@agent-score/commerce 1.8.0 → 2.0.0

package/dist/challenge/index.js

@@ -34,63 +34,127 @@ __export(challenge_exports, {
 });
 module.exports = __toCommonJS(challenge_exports);
 
+// src/payment/usdc.ts
+var USDC = {
+  base: {
+    mainnet: { address: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", decimals: 6 },
+    sepolia: { address: "0x036CbD53842c5426634e7929541eC2318f3dCF7e", decimals: 6 }
+  },
+  solana: {
+    mainnet: { mint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", decimals: 6 },
+    devnet: { mint: "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU", decimals: 6 }
+  },
+  tempo: {
+    mainnet: { address: "0x20C000000000000000000000b9537d11c60E8b50", decimals: 6 },
+    testnet: { address: "0x20c0000000000000000000000000000000000000", decimals: 6 }
+  }
+};
+
+// src/payment/rail_spec.ts
+async function resolveRecipient(r) {
+  if (typeof r === "string") return r;
+  return Promise.resolve(r());
+}
+var RAIL_SPEC_DEFAULTS = {
+  tempo: {
+    network: "tempo-mainnet",
+    chainId: 4217,
+    token: USDC.tempo.mainnet.address,
+    symbol: "USDC.e",
+    decimals: 6,
+    testnet: false,
+    recommend: "both"
+  },
+  x402Base: {
+    network: "eip155:8453",
+    chainId: 8453,
+    token: USDC.base.mainnet.address,
+    symbol: "USDC",
+    decimals: 6,
+    mode: "exact"
+  },
+  solanaMpp: {
+    network: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",
+    token: USDC.solana.mainnet.mint,
+    symbol: "USDC",
+    decimals: 6
+  },
+  stripe: {
+    rails: ["card", "link", "shared_payment_token"]
+  },
+  tempoSession: {
+    currency: USDC.tempo.mainnet.address,
+    testnet: false
+  }
+};
+
 // src/challenge/accepted_methods.ts
-function buildAcceptedMethods(input) {
+async function buildAcceptedMethods({
+  tempo,
+  x402_base,
+  solana_mpp,
+  stripe
+}) {
   const out = [];
-  if (input.tempo) {
+  if (tempo) {
     out.push({
       method: "tempo/charge",
-      network: input.tempo.network ?? "tempo-mainnet",
-      chain_id: input.tempo.chainId ?? 4217,
-      token: input.tempo.token ?? "0x20C000000000000000000000b9537d11c60E8b50",
-      symbol: input.tempo.symbol ?? "USDC.e",
-      decimals: input.tempo.decimals ?? 6,
-      pay_to: input.tempo.recipient
+      network: tempo.network ?? RAIL_SPEC_DEFAULTS.tempo.network,
+      chain_id: tempo.chainId ?? RAIL_SPEC_DEFAULTS.tempo.chainId,
+      token: tempo.token ?? RAIL_SPEC_DEFAULTS.tempo.token,
+      symbol: tempo.symbol ?? RAIL_SPEC_DEFAULTS.tempo.symbol,
+      decimals: tempo.decimals ?? RAIL_SPEC_DEFAULTS.tempo.decimals,
+      pay_to: await resolveRecipient(tempo.recipient)
     });
   }
-  if (input.x402_base) {
+  if (x402_base) {
     out.push({
       method: "x402/exact",
-      network: input.x402_base.network ?? "eip155:8453",
-      chain_id: input.x402_base.chainId ?? 8453,
-      token: input.x402_base.token ?? "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
-      symbol: input.x402_base.symbol ?? "USDC",
-      decimals: input.x402_base.decimals ?? 6,
-      pay_to: input.x402_base.recipient
+      network: x402_base.network ?? RAIL_SPEC_DEFAULTS.x402Base.network,
+      chain_id: x402_base.chainId ?? RAIL_SPEC_DEFAULTS.x402Base.chainId,
+      token: x402_base.token ?? RAIL_SPEC_DEFAULTS.x402Base.token,
+      symbol: x402_base.symbol ?? RAIL_SPEC_DEFAULTS.x402Base.symbol,
+      decimals: x402_base.decimals ?? RAIL_SPEC_DEFAULTS.x402Base.decimals,
+      pay_to: await resolveRecipient(x402_base.recipient)
     });
   }
-  if (input.solana_mpp) {
+  if (solana_mpp) {
     out.push({
       method: "solana/charge",
-      network: input.solana_mpp.network ?? "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",
-      token: input.solana_mpp.token ?? "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
-      symbol: input.solana_mpp.symbol ?? "USDC",
-      decimals: input.solana_mpp.decimals ?? 6,
-      pay_to: input.solana_mpp.recipient,
-      ...input.solana_mpp.feePayerKey ? { fee_payer_key: input.solana_mpp.feePayerKey } : {}
+      network: solana_mpp.network ?? RAIL_SPEC_DEFAULTS.solanaMpp.network,
+      token: solana_mpp.token ?? RAIL_SPEC_DEFAULTS.solanaMpp.token,
+      symbol: solana_mpp.symbol ?? RAIL_SPEC_DEFAULTS.solanaMpp.symbol,
+      decimals: solana_mpp.decimals ?? RAIL_SPEC_DEFAULTS.solanaMpp.decimals,
+      pay_to: await resolveRecipient(solana_mpp.recipient)
     });
   }
-  if (input.stripe) {
+  if (stripe) {
     out.push({
       method: "stripe/charge",
-      rails: input.stripe.rails ?? ["card", "link", "shared_payment_token"],
-      profile_id: input.stripe.profileId ?? null
+      rails: stripe.rails ?? [...RAIL_SPEC_DEFAULTS.stripe.rails],
+      profile_id: stripe.profileId ?? null
     });
   }
   return out;
 }
 
 // src/challenge/identity.ts
-function buildIdentityMetadata(input) {
-  const block = { identity_mode: input.mode };
-  if (input.mode !== "wallet") return block;
-  if (input.wallet) {
-    block.required_signer = input.signerMatchResult?.expectedSigner ?? input.wallet;
+function buildIdentityMetadata({
+  mode,
+  wallet,
+  signerMatchResult,
+  linkedWallets,
+  signerConstraint
+}) {
+  const block = { identity_mode: mode };
+  if (mode !== "wallet") return block;
+  if (wallet) {
+    block.required_signer = signerMatchResult?.expectedSigner ?? wallet;
   }
-  if (input.linkedWallets && input.linkedWallets.length > 0) {
-    block.linked_wallets = input.linkedWallets;
+  if (linkedWallets && linkedWallets.length > 0) {
+    block.linked_wallets = linkedWallets;
   }
-  block.signer_constraint = input.signerConstraint ?? "Payment must be signed with the claimed wallet OR any same-operator linked wallet listed in linked_wallets.";
+  block.signer_constraint = signerConstraint ?? "Payment must be signed with the claimed wallet OR any same-operator linked wallet listed in linked_wallets.";
   return block;
 }
 
@@ -111,45 +175,52 @@ var PAY_SETUP_SOLANA = [
   "agentscore-pay wallet create --chain solana",
   "agentscore-pay balance --chain solana   # fund the printed address with USDC on Solana"
 ];
-function buildHowToPay(input) {
-  const totalNum = typeof input.totalUsd === "string" ? Number(input.totalUsd) : input.totalUsd;
-  const maxSpend = String(input.maxSpend ?? (Math.ceil(totalNum) + 1).toFixed(2));
-  const opToken = input.opTokenPlaceholder ?? "<your_opc_token>";
+function buildHowToPay({
+  url,
+  retryBodyJson,
+  totalUsd,
+  rails,
+  opTokenPlaceholder,
+  maxSpend
+}) {
+  const totalNum = typeof totalUsd === "string" ? Number(totalUsd) : totalUsd;
+  const maxSpendStr = String(maxSpend ?? (Math.ceil(totalNum) + 1).toFixed(2));
+  const opToken = opTokenPlaceholder ?? "<your_opc_token>";
   const block = {};
-  if (input.rails.tempo) {
-    const networkName = input.rails.tempo.networkName ?? "tempo-mainnet";
-    const chainId = input.rails.tempo.chainId ?? 4217;
-    const recommend = input.rails.tempo.recommend ?? "both";
-    const tempoCommand = `tempo request -X POST -H 'X-Operator-Token: ${opToken}' -H 'Content-Type: application/json' --json '${input.retryBodyJson}' --max-spend ${maxSpend} ${input.url}`;
-    const payCommand = `agentscore-pay pay POST ${input.url} --chain tempo -H 'X-Operator-Token: ${opToken}' -H 'Content-Type: application/json' -d '${input.retryBodyJson}' --max-spend ${maxSpend}`;
+  if (rails.tempo) {
+    const networkName = rails.tempo.testnet ? "tempo-testnet" : rails.tempo.network ?? RAIL_SPEC_DEFAULTS.tempo.network;
+    const chainId = rails.tempo.chainId ?? RAIL_SPEC_DEFAULTS.tempo.chainId;
+    const recommend = rails.tempo.recommend ?? RAIL_SPEC_DEFAULTS.tempo.recommend;
+    const tempoCommand = `tempo request -X POST -H 'X-Operator-Token: ${opToken}' -H 'Content-Type: application/json' --json '${retryBodyJson}' --max-spend ${maxSpendStr} ${url}`;
+    const payCommand = `agentscore-pay pay POST ${url} --chain tempo -H 'X-Operator-Token: ${opToken}' -H 'Content-Type: application/json' -d '${retryBodyJson}' --max-spend ${maxSpendStr}`;
     block.tempo = {
       setup: TEMPO_SETUP,
-      prerequisite: `Run \`tempo wallet whoami\` and confirm USDC.e balance on ${networkName} (chain ${chainId}) is at least $${maxSpend}. If the tempo CLI is not installed, run the setup commands above first.`,
+      prerequisite: `Run \`tempo wallet whoami\` and confirm USDC.e balance on ${networkName} (chain ${chainId}) is at least $${maxSpendStr}. If the tempo CLI is not installed, run the setup commands above first.`,
       command: recommend === "agentscore-pay" ? payCommand : tempoCommand,
       ...recommend === "both" ? { alternative_command: payCommand } : recommend === "agentscore-pay" ? { alternative_command: tempoCommand } : {},
       what_it_does: `Pays via Tempo USDC on ${networkName}.`
     };
   }
-  if (input.rails.x402_base) {
-    const network = input.rails.x402_base.network ?? "eip155:8453";
+  if (rails.x402_base) {
+    const network = rails.x402_base.network ?? RAIL_SPEC_DEFAULTS.x402Base.network;
     block.x402_base = {
       setup: PAY_SETUP_BASE,
-      prerequisite: `Run \`agentscore-pay balance --chain base\` and confirm USDC balance on Base (${network}) is at least $${maxSpend}. If the CLI is not installed, run the setup commands above first.`,
-      command: `agentscore-pay pay POST ${input.url} --chain base -H 'X-Operator-Token: ${opToken}' -H 'Content-Type: application/json' -d '${input.retryBodyJson}' --max-spend ${maxSpend}`,
+      prerequisite: `Run \`agentscore-pay balance --chain base\` and confirm USDC balance on Base (${network}) is at least $${maxSpendStr}. If the CLI is not installed, run the setup commands above first.`,
+      command: `agentscore-pay pay POST ${url} --chain base -H 'X-Operator-Token: ${opToken}' -H 'Content-Type: application/json' -d '${retryBodyJson}' --max-spend ${maxSpendStr}`,
       what_it_does: "Pays via USDC on Base."
     };
   }
-  if (input.rails.solana_mpp) {
-    const network = input.rails.solana_mpp.network ?? "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp";
+  if (rails.solana_mpp) {
+    const network = rails.solana_mpp.network ?? RAIL_SPEC_DEFAULTS.solanaMpp.network;
     block.solana_mpp = {
       setup: PAY_SETUP_SOLANA,
-      prerequisite: `Run \`agentscore-pay balance --chain solana\` and confirm USDC balance on Solana (${network}) is at least $${maxSpend}. If the CLI is not installed, run the setup commands above first.`,
-      command: `agentscore-pay pay POST ${input.url} --chain solana -H 'X-Operator-Token: ${opToken}' -H 'Content-Type: application/json' -d '${input.retryBodyJson}' --max-spend ${maxSpend}`,
+      prerequisite: `Run \`agentscore-pay balance --chain solana\` and confirm USDC balance on Solana (${network}) is at least $${maxSpendStr}. If the CLI is not installed, run the setup commands above first.`,
+      command: `agentscore-pay pay POST ${url} --chain solana -H 'X-Operator-Token: ${opToken}' -H 'Content-Type: application/json' -d '${retryBodyJson}' --max-spend ${maxSpendStr}`,
       what_it_does: "Pays via USDC on Solana."
     };
   }
-  if (input.rails.stripe) {
-    const stripeCfg = input.rails.stripe;
+  if (rails.stripe) {
+    const stripeCfg = rails.stripe;
     const amountCents = Math.round(totalNum * 100);
     const linkCliBlocked = amountCents > 5e4;
     const productName = stripeCfg.productName ?? "this purchase";
@@ -166,7 +237,7 @@ function buildHowToPay(input) {
       ];
       stripe.command_link_cli = [
         `SPEND_ID=$(link-cli spend-request create --payment-method-id <csmrpd_id_from_payment_methods_list> --credential-type shared_payment_token --network-id ${stripeCfg.profileId} --amount ${amountCents} --context "${sptContext}" --request-approval --output-json | jq -r .id)`,
-        `link-cli mpp pay ${input.url} --spend-request-id $SPEND_ID --method POST --data '${input.retryBodyJson}' --header 'X-Operator-Token: ${opToken}' --output-json`
+        `link-cli mpp pay ${url} --spend-request-id $SPEND_ID --method POST --data '${retryBodyJson}' --header 'X-Operator-Token: ${opToken}' --output-json`
       ];
       stripe.what_it_does_link_cli = "Mints a one-time-use SharedPaymentToken scoped to this purchase (user approves in Link wallet), then submits it as the payment credential.";
     } else if (linkCliBlocked) {
@@ -178,8 +249,8 @@ function buildHowToPay(input) {
 }
 
 // src/challenge/agent_instructions.ts
-var TEMPO_WARNING = "Do NOT use `tempo wallet transfer`. That moves USDC on-chain without completing the protocol handshake, so the order will not complete. Use `tempo request` instead.";
-var X402_WARNING = "Do NOT send USDC manually to the deposit addresses. Use `agentscore-pay pay` so the credential is signed and submitted; otherwise the order will not complete even though the deposit lands.";
+var TEMPO_WARNING = "Do NOT use `tempo wallet transfer`. That moves USDC on-chain without completing the protocol handshake, so the request will not complete. Use `tempo request` instead.";
+var X402_WARNING = "Do NOT send USDC manually to the deposit addresses. Use `agentscore-pay pay` so the credential is signed and submitted; otherwise the request will not complete even though the deposit lands.";
 var TEMPO_TOOL = "`tempo request` for Tempo USDC";
 var AGENTSCORE_PAY_TOOL = "`agentscore-pay` \u2014 Base + Solana + Tempo from one CLI";
 var DEFAULT_WALLET_COMPATIBILITY = "Any client that can produce a valid MPP credential (Authorization: Payment) or x402 X-Payment header. Use the CLI commands above; sign-it-yourself is also fine.";
@@ -214,17 +285,27 @@ function defaultCompatibleClients(howToPay) {
   if (howToPay.stripe) rails.push("stripe");
   return compatibleClientsByRails(rails);
 }
-function buildAgentInstructions(input) {
-  const compatibleClients = input.compatibleClients ?? defaultCompatibleClients(input.howToPay);
+function buildAgentInstructions({
+  howToPay,
+  recommendedTools,
+  walletCompatibility,
+  timeoutSeconds,
+  warnings,
+  extraWarnings,
+  recommended,
+  compatibleClients,
+  extra
+}) {
+  const compatibleClientsOut = compatibleClients ?? defaultCompatibleClients(howToPay);
   return {
-    how_to_pay: input.howToPay,
-    recommended_tools: input.recommendedTools ?? defaultRecommendedTools(input.howToPay),
-    wallet_compatibility: input.walletCompatibility ?? DEFAULT_WALLET_COMPATIBILITY,
-    timeout_seconds: input.timeoutSeconds ?? 300,
-    warnings: input.warnings ?? [...defaultWarnings(input.howToPay), ...input.extraWarnings ?? []],
-    ...input.recommended ? { recommended: input.recommended } : {},
-    ...compatibleClients ? { compatible_clients: compatibleClients } : {},
-    ...input.extra ?? {}
+    how_to_pay: howToPay,
+    recommended_tools: recommendedTools ?? defaultRecommendedTools(howToPay),
+    wallet_compatibility: walletCompatibility ?? DEFAULT_WALLET_COMPATIBILITY,
+    timeout_seconds: timeoutSeconds ?? 300,
+    warnings: warnings ?? [...defaultWarnings(howToPay), ...extraWarnings ?? []],
+    ...recommended ? { recommended } : {},
+    ...compatibleClientsOut ? { compatible_clients: compatibleClientsOut } : {},
+    ...extra ?? {}
   };
 }
 
@@ -331,51 +412,80 @@ function buildAgentMemoryHint() {
 }
 
 // src/challenge/agent_memory.ts
-function firstEncounterAgentMemory(input) {
-  if (!input.firstEncounter) return void 0;
+function firstEncounterAgentMemory({
+  firstEncounter
+}) {
+  if (!firstEncounter) return void 0;
   return buildAgentMemoryHint();
 }
 
 // src/challenge/body.ts
-function build402Body(input) {
+function build402Body({
+  acceptedMethods,
+  agentInstructions,
+  identityMetadata,
+  agentMemory,
+  pricing,
+  amountUsd,
+  currency,
+  orderId,
+  product,
+  retryBody,
+  recommended,
+  x402,
+  extra
+}) {
   const body = {
     payment_required: true,
-    accepted_methods: input.acceptedMethods
+    accepted_methods: acceptedMethods
   };
-  if (input.x402) {
-    body.x402Version = input.x402.version ?? 2;
-    body.accepts = input.x402.accepts;
+  if (x402) {
+    body.x402Version = x402.version ?? 2;
+    body.accepts = x402.accepts;
+    if (x402.extensions !== void 0 && Object.keys(x402.extensions).length > 0) {
+      body.extensions = x402.extensions;
+    }
   }
-  if (input.amountUsd !== void 0) body.amount_usd = input.amountUsd;
-  if (input.currency) body.currency = input.currency;
-  if (input.pricing) body.pricing = input.pricing;
-  if (input.orderId !== void 0) body.order_id = input.orderId;
-  if (input.product) body.product = input.product;
-  if (input.recommended) body.recommended = input.recommended;
-  if (input.retryBody !== void 0) body.retry_body = input.retryBody;
-  if (input.identityMetadata) {
-    Object.assign(body, input.identityMetadata);
+  if (amountUsd !== void 0) body.amount_usd = amountUsd;
+  if (currency) body.currency = currency;
+  if (pricing) body.pricing = pricing;
+  if (orderId !== void 0) body.order_id = orderId;
+  if (product) body.product = product;
+  if (recommended) body.recommended = recommended;
+  if (retryBody !== void 0) body.retry_body = retryBody;
+  if (identityMetadata) {
+    Object.assign(body, identityMetadata);
   }
-  if (input.agentInstructions) body.agent_instructions = input.agentInstructions;
-  if (input.agentMemory !== void 0) body.agent_memory = input.agentMemory;
-  if (input.extra) Object.assign(body, input.extra);
+  if (agentInstructions) body.agent_instructions = agentInstructions;
+  if (agentMemory !== void 0) body.agent_memory = agentMemory;
+  if (extra) Object.assign(body, extra);
   return body;
 }
 
 // src/challenge/pricing.ts
-function buildPricingBlock(input) {
-  const tax = input.taxCents ?? 0;
-  const shipping = input.shippingCents ?? 0;
-  const total = input.totalCents ?? input.subtotalCents + tax + shipping;
+function buildPricingBlock({
+  subtotalCents,
+  taxCents = 0,
+  shippingCents,
+  discountCents,
+  totalCents,
+  taxRate,
+  taxState,
+  currency
+}) {
+  const shipping = shippingCents ?? 0;
+  const discount = discountCents ?? 0;
+  const total = totalCents ?? Math.max(0, subtotalCents + taxCents + shipping - discount);
   const block = {
-    subtotal: formatCents(input.subtotalCents),
-    tax: formatCents(tax),
+    subtotal: formatCents(subtotalCents),
+    tax: formatCents(taxCents),
     total: formatCents(total)
   };
-  if (input.shippingCents !== void 0) block.shipping = formatCents(shipping);
-  if (input.taxRate !== void 0) block.tax_rate = input.taxRate;
-  if (input.taxState !== void 0) block.tax_state = input.taxState;
-  if (input.currency !== void 0) block.currency = input.currency;
+  if (shippingCents !== void 0) block.shipping = formatCents(shipping);
+  if (discountCents !== void 0) block.discount = formatCents(discount);
+  if (taxRate !== void 0) block.tax_rate = taxRate;
+  if (taxState !== void 0) block.tax_state = taxState;
+  if (currency !== void 0) block.currency = currency;
   return block;
 }
 function formatCents(cents) {
@@ -383,30 +493,47 @@ function formatCents(cents) {
 }
 
 // src/payment/wwwauthenticate.ts
-function paymentRequiredHeader(input) {
-  return Buffer.from(JSON.stringify(input)).toString("base64");
+function paymentRequiredHeader({
+  x402Version,
+  accepts,
+  resource
+}) {
+  return Buffer.from(JSON.stringify({ x402Version, accepts, ...resource ? { resource } : {} })).toString("base64");
 }
 
 // src/challenge/respond_402.ts
-function respond402(input) {
-  const body = build402Body(input.body);
-  const headers = new Headers(input.mppxChallenge.headers);
-  headers.set("content-type", "application/json");
-  if (input.x402) {
-    headers.set("PAYMENT-REQUIRED", paymentRequiredHeader(input.x402));
+function respond402({
+  mppxChallengeHeaders,
+  body,
+  x402
+}) {
+  const headers = {};
+  for (const [k, v] of Object.entries(mppxChallengeHeaders)) {
+    headers[k.toLowerCase()] = v;
+  }
+  headers["content-type"] = "application/json";
+  if (x402) {
+    headers["payment-required"] = paymentRequiredHeader(x402);
   }
-  return new Response(JSON.stringify(body), { headers, status: 402 });
+  return { body, headers, status: 402 };
 }
 
 // src/challenge/validation_error.ts
-function buildValidationError(input) {
+function buildValidationError({
+  code,
+  message,
+  requiredFields,
+  exampleBody,
+  nextSteps,
+  extra
+}) {
   const body = {
-    error: { code: input.code, message: input.message }
+    error: { code, message }
   };
-  if (input.requiredFields) body.required_fields = input.requiredFields;
-  if (input.exampleBody !== void 0) body.example_body = input.exampleBody;
-  if (input.nextSteps) body.next_steps = input.nextSteps;
-  if (input.extra) Object.assign(body, input.extra);
+  if (requiredFields) body.required_fields = requiredFields;
+  if (exampleBody !== void 0) body.example_body = exampleBody;
+  if (nextSteps) body.next_steps = nextSteps;
+  if (extra) Object.assign(body, extra);
   return body;
 }
 // Annotate the CommonJS export names for ESM import in node: