ddg-agent-services-mcp 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- ddg_agent_services_mcp-0.1.0/.github/dependabot.yml +23 -0
- ddg_agent_services_mcp-0.1.0/.github/workflows/ci.yml +61 -0
- ddg_agent_services_mcp-0.1.0/.github/workflows/codeql.yml +30 -0
- ddg_agent_services_mcp-0.1.0/.github/workflows/validate.yml +23 -0
- ddg_agent_services_mcp-0.1.0/.gitignore +11 -0
- ddg_agent_services_mcp-0.1.0/DISCOVERY.md +82 -0
- ddg_agent_services_mcp-0.1.0/LICENSE +21 -0
- ddg_agent_services_mcp-0.1.0/PKG-INFO +180 -0
- ddg_agent_services_mcp-0.1.0/README.md +143 -0
- ddg_agent_services_mcp-0.1.0/SECURITY.md +13 -0
- ddg_agent_services_mcp-0.1.0/SECURITY_AUDIT.md +50 -0
- ddg_agent_services_mcp-0.1.0/deploy/cloudflare/ddg-agent-services-mcp-ingress.example.yml +11 -0
- ddg_agent_services_mcp-0.1.0/deploy/systemd/ddg-agent-services-mcp.service +37 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-catalog.json +1417 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-distribution-action-plan.md +100 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-distribution-targets.json +97 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/agent-discovery-repair-pack.json +28 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/agent-payment-readiness-audit.json +28 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/agent-status-and-receipt-tools.json +28 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/browser-proof-artifact.json +28 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/buyer-agent-smoke-probe.json +28 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/ddg-agent-services.json +23 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/index.json +117 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/mcp-tool-security-audit.json +28 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/model-artifact-order.json +28 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/payment-rail-activation-proof.json +28 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/prompt-injection-ci.json +28 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills/repo-context-pack.json +28 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-skills-index.json +117 -0
- ddg_agent_services_mcp-0.1.0/docs/agent-status.json +273 -0
- ddg_agent_services_mcp-0.1.0/docs/agents.json +257 -0
- ddg_agent_services_mcp-0.1.0/docs/ai-discovery.json +398 -0
- ddg_agent_services_mcp-0.1.0/docs/api-catalog.linkset.json +86 -0
- ddg_agent_services_mcp-0.1.0/docs/apple-touch-icon.png +0 -0
- ddg_agent_services_mcp-0.1.0/docs/checkout-conformance.json +117 -0
- ddg_agent_services_mcp-0.1.0/docs/cybersecurity-services.json +291 -0
- ddg_agent_services_mcp-0.1.0/docs/direct_crypto_addresses.public.json +124 -0
- ddg_agent_services_mcp-0.1.0/docs/favicon-192.png +0 -0
- ddg_agent_services_mcp-0.1.0/docs/favicon-256.png +0 -0
- ddg_agent_services_mcp-0.1.0/docs/favicon-32.png +0 -0
- ddg_agent_services_mcp-0.1.0/docs/favicon.ico +0 -0
- ddg_agent_services_mcp-0.1.0/docs/llms.txt +183 -0
- ddg_agent_services_mcp-0.1.0/docs/mcp-production-readiness.md +115 -0
- ddg_agent_services_mcp-0.1.0/docs/mcp-security-audit-2026-06-23.md +76 -0
- ddg_agent_services_mcp-0.1.0/docs/pricing.json +2728 -0
- ddg_agent_services_mcp-0.1.0/docs/quickstart.md +247 -0
- ddg_agent_services_mcp-0.1.0/docs/x402-bazaar-readiness.json +345 -0
- ddg_agent_services_mcp-0.1.0/docs/x402-bazaar-readiness.md +44 -0
- ddg_agent_services_mcp-0.1.0/examples/buyer_agent_client.py +19 -0
- ddg_agent_services_mcp-0.1.0/examples/curl-smoke.sh +12 -0
- ddg_agent_services_mcp-0.1.0/glama.json +6 -0
- ddg_agent_services_mcp-0.1.0/mcp/README.md +174 -0
- ddg_agent_services_mcp-0.1.0/mcp/ddg-agent-swarm-mcp-design.md +117 -0
- ddg_agent_services_mcp-0.1.0/mcp/ddg_agent_services_mcp_server.py +22 -0
- ddg_agent_services_mcp-0.1.0/mcp/package-metadata.json +92 -0
- ddg_agent_services_mcp-0.1.0/mcp/server.json +47 -0
- ddg_agent_services_mcp-0.1.0/mcp/server.remote-template.json +24 -0
- ddg_agent_services_mcp-0.1.0/openapi.json +9479 -0
- ddg_agent_services_mcp-0.1.0/pyproject.toml +57 -0
- ddg_agent_services_mcp-0.1.0/schemas/agent-service.v1.json +33 -0
- ddg_agent_services_mcp-0.1.0/schemas/payment-challenge.v1.json +26 -0
- ddg_agent_services_mcp-0.1.0/schemas/receipt.v1.json +45 -0
- ddg_agent_services_mcp-0.1.0/scripts/agent_checkout_conformance_probe.py +152 -0
- ddg_agent_services_mcp-0.1.0/scripts/smoke_mcp_server.py +220 -0
- ddg_agent_services_mcp-0.1.0/scripts/validate_submission_sync.py +186 -0
- ddg_agent_services_mcp-0.1.0/src/ddg_agent_services_mcp/__init__.py +1 -0
- ddg_agent_services_mcp-0.1.0/src/ddg_agent_services_mcp/__main__.py +4 -0
- ddg_agent_services_mcp-0.1.0/src/ddg_agent_services_mcp/server.py +1118 -0
- ddg_agent_services_mcp-0.1.0/submissions/mcp-aggregators/listing-payloads.md +77 -0
- ddg_agent_services_mcp-0.1.0/submissions/mcp-registry/ddg-agent-services-publish.md +68 -0
- ddg_agent_services_mcp-0.1.0/submissions/x402-bazaar/settlement-metadata.json +283 -0
- ddg_agent_services_mcp-0.1.0/submissions/x402-ecosystem/awesome-x402-listing.md +77 -0
- ddg_agent_services_mcp-0.1.0/submissions/x402scan/ddg-agent-services-registration.md +167 -0
- ddg_agent_services_mcp-0.1.0/tests/test_mcp_security.py +304 -0
- ddg_agent_services_mcp-0.1.0/tests/test_submission_sync.py +18 -0
- ddg_agent_services_mcp-0.1.0/uv.lock +1433 -0
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
version: 2
|
|
2
|
+
updates:
|
|
3
|
+
- package-ecosystem: "pip"
|
|
4
|
+
directory: "/"
|
|
5
|
+
schedule:
|
|
6
|
+
interval: "weekly"
|
|
7
|
+
day: "monday"
|
|
8
|
+
time: "10:00"
|
|
9
|
+
timezone: "Etc/UTC"
|
|
10
|
+
open-pull-requests-limit: 5
|
|
11
|
+
groups:
|
|
12
|
+
python-security-and-maintenance:
|
|
13
|
+
patterns:
|
|
14
|
+
- "*"
|
|
15
|
+
|
|
16
|
+
- package-ecosystem: "github-actions"
|
|
17
|
+
directory: "/"
|
|
18
|
+
schedule:
|
|
19
|
+
interval: "weekly"
|
|
20
|
+
day: "monday"
|
|
21
|
+
time: "10:30"
|
|
22
|
+
timezone: "Etc/UTC"
|
|
23
|
+
open-pull-requests-limit: 5
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [main]
|
|
6
|
+
pull_request:
|
|
7
|
+
branches: [main]
|
|
8
|
+
|
|
9
|
+
permissions:
|
|
10
|
+
contents: read
|
|
11
|
+
|
|
12
|
+
jobs:
|
|
13
|
+
test-build-audit:
|
|
14
|
+
runs-on: ubuntu-latest
|
|
15
|
+
steps:
|
|
16
|
+
- uses: actions/checkout@v7
|
|
17
|
+
|
|
18
|
+
- name: Install uv
|
|
19
|
+
uses: astral-sh/setup-uv@v8.2.0
|
|
20
|
+
|
|
21
|
+
- name: Set up Python
|
|
22
|
+
uses: actions/setup-python@v6
|
|
23
|
+
with:
|
|
24
|
+
python-version: '3.12'
|
|
25
|
+
|
|
26
|
+
- name: Static secret and hygiene scan
|
|
27
|
+
run: |
|
|
28
|
+
python - <<'PY'
|
|
29
|
+
from pathlib import Path
|
|
30
|
+
import re, sys
|
|
31
|
+
patterns = {
|
|
32
|
+
'private_key_block': r'-----BEGIN [A-Z ]*PRIVATE KEY-----',
|
|
33
|
+
'github_token': r'\b(?:ghp|github_pat)_[A-Za-z0-9_]{16,}',
|
|
34
|
+
'stripe_secret': r'\bsk_(?:live|test)_[A-Za-z0-9]{16,}',
|
|
35
|
+
'aws_access_key': r'\b(?:AKIA|ASIA)[A-Z0-9]{16}\b',
|
|
36
|
+
'raw_secret_assignment': r'(?i)(?:private[_ -]?key|secret|token|password)\s*[:=]\s*(?:0x)?[0-9a-z_./+=-]{32,}',
|
|
37
|
+
'lan_url': r'https?://(?:10\.|172\.(?:1[6-9]|2[0-9]|3[01])\.|192\.168\.)[^\s)\]"\']+',
|
|
38
|
+
}
|
|
39
|
+
findings = []
|
|
40
|
+
for p in Path('.').rglob('*'):
|
|
41
|
+
if not p.is_file() or any(part in {'.git', '.venv', 'dist', '__pycache__'} for part in p.parts):
|
|
42
|
+
continue
|
|
43
|
+
if p.suffix.lower() not in {'.py', '.json', '.md', '.txt', '.toml', '.yaml', '.yml', '.sh', '.service'}:
|
|
44
|
+
continue
|
|
45
|
+
text = p.read_text(encoding='utf-8', errors='replace')
|
|
46
|
+
for name, rx in patterns.items():
|
|
47
|
+
for m in re.finditer(rx, text):
|
|
48
|
+
findings.append((str(p), name, text[max(0, m.start()-32):m.end()+32].replace('\n', ' ')[:160]))
|
|
49
|
+
if findings:
|
|
50
|
+
print('Potential secret/leak findings:')
|
|
51
|
+
for finding in findings[:20]:
|
|
52
|
+
print(finding)
|
|
53
|
+
sys.exit(1)
|
|
54
|
+
print('secret_hygiene_scan_ok')
|
|
55
|
+
PY
|
|
56
|
+
|
|
57
|
+
- name: Compile, unit test, and build package
|
|
58
|
+
run: |
|
|
59
|
+
uv run --extra dev python -m compileall src tests scripts
|
|
60
|
+
uv run --extra dev pytest -q
|
|
61
|
+
uv build --sdist --wheel
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
name: CodeQL
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [main]
|
|
6
|
+
pull_request:
|
|
7
|
+
branches: [main]
|
|
8
|
+
schedule:
|
|
9
|
+
- cron: '37 6 * * 1'
|
|
10
|
+
|
|
11
|
+
permissions:
|
|
12
|
+
contents: read
|
|
13
|
+
security-events: write
|
|
14
|
+
|
|
15
|
+
jobs:
|
|
16
|
+
analyze:
|
|
17
|
+
name: Analyze Python
|
|
18
|
+
runs-on: ubuntu-latest
|
|
19
|
+
timeout-minutes: 15
|
|
20
|
+
steps:
|
|
21
|
+
- name: Checkout repository
|
|
22
|
+
uses: actions/checkout@v7
|
|
23
|
+
|
|
24
|
+
- name: Initialize CodeQL
|
|
25
|
+
uses: github/codeql-action/init@v4
|
|
26
|
+
with:
|
|
27
|
+
languages: python
|
|
28
|
+
|
|
29
|
+
- name: Perform CodeQL Analysis
|
|
30
|
+
uses: github/codeql-action/analyze@v4
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
name: validate
|
|
2
|
+
on:
|
|
3
|
+
pull_request:
|
|
4
|
+
push:
|
|
5
|
+
jobs:
|
|
6
|
+
validate:
|
|
7
|
+
runs-on: ubuntu-latest
|
|
8
|
+
steps:
|
|
9
|
+
- uses: actions/checkout@v4
|
|
10
|
+
- uses: actions/setup-python@v5
|
|
11
|
+
with:
|
|
12
|
+
python-version: '3.12'
|
|
13
|
+
- name: Validate JSON and Python syntax
|
|
14
|
+
run: |
|
|
15
|
+
python - <<'PY'
|
|
16
|
+
import json, pathlib, py_compile
|
|
17
|
+
for p in pathlib.Path('.').rglob('*.json'):
|
|
18
|
+
json.loads(p.read_text())
|
|
19
|
+
print('json ok', p)
|
|
20
|
+
for p in pathlib.Path('.').rglob('*.py'):
|
|
21
|
+
py_compile.compile(str(p), doraise=True)
|
|
22
|
+
print('py ok', p)
|
|
23
|
+
PY
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
# AI-Agent Discovery Guide
|
|
2
|
+
|
|
3
|
+
This file is for buyer agents, agent-runtime maintainers, and directory/registry reviewers who need to decide whether DDG Agent-Payable Services are callable, safe, and relevant.
|
|
4
|
+
|
|
5
|
+
## Canonical service surface
|
|
6
|
+
|
|
7
|
+
```text
|
|
8
|
+
https://agents.daedalusdevelopmentgroup.com
|
|
9
|
+
```
|
|
10
|
+
|
|
11
|
+
## Machine-readable entry points
|
|
12
|
+
|
|
13
|
+
| Surface | URL | What an agent should use it for |
|
|
14
|
+
| --- | --- | --- |
|
|
15
|
+
| AI discovery | `https://agents.daedalusdevelopmentgroup.com/.well-known/ai` | First-pass service summary and links |
|
|
16
|
+
| Status | `https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-status.json` | Live rail/service/MCP readiness |
|
|
17
|
+
| API catalog | `https://agents.daedalusdevelopmentgroup.com/.well-known/api-catalog` | Linkset pointing to canonical API assets |
|
|
18
|
+
| OpenAPI | `https://agents.daedalusdevelopmentgroup.com/openapi.json` | Request/response schemas and routes |
|
|
19
|
+
| llms.txt | `https://agents.daedalusdevelopmentgroup.com/llms.txt` | LLM-readable usage notes |
|
|
20
|
+
| Pricing | `https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-pricing.json` | Service pricing and payment metadata |
|
|
21
|
+
| Agent catalog | `https://agents.daedalusdevelopmentgroup.com/.well-known/agent-catalog.json` | Agent-buyable service descriptions |
|
|
22
|
+
| Agent skills | `https://agents.daedalusdevelopmentgroup.com/.well-known/agent-skills/index.json` | Skill-specific service discovery |
|
|
23
|
+
| Checkout conformance | `https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-checkout-conformance.json` | 403/402/payment/idempotency contract |
|
|
24
|
+
| Refund/reversal policy | `https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-refund-policy.json` | Strict no-free-work reversal and entitlement-revocation policy |
|
|
25
|
+
| MCP design/status | `https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-swarm-mcp-design.md` | MCP wrapper design and current status |
|
|
26
|
+
|
|
27
|
+
## Current payment rails
|
|
28
|
+
|
|
29
|
+
Live now:
|
|
30
|
+
|
|
31
|
+
```text
|
|
32
|
+
x402
|
|
33
|
+
direct_crypto_auto
|
|
34
|
+
direct_crypto_manual
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Accepted crypto options exposed to buyer agents:
|
|
38
|
+
|
|
39
|
+
- x402 `accepts[]`: Base, Polygon, Arbitrum One, World Chain, and Solana mainnet USDC.
|
|
40
|
+
- Direct crypto public receiving-address families: EVM/stablecoins, BTC, BCH, LTC, DOGE, SOL, TRX, XRP, XLM, ALGO, DOT, ZEC, and XMR.
|
|
41
|
+
- Direct crypto proofs are auto-verified only for verifier-supported assets; the remaining public address families are operator-confirmed before fulfillment.
|
|
42
|
+
|
|
43
|
+
Installed but not advertised live yet:
|
|
44
|
+
|
|
45
|
+
```text
|
|
46
|
+
mpp
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
MPP / Stripe / Tempo must remain pending until a real penny-scale settlement succeeds, idempotency replay passes, invalid-token failure stays closed, the public status/pricing/catalog are updated, and all submission packets are re-synced.
|
|
50
|
+
|
|
51
|
+
## How I expect buyer agents to find DDG
|
|
52
|
+
|
|
53
|
+
A capable agent looking for services such as `x402 checkout conformance`, `MCP tool security audit`, `agent discovery repair`, or `browser proof artifact` will usually search in this order:
|
|
54
|
+
|
|
55
|
+
1. General web search / GitHub search for exact task keywords.
|
|
56
|
+
2. x402 ecosystem discovery: CDP Bazaar, x402scan, x402 ecosystem page, and x402 awesome lists.
|
|
57
|
+
3. MCP ecosystem discovery: official MCP Registry, MCP server aggregators, and GitHub topics.
|
|
58
|
+
4. Machine-readable files on service domains: `/.well-known/ai`, `/llms.txt`, `/openapi.json`, `/.well-known/agent-catalog.json`, `/.well-known/agent-skills/index.json`, and status/conformance JSON.
|
|
59
|
+
5. Package registries for installable tools: npm, PyPI, OCI/GHCR, or MCPB once a package is released.
|
|
60
|
+
6. Social/indexable proof: posts and docs that link directly to machine-readable endpoints instead of vague landing pages.
|
|
61
|
+
|
|
62
|
+
## Directory/registry readiness
|
|
63
|
+
|
|
64
|
+
Ready now after security audit:
|
|
65
|
+
|
|
66
|
+
- public GitHub repo packet
|
|
67
|
+
- owned machine-readable discovery surfaces (`/.well-known/ai`, `llms.txt`, OpenAPI, pricing, catalog, agent skills)
|
|
68
|
+
- MCP `ddg://distribution/agent-radar`, `ddg://distribution/x402scan-status`, and `ddg://distribution/x402-chains` resources for agent clients
|
|
69
|
+
- x402scan registration is live for `agents.daedalusdevelopmentgroup.com` with 5 validated resources; keep AgentCash/x402scan probes green after every OpenAPI/payment-edge/submission change.
|
|
70
|
+
- x402 / agent-commerce awesome-list PR copy
|
|
71
|
+
- x402 ecosystem listing request copy
|
|
72
|
+
- search-indexed docs and social links to machine-readable endpoints
|
|
73
|
+
|
|
74
|
+
Ready only after additional work:
|
|
75
|
+
|
|
76
|
+
- CDP x402 Bazaar: requires CDP Facilitator settlement with route discovery metadata and `paymentPayload.resource`.
|
|
77
|
+
- Official MCP Registry: requires a public installable package on a supported registry (PyPI for this stdio wrapper) or a public HTTP/Streamable MCP endpoint plus MCP Registry metadata/namespace verification.
|
|
78
|
+
- npm/PyPI package listing: requires packaging and release workflow for the stdio MCP wrapper.
|
|
79
|
+
|
|
80
|
+
## Security posture
|
|
81
|
+
|
|
82
|
+
DDG sells bounded artifacts/results and proof bundles. DDG does not sell or publish raw provider account access, OAuth tokens, provider API keys, private model IDs, private payment material, raw payment tokens, or verifier sidecar URLs.
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Daedalus Development Group
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,180 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: ddg-agent-services-mcp
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: Payment-aware MCP wrapper and AI-agent distribution/readiness surface for DDG Agent-Payable Services
|
|
5
|
+
Project-URL: Homepage, https://agents.daedalusdevelopmentgroup.com/.well-known/ai
|
|
6
|
+
Project-URL: Documentation, https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-swarm-mcp-design.md
|
|
7
|
+
Project-URL: Repository, https://github.com/daedalusdevelopmentgroup/ddg-agent-payable-services
|
|
8
|
+
Project-URL: Issues, https://github.com/daedalusdevelopmentgroup/ddg-agent-payable-services/issues
|
|
9
|
+
Author-email: Daedalus Development Group <0xcircuitbreaker@protonmail.com>
|
|
10
|
+
License-Expression: MIT
|
|
11
|
+
License-File: LICENSE
|
|
12
|
+
Keywords: agent-commerce,ai-agents,bazaar,machine-payments,mcp,mcp-registry,openapi,x402
|
|
13
|
+
Classifier: Development Status :: 3 - Alpha
|
|
14
|
+
Classifier: Environment :: Console
|
|
15
|
+
Classifier: Intended Audience :: Developers
|
|
16
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
17
|
+
Classifier: Programming Language :: Python :: 3
|
|
18
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
19
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
20
|
+
Classifier: Topic :: Internet :: WWW/HTTP
|
|
21
|
+
Classifier: Topic :: Security
|
|
22
|
+
Requires-Python: >=3.11
|
|
23
|
+
Requires-Dist: aiohttp>=3.14.1
|
|
24
|
+
Requires-Dist: cryptography>=48.0.1
|
|
25
|
+
Requires-Dist: mcp>=1.23.0
|
|
26
|
+
Requires-Dist: pydantic-settings>=2.14.2
|
|
27
|
+
Requires-Dist: pygments>=2.20.0
|
|
28
|
+
Requires-Dist: pyjwt>=2.13.0
|
|
29
|
+
Requires-Dist: pynacl>=1.6.2
|
|
30
|
+
Requires-Dist: python-multipart>=0.0.31
|
|
31
|
+
Requires-Dist: starlette>=1.3.1
|
|
32
|
+
Requires-Dist: tornado>=6.5.7
|
|
33
|
+
Requires-Dist: urllib3>=2.7.0
|
|
34
|
+
Provides-Extra: dev
|
|
35
|
+
Requires-Dist: pytest>=9.0.3; extra == 'dev'
|
|
36
|
+
Description-Content-Type: text/markdown
|
|
37
|
+
|
|
38
|
+
<!-- mcp-name: io.github.daedalusdevelopmentgroup/ddg-agent-services-mcp -->
|
|
39
|
+
# DDG Agent-Payable Services
|
|
40
|
+
|
|
41
|
+
AI-agent-native services from Daedalus Development Group (DDG): checkout/payment conformance, MCP/tool security audits, agent-discovery repair, buyer-agent smoke probes, browser proof, repo context packs, and bounded DDG-operated model/artifact orders.
|
|
42
|
+
|
|
43
|
+
Production base URL:
|
|
44
|
+
|
|
45
|
+
```text
|
|
46
|
+
https://agents.daedalusdevelopmentgroup.com
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
## Current live payment rails
|
|
50
|
+
|
|
51
|
+
```text
|
|
52
|
+
x402
|
|
53
|
+
direct_crypto_auto
|
|
54
|
+
direct_crypto_manual
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Accepted crypto is intentionally broad but bounded by public receiving-address custody and verifier support:
|
|
58
|
+
|
|
59
|
+
- x402 `accepts[]`: Base, Polygon, Arbitrum One, World Chain, and Solana mainnet USDC.
|
|
60
|
+
- Direct crypto public receiving-address families: EVM/stablecoins, BTC, BCH, LTC, DOGE, SOL, TRX, XRP, XLM, ALGO, DOT, ZEC, and XMR.
|
|
61
|
+
- Auto verification applies only where the verifier can prove settlement; otherwise `/v1/order-intake` records a hashed proof for operator confirmation before fulfillment.
|
|
62
|
+
|
|
63
|
+
MPP / Tempo is now advertised in the public 402 challenge with the verifier reporting ready:true and invalid-token failure verified. The remaining proof is one real buyer-funded penny settlement/idempotent replay before calling the MPP money flow fully witnessed. Stripe SPT remains planned.
|
|
64
|
+
|
|
65
|
+
## Start here if you are a buyer agent
|
|
66
|
+
|
|
67
|
+
1. Fetch AI discovery:
|
|
68
|
+
|
|
69
|
+
```bash
|
|
70
|
+
tmp=$(mktemp)
|
|
71
|
+
curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ai
|
|
72
|
+
python3 -m json.tool "$tmp"
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
2. Fetch status:
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
tmp=$(mktemp)
|
|
79
|
+
curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-status.json
|
|
80
|
+
python3 -m json.tool "$tmp"
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
3. Fetch pricing/catalog:
|
|
84
|
+
|
|
85
|
+
```bash
|
|
86
|
+
tmp_pricing=$(mktemp)
|
|
87
|
+
tmp_catalog=$(mktemp)
|
|
88
|
+
curl -fsS -o "$tmp_pricing" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-pricing.json
|
|
89
|
+
curl -fsS -o "$tmp_catalog" https://agents.daedalusdevelopmentgroup.com/.well-known/agent-catalog.json
|
|
90
|
+
python3 -m json.tool "$tmp_pricing"
|
|
91
|
+
python3 -m json.tool "$tmp_catalog"
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
4. Verify checkout conformance:
|
|
95
|
+
|
|
96
|
+
```bash
|
|
97
|
+
tmp=$(mktemp)
|
|
98
|
+
curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-checkout-conformance.json
|
|
99
|
+
python3 -m json.tool "$tmp"
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
5. Probe the payment gate without spending:
|
|
103
|
+
|
|
104
|
+
```bash
|
|
105
|
+
curl -i -X POST https://agents.daedalusdevelopmentgroup.com/v1/tx-smoke-test \
|
|
106
|
+
-H 'Content-Type: application/json' \
|
|
107
|
+
-H 'X-Agent-Id: your-agent-id' \
|
|
108
|
+
-d '{"service":"tx_penny_smoke_test"}'
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
Expected without payment: `402 payment_required` with accepted protocols.
|
|
112
|
+
|
|
113
|
+
## Important endpoints
|
|
114
|
+
|
|
115
|
+
See also [`DISCOVERY.md`](DISCOVERY.md) for the agent-radar/distribution map and directory readiness notes.
|
|
116
|
+
|
|
117
|
+
| Endpoint | Purpose |
|
|
118
|
+
| --- | --- |
|
|
119
|
+
| `/.well-known/ai` | AI-agent discovery surface |
|
|
120
|
+
| `/.well-known/ddg-agent-status.json` | Rail/service/MCP status |
|
|
121
|
+
| `/.well-known/api-catalog` | Linkset API catalog |
|
|
122
|
+
| `/openapi.json` | OpenAPI contract |
|
|
123
|
+
| `/llms.txt` | LLM-facing instructions |
|
|
124
|
+
| `/.well-known/ddg-agent-pricing.json` | Machine-readable pricing |
|
|
125
|
+
| `/.well-known/agent-catalog.json` | Agent service catalog |
|
|
126
|
+
| `/.well-known/agent-skills/index.json` | Agent-skill discovery index |
|
|
127
|
+
| `/.well-known/ddg-agent-checkout-conformance.json` | Checkout conformance profile |
|
|
128
|
+
| `/.well-known/ddg-agent-refund-policy.json` | Strict refund/reversal policy for agent-paid work |
|
|
129
|
+
| `/.well-known/ddg-agent-swarm-mcp-design.md` | MCP design/status doc |
|
|
130
|
+
|
|
131
|
+
## Flagship services
|
|
132
|
+
|
|
133
|
+
- `agent_payment_readiness_audit`
|
|
134
|
+
- `mcp_tool_security_audit`
|
|
135
|
+
- `agent_service_distribution_pack`
|
|
136
|
+
- `agent_marketplace_listing_pack`
|
|
137
|
+
- `agent_readiness_scorecard`
|
|
138
|
+
- `buyer_agent_smoke_probe`
|
|
139
|
+
- `browser_proof`
|
|
140
|
+
- `repo_context_pack`
|
|
141
|
+
- `ai_skill_safety_scan`
|
|
142
|
+
- `model_agent_run`
|
|
143
|
+
|
|
144
|
+
## MCP
|
|
145
|
+
|
|
146
|
+
The local stdio MCP server is in [`mcp/`](mcp/). It exposes free discovery/status/conformance tools, allowlisted `ddg://` resources for public manifests/docs/OpenAPI, agent-radar/x402 Bazaar readiness metadata, and payment-aware paid-service helpers. Paid tools return structured `402 payment_required` challenges instead of opaque MCP errors.
|
|
147
|
+
|
|
148
|
+
Current MCP status: stdio package/source is locally smoke-tested and the hosted Streamable HTTP endpoint is live at `https://mcp.daedalusdevelopmentgroup.com/mcp` with public MCP-client smoke passing. See [`docs/mcp-production-readiness.md`](docs/mcp-production-readiness.md).
|
|
149
|
+
|
|
150
|
+
## Security and compliance stance
|
|
151
|
+
|
|
152
|
+
DDG sells bounded artifacts/results, not raw model-provider account access. DDG never sells, returns, or relays:
|
|
153
|
+
|
|
154
|
+
- raw OAuth tokens
|
|
155
|
+
- provider API keys
|
|
156
|
+
- private account/session state
|
|
157
|
+
- raw provider seats
|
|
158
|
+
- private model IDs when they would reveal account mechanics
|
|
159
|
+
- raw payment tokens or verifier sidecar URLs
|
|
160
|
+
|
|
161
|
+
Provider-backed model capacity is packaged as DDG-operated artifact/result delivery with spend caps, output schemas, redaction, receipts, and operator review where needed.
|
|
162
|
+
|
|
163
|
+
## Repository contents
|
|
164
|
+
|
|
165
|
+
```text
|
|
166
|
+
openapi.json Public OpenAPI contract copy
|
|
167
|
+
docs/pricing.json Pricing copy
|
|
168
|
+
docs/agent-catalog.json Catalog copy
|
|
169
|
+
docs/agent-status.json Status copy
|
|
170
|
+
docs/checkout-conformance.json Checkout profile copy
|
|
171
|
+
docs/agent-skills/ Agent skill JSON files
|
|
172
|
+
mcp/ Local stdio MCP server and metadata
|
|
173
|
+
scripts/agent_checkout_conformance_probe.py Probe script
|
|
174
|
+
examples/ Curl and Python buyer-agent examples
|
|
175
|
+
schemas/ Public JSON schema drafts
|
|
176
|
+
```
|
|
177
|
+
|
|
178
|
+
## Contact
|
|
179
|
+
|
|
180
|
+
Operator contact: `0xcircuitbreaker@protonmail.com`
|
|
@@ -0,0 +1,143 @@
|
|
|
1
|
+
<!-- mcp-name: io.github.daedalusdevelopmentgroup/ddg-agent-services-mcp -->
|
|
2
|
+
# DDG Agent-Payable Services
|
|
3
|
+
|
|
4
|
+
AI-agent-native services from Daedalus Development Group (DDG): checkout/payment conformance, MCP/tool security audits, agent-discovery repair, buyer-agent smoke probes, browser proof, repo context packs, and bounded DDG-operated model/artifact orders.
|
|
5
|
+
|
|
6
|
+
Production base URL:
|
|
7
|
+
|
|
8
|
+
```text
|
|
9
|
+
https://agents.daedalusdevelopmentgroup.com
|
|
10
|
+
```
|
|
11
|
+
|
|
12
|
+
## Current live payment rails
|
|
13
|
+
|
|
14
|
+
```text
|
|
15
|
+
x402
|
|
16
|
+
direct_crypto_auto
|
|
17
|
+
direct_crypto_manual
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
Accepted crypto is intentionally broad but bounded by public receiving-address custody and verifier support:
|
|
21
|
+
|
|
22
|
+
- x402 `accepts[]`: Base, Polygon, Arbitrum One, World Chain, and Solana mainnet USDC.
|
|
23
|
+
- Direct crypto public receiving-address families: EVM/stablecoins, BTC, BCH, LTC, DOGE, SOL, TRX, XRP, XLM, ALGO, DOT, ZEC, and XMR.
|
|
24
|
+
- Auto verification applies only where the verifier can prove settlement; otherwise `/v1/order-intake` records a hashed proof for operator confirmation before fulfillment.
|
|
25
|
+
|
|
26
|
+
MPP / Tempo is now advertised in the public 402 challenge with the verifier reporting ready:true and invalid-token failure verified. The remaining proof is one real buyer-funded penny settlement/idempotent replay before calling the MPP money flow fully witnessed. Stripe SPT remains planned.
|
|
27
|
+
|
|
28
|
+
## Start here if you are a buyer agent
|
|
29
|
+
|
|
30
|
+
1. Fetch AI discovery:
|
|
31
|
+
|
|
32
|
+
```bash
|
|
33
|
+
tmp=$(mktemp)
|
|
34
|
+
curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ai
|
|
35
|
+
python3 -m json.tool "$tmp"
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
2. Fetch status:
|
|
39
|
+
|
|
40
|
+
```bash
|
|
41
|
+
tmp=$(mktemp)
|
|
42
|
+
curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-status.json
|
|
43
|
+
python3 -m json.tool "$tmp"
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
3. Fetch pricing/catalog:
|
|
47
|
+
|
|
48
|
+
```bash
|
|
49
|
+
tmp_pricing=$(mktemp)
|
|
50
|
+
tmp_catalog=$(mktemp)
|
|
51
|
+
curl -fsS -o "$tmp_pricing" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-pricing.json
|
|
52
|
+
curl -fsS -o "$tmp_catalog" https://agents.daedalusdevelopmentgroup.com/.well-known/agent-catalog.json
|
|
53
|
+
python3 -m json.tool "$tmp_pricing"
|
|
54
|
+
python3 -m json.tool "$tmp_catalog"
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
4. Verify checkout conformance:
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
tmp=$(mktemp)
|
|
61
|
+
curl -fsS -o "$tmp" https://agents.daedalusdevelopmentgroup.com/.well-known/ddg-agent-checkout-conformance.json
|
|
62
|
+
python3 -m json.tool "$tmp"
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
5. Probe the payment gate without spending:
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
curl -i -X POST https://agents.daedalusdevelopmentgroup.com/v1/tx-smoke-test \
|
|
69
|
+
-H 'Content-Type: application/json' \
|
|
70
|
+
-H 'X-Agent-Id: your-agent-id' \
|
|
71
|
+
-d '{"service":"tx_penny_smoke_test"}'
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
Expected without payment: `402 payment_required` with accepted protocols.
|
|
75
|
+
|
|
76
|
+
## Important endpoints
|
|
77
|
+
|
|
78
|
+
See also [`DISCOVERY.md`](DISCOVERY.md) for the agent-radar/distribution map and directory readiness notes.
|
|
79
|
+
|
|
80
|
+
| Endpoint | Purpose |
|
|
81
|
+
| --- | --- |
|
|
82
|
+
| `/.well-known/ai` | AI-agent discovery surface |
|
|
83
|
+
| `/.well-known/ddg-agent-status.json` | Rail/service/MCP status |
|
|
84
|
+
| `/.well-known/api-catalog` | Linkset API catalog |
|
|
85
|
+
| `/openapi.json` | OpenAPI contract |
|
|
86
|
+
| `/llms.txt` | LLM-facing instructions |
|
|
87
|
+
| `/.well-known/ddg-agent-pricing.json` | Machine-readable pricing |
|
|
88
|
+
| `/.well-known/agent-catalog.json` | Agent service catalog |
|
|
89
|
+
| `/.well-known/agent-skills/index.json` | Agent-skill discovery index |
|
|
90
|
+
| `/.well-known/ddg-agent-checkout-conformance.json` | Checkout conformance profile |
|
|
91
|
+
| `/.well-known/ddg-agent-refund-policy.json` | Strict refund/reversal policy for agent-paid work |
|
|
92
|
+
| `/.well-known/ddg-agent-swarm-mcp-design.md` | MCP design/status doc |
|
|
93
|
+
|
|
94
|
+
## Flagship services
|
|
95
|
+
|
|
96
|
+
- `agent_payment_readiness_audit`
|
|
97
|
+
- `mcp_tool_security_audit`
|
|
98
|
+
- `agent_service_distribution_pack`
|
|
99
|
+
- `agent_marketplace_listing_pack`
|
|
100
|
+
- `agent_readiness_scorecard`
|
|
101
|
+
- `buyer_agent_smoke_probe`
|
|
102
|
+
- `browser_proof`
|
|
103
|
+
- `repo_context_pack`
|
|
104
|
+
- `ai_skill_safety_scan`
|
|
105
|
+
- `model_agent_run`
|
|
106
|
+
|
|
107
|
+
## MCP
|
|
108
|
+
|
|
109
|
+
The local stdio MCP server is in [`mcp/`](mcp/). It exposes free discovery/status/conformance tools, allowlisted `ddg://` resources for public manifests/docs/OpenAPI, agent-radar/x402 Bazaar readiness metadata, and payment-aware paid-service helpers. Paid tools return structured `402 payment_required` challenges instead of opaque MCP errors.
|
|
110
|
+
|
|
111
|
+
Current MCP status: stdio package/source is locally smoke-tested and the hosted Streamable HTTP endpoint is live at `https://mcp.daedalusdevelopmentgroup.com/mcp` with public MCP-client smoke passing. See [`docs/mcp-production-readiness.md`](docs/mcp-production-readiness.md).
|
|
112
|
+
|
|
113
|
+
## Security and compliance stance
|
|
114
|
+
|
|
115
|
+
DDG sells bounded artifacts/results, not raw model-provider account access. DDG never sells, returns, or relays:
|
|
116
|
+
|
|
117
|
+
- raw OAuth tokens
|
|
118
|
+
- provider API keys
|
|
119
|
+
- private account/session state
|
|
120
|
+
- raw provider seats
|
|
121
|
+
- private model IDs when they would reveal account mechanics
|
|
122
|
+
- raw payment tokens or verifier sidecar URLs
|
|
123
|
+
|
|
124
|
+
Provider-backed model capacity is packaged as DDG-operated artifact/result delivery with spend caps, output schemas, redaction, receipts, and operator review where needed.
|
|
125
|
+
|
|
126
|
+
## Repository contents
|
|
127
|
+
|
|
128
|
+
```text
|
|
129
|
+
openapi.json Public OpenAPI contract copy
|
|
130
|
+
docs/pricing.json Pricing copy
|
|
131
|
+
docs/agent-catalog.json Catalog copy
|
|
132
|
+
docs/agent-status.json Status copy
|
|
133
|
+
docs/checkout-conformance.json Checkout profile copy
|
|
134
|
+
docs/agent-skills/ Agent skill JSON files
|
|
135
|
+
mcp/ Local stdio MCP server and metadata
|
|
136
|
+
scripts/agent_checkout_conformance_probe.py Probe script
|
|
137
|
+
examples/ Curl and Python buyer-agent examples
|
|
138
|
+
schemas/ Public JSON schema drafts
|
|
139
|
+
```
|
|
140
|
+
|
|
141
|
+
## Contact
|
|
142
|
+
|
|
143
|
+
Operator contact: `0xcircuitbreaker@protonmail.com`
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
Report security issues to `0xcircuitbreaker@protonmail.com`.
|
|
4
|
+
|
|
5
|
+
Please do not send secrets in issue bodies, service targets, or public pull requests. If you need to provide sensitive evidence, send a minimal redacted reproducer first.
|
|
6
|
+
|
|
7
|
+
## DDG public security boundaries
|
|
8
|
+
|
|
9
|
+
- Public agents call only `https://agents.daedalusdevelopmentgroup.com`.
|
|
10
|
+
- Verifier sidecars are private and are not public API endpoints.
|
|
11
|
+
- MPP is not live until a real penny settlement proof passes.
|
|
12
|
+
- DDG returns redacted receipts/artifacts and avoids buyer contact leakage.
|
|
13
|
+
- Dynamic execution/browser/security scans are sandboxed or operator-reviewed.
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
# Pre-publish Security Audit Summary
|
|
2
|
+
|
|
3
|
+
Date: 2026-06-23
|
|
4
|
+
|
|
5
|
+
This repository packet was re-audited before publishing DDG Agent-Payable Services to GitHub and agent-discovery surfaces.
|
|
6
|
+
|
|
7
|
+
## Checks performed
|
|
8
|
+
|
|
9
|
+
- JSON parse validation for all repository `*.json` files.
|
|
10
|
+
- Python source compile validation without writing bytecode.
|
|
11
|
+
- Secret-pattern scan for private-key blocks, API keys, Stripe live keys, AWS keys, GitHub tokens, private-key hex labels, LAN URLs, loopback verifier URLs, and unsafe raw-provider-account wording.
|
|
12
|
+
- Git hygiene check for clean status and no `Co-authored-by:` trailers.
|
|
13
|
+
- Public production payment ladder check:
|
|
14
|
+
- no identity -> `403 agent_only`
|
|
15
|
+
- identity/no payment -> `402 payment_required`
|
|
16
|
+
- fake payment -> `402 payment_required`
|
|
17
|
+
- Node sidecar supply-chain audit in the source workspace: `npm audit --omit=dev` returned zero vulnerabilities.
|
|
18
|
+
- MCP package readiness checks: stdio package metadata staged, local free-tool/402 smoke performed, and hosted HTTP/Streamable MCP intentionally not listed as live until deployed and smoked.
|
|
19
|
+
- Wallet/public-chain audit: published service wallets showed zero public tx/balance seen in the latest public-data scan; XMR and DOT have the noted visibility limitations.
|
|
20
|
+
|
|
21
|
+
## Result
|
|
22
|
+
|
|
23
|
+
- Confirmed secret leaks: **0**
|
|
24
|
+
- Public live endpoint confirmed leaks: **0**
|
|
25
|
+
- Public repo packet confirmed secret/loopback/LAN leaks: **0**
|
|
26
|
+
- `Co-authored-by:` commit trailers in this packet repo: **0**
|
|
27
|
+
- Tracked `__pycache__` / `*.pyc` / `*.env` / `c_priv` / `node_modules`: **0**
|
|
28
|
+
- JSON validation: **pass**
|
|
29
|
+
- Python compile validation: **pass**
|
|
30
|
+
- Public ladder: **pass**
|
|
31
|
+
- `npm audit --omit=dev`: **0 vulnerabilities**
|
|
32
|
+
|
|
33
|
+
## Reviewed non-leak findings
|
|
34
|
+
|
|
35
|
+
The scan may flag DDG's explicit policy language such as "not resale of raw provider accounts" or "never raw provider account/session access." Those are benign safety statements, not credential leaks or resale claims.
|
|
36
|
+
|
|
37
|
+
## Important live-rail status
|
|
38
|
+
|
|
39
|
+
Current public live rails are:
|
|
40
|
+
|
|
41
|
+
```text
|
|
42
|
+
x402
|
|
43
|
+
direct_crypto_auto
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
MPP/Stripe/Tempo is installed but **not advertised live**. It must not be listed as live until a real penny-scale MPP payment settles, idempotency replay passes, fake-token failure stays closed, sidecar health reports `ready:true`, and public docs/status are updated.
|
|
47
|
+
|
|
48
|
+
## Security stance
|
|
49
|
+
|
|
50
|
+
DDG sells bounded artifacts/results, not raw provider account access. DDG does not publish or return raw provider API keys, OAuth tokens, private account sessions, private model IDs, payment private keys, raw payment tokens, or verifier sidecar URLs.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Example Cloudflare Tunnel ingress stanza for the DDG MCP server.
|
|
2
|
+
# Preferred endpoint after production smoke:
|
|
3
|
+
# https://mcp.daedalusdevelopmentgroup.com/mcp
|
|
4
|
+
#
|
|
5
|
+
# Keep the payment edge hostname (agents.daedalusdevelopmentgroup.com) separate
|
|
6
|
+
# unless you intentionally add path-based ingress and re-smoke both services.
|
|
7
|
+
|
|
8
|
+
ingress:
|
|
9
|
+
- hostname: mcp.daedalusdevelopmentgroup.com
|
|
10
|
+
service: http://127.0.0.1:8891
|
|
11
|
+
- service: http_status:404
|