Lines 1-53javascript
2var Sn=Object.defineProperty;var f=(e,t)=>()=>(e&&(t=e(e=0)),t);var A=(e,t)=>{for(var n in t)Sn(e,n,{get:t[n],enumerable:!0})};import{homedir as An}from"os";import{join as Te}from"path";import{readFileSync as Pn}from"fs";import{fileURLToPath as Tn}from"url";import{dirname as _n}from"path";import{EVM_RPC_URLS as q,SOLANA_RPC_URLS as Rn}from"@dexterai/x402/utils";function at(e){return e?En[e]??6:6}function M(e){return e?kn:Cn}function On(){try{let e=_n(Tn(import.meta.url));return JSON.parse(Pn(Te(e,"..","package.json"),"utf-8")).version||"0.0.0"}catch{return"0.0.0"}}var k,E,Cn,kn,L,ot,st,En,_e,i ...
3`,{mode:384}),n}var te,Pr,ue=f(()=>{"use strict";P();te=Ar(k,"settings.json"),Pr=5});import{existsSync as Tr,mkdirSync as _r,readFileSync as Rr,appendFileSync as Cr}from"fs";import{join as kr}from"path";function z(e,t){if(!(!Number.isFinite(e)||e<=0))try{_r(k,{recursive:!0,mode:448});let n={ts:Date.now(),usdc:e,url:t};Cr(Ie,JSON.stringify(n)+`
4`,{mode:384})}catch{}}function K(e=Date.now()){if(!Tr(Ie))return 0;let t=0;try{let n=Rr(Ie,"utf-8").split(`
5`);for(let r of n)if(r.trim())try{let o=JSON.parse(r);typeof o.ts=="number"&&typeof o.usdc=="number"&&o.usdc>0&&e-o.ts<=Er&&(t+=o.usdc)}catch{}}catch{return 0}return t}var Ie,Er,pe=f(()=>{"use strict";P();Ie=kr(k,"spend-ledger.jsonl"),Er=1440*60*1e3});import{chmodSync as Or,existsSync as Ur,mkdirSync as Dr,readFileSync as Ir,renameSync as Nr,writeFileSync as $r}from"fs";import{join as Lr}from"path";function Tt(e){return Lr(e??k,Mr)}function W(e){let t=Tt(e);if(!Ur(t))return[];try{let n=JSON.parse(Ir(t,"utf-8"));return Array.isArray(n.tabs)?n.tabs:[]}catch{return[]}}function Ne(e,t){Dr(t??k,{re ...
6`,{mode:384}),Or(s,384),Nr(s,o)}function _t(e,t){let n=W(t).filter(r=>r.counterparty!==e.counterparty);n.push(e),Ne(n,t)}function me(e,t){return W(t).find(n=>n.counterparty===
7`)[0].slice(0,120):String(v);n(`(RPC hiccup while polling \u2014 still waiting: ${G})`)}await new Promise(G=>setTimeout(G,s));continue}if(w&&w.live){U(c,{status:"active",vaultPda:w.vaultPda,params:w.params,sessionPda:w.sessionPda,activatedAt:new Date().toISOString()},r),n(""),n("\u2500\u2500 Tab open \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"),n(`Limi ...
8</head>`),t}catch{return null}}function _o(e){return`<!DOCTYPE html>
9<html lang="en"><head><meta charset="UTF-8"><title>${e}</title>
11 body { font-family: system-ui, sans-serif; padding: 16px; margin: 0;
12 background: #1a1a2e; color: #e0e0e0; }
13 pre { white-space: pre-wrap; word-break: break-word; font-size: 13px;
14 background: #16213e; padding: 12px; border-radius: 8px; overflow: auto; }
15 h3 { margin: 0 0 8px; color: #a78bfa; font-size: 14px; }
18<pre id="output">Waiting for tool output\u2026</pre>
20 window.__isMcpApp = true;
21 window.addEventListener('message', function(e) {
23 if (!d || d.jsonrpc !== '2.0') return;
24 if (d.method === 'ui/notifications/tool-result') {
25 var sc = d.params && d.params.structuredContent;
26 var text = d.params && d.params.content;
27 var data = sc || (text && text[0] && text[0].text);
28 try { data = typeof data === 'string' ? JSON.parse(data) : data; } catch(ex) {}
29 document.getElementById('output').textContent = JSON.stringify(data, null, 2);
32 window.parent.postMessage({ jsonrpc: '2.0', id: 1, method: 'ui/initialize',
33 params: { protocolVersion: '2025-03-26', capabilities: {} } }, '*');
34</script></body></html>`}function Ft(e){for(let t of Po){let n=To(t.file)??_o(t.name);ho(e,t.name,t.uri,{description:t.description},async()=>({contents:[{uri:t.uri,mimeType:yo,text:n,_meta:{ui:{csp:{resourceDomains:["https://dexter.cash","https://cdn.dexscreener.com","https://raw.githubusercontent.com","https://metadata.jup.ag"],connectDomains:["https://x402.dexter.cash","https://dexter.cash","https://agents.moonpay.com"]}}}}]}))}}var wo,So,Ao,Po,Kt=f(()=>{"use strict";qe();wo=bo(xo(import.meta.url)),So=Bt(wo,"..","widgets"),Ao="https://dexter.cash/mcp/app-assets",Po=[{id:T.search.replace("ui: ...
35`)}function qt(e,t){let n=Gt(e,t);if(n.manual)return{ok:!1,message:[`${C[e].name} uses a TOML config that the installer does not edit automatically.`,`Add this block to ${n.configPath}:`,"",qo(n.entry)].join(`
LowWeak Crypto
Package source references weak cryptographic algorithms.
dist/index.jsView on unpkg · L1 36`)};Ye(Ze(n.configPath),{recursive:!0});let r={};if(X(n.configPath)){let s=Lo(n.configPath,"utf-8");try{r=JSON.parse(s)}catch{console.error(`Warning: ${n.configPath} contains invalid JSON. Backing up and creating fresh.`),Xe(n.configPath,n.configPath+".bak"),r={}}Object.keys
37`),{ok:!0,message:`Installed into ${C[e].name} (${n.configPath})`}}function Jo(){let e=Ko(import.meta.url),t=Ze(e);for(let n=0;n<6;n++){if(X(I(t,
38`),{ok:!0,message:`Full plugin installed into Cursor (${X(I(n,"skills"))?Bo(I(n,"skills"),{withFileTypes:!0}).filter(i=>i.isDirectory()).length:0} skills, rules, agent, commands) at ${n}`}}async function Jt(e,t){let{execFile:n}=await import("child_process");return new Promise(r=>{n(e,t,{timeout:3e4},(o,s,a)=>{r(o?{ok:!1,output:(a||s||o.message).trim()}:{ok:!0,output:(s||"").trim()})})})}async function zo(){if(!(await Jt("claude",["plugins","marketplace","add",He])).ok)return{ok:!1,message:["Could not run the Claude Code CLI automatically.","","Run these commands manually to install the OpenDex ...
39`)};let t=await Jt("claude",["plugins","install",ze]);return t.ok?{ok:!0,message:`Plugin installed via Claude Code CLI (marketplace: ${He})`}:{ok:!1,message:[`Marketplace added, but plugin install failed: ${t.output}`,"","Try running manually:",` claude plugins install ${ze}`].join(`
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
40`)}}async function Yo(){let e=Object.keys(C),t=await jo({message:"Choose a client to install OpenDexter into",options:e.map(n=>({value:n,label:C[n].name,hint:C[n].description}))});if(typeof t!="string"||!C[t])throw new Error("No client selected.");return
41`),"Funding"),tt(["1. Run `opendexter wallet` to confirm your addresses and balances.","2. Run `opendexter search <what-you-need>` to browse the marketplace.","3. Run `opendexter check <url>` on any result before your first paid call.","4. Run `opendexter fetch <url>` once your wallet is funded."].join(`
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L33 42`),"First-use path");let s="";o>0?s="Treasury funded. Start with a real marketplace search for the task you actually want to complete.":s="Fund a rail, then start with `opendexter search <what-you-need>`.",Zo(s)}var Xt=f(()=>{"use strict";N();et();Je();P()});var Zt={};A(Zt,{cliAccess:()=>rs});import{accessWithWalletProof as ns}from"@dexterai/x402-mcp-tools";async function rs(e,t){try{let n=await S({quiet:!0}),r=n?H(n):null,o=await ns({url:e,method:t.method,body:t.body,preferredNetwork:t.network},r);console.log(JSON.stringify(o,null,2))}catch(n){console.log(JSON.stringify({error:n.message||Stri ...
43Audition \u2014 ${o.origin??e}`),console.log(` ${s.registered??0}/${s.total??0} paid routes tested`+(s.avgScore!=null?` \xB7 average score ${s.avgScore}/100`:""));for(let a of o.routes??[]){if(a.auditOutcome==="incomplete"||a.score==null){console.
44 [skipped] ${a.url}`),console.log(` Audition did not complete \u2014 ${a.incompleteReason??"no score produced"}.`),console.log(" This is an OpenDexter-side issue, not your API. Retry shortly.");continue}if(console.log(`
45 [${a.score}] ${a.url}`),typeof a.previousScore=="number"&&typeof a.delta=="number"){let i=a.delta>0?`+${a.delta}`:`${a.delta}`,c=a.delta>0?"\u25B2":a.delta<0?"\u25BC":"\u25A0";console.log(` ${c} ${a.previousScore} \u2192 ${a.score} (${i} since last audition)`)}a.verdict&&console.log(` ${a.verdict}`),a.fixInstructions&&console.log(` fix: ${a.fixInstructions}`),a.synthesizedSkill&&console.log(" \u2713 agent-callable Skill synthesized"),a.shareUrl&&console.log(` share: ${a.shareUrl}`)}console.log("")}catch(r){let o={error:"audition_failed",message:r?.message??String(r)} ...
46 Creating your Dexter wallet...
48`),n=!0,e=0),e>0&&o.write(`\x1B[${e}A`);let s=[],a=on("Solana (dex...)",r.solana);a&&s.push(a);let i=on("EVM (0x402DD...)",r.evm);i&&s.push(i);for(let c of s)o.write(`\x1B[2K${c}
49`);e=s.length,r.solana.found&&r.evm.found&&(o.write(`
50`),o.write(` Deposit USDC to either address to start.
52`))}}var an=f(()=>{"use strict"});import{Worker as ds}from"worker_threads";import{cpus as us}from"os";import{fileURLToPath as ps}from"url";import{dirname as ms,join as fs}from"path";function cn(e){let t=e.prefix.replace(/^0x/i,""
53`),"Email + captcha");let a=await h.text({message:"One-time code from email",validate:d=>d&&/^\d{4,8}$/.test(d.trim())?void 0:"Expected 4-8 digit code"});if(typeof a!="string")return;let i=h.spinner();i.start("Exchanging code for session\u2026");try{let d=await Ns({email:r.trim(),code:a.trim()});t.saveSession(d),i.stop("Session saved.")}catch(d){i.stop("Verification failed."),h.cancel(d?.message||String(d)),process.exitCode=1;return}let c=h.spinner();c.start("Confirming session\u2026");let u=await t.getOperations();if(!u){c.stop("Session resume failed (refresh token may already be invalid)."), ...
Long lines were clipped for display.