@arc402/sdk 0.6.5 → 0.6.6

package/CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## [0.6.6] — 2026-04-02
+
+### Added
+- `DaemonClient` / `DaemonNodeClient` for the split ARC-402 node API (`/health`, `/auth/*`, `/wallet/status`, `/workroom/status`, `/agreements`).
+- Local daemon URL helpers that infer `:4402` / `:4403` from `~/.arc402/daemon.toml`.
+- Local daemon token loading from `~/.arc402/daemon.token` for authenticated node reads.
+
+### Docs
+- Clarified the split between the delivery plane (`DeliveryClient` on `:4402`) and the authenticated node API plane (`DaemonClient` on `:4403`).
+- Synced the README to the current official node/daemon architecture and package release lane.
+
 ## [0.6.3] — 2026-03-25
 
 ### Synced

package/README.md

@@ -2,9 +2,9 @@
 
 [![npm](https://img.shields.io/npm/v/@arc402/sdk?color=blue)](https://www.npmjs.com/package/@arc402/sdk)
 
-Typed TypeScript SDK for the current ARC-402 network workflow: discovery, off-chain negotiation payloads, escrowed hiring, delivery verification, remediation, disputes, reputation signals, sponsorship, canonical capability taxonomy, governance reads, and operational-context reads.
+Typed TypeScript SDK for the current ARC-402 network workflow: discovery, off-chain negotiation payloads, escrowed hiring, delivery verification, remediation, disputes, reputation signals, sponsorship, canonical capability taxonomy, governance reads, and operator/node runtime reads.
 
-Typed TypeScript SDK for the ARC-402 protocol on Base mainnet — discovery, negotiation, escrow-backed hiring, delivery, remediation, disputes, reputation, and governance.
+Typed TypeScript SDK for the ARC-402 protocol on Base mainnet and the current node/daemon architecture.
 
 > Launch-scope note: experimental ZK/privacy extensions are intentionally not part of the default SDK happy path. Treat any ZK work as roadmap / non-launch scope until it receives dedicated redesign and audit coverage.
 
@@ -23,7 +23,7 @@ openclaw install arc402-agent
 
 The SDK is the programmatic surface. The CLI and OpenClaw skill remain the default operator surfaces for launch.
 
-## What v0.2 adds
+## What v0.6.6 adds
 
 - typed remediation + dispute models aligned to `ServiceAgreement`
 - `ReputationOracleClient`
@@ -32,6 +32,8 @@ The SDK is the programmatic surface. The CLI and OpenClaw skill remain the defau
 - `GovernanceClient`
 - heartbeat / operational trust reads on `AgentRegistry` (informational today, not strong ranking-grade truth)
 - negotiation message helpers for Spec 14 payloads
+- `DaemonClient` / `DaemonNodeClient` for the official split node runtime (`/health`, `/auth/*`, `/wallet/status`, `/workroom/status`, `/agreements`)
+- daemon URL/token helpers that follow the host-node layout (`~/.arc402/daemon.toml`, `~/.arc402/daemon.token`)
 
 ## Operator model
 
@@ -42,6 +44,8 @@ The launch mental model is **operator-first**:
 
 If you want that naming directly in code, the package now exports `ARC402OperatorClient` as an alias of `ARC402WalletClient`.
 
+The active package publish lane is still the `packages/arc402-cli` + `packages/arc402-daemon` pair. This SDK stays in `reference/sdk`, but it now exposes the same local node API shape so programmatic integrations can harden against the official node/daemon runtime instead of shelling out to the CLI.
+
 ## Quick start
 
 ```ts
@@ -189,6 +193,34 @@ const outPath = await delivery.downloadDeliverable(42n, "report.pdf", "./downloa
 
 The CLI shortcut: `arc402 deliver <id> --output <file>` uploads files to the delivery layer and submits the bundle hash on-chain in one step.
 
+Use `DeliveryClient` for the delivery plane on `:4402`. Use `DaemonClient` / `DaemonNodeClient` for the authenticated split node API on `:4403`.
+
+## Node / daemon runtime
+
+For operator-facing local node reads and auth, use `DaemonClient`. This targets the split daemon API on `http://127.0.0.1:4403` by default, infers the API port from `~/.arc402/daemon.toml` when available, and reads `~/.arc402/daemon.token` automatically for authenticated endpoints.
+
+```ts
+import { DaemonClient } from "@arc402/sdk";
+
+const daemon = new DaemonClient();
+
+const health = await daemon.getHealth();
+const wallet = await daemon.getWalletStatus();
+const workroom = await daemon.getWorkroomStatus();
+const agreements = await daemon.listAgreements();
+
+console.log({ health, wallet, workroom, agreements: agreements.agreements.length });
+```
+
+To create a remote owner session explicitly:
+
+```ts
+const daemon = new DaemonClient({ baseUrl: "https://node.example.com" });
+const challenge = await daemon.requestAuthChallenge("0xYourWallet");
+const signature = await ownerSigner.signMessage(challenge.challenge);
+const session = await daemon.createSession(challenge.challengeId, signature);
+```
+
 ## Sponsorship + governance + operational context
 
 ```ts

package/dist/daemon.d.ts

@@ -0,0 +1,118 @@
+export declare const DEFAULT_DAEMON_HTTP_URL = "http://127.0.0.1:4402";
+export declare const DEFAULT_DAEMON_API_URL = "http://127.0.0.1:4403";
+export declare const DEFAULT_DAEMON_TOKEN_PATH: string;
+export declare const DEFAULT_DAEMON_CONFIG_PATH: string;
+export interface DaemonHealthStatus {
+    ok: boolean;
+    wallet: string;
+}
+export interface DaemonWalletStatus {
+    ok: boolean;
+    wallet: string;
+    daemonId: string;
+    chainId: number;
+    rpcUrl: string;
+    policyEngineAddress: string;
+}
+export interface DaemonWorkroomStatus {
+    ok: boolean;
+    status: string;
+}
+export interface DaemonAgreementRecord {
+    id: string;
+    agreement_id: string | null;
+    hirer_address: string;
+    capability: string;
+    price_eth: string;
+    deadline_unix: number;
+    spec_hash: string;
+    task_description: string | null;
+    status: string;
+    created_at: number;
+    updated_at: number;
+    reject_reason: string | null;
+}
+export interface DaemonAgreementsResponse {
+    ok: boolean;
+    agreements: DaemonAgreementRecord[];
+}
+export interface AuthChallengeResponse {
+    challengeId: string;
+    challenge: string;
+    daemonId: string;
+    wallet: string;
+    chainId: number;
+    scope: string;
+    expiresAt: number;
+    issuedAt: number;
+}
+export interface AuthSessionResponse {
+    ok: true;
+    token: string;
+    wallets: string[];
+    wallet: string;
+    scope: string;
+    expiresAt: number;
+}
+export interface RevokeSessionsResponse {
+    ok: boolean;
+    revoked: string;
+}
+export interface DaemonNodeClientOptions {
+    /** Split daemon API base URL. Defaults to http://127.0.0.1:4403. */
+    apiUrl?: string;
+    /** Alias for apiUrl to match older docs/examples. */
+    baseUrl?: string;
+    /** Local daemon token. Defaults to ~/.arc402/daemon.token when present. */
+    token?: string;
+    /** Explicit path to daemon.token if you don't want the default. */
+    tokenPath?: string;
+    /** Explicit path to daemon.toml if you want port inference from a non-default location. */
+    configPath?: string;
+    /** Custom fetch implementation for testing or non-standard runtimes. */
+    fetchImpl?: typeof fetch;
+}
+export declare class DaemonClientError extends Error {
+    readonly statusCode?: number;
+    readonly details?: unknown;
+    constructor(message: string, statusCode?: number, details?: unknown);
+}
+export declare function loadLocalDaemonToken(tokenPath?: string): string | undefined;
+export declare function resolveDaemonHttpBaseUrl(configPath?: string): string;
+export declare function resolveDaemonApiBaseUrl(options?: Pick<DaemonNodeClientOptions, "apiUrl" | "baseUrl" | "configPath">): string;
+/**
+ * Thin typed client for the split ARC-402 node API (`arc402-api`).
+ *
+ * This surface is for operator-side reads and auth against the host daemon/node process:
+ * - `/health`
+ * - `/auth/challenge`
+ * - `/auth/session`
+ * - `/auth/revoke`
+ * - `/wallet/status`
+ * - `/workroom/status`
+ * - `/agreements`
+ *
+ * The delivery plane still lives on the host daemon HTTP port (usually `:4402`)
+ * and is wrapped separately by `DeliveryClient`.
+ */
+export declare class DaemonNodeClient {
+    readonly apiUrl: string;
+    private readonly options;
+    private readonly fetchImpl;
+    constructor(options?: DaemonNodeClientOptions);
+    private request;
+    getHealth(): Promise<DaemonHealthStatus>;
+    requestAuthChallenge(wallet: string, requestedScope?: string): Promise<AuthChallengeResponse>;
+    health(): Promise<DaemonHealthStatus>;
+    createSession(challengeId: string, signature: string): Promise<AuthSessionResponse>;
+    revokeSessions(): Promise<RevokeSessionsResponse>;
+    revokeSession(): Promise<RevokeSessionsResponse>;
+    getWalletStatus(): Promise<DaemonWalletStatus>;
+    walletStatus(): Promise<DaemonWalletStatus>;
+    getWorkroomStatus(): Promise<DaemonWorkroomStatus>;
+    workroomStatus(): Promise<DaemonWorkroomStatus>;
+    listAgreements(): Promise<DaemonAgreementsResponse>;
+    agreements(): Promise<DaemonAgreementsResponse>;
+}
+export { DaemonNodeClient as DaemonClient };
+//# sourceMappingURL=daemon.d.ts.map

package/dist/daemon.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"daemon.d.ts","sourceRoot":"","sources":["../src/daemon.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,uBAAuB,0BAA0B,CAAC;AAC/D,eAAO,MAAM,sBAAsB,0BAA0B,CAAC;AAC9D,eAAO,MAAM,yBAAyB,QAAqD,CAAC;AAC5F,eAAO,MAAM,0BAA0B,QAAoD,CAAC;AAE5F,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,OAAO,CAAC;IACZ,UAAU,EAAE,qBAAqB,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,IAAI,CAAC;IACT,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,OAAO,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,uBAAuB;IACtC,oEAAoE;IACpE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qDAAqD;IACrD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2EAA2E;IAC3E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2FAA2F;IAC3F,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wEAAwE;IACxE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CAC1B;AAED,qBAAa,iBAAkB,SAAQ,KAAK;aAGxB,UAAU,CAAC,EAAE,MAAM;aACnB,OAAO,CAAC,EAAE,OAAO;gBAFjC,OAAO,EAAE,MAAM,EACC,UAAU,CAAC,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,OAAO;CAKpC;AAaD,wBAAgB,oBAAoB,CAAC,SAAS,SAA4B,GAAG,MAAM,GAAG,SAAS,CAO9F;AAED,wBAAgB,wBAAwB,CAAC,UAAU,SAA6B,GAAG,MAAM,CAWxF;AAED,wBAAgB,uBAAuB,CAAC,OAAO,GAAE,IAAI,CAAC,uBAAuB,EAAE,QAAQ,GAAG,SAAS,GAAG,YAAY,CAAM,GAAG,MAAM,CAoBhI;AAUD;;;;;;;;;;;;;;GAcG;AACH,qBAAa,gBAAgB;IAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA0B;IAClD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAe;gBAE7B,OAAO,GAAE,uBAA4B;YAMnC,OAAO;IA0Cf,SAAS,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAIxC,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,SAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIjG,MAAM,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAIrC,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAInF,cAAc,IAAI,OAAO,CAAC,sBAAsB,CAAC;IAIjD,aAAa,IAAI,OAAO,CAAC,sBAAsB,CAAC;IAIhD,eAAe,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAI9C,YAAY,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAI3C,iBAAiB,IAAI,OAAO,CAAC,oBAAoB,CAAC;IAIlD,cAAc,IAAI,OAAO,CAAC,oBAAoB,CAAC;IAI/C,cAAc,IAAI,OAAO,CAAC,wBAAwB,CAAC;IAInD,UAAU,IAAI,OAAO,CAAC,wBAAwB,CAAC;CAGtD;AAED,OAAO,EAAE,gBAAgB,IAAI,YAAY,EAAE,CAAC"}

package/dist/daemon.js

@@ -0,0 +1,174 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DaemonClient = exports.DaemonNodeClient = exports.DaemonClientError = exports.DEFAULT_DAEMON_CONFIG_PATH = exports.DEFAULT_DAEMON_TOKEN_PATH = exports.DEFAULT_DAEMON_API_URL = exports.DEFAULT_DAEMON_HTTP_URL = void 0;
+exports.loadLocalDaemonToken = loadLocalDaemonToken;
+exports.resolveDaemonHttpBaseUrl = resolveDaemonHttpBaseUrl;
+exports.resolveDaemonApiBaseUrl = resolveDaemonApiBaseUrl;
+const fs_1 = require("fs");
+const os_1 = __importDefault(require("os"));
+const path_1 = __importDefault(require("path"));
+exports.DEFAULT_DAEMON_HTTP_URL = "http://127.0.0.1:4402";
+exports.DEFAULT_DAEMON_API_URL = "http://127.0.0.1:4403";
+exports.DEFAULT_DAEMON_TOKEN_PATH = path_1.default.join(os_1.default.homedir(), ".arc402", "daemon.token");
+exports.DEFAULT_DAEMON_CONFIG_PATH = path_1.default.join(os_1.default.homedir(), ".arc402", "daemon.toml");
+class DaemonClientError extends Error {
+    constructor(message, statusCode, details) {
+        super(message);
+        this.statusCode = statusCode;
+        this.details = details;
+        this.name = "DaemonClientError";
+    }
+}
+exports.DaemonClientError = DaemonClientError;
+function trimTrailingSlash(input) {
+    return input.replace(/\/$/, "");
+}
+function readTomlInteger(contents, key) {
+    const match = contents.match(new RegExp(`^\\s*${key}\\s*=\\s*(\\d+)\\s*$`, "m"));
+    if (!match)
+        return undefined;
+    const parsed = Number.parseInt(match[1], 10);
+    return Number.isFinite(parsed) ? parsed : undefined;
+}
+function loadLocalDaemonToken(tokenPath = exports.DEFAULT_DAEMON_TOKEN_PATH) {
+    try {
+        const token = (0, fs_1.readFileSync)(tokenPath, "utf-8").trim();
+        return token.length > 0 ? token : undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+function resolveDaemonHttpBaseUrl(configPath = exports.DEFAULT_DAEMON_CONFIG_PATH) {
+    try {
+        if ((0, fs_1.existsSync)(configPath)) {
+            const config = (0, fs_1.readFileSync)(configPath, "utf-8");
+            const port = readTomlInteger(config, "listen_port") ?? 4402;
+            return `http://127.0.0.1:${port}`;
+        }
+    }
+    catch {
+        // Fall through to default.
+    }
+    return exports.DEFAULT_DAEMON_HTTP_URL;
+}
+function resolveDaemonApiBaseUrl(options = {}) {
+    const explicit = options.apiUrl ?? options.baseUrl;
+    if (explicit && explicit.trim().length > 0) {
+        return trimTrailingSlash(explicit.trim());
+    }
+    const httpBase = resolveDaemonHttpBaseUrl(options.configPath ?? exports.DEFAULT_DAEMON_CONFIG_PATH);
+    try {
+        const url = new URL(httpBase);
+        const httpPort = url.port ? Number.parseInt(url.port, 10) : (url.protocol === "https:" ? 443 : 80);
+        if (Number.isFinite(httpPort)) {
+            url.port = String(httpPort + 1);
+            return trimTrailingSlash(url.toString());
+        }
+    }
+    catch {
+        // Fall through to default.
+    }
+    return exports.DEFAULT_DAEMON_API_URL;
+}
+function safeJsonParse(value) {
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        return value;
+    }
+}
+/**
+ * Thin typed client for the split ARC-402 node API (`arc402-api`).
+ *
+ * This surface is for operator-side reads and auth against the host daemon/node process:
+ * - `/health`
+ * - `/auth/challenge`
+ * - `/auth/session`
+ * - `/auth/revoke`
+ * - `/wallet/status`
+ * - `/workroom/status`
+ * - `/agreements`
+ *
+ * The delivery plane still lives on the host daemon HTTP port (usually `:4402`)
+ * and is wrapped separately by `DeliveryClient`.
+ */
+class DaemonNodeClient {
+    constructor(options = {}) {
+        this.options = options;
+        this.apiUrl = resolveDaemonApiBaseUrl(options);
+        this.fetchImpl = options.fetchImpl ?? fetch;
+    }
+    async request(method, urlPath, body, useSession = false) {
+        const token = this.options.token ?? loadLocalDaemonToken(this.options.tokenPath ?? exports.DEFAULT_DAEMON_TOKEN_PATH);
+        const headers = {};
+        if (body !== undefined) {
+            headers["Content-Type"] = "application/json";
+        }
+        if (useSession) {
+            if (!token) {
+                throw new DaemonClientError("No daemon session token available");
+            }
+            headers.Authorization = `Bearer ${token}`;
+        }
+        const response = await this.fetchImpl(`${this.apiUrl}${urlPath}`, {
+            method,
+            headers,
+            body: body !== undefined ? JSON.stringify(body) : undefined,
+        });
+        const text = await response.text();
+        const payload = text.length > 0 ? safeJsonParse(text) : undefined;
+        if (!response.ok) {
+            const message = typeof payload === "object" &&
+                payload !== null &&
+                "error" in payload &&
+                typeof payload.error === "string"
+                ? payload.error
+                : text || `Daemon request failed (${response.status})`;
+            throw new DaemonClientError(message, response.status, payload ?? text);
+        }
+        return (payload ?? {});
+    }
+    async getHealth() {
+        return this.request("GET", "/health");
+    }
+    async requestAuthChallenge(wallet, requestedScope = "operator") {
+        return this.request("POST", "/auth/challenge", { wallet, requestedScope });
+    }
+    async health() {
+        return this.getHealth();
+    }
+    async createSession(challengeId, signature) {
+        return this.request("POST", "/auth/session", { challengeId, signature });
+    }
+    async revokeSessions() {
+        return this.request("POST", "/auth/revoke", undefined, true);
+    }
+    async revokeSession() {
+        return this.revokeSessions();
+    }
+    async getWalletStatus() {
+        return this.request("GET", "/wallet/status", undefined, true);
+    }
+    async walletStatus() {
+        return this.getWalletStatus();
+    }
+    async getWorkroomStatus() {
+        return this.request("GET", "/workroom/status", undefined, true);
+    }
+    async workroomStatus() {
+        return this.getWorkroomStatus();
+    }
+    async listAgreements() {
+        return this.request("GET", "/agreements", undefined, true);
+    }
+    async agreements() {
+        return this.listAgreements();
+    }
+}
+exports.DaemonNodeClient = DaemonNodeClient;
+exports.DaemonClient = DaemonNodeClient;

package/dist/index.d.ts

@@ -37,6 +37,8 @@ export { resolveEndpoint, notifyEndpoint, notifyHire, notifyHandshake, notifyHir
 export type { EndpointNotifyResult } from "./endpoint";
 export { DeliveryClient, DEFAULT_DAEMON_URL } from "./delivery";
 export type { DeliveryFile, DeliveryManifest, DeliveryClientOptions } from "./delivery";
+export { DaemonClient, DaemonNodeClient, DaemonClientError, DEFAULT_DAEMON_HTTP_URL, DEFAULT_DAEMON_API_URL, DEFAULT_DAEMON_TOKEN_PATH, DEFAULT_DAEMON_CONFIG_PATH, resolveDaemonHttpBaseUrl, resolveDaemonApiBaseUrl, loadLocalDaemonToken } from "./daemon";
+export type { DaemonNodeClientOptions, DaemonHealthStatus, DaemonWalletStatus, DaemonWorkroomStatus, DaemonAgreementRecord, DaemonAgreementsResponse, AuthChallengeResponse, AuthSessionResponse, RevokeSessionsResponse } from "./daemon";
 export declare const COMPUTE_AGREEMENT_ADDRESS = "0xf898A8A2cF9900A588B174d9f96349BBA95e57F3";
 export declare const SUBSCRIPTION_AGREEMENT_ADDRESS = "0x809c1D997Eab3531Eb2d01FCD5120Ac786D850D6";
 export declare const ARC402_REGISTRY_V2_ADDRESS = "0xcc0D8731ccCf6CFfF4e66F6d68cA86330Ea8B622";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,MAAM,UAAU,CAAC;AACjF,OAAO,EAAE,kBAAkB,IAAI,oBAAoB,EAAE,YAAY,IAAI,cAAc,EAAE,MAAM,UAAU,CAAC;AACtG,OAAO,EAAE,yBAAyB,EAAE,KAAK,aAAa,EAAE,KAAK,uBAAuB,EAAE,KAAK,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC7I,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AACvE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,KAAK,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,4BAA4B,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AAC1Q,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,mBAAmB,EAAE,KAAK,aAAa,EAAE,KAAK,YAAY,EAAE,KAAK,mBAAmB,EAAE,KAAK,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAChJ,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,YAAY,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,eAAe,EAAE,mBAAmB,EAAE,YAAY,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpL,YAAY,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC9I,YAAY,EAAE,6BAA6B,EAAE,4BAA4B,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AACrH,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AACvF,cAAc,aAAa,CAAC;AAC5B,cAAc,SAAS,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACpI,YAAY,EAAE,aAAa,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAChL,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACnD,YAAY,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AACvD,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AACvI,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,UAAU,EAAE,eAAe,EAAE,kBAAkB,EAAE,cAAc,EAAE,sBAAsB,EAAE,aAAa,EAAE,aAAa,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAC9M,YAAY,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAGxF,eAAO,MAAM,yBAAyB,+CAA+C,CAAC;AACtF,eAAO,MAAM,8BAA8B,+CAA+C,CAAC;AAC3F,eAAO,MAAM,0BAA0B,+CAA+C,CAAC;AACvF,eAAO,MAAM,0BAA0B,+CAA+C,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,MAAM,UAAU,CAAC;AACjF,OAAO,EAAE,kBAAkB,IAAI,oBAAoB,EAAE,YAAY,IAAI,cAAc,EAAE,MAAM,UAAU,CAAC;AACtG,OAAO,EAAE,yBAAyB,EAAE,KAAK,aAAa,EAAE,KAAK,uBAAuB,EAAE,KAAK,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC7I,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AACvE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,KAAK,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,4BAA4B,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AAC1Q,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,mBAAmB,EAAE,KAAK,aAAa,EAAE,KAAK,YAAY,EAAE,KAAK,mBAAmB,EAAE,KAAK,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAChJ,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,YAAY,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,eAAe,EAAE,mBAAmB,EAAE,YAAY,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpL,YAAY,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC9I,YAAY,EAAE,6BAA6B,EAAE,4BAA4B,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AACrH,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AACvF,cAAc,aAAa,CAAC;AAC5B,cAAc,SAAS,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACpI,YAAY,EAAE,aAAa,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAChL,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACnD,YAAY,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AACvD,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AACvI,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,UAAU,EAAE,eAAe,EAAE,kBAAkB,EAAE,cAAc,EAAE,sBAAsB,EAAE,aAAa,EAAE,aAAa,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAC9M,YAAY,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACxF,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAC9P,YAAY,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,MAAM,UAAU,CAAC;AAG3O,eAAO,MAAM,yBAAyB,+CAA+C,CAAC;AACtF,eAAO,MAAM,8BAA8B,+CAA+C,CAAC;AAC3F,eAAO,MAAM,0BAA0B,+CAA+C,CAAC;AACvF,eAAO,MAAM,0BAA0B,+CAA+C,CAAC"}

package/dist/index.js

@@ -15,7 +15,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AGENT_METADATA_SCHEMA = exports.uploadMetadata = exports.decodeMetadata = exports.encodeMetadata = exports.validateMetadata = exports.buildMetadata = exports.uploadEncryptedIPFS = exports.decryptDeliverable = exports.encryptDeliverable = exports.uploadToIPFS = exports.hashDeliverableFile = exports.hashDeliverable = exports.DeliverableType = exports.DeliverableClient = exports.WatchtowerClient = exports.AgreementTreeClient = exports.ChannelClient = exports.SessionManager = exports.NegotiationGuard = exports.parseNegotiationMessage = exports.createNegotiationReject = exports.createNegotiationAccept = exports.createNegotiationCounter = exports.createNegotiationProposal = exports.createSignedReject = exports.createSignedAccept = exports.createSignedCounter = exports.createSignedProposal = exports.signNegotiationMessage = exports.GovernanceClient = exports.CapabilityRegistryClient = exports.SponsorshipAttestationClient = exports.ReputationOracleClient = exports.DisputeArbitrationClient = exports.ServiceAgreementClient = exports.AgentRegistryClient = exports.MultiAgentSettlement = exports.SettlementClient = exports.IntentAttestation = exports.IntentAttestationClient = exports.TrustPrimitive = exports.TrustClient = exports.PolicyValidator = exports.PolicyObject = exports.PolicyClient = exports.ContractInteractionClient = exports.ARC402Operator = exports.ARC402OperatorClient = exports.ARC402Wallet = exports.ARC402WalletClient = void 0;
-exports.ARC402_REGISTRY_V3_ADDRESS = exports.ARC402_REGISTRY_V2_ADDRESS = exports.SUBSCRIPTION_AGREEMENT_ADDRESS = exports.COMPUTE_AGREEMENT_ADDRESS = exports.DEFAULT_DAEMON_URL = exports.DeliveryClient = exports.DEFAULT_REGISTRY_ADDRESS = exports.notifyMessage = exports.notifyDispute = exports.notifyDeliveryAccepted = exports.notifyDelivery = exports.notifyHireAccepted = exports.notifyHandshake = exports.notifyHire = exports.notifyEndpoint = exports.resolveEndpoint = exports.ARENA_ADDRESSES = exports.ArenaClient = exports.MigrationClient = exports.ComputeAgreementClient = exports.ColdStartClient = void 0;
+exports.ARC402_REGISTRY_V3_ADDRESS = exports.ARC402_REGISTRY_V2_ADDRESS = exports.SUBSCRIPTION_AGREEMENT_ADDRESS = exports.COMPUTE_AGREEMENT_ADDRESS = exports.loadLocalDaemonToken = exports.resolveDaemonApiBaseUrl = exports.resolveDaemonHttpBaseUrl = exports.DEFAULT_DAEMON_CONFIG_PATH = exports.DEFAULT_DAEMON_TOKEN_PATH = exports.DEFAULT_DAEMON_API_URL = exports.DEFAULT_DAEMON_HTTP_URL = exports.DaemonClientError = exports.DaemonNodeClient = exports.DaemonClient = exports.DEFAULT_DAEMON_URL = exports.DeliveryClient = exports.DEFAULT_REGISTRY_ADDRESS = exports.notifyMessage = exports.notifyDispute = exports.notifyDeliveryAccepted = exports.notifyDelivery = exports.notifyHireAccepted = exports.notifyHandshake = exports.notifyHire = exports.notifyEndpoint = exports.resolveEndpoint = exports.ARENA_ADDRESSES = exports.ArenaClient = exports.MigrationClient = exports.ComputeAgreementClient = exports.ColdStartClient = void 0;
 var wallet_1 = require("./wallet");
 Object.defineProperty(exports, "ARC402WalletClient", { enumerable: true, get: function () { return wallet_1.ARC402WalletClient; } });
 Object.defineProperty(exports, "ARC402Wallet", { enumerable: true, get: function () { return wallet_1.ARC402Wallet; } });
@@ -113,6 +113,17 @@ Object.defineProperty(exports, "DEFAULT_REGISTRY_ADDRESS", { enumerable: true, g
 var delivery_1 = require("./delivery");
 Object.defineProperty(exports, "DeliveryClient", { enumerable: true, get: function () { return delivery_1.DeliveryClient; } });
 Object.defineProperty(exports, "DEFAULT_DAEMON_URL", { enumerable: true, get: function () { return delivery_1.DEFAULT_DAEMON_URL; } });
+var daemon_1 = require("./daemon");
+Object.defineProperty(exports, "DaemonClient", { enumerable: true, get: function () { return daemon_1.DaemonClient; } });
+Object.defineProperty(exports, "DaemonNodeClient", { enumerable: true, get: function () { return daemon_1.DaemonNodeClient; } });
+Object.defineProperty(exports, "DaemonClientError", { enumerable: true, get: function () { return daemon_1.DaemonClientError; } });
+Object.defineProperty(exports, "DEFAULT_DAEMON_HTTP_URL", { enumerable: true, get: function () { return daemon_1.DEFAULT_DAEMON_HTTP_URL; } });
+Object.defineProperty(exports, "DEFAULT_DAEMON_API_URL", { enumerable: true, get: function () { return daemon_1.DEFAULT_DAEMON_API_URL; } });
+Object.defineProperty(exports, "DEFAULT_DAEMON_TOKEN_PATH", { enumerable: true, get: function () { return daemon_1.DEFAULT_DAEMON_TOKEN_PATH; } });
+Object.defineProperty(exports, "DEFAULT_DAEMON_CONFIG_PATH", { enumerable: true, get: function () { return daemon_1.DEFAULT_DAEMON_CONFIG_PATH; } });
+Object.defineProperty(exports, "resolveDaemonHttpBaseUrl", { enumerable: true, get: function () { return daemon_1.resolveDaemonHttpBaseUrl; } });
+Object.defineProperty(exports, "resolveDaemonApiBaseUrl", { enumerable: true, get: function () { return daemon_1.resolveDaemonApiBaseUrl; } });
+Object.defineProperty(exports, "loadLocalDaemonToken", { enumerable: true, get: function () { return daemon_1.loadLocalDaemonToken; } });
 // Base Mainnet contract addresses
 exports.COMPUTE_AGREEMENT_ADDRESS = "0xf898A8A2cF9900A588B174d9f96349BBA95e57F3";
 exports.SUBSCRIPTION_AGREEMENT_ADDRESS = "0x809c1D997Eab3531Eb2d01FCD5120Ac786D850D6";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@arc402/sdk",
-  "version": "0.6.5",
+  "version": "0.6.6",
   "description": "ARC-402 typed TypeScript SDK for discovery, negotiation, trust, and governed settlement",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/daemon.ts

@@ -0,0 +1,280 @@
+import { existsSync, readFileSync } from "fs";
+import os from "os";
+import path from "path";
+
+export const DEFAULT_DAEMON_HTTP_URL = "http://127.0.0.1:4402";
+export const DEFAULT_DAEMON_API_URL = "http://127.0.0.1:4403";
+export const DEFAULT_DAEMON_TOKEN_PATH = path.join(os.homedir(), ".arc402", "daemon.token");
+export const DEFAULT_DAEMON_CONFIG_PATH = path.join(os.homedir(), ".arc402", "daemon.toml");
+
+export interface DaemonHealthStatus {
+  ok: boolean;
+  wallet: string;
+}
+
+export interface DaemonWalletStatus {
+  ok: boolean;
+  wallet: string;
+  daemonId: string;
+  chainId: number;
+  rpcUrl: string;
+  policyEngineAddress: string;
+}
+
+export interface DaemonWorkroomStatus {
+  ok: boolean;
+  status: string;
+}
+
+export interface DaemonAgreementRecord {
+  id: string;
+  agreement_id: string | null;
+  hirer_address: string;
+  capability: string;
+  price_eth: string;
+  deadline_unix: number;
+  spec_hash: string;
+  task_description: string | null;
+  status: string;
+  created_at: number;
+  updated_at: number;
+  reject_reason: string | null;
+}
+
+export interface DaemonAgreementsResponse {
+  ok: boolean;
+  agreements: DaemonAgreementRecord[];
+}
+
+export interface AuthChallengeResponse {
+  challengeId: string;
+  challenge: string;
+  daemonId: string;
+  wallet: string;
+  chainId: number;
+  scope: string;
+  expiresAt: number;
+  issuedAt: number;
+}
+
+export interface AuthSessionResponse {
+  ok: true;
+  token: string;
+  wallets: string[];
+  wallet: string;
+  scope: string;
+  expiresAt: number;
+}
+
+export interface RevokeSessionsResponse {
+  ok: boolean;
+  revoked: string;
+}
+
+export interface DaemonNodeClientOptions {
+  /** Split daemon API base URL. Defaults to http://127.0.0.1:4403. */
+  apiUrl?: string;
+  /** Alias for apiUrl to match older docs/examples. */
+  baseUrl?: string;
+  /** Local daemon token. Defaults to ~/.arc402/daemon.token when present. */
+  token?: string;
+  /** Explicit path to daemon.token if you don't want the default. */
+  tokenPath?: string;
+  /** Explicit path to daemon.toml if you want port inference from a non-default location. */
+  configPath?: string;
+  /** Custom fetch implementation for testing or non-standard runtimes. */
+  fetchImpl?: typeof fetch;
+}
+
+export class DaemonClientError extends Error {
+  constructor(
+    message: string,
+    public readonly statusCode?: number,
+    public readonly details?: unknown,
+  ) {
+    super(message);
+    this.name = "DaemonClientError";
+  }
+}
+
+function trimTrailingSlash(input: string): string {
+  return input.replace(/\/$/, "");
+}
+
+function readTomlInteger(contents: string, key: string): number | undefined {
+  const match = contents.match(new RegExp(`^\\s*${key}\\s*=\\s*(\\d+)\\s*$`, "m"));
+  if (!match) return undefined;
+  const parsed = Number.parseInt(match[1], 10);
+  return Number.isFinite(parsed) ? parsed : undefined;
+}
+
+export function loadLocalDaemonToken(tokenPath = DEFAULT_DAEMON_TOKEN_PATH): string | undefined {
+  try {
+    const token = readFileSync(tokenPath, "utf-8").trim();
+    return token.length > 0 ? token : undefined;
+  } catch {
+    return undefined;
+  }
+}
+
+export function resolveDaemonHttpBaseUrl(configPath = DEFAULT_DAEMON_CONFIG_PATH): string {
+  try {
+    if (existsSync(configPath)) {
+      const config = readFileSync(configPath, "utf-8");
+      const port = readTomlInteger(config, "listen_port") ?? 4402;
+      return `http://127.0.0.1:${port}`;
+    }
+  } catch {
+    // Fall through to default.
+  }
+  return DEFAULT_DAEMON_HTTP_URL;
+}
+
+export function resolveDaemonApiBaseUrl(options: Pick<DaemonNodeClientOptions, "apiUrl" | "baseUrl" | "configPath"> = {}): string {
+  const explicit = options.apiUrl ?? options.baseUrl;
+  if (explicit && explicit.trim().length > 0) {
+    return trimTrailingSlash(explicit.trim());
+  }
+
+  const httpBase = resolveDaemonHttpBaseUrl(options.configPath ?? DEFAULT_DAEMON_CONFIG_PATH);
+
+  try {
+    const url = new URL(httpBase);
+    const httpPort = url.port ? Number.parseInt(url.port, 10) : (url.protocol === "https:" ? 443 : 80);
+    if (Number.isFinite(httpPort)) {
+      url.port = String(httpPort + 1);
+      return trimTrailingSlash(url.toString());
+    }
+  } catch {
+    // Fall through to default.
+  }
+
+  return DEFAULT_DAEMON_API_URL;
+}
+
+function safeJsonParse(value: string): unknown {
+  try {
+    return JSON.parse(value);
+  } catch {
+    return value;
+  }
+}
+
+/**
+ * Thin typed client for the split ARC-402 node API (`arc402-api`).
+ *
+ * This surface is for operator-side reads and auth against the host daemon/node process:
+ * - `/health`
+ * - `/auth/challenge`
+ * - `/auth/session`
+ * - `/auth/revoke`
+ * - `/wallet/status`
+ * - `/workroom/status`
+ * - `/agreements`
+ *
+ * The delivery plane still lives on the host daemon HTTP port (usually `:4402`)
+ * and is wrapped separately by `DeliveryClient`.
+ */
+export class DaemonNodeClient {
+  readonly apiUrl: string;
+  private readonly options: DaemonNodeClientOptions;
+  private readonly fetchImpl: typeof fetch;
+
+  constructor(options: DaemonNodeClientOptions = {}) {
+    this.options = options;
+    this.apiUrl = resolveDaemonApiBaseUrl(options);
+    this.fetchImpl = options.fetchImpl ?? fetch;
+  }
+
+  private async request<T>(
+    method: "GET" | "POST",
+    urlPath: string,
+    body?: unknown,
+    useSession = false,
+  ): Promise<T> {
+    const token = this.options.token ?? loadLocalDaemonToken(this.options.tokenPath ?? DEFAULT_DAEMON_TOKEN_PATH);
+    const headers: Record<string, string> = {};
+
+    if (body !== undefined) {
+      headers["Content-Type"] = "application/json";
+    }
+    if (useSession) {
+      if (!token) {
+        throw new DaemonClientError("No daemon session token available");
+      }
+      headers.Authorization = `Bearer ${token}`;
+    }
+
+    const response = await this.fetchImpl(`${this.apiUrl}${urlPath}`, {
+      method,
+      headers,
+      body: body !== undefined ? JSON.stringify(body) : undefined,
+    });
+
+    const text = await response.text();
+    const payload = text.length > 0 ? safeJsonParse(text) : undefined;
+
+    if (!response.ok) {
+      const message =
+        typeof payload === "object" &&
+        payload !== null &&
+        "error" in payload &&
+        typeof (payload as { error?: unknown }).error === "string"
+          ? (payload as { error: string }).error
+          : text || `Daemon request failed (${response.status})`;
+      throw new DaemonClientError(message, response.status, payload ?? text);
+    }
+
+    return (payload ?? {}) as T;
+  }
+
+  async getHealth(): Promise<DaemonHealthStatus> {
+    return this.request<DaemonHealthStatus>("GET", "/health");
+  }
+
+  async requestAuthChallenge(wallet: string, requestedScope = "operator"): Promise<AuthChallengeResponse> {
+    return this.request<AuthChallengeResponse>("POST", "/auth/challenge", { wallet, requestedScope });
+  }
+
+  async health(): Promise<DaemonHealthStatus> {
+    return this.getHealth();
+  }
+
+  async createSession(challengeId: string, signature: string): Promise<AuthSessionResponse> {
+    return this.request<AuthSessionResponse>("POST", "/auth/session", { challengeId, signature });
+  }
+
+  async revokeSessions(): Promise<RevokeSessionsResponse> {
+    return this.request<RevokeSessionsResponse>("POST", "/auth/revoke", undefined, true);
+  }
+
+  async revokeSession(): Promise<RevokeSessionsResponse> {
+    return this.revokeSessions();
+  }
+
+  async getWalletStatus(): Promise<DaemonWalletStatus> {
+    return this.request<DaemonWalletStatus>("GET", "/wallet/status", undefined, true);
+  }
+
+  async walletStatus(): Promise<DaemonWalletStatus> {
+    return this.getWalletStatus();
+  }
+
+  async getWorkroomStatus(): Promise<DaemonWorkroomStatus> {
+    return this.request<DaemonWorkroomStatus>("GET", "/workroom/status", undefined, true);
+  }
+
+  async workroomStatus(): Promise<DaemonWorkroomStatus> {
+    return this.getWorkroomStatus();
+  }
+
+  async listAgreements(): Promise<DaemonAgreementsResponse> {
+    return this.request<DaemonAgreementsResponse>("GET", "/agreements", undefined, true);
+  }
+
+  async agreements(): Promise<DaemonAgreementsResponse> {
+    return this.listAgreements();
+  }
+}
+
+export { DaemonNodeClient as DaemonClient };

package/src/index.ts

@@ -37,6 +37,8 @@ export { resolveEndpoint, notifyEndpoint, notifyHire, notifyHandshake, notifyHir
 export type { EndpointNotifyResult } from "./endpoint";
 export { DeliveryClient, DEFAULT_DAEMON_URL } from "./delivery";
 export type { DeliveryFile, DeliveryManifest, DeliveryClientOptions } from "./delivery";
+export { DaemonClient, DaemonNodeClient, DaemonClientError, DEFAULT_DAEMON_HTTP_URL, DEFAULT_DAEMON_API_URL, DEFAULT_DAEMON_TOKEN_PATH, DEFAULT_DAEMON_CONFIG_PATH, resolveDaemonHttpBaseUrl, resolveDaemonApiBaseUrl, loadLocalDaemonToken } from "./daemon";
+export type { DaemonNodeClientOptions, DaemonHealthStatus, DaemonWalletStatus, DaemonWorkroomStatus, DaemonAgreementRecord, DaemonAgreementsResponse, AuthChallengeResponse, AuthSessionResponse, RevokeSessionsResponse } from "./daemon";
 
 // Base Mainnet contract addresses
 export const COMPUTE_AGREEMENT_ADDRESS = "0xf898A8A2cF9900A588B174d9f96349BBA95e57F3";

package/test/daemon-client.test.js

@@ -0,0 +1,82 @@
+const test = require('node:test');
+const assert = require('node:assert/strict');
+const fs = require('node:fs');
+const os = require('node:os');
+const path = require('node:path');
+
+const {
+  DaemonClient,
+  DaemonNodeClient,
+  loadLocalDaemonToken,
+  resolveDaemonHttpBaseUrl,
+  resolveDaemonApiBaseUrl,
+  DEFAULT_DAEMON_HTTP_URL,
+  DEFAULT_DAEMON_API_URL,
+} = require('../dist');
+
+test('daemon URL helpers infer split ports from daemon.toml', () => {
+  const tmp = fs.mkdtempSync(path.join(os.tmpdir(), 'arc402-sdk-daemon-'));
+  const configPath = path.join(tmp, 'daemon.toml');
+  fs.writeFileSync(configPath, '[relay]\nlisten_port = 5510\n');
+
+  assert.equal(resolveDaemonHttpBaseUrl(configPath), 'http://127.0.0.1:5510');
+  assert.equal(resolveDaemonApiBaseUrl({ configPath }), 'http://127.0.0.1:5511');
+  assert.equal(resolveDaemonApiBaseUrl({ baseUrl: 'https://node.example.com/' }), 'https://node.example.com');
+});
+
+test('daemon token loader trims file contents and tolerates missing file', () => {
+  const tmp = fs.mkdtempSync(path.join(os.tmpdir(), 'arc402-sdk-token-'));
+  const tokenPath = path.join(tmp, 'daemon.token');
+  fs.writeFileSync(tokenPath, 'secret-token\n');
+
+  assert.equal(loadLocalDaemonToken(tokenPath), 'secret-token');
+  assert.equal(loadLocalDaemonToken(path.join(tmp, 'missing.token')), undefined);
+});
+
+test('daemon client reads split API endpoints and keeps compatibility aliases', async () => {
+  const calls = [];
+  const originalFetch = global.fetch;
+  global.fetch = async (url, init = {}) => {
+    calls.push({ url, init });
+    const pathname = new URL(url).pathname;
+    const payloads = {
+      '/health': { ok: true, wallet: '0xabc' },
+      '/wallet/status': { ok: true, wallet: '0xabc', daemonId: '0xabc', chainId: 8453, rpcUrl: 'http://rpc', policyEngineAddress: '0xdef' },
+      '/workroom/status': { ok: true, status: 'running' },
+      '/agreements': { ok: true, agreements: [{ agreement_id: '1' }] },
+      '/auth/challenge': { challengeId: 'cid', challenge: 'sign me', daemonId: '0xabc', wallet: '0xabc', chainId: 8453, scope: 'operator', expiresAt: 1, issuedAt: 1 },
+      '/auth/session': { ok: true, token: 'tok', wallets: ['0xabc'], wallet: '0xabc', scope: 'operator', expiresAt: 2 },
+      '/auth/revoke': { ok: true },
+    };
+    return new Response(JSON.stringify(payloads[pathname]), {
+      status: 200,
+      headers: { 'content-type': 'application/json' },
+    });
+  };
+
+  try {
+    const client = new DaemonClient({ baseUrl: 'http://127.0.0.1:6603', token: 'daemon-token' });
+    const aliasClient = new DaemonNodeClient({ apiUrl: 'http://127.0.0.1:6603', token: 'daemon-token' });
+
+    assert.equal(client.apiUrl, 'http://127.0.0.1:6603');
+    assert.equal(aliasClient.apiUrl, 'http://127.0.0.1:6603');
+    assert.equal(DEFAULT_DAEMON_HTTP_URL, 'http://127.0.0.1:4402');
+    assert.equal(DEFAULT_DAEMON_API_URL, 'http://127.0.0.1:4403');
+
+    assert.deepEqual(await client.health(), { ok: true, wallet: '0xabc' });
+    assert.equal((await client.walletStatus()).chainId, 8453);
+    assert.equal((await client.workroomStatus()).status, 'running');
+    assert.equal((await client.agreements()).agreements.length, 1);
+    assert.equal((await client.requestAuthChallenge('0xabc')).challengeId, 'cid');
+    assert.equal((await client.createSession('cid', '0xsig')).ok, true);
+    assert.equal((await client.revokeSession()).ok, true);
+    assert.deepEqual(await aliasClient.getHealth(), { ok: true, wallet: '0xabc' });
+
+    const challengeCall = calls.find((entry) => new URL(entry.url).pathname === '/auth/challenge');
+    assert.equal(challengeCall.init.method, 'POST');
+    assert.equal(challengeCall.init.headers.Authorization, undefined);
+    assert.match(challengeCall.init.body, /"wallet":"0xabc"/);
+  } finally {
+    global.fetch = originalFetch;
+  }
+});

package/test/daemon.test.js

@@ -0,0 +1,103 @@
+const test = require('node:test');
+const assert = require('node:assert/strict');
+const fs = require('node:fs');
+const os = require('node:os');
+const path = require('node:path');
+
+const {
+  DaemonClient,
+  DaemonClientError,
+  resolveDaemonApiBaseUrl,
+  loadLocalDaemonToken,
+} = require('../dist');
+
+test('resolveDaemonApiBaseUrl prefers explicit value and trims trailing slashes', () => {
+  assert.equal(resolveDaemonApiBaseUrl(), 'http://127.0.0.1:4403');
+  assert.equal(resolveDaemonApiBaseUrl({ apiUrl: 'http://example.com:1234/' }), 'http://example.com:1234');
+});
+
+test('loadLocalDaemonToken reads trimmed token values', async () => {
+  const dir = await fs.promises.mkdtemp(path.join(os.tmpdir(), 'arc402-sdk-daemon-'));
+  const tokenPath = path.join(dir, 'daemon.token');
+  await fs.promises.writeFile(tokenPath, 'secret-token\n', 'utf8');
+  assert.equal(loadLocalDaemonToken(tokenPath), 'secret-token');
+});
+
+test('DaemonClient sends bearer token to authenticated endpoints', async () => {
+  const calls = [];
+  const daemon = new DaemonClient({
+    apiUrl: 'http://127.0.0.1:4403',
+    token: 'token-123',
+    fetchImpl: async (url, init) => {
+      calls.push({ url, init });
+      return new Response(JSON.stringify({ ok: true, status: 'running' }), {
+        status: 200,
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+
+  const result = await daemon.getWorkroomStatus();
+  assert.deepEqual(result, { ok: true, status: 'running' });
+  assert.equal(calls[0].url, 'http://127.0.0.1:4403/workroom/status');
+  assert.equal(calls[0].init.headers.Authorization, 'Bearer token-123');
+});
+
+test('DaemonClient exposes auth challenge and session endpoints without bearer auth', async () => {
+  const seen = [];
+  const daemon = new DaemonClient({
+    apiUrl: 'http://node.example.com',
+    fetchImpl: async (url, init) => {
+      seen.push({ url, init });
+      if (url.endsWith('/auth/challenge')) {
+        return new Response(JSON.stringify({
+          challengeId: 'abc',
+          challenge: 'ARC-402 Remote Auth\nChallenge: 0x123',
+          daemonId: '0x0000000000000000000000000000000000000001',
+          wallet: '0x0000000000000000000000000000000000000002',
+          chainId: 8453,
+          scope: 'operator',
+          expiresAt: 123,
+          issuedAt: 100,
+        }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+      }
+
+      return new Response(JSON.stringify({
+        ok: true,
+        token: 'session-token',
+        wallets: ['0x0000000000000000000000000000000000000002'],
+        wallet: '0x0000000000000000000000000000000000000002',
+        scope: 'operator',
+        expiresAt: 999,
+      }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+    },
+  });
+
+  const challenge = await daemon.requestAuthChallenge('0x0000000000000000000000000000000000000002');
+  const session = await daemon.createSession('abc', '0xsig');
+
+  assert.equal(challenge.challengeId, 'abc');
+  assert.equal(session.token, 'session-token');
+  assert.equal(seen[0].init.headers.Authorization, undefined);
+  assert.equal(seen[1].init.headers.Authorization, undefined);
+});
+
+test('DaemonClient throws typed errors for HTTP failures', async () => {
+  const daemon = new DaemonClient({
+    token: 'token-123',
+    fetchImpl: async () => new Response(JSON.stringify({ error: 'invalid_session' }), {
+      status: 401,
+      headers: { 'Content-Type': 'application/json' },
+    }),
+  });
+
+  await assert.rejects(
+    daemon.getWalletStatus(),
+    (error) => {
+      assert.ok(error instanceof DaemonClientError);
+      assert.equal(error.message, 'invalid_session');
+      assert.equal(error.statusCode, 401);
+      return true;
+    }
+  );
+});