@agent-score/commerce 1.7.0 → 1.8.1

package/README.md

@@ -23,9 +23,9 @@ npm install hono mppx @x402/core @x402/evm @solana/mpp @solana/kit stripe   # wh
 
 | Subpath | What it provides |
 |---|---|
-| `/identity/{hono,express,fastify}` | Trust gate middleware: KYC, sanctions, age, jurisdiction. Context-getter pattern: `agentscoreGate(opts)` middleware + `getAgentScoreData(ctx)` / `getGateDegradedState(ctx)` / `getGateQuotaInfo(ctx)` accessors, `captureWallet(...)`, `verifyWalletSignerMatch(...)`. Plus shared denial helpers: `denialReasonStatus`, `denialReasonToBody`, `buildSignerMismatchBody`, `buildContactSupportNextSteps`, `verificationAgentInstructions`, `isFixableDenial`, `FIXABLE_DENIAL_REASONS`. |
+| `/identity/{hono,express,fastify}` | Trust gate middleware: KYC, sanctions (account name + signer wallet), age, jurisdiction. Context-getter pattern: `agentscoreGate(opts)` middleware + `getAgentScoreData(ctx)` / `getGateDegradedState(ctx)` / `getGateQuotaInfo(ctx)` / `getSignerVerdict(ctx)` accessors, `captureWallet(...)`. Plus shared denial helpers: `denialReasonStatus`, `denialReasonToBody`, `buildSignerMismatchBody`, `buildContactSupportNextSteps`, `verificationAgentInstructions`, `isFixableDenial`, `FIXABLE_DENIAL_REASONS`. |
 | `/identity/policy` | Per-product compliance helpers for multi-product merchants (each product carries its own policy: hard gate vs soft vs none, per-product shipping allowlists): `PolicyBlock`, `GateResult`, `EnforcementMode`, `IdentityStatus`, `buildGateOptionsFromPolicy`, `runGateWithEnforcement`, `shippingCountryAllowed`, `shippingStateAllowed`. |
-| `/identity/{nextjs,web}` | Same gate, wrapper pattern: `withAgentScoreGate(opts, handler)` / `createAgentScoreGate(opts) => guard(req)`. The `data` + `degraded` + `infraReason` fields land directly on the handler arg / guard result (no separate getter). Plus shared `captureWallet`, `verifyWalletSignerMatch`. |
+| `/identity/{nextjs,web}` | Same gate, wrapper pattern: `withAgentScoreGate(opts, handler)` / `createAgentScoreGate(opts) => guard(req)`. The `data` + `degraded` + `infraReason` + `getSignerVerdict` fields land directly on the handler arg / guard result (no separate getter). Plus shared `captureWallet`. |
 | `/payment` | `networks`, `USDC`, `rails` registries; `paymentDirective`, `buildPaymentDirective`, `wwwAuthenticateHeader`, `paymentRequiredHeader`, `aliasAmountFields` (v1↔v2 amount field shim: emits both `amount` and `maxAmountRequired` so v1-only x402 parsers like Coinbase awal can read v2 bodies), `settlementOverrideHeader`, `dispatchSettlementByNetwork`, `extractPaymentSigner` (returns `{address, network}`); `createX402Server`, `createMppxServer`; drop-in x402 helpers: `validateX402NetworkConfig` (boot-time guard), `verifyX402Request` (parse + validate inbound X-Payment), `processX402Settle` (verify-then-settle with one call), `classifyX402SettleResult` (maps the tagged settle result to a recommended HTTP status / code / nextSteps so merchants get a controlled envelope without coupling to facilitator-specific error text). |
 | `/discovery` | `isDiscoveryProbeRequest`, `buildDiscoveryProbeResponse` (with optional `x402Sample` for x402-aware crawlers, e.g. `awal x402 details`), `sampleX402AcceptForNetwork` (USDC sample-accept builder for known CAIP-2 networks), `buildWellKnownMpp`, `buildLlmsTxt` + `llmsTxtIdentitySection` + `llmsTxtPaymentSection` (compact + verbose modes), `buildSkillMd` (Claude-Skill-compatible `/skill.md` agent-discovery manifest; strictly agent-facing data only, no internal posture), `agentscoreOpenApiSnippets`, `createBazaarDiscovery`, `noindexNonDiscoveryPaths` (Hono middleware that emits `X-Robots-Tag: noindex` on every path except the agent-discovery surfaces; defaults cover `/openapi.json`, `/llms.txt`, `/skill.md`, `/.well-known/{mpp.json,agent-card.json,ucp,jwks.json}`, `/favicon.{png,ico}`; pure helpers `isDiscoveryPath` + `defaultDiscoveryPaths` for non-Hono frameworks). |
 | `/challenge` | `build402Body`, `buildAcceptedMethods`, `buildIdentityMetadata`, `buildHowToPay`, `buildAgentInstructions` (auto-emits per-rail `compatible_clients`: smoke-verified CLIs the agent should use; vendor override supported; pure helper `compatibleClientsByRails(rails)` returns the same map for vendors building custom 402s), `buildPricingBlock`, `firstEncounterAgentMemory`, `OrderReceipt`; `respond402`, a drop-in 402 emit that preserves mppx's `WWW-Authenticate` and layers x402's `PAYMENT-REQUIRED`. `buildValidationError`: structured 4xx body builder (`{error: {code, message}, required_fields?, example_body?, next_steps?, ...extra}`) so vendors compose body shapes by name instead of inlining at every validation site. |
@@ -42,7 +42,7 @@ import {
   agentscoreGate,
   captureWallet,
   getAgentScoreData,
-  verifyWalletSignerMatch,
+  getSignerVerdict,
 } from "@agent-score/commerce/identity/hono";
 
 const app = new Hono();

package/dist/{_response-DpB-cm2c.d.mts → _response-9yp6Fit2.d.mts}

@@ -8,8 +8,8 @@ import { VerifyWalletSignerResult, DenialReason } from './core.mjs';
  *     be resolved by re-completing KYC (vs sanctions / age failures which are permanent).
  *   - `denialReasonStatus` — picks the right HTTP status code per denial code (401 for credential
  *     problems, 503 for transient API errors, 403 for everything else).
- *   - `buildSignerMismatchBody` — produces the standard 403 body for a `verifyWalletSignerMatch`
- *     non-pass result.
+ *   - `buildSignerMismatchBody` — produces the standard 403 body for a non-pass signer_match
+ *     verdict (read via `getSignerVerdict`).
  *   - `buildContactSupportNextSteps` — standard `next_steps.action: "contact_support"` shape for
  *     unfixable compliance denials.
  *   - `verificationAgentInstructions` — the canned `agent_instructions` block for
@@ -50,7 +50,8 @@ declare function isFixableDenial(reasons: readonly string[] | undefined): boolea
  */
 declare function denialReasonStatus(reason: DenialReason): 401 | 403 | 503;
 interface SignerMismatchBodyInput {
-    /** Result from `verifyWalletSignerMatch`. The function only emits a body for non-pass results. */
+    /** Projected signer_match verdict (from `getSignerVerdict(ctx).signer_match`). Only non-pass
+     *  kinds produce a body. */
     result: VerifyWalletSignerResult;
     /** Optional override for the human-facing `next_steps.user_message`. */
     userMessage?: string;
@@ -58,12 +59,14 @@ interface SignerMismatchBodyInput {
     learnMoreUrl?: string;
 }
 /**
- * Standard 403 body for a non-pass `verifyWalletSignerMatch` result. Returns null for `pass` /
- * `api_error` so vendors can call it unconditionally:
+ * Standard 403 body for a non-pass signer-match verdict. Returns null for `pass` so vendors
+ * can call it unconditionally:
  *
- *   const result = await verifyWalletSignerMatch(c);
- *   const mismatchBody = buildSignerMismatchBody({ result });
- *   if (mismatchBody) return c.json(mismatchBody, 403);
+ *   const verdict = getSignerVerdict(c);
+ *   if (verdict?.signer_match) {
+ *     const mismatchBody = buildSignerMismatchBody({ result: verdict.signer_match });
+ *     if (mismatchBody) return c.json(mismatchBody, 403);
+ *   }
  *
  * Body shape mirrors the gate's denial bodies: top-level error.code, all signer-match fields
  * (`claimed_operator`, `actual_signer_operator`, `expected_signer`, `actual_signer`,
@@ -132,9 +135,8 @@ declare function verificationAgentInstructions(input?: VerificationAgentInstruct
  * to test the marshaling.
  *
  * Body shape: `{ error: { code, message }, ... }` — matches the canonical AgentScore
- * core API response shape (`core/api/src/lib/auth.ts`, `lib/rate-limit.ts`, etc.) and
- * martin-estate's pre-commerce shape, so downstream agents see one consistent
- * `error.code` + `error.message` pair regardless of which layer produced the denial.
+ * error envelope so downstream agents see one consistent `error.code` +
+ * `error.message` pair regardless of which layer produced the denial.
  */
 
 declare function denialReasonToBody(reason: DenialReason): Record<string, unknown>;

package/dist/{_response-C2yFQoIA.d.ts → _response-CC6jNb8q.d.ts}

@@ -8,8 +8,8 @@ import { VerifyWalletSignerResult, DenialReason } from './core.js';
  *     be resolved by re-completing KYC (vs sanctions / age failures which are permanent).
  *   - `denialReasonStatus` — picks the right HTTP status code per denial code (401 for credential
  *     problems, 503 for transient API errors, 403 for everything else).
- *   - `buildSignerMismatchBody` — produces the standard 403 body for a `verifyWalletSignerMatch`
- *     non-pass result.
+ *   - `buildSignerMismatchBody` — produces the standard 403 body for a non-pass signer_match
+ *     verdict (read via `getSignerVerdict`).
  *   - `buildContactSupportNextSteps` — standard `next_steps.action: "contact_support"` shape for
  *     unfixable compliance denials.
  *   - `verificationAgentInstructions` — the canned `agent_instructions` block for
@@ -50,7 +50,8 @@ declare function isFixableDenial(reasons: readonly string[] | undefined): boolea
  */
 declare function denialReasonStatus(reason: DenialReason): 401 | 403 | 503;
 interface SignerMismatchBodyInput {
-    /** Result from `verifyWalletSignerMatch`. The function only emits a body for non-pass results. */
+    /** Projected signer_match verdict (from `getSignerVerdict(ctx).signer_match`). Only non-pass
+     *  kinds produce a body. */
     result: VerifyWalletSignerResult;
     /** Optional override for the human-facing `next_steps.user_message`. */
     userMessage?: string;
@@ -58,12 +59,14 @@ interface SignerMismatchBodyInput {
     learnMoreUrl?: string;
 }
 /**
- * Standard 403 body for a non-pass `verifyWalletSignerMatch` result. Returns null for `pass` /
- * `api_error` so vendors can call it unconditionally:
+ * Standard 403 body for a non-pass signer-match verdict. Returns null for `pass` so vendors
+ * can call it unconditionally:
  *
- *   const result = await verifyWalletSignerMatch(c);
- *   const mismatchBody = buildSignerMismatchBody({ result });
- *   if (mismatchBody) return c.json(mismatchBody, 403);
+ *   const verdict = getSignerVerdict(c);
+ *   if (verdict?.signer_match) {
+ *     const mismatchBody = buildSignerMismatchBody({ result: verdict.signer_match });
+ *     if (mismatchBody) return c.json(mismatchBody, 403);
+ *   }
  *
  * Body shape mirrors the gate's denial bodies: top-level error.code, all signer-match fields
  * (`claimed_operator`, `actual_signer_operator`, `expected_signer`, `actual_signer`,
@@ -132,9 +135,8 @@ declare function verificationAgentInstructions(input?: VerificationAgentInstruct
  * to test the marshaling.
  *
  * Body shape: `{ error: { code, message }, ... }` — matches the canonical AgentScore
- * core API response shape (`core/api/src/lib/auth.ts`, `lib/rate-limit.ts`, etc.) and
- * martin-estate's pre-commerce shape, so downstream agents see one consistent
- * `error.code` + `error.message` pair regardless of which layer produced the denial.
+ * error envelope so downstream agents see one consistent `error.code` +
+ * `error.message` pair regardless of which layer produced the denial.
  */
 
 declare function denialReasonToBody(reason: DenialReason): Record<string, unknown>;

package/dist/challenge/index.d.mts

@@ -3,6 +3,7 @@ export { B as BuildAgentInstructionsInput, a as BuildHowToPayInput, C as Compati
 import { AgentMemoryHint } from '../core.mjs';
 export { buildAgentMemoryHint } from '../core.mjs';
 import { P as PaymentRequiredHeaderInput } from '../wwwauthenticate-CU1eNvMQ.mjs';
+import '../signer-CFVQsWjL.mjs';
 
 interface TempoMethodEntry {
     method: 'tempo/charge';
@@ -70,7 +71,7 @@ interface BuildAcceptedMethodsInput {
 /**
  * Build the `accepted_methods[]` array for an enriched 402 body. Each rail entry is
  * conditionally included based on whether the vendor passed it. Per-rail shapes follow
- * the conventions established in martin-estate's reference 402.
+ * a canonical 402 shape across rails.
  */
 declare function buildAcceptedMethods(input: BuildAcceptedMethodsInput): AcceptedMethodEntry[];
 
@@ -86,7 +87,7 @@ interface IdentityMetadataInput {
     mode: IdentityMode;
     /** Claimed wallet address (when mode === 'wallet'). */
     wallet?: string;
-    /** Result of a prior verifyWalletSignerMatch call. */
+    /** Projected signer_match verdict (from `getSignerVerdict(ctx).signer_match`). */
     signerMatchResult?: SignerMatchResultLike;
     /** Same-operator linked wallets (from assess response). */
     linkedWallets?: string[];
@@ -158,9 +159,9 @@ declare function firstEncounterAgentMemory(input: FirstEncounterAgentMemoryInput
  * Pricing block builder + canonical type.
  *
  * Composes the cents-denominated price components into the dollar-string shape that
- * 402 challenge bodies advertise. Lifts the inline pattern from martin-estate's
- * `purchase.ts` so every merchant — current and future commerce-platform plugins
- * (Commerce7, WooCommerce, Shopify) — surfaces the same shape to agents.
+ * 402 challenge bodies advertise. Standardizes the pricing block so every merchant
+ * — current and future commerce-platform plugins (Commerce7, WooCommerce, Shopify) —
+ * surfaces the same shape to agents.
  *
  * Shipping is included by default because most physical-goods merchants carry it; pass
  * `shippingCents: 0` (or omit) for digital goods / services. Tax is optional for

package/dist/challenge/index.d.ts

@@ -3,6 +3,7 @@ export { B as BuildAgentInstructionsInput, a as BuildHowToPayInput, C as Compati
 import { AgentMemoryHint } from '../core.js';
 export { buildAgentMemoryHint } from '../core.js';
 import { P as PaymentRequiredHeaderInput } from '../wwwauthenticate-CU1eNvMQ.js';
+import '../signer-CFVQsWjL.js';
 
 interface TempoMethodEntry {
     method: 'tempo/charge';
@@ -70,7 +71,7 @@ interface BuildAcceptedMethodsInput {
 /**
  * Build the `accepted_methods[]` array for an enriched 402 body. Each rail entry is
  * conditionally included based on whether the vendor passed it. Per-rail shapes follow
- * the conventions established in martin-estate's reference 402.
+ * a canonical 402 shape across rails.
  */
 declare function buildAcceptedMethods(input: BuildAcceptedMethodsInput): AcceptedMethodEntry[];
 
@@ -86,7 +87,7 @@ interface IdentityMetadataInput {
     mode: IdentityMode;
     /** Claimed wallet address (when mode === 'wallet'). */
     wallet?: string;
-    /** Result of a prior verifyWalletSignerMatch call. */
+    /** Projected signer_match verdict (from `getSignerVerdict(ctx).signer_match`). */
     signerMatchResult?: SignerMatchResultLike;
     /** Same-operator linked wallets (from assess response). */
     linkedWallets?: string[];
@@ -158,9 +159,9 @@ declare function firstEncounterAgentMemory(input: FirstEncounterAgentMemoryInput
  * Pricing block builder + canonical type.
  *
  * Composes the cents-denominated price components into the dollar-string shape that
- * 402 challenge bodies advertise. Lifts the inline pattern from martin-estate's
- * `purchase.ts` so every merchant — current and future commerce-platform plugins
- * (Commerce7, WooCommerce, Shopify) — surfaces the same shape to agents.
+ * 402 challenge bodies advertise. Standardizes the pricing block so every merchant
+ * — current and future commerce-platform plugins (Commerce7, WooCommerce, Shopify) —
+ * surfaces the same shape to agents.
  *
  * Shipping is included by default because most physical-goods merchants carry it; pass
  * `shippingCents: 0` (or omit) for digital goods / services. Tax is optional for