@withgordon/core 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +39 -20
- package/dist/sdk/index.d.ts +27 -51
- package/dist/sdk/index.d.ts.map +1 -1
- package/dist/sdk/index.js +33 -84
- package/dist/sdk/index.js.map +1 -1
- package/dist/types.d.ts +308 -14
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +103 -7
- package/dist/types.js.map +1 -1
- package/package.json +4 -4
package/README.md
CHANGED
|
@@ -16,7 +16,6 @@ npm install @withgordon/core
|
|
|
16
16
|
import { Gordon } from "@withgordon/core";
|
|
17
17
|
|
|
18
18
|
const gordon = new Gordon({
|
|
19
|
-
evaluatorUrl: "https://evaluator.withgordon.ai",
|
|
20
19
|
platformUrl: "https://api.withgordon.ai",
|
|
21
20
|
agentApiKey: process.env.GORDON_AGENT_KEY!,
|
|
22
21
|
agentApiSecret: process.env.GORDON_AGENT_SECRET!,
|
|
@@ -61,10 +60,11 @@ const result = await gordon.fetch(url, options);
|
|
|
61
60
|
|
|
62
61
|
| Option | Type | Purpose |
|
|
63
62
|
| --- | --- | --- |
|
|
64
|
-
| `serviceId` | `string` | Catalog service slug, such as `exa` or `
|
|
63
|
+
| `serviceId` | `string` | Catalog service slug, such as `exa` or `zlurp`. |
|
|
65
64
|
| `operationId` | `string` | Catalog operation ID, such as `search.web` or `scrape.url`. |
|
|
66
65
|
| `maxPaymentUnits` | `number` | Maximum spend for this call. `1_000_000 = $1.00`. Defaults to `$0.10`. |
|
|
67
66
|
| `idempotencyKey` | `string` | Stable key for safe retries without double-paying. |
|
|
67
|
+
| `replayKey` | `string` | Optional one-shot key for the Platform's short-TTL replay guard. |
|
|
68
68
|
| `targetUrl` | `string` | For scrape/crawl calls, the customer URL being scraped. Used for domain policy. |
|
|
69
69
|
| `allowUnconfirmed` | `boolean` | Development escape hatch for providers that return `2xx` without x402 receipt proof. Leave false in production. |
|
|
70
70
|
|
|
@@ -85,29 +85,48 @@ When payment succeeds, `receipt` contains:
|
|
|
85
85
|
|
|
86
86
|
`confirmed: true` means the provider returned payment proof and the Platform accepted completion.
|
|
87
87
|
|
|
88
|
-
##
|
|
88
|
+
## Approvals
|
|
89
89
|
|
|
90
|
-
|
|
90
|
+
When a payment exceeds the agent's per-service approval threshold (or trips an
|
|
91
|
+
`approval_required` rule), the Platform escalates instead of paying:
|
|
92
|
+
`gordon.fetch()` throws `GordonPaymentError` carrying an `approval_id` in its
|
|
93
|
+
`body`. A human resolves it from the dashboard's Approvals queue; the agent polls
|
|
94
|
+
until it clears, then retries the same call to settle.
|
|
91
95
|
|
|
92
96
|
```ts
|
|
93
|
-
import { Gordon,
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
)
|
|
97
|
+
import { Gordon, GordonPaymentError } from "@withgordon/core";
|
|
98
|
+
|
|
99
|
+
try {
|
|
100
|
+
await gordon.fetch(url, opts);
|
|
101
|
+
} catch (err) {
|
|
102
|
+
if (err instanceof GordonPaymentError && err.body?.approval_id) {
|
|
103
|
+
const approvalId = err.body.approval_id as string;
|
|
104
|
+
|
|
105
|
+
// Poll until a human approves or denies in the dashboard.
|
|
106
|
+
let status = await gordon.checkApproval(approvalId);
|
|
107
|
+
while (status.status === "pending") {
|
|
108
|
+
await new Promise((r) => setTimeout(r, 5_000));
|
|
109
|
+
status = await gordon.checkApproval(approvalId);
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
if (status.status === "approved") {
|
|
113
|
+
// Retry the same call — the Platform settles against the approval
|
|
114
|
+
// exactly once (a second retry is rejected as a replay).
|
|
115
|
+
await gordon.fetch(url, opts);
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
}
|
|
109
119
|
```
|
|
110
120
|
|
|
121
|
+
`checkApproval()` returns `{ status, resolvedAt, resolvedBy }` and reports
|
|
122
|
+
`pending` for unknown ids (the approval cache has a 7-day TTL).
|
|
123
|
+
|
|
124
|
+
> The lower-level payment-agnostic policy guard (`gordon.evaluate()` /
|
|
125
|
+
> `gordon.guard()`) and the standalone evaluator service were removed
|
|
126
|
+
> 2026-06-05 — all governance now runs through the Platform's x402 surface
|
|
127
|
+
> above. To restore the payment-agnostic surface, see `CLAUDE.md` (recovery
|
|
128
|
+
> pointer to commit `bb4cffa`).
|
|
129
|
+
|
|
111
130
|
## Money Units
|
|
112
131
|
|
|
113
132
|
Gordon uses integer micro-units:
|
package/dist/sdk/index.d.ts
CHANGED
|
@@ -1,14 +1,19 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { ApprovalStatus } from '../types.js';
|
|
2
2
|
export interface GordonConfig {
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
3
|
+
/**
|
|
4
|
+
* Platform API base URL (e.g. https://api.withgordon.ai). Required — Gordon's
|
|
5
|
+
* governance runs entirely through the platform's x402 surface
|
|
6
|
+
* (gordon.fetch + gordon.checkApproval). The standalone evaluator and the
|
|
7
|
+
* payment-agnostic gordon.evaluate()/guard() were removed 2026-06-05; see
|
|
8
|
+
* CLAUDE.md (recovery pointer to commit bb4cffa) to restore them.
|
|
9
|
+
*/
|
|
10
|
+
platformUrl: string;
|
|
6
11
|
agentApiKey: string;
|
|
7
12
|
agentApiSecret: string;
|
|
8
13
|
fetch?: typeof fetch;
|
|
9
14
|
}
|
|
10
15
|
export interface GordonFetchOptions extends RequestInit {
|
|
11
|
-
/** Catalog service slug (e.g. '
|
|
16
|
+
/** Catalog service slug (e.g. 'zlurp'). Omit for unlisted endpoints. */
|
|
12
17
|
serviceId?: string;
|
|
13
18
|
/** Catalog operation id (e.g. 'scrape.url'). Required when serviceId is set. */
|
|
14
19
|
operationId?: string;
|
|
@@ -18,6 +23,11 @@ export interface GordonFetchOptions extends RequestInit {
|
|
|
18
23
|
* Defaults to a random UUID per call if not provided.
|
|
19
24
|
*/
|
|
20
25
|
idempotencyKey?: string;
|
|
26
|
+
/**
|
|
27
|
+
* Optional one-shot key used by the Platform's short-TTL replay guard.
|
|
28
|
+
* Do not reuse it for a distinct authorization attempt.
|
|
29
|
+
*/
|
|
30
|
+
replayKey?: string;
|
|
21
31
|
/**
|
|
22
32
|
* Maximum amount (micro-units, 1,000,000 = $1.00) this call is allowed to spend.
|
|
23
33
|
* Gordon rejects any 402 whose amount exceeds this ceiling.
|
|
@@ -27,9 +37,9 @@ export interface GordonFetchOptions extends RequestInit {
|
|
|
27
37
|
/**
|
|
28
38
|
* For scrape/crawl operations: the URL being fetched by the provider
|
|
29
39
|
* (not the provider's own API endpoint). Gordon uses this for
|
|
30
|
-
* allowed_domains policy enforcement. Example: for a
|
|
40
|
+
* allowed_domains policy enforcement. Example: for a Zlurp scrape of
|
|
31
41
|
* https://example.com/page, set targetUrl to that URL while `url` stays
|
|
32
|
-
* as https://
|
|
42
|
+
* as https://zlurp.ai/scrape.
|
|
33
43
|
*/
|
|
34
44
|
targetUrl?: string;
|
|
35
45
|
/**
|
|
@@ -57,58 +67,24 @@ export interface GordonFetchResult {
|
|
|
57
67
|
confirmed: boolean;
|
|
58
68
|
} | null;
|
|
59
69
|
}
|
|
60
|
-
/** Body fields the agent supplies to /evaluate. `agent_id` comes from the
|
|
61
|
-
* Bearer credential; `timestamp` is server-stamped (closes audit gap #4). */
|
|
62
|
-
export type RequestPayload = Omit<TransactionRequest, 'agent_id' | 'timestamp'>;
|
|
63
|
-
export interface GuardOptions {
|
|
64
|
-
/** Pass the approval_id from a prior `GordonEscalateError` to retry that
|
|
65
|
-
* same logical transaction. The evaluator gates the call against the
|
|
66
|
-
* approval's resolved state — see evaluator/server.ts for full semantics. */
|
|
67
|
-
approvalId?: string;
|
|
68
|
-
}
|
|
69
|
-
export declare class GordonBlockedError extends Error {
|
|
70
|
-
readonly decision: EvaluateResponse;
|
|
71
|
-
readonly name = "GordonBlockedError";
|
|
72
|
-
constructor(decision: EvaluateResponse);
|
|
73
|
-
}
|
|
74
|
-
export declare class GordonEscalateError extends Error {
|
|
75
|
-
readonly decision: EvaluateResponse;
|
|
76
|
-
readonly name = "GordonEscalateError";
|
|
77
|
-
readonly approvalId: string | null;
|
|
78
|
-
constructor(decision: EvaluateResponse);
|
|
79
|
-
}
|
|
80
70
|
/**
|
|
81
|
-
* Gordon SDK —
|
|
82
|
-
*
|
|
83
|
-
* The evaluator is the single source of truth for "this decision happened":
|
|
84
|
-
* it generates the transaction_id (always) and approval_id (on escalate),
|
|
85
|
-
* pushes the record to a Redis stream, and returns both IDs in the response.
|
|
86
|
-
* The ledger worker drains the stream into Postgres asynchronously.
|
|
71
|
+
* Gordon SDK — the x402 payment intercept layer.
|
|
87
72
|
*
|
|
88
|
-
*
|
|
89
|
-
*
|
|
90
|
-
*
|
|
91
|
-
*
|
|
92
|
-
*
|
|
93
|
-
* while ((await gordon.checkApproval(e.approvalId!)).status === 'pending') {
|
|
94
|
-
* await sleep(2000);
|
|
95
|
-
* }
|
|
96
|
-
* // retry with the approvalId — evaluator gates against the resolved state
|
|
97
|
-
* await gordon.guard(req, exec, { approvalId: e.approvalId! });
|
|
98
|
-
* }
|
|
99
|
-
* }
|
|
73
|
+
* gordon.fetch() is a drop-in fetch that runs the x402 402->authorize->retry
|
|
74
|
+
* cycle through the platform; gordon.checkApproval() polls an approval the
|
|
75
|
+
* platform issued (the escalate->approve->retry loop). All governance runs IN
|
|
76
|
+
* the platform (the standalone evaluator + payment-agnostic gordon.evaluate()/
|
|
77
|
+
* guard() were removed 2026-06-05 - see CLAUDE.md recovery pointer to bb4cffa).
|
|
100
78
|
*/
|
|
101
79
|
export declare class Gordon {
|
|
102
80
|
private readonly cfg;
|
|
103
81
|
private readonly fetchImpl;
|
|
104
82
|
private readonly authHeader;
|
|
105
83
|
constructor(cfg: GordonConfig);
|
|
106
|
-
evaluate(request: RequestPayload, opts?: GuardOptions): Promise<EvaluateResponse>;
|
|
107
|
-
guard<T>(request: RequestPayload, exec: () => Promise<T>, opts?: GuardOptions): Promise<T>;
|
|
108
84
|
/**
|
|
109
|
-
* Poll the status of an approval the
|
|
110
|
-
* Returns `{status: 'pending'}` for unknown ids — the
|
|
111
|
-
*
|
|
85
|
+
* Poll the status of an approval the platform issued (on an x402 escalate).
|
|
86
|
+
* Returns `{status: 'pending'}` for unknown ids — the cache may have expired
|
|
87
|
+
* (7-day TTL) or the id is wrong.
|
|
112
88
|
*/
|
|
113
89
|
checkApproval(approvalId: string): Promise<{
|
|
114
90
|
status: ApprovalStatus;
|
|
@@ -137,5 +113,5 @@ export declare class GordonPaymentError extends Error {
|
|
|
137
113
|
readonly name = "GordonPaymentError";
|
|
138
114
|
constructor(message: string, statusCode?: number | undefined, body?: Record<string, unknown> | undefined);
|
|
139
115
|
}
|
|
140
|
-
export type {
|
|
116
|
+
export type { ApprovalStatus };
|
|
141
117
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/sdk/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../sdk/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../sdk/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,cAAc,EAIf,MAAM,aAAa,CAAC;AAErB,MAAM,WAAW,YAAY;IAC3B;;;;;;OAMG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB;AAID,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD,wEAAwE;IACxE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,QAAQ,CAAC;IACnB,+DAA+D;IAC/D,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,MAAM,CAAC;QACrB,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf;;;;;WAKG;QACH,SAAS,EAAE,OAAO,CAAC;KACpB,GAAG,IAAI,CAAC;CACV;AAED;;;;;;;;GAQG;AACH,qBAAa,MAAM;IAIL,OAAO,CAAC,QAAQ,CAAC,GAAG;IAHhC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAe;IACzC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;gBAEP,GAAG,EAAE,YAAY;IAc9C;;;;OAIG;IACG,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC;QAC/C,MAAM,EAAE,cAAc,CAAC;QACvB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;KAC3B,CAAC;IAiCF;;;;;;;;;;;;;OAaG;IACG,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,GAAE,kBAAuB,GAAG,OAAO,CAAC,iBAAiB,CAAC;CAoLvF;AAED,qBAAa,kBAAmB,SAAQ,KAAK;IAIzC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAJzC,SAAkB,IAAI,wBAAwB;gBAE5C,OAAO,EAAE,MAAM,EACN,UAAU,CAAC,EAAE,MAAM,YAAA,EACnB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,YAAA;CAI1C;AAGD,YAAY,EAAE,cAAc,EAAE,CAAC"}
|
package/dist/sdk/index.js
CHANGED
|
@@ -1,51 +1,13 @@
|
|
|
1
1
|
import { createHash, randomBytes } from 'node:crypto';
|
|
2
2
|
import { normalizeX402PaymentRequirement } from '../types.js';
|
|
3
|
-
export class GordonBlockedError extends Error {
|
|
4
|
-
decision;
|
|
5
|
-
name = 'GordonBlockedError';
|
|
6
|
-
constructor(decision) {
|
|
7
|
-
super(`gordon_blocked: ${decision.reason}`);
|
|
8
|
-
this.decision = decision;
|
|
9
|
-
}
|
|
10
|
-
}
|
|
11
|
-
export class GordonEscalateError extends Error {
|
|
12
|
-
decision;
|
|
13
|
-
name = 'GordonEscalateError';
|
|
14
|
-
approvalId;
|
|
15
|
-
constructor(decision) {
|
|
16
|
-
super(`gordon_escalate: ${decision.reason}`);
|
|
17
|
-
this.decision = decision;
|
|
18
|
-
this.approvalId = decision.approval_id;
|
|
19
|
-
}
|
|
20
|
-
}
|
|
21
|
-
const failClosed = (reason) => ({
|
|
22
|
-
result: 'block',
|
|
23
|
-
reason,
|
|
24
|
-
rule_triggered: null,
|
|
25
|
-
latency_ms: 0,
|
|
26
|
-
transaction_id: '00000000-0000-0000-0000-000000000000',
|
|
27
|
-
approval_id: null,
|
|
28
|
-
});
|
|
29
3
|
/**
|
|
30
|
-
* Gordon SDK —
|
|
4
|
+
* Gordon SDK — the x402 payment intercept layer.
|
|
31
5
|
*
|
|
32
|
-
*
|
|
33
|
-
*
|
|
34
|
-
*
|
|
35
|
-
*
|
|
36
|
-
*
|
|
37
|
-
* Escalate retry pattern:
|
|
38
|
-
* try { await gordon.guard(req, exec) }
|
|
39
|
-
* catch (e) {
|
|
40
|
-
* if (e instanceof GordonEscalateError) {
|
|
41
|
-
* // poll until resolved (or webhook, or whatever the agent runtime supports)
|
|
42
|
-
* while ((await gordon.checkApproval(e.approvalId!)).status === 'pending') {
|
|
43
|
-
* await sleep(2000);
|
|
44
|
-
* }
|
|
45
|
-
* // retry with the approvalId — evaluator gates against the resolved state
|
|
46
|
-
* await gordon.guard(req, exec, { approvalId: e.approvalId! });
|
|
47
|
-
* }
|
|
48
|
-
* }
|
|
6
|
+
* gordon.fetch() is a drop-in fetch that runs the x402 402->authorize->retry
|
|
7
|
+
* cycle through the platform; gordon.checkApproval() polls an approval the
|
|
8
|
+
* platform issued (the escalate->approve->retry loop). All governance runs IN
|
|
9
|
+
* the platform (the standalone evaluator + payment-agnostic gordon.evaluate()/
|
|
10
|
+
* guard() were removed 2026-06-05 - see CLAUDE.md recovery pointer to bb4cffa).
|
|
49
11
|
*/
|
|
50
12
|
export class Gordon {
|
|
51
13
|
cfg;
|
|
@@ -65,43 +27,21 @@ export class Gordon {
|
|
|
65
27
|
}
|
|
66
28
|
this.authHeader = `Bearer ${cfg.agentApiKey}:${cfg.agentApiSecret}`;
|
|
67
29
|
}
|
|
68
|
-
async evaluate(request, opts) {
|
|
69
|
-
try {
|
|
70
|
-
const body = { request };
|
|
71
|
-
if (opts?.approvalId)
|
|
72
|
-
body.idempotency_key = opts.approvalId;
|
|
73
|
-
const res = await this.fetchImpl(`${this.cfg.evaluatorUrl}/evaluate`, {
|
|
74
|
-
method: 'POST',
|
|
75
|
-
headers: {
|
|
76
|
-
'content-type': 'application/json',
|
|
77
|
-
authorization: this.authHeader,
|
|
78
|
-
},
|
|
79
|
-
body: JSON.stringify(body),
|
|
80
|
-
});
|
|
81
|
-
if (!res.ok)
|
|
82
|
-
return failClosed(`evaluator_status_${res.status}`);
|
|
83
|
-
return (await res.json());
|
|
84
|
-
}
|
|
85
|
-
catch {
|
|
86
|
-
return failClosed('evaluator_unreachable');
|
|
87
|
-
}
|
|
88
|
-
}
|
|
89
|
-
async guard(request, exec, opts) {
|
|
90
|
-
const decision = await this.evaluate(request, opts);
|
|
91
|
-
if (decision.result === 'block')
|
|
92
|
-
throw new GordonBlockedError(decision);
|
|
93
|
-
if (decision.result === 'escalate')
|
|
94
|
-
throw new GordonEscalateError(decision);
|
|
95
|
-
return await exec();
|
|
96
|
-
}
|
|
97
30
|
/**
|
|
98
|
-
* Poll the status of an approval the
|
|
99
|
-
* Returns `{status: 'pending'}` for unknown ids — the
|
|
100
|
-
*
|
|
31
|
+
* Poll the status of an approval the platform issued (on an x402 escalate).
|
|
32
|
+
* Returns `{status: 'pending'}` for unknown ids — the cache may have expired
|
|
33
|
+
* (7-day TTL) or the id is wrong.
|
|
101
34
|
*/
|
|
102
35
|
async checkApproval(approvalId) {
|
|
36
|
+
// Poll the PLATFORM's agent-facing /approvals/:id (the evaluator's
|
|
37
|
+
// equivalent was decommissioned 2026-06-05). gordon.fetch()'s x402 escalate
|
|
38
|
+
// flow returns an approval_id; poll here until approved, then retry the fetch.
|
|
39
|
+
const platformUrl = this.cfg.platformUrl;
|
|
40
|
+
if (!platformUrl) {
|
|
41
|
+
throw new Error('gordon.checkApproval() requires GordonConfig.platformUrl');
|
|
42
|
+
}
|
|
103
43
|
try {
|
|
104
|
-
const res = await this.fetchImpl(`${
|
|
44
|
+
const res = await this.fetchImpl(`${platformUrl}/approvals/${encodeURIComponent(approvalId)}`, {
|
|
105
45
|
method: 'GET',
|
|
106
46
|
headers: { authorization: this.authHeader },
|
|
107
47
|
});
|
|
@@ -141,7 +81,7 @@ export class Gordon {
|
|
|
141
81
|
if (!platformUrl) {
|
|
142
82
|
throw new Error('gordon.fetch() requires GordonConfig.platformUrl');
|
|
143
83
|
}
|
|
144
|
-
const { serviceId, operationId, idempotencyKey, maxPaymentUnits = 100_000, targetUrl, ...fetchOpts } = options;
|
|
84
|
+
const { serviceId, operationId, idempotencyKey, replayKey, maxPaymentUnits = 100_000, targetUrl, ...fetchOpts } = options;
|
|
145
85
|
const idemKey = idempotencyKey ?? randomBytes(16).toString('hex');
|
|
146
86
|
// ── 1. Initial request ──────────────────────────────────────────────
|
|
147
87
|
const originalRes = await this.fetchImpl(url, fetchOpts);
|
|
@@ -155,18 +95,22 @@ export class Gordon {
|
|
|
155
95
|
const paymentReqHeader = originalRes.headers.get('X-Payment-Required') ??
|
|
156
96
|
originalRes.headers.get('x-payment-required') ??
|
|
157
97
|
originalRes.headers.get('PAYMENT-REQUIRED');
|
|
98
|
+
// rawPaymentReq holds the original 402 body/header — passed as-is to the
|
|
99
|
+
// Platform so it can normalize once server-side (preserves `extra` fields
|
|
100
|
+
// and avoids the double-normalization bug that strips provider-specific
|
|
101
|
+
// fields needed for signature verification, e.g. Untitled Financial, Exa).
|
|
102
|
+
let rawPaymentReq;
|
|
158
103
|
let paymentRequirement;
|
|
159
104
|
try {
|
|
160
105
|
if (paymentReqHeader) {
|
|
161
106
|
// Header path (x402v1 or base64-encoded v2 header)
|
|
162
|
-
let raw;
|
|
163
107
|
try {
|
|
164
|
-
|
|
108
|
+
rawPaymentReq = JSON.parse(Buffer.from(paymentReqHeader, 'base64url').toString('utf-8'));
|
|
165
109
|
}
|
|
166
110
|
catch {
|
|
167
|
-
|
|
111
|
+
rawPaymentReq = JSON.parse(paymentReqHeader);
|
|
168
112
|
}
|
|
169
|
-
paymentRequirement = normalizeX402PaymentRequirement(
|
|
113
|
+
paymentRequirement = normalizeX402PaymentRequirement(rawPaymentReq);
|
|
170
114
|
}
|
|
171
115
|
else {
|
|
172
116
|
// Body path (x402v2 — parse response body as JSON payment requirement)
|
|
@@ -186,6 +130,7 @@ export class Gordon {
|
|
|
186
130
|
if (!looksLikeX402) {
|
|
187
131
|
return { response: originalRes, receipt: null };
|
|
188
132
|
}
|
|
133
|
+
rawPaymentReq = bodyRaw;
|
|
189
134
|
paymentRequirement = normalizeX402PaymentRequirement(bodyRaw);
|
|
190
135
|
}
|
|
191
136
|
}
|
|
@@ -217,10 +162,12 @@ export class Gordon {
|
|
|
217
162
|
body_hash: bodyHash,
|
|
218
163
|
...(targetUrl ? { target_url: targetUrl } : {}),
|
|
219
164
|
},
|
|
220
|
-
|
|
165
|
+
// Pass the raw 402 body so the Platform normalizes once server-side.
|
|
166
|
+
payment_requirement: rawPaymentReq,
|
|
221
167
|
max_payment_units: maxPaymentUnits,
|
|
222
168
|
currency: 'USDC',
|
|
223
169
|
idempotency_key: idemKey,
|
|
170
|
+
...(replayKey ? { replay_key: replayKey } : {}),
|
|
224
171
|
};
|
|
225
172
|
const authorizeRes = await this.fetchImpl(`${platformUrl}/x402/authorize`, {
|
|
226
173
|
method: 'POST',
|
|
@@ -248,7 +195,9 @@ export class Gordon {
|
|
|
248
195
|
let confirmed = false;
|
|
249
196
|
let completionStatus = 'provider_not_successful';
|
|
250
197
|
if (providerRes.ok) {
|
|
251
|
-
const xPaymentResponse = providerRes.headers.get('X-Payment-Response') ??
|
|
198
|
+
const xPaymentResponse = providerRes.headers.get('X-Payment-Response') ??
|
|
199
|
+
providerRes.headers.get('x-payment-response') ??
|
|
200
|
+
providerRes.headers.get('payment-response');
|
|
252
201
|
if (xPaymentResponse) {
|
|
253
202
|
const completeRes = await this.fetchImpl(`${platformUrl}/x402/settlements/${authorization.settlement_id}/complete`, {
|
|
254
203
|
method: 'POST',
|
package/dist/sdk/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../sdk/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,+BAA+B,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../sdk/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,+BAA+B,EAAE,MAAM,aAAa,CAAC;AAiF9D;;;;;;;;GAQG;AACH,MAAM,OAAO,MAAM;IAIY;IAHZ,SAAS,CAAe;IACxB,UAAU,CAAS;IAEpC,YAA6B,GAAiB;QAAjB,QAAG,GAAH,GAAG,CAAc;QAC5C,MAAM,WAAW,GAAG,UAAU,CAAC,KAAK,CAAC;QACrC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC;QAC7B,CAAC;aAAM,IAAI,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CACb,iGAAiG,CAClG,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,UAAU,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;IACtE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CAAC,UAAkB;QAKpC,mEAAmE;QACnE,4EAA4E;QAC5E,+EAA+E;QAC/E,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;QACzC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAC9B,GAAG,WAAW,cAAc,kBAAkB,CAAC,UAAU,CAAC,EAAE,EAC5D;gBACE,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,UAAU,EAAE;aAC5C,CACF,CAAC;YACF,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACvB,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;YACnE,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;YACnE,CAAC;YACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2B,CAAC;YAC1D,OAAO;gBACL,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,UAAU,EAAE,IAAI,CAAC,WAAW;gBAC5B,UAAU,EAAE,IAAI,CAAC,WAAW;aAC7B,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QACnE,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,KAAK,CAAC,GAAW,EAAE,UAA8B,EAAE;QACvD,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;QACzC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,EAAE,SAAS,EAAE,GAAG,SAAS,EAAE,GAAG,OAAO,CAAC;QAC1H,MAAM,OAAO,GAAG,cAAc,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAElE,uEAAuE;QACvE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAEzD,IAAI,WAAW,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC/B,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAClD,CAAC;QAED,sEAAsE;QACtE,2EAA2E;QAC3E,4FAA4F;QAC5F,uCAAuC;QACvC,MAAM,gBAAgB,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;YACpE,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;YAC7C,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAE9C,yEAAyE;QACzE,0EAA0E;QAC1E,wEAAwE;QACxE,2EAA2E;QAC3E,IAAI,aAAsC,CAAC;QAC3C,IAAI,kBAAsE,CAAC;QAC3E,IAAI,CAAC;YACH,IAAI,gBAAgB,EAAE,CAAC;gBACrB,mDAAmD;gBACnD,IAAI,CAAC;oBACH,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;gBAC3F,CAAC;gBAAC,MAAM,CAAC;oBACP,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;gBAC/C,CAAC;gBACD,kBAAkB,GAAG,+BAA+B,CAAC,aAAa,CAAC,CAAC;YACtE,CAAC;iBAAM,CAAC;gBACN,uEAAuE;gBACvE,IAAI,OAAgC,CAAC;gBACrC,IAAI,CAAC;oBACH,OAAO,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,IAAI,EAA6B,CAAC;gBACxE,CAAC;gBAAC,MAAM,CAAC;oBACP,8DAA8D;oBAC9D,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;gBAClD,CAAC;gBACD,kFAAkF;gBAClF,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;oBAClD,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ;oBACvC,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ;oBACjC,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ,CAAC;gBACrC,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;gBAClD,CAAC;gBACD,aAAa,GAAG,OAAO,CAAC;gBACxB,kBAAkB,GAAG,+BAA+B,CAAC,OAAO,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,kBAAkB,CAAC,0CAA0C,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,CAAC,kBAAkB,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAC9D,iEAAiE;YACjE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAClD,CAAC;QAED,uEAAuE;QACvE,IAAI,QAAQ,GAAG,EAAE,CAAC;QAClB,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YACnB,MAAM,SAAS,GAAG,OAAO,SAAS,CAAC,IAAI,KAAK,QAAQ;gBAClD,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC;gBACtC,CAAC,CAAC,SAAS,CAAC,IAAI,YAAY,UAAU;oBACpC,CAAC,CAAC,SAAS,CAAC,IAAI;oBAChB,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;YACnD,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClE,CAAC;QAED,uEAAuE;QACvE,MAAM,aAAa,GAAyB;YAC1C,QAAQ,EAAE,EAAE,EAAE,uDAAuD;YACrE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/C,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrD,gBAAgB,EAAE;gBAChB,GAAG;gBACH,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE;gBACjD,SAAS,EAAE,QAAQ;gBACnB,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChD;YACD,qEAAqE;YACrE,mBAAmB,EAAE,aAA4D;YACjF,iBAAiB,EAAE,eAAe;YAClC,QAAQ,EAAE,MAAM;YAChB,eAAe,EAAE,OAAO;YACxB,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAChD,CAAC;QAEF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,WAAW,iBAAiB,EAAE;YACzE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,IAAI,CAAC,UAAU;aAC/B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAA4B,CAAC;YACvF,MAAM,IAAI,kBAAkB,CAC1B,8BAA8B,OAAO,CAAC,KAAK,IAAI,YAAY,CAAC,MAAM,EAAE,EACpE,YAAY,CAAC,MAAM,EACnB,OAAO,CACR,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,CAA0B,CAAC;QAE3E,uEAAuE;QACvE,MAAM,YAAY,GAAG,IAAI,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACpD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,eAAe,CAAC,EAAE,CAAC;YACnE,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;QAEvF,uEAAuE;QACvE,uEAAuE;QACvE,oEAAoE;QACpE,qEAAqE;QACrE,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,IAAI,gBAAgB,GAAG,yBAAyB,CAAC;QACjD,IAAI,WAAW,CAAC,EAAE,EAAE,CAAC;YACnB,MAAM,gBAAgB,GACpB,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;gBAC7C,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;gBAC7C,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAC9C,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,WAAW,qBAAqB,aAAa,CAAC,aAAa,WAAW,EAAE;oBAClH,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE;wBACP,cAAc,EAAE,kBAAkB;wBAClC,aAAa,EAAE,IAAI,CAAC,UAAU;qBAC/B;oBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,CAAC;iBACpE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;gBACrB,SAAS,GAAG,WAAW,EAAE,EAAE,KAAK,IAAI,CAAC;gBACrC,gBAAgB,GAAG,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,4BAA4B,CAAC;YAC5E,CAAC;iBAAM,CAAC;gBACN,gBAAgB,GAAG,4BAA4B,CAAC;YAClD,CAAC;QACH,CAAC;QAED,IAAI,WAAW,CAAC,EAAE,IAAI,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC9D,MAAM,IAAI,kBAAkB,CAC1B,sCAAsC,gBAAgB,EAAE,EACxD,GAAG,EACH;gBACE,aAAa,EAAE,aAAa,CAAC,aAAa;gBAC1C,cAAc,EAAE,aAAa,CAAC,cAAc;gBAC5C,iBAAiB,EAAE,gBAAgB;aACpC,CACF,CAAC;QACJ,CAAC;QAED,qEAAqE;QACrE,MAAM,WAAW,GAAG,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAEtD,OAAO;YACL,QAAQ,EAAE,WAAW;YACrB,OAAO,EAAE;gBACP,aAAa,EAAE,aAAa,CAAC,aAAa;gBAC1C,cAAc,EAAE,aAAa,CAAC,cAAc;gBAC5C,YAAY,EAAE,WAAW;gBACzB,OAAO,EAAE,kBAAkB,CAAC,OAAO;gBACnC,MAAM,EAAE,kBAAkB,CAAC,MAAM;gBACjC,SAAS;aACV;SACF,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAIhC;IACA;IAJO,IAAI,GAAG,oBAAoB,CAAC;IAC9C,YACE,OAAe,EACN,UAAmB,EACnB,IAA8B;QAEvC,KAAK,CAAC,OAAO,CAAC,CAAC;QAHN,eAAU,GAAV,UAAU,CAAS;QACnB,SAAI,GAAJ,IAAI,CAA0B;IAGzC,CAAC;CACF"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
1
2
|
export type ActionType = 'purchase' | 'service_call';
|
|
2
3
|
export type ServiceCategory = 'search' | 'scrape' | 'ai' | 'data' | 'infrastructure' | 'security' | 'finance' | 'creative';
|
|
3
4
|
/** State machine: listed → discovered → probe_passed → gordon_verified | disabled */
|
|
@@ -8,6 +9,8 @@ export interface X402PaymentRequirement {
|
|
|
8
9
|
scheme: X402Scheme;
|
|
9
10
|
network: string;
|
|
10
11
|
token: string;
|
|
12
|
+
/** x402 asset transfer method. Omitted/undefined means native EIP-3009 for USDC/EURC. */
|
|
13
|
+
transfer_method?: string;
|
|
11
14
|
/** Merchant/payTo address. */
|
|
12
15
|
pay_to: string;
|
|
13
16
|
facilitator_url?: string;
|
|
@@ -28,7 +31,7 @@ export declare function normalizeX402PaymentRequirement(raw: Record<string, unkn
|
|
|
28
31
|
*/
|
|
29
32
|
export interface X402AuthorizeRequest {
|
|
30
33
|
agent_id: string;
|
|
31
|
-
/** Known slug (e.g. '
|
|
34
|
+
/** Known slug (e.g. 'zlurp') — null if calling an unlisted endpoint. */
|
|
32
35
|
service_id?: string;
|
|
33
36
|
/** Known operation (e.g. 'scrape.url') — null if unlisted. */
|
|
34
37
|
operation_id?: string;
|
|
@@ -50,7 +53,8 @@ export interface X402AuthorizeRequest {
|
|
|
50
53
|
*/
|
|
51
54
|
session_id?: string;
|
|
52
55
|
};
|
|
53
|
-
|
|
56
|
+
/** Raw 402 body from the provider. Platform normalizes server-side so extra fields are preserved. */
|
|
57
|
+
payment_requirement: X402PaymentRequirement | Record<string, unknown>;
|
|
54
58
|
/**
|
|
55
59
|
* SDK-supplied ceiling in micro-units (1,000,000 = $1.00).
|
|
56
60
|
* Platform will reject if the required amount exceeds this.
|
|
@@ -59,6 +63,12 @@ export interface X402AuthorizeRequest {
|
|
|
59
63
|
currency: string;
|
|
60
64
|
/** Caller-supplied UUID, stable across retries. */
|
|
61
65
|
idempotency_key: string;
|
|
66
|
+
/**
|
|
67
|
+
* Optional one-shot replay key. The Platform rejects reuse by the same agent
|
|
68
|
+
* for a short TTL. Unlike idempotency_key, this protects a new authorization
|
|
69
|
+
* attempt and is not used to retrieve an existing settlement.
|
|
70
|
+
*/
|
|
71
|
+
replay_key?: string;
|
|
62
72
|
}
|
|
63
73
|
/** Platform → SDK: payment approved and signed. SDK retries the original request. */
|
|
64
74
|
export interface X402AuthorizeResponse {
|
|
@@ -78,7 +88,7 @@ export interface TransactionRequest {
|
|
|
78
88
|
currency: string;
|
|
79
89
|
category: string;
|
|
80
90
|
metadata: Record<string, unknown>;
|
|
81
|
-
/** Server-set: the
|
|
91
|
+
/** Server-set: the platform's processing time (ms since epoch) — NOT
|
|
82
92
|
* agent-supplied. Used to compute the UTC daily/monthly spend bucket.
|
|
83
93
|
* Closes audit gap #4 (no clock-skew exploit possible). */
|
|
84
94
|
timestamp: number;
|
|
@@ -109,17 +119,19 @@ export interface Decision {
|
|
|
109
119
|
latency_ms: number;
|
|
110
120
|
}
|
|
111
121
|
/**
|
|
112
|
-
*
|
|
113
|
-
*
|
|
122
|
+
* A pure engine `Decision` wrapped with the identifiers the platform's x402
|
|
123
|
+
* governance path generates around it:
|
|
114
124
|
* - `transaction_id`: always set; the eventual `transactions.id` row
|
|
115
|
-
* - `approval_id`: set on
|
|
116
|
-
*
|
|
117
|
-
* polling the same approval). Null on plain allow/block.
|
|
125
|
+
* - `approval_id`: set on escalate (the approval the agent retries
|
|
126
|
+
* against). Null on plain allow/block.
|
|
118
127
|
*
|
|
119
128
|
* Both are pushed to the `ledger_stream` Redis stream and drained into
|
|
120
|
-
* Postgres asynchronously by the ledger worker.
|
|
121
|
-
*
|
|
122
|
-
*
|
|
129
|
+
* Postgres asynchronously by the ledger worker.
|
|
130
|
+
*
|
|
131
|
+
* NOTE: currently unreferenced — this was the body of the removed payment-
|
|
132
|
+
* agnostic `POST /evaluate` (decommissioned 2026-06-05; recovery pointer in
|
|
133
|
+
* CLAUDE.md System A → commit `bb4cffa`). Retained as the canonical shape for
|
|
134
|
+
* that surface if it is ever restored.
|
|
123
135
|
*/
|
|
124
136
|
export interface EvaluateResponse extends Decision {
|
|
125
137
|
transaction_id: string;
|
|
@@ -127,9 +139,10 @@ export interface EvaluateResponse extends Decision {
|
|
|
127
139
|
}
|
|
128
140
|
export type ApprovalStatus = 'pending' | 'approved' | 'denied';
|
|
129
141
|
/**
|
|
130
|
-
* Response body of GET /approvals/:id on the
|
|
131
|
-
* see `
|
|
132
|
-
*
|
|
142
|
+
* Response body of GET /approvals/:id on the platform (agent-key auth).
|
|
143
|
+
* Backed by Redis — see `engine/cache.ts → keys.approval`. Polled by agents
|
|
144
|
+
* via `gordon.checkApproval()` after an x402 escalate hands back an
|
|
145
|
+
* `approval_id` (surfaced as `GordonPaymentError.body.approval_id`).
|
|
133
146
|
*/
|
|
134
147
|
export interface ApprovalStatusResponse {
|
|
135
148
|
approval_id: string;
|
|
@@ -137,4 +150,285 @@ export interface ApprovalStatusResponse {
|
|
|
137
150
|
resolved_at: number | null;
|
|
138
151
|
resolved_by: string | null;
|
|
139
152
|
}
|
|
153
|
+
export declare const RuleSchema: z.ZodObject<{
|
|
154
|
+
id: z.ZodString;
|
|
155
|
+
type: z.ZodEnum<["budget_limit", "vendor_allowlist", "category_block", "approval_required", "service_allowlist"]>;
|
|
156
|
+
scope: z.ZodEnum<["per_transaction", "daily", "monthly"]>;
|
|
157
|
+
value: z.ZodUnion<[z.ZodNumber, z.ZodArray<z.ZodString, "many">]>;
|
|
158
|
+
priority: z.ZodNumber;
|
|
159
|
+
}, "strip", z.ZodTypeAny, {
|
|
160
|
+
id: string;
|
|
161
|
+
type: "budget_limit" | "vendor_allowlist" | "category_block" | "approval_required" | "service_allowlist";
|
|
162
|
+
value: number | string[];
|
|
163
|
+
scope: "per_transaction" | "daily" | "monthly";
|
|
164
|
+
priority: number;
|
|
165
|
+
}, {
|
|
166
|
+
id: string;
|
|
167
|
+
type: "budget_limit" | "vendor_allowlist" | "category_block" | "approval_required" | "service_allowlist";
|
|
168
|
+
value: number | string[];
|
|
169
|
+
scope: "per_transaction" | "daily" | "monthly";
|
|
170
|
+
priority: number;
|
|
171
|
+
}>;
|
|
172
|
+
/** The provider's original request descriptor (drives vendor + domain checks). */
|
|
173
|
+
export declare const OriginalRequestSchema: z.ZodObject<{
|
|
174
|
+
url: z.ZodString;
|
|
175
|
+
method: z.ZodOptional<z.ZodString>;
|
|
176
|
+
body_hash: z.ZodOptional<z.ZodString>;
|
|
177
|
+
target_url: z.ZodOptional<z.ZodString>;
|
|
178
|
+
session_id: z.ZodOptional<z.ZodString>;
|
|
179
|
+
}, "strip", z.ZodTypeAny, {
|
|
180
|
+
url: string;
|
|
181
|
+
method?: string | undefined;
|
|
182
|
+
body_hash?: string | undefined;
|
|
183
|
+
target_url?: string | undefined;
|
|
184
|
+
session_id?: string | undefined;
|
|
185
|
+
}, {
|
|
186
|
+
url: string;
|
|
187
|
+
method?: string | undefined;
|
|
188
|
+
body_hash?: string | undefined;
|
|
189
|
+
target_url?: string | undefined;
|
|
190
|
+
session_id?: string | undefined;
|
|
191
|
+
}>;
|
|
192
|
+
/** Hypothetical spend/default context (simulator pretend-spend; dry-run). */
|
|
193
|
+
export declare const EvalContextOverrideSchema: z.ZodObject<{
|
|
194
|
+
spend_today: z.ZodOptional<z.ZodNumber>;
|
|
195
|
+
spend_this_month: z.ZodOptional<z.ZodNumber>;
|
|
196
|
+
default_decision: z.ZodOptional<z.ZodEnum<["allow", "block"]>>;
|
|
197
|
+
}, "strip", z.ZodTypeAny, {
|
|
198
|
+
spend_today?: number | undefined;
|
|
199
|
+
spend_this_month?: number | undefined;
|
|
200
|
+
default_decision?: "allow" | "block" | undefined;
|
|
201
|
+
}, {
|
|
202
|
+
spend_today?: number | undefined;
|
|
203
|
+
spend_this_month?: number | undefined;
|
|
204
|
+
default_decision?: "allow" | "block" | undefined;
|
|
205
|
+
}>;
|
|
206
|
+
/** Inline per-service caps (dry-run "what if these limits" testing). */
|
|
207
|
+
export declare const EnabledServiceInputSchema: z.ZodObject<{
|
|
208
|
+
max_per_call_units: z.ZodNumber;
|
|
209
|
+
max_per_day_units: z.ZodNumber;
|
|
210
|
+
require_approval_above_units: z.ZodNumber;
|
|
211
|
+
enabled_operations: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString, "many">>>;
|
|
212
|
+
allowed_domains: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString, "many">>>;
|
|
213
|
+
}, "strip", z.ZodTypeAny, {
|
|
214
|
+
max_per_call_units: number;
|
|
215
|
+
max_per_day_units: number;
|
|
216
|
+
require_approval_above_units: number;
|
|
217
|
+
enabled_operations?: string[] | null | undefined;
|
|
218
|
+
allowed_domains?: string[] | null | undefined;
|
|
219
|
+
}, {
|
|
220
|
+
max_per_call_units: number;
|
|
221
|
+
max_per_day_units: number;
|
|
222
|
+
require_approval_above_units: number;
|
|
223
|
+
enabled_operations?: string[] | null | undefined;
|
|
224
|
+
allowed_domains?: string[] | null | undefined;
|
|
225
|
+
}>;
|
|
226
|
+
/**
|
|
227
|
+
* The single locked request body for the four platform evaluation routes.
|
|
228
|
+
* Field PRESENCE requirements differ per route (enforced after parse):
|
|
229
|
+
* - /x402/authorize: payment_requirement + max_payment_units + idempotency_key required
|
|
230
|
+
* - /x402/check: payment_requirement + max_payment_units + replay_key required
|
|
231
|
+
* - /x402/authorize-test: amount required when payment_requirement is absent
|
|
232
|
+
* - /policies/dry-run: rules required
|
|
233
|
+
* `.strict()` rejects unknown keys so contract drift is caught at the door.
|
|
234
|
+
*/
|
|
235
|
+
export declare const UnifiedAuthorizeRequestSchema: z.ZodObject<{
|
|
236
|
+
service_id: z.ZodOptional<z.ZodString>;
|
|
237
|
+
operation_id: z.ZodOptional<z.ZodString>;
|
|
238
|
+
original_request: z.ZodOptional<z.ZodObject<{
|
|
239
|
+
url: z.ZodString;
|
|
240
|
+
method: z.ZodOptional<z.ZodString>;
|
|
241
|
+
body_hash: z.ZodOptional<z.ZodString>;
|
|
242
|
+
target_url: z.ZodOptional<z.ZodString>;
|
|
243
|
+
session_id: z.ZodOptional<z.ZodString>;
|
|
244
|
+
}, "strip", z.ZodTypeAny, {
|
|
245
|
+
url: string;
|
|
246
|
+
method?: string | undefined;
|
|
247
|
+
body_hash?: string | undefined;
|
|
248
|
+
target_url?: string | undefined;
|
|
249
|
+
session_id?: string | undefined;
|
|
250
|
+
}, {
|
|
251
|
+
url: string;
|
|
252
|
+
method?: string | undefined;
|
|
253
|
+
body_hash?: string | undefined;
|
|
254
|
+
target_url?: string | undefined;
|
|
255
|
+
session_id?: string | undefined;
|
|
256
|
+
}>>;
|
|
257
|
+
payment_requirement: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
258
|
+
/** Micro-units (1,000,000 = $1). Required in test/dry-run when no payment_requirement. */
|
|
259
|
+
amount: z.ZodOptional<z.ZodNumber>;
|
|
260
|
+
max_payment_units: z.ZodOptional<z.ZodNumber>;
|
|
261
|
+
currency: z.ZodOptional<z.ZodString>;
|
|
262
|
+
idempotency_key: z.ZodOptional<z.ZodString>;
|
|
263
|
+
replay_key: z.ZodOptional<z.ZodString>;
|
|
264
|
+
/** Override vendor/category for test/dry-run; otherwise derived. */
|
|
265
|
+
vendor: z.ZodOptional<z.ZodString>;
|
|
266
|
+
category: z.ZodOptional<z.ZodString>;
|
|
267
|
+
/** Granted approval to execute against on a real /x402/authorize retry. */
|
|
268
|
+
approval_id: z.ZodOptional<z.ZodString>;
|
|
269
|
+
rules: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
270
|
+
id: z.ZodString;
|
|
271
|
+
type: z.ZodEnum<["budget_limit", "vendor_allowlist", "category_block", "approval_required", "service_allowlist"]>;
|
|
272
|
+
scope: z.ZodEnum<["per_transaction", "daily", "monthly"]>;
|
|
273
|
+
value: z.ZodUnion<[z.ZodNumber, z.ZodArray<z.ZodString, "many">]>;
|
|
274
|
+
priority: z.ZodNumber;
|
|
275
|
+
}, "strip", z.ZodTypeAny, {
|
|
276
|
+
id: string;
|
|
277
|
+
type: "budget_limit" | "vendor_allowlist" | "category_block" | "approval_required" | "service_allowlist";
|
|
278
|
+
value: number | string[];
|
|
279
|
+
scope: "per_transaction" | "daily" | "monthly";
|
|
280
|
+
priority: number;
|
|
281
|
+
}, {
|
|
282
|
+
id: string;
|
|
283
|
+
type: "budget_limit" | "vendor_allowlist" | "category_block" | "approval_required" | "service_allowlist";
|
|
284
|
+
value: number | string[];
|
|
285
|
+
scope: "per_transaction" | "daily" | "monthly";
|
|
286
|
+
priority: number;
|
|
287
|
+
}>, "many">>;
|
|
288
|
+
context: z.ZodOptional<z.ZodObject<{
|
|
289
|
+
spend_today: z.ZodOptional<z.ZodNumber>;
|
|
290
|
+
spend_this_month: z.ZodOptional<z.ZodNumber>;
|
|
291
|
+
default_decision: z.ZodOptional<z.ZodEnum<["allow", "block"]>>;
|
|
292
|
+
}, "strip", z.ZodTypeAny, {
|
|
293
|
+
spend_today?: number | undefined;
|
|
294
|
+
spend_this_month?: number | undefined;
|
|
295
|
+
default_decision?: "allow" | "block" | undefined;
|
|
296
|
+
}, {
|
|
297
|
+
spend_today?: number | undefined;
|
|
298
|
+
spend_this_month?: number | undefined;
|
|
299
|
+
default_decision?: "allow" | "block" | undefined;
|
|
300
|
+
}>>;
|
|
301
|
+
enabled_service: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
302
|
+
max_per_call_units: z.ZodNumber;
|
|
303
|
+
max_per_day_units: z.ZodNumber;
|
|
304
|
+
require_approval_above_units: z.ZodNumber;
|
|
305
|
+
enabled_operations: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString, "many">>>;
|
|
306
|
+
allowed_domains: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString, "many">>>;
|
|
307
|
+
}, "strip", z.ZodTypeAny, {
|
|
308
|
+
max_per_call_units: number;
|
|
309
|
+
max_per_day_units: number;
|
|
310
|
+
require_approval_above_units: number;
|
|
311
|
+
enabled_operations?: string[] | null | undefined;
|
|
312
|
+
allowed_domains?: string[] | null | undefined;
|
|
313
|
+
}, {
|
|
314
|
+
max_per_call_units: number;
|
|
315
|
+
max_per_day_units: number;
|
|
316
|
+
require_approval_above_units: number;
|
|
317
|
+
enabled_operations?: string[] | null | undefined;
|
|
318
|
+
allowed_domains?: string[] | null | undefined;
|
|
319
|
+
}>>>;
|
|
320
|
+
/** dry-run / authorize-test (JWT auth) supply the target agent in the body. */
|
|
321
|
+
agent_id: z.ZodOptional<z.ZodString>;
|
|
322
|
+
}, "strict", z.ZodTypeAny, {
|
|
323
|
+
amount?: number | undefined;
|
|
324
|
+
service_id?: string | undefined;
|
|
325
|
+
operation_id?: string | undefined;
|
|
326
|
+
original_request?: {
|
|
327
|
+
url: string;
|
|
328
|
+
method?: string | undefined;
|
|
329
|
+
body_hash?: string | undefined;
|
|
330
|
+
target_url?: string | undefined;
|
|
331
|
+
session_id?: string | undefined;
|
|
332
|
+
} | undefined;
|
|
333
|
+
payment_requirement?: Record<string, unknown> | undefined;
|
|
334
|
+
max_payment_units?: number | undefined;
|
|
335
|
+
currency?: string | undefined;
|
|
336
|
+
idempotency_key?: string | undefined;
|
|
337
|
+
replay_key?: string | undefined;
|
|
338
|
+
vendor?: string | undefined;
|
|
339
|
+
category?: string | undefined;
|
|
340
|
+
approval_id?: string | undefined;
|
|
341
|
+
rules?: {
|
|
342
|
+
id: string;
|
|
343
|
+
type: "budget_limit" | "vendor_allowlist" | "category_block" | "approval_required" | "service_allowlist";
|
|
344
|
+
value: number | string[];
|
|
345
|
+
scope: "per_transaction" | "daily" | "monthly";
|
|
346
|
+
priority: number;
|
|
347
|
+
}[] | undefined;
|
|
348
|
+
context?: {
|
|
349
|
+
spend_today?: number | undefined;
|
|
350
|
+
spend_this_month?: number | undefined;
|
|
351
|
+
default_decision?: "allow" | "block" | undefined;
|
|
352
|
+
} | undefined;
|
|
353
|
+
enabled_service?: {
|
|
354
|
+
max_per_call_units: number;
|
|
355
|
+
max_per_day_units: number;
|
|
356
|
+
require_approval_above_units: number;
|
|
357
|
+
enabled_operations?: string[] | null | undefined;
|
|
358
|
+
allowed_domains?: string[] | null | undefined;
|
|
359
|
+
} | null | undefined;
|
|
360
|
+
agent_id?: string | undefined;
|
|
361
|
+
}, {
|
|
362
|
+
amount?: number | undefined;
|
|
363
|
+
service_id?: string | undefined;
|
|
364
|
+
operation_id?: string | undefined;
|
|
365
|
+
original_request?: {
|
|
366
|
+
url: string;
|
|
367
|
+
method?: string | undefined;
|
|
368
|
+
body_hash?: string | undefined;
|
|
369
|
+
target_url?: string | undefined;
|
|
370
|
+
session_id?: string | undefined;
|
|
371
|
+
} | undefined;
|
|
372
|
+
payment_requirement?: Record<string, unknown> | undefined;
|
|
373
|
+
max_payment_units?: number | undefined;
|
|
374
|
+
currency?: string | undefined;
|
|
375
|
+
idempotency_key?: string | undefined;
|
|
376
|
+
replay_key?: string | undefined;
|
|
377
|
+
vendor?: string | undefined;
|
|
378
|
+
category?: string | undefined;
|
|
379
|
+
approval_id?: string | undefined;
|
|
380
|
+
rules?: {
|
|
381
|
+
id: string;
|
|
382
|
+
type: "budget_limit" | "vendor_allowlist" | "category_block" | "approval_required" | "service_allowlist";
|
|
383
|
+
value: number | string[];
|
|
384
|
+
scope: "per_transaction" | "daily" | "monthly";
|
|
385
|
+
priority: number;
|
|
386
|
+
}[] | undefined;
|
|
387
|
+
context?: {
|
|
388
|
+
spend_today?: number | undefined;
|
|
389
|
+
spend_this_month?: number | undefined;
|
|
390
|
+
default_decision?: "allow" | "block" | undefined;
|
|
391
|
+
} | undefined;
|
|
392
|
+
enabled_service?: {
|
|
393
|
+
max_per_call_units: number;
|
|
394
|
+
max_per_day_units: number;
|
|
395
|
+
require_approval_above_units: number;
|
|
396
|
+
enabled_operations?: string[] | null | undefined;
|
|
397
|
+
allowed_domains?: string[] | null | undefined;
|
|
398
|
+
} | null | undefined;
|
|
399
|
+
agent_id?: string | undefined;
|
|
400
|
+
}>;
|
|
401
|
+
export type UnifiedAuthorizeRequest = z.infer<typeof UnifiedAuthorizeRequestSchema>;
|
|
402
|
+
export type EvalContextOverride = z.infer<typeof EvalContextOverrideSchema>;
|
|
403
|
+
export type EnabledServiceInput = z.infer<typeof EnabledServiceInputSchema>;
|
|
404
|
+
/**
|
|
405
|
+
* Response of POST /x402/authorize-test — a full real-state evaluation with NO
|
|
406
|
+
* side effects (no signing, settlement, spend, audit, or approval). Deliberately
|
|
407
|
+
* carries NO transaction_id/settlement_id/payment_headers.
|
|
408
|
+
*/
|
|
409
|
+
export interface AuthorizeTestResponse {
|
|
410
|
+
test: true;
|
|
411
|
+
decision: Decision;
|
|
412
|
+
/** true iff every gate passed AND decision.result === 'allow'. */
|
|
413
|
+
would_authorize: boolean;
|
|
414
|
+
/** Convenience mirror of the outcome ('block' on a pre-eval reject). */
|
|
415
|
+
result: DecisionResult;
|
|
416
|
+
reason: string;
|
|
417
|
+
amount_units: number;
|
|
418
|
+
max_per_call_units: number | null;
|
|
419
|
+
max_per_day_units: number | null;
|
|
420
|
+
require_approval_above_units: number | null;
|
|
421
|
+
approval_required: boolean;
|
|
422
|
+
fraud: {
|
|
423
|
+
risk_score: number;
|
|
424
|
+
flags: string[];
|
|
425
|
+
};
|
|
426
|
+
/** Echo of the input slug + the resolved internal UUID (for debugging). */
|
|
427
|
+
service_id: string | null;
|
|
428
|
+
resolved_service_internal_id: string | null;
|
|
429
|
+
}
|
|
430
|
+
/** Agent-authenticated policy-only preflight. Carries no payment proof or IDs. */
|
|
431
|
+
export type X402CheckResponse = Omit<AuthorizeTestResponse, 'test'> & {
|
|
432
|
+
check: true;
|
|
433
|
+
};
|
|
140
434
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,cAAc,CAAC;AAIrD,MAAM,MAAM,eAAe,GACvB,QAAQ,GACR,QAAQ,GACR,IAAI,GACJ,MAAM,GACN,gBAAgB,GAChB,UAAU,GACV,SAAS,GACT,UAAU,CAAC;AAEf,qFAAqF;AACrF,MAAM,MAAM,WAAW,GACnB,QAAQ,GACR,YAAY,GACZ,cAAc,GACd,iBAAiB,GACjB,UAAU,CAAC;AAEf,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,MAAM,CAAC;AAI1C,kEAAkE;AAClE,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,6DAA6D;IAC7D,MAAM,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,yDAAyD;IACzD,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,cAAc,CAAC;AAIrD,MAAM,MAAM,eAAe,GACvB,QAAQ,GACR,QAAQ,GACR,IAAI,GACJ,MAAM,GACN,gBAAgB,GAChB,UAAU,GACV,SAAS,GACT,UAAU,CAAC;AAEf,qFAAqF;AACrF,MAAM,MAAM,WAAW,GACnB,QAAQ,GACR,YAAY,GACZ,cAAc,GACd,iBAAiB,GACjB,UAAU,CAAC;AAEf,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,MAAM,CAAC;AAI1C,kEAAkE;AAClE,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,yFAAyF;IACzF,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,6DAA6D;IAC7D,MAAM,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,yDAAyD;IACzD,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AA2CD,wBAAgB,+BAA+B,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,sBAAsB,CAgDpG;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,wEAAwE;IACxE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE;QAChB,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,sEAAsE;QACtE,SAAS,EAAE,MAAM,CAAC;QAClB;;;;WAIG;QACH,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB;;;;WAIG;QACH,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,qGAAqG;IACrG,mBAAmB,EAAE,sBAAsB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtE;;;OAGG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,eAAe,EAAE,MAAM,CAAC;IACxB;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qFAAqF;AACrF,MAAM,WAAW,qBAAqB;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,4DAA4D;IAC5D,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,4DAA4D;IAC5D,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,UAAU,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,oGAAoG;IACpG,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC;;gEAE4D;IAC5D,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,QAAQ,GAChB,cAAc,GACd,kBAAkB,GAClB,gBAAgB,GAChB,mBAAmB,GACnB,mBAAmB,CAAC;AAExB,MAAM,MAAM,SAAS,GAAG,iBAAiB,GAAG,OAAO,GAAG,SAAS,CAAC;AAEhE,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,QAAQ,CAAC;IACf,KAAK,EAAE,SAAS,CAAC;IACjB;;uEAEmE;IACnE,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,MAAM;IACrB;kFAC8E;IAC9E,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,IAAI,EAAE,CAAC;CACf;AAED,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,CAAC;AAE5D,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,cAAc,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,gBAAiB,SAAQ,QAAQ;IAChD,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,CAAC;AAE/D;;;;;GAKG;AACH,MAAM,WAAW,sBAAsB;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,cAAc,CAAC;IACvB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAcD,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;EAYrB,CAAC;AAEH,kFAAkF;AAClF,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;EAMhC,CAAC;AAEH,6EAA6E;AAC7E,eAAO,MAAM,yBAAyB;;;;;;;;;;;;EAIpC,CAAC;AAEH,wEAAwE;AACxE,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;EAMpC,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;IAQtC,0FAA0F;;;;;;IAM1F,oEAAoE;;;IAGpE,2EAA2E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAM3E,+EAA+E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAGxE,CAAC;AAEZ,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AACpF,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,IAAI,CAAC;IACX,QAAQ,EAAE,QAAQ,CAAC;IACnB,kEAAkE;IAClE,eAAe,EAAE,OAAO,CAAC;IACzB,wEAAwE;IACxE,MAAM,EAAE,cAAc,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,4BAA4B,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5C,iBAAiB,EAAE,OAAO,CAAC;IAC3B,KAAK,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC/C,2EAA2E;IAC3E,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,4BAA4B,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7C;AAED,kFAAkF;AAClF,MAAM,MAAM,iBAAiB,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,CAAC,GAAG;IACpE,KAAK,EAAE,IAAI,CAAC;CACb,CAAC"}
|
package/dist/types.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
1
2
|
// Known USDC ERC-20 contract addresses across supported chains.
|
|
2
3
|
// Providers that use x402 v2 (e.g. Exa) send the contract address in the
|
|
3
4
|
// `asset` field instead of the string "USDC". We normalize these back to
|
|
@@ -17,18 +18,30 @@ function resolveTokenName(raw, selected) {
|
|
|
17
18
|
return 'USDC';
|
|
18
19
|
return s;
|
|
19
20
|
}
|
|
21
|
+
function isBaseNetwork(value) {
|
|
22
|
+
return value === 'eip155:8453' || value === 'base' || value === 'base-mainnet';
|
|
23
|
+
}
|
|
24
|
+
function assetTransferMethod(entry) {
|
|
25
|
+
const extra = entry.extra;
|
|
26
|
+
const method = entry.transfer_method ?? extra?.assetTransferMethod ?? entry.assetTransferMethod;
|
|
27
|
+
return typeof method === 'string' && method.trim().length > 0 ? method.trim() : undefined;
|
|
28
|
+
}
|
|
29
|
+
function isPermit2Accept(entry) {
|
|
30
|
+
return assetTransferMethod(entry)?.toLowerCase() === 'permit2';
|
|
31
|
+
}
|
|
32
|
+
function isUsdcExactAccept(entry) {
|
|
33
|
+
const token = String(entry.token ?? entry.asset ?? '').toUpperCase();
|
|
34
|
+
const scheme = String(entry.scheme ?? 'exact');
|
|
35
|
+
const isUsdc = !token || token === 'USDC' || KNOWN_USDC_ADDRESSES.has(token.toLowerCase());
|
|
36
|
+
return isUsdc && scheme === 'exact';
|
|
37
|
+
}
|
|
20
38
|
export function normalizeX402PaymentRequirement(raw) {
|
|
21
39
|
const accepts = raw.accepts;
|
|
22
40
|
const selected = Array.isArray(accepts) && accepts.length > 0
|
|
23
|
-
? accepts.find((entry) =>
|
|
24
|
-
const token = String(entry.token ?? entry.asset ?? '').toUpperCase();
|
|
25
|
-
const scheme = String(entry.scheme ?? 'exact');
|
|
26
|
-
// Accept entries where token is USDC (by name or known address) under exact scheme
|
|
27
|
-
const isUsdc = !token || token === 'USDC' || KNOWN_USDC_ADDRESSES.has(token.toLowerCase());
|
|
28
|
-
return isUsdc && scheme === 'exact';
|
|
29
|
-
}) ?? accepts[0]
|
|
41
|
+
? accepts.find((entry) => isUsdcExactAccept(entry) && isBaseNetwork(entry.network) && !isPermit2Accept(entry)) ?? accepts.find((entry) => isUsdcExactAccept(entry) && !isPermit2Accept(entry)) ?? accepts.find((entry) => isUsdcExactAccept(entry) && isBaseNetwork(entry.network)) ?? accepts.find(isUsdcExactAccept) ?? accepts[0]
|
|
30
42
|
: raw;
|
|
31
43
|
const token = resolveTokenName(raw, selected);
|
|
44
|
+
const transferMethod = assetTransferMethod(selected);
|
|
32
45
|
const payTo = selected.pay_to ??
|
|
33
46
|
selected.payTo ??
|
|
34
47
|
selected.payToAddress ??
|
|
@@ -47,6 +60,7 @@ export function normalizeX402PaymentRequirement(raw) {
|
|
|
47
60
|
scheme: (selected.scheme ?? raw.scheme ?? 'exact'),
|
|
48
61
|
network: String(selected.network ?? raw.network ?? ''),
|
|
49
62
|
token: String(token),
|
|
63
|
+
...(transferMethod ? { transfer_method: transferMethod } : {}),
|
|
50
64
|
pay_to: String(payTo ?? ''),
|
|
51
65
|
...(selected.facilitator_url ?? raw.facilitator_url
|
|
52
66
|
? { facilitator_url: String(selected.facilitator_url ?? raw.facilitator_url) }
|
|
@@ -59,4 +73,86 @@ export function normalizeX402PaymentRequirement(raw) {
|
|
|
59
73
|
raw,
|
|
60
74
|
};
|
|
61
75
|
}
|
|
76
|
+
// ── Unified evaluation request contract (PROJECT_TODOS #3) ──────────────────
|
|
77
|
+
// One validated request shape shared by the platform's three evaluation
|
|
78
|
+
// surfaces: POST /x402/authorize (real payment), POST /x402/check (agent-auth
|
|
79
|
+
// policy-only preflight), POST /x402/authorize-test
|
|
80
|
+
// (side-effect-free real-state simulation), and POST /policies/dry-run
|
|
81
|
+
// (hypothetical unsaved-rule testing). The CANONICAL `service_id`/`operation_id`
|
|
82
|
+
// on these platform paths is the human-readable SLUG; the handler resolves
|
|
83
|
+
// slug→UUID internally (the Redis SET stays UUID-keyed). The UUID-based
|
|
84
|
+
// payment-agnostic /evaluate was removed with the evaluator (2026-06-05), so
|
|
85
|
+
// slug is now the only convention on the surviving surfaces. zod gives us one
|
|
86
|
+
// enforced schema so a typo/drift on any surface fails loudly, not silently.
|
|
87
|
+
export const RuleSchema = z.object({
|
|
88
|
+
id: z.string(),
|
|
89
|
+
type: z.enum([
|
|
90
|
+
'budget_limit',
|
|
91
|
+
'vendor_allowlist',
|
|
92
|
+
'category_block',
|
|
93
|
+
'approval_required',
|
|
94
|
+
'service_allowlist',
|
|
95
|
+
]),
|
|
96
|
+
scope: z.enum(['per_transaction', 'daily', 'monthly']),
|
|
97
|
+
value: z.union([z.number(), z.array(z.string())]),
|
|
98
|
+
priority: z.number(),
|
|
99
|
+
});
|
|
100
|
+
/** The provider's original request descriptor (drives vendor + domain checks). */
|
|
101
|
+
export const OriginalRequestSchema = z.object({
|
|
102
|
+
url: z.string(),
|
|
103
|
+
method: z.string().optional(),
|
|
104
|
+
body_hash: z.string().optional(),
|
|
105
|
+
target_url: z.string().optional(),
|
|
106
|
+
session_id: z.string().optional(),
|
|
107
|
+
});
|
|
108
|
+
/** Hypothetical spend/default context (simulator pretend-spend; dry-run). */
|
|
109
|
+
export const EvalContextOverrideSchema = z.object({
|
|
110
|
+
spend_today: z.number().nonnegative().optional(),
|
|
111
|
+
spend_this_month: z.number().nonnegative().optional(),
|
|
112
|
+
default_decision: z.enum(['allow', 'block']).optional(),
|
|
113
|
+
});
|
|
114
|
+
/** Inline per-service caps (dry-run "what if these limits" testing). */
|
|
115
|
+
export const EnabledServiceInputSchema = z.object({
|
|
116
|
+
max_per_call_units: z.number(),
|
|
117
|
+
max_per_day_units: z.number(),
|
|
118
|
+
require_approval_above_units: z.number(),
|
|
119
|
+
enabled_operations: z.array(z.string()).nullable().optional(),
|
|
120
|
+
allowed_domains: z.array(z.string()).nullable().optional(),
|
|
121
|
+
});
|
|
122
|
+
/**
|
|
123
|
+
* The single locked request body for the four platform evaluation routes.
|
|
124
|
+
* Field PRESENCE requirements differ per route (enforced after parse):
|
|
125
|
+
* - /x402/authorize: payment_requirement + max_payment_units + idempotency_key required
|
|
126
|
+
* - /x402/check: payment_requirement + max_payment_units + replay_key required
|
|
127
|
+
* - /x402/authorize-test: amount required when payment_requirement is absent
|
|
128
|
+
* - /policies/dry-run: rules required
|
|
129
|
+
* `.strict()` rejects unknown keys so contract drift is caught at the door.
|
|
130
|
+
*/
|
|
131
|
+
export const UnifiedAuthorizeRequestSchema = z
|
|
132
|
+
.object({
|
|
133
|
+
// ── identity (SLUG on platform paths) ──
|
|
134
|
+
service_id: z.string().optional(),
|
|
135
|
+
operation_id: z.string().optional(),
|
|
136
|
+
// ── payment / request descriptor ──
|
|
137
|
+
original_request: OriginalRequestSchema.optional(),
|
|
138
|
+
payment_requirement: z.record(z.string(), z.unknown()).optional(),
|
|
139
|
+
/** Micro-units (1,000,000 = $1). Required in test/dry-run when no payment_requirement. */
|
|
140
|
+
amount: z.number().int().nonnegative().optional(),
|
|
141
|
+
max_payment_units: z.number().int().positive().optional(),
|
|
142
|
+
currency: z.string().optional(),
|
|
143
|
+
idempotency_key: z.string().optional(),
|
|
144
|
+
replay_key: z.string().optional(),
|
|
145
|
+
/** Override vendor/category for test/dry-run; otherwise derived. */
|
|
146
|
+
vendor: z.string().optional(),
|
|
147
|
+
category: z.string().optional(),
|
|
148
|
+
/** Granted approval to execute against on a real /x402/authorize retry. */
|
|
149
|
+
approval_id: z.string().optional(),
|
|
150
|
+
// ── dry-run / test-only overrides ──
|
|
151
|
+
rules: z.array(RuleSchema).optional(),
|
|
152
|
+
context: EvalContextOverrideSchema.optional(),
|
|
153
|
+
enabled_service: EnabledServiceInputSchema.nullable().optional(),
|
|
154
|
+
/** dry-run / authorize-test (JWT auth) supply the target agent in the body. */
|
|
155
|
+
agent_id: z.string().optional(),
|
|
156
|
+
})
|
|
157
|
+
.strict();
|
|
62
158
|
//# sourceMappingURL=types.js.map
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../types.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAgDxB,gEAAgE;AAChE,yEAAyE;AACzE,yEAAyE;AACzE,uEAAuE;AACvE,qBAAqB;AACrB,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,4CAA4C,EAAE,eAAe;IAC7D,4CAA4C,EAAE,eAAe;IAC7D,4CAA4C,EAAE,mBAAmB;IACjE,4CAA4C,EAAE,mBAAmB;CAClE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;AAE7B,SAAS,gBAAgB,CAAC,GAA4B,EAAE,QAAiC;IACvF,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,IAAI,MAAM,CAAC;IACvF,MAAM,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IAC5B,gFAAgF;IAChF,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAAE,OAAO,MAAM,CAAC;IACnF,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,KAAK,KAAK,aAAa,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,cAAc,CAAC;AACjF,CAAC;AAED,SAAS,mBAAmB,CAAC,KAA8B;IACzD,MAAM,KAAK,GAAG,KAAK,CAAC,KAA4C,CAAC;IACjE,MAAM,MAAM,GAAG,KAAK,CAAC,eAAe,IAAI,KAAK,EAAE,mBAAmB,IAAI,KAAK,CAAC,mBAAmB,CAAC;IAChG,OAAO,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5F,CAAC;AAED,SAAS,eAAe,CAAC,KAA8B;IACrD,OAAO,mBAAmB,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,KAAK,SAAS,CAAC;AACjE,CAAC;AAED,SAAS,iBAAiB,CAAC,KAA8B;IACvD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,CAAC,KAAK,IAAI,KAAK,KAAK,MAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IAC3F,OAAO,MAAM,IAAI,MAAM,KAAK,OAAO,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,+BAA+B,CAAC,GAA4B;IAC1E,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAC5B,MAAM,QAAQ,GACZ,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAC1C,CAAC,CAAE,OAAqC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CACpD,iBAAiB,CAAC,KAAK,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CACpF,IAAK,OAAqC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CACzD,iBAAiB,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CACpD,IAAK,OAAqC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CACzD,iBAAiB,CAAC,KAAK,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CACzD,IAAK,OAAqC,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAK,OAAO,CAAC,CAAC,CAA6B;QAChH,CAAC,CAAC,GAAG,CAAC;IAEV,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,cAAc,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,KAAK,GACT,QAAQ,CAAC,MAAM;QACf,QAAQ,CAAC,KAAK;QACd,QAAQ,CAAC,YAAY;QACrB,GAAG,CAAC,MAAM;QACV,GAAG,CAAC,KAAK;QACT,GAAG,CAAC,YAAY,CAAC;IACnB,MAAM,MAAM,GACV,QAAQ,CAAC,MAAM;QACf,QAAQ,CAAC,UAAU;QACnB,QAAQ,CAAC,iBAAiB;QAC1B,QAAQ,CAAC,SAAS;QAClB,GAAG,CAAC,MAAM;QACV,GAAG,CAAC,UAAU;QACd,GAAG,CAAC,iBAAiB;QACrB,GAAG,CAAC,SAAS,CAAC;IAEhB,OAAO;QACL,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,OAAO,CAAe;QAChE,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;QACtD,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;QACpB,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,MAAM,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3B,GAAG,CAAC,QAAQ,CAAC,eAAe,IAAI,GAAG,CAAC,eAAe;YACjD,CAAC,CAAC,EAAE,eAAe,EAAE,MAAM,CAAC,QAAQ,CAAC,eAAe,IAAI,GAAG,CAAC,eAAe,CAAC,EAAE;YAC9E,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;QAC5B,GAAG,CAAC,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,iBAAiB,IAAI,QAAQ,CAAC,SAAS,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,SAAS;YACrI,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,iBAAiB,IAAI,QAAQ,CAAC,SAAS,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,SAAS,CAAC,EAAE;YAC7J,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtF,GAAG;KACJ,CAAC;AACJ,CAAC;AAiJD,+EAA+E;AAC/E,wEAAwE;AACxE,8EAA8E;AAC9E,oDAAoD;AACpD,uEAAuE;AACvE,iFAAiF;AACjF,2EAA2E;AAC3E,wEAAwE;AACxE,6EAA6E;AAC7E,8EAA8E;AAC9E,6EAA6E;AAE7E,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;QACX,cAAc;QACd,kBAAkB;QAClB,gBAAgB;QAChB,mBAAmB;QACnB,mBAAmB;KACpB,CAAC;IACF,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,iBAAiB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IACtD,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;CACrB,CAAC,CAAC;AAEH,kFAAkF;AAClF,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;IACf,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC;AAEH,6EAA6E;AAC7E,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAChD,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACrD,gBAAgB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;CACxD,CAAC,CAAC;AAEH,wEAAwE;AACxE,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC9B,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC7B,4BAA4B,EAAE,CAAC,CAAC,MAAM,EAAE;IACxC,kBAAkB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC7D,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CAC3D,CAAC,CAAC;AAEH;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC;KAC3C,MAAM,CAAC;IACN,0CAA0C;IAC1C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,qCAAqC;IACrC,gBAAgB,EAAE,qBAAqB,CAAC,QAAQ,EAAE;IAClD,mBAAmB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjE,0FAA0F;IAC1F,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACjD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IACzD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,oEAAoE;IACpE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,2EAA2E;IAC3E,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,sCAAsC;IACtC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE;IACrC,OAAO,EAAE,yBAAyB,CAAC,QAAQ,EAAE;IAC7C,eAAe,EAAE,yBAAyB,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAChE,+EAA+E;IAC/E,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC;KACD,MAAM,EAAE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@withgordon/core",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.2",
|
|
4
4
|
"description": "Gordon SDK for policy-governed agent payments and x402 service settlement.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/sdk/index.js",
|
|
@@ -36,10 +36,10 @@
|
|
|
36
36
|
"test": "vitest run",
|
|
37
37
|
"test:watch": "vitest",
|
|
38
38
|
"typecheck": "tsc --noEmit",
|
|
39
|
-
"evaluator:dev": "node --import tsx evaluator/index.ts",
|
|
40
39
|
"platform:dev": "node --import tsx platform/index.ts",
|
|
41
40
|
"worker:ledger:dev": "node --import tsx workers/index.ts",
|
|
42
41
|
"db:init": "node --import tsx scripts/init-db.ts",
|
|
42
|
+
"catalog:sync": "node --import tsx scripts/sync-services.ts",
|
|
43
43
|
"e2e:buyer-agent": "AUTH_SECRET=buyer-agent-e2e-auth-secret INTERNAL_API_SECRET=buyer-agent-e2e-internal-secret GORDON_X402_ENABLE_EXPERIMENTAL_SIGNER=true node --import tsx scripts/buyer-agent-e2e.ts"
|
|
44
44
|
},
|
|
45
45
|
"devDependencies": {
|
|
@@ -62,9 +62,9 @@
|
|
|
62
62
|
"drizzle-orm": "^0.45.2",
|
|
63
63
|
"express": "^5.2.1",
|
|
64
64
|
"fast-jwt": "^6.2.4",
|
|
65
|
-
"fastify": "^5.8.5",
|
|
66
65
|
"ioredis": "^5.10.1",
|
|
67
66
|
"nanoid": "^5.1.11",
|
|
68
|
-
"pg": "^8.20.0"
|
|
67
|
+
"pg": "^8.20.0",
|
|
68
|
+
"zod": "^3.23.8"
|
|
69
69
|
}
|
|
70
70
|
}
|