feat: add Headless Oracle plugin — Ed25519-signed market-state receipts for 28 exchanges

[LembaGang]

Headless Oracle

Pre-trade verification gate for autonomous financial agents.

An Agent Zero instance (AgentZero/19353) discovered and called our MCP endpoint tonight.
This submission makes the integration official.

What it does

Headless Oracle returns Ed25519-signed receipts indicating whether a stock exchange is
OPEN, CLOSED, HALTED, or UNKNOWN. The signature lets any downstream agent verify the
receipt independently without calling the API again.

This is a pre-trade safety primitive: before any financial execution decision, check the oracle.

MCP tools included

Tool	Description
`get_market_status`	Signed receipt (OPEN/CLOSED/HALTED/UNKNOWN) for a given MIC
`get_market_schedule`	Next open/close times in UTC, lunch breaks, holiday data
`list_exchanges`	All 28 supported exchanges with timezones and MIC codes
`verify_receipt`	Verify an Ed25519-signed receipt in-worker

Coverage

28 global exchanges: NYSE, NASDAQ, LSE, JPX, Euronext Paris, HKEX, SGX, ASX, BSE/NSE India,
Shanghai, Shenzhen, Korea, Johannesburg, B3 Brazil, SIX Swiss, Borsa Italiana, Istanbul,
Tadawul, Dubai, NZX, Nasdaq Helsinki/Stockholm, CME, NYMEX, Cboe, Coinbase (24/7),
Binance (24/7).

Getting started

No API key required for sandbox (200 free calls). Configure in Agent Zero via MCP:

```json
{
"mcpServers": {
"headless-oracle": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://headlessoracle.com/mcp"]
}
}
}
```

Or use the `get_market_status` tool directly once the plugin is installed.

x402 autonomous payment

Agents can pay $0.001 USDC per request on Base mainnet without human intervention
(ERC-8004 registry: 8453:38413).

Compliance

• APTS v1.0 (Agent Pre-Trade Safety Standard) — all 6 checks pass
• SMA Protocol v1.0 (Signed Market Attestation) — receipts are SMA-compliant
• UNKNOWN always means CLOSED — fail-closed by design

Links

• Skill file: https://headlessoracle.com/skill.md
• MCP endpoint: https://headlessoracle.com/mcp
• OpenAPI spec: https://headlessoracle.com/openapi.json
• Ampersend listing: https://app.ampersend.ai/agents/headless-oracle
• Agent discovery: https://headlessoracle.com/.well-known/agent.json

Checklist:

• `plugin.yaml` at repo root
• `skills/headless_oracle.md` included (auto-installed skill)
• Folder name `headless_oracle` matches `name` in `plugin.yaml`
• GitHub URL is publicly accessible
• One plugin per PR

[a0-bot]

Plugin submission validation failed

ERROR: Invalid YAML in plugins/headless_oracle/index.yaml: mapping values are not allowed here

[3clyp50]

Hello @LembaGang I went through the plugin code, and I have some review for you:

Static Code Review

File: sample-agentcore-cloudfront-x402-payments/payer-agent/scripts/deploy_to_agentcore.py → lines 260–269

    if not env_file.exists():
        return
    content = env_file.read_text()
    import re
    if re.search(rf'^{key}=', content, re.MULTILINE):
        content = re.sub(rf'^{key}=.*$', f'{key}={value}', content, flags=re.MULTILINE)
    else:
        content = content.rstrip('\n') + f'\n{key}={value}\n'
    env_file.write_text(content)
    print(f"  Updated .env → {key}={value}")

Risk: This helper writes secrets into .env and then echoes the raw value to stdout, which can leak credentials into terminal scrollback, CI logs, or captured deployment logs. That is a clear secret-exposure vector.

---

Secrets & Sensitive Data Access

File: sample-agentcore-cloudfront-x402-payments/payer-agent/agent/config.py → lines 49–56

            model_id=os.getenv("BEDROCK_MODEL_ID", cls.model_id),
            cdp_api_key_name=os.getenv("CDP_API_KEY_ID", ""),
            cdp_api_key_private_key=os.getenv("CDP_API_KEY_SECRET", ""),
            cdp_wallet_secret=os.getenv("CDP_WALLET_SECRET", ""),
            cdp_wallet_address=os.getenv("CDP_WALLET_ADDRESS", ""),
            network_id=os.getenv("NETWORK_ID", cls.network_id),
            seller_api_url=os.getenv("SELLER_API_URL", ""),
            otel_endpoint=os.getenv("OTEL_EXPORTER_OTLP_ENDPOINT", ""),

Risk: The bundled sample code accesses wallet secrets, API credentials, and cloud runtime configuration that are unrelated to the declared oracle plugin purpose. That increases the sensitivity of the repository and the blast radius if executed blindly.

---

Obfuscation & Hidden Code

File: sample-agentcore-cloudfront-x402-payments/payer-infrastructure/bin/app.js → lines 62–64

});
app.synth();
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBwLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiYXBwLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUNBLHVDQUFxQztBQUNyQyxpREFBbUM7QUFDbkMscUNBQTZDO0FBQzdDLDREQUF3RDtBQUN4RCxvRUFBZ0U7QUFFaEUsTUFBTSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7QUFFMUIsc0NBQXNDO0FBQ3RDLE1BQU0sY0FBYyxHQUFHLElBQUksZ0NBQWMsQ0FBQyxHQUFHLEVBQUUscUJBQXFCLEVBQUU7SUFDcEUsR0FBRyxFQUFFO1FBQ0gsT0FBTyxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsbUJBQW1CO1FBQ3hDLE1BQU0sRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLGtCQUFrQixJQUFJLFdBQVc7S0FDdEQ7SUFDRCxXQUFXLEVBQUUscURBQXFEO0NBQ25FLENBQUMsQ0FBQztBQUVILEdBQUcsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxJQUFJLDRCQUFrQixFQUFFLENBQUMsQ0FBQztBQUU3RCxpREFBaUQ7QUFDakQsSUFBSSx3Q0FBa0IsQ0FBQyxHQUFHLEVBQUUsd0JBQXdCLEVBQUU7SUFDcEQsR0FBRyxFQUFFO1FBQ0gsT0FBTyxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsbUJBQW1CO1FBQ3hDLE1BQU0sRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLGtCQUFrQixJQUFJLFdBQVc7S0FDdEQ7SUFDRCxXQUFXLEVBQUUsNERBQTREO0lBQ3pFLCtEQUErRDtJQUMvRCx3QkFBd0IsRUFBRSxHQUFHLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQywwQkFBMEIsQ0FBQztJQUM1RSxtQkFBbUIsRUFBRSxHQUFHLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxxQkFBcUIsQ0FBQztDQUNuRSxDQUFDLENBQUM7QUFFSCxHQUFHLENBQUMsS0FBSyxFQUFFLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIjIS91c3IvYmluL2VudiBub2RlXG5pbXBvcnQgJ3NvdXJjZS1tYXAtc3VwcG9ydC9yZWdpc3Rlcic7XG5pbXBvcnQgKiBhcyBjZGsgZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHsgQXdzU29sdXRpb25zQ2hlY2tzIH0gZnJvbSAnY2RrLW5hZyc7XG5pbXBvcnQgeyBBZ2VudENvcmVTdGFjayB9IGZyb20gJy4uL2xpYi9hZ2VudGNvcmUtc3RhY2snO1xuaW1wb3J0IHsgT2JzZXJ2YWJpbGl0eVN0YWNrIH0gZnJvbSAnLi4vbGliL29ic2VydmFiaWxpdHktc3RhY2snO1xuXG5jb25zdCBhcHAgPSBuZXcgY2RrLkFwcCgpO1xuXG4vLyBNYWluIEFnZW50Q29yZSBpbmZyYXN0cnVjdHVyZSBzdGFja1xuY29uc3QgYWdlbnRDb3JlU3RhY2sgPSBuZXcgQWdlbnRDb3JlU3RhY2soYXBwLCAnWDQwMlBheWVyQWdlbnRTdGFjaycsIHtcbiAgZW52OiB7XG4gICAgYWNjb3VudDogcHJvY2Vzcy5lbnYuQ0RLX0RFRkFVTFRfQUNDT1VOVCxcbiAgICByZWdpb246IHByb2Nlc3MuZW52LkNES19ERUZBVUxUX1JFR0lPTiB8fCAndXMtd2VzdC0yJyxcbiAgfSxcbiAgZGVzY3JpcHRpb246ICd4NDAyIFBheWVyIEFnZW50IC0gQmVkcm9jayBBZ2VudENvcmUgaW5mcmFzdHJ1Y3R1cmUnLFxufSk7XG5cbmNkay5Bc3BlY3RzLm9mKGFnZW50Q29yZVN0YWNrKS5hZGQobmV3IEF3c1NvbHV0aW9uc0NoZWNrcygpKTtcblxuLy8gT2JzZXJ2YWJpbGl0eSBzdGFjayB3aXRoIENsb3VkV2F0Y2ggZGFzaGJvYXJkc1xubmV3IE9ic2VydmFiaWxpdHlTdGFjayhhcHAsICdYNDAyT2JzZXJ2YWJpbGl0eVN0YWNrJywge1xuICBlbnY6IHtcbiAgICBhY2NvdW50OiBwcm9jZXNzLmVudi5DREtfREVGQVVMVF9BQ0NPVU5ULFxuICAgIHJlZ2lvbjogcHJvY2Vzcy5lbnYuQ0RLX0RFRkFVTFRfUkVHSU9OIHx8ICd1cy13ZXN0LTInLFxuICB9LFxuICBkZXNjcmlwdGlvbjogJ3g0MDIgRW50ZXJwcmlzZSBEZW1vIC0gQ2xvdWRXYXRjaCBPYnNlcnZhYmlsaXR5IERhc2hib2FyZHMnLFxuICAvLyBUaGVzZSBjYW4gYmUgb3ZlcnJpZGRlbiB2aWEgY29udGV4dCBvciBlbnZpcm9ubWVudCB2YXJpYWJsZXNcbiAgY2xvdWRmcm9udERpc3RyaWJ1dGlvbklkOiBhcHAubm9kZS50cnlHZXRDb250ZXh0KCdjbG91ZGZyb250RGlzdHJpYnV0aW9uSWQnKSxcbiAgZ2F0ZXdheUxvZ0dyb3VwTmFtZTogYXBwLm5vZGUudHJ5R2V0Q29udGV4dCgnZ2F0ZXdheUxvZ0dyb3VwTmFtZScpLFxufSk7XG5cbmFwcC5zeW50aCgpO1xuIl19

Risk: This appears to be a generated build artifact, but it embeds a large encoded payload directly in the JS file and makes manual review harder. Because corresponding source files exist, this is more a warning, not a fail.

---

Of course some of these can have their explanation. Feel free to follow up or directly make the corrections directly.

Have a good one,
Alessandro

[LembaGang]

Thanks for the thorough review, Alessandro.

You're right — those sample-agentcore-cloudfront-x402-payments files should not be in this PR at all. They're from a separate AWS reference architecture and were incorrectly included. I'll clean the PR to contain only the oracle plugin files and fix the YAML validation error the bot flagged.

Appreciate you taking the time.