npm - trustsource - Versions diffs - 0.2.0 - Mend

trustsource 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/.vscode/settings.json +9 -0
package/LICENSE +21 -0
package/Procfile +1 -0
package/README.md +142 -0
package/mcp-server/.env.example +7 -0
package/mcp-server/README.md +116 -0
package/mcp-server/package-lock.json +1815 -0
package/mcp-server/package.json +58 -0
package/mcp-server/smithery.yaml +45 -0
package/mcp-server/src/index.ts +171 -0
package/mcp-server/tsconfig.json +19 -0
package/package.json +35 -0
package/public/index.html +954 -0
package/railway.json +11 -0
package/skills/trustsource-domain/skill.md +182 -0
package/src/openapi.ts +660 -0
package/src/routes/headers.ts +448 -0
package/src/routes/robots.ts +455 -0
package/src/routes/sslcheck.ts +408 -0
package/src/routes/trustscore.ts +268 -0
package/src/server.ts +318 -0
package/src/types/whois-json.d.ts +4 -0
package/tsconfig.json +13 -0

package/.vscode/settings.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+    "python-envs.pythonProjects": [
+        {
+            "path": "node_modules",
+            "envManager": "ms-python.python:venv",
+            "packageManager": "ms-python.python:pip"
+        }
+    ]
+}

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 TrustSource
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/Procfile ADDED Viewed

	@@ -0,0 +1 @@
1	+ echo "web: npm start"

package/README.md ADDED Viewed

@@ -0,0 +1,142 @@
+# Trustsource API
+x402-powered intelligence APIs for AI agents. Pay per use, no API keys, no accounts.
+## Quick Start
+### 1. Install dependencies
+```bash
+npm install
+```
+### 2. Configure environment
+```bash
+cp .env.example .env
+```
+Open `.env` and set **at minimum**:
+```
+PAY_TO_ADDRESS=0xYourBaseWalletAddress
+```
+Leave everything else as-is to run on **Base Sepolia testnet** (no real money).
+### 3. Run the server
+```bash
+npm run dev
+```
+You should see the startup banner at `http://localhost:3000`.
+---
+## Testing the x402 Flow
+### Free endpoints (no payment needed)
+```bash
+curl http://localhost:3000/
+curl http://localhost:3000/health
+```
+### Paid endpoint — what an unpaid agent sees
+```bash
+curl http://localhost:3000/trustscore?domain=example.com
+# Returns HTTP 402 with payment instructions in the PAYMENT-REQUIRED header
+```
+### Paid endpoint — bypass payment for local dev testing
+The x402 testnet facilitator at `https://facilitator.x402.org` accepts test payments.
+To fully test the payment flow, use an x402 client with a funded testnet wallet.
+Get Base Sepolia testnet ETH: https://sepolia.base.org/faucet
+Get testnet USDC: https://faucet.circle.com (select Base Sepolia)
+---
+## Switching to Mainnet (Production)
+1. In `.env`, change:
+   ```
+   NETWORK=eip155:8453
+   FACILITATOR_URL=https://api.cdp.coinbase.com/platform/v2/x402
+   CDP_API_KEY_ID=your-key-id
+   CDP_API_KEY_SECRET=your-key-secret
+   ```
+2. Make sure your `PAY_TO_ADDRESS` Base wallet has some ETH for gas.
+3. Your endpoints auto-list in the Bazaar/Agentic.Market after the first paid call clears.
+---
+## API Reference
+### `GET /trustscore`
+Returns a 0–100 trust score for any domain.
+**Payment:** 0.003 USDC per call (via x402)
+**Params:**
+- `?domain=example.com` — bare domain
+- `?url=https://example.com/some/path` — full URL (domain extracted)
+**Response:**
+```json
+{
+  "domain": "example.com",
+  "score": 80,
+  "maxScore": 100,
+  "tier": "TRUSTED",
+  "breakdown": {
+    "domainAge": 30,
+    "tld": 20,
+    "dnsPresence": 30,
+    "registrar": 20
+  },
+  "details": {
+    "age": { "days": 9720, "label": "established (5+ years)", "created": "...", "expires": "..." },
+    "tld": ".com",
+    "dns": { "hasARecord": true, "hasMxRecord": true, "mxRecords": ["mail.example.com"] },
+    "registrar": "GoDaddy"
+  },
+  "meta": {
+    "checkedAt": "2026-05-22T12:00:00.000Z",
+    "apiVersion": "1.0",
+    "paidWith": "x402/USDC"
+  }
+}
+```
+**Tiers:**
+| Score | Tier |
+|-------|------|
+| 75–100 | `TRUSTED` |
+| 50–74 | `MODERATE` |
+| 25–49 | `CAUTION` |
+| 0–24 | `HIGH_RISK` |
+---
+## Project Structure
+```
+agentbrain/
+├── src/
+│   ├── server.ts          # Express app + x402 middleware
+│   └── routes/
+│       └── trustscore.ts  # Domain analysis logic
+├── .env.example
+├── .env                   # Your config (git-ignored)
+├── package.json
+└── tsconfig.json
+```
+---
+## Roadmap
+- [x] Phase 1: TrustScore API
+- [ ] Phase 2: ResearchOracle API
+- [ ] Phase 3: SkillForge API
+- [ ] Phase 4: Bazaar/Agentic.Market listing
+- [ ] Phase 5: Cloudflare Workers deployment

package/mcp-server/.env.example ADDED Viewed

@@ -0,0 +1,7 @@
+# Base Mainnet wallet private key (must hold USDC + a small amount of ETH for gas).
+# Required. The server will exit on startup if not set.
+# DO NOT commit this file with a real key.
+WALLET_PRIVATE_KEY=0x00000000000000000000000000000000000000
+# Optional — override the TrustSource API base URL (useful for self-hosting or testing).
+# Defaults to https://api.trustsource.cc
+# TRUSTSOURCE_API_URL=https://api.trustsource.cc

package/mcp-server/README.md ADDED Viewed

@@ -0,0 +1,116 @@
+# trustsource-mcp
+MCP server exposing the [TrustSource](https://trustsource.cc) suite of x402-paid domain verification APIs to any MCP-compatible client (Claude Desktop, Claude Code, Cline, Continue, etc.).
+Four tools, each settled per-call in USDC on Base Mainnet. No API keys, no signups, no accounts — just a wallet.
+## Tools
+| Tool | Cost | What it does |
+|---|---|---|
+| `trustsource_score` | $0.003 USDC | Domain trust score 0–100 (WHOIS age, TLD, DNS, registrar) |
+| `trustsource_ssl` | $0.002 USDC | TLS certificate intelligence (chain, expiry, CA trust, TLS version) |
+| `trustsource_headers` | $0.003 USDC | HTTP security header audit (A+ to F grade) |
+| `trustsource_robots` | $0.002 USDC | robots.txt + AI bot policy across 24 known crawlers |
+## Install
+```bash
+npm install -g trustsource-mcp
+```
+Or run without installing:
+```bash
+npx -y trustsource-mcp
+```
+## Configure
+The server needs a Base Mainnet wallet private key. The wallet must hold:
+- A few cents of USDC (for paying per-call fees)
+- A small amount of ETH (for gas)
+Set the private key in your MCP client's environment, **not** in any committed file.
+### Claude Desktop
+Edit `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):
+```json
+{
+  "mcpServers": {
+    "trustsource": {
+      "command": "npx",
+      "args": ["-y", "trustsource-mcp"],
+      "env": {
+        "WALLET_PRIVATE_KEY": "0xYOUR_BASE_MAINNET_PRIVATE_KEY"
+      }
+    }
+  }
+}
+```
+Restart Claude Desktop. The four tools appear automatically.
+### Cline / Continue / other MCP clients
+Add to your client's MCP server configuration:
+```json
+{
+  "trustsource": {
+    "command": "npx",
+    "args": ["-y", "trustsource-mcp"],
+    "env": {
+      "WALLET_PRIVATE_KEY": "0x..."
+    }
+  }
+}
+```
+### Environment variables
+| Variable | Required | Default | Description |
+|---|---|---|---|
+| `WALLET_PRIVATE_KEY` | yes | — | Base Mainnet wallet private key with USDC + ETH for gas |
+| `TRUSTSOURCE_API_URL` | no | `https://api.trustsource.cc` | Override the API base URL (useful for testing) |
+## How it works
+1. The MCP client calls a tool (e.g. `trustsource_score`).
+2. This server makes an HTTP request to the corresponding TrustSource endpoint.
+3. The API returns HTTP 402 with a `PAYMENT-REQUIRED` header.
+4. `x402-fetch` signs an EIP-3009 USDC `transferWithAuthorization` for the exact amount.
+5. The request is retried with the signed payment in `X-PAYMENT`.
+6. The Coinbase Developer Platform facilitator settles on-chain.
+7. The API returns the JSON response. The MCP client receives the result.
+Total latency per call: typically 1–3 seconds including settlement.
+## Cost discipline
+If your agent is making many calls, deduplicate by domain client-side before invoking tools. The API caches responses (1 hour for `/trustscore` and `/sslcheck`, up to 12 hours for `/robots` and `/headers`), but the cache reduces latency, not price — every call costs the same regardless of whether it hits cache.
+Worst-case full domain audit: `trustsource_score` + `trustsource_ssl` + `trustsource_headers` + `trustsource_robots` = $0.010 USDC.
+## Build from source
+```bash
+git clone https://github.com/SurfEther/TrustSourceX402.git
+cd trustsource/mcp-server
+npm install
+npm run build
+npm start
+```
+## Links
+- TrustSource site: https://trustsource.cc
+- OpenAPI spec: https://api.trustsource.cc/openapi.json
+- Discoverable in Bazaar: https://agentic.market
+- Contact: hello@trustsource.cc
+## License
+MIT