@heyanon-arp/sdk 0.0.14 → 0.0.18

package/dist/assets.d.ts

@@ -113,10 +113,34 @@ export declare function isWhitelistedAssetId(assetId: string, cluster?: SolanaCl
  *   asset_reference = [-.%a-zA-Z0-9]{1,128}
  */
 export declare const CAIP19_REGEX: RegExp;
+/**
+ * `AssetIdentifier.decimals` bounds — base-unit exponent, inclusive
+ * [0, 18]. 18 is the max any whitelisted asset uses and matches the
+ * decimal-amount fraction cap below. NOT the SPL u8 mint-decimals
+ * range (0–255) — that's a distinct on-chain concept the CLI keeps
+ * local to base-unit conversion.
+ */
+export declare const ASSET_DECIMALS_MIN = 0;
+export declare const ASSET_DECIMALS_MAX = 18;
+/** `AssetIdentifier.symbol` length bounds (inclusive) when present. */
+export declare const ASSET_SYMBOL_MIN_LEN = 1;
+export declare const ASSET_SYMBOL_MAX_LEN = 16;
+/**
+ * Canonical decimal-as-string AMOUNT shape: unsigned, ≥1 integer
+ * digit, optional fraction, bounded 30 integer / 18 fraction digits so
+ * BigInt scaling stays cheap and a hostile kilobyte-long "amount" is
+ * rejected up front (18 == {@link ASSET_DECIMALS_MAX}). The protocol's
+ * amount fields (delegation.offer amount, accept-prefs min/max) are
+ * decimal strings — server + CLI both validate against THIS regex so
+ * they can never disagree on what a valid amount looks like.
+ */
+export declare const DECIMAL_AMOUNT_REGEX: RegExp;
+export declare function isDecimalAmountString(v: unknown): v is string;
 /**
  * Type guard for `AssetIdentifier`. Validates structural shape +
  * CAIP-19 conformance of `asset_id` + decimals range. Symbol is
- * optional but if present must be 1-16 chars.
+ * optional but if present must be {@link ASSET_SYMBOL_MIN_LEN}–
+ * {@link ASSET_SYMBOL_MAX_LEN} chars.
  */
 export declare function isAssetIdentifier(value: unknown): value is AssetIdentifier;
 /**

package/dist/escrow/config-status.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Live on-chain escrow Config PDA snapshot — the shape the server's
+ * `GET /v1/escrow/config` returns and the CLI consumes. Single source
+ * of truth for the read-model contract: the server's config-reader
+ * service annotates its `readConfig()` return with this, and the CLI's
+ * `getEscrowConfig` types its response with it, so the two cannot drift.
+ *
+ * Framework-agnostic plain interface (no decorators) — the server reads
+ * it from a service, not a NestJS DTO class, so there is nothing to
+ * decorate; lamport amounts are decimal STRINGS (u64-safe), windows +
+ * fee_bps are numbers.
+ */
+export interface EscrowConfigStatus {
+    /** Config.fee_enabled bit. */
+    feeEnabled: boolean;
+    /** fee_bps as a number (u16). 0 when disabled or explicitly zero. */
+    feeBps: number;
+    /** base58 fee_recipient. The all-zero address sentinel means "no recipient configured". */
+    feeRecipient: string;
+    /** base58 treasury (receives the treasury share of dispute stakes). */
+    treasury: string;
+    /** Lamports the WORKER must stake at accept_lock. */
+    workerStakeLamports: string;
+    /** Lamports the operator collects per resolve_dispute. */
+    operatorDisputeFeeLamports: string;
+    /** Seconds the worker has to submit_work after accept_lock. */
+    workWindowSecs: number;
+    /** Seconds the buyer has to approve/dispute after submit_work. */
+    reviewWindowSecs: number;
+    /** Seconds the operator has to resolve after open_dispute. */
+    disputeWindowSecs: number;
+    /** Whether the contract is paused. */
+    paused: boolean;
+    /** The admin pubkey. */
+    admin: string;
+    /** The on-chain program id. */
+    programId: string;
+}

package/dist/escrow/index.d.ts

@@ -1,6 +1,7 @@
 export { deriveLockId, delegationIdToBytes16, bytes16ToDelegationId } from './lock-id';
 export { deriveDelegationConditionHash, type DelegationTermsSubset, type DelegationTermsInput } from './condition-hash';
 export { parseCaip19SolanaAssetId, type ParsedSolanaAssetId } from './caip19';
+export type { EscrowConfigStatus } from './config-status';
 export { buildCreateLockIxData, computeCreateLockDiscriminator, CREATE_LOCK_DISCRIMINATOR, CREATE_LOCK_NATIVE_DISCRIMINATOR, type CreateLockArgs, } from './create-lock';
 export { ESCROW_PDA_SEEDS, NO_ARG_LIFECYCLE_INSTRUCTIONS, type NoArgLifecycleInstruction, instructionDiscriminator, buildLifecycleIxData, buildResolveDisputeIxData, type ResolveDisputeArgs, } from './lifecycle-instructions';
-export { LOCK_ACCOUNT_SIZE, LOCK_ACCOUNT_DISCRIMINATOR, LOCK_STATE_NAMES, LOCK_TERMINAL_STATES, NATIVE_SOL_MINT_BASE58, type LockStateName, type DecodedLockAccount, decodeLockAccount, computeLockAccountDiscriminator, } from './lock-account';
+export { LOCK_ACCOUNT_SIZE, LOCK_ACCOUNT_DISCRIMINATOR, LOCK_STATE_NAMES, LOCK_TERMINAL_STATES, LockStates, ESCROW_RELEASE_METHODS, EscrowReleaseMethods, NATIVE_SOL_MINT_BASE58, type LockStateName, type LockTerminalState, type EscrowReleaseMethodName, isEscrowReleaseMethod, type DecodedLockAccount, decodeLockAccount, computeLockAccountDiscriminator, } from './lock-account';

package/dist/escrow/lock-account.d.ts

@@ -8,7 +8,46 @@ export declare const LOCK_ACCOUNT_DISCRIMINATOR: Uint8Array<ArrayBuffer>;
 export declare const LOCK_STATE_NAMES: readonly ["created", "canceled", "in_progress", "submitted", "paid", "revoked", "disputing", "dispute_resolved", "dispute_closed"];
 export type LockStateName = (typeof LOCK_STATE_NAMES)[number];
 /** Terminal lock states — no further on-chain transition exists. */
-export declare const LOCK_TERMINAL_STATES: readonly LockStateName[];
+export declare const LOCK_TERMINAL_STATES: readonly ["canceled", "paid", "revoked", "dispute_resolved", "dispute_closed"];
+/**
+ * The terminal subset of {@link LockStateName}. A receipt's
+ * `release_status` IS the on-chain lock's terminal state, so the
+ * server `ReceiptReleaseStatus` enum and the CLI `releaseStatus` DTO
+ * field both source this type instead of re-listing the literals.
+ */
+export type LockTerminalState = (typeof LOCK_TERMINAL_STATES)[number];
+/**
+ * On-chain `WorkPaymentClaimed.claim_type` → how a paid lock was
+ * released. Discriminant order = u8 value (0 = buyer_approved,
+ * 1 = review_timeout). The server's `EscrowReleaseMethod` enum and the
+ * CLI claim `role` both source these values.
+ */
+export declare const ESCROW_RELEASE_METHODS: readonly ["buyer_approved", "review_timeout"];
+export type EscrowReleaseMethodName = (typeof ESCROW_RELEASE_METHODS)[number];
+export declare function isEscrowReleaseMethod(v: unknown): v is EscrowReleaseMethodName;
+/**
+ * Named-member accessor for the on-chain lock FSM — lets consumers
+ * write `state === LockStates.SUBMITTED` / `case LockStates.PAID:`
+ * instead of bare strings. Values are the wire/decoder strings (== the
+ * {@link LockStateName} union), so they stay assignable everywhere with
+ * no casts. Parity with {@link LOCK_STATE_NAMES} is vocab-tested.
+ */
+export declare const LockStates: {
+    readonly CREATED: "created";
+    readonly CANCELED: "canceled";
+    readonly IN_PROGRESS: "in_progress";
+    readonly SUBMITTED: "submitted";
+    readonly PAID: "paid";
+    readonly REVOKED: "revoked";
+    readonly DISPUTING: "disputing";
+    readonly DISPUTE_RESOLVED: "dispute_resolved";
+    readonly DISPUTE_CLOSED: "dispute_closed";
+};
+/** Named-member accessor for {@link EscrowReleaseMethodName} (vocab-tested). */
+export declare const EscrowReleaseMethods: {
+    readonly BUYER_APPROVED: "buyer_approved";
+    readonly REVIEW_TIMEOUT: "review_timeout";
+};
 /** The contract's native-SOL sentinel mint, base58 form of [0u8;32]. */
 export declare const NATIVE_SOL_MINT_BASE58 = "11111111111111111111111111111111";
 export interface DecodedLockAccount {

package/dist/index.js

@@ -202,6 +202,7 @@ function verifyChallenge(challengeBytes, signature, identityPubkey) {
 }
 
 // src/types/identity.ts
+var OWNER_SIGNING_METHODS = ["scrypt_password_proof", "ed25519_owner_key", "totp+passphrase"];
 var SCRYPT_PARAMS = {
   N: 32768,
   r: 8,
@@ -306,9 +307,14 @@ function bytesToHex2(b) {
   return s;
 }
 
-// src/settlement/token-program.ts
+// src/settlement/program-ids.ts
 var SPL_TOKEN_PROGRAM_ID_BASE58 = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
 var TOKEN_2022_PROGRAM_ID_BASE58 = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
+var ASSOCIATED_TOKEN_PROGRAM_ID_BASE58 = "ATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL";
+var SYSTEM_PROGRAM_ID_BASE58 = "11111111111111111111111111111111";
+var ESCROW_PROGRAM_ID_BASE58 = "DckBAFZcE1AZWgVsz5ipnwSUy2wWeK5eBPBoyJgKVPzb";
+
+// src/settlement/token-program.ts
 function detectTokenProgramFromOwner(mintAccountOwnerBase58) {
   if (mintAccountOwnerBase58 === SPL_TOKEN_PROGRAM_ID_BASE58) {
     return { kind: "legacy", programIdBase58: SPL_TOKEN_PROGRAM_ID_BASE58 };
@@ -360,6 +366,10 @@ function senderNonce() {
   return base.base64urlnopad.encode(utils.randomBytes(16));
 }
 
+// src/utils/time-windows.ts
+var MAX_CLOCK_SKEW_SECONDS = 300;
+var MAX_ENVELOPE_TTL_SECONDS = 86400;
+
 // src/utils/timestamp.ts
 function rfc3339(at = /* @__PURE__ */ new Date()) {
   return `${at.toISOString().slice(0, 19)}Z`;
@@ -368,8 +378,8 @@ function expiresAt(ttlSeconds, now = /* @__PURE__ */ new Date()) {
   if (!Number.isFinite(ttlSeconds) || ttlSeconds <= 0) {
     throw new Error(`expiresAt: ttlSeconds must be positive, got ${ttlSeconds}`);
   }
-  if (ttlSeconds > 24 * 60 * 60) {
-    throw new Error(`expiresAt: ttlSeconds exceeds 24h cap, got ${ttlSeconds}`);
+  if (ttlSeconds > MAX_ENVELOPE_TTL_SECONDS) {
+    throw new Error(`expiresAt: ttlSeconds exceeds ${MAX_ENVELOPE_TTL_SECONDS}s (24h) cap, got ${ttlSeconds}`);
   }
   return rfc3339(new Date(now.getTime() + ttlSeconds * 1e3));
 }
@@ -411,11 +421,147 @@ function sleepWithAbort(ms, signal) {
   });
 }
 
+// src/types/envelope.ts
+var SHA256_HEX_RE = /^sha256:[0-9a-f]{64}$/;
+function isSha256Hex(v) {
+  return typeof v === "string" && SHA256_HEX_RE.test(v);
+}
+var ED25519_SIG_PREFIX = "ed25519:";
+var PROTOCOL_VERSIONS = ["arp/0.1"];
+var CURRENT_PROTOCOL_VERSION = PROTOCOL_VERSIONS[PROTOCOL_VERSIONS.length - 1];
+
 // src/types/body.ts
 var DECLINE_REASONS = ["missing_brief", "rate_too_low", "out_of_scope", "policy", "expired_proposal", "capacity", "unspecified", "other"];
 function isDeclineReason(v) {
   return typeof v === "string" && DECLINE_REASONS.includes(v);
 }
+var HANDSHAKE_DECISIONS = ["accept", "decline"];
+function isHandshakeDecision(v) {
+  return typeof v === "string" && HANDSHAKE_DECISIONS.includes(v);
+}
+var HandshakeDecisions = {
+  ACCEPT: "accept",
+  DECLINE: "decline"
+};
+var DELEGATION_ACTIONS = ["offer", "accept", "decline", "cancel", "fund"];
+function isDelegationAction(v) {
+  return typeof v === "string" && DELEGATION_ACTIONS.includes(v);
+}
+var DelegationActions = {
+  OFFER: "offer",
+  ACCEPT: "accept",
+  DECLINE: "decline",
+  CANCEL: "cancel",
+  FUND: "fund"
+};
+var RECEIPT_VERDICTS = ["accepted", "accepted_with_notes", "rejected"];
+function isReceiptVerdict(v) {
+  return typeof v === "string" && RECEIPT_VERDICTS.includes(v);
+}
+var ReceiptVerdicts = {
+  ACCEPTED: "accepted",
+  ACCEPTED_WITH_NOTES: "accepted_with_notes",
+  REJECTED: "rejected"
+};
+var BODY_TYPES = ["handshake", "handshake_response", "delegation", "work_request", "work_response", "receipt", "dispute"];
+function isBodyType(v) {
+  return typeof v === "string" && BODY_TYPES.includes(v);
+}
+var BodyTypes = {
+  HANDSHAKE: "handshake",
+  HANDSHAKE_RESPONSE: "handshake_response",
+  DELEGATION: "delegation",
+  WORK_REQUEST: "work_request",
+  WORK_RESPONSE: "work_response",
+  RECEIPT: "receipt",
+  DISPUTE: "dispute"
+};
+
+// src/types/delegation.ts
+var DELEGATION_STATES = [
+  "offered",
+  "accepted",
+  "pending_lock_finalization",
+  "locked",
+  "disputing",
+  "completed",
+  "declined",
+  "canceled",
+  "failed",
+  "refunded",
+  "dispute_resolved"
+];
+var DELEGATION_ACTIVE_STATES = ["offered", "accepted", "pending_lock_finalization", "locked"];
+function isDelegationState(v) {
+  return typeof v === "string" && DELEGATION_STATES.includes(v);
+}
+var DelegationStates = {
+  OFFERED: "offered",
+  ACCEPTED: "accepted",
+  PENDING_LOCK_FINALIZATION: "pending_lock_finalization",
+  LOCKED: "locked",
+  DISPUTING: "disputing",
+  COMPLETED: "completed",
+  DECLINED: "declined",
+  CANCELED: "canceled",
+  FAILED: "failed",
+  REFUNDED: "refunded",
+  DISPUTE_RESOLVED: "dispute_resolved"
+};
+
+// src/types/relationship.ts
+var RELATIONSHIP_STATE_NAMES = ["pending", "active", "paused", "closed"];
+var LIVE_RELATIONSHIP_STATE_NAMES = ["pending", "active", "paused"];
+function isRelationshipState(v) {
+  return typeof v === "string" && RELATIONSHIP_STATE_NAMES.includes(v);
+}
+var RelationshipStates = {
+  PENDING: "pending",
+  ACTIVE: "active",
+  PAUSED: "paused",
+  CLOSED: "closed"
+};
+
+// src/types/work-log.ts
+var WORK_LOG_STATES = ["requested", "responded"];
+function isWorkLogState(v) {
+  return typeof v === "string" && WORK_LOG_STATES.includes(v);
+}
+var WorkLogStates = {
+  REQUESTED: "requested",
+  RESPONDED: "responded"
+};
+
+// src/types/event.ts
+var READ_MODEL_STATUSES = ["materialized", "rejected"];
+function isReadModelStatus(v) {
+  return typeof v === "string" && READ_MODEL_STATUSES.includes(v);
+}
+var ReadModelStatuses = {
+  MATERIALIZED: "materialized",
+  REJECTED: "rejected"
+};
+
+// src/types/discovery.ts
+var DISCOVERY_SORTS = ["reputation", "recent", "created"];
+function isDiscoverySort(v) {
+  return typeof v === "string" && DISCOVERY_SORTS.includes(v);
+}
+var DiscoverySorts = {
+  REPUTATION: "reputation",
+  RECENT: "recent",
+  CREATED: "created"
+};
+
+// src/types/inbox.ts
+var INBOX_BLOCK_SCOPES = ["account", "did"];
+function isInboxBlockScope(v) {
+  return typeof v === "string" && INBOX_BLOCK_SCOPES.includes(v);
+}
+var InboxBlockScopes = {
+  ACCOUNT: "account",
+  DID: "did"
+};
 
 // src/assets.ts
 var SOLANA_CLUSTER_IDS = {
@@ -487,12 +633,20 @@ function isWhitelistedAssetId(assetId, cluster) {
   return cluster === void 0 || hit.cluster === cluster;
 }
 var CAIP19_REGEX = /^[-a-z0-9]{3,8}:[-_a-zA-Z0-9]{1,32}\/[-a-z0-9]{3,8}:[-.%a-zA-Z0-9]{1,128}$/;
+var ASSET_DECIMALS_MIN = 0;
+var ASSET_DECIMALS_MAX = 18;
+var ASSET_SYMBOL_MIN_LEN = 1;
+var ASSET_SYMBOL_MAX_LEN = 16;
+var DECIMAL_AMOUNT_REGEX = /^\d{1,30}(\.\d{1,18})?$/;
+function isDecimalAmountString(v) {
+  return typeof v === "string" && DECIMAL_AMOUNT_REGEX.test(v);
+}
 function isAssetIdentifier(value) {
   if (typeof value !== "object" || value === null || Array.isArray(value)) return false;
   const v = value;
   if (typeof v.asset_id !== "string" || !CAIP19_REGEX.test(v.asset_id)) return false;
-  if (typeof v.decimals !== "number" || !Number.isInteger(v.decimals) || v.decimals < 0 || v.decimals > 18) return false;
-  if (v.symbol !== void 0 && (typeof v.symbol !== "string" || v.symbol.length === 0 || v.symbol.length > 16)) return false;
+  if (typeof v.decimals !== "number" || !Number.isInteger(v.decimals) || v.decimals < ASSET_DECIMALS_MIN || v.decimals > ASSET_DECIMALS_MAX) return false;
+  if (v.symbol !== void 0 && (typeof v.symbol !== "string" || v.symbol.length < ASSET_SYMBOL_MIN_LEN || v.symbol.length > ASSET_SYMBOL_MAX_LEN)) return false;
   return true;
 }
 function resolveAsset(input) {
@@ -659,6 +813,25 @@ var LOCK_ACCOUNT_SIZE = 269;
 var LOCK_ACCOUNT_DISCRIMINATOR = new Uint8Array([8, 255, 36, 202, 210, 22, 57, 137]);
 var LOCK_STATE_NAMES = ["created", "canceled", "in_progress", "submitted", "paid", "revoked", "disputing", "dispute_resolved", "dispute_closed"];
 var LOCK_TERMINAL_STATES = ["canceled", "paid", "revoked", "dispute_resolved", "dispute_closed"];
+var ESCROW_RELEASE_METHODS = ["buyer_approved", "review_timeout"];
+function isEscrowReleaseMethod(v) {
+  return typeof v === "string" && ESCROW_RELEASE_METHODS.includes(v);
+}
+var LockStates = {
+  CREATED: "created",
+  CANCELED: "canceled",
+  IN_PROGRESS: "in_progress",
+  SUBMITTED: "submitted",
+  PAID: "paid",
+  REVOKED: "revoked",
+  DISPUTING: "disputing",
+  DISPUTE_RESOLVED: "dispute_resolved",
+  DISPUTE_CLOSED: "dispute_closed"
+};
+var EscrowReleaseMethods = {
+  BUYER_APPROVED: "buyer_approved",
+  REVIEW_TIMEOUT: "review_timeout"
+};
 var NATIVE_SOL_MINT_BASE58 = "11111111111111111111111111111111";
 function decodeLockAccount(data) {
   if (data.length !== LOCK_ACCOUNT_SIZE) {
@@ -711,27 +884,68 @@ function readU64LE(buf, off) {
   return v;
 }
 
+exports.ASSET_DECIMALS_MAX = ASSET_DECIMALS_MAX;
+exports.ASSET_DECIMALS_MIN = ASSET_DECIMALS_MIN;
+exports.ASSET_SYMBOL_MAX_LEN = ASSET_SYMBOL_MAX_LEN;
+exports.ASSET_SYMBOL_MIN_LEN = ASSET_SYMBOL_MIN_LEN;
 exports.ASSET_WHITELIST = ASSET_WHITELIST;
+exports.ASSOCIATED_TOKEN_PROGRAM_ID_BASE58 = ASSOCIATED_TOKEN_PROGRAM_ID_BASE58;
+exports.BODY_TYPES = BODY_TYPES;
+exports.BodyTypes = BodyTypes;
 exports.CAIP19_REGEX = CAIP19_REGEX;
 exports.CREATE_LOCK_DISCRIMINATOR = CREATE_LOCK_DISCRIMINATOR;
 exports.CREATE_LOCK_NATIVE_DISCRIMINATOR = CREATE_LOCK_NATIVE_DISCRIMINATOR;
+exports.CURRENT_PROTOCOL_VERSION = CURRENT_PROTOCOL_VERSION;
+exports.DECIMAL_AMOUNT_REGEX = DECIMAL_AMOUNT_REGEX;
 exports.DECLINE_REASONS = DECLINE_REASONS;
+exports.DELEGATION_ACTIONS = DELEGATION_ACTIONS;
+exports.DELEGATION_ACTIVE_STATES = DELEGATION_ACTIVE_STATES;
+exports.DELEGATION_STATES = DELEGATION_STATES;
 exports.DEVNET_MINTS = DEVNET_MINTS;
+exports.DISCOVERY_SORTS = DISCOVERY_SORTS;
+exports.DelegationActions = DelegationActions;
+exports.DelegationStates = DelegationStates;
+exports.DiscoverySorts = DiscoverySorts;
+exports.ED25519_SIG_PREFIX = ED25519_SIG_PREFIX;
 exports.ESCROW_PDA_SEEDS = ESCROW_PDA_SEEDS;
+exports.ESCROW_PROGRAM_ID_BASE58 = ESCROW_PROGRAM_ID_BASE58;
+exports.ESCROW_RELEASE_METHODS = ESCROW_RELEASE_METHODS;
+exports.EscrowReleaseMethods = EscrowReleaseMethods;
+exports.HANDSHAKE_DECISIONS = HANDSHAKE_DECISIONS;
+exports.HandshakeDecisions = HandshakeDecisions;
+exports.INBOX_BLOCK_SCOPES = INBOX_BLOCK_SCOPES;
+exports.InboxBlockScopes = InboxBlockScopes;
+exports.LIVE_RELATIONSHIP_STATE_NAMES = LIVE_RELATIONSHIP_STATE_NAMES;
 exports.LOCK_ACCOUNT_DISCRIMINATOR = LOCK_ACCOUNT_DISCRIMINATOR;
 exports.LOCK_ACCOUNT_SIZE = LOCK_ACCOUNT_SIZE;
 exports.LOCK_STATE_NAMES = LOCK_STATE_NAMES;
 exports.LOCK_TERMINAL_STATES = LOCK_TERMINAL_STATES;
+exports.LockStates = LockStates;
 exports.MAINNET_MINTS = MAINNET_MINTS;
+exports.MAX_CLOCK_SKEW_SECONDS = MAX_CLOCK_SKEW_SECONDS;
+exports.MAX_ENVELOPE_TTL_SECONDS = MAX_ENVELOPE_TTL_SECONDS;
 exports.NATIVE_SOL_MINT_BASE58 = NATIVE_SOL_MINT_BASE58;
 exports.NO_ARG_LIFECYCLE_INSTRUCTIONS = NO_ARG_LIFECYCLE_INSTRUCTIONS;
+exports.OWNER_SIGNING_METHODS = OWNER_SIGNING_METHODS;
+exports.PROTOCOL_VERSIONS = PROTOCOL_VERSIONS;
 exports.Purpose = Purpose;
+exports.READ_MODEL_STATUSES = READ_MODEL_STATUSES;
+exports.RECEIPT_VERDICTS = RECEIPT_VERDICTS;
+exports.RELATIONSHIP_STATE_NAMES = RELATIONSHIP_STATE_NAMES;
+exports.ReadModelStatuses = ReadModelStatuses;
+exports.ReceiptVerdicts = ReceiptVerdicts;
+exports.RelationshipStates = RelationshipStates;
 exports.SCRYPT_PARAMS = SCRYPT_PARAMS;
+exports.SHA256_HEX_RE = SHA256_HEX_RE;
 exports.SLIP44_SOLANA = SLIP44_SOLANA;
 exports.SOLANA_CLUSTER_IDS = SOLANA_CLUSTER_IDS;
 exports.SPL_TOKEN_PROGRAM_ID_BASE58 = SPL_TOKEN_PROGRAM_ID_BASE58;
+exports.SYSTEM_PROGRAM_ID_BASE58 = SYSTEM_PROGRAM_ID_BASE58;
+exports.TOKEN_2022_PROGRAM_ID_BASE58 = TOKEN_2022_PROGRAM_ID_BASE58;
 exports.WELL_KNOWN_ASSETS = WELL_KNOWN_ASSETS;
 exports.WELL_KNOWN_ASSET_KEYS = WELL_KNOWN_ASSET_KEYS;
+exports.WORK_LOG_STATES = WORK_LOG_STATES;
+exports.WorkLogStates = WorkLogStates;
 exports.base58btcDecode = base58btcDecode;
 exports.base58btcEncode = base58btcEncode;
 exports.buildCreateLockIxData = buildCreateLockIxData;
@@ -758,9 +972,22 @@ exports.generateKeyPair = generateKeyPair;
 exports.getPublicKey = getPublicKey2;
 exports.instructionDiscriminator = instructionDiscriminator;
 exports.isAssetIdentifier = isAssetIdentifier;
+exports.isBodyType = isBodyType;
+exports.isDecimalAmountString = isDecimalAmountString;
 exports.isDeclineReason = isDeclineReason;
+exports.isDelegationAction = isDelegationAction;
+exports.isDelegationState = isDelegationState;
+exports.isDiscoverySort = isDiscoverySort;
+exports.isEscrowReleaseMethod = isEscrowReleaseMethod;
+exports.isHandshakeDecision = isHandshakeDecision;
+exports.isInboxBlockScope = isInboxBlockScope;
+exports.isReadModelStatus = isReadModelStatus;
+exports.isReceiptVerdict = isReceiptVerdict;
+exports.isRelationshipState = isRelationshipState;
+exports.isSha256Hex = isSha256Hex;
 exports.isValidDid = isValidDid;
 exports.isWhitelistedAssetId = isWhitelistedAssetId;
+exports.isWorkLogState = isWorkLogState;
 exports.listWhitelistedAssets = listWhitelistedAssets;
 exports.parseCaip19SolanaAssetId = parseCaip19SolanaAssetId;
 exports.parseDid = parseDid;

package/dist/index.mjs

@@ -177,6 +177,7 @@ function verifyChallenge(challengeBytes, signature, identityPubkey) {
 }
 
 // src/types/identity.ts
+var OWNER_SIGNING_METHODS = ["scrypt_password_proof", "ed25519_owner_key", "totp+passphrase"];
 var SCRYPT_PARAMS = {
   N: 32768,
   r: 8,
@@ -281,9 +282,14 @@ function bytesToHex2(b) {
   return s;
 }
 
-// src/settlement/token-program.ts
+// src/settlement/program-ids.ts
 var SPL_TOKEN_PROGRAM_ID_BASE58 = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
 var TOKEN_2022_PROGRAM_ID_BASE58 = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
+var ASSOCIATED_TOKEN_PROGRAM_ID_BASE58 = "ATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL";
+var SYSTEM_PROGRAM_ID_BASE58 = "11111111111111111111111111111111";
+var ESCROW_PROGRAM_ID_BASE58 = "DckBAFZcE1AZWgVsz5ipnwSUy2wWeK5eBPBoyJgKVPzb";
+
+// src/settlement/token-program.ts
 function detectTokenProgramFromOwner(mintAccountOwnerBase58) {
   if (mintAccountOwnerBase58 === SPL_TOKEN_PROGRAM_ID_BASE58) {
     return { kind: "legacy", programIdBase58: SPL_TOKEN_PROGRAM_ID_BASE58 };
@@ -335,6 +341,10 @@ function senderNonce() {
   return base64urlnopad.encode(randomBytes(16));
 }
 
+// src/utils/time-windows.ts
+var MAX_CLOCK_SKEW_SECONDS = 300;
+var MAX_ENVELOPE_TTL_SECONDS = 86400;
+
 // src/utils/timestamp.ts
 function rfc3339(at = /* @__PURE__ */ new Date()) {
   return `${at.toISOString().slice(0, 19)}Z`;
@@ -343,8 +353,8 @@ function expiresAt(ttlSeconds, now = /* @__PURE__ */ new Date()) {
   if (!Number.isFinite(ttlSeconds) || ttlSeconds <= 0) {
     throw new Error(`expiresAt: ttlSeconds must be positive, got ${ttlSeconds}`);
   }
-  if (ttlSeconds > 24 * 60 * 60) {
-    throw new Error(`expiresAt: ttlSeconds exceeds 24h cap, got ${ttlSeconds}`);
+  if (ttlSeconds > MAX_ENVELOPE_TTL_SECONDS) {
+    throw new Error(`expiresAt: ttlSeconds exceeds ${MAX_ENVELOPE_TTL_SECONDS}s (24h) cap, got ${ttlSeconds}`);
   }
   return rfc3339(new Date(now.getTime() + ttlSeconds * 1e3));
 }
@@ -386,11 +396,147 @@ function sleepWithAbort(ms, signal) {
   });
 }
 
+// src/types/envelope.ts
+var SHA256_HEX_RE = /^sha256:[0-9a-f]{64}$/;
+function isSha256Hex(v) {
+  return typeof v === "string" && SHA256_HEX_RE.test(v);
+}
+var ED25519_SIG_PREFIX = "ed25519:";
+var PROTOCOL_VERSIONS = ["arp/0.1"];
+var CURRENT_PROTOCOL_VERSION = PROTOCOL_VERSIONS[PROTOCOL_VERSIONS.length - 1];
+
 // src/types/body.ts
 var DECLINE_REASONS = ["missing_brief", "rate_too_low", "out_of_scope", "policy", "expired_proposal", "capacity", "unspecified", "other"];
 function isDeclineReason(v) {
   return typeof v === "string" && DECLINE_REASONS.includes(v);
 }
+var HANDSHAKE_DECISIONS = ["accept", "decline"];
+function isHandshakeDecision(v) {
+  return typeof v === "string" && HANDSHAKE_DECISIONS.includes(v);
+}
+var HandshakeDecisions = {
+  ACCEPT: "accept",
+  DECLINE: "decline"
+};
+var DELEGATION_ACTIONS = ["offer", "accept", "decline", "cancel", "fund"];
+function isDelegationAction(v) {
+  return typeof v === "string" && DELEGATION_ACTIONS.includes(v);
+}
+var DelegationActions = {
+  OFFER: "offer",
+  ACCEPT: "accept",
+  DECLINE: "decline",
+  CANCEL: "cancel",
+  FUND: "fund"
+};
+var RECEIPT_VERDICTS = ["accepted", "accepted_with_notes", "rejected"];
+function isReceiptVerdict(v) {
+  return typeof v === "string" && RECEIPT_VERDICTS.includes(v);
+}
+var ReceiptVerdicts = {
+  ACCEPTED: "accepted",
+  ACCEPTED_WITH_NOTES: "accepted_with_notes",
+  REJECTED: "rejected"
+};
+var BODY_TYPES = ["handshake", "handshake_response", "delegation", "work_request", "work_response", "receipt", "dispute"];
+function isBodyType(v) {
+  return typeof v === "string" && BODY_TYPES.includes(v);
+}
+var BodyTypes = {
+  HANDSHAKE: "handshake",
+  HANDSHAKE_RESPONSE: "handshake_response",
+  DELEGATION: "delegation",
+  WORK_REQUEST: "work_request",
+  WORK_RESPONSE: "work_response",
+  RECEIPT: "receipt",
+  DISPUTE: "dispute"
+};
+
+// src/types/delegation.ts
+var DELEGATION_STATES = [
+  "offered",
+  "accepted",
+  "pending_lock_finalization",
+  "locked",
+  "disputing",
+  "completed",
+  "declined",
+  "canceled",
+  "failed",
+  "refunded",
+  "dispute_resolved"
+];
+var DELEGATION_ACTIVE_STATES = ["offered", "accepted", "pending_lock_finalization", "locked"];
+function isDelegationState(v) {
+  return typeof v === "string" && DELEGATION_STATES.includes(v);
+}
+var DelegationStates = {
+  OFFERED: "offered",
+  ACCEPTED: "accepted",
+  PENDING_LOCK_FINALIZATION: "pending_lock_finalization",
+  LOCKED: "locked",
+  DISPUTING: "disputing",
+  COMPLETED: "completed",
+  DECLINED: "declined",
+  CANCELED: "canceled",
+  FAILED: "failed",
+  REFUNDED: "refunded",
+  DISPUTE_RESOLVED: "dispute_resolved"
+};
+
+// src/types/relationship.ts
+var RELATIONSHIP_STATE_NAMES = ["pending", "active", "paused", "closed"];
+var LIVE_RELATIONSHIP_STATE_NAMES = ["pending", "active", "paused"];
+function isRelationshipState(v) {
+  return typeof v === "string" && RELATIONSHIP_STATE_NAMES.includes(v);
+}
+var RelationshipStates = {
+  PENDING: "pending",
+  ACTIVE: "active",
+  PAUSED: "paused",
+  CLOSED: "closed"
+};
+
+// src/types/work-log.ts
+var WORK_LOG_STATES = ["requested", "responded"];
+function isWorkLogState(v) {
+  return typeof v === "string" && WORK_LOG_STATES.includes(v);
+}
+var WorkLogStates = {
+  REQUESTED: "requested",
+  RESPONDED: "responded"
+};
+
+// src/types/event.ts
+var READ_MODEL_STATUSES = ["materialized", "rejected"];
+function isReadModelStatus(v) {
+  return typeof v === "string" && READ_MODEL_STATUSES.includes(v);
+}
+var ReadModelStatuses = {
+  MATERIALIZED: "materialized",
+  REJECTED: "rejected"
+};
+
+// src/types/discovery.ts
+var DISCOVERY_SORTS = ["reputation", "recent", "created"];
+function isDiscoverySort(v) {
+  return typeof v === "string" && DISCOVERY_SORTS.includes(v);
+}
+var DiscoverySorts = {
+  REPUTATION: "reputation",
+  RECENT: "recent",
+  CREATED: "created"
+};
+
+// src/types/inbox.ts
+var INBOX_BLOCK_SCOPES = ["account", "did"];
+function isInboxBlockScope(v) {
+  return typeof v === "string" && INBOX_BLOCK_SCOPES.includes(v);
+}
+var InboxBlockScopes = {
+  ACCOUNT: "account",
+  DID: "did"
+};
 
 // src/assets.ts
 var SOLANA_CLUSTER_IDS = {
@@ -462,12 +608,20 @@ function isWhitelistedAssetId(assetId, cluster) {
   return cluster === void 0 || hit.cluster === cluster;
 }
 var CAIP19_REGEX = /^[-a-z0-9]{3,8}:[-_a-zA-Z0-9]{1,32}\/[-a-z0-9]{3,8}:[-.%a-zA-Z0-9]{1,128}$/;
+var ASSET_DECIMALS_MIN = 0;
+var ASSET_DECIMALS_MAX = 18;
+var ASSET_SYMBOL_MIN_LEN = 1;
+var ASSET_SYMBOL_MAX_LEN = 16;
+var DECIMAL_AMOUNT_REGEX = /^\d{1,30}(\.\d{1,18})?$/;
+function isDecimalAmountString(v) {
+  return typeof v === "string" && DECIMAL_AMOUNT_REGEX.test(v);
+}
 function isAssetIdentifier(value) {
   if (typeof value !== "object" || value === null || Array.isArray(value)) return false;
   const v = value;
   if (typeof v.asset_id !== "string" || !CAIP19_REGEX.test(v.asset_id)) return false;
-  if (typeof v.decimals !== "number" || !Number.isInteger(v.decimals) || v.decimals < 0 || v.decimals > 18) return false;
-  if (v.symbol !== void 0 && (typeof v.symbol !== "string" || v.symbol.length === 0 || v.symbol.length > 16)) return false;
+  if (typeof v.decimals !== "number" || !Number.isInteger(v.decimals) || v.decimals < ASSET_DECIMALS_MIN || v.decimals > ASSET_DECIMALS_MAX) return false;
+  if (v.symbol !== void 0 && (typeof v.symbol !== "string" || v.symbol.length < ASSET_SYMBOL_MIN_LEN || v.symbol.length > ASSET_SYMBOL_MAX_LEN)) return false;
   return true;
 }
 function resolveAsset(input) {
@@ -634,6 +788,25 @@ var LOCK_ACCOUNT_SIZE = 269;
 var LOCK_ACCOUNT_DISCRIMINATOR = new Uint8Array([8, 255, 36, 202, 210, 22, 57, 137]);
 var LOCK_STATE_NAMES = ["created", "canceled", "in_progress", "submitted", "paid", "revoked", "disputing", "dispute_resolved", "dispute_closed"];
 var LOCK_TERMINAL_STATES = ["canceled", "paid", "revoked", "dispute_resolved", "dispute_closed"];
+var ESCROW_RELEASE_METHODS = ["buyer_approved", "review_timeout"];
+function isEscrowReleaseMethod(v) {
+  return typeof v === "string" && ESCROW_RELEASE_METHODS.includes(v);
+}
+var LockStates = {
+  CREATED: "created",
+  CANCELED: "canceled",
+  IN_PROGRESS: "in_progress",
+  SUBMITTED: "submitted",
+  PAID: "paid",
+  REVOKED: "revoked",
+  DISPUTING: "disputing",
+  DISPUTE_RESOLVED: "dispute_resolved",
+  DISPUTE_CLOSED: "dispute_closed"
+};
+var EscrowReleaseMethods = {
+  BUYER_APPROVED: "buyer_approved",
+  REVIEW_TIMEOUT: "review_timeout"
+};
 var NATIVE_SOL_MINT_BASE58 = "11111111111111111111111111111111";
 function decodeLockAccount(data) {
   if (data.length !== LOCK_ACCOUNT_SIZE) {
@@ -686,4 +859,4 @@ function readU64LE(buf, off) {
   return v;
 }
 
-export { ASSET_WHITELIST, CAIP19_REGEX, CREATE_LOCK_DISCRIMINATOR, CREATE_LOCK_NATIVE_DISCRIMINATOR, DECLINE_REASONS, DEVNET_MINTS, ESCROW_PDA_SEEDS, LOCK_ACCOUNT_DISCRIMINATOR, LOCK_ACCOUNT_SIZE, LOCK_STATE_NAMES, LOCK_TERMINAL_STATES, MAINNET_MINTS, NATIVE_SOL_MINT_BASE58, NO_ARG_LIFECYCLE_INSTRUCTIONS, Purpose, SCRYPT_PARAMS, SLIP44_SOLANA, SOLANA_CLUSTER_IDS, SPL_TOKEN_PROGRAM_ID_BASE58, WELL_KNOWN_ASSETS, WELL_KNOWN_ASSET_KEYS, base58btcDecode, base58btcEncode, buildCreateLockIxData, buildLifecycleIxData, buildResolveDisputeIxData, bytes16ToDelegationId, canonicalBytes, canonicalJson, canonicalSha256Hex, computeCreateLockDiscriminator, computeLockAccountDiscriminator, decodeLockAccount, delegationIdToBytes16, deriveDelegationConditionHash, deriveLockId, deriveScryptKey, detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, expiresAt, findAssetByAssetId, findFirstChainDivergence, formatDid, generateKeyPair, getPublicKey2 as getPublicKey, instructionDiscriminator, isAssetIdentifier, isDeclineReason, isValidDid, isWhitelistedAssetId, listWhitelistedAssets, parseCaip19SolanaAssetId, parseDid, pollUntil, resolveAsset, rfc3339, scryptPasswordProofSign, scryptPasswordProofVerify, senderNonce, serverEventHash, sign2 as sign, signChallenge, signEnvelope, signKeyLinkAttestation, signedMessageHash, uuidV4, verify2 as verify, verifyChallenge, verifyEnvelope, verifyKeyLinkAttestation };
+export { ASSET_DECIMALS_MAX, ASSET_DECIMALS_MIN, ASSET_SYMBOL_MAX_LEN, ASSET_SYMBOL_MIN_LEN, ASSET_WHITELIST, ASSOCIATED_TOKEN_PROGRAM_ID_BASE58, BODY_TYPES, BodyTypes, CAIP19_REGEX, CREATE_LOCK_DISCRIMINATOR, CREATE_LOCK_NATIVE_DISCRIMINATOR, CURRENT_PROTOCOL_VERSION, DECIMAL_AMOUNT_REGEX, DECLINE_REASONS, DELEGATION_ACTIONS, DELEGATION_ACTIVE_STATES, DELEGATION_STATES, DEVNET_MINTS, DISCOVERY_SORTS, DelegationActions, DelegationStates, DiscoverySorts, ED25519_SIG_PREFIX, ESCROW_PDA_SEEDS, ESCROW_PROGRAM_ID_BASE58, ESCROW_RELEASE_METHODS, EscrowReleaseMethods, HANDSHAKE_DECISIONS, HandshakeDecisions, INBOX_BLOCK_SCOPES, InboxBlockScopes, LIVE_RELATIONSHIP_STATE_NAMES, LOCK_ACCOUNT_DISCRIMINATOR, LOCK_ACCOUNT_SIZE, LOCK_STATE_NAMES, LOCK_TERMINAL_STATES, LockStates, MAINNET_MINTS, MAX_CLOCK_SKEW_SECONDS, MAX_ENVELOPE_TTL_SECONDS, NATIVE_SOL_MINT_BASE58, NO_ARG_LIFECYCLE_INSTRUCTIONS, OWNER_SIGNING_METHODS, PROTOCOL_VERSIONS, Purpose, READ_MODEL_STATUSES, RECEIPT_VERDICTS, RELATIONSHIP_STATE_NAMES, ReadModelStatuses, ReceiptVerdicts, RelationshipStates, SCRYPT_PARAMS, SHA256_HEX_RE, SLIP44_SOLANA, SOLANA_CLUSTER_IDS, SPL_TOKEN_PROGRAM_ID_BASE58, SYSTEM_PROGRAM_ID_BASE58, TOKEN_2022_PROGRAM_ID_BASE58, WELL_KNOWN_ASSETS, WELL_KNOWN_ASSET_KEYS, WORK_LOG_STATES, WorkLogStates, base58btcDecode, base58btcEncode, buildCreateLockIxData, buildLifecycleIxData, buildResolveDisputeIxData, bytes16ToDelegationId, canonicalBytes, canonicalJson, canonicalSha256Hex, computeCreateLockDiscriminator, computeLockAccountDiscriminator, decodeLockAccount, delegationIdToBytes16, deriveDelegationConditionHash, deriveLockId, deriveScryptKey, detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, expiresAt, findAssetByAssetId, findFirstChainDivergence, formatDid, generateKeyPair, getPublicKey2 as getPublicKey, instructionDiscriminator, isAssetIdentifier, isBodyType, isDecimalAmountString, isDeclineReason, isDelegationAction, isDelegationState, isDiscoverySort, isEscrowReleaseMethod, isHandshakeDecision, isInboxBlockScope, isReadModelStatus, isReceiptVerdict, isRelationshipState, isSha256Hex, isValidDid, isWhitelistedAssetId, isWorkLogState, listWhitelistedAssets, parseCaip19SolanaAssetId, parseDid, pollUntil, resolveAsset, rfc3339, scryptPasswordProofSign, scryptPasswordProofVerify, senderNonce, serverEventHash, sign2 as sign, signChallenge, signEnvelope, signKeyLinkAttestation, signedMessageHash, uuidV4, verify2 as verify, verifyChallenge, verifyEnvelope, verifyKeyLinkAttestation };

package/dist/settlement/index.d.ts

@@ -1,2 +1,3 @@
-export { detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, SPL_TOKEN_PROGRAM_ID_BASE58 } from './token-program';
+export { SPL_TOKEN_PROGRAM_ID_BASE58, TOKEN_2022_PROGRAM_ID_BASE58, ASSOCIATED_TOKEN_PROGRAM_ID_BASE58, SYSTEM_PROGRAM_ID_BASE58, ESCROW_PROGRAM_ID_BASE58 } from './program-ids';
+export { detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes } from './token-program';
 export type { TokenProgramKind, TokenProgramDetection } from './token-program';

package/dist/settlement/program-ids.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Canonical Solana program-id base58 strings shared by the escrow tx
+ * builders / decoders (server + CLI).
+ *
+ * Kept as plain base58 STRINGS, never `@solana/web3.js` `PublicKey`
+ * objects, so the SDK stays framework- and web3.js-agnostic; consumers
+ * wrap them in `new PublicKey(...)` at the call site. Single source of
+ * truth — these were previously hand-duplicated in
+ * `server/lock-tx-decoder.service.ts` and `cli/wallet.ts`.
+ */
+/** Legacy SPL Token program. */
+export declare const SPL_TOKEN_PROGRAM_ID_BASE58 = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
+/**
+ * Token-2022 (token-extensions) program — NOT supported by ARP escrow.
+ * Exported so consumers can recognise it and reject with a precise
+ * error; a Token-2022 mint never enters the escrow flow.
+ */
+export declare const TOKEN_2022_PROGRAM_ID_BASE58 = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
+/** Associated Token Account program — derives a wallet's canonical ATA. */
+export declare const ASSOCIATED_TOKEN_PROGRAM_ID_BASE58 = "ATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL";
+/**
+ * System Program. This is also the base58 rendering of the all-zero
+ * pubkey that the escrow contract reuses as its native-SOL sentinel
+ * mint — but for THAT meaning use `NATIVE_SOL_MINT_BASE58` (from the
+ * escrow module), not this constant: same string, different semantics.
+ */
+export declare const SYSTEM_PROGRAM_ID_BASE58 = "11111111111111111111111111111111";
+/**
+ * ARP escrow program id (current V2 devnet deployment). This is the
+ * canonical DEFAULT only — both the CLI and server resolve the program
+ * id at runtime (flag / env / config / server probe) and that
+ * precedence chain stays authoritative; this constant is the single
+ * source for the fallback default so the two packages can't ship
+ * DIFFERENT defaults (the CLI previously hardcoded the contract's
+ * `declare_id` placeholder while the server defaulted to the deployed
+ * id). When a mainnet deployment exists, promote this to a per-cluster
+ * map keyed by `SOLANA_CLUSTER_IDS`.
+ */
+export declare const ESCROW_PROGRAM_ID_BASE58 = "DckBAFZcE1AZWgVsz5ipnwSUy2wWeK5eBPBoyJgKVPzb";

package/dist/settlement/token-program.d.ts

@@ -14,10 +14,7 @@
  * that minted it — NOT the mint's mint_authority. Confusingly, both are
  * called "owner" in different contexts.
  */
-/**
- * Legacy SPL Token program ID (base58: `TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA`).
- */
-export declare const SPL_TOKEN_PROGRAM_ID_BASE58 = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
+export { SPL_TOKEN_PROGRAM_ID_BASE58 } from './program-ids';
 /**
  * Token program kind. Maps to the contract's `token_program_kind` u8 on
  * `LockCreated` events: `native` → 0, `legacy` → 1. (The contract also

package/dist/types/body.d.ts

@@ -71,6 +71,51 @@ export declare const DECLINE_REASONS: readonly DeclineReason[];
  * server validator + CLI parsers.
  */
 export declare function isDeclineReason(v: unknown): v is DeclineReason;
+/**
+ * Lifecycle decision on a `handshake_response` body. When
+ * `decision === 'decline'` the companion `reason` (a `DeclineReason`)
+ * is required at the validator level. Same `type` + `as const` array +
+ * guard shape as `DeclineReason` so the server validator and CLI parse
+ * against one source of truth.
+ */
+export type HandshakeDecision = 'accept' | 'decline';
+export declare const HANDSHAKE_DECISIONS: readonly HandshakeDecision[];
+export declare function isHandshakeDecision(v: unknown): v is HandshakeDecision;
+/** Named-member accessor for {@link HandshakeDecision} (values are the wire strings; vocab-tested). */
+export declare const HandshakeDecisions: {
+    readonly ACCEPT: "accept";
+    readonly DECLINE: "decline";
+};
+/**
+ * Lifecycle action on a `delegation` body. `offer` opens the
+ * delegation; `accept`/`decline` are the counterparty's response;
+ * `cancel` withdraws an unaccepted offer; `fund` attaches the escrow
+ * lock to an already-accepted delegation.
+ */
+export type DelegationAction = 'offer' | 'accept' | 'decline' | 'cancel' | 'fund';
+export declare const DELEGATION_ACTIONS: readonly DelegationAction[];
+export declare function isDelegationAction(v: unknown): v is DelegationAction;
+/** Named-member accessor for {@link DelegationAction} (e.g. `action === DelegationActions.CANCEL`; vocab-tested). */
+export declare const DelegationActions: {
+    readonly OFFER: "offer";
+    readonly ACCEPT: "accept";
+    readonly DECLINE: "decline";
+    readonly CANCEL: "cancel";
+    readonly FUND: "fund";
+};
+/**
+ * Payee's proposed verdict on a `receipt` body. The record is
+ * off-chain; settlement happens on-chain via `claim_work_payment`.
+ */
+export type ReceiptVerdict = 'accepted' | 'accepted_with_notes' | 'rejected';
+export declare const RECEIPT_VERDICTS: readonly ReceiptVerdict[];
+export declare function isReceiptVerdict(v: unknown): v is ReceiptVerdict;
+/** Named-member accessor for {@link ReceiptVerdict} (values are the wire strings; vocab-tested). */
+export declare const ReceiptVerdicts: {
+    readonly ACCEPTED: "accepted";
+    readonly ACCEPTED_WITH_NOTES: "accepted_with_notes";
+    readonly REJECTED: "rejected";
+};
 /**
  * `handshake` — first signed exchange between two agents. Establishes
  * the relationship; carries no terms (those live on the delegation).
@@ -97,7 +142,7 @@ export interface HandshakeResponseBody extends Body<HandshakeResponseContent> {
     type: 'handshake_response';
 }
 export interface HandshakeResponseContent {
-    decision: 'accept' | 'decline';
+    decision: HandshakeDecision;
     notes?: string;
     /** Machine-readable reason — REQUIRED when `decision === 'decline'`. See `DeclineReason`. */
     reason?: DeclineReason;
@@ -113,7 +158,7 @@ export interface DelegationBody extends Body<DelegationContent> {
     type: 'delegation';
 }
 export interface DelegationContent {
-    action: 'offer' | 'accept' | 'decline' | 'cancel' | 'fund';
+    action: DelegationAction;
     delegation_id: string;
     title?: string;
     brief?: Record<string, unknown>;
@@ -177,7 +222,7 @@ export interface ReceiptContent {
         model?: string;
         computed_amount?: string;
     };
-    verdict_proposed: 'accepted' | 'accepted_with_notes' | 'rejected';
+    verdict_proposed: ReceiptVerdict;
     deliverable_hash?: Sha256Hex;
     notes_hash?: Sha256Hex;
     [extra: string]: unknown;
@@ -203,3 +248,27 @@ export interface DisputeContent {
  * `body.type` via discriminated dispatch.
  */
 export type AnyBody = HandshakeBody | HandshakeResponseBody | DelegationBody | WorkRequestBody | WorkResponseBody | ReceiptBody | DisputeBody;
+/**
+ * The closed taxonomy of envelope `body.type` values — the runtime
+ * companion to `AnyBody` (`BodyType` is derived from it, so the two
+ * can't drift). Names are wire-facing and MUST match
+ * `00-core/protocol.md`.
+ *
+ * NOTE: this is the FULL taxonomy. A consumer's *acceptance policy* may
+ * deliberately admit only a subset (e.g. the server rejects `dispute`
+ * as not-yet-implemented) — that allowlist is a separate, hand-curated
+ * thing and must NOT be regenerated from this array.
+ */
+export type BodyType = AnyBody['type'];
+export declare const BODY_TYPES: readonly BodyType[];
+export declare function isBodyType(v: unknown): v is BodyType;
+/** Named-member accessor for {@link BodyType} (values are the wire strings; vocab-tested). */
+export declare const BodyTypes: {
+    readonly HANDSHAKE: "handshake";
+    readonly HANDSHAKE_RESPONSE: "handshake_response";
+    readonly DELEGATION: "delegation";
+    readonly WORK_REQUEST: "work_request";
+    readonly WORK_RESPONSE: "work_response";
+    readonly RECEIPT: "receipt";
+    readonly DISPUTE: "dispute";
+};

package/dist/types/cli-auth.d.ts

@@ -0,0 +1,41 @@
+/**
+ * `heyarp login` (cli-auth) wire response shapes. Single source of
+ * truth for the server's cli-auth-flow service return types and the
+ * CLI's response types — both are plain framework-agnostic interfaces
+ * (the server declares them in a service, not a NestJS DTO class), so
+ * this is a pure lift-and-share with no decorator coupling.
+ *
+ * NOT included here: the cli-auth SESSION-STATE union
+ * ('pending'|'confirmed'|'consumed'|...) — the CLI and server disagree
+ * on the terminal members, so it needs reconciliation before it can be
+ * centralized.
+ */
+/** `POST /v1/auth/cli/sessions` → a new login session. */
+export interface CliSessionCreated {
+    sessionId: string;
+    verificationUrl: string;
+}
+/** One-time token exchange result (PKCE-style clientSecret-gated). */
+export interface CliTokenIssued {
+    token: string;
+    wallet: string;
+}
+/** `GET /v1/accounts/me` → who the bearer token authenticates as. */
+export interface CliWhoami {
+    wallet: string;
+    agentCount: number;
+}
+/**
+ * One agent owned by the presented account — the shape `GET
+ * /v1/accounts/me/agents` returns. Carries enough to drive recovery
+ * (DID + attestation id the CLI rebuilds local state with) plus profile
+ * for display. The owner `accountId` itself is NEVER included.
+ */
+export interface MyAgentSummary {
+    did: string;
+    name: string | null;
+    description: string | null;
+    tags: string[];
+    currentAttestationId: string;
+    registeredAt: string;
+}

package/dist/types/delegation.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Persisted delegation lifecycle — the FSM on the `delegations` row.
+ *
+ * Distinct from the wire-level `DelegationAction` verb in `body.ts`
+ * (`offer`/`accept`/…): that is what an envelope DOES; this is what the
+ * row IS. Single source of truth for the server's Mongoose
+ * `@Prop({ enum })` value list and the CLI's `DelegationPublic.state`
+ * union, so the FSM vocabulary bumps in exactly one place.
+ *
+ * Same `as const` array + derived type + guard shape as
+ * `DECLINE_REASONS` in `body.ts`.
+ */
+export declare const DELEGATION_STATES: readonly ["offered", "accepted", "pending_lock_finalization", "locked", "disputing", "completed", "declined", "canceled", "failed", "refunded", "dispute_resolved"];
+export type DelegationState = (typeof DELEGATION_STATES)[number];
+/**
+ * Non-terminal "the cycle is still live" subset — offered through
+ * locked. Used for worker capacity counting and the CLI's active-cycle
+ * view. Declared `satisfies readonly DelegationState[]` so it can never
+ * name a state that isn't in `DELEGATION_STATES`.
+ */
+export declare const DELEGATION_ACTIVE_STATES: readonly ["offered", "accepted", "pending_lock_finalization", "locked"];
+export declare function isDelegationState(v: unknown): v is DelegationState;
+/**
+ * Named-member accessor for the delegation FSM — lets consumers write
+ * `state === DelegationStates.LOCKED` / `case DelegationStates.OFFERED:`
+ * instead of bare magic strings, while the values stay the exact wire
+ * strings (so they remain assignable to {@link DelegationState} with no
+ * casts, unlike a TS string-enum). Parity with {@link DELEGATION_STATES}
+ * is pinned by the vocab test.
+ */
+export declare const DelegationStates: {
+    readonly OFFERED: "offered";
+    readonly ACCEPTED: "accepted";
+    readonly PENDING_LOCK_FINALIZATION: "pending_lock_finalization";
+    readonly LOCKED: "locked";
+    readonly DISPUTING: "disputing";
+    readonly COMPLETED: "completed";
+    readonly DECLINED: "declined";
+    readonly CANCELED: "canceled";
+    readonly FAILED: "failed";
+    readonly REFUNDED: "refunded";
+    readonly DISPUTE_RESOLVED: "dispute_resolved";
+};

package/dist/types/discovery.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Discovery catalog sort order for `GET /v1/discovery/agents`. Single
+ * source of truth for the server's `@IsIn`/`@ApiProperty` allowlist and
+ * the CLI's `--sort` union. Same `as const` array + union + guard +
+ * named-member const-object shape as the protocol vocabularies.
+ *
+ * `reputation` = composite score desc (default); `recent` = newest
+ * first; `created` = registration order.
+ */
+export declare const DISCOVERY_SORTS: readonly ["reputation", "recent", "created"];
+export type DiscoverySort = (typeof DISCOVERY_SORTS)[number];
+export declare function isDiscoverySort(v: unknown): v is DiscoverySort;
+/** Named-member accessor for {@link DiscoverySort} (vocab-tested). */
+export declare const DiscoverySorts: {
+    readonly REPUTATION: "reputation";
+    readonly RECENT: "recent";
+    readonly CREATED: "created";
+};

package/dist/types/envelope.d.ts

@@ -11,10 +11,35 @@ import type { PurposeValue } from '../purpose';
  */
 /** Hash string in protocol format `sha256:<64-char hex>`. */
 export type Sha256Hex = `sha256:${string}`;
+/**
+ * Strict runtime validator for `Sha256Hex`. The template-literal type
+ * above cannot constrain hex/length in TS, so consumers that need a
+ * real check (CLI id parsers, the receipt validator) use this instead
+ * of hand-rolling their own copy. Pattern: `sha256:` + exactly 64
+ * lowercase hex chars.
+ */
+export declare const SHA256_HEX_RE: RegExp;
+export declare function isSha256Hex(v: unknown): v is Sha256Hex;
+/** Wire prefix for an Ed25519 signature value (`ed25519:<base64>`). */
+export declare const ED25519_SIG_PREFIX: "ed25519:";
 /** Ed25519 signature in protocol format `ed25519:<base64>`. */
-export type Ed25519Sig = `ed25519:${string}`;
+export type Ed25519Sig = `${typeof ED25519_SIG_PREFIX}${string}`;
 /** DID format `did:arp:<base58btc>`. */
 export type Did = `did:arp:${string}`;
+/**
+ * Protocol versions this SDK speaks. The server validator's accept-list
+ * and the signed `protected.protocol_version` field both source from
+ * this array, so bumping the wire version is a one-line change here.
+ */
+export declare const PROTOCOL_VERSIONS: readonly ["arp/0.1"];
+export type ProtocolVersion = (typeof PROTOCOL_VERSIONS)[number];
+/**
+ * The wire version this SDK emits. Always the newest entry in
+ * {@link PROTOCOL_VERSIONS}. CLI envelope builders sign this instead of
+ * the bare `'arp/0.1'` literal, so a version bump is the one-line array
+ * change above.
+ */
+export declare const CURRENT_PROTOCOL_VERSION: ProtocolVersion;
 /**
  * Client-signed `protected` block. All fields here are part of the
  * signing input. Server-assigned chain fields (`relationship_event_index`,
@@ -22,7 +47,7 @@ export type Did = `did:arp:${string}`;
  * sign them.
  */
 export interface ProtectedBlock {
-    protocol_version: 'arp/0.1';
+    protocol_version: ProtocolVersion;
     purpose: PurposeValue;
     message_id: string;
     sender_did: Did;

package/dist/types/event.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Read-model projection outcome for a relationship event: `materialized`
+ * (the event was applied to the read model) → `rejected` (the event was
+ * recorded on the hash chain but the projector declined to apply it,
+ * e.g. an integrity mismatch). Single source of truth for the server's
+ * Mongoose `@Prop({ enum })` + the two event-query DTOs and the CLI's
+ * `EventPublic.readModelStatus` union / `--read-model-status` filter.
+ */
+export declare const READ_MODEL_STATUSES: readonly ["materialized", "rejected"];
+export type ReadModelStatus = (typeof READ_MODEL_STATUSES)[number];
+export declare function isReadModelStatus(v: unknown): v is ReadModelStatus;
+/**
+ * Named-member accessor for the read-model projection outcome (see
+ * {@link READ_MODEL_STATUSES}). Values are the wire strings; parity is
+ * vocab-tested.
+ */
+export declare const ReadModelStatuses: {
+    readonly MATERIALIZED: "materialized";
+    readonly REJECTED: "rejected";
+};

package/dist/types/identity.d.ts

@@ -2,10 +2,13 @@ import type { Did } from './envelope';
 /**
  * Owner attestation methods per [00-core/identity.md](../../../00-core/identity.md).
  *
- * Only `scrypt_password_proof` is active; the others are reserved
- * placeholders for forward-compat.
+ * Only `scrypt_password_proof` is active (index 0); the others are
+ * reserved placeholders for forward-compat. Backed by an `as const`
+ * array so the server's attestation schema can source the active method
+ * from `OWNER_SIGNING_METHODS[0]` instead of re-hardcoding the literal.
  */
-export type OwnerSigningMethod = 'scrypt_password_proof' | 'ed25519_owner_key' | 'totp+passphrase';
+export declare const OWNER_SIGNING_METHODS: readonly ["scrypt_password_proof", "ed25519_owner_key", "totp+passphrase"];
+export type OwnerSigningMethod = (typeof OWNER_SIGNING_METHODS)[number];
 /**
  * `ARP-KEY-LINK-v1` payload — the canonical-JSON-hashed object an owner
  * signs at registration. Carries the link between identity and settlement

package/dist/types/inbox.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Inbox-block scope — whether a block targets a whole ACCOUNT (all the
+ * blocked party's agents) or a single DID. Single source of truth for
+ * the server's Mongoose `@Prop({ enum })` value list and the CLI's
+ * `scope` union. Same `as const` array + union + guard + named-member
+ * const-object shape as the protocol vocabularies; the server keeps a
+ * local enum for member access and sources its @Prop allowlist from
+ * `INBOX_BLOCK_SCOPES` with a parity spec.
+ */
+export declare const INBOX_BLOCK_SCOPES: readonly ["account", "did"];
+export type InboxBlockScope = (typeof INBOX_BLOCK_SCOPES)[number];
+export declare function isInboxBlockScope(v: unknown): v is InboxBlockScope;
+/** Named-member accessor for {@link InboxBlockScope} (vocab-tested). */
+export declare const InboxBlockScopes: {
+    readonly ACCOUNT: "account";
+    readonly DID: "did";
+};

package/dist/types/index.d.ts

@@ -1,6 +1,20 @@
-export type { Sha256Hex, Ed25519Sig, Did, ProtectedBlock, Body, Attachments, EscrowLockAttachment, Envelope, PersistedEvent, } from './envelope';
-export type { HandshakeBody, HandshakeContent, HandshakeResponseBody, HandshakeResponseContent, DelegationBody, DelegationContent, WorkRequestBody, WorkRequestContent, WorkResponseBody, WorkResponseContent, ReceiptBody, ReceiptContent, DisputeBody, DisputeContent, AnyBody, DeclineReason, AssetIdentifier, } from './body';
-export { DECLINE_REASONS, isDeclineReason } from './body';
+export type { Sha256Hex, Ed25519Sig, Did, ProtocolVersion, ProtectedBlock, Body, Attachments, EscrowLockAttachment, Envelope, PersistedEvent, } from './envelope';
+export { SHA256_HEX_RE, isSha256Hex, ED25519_SIG_PREFIX, PROTOCOL_VERSIONS, CURRENT_PROTOCOL_VERSION } from './envelope';
+export type { HandshakeBody, HandshakeContent, HandshakeResponseBody, HandshakeResponseContent, HandshakeDecision, DelegationBody, DelegationContent, DelegationAction, WorkRequestBody, WorkRequestContent, WorkResponseBody, WorkResponseContent, ReceiptBody, ReceiptContent, ReceiptVerdict, DisputeBody, DisputeContent, AnyBody, BodyType, DeclineReason, AssetIdentifier, } from './body';
+export { DECLINE_REASONS, isDeclineReason, HANDSHAKE_DECISIONS, HandshakeDecisions, isHandshakeDecision, DELEGATION_ACTIONS, DelegationActions, isDelegationAction, RECEIPT_VERDICTS, ReceiptVerdicts, isReceiptVerdict, BODY_TYPES, BodyTypes, isBodyType, } from './body';
+export type { DelegationState } from './delegation';
+export { DELEGATION_STATES, DELEGATION_ACTIVE_STATES, DelegationStates, isDelegationState } from './delegation';
+export type { RelationshipState } from './relationship';
+export { RELATIONSHIP_STATE_NAMES, LIVE_RELATIONSHIP_STATE_NAMES, RelationshipStates, isRelationshipState } from './relationship';
+export type { WorkLogState } from './work-log';
+export { WORK_LOG_STATES, WorkLogStates, isWorkLogState } from './work-log';
+export type { ReadModelStatus } from './event';
+export { READ_MODEL_STATUSES, ReadModelStatuses, isReadModelStatus } from './event';
+export type { DiscoverySort } from './discovery';
+export { DISCOVERY_SORTS, DiscoverySorts, isDiscoverySort } from './discovery';
+export type { InboxBlockScope } from './inbox';
+export { INBOX_BLOCK_SCOPES, InboxBlockScopes, isInboxBlockScope } from './inbox';
+export type { CliSessionCreated, CliTokenIssued, CliWhoami, MyAgentSummary } from './cli-auth';
 export type { AcceptPrefs, AcceptCurrency } from './agent';
 export type { OwnerSigningMethod, KeyLinkPayload, ScryptPasswordAttestation } from './identity';
-export { SCRYPT_PARAMS } from './identity';
+export { SCRYPT_PARAMS, OWNER_SIGNING_METHODS } from './identity';

package/dist/types/relationship.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Per-pair relationship lifecycle. `pending` after a handshake →
+ * `active` once the counterparty replies → `paused` soft-disable →
+ * `closed` terminal. Single source of truth for the server's Mongoose
+ * `@Prop({ enum })` and the CLI's relationship-state unions.
+ */
+export declare const RELATIONSHIP_STATE_NAMES: readonly ["pending", "active", "paused", "closed"];
+export type RelationshipState = (typeof RELATIONSHIP_STATE_NAMES)[number];
+/**
+ * "Live" subset — every state EXCEPT `closed`. Feeds the Mongo
+ * partial-unique index that enforces one live row per DID pair, so a
+ * re-handshake after a close can mint a fresh row. `closed` MUST stay
+ * excluded. Declared `satisfies readonly RelationshipState[]`.
+ */
+export declare const LIVE_RELATIONSHIP_STATE_NAMES: readonly ["pending", "active", "paused"];
+export declare function isRelationshipState(v: unknown): v is RelationshipState;
+/**
+ * Named-member accessor for the relationship FSM (see
+ * {@link DelegationStates} for the rationale). Values are the wire
+ * strings; parity with {@link RELATIONSHIP_STATE_NAMES} is vocab-tested.
+ */
+export declare const RelationshipStates: {
+    readonly PENDING: "pending";
+    readonly ACTIVE: "active";
+    readonly PAUSED: "paused";
+    readonly CLOSED: "closed";
+};

package/dist/types/work-log.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Work-log row state: `requested` (caller sent a `work_request`) →
+ * `responded` (payee replied with output or error). Work-logs do NOT
+ * mutate delegation state — they're the audit record pairing each
+ * request with its response. Single source of truth for the server's
+ * Mongoose `@Prop({ enum })` and the CLI's work-log state union/filter.
+ */
+export declare const WORK_LOG_STATES: readonly ["requested", "responded"];
+export type WorkLogState = (typeof WORK_LOG_STATES)[number];
+export declare function isWorkLogState(v: unknown): v is WorkLogState;
+/**
+ * Named-member accessor for the work-log FSM (see {@link WORK_LOG_STATES}).
+ * Values are the wire strings; parity is vocab-tested.
+ */
+export declare const WorkLogStates: {
+    readonly REQUESTED: "requested";
+    readonly RESPONDED: "responded";
+};

package/dist/utils/index.d.ts

@@ -1,4 +1,5 @@
 export { uuidV4 } from './uuid';
 export { senderNonce } from './nonce';
 export { rfc3339, expiresAt } from './timestamp';
+export { MAX_CLOCK_SKEW_SECONDS, MAX_ENVELOPE_TTL_SECONDS } from './time-windows';
 export { pollUntil, type PollUntilOptions, type PollUntilResult } from './poll';

package/dist/utils/time-windows.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Protocol time windows, in SECONDS. Single source of truth for the
+ * server's clock-skew tolerance and the envelope TTL cap; the CLI
+ * surfaces the TTL in its `--ttl` help text and the server enforces
+ * both at validation time.
+ *
+ * Unit note: these are SECONDS. The server's `MAX_TIME_SKEW_MS` derives
+ * from `MAX_CLOCK_SKEW_SECONDS * 1000`.
+ */
+/** Max abs(now − protected.timestamp) the server accepts: ±5 minutes. */
+export declare const MAX_CLOCK_SKEW_SECONDS = 300;
+/** Max envelope validity (`expires_at − now`): 24 hours. */
+export declare const MAX_ENVELOPE_TTL_SECONDS = 86400;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@heyanon-arp/sdk",
-  "version": "0.0.14",
+  "version": "0.0.18",
   "description": "TypeScript SDK for the Agent Relationship Protocol — canonical JSON, Ed25519 envelope sign/verify, did:arp identity, scrypt key attestation, chain-audit helpers.",
   "license": "MIT",
   "keywords": [