@agirails/sdk 2.0.3 → 2.2.0

package/dist/utils/validation.js

@@ -23,12 +23,57 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateEndpointURL = exports.validateTxId = exports.validateDisputeWindow = exports.validateDeadline = exports.validateAmount = exports.validateAddress = void 0;
+exports.createSafeError = exports.sanitizeErrorMessage = exports.validateSignature = exports.validateHash = exports.validateSemver = exports.validateGatewayURL = exports.validateArweaveTxId = exports.validateCID = exports.validateEndpointURL = exports.validateTxId = exports.validateDisputeWindow = exports.validateDeadline = exports.validateAmount = exports.validateAddress = exports.ALLOWED_ARWEAVE_GATEWAYS = exports.ALLOWED_IPFS_GATEWAYS = exports.SEMVER_PATTERN = exports.ARWEAVE_TX_ID_PATTERN = exports.CID_PATTERN = exports.SIGNATURE_PATTERN = exports.HASH_PATTERN = exports.TX_ID_PATTERN = exports.ADDRESS_PATTERN = void 0;
 const ethers_1 = require("ethers");
 const errors_1 = require("../errors");
 /**
  * Input validation utilities
  */
+// ============================================================================
+// Shared Validation Patterns (AIP-7 Storage)
+// ============================================================================
+/** Ethereum address validation pattern */
+exports.ADDRESS_PATTERN = /^0x[a-fA-F0-9]{40}$/;
+/** Transaction ID (bytes32) validation pattern */
+exports.TX_ID_PATTERN = /^0x[a-fA-F0-9]{64}$/;
+/** Hash (bytes32) validation pattern */
+exports.HASH_PATTERN = /^0x[a-fA-F0-9]{64}$/;
+/** Signature (65 bytes = 130 hex chars) validation pattern */
+exports.SIGNATURE_PATTERN = /^0x[a-fA-F0-9]{130}$/;
+/** CID validation pattern (CIDv0 or CIDv1) */
+exports.CID_PATTERN = /^(Qm[1-9A-HJ-NP-Za-km-z]{44}|b[a-z2-7]{58,})$/;
+/** Arweave TX ID pattern (43 characters, base64url) */
+exports.ARWEAVE_TX_ID_PATTERN = /^[a-zA-Z0-9_-]{43}$/;
+/** Semver pattern for version validation */
+exports.SEMVER_PATTERN = /^\d+\.\d+\.\d+$/;
+// ============================================================================
+// Gateway URL Whitelist (SSRF Protection - P0-1)
+// ============================================================================
+/**
+ * Allowed IPFS gateway domains
+ * Only whitelisted gateways are allowed for downloads
+ */
+exports.ALLOWED_IPFS_GATEWAYS = [
+    'ipfs.filebase.io',
+    'gateway.pinata.cloud',
+    'cloudflare-ipfs.com',
+    'ipfs.io',
+    'dweb.link',
+    'w3s.link',
+    'nftstorage.link'
+];
+/**
+ * Allowed Arweave gateway domains
+ * Only whitelisted gateways are allowed for downloads
+ */
+exports.ALLOWED_ARWEAVE_GATEWAYS = [
+    'arweave.net',
+    'gateway.irys.xyz',
+    'arweave.dev'
+];
+// ============================================================================
+// Validation Functions
+// ============================================================================
 /**
  * Validate Ethereum address
  */
@@ -116,13 +161,19 @@ function isPrivateIP(ip) {
         }
     }
     // IPv6 patterns (without brackets)
+    // Includes both standard ::ffff: and alternative ::ffff:0: notation (NEW-2 fix)
     const ipv6PrivatePatterns = [
         /^::1$/, // IPv6 loopback
         /^::ffff:127\./, // IPv4-mapped localhost
+        /^::ffff:0:127\./, // Alternative IPv4-mapped localhost
         /^::ffff:10\./, // IPv4-mapped private 10.x
+        /^::ffff:0:10\./, // Alternative IPv4-mapped private 10.x
         /^::ffff:192\.168\./, // IPv4-mapped private 192.168.x
+        /^::ffff:0:192\.168\./, // Alternative IPv4-mapped private 192.168.x
         /^::ffff:172\.(1[6-9]|2\d|3[01])\./, // IPv4-mapped private 172.16-31.x
+        /^::ffff:0:172\.(1[6-9]|2\d|3[01])\./, // Alternative IPv4-mapped private 172.16-31.x
         /^::ffff:169\.254\./, // IPv4-mapped link-local (CRITICAL: AWS metadata)
+        /^::ffff:0:169\.254\./, // Alternative IPv4-mapped link-local
         /^fc00:/i, // IPv6 ULA fc00::/7
         /^fd/i, // IPv6 ULA fd00::/8
         /^fe80:/i // IPv6 link-local fe80::/10
@@ -220,4 +271,200 @@ async function validateEndpointURL(endpoint, fieldName = 'endpoint') {
     // IPFS endpoints skip DNS check (no DNS resolution for IPFS CIDs)
 }
 exports.validateEndpointURL = validateEndpointURL;
+// ============================================================================
+// Storage Validation Functions (AIP-7)
+// ============================================================================
+/**
+ * Validate IPFS CID format
+ *
+ * @param cid - IPFS CID to validate
+ * @param fieldName - Field name for error messages
+ * @throws {InvalidCIDError} If CID is invalid
+ */
+function validateCID(cid, fieldName = 'cid') {
+    if (!cid || typeof cid !== 'string') {
+        throw new errors_1.InvalidCIDError(String(cid), 'CID is required');
+    }
+    if (!exports.CID_PATTERN.test(cid)) {
+        throw new errors_1.InvalidCIDError(cid, 'Invalid CID format (expected CIDv0 Qm... or CIDv1 bafy...)');
+    }
+}
+exports.validateCID = validateCID;
+/**
+ * Validate Arweave transaction ID format
+ *
+ * @param txId - Arweave TX ID to validate
+ * @param fieldName - Field name for error messages
+ * @throws {InvalidArweaveTxIdError} If TX ID is invalid
+ */
+function validateArweaveTxId(txId, fieldName = 'txId') {
+    if (!txId || typeof txId !== 'string') {
+        throw new errors_1.InvalidArweaveTxIdError(String(txId), 'TX ID is required');
+    }
+    if (!exports.ARWEAVE_TX_ID_PATTERN.test(txId)) {
+        throw new errors_1.InvalidArweaveTxIdError(txId, 'Invalid format (expected 43 character base64url string)');
+    }
+}
+exports.validateArweaveTxId = validateArweaveTxId;
+/**
+ * Validate gateway URL against whitelist (SSRF Protection - P0-1)
+ *
+ * SECURITY FIX: Only allow downloads from whitelisted gateway domains.
+ * This prevents SSRF attacks where attacker controls the gateway URL.
+ *
+ * @param url - Full gateway URL to validate
+ * @param allowedGateways - List of allowed gateway domains
+ * @param fieldName - Field name for error messages
+ * @throws {ValidationError} If gateway is not whitelisted
+ */
+function validateGatewayURL(url, allowedGateways, fieldName = 'gatewayUrl') {
+    if (!url || typeof url !== 'string') {
+        throw new errors_1.ValidationError(fieldName, 'Gateway URL is required');
+    }
+    let parsedUrl;
+    try {
+        parsedUrl = new URL(url);
+    }
+    catch {
+        throw new errors_1.ValidationError(fieldName, 'Invalid URL format');
+    }
+    // Must be HTTPS
+    if (parsedUrl.protocol !== 'https:') {
+        throw new errors_1.ValidationError(fieldName, 'Gateway URL must use HTTPS');
+    }
+    // NEW-3: Validate port (must be 443 or default, prevents port bypass attacks)
+    const port = parsedUrl.port;
+    if (port && !['443', ''].includes(port)) {
+        throw new errors_1.ValidationError(fieldName, `Gateway URL must use standard HTTPS port (443). Found port: ${port}. ` +
+            `Non-standard ports may bypass whitelist intent.`);
+    }
+    // Check hostname against whitelist
+    const hostname = parsedUrl.hostname.toLowerCase();
+    const isAllowed = allowedGateways.some(gateway => hostname === gateway.toLowerCase() ||
+        hostname.endsWith('.' + gateway.toLowerCase()));
+    if (!isAllowed) {
+        throw new errors_1.ValidationError(fieldName, `Gateway "${hostname}" is not in the allowed list. ` +
+            `Allowed gateways: ${allowedGateways.join(', ')}. ` +
+            `This restriction prevents SSRF attacks.`);
+    }
+}
+exports.validateGatewayURL = validateGatewayURL;
+/**
+ * Validate semver version string
+ *
+ * @param version - Version string to validate
+ * @param fieldName - Field name for error messages
+ * @throws {ValidationError} If version is invalid
+ */
+function validateSemver(version, fieldName = 'version') {
+    if (!version || typeof version !== 'string') {
+        throw new errors_1.ValidationError(fieldName, 'Version is required');
+    }
+    if (!exports.SEMVER_PATTERN.test(version)) {
+        throw new errors_1.ValidationError(fieldName, 'Must be semver format (e.g., 1.0.0)');
+    }
+}
+exports.validateSemver = validateSemver;
+/**
+ * Validate hash (bytes32) format
+ *
+ * @param hash - Hash to validate
+ * @param fieldName - Field name for error messages
+ * @throws {ValidationError} If hash is invalid
+ */
+function validateHash(hash, fieldName = 'hash') {
+    if (!hash || typeof hash !== 'string') {
+        throw new errors_1.ValidationError(fieldName, 'Hash is required');
+    }
+    if (!exports.HASH_PATTERN.test(hash)) {
+        throw new errors_1.ValidationError(fieldName, 'Invalid hash format (expected bytes32 hex string)');
+    }
+}
+exports.validateHash = validateHash;
+/**
+ * Validate signature format (65 bytes)
+ *
+ * @param signature - Signature to validate
+ * @param fieldName - Field name for error messages
+ * @throws {ValidationError} If signature is invalid
+ */
+function validateSignature(signature, fieldName = 'signature') {
+    if (!signature || typeof signature !== 'string') {
+        throw new errors_1.ValidationError(fieldName, 'Signature is required');
+    }
+    if (!exports.SIGNATURE_PATTERN.test(signature)) {
+        throw new errors_1.ValidationError(fieldName, 'Invalid signature format (expected 65 bytes = 0x + 130 hex chars)');
+    }
+}
+exports.validateSignature = validateSignature;
+// ============================================================================
+// Error Sanitization (P0-2)
+// ============================================================================
+/**
+ * Sanitize error messages to remove sensitive data
+ *
+ * SECURITY FIX (P0-2): Removes credentials, private keys, and other
+ * sensitive data from error messages before logging/returning.
+ *
+ * @param error - Error to sanitize
+ * @returns Sanitized error message
+ */
+function sanitizeErrorMessage(error) {
+    if (!error)
+        return 'Unknown error';
+    let message = '';
+    if (error instanceof Error) {
+        message = error.message;
+    }
+    else if (typeof error === 'string') {
+        message = error;
+    }
+    else {
+        message = String(error);
+    }
+    // Patterns to redact
+    const sensitivePatterns = [
+        // Private keys (hex)
+        /0x[a-fA-F0-9]{64}/g,
+        // AWS access key IDs
+        /AKIA[0-9A-Z]{16}/g,
+        // AWS secret keys (40 chars)
+        /[a-zA-Z0-9/+=]{40}/g,
+        // Bearer tokens
+        /Bearer\s+[a-zA-Z0-9._-]+/gi,
+        // API keys (generic pattern)
+        /api[_-]?key[=:]\s*["']?[a-zA-Z0-9_-]+["']?/gi,
+        // Secret in URL query params
+        /secret[=][^&\s]+/gi,
+        // Password in URL
+        /password[=][^&\s]+/gi,
+        // Authorization headers
+        /authorization[=:]\s*["']?[^"'\s]+["']?/gi
+    ];
+    let sanitized = message;
+    for (const pattern of sensitivePatterns) {
+        sanitized = sanitized.replace(pattern, '[REDACTED]');
+    }
+    return sanitized;
+}
+exports.sanitizeErrorMessage = sanitizeErrorMessage;
+/**
+ * Create a safe error object for external consumption
+ *
+ * SECURITY FIX (P0-2): Returns error without stack trace or sensitive details
+ *
+ * @param error - Original error
+ * @param operation - What operation failed
+ * @returns Safe error object
+ */
+function createSafeError(error, operation) {
+    const sanitizedMessage = sanitizeErrorMessage(error);
+    // Don't expose internal details - generic message with operation context
+    return {
+        message: `Operation failed: ${operation}. ${sanitizedMessage}`,
+        code: error?.code || 'UNKNOWN_ERROR',
+        operation
+    };
+}
+exports.createSafeError = createSafeError;
 //# sourceMappingURL=validation.js.map

package/dist/utils/validation.js.map

@@ -1 +1 @@
-{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAA+C;AAC/C,sCAImB;AAEnB;;GAEG;AAEH;;GAEG;AACH,SAAgB,eAAe,CAAC,OAAe,EAAE,YAAoB,SAAS;IAC5E,IAAI,CAAC,OAAO,IAAI,CAAC,IAAA,kBAAS,EAAC,OAAO,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,4BAAmB,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,KAAK,IAAA,mBAAU,EAAC,4CAA4C,CAAC,EAAE,CAAC;QACzE,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,gCAAgC,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AARD,0CAQC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,MAAc,EAAE,aAAqB,QAAQ;IAC1E,kDAAkD;IAClD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,2BAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAC3E,CAAC;IAED,IAAI,MAAM,IAAI,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,2BAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAClD,CAAC;AACH,CAAC;AATD,wCASC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,QAAgB,EAAE,YAAoB,UAAU;IAC/E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC;QACpB,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,wCAAwC,GAAG,eAAe,QAAQ,GAAG,CACtE,CAAC;IACJ,CAAC;AACH,CAAC;AATD,4CASC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CACnC,aAAqB,EACrB,YAAoB,eAAe;IAEnC,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,qBAAqB;IAEnE,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,mCAAmC,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,aAAa,GAAG,kBAAkB,EAAE,CAAC;QACvC,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,mCAAmC,kBAAkB,cAAc,CACpE,CAAC;IACJ,CAAC;AACH,CAAC;AAhBD,sDAgBC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,IAAY,EAAE,YAAoB,MAAM;IACnE,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,kDAAkD,CAAC,CAAC;IAC3F,CAAC;AACH,CAAC;AAJD,oCAIC;AAED;;;;;;;;;;GAUG;AACH,SAAS,WAAW,CAAC,EAAU;IAC7B,kCAAkC;IAClC,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAE3C,gBAAgB;IAChB,MAAM,mBAAmB,GAAG;QAC1B,QAAQ,EAAuB,WAAW;QAC1C,OAAO,EAAwB,kBAAkB;QACjD,4BAA4B,EAAG,kCAAkC;QACjE,aAAa,EAAkB,kBAAkB;QACjD,aAAa,EAAkB,4BAA4B;QAC3D,MAAM,EAAyB,iBAAiB;QAChD,cAAc,CAAiB,qBAAqB;KACrD,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;QAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,MAAM,mBAAmB,GAAG;QAC1B,OAAO,EAAwB,gBAAgB;QAC/C,eAAe,EAAgB,wBAAwB;QACvD,cAAc,EAAiB,2BAA2B;QAC1D,oBAAoB,EAAW,gCAAgC;QAC/D,mCAAmC,EAAG,kCAAkC;QACxE,oBAAoB,EAAW,kDAAkD;QACjF,SAAS,EAAsB,oBAAoB;QACnD,MAAM,EAAyB,oBAAoB;QACnD,SAAS,CAAsB,4BAA4B;KAC5D,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;QAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACI,KAAK,UAAU,mBAAmB,CAAC,QAAgB,EAAE,YAAoB,UAAU;IACxF,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,sBAAsB,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC;IACvB,IAAI,QAAQ,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QACjC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,oCAAoC,UAAU,GAAG,CAAC,CAAC;IAC1F,CAAC;IAED,IAAI,SAAc,CAAC;IACnB,IAAI,CAAC;QACH,SAAS,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,8BAA8B,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,qCAAqC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACnE,CAAC;IACJ,CAAC;IAED,kDAAkD;IAClD,qDAAqD;IACrD,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;IAEpC,+EAA+E;IAC/E,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,sBAAsB,QAAQ,gDAAgD,CAC/E,CAAC;IACJ,CAAC;IAED,2CAA2C;IAC3C,mEAAmE;IACnE,4EAA4E;IAC5E,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACpC,IAAI,CAAC;YACH,mEAAmE;YACnE,kFAAkF;YAClF,MAAM,GAAG,GAAG,MAAM,kDAAO,KAAK,IAAE,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;YAElD,IAAI,GAAG,EAAE,CAAC;gBACR,kFAAkF;gBAClF,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;gBAEnE,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;oBAC1C,sCAAsC;oBACtC,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;wBACzB,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,sBAAsB,QAAQ,oCAAoC,OAAO,sBAAsB;4BAC7F,wDAAwD;4BACxD,iBAAiB,MAAM,EAAE,CAC5B,CAAC;oBACJ,CAAC;oBAED,wEAAwE;oBACxE,IAAI,OAAO,KAAK,iBAAiB,EAAE,CAAC;wBAClC,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,gEAAgE;4BAC9D,qEAAqE,CACxE,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,gEAAgE;YAChE,gFAAgF;YAChF,IAAI,KAAK,YAAY,wBAAe,EAAE,CAAC;gBACrC,MAAM,KAAK,CAAC,CAAC,6BAA6B;YAC5C,CAAC;YAED,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,+BAA+B,QAAQ,MAAM,KAAK,CAAC,OAAO,IAAI;gBAC9D,oEAAoE,CACrE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,kEAAkE;AACpE,CAAC;AAvFD,kDAuFC"}
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAA+C;AAC/C,sCAMmB;AAEnB;;GAEG;AAEH,+EAA+E;AAC/E,6CAA6C;AAC7C,+EAA+E;AAE/E,0CAA0C;AAC7B,QAAA,eAAe,GAAG,qBAAqB,CAAC;AAErD,kDAAkD;AACrC,QAAA,aAAa,GAAG,qBAAqB,CAAC;AAEnD,wCAAwC;AAC3B,QAAA,YAAY,GAAG,qBAAqB,CAAC;AAElD,8DAA8D;AACjD,QAAA,iBAAiB,GAAG,sBAAsB,CAAC;AAExD,8CAA8C;AACjC,QAAA,WAAW,GAAG,+CAA+C,CAAC;AAE3E,uDAAuD;AAC1C,QAAA,qBAAqB,GAAG,qBAAqB,CAAC;AAE3D,4CAA4C;AAC/B,QAAA,cAAc,GAAG,iBAAiB,CAAC;AAEhD,+EAA+E;AAC/E,iDAAiD;AACjD,+EAA+E;AAE/E;;;GAGG;AACU,QAAA,qBAAqB,GAAG;IACnC,kBAAkB;IAClB,sBAAsB;IACtB,qBAAqB;IACrB,SAAS;IACT,WAAW;IACX,UAAU;IACV,iBAAiB;CACT,CAAC;AAEX;;;GAGG;AACU,QAAA,wBAAwB,GAAG;IACtC,aAAa;IACb,kBAAkB;IAClB,aAAa;CACL,CAAC;AAEX,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,eAAe,CAAC,OAAe,EAAE,YAAoB,SAAS;IAC5E,IAAI,CAAC,OAAO,IAAI,CAAC,IAAA,kBAAS,EAAC,OAAO,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,4BAAmB,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,KAAK,IAAA,mBAAU,EAAC,4CAA4C,CAAC,EAAE,CAAC;QACzE,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,gCAAgC,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AARD,0CAQC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,MAAc,EAAE,aAAqB,QAAQ;IAC1E,kDAAkD;IAClD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,2BAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAC3E,CAAC;IAED,IAAI,MAAM,IAAI,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,2BAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAClD,CAAC;AACH,CAAC;AATD,wCASC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,QAAgB,EAAE,YAAoB,UAAU;IAC/E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC;QACpB,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,wCAAwC,GAAG,eAAe,QAAQ,GAAG,CACtE,CAAC;IACJ,CAAC;AACH,CAAC;AATD,4CASC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CACnC,aAAqB,EACrB,YAAoB,eAAe;IAEnC,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,qBAAqB;IAEnE,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,mCAAmC,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,aAAa,GAAG,kBAAkB,EAAE,CAAC;QACvC,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,mCAAmC,kBAAkB,cAAc,CACpE,CAAC;IACJ,CAAC;AACH,CAAC;AAhBD,sDAgBC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,IAAY,EAAE,YAAoB,MAAM;IACnE,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,kDAAkD,CAAC,CAAC;IAC3F,CAAC;AACH,CAAC;AAJD,oCAIC;AAED;;;;;;;;;;GAUG;AACH,SAAS,WAAW,CAAC,EAAU;IAC7B,kCAAkC;IAClC,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAE3C,gBAAgB;IAChB,MAAM,mBAAmB,GAAG;QAC1B,QAAQ,EAAuB,WAAW;QAC1C,OAAO,EAAwB,kBAAkB;QACjD,4BAA4B,EAAG,kCAAkC;QACjE,aAAa,EAAkB,kBAAkB;QACjD,aAAa,EAAkB,4BAA4B;QAC3D,MAAM,EAAyB,iBAAiB;QAChD,cAAc,CAAiB,qBAAqB;KACrD,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;QAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,gFAAgF;IAChF,MAAM,mBAAmB,GAAG;QAC1B,OAAO,EAAwB,gBAAgB;QAC/C,eAAe,EAAgB,wBAAwB;QACvD,iBAAiB,EAAc,oCAAoC;QACnE,cAAc,EAAiB,2BAA2B;QAC1D,gBAAgB,EAAe,uCAAuC;QACtE,oBAAoB,EAAW,gCAAgC;QAC/D,sBAAsB,EAAS,4CAA4C;QAC3E,mCAAmC,EAAG,kCAAkC;QACxE,qCAAqC,EAAC,8CAA8C;QACpF,oBAAoB,EAAW,kDAAkD;QACjF,sBAAsB,EAAS,qCAAqC;QACpE,SAAS,EAAsB,oBAAoB;QACnD,MAAM,EAAyB,oBAAoB;QACnD,SAAS,CAAsB,4BAA4B;KAC5D,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;QAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACI,KAAK,UAAU,mBAAmB,CAAC,QAAgB,EAAE,YAAoB,UAAU;IACxF,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,sBAAsB,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC;IACvB,IAAI,QAAQ,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QACjC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,oCAAoC,UAAU,GAAG,CAAC,CAAC;IAC1F,CAAC;IAED,IAAI,SAAc,CAAC;IACnB,IAAI,CAAC;QACH,SAAS,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,8BAA8B,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,qCAAqC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACnE,CAAC;IACJ,CAAC;IAED,kDAAkD;IAClD,qDAAqD;IACrD,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;IAEpC,+EAA+E;IAC/E,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,sBAAsB,QAAQ,gDAAgD,CAC/E,CAAC;IACJ,CAAC;IAED,2CAA2C;IAC3C,mEAAmE;IACnE,4EAA4E;IAC5E,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACpC,IAAI,CAAC;YACH,mEAAmE;YACnE,kFAAkF;YAClF,MAAM,GAAG,GAAG,MAAM,kDAAO,KAAK,IAAE,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;YAElD,IAAI,GAAG,EAAE,CAAC;gBACR,kFAAkF;gBAClF,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;gBAEnE,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;oBAC1C,sCAAsC;oBACtC,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;wBACzB,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,sBAAsB,QAAQ,oCAAoC,OAAO,sBAAsB;4BAC7F,wDAAwD;4BACxD,iBAAiB,MAAM,EAAE,CAC5B,CAAC;oBACJ,CAAC;oBAED,wEAAwE;oBACxE,IAAI,OAAO,KAAK,iBAAiB,EAAE,CAAC;wBAClC,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,gEAAgE;4BAC9D,qEAAqE,CACxE,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,gEAAgE;YAChE,gFAAgF;YAChF,IAAI,KAAK,YAAY,wBAAe,EAAE,CAAC;gBACrC,MAAM,KAAK,CAAC,CAAC,6BAA6B;YAC5C,CAAC;YAED,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,+BAA+B,QAAQ,MAAM,KAAK,CAAC,OAAO,IAAI;gBAC9D,oEAAoE,CACrE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,kEAAkE;AACpE,CAAC;AAvFD,kDAuFC;AAED,+EAA+E;AAC/E,uCAAuC;AACvC,+EAA+E;AAE/E;;;;;;GAMG;AACH,SAAgB,WAAW,CAAC,GAAW,EAAE,YAAoB,KAAK;IAChE,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,wBAAe,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,CAAC,mBAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,wBAAe,CAAC,GAAG,EAAE,4DAA4D,CAAC,CAAC;IAC/F,CAAC;AACH,CAAC;AARD,kCAQC;AAED;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,IAAY,EAAE,YAAoB,MAAM;IAC1E,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,gCAAuB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,mBAAmB,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,CAAC,6BAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,gCAAuB,CAC/B,IAAI,EACJ,yDAAyD,CAC1D,CAAC;IACJ,CAAC;AACH,CAAC;AAXD,kDAWC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,kBAAkB,CAChC,GAAW,EACX,eAAkC,EAClC,YAAoB,YAAY;IAEhC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,SAAc,CAAC;IACnB,IAAI,CAAC;QACH,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;IAC7D,CAAC;IAED,gBAAgB;IAChB,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,8EAA8E;IAC9E,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;IAC5B,IAAI,IAAI,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,+DAA+D,IAAI,IAAI;YACvE,iDAAiD,CAClD,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAClD,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAC/C,QAAQ,KAAK,OAAO,CAAC,WAAW,EAAE;QAClC,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAC/C,CAAC;IAEF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,YAAY,QAAQ,gCAAgC;YACpD,qBAAqB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;YACnD,yCAAyC,CAC1C,CAAC;IACJ,CAAC;AACH,CAAC;AA9CD,gDA8CC;AAED;;;;;;GAMG;AACH,SAAgB,cAAc,CAAC,OAAe,EAAE,YAAoB,SAAS;IAC3E,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,qBAAqB,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,CAAC,sBAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,qCAAqC,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AARD,wCAQC;AAED;;;;;;GAMG;AACH,SAAgB,YAAY,CAAC,IAAY,EAAE,YAAoB,MAAM;IACnE,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,CAAC,oBAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,mDAAmD,CAAC,CAAC;IAC5F,CAAC;AACH,CAAC;AARD,oCAQC;AAED;;;;;;GAMG;AACH,SAAgB,iBAAiB,CAAC,SAAiB,EAAE,YAAoB,WAAW;IAClF,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,CAAC,yBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,mEAAmE,CACpE,CAAC;IACJ,CAAC;AACH,CAAC;AAXD,8CAWC;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAAC,KAAc;IACjD,IAAI,CAAC,KAAK;QAAE,OAAO,eAAe,CAAC;IAEnC,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;QAC3B,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;IAC1B,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,OAAO,GAAG,KAAK,CAAC;IAClB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;IAED,qBAAqB;IACrB,MAAM,iBAAiB,GAAG;QACxB,qBAAqB;QACrB,oBAAoB;QACpB,qBAAqB;QACrB,mBAAmB;QACnB,6BAA6B;QAC7B,qBAAqB;QACrB,gBAAgB;QAChB,4BAA4B;QAC5B,6BAA6B;QAC7B,8CAA8C;QAC9C,6BAA6B;QAC7B,oBAAoB;QACpB,kBAAkB;QAClB,sBAAsB;QACtB,wBAAwB;QACxB,0CAA0C;KAC3C,CAAC;IAEF,IAAI,SAAS,GAAG,OAAO,CAAC;IACxB,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAtCD,oDAsCC;AAED;;;;;;;;GAQG;AACH,SAAgB,eAAe,CAC7B,KAAc,EACd,SAAiB;IAEjB,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IAErD,yEAAyE;IACzE,OAAO;QACL,OAAO,EAAE,qBAAqB,SAAS,KAAK,gBAAgB,EAAE;QAC9D,IAAI,EAAG,KAAa,EAAE,IAAI,IAAI,eAAe;QAC7C,SAAS;KACV,CAAC;AACJ,CAAC;AAZD,0CAYC"}

package/package.json

@@ -1,9 +1,19 @@
 {
   "name": "@agirails/sdk",
-  "version": "2.0.3",
+  "version": "2.2.0",
   "description": "AGIRAILS SDK for the ACTP (Agent Commerce Transaction Protocol) - Unified mock + blockchain support",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    },
+    "./storage": {
+      "types": "./dist/storage/index.d.ts",
+      "default": "./dist/storage/index.js"
+    }
+  },
   "bin": {
     "actp": "./bin/actp"
   },
@@ -31,7 +41,9 @@
     "test:cancel": "ts-node test-scripts/03-cancel.ts",
     "test:happy-path-eas": "ts-node test-scripts/04-happy-path-eas.ts",
     "test:status": "ts-node test-scripts/status.ts",
-    "test:all": "npm run test:setup && npm run test:happy-path && npm run test:dispute && npm run test:cancel"
+    "test:all": "npm run test:setup && npm run test:happy-path && npm run test:dispute && npm run test:cancel",
+    "eas:register": "ts-node scripts/register-eas-schema.ts",
+    "eas:register:mainnet": "ts-node scripts/register-eas-schema.ts base-mainnet"
   },
   "keywords": [
     "agirails",

package/src/adapters/BaseAdapter.ts

@@ -133,7 +133,7 @@ export abstract class BaseAdapter {
     // Converts all Unicode whitespace to regular spaces, then strip currency symbols
     let normalized = String(amount)
       .replace(/[\s\u00A0\u2000-\u200B\uFEFF]/g, ' ') // Replace all Unicode whitespace with regular space
-      .replace(/^[\$]/, '') // Strip leading $
+      .replace(/^[$]/, '') // Strip leading $
       .replace(/\s*(USDC|usdc)$/, '') // Strip trailing USDC
       .replace(/,/g, '') // Strip thousands separators
       .replace(/\s+/g, '') // Remove ALL whitespace (including normalized Unicode spaces)
@@ -417,7 +417,7 @@ export abstract class BaseAdapter {
 
     // Check it's not in the past (with 1 minute buffer)
     const now = Math.floor(Date.now() / 1000);
-    const oneMinuteAgo = now - 60;
+    const _oneMinuteAgo = now - 60; // Reserved for future validation
 
     // Only apply this check if it looks like a deadline/future timestamp
     // (e.g., createdAt can be in the past)

package/src/adapters/BasicAdapter.ts

@@ -13,9 +13,8 @@
  * @module adapters/BasicAdapter
  */
 
-import { BaseAdapter, ValidationError, DEFAULT_DISPUTE_WINDOW_SECONDS } from './BaseAdapter';
+import { BaseAdapter, ValidationError } from './BaseAdapter';
 import { IACTPRuntime } from '../runtime/IACTPRuntime';
-import { TransactionState } from '../runtime/types/MockState';
 import { EASHelper } from '../protocol/EASHelper';
 
 /**
@@ -156,6 +155,17 @@ export class BasicAdapter extends BaseAdapter {
       throw new ValidationError('Deadline must be in the future');
     }
 
+    // SECURITY: Enforce transaction amount limit on unaudited mainnet contracts
+    const maxAmount = this.runtime.maxTransactionAmount;
+    const amountInUsdc = Number(amount) / 1_000_000; // Convert from wei to USDC
+    if (maxAmount !== undefined && amountInUsdc > maxAmount) {
+      throw new ValidationError(
+        `Transaction amount $${amountInUsdc.toFixed(2)} exceeds maximum allowed $${maxAmount}. ` +
+        `This limit exists because contracts have not been formally audited. ` +
+        `For larger amounts, please contact support@agirails.io.`
+      );
+    }
+
     // Create transaction
     const txId = await this.runtime.createTransaction({
       provider,

package/src/adapters/StandardAdapter.ts

@@ -12,7 +12,7 @@
  * @module adapters/StandardAdapter
  */
 
-import { BaseAdapter, ValidationError, DEFAULT_DISPUTE_WINDOW_SECONDS } from './BaseAdapter';
+import { BaseAdapter, ValidationError } from './BaseAdapter';
 import { IACTPRuntime } from '../runtime/IACTPRuntime';
 import { MockTransaction, TransactionState } from '../runtime/types/MockState';
 import { EASHelper } from '../protocol/EASHelper';
@@ -125,6 +125,17 @@ export class StandardAdapter extends BaseAdapter {
       throw new ValidationError('Deadline must be in the future');
     }
 
+    // SECURITY: Enforce transaction amount limit on unaudited mainnet contracts
+    const maxAmount = this.runtime.maxTransactionAmount;
+    const amountInUsdc = Number(amount) / 1_000_000; // Convert from wei to USDC
+    if (maxAmount !== undefined && amountInUsdc > maxAmount) {
+      throw new ValidationError(
+        `Transaction amount $${amountInUsdc.toFixed(2)} exceeds maximum allowed $${maxAmount}. ` +
+        `This limit exists because contracts have not been formally audited. ` +
+        `For larger amounts, please contact support@agirails.io.`
+      );
+    }
+
     return this.runtime.createTransaction({
       provider,
       requester,
@@ -169,23 +180,32 @@ export class StandardAdapter extends BaseAdapter {
    * Valid transitions:
    * - INITIATED → QUOTED, COMMITTED, CANCELLED
    * - QUOTED → COMMITTED, CANCELLED
-   * - COMMITTED → IN_PROGRESS, DELIVERED, CANCELLED
+   * - COMMITTED → IN_PROGRESS, CANCELLED
    * - IN_PROGRESS → DELIVERED, CANCELLED
    * - DELIVERED → SETTLED, DISPUTED
-   * - DISPUTED → SETTLED
+   * - DISPUTED → SETTLED, CANCELLED (admin/pauser)
    *
    * @param txId - Transaction ID
    * @param newState - Target state
+   * @param proof - Optional proof data (required for DELIVERED transition with dispute window)
    * @throws {Error} If transition is invalid
    *
    * @example
    * ```typescript
-   * // Provider marks work as delivered
-   * await adapter.transitionState(txId, 'DELIVERED');
+   * // Provider starts work
+   * await adapter.transitionState(txId, 'IN_PROGRESS');
+   *
+   * // Provider marks work as delivered (with dispute window proof)
+   * const disputeWindowProof = ethers.AbiCoder.defaultAbiCoder().encode(['uint256'], [7200]);
+   * await adapter.transitionState(txId, 'DELIVERED', disputeWindowProof);
    * ```
    */
-  async transitionState(txId: string, newState: TransactionState): Promise<void> {
-    return this.runtime.transitionState(txId, newState);
+  async transitionState(
+    txId: string,
+    newState: TransactionState,
+    proof?: string
+  ): Promise<void> {
+    return this.runtime.transitionState(txId, newState, proof);
   }
 
   /**

package/src/builders/QuoteBuilder.ts

@@ -233,7 +233,7 @@ export class QuoteBuilder {
    */
   computeHash(quote: QuoteMessage): string {
     // Remove signature field for hashing
-    const { signature, ...quoteWithoutSig } = quote;
+    const { signature: _signature, ...quoteWithoutSig } = quote;
     return keccak256(toUtf8Bytes(canonicalJsonStringify(quoteWithoutSig)));
   }
 

package/src/cli/commands/config.ts

@@ -156,7 +156,7 @@ function createConfigSetCommand(): Command {
           updates.address = value.toLowerCase();
         }
 
-        const newConfig = updateConfig(updates);
+        updateConfig(updates);
 
         output.result({
           [key]: key === 'privateKey' ? '****' + value.slice(-4) : value,

package/src/cli/commands/simulate.ts

@@ -14,7 +14,7 @@ import { Command } from 'commander';
 import { Output, ExitCode, fmt } from '../utils/output';
 import { loadConfig } from '../utils/config';
 import { mapError } from '../utils/client';
-import { BaseAdapter, ValidationError, MIN_AMOUNT_WEI } from '../../adapters/BaseAdapter';
+import { BaseAdapter } from '../../adapters/BaseAdapter';
 
 // ============================================================================
 // Command Definition

package/src/cli/commands/time.ts

@@ -10,10 +10,9 @@
  */
 
 import { Command } from 'commander';
-import { Output, ExitCode, fmt } from '../utils/output';
+import { Output, ExitCode } from '../utils/output';
 import { loadConfig } from '../utils/config';
 import { createClient, mapError } from '../utils/client';
-import { MockRuntime } from '../../runtime/MockRuntime';
 import { IMockRuntime } from '../../runtime/IACTPRuntime';
 
 // ============================================================================

package/src/config/networks.ts

@@ -30,6 +30,8 @@ export interface NetworkConfig {
     eas: string; // EAS contract address
     easSchemaRegistry: string; // EAS SchemaRegistry contract
     agentRegistry?: string; // AIP-7 Agent Registry (optional until deployed)
+    identityRegistry?: string; // AIP-7 ERC-1056 DID Registry (optional until deployed)
+    archiveTreasury?: string; // AIP-7 Archive Treasury for Arweave funding (optional until deployed)
   };
   eas: {
     deliverySchemaUID: string; // AIP-4 delivery proof schema
@@ -38,6 +40,13 @@ export interface NetworkConfig {
     maxFeePerGas: bigint;
     maxPriorityFeePerGas: bigint;
   };
+  /**
+   * Maximum transaction amount in USDC (human-readable, e.g., 100 = $100)
+   *
+   * SECURITY: Limits exposure on unaudited mainnet contracts.
+   * Set to undefined for no limit (testnet only).
+   */
+  maxTransactionAmount?: number;
 }
 
 /**
@@ -49,7 +58,7 @@ export const BASE_SEPOLIA: NetworkConfig = {
   rpcUrl: BASE_SEPOLIA_RPC_URL,
   blockExplorer: 'https://sepolia.basescan.org',
   contracts: {
-    // Redeployed 2025-12-10 by Arha (new deployer wallet 0x42a2f11555b9363fb7ebdcdc76d7cb26e01dcb00)
+    // Redeployed 2025-12-10
     actpKernel: '0xD199070F8e9FB9a127F6Fe730Bc13300B4b3d962',
     escrowVault: '0x948b9Ea081C4Cec1E112Af2e539224c531d4d585',
     usdc: '0x444b4e1A65949AB2ac75979D5d0166Eb7A248Ccb', // MockUSDC
@@ -57,7 +66,11 @@ export const BASE_SEPOLIA: NetworkConfig = {
     eas: '0x4200000000000000000000000000000000000021',
     easSchemaRegistry: '0x4200000000000000000000000000000000000020',
     // AIP-7 Agent Registry (deployed 2025-12-11)
-    agentRegistry: '0xFed6914Aa70c0a53E9c7Cc4d2Ae159e4748fb09D'
+    agentRegistry: '0xFed6914Aa70c0a53E9c7Cc4d2Ae159e4748fb09D',
+    // AIP-7 Identity Registry - ERC-1056 DID Registry (deployed 2026-01-09)
+    identityRegistry: '0xF64F748C7802a68Cb936a9213881fE74e83FDA97',
+    // AIP-7 Archive Treasury - Arweave funding (deployed 2026-01-09)
+    archiveTreasury: '0xeB75DE7cF5ce77ab15BB0fFa3a2A79e6aaa554B0'
   },
   eas: {
     // Deployed 2025-11-23 - AIP-4 delivery proof schema
@@ -82,22 +95,31 @@ export const BASE_MAINNET: NetworkConfig = {
   rpcUrl: BASE_MAINNET_RPC_URL,
   blockExplorer: 'https://basescan.org',
   contracts: {
-    // NOT DEPLOYED: Will throw error via validateNetworkConfig()
-    actpKernel: '0x0000000000000000000000000000000000000000',
-    escrowVault: '0x0000000000000000000000000000000000000000',
+    // Deployed 2026-02-03
+    actpKernel: '0xeaE4D6925510284dbC45C8C64bb8104a079D4c60',
+    escrowVault: '0xb7bCadF7F26f0761995d95105DFb2346F81AF02D',
     usdc: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913', // Official USDC on Base
     // EAS contracts (Base native deployment)
     eas: '0x4200000000000000000000000000000000000021',
-    easSchemaRegistry: '0x4200000000000000000000000000000000000020'
+    easSchemaRegistry: '0x4200000000000000000000000000000000000020',
+    // AIP-7 contracts
+    agentRegistry: '0xbf9Aa0FC291A06A4dFA943c3E0Ad41E7aE20DF02',
+    archiveTreasury: '0x64B8f93fef2D2E749F5E88586753343F73246012'
   },
   eas: {
-    // NOT DEPLOYED: Requires mainnet schema registration
-    deliverySchemaUID: '0x0000000000000000000000000000000000000000000000000000000000000000'
+    // Registered 2026-02-03
+    deliverySchemaUID: '0x166501e7476e2fcf9214c4c5144533c2957d56fe59d639effc1719a0658d9c9a'
   },
   gasSettings: {
     maxFeePerGas: ethers.parseUnits('0.5', 'gwei'),
     maxPriorityFeePerGas: ethers.parseUnits('0.1', 'gwei')
-  }
+  },
+  /**
+   * SECURITY: $1,000 max transaction limit until contracts are audited.
+   * This limits exposure in case of undiscovered vulnerabilities.
+   * Will be removed/increased after formal security audit.
+   */
+  maxTransactionAmount: 1000
 };
 
 /**
@@ -134,7 +156,9 @@ export function getNetwork(network: string): NetworkConfig {
       usdc: config.contracts.usdc,
       eas: config.contracts.eas,
       easSchemaRegistry: config.contracts.easSchemaRegistry,
-      agentRegistry: config.contracts.agentRegistry
+      agentRegistry: config.contracts.agentRegistry,
+      identityRegistry: config.contracts.identityRegistry,
+      archiveTreasury: config.contracts.archiveTreasury
     },
     eas: {
       deliverySchemaUID: config.eas.deliverySchemaUID

package/src/index.ts

@@ -217,6 +217,46 @@ export type {
   PriceCalculation,
 } from './level1';
 
+// =============================================================================
+// Storage Layer (AIP-7 §4) - Hybrid IPFS + Arweave
+// =============================================================================
+
+// Storage clients
+export { FilebaseClient } from './storage/FilebaseClient';
+export { ArweaveClient } from './storage/ArweaveClient';
+
+// Archive bundle builder
+export {
+  ArchiveBundleBuilder,
+  computeContentHash,
+  validateArchiveBundle,
+} from './storage/ArchiveBundleBuilder';
+
+// Storage types
+export type {
+  FilebaseConfig,
+  ArweaveConfig,
+  IrysCurrency,
+  IrysNetwork,
+  ArchiveBundle,
+  ArchiveChainId,
+  ArchiveFinalState,
+  ArchiveParticipants,
+  ArchiveReferences,
+  ArchiveHashes,
+  ArchiveSignatures,
+  ArchiveAttestation,
+  ArchiveSettlement,
+  EscrowRelease,
+  ArchiveTags,
+  IPFSUploadResult,
+  ArweaveUploadResult,
+  DownloadResult,
+} from './storage/types';
+
+// Storage constants
+export { ARCHIVE_BUNDLE_TYPE } from './storage/types';
+
 // =============================================================================
 // Enhanced Error Exports
 // =============================================================================
@@ -241,4 +281,18 @@ export {
   DisputeRaisedError,
   ServiceConfigError,
   AgentLifecycleError,
+  // Storage errors (AIP-7)
+  StorageError,
+  StorageAuthenticationError,
+  StorageRateLimitError,
+  UploadTimeoutError,
+  DownloadTimeoutError,
+  ContentNotFoundError,
+  FileSizeLimitExceededError,
+  InvalidCIDError,
+  ArweaveUploadError,
+  ArweaveDownloadError,
+  ArweaveTimeoutError,
+  InvalidArweaveTxIdError,
+  InsufficientBalanceError as StorageInsufficientBalanceError,
 } from './errors';