@agent-score/commerce 1.1.0 → 1.2.0

package/dist/discovery/index.d.mts

@@ -1,3 +1,6 @@
+import { R as RailKey, C as CompatibleClients } from '../agent_instructions-d3UWTdam.mjs';
+export { c as compatibleClientsByRails } from '../agent_instructions-d3UWTdam.mjs';
+
 /**
  * Build a sample x402 accepts entry for a CAIP-2 network. Looks up the USDC asset
  * for the network from the `USDC` registry and uses a placeholder payTo. Used by
@@ -379,4 +382,120 @@ declare function wrapNoindexResponse(path: string, response: Response, options?:
  *  in Next.js docs/examples. */
 declare const applyNoindexHeader: typeof wrapNoindexResponse;
 
-export { type BazaarDiscoveryConfig, type BuildAgentScoreOpenApiSnippetsInput, type BuildLlmsTxtInput, type DiscoveryProbeOptions, type DiscoveryProbeResponse, type LlmsTxtIdentitySectionInput, type LlmsTxtPaymentSectionInput, type NoindexNonDiscoveryOptions, type PaymentMethodConfig, type RequestLike, type WellKnownMppInput, agentscoreDenialSchemas, agentscoreOpenApiSnippets, agentscorePaymentRequiredSchema, agentscoreSecuritySchemes, applyNoindexHeader, buildDiscoveryProbeResponse, buildLlmsTxt, buildWellKnownMpp, createBazaarDiscovery, defaultDiscoveryPaths, isDiscoveryPath, isDiscoveryProbeRequest, llmsTxtIdentitySection, llmsTxtPaymentSection, noindexNonDiscoveryPaths, noindexNonDiscoveryPathsExpress, noindexNonDiscoveryPathsFastify, sampleX402AcceptForNetwork, wrapNoindexResponse };
+interface SkillMdEndpoint {
+    method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+    path: string;
+    authRequired: boolean;
+    description: string;
+}
+interface SkillMdIdentityRequirements {
+    /** Whether KYC is required for gated routes. */
+    kycRequired?: boolean;
+    /** Minimum age (e.g. 21 for alcohol). */
+    minAge?: number;
+    /** Allowed-jurisdictions list (ISO 3166-1 alpha-2 country codes). */
+    allowedJurisdictions?: string[];
+    /** Whether sanctions screening is enforced. */
+    sanctionsClear?: boolean;
+}
+interface SkillMdShippingPolicy {
+    /** Allowed shipping countries (ISO 3166-1 alpha-2). */
+    allowedCountries?: string[];
+    /** Blocked US states (2-letter codes). */
+    blockedStates?: string[];
+}
+interface SkillMdLink {
+    label: string;
+    url: string;
+}
+interface BuildSkillMdInput {
+    /** Skill manifest identifier — kebab-case per agentskills.io spec: 1-64 chars, lowercase
+     *  alphanumeric + hyphens, no leading/trailing/consecutive hyphens. Validated at build
+     *  time; invalid names throw. e.g. 'martin-estate-wine-commerce'. */
+    name: string;
+    /** Skill description — agentskills.io spec: 1-1024 chars, non-empty. Should describe both
+     *  what the skill does AND when to use it; imperative phrasing recommended ("Use when…").
+     *  Validated at build time; over-length throws. */
+    description: string;
+    /** Merchant homepage (or domain root). Emitted as `metadata.homepage` per spec
+     *  (top-level non-spec fields go under metadata). */
+    homepage: string;
+    /** Skill schema version — increment when the skill body materially changes. Emitted as
+     *  a quoted string under `metadata.version` per agentskills.io spec (metadata values
+     *  must be strings). Accepts string or number; numbers are converted. Default "1". */
+    version?: string | number;
+    /** Optional license name or path to a bundled license file. Emitted as top-level
+     *  frontmatter `license:` per spec. */
+    license?: string;
+    /** Optional environment-requirements note (max 500 chars). e.g. "Requires Node 20+".
+     *  Emitted as top-level frontmatter `compatibility:` per spec. */
+    compatibility?: string;
+    /** Optional space-separated string of pre-approved tools (experimental per spec). */
+    allowedTools?: string;
+    /** Additional caller-defined metadata entries — flat key/value strings nested under
+     *  `metadata:`. Spec requires string values. */
+    metadata?: Record<string, string | number>;
+    /** Human display name (e.g. "Martin Estate Winery"). */
+    merchantName: string;
+    /** Optional one-line tagline appearing under the title. */
+    tagline?: string;
+    /** Optional short prose intro describing what the merchant offers. Renders below the title. */
+    intro?: string;
+    /** Files / well-known URLs surfaced under the "Important Files" table. The skill.md URL
+     *  itself is added automatically — list other discovery surfaces (llms.txt, mpp.json,
+     *  openapi.json, agent-card.json). */
+    files?: SkillMdLink[];
+    /** Rails the merchant accepts. Drives the Payment + Compatible Clients sections. Order
+     *  is preserved in render. Default to the rails actually declared on the merchant's
+     *  `respond402` config — keep these in sync. */
+    acceptedRails: RailKey[];
+    /** Override the per-rail compatible-clients matrix. When omitted, derives from
+     *  `acceptedRails` via the SDK's smoke-verified default. Override keys not in
+     *  `acceptedRails` are dropped (the rail isn't accepted, so the row isn't rendered). */
+    compatibleClients?: CompatibleClients;
+    /** Identity requirements as agent-observable outcomes (kyc / age / jurisdiction /
+     *  sanctions). Internal posture (`failOpen`, mount strategy, KYC vendor) is intentionally
+     *  not part of this shape — agents act on outcomes, not implementation. */
+    identity?: SkillMdIdentityRequirements;
+    /** URL to the identity-bootstrap skill. Linked from the Identity Prerequisite section
+     *  so an agent without a Passport can follow the bootstrap before attempting purchase. */
+    identityBootstrapUrl?: string;
+    /** Shipping policy, for physical-goods merchants. Omit for digital merchants. */
+    shipping?: SkillMdShippingPolicy;
+    /** Agent-facing endpoints — path, method, whether auth is required, brief purpose. */
+    endpoints: SkillMdEndpoint[];
+    /** When this skill should fire (skill loader uses for trigger matching). */
+    triggers: string[];
+    /** Optional numbered onboarding steps. Each entry renders as a numbered list item;
+     *  may include shell snippets in markdown code fences. */
+    onboardingSteps?: string[];
+    /** Support / homepage / docs links rendered in the "Support" section. */
+    supportLinks?: SkillMdLink[];
+    /** When true (default), append a footer noting clients can refresh skill.md to pick
+     *  up new endpoints. Set to false to suppress. */
+    refreshFooter?: boolean;
+}
+/**
+ * Render an agentskills.io-compatible `skill.md` for an agent-commerce merchant.
+ *
+ * Output is YAML frontmatter (`name` / `description` / optional `license` /
+ * `compatibility` / `allowed-tools` / `metadata`) followed by markdown sections
+ * describing payment rails, identity requirements, endpoints, triggers, and support
+ * links — strictly the agent-facing contract, with no internal posture (no `failOpen`,
+ * no mount-strategy names, no KYC vendor, no defense parameters).
+ *
+ * Spec compliance:
+ *   - `name` validated against the agentskills.io regex (lowercase alphanumeric + hyphens,
+ *     no leading/trailing/consecutive hyphens, ≤64 chars).
+ *   - `description` length capped at 1024.
+ *   - `metadata` values always emitted as quoted strings.
+ *   - `description` (and other user scalars) double-quoted to defuse the colon /
+ *     newline / quote pitfall the spec explicitly warns about.
+ *
+ * The compatible-clients-per-rail table sources from the same SDK constant
+ * (`compatibleClientsByRails`) that drives the live 402 body's `compatible_clients`
+ * field, so updating a smoke-verified client in one place propagates to every surface.
+ */
+declare function buildSkillMd(input: BuildSkillMdInput): string;
+
+export { type BazaarDiscoveryConfig, type BuildAgentScoreOpenApiSnippetsInput, type BuildLlmsTxtInput, type BuildSkillMdInput, CompatibleClients, type DiscoveryProbeOptions, type DiscoveryProbeResponse, type LlmsTxtIdentitySectionInput, type LlmsTxtPaymentSectionInput, type NoindexNonDiscoveryOptions, type PaymentMethodConfig, RailKey, type RequestLike, type SkillMdEndpoint, type SkillMdIdentityRequirements, type SkillMdLink, type SkillMdShippingPolicy, type WellKnownMppInput, agentscoreDenialSchemas, agentscoreOpenApiSnippets, agentscorePaymentRequiredSchema, agentscoreSecuritySchemes, applyNoindexHeader, buildDiscoveryProbeResponse, buildLlmsTxt, buildSkillMd, buildWellKnownMpp, createBazaarDiscovery, defaultDiscoveryPaths, isDiscoveryPath, isDiscoveryProbeRequest, llmsTxtIdentitySection, llmsTxtPaymentSection, noindexNonDiscoveryPaths, noindexNonDiscoveryPathsExpress, noindexNonDiscoveryPathsFastify, sampleX402AcceptForNetwork, wrapNoindexResponse };

package/dist/discovery/index.d.ts

@@ -1,3 +1,6 @@
+import { R as RailKey, C as CompatibleClients } from '../agent_instructions-d3UWTdam.js';
+export { c as compatibleClientsByRails } from '../agent_instructions-d3UWTdam.js';
+
 /**
  * Build a sample x402 accepts entry for a CAIP-2 network. Looks up the USDC asset
  * for the network from the `USDC` registry and uses a placeholder payTo. Used by
@@ -379,4 +382,120 @@ declare function wrapNoindexResponse(path: string, response: Response, options?:
  *  in Next.js docs/examples. */
 declare const applyNoindexHeader: typeof wrapNoindexResponse;
 
-export { type BazaarDiscoveryConfig, type BuildAgentScoreOpenApiSnippetsInput, type BuildLlmsTxtInput, type DiscoveryProbeOptions, type DiscoveryProbeResponse, type LlmsTxtIdentitySectionInput, type LlmsTxtPaymentSectionInput, type NoindexNonDiscoveryOptions, type PaymentMethodConfig, type RequestLike, type WellKnownMppInput, agentscoreDenialSchemas, agentscoreOpenApiSnippets, agentscorePaymentRequiredSchema, agentscoreSecuritySchemes, applyNoindexHeader, buildDiscoveryProbeResponse, buildLlmsTxt, buildWellKnownMpp, createBazaarDiscovery, defaultDiscoveryPaths, isDiscoveryPath, isDiscoveryProbeRequest, llmsTxtIdentitySection, llmsTxtPaymentSection, noindexNonDiscoveryPaths, noindexNonDiscoveryPathsExpress, noindexNonDiscoveryPathsFastify, sampleX402AcceptForNetwork, wrapNoindexResponse };
+interface SkillMdEndpoint {
+    method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+    path: string;
+    authRequired: boolean;
+    description: string;
+}
+interface SkillMdIdentityRequirements {
+    /** Whether KYC is required for gated routes. */
+    kycRequired?: boolean;
+    /** Minimum age (e.g. 21 for alcohol). */
+    minAge?: number;
+    /** Allowed-jurisdictions list (ISO 3166-1 alpha-2 country codes). */
+    allowedJurisdictions?: string[];
+    /** Whether sanctions screening is enforced. */
+    sanctionsClear?: boolean;
+}
+interface SkillMdShippingPolicy {
+    /** Allowed shipping countries (ISO 3166-1 alpha-2). */
+    allowedCountries?: string[];
+    /** Blocked US states (2-letter codes). */
+    blockedStates?: string[];
+}
+interface SkillMdLink {
+    label: string;
+    url: string;
+}
+interface BuildSkillMdInput {
+    /** Skill manifest identifier — kebab-case per agentskills.io spec: 1-64 chars, lowercase
+     *  alphanumeric + hyphens, no leading/trailing/consecutive hyphens. Validated at build
+     *  time; invalid names throw. e.g. 'martin-estate-wine-commerce'. */
+    name: string;
+    /** Skill description — agentskills.io spec: 1-1024 chars, non-empty. Should describe both
+     *  what the skill does AND when to use it; imperative phrasing recommended ("Use when…").
+     *  Validated at build time; over-length throws. */
+    description: string;
+    /** Merchant homepage (or domain root). Emitted as `metadata.homepage` per spec
+     *  (top-level non-spec fields go under metadata). */
+    homepage: string;
+    /** Skill schema version — increment when the skill body materially changes. Emitted as
+     *  a quoted string under `metadata.version` per agentskills.io spec (metadata values
+     *  must be strings). Accepts string or number; numbers are converted. Default "1". */
+    version?: string | number;
+    /** Optional license name or path to a bundled license file. Emitted as top-level
+     *  frontmatter `license:` per spec. */
+    license?: string;
+    /** Optional environment-requirements note (max 500 chars). e.g. "Requires Node 20+".
+     *  Emitted as top-level frontmatter `compatibility:` per spec. */
+    compatibility?: string;
+    /** Optional space-separated string of pre-approved tools (experimental per spec). */
+    allowedTools?: string;
+    /** Additional caller-defined metadata entries — flat key/value strings nested under
+     *  `metadata:`. Spec requires string values. */
+    metadata?: Record<string, string | number>;
+    /** Human display name (e.g. "Martin Estate Winery"). */
+    merchantName: string;
+    /** Optional one-line tagline appearing under the title. */
+    tagline?: string;
+    /** Optional short prose intro describing what the merchant offers. Renders below the title. */
+    intro?: string;
+    /** Files / well-known URLs surfaced under the "Important Files" table. The skill.md URL
+     *  itself is added automatically — list other discovery surfaces (llms.txt, mpp.json,
+     *  openapi.json, agent-card.json). */
+    files?: SkillMdLink[];
+    /** Rails the merchant accepts. Drives the Payment + Compatible Clients sections. Order
+     *  is preserved in render. Default to the rails actually declared on the merchant's
+     *  `respond402` config — keep these in sync. */
+    acceptedRails: RailKey[];
+    /** Override the per-rail compatible-clients matrix. When omitted, derives from
+     *  `acceptedRails` via the SDK's smoke-verified default. Override keys not in
+     *  `acceptedRails` are dropped (the rail isn't accepted, so the row isn't rendered). */
+    compatibleClients?: CompatibleClients;
+    /** Identity requirements as agent-observable outcomes (kyc / age / jurisdiction /
+     *  sanctions). Internal posture (`failOpen`, mount strategy, KYC vendor) is intentionally
+     *  not part of this shape — agents act on outcomes, not implementation. */
+    identity?: SkillMdIdentityRequirements;
+    /** URL to the identity-bootstrap skill. Linked from the Identity Prerequisite section
+     *  so an agent without a Passport can follow the bootstrap before attempting purchase. */
+    identityBootstrapUrl?: string;
+    /** Shipping policy, for physical-goods merchants. Omit for digital merchants. */
+    shipping?: SkillMdShippingPolicy;
+    /** Agent-facing endpoints — path, method, whether auth is required, brief purpose. */
+    endpoints: SkillMdEndpoint[];
+    /** When this skill should fire (skill loader uses for trigger matching). */
+    triggers: string[];
+    /** Optional numbered onboarding steps. Each entry renders as a numbered list item;
+     *  may include shell snippets in markdown code fences. */
+    onboardingSteps?: string[];
+    /** Support / homepage / docs links rendered in the "Support" section. */
+    supportLinks?: SkillMdLink[];
+    /** When true (default), append a footer noting clients can refresh skill.md to pick
+     *  up new endpoints. Set to false to suppress. */
+    refreshFooter?: boolean;
+}
+/**
+ * Render an agentskills.io-compatible `skill.md` for an agent-commerce merchant.
+ *
+ * Output is YAML frontmatter (`name` / `description` / optional `license` /
+ * `compatibility` / `allowed-tools` / `metadata`) followed by markdown sections
+ * describing payment rails, identity requirements, endpoints, triggers, and support
+ * links — strictly the agent-facing contract, with no internal posture (no `failOpen`,
+ * no mount-strategy names, no KYC vendor, no defense parameters).
+ *
+ * Spec compliance:
+ *   - `name` validated against the agentskills.io regex (lowercase alphanumeric + hyphens,
+ *     no leading/trailing/consecutive hyphens, ≤64 chars).
+ *   - `description` length capped at 1024.
+ *   - `metadata` values always emitted as quoted strings.
+ *   - `description` (and other user scalars) double-quoted to defuse the colon /
+ *     newline / quote pitfall the spec explicitly warns about.
+ *
+ * The compatible-clients-per-rail table sources from the same SDK constant
+ * (`compatibleClientsByRails`) that drives the live 402 body's `compatible_clients`
+ * field, so updating a smoke-verified client in one place propagates to every surface.
+ */
+declare function buildSkillMd(input: BuildSkillMdInput): string;
+
+export { type BazaarDiscoveryConfig, type BuildAgentScoreOpenApiSnippetsInput, type BuildLlmsTxtInput, type BuildSkillMdInput, CompatibleClients, type DiscoveryProbeOptions, type DiscoveryProbeResponse, type LlmsTxtIdentitySectionInput, type LlmsTxtPaymentSectionInput, type NoindexNonDiscoveryOptions, type PaymentMethodConfig, RailKey, type RequestLike, type SkillMdEndpoint, type SkillMdIdentityRequirements, type SkillMdLink, type SkillMdShippingPolicy, type WellKnownMppInput, agentscoreDenialSchemas, agentscoreOpenApiSnippets, agentscorePaymentRequiredSchema, agentscoreSecuritySchemes, applyNoindexHeader, buildDiscoveryProbeResponse, buildLlmsTxt, buildSkillMd, buildWellKnownMpp, createBazaarDiscovery, defaultDiscoveryPaths, isDiscoveryPath, isDiscoveryProbeRequest, llmsTxtIdentitySection, llmsTxtPaymentSection, noindexNonDiscoveryPaths, noindexNonDiscoveryPathsExpress, noindexNonDiscoveryPathsFastify, sampleX402AcceptForNetwork, wrapNoindexResponse };

package/dist/discovery/index.js

@@ -27,7 +27,9 @@ __export(discovery_exports, {
   applyNoindexHeader: () => applyNoindexHeader,
   buildDiscoveryProbeResponse: () => buildDiscoveryProbeResponse,
   buildLlmsTxt: () => buildLlmsTxt,
+  buildSkillMd: () => buildSkillMd,
   buildWellKnownMpp: () => buildWellKnownMpp,
+  compatibleClientsByRails: () => compatibleClientsByRails,
   createBazaarDiscovery: () => createBazaarDiscovery,
   defaultDiscoveryPaths: () => defaultDiscoveryPaths,
   isDiscoveryPath: () => isDiscoveryPath,
@@ -584,6 +586,8 @@ function agentscoreOpenApiSnippets(opts = {}) {
 var defaultDiscoveryPaths = /* @__PURE__ */ new Set([
   "/openapi.json",
   "/llms.txt",
+  "/skill.md",
+  "/SKILL.md",
   "/.well-known/mpp.json",
   "/.well-known/agent-card.json",
   "/.well-known/ucp",
@@ -650,6 +654,204 @@ function wrapNoindexResponse(path, response, options) {
   });
 }
 var applyNoindexHeader = wrapNoindexResponse;
+
+// src/challenge/agent_instructions.ts
+var RAIL_CLIENTS = {
+  tempo_mpp: ["agentscore-pay", "tempo request", "x402-proxy"],
+  x402_base: ["agentscore-pay", "x402-proxy", "purl (omit --network flag)"],
+  x402_solana: ["agentscore-pay"],
+  stripe: ["link-cli"]
+};
+function compatibleClientsByRails(rails2) {
+  const out = {};
+  for (const r of rails2) out[r] = [...RAIL_CLIENTS[r]];
+  return Object.keys(out).length === 0 ? void 0 : out;
+}
+
+// src/discovery/skill_md.ts
+var RAIL_LABELS = {
+  tempo_mpp: "MPP on Tempo",
+  x402_base: "x402 on Base",
+  x402_solana: "x402 on Solana",
+  stripe: "Stripe Shared Payment Token"
+};
+var RAIL_NOTES = {
+  tempo_mpp: "USDC. Use `agentscore-pay --chain tempo` (or `tempo request`); MPP credential goes in `Authorization: Payment`.",
+  x402_base: "USDC (EIP-3009). Use `agentscore-pay`; X-Payment header carries the signed credential.",
+  x402_solana: "USDC (SPL). Use `agentscore-pay`; X-Payment header carries the signed credential.",
+  stripe: "Card via Link wallet. Use `@stripe/link-cli` \u2014 `agentscore-pay` emits the handoff hint when this rail is picked."
+};
+var NAME_RE = /^[a-z0-9]+(-[a-z0-9]+)*$/;
+var NAME_MAX = 64;
+var DESCRIPTION_MAX = 1024;
+var COMPATIBILITY_MAX = 500;
+function validateInput(input) {
+  if (!input.name || input.name.length === 0 || input.name.length > NAME_MAX) {
+    throw new Error(`buildSkillMd: name must be 1-${NAME_MAX} characters (got ${input.name?.length ?? 0})`);
+  }
+  if (!NAME_RE.test(input.name)) {
+    throw new Error(
+      `buildSkillMd: name "${input.name}" is invalid \u2014 must be lowercase alphanumeric and hyphens, no leading/trailing/consecutive hyphens (agentskills.io spec)`
+    );
+  }
+  if (!input.description || input.description.length === 0) {
+    throw new Error("buildSkillMd: description is required and must be non-empty (agentskills.io spec)");
+  }
+  if (input.description.length > DESCRIPTION_MAX) {
+    throw new Error(
+      `buildSkillMd: description must be \u2264${DESCRIPTION_MAX} characters (got ${input.description.length})`
+    );
+  }
+  if (input.compatibility && input.compatibility.length > COMPATIBILITY_MAX) {
+    throw new Error(
+      `buildSkillMd: compatibility must be \u2264${COMPATIBILITY_MAX} characters (got ${input.compatibility.length})`
+    );
+  }
+}
+function quoteYaml(value) {
+  return `"${value.replace(/\\/g, "\\\\").replace(/"/g, '\\"').replace(/\n/g, "\\n")}"`;
+}
+function tableCell(value) {
+  return value.replace(/\\/g, "\\\\").replace(/\|/g, "\\|");
+}
+function frontmatter(input) {
+  const lines = ["---"];
+  lines.push(`name: ${input.name}`);
+  lines.push(`description: ${quoteYaml(input.description)}`);
+  if (input.license) lines.push(`license: ${quoteYaml(input.license)}`);
+  if (input.compatibility) lines.push(`compatibility: ${quoteYaml(input.compatibility)}`);
+  if (input.allowedTools) lines.push(`allowed-tools: ${quoteYaml(input.allowedTools)}`);
+  const meta = [];
+  meta.push(["version", String(input.version ?? "1")]);
+  meta.push(["homepage", input.homepage]);
+  for (const [k, v] of Object.entries(input.metadata ?? {})) {
+    if (k === "version" || k === "homepage") continue;
+    meta.push([k, String(v)]);
+  }
+  lines.push("metadata:");
+  for (const [k, v] of meta) {
+    lines.push(`  ${k}: ${quoteYaml(v)}`);
+  }
+  lines.push("---");
+  return lines.join("\n");
+}
+function importantFiles(input) {
+  const skillUrl = `${input.homepage.replace(/\/$/, "")}/skill.md`;
+  const rows = [
+    "| File | URL |",
+    "|------|-----|",
+    `| **SKILL.md** (this file) | \`${skillUrl}\` |`
+  ];
+  for (const f of input.files ?? []) {
+    rows.push(`| ${tableCell(f.label)} | \`${tableCell(f.url)}\` |`);
+  }
+  return ["## Important Files", "", ...rows].join("\n");
+}
+function paymentSection(input) {
+  const override = input.compatibleClients;
+  const defaults = compatibleClientsByRails(input.acceptedRails) ?? {};
+  const clients = {};
+  for (const r of input.acceptedRails) {
+    clients[r] = override?.[r] ?? defaults[r] ?? [];
+  }
+  const rows = ["| Rail | Notes | Compatible clients |", "|---|---|---|"];
+  for (const r of input.acceptedRails) {
+    const list = (clients[r] ?? []).join(", ") || "\u2014";
+    rows.push(`| **${RAIL_LABELS[r]}** | ${RAIL_NOTES[r]} | ${list} |`);
+  }
+  return [
+    "## Payment",
+    "",
+    "Each gated route returns a 402 with `WWW-Authenticate` + `PAYMENT-REQUIRED` body listing the rails below with current pricing. Pick whichever your wallet is funded for.",
+    "",
+    ...rows
+  ].join("\n");
+}
+function identitySection(input) {
+  const id = input.identity;
+  if (!id) return "";
+  const reqs = [];
+  if (id.kycRequired) reqs.push("KYC verified Passport");
+  if (id.minAge) reqs.push(`age ${id.minAge}+`);
+  if (id.allowedJurisdictions?.length) reqs.push(`${id.allowedJurisdictions.join("/")} only`);
+  if (id.sanctionsClear) reqs.push("sanctions clear");
+  if (reqs.length === 0) return "";
+  const bootstrap = input.identityBootstrapUrl ? `
+
+If you don't have a Passport, fetch \`${input.identityBootstrapUrl}\` and follow the onboarding there first. Bring back the \`opc_...\` operator token in \`X-Operator-Token\` on every gated request.` : "";
+  return [
+    "## Identity Prerequisite",
+    "",
+    `This merchant uses AgentScore identity. Required: ${reqs.join(", ")}.${bootstrap}`,
+    "",
+    "Denial bodies carry an `agent_instructions` block describing the recovery action \u2014 read the `action` field and follow it. See the identity-bootstrap skill for the canonical denial-code \u2192 action table."
+  ].join("\n");
+}
+function shippingSection(input) {
+  const s = input.shipping;
+  if (!s || !s.allowedCountries?.length && !s.blockedStates?.length) return "";
+  const lines = ["## Shipping", ""];
+  if (s.allowedCountries?.length) {
+    lines.push(`Ships to: ${s.allowedCountries.join(", ")}.`);
+  }
+  if (s.blockedStates?.length) {
+    if (lines.length > 2) lines.push("");
+    lines.push(`Blocked US states: ${s.blockedStates.join(", ")}.`);
+  }
+  return lines.join("\n");
+}
+function endpointsSection(input) {
+  if (input.endpoints.length === 0) return "";
+  const rows = ["| Method | Path | Auth | Purpose |", "|---|---|---|---|"];
+  for (const e of input.endpoints) {
+    rows.push(
+      `| ${e.method} | \`${tableCell(e.path)}\` | ${e.authRequired ? "identity required" : "anonymous"} | ${tableCell(e.description)} |`
+    );
+  }
+  return ["## Endpoints", "", ...rows].join("\n");
+}
+function onboardingSection(input) {
+  if (!input.onboardingSteps?.length) return "";
+  const rows = input.onboardingSteps.map((step, i) => `${i + 1}. ${step}`);
+  return ["## Onboarding Flow", "", ...rows].join("\n");
+}
+function triggersSection(input) {
+  if (input.triggers.length === 0) return "";
+  const rows = input.triggers.map((t) => `- ${t}`);
+  return ["## Triggers", "", "Use this skill when the user wants to:", "", ...rows].join("\n");
+}
+function supportSection(input) {
+  if (!input.supportLinks?.length) return "";
+  const rows = input.supportLinks.map((l) => `- **${l.label}**: ${l.url}`);
+  return ["## Support", "", ...rows].join("\n");
+}
+function refreshFooter(input) {
+  if (input.refreshFooter === false) return "";
+  return "_Re-fetch this file periodically to pick up new endpoints, rails, or policies._";
+}
+function titleBlock(input) {
+  const parts = [`# ${input.merchantName}`];
+  if (input.tagline) parts.push(`_${input.tagline}_`);
+  if (input.intro) parts.push(input.intro);
+  return parts.join("\n\n");
+}
+function buildSkillMd(input) {
+  validateInput(input);
+  const sections = [
+    frontmatter(input),
+    titleBlock(input),
+    importantFiles(input),
+    identitySection(input),
+    paymentSection(input),
+    shippingSection(input),
+    onboardingSection(input),
+    endpointsSection(input),
+    triggersSection(input),
+    supportSection(input),
+    refreshFooter(input)
+  ].filter((s) => s !== "");
+  return sections.join("\n\n").replace(/\n{3,}/g, "\n\n").trim() + "\n";
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   agentscoreDenialSchemas,
@@ -659,7 +861,9 @@ var applyNoindexHeader = wrapNoindexResponse;
   applyNoindexHeader,
   buildDiscoveryProbeResponse,
   buildLlmsTxt,
+  buildSkillMd,
   buildWellKnownMpp,
+  compatibleClientsByRails,
   createBazaarDiscovery,
   defaultDiscoveryPaths,
   isDiscoveryPath,