plugin-x402-endpoints 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.cjs CHANGED
@@ -1716,6 +1716,413 @@ var catalog_default = {
1716
1716
  payTo: "0x1D1B81247C407521E2A01F3E21514870dcf1620f",
1717
1717
  network: "eip155:8453",
1718
1718
  asset: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
1719
+ },
1720
+ {
1721
+ tool: "x402_seller_trust",
1722
+ action: "X402_SELLER_TRUST",
1723
+ path: "/x402/seller-trust",
1724
+ method: "GET",
1725
+ price: "$0.01",
1726
+ description: "Score an x402 seller wallet BEFORE paying it: verdict TRUSTED/CAUTION/AVOID + confidence from its on-chain settlement graph on Base \u2014 settlement count, unique paying counterparties, wallet age, wash-trade and sybil signals \u2014 with a signed, offline-verifiable receipt. Vet / due-diligence an unknown x402 endpoint or merchant wallet before you pay it: is this seller a scam, a fake-volume wash-trader, or a sybil cluster? Agent counterparty risk, seller reputation and trust score for x402 / agentic payments. Price: $0.01 per call (x402 payment, USDC on Base mainnet).",
1727
+ llm_usage_prompt: "Score an x402 seller wallet TRUSTED/CAUTION/AVOID before paying it, from its on-chain settlement graph (settlements, counterparties, age, wash-trade/sybil) with a signed offline-verifiable receipt. Input: seller_wallet.",
1728
+ tags: [
1729
+ "x402-seller-trust",
1730
+ "reputation-score",
1731
+ "wash-trade",
1732
+ "sybil",
1733
+ "counterparty-risk"
1734
+ ],
1735
+ inputSchema: {
1736
+ type: "object",
1737
+ properties: {
1738
+ seller_wallet: {
1739
+ type: "string",
1740
+ description: "x402 seller payTo wallet (0x + 40 hex)",
1741
+ pattern: "^0x[a-fA-F0-9]{40}$"
1742
+ },
1743
+ depth: {
1744
+ type: "string",
1745
+ description: "'shallow' (~200 settlements) or 'deep' (~500)"
1746
+ }
1747
+ },
1748
+ required: [
1749
+ "seller_wallet"
1750
+ ]
1751
+ }
1752
+ },
1753
+ {
1754
+ tool: "x402_payment_firewall",
1755
+ action: "X402_PAYMENT_FIREWALL",
1756
+ path: "/x402/payment-firewall",
1757
+ method: "GET",
1758
+ price: "$0.005",
1759
+ description: "Pre-payment risk firewall for AI agents: validate {recipient, amount, chain} BEFORE sending an x402 payment and get ALLOW/REVIEW/BLOCK in <200ms \u2014 OFAC blocklist, sanctioned-mixer check, runaway-overspend vs expected price and anomalous-amount guard. Stop an agent from overpaying or paying a bad address; transaction risk screening and payment guardrail before send. The hosted spending guard / agent budget protection an offline SDK cannot give. Price: $0.005 per call (x402 payment, USDC on Base mainnet).",
1760
+ llm_usage_prompt: "Pre-payment firewall: validate {recipient, amount, chain} before an x402 payment, get ALLOW/REVIEW/BLOCK in <200ms (OFAC blocklist, mixer, runaway-overspend). Input: to_address + amount.",
1761
+ tags: [
1762
+ "x402-payment-firewall",
1763
+ "spending-guard",
1764
+ "pre-payment-risk",
1765
+ "recipient-allowlist",
1766
+ "anomalous-spend"
1767
+ ],
1768
+ inputSchema: {
1769
+ type: "object",
1770
+ properties: {
1771
+ to_address: {
1772
+ type: "string",
1773
+ description: "Recipient/payTo address (EVM 0x.., Solana, BTC, TRON, XRP)"
1774
+ },
1775
+ amount: {
1776
+ type: "number",
1777
+ description: "Payment amount in USD, e.g. 0.01"
1778
+ },
1779
+ chain: {
1780
+ type: "string",
1781
+ description: "base | ethereum | solana | bitcoin | tron (optional; inferred from address)"
1782
+ },
1783
+ expected_price: {
1784
+ type: "number",
1785
+ description: "Price the resource advertised \u2014 flags runaway overspend"
1786
+ }
1787
+ },
1788
+ required: [
1789
+ "to_address"
1790
+ ]
1791
+ }
1792
+ },
1793
+ {
1794
+ tool: "compliance_wallet_screen",
1795
+ action: "X402_COMPLIANCE_WALLET_SCREEN",
1796
+ path: "/compliance/wallet-screen",
1797
+ method: "GET",
1798
+ price: "$0.005",
1799
+ description: "Crypto wallet sanctions & compliance screening (AML/KYT): screen any EVM/Solana/Bitcoin/Tron/XRP wallet against the official OFAC SDN crypto list (UN/UK declared) with mixer (Tornado Cash) exposure and wallet age, returning PASS/WARN/BLOCK and a cryptographically SIGNED compliance receipt (list-version-pinned, verifiable offline) for audit. Is this address sanctioned, blacklisted or mixer-linked? OFAC wallet check, travel-rule / KYT counterparty screening with an auditable attestation an agent can keep. Price: $0.005 per call (x402 payment, USDC on Base mainnet).",
1800
+ llm_usage_prompt: "Crypto wallet sanctions/AML screening (OFAC SDN multi-chain) with mixer exposure, wallet age and a signed compliance receipt for audit. Verdict PASS/WARN/BLOCK. Input: wallet.",
1801
+ tags: [
1802
+ "crypto-sanctions-screening",
1803
+ "ofac",
1804
+ "aml",
1805
+ "kyt",
1806
+ "compliance-receipt"
1807
+ ],
1808
+ inputSchema: {
1809
+ type: "object",
1810
+ properties: {
1811
+ wallet: {
1812
+ type: "string",
1813
+ description: "Wallet to screen \u2014 EVM '0x..', Solana, BTC, TRON 'T..', XRP 'r..'"
1814
+ },
1815
+ chains: {
1816
+ type: "string",
1817
+ description: "Optional comma-separated EVM chains for exposure/age, e.g. 'ethereum,base'"
1818
+ }
1819
+ },
1820
+ required: [
1821
+ "wallet"
1822
+ ]
1823
+ }
1824
+ },
1825
+ {
1826
+ tool: "macro_snapshot",
1827
+ action: "X402_MACRO_SNAPSHOT",
1828
+ path: "/macro/snapshot",
1829
+ method: "GET",
1830
+ price: "$0.005",
1831
+ description: "Macro economic snapshot API \u2014 dated Eurozone economic indicators for trading/research agents: euro-area / Eurozone inflation (HICP / CPI), ECB policy interest rates (deposit, refi), unemployment and EUR FX from the official European Central Bank data portal \u2014 each indicator with value, as_of date, next_release cadence and a signed dated snapshot receipt for reproducible backtests. The interest-rate, inflation and currency context an agent needs before trading. Central bank / economic indicators data API. Price: $0.005 per call (x402 payment, USDC on Base mainnet).",
1832
+ llm_usage_prompt: "Dated euro-area macro snapshot (HICP inflation, ECB policy rates, unemployment, EUR FX) from the official ECB data portal, with next_release and a signed dated snapshot receipt for backtests. Input: indicators.",
1833
+ tags: [
1834
+ "macro-data",
1835
+ "ecb",
1836
+ "inflation",
1837
+ "interest-rate",
1838
+ "economic-indicators"
1839
+ ],
1840
+ inputSchema: {
1841
+ type: "object",
1842
+ properties: {
1843
+ indicators: {
1844
+ type: "string",
1845
+ description: "Comma-separated: inflation_hicp, core_inflation, unemployment, deposit_facility_rate, main_refi_rate, marginal_lending_rate, fx_usd, fx_gbp, fx_jpy, fx_chf"
1846
+ },
1847
+ area: {
1848
+ type: "string",
1849
+ description: "HICP reference area: 'U2' (euro area, default) or a country code e.g. 'FR','DE'"
1850
+ }
1851
+ }
1852
+ }
1853
+ },
1854
+ {
1855
+ tool: "solana_token_safety",
1856
+ action: "X402_SOLANA_TOKEN_SAFETY",
1857
+ path: "/solana/token-safety",
1858
+ method: "GET",
1859
+ price: "$0.01",
1860
+ description: "Solana SPL token safety, rug check and honeypot / scam detection before trading: is this Solana token a rug pull, honeypot or scam? Verdict SAFE/RISKY/CRITICAL + 0-100 score combining STATIC checks (mint/freeze authority, holder concentration) AND BEHAVIORAL analysis (liquidity adequacy, churn, recent dump, tx velocity) plus a blue-chip false-positive guard so USDC/USDT/SOL are never flagged as rugs. Pre-trade SPL token security / scam-token detection that catches behavioral rugs static checkers miss. Price: $0.01 per call (x402 payment, USDC on Base mainnet).",
1861
+ llm_usage_prompt: "Solana SPL token rug check SAFE/RISKY/CRITICAL: static (mint/freeze authority, holders) + behavioral (liquidity, churn, dump, velocity) + blue-chip false-positive guard. Input: mint.",
1862
+ tags: [
1863
+ "solana-token-safety",
1864
+ "rug-check",
1865
+ "honeypot",
1866
+ "behavioral-analysis",
1867
+ "spl-token-risk"
1868
+ ],
1869
+ inputSchema: {
1870
+ type: "object",
1871
+ properties: {
1872
+ mint: {
1873
+ type: "string",
1874
+ description: "SPL token mint address (base58), e.g. 'EPjFW...Dt1v' (USDC)"
1875
+ },
1876
+ deep: {
1877
+ type: "boolean",
1878
+ description: "Deeper behavioral + holder analysis (more RPC calls)"
1879
+ }
1880
+ },
1881
+ required: [
1882
+ "mint"
1883
+ ]
1884
+ }
1885
+ },
1886
+ {
1887
+ tool: "solana_pre_trade",
1888
+ action: "X402_SOLANA_PRE_TRADE",
1889
+ path: "/solana/pre-trade",
1890
+ method: "GET",
1891
+ price: "$0.05",
1892
+ description: "All-in-one Solana pre-trade decision in ONE call: BUY-SAFE/CAUTION/AVOID fusing four scored modules \u2014 token security, EXECUTABLE liquidity depth (estimated slippage at $100/$1k/$10k), deployer history/control and holder concentration. Should I buy or avoid this Solana token? Full token due-diligence in one call \u2014 replaces 3-4 lookups; built for a trading / sniping agent's risk-review pipeline. Solana trading safety decision and buy/avoid verdict. Price: $0.05 per call (x402 payment, USDC on Base mainnet).",
1893
+ llm_usage_prompt: "One-call Solana pre-trade decision BUY-SAFE/CAUTION/AVOID fusing token security + executable liquidity depth (slippage at size) + deployer history + holder concentration. Input: mint.",
1894
+ tags: [
1895
+ "solana-pre-trade",
1896
+ "trading-decision",
1897
+ "liquidity-depth",
1898
+ "deployer-history",
1899
+ "all-in-one"
1900
+ ],
1901
+ inputSchema: {
1902
+ type: "object",
1903
+ properties: {
1904
+ mint: {
1905
+ type: "string",
1906
+ description: "SPL token mint address (base58) to evaluate before buying"
1907
+ }
1908
+ },
1909
+ required: [
1910
+ "mint"
1911
+ ]
1912
+ }
1913
+ },
1914
+ {
1915
+ tool: "crypto_signal_fusion",
1916
+ action: "X402_CRYPTO_SIGNAL_FUSION",
1917
+ path: "/crypto/signal-fusion",
1918
+ method: "GET",
1919
+ price: "$0.02",
1920
+ description: "Crypto trading signal (long/short) and market-regime signal in ONE call: LONG/SHORT/NEUTRAL with confidence, fusing the cross-exchange funding rate, crowding (long/short) bias, trend/chop market regime and BTC\u2192altcoin lead-lag from Binance/Bybit/OKX/Hyperliquid \u2014 with declared data freshness. Should I go long or short on this coin? A fused directional trading signal where competitors sell the funding rate, regime and the four numbers separately. Derivatives trading signal for any altcoin. Price: $0.02 per call (x402 payment, USDC on Base mainnet).",
1921
+ llm_usage_prompt: "One-call fused trading signal LONG/SHORT/NEUTRAL combining cross-exchange funding, crowding, trend/chop regime and BTC\u2192alt lead-lag. Input: symbol + timeframe.",
1922
+ tags: [
1923
+ "crypto-trading-signal",
1924
+ "funding-rate",
1925
+ "market-regime",
1926
+ "lead-lag",
1927
+ "signal-fusion"
1928
+ ],
1929
+ inputSchema: {
1930
+ type: "object",
1931
+ properties: {
1932
+ symbol: {
1933
+ type: "string",
1934
+ description: "Coin ticker, e.g. 'BTC','ETH','SOL'"
1935
+ },
1936
+ timeframe: {
1937
+ type: "string",
1938
+ description: "Regime/lead-lag timeframe: 5m | 15m | 1h | 4h (default 1h)"
1939
+ }
1940
+ }
1941
+ }
1942
+ },
1943
+ {
1944
+ tool: "agent_due_diligence",
1945
+ action: "X402_AGENT_DUE_DILIGENCE",
1946
+ path: "/agent/due-diligence",
1947
+ method: "POST",
1948
+ price: "$0.50",
1949
+ description: "Vet any company, crypto project, counterparty or domain before engaging: one call composes a risk DOSSIER \u2014 synthesis + detected signals + sources + 0-100 risk score + GO/CAUTION/STOP verdict + recommendation + a signed, offline-verifiable receipt. Is this entity a scam, fraud, sanctioned, or safe to deal with? Replaces 3-4 manual web searches plus the synthesis an agent would have to do itself, composed from live public web signals. Counterparty / vendor / project due-diligence for agents. Price: $0.50 per call (x402 payment, USDC on Base mainnet).",
1950
+ llm_usage_prompt: "Composed risk dossier on any entity/project/counterparty/domain: summary + signals + sources + 0-100 score + GO/CAUTION/STOP verdict + signed receipt. One call replaces 3-4 lookups. Input: target.",
1951
+ tags: [
1952
+ "due-diligence",
1953
+ "kyb",
1954
+ "counterparty-risk",
1955
+ "risk-dossier",
1956
+ "agent-decision"
1957
+ ],
1958
+ inputSchema: {
1959
+ type: "object",
1960
+ properties: {
1961
+ target: {
1962
+ type: "string",
1963
+ description: "Entity / project / counterparty / domain to vet, e.g. 'Acme DeFi Labs'"
1964
+ },
1965
+ target_type: {
1966
+ type: "string",
1967
+ description: "Optional: entity | project | counterparty | domain | wallet"
1968
+ },
1969
+ context: {
1970
+ type: "string",
1971
+ description: "Optional: why you're engaging / what you're about to do"
1972
+ }
1973
+ },
1974
+ required: [
1975
+ "target"
1976
+ ]
1977
+ }
1978
+ },
1979
+ {
1980
+ tool: "agent_analysis_report",
1981
+ action: "X402_AGENT_ANALYSIS_REPORT",
1982
+ path: "/agent/analysis-report",
1983
+ method: "POST",
1984
+ price: "$0.25",
1985
+ description: "Structured analysis report on any URL, company, product or subject in one call: positioning + strengths + risks + opportunities + 0-100 actionable score + STRONG/MODERATE/WEAK rating + recommendation + provenance + a signed receipt. A fixed-schema research report an agent can consume without re-parsing, composed from live public web signals. Competitive / investment / partnership analysis for agents. Price: $0.25 per call (x402 payment, USDC on Base mainnet).",
1986
+ llm_usage_prompt: "Fixed-schema analysis report on a URL/company/subject: positioning + strengths + risks + opportunities + 0-100 score + STRONG/MODERATE/WEAK + signed receipt. Input: input (+ optional focus).",
1987
+ tags: [
1988
+ "analysis-report",
1989
+ "market-analysis",
1990
+ "competitive",
1991
+ "research",
1992
+ "agent-decision"
1993
+ ],
1994
+ inputSchema: {
1995
+ type: "object",
1996
+ properties: {
1997
+ input: {
1998
+ type: "string",
1999
+ description: "URL, company, product or subject, e.g. 'stripe.com'"
2000
+ },
2001
+ focus: {
2002
+ type: "string",
2003
+ description: "Optional: investment | competitive | partnership | security | general"
2004
+ }
2005
+ },
2006
+ required: [
2007
+ "input"
2008
+ ]
2009
+ }
2010
+ },
2011
+ {
2012
+ tool: "agent_clearance",
2013
+ action: "X402_AGENT_CLEARANCE",
2014
+ path: "/agent/clearance",
2015
+ method: "POST",
2016
+ price: "$0.25",
2017
+ description: "Safety preflight before an agent runs a DESTRUCTIVE, costly or IRREVERSIBLE action (delete, deploy, transfer funds, publish, overwrite): risk assessment + reversibility check + timing + CLEAR/LIMIT/REVIEW/BLOCK verdict + a cryptographically SIGNED ClearancePacket (decision, approved amount, policy version, evidence hash, expiry, rationale) the agent keeps as proof of authorization. Should I run this action, or stop and ask a human? Stops a mistake far costlier than the call price. Agent action guardrail / clearance / human-in-the-loop gate. Price: $0.25 per call (x402 payment, USDC on Base mainnet).",
2018
+ llm_usage_prompt: "Preflight clearance before a destructive/costly/irreversible agent action: risk + reversibility + timing + CLEAR/LIMIT/REVIEW/BLOCK + a signed Ed25519 ClearancePacket. Input: action (+ action_type, amount_usd).",
2019
+ tags: [
2020
+ "preflight",
2021
+ "action-clearance",
2022
+ "reversibility",
2023
+ "agent-safety",
2024
+ "guardrail"
2025
+ ],
2026
+ inputSchema: {
2027
+ type: "object",
2028
+ properties: {
2029
+ action: {
2030
+ type: "string",
2031
+ description: "Action about to run, e.g. 'delete the production users table'"
2032
+ },
2033
+ action_type: {
2034
+ type: "string",
2035
+ description: "Optional: delete|deploy|send|spend|transfer|publish|email|overwrite|approve|rotate|shutdown|other"
2036
+ },
2037
+ amount_usd: {
2038
+ type: "number",
2039
+ description: "Monetary stake in USD if applicable, e.g. 250"
2040
+ },
2041
+ reversible: {
2042
+ type: "boolean",
2043
+ description: "Optional caller hint: is the action reversible?"
2044
+ },
2045
+ target: {
2046
+ type: "string",
2047
+ description: "Optional target (table, address, repo, recipient)"
2048
+ },
2049
+ context: {
2050
+ type: "string",
2051
+ description: "Optional extra context (environment, prior approval)"
2052
+ }
2053
+ },
2054
+ required: [
2055
+ "action"
2056
+ ]
2057
+ }
2058
+ },
2059
+ {
2060
+ tool: "agent_output_qa",
2061
+ action: "X402_AGENT_OUTPUT_QA",
2062
+ path: "/agent/output-qa",
2063
+ method: "POST",
2064
+ price: "$0.10",
2065
+ description: "Review and improve an agent's outbound text (email, social post, customer reply) before sending: a multi-criteria scorecard (clarity, spam-safety, tone, length, personalization, CTA, compliance \u2014 each 0-100) + poor/fair/good/excellent rating + top suggestions + a ready-to-send IMPROVED REWRITE. Will this message land or get flagged as spam? One call scores and rewrites. Output review / spam check / copy QA for agents. Price: $0.10 per call (x402 payment, USDC on Base mainnet).",
2066
+ llm_usage_prompt: "Score an agent's outbound text on 7 criteria (clarity, spam-safety, tone, length, personalization, CTA, compliance) + rating + suggestions + improved rewrite. Input: output (+ format, goal).",
2067
+ tags: [
2068
+ "output-qa",
2069
+ "email-review",
2070
+ "content-scoring",
2071
+ "rewrite",
2072
+ "agent-decision"
2073
+ ],
2074
+ inputSchema: {
2075
+ type: "object",
2076
+ properties: {
2077
+ output: {
2078
+ type: "string",
2079
+ description: "The agent's outbound text to review (email, post, reply)"
2080
+ },
2081
+ format: {
2082
+ type: "string",
2083
+ description: "Optional: email | social_post | customer_reply | other"
2084
+ },
2085
+ goal: {
2086
+ type: "string",
2087
+ description: "Optional intended goal, e.g. 'book a demo'"
2088
+ }
2089
+ },
2090
+ required: [
2091
+ "output"
2092
+ ]
2093
+ }
2094
+ },
2095
+ {
2096
+ tool: "agent_content_scan",
2097
+ action: "X402_AGENT_CONTENT_SCAN",
2098
+ path: "/agent/content-scan",
2099
+ method: "POST",
2100
+ price: "$0.10",
2101
+ description: "Scan any external content before an agent INGESTS it (SKILL.md, web page, user input, tool output) for prompt-injection, data exfiltration, dangerous code execution, hidden/invisible unicode and instruction overrides: 0-100 risk score + SAFE/WARN/BLOCK verdict + structured findings with matched evidence. Is it safe to feed this content to my agent? A fast, cheap, deterministic, high-volume pre-ingest firewall. Prompt-injection / skill-audit / untrusted-content security check for agents. Price: $0.10 per call (x402 payment, USDC on Base mainnet).",
2102
+ llm_usage_prompt: "Deterministic pre-ingest scan for prompt-injection, exfiltration, dangerous exec, hidden unicode and instruction overrides: 0-100 risk score + SAFE/WARN/BLOCK + structured findings. Input: content.",
2103
+ tags: [
2104
+ "content-scan",
2105
+ "prompt-injection",
2106
+ "exfiltration",
2107
+ "agent-security",
2108
+ "safe-ingest"
2109
+ ],
2110
+ inputSchema: {
2111
+ type: "object",
2112
+ properties: {
2113
+ content: {
2114
+ type: "string",
2115
+ description: "Raw content to scan before ingestion (SKILL.md, web page, user input, tool output)"
2116
+ },
2117
+ source_type: {
2118
+ type: "string",
2119
+ description: "Optional: skill | webpage | user_input | tool_output | document"
2120
+ }
2121
+ },
2122
+ required: [
2123
+ "content"
2124
+ ]
2125
+ }
1719
2126
  }
1720
2127
  ]
1721
2128
  };
@@ -1815,12 +2222,15 @@ async function readBody(resp) {
1815
2222
  }
1816
2223
  }
1817
2224
  async function callEndpoint(ep, params, cfg) {
1818
- const url = buildUrl(cfg.baseUrl, ep.path, params);
1819
- const headers = { accept: "application/json" };
2225
+ const method = (ep.method || "GET").toUpperCase();
2226
+ const isPost = method === "POST";
2227
+ const url = isPost ? `${cfg.baseUrl}${ep.path}` : buildUrl(cfg.baseUrl, ep.path, params);
2228
+ const headers = isPost ? { accept: "application/json", "content-type": "application/json" } : { accept: "application/json" };
2229
+ const reqInit = isPost ? { method, headers, body: JSON.stringify(params || {}) } : { method, headers };
1820
2230
  const paidFetch = await getPaidFetch(cfg).catch(() => null);
1821
2231
  if (paidFetch) {
1822
2232
  try {
1823
- const resp2 = await paidFetch(url, { method: "GET", headers });
2233
+ const resp2 = await paidFetch(url, reqInit);
1824
2234
  const body2 = await readBody(resp2);
1825
2235
  if (resp2.status === 200) return { kind: "data", status: 200, data: body2 };
1826
2236
  if (resp2.status === 402) {
@@ -1838,7 +2248,7 @@ async function callEndpoint(ep, params, cfg) {
1838
2248
  }
1839
2249
  let resp;
1840
2250
  try {
1841
- resp = await fetch(url, { method: "GET", headers });
2251
+ resp = await fetch(url, reqInit);
1842
2252
  } catch (err) {
1843
2253
  return { kind: "error", message: "request failed", detail: `${err?.name}: ${err?.message}` };
1844
2254
  }