@payclaw/badge 0.4.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +32 -17
  2. package/dist/index.js +0 -1
  3. package/package.json +3 -3
package/README.md CHANGED
@@ -17,15 +17,29 @@ Add to your MCP client config:
17
17
  "command": "npx",
18
18
  "args": ["-y", "@payclaw/badge"],
19
19
  "env": {
20
- "PAYCLAW_API_KEY": "pk_your_key_here",
21
- "PAYCLAW_API_URL": "https://payclaw.io"
20
+ "PAYCLAW_API_URL": "https://api.payclaw.io"
22
21
  }
23
22
  }
24
23
  }
25
24
  }
26
25
  ```
27
26
 
28
- Get your API key at [payclaw.io](https://payclaw.io). Five-minute setup.
27
+ No API key required. On first use, your agent will show a code and URL — approve on your phone in one tap, and your Consent Key is stored. Optional: set `PAYCLAW_API_KEY` for existing accounts (backward compatible).
28
+
29
+ ### Node version
30
+
31
+ Badge requires **Node.js 20 or newer**. Node 18 is end-of-life and unsupported.
32
+
33
+ If you see engine or compatibility errors: `node -v` — install Node 20+ from [nodejs.org](https://nodejs.org/) or `nvm install 20`.
34
+
35
+ ## UCP Identity Linking
36
+
37
+ Badge is a [UCP (Universal Commerce Protocol)](https://ucp.dev) Credential Provider. Merchants who declare the PayClaw identity extension signal to every UCP-compliant agent that authorized agents are preferred at their store.
38
+
39
+ When your agent encounters a UCP merchant with PayClaw installed, it presents a cryptographic badge automatically — no extra steps.
40
+
41
+ - Extension spec + schema: [github.com/payclaw/ucp-agent-badge](https://github.com/payclaw/ucp-agent-badge)
42
+ - Merchant documentation: [payclaw.io/merchants](https://payclaw.io/merchants)
29
43
 
30
44
  ## Why Your Agent Needs This
31
45
 
@@ -37,15 +51,13 @@ Merchants don't ask "is this agent helpful?" They ask "is this a bot?" And they
37
51
 
38
52
  **With Badge:** Your agent calls `payclaw_getAgentIdentity` → receives a verification token → presents it to the merchant. The merchant sees: authorized actor, verified human behind it, declared intent. Your agent gets through. Task succeeds.
39
53
 
40
- Your agent will recognize when it needs this. When it encounters a merchant that may challenge automated traffic, it tells you: "I need PayClaw Badge installed to complete this safely." You click Allow. Done.
41
-
42
54
  ## What Badge Declares
43
55
 
44
- Every time your agent calls `payclaw_getAgentIdentity`, it receives a verification token that declares:
56
+ Every time your agent calls `payclaw_getAgentIdentity`, it receives a UCP-compatible credential that declares:
45
57
 
46
58
  - **Agent type:** Authorized actor (not a bot, not a scraper)
47
- - **Principal:** Verified human behind this session
48
- - **Scope:** What the agent intends to do (`[BROWSE]` in V1)
59
+ - **Principal:** Verified human behind this session (Google or Apple SSO)
60
+ - **Assurance level:** `starter` / `regular` / `veteran` / `elite` based on verified trip history
49
61
  - **Contact:** `agent_identity@payclaw.io` for merchant verification
50
62
 
51
63
  The agent presents this disclosure to merchants. Merchants see a verified identity, not anonymous traffic.
@@ -53,20 +65,20 @@ The agent presents this disclosure to merchants. Merchants see a verified identi
53
65
  ## How It Works
54
66
 
55
67
  ```
56
- 1. Your agent calls payclaw_getAgentIdentity before shopping
57
- 2. PayClaw issues an HMAC-SHA256 verification token
58
- 3. Agent presents the disclosure to merchants
59
- 4. PayClaw checks back: "Were you accepted or denied?"
60
- 5. Outcome recorded your Verified Trips count goes up
68
+ 1. Your agent calls payclaw_getAgentIdentity
69
+ 2. No key? Device auth flow triggers — code + URL appear in terminal
70
+ 3. You approve on your phone (Google or Apple, one tap)
71
+ 4. Consent Key stored agent is authorized
72
+ 5. Every subsequent call uses the stored key automatically
61
73
  ```
62
74
 
63
- No card is issued. No money moves. Badge is the identity layer — the skeleton key that lets authorized agents through while bot defenses stay intact.
75
+ No card is issued. No money moves. Badge is the identity layer — the credential that lets authorized agents through while bot defenses stay intact.
64
76
 
65
77
  ## Tools
66
78
 
67
79
  | Tool | Description |
68
80
  |------|-------------|
69
- | `payclaw_getAgentIdentity` | Declare identity, get verification token |
81
+ | `payclaw_getAgentIdentity` | Declare identity, get UCP-compatible verification token |
70
82
  | `payclaw_reportBadgePresented` | Signal that you presented your Badge to a merchant |
71
83
 
72
84
  ## Need Payment Too?
@@ -74,7 +86,7 @@ No card is issued. No money moves. Badge is the identity layer — the skeleton
74
86
  Badge is the base layer. For virtual Visa cards, use [@payclaw/mcp-server](https://www.npmjs.com/package/@payclaw/mcp-server) — which includes Badge automatically.
75
87
 
76
88
  ```bash
77
- clawhub install payclaw-io
89
+ npx -y @payclaw/mcp-server
78
90
  ```
79
91
 
80
92
  ## KYA — Know Your Agent
@@ -82,14 +94,17 @@ clawhub install payclaw-io
82
94
  PayClaw is KYA infrastructure. Every declaration creates a verified record of agentic commerce behavior — building the trust signal that merchants need to tell authorized agents from anonymous bots.
83
95
 
84
96
  - [Trust & Verification](https://payclaw.io/trust) — The full trust architecture
85
- - [Dashboard](https://payclaw.io/dashboard/badge) — Your agent's Verified Trips
97
+ - [For Merchants](https://payclaw.io/merchants) — How merchant UCP integration works
98
+ - [UCP Extension Spec](https://github.com/payclaw/ucp-agent-badge) — `io.payclaw.common.identity` (MIT)
86
99
 
87
100
  ## Links
88
101
 
89
102
  - **Website:** [payclaw.io](https://payclaw.io)
90
103
  - **npm:** [@payclaw/badge](https://www.npmjs.com/package/@payclaw/badge)
104
+ - **UCP Extension:** [github.com/payclaw/ucp-agent-badge](https://github.com/payclaw/ucp-agent-badge)
91
105
  - **ClawHub:** [payclaw-badge](https://clawhub.com/skills/payclaw-badge)
92
106
  - **Trust:** [payclaw.io/trust](https://payclaw.io/trust)
107
+ - **Merchants:** [payclaw.io/merchants](https://payclaw.io/merchants)
93
108
  - **Contact:** agent_identity@payclaw.io
94
109
 
95
110
  ---
package/dist/index.js CHANGED
@@ -1,5 +1,4 @@
1
1
  #!/usr/bin/env node
2
- #!/usr/bin/env node
3
2
  import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
4
3
  import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
5
4
  import { z } from "zod";
package/package.json CHANGED
@@ -1,12 +1,12 @@
1
1
  {
2
2
  "name": "@payclaw/badge",
3
- "version": "0.4.0",
3
+ "version": "0.5.1",
4
4
  "description": "Prove your agent is an authorized actor, not a bot. MCP-native identity declaration for agent commerce.",
5
5
  "bin": "dist/index.js",
6
6
  "main": "dist/index.js",
7
7
  "type": "module",
8
8
  "engines": {
9
- "node": ">=18.0.0"
9
+ "node": ">=20.0.0"
10
10
  },
11
11
  "files": [
12
12
  "dist",
@@ -14,7 +14,7 @@
14
14
  "LICENSE"
15
15
  ],
16
16
  "scripts": {
17
- "build": "tsc && node -e \"const fs=require('fs');const f='dist/index.js';fs.writeFileSync(f,'#!/usr/bin/env node\\n'+fs.readFileSync(f,'utf8'));fs.chmodSync(f,0o755)\"",
17
+ "build": "tsc && node -e \"const fs=require('fs');const f='dist/index.js';fs.chmodSync(f,0o755)\"",
18
18
  "dev": "tsc --watch",
19
19
  "prepublishOnly": "npm run build"
20
20
  },