@agent-score/commerce 1.1.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +27 -12
  2. package/dist/{_response-RpEB7-vl.d.ts → _response-C2yFQoIA.d.ts} +1 -1
  3. package/dist/{_response-DS-LR590.d.mts → _response-DpB-cm2c.d.mts} +1 -1
  4. package/dist/agent_instructions-DiMSGkdm.d.mts +133 -0
  5. package/dist/agent_instructions-DiMSGkdm.d.ts +133 -0
  6. package/dist/challenge/index.d.mts +18 -116
  7. package/dist/challenge/index.d.ts +18 -116
  8. package/dist/challenge/index.js +41 -27
  9. package/dist/challenge/index.js.map +1 -1
  10. package/dist/challenge/index.mjs +40 -27
  11. package/dist/challenge/index.mjs.map +1 -1
  12. package/dist/core.js +1 -1
  13. package/dist/core.js.map +1 -1
  14. package/dist/core.mjs +1 -1
  15. package/dist/core.mjs.map +1 -1
  16. package/dist/discovery/index.d.mts +245 -2
  17. package/dist/discovery/index.d.ts +245 -2
  18. package/dist/discovery/index.js +276 -56
  19. package/dist/discovery/index.js.map +1 -1
  20. package/dist/discovery/index.mjs +269 -55
  21. package/dist/discovery/index.mjs.map +1 -1
  22. package/dist/identity/express.d.mts +2 -2
  23. package/dist/identity/express.d.ts +2 -2
  24. package/dist/identity/express.js +48 -25
  25. package/dist/identity/express.js.map +1 -1
  26. package/dist/identity/express.mjs +48 -25
  27. package/dist/identity/express.mjs.map +1 -1
  28. package/dist/identity/fastify.d.mts +2 -2
  29. package/dist/identity/fastify.d.ts +2 -2
  30. package/dist/identity/fastify.js +48 -25
  31. package/dist/identity/fastify.js.map +1 -1
  32. package/dist/identity/fastify.mjs +48 -25
  33. package/dist/identity/fastify.mjs.map +1 -1
  34. package/dist/identity/hono.d.mts +2 -2
  35. package/dist/identity/hono.d.ts +2 -2
  36. package/dist/identity/hono.js +48 -25
  37. package/dist/identity/hono.js.map +1 -1
  38. package/dist/identity/hono.mjs +48 -25
  39. package/dist/identity/hono.mjs.map +1 -1
  40. package/dist/identity/nextjs.d.mts +2 -2
  41. package/dist/identity/nextjs.d.ts +2 -2
  42. package/dist/identity/nextjs.js +48 -25
  43. package/dist/identity/nextjs.js.map +1 -1
  44. package/dist/identity/nextjs.mjs +48 -25
  45. package/dist/identity/nextjs.mjs.map +1 -1
  46. package/dist/identity/web.d.mts +2 -2
  47. package/dist/identity/web.d.ts +2 -2
  48. package/dist/identity/web.js +48 -25
  49. package/dist/identity/web.js.map +1 -1
  50. package/dist/identity/web.mjs +48 -25
  51. package/dist/identity/web.mjs.map +1 -1
  52. package/dist/index.d.mts +12 -12
  53. package/dist/index.d.ts +12 -12
  54. package/dist/index.js +47 -24
  55. package/dist/index.js.map +1 -1
  56. package/dist/index.mjs +47 -24
  57. package/dist/index.mjs.map +1 -1
  58. package/dist/payment/index.d.mts +136 -49
  59. package/dist/payment/index.d.ts +136 -49
  60. package/dist/payment/index.js +161 -73
  61. package/dist/payment/index.js.map +1 -1
  62. package/dist/payment/index.mjs +160 -72
  63. package/dist/payment/index.mjs.map +1 -1
  64. package/dist/{signer-Cvdwn6Cs.d.mts → signer-kCAJUZwp.d.mts} +10 -12
  65. package/dist/{signer-Cvdwn6Cs.d.ts → signer-kCAJUZwp.d.ts} +10 -12
  66. package/dist/stripe-multichain/index.d.mts +2 -2
  67. package/dist/stripe-multichain/index.d.ts +2 -2
  68. package/dist/stripe-multichain/index.js.map +1 -1
  69. package/dist/stripe-multichain/index.mjs.map +1 -1
  70. package/package.json +13 -4
package/dist/challenge/index.mjs CHANGED
@@ -23,14 +23,15 @@ function buildAcceptedMethods(input) {
23
23
  pay_to: input.x402_base.recipient
24
24
  });
25
25
  }
26
- if (input.x402_solana) {
26
+ if (input.solana_mpp) {
27
27
  out.push({
28
- method: "x402/exact",
29
- network: input.x402_solana.network ?? "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",
30
- token: input.x402_solana.token ?? "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
31
- symbol: input.x402_solana.symbol ?? "USDC",
32
- decimals: input.x402_solana.decimals ?? 6,
33
- pay_to: input.x402_solana.recipient
28
+ method: "solana/charge",
29
+ network: input.solana_mpp.network ?? "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",
30
+ token: input.solana_mpp.token ?? "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
31
+ symbol: input.solana_mpp.symbol ?? "USDC",
32
+ decimals: input.solana_mpp.decimals ?? 6,
33
+ pay_to: input.solana_mpp.recipient,
34
+ ...input.solana_mpp.feePayerKey ? { fee_payer_key: input.solana_mpp.feePayerKey } : {}
34
35
  });
35
36
  }
36
37
  if (input.stripe) {
@@ -90,7 +91,7 @@ function buildHowToPay(input) {
90
91
  prerequisite: `Run \`tempo wallet whoami\` and confirm USDC.e balance on ${networkName} (chain ${chainId}) is at least $${maxSpend}. If the tempo CLI is not installed, run the setup commands above first.`,
91
92
  command: recommend === "agentscore-pay" ? payCommand : tempoCommand,
92
93
  ...recommend === "both" ? { alternative_command: payCommand } : recommend === "agentscore-pay" ? { alternative_command: tempoCommand } : {},
93
- what_it_does: `Hits this endpoint, receives this same 402, signs the MPP challenge on ${networkName}, and submits the credential back via Authorization: Payment. Either client (tempo request or agentscore-pay pay --chain tempo) works \u2014 both run the full MPP handshake.`
94
+ what_it_does: `Pays via Tempo USDC on ${networkName}.`
94
95
  };
95
96
  }
96
97
  if (input.rails.x402_base) {
@@ -99,16 +100,16 @@ function buildHowToPay(input) {
99
100
  setup: PAY_SETUP_BASE,
100
101
  prerequisite: `Run \`agentscore-pay balance --chain base\` and confirm USDC balance on Base (${network}) is at least $${maxSpend}. If the CLI is not installed, run the setup commands above first.`,
101
102
  command: `agentscore-pay pay POST ${input.url} --chain base -H 'X-Operator-Token: ${opToken}' -H 'Content-Type: application/json' -d '${input.retryBodyJson}' --max-spend ${maxSpend}`,
102
- what_it_does: "Hits this endpoint, receives this same 402, signs an EIP-3009 USDC TransferWithAuthorization on Base, submits via X-Payment header. Server verifies + settles via the Coinbase facilitator + returns 200 with the completed order."
103
+ what_it_does: "Pays via USDC on Base."
103
104
  };
104
105
  }
105
- if (input.rails.x402_solana) {
106
- const network = input.rails.x402_solana.network ?? "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp";
107
- block.x402_solana = {
106
+ if (input.rails.solana_mpp) {
107
+ const network = input.rails.solana_mpp.network ?? "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp";
108
+ block.solana_mpp = {
108
109
  setup: PAY_SETUP_SOLANA,
109
110
  prerequisite: `Run \`agentscore-pay balance --chain solana\` and confirm USDC balance on Solana (${network}) is at least $${maxSpend}. If the CLI is not installed, run the setup commands above first.`,
110
111
  command: `agentscore-pay pay POST ${input.url} --chain solana -H 'X-Operator-Token: ${opToken}' -H 'Content-Type: application/json' -d '${input.retryBodyJson}' --max-spend ${maxSpend}`,
111
- what_it_does: "Hits this endpoint, receives this same 402, signs an SPL Token TransferChecked transaction on Solana, submits via X-Payment header. Server verifies + settles via the Coinbase facilitator + returns 200 with the completed order."
112
+ what_it_does: "Pays via USDC on Solana."
112
113
  };
113
114
  }
114
115
  if (input.rails.stripe) {
@@ -131,7 +132,7 @@ function buildHowToPay(input) {
131
132
  `SPEND_ID=$(link-cli spend-request create --payment-method-id <csmrpd_id_from_payment_methods_list> --credential-type shared_payment_token --network-id ${stripeCfg.profileId} --amount ${amountCents} --context "${sptContext}" --request-approval --output-json | jq -r .id)`,
132
133
  `link-cli mpp pay ${input.url} --spend-request-id $SPEND_ID --method POST --data '${input.retryBodyJson}' --header 'X-Operator-Token: ${opToken}' --output-json`
133
134
  ];
134
- stripe.what_it_does_link_cli = "For users who have a Stripe Link wallet: step 1 mints a one-time-use SharedPaymentToken scoped to this purchase and pushes a notification to the user for approval (blocks until approved); step 2 submits the SPT via the MPP handshake along with your AgentScore operator credential.";
135
+ stripe.what_it_does_link_cli = "Mints a one-time-use SharedPaymentToken scoped to this purchase (user approves in Link wallet), then submits it as the payment credential.";
135
136
  } else if (linkCliBlocked) {
136
137
  stripe.note = `link-cli SPT path not available for this purchase \u2014 Stripe link-cli caps spend requests at $500.00 ($50000 cents); your total is $${totalNum}. Use your own Stripe account with the SharedPaymentToken API instead.`;
137
138
  }
@@ -141,31 +142,42 @@ function buildHowToPay(input) {
141
142
  }
142
143
 
143
144
  // src/challenge/agent_instructions.ts
144
- var TEMPO_WARNING = "Do NOT use `tempo wallet transfer` to pay to the address above. That moves USDC on-chain but does not notify this server, leaving your order in pending_identity state. Use `tempo request` instead \u2014 it performs the full MPP handshake (signs, submits Authorization: Payment, waits for server confirmation).";
145
- var X402_WARNING = "Do NOT send USDC manually to the x402 deposit addresses (e.g. via a bare wallet `transfer`). Use `agentscore-pay pay` so the X-Payment credential is signed and submitted; otherwise the order stays in pending_identity even though the deposit lands.";
146
- var TEMPO_TOOL = "`tempo request` for Tempo USDC (installs via `tempo add request`)";
147
- var AGENTSCORE_PAY_TOOL = "`agentscore-pay` (npm: `@agent-score/pay`) \u2014 single CLI for x402 on Base + Solana, also speaks tempo MPP via `--chain tempo`";
148
- var DEFAULT_WALLET_COMPATIBILITY = "No specific wallet stack required. The 402 challenge is rail-neutral: any client that can produce a valid MPP credential (Authorization: Payment) or x402 X-Payment header is accepted. The CLI commands above are the easiest path; sign-it-yourself is fine too.";
145
+ var TEMPO_WARNING = "Do NOT use `tempo wallet transfer`. That moves USDC on-chain without completing the protocol handshake, so the order will not complete. Use `tempo request` instead.";
146
+ var X402_WARNING = "Do NOT send USDC manually to the deposit addresses. Use `agentscore-pay pay` so the credential is signed and submitted; otherwise the order will not complete even though the deposit lands.";
147
+ var TEMPO_TOOL = "`tempo request` for Tempo USDC";
148
+ var AGENTSCORE_PAY_TOOL = "`agentscore-pay` \u2014 Base + Solana + Tempo from one CLI";
149
+ var DEFAULT_WALLET_COMPATIBILITY = "Any client that can produce a valid MPP credential (Authorization: Payment) or x402 X-Payment header. Use the CLI commands above; sign-it-yourself is also fine.";
149
150
  function defaultRecommendedTools(howToPay) {
150
151
  const tools = [];
151
152
  if (howToPay.tempo) tools.push(TEMPO_TOOL);
152
- if (howToPay.tempo || howToPay.x402_base || howToPay.x402_solana) tools.push(AGENTSCORE_PAY_TOOL);
153
+ if (howToPay.tempo || howToPay.x402_base || howToPay.solana_mpp) tools.push(AGENTSCORE_PAY_TOOL);
153
154
  return tools;
154
155
  }
155
156
  function defaultWarnings(howToPay) {
156
157
  const w = [];
157
158
  if (howToPay.tempo) w.push(TEMPO_WARNING);
158
- if (howToPay.x402_base || howToPay.x402_solana) w.push(X402_WARNING);
159
+ if (howToPay.x402_base) w.push(X402_WARNING);
159
160
  return w;
160
161
  }
161
- function defaultCompatibleClients(howToPay) {
162
+ var RAIL_CLIENTS = {
163
+ tempo_mpp: ["agentscore-pay", "tempo request", "x402-proxy"],
164
+ x402_base: ["agentscore-pay", "x402-proxy", "purl (omit --network flag)"],
165
+ solana_mpp: ["agentscore-pay"],
166
+ stripe: ["link-cli"]
167
+ };
168
+ function compatibleClientsByRails(rails) {
162
169
  const out = {};
163
- if (howToPay.tempo) out.tempo_mpp = ["agentscore-pay", "tempo request", "x402-proxy"];
164
- if (howToPay.x402_base) out.x402_base = ["agentscore-pay", "x402-proxy", "purl (omit --network flag)"];
165
- if (howToPay.x402_solana) out.x402_solana = ["agentscore-pay"];
166
- if (howToPay.stripe) out.stripe = ["link-cli"];
170
+ for (const r of rails) out[r] = [...RAIL_CLIENTS[r]];
167
171
  return Object.keys(out).length === 0 ? void 0 : out;
168
172
  }
173
+ function defaultCompatibleClients(howToPay) {
174
+ const rails = [];
175
+ if (howToPay.tempo) rails.push("tempo_mpp");
176
+ if (howToPay.x402_base) rails.push("x402_base");
177
+ if (howToPay.solana_mpp) rails.push("solana_mpp");
178
+ if (howToPay.stripe) rails.push("stripe");
179
+ return compatibleClientsByRails(rails);
180
+ }
169
181
  function buildAgentInstructions(input) {
170
182
  const compatibleClients = input.compatibleClients ?? defaultCompatibleClients(input.howToPay);
171
183
  return {
@@ -173,7 +185,7 @@ function buildAgentInstructions(input) {
173
185
  recommended_tools: input.recommendedTools ?? defaultRecommendedTools(input.howToPay),
174
186
  wallet_compatibility: input.walletCompatibility ?? DEFAULT_WALLET_COMPATIBILITY,
175
187
  timeout_seconds: input.timeoutSeconds ?? 300,
176
- warnings: input.warnings ?? defaultWarnings(input.howToPay),
188
+ warnings: input.warnings ?? [...defaultWarnings(input.howToPay), ...input.extraWarnings ?? []],
177
189
  ...input.recommended ? { recommended: input.recommended } : {},
178
190
  ...compatibleClients ? { compatible_clients: compatibleClients } : {},
179
191
  ...input.extra ?? {}
@@ -377,6 +389,7 @@ export {
377
389
  buildIdentityMetadata,
378
390
  buildPricingBlock,
379
391
  buildValidationError,
392
+ compatibleClientsByRails,
380
393
  firstEncounterAgentMemory,
381
394
  respond402
382
395
  };