@agent-score/commerce 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +26 -11
  2. package/dist/{_response-RpEB7-vl.d.ts → _response-C2yFQoIA.d.ts} +1 -1
  3. package/dist/{_response-DS-LR590.d.mts → _response-DpB-cm2c.d.mts} +1 -1
  4. package/dist/{agent_instructions-d3UWTdam.d.mts → agent_instructions-DiMSGkdm.d.mts} +10 -6
  5. package/dist/{agent_instructions-d3UWTdam.d.ts → agent_instructions-DiMSGkdm.d.ts} +10 -6
  6. package/dist/challenge/index.d.mts +18 -9
  7. package/dist/challenge/index.d.ts +18 -9
  8. package/dist/challenge/index.js +25 -24
  9. package/dist/challenge/index.js.map +1 -1
  10. package/dist/challenge/index.mjs +25 -24
  11. package/dist/challenge/index.mjs.map +1 -1
  12. package/dist/core.js +1 -1
  13. package/dist/core.js.map +1 -1
  14. package/dist/core.mjs +1 -1
  15. package/dist/core.mjs.map +1 -1
  16. package/dist/discovery/index.d.mts +130 -6
  17. package/dist/discovery/index.d.ts +130 -6
  18. package/dist/discovery/index.js +75 -59
  19. package/dist/discovery/index.js.map +1 -1
  20. package/dist/discovery/index.mjs +70 -58
  21. package/dist/discovery/index.mjs.map +1 -1
  22. package/dist/identity/express.d.mts +2 -2
  23. package/dist/identity/express.d.ts +2 -2
  24. package/dist/identity/express.js +48 -25
  25. package/dist/identity/express.js.map +1 -1
  26. package/dist/identity/express.mjs +48 -25
  27. package/dist/identity/express.mjs.map +1 -1
  28. package/dist/identity/fastify.d.mts +2 -2
  29. package/dist/identity/fastify.d.ts +2 -2
  30. package/dist/identity/fastify.js +48 -25
  31. package/dist/identity/fastify.js.map +1 -1
  32. package/dist/identity/fastify.mjs +48 -25
  33. package/dist/identity/fastify.mjs.map +1 -1
  34. package/dist/identity/hono.d.mts +2 -2
  35. package/dist/identity/hono.d.ts +2 -2
  36. package/dist/identity/hono.js +48 -25
  37. package/dist/identity/hono.js.map +1 -1
  38. package/dist/identity/hono.mjs +48 -25
  39. package/dist/identity/hono.mjs.map +1 -1
  40. package/dist/identity/nextjs.d.mts +2 -2
  41. package/dist/identity/nextjs.d.ts +2 -2
  42. package/dist/identity/nextjs.js +48 -25
  43. package/dist/identity/nextjs.js.map +1 -1
  44. package/dist/identity/nextjs.mjs +48 -25
  45. package/dist/identity/nextjs.mjs.map +1 -1
  46. package/dist/identity/web.d.mts +2 -2
  47. package/dist/identity/web.d.ts +2 -2
  48. package/dist/identity/web.js +48 -25
  49. package/dist/identity/web.js.map +1 -1
  50. package/dist/identity/web.mjs +48 -25
  51. package/dist/identity/web.mjs.map +1 -1
  52. package/dist/index.d.mts +12 -12
  53. package/dist/index.d.ts +12 -12
  54. package/dist/index.js +47 -24
  55. package/dist/index.js.map +1 -1
  56. package/dist/index.mjs +47 -24
  57. package/dist/index.mjs.map +1 -1
  58. package/dist/payment/index.d.mts +136 -49
  59. package/dist/payment/index.d.ts +136 -49
  60. package/dist/payment/index.js +161 -73
  61. package/dist/payment/index.js.map +1 -1
  62. package/dist/payment/index.mjs +160 -72
  63. package/dist/payment/index.mjs.map +1 -1
  64. package/dist/{signer-Cvdwn6Cs.d.mts → signer-kCAJUZwp.d.mts} +10 -12
  65. package/dist/{signer-Cvdwn6Cs.d.ts → signer-kCAJUZwp.d.ts} +10 -12
  66. package/dist/stripe-multichain/index.d.mts +2 -2
  67. package/dist/stripe-multichain/index.d.ts +2 -2
  68. package/dist/stripe-multichain/index.js.map +1 -1
  69. package/dist/stripe-multichain/index.mjs.map +1 -1
  70. package/package.json +13 -4
package/dist/identity/fastify.js CHANGED
@@ -366,7 +366,7 @@ function createAgentScoreCore(options) {
366
366
  } = options;
367
367
  const baseUrl = stripTrailingSlashes(rawBaseUrl);
368
368
  const agentMemoryHint = buildAgentMemoryHint();
369
- const defaultUa = `@agent-score/commerce@${"1.2.0"}`;
369
+ const defaultUa = `@agent-score/commerce@${"1.3.0"}`;
370
370
  const userAgentHeader = userAgent ? `${userAgent} (${defaultUa})` : defaultUa;
371
371
  const sdk = new import_sdk.AgentScore({ apiKey, baseUrl, userAgent: userAgentHeader });
372
372
  const sessionSdkCache = /* @__PURE__ */ new Map();
@@ -739,6 +739,44 @@ function createAgentScoreCore(options) {
739
739
  }
740
740
 
741
741
  // src/signer.ts
742
+ var TOKEN_PROGRAM = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
743
+ var TOKEN_2022_PROGRAM = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
744
+ var TRANSFER_CHECKED_DISCRIMINATOR = 12;
745
+ async function extractSolanaSignerFromCredential(credential) {
746
+ const payload = credential.payload;
747
+ if (!payload?.transaction || payload.type !== "transaction") return null;
748
+ const moduleName = "@solana/kit";
749
+ const kit = await import(moduleName).catch(() => null);
750
+ if (!kit?.getBase64Codec || !kit.getTransactionDecoder || !kit.getCompiledTransactionMessageDecoder) {
751
+ return null;
752
+ }
753
+ try {
754
+ const txBytes = kit.getBase64Codec().encode(payload.transaction);
755
+ const decoded = kit.getTransactionDecoder().decode(txBytes);
756
+ const message = kit.getCompiledTransactionMessageDecoder().decode(decoded.messageBytes);
757
+ for (const ix of message.instructions) {
758
+ const programId = message.staticAccounts[ix.programAddressIndex];
759
+ if (programId !== TOKEN_PROGRAM && programId !== TOKEN_2022_PROGRAM) continue;
760
+ const data = ix.data;
761
+ if (!data || data.length === 0 || data[0] !== TRANSFER_CHECKED_DISCRIMINATOR) continue;
762
+ const accountIndices = ix.accountIndices ?? [];
763
+ const authorityIndex = accountIndices[3];
764
+ if (authorityIndex === void 0) continue;
765
+ if (authorityIndex >= message.staticAccounts.length) {
766
+ console.warn(
767
+ "[gate] Solana TransferChecked authority resolves through an address lookup table; signer-match recovery requires the static-account form. Skipping."
768
+ );
769
+ continue;
770
+ }
771
+ const authority = message.staticAccounts[authorityIndex];
772
+ if (authority) return authority;
773
+ }
774
+ return null;
775
+ } catch (err) {
776
+ console.warn("[gate] Solana credential decode failed:", err instanceof Error ? err.message : err);
777
+ return null;
778
+ }
779
+ }
742
780
  async function extractPaymentSigner(request, x402PaymentHeader) {
743
781
  const authHeader = request.headers.get("authorization");
744
782
  if (authHeader) {
@@ -748,8 +786,12 @@ async function extractPaymentSigner(request, x402PaymentHeader) {
748
786
  if (mppx?.Credential?.extractPaymentScheme(authHeader)) {
749
787
  const credential = mppx.Credential.fromRequest(request);
750
788
  const source = credential.source;
751
- const match = source?.match(/^did:pkh:eip155:\d+:(0x[0-9a-fA-F]{40})$/);
752
- if (match) return { address: match[1].toLowerCase(), network: "evm" };
789
+ const evmMatch = source?.match(/^did:pkh:eip155:\d+:(0x[0-9a-fA-F]{40})$/);
790
+ if (evmMatch) return { address: evmMatch[1].toLowerCase(), network: "evm" };
791
+ const solMatch = source?.match(/^did:pkh:solana:[1-9A-HJ-NP-Za-km-z]{32,44}:([1-9A-HJ-NP-Za-km-z]{32,44})$/);
792
+ if (solMatch) return { address: solMatch[1], network: "solana" };
793
+ const solanaFromTx = await extractSolanaSignerFromCredential(credential);
794
+ if (solanaFromTx) return { address: solanaFromTx, network: "solana" };
753
795
  }
754
796
  } catch (err) {
755
797
  console.warn("[gate] MPP signer extraction failed:", err instanceof Error ? err.message : err);
@@ -759,28 +801,9 @@ async function extractPaymentSigner(request, x402PaymentHeader) {
759
801
  try {
760
802
  const decoded = atob(x402PaymentHeader);
761
803
  const parsed = JSON.parse(decoded);
762
- const network = parsed?.accepted?.network ?? "";
763
- if (network.startsWith("eip155:")) {
764
- const from = parsed?.payload?.authorization?.from;
765
- if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
766
- return { address: from.toLowerCase(), network: "evm" };
767
- }
768
- } else if (network.startsWith("solana:")) {
769
- const transaction = parsed?.payload?.transaction;
770
- if (typeof transaction === "string") {
771
- const moduleName = "@x402/svm";
772
- const svm = await import(moduleName).catch(() => null);
773
- if (svm?.decodeTransactionFromPayload && svm.getTokenPayerFromTransaction) {
774
- const tx = svm.decodeTransactionFromPayload({ transaction });
775
- const payer = svm.getTokenPayerFromTransaction(tx);
776
- if (typeof payer === "string" && payer.length > 0) return { address: payer, network: "solana" };
777
- }
778
- }
779
- } else {
780
- const from = parsed?.payload?.authorization?.from;
781
- if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
782
- return { address: from.toLowerCase(), network: "evm" };
783
- }
804
+ const from = parsed?.payload?.authorization?.from;
805
+ if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
806
+ return { address: from.toLowerCase(), network: "evm" };
784
807
  }
785
808
  } catch (err) {
786
809
  console.warn("[gate] x402 signer extraction failed:", err instanceof Error ? err.message : err);