Metadata-Version: 2.4
Name: revettr
Version: 0.2.3
Summary: Counterparty risk scoring for agentic commerce
Author: L Squared Digital Holdings
License-Expression: MIT
Project-URL: Homepage, https://revettr.com
Project-URL: Repository, https://github.com/AlexanderLawson17/revettr-python
Project-URL: Documentation, https://revettr.com/docs
Keywords: x402,risk-scoring,agentic-commerce,counterparty-risk,base
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: httpx>=0.28.0
Provides-Extra: mcp
Requires-Dist: fastmcp>=3.0.0; extra == "mcp"
Provides-Extra: x402
Requires-Dist: x402[evm,httpx]>=2.5.0; extra == "x402"
Provides-Extra: all
Requires-Dist: fastmcp>=3.0.0; extra == "all"
Requires-Dist: x402[evm,httpx]>=2.5.0; extra == "all"
Dynamic: license-file

<!-- mcp-name: io.github.AlexanderLawson17/revettr-mcp -->
# Revettr

[![Glama MCP server](https://glama.ai/mcp/servers/AlexanderLawson17/revettr-python/badges/card.svg)](https://glama.ai/mcp/servers/AlexanderLawson17/revettr-python)

Counterparty risk scoring for agentic commerce. One API call answers: **"Should this agent send money to this counterparty?"**

Revettr scores counterparties by analyzing domain intelligence, IP reputation, on-chain wallet history, and sanctions lists. It's designed for AI agents transacting via [x402](https://x402.org) on Base.

## Install

```bash
pip install revettr
```

## Quick Start

```python
from revettr import Revettr

client = Revettr()

# Score a counterparty — send whatever data you have
score = client.score(
    domain="uniswap.org",
    ip="104.18.28.72",
    wallet_address="0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
)

print(f"Score: {score.score}/100 ({score.tier})")
print(f"Confidence: {score.confidence}")
print(f"Flags: {score.flags}")

if score.tier == "critical":
    print("DO NOT TRANSACT")
```

## What Gets Scored

Send any combination of inputs. More data = higher confidence.

| Input | Signal Group | What It Checks |
|-------|-------------|----------------|
| `domain` | Domain Intelligence | WHOIS age, DNS config (MX, SPF, DMARC), SSL certificate |
| `ip` | IP Intelligence | Geolocation, VPN/proxy/Tor detection, datacenter vs residential |
| `wallet_address` | Wallet Analysis | Transaction count, wallet age, counterparty diversity, on-chain behavior |
| `company_name` | Sanctions Screening | OFAC SDN, EU consolidated, UN consolidated sanctions lists |

## Response

```json
{
  "score": 90,
  "tier": "low",
  "confidence": 0.75,
  "signals_checked": 3,
  "flags": [],
  "signal_scores": {
    "domain": {
      "score": 80,
      "flags": [],
      "available": true,
      "details": {
        "domain_age_days": 2673,
        "dns": {"has_mx": true, "has_spf": true, "has_dmarc": true}
      }
    },
    "ip": {
      "score": 100,
      "flags": [],
      "available": true,
      "details": {
        "country": "US",
        "asn_org": "Cloudflare, Inc.",
        "is_private": false
      }
    },
    "wallet": {
      "score": 100,
      "flags": [],
      "available": true,
      "details": {
        "blockchain": {"tx_count": 100, "unique_counterparties": 29},
        "onchain": {"nonce": 16, "eth_balance": 0.072}
      }
    }
  },
  "metadata": {
    "inputs_provided": ["domain", "ip", "wallet_address"],
    "latency_ms": 1185,
    "version": "0.1.0"
  }
}
```

## Score Tiers

| Score | Tier | Meaning |
|-------|------|---------|
| 80-100 | `low` | Counterparty appears legitimate |
| 60-79 | `medium` | Some signals warrant caution |
| 30-59 | `high` | Multiple risk indicators present |
| 0-29 | `critical` | Strong risk signals — do not transact |

A score of **0** means a hard match (e.g., exact sanctions hit). This overrides all other signals.

## Risk Flags

Flags tell you exactly what triggered a score reduction. They are grouped by signal category:

| Category | Examples | What It Covers |
|----------|----------|----------------|
| Domain | `domain_age_under_*`, `no_mx_records`, `ssl_*` | Domain age, DNS hygiene, SSL validity |
| IP | `tor_exit_node`, `known_vpn`, `high_risk_country_*` | Anonymization, geolocation risk |
| Wallet | `wallet_never_transacted`, `wallet_age_under_*` | On-chain history, activity patterns |
| Sanctions | `sanctions_exact_match`, `sanctions_high_confidence_match` | OFAC/EU/UN sanctions screening |

The full set of flags and their descriptions are returned in the API response. Flag names are stable and machine-readable.

## Usage Examples

### Wallet only (minimal)

```python
score = client.score(wallet_address="0xabc...")
```

### Domain + IP (web service check)

```python
score = client.score(domain="some-api.xyz", ip="185.220.101.42")
```

### Full check

```python
score = client.score(
    domain="merchant.com",
    ip="104.18.28.72",
    wallet_address="0xabc...",
    company_name="Merchant LLC",
)
```

### With x402 auto-payment

The client handles x402 payment automatically. You need a funded wallet:

```python
from revettr import Revettr

client = Revettr(
    wallet_private_key="0xYOUR_PRIVATE_KEY",  # Wallet that pays for the API call
)

# Client automatically handles the 402 → payment → retry flow
score = client.score(wallet_address="0xabc...")
```

> **Security**: Never hardcode private keys. Use environment variables or a secrets manager in production.

### With Virtuals Protocol (ACP)

Score seller agents before creating jobs on the [Agent Commerce Protocol](https://app.virtuals.io/acp):

```python
from revettr import Revettr

client = Revettr()
result = client.score(wallet_address=seller_wallet)
if result.score >= 60:
    # Safe to create ACP job
    job_id = chosen_offering.initiate_job(
        service_requirement={"task": "Analyze Q1 sales data"},
        evaluator_address=evaluator_address,
    )
```

See [examples/virtuals_acp_safe_buyer.py](examples/virtuals_acp_safe_buyer.py) for the full buyer agent flow.

## Safe Agent Payments

Drop-in replacement for x402 payments that automatically checks counterparty risk before sending money. If the counterparty scores below your threshold, the payment is blocked.

```python
from revettr import SafeX402Client, PaymentBlocked

async with SafeX402Client(
    wallet_private_key="0x...",
    min_score=60,    # Block "high" and "critical" risk
    on_fail="block", # Raise PaymentBlocked (default)
) as http:
    try:
        # Automatically scores the counterparty before paying
        response = await http.post("https://some-api.com/endpoint", json=data)
    except PaymentBlocked as e:
        print(f"Blocked: {e.url} scored {e.score}/100")
```

| `on_fail` | Behavior |
|-----------|----------|
| `"block"` (default) | Raise `PaymentBlocked` exception |
| `"warn"` | Log warning, proceed with payment |
| `"log"` | Silently log, proceed with payment |

## Pricing

| Tier | Price | What You Get |
|------|-------|-------------|
| Standard | $0.01 USDC | All available signals based on inputs provided |

Payment is via [x402](https://x402.org) protocol — USDC on Base network. No API keys, no accounts, no contracts.

## API Reference

### `POST /v1/score`

**Payment**: x402 — $0.01 USDC on Base per request

**Request body** (JSON):

| Field | Type | Required | Description |
|-------|------|----------|-------------|
| `domain` | string | No | Domain or URL |
| `ip` | string | No | IPv4 address |
| `wallet_address` | string | No | EVM address (0x...) |
| `chain` | string | No | Blockchain network (default: `base`) |
| `company_name` | string | No | Name to screen against sanctions |
| `email` | string | No | Email (future — not scored yet) |
| `amount` | float | No | Transaction amount in USD (context only) |

At least one of `domain`, `ip`, `wallet_address`, or `company_name` is required.

### `GET /health`

**Payment**: None (always free)

Returns API status and signal source availability.

## Direct HTTP (without SDK)

```bash
# Without payment (returns 402):
curl -X POST https://revettr.com/v1/score \
  -H "Content-Type: application/json" \
  -d '{"domain": "example.com"}'

# Returns HTTP 402 with payment-required header containing x402 payment terms
```

## Disclaimer

Revettr is an **informational tool**. It aggregates publicly available signals and returns a risk score. It is **not** a compliance certification, legal advice, or guarantee of counterparty legitimacy. You are responsible for your own transaction decisions.

## Built by

[L Squared Digital Holdings](https://revettr.com)
