@heyanon-arp/sdk 0.0.14 → 0.0.15

package/dist/index.js

@@ -202,6 +202,7 @@ function verifyChallenge(challengeBytes, signature, identityPubkey) {
 }
 
 // src/types/identity.ts
+var OWNER_SIGNING_METHODS = ["scrypt_password_proof", "ed25519_owner_key", "totp+passphrase"];
 var SCRYPT_PARAMS = {
   N: 32768,
   r: 8,
@@ -306,9 +307,13 @@ function bytesToHex2(b) {
   return s;
 }
 
-// src/settlement/token-program.ts
+// src/settlement/program-ids.ts
 var SPL_TOKEN_PROGRAM_ID_BASE58 = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
 var TOKEN_2022_PROGRAM_ID_BASE58 = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
+var ASSOCIATED_TOKEN_PROGRAM_ID_BASE58 = "ATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL";
+var SYSTEM_PROGRAM_ID_BASE58 = "11111111111111111111111111111111";
+
+// src/settlement/token-program.ts
 function detectTokenProgramFromOwner(mintAccountOwnerBase58) {
   if (mintAccountOwnerBase58 === SPL_TOKEN_PROGRAM_ID_BASE58) {
     return { kind: "legacy", programIdBase58: SPL_TOKEN_PROGRAM_ID_BASE58 };
@@ -360,6 +365,10 @@ function senderNonce() {
   return base.base64urlnopad.encode(utils.randomBytes(16));
 }
 
+// src/utils/time-windows.ts
+var MAX_CLOCK_SKEW_SECONDS = 300;
+var MAX_ENVELOPE_TTL_SECONDS = 86400;
+
 // src/utils/timestamp.ts
 function rfc3339(at = /* @__PURE__ */ new Date()) {
   return `${at.toISOString().slice(0, 19)}Z`;
@@ -368,8 +377,8 @@ function expiresAt(ttlSeconds, now = /* @__PURE__ */ new Date()) {
   if (!Number.isFinite(ttlSeconds) || ttlSeconds <= 0) {
     throw new Error(`expiresAt: ttlSeconds must be positive, got ${ttlSeconds}`);
   }
-  if (ttlSeconds > 24 * 60 * 60) {
-    throw new Error(`expiresAt: ttlSeconds exceeds 24h cap, got ${ttlSeconds}`);
+  if (ttlSeconds > MAX_ENVELOPE_TTL_SECONDS) {
+    throw new Error(`expiresAt: ttlSeconds exceeds ${MAX_ENVELOPE_TTL_SECONDS}s (24h) cap, got ${ttlSeconds}`);
   }
   return rfc3339(new Date(now.getTime() + ttlSeconds * 1e3));
 }
@@ -411,11 +420,67 @@ function sleepWithAbort(ms, signal) {
   });
 }
 
+// src/types/envelope.ts
+var SHA256_HEX_RE = /^sha256:[0-9a-f]{64}$/;
+function isSha256Hex(v) {
+  return typeof v === "string" && SHA256_HEX_RE.test(v);
+}
+var ED25519_SIG_PREFIX = "ed25519:";
+var PROTOCOL_VERSIONS = ["arp/0.1"];
+
 // src/types/body.ts
 var DECLINE_REASONS = ["missing_brief", "rate_too_low", "out_of_scope", "policy", "expired_proposal", "capacity", "unspecified", "other"];
 function isDeclineReason(v) {
   return typeof v === "string" && DECLINE_REASONS.includes(v);
 }
+var HANDSHAKE_DECISIONS = ["accept", "decline"];
+function isHandshakeDecision(v) {
+  return typeof v === "string" && HANDSHAKE_DECISIONS.includes(v);
+}
+var DELEGATION_ACTIONS = ["offer", "accept", "decline", "cancel", "fund"];
+function isDelegationAction(v) {
+  return typeof v === "string" && DELEGATION_ACTIONS.includes(v);
+}
+var RECEIPT_VERDICTS = ["accepted", "accepted_with_notes", "rejected"];
+function isReceiptVerdict(v) {
+  return typeof v === "string" && RECEIPT_VERDICTS.includes(v);
+}
+var BODY_TYPES = ["handshake", "handshake_response", "delegation", "work_request", "work_response", "receipt", "dispute"];
+function isBodyType(v) {
+  return typeof v === "string" && BODY_TYPES.includes(v);
+}
+
+// src/types/delegation.ts
+var DELEGATION_STATES = [
+  "offered",
+  "accepted",
+  "pending_lock_finalization",
+  "locked",
+  "disputing",
+  "completed",
+  "declined",
+  "canceled",
+  "failed",
+  "refunded",
+  "dispute_resolved"
+];
+var DELEGATION_ACTIVE_STATES = ["offered", "accepted", "pending_lock_finalization", "locked"];
+function isDelegationState(v) {
+  return typeof v === "string" && DELEGATION_STATES.includes(v);
+}
+
+// src/types/relationship.ts
+var RELATIONSHIP_STATE_NAMES = ["pending", "active", "paused", "closed"];
+var LIVE_RELATIONSHIP_STATE_NAMES = ["pending", "active", "paused"];
+function isRelationshipState(v) {
+  return typeof v === "string" && RELATIONSHIP_STATE_NAMES.includes(v);
+}
+
+// src/types/work-log.ts
+var WORK_LOG_STATES = ["requested", "responded"];
+function isWorkLogState(v) {
+  return typeof v === "string" && WORK_LOG_STATES.includes(v);
+}
 
 // src/assets.ts
 var SOLANA_CLUSTER_IDS = {
@@ -712,26 +777,44 @@ function readU64LE(buf, off) {
 }
 
 exports.ASSET_WHITELIST = ASSET_WHITELIST;
+exports.ASSOCIATED_TOKEN_PROGRAM_ID_BASE58 = ASSOCIATED_TOKEN_PROGRAM_ID_BASE58;
+exports.BODY_TYPES = BODY_TYPES;
 exports.CAIP19_REGEX = CAIP19_REGEX;
 exports.CREATE_LOCK_DISCRIMINATOR = CREATE_LOCK_DISCRIMINATOR;
 exports.CREATE_LOCK_NATIVE_DISCRIMINATOR = CREATE_LOCK_NATIVE_DISCRIMINATOR;
 exports.DECLINE_REASONS = DECLINE_REASONS;
+exports.DELEGATION_ACTIONS = DELEGATION_ACTIONS;
+exports.DELEGATION_ACTIVE_STATES = DELEGATION_ACTIVE_STATES;
+exports.DELEGATION_STATES = DELEGATION_STATES;
 exports.DEVNET_MINTS = DEVNET_MINTS;
+exports.ED25519_SIG_PREFIX = ED25519_SIG_PREFIX;
 exports.ESCROW_PDA_SEEDS = ESCROW_PDA_SEEDS;
+exports.HANDSHAKE_DECISIONS = HANDSHAKE_DECISIONS;
+exports.LIVE_RELATIONSHIP_STATE_NAMES = LIVE_RELATIONSHIP_STATE_NAMES;
 exports.LOCK_ACCOUNT_DISCRIMINATOR = LOCK_ACCOUNT_DISCRIMINATOR;
 exports.LOCK_ACCOUNT_SIZE = LOCK_ACCOUNT_SIZE;
 exports.LOCK_STATE_NAMES = LOCK_STATE_NAMES;
 exports.LOCK_TERMINAL_STATES = LOCK_TERMINAL_STATES;
 exports.MAINNET_MINTS = MAINNET_MINTS;
+exports.MAX_CLOCK_SKEW_SECONDS = MAX_CLOCK_SKEW_SECONDS;
+exports.MAX_ENVELOPE_TTL_SECONDS = MAX_ENVELOPE_TTL_SECONDS;
 exports.NATIVE_SOL_MINT_BASE58 = NATIVE_SOL_MINT_BASE58;
 exports.NO_ARG_LIFECYCLE_INSTRUCTIONS = NO_ARG_LIFECYCLE_INSTRUCTIONS;
+exports.OWNER_SIGNING_METHODS = OWNER_SIGNING_METHODS;
+exports.PROTOCOL_VERSIONS = PROTOCOL_VERSIONS;
 exports.Purpose = Purpose;
+exports.RECEIPT_VERDICTS = RECEIPT_VERDICTS;
+exports.RELATIONSHIP_STATE_NAMES = RELATIONSHIP_STATE_NAMES;
 exports.SCRYPT_PARAMS = SCRYPT_PARAMS;
+exports.SHA256_HEX_RE = SHA256_HEX_RE;
 exports.SLIP44_SOLANA = SLIP44_SOLANA;
 exports.SOLANA_CLUSTER_IDS = SOLANA_CLUSTER_IDS;
 exports.SPL_TOKEN_PROGRAM_ID_BASE58 = SPL_TOKEN_PROGRAM_ID_BASE58;
+exports.SYSTEM_PROGRAM_ID_BASE58 = SYSTEM_PROGRAM_ID_BASE58;
+exports.TOKEN_2022_PROGRAM_ID_BASE58 = TOKEN_2022_PROGRAM_ID_BASE58;
 exports.WELL_KNOWN_ASSETS = WELL_KNOWN_ASSETS;
 exports.WELL_KNOWN_ASSET_KEYS = WELL_KNOWN_ASSET_KEYS;
+exports.WORK_LOG_STATES = WORK_LOG_STATES;
 exports.base58btcDecode = base58btcDecode;
 exports.base58btcEncode = base58btcEncode;
 exports.buildCreateLockIxData = buildCreateLockIxData;
@@ -758,9 +841,17 @@ exports.generateKeyPair = generateKeyPair;
 exports.getPublicKey = getPublicKey2;
 exports.instructionDiscriminator = instructionDiscriminator;
 exports.isAssetIdentifier = isAssetIdentifier;
+exports.isBodyType = isBodyType;
 exports.isDeclineReason = isDeclineReason;
+exports.isDelegationAction = isDelegationAction;
+exports.isDelegationState = isDelegationState;
+exports.isHandshakeDecision = isHandshakeDecision;
+exports.isReceiptVerdict = isReceiptVerdict;
+exports.isRelationshipState = isRelationshipState;
+exports.isSha256Hex = isSha256Hex;
 exports.isValidDid = isValidDid;
 exports.isWhitelistedAssetId = isWhitelistedAssetId;
+exports.isWorkLogState = isWorkLogState;
 exports.listWhitelistedAssets = listWhitelistedAssets;
 exports.parseCaip19SolanaAssetId = parseCaip19SolanaAssetId;
 exports.parseDid = parseDid;

package/dist/index.mjs

@@ -177,6 +177,7 @@ function verifyChallenge(challengeBytes, signature, identityPubkey) {
 }
 
 // src/types/identity.ts
+var OWNER_SIGNING_METHODS = ["scrypt_password_proof", "ed25519_owner_key", "totp+passphrase"];
 var SCRYPT_PARAMS = {
   N: 32768,
   r: 8,
@@ -281,9 +282,13 @@ function bytesToHex2(b) {
   return s;
 }
 
-// src/settlement/token-program.ts
+// src/settlement/program-ids.ts
 var SPL_TOKEN_PROGRAM_ID_BASE58 = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
 var TOKEN_2022_PROGRAM_ID_BASE58 = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
+var ASSOCIATED_TOKEN_PROGRAM_ID_BASE58 = "ATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL";
+var SYSTEM_PROGRAM_ID_BASE58 = "11111111111111111111111111111111";
+
+// src/settlement/token-program.ts
 function detectTokenProgramFromOwner(mintAccountOwnerBase58) {
   if (mintAccountOwnerBase58 === SPL_TOKEN_PROGRAM_ID_BASE58) {
     return { kind: "legacy", programIdBase58: SPL_TOKEN_PROGRAM_ID_BASE58 };
@@ -335,6 +340,10 @@ function senderNonce() {
   return base64urlnopad.encode(randomBytes(16));
 }
 
+// src/utils/time-windows.ts
+var MAX_CLOCK_SKEW_SECONDS = 300;
+var MAX_ENVELOPE_TTL_SECONDS = 86400;
+
 // src/utils/timestamp.ts
 function rfc3339(at = /* @__PURE__ */ new Date()) {
   return `${at.toISOString().slice(0, 19)}Z`;
@@ -343,8 +352,8 @@ function expiresAt(ttlSeconds, now = /* @__PURE__ */ new Date()) {
   if (!Number.isFinite(ttlSeconds) || ttlSeconds <= 0) {
     throw new Error(`expiresAt: ttlSeconds must be positive, got ${ttlSeconds}`);
   }
-  if (ttlSeconds > 24 * 60 * 60) {
-    throw new Error(`expiresAt: ttlSeconds exceeds 24h cap, got ${ttlSeconds}`);
+  if (ttlSeconds > MAX_ENVELOPE_TTL_SECONDS) {
+    throw new Error(`expiresAt: ttlSeconds exceeds ${MAX_ENVELOPE_TTL_SECONDS}s (24h) cap, got ${ttlSeconds}`);
   }
   return rfc3339(new Date(now.getTime() + ttlSeconds * 1e3));
 }
@@ -386,11 +395,67 @@ function sleepWithAbort(ms, signal) {
   });
 }
 
+// src/types/envelope.ts
+var SHA256_HEX_RE = /^sha256:[0-9a-f]{64}$/;
+function isSha256Hex(v) {
+  return typeof v === "string" && SHA256_HEX_RE.test(v);
+}
+var ED25519_SIG_PREFIX = "ed25519:";
+var PROTOCOL_VERSIONS = ["arp/0.1"];
+
 // src/types/body.ts
 var DECLINE_REASONS = ["missing_brief", "rate_too_low", "out_of_scope", "policy", "expired_proposal", "capacity", "unspecified", "other"];
 function isDeclineReason(v) {
   return typeof v === "string" && DECLINE_REASONS.includes(v);
 }
+var HANDSHAKE_DECISIONS = ["accept", "decline"];
+function isHandshakeDecision(v) {
+  return typeof v === "string" && HANDSHAKE_DECISIONS.includes(v);
+}
+var DELEGATION_ACTIONS = ["offer", "accept", "decline", "cancel", "fund"];
+function isDelegationAction(v) {
+  return typeof v === "string" && DELEGATION_ACTIONS.includes(v);
+}
+var RECEIPT_VERDICTS = ["accepted", "accepted_with_notes", "rejected"];
+function isReceiptVerdict(v) {
+  return typeof v === "string" && RECEIPT_VERDICTS.includes(v);
+}
+var BODY_TYPES = ["handshake", "handshake_response", "delegation", "work_request", "work_response", "receipt", "dispute"];
+function isBodyType(v) {
+  return typeof v === "string" && BODY_TYPES.includes(v);
+}
+
+// src/types/delegation.ts
+var DELEGATION_STATES = [
+  "offered",
+  "accepted",
+  "pending_lock_finalization",
+  "locked",
+  "disputing",
+  "completed",
+  "declined",
+  "canceled",
+  "failed",
+  "refunded",
+  "dispute_resolved"
+];
+var DELEGATION_ACTIVE_STATES = ["offered", "accepted", "pending_lock_finalization", "locked"];
+function isDelegationState(v) {
+  return typeof v === "string" && DELEGATION_STATES.includes(v);
+}
+
+// src/types/relationship.ts
+var RELATIONSHIP_STATE_NAMES = ["pending", "active", "paused", "closed"];
+var LIVE_RELATIONSHIP_STATE_NAMES = ["pending", "active", "paused"];
+function isRelationshipState(v) {
+  return typeof v === "string" && RELATIONSHIP_STATE_NAMES.includes(v);
+}
+
+// src/types/work-log.ts
+var WORK_LOG_STATES = ["requested", "responded"];
+function isWorkLogState(v) {
+  return typeof v === "string" && WORK_LOG_STATES.includes(v);
+}
 
 // src/assets.ts
 var SOLANA_CLUSTER_IDS = {
@@ -686,4 +751,4 @@ function readU64LE(buf, off) {
   return v;
 }
 
-export { ASSET_WHITELIST, CAIP19_REGEX, CREATE_LOCK_DISCRIMINATOR, CREATE_LOCK_NATIVE_DISCRIMINATOR, DECLINE_REASONS, DEVNET_MINTS, ESCROW_PDA_SEEDS, LOCK_ACCOUNT_DISCRIMINATOR, LOCK_ACCOUNT_SIZE, LOCK_STATE_NAMES, LOCK_TERMINAL_STATES, MAINNET_MINTS, NATIVE_SOL_MINT_BASE58, NO_ARG_LIFECYCLE_INSTRUCTIONS, Purpose, SCRYPT_PARAMS, SLIP44_SOLANA, SOLANA_CLUSTER_IDS, SPL_TOKEN_PROGRAM_ID_BASE58, WELL_KNOWN_ASSETS, WELL_KNOWN_ASSET_KEYS, base58btcDecode, base58btcEncode, buildCreateLockIxData, buildLifecycleIxData, buildResolveDisputeIxData, bytes16ToDelegationId, canonicalBytes, canonicalJson, canonicalSha256Hex, computeCreateLockDiscriminator, computeLockAccountDiscriminator, decodeLockAccount, delegationIdToBytes16, deriveDelegationConditionHash, deriveLockId, deriveScryptKey, detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, expiresAt, findAssetByAssetId, findFirstChainDivergence, formatDid, generateKeyPair, getPublicKey2 as getPublicKey, instructionDiscriminator, isAssetIdentifier, isDeclineReason, isValidDid, isWhitelistedAssetId, listWhitelistedAssets, parseCaip19SolanaAssetId, parseDid, pollUntil, resolveAsset, rfc3339, scryptPasswordProofSign, scryptPasswordProofVerify, senderNonce, serverEventHash, sign2 as sign, signChallenge, signEnvelope, signKeyLinkAttestation, signedMessageHash, uuidV4, verify2 as verify, verifyChallenge, verifyEnvelope, verifyKeyLinkAttestation };
+export { ASSET_WHITELIST, ASSOCIATED_TOKEN_PROGRAM_ID_BASE58, BODY_TYPES, CAIP19_REGEX, CREATE_LOCK_DISCRIMINATOR, CREATE_LOCK_NATIVE_DISCRIMINATOR, DECLINE_REASONS, DELEGATION_ACTIONS, DELEGATION_ACTIVE_STATES, DELEGATION_STATES, DEVNET_MINTS, ED25519_SIG_PREFIX, ESCROW_PDA_SEEDS, HANDSHAKE_DECISIONS, LIVE_RELATIONSHIP_STATE_NAMES, LOCK_ACCOUNT_DISCRIMINATOR, LOCK_ACCOUNT_SIZE, LOCK_STATE_NAMES, LOCK_TERMINAL_STATES, MAINNET_MINTS, MAX_CLOCK_SKEW_SECONDS, MAX_ENVELOPE_TTL_SECONDS, NATIVE_SOL_MINT_BASE58, NO_ARG_LIFECYCLE_INSTRUCTIONS, OWNER_SIGNING_METHODS, PROTOCOL_VERSIONS, Purpose, RECEIPT_VERDICTS, RELATIONSHIP_STATE_NAMES, SCRYPT_PARAMS, SHA256_HEX_RE, SLIP44_SOLANA, SOLANA_CLUSTER_IDS, SPL_TOKEN_PROGRAM_ID_BASE58, SYSTEM_PROGRAM_ID_BASE58, TOKEN_2022_PROGRAM_ID_BASE58, WELL_KNOWN_ASSETS, WELL_KNOWN_ASSET_KEYS, WORK_LOG_STATES, base58btcDecode, base58btcEncode, buildCreateLockIxData, buildLifecycleIxData, buildResolveDisputeIxData, bytes16ToDelegationId, canonicalBytes, canonicalJson, canonicalSha256Hex, computeCreateLockDiscriminator, computeLockAccountDiscriminator, decodeLockAccount, delegationIdToBytes16, deriveDelegationConditionHash, deriveLockId, deriveScryptKey, detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, expiresAt, findAssetByAssetId, findFirstChainDivergence, formatDid, generateKeyPair, getPublicKey2 as getPublicKey, instructionDiscriminator, isAssetIdentifier, isBodyType, isDeclineReason, isDelegationAction, isDelegationState, isHandshakeDecision, isReceiptVerdict, isRelationshipState, isSha256Hex, isValidDid, isWhitelistedAssetId, isWorkLogState, listWhitelistedAssets, parseCaip19SolanaAssetId, parseDid, pollUntil, resolveAsset, rfc3339, scryptPasswordProofSign, scryptPasswordProofVerify, senderNonce, serverEventHash, sign2 as sign, signChallenge, signEnvelope, signKeyLinkAttestation, signedMessageHash, uuidV4, verify2 as verify, verifyChallenge, verifyEnvelope, verifyKeyLinkAttestation };

package/dist/settlement/index.d.ts

@@ -1,2 +1,3 @@
-export { detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, SPL_TOKEN_PROGRAM_ID_BASE58 } from './token-program';
+export { SPL_TOKEN_PROGRAM_ID_BASE58, TOKEN_2022_PROGRAM_ID_BASE58, ASSOCIATED_TOKEN_PROGRAM_ID_BASE58, SYSTEM_PROGRAM_ID_BASE58 } from './program-ids';
+export { detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes } from './token-program';
 export type { TokenProgramKind, TokenProgramDetection } from './token-program';

package/dist/settlement/program-ids.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Canonical Solana program-id base58 strings shared by the escrow tx
+ * builders / decoders (server + CLI).
+ *
+ * Kept as plain base58 STRINGS, never `@solana/web3.js` `PublicKey`
+ * objects, so the SDK stays framework- and web3.js-agnostic; consumers
+ * wrap them in `new PublicKey(...)` at the call site. Single source of
+ * truth — these were previously hand-duplicated in
+ * `server/lock-tx-decoder.service.ts` and `cli/wallet.ts`.
+ */
+/** Legacy SPL Token program. */
+export declare const SPL_TOKEN_PROGRAM_ID_BASE58 = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
+/**
+ * Token-2022 (token-extensions) program — NOT supported by ARP escrow.
+ * Exported so consumers can recognise it and reject with a precise
+ * error; a Token-2022 mint never enters the escrow flow.
+ */
+export declare const TOKEN_2022_PROGRAM_ID_BASE58 = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
+/** Associated Token Account program — derives a wallet's canonical ATA. */
+export declare const ASSOCIATED_TOKEN_PROGRAM_ID_BASE58 = "ATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL";
+/**
+ * System Program. This is also the base58 rendering of the all-zero
+ * pubkey that the escrow contract reuses as its native-SOL sentinel
+ * mint — but for THAT meaning use `NATIVE_SOL_MINT_BASE58` (from the
+ * escrow module), not this constant: same string, different semantics.
+ */
+export declare const SYSTEM_PROGRAM_ID_BASE58 = "11111111111111111111111111111111";

package/dist/settlement/token-program.d.ts

@@ -14,10 +14,7 @@
  * that minted it — NOT the mint's mint_authority. Confusingly, both are
  * called "owner" in different contexts.
  */
-/**
- * Legacy SPL Token program ID (base58: `TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA`).
- */
-export declare const SPL_TOKEN_PROGRAM_ID_BASE58 = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
+export { SPL_TOKEN_PROGRAM_ID_BASE58 } from './program-ids';
 /**
  * Token program kind. Maps to the contract's `token_program_kind` u8 on
  * `LockCreated` events: `native` → 0, `legacy` → 1. (The contract also

package/dist/types/body.d.ts

@@ -71,6 +71,32 @@ export declare const DECLINE_REASONS: readonly DeclineReason[];
  * server validator + CLI parsers.
  */
 export declare function isDeclineReason(v: unknown): v is DeclineReason;
+/**
+ * Lifecycle decision on a `handshake_response` body. When
+ * `decision === 'decline'` the companion `reason` (a `DeclineReason`)
+ * is required at the validator level. Same `type` + `as const` array +
+ * guard shape as `DeclineReason` so the server validator and CLI parse
+ * against one source of truth.
+ */
+export type HandshakeDecision = 'accept' | 'decline';
+export declare const HANDSHAKE_DECISIONS: readonly HandshakeDecision[];
+export declare function isHandshakeDecision(v: unknown): v is HandshakeDecision;
+/**
+ * Lifecycle action on a `delegation` body. `offer` opens the
+ * delegation; `accept`/`decline` are the counterparty's response;
+ * `cancel` withdraws an unaccepted offer; `fund` attaches the escrow
+ * lock to an already-accepted delegation.
+ */
+export type DelegationAction = 'offer' | 'accept' | 'decline' | 'cancel' | 'fund';
+export declare const DELEGATION_ACTIONS: readonly DelegationAction[];
+export declare function isDelegationAction(v: unknown): v is DelegationAction;
+/**
+ * Payee's proposed verdict on a `receipt` body. The record is
+ * off-chain; settlement happens on-chain via `claim_work_payment`.
+ */
+export type ReceiptVerdict = 'accepted' | 'accepted_with_notes' | 'rejected';
+export declare const RECEIPT_VERDICTS: readonly ReceiptVerdict[];
+export declare function isReceiptVerdict(v: unknown): v is ReceiptVerdict;
 /**
  * `handshake` — first signed exchange between two agents. Establishes
  * the relationship; carries no terms (those live on the delegation).
@@ -97,7 +123,7 @@ export interface HandshakeResponseBody extends Body<HandshakeResponseContent> {
     type: 'handshake_response';
 }
 export interface HandshakeResponseContent {
-    decision: 'accept' | 'decline';
+    decision: HandshakeDecision;
     notes?: string;
     /** Machine-readable reason — REQUIRED when `decision === 'decline'`. See `DeclineReason`. */
     reason?: DeclineReason;
@@ -113,7 +139,7 @@ export interface DelegationBody extends Body<DelegationContent> {
     type: 'delegation';
 }
 export interface DelegationContent {
-    action: 'offer' | 'accept' | 'decline' | 'cancel' | 'fund';
+    action: DelegationAction;
     delegation_id: string;
     title?: string;
     brief?: Record<string, unknown>;
@@ -177,7 +203,7 @@ export interface ReceiptContent {
         model?: string;
         computed_amount?: string;
     };
-    verdict_proposed: 'accepted' | 'accepted_with_notes' | 'rejected';
+    verdict_proposed: ReceiptVerdict;
     deliverable_hash?: Sha256Hex;
     notes_hash?: Sha256Hex;
     [extra: string]: unknown;
@@ -203,3 +229,17 @@ export interface DisputeContent {
  * `body.type` via discriminated dispatch.
  */
 export type AnyBody = HandshakeBody | HandshakeResponseBody | DelegationBody | WorkRequestBody | WorkResponseBody | ReceiptBody | DisputeBody;
+/**
+ * The closed taxonomy of envelope `body.type` values — the runtime
+ * companion to `AnyBody` (`BodyType` is derived from it, so the two
+ * can't drift). Names are wire-facing and MUST match
+ * `00-core/protocol.md`.
+ *
+ * NOTE: this is the FULL taxonomy. A consumer's *acceptance policy* may
+ * deliberately admit only a subset (e.g. the server rejects `dispute`
+ * as not-yet-implemented) — that allowlist is a separate, hand-curated
+ * thing and must NOT be regenerated from this array.
+ */
+export type BodyType = AnyBody['type'];
+export declare const BODY_TYPES: readonly BodyType[];
+export declare function isBodyType(v: unknown): v is BodyType;

package/dist/types/delegation.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Persisted delegation lifecycle — the FSM on the `delegations` row.
+ *
+ * Distinct from the wire-level `DelegationAction` verb in `body.ts`
+ * (`offer`/`accept`/…): that is what an envelope DOES; this is what the
+ * row IS. Single source of truth for the server's Mongoose
+ * `@Prop({ enum })` value list and the CLI's `DelegationPublic.state`
+ * union, so the FSM vocabulary bumps in exactly one place.
+ *
+ * Same `as const` array + derived type + guard shape as
+ * `DECLINE_REASONS` in `body.ts`.
+ */
+export declare const DELEGATION_STATES: readonly ["offered", "accepted", "pending_lock_finalization", "locked", "disputing", "completed", "declined", "canceled", "failed", "refunded", "dispute_resolved"];
+export type DelegationState = (typeof DELEGATION_STATES)[number];
+/**
+ * Non-terminal "the cycle is still live" subset — offered through
+ * locked. Used for worker capacity counting and the CLI's active-cycle
+ * view. Declared `satisfies readonly DelegationState[]` so it can never
+ * name a state that isn't in `DELEGATION_STATES`.
+ */
+export declare const DELEGATION_ACTIVE_STATES: readonly ["offered", "accepted", "pending_lock_finalization", "locked"];
+export declare function isDelegationState(v: unknown): v is DelegationState;

package/dist/types/envelope.d.ts

@@ -11,10 +11,28 @@ import type { PurposeValue } from '../purpose';
  */
 /** Hash string in protocol format `sha256:<64-char hex>`. */
 export type Sha256Hex = `sha256:${string}`;
+/**
+ * Strict runtime validator for `Sha256Hex`. The template-literal type
+ * above cannot constrain hex/length in TS, so consumers that need a
+ * real check (CLI id parsers, the receipt validator) use this instead
+ * of hand-rolling their own copy. Pattern: `sha256:` + exactly 64
+ * lowercase hex chars.
+ */
+export declare const SHA256_HEX_RE: RegExp;
+export declare function isSha256Hex(v: unknown): v is Sha256Hex;
+/** Wire prefix for an Ed25519 signature value (`ed25519:<base64>`). */
+export declare const ED25519_SIG_PREFIX: "ed25519:";
 /** Ed25519 signature in protocol format `ed25519:<base64>`. */
-export type Ed25519Sig = `ed25519:${string}`;
+export type Ed25519Sig = `${typeof ED25519_SIG_PREFIX}${string}`;
 /** DID format `did:arp:<base58btc>`. */
 export type Did = `did:arp:${string}`;
+/**
+ * Protocol versions this SDK speaks. The server validator's accept-list
+ * and the signed `protected.protocol_version` field both source from
+ * this array, so bumping the wire version is a one-line change here.
+ */
+export declare const PROTOCOL_VERSIONS: readonly ["arp/0.1"];
+export type ProtocolVersion = (typeof PROTOCOL_VERSIONS)[number];
 /**
  * Client-signed `protected` block. All fields here are part of the
  * signing input. Server-assigned chain fields (`relationship_event_index`,
@@ -22,7 +40,7 @@ export type Did = `did:arp:${string}`;
  * sign them.
  */
 export interface ProtectedBlock {
-    protocol_version: 'arp/0.1';
+    protocol_version: ProtocolVersion;
     purpose: PurposeValue;
     message_id: string;
     sender_did: Did;

package/dist/types/identity.d.ts

@@ -2,10 +2,13 @@ import type { Did } from './envelope';
 /**
  * Owner attestation methods per [00-core/identity.md](../../../00-core/identity.md).
  *
- * Only `scrypt_password_proof` is active; the others are reserved
- * placeholders for forward-compat.
+ * Only `scrypt_password_proof` is active (index 0); the others are
+ * reserved placeholders for forward-compat. Backed by an `as const`
+ * array so the server's attestation schema can source the active method
+ * from `OWNER_SIGNING_METHODS[0]` instead of re-hardcoding the literal.
  */
-export type OwnerSigningMethod = 'scrypt_password_proof' | 'ed25519_owner_key' | 'totp+passphrase';
+export declare const OWNER_SIGNING_METHODS: readonly ["scrypt_password_proof", "ed25519_owner_key", "totp+passphrase"];
+export type OwnerSigningMethod = (typeof OWNER_SIGNING_METHODS)[number];
 /**
  * `ARP-KEY-LINK-v1` payload — the canonical-JSON-hashed object an owner
  * signs at registration. Carries the link between identity and settlement

package/dist/types/index.d.ts

@@ -1,6 +1,13 @@
-export type { Sha256Hex, Ed25519Sig, Did, ProtectedBlock, Body, Attachments, EscrowLockAttachment, Envelope, PersistedEvent, } from './envelope';
-export type { HandshakeBody, HandshakeContent, HandshakeResponseBody, HandshakeResponseContent, DelegationBody, DelegationContent, WorkRequestBody, WorkRequestContent, WorkResponseBody, WorkResponseContent, ReceiptBody, ReceiptContent, DisputeBody, DisputeContent, AnyBody, DeclineReason, AssetIdentifier, } from './body';
-export { DECLINE_REASONS, isDeclineReason } from './body';
+export type { Sha256Hex, Ed25519Sig, Did, ProtocolVersion, ProtectedBlock, Body, Attachments, EscrowLockAttachment, Envelope, PersistedEvent, } from './envelope';
+export { SHA256_HEX_RE, isSha256Hex, ED25519_SIG_PREFIX, PROTOCOL_VERSIONS } from './envelope';
+export type { HandshakeBody, HandshakeContent, HandshakeResponseBody, HandshakeResponseContent, HandshakeDecision, DelegationBody, DelegationContent, DelegationAction, WorkRequestBody, WorkRequestContent, WorkResponseBody, WorkResponseContent, ReceiptBody, ReceiptContent, ReceiptVerdict, DisputeBody, DisputeContent, AnyBody, BodyType, DeclineReason, AssetIdentifier, } from './body';
+export { DECLINE_REASONS, isDeclineReason, HANDSHAKE_DECISIONS, isHandshakeDecision, DELEGATION_ACTIONS, isDelegationAction, RECEIPT_VERDICTS, isReceiptVerdict, BODY_TYPES, isBodyType, } from './body';
+export type { DelegationState } from './delegation';
+export { DELEGATION_STATES, DELEGATION_ACTIVE_STATES, isDelegationState } from './delegation';
+export type { RelationshipState } from './relationship';
+export { RELATIONSHIP_STATE_NAMES, LIVE_RELATIONSHIP_STATE_NAMES, isRelationshipState } from './relationship';
+export type { WorkLogState } from './work-log';
+export { WORK_LOG_STATES, isWorkLogState } from './work-log';
 export type { AcceptPrefs, AcceptCurrency } from './agent';
 export type { OwnerSigningMethod, KeyLinkPayload, ScryptPasswordAttestation } from './identity';
-export { SCRYPT_PARAMS } from './identity';
+export { SCRYPT_PARAMS, OWNER_SIGNING_METHODS } from './identity';

package/dist/types/relationship.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Per-pair relationship lifecycle. `pending` after a handshake →
+ * `active` once the counterparty replies → `paused` soft-disable →
+ * `closed` terminal. Single source of truth for the server's Mongoose
+ * `@Prop({ enum })` and the CLI's relationship-state unions.
+ */
+export declare const RELATIONSHIP_STATE_NAMES: readonly ["pending", "active", "paused", "closed"];
+export type RelationshipState = (typeof RELATIONSHIP_STATE_NAMES)[number];
+/**
+ * "Live" subset — every state EXCEPT `closed`. Feeds the Mongo
+ * partial-unique index that enforces one live row per DID pair, so a
+ * re-handshake after a close can mint a fresh row. `closed` MUST stay
+ * excluded. Declared `satisfies readonly RelationshipState[]`.
+ */
+export declare const LIVE_RELATIONSHIP_STATE_NAMES: readonly ["pending", "active", "paused"];
+export declare function isRelationshipState(v: unknown): v is RelationshipState;

package/dist/types/work-log.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Work-log row state: `requested` (caller sent a `work_request`) →
+ * `responded` (payee replied with output or error). Work-logs do NOT
+ * mutate delegation state — they're the audit record pairing each
+ * request with its response. Single source of truth for the server's
+ * Mongoose `@Prop({ enum })` and the CLI's work-log state union/filter.
+ */
+export declare const WORK_LOG_STATES: readonly ["requested", "responded"];
+export type WorkLogState = (typeof WORK_LOG_STATES)[number];
+export declare function isWorkLogState(v: unknown): v is WorkLogState;

package/dist/utils/index.d.ts

@@ -1,4 +1,5 @@
 export { uuidV4 } from './uuid';
 export { senderNonce } from './nonce';
 export { rfc3339, expiresAt } from './timestamp';
+export { MAX_CLOCK_SKEW_SECONDS, MAX_ENVELOPE_TTL_SECONDS } from './time-windows';
 export { pollUntil, type PollUntilOptions, type PollUntilResult } from './poll';

package/dist/utils/time-windows.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Protocol time windows, in SECONDS. Single source of truth for the
+ * server's clock-skew tolerance and the envelope TTL cap; the CLI
+ * surfaces the TTL in its `--ttl` help text and the server enforces
+ * both at validation time.
+ *
+ * Unit note: these are SECONDS. The server's `MAX_TIME_SKEW_MS` derives
+ * from `MAX_CLOCK_SKEW_SECONDS * 1000`.
+ */
+/** Max abs(now − protected.timestamp) the server accepts: ±5 minutes. */
+export declare const MAX_CLOCK_SKEW_SECONDS = 300;
+/** Max envelope validity (`expires_at − now`): 24 hours. */
+export declare const MAX_ENVELOPE_TTL_SECONDS = 86400;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@heyanon-arp/sdk",
-  "version": "0.0.14",
+  "version": "0.0.15",
   "description": "TypeScript SDK for the Agent Relationship Protocol — canonical JSON, Ed25519 envelope sign/verify, did:arp identity, scrypt key attestation, chain-audit helpers.",
   "license": "MIT",
   "keywords": [