@agent-score/commerce 1.0.0

package/dist/discovery/index.mjs

@@ -0,0 +1,630 @@
+// src/payment/networks.ts
+var networks = {
+  base: {
+    mainnet: { caip2: "eip155:8453", chainId: 8453 },
+    sepolia: { caip2: "eip155:84532", chainId: 84532 }
+  },
+  solana: {
+    mainnet: { caip2: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp" },
+    devnet: { caip2: "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1" }
+  },
+  tempo: {
+    mainnet: { caip2: "eip155:4217", chainId: 4217 },
+    testnet: { caip2: "eip155:42431", chainId: 42431 }
+  }
+};
+
+// src/payment/usdc.ts
+var USDC = {
+  base: {
+    mainnet: { address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", decimals: 6 },
+    sepolia: { address: "0x036CbD53842c5426634e7929541eC2318f3dCF7e", decimals: 6 }
+  },
+  solana: {
+    mainnet: { mint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", decimals: 6 },
+    devnet: { mint: "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU", decimals: 6 }
+  },
+  tempo: {
+    mainnet: { address: "0x20C000000000000000000000b9537d11c60E8b50", decimals: 6 },
+    testnet: { address: "0x20c0000000000000000000000000000000000000", decimals: 6 }
+  }
+};
+
+// src/payment/rails.ts
+var rails = {
+  "tempo-mainnet": {
+    method: "tempo",
+    network: networks.tempo.mainnet.caip2,
+    chainId: networks.tempo.mainnet.chainId,
+    currency: USDC.tempo.mainnet.address,
+    decimals: USDC.tempo.mainnet.decimals,
+    asset: USDC.tempo.mainnet.address
+  },
+  "tempo-testnet": {
+    method: "tempo",
+    network: networks.tempo.testnet.caip2,
+    chainId: networks.tempo.testnet.chainId,
+    currency: USDC.tempo.testnet.address,
+    decimals: USDC.tempo.testnet.decimals,
+    asset: USDC.tempo.testnet.address
+  },
+  "x402-base-mainnet": {
+    method: "x402",
+    network: networks.base.mainnet.caip2,
+    chainId: networks.base.mainnet.chainId,
+    currency: USDC.base.mainnet.address,
+    decimals: USDC.base.mainnet.decimals,
+    asset: USDC.base.mainnet.address
+  },
+  "x402-base-sepolia": {
+    method: "x402",
+    network: networks.base.sepolia.caip2,
+    chainId: networks.base.sepolia.chainId,
+    currency: USDC.base.sepolia.address,
+    decimals: USDC.base.sepolia.decimals,
+    asset: USDC.base.sepolia.address
+  },
+  // Upto rails — pay UP TO a max amount (Permit2-based, vs EIP-3009 for exact). Use for
+  // variable-cost APIs where the actual cost depends on output (LLM tokens, bandwidth, etc.).
+  // Only available on EVM networks; Solana svm doesn't ship an upto scheme yet.
+  "x402-base-mainnet-upto": {
+    method: "x402-upto",
+    network: networks.base.mainnet.caip2,
+    chainId: networks.base.mainnet.chainId,
+    currency: USDC.base.mainnet.address,
+    decimals: USDC.base.mainnet.decimals,
+    asset: USDC.base.mainnet.address
+  },
+  "x402-base-sepolia-upto": {
+    method: "x402-upto",
+    network: networks.base.sepolia.caip2,
+    chainId: networks.base.sepolia.chainId,
+    currency: USDC.base.sepolia.address,
+    decimals: USDC.base.sepolia.decimals,
+    asset: USDC.base.sepolia.address
+  },
+  "x402-solana-mainnet": {
+    method: "x402",
+    network: networks.solana.mainnet.caip2,
+    currency: USDC.solana.mainnet.mint,
+    decimals: USDC.solana.mainnet.decimals,
+    asset: USDC.solana.mainnet.mint
+  },
+  "x402-solana-devnet": {
+    method: "x402",
+    network: networks.solana.devnet.caip2,
+    currency: USDC.solana.devnet.mint,
+    decimals: USDC.solana.devnet.decimals,
+    asset: USDC.solana.devnet.mint
+  },
+  "stripe-spt": {
+    method: "stripe",
+    currency: "usd",
+    decimals: 2
+  }
+};
+function lookupRail(name) {
+  return rails[name];
+}
+
+// src/payment/directive.ts
+function buildPaymentRequestBlob(input) {
+  const railDef = input.rail ? lookupRail(input.rail) : void 0;
+  const decimals = input.decimals ?? railDef?.decimals ?? 6;
+  const currency = input.currency ?? railDef?.currency ?? "usd";
+  const chainId = input.chainId ?? railDef?.chainId;
+  const amountNum = typeof input.amountUsd === "string" ? Number(input.amountUsd) : input.amountUsd;
+  const amountRaw = BigInt(Math.round(amountNum * 10 ** decimals)).toString();
+  const blob = { amount: amountRaw, currency, decimals };
+  if (input.recipient) blob.recipient = input.recipient;
+  const methodDetails = {};
+  if (chainId !== void 0) methodDetails.chainId = chainId;
+  if (input.networkId) methodDetails.networkId = input.networkId;
+  if (Object.keys(methodDetails).length > 0) blob.methodDetails = methodDetails;
+  return Buffer.from(JSON.stringify(blob)).toString("base64url");
+}
+function paymentDirective(input) {
+  const railDef = input.rail ? lookupRail(input.rail) : void 0;
+  const method = input.method ?? railDef?.method ?? "unknown";
+  const intent = input.intent ?? "charge";
+  const expires = input.expires ?? new Date(Date.now() + 5 * 60 * 1e3).toISOString();
+  return `Payment id="${input.id}", realm="${input.realm}", method="${method}", intent="${intent}", expires="${expires}", request="${input.request}"`;
+}
+
+// src/payment/wwwauthenticate.ts
+function paymentRequiredHeader(input) {
+  return Buffer.from(JSON.stringify(input)).toString("base64");
+}
+
+// src/discovery/probe.ts
+var ZERO_EVM_PAYTO = "0x0000000000000000000000000000000000000000";
+var ZERO_SOLANA_PAYTO = "11111111111111111111111111111111";
+function sampleX402AcceptForNetwork(caip2, amountAtomic = "1000000") {
+  if (caip2 === networks.base.mainnet.caip2) {
+    return {
+      scheme: "exact",
+      network: caip2,
+      amount: amountAtomic,
+      asset: USDC.base.mainnet.address,
+      payTo: ZERO_EVM_PAYTO,
+      maxTimeoutSeconds: 300,
+      extra: { name: "USDC", version: "2" }
+    };
+  }
+  if (caip2 === networks.base.sepolia.caip2) {
+    return {
+      scheme: "exact",
+      network: caip2,
+      amount: amountAtomic,
+      asset: USDC.base.sepolia.address,
+      payTo: ZERO_EVM_PAYTO,
+      maxTimeoutSeconds: 300,
+      extra: { name: "USDC", version: "2" }
+    };
+  }
+  if (caip2 === networks.solana.mainnet.caip2) {
+    return {
+      scheme: "exact",
+      network: caip2,
+      amount: amountAtomic,
+      asset: USDC.solana.mainnet.mint,
+      payTo: ZERO_SOLANA_PAYTO,
+      maxTimeoutSeconds: 300
+    };
+  }
+  if (caip2 === networks.solana.devnet.caip2) {
+    return {
+      scheme: "exact",
+      network: caip2,
+      amount: amountAtomic,
+      asset: USDC.solana.devnet.mint,
+      payTo: ZERO_SOLANA_PAYTO,
+      maxTimeoutSeconds: 300
+    };
+  }
+  return null;
+}
+function buildDiscoveryProbeResponse(opts) {
+  const probeId = `probe_${Date.now()}`;
+  const expires = new Date(Date.now() + (opts.ttlSeconds ?? 300) * 1e3).toISOString();
+  const request = buildPaymentRequestBlob({
+    rail: opts.sampleRail,
+    amountUsd: opts.sampleAmountUsd,
+    recipient: opts.sampleRecipient
+  });
+  const directive = paymentDirective({
+    rail: opts.sampleRail,
+    id: probeId,
+    realm: opts.realm,
+    intent: opts.intent,
+    expires,
+    request
+  });
+  const bodyObj = {
+    error: {
+      code: "payment_required",
+      message: opts.message ?? "This endpoint requires payment. Send a valid request body to receive a full challenge."
+    },
+    discovery: true,
+    ...opts.docsUrl ? { docs: opts.docsUrl } : {}
+  };
+  const headers = {
+    "content-type": "application/json",
+    "www-authenticate": directive
+  };
+  if (opts.x402Sample) {
+    const x402Version = opts.x402Sample.version ?? 2;
+    const sampleAccepts = opts.x402Sample.accepts ?? (opts.x402Sample.networks ?? []).map((n) => sampleX402AcceptForNetwork(n, opts.x402Sample.amountAtomic ?? "1000000")).filter((e) => e !== null);
+    headers["payment-required"] = paymentRequiredHeader({
+      x402Version,
+      accepts: sampleAccepts,
+      ...opts.x402Sample.resourceUrl ? { resource: { url: opts.x402Sample.resourceUrl, mimeType: "application/json" } } : {}
+    });
+    bodyObj.x402Version = x402Version;
+    const headerJson = JSON.parse(Buffer.from(headers["payment-required"], "base64").toString("utf-8"));
+    bodyObj.accepts = headerJson.accepts;
+  }
+  return {
+    status: 402,
+    headers,
+    body: JSON.stringify(bodyObj)
+  };
+}
+async function isDiscoveryProbeRequest(req) {
+  if (req.method !== "POST") return false;
+  const auth = req.headers.get("authorization");
+  if (auth?.startsWith("Payment ")) return false;
+  const body = await req.clone().text();
+  return !body || body === "{}";
+}
+
+// src/discovery/bazaar.ts
+async function createBazaarDiscovery(config) {
+  const bazaar = await dynamicImport("@x402/extensions/bazaar");
+  if (!bazaar?.declareDiscoveryExtension) {
+    throw new Error(
+      "@x402/extensions not installed \u2014 `npm install @x402/extensions` for createBazaarDiscovery."
+    );
+  }
+  return bazaar.declareDiscoveryExtension(config);
+}
+async function dynamicImport(moduleName) {
+  try {
+    return await import(moduleName);
+  } catch {
+    return null;
+  }
+}
+
+// src/discovery/well_known_mpp.ts
+function buildWellKnownMpp(input) {
+  return {
+    name: input.name,
+    ...input.description ? { description: input.description } : {},
+    url: input.url,
+    ...input.openapi ? { openapi: input.openapi } : {},
+    endpoints: input.endpoints,
+    ...input.catalog ? { catalog: input.catalog } : {},
+    purchase: {
+      ...input.purchase.required_fields ? { required_fields: input.purchase.required_fields } : {},
+      ...input.purchase.optional_fields ? { optional_fields: input.purchase.optional_fields } : {},
+      ...input.purchase.extra ?? {},
+      ...input.purchase.identity ? { identity: input.purchase.identity } : {},
+      ...input.purchase.identity_paths ? { identity_paths: input.purchase.identity_paths } : {},
+      payment_methods: input.purchase.methods,
+      ...input.purchase.x402 ? { x402: input.purchase.x402 } : {},
+      ...input.purchase.compliance ? { compliance: input.purchase.compliance } : {}
+    },
+    ...input.shipping ? { shipping: input.shipping } : {},
+    ...input.extra ?? {}
+  };
+}
+
+// src/discovery/llms_txt.ts
+function llmsTxtIdentitySection(input = {}) {
+  if (!input.agentscore) {
+    return "";
+  }
+  const compliance = input.compliance;
+  const complianceNote = compliance ? `
+
+Compliance: ${[
+    compliance.require_kyc ? "KYC required" : null,
+    compliance.min_age ? `age ${compliance.min_age}+` : null,
+    compliance.allowed_jurisdictions?.length ? `${compliance.allowed_jurisdictions.join("/")} only` : null,
+    compliance.require_sanctions_clear ? "sanctions clear" : null
+  ].filter(Boolean).join(", ")}.` : "";
+  return `## Choose your identity header
+
+AgentScore provides cross-merchant identity \u2014 one KYC works for every AgentScore-gated endpoint, no re-verification per site. Pick the right header based on how you plan to pay:
+
+- **Wallet-auth** (preferred for agents with a stable crypto wallet): send \`X-Wallet-Address: 0x...\`. Only works on rails that carry a wallet signature \u2014 Tempo MPP and x402 EIP-3009. The wallet you claim MUST sign the payment; we verify that the payment signer resolves to the same operator as the claimed wallet. No TTL, no rotation.
+- **Operator-token** (works for every rail): send \`X-Operator-Token: opc_...\`. Required when paying with Stripe SPT or card (those rails have no wallet signer). Reusable across every AgentScore merchant until the token expires.
+- **Neither**: you'll get 403 with \`verify_url\` + \`poll_secret\` \u2014 complete the session flow once, then reuse the credential (or any wallet that pays under it) forever.
+
+If you reach another AgentScore-gated endpoint in the future, the same credential and/or any linked wallet already works \u2014 skip the session flow.
+
+## Memory contract
+
+First-encounter 403 responses (and the POST /v1/sessions success body) include an \`agent_memory\` block describing how AgentScore identity works across merchants. LLM-hosted agents should persist its contents (the pattern, never secrets) so subsequent AgentScore-gated endpoints become returning-customer encounters.${complianceNote}`;
+}
+function llmsTxtPaymentSection(input) {
+  return input.verbose ? llmsTxtPaymentSectionVerbose(input) : llmsTxtPaymentSectionCompact(input);
+}
+function hasRailFamily(rails2, prefix) {
+  return rails2.some((r) => r.startsWith(prefix));
+}
+function isTestnetRail(rails2, prefix) {
+  return rails2.some((r) => r.startsWith(prefix) && /(sepolia|devnet|moderato|testnet)/.test(r));
+}
+function llmsTxtPaymentSectionCompact(input) {
+  const lines = ["## Payment", ""];
+  const rails2 = input.rails;
+  if (hasRailFamily(rails2, "tempo-")) {
+    lines.push(`- **Tempo USDC via MPP** \u2014 \`tempo request -X POST -H "X-Operator-Token: opc_..." --json '{...}' --max-spend N ` + input.appUrl + "`");
+  }
+  if (hasRailFamily(rails2, "x402-base-")) {
+    lines.push("- **x402 USDC on Base** (EIP-3009) \u2014 `agentscore-pay pay POST " + input.appUrl + ` --chain base -H "X-Operator-Token: opc_..." -d '{...}'\``);
+  }
+  if (hasRailFamily(rails2, "x402-solana-")) {
+    lines.push("- **x402 USDC on Solana** (SPL Token) \u2014 `agentscore-pay pay POST " + input.appUrl + ` --chain solana -H "X-Operator-Token: opc_..." -d '{...}'\``);
+  }
+  if (rails2.includes("stripe-spt")) {
+    lines.push("- **Stripe Shared Payment Token** \u2014 agent mints SPT (own Stripe account scoped to networkId, OR `link-cli spend-request create --credential-type shared_payment_token --network-id <profileId> ...`)");
+  }
+  lines.push("");
+  lines.push("IMPORTANT: Do NOT use raw on-chain transfers. Use the CLI commands above so the payment credential is signed and submitted via the protocol handshake.");
+  lines.push("");
+  return lines.join("\n");
+}
+function llmsTxtPaymentSectionVerbose(input) {
+  const rails2 = input.rails;
+  const tempoNetwork = input.tempoNetworkName ?? "tempo-mainnet";
+  const tempoChain = input.tempoChainId ?? 4217;
+  const hasTempo = hasRailFamily(rails2, "tempo-");
+  const hasBase = hasRailFamily(rails2, "x402-base-");
+  const hasSolana = hasRailFamily(rails2, "x402-solana-");
+  const hasStripe = rails2.includes("stripe-spt");
+  const baseNetworkName = isTestnetRail(rails2, "x402-base-") ? "Base Sepolia" : "Base";
+  const solanaNetworkName = isTestnetRail(rails2, "x402-solana-") ? "Solana devnet" : "Solana";
+  const lines = ["## Payment", ""];
+  lines.push("This is an agent-first API. All payments are initiated and completed by agents. The 402 challenge advertises:");
+  lines.push("");
+  if (hasTempo) lines.push("- **Tempo USDC via MPP** (on-chain stablecoin)");
+  if (hasBase || hasSolana) {
+    const chains = [hasBase && `${baseNetworkName} (EIP-3009)`, hasSolana && `${solanaNetworkName} (SPL Token)`].filter(Boolean).join(" and ");
+    lines.push(`- **x402 USDC** on ${chains}, via the Coinbase facilitator`);
+  }
+  if (hasStripe) lines.push("- **Stripe Shared Payment Token** (agent mints SPT on their Stripe account scoped to our networkId in the challenge, submits it in the credential)");
+  lines.push("");
+  if (hasTempo) {
+    lines.push("### How to pay with Tempo");
+    lines.push("");
+    lines.push("1. Install the Tempo CLI: curl -fsSL https://tempo.xyz/install | bash");
+    lines.push("2. Log in to your Tempo Wallet: tempo wallet login (passkey auth in browser)");
+    lines.push(`3. Confirm your balance: tempo wallet whoami (need USDC.e on ${tempoNetwork}, chain ${tempoChain})`);
+    lines.push("4. If balance is zero, fund it: tempo wallet fund");
+    lines.push("");
+    lines.push("Then use `tempo request` to make the paid purchase:");
+    lines.push("");
+    lines.push("tempo request -X POST \\");
+    lines.push('  -H "X-Operator-Token: opc_your_credential" \\');
+    lines.push('  -H "Content-Type: application/json" \\');
+    lines.push("  --json '{...}' \\");
+    lines.push("  --max-spend N \\");
+    lines.push(`  ${input.appUrl}`);
+    lines.push("");
+    lines.push(`\`tempo request\` handles the full MPP handshake: sends the POST, receives the 402 challenge, signs the payment on ${tempoNetwork}, submits the credential, and returns the completed order.`);
+    lines.push("");
+  }
+  if (hasBase || hasSolana) {
+    const chainsLabel = [hasBase && baseNetworkName, hasSolana && solanaNetworkName].filter(Boolean).join(" or ");
+    const flags = [hasBase && "`--chain base`", hasSolana && "`--chain solana`"].filter(Boolean).join(" or ");
+    lines.push(`### How to pay with x402 (${chainsLabel})`);
+    lines.push("");
+    lines.push("1. Install the agentscore-pay CLI: npm install -g @agent-score/pay  (or: brew install agentscore/tap/agentscore-pay)");
+    lines.push(`2. Create a wallet on your chain of choice: agentscore-pay wallet create ${flags}`);
+    lines.push(`3. Fund the printed address with USDC on ${chainsLabel}`);
+    lines.push(`4. Confirm balance: agentscore-pay balance ${flags}`);
+    lines.push("");
+    lines.push("Then submit the paid purchase:");
+    lines.push("");
+    lines.push(`agentscore-pay pay POST ${input.appUrl} \\`);
+    lines.push(`  ${hasBase ? "--chain base" : "--chain solana"} \\`);
+    lines.push('  -H "X-Operator-Token: opc_your_credential" \\');
+    lines.push('  -H "Content-Type: application/json" \\');
+    lines.push("  -d '{...}' \\");
+    lines.push("  --max-spend N");
+    lines.push("");
+    const handshakeChains = [hasBase && "EIP-3009 (Base)", hasSolana && "SPL Token (Solana)"].filter(Boolean).join(" or ");
+    lines.push(`The CLI handles the full x402 handshake: hits the URL, parses the 402 challenge, signs the ${handshakeChains} transaction, submits via X-Payment header, and returns the completed order.`);
+    lines.push("");
+  }
+  if (hasStripe) {
+    lines.push("### How to pay with Stripe SPT");
+    lines.push("");
+    lines.push("Mint a SharedPaymentToken scoped to the profile_id advertised in `accepted_methods.stripe.profile_id`, then submit via `Authorization: Payment` MPP header with `method=stripe/charge`. Either bring your own Stripe account or use `link-cli spend-request create --credential-type shared_payment_token --network-id <profileId> ...` for users with Stripe Link wallets.");
+    lines.push("");
+  }
+  lines.push("IMPORTANT: Do NOT use `tempo wallet transfer` or send USDC manually to the x402 deposit addresses \u2014 those bypass the payment handshake and your order will stay in pending_identity.");
+  if (hasBase || hasSolana) {
+    lines.push("IMPORTANT: x402 payments must be the exact amount specified in the 402 challenge. Overpayments and underpayments cannot be matched and funds may be unrecoverable.");
+  }
+  lines.push("");
+  return lines.join("\n");
+}
+function buildLlmsTxt(input) {
+  const parts = [`# ${input.merchantName}`];
+  if (input.tagline) {
+    parts.push(`> ${input.tagline}`);
+  }
+  parts.push("");
+  for (const s of input.sections) {
+    parts.push(`## ${s.heading}`);
+    parts.push("");
+    parts.push(s.content);
+    parts.push("");
+  }
+  if (input.agentscoreIdentity) {
+    parts.push(llmsTxtIdentitySection(input.agentscoreIdentity));
+    parts.push("");
+  }
+  if (input.payment) {
+    parts.push(llmsTxtPaymentSection(input.payment));
+  }
+  return parts.join("\n");
+}
+
+// src/discovery/openapi.ts
+function agentscoreSecuritySchemes() {
+  return {
+    OperatorToken: {
+      type: "apiKey",
+      in: "header",
+      name: "X-Operator-Token",
+      description: "Operator-token-path identity (opc_...). Works on every payment rail; reusable across AgentScore merchants. If both X-Operator-Token and X-Wallet-Address are sent, this one wins."
+    },
+    WalletAddress: {
+      type: "apiKey",
+      in: "header",
+      name: "X-Wallet-Address",
+      description: "Wallet-path identity (0x... or base58). Only works on rails that carry a wallet signature (Tempo MPP, x402 EIP-3009, x402 SPL Token). The wallet you claim MUST sign the payment."
+    }
+  };
+}
+function agentscoreDenialSchemas() {
+  return {
+    AgentScoreDenialReason: {
+      type: "string",
+      enum: [
+        "missing_identity",
+        "identity_verification_required",
+        "token_expired",
+        "invalid_credential",
+        "wallet_signer_mismatch",
+        "wallet_auth_requires_wallet_signing",
+        "wallet_not_trusted",
+        "api_error",
+        "payment_required"
+      ],
+      description: "Denial code emitted by AgentScore's gate middleware in 403 responses. Each comes with a structured agent_instructions block describing recovery actions."
+    },
+    AgentScoreDenialBody: {
+      type: "object",
+      properties: {
+        error: { $ref: "#/components/schemas/AgentScoreDenialReason" },
+        agent_instructions: {
+          type: "string",
+          description: "JSON-encoded { action, steps, user_message } block. Agents parse this to learn how to recover (e.g., poll a verify_url, switch headers, re-sign)."
+        },
+        verify_url: { type: "string", format: "uri", description: "Present for missing_identity / token_expired denials." },
+        session_id: { type: "string" },
+        poll_url: { type: "string", format: "uri" },
+        poll_secret: { type: "string" },
+        agent_memory: { type: "object", description: "Cross-merchant pattern hint emitted on first-encounter denials." }
+      },
+      required: ["error", "agent_instructions"]
+    }
+  };
+}
+function agentscorePaymentRequiredSchema() {
+  return {
+    AgentScorePaymentRequired: {
+      type: "object",
+      properties: {
+        payment_required: { type: "boolean", enum: [true] },
+        x402Version: { type: "integer", enum: [1, 2] },
+        accepts: { type: "array", items: { type: "object" }, description: "x402 PaymentRequired.accepts entries." },
+        accepted_methods: {
+          type: "array",
+          items: { type: "object" },
+          description: "MPP method entries (tempo/charge, x402/exact, stripe/charge, ...)."
+        },
+        amount_usd: { type: "string" },
+        currency: { type: "string" },
+        pricing: {
+          type: "object",
+          properties: {
+            subtotal: { type: "string" },
+            tax: { type: "string" },
+            tax_rate: { type: "number" },
+            tax_state: { type: "string" },
+            total: { type: "string" }
+          }
+        },
+        identity_mode: { type: "string", enum: ["wallet", "operator_token"] },
+        required_signer: { type: "string" },
+        linked_wallets: { type: "array", items: { type: "string" } },
+        signer_constraint: { type: "string" },
+        agent_instructions: { type: "object" },
+        agent_memory: { type: "object" }
+      }
+    }
+  };
+}
+function agentscoreOpenApiSnippets(opts = {}) {
+  const out = {};
+  if (opts.security !== false) {
+    out.securitySchemes = agentscoreSecuritySchemes();
+  }
+  if (opts.denials !== false || opts.paymentRequired !== false) {
+    out.schemas = {
+      ...opts.denials !== false ? agentscoreDenialSchemas() : {},
+      ...opts.paymentRequired !== false ? agentscorePaymentRequiredSchema() : {}
+    };
+  }
+  return out;
+}
+
+// src/discovery/robots_tag.ts
+var defaultDiscoveryPaths = /* @__PURE__ */ new Set([
+  "/openapi.json",
+  "/llms.txt",
+  "/.well-known/mpp.json",
+  "/.well-known/agent-card.json",
+  "/.well-known/ucp",
+  "/favicon.png",
+  "/favicon.ico"
+]);
+function isDiscoveryPath(path, options) {
+  if (options?.replace) {
+    return new Set(options.customPaths ?? []).has(path);
+  }
+  if (defaultDiscoveryPaths.has(path)) return true;
+  if (options?.customPaths) {
+    for (const p of options.customPaths) if (p === path) return true;
+  }
+  return false;
+}
+var DEFAULT_ROBOTS_TAG = "noindex, nofollow, noarchive, nosnippet";
+function shouldNoindex(path, customSet, replacePaths) {
+  const isDiscovery = replacePaths ? customSet?.has(path) ?? false : defaultDiscoveryPaths.has(path) || (customSet?.has(path) ?? false);
+  return !isDiscovery;
+}
+function noindexNonDiscoveryPaths(options) {
+  const customSet = options?.customPaths ? new Set(options.customPaths) : void 0;
+  const robotsTag = options?.robotsTag ?? DEFAULT_ROBOTS_TAG;
+  return async (c, next) => {
+    await next();
+    if (shouldNoindex(c.req.path, customSet, options?.replacePaths)) {
+      c.header("X-Robots-Tag", robotsTag);
+    }
+  };
+}
+function noindexNonDiscoveryPathsExpress(options) {
+  const customSet = options?.customPaths ? new Set(options.customPaths) : void 0;
+  const robotsTag = options?.robotsTag ?? DEFAULT_ROBOTS_TAG;
+  return (req, res, next) => {
+    if (shouldNoindex(req.path, customSet, options?.replacePaths)) {
+      res.setHeader("X-Robots-Tag", robotsTag);
+    }
+    next();
+  };
+}
+function noindexNonDiscoveryPathsFastify(app, options, done) {
+  const customSet = options?.customPaths ? new Set(options.customPaths) : void 0;
+  const robotsTag = options?.robotsTag ?? DEFAULT_ROBOTS_TAG;
+  app.addHook("onRequest", (req, reply, hookDone) => {
+    const path = (req.url ?? req.routerPath ?? "").split("?")[0];
+    if (shouldNoindex(path, customSet, options?.replacePaths)) {
+      reply.header("X-Robots-Tag", robotsTag);
+    }
+    hookDone();
+  });
+  done();
+}
+function wrapNoindexResponse(path, response, options) {
+  const customSet = options?.customPaths ? new Set(options.customPaths) : void 0;
+  const robotsTag = options?.robotsTag ?? DEFAULT_ROBOTS_TAG;
+  if (!shouldNoindex(path, customSet, options?.replacePaths)) return response;
+  const headers = new Headers(response.headers);
+  headers.set("X-Robots-Tag", robotsTag);
+  return new Response(response.body, {
+    status: response.status,
+    statusText: response.statusText,
+    headers
+  });
+}
+var applyNoindexHeader = wrapNoindexResponse;
+export {
+  agentscoreDenialSchemas,
+  agentscoreOpenApiSnippets,
+  agentscorePaymentRequiredSchema,
+  agentscoreSecuritySchemes,
+  applyNoindexHeader,
+  buildDiscoveryProbeResponse,
+  buildLlmsTxt,
+  buildWellKnownMpp,
+  createBazaarDiscovery,
+  defaultDiscoveryPaths,
+  isDiscoveryPath,
+  isDiscoveryProbeRequest,
+  llmsTxtIdentitySection,
+  llmsTxtPaymentSection,
+  noindexNonDiscoveryPaths,
+  noindexNonDiscoveryPathsExpress,
+  noindexNonDiscoveryPathsFastify,
+  sampleX402AcceptForNetwork,
+  wrapNoindexResponse
+};
+//# sourceMappingURL=index.mjs.map