agentmall 0.1.21 → 0.1.22

package/dist/cli.js

@@ -2,6 +2,7 @@
 
 // src/cli/index.ts
 import { spawn } from "child_process";
+import { privateKeyToAccount } from "viem/accounts";
 
 // src/constants.ts
 var BASE_URL = "https://api.agentmall.sh";
@@ -142,6 +143,25 @@ var AgentMall = class {
     return await response.json();
   }
 };
+async function createStoreAccountHeaders(client, account) {
+  const challenge = await client.request(
+    "POST",
+    "/api/managed-accounts/challenge",
+    {
+      body: {
+        address: account.address
+      }
+    }
+  );
+  const signature = await account.signMessage({
+    message: challenge.message
+  });
+  return {
+    "X-AgentMall-Wallet-Address": account.address,
+    "X-AgentMall-Auth-Challenge": challenge.challenge,
+    "X-AgentMall-Auth-Signature": signature
+  };
+}
 var AgentMallProducts = class {
   constructor(client) {
     this.client = client;
@@ -161,18 +181,20 @@ var AgentMallPurchases = class {
    * Create a purchase. The first call returns a 402 MPP payment challenge.
    * Use mppx-wrapped fetch to handle payment automatically, or catch PaymentRequiredError.
    */
-  async create(body) {
+  async create(body, options) {
     const idempotencyKey = body.idempotency_key ?? createIdempotencyKey();
     const storeAccountId = body.store_account_id ?? body.retailer_credentials_id;
+    const headers = {
+      ...storeAccountId && options?.account ? await createStoreAccountHeaders(this.client, options.account) : {},
+      "X-Idempotency-Key": idempotencyKey
+    };
     return this.client.request("POST", "/api/purchases", {
       body: {
         ...body,
         ...storeAccountId ? { retailer_credentials_id: storeAccountId } : {},
         idempotency_key: idempotencyKey
       },
-      headers: {
-        "X-Idempotency-Key": idempotencyKey
-      }
+      headers
     });
   }
   /** Get a single purchase by ID using either operator auth or a buyer token. */
@@ -285,23 +307,7 @@ var AgentMallStoreAccounts = class {
     this.client = client;
   }
   async walletHeaders(account) {
-    const challenge = await this.client.request(
-      "POST",
-      "/api/managed-accounts/challenge",
-      {
-        body: {
-          address: account.address
-        }
-      }
-    );
-    const signature = await account.signMessage({
-      message: challenge.message
-    });
-    return {
-      "X-AgentMall-Wallet-Address": account.address,
-      "X-AgentMall-Auth-Challenge": challenge.challenge,
-      "X-AgentMall-Auth-Signature": signature
-    };
+    return createStoreAccountHeaders(this.client, account);
   }
   /** List your store accounts. Requires either apiSecret or a wallet signer. */
   async list(options) {
@@ -702,6 +708,13 @@ function displayOrderSummary(body) {
   line(
     `${addr.city}, ${addr.state ?? ""} ${addr.postal_code} ${addr.country}`
   );
+  if (body.store_account_id || body.retailer_credentials_id) {
+    gap();
+    kv(
+      "Store account",
+      `${c.bold}${body.store_account_id ?? body.retailer_credentials_id}${c.reset}`
+    );
+  }
 }
 function displayOrderResult(order) {
   gap();
@@ -784,6 +797,35 @@ function displayRefund(refund2) {
   }
   gap();
 }
+function formatTimestamp(value) {
+  return new Date(value).toLocaleString();
+}
+function displayStoreAccount(account, opts) {
+  section(opts?.title ?? `Store Account ${account.short_id}`);
+  kv("Short ID", account.short_id);
+  kv("Retailer", account.retailer ?? "default");
+  kv("Email", account.email);
+  kv("2FA", account.has_totp ? "configured" : "not set", {
+    color: account.has_totp ? c.green : c.yellow
+  });
+  kv("Forwarding", account.has_forwarding ? "ready" : "pending", {
+    color: account.has_forwarding ? c.green : c.yellow
+  });
+  kv("Forward Email", account.forwarding_email, { dim: true });
+  kv("Created", formatTimestamp(account.created_at), { dim: true });
+  kv("Updated", formatTimestamp(account.updated_at), { dim: true });
+}
+function displayStoreAccounts(accounts) {
+  section("Store Accounts");
+  if (accounts.length === 0) {
+    line("No store accounts found.");
+    return;
+  }
+  kv("Total", String(accounts.length));
+  for (const account of accounts) {
+    displayStoreAccount(account);
+  }
+}
 
 // src/cli/prompts.ts
 import { input, confirm, select } from "@inquirer/prompts";
@@ -977,6 +1019,17 @@ function parseTempoBalance(balance) {
 function formatUsdcNumber(amount) {
   return amount.toFixed(6).replace(/\.?0+$/, "");
 }
+function createIdempotencyKey2() {
+  return globalThis.crypto?.randomUUID?.() ?? `agentmall_${Date.now()}_${Math.random().toString(16).slice(2)}`;
+}
+function normalizeAddress(value) {
+  const trimmed = value?.trim();
+  return trimmed ? trimmed.toLowerCase() : void 0;
+}
+function formatAddress(address) {
+  if (!address) return null;
+  return `${address.slice(0, 6)}\u2026${address.slice(-4)}`;
+}
 async function runCommandCapture(command2, args2, envOverrides) {
   return await new Promise((resolve, reject) => {
     const child = spawn(command2, args2, {
@@ -1029,6 +1082,15 @@ async function readTempoWhoami() {
     return null;
   }
 }
+async function readTempoKeys() {
+  try {
+    const result = await runCommandCapture("tempo", ["wallet", "keys", "-j"]);
+    if (result.code !== 0) return null;
+    return JSON.parse(result.stdout);
+  } catch {
+    return null;
+  }
+}
 async function ensureTempoInstalled() {
   try {
     const result = await runCommandCapture("tempo", ["--version"]);
@@ -1061,6 +1123,94 @@ function formatUsdAmount(cents) {
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
+async function getTempoSignerContext(wallet) {
+  const readyWallet = wallet ?? await ensureTempoReady();
+  const fallbackKey = (await readTempoKeys())?.keys?.[0];
+  const tempoKey = readyWallet.key ?? fallbackKey;
+  const privateKey = tempoKey?.key?.trim();
+  const signerAddress = normalizeAddress(tempoKey?.address);
+  if (!privateKey || !signerAddress) {
+    throw new Error(
+      "Tempo wallet does not expose a signing key. Run `tempo wallet login` again."
+    );
+  }
+  const account = privateKeyToAccount(privateKey);
+  if (normalizeAddress(account.address) !== signerAddress) {
+    throw new Error("Tempo signing key does not match the signer address.");
+  }
+  return {
+    account,
+    signerAddress,
+    walletAddress: normalizeAddress(readyWallet.wallet) ?? normalizeAddress(tempoKey?.wallet_address)
+  };
+}
+async function createStoreAccountAuthHeaders(account) {
+  const response = await fetch(`${BASE_URL}/api/managed-accounts/challenge`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      address: account.address
+    })
+  });
+  const text = await response.text();
+  let payload = null;
+  try {
+    payload = text ? JSON.parse(text) : null;
+  } catch {
+    payload = text || null;
+  }
+  if (!response.ok) {
+    const message = typeof payload === "string" ? payload : payload?.error ?? "Unable to authorize store account";
+    throw new Error(message);
+  }
+  const challenge = payload;
+  if (!challenge?.challenge || !challenge.message) {
+    throw new Error("Store account authorization challenge was invalid.");
+  }
+  const signature = await account.signMessage({
+    message: challenge.message
+  });
+  return {
+    "X-AgentMall-Wallet-Address": account.address,
+    "X-AgentMall-Auth-Challenge": challenge.challenge,
+    "X-AgentMall-Auth-Signature": signature
+  };
+}
+function normalizeOptional(value) {
+  const trimmed = value?.trim();
+  return trimmed ? trimmed : void 0;
+}
+async function promptStoreAccountFields(mode) {
+  const { input: input2 } = await import("@inquirer/prompts");
+  const email = mode === "create" ? await input2({
+    message: "Store account email",
+    validate: (value) => EMAIL_PATTERN.test(value.trim()) ? true : "A valid email is required"
+  }) : await input2({
+    message: "Email (leave blank to keep current)",
+    default: "",
+    validate: (value) => !value.trim() || EMAIL_PATTERN.test(value.trim()) ? true : "Enter a valid email or leave blank"
+  });
+  const retailer = await input2({
+    message: mode === "create" ? "Retailer" : "Retailer (leave blank to keep current)",
+    default: mode === "create" ? "amazon" : ""
+  });
+  const password = await input2({
+    message: mode === "create" ? "Password (optional)" : "Password (leave blank to keep current)",
+    default: ""
+  });
+  const totpSecret = await input2({
+    message: mode === "create" ? "TOTP secret (optional)" : "TOTP secret (leave blank to keep current)",
+    default: ""
+  });
+  return {
+    ...normalizeOptional(email) ? { email: normalizeOptional(email) } : {},
+    ...normalizeOptional(retailer) ? { retailer: normalizeOptional(retailer) } : {},
+    ...normalizeOptional(password) ? { password: normalizeOptional(password) } : {},
+    ...normalizeOptional(totpSecret) ? { totpSecret: normalizeOptional(totpSecret) } : {}
+  };
+}
 function getSelectedVariantUnitPriceCents(selectedVariants) {
   const highestVariantPrice = selectedVariants?.reduce((highest, variant) => {
     const variantPriceCents = typeof variant.price === "number" ? Math.round(variant.price * 100) : 0;
@@ -1110,23 +1260,25 @@ async function ensureSufficientBalance(requiredCents, wallet) {
     `Still not enough USDC after funding: have ${formatUsdcNumber(available)}, need ${formatUsdAmount(requiredCents)}.`
   );
 }
-async function createPurchaseWithTempo(body) {
-  const totalChargeCents = body.max_budget + SERVICE_FEE_CENTS;
-  const result = await runCommandCapture(
-    "tempo",
-    [
-      "request",
-      "-s",
-      "-X",
-      "POST",
-      "--json",
-      JSON.stringify(body),
-      `${BASE_URL}/api/purchases`
-    ],
-    {
-      TEMPO_MAX_SPEND: formatUsdAmount(totalChargeCents)
-    }
-  );
+async function createPurchaseWithTempo(body, options) {
+  const idempotencyKey = body.idempotency_key?.trim() || createIdempotencyKey2();
+  const requestBody = {
+    ...body,
+    idempotency_key: idempotencyKey
+  };
+  const totalChargeCents = requestBody.max_budget + SERVICE_FEE_CENTS;
+  const headers = {
+    "X-Idempotency-Key": idempotencyKey,
+    ...options?.headers ?? {}
+  };
+  const args2 = ["request", "-s", "-X", "POST"];
+  for (const [key, value] of Object.entries(headers)) {
+    args2.push("-H", `${key}: ${value}`);
+  }
+  args2.push("--json", JSON.stringify(requestBody), `${BASE_URL}/api/purchases`);
+  const result = await runCommandCapture("tempo", args2, {
+    TEMPO_MAX_SPEND: formatUsdAmount(totalChargeCents)
+  });
   if (result.code !== 0) {
     const raw = result.stderr.trim() || result.stdout.trim();
     const payload = raw ? (() => {
@@ -1147,7 +1299,7 @@ async function createPurchaseWithTempo(body) {
     );
   }
 }
-async function buy(urlArg) {
+async function buy(urlArg, options) {
   try {
     banner();
     gap();
@@ -1193,6 +1345,7 @@ async function buy(urlArg) {
       message: "Email for order updates",
       validate: (value) => EMAIL_PATTERN.test(value.trim()) ? true : "A valid email is required"
     });
+    const storeAccountId = normalizeOptional(options?.storeAccountId);
     const body = {
       items: [
         {
@@ -1203,7 +1356,9 @@ async function buy(urlArg) {
       ],
       delivery_address: address,
       max_budget: maxBudget,
-      buyer_email: buyerEmail
+      buyer_email: buyerEmail,
+      ...storeAccountId ? { store_account_id: storeAccountId } : {},
+      idempotency_key: createIdempotencyKey2()
     };
     displayOrderSummary(body);
     gap();
@@ -1227,17 +1382,32 @@ async function buy(urlArg) {
       return;
     }
     const totalChargeCents = maxBudget + SERVICE_FEE_CENTS;
-    const wallet = await spin("Connecting wallet", () => ensureTempoReady());
-    await ensureSufficientBalance(totalChargeCents, wallet);
+    const initialWallet = await spin("Connecting wallet", () => ensureTempoReady());
+    const wallet = await ensureSufficientBalance(totalChargeCents, initialWallet);
     if (wallet.wallet) {
       const addr = wallet.wallet;
       const short = `${addr.slice(0, 6)}\u2026${addr.slice(-4)}`;
       const bal = wallet.balance?.available ? ` \xB7 ${wallet.balance.available} ${wallet.balance?.symbol ?? "USDC"}` : "";
       muted(`Wallet ${short}${bal}`);
     }
+    let purchaseHeaders;
+    if (storeAccountId) {
+      const signer = await spin("Authorizing store account", async () => {
+        const context = await getTempoSignerContext(wallet);
+        const headers = await createStoreAccountAuthHeaders(context.account);
+        return { headers, context };
+      });
+      purchaseHeaders = signer.headers;
+      const signerLine = formatAddress(signer.context.signerAddress);
+      muted(
+        signerLine ? `Store account ${storeAccountId} authorized by signer ${signerLine}` : `Store account ${storeAccountId} authorized`
+      );
+    }
     const order = await spin(
       "Placing order",
-      () => createPurchaseWithTempo(body)
+      () => createPurchaseWithTempo(body, {
+        ...purchaseHeaders ? { headers: purchaseHeaders } : {}
+      })
     );
     if (order.buyerToken) {
       await saveBuyerToken(order.id, order.buyerToken);
@@ -1347,6 +1517,120 @@ async function onboard() {
   );
   gap();
 }
+async function storeAccountsList() {
+  banner();
+  gap();
+  const wallet = await spin("Connecting wallet", () => ensureTempoReady());
+  const signer = await getTempoSignerContext(wallet);
+  const client = new AgentMall();
+  const walletLabel = formatAddress(signer.walletAddress);
+  const signerLabel = formatAddress(signer.signerAddress);
+  if (walletLabel || signerLabel) {
+    muted(
+      `Using ${walletLabel ? `wallet ${walletLabel}` : "Tempo wallet"}${walletLabel && signerLabel ? " \xB7 " : ""}${signerLabel ? `signer ${signerLabel}` : ""}`
+    );
+    gap();
+  }
+  const accounts = await spin(
+    "Loading store accounts",
+    () => client.storeAccounts.list({ account: signer.account })
+  );
+  displayStoreAccounts(accounts);
+  gap();
+}
+async function storeAccountsCreate(options) {
+  banner();
+  gap();
+  const fields = {
+    ...normalizeOptional(options?.email) ? { email: normalizeOptional(options?.email) } : {},
+    ...normalizeOptional(options?.retailer) ? { retailer: normalizeOptional(options?.retailer) } : {},
+    ...normalizeOptional(options?.password) ? { password: normalizeOptional(options?.password) } : {},
+    ...normalizeOptional(options?.totpSecret) ? { totpSecret: normalizeOptional(options?.totpSecret) } : {}
+  };
+  const prompted = fields.email && fields.retailer !== void 0 ? fields : {
+    ...fields,
+    ...await promptStoreAccountFields("create")
+  };
+  if (!prompted.email) {
+    throw new Error("Email is required.");
+  }
+  const body = {
+    email: prompted.email,
+    ...prompted.retailer ? { retailer: prompted.retailer } : {},
+    ...prompted.password ? { password: prompted.password } : {},
+    ...prompted.totpSecret ? { totp_secret: prompted.totpSecret } : {}
+  };
+  const wallet = await spin("Connecting wallet", () => ensureTempoReady());
+  const signer = await getTempoSignerContext(wallet);
+  const client = new AgentMall();
+  const account = await spin(
+    "Creating store account",
+    () => client.storeAccounts.create(body, { account: signer.account })
+  );
+  displayStoreAccount(account, { title: "Store Account Created" });
+  gap();
+  line(
+    `Use ${c.bold}store_account_id: "${account.short_id}"${c.reset} on purchases.`
+  );
+  gap();
+}
+async function storeAccountsUpdate(shortId, options) {
+  banner();
+  gap();
+  if (!shortId.trim()) {
+    throw new Error("short_id is required.");
+  }
+  let fields = {
+    ...normalizeOptional(options?.email) ? { email: normalizeOptional(options?.email) } : {},
+    ...normalizeOptional(options?.retailer) ? { retailer: normalizeOptional(options?.retailer) } : {},
+    ...normalizeOptional(options?.password) ? { password: normalizeOptional(options?.password) } : {},
+    ...normalizeOptional(options?.totpSecret) ? { totpSecret: normalizeOptional(options?.totpSecret) } : {}
+  };
+  if (Object.keys(fields).length === 0) {
+    fields = await promptStoreAccountFields("update");
+  }
+  if (Object.keys(fields).length === 0) {
+    throw new Error("No updates provided.");
+  }
+  const body = {
+    short_id: shortId.trim(),
+    ...fields.email ? { email: fields.email } : {},
+    ...fields.retailer ? { retailer: fields.retailer } : {},
+    ...fields.password ? { password: fields.password } : {},
+    ...fields.totpSecret ? { totp_secret: fields.totpSecret } : {}
+  };
+  const wallet = await spin("Connecting wallet", () => ensureTempoReady());
+  const signer = await getTempoSignerContext(wallet);
+  const client = new AgentMall();
+  const account = await spin(
+    "Updating store account",
+    () => client.storeAccounts.update(body, { account: signer.account })
+  );
+  displayStoreAccount(account, { title: "Store Account Updated" });
+  gap();
+}
+async function storeAccountsDelete(shortId, options) {
+  banner();
+  gap();
+  if (!shortId.trim()) {
+    throw new Error("short_id is required.");
+  }
+  const confirmed = options?.yes ?? await promptConfirm(`Delete store account ${shortId.trim()}?`);
+  if (!confirmed) {
+    muted("Cancelled.");
+    return;
+  }
+  const wallet = await spin("Connecting wallet", () => ensureTempoReady());
+  const signer = await getTempoSignerContext(wallet);
+  const client = new AgentMall();
+  await spin(
+    "Deleting store account",
+    () => client.storeAccounts.delete(shortId.trim(), { account: signer.account })
+  );
+  section("Store Account Deleted");
+  line(`${c.bold}${shortId.trim()}${c.reset} was removed.`);
+  gap();
+}
 
 // src/cli.ts
 var c2 = {
@@ -1358,22 +1642,78 @@ var c2 = {
 };
 var args = process.argv.slice(2);
 var command = args[0];
-function readBuyerTokenFlag(values) {
-  const inline = values.find((value) => value.startsWith("--buyer-token="));
+function readFlagValue(values, flag) {
+  const inline = values.find((value2) => value2.startsWith(`${flag}=`));
   if (inline) {
-    const token2 = inline.slice("--buyer-token=".length).trim();
-    return token2 || void 0;
+    const value2 = inline.slice(`${flag}=`.length).trim();
+    return value2 || void 0;
   }
-  const index = values.indexOf("--buyer-token");
+  const index = values.indexOf(flag);
   if (index === -1) return void 0;
-  const token = values[index + 1]?.trim();
-  return token || void 0;
+  const value = values[index + 1]?.trim();
+  return value || void 0;
+}
+function hasFlag(values, flag) {
+  return values.includes(flag);
+}
+function readBuyerTokenFlag(values) {
+  return readFlagValue(values, "--buyer-token");
+}
+function readStoreAccountFlag(values) {
+  return readFlagValue(values, "--store-account");
+}
+async function handleStoreAccounts(values) {
+  const subcommand = values[0];
+  const rest = values.slice(1);
+  switch (subcommand) {
+    case "list":
+      await storeAccountsList();
+      break;
+    case "create":
+      await storeAccountsCreate({
+        email: readFlagValue(rest, "--email"),
+        retailer: readFlagValue(rest, "--retailer"),
+        password: readFlagValue(rest, "--password"),
+        totpSecret: readFlagValue(rest, "--totp-secret")
+      });
+      break;
+    case "update":
+      if (!rest[0]) {
+        console.error(
+          "Usage: agentmall store-accounts update <short_id> [--email <email>] [--retailer <name>] [--password <password>] [--totp-secret <secret>]"
+        );
+        process.exit(1);
+      }
+      await storeAccountsUpdate(rest[0], {
+        email: readFlagValue(rest.slice(1), "--email"),
+        retailer: readFlagValue(rest.slice(1), "--retailer"),
+        password: readFlagValue(rest.slice(1), "--password"),
+        totpSecret: readFlagValue(rest.slice(1), "--totp-secret")
+      });
+      break;
+    case "delete":
+      if (!rest[0]) {
+        console.error("Usage: agentmall store-accounts delete <short_id> [--yes]");
+        process.exit(1);
+      }
+      await storeAccountsDelete(rest[0], {
+        yes: hasFlag(rest.slice(1), "--yes")
+      });
+      break;
+    default:
+      console.error(
+        "Usage: agentmall store-accounts <list|create|update|delete> ..."
+      );
+      process.exit(1);
+  }
 }
 async function main() {
   try {
     switch (command) {
       case "buy":
-        await buy(args[1]);
+        await buy(args[1], {
+          storeAccountId: readStoreAccountFlag(args.slice(2))
+        });
         break;
       case "status":
         if (!args[1]) {
@@ -1393,6 +1733,9 @@ async function main() {
       case "setup":
         await onboard();
         break;
+      case "store-accounts":
+        await handleStoreAccounts(args.slice(1));
+        break;
       case "help":
       case "--help":
       case "-h":
@@ -1431,6 +1774,9 @@ function printHelp() {
   console.log(
     `  ${c2.cyan}agentmall buy${c2.reset} <url>      ${c2.dim}Buy a product${c2.reset}`
   );
+  console.log(
+    `  ${c2.cyan}agentmall store-accounts${c2.reset} ${c2.dim}Manage your store accounts${c2.reset}`
+  );
   console.log(
     `  ${c2.cyan}agentmall status${c2.reset} <id>    ${c2.dim}Check order status${c2.reset}`
   );
@@ -1448,6 +1794,12 @@ function printHelp() {
   console.log(
     `  ${c2.dim}$${c2.reset} npx agentmall https://amazon.com/dp/B0DWTMJHCG`
   );
+  console.log(
+    `  ${c2.dim}$${c2.reset} npx agentmall buy <url> --store-account zn_acct_abc123`
+  );
+  console.log(
+    `  ${c2.dim}$${c2.reset} npx agentmall store-accounts create`
+  );
   console.log(`  ${c2.dim}$${c2.reset} npx agentmall status pur_abc123`);
   console.log(
     `  ${c2.dim}$${c2.reset} npx agentmall status pur_abc123 --buyer-token amtk_...`

package/dist/index.cjs

@@ -182,6 +182,25 @@ var AgentMall = class {
     return await response.json();
   }
 };
+async function createStoreAccountHeaders(client, account) {
+  const challenge = await client.request(
+    "POST",
+    "/api/managed-accounts/challenge",
+    {
+      body: {
+        address: account.address
+      }
+    }
+  );
+  const signature = await account.signMessage({
+    message: challenge.message
+  });
+  return {
+    "X-AgentMall-Wallet-Address": account.address,
+    "X-AgentMall-Auth-Challenge": challenge.challenge,
+    "X-AgentMall-Auth-Signature": signature
+  };
+}
 var AgentMallProducts = class {
   constructor(client) {
     this.client = client;
@@ -201,18 +220,20 @@ var AgentMallPurchases = class {
    * Create a purchase. The first call returns a 402 MPP payment challenge.
    * Use mppx-wrapped fetch to handle payment automatically, or catch PaymentRequiredError.
    */
-  async create(body) {
+  async create(body, options) {
     const idempotencyKey = body.idempotency_key ?? createIdempotencyKey();
     const storeAccountId = body.store_account_id ?? body.retailer_credentials_id;
+    const headers = {
+      ...storeAccountId && options?.account ? await createStoreAccountHeaders(this.client, options.account) : {},
+      "X-Idempotency-Key": idempotencyKey
+    };
     return this.client.request("POST", "/api/purchases", {
       body: {
         ...body,
         ...storeAccountId ? { retailer_credentials_id: storeAccountId } : {},
         idempotency_key: idempotencyKey
       },
-      headers: {
-        "X-Idempotency-Key": idempotencyKey
-      }
+      headers
     });
   }
   /** Get a single purchase by ID using either operator auth or a buyer token. */
@@ -325,23 +346,7 @@ var AgentMallStoreAccounts = class {
     this.client = client;
   }
   async walletHeaders(account) {
-    const challenge = await this.client.request(
-      "POST",
-      "/api/managed-accounts/challenge",
-      {
-        body: {
-          address: account.address
-        }
-      }
-    );
-    const signature = await account.signMessage({
-      message: challenge.message
-    });
-    return {
-      "X-AgentMall-Wallet-Address": account.address,
-      "X-AgentMall-Auth-Challenge": challenge.challenge,
-      "X-AgentMall-Auth-Signature": signature
-    };
+    return createStoreAccountHeaders(this.client, account);
   }
   /** List your store accounts. Requires either apiSecret or a wallet signer. */
   async list(options) {
@@ -394,7 +399,7 @@ async function purchase(config) {
     baseUrl: baseUrl ?? BASE_URL,
     fetch: mppx.fetch.bind(mppx)
   });
-  return client.purchases.create(body);
+  return client.purchases.create(body, { account });
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/index.d.cts

@@ -220,7 +220,9 @@ declare class AgentMallPurchases {
      * Create a purchase. The first call returns a 402 MPP payment challenge.
      * Use mppx-wrapped fetch to handle payment automatically, or catch PaymentRequiredError.
      */
-    create(body: CreatePurchaseRequest): Promise<CreatePurchaseResponse>;
+    create(body: CreatePurchaseRequest, options?: {
+        account?: WalletAccount;
+    }): Promise<CreatePurchaseResponse>;
     /** Get a single purchase by ID using either operator auth or a buyer token. */
     get(id: string, options?: {
         buyerToken?: string;
@@ -273,7 +275,7 @@ type AgentMallManagedAccounts = AgentMallStoreAccounts;
 
 type PurchaseConfig = CreatePurchaseRequest & {
     /** viem Account for MPP payment (from privateKeyToAccount or mppx resolveAccount). */
-    account: unknown;
+    account: WalletAccount;
     /** API base URL. Defaults to https://api.agentmall.sh */
     baseUrl?: string;
 };

package/dist/index.d.ts

@@ -220,7 +220,9 @@ declare class AgentMallPurchases {
      * Create a purchase. The first call returns a 402 MPP payment challenge.
      * Use mppx-wrapped fetch to handle payment automatically, or catch PaymentRequiredError.
      */
-    create(body: CreatePurchaseRequest): Promise<CreatePurchaseResponse>;
+    create(body: CreatePurchaseRequest, options?: {
+        account?: WalletAccount;
+    }): Promise<CreatePurchaseResponse>;
     /** Get a single purchase by ID using either operator auth or a buyer token. */
     get(id: string, options?: {
         buyerToken?: string;
@@ -273,7 +275,7 @@ type AgentMallManagedAccounts = AgentMallStoreAccounts;
 
 type PurchaseConfig = CreatePurchaseRequest & {
     /** viem Account for MPP payment (from privateKeyToAccount or mppx resolveAccount). */
-    account: unknown;
+    account: WalletAccount;
     /** API base URL. Defaults to https://api.agentmall.sh */
     baseUrl?: string;
 };

package/dist/index.js

@@ -137,6 +137,25 @@ var AgentMall = class {
     return await response.json();
   }
 };
+async function createStoreAccountHeaders(client, account) {
+  const challenge = await client.request(
+    "POST",
+    "/api/managed-accounts/challenge",
+    {
+      body: {
+        address: account.address
+      }
+    }
+  );
+  const signature = await account.signMessage({
+    message: challenge.message
+  });
+  return {
+    "X-AgentMall-Wallet-Address": account.address,
+    "X-AgentMall-Auth-Challenge": challenge.challenge,
+    "X-AgentMall-Auth-Signature": signature
+  };
+}
 var AgentMallProducts = class {
   constructor(client) {
     this.client = client;
@@ -156,18 +175,20 @@ var AgentMallPurchases = class {
    * Create a purchase. The first call returns a 402 MPP payment challenge.
    * Use mppx-wrapped fetch to handle payment automatically, or catch PaymentRequiredError.
    */
-  async create(body) {
+  async create(body, options) {
     const idempotencyKey = body.idempotency_key ?? createIdempotencyKey();
     const storeAccountId = body.store_account_id ?? body.retailer_credentials_id;
+    const headers = {
+      ...storeAccountId && options?.account ? await createStoreAccountHeaders(this.client, options.account) : {},
+      "X-Idempotency-Key": idempotencyKey
+    };
     return this.client.request("POST", "/api/purchases", {
       body: {
         ...body,
         ...storeAccountId ? { retailer_credentials_id: storeAccountId } : {},
         idempotency_key: idempotencyKey
       },
-      headers: {
-        "X-Idempotency-Key": idempotencyKey
-      }
+      headers
     });
   }
   /** Get a single purchase by ID using either operator auth or a buyer token. */
@@ -280,23 +301,7 @@ var AgentMallStoreAccounts = class {
     this.client = client;
   }
   async walletHeaders(account) {
-    const challenge = await this.client.request(
-      "POST",
-      "/api/managed-accounts/challenge",
-      {
-        body: {
-          address: account.address
-        }
-      }
-    );
-    const signature = await account.signMessage({
-      message: challenge.message
-    });
-    return {
-      "X-AgentMall-Wallet-Address": account.address,
-      "X-AgentMall-Auth-Challenge": challenge.challenge,
-      "X-AgentMall-Auth-Signature": signature
-    };
+    return createStoreAccountHeaders(this.client, account);
   }
   /** List your store accounts. Requires either apiSecret or a wallet signer. */
   async list(options) {
@@ -349,7 +354,7 @@ async function purchase(config) {
     baseUrl: baseUrl ?? BASE_URL,
     fetch: mppx.fetch.bind(mppx)
   });
-  return client.purchases.create(body);
+  return client.purchases.create(body, { account });
 }
 export {
   AgentMall,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentmall",
-  "version": "0.1.21",
+  "version": "0.1.22",
   "description": "SDK and CLI for the AgentMall API — let AI agents buy physical products from US retailers",
   "type": "module",
   "main": "./dist/index.js",