x402-surface-check 0.2.20 → 0.2.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/bin/x402-surface-check.mjs +30 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -32,6 +32,7 @@ npx --yes x402-surface-check --endpoint --method POST --body '{"prompt":"price C
|
|
|
32
32
|
- Browser CORS allowance for the requesting origin and `X-PAYMENT`, including the actual 402 challenge response
|
|
33
33
|
- Cache-Control posture on no-payment challenge responses, with warnings for explicitly cacheable payment gates
|
|
34
34
|
- Grouped finding summaries for repeated route-wide issues, so large manifests keep the patch order readable
|
|
35
|
+
- Contextual reference guides for CORS, cache policy, Worker gates, resource echo, validation/auth ordering, and launch controls
|
|
35
36
|
- Over-broad public method surfaces
|
|
36
37
|
- Auth, validation, and free/trial responses that appear before a payment challenge, without piling on missing-field findings when no challenge was actually returned
|
|
37
38
|
- Operational health/status endpoints, without treating expected free health checks as paid-route failures
|
|
@@ -867,6 +867,29 @@ function groupedFindingSummary(findings) {
|
|
|
867
867
|
.map(([label, count]) => `- ${count} endpoints: ${label}`)
|
|
868
868
|
}
|
|
869
869
|
|
|
870
|
+
function referenceGuides(findings) {
|
|
871
|
+
const guides = []
|
|
872
|
+
const add = (label, url) => {
|
|
873
|
+
if (!guides.some(guide => guide.url === url)) guides.push({ label, url })
|
|
874
|
+
}
|
|
875
|
+
const text = findings.join('\n')
|
|
876
|
+
if (/CORS|402 challenge response does not allow the requesting origin|X-PAYMENT/i.test(text)) {
|
|
877
|
+
add('x402 CORS Fix', 'https://tateprograms.com/x402-cors-fix.html')
|
|
878
|
+
add('Cloudflare x402 Worker Starter', 'https://tateprograms.com/cloudflare-x402-worker.html')
|
|
879
|
+
}
|
|
880
|
+
if (/cacheable|Cache-Control|cache policy|shared caches/i.test(text)) {
|
|
881
|
+
add('Cloudflare x402 Worker Starter', 'https://tateprograms.com/cloudflare-x402-worker.html')
|
|
882
|
+
add('x402 Attack Map 2026', 'https://tateprograms.com/x402-attack-map-2026.html')
|
|
883
|
+
}
|
|
884
|
+
if (/validation HTTP \d+ before a payment challenge|auth HTTP \d+ before a payment challenge|replay|idempotency/i.test(text)) {
|
|
885
|
+
add('x402 Launch Checklist', 'https://tateprograms.com/x402-launch-checklist.html')
|
|
886
|
+
}
|
|
887
|
+
if (/resource URL|resource echo|accepts\[0\]\.extra\.resource/i.test(text)) {
|
|
888
|
+
add('x402 Surface Check notes', 'https://tateprograms.com/x402-surface-check.html')
|
|
889
|
+
}
|
|
890
|
+
return guides.map(guide => `- ${guide.label}: ${guide.url}`)
|
|
891
|
+
}
|
|
892
|
+
|
|
870
893
|
function formatMarkdown(report) {
|
|
871
894
|
const document = report.document.body.json ?? {}
|
|
872
895
|
const challengeRows = report.challenges.map(result => {
|
|
@@ -880,6 +903,7 @@ function formatMarkdown(report) {
|
|
|
880
903
|
return `| ${result.name} | ${result.method ?? 'POST'} | ${result.status} | ${cachePolicy(result.headers) || '-'} |`
|
|
881
904
|
})
|
|
882
905
|
const findingSummary = groupedFindingSummary(report.findings)
|
|
906
|
+
const guides = referenceGuides(report.findings)
|
|
883
907
|
|
|
884
908
|
return [
|
|
885
909
|
'# x402 Public Surface Check',
|
|
@@ -929,6 +953,12 @@ function formatMarkdown(report) {
|
|
|
929
953
|
'',
|
|
930
954
|
...(report.findings.length ? report.findings.map(item => `- ${item}`) : ['- No obvious launch-readiness findings from the public no-payment probes.']),
|
|
931
955
|
'',
|
|
956
|
+
...(guides.length ? [
|
|
957
|
+
'## Reference Guides',
|
|
958
|
+
'',
|
|
959
|
+
...guides,
|
|
960
|
+
'',
|
|
961
|
+
] : []),
|
|
932
962
|
].join('\n')
|
|
933
963
|
}
|
|
934
964
|
|