agentscore-commerce 2.4.0__tar.gz → 2.5.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/.github/workflows/ci.yml +2 -2
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/.github/workflows/publish.yml +3 -3
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/.github/workflows/security.yml +1 -1
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/CLAUDE.md +1 -2
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/CODE_OF_CONDUCT.md +1 -1
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/PKG-INFO +19 -17
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/README.md +16 -14
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/SECURITY.md +1 -1
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/__init__.py +6 -0
- agentscore_commerce-2.5.0/agentscore_commerce/aip/__init__.py +168 -0
- agentscore_commerce-2.5.0/agentscore_commerce/aip/gate.py +429 -0
- agentscore_commerce-2.5.0/agentscore_commerce/aip/http_signature.py +654 -0
- agentscore_commerce-2.5.0/agentscore_commerce/aip/jwks.py +448 -0
- agentscore_commerce-2.5.0/agentscore_commerce/aip/request.py +251 -0
- agentscore_commerce-2.5.0/agentscore_commerce/aip/types.py +268 -0
- agentscore_commerce-2.5.0/agentscore_commerce/aip/verify.py +408 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/__init__.py +2 -1
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/agent_memory.py +6 -1
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/body.py +38 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/checkout.py +775 -52
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/checkout_compute_first.py +16 -5
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/__init__.py +5 -1
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/agentscore_content.py +1 -1
- agentscore_commerce-2.5.0/agentscore_commerce/discovery/bazaar.py +74 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/llms_txt.py +18 -3
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/openapi.py +13 -1
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/skill_md.py +23 -9
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/__init__.py +49 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/_denial.py +2 -2
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/_response.py +72 -39
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/a2a.py +45 -1
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/aiohttp.py +127 -10
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/core.py +183 -41
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/django.py +157 -11
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/fastapi.py +220 -17
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/flask.py +172 -11
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/middleware.py +141 -10
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/policy.py +66 -8
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/sanic.py +123 -10
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/sessions.py +1 -1
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/tokens.py +11 -4
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/types.py +56 -15
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/ucp.py +16 -16
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/wwwauthenticate.py +7 -1
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/x402_server.py +1 -2
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/examples/README.md +2 -2
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/pyproject.toml +4 -3
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/scripts/regenerate_cross_lang_fixtures.py +17 -17
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-agentscore-gate-blocked.json +6 -6
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-agentscore-gate-full.json +6 -6
- agentscore_commerce-2.5.0/tests/fixtures/cross-lang/node-capability.json +69 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-emoji-keys.json +6 -6
- agentscore_commerce-2.5.0/tests/fixtures/cross-lang/node-es256-rails.json +81 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-extras-int.json +6 -6
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-int-boundary.json +3 -3
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-minimal.json +3 -3
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-multikey.json +8 -8
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/node-unicode.json +6 -6
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-agentscore-gate-blocked.json +6 -6
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-agentscore-gate-full.json +6 -6
- agentscore_commerce-2.5.0/tests/fixtures/cross-lang/py-capability.json +69 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-emoji-keys.json +6 -6
- agentscore_commerce-2.5.0/tests/fixtures/cross-lang/py-es256-rails.json +81 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-extras-int.json +6 -6
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-int-boundary.json +3 -3
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-minimal.json +3 -3
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-multikey.json +8 -8
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/fixtures/cross-lang/py-unicode.json +6 -6
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_aiohttp.py +9 -9
- agentscore_commerce-2.5.0/tests/test_aip_adapters.py +303 -0
- agentscore_commerce-2.5.0/tests/test_aip_agent_memory.py +36 -0
- agentscore_commerce-2.5.0/tests/test_aip_checkout.py +815 -0
- agentscore_commerce-2.5.0/tests/test_aip_gate.py +254 -0
- agentscore_commerce-2.5.0/tests/test_aip_http_signature.py +597 -0
- agentscore_commerce-2.5.0/tests/test_aip_jwks.py +499 -0
- agentscore_commerce-2.5.0/tests/test_aip_presentation.py +116 -0
- agentscore_commerce-2.5.0/tests/test_aip_request.py +129 -0
- agentscore_commerce-2.5.0/tests/test_aip_types.py +135 -0
- agentscore_commerce-2.5.0/tests/test_aip_verify.py +372 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_challenge.py +46 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_checkout.py +296 -5
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_checkout_compute_first_settle.py +28 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_checkout_coverage_gaps.py +15 -17
- agentscore_commerce-2.5.0/tests/test_checkout_signer_match.py +219 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_checkout_wallet_ofac_default.py +8 -1
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_core.py +27 -12
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_coverage_fillers.py +28 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_django.py +8 -8
- agentscore_commerce-2.5.0/tests/test_extract_owner_scope.py +70 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_fastapi.py +41 -36
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_flask.py +9 -9
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_get_signer_verdict.py +34 -25
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_lifted_helpers.py +8 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_middleware.py +12 -16
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_pay_to_address.py +13 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_payment_handlers.py +15 -15
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_payment_misc.py +27 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_payment_servers.py +14 -3
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_policy.py +87 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_response.py +3 -3
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_sanic.py +4 -4
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_seamless_helpers.py +94 -13
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_sessions.py +6 -6
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_signer_match.py +135 -2
- agentscore_commerce-2.5.0/tests/test_signer_verdict_request_scoped.py +119 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_ucp.py +9 -9
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/uv.lock +881 -767
- agentscore_commerce-2.4.0/agentscore_commerce/discovery/bazaar.py +0 -28
- agentscore_commerce-2.4.0/tests/fixtures/cross-lang/node-capability.json +0 -69
- agentscore_commerce-2.4.0/tests/fixtures/cross-lang/node-es256-rails.json +0 -81
- agentscore_commerce-2.4.0/tests/fixtures/cross-lang/py-capability.json +0 -69
- agentscore_commerce-2.4.0/tests/fixtures/cross-lang/py-es256-rails.json +0 -81
- agentscore_commerce-2.4.0/tests/test_extract_owner_scope.py +0 -49
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/.github/ISSUE_TEMPLATE/bug_report.md +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/.github/ISSUE_TEMPLATE/feature_request.md +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/.github/PULL_REQUEST_TEMPLATE.md +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/.github/dependabot.yml +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/.gitignore +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/CONTRIBUTING.md +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/LICENSE +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/_headers.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/_mppx_receipt.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/_redis.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/_warnings.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/api/__init__.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/accepted_methods.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/agent_instructions.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/how_to_pay.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/identity.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/pricing.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/receipt.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/respond_402.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/challenge/validation_error.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/checkout_hooks.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/probe.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/redemption_md.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/robots_tag.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/well_known.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/well_known_mpp.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/discovery/well_known_x402.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/errors.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/address.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/cache.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/default_denied.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/py.typed +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/signer.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/identity/ucp_jwks.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/__init__.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/_core.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/aiohttp.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/asgi.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/django.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/fastapi.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/flask.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/middleware/sanic.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/__init__.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/amounts.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/compose_rails.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/constants.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/default_rails.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/directive.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/dispatch.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/headers.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/idempotency.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/lazy.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/mppx_failures.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/mppx_server.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/network_kind.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/networks.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/payment_header.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/rail_spec.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/rails.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/settlement_override.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/signer.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/solana.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/usdc.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/x402.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/x402_settle.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/x402_validation.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/payment/zero_settle.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/py.typed +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/quote_cache.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/__init__.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/mppx_stripe.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/pay_to_address.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/payment_intent.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/pi_cache.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/simulate_deposit.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/agentscore_commerce/stripe_multichain/simulate_dispatch.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/examples/api_provider.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/examples/compliance_merchant.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/examples/compute_first_merchant.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/examples/identity_only.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/examples/multi_rail_merchant.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/examples/per_product_policy_merchant.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/examples/signed_ucp_merchant.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/examples/stripe_multichain_merchant.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/lefthook.yml +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/osv-scanner.toml +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/ruff.toml +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/__init__.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/conftest.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_a2a.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_a2a_jws_roundtrip.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_address.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_agent_memory_emitter.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_amounts.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_api_reexport.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_cache.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_checkout_compute_first.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_checkout_compute_first_adapters.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_checkout_compute_first_ofac.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_classify_orchestration_error.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_compose_rails.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_default_denied.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_default_rails.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_default_read_only_on_denied.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_denial.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_discovery.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_dispatch.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_gate_quota_info.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_idempotency_helper.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_integration.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_internal_helpers.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_load_ucp_signing_key_from_env.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_mppx_failures.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_mppx_receipt.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_network_kind.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_payment_directive.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_payment_dispatch.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_payment_header.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_payment_headers.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_payment_signer.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_pricing.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_public_surface.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_quote_cache.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_quote_cache_redis.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_rail_spec.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_rate_limit.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_redis_internal.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_robots_tag.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_simulate_dispatch.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_skill_md.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_solana.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_solana_mpp_rail_spec_post_init.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_stripe_multichain.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_tokens.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_ucp_cross_lang.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_ucp_jwks.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_validation_error.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_x402_settle_extra.py +0 -0
- {agentscore_commerce-2.4.0 → agentscore_commerce-2.5.0}/tests/test_zero_settle.py +0 -0
|
@@ -21,12 +21,12 @@ jobs:
|
|
|
21
21
|
- uses: useblacksmith/checkout@v1
|
|
22
22
|
|
|
23
23
|
- name: Install uv
|
|
24
|
-
uses: astral-sh/setup-uv@v8.
|
|
24
|
+
uses: astral-sh/setup-uv@v8.3.0
|
|
25
25
|
|
|
26
26
|
- name: Set up Python
|
|
27
27
|
run: uv python install 3.12
|
|
28
28
|
|
|
29
|
-
- uses: actions/cache@
|
|
29
|
+
- uses: actions/cache@v6
|
|
30
30
|
with:
|
|
31
31
|
path: |
|
|
32
32
|
~/.cache/uv
|
|
@@ -17,9 +17,9 @@ jobs:
|
|
|
17
17
|
runs-on: ubuntu-latest
|
|
18
18
|
timeout-minutes: 15
|
|
19
19
|
steps:
|
|
20
|
-
- uses: actions/checkout@
|
|
20
|
+
- uses: actions/checkout@v7
|
|
21
21
|
|
|
22
|
-
- uses: astral-sh/setup-uv@v8.
|
|
22
|
+
- uses: astral-sh/setup-uv@v8.3.0
|
|
23
23
|
|
|
24
24
|
- name: Set version from tag
|
|
25
25
|
run: sed -i "s/^version = .*/version = \"${GITHUB_REF_NAME#v}\"/" pyproject.toml
|
|
@@ -27,7 +27,7 @@ jobs:
|
|
|
27
27
|
- run: uv build
|
|
28
28
|
|
|
29
29
|
- name: Publish to PyPI
|
|
30
|
-
uses: pypa/gh-action-pypi-publish@
|
|
30
|
+
uses: pypa/gh-action-pypi-publish@v1.14.0
|
|
31
31
|
|
|
32
32
|
- name: Create GitHub Release
|
|
33
33
|
run: gh release create "$GITHUB_REF_NAME" --generate-notes
|
|
@@ -121,7 +121,7 @@ Anonymous POST flows through to the handler unauthenticated and gets a 402 with
|
|
|
121
121
|
|
|
122
122
|
### `compatible_clients` field on emitted 402s
|
|
123
123
|
|
|
124
|
-
`build_agent_instructions` emits a `compatible_clients` field in the 402 body, derived automatically from `how_to_pay`: per-rail list of CLIs the AgentScore team has smoke-verified end-to-end. Vendors override with `build_agent_instructions(how_to_pay=how_to_pay, compatible_clients={...})` to add their own tested clients. Set to an empty dict `{}` to suppress the default. Same data is published
|
|
124
|
+
`build_agent_instructions` emits a `compatible_clients` field in the 402 body, derived automatically from `how_to_pay`: per-rail list of CLIs the AgentScore team has smoke-verified end-to-end. Vendors override with `build_agent_instructions(how_to_pay=how_to_pay, compatible_clients={...})` to add their own tested clients. Set to an empty dict `{}` to suppress the default. Same data is published at https://docs.agentscore.com/integrations/x402-clients for human-side rationale + per-rail commands.
|
|
125
125
|
|
|
126
126
|
## Tooling
|
|
127
127
|
|
|
@@ -155,7 +155,6 @@ uv run pytest tests/
|
|
|
155
155
|
- **Never commit .env files or secrets**
|
|
156
156
|
- **Use PRs**: never push directly to main
|
|
157
157
|
- **Helpers are protocol translations + configurable opinions, not opinionated frameworks**
|
|
158
|
-
- **Cross-language API parity**: keep the surface area identical between the node and python flavors so vendors switching languages have the same mental model
|
|
159
158
|
|
|
160
159
|
## Releasing
|
|
161
160
|
|
|
@@ -24,7 +24,7 @@ Examples of unacceptable behavior:
|
|
|
24
24
|
|
|
25
25
|
## Enforcement
|
|
26
26
|
|
|
27
|
-
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project team at engineering@agentscore.
|
|
27
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project team at engineering@agentscore.com. All complaints will be reviewed and investigated promptly and fairly.
|
|
28
28
|
|
|
29
29
|
## Attribution
|
|
30
30
|
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: agentscore-commerce
|
|
3
|
-
Version: 2.
|
|
3
|
+
Version: 2.5.0
|
|
4
4
|
Summary: Agent commerce SDK for Python — identity middleware (FastAPI, Flask, Django, AIOHTTP, Sanic, ASGI) + payment helpers + 402 builders + discovery + Stripe multichain. The full merchant-side toolkit for AgentScore-powered agent commerce.
|
|
5
|
-
Project-URL: Homepage, https://agentscore.
|
|
5
|
+
Project-URL: Homepage, https://www.agentscore.com
|
|
6
6
|
Project-URL: Repository, https://github.com/agentscore/python-commerce
|
|
7
7
|
Project-URL: Issues, https://github.com/agentscore/python-commerce/issues
|
|
8
8
|
License-Expression: MIT
|
|
@@ -18,7 +18,7 @@ Classifier: License :: OSI Approved :: MIT License
|
|
|
18
18
|
Classifier: Programming Language :: Python :: 3
|
|
19
19
|
Classifier: Topic :: Software Development :: Libraries
|
|
20
20
|
Requires-Python: >=3.11
|
|
21
|
-
Requires-Dist: agentscore-py>=2.
|
|
21
|
+
Requires-Dist: agentscore-py>=2.5.0
|
|
22
22
|
Requires-Dist: httpx<1.0.0,>=0.25.0
|
|
23
23
|
Provides-Extra: aiohttp
|
|
24
24
|
Requires-Dist: aiohttp>=3.8.0; extra == 'aiohttp'
|
|
@@ -51,7 +51,7 @@ Description-Content-Type: text/markdown
|
|
|
51
51
|
[](https://pypi.org/project/agentscore-commerce/)
|
|
52
52
|
[](LICENSE)
|
|
53
53
|
|
|
54
|
-
The full merchant-side SDK for [AgentScore](https://agentscore.
|
|
54
|
+
The full merchant-side SDK for [AgentScore](https://www.agentscore.com) in Python: agent commerce in one install. Identity middleware (FastAPI, Flask, Django, AIOHTTP, Sanic, ASGI), payment helpers, 402 challenge builders, MPP discovery, and Stripe multichain support.
|
|
55
55
|
|
|
56
56
|
## Install
|
|
57
57
|
|
|
@@ -74,11 +74,11 @@ pip install 'agentscore-commerce[fastapi,x402,coinbase]'
|
|
|
74
74
|
|---|---|
|
|
75
75
|
| `agentscore_commerce` (top-level) | `Checkout` orchestrator + `CheckoutContext` + `CheckoutGateConfig` + `CheckoutValidationError` + `DiscoveryProbeConfig` + `SettleOutcome` + `MppxComposeOutcome` + `PricingResult` (the 2.0 high-level surface: one config object, hooks for pre_validate/compute_pricing/on_settled/mint_recipients/compose_mppx, auto-derived x402+mppx servers, per-framework adapters `handle_fastapi`/`handle_flask`/`handle_django`/`handle_aiohttp`/`handle_sanic`, signed UCP routes via `mount_ucp_routes_{fastapi,flask,django,aiohttp,sanic}`); `pricing_result` (factory: cents-denominated → typed `PricingResult` with embedded `PricingBlock`); `validation_response_{fastapi,flask,django,aiohttp,sanic}` (per-framework 4xx envelope wrappers); `make_mppx_compose_hook` (canonical pympp compose adapter). |
|
|
76
76
|
| `agentscore_commerce.identity.{fastapi,flask,django,aiohttp,sanic,middleware}` | Trust gate middleware: KYC, sanctions (account name + signer wallet), age, jurisdiction. `AgentScoreGate(...)` (or `agentscore_gate(app, ...)` on Flask/Sanic), `get_agentscore_data(...)`, `capture_wallet(...)`, `get_signer_verdict(...)`. The gate extracts the payment signer pre-evaluate and passes it to `/v1/assess`, so the API composes both wallet-binding (`signer_match`) and OFAC SDN wallet-address (`signer_sanctions`) verdicts on one round trip. |
|
|
77
|
-
| `agentscore_commerce.identity` (package level) | Re-exports the denial helpers: `denial_reason_status`, `denial_reason_to_body`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `verification_agent_instructions`, `is_fixable_denial`, `FIXABLE_DENIAL_REASONS`. The per-framework adapter modules also expose `get_gate_quota_info(request)` for surfacing X-RateLimit info from gate state. Also re-exports the per-product policy helpers: `PolicyBlock`, `GateResult`, `EnforcementMode`, `IdentityStatus`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`, `validate_shipping_against_policy` (one-call country+state validator that raises `CheckoutValidationError` with the canonical envelope on miss)
|
|
78
|
-
| `agentscore_commerce.payment` | `networks`, `USDC`, `rails` registries; `payment_directive`, `build_payment_directive`, `www_authenticate_header`, `payment_required_header`, `alias_amount_fields` (opt-in v1↔v2 amount-field shim that adds both `amount` and `maxAmountRequired` to an entry. The 402 builders do NOT apply it by default
|
|
79
|
-
| `agentscore_commerce.discovery` | `is_discovery_probe_request`, `build_discovery_probe_response` (with optional `x402_sample` for x402-aware crawlers like `awal x402 details`), `sample_x402_accept_for_network` (USDC sample-accept builder for known CAIP-2 networks), `build_well_known_mpp`, `build_llms_txt` + `llms_txt_identity_section` + `llms_txt_payment_section` (compact + verbose modes), `build_skill_md` (Claude-Skill-compatible `/skill.md` agent-discovery manifest; strictly agent-facing data only, no internal posture), `build_redemption_skill_md` (delivery-neutral redemption-code template
|
|
80
|
-
| `agentscore_commerce.challenge` | `build_402_body`, `build_accepted_methods`, `build_identity_metadata` (auto-attached by `Checkout` when an inbound `X-Wallet-Address` header is present), `build_how_to_pay`, `build_agent_instructions` (auto-emits per-rail `compatible_clients`: smoke-verified CLIs the agent should use; vendor override supported; pure helper `compatible_clients_by_rails(rails)` returns the same map for vendors building custom 402s), `build_pricing_block` (cents to dollar-string with optional shipping/tax), `first_encounter_agent_memory` (cross-merchant hint, returns the canonical block or `None` based on a per-merchant first-seen flag), `Receipt` + `ReceiptNextSteps` + `ProductInfo` + `ShippingAddress` (canonical 200-receipt dataclasses
|
|
81
|
-
| `agentscore_commerce.stripe_multichain` | `create_multichain_payment_intent` (returns `MultichainPaymentIntentResult(payment_intent_id, deposit_addresses)`; read `result.deposit_addresses[network]` directly), `create_pay_to_address_from_stripe_pi(authorization_header=, amount_cents=, stripe=, pi_cache=, networks=, static_recipients=, metadata=, order_id=, preferred_network=)
|
|
77
|
+
| `agentscore_commerce.identity` (package level) | Re-exports the denial helpers: `denial_reason_status`, `denial_reason_to_body`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `verification_agent_instructions`, `is_fixable_denial`, `FIXABLE_DENIAL_REASONS`. The per-framework adapter modules also expose `get_gate_quota_info(request)` for surfacing X-RateLimit info from gate state. Also re-exports the per-product policy helpers: `PolicyBlock`, `GateResult`, `EnforcementMode`, `IdentityStatus`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`, `validate_shipping_against_policy` (one-call country+state validator that raises `CheckoutValidationError` with the canonical envelope on miss), for multi-product merchants where each product carries its own compliance config: hard gate vs soft vs none, per-product shipping allowlists. Key + token helpers: `load_ucp_signing_key_from_env` (cached env-driven loader for the UCP signing key, reads `UCP_SIGNING_KEY_JWK_PRIVATE` JSON JWK, detects alg from shape, falls back to ephemeral when unset, sanitizes errors so key bytes never reach logs, concurrent-safe via `threading.Lock`; env-var names and `default_kid` / `default_alg` are overridable as kwargs); `hash_operator_token` (sha256 hex of plaintext `opc_...`, for merchants persisting `operator_token_id` to their own DB without ever storing the plaintext); `extract_owner_scope(headers) -> OwnerScope` (canonical owner-identity extractor for caller-scoped resource queries, reads `X-Wallet-Address` / `X-Operator-Token`, hashes the token so plaintext never leaves the request); `default_read_only_on_denied(reason)` (canonical `on_denied` for read-only resource gates: 401 + `Cache-Control: no-store` while still spreading `denial_reason_to_body`. Returns a `DefaultOnDeniedResult(body, status, headers)`; FastAPI / Flask / aiohttp / Sanic `on_denied` callbacks accept an optional 3-tuple `(body, status, headers)` to carry headers through; wrap with `lambda req, reason: (lambda r: (r.body, r.status, r.headers or {}))(default_read_only_on_denied(reason))`). |
|
|
78
|
+
| `agentscore_commerce.payment` | `networks`, `USDC`, `rails` registries; `payment_directive`, `build_payment_directive`, `www_authenticate_header`, `payment_required_header`, `alias_amount_fields` (opt-in v1↔v2 amount-field shim that adds both `amount` and `maxAmountRequired` to an entry. The 402 builders do NOT apply it by default, strict x402 v2 settlement matches the agent's echoed requirement by exact comparison, so an extra field the server's rebuilt requirement lacks breaks settle; use only when you know a client is hardcoded to read `maxAmountRequired`), `settlement_override_header`, `dispatch_settlement_by_network`, `extract_payment_signer` (accepts positional `x402_payment_header` AND/OR `authorization_header=` kwarg; recovers signer from x402 EIP-3009 `payload.authorization.from` OR MPP `Authorization: Payment <base64>` `did:pkh:eip155:<chain>:<addr>` / `did:pkh:solana:<genesis>:<addr>` source DID), `detect_rail_from_headers` (returns `"x402"` / `"mpp"` / `None` from inbound headers), `register_x402_schemes_v1_v2`; drop-in x402 helpers: `validate_x402_network_config` (boot-time guard), `verify_x402_request` (parse + validate inbound X-Payment), `process_x402_settle` (verify-then-settle with one call), `classify_x402_settle_result` (maps the tagged settle result to a recommended HTTP status / code / next_steps so merchants get a controlled envelope without coupling to facilitator-specific error text), `classify_orchestration_error` (same `ClassifiedX402Error` shape but for uncaught exceptions thrown elsewhere in the orchestration; returns `None` for unknown errors so merchants rethrow instead of swallowing); `zero_amount_carve_out` (skip CDP / pympp upstream verify+settle for $0 settles where the upstream rejects value=0 payloads; parses the credential, lifts signer + network, returns a `ZeroSettleResult` shaped identically to the success path so callers branch on rail, not on result shape); `usd_to_atomic` (Decimal-based USD → atomic int, ROUND_HALF_UP, for Tempo / Solana / Base USDC amount construction). |
|
|
79
|
+
| `agentscore_commerce.discovery` | `is_discovery_probe_request`, `build_discovery_probe_response` (with optional `x402_sample` for x402-aware crawlers like `awal x402 details`), `sample_x402_accept_for_network` (USDC sample-accept builder for known CAIP-2 networks), `build_well_known_mpp`, `build_llms_txt` + `llms_txt_identity_section` + `llms_txt_payment_section` (compact + verbose modes), `build_skill_md` (Claude-Skill-compatible `/skill.md` agent-discovery manifest; strictly agent-facing data only, no internal posture), `build_redemption_skill_md` (delivery-neutral redemption-code template, printed mailers, emailed codes, API trial credits all covered; `endpoint_path`/`delivery_intro`/`body_shape`/`body_rules`/`extra_recovery_rows` overrides for non-goods shapes), `build_merchant_index_json` (canonical `/` discovery body), `standard_endpoint_descriptions(kind=)` (canonical method+path → description map for goods vs api merchants; optional `include_order_status_route` for goods), `build_success_next_steps` (universal Passport-active success block), `build_agentscore_onboarding_steps` (canonical skill.md onboarding for goods or API merchants), `agentscore_openapi_snippets`, `build_bazaar_discovery_payload`, `NoindexNonDiscoveryMiddleware` (ASGI middleware emitting `X-Robots-Tag: noindex` on every path except the agent-discovery surfaces; pure helpers `is_discovery_path` + `DEFAULT_DISCOVERY_PATHS` for non-ASGI frameworks). Plus the UCP/JWKS publish surface: `build_signed_ucp_response`, `build_signed_jwks_response`, `well_known_preflight_response`, `default_a2a_services`, `bootstrap_ucp_signing_key`, framework-neutral `SignedDiscoveryResponse` + per-framework wrappers `signed_response_{fastapi,flask,django,aiohttp,sanic}`. |
|
|
80
|
+
| `agentscore_commerce.challenge` | `build_402_body`, `build_accepted_methods`, `build_identity_metadata` (auto-attached by `Checkout` when an inbound `X-Wallet-Address` header is present), `build_how_to_pay`, `build_agent_instructions` (auto-emits per-rail `compatible_clients`: smoke-verified CLIs the agent should use; vendor override supported; pure helper `compatible_clients_by_rails(rails)` returns the same map for vendors building custom 402s), `build_pricing_block` (cents to dollar-string with optional shipping/tax), `first_encounter_agent_memory` (cross-merchant hint, returns the canonical block or `None` based on a per-merchant first-seen flag), `Receipt` + `ReceiptNextSteps` + `ProductInfo` + `ShippingAddress` (canonical 200-receipt dataclasses, universal across goods + API merchants); `respond_402`, a drop-in 402 emit that preserves pympp's `WWW-Authenticate` and layers x402's `PAYMENT-REQUIRED`. `build_validation_error`: structured 4xx body builder (`{error: {code, message}, required_fields?, example_body?, next_steps?, ...extra}`) so vendors compose body shapes by name instead of inlining at every validation site. |
|
|
81
|
+
| `agentscore_commerce.stripe_multichain` | `create_multichain_payment_intent` (returns `MultichainPaymentIntentResult(payment_intent_id, deposit_addresses)`; read `result.deposit_addresses[network]` directly), `create_pay_to_address_from_stripe_pi(authorization_header=, amount_cents=, stripe=, pi_cache=, networks=, static_recipients=, metadata=, order_id=, preferred_network=)`, per-order payTo resolver: on the settle leg, reuses the buyer's signed-against payTo from the MPP credential (after `pi_cache.has_address` check OR a `static_recipients` match, the static address is always-accepted because the merchant owns it); on the discovery leg, mints a fresh PI for the rails NOT covered by `static_recipients`, caches the merged map, registers static addresses with `pi_cache.cache_address` so verify-leg lookups pass. `mint_multichain_recipients(...same kwargs)`, structured variant returning `MintMultichainRecipientsResult(recipients, payment_intent_id, reused_from_credential)` for the full per-rail map (typical multi-rail merchant hook). Use `static_recipients={"solana": "<wallet>"}` for low-margin endpoints where Solana per-call ATA rent (~$0.50 against MPP spec §13.6) dominates revenue, the SDK skips Stripe minting on that network, reuses the static recipient forever, and (with a one-time external pre-funding of the recipient's USDC ATA) lets every settle pay only the ~$0.001 per-tx fee. `SolanaMppRailSpec.ata_creation_required` defaults to `True` (data-only; solana method registration through `create_mppx_server` is a follow-up, merchants building the solana method directly via `pympp` should pass the flag themselves to the charge factory). `simulate_crypto_deposit`; `create_pi_cache` (TTL'd PI / deposit-address cache, Redis-backed when `redis_url` set, in-memory otherwise), `simulate_deposit_if_test_mode` (gates on `sk_test_` and looks up the PI for you), `STRIPE_TEST_TX_HASH_SUCCESS` / `STRIPE_TEST_TX_HASH_FAILED` constants. Peer dep on `stripe`. |
|
|
82
82
|
| `agentscore_commerce.api` | Everything from `agentscore-py` re-exported in one place: `AgentScore` + `AgentScoreError`, `AGENTSCORE_TEST_ADDRESSES` + `is_agentscore_test_address`. **Don't add `agentscore-py` as a separate dep**: the two can drift versions and cause subtle type mismatches. |
|
|
83
83
|
| `agentscore_commerce.middleware.{fastapi,flask,django,aiohttp,sanic,asgi}` | Framework-specific rate-limit middleware. FastAPI: `rate_limit_fastapi(...)` (FastAPI dependency) plus the ASGI `RateLimitMiddleware` re-export. Flask: `rate_limit_flask(app, ...)` installer. Django: class-based async `RateLimitMiddleware` configured via `settings.AGENTSCORE_RATE_LIMIT`. aiohttp: `rate_limit_aiohttp(...)` middleware factory. Sanic: `rate_limit_sanic(app, ...)` installer. `asgi.RateLimitMiddleware` works with any starlette-compatible app. Shared options: `window_seconds` (default 60), `max_requests` (default 60), `key_resolver` (default first hop of `x-forwarded-for`), `redis_url` (lazy-imports `redis.asyncio` when set, in-memory `dict` fallback otherwise), `key_prefix`. `redis` is an optional peer dep (install via the `redis` extra). |
|
|
84
84
|
|
|
@@ -218,11 +218,11 @@ async def purchase(request: Request):
|
|
|
218
218
|
return await checkout.handle_fastapi(request)
|
|
219
219
|
```
|
|
220
220
|
|
|
221
|
-
The 402 body Checkout emits auto-attaches `identity_mode` + `required_signer` + `signer_constraint` (and `linked_wallets` when the gate populated them) when an inbound `X-Wallet-Address` header is present
|
|
221
|
+
The 402 body Checkout emits auto-attaches `identity_mode` + `required_signer` + `signer_constraint` (and `linked_wallets` when the gate populated them) when an inbound `X-Wallet-Address` header is present, so agents self-correct at discovery instead of at the 403 retry.
|
|
222
222
|
|
|
223
|
-
For **variable-cost pay-per-result** endpoints (per-result search, per-token LLM, per-byte transcoding), reach for `compute_first_checkout
|
|
223
|
+
For **variable-cost pay-per-result** endpoints (per-result search, per-token LLM, per-byte transcoding), reach for `compute_first_checkout`: same config shape, but the probe leg runs the work, caches by body content-hash, and emits a 402 with the EXACT computed price. The retry pays that exact amount and receives the cached body. Scope is exact-mode rails only (x402-exact Base, tempo/charge, solana/charge, Stripe SPT); does NOT use x402-upto (Permit2) or Settlement-Overrides, variable cost is captured by running the work pre-settle. Tradeoff: the work runs on the unpaid probe leg, so mount `rate_limit_fastapi` (from `agentscore_commerce.middleware.fastapi`) globally, it's load-bearing. See `examples/compute_first_merchant.py`.
|
|
224
224
|
|
|
225
|
-
For the `on_denied` hook on Checkout's gate config, `create_default_on_denied(merchant_name=, support_email=, ...)` returns the canonical denial callback that handles `wallet_signer_mismatch` / `wallet_not_trusted` unfixable fallback / `payment_required` / `token_expired` / `invalid_credential` / `api_error`. Merchants override `wallet_not_trusted_message` / `payment_required_message` / `support_context` for vendor-specific copy and keep their own merchant-specific branches (e.g.
|
|
225
|
+
For the `on_denied` hook on Checkout's gate config, `create_default_on_denied(merchant_name=, support_email=, ...)` returns the canonical denial callback that handles `wallet_signer_mismatch` / `wallet_not_trusted` unfixable fallback / `payment_required` / `token_expired` / `invalid_credential` / `api_error`. Merchants override `wallet_not_trusted_message` / `payment_required_message` / `support_context` for vendor-specific copy and keep their own merchant-specific branches (e.g. regulated-goods merchants add a fixable-denial-with-session branch on top).
|
|
226
226
|
|
|
227
227
|
`build_default_checkout_rails(tempo=, x402_base=, solana_mpp=, stripe=)` builds the canonical four-rail `rails` dict so merchants pass per-rail overrides instead of redeclaring the recipient sentinel + network/chain_id/token boilerplate. Flipping `network` alone is enough: Base Sepolia derives Sepolia USDC + chain_id 84532, Solana devnet derives the devnet USDC mint. Solana's `network` field accepts both CAIP-2 (`solana:5eykt4UsFv8…` / `solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1`) and the raw `@solana/mpp` form (`mainnet-beta` / `devnet` / `localnet`). `build_mppx_compose_rails(amount_usd=, tempo_recipient=, solana_recipient=, ...)` builds the per-call mppx intent list. The helper auto-drops `stripe/charge` (with a one-time `logging.warning`) when `amount_usd < 0.50` since Stripe's fixed ~$0.30 fee makes sub-50-cent charges unprofitable; sub-50-cent APIs pass `include_stripe=False` explicitly to silence the warning. `simulate_deposit_for_outcome(outcome=, deposit_address=, get_payment_intent_id=, stripe_secret_key=)` dispatches the Stripe testnet simulator from `on_settled` based on the rail family (no per-merchant rail switch needed).
|
|
228
228
|
|
|
@@ -290,7 +290,9 @@ body = build_402_body(
|
|
|
290
290
|
)
|
|
291
291
|
```
|
|
292
292
|
|
|
293
|
-
`
|
|
293
|
+
Pass `x402=X402PaymentRequired(accepts=..., version=2, resource=..., extensions=...)` to surface the x402 v2 fields on the body. `resource` is an `X402ResourceInfo` (`url` plus optional `service_name` / `tags` / `description` / `mime_type` / `icon_url`, emitted with x402 camelCase keys) so spec-compliant crawlers and discovery clients can read what the resource is; `extensions` carries declared x402 extensions (e.g. the Bazaar discovery schema from `build_bazaar_discovery_payload`). `respond_402` mirrors the same `resource` into the PAYMENT-REQUIRED header.
|
|
294
|
+
|
|
295
|
+
`build_pricing_block` handles cents → dollar-string (with optional shipping). Pass `discount_cents` for redemption codes / coupons: `subtotal` stays the list price, the block surfaces `discount` as a dollar-string, and `total` becomes `subtotal + tax + shipping - discount` (floored at 0). `pricing_result` accepts the same `discount_cents` and propagates it to `block.discount` so agents reading the 402 see the savings line. Pass `decimals: N` (default `2`) on either helper for sub-cent unit pricing, e.g. `decimals=4` advertises `$0.0005`-precision instead of rounding to two decimals. Set `decimals` on `PricingResult` and the SDK threads it through `build_how_to_pay`, `build_pricing_block`, and the x402 settle `price` string automatically; the cents inputs accept floats under that mode (per-token / per-byte unit pricing). `first_encounter_agent_memory` returns the canonical hint or `None` based on a per-merchant first-seen flag. `Receipt` (plus `ReceiptNextSteps`, `ProductInfo`, `ShippingAddress`) is a universal dataclass for the post-settlement 200 response shape, goods merchants populate the shipping/fulfillment/tracking slots, API merchants fill only the universal fields (id, created_at, pricing, payment_status, next_steps).
|
|
294
296
|
|
|
295
297
|
### Idempotency-key + multi-rail header bundle
|
|
296
298
|
|
|
@@ -359,7 +361,7 @@ card = build_a2a_agent_card(
|
|
|
359
361
|
# Google Universal Commerce Protocol. Publish at /.well-known/ucp.
|
|
360
362
|
# Output shape: {"ucp": {"version", "services", "capabilities",
|
|
361
363
|
# "payment_handlers", "name?", "supported_versions?"}, "signing_keys": [...]}
|
|
362
|
-
|
|
364
|
+
#, services / capabilities / payment_handlers are MAPS keyed by reverse-DNS
|
|
363
365
|
# service / capability / handler name (UCP spec §3 + §6).
|
|
364
366
|
profile = build_ucp_profile(
|
|
365
367
|
name="My Service",
|
|
@@ -380,8 +382,8 @@ profile = build_ucp_profile(
|
|
|
380
382
|
**stripe_spt_payment_handler(spec=StripeRailSpec(profile_id="profile_5xKvNqM9BaH")),
|
|
381
383
|
},
|
|
382
384
|
signing_keys=[UCPSigningKey(kid="me", kty="EC", alg="ES256")],
|
|
383
|
-
# Optional: declare merchant gate policy as an `
|
|
384
|
-
# binding inside the public profile. Static policy declaration only
|
|
385
|
+
# Optional: declare merchant gate policy as an `com.agentscore.identity` capability
|
|
386
|
+
# binding inside the public profile. Static policy declaration only, no per-operator
|
|
385
387
|
# claims. Per-operator identity attestation flows through the AP2 risk-signal endpoint.
|
|
386
388
|
agentscore_gate=AgentScoreGatePolicy(
|
|
387
389
|
require_kyc=True, min_age=21, allowed_jurisdictions=["US"],
|
|
@@ -575,7 +577,7 @@ The [examples/](./examples) directory has 8 runnable single-file FastAPI apps co
|
|
|
575
577
|
|
|
576
578
|
## Documentation
|
|
577
579
|
|
|
578
|
-
Full integration docs at [docs.agentscore.
|
|
580
|
+
Full integration docs at [docs.agentscore.com/integrations/python-commerce](https://docs.agentscore.com/integrations/python-commerce).
|
|
579
581
|
|
|
580
582
|
## License
|
|
581
583
|
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
[](https://pypi.org/project/agentscore-commerce/)
|
|
4
4
|
[](LICENSE)
|
|
5
5
|
|
|
6
|
-
The full merchant-side SDK for [AgentScore](https://agentscore.
|
|
6
|
+
The full merchant-side SDK for [AgentScore](https://www.agentscore.com) in Python: agent commerce in one install. Identity middleware (FastAPI, Flask, Django, AIOHTTP, Sanic, ASGI), payment helpers, 402 challenge builders, MPP discovery, and Stripe multichain support.
|
|
7
7
|
|
|
8
8
|
## Install
|
|
9
9
|
|
|
@@ -26,11 +26,11 @@ pip install 'agentscore-commerce[fastapi,x402,coinbase]'
|
|
|
26
26
|
|---|---|
|
|
27
27
|
| `agentscore_commerce` (top-level) | `Checkout` orchestrator + `CheckoutContext` + `CheckoutGateConfig` + `CheckoutValidationError` + `DiscoveryProbeConfig` + `SettleOutcome` + `MppxComposeOutcome` + `PricingResult` (the 2.0 high-level surface: one config object, hooks for pre_validate/compute_pricing/on_settled/mint_recipients/compose_mppx, auto-derived x402+mppx servers, per-framework adapters `handle_fastapi`/`handle_flask`/`handle_django`/`handle_aiohttp`/`handle_sanic`, signed UCP routes via `mount_ucp_routes_{fastapi,flask,django,aiohttp,sanic}`); `pricing_result` (factory: cents-denominated → typed `PricingResult` with embedded `PricingBlock`); `validation_response_{fastapi,flask,django,aiohttp,sanic}` (per-framework 4xx envelope wrappers); `make_mppx_compose_hook` (canonical pympp compose adapter). |
|
|
28
28
|
| `agentscore_commerce.identity.{fastapi,flask,django,aiohttp,sanic,middleware}` | Trust gate middleware: KYC, sanctions (account name + signer wallet), age, jurisdiction. `AgentScoreGate(...)` (or `agentscore_gate(app, ...)` on Flask/Sanic), `get_agentscore_data(...)`, `capture_wallet(...)`, `get_signer_verdict(...)`. The gate extracts the payment signer pre-evaluate and passes it to `/v1/assess`, so the API composes both wallet-binding (`signer_match`) and OFAC SDN wallet-address (`signer_sanctions`) verdicts on one round trip. |
|
|
29
|
-
| `agentscore_commerce.identity` (package level) | Re-exports the denial helpers: `denial_reason_status`, `denial_reason_to_body`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `verification_agent_instructions`, `is_fixable_denial`, `FIXABLE_DENIAL_REASONS`. The per-framework adapter modules also expose `get_gate_quota_info(request)` for surfacing X-RateLimit info from gate state. Also re-exports the per-product policy helpers: `PolicyBlock`, `GateResult`, `EnforcementMode`, `IdentityStatus`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`, `validate_shipping_against_policy` (one-call country+state validator that raises `CheckoutValidationError` with the canonical envelope on miss)
|
|
30
|
-
| `agentscore_commerce.payment` | `networks`, `USDC`, `rails` registries; `payment_directive`, `build_payment_directive`, `www_authenticate_header`, `payment_required_header`, `alias_amount_fields` (opt-in v1↔v2 amount-field shim that adds both `amount` and `maxAmountRequired` to an entry. The 402 builders do NOT apply it by default
|
|
31
|
-
| `agentscore_commerce.discovery` | `is_discovery_probe_request`, `build_discovery_probe_response` (with optional `x402_sample` for x402-aware crawlers like `awal x402 details`), `sample_x402_accept_for_network` (USDC sample-accept builder for known CAIP-2 networks), `build_well_known_mpp`, `build_llms_txt` + `llms_txt_identity_section` + `llms_txt_payment_section` (compact + verbose modes), `build_skill_md` (Claude-Skill-compatible `/skill.md` agent-discovery manifest; strictly agent-facing data only, no internal posture), `build_redemption_skill_md` (delivery-neutral redemption-code template
|
|
32
|
-
| `agentscore_commerce.challenge` | `build_402_body`, `build_accepted_methods`, `build_identity_metadata` (auto-attached by `Checkout` when an inbound `X-Wallet-Address` header is present), `build_how_to_pay`, `build_agent_instructions` (auto-emits per-rail `compatible_clients`: smoke-verified CLIs the agent should use; vendor override supported; pure helper `compatible_clients_by_rails(rails)` returns the same map for vendors building custom 402s), `build_pricing_block` (cents to dollar-string with optional shipping/tax), `first_encounter_agent_memory` (cross-merchant hint, returns the canonical block or `None` based on a per-merchant first-seen flag), `Receipt` + `ReceiptNextSteps` + `ProductInfo` + `ShippingAddress` (canonical 200-receipt dataclasses
|
|
33
|
-
| `agentscore_commerce.stripe_multichain` | `create_multichain_payment_intent` (returns `MultichainPaymentIntentResult(payment_intent_id, deposit_addresses)`; read `result.deposit_addresses[network]` directly), `create_pay_to_address_from_stripe_pi(authorization_header=, amount_cents=, stripe=, pi_cache=, networks=, static_recipients=, metadata=, order_id=, preferred_network=)
|
|
29
|
+
| `agentscore_commerce.identity` (package level) | Re-exports the denial helpers: `denial_reason_status`, `denial_reason_to_body`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `verification_agent_instructions`, `is_fixable_denial`, `FIXABLE_DENIAL_REASONS`. The per-framework adapter modules also expose `get_gate_quota_info(request)` for surfacing X-RateLimit info from gate state. Also re-exports the per-product policy helpers: `PolicyBlock`, `GateResult`, `EnforcementMode`, `IdentityStatus`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`, `validate_shipping_against_policy` (one-call country+state validator that raises `CheckoutValidationError` with the canonical envelope on miss), for multi-product merchants where each product carries its own compliance config: hard gate vs soft vs none, per-product shipping allowlists. Key + token helpers: `load_ucp_signing_key_from_env` (cached env-driven loader for the UCP signing key, reads `UCP_SIGNING_KEY_JWK_PRIVATE` JSON JWK, detects alg from shape, falls back to ephemeral when unset, sanitizes errors so key bytes never reach logs, concurrent-safe via `threading.Lock`; env-var names and `default_kid` / `default_alg` are overridable as kwargs); `hash_operator_token` (sha256 hex of plaintext `opc_...`, for merchants persisting `operator_token_id` to their own DB without ever storing the plaintext); `extract_owner_scope(headers) -> OwnerScope` (canonical owner-identity extractor for caller-scoped resource queries, reads `X-Wallet-Address` / `X-Operator-Token`, hashes the token so plaintext never leaves the request); `default_read_only_on_denied(reason)` (canonical `on_denied` for read-only resource gates: 401 + `Cache-Control: no-store` while still spreading `denial_reason_to_body`. Returns a `DefaultOnDeniedResult(body, status, headers)`; FastAPI / Flask / aiohttp / Sanic `on_denied` callbacks accept an optional 3-tuple `(body, status, headers)` to carry headers through; wrap with `lambda req, reason: (lambda r: (r.body, r.status, r.headers or {}))(default_read_only_on_denied(reason))`). |
|
|
30
|
+
| `agentscore_commerce.payment` | `networks`, `USDC`, `rails` registries; `payment_directive`, `build_payment_directive`, `www_authenticate_header`, `payment_required_header`, `alias_amount_fields` (opt-in v1↔v2 amount-field shim that adds both `amount` and `maxAmountRequired` to an entry. The 402 builders do NOT apply it by default, strict x402 v2 settlement matches the agent's echoed requirement by exact comparison, so an extra field the server's rebuilt requirement lacks breaks settle; use only when you know a client is hardcoded to read `maxAmountRequired`), `settlement_override_header`, `dispatch_settlement_by_network`, `extract_payment_signer` (accepts positional `x402_payment_header` AND/OR `authorization_header=` kwarg; recovers signer from x402 EIP-3009 `payload.authorization.from` OR MPP `Authorization: Payment <base64>` `did:pkh:eip155:<chain>:<addr>` / `did:pkh:solana:<genesis>:<addr>` source DID), `detect_rail_from_headers` (returns `"x402"` / `"mpp"` / `None` from inbound headers), `register_x402_schemes_v1_v2`; drop-in x402 helpers: `validate_x402_network_config` (boot-time guard), `verify_x402_request` (parse + validate inbound X-Payment), `process_x402_settle` (verify-then-settle with one call), `classify_x402_settle_result` (maps the tagged settle result to a recommended HTTP status / code / next_steps so merchants get a controlled envelope without coupling to facilitator-specific error text), `classify_orchestration_error` (same `ClassifiedX402Error` shape but for uncaught exceptions thrown elsewhere in the orchestration; returns `None` for unknown errors so merchants rethrow instead of swallowing); `zero_amount_carve_out` (skip CDP / pympp upstream verify+settle for $0 settles where the upstream rejects value=0 payloads; parses the credential, lifts signer + network, returns a `ZeroSettleResult` shaped identically to the success path so callers branch on rail, not on result shape); `usd_to_atomic` (Decimal-based USD → atomic int, ROUND_HALF_UP, for Tempo / Solana / Base USDC amount construction). |
|
|
31
|
+
| `agentscore_commerce.discovery` | `is_discovery_probe_request`, `build_discovery_probe_response` (with optional `x402_sample` for x402-aware crawlers like `awal x402 details`), `sample_x402_accept_for_network` (USDC sample-accept builder for known CAIP-2 networks), `build_well_known_mpp`, `build_llms_txt` + `llms_txt_identity_section` + `llms_txt_payment_section` (compact + verbose modes), `build_skill_md` (Claude-Skill-compatible `/skill.md` agent-discovery manifest; strictly agent-facing data only, no internal posture), `build_redemption_skill_md` (delivery-neutral redemption-code template, printed mailers, emailed codes, API trial credits all covered; `endpoint_path`/`delivery_intro`/`body_shape`/`body_rules`/`extra_recovery_rows` overrides for non-goods shapes), `build_merchant_index_json` (canonical `/` discovery body), `standard_endpoint_descriptions(kind=)` (canonical method+path → description map for goods vs api merchants; optional `include_order_status_route` for goods), `build_success_next_steps` (universal Passport-active success block), `build_agentscore_onboarding_steps` (canonical skill.md onboarding for goods or API merchants), `agentscore_openapi_snippets`, `build_bazaar_discovery_payload`, `NoindexNonDiscoveryMiddleware` (ASGI middleware emitting `X-Robots-Tag: noindex` on every path except the agent-discovery surfaces; pure helpers `is_discovery_path` + `DEFAULT_DISCOVERY_PATHS` for non-ASGI frameworks). Plus the UCP/JWKS publish surface: `build_signed_ucp_response`, `build_signed_jwks_response`, `well_known_preflight_response`, `default_a2a_services`, `bootstrap_ucp_signing_key`, framework-neutral `SignedDiscoveryResponse` + per-framework wrappers `signed_response_{fastapi,flask,django,aiohttp,sanic}`. |
|
|
32
|
+
| `agentscore_commerce.challenge` | `build_402_body`, `build_accepted_methods`, `build_identity_metadata` (auto-attached by `Checkout` when an inbound `X-Wallet-Address` header is present), `build_how_to_pay`, `build_agent_instructions` (auto-emits per-rail `compatible_clients`: smoke-verified CLIs the agent should use; vendor override supported; pure helper `compatible_clients_by_rails(rails)` returns the same map for vendors building custom 402s), `build_pricing_block` (cents to dollar-string with optional shipping/tax), `first_encounter_agent_memory` (cross-merchant hint, returns the canonical block or `None` based on a per-merchant first-seen flag), `Receipt` + `ReceiptNextSteps` + `ProductInfo` + `ShippingAddress` (canonical 200-receipt dataclasses, universal across goods + API merchants); `respond_402`, a drop-in 402 emit that preserves pympp's `WWW-Authenticate` and layers x402's `PAYMENT-REQUIRED`. `build_validation_error`: structured 4xx body builder (`{error: {code, message}, required_fields?, example_body?, next_steps?, ...extra}`) so vendors compose body shapes by name instead of inlining at every validation site. |
|
|
33
|
+
| `agentscore_commerce.stripe_multichain` | `create_multichain_payment_intent` (returns `MultichainPaymentIntentResult(payment_intent_id, deposit_addresses)`; read `result.deposit_addresses[network]` directly), `create_pay_to_address_from_stripe_pi(authorization_header=, amount_cents=, stripe=, pi_cache=, networks=, static_recipients=, metadata=, order_id=, preferred_network=)`, per-order payTo resolver: on the settle leg, reuses the buyer's signed-against payTo from the MPP credential (after `pi_cache.has_address` check OR a `static_recipients` match, the static address is always-accepted because the merchant owns it); on the discovery leg, mints a fresh PI for the rails NOT covered by `static_recipients`, caches the merged map, registers static addresses with `pi_cache.cache_address` so verify-leg lookups pass. `mint_multichain_recipients(...same kwargs)`, structured variant returning `MintMultichainRecipientsResult(recipients, payment_intent_id, reused_from_credential)` for the full per-rail map (typical multi-rail merchant hook). Use `static_recipients={"solana": "<wallet>"}` for low-margin endpoints where Solana per-call ATA rent (~$0.50 against MPP spec §13.6) dominates revenue, the SDK skips Stripe minting on that network, reuses the static recipient forever, and (with a one-time external pre-funding of the recipient's USDC ATA) lets every settle pay only the ~$0.001 per-tx fee. `SolanaMppRailSpec.ata_creation_required` defaults to `True` (data-only; solana method registration through `create_mppx_server` is a follow-up, merchants building the solana method directly via `pympp` should pass the flag themselves to the charge factory). `simulate_crypto_deposit`; `create_pi_cache` (TTL'd PI / deposit-address cache, Redis-backed when `redis_url` set, in-memory otherwise), `simulate_deposit_if_test_mode` (gates on `sk_test_` and looks up the PI for you), `STRIPE_TEST_TX_HASH_SUCCESS` / `STRIPE_TEST_TX_HASH_FAILED` constants. Peer dep on `stripe`. |
|
|
34
34
|
| `agentscore_commerce.api` | Everything from `agentscore-py` re-exported in one place: `AgentScore` + `AgentScoreError`, `AGENTSCORE_TEST_ADDRESSES` + `is_agentscore_test_address`. **Don't add `agentscore-py` as a separate dep**: the two can drift versions and cause subtle type mismatches. |
|
|
35
35
|
| `agentscore_commerce.middleware.{fastapi,flask,django,aiohttp,sanic,asgi}` | Framework-specific rate-limit middleware. FastAPI: `rate_limit_fastapi(...)` (FastAPI dependency) plus the ASGI `RateLimitMiddleware` re-export. Flask: `rate_limit_flask(app, ...)` installer. Django: class-based async `RateLimitMiddleware` configured via `settings.AGENTSCORE_RATE_LIMIT`. aiohttp: `rate_limit_aiohttp(...)` middleware factory. Sanic: `rate_limit_sanic(app, ...)` installer. `asgi.RateLimitMiddleware` works with any starlette-compatible app. Shared options: `window_seconds` (default 60), `max_requests` (default 60), `key_resolver` (default first hop of `x-forwarded-for`), `redis_url` (lazy-imports `redis.asyncio` when set, in-memory `dict` fallback otherwise), `key_prefix`. `redis` is an optional peer dep (install via the `redis` extra). |
|
|
36
36
|
|
|
@@ -170,11 +170,11 @@ async def purchase(request: Request):
|
|
|
170
170
|
return await checkout.handle_fastapi(request)
|
|
171
171
|
```
|
|
172
172
|
|
|
173
|
-
The 402 body Checkout emits auto-attaches `identity_mode` + `required_signer` + `signer_constraint` (and `linked_wallets` when the gate populated them) when an inbound `X-Wallet-Address` header is present
|
|
173
|
+
The 402 body Checkout emits auto-attaches `identity_mode` + `required_signer` + `signer_constraint` (and `linked_wallets` when the gate populated them) when an inbound `X-Wallet-Address` header is present, so agents self-correct at discovery instead of at the 403 retry.
|
|
174
174
|
|
|
175
|
-
For **variable-cost pay-per-result** endpoints (per-result search, per-token LLM, per-byte transcoding), reach for `compute_first_checkout
|
|
175
|
+
For **variable-cost pay-per-result** endpoints (per-result search, per-token LLM, per-byte transcoding), reach for `compute_first_checkout`: same config shape, but the probe leg runs the work, caches by body content-hash, and emits a 402 with the EXACT computed price. The retry pays that exact amount and receives the cached body. Scope is exact-mode rails only (x402-exact Base, tempo/charge, solana/charge, Stripe SPT); does NOT use x402-upto (Permit2) or Settlement-Overrides, variable cost is captured by running the work pre-settle. Tradeoff: the work runs on the unpaid probe leg, so mount `rate_limit_fastapi` (from `agentscore_commerce.middleware.fastapi`) globally, it's load-bearing. See `examples/compute_first_merchant.py`.
|
|
176
176
|
|
|
177
|
-
For the `on_denied` hook on Checkout's gate config, `create_default_on_denied(merchant_name=, support_email=, ...)` returns the canonical denial callback that handles `wallet_signer_mismatch` / `wallet_not_trusted` unfixable fallback / `payment_required` / `token_expired` / `invalid_credential` / `api_error`. Merchants override `wallet_not_trusted_message` / `payment_required_message` / `support_context` for vendor-specific copy and keep their own merchant-specific branches (e.g.
|
|
177
|
+
For the `on_denied` hook on Checkout's gate config, `create_default_on_denied(merchant_name=, support_email=, ...)` returns the canonical denial callback that handles `wallet_signer_mismatch` / `wallet_not_trusted` unfixable fallback / `payment_required` / `token_expired` / `invalid_credential` / `api_error`. Merchants override `wallet_not_trusted_message` / `payment_required_message` / `support_context` for vendor-specific copy and keep their own merchant-specific branches (e.g. regulated-goods merchants add a fixable-denial-with-session branch on top).
|
|
178
178
|
|
|
179
179
|
`build_default_checkout_rails(tempo=, x402_base=, solana_mpp=, stripe=)` builds the canonical four-rail `rails` dict so merchants pass per-rail overrides instead of redeclaring the recipient sentinel + network/chain_id/token boilerplate. Flipping `network` alone is enough: Base Sepolia derives Sepolia USDC + chain_id 84532, Solana devnet derives the devnet USDC mint. Solana's `network` field accepts both CAIP-2 (`solana:5eykt4UsFv8…` / `solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1`) and the raw `@solana/mpp` form (`mainnet-beta` / `devnet` / `localnet`). `build_mppx_compose_rails(amount_usd=, tempo_recipient=, solana_recipient=, ...)` builds the per-call mppx intent list. The helper auto-drops `stripe/charge` (with a one-time `logging.warning`) when `amount_usd < 0.50` since Stripe's fixed ~$0.30 fee makes sub-50-cent charges unprofitable; sub-50-cent APIs pass `include_stripe=False` explicitly to silence the warning. `simulate_deposit_for_outcome(outcome=, deposit_address=, get_payment_intent_id=, stripe_secret_key=)` dispatches the Stripe testnet simulator from `on_settled` based on the rail family (no per-merchant rail switch needed).
|
|
180
180
|
|
|
@@ -242,7 +242,9 @@ body = build_402_body(
|
|
|
242
242
|
)
|
|
243
243
|
```
|
|
244
244
|
|
|
245
|
-
`
|
|
245
|
+
Pass `x402=X402PaymentRequired(accepts=..., version=2, resource=..., extensions=...)` to surface the x402 v2 fields on the body. `resource` is an `X402ResourceInfo` (`url` plus optional `service_name` / `tags` / `description` / `mime_type` / `icon_url`, emitted with x402 camelCase keys) so spec-compliant crawlers and discovery clients can read what the resource is; `extensions` carries declared x402 extensions (e.g. the Bazaar discovery schema from `build_bazaar_discovery_payload`). `respond_402` mirrors the same `resource` into the PAYMENT-REQUIRED header.
|
|
246
|
+
|
|
247
|
+
`build_pricing_block` handles cents → dollar-string (with optional shipping). Pass `discount_cents` for redemption codes / coupons: `subtotal` stays the list price, the block surfaces `discount` as a dollar-string, and `total` becomes `subtotal + tax + shipping - discount` (floored at 0). `pricing_result` accepts the same `discount_cents` and propagates it to `block.discount` so agents reading the 402 see the savings line. Pass `decimals: N` (default `2`) on either helper for sub-cent unit pricing, e.g. `decimals=4` advertises `$0.0005`-precision instead of rounding to two decimals. Set `decimals` on `PricingResult` and the SDK threads it through `build_how_to_pay`, `build_pricing_block`, and the x402 settle `price` string automatically; the cents inputs accept floats under that mode (per-token / per-byte unit pricing). `first_encounter_agent_memory` returns the canonical hint or `None` based on a per-merchant first-seen flag. `Receipt` (plus `ReceiptNextSteps`, `ProductInfo`, `ShippingAddress`) is a universal dataclass for the post-settlement 200 response shape, goods merchants populate the shipping/fulfillment/tracking slots, API merchants fill only the universal fields (id, created_at, pricing, payment_status, next_steps).
|
|
246
248
|
|
|
247
249
|
### Idempotency-key + multi-rail header bundle
|
|
248
250
|
|
|
@@ -311,7 +313,7 @@ card = build_a2a_agent_card(
|
|
|
311
313
|
# Google Universal Commerce Protocol. Publish at /.well-known/ucp.
|
|
312
314
|
# Output shape: {"ucp": {"version", "services", "capabilities",
|
|
313
315
|
# "payment_handlers", "name?", "supported_versions?"}, "signing_keys": [...]}
|
|
314
|
-
|
|
316
|
+
#, services / capabilities / payment_handlers are MAPS keyed by reverse-DNS
|
|
315
317
|
# service / capability / handler name (UCP spec §3 + §6).
|
|
316
318
|
profile = build_ucp_profile(
|
|
317
319
|
name="My Service",
|
|
@@ -332,8 +334,8 @@ profile = build_ucp_profile(
|
|
|
332
334
|
**stripe_spt_payment_handler(spec=StripeRailSpec(profile_id="profile_5xKvNqM9BaH")),
|
|
333
335
|
},
|
|
334
336
|
signing_keys=[UCPSigningKey(kid="me", kty="EC", alg="ES256")],
|
|
335
|
-
# Optional: declare merchant gate policy as an `
|
|
336
|
-
# binding inside the public profile. Static policy declaration only
|
|
337
|
+
# Optional: declare merchant gate policy as an `com.agentscore.identity` capability
|
|
338
|
+
# binding inside the public profile. Static policy declaration only, no per-operator
|
|
337
339
|
# claims. Per-operator identity attestation flows through the AP2 risk-signal endpoint.
|
|
338
340
|
agentscore_gate=AgentScoreGatePolicy(
|
|
339
341
|
require_kyc=True, min_age=21, allowed_jurisdictions=["US"],
|
|
@@ -527,7 +529,7 @@ The [examples/](./examples) directory has 8 runnable single-file FastAPI apps co
|
|
|
527
529
|
|
|
528
530
|
## Documentation
|
|
529
531
|
|
|
530
|
-
Full integration docs at [docs.agentscore.
|
|
532
|
+
Full integration docs at [docs.agentscore.com/integrations/python-commerce](https://docs.agentscore.com/integrations/python-commerce).
|
|
531
533
|
|
|
532
534
|
## License
|
|
533
535
|
|
|
@@ -6,7 +6,7 @@ If you discover a security vulnerability, please report it responsibly.
|
|
|
6
6
|
|
|
7
7
|
**Do not open a public GitHub issue for security vulnerabilities.**
|
|
8
8
|
|
|
9
|
-
Instead, email us at **security@agentscore.
|
|
9
|
+
Instead, email us at **security@agentscore.com** with:
|
|
10
10
|
|
|
11
11
|
- Description of the vulnerability
|
|
12
12
|
- Steps to reproduce
|
|
@@ -24,6 +24,7 @@ from agentscore_commerce.checkout import (
|
|
|
24
24
|
MppxComposeOutcome,
|
|
25
25
|
PricingResult,
|
|
26
26
|
SettleOutcome,
|
|
27
|
+
build_aip_trusted_issuers,
|
|
27
28
|
format_pydantic_errors,
|
|
28
29
|
get_identity_status,
|
|
29
30
|
pricing_result,
|
|
@@ -58,6 +59,7 @@ from agentscore_commerce.identity import (
|
|
|
58
59
|
A2A_DEFAULT_TRANSPORT,
|
|
59
60
|
A2A_PROTOCOL_VERSION,
|
|
60
61
|
AGENTSCORE_UCP_CAPABILITY,
|
|
62
|
+
AIP_A2A_EXTENSION_URI,
|
|
61
63
|
FIXABLE_DENIAL_REASONS,
|
|
62
64
|
UCP_A2A_EXTENSION_URI,
|
|
63
65
|
A2AAgentCard,
|
|
@@ -90,6 +92,7 @@ from agentscore_commerce.identity import (
|
|
|
90
92
|
UCPSigningKey,
|
|
91
93
|
UCPVerificationError,
|
|
92
94
|
VerifyWalletSignerResult,
|
|
95
|
+
aip_a2a_extension,
|
|
93
96
|
build_a2a_agent_card,
|
|
94
97
|
build_agent_memory_hint,
|
|
95
98
|
build_contact_support_next_steps,
|
|
@@ -156,6 +159,7 @@ __all__ = [
|
|
|
156
159
|
"A2A_DEFAULT_TRANSPORT",
|
|
157
160
|
"A2A_PROTOCOL_VERSION",
|
|
158
161
|
"AGENTSCORE_UCP_CAPABILITY",
|
|
162
|
+
"AIP_A2A_EXTENSION_URI",
|
|
159
163
|
"FIXABLE_DENIAL_REASONS",
|
|
160
164
|
"UCP_A2A_EXTENSION_URI",
|
|
161
165
|
"A2AAgentCard",
|
|
@@ -223,8 +227,10 @@ __all__ = [
|
|
|
223
227
|
"WorkOutcome",
|
|
224
228
|
"X402BaseRailSpec",
|
|
225
229
|
"__version__",
|
|
230
|
+
"aip_a2a_extension",
|
|
226
231
|
"build_a2a_agent_card",
|
|
227
232
|
"build_agent_memory_hint",
|
|
233
|
+
"build_aip_trusted_issuers",
|
|
228
234
|
"build_contact_support_next_steps",
|
|
229
235
|
"build_default_checkout_rails",
|
|
230
236
|
"build_gate_from_policy",
|
|
@@ -0,0 +1,168 @@
|
|
|
1
|
+
"""AIP (Agentic Identity Protocol) — AIT verification (verifier role) + RFC 9421 signing.
|
|
2
|
+
|
|
3
|
+
This package is the AgentScore verifier for Agent Identity Tokens (AITs): a merchant gate
|
|
4
|
+
hands a parsed request plus a trusted-issuer :class:`JwksCache` to the orchestrator and gets
|
|
5
|
+
back the signature-checked, structurally-valid claims (or a typed failure mapped onto the AIP
|
|
6
|
+
wire error taxonomy). It also exposes the RFC 9421 HTTP Message Signature primitives an agent
|
|
7
|
+
uses to prove possession of its ``cnf``-bound key.
|
|
8
|
+
|
|
9
|
+
Submodules:
|
|
10
|
+
agentscore_commerce.aip.types - AIT claim contract + structural validation
|
|
11
|
+
agentscore_commerce.aip.http_signature - RFC 9421 sign / verify (the AIP subset)
|
|
12
|
+
agentscore_commerce.aip.jwks - trusted-issuer enforcement + JWKS key discovery
|
|
13
|
+
agentscore_commerce.aip.verify - the AIT verification pipeline (orchestrator)
|
|
14
|
+
agentscore_commerce.aip.request - build a VerifyRequestContext from a framework request
|
|
15
|
+
agentscore_commerce.aip.gate - framework-agnostic gate + RFC 9457 denial bodies
|
|
16
|
+
|
|
17
|
+
The public surface mirrors the reference top-level AIP exports; where the reference
|
|
18
|
+
folds an input shape into an options interface (``VerifyAitOptions`` / ``SignMessageInput`` /
|
|
19
|
+
``VerifyMessageSignatureInput`` / ``JwksCacheOptions``), Python passes keyword args and the
|
|
20
|
+
corresponding concrete dataclasses (:class:`SignatureParams`, :class:`SignedMessage`,
|
|
21
|
+
:class:`VerifyRequestContext`) are surfaced instead.
|
|
22
|
+
"""
|
|
23
|
+
|
|
24
|
+
from agentscore_commerce.aip.gate import (
|
|
25
|
+
AipErrorBody,
|
|
26
|
+
AipErrorRequirements,
|
|
27
|
+
AipGateEvaluation,
|
|
28
|
+
AipGateOptions,
|
|
29
|
+
AipGateResult,
|
|
30
|
+
aip_error_code,
|
|
31
|
+
aip_error_status,
|
|
32
|
+
build_aip_error_body,
|
|
33
|
+
build_aip_weak_auth_body,
|
|
34
|
+
check_trust_requirements,
|
|
35
|
+
evaluate_aip_parts,
|
|
36
|
+
evaluate_aip_request,
|
|
37
|
+
verify_ait_parts,
|
|
38
|
+
verify_ait_request,
|
|
39
|
+
)
|
|
40
|
+
from agentscore_commerce.aip.http_signature import (
|
|
41
|
+
AIP_COVERED_COMPONENTS,
|
|
42
|
+
AIP_SIGNATURE_TAG,
|
|
43
|
+
MAX_POP_WINDOW_SECONDS,
|
|
44
|
+
ParsedSignatureInput,
|
|
45
|
+
SignatureParams,
|
|
46
|
+
SignedMessage,
|
|
47
|
+
VerifyFailureReason,
|
|
48
|
+
VerifyMessageSignatureResult,
|
|
49
|
+
build_signature_base,
|
|
50
|
+
normalize_authority,
|
|
51
|
+
parse_signature_input,
|
|
52
|
+
parse_signature_value,
|
|
53
|
+
sign_message,
|
|
54
|
+
verify_message_signature,
|
|
55
|
+
)
|
|
56
|
+
from agentscore_commerce.aip.jwks import (
|
|
57
|
+
AGENTSCORE_CANONICAL_ISSUER,
|
|
58
|
+
DEFAULT_CACHE_SECONDS,
|
|
59
|
+
HARD_MAX_CACHE_SECONDS,
|
|
60
|
+
JWKS_REFETCH_COOLDOWN_SECONDS,
|
|
61
|
+
JWKS_WELL_KNOWN_PATH,
|
|
62
|
+
FetchResponse,
|
|
63
|
+
JwksCache,
|
|
64
|
+
JwksLookupFailure,
|
|
65
|
+
JwksLookupResult,
|
|
66
|
+
canonicalize_issuer,
|
|
67
|
+
resolve_cache_seconds,
|
|
68
|
+
)
|
|
69
|
+
from agentscore_commerce.aip.request import (
|
|
70
|
+
HeadersLike,
|
|
71
|
+
RequestLike,
|
|
72
|
+
VerifyContextParts,
|
|
73
|
+
build_verify_context_from_parts,
|
|
74
|
+
build_verify_context_from_request,
|
|
75
|
+
has_agent_identity_header,
|
|
76
|
+
has_agent_identity_header_parts,
|
|
77
|
+
)
|
|
78
|
+
from agentscore_commerce.aip.types import (
|
|
79
|
+
AitHeader,
|
|
80
|
+
AitPayload,
|
|
81
|
+
AitValidationResult,
|
|
82
|
+
AmrValue,
|
|
83
|
+
IdentityClaim,
|
|
84
|
+
IntentClaim,
|
|
85
|
+
TrustLevel,
|
|
86
|
+
is_ait_shape,
|
|
87
|
+
validate_ait_payload,
|
|
88
|
+
)
|
|
89
|
+
from agentscore_commerce.aip.verify import (
|
|
90
|
+
AGENT_IDENTITY_HEADER,
|
|
91
|
+
AIT_SIGNING_ALGS,
|
|
92
|
+
SignatureMaterial,
|
|
93
|
+
VerifiedAit,
|
|
94
|
+
VerifyAitFailure,
|
|
95
|
+
VerifyAitFailureResult,
|
|
96
|
+
VerifyAitResult,
|
|
97
|
+
VerifyAitSuccess,
|
|
98
|
+
VerifyRequestContext,
|
|
99
|
+
verify_ait,
|
|
100
|
+
)
|
|
101
|
+
|
|
102
|
+
__all__ = [
|
|
103
|
+
"AGENTSCORE_CANONICAL_ISSUER",
|
|
104
|
+
"AGENT_IDENTITY_HEADER",
|
|
105
|
+
"AIP_COVERED_COMPONENTS",
|
|
106
|
+
"AIP_SIGNATURE_TAG",
|
|
107
|
+
"AIT_SIGNING_ALGS",
|
|
108
|
+
"DEFAULT_CACHE_SECONDS",
|
|
109
|
+
"HARD_MAX_CACHE_SECONDS",
|
|
110
|
+
"JWKS_REFETCH_COOLDOWN_SECONDS",
|
|
111
|
+
"JWKS_WELL_KNOWN_PATH",
|
|
112
|
+
"MAX_POP_WINDOW_SECONDS",
|
|
113
|
+
"AipErrorBody",
|
|
114
|
+
"AipErrorRequirements",
|
|
115
|
+
"AipGateEvaluation",
|
|
116
|
+
"AipGateOptions",
|
|
117
|
+
"AipGateResult",
|
|
118
|
+
"AitHeader",
|
|
119
|
+
"AitPayload",
|
|
120
|
+
"AitValidationResult",
|
|
121
|
+
"AmrValue",
|
|
122
|
+
"FetchResponse",
|
|
123
|
+
"HeadersLike",
|
|
124
|
+
"IdentityClaim",
|
|
125
|
+
"IntentClaim",
|
|
126
|
+
"JwksCache",
|
|
127
|
+
"JwksLookupFailure",
|
|
128
|
+
"JwksLookupResult",
|
|
129
|
+
"ParsedSignatureInput",
|
|
130
|
+
"RequestLike",
|
|
131
|
+
"SignatureMaterial",
|
|
132
|
+
"SignatureParams",
|
|
133
|
+
"SignedMessage",
|
|
134
|
+
"TrustLevel",
|
|
135
|
+
"VerifiedAit",
|
|
136
|
+
"VerifyAitFailure",
|
|
137
|
+
"VerifyAitFailureResult",
|
|
138
|
+
"VerifyAitResult",
|
|
139
|
+
"VerifyAitSuccess",
|
|
140
|
+
"VerifyContextParts",
|
|
141
|
+
"VerifyFailureReason",
|
|
142
|
+
"VerifyMessageSignatureResult",
|
|
143
|
+
"VerifyRequestContext",
|
|
144
|
+
"aip_error_code",
|
|
145
|
+
"aip_error_status",
|
|
146
|
+
"build_aip_error_body",
|
|
147
|
+
"build_aip_weak_auth_body",
|
|
148
|
+
"build_signature_base",
|
|
149
|
+
"build_verify_context_from_parts",
|
|
150
|
+
"build_verify_context_from_request",
|
|
151
|
+
"canonicalize_issuer",
|
|
152
|
+
"check_trust_requirements",
|
|
153
|
+
"evaluate_aip_parts",
|
|
154
|
+
"evaluate_aip_request",
|
|
155
|
+
"has_agent_identity_header",
|
|
156
|
+
"has_agent_identity_header_parts",
|
|
157
|
+
"is_ait_shape",
|
|
158
|
+
"normalize_authority",
|
|
159
|
+
"parse_signature_input",
|
|
160
|
+
"parse_signature_value",
|
|
161
|
+
"resolve_cache_seconds",
|
|
162
|
+
"sign_message",
|
|
163
|
+
"validate_ait_payload",
|
|
164
|
+
"verify_ait",
|
|
165
|
+
"verify_ait_parts",
|
|
166
|
+
"verify_ait_request",
|
|
167
|
+
"verify_message_signature",
|
|
168
|
+
]
|