@attesso/sdk 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Attesso
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,306 @@
+# @attesso/sdk
+
+The official TypeScript SDK for Attesso. Hardware-backed identity for autonomous commerce.
+
+```bash
+npm install @attesso/sdk
+```
+
+## What This Is
+
+AI agents need to spend money. Attesso gives them a wallet with hardware-backed security and user-controlled spending limits.
+
+This SDK lets agents:
+- Execute payments within pre-authorized limits
+- Prove their identity to merchants
+- Check available spending power
+
+**No mobile app required.** Users authorize spending with WebAuthn passkeys (FaceID/TouchID) directly in the browser.
+
+## Quick Start
+
+```typescript
+import { AttessoClient } from '@attesso/sdk';
+
+const client = new AttessoClient({
+  apiKey: process.env.ATTESSO_API_KEY,
+});
+
+// Check mandate limits
+const mandate = await client.getMandate('mandate_xyz');
+console.log(`Available: $${mandate.maxAmount / 100}`);
+
+// Execute payment
+const payment = await client.executePayment({
+  mandateId: 'mandate_xyz',
+  amount: 34700, // $347.00
+  merchant: 'United Airlines',
+});
+
+// Get identity token for merchant verification
+const passport = await client.getPassport('mandate_xyz');
+```
+
+## How Users Create Mandates
+
+Users create spending mandates in your web dashboard using WebAuthn passkeys:
+
+```typescript
+// Frontend: User creates mandate with passkey
+import { startAuthentication } from '@simplewebauthn/browser';
+
+// 1. Get authentication options from your backend
+const authOptions = await fetch('/api/auth/webauthn/authenticate/options', {
+  method: 'POST',
+}).then(r => r.json());
+
+// 2. User authenticates with FaceID/TouchID (or QR code on desktop)
+const assertion = await startAuthentication(authOptions);
+
+// 3. Create mandate with the assertion
+const mandate = await fetch('/api/mandates', {
+  method: 'POST',
+  headers: { 'Content-Type': 'application/json' },
+  body: JSON.stringify({
+    botId: 'bot_travel_agent',
+    maxAmount: 50000, // $500.00
+    currency: 'usd',
+    merchant: 'United Airlines',
+    webAuthnAssertion: assertion,
+  }),
+}).then(r => r.json());
+
+// 4. Pass mandateId to your AI agent
+```
+
+### Cross-Device Authentication
+
+On desktops without biometrics (TouchID), WebAuthn automatically shows a QR code. Users scan it with their phone and authenticate using the phone's FaceID/TouchID. The signature still comes from hardware (phone's Secure Enclave).
+
+## Vercel AI SDK Integration
+
+One line gives your AI agent a wallet:
+
+```typescript
+import { generateText } from 'ai';
+import { attesso } from '@attesso/sdk/vercel';
+
+const result = await generateText({
+  model: openai('gpt-4o'),
+  tools: attesso.tools(),
+  prompt: 'Book me a flight to NYC under $500',
+});
+```
+
+### Available Tools
+
+| Tool | Description |
+|------|-------------|
+| `attesso_pay` | Execute payment against mandate |
+| `attesso_get_mandate` | Check spending limits |
+| `attesso_get_passport` | Get identity token |
+| `attesso_capture` | Capture authorized payment |
+| `attesso_cancel` | Cancel and release funds |
+| `attesso_check_balance` | Quick balance check |
+
+### Configuration
+
+```typescript
+const tools = attesso.tools({
+  mandateId: 'mandate_xyz',           // Pre-select mandate
+  merchant: 'United Airlines',        // Lock to merchant
+  maxAmountPerTransaction: 50000,     // $500 cap
+});
+```
+
+## Direct API Access
+
+```typescript
+import { AttessoClient } from '@attesso/sdk';
+
+const client = new AttessoClient({ apiKey: '...' });
+
+// Get mandate details
+const mandate = await client.getMandate(mandateId);
+
+// Execute payment
+const payment = await client.executePayment({
+  mandateId,
+  amount: 10000,
+  merchant: 'Acme Corp',
+});
+
+// Check payment status
+const status = await client.getPayment(payment.id);
+
+// Auth/Capture flow
+const auth = await client.executePayment({
+  mandateId,
+  amount: 50000,
+  merchant: 'Hotel',
+});
+await client.capture(auth.id, { amount: 45000 }); // Final price
+
+// Cancel authorization
+await client.cancel(auth.id);
+
+// Get passport token
+const passport = await client.getPassport(mandateId);
+```
+
+## How It Works
+
+```
+User creates mandate → WebAuthn passkey signs authorization
+        ↓                    (FaceID/TouchID or phone QR)
+Mandate stored → Hardware attestation verified
+        ↓
+AI Agent calls SDK → SDK checks mandate limits
+        ↓
+Payment executed → Funds transferred via Stripe
+        ↓
+Merchant verifies → Passport proves authorized spending
+```
+
+### Security Model
+
+- **WebAuthn Passkeys**: Mandates signed by device Secure Enclave
+- **Cross-Device Support**: QR-based authentication for desktops
+- **User Control**: Instant revocation, spending limits
+- **Cryptographic Identity**: JWT passports verifiable offline
+
+## Infrastructure Security
+
+### Idempotency
+- Idempotency keys required on all payment operations
+- Concurrent duplicates return `409 Conflict`
+- Request payloads hashed to detect tampering
+
+### WebAuthn
+- Origin-bound credentials (phishing-resistant)
+- Single-use challenges with TTL
+- Hardware counter validation
+
+### Rate Limiting
+| Endpoint | Limit |
+|----------|-------|
+| Auth | 5/min |
+| Payments | 30/min |
+| General | 100/min |
+
+### Webhook Processing
+- Stripe event deduplication via `WebhookEvent` table
+- Row-level locking (`SELECT ... FOR UPDATE`)
+- Serializable transaction isolation
+
+### Hardware Security by Device
+
+| Device | Security | Auth Method |
+|--------|----------|-------------|
+| iPhone/iPad | Secure Enclave | FaceID/TouchID |
+| Mac (Touch ID) | Secure Enclave | TouchID |
+| Mac (no Touch ID) | Phone via QR | Phone's Secure Enclave |
+| Windows (Hello) | TPM 2.0 | Windows Hello |
+| Windows (no Hello) | Phone via QR | Requires Bluetooth + manual selection |
+| Android | TEE/StrongBox | Fingerprint/Face |
+
+**Windows Note:** Without Windows Hello, users see a USB security key prompt first. They must click Cancel and select "iPhone/Android" for QR code. Bluetooth must be enabled.
+
+## Application Fee Routing (Optional)
+
+Configure application fees per transaction. The protocol uses an additive settlement model, calculating charges on top of the base amount. This ensures merchant principal preservation while automating fee routing to the connected Stripe account.
+
+### Configuration
+
+```typescript
+// Principal is $100, total authorization is $106
+const payment = await rails.processPayment({
+  amount: 10000, // $100.00 principal amount
+  currency: 'usd',
+  merchant: 'Acme Corp',
+  mandateId: 'mandate_xyz',
+  paymentId: 'payment_abc',
+  userId: 'user_123',
+  applicationFee: {
+    destinationAccountId: 'acct_your_stripe_connect_id',
+    feePercent: 5,     // percentage of principal
+    // OR
+    feeFixed: 100,     // fixed amount (cents)
+    // OR both combined
+  },
+});
+```
+
+### Fee Routing Options
+
+| Parameter | Example | On $100 principal |
+|-----------|---------|-------------------|
+| `feePercent` | `5` | +$5.00 |
+| `feeFixed` | `100` | +$1.00 |
+| Hybrid | `{ percent: 2, fixed: 30 }` | +$2.30 |
+
+### Settlement Model
+
+$100 principal with 1% protocol fee + 5% application fee:
+
+| Settlement | Amount |
+|------------|--------|
+| Net Settlement (Merchant) | $100.00 |
+| Protocol Fee (Attesso) | $1.00 |
+| Application Fee | $5.00 |
+| **Total Authorization** | **$106.00** |
+
+```typescript
+const settlement = rails.calculateFees(10000, 5, 0);
+// { netSettlement: 10000, protocolFee: 100, applicationFee: 500, totalAuthorization: 10600 }
+```
+
+### Requirements
+
+- Stripe Connect account (`acct_...` ID)
+- Application fee routing is optional—omit to disable
+
+## Origin Restrictions (Optional)
+
+Restrict SDK usage to specific domains:
+
+```typescript
+const client = new AttessoClient({
+  apiKey: 'sk_bot_xyz',
+  allowedOrigins: [
+    'https://myapp.com',
+    'https://*.trusted-partner.com',  // Wildcard subdomains
+  ],
+});
+```
+
+Requests from non-allowed origins throw `OriginNotAllowedError`.
+
+## Environment Variables
+
+```bash
+ATTESSO_API_KEY=your_api_key
+ATTESSO_BASE_URL=https://api.attesso.dev  # optional
+```
+
+## TypeScript
+
+Full type safety included:
+
+```typescript
+import type {
+  MandateResponse,
+  PaymentResponse,
+  PassportToken,
+  WebAuthnAssertion,
+} from '@attesso/sdk';
+```
+
+## Requirements
+
+- Node.js 18+
+- For Vercel AI SDK integration: `ai` >= 3.0, `zod` >= 3.0
+
+## License
+
+MIT

package/dist/client.d.ts

@@ -0,0 +1,129 @@
+import type { MandateResponse, PaymentResponse, PassportToken, CapturePaymentResponse, CancelAuthorizationResponse } from '@attesso/types';
+export interface AttessoClientConfig {
+    apiKey?: string;
+    apiUrl?: string;
+    baseUrl?: string;
+    /**
+     * List of allowed origins/domains where the SDK can operate.
+     * If set, SDK will only allow operations when running on these domains.
+     * Supports exact matches and wildcard subdomains (e.g., "*.example.com").
+     *
+     * @example
+     * ```typescript
+     * const client = new AttessoClient({
+     *   apiKey: 'sk_bot_xyz',
+     *   allowedOrigins: ['https://shop.example.com', 'https://*.trusted-merchant.com']
+     * });
+     * ```
+     */
+    allowedOrigins?: string[];
+}
+export interface ExecutePaymentOptions {
+    mandateId: string;
+    amount: number;
+    merchant: string;
+}
+export interface CapturePaymentOptions {
+    amount: number;
+    metadata?: Record<string, string>;
+}
+export declare class AttessoClient {
+    private apiKey;
+    private baseUrl;
+    private allowedOrigins;
+    constructor(config?: AttessoClientConfig);
+    /**
+     * Check if the current origin is allowed.
+     * Returns true if no restrictions are set or if the current origin matches.
+     */
+    private isOriginAllowed;
+    /**
+     * Match origin against allowed pattern.
+     * Supports wildcards for subdomains (e.g., "*.example.com").
+     */
+    private matchesOrigin;
+    /**
+     * Get the current origin (browser context).
+     */
+    private getCurrentOrigin;
+    /**
+     * Validate that the current origin is allowed before making requests.
+     * Throws OriginNotAllowedError if origin is restricted.
+     */
+    private validateOrigin;
+    private request;
+    /**
+     * Get a mandate by ID.
+     */
+    getMandate(mandateId: string): Promise<MandateResponse>;
+    /**
+     * Execute a payment against a mandate.
+     * This is the main method bots use to make purchases.
+     *
+     * @example
+     * ```typescript
+     * const aegis = new AttessoClient({ apiKey: 'your-api-key' });
+     *
+     * const payment = await aegis.executePayment({
+     *   mandateId: 'mandate_xyz',
+     *   amount: 75000, // $750.00 in cents
+     *   merchant: 'United Airlines'
+     * });
+     *
+     * console.log(`Payment ${payment.id} status: ${payment.status}`);
+     * ```
+     */
+    executePayment(options: ExecutePaymentOptions): Promise<PaymentResponse>;
+    /**
+     * Get a payment by ID.
+     */
+    getPayment(paymentId: string): Promise<PaymentResponse>;
+    /**
+     * Get a passport token for making authenticated requests to merchants.
+     * The passport proves to the merchant that this request has authorized spending.
+     */
+    getPassport(mandateId: string): Promise<PassportToken>;
+    /**
+     * Capture a previously authorized payment.
+     * The capture amount must be less than or equal to the authorized amount.
+     *
+     * @param paymentId - The ID of the authorized payment
+     * @param options - Capture options including the final amount
+     *
+     * @example
+     * ```typescript
+     * const payment = await attesso.capture('payment_abc123', {
+     *   amount: 34700,  // $347.00 actual price
+     * });
+     * ```
+     */
+    capture(paymentId: string, options: CapturePaymentOptions): Promise<CapturePaymentResponse>;
+    /**
+     * Cancel an authorization and release the hold on funds.
+     * Use this when the purchase won't proceed (e.g., user cancelled, no suitable flights found).
+     *
+     * @param paymentId - The ID of the authorized payment to cancel
+     *
+     * @example
+     * ```typescript
+     * // User decided not to book
+     * const result = await attesso.cancel('payment_abc123');
+     * console.log('Funds released');
+     * ```
+     */
+    cancel(paymentId: string): Promise<CancelAuthorizationResponse>;
+}
+export declare class AttessoError extends Error {
+    code: string;
+    constructor(code: string, message: string);
+}
+/**
+ * Error thrown when SDK is used from a disallowed origin.
+ */
+export declare class OriginNotAllowedError extends Error {
+    code: string;
+    currentOrigin: string;
+    allowedOrigins: string[];
+    constructor(currentOrigin: string, allowedOrigins: string[]);
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,eAAe,EAEf,eAAe,EAEf,aAAa,EACb,sBAAsB,EACtB,2BAA2B,EAC5B,MAAM,gBAAgB,CAAC;AAExB,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,cAAc,CAAuB;gBAEjC,MAAM,GAAE,mBAAwB;IAM5C;;;OAGG;IACH,OAAO,CAAC,eAAe;IAmBvB;;;OAGG;IACH,OAAO,CAAC,aAAa;IAoCrB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAOxB;;;OAGG;IACH,OAAO,CAAC,cAAc;YAUR,OAAO;IA8BrB;;OAEG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAI7D;;;;;;;;;;;;;;;;OAgBG;IACG,cAAc,CAAC,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,eAAe,CAAC;IAU9E;;OAEG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAI7D;;;OAGG;IACG,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAc5D;;;;;;;;;;;;;OAaG;IACG,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAQjG;;;;;;;;;;;;OAYG;IACG,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,2BAA2B,CAAC;CAMtE;AAED,qBAAa,YAAa,SAAQ,KAAK;IACrC,IAAI,EAAE,MAAM,CAAC;gBAED,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAK1C;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;IAC9C,IAAI,EAAE,MAAM,CAAwB;IACpC,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,EAAE,CAAC;gBAEb,aAAa,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE;CAS5D"}

package/dist/client.js

@@ -0,0 +1,216 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OriginNotAllowedError = exports.AttessoError = exports.AttessoClient = void 0;
+class AttessoClient {
+    apiKey;
+    baseUrl;
+    allowedOrigins;
+    constructor(config = {}) {
+        this.apiKey = config.apiKey;
+        this.baseUrl = config.apiUrl ?? config.baseUrl ?? 'https://api.attesso.dev';
+        this.allowedOrigins = config.allowedOrigins;
+    }
+    /**
+     * Check if the current origin is allowed.
+     * Returns true if no restrictions are set or if the current origin matches.
+     */
+    isOriginAllowed(origin) {
+        if (!this.allowedOrigins || this.allowedOrigins.length === 0) {
+            return true;
+        }
+        // In Node.js/server context, origin may not exist - allow by default
+        if (!origin) {
+            return true;
+        }
+        for (const allowed of this.allowedOrigins) {
+            if (this.matchesOrigin(origin, allowed)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Match origin against allowed pattern.
+     * Supports wildcards for subdomains (e.g., "*.example.com").
+     */
+    matchesOrigin(origin, pattern) {
+        // Exact match
+        if (origin === pattern) {
+            return true;
+        }
+        // Parse both URLs
+        try {
+            const originUrl = new URL(origin);
+            const patternUrl = new URL(pattern);
+            // Protocol must match
+            if (originUrl.protocol !== patternUrl.protocol) {
+                return false;
+            }
+            // Handle wildcard subdomain matching
+            const patternHost = patternUrl.hostname;
+            const originHost = originUrl.hostname;
+            if (patternHost.startsWith('*.')) {
+                const baseDomain = patternHost.slice(2); // Remove "*."
+                // Origin must end with the base domain
+                if (originHost === baseDomain || originHost.endsWith('.' + baseDomain)) {
+                    return true;
+                }
+            }
+            // Exact hostname match
+            return originHost === patternHost;
+        }
+        catch {
+            // If URL parsing fails, do simple string match
+            return origin === pattern;
+        }
+    }
+    /**
+     * Get the current origin (browser context).
+     */
+    getCurrentOrigin() {
+        if (typeof window !== 'undefined' && window.location) {
+            return window.location.origin;
+        }
+        return undefined;
+    }
+    /**
+     * Validate that the current origin is allowed before making requests.
+     * Throws OriginNotAllowedError if origin is restricted.
+     */
+    validateOrigin() {
+        const currentOrigin = this.getCurrentOrigin();
+        if (!this.isOriginAllowed(currentOrigin)) {
+            throw new OriginNotAllowedError(currentOrigin || 'unknown', this.allowedOrigins || []);
+        }
+    }
+    async request(method, path, body) {
+        // Validate origin before making any request
+        this.validateOrigin();
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        if (this.apiKey) {
+            headers['Authorization'] = `Bearer ${this.apiKey}`;
+        }
+        const response = await fetch(`${this.baseUrl}${path}`, {
+            method,
+            headers,
+            body: body ? JSON.stringify(body) : undefined,
+        });
+        if (!response.ok) {
+            const error = (await response.json());
+            throw new AttessoError(error.code, error.message);
+        }
+        return response.json();
+    }
+    /**
+     * Get a mandate by ID.
+     */
+    async getMandate(mandateId) {
+        return this.request('GET', `/v1/mandates/${mandateId}`);
+    }
+    /**
+     * Execute a payment against a mandate.
+     * This is the main method bots use to make purchases.
+     *
+     * @example
+     * ```typescript
+     * const aegis = new AttessoClient({ apiKey: 'your-api-key' });
+     *
+     * const payment = await aegis.executePayment({
+     *   mandateId: 'mandate_xyz',
+     *   amount: 75000, // $750.00 in cents
+     *   merchant: 'United Airlines'
+     * });
+     *
+     * console.log(`Payment ${payment.id} status: ${payment.status}`);
+     * ```
+     */
+    async executePayment(options) {
+        const request = {
+            mandateId: options.mandateId,
+            amount: options.amount,
+            merchant: options.merchant,
+        };
+        return this.request('POST', '/v1/payments', request);
+    }
+    /**
+     * Get a payment by ID.
+     */
+    async getPayment(paymentId) {
+        return this.request('GET', `/v1/payments/${paymentId}`);
+    }
+    /**
+     * Get a passport token for making authenticated requests to merchants.
+     * The passport proves to the merchant that this request has authorized spending.
+     */
+    async getPassport(mandateId) {
+        return this.request('POST', `/v1/passports/mandate/${mandateId}`);
+    }
+    // ============================================================
+    // CAPTURE & CANCEL METHODS
+    // Note: Authorization happens automatically when the USER creates
+    // a mandate via FaceID on their mobile app. Bots can only capture
+    // or cancel existing authorizations.
+    // ============================================================
+    /**
+     * Capture a previously authorized payment.
+     * The capture amount must be less than or equal to the authorized amount.
+     *
+     * @param paymentId - The ID of the authorized payment
+     * @param options - Capture options including the final amount
+     *
+     * @example
+     * ```typescript
+     * const payment = await attesso.capture('payment_abc123', {
+     *   amount: 34700,  // $347.00 actual price
+     * });
+     * ```
+     */
+    async capture(paymentId, options) {
+        return this.request('POST', `/v1/payments/${paymentId}/capture`, options);
+    }
+    /**
+     * Cancel an authorization and release the hold on funds.
+     * Use this when the purchase won't proceed (e.g., user cancelled, no suitable flights found).
+     *
+     * @param paymentId - The ID of the authorized payment to cancel
+     *
+     * @example
+     * ```typescript
+     * // User decided not to book
+     * const result = await attesso.cancel('payment_abc123');
+     * console.log('Funds released');
+     * ```
+     */
+    async cancel(paymentId) {
+        return this.request('POST', `/v1/payments/${paymentId}/cancel`);
+    }
+}
+exports.AttessoClient = AttessoClient;
+class AttessoError extends Error {
+    code;
+    constructor(code, message) {
+        super(message);
+        this.name = 'AttessoError';
+        this.code = code;
+    }
+}
+exports.AttessoError = AttessoError;
+/**
+ * Error thrown when SDK is used from a disallowed origin.
+ */
+class OriginNotAllowedError extends Error {
+    code = 'ORIGIN_NOT_ALLOWED';
+    currentOrigin;
+    allowedOrigins;
+    constructor(currentOrigin, allowedOrigins) {
+        super(`SDK operations are not allowed from origin "${currentOrigin}". ` +
+            `Allowed origins: ${allowedOrigins.join(', ')}`);
+        this.name = 'OriginNotAllowedError';
+        this.currentOrigin = currentOrigin;
+        this.allowedOrigins = allowedOrigins;
+    }
+}
+exports.OriginNotAllowedError = OriginNotAllowedError;
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";;;AAyCA,MAAa,aAAa;IAChB,MAAM,CAAqB;IAC3B,OAAO,CAAS;IAChB,cAAc,CAAuB;IAE7C,YAAY,SAA8B,EAAE;QAC1C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,IAAI,yBAAyB,CAAC;QAC5E,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;IAC9C,CAAC;IAED;;;OAGG;IACK,eAAe,CAAC,MAAe;QACrC,IAAI,CAAC,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,qEAAqE;QACrE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC1C,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;gBACxC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACK,aAAa,CAAC,MAAc,EAAE,OAAe;QACnD,cAAc;QACd,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kBAAkB;QAClB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;YAClC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;YAEpC,sBAAsB;YACtB,IAAI,SAAS,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ,EAAE,CAAC;gBAC/C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,qCAAqC;YACrC,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC;YACxC,MAAM,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC;YAEtC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc;gBACvD,uCAAuC;gBACvC,IAAI,UAAU,KAAK,UAAU,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,CAAC;oBACvE,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,uBAAuB;YACvB,OAAO,UAAU,KAAK,WAAW,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;YAC/C,OAAO,MAAM,KAAK,OAAO,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACK,gBAAgB;QACtB,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrD,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAChC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;OAGG;IACK,cAAc;QACpB,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,qBAAqB,CAC7B,aAAa,IAAI,SAAS,EAC1B,IAAI,CAAC,cAAc,IAAI,EAAE,CAC1B,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,MAAc,EACd,IAAY,EACZ,IAAc;QAEd,4CAA4C;QAC5C,IAAI,CAAC,cAAc,EAAE,CAAC;QAEtB,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;SACnC,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,IAAI,CAAC,MAAM,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,EAAE;YACrD,MAAM;YACN,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;SAC9C,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiB,CAAC;YACtD,MAAM,IAAI,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,EAAgB,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,OAAO,IAAI,CAAC,OAAO,CAAkB,KAAK,EAAE,gBAAgB,SAAS,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,KAAK,CAAC,cAAc,CAAC,OAA8B;QACjD,MAAM,OAAO,GAA0B;YACrC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;QAEF,OAAO,IAAI,CAAC,OAAO,CAAkB,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,OAAO,IAAI,CAAC,OAAO,CAAkB,KAAK,EAAE,gBAAgB,SAAS,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,SAAiB;QACjC,OAAO,IAAI,CAAC,OAAO,CACjB,MAAM,EACN,yBAAyB,SAAS,EAAE,CACrC,CAAC;IACJ,CAAC;IAED,+DAA+D;IAC/D,2BAA2B;IAC3B,kEAAkE;IAClE,kEAAkE;IAClE,qCAAqC;IACrC,+DAA+D;IAE/D;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,OAAO,CAAC,SAAiB,EAAE,OAA8B;QAC7D,OAAO,IAAI,CAAC,OAAO,CACjB,MAAM,EACN,gBAAgB,SAAS,UAAU,EACnC,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,OAAO,IAAI,CAAC,OAAO,CACjB,MAAM,EACN,gBAAgB,SAAS,SAAS,CACnC,CAAC;IACJ,CAAC;CACF;AApOD,sCAoOC;AAED,MAAa,YAAa,SAAQ,KAAK;IACrC,IAAI,CAAS;IAEb,YAAY,IAAY,EAAE,OAAe;QACvC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AARD,oCAQC;AAED;;GAEG;AACH,MAAa,qBAAsB,SAAQ,KAAK;IAC9C,IAAI,GAAW,oBAAoB,CAAC;IACpC,aAAa,CAAS;IACtB,cAAc,CAAW;IAEzB,YAAY,aAAqB,EAAE,cAAwB;QACzD,KAAK,CACH,+CAA+C,aAAa,KAAK;YACjE,oBAAoB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAChD,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;QACpC,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACvC,CAAC;CACF;AAdD,sDAcC"}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { AttessoClient, AttessoError, OriginNotAllowedError } from './client.js';
+export type { AttessoClientConfig, ExecutePaymentOptions, CapturePaymentOptions, } from './client.js';
+export { verifyPassport, clearJwksCache, gatekeeperMiddleware } from '@attesso/gatekeeper';
+export type { VerifyPassportOptions, GatekeeperConfig, AttessoRequest } from '@attesso/gatekeeper';
+export type { Mandate, MandateResponse, MandateStatus, Payment, PaymentResponse, PaymentStatus, PaymentError, PaymentErrorCode, PassportToken, PassportPayload, VerifyPassportResult, CapturePaymentResponse, CancelAuthorizationResponse, } from '@attesso/types';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACjF,YAAY,EACV,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3F,YAAY,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAGnG,YAAY,EACV,OAAO,EACP,eAAe,EACf,aAAa,EACb,OAAO,EACP,eAAe,EACf,aAAa,EACb,YAAY,EACZ,gBAAgB,EAChB,aAAa,EACb,eAAe,EACf,oBAAoB,EACpB,sBAAsB,EACtB,2BAA2B,GAC5B,MAAM,gBAAgB,CAAC"}

package/dist/index.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.gatekeeperMiddleware = exports.clearJwksCache = exports.verifyPassport = exports.OriginNotAllowedError = exports.AttessoError = exports.AttessoClient = void 0;
+var client_js_1 = require("./client.js");
+Object.defineProperty(exports, "AttessoClient", { enumerable: true, get: function () { return client_js_1.AttessoClient; } });
+Object.defineProperty(exports, "AttessoError", { enumerable: true, get: function () { return client_js_1.AttessoError; } });
+Object.defineProperty(exports, "OriginNotAllowedError", { enumerable: true, get: function () { return client_js_1.OriginNotAllowedError; } });
+// Re-export gatekeeper for one-click merchant DX
+var gatekeeper_1 = require("@attesso/gatekeeper");
+Object.defineProperty(exports, "verifyPassport", { enumerable: true, get: function () { return gatekeeper_1.verifyPassport; } });
+Object.defineProperty(exports, "clearJwksCache", { enumerable: true, get: function () { return gatekeeper_1.clearJwksCache; } });
+Object.defineProperty(exports, "gatekeeperMiddleware", { enumerable: true, get: function () { return gatekeeper_1.gatekeeperMiddleware; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,yCAAiF;AAAxE,0GAAA,aAAa,OAAA;AAAE,yGAAA,YAAY,OAAA;AAAE,kHAAA,qBAAqB,OAAA;AAO3D,iDAAiD;AACjD,kDAA2F;AAAlF,4GAAA,cAAc,OAAA;AAAE,4GAAA,cAAc,OAAA;AAAE,kHAAA,oBAAoB,OAAA"}

package/dist/vercel/index.d.ts

@@ -0,0 +1,281 @@
+/**
+ * Vercel AI SDK Integration for Attesso
+ *
+ * Provides pre-built tools that instantly give AI agents wallet and identity capabilities.
+ *
+ * @example
+ * ```typescript
+ * import { generateText } from 'ai';
+ * import { attesso } from '@attesso/sdk/vercel';
+ *
+ * const result = await generateText({
+ *   model: openai('gpt-4o'),
+ *   tools: attesso.tools(),
+ *   prompt: 'Book me a flight to NYC under $500',
+ * });
+ * ```
+ */
+import { z } from 'zod';
+import { AttessoClient } from '../client.js';
+import type { MandateResponse, PaymentResponse, PassportToken, CapturePaymentResponse, CancelAuthorizationResponse } from '@attesso/types';
+export interface AttessoToolsConfig {
+    /**
+     * Attesso API key. Falls back to ATTESSO_API_KEY env var.
+     */
+    apiKey?: string;
+    /**
+     * Base URL for the Attesso API.
+     * @default "https://api.attesso.dev"
+     */
+    baseUrl?: string;
+    /**
+     * If provided, the mandate ID to use for all operations.
+     * This enables "zero-config" mode where the agent already has a mandate.
+     */
+    mandateId?: string;
+    /**
+     * If provided, restrict payments to this merchant only.
+     */
+    merchant?: string;
+    /**
+     * Maximum amount (in cents) the agent can spend per transaction.
+     * Provides an additional guardrail on top of mandate limits.
+     */
+    maxAmountPerTransaction?: number;
+}
+/**
+ * Zod schemas for tool inputs - these are shared with AI models
+ */
+declare const schemas: {
+    getMandate: z.ZodObject<{
+        mandateId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        mandateId: string;
+    }, {
+        mandateId: string;
+    }>;
+    executePayment: z.ZodObject<{
+        mandateId: z.ZodString;
+        amount: z.ZodNumber;
+        merchant: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        mandateId: string;
+        amount: number;
+        merchant: string;
+    }, {
+        mandateId: string;
+        amount: number;
+        merchant: string;
+    }>;
+    getPayment: z.ZodObject<{
+        paymentId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        paymentId: string;
+    }, {
+        paymentId: string;
+    }>;
+    getPassport: z.ZodObject<{
+        mandateId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        mandateId: string;
+    }, {
+        mandateId: string;
+    }>;
+    capture: z.ZodObject<{
+        paymentId: z.ZodString;
+        amount: z.ZodNumber;
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    }, "strip", z.ZodTypeAny, {
+        amount: number;
+        paymentId: string;
+        metadata?: Record<string, string> | undefined;
+    }, {
+        amount: number;
+        paymentId: string;
+        metadata?: Record<string, string> | undefined;
+    }>;
+    cancel: z.ZodObject<{
+        paymentId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        paymentId: string;
+    }, {
+        paymentId: string;
+    }>;
+    checkBalance: z.ZodObject<{
+        mandateId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        mandateId: string;
+    }, {
+        mandateId: string;
+    }>;
+    empty: z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>;
+};
+/**
+ * Creates the Attesso tools bundle for Vercel AI SDK.
+ *
+ * @example Basic usage
+ * ```typescript
+ * import { generateText } from 'ai';
+ * import { attesso } from '@attesso/sdk/vercel';
+ *
+ * const result = await generateText({
+ *   model: openai('gpt-4o'),
+ *   tools: attesso.tools(),
+ *   prompt: 'Book me a flight to NYC',
+ * });
+ * ```
+ *
+ * @example With pre-configured mandate
+ * ```typescript
+ * const result = await generateText({
+ *   model: openai('gpt-4o'),
+ *   tools: attesso.tools({
+ *     mandateId: 'mandate_xyz',
+ *     maxAmountPerTransaction: 50000, // $500 cap
+ *   }),
+ *   prompt: 'Find and book the best hotel deal',
+ * });
+ * ```
+ */
+declare function createAttessoTools(config?: AttessoToolsConfig): {
+    /**
+     * Get mandate details to check spending limits and status.
+     * Use this before making a purchase to verify available funds.
+     */
+    attesso_get_mandate: import("ai").Tool<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>, MandateResponse> & {
+        execute: (args: {}, options: import("ai").ToolExecutionOptions) => PromiseLike<MandateResponse>;
+    };
+    /**
+     * Execute a payment against a mandate.
+     * This is the main tool for making purchases.
+     */
+    attesso_pay: import("ai").Tool<z.ZodObject<{
+        amount: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+        amount: number;
+    }, {
+        amount: number;
+    }>, PaymentResponse> & {
+        execute: (args: {
+            amount: number;
+        }, options: import("ai").ToolExecutionOptions) => PromiseLike<PaymentResponse>;
+    };
+    /**
+     * Get payment status and details.
+     */
+    attesso_get_payment: import("ai").Tool<z.ZodObject<{
+        paymentId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        paymentId: string;
+    }, {
+        paymentId: string;
+    }>, PaymentResponse> & {
+        execute: (args: {
+            paymentId: string;
+        }, options: import("ai").ToolExecutionOptions) => PromiseLike<PaymentResponse>;
+    };
+    /**
+     * Get a passport token for authenticated merchant access.
+     * This proves to merchants that the agent has authorized spending power.
+     */
+    attesso_get_passport: import("ai").Tool<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>, PassportToken> & {
+        execute: (args: {}, options: import("ai").ToolExecutionOptions) => PromiseLike<PassportToken>;
+    };
+    /**
+     * Capture a previously authorized payment.
+     * Use this in auth/capture flow when the final price is known.
+     */
+    attesso_capture: import("ai").Tool<z.ZodObject<{
+        paymentId: z.ZodString;
+        amount: z.ZodNumber;
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    }, "strip", z.ZodTypeAny, {
+        amount: number;
+        paymentId: string;
+        metadata?: Record<string, string> | undefined;
+    }, {
+        amount: number;
+        paymentId: string;
+        metadata?: Record<string, string> | undefined;
+    }>, CapturePaymentResponse> & {
+        execute: (args: {
+            amount: number;
+            paymentId: string;
+            metadata?: Record<string, string> | undefined;
+        }, options: import("ai").ToolExecutionOptions) => PromiseLike<CapturePaymentResponse>;
+    };
+    /**
+     * Cancel an authorization and release held funds.
+     * Use this when a purchase won't proceed.
+     */
+    attesso_cancel: import("ai").Tool<z.ZodObject<{
+        paymentId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        paymentId: string;
+    }, {
+        paymentId: string;
+    }>, CancelAuthorizationResponse> & {
+        execute: (args: {
+            paymentId: string;
+        }, options: import("ai").ToolExecutionOptions) => PromiseLike<CancelAuthorizationResponse>;
+    };
+    /**
+     * Check remaining balance on a mandate.
+     * Convenience tool that wraps getMandate for quick balance checks.
+     */
+    attesso_check_balance: import("ai").Tool<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>, {
+        available: number;
+        currency: string;
+        status: string;
+    }> & {
+        execute: (args: {}, options: import("ai").ToolExecutionOptions) => PromiseLike<{
+            available: number;
+            currency: string;
+            status: string;
+        }>;
+    };
+};
+/**
+ * Attesso integration for Vercel AI SDK.
+ *
+ * @example One-import usage
+ * ```typescript
+ * import { generateText } from 'ai';
+ * import { attesso } from '@attesso/sdk/vercel';
+ *
+ * const result = await generateText({
+ *   model: openai('gpt-4o'),
+ *   tools: attesso.tools(),
+ *   prompt: 'Book me a flight to NYC under $500',
+ * });
+ * ```
+ *
+ * @example With configuration
+ * ```typescript
+ * const result = await generateText({
+ *   model: openai('gpt-4o'),
+ *   tools: attesso.tools({
+ *     mandateId: mandate.id,
+ *     merchant: 'United Airlines',
+ *   }),
+ *   prompt: 'Find and book the cheapest flight',
+ * });
+ * ```
+ */
+export declare const attesso: {
+    /**
+     * Create Attesso tools for use with Vercel AI SDK.
+     * Returns a tool bundle that can be spread into the tools object.
+     */
+    tools: typeof createAttessoTools;
+    /**
+     * Create an Attesso client for direct API access.
+     * Use this when you need more control than the tools provide.
+     */
+    client: (config?: {
+        apiKey?: string;
+        baseUrl?: string;
+    }) => AttessoClient;
+};
+export { createAttessoTools, schemas as attessoSchemas };
+//# sourceMappingURL=index.d.ts.map

package/dist/vercel/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/vercel/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,aAAa,EAAgB,MAAM,cAAc,CAAC;AAC3D,OAAO,KAAK,EACV,eAAe,EACf,eAAe,EACf,aAAa,EACb,sBAAsB,EACtB,2BAA2B,EAC5B,MAAM,gBAAgB,CAAC;AAMxB,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC;AAMD;;GAEG;AACH,QAAA,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkCZ,CAAC;AAMF;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,iBAAS,kBAAkB,CAAC,MAAM,GAAE,kBAAuB;IAWvD;;;OAGG;;;;IAeH;;;OAGG;;;;;;;;;;;;IA2CH;;OAEG;;;;;;;;;;;;IAWH;;;OAGG;;;;IAgBH;;;OAGG;;;;;;;;;;;;;;;;;;;;IAaH;;;OAGG;;;;;;;;;;;;IAYH;;;OAGG;;mBAM4C,MAAM;kBAAY,MAAM;gBAAU,MAAM;;;uBAAxC,MAAM;sBAAY,MAAM;oBAAU,MAAM;;;EAc1F;AAMD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,eAAO,MAAM,OAAO;IAClB;;;OAGG;;IAGH;;;OAGG;sBACe;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE;CAKxD,CAAC;AAGF,OAAO,EAAE,kBAAkB,EAAE,OAAO,IAAI,cAAc,EAAE,CAAC"}

package/dist/vercel/index.js

@@ -0,0 +1,276 @@
+"use strict";
+/**
+ * Vercel AI SDK Integration for Attesso
+ *
+ * Provides pre-built tools that instantly give AI agents wallet and identity capabilities.
+ *
+ * @example
+ * ```typescript
+ * import { generateText } from 'ai';
+ * import { attesso } from '@attesso/sdk/vercel';
+ *
+ * const result = await generateText({
+ *   model: openai('gpt-4o'),
+ *   tools: attesso.tools(),
+ *   prompt: 'Book me a flight to NYC under $500',
+ * });
+ * ```
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.attessoSchemas = exports.attesso = void 0;
+exports.createAttessoTools = createAttessoTools;
+const ai_1 = require("ai");
+const zod_1 = require("zod");
+const client_js_1 = require("../client.js");
+// ============================================================
+// TOOL DEFINITIONS
+// ============================================================
+/**
+ * Zod schemas for tool inputs - these are shared with AI models
+ */
+const schemas = {
+    getMandate: zod_1.z.object({
+        mandateId: zod_1.z.string().describe('The unique identifier of the mandate to retrieve'),
+    }),
+    executePayment: zod_1.z.object({
+        mandateId: zod_1.z.string().describe('The mandate ID authorizing this payment'),
+        amount: zod_1.z.number().positive().describe('Amount to charge in cents (e.g., 34700 for $347.00)'),
+        merchant: zod_1.z.string().describe('Name of the merchant receiving payment'),
+    }),
+    getPayment: zod_1.z.object({
+        paymentId: zod_1.z.string().describe('The unique identifier of the payment to retrieve'),
+    }),
+    getPassport: zod_1.z.object({
+        mandateId: zod_1.z.string().describe('The mandate ID to generate a passport for'),
+    }),
+    capture: zod_1.z.object({
+        paymentId: zod_1.z.string().describe('The payment ID to capture'),
+        amount: zod_1.z.number().positive().describe('Final amount to capture in cents (must be <= authorized amount)'),
+        metadata: zod_1.z.record(zod_1.z.string()).optional().describe('Optional metadata to attach to the capture'),
+    }),
+    cancel: zod_1.z.object({
+        paymentId: zod_1.z.string().describe('The payment ID to cancel and release funds'),
+    }),
+    checkBalance: zod_1.z.object({
+        mandateId: zod_1.z.string().describe('The mandate ID to check remaining balance for'),
+    }),
+    empty: zod_1.z.object({}),
+};
+exports.attessoSchemas = schemas;
+// ============================================================
+// ATTESSO TOOLS FACTORY
+// ============================================================
+/**
+ * Creates the Attesso tools bundle for Vercel AI SDK.
+ *
+ * @example Basic usage
+ * ```typescript
+ * import { generateText } from 'ai';
+ * import { attesso } from '@attesso/sdk/vercel';
+ *
+ * const result = await generateText({
+ *   model: openai('gpt-4o'),
+ *   tools: attesso.tools(),
+ *   prompt: 'Book me a flight to NYC',
+ * });
+ * ```
+ *
+ * @example With pre-configured mandate
+ * ```typescript
+ * const result = await generateText({
+ *   model: openai('gpt-4o'),
+ *   tools: attesso.tools({
+ *     mandateId: 'mandate_xyz',
+ *     maxAmountPerTransaction: 50000, // $500 cap
+ *   }),
+ *   prompt: 'Find and book the best hotel deal',
+ * });
+ * ```
+ */
+function createAttessoTools(config = {}) {
+    const client = new client_js_1.AttessoClient({
+        apiKey: config.apiKey ?? process.env.ATTESSO_API_KEY,
+        baseUrl: config.baseUrl,
+    });
+    const defaultMandateId = config.mandateId;
+    const defaultMerchant = config.merchant;
+    const maxAmount = config.maxAmountPerTransaction;
+    return {
+        /**
+         * Get mandate details to check spending limits and status.
+         * Use this before making a purchase to verify available funds.
+         */
+        attesso_get_mandate: (0, ai_1.tool)({
+            description: 'Get details about a spending mandate including the maximum amount, status, and restrictions. ' +
+                'Use this to check how much money is available before making a purchase.',
+            parameters: defaultMandateId ? schemas.empty : schemas.getMandate,
+            execute: async (input) => {
+                const mandateId = defaultMandateId ?? input.mandateId;
+                if (!mandateId) {
+                    throw new client_js_1.AttessoError('MANDATE_NOT_FOUND', 'mandateId is required');
+                }
+                return client.getMandate(mandateId);
+            },
+        }),
+        /**
+         * Execute a payment against a mandate.
+         * This is the main tool for making purchases.
+         */
+        attesso_pay: (0, ai_1.tool)({
+            description: 'Execute a payment to purchase something. The payment will be charged against the user\'s pre-authorized mandate. ' +
+                'Amount must be in cents (e.g., 34700 for $347.00). ' +
+                'Only call this after finding the best deal and confirming the price.',
+            parameters: defaultMandateId && defaultMerchant
+                ? zod_1.z.object({ amount: schemas.executePayment.shape.amount })
+                : defaultMandateId
+                    ? zod_1.z.object({
+                        amount: schemas.executePayment.shape.amount,
+                        merchant: schemas.executePayment.shape.merchant,
+                    })
+                    : defaultMerchant
+                        ? zod_1.z.object({
+                            mandateId: schemas.executePayment.shape.mandateId,
+                            amount: schemas.executePayment.shape.amount,
+                        })
+                        : schemas.executePayment,
+            execute: async (input) => {
+                const mandateId = defaultMandateId ?? input.mandateId;
+                const merchant = defaultMerchant ?? input.merchant;
+                const { amount } = input;
+                if (!mandateId) {
+                    throw new client_js_1.AttessoError('MANDATE_NOT_FOUND', 'mandateId is required');
+                }
+                if (!merchant) {
+                    throw new client_js_1.AttessoError('MERCHANT_MISMATCH', 'merchant is required');
+                }
+                // Apply optional transaction cap
+                if (maxAmount && amount > maxAmount) {
+                    throw new client_js_1.AttessoError('AMOUNT_EXCEEDS_LIMIT', `Amount ${amount} exceeds maximum allowed per transaction (${maxAmount})`);
+                }
+                return client.executePayment({ mandateId, amount, merchant });
+            },
+        }),
+        /**
+         * Get payment status and details.
+         */
+        attesso_get_payment: (0, ai_1.tool)({
+            description: 'Get the status and details of a specific payment. ' +
+                'Use this to verify a payment was successful or check its current status.',
+            parameters: schemas.getPayment,
+            execute: async ({ paymentId }) => {
+                return client.getPayment(paymentId);
+            },
+        }),
+        /**
+         * Get a passport token for authenticated merchant access.
+         * This proves to merchants that the agent has authorized spending power.
+         */
+        attesso_get_passport: (0, ai_1.tool)({
+            description: 'Get a passport token that proves authorized spending power to merchants. ' +
+                'Some merchants require this for fast-lane checkout without additional verification. ' +
+                'The passport includes solvency proof and reputation data.',
+            parameters: defaultMandateId ? schemas.empty : schemas.getPassport,
+            execute: async (input) => {
+                const mandateId = defaultMandateId ?? input.mandateId;
+                if (!mandateId) {
+                    throw new client_js_1.AttessoError('MANDATE_NOT_FOUND', 'mandateId is required');
+                }
+                return client.getPassport(mandateId);
+            },
+        }),
+        /**
+         * Capture a previously authorized payment.
+         * Use this in auth/capture flow when the final price is known.
+         */
+        attesso_capture: (0, ai_1.tool)({
+            description: 'Capture a previously authorized payment with the final amount. ' +
+                'Use this when the exact price is known (e.g., after finding the best flight). ' +
+                'The capture amount must be less than or equal to the authorized amount. ' +
+                'Any excess funds are automatically released.',
+            parameters: schemas.capture,
+            execute: async ({ paymentId, amount, metadata }) => {
+                return client.capture(paymentId, { amount, metadata });
+            },
+        }),
+        /**
+         * Cancel an authorization and release held funds.
+         * Use this when a purchase won't proceed.
+         */
+        attesso_cancel: (0, ai_1.tool)({
+            description: 'Cancel an authorization and release the held funds back to the user. ' +
+                'Use this when a purchase won\'t proceed (e.g., no suitable options found, user changed mind). ' +
+                'Always cancel unused authorizations promptly.',
+            parameters: schemas.cancel,
+            execute: async ({ paymentId }) => {
+                return client.cancel(paymentId);
+            },
+        }),
+        /**
+         * Check remaining balance on a mandate.
+         * Convenience tool that wraps getMandate for quick balance checks.
+         */
+        attesso_check_balance: (0, ai_1.tool)({
+            description: 'Quickly check how much money is available to spend on a mandate. ' +
+                'Returns the maximum amount and current status.',
+            parameters: defaultMandateId ? schemas.empty : schemas.checkBalance,
+            execute: async (input) => {
+                const mandateId = defaultMandateId ?? input.mandateId;
+                if (!mandateId) {
+                    throw new client_js_1.AttessoError('MANDATE_NOT_FOUND', 'mandateId is required');
+                }
+                const mandate = await client.getMandate(mandateId);
+                return {
+                    available: mandate.maxAmount,
+                    currency: mandate.currency,
+                    status: mandate.status,
+                };
+            },
+        }),
+    };
+}
+// ============================================================
+// MAIN EXPORT
+// ============================================================
+/**
+ * Attesso integration for Vercel AI SDK.
+ *
+ * @example One-import usage
+ * ```typescript
+ * import { generateText } from 'ai';
+ * import { attesso } from '@attesso/sdk/vercel';
+ *
+ * const result = await generateText({
+ *   model: openai('gpt-4o'),
+ *   tools: attesso.tools(),
+ *   prompt: 'Book me a flight to NYC under $500',
+ * });
+ * ```
+ *
+ * @example With configuration
+ * ```typescript
+ * const result = await generateText({
+ *   model: openai('gpt-4o'),
+ *   tools: attesso.tools({
+ *     mandateId: mandate.id,
+ *     merchant: 'United Airlines',
+ *   }),
+ *   prompt: 'Find and book the cheapest flight',
+ * });
+ * ```
+ */
+exports.attesso = {
+    /**
+     * Create Attesso tools for use with Vercel AI SDK.
+     * Returns a tool bundle that can be spread into the tools object.
+     */
+    tools: createAttessoTools,
+    /**
+     * Create an Attesso client for direct API access.
+     * Use this when you need more control than the tools provide.
+     */
+    client: (config) => new client_js_1.AttessoClient({
+        apiKey: config?.apiKey ?? process.env.ATTESSO_API_KEY,
+        baseUrl: config?.baseUrl,
+    }),
+};
+//# sourceMappingURL=index.js.map

package/dist/vercel/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/vercel/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;AA8UM,gDAAkB;AA5U3B,2BAA0B;AAC1B,6BAAwB;AACxB,4CAA2D;AA2C3D,+DAA+D;AAC/D,mBAAmB;AACnB,+DAA+D;AAE/D;;GAEG;AACH,MAAM,OAAO,GAAG;IACd,UAAU,EAAE,OAAC,CAAC,MAAM,CAAC;QACnB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kDAAkD,CAAC;KACnF,CAAC;IAEF,cAAc,EAAE,OAAC,CAAC,MAAM,CAAC;QACvB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;QACzE,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qDAAqD,CAAC;QAC7F,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;KACxE,CAAC;IAEF,UAAU,EAAE,OAAC,CAAC,MAAM,CAAC;QACnB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kDAAkD,CAAC;KACnF,CAAC;IAEF,WAAW,EAAE,OAAC,CAAC,MAAM,CAAC;QACpB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;KAC5E,CAAC;IAEF,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC;QAChB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;QAC3D,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iEAAiE,CAAC;QACzG,QAAQ,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;KACjG,CAAC;IAEF,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC;QACf,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;KAC7E,CAAC;IAEF,YAAY,EAAE,OAAC,CAAC,MAAM,CAAC;QACrB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+CAA+C,CAAC;KAChF,CAAC;IAEF,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,CAAC;CACpB,CAAC;AAsPsC,iCAAc;AApPtD,+DAA+D;AAC/D,wBAAwB;AACxB,+DAA+D;AAE/D;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,SAAS,kBAAkB,CAAC,SAA6B,EAAE;IACzD,MAAM,MAAM,GAAG,IAAI,yBAAa,CAAC;QAC/B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe;QACpD,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,MAAM,CAAC,SAAS,CAAC;IAC1C,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC;IACxC,MAAM,SAAS,GAAG,MAAM,CAAC,uBAAuB,CAAC;IAEjD,OAAO;QACL;;;WAGG;QACH,mBAAmB,EAAE,IAAA,SAAI,EAAC;YACxB,WAAW,EACT,+FAA+F;gBAC/F,yEAAyE;YAC3E,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU;YACjE,OAAO,EAAE,KAAK,EAAE,KAAK,EAA4B,EAAE;gBACjD,MAAM,SAAS,GAAG,gBAAgB,IAAK,KAAgC,CAAC,SAAS,CAAC;gBAClF,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,MAAM,IAAI,wBAAY,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC;gBACvE,CAAC;gBACD,OAAO,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACtC,CAAC;SACF,CAAC;QAEF;;;WAGG;QACH,WAAW,EAAE,IAAA,SAAI,EAAC;YAChB,WAAW,EACT,mHAAmH;gBACnH,qDAAqD;gBACrD,sEAAsE;YACxE,UAAU,EAAE,gBAAgB,IAAI,eAAe;gBAC7C,CAAC,CAAC,OAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;gBAC3D,CAAC,CAAC,gBAAgB;oBAChB,CAAC,CAAC,OAAC,CAAC,MAAM,CAAC;wBACP,MAAM,EAAE,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,MAAM;wBAC3C,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ;qBAChD,CAAC;oBACJ,CAAC,CAAC,eAAe;wBACf,CAAC,CAAC,OAAC,CAAC,MAAM,CAAC;4BACP,SAAS,EAAE,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,SAAS;4BACjD,MAAM,EAAE,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,MAAM;yBAC5C,CAAC;wBACJ,CAAC,CAAC,OAAO,CAAC,cAAc;YAC9B,OAAO,EAAE,KAAK,EAAE,KAAK,EAA4B,EAAE;gBACjD,MAAM,SAAS,GAAG,gBAAgB,IAAK,KAAgC,CAAC,SAAS,CAAC;gBAClF,MAAM,QAAQ,GAAG,eAAe,IAAK,KAA+B,CAAC,QAAQ,CAAC;gBAC9E,MAAM,EAAE,MAAM,EAAE,GAAG,KAA2B,CAAC;gBAE/C,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,MAAM,IAAI,wBAAY,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC;gBACvE,CAAC;gBACD,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACd,MAAM,IAAI,wBAAY,CAAC,mBAAmB,EAAE,sBAAsB,CAAC,CAAC;gBACtE,CAAC;gBAED,iCAAiC;gBACjC,IAAI,SAAS,IAAI,MAAM,GAAG,SAAS,EAAE,CAAC;oBACpC,MAAM,IAAI,wBAAY,CACpB,sBAAsB,EACtB,UAAU,MAAM,6CAA6C,SAAS,GAAG,CAC1E,CAAC;gBACJ,CAAC;gBAED,OAAO,MAAM,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;YAChE,CAAC;SACF,CAAC;QAEF;;WAEG;QACH,mBAAmB,EAAE,IAAA,SAAI,EAAC;YACxB,WAAW,EACT,oDAAoD;gBACpD,0EAA0E;YAC5E,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,OAAO,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,EAA4B,EAAE;gBACzD,OAAO,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACtC,CAAC;SACF,CAAC;QAEF;;;WAGG;QACH,oBAAoB,EAAE,IAAA,SAAI,EAAC;YACzB,WAAW,EACT,2EAA2E;gBAC3E,sFAAsF;gBACtF,2DAA2D;YAC7D,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW;YAClE,OAAO,EAAE,KAAK,EAAE,KAAK,EAA0B,EAAE;gBAC/C,MAAM,SAAS,GAAG,gBAAgB,IAAK,KAAgC,CAAC,SAAS,CAAC;gBAClF,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,MAAM,IAAI,wBAAY,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC;gBACvE,CAAC;gBACD,OAAO,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACvC,CAAC;SACF,CAAC;QAEF;;;WAGG;QACH,eAAe,EAAE,IAAA,SAAI,EAAC;YACpB,WAAW,EACT,iEAAiE;gBACjE,gFAAgF;gBAChF,0EAA0E;gBAC1E,8CAA8C;YAChD,UAAU,EAAE,OAAO,CAAC,OAAO;YAC3B,OAAO,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAmC,EAAE;gBAClF,OAAO,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;YACzD,CAAC;SACF,CAAC;QAEF;;;WAGG;QACH,cAAc,EAAE,IAAA,SAAI,EAAC;YACnB,WAAW,EACT,uEAAuE;gBACvE,gGAAgG;gBAChG,+CAA+C;YACjD,UAAU,EAAE,OAAO,CAAC,MAAM;YAC1B,OAAO,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,EAAwC,EAAE;gBACrE,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAClC,CAAC;SACF,CAAC;QAEF;;;WAGG;QACH,qBAAqB,EAAE,IAAA,SAAI,EAAC;YAC1B,WAAW,EACT,mEAAmE;gBACnE,gDAAgD;YAClD,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY;YACnE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAoE,EAAE;gBACzF,MAAM,SAAS,GAAG,gBAAgB,IAAK,KAAgC,CAAC,SAAS,CAAC;gBAClF,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,MAAM,IAAI,wBAAY,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC;gBACvE,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;gBACnD,OAAO;oBACL,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;iBACvB,CAAC;YACJ,CAAC;SACF,CAAC;KACH,CAAC;AACJ,CAAC;AAED,+DAA+D;AAC/D,cAAc;AACd,+DAA+D;AAE/D;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACU,QAAA,OAAO,GAAG;IACrB;;;OAGG;IACH,KAAK,EAAE,kBAAkB;IAEzB;;;OAGG;IACH,MAAM,EAAE,CAAC,MAA8C,EAAE,EAAE,CACzD,IAAI,yBAAa,CAAC;QAChB,MAAM,EAAE,MAAM,EAAE,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe;QACrD,OAAO,EAAE,MAAM,EAAE,OAAO;KACzB,CAAC;CACL,CAAC"}

package/package.json

@@ -0,0 +1,72 @@
+{
+  "name": "@attesso/sdk",
+  "version": "1.0.0",
+  "description": "Attesso SDK for autonomous commerce - enable AI agents to make purchases",
+  "author": "Attesso",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/attesso/attesso"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.js"
+    },
+    "./vercel": {
+      "types": "./dist/vercel/index.d.ts",
+      "import": "./dist/vercel/index.js",
+      "require": "./dist/vercel/index.js"
+    }
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "clean": "rm -rf dist",
+    "test": "vitest run"
+  },
+  "keywords": [
+    "attesso",
+    "payments",
+    "ai-agents",
+    "autonomous-commerce",
+    "open-banking",
+    "vercel-ai-sdk",
+    "ai-tools"
+  ],
+  "dependencies": {
+    "@attesso/gatekeeper": "workspace:*",
+    "@attesso/types": "workspace:*"
+  },
+  "peerDependencies": {
+    "ai": ">=3.0.0",
+    "zod": ">=3.0.0"
+  },
+  "peerDependenciesMeta": {
+    "ai": {
+      "optional": true
+    },
+    "zod": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "ai": "^4.0.0",
+    "typescript": "^5.7.0",
+    "vitest": "^2.1.0",
+    "zod": "^3.23.0"
+  }
+}