x402scan-mcp 0.0.3 → 0.0.4

package/dist/index.js

@@ -745,7 +745,7 @@ async function queryEndpoint(url, httpClient, options = {}) {
 function registerQueryEndpointTool(server) {
   server.tool(
     "query_endpoint",
-    "Probe an x402-protected endpoint to get pricing and schema without making a payment. Returns payment requirements, accepted networks, and Bazaar schema if available.",
+    "Probe an x402-protected endpoint to get pricing and requirements without payment. Returns payment options, Bazaar schema, and Sign-In-With-X auth requirements (x402 v2) if available.",
     {
       url: z.string().url().describe("The x402-protected endpoint URL to probe"),
       method: z.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).default("GET").describe("HTTP method to use"),
@@ -811,6 +811,29 @@ function registerQueryEndpointTool(server) {
             hasBazaarExtension: true
           };
         }
+        if (pr.extensions?.["sign-in-with-x"]) {
+          const siwx = pr.extensions["sign-in-with-x"];
+          const info = siwx.info || {};
+          const requiredFields = ["domain", "uri", "version", "chainId", "nonce", "issuedAt"];
+          const missingFields = requiredFields.filter((f) => !info[f]);
+          const validationErrors = [];
+          if (!siwx.info) {
+            validationErrors.push('Missing "info" object in sign-in-with-x extension');
+          } else if (missingFields.length > 0) {
+            validationErrors.push(`Missing required fields in info: ${missingFields.join(", ")}`);
+          }
+          if (!siwx.schema) {
+            validationErrors.push('Missing "schema" object in sign-in-with-x extension');
+          }
+          response.signInWithX = {
+            required: true,
+            valid: validationErrors.length === 0,
+            validationErrors: validationErrors.length > 0 ? validationErrors : void 0,
+            info: siwx.info,
+            schema: siwx.schema,
+            usage: "Use create_siwe_proof or fetch_with_siwe tools to authenticate"
+          };
+        }
         if (pr.error) {
           response.serverError = pr.error;
         }
@@ -1017,60 +1040,73 @@ function registerExecuteCallTool(server) {
 // src/tools/siwe.ts
 import { z as z4 } from "zod";
 import { SiweMessage, generateNonce } from "siwe";
-var CHAIN_IDS = {
-  mainnet: 1,
-  base: 8453,
-  "base-sepolia": 84532,
-  optimism: 10,
-  arbitrum: 42161,
-  polygon: 137,
-  sepolia: 11155111
+var NETWORKS = {
+  mainnet: "eip155:1",
+  base: "eip155:8453",
+  "base-sepolia": "eip155:84532",
+  optimism: "eip155:10",
+  arbitrum: "eip155:42161",
+  polygon: "eip155:137",
+  sepolia: "eip155:11155111"
 };
+function parseChainId(network) {
+  const parts = network.split(":");
+  return parseInt(parts[1], 10);
+}
 function registerCreateSiweProofTool(server) {
   server.tool(
     "create_siwe_proof",
-    "Create a SIWE (Sign-In with Ethereum) proof for wallet authentication. Returns a proof string to use in X-SIWE-PROOF header.",
+    "Create a CAIP-122 compliant Sign-In-With-X proof for wallet authentication (x402 v2 extension). Returns a flat proof object for the SIGN-IN-WITH-X header.",
     {
-      domain: z4.string().describe(
-        'Domain requesting auth (e.g., "localhost:3000" or "stablestudio.io")'
-      ),
-      uri: z4.string().url().describe('Full URI of the API (e.g., "http://localhost:3000")'),
+      domain: z4.string().describe('Domain requesting auth (e.g., "api.example.com")'),
+      uri: z4.string().url().describe('Full URI of the resource (e.g., "https://api.example.com")'),
       statement: z4.string().optional().default("Authenticate to API").describe("Human-readable statement"),
-      chainId: z4.number().optional().describe(
-        "Chain ID (default: 8453 for Base). Common IDs: 1=mainnet, 8453=base, 84532=base-sepolia, 10=optimism"
-      ),
-      chain: z4.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().describe("Chain name (alternative to chainId). Default: base"),
-      expirationMinutes: z4.number().optional().default(60).describe("Proof validity in minutes")
+      network: z4.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().default("base").describe("Network name (default: base)"),
+      expirationMinutes: z4.number().optional().default(5).describe("Proof validity in minutes (default: 5)")
     },
-    async ({ domain, uri, statement, chainId, chain, expirationMinutes }) => {
+    async ({ domain, uri, statement, network, expirationMinutes }) => {
       try {
         const { account, address } = await getOrCreateWallet();
-        const resolvedChainId = chainId ?? (chain ? CHAIN_IDS[chain] : CHAIN_IDS.base);
+        const caip2Network = NETWORKS[network];
+        const numericChainId = parseChainId(caip2Network);
+        const nonce = generateNonce();
+        const issuedAt = (/* @__PURE__ */ new Date()).toISOString();
+        const expirationTime = new Date(
+          Date.now() + expirationMinutes * 60 * 1e3
+        ).toISOString();
         const siweMessage = new SiweMessage({
           domain,
           address,
           statement,
           uri,
           version: "1",
-          chainId: resolvedChainId,
-          nonce: generateNonce(),
-          issuedAt: (/* @__PURE__ */ new Date()).toISOString(),
-          expirationTime: new Date(
-            Date.now() + expirationMinutes * 60 * 1e3
-          ).toISOString()
+          chainId: numericChainId,
+          nonce,
+          issuedAt,
+          expirationTime,
+          resources: [uri]
         });
         const message = siweMessage.prepareMessage();
         const signature = await account.signMessage({ message });
-        const proof = JSON.stringify({
-          message: JSON.stringify(siweMessage),
+        const proof = {
+          domain,
+          address,
+          statement,
+          uri,
+          version: "1",
+          chainId: caip2Network,
+          nonce,
+          issuedAt,
+          expirationTime,
+          resources: [uri],
           signature
-        });
+        };
         return mcpSuccess({
-          proof,
+          proof: JSON.stringify(proof),
           address,
-          chainId: resolvedChainId,
-          expiresAt: siweMessage.expirationTime,
-          usage: "Add to request headers as: X-SIWE-PROOF: <proof>"
+          network: caip2Network,
+          expiresAt: expirationTime,
+          usage: "Add to request headers as: SIGN-IN-WITH-X: <proof>"
         });
       } catch (err) {
         return mcpError(err, { tool: "create_siwe_proof" });
@@ -1082,65 +1118,79 @@ function registerCreateSiweProofTool(server) {
 // src/tools/fetch_with_siwe.ts
 import { z as z5 } from "zod";
 import { SiweMessage as SiweMessage2, generateNonce as generateNonce2 } from "siwe";
-var CHAIN_IDS2 = {
-  mainnet: 1,
-  base: 8453,
-  "base-sepolia": 84532,
-  optimism: 10,
-  arbitrum: 42161,
-  polygon: 137,
-  sepolia: 11155111
+var NETWORKS2 = {
+  mainnet: "eip155:1",
+  base: "eip155:8453",
+  "base-sepolia": "eip155:84532",
+  optimism: "eip155:10",
+  arbitrum: "eip155:42161",
+  polygon: "eip155:137",
+  sepolia: "eip155:11155111"
 };
-async function createSiweProof(account, domain, uri, chainId) {
+function parseChainId2(network) {
+  const parts = network.split(":");
+  return parseInt(parts[1], 10);
+}
+async function createSiwxProof(account, domain, uri, network) {
+  const numericChainId = parseChainId2(network);
+  const nonce = generateNonce2();
+  const issuedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const expirationTime = new Date(Date.now() + 3e5).toISOString();
   const siweMessage = new SiweMessage2({
     domain,
     address: account.address,
     statement: "Authenticate to API",
     uri,
     version: "1",
-    chainId,
-    nonce: generateNonce2(),
-    issuedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    expirationTime: new Date(Date.now() + 36e5).toISOString()
+    chainId: numericChainId,
+    nonce,
+    issuedAt,
+    expirationTime,
+    resources: [uri]
   });
   const message = siweMessage.prepareMessage();
   const signature = await account.signMessage({ message });
   return JSON.stringify({
-    message: JSON.stringify(siweMessage),
+    domain,
+    address: account.address,
+    statement: "Authenticate to API",
+    uri,
+    version: "1",
+    chainId: network,
+    nonce,
+    issuedAt,
+    expirationTime,
+    resources: [uri],
     signature
   });
 }
 function registerFetchWithSiweTool(server) {
   server.tool(
     "fetch_with_siwe",
-    "Make an HTTP request with automatic SIWE wallet authentication. Useful for APIs that require wallet ownership proof.",
+    "Make an HTTP request with automatic CAIP-122 Sign-In-With-X wallet authentication (x402 v2 extension).",
     {
       url: z5.string().url().describe("The URL to fetch"),
       method: z5.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).optional().default("GET"),
       body: z5.unknown().optional().describe("Request body for POST/PUT/PATCH"),
       headers: z5.record(z5.string()).optional().describe("Additional headers"),
-      siweHeader: z5.string().optional().default("X-SIWE-PROOF").describe("Header name for SIWE proof"),
-      chainId: z5.number().optional().describe(
-        "Chain ID for SIWE proof (default: 8453 for Base). Common IDs: 1=mainnet, 8453=base, 84532=base-sepolia"
-      ),
-      chain: z5.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().describe("Chain name (alternative to chainId). Default: base")
+      network: z5.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().default("base").describe("Network name (default: base)")
     },
-    async ({ url, method, body, headers, siweHeader, chainId, chain }) => {
+    async ({ url, method, body, headers, network }) => {
       try {
         const { account } = await getOrCreateWallet();
         const parsedUrl = new URL(url);
-        const resolvedChainId = chainId ?? (chain ? CHAIN_IDS2[chain] : CHAIN_IDS2.base);
-        const proof = await createSiweProof(
+        const caip2Network = NETWORKS2[network];
+        const proof = await createSiwxProof(
           account,
           parsedUrl.host,
           parsedUrl.origin,
-          resolvedChainId
+          caip2Network
         );
         const response = await fetch(url, {
           method,
           headers: {
             "Content-Type": "application/json",
-            [siweHeader]: proof,
+            "SIGN-IN-WITH-X": proof,
             ...headers
           },
           body: body ? JSON.stringify(body) : void 0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "x402scan-mcp",
-  "version": "0.0.3",
+  "version": "0.0.4",
   "description": "Generic MCP server for calling x402-protected APIs with automatic payment handling",
   "type": "module",
   "main": "dist/index.js",
@@ -10,6 +10,15 @@
   "files": [
     "dist"
   ],
+  "scripts": {
+    "build": "tsup",
+    "build:mcpb": "tsx scripts/build-mcpb.ts",
+    "dev": "tsx src/index.ts",
+    "dev:bun": "bun run src/index.ts",
+    "typecheck": "tsc --noEmit",
+    "publish-package": "tsx scripts/publish.ts",
+    "prepublishOnly": "npm run build"
+  },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.6.1",
     "@x402/core": "^2.0.0",
@@ -42,13 +51,5 @@
   "repository": {
     "type": "git",
     "url": "https://github.com/merit-systems/x402scan-mcp"
-  },
-  "scripts": {
-    "build": "tsup",
-    "build:mcpb": "tsx scripts/build-mcpb.ts",
-    "dev": "tsx src/index.ts",
-    "dev:bun": "bun run src/index.ts",
-    "typecheck": "tsc --noEmit",
-    "publish-package": "tsx scripts/publish.ts"
   }
-}
+}