@agent-score/commerce 2.0.2 → 2.1.1

package/dist/identity/fastify.js

@@ -20,21 +20,14 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/identity/fastify.ts
 var fastify_exports = {};
 __export(fastify_exports, {
-  FIXABLE_DENIAL_REASONS: () => FIXABLE_DENIAL_REASONS,
   agentscoreGate: () => agentscoreGate,
-  buildContactSupportNextSteps: () => buildContactSupportNextSteps,
-  buildSignerMismatchBody: () => buildSignerMismatchBody,
   captureWallet: () => captureWallet,
+  conditionalAgentscoreGate: () => conditionalAgentscoreGate,
   default: () => fastify_default,
-  denialReasonStatus: () => denialReasonStatus,
-  denialReasonToBody: () => denialReasonToBody,
   getAgentScoreData: () => getAgentScoreData,
   getGateDegradedState: () => getGateDegradedState,
   getGateQuotaInfo: () => getGateQuotaInfo,
-  getSignerVerdict: () => getSignerVerdict,
-  isFixableDenial: () => isFixableDenial,
-  readX402PaymentHeader: () => readX402PaymentHeader,
-  verificationAgentInstructions: () => verificationAgentInstructions
+  getSignerVerdict: () => getSignerVerdict
 });
 module.exports = __toCommonJS(fastify_exports);
 
@@ -53,80 +46,6 @@ function denialReasonStatus(reason) {
   if (reason.code === "api_error") return 503;
   return 403;
 }
-function buildSignerMismatchBody({
-  result,
-  userMessage,
-  learnMoreUrl
-}) {
-  if (result.kind === "pass") return null;
-  const learnMoreUrlResolved = learnMoreUrl ?? "https://docs.agentscore.sh/guides/agent-identity";
-  if (result.kind === "wallet_signer_mismatch") {
-    const linkedWallets = result.linkedWallets ?? [];
-    const userMessageResolved = userMessage ?? (linkedWallets.length > 0 ? `Sign the payment with one of the wallets linked to this operator: ${linkedWallets.join(", ")}. Then retry.` : "Sign the payment with the same wallet you claimed via X-Wallet-Address, or switch to X-Operator-Token for rail-independent identity.");
-    return {
-      error: {
-        code: "wallet_signer_mismatch",
-        message: "Payment signer does not match the wallet claimed via X-Wallet-Address. The signer and the claimed wallet must both resolve to the same AgentScore operator."
-      },
-      claimed_operator: result.claimedOperator,
-      actual_signer_operator: result.actualSignerOperator ?? null,
-      expected_signer: result.expectedSigner,
-      actual_signer: result.actualSigner,
-      linked_wallets: linkedWallets,
-      next_steps: {
-        action: "regenerate_payment_from_linked_wallet",
-        user_message: userMessageResolved,
-        learn_more_url: learnMoreUrlResolved
-      }
-    };
-  }
-  return {
-    error: {
-      code: "wallet_auth_requires_wallet_signing",
-      message: "Wallet-auth requires a payment rail that carries a wallet signature (Tempo MPP, x402). Stripe SPT and card rails have no wallet signer; switch to X-Operator-Token to use those."
-    },
-    next_steps: {
-      action: "switch_to_operator_token",
-      user_message: userMessage ?? "Drop the X-Wallet-Address header and retry with X-Operator-Token (works on every payment rail).",
-      learn_more_url: learnMoreUrlResolved
-    }
-  };
-}
-function buildContactSupportNextSteps(supportEmail, message) {
-  return {
-    action: "contact_support",
-    support_email: supportEmail,
-    user_message: message ?? `If you believe this denial is in error, contact support at ${supportEmail} with the details of your request.`
-  };
-}
-function verificationAgentInstructions({
-  userAction,
-  retryStep,
-  extraSteps,
-  pollIntervalSeconds = 5,
-  timeoutSeconds = 3600,
-  orderTtl,
-  extra
-} = {}) {
-  const baseSteps = [
-    "Present the verify_url directly to the user \u2014 it is a complete, ready-to-open URL with the session token already embedded (e.g. https://agentscore.sh/verify?session=sess_...). Do NOT modify or construct the URL yourself.",
-    `Immediately begin polling poll_url every ${pollIntervalSeconds} seconds with header X-Poll-Secret set to poll_secret. The user will complete verification in their browser while you poll in the background.`,
-    "The user visits the URL, signs in, completes identity verification (photo ID + selfie via Stripe Identity), and closes the tab. They do NOT need to copy or paste anything back to you.",
-    'When your poll returns status "verified", extract operator_token from the response. This is a one-time value \u2014 save it immediately. Subsequent polls return status "consumed" without the token.',
-    retryStep ?? "Retry the original merchant request with header X-Operator-Token set to the operator_token value."
-  ];
-  return {
-    action: "poll_for_credential",
-    user_action: userAction ?? "The user must visit verify_url to complete identity verification before this request can proceed",
-    steps: extraSteps ? [...baseSteps, ...extraSteps] : baseSteps,
-    poll_interval_seconds: pollIntervalSeconds,
-    poll_secret_header: "X-Poll-Secret",
-    retry_token_header: "X-Operator-Token",
-    timeout_seconds: timeoutSeconds,
-    ...orderTtl ? { order_ttl: orderTtl } : {},
-    ...extra ?? {}
-  };
-}
 
 // src/_response.ts
 var WALLET_NOT_TRUSTED_INSTRUCTIONS = JSON.stringify({
@@ -376,7 +295,7 @@ function createAgentScoreCore(options) {
   } = options;
   const baseUrl = stripTrailingSlashes(rawBaseUrl);
   const agentMemoryHint = buildAgentMemoryHint();
-  const defaultUa = `@agent-score/commerce@${"2.0.2"}`;
+  const defaultUa = `@agent-score/commerce@${"2.1.1"}`;
   const userAgentHeader = userAgent ? `${userAgent} (${defaultUa})` : defaultUa;
   const sdk = new import_sdk.AgentScore({ apiKey, baseUrl, userAgent: userAgentHeader });
   const sessionSdkCache = /* @__PURE__ */ new Map();
@@ -668,6 +587,30 @@ function createAgentScoreCore(options) {
   return { evaluate, captureWallet: captureWallet2, getSignerVerdict: getSignerVerdict2 };
 }
 
+// src/payment/payment_header.ts
+function toTitleCase(name) {
+  return name.replace(/(^|-)([a-z])/g, (_m, sep, c) => sep + c.toUpperCase());
+}
+function readHeader(headers, name) {
+  if (typeof headers.get === "function") {
+    return headers.get(name);
+  }
+  const rec = headers;
+  const v = rec[name] ?? rec[name.toLowerCase()] ?? rec[toTitleCase(name)];
+  if (typeof v === "string") return v;
+  if (Array.isArray(v) && typeof v[0] === "string") return v[0];
+  return null;
+}
+function asHeaders(input) {
+  return typeof input.headers === "object" && input instanceof Request ? input.headers : input;
+}
+function hasPaymentHeader(input) {
+  const headers = asHeaders(input);
+  return Boolean(
+    readHeader(headers, "payment-signature") || readHeader(headers, "x-payment") || readHeader(headers, "authorization")?.startsWith("Payment ")
+  );
+}
+
 // src/signer.ts
 var TOKEN_PROGRAM = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
 var TOKEN_2022_PROGRAM = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
@@ -747,9 +690,6 @@ async function extractPaymentSignerFromAuth(authHeader, x402PaymentHeader) {
   });
   return extractPaymentSigner(request, x402PaymentHeader);
 }
-function readX402PaymentHeader(request) {
-  return request.headers.get("payment-signature") ?? request.headers.get("x-payment") ?? void 0;
-}
 
 // src/identity/fastify.ts
 var GATE_STATE_KEY = "__agentscoreGate";
@@ -823,21 +763,45 @@ function getSignerVerdict(request) {
 agentscoreGatePlugin[/* @__PURE__ */ Symbol.for("skip-override")] = true;
 var agentscoreGate = agentscoreGatePlugin;
 var fastify_default = agentscoreGatePlugin;
+var conditionalAgentscoreGatePlugin = async (fastify, options) => {
+  const { extractIdentity = defaultExtractIdentity, onDenied = defaultOnDenied, ...coreOptions } = options;
+  const core = createAgentScoreCore(coreOptions);
+  fastify.addHook("preHandler", async (request, reply) => {
+    if (!hasPaymentHeader(request.headers)) return;
+    const identity = extractIdentity(request);
+    request[GATE_STATE_KEY] = {
+      core,
+      operatorToken: identity?.operatorToken,
+      walletAddress: identity?.address
+    };
+    const authHeader = request.headers.authorization ?? null;
+    const x402Header = request.headers["payment-signature"] ?? request.headers["x-payment"];
+    const signer = await extractPaymentSignerFromAuth(authHeader, x402Header);
+    const outcome = await core.evaluate(identity, request, signer);
+    if (outcome.kind === "allow") {
+      const state = request[GATE_STATE_KEY];
+      if (state) {
+        if (outcome.degraded) {
+          state.degraded = true;
+          state.infraReason = outcome.infraReason;
+        }
+        if (outcome.quota) state.quota = outcome.quota;
+      }
+      return;
+    }
+    return onDenied(request, reply, outcome.reason);
+  });
+};
+conditionalAgentscoreGatePlugin[/* @__PURE__ */ Symbol.for("skip-override")] = true;
+var conditionalAgentscoreGate = conditionalAgentscoreGatePlugin;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  FIXABLE_DENIAL_REASONS,
   agentscoreGate,
-  buildContactSupportNextSteps,
-  buildSignerMismatchBody,
   captureWallet,
-  denialReasonStatus,
-  denialReasonToBody,
+  conditionalAgentscoreGate,
   getAgentScoreData,
   getGateDegradedState,
   getGateQuotaInfo,
-  getSignerVerdict,
-  isFixableDenial,
-  readX402PaymentHeader,
-  verificationAgentInstructions
+  getSignerVerdict
 });
 //# sourceMappingURL=fastify.js.map