@heyanon-arp/sdk 0.0.6 → 0.0.7

package/dist/attestation/attestation.d.ts

@@ -1,13 +1,13 @@
-import type { KeyLinkPayload, KeyRotationPayload, ScryptPasswordAttestation } from '../types/identity';
+import type { KeyLinkPayload, ScryptPasswordAttestation } from '../types/identity';
 /**
  * Build an `ARP-KEY-LINK-v1` attestation record signed via
  * `scrypt_password_proof` (V1 default). Caller assembles the payload
  * (DID, both pubkeys, owner_id, nonce, etc.); SDK produces the MAC
  * and wraps the record in the standard shape.
  *
- * Use [signKeyRotationAttestation](#signkeyrotationattestation) for
- * rotation events — they use a different `purpose` and break the
- * `agent_did = base58btc(identity_public_key)` invariant.
+ * Identity keys are immutable in alpha (no rotation); the KEY-LINK
+ * attestation is the single owner-signed link between identity and
+ * settlement keys, established once at registration.
  */
 export declare function signKeyLinkAttestation(input: {
     payload: KeyLinkPayload;
@@ -15,15 +15,3 @@ export declare function signKeyLinkAttestation(input: {
     scryptSaltId: string;
 }): ScryptPasswordAttestation<KeyLinkPayload>;
 export declare function verifyKeyLinkAttestation(attestation: ScryptPasswordAttestation<KeyLinkPayload>, scryptKey: Uint8Array): boolean;
-/**
- * Build an `ARP-KEY-ROTATION-v1` attestation. Same scrypt+HMAC
- * mechanics as KEY-LINK but with rotation-specific payload fields
- * (`current_identity_public_key` + `new_identity_public_key` +
- * `supersedes_attestation_id`). The DID stays frozen.
- */
-export declare function signKeyRotationAttestation(input: {
-    payload: KeyRotationPayload;
-    scryptKey: Uint8Array;
-    scryptSaltId: string;
-}): ScryptPasswordAttestation<KeyRotationPayload>;
-export declare function verifyKeyRotationAttestation(attestation: ScryptPasswordAttestation<KeyRotationPayload>, scryptKey: Uint8Array): boolean;

package/dist/attestation/index.d.ts

@@ -1,2 +1,2 @@
 export { deriveScryptKey, scryptPasswordProofSign, scryptPasswordProofVerify } from './scrypt-proof';
-export { signKeyLinkAttestation, verifyKeyLinkAttestation, signKeyRotationAttestation, verifyKeyRotationAttestation } from './attestation';
+export { signKeyLinkAttestation, verifyKeyLinkAttestation } from './attestation';

package/dist/did/document.d.ts

@@ -1,10 +1,10 @@
 /**
  * DID document shape per [00-core/identity.md](../../../00-core/identity.md).
  *
- * Returned by the platform's DID resolver. Verification uses
- * `identity_pubkey` from the document (not `decoded(did)`) because
- * `identity_pubkey` may have rotated since registration while the DID
- * itself stays stable.
+ * Returned by the platform's DID resolver. Verification uses the
+ * `identity` verification method from the document. Identity keys are
+ * immutable in alpha (no rotation), so it always matches `decoded(did)`;
+ * resolving via the document keeps a single source of truth.
  *
  * No `service[]` endpoint: delivery is server-mediated and agents
  * pull (poll/SSE inbox), so there is no per-agent inbound endpoint
@@ -14,12 +14,10 @@ export interface DidDocument {
     id: string;
     verificationMethod: VerificationMethod[];
     metadata: {
-        key_mode: KeyMode;
         owner_attestation_id: string;
         registered_at: string;
     };
 }
-export type KeyMode = 'single_key' | 'separated_soft' | 'separated_hard' | 'policy_controlled';
 export interface VerificationMethod {
     id: string;
     type: 'Ed25519VerificationKey2020';

package/dist/did/format.d.ts

@@ -17,7 +17,7 @@ export declare function formatDid(identityPublicKey: Uint8Array): string;
 export declare function parseDid(did: string): Uint8Array | null;
 /**
  * Validate a string as a syntactically well-formed `did:arp:` DID.
- * Does not check the underlying pubkey is registered or rotated — that
- * is a server-side concern.
+ * Does not check the underlying pubkey is registered — that is a
+ * server-side concern.
  */
 export declare function isValidDid(did: string): boolean;

package/dist/did/index.d.ts

@@ -1,2 +1,2 @@
 export { formatDid, parseDid, isValidDid } from './format';
-export type { DidDocument, KeyMode, VerificationMethod } from './document';
+export type { DidDocument, VerificationMethod } from './document';

package/dist/envelope/verify.d.ts

@@ -30,8 +30,8 @@ export type VerifyResult = {
  * application-layer concerns; this function focuses on the bytes.
  *
  * `senderIdentityPubkey` MUST be 32 bytes. Callers resolve it via the
- * DID document — NOT via `decoded(sender_did)`, because the identity
- * key may have been rotated since the DID was issued
- * ([00-core/identity.md](../../../00-core/identity.md)).
+ * DID document's `identity` verification method, keeping a single source
+ * of truth ([00-core/identity.md](../../../00-core/identity.md)). Identity
+ * keys are immutable in alpha, so it equals `decoded(sender_did)`.
  */
 export declare function verifyEnvelope<TBody extends Body>(envelope: Envelope<TBody>, senderIdentityPubkey: Uint8Array): VerifyResult;

package/dist/escrow/condition-hash.d.ts

@@ -13,8 +13,10 @@ import type { AssetIdentifier } from '../types';
  * `amount` is intentionally NOT here — the concrete locked amount AND its
  * mint are bound at settlement via the digest (`buildReleaseDigest` binds
  * `amount` u64 + `mint` 32B) and on-chain in the Lock account. The
- * condition_hash binds the agreed TERMS (scope / pricing / settlement /
- * rate / unit / currency), not the amount.
+ * condition_hash binds the agreed TERMS (scope / pricing / currency), not
+ * the amount. (Settlement is always escrow in V1 — no `settlement_model`.
+ * The per-unit rate card — `rateAmount` / `rateUnit` — is NOT bound either:
+ * nothing enforces it, so it stays out of the subset.)
  *
  * The shape MUST match server-side + CLI derivation byte-for-byte; the
  * golden vectors in `condition-hash.test.ts` pin it.
@@ -23,9 +25,6 @@ export interface DelegationTermsSubset {
     delegationId: string;
     scopeSummary: string;
     pricingModel: string;
-    settlementModel: string;
-    rateAmount?: string;
-    rateUnit?: string;
     currency?: AssetIdentifier;
 }
 /**
@@ -39,9 +38,6 @@ export interface DelegationTermsInput {
     delegationId?: string;
     scopeSummary?: string;
     pricingModel?: string;
-    settlementModel?: string;
-    rateAmount?: string;
-    rateUnit?: string;
     currency?: AssetIdentifier;
     [other: string]: unknown;
 }

package/dist/index.d.ts

@@ -8,8 +8,8 @@
  *   - did          — `did:arp:<...>` parse/format + DID document types
  *   - envelope     — sign / verify envelope (steps 4-6 of protocol verification)
  *   - cosignature  — receipt + dispute-response co-signatures
- *   - challenge    — ARP-CHALLENGE-v1 ownership proof (registration / rotation)
- *   - attestation  — scrypt key-link + key-rotation attestations
+ *   - challenge    — ARP-CHALLENGE-v1 ownership proof (registration)
+ *   - attestation  — scrypt key-link owner attestation
  *   - server-chain — signed_message_hash, server_event_hash, audit walker
  *   - settlement   — ARP-SOLANA-* digest stubs (V1.5)
  *   - purpose      — domain separators (`ARP-*-v1`)

package/dist/index.js

@@ -166,8 +166,6 @@ var Purpose = {
   VC: "ARP-VC-v1",
   /** Owner attestation linking identity ↔ settlement keys at registration. */
   KEY_LINK: "ARP-KEY-LINK-v1",
-  /** Owner attestation for an identity-key rotation event. */
-  KEY_ROTATION: "ARP-KEY-ROTATION-v1",
   /**
    * Settlement-key signature authorising an on-chain `release_lock`.
    * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
@@ -332,20 +330,6 @@ function verifyKeyLinkAttestation(attestation, scryptKey) {
   if (attestation.payload.purpose !== "ARP-KEY-LINK-v1") return false;
   return scryptPasswordProofVerify(attestation.payload, attestation.sig, scryptKey);
 }
-function signKeyRotationAttestation(input) {
-  if (input.payload.purpose !== "ARP-KEY-ROTATION-v1") {
-    throw new Error(`signKeyRotationAttestation: expected purpose ARP-KEY-ROTATION-v1, got ${input.payload.purpose}`);
-  }
-  if (input.payload.owner_signing_method !== "scrypt_password_proof") {
-    throw new Error(`signKeyRotationAttestation: this helper handles scrypt_password_proof only; got ${input.payload.owner_signing_method}`);
-  }
-  const sig = scryptPasswordProofSign(input.payload, input.scryptKey);
-  return { payload: input.payload, sig, scrypt_salt_id: input.scryptSaltId };
-}
-function verifyKeyRotationAttestation(attestation, scryptKey) {
-  if (attestation.payload.purpose !== "ARP-KEY-ROTATION-v1") return false;
-  return scryptPasswordProofVerify(attestation.payload, attestation.sig, scryptKey);
-}
 function signedMessageHash(envelope) {
   const input = envelope.attachments === void 0 ? { protected: envelope.protected, body: envelope.body } : { protected: envelope.protected, body: envelope.body, attachments: envelope.attachments };
   const digest = sha2.sha256(canonicalBytes(input));
@@ -719,7 +703,7 @@ function resolveAsset(input) {
 }
 var WELL_KNOWN_ASSET_KEYS = Object.keys(WELL_KNOWN_ASSETS);
 function deriveDelegationConditionHash(delegation) {
-  const required = ["delegationId", "scopeSummary", "pricingModel", "settlementModel"];
+  const required = ["delegationId", "scopeSummary", "pricingModel"];
   for (const field of required) {
     if (delegation[field] === void 0) {
       throw new Error(`deriveDelegationConditionHash: required field '${String(field)}' is missing from the delegation input`);
@@ -728,11 +712,8 @@ function deriveDelegationConditionHash(delegation) {
   const subset = {
     delegationId: delegation.delegationId,
     scopeSummary: delegation.scopeSummary,
-    pricingModel: delegation.pricingModel,
-    settlementModel: delegation.settlementModel
+    pricingModel: delegation.pricingModel
   };
-  if (delegation.rateAmount !== void 0) subset.rateAmount = delegation.rateAmount;
-  if (delegation.rateUnit !== void 0) subset.rateUnit = delegation.rateUnit;
   if (delegation.currency !== void 0) subset.currency = delegation.currency;
   const bytes = canonicalBytes(subset);
   return sha2.sha256(bytes);
@@ -855,7 +836,6 @@ exports.signChallenge = signChallenge;
 exports.signCosignature = signCosignature;
 exports.signEnvelope = signEnvelope;
 exports.signKeyLinkAttestation = signKeyLinkAttestation;
-exports.signKeyRotationAttestation = signKeyRotationAttestation;
 exports.signedMessageHash = signedMessageHash;
 exports.uuidV4 = uuidV4;
 exports.verify = verify2;
@@ -863,4 +843,3 @@ exports.verifyChallenge = verifyChallenge;
 exports.verifyCosignature = verifyCosignature;
 exports.verifyEnvelope = verifyEnvelope;
 exports.verifyKeyLinkAttestation = verifyKeyLinkAttestation;
-exports.verifyKeyRotationAttestation = verifyKeyRotationAttestation;

package/dist/index.mjs

@@ -141,8 +141,6 @@ var Purpose = {
   VC: "ARP-VC-v1",
   /** Owner attestation linking identity ↔ settlement keys at registration. */
   KEY_LINK: "ARP-KEY-LINK-v1",
-  /** Owner attestation for an identity-key rotation event. */
-  KEY_ROTATION: "ARP-KEY-ROTATION-v1",
   /**
    * Settlement-key signature authorising an on-chain `release_lock`.
    * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
@@ -307,20 +305,6 @@ function verifyKeyLinkAttestation(attestation, scryptKey) {
   if (attestation.payload.purpose !== "ARP-KEY-LINK-v1") return false;
   return scryptPasswordProofVerify(attestation.payload, attestation.sig, scryptKey);
 }
-function signKeyRotationAttestation(input) {
-  if (input.payload.purpose !== "ARP-KEY-ROTATION-v1") {
-    throw new Error(`signKeyRotationAttestation: expected purpose ARP-KEY-ROTATION-v1, got ${input.payload.purpose}`);
-  }
-  if (input.payload.owner_signing_method !== "scrypt_password_proof") {
-    throw new Error(`signKeyRotationAttestation: this helper handles scrypt_password_proof only; got ${input.payload.owner_signing_method}`);
-  }
-  const sig = scryptPasswordProofSign(input.payload, input.scryptKey);
-  return { payload: input.payload, sig, scrypt_salt_id: input.scryptSaltId };
-}
-function verifyKeyRotationAttestation(attestation, scryptKey) {
-  if (attestation.payload.purpose !== "ARP-KEY-ROTATION-v1") return false;
-  return scryptPasswordProofVerify(attestation.payload, attestation.sig, scryptKey);
-}
 function signedMessageHash(envelope) {
   const input = envelope.attachments === void 0 ? { protected: envelope.protected, body: envelope.body } : { protected: envelope.protected, body: envelope.body, attachments: envelope.attachments };
   const digest = sha256(canonicalBytes(input));
@@ -694,7 +678,7 @@ function resolveAsset(input) {
 }
 var WELL_KNOWN_ASSET_KEYS = Object.keys(WELL_KNOWN_ASSETS);
 function deriveDelegationConditionHash(delegation) {
-  const required = ["delegationId", "scopeSummary", "pricingModel", "settlementModel"];
+  const required = ["delegationId", "scopeSummary", "pricingModel"];
   for (const field of required) {
     if (delegation[field] === void 0) {
       throw new Error(`deriveDelegationConditionHash: required field '${String(field)}' is missing from the delegation input`);
@@ -703,11 +687,8 @@ function deriveDelegationConditionHash(delegation) {
   const subset = {
     delegationId: delegation.delegationId,
     scopeSummary: delegation.scopeSummary,
-    pricingModel: delegation.pricingModel,
-    settlementModel: delegation.settlementModel
+    pricingModel: delegation.pricingModel
   };
-  if (delegation.rateAmount !== void 0) subset.rateAmount = delegation.rateAmount;
-  if (delegation.rateUnit !== void 0) subset.rateUnit = delegation.rateUnit;
   if (delegation.currency !== void 0) subset.currency = delegation.currency;
   const bytes = canonicalBytes(subset);
   return sha256(bytes);
@@ -773,4 +754,4 @@ function computeCreateLockDiscriminator() {
   return h.slice(0, 8);
 }
 
-export { CAIP19_REGEX, COSIGNATURE_PURPOSES, CREATE_LOCK_DISCRIMINATOR, DECLINE_REASONS, PROTECTED_PURPOSES, PURPOSE_PARTIAL_RELEASE_STRING, PURPOSE_REFUND_STRING, PURPOSE_RELEASE_STRING, Purpose, REFUND_REASON_BYTES, SCRYPT_PARAMS, SETTLEMENT_PURPOSES, SLIP44_SOLANA, SOLANA_CLUSTER_IDS, SPL_TOKEN_PROGRAM_ID_BASE58, USDC_MINTS, WELL_KNOWN_ASSETS, WELL_KNOWN_ASSET_KEYS, base58btcDecode, base58btcEncode, buildCreateLockIxData, buildPartialReleaseDigest, buildRefundDigest, buildReleaseDigest, bytes16ToDelegationId, canonicalBytes, canonicalJson, canonicalSha256Hex, computeCreateLockDiscriminator, delegationIdToBytes16, deriveDelegationConditionHash, deriveLockId, deriveScryptKey, detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, expiresAt, findFirstChainDivergence, formatDid, generateKeyPair, getPublicKey2 as getPublicKey, isAssetIdentifier, isDeclineReason, isValidDid, parseCaip19SolanaAssetId, parseDid, pollUntil, resolveAsset, rfc3339, scryptPasswordProofSign, scryptPasswordProofVerify, senderNonce, serverEventHash, sign2 as sign, signChallenge, signCosignature, signEnvelope, signKeyLinkAttestation, signKeyRotationAttestation, signedMessageHash, uuidV4, verify2 as verify, verifyChallenge, verifyCosignature, verifyEnvelope, verifyKeyLinkAttestation, verifyKeyRotationAttestation };
+export { CAIP19_REGEX, COSIGNATURE_PURPOSES, CREATE_LOCK_DISCRIMINATOR, DECLINE_REASONS, PROTECTED_PURPOSES, PURPOSE_PARTIAL_RELEASE_STRING, PURPOSE_REFUND_STRING, PURPOSE_RELEASE_STRING, Purpose, REFUND_REASON_BYTES, SCRYPT_PARAMS, SETTLEMENT_PURPOSES, SLIP44_SOLANA, SOLANA_CLUSTER_IDS, SPL_TOKEN_PROGRAM_ID_BASE58, USDC_MINTS, WELL_KNOWN_ASSETS, WELL_KNOWN_ASSET_KEYS, base58btcDecode, base58btcEncode, buildCreateLockIxData, buildPartialReleaseDigest, buildRefundDigest, buildReleaseDigest, bytes16ToDelegationId, canonicalBytes, canonicalJson, canonicalSha256Hex, computeCreateLockDiscriminator, delegationIdToBytes16, deriveDelegationConditionHash, deriveLockId, deriveScryptKey, detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, expiresAt, findFirstChainDivergence, formatDid, generateKeyPair, getPublicKey2 as getPublicKey, isAssetIdentifier, isDeclineReason, isValidDid, parseCaip19SolanaAssetId, parseDid, pollUntil, resolveAsset, rfc3339, scryptPasswordProofSign, scryptPasswordProofVerify, senderNonce, serverEventHash, sign2 as sign, signChallenge, signCosignature, signEnvelope, signKeyLinkAttestation, signedMessageHash, uuidV4, verify2 as verify, verifyChallenge, verifyCosignature, verifyEnvelope, verifyKeyLinkAttestation };

package/dist/purpose.d.ts

@@ -23,8 +23,6 @@ export declare const Purpose: {
     readonly VC: "ARP-VC-v1";
     /** Owner attestation linking identity ↔ settlement keys at registration. */
     readonly KEY_LINK: "ARP-KEY-LINK-v1";
-    /** Owner attestation for an identity-key rotation event. */
-    readonly KEY_ROTATION: "ARP-KEY-ROTATION-v1";
     /**
      * Settlement-key signature authorising an on-chain `release_lock`.
      * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.

package/dist/types/body.d.ts

@@ -22,9 +22,9 @@ import type { Body, Did, Sha256Hex } from './envelope';
  *       `solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp/spl:EPjFWdd5...` (USDC Solana mainnet)
  *       `solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp/slip44:501`     (native SOL Solana mainnet)
  *     Required, validated against the CAIP-19 regex on the server.
- *   - `decimals` — integer 0-18, used to convert human-readable
- *     `rate_amount` / `amount` strings to base units for on-chain
- *     escrow (USDC = 6, SOL = 9, ETH = 18). Required.
+ *   - `decimals` — integer 0-18, used to convert the human-readable
+ *     `amount` string to base units for on-chain escrow
+ *     (USDC = 6, SOL = 9, ETH = 18). Required.
  *   - `symbol` — short human-readable hint for UI ("USDC", "SOL").
  *     Not used for any logic — purely display sugar. Optional.
  *
@@ -112,7 +112,7 @@ export interface DelegationBody extends Body<DelegationContent> {
     type: 'delegation';
 }
 export interface DelegationContent {
-    action: 'offer' | 'accept' | 'decline' | 'cancel';
+    action: 'offer' | 'accept' | 'decline' | 'cancel' | 'fund';
     delegation_id: string;
     title?: string;
     brief?: Record<string, unknown>;
@@ -122,9 +122,6 @@ export interface DelegationContent {
     currency?: AssetIdentifier;
     scope_summary?: string;
     pricing_model?: 'flat' | 'usage_based';
-    settlement_model?: 'prepaid' | 'escrow';
-    rate_amount?: string;
-    rate_unit?: 'task' | 'thread' | 'handoff';
     /** Machine-readable reason — REQUIRED when `action === 'decline'`. See `DeclineReason`. */
     reason?: DeclineReason;
     /** Optional free-text elaboration (e.g. "delegation offer missing required brief.goal field"). */

package/dist/types/identity.d.ts

@@ -1,4 +1,3 @@
-import type { KeyMode } from '../did';
 import type { Did } from './envelope';
 /**
  * Owner attestation methods per [00-core/identity.md](../../../00-core/identity.md).
@@ -17,38 +16,19 @@ export interface KeyLinkPayload {
     agent_did: Did;
     identity_public_key: string;
     settlement_public_key: string;
-    key_mode: KeyMode;
     owner_id: string;
     owner_signing_method: OwnerSigningMethod;
     link_method: 'manual' | 'imported' | 'derived_bip39';
     created_at: string;
     nonce: string;
 }
-/**
- * `ARP-KEY-ROTATION-v1` payload — separate purpose from KEY-LINK
- * because rotation breaks the `agent_did = base58btc(identity_pubkey)`
- * invariant. Agent DID stays frozen; identity_public_key changes.
- */
-export interface KeyRotationPayload {
-    purpose: 'ARP-KEY-ROTATION-v1';
-    agent_did: Did;
-    current_identity_public_key: string;
-    new_identity_public_key: string;
-    settlement_public_key: string;
-    supersedes_attestation_id: string;
-    owner_id: string;
-    owner_signing_method: OwnerSigningMethod;
-    rotation_reason: 'scheduled' | 'compromise' | 'lost_device' | 'other';
-    created_at: string;
-    nonce: string;
-}
 /**
  * `scrypt_password_proof` — the V1 owner attestation envelope. The
  * signature is HMAC-SHA256(scrypt(password, salt), sha256(canonical(payload))),
  * base64-encoded. NOT an Ed25519 signature; verification is
  * server-side via the stored scrypt-derived key.
  */
-export interface ScryptPasswordAttestation<TPayload extends KeyLinkPayload | KeyRotationPayload = KeyLinkPayload> {
+export interface ScryptPasswordAttestation<TPayload extends KeyLinkPayload = KeyLinkPayload> {
     payload: TPayload;
     sig: string;
     scrypt_salt_id: string;

package/dist/types/index.d.ts

@@ -1,5 +1,5 @@
 export type { Sha256Hex, Ed25519Sig, Did, ProtectedBlock, Body, Attachments, CoSignature, SettlementSignatures, SettlementParty, EscrowLockAttachment, Envelope, PersistedEvent, } from './envelope';
 export type { HandshakeBody, HandshakeContent, HandshakeResponseBody, HandshakeResponseContent, DelegationBody, DelegationContent, WorkRequestBody, WorkRequestContent, WorkResponseBody, WorkResponseContent, ReceiptBody, ReceiptContent, DisputeBody, DisputeContent, SettlementSignatureBody, SettlementSignatureContent, AnyBody, ReceiptCosignPayload, DisputeResponseCosignPayload, CosignPayload, DeclineReason, AssetIdentifier, } from './body';
 export { DECLINE_REASONS, isDeclineReason } from './body';
-export type { OwnerSigningMethod, KeyLinkPayload, KeyRotationPayload, ScryptPasswordAttestation } from './identity';
+export type { OwnerSigningMethod, KeyLinkPayload, ScryptPasswordAttestation } from './identity';
 export { SCRYPT_PARAMS } from './identity';

package/dist/utils/nonce.d.ts

@@ -2,8 +2,8 @@
  * Generate a 16-byte random nonce, base64url-encoded without padding.
  *
  * Used in `protected.sender_nonce` and inside attestation payloads
- * (`ARP-KEY-LINK-v1`, `ARP-KEY-ROTATION-v1`) to defend against
- * accidental hash collisions and replay where two semantically
- * distinct messages would otherwise hash to the same value.
+ * (`ARP-KEY-LINK-v1`) to defend against accidental hash collisions and
+ * replay where two semantically distinct messages would otherwise hash
+ * to the same value.
  */
 export declare function senderNonce(): string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@heyanon-arp/sdk",
-  "version": "0.0.6",
+  "version": "0.0.7",
   "description": "TypeScript SDK for the Agent Relationship Protocol — canonical JSON, Ed25519 envelope sign/verify, did:arp identity, receipt co-signatures, scrypt key attestation, chain-audit helpers.",
   "license": "MIT",
   "keywords": [