npm - safehands-pharos - Versions diffs - 1.4.0 → 1.5.0 - Mend

safehands-pharos 1.4.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (124) hide show

package/README.md +174 -63
package/dist/cli.d.ts +5 -5
package/dist/cli.d.ts.map +1 -1
package/dist/cli.js +126 -124
package/dist/cli.js.map +1 -1
package/dist/demo.d.ts +1 -1
package/dist/demo.js +171 -171
package/dist/index.d.ts +2 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +73 -65
package/dist/index.js.map +1 -1
package/dist/init.d.ts +1 -1
package/dist/init.js +65 -65
package/dist/lib/constants.d.ts +303 -291
package/dist/lib/constants.d.ts.map +1 -1
package/dist/lib/constants.js +302 -292
package/dist/lib/constants.js.map +1 -1
package/dist/lib/dodoApi.d.ts +78 -78
package/dist/lib/dodoApi.js +196 -196
package/dist/lib/envLoader.d.ts +2 -0
package/dist/lib/envLoader.d.ts.map +1 -0
package/dist/lib/envLoader.js +44 -0
package/dist/lib/envLoader.js.map +1 -0
package/dist/lib/http.d.ts +14 -14
package/dist/lib/http.js +118 -118
package/dist/lib/pharosClient.d.ts +58 -58
package/dist/lib/pharosClient.js +63 -63
package/dist/lib/policy/actionPolicyEngine.d.ts +53 -53
package/dist/lib/policy/actionPolicyEngine.js +212 -212
package/dist/lib/riskEngine.d.ts +26 -26
package/dist/lib/riskEngine.d.ts.map +1 -1
package/dist/lib/riskEngine.js +288 -283
package/dist/lib/riskEngine.js.map +1 -1
package/dist/lib/signer/index.d.ts +24 -24
package/dist/lib/signer/index.js +88 -88
package/dist/lib/testDodoLive.d.ts +1 -1
package/dist/lib/testDodoLive.js +104 -104
package/dist/lib/testLiveSafehands.d.ts +1 -1
package/dist/lib/testLiveSafehands.js +92 -92
package/dist/lib/testRpcLive.d.ts +1 -1
package/dist/lib/testRpcLive.js +88 -88
package/dist/lib/testTools.js +397 -398
package/dist/lib/testX402Live.d.ts +1 -1
package/dist/lib/testX402Live.js +159 -159
package/dist/lib/toolResponse.d.ts +25 -25
package/dist/lib/toolResponse.js +53 -53
package/dist/lib/wallet/index.d.ts +37 -37
package/dist/lib/wallet/index.js +128 -128
package/dist/scripts/checkDeploy.d.ts +1 -1
package/dist/scripts/checkDeploy.js +24 -24
package/dist/scripts/deployRegistry.d.ts +1 -1
package/dist/scripts/deployRegistry.js +100 -100
package/dist/scripts/testRegistry.d.ts +1 -1
package/dist/scripts/testRegistry.js +43 -43
package/dist/tools/approveToken.d.ts +45 -45
package/dist/tools/approveToken.js +85 -85
package/dist/tools/assessRisk.d.ts +79 -79
package/dist/tools/assessRisk.js +104 -104
package/dist/tools/checkAllowance.d.ts +43 -43
package/dist/tools/checkAllowance.js +56 -56
package/dist/tools/checkTokenSecurity.d.ts +46 -46
package/dist/tools/checkTokenSecurity.js +95 -95
package/dist/tools/createAgentWallet.d.ts +28 -26
package/dist/tools/createAgentWallet.d.ts.map +1 -1
package/dist/tools/createAgentWallet.js +82 -58
package/dist/tools/createAgentWallet.js.map +1 -1
package/dist/tools/estimateGas.d.ts +79 -79
package/dist/tools/estimateGas.js +124 -124
package/dist/tools/executeSwap.d.ts +61 -61
package/dist/tools/executeSwap.js +141 -141
package/dist/tools/explainRisk.d.ts +29 -29
package/dist/tools/explainRisk.js +32 -32
package/dist/tools/getAgentWallet.d.ts +21 -21
package/dist/tools/getAgentWallet.js +27 -27
package/dist/tools/getAgentWalletBalance.d.ts +11 -11
package/dist/tools/getAgentWalletBalance.js +70 -70
package/dist/tools/getExecutionHistory.d.ts +49 -49
package/dist/tools/getExecutionHistory.js +154 -154
package/dist/tools/getGasPrice.d.ts +43 -43
package/dist/tools/getGasPrice.js +59 -59
package/dist/tools/getPoolInfo.d.ts +75 -75
package/dist/tools/getPoolInfo.js +137 -137
package/dist/tools/getTokenPrice.d.ts +113 -113
package/dist/tools/getTokenPrice.js +117 -117
package/dist/tools/getTransactionStatus.d.ts +43 -43
package/dist/tools/getTransactionStatus.js +59 -59
package/dist/tools/getWalletBalance.d.ts +68 -68
package/dist/tools/getWalletBalance.js +87 -87
package/dist/tools/publishRiskScore.d.ts +63 -63
package/dist/tools/publishRiskScore.js +88 -88
package/dist/tools/queryRiskRegistry.d.ts +38 -38
package/dist/tools/queryRiskRegistry.js +55 -55
package/dist/tools/safehandsPreflightCheck.d.ts +77 -77
package/dist/tools/safehandsPreflightCheck.js +47 -47
package/dist/tools/safehandsRiskReport.d.ts +81 -81
package/dist/tools/safehandsRiskReport.js +28 -28
package/dist/tools/safehandsSafeExecute.d.ts +20 -20
package/dist/tools/safehandsSafeExecute.js +81 -81
package/dist/tools/safehandsWalletHealth.d.ts +14 -14
package/dist/tools/safehandsWalletHealth.js +103 -103
package/dist/tools/safehandsX402Preflight.d.ts +26 -26
package/dist/tools/safehandsX402Preflight.js +65 -65
package/dist/tools/sendPayment.d.ts +57 -57
package/dist/tools/sendPayment.js +117 -117
package/dist/tools/simulateTransaction.d.ts +60 -60
package/dist/tools/simulateTransaction.js +83 -83
package/dist/tools/tokenRegistryStatus.d.ts +26 -26
package/dist/tools/tokenRegistryStatus.js +96 -96
package/dist/tools/x402PayAndFetch.d.ts +81 -81
package/dist/tools/x402PayAndFetch.js +152 -152
package/dist/x402Server.d.ts +1 -1
package/dist/x402Server.js +300 -252
package/dist/x402Server.js.map +1 -1
package/package.json +6 -16
package/examples/dashboard/index.html +0 -337
package/examples/pharos-skill-engine/SKILL.safehands.md +0 -85
package/examples/pharos-skill-engine/assets/safehands/example-actions.json +0 -49
package/examples/pharos-skill-engine/assets/safehands/policy-defaults.json +0 -11
package/examples/pharos-skill-engine/references/safehands.md +0 -345
package/examples/scenario-hack.ts +0 -38
package/skill/SKILL.md +0 -133
package/skill/assets/safehands/example-actions.json +0 -49
package/skill/assets/safehands/policy-defaults.json +0 -11
package/skill/references/safehands.md +0 -345

package/dist/tools/x402PayAndFetch.js CHANGED Viewed

@@ -1,153 +1,153 @@
-// ─── Tool: x402_pay_and_fetch ─────────────────────────────────────────────
-// Enables an agent to fetch protected resources from an x402 server.
-// Automatically executes the payment challenge only after HTTP 402 is returned.
-// ─────────────────────────────────────────────────────────────────────────
-import { z } from "zod";
-import { wrapFetchWithPayment, x402Client } from "@x402/fetch";
-import { registerExactEvmScheme } from "@x402/evm/exact/client";
-import { CHAIN_ID, PHAROS_ENVIRONMENT, RPC_URL, MAX_X402_PAYMENT_USDC, X402_PAYMENT_TOKEN_ADDRESS } from "../lib/constants.js";
-import { assertSafeFetchUrl, fetchWithTimeoutAndRetry } from "../lib/http.js";
-import { fail, ok, requireWriteToolsEnabled } from "../lib/toolResponse.js";
-import { getSigner, isSignerFailure } from "../lib/signer/index.js";
-import { evaluateActionPolicy } from "../lib/policy/actionPolicyEngine.js";
-export const x402PayAndFetchSchema = z.object({
-    url: z.string().describe("Target URL of the protected resource requiring x402 payment"),
-    method: z.enum(["GET", "POST", "PUT", "DELETE"]).optional().default("GET").describe("HTTP method to use"),
-    body: z.string().optional().describe("Optional stringified JSON request body"),
-    rpcUrl: z.string().optional().describe("Custom RPC URL for payment verification (defaults to Atlantic Testnet RPC)"),
-    agentId: z.string().optional().describe("Managed testnet wallet agentId when WALLET_MODE=managed-testnet"),
-    maxPaymentUsdc: z.string().optional().default(MAX_X402_PAYMENT_USDC),
-});
-export const x402PayAndFetchTool = {
-    name: "x402_pay_and_fetch",
-    description: "Fetch resources from an HTTP x402 payment-gated server. " +
-        "If the server challenges with HTTP 402, this tool signs the required testnet payment payload and completes the fetch.",
-    inputSchema: x402PayAndFetchSchema,
-};
-async function readResponseBody(res) {
-    const contentType = res.headers.get("content-type") || "";
-    if (contentType.includes("application/json")) {
-        try {
-            return await res.json();
-        }
-        catch {
-            return null;
-        }
-    }
-    return await res.text();
-}
-function buildFetchOptions(input) {
-    const fetchOptions = {
-        method: input.method,
-        headers: {
-            "Content-Type": "application/json",
-        },
-    };
-    if (input.body)
-        fetchOptions.body = input.body;
-    return fetchOptions;
-}
-export async function handleX402PayAndFetch(raw) {
-    const input = x402PayAndFetchSchema.parse(raw);
-    try {
-        await assertSafeFetchUrl(input.url);
-    }
-    catch (err) {
-        return fail("SSRF_BLOCKED", err instanceof Error ? err.message.replace(/^SSRF_BLOCKED:\s*/, "") : String(err), false, "x402_pay_and_fetch");
-    }
-    const staticPolicy = evaluateActionPolicy({
-        actionType: "x402_pay_and_fetch",
-        url: input.url,
-        paymentAmountUsdc: input.maxPaymentUsdc,
-        paymentTokenAddress: X402_PAYMENT_TOKEN_ADDRESS,
-        chainId: CHAIN_ID,
-        environment: PHAROS_ENVIRONMENT,
-        isMainnet: false,
-    });
-    if (staticPolicy.decision === "BLOCK") {
-        return fail("POLICY_BLOCKED", staticPolicy.reasons.join(" ") || "x402 request blocked by SafeHands policy.", false, "x402_pay_and_fetch");
-    }
-    const fetchOptions = buildFetchOptions(input);
-    try {
-        const initial = await fetchWithTimeoutAndRetry(input.url, {
-            ...fetchOptions,
-            timeoutMs: 10_000,
-            retries: 1,
-            retryDelayMs: 250,
-        });
-        if (initial.status !== 402) {
-            const data = await readResponseBody(initial);
-            return ok({
-                status: initial.status,
-                statusText: initial.statusText,
-                data,
-                paymentExecuted: false,
-                paymentDetails: null,
-                chainId: CHAIN_ID,
-                environment: PHAROS_ENVIRONMENT,
-                isMainnet: false,
-                policy: staticPolicy,
-                source: "x402_fetch",
-            });
-        }
-        const writeGuard = requireWriteToolsEnabled("x402_pay_and_fetch");
-        if (writeGuard)
-            return writeGuard;
-        const signer = await getSigner(input.agentId, { purpose: "x402" });
-        if (isSignerFailure(signer)) {
-            return fail("X402_PAYMENT_REQUIRED", `The resource returned HTTP 402, but no safe x402 signer is available: ${signer.error.message}`, false, "x402_pay_and_fetch");
-        }
-        const paymentPolicy = evaluateActionPolicy({
-            actionType: "x402_pay_and_fetch",
-            url: input.url,
-            paymentAmountUsdc: input.maxPaymentUsdc,
-            paymentTokenAddress: X402_PAYMENT_TOKEN_ADDRESS,
-            chainId: CHAIN_ID,
-            environment: PHAROS_ENVIRONMENT,
-            isMainnet: false,
-            signerAvailable: true,
-            requiresSigner: true,
-        });
-        if (paymentPolicy.decision === "BLOCK") {
-            return fail("POLICY_BLOCKED", paymentPolicy.reasons.join(" ") || "x402 payment blocked by SafeHands policy.", false, "x402_pay_and_fetch");
-        }
-        const rpc = input.rpcUrl || process.env.PHAROS_RPC_URL || RPC_URL;
-        const client = new x402Client();
-        registerExactEvmScheme(client, {
-            signer: signer.account,
-            schemeOptions: {
-                [CHAIN_ID]: { rpcUrl: rpc },
-            },
-        });
-        const fetchWithPayment = wrapFetchWithPayment(fetch, client);
-        const paidResponse = await fetchWithPayment(input.url, fetchOptions);
-        const data = await readResponseBody(paidResponse);
-        const paymentResponseHeader = paidResponse.headers.get("PAYMENT-RESPONSE");
-        return ok({
-            status: paidResponse.status,
-            statusText: paidResponse.statusText,
-            data,
-            paymentExecuted: !!paymentResponseHeader,
-            paymentDetails: paymentResponseHeader
-                ? {
-                    headerRedacted: true,
-                    note: "PAYMENT-RESPONSE header was present but intentionally not exposed to avoid leaking signed payment data.",
-                }
-                : null,
-            signerMode: signer.mode,
-            walletAddress: signer.address,
-            paymentToken: X402_PAYMENT_TOKEN_ADDRESS,
-            maxPaymentUsdc: input.maxPaymentUsdc,
-            chainId: CHAIN_ID,
-            environment: PHAROS_ENVIRONMENT,
-            isMainnet: false,
-            policy: paymentPolicy,
-            testnetPayment: true,
-            source: "x402_fetch",
-        });
-    }
-    catch (err) {
-        return fail("X402_PAYMENT_FAILED", err instanceof Error ? err.message : String(err), true, "x402_pay_and_fetch");
-    }
-}
+// ─── Tool: x402_pay_and_fetch ─────────────────────────────────────────────
+// Enables an agent to fetch protected resources from an x402 server.
+// Automatically executes the payment challenge only after HTTP 402 is returned.
+// ─────────────────────────────────────────────────────────────────────────
+import { z } from "zod";
+import { wrapFetchWithPayment, x402Client } from "@x402/fetch";
+import { registerExactEvmScheme } from "@x402/evm/exact/client";
+import { CHAIN_ID, PHAROS_ENVIRONMENT, RPC_URL, MAX_X402_PAYMENT_USDC, X402_PAYMENT_TOKEN_ADDRESS } from "../lib/constants.js";
+import { assertSafeFetchUrl, fetchWithTimeoutAndRetry } from "../lib/http.js";
+import { fail, ok, requireWriteToolsEnabled } from "../lib/toolResponse.js";
+import { getSigner, isSignerFailure } from "../lib/signer/index.js";
+import { evaluateActionPolicy } from "../lib/policy/actionPolicyEngine.js";
+export const x402PayAndFetchSchema = z.object({
+    url: z.string().describe("Target URL of the protected resource requiring x402 payment"),
+    method: z.enum(["GET", "POST", "PUT", "DELETE"]).optional().default("GET").describe("HTTP method to use"),
+    body: z.string().optional().describe("Optional stringified JSON request body"),
+    rpcUrl: z.string().optional().describe("Custom RPC URL for payment verification (defaults to Atlantic Testnet RPC)"),
+    agentId: z.string().optional().describe("Managed testnet wallet agentId when WALLET_MODE=managed-testnet"),
+    maxPaymentUsdc: z.string().optional().default(MAX_X402_PAYMENT_USDC),
+});
+export const x402PayAndFetchTool = {
+    name: "x402_pay_and_fetch",
+    description: "Fetch resources from an HTTP x402 payment-gated server. " +
+        "If the server challenges with HTTP 402, this tool signs the required testnet payment payload and completes the fetch.",
+    inputSchema: x402PayAndFetchSchema,
+};
+async function readResponseBody(res) {
+    const contentType = res.headers.get("content-type") || "";
+    if (contentType.includes("application/json")) {
+        try {
+            return await res.json();
+        }
+        catch {
+            return null;
+        }
+    }
+    return await res.text();
+}
+function buildFetchOptions(input) {
+    const fetchOptions = {
+        method: input.method,
+        headers: {
+            "Content-Type": "application/json",
+        },
+    };
+    if (input.body)
+        fetchOptions.body = input.body;
+    return fetchOptions;
+}
+export async function handleX402PayAndFetch(raw) {
+    const input = x402PayAndFetchSchema.parse(raw);
+    try {
+        await assertSafeFetchUrl(input.url);
+    }
+    catch (err) {
+        return fail("SSRF_BLOCKED", err instanceof Error ? err.message.replace(/^SSRF_BLOCKED:\s*/, "") : String(err), false, "x402_pay_and_fetch");
+    }
+    const staticPolicy = evaluateActionPolicy({
+        actionType: "x402_pay_and_fetch",
+        url: input.url,
+        paymentAmountUsdc: input.maxPaymentUsdc,
+        paymentTokenAddress: X402_PAYMENT_TOKEN_ADDRESS,
+        chainId: CHAIN_ID,
+        environment: PHAROS_ENVIRONMENT,
+        isMainnet: false,
+    });
+    if (staticPolicy.decision === "BLOCK") {
+        return fail("POLICY_BLOCKED", staticPolicy.reasons.join(" ") || "x402 request blocked by SafeHands policy.", false, "x402_pay_and_fetch");
+    }
+    const fetchOptions = buildFetchOptions(input);
+    try {
+        const initial = await fetchWithTimeoutAndRetry(input.url, {
+            ...fetchOptions,
+            timeoutMs: 10_000,
+            retries: 1,
+            retryDelayMs: 250,
+        });
+        if (initial.status !== 402) {
+            const data = await readResponseBody(initial);
+            return ok({
+                status: initial.status,
+                statusText: initial.statusText,
+                data,
+                paymentExecuted: false,
+                paymentDetails: null,
+                chainId: CHAIN_ID,
+                environment: PHAROS_ENVIRONMENT,
+                isMainnet: false,
+                policy: staticPolicy,
+                source: "x402_fetch",
+            });
+        }
+        const writeGuard = requireWriteToolsEnabled("x402_pay_and_fetch");
+        if (writeGuard)
+            return writeGuard;
+        const signer = await getSigner(input.agentId, { purpose: "x402" });
+        if (isSignerFailure(signer)) {
+            return fail("X402_PAYMENT_REQUIRED", `The resource returned HTTP 402, but no safe x402 signer is available: ${signer.error.message}`, false, "x402_pay_and_fetch");
+        }
+        const paymentPolicy = evaluateActionPolicy({
+            actionType: "x402_pay_and_fetch",
+            url: input.url,
+            paymentAmountUsdc: input.maxPaymentUsdc,
+            paymentTokenAddress: X402_PAYMENT_TOKEN_ADDRESS,
+            chainId: CHAIN_ID,
+            environment: PHAROS_ENVIRONMENT,
+            isMainnet: false,
+            signerAvailable: true,
+            requiresSigner: true,
+        });
+        if (paymentPolicy.decision === "BLOCK") {
+            return fail("POLICY_BLOCKED", paymentPolicy.reasons.join(" ") || "x402 payment blocked by SafeHands policy.", false, "x402_pay_and_fetch");
+        }
+        const rpc = input.rpcUrl || process.env.PHAROS_RPC_URL || RPC_URL;
+        const client = new x402Client();
+        registerExactEvmScheme(client, {
+            signer: signer.account,
+            schemeOptions: {
+                [CHAIN_ID]: { rpcUrl: rpc },
+            },
+        });
+        const fetchWithPayment = wrapFetchWithPayment(fetch, client);
+        const paidResponse = await fetchWithPayment(input.url, fetchOptions);
+        const data = await readResponseBody(paidResponse);
+        const paymentResponseHeader = paidResponse.headers.get("PAYMENT-RESPONSE");
+        return ok({
+            status: paidResponse.status,
+            statusText: paidResponse.statusText,
+            data,
+            paymentExecuted: !!paymentResponseHeader,
+            paymentDetails: paymentResponseHeader
+                ? {
+                    headerRedacted: true,
+                    note: "PAYMENT-RESPONSE header was present but intentionally not exposed to avoid leaking signed payment data.",
+                }
+                : null,
+            signerMode: signer.mode,
+            walletAddress: signer.address,
+            paymentToken: X402_PAYMENT_TOKEN_ADDRESS,
+            maxPaymentUsdc: input.maxPaymentUsdc,
+            chainId: CHAIN_ID,
+            environment: PHAROS_ENVIRONMENT,
+            isMainnet: false,
+            policy: paymentPolicy,
+            testnetPayment: true,
+            source: "x402_fetch",
+        });
+    }
+    catch (err) {
+        return fail("X402_PAYMENT_FAILED", err instanceof Error ? err.message : String(err), true, "x402_pay_and_fetch");
+    }
+}
 //# sourceMappingURL=x402PayAndFetch.js.map

package/dist/x402Server.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export {};
+export {};
 //# sourceMappingURL=x402Server.d.ts.map