x402scan-mcp 0.0.2 → 0.0.4

package/dist/index.js

@@ -745,7 +745,7 @@ async function queryEndpoint(url, httpClient, options = {}) {
 function registerQueryEndpointTool(server) {
   server.tool(
     "query_endpoint",
-    "Probe an x402-protected endpoint to get pricing and schema without making a payment. Returns payment requirements, accepted networks, and Bazaar schema if available.",
+    "Probe an x402-protected endpoint to get pricing and requirements without payment. Returns payment options, Bazaar schema, and Sign-In-With-X auth requirements (x402 v2) if available.",
     {
       url: z.string().url().describe("The x402-protected endpoint URL to probe"),
       method: z.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).default("GET").describe("HTTP method to use"),
@@ -811,6 +811,29 @@ function registerQueryEndpointTool(server) {
             hasBazaarExtension: true
           };
         }
+        if (pr.extensions?.["sign-in-with-x"]) {
+          const siwx = pr.extensions["sign-in-with-x"];
+          const info = siwx.info || {};
+          const requiredFields = ["domain", "uri", "version", "chainId", "nonce", "issuedAt"];
+          const missingFields = requiredFields.filter((f) => !info[f]);
+          const validationErrors = [];
+          if (!siwx.info) {
+            validationErrors.push('Missing "info" object in sign-in-with-x extension');
+          } else if (missingFields.length > 0) {
+            validationErrors.push(`Missing required fields in info: ${missingFields.join(", ")}`);
+          }
+          if (!siwx.schema) {
+            validationErrors.push('Missing "schema" object in sign-in-with-x extension');
+          }
+          response.signInWithX = {
+            required: true,
+            valid: validationErrors.length === 0,
+            validationErrors: validationErrors.length > 0 ? validationErrors : void 0,
+            info: siwx.info,
+            schema: siwx.schema,
+            usage: "Use create_siwe_proof or fetch_with_siwe tools to authenticate"
+          };
+        }
         if (pr.error) {
           response.serverError = pr.error;
         }
@@ -1014,6 +1037,197 @@ function registerExecuteCallTool(server) {
   );
 }
 
+// src/tools/siwe.ts
+import { z as z4 } from "zod";
+import { SiweMessage, generateNonce } from "siwe";
+var NETWORKS = {
+  mainnet: "eip155:1",
+  base: "eip155:8453",
+  "base-sepolia": "eip155:84532",
+  optimism: "eip155:10",
+  arbitrum: "eip155:42161",
+  polygon: "eip155:137",
+  sepolia: "eip155:11155111"
+};
+function parseChainId(network) {
+  const parts = network.split(":");
+  return parseInt(parts[1], 10);
+}
+function registerCreateSiweProofTool(server) {
+  server.tool(
+    "create_siwe_proof",
+    "Create a CAIP-122 compliant Sign-In-With-X proof for wallet authentication (x402 v2 extension). Returns a flat proof object for the SIGN-IN-WITH-X header.",
+    {
+      domain: z4.string().describe('Domain requesting auth (e.g., "api.example.com")'),
+      uri: z4.string().url().describe('Full URI of the resource (e.g., "https://api.example.com")'),
+      statement: z4.string().optional().default("Authenticate to API").describe("Human-readable statement"),
+      network: z4.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().default("base").describe("Network name (default: base)"),
+      expirationMinutes: z4.number().optional().default(5).describe("Proof validity in minutes (default: 5)")
+    },
+    async ({ domain, uri, statement, network, expirationMinutes }) => {
+      try {
+        const { account, address } = await getOrCreateWallet();
+        const caip2Network = NETWORKS[network];
+        const numericChainId = parseChainId(caip2Network);
+        const nonce = generateNonce();
+        const issuedAt = (/* @__PURE__ */ new Date()).toISOString();
+        const expirationTime = new Date(
+          Date.now() + expirationMinutes * 60 * 1e3
+        ).toISOString();
+        const siweMessage = new SiweMessage({
+          domain,
+          address,
+          statement,
+          uri,
+          version: "1",
+          chainId: numericChainId,
+          nonce,
+          issuedAt,
+          expirationTime,
+          resources: [uri]
+        });
+        const message = siweMessage.prepareMessage();
+        const signature = await account.signMessage({ message });
+        const proof = {
+          domain,
+          address,
+          statement,
+          uri,
+          version: "1",
+          chainId: caip2Network,
+          nonce,
+          issuedAt,
+          expirationTime,
+          resources: [uri],
+          signature
+        };
+        return mcpSuccess({
+          proof: JSON.stringify(proof),
+          address,
+          network: caip2Network,
+          expiresAt: expirationTime,
+          usage: "Add to request headers as: SIGN-IN-WITH-X: <proof>"
+        });
+      } catch (err) {
+        return mcpError(err, { tool: "create_siwe_proof" });
+      }
+    }
+  );
+}
+
+// src/tools/fetch_with_siwe.ts
+import { z as z5 } from "zod";
+import { SiweMessage as SiweMessage2, generateNonce as generateNonce2 } from "siwe";
+var NETWORKS2 = {
+  mainnet: "eip155:1",
+  base: "eip155:8453",
+  "base-sepolia": "eip155:84532",
+  optimism: "eip155:10",
+  arbitrum: "eip155:42161",
+  polygon: "eip155:137",
+  sepolia: "eip155:11155111"
+};
+function parseChainId2(network) {
+  const parts = network.split(":");
+  return parseInt(parts[1], 10);
+}
+async function createSiwxProof(account, domain, uri, network) {
+  const numericChainId = parseChainId2(network);
+  const nonce = generateNonce2();
+  const issuedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const expirationTime = new Date(Date.now() + 3e5).toISOString();
+  const siweMessage = new SiweMessage2({
+    domain,
+    address: account.address,
+    statement: "Authenticate to API",
+    uri,
+    version: "1",
+    chainId: numericChainId,
+    nonce,
+    issuedAt,
+    expirationTime,
+    resources: [uri]
+  });
+  const message = siweMessage.prepareMessage();
+  const signature = await account.signMessage({ message });
+  return JSON.stringify({
+    domain,
+    address: account.address,
+    statement: "Authenticate to API",
+    uri,
+    version: "1",
+    chainId: network,
+    nonce,
+    issuedAt,
+    expirationTime,
+    resources: [uri],
+    signature
+  });
+}
+function registerFetchWithSiweTool(server) {
+  server.tool(
+    "fetch_with_siwe",
+    "Make an HTTP request with automatic CAIP-122 Sign-In-With-X wallet authentication (x402 v2 extension).",
+    {
+      url: z5.string().url().describe("The URL to fetch"),
+      method: z5.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).optional().default("GET"),
+      body: z5.unknown().optional().describe("Request body for POST/PUT/PATCH"),
+      headers: z5.record(z5.string()).optional().describe("Additional headers"),
+      network: z5.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().default("base").describe("Network name (default: base)")
+    },
+    async ({ url, method, body, headers, network }) => {
+      try {
+        const { account } = await getOrCreateWallet();
+        const parsedUrl = new URL(url);
+        const caip2Network = NETWORKS2[network];
+        const proof = await createSiwxProof(
+          account,
+          parsedUrl.host,
+          parsedUrl.origin,
+          caip2Network
+        );
+        const response = await fetch(url, {
+          method,
+          headers: {
+            "Content-Type": "application/json",
+            "SIGN-IN-WITH-X": proof,
+            ...headers
+          },
+          body: body ? JSON.stringify(body) : void 0
+        });
+        const responseHeaders = Object.fromEntries(response.headers.entries());
+        if (!response.ok) {
+          let errorBody;
+          try {
+            errorBody = await response.json();
+          } catch {
+            errorBody = await response.text();
+          }
+          return mcpError(`HTTP ${response.status}`, {
+            statusCode: response.status,
+            headers: responseHeaders,
+            body: errorBody
+          });
+        }
+        let data;
+        const contentType = response.headers.get("content-type");
+        if (contentType?.includes("application/json")) {
+          data = await response.json();
+        } else {
+          data = await response.text();
+        }
+        return mcpSuccess({
+          statusCode: response.status,
+          headers: responseHeaders,
+          data
+        });
+      } catch (err) {
+        return mcpError(err, { tool: "fetch_with_siwe", url });
+      }
+    }
+  );
+}
+
 // src/index.ts
 async function main() {
   log.clear();
@@ -1026,7 +1240,9 @@ async function main() {
   registerQueryEndpointTool(server);
   registerValidatePaymentTool(server);
   registerExecuteCallTool(server);
-  log.info("Registered 4 tools: check_balance, query_endpoint, validate_payment, execute_call");
+  registerCreateSiweProofTool(server);
+  registerFetchWithSiweTool(server);
+  log.info("Registered 6 tools: check_balance, query_endpoint, validate_payment, execute_call, create_siwe_proof, fetch_with_siwe");
   const transport = new StdioServerTransport();
   await server.connect(transport);
   log.info(`Connected to transport, ready for requests. Log file: ${log.path}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "x402scan-mcp",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "description": "Generic MCP server for calling x402-protected APIs with automatic payment handling",
   "type": "module",
   "main": "dist/index.js",
@@ -23,6 +23,7 @@
     "@modelcontextprotocol/sdk": "^1.6.1",
     "@x402/core": "^2.0.0",
     "@x402/evm": "^2.0.0",
+    "siwe": "^2.3.2",
     "viem": "^2.31.3",
     "zod": "^3.25.1"
   },