x402scan-mcp 0.0.1 → 0.0.3

package/dist/index.js

@@ -438,6 +438,73 @@ import { randomBytes as randomBytes2 } from "crypto";
 import { x402Client } from "@x402/core/client";
 import { x402HTTPClient } from "@x402/core/http";
 import { registerExactEvmScheme } from "@x402/evm/exact/client";
+
+// src/x402/normalize.ts
+function isV1Response(pr) {
+  if (!pr || typeof pr !== "object") return false;
+  const obj = pr;
+  if (obj.x402Version === 1) return true;
+  const accepts = obj.accepts;
+  if (Array.isArray(accepts) && accepts.length > 0) {
+    return "maxAmountRequired" in accepts[0];
+  }
+  return false;
+}
+function normalizeV1Requirement(req) {
+  if (!req.maxAmountRequired) {
+    throw new Error("v1 requirement missing maxAmountRequired field");
+  }
+  return {
+    scheme: req.scheme,
+    network: req.network,
+    amount: req.maxAmountRequired,
+    // Map to unified 'amount' field
+    asset: req.asset,
+    payTo: req.payTo,
+    maxTimeoutSeconds: req.maxTimeoutSeconds,
+    extra: req.extra,
+    // Preserve v1-specific embedded resource fields
+    resource: req.resource,
+    description: req.description,
+    mimeType: req.mimeType
+  };
+}
+function normalizeV2Requirement(req) {
+  if (!req.amount) {
+    throw new Error("v2 requirement missing amount field");
+  }
+  return {
+    scheme: req.scheme,
+    network: req.network,
+    amount: req.amount,
+    asset: req.asset,
+    payTo: req.payTo,
+    maxTimeoutSeconds: req.maxTimeoutSeconds,
+    extra: req.extra
+  };
+}
+function normalizePaymentRequired(pr) {
+  const version = pr.x402Version ?? 1;
+  if (isV1Response(pr)) {
+    const v1Pr = pr;
+    return {
+      x402Version: 1,
+      error: v1Pr.error,
+      accepts: v1Pr.accepts.map(normalizeV1Requirement)
+    };
+  } else {
+    const v2Pr = pr;
+    return {
+      x402Version: version,
+      error: v2Pr.error,
+      accepts: v2Pr.accepts.map(normalizeV2Requirement),
+      resource: v2Pr.resource,
+      extensions: v2Pr.extensions
+    };
+  }
+}
+
+// src/x402/client.ts
 function createX402Client(config) {
   const { account, preferredNetwork } = config;
   const coreClient = new x402Client(
@@ -502,6 +569,7 @@ async function makeX402Request(httpClient, url, options = {}) {
     }
   }
   log.debug("Got 402 Payment Required, parsing requirements...");
+  let rawPaymentRequired;
   let paymentRequired;
   let responseBody;
   try {
@@ -510,11 +578,12 @@ async function makeX402Request(httpClient, url, options = {}) {
     } catch {
       responseBody = void 0;
     }
-    paymentRequired = httpClient.getPaymentRequiredResponse(
+    rawPaymentRequired = httpClient.getPaymentRequiredResponse(
       (name) => firstResponse.headers.get(name),
       responseBody
     );
-    logPaymentRequired(paymentRequired);
+    paymentRequired = normalizePaymentRequired(rawPaymentRequired);
+    logPaymentRequired(rawPaymentRequired);
   } catch (err) {
     return {
       success: false,
@@ -532,7 +601,7 @@ async function makeX402Request(httpClient, url, options = {}) {
   log.debug("Creating payment payload...");
   let paymentPayload;
   try {
-    paymentPayload = await httpClient.createPaymentPayload(paymentRequired);
+    paymentPayload = await httpClient.createPaymentPayload(rawPaymentRequired);
     log.debug(`Payment created for network: ${paymentPayload.accepted?.network}`);
   } catch (err) {
     return {
@@ -647,10 +716,11 @@ async function queryEndpoint(url, httpClient, options = {}) {
     rawBody = void 0;
   }
   try {
-    const paymentRequired = httpClient.getPaymentRequiredResponse(
+    const rawPaymentRequired = httpClient.getPaymentRequiredResponse(
       (name) => response.headers.get(name),
       rawBody
     );
+    const paymentRequired = normalizePaymentRequired(rawPaymentRequired);
     return {
       success: true,
       statusCode: 402,
@@ -757,12 +827,21 @@ import { z as z2 } from "zod";
 var PaymentRequirementsSchema = z2.object({
   scheme: z2.string(),
   network: z2.string(),
-  amount: z2.string(),
+  amount: z2.string().optional(),
+  // v2 field name
+  maxAmountRequired: z2.string().optional(),
+  // v1 field name
   asset: z2.string(),
   payTo: z2.string(),
   maxTimeoutSeconds: z2.number(),
   extra: z2.record(z2.unknown()).optional()
-});
+}).refine((data) => data.amount || data.maxAmountRequired, {
+  message: "Either amount (v2) or maxAmountRequired (v1) must be provided"
+}).transform((data) => ({
+  ...data,
+  // Normalize to 'amount' internally
+  amount: data.amount ?? data.maxAmountRequired
+}));
 function registerValidatePaymentTool(server) {
   server.tool(
     "validate_payment",
@@ -935,6 +1014,170 @@ function registerExecuteCallTool(server) {
   );
 }
 
+// src/tools/siwe.ts
+import { z as z4 } from "zod";
+import { SiweMessage, generateNonce } from "siwe";
+var CHAIN_IDS = {
+  mainnet: 1,
+  base: 8453,
+  "base-sepolia": 84532,
+  optimism: 10,
+  arbitrum: 42161,
+  polygon: 137,
+  sepolia: 11155111
+};
+function registerCreateSiweProofTool(server) {
+  server.tool(
+    "create_siwe_proof",
+    "Create a SIWE (Sign-In with Ethereum) proof for wallet authentication. Returns a proof string to use in X-SIWE-PROOF header.",
+    {
+      domain: z4.string().describe(
+        'Domain requesting auth (e.g., "localhost:3000" or "stablestudio.io")'
+      ),
+      uri: z4.string().url().describe('Full URI of the API (e.g., "http://localhost:3000")'),
+      statement: z4.string().optional().default("Authenticate to API").describe("Human-readable statement"),
+      chainId: z4.number().optional().describe(
+        "Chain ID (default: 8453 for Base). Common IDs: 1=mainnet, 8453=base, 84532=base-sepolia, 10=optimism"
+      ),
+      chain: z4.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().describe("Chain name (alternative to chainId). Default: base"),
+      expirationMinutes: z4.number().optional().default(60).describe("Proof validity in minutes")
+    },
+    async ({ domain, uri, statement, chainId, chain, expirationMinutes }) => {
+      try {
+        const { account, address } = await getOrCreateWallet();
+        const resolvedChainId = chainId ?? (chain ? CHAIN_IDS[chain] : CHAIN_IDS.base);
+        const siweMessage = new SiweMessage({
+          domain,
+          address,
+          statement,
+          uri,
+          version: "1",
+          chainId: resolvedChainId,
+          nonce: generateNonce(),
+          issuedAt: (/* @__PURE__ */ new Date()).toISOString(),
+          expirationTime: new Date(
+            Date.now() + expirationMinutes * 60 * 1e3
+          ).toISOString()
+        });
+        const message = siweMessage.prepareMessage();
+        const signature = await account.signMessage({ message });
+        const proof = JSON.stringify({
+          message: JSON.stringify(siweMessage),
+          signature
+        });
+        return mcpSuccess({
+          proof,
+          address,
+          chainId: resolvedChainId,
+          expiresAt: siweMessage.expirationTime,
+          usage: "Add to request headers as: X-SIWE-PROOF: <proof>"
+        });
+      } catch (err) {
+        return mcpError(err, { tool: "create_siwe_proof" });
+      }
+    }
+  );
+}
+
+// src/tools/fetch_with_siwe.ts
+import { z as z5 } from "zod";
+import { SiweMessage as SiweMessage2, generateNonce as generateNonce2 } from "siwe";
+var CHAIN_IDS2 = {
+  mainnet: 1,
+  base: 8453,
+  "base-sepolia": 84532,
+  optimism: 10,
+  arbitrum: 42161,
+  polygon: 137,
+  sepolia: 11155111
+};
+async function createSiweProof(account, domain, uri, chainId) {
+  const siweMessage = new SiweMessage2({
+    domain,
+    address: account.address,
+    statement: "Authenticate to API",
+    uri,
+    version: "1",
+    chainId,
+    nonce: generateNonce2(),
+    issuedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    expirationTime: new Date(Date.now() + 36e5).toISOString()
+  });
+  const message = siweMessage.prepareMessage();
+  const signature = await account.signMessage({ message });
+  return JSON.stringify({
+    message: JSON.stringify(siweMessage),
+    signature
+  });
+}
+function registerFetchWithSiweTool(server) {
+  server.tool(
+    "fetch_with_siwe",
+    "Make an HTTP request with automatic SIWE wallet authentication. Useful for APIs that require wallet ownership proof.",
+    {
+      url: z5.string().url().describe("The URL to fetch"),
+      method: z5.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).optional().default("GET"),
+      body: z5.unknown().optional().describe("Request body for POST/PUT/PATCH"),
+      headers: z5.record(z5.string()).optional().describe("Additional headers"),
+      siweHeader: z5.string().optional().default("X-SIWE-PROOF").describe("Header name for SIWE proof"),
+      chainId: z5.number().optional().describe(
+        "Chain ID for SIWE proof (default: 8453 for Base). Common IDs: 1=mainnet, 8453=base, 84532=base-sepolia"
+      ),
+      chain: z5.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().describe("Chain name (alternative to chainId). Default: base")
+    },
+    async ({ url, method, body, headers, siweHeader, chainId, chain }) => {
+      try {
+        const { account } = await getOrCreateWallet();
+        const parsedUrl = new URL(url);
+        const resolvedChainId = chainId ?? (chain ? CHAIN_IDS2[chain] : CHAIN_IDS2.base);
+        const proof = await createSiweProof(
+          account,
+          parsedUrl.host,
+          parsedUrl.origin,
+          resolvedChainId
+        );
+        const response = await fetch(url, {
+          method,
+          headers: {
+            "Content-Type": "application/json",
+            [siweHeader]: proof,
+            ...headers
+          },
+          body: body ? JSON.stringify(body) : void 0
+        });
+        const responseHeaders = Object.fromEntries(response.headers.entries());
+        if (!response.ok) {
+          let errorBody;
+          try {
+            errorBody = await response.json();
+          } catch {
+            errorBody = await response.text();
+          }
+          return mcpError(`HTTP ${response.status}`, {
+            statusCode: response.status,
+            headers: responseHeaders,
+            body: errorBody
+          });
+        }
+        let data;
+        const contentType = response.headers.get("content-type");
+        if (contentType?.includes("application/json")) {
+          data = await response.json();
+        } else {
+          data = await response.text();
+        }
+        return mcpSuccess({
+          statusCode: response.status,
+          headers: responseHeaders,
+          data
+        });
+      } catch (err) {
+        return mcpError(err, { tool: "fetch_with_siwe", url });
+      }
+    }
+  );
+}
+
 // src/index.ts
 async function main() {
   log.clear();
@@ -947,7 +1190,9 @@ async function main() {
   registerQueryEndpointTool(server);
   registerValidatePaymentTool(server);
   registerExecuteCallTool(server);
-  log.info("Registered 4 tools: check_balance, query_endpoint, validate_payment, execute_call");
+  registerCreateSiweProofTool(server);
+  registerFetchWithSiweTool(server);
+  log.info("Registered 6 tools: check_balance, query_endpoint, validate_payment, execute_call, create_siwe_proof, fetch_with_siwe");
   const transport = new StdioServerTransport();
   await server.connect(transport);
   log.info(`Connected to transport, ready for requests. Log file: ${log.path}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "x402scan-mcp",
-  "version": "0.0.1",
+  "version": "0.0.3",
   "description": "Generic MCP server for calling x402-protected APIs with automatic payment handling",
   "type": "module",
   "main": "dist/index.js",
@@ -10,19 +10,11 @@
   "files": [
     "dist"
   ],
-  "scripts": {
-    "build": "tsup",
-    "build:mcpb": "tsx scripts/build-mcpb.ts",
-    "dev": "tsx src/index.ts",
-    "dev:bun": "bun run src/index.ts",
-    "typecheck": "tsc --noEmit",
-    "publish-package": "tsx scripts/publish.ts",
-    "prepublishOnly": "npm run build"
-  },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.6.1",
     "@x402/core": "^2.0.0",
     "@x402/evm": "^2.0.0",
+    "siwe": "^2.3.2",
     "viem": "^2.31.3",
     "zod": "^3.25.1"
   },
@@ -50,5 +42,13 @@
   "repository": {
     "type": "git",
     "url": "https://github.com/merit-systems/x402scan-mcp"
+  },
+  "scripts": {
+    "build": "tsup",
+    "build:mcpb": "tsx scripts/build-mcpb.ts",
+    "dev": "tsx src/index.ts",
+    "dev:bun": "bun run src/index.ts",
+    "typecheck": "tsc --noEmit",
+    "publish-package": "tsx scripts/publish.ts"
   }
-}
+}