merge: PR #609 — obol sell mcp (paid MCP tool over x402)

Author: bussyjd

cmd/obol/sell.go

@@ -37,6 +37,7 @@ import (
 	"github.com/ObolNetwork/obol-stack/internal/ui"
 	"github.com/ObolNetwork/obol-stack/internal/validate"
 	x402verifier "github.com/ObolNetwork/obol-stack/internal/x402"
+	"github.com/ObolNetwork/obol-stack/internal/x402mcp"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/urfave/cli/v3"
 	"gopkg.in/yaml.v3"
@@ -49,6 +50,7 @@ func sellCommand(cfg *config.Config) *cli.Command {
 		Commands: []*cli.Command{
 			sellInferenceCommand(cfg),
 			sellHTTPCommand(cfg),
+			sellMCPCommand(cfg),
 			sellAgentCommand(cfg),
 			sellDemoCommand(cfg),
 			sellListCommand(cfg),
@@ -531,6 +533,131 @@ Examples:
 // sell http — create a ServiceOffer CRD for any HTTP service
 // ---------------------------------------------------------------------------
 
+func sellMCPCommand(cfg *config.Config) *cli.Command {
+	_ = cfg
+	return &cli.Command{
+		Name:      "mcp",
+		Usage:     "Sell a paid MCP tool over x402 (in-band _meta payment)",
+		ArgsUsage: "[name]",
+		Description: `Runs a local x402-paid MCP (Model Context Protocol) server in the
+foreground. The paid tool forwards the buyer's JSON arguments to a backend HTTP
+service, injecting the seller's own credential (an API key the buyer never
+sees), so any credentialed real-world service can be resold to agents per call.
+Buyers (e.g. hermes-agent's pay_mcp plugin) settle in-band via the MCP request
+_meta["x402/payment"] field, per specs/transports-v2/mcp.md. The wrapper runs
+verify -> execute -> settle inside the tool call, so a caller is never charged
+for a failed tool. This is the application-layer counterpart to the HTTP-402
+ForwardAuth gate used by 'obol sell inference' / 'obol sell http'.
+
+Connect a buyer at http://localhost:<port>/mcp (streamable HTTP).
+
+Examples:
+  # Front a weather API as a paid MCP tool (the canonical x402 paid-MCP shape):
+  obol sell mcp weather --pay-to 0x... --price 0.001 --chain base-sepolia \
+      --tool-name get_weather \
+      --description 'Current weather for a city. Args: {city}' \
+      --upstream https://your-weather-service/current
+
+  # Any JSON HTTP service works the same way; pass the backend's auth header if
+  # it needs one (set server-side, never sent to buyers):
+  obol sell mcp my-tool --pay-to 0x... --price 0.005 --tool-name call \
+      --upstream https://api.example.com/do --upstream-header 'X-Api-Key: <key>'`,
+		Flags: []cli.Flag{
+			payToFlag("Payment recipient address"),
+			&cli.StringFlag{
+				Name:  "chain",
+				Usage: "Payment chain (base, base-sepolia, ethereum, polygon)",
+				Value: "base-sepolia",
+			},
+			&cli.StringFlag{
+				Name:  "price",
+				Usage: "Per-call price, USD-denominated (e.g. 0.001)",
+				Value: "0.001",
+			},
+			&cli.StringFlag{
+				Name:  "tool-name",
+				Usage: "Name of the paid MCP tool",
+				Value: "call",
+			},
+			&cli.StringFlag{
+				Name:  "description",
+				Usage: "Human-readable description of the paid tool",
+			},
+			&cli.IntFlag{
+				Name:  "port",
+				Usage: "Port to serve the MCP server on",
+				Value: 4022,
+			},
+			&cli.StringFlag{
+				Name:  "upstream",
+				Usage: "Backend HTTP service URL the paid tool POSTs the buyer's JSON args to (e.g. a weather/data API)",
+			},
+			&cli.StringSliceFlag{
+				Name:  "upstream-header",
+				Usage: "Optional auth header for the backend, set server-side and never sent to buyers (repeatable, \"Key: Value\", e.g. \"X-Api-Key: <key>\")",
+			},
+			&cli.StringFlag{
+				Name:  "facilitator",
+				Usage: "x402 facilitator URL (verify/settle)",
+			},
+		},
+		Action: func(ctx context.Context, cmd *cli.Command) error {
+			u := getUI(cmd)
+
+			payTo := cmd.String("pay-to")
+			if payTo == "" {
+				return errors.New("--pay-to is required")
+			}
+			name := cmd.Args().First()
+			if name == "" {
+				name = "obol-mcp"
+			}
+			facilitator := cmd.String("facilitator")
+			if facilitator == "" {
+				facilitator = x402verifier.DefaultFacilitatorURL
+			}
+
+			headers, err := parseUpstreamHeaders(cmd.StringSlice("upstream-header"))
+			if err != nil {
+				return err
+			}
+
+			u.Infof("Starting paid MCP server %q on port %d (Ctrl-C to stop)", name, cmd.Int("port"))
+			return x402mcp.Serve(ctx, x402mcp.Options{
+				Name:            name,
+				ToolName:        cmd.String("tool-name"),
+				Description:     cmd.String("description"),
+				Port:            cmd.Int("port"),
+				PayTo:           payTo,
+				Price:           cmd.String("price"),
+				Chain:           cmd.String("chain"),
+				FacilitatorURL:  facilitator,
+				Upstream:        cmd.String("upstream"),
+				UpstreamHeaders: headers,
+			})
+		},
+	}
+}
+
+// parseUpstreamHeaders turns repeatable "Key: Value" --upstream-header flags
+// into a header map injected on upstream calls (the seller's credential).
+func parseUpstreamHeaders(pairs []string) (map[string]string, error) {
+	if len(pairs) == 0 {
+		return nil, nil
+	}
+	headers := make(map[string]string, len(pairs))
+	for _, p := range pairs {
+		k, v, ok := strings.Cut(p, ":")
+		k = strings.TrimSpace(k)
+		v = strings.TrimSpace(v)
+		if !ok || k == "" {
+			return nil, fmt.Errorf("invalid --upstream-header %q: want \"Key: Value\"", p)
+		}
+		headers[k] = v
+	}
+	return headers, nil
+}
+
 func sellHTTPCommand(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:      "http",

cmd/obol/sell_test.go

@@ -147,6 +147,28 @@ func newTestConfig(t *testing.T) *config.Config {
 // Tests
 // ─────────────────────────────────────────────────────────────────────────────
 
+func TestParseUpstreamHeaders(t *testing.T) {
+	t.Run("parses Key: Value pairs and trims", func(t *testing.T) {
+		got, err := parseUpstreamHeaders([]string{"X-Api-Key: abc", "X-Region:eu"})
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+		if got["X-Api-Key"] != "abc" || got["X-Region"] != "eu" {
+			t.Errorf("got %v", got)
+		}
+	})
+	t.Run("nil for no flags", func(t *testing.T) {
+		if got, err := parseUpstreamHeaders(nil); err != nil || got != nil {
+			t.Errorf("got %v, %v; want nil, nil", got, err)
+		}
+	})
+	t.Run("rejects malformed pair", func(t *testing.T) {
+		if _, err := parseUpstreamHeaders([]string{"no-colon"}); err == nil {
+			t.Error("expected error for header without a colon")
+		}
+	})
+}
+
 func TestSellCommand_Structure(t *testing.T) {
 	cfg := newTestConfig(t)
 	cmd := sellCommand(cfg)

go.mod

@@ -4,7 +4,6 @@ go 1.25.1
 
 require (
 	github.com/charmbracelet/lipgloss v1.1.0
-	github.com/coinbase/x402/go v0.0.0-20260331075907-bff876de232a
 	github.com/cucumber/godog v0.15.1
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0
 	github.com/dustinkirkland/golang-petname v0.0.0-20240428194347-eebcea082ee0
@@ -15,13 +14,15 @@ require (
 	github.com/hf/nitrite v0.0.0-20241225144000-c2d5d3c4f303
 	github.com/hf/nsm v0.0.0-20220930140112-cd181bd646b9
 	github.com/mattn/go-isatty v0.0.20
+	github.com/modelcontextprotocol/go-sdk v1.3.0
 	github.com/prometheus/client_golang v1.19.1
 	github.com/prometheus/client_model v0.6.1
 	github.com/prometheus/common v0.55.0
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
 	github.com/shopspring/decimal v1.3.1
 	github.com/urfave/cli/v2 v2.27.5
 	github.com/urfave/cli/v3 v3.6.2
+	github.com/x402-foundation/x402/go v0.0.0-20260529172747-45d81d46e5bd
 	golang.org/x/crypto v0.46.0
 	golang.org/x/net v0.48.0
 	golang.org/x/sys v0.39.0
@@ -70,6 +71,7 @@ require (
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/go-configfs-tsm v0.2.2 // indirect
+	github.com/google/jsonschema-go v0.4.2 // indirect
 	github.com/google/logger v1.1.1 // indirect
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
@@ -102,6 +104,7 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+	github.com/yosida95/uritemplate/v3 v3.0.2 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect

go.sum

@@ -40,8 +40,6 @@ github.com/cockroachdb/redact v1.1.5 h1:u1PMllDkdFfPWaNGMyLD1+so+aq3uUItthCFqzwP
 github.com/cockroachdb/redact v1.1.5/go.mod h1:BVNblN9mBWFyMyqK1k3AAiSxhvhfK2oOZZ2lK+dpvRg=
 github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06 h1:zuQyyAKVxetITBuuhv3BI9cMrmStnpT18zmgmTxunpo=
 github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06/go.mod h1:7nc4anLGjupUW/PeY5qiNYsdNXj7zopG+eqsS7To5IQ=
-github.com/coinbase/x402/go v0.0.0-20260331075907-bff876de232a h1:L8ZxbOqBxB7LYXdypWYA7Qq0iQtFaS6PCwjnhij4Oks=
-github.com/coinbase/x402/go v0.0.0-20260331075907-bff876de232a/go.mod h1:8xt63HO8mECoUwoI8E9xOjPiOzgFUvUx+Svrok+Wkss=
 github.com/consensys/gnark-crypto v0.19.2 h1:qrEAIXq3T4egxqiliFFoNrepkIWVEeIYwt3UL0fvS80=
 github.com/consensys/gnark-crypto v0.19.2/go.mod h1:rT23F0XSZqE0mUA0+pRtnL56IbPxs6gp4CeRsBk4XS0=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -129,6 +127,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
 github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs=
 github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo=
@@ -144,6 +144,8 @@ github.com/google/go-tdx-guest v0.3.1/go.mod h1:/rc3d7rnPykOPuY8U9saMyEps0PZDThL
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/jsonschema-go v0.4.2 h1:tmrUohrwoLZZS/P3x7ex0WAVknEkBZM46iALbcqoRA8=
+github.com/google/jsonschema-go v0.4.2/go.mod h1:r5quNTdLOYEz95Ru18zA0ydNbBuYoo9tgaYcxEYhJVE=
 github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ=
 github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ=
 github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
@@ -226,6 +228,8 @@ github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxd
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/pointerstructure v1.2.0 h1:O+i9nHnXS3l/9Wu7r4NrEdwA2VFTicjUEN1uBnDo34A=
 github.com/mitchellh/pointerstructure v1.2.0/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4=
+github.com/modelcontextprotocol/go-sdk v1.3.0 h1:gMfZkv3DzQF5q/DcQePo5rahEY+sguyPfXDfNBcT0Zs=
+github.com/modelcontextprotocol/go-sdk v1.3.0/go.mod h1:AnQ//Qc6+4nIyyrB4cxBU7UW9VibK4iOZBeyP/rF1IE=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -320,12 +324,22 @@ github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w=
 github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ=
 github.com/urfave/cli/v3 v3.6.2 h1:lQuqiPrZ1cIz8hz+HcrG0TNZFxU70dPZ3Yl+pSrH9A8=
 github.com/urfave/cli/v3 v3.6.2/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
+github.com/x402-foundation/x402/go v0.0.0-20260529172747-45d81d46e5bd h1:Bb+VbLsDEQ7g69MZNfUkOva2qKuB5TCSgGXXOPTB0Qw=
+github.com/x402-foundation/x402/go v0.0.0-20260529172747-45d81d46e5bd/go.mod h1:58Cdk20g83eAI3QvxAiQJze7qWUgkjCj9uZlPb4M4HM=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
 github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
 github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/yosida95/uritemplate/v3 v3.0.2 h1:Ed3Oyj9yrmi9087+NczuL5BwkIc4wvTb5zIM+UJPGz4=
+github.com/yosida95/uritemplate/v3 v3.0.2/go.mod h1:ILOh0sOhIJR3+L/8afwt/kE++YT040gmv5BQTMR2HP4=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=

internal/inference/gateway.go

@@ -16,7 +16,7 @@ import (
 	"github.com/ObolNetwork/obol-stack/internal/enclave"
 	"github.com/ObolNetwork/obol-stack/internal/tee"
 	x402pkg "github.com/ObolNetwork/obol-stack/internal/x402"
-	x402types "github.com/coinbase/x402/go/types"
+	x402types "github.com/x402-foundation/x402/go/types"
 )
 
 // GatewayConfig holds configuration for the x402 inference gateway.

internal/inference/gateway_test.go

@@ -11,7 +11,7 @@ import (
 	"testing"
 
 	x402pkg "github.com/ObolNetwork/obol-stack/internal/x402"
-	x402types "github.com/coinbase/x402/go/types"
+	x402types "github.com/x402-foundation/x402/go/types"
 )
 
 // ── Mock facilitator ──────────────────────────────────────────────────────────

internal/serviceoffercontroller/openapi_components.go

@@ -7,7 +7,7 @@ package serviceoffercontroller
 // Two principles:
 //
 //  1. x402 components mirror the canonical Coinbase types/v2 wire format
-//     (github.com/coinbase/x402/go/types). Field names, optionality, and
+//     (github.com/x402-foundation/x402/go/types). Field names, optionality, and
 //     X402Version=2 must stay in sync with that upstream — internal/x402
 //     re-exports the same structs and lockstep is enforced by 402 smoke
 //     tests, not by a generator. Update both together when the spec moves.

internal/x402/agent_extras_test.go

@@ -4,7 +4,7 @@ import (
 	"reflect"
 	"testing"
 
-	x402types "github.com/coinbase/x402/go/types"
+	x402types "github.com/x402-foundation/x402/go/types"
 )
 
 func TestMergeAgentExtras_Noop_NonAgentRule(t *testing.T) {

internal/x402/buyer/config.go

@@ -15,7 +15,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	x402types "github.com/coinbase/x402/go/types"
+	x402types "github.com/x402-foundation/x402/go/types"
 )
 
 // Config is the top-level sidecar configuration, loaded from a JSON file

internal/x402/buyer/encoding.go

@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 
-	x402types "github.com/coinbase/x402/go/types"
+	x402types "github.com/x402-foundation/x402/go/types"
 )
 
 // EncodePayment converts a v2 PaymentPayload to a base64-encoded JSON string