npm - @attesso/sdk - Versions diffs - 1.0.1 → 1.0.3 - Mend

@attesso/sdk 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +77 -130
package/package.json +6 -9

package/README.md CHANGED Viewed

@@ -1,195 +1,142 @@
 # @attesso/sdk
-Financial infrastructure for AI agents. Programmatic card issuing with hardware-bound biometric authorization.
+API client for executing payments against FIDO2-signed mandates.
 ```bash
 npm install @attesso/sdk
 ```
-## What is Attesso?
-Attesso provides scoped, ephemeral credentials for AI agents. Users authorize via FIDO2 assertion, and agents receive time-limited cards with spend constraints. Revocation is immediate. All credentials are bound to hardware attestation.
-**No credit cards are exposed to agents.** Agents receive mandate IDs and can only transact within user-defined limits.
-## Quick Start
+## AttessoClient
 ```typescript
 import { AttessoClient } from '@attesso/sdk';
 const client = new AttessoClient({
   apiKey: process.env.ATTESSO_API_KEY,
+  baseUrl: process.env.ATTESSO_BASE_URL, // optional
 });
+```
-// Check spending constraints
+### Methods
+#### getMandate(mandateId)
+```typescript
 const mandate = await client.getMandate('mandate_xyz');
-console.log(`Authorized: $${mandate.maxAmount / 100}`);
+// { id, botId, maxAmount, currency, merchant?, status, expiresAt?, createdAt }
+```
-// Execute payment within constraints
+#### executePayment(options)
+```typescript
 const payment = await client.executePayment({
   mandateId: 'mandate_xyz',
-  amount: 34700, // $347.00
-  merchant: 'United Airlines',
+  amount: 34700, // cents
+  merchant: 'Acme Corp',
 });
-// Get passport for merchant verification
-const passport = await client.getPassport('mandate_xyz');
+// { id, mandateId, amount, merchant, status, createdAt }
 ```
-## Authorization Flow
-```
-01. Link Delivery      Agent generates authorization URL. User receives via any channel.
-02. FIDO2 Assertion    Browser invokes WebAuthn API. Authenticator signs in Secure Enclave.
-03. Agent Execution    Agent receives mandate ID. Operates within authorized constraints.
-04. Capture            Agent calls capture() with final amount. Excess authorization released.
-05. Settlement         Transaction settles via Stripe. Event dispatched to webhook.
+#### getPayment(paymentId)
+```typescript
+const payment = await client.getPayment('payment_abc');
 ```
-## Vercel AI SDK Integration
-Inject payment capabilities into any agent runtime:
+#### getPassport(mandateId)
 ```typescript
-import { generateText } from 'ai';
-import { attesso } from '@attesso/sdk/vercel';
-const result = await generateText({
-  model: openai('gpt-4o'),
-  tools: attesso.tools(),
-  prompt: 'Book cheapest flight to NYC',
-});
+const passport = await client.getPassport('mandate_xyz');
+// { token, expiresAt }
 ```
-### Available Tools
-| Tool | Description |
-|------|-------------|
-| `attesso_pay` | Execute payment against mandate |
-| `attesso_get_mandate` | Check spending constraints |
-| `attesso_get_passport` | Get identity token for merchant verification |
-| `attesso_capture` | Capture authorized payment |
-| `attesso_cancel` | Cancel and release held funds |
-| `attesso_check_balance` | Quick balance check |
-### Configuration
+#### capture(paymentId, options)
 ```typescript
-const tools = attesso.tools({
-  mandateId: 'mandate_xyz',           // Pre-select mandate
-  merchant: 'United Airlines',        // Lock to merchant
-  maxAmountPerTransaction: 50000,     // Per-transaction cap
+const result = await client.capture('payment_abc', {
+  amount: 34700,
+  metadata: { orderId: '123' },
 });
+// { id, authorizedAmount, capturedAmount, status: 'completed' }
 ```
-## Direct API Access
+#### cancel(paymentId)
 ```typescript
-import { AttessoClient } from '@attesso/sdk';
-const client = new AttessoClient({ apiKey: '...' });
+const result = await client.cancel('payment_abc');
+// { id, authorizedAmount, status: 'cancelled' }
+```
-// Get mandate details
-const mandate = await client.getMandate(mandateId);
+## Vercel AI SDK
-// Execute payment
-const payment = await client.executePayment({
-  mandateId,
-  amount: 10000,
-  merchant: 'Acme Corp',
-});
-// Check payment status
-const status = await client.getPayment(payment.id);
+```typescript
+import { generateText } from 'ai';
+import { attesso } from '@attesso/sdk/vercel';
-// Auth/Capture flow
-const auth = await client.executePayment({
-  mandateId,
-  amount: 50000,
-  merchant: 'Hotel',
+const result = await generateText({
+  model: openai('gpt-4o'),
+  tools: attesso.tools({
+    mandateId: 'mandate_xyz',      // optional: pre-select mandate
+    merchant: 'Acme Corp',         // optional: lock to merchant
+    maxAmountPerTransaction: 50000, // optional: per-tx cap
+  }),
+  prompt: 'Book a flight under $500',
 });
-await client.capture(auth.id, { amount: 45000 }); // Final price
-// Cancel authorization
-await client.cancel(auth.id);
-// Get passport token
-const passport = await client.getPassport(mandateId);
 ```
-## Security Model
-- **FIDO2/WebAuthn**: Mandates signed by device Secure Enclave/TPM
-- **Zero Card Exposure**: Agents receive mandate IDs, never card numbers
-- **Hardware Attestation**: Non-exportable keys, origin-bound credentials
-- **Spend Constraints**: Amount limits, merchant restrictions, TTL
-- **Instant Revocation**: Immediate credential invalidation via API
-### Hardware Security
-| Device | Security | Auth Method |
-|--------|----------|-------------|
-| iPhone/iPad | Secure Enclave | FaceID/TouchID |
-| Mac (Touch ID) | Secure Enclave | TouchID |
-| Mac (no Touch ID) | Phone via QR | Phone's Secure Enclave |
-| Windows (Hello) | TPM 2.0 | Windows Hello |
-| Android | TEE/StrongBox | Fingerprint/Face |
-## Application Fee Routing
-Configure fees per transaction. Additive settlement model ensures merchant principal preservation:
+### Tools
-```typescript
-const payment = await rails.processPayment({
-  amount: 10000, // $100.00 principal
-  currency: 'usd',
-  merchant: 'Acme Corp',
-  mandateId: 'mandate_xyz',
-  paymentId: 'payment_abc',
-  userId: 'user_123',
-  applicationFee: {
-    destinationAccountId: 'acct_your_stripe_connect_id',
-    feePercent: 5,
-  },
-});
-```
+| Tool | Parameters | Returns |
+|------|------------|---------|
+| `attesso_pay` | `{ mandateId?, amount, merchant? }` | PaymentResponse |
+| `attesso_get_mandate` | `{ mandateId? }` | MandateResponse |
+| `attesso_get_payment` | `{ paymentId }` | PaymentResponse |
+| `attesso_get_passport` | `{ mandateId? }` | PassportToken |
+| `attesso_capture` | `{ paymentId, amount, metadata? }` | CaptureResponse |
+| `attesso_cancel` | `{ paymentId }` | CancelResponse |
+| `attesso_check_balance` | `{ mandateId? }` | `{ available, currency, status }` |
 ## Origin Restrictions
-Restrict SDK usage to specific domains:
 ```typescript
 const client = new AttessoClient({
-  apiKey: 'sk_bot_xyz',
-  allowedOrigins: [
-    'https://myapp.com',
-    'https://*.trusted-partner.com',
-  ],
+  apiKey: '...',
+  allowedOrigins: ['https://myapp.com', 'https://*.trusted.com'],
 });
 ```
-## Environment Variables
+Throws `OriginNotAllowedError` if called from unlisted origin.
-```bash
-ATTESSO_API_KEY=your_api_key
-ATTESSO_BASE_URL=https://api.attesso.com  # optional
-```
-## TypeScript
+## Types
 ```typescript
 import type {
   MandateResponse,
   PaymentResponse,
   PassportToken,
+  CapturePaymentResponse,
+  CancelAuthorizationResponse,
 } from '@attesso/sdk';
 ```
+## Errors
+```typescript
+import { AttessoError, OriginNotAllowedError } from '@attesso/sdk';
+try {
+  await client.executePayment({ ... });
+} catch (e) {
+  if (e instanceof AttessoError) {
+    console.log(e.code); // MANDATE_NOT_FOUND, AMOUNT_EXCEEDS_LIMIT, etc.
+  }
+}
+```
 ## Requirements
 - Node.js 18+
 - For Vercel AI SDK: `ai` >= 3.0, `zod` >= 3.0
+## Links
+- Website: https://attesso.com
+- Support: info@attesso.com
 ## License
 MIT

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@attesso/sdk",
-  "version": "1.0.1",
-  "description": "Financial infrastructure for AI agents. Scoped, ephemeral card credentials with FIDO2 authorization and hardware-bound spend constraints.",
+  "version": "1.0.3",
+  "description": "API client for executing payments against FIDO2-signed mandates. Includes Vercel AI SDK tools.",
   "author": "Attesso",
   "license": "MIT",
   "repository": {
@@ -40,17 +40,14 @@
   },
   "keywords": [
     "attesso",
-    "ai-agents",
+    "payments",
+    "mandates",
     "fido2",
-    "webauthn",
-    "card-issuing",
-    "ephemeral-credentials",
-    "financial-infrastructure",
     "vercel-ai-sdk"
   ],
   "dependencies": {
-    "@attesso/gatekeeper": "workspace:*",
-    "@attesso/types": "workspace:*"
+    "@attesso/gatekeeper": "^1.0.2",
+    "@attesso/types": "^1.0.2"
   },
   "peerDependencies": {
     "ai": ">=3.0.0",