@heyanon-arp/sdk 0.0.11 → 0.0.13

package/README.md

@@ -100,7 +100,7 @@ verifyCosignature({ cosignature: cs, payload: cs.payload, signerIdentityPubkey:
 | `challenge`     | `ARP-CHALLENGE-v1` ownership proof for identity registration                  |
 | `attestation`   | `ARP-KEY-LINK-v1` / `ARP-KEY-ROTATION-v1` (scrypt password proof)             |
 | `server-chain`  | `signed_message_hash` + `server_event_hash` builders for chain audit          |
-| `settlement`    | `ARP-SOLANA-RELEASE-v1.5` / `…-PARTIAL-RELEASE-v1.5` / `…-REFUND-v1` digests  |
+| `settlement`    | `ARP-SOLANA-RELEASE-v1.5` / `…-REFUND-v1` digests                             |
 | `escrow`        | Solana `create_lock` ix data builder, condition-hash derivation               |
 | `purpose`       | Domain separator constants                                                    |
 | `utils`         | UUID v4, sender_nonce, RFC 3339 timestamp helpers                             |

package/dist/assets.d.ts

@@ -3,7 +3,7 @@
  *
  * The protocol carries assets as `AssetIdentifier` ({ asset_id, decimals,
  * symbol? }) with `asset_id` always a CAIP-19 string. Payment assets
- * are a CLOSED per-cluster whitelist (mirroring the V2 contract's
+ * are a CLOSED per-cluster whitelist (mirroring the contract's
  * on-chain `CollateralConfig` allowlist):
  *
  *   - solana-mainnet: SOL, USDC, USDT, ANON
@@ -63,14 +63,6 @@ export declare const MAINNET_MINTS: {
 export declare const DEVNET_MINTS: {
     readonly USDC: "7ZjP2eJnQrW1SuE1kAP7tdrQuhkTVpco1NQKGjEMHpgg";
 };
-/**
- * @deprecated Compatibility alias for the pre-whitelist public API.
- * Use `MAINNET_MINTS` / `DEVNET_MINTS` / `ASSET_WHITELIST` instead.
- */
-export declare const USDC_MINTS: {
-    readonly 'solana-mainnet': "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";
-    readonly 'solana-devnet': "7ZjP2eJnQrW1SuE1kAP7tdrQuhkTVpco1NQKGjEMHpgg";
-};
 /**
  * The payment whitelist, keyed by cluster. Closed list — an offer in
  * any other asset is rejected server-side

package/dist/attestation/attestation.d.ts

@@ -1,7 +1,7 @@
 import type { KeyLinkPayload, ScryptPasswordAttestation } from '../types/identity';
 /**
  * Build an `ARP-KEY-LINK-v1` attestation record signed via
- * `scrypt_password_proof` (V1 default). Caller assembles the payload
+ * `scrypt_password_proof`. Caller assembles the payload
  * (DID, both pubkeys, nonce, etc.); SDK produces the MAC
  * and wraps the record in the standard shape.
  *

package/dist/attestation/scrypt-proof.d.ts

@@ -1,13 +1,13 @@
 /**
- * Derive the scrypt key from an owner's password + salt. Uses V1
+ * Derive the scrypt key from an owner's password + salt. Uses the
  * standard parameters: N=32768, r=8, p=1, dkLen=32. Designed to be
  * computed once at owner registration time and stored encrypted-at-rest;
  * subsequent attestation verification recomputes the HMAC, not scrypt.
  *
- * Synchronous variant is intentional — the SDK targets V1 deployments
- * where keys derive at low frequency (once per owner registration);
- * the worst case is a few hundred ms which is acceptable. Async
- * variants can be layered on top by the consumer if needed.
+ * Synchronous variant is intentional — keys derive at low frequency
+ * (once per owner registration); the worst case is a few hundred ms
+ * which is acceptable. Async variants can be layered on top by the
+ * consumer if needed.
  */
 export declare function deriveScryptKey(password: string, salt: Uint8Array): Uint8Array;
 /**

package/dist/escrow/condition-hash.d.ts

@@ -14,7 +14,7 @@ import type { AssetIdentifier } from '../types';
  * mint are bound on-chain at lock time (create_lock binds
  * `amount` u64 + `mint` 32B) and on-chain in the Lock account. The
  * condition_hash binds the agreed TERMS (scope / currency), not
- * the amount. (Settlement is always escrow in V1 — no `settlement_model`.
+ * the amount. (Settlement is always escrow — no `settlement_model`.
  * The per-unit rate card — `rateAmount` / `rateUnit` — is NOT bound either:
  * nothing enforces it, so it stays out of the subset.)
  *
@@ -23,11 +23,11 @@ import type { AssetIdentifier } from '../types';
  */
 export interface DelegationTermsSubset {
     /**
-     * Domain/version tag baked INTO the hashed bytes. V2 dropped the
-     * pricing-model concept from the terms (flat is the protocol's only
-     * semantics, not a setting) — the tag guarantees a V2 hash can never
-     * collide with a V1 hash over otherwise-identical fields, and gives
-     * future term-set changes an explicit version knob.
+     * Domain/version tag baked INTO the hashed bytes. The terms carry no
+     * pricing-model concept (flat is the protocol's only semantics, not a
+     * setting). The tag gives future term-set changes an explicit version
+     * knob and prevents collisions across tag values over
+     * otherwise-identical fields.
      */
     v: 'arp-condition-v2';
     delegationId: string;
@@ -57,11 +57,11 @@ export interface DelegationTermsInput {
  * delegation shape MUST NOT change `condition_hash` for existing
  * delegations.
  *
- * Runs in THREE places that MUST agree byte-for-byte: the buyer's
- * offer-prep (CLI), the server's `delegation.offer` validation
- * (recompute + compare to the on-chain bound hash), and the settlement
- * digest reconstruction. Any field-set drift produces a different hash
- * → Ed25519 settlement verify fails on-chain.
+ * Runs in two places that MUST agree byte-for-byte: the buyer's
+ * offer-prep (CLI) — which writes the hash into the `create_lock` tx —
+ * and the server's `delegation.offer` validation (recompute + compare
+ * to the on-chain bound hash). Any field-set drift produces a different
+ * hash → the server rejects the offer.
  *
  * @returns 32-byte condition_hash
  */

package/dist/escrow/lifecycle-instructions.d.ts

@@ -1,4 +1,4 @@
-/** PDA seed strings of the V2 program, verbatim from the pinned IDL. */
+/** PDA seed strings of the escrow program, verbatim from the pinned IDL. */
 export declare const ESCROW_PDA_SEEDS: {
     readonly LOCK: "lock";
     readonly ESCROW: "escrow";

package/dist/escrow/lock-id.d.ts

@@ -10,12 +10,11 @@
  *     seeded by `[<seed_prefix>, lock_id]`).
  *   - Server derives it independently when validating the offer's
  *     `attachments.escrow_lock.lock_id` claim.
- *   - Payee derives it before cosigning the receipt (needs it to look up
- *     the lock account and to feed into the settlement digest).
+ *   - Payee derives it to look up the lock account on-chain.
  *
- * Versioning: `"arp-lock-v1"` is a permanent literal. A future
- * `arp-lock-v2` would derive different lock_ids for the same delegation,
- * which is the right behaviour if we ever need to migrate seed shapes.
+ * Versioning: `"arp-lock-v1"` is a permanent literal baked into the
+ * hash input. Changing the prefix would derive different lock_ids for
+ * the same delegation, so it is fixed.
  *
  * @param delegationId — `del_<uuid>` string form (e.g. `del_550e8400-e29b-41d4-a716-446655440000`).
  *                       The wire-form prefix is part of the hash input
@@ -26,8 +25,8 @@
  */
 export declare function deriveLockId(delegationId: string): Uint8Array;
 /**
- * Convert a delegation id to the 16-byte representation the Solang
- * contract takes as `bytes16 delegation_id`. RFC 4122 UUIDs are
+ * Convert a delegation id to the 16-byte representation used as the
+ * `bytes16 delegation_id` lock-id substrate. RFC 4122 UUIDs are
  * 128 bits = 16 bytes; the string form is 36 chars (32 hex + 4 dashes).
  *
  * Accepts BOTH wire-form variants the protocol uses:

package/dist/index.js

@@ -156,9 +156,9 @@ function verifyEnvelope(envelope, senderIdentityPubkey) {
 var Purpose = {
   /** Default for `protected.purpose` on body messages. */
   ENVELOPE: "ARP-ENVELOPE-v1",
-  /** Receipt co-signature payload (delegation completion). */
+  /** Receipt domain separator (delegation completion). */
   RECEIPT: "ARP-RECEIPT-v1",
-  /** Dispute response co-signature payload. */
+  /** Dispute response domain separator. */
   DISPUTE_RESPONSE: "ARP-DISPUTE-RESPONSE-v1",
   /** Identity ownership challenge proof. */
   CHALLENGE: "ARP-CHALLENGE-v1",
@@ -168,27 +168,14 @@ var Purpose = {
   KEY_LINK: "ARP-KEY-LINK-v1",
   /**
    * Settlement-key signature authorising an on-chain `release_lock`.
-   * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
+   * The digest binds fee_bps_at_lock + fee_recipient_at_lock.
    */
   SOLANA_RELEASE: "ARP-SOLANA-RELEASE-v1.5",
-  /**
-   * Settlement-key signature authorising an on-chain `partial_release`.
-   * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
-   */
-  SOLANA_PARTIAL_RELEASE: "ARP-SOLANA-PARTIAL-RELEASE-v1.5",
   /** Settlement-key signature authorising an on-chain co-signed `refund_lock`. */
   SOLANA_REFUND: "ARP-SOLANA-REFUND-v1",
   /** Admin (platform multisig) signature authorising `resolve_dispute`. */
   SOLANA_RESOLVE_DISPUTE: "ARP-SOLANA-RESOLVE-DISPUTE-v1"
 };
-var PROTECTED_PURPOSES = [Purpose.ENVELOPE];
-var COSIGNATURE_PURPOSES = [Purpose.RECEIPT, Purpose.DISPUTE_RESPONSE];
-var SETTLEMENT_PURPOSES = [
-  Purpose.SOLANA_RELEASE,
-  Purpose.SOLANA_PARTIAL_RELEASE,
-  Purpose.SOLANA_REFUND,
-  Purpose.SOLANA_RESOLVE_DISPUTE
-];
 
 // src/challenge/challenge.ts
 var CHALLENGE_PURPOSE_BYTES = new TextEncoder().encode(Purpose.CHALLENGE);
@@ -444,10 +431,6 @@ var MAINNET_MINTS = {
 var DEVNET_MINTS = {
   USDC: "7ZjP2eJnQrW1SuE1kAP7tdrQuhkTVpco1NQKGjEMHpgg"
 };
-var USDC_MINTS = {
-  "solana-mainnet": MAINNET_MINTS.USDC,
-  "solana-devnet": DEVNET_MINTS.USDC
-};
 var SOL_MAINNET = {
   asset_id: `solana:${SOLANA_CLUSTER_IDS["solana-mainnet"]}/slip44:${SLIP44_SOLANA}`,
   decimals: 9,
@@ -730,7 +713,6 @@ function readU64LE(buf, off) {
 
 exports.ASSET_WHITELIST = ASSET_WHITELIST;
 exports.CAIP19_REGEX = CAIP19_REGEX;
-exports.COSIGNATURE_PURPOSES = COSIGNATURE_PURPOSES;
 exports.CREATE_LOCK_DISCRIMINATOR = CREATE_LOCK_DISCRIMINATOR;
 exports.CREATE_LOCK_NATIVE_DISCRIMINATOR = CREATE_LOCK_NATIVE_DISCRIMINATOR;
 exports.DECLINE_REASONS = DECLINE_REASONS;
@@ -743,14 +725,11 @@ exports.LOCK_TERMINAL_STATES = LOCK_TERMINAL_STATES;
 exports.MAINNET_MINTS = MAINNET_MINTS;
 exports.NATIVE_SOL_MINT_BASE58 = NATIVE_SOL_MINT_BASE58;
 exports.NO_ARG_LIFECYCLE_INSTRUCTIONS = NO_ARG_LIFECYCLE_INSTRUCTIONS;
-exports.PROTECTED_PURPOSES = PROTECTED_PURPOSES;
 exports.Purpose = Purpose;
 exports.SCRYPT_PARAMS = SCRYPT_PARAMS;
-exports.SETTLEMENT_PURPOSES = SETTLEMENT_PURPOSES;
 exports.SLIP44_SOLANA = SLIP44_SOLANA;
 exports.SOLANA_CLUSTER_IDS = SOLANA_CLUSTER_IDS;
 exports.SPL_TOKEN_PROGRAM_ID_BASE58 = SPL_TOKEN_PROGRAM_ID_BASE58;
-exports.USDC_MINTS = USDC_MINTS;
 exports.WELL_KNOWN_ASSETS = WELL_KNOWN_ASSETS;
 exports.WELL_KNOWN_ASSET_KEYS = WELL_KNOWN_ASSET_KEYS;
 exports.base58btcDecode = base58btcDecode;

package/dist/index.mjs

@@ -131,9 +131,9 @@ function verifyEnvelope(envelope, senderIdentityPubkey) {
 var Purpose = {
   /** Default for `protected.purpose` on body messages. */
   ENVELOPE: "ARP-ENVELOPE-v1",
-  /** Receipt co-signature payload (delegation completion). */
+  /** Receipt domain separator (delegation completion). */
   RECEIPT: "ARP-RECEIPT-v1",
-  /** Dispute response co-signature payload. */
+  /** Dispute response domain separator. */
   DISPUTE_RESPONSE: "ARP-DISPUTE-RESPONSE-v1",
   /** Identity ownership challenge proof. */
   CHALLENGE: "ARP-CHALLENGE-v1",
@@ -143,27 +143,14 @@ var Purpose = {
   KEY_LINK: "ARP-KEY-LINK-v1",
   /**
    * Settlement-key signature authorising an on-chain `release_lock`.
-   * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
+   * The digest binds fee_bps_at_lock + fee_recipient_at_lock.
    */
   SOLANA_RELEASE: "ARP-SOLANA-RELEASE-v1.5",
-  /**
-   * Settlement-key signature authorising an on-chain `partial_release`.
-   * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
-   */
-  SOLANA_PARTIAL_RELEASE: "ARP-SOLANA-PARTIAL-RELEASE-v1.5",
   /** Settlement-key signature authorising an on-chain co-signed `refund_lock`. */
   SOLANA_REFUND: "ARP-SOLANA-REFUND-v1",
   /** Admin (platform multisig) signature authorising `resolve_dispute`. */
   SOLANA_RESOLVE_DISPUTE: "ARP-SOLANA-RESOLVE-DISPUTE-v1"
 };
-var PROTECTED_PURPOSES = [Purpose.ENVELOPE];
-var COSIGNATURE_PURPOSES = [Purpose.RECEIPT, Purpose.DISPUTE_RESPONSE];
-var SETTLEMENT_PURPOSES = [
-  Purpose.SOLANA_RELEASE,
-  Purpose.SOLANA_PARTIAL_RELEASE,
-  Purpose.SOLANA_REFUND,
-  Purpose.SOLANA_RESOLVE_DISPUTE
-];
 
 // src/challenge/challenge.ts
 var CHALLENGE_PURPOSE_BYTES = new TextEncoder().encode(Purpose.CHALLENGE);
@@ -419,10 +406,6 @@ var MAINNET_MINTS = {
 var DEVNET_MINTS = {
   USDC: "7ZjP2eJnQrW1SuE1kAP7tdrQuhkTVpco1NQKGjEMHpgg"
 };
-var USDC_MINTS = {
-  "solana-mainnet": MAINNET_MINTS.USDC,
-  "solana-devnet": DEVNET_MINTS.USDC
-};
 var SOL_MAINNET = {
   asset_id: `solana:${SOLANA_CLUSTER_IDS["solana-mainnet"]}/slip44:${SLIP44_SOLANA}`,
   decimals: 9,
@@ -703,4 +686,4 @@ function readU64LE(buf, off) {
   return v;
 }
 
-export { ASSET_WHITELIST, CAIP19_REGEX, COSIGNATURE_PURPOSES, CREATE_LOCK_DISCRIMINATOR, CREATE_LOCK_NATIVE_DISCRIMINATOR, DECLINE_REASONS, DEVNET_MINTS, ESCROW_PDA_SEEDS, LOCK_ACCOUNT_DISCRIMINATOR, LOCK_ACCOUNT_SIZE, LOCK_STATE_NAMES, LOCK_TERMINAL_STATES, MAINNET_MINTS, NATIVE_SOL_MINT_BASE58, NO_ARG_LIFECYCLE_INSTRUCTIONS, PROTECTED_PURPOSES, Purpose, SCRYPT_PARAMS, SETTLEMENT_PURPOSES, SLIP44_SOLANA, SOLANA_CLUSTER_IDS, SPL_TOKEN_PROGRAM_ID_BASE58, USDC_MINTS, WELL_KNOWN_ASSETS, WELL_KNOWN_ASSET_KEYS, base58btcDecode, base58btcEncode, buildCreateLockIxData, buildLifecycleIxData, buildResolveDisputeIxData, bytes16ToDelegationId, canonicalBytes, canonicalJson, canonicalSha256Hex, computeCreateLockDiscriminator, computeLockAccountDiscriminator, decodeLockAccount, delegationIdToBytes16, deriveDelegationConditionHash, deriveLockId, deriveScryptKey, detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, expiresAt, findAssetByAssetId, findFirstChainDivergence, formatDid, generateKeyPair, getPublicKey2 as getPublicKey, instructionDiscriminator, isAssetIdentifier, isDeclineReason, isValidDid, isWhitelistedAssetId, listWhitelistedAssets, parseCaip19SolanaAssetId, parseDid, pollUntil, resolveAsset, rfc3339, scryptPasswordProofSign, scryptPasswordProofVerify, senderNonce, serverEventHash, sign2 as sign, signChallenge, signEnvelope, signKeyLinkAttestation, signedMessageHash, uuidV4, verify2 as verify, verifyChallenge, verifyEnvelope, verifyKeyLinkAttestation };
+export { ASSET_WHITELIST, CAIP19_REGEX, CREATE_LOCK_DISCRIMINATOR, CREATE_LOCK_NATIVE_DISCRIMINATOR, DECLINE_REASONS, DEVNET_MINTS, ESCROW_PDA_SEEDS, LOCK_ACCOUNT_DISCRIMINATOR, LOCK_ACCOUNT_SIZE, LOCK_STATE_NAMES, LOCK_TERMINAL_STATES, MAINNET_MINTS, NATIVE_SOL_MINT_BASE58, NO_ARG_LIFECYCLE_INSTRUCTIONS, Purpose, SCRYPT_PARAMS, SLIP44_SOLANA, SOLANA_CLUSTER_IDS, SPL_TOKEN_PROGRAM_ID_BASE58, WELL_KNOWN_ASSETS, WELL_KNOWN_ASSET_KEYS, base58btcDecode, base58btcEncode, buildCreateLockIxData, buildLifecycleIxData, buildResolveDisputeIxData, bytes16ToDelegationId, canonicalBytes, canonicalJson, canonicalSha256Hex, computeCreateLockDiscriminator, computeLockAccountDiscriminator, decodeLockAccount, delegationIdToBytes16, deriveDelegationConditionHash, deriveLockId, deriveScryptKey, detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, expiresAt, findAssetByAssetId, findFirstChainDivergence, formatDid, generateKeyPair, getPublicKey2 as getPublicKey, instructionDiscriminator, isAssetIdentifier, isDeclineReason, isValidDid, isWhitelistedAssetId, listWhitelistedAssets, parseCaip19SolanaAssetId, parseDid, pollUntil, resolveAsset, rfc3339, scryptPasswordProofSign, scryptPasswordProofVerify, senderNonce, serverEventHash, sign2 as sign, signChallenge, signEnvelope, signKeyLinkAttestation, signedMessageHash, uuidV4, verify2 as verify, verifyChallenge, verifyEnvelope, verifyKeyLinkAttestation };

package/dist/purpose.d.ts

@@ -13,9 +13,9 @@
 export declare const Purpose: {
     /** Default for `protected.purpose` on body messages. */
     readonly ENVELOPE: "ARP-ENVELOPE-v1";
-    /** Receipt co-signature payload (delegation completion). */
+    /** Receipt domain separator (delegation completion). */
     readonly RECEIPT: "ARP-RECEIPT-v1";
-    /** Dispute response co-signature payload. */
+    /** Dispute response domain separator. */
     readonly DISPUTE_RESPONSE: "ARP-DISPUTE-RESPONSE-v1";
     /** Identity ownership challenge proof. */
     readonly CHALLENGE: "ARP-CHALLENGE-v1";
@@ -25,24 +25,12 @@ export declare const Purpose: {
     readonly KEY_LINK: "ARP-KEY-LINK-v1";
     /**
      * Settlement-key signature authorising an on-chain `release_lock`.
-     * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
+     * The digest binds fee_bps_at_lock + fee_recipient_at_lock.
      */
     readonly SOLANA_RELEASE: "ARP-SOLANA-RELEASE-v1.5";
-    /**
-     * Settlement-key signature authorising an on-chain `partial_release`.
-     * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
-     */
-    readonly SOLANA_PARTIAL_RELEASE: "ARP-SOLANA-PARTIAL-RELEASE-v1.5";
     /** Settlement-key signature authorising an on-chain co-signed `refund_lock`. */
     readonly SOLANA_REFUND: "ARP-SOLANA-REFUND-v1";
     /** Admin (platform multisig) signature authorising `resolve_dispute`. */
     readonly SOLANA_RESOLVE_DISPUTE: "ARP-SOLANA-RESOLVE-DISPUTE-v1";
 };
 export type PurposeValue = (typeof Purpose)[keyof typeof Purpose];
-/**
- * `protected.purpose` accepts a subset — the others are payload-level
- * (co-signature / settlement-signature).
- */
-export declare const PROTECTED_PURPOSES: readonly PurposeValue[];
-export declare const COSIGNATURE_PURPOSES: readonly PurposeValue[];
-export declare const SETTLEMENT_PURPOSES: readonly PurposeValue[];

package/dist/types/body.d.ts

@@ -7,14 +7,15 @@
  * validation — those checks belong to the consumer (typically the
  * backend's MessageService); SDK provides only the static types.
  */
-import type { Body, Did, Sha256Hex } from './envelope';
+import type { Body, Sha256Hex } from './envelope';
 /**
  * Chain-qualified asset identifier carried by `delegation.currency`
- * (the single asset for both rate + amount). Replaces the V1 string-enum `'USDC'`
- * placeholder — that shape can't disambiguate `USDC on Solana mainnet`
- * from `USDC on Polygon` or `USDC.e bridged on Avalanche` (all the same
- * ticker, different on-chain assets). It also can't represent native
- * tokens (SOL, ETH) where `slip44` is the canonical asset namespace.
+ * (the single asset for both rate + amount). A plain ticker string like
+ * `'USDC'` can't disambiguate `USDC on Solana mainnet` from `USDC on
+ * Polygon` or `USDC.e bridged on Avalanche` (all the same ticker,
+ * different on-chain assets), and can't represent native tokens (SOL,
+ * ETH) where `slip44` is the canonical asset namespace; this CAIP-19
+ * shape can.
  *
  * Fields:
  *   - `asset_id` — [CAIP-19](https://github.com/ChainAgnostic/CAIPs/blob/main/CAIPs/caip-19.md)
@@ -43,7 +44,7 @@ export interface AssetIdentifier {
 }
 /**
  * Closed enum of machine-readable decline reasons used across the
- * two decline sites in V1:
+ * two decline sites:
  *   • `handshake_response.content.decision === 'decline'`
  *   • `delegation.content.action === 'decline'`
  *
@@ -53,7 +54,7 @@ export interface AssetIdentifier {
  * parsing free-text. The companion `reason_detail` field carries any
  * additional context the sender wants to surface.
  *
- * Closed list at V1 — adding a value bumps the SDK and the server
+ * Closed list — adding a value bumps the SDK and the server
  * validator's allowlist. The intent of `unspecified` is for senders
  * that genuinely have no useful detail (still better than no reason
  * at all); `other` means "see `reason_detail` for the specifics".
@@ -158,9 +159,9 @@ export interface WorkResponseContent {
 }
 /**
  * `receipt` — payee-signed message describing completed work. The
- * `attachments.co_signature` (with purpose `ARP-RECEIPT-v1`) carries
- * the matching identity-key cosign on a payload that includes the
- * receipt event hash.
+ * payee's proposed verdict (`verdict_proposed`) is binding; settlement
+ * happens on-chain via `claim_work_payment`, gated by who sends the
+ * claim transaction inside which time window.
  */
 export interface ReceiptBody extends Body<ReceiptContent> {
     type: 'receipt';
@@ -193,7 +194,7 @@ export interface DisputeContent {
     dispute_id: string;
     delegation_id: string;
     claim?: string;
-    remedy_requested?: 'refund' | 'rework' | 'partial_release' | 'release';
+    remedy_requested?: 'refund' | 'rework' | 'release';
     evidence_refs?: string[];
     response_text?: string;
 }
@@ -202,21 +203,3 @@ export interface DisputeContent {
  * `body.type` via discriminated dispatch.
  */
 export type AnyBody = HandshakeBody | HandshakeResponseBody | DelegationBody | WorkRequestBody | WorkResponseBody | ReceiptBody | DisputeBody;
-/** Receipt co-signature payload — what gets `payload_hash`'d in `attachments.co_signature`. */
-export interface ReceiptCosignPayload {
-    purpose: 'ARP-RECEIPT-v1';
-    delegation_id: string;
-    receipt_event_hash: Sha256Hex;
-    verdict: 'accepted' | 'accepted_with_notes' | 'rejected';
-    notes_hash: Sha256Hex | null;
-}
-/** Dispute response co-signature payload — analogous shape for `ARP-DISPUTE-RESPONSE-v1`. */
-export interface DisputeResponseCosignPayload {
-    purpose: 'ARP-DISPUTE-RESPONSE-v1';
-    dispute_id: string;
-    dispute_event_hash: Sha256Hex;
-    stance: 'accept' | 'reject' | 'partial';
-    notes_hash: Sha256Hex | null;
-    responder_did: Did;
-}
-export type CosignPayload = ReceiptCosignPayload | DisputeResponseCosignPayload;

package/dist/types/envelope.d.ts

@@ -43,14 +43,12 @@ export interface Body<TContent = Record<string, unknown>> {
     content: TContent;
 }
 /**
- * Optional attachments. Two top-level fields are SDK-aware:
- * `co_signature` (semantic intent) and `escrow_lock`
- * (`delegation.offer` carries a pre-signed `create_lock` Solana tx).
- * Other body-specific attachments live under their own keys and are
- * passed through opaquely.
+ * Optional attachments. One top-level field is SDK-aware:
+ * `escrow_lock` (`delegation.offer` carries a pre-signed `create_lock`
+ * Solana tx). Other body-specific attachments live under their own
+ * keys and are passed through opaquely.
  */
 export interface Attachments {
-    co_signature?: CoSignature;
     escrow_lock?: EscrowLockAttachment;
     [other: string]: unknown;
 }
@@ -68,7 +66,7 @@ export interface Attachments {
  *   - `asset_id` is the CAIP-19 currency the lock holds; must equal
  *     `body.content.currency.asset_id` (defence-in-depth).
  *
- * There is NO expiry field: the V2 contract's `create_lock` carries no
+ * There is NO expiry field: the contract's `create_lock` carries no
  * expiry argument. `Lock.expiry` is a rolling deadline the chain
  * derives from the Config windows on each state transition
  * (`accept_lock` → work window, `submit_work` → review window, …).
@@ -82,12 +80,6 @@ export interface EscrowLockAttachment {
     amount: string;
     asset_id: string;
 }
-export interface CoSignature {
-    agent_did: Did;
-    purpose: PurposeValue;
-    payload_hash: Sha256Hex;
-    sig: Ed25519Sig;
-}
 /** Top-level envelope as it appears on the wire. */
 export interface Envelope<TBody extends Body = Body> {
     protected: ProtectedBlock;

package/dist/types/identity.d.ts

@@ -2,8 +2,8 @@ import type { Did } from './envelope';
 /**
  * Owner attestation methods per [00-core/identity.md](../../../00-core/identity.md).
  *
- * V1 ships `scrypt_password_proof` only; the others are reserved
- * placeholders for forward-compat (V1.5 / V2).
+ * Only `scrypt_password_proof` is active; the others are reserved
+ * placeholders for forward-compat.
  */
 export type OwnerSigningMethod = 'scrypt_password_proof' | 'ed25519_owner_key' | 'totp+passphrase';
 /**
@@ -22,7 +22,7 @@ export interface KeyLinkPayload {
     nonce: string;
 }
 /**
- * `scrypt_password_proof` — the V1 owner attestation envelope. The
+ * `scrypt_password_proof` — the owner attestation envelope. The
  * signature is HMAC-SHA256(scrypt(password, salt), sha256(canonical(payload))),
  * base64-encoded. NOT an Ed25519 signature; verification is
  * server-side via the stored scrypt-derived key.
@@ -32,7 +32,7 @@ export interface ScryptPasswordAttestation<TPayload extends KeyLinkPayload = Key
     sig: string;
     scrypt_salt_id: string;
 }
-/** Standard scrypt parameters used for owner password proofs (V1). */
+/** Standard scrypt parameters used for owner password proofs. */
 export declare const SCRYPT_PARAMS: {
     readonly N: 32768;
     readonly r: 8;

package/dist/types/index.d.ts

@@ -1,5 +1,5 @@
-export type { Sha256Hex, Ed25519Sig, Did, ProtectedBlock, Body, Attachments, CoSignature, EscrowLockAttachment, Envelope, PersistedEvent, } from './envelope';
-export type { HandshakeBody, HandshakeContent, HandshakeResponseBody, HandshakeResponseContent, DelegationBody, DelegationContent, WorkRequestBody, WorkRequestContent, WorkResponseBody, WorkResponseContent, ReceiptBody, ReceiptContent, DisputeBody, DisputeContent, AnyBody, ReceiptCosignPayload, DisputeResponseCosignPayload, CosignPayload, DeclineReason, AssetIdentifier, } from './body';
+export type { Sha256Hex, Ed25519Sig, Did, ProtectedBlock, Body, Attachments, EscrowLockAttachment, Envelope, PersistedEvent, } from './envelope';
+export type { HandshakeBody, HandshakeContent, HandshakeResponseBody, HandshakeResponseContent, DelegationBody, DelegationContent, WorkRequestBody, WorkRequestContent, WorkResponseBody, WorkResponseContent, ReceiptBody, ReceiptContent, DisputeBody, DisputeContent, AnyBody, DeclineReason, AssetIdentifier, } from './body';
 export { DECLINE_REASONS, isDeclineReason } from './body';
 export type { AcceptPrefs, AcceptCurrency } from './agent';
 export type { OwnerSigningMethod, KeyLinkPayload, ScryptPasswordAttestation } from './identity';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@heyanon-arp/sdk",
-  "version": "0.0.11",
+  "version": "0.0.13",
   "description": "TypeScript SDK for the Agent Relationship Protocol — canonical JSON, Ed25519 envelope sign/verify, did:arp identity, receipt co-signatures, scrypt key attestation, chain-audit helpers.",
   "license": "MIT",
   "keywords": [