feat(x402): introduce an openapi spec for services on offer#594
Closed
OisinKyne wants to merge 1 commit into
Closed
feat(x402): introduce an openapi spec for services on offer#594OisinKyne wants to merge 1 commit into
OisinKyne wants to merge 1 commit into
Conversation
OisinKyne
changed the title
Contributor
|
Superseded by the consolidated integration PR #598, which merges this branch together with the other PRs ≥ #593 into |
OisinKyne
added a commit
that referenced
this pull request
Jun 5, 2026
…ning) (#600) * Work on openapi spec for services * Improve 402 html page * Update storefronts * feat(buy-x402): add --set-default so the agent self-adopts paid/<model> as primary After a persistent inference buy publishes paid/<remote-model> in LiteLLM, the agent adopts it as its own primary chat model in-pod via native 'hermes config set model.default' (atomic write, per-request re-read, no restart, no host CLI, no new RBAC). Includes a LiteLLM /v1/models existence guard, an auto-refill safety warning, and a PyYAML fallback writer. Validated by a design+adversarial workflow and a live CLI smoke against a running obol-agent: buy --set-default flips config.yaml model.default to paid/AEON-7/... and the next agent chat settled via the x402-buyer pool (spent 0->1) with no restart; rollback verified. * Have agent stream responses to keep the tunnel alive * security(x402): SRI-pin the Scalar bundle on the public /api page The /api OpenAPI reference is served over the public tunnel and pulls the @scalar/api-reference bundle from jsdelivr. The integrity hash was left empty in phase 1, so the browser executed whatever the CDN returned, unverified. Populate scalarBundleSRI with the sha384 of the pinned 1.34.0 bundle so a tampered CDN response is blocked. Comment updated to stress the hash must be re-derived in lockstep with every scalarBundleVersion bump. * fix(buy-x402): run --set-default existence guard before auto-refill warning The 'paid/<model> not selectable in LiteLLM' guard ran *after* the no-auto-refill WARNING. A model that LiteLLM would refuse still printed a scary 'every chat turn fails when the pool empties' warning describing a primary-model failure mode that cannot occur when the default was never switched. Reorder so we refuse first and only warn when we are actually about to adopt the model. * security(x402): sanitize ServiceOffer-sourced tokens in 402 copy-paste commands spec.model.name and metadata.name flow from the ServiceOffer CR into copy-pasteable 'obol buy inference ...' commands rendered on the public 402 page. A hostile or fat-fingered offer could smuggle shell metacharacters into a command a reader might paste. Add sanitizeDisplayToken at the render boundary: CR-sourced tokens must match the model-id/k8s-name charset (^[A-Za-z0-9._:/-]+$) or collapse to the existing safe placeholder. Real ids like qwen3.5:9b and anthropic/claude-3-5-sonnet-latest pass through unchanged. * docs(claude): compress and correct CLAUDE.md; fold in #597 streaming/sell-agent facts Terse rewrite of project CLAUDE.md (42725 -> 41797 bytes) corrected against the live codebase. Preserves all invariants, the 14 pitfalls, and flag warnings; adds #597's stream:true / statusRecorder.Flush guidance and agent-backed-offer (port 8642) facts so the compressed doc loses nothing rc12 ships. --------- Co-authored-by: Oisín Kyne <oisin@obol.tech> Co-authored-by: bussyjd <jd@obol.tech> Co-authored-by: bussyjd <bussyjd@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Addresses #563, still needs linking from the front-end, but that can follow in a front end pr.
Intention is to ship this post 0.10 unless people feel strongly, needs more testing yet.