chore: v2.1.0 — invalid_credential, optional Subject/AccountVerification fields, engines >=20#23
Merged
vvillait88 merged 6 commits intomainfrom Apr 30, 2026
Merged
Conversation
\`sanctions_check_pending\` isn't a real API code. The real codes are kyc_required, kyc_pending, kyc_failed, sanctions_flagged, age_insufficient, jurisdiction_restricted. Test passes either way (SDK passes reasons through verbatim), but the fake string propagates misinformation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Add `invalid_credential` to the DenialCode union (commerce gate emits this on
401; tests already reference it but the type was missing).
- Subject.address: required → optional. Subject can be either wallet-keyed
(`{chains, address}`) or credential-keyed (`{chains, credential_prefix}`);
Python SDK already had this right (TypedDict total=False on the address +
credential_prefix slots).
- CredentialListResponse.account_verification: required → optional. The API
conditionally emits this row only when the account has KYC; Python SDK
already had this as `NotRequired`. Node was over-typing — would fail at
runtime for pre-KYC accounts that have minted credentials.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Test fixtures used opc_live_* (production prefix) for mock credentials. The rest of the codebase consistently uses opc_test_* for test fixtures; align here so nobody mistakes a fixture for a real credential. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Node 18 EOL'd April 2025; pay already declares >=20. Match the canonical floor across the publishable npm packages. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Minor release: - engines.node bumped from >=18 to >=20 (Node 18 EOL'd April 2025) - Subject.address became optional (was required); added Subject.credential_prefix for credential-keyed assess responses - CredentialListResponse.account_verification became optional (was required) to match the API's conditional emission for accounts without KYC - Added \`invalid_credential\` to the DenialCode union (was tested but missing) - Test fixtures use opc_test_* (was opc_live_*) for clarity The \`engines\` floor bump and the type-narrowing changes are technically breaking for TS consumers that didn't null-check, hence the minor (not patch). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
vvillait88
changed the title
The SDK now wraps multiple AgentScore APIs (assess + sessions + credentials + captureWallet, etc.), not just the legacy trust+reputation endpoint. Update the package description, README tagline, and CLAUDE.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
`sanctions_check_pending` isn't a real API code. The real codes the API emits are `kyc_required`, `kyc_pending`, `kyc_failed`, `sanctions_flagged`, `age_insufficient`, `jurisdiction_restricted` (see `core/api/src/routes/v1/assess.ts`). Test passes either way since the SDK passes reasons through verbatim, but the fake string propagates misinformation about API surface.
Test plan
🤖 Generated with Claude Code