npm - x402scan-mcp - Versions diffs - 0.0.3 → 0.0.5 - Mend

x402scan-mcp 0.0.3 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -7,7 +7,7 @@ MCP server for calling [x402](https://x402.org)-protected APIs with automatic pa
 ### Claude Code
 ```bash
-claude mcp add x402scan -- npx -y x402scan-mcp@latest
+claude mcp add x402scan --scope user -- npx -y x402scan-mcp@latest
 ```
 ### Codex

package/dist/index.js CHANGED Viewed

@@ -742,10 +742,11 @@ async function queryEndpoint(url, httpClient, options = {}) {
 }
 // src/tools/query_endpoint.ts
+import { extractDiscoveryInfoV1, isDiscoverableV1 } from "@x402/extensions/bazaar";
 function registerQueryEndpointTool(server) {
   server.tool(
     "query_endpoint",
-    "Probe an x402-protected endpoint to get pricing and schema without making a payment. Returns payment requirements, accepted networks, and Bazaar schema if available.",
+    "Probe an x402-protected endpoint to get pricing and requirements without payment. Returns payment options, Bazaar schema, and Sign-In-With-X auth requirements (x402 v2) if available.",
     {
       url: z.string().url().describe("The x402-protected endpoint URL to probe"),
       method: z.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).default("GET").describe("HTTP method to use"),
@@ -810,6 +811,43 @@ function registerQueryEndpointTool(server) {
             examples: bazaar.examples,
             hasBazaarExtension: true
           };
+        } else if (pr.x402Version === 1 && result.rawBody) {
+          const v1Body = result.rawBody;
+          const firstAccept = v1Body.accepts?.[0];
+          if (firstAccept && isDiscoverableV1(firstAccept)) {
+            const discoveryInfo = extractDiscoveryInfoV1(firstAccept);
+            if (discoveryInfo) {
+              response.bazaar = {
+                info: discoveryInfo,
+                schema: null,
+                hasBazaarExtension: true,
+                sourceVersion: 1
+              };
+            }
+          }
+        }
+        if (pr.extensions?.["sign-in-with-x"]) {
+          const siwx = pr.extensions["sign-in-with-x"];
+          const info = siwx.info || {};
+          const requiredFields = ["domain", "uri", "version", "chainId", "nonce", "issuedAt"];
+          const missingFields = requiredFields.filter((f) => !info[f]);
+          const validationErrors = [];
+          if (!siwx.info) {
+            validationErrors.push('Missing "info" object in sign-in-with-x extension');
+          } else if (missingFields.length > 0) {
+            validationErrors.push(`Missing required fields in info: ${missingFields.join(", ")}`);
+          }
+          if (!siwx.schema) {
+            validationErrors.push('Missing "schema" object in sign-in-with-x extension');
+          }
+          response.signInWithX = {
+            required: true,
+            valid: validationErrors.length === 0,
+            validationErrors: validationErrors.length > 0 ? validationErrors : void 0,
+            info: siwx.info,
+            schema: siwx.schema,
+            usage: "Use create_siwe_proof or fetch_with_siwe tools to authenticate"
+          };
         }
         if (pr.error) {
           response.serverError = pr.error;
@@ -1017,60 +1055,73 @@ function registerExecuteCallTool(server) {
 // src/tools/siwe.ts
 import { z as z4 } from "zod";
 import { SiweMessage, generateNonce } from "siwe";
-var CHAIN_IDS = {
-  mainnet: 1,
-  base: 8453,
-  "base-sepolia": 84532,
-  optimism: 10,
-  arbitrum: 42161,
-  polygon: 137,
-  sepolia: 11155111
+var NETWORKS = {
+  mainnet: "eip155:1",
+  base: "eip155:8453",
+  "base-sepolia": "eip155:84532",
+  optimism: "eip155:10",
+  arbitrum: "eip155:42161",
+  polygon: "eip155:137",
+  sepolia: "eip155:11155111"
 };
+function parseChainId(network) {
+  const parts = network.split(":");
+  return parseInt(parts[1], 10);
+}
 function registerCreateSiweProofTool(server) {
   server.tool(
     "create_siwe_proof",
-    "Create a SIWE (Sign-In with Ethereum) proof for wallet authentication. Returns a proof string to use in X-SIWE-PROOF header.",
+    "Create a CAIP-122 compliant Sign-In-With-X proof for wallet authentication (x402 v2 extension). Returns a flat proof object for the SIGN-IN-WITH-X header.",
     {
-      domain: z4.string().describe(
-        'Domain requesting auth (e.g., "localhost:3000" or "stablestudio.io")'
-      ),
-      uri: z4.string().url().describe('Full URI of the API (e.g., "http://localhost:3000")'),
+      domain: z4.string().describe('Domain requesting auth (e.g., "api.example.com")'),
+      uri: z4.string().url().describe('Full URI of the resource (e.g., "https://api.example.com")'),
       statement: z4.string().optional().default("Authenticate to API").describe("Human-readable statement"),
-      chainId: z4.number().optional().describe(
-        "Chain ID (default: 8453 for Base). Common IDs: 1=mainnet, 8453=base, 84532=base-sepolia, 10=optimism"
-      ),
-      chain: z4.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().describe("Chain name (alternative to chainId). Default: base"),
-      expirationMinutes: z4.number().optional().default(60).describe("Proof validity in minutes")
+      network: z4.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().default("base").describe("Network name (default: base)"),
+      expirationMinutes: z4.number().optional().default(5).describe("Proof validity in minutes (default: 5)")
     },
-    async ({ domain, uri, statement, chainId, chain, expirationMinutes }) => {
+    async ({ domain, uri, statement, network, expirationMinutes }) => {
       try {
         const { account, address } = await getOrCreateWallet();
-        const resolvedChainId = chainId ?? (chain ? CHAIN_IDS[chain] : CHAIN_IDS.base);
+        const caip2Network = NETWORKS[network];
+        const numericChainId = parseChainId(caip2Network);
+        const nonce = generateNonce();
+        const issuedAt = (/* @__PURE__ */ new Date()).toISOString();
+        const expirationTime = new Date(
+          Date.now() + expirationMinutes * 60 * 1e3
+        ).toISOString();
         const siweMessage = new SiweMessage({
           domain,
           address,
           statement,
           uri,
           version: "1",
-          chainId: resolvedChainId,
-          nonce: generateNonce(),
-          issuedAt: (/* @__PURE__ */ new Date()).toISOString(),
-          expirationTime: new Date(
-            Date.now() + expirationMinutes * 60 * 1e3
-          ).toISOString()
+          chainId: numericChainId,
+          nonce,
+          issuedAt,
+          expirationTime,
+          resources: [uri]
         });
         const message = siweMessage.prepareMessage();
         const signature = await account.signMessage({ message });
-        const proof = JSON.stringify({
-          message: JSON.stringify(siweMessage),
+        const proof = {
+          domain,
+          address,
+          statement,
+          uri,
+          version: "1",
+          chainId: caip2Network,
+          nonce,
+          issuedAt,
+          expirationTime,
+          resources: [uri],
           signature
-        });
+        };
         return mcpSuccess({
-          proof,
+          proof: JSON.stringify(proof),
           address,
-          chainId: resolvedChainId,
-          expiresAt: siweMessage.expirationTime,
-          usage: "Add to request headers as: X-SIWE-PROOF: <proof>"
+          network: caip2Network,
+          expiresAt: expirationTime,
+          usage: "Add to request headers as: SIGN-IN-WITH-X: <proof>"
         });
       } catch (err) {
         return mcpError(err, { tool: "create_siwe_proof" });
@@ -1082,65 +1133,79 @@ function registerCreateSiweProofTool(server) {
 // src/tools/fetch_with_siwe.ts
 import { z as z5 } from "zod";
 import { SiweMessage as SiweMessage2, generateNonce as generateNonce2 } from "siwe";
-var CHAIN_IDS2 = {
-  mainnet: 1,
-  base: 8453,
-  "base-sepolia": 84532,
-  optimism: 10,
-  arbitrum: 42161,
-  polygon: 137,
-  sepolia: 11155111
+var NETWORKS2 = {
+  mainnet: "eip155:1",
+  base: "eip155:8453",
+  "base-sepolia": "eip155:84532",
+  optimism: "eip155:10",
+  arbitrum: "eip155:42161",
+  polygon: "eip155:137",
+  sepolia: "eip155:11155111"
 };
-async function createSiweProof(account, domain, uri, chainId) {
+function parseChainId2(network) {
+  const parts = network.split(":");
+  return parseInt(parts[1], 10);
+}
+async function createSiwxProof(account, domain, uri, network) {
+  const numericChainId = parseChainId2(network);
+  const nonce = generateNonce2();
+  const issuedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const expirationTime = new Date(Date.now() + 3e5).toISOString();
   const siweMessage = new SiweMessage2({
     domain,
     address: account.address,
     statement: "Authenticate to API",
     uri,
     version: "1",
-    chainId,
-    nonce: generateNonce2(),
-    issuedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    expirationTime: new Date(Date.now() + 36e5).toISOString()
+    chainId: numericChainId,
+    nonce,
+    issuedAt,
+    expirationTime,
+    resources: [uri]
   });
   const message = siweMessage.prepareMessage();
   const signature = await account.signMessage({ message });
   return JSON.stringify({
-    message: JSON.stringify(siweMessage),
+    domain,
+    address: account.address,
+    statement: "Authenticate to API",
+    uri,
+    version: "1",
+    chainId: network,
+    nonce,
+    issuedAt,
+    expirationTime,
+    resources: [uri],
     signature
   });
 }
 function registerFetchWithSiweTool(server) {
   server.tool(
     "fetch_with_siwe",
-    "Make an HTTP request with automatic SIWE wallet authentication. Useful for APIs that require wallet ownership proof.",
+    "Make an HTTP request with automatic CAIP-122 Sign-In-With-X wallet authentication (x402 v2 extension).",
     {
       url: z5.string().url().describe("The URL to fetch"),
       method: z5.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).optional().default("GET"),
       body: z5.unknown().optional().describe("Request body for POST/PUT/PATCH"),
       headers: z5.record(z5.string()).optional().describe("Additional headers"),
-      siweHeader: z5.string().optional().default("X-SIWE-PROOF").describe("Header name for SIWE proof"),
-      chainId: z5.number().optional().describe(
-        "Chain ID for SIWE proof (default: 8453 for Base). Common IDs: 1=mainnet, 8453=base, 84532=base-sepolia"
-      ),
-      chain: z5.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().describe("Chain name (alternative to chainId). Default: base")
+      network: z5.enum(["mainnet", "base", "base-sepolia", "optimism", "arbitrum", "polygon", "sepolia"]).optional().default("base").describe("Network name (default: base)")
     },
-    async ({ url, method, body, headers, siweHeader, chainId, chain }) => {
+    async ({ url, method, body, headers, network }) => {
       try {
         const { account } = await getOrCreateWallet();
         const parsedUrl = new URL(url);
-        const resolvedChainId = chainId ?? (chain ? CHAIN_IDS2[chain] : CHAIN_IDS2.base);
-        const proof = await createSiweProof(
+        const caip2Network = NETWORKS2[network];
+        const proof = await createSiwxProof(
           account,
           parsedUrl.host,
           parsedUrl.origin,
-          resolvedChainId
+          caip2Network
         );
         const response = await fetch(url, {
           method,
           headers: {
             "Content-Type": "application/json",
-            [siweHeader]: proof,
+            "SIGN-IN-WITH-X": proof,
             ...headers
           },
           body: body ? JSON.stringify(body) : void 0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "x402scan-mcp",
-  "version": "0.0.3",
+  "version": "0.0.5",
   "description": "Generic MCP server for calling x402-protected APIs with automatic payment handling",
   "type": "module",
   "main": "dist/index.js",
@@ -10,10 +10,20 @@
   "files": [
     "dist"
   ],
+  "scripts": {
+    "build": "tsup",
+    "build:mcpb": "tsx scripts/build-mcpb.ts",
+    "dev": "tsx src/index.ts",
+    "dev:bun": "bun run src/index.ts",
+    "typecheck": "tsc --noEmit",
+    "publish-package": "tsx scripts/publish.ts",
+    "prepublishOnly": "npm run build"
+  },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.6.1",
     "@x402/core": "^2.0.0",
     "@x402/evm": "^2.0.0",
+    "@x402/extensions": "^2.1.0",
     "siwe": "^2.3.2",
     "viem": "^2.31.3",
     "zod": "^3.25.1"
@@ -42,13 +52,5 @@
   "repository": {
     "type": "git",
     "url": "https://github.com/merit-systems/x402scan-mcp"
-  },
-  "scripts": {
-    "build": "tsup",
-    "build:mcpb": "tsx scripts/build-mcpb.ts",
-    "dev": "tsx src/index.ts",
-    "dev:bun": "bun run src/index.ts",
-    "typecheck": "tsc --noEmit",
-    "publish-package": "tsx scripts/publish.ts"
   }
-}
+}