@agent-score/commerce 1.2.0 → 1.3.0

package/dist/index.d.mts

@@ -1,7 +1,7 @@
 import { AgentScoreData } from './core.mjs';
 export { AgentIdentity, AgentMemoryHint, AgentScoreCore, AgentScoreCoreOptions, CreateSessionOnMissing, DenialCode, DenialReason, EvaluateOutcome, VerifyWalletSignerMatchOptions, VerifyWalletSignerResult, buildAgentMemoryHint } from './core.mjs';
-export { P as PaymentSigner, S as SignerNetwork, a as extractPaymentSigner, e as extractPaymentSignerAddress, r as readX402PaymentHeader } from './signer-Cvdwn6Cs.mjs';
-export { F as FIXABLE_DENIAL_REASONS, b as buildContactSupportNextSteps, a as buildSignerMismatchBody, d as denialReasonStatus, c as denialReasonToBody, i as isFixableDenial, v as verificationAgentInstructions } from './_response-DS-LR590.mjs';
+export { P as PaymentSigner, S as SignerNetwork, a as extractPaymentSigner, e as extractPaymentSignerAddress, r as readX402PaymentHeader } from './signer-kCAJUZwp.mjs';
+export { F as FIXABLE_DENIAL_REASONS, b as buildContactSupportNextSteps, a as buildSignerMismatchBody, d as denialReasonStatus, c as denialReasonToBody, i as isFixableDenial, v as verificationAgentInstructions } from './_response-DpB-cm2c.mjs';
 export { EnforcementMode, GateResult, IdentityStatus, PolicyBlock, policyToGateOptions, runGateWithEnforcement, shippingCountryAllowed, shippingStateAllowed } from './identity/policy.mjs';
 
 /**
@@ -27,7 +27,7 @@ interface A2AAgentCardCapabilities {
         path?: string;
         method?: string;
     }[];
-    /** Free-form skill tags — `["wine-purchase", "regulated-commerce", ...]`. */
+    /** Free-form skill tags — `["product-purchase", "regulated-commerce", ...]`. */
     skills?: string[];
 }
 interface A2AAgentCardIdentity {
@@ -67,7 +67,7 @@ interface A2AAgentCard {
     extras?: Record<string, unknown>;
 }
 interface BuildA2AAgentCardInput {
-    /** Display name for the agent — `"Martin Estate Wine Concierge"`, etc. */
+    /** Display name for the agent — e.g. a merchant brand or service name. */
     name: string;
     /** Optional one-line description. */
     description?: string;
@@ -101,12 +101,12 @@ interface BuildA2AAgentCardInput {
  * app.get('/.well-known/agent-card', async (c) => {
  *   const data = getAgentScoreData(c);
  *   const card = buildA2AAgentCard({
- *     name: 'Martin Estate Wine Concierge',
- *     description: 'Buy regulated wines from Martin Estate via agent payments.',
- *     url: 'https://agents.martinestate.com',
+ *     name: 'Example Merchant Concierge',
+ *     description: 'Buy regulated goods via agent payments.',
+ *     url: 'https://agents.example.com',
  *     capabilities: {
  *       endpoints: [{ name: 'purchase', path: '/purchase', method: 'POST' }],
- *       skills: ['wine-purchase', 'regulated-commerce'],
+ *       skills: ['product-purchase', 'regulated-commerce'],
  *     },
  *     data,
  *   });
@@ -174,7 +174,7 @@ interface UCPCapability {
     [k: string]: unknown;
 }
 interface UCPPaymentHandler {
-    /** Handler name — `stripe`, `tempo`, `x402-base`, `x402-solana`, etc. */
+    /** Handler name — `stripe`, `tempo`, `x402-base`, `solana`, etc. */
     name: string;
     /** Handler config — recipient address, profile id, etc. */
     config?: Record<string, unknown>;
@@ -234,13 +234,13 @@ interface BuildUCPProfileInput {
  * app.get('/.well-known/ucp', async (c) => {
  *   const data = getAgentScoreData(c);
  *   return c.json(buildUCPProfile({
- *     name: 'Martin Estate',
- *     services: [{ type: 'rest', url: 'https://agents.martinestate.com' }],
+ *     name: 'Example Merchant',
+ *     services: [{ type: 'rest', url: 'https://agents.example.com' }],
  *     payment_handlers: [
  *       { name: 'tempo', config: { recipient: TEMPO_ADDR } },
  *       { name: 'stripe', config: { profile_id: STRIPE_PROFILE_ID } },
  *     ],
- *     signing_keys: [{ kid: 'me-2026-04', kty: 'EC', alg: 'ES256', crv: 'P-256', x: '...', y: '...' }],
+ *     signing_keys: [{ kid: 'merchant-2026-04', kty: 'EC', alg: 'ES256', crv: 'P-256', x: '...', y: '...' }],
  *     data,
  *   }));
  * });

package/dist/index.d.ts

@@ -1,7 +1,7 @@
 import { AgentScoreData } from './core.js';
 export { AgentIdentity, AgentMemoryHint, AgentScoreCore, AgentScoreCoreOptions, CreateSessionOnMissing, DenialCode, DenialReason, EvaluateOutcome, VerifyWalletSignerMatchOptions, VerifyWalletSignerResult, buildAgentMemoryHint } from './core.js';
-export { P as PaymentSigner, S as SignerNetwork, a as extractPaymentSigner, e as extractPaymentSignerAddress, r as readX402PaymentHeader } from './signer-Cvdwn6Cs.js';
-export { F as FIXABLE_DENIAL_REASONS, b as buildContactSupportNextSteps, a as buildSignerMismatchBody, d as denialReasonStatus, c as denialReasonToBody, i as isFixableDenial, v as verificationAgentInstructions } from './_response-RpEB7-vl.js';
+export { P as PaymentSigner, S as SignerNetwork, a as extractPaymentSigner, e as extractPaymentSignerAddress, r as readX402PaymentHeader } from './signer-kCAJUZwp.js';
+export { F as FIXABLE_DENIAL_REASONS, b as buildContactSupportNextSteps, a as buildSignerMismatchBody, d as denialReasonStatus, c as denialReasonToBody, i as isFixableDenial, v as verificationAgentInstructions } from './_response-C2yFQoIA.js';
 export { EnforcementMode, GateResult, IdentityStatus, PolicyBlock, policyToGateOptions, runGateWithEnforcement, shippingCountryAllowed, shippingStateAllowed } from './identity/policy.js';
 
 /**
@@ -27,7 +27,7 @@ interface A2AAgentCardCapabilities {
         path?: string;
         method?: string;
     }[];
-    /** Free-form skill tags — `["wine-purchase", "regulated-commerce", ...]`. */
+    /** Free-form skill tags — `["product-purchase", "regulated-commerce", ...]`. */
     skills?: string[];
 }
 interface A2AAgentCardIdentity {
@@ -67,7 +67,7 @@ interface A2AAgentCard {
     extras?: Record<string, unknown>;
 }
 interface BuildA2AAgentCardInput {
-    /** Display name for the agent — `"Martin Estate Wine Concierge"`, etc. */
+    /** Display name for the agent — e.g. a merchant brand or service name. */
     name: string;
     /** Optional one-line description. */
     description?: string;
@@ -101,12 +101,12 @@ interface BuildA2AAgentCardInput {
  * app.get('/.well-known/agent-card', async (c) => {
  *   const data = getAgentScoreData(c);
  *   const card = buildA2AAgentCard({
- *     name: 'Martin Estate Wine Concierge',
- *     description: 'Buy regulated wines from Martin Estate via agent payments.',
- *     url: 'https://agents.martinestate.com',
+ *     name: 'Example Merchant Concierge',
+ *     description: 'Buy regulated goods via agent payments.',
+ *     url: 'https://agents.example.com',
  *     capabilities: {
  *       endpoints: [{ name: 'purchase', path: '/purchase', method: 'POST' }],
- *       skills: ['wine-purchase', 'regulated-commerce'],
+ *       skills: ['product-purchase', 'regulated-commerce'],
  *     },
  *     data,
  *   });
@@ -174,7 +174,7 @@ interface UCPCapability {
     [k: string]: unknown;
 }
 interface UCPPaymentHandler {
-    /** Handler name — `stripe`, `tempo`, `x402-base`, `x402-solana`, etc. */
+    /** Handler name — `stripe`, `tempo`, `x402-base`, `solana`, etc. */
     name: string;
     /** Handler config — recipient address, profile id, etc. */
     config?: Record<string, unknown>;
@@ -234,13 +234,13 @@ interface BuildUCPProfileInput {
  * app.get('/.well-known/ucp', async (c) => {
  *   const data = getAgentScoreData(c);
  *   return c.json(buildUCPProfile({
- *     name: 'Martin Estate',
- *     services: [{ type: 'rest', url: 'https://agents.martinestate.com' }],
+ *     name: 'Example Merchant',
+ *     services: [{ type: 'rest', url: 'https://agents.example.com' }],
  *     payment_handlers: [
  *       { name: 'tempo', config: { recipient: TEMPO_ADDR } },
  *       { name: 'stripe', config: { profile_id: STRIPE_PROFILE_ID } },
  *     ],
- *     signing_keys: [{ kid: 'me-2026-04', kty: 'EC', alg: 'ES256', crv: 'P-256', x: '...', y: '...' }],
+ *     signing_keys: [{ kid: 'merchant-2026-04', kty: 'EC', alg: 'ES256', crv: 'P-256', x: '...', y: '...' }],
  *     data,
  *   }));
  * });

package/dist/index.js

@@ -285,6 +285,44 @@ function buildAgentMemoryHint() {
 }
 
 // src/signer.ts
+var TOKEN_PROGRAM = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
+var TOKEN_2022_PROGRAM = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
+var TRANSFER_CHECKED_DISCRIMINATOR = 12;
+async function extractSolanaSignerFromCredential(credential) {
+  const payload = credential.payload;
+  if (!payload?.transaction || payload.type !== "transaction") return null;
+  const moduleName = "@solana/kit";
+  const kit = await import(moduleName).catch(() => null);
+  if (!kit?.getBase64Codec || !kit.getTransactionDecoder || !kit.getCompiledTransactionMessageDecoder) {
+    return null;
+  }
+  try {
+    const txBytes = kit.getBase64Codec().encode(payload.transaction);
+    const decoded = kit.getTransactionDecoder().decode(txBytes);
+    const message = kit.getCompiledTransactionMessageDecoder().decode(decoded.messageBytes);
+    for (const ix of message.instructions) {
+      const programId = message.staticAccounts[ix.programAddressIndex];
+      if (programId !== TOKEN_PROGRAM && programId !== TOKEN_2022_PROGRAM) continue;
+      const data = ix.data;
+      if (!data || data.length === 0 || data[0] !== TRANSFER_CHECKED_DISCRIMINATOR) continue;
+      const accountIndices = ix.accountIndices ?? [];
+      const authorityIndex = accountIndices[3];
+      if (authorityIndex === void 0) continue;
+      if (authorityIndex >= message.staticAccounts.length) {
+        console.warn(
+          "[gate] Solana TransferChecked authority resolves through an address lookup table; signer-match recovery requires the static-account form. Skipping."
+        );
+        continue;
+      }
+      const authority = message.staticAccounts[authorityIndex];
+      if (authority) return authority;
+    }
+    return null;
+  } catch (err) {
+    console.warn("[gate] Solana credential decode failed:", err instanceof Error ? err.message : err);
+    return null;
+  }
+}
 async function extractPaymentSigner(request, x402PaymentHeader) {
   const authHeader = request.headers.get("authorization");
   if (authHeader) {
@@ -294,8 +332,12 @@ async function extractPaymentSigner(request, x402PaymentHeader) {
       if (mppx?.Credential?.extractPaymentScheme(authHeader)) {
         const credential = mppx.Credential.fromRequest(request);
         const source = credential.source;
-        const match = source?.match(/^did:pkh:eip155:\d+:(0x[0-9a-fA-F]{40})$/);
-        if (match) return { address: match[1].toLowerCase(), network: "evm" };
+        const evmMatch = source?.match(/^did:pkh:eip155:\d+:(0x[0-9a-fA-F]{40})$/);
+        if (evmMatch) return { address: evmMatch[1].toLowerCase(), network: "evm" };
+        const solMatch = source?.match(/^did:pkh:solana:[1-9A-HJ-NP-Za-km-z]{32,44}:([1-9A-HJ-NP-Za-km-z]{32,44})$/);
+        if (solMatch) return { address: solMatch[1], network: "solana" };
+        const solanaFromTx = await extractSolanaSignerFromCredential(credential);
+        if (solanaFromTx) return { address: solanaFromTx, network: "solana" };
       }
     } catch (err) {
       console.warn("[gate] MPP signer extraction failed:", err instanceof Error ? err.message : err);
@@ -305,28 +347,9 @@ async function extractPaymentSigner(request, x402PaymentHeader) {
     try {
       const decoded = atob(x402PaymentHeader);
       const parsed = JSON.parse(decoded);
-      const network = parsed?.accepted?.network ?? "";
-      if (network.startsWith("eip155:")) {
-        const from = parsed?.payload?.authorization?.from;
-        if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
-          return { address: from.toLowerCase(), network: "evm" };
-        }
-      } else if (network.startsWith("solana:")) {
-        const transaction = parsed?.payload?.transaction;
-        if (typeof transaction === "string") {
-          const moduleName = "@x402/svm";
-          const svm = await import(moduleName).catch(() => null);
-          if (svm?.decodeTransactionFromPayload && svm.getTokenPayerFromTransaction) {
-            const tx = svm.decodeTransactionFromPayload({ transaction });
-            const payer = svm.getTokenPayerFromTransaction(tx);
-            if (typeof payer === "string" && payer.length > 0) return { address: payer, network: "solana" };
-          }
-        }
-      } else {
-        const from = parsed?.payload?.authorization?.from;
-        if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
-          return { address: from.toLowerCase(), network: "evm" };
-        }
+      const from = parsed?.payload?.authorization?.from;
+      if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
+        return { address: from.toLowerCase(), network: "evm" };
       }
     } catch (err) {
       console.warn("[gate] x402 signer extraction failed:", err instanceof Error ? err.message : err);