x402-surface-check 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/bin/x402-surface-check.mjs +14 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -14,7 +14,7 @@ npx --yes x402-surface-check --endpoint --method POST https://x402.rpc.ankr.com/
|
|
|
14
14
|
|
|
15
15
|
## What It Checks
|
|
16
16
|
|
|
17
|
-
- Manifest endpoint discovery from `endpoints[]`, `x402Endpoints`, category arrays, resource strings, and OpenAPI paths
|
|
17
|
+
- Manifest endpoint discovery from `items[]`, `endpoints[]`, `x402Endpoints`, category arrays, resource strings, and OpenAPI paths
|
|
18
18
|
- No-payment HTTP 402 challenge shape
|
|
19
19
|
- x402 v1 and v2 price fields
|
|
20
20
|
- MPP `WWW-Authenticate: Payment` challenges
|
|
@@ -151,6 +151,19 @@ function endpointEntries(document, sourceUrl, limit) {
|
|
|
151
151
|
}
|
|
152
152
|
}
|
|
153
153
|
|
|
154
|
+
if (Array.isArray(document.items)) {
|
|
155
|
+
for (const item of document.items) {
|
|
156
|
+
if (item?.type && item.type !== 'http') continue
|
|
157
|
+
const rawPath = item?.resource ?? item?.url ?? item?.endpoint ?? item?.path
|
|
158
|
+
if (!rawPath) continue
|
|
159
|
+
entries.push({
|
|
160
|
+
name: item.metadata?.name ?? item.id ?? item.name ?? String(rawPath).split('/').filter(Boolean).at(-1) ?? String(rawPath),
|
|
161
|
+
url: endpointUrl(rawPath, baseUrl, sourceUrl),
|
|
162
|
+
method: String(item.method ?? 'GET').toUpperCase(),
|
|
163
|
+
})
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
|
|
154
167
|
if (document.openapi && document.paths && typeof document.paths === 'object') {
|
|
155
168
|
const baseUrl = document.servers?.find(server => typeof server?.url === 'string')?.url
|
|
156
169
|
?? sourceUrl
|
|
@@ -385,7 +398,7 @@ function findingList(documentResult, challengeResults, preflightResults, entries
|
|
|
385
398
|
}
|
|
386
399
|
|
|
387
400
|
if (entries.length === 0) {
|
|
388
|
-
findings.push('P1 - Document does not expose any manifest, OpenAPI, category, or resource endpoints for no-payment probes.')
|
|
401
|
+
findings.push('P1 - Document does not expose any manifest, OpenAPI, item, category, or resource endpoints for no-payment probes.')
|
|
389
402
|
}
|
|
390
403
|
|
|
391
404
|
for (const result of challengeResults) {
|