Skip to content

Registration overhaul: SIWX Free endpoints, display filtering, schema detection, robustness #918

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
onchainlu merged 32 commits into from
May 22, 2026
Merged

Registration overhaul: SIWX Free endpoints, display filtering, schema detection, robustness #918

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
0c680ef
Fall back to bazaar schema in validateResource input schema check
onchainlu May 21, 2026
12f3529
Pass discovery method to probe, fix bazaar schema fallback
onchainlu May 21, 2026
fd16cbf
Restore button count to show only passing resources after batch test
onchainlu May 21, 2026
f03de99
Only probe paid endpoints in batch test, skip non-x402 endpoints
onchainlu May 21, 2026
30b3c99
Show X for non-probed endpoints, sort them to bottom
onchainlu May 21, 2026
122944d
Fix origin race condition in concurrent resource upserts
onchainlu May 21, 2026
e3996b7
Return non-paid endpoints as failed with reason instead of silently d…
onchainlu May 21, 2026
7c5132c
Grey strikethrough for non-paid endpoints, sort to bottom
onchainlu May 21, 2026
992eba1
Add 5 endpoint statuses: failed, warning, verified, SIWX, skipped
onchainlu May 21, 2026
5bacf5b
Probe endpoints sequentially to avoid rate limiting merchants
onchainlu May 21, 2026
eebb2eb
Robustness fixes: sort order, bazaar safety, origin race, nonPaid logic
onchainlu May 21, 2026
bd24c95
Exclude non-paid endpoints from errors dropdown, handle client-side only
onchainlu May 21, 2026
75123fd
SIWX as Free endpoints: filter display, register to DB, progress trac…
onchainlu May 21, 2026
d5e8d14
Sort pre-registration resource table by status: invalid → free → new …
onchainlu May 21, 2026
5605493
Remove Advanced dropdown, fix discovery filter to exclude unclassifie…
onchainlu May 21, 2026
e9d3974
Fix discovery filter: keep unclassified endpoints, probe them too
onchainlu May 21, 2026
67ae4e8
Filter misleading schema warnings when OpenAPI already provides schemas
onchainlu May 21, 2026
96f3e12
Robustness: non-blocking metadata scrape, deduplicate output schema w…
onchainlu May 21, 2026
6dff1f6
Batch size 1 for true per-endpoint progress tracking
onchainlu May 21, 2026
39067af
Consolidate fix prompts into one, update error messages
onchainlu May 21, 2026
7b8ebaf
Deduplicate warnings by code + message
onchainlu May 21, 2026
d0aa4c1
Fix P2002 race in registerSiwxResource for duplicate URL methods
onchainlu May 21, 2026
704f3d9
Probe paid endpoints first to avoid rate limiting on unclassified
onchainlu May 21, 2026
b38cdb2
Document security: [] for free endpoints, surface in registration errors
onchainlu May 21, 2026
54a9494
Fix P2002 null fallback, handle empty prompt edge case
onchainlu May 21, 2026
4c0986f
Add pre-registration warnings dropdown with details
onchainlu May 21, 2026
6bf619a
Retry probes on 429/503 with exponential backoff
onchainlu May 21, 2026
ba1266f
Pass pre-tested advisories to registration, skip re-probing
onchainlu May 21, 2026
b1a7c91
Make origin metadata upsert non-blocking in registerResource
onchainlu May 22, 2026
503d342
Security: server-side probe cache, eliminate client-trusted advisory …
onchainlu May 22, 2026
6b93a33
Fallback probe for oversized response headers (HEADERS_OVERFLOW warning)
onchainlu May 22, 2026
3f2877a
Clean up code smells: unsafe casts, duplicated SIWX block, cache vali…
onchainlu May 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions apps/scan/src/app/(app)/(home)/integration-spec/_content/markdown.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,11 +105,39 @@ SIWX routes are identity-gated, requiring a wallet proof but no payment. Agents

The scheme **must** be named \`siwx\`. Discovery resolves it by name. Routes with both \`x-payment-info\` and \`siwx\` security are classified as paid, not SIWX.

## Free (Unprotected) Endpoints

If your OpenAPI spec includes endpoints that are neither x402-paid nor SIWX (e.g. health checks, public read endpoints, webhooks), mark them with an empty \`security\` array:

\`\`\`json
{
"/v1/health": {
"get": {
"operationId": "health_check",
"security": [],
"summary": "Health check"
}
}
}
\`\`\`

\`"security": []\` is the standard OpenAPI way to declare "no authentication required." Without it, the scanner can't distinguish free endpoints from paid ones that are misconfigured, and will probe them unnecessarily — producing errors and slowing registration.

**Summary of endpoint classification:**

| Type | OpenAPI Declaration | Scanner Behavior |
|---|---|---|
| Paid (x402) | \`x-payment-info\` + \`responses.402\` | Probed and registered |
| Identity-gated (SIWX) | \`security: [{ "siwx": [] }]\` | Registered as Free (no probe) |
| Free / public | \`security: []\` | Skipped entirely |
| Unclassified (no declaration) | Nothing | Probed (may fail if not x402) |

## Common Failure Reasons

| Error | Likely Cause | Fix |
|---|---|---|
| Not Found | OpenAPI not found at \`{origin}/openapi.json\` | Add an OpenAPI document at \`{origin}/openapi.json\` |
| Input/Output Schema Missing | Operation has no input or output schema | Add an input and output schema to the operation |
| No Payment Modes Detected | No payment modes detected in the response | Add a valid payment mode to the response (x402) |
| No valid x402 response / No 402 challenge | Endpoint is free but not marked as such | Add \`"security": []\` to the operation in your OpenAPI spec |
`;
Loading
Loading