feat: Allow uploading OpenAPI spec to register x402 resources (#97)

[tarai-dl]

Summary

This PR implements the ability to register x402 resources from an OpenAPI specification with x-402 extensions, as an alternative to probing endpoints directly.

Closes #97

Changes

New API Endpoint

• POST /api/x402/registry/register-openapi
  • Accepts an OpenAPI spec (JSON string or parsed object) with x-402 extensions
  • Optional baseUrl parameter to override the spec's servers array
  • Returns registration results with per-endpoint success/failure details

New UI Component

• OpenAPI Spec tab on the register page (/resources/register)
  • File upload support for .json, .yaml, .yml files
  • Textarea for pasting JSON directly
  • Preview of detected x-402 endpoints before registration
  • Real-time validation of JSON format
  • Results display with per-endpoint success/failure indicators

OpenAPI Parsing

• Extracts endpoints with x-402 or x402 extension fields
• Converts OpenAPI parameters/requestBody to x402scan's v1 schema format
• Supports enabled, price.amount, price.network, price.asset fields

How to Use

Add x-402 extensions to your OpenAPI spec operations:

{
  "paths": {
    "/api/premium-data": {
      "post": {
        "x-402": {
          "enabled": true,
          "price": {
            "amount": "1000",
            "network": "base"
          }
        },
        "requestBody": { ... },
        "responses": { ... }
      }
    }
  }
}

See docs/examples/openapi-x402-example.json for a complete example.

Test Plan

• Upload an OpenAPI spec with x-402 extensions
• Verify detected endpoints match spec
• Register endpoints and verify they appear in resources
• Test with baseUrl override
• Test error handling for invalid JSON

Relates to Algora bounty #97 ($100)

[vercel]

Someone is attempting to deploy a commit to the Merit Systems Team on Vercel.

A member of the Team first needs to authorize it.

[vercel]

Page marked as 'use client' but removed metadata export, causing loss of SEO metadata (title and description) for the register page

[vercel]

Suggested change

	if (!x402Config?.enabled && !x402Config?.paymentRequirements) continue;
	if (!x402Config?.enabled) continue;

Overly permissive condition for detecting x402 resources allows inclusion of endpoints with only paymentRequirements but without enabled: true

[vercel]

Suggested change

	if (x402) {
	const x402Config = x402 as Record<string, unknown> | undefined;
	if (x402Config?.enabled || x402Config?.paymentRequirements) {

Form preview and registration handler have inconsistent filtering logic for x-402 endpoints, causing disabled endpoints to appear in preview but fail during registration

[vercel]

x402-enabled endpoints can silently default to 0 payment when price amount is not specified

[vercel]

The payTo field is hardcoded to empty string in OpenAPI x402 handler, preventing payment routing and ownership verification

[vercel]

Suggested change

	const fullUrl = serverUrl
	? `${serverUrl.replace(/\/$/, '')}${path}`
	: path;
	// Ensure path starts with / for correct URL construction
	const normalizedPath = path.startsWith('/') ? path : `/${path}`;
	const fullUrl = serverUrl
	? `${serverUrl.replace(/\/$/, '')}${normalizedPath}`
	: normalizedPath;

URL concatenation assumes paths always start with /, causing malformed URLs when a path lacks the leading slash

[vercel]

Suggested change

	handleRegistryRegisterOpenApi(body.spec as string, body.baseUrl)
	handleRegistryRegisterOpenApi(body.spec, body.baseUrl)

Incorrect type cast loses type safety when passing body.spec to handler that accepts union type

[vercel]

Suggested change

import { convertOpenApiSchemaToV1 } from '@/lib/openapi-to-v1';

Unused import convertOpenApiSchemaToV1 should be removed from registry-register-openapi.ts