agentscore-commerce 1.0.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- agentscore_commerce-1.0.0/.github/ISSUE_TEMPLATE/bug_report.md +22 -0
- agentscore_commerce-1.0.0/.github/ISSUE_TEMPLATE/feature_request.md +16 -0
- agentscore_commerce-1.0.0/.github/PULL_REQUEST_TEMPLATE.md +7 -0
- agentscore_commerce-1.0.0/.github/dependabot.yml +19 -0
- agentscore_commerce-1.0.0/.github/workflows/ci.yml +53 -0
- agentscore_commerce-1.0.0/.github/workflows/publish.yml +35 -0
- agentscore_commerce-1.0.0/.github/workflows/security.yml +49 -0
- agentscore_commerce-1.0.0/.gitignore +19 -0
- agentscore_commerce-1.0.0/CLAUDE.md +127 -0
- agentscore_commerce-1.0.0/CODE_OF_CONDUCT.md +31 -0
- agentscore_commerce-1.0.0/CONTRIBUTING.md +37 -0
- agentscore_commerce-1.0.0/LICENSE +21 -0
- agentscore_commerce-1.0.0/PKG-INFO +349 -0
- agentscore_commerce-1.0.0/README.md +307 -0
- agentscore_commerce-1.0.0/SECURITY.md +23 -0
- agentscore_commerce-1.0.0/agentscore_commerce/__init__.py +12 -0
- agentscore_commerce-1.0.0/agentscore_commerce/api/__init__.py +23 -0
- agentscore_commerce-1.0.0/agentscore_commerce/challenge/__init__.py +86 -0
- agentscore_commerce-1.0.0/agentscore_commerce/challenge/accepted_methods.py +90 -0
- agentscore_commerce-1.0.0/agentscore_commerce/challenge/agent_instructions.py +117 -0
- agentscore_commerce-1.0.0/agentscore_commerce/challenge/agent_memory.py +50 -0
- agentscore_commerce-1.0.0/agentscore_commerce/challenge/body.py +67 -0
- agentscore_commerce-1.0.0/agentscore_commerce/challenge/how_to_pay.py +199 -0
- agentscore_commerce-1.0.0/agentscore_commerce/challenge/identity.py +42 -0
- agentscore_commerce-1.0.0/agentscore_commerce/challenge/order_receipt.py +87 -0
- agentscore_commerce-1.0.0/agentscore_commerce/challenge/pricing.py +113 -0
- agentscore_commerce-1.0.0/agentscore_commerce/challenge/respond_402.py +74 -0
- agentscore_commerce-1.0.0/agentscore_commerce/challenge/validation_error.py +71 -0
- agentscore_commerce-1.0.0/agentscore_commerce/discovery/__init__.py +72 -0
- agentscore_commerce-1.0.0/agentscore_commerce/discovery/bazaar.py +30 -0
- agentscore_commerce-1.0.0/agentscore_commerce/discovery/llms_txt.py +278 -0
- agentscore_commerce-1.0.0/agentscore_commerce/discovery/openapi.py +142 -0
- agentscore_commerce-1.0.0/agentscore_commerce/discovery/probe.py +192 -0
- agentscore_commerce-1.0.0/agentscore_commerce/discovery/robots_tag.py +190 -0
- agentscore_commerce-1.0.0/agentscore_commerce/discovery/well_known_mpp.py +64 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/__init__.py +124 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/_denial.py +201 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/_response.py +226 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/a2a.py +178 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/address.py +35 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/aiohttp.py +260 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/cache.py +51 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/client.py +553 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/django.py +244 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/fastapi.py +284 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/flask.py +295 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/middleware.py +284 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/policy.py +182 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/py.typed +0 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/sanic.py +261 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/sessions.py +239 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/signer.py +65 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/types.py +281 -0
- agentscore_commerce-1.0.0/agentscore_commerce/identity/ucp.py +241 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/__init__.py +135 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/directive.py +111 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/dispatch.py +35 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/headers.py +165 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/idempotency.py +71 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/mppx_server.py +199 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/networks.py +64 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/rails.py +93 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/settlement_override.py +23 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/signer.py +100 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/usdc.py +57 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/wwwauthenticate.py +59 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/x402.py +30 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/x402_server.py +201 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/x402_settle.py +119 -0
- agentscore_commerce-1.0.0/agentscore_commerce/payment/x402_validation.py +225 -0
- agentscore_commerce-1.0.0/agentscore_commerce/stripe_multichain/__init__.py +47 -0
- agentscore_commerce-1.0.0/agentscore_commerce/stripe_multichain/mppx_stripe.py +69 -0
- agentscore_commerce-1.0.0/agentscore_commerce/stripe_multichain/payment_intent.py +90 -0
- agentscore_commerce-1.0.0/agentscore_commerce/stripe_multichain/pi_cache.py +197 -0
- agentscore_commerce-1.0.0/agentscore_commerce/stripe_multichain/simulate_deposit.py +127 -0
- agentscore_commerce-1.0.0/examples/README.md +54 -0
- agentscore_commerce-1.0.0/examples/api_provider.py +172 -0
- agentscore_commerce-1.0.0/examples/compliance_merchant.py +139 -0
- agentscore_commerce-1.0.0/examples/identity_only.py +42 -0
- agentscore_commerce-1.0.0/examples/multi_rail_merchant.py +293 -0
- agentscore_commerce-1.0.0/examples/per_product_policy_merchant.py +129 -0
- agentscore_commerce-1.0.0/examples/stripe_multichain_merchant.py +77 -0
- agentscore_commerce-1.0.0/examples/variable_cost_merchant.py +114 -0
- agentscore_commerce-1.0.0/lefthook.yml +17 -0
- agentscore_commerce-1.0.0/pyproject.toml +77 -0
- agentscore_commerce-1.0.0/ruff.toml +47 -0
- agentscore_commerce-1.0.0/tests/__init__.py +0 -0
- agentscore_commerce-1.0.0/tests/conftest.py +3 -0
- agentscore_commerce-1.0.0/tests/test_a2a.py +102 -0
- agentscore_commerce-1.0.0/tests/test_address.py +71 -0
- agentscore_commerce-1.0.0/tests/test_agent_memory_emitter.py +33 -0
- agentscore_commerce-1.0.0/tests/test_aiohttp.py +364 -0
- agentscore_commerce-1.0.0/tests/test_api_reexport.py +14 -0
- agentscore_commerce-1.0.0/tests/test_cache.py +150 -0
- agentscore_commerce-1.0.0/tests/test_challenge.py +166 -0
- agentscore_commerce-1.0.0/tests/test_client.py +684 -0
- agentscore_commerce-1.0.0/tests/test_coverage_fillers.py +204 -0
- agentscore_commerce-1.0.0/tests/test_denial.py +161 -0
- agentscore_commerce-1.0.0/tests/test_discovery.py +325 -0
- agentscore_commerce-1.0.0/tests/test_django.py +465 -0
- agentscore_commerce-1.0.0/tests/test_fastapi.py +340 -0
- agentscore_commerce-1.0.0/tests/test_flask.py +631 -0
- agentscore_commerce-1.0.0/tests/test_idempotency_helper.py +54 -0
- agentscore_commerce-1.0.0/tests/test_integration.py +46 -0
- agentscore_commerce-1.0.0/tests/test_lifted_helpers.py +470 -0
- agentscore_commerce-1.0.0/tests/test_middleware.py +453 -0
- agentscore_commerce-1.0.0/tests/test_payment_directive.py +69 -0
- agentscore_commerce-1.0.0/tests/test_payment_dispatch.py +44 -0
- agentscore_commerce-1.0.0/tests/test_payment_headers.py +88 -0
- agentscore_commerce-1.0.0/tests/test_payment_misc.py +127 -0
- agentscore_commerce-1.0.0/tests/test_payment_servers.py +90 -0
- agentscore_commerce-1.0.0/tests/test_payment_signer.py +82 -0
- agentscore_commerce-1.0.0/tests/test_policy.py +160 -0
- agentscore_commerce-1.0.0/tests/test_pricing.py +78 -0
- agentscore_commerce-1.0.0/tests/test_robots_tag.py +212 -0
- agentscore_commerce-1.0.0/tests/test_sanic.py +322 -0
- agentscore_commerce-1.0.0/tests/test_sessions.py +369 -0
- agentscore_commerce-1.0.0/tests/test_signer_match.py +768 -0
- agentscore_commerce-1.0.0/tests/test_stripe_multichain.py +180 -0
- agentscore_commerce-1.0.0/tests/test_ucp.py +111 -0
- agentscore_commerce-1.0.0/tests/test_validation_error.py +64 -0
- agentscore_commerce-1.0.0/uv.lock +3300 -0
- agentscore_commerce-1.0.0/vulture_whitelist.py +22 -0
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Bug Report
|
|
3
|
+
about: Report a bug
|
|
4
|
+
title: ''
|
|
5
|
+
labels: bug
|
|
6
|
+
assignees: ''
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
**Describe the bug**
|
|
10
|
+
A clear description of what the bug is.
|
|
11
|
+
|
|
12
|
+
**To reproduce**
|
|
13
|
+
Steps to reproduce the behavior.
|
|
14
|
+
|
|
15
|
+
**Expected behavior**
|
|
16
|
+
What you expected to happen.
|
|
17
|
+
|
|
18
|
+
**Environment**
|
|
19
|
+
- Package version:
|
|
20
|
+
- Python version:
|
|
21
|
+
- OS:
|
|
22
|
+
- Submodule used (`agentscore_commerce.identity.fastapi`, `.payment`, `.discovery`, etc.):
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Feature Request
|
|
3
|
+
about: Suggest an improvement
|
|
4
|
+
title: ''
|
|
5
|
+
labels: enhancement
|
|
6
|
+
assignees: ''
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
**Describe the feature**
|
|
10
|
+
A clear description of what you'd like.
|
|
11
|
+
|
|
12
|
+
**Use case**
|
|
13
|
+
Why is this needed? What problem does it solve?
|
|
14
|
+
|
|
15
|
+
**Submodule**
|
|
16
|
+
Which commerce submodule does this affect? (`identity.*`, `payment`, `discovery`, `challenge`, `stripe_multichain`, `api`)
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
version: 2
|
|
2
|
+
updates:
|
|
3
|
+
- package-ecosystem: "uv"
|
|
4
|
+
directory: "/"
|
|
5
|
+
labels: ["dependencies", "python"]
|
|
6
|
+
schedule:
|
|
7
|
+
interval: "weekly"
|
|
8
|
+
day: "monday"
|
|
9
|
+
time: "06:00"
|
|
10
|
+
timezone: "America/New_York"
|
|
11
|
+
|
|
12
|
+
- package-ecosystem: "github-actions"
|
|
13
|
+
directory: "/"
|
|
14
|
+
labels: ["dependencies", "ci"]
|
|
15
|
+
schedule:
|
|
16
|
+
interval: "weekly"
|
|
17
|
+
day: "monday"
|
|
18
|
+
time: "06:00"
|
|
19
|
+
timezone: "America/New_York"
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [main]
|
|
6
|
+
pull_request:
|
|
7
|
+
branches: [main]
|
|
8
|
+
|
|
9
|
+
permissions:
|
|
10
|
+
contents: read
|
|
11
|
+
|
|
12
|
+
concurrency:
|
|
13
|
+
group: ${{ github.workflow }}-${{ github.ref }}
|
|
14
|
+
cancel-in-progress: true
|
|
15
|
+
|
|
16
|
+
jobs:
|
|
17
|
+
ci:
|
|
18
|
+
runs-on: blacksmith-2vcpu-ubuntu-2404-arm
|
|
19
|
+
timeout-minutes: 10
|
|
20
|
+
steps:
|
|
21
|
+
- uses: useblacksmith/checkout@v1
|
|
22
|
+
|
|
23
|
+
- name: Install uv
|
|
24
|
+
uses: astral-sh/setup-uv@v8.1.0
|
|
25
|
+
|
|
26
|
+
- name: Set up Python
|
|
27
|
+
run: uv python install 3.12
|
|
28
|
+
|
|
29
|
+
- uses: actions/cache@v5
|
|
30
|
+
with:
|
|
31
|
+
path: |
|
|
32
|
+
~/.cache/uv
|
|
33
|
+
~/.local/share/uv
|
|
34
|
+
key: ${{ runner.os }}-uv-${{ hashFiles('uv.lock') }}
|
|
35
|
+
restore-keys: ${{ runner.os }}-uv-
|
|
36
|
+
|
|
37
|
+
- name: Install dependencies
|
|
38
|
+
run: uv sync --frozen --all-extras
|
|
39
|
+
|
|
40
|
+
- name: Ruff check
|
|
41
|
+
run: uv run ruff check .
|
|
42
|
+
|
|
43
|
+
- name: Ruff format check
|
|
44
|
+
run: uv run ruff format --check .
|
|
45
|
+
|
|
46
|
+
- name: Type check (ty)
|
|
47
|
+
run: uv run ty check agentscore_commerce/
|
|
48
|
+
|
|
49
|
+
- name: Vulture
|
|
50
|
+
run: uv run vulture agentscore_commerce/ vulture_whitelist.py --min-confidence 80
|
|
51
|
+
|
|
52
|
+
- name: Tests
|
|
53
|
+
run: uv run pytest tests/ -v --cov=agentscore_commerce --cov-report=term-missing
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
name: Publish
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
tags: ["v*"]
|
|
6
|
+
|
|
7
|
+
permissions:
|
|
8
|
+
contents: write
|
|
9
|
+
id-token: write
|
|
10
|
+
|
|
11
|
+
concurrency:
|
|
12
|
+
group: publish
|
|
13
|
+
cancel-in-progress: false
|
|
14
|
+
|
|
15
|
+
jobs:
|
|
16
|
+
publish:
|
|
17
|
+
runs-on: ubuntu-latest
|
|
18
|
+
timeout-minutes: 15
|
|
19
|
+
steps:
|
|
20
|
+
- uses: actions/checkout@v6
|
|
21
|
+
|
|
22
|
+
- uses: astral-sh/setup-uv@v8.1.0
|
|
23
|
+
|
|
24
|
+
- name: Set version from tag
|
|
25
|
+
run: sed -i "s/^version = .*/version = \"${GITHUB_REF_NAME#v}\"/" pyproject.toml
|
|
26
|
+
|
|
27
|
+
- run: uv build
|
|
28
|
+
|
|
29
|
+
- name: Publish to PyPI
|
|
30
|
+
uses: pypa/gh-action-pypi-publish@release/v1
|
|
31
|
+
|
|
32
|
+
- name: Create GitHub Release
|
|
33
|
+
run: gh release create "$GITHUB_REF_NAME" --generate-notes
|
|
34
|
+
env:
|
|
35
|
+
GH_TOKEN: ${{ github.token }}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
name: Security
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [main]
|
|
6
|
+
pull_request:
|
|
7
|
+
branches: [main]
|
|
8
|
+
|
|
9
|
+
concurrency:
|
|
10
|
+
group: ${{ github.workflow }}-${{ github.ref }}
|
|
11
|
+
cancel-in-progress: true
|
|
12
|
+
|
|
13
|
+
permissions:
|
|
14
|
+
contents: read
|
|
15
|
+
|
|
16
|
+
jobs:
|
|
17
|
+
osv-scan:
|
|
18
|
+
name: Dependency Scan
|
|
19
|
+
runs-on: blacksmith-2vcpu-ubuntu-2404-arm
|
|
20
|
+
timeout-minutes: 5
|
|
21
|
+
steps:
|
|
22
|
+
- uses: useblacksmith/checkout@v1
|
|
23
|
+
|
|
24
|
+
- name: Install osv-scanner
|
|
25
|
+
run: |
|
|
26
|
+
curl -fsSL https://github.com/google/osv-scanner/releases/download/v2.3.5/osv-scanner_linux_arm64 -o osv-scanner
|
|
27
|
+
chmod +x osv-scanner
|
|
28
|
+
|
|
29
|
+
- name: Scan dependencies
|
|
30
|
+
run: ./osv-scanner scan source --lockfile=uv.lock --format=table
|
|
31
|
+
|
|
32
|
+
pip-audit:
|
|
33
|
+
name: Python Audit
|
|
34
|
+
runs-on: blacksmith-2vcpu-ubuntu-2404-arm
|
|
35
|
+
timeout-minutes: 5
|
|
36
|
+
steps:
|
|
37
|
+
- uses: useblacksmith/checkout@v1
|
|
38
|
+
- uses: astral-sh/setup-uv@v8.1.0
|
|
39
|
+
- uses: actions/setup-python@v6
|
|
40
|
+
with:
|
|
41
|
+
python-version: "3.13"
|
|
42
|
+
|
|
43
|
+
- name: Install pip-audit
|
|
44
|
+
run: pip install pip-audit
|
|
45
|
+
|
|
46
|
+
- name: Audit dependencies
|
|
47
|
+
run: |
|
|
48
|
+
uv export --format requirements-txt --no-hashes > requirements.txt
|
|
49
|
+
pip-audit -r requirements.txt --disable-pip --no-deps
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
# agentscore-commerce
|
|
2
|
+
|
|
3
|
+
Agent commerce SDK for Python. The full merchant-side toolkit: identity gating + payment helpers + 402 builders + discovery + Stripe multichain. One install, submodule imports per concern.
|
|
4
|
+
|
|
5
|
+
Every helper lifts directly from working production code (`agentscore/martin-estate`) — extract from real consumers, not speculation.
|
|
6
|
+
|
|
7
|
+
## Submodules
|
|
8
|
+
|
|
9
|
+
| Submodule | What it is |
|
|
10
|
+
|---|---|
|
|
11
|
+
| `agentscore_commerce.identity.{fastapi,flask,django,aiohttp,sanic,middleware}` | Trust gate middleware (KYC, age, sanctions, jurisdiction) |
|
|
12
|
+
| `agentscore_commerce.payment` | Networks/USDC/rails registries, paymentauth.org directive builders, `create_x402_server` (wraps official `x402[evm,svm]>=2.8` peer dep with v1+v2 dual-register + bazaar extension), `create_mppx_server` (wraps `pympp[server,tempo,stripe]>=0.6` peer dep with Tempo charge/session + Stripe SPT helpers), dispatch-by-network, signer extraction, WWW-Authenticate header, Settlement-Overrides header |
|
|
13
|
+
| `agentscore_commerce.discovery` | Discovery probe, Bazaar wrapper, `/.well-known/mpp.json`, `llms.txt` builder, OpenAPI snippets, `NoindexNonDiscoveryMiddleware` ASGI middleware |
|
|
14
|
+
| `agentscore_commerce.challenge` | 402-body builders: accepted_methods, identity_metadata, how_to_pay, agent_instructions, build_402_body, `build_validation_error` (4xx body builder) |
|
|
15
|
+
| `agentscore_commerce.stripe_multichain` | Multichain PaymentIntent helper, deposit-address lookup, testnet simulator, mppx Stripe wrapper |
|
|
16
|
+
| `agentscore_commerce.api` | Re-exports `AgentScore` from `agentscore` SDK |
|
|
17
|
+
|
|
18
|
+
## Architecture
|
|
19
|
+
|
|
20
|
+
Single Python package, hatchling-built, published to PyPI as `agentscore-commerce`. Per-framework identity adapters expose the same surface — `AgentScoreGate` (or `agentscore_gate(app, ...)` for Flask/Sanic), `capture_wallet`, `verify_wallet_signer_match`, `get_assess_data` — with network-aware address normalization (EVM lowercased, Solana base58 preserved verbatim).
|
|
21
|
+
|
|
22
|
+
| Directory | Contents |
|
|
23
|
+
|---|---|
|
|
24
|
+
| `agentscore_commerce/identity/` | Per-framework gate adapters (fastapi, flask, django, aiohttp, sanic, middleware/ASGI), shared client, sessions, address normalization, signer extraction, response marshalling, types, cache |
|
|
25
|
+
| `agentscore_commerce/payment/` | Payment-protocol helpers |
|
|
26
|
+
| `agentscore_commerce/discovery/` | Discovery probe + machine-readable docs |
|
|
27
|
+
| `agentscore_commerce/challenge/` | 402-body builders |
|
|
28
|
+
| `agentscore_commerce/stripe_multichain/` | Stripe multichain PaymentIntent helpers |
|
|
29
|
+
| `agentscore_commerce/api/` | `AgentScore` re-export |
|
|
30
|
+
| `examples/` | Runnable single-file FastAPI apps for each common scenario |
|
|
31
|
+
| `tests/` | pytest, one file per surface |
|
|
32
|
+
|
|
33
|
+
Peer-dep pattern: payment/x402/mppx/stripe modules import lazily at runtime — vendors install only what they use via extras (`pip install agentscore-commerce[fastapi,stripe]` etc.). Underlying packages: `x402[evm,svm]`, `pympp[server,tempo,stripe]`, `stripe`. Missing peer dep raises a guiding `ImportError` with the install command.
|
|
34
|
+
|
|
35
|
+
## Examples
|
|
36
|
+
|
|
37
|
+
`examples/` contains full single-file FastAPI apps for the most common merchant scenarios — copy-paste templates, not frameworks:
|
|
38
|
+
|
|
39
|
+
| Example | Scenario |
|
|
40
|
+
|---|---|
|
|
41
|
+
| `api_provider.py` | Per-call API billing on multiple rails: Tempo MPP + x402 (Base + Solana); no compliance gate |
|
|
42
|
+
| `identity_only.py` | Compliance gate without payment (vendor handles their own) |
|
|
43
|
+
| `multi_rail_merchant.py` | Full agent-commerce: identity + Tempo MPP + x402 + Stripe SPT |
|
|
44
|
+
| `stripe_multichain_merchant.py` | Stripe-anchored multichain (PaymentIntent → tempo/base/solana deposit addresses) |
|
|
45
|
+
| `variable_cost_merchant.py` | Pay-per-actual-usage on **two protocols**: x402 upto (Permit2 + Settlement-Overrides) AND MPP tempo session (channel + SSE + mid-stream vouchers) |
|
|
46
|
+
| `compliance_merchant.py` | Regulated-goods merchant — full compliance gate + custom `on_denied` composing the denial helpers (`verification_agent_instructions`, `is_fixable_denial`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `denial_reason_to_body`/`denial_reason_status`) |
|
|
47
|
+
| `per_product_policy_merchant.py` | Multi-product merchant where each row carries its own compliance policy. One product hard-gates KYC + age + state; another is anonymous; a third uses `enforcement="soft"` (request KYC but don't block sale). Demonstrates `PolicyBlock`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`. |
|
|
48
|
+
|
|
49
|
+
## Identity model
|
|
50
|
+
|
|
51
|
+
Two identity types: wallet (`X-Wallet-Address`) and operator-token (`X-Operator-Token`). Default checks operator-token first, then wallet. Address normalization is network-aware via `agentscore_commerce/identity/address.py`: EVM lowercased, Solana base58 preserved verbatim — used for cache keys, wallet→operator resolves, and signer-match comparisons.
|
|
52
|
+
|
|
53
|
+
`DenialReason` codes (`missing_identity`, `identity_verification_required`, `token_expired`, `invalid_credential`, `wallet_signer_mismatch`, `wallet_auth_requires_wallet_signing`, `wallet_not_trusted`, `api_error`, `payment_required`) each carry a structured `agent_instructions` JSON block describing concrete recovery actions. See `agentscore_commerce/identity/_response.py` for the canned action copy.
|
|
54
|
+
|
|
55
|
+
`create_session_on_missing` auto-mints a verification session when no identity is present and returns 403 with `verify_url` + poll instructions. `verify_wallet_signer_match` (per-adapter) compares the recovered signer against `linked_wallets[]` for cross-chain wallet-stack matching.
|
|
56
|
+
|
|
57
|
+
Captured wallets: `capture_wallet(...)` is fire-and-forget — reads `operator_token` stashed during gating and POSTs to `/v1/credentials/wallets`. No-ops for wallet-authenticated requests.
|
|
58
|
+
|
|
59
|
+
### Mount posture: gate-first vs gate-conditional
|
|
60
|
+
|
|
61
|
+
`AgentScoreGate(...)` (or `agentscore_gate(app, ...)` on Flask/Sanic) is mounted directly when the route is AgentScore-only — every request runs identity + policy. To support **anonymous discovery by any spec-compliant x402 wallet** (Coinbase awal, Phantom, Solflare, …), wrap the gate so it fires only when a payment credential is attached:
|
|
62
|
+
|
|
63
|
+
```python
|
|
64
|
+
_gate = AgentScoreGate(api_key=..., require_kyc=True, ...)
|
|
65
|
+
|
|
66
|
+
async def gate_on_settle(request: Request) -> None:
|
|
67
|
+
has_payment_header = bool(
|
|
68
|
+
request.headers.get("payment-signature")
|
|
69
|
+
or request.headers.get("x-payment")
|
|
70
|
+
or (request.headers.get("authorization") or "").startswith("Payment ")
|
|
71
|
+
)
|
|
72
|
+
if not has_payment_header:
|
|
73
|
+
return None
|
|
74
|
+
return await _gate(request)
|
|
75
|
+
|
|
76
|
+
@app.post("/purchase", dependencies=[Depends(gate_on_settle)])
|
|
77
|
+
async def purchase(...): ...
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
Anonymous POST flows through to the handler unauthenticated and gets a 402 with all rails + per-order pricing. Identity is verified at settle time on the retry leg (when the agent submits `X-Payment` / `Authorization: Payment`); `create_session_on_missing` still auto-mints a verification session there. The same wrap pattern works identically across all 6 framework adapters (fastapi, flask, django, aiohttp, sanic, middleware/ASGI). See `examples/multi_rail_merchant.py` and `examples/compliance_merchant.py`.
|
|
81
|
+
|
|
82
|
+
### `compatible_clients` field on emitted 402s
|
|
83
|
+
|
|
84
|
+
`build_agent_instructions` emits a `compatible_clients` field in the 402 body, derived automatically from `how_to_pay` — per-rail list of CLIs the AgentScore team has smoke-verified end-to-end. Vendors override with `BuildAgentInstructionsInput(compatible_clients={...})` to add their own tested clients. Set to an empty dict `{}` to suppress the default. Same data is published as `core/docs/integrations/x402-clients.mdx` for human-side rationale + per-rail commands.
|
|
85
|
+
|
|
86
|
+
## Tooling
|
|
87
|
+
|
|
88
|
+
- **uv** — package manager.
|
|
89
|
+
- **ruff** — linting + formatting.
|
|
90
|
+
- **ty** — type checker (Astral).
|
|
91
|
+
- **vulture** — dead code detection.
|
|
92
|
+
- **pytest** — tests.
|
|
93
|
+
- **Lefthook** — pre-commit ruff, pre-push ty + vulture (parallel).
|
|
94
|
+
|
|
95
|
+
```bash
|
|
96
|
+
uv sync --all-extras
|
|
97
|
+
uv run lefthook install # one-time per clone — wires pre-commit + pre-push
|
|
98
|
+
uv run ruff check .
|
|
99
|
+
uv run ruff format .
|
|
100
|
+
uv run ty check agentscore_commerce/
|
|
101
|
+
uv run pytest tests/
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
## Workflow
|
|
105
|
+
|
|
106
|
+
1. Create a branch
|
|
107
|
+
2. Make changes
|
|
108
|
+
3. Lefthook runs ruff on commit, ty + vulture on push
|
|
109
|
+
4. Open a PR — CI runs automatically
|
|
110
|
+
5. Merge (squash)
|
|
111
|
+
|
|
112
|
+
## Rules
|
|
113
|
+
|
|
114
|
+
- **No silent refactors**
|
|
115
|
+
- **Never commit .env files or secrets**
|
|
116
|
+
- **Use PRs** — never push directly to main
|
|
117
|
+
- **Helpers are protocol translations + configurable opinions, not opinionated frameworks**
|
|
118
|
+
- **Cross-language API parity** — keep the surface area identical between the node and python flavors so vendors switching languages have the same mental model
|
|
119
|
+
|
|
120
|
+
## Releasing
|
|
121
|
+
|
|
122
|
+
1. Update `version` in `pyproject.toml`
|
|
123
|
+
2. Commit: `git commit -am "chore: bump to vX.Y.Z"`
|
|
124
|
+
3. Tag: `git tag vX.Y.Z`
|
|
125
|
+
4. Push: `git push && git push origin vX.Y.Z`
|
|
126
|
+
|
|
127
|
+
The publish workflow runs on `ubuntu-latest` (required for PyPI trusted publishing), builds, publishes to PyPI via OIDC, and creates a GitHub Release.
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# Contributor Covenant Code of Conduct
|
|
2
|
+
|
|
3
|
+
## Our Pledge
|
|
4
|
+
|
|
5
|
+
We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
|
|
6
|
+
|
|
7
|
+
## Our Standards
|
|
8
|
+
|
|
9
|
+
Examples of behavior that contributes to a positive environment:
|
|
10
|
+
|
|
11
|
+
- Using welcoming and inclusive language
|
|
12
|
+
- Being respectful of differing viewpoints and experiences
|
|
13
|
+
- Gracefully accepting constructive criticism
|
|
14
|
+
- Focusing on what is best for the community
|
|
15
|
+
- Showing empathy towards other community members
|
|
16
|
+
|
|
17
|
+
Examples of unacceptable behavior:
|
|
18
|
+
|
|
19
|
+
- The use of sexualized language or imagery, and sexual attention or advances of any kind
|
|
20
|
+
- Trolling, insulting or derogatory comments, and personal or political attacks
|
|
21
|
+
- Public or private harassment
|
|
22
|
+
- Publishing others' private information without explicit permission
|
|
23
|
+
- Other conduct which could reasonably be considered inappropriate in a professional setting
|
|
24
|
+
|
|
25
|
+
## Enforcement
|
|
26
|
+
|
|
27
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project team at engineering@agentscore.sh. All complaints will be reviewed and investigated promptly and fairly.
|
|
28
|
+
|
|
29
|
+
## Attribution
|
|
30
|
+
|
|
31
|
+
This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1.
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
# Contributing to AgentScore
|
|
2
|
+
|
|
3
|
+
Thanks for your interest in contributing! Here's how to get started.
|
|
4
|
+
|
|
5
|
+
## Development Setup
|
|
6
|
+
|
|
7
|
+
1. Fork the repo and clone it locally
|
|
8
|
+
2. Install dependencies (see README for tooling)
|
|
9
|
+
3. Create a branch from `main`
|
|
10
|
+
4. Make your changes
|
|
11
|
+
5. Run linting and tests
|
|
12
|
+
6. Open a pull request
|
|
13
|
+
|
|
14
|
+
## Pull Requests
|
|
15
|
+
|
|
16
|
+
- All PRs require 1 approval before merging
|
|
17
|
+
- Squash merge to `main` is the standard
|
|
18
|
+
- Keep PRs focused — one feature or fix per PR
|
|
19
|
+
- Include tests for new functionality
|
|
20
|
+
- Make sure CI passes before requesting review
|
|
21
|
+
|
|
22
|
+
## Reporting Issues
|
|
23
|
+
|
|
24
|
+
Open an issue on GitHub with:
|
|
25
|
+
- A clear description of the problem
|
|
26
|
+
- Steps to reproduce
|
|
27
|
+
- Expected vs actual behavior
|
|
28
|
+
- Environment details (OS, runtime version)
|
|
29
|
+
|
|
30
|
+
## Code Style
|
|
31
|
+
|
|
32
|
+
- **TypeScript repos**: ESLint handles formatting and style. Run `bun run lint` before committing.
|
|
33
|
+
- **Python repos**: Ruff handles linting and formatting. Run `uv run ruff check .` and `uv run ruff format .` before committing.
|
|
34
|
+
|
|
35
|
+
## License
|
|
36
|
+
|
|
37
|
+
By contributing, you agree that your contributions will be licensed under the MIT License.
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 AgentScore
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|