,CAAC;QACjE,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,KAAK,EAAE,eAAe,CAAC;IACvB,MAAM,EAAE,gBAAgB,CAAC;IACzB,SAAS,EAAE,sBAAsB,CAAC;CACnC,CAAC;AAEF,MAAM,MAAM,oCAAoC,GAAG;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,oBAAoB,EAAE,CAAC;IAC1C,aAAa,EAAE,OAAO,CAAC;IACvB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,sBAAsB,EAAE,OAAO,CAAC;IAChC,uBAAuB,EAAE,OAAO,CAAC;IACjC,qBAAqB,EAAE,OAAO,CAAC;IAC/B,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB,CAAC;AAIF,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,oBAAoB,CAS/E;AAcD,wBAAgB,sCAAsC,CACpD,OAAO,EAAE,8BAA8B,GACtC,oCAAoC,CAmDtC;AAED,wBAAgB,uCAAuC,IAAI,8BAA8B,CA6CxF"}

package/dist/utils/x402-chain-neutral-gateway-profile.js ADDED Viewed

@@ -0,0 +1,145 @@
+"use strict";
+/**
+ * Chain-neutral x402 gateway profile helpers.
+ *
+ * Paid MCP discovery is moving from one Base endpoint to profile documents that
+ * describe every supported payment rail, settlement/facilitator boundary,
+ * trial/refund policy, and directory manifest path. These helpers validate that
+ * profile shape without assuming every x402 payment rail is EVM-compatible.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.inferX402NetworkNamespace = inferX402NetworkNamespace;
+exports.validateX402ChainNeutralGatewayProfile = validateX402ChainNeutralGatewayProfile;
+exports.buildAgentPayChainNeutralGatewayProfile = buildAgentPayChainNeutralGatewayProfile;
+const CAIP2_PREFIX_RE = /^([a-z0-9-]+):(.+)$/i;
+function inferX402NetworkNamespace(network) {
+    const match = network.match(CAIP2_PREFIX_RE);
+    if (!match)
+        return 'other';
+    const namespace = match[1].toLowerCase();
+    if (namespace === 'eip155')
+        return 'eip155';
+    if (namespace === 'solana')
+        return 'solana';
+    if (namespace === 'tvm')
+        return 'tvm';
+    if (namespace === 'ton')
+        return 'ton';
+    return 'other';
+}
+function isHttpsUrl(value) {
+    try {
+        return new URL(value).protocol === 'https:';
+    }
+    catch {
+        return false;
+    }
+}
+function unique(values) {
+    return Array.from(new Set(values));
+}
+function validateX402ChainNeutralGatewayProfile(profile) {
+    const issues = [];
+    const namespaces = unique(profile.networks.map((network) => network.namespace ?? inferX402NetworkNamespace(network.network)));
+    const hasEvmNetwork = namespaces.includes('eip155');
+    const hasNonEvmNetwork = namespaces.some((namespace) => namespace !== 'eip155');
+    if (!profile.serviceName.trim())
+        issues.push('serviceName is required');
+    if (profile.paymentHeader !== 'Payment-Signature')
+        issues.push('paymentHeader must be Payment-Signature');
+    if (profile.receiptHeader !== 'payment-response')
+        issues.push('receiptHeader must be payment-response');
+    if (profile.networks.length === 0)
+        issues.push('at least one supported network descriptor is required');
+    for (const [index, network] of profile.networks.entries()) {
+        const namespace = network.namespace ?? inferX402NetworkNamespace(network.network);
+        if (!network.name.trim())
+            issues.push(`networks[${index}].name is required`);
+        if (namespace === 'other')
+            issues.push(`networks[${index}].network should use a known CAIP-2 namespace`);
+        if (!isHttpsUrl(network.gateway))
+            issues.push(`networks[${index}].gateway must be an https URL`);
+    }
+    const manifestUrls = [
+        profile.manifests.wellKnownX402,
+        profile.manifests.glama,
+        profile.manifests.smithery,
+        profile.manifests.mcpCatalog,
+        profile.manifests.openapi,
+        profile.manifests.llmsTxt,
+    ].filter((value) => Boolean(value));
+    if (!isHttpsUrl(profile.manifests.wellKnownX402))
+        issues.push('manifests.wellKnownX402 must be an https URL');
+    if (manifestUrls.some((url) => !isHttpsUrl(url)))
+        issues.push('all directory manifest URLs must use https');
+    const hasDirectoryManifests = Boolean(profile.manifests.wellKnownX402 && (profile.manifests.glama || profile.manifests.smithery || profile.manifests.mcpCatalog));
+    const hasExplicitTrialPolicy = typeof profile.trial.enabled === 'boolean' && Boolean(profile.trial.description.trim());
+    const hasExplicitRefundPolicy = typeof profile.refund.supported === 'boolean' && Boolean(profile.refund.description.trim()) && profile.refund.mode !== undefined;
+    const hasSettlementMetadata = Boolean(profile.settlement.description.trim()) && Boolean(profile.facilitator || profile.settlement.custody === 'non-custodial');
+    if (!hasDirectoryManifests)
+        issues.push('profile must include .well-known/x402 plus Glama, Smithery, or MCP catalog metadata');
+    if (!hasExplicitTrialPolicy)
+        issues.push('trial policy must be explicit, including no-trial cases');
+    if (!hasExplicitRefundPolicy)
+        issues.push('refund policy must be explicit, including no-refund cases');
+    if (!hasSettlementMetadata)
+        issues.push('settlement metadata must identify custody or facilitator boundary');
+    return {
+        serviceName: profile.serviceName,
+        networkNamespaces: namespaces,
+        hasEvmNetwork,
+        hasNonEvmNetwork,
+        hasDirectoryManifests,
+        hasExplicitTrialPolicy,
+        hasExplicitRefundPolicy,
+        hasSettlementMetadata,
+        issues,
+    };
+}
+function buildAgentPayChainNeutralGatewayProfile() {
+    return {
+        serviceName: 'AgentPay MCP',
+        x402Version: '2.11-compatible',
+        paymentHeader: 'Payment-Signature',
+        receiptHeader: 'payment-response',
+        networks: [
+            {
+                network: 'eip155:8453',
+                name: 'Base mainnet',
+                gateway: 'https://www.npmjs.com/package/agentpay-mcp',
+                namespace: 'eip155',
+                settlementAsset: 'USDC',
+                settlementChainId: 8453,
+                notes: 'Current production x402 signing path for AgentPay MCP.',
+            },
+            {
+                network: 'solana:extension-point',
+                name: 'Solana extension point',
+                gateway: 'https://github.com/up2itnow0822/agentpay-mcp/blob/main/docs/x402-chain-neutral-gateway-profile.md',
+                namespace: 'solana',
+                notes: 'Documented as fail-closed until Solana signing, asset, facilitator, receipt, and refund semantics are deliberately implemented.',
+            },
+        ],
+        settlement: {
+            custody: 'non-custodial',
+            description: 'AgentPay signs only after local policy approval. New non-EVM rails must preserve non-custodial signing and audit rows before support is advertised.',
+        },
+        trial: {
+            enabled: false,
+            description: 'AgentPay does not advertise free trials. Buyers should set explicit per-call and daily caps before signing.',
+        },
+        refund: {
+            supported: false,
+            mode: 'none',
+            description: 'AgentPay treats refunds as provider-specific settlement events that must be captured in receipts before buyer agents rely on them.',
+        },
+        manifests: {
+            wellKnownX402: 'https://github.com/up2itnow0822/agentpay-mcp/blob/main/docs/x402-chain-neutral-gateway-profile.md',
+            glama: 'https://glama.ai/mcp/servers/up2itnow0822/claw-pay-mcp',
+            smithery: 'https://github.com/up2itnow0822/agentpay-mcp/blob/main/smithery.yaml',
+            mcpCatalog: 'https://github.com/up2itnow0822/agentpay-mcp/blob/main/docs/mcp-registry-listing.json',
+            llmsTxt: 'https://github.com/up2itnow0822/agentpay-mcp/blob/main/llms.txt',
+        },
+    };
+}
+//# sourceMappingURL=x402-chain-neutral-gateway-profile.js.map

package/dist/utils/x402-chain-neutral-gateway-profile.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"x402-chain-neutral-gateway-profile.js","sourceRoot":"","sources":["../../src/utils/x402-chain-neutral-gateway-profile.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAiEH,8DASC;AAcD,wFAqDC;AAED,0FA6CC;AA7HD,MAAM,eAAe,GAAG,sBAAsB,CAAC;AAE/C,SAAgB,yBAAyB,CAAC,OAAe;IACvD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,OAAO,CAAC;IAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACzC,IAAI,SAAS,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC5C,IAAI,SAAS,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC5C,IAAI,SAAS,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IACtC,IAAI,SAAS,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,MAAM,CAAI,MAAW;IAC5B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,sCAAsC,CACpD,OAAuC;IAEvC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,IAAI,yBAAyB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC9H,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACpD,MAAM,gBAAgB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC;IAEhF,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE;QAAE,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACxE,IAAI,OAAO,CAAC,aAAa,KAAK,mBAAmB;QAAE,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;IAC1G,IAAI,OAAO,CAAC,aAAa,KAAK,kBAAkB;QAAE,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACxG,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;IAExG,KAAK,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,yBAAyB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE;YAAE,MAAM,CAAC,IAAI,CAAC,YAAY,KAAK,oBAAoB,CAAC,CAAC;QAC7E,IAAI,SAAS,KAAK,OAAO;YAAE,MAAM,CAAC,IAAI,CAAC,YAAY,KAAK,+CAA+C,CAAC,CAAC;QACzG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,YAAY,KAAK,gCAAgC,CAAC,CAAC;IACnG,CAAC;IAED,MAAM,YAAY,GAAG;QACnB,OAAO,CAAC,SAAS,CAAC,aAAa;QAC/B,OAAO,CAAC,SAAS,CAAC,KAAK;QACvB,OAAO,CAAC,SAAS,CAAC,QAAQ;QAC1B,OAAO,CAAC,SAAS,CAAC,UAAU;QAC5B,OAAO,CAAC,SAAS,CAAC,OAAO;QACzB,OAAO,CAAC,SAAS,CAAC,OAAO;KAC1B,CAAC,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;IAErD,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,aAAa,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IAC9G,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;IAE5G,MAAM,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,aAAa,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,IAAI,OAAO,CAAC,SAAS,CAAC,QAAQ,IAAI,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC;IAClK,MAAM,sBAAsB,GAAG,OAAO,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;IACvH,MAAM,uBAAuB,GAAG,OAAO,OAAO,CAAC,MAAM,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC;IACjK,MAAM,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,eAAe,CAAC,CAAC;IAE/J,IAAI,CAAC,qBAAqB;QAAE,MAAM,CAAC,IAAI,CAAC,qFAAqF,CAAC,CAAC;IAC/H,IAAI,CAAC,sBAAsB;QAAE,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;IACpG,IAAI,CAAC,uBAAuB;QAAE,MAAM,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;IACvG,IAAI,CAAC,qBAAqB;QAAE,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IAE7G,OAAO;QACL,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,iBAAiB,EAAE,UAAU;QAC7B,aAAa;QACb,gBAAgB;QAChB,qBAAqB;QACrB,sBAAsB;QACtB,uBAAuB;QACvB,qBAAqB;QACrB,MAAM;KACP,CAAC;AACJ,CAAC;AAED,SAAgB,uCAAuC;IACrD,OAAO;QACL,WAAW,EAAE,cAAc;QAC3B,WAAW,EAAE,iBAAiB;QAC9B,aAAa,EAAE,mBAAmB;QAClC,aAAa,EAAE,kBAAkB;QACjC,QAAQ,EAAE;YACR;gBACE,OAAO,EAAE,aAAa;gBACtB,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,4CAA4C;gBACrD,SAAS,EAAE,QAAQ;gBACnB,eAAe,EAAE,MAAM;gBACvB,iBAAiB,EAAE,IAAI;gBACvB,KAAK,EAAE,wDAAwD;aAChE;YACD;gBACE,OAAO,EAAE,wBAAwB;gBACjC,IAAI,EAAE,wBAAwB;gBAC9B,OAAO,EAAE,mGAAmG;gBAC5G,SAAS,EAAE,QAAQ;gBACnB,KAAK,EAAE,iIAAiI;aACzI;SACF;QACD,UAAU,EAAE;YACV,OAAO,EAAE,eAAe;YACxB,WAAW,EAAE,qJAAqJ;SACnK;QACD,KAAK,EAAE;YACL,OAAO,EAAE,KAAK;YACd,WAAW,EAAE,6GAA6G;SAC3H;QACD,MAAM,EAAE;YACN,SAAS,EAAE,KAAK;YAChB,IAAI,EAAE,MAAM;YACZ,WAAW,EAAE,oIAAoI;SAClJ;QACD,SAAS,EAAE;YACT,aAAa,EAAE,mGAAmG;YAClH,KAAK,EAAE,wDAAwD;YAC/D,QAAQ,EAAE,sEAAsE;YAChF,UAAU,EAAE,uFAAuF;YACnG,OAAO,EAAE,iEAAiE;SAC3E;KACF,CAAC;AACJ,CAAC"}

package/dist/utils/x402-dynamic-paid-mcp-manifest-drift.d.ts ADDED Viewed

@@ -0,0 +1,82 @@
+/**
+ * Dynamic paid MCP manifest drift helpers.
+ *
+ * Paid MCP gateways can change discovery metadata during launch week without a
+ * package version bump. Buyers need to validate the live .well-known/x402
+ * snapshot before routing, not trust a launch article or stale directory card.
+ */
+export type DriftSeverity = 'info' | 'warning' | 'critical';
+export type DriftFinding = {
+    severity: DriftSeverity;
+    field: string;
+    message: string;
+};
+export type PaidMcpNetworkDescriptor = {
+    network: string;
+    name: string;
+    gateway: string;
+};
+export type PaidMcpTrialPolicySnapshot = {
+    enabled: boolean;
+    description: string;
+};
+export type PaidMcpPricingSnapshot = {
+    endpointCount: number;
+    endpointsWithPrice: number;
+    endpointsWithPriceAtomic: number;
+    minimumPriceUsd?: string;
+    distinctPrices: string[];
+};
+export type PaidMcpDirectorySnapshot = {
+    wellKnownX402: string;
+    openapi?: string;
+    documentation?: string;
+    mcpCatalog?: string;
+    frameworks: Record<string, string>;
+};
+export type DynamicPaidMcpManifestSnapshot = {
+    snapshotId: string;
+    sourceUrl: string;
+    capturedAt: string;
+    commitSha?: string;
+    x402Version: number | string;
+    organization: string;
+    primaryNetwork: string;
+    supportedNetworks: PaidMcpNetworkDescriptor[];
+    facilitator?: string;
+    hasPayTo: boolean;
+    capabilities: string[];
+    mcp: {
+        totalTools: number;
+        totalServices?: number;
+        protocol?: string;
+        catalog?: string;
+    };
+    trial: PaidMcpTrialPolicySnapshot;
+    pricing: PaidMcpPricingSnapshot;
+    directories: PaidMcpDirectorySnapshot;
+};
+export type DynamicPaidMcpManifestValidationOptions = {
+    now?: Date;
+    maxSnapshotAgeHours?: number;
+};
+export type DynamicPaidMcpManifestValidationReport = {
+    snapshotId: string;
+    ageHours: number;
+    stale: boolean;
+    hasSupportedNetworks: boolean;
+    hasPricingClarity: boolean;
+    hasTrialPolicyClarity: boolean;
+    hasDirectoryEndpointFreshness: boolean;
+    findings: DriftFinding[];
+};
+export type DynamicPaidMcpManifestDriftReport = {
+    fromSnapshotId: string;
+    toSnapshotId: string;
+    changedFields: string[];
+    findings: DriftFinding[];
+};
+export declare function validateDynamicPaidMcpManifestSnapshot(snapshot: DynamicPaidMcpManifestSnapshot, options?: DynamicPaidMcpManifestValidationOptions): DynamicPaidMcpManifestValidationReport;
+export declare function compareDynamicPaidMcpManifestSnapshots(before: DynamicPaidMcpManifestSnapshot, after: DynamicPaidMcpManifestSnapshot): DynamicPaidMcpManifestDriftReport;
+export declare function assertNoStaticPaidMcpManifestAssumptions(baseline: DynamicPaidMcpManifestSnapshot, latest: DynamicPaidMcpManifestSnapshot): DynamicPaidMcpManifestDriftReport;
+//# sourceMappingURL=x402-dynamic-paid-mcp-manifest-drift.d.ts.map

package/dist/utils/x402-dynamic-paid-mcp-manifest-drift.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"x402-dynamic-paid-mcp-manifest-drift.d.ts","sourceRoot":"","sources":["../../src/utils/x402-dynamic-paid-mcp-manifest-drift.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;AAE5D,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,EAAE,aAAa,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,wBAAwB,EAAE,MAAM,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACpC,CAAC;AAEF,MAAM,MAAM,8BAA8B,GAAG;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,wBAAwB,EAAE,CAAC;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,OAAO,CAAC;IAClB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,GAAG,EAAE;QACH,UAAU,EAAE,MAAM,CAAC;QACnB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,KAAK,EAAE,0BAA0B,CAAC;IAClC,OAAO,EAAE,sBAAsB,CAAC;IAChC,WAAW,EAAE,wBAAwB,CAAC;CACvC,CAAC;AAEF,MAAM,MAAM,uCAAuC,GAAG;IACpD,GAAG,CAAC,EAAE,IAAI,CAAC;IACX,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,sCAAsC,GAAG;IACnD,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,OAAO,CAAC;IACf,oBAAoB,EAAE,OAAO,CAAC;IAC9B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,6BAA6B,EAAE,OAAO,CAAC;IACvC,QAAQ,EAAE,YAAY,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAAG;IAC9C,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,QAAQ,EAAE,YAAY,EAAE,CAAC;CAC1B,CAAC;AAqBF,wBAAgB,sCAAsC,CACpD,QAAQ,EAAE,8BAA8B,EACxC,OAAO,GAAE,uCAA4C,GACpD,sCAAsC,CAqFxC;AAQD,wBAAgB,sCAAsC,CACpD,MAAM,EAAE,8BAA8B,EACtC,KAAK,EAAE,8BAA8B,GACpC,iCAAiC,CAmCnC;AAED,wBAAgB,wCAAwC,CACtD,QAAQ,EAAE,8BAA8B,EACxC,MAAM,EAAE,8BAA8B,GACrC,iCAAiC,CAOnC"}

package/dist/utils/x402-dynamic-paid-mcp-manifest-drift.js ADDED Viewed

@@ -0,0 +1,158 @@
+"use strict";
+/**
+ * Dynamic paid MCP manifest drift helpers.
+ *
+ * Paid MCP gateways can change discovery metadata during launch week without a
+ * package version bump. Buyers need to validate the live .well-known/x402
+ * snapshot before routing, not trust a launch article or stale directory card.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateDynamicPaidMcpManifestSnapshot = validateDynamicPaidMcpManifestSnapshot;
+exports.compareDynamicPaidMcpManifestSnapshots = compareDynamicPaidMcpManifestSnapshots;
+exports.assertNoStaticPaidMcpManifestAssumptions = assertNoStaticPaidMcpManifestAssumptions;
+const DEFAULT_MAX_SNAPSHOT_AGE_HOURS = 24;
+function isHttpsUrl(value) {
+    if (!value)
+        return false;
+    try {
+        return new URL(value).protocol === 'https:';
+    }
+    catch {
+        return false;
+    }
+}
+function hoursBetween(later, earlier) {
+    return Math.max(0, (later.getTime() - earlier.getTime()) / (1000 * 60 * 60));
+}
+function pushFinding(findings, severity, field, message) {
+    findings.push({ severity, field, message });
+}
+function validateDynamicPaidMcpManifestSnapshot(snapshot, options = {}) {
+    const findings = [];
+    const now = options.now ?? new Date();
+    const maxSnapshotAgeHours = options.maxSnapshotAgeHours ?? DEFAULT_MAX_SNAPSHOT_AGE_HOURS;
+    const capturedAt = new Date(snapshot.capturedAt);
+    const ageHours = Number.isFinite(capturedAt.getTime()) ? hoursBetween(now, capturedAt) : Number.POSITIVE_INFINITY;
+    const stale = ageHours > maxSnapshotAgeHours;
+    if (!snapshot.snapshotId.trim())
+        pushFinding(findings, 'critical', 'snapshotId', 'snapshotId is required');
+    if (!isHttpsUrl(snapshot.sourceUrl))
+        pushFinding(findings, 'critical', 'sourceUrl', 'sourceUrl must be an https URL');
+    if (!Number.isFinite(capturedAt.getTime()))
+        pushFinding(findings, 'critical', 'capturedAt', 'capturedAt must be an ISO timestamp');
+    if (stale)
+        pushFinding(findings, 'warning', 'capturedAt', `snapshot is older than ${maxSnapshotAgeHours} hours; refresh before buyer routing`);
+    if (!snapshot.organization.trim())
+        pushFinding(findings, 'critical', 'organization', 'organization is required');
+    if (!snapshot.primaryNetwork.trim())
+        pushFinding(findings, 'critical', 'primaryNetwork', 'primaryNetwork is required');
+    const hasSupportedNetworks = snapshot.supportedNetworks.length > 0;
+    if (!hasSupportedNetworks)
+        pushFinding(findings, 'critical', 'supportedNetworks', 'at least one supported network descriptor is required');
+    for (const [index, network] of snapshot.supportedNetworks.entries()) {
+        if (!network.network.trim())
+            pushFinding(findings, 'critical', `supportedNetworks[${index}].network`, 'network is required');
+        if (!network.name.trim())
+            pushFinding(findings, 'warning', `supportedNetworks[${index}].name`, 'network name should be explicit');
+        if (!isHttpsUrl(network.gateway))
+            pushFinding(findings, 'critical', `supportedNetworks[${index}].gateway`, 'gateway must be an https URL');
+    }
+    if (!snapshot.facilitator)
+        pushFinding(findings, 'warning', 'facilitator', 'facilitator metadata is missing');
+    if (!snapshot.hasPayTo)
+        pushFinding(findings, 'critical', 'hasPayTo', 'payTo recipient must be present before payment');
+    if (snapshot.mcp.totalTools <= 0)
+        pushFinding(findings, 'critical', 'mcp.totalTools', 'totalTools must be greater than zero');
+    if (snapshot.mcp.totalServices !== undefined && snapshot.mcp.totalServices <= 0) {
+        pushFinding(findings, 'warning', 'mcp.totalServices', 'totalServices should be greater than zero when present');
+    }
+    if (snapshot.pricing.endpointCount > 0 && snapshot.pricing.endpointCount !== snapshot.mcp.totalTools) {
+        pushFinding(findings, 'info', 'pricing.endpointCount', 'priced HTTP endpoint count differs from MCP totalTools; do not assume a one-to-one mapping');
+    }
+    const hasPricingClarity = snapshot.pricing.endpointCount > 0 &&
+        snapshot.pricing.endpointsWithPrice === snapshot.pricing.endpointCount &&
+        snapshot.pricing.endpointsWithPriceAtomic === snapshot.pricing.endpointCount &&
+        snapshot.pricing.distinctPrices.length > 0;
+    if (!hasPricingClarity) {
+        pushFinding(findings, 'critical', 'pricing', 'pricing fields must be present for every paid endpoint in the snapshot');
+    }
+    const hasTrialPolicyClarity = typeof snapshot.trial.enabled === 'boolean' && Boolean(snapshot.trial.description.trim());
+    if (!hasTrialPolicyClarity) {
+        pushFinding(findings, 'critical', 'trial', 'trial policy must be explicit, including no-trial cases');
+    }
+    if (!snapshot.trial.enabled && snapshot.capabilities.some((capability) => capability.toLowerCase().includes('free_trial'))) {
+        pushFinding(findings, 'warning', 'capabilities.free_trial', 'capabilities still advertises free_trial while trial.enabled is false; buyer agents should trust the explicit trial object and refresh directory cards');
+    }
+    if (snapshot.trial.enabled && /0 free|no free/i.test(snapshot.trial.description)) {
+        pushFinding(findings, 'critical', 'trial.description', 'trial.enabled conflicts with no-trial description');
+    }
+    const frameworkUrls = Object.values(snapshot.directories.frameworks);
+    const hasDirectoryEndpointFreshness = isHttpsUrl(snapshot.directories.wellKnownX402) &&
+        isHttpsUrl(snapshot.directories.mcpCatalog) &&
+        isHttpsUrl(snapshot.directories.openapi) &&
+        isHttpsUrl(snapshot.directories.documentation) &&
+        frameworkUrls.length > 0 &&
+        frameworkUrls.every(isHttpsUrl);
+    if (!hasDirectoryEndpointFreshness) {
+        pushFinding(findings, 'critical', 'directories', 'well-known, MCP catalog, OpenAPI, documentation, and framework endpoints must be https URLs');
+    }
+    return {
+        snapshotId: snapshot.snapshotId,
+        ageHours,
+        stale,
+        hasSupportedNetworks,
+        hasPricingClarity,
+        hasTrialPolicyClarity,
+        hasDirectoryEndpointFreshness,
+        findings,
+    };
+}
+function changed(field, before, after, changedFields) {
+    const didChange = JSON.stringify(before) !== JSON.stringify(after);
+    if (didChange)
+        changedFields.push(field);
+    return didChange;
+}
+function compareDynamicPaidMcpManifestSnapshots(before, after) {
+    const changedFields = [];
+    const findings = [];
+    if (changed('mcp.totalTools', before.mcp.totalTools, after.mcp.totalTools, changedFields)) {
+        pushFinding(findings, 'warning', 'mcp.totalTools', `tool count changed from ${before.mcp.totalTools} to ${after.mcp.totalTools}`);
+    }
+    if (changed('mcp.totalServices', before.mcp.totalServices, after.mcp.totalServices, changedFields)) {
+        pushFinding(findings, 'warning', 'mcp.totalServices', `service count changed from ${before.mcp.totalServices ?? 'unknown'} to ${after.mcp.totalServices ?? 'unknown'}`);
+    }
+    if (changed('trial.enabled', before.trial.enabled, after.trial.enabled, changedFields)) {
+        pushFinding(findings, 'critical', 'trial.enabled', `trial policy changed from ${before.trial.enabled} to ${after.trial.enabled}`);
+    }
+    if (changed('trial.description', before.trial.description, after.trial.description, changedFields)) {
+        pushFinding(findings, 'warning', 'trial.description', 'trial policy description changed; refresh buyer-facing directory metadata');
+    }
+    if (changed('pricing.distinctPrices', before.pricing.distinctPrices, after.pricing.distinctPrices, changedFields)) {
+        pushFinding(findings, 'warning', 'pricing.distinctPrices', 'advertised price surface changed');
+    }
+    if (changed('supportedNetworks', before.supportedNetworks, after.supportedNetworks, changedFields)) {
+        pushFinding(findings, 'warning', 'supportedNetworks', 'supported network descriptors changed');
+    }
+    if (changed('directories', before.directories, after.directories, changedFields)) {
+        pushFinding(findings, 'warning', 'directories', 'directory or framework endpoint URLs changed');
+    }
+    if (changed('commitSha', before.commitSha, after.commitSha, changedFields)) {
+        pushFinding(findings, 'info', 'commitSha', 'source commit changed; use the newer snapshot for routing');
+    }
+    return {
+        fromSnapshotId: before.snapshotId,
+        toSnapshotId: after.snapshotId,
+        changedFields,
+        findings,
+    };
+}
+function assertNoStaticPaidMcpManifestAssumptions(baseline, latest) {
+    const drift = compareDynamicPaidMcpManifestSnapshots(baseline, latest);
+    const changedCriticalFields = new Set(drift.changedFields);
+    if (changedCriticalFields.has('mcp.totalTools') || changedCriticalFields.has('trial.enabled') || changedCriticalFields.has('directories')) {
+        return drift;
+    }
+    return drift;
+}
+//# sourceMappingURL=x402-dynamic-paid-mcp-manifest-drift.js.map