agentscore-commerce 1.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (123) hide show
  1. agentscore_commerce-1.0.0/.github/ISSUE_TEMPLATE/bug_report.md +22 -0
  2. agentscore_commerce-1.0.0/.github/ISSUE_TEMPLATE/feature_request.md +16 -0
  3. agentscore_commerce-1.0.0/.github/PULL_REQUEST_TEMPLATE.md +7 -0
  4. agentscore_commerce-1.0.0/.github/dependabot.yml +19 -0
  5. agentscore_commerce-1.0.0/.github/workflows/ci.yml +53 -0
  6. agentscore_commerce-1.0.0/.github/workflows/publish.yml +35 -0
  7. agentscore_commerce-1.0.0/.github/workflows/security.yml +49 -0
  8. agentscore_commerce-1.0.0/.gitignore +19 -0
  9. agentscore_commerce-1.0.0/CLAUDE.md +127 -0
  10. agentscore_commerce-1.0.0/CODE_OF_CONDUCT.md +31 -0
  11. agentscore_commerce-1.0.0/CONTRIBUTING.md +37 -0
  12. agentscore_commerce-1.0.0/LICENSE +21 -0
  13. agentscore_commerce-1.0.0/PKG-INFO +349 -0
  14. agentscore_commerce-1.0.0/README.md +307 -0
  15. agentscore_commerce-1.0.0/SECURITY.md +23 -0
  16. agentscore_commerce-1.0.0/agentscore_commerce/__init__.py +12 -0
  17. agentscore_commerce-1.0.0/agentscore_commerce/api/__init__.py +23 -0
  18. agentscore_commerce-1.0.0/agentscore_commerce/challenge/__init__.py +86 -0
  19. agentscore_commerce-1.0.0/agentscore_commerce/challenge/accepted_methods.py +90 -0
  20. agentscore_commerce-1.0.0/agentscore_commerce/challenge/agent_instructions.py +117 -0
  21. agentscore_commerce-1.0.0/agentscore_commerce/challenge/agent_memory.py +50 -0
  22. agentscore_commerce-1.0.0/agentscore_commerce/challenge/body.py +67 -0
  23. agentscore_commerce-1.0.0/agentscore_commerce/challenge/how_to_pay.py +199 -0
  24. agentscore_commerce-1.0.0/agentscore_commerce/challenge/identity.py +42 -0
  25. agentscore_commerce-1.0.0/agentscore_commerce/challenge/order_receipt.py +87 -0
  26. agentscore_commerce-1.0.0/agentscore_commerce/challenge/pricing.py +113 -0
  27. agentscore_commerce-1.0.0/agentscore_commerce/challenge/respond_402.py +74 -0
  28. agentscore_commerce-1.0.0/agentscore_commerce/challenge/validation_error.py +71 -0
  29. agentscore_commerce-1.0.0/agentscore_commerce/discovery/__init__.py +72 -0
  30. agentscore_commerce-1.0.0/agentscore_commerce/discovery/bazaar.py +30 -0
  31. agentscore_commerce-1.0.0/agentscore_commerce/discovery/llms_txt.py +278 -0
  32. agentscore_commerce-1.0.0/agentscore_commerce/discovery/openapi.py +142 -0
  33. agentscore_commerce-1.0.0/agentscore_commerce/discovery/probe.py +192 -0
  34. agentscore_commerce-1.0.0/agentscore_commerce/discovery/robots_tag.py +190 -0
  35. agentscore_commerce-1.0.0/agentscore_commerce/discovery/well_known_mpp.py +64 -0
  36. agentscore_commerce-1.0.0/agentscore_commerce/identity/__init__.py +124 -0
  37. agentscore_commerce-1.0.0/agentscore_commerce/identity/_denial.py +201 -0
  38. agentscore_commerce-1.0.0/agentscore_commerce/identity/_response.py +226 -0
  39. agentscore_commerce-1.0.0/agentscore_commerce/identity/a2a.py +178 -0
  40. agentscore_commerce-1.0.0/agentscore_commerce/identity/address.py +35 -0
  41. agentscore_commerce-1.0.0/agentscore_commerce/identity/aiohttp.py +260 -0
  42. agentscore_commerce-1.0.0/agentscore_commerce/identity/cache.py +51 -0
  43. agentscore_commerce-1.0.0/agentscore_commerce/identity/client.py +553 -0
  44. agentscore_commerce-1.0.0/agentscore_commerce/identity/django.py +244 -0
  45. agentscore_commerce-1.0.0/agentscore_commerce/identity/fastapi.py +284 -0
  46. agentscore_commerce-1.0.0/agentscore_commerce/identity/flask.py +295 -0
  47. agentscore_commerce-1.0.0/agentscore_commerce/identity/middleware.py +284 -0
  48. agentscore_commerce-1.0.0/agentscore_commerce/identity/policy.py +182 -0
  49. agentscore_commerce-1.0.0/agentscore_commerce/identity/py.typed +0 -0
  50. agentscore_commerce-1.0.0/agentscore_commerce/identity/sanic.py +261 -0
  51. agentscore_commerce-1.0.0/agentscore_commerce/identity/sessions.py +239 -0
  52. agentscore_commerce-1.0.0/agentscore_commerce/identity/signer.py +65 -0
  53. agentscore_commerce-1.0.0/agentscore_commerce/identity/types.py +281 -0
  54. agentscore_commerce-1.0.0/agentscore_commerce/identity/ucp.py +241 -0
  55. agentscore_commerce-1.0.0/agentscore_commerce/payment/__init__.py +135 -0
  56. agentscore_commerce-1.0.0/agentscore_commerce/payment/directive.py +111 -0
  57. agentscore_commerce-1.0.0/agentscore_commerce/payment/dispatch.py +35 -0
  58. agentscore_commerce-1.0.0/agentscore_commerce/payment/headers.py +165 -0
  59. agentscore_commerce-1.0.0/agentscore_commerce/payment/idempotency.py +71 -0
  60. agentscore_commerce-1.0.0/agentscore_commerce/payment/mppx_server.py +199 -0
  61. agentscore_commerce-1.0.0/agentscore_commerce/payment/networks.py +64 -0
  62. agentscore_commerce-1.0.0/agentscore_commerce/payment/rails.py +93 -0
  63. agentscore_commerce-1.0.0/agentscore_commerce/payment/settlement_override.py +23 -0
  64. agentscore_commerce-1.0.0/agentscore_commerce/payment/signer.py +100 -0
  65. agentscore_commerce-1.0.0/agentscore_commerce/payment/usdc.py +57 -0
  66. agentscore_commerce-1.0.0/agentscore_commerce/payment/wwwauthenticate.py +59 -0
  67. agentscore_commerce-1.0.0/agentscore_commerce/payment/x402.py +30 -0
  68. agentscore_commerce-1.0.0/agentscore_commerce/payment/x402_server.py +201 -0
  69. agentscore_commerce-1.0.0/agentscore_commerce/payment/x402_settle.py +119 -0
  70. agentscore_commerce-1.0.0/agentscore_commerce/payment/x402_validation.py +225 -0
  71. agentscore_commerce-1.0.0/agentscore_commerce/stripe_multichain/__init__.py +47 -0
  72. agentscore_commerce-1.0.0/agentscore_commerce/stripe_multichain/mppx_stripe.py +69 -0
  73. agentscore_commerce-1.0.0/agentscore_commerce/stripe_multichain/payment_intent.py +90 -0
  74. agentscore_commerce-1.0.0/agentscore_commerce/stripe_multichain/pi_cache.py +197 -0
  75. agentscore_commerce-1.0.0/agentscore_commerce/stripe_multichain/simulate_deposit.py +127 -0
  76. agentscore_commerce-1.0.0/examples/README.md +54 -0
  77. agentscore_commerce-1.0.0/examples/api_provider.py +172 -0
  78. agentscore_commerce-1.0.0/examples/compliance_merchant.py +139 -0
  79. agentscore_commerce-1.0.0/examples/identity_only.py +42 -0
  80. agentscore_commerce-1.0.0/examples/multi_rail_merchant.py +293 -0
  81. agentscore_commerce-1.0.0/examples/per_product_policy_merchant.py +129 -0
  82. agentscore_commerce-1.0.0/examples/stripe_multichain_merchant.py +77 -0
  83. agentscore_commerce-1.0.0/examples/variable_cost_merchant.py +114 -0
  84. agentscore_commerce-1.0.0/lefthook.yml +17 -0
  85. agentscore_commerce-1.0.0/pyproject.toml +77 -0
  86. agentscore_commerce-1.0.0/ruff.toml +47 -0
  87. agentscore_commerce-1.0.0/tests/__init__.py +0 -0
  88. agentscore_commerce-1.0.0/tests/conftest.py +3 -0
  89. agentscore_commerce-1.0.0/tests/test_a2a.py +102 -0
  90. agentscore_commerce-1.0.0/tests/test_address.py +71 -0
  91. agentscore_commerce-1.0.0/tests/test_agent_memory_emitter.py +33 -0
  92. agentscore_commerce-1.0.0/tests/test_aiohttp.py +364 -0
  93. agentscore_commerce-1.0.0/tests/test_api_reexport.py +14 -0
  94. agentscore_commerce-1.0.0/tests/test_cache.py +150 -0
  95. agentscore_commerce-1.0.0/tests/test_challenge.py +166 -0
  96. agentscore_commerce-1.0.0/tests/test_client.py +684 -0
  97. agentscore_commerce-1.0.0/tests/test_coverage_fillers.py +204 -0
  98. agentscore_commerce-1.0.0/tests/test_denial.py +161 -0
  99. agentscore_commerce-1.0.0/tests/test_discovery.py +325 -0
  100. agentscore_commerce-1.0.0/tests/test_django.py +465 -0
  101. agentscore_commerce-1.0.0/tests/test_fastapi.py +340 -0
  102. agentscore_commerce-1.0.0/tests/test_flask.py +631 -0
  103. agentscore_commerce-1.0.0/tests/test_idempotency_helper.py +54 -0
  104. agentscore_commerce-1.0.0/tests/test_integration.py +46 -0
  105. agentscore_commerce-1.0.0/tests/test_lifted_helpers.py +470 -0
  106. agentscore_commerce-1.0.0/tests/test_middleware.py +453 -0
  107. agentscore_commerce-1.0.0/tests/test_payment_directive.py +69 -0
  108. agentscore_commerce-1.0.0/tests/test_payment_dispatch.py +44 -0
  109. agentscore_commerce-1.0.0/tests/test_payment_headers.py +88 -0
  110. agentscore_commerce-1.0.0/tests/test_payment_misc.py +127 -0
  111. agentscore_commerce-1.0.0/tests/test_payment_servers.py +90 -0
  112. agentscore_commerce-1.0.0/tests/test_payment_signer.py +82 -0
  113. agentscore_commerce-1.0.0/tests/test_policy.py +160 -0
  114. agentscore_commerce-1.0.0/tests/test_pricing.py +78 -0
  115. agentscore_commerce-1.0.0/tests/test_robots_tag.py +212 -0
  116. agentscore_commerce-1.0.0/tests/test_sanic.py +322 -0
  117. agentscore_commerce-1.0.0/tests/test_sessions.py +369 -0
  118. agentscore_commerce-1.0.0/tests/test_signer_match.py +768 -0
  119. agentscore_commerce-1.0.0/tests/test_stripe_multichain.py +180 -0
  120. agentscore_commerce-1.0.0/tests/test_ucp.py +111 -0
  121. agentscore_commerce-1.0.0/tests/test_validation_error.py +64 -0
  122. agentscore_commerce-1.0.0/uv.lock +3300 -0
  123. agentscore_commerce-1.0.0/vulture_whitelist.py +22 -0
@@ -0,0 +1,22 @@
1
+ ---
2
+ name: Bug Report
3
+ about: Report a bug
4
+ title: ''
5
+ labels: bug
6
+ assignees: ''
7
+ ---
8
+
9
+ **Describe the bug**
10
+ A clear description of what the bug is.
11
+
12
+ **To reproduce**
13
+ Steps to reproduce the behavior.
14
+
15
+ **Expected behavior**
16
+ What you expected to happen.
17
+
18
+ **Environment**
19
+ - Package version:
20
+ - Python version:
21
+ - OS:
22
+ - Submodule used (`agentscore_commerce.identity.fastapi`, `.payment`, `.discovery`, etc.):
@@ -0,0 +1,16 @@
1
+ ---
2
+ name: Feature Request
3
+ about: Suggest an improvement
4
+ title: ''
5
+ labels: enhancement
6
+ assignees: ''
7
+ ---
8
+
9
+ **Describe the feature**
10
+ A clear description of what you'd like.
11
+
12
+ **Use case**
13
+ Why is this needed? What problem does it solve?
14
+
15
+ **Submodule**
16
+ Which commerce submodule does this affect? (`identity.*`, `payment`, `discovery`, `challenge`, `stripe_multichain`, `api`)
@@ -0,0 +1,7 @@
1
+ ## Summary
2
+
3
+ <!-- What does this PR do? -->
4
+
5
+ ## Test plan
6
+
7
+ <!-- How was this tested? -->
@@ -0,0 +1,19 @@
1
+ version: 2
2
+ updates:
3
+ - package-ecosystem: "uv"
4
+ directory: "/"
5
+ labels: ["dependencies", "python"]
6
+ schedule:
7
+ interval: "weekly"
8
+ day: "monday"
9
+ time: "06:00"
10
+ timezone: "America/New_York"
11
+
12
+ - package-ecosystem: "github-actions"
13
+ directory: "/"
14
+ labels: ["dependencies", "ci"]
15
+ schedule:
16
+ interval: "weekly"
17
+ day: "monday"
18
+ time: "06:00"
19
+ timezone: "America/New_York"
@@ -0,0 +1,53 @@
1
+ name: CI
2
+
3
+ on:
4
+ push:
5
+ branches: [main]
6
+ pull_request:
7
+ branches: [main]
8
+
9
+ permissions:
10
+ contents: read
11
+
12
+ concurrency:
13
+ group: ${{ github.workflow }}-${{ github.ref }}
14
+ cancel-in-progress: true
15
+
16
+ jobs:
17
+ ci:
18
+ runs-on: blacksmith-2vcpu-ubuntu-2404-arm
19
+ timeout-minutes: 10
20
+ steps:
21
+ - uses: useblacksmith/checkout@v1
22
+
23
+ - name: Install uv
24
+ uses: astral-sh/setup-uv@v8.1.0
25
+
26
+ - name: Set up Python
27
+ run: uv python install 3.12
28
+
29
+ - uses: actions/cache@v5
30
+ with:
31
+ path: |
32
+ ~/.cache/uv
33
+ ~/.local/share/uv
34
+ key: ${{ runner.os }}-uv-${{ hashFiles('uv.lock') }}
35
+ restore-keys: ${{ runner.os }}-uv-
36
+
37
+ - name: Install dependencies
38
+ run: uv sync --frozen --all-extras
39
+
40
+ - name: Ruff check
41
+ run: uv run ruff check .
42
+
43
+ - name: Ruff format check
44
+ run: uv run ruff format --check .
45
+
46
+ - name: Type check (ty)
47
+ run: uv run ty check agentscore_commerce/
48
+
49
+ - name: Vulture
50
+ run: uv run vulture agentscore_commerce/ vulture_whitelist.py --min-confidence 80
51
+
52
+ - name: Tests
53
+ run: uv run pytest tests/ -v --cov=agentscore_commerce --cov-report=term-missing
@@ -0,0 +1,35 @@
1
+ name: Publish
2
+
3
+ on:
4
+ push:
5
+ tags: ["v*"]
6
+
7
+ permissions:
8
+ contents: write
9
+ id-token: write
10
+
11
+ concurrency:
12
+ group: publish
13
+ cancel-in-progress: false
14
+
15
+ jobs:
16
+ publish:
17
+ runs-on: ubuntu-latest
18
+ timeout-minutes: 15
19
+ steps:
20
+ - uses: actions/checkout@v6
21
+
22
+ - uses: astral-sh/setup-uv@v8.1.0
23
+
24
+ - name: Set version from tag
25
+ run: sed -i "s/^version = .*/version = \"${GITHUB_REF_NAME#v}\"/" pyproject.toml
26
+
27
+ - run: uv build
28
+
29
+ - name: Publish to PyPI
30
+ uses: pypa/gh-action-pypi-publish@release/v1
31
+
32
+ - name: Create GitHub Release
33
+ run: gh release create "$GITHUB_REF_NAME" --generate-notes
34
+ env:
35
+ GH_TOKEN: ${{ github.token }}
@@ -0,0 +1,49 @@
1
+ name: Security
2
+
3
+ on:
4
+ push:
5
+ branches: [main]
6
+ pull_request:
7
+ branches: [main]
8
+
9
+ concurrency:
10
+ group: ${{ github.workflow }}-${{ github.ref }}
11
+ cancel-in-progress: true
12
+
13
+ permissions:
14
+ contents: read
15
+
16
+ jobs:
17
+ osv-scan:
18
+ name: Dependency Scan
19
+ runs-on: blacksmith-2vcpu-ubuntu-2404-arm
20
+ timeout-minutes: 5
21
+ steps:
22
+ - uses: useblacksmith/checkout@v1
23
+
24
+ - name: Install osv-scanner
25
+ run: |
26
+ curl -fsSL https://github.com/google/osv-scanner/releases/download/v2.3.5/osv-scanner_linux_arm64 -o osv-scanner
27
+ chmod +x osv-scanner
28
+
29
+ - name: Scan dependencies
30
+ run: ./osv-scanner scan source --lockfile=uv.lock --format=table
31
+
32
+ pip-audit:
33
+ name: Python Audit
34
+ runs-on: blacksmith-2vcpu-ubuntu-2404-arm
35
+ timeout-minutes: 5
36
+ steps:
37
+ - uses: useblacksmith/checkout@v1
38
+ - uses: astral-sh/setup-uv@v8.1.0
39
+ - uses: actions/setup-python@v6
40
+ with:
41
+ python-version: "3.13"
42
+
43
+ - name: Install pip-audit
44
+ run: pip install pip-audit
45
+
46
+ - name: Audit dependencies
47
+ run: |
48
+ uv export --format requirements-txt --no-hashes > requirements.txt
49
+ pip-audit -r requirements.txt --disable-pip --no-deps
@@ -0,0 +1,19 @@
1
+ __pycache__/
2
+ *.py[cod]
3
+ *$py.class
4
+ *.egg-info/
5
+ *.egg
6
+ dist/
7
+ build/
8
+ .eggs/
9
+ *.so
10
+ .venv/
11
+ venv/
12
+ .env
13
+ .pytest_cache/
14
+ .ruff_cache/
15
+ .mypy_cache/
16
+ *.swp
17
+ *.swo
18
+ .DS_Store
19
+ .coverage
@@ -0,0 +1,127 @@
1
+ # agentscore-commerce
2
+
3
+ Agent commerce SDK for Python. The full merchant-side toolkit: identity gating + payment helpers + 402 builders + discovery + Stripe multichain. One install, submodule imports per concern.
4
+
5
+ Every helper lifts directly from working production code (`agentscore/martin-estate`) — extract from real consumers, not speculation.
6
+
7
+ ## Submodules
8
+
9
+ | Submodule | What it is |
10
+ |---|---|
11
+ | `agentscore_commerce.identity.{fastapi,flask,django,aiohttp,sanic,middleware}` | Trust gate middleware (KYC, age, sanctions, jurisdiction) |
12
+ | `agentscore_commerce.payment` | Networks/USDC/rails registries, paymentauth.org directive builders, `create_x402_server` (wraps official `x402[evm,svm]>=2.8` peer dep with v1+v2 dual-register + bazaar extension), `create_mppx_server` (wraps `pympp[server,tempo,stripe]>=0.6` peer dep with Tempo charge/session + Stripe SPT helpers), dispatch-by-network, signer extraction, WWW-Authenticate header, Settlement-Overrides header |
13
+ | `agentscore_commerce.discovery` | Discovery probe, Bazaar wrapper, `/.well-known/mpp.json`, `llms.txt` builder, OpenAPI snippets, `NoindexNonDiscoveryMiddleware` ASGI middleware |
14
+ | `agentscore_commerce.challenge` | 402-body builders: accepted_methods, identity_metadata, how_to_pay, agent_instructions, build_402_body, `build_validation_error` (4xx body builder) |
15
+ | `agentscore_commerce.stripe_multichain` | Multichain PaymentIntent helper, deposit-address lookup, testnet simulator, mppx Stripe wrapper |
16
+ | `agentscore_commerce.api` | Re-exports `AgentScore` from `agentscore` SDK |
17
+
18
+ ## Architecture
19
+
20
+ Single Python package, hatchling-built, published to PyPI as `agentscore-commerce`. Per-framework identity adapters expose the same surface — `AgentScoreGate` (or `agentscore_gate(app, ...)` for Flask/Sanic), `capture_wallet`, `verify_wallet_signer_match`, `get_assess_data` — with network-aware address normalization (EVM lowercased, Solana base58 preserved verbatim).
21
+
22
+ | Directory | Contents |
23
+ |---|---|
24
+ | `agentscore_commerce/identity/` | Per-framework gate adapters (fastapi, flask, django, aiohttp, sanic, middleware/ASGI), shared client, sessions, address normalization, signer extraction, response marshalling, types, cache |
25
+ | `agentscore_commerce/payment/` | Payment-protocol helpers |
26
+ | `agentscore_commerce/discovery/` | Discovery probe + machine-readable docs |
27
+ | `agentscore_commerce/challenge/` | 402-body builders |
28
+ | `agentscore_commerce/stripe_multichain/` | Stripe multichain PaymentIntent helpers |
29
+ | `agentscore_commerce/api/` | `AgentScore` re-export |
30
+ | `examples/` | Runnable single-file FastAPI apps for each common scenario |
31
+ | `tests/` | pytest, one file per surface |
32
+
33
+ Peer-dep pattern: payment/x402/mppx/stripe modules import lazily at runtime — vendors install only what they use via extras (`pip install agentscore-commerce[fastapi,stripe]` etc.). Underlying packages: `x402[evm,svm]`, `pympp[server,tempo,stripe]`, `stripe`. Missing peer dep raises a guiding `ImportError` with the install command.
34
+
35
+ ## Examples
36
+
37
+ `examples/` contains full single-file FastAPI apps for the most common merchant scenarios — copy-paste templates, not frameworks:
38
+
39
+ | Example | Scenario |
40
+ |---|---|
41
+ | `api_provider.py` | Per-call API billing on multiple rails: Tempo MPP + x402 (Base + Solana); no compliance gate |
42
+ | `identity_only.py` | Compliance gate without payment (vendor handles their own) |
43
+ | `multi_rail_merchant.py` | Full agent-commerce: identity + Tempo MPP + x402 + Stripe SPT |
44
+ | `stripe_multichain_merchant.py` | Stripe-anchored multichain (PaymentIntent → tempo/base/solana deposit addresses) |
45
+ | `variable_cost_merchant.py` | Pay-per-actual-usage on **two protocols**: x402 upto (Permit2 + Settlement-Overrides) AND MPP tempo session (channel + SSE + mid-stream vouchers) |
46
+ | `compliance_merchant.py` | Regulated-goods merchant — full compliance gate + custom `on_denied` composing the denial helpers (`verification_agent_instructions`, `is_fixable_denial`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `denial_reason_to_body`/`denial_reason_status`) |
47
+ | `per_product_policy_merchant.py` | Multi-product merchant where each row carries its own compliance policy. One product hard-gates KYC + age + state; another is anonymous; a third uses `enforcement="soft"` (request KYC but don't block sale). Demonstrates `PolicyBlock`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`. |
48
+
49
+ ## Identity model
50
+
51
+ Two identity types: wallet (`X-Wallet-Address`) and operator-token (`X-Operator-Token`). Default checks operator-token first, then wallet. Address normalization is network-aware via `agentscore_commerce/identity/address.py`: EVM lowercased, Solana base58 preserved verbatim — used for cache keys, wallet→operator resolves, and signer-match comparisons.
52
+
53
+ `DenialReason` codes (`missing_identity`, `identity_verification_required`, `token_expired`, `invalid_credential`, `wallet_signer_mismatch`, `wallet_auth_requires_wallet_signing`, `wallet_not_trusted`, `api_error`, `payment_required`) each carry a structured `agent_instructions` JSON block describing concrete recovery actions. See `agentscore_commerce/identity/_response.py` for the canned action copy.
54
+
55
+ `create_session_on_missing` auto-mints a verification session when no identity is present and returns 403 with `verify_url` + poll instructions. `verify_wallet_signer_match` (per-adapter) compares the recovered signer against `linked_wallets[]` for cross-chain wallet-stack matching.
56
+
57
+ Captured wallets: `capture_wallet(...)` is fire-and-forget — reads `operator_token` stashed during gating and POSTs to `/v1/credentials/wallets`. No-ops for wallet-authenticated requests.
58
+
59
+ ### Mount posture: gate-first vs gate-conditional
60
+
61
+ `AgentScoreGate(...)` (or `agentscore_gate(app, ...)` on Flask/Sanic) is mounted directly when the route is AgentScore-only — every request runs identity + policy. To support **anonymous discovery by any spec-compliant x402 wallet** (Coinbase awal, Phantom, Solflare, …), wrap the gate so it fires only when a payment credential is attached:
62
+
63
+ ```python
64
+ _gate = AgentScoreGate(api_key=..., require_kyc=True, ...)
65
+
66
+ async def gate_on_settle(request: Request) -> None:
67
+ has_payment_header = bool(
68
+ request.headers.get("payment-signature")
69
+ or request.headers.get("x-payment")
70
+ or (request.headers.get("authorization") or "").startswith("Payment ")
71
+ )
72
+ if not has_payment_header:
73
+ return None
74
+ return await _gate(request)
75
+
76
+ @app.post("/purchase", dependencies=[Depends(gate_on_settle)])
77
+ async def purchase(...): ...
78
+ ```
79
+
80
+ Anonymous POST flows through to the handler unauthenticated and gets a 402 with all rails + per-order pricing. Identity is verified at settle time on the retry leg (when the agent submits `X-Payment` / `Authorization: Payment`); `create_session_on_missing` still auto-mints a verification session there. The same wrap pattern works identically across all 6 framework adapters (fastapi, flask, django, aiohttp, sanic, middleware/ASGI). See `examples/multi_rail_merchant.py` and `examples/compliance_merchant.py`.
81
+
82
+ ### `compatible_clients` field on emitted 402s
83
+
84
+ `build_agent_instructions` emits a `compatible_clients` field in the 402 body, derived automatically from `how_to_pay` — per-rail list of CLIs the AgentScore team has smoke-verified end-to-end. Vendors override with `BuildAgentInstructionsInput(compatible_clients={...})` to add their own tested clients. Set to an empty dict `{}` to suppress the default. Same data is published as `core/docs/integrations/x402-clients.mdx` for human-side rationale + per-rail commands.
85
+
86
+ ## Tooling
87
+
88
+ - **uv** — package manager.
89
+ - **ruff** — linting + formatting.
90
+ - **ty** — type checker (Astral).
91
+ - **vulture** — dead code detection.
92
+ - **pytest** — tests.
93
+ - **Lefthook** — pre-commit ruff, pre-push ty + vulture (parallel).
94
+
95
+ ```bash
96
+ uv sync --all-extras
97
+ uv run lefthook install # one-time per clone — wires pre-commit + pre-push
98
+ uv run ruff check .
99
+ uv run ruff format .
100
+ uv run ty check agentscore_commerce/
101
+ uv run pytest tests/
102
+ ```
103
+
104
+ ## Workflow
105
+
106
+ 1. Create a branch
107
+ 2. Make changes
108
+ 3. Lefthook runs ruff on commit, ty + vulture on push
109
+ 4. Open a PR — CI runs automatically
110
+ 5. Merge (squash)
111
+
112
+ ## Rules
113
+
114
+ - **No silent refactors**
115
+ - **Never commit .env files or secrets**
116
+ - **Use PRs** — never push directly to main
117
+ - **Helpers are protocol translations + configurable opinions, not opinionated frameworks**
118
+ - **Cross-language API parity** — keep the surface area identical between the node and python flavors so vendors switching languages have the same mental model
119
+
120
+ ## Releasing
121
+
122
+ 1. Update `version` in `pyproject.toml`
123
+ 2. Commit: `git commit -am "chore: bump to vX.Y.Z"`
124
+ 3. Tag: `git tag vX.Y.Z`
125
+ 4. Push: `git push && git push origin vX.Y.Z`
126
+
127
+ The publish workflow runs on `ubuntu-latest` (required for PyPI trusted publishing), builds, publishes to PyPI via OIDC, and creates a GitHub Release.
@@ -0,0 +1,31 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
6
+
7
+ ## Our Standards
8
+
9
+ Examples of behavior that contributes to a positive environment:
10
+
11
+ - Using welcoming and inclusive language
12
+ - Being respectful of differing viewpoints and experiences
13
+ - Gracefully accepting constructive criticism
14
+ - Focusing on what is best for the community
15
+ - Showing empathy towards other community members
16
+
17
+ Examples of unacceptable behavior:
18
+
19
+ - The use of sexualized language or imagery, and sexual attention or advances of any kind
20
+ - Trolling, insulting or derogatory comments, and personal or political attacks
21
+ - Public or private harassment
22
+ - Publishing others' private information without explicit permission
23
+ - Other conduct which could reasonably be considered inappropriate in a professional setting
24
+
25
+ ## Enforcement
26
+
27
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project team at engineering@agentscore.sh. All complaints will be reviewed and investigated promptly and fairly.
28
+
29
+ ## Attribution
30
+
31
+ This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1.
@@ -0,0 +1,37 @@
1
+ # Contributing to AgentScore
2
+
3
+ Thanks for your interest in contributing! Here's how to get started.
4
+
5
+ ## Development Setup
6
+
7
+ 1. Fork the repo and clone it locally
8
+ 2. Install dependencies (see README for tooling)
9
+ 3. Create a branch from `main`
10
+ 4. Make your changes
11
+ 5. Run linting and tests
12
+ 6. Open a pull request
13
+
14
+ ## Pull Requests
15
+
16
+ - All PRs require 1 approval before merging
17
+ - Squash merge to `main` is the standard
18
+ - Keep PRs focused — one feature or fix per PR
19
+ - Include tests for new functionality
20
+ - Make sure CI passes before requesting review
21
+
22
+ ## Reporting Issues
23
+
24
+ Open an issue on GitHub with:
25
+ - A clear description of the problem
26
+ - Steps to reproduce
27
+ - Expected vs actual behavior
28
+ - Environment details (OS, runtime version)
29
+
30
+ ## Code Style
31
+
32
+ - **TypeScript repos**: ESLint handles formatting and style. Run `bun run lint` before committing.
33
+ - **Python repos**: Ruff handles linting and formatting. Run `uv run ruff check .` and `uv run ruff format .` before committing.
34
+
35
+ ## License
36
+
37
+ By contributing, you agree that your contributions will be licensed under the MIT License.
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 AgentScore
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.