From 726db8d80142331c7eda619284d2e45b4cea23ec Mon Sep 17 00:00:00 2001 From: vvillait88 Date: Wed, 29 Apr 2026 19:49:48 -0700 Subject: [PATCH 1/6] chore: replace fake reason code in tests with real API code \`sanctions_check_pending\` isn't a real API code. The real codes are kyc_required, kyc_pending, kyc_failed, sanctions_flagged, age_insufficient, jurisdiction_restricted. Test passes either way (SDK passes reasons through verbatim), but the fake string propagates misinformation. Co-Authored-By: Claude Opus 4.7 (1M context) --- tests/index.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/index.test.ts b/tests/index.test.ts index 325d62c..399be2c 100644 --- a/tests/index.test.ts +++ b/tests/index.test.ts @@ -518,7 +518,7 @@ describe('Integration: compliance policy deny with verify_url', () => { evidence_summary: { metadata_kind: null, has_a2a_agent_card: false, website_url: null, website_reachable: false, website_mentions_mcp: false, website_mentions_x402: false, github_url: null, github_stars: null }, }], decision: 'deny', - decision_reasons: ['kyc_required', 'sanctions_check_pending'], + decision_reasons: ['kyc_required', 'sanctions_flagged'], on_the_fly: false, data_semantics: 'v1', caveats: [], @@ -544,7 +544,7 @@ describe('Integration: compliance policy deny with verify_url', () => { expect(result.decision).toBe('deny'); expect(result.decision_reasons).toContain('kyc_required'); - expect(result.decision_reasons).toContain('sanctions_check_pending'); + expect(result.decision_reasons).toContain('sanctions_flagged'); expect(result.verify_url).toBe('https://agentscore.sh/verify/xyz789'); expect(result.operator_verification).toBeDefined(); expect(result.operator_verification!.level).toBe('none'); From 4508228d27503b6041c031fabd8fe6c44384fa12 Mon Sep 17 00:00:00 2001 From: vvillait88 Date: Wed, 29 Apr 2026 20:02:15 -0700 Subject: [PATCH 2/6] fix: align DenialCode + Subject + AccountVerification with API behavior MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add `invalid_credential` to the DenialCode union (commerce gate emits this on 401; tests already reference it but the type was missing). - Subject.address: required → optional. Subject can be either wallet-keyed (`{chains, address}`) or credential-keyed (`{chains, credential_prefix}`); Python SDK already had this right (TypedDict total=False on the address + credential_prefix slots). - CredentialListResponse.account_verification: required → optional. The API conditionally emits this row only when the account has KYC; Python SDK already had this as `NotRequired`. Node was over-typing — would fail at runtime for pre-KYC accounts that have minted credentials. Co-Authored-By: Claude Opus 4.7 (1M context) --- src/types.ts | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/src/types.ts b/src/types.ts index 0ebca12..2ae0db3 100644 --- a/src/types.ts +++ b/src/types.ts @@ -12,7 +12,11 @@ export type ReputationStatus = 'scored' | 'stale' | 'known_unscored'; export interface Subject { chains: string[]; - address: string; + /** Wallet-based subject. Present for assess/reputation responses keyed by `address`. + * Absent on credential-based assess (use `credential_prefix` instead). */ + address?: string; + /** Credential-based subject. Present for assess responses keyed by `operator_token`. */ + credential_prefix?: string; } export interface Classification { @@ -217,18 +221,25 @@ export interface AgentScoreErrorBody { * until verified, receive a fresh operator_token. Existing account KYC persists. */ export type DenialCode = - | 'operator_verification_required' - | 'compliance_denied' - | 'compliance_error' - | 'wallet_not_trusted' + // Gate-emitted codes from commerce middleware (canonical 9-element union) | 'missing_identity' | 'identity_verification_required' - | 'payment_required' - | 'api_error' - | 'kyc_required' + | 'token_expired' + | 'invalid_credential' | 'wallet_signer_mismatch' | 'wallet_auth_requires_wallet_signing' - | 'token_expired'; + | 'wallet_not_trusted' + | 'api_error' + | 'payment_required' + // Merchant-emitted convenience codes (e.g. martin-estate's onDenied wraps gate denials + // into wine-specific business codes). These are not emitted by the AgentScore API + // itself but appear in 4xx bodies the SDK may surface back to callers. + | 'operator_verification_required' + | 'compliance_denied' + | 'compliance_error' + // Decision-reason code surfaced in error.code by some merchants — kept for back-compat + // with merchants that flatten policy reasons into the error envelope. + | 'kyc_required'; /** * Recommended agent action encoded in `next_steps.action`. Granular codes let agents pick the @@ -466,7 +477,10 @@ export interface AccountVerification { export interface CredentialListResponse { credentials: CredentialItem[]; - account_verification: AccountVerification; + /** Account-level KYC facts. Conditionally emitted by the API — only present when the + * account has an associated `account_verifications` row. Absent for accounts that + * have minted credentials but never started KYC. */ + account_verification?: AccountVerification; } export interface CredentialRevokeResponse { From e6c53a40009725a6db15ac2e71b175ed71ec9d9b Mon Sep 17 00:00:00 2001 From: vvillait88 Date: Wed, 29 Apr 2026 20:16:07 -0700 Subject: [PATCH 3/6] chore: replace opc_live_ test fixture prefix with opc_test_ Test fixtures used opc_live_* (production prefix) for mock credentials. The rest of the codebase consistently uses opc_test_* for test fixtures; align here so nobody mistakes a fixture for a real credential. Co-Authored-By: Claude Opus 4.7 (1M context) --- tests/sessions-credentials.test.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/sessions-credentials.test.ts b/tests/sessions-credentials.test.ts index a942477..e81d753 100644 --- a/tests/sessions-credentials.test.ts +++ b/tests/sessions-credentials.test.ts @@ -199,8 +199,8 @@ describe('AgentScore.pollSession()', () => { const CREDENTIAL_CREATE_RESPONSE = { id: 'cred_abc123', - credential: 'opc_live_abc123def456', - prefix: 'opc_live_abc', + credential: 'opc_test_abc123def456', + prefix: 'opc_test_abc', label: 'Production API', expires_at: '2027-04-09T00:00:00Z', created_at: '2026-04-09T00:00:00Z', @@ -288,7 +288,7 @@ const CREDENTIAL_LIST_RESPONSE = { credentials: [ { id: 'cred_abc123', - prefix: 'opc_live_abc', + prefix: 'opc_test_abc', label: 'Production API', expires_at: '2027-04-09T00:00:00Z', last_used_at: '2026-04-08T12:00:00Z', @@ -296,7 +296,7 @@ const CREDENTIAL_LIST_RESPONSE = { }, { id: 'cred_def456', - prefix: 'opc_live_def', + prefix: 'opc_test_def', label: 'Staging', expires_at: '2026-05-01T00:00:00Z', last_used_at: null, From 04391f060bdf2aae060121cda6f3b2165a62a39a Mon Sep 17 00:00:00 2001 From: vvillait88 Date: Wed, 29 Apr 2026 20:21:19 -0700 Subject: [PATCH 4/6] chore: bump engines.node from >=18 to >=20 Node 18 EOL'd April 2025; pay already declares >=20. Match the canonical floor across the publishable npm packages. Co-Authored-By: Claude Opus 4.7 (1M context) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index bcefb3a..856aa24 100644 --- a/package.json +++ b/package.json @@ -48,7 +48,7 @@ "url": "https://github.com/agentscore/node-sdk/issues" }, "engines": { - "node": ">=18" + "node": ">=20" }, "devDependencies": { "@eslint/js": "^9.39.4", From 931dcff03275a8afac9d1bef674cae3c84504d89 Mon Sep 17 00:00:00 2001 From: vvillait88 Date: Wed, 29 Apr 2026 20:37:39 -0700 Subject: [PATCH 5/6] chore: bump to v2.1.0 Minor release: - engines.node bumped from >=18 to >=20 (Node 18 EOL'd April 2025) - Subject.address became optional (was required); added Subject.credential_prefix for credential-keyed assess responses - CredentialListResponse.account_verification became optional (was required) to match the API's conditional emission for accounts without KYC - Added \`invalid_credential\` to the DenialCode union (was tested but missing) - Test fixtures use opc_test_* (was opc_live_*) for clarity The \`engines\` floor bump and the type-narrowing changes are technically breaking for TS consumers that didn't null-check, hence the minor (not patch). Co-Authored-By: Claude Opus 4.7 (1M context) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 856aa24..ad28f33 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@agent-score/sdk", - "version": "2.0.0", + "version": "2.1.0", "description": "TypeScript client for the AgentScore trust and reputation API", "main": "./dist/index.cjs", "module": "./dist/index.js", From e80c8ad331fa8a935496ff7d6a79723dd0d54622 Mon Sep 17 00:00:00 2001 From: vvillait88 Date: Wed, 29 Apr 2026 20:40:06 -0700 Subject: [PATCH 6/6] =?UTF-8?q?chore:=20rename=20description=20from=20"tru?= =?UTF-8?q?st=20and=20reputation=20API"=20=E2=86=92=20"APIs"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The SDK now wraps multiple AgentScore APIs (assess + sessions + credentials + captureWallet, etc.), not just the legacy trust+reputation endpoint. Update the package description, README tagline, and CLAUDE.md. Co-Authored-By: Claude Opus 4.7 (1M context) --- .claude/CLAUDE.md | 2 +- README.md | 2 +- package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md index 8601e43..34f6842 100644 --- a/.claude/CLAUDE.md +++ b/.claude/CLAUDE.md @@ -1,6 +1,6 @@ # @agent-score/sdk -TypeScript client for the AgentScore trust and reputation API. +TypeScript client for the AgentScore APIs. ## Identity Model diff --git a/README.md b/README.md index a29ceb6..f69275c 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ [![npm version](https://img.shields.io/npm/v/@agent-score/sdk.svg)](https://www.npmjs.com/package/@agent-score/sdk) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE) -TypeScript/Node.js client for the [AgentScore](https://agentscore.sh) trust and reputation API. +TypeScript/Node.js client for the [AgentScore](https://agentscore.sh) APIs. ## Install diff --git a/package.json b/package.json index ad28f33..2f3c95a 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@agent-score/sdk", "version": "2.1.0", - "description": "TypeScript client for the AgentScore trust and reputation API", + "description": "TypeScript client for the AgentScore APIs", "main": "./dist/index.cjs", "module": "./dist/index.js", "types": "./dist/index.d.ts",