ProjectOpenSea
diff --git a/‎AGENTS.md‎
Lines changed: 11 additions & 5 deletions b/‎AGENTS.md‎
Lines changed: 11 additions & 5 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 34 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 36 additions & 0 deletions b/‎README.md‎
Lines changed: 36 additions & 0 deletions
@@ -43,15 +43,21 @@ When reviewing changes to this package, verify:
 
 1. **ABI completeness**: `abis.ts` must include every function and event from the corresponding Solidity interfaces in `../tool-registry/src/interfaces/`. If the Solidity interface adds a function, `abis.ts` must add it too. Missing ABI entries mean SDK consumers cannot call those functions.
 
-2. **Address sync**: Addresses in `chains.ts` must match `../tool-registry/README.md`. After a new deploy, both files must be updated together.
+2. **Address sync**: Addresses in `chains.ts` must match `../tool-registry/README.md`. After a new deploy, both files must be updated together. Also update `SKILLS.md` — it hardcodes contract addresses in the "Deployed Contracts" table and code examples.
 
-3. **Dead code after refactors**: When removing features (e.g., dropping a predicate factory), verify that all related imports, constants, and references are also removed. Check for unused imports at the top of refactored files.
+3. **SKILLS.md sync**: `SKILLS.md` hardcodes requirement-type selectors (`kind` values from `IRequirementTypes.sol`) and contract addresses. When any of these change in `tool-registry`, update `SKILLS.md` in the same PR:
+   - Deployed addresses → "Deployed Contracts" table + code examples
+   - `IRequirementTypes.sol` selectors → `kind` fields in "Known Predicates" section
+   - New predicates in `../tool-registry/examples/` → new entry in "Known Predicates"
+   - CLI commands added/removed in `src/cli/index.ts` → CLI commands table in Section 9
 
-4. **CLI error messages**: Error messages shown to SDK consumers should not reference internal file paths (e.g., "Update chains.ts"). Link to the README or provide actionable instructions instead.
+4. **Dead code after refactors**: When removing features (e.g., dropping a predicate factory), verify that all related imports, constants, and references are also removed. Check for unused imports at the top of refactored files.
 
-5. **Multi-step CLI flows**: Commands that require multiple onchain transactions (e.g., `register --nft-gate` does `registerTool` then `setCollections`) must handle partial failure gracefully — print recovery instructions if the second TX fails.
+5. **CLI error messages**: Error messages shown to SDK consumers should not reference internal file paths (e.g., "Update chains.ts"). Link to the README or provide actionable instructions instead.
 
-6. **`--dry-run` accuracy**: Dry-run output must reflect the full onchain footprint. If the command sends multiple transactions, the dry-run should mention all of them.
+6. **Multi-step CLI flows**: Commands that require multiple onchain transactions (e.g., `register --nft-gate` does `registerTool` then `setCollections`) must handle partial failure gracefully — print recovery instructions if the second TX fails.
+
+7. **`--dry-run` accuracy**: Dry-run output must reflect the full onchain footprint. If the command sends multiple transactions, the dry-run should mention all of them.
 
 ## Conventions
 
 
@@ -1,5 +1,39 @@
 # @opensea/tool-sdk
 
+## 0.3.0
+
+### Minor Changes
+
+- ef922d8: Migrate `auth` and `smoke` CLI commands from `TOOL_SDK_PRIVATE_KEY` / `privateKeyToAccount` to `createWalletFromEnv()` from `@opensea/wallet-adapters`. Both commands now use `PRIVATE_KEY` (via wallet-adapters) instead of the non-standard `TOOL_SDK_PRIVATE_KEY` env var, and accept the `--wallet-provider` flag for explicit provider selection. This makes wallet configuration consistent across all CLI commands (`auth`, `pay`, `smoke`, `register`, `update-metadata`).
+
+  **Breaking:** `--key` (auth), `--as` (smoke), and `TOOL_SDK_PRIVATE_KEY` env var have been removed. Use `PRIVATE_KEY` + `RPC_URL` env vars or `--wallet-provider` instead.
+
+- f6ef66e: feat: add delegated agent auth via delegate.xyz for predicate-gated tools
+- 80bfd16: feat(manifest): validate inputs/outputs as well-formed JSON Schema
+- fde8ef0: feat: add ERC721OwnerPredicateClient and ERC1155OwnerPredicateClient for managing predicate collections
+- 6b31470: feat(predicate-gate): accept registryAddress override for local development
+
+  `PredicateGateConfig` and `ToolRegistryClient` now accept an optional `registryAddress` field. When provided, the middleware and client use the given address instead of looking up the canonical `TOOL_REGISTRY` deployment. This enables local development against a forked Anvil node or a custom registry deploy without monkey-patching the SDK.
+
+- 1368f61: feat: support runtime env resolution in defineManifest for Cloudflare Workers
+
+### Patch Changes
+
+- 1b3a388: feat(init): update Vercel template with agent-friendly discovery page and llms.txt
+
+  The `tool-sdk init` template now scaffolds an index.html that serves as an
+  llms.txt-style discovery page — showing agents the manifest location, endpoint,
+  auth requirements (SIWE), input/output schemas, and SDK usage examples. Also adds
+  a `/llms.txt` plaintext file following the llms.txt spec for direct LLM consumption.
+
+  Updated to use `createWalletFromEnv` / `walletAdapterToClient` from
+  `@opensea/wallet-adapters` instead of raw `privateKeyToAccount`. Added coverage
+  for x402 payment flows (`pay` command, `paidAuthenticatedFetch`), smoke-testing,
+  and multi-provider wallet configuration (Privy, Turnkey, Fireblocks).
+
+- b5307e4: fix(deploy): skip blank-valued env vars in .env.local.example during deploy wizard
+- 7da1fae: fix(deploy): skip env var prompts for vars already set in Vercel
+
 ## 0.2.0
 
 ### Minor Changes
 
@@ -356,6 +356,42 @@ Authorization header format: `SIWE <base64url(siwe-message)>.<hex-signature>`
 > Tool operators requiring stronger replay protection should implement
 > server-side nonce tracking.
 
+#### Delegated agent access (delegate.xyz)
+
+An AI agent can call a predicate-gated tool **on behalf of** an NFT holder
+without the holder's private key. The holder delegates to the agent at
+[delegate.xyz](https://delegate.xyz) (onchain, one TX, revocable anytime),
+and the agent includes the holder's address in the request:
+
+```typescript
+import { authenticatedFetch } from "@opensea/tool-sdk"
+
+const response = await authenticatedFetch(toolUrl, {
+  method: "POST",
+  headers: {
+    "X-Delegate-For": holderAddress,      // holder who delegated
+  },
+  account: agentAccount,
+  body: JSON.stringify({ query: "hello" }),
+})
+```
+
+When `X-Delegate-For` is present, the middleware:
+
+1. Verifies the agent's SIWE signature normally
+2. Calls `checkDelegateForAll(agent, holder)` on the [delegate.xyz DelegateRegistry](https://docs.delegate.xyz)
+3. If valid, runs the access predicate against the **holder** (not the agent)
+4. Sets `ctx.callerAddress = holderAddress` and `ctx.agentAddress = agentAddress`
+
+| Outcome | Status | Body |
+| --- | --- | --- |
+| Invalid `X-Delegate-For` format | `400` | `{ error }` |
+| Delegation not found onchain | `403` | `{ error, hint }` |
+| Delegate registry call failed | `502` | `{ error }` |
+
+See [docs/predicate-gating-guide.md](docs/predicate-gating-guide.md) for the
+full delegation walkthrough.
+
 ### Client-side access preview
 
 Off-chain helper for clients that want to gate UI before invocation. Same