npm - @agent-score/commerce - Versions diffs - 2.1.0 → 2.2.0 - Mend

@agent-score/commerce 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

package/README.md +1 -1
package/dist/challenge/index.d.mts +2 -2
package/dist/challenge/index.d.ts +2 -2
package/dist/challenge/index.js +7 -5
package/dist/challenge/index.js.map +1 -1
package/dist/challenge/index.mjs +7 -5
package/dist/challenge/index.mjs.map +1 -1
package/dist/{checkout-Bd_4aQ6c.d.mts → checkout-CKQE2QpJ.d.mts} +38 -23
package/dist/{checkout-BH-I_Ns8.d.ts → checkout-CfgxgPZL.d.ts} +38 -23
package/dist/core.js +4 -3
package/dist/core.js.map +1 -1
package/dist/core.mjs +4 -3
package/dist/core.mjs.map +1 -1
package/dist/{default_rails-BxBzcCA1.d.ts → default_rails-C5gKZJMI.d.ts} +11 -1
package/dist/{default_rails-BWAquZeu.d.mts → default_rails-XFCuRddA.d.mts} +11 -1
package/dist/discovery/index.d.mts +3 -3
package/dist/discovery/index.d.ts +3 -3
package/dist/identity/express.d.mts +4 -3
package/dist/identity/express.d.ts +4 -3
package/dist/identity/express.js +4 -3
package/dist/identity/express.js.map +1 -1
package/dist/identity/express.mjs +4 -3
package/dist/identity/express.mjs.map +1 -1
package/dist/identity/fastify.d.mts +4 -3
package/dist/identity/fastify.d.ts +4 -3
package/dist/identity/fastify.js +4 -3
package/dist/identity/fastify.js.map +1 -1
package/dist/identity/fastify.mjs +4 -3
package/dist/identity/fastify.mjs.map +1 -1
package/dist/identity/hono.d.mts +4 -3
package/dist/identity/hono.d.ts +4 -3
package/dist/identity/hono.js +4 -3
package/dist/identity/hono.js.map +1 -1
package/dist/identity/hono.mjs +4 -3
package/dist/identity/hono.mjs.map +1 -1
package/dist/identity/nextjs.js +4 -3
package/dist/identity/nextjs.js.map +1 -1
package/dist/identity/nextjs.mjs +4 -3
package/dist/identity/nextjs.mjs.map +1 -1
package/dist/identity/policy.js +22 -23363
package/dist/identity/policy.js.map +1 -1
package/dist/identity/policy.mjs +1 -23366
package/dist/identity/policy.mjs.map +1 -1
package/dist/identity/web.js +4 -3
package/dist/identity/web.js.map +1 -1
package/dist/identity/web.mjs +4 -3
package/dist/identity/web.mjs.map +1 -1
package/dist/index.d.mts +73 -6
package/dist/index.d.ts +73 -6
package/dist/index.js +392 -148
package/dist/index.js.map +1 -1
package/dist/index.mjs +389 -146
package/dist/index.mjs.map +1 -1
package/dist/middleware/express.js.map +1 -1
package/dist/middleware/express.mjs.map +1 -1
package/dist/middleware/fastify.js.map +1 -1
package/dist/middleware/fastify.mjs.map +1 -1
package/dist/middleware/hono.js.map +1 -1
package/dist/middleware/hono.mjs.map +1 -1
package/dist/middleware/nextjs.js.map +1 -1
package/dist/middleware/nextjs.mjs.map +1 -1
package/dist/middleware/web.js.map +1 -1
package/dist/middleware/web.mjs.map +1 -1
package/dist/payment/index.d.mts +13 -17
package/dist/payment/index.d.ts +13 -17
package/dist/payment/index.js +80 -4
package/dist/payment/index.js.map +1 -1
package/dist/payment/index.mjs +79 -4
package/dist/payment/index.mjs.map +1 -1
package/dist/{pricing-4n5Ota0D.d.mts → pricing-dSI3ePmE.d.mts} +4 -2
package/dist/{pricing-DHfH3ogG.d.ts → pricing-uFGRNoGl.d.ts} +4 -2
package/dist/stripe-multichain/index.js +55 -5
package/dist/stripe-multichain/index.js.map +1 -1
package/dist/stripe-multichain/index.mjs +55 -5
package/dist/stripe-multichain/index.mjs.map +1 -1
package/package.json +8 -8

package/dist/{pricing-4n5Ota0D.d.mts → pricing-dSI3ePmE.d.mts} RENAMED Viewed

@@ -43,8 +43,10 @@ declare function buildHowToPay({ url, retryBodyJson, totalUsd, rails, opTokenPla
     totalUsd: string | number;
     /** Per-rail config — each is optional. Pass only the rails you support. */
     rails: HowToPayRails;
-    /** Placeholder text for the operator token in commands. Defaults to '<your_opc_token>'. */
-    opTokenPlaceholder?: string;
+    /** Placeholder text for the operator token in commands. Defaults to '<your_opc_token>'.
+     *  Pass `null` (gateless merchants) to strip the `-H 'X-Operator-Token: ...'` line entirely
+     *  from each rail command — appropriate when the merchant doesn't run an identity gate. */
+    opTokenPlaceholder?: string | null;
     /** Override max-spend value used in commands. Default: `ceil(totalUsd) + 1`
      *  (for prices ≥ $1) or `totalUsd.toFixed(decimals)` (for sub-dollar prices,
      *  so the command flags reflect the real amount instead of `1.00`). */

package/dist/{pricing-DHfH3ogG.d.ts → pricing-uFGRNoGl.d.ts} RENAMED Viewed

@@ -43,8 +43,10 @@ declare function buildHowToPay({ url, retryBodyJson, totalUsd, rails, opTokenPla
     totalUsd: string | number;
     /** Per-rail config — each is optional. Pass only the rails you support. */
     rails: HowToPayRails;
-    /** Placeholder text for the operator token in commands. Defaults to '<your_opc_token>'. */
-    opTokenPlaceholder?: string;
+    /** Placeholder text for the operator token in commands. Defaults to '<your_opc_token>'.
+     *  Pass `null` (gateless merchants) to strip the `-H 'X-Operator-Token: ...'` line entirely
+     *  from each rail command — appropriate when the merchant doesn't run an identity gate. */
+    opTokenPlaceholder?: string | null;
     /** Override max-spend value used in commands. Default: `ceil(totalUsd) + 1`
      *  (for prices ≥ $1) or `totalUsd.toFixed(decimals)` (for sub-dollar prices,
      *  so the command flags reflect the real amount instead of `1.00`). */

package/dist/stripe-multichain/index.js CHANGED Viewed

@@ -19434,11 +19434,12 @@ function toClient(method, options) {
   };
 }
 function toServer(method, options) {
-  const { authorize, defaults, html, request, respond, stableBinding, transport, verify: verify3 } = options;
+  const { authorize, defaults, extensions, html, request, respond, stableBinding, transport, verify: verify3 } = options;
   return {
     ...method,
     authorize,
     defaults,
+    extensions,
     html,
     request,
     respond,
@@ -19660,6 +19661,22 @@ __export(stripe_multichain_exports, {
 });
 module.exports = __toCommonJS(stripe_multichain_exports);
+// src/errors.ts
+var CheckoutValidationError = class extends Error {
+  code;
+  action;
+  status;
+  extra;
+  constructor(opts) {
+    super(opts.message);
+    this.name = "CheckoutValidationError";
+    this.code = opts.code;
+    this.action = opts.action ?? "fix_request";
+    this.status = opts.status ?? 400;
+    this.extra = opts.extra;
+  }
+};
 // src/stripe-multichain/payment_intent.ts
 async function createMultichainPaymentIntent({
   stripe,
@@ -19692,7 +19709,12 @@ async function createMultichainPaymentIntent({
     if (info?.address) depositAddresses[network] = info.address;
   }
   if (Object.keys(depositAddresses).length === 0) {
-    throw new Error("No deposit addresses returned from Stripe PaymentIntent");
+    throw new CheckoutValidationError({
+      code: "payment_provider_unavailable",
+      message: "Stripe returned no crypto deposit addresses for this PaymentIntent. The account may not be enrolled in the Stablecoins and Crypto preview, or the feature was revoked.",
+      action: "retry_later",
+      status: 503
+    });
   }
   return { paymentIntentId: pi.id, depositAddresses };
 }
@@ -19703,12 +19725,35 @@ async function createPayToAddressFromStripePI(opts) {
   if (authHeader) {
     const { Credential } = await Promise.resolve().then(() => (init_dist2(), dist_exports));
     if (Credential.extractPaymentScheme(authHeader)) {
-      const credential = Credential.fromRequest(opts.request);
+      let credential;
+      try {
+        credential = Credential.fromRequest(opts.request);
+      } catch {
+        throw new CheckoutValidationError({
+          code: "invalid_credential",
+          message: "The Authorization: Payment header is not a valid MPP credential.",
+          action: "retry_without_credential",
+          status: 401
+        });
+      }
       const method = credential.challenge.method;
       if (method === "tempo" || method === "solana") {
         const toAddress = credential.challenge.request.recipient;
+        if (typeof toAddress !== "string" || !toAddress) {
+          throw new CheckoutValidationError({
+            code: "invalid_credential",
+            message: "The MPP credential is missing its recipient field.",
+            action: "retry_without_credential",
+            status: 401
+          });
+        }
         if (!await opts.piCache.hasAddress(toAddress)) {
-          throw new Error("Invalid payTo address: not found in cache or expired");
+          throw new CheckoutValidationError({
+            code: "invalid_credential",
+            message: "The signed-against payTo recipient is not in this merchant's cache (unknown or expired). Retry without the Authorization: Payment header to receive a fresh 402 challenge.",
+            action: "retry_without_credential",
+            status: 401
+          });
         }
         return toAddress;
       }
@@ -19730,7 +19775,12 @@ async function createPayToAddressFromStripePI(opts) {
   const preferred = opts.preferredNetwork ?? "tempo";
   const payTo = depositAddresses[preferred] ?? depositAddresses.base ?? depositAddresses.tempo;
   if (!payTo) {
-    throw new Error("Failed to resolve pay_to address from Stripe PaymentIntent");
+    throw new CheckoutValidationError({
+      code: "payment_provider_unavailable",
+      message: "Stripe returned deposit addresses but none matched the requested network (tempo / base / solana). The account may have only a subset of multichain networks enabled.",
+      action: "retry_later",
+      status: 503
+    });
   }
   return payTo;
 }