test+docs: redistribute coverage tests + add per-product policy example

- Move test_coverage_bumps.py contents into the topical homes:
  - probe / sample_x402_accept tests   tests/test_discovery.py
  - create_mppx_stripe wrapper tests   tests/test_stripe_multichain.py
  - _apply_dynamic_options edges       tests/test_sessions.py
- Delete tests/test_coverage_bumps.py — tests should live with the surface
  they exercise, not in a coverage-fillers bucket
- examples/per_product_policy_merchant.py: copy-paste FastAPI merchant
  with three products (hard wine, anonymous merch, soft fraud-signal print)
  exercising PolicyBlock + build_gate_from_policy +
  run_gate_with_enforcement + shipping_country_allowed + shipping_state_allowed
- README + CLAUDE.md row for the new example

535 tests, 95.02% coverage.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: vvillait88

CLAUDE.md

@@ -44,6 +44,7 @@ Peer-dep pattern: payment/x402/mppx/stripe modules import lazily at runtime —
 | `stripe_multichain_merchant.py` | Stripe-anchored multichain (PaymentIntent → tempo/base/solana deposit addresses) |
 | `variable_cost_merchant.py` | Pay-per-actual-usage on **two protocols**: x402 upto (Permit2 + Settlement-Overrides) AND MPP tempo session (channel + SSE + mid-stream vouchers) |
 | `compliance_merchant.py` | Regulated-goods merchant — full compliance gate + custom `on_denied` composing the denial helpers (`verification_agent_instructions`, `is_fixable_denial`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `denial_reason_to_body`/`denial_reason_status`) |
+| `per_product_policy_merchant.py` | Multi-product merchant where each row carries its own compliance policy. One product hard-gates KYC + age + state; another is anonymous; a third uses `enforcement="soft"` (request KYC but don't block sale). Demonstrates `PolicyBlock`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`. |
 
 ## Identity model
 

README.md

@@ -16,7 +16,7 @@ pip install agentscore-commerce[fastapi]   # or [flask], [django], [aiohttp], [s
 | Submodule | What it provides |
 |---|---|
 | `agentscore_commerce.identity.{fastapi,flask,django,aiohttp,sanic,middleware}` | Trust gate middleware: KYC, sanctions, age, jurisdiction. `AgentScoreGate(...)` (or `agentscore_gate(app, ...)` on Flask/Sanic), `get_assess_data(...)`, `capture_wallet(...)`, `verify_wallet_signer_match(...)`. |
-| `agentscore_commerce.identity` (package level) | Re-exports the denial helpers: `denial_reason_status`, `denial_reason_to_body`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `verification_agent_instructions`, `is_fixable_denial`, `FIXABLE_DENIAL_REASONS`. |
+| `agentscore_commerce.identity` (package level) | Re-exports the denial helpers: `denial_reason_status`, `denial_reason_to_body`, `build_signer_mismatch_body`, `build_contact_support_next_steps`, `verification_agent_instructions`, `is_fixable_denial`, `FIXABLE_DENIAL_REASONS`. Also re-exports the per-product policy helpers: `PolicyBlock`, `GateResult`, `EnforcementMode`, `IdentityStatus`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed` — for multi-product merchants where each product carries its own compliance config (hard gate vs soft vs none, per-product shipping allowlists). |
 | `agentscore_commerce.payment` | `networks`, `USDC`, `rails` registries; `payment_directive`, `build_payment_directive`, `www_authenticate_header`, `payment_required_header`, `alias_amount_fields` (v1↔v2 amount field shim — emits both `amount` and `maxAmountRequired` so v1-only x402 parsers like Coinbase awal can read v2 bodies), `settlement_override_header`, `dispatch_settlement_by_network`, `extract_payment_signer` (returns `PaymentSigner({address, network})`), `register_x402_schemes_v1_v2`; drop-in x402 helpers: `validate_x402_network_config` (boot-time guard), `verify_x402_request` (parse + validate inbound X-Payment), `process_x402_settle` (verify-then-settle with one call). |
 | `agentscore_commerce.discovery` | `is_discovery_probe_request`, `build_discovery_probe_response` (with optional `x402_sample` for x402-aware crawlers — `awal x402 details` etc.), `sample_x402_accept_for_network` (USDC sample-accept builder for known CAIP-2 networks), `build_well_known_mpp`, `build_llms_txt` + `llms_txt_identity_section` + `llms_txt_payment_section` (compact + verbose modes), `agentscore_openapi_snippets`, `build_bazaar_discovery_payload`, `NoindexNonDiscoveryMiddleware` (ASGI middleware that emits `X-Robots-Tag: noindex` on every path except the agent-discovery surfaces — defaults cover `/openapi.json`, `/llms.txt`, `/.well-known/{mpp.json,agent-card.json,ucp}`, `/favicon.{png,ico}`; pure helpers `is_discovery_path` + `DEFAULT_DISCOVERY_PATHS` for non-ASGI frameworks). |
 | `agentscore_commerce.challenge` | `build_402_body`, `build_accepted_methods`, `build_identity_metadata`, `build_how_to_pay`, `build_agent_instructions`; `respond_402` — drop-in 402 emit that preserves pympp's `WWW-Authenticate` and layers x402's `PAYMENT-REQUIRED`. `build_validation_error` — structured 4xx body builder (`{error: {code, message}, required_fields?, example_body?, next_steps?, ...extra}`) so vendors compose body shapes by name instead of inlining at every validation site. |

agentscore_commerce/identity/policy.py

@@ -32,11 +32,10 @@
 from dataclasses import dataclass
 from typing import TYPE_CHECKING, Any, Literal, TypedDict
 
-from agentscore_commerce.identity.fastapi import AgentScoreGate
-
 if TYPE_CHECKING:
     from collections.abc import Mapping
 
+    from agentscore_commerce.identity.fastapi import AgentScoreGate
     from agentscore_commerce.identity.sessions import CreateSessionOnMissing
 
 EnforcementMode = Literal["hard", "soft"]
@@ -100,6 +99,10 @@ def build_gate_from_policy(
         return None
     if not policy.get("enforcement"):
         return None
+    # Lazy import — avoids circular import at package init time
+    # (identity package init pulls policy → fastapi → payment.signer → identity).
+    from agentscore_commerce.identity.fastapi import AgentScoreGate
+
     return AgentScoreGate(
         api_key=api_key,
         base_url=base_url,

examples/README.md

@@ -10,6 +10,7 @@ Runnable, copy-pasteable example integrations covering the most common merchant
 | [`stripe_multichain_merchant.py`](./stripe_multichain_merchant.py) | Stripe-anchored multi-chain | Stripe PaymentIntent with deposit_options for tempo/base/solana; crypto deposits flow through Stripe. Includes testnet `simulate_crypto_deposit` helper. |
 | [`variable_cost_merchant.py`](./variable_cost_merchant.py) | Pay-per-actual-usage (LLM, transcode, etc.) | Same use case on **two protocols**: x402 upto (Permit2 authorize-max → `Settlement-Overrides` settle-actual) AND MPP tempo session (channel + SSE + mid-stream vouchers). Vendor offers both. |
 | [`compliance_merchant.py`](./compliance_merchant.py) | Regulated-goods merchant (wine, cannabis, etc.) | Full compliance gate + custom `on_denied` composing commerce helpers: `verification_agent_instructions`, `is_fixable_denial`, `build_contact_support_next_steps`, `denial_reason_to_body`/`denial_reason_status`, `build_signer_mismatch_body`. Shows how vendors write only the business-specific branches and let commerce handle the rest. |
+| [`per_product_policy_merchant.py`](./per_product_policy_merchant.py) | Multi-product merchant with mixed compliance needs | One product carries a hard gate (wine — KYC + 21 + US-state allowlist), another has no gate at all (anonymous merch, ships anywhere), a third uses `enforcement="soft"` (request KYC as a fraud signal but accept anonymous sales, stamping `identity_status="unverified"` on the order). Uses `PolicyBlock`, `build_gate_from_policy`, `run_gate_with_enforcement`, `shipping_country_allowed`, `shipping_state_allowed`. |
 
 ## How to use
 

examples/per_product_policy_merchant.py

@@ -0,0 +1,129 @@
+"""Example: multi-product merchant with per-product compliance policy + soft mode
+
+Scenario: you sell several products with different compliance needs.
+- Wine: hard gate, KYC + 21+ + US-only + state allowlist (regulated alcohol)
+- Tee:  no gate at all — fully anonymous, ship anywhere
+- Limited print: SOFT gate — request KYC for fraud signals, but don't block sale
+                 if the buyer skips it; record identity_status="unverified" instead
+
+Each product carries its own policy block (in this example, a Python dict the
+merchant looks up from a database row). The route uses three helpers from
+``agentscore_commerce.identity.policy``:
+
+    - build_gate_from_policy(policy, *, api_key) → AgentScoreGate | None
+        Returns None when the policy has no enforcement (no gate fires).
+    - run_gate_with_enforcement(request, gate, *, enforcement) → GateResult
+        Runs the gate, swallows soft denials, returns a structured result.
+    - shipping_country_allowed / shipping_state_allowed
+        Per-product shipping allowlists (NULL = ship anywhere).
+
+The pattern was extracted from agentscore/store. See its
+``store/routes/purchase.py`` for the full per-request flow including code
+redemption + order persistence.
+
+Peer deps:
+    pip install agentscore-commerce[fastapi]
+
+Env vars:
+    AGENTSCORE_API_KEY — your AgentScore API key
+
+Run: uvicorn examples.per_product_policy_merchant:app --port 3000
+"""
+
+import os
+from typing import Any
+
+from fastapi import FastAPI, Request
+from fastapi.responses import JSONResponse
+
+from agentscore_commerce.identity.policy import (
+    PolicyBlock,
+    build_gate_from_policy,
+    run_gate_with_enforcement,
+    shipping_country_allowed,
+    shipping_state_allowed,
+)
+
+API_KEY = os.environ.get("AGENTSCORE_API_KEY", "ask_test_dummy")
+
+# A merchant would normally read these from a `products` table. Each row carries
+# its own compliance config; the keys match `PolicyBlock`.
+PRODUCTS: dict[str, dict[str, Any]] = {
+    "wine-cabernet": {
+        "name": "Reserve Cabernet",
+        "price_usd": 75.00,
+        "policy": PolicyBlock(
+            enforcement="hard",
+            require_kyc=True,
+            require_sanctions_clear=True,
+            min_age=21,
+            allowed_jurisdictions=["US"],
+            allowed_shipping_countries=["US"],
+            allowed_shipping_states=["CA", "NY", "TX", "FL", "WA"],  # abridged
+        ),
+    },
+    "tee": {
+        "name": "Cotton Tee",
+        "price_usd": 30.00,
+        "policy": None,  # No gate; ship anywhere; identity_status="anonymous"
+    },
+    "limited-print": {
+        "name": "Limited Edition Print (200/500)",
+        "price_usd": 200.00,
+        # Soft gate: request KYC as a fraud signal, but accept anonymous sales.
+        # On miss, identity_status="unverified" stamps the order so ops can flag it.
+        "policy": PolicyBlock(enforcement="soft", require_kyc=True),
+    },
+}
+
+
+app = FastAPI()
+
+
+@app.post("/purchase")
+async def purchase(request: Request) -> JSONResponse:
+    body = await request.json()
+    slug = body.get("product_slug")
+    shipping = body.get("shipping", {})
+
+    product = PRODUCTS.get(slug)
+    if product is None:
+        return JSONResponse({"error": {"code": "product_not_found"}}, status_code=400)
+
+    policy = product["policy"]
+
+    # Per-product shipping allowlists. NULL policy → ship anywhere.
+    if not shipping_country_allowed(shipping.get("country", ""), policy):
+        return JSONResponse(
+            {"error": {"code": "unsupported_jurisdiction", "message": f"Cannot ship to {shipping.get('country')}."}},
+            status_code=400,
+        )
+    if not shipping_state_allowed(shipping.get("state", ""), shipping.get("country", ""), policy):
+        return JSONResponse(
+            {"error": {"code": "unsupported_jurisdiction", "message": f"Cannot ship to {shipping.get('state')}."}},
+            status_code=400,
+        )
+
+    # Per-product identity gate.
+    enforcement = policy["enforcement"] if policy and "enforcement" in policy else None
+    gate = build_gate_from_policy(policy, api_key=API_KEY)
+    gate_result = await run_gate_with_enforcement(request, gate, enforcement=enforcement)
+
+    if gate_result.status == "denied":
+        # Hard mode: propagate the gate's structured 403 verbatim.
+        return JSONResponse(content=gate_result.denial_body, status_code=gate_result.denial_status or 403)
+
+    # gate_result.status is one of: "verified" (gate ran + passed),
+    # "unverified" (soft mode swallowed a denial), "anonymous" (no gate fired).
+    # Persist this on the order row so ops can distinguish soft passes from hard
+    # passes and from no-gate-product orders. For the limited print, an
+    # "unverified" status is a real fraud signal worth flagging in ops.
+    identity_status = gate_result.status
+
+    # ... settle payment, create order with `identity_status` column, return 200 ...
+    return JSONResponse(
+        {
+            "order": {"product": product["name"], "total_usd": product["price_usd"]},
+            "identity_status": identity_status,
+        }
+    )

tests/test_discovery.py

@@ -1,5 +1,7 @@
 import json
 
+import pytest
+
 from agentscore_commerce.discovery import (
     BuildAgentScoreOpenApiSnippetsInput,
     DiscoveryProbeOptions,
@@ -152,3 +154,172 @@ def test_solana_only_no_base(self):
         assert "### How to pay with x402 (Solana)" in section
         assert "--chain solana" in section
         assert "--chain base" not in section
+
+
+# ── sample_x402_accept_for_network: every registry branch ───────────────────
+
+
+def test_sample_accept_base_mainnet() -> None:
+    from agentscore_commerce.discovery.probe import sample_x402_accept_for_network
+
+    e = sample_x402_accept_for_network("eip155:8453")
+    assert e is not None
+    assert e["network"] == "eip155:8453"
+    assert e["scheme"] == "exact"
+    assert e["extra"] == {"name": "USDC", "version": "2"}
+
+
+def test_sample_accept_base_sepolia() -> None:
+    from agentscore_commerce.discovery.probe import sample_x402_accept_for_network
+
+    e = sample_x402_accept_for_network("eip155:84532")
+    assert e is not None
+    assert e["network"] == "eip155:84532"
+
+
+def test_sample_accept_solana_mainnet() -> None:
+    from agentscore_commerce.discovery.probe import sample_x402_accept_for_network
+
+    e = sample_x402_accept_for_network("solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp")
+    assert e is not None
+    assert "extra" not in e
+    assert e["payTo"] == "11111111111111111111111111111111"
+
+
+def test_sample_accept_solana_devnet() -> None:
+    from agentscore_commerce.discovery.probe import sample_x402_accept_for_network
+
+    e = sample_x402_accept_for_network("solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1")
+    assert e is not None
+    assert e["network"].startswith("solana:")
+
+
+def test_sample_accept_unknown_network_returns_none() -> None:
+    from agentscore_commerce.discovery.probe import sample_x402_accept_for_network
+
+    assert sample_x402_accept_for_network("eip155:1") is None
+
+
+# ── build_discovery_probe_response: x402 sample paths ───────────────────────
+
+
+def _probe_opts(**overrides: object):
+    from agentscore_commerce.discovery.probe import DiscoveryProbeOptions
+
+    base: dict[str, object] = {
+        "realm": "https://example.com",
+        "sample_rail": "tempo-mainnet",
+        "sample_amount_usd": 1.00,
+        "sample_recipient": "0x0000000000000000000000000000000000000001",
+    }
+    base.update(overrides)
+    return DiscoveryProbeOptions(**base)  # type: ignore[arg-type]
+
+
+def test_probe_response_without_x402_sample() -> None:
+    from agentscore_commerce.discovery.probe import build_discovery_probe_response
+
+    resp = build_discovery_probe_response(_probe_opts())
+    assert resp.status == 402
+    assert "www-authenticate" in resp.headers
+    assert "payment-required" not in resp.headers
+
+
+def test_probe_response_with_x402_sample_via_networks_shorthand() -> None:
+    import json as _json
+
+    from agentscore_commerce.discovery.probe import X402SampleProbe, build_discovery_probe_response
+
+    resp = build_discovery_probe_response(
+        _probe_opts(x402_sample=X402SampleProbe(networks=["eip155:84532", "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1"]))
+    )
+    assert resp.status == 402
+    assert "payment-required" in resp.headers
+    body = _json.loads(resp.body)
+    assert body["x402Version"] == 2
+    assert len(body["accepts"]) == 2
+
+
+def test_probe_response_with_explicit_accepts_overrides_networks_shorthand() -> None:
+    import json as _json
+
+    from agentscore_commerce.discovery.probe import X402SampleProbe, build_discovery_probe_response
+
+    custom = [{"scheme": "exact", "network": "fake", "asset": "X", "payTo": "Y"}]
+    resp = build_discovery_probe_response(_probe_opts(x402_sample=X402SampleProbe(accepts=custom, version=1)))
+    body = _json.loads(resp.body)
+    assert body["x402Version"] == 1
+    assert body["accepts"][0]["network"] == "fake"
+
+
+def test_probe_response_with_resource_url() -> None:
+    import base64
+    import json as _json
+
+    from agentscore_commerce.discovery.probe import X402SampleProbe, build_discovery_probe_response
+
+    resp = build_discovery_probe_response(
+        _probe_opts(x402_sample=X402SampleProbe(networks=["eip155:84532"], resource_url="https://example.com/api"))
+    )
+    decoded = _json.loads(base64.b64decode(resp.headers["payment-required"]).decode())
+    assert decoded["resource"]["url"] == "https://example.com/api"
+
+
+def test_probe_response_with_docs_url() -> None:
+    import json as _json
+
+    from agentscore_commerce.discovery.probe import build_discovery_probe_response
+
+    resp = build_discovery_probe_response(_probe_opts(docs_url="https://docs.example.com"))
+    body = _json.loads(resp.body)
+    assert body["docs"] == "https://docs.example.com"
+
+
+def test_probe_response_unknown_network_filtered_out() -> None:
+    import json as _json
+
+    from agentscore_commerce.discovery.probe import X402SampleProbe, build_discovery_probe_response
+
+    resp = build_discovery_probe_response(
+        _probe_opts(x402_sample=X402SampleProbe(networks=["eip155:84532", "eip155:99999"]))
+    )
+    body = _json.loads(resp.body)
+    assert len(body["accepts"]) == 1
+
+
+# ── is_discovery_probe_request ──────────────────────────────────────────────
+
+
+@pytest.mark.asyncio
+async def test_is_probe_empty_post() -> None:
+    from agentscore_commerce.discovery.probe import is_discovery_probe_request
+
+    assert await is_discovery_probe_request("POST", None, "") is True
+
+
+@pytest.mark.asyncio
+async def test_is_probe_empty_object_post() -> None:
+    from agentscore_commerce.discovery.probe import is_discovery_probe_request
+
+    assert await is_discovery_probe_request("POST", None, "{}") is True
+
+
+@pytest.mark.asyncio
+async def test_is_probe_non_post_rejected() -> None:
+    from agentscore_commerce.discovery.probe import is_discovery_probe_request
+
+    assert await is_discovery_probe_request("GET", None, "") is False
+
+
+@pytest.mark.asyncio
+async def test_is_probe_with_payment_authz_rejected() -> None:
+    from agentscore_commerce.discovery.probe import is_discovery_probe_request
+
+    assert await is_discovery_probe_request("POST", "Payment foo", "") is False
+
+
+@pytest.mark.asyncio
+async def test_is_probe_with_real_body_rejected() -> None:
+    from agentscore_commerce.discovery.probe import is_discovery_probe_request
+
+    assert await is_discovery_probe_request("POST", None, '{"product": "x"}') is False

tests/test_sessions.py

@@ -349,3 +349,21 @@ async def test_non_dict_return_ignored(self):
         reason = await try_create_session_denial_reason(cfg, user_agent="ua", ctx={"x": 1})
         assert reason is not None
         assert reason.extra is None
+
+
+# ── _apply_dynamic_options edge cases ───────────────────────────────────────
+
+
+def test_apply_dynamic_options_passes_through_non_dict() -> None:
+    from agentscore_commerce.identity.sessions import _apply_dynamic_options
+
+    body: dict[str, str] = {}
+    assert _apply_dynamic_options(body, "not-a-dict") is body
+
+
+def test_apply_dynamic_options_picks_js_style_product_name() -> None:
+    from agentscore_commerce.identity.sessions import _apply_dynamic_options
+
+    body: dict[str, str] = {}
+    out = _apply_dynamic_options(body, {"productName": "Wine Store"})
+    assert out["product_name"] == "Wine Store"