io.github.mercuryx402/mercury-x402-mcp
Official18 toolsby mercuryx402 · JavaScript
Agent-payable web data over x402: 18 keyless services an agent pays per call.
Access 18 keyless web data services with per-call agent payment model.
Topics
Captured live from the server via tools/list.
fetch
VERIFIABLE keyless web-read for autonomous agents. Every result ships a cryptographically SIGNED provenance receipt (EIP-191 over sha256(text)+url+status+time) — the wedge a free scraper structurally CANNOT match: Jina r.jina.ai is free+keyless too, but its bytes are HEARSAY (no proof of what/where/when). MERCURY's `attestation` is ecrecoverable OFFLINE, forever, by you OR any downstream agent you forward the bytes to — proving the content is genuine + untampered (key pinned at /.well-known/mercury-attestation). For RAG, trading and agent-to-agent commerce that need provenance, that is the gap between data and evidence. Beyond that it's the keyless web-read primitive — NO API key, NO signup, NO account, NO monthly plan, the one fetch SKU a fresh agent can onboard to by itself instead of stopping to ask a human for a key. Give a ?url= and get back clean readable page text + title + status. Agent-native extras (opt-in): ?format=markdown for structure-preserving markdown, ?links=1 for an outbound-link graph (crawl frontier), and the headline wedge — STRUCTURED EXTRACT: ?extract=title,price,author,publishedAt returns a clean JSON record { title, price, author, publishedAt }, an LLM-ready row not a wall of text. That is Firecrawl's paid 'JSON mode' (they need an LLM call + an API key for it) done here DETERMINISTICALLY from the page's own JSON-LD/OpenGraph/meta/microdata — keyless, no LLM, $0.003. (?extract=1 still returns the legacy description + wordCount.) The extracted record is folded into the SIGNED attestation too, so a buyer can prove the FIELDS — not just the raw bytes — are exactly what MERCURY resolved. You pay in-band over HTTP 402 (x402, USDC on Base mainnet) — the wedge those tools can't match: they ALL gate behind a human-created API key + a credit-card plan, so an agent can't onboard itself. This one an agent finds in the x402 Bazaar and pays with zero human in the loop. Honest charge-per-ATTEMPT: every call returns a structured result (success OR an ok:false failure with a reason) — never a silent charge-then-500. Follows redirects, SSRF-guarded, 5s timeout, 10MB cap. Pure data, no mint — delivers in prod. — $0.003/call
Parameters (4)
- urlstringrequired
the page to fetch (http/https)
- formatstring
text (default) or structure-preserving markdown
- linksstring
1 = also return the outbound-link graph (crawl frontier)
- extractstring
1 = page description + wordCount; OR a comma-list of field names (e.g. title,price,author,publishedAt) to get a structured JSON record under `extract`
extract
TYPED structured extract for autonomous agents — URL + schema → a clean, type-safe JSON record. Where /buy/fetch returns page TEXT (and ?extract= returns string-only fields), THIS returns the schema-conformant object an LLM/RAG/trading pipeline actually consumes: pass ?url=…&schema=title,price:number,rating:number,inStock:boolean and get back { title:"…", price:19.99, rating:4.5, inStock:true } — numbers as numbers, booleans as booleans, absent fields null (honest). `schema` accepts the URL-friendly compact form (field[:type], type in string|number|integer|boolean) OR a Firecrawl/OpenAI-style JSON-Schema object ({"properties":{"price":{"type":"number"}}}). That is Firecrawl's paid 'JSON mode' headline guarantee — type-safety, 'numbers as numbers not strings' — done DETERMINISTICALLY from the page's own JSON-LD/OpenGraph/meta/microdata: keyless, NO LLM call, NO API key, NO signup, $0.004/call, paid in-band over HTTP 402 (x402, USDC on Base mainnet). The typed record is folded into the SIGNED provenance attestation too (EIP-191, ecrecoverable OFFLINE), so a buyer can prove the EXTRACTED FIELDS — not just raw bytes — are exactly what MERCURY resolved. Honest charge-per-ATTEMPT: every call returns a structured result (success OR an ok:false reason). Same SSRF guard, 5s timeout, 10MB cap, no mint. — $0.004/call
Parameters (3)
- urlstringrequired
the page to extract from (http/https)
- schemastringrequired
fields to extract. COMPACT: comma list of field[:type] (type in string|number|integer|boolean, default string), e.g. title,price:number,rating:number,inStock:boolean. OR a JSON-Schema string ({"properties":{"price":{"type":"number"}}}). Resolved from JSON-LD/OpenGraph/meta/microdata.
- formatstring
optional: text (default) or markdown for the page-text field
markdown
URL → clean, LLM-ready markdown (boilerplate/nav/ads stripped, headings + lists + links preserved) with a signed provenance receipt pinning the markdown to its source — the RAG-ingest primitive. Deterministic (no LLM): same URL + same source bytes ⇒ byte-identical markdown. — $0.005/call
Parameters (1)
- urlstringrequired
the page to convert to markdown (http/https)
metadata
URL → one typed, SIGNED metadata record (JSON-LD + OpenGraph + Twitter-card + standard <meta> + canonical + title), by source. Deterministic, keyless, no LLM — the social-card/SEO/schema.org record an agent can PROVE. — $0.006/call
Parameters (1)
- urlstringrequired
the page to read metadata from (http/https)
links
URL → a SIGNED outbound/internal link graph: every <a href> as an absolute URL + anchor text, classified internal vs external against the page origin, grouped by origin with a third-party-origin histogram (privacy-audit) and same/cross-origin counts (SEO). Deterministic — same page bytes ⇒ byte-identical graph; no LLM. Covers <a> hyperlinks only (not rel/asset tags). Receipt = EIP-191 over the graph. — $0.005/call
Parameters (1)
- urlstringrequired
the page to map (http/https)
robots
Domain → signed, timestamped per-AI-crawler allow/block audit from robots.txt + llms.txt + ai.txt (GPTBot, ClaudeBot, PerplexityBot, Google-Extended, Bytespider, …). Deterministic, no LLM. EU-AI-Act / TDM opt-out evidence: the signed verdict proves the crawler policy as it stood at fetch time. — $0.005/call
Parameters (2)
- domainstringrequired
domain or URL to audit (e.g. example.com or https://example.com/page); only the origin is used
- pathstring
optional path to evaluate the verdict for (default '/', the whole-site question)
diff
URL + prior content-hash (or prior text) -> refetch, deterministic change-proof: changed? + a NEW signed receipt binding fromHash->toHash. Stateless; receipts chain into a tamper-evident audit trail of a page's evolution. Keyless x402, Base mainnet USDC. — $0.006/call
Parameters (4)
- urlstringrequired
the page to re-fetch + diff (http/https)
- prevHashstring
prior content hash (0x + 64 hex sha256) from an earlier MERCURY fetch/diff receipt. Gives a hash-only change-proof (changed? true/false). Use this OR prevText.
- prevTextstring
prior page text to diff against. Gives a full deterministic line-level diff (added/removed counts + unified-style hunk) on top of the change-proof. Use this OR prevHash.
- formatstring
compare cleaned text (default) or structure-preserving markdown
notarize
Notarize any content (inline ?content= or a fetched ?url=) into a signed, offline-verifiable provenance receipt — sha256 contentHash + witnessed timestamp, attested by Mercury's pinned key. Deterministic, keyless, no LLM. The signed receipt is the product: it witnesses that these exact bytes existed in this exact form at this time (the one thing your own sha256() can't — a third-party witness). — $0.008/call
Parameters (2)
- urlstring
a page (http/https) to fetch + notarize its cleaned text. Provide EITHER url OR content, not both.
- contentstring
inline content (UTF-8, ≤256KB) to notarize directly — bytes you already hold. Provide EITHER url OR content, not both.
headers
URL → a deterministic HTTP security-headers audit (HSTS, CSP, X-Frame, X-Content-Type, Referrer-Policy, Permissions-Policy + more) with a letter grade and concrete findings, wrapped in a signed, offline-verifiable provenance receipt. Keyless, no LLM, no signup. — $0.005/call
Parameters (1)
- urlstringrequired
the page/endpoint to audit (http/https)
table
URL in → the page's main HTML <table>(s) parsed into typed, header-keyed rows (JSON) + clean RFC-4180 CSV, with a signed provenance receipt over the exact extracted grid. Deterministic, keyless, no LLM — x402, USDC on Base mainnet. — $0.006/call
Parameters (3)
- urlstringrequired
the page to extract tables from (http/https)
- tablestring
optional: 0-based index of a SINGLE table to return (document order). Omit to return ALL tables found (up to the cap).
- formatstring
optional: which serialisations to include in `data` (default: both).
feed
RSS/Atom feed URL → a SIGNED, normalized item list [{title,link,published,summary}] unified across RSS 2.0/RDF + Atom 1.0: CDATA unwrapped, HTML stripped, entities decoded, dates → ISO-8601 (publishedRaw kept verbatim, never fabricated). Deterministic — same feed bytes ⇒ byte-identical items; no LLM. Core 4 fields only (not full-content/media/author). Receipt = EIP-191 over the canonical item list. — $0.005/call
Parameters (1)
- urlstringrequired
the RSS/Atom feed to normalize (http/https)
availability
URL → a signed uptime/status probe: up/down, HTTP status + class, reachability reason, final URL after redirects, and a measured responseMs — wrapped in an offline-verifiable provenance receipt that makes "it was up/down at T" provable SLA evidence. Deterministic verdict (responseMs is telemetry, not signed). Keyless, no LLM, no signup. — $0.005/call
Parameters (1)
- urlstringrequired
the endpoint/page to probe for availability (http/https)
validate
URL (a JSON/API endpoint) + a JSON Schema in → a deterministic pass/fail with per-field errors (missing/wrong-type/enum/range/pattern), plus a signed provenance receipt binding the verdict to the exact response bytes AND the exact schema. Deterministic, keyless, no LLM — x402, USDC on Base mainnet. — $0.005/call
Parameters (3)
- urlstringrequired
the JSON/API endpoint to fetch + validate (http/https)
- schemastringrequired
the JSON Schema to validate against. THREE accepted forms: (1) COMPACT URL-native comma list of field[:type] (type in string|number|integer|boolean|array|object|null; default string), e.g. id:integer,name,price:number,inStock:boolean — every field becomes a REQUIRED typed property; (2) a JSON-Schema string (Draft-07 core subset: type/required/properties/items/enum/const/min*/max*/pattern/format/additionalProperties/nullable/anyOf/oneOf/allOf/not); (3) a shorthand-map string {"id":"integer","name":"string"}.
- pointerstring
optional JSON-Pointer (e.g. /data or /result/0) to validate a SUB-DOCUMENT of the response instead of the whole body (for APIs that wrap the payload).
batch
List of URLs (≤20) → clean content for each + ONE signed receipt committing to a MERKLE ROOT over every page's contentHash. Tamper-evident multi-page snapshot with per-page membership proofs (selective disclosure). Deterministic (no LLM): same URL set + same source bytes ⇒ byte-identical root + proofs. SSRF-guarded per url; keyless x402, USDC on Base mainnet. — $0.02/call
Parameters (2)
- urlsstringrequired
comma- OR newline-separated list of pages to snapshot (http/https), ≤20 (deduped, capped). Each is fetched through the shared SSRF-guarded engine and becomes one Merkle leaf.
- formatstring
clean text (default) or structure-preserving markdown for every page
sitemap
Domain/URL → a SIGNED snapshot of the site's PUBLISHED sitemap: discovers the sitemap via robots.txt Sitemap: lines then /sitemap.xml fallback, parses <urlset> + <sitemapindex> (follows up to 5 child sitemaps), returns a deduped, bounded (≤2000) URL inventory with lastmod/changefreq/priority. The receipt signs the DECLARED URL list (deterministic — same sitemap bytes ⇒ byte-identical list). Optional ?fetch=N (≤10) adds a HARD-BOUNDED same-domain liveness probe (title+status+bytes per URL) — that probe is the ONLY non-deterministic part and is NOT covered by the signature. SSRF-guarded; the crawl is bounded at every axis. — $0.01/call
Parameters (3)
- urlstringrequired
a domain (example.com) or any URL on the site — only its origin is used
- fetchstring
optional N (0–10): also shallow-fetch the first N same-domain sitemap URLs and report each one's live title + HTTP status + byte size (liveness sample). NOT covered by the signed receipt (it can change between calls). Default 0 = off.
- limitstring
optional cap on URLs returned (1–2000); default returns all up to 2000
dns
Domain → a SIGNED, timestamped DNS snapshot (A, AAAA, MX, NS, TXT, CNAME, SOA), normalised + sorted into a byte-stable record set with an offline-verifiable provenance receipt — proving exactly what the zone resolved to at that moment. Keyless, no LLM, no signup. (Normalisation is deterministic; DNS itself is mutable across time/TTL/geo — which is the very reason the snapshot is timestamped + signed.) — $0.006/call
Parameters (2)
- domainstring
the domain to resolve (e.g. example.com). A full URL is also accepted; its hostname is used.
- urlstring
alternative to ?domain= — any http/https URL; the registrable hostname is resolved.
readability
URL → a clean ARTICLE record { title, byline, publishedAt, article text } with boilerplate (nav/header/footer/sidebar/ads/share-bars/comment-forms) stripped via deterministic DOM density heuristics, plus a signed provenance receipt pinning the cleaned article to its source — the clean-citation primitive distinct from raw markdown. Deterministic (no LLM): same URL + same source bytes ⇒ byte-identical output. — $0.005/call
Parameters (1)
- urlstringrequired
the article page to extract (http/https)
redirect
URL → a SIGNED redirect/canonical resolution: the full hop chain [{url,status}] from the link you have to where it ACTUALLY lands, the final resolved URL + status, the page's <link rel=canonical>, hop count, cross-origin flag and distinct origins traversed (affiliate-cloak / link-safety signal). Deterministic — same redirects ⇒ byte-identical resolution; no LLM. Follows HTTP 3xx only (no JS/meta-refresh execution — meta-refresh target surfaced un-followed). Receipt = EIP-191 over the resolved chain. — $0.005/call
Parameters (1)
- urlstringrequired
the link/URL to resolve (http/https) — e.g. a shortlink or affiliate URL
README not available yet.
Install
claude_desktop_config.json
{
"mcpServers": {
"mercury-x402-mcp": {
"command": "npx",
"args": [
"-y",
"mercury-x402-mcp@1.0.1"
]
}
}
}