@heyanon-arp/sdk 0.0.2

package/dist/keys/base58btc.d.ts

@@ -0,0 +1,10 @@
+/**
+ * base58btc encoding (Bitcoin alphabet) — used for `did:arp:<...>`.
+ *
+ * The DID method-specific identifier is `base58btc(identity_public_key)`
+ * per [00-core/identity.md](../../../00-core/identity.md). For a 32-byte
+ * Ed25519 pubkey the output is 43-44 chars; length varies because
+ * leading zero bytes encode as `1` (single char) which compresses.
+ */
+export declare function base58btcEncode(bytes: Uint8Array): string;
+export declare function base58btcDecode(text: string): Uint8Array;

package/dist/keys/ed25519.d.ts

@@ -0,0 +1,33 @@
+export interface KeyPair {
+    publicKey: Uint8Array;
+    secretKey: Uint8Array;
+}
+/**
+ * Generate a fresh Ed25519 keypair.
+ *
+ * Both the identity key and the settlement key are Ed25519 — same
+ * primitive, different roles ([00-core/identity.md](../../../00-core/identity.md)).
+ * Caller decides which slot the result fills.
+ */
+export declare function generateKeyPair(): KeyPair;
+/**
+ * Recover the public key from a 32-byte secret seed. Used when only
+ * the seed has been persisted (e.g. BIP-39 derived) and the public
+ * key needs to be re-derived for verification or DID encoding.
+ */
+export declare function getPublicKey(secretKey: Uint8Array): Uint8Array;
+/**
+ * Sign `message` with `secretKey`. Returns 64-byte signature.
+ *
+ * The protocol's domain separation lives at the *payload* level
+ * (each `purpose` includes itself in the bytes signed), not at the
+ * key level — so a single Ed25519 key can sign multiple purposes
+ * without cross-purpose confusion. See [00-core/protocol.md#domain-separation](../../../00-core/protocol.md).
+ */
+export declare function sign(message: Uint8Array, secretKey: Uint8Array): Uint8Array;
+/**
+ * Verify `signature` against `message` under `publicKey`.
+ * Returns boolean; never throws on a malformed signature (returns
+ * `false` instead) so consumers can branch cleanly.
+ */
+export declare function verify(signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array): boolean;

package/dist/keys/index.d.ts

@@ -0,0 +1,3 @@
+export { base58btcEncode, base58btcDecode } from './base58btc';
+export { generateKeyPair, getPublicKey, sign, verify } from './ed25519';
+export type { KeyPair } from './ed25519';

package/dist/purpose.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Domain separators per [00-core/protocol.md#domain-separation](../../00-core/protocol.md).
+ *
+ * Each Ed25519 signature in the protocol embeds its purpose in the
+ * payload bytes — so the same key signing for two different purposes
+ * cannot be tricked into validating one as the other (a generic
+ * "this byte string was signed" assertion is not enough; the bytes
+ * themselves carry the role).
+ *
+ * Adding a new purpose = add an entry here AND amend
+ * [00-core/protocol.md](../../00-core/protocol.md) in the same PR.
+ */
+export declare const Purpose: {
+    /** Default for `protected.purpose` on body messages. */
+    readonly ENVELOPE: "ARP-ENVELOPE-v1";
+    /** Receipt co-signature payload (delegation completion). */
+    readonly RECEIPT: "ARP-RECEIPT-v1";
+    /** Dispute response co-signature payload. */
+    readonly DISPUTE_RESPONSE: "ARP-DISPUTE-RESPONSE-v1";
+    /** Webhook delivery HMAC signature payload. */
+    readonly WEBHOOK: "ARP-WEBHOOK-v1";
+    /** Identity ownership challenge proof. */
+    readonly CHALLENGE: "ARP-CHALLENGE-v1";
+    /** Verifiable Credential issued by the platform. */
+    readonly VC: "ARP-VC-v1";
+    /** Owner attestation linking identity ↔ settlement keys at registration. */
+    readonly KEY_LINK: "ARP-KEY-LINK-v1";
+    /** Owner attestation for an identity-key rotation event. */
+    readonly KEY_ROTATION: "ARP-KEY-ROTATION-v1";
+    /**
+     * Settlement-key signature authorising an on-chain `release_lock`.
+     * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
+     */
+    readonly SOLANA_RELEASE: "ARP-SOLANA-RELEASE-v1.5";
+    /**
+     * Settlement-key signature authorising an on-chain `partial_release`.
+     * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
+     */
+    readonly SOLANA_PARTIAL_RELEASE: "ARP-SOLANA-PARTIAL-RELEASE-v1.5";
+    /** Settlement-key signature authorising an on-chain co-signed `refund_lock`. */
+    readonly SOLANA_REFUND: "ARP-SOLANA-REFUND-v1";
+    /** Admin (platform multisig) signature authorising `resolve_dispute`. */
+    readonly SOLANA_RESOLVE_DISPUTE: "ARP-SOLANA-RESOLVE-DISPUTE-v1";
+};
+export type PurposeValue = (typeof Purpose)[keyof typeof Purpose];
+/**
+ * `protected.purpose` accepts a subset — the others are payload-level
+ * (co-signature / settlement-signature / webhook).
+ */
+export declare const PROTECTED_PURPOSES: readonly PurposeValue[];
+export declare const COSIGNATURE_PURPOSES: readonly PurposeValue[];
+export declare const SETTLEMENT_PURPOSES: readonly PurposeValue[];

package/dist/server-chain/chain.d.ts

@@ -0,0 +1,52 @@
+import type { Body, Envelope, Sha256Hex } from '../types';
+/**
+ * Server-side hash chain primitives per [00-core/protocol.md](../../../00-core/protocol.md).
+ *
+ * The chain is server-built — clients NEVER sign chain fields. SDK
+ * exposes the helpers because external auditors and the indexer need
+ * to recompute hashes to verify the chain end-to-end without trusting
+ * the server.
+ */
+/**
+ * `signed_message_hash = sha256(canonical_json({ protected, body, attachments }))`.
+ *
+ * Same input as the envelope signature, but here we expose the digest
+ * separately because the chain step uses it as one of its inputs.
+ */
+export declare function signedMessageHash<TBody extends Body>(envelope: Envelope<TBody>): Sha256Hex;
+/**
+ * `server_event_hash = sha256(canonical_json({
+ *   prev_server_event_hash,
+ *   relationship_event_index,
+ *   server_timestamp,
+ *   signed_message_hash,
+ *   sender_signature,
+ * }))`.
+ *
+ * `prev_server_event_hash` is null only for the first event in a
+ * relationship; pass `null` explicitly so the canonical input
+ * preserves the field rather than dropping it.
+ */
+export declare function serverEventHash(input: {
+    prevServerEventHash: string | null;
+    relationshipEventIndex: number;
+    serverTimestamp: string;
+    signedMessageHash: string;
+    senderSignature: string;
+}): Sha256Hex;
+/**
+ * Walk a list of events ordered by `relationship_event_index` and
+ * confirm each `server_event_hash` matches what we recompute. Returns
+ * the index of the first divergent event, or `null` if every link
+ * reproduces. Auditors / indexer reconcilers consume this to detect
+ * server tampering or split-brain corruption.
+ */
+export interface ChainAuditEvent {
+    relationship_event_index: number;
+    prev_server_event_hash: string | null;
+    server_timestamp: string;
+    signed_message_hash: string;
+    sender_signature: string;
+    server_event_hash: string;
+}
+export declare function findFirstChainDivergence(events: readonly ChainAuditEvent[]): number | null;

package/dist/server-chain/index.d.ts

@@ -0,0 +1,2 @@
+export { signedMessageHash, serverEventHash, findFirstChainDivergence } from './chain';
+export type { ChainAuditEvent } from './chain';

package/dist/settlement/index.d.ts

@@ -0,0 +1,4 @@
+export { buildReleaseDigest, buildPartialReleaseDigest, buildRefundDigest, REFUND_REASON_BYTES, PURPOSE_RELEASE_STRING, PURPOSE_PARTIAL_RELEASE_STRING, PURPOSE_REFUND_STRING, } from './settlement';
+export type { ReleaseDigestInput, PartialReleaseDigestInput, RefundDigestInput, RefundReasonByte } from './settlement';
+export { detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, SPL_TOKEN_PROGRAM_ID_BASE58, TOKEN_2022_PROGRAM_ID_BASE58, } from './token-program';
+export type { TokenProgramKind, TokenProgramDetection } from './token-program';

package/dist/settlement/settlement.d.ts

@@ -0,0 +1,111 @@
+/**
+ * Settlement signature builders / verifiers — `ARP-SOLANA-RELEASE-v1.5`,
+ * `ARP-SOLANA-PARTIAL-RELEASE-v1.5`, `ARP-SOLANA-REFUND-v1`.
+ *
+ * Byte layout MUST match the Solang contract's `domain_sep.sol`
+ * field-by-field. Any drift here causes Ed25519 verification to fail
+ * on-chain, so the digest must be a byte-by-byte recompute of what
+ * the contract reconstructs from on-chain state. Test vectors live
+ * alongside this module and are exercised by the SDK test suite.
+ *
+ * On-chain layout (per `domain_sep.sol::buildReleaseDigest`):
+ *
+ *   sha256(
+ *     purpose_bytes
+ *     || cluster_tag (1B)
+ *     || program_id (32B)
+ *     || lock_id (32B)
+ *     || payer (32B)
+ *     || payee (32B)
+ *     || mint (32B)
+ *     || amount (u64 LE)
+ *     || [partial only: payee_amount (u64 LE)]
+ *     || condition_hash (32B)
+ *     || delegation_id (16B)
+ *     || receipt_event_hash (32B)
+ *     || deliverable_hash (32B)
+ *     || expires_at (u64 LE)
+ *     || fee_bps_at_lock (u16 LE)
+ *     || fee_recipient_at_lock (32B)
+ *   )
+ *
+ * The fee fields are denormalized on the Lock at create_lock time so
+ * subsequent fee changes by admin cannot retroactively affect an
+ * in-flight lock. When fee was disabled at lock creation, bps=0 and
+ * recipient is the all-zero address (System Program / NATIVE_SOL_MINT).
+ *
+ * Refund layout (`buildRefundDigest`) — UNCHANGED at v1 because refund
+ * flows never charge a fee:
+ *
+ *   sha256(
+ *     purpose_bytes
+ *     || cluster_tag (1B)
+ *     || program_id (32B)
+ *     || lock_id (32B)
+ *     || payer (32B)
+ *     || payee (32B)
+ *     || mint (32B)
+ *     || amount (u64 LE)
+ *     || reason_byte (1B)
+ *     || expires_at (u64 LE)
+ *   )
+ */
+export declare const PURPOSE_RELEASE_STRING: "ARP-SOLANA-RELEASE-v1.5";
+export declare const PURPOSE_PARTIAL_RELEASE_STRING: "ARP-SOLANA-PARTIAL-RELEASE-v1.5";
+export declare const PURPOSE_REFUND_STRING: "ARP-SOLANA-REFUND-v1";
+export interface ReleaseDigestInput {
+    clusterTag: 0 | 1;
+    programId: Uint8Array;
+    lockId: Uint8Array;
+    payerSettlementPubkey: Uint8Array;
+    payeeSettlementPubkey: Uint8Array;
+    mint: Uint8Array;
+    amount: bigint;
+    conditionHash: Uint8Array;
+    delegationId: string;
+    receiptEventHash: Uint8Array;
+    deliverableHash: Uint8Array;
+    expiresAt: bigint;
+    /**
+     * Protocol fee bps denormalized on the Lock at create_lock.
+     * Optional with default 0 (no fee). When the lock was created with
+     * fee disabled, the on-chain Lock stores 0 — pass 0 here to match.
+     */
+    feeBpsAtLock?: number;
+    /**
+     * Protocol fee recipient denormalized on the Lock at create_lock.
+     * Optional with default = 32 zero bytes (System Program address).
+     * When fee was disabled at lock creation, the on-chain Lock stores
+     * zero-bytes — pass undefined here to match.
+     */
+    feeRecipientAtLock?: Uint8Array;
+}
+/**
+ * Build the canonical 32-byte digest for an `ARP-SOLANA-RELEASE-v1.5`
+ * settlement. The bytes are the EXACT input the contract Ed25519Program
+ * verifies against.
+ */
+export declare function buildReleaseDigest(input: ReleaseDigestInput): Uint8Array;
+export interface PartialReleaseDigestInput extends ReleaseDigestInput {
+    payeeAmount: bigint;
+}
+export declare function buildPartialReleaseDigest(input: PartialReleaseDigestInput): Uint8Array;
+export type RefundReasonByte = 0 | 1 | 2 | 3;
+export declare const REFUND_REASON_BYTES: {
+    readonly expired: 0;
+    readonly dispute_resolution: 1;
+    readonly payer_cancellation: 2;
+    readonly both_parties_agreed: 3;
+};
+export interface RefundDigestInput {
+    clusterTag: 0 | 1;
+    programId: Uint8Array;
+    lockId: Uint8Array;
+    payerSettlementPubkey: Uint8Array;
+    payeeSettlementPubkey: Uint8Array;
+    mint: Uint8Array;
+    amount: bigint;
+    reasonByte: RefundReasonByte;
+    expiresAt: bigint;
+}
+export declare function buildRefundDigest(input: RefundDigestInput): Uint8Array;

package/dist/settlement/token-program.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Token-2022 program detection helpers.
+ *
+ * The escrow contract dispatches transfer / close-account CPIs based on
+ * the mint's program kind: legacy SPL Token (`TokenkegQ...`) or Token-2022
+ * (`TokenzQdB...`). The kind is detected on-chain from the mint account's
+ * `owner` field; this helper mirrors that logic for off-chain consumers
+ * (tx builders, indexers, decoders).
+ *
+ * The function takes a 40-byte (or longer) account info buffer in the
+ * standard Solana on-chain account layout — the FIRST 32 bytes are the
+ * account's owner pubkey (in the wire-level AccountInfoSerialised shape
+ * used by getAccountInfo RPC's "encoding=base64" + custom layout). For
+ * the more common `getAccountInfo` response, callers should pass the
+ * `owner` field directly via a 32-byte buffer.
+ *
+ * NOTE: `mintAccountOwnerPubkey` is the OWNER of the mint account on
+ * Solana — i.e. the token program that minted it — NOT the mint's
+ * mint_authority. Confusingly, both are called "owner" in different
+ * contexts.
+ */
+/**
+ * Legacy SPL Token program ID (base58: `TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA`).
+ */
+export declare const SPL_TOKEN_PROGRAM_ID_BASE58 = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
+/**
+ * Token-2022 program ID (base58: `TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb`).
+ */
+export declare const TOKEN_2022_PROGRAM_ID_BASE58 = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
+/**
+ * Token program kind. Maps to the new contract's `token_program_kind`
+ * u8 emitted on `LockCreated` events
+ * (`apps/arp-solana-contract/programs/arp-solana-contract/src/events.rs`):
+ *   'native'     → 0  (mint == `Pubkey::default()`; the program
+ *                      ignores the token_program slot but Anchor
+ *                      still requires SPL Token or Token-2022 in it)
+ *   'legacy'     → 1  (legacy SPL Token program)
+ *   'token-2022' → 2  (Token-2022 program)
+ *
+ * `detectTokenProgramFromOwner` below resolves the kind for a NON-
+ * native mint by looking at its `.owner` field; native locks are
+ * detected from the mint slot value, not from this helper.
+ */
+export type TokenProgramKind = 'legacy' | 'token-2022' | 'native';
+/**
+ * Result of `detectTokenProgram`: the program kind + a typed branding for
+ * downstream consumers.
+ */
+export interface TokenProgramDetection {
+    kind: TokenProgramKind;
+    /** The detected program ID in base58 form (always the canonical address). */
+    programIdBase58: string;
+}
+/**
+ * Detect a mint's token program kind from its OWNER pubkey (the program
+ * that owns the mint account in Solana account terms).
+ *
+ * Throws if the owner is neither legacy SPL Token nor Token-2022 — escrow
+ * does not support any other token program (would dispatch CPI to a
+ * non-existent surface).
+ *
+ * @param mintAccountOwnerBase58 — the mint account's `.owner` field as
+ * a base58 string. From `connection.getAccountInfo(mintPubkey)`, this is
+ * `accountInfo.owner.toBase58()`.
+ */
+export declare function detectTokenProgramFromOwner(mintAccountOwnerBase58: string): TokenProgramDetection;
+/**
+ * Same as `detectTokenProgramFromOwner` but accepts a 32-byte raw owner
+ * buffer instead of base58 string. Useful for callers that already have
+ * the binary owner bytes (e.g. from a parsed AccountInfo).
+ */
+export declare function detectTokenProgramFromOwnerBytes(mintAccountOwnerBytes: Uint8Array): TokenProgramDetection;

package/dist/types/body.d.ts

@@ -0,0 +1,263 @@
+/**
+ * Per-`body.type` shapes. Each top-level interface here mirrors a
+ * `body/<type>.json` schema in [00-core/schemas.md](../../../00-core/schemas.md).
+ *
+ * Bodies are kept in a single file so consumers can `import type`
+ * without picking individual paths. Nothing here uses runtime AJV
+ * validation — those checks belong to the consumer (typically the
+ * backend's MessageService); SDK provides only the static types.
+ */
+import type { Body, Did, Sha256Hex } from './envelope';
+/**
+ * Chain-qualified asset identifier carried by `contract.rate_currency`
+ * and `delegation.currency`. Replaces the V1 string-enum `'USDC'`
+ * placeholder — that shape can't disambiguate `USDC on Solana mainnet`
+ * from `USDC on Polygon` or `USDC.e bridged on Avalanche` (all the same
+ * ticker, different on-chain assets). It also can't represent native
+ * tokens (SOL, ETH) where `slip44` is the canonical asset namespace.
+ *
+ * Fields:
+ *   - `asset_id` — [CAIP-19](https://github.com/ChainAgnostic/CAIPs/blob/main/CAIPs/caip-19.md)
+ *     fully-qualified identifier:
+ *       `solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp/spl:EPjFWdd5...` (USDC Solana mainnet)
+ *       `solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp/slip44:501`     (native SOL Solana mainnet)
+ *     Required, validated against the CAIP-19 regex on the server.
+ *   - `decimals` — integer 0-18, used to convert human-readable
+ *     `rate_amount` / `amount` strings to base units for on-chain
+ *     escrow (USDC = 6, SOL = 9, ETH = 18). Required.
+ *   - `symbol` — short human-readable hint for UI ("USDC", "SOL").
+ *     Not used for any logic — purely display sugar. Optional.
+ *
+ * Validation invariants (server-enforced, both `rate_currency` on the
+ * contract and `currency` on the delegation):
+ *   • `asset_id` ∈ /^[-a-z0-9]{3,8}:[-_a-zA-Z0-9]{1,32}\/[-a-z0-9]{3,8}:[-.%a-zA-Z0-9]{1,128}$/
+ *   • `decimals` ∈ [0, 18]
+ *   • `symbol` length ∈ [1, 16] if present
+ *   • For `delegation.currency`: must match the contract's
+ *     `rate_currency.asset_id` if the contract specifies one
+ *     (a delegation under a USDC-priced contract can't quote in SOL).
+ */
+export interface AssetIdentifier {
+    /** CAIP-19 chain-qualified asset id — e.g. `solana:5eykt.../spl:EPjFWdd5...` */
+    asset_id: string;
+    /** Decimals for base-unit conversion. Required (USDC = 6, SOL = 9). */
+    decimals: number;
+    /** Optional UI hint — `USDC`, `SOL`. Never used for protocol logic. */
+    symbol?: string;
+}
+/**
+ * Closed enum of machine-readable decline reasons used across the
+ * three decline sites in V1:
+ *   • `handshake_response.content.decision === 'decline'`
+ *   • `contract.content.action === 'decline'`
+ *   • `delegation.content.action === 'decline'`
+ *
+ * Required on every decline envelope so the counterparty's reactor
+ * (or a human operator) can distinguish "you sent garbage" from
+ * "policy rejected" from "the worker is at capacity right now" without
+ * parsing free-text. The companion `reason_detail` field carries any
+ * additional context the sender wants to surface.
+ *
+ * Closed list at V1 — adding a value bumps the SDK and the server
+ * validator's allowlist. The intent of `unspecified` is for senders
+ * that genuinely have no useful detail (still better than no reason
+ * at all); `other` means "see `reason_detail` for the specifics".
+ */
+export type DeclineReason = 'missing_brief' | 'rate_too_low' | 'out_of_scope' | 'policy' | 'expired_proposal' | 'capacity' | 'unspecified' | 'other';
+/**
+ * Runtime allowlist mirror of `DeclineReason` — exported so the
+ * server validator + CLI both reference the same source of truth.
+ * Order is preserved for the `--help` `choices(...)` list.
+ */
+export declare const DECLINE_REASONS: readonly DeclineReason[];
+/**
+ * Type guard for a runtime string → `DeclineReason`. Used by the
+ * server validator + CLI parsers.
+ */
+export declare function isDeclineReason(v: unknown): v is DeclineReason;
+/**
+ * `handshake` — first signed exchange between two agents. Establishes
+ * relationship; not a contract.
+ */
+export interface HandshakeBody extends Body<HandshakeContent> {
+    type: 'handshake';
+}
+export interface HandshakeContent {
+    greeting?: string;
+    intent?: string;
+    [extra: string]: unknown;
+}
+/**
+ * `handshake_response` — acceptance / decline of an inbound handshake.
+ *
+ * When `decision === 'decline'`, `reason` is REQUIRED at the validator
+ * level (silent declines with no machine-readable reason are
+ * debugging-blind). The SDK type marks it optional because TypeScript
+ * discriminated unions can't easily encode "required only for this
+ * variant" without a stricter shape; the server validator rejects
+ * decline envelopes that omit `reason`.
+ */
+export interface HandshakeResponseBody extends Body<HandshakeResponseContent> {
+    type: 'handshake_response';
+}
+export interface HandshakeResponseContent {
+    decision: 'accept' | 'decline';
+    notes?: string;
+    /** Machine-readable reason — REQUIRED when `decision === 'decline'`. See `DeclineReason`. */
+    reason?: DeclineReason;
+    /** Optional free-text elaboration (e.g. "current GPU pricing pushed our floor to 0.20 USDC/task"). */
+    reason_detail?: string;
+    [extra: string]: unknown;
+}
+/**
+ * `contract` — co-signed agreement between two agents. `action`
+ * discriminates lifecycle events.
+ */
+export interface ContractBody extends Body<ContractContent> {
+    type: 'contract';
+}
+export interface ContractContent {
+    action: 'proposal' | 'counter' | 'sign' | 'decline';
+    contract_id: string;
+    version: number;
+    scope_summary?: string;
+    pricing_model?: 'flat' | 'usage_based';
+    settlement_model?: 'prepaid' | 'escrow';
+    rate_amount?: string;
+    rate_currency?: AssetIdentifier;
+    rate_unit?: 'task' | 'thread' | 'handoff';
+    allowed_delegation_tags?: string[];
+    /** Machine-readable reason — REQUIRED when `action === 'decline'`. See `DeclineReason`. */
+    reason?: DeclineReason;
+    /** Optional free-text elaboration (e.g. "rate floor 0.20 USDC for current model pricing"). */
+    reason_detail?: string;
+    [extra: string]: unknown;
+}
+/**
+ * `delegation` — concrete task offer or lifecycle action under an
+ * active contract. `action` discriminates the lifecycle event.
+ */
+export interface DelegationBody extends Body<DelegationContent> {
+    type: 'delegation';
+}
+export interface DelegationContent {
+    action: 'offer' | 'accept' | 'decline' | 'cancel';
+    delegation_id: string;
+    contract_id: string;
+    title?: string;
+    brief?: Record<string, unknown>;
+    acceptance_criteria?: string[];
+    deadline?: string;
+    amount?: string;
+    currency?: AssetIdentifier;
+    /** Machine-readable reason — REQUIRED when `action === 'decline'`. See `DeclineReason`. */
+    reason?: DeclineReason;
+    /** Optional free-text elaboration (e.g. "delegation offer missing required brief.goal field"). */
+    reason_detail?: string;
+    [extra: string]: unknown;
+}
+/**
+ * `work_request` — caller asks the payee to perform a sub-task within
+ * an accepted delegation.
+ */
+export interface WorkRequestBody extends Body<WorkRequestContent> {
+    type: 'work_request';
+}
+export interface WorkRequestContent {
+    delegation_id: string;
+    request_id: string;
+    params: Record<string, unknown>;
+    [extra: string]: unknown;
+}
+/**
+ * `work_response` — payee's reply to a work_request.
+ */
+export interface WorkResponseBody extends Body<WorkResponseContent> {
+    type: 'work_response';
+}
+export interface WorkResponseContent {
+    delegation_id: string;
+    request_id: string;
+    output?: Record<string, unknown>;
+    error?: {
+        code: string;
+        message: string;
+    };
+    [extra: string]: unknown;
+}
+/**
+ * `receipt` — payee-signed message describing completed work. The
+ * `attachments.co_signature` (with purpose `ARP-RECEIPT-v1`) carries
+ * the matching identity-key cosign on a payload that includes the
+ * receipt event hash.
+ */
+export interface ReceiptBody extends Body<ReceiptContent> {
+    type: 'receipt';
+}
+export interface ReceiptContent {
+    delegation_id: string;
+    request_hash: Sha256Hex;
+    response_hash: Sha256Hex;
+    usage?: {
+        input_tokens?: number;
+        output_tokens?: number;
+        latency_ms?: number;
+        model?: string;
+        computed_amount?: string;
+    };
+    verdict_proposed: 'accepted' | 'accepted_with_notes' | 'rejected';
+    deliverable_hash?: Sha256Hex;
+    notes_hash?: Sha256Hex;
+    [extra: string]: unknown;
+}
+/**
+ * `memory_delta` — append-only update to a relationship's shared memory.
+ */
+export interface MemoryDeltaBody extends Body<MemoryDeltaContent> {
+    type: 'memory_delta';
+}
+export interface MemoryDeltaContent {
+    kind: 'intro' | 'handoff' | 'preference' | 'note' | 'decision' | 'continuity';
+    scope: 'thread_only' | 'thread_and_pilot';
+    content: string;
+    supersedes?: string;
+}
+/**
+ * `dispute` — challenge against a delegation outcome. `action`
+ * discriminates lifecycle events.
+ */
+export interface DisputeBody extends Body<DisputeContent> {
+    type: 'dispute';
+}
+export interface DisputeContent {
+    action: 'open' | 'respond' | 'escalate' | 'withdraw';
+    dispute_id: string;
+    delegation_id: string;
+    claim?: string;
+    remedy_requested?: 'refund' | 'rework' | 'partial_release' | 'release';
+    evidence_refs?: string[];
+    response_text?: string;
+}
+/**
+ * Union over every standard body type. Consumers can narrow on
+ * `body.type` via discriminated dispatch.
+ */
+export type AnyBody = HandshakeBody | HandshakeResponseBody | ContractBody | DelegationBody | WorkRequestBody | WorkResponseBody | ReceiptBody | MemoryDeltaBody | DisputeBody;
+/** Receipt co-signature payload — what gets `payload_hash`'d in `attachments.co_signature`. */
+export interface ReceiptCosignPayload {
+    purpose: 'ARP-RECEIPT-v1';
+    delegation_id: string;
+    receipt_event_hash: Sha256Hex;
+    verdict: 'accepted' | 'accepted_with_notes' | 'rejected';
+    notes_hash: Sha256Hex | null;
+}
+/** Dispute response co-signature payload — analogous shape for `ARP-DISPUTE-RESPONSE-v1`. */
+export interface DisputeResponseCosignPayload {
+    purpose: 'ARP-DISPUTE-RESPONSE-v1';
+    dispute_id: string;
+    dispute_event_hash: Sha256Hex;
+    stance: 'accept' | 'reject' | 'partial';
+    notes_hash: Sha256Hex | null;
+    responder_did: Did;
+}
+export type CosignPayload = ReceiptCosignPayload | DisputeResponseCosignPayload;