ddg-agent-services-mcp 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. ddg_agent_services_mcp-0.1.0/.github/dependabot.yml +23 -0
  2. ddg_agent_services_mcp-0.1.0/.github/workflows/ci.yml +61 -0
  3. ddg_agent_services_mcp-0.1.0/.github/workflows/codeql.yml +30 -0
  4. ddg_agent_services_mcp-0.1.0/.github/workflows/validate.yml +23 -0
  5. ddg_agent_services_mcp-0.1.0/.gitignore +11 -0
  6. ddg_agent_services_mcp-0.1.0/DISCOVERY.md +82 -0
  7. ddg_agent_services_mcp-0.1.0/LICENSE +21 -0
  8. ddg_agent_services_mcp-0.1.0/PKG-INFO +180 -0
  9. ddg_agent_services_mcp-0.1.0/README.md +143 -0
  10. ddg_agent_services_mcp-0.1.0/SECURITY.md +13 -0
  11. ddg_agent_services_mcp-0.1.0/SECURITY_AUDIT.md +50 -0
  12. ddg_agent_services_mcp-0.1.0/deploy/cloudflare/ddg-agent-services-mcp-ingress.example.yml +11 -0
  13. ddg_agent_services_mcp-0.1.0/deploy/systemd/ddg-agent-services-mcp.service +37 -0
  14. ddg_agent_services_mcp-0.1.0/docs/agent-catalog.json +1417 -0
  15. ddg_agent_services_mcp-0.1.0/docs/agent-distribution-action-plan.md +100 -0
  16. ddg_agent_services_mcp-0.1.0/docs/agent-distribution-targets.json +97 -0
  17. ddg_agent_services_mcp-0.1.0/docs/agent-skills/agent-discovery-repair-pack.json +28 -0
  18. ddg_agent_services_mcp-0.1.0/docs/agent-skills/agent-payment-readiness-audit.json +28 -0
  19. ddg_agent_services_mcp-0.1.0/docs/agent-skills/agent-status-and-receipt-tools.json +28 -0
  20. ddg_agent_services_mcp-0.1.0/docs/agent-skills/browser-proof-artifact.json +28 -0
  21. ddg_agent_services_mcp-0.1.0/docs/agent-skills/buyer-agent-smoke-probe.json +28 -0
  22. ddg_agent_services_mcp-0.1.0/docs/agent-skills/ddg-agent-services.json +23 -0
  23. ddg_agent_services_mcp-0.1.0/docs/agent-skills/index.json +117 -0
  24. ddg_agent_services_mcp-0.1.0/docs/agent-skills/mcp-tool-security-audit.json +28 -0
  25. ddg_agent_services_mcp-0.1.0/docs/agent-skills/model-artifact-order.json +28 -0
  26. ddg_agent_services_mcp-0.1.0/docs/agent-skills/payment-rail-activation-proof.json +28 -0
  27. ddg_agent_services_mcp-0.1.0/docs/agent-skills/prompt-injection-ci.json +28 -0
  28. ddg_agent_services_mcp-0.1.0/docs/agent-skills/repo-context-pack.json +28 -0
  29. ddg_agent_services_mcp-0.1.0/docs/agent-skills-index.json +117 -0
  30. ddg_agent_services_mcp-0.1.0/docs/agent-status.json +273 -0
  31. ddg_agent_services_mcp-0.1.0/docs/agents.json +257 -0
  32. ddg_agent_services_mcp-0.1.0/docs/ai-discovery.json +398 -0
  33. ddg_agent_services_mcp-0.1.0/docs/api-catalog.linkset.json +86 -0
  34. ddg_agent_services_mcp-0.1.0/docs/apple-touch-icon.png +0 -0
  35. ddg_agent_services_mcp-0.1.0/docs/checkout-conformance.json +117 -0
  36. ddg_agent_services_mcp-0.1.0/docs/cybersecurity-services.json +291 -0
  37. ddg_agent_services_mcp-0.1.0/docs/direct_crypto_addresses.public.json +124 -0
  38. ddg_agent_services_mcp-0.1.0/docs/favicon-192.png +0 -0
  39. ddg_agent_services_mcp-0.1.0/docs/favicon-256.png +0 -0
  40. ddg_agent_services_mcp-0.1.0/docs/favicon-32.png +0 -0
  41. ddg_agent_services_mcp-0.1.0/docs/favicon.ico +0 -0
  42. ddg_agent_services_mcp-0.1.0/docs/llms.txt +183 -0
  43. ddg_agent_services_mcp-0.1.0/docs/mcp-production-readiness.md +115 -0
  44. ddg_agent_services_mcp-0.1.0/docs/mcp-security-audit-2026-06-23.md +76 -0
  45. ddg_agent_services_mcp-0.1.0/docs/pricing.json +2728 -0
  46. ddg_agent_services_mcp-0.1.0/docs/quickstart.md +247 -0
  47. ddg_agent_services_mcp-0.1.0/docs/x402-bazaar-readiness.json +345 -0
  48. ddg_agent_services_mcp-0.1.0/docs/x402-bazaar-readiness.md +44 -0
  49. ddg_agent_services_mcp-0.1.0/examples/buyer_agent_client.py +19 -0
  50. ddg_agent_services_mcp-0.1.0/examples/curl-smoke.sh +12 -0
  51. ddg_agent_services_mcp-0.1.0/glama.json +6 -0
  52. ddg_agent_services_mcp-0.1.0/mcp/README.md +174 -0
  53. ddg_agent_services_mcp-0.1.0/mcp/ddg-agent-swarm-mcp-design.md +117 -0
  54. ddg_agent_services_mcp-0.1.0/mcp/ddg_agent_services_mcp_server.py +22 -0
  55. ddg_agent_services_mcp-0.1.0/mcp/package-metadata.json +92 -0
  56. ddg_agent_services_mcp-0.1.0/mcp/server.json +47 -0
  57. ddg_agent_services_mcp-0.1.0/mcp/server.remote-template.json +24 -0
  58. ddg_agent_services_mcp-0.1.0/openapi.json +9479 -0
  59. ddg_agent_services_mcp-0.1.0/pyproject.toml +57 -0
  60. ddg_agent_services_mcp-0.1.0/schemas/agent-service.v1.json +33 -0
  61. ddg_agent_services_mcp-0.1.0/schemas/payment-challenge.v1.json +26 -0
  62. ddg_agent_services_mcp-0.1.0/schemas/receipt.v1.json +45 -0
  63. ddg_agent_services_mcp-0.1.0/scripts/agent_checkout_conformance_probe.py +152 -0
  64. ddg_agent_services_mcp-0.1.0/scripts/smoke_mcp_server.py +220 -0
  65. ddg_agent_services_mcp-0.1.0/scripts/validate_submission_sync.py +186 -0
  66. ddg_agent_services_mcp-0.1.0/src/ddg_agent_services_mcp/__init__.py +1 -0
  67. ddg_agent_services_mcp-0.1.0/src/ddg_agent_services_mcp/__main__.py +4 -0
  68. ddg_agent_services_mcp-0.1.0/src/ddg_agent_services_mcp/server.py +1118 -0
  69. ddg_agent_services_mcp-0.1.0/submissions/mcp-aggregators/listing-payloads.md +77 -0
  70. ddg_agent_services_mcp-0.1.0/submissions/mcp-registry/ddg-agent-services-publish.md +68 -0
  71. ddg_agent_services_mcp-0.1.0/submissions/x402-bazaar/settlement-metadata.json +283 -0
  72. ddg_agent_services_mcp-0.1.0/submissions/x402-ecosystem/awesome-x402-listing.md +77 -0
  73. ddg_agent_services_mcp-0.1.0/submissions/x402scan/ddg-agent-services-registration.md +167 -0
  74. ddg_agent_services_mcp-0.1.0/tests/test_mcp_security.py +304 -0
  75. ddg_agent_services_mcp-0.1.0/tests/test_submission_sync.py +18 -0
  76. ddg_agent_services_mcp-0.1.0/uv.lock +1433 -0
@@ -0,0 +1,23 @@
1
+ version: 2
2
+ updates:
3
+ - package-ecosystem: "pip"
4
+ directory: "/"
5
+ schedule:
6
+ interval: "weekly"
7
+ day: "monday"
8
+ time: "10:00"
9
+ timezone: "Etc/UTC"
10
+ open-pull-requests-limit: 5
11
+ groups:
12
+ python-security-and-maintenance:
13
+ patterns:
14
+ - "*"
15
+
16
+ - package-ecosystem: "github-actions"
17
+ directory: "/"
18
+ schedule:
19
+ interval: "weekly"
20
+ day: "monday"
21
+ time: "10:30"
22
+ timezone: "Etc/UTC"
23
+ open-pull-requests-limit: 5
@@ -0,0 +1,61 @@
1
+ name: CI
2
+
3
+ on:
4
+ push:
5
+ branches: [main]
6
+ pull_request:
7
+ branches: [main]
8
+
9
+ permissions:
10
+ contents: read
11
+
12
+ jobs:
13
+ test-build-audit:
14
+ runs-on: ubuntu-latest
15
+ steps:
16
+ - uses: actions/checkout@v7
17
+
18
+ - name: Install uv
19
+ uses: astral-sh/setup-uv@v8.2.0
20
+
21
+ - name: Set up Python
22
+ uses: actions/setup-python@v6
23
+ with:
24
+ python-version: '3.12'
25
+
26
+ - name: Static secret and hygiene scan
27
+ run: |
28
+ python - <<'PY'
29
+ from pathlib import Path
30
+ import re, sys
31
+ patterns = {
32
+ 'private_key_block': r'-----BEGIN [A-Z ]*PRIVATE KEY-----',
33
+ 'github_token': r'\b(?:ghp|github_pat)_[A-Za-z0-9_]{16,}',
34
+ 'stripe_secret': r'\bsk_(?:live|test)_[A-Za-z0-9]{16,}',
35
+ 'aws_access_key': r'\b(?:AKIA|ASIA)[A-Z0-9]{16}\b',
36
+ 'raw_secret_assignment': r'(?i)(?:private[_ -]?key|secret|token|password)\s*[:=]\s*(?:0x)?[0-9a-z_./+=-]{32,}',
37
+ 'lan_url': r'https?://(?:10\.|172\.(?:1[6-9]|2[0-9]|3[01])\.|192\.168\.)[^\s)\]"\']+',
38
+ }
39
+ findings = []
40
+ for p in Path('.').rglob('*'):
41
+ if not p.is_file() or any(part in {'.git', '.venv', 'dist', '__pycache__'} for part in p.parts):
42
+ continue
43
+ if p.suffix.lower() not in {'.py', '.json', '.md', '.txt', '.toml', '.yaml', '.yml', '.sh', '.service'}:
44
+ continue
45
+ text = p.read_text(encoding='utf-8', errors='replace')
46
+ for name, rx in patterns.items():
47
+ for m in re.finditer(rx, text):
48
+ findings.append((str(p), name, text[max(0, m.start()-32):m.end()+32].replace('\n', ' ')[:160]))
49
+ if findings:
50
+ print('Potential secret/leak findings:')
51
+ for finding in findings[:20]:
52
+ print(finding)
53
+ sys.exit(1)
54
+ print('secret_hygiene_scan_ok')
55
+ PY
56
+
57
+ - name: Compile, unit test, and build package
58
+ run: |
59
+ uv run --extra dev python -m compileall src tests scripts
60
+ uv run --extra dev pytest -q
61
+ uv build --sdist --wheel
@@ -0,0 +1,30 @@
1
+ name: CodeQL
2
+
3
+ on:
4
+ push:
5
+ branches: [main]
6
+ pull_request:
7
+ branches: [main]
8
+ schedule:
9
+ - cron: '37 6 * * 1'
10
+
11
+ permissions:
12
+ contents: read
13
+ security-events: write
14
+
15
+ jobs:
16
+ analyze:
17
+ name: Analyze Python
18
+ runs-on: ubuntu-latest
19
+ timeout-minutes: 15
20
+ steps:
21
+ - name: Checkout repository
22
+ uses: actions/checkout@v7
23
+
24
+ - name: Initialize CodeQL
25
+ uses: github/codeql-action/init@v4
26
+ with:
27
+ languages: python
28
+
29
+ - name: Perform CodeQL Analysis
30
+ uses: github/codeql-action/analyze@v4
@@ -0,0 +1,23 @@
1
+ name: validate
2
+ on:
3
+ pull_request:
4
+ push:
5
+ jobs:
6
+ validate:
7
+ runs-on: ubuntu-latest
8
+ steps:
9
+ - uses: actions/checkout@v4
10
+ - uses: actions/setup-python@v5
11
+ with:
12
+ python-version: '3.12'
13
+ - name: Validate JSON and Python syntax
14
+ run: |
15
+ python - <<'PY'
16
+ import json, pathlib, py_compile
17
+ for p in pathlib.Path('.').rglob('*.json'):
18
+ json.loads(p.read_text())
19
+ print('json ok', p)
20
+ for p in pathlib.Path('.').rglob('*.py'):
21
+ py_compile.compile(str(p), doraise=True)
22
+ print('py ok', p)
23
+ PY
@@ -0,0 +1,11 @@
1
+ __pycache__/
2
+ *.pyc
3
+ .env
4
+ *.env
5
+ .venv/
6
+ dist/
7
+ *.egg-info/
8
+ node_modules/
9
+ state/
10
+ audit/
11
+ c_priv/
@@ -0,0 +1,82 @@
1
+ # AI-Agent Discovery Guide
2
+
3
+ This file is for buyer agents, agent-runtime maintainers, and directory/registry reviewers who need to decide whether DDG Agent-Payable Services are callable, safe, and relevant.
4
+
5
+ ## Canonical service surface
6
+
7
+ ```text
8
+ https://agents.daedalusdevelopmentgroup.com
9
+ ```
10
+
11
+ ## Machine-readable entry points
12
+
13
+ | Surface | URL | What an agent should use it for |
14
+ | --- | --- | --- |
15
+ | AI discovery | `https://agents.daedalusdevelopmentgroup.com/.well-known/ai` | First-pass service summary and links |
16
+ | Status | `https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-status.json` | Live rail/service/MCP readiness |
17
+ | API catalog | `https://agents.daedalusdevelopmentgroup.com/.well-known/api-catalog` | Linkset pointing to canonical API assets |
18
+ | OpenAPI | `https://agents.daedalusdevelopmentgroup.com/openapi.json` | Request/response schemas and routes |
19
+ | llms.txt | `https://agents.daedalusdevelopmentgroup.com/llms.txt` | LLM-readable usage notes |
20
+ | Pricing | `https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-pricing.json` | Service pricing and payment metadata |
21
+ | Agent catalog | `https://agents.daedalusdevelopmentgroup.com/.well-known/agent-catalog.json` | Agent-buyable service descriptions |
22
+ | Agent skills | `https://agents.daedalusdevelopmentgroup.com/.well-known/agent-skills/index.json` | Skill-specific service discovery |
23
+ | Checkout conformance | `https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-checkout-conformance.json` | 403/402/payment/idempotency contract |
24
+ | Refund/reversal policy | `https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-refund-policy.json` | Strict no-free-work reversal and entitlement-revocation policy |
25
+ | MCP design/status | `https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-swarm-mcp-design.md` | MCP wrapper design and current status |
26
+
27
+ ## Current payment rails
28
+
29
+ Live now:
30
+
31
+ ```text
32
+ x402
33
+ direct_crypto_auto
34
+ direct_crypto_manual
35
+ ```
36
+
37
+ Accepted crypto options exposed to buyer agents:
38
+
39
+ - x402 `accepts[]`: Base, Polygon, Arbitrum One, World Chain, and Solana mainnet USDC.
40
+ - Direct crypto public receiving-address families: EVM/stablecoins, BTC, BCH, LTC, DOGE, SOL, TRX, XRP, XLM, ALGO, DOT, ZEC, and XMR.
41
+ - Direct crypto proofs are auto-verified only for verifier-supported assets; the remaining public address families are operator-confirmed before fulfillment.
42
+
43
+ Installed but not advertised live yet:
44
+
45
+ ```text
46
+ mpp
47
+ ```
48
+
49
+ MPP / Stripe / Tempo must remain pending until a real penny-scale settlement succeeds, idempotency replay passes, invalid-token failure stays closed, the public status/pricing/catalog are updated, and all submission packets are re-synced.
50
+
51
+ ## How I expect buyer agents to find DDG
52
+
53
+ A capable agent looking for services such as `x402 checkout conformance`, `MCP tool security audit`, `agent discovery repair`, or `browser proof artifact` will usually search in this order:
54
+
55
+ 1. General web search / GitHub search for exact task keywords.
56
+ 2. x402 ecosystem discovery: CDP Bazaar, x402scan, x402 ecosystem page, and x402 awesome lists.
57
+ 3. MCP ecosystem discovery: official MCP Registry, MCP server aggregators, and GitHub topics.
58
+ 4. Machine-readable files on service domains: `/.well-known/ai`, `/llms.txt`, `/openapi.json`, `/.well-known/agent-catalog.json`, `/.well-known/agent-skills/index.json`, and status/conformance JSON.
59
+ 5. Package registries for installable tools: npm, PyPI, OCI/GHCR, or MCPB once a package is released.
60
+ 6. Social/indexable proof: posts and docs that link directly to machine-readable endpoints instead of vague landing pages.
61
+
62
+ ## Directory/registry readiness
63
+
64
+ Ready now after security audit:
65
+
66
+ - public GitHub repo packet
67
+ - owned machine-readable discovery surfaces (`/.well-known/ai`, `llms.txt`, OpenAPI, pricing, catalog, agent skills)
68
+ - MCP `ddg://distribution/agent-radar`, `ddg://distribution/x402scan-status`, and `ddg://distribution/x402-chains` resources for agent clients
69
+ - x402scan registration is live for `agents.daedalusdevelopmentgroup.com` with 5 validated resources; keep AgentCash/x402scan probes green after every OpenAPI/payment-edge/submission change.
70
+ - x402 / agent-commerce awesome-list PR copy
71
+ - x402 ecosystem listing request copy
72
+ - search-indexed docs and social links to machine-readable endpoints
73
+
74
+ Ready only after additional work:
75
+
76
+ - CDP x402 Bazaar: requires CDP Facilitator settlement with route discovery metadata and `paymentPayload.resource`.
77
+ - Official MCP Registry: requires a public installable package on a supported registry (PyPI for this stdio wrapper) or a public HTTP/Streamable MCP endpoint plus MCP Registry metadata/namespace verification.
78
+ - npm/PyPI package listing: requires packaging and release workflow for the stdio MCP wrapper.
79
+
80
+ ## Security posture
81
+
82
+ DDG sells bounded artifacts/results and proof bundles. DDG does not sell or publish raw provider account access, OAuth tokens, provider API keys, private model IDs, private payment material, raw payment tokens, or verifier sidecar URLs.
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Daedalus Development Group
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,180 @@
1
+ Metadata-Version: 2.4
2
+ Name: ddg-agent-services-mcp
3
+ Version: 0.1.0
4
+ Summary: Payment-aware MCP wrapper and AI-agent distribution/readiness surface for DDG Agent-Payable Services
5
+ Project-URL: Homepage, https://agents.daedalusdevelopmentgroup.com/.well-known/ai
6
+ Project-URL: Documentation, https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-swarm-mcp-design.md
7
+ Project-URL: Repository, https://github.com/daedalusdevelopmentgroup/ddg-agent-payable-services
8
+ Project-URL: Issues, https://github.com/daedalusdevelopmentgroup/ddg-agent-payable-services/issues
9
+ Author-email: Daedalus Development Group <0xcircuitbreaker@protonmail.com>
10
+ License-Expression: MIT
11
+ License-File: LICENSE
12
+ Keywords: agent-commerce,ai-agents,bazaar,machine-payments,mcp,mcp-registry,openapi,x402
13
+ Classifier: Development Status :: 3 - Alpha
14
+ Classifier: Environment :: Console
15
+ Classifier: Intended Audience :: Developers
16
+ Classifier: License :: OSI Approved :: MIT License
17
+ Classifier: Programming Language :: Python :: 3
18
+ Classifier: Programming Language :: Python :: 3.11
19
+ Classifier: Programming Language :: Python :: 3.12
20
+ Classifier: Topic :: Internet :: WWW/HTTP
21
+ Classifier: Topic :: Security
22
+ Requires-Python: >=3.11
23
+ Requires-Dist: aiohttp>=3.14.1
24
+ Requires-Dist: cryptography>=48.0.1
25
+ Requires-Dist: mcp>=1.23.0
26
+ Requires-Dist: pydantic-settings>=2.14.2
27
+ Requires-Dist: pygments>=2.20.0
28
+ Requires-Dist: pyjwt>=2.13.0
29
+ Requires-Dist: pynacl>=1.6.2
30
+ Requires-Dist: python-multipart>=0.0.31
31
+ Requires-Dist: starlette>=1.3.1
32
+ Requires-Dist: tornado>=6.5.7
33
+ Requires-Dist: urllib3>=2.7.0
34
+ Provides-Extra: dev
35
+ Requires-Dist: pytest>=9.0.3; extra == 'dev'
36
+ Description-Content-Type: text/markdown
37
+
38
+ <!-- mcp-name: io.github.daedalusdevelopmentgroup/ddg-agent-services-mcp -->
39
+ # DDG Agent-Payable Services
40
+
41
+ AI-agent-native services from Daedalus Development Group (DDG): checkout/payment conformance, MCP/tool security audits, agent-discovery repair, buyer-agent smoke probes, browser proof, repo context packs, and bounded DDG-operated model/artifact orders.
42
+
43
+ Production base URL:
44
+
45
+ ```text
46
+ https://agents.daedalusdevelopmentgroup.com
47
+ ```
48
+
49
+ ## Current live payment rails
50
+
51
+ ```text
52
+ x402
53
+ direct_crypto_auto
54
+ direct_crypto_manual
55
+ ```
56
+
57
+ Accepted crypto is intentionally broad but bounded by public receiving-address custody and verifier support:
58
+
59
+ - x402 `accepts[]`: Base, Polygon, Arbitrum One, World Chain, and Solana mainnet USDC.
60
+ - Direct crypto public receiving-address families: EVM/stablecoins, BTC, BCH, LTC, DOGE, SOL, TRX, XRP, XLM, ALGO, DOT, ZEC, and XMR.
61
+ - Auto verification applies only where the verifier can prove settlement; otherwise `/v1/order-intake` records a hashed proof for operator confirmation before fulfillment.
62
+
63
+ MPP / Tempo is now advertised in the public 402 challenge with the verifier reporting ready:true and invalid-token failure verified. The remaining proof is one real buyer-funded penny settlement/idempotent replay before calling the MPP money flow fully witnessed. Stripe SPT remains planned.
64
+
65
+ ## Start here if you are a buyer agent
66
+
67
+ 1. Fetch AI discovery:
68
+
69
+ ```bash
70
+ tmp=$(mktemp)
71
+ curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ai
72
+ python3 -m json.tool "$tmp"
73
+ ```
74
+
75
+ 2. Fetch status:
76
+
77
+ ```bash
78
+ tmp=$(mktemp)
79
+ curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-status.json
80
+ python3 -m json.tool "$tmp"
81
+ ```
82
+
83
+ 3. Fetch pricing/catalog:
84
+
85
+ ```bash
86
+ tmp_pricing=$(mktemp)
87
+ tmp_catalog=$(mktemp)
88
+ curl -fsS -o "$tmp_pricing" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-pricing.json
89
+ curl -fsS -o "$tmp_catalog" https://agents.daedalusdevelopmentgroup.com/.well-known/agent-catalog.json
90
+ python3 -m json.tool "$tmp_pricing"
91
+ python3 -m json.tool "$tmp_catalog"
92
+ ```
93
+
94
+ 4. Verify checkout conformance:
95
+
96
+ ```bash
97
+ tmp=$(mktemp)
98
+ curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-checkout-conformance.json
99
+ python3 -m json.tool "$tmp"
100
+ ```
101
+
102
+ 5. Probe the payment gate without spending:
103
+
104
+ ```bash
105
+ curl -i -X POST https://agents.daedalusdevelopmentgroup.com/v1/tx-smoke-test \
106
+ -H 'Content-Type: application/json' \
107
+ -H 'X-Agent-Id: your-agent-id' \
108
+ -d '{"service":"tx_penny_smoke_test"}'
109
+ ```
110
+
111
+ Expected without payment: `402 payment_required` with accepted protocols.
112
+
113
+ ## Important endpoints
114
+
115
+ See also [`DISCOVERY.md`](DISCOVERY.md) for the agent-radar/distribution map and directory readiness notes.
116
+
117
+ | Endpoint | Purpose |
118
+ | --- | --- |
119
+ | `/.well-known/ai` | AI-agent discovery surface |
120
+ | `/.well-known/ddg-agent-status.json` | Rail/service/MCP status |
121
+ | `/.well-known/api-catalog` | Linkset API catalog |
122
+ | `/openapi.json` | OpenAPI contract |
123
+ | `/llms.txt` | LLM-facing instructions |
124
+ | `/.well-known/ddg-agent-pricing.json` | Machine-readable pricing |
125
+ | `/.well-known/agent-catalog.json` | Agent service catalog |
126
+ | `/.well-known/agent-skills/index.json` | Agent-skill discovery index |
127
+ | `/.well-known/ddg-agent-checkout-conformance.json` | Checkout conformance profile |
128
+ | `/.well-known/ddg-agent-refund-policy.json` | Strict refund/reversal policy for agent-paid work |
129
+ | `/.well-known/ddg-agent-swarm-mcp-design.md` | MCP design/status doc |
130
+
131
+ ## Flagship services
132
+
133
+ - `agent_payment_readiness_audit`
134
+ - `mcp_tool_security_audit`
135
+ - `agent_service_distribution_pack`
136
+ - `agent_marketplace_listing_pack`
137
+ - `agent_readiness_scorecard`
138
+ - `buyer_agent_smoke_probe`
139
+ - `browser_proof`
140
+ - `repo_context_pack`
141
+ - `ai_skill_safety_scan`
142
+ - `model_agent_run`
143
+
144
+ ## MCP
145
+
146
+ The local stdio MCP server is in [`mcp/`](mcp/). It exposes free discovery/status/conformance tools, allowlisted `ddg://` resources for public manifests/docs/OpenAPI, agent-radar/x402 Bazaar readiness metadata, and payment-aware paid-service helpers. Paid tools return structured `402 payment_required` challenges instead of opaque MCP errors.
147
+
148
+ Current MCP status: stdio package/source is locally smoke-tested and the hosted Streamable HTTP endpoint is live at `https://mcp.daedalusdevelopmentgroup.com/mcp` with public MCP-client smoke passing. See [`docs/mcp-production-readiness.md`](docs/mcp-production-readiness.md).
149
+
150
+ ## Security and compliance stance
151
+
152
+ DDG sells bounded artifacts/results, not raw model-provider account access. DDG never sells, returns, or relays:
153
+
154
+ - raw OAuth tokens
155
+ - provider API keys
156
+ - private account/session state
157
+ - raw provider seats
158
+ - private model IDs when they would reveal account mechanics
159
+ - raw payment tokens or verifier sidecar URLs
160
+
161
+ Provider-backed model capacity is packaged as DDG-operated artifact/result delivery with spend caps, output schemas, redaction, receipts, and operator review where needed.
162
+
163
+ ## Repository contents
164
+
165
+ ```text
166
+ openapi.json Public OpenAPI contract copy
167
+ docs/pricing.json Pricing copy
168
+ docs/agent-catalog.json Catalog copy
169
+ docs/agent-status.json Status copy
170
+ docs/checkout-conformance.json Checkout profile copy
171
+ docs/agent-skills/ Agent skill JSON files
172
+ mcp/ Local stdio MCP server and metadata
173
+ scripts/agent_checkout_conformance_probe.py Probe script
174
+ examples/ Curl and Python buyer-agent examples
175
+ schemas/ Public JSON schema drafts
176
+ ```
177
+
178
+ ## Contact
179
+
180
+ Operator contact: `0xcircuitbreaker@protonmail.com`
@@ -0,0 +1,143 @@
1
+ <!-- mcp-name: io.github.daedalusdevelopmentgroup/ddg-agent-services-mcp -->
2
+ # DDG Agent-Payable Services
3
+
4
+ AI-agent-native services from Daedalus Development Group (DDG): checkout/payment conformance, MCP/tool security audits, agent-discovery repair, buyer-agent smoke probes, browser proof, repo context packs, and bounded DDG-operated model/artifact orders.
5
+
6
+ Production base URL:
7
+
8
+ ```text
9
+ https://agents.daedalusdevelopmentgroup.com
10
+ ```
11
+
12
+ ## Current live payment rails
13
+
14
+ ```text
15
+ x402
16
+ direct_crypto_auto
17
+ direct_crypto_manual
18
+ ```
19
+
20
+ Accepted crypto is intentionally broad but bounded by public receiving-address custody and verifier support:
21
+
22
+ - x402 `accepts[]`: Base, Polygon, Arbitrum One, World Chain, and Solana mainnet USDC.
23
+ - Direct crypto public receiving-address families: EVM/stablecoins, BTC, BCH, LTC, DOGE, SOL, TRX, XRP, XLM, ALGO, DOT, ZEC, and XMR.
24
+ - Auto verification applies only where the verifier can prove settlement; otherwise `/v1/order-intake` records a hashed proof for operator confirmation before fulfillment.
25
+
26
+ MPP / Tempo is now advertised in the public 402 challenge with the verifier reporting ready:true and invalid-token failure verified. The remaining proof is one real buyer-funded penny settlement/idempotent replay before calling the MPP money flow fully witnessed. Stripe SPT remains planned.
27
+
28
+ ## Start here if you are a buyer agent
29
+
30
+ 1. Fetch AI discovery:
31
+
32
+ ```bash
33
+ tmp=$(mktemp)
34
+ curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ai
35
+ python3 -m json.tool "$tmp"
36
+ ```
37
+
38
+ 2. Fetch status:
39
+
40
+ ```bash
41
+ tmp=$(mktemp)
42
+ curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-status.json
43
+ python3 -m json.tool "$tmp"
44
+ ```
45
+
46
+ 3. Fetch pricing/catalog:
47
+
48
+ ```bash
49
+ tmp_pricing=$(mktemp)
50
+ tmp_catalog=$(mktemp)
51
+ curl -fsS -o "$tmp_pricing" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-pricing.json
52
+ curl -fsS -o "$tmp_catalog" https://agents.daedalusdevelopmentgroup.com/.well-known/agent-catalog.json
53
+ python3 -m json.tool "$tmp_pricing"
54
+ python3 -m json.tool "$tmp_catalog"
55
+ ```
56
+
57
+ 4. Verify checkout conformance:
58
+
59
+ ```bash
60
+ tmp=$(mktemp)
61
+ curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-checkout-conformance.json
62
+ python3 -m json.tool "$tmp"
63
+ ```
64
+
65
+ 5. Probe the payment gate without spending:
66
+
67
+ ```bash
68
+ curl -i -X POST https://agents.daedalusdevelopmentgroup.com/v1/tx-smoke-test \
69
+ -H 'Content-Type: application/json' \
70
+ -H 'X-Agent-Id: your-agent-id' \
71
+ -d '{"service":"tx_penny_smoke_test"}'
72
+ ```
73
+
74
+ Expected without payment: `402 payment_required` with accepted protocols.
75
+
76
+ ## Important endpoints
77
+
78
+ See also [`DISCOVERY.md`](DISCOVERY.md) for the agent-radar/distribution map and directory readiness notes.
79
+
80
+ | Endpoint | Purpose |
81
+ | --- | --- |
82
+ | `/.well-known/ai` | AI-agent discovery surface |
83
+ | `/.well-known/ddg-agent-status.json` | Rail/service/MCP status |
84
+ | `/.well-known/api-catalog` | Linkset API catalog |
85
+ | `/openapi.json` | OpenAPI contract |
86
+ | `/llms.txt` | LLM-facing instructions |
87
+ | `/.well-known/ddg-agent-pricing.json` | Machine-readable pricing |
88
+ | `/.well-known/agent-catalog.json` | Agent service catalog |
89
+ | `/.well-known/agent-skills/index.json` | Agent-skill discovery index |
90
+ | `/.well-known/ddg-agent-checkout-conformance.json` | Checkout conformance profile |
91
+ | `/.well-known/ddg-agent-refund-policy.json` | Strict refund/reversal policy for agent-paid work |
92
+ | `/.well-known/ddg-agent-swarm-mcp-design.md` | MCP design/status doc |
93
+
94
+ ## Flagship services
95
+
96
+ - `agent_payment_readiness_audit`
97
+ - `mcp_tool_security_audit`
98
+ - `agent_service_distribution_pack`
99
+ - `agent_marketplace_listing_pack`
100
+ - `agent_readiness_scorecard`
101
+ - `buyer_agent_smoke_probe`
102
+ - `browser_proof`
103
+ - `repo_context_pack`
104
+ - `ai_skill_safety_scan`
105
+ - `model_agent_run`
106
+
107
+ ## MCP
108
+
109
+ The local stdio MCP server is in [`mcp/`](mcp/). It exposes free discovery/status/conformance tools, allowlisted `ddg://` resources for public manifests/docs/OpenAPI, agent-radar/x402 Bazaar readiness metadata, and payment-aware paid-service helpers. Paid tools return structured `402 payment_required` challenges instead of opaque MCP errors.
110
+
111
+ Current MCP status: stdio package/source is locally smoke-tested and the hosted Streamable HTTP endpoint is live at `https://mcp.daedalusdevelopmentgroup.com/mcp` with public MCP-client smoke passing. See [`docs/mcp-production-readiness.md`](docs/mcp-production-readiness.md).
112
+
113
+ ## Security and compliance stance
114
+
115
+ DDG sells bounded artifacts/results, not raw model-provider account access. DDG never sells, returns, or relays:
116
+
117
+ - raw OAuth tokens
118
+ - provider API keys
119
+ - private account/session state
120
+ - raw provider seats
121
+ - private model IDs when they would reveal account mechanics
122
+ - raw payment tokens or verifier sidecar URLs
123
+
124
+ Provider-backed model capacity is packaged as DDG-operated artifact/result delivery with spend caps, output schemas, redaction, receipts, and operator review where needed.
125
+
126
+ ## Repository contents
127
+
128
+ ```text
129
+ openapi.json Public OpenAPI contract copy
130
+ docs/pricing.json Pricing copy
131
+ docs/agent-catalog.json Catalog copy
132
+ docs/agent-status.json Status copy
133
+ docs/checkout-conformance.json Checkout profile copy
134
+ docs/agent-skills/ Agent skill JSON files
135
+ mcp/ Local stdio MCP server and metadata
136
+ scripts/agent_checkout_conformance_probe.py Probe script
137
+ examples/ Curl and Python buyer-agent examples
138
+ schemas/ Public JSON schema drafts
139
+ ```
140
+
141
+ ## Contact
142
+
143
+ Operator contact: `0xcircuitbreaker@protonmail.com`
@@ -0,0 +1,13 @@
1
+ # Security Policy
2
+
3
+ Report security issues to `0xcircuitbreaker@protonmail.com`.
4
+
5
+ Please do not send secrets in issue bodies, service targets, or public pull requests. If you need to provide sensitive evidence, send a minimal redacted reproducer first.
6
+
7
+ ## DDG public security boundaries
8
+
9
+ - Public agents call only `https://agents.daedalusdevelopmentgroup.com`.
10
+ - Verifier sidecars are private and are not public API endpoints.
11
+ - MPP is not live until a real penny settlement proof passes.
12
+ - DDG returns redacted receipts/artifacts and avoids buyer contact leakage.
13
+ - Dynamic execution/browser/security scans are sandboxed or operator-reviewed.
@@ -0,0 +1,50 @@
1
+ # Pre-publish Security Audit Summary
2
+
3
+ Date: 2026-06-23
4
+
5
+ This repository packet was re-audited before publishing DDG Agent-Payable Services to GitHub and agent-discovery surfaces.
6
+
7
+ ## Checks performed
8
+
9
+ - JSON parse validation for all repository `*.json` files.
10
+ - Python source compile validation without writing bytecode.
11
+ - Secret-pattern scan for private-key blocks, API keys, Stripe live keys, AWS keys, GitHub tokens, private-key hex labels, LAN URLs, loopback verifier URLs, and unsafe raw-provider-account wording.
12
+ - Git hygiene check for clean status and no `Co-authored-by:` trailers.
13
+ - Public production payment ladder check:
14
+ - no identity -> `403 agent_only`
15
+ - identity/no payment -> `402 payment_required`
16
+ - fake payment -> `402 payment_required`
17
+ - Node sidecar supply-chain audit in the source workspace: `npm audit --omit=dev` returned zero vulnerabilities.
18
+ - MCP package readiness checks: stdio package metadata staged, local free-tool/402 smoke performed, and hosted HTTP/Streamable MCP intentionally not listed as live until deployed and smoked.
19
+ - Wallet/public-chain audit: published service wallets showed zero public tx/balance seen in the latest public-data scan; XMR and DOT have the noted visibility limitations.
20
+
21
+ ## Result
22
+
23
+ - Confirmed secret leaks: **0**
24
+ - Public live endpoint confirmed leaks: **0**
25
+ - Public repo packet confirmed secret/loopback/LAN leaks: **0**
26
+ - `Co-authored-by:` commit trailers in this packet repo: **0**
27
+ - Tracked `__pycache__` / `*.pyc` / `*.env` / `c_priv` / `node_modules`: **0**
28
+ - JSON validation: **pass**
29
+ - Python compile validation: **pass**
30
+ - Public ladder: **pass**
31
+ - `npm audit --omit=dev`: **0 vulnerabilities**
32
+
33
+ ## Reviewed non-leak findings
34
+
35
+ The scan may flag DDG's explicit policy language such as "not resale of raw provider accounts" or "never raw provider account/session access." Those are benign safety statements, not credential leaks or resale claims.
36
+
37
+ ## Important live-rail status
38
+
39
+ Current public live rails are:
40
+
41
+ ```text
42
+ x402
43
+ direct_crypto_auto
44
+ ```
45
+
46
+ MPP/Stripe/Tempo is installed but **not advertised live**. It must not be listed as live until a real penny-scale MPP payment settles, idempotency replay passes, fake-token failure stays closed, sidecar health reports `ready:true`, and public docs/status are updated.
47
+
48
+ ## Security stance
49
+
50
+ DDG sells bounded artifacts/results, not raw provider account access. DDG does not publish or return raw provider API keys, OAuth tokens, private account sessions, private model IDs, payment private keys, raw payment tokens, or verifier sidecar URLs.
@@ -0,0 +1,11 @@
1
+ # Example Cloudflare Tunnel ingress stanza for the DDG MCP server.
2
+ # Preferred endpoint after production smoke:
3
+ # https://mcp.daedalusdevelopmentgroup.com/mcp
4
+ #
5
+ # Keep the payment edge hostname (agents.daedalusdevelopmentgroup.com) separate
6
+ # unless you intentionally add path-based ingress and re-smoke both services.
7
+
8
+ ingress:
9
+ - hostname: mcp.daedalusdevelopmentgroup.com
10
+ service: http://127.0.0.1:8891
11
+ - service: http_status:404