dev.preflight
Check whether a shell command is runnable before you (or an agent) run it — a pre-execution gate. POST { command } with a command that targets the network (curl, wget, httpie, or anything carrying a URL). Parses out the HTTP method, target URL, and headers, then returns a structured verdict: verdict ('runnable' or 'invalid'), a runnable boolean, and a checks breakdown (hasTarget, urlValid, schemeOk, hostPresent, methodValid, privateTarget). By default the check is STATIC and deterministic — no network call — answering 'is there a well-formed http(s) target and a valid method?' (a command with no URL is invalid). Pass probe=true to also run a guarded HEAD request against the target and report dnsResolves, reachable, tlsValid, and httpStatus — answering 'would this actually connect right now?'. Private/loopback/reserved targets are refused (SSRF-safe). Built for gating agent-generated commands and CI pipelines.
/api/dev/preflightPAYMENT-SIGNATURE.Parameters
| Name | Type | Description |
|---|---|---|
commandrequired | string | min 1 chars · max 8192 chars |
probe | boolean |
Code samples
# 1. Probe the endpoint with no auth — receive 402 with PaymentRequirements
curl -sS -X POST 'https://2s.io/api/dev/preflight' \
-H 'Content-Type: application/json' \
-d '{"command":"example","probe":false}'
# 2. Sign the EIP-3009 transferWithAuthorization for the advertised price +
# payTo from the 402 envelope, then retry with PAYMENT-SIGNATURE:
curl -sS -X POST 'https://2s.io/api/dev/preflight' \
-H 'Content-Type: application/json' \
-H 'PAYMENT-SIGNATURE: <base64-json-payload>' \
-d '{"command":"example","probe":false}'
# Or just use the canonical runner — it handles the whole loop:
# EVM_PRIVATE_KEY=0x... node --env-file=.env.local \
# --experimental-strip-types scripts/x402-pay.ts \
# 'https://2s.io/api/dev/preflight'import { TwoS } from '@2sio/sdk'
const client = new TwoS({
privateKey: process.env.EVM_PRIVATE_KEY as `0x${string}`,
})
const result = await client.dev.preflight({
"command": "example",
"probe": false
})
console.log('endpoint:', result.endpoint)
console.log('cost:', result.costUsd, 'USDC')
console.log('tx:', result.settlement?.txHash)
console.log('data:', result.data)import os
from twosio import TwoS
client = TwoS(private_key=os.environ["EVM_PRIVATE_KEY"])
result = client.dev.preflight(command="example", probe=False)
print("endpoint:", result.endpoint)
print("cost:", result.cost_usd, "USDC")
print("tx:", (result.settlement or {}).get("tx_hash"))
print("data:", result.data)// 1. Add @2sio/mcp to your MCP host config (Claude Desktop example below).
// EVM_PRIVATE_KEY funds x402 payments per call.
// claude_desktop_config.json
{
"mcpServers": {
"2sio": {
"command": "npx",
"args": ["-y", "@2sio/mcp"],
"env": { "EVM_PRIVATE_KEY": "0x..." }
}
}
}
// 2. Once the server is running, agents call this tool via standard MCP:
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "dev.preflight",
"arguments": {
"command": "example",
"probe": false
}
}
}Response
| Field | Type | Description |
|---|---|---|
ok | boolean | one of: true |
items | array | |
total | integer | Total matching rows upstream; null when unknown. |
source | object |
{
"ok": true,
"items": [
{
"command": "example",
"tool": "example",
"method": "example",
"url": "example",
"targets": [
"example"
],
"verdict": "example",
"runnable": false,
"mode": "example",
"reason": "example",
"checks": {
"hasTarget": false,
"urlValid": false,
"schemeOk": false,
"hostPresent": false,
"methodValid": false,
"privateTarget": false,
"dnsResolves": false,
"reachable": false,
"tlsValid": false,
"httpStatus": 1
},
"note": "example"
}
],
"total": 1,
"source": {
"provider": "example",
"url": "example",
"license": "example"
}
}Discovery
- /api/directory — full catalog of every endpoint
- /openapi.json — OpenAPI 3.1 spec (per-op x-payment-info, x402Payment security)
- /.well-known/x402 — machine-readable service descriptor for x402-aware crawlers
- /.well-known/mcp/server-card.json — MCP SEP-1649 server card
- /llms.txt — plain-text manifest for LLM ingestion