agentscore-commerce 2.3.0__tar.gz → 2.5.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (257) hide show
  1. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/.github/workflows/ci.yml +5 -2
  2. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/.github/workflows/publish.yml +3 -3
  3. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/.github/workflows/security.yml +1 -1
  4. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/CLAUDE.md +9 -9
  5. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/CODE_OF_CONDUCT.md +1 -1
  6. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/PKG-INFO +58 -70
  7. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/README.md +54 -66
  8. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/SECURITY.md +3 -3
  9. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/__init__.py +10 -2
  10. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/_headers.py +1 -2
  11. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/_mppx_receipt.py +5 -5
  12. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/_redis.py +5 -6
  13. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/_warnings.py +1 -1
  14. agentscore_commerce-2.5.0/agentscore_commerce/aip/__init__.py +168 -0
  15. agentscore_commerce-2.5.0/agentscore_commerce/aip/gate.py +429 -0
  16. agentscore_commerce-2.5.0/agentscore_commerce/aip/http_signature.py +654 -0
  17. agentscore_commerce-2.5.0/agentscore_commerce/aip/jwks.py +448 -0
  18. agentscore_commerce-2.5.0/agentscore_commerce/aip/request.py +251 -0
  19. agentscore_commerce-2.5.0/agentscore_commerce/aip/types.py +268 -0
  20. agentscore_commerce-2.5.0/agentscore_commerce/aip/verify.py +408 -0
  21. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/__init__.py +2 -1
  22. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/accepted_methods.py +1 -1
  23. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/agent_memory.py +6 -1
  24. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/body.py +43 -2
  25. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/how_to_pay.py +1 -1
  26. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/checkout.py +786 -56
  27. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/checkout_compute_first.py +19 -10
  28. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/__init__.py +5 -1
  29. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/agentscore_content.py +1 -1
  30. agentscore_commerce-2.5.0/agentscore_commerce/discovery/bazaar.py +74 -0
  31. agentscore_commerce-2.5.0/agentscore_commerce/discovery/llms_txt.py +253 -0
  32. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/openapi.py +13 -1
  33. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/probe.py +6 -6
  34. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/robots_tag.py +1 -2
  35. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/skill_md.py +23 -9
  36. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/__init__.py +49 -0
  37. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/_denial.py +2 -2
  38. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/_response.py +79 -43
  39. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/a2a.py +45 -1
  40. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/address.py +1 -1
  41. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/aiohttp.py +127 -10
  42. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/core.py +183 -41
  43. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/default_denied.py +1 -4
  44. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/django.py +157 -11
  45. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/fastapi.py +220 -20
  46. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/flask.py +172 -11
  47. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/middleware.py +141 -10
  48. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/policy.py +66 -8
  49. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/sanic.py +123 -10
  50. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/sessions.py +2 -2
  51. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/tokens.py +11 -4
  52. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/types.py +60 -20
  53. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/ucp.py +16 -16
  54. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/ucp_jwks.py +28 -37
  55. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/fastapi.py +2 -2
  56. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/flask.py +16 -12
  57. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/__init__.py +2 -0
  58. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/amounts.py +4 -5
  59. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/compose_rails.py +0 -2
  60. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/default_rails.py +0 -2
  61. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/directive.py +3 -2
  62. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/mppx_failures.py +0 -2
  63. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/network_kind.py +0 -2
  64. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/payment_header.py +3 -5
  65. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/rail_spec.py +3 -4
  66. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/signer.py +4 -5
  67. agentscore_commerce-2.5.0/agentscore_commerce/payment/wwwauthenticate.py +68 -0
  68. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/x402_server.py +1 -2
  69. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/x402_settle.py +3 -3
  70. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/quote_cache.py +2 -3
  71. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/mppx_stripe.py +5 -5
  72. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/pay_to_address.py +0 -2
  73. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/simulate_dispatch.py +3 -9
  74. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/examples/README.md +4 -4
  75. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/examples/compliance_merchant.py +2 -1
  76. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/examples/multi_rail_merchant.py +5 -3
  77. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/examples/stripe_multichain_merchant.py +8 -2
  78. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/lefthook.yml +2 -0
  79. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/pyproject.toml +10 -5
  80. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/scripts/regenerate_cross_lang_fixtures.py +17 -17
  81. agentscore_commerce-2.5.0/tests/__init__.py +0 -0
  82. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-agentscore-gate-blocked.json +6 -6
  83. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-agentscore-gate-full.json +6 -6
  84. agentscore_commerce-2.5.0/tests/fixtures/cross-lang/node-capability.json +69 -0
  85. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-emoji-keys.json +6 -6
  86. agentscore_commerce-2.5.0/tests/fixtures/cross-lang/node-es256-rails.json +81 -0
  87. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-extras-int.json +6 -6
  88. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-int-boundary.json +3 -3
  89. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-minimal.json +3 -3
  90. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-multikey.json +8 -8
  91. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-unicode.json +6 -6
  92. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-agentscore-gate-blocked.json +6 -6
  93. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-agentscore-gate-full.json +6 -6
  94. agentscore_commerce-2.5.0/tests/fixtures/cross-lang/py-capability.json +69 -0
  95. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-emoji-keys.json +6 -6
  96. agentscore_commerce-2.5.0/tests/fixtures/cross-lang/py-es256-rails.json +81 -0
  97. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-extras-int.json +6 -6
  98. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-int-boundary.json +3 -3
  99. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-minimal.json +3 -3
  100. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-multikey.json +8 -8
  101. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-unicode.json +6 -6
  102. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_aiohttp.py +165 -9
  103. agentscore_commerce-2.5.0/tests/test_aip_adapters.py +303 -0
  104. agentscore_commerce-2.5.0/tests/test_aip_agent_memory.py +36 -0
  105. agentscore_commerce-2.5.0/tests/test_aip_checkout.py +815 -0
  106. agentscore_commerce-2.5.0/tests/test_aip_gate.py +254 -0
  107. agentscore_commerce-2.5.0/tests/test_aip_http_signature.py +597 -0
  108. agentscore_commerce-2.5.0/tests/test_aip_jwks.py +499 -0
  109. agentscore_commerce-2.5.0/tests/test_aip_presentation.py +116 -0
  110. agentscore_commerce-2.5.0/tests/test_aip_request.py +129 -0
  111. agentscore_commerce-2.5.0/tests/test_aip_types.py +135 -0
  112. agentscore_commerce-2.5.0/tests/test_aip_verify.py +372 -0
  113. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_challenge.py +67 -3
  114. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_checkout.py +296 -5
  115. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_checkout_compute_first_settle.py +28 -0
  116. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_checkout_coverage_gaps.py +94 -17
  117. agentscore_commerce-2.5.0/tests/test_checkout_signer_match.py +219 -0
  118. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_checkout_wallet_ofac_default.py +8 -1
  119. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_compose_rails.py +29 -0
  120. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_core.py +27 -12
  121. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_coverage_fillers.py +29 -1
  122. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_discovery.py +10 -10
  123. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_django.py +185 -8
  124. agentscore_commerce-2.5.0/tests/test_extract_owner_scope.py +70 -0
  125. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_fastapi.py +219 -32
  126. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_flask.py +144 -9
  127. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_get_signer_verdict.py +34 -25
  128. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_lifted_helpers.py +8 -0
  129. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_middleware.py +188 -16
  130. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_pay_to_address.py +139 -0
  131. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_payment_dispatch.py +27 -0
  132. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_payment_handlers.py +15 -15
  133. agentscore_commerce-2.5.0/tests/test_payment_header.py +147 -0
  134. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_payment_misc.py +62 -8
  135. agentscore_commerce-2.5.0/tests/test_payment_servers.py +746 -0
  136. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_policy.py +87 -0
  137. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_quote_cache.py +14 -0
  138. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_rate_limit.py +160 -0
  139. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_response.py +16 -3
  140. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_sanic.py +153 -4
  141. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_seamless_helpers.py +102 -13
  142. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_sessions.py +56 -6
  143. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_signer_match.py +168 -2
  144. agentscore_commerce-2.5.0/tests/test_signer_verdict_request_scoped.py +119 -0
  145. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_simulate_dispatch.py +31 -0
  146. agentscore_commerce-2.5.0/tests/test_solana.py +110 -0
  147. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_stripe_multichain.py +42 -6
  148. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_ucp.py +9 -9
  149. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_ucp_jwks.py +6 -6
  150. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_zero_settle.py +8 -0
  151. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/uv.lock +935 -801
  152. agentscore_commerce-2.3.0/agentscore_commerce/discovery/bazaar.py +0 -28
  153. agentscore_commerce-2.3.0/agentscore_commerce/discovery/llms_txt.py +0 -291
  154. agentscore_commerce-2.3.0/agentscore_commerce/payment/wwwauthenticate.py +0 -56
  155. agentscore_commerce-2.3.0/tests/fixtures/cross-lang/node-capability.json +0 -69
  156. agentscore_commerce-2.3.0/tests/fixtures/cross-lang/node-es256-rails.json +0 -81
  157. agentscore_commerce-2.3.0/tests/fixtures/cross-lang/py-capability.json +0 -69
  158. agentscore_commerce-2.3.0/tests/fixtures/cross-lang/py-es256-rails.json +0 -81
  159. agentscore_commerce-2.3.0/tests/test_extract_owner_scope.py +0 -49
  160. agentscore_commerce-2.3.0/tests/test_payment_header.py +0 -74
  161. agentscore_commerce-2.3.0/tests/test_payment_servers.py +0 -363
  162. agentscore_commerce-2.3.0/tests/test_solana.py +0 -36
  163. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/.github/ISSUE_TEMPLATE/bug_report.md +0 -0
  164. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/.github/ISSUE_TEMPLATE/feature_request.md +0 -0
  165. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/.github/PULL_REQUEST_TEMPLATE.md +0 -0
  166. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/.github/dependabot.yml +0 -0
  167. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/.gitignore +0 -0
  168. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/CONTRIBUTING.md +0 -0
  169. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/LICENSE +0 -0
  170. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/api/__init__.py +0 -0
  171. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/agent_instructions.py +0 -0
  172. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/identity.py +0 -0
  173. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/pricing.py +0 -0
  174. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/receipt.py +0 -0
  175. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/respond_402.py +0 -0
  176. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/validation_error.py +0 -0
  177. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/checkout_hooks.py +0 -0
  178. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/redemption_md.py +0 -0
  179. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/well_known.py +0 -0
  180. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/well_known_mpp.py +0 -0
  181. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/well_known_x402.py +0 -0
  182. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/errors.py +0 -0
  183. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/cache.py +0 -0
  184. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/py.typed +0 -0
  185. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/signer.py +0 -0
  186. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/__init__.py +0 -0
  187. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/_core.py +0 -0
  188. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/aiohttp.py +0 -0
  189. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/asgi.py +0 -0
  190. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/django.py +0 -0
  191. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/sanic.py +0 -0
  192. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/constants.py +0 -0
  193. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/dispatch.py +0 -0
  194. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/headers.py +0 -0
  195. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/idempotency.py +0 -0
  196. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/lazy.py +0 -0
  197. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/mppx_server.py +0 -0
  198. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/networks.py +0 -0
  199. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/rails.py +0 -0
  200. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/settlement_override.py +0 -0
  201. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/solana.py +0 -0
  202. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/usdc.py +0 -0
  203. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/x402.py +0 -0
  204. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/x402_validation.py +0 -0
  205. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/zero_settle.py +0 -0
  206. /agentscore_commerce-2.3.0/tests/__init__.py → /agentscore_commerce-2.5.0/agentscore_commerce/py.typed +0 -0
  207. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/__init__.py +0 -0
  208. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/payment_intent.py +0 -0
  209. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/pi_cache.py +0 -0
  210. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/simulate_deposit.py +0 -0
  211. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/examples/api_provider.py +0 -0
  212. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/examples/compute_first_merchant.py +0 -0
  213. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/examples/identity_only.py +0 -0
  214. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/examples/per_product_policy_merchant.py +0 -0
  215. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/examples/signed_ucp_merchant.py +0 -0
  216. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/osv-scanner.toml +0 -0
  217. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/ruff.toml +0 -0
  218. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/conftest.py +0 -0
  219. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_a2a.py +0 -0
  220. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_a2a_jws_roundtrip.py +0 -0
  221. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_address.py +0 -0
  222. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_agent_memory_emitter.py +0 -0
  223. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_amounts.py +0 -0
  224. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_api_reexport.py +0 -0
  225. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_cache.py +0 -0
  226. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_checkout_compute_first.py +0 -0
  227. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_checkout_compute_first_adapters.py +0 -0
  228. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_checkout_compute_first_ofac.py +0 -0
  229. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_classify_orchestration_error.py +0 -0
  230. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_default_denied.py +0 -0
  231. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_default_rails.py +0 -0
  232. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_default_read_only_on_denied.py +0 -0
  233. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_denial.py +0 -0
  234. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_dispatch.py +0 -0
  235. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_gate_quota_info.py +0 -0
  236. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_idempotency_helper.py +0 -0
  237. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_integration.py +0 -0
  238. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_internal_helpers.py +0 -0
  239. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_load_ucp_signing_key_from_env.py +0 -0
  240. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_mppx_failures.py +0 -0
  241. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_mppx_receipt.py +0 -0
  242. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_network_kind.py +0 -0
  243. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_payment_directive.py +0 -0
  244. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_payment_headers.py +0 -0
  245. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_payment_signer.py +0 -0
  246. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_pricing.py +0 -0
  247. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_public_surface.py +0 -0
  248. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_quote_cache_redis.py +0 -0
  249. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_rail_spec.py +0 -0
  250. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_redis_internal.py +0 -0
  251. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_robots_tag.py +0 -0
  252. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_skill_md.py +0 -0
  253. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_solana_mpp_rail_spec_post_init.py +0 -0
  254. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_tokens.py +0 -0
  255. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_ucp_cross_lang.py +0 -0
  256. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_validation_error.py +0 -0
  257. {agentscore_commerce-2.3.0 → agentscore_commerce-2.5.0}/tests/test_x402_settle_extra.py +0 -0
@@ -21,12 +21,12 @@ jobs:
21
21
  - uses: useblacksmith/checkout@v1
22
22
 
23
23
  - name: Install uv
24
- uses: astral-sh/setup-uv@v8.1.0
24
+ uses: astral-sh/setup-uv@v8.3.0
25
25
 
26
26
  - name: Set up Python
27
27
  run: uv python install 3.12
28
28
 
29
- - uses: actions/cache@v5
29
+ - uses: actions/cache@v6
30
30
  with:
31
31
  path: |
32
32
  ~/.cache/uv
@@ -46,6 +46,9 @@ jobs:
46
46
  - name: Type check (ty)
47
47
  run: uv run ty check agentscore_commerce/
48
48
 
49
+ - name: Type check examples (ty)
50
+ run: uv run ty check -c 'src.include=["examples"]'
51
+
49
52
  - name: Vulture
50
53
  run: uv run vulture agentscore_commerce/ --min-confidence 80
51
54
 
@@ -17,9 +17,9 @@ jobs:
17
17
  runs-on: ubuntu-latest
18
18
  timeout-minutes: 15
19
19
  steps:
20
- - uses: actions/checkout@v6
20
+ - uses: actions/checkout@v7
21
21
 
22
- - uses: astral-sh/setup-uv@v8.1.0
22
+ - uses: astral-sh/setup-uv@v8.3.0
23
23
 
24
24
  - name: Set version from tag
25
25
  run: sed -i "s/^version = .*/version = \"${GITHUB_REF_NAME#v}\"/" pyproject.toml
@@ -27,7 +27,7 @@ jobs:
27
27
  - run: uv build
28
28
 
29
29
  - name: Publish to PyPI
30
- uses: pypa/gh-action-pypi-publish@release/v1
30
+ uses: pypa/gh-action-pypi-publish@v1.14.0
31
31
 
32
32
  - name: Create GitHub Release
33
33
  run: gh release create "$GITHUB_REF_NAME" --generate-notes
@@ -38,7 +38,7 @@ jobs:
38
38
  timeout-minutes: 5
39
39
  steps:
40
40
  - uses: useblacksmith/checkout@v1
41
- - uses: astral-sh/setup-uv@v8.1.0
41
+ - uses: astral-sh/setup-uv@v8.3.0
42
42
  - uses: actions/setup-python@v6
43
43
  with:
44
44
  python-version: "3.13"
@@ -8,8 +8,8 @@ Every helper is extracted from a real consumer, not speculated.
8
8
 
9
9
  | Submodule | What it is |
10
10
  |---|---|
11
- | `agentscore_commerce` (top-level) | `Checkout` orchestrator (the 2.0 high-level surface): one config object + hooks (pre_validate, compute_pricing, mint_recipients, compose_mppx, on_settled, gate), auto-derived x402+pympp servers, per-framework adapters `handle_fastapi`/`handle_flask`/`handle_django`/`handle_aiohttp`/`handle_sanic`, signed UCP routes via `mount_ucp_routes_{fastapi,flask,django,aiohttp,sanic}`, optional `discovery_probe` config for x402-crawler auto-routing. Plus `compute_first_checkout` — variable-cost pay-per-result helper (compute-first + exact-x402). Scope is exact-mode rails only (x402-exact Base, tempo/charge, solana/charge, Stripe SPT); does NOT use x402-upto (Permit2) or Settlement-Overrides — variable cost is captured by running the work pre-settle and emitting a 402 at the exact computed price. `create_quote_cache` — content-hash quote cache used by the compute-first helper (in-memory by default; pass `redis_url` for distributed deployments). `create_default_on_denied` — canonical `on_denied(reason)` factory matching `Checkout`'s gate hook (handles `wallet_signer_mismatch`, `wallet_not_trusted` unfixable fallback, `payment_required`, `token_expired`/`invalid_credential`/`api_error`); merchants pass `merchant_name` + `support_email` and override `wallet_not_trusted_message` / `payment_required_message` / `support_context` for vendor-specific copy. `has_payment_header` — discriminator that splits discovery legs (no payment credential → 402) from settle legs (`payment-signature` / `x-payment` / `Authorization: Payment <jwt>`); `has_x402_header` / `has_mppx_header` — granular dispatch helpers (x402 vs MPP credential present) for routes that branch on rail. `default_read_only_on_denied(reason)` — canonical `on_denied` for read-only resource gates (`GET /orders/:id`): collapses every denial to 401 `unauthorized` + `Cache-Control: no-store` while still spreading `denial_reason_to_body` so `agent_instructions` / `verify_url` ride through. Returns a `DefaultOnDeniedResult(body, status, headers)` dataclass; FastAPI / Flask / aiohttp / Sanic `on_denied` callbacks accept an optional 3-tuple `(body, status, headers)` — convert with `lambda req, reason: (r := default_read_only_on_denied(reason), (r.body, r.status, r.headers or {}))[1]` or a named wrapper. Django + ASGI middleware adapters return Response objects directly; construct `JsonResponse(r.body, status=r.status, headers=r.headers)` / `JSONResponse(content=r.body, status_code=r.status, headers=r.headers)`. `extract_owner_scope(headers) -> OwnerScope` — pull canonical owner identity from `X-Wallet-Address` / `X-Operator-Token` with safe token hashing; pair with a wallet-or-token-scoped resource query so plaintext tokens never leave the request. Plus factories: `pricing_result` (cents → typed `PricingResult`), `validation_response_{fastapi,flask,django,aiohttp,sanic}` (4xx envelope per framework), `Receipt`/`ReceiptNextSteps`/`ProductInfo`/`ShippingAddress` (canonical 200-receipt dataclasses, universal across goods + API merchants) |
12
- | `agentscore_commerce.identity.{fastapi,flask,django,aiohttp,sanic,middleware}` | Trust gate middleware (KYC, age, sanctions on both account name and signer wallet, jurisdiction). Each adapter exports a conditional variant that wraps the gate so it fires only on settle legs (anonymous discovery flows through and gets a 402 with all rails): FastAPI / ASGI expose `ConditionalAgentScoreGate`, Django exposes `ConditionalAgentScoreMiddleware`, Flask + Sanic expose `conditional_agentscore_gate(app, ...)`, aiohttp exposes `conditional_agentscore_gate_middleware(...)`. Adapters export ONLY framework-specific surface (gate classes / fns, accessors, `capture_wallet`); shared helpers like `has_payment_header` / `denial_reason_to_body` import from their canonical home (`agentscore_commerce.payment` and `agentscore_commerce.identity` respectively). The existing `agentscore_gate(app, ...)` and `AgentScoreGate` accept an optional `condition=` callable for inline gating. |
11
+ | `agentscore_commerce` (top-level) | `Checkout` orchestrator (the 2.0 high-level surface): one config object + hooks (pre_validate, compute_pricing, mint_recipients, compose_mppx, on_settled, gate), auto-derived x402+pympp servers, per-framework adapters `handle_fastapi`/`handle_flask`/`handle_django`/`handle_aiohttp`/`handle_sanic`, signed UCP routes via `mount_ucp_routes_{fastapi,flask,django,aiohttp,sanic}`, optional `discovery_probe` config for x402-crawler auto-routing. Plus `compute_first_checkout` — variable-cost pay-per-result helper (compute-first + exact-x402). Scope is exact-mode rails only (x402-exact Base, tempo/charge, solana/charge, Stripe SPT); does NOT use x402-upto (Permit2) or Settlement-Overrides — variable cost is captured by running the work pre-settle and emitting a 402 at the exact computed price. `create_quote_cache` — content-hash quote cache used by the compute-first helper (in-memory by default; pass `redis_url` for distributed deployments). `create_default_on_denied` — canonical `on_denied(reason)` factory matching `Checkout`'s gate hook (handles `wallet_signer_mismatch`, `wallet_not_trusted` unfixable fallback, `payment_required`, `token_expired`/`invalid_credential`/`api_error`); merchants pass `merchant_name` + `support_email` and override `wallet_not_trusted_message` / `payment_required_message` / `support_context` for vendor-specific copy. `has_payment_header` — discriminator that splits discovery legs (no payment credential → 402) from settle legs (`payment-signature` / `x-payment` / `Authorization: Payment <jwt>`); `has_x402_header` / `has_mppx_header` — granular dispatch helpers (x402 vs MPP credential present) for routes that branch on rail. `default_read_only_on_denied(reason)` — canonical `on_denied` for read-only resource gates (`GET /orders/:id`): collapses every denial to 401 `unauthorized` + `Cache-Control: no-store` while still spreading `denial_reason_to_body` so `agent_instructions` / `verify_url` ride through. Returns a `DefaultOnDeniedResult(body, status, headers)` dataclass; FastAPI / Flask / aiohttp / Sanic `on_denied` callbacks accept an optional 3-tuple `(body, status, headers)` — convert with `lambda req, reason: (r := default_read_only_on_denied(reason), (r.body, r.status, r.headers or {}))[1]` or a named wrapper. Django + ASGI middleware adapters return Response objects directly; construct `JsonResponse(r.body, status=r.status, headers=r.headers)` / `JSONResponse(content=r.body, status_code=r.status, headers=r.headers)`. `extract_owner_scope(headers) -> OwnerScope` — pull canonical owner identity from `X-Wallet-Address` / `X-Operator-Token` with safe token hashing; pair with a wallet-or-token-scoped resource query so plaintext tokens never leave the request. Plus factories: `pricing_result` (cents → typed `PricingResult`), `validation_response_{fastapi,flask,django,aiohttp,sanic}` (4xx envelope per framework) |
12
+ | `agentscore_commerce.identity.{fastapi,flask,django,aiohttp,sanic,middleware}` | Trust gate middleware (KYC, age, sanctions on both account name and signer wallet, jurisdiction). Each adapter exports a conditional variant that wraps the gate so it fires only on settle legs (anonymous discovery flows through and gets a 402 with all rails): FastAPI / ASGI expose `ConditionalAgentScoreGate`, Django exposes `ConditionalAgentScoreMiddleware`, Flask + Sanic expose `conditional_agentscore_gate(app, ...)`, aiohttp exposes `conditional_agentscore_gate_middleware(...)`. Adapters export ONLY framework-specific surface (gate classes / fns, accessors, `capture_wallet`); shared helpers like `has_payment_header` / `denial_reason_to_body` import from their canonical home (`agentscore_commerce.payment` and `agentscore_commerce.identity` respectively). The Flask / Sanic `agentscore_gate(app, ...)` function accepts an optional `condition=` callable for inline gating (`AgentScoreGate.__init__` does not). |
13
13
  | `agentscore_commerce.identity.policy` | Per-product compliance helpers: `PolicyBlock`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`, `validate_shipping_against_policy` (one-call country+state validator that raises `CheckoutValidationError` with the canonical envelope on miss) |
14
14
  | `agentscore_commerce.payment` | Networks/USDC/rails registries, paymentauth.org directive builders, `create_x402_server` (wraps `x402[evm]>=2.9` + `cdp-sdk` for `facilitator="coinbase"`; install via the `coinbase` extra), `build_x402_accepts_for_402` (build the 402's `accepts[]` from the registered scheme; derives the right `extra.name` per network), `build_default_checkout_rails(tempo=, x402_base=, solana_mpp=, stripe=)` (canonical 4-rail `rails` dict factory: merchants pass per-rail overrides instead of redeclaring the recipient sentinel + network/chain_id/token boilerplate. When a caller flips `network` without pinning `token` / `chain_id`, the underlying dataclass derives them from the network: Base Sepolia → Sepolia USDC + chain_id 84532, Solana devnet → devnet USDC mint. Explicit overrides always win. Solana's `network` field accepts both CAIP-2 (`solana:5eykt4UsFv8…` / `solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1`) AND the raw `@solana/mpp` form (`mainnet-beta` / `devnet` / `localnet`)), `build_mppx_compose_rails(amount_usd=, tempo_recipient=, solana_recipient=, ...)` (per-call intent factory replacing the hand-rolled `[("tempo/charge", {...}), ("solana/charge", {...}), ("stripe/charge", {...})]` list; auto-handles USD→atomic conversion for Solana; auto-drops the `stripe/charge` rail with a one-time `logging.warning` when `amount_usd < 0.50` since Stripe's fixed ~$0.30 fee makes sub-50-cent charges unprofitable — many Stripe accounts also reject PI creation below the floor with `amount_too_small`; sub-50-cent APIs pass `include_stripe=False` explicitly to silence the warning), `process_x402_settle` (verify+settle in one call), `create_mppx_server` (wraps `pympp[server,tempo,stripe]>=0.6`), `is_evm_network`/`is_solana_network` (CAIP-2 discriminators that hide the `startswith("eip155:")` / `startswith("solana:")` prefix matching), `has_payment_header` (settle-leg vs discovery-leg discriminator), `parse_did_pkh_address` (parses ``did:pkh:<family>:<chain>:<addr>`` into a `PaymentSigner`), dispatch-by-network, signer extraction, WWW-Authenticate header, Settlement-Overrides header |
15
15
  | `agentscore_commerce.discovery` | Discovery probe (`is_discovery_probe_request`, `build_discovery_probe_response`), Bazaar wrapper, `/.well-known/mpp.json`, `llms.txt` builder, `skill.md` builder (Claude-Skill-compatible agent-discovery manifest), `build_redemption_skill_md` (delivery-neutral; printed/emailed/API-trial codes all covered via `delivery_intro`/`body_shape`/`body_rules`/`extra_recovery_rows` overrides), `build_merchant_index_json` + `standard_endpoint_descriptions(kind=)` (canonical `/` discovery body for goods or API merchants), `build_success_next_steps` (universal Passport-active success block), `build_agentscore_onboarding_steps`, OpenAPI snippets, `NoindexNonDiscoveryMiddleware` ASGI middleware. Plus the UCP/JWKS publish surface: `build_signed_ucp_response`, `build_signed_jwks_response`, `well_known_preflight_response`, `default_a2a_services`, `bootstrap_ucp_signing_key`, framework-neutral `SignedDiscoveryResponse` + per-framework wrappers `signed_response_{fastapi,flask,django,aiohttp,sanic}` |
@@ -46,7 +46,7 @@ Peer-dep pattern: payment/x402/mppx/stripe modules import lazily at runtime; ven
46
46
  | `multi_rail_merchant.py` | Full agent-commerce: identity + Tempo MPP + x402 + Stripe SPT |
47
47
  | `stripe_multichain_merchant.py` | Stripe-anchored multichain (PaymentIntent → tempo/base/solana deposit addresses) |
48
48
  | `compute_first_merchant.py` | Pay-per-result variable-cost merchant via the compute-first + exact-x402 helper (`compute_first_checkout`). Exact-mode rails only (x402-exact Base, tempo/charge, solana/charge, Stripe SPT); deliberately scoped out of x402-upto (Permit2) and Settlement-Overrides. Probe runs the work + caches by body content-hash; settle replays the cached result at the computed exact price. Pairs with `rate_limit_fastapi` since the probe leg runs work pre-payment. |
49
- | `compliance_merchant.py` | Regulated-goods merchant: full compliance gate + custom `on_denied` composing the denial helpers (`verification_agent_instructions`, `is_fixable_denial`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `denial_reason_to_body`/`denial_reason_status`) |
49
+ | `compliance_merchant.py` | Regulated-goods merchant: full compliance gate + custom `on_denied` composing the denial helpers (`verification_agent_instructions`, `is_fixable_denial`, `build_contact_support_next_steps`, `denial_reason_to_body`/`denial_reason_status`) |
50
50
  | `per_product_policy_merchant.py` | Multi-product merchant where each row carries its own compliance policy. One product hard-gates KYC + age + state; another is anonymous; a third uses `enforcement="soft"` (request KYC but don't block sale). Demonstrates `PolicyBlock`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`. |
51
51
  | `signed_ucp_merchant.py` | Signed UCP profile (`/.well-known/ucp`) + JWKS endpoint (`/.well-known/jwks.json`). AgentScore's `agentscore-profile+jws` is a vendor extension on top of UCP for trust-mode verifiers (regulated-commerce, AP2-aware) that opt into auditable cryptographic provenance — UCP §6 itself does NOT mandate signing; production UCP merchants commonly ship unsigned. Wires ephemeral-for-dev / env-JWK-for-prod signing, kid rotation, and `Cache-Control` posture. Uses `generate_ucp_signing_key`, `sign_ucp_profile`, `build_jwks_response`, `UCPSigningKey.from_jwk`, `UCPVerificationError`. Demonstrates the payment-handler builders (`mpp_payment_handler`, `x402_payment_handler`, `stripe_spt_payment_handler` — see "Payment-handler builders" below). |
52
52
 
@@ -55,6 +55,7 @@ Peer-dep pattern: payment/x402/mppx/stripe modules import lazily at runtime; ven
55
55
  The SDK ships protocol-rooted builders for the AgentScore-published payment handlers — vendors compose UCP `payment_handlers` blocks by spreading these helpers instead of hand-writing the verbose binding wrapper:
56
56
 
57
57
  ```python
58
+ from agentscore_commerce import StripeRailSpec, TempoRailSpec, X402BaseRailSpec
58
59
  from agentscore_commerce.identity import (
59
60
  build_ucp_profile,
60
61
  mpp_payment_handler,
@@ -65,14 +66,14 @@ from agentscore_commerce.identity import (
65
66
  build_ucp_profile(
66
67
  ...,
67
68
  payment_handlers={
68
- **mpp_payment_handler(networks=[{"network": "tempo-mainnet", "chain_id": 4217, "recipient": "0x..."}]),
69
- **x402_payment_handler(networks=[{"network": "base-8453", "recipient": "0x..."}]),
70
- **stripe_spt_payment_handler(profile_id="profile_..."),
69
+ **mpp_payment_handler(networks=[TempoRailSpec(recipient="0x...")]),
70
+ **x402_payment_handler(networks=[X402BaseRailSpec(recipient="0x...")]),
71
+ **stripe_spt_payment_handler(spec=StripeRailSpec(profile_id="profile_...")),
71
72
  },
72
73
  )
73
74
  ```
74
75
 
75
- Each helper returns `{ <reverse-DNS-key>: [binding] }` so spreading composes the parent map. The handler `version`, spec URL, and schema URL are owned by the helpers (`agentscore_commerce/identity/ucp.py`) — bumping a handler spec version is a one-line change there. `mpp` + `x402` share the same `networks: [{network, recipient?, ...extras}]` config shape so consumers parse both identically. `recipient` is optional omit when the merchant uses per-order recipients (e.g. Stripe-derived deposit addresses); the authoritative recipient still ships in the 402 body.
76
+ Each helper returns `{ <reverse-DNS-key>: [binding] }` so spreading composes the parent map. The handler `version`, spec URL, and schema URL are owned by the helpers (`agentscore_commerce/identity/ucp.py`) — bumping a handler spec version is a one-line change there. `mpp` takes `TempoRailSpec` / `SolanaMppRailSpec` instances and `x402` takes `X402BaseRailSpec`; each carries a `recipient` a static address string, or `""` / a factory callable to signal per-order minting (e.g. Stripe-derived deposit addresses), in which case the authoritative recipient ships in the 402 body rather than the static UCP profile.
76
77
 
77
78
  ## Identity model
78
79
 
@@ -120,7 +121,7 @@ Anonymous POST flows through to the handler unauthenticated and gets a 402 with
120
121
 
121
122
  ### `compatible_clients` field on emitted 402s
122
123
 
123
- `build_agent_instructions` emits a `compatible_clients` field in the 402 body, derived automatically from `how_to_pay`: per-rail list of CLIs the AgentScore team has smoke-verified end-to-end. Vendors override with `BuildAgentInstructionsInput(compatible_clients={...})` to add their own tested clients. Set to an empty dict `{}` to suppress the default. Same data is published as `core/docs/integrations/x402-clients.mdx` for human-side rationale + per-rail commands.
124
+ `build_agent_instructions` emits a `compatible_clients` field in the 402 body, derived automatically from `how_to_pay`: per-rail list of CLIs the AgentScore team has smoke-verified end-to-end. Vendors override with `build_agent_instructions(how_to_pay=how_to_pay, compatible_clients={...})` to add their own tested clients. Set to an empty dict `{}` to suppress the default. Same data is published at https://docs.agentscore.com/integrations/x402-clients for human-side rationale + per-rail commands.
124
125
 
125
126
  ## Tooling
126
127
 
@@ -154,7 +155,6 @@ uv run pytest tests/
154
155
  - **Never commit .env files or secrets**
155
156
  - **Use PRs**: never push directly to main
156
157
  - **Helpers are protocol translations + configurable opinions, not opinionated frameworks**
157
- - **Cross-language API parity**: keep the surface area identical between the node and python flavors so vendors switching languages have the same mental model
158
158
 
159
159
  ## Releasing
160
160
 
@@ -24,7 +24,7 @@ Examples of unacceptable behavior:
24
24
 
25
25
  ## Enforcement
26
26
 
27
- Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project team at engineering@agentscore.sh. All complaints will be reviewed and investigated promptly and fairly.
27
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project team at engineering@agentscore.com. All complaints will be reviewed and investigated promptly and fairly.
28
28
 
29
29
  ## Attribution
30
30
 
@@ -1,8 +1,8 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: agentscore-commerce
3
- Version: 2.3.0
3
+ Version: 2.5.0
4
4
  Summary: Agent commerce SDK for Python — identity middleware (FastAPI, Flask, Django, AIOHTTP, Sanic, ASGI) + payment helpers + 402 builders + discovery + Stripe multichain. The full merchant-side toolkit for AgentScore-powered agent commerce.
5
- Project-URL: Homepage, https://agentscore.sh
5
+ Project-URL: Homepage, https://www.agentscore.com
6
6
  Project-URL: Repository, https://github.com/agentscore/python-commerce
7
7
  Project-URL: Issues, https://github.com/agentscore/python-commerce/issues
8
8
  License-Expression: MIT
@@ -18,7 +18,7 @@ Classifier: License :: OSI Approved :: MIT License
18
18
  Classifier: Programming Language :: Python :: 3
19
19
  Classifier: Topic :: Software Development :: Libraries
20
20
  Requires-Python: >=3.11
21
- Requires-Dist: agentscore-py>=2.3.0
21
+ Requires-Dist: agentscore-py>=2.5.0
22
22
  Requires-Dist: httpx<1.0.0,>=0.25.0
23
23
  Provides-Extra: aiohttp
24
24
  Requires-Dist: aiohttp>=3.8.0; extra == 'aiohttp'
@@ -33,7 +33,7 @@ Requires-Dist: flask>=2.0.0; extra == 'flask'
33
33
  Provides-Extra: mppx
34
34
  Requires-Dist: pympp[server,stripe,tempo]<1,>=0.6; extra == 'mppx'
35
35
  Provides-Extra: redis
36
- Requires-Dist: redis<7,>=5.0; extra == 'redis'
36
+ Requires-Dist: redis<8,>=5.0; extra == 'redis'
37
37
  Provides-Extra: sanic
38
38
  Requires-Dist: sanic>=23.0.0; extra == 'sanic'
39
39
  Provides-Extra: starlette
@@ -51,7 +51,7 @@ Description-Content-Type: text/markdown
51
51
  [![PyPI version](https://img.shields.io/pypi/v/agentscore-commerce.svg)](https://pypi.org/project/agentscore-commerce/)
52
52
  [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
53
53
 
54
- The full merchant-side SDK for [AgentScore](https://agentscore.sh) in Python: agent commerce in one install. Identity middleware (FastAPI, Flask, Django, AIOHTTP, Sanic, ASGI), payment helpers, 402 challenge builders, MPP discovery, and Stripe multichain support.
54
+ The full merchant-side SDK for [AgentScore](https://www.agentscore.com) in Python: agent commerce in one install. Identity middleware (FastAPI, Flask, Django, AIOHTTP, Sanic, ASGI), payment helpers, 402 challenge builders, MPP discovery, and Stripe multichain support.
55
55
 
56
56
  ## Install
57
57
 
@@ -74,11 +74,11 @@ pip install 'agentscore-commerce[fastapi,x402,coinbase]'
74
74
  |---|---|
75
75
  | `agentscore_commerce` (top-level) | `Checkout` orchestrator + `CheckoutContext` + `CheckoutGateConfig` + `CheckoutValidationError` + `DiscoveryProbeConfig` + `SettleOutcome` + `MppxComposeOutcome` + `PricingResult` (the 2.0 high-level surface: one config object, hooks for pre_validate/compute_pricing/on_settled/mint_recipients/compose_mppx, auto-derived x402+mppx servers, per-framework adapters `handle_fastapi`/`handle_flask`/`handle_django`/`handle_aiohttp`/`handle_sanic`, signed UCP routes via `mount_ucp_routes_{fastapi,flask,django,aiohttp,sanic}`); `pricing_result` (factory: cents-denominated → typed `PricingResult` with embedded `PricingBlock`); `validation_response_{fastapi,flask,django,aiohttp,sanic}` (per-framework 4xx envelope wrappers); `make_mppx_compose_hook` (canonical pympp compose adapter). |
76
76
  | `agentscore_commerce.identity.{fastapi,flask,django,aiohttp,sanic,middleware}` | Trust gate middleware: KYC, sanctions (account name + signer wallet), age, jurisdiction. `AgentScoreGate(...)` (or `agentscore_gate(app, ...)` on Flask/Sanic), `get_agentscore_data(...)`, `capture_wallet(...)`, `get_signer_verdict(...)`. The gate extracts the payment signer pre-evaluate and passes it to `/v1/assess`, so the API composes both wallet-binding (`signer_match`) and OFAC SDN wallet-address (`signer_sanctions`) verdicts on one round trip. |
77
- | `agentscore_commerce.identity` (package level) | Re-exports the denial helpers: `denial_reason_status`, `denial_reason_to_body`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `verification_agent_instructions`, `is_fixable_denial`, `FIXABLE_DENIAL_REASONS`. The per-framework adapter modules also expose `get_gate_quota_info(request)` for surfacing X-RateLimit info from gate state. Also re-exports the per-product policy helpers: `PolicyBlock`, `GateResult`, `EnforcementMode`, `IdentityStatus`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`, `validate_shipping_against_policy` (one-call country+state validator that raises `CheckoutValidationError` with the canonical envelope on miss) for multi-product merchants where each product carries its own compliance config: hard gate vs soft vs none, per-product shipping allowlists. Key + token helpers: `load_ucp_signing_key_from_env` (cached env-driven loader for the UCP signing key reads `UCP_SIGNING_KEY_JWK_PRIVATE` JSON JWK, detects alg from shape, falls back to ephemeral when unset, sanitizes errors so key bytes never reach logs, concurrent-safe via `threading.Lock`; env-var names and `default_kid` / `default_alg` are overridable as kwargs); `hash_operator_token` (sha256 hex of plaintext `opc_...` for merchants persisting `operator_token_id` to their own DB without ever storing the plaintext); `extract_owner_scope(headers) -> OwnerScope` (canonical owner-identity extractor for caller-scoped resource queries reads `X-Wallet-Address` / `X-Operator-Token`, hashes the token so plaintext never leaves the request); `has_payment_header` / `has_x402_header` / `has_mppx_header` (request discriminators — any-credential vs x402 vs MPP); `default_read_only_on_denied(reason)` (canonical `on_denied` for read-only resource gates: 401 + `Cache-Control: no-store` while still spreading `denial_reason_to_body`. Returns a `DefaultOnDeniedResult(body, status, headers)`; FastAPI / Flask / aiohttp / Sanic `on_denied` callbacks accept an optional 3-tuple `(body, status, headers)` to carry headers through; wrap with `lambda req, reason: (lambda r: (r.body, r.status, r.headers or {}))(default_read_only_on_denied(reason))`). |
78
- | `agentscore_commerce.payment` | `networks`, `USDC`, `rails` registries; `payment_directive`, `build_payment_directive`, `www_authenticate_header`, `payment_required_header`, `alias_amount_fields` (v1↔v2 amount field shim that emits both `amount` and `maxAmountRequired` so v1-only x402 parsers like Coinbase awal can read v2 bodies), `settlement_override_header`, `dispatch_settlement_by_network`, `extract_payment_signer` (accepts positional `x402_payment_header` AND/OR `authorization_header=` kwarg; recovers signer from x402 EIP-3009 `payload.authorization.from` OR MPP `Authorization: Payment <base64>` `did:pkh:eip155:<chain>:<addr>` / `did:pkh:solana:<genesis>:<addr>` source DID), `detect_rail_from_headers` (returns `"x402"` / `"mpp"` / `None` from inbound headers), `register_x402_schemes_v1_v2`; drop-in x402 helpers: `validate_x402_network_config` (boot-time guard), `verify_x402_request` (parse + validate inbound X-Payment), `process_x402_settle` (verify-then-settle with one call), `classify_x402_settle_result` (maps the tagged settle result to a recommended HTTP status / code / next_steps so merchants get a controlled envelope without coupling to facilitator-specific error text), `classify_orchestration_error` (same `ClassifiedX402Error` shape but for uncaught exceptions thrown elsewhere in the orchestration; returns `None` for unknown errors so merchants rethrow instead of swallowing); `zero_amount_carve_out` (skip CDP / pympp upstream verify+settle for $0 settles where the upstream rejects value=0 payloads; parses the credential, lifts signer + network, returns a `ZeroSettleResult` shaped identically to the success path so callers branch on rail, not on result shape); `usd_to_atomic` (Decimal-based USD → atomic int, ROUND_HALF_UP for Tempo / Solana / Base USDC amount construction). |
79
- | `agentscore_commerce.discovery` | `is_discovery_probe_request`, `build_discovery_probe_response` (with optional `x402_sample` for x402-aware crawlers like `awal x402 details`), `sample_x402_accept_for_network` (USDC sample-accept builder for known CAIP-2 networks), `build_well_known_mpp`, `build_llms_txt` + `llms_txt_identity_section` + `llms_txt_payment_section` (compact + verbose modes), `build_skill_md` (Claude-Skill-compatible `/skill.md` agent-discovery manifest; strictly agent-facing data only, no internal posture), `build_redemption_skill_md` (delivery-neutral redemption-code template printed mailers, emailed codes, API trial credits all covered; `endpoint_path`/`delivery_intro`/`body_shape`/`body_rules`/`extra_recovery_rows` overrides for non-goods shapes), `build_merchant_index_json` (canonical `/` discovery body), `standard_endpoint_descriptions(kind=)` (canonical method+path → description map for goods vs api merchants; optional `include_order_status_route` for goods), `build_success_next_steps` (universal Passport-active success block), `build_agentscore_onboarding_steps` (canonical skill.md onboarding for goods or API merchants), `agentscore_openapi_snippets`, `build_bazaar_discovery_payload`, `NoindexNonDiscoveryMiddleware` (ASGI middleware emitting `X-Robots-Tag: noindex` on every path except the agent-discovery surfaces; pure helpers `is_discovery_path` + `DEFAULT_DISCOVERY_PATHS` for non-ASGI frameworks). Plus the UCP/JWKS publish surface: `build_signed_ucp_response`, `build_signed_jwks_response`, `well_known_preflight_response`, `default_a2a_services`, `bootstrap_ucp_signing_key`, framework-neutral `SignedDiscoveryResponse` + per-framework wrappers `signed_response_{fastapi,flask,django,aiohttp,sanic}`. |
80
- | `agentscore_commerce.challenge` | `build_402_body`, `build_accepted_methods`, `build_identity_metadata` (auto-attached by `Checkout` when an inbound `X-Wallet-Address` header is present), `build_how_to_pay`, `build_agent_instructions` (auto-emits per-rail `compatible_clients`: smoke-verified CLIs the agent should use; vendor override supported; pure helper `compatible_clients_by_rails(rails)` returns the same map for vendors building custom 402s), `build_pricing_block` (cents to dollar-string with optional shipping/tax), `first_encounter_agent_memory` (cross-merchant hint, returns the canonical block or `None` based on a per-merchant first-seen flag), `Receipt` + `ReceiptNextSteps` + `ProductInfo` + `ShippingAddress` (canonical 200-receipt dataclasses universal across goods + API merchants); `respond_402`, a drop-in 402 emit that preserves pympp's `WWW-Authenticate` and layers x402's `PAYMENT-REQUIRED`. `build_validation_error`: structured 4xx body builder (`{error: {code, message}, required_fields?, example_body?, next_steps?, ...extra}`) so vendors compose body shapes by name instead of inlining at every validation site. |
81
- | `agentscore_commerce.stripe_multichain` | `create_multichain_payment_intent` (returns `MultichainPaymentIntentResult(payment_intent_id, deposit_addresses)`; read `result.deposit_addresses[network]` directly), `create_pay_to_address_from_stripe_pi(authorization_header=, amount_cents=, stripe=, pi_cache=, networks=, static_recipients=, metadata=, order_id=, preferred_network=)` per-order payTo resolver: on the settle leg, reuses the buyer's signed-against payTo from the MPP credential (after `pi_cache.has_address` check OR a `static_recipients` match the static address is always-accepted because the merchant owns it); on the discovery leg, mints a fresh PI for the rails NOT covered by `static_recipients`, caches the merged map, registers static addresses with `pi_cache.cache_address` so verify-leg lookups pass. `mint_multichain_recipients(...same kwargs)` structured variant returning `MintMultichainRecipientsResult(recipients, payment_intent_id, reused_from_credential)` for the full per-rail map (typical multi-rail merchant hook). Use `static_recipients={"solana": "<wallet>"}` for low-margin endpoints where Solana per-call ATA rent (~$0.50 against MPP spec §13.6) dominates revenue the SDK skips Stripe minting on that network, reuses the static recipient forever, and (with a one-time external pre-funding of the recipient's USDC ATA) lets every settle pay only the ~$0.001 per-tx fee. `SolanaMppRailSpec.ata_creation_required` defaults to `True` (data-only; solana method registration through `create_mppx_server` is a follow-up merchants building the solana method directly via `pympp` should pass the flag themselves to the charge factory). `simulate_crypto_deposit`; `create_pi_cache` (TTL'd PI / deposit-address cache, Redis-backed when `redis_url` set, in-memory otherwise), `simulate_deposit_if_test_mode` (gates on `sk_test_` and looks up the PI for you), `STRIPE_TEST_TX_HASH_SUCCESS` / `STRIPE_TEST_TX_HASH_FAILED` constants. Peer dep on `stripe`. |
77
+ | `agentscore_commerce.identity` (package level) | Re-exports the denial helpers: `denial_reason_status`, `denial_reason_to_body`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `verification_agent_instructions`, `is_fixable_denial`, `FIXABLE_DENIAL_REASONS`. The per-framework adapter modules also expose `get_gate_quota_info(request)` for surfacing X-RateLimit info from gate state. Also re-exports the per-product policy helpers: `PolicyBlock`, `GateResult`, `EnforcementMode`, `IdentityStatus`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`, `validate_shipping_against_policy` (one-call country+state validator that raises `CheckoutValidationError` with the canonical envelope on miss), for multi-product merchants where each product carries its own compliance config: hard gate vs soft vs none, per-product shipping allowlists. Key + token helpers: `load_ucp_signing_key_from_env` (cached env-driven loader for the UCP signing key, reads `UCP_SIGNING_KEY_JWK_PRIVATE` JSON JWK, detects alg from shape, falls back to ephemeral when unset, sanitizes errors so key bytes never reach logs, concurrent-safe via `threading.Lock`; env-var names and `default_kid` / `default_alg` are overridable as kwargs); `hash_operator_token` (sha256 hex of plaintext `opc_...`, for merchants persisting `operator_token_id` to their own DB without ever storing the plaintext); `extract_owner_scope(headers) -> OwnerScope` (canonical owner-identity extractor for caller-scoped resource queries, reads `X-Wallet-Address` / `X-Operator-Token`, hashes the token so plaintext never leaves the request); `default_read_only_on_denied(reason)` (canonical `on_denied` for read-only resource gates: 401 + `Cache-Control: no-store` while still spreading `denial_reason_to_body`. Returns a `DefaultOnDeniedResult(body, status, headers)`; FastAPI / Flask / aiohttp / Sanic `on_denied` callbacks accept an optional 3-tuple `(body, status, headers)` to carry headers through; wrap with `lambda req, reason: (lambda r: (r.body, r.status, r.headers or {}))(default_read_only_on_denied(reason))`). |
78
+ | `agentscore_commerce.payment` | `networks`, `USDC`, `rails` registries; `payment_directive`, `build_payment_directive`, `www_authenticate_header`, `payment_required_header`, `alias_amount_fields` (opt-in v1↔v2 amount-field shim that adds both `amount` and `maxAmountRequired` to an entry. The 402 builders do NOT apply it by default, strict x402 v2 settlement matches the agent's echoed requirement by exact comparison, so an extra field the server's rebuilt requirement lacks breaks settle; use only when you know a client is hardcoded to read `maxAmountRequired`), `settlement_override_header`, `dispatch_settlement_by_network`, `extract_payment_signer` (accepts positional `x402_payment_header` AND/OR `authorization_header=` kwarg; recovers signer from x402 EIP-3009 `payload.authorization.from` OR MPP `Authorization: Payment <base64>` `did:pkh:eip155:<chain>:<addr>` / `did:pkh:solana:<genesis>:<addr>` source DID), `detect_rail_from_headers` (returns `"x402"` / `"mpp"` / `None` from inbound headers), `register_x402_schemes_v1_v2`; drop-in x402 helpers: `validate_x402_network_config` (boot-time guard), `verify_x402_request` (parse + validate inbound X-Payment), `process_x402_settle` (verify-then-settle with one call), `classify_x402_settle_result` (maps the tagged settle result to a recommended HTTP status / code / next_steps so merchants get a controlled envelope without coupling to facilitator-specific error text), `classify_orchestration_error` (same `ClassifiedX402Error` shape but for uncaught exceptions thrown elsewhere in the orchestration; returns `None` for unknown errors so merchants rethrow instead of swallowing); `zero_amount_carve_out` (skip CDP / pympp upstream verify+settle for $0 settles where the upstream rejects value=0 payloads; parses the credential, lifts signer + network, returns a `ZeroSettleResult` shaped identically to the success path so callers branch on rail, not on result shape); `usd_to_atomic` (Decimal-based USD → atomic int, ROUND_HALF_UP, for Tempo / Solana / Base USDC amount construction). |
79
+ | `agentscore_commerce.discovery` | `is_discovery_probe_request`, `build_discovery_probe_response` (with optional `x402_sample` for x402-aware crawlers like `awal x402 details`), `sample_x402_accept_for_network` (USDC sample-accept builder for known CAIP-2 networks), `build_well_known_mpp`, `build_llms_txt` + `llms_txt_identity_section` + `llms_txt_payment_section` (compact + verbose modes), `build_skill_md` (Claude-Skill-compatible `/skill.md` agent-discovery manifest; strictly agent-facing data only, no internal posture), `build_redemption_skill_md` (delivery-neutral redemption-code template, printed mailers, emailed codes, API trial credits all covered; `endpoint_path`/`delivery_intro`/`body_shape`/`body_rules`/`extra_recovery_rows` overrides for non-goods shapes), `build_merchant_index_json` (canonical `/` discovery body), `standard_endpoint_descriptions(kind=)` (canonical method+path → description map for goods vs api merchants; optional `include_order_status_route` for goods), `build_success_next_steps` (universal Passport-active success block), `build_agentscore_onboarding_steps` (canonical skill.md onboarding for goods or API merchants), `agentscore_openapi_snippets`, `build_bazaar_discovery_payload`, `NoindexNonDiscoveryMiddleware` (ASGI middleware emitting `X-Robots-Tag: noindex` on every path except the agent-discovery surfaces; pure helpers `is_discovery_path` + `DEFAULT_DISCOVERY_PATHS` for non-ASGI frameworks). Plus the UCP/JWKS publish surface: `build_signed_ucp_response`, `build_signed_jwks_response`, `well_known_preflight_response`, `default_a2a_services`, `bootstrap_ucp_signing_key`, framework-neutral `SignedDiscoveryResponse` + per-framework wrappers `signed_response_{fastapi,flask,django,aiohttp,sanic}`. |
80
+ | `agentscore_commerce.challenge` | `build_402_body`, `build_accepted_methods`, `build_identity_metadata` (auto-attached by `Checkout` when an inbound `X-Wallet-Address` header is present), `build_how_to_pay`, `build_agent_instructions` (auto-emits per-rail `compatible_clients`: smoke-verified CLIs the agent should use; vendor override supported; pure helper `compatible_clients_by_rails(rails)` returns the same map for vendors building custom 402s), `build_pricing_block` (cents to dollar-string with optional shipping/tax), `first_encounter_agent_memory` (cross-merchant hint, returns the canonical block or `None` based on a per-merchant first-seen flag), `Receipt` + `ReceiptNextSteps` + `ProductInfo` + `ShippingAddress` (canonical 200-receipt dataclasses, universal across goods + API merchants); `respond_402`, a drop-in 402 emit that preserves pympp's `WWW-Authenticate` and layers x402's `PAYMENT-REQUIRED`. `build_validation_error`: structured 4xx body builder (`{error: {code, message}, required_fields?, example_body?, next_steps?, ...extra}`) so vendors compose body shapes by name instead of inlining at every validation site. |
81
+ | `agentscore_commerce.stripe_multichain` | `create_multichain_payment_intent` (returns `MultichainPaymentIntentResult(payment_intent_id, deposit_addresses)`; read `result.deposit_addresses[network]` directly), `create_pay_to_address_from_stripe_pi(authorization_header=, amount_cents=, stripe=, pi_cache=, networks=, static_recipients=, metadata=, order_id=, preferred_network=)`, per-order payTo resolver: on the settle leg, reuses the buyer's signed-against payTo from the MPP credential (after `pi_cache.has_address` check OR a `static_recipients` match, the static address is always-accepted because the merchant owns it); on the discovery leg, mints a fresh PI for the rails NOT covered by `static_recipients`, caches the merged map, registers static addresses with `pi_cache.cache_address` so verify-leg lookups pass. `mint_multichain_recipients(...same kwargs)`, structured variant returning `MintMultichainRecipientsResult(recipients, payment_intent_id, reused_from_credential)` for the full per-rail map (typical multi-rail merchant hook). Use `static_recipients={"solana": "<wallet>"}` for low-margin endpoints where Solana per-call ATA rent (~$0.50 against MPP spec §13.6) dominates revenue, the SDK skips Stripe minting on that network, reuses the static recipient forever, and (with a one-time external pre-funding of the recipient's USDC ATA) lets every settle pay only the ~$0.001 per-tx fee. `SolanaMppRailSpec.ata_creation_required` defaults to `True` (data-only; solana method registration through `create_mppx_server` is a follow-up, merchants building the solana method directly via `pympp` should pass the flag themselves to the charge factory). `simulate_crypto_deposit`; `create_pi_cache` (TTL'd PI / deposit-address cache, Redis-backed when `redis_url` set, in-memory otherwise), `simulate_deposit_if_test_mode` (gates on `sk_test_` and looks up the PI for you), `STRIPE_TEST_TX_HASH_SUCCESS` / `STRIPE_TEST_TX_HASH_FAILED` constants. Peer dep on `stripe`. |
82
82
  | `agentscore_commerce.api` | Everything from `agentscore-py` re-exported in one place: `AgentScore` + `AgentScoreError`, `AGENTSCORE_TEST_ADDRESSES` + `is_agentscore_test_address`. **Don't add `agentscore-py` as a separate dep**: the two can drift versions and cause subtle type mismatches. |
83
83
  | `agentscore_commerce.middleware.{fastapi,flask,django,aiohttp,sanic,asgi}` | Framework-specific rate-limit middleware. FastAPI: `rate_limit_fastapi(...)` (FastAPI dependency) plus the ASGI `RateLimitMiddleware` re-export. Flask: `rate_limit_flask(app, ...)` installer. Django: class-based async `RateLimitMiddleware` configured via `settings.AGENTSCORE_RATE_LIMIT`. aiohttp: `rate_limit_aiohttp(...)` middleware factory. Sanic: `rate_limit_sanic(app, ...)` installer. `asgi.RateLimitMiddleware` works with any starlette-compatible app. Shared options: `window_seconds` (default 60), `max_requests` (default 60), `key_resolver` (default first hop of `x-forwarded-for`), `redis_url` (lazy-imports `redis.asyncio` when set, in-memory `dict` fallback otherwise), `key_prefix`. `redis` is an optional peer dep (install via the `redis` extra). |
84
84
 
@@ -218,11 +218,11 @@ async def purchase(request: Request):
218
218
  return await checkout.handle_fastapi(request)
219
219
  ```
220
220
 
221
- The 402 body Checkout emits auto-attaches `identity_mode` + `required_signer` + `signer_constraint` (and `linked_wallets` when the gate populated them) when an inbound `X-Wallet-Address` header is present so agents self-correct at discovery instead of at the 403 retry.
221
+ The 402 body Checkout emits auto-attaches `identity_mode` + `required_signer` + `signer_constraint` (and `linked_wallets` when the gate populated them) when an inbound `X-Wallet-Address` header is present, so agents self-correct at discovery instead of at the 403 retry.
222
222
 
223
- For **variable-cost pay-per-result** endpoints (per-result search, per-token LLM, per-byte transcoding), reach for `compute_first_checkout` same config shape, but the probe leg runs the work, caches by body content-hash, and emits a 402 with the EXACT computed price. The retry pays that exact amount and receives the cached body. Scope is exact-mode rails only (x402-exact Base, tempo/charge, solana/charge, Stripe SPT); does NOT use x402-upto (Permit2) or Settlement-Overrides variable cost is captured by running the work pre-settle. Tradeoff: the work runs on the unpaid probe leg, so mount `rate_limit_fastapi` (from `agentscore_commerce.middleware.fastapi`) globally it's load-bearing. See `examples/compute_first_merchant.py`.
223
+ For **variable-cost pay-per-result** endpoints (per-result search, per-token LLM, per-byte transcoding), reach for `compute_first_checkout`: same config shape, but the probe leg runs the work, caches by body content-hash, and emits a 402 with the EXACT computed price. The retry pays that exact amount and receives the cached body. Scope is exact-mode rails only (x402-exact Base, tempo/charge, solana/charge, Stripe SPT); does NOT use x402-upto (Permit2) or Settlement-Overrides, variable cost is captured by running the work pre-settle. Tradeoff: the work runs on the unpaid probe leg, so mount `rate_limit_fastapi` (from `agentscore_commerce.middleware.fastapi`) globally, it's load-bearing. See `examples/compute_first_merchant.py`.
224
224
 
225
- For the `on_denied` hook on Checkout's gate config, `create_default_on_denied(merchant_name=, support_email=, ...)` returns the canonical denial callback that handles `wallet_signer_mismatch` / `wallet_not_trusted` unfixable fallback / `payment_required` / `token_expired` / `invalid_credential` / `api_error`. Merchants override `wallet_not_trusted_message` / `payment_required_message` / `support_context` for vendor-specific copy and keep their own merchant-specific branches (e.g. wine merchants add a fixable-denial-with-session branch on top).
225
+ For the `on_denied` hook on Checkout's gate config, `create_default_on_denied(merchant_name=, support_email=, ...)` returns the canonical denial callback that handles `wallet_signer_mismatch` / `wallet_not_trusted` unfixable fallback / `payment_required` / `token_expired` / `invalid_credential` / `api_error`. Merchants override `wallet_not_trusted_message` / `payment_required_message` / `support_context` for vendor-specific copy and keep their own merchant-specific branches (e.g. regulated-goods merchants add a fixable-denial-with-session branch on top).
226
226
 
227
227
  `build_default_checkout_rails(tempo=, x402_base=, solana_mpp=, stripe=)` builds the canonical four-rail `rails` dict so merchants pass per-rail overrides instead of redeclaring the recipient sentinel + network/chain_id/token boilerplate. Flipping `network` alone is enough: Base Sepolia derives Sepolia USDC + chain_id 84532, Solana devnet derives the devnet USDC mint. Solana's `network` field accepts both CAIP-2 (`solana:5eykt4UsFv8…` / `solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1`) and the raw `@solana/mpp` form (`mainnet-beta` / `devnet` / `localnet`). `build_mppx_compose_rails(amount_usd=, tempo_recipient=, solana_recipient=, ...)` builds the per-call mppx intent list. The helper auto-drops `stripe/charge` (with a one-time `logging.warning`) when `amount_usd < 0.50` since Stripe's fixed ~$0.30 fee makes sub-50-cent charges unprofitable; sub-50-cent APIs pass `include_stripe=False` explicitly to silence the warning. `simulate_deposit_for_outcome(outcome=, deposit_address=, get_payment_intent_id=, stripe_secret_key=)` dispatches the Stripe testnet simulator from `on_settled` based on the rail family (no per-merchant rail switch needed).
228
228
 
@@ -231,8 +231,6 @@ For the `on_denied` hook on Checkout's gate config, `create_default_on_denied(me
231
231
  ```python
232
232
  from agentscore_commerce import extract_payment_signer
233
233
  from agentscore_commerce.payment import (
234
- BuildPaymentDirectiveInput,
235
- PaymentDirectiveInput,
236
234
  build_payment_directive,
237
235
  networks,
238
236
  payment_directive,
@@ -241,12 +239,12 @@ from agentscore_commerce.payment import (
241
239
 
242
240
  # Build paymentauth.org directives by symbolic rail name (decimals + currency from registry)
243
241
  directives = [
244
- build_payment_directive(BuildPaymentDirectiveInput(
242
+ build_payment_directive(
245
243
  rail="tempo-mainnet", id="chg_t", realm="ex.com", recipient=TEMPO_ADDR, amount_usd=0.01,
246
- )),
247
- build_payment_directive(BuildPaymentDirectiveInput(
244
+ ),
245
+ build_payment_directive(
248
246
  rail="x402-base-mainnet", id="chg_b", realm="ex.com", recipient=BASE_ADDR, amount_usd=0.01,
249
- )),
247
+ ),
250
248
  ]
251
249
  www_auth = www_authenticate_header(directives)
252
250
 
@@ -259,25 +257,15 @@ if signer:
259
257
  ## Discovery + 402 builders
260
258
 
261
259
  ```python
260
+ from agentscore_commerce import TempoRailSpec
262
261
  from agentscore_commerce.discovery import (
263
- BuildLlmsTxtInput,
264
- LlmsTxtIdentitySectionInput,
265
- LlmsTxtPaymentSectionInput,
266
262
  LlmsTxtSection,
267
263
  PaymentMethodConfig,
268
- WellKnownMppInput,
269
264
  build_llms_txt,
270
265
  build_well_known_mpp,
271
266
  )
272
267
  from agentscore_commerce.challenge import (
273
- Build402BodyInput,
274
- BuildAcceptedMethodsInput,
275
- BuildAgentInstructionsInput,
276
- BuildHowToPayInput,
277
- HowToPayRails,
278
268
  PricingBlock,
279
- TempoConfig,
280
- TempoRailConfig,
281
269
  build_402_body,
282
270
  build_accepted_methods,
283
271
  build_agent_instructions,
@@ -286,28 +274,30 @@ from agentscore_commerce.challenge import (
286
274
  first_encounter_agent_memory,
287
275
  )
288
276
 
289
- accepted = build_accepted_methods(BuildAcceptedMethodsInput(tempo=TempoConfig(recipient=TEMPO_ADDR)))
290
- how_to_pay = build_how_to_pay(BuildHowToPayInput(
277
+ # build_accepted_methods + build_how_to_pay are async (they resolve per-order recipients).
278
+ accepted = await build_accepted_methods(tempo=TempoRailSpec(recipient=TEMPO_ADDR))
279
+ how_to_pay = await build_how_to_pay(
291
280
  url="https://my.merchant/buy", retry_body_json="{}", total_usd="10.00",
292
- rails=HowToPayRails(tempo=TempoRailConfig(recipient=TEMPO_ADDR)),
293
- ))
294
- body = build_402_body(Build402BodyInput(
281
+ rails={"tempo": TempoRailSpec(recipient=TEMPO_ADDR)},
282
+ )
283
+ body = build_402_body(
295
284
  accepted_methods=accepted,
296
- agent_instructions=build_agent_instructions(BuildAgentInstructionsInput(how_to_pay=how_to_pay)),
285
+ agent_instructions=build_agent_instructions(how_to_pay=how_to_pay),
297
286
  pricing=build_pricing_block(subtotal_cents=1000, tax_cents=80, shipping_cents=999, tax_rate=0.08, tax_state="CA"),
298
287
  amount_usd="10.80",
299
288
  # First-encounter merchants attach the cross-merchant agent_memory hint.
300
289
  agent_memory=first_encounter_agent_memory(first_encounter=not merchant.has_seen_operator(op_token)),
301
- ))
290
+ )
302
291
  ```
303
292
 
304
- `build_pricing_block` handles cents → dollar-string (with optional shipping). Pass `discount_cents` for redemption codes / coupons: `subtotal` stays the list price, the block surfaces `discount` as a dollar-string, and `total` becomes `subtotal + tax + shipping - discount` (floored at 0). `pricing_result` accepts the same `discount_cents` and propagates it to `block.discount` so agents reading the 402 see the savings line. Pass `decimals: N` (default `2`) on either helper for sub-cent unit pricing — e.g. `decimals=4` advertises `$0.0005`-precision instead of rounding to two decimals. Set `decimals` on `PricingResult` and the SDK threads it through `build_how_to_pay`, `build_pricing_block`, and the x402 settle `price` string automatically; the cents inputs accept floats under that mode (per-token / per-byte unit pricing). `first_encounter_agent_memory` returns the canonical hint or `None` based on a per-merchant first-seen flag. `Receipt` (plus `ReceiptNextSteps`, `ProductInfo`, `ShippingAddress`) is a universal dataclass for the post-settlement 200 response shape — goods merchants populate the shipping/fulfillment/tracking slots, API merchants fill only the universal fields (id, created_at, pricing, payment_status, next_steps).
293
+ Pass `x402=X402PaymentRequired(accepts=..., version=2, resource=..., extensions=...)` to surface the x402 v2 fields on the body. `resource` is an `X402ResourceInfo` (`url` plus optional `service_name` / `tags` / `description` / `mime_type` / `icon_url`, emitted with x402 camelCase keys) so spec-compliant crawlers and discovery clients can read what the resource is; `extensions` carries declared x402 extensions (e.g. the Bazaar discovery schema from `build_bazaar_discovery_payload`). `respond_402` mirrors the same `resource` into the PAYMENT-REQUIRED header.
294
+
295
+ `build_pricing_block` handles cents → dollar-string (with optional shipping). Pass `discount_cents` for redemption codes / coupons: `subtotal` stays the list price, the block surfaces `discount` as a dollar-string, and `total` becomes `subtotal + tax + shipping - discount` (floored at 0). `pricing_result` accepts the same `discount_cents` and propagates it to `block.discount` so agents reading the 402 see the savings line. Pass `decimals: N` (default `2`) on either helper for sub-cent unit pricing, e.g. `decimals=4` advertises `$0.0005`-precision instead of rounding to two decimals. Set `decimals` on `PricingResult` and the SDK threads it through `build_how_to_pay`, `build_pricing_block`, and the x402 settle `price` string automatically; the cents inputs accept floats under that mode (per-token / per-byte unit pricing). `first_encounter_agent_memory` returns the canonical hint or `None` based on a per-merchant first-seen flag. `Receipt` (plus `ReceiptNextSteps`, `ProductInfo`, `ShippingAddress`) is a universal dataclass for the post-settlement 200 response shape, goods merchants populate the shipping/fulfillment/tracking slots, API merchants fill only the universal fields (id, created_at, pricing, payment_status, next_steps).
305
296
 
306
297
  ### Idempotency-key + multi-rail header bundle
307
298
 
308
299
  ```python
309
300
  from agentscore_commerce.payment import (
310
- BuildPaymentHeadersInput,
311
301
  PaymentHeadersRail,
312
302
  build_idempotency_key,
313
303
  build_payment_headers,
@@ -315,7 +305,7 @@ from agentscore_commerce.payment import (
315
305
 
316
306
  idempotency_key = build_idempotency_key(payment_intent_id=pi_id, order_id=order_id, amount_cents=amount)
317
307
 
318
- headers = build_payment_headers(BuildPaymentHeadersInput(
308
+ headers = build_payment_headers(
319
309
  order_id=order_id,
320
310
  realm="agents.merchant.example",
321
311
  rails=[
@@ -323,7 +313,7 @@ headers = build_payment_headers(BuildPaymentHeadersInput(
323
313
  PaymentHeadersRail(rail="x402-base-mainnet", amount_usd="10.00", recipient=BASE_ADDR),
324
314
  PaymentHeadersRail(rail="stripe", amount_usd="10.00", network_id=STRIPE_PROFILE_ID),
325
315
  ],
326
- ))
316
+ )
327
317
  # headers["www_authenticate"] → set as Authorization-style WWW-Authenticate header
328
318
  # headers["payment_required"] → set as PAYMENT-REQUIRED header (when x402 is present)
329
319
  ```
@@ -331,6 +321,7 @@ headers = build_payment_headers(BuildPaymentHeadersInput(
331
321
  ### Identity publishing (cross-vendor standards)
332
322
 
333
323
  ```python
324
+ from agentscore_commerce import StripeRailSpec, TempoRailSpec, X402BaseRailSpec
334
325
  from agentscore_commerce.identity import (
335
326
  AgentScoreGatePolicy,
336
327
  UCPServiceBinding,
@@ -339,6 +330,9 @@ from agentscore_commerce.identity import (
339
330
  A2AAgentSkill,
340
331
  build_a2a_agent_card,
341
332
  build_ucp_profile,
333
+ mpp_payment_handler,
334
+ x402_payment_handler,
335
+ stripe_spt_payment_handler,
342
336
  ucp_a2a_extension,
343
337
  )
344
338
 
@@ -367,7 +361,7 @@ card = build_a2a_agent_card(
367
361
  # Google Universal Commerce Protocol. Publish at /.well-known/ucp.
368
362
  # Output shape: {"ucp": {"version", "services", "capabilities",
369
363
  # "payment_handlers", "name?", "supported_versions?"}, "signing_keys": [...]}
370
- # services / capabilities / payment_handlers are MAPS keyed by reverse-DNS
364
+ #, services / capabilities / payment_handlers are MAPS keyed by reverse-DNS
371
365
  # service / capability / handler name (UCP spec §3 + §6).
372
366
  profile = build_ucp_profile(
373
367
  name="My Service",
@@ -383,13 +377,13 @@ profile = build_ucp_profile(
383
377
  ],
384
378
  },
385
379
  payment_handlers={
386
- **mpp_payment_handler(networks=[{"network": "tempo-mainnet", "chain_id": 4217, "recipient": TEMPO_ADDR}]),
387
- **x402_payment_handler(networks=[{"network": "base-8453", "recipient": BASE_ADDR}]),
388
- **stripe_spt_payment_handler(profile_id="profile_5xKvNqM9BaH"),
380
+ **mpp_payment_handler(networks=[TempoRailSpec(recipient=TEMPO_ADDR)]),
381
+ **x402_payment_handler(networks=[X402BaseRailSpec(recipient=BASE_ADDR)]),
382
+ **stripe_spt_payment_handler(spec=StripeRailSpec(profile_id="profile_5xKvNqM9BaH")),
389
383
  },
390
384
  signing_keys=[UCPSigningKey(kid="me", kty="EC", alg="ES256")],
391
- # Optional: declare merchant gate policy as an `sh.agentscore.identity` capability
392
- # binding inside the public profile. Static policy declaration only no per-operator
385
+ # Optional: declare merchant gate policy as an `com.agentscore.identity` capability
386
+ # binding inside the public profile. Static policy declaration only, no per-operator
393
387
  # claims. Per-operator identity attestation flows through the AP2 risk-signal endpoint.
394
388
  agentscore_gate=AgentScoreGatePolicy(
395
389
  require_kyc=True, min_age=21, allowed_jurisdictions=["US"],
@@ -443,40 +437,37 @@ ACP (Stripe + OpenAI Agentic Commerce Protocol) is a transactional checkout prot
443
437
  import os
444
438
  import stripe
445
439
  from agentscore_commerce.stripe_multichain import (
446
- CreateMultichainPaymentIntentInput,
447
- PiCacheOptions,
448
- SimulateDepositIfTestModeInput,
449
440
  create_multichain_payment_intent,
450
441
  create_pi_cache,
451
442
  simulate_deposit_if_test_mode,
452
443
  )
453
444
 
454
445
  stripe_client = stripe.StripeClient(os.environ["STRIPE_SECRET_KEY"])
455
- result = create_multichain_payment_intent(CreateMultichainPaymentIntentInput(
446
+ result = create_multichain_payment_intent(
456
447
  stripe=stripe_client,
457
448
  amount=1000,
458
449
  networks=["tempo", "base", "solana"],
459
450
  metadata={"order_id": order_id},
460
451
  idempotency_key=order_id,
461
- ))
452
+ )
462
453
  base_address = result.deposit_addresses.get("base")
463
454
  solana_address = result.deposit_addresses.get("solana")
464
455
 
465
456
  # PI / deposit-address cache. Redis-backed when REDIS_URL is set, in-memory otherwise.
466
457
  # Multi-instance deployments need Redis so a deposit lands on whichever instance settles it.
467
- pi_cache = create_pi_cache(PiCacheOptions(redis_url=os.environ.get("REDIS_URL")))
458
+ pi_cache = create_pi_cache(redis_url=os.environ.get("REDIS_URL"))
468
459
  for addr in result.deposit_addresses.values():
469
460
  await pi_cache.cache_address(addr)
470
461
  pi_cache.cache_payment_intent(addr, result.payment_intent_id)
471
462
  pi_cache.cache_network_addresses(result.payment_intent_id, result.deposit_addresses)
472
463
 
473
464
  # Testnet helper. Gates on sk_test_ and looks up the PI for you. No-op on live keys.
474
- await simulate_deposit_if_test_mode(SimulateDepositIfTestModeInput(
465
+ await simulate_deposit_if_test_mode(
475
466
  get_payment_intent_id=pi_cache.get_payment_intent_id,
476
467
  deposit_address=base_address,
477
468
  network="base",
478
469
  stripe_secret_key=os.environ["STRIPE_SECRET_KEY"],
479
- ))
470
+ )
480
471
  ```
481
472
 
482
473
  ## Build the x402 accepts entry for the 402 challenge
@@ -498,12 +489,8 @@ Returns a list of plain dicts ready for the 402 body's `accepts[]`. `extra.name`
498
489
  ## Drop-in 402 + settle (x402)
499
490
 
500
491
  ```python
501
- from agentscore_commerce.challenge import Build402BodyInput, Respond402Input, respond_402
492
+ from agentscore_commerce.challenge import build_402_body, respond_402
502
493
  from agentscore_commerce.payment import (
503
- PaymentRequiredHeaderInput,
504
- ProcessX402SettleInput,
505
- ValidateX402NetworkConfigInput,
506
- VerifyX402RequestInput,
507
494
  classify_x402_settle_result,
508
495
  process_x402_settle,
509
496
  validate_x402_network_config,
@@ -511,26 +498,26 @@ from agentscore_commerce.payment import (
511
498
  )
512
499
 
513
500
  # Boot-time guard. Raises if a configured network isn't supported.
514
- validate_x402_network_config(ValidateX402NetworkConfigInput(base_network=X402_BASE))
501
+ validate_x402_network_config(base_network=X402_BASE)
515
502
 
516
503
  @app.post("/purchase")
517
504
  async def purchase(request: Request):
518
505
  # Path A: agent presented an x402 X-Payment header
519
506
  if request.headers.get("payment-signature") or request.headers.get("x-payment"):
520
- verified = await verify_x402_request(VerifyX402RequestInput(
507
+ verified = await verify_x402_request(
521
508
  headers=dict(request.headers),
522
509
  is_cached_address=pi_cache.has_address,
523
510
  accepted_network=X402_BASE,
524
- ))
511
+ )
525
512
  if not verified.ok:
526
513
  return JSONResponse(verified.body, status_code=verified.status)
527
514
 
528
- settle = await process_x402_settle(ProcessX402SettleInput(
515
+ settle = await process_x402_settle(
529
516
  x402_server=x402_server,
530
517
  payload=verified.payload,
531
518
  resource_config={"scheme": "exact", "network": verified.signed_network, "price": f"${total}", "payTo": verified.signed_pay_to, "maxTimeoutSeconds": 300},
532
519
  resource_meta={"url": str(request.url), "mimeType": "application/json"},
533
- ))
520
+ )
534
521
  classified = classify_x402_settle_result(settle)
535
522
  if classified is not None:
536
523
  # Log raw `settle` server-side; return controlled phase-based response to the agent.
@@ -545,11 +532,12 @@ async def purchase(request: Request):
545
532
 
546
533
  # Path B: cold call (or Authorization: Payment for pympp). After pympp.compose() returns 402,
547
534
  # respond_402 PRESERVES pympp's WWW-Authenticate and ADDS x402's PAYMENT-REQUIRED.
548
- result = respond_402(Respond402Input(
535
+ # `body` is the dict from build_402_body; `x402` carries the payment_required_header kwargs.
536
+ result = respond_402(
549
537
  mppx_challenge_headers=pympp_challenge_headers,
550
- body=Build402BodyInput(accepted_methods=accepted, agent_instructions=instructions, pricing=pricing, amount_usd=total, retry_body=body),
551
- x402=PaymentRequiredHeaderInput(x402_version=2, accepts=x402_accepts, resource={"url": str(request.url), "mimeType": "application/json"}),
552
- ))
538
+ body=build_402_body(accepted_methods=accepted, agent_instructions=instructions, pricing=pricing, amount_usd=total, retry_body=body),
539
+ x402={"x402_version": 2, "accepts": x402_accepts, "resource": {"url": str(request.url), "mimeType": "application/json"}},
540
+ )
553
541
  return JSONResponse(result.body, status_code=result.status, headers=result.headers)
554
542
  ```
555
543
 
@@ -589,7 +577,7 @@ The [examples/](./examples) directory has 8 runnable single-file FastAPI apps co
589
577
 
590
578
  ## Documentation
591
579
 
592
- Full integration docs at [docs.agentscore.sh/integrations/python-commerce](https://docs.agentscore.sh/integrations/python-commerce).
580
+ Full integration docs at [docs.agentscore.com/integrations/python-commerce](https://docs.agentscore.com/integrations/python-commerce).
593
581
 
594
582
  ## License
595
583