npm - wolverine-ai - Versions diffs - 4.9.0 → 5.0.1 - Mend

wolverine-ai 4.9.0 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/bin/wolverine.js +24 -0
package/package.json +3 -2
package/src/brain/brain.js +2 -2
package/src/middleware/x402-fastify.js +197 -0
package/src/skills/vault.js +2 -2

package/bin/wolverine.js CHANGED Viewed

@@ -38,6 +38,7 @@ ${chalk.bold("Options:")}
   --workers <n>    Force specific worker count
   --info           Show system info and exit
   --init           Scan server/ and build context map (routes, DB, config, deps)
+  --x402-info      Show x402 payment configuration
 ${chalk.bold("Configuration:")}
   server/config/settings.json    Models, telemetry, limits, health checks
@@ -66,6 +67,29 @@ if (args.includes("--info")) {
 }
 // --init: scan server/ and build context map
+// --x402-info: show payment configuration
+if (args.includes("--x402-info")) {
+  (async () => {
+    let payTo = "not configured";
+    try {
+      const { getWalletAddress } = require("../src/vault/wallet-ops");
+      payTo = await getWalletAddress();
+    } catch {}
+    console.log(chalk.blue("\n  💰 x402 Payment Configuration\n"));
+    console.log(chalk.gray(`     Wallet:      ${payTo}`));
+    console.log(chalk.gray(`     Network:     Base (eip155:8453)`));
+    console.log(chalk.gray(`     Token:       USDC`));
+    console.log(chalk.gray(`     Protocol:    x402 (HTTP 402 Payment Required)`));
+    console.log(chalk.gray(`     Facilitator: x402.org`));
+    console.log(chalk.gray(`\n     Add to any Fastify route:`));
+    console.log(chalk.cyan(`       { config: { x402: { price: "$0.10" } } }`));
+    console.log(chalk.gray(`\n     Variable pricing (credit purchases):`));
+    console.log(chalk.cyan(`       { config: { x402: { variable: true, min: "$1", max: "$10000", priceField: "dollars" } } }\n`));
+    process.exit(0);
+  })();
+  return;
+}
 if (args.includes("--init")) {
   const { scan } = require("../src/core/server-context");
   console.log(chalk.blue("\n  🔍 Scanning server/ directory...\n"));

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "wolverine-ai",
-  "version": "4.9.0",
+  "version": "5.0.1",
   "description": "Self-healing Node.js server framework powered by AI. Catches crashes, diagnoses errors, generates fixes, verifies, and restarts — automatically.",
   "main": "src/index.js",
   "bin": {
@@ -66,7 +66,8 @@
     "ethers": "^6.0.0",
     "ioredis": "^5.0.0",
     "pg": "^8.0.0",
-    "stripe": "^18.0.0"
+    "stripe": "^18.0.0",
+    "viem": "^2.0.0"
   },
   "engines": {
     "node": ">=18.0.0"

package/src/brain/brain.js CHANGED Viewed

@@ -190,8 +190,8 @@ const SEED_DOCS = [
     metadata: { topic: "notifications" },
   },
   {
-    text: "Vault: encrypted key storage in .wolverine/vault/. AES-256-GCM encryption. master.key (32 bytes raw) encrypts eth.vault (Ethereum private key). Generated on first run if missing. Private key NEVER exists as a JS string — only Buffer, wiped after use. wallet-ops.js exposes getWalletAddress(), signTransaction(), signMessage() — all decrypt→use→wipe with generic error messages only. Injection detector blocks heal if 0x+64hex chars detected in error (key_leak_critical). Redactor scrubs all hex key patterns. Sandbox blocks agent access to vault paths. Backed up in every snapshot. Rollback-protected (NEVER_ROLLBACK list). Vault skill in src/skills/vault.js for agent discovery. Server code uses vault skill to earn/spend ETH without touching the private key.",
-    metadata: { topic: "vault-security" },
+    text: "Vault + x402 payments: encrypted key storage in .wolverine/vault/. AES-256-GCM. Private key NEVER as JS string — Buffer only, wiped after use. x402 protocol: HTTP 402 Payment Required for USDC payments on Base. Fastify plugin (src/middleware/x402-fastify.js) adds crypto to any route via config flag. Fixed price: { config: { x402: { price: '$0.10' } } }. Variable price (credit purchases): { config: { x402: { variable: true, min: '$1', max: '$10000', priceField: 'dollars' } } } — reads amount from request body. Flow: client requests → 402 with Payment-Required header → client SDK signs USDC auth → retries with Payment-Signature → server verifies via facilitator → 200 + receipt. req.x402.paid/amount/txHash available in handler after payment. Vault wallet is auto-detected as payTo. GET /x402/info shows payment config. Buyer SDKs: @x402/fetch, @x402/axios auto-handle 402→sign→retry.",
+    metadata: { topic: "vault-x402" },
   },
   {
     text: "MCP integration: connect external tools via Model Context Protocol. Configure in .wolverine/mcp.json with per-server tool allowlists. Security: arg sanitization (secrets redacted before sending to MCP servers), result injection scanning, rate limiting per server, audit logging. Tools appear as mcp__server__tool in the agent. Supports stdio and HTTP transports.",

package/src/middleware/x402-fastify.js ADDED Viewed

@@ -0,0 +1,197 @@
+const fs = require("fs");
+const path = require("path");
+/**
+ * x402 Fastify Plugin — add crypto payments to any route with one flag.
+ *
+ * Makes it dead simple to accept USDC payments on Base network.
+ * The developer marks a route with x402 config, and the middleware
+ * handles the 402 → payment → verification → callback flow.
+ *
+ * Two modes:
+ *   Fixed price:    { x402: { price: "$0.01" } }
+ *   Variable price: { x402: { variable: true, min: "$1", max: "$10000" } }
+ *
+ * Example — fixed price route:
+ *   fastify.get("/premium-data", { config: { x402: { price: "$0.10" } } }, handler)
+ *
+ * Example — variable price (credit purchase):
+ *   fastify.post("/buy-credits", {
+ *     config: {
+ *       x402: {
+ *         variable: true,
+ *         min: "$1",
+ *         max: "$10000",
+ *         priceField: "dollars",  // reads amount from request body
+ *       }
+ *     }
+ *   }, async (req, reply) => {
+ *     // req.x402.paid === true, req.x402.amount === "$5.00"
+ *     addCredits(req.x402.amount);
+ *     return { credits: newBalance };
+ *   })
+ *
+ * The payment receipt is in req.x402 after verification:
+ *   { paid: true, amount: "$5.00", receipt: {...}, txHash: "0x..." }
+ */
+let _payTo = null;
+let _network = "eip155:8453";
+let _facilitatorUrl = "https://x402.org/facilitator";
+async function x402Plugin(fastify, opts) {
+  // Config
+  _network = opts.network || _network;
+  _facilitatorUrl = opts.facilitator || _facilitatorUrl;
+  _payTo = opts.payTo || null;
+  // Load from settings.json
+  try {
+    const settingsPath = path.join(process.cwd(), "server", "config", "settings.json");
+    const settings = JSON.parse(fs.readFileSync(settingsPath, "utf-8"));
+    if (settings.x402?.network) _network = settings.x402.network;
+    if (settings.x402?.facilitator) _facilitatorUrl = settings.x402.facilitator;
+    if (settings.x402?.payTo) _payTo = settings.x402.payTo;
+  } catch {}
+  // Auto-detect payTo from vault
+  if (!_payTo) {
+    try {
+      const { getWalletAddress } = require("../vault/wallet-ops");
+      _payTo = await getWalletAddress();
+    } catch {}
+  }
+  if (_payTo) {
+    console.log(`  💰 x402: payments to ${_payTo.slice(0, 6)}...${_payTo.slice(-4)} on ${_network}`);
+  }
+  // ── Route-level x402 hook ──
+  fastify.addHook("onRequest", async (request, reply) => {
+    // Check if this route has x402 config
+    const routeConfig = request.routeOptions?.config?.x402 || request.context?.config?.x402;
+    if (!routeConfig) return; // Not an x402 route
+    if (!_payTo) {
+      reply.code(500).send({ error: "x402 not configured — no wallet address" });
+      return;
+    }
+    // Determine the price
+    let price;
+    if (routeConfig.variable) {
+      // Variable pricing — read amount from request body or query
+      const field = routeConfig.priceField || "dollars";
+      const raw = request.body?.[field] || request.query?.[field];
+      if (!raw) {
+        reply.code(400).send({
+          error: `${field} required`,
+          x402: { variable: true, min: routeConfig.min || "$1", max: routeConfig.max || "$10000" },
+        });
+        return;
+      }
+      const amount = parseFloat(String(raw).replace("$", ""));
+      const min = parseFloat((routeConfig.min || "$1").replace("$", ""));
+      const max = parseFloat((routeConfig.max || "$10000").replace("$", ""));
+      if (isNaN(amount) || amount < min || amount > max) {
+        reply.code(400).send({ error: `Amount must be $${min}-$${max}` });
+        return;
+      }
+      price = "$" + amount.toFixed(2);
+    } else {
+      price = routeConfig.price;
+      if (!price) { reply.code(500).send({ error: "x402 route missing price config" }); return; }
+    }
+    const paymentSig = request.headers["payment-signature"];
+    // No payment — return 402 with payment instructions
+    if (!paymentSig) {
+      const instructions = {
+        accepts: [{
+          scheme: "exact",
+          price,
+          network: _network,
+          payTo: _payTo,
+        }],
+        description: routeConfig.description || `Payment for ${request.method} ${request.url}`,
+        mimeType: "application/json",
+      };
+      reply
+        .code(402)
+        .header("Payment-Required", JSON.stringify(instructions))
+        .send({
+          error: "Payment Required",
+          price,
+          network: _network,
+          payTo: _payTo,
+          protocol: "x402",
+          ...(routeConfig.variable ? { variable: true, min: routeConfig.min, max: routeConfig.max, priceField: routeConfig.priceField || "dollars" } : {}),
+        });
+      return;
+    }
+    // Payment present — verify
+    const verified = await _verifyPayment(paymentSig, price);
+    if (verified.valid) {
+      reply.header("Payment-Response", JSON.stringify(verified.receipt || {}));
+      request.x402 = { paid: true, amount: price, receipt: verified.receipt, txHash: verified.txHash };
+      return; // continue to route handler
+    }
+    reply.code(402).send({ error: "Payment verification failed", price, payTo: _payTo });
+  });
+  // ── Public pricing endpoint ──
+  fastify.get("/x402/info", async () => ({
+    payTo: _payTo,
+    network: _network,
+    facilitator: _facilitatorUrl,
+    protocol: "x402",
+    docs: "https://docs.cdp.coinbase.com/x402/welcome",
+  }));
+}
+async function _verifyPayment(paymentSig, price) {
+  try {
+    // Try @x402/core if available
+    const { HTTPFacilitatorClient } = require("@x402/core/server");
+    const facilitator = new HTTPFacilitatorClient({ url: _facilitatorUrl });
+    const result = await facilitator.verify({
+      paymentSignature: paymentSig,
+      routeConfig: { accepts: [{ scheme: "exact", price, network: _network, payTo: _payTo }] },
+    });
+    return { valid: result.valid, receipt: result.receipt, txHash: result.txHash };
+  } catch {
+    // Fallback: raw HTTP to facilitator
+    try {
+      const https = require("https");
+      const http = require("http");
+      const url = new (require("url").URL)(_facilitatorUrl + "/verify");
+      const body = JSON.stringify({
+        paymentSignature: paymentSig,
+        routeConfig: { accepts: [{ scheme: "exact", price, network: _network, payTo: _payTo }] },
+      });
+      return new Promise((resolve) => {
+        const client = url.protocol === "https:" ? https : http;
+        const req = client.request({
+          hostname: url.hostname, port: url.port, path: url.pathname, method: "POST",
+          headers: { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(body) },
+          timeout: 10000,
+        }, (res) => {
+          let data = "";
+          res.on("data", (c) => data += c);
+          res.on("end", () => {
+            try { const p = JSON.parse(data); resolve({ valid: p.valid || p.success, receipt: p, txHash: p.txHash }); }
+            catch { resolve({ valid: false }); }
+          });
+        });
+        req.on("error", () => resolve({ valid: false }));
+        req.write(body);
+        req.end();
+      });
+    } catch { return { valid: false }; }
+  }
+}
+x402Plugin[Symbol.for("skip-override")] = true;
+module.exports = x402Plugin;

package/src/skills/vault.js CHANGED Viewed

@@ -10,8 +10,8 @@
  */
 const SKILL_NAME = "vault";
-const SKILL_DESCRIPTION = "Secure Ethereum wallet — sign transactions, get address, check balance. Private key encrypted at rest, never exposed in code or errors.";
-const SKILL_KEYWORDS = ["wallet", "ethereum", "eth", "sign", "transaction", "vault", "private key", "address", "crypto", "blockchain", "send", "transfer"];
+const SKILL_DESCRIPTION = "Secure Ethereum wallet + x402 payments — sign transactions, get address, manage paid API routes. Private key encrypted at rest via AES-256-GCM, never exposed in code or errors. x402 support: set prices on routes, receive USDC on Base network.";
+const SKILL_KEYWORDS = ["wallet", "ethereum", "eth", "sign", "transaction", "vault", "private key", "address", "crypto", "blockchain", "send", "transfer", "x402", "payment", "usdc", "base", "price", "paid", "api"];
 const SKILL_USAGE = `
   vault.status()           — check if vault is initialized, show address
   vault.address()          — get the wallet's Ethereum address