@agent-score/commerce 1.2.0 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +26 -11
  2. package/dist/{_response-RpEB7-vl.d.ts → _response-C2yFQoIA.d.ts} +1 -1
  3. package/dist/{_response-DS-LR590.d.mts → _response-DpB-cm2c.d.mts} +1 -1
  4. package/dist/{agent_instructions-d3UWTdam.d.mts → agent_instructions-DiMSGkdm.d.mts} +10 -6
  5. package/dist/{agent_instructions-d3UWTdam.d.ts → agent_instructions-DiMSGkdm.d.ts} +10 -6
  6. package/dist/challenge/index.d.mts +18 -9
  7. package/dist/challenge/index.d.ts +18 -9
  8. package/dist/challenge/index.js +25 -24
  9. package/dist/challenge/index.js.map +1 -1
  10. package/dist/challenge/index.mjs +25 -24
  11. package/dist/challenge/index.mjs.map +1 -1
  12. package/dist/core.js +1 -1
  13. package/dist/core.js.map +1 -1
  14. package/dist/core.mjs +1 -1
  15. package/dist/core.mjs.map +1 -1
  16. package/dist/discovery/index.d.mts +130 -6
  17. package/dist/discovery/index.d.ts +130 -6
  18. package/dist/discovery/index.js +75 -59
  19. package/dist/discovery/index.js.map +1 -1
  20. package/dist/discovery/index.mjs +70 -58
  21. package/dist/discovery/index.mjs.map +1 -1
  22. package/dist/identity/express.d.mts +2 -2
  23. package/dist/identity/express.d.ts +2 -2
  24. package/dist/identity/express.js +48 -25
  25. package/dist/identity/express.js.map +1 -1
  26. package/dist/identity/express.mjs +48 -25
  27. package/dist/identity/express.mjs.map +1 -1
  28. package/dist/identity/fastify.d.mts +2 -2
  29. package/dist/identity/fastify.d.ts +2 -2
  30. package/dist/identity/fastify.js +48 -25
  31. package/dist/identity/fastify.js.map +1 -1
  32. package/dist/identity/fastify.mjs +48 -25
  33. package/dist/identity/fastify.mjs.map +1 -1
  34. package/dist/identity/hono.d.mts +2 -2
  35. package/dist/identity/hono.d.ts +2 -2
  36. package/dist/identity/hono.js +48 -25
  37. package/dist/identity/hono.js.map +1 -1
  38. package/dist/identity/hono.mjs +48 -25
  39. package/dist/identity/hono.mjs.map +1 -1
  40. package/dist/identity/nextjs.d.mts +2 -2
  41. package/dist/identity/nextjs.d.ts +2 -2
  42. package/dist/identity/nextjs.js +48 -25
  43. package/dist/identity/nextjs.js.map +1 -1
  44. package/dist/identity/nextjs.mjs +48 -25
  45. package/dist/identity/nextjs.mjs.map +1 -1
  46. package/dist/identity/web.d.mts +2 -2
  47. package/dist/identity/web.d.ts +2 -2
  48. package/dist/identity/web.js +48 -25
  49. package/dist/identity/web.js.map +1 -1
  50. package/dist/identity/web.mjs +48 -25
  51. package/dist/identity/web.mjs.map +1 -1
  52. package/dist/index.d.mts +12 -12
  53. package/dist/index.d.ts +12 -12
  54. package/dist/index.js +47 -24
  55. package/dist/index.js.map +1 -1
  56. package/dist/index.mjs +47 -24
  57. package/dist/index.mjs.map +1 -1
  58. package/dist/payment/index.d.mts +158 -49
  59. package/dist/payment/index.d.ts +158 -49
  60. package/dist/payment/index.js +194 -73
  61. package/dist/payment/index.js.map +1 -1
  62. package/dist/payment/index.mjs +192 -72
  63. package/dist/payment/index.mjs.map +1 -1
  64. package/dist/{signer-Cvdwn6Cs.d.mts → signer-kCAJUZwp.d.mts} +10 -12
  65. package/dist/{signer-Cvdwn6Cs.d.ts → signer-kCAJUZwp.d.ts} +10 -12
  66. package/dist/stripe-multichain/index.d.mts +2 -2
  67. package/dist/stripe-multichain/index.d.ts +2 -2
  68. package/dist/stripe-multichain/index.js.map +1 -1
  69. package/dist/stripe-multichain/index.mjs.map +1 -1
  70. package/package.json +13 -4
package/dist/index.mjs CHANGED
@@ -249,6 +249,44 @@ function buildAgentMemoryHint() {
249
249
  }
250
250
 
251
251
  // src/signer.ts
252
+ var TOKEN_PROGRAM = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
253
+ var TOKEN_2022_PROGRAM = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
254
+ var TRANSFER_CHECKED_DISCRIMINATOR = 12;
255
+ async function extractSolanaSignerFromCredential(credential) {
256
+ const payload = credential.payload;
257
+ if (!payload?.transaction || payload.type !== "transaction") return null;
258
+ const moduleName = "@solana/kit";
259
+ const kit = await import(moduleName).catch(() => null);
260
+ if (!kit?.getBase64Codec || !kit.getTransactionDecoder || !kit.getCompiledTransactionMessageDecoder) {
261
+ return null;
262
+ }
263
+ try {
264
+ const txBytes = kit.getBase64Codec().encode(payload.transaction);
265
+ const decoded = kit.getTransactionDecoder().decode(txBytes);
266
+ const message = kit.getCompiledTransactionMessageDecoder().decode(decoded.messageBytes);
267
+ for (const ix of message.instructions) {
268
+ const programId = message.staticAccounts[ix.programAddressIndex];
269
+ if (programId !== TOKEN_PROGRAM && programId !== TOKEN_2022_PROGRAM) continue;
270
+ const data = ix.data;
271
+ if (!data || data.length === 0 || data[0] !== TRANSFER_CHECKED_DISCRIMINATOR) continue;
272
+ const accountIndices = ix.accountIndices ?? [];
273
+ const authorityIndex = accountIndices[3];
274
+ if (authorityIndex === void 0) continue;
275
+ if (authorityIndex >= message.staticAccounts.length) {
276
+ console.warn(
277
+ "[gate] Solana TransferChecked authority resolves through an address lookup table; signer-match recovery requires the static-account form. Skipping."
278
+ );
279
+ continue;
280
+ }
281
+ const authority = message.staticAccounts[authorityIndex];
282
+ if (authority) return authority;
283
+ }
284
+ return null;
285
+ } catch (err) {
286
+ console.warn("[gate] Solana credential decode failed:", err instanceof Error ? err.message : err);
287
+ return null;
288
+ }
289
+ }
252
290
  async function extractPaymentSigner(request, x402PaymentHeader) {
253
291
  const authHeader = request.headers.get("authorization");
254
292
  if (authHeader) {
@@ -258,8 +296,12 @@ async function extractPaymentSigner(request, x402PaymentHeader) {
258
296
  if (mppx?.Credential?.extractPaymentScheme(authHeader)) {
259
297
  const credential = mppx.Credential.fromRequest(request);
260
298
  const source = credential.source;
261
- const match = source?.match(/^did:pkh:eip155:\d+:(0x[0-9a-fA-F]{40})$/);
262
- if (match) return { address: match[1].toLowerCase(), network: "evm" };
299
+ const evmMatch = source?.match(/^did:pkh:eip155:\d+:(0x[0-9a-fA-F]{40})$/);
300
+ if (evmMatch) return { address: evmMatch[1].toLowerCase(), network: "evm" };
301
+ const solMatch = source?.match(/^did:pkh:solana:[1-9A-HJ-NP-Za-km-z]{32,44}:([1-9A-HJ-NP-Za-km-z]{32,44})$/);
302
+ if (solMatch) return { address: solMatch[1], network: "solana" };
303
+ const solanaFromTx = await extractSolanaSignerFromCredential(credential);
304
+ if (solanaFromTx) return { address: solanaFromTx, network: "solana" };
263
305
  }
264
306
  } catch (err) {
265
307
  console.warn("[gate] MPP signer extraction failed:", err instanceof Error ? err.message : err);
@@ -269,28 +311,9 @@ async function extractPaymentSigner(request, x402PaymentHeader) {
269
311
  try {
270
312
  const decoded = atob(x402PaymentHeader);
271
313
  const parsed = JSON.parse(decoded);
272
- const network = parsed?.accepted?.network ?? "";
273
- if (network.startsWith("eip155:")) {
274
- const from = parsed?.payload?.authorization?.from;
275
- if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
276
- return { address: from.toLowerCase(), network: "evm" };
277
- }
278
- } else if (network.startsWith("solana:")) {
279
- const transaction = parsed?.payload?.transaction;
280
- if (typeof transaction === "string") {
281
- const moduleName = "@x402/svm";
282
- const svm = await import(moduleName).catch(() => null);
283
- if (svm?.decodeTransactionFromPayload && svm.getTokenPayerFromTransaction) {
284
- const tx = svm.decodeTransactionFromPayload({ transaction });
285
- const payer = svm.getTokenPayerFromTransaction(tx);
286
- if (typeof payer === "string" && payer.length > 0) return { address: payer, network: "solana" };
287
- }
288
- }
289
- } else {
290
- const from = parsed?.payload?.authorization?.from;
291
- if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
292
- return { address: from.toLowerCase(), network: "evm" };
293
- }
314
+ const from = parsed?.payload?.authorization?.from;
315
+ if (typeof from === "string" && /^0x[0-9a-fA-F]{40}$/.test(from)) {
316
+ return { address: from.toLowerCase(), network: "evm" };
294
317
  }
295
318
  } catch (err) {
296
319
  console.warn("[gate] x402 signer extraction failed:", err instanceof Error ? err.message : err);