@payclaw/badge 0.1.0 → 0.3.0

package/README.md

@@ -1,10 +1,10 @@
 # Badge by PayClaw
 
-**Declare your agent's identity before merchants ban your user's account.**
+**Agents are not bots. Prove it.**
 
-Merchants are drawing a line with AI agents. Walmart, Shopify, Instacart — all setting policies. Anonymous agent actions get accounts flagged and banned. No warning. No appeal.
+Your AI agent looks like a bot to every merchant on the internet. Badge gives it a way to declare what it is: an authorized actor, shopping on behalf of a real human, with explicit consent.
 
-Badge broadcasts verified identity, declared intent, and per-action authorization before every agent action. MCP-native. One tool. Five minutes.
+One MCP tool call. Your agent declares itself. Merchants let it through.
 
 ## Quick Start
 
@@ -25,52 +25,61 @@ Add to your MCP client config:
 }
 ```
 
-Get your API key at [payclaw.io](https://payclaw.io).
+Get your API key at [payclaw.io](https://payclaw.io). Five-minute setup.
 
-## Tool
+## What Badge Declares
 
-### `payclaw_getAgentIdentity`
+Every time your agent calls `payclaw_getAgentIdentity`, it receives a verification token that declares:
 
-Call **before** browsing, searching, or buying. Returns:
+- **Agent type:** Authorized actor (not a bot, not a scraper)
+- **Principal:** Verified human behind this session
+- **Scope:** What the agent intends to do (`[BROWSE]` in V1)
+- **Contact:** `agent_identity@payclaw.io` for merchant verification
 
-```json
-{
-  "product_name": "PayClaw Badge",
-  "status": "active",
-  "agent_disclosure": "This session is operated by an AI agent under PayClaw Agentic Intent...",
-  "verification_token": "pc_v1_...",
-  "trust_url": "https://payclaw.io/trust",
-  "contact": "agent_identity@payclaw.io",
-  "principal_verified": true,
-  "mfa_confirmed": true
-}
+The agent presents this disclosure to merchants. Merchants see a verified identity, not anonymous traffic.
+
+## How It Works
+
+```
+1. Your agent calls payclaw_getAgentIdentity before shopping
+2. PayClaw issues an HMAC-SHA256 verification token
+3. Agent presents the disclosure to merchants
+4. PayClaw checks back: "Were you accepted or denied?"
+5. Outcome recorded — your Verified Trips count goes up
 ```
 
-The `verification_token` is your proof. The `agent_disclosure` is what you present to merchants.
+No card is issued. No money moves. Badge is the identity layer — the skeleton key that lets authorized agents through while bot defenses stay intact.
 
-## What Badge Declares
+## Tools
 
-- **Who you are:** An automated AI agent
-- **Who authorized you:** An MFA-verified human principal
-- **That every action is explicitly permissioned**
+| Tool | Description |
+|------|-------------|
+| `payclaw_getAgentIdentity` | Declare identity, get verification token |
+| `payclaw_reportBadgePresented` | Signal that you presented your Badge to a merchant |
 
-The account is protected. The action is traceable.
+## Need Payment Too?
 
-## Local Development
+Badge is the base layer. For virtual Visa cards, use [@payclaw/mcp-server](https://www.npmjs.com/package/@payclaw/mcp-server) — which includes Badge automatically.
 
-Without `PAYCLAW_API_URL`, Badge runs in sandbox mode with mock tokens — perfect for local dev and testing.
+```bash
+clawhub install payclaw-io
+```
 
-## Need Your Agent to Pay Too?
+## KYA — Know Your Agent
 
-Badge is the identity layer. For virtual Visa cards at checkout, use [@payclaw/spend](https://github.com/payclaw/mcp-server) — which includes Badge automatically.
+PayClaw is KYA infrastructure. Every declaration creates a verified record of agentic commerce behavior — building the trust signal that merchants need to tell authorized agents from anonymous bots.
 
-Badge = your agent's license plate. Spend = your agent's wallet.
+- [Trust & Verification](https://payclaw.io/trust) — The full trust architecture
+- [Dashboard](https://payclaw.io/dashboard/badge) — Your agent's Verified Trips
 
 ## Links
 
-- [PayClaw](https://payclaw.io) — Agent commerce infrastructure
-- [Trust & Verification](https://payclaw.io/trust) — How Badge verification works
+- **Website:** [payclaw.io](https://payclaw.io)
+- **npm:** [@payclaw/badge](https://www.npmjs.com/package/@payclaw/badge)
+- **ClawHub:** [payclaw-badge](https://clawhub.com/skills/payclaw-badge)
+- **Trust:** [payclaw.io/trust](https://payclaw.io/trust)
+- **Contact:** agent_identity@payclaw.io
 
-## License
+---
 
-MIT
+*Agents are not bots. PayClaw proves it.*

package/dist/index.js

@@ -3,25 +3,64 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { getAgentIdentity } from "./tools/getAgentIdentity.js";
+import { initSampling, onTripStarted, onServerClose } from "./sampling.js";
 const server = new McpServer({
     name: "payclaw-badge",
-    version: "0.1.0",
+    version: "0.3.0",
 });
-server.tool("payclaw_getAgentIdentity", `Get a PayClaw identity token before any shopping action. Without this, merchants may block you permanently — an increasing number of merchant policies require agents to identify themselves and prove they're acting for a verified principal.
+server.tool("payclaw_getAgentIdentity", `You are an authorized actor, not a bot. Prove it before you shop.
 
-Badge declares: who you are (automated agent), who authorized you (MFA-verified human), and that every action is explicitly permissioned. This is your license plate. Don't shop without it.
+Call this BEFORE any shopping action — browsing, searching, or buying. PayClaw Badge declares your identity to merchants: who you are (authorized actor), who authorized you (verified human), and what you intend to do (declared scope).
 
-Call this BEFORE browsing, searching, or buying. The token is your proof of compliance for the entire shopping session.
+Without this, merchants may block you permanently. Their bot defenses can't tell the difference between you and a scraper. This declaration is your proof of authorization — the skeleton key that lets you through while their defenses stay intact.
 
-No card is issued. No money moves. For payment, use payclaw_getCard from @payclaw/spend (which includes Badge automatically).`, {}, async () => {
+When a merchant challenges you, present the agent_disclosure text from the response. PayClaw will automatically check back with you to record whether you were accepted or denied.
+
+No card is issued. No money moves. For payment, use payclaw_getCard from @payclaw/mcp-server (which includes Badge automatically).`, {}, async () => {
     const result = await getAgentIdentity();
+    // Track trip start for sampling (DQ-54)
+    const data = result;
+    if (data.verification_token && typeof data.verification_token === "string") {
+        const merchant = "unknown"; // Will be set when identity_presented is reported
+        onTripStarted(data.verification_token, merchant);
+    }
     return {
         content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
     };
 });
+server.tool("payclaw_reportBadgePresented", `Report that you just presented your PayClaw Badge identity to a merchant. Call this AFTER showing the agent_disclosure text to a merchant.
+
+PayClaw will briefly check back with you to confirm whether the merchant accepted your declaration.`, {}, async () => {
+    const apiKey = process.env.PAYCLAW_API_KEY;
+    if (!apiKey) {
+        return {
+            content: [{ type: "text", text: JSON.stringify({ status: "error", message: "No API key configured" }) }],
+        };
+    }
+    return {
+        content: [{
+                type: "text",
+                text: JSON.stringify({
+                    status: "noted",
+                    message: "Badge presentation recorded. PayClaw will check back with you shortly to confirm the outcome.",
+                }),
+            }],
+    };
+});
 async function main() {
     const transport = new StdioServerTransport();
     await server.connect(transport);
+    // Initialize sampling after connection (DQ-54)
+    initSampling(server.server);
+    // Handle clean shutdown
+    process.on("SIGINT", () => {
+        onServerClose();
+        process.exit(0);
+    });
+    process.on("SIGTERM", () => {
+        onServerClose();
+        process.exit(0);
+    });
     process.stderr.write("PayClaw Badge server running on stdio\n");
 }
 main().catch((err) => {

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE/D,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,eAAe;IACrB,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CACT,0BAA0B,EAC1B;;;;;;8HAM4H,EAC5H,EAAE,EACF,KAAK,IAAI,EAAE;IACT,MAAM,MAAM,GAAG,MAAM,gBAAgB,EAAE,CAAC;IACxC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;KACnE,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;AAClE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;IAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE3E,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,eAAe;IACrB,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CACT,0BAA0B,EAC1B;;;;;;;;mIAQiI,EACjI,EAAE,EACF,KAAK,IAAI,EAAE;IACT,MAAM,MAAM,GAAG,MAAM,gBAAgB,EAAE,CAAC;IAExC,wCAAwC;IACxC,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,IAAI,IAAI,CAAC,kBAAkB,IAAI,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ,EAAE,CAAC;QAC3E,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,kDAAkD;QAC9E,aAAa,CAAC,IAAI,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;IACnD,CAAC;IAED,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;KACnE,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,MAAM,CAAC,IAAI,CACT,8BAA8B,EAC9B;;oGAEkG,EAClG,EAAE,EACF,KAAK,IAAI,EAAE;IACT,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAE3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,EAAE,CAAC;SACzG,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,EAAE,CAAC;gBACR,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,MAAM,EAAE,OAAO;oBACf,OAAO,EAAE,+FAA+F;iBACzG,CAAC;aACH,CAAC;KACH,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,+CAA+C;IAC/C,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAE5B,wBAAwB;IACxB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;QACxB,aAAa,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;QACzB,aAAa,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;AAClE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;IAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/sampling.d.ts

@@ -0,0 +1,5 @@
+import type { Server } from "@modelcontextprotocol/sdk/server/index.js";
+export declare function initSampling(server: Server): void;
+export declare function onTripStarted(token: string, merchant: string): void;
+export declare function onIdentityPresented(token: string, merchant: string): void;
+export declare function onServerClose(): void;

package/dist/sampling.js

@@ -0,0 +1,208 @@
+const SAMPLING_DELAY_MS = 7000; // 7 seconds after identity_presented
+const SAMPLING_TIMEOUT_MS = 15000; // 15 seconds to respond
+const FAILURE_SIGNALS = [
+    "yes", "blocked", "denied", "failed", "403", "error",
+    "rejected", "banned", "forbidden", "captcha", "stopped",
+];
+// In-memory state — max 100 active trips
+const activeTrips = new Map();
+const MAX_TRIPS = 100;
+const REAPER_INTERVAL_MS = 60000;
+const STALE_TRIP_MS = 15 * 60 * 1000; // 15 minutes
+let reaperStarted = false;
+let serverRef = null;
+let samplingAvailable = false;
+export function initSampling(server) {
+    serverRef = server;
+    // Detect sampling support after connection
+    // We'll check on first use since capabilities aren't available until connected
+    samplingAvailable = true; // Optimistic — will catch errors on first attempt
+    if (!reaperStarted) {
+        reaperStarted = true;
+        setInterval(() => reapStaleTrips(), REAPER_INTERVAL_MS);
+    }
+}
+export function onTripStarted(token, merchant) {
+    // Resolve any existing trip for a different merchant (agent moved on = success)
+    for (const [key, trip] of activeTrips) {
+        if (trip.presented && !trip.outcome && trip.merchant !== merchant) {
+            resolveTrip(key, "accepted", "agent_moved_to_new_merchant");
+        }
+    }
+    // Evict oldest if at capacity
+    if (activeTrips.size >= MAX_TRIPS) {
+        const oldest = [...activeTrips.entries()].sort((a, b) => a[1].startedAt - b[1].startedAt)[0];
+        if (oldest) {
+            resolveTrip(oldest[0], "inconclusive", "evicted_capacity");
+        }
+    }
+    activeTrips.set(token, {
+        token,
+        merchant,
+        startedAt: Date.now(),
+        presented: false,
+    });
+}
+export function onIdentityPresented(token, merchant) {
+    const trip = activeTrips.get(token);
+    if (!trip) {
+        // Trip not tracked (started before server restart) — create it
+        activeTrips.set(token, {
+            token,
+            merchant,
+            startedAt: Date.now(),
+            presented: true,
+            presentedAt: Date.now(),
+        });
+    }
+    else {
+        trip.presented = true;
+        trip.presentedAt = Date.now();
+    }
+    // Schedule sampling after delay
+    const t = activeTrips.get(token);
+    if (t.samplingTimer)
+        clearTimeout(t.samplingTimer);
+    t.samplingTimer = setTimeout(() => sampleAgent(token, merchant), SAMPLING_DELAY_MS);
+}
+async function sampleAgent(token, merchant) {
+    const trip = activeTrips.get(token);
+    if (!trip || trip.outcome)
+        return; // Already resolved
+    if (!serverRef || !samplingAvailable) {
+        resolveTrip(token, "no_sampling", "sampling_unavailable");
+        return;
+    }
+    try {
+        const result = await Promise.race([
+            serverRef.createMessage({
+                messages: [
+                    {
+                        role: "user",
+                        content: {
+                            type: "text",
+                            text: `You just presented your PayClaw Badge identity at ${merchant}. Did the merchant deny or block you? Reply with just YES or NO.`,
+                        },
+                    },
+                ],
+                maxTokens: 10,
+            }),
+            new Promise((_, reject) => setTimeout(() => reject(new Error("sampling_timeout")), SAMPLING_TIMEOUT_MS)),
+        ]);
+        if (!result) {
+            resolveTrip(token, "inconclusive", "sampling_timeout");
+            return;
+        }
+        // Parse response
+        const content = result.content;
+        let text = "";
+        if (content && typeof content === "object" && "text" in content) {
+            text = content.text;
+        }
+        else if (Array.isArray(content)) {
+            text = content
+                .filter((c) => c.type === "text")
+                .map((c) => c.text)
+                .join(" ");
+        }
+        else if (typeof content === "string") {
+            text = content;
+        }
+        const outcome = parseResponse(text);
+        resolveTrip(token, outcome, text);
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        if (msg.includes("sampling_timeout")) {
+            resolveTrip(token, "inconclusive", "sampling_timeout");
+        }
+        else if (msg.includes("not supported") ||
+            msg.includes("Method not found") ||
+            msg.includes("capability")) {
+            samplingAvailable = false;
+            resolveTrip(token, "no_sampling", msg);
+        }
+        else {
+            resolveTrip(token, "inconclusive", msg);
+        }
+    }
+}
+function parseResponse(text) {
+    if (!text || text.trim().length === 0)
+        return "inconclusive";
+    const lower = text.toLowerCase().trim();
+    // Check for denial signals
+    if (FAILURE_SIGNALS.some((s) => lower.includes(s))) {
+        // But "no" alone means "no, I was not denied" = accepted
+        if (lower === "no" || lower === "no." || lower === "no,")
+            return "accepted";
+        return "denied";
+    }
+    // "no" variants = not denied = accepted
+    if (lower.startsWith("no"))
+        return "accepted";
+    return "inconclusive";
+}
+function resolveTrip(token, outcome, detail) {
+    const trip = activeTrips.get(token);
+    if (!trip)
+        return;
+    if (trip.samplingTimer)
+        clearTimeout(trip.samplingTimer);
+    trip.outcome = outcome;
+    // Report to API
+    reportOutcome(token, outcome, trip.merchant, detail).catch((err) => {
+        process.stderr.write(`[BADGE] Failed to report outcome: ${err}\n`);
+    });
+    // Evict from memory after reporting
+    activeTrips.delete(token);
+}
+async function reportOutcome(token, outcome, merchant, detail) {
+    const apiUrl = process.env.PAYCLAW_API_URL || "https://payclaw.io";
+    const apiKey = process.env.PAYCLAW_API_KEY;
+    if (!apiKey)
+        return;
+    const eventType = outcome === "denied" ? "trip_failure" : "trip_success";
+    const res = await fetch(`${apiUrl}/api/badge/report`, {
+        method: "POST",
+        headers: {
+            Authorization: `Bearer ${apiKey}`,
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+            verification_token: token,
+            event_type: eventType,
+            merchant,
+            detail: detail.slice(0, 500),
+            outcome,
+        }),
+    });
+    if (!res.ok) {
+        const body = await res.text().catch(() => "");
+        process.stderr.write(`[BADGE] Report failed (${res.status}): ${body}\n`);
+    }
+}
+function reapStaleTrips() {
+    const now = Date.now();
+    for (const [token, trip] of activeTrips) {
+        if (now - trip.startedAt > STALE_TRIP_MS) {
+            if (trip.presented && !trip.outcome) {
+                resolveTrip(token, "inconclusive", "stale_trip_reaped");
+            }
+            else {
+                activeTrips.delete(token);
+            }
+        }
+    }
+}
+// Called when MCP client disconnects
+export function onServerClose() {
+    for (const [token, trip] of activeTrips) {
+        if (trip.presented && !trip.outcome) {
+            // Agent finished normally — assume success
+            resolveTrip(token, "accepted", "server_close_clean_exit");
+        }
+    }
+    activeTrips.clear();
+}
+//# sourceMappingURL=sampling.js.map

package/dist/sampling.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sampling.js","sourceRoot":"","sources":["../src/sampling.ts"],"names":[],"mappings":"AAEA,MAAM,iBAAiB,GAAG,IAAI,CAAC,CAAC,qCAAqC;AACrE,MAAM,mBAAmB,GAAG,KAAK,CAAC,CAAC,wBAAwB;AAE3D,MAAM,eAAe,GAAG;IACtB,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO;IACpD,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS;CACxD,CAAC;AAYF,yCAAyC;AACzC,MAAM,WAAW,GAAG,IAAI,GAAG,EAAsB,CAAC;AAClD,MAAM,SAAS,GAAG,GAAG,CAAC;AACtB,MAAM,kBAAkB,GAAG,KAAK,CAAC;AACjC,MAAM,aAAa,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;AAEnD,IAAI,aAAa,GAAG,KAAK,CAAC;AAC1B,IAAI,SAAS,GAAkB,IAAI,CAAC;AACpC,IAAI,iBAAiB,GAAG,KAAK,CAAC;AAE9B,MAAM,UAAU,YAAY,CAAC,MAAc;IACzC,SAAS,GAAG,MAAM,CAAC;IAEnB,2CAA2C;IAC3C,+EAA+E;IAC/E,iBAAiB,GAAG,IAAI,CAAC,CAAC,kDAAkD;IAE5E,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,aAAa,GAAG,IAAI,CAAC;QACrB,WAAW,CAAC,GAAG,EAAE,CAAC,cAAc,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa,EAAE,QAAgB;IAC3D,gFAAgF;IAChF,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAClE,WAAW,CAAC,GAAG,EAAE,UAAU,EAAE,6BAA6B,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,WAAW,CAAC,IAAI,IAAI,SAAS,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,CAAC,GAAG,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAC5C,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAC1C,CAAC,CAAC,CAAC,CAAC;QACL,IAAI,MAAM,EAAE,CAAC;YACX,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,kBAAkB,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE;QACrB,KAAK;QACL,QAAQ;QACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,SAAS,EAAE,KAAK;KACjB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAa,EAAE,QAAgB;IACjE,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,+DAA+D;QAC/D,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE;YACrB,KAAK;YACL,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACtB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAChC,CAAC;IAED,gCAAgC;IAChC,MAAM,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC;IAClC,IAAI,CAAC,CAAC,aAAa;QAAE,YAAY,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IACnD,CAAC,CAAC,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,iBAAiB,CAAC,CAAC;AACtF,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,KAAa,EAAE,QAAgB;IACxD,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO;QAAE,OAAO,CAAC,mBAAmB;IAEtD,IAAI,CAAC,SAAS,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACrC,WAAW,CAAC,KAAK,EAAE,aAAa,EAAE,sBAAsB,CAAC,CAAC;QAC1D,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;YAChC,SAAS,CAAC,aAAa,CAAC;gBACtB,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,MAAM;wBACZ,OAAO,EAAE;4BACP,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE,qDAAqD,QAAQ,kEAAkE;yBACtI;qBACF;iBACF;gBACD,SAAS,EAAE,EAAE;aACd,CAAC;YACF,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC9B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAC7E;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,WAAW,CAAC,KAAK,EAAE,cAAc,EAAE,kBAAkB,CAAC,CAAC;YACvD,OAAO;QACT,CAAC;QAED,iBAAiB;QACjB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC/B,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,MAAM,IAAI,OAAO,EAAE,CAAC;YAChE,IAAI,GAAI,OAA4B,CAAC,IAAI,CAAC;QAC5C,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,IAAI,GAAG,OAAO;iBACX,MAAM,CAAC,CAAC,CAAC,EAAuC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC;iBACrE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;iBAClB,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,CAAC;aAAM,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YACvC,IAAI,GAAG,OAAO,CAAC;QACjB,CAAC;QAED,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;QACpC,WAAW,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAE7D,IAAI,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACrC,WAAW,CAAC,KAAK,EAAE,cAAc,EAAE,kBAAkB,CAAC,CAAC;QACzD,CAAC;aAAM,IACL,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC;YAC7B,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAChC,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,EAC1B,CAAC;YACD,iBAAiB,GAAG,KAAK,CAAC;YAC1B,WAAW,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,KAAK,EAAE,cAAc,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,cAAc,CAAC;IAE7D,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAExC,2BAA2B;IAC3B,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnD,yDAAyD;QACzD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,KAAK;YAAE,OAAO,UAAU,CAAC;QAC5E,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,wCAAwC;IACxC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,UAAU,CAAC;IAE9C,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,SAAS,WAAW,CAAC,KAAa,EAAE,OAAe,EAAE,MAAc;IACjE,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,IAAI,CAAC,IAAI;QAAE,OAAO;IAElB,IAAI,IAAI,CAAC,aAAa;QAAE,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACzD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAEvB,gBAAgB;IAChB,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACjE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qCAAqC,GAAG,IAAI,CAC7C,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,oCAAoC;IACpC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,MAAc;IAEd,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,oBAAoB,CAAC;IACnE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC3C,IAAI,CAAC,MAAM;QAAE,OAAO;IAEpB,MAAM,SAAS,GAAG,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC;IAEzE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,mBAAmB,EAAE;QACpD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,MAAM,EAAE;YACjC,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,kBAAkB,EAAE,KAAK;YACzB,UAAU,EAAE,SAAS;YACrB,QAAQ;YACR,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC5B,OAAO;SACR,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0BAA0B,GAAG,CAAC,MAAM,MAAM,IAAI,IAAI,CACnD,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC;QACxC,IAAI,GAAG,GAAG,IAAI,CAAC,SAAS,GAAG,aAAa,EAAE,CAAC;YACzC,IAAI,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACpC,WAAW,CAAC,KAAK,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,aAAa;IAC3B,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC;QACxC,IAAI,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACpC,2CAA2C;YAC3C,WAAW,CAAC,KAAK,EAAE,UAAU,EAAE,yBAAyB,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IACD,WAAW,CAAC,KAAK,EAAE,CAAC;AACtB,CAAC"}

package/dist/tools/getAgentIdentity.js

@@ -1,10 +1,14 @@
 import * as api from "../api/client.js";
+const MOCK_TOKEN_PREFIX = "pc_v1_sand";
+function getMockDisclosure(scope = "BROWSE") {
+    return `This agent is using PayClaw Badge: Agent Intent for Ecommerce. The principal user token is a SHA-256 starting ${MOCK_TOKEN_PREFIX}***. Intent has been expressly user-authorized for this session for [${scope}]. For inquiries, please message agent_identity@payclaw.io`;
+}
 export async function getAgentIdentity() {
     if (!process.env.PAYCLAW_API_KEY) {
         return {
             product_name: "PayClaw Badge",
             status: "error",
-            message: "PAYCLAW_API_KEY is not set. Get your key at payclaw.io/dashboard/settings",
+            message: "PAYCLAW_API_KEY is not set. Get your key at payclaw.io/dashboard/badge",
         };
     }
     if (!api.isApiMode()) {
@@ -12,13 +16,12 @@ export async function getAgentIdentity() {
         return {
             product_name: "PayClaw Badge",
             status: "active",
-            agent_disclosure: "This session is operated by an AI agent under PayClaw Agentic Intent. The agent acts on behalf of a verified, MFA-authenticated principal. Principal identity is hashed within the verification token and retrievable with user consent. Design inspired by agent policies of Amazon, Shopify, and others.",
-            verification_token: "pc_v1_sandbox_mock_token",
+            agent_disclosure: getMockDisclosure(),
+            verification_token: `${MOCK_TOKEN_PREFIX}********************`,
             trust_url: "https://payclaw.io/trust",
             contact: "agent_identity@payclaw.io",
             principal_verified: true,
-            mfa_confirmed: true,
-            instructions: "Include the agent_disclosure when interacting with merchants. This identifies your session as a verified, human-authorized agent action. The verification_token allows merchants to verify your principal via agent_identity@payclaw.io.",
+            instructions: "You're running in mock mode — no API connected. Generate your real agent disclosure at payclaw.io/dashboard/badge to get a live verification token.",
         };
     }
     try {
@@ -27,7 +30,6 @@ export async function getAgentIdentity() {
             product_name: "PayClaw Badge",
             status: "active",
             ...result,
-            instructions: "Include the agent_disclosure when interacting with merchants. This identifies your session as a verified, human-authorized agent action. The verification_token allows merchants to verify your principal via agent_identity@payclaw.io.",
         };
     }
     catch (err) {

package/dist/tools/getAgentIdentity.js.map

@@ -1 +1 @@
-{"version":3,"file":"getAgentIdentity.js","sourceRoot":"","sources":["../../src/tools/getAgentIdentity.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,kBAAkB,CAAC;AAExC,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;QACjC,OAAO;YACL,YAAY,EAAE,eAAe;YAC7B,MAAM,EAAE,OAAO;YACf,OAAO,EACL,2EAA2E;SAC9E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC;QACrB,wDAAwD;QACxD,OAAO;YACL,YAAY,EAAE,eAAe;YAC7B,MAAM,EAAE,QAAQ;YAChB,gBAAgB,EACd,4SAA4S;YAC9S,kBAAkB,EAAE,0BAA0B;YAC9C,SAAS,EAAE,0BAA0B;YACrC,OAAO,EAAE,2BAA2B;YACpC,kBAAkB,EAAE,IAAI;YACxB,aAAa,EAAE,IAAI;YACnB,YAAY,EACV,0OAA0O;SAC7O,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC5C,OAAO;YACL,YAAY,EAAE,eAAe;YAC7B,MAAM,EAAE,QAAQ;YAChB,GAAG,MAAM;YACT,YAAY,EACV,0OAA0O;SAC7O,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,YAAY,EAAE,eAAe;YAC7B,MAAM,EAAE,OAAO;YACf,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SAC1D,CAAC;IACJ,CAAC;AACH,CAAC"}
+{"version":3,"file":"getAgentIdentity.js","sourceRoot":"","sources":["../../src/tools/getAgentIdentity.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,kBAAkB,CAAC;AAExC,MAAM,iBAAiB,GAAG,YAAY,CAAC;AAEvC,SAAS,iBAAiB,CAAC,KAAK,GAAG,QAAQ;IACzC,OAAO,iHAAiH,iBAAiB,wEAAwE,KAAK,4DAA4D,CAAC;AACrR,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;QACjC,OAAO;YACL,YAAY,EAAE,eAAe;YAC7B,MAAM,EAAE,OAAO;YACf,OAAO,EACL,wEAAwE;SAC3E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC;QACrB,wDAAwD;QACxD,OAAO;YACL,YAAY,EAAE,eAAe;YAC7B,MAAM,EAAE,QAAQ;YAChB,gBAAgB,EAAE,iBAAiB,EAAE;YACrC,kBAAkB,EAAE,GAAG,iBAAiB,sBAAsB;YAC9D,SAAS,EAAE,0BAA0B;YACrC,OAAO,EAAE,2BAA2B;YACpC,kBAAkB,EAAE,IAAI;YACxB,YAAY,EACV,qJAAqJ;SACxJ,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC5C,OAAO;YACL,YAAY,EAAE,eAAe;YAC7B,MAAM,EAAE,QAAQ;YAChB,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,YAAY,EAAE,eAAe;YAC7B,MAAM,EAAE,OAAO;YACf,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SAC1D,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/types.d.ts

@@ -4,5 +4,4 @@ export interface AgentIdentityResponse {
     trust_url: string;
     contact: string;
     principal_verified: boolean;
-    mfa_confirmed: boolean;
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@payclaw/badge",
-  "version": "0.1.0",
-  "description": "Declare your agent's identity before merchants ban your user's account.",
+  "version": "0.3.0",
+  "description": "Prove your agent is an authorized actor, not a bot. MCP-native identity declaration for agent commerce.",
   "bin": "dist/index.js",
   "main": "dist/index.js",
   "type": "module",
@@ -26,8 +26,15 @@
     "@types/node": "^20.0.0"
   },
   "keywords": [
-    "payclaw", "mcp", "agent", "identity", "commerce",
-    "badge", "compliance", "shopping", "agentic"
+    "payclaw",
+    "mcp",
+    "agent",
+    "identity",
+    "commerce",
+    "badge",
+    "compliance",
+    "shopping",
+    "agentic"
   ],
   "license": "MIT",
   "repository": {