wolverine-ai 5.0.4 → 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/src/brain/brain.js +6 -2
  3. package/src/middleware/x402-fastify.js +2 -2
  4. package/src/vault/wallet-ops.js +9 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wolverine-ai",
3
- "version": "5.0.4",
3
+ "version": "5.1.0",
4
4
  "description": "Self-healing Node.js server framework powered by AI. Catches crashes, diagnoses errors, generates fixes, verifies, and restarts — automatically.",
5
5
  "main": "src/index.js",
6
6
  "bin": {
package/src/brain/brain.js CHANGED
@@ -190,8 +190,12 @@ const SEED_DOCS = [
190
190
  metadata: { topic: "notifications" },
191
191
  },
192
192
  {
193
- text: "Vault + x402 payments: encrypted key storage in .wolverine/vault/. AES-256-GCM. Private key NEVER as JS string Buffer only, wiped after use. x402 protocol: HTTP 402 Payment Required for USDC payments on Base. Fastify plugin (src/middleware/x402-fastify.js) adds crypto to any route via config flag. Fixed price: { config: { x402: { price: '$0.10' } } }. Variable price (credit purchases): { config: { x402: { variable: true, min: '$1', max: '$10000', priceField: 'dollars' } } } reads amount from request body. Flow: client requests → 402 with Payment-Required header client SDK signs USDC auth → retries with Payment-Signature → server verifies via facilitator 200 + receipt. req.x402.paid/amount/txHash available in handler after payment. Vault wallet is auto-detected as payTo. GET /x402/info shows payment config. Buyer SDKs: @x402/fetch, @x402/axios auto-handle 402→sign→retry.",
194
- metadata: { topic: "vault-x402" },
193
+ text: "x402 paid APIs turn any route into a paid API with one flag. Register the plugin once: fastify.register(require('wolverine-ai/src/middleware/x402-fastify')). Then add { config: { x402: { price: '$0.10' } } } to any route definition. That's it the route now requires USDC payment on Base. Routes WITHOUT x402 config are completely unaffected (zero overhead). Two modes: (1) Fixed price: { x402: { price: '$0.10' } } every call costs exactly $0.10. (2) Variable price: { x402: { variable: true, min: '$1', max: '$10000', priceField: 'dollars' } } — caller specifies amount in request body. Flow: no Payment-Signature header → 402 + Payment-Required header with price/network/payTo. Client SDK (@x402/fetch or wallet signing) handles payment → retries with Payment-Signature → middleware verifies signature (EIP-3009 TransferWithAuthorization for USDC, or x402 facilitator) → req.x402 = { paid: true, amount: '$5.00', from: '0x...', txHash } handler runs. Vault wallet auto-detected as payTo address. Wolverine's adaptive rate limiter still protects paid routes from overload. Analytics track paid vs free calls. CLI: wolverine --x402-info shows setup guide.",
194
+ metadata: { topic: "x402-paid-apis" },
195
+ },
196
+ {
197
+ text: "x402 examples — making a paid API is as simple as adding a route. FREE route (normal): fastify.get('/api/data', async (req) => { return getData(); }). PAID route (just add x402 flag): fastify.get('/api/premium-data', { config: { x402: { price: '$0.01' } } }, async (req) => { return getPremiumData(); }). CREDIT PURCHASE route (variable): fastify.post('/buy-credits', { config: { x402: { variable: true, min: '$1', max: '$10000', priceField: 'dollars' } } }, async (req) => { const credits = parseFloat(req.x402.amount.replace('$','')) * 100; await addCredits(req.body.accountId, credits); return { credits }; }). Payment verification is automatic — the handler only runs after USDC is confirmed. No blockchain code needed in route handlers.",
198
+ metadata: { topic: "x402-examples" },
195
199
  },
196
200
  {
197
201
  text: "MCP integration: connect external tools via Model Context Protocol. Configure in .wolverine/mcp.json with per-server tool allowlists. Security: arg sanitization (secrets redacted before sending to MCP servers), result injection scanning, rate limiting per server, audit logging. Tools appear as mcp__server__tool in the agent. Supports stdio and HTTP transports.",
package/src/middleware/x402-fastify.js CHANGED
@@ -187,8 +187,8 @@ async function _verifyPayment(paymentSig, price) {
187
187
  try {
188
188
  const { ethers } = require("ethers");
189
189
  // Normalize all addresses to proper EIP-55 checksum format
190
- const fromAddr = ethers.getAddress(auth.from);
191
- const toAddr = ethers.getAddress(auth.to);
190
+ const fromAddr = ethers.getAddress(auth.from.toLowerCase());
191
+ const toAddr = ethers.getAddress(auth.to.toLowerCase());
192
192
 
193
193
  const domain = {
194
194
  name: "USD Coin",
package/src/vault/wallet-ops.js CHANGED
@@ -119,7 +119,15 @@ function _getCrypto() {
119
119
  const crypto = require("crypto");
120
120
 
121
121
  function keccak256(data) {
122
- return crypto.createHash("sha3-256").update(data).digest();
122
+ // Ethereum uses keccak256 (NOT NIST SHA3-256)
123
+ try {
124
+ const { keccak256: k } = require("ethers");
125
+ const buf = data instanceof Uint8Array ? data : Buffer.from(data);
126
+ const hex = k(buf);
127
+ return Buffer.from(hex.slice(2), "hex");
128
+ } catch {
129
+ return crypto.createHash("sha3-256").update(data).digest();
130
+ }
123
131
  }
124
132
 
125
133
  function getPublicKey(privKeyBuf, compressed = false) {