@hlos-ai/schemas 0.4.2 → 0.7.1

package/dist/index.cjs

@@ -20,6 +20,10 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var src_exports = {};
 __export(src_exports, {
+  AAREnvelopeV0Schema: () => AAREnvelopeV0Schema,
+  AAREnvelopeV0TypedSchema: () => AAREnvelopeV0TypedSchema,
+  AAR_ENVELOPE_TYPE: () => AAR_ENVELOPE_TYPE,
+  AAR_ENVELOPE_VERSION: () => AAR_ENVELOPE_VERSION,
   AgentListItemSchema: () => AgentListItemSchema,
   AgentPassportStubResponseSchema: () => AgentPassportStubResponseSchema,
   AgentStatusSchema: () => AgentStatusSchema,
@@ -30,7 +34,9 @@ __export(src_exports, {
   BASE64URL_SHA256_REGEX: () => BASE64URL_SHA256_REGEX,
   Base64urlEd25519SigSchema: () => Base64urlEd25519SigSchema,
   Base64urlSha256Schema: () => Base64urlSha256Schema,
+  CHAIN_STAGE_ORDER: () => CHAIN_STAGE_ORDER,
   CONTENT_HASH_LENGTH: () => CONTENT_HASH_LENGTH,
+  ChainStageTypeSchema: () => ChainStageTypeSchema,
   CorrelationIdSchema: () => CorrelationIdSchema,
   CredentialSourceSchema: () => CredentialSourceSchema,
   CrossingHashInputV0Schema: () => CrossingHashInputV0Schema,
@@ -38,8 +44,18 @@ __export(src_exports, {
   CrossingIdSchema: () => CrossingIdSchema,
   CrossingSettledReceiptSchema: () => CrossingSettledReceiptSchema,
   CrossingSnapshotV0Schema: () => CrossingSnapshotV0Schema,
+  CustodyReceiptContentSchema: () => CustodyReceiptContentSchema,
+  DispatchChainContentSchema: () => DispatchChainContentSchema,
+  DispatchIdBrand: () => DispatchIdBrand,
+  DispatchIdSchema: () => DispatchIdSchema,
   ERROR_CODE_STATUS: () => ERROR_CODE_STATUS,
+  EVAL_GOLDEN_FIXTURES: () => EVAL_GOLDEN_FIXTURES,
+  EconomicGateProofContentSchema: () => EconomicGateProofContentSchema,
   ErrorResponseSchema: () => ErrorResponseSchema,
+  EvalArtifactSchema: () => EvalArtifactSchema,
+  EvalFailureSchema: () => EvalFailureSchema,
+  EvalGraderResultSchema: () => EvalGraderResultSchema,
+  EvalTranscriptStepSchema: () => EvalTranscriptStepSchema,
   FINALITY_GOLDEN_FIXTURES: () => FINALITY_GOLDEN_FIXTURES,
   FinalityLevel: () => FinalityLevel,
   FundingSourceSchema: () => FundingSourceSchema,
@@ -48,6 +64,16 @@ __export(src_exports, {
   KernelErrorCodeSchema: () => KernelErrorCodeSchema2,
   KernelErrorSchema: () => KernelErrorSchema,
   KernelOkSchema: () => KernelOkSchema,
+  LIABILITY_WAIVER_TERMS_TYPE_URI: () => LIABILITY_WAIVER_TERMS_TYPE_URI,
+  LIABILITY_WAIVER_TERMS_VERSION: () => LIABILITY_WAIVER_TERMS_VERSION,
+  LiabilityAttestationContentSchema: () => LiabilityAttestationContentSchema,
+  LiabilityDispositionSchema: () => LiabilityDispositionSchema,
+  LiabilityWaiverTermsConditionsSchema: () => LiabilityWaiverTermsConditionsSchema,
+  LiabilityWaiverTermsHashInputSchema: () => LiabilityWaiverTermsHashInputSchema,
+  LiabilityWaiverTermsPartiesSchema: () => LiabilityWaiverTermsPartiesSchema,
+  LiabilityWaiverTermsRefV0Schema: () => LiabilityWaiverTermsRefV0Schema,
+  LiabilityWaiverTermsScopeSchema: () => LiabilityWaiverTermsScopeSchema,
+  LiabilityWaiverTermsV0Schema: () => LiabilityWaiverTermsV0Schema,
   LogInclusionProofSchema: () => LogInclusionProofSchema,
   NA_ID_PREFIX: () => NA_ID_PREFIX,
   NotarizeResponseSchema: () => NotarizeResponseSchema,
@@ -58,6 +84,7 @@ __export(src_exports, {
   PassportIdFormatSchema: () => PassportIdFormatSchema,
   PassportIdSchema: () => PassportIdSchema,
   ProviderRoleSchema: () => ProviderRoleSchema,
+  REASON_CODE_PATTERN: () => REASON_CODE_PATTERN,
   RECEIPT_HASH_GOLDEN_FIXTURE: () => RECEIPT_HASH_GOLDEN_FIXTURE,
   RECEIPT_TYPE_URI: () => RECEIPT_TYPE_URI,
   RECEIPT_VERSION: () => RECEIPT_VERSION,
@@ -69,9 +96,25 @@ __export(src_exports, {
   RotationEpochSchema: () => RotationEpochSchema,
   SETTLEMENT_AUTHORITY: () => SETTLEMENT_AUTHORITY,
   SIGNATURE_LENGTH: () => SIGNATURE_LENGTH,
+  SRR_INITIAL_REASON_CODES: () => SRR_INITIAL_REASON_CODES,
+  SRR_REJECTION_DOMAIN: () => SRR_REJECTION_DOMAIN,
+  SRR_SIGNATURE_ALGORITHM: () => SRR_SIGNATURE_ALGORITHM,
+  SRR_TYPE_URI: () => SRR_TYPE_URI,
+  SRR_V1_REJECTION_DOMAIN: () => SRR_V1_REJECTION_DOMAIN,
+  SRR_V1_SIGNATURE_ALGORITHM: () => SRR_V1_SIGNATURE_ALGORITHM,
+  SRR_V1_TYPE_URI: () => SRR_V1_TYPE_URI,
+  SRR_V1_VERSION: () => SRR_V1_VERSION,
+  SRR_VERSION: () => SRR_VERSION,
   SURFACES: () => SURFACES,
+  SettlementAnchorContentSchema: () => SettlementAnchorContentSchema,
+  SettlementExecuteErrorSchema: () => SettlementExecuteErrorSchema,
+  SettlementExecuteRequestSchema: () => SettlementExecuteRequestSchema,
+  SettlementExecuteResponseSchema: () => SettlementExecuteResponseSchema,
+  SettlementExecuteSuccessSchema: () => SettlementExecuteSuccessSchema,
   SignedReceiptV0LooseSchema: () => SignedReceiptV0LooseSchema,
   SignedReceiptV0Schema: () => SignedReceiptV0Schema,
+  SignedRejectionReceiptV0Schema: () => SignedRejectionReceiptV0Schema,
+  SignedRejectionReceiptV1Schema: () => SignedRejectionReceiptV1Schema,
   StackConnectionSchema: () => StackConnectionSchema,
   StackProviderSchema: () => StackProviderSchema,
   StackSchema: () => StackSchema,
@@ -84,14 +127,20 @@ __export(src_exports, {
   W_TXCTX_DOMAIN: () => W_TXCTX_DOMAIN,
   WalletIdFormatSchema: () => WalletIdFormatSchema,
   WalletIdSchema: () => WalletIdSchema,
+  assertRootHash: () => assertRootHash,
+  assertValidChainLink: () => assertValidChainLink,
   base64urlToBytes: () => base64urlToBytes,
   bytesToBase64url: () => bytesToBase64url,
   computeContentHash: () => computeContentHash,
+  computeLiabilityWaiverTermsHash: () => computeLiabilityWaiverTermsHash,
   computeReceiptHash: () => computeReceiptHash,
+  computeSrrDigest: () => computeSrrDigest,
+  computeSrrSigningPayload: () => computeSrrSigningPayload,
   deriveFundingSource: () => deriveFundingSource,
   encodeEpoch: () => encodeEpoch,
   error: () => error,
   generateCrossingId: () => generateCrossingId,
+  generateDispatchId: () => generateDispatchId,
   generateId: () => generateId,
   generatePassportId: () => generatePassportId,
   generateReceiptId: () => generateReceiptId,
@@ -100,18 +149,223 @@ __export(src_exports, {
   isCrossingSettledReceipt: () => isCrossingSettledReceipt,
   isNotaryAttestation: () => isNotaryAttestation,
   isNotaryRequest: () => isNotaryRequest,
+  isSettlementExecuteError: () => isSettlementExecuteError,
+  isSettlementExecuteSuccess: () => isSettlementExecuteSuccess,
   isSignedReceiptV0: () => isSignedReceiptV0,
   jcsCanonicalize: () => jcsCanonicalize,
   kernelError: () => kernelError,
   kernelOk: () => kernelOk,
   success: () => success,
-  validateTimeWindow: () => validateTimeWindow
+  toLiabilityWaiverTermsHashInput: () => toLiabilityWaiverTermsHashInput,
+  validateTimeWindow: () => validateTimeWindow,
+  verifyAAR: () => verifyAAR,
+  verifyDetachedEd25519: () => verifyDetachedEd25519,
+  verifySignedRejectionReceipt: () => verifySignedRejectionReceipt
 });
 module.exports = __toCommonJS(src_exports);
 
-// src/surface.ts
+// src/aar-envelope-v0.ts
+var import_zod2 = require("zod");
+
+// src/encoding.ts
 var import_zod = require("zod");
-var SurfaceSchema = import_zod.z.enum([
+function bytesToBase64url(bytes) {
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  const base64 = btoa(binary);
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function base64urlToBytes(str) {
+  const base64 = str.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = base64 + "=".repeat((4 - base64.length % 4) % 4);
+  const binary = atob(padded);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+var BASE64URL_SHA256_REGEX = /^[A-Za-z0-9_-]{43}$/;
+var Base64urlSha256Schema = import_zod.z.string().regex(
+  BASE64URL_SHA256_REGEX,
+  "Must be 43-char base64url (32-byte SHA-256 digest)"
+);
+var Base64urlEd25519SigSchema = import_zod.z.string().regex(
+  /^[A-Za-z0-9_-]{86}$/,
+  "Must be 86-char base64url (64-byte Ed25519 signature)"
+);
+
+// src/aar-envelope-v0.ts
+var AAR_ENVELOPE_TYPE = "https://hlos.ai/schema/AAREnvelopeV0";
+var AAR_ENVELOPE_VERSION = 0;
+var AAREnvelopeV0Schema = import_zod2.z.object({
+  "@type": import_zod2.z.literal(AAR_ENVELOPE_TYPE),
+  version: import_zod2.z.literal(AAR_ENVELOPE_VERSION),
+  content_type: import_zod2.z.string().min(1),
+  content_hash: Base64urlSha256Schema,
+  inner: import_zod2.z.unknown(),
+  signer_id: import_zod2.z.string().min(1),
+  signature: Base64urlEd25519SigSchema,
+  issued_at: import_zod2.z.string().datetime(),
+  previous_aar_hash: import_zod2.z.string().min(1)
+});
+var AAREnvelopeV0TypedSchema = (contentType, innerSchema) => AAREnvelopeV0Schema.extend({
+  content_type: import_zod2.z.literal(contentType),
+  inner: innerSchema
+});
+
+// src/receipt-hash.ts
+var cachedSha256 = null;
+function sortKeysDeep(value) {
+  if (Array.isArray(value)) return value.map(sortKeysDeep);
+  if (value !== null && typeof value === "object") {
+    const obj = value;
+    const out = {};
+    for (const key of Object.keys(obj).sort()) {
+      out[key] = sortKeysDeep(obj[key]);
+    }
+    return out;
+  }
+  return value;
+}
+function hasLoneSurrogate(s) {
+  for (let i = 0; i < s.length; i++) {
+    const code = s.charCodeAt(i);
+    if (code >= 55296 && code <= 56319) {
+      const next = s.charCodeAt(i + 1);
+      if (isNaN(next) || next < 56320 || next > 57343) return true;
+      i++;
+    } else if (code >= 56320 && code <= 57343) {
+      return true;
+    }
+  }
+  return false;
+}
+function jcsCanonicalize(value) {
+  return JSON.stringify(sortKeysDeep(value), (_key, v) => {
+    if (v === void 0) throw new Error("JCS: undefined is not allowed");
+    if (typeof v === "function") throw new Error("JCS: function is not allowed");
+    if (typeof v === "symbol") throw new Error("JCS: symbol is not allowed");
+    if (typeof v === "bigint") throw new Error("JCS: bigint is not allowed");
+    if (typeof v === "number" && !Number.isFinite(v))
+      throw new Error("JCS: non-finite number is not allowed");
+    if (typeof v === "string" && hasLoneSurrogate(v))
+      throw new Error("JCS: lone surrogate (U+D800\u2013U+DFFF) is not allowed");
+    return v;
+  });
+}
+function computeReceiptHash(receipt) {
+  const sha256 = loadSha256();
+  const canonical = jcsCanonicalize(receipt);
+  const digest = sha256(new TextEncoder().encode(canonical));
+  return bytesToBase64url(digest);
+}
+function computeContentHash(content) {
+  const sha256 = loadSha256();
+  const canonical = jcsCanonicalize(content);
+  const digest = sha256(new TextEncoder().encode(canonical));
+  return bytesToBase64url(digest);
+}
+function loadSha256() {
+  if (cachedSha256) return cachedSha256;
+  const moduleApi = typeof process.getBuiltinModule === "function" ? process.getBuiltinModule("module") : (
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    require("module")
+  );
+  const createRequire = moduleApi.createRequire;
+  const requireBase = typeof __filename === "string" ? __filename : `${process.cwd()}/package.json`;
+  const _require = createRequire(requireBase);
+  let sha256;
+  try {
+    sha256 = _require("@noble/hashes/sha2.js").sha256;
+  } catch {
+    try {
+      sha256 = _require("@noble/hashes/sha2").sha256;
+    } catch {
+      throw new Error(
+        "computeReceiptHash/computeContentHash requires @noble/hashes as a peer dependency. Install it: npm install @noble/hashes"
+      );
+    }
+  }
+  cachedSha256 = sha256;
+  return sha256;
+}
+var ReceiptHashSchema = Base64urlSha256Schema.describe(
+  "receipt_hash: base64url(SHA-256(JCS(receipt)))"
+);
+var RECEIPT_HASH_GOLDEN_FIXTURE = {
+  receipt: {
+    "@type": "https://hlos.ai/schema/SignedReceiptV0",
+    version: 0,
+    receipt_id: "rcpt_01HZGOLDENTEST000000000000",
+    content: {
+      type: "CrossingSettled",
+      crossingId: "cross_test123abc456def789ghi",
+      settlement_authority: "hlos.ai"
+    },
+    // Placeholder bytes (NOT a valid cryptographic signature)
+    content_hash: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+    signature: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+    key_id: "hlos-v2-1",
+    issued_at: "2026-01-27T00:00:00.000Z"
+  },
+  /**
+   * Expected JCS canonical form of the receipt.
+   * Keys are lexicographically sorted at all levels.
+   */
+  expectedJcs: '{"@type":"https://hlos.ai/schema/SignedReceiptV0","content":{"crossingId":"cross_test123abc456def789ghi","settlement_authority":"hlos.ai","type":"CrossingSettled"},"content_hash":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA","issued_at":"2026-01-27T00:00:00.000Z","key_id":"hlos-v2-1","receipt_id":"rcpt_01HZGOLDENTEST000000000000","signature":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA","version":0}',
+  /**
+   * Expected receipt_hash (FROZEN).
+   * Compute: JCS canonicalize receipt → SHA-256 → base64url (no padding)
+   *
+   * DO NOT CHANGE unless the receipt fixture above changes.
+   */
+  expectedReceiptHash: "uLiQVUeVKcE35Rdje2fArZQfTcECDgwK6UbmQB_36Pg"
+};
+
+// src/verify-aar.ts
+function toBuffer(bytes) {
+  const ab = new ArrayBuffer(bytes.byteLength);
+  new Uint8Array(ab).set(bytes);
+  return ab;
+}
+async function importPublicKey(publicKey) {
+  if (typeof CryptoKey !== "undefined" && publicKey instanceof CryptoKey) {
+    return publicKey;
+  }
+  const raw = publicKey;
+  return crypto.subtle.importKey(
+    "raw",
+    toBuffer(raw),
+    "Ed25519",
+    false,
+    ["verify"]
+  );
+}
+async function verifyAAR(envelope, publicKey) {
+  const parsed = AAREnvelopeV0Schema.parse(envelope);
+  const contentHash = computeContentHash(parsed.inner);
+  if (contentHash !== parsed.content_hash) {
+    throw new Error("AAR content hash mismatch");
+  }
+  const key = await importPublicKey(publicKey);
+  const verified = await crypto.subtle.verify(
+    "Ed25519",
+    key,
+    toBuffer(base64urlToBytes(parsed.signature)),
+    toBuffer(base64urlToBytes(parsed.content_hash))
+  );
+  if (!verified) {
+    throw new Error(`AAR signature verification failed for signer ${parsed.signer_id}`);
+  }
+  return parsed;
+}
+
+// src/surface.ts
+var import_zod3 = require("zod");
+var SurfaceSchema = import_zod3.z.enum([
   "mcp",
   // Model Context Protocol servers
   "x402",
@@ -130,11 +384,11 @@ var SurfaceSchema = import_zod.z.enum([
 var SURFACES = SurfaceSchema.options;
 
 // src/response.ts
-var import_zod3 = require("zod");
+var import_zod5 = require("zod");
 
 // src/error-codes.ts
-var import_zod2 = require("zod");
-var KernelErrorCodeSchema = import_zod2.z.enum([
+var import_zod4 = require("zod");
+var KernelErrorCodeSchema = import_zod4.z.enum([
   // 4xx Client Errors
   "INVALID_REQUEST",
   // 400 - Malformed request body
@@ -183,49 +437,49 @@ function error(code, message, correlationId, details) {
     }
   };
 }
-var SuccessResponseSchema = (dataSchema) => import_zod3.z.object({
-  success: import_zod3.z.literal(true),
+var SuccessResponseSchema = (dataSchema) => import_zod5.z.object({
+  success: import_zod5.z.literal(true),
   data: dataSchema,
-  meta: import_zod3.z.object({
-    request_id: import_zod3.z.string().optional(),
-    correlation_id: import_zod3.z.string()
+  meta: import_zod5.z.object({
+    request_id: import_zod5.z.string().optional(),
+    correlation_id: import_zod5.z.string()
   }).optional()
 });
-var ErrorResponseSchema = import_zod3.z.object({
-  success: import_zod3.z.literal(false),
-  error: import_zod3.z.object({
+var ErrorResponseSchema = import_zod5.z.object({
+  success: import_zod5.z.literal(false),
+  error: import_zod5.z.object({
     code: KernelErrorCodeSchema,
-    message: import_zod3.z.string(),
-    details: import_zod3.z.unknown().optional(),
-    correlation_id: import_zod3.z.string()
+    message: import_zod5.z.string(),
+    details: import_zod5.z.unknown().optional(),
+    correlation_id: import_zod5.z.string()
   })
 });
 
 // src/receipt-v0.ts
-var import_zod4 = require("zod");
+var import_zod6 = require("zod");
 var RECEIPT_TYPE_URI = "https://hlos.ai/schema/SignedReceiptV0";
 var RECEIPT_VERSION = 0;
 var CONTENT_HASH_LENGTH = 43;
 var SIGNATURE_LENGTH = 86;
-var SignedReceiptV0Schema = (contentSchema) => import_zod4.z.object({
-  "@type": import_zod4.z.literal(RECEIPT_TYPE_URI),
-  version: import_zod4.z.literal(RECEIPT_VERSION),
-  receipt_id: import_zod4.z.string(),
+var SignedReceiptV0Schema = (contentSchema) => import_zod6.z.object({
+  "@type": import_zod6.z.literal(RECEIPT_TYPE_URI),
+  version: import_zod6.z.literal(RECEIPT_VERSION),
+  receipt_id: import_zod6.z.string(),
   content: contentSchema,
   // SHA-256 digest (32 bytes) = exactly 43 chars base64url
-  content_hash: import_zod4.z.string().regex(
+  content_hash: import_zod6.z.string().regex(
     /^[A-Za-z0-9_-]{43}$/,
     "content_hash must be 43-char base64url (32-byte SHA-256)"
   ),
   // Ed25519 signature (64 bytes) = exactly 86 chars base64url
-  signature: import_zod4.z.string().regex(
+  signature: import_zod6.z.string().regex(
     /^[A-Za-z0-9_-]{86}$/,
     "signature must be 86-char base64url (64-byte Ed25519)"
   ),
-  key_id: import_zod4.z.string().min(1),
-  issued_at: import_zod4.z.string().datetime()
+  key_id: import_zod6.z.string().min(1),
+  issued_at: import_zod6.z.string().datetime()
 });
-var SignedReceiptV0LooseSchema = SignedReceiptV0Schema(import_zod4.z.unknown());
+var SignedReceiptV0LooseSchema = SignedReceiptV0Schema(import_zod6.z.unknown());
 function isSignedReceiptV0(value) {
   if (typeof value !== "object" || value === null) return false;
   const obj = value;
@@ -233,13 +487,15 @@ function isSignedReceiptV0(value) {
 }
 
 // src/ids.ts
-var import_zod5 = require("zod");
-var WalletIdSchema = import_zod5.z.string().regex(/^wallet_[a-z0-9]{20,}$/i, "Invalid WalletId format").transform((s) => s);
-var PassportIdSchema = import_zod5.z.string().regex(/^passport_[a-z0-9]{20,}$/i, "Invalid PassportId format").transform((s) => s);
-var ReceiptIdSchema = import_zod5.z.string().regex(/^rcpt_[0-9A-HJKMNP-TV-Z]{26}$/i, "Invalid ReceiptId format").transform((s) => s);
-var CorrelationIdSchema = import_zod5.z.string().min(8).max(128).transform((s) => s);
-var IdempotencyKeySchema = import_zod5.z.string().min(1).max(256).regex(/^[\x20-\x7E]+$/, "IdempotencyKey must be printable ASCII").transform((s) => s);
-var CrossingIdSchema = import_zod5.z.string().regex(/^cross_[a-z0-9]{20,}$/i, "Invalid CrossingId format").transform((s) => s);
+var import_zod7 = require("zod");
+var DispatchIdBrand = /* @__PURE__ */ Symbol("DispatchIdBrand");
+var WalletIdSchema = import_zod7.z.string().regex(/^wallet_[a-z0-9]{20,}$/i, "Invalid WalletId format").transform((s) => s);
+var PassportIdSchema = import_zod7.z.string().regex(/^passport_[a-z0-9]{20,}$/i, "Invalid PassportId format").transform((s) => s);
+var ReceiptIdSchema = import_zod7.z.string().regex(/^rcpt_[0-9A-HJKMNP-TV-Z]{26}$/i, "Invalid ReceiptId format").transform((s) => s);
+var CorrelationIdSchema = import_zod7.z.string().min(8).max(128).transform((s) => s);
+var IdempotencyKeySchema = import_zod7.z.string().min(1).max(256).regex(/^[\x20-\x7E]+$/, "IdempotencyKey must be printable ASCII").transform((s) => s);
+var CrossingIdSchema = import_zod7.z.string().regex(/^cross_[a-z0-9]{20,}$/i, "Invalid CrossingId format").transform((s) => s);
+var DispatchIdSchema = import_zod7.z.string().regex(/^dispatch_[a-z0-9]{20,}$/, "Invalid DispatchId format").transform((s) => s);
 function generateId(prefix) {
   const timestamp = Date.now().toString(36);
   const random = crypto.randomUUID().replace(/-/g, "").slice(0, 16);
@@ -249,10 +505,11 @@ var generateWalletId = () => generateId("wallet");
 var generatePassportId = () => generateId("passport");
 var generateReceiptId = () => generateId("rcpt");
 var generateCrossingId = () => generateId("cross");
+var generateDispatchId = () => generateId("dispatch");
 
 // src/shared-contract.ts
-var import_zod6 = require("zod");
-var KernelErrorCodeSchema2 = import_zod6.z.enum([
+var import_zod8 = require("zod");
+var KernelErrorCodeSchema2 = import_zod8.z.enum([
   // Validation / Request errors
   "VALIDATION_ERROR",
   // 400 - Input validation failed
@@ -314,30 +571,30 @@ var ERROR_CODE_STATUS = {
   INTERNAL_ERROR: 500,
   SERVICE_UNAVAILABLE: 503
 };
-var KernelOkSchema = (dataSchema) => import_zod6.z.object({
-  ok: import_zod6.z.literal(true),
-  status: import_zod6.z.union([
-    import_zod6.z.number().int().min(200).max(299),
-    import_zod6.z.literal(304)
+var KernelOkSchema = (dataSchema) => import_zod8.z.object({
+  ok: import_zod8.z.literal(true),
+  status: import_zod8.z.union([
+    import_zod8.z.number().int().min(200).max(299),
+    import_zod8.z.literal(304)
   ]),
   data: dataSchema
 });
-var KernelErrorSchema = import_zod6.z.object({
-  ok: import_zod6.z.literal(false),
-  status: import_zod6.z.number().int().min(400).max(599),
-  error: import_zod6.z.object({
+var KernelErrorSchema = import_zod8.z.object({
+  ok: import_zod8.z.literal(false),
+  status: import_zod8.z.number().int().min(400).max(599),
+  error: import_zod8.z.object({
     code: KernelErrorCodeSchema2,
     // P0 FIX: was z.string()
-    message: import_zod6.z.string(),
-    details: import_zod6.z.record(import_zod6.z.unknown()).optional()
+    message: import_zod8.z.string(),
+    details: import_zod8.z.record(import_zod8.z.unknown()).optional()
   })
 });
-var CrossingIdFormatSchema = import_zod6.z.string().regex(/^cross_[a-z0-9]{20,}$/i, "Invalid CrossingId format (expected: cross_...)");
-var ReceiptIdFormatSchema = import_zod6.z.string().regex(/^rcpt_[0-9A-HJKMNP-TV-Z]{26}$/i, "Invalid ReceiptId format (expected: rcpt_...)");
-var PassportIdFormatSchema = import_zod6.z.string().regex(/^passport_[a-z0-9]{20,}$/i, "Invalid PassportId format (expected: passport_...)");
-var WalletIdFormatSchema = import_zod6.z.string().regex(/^wallet_[a-z0-9]{20,}$/i, "Invalid WalletId format (expected: wallet_...)");
-var FundingSourceSchema = import_zod6.z.enum(["SPONSOR", "PLATFORM", "USER"]);
-var CredentialSourceSchema = import_zod6.z.enum([
+var CrossingIdFormatSchema = import_zod8.z.string().regex(/^cross_[a-z0-9]{20,}$/i, "Invalid CrossingId format (expected: cross_...)");
+var ReceiptIdFormatSchema = import_zod8.z.string().regex(/^rcpt_[0-9A-HJKMNP-TV-Z]{26}$/i, "Invalid ReceiptId format (expected: rcpt_...)");
+var PassportIdFormatSchema = import_zod8.z.string().regex(/^passport_[a-z0-9]{20,}$/i, "Invalid PassportId format (expected: passport_...)");
+var WalletIdFormatSchema = import_zod8.z.string().regex(/^wallet_[a-z0-9]{20,}$/i, "Invalid WalletId format (expected: wallet_...)");
+var FundingSourceSchema = import_zod8.z.enum(["SPONSOR", "PLATFORM", "USER"]);
+var CredentialSourceSchema = import_zod8.z.enum([
   "SPONSOR_KEY",
   // Sponsor-provisioned key
   "BYOK",
@@ -355,46 +612,46 @@ function deriveFundingSource(credentialSource) {
       return "PLATFORM";
   }
 }
-var CrossingSnapshotV0Schema = import_zod6.z.object({
+var CrossingSnapshotV0Schema = import_zod8.z.object({
   crossingId: CrossingIdFormatSchema,
-  capabilityId: import_zod6.z.string(),
+  capabilityId: import_zod8.z.string(),
   passportId: PassportIdFormatSchema,
   // Scoping
-  event_id: import_zod6.z.string().nullable(),
-  access_window_id: import_zod6.z.string().nullable(),
-  access_grant_id: import_zod6.z.string().nullable(),
+  event_id: import_zod8.z.string().nullable(),
+  access_window_id: import_zod8.z.string().nullable(),
+  access_grant_id: import_zod8.z.string().nullable(),
   // Attribution
-  attribution_org_id: import_zod6.z.string().nullable(),
+  attribution_org_id: import_zod8.z.string().nullable(),
   funding_source: FundingSourceSchema.nullable(),
   credential_source: CredentialSourceSchema
 });
-var CrossingHashInputV0Schema = import_zod6.z.object({
-  v: import_zod6.z.literal(0),
+var CrossingHashInputV0Schema = import_zod8.z.object({
+  v: import_zod8.z.literal(0),
   snapshot: CrossingSnapshotV0Schema,
   attested_receipt_id: ReceiptIdFormatSchema
 });
 var SETTLEMENT_AUTHORITY = "hlos.ai";
-var CrossingSettledReceiptSchema = import_zod6.z.object({
-  type: import_zod6.z.literal("CrossingSettled"),
+var CrossingSettledReceiptSchema = import_zod8.z.object({
+  type: import_zod8.z.literal("CrossingSettled"),
   crossingId: CrossingIdFormatSchema,
   // Scoping (powers adoption + ROI views)
-  event_id: import_zod6.z.string().nullable(),
-  access_window_id: import_zod6.z.string().nullable(),
-  access_grant_id: import_zod6.z.string().nullable(),
+  event_id: import_zod8.z.string().nullable(),
+  access_window_id: import_zod8.z.string().nullable(),
+  access_grant_id: import_zod8.z.string().nullable(),
   // Attribution
-  attribution_org_id: import_zod6.z.string().nullable(),
+  attribution_org_id: import_zod8.z.string().nullable(),
   funding_source: FundingSourceSchema.nullable(),
   credential_source: CredentialSourceSchema,
   // Authority (LITERAL)
-  settlement_authority: import_zod6.z.literal(SETTLEMENT_AUTHORITY),
+  settlement_authority: import_zod8.z.literal(SETTLEMENT_AUTHORITY),
   // Binding
-  crossing_hash: import_zod6.z.string(),
+  crossing_hash: import_zod8.z.string(),
   // sha256 base64url of CrossingHashInputV0
-  attested_receipt_id: import_zod6.z.string(),
+  attested_receipt_id: import_zod8.z.string(),
   // Timestamp
-  settled_at: import_zod6.z.string().datetime()
+  settled_at: import_zod8.z.string().datetime()
 });
-var AvailabilityTypeSchema = import_zod6.z.enum([
+var AvailabilityTypeSchema = import_zod8.z.enum([
   "EVENT_SPONSOR",
   // Sponsor-funded for specific event
   "EVERGREEN",
@@ -402,7 +659,7 @@ var AvailabilityTypeSchema = import_zod6.z.enum([
   "CATALOG"
   // User-paid from catalog
 ]);
-var ProviderRoleSchema = import_zod6.z.enum([
+var ProviderRoleSchema = import_zod8.z.enum([
   "AI",
   // AI/LLM providers (Gemini, GPT, Claude)
   "DATABASE",
@@ -422,35 +679,35 @@ var ProviderRoleSchema = import_zod6.z.enum([
   "OTHER"
   // Catch-all for new categories
 ]);
-var StackProviderSchema = import_zod6.z.object({
-  provider_id: import_zod6.z.string(),
+var StackProviderSchema = import_zod8.z.object({
+  provider_id: import_zod8.z.string(),
   role: ProviderRoleSchema,
   // P1: Now a constrained enum
-  display_name: import_zod6.z.string(),
-  budget_allocation: import_zod6.z.number().nonnegative(),
-  sku_ids: import_zod6.z.array(import_zod6.z.string()),
+  display_name: import_zod8.z.string(),
+  budget_allocation: import_zod8.z.number().nonnegative(),
+  sku_ids: import_zod8.z.array(import_zod8.z.string()),
   availability_type: AvailabilityTypeSchema
 });
-var StackSchema = import_zod6.z.object({
-  id: import_zod6.z.string(),
-  slug: import_zod6.z.string(),
-  name: import_zod6.z.string(),
-  tagline: import_zod6.z.string(),
-  icon: import_zod6.z.string(),
-  providers: import_zod6.z.array(StackProviderSchema),
-  github_template: import_zod6.z.string().nullable(),
-  total_budget: import_zod6.z.number().nonnegative(),
-  event_id: import_zod6.z.string().nullable()
+var StackSchema = import_zod8.z.object({
+  id: import_zod8.z.string(),
+  slug: import_zod8.z.string(),
+  name: import_zod8.z.string(),
+  tagline: import_zod8.z.string(),
+  icon: import_zod8.z.string(),
+  providers: import_zod8.z.array(StackProviderSchema),
+  github_template: import_zod8.z.string().nullable(),
+  total_budget: import_zod8.z.number().nonnegative(),
+  event_id: import_zod8.z.string().nullable()
   // null = evergreen
 });
-var StackConnectionSchema = import_zod6.z.object({
-  id: import_zod6.z.string(),
-  stack_id: import_zod6.z.string(),
-  passport_id: import_zod6.z.string(),
-  team_id: import_zod6.z.string().nullable(),
-  environment_id: import_zod6.z.string(),
-  connected_at: import_zod6.z.string().datetime(),
-  connected_providers: import_zod6.z.array(import_zod6.z.string())
+var StackConnectionSchema = import_zod8.z.object({
+  id: import_zod8.z.string(),
+  stack_id: import_zod8.z.string(),
+  passport_id: import_zod8.z.string(),
+  team_id: import_zod8.z.string().nullable(),
+  environment_id: import_zod8.z.string(),
+  connected_at: import_zod8.z.string().datetime(),
+  connected_providers: import_zod8.z.array(import_zod8.z.string())
 });
 function kernelOk(data, status = 200) {
   return { ok: true, status, data };
@@ -519,7 +776,7 @@ function isCrossingSettledReceipt(value) {
 }
 
 // src/w.ts
-var import_zod7 = require("zod");
+var import_zod9 = require("zod");
 var W_RPID_DOMAIN = new TextEncoder().encode("W:RPID:v1");
 var W_TXCTX_DOMAIN = new TextEncoder().encode("W:TXCTX:v1");
 var RFC3339_CAPTURING = /^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(\.(\d{1,9}))?(Z|([+-])(\d{2}):(\d{2}))$/;
@@ -597,36 +854,36 @@ function encodeEpoch(epoch) {
   view.setBigUint64(0, BigInt(ms), false);
   return new Uint8Array(buf);
 }
-var RelyingPartyIdSchema = import_zod7.z.object({
+var RelyingPartyIdSchema = import_zod9.z.object({
   /** RP domain (e.g., "merchant.example.com") */
-  domain: import_zod7.z.string().min(1).max(253),
+  domain: import_zod9.z.string().min(1).max(253),
   /** Audience URI (e.g., "https://merchant.example.com/verify") */
-  audience_uri: import_zod7.z.string().url(),
+  audience_uri: import_zod9.z.string().url(),
   /** SHA-256 hash of verifier's public key (hex, 64 chars) */
-  verifier_key_hash: import_zod7.z.string().regex(/^[a-f0-9]{64}$/, "Must be 64-char lowercase hex")
+  verifier_key_hash: import_zod9.z.string().regex(/^[a-f0-9]{64}$/, "Must be 64-char lowercase hex")
 });
-var RotationEpochSchema = import_zod7.z.union([
-  import_zod7.z.number().int().nonnegative(),
-  import_zod7.z.string().datetime({ offset: true })
+var RotationEpochSchema = import_zod9.z.union([
+  import_zod9.z.number().int().nonnegative(),
+  import_zod9.z.string().datetime({ offset: true })
   // Requires timezone offset (RFC3339)
 ]);
-var RPIDSchema = import_zod7.z.string().length(43, "RPID must be base64url-encoded 32 bytes (43 chars, no padding)").regex(/^[A-Za-z0-9_-]+$/, "Must be base64url (no padding)");
-var TransactionContextSchema = import_zod7.z.object({
+var RPIDSchema = import_zod9.z.string().length(43, "RPID must be base64url-encoded 32 bytes (43 chars, no padding)").regex(/^[A-Za-z0-9_-]+$/, "Must be base64url (no padding)");
+var TransactionContextSchema = import_zod9.z.object({
   // Required core (stable)
   relying_party_id: RelyingPartyIdSchema,
   /** sha256(JCS({ intent, request })) — see computeOperationHash() */
-  operation_hash: import_zod7.z.string().regex(/^[a-f0-9]{64}$/, "Must be 64-char lowercase hex"),
+  operation_hash: import_zod9.z.string().regex(/^[a-f0-9]{64}$/, "Must be 64-char lowercase hex"),
   /** Validity start (RFC3339) */
-  not_before: import_zod7.z.string().datetime({ offset: true }),
+  not_before: import_zod9.z.string().datetime({ offset: true }),
   /** Validity end (RFC3339) */
-  not_after: import_zod7.z.string().datetime({ offset: true }),
+  not_after: import_zod9.z.string().datetime({ offset: true }),
   // Optional (part of hash, must be consistent)
-  amount: import_zod7.z.number().nonnegative().optional(),
-  currency: import_zod7.z.string().length(3).optional(),
-  surface_id: import_zod7.z.string().optional(),
-  channel_id: import_zod7.z.string().optional()
+  amount: import_zod9.z.number().nonnegative().optional(),
+  currency: import_zod9.z.string().length(3).optional(),
+  surface_id: import_zod9.z.string().optional(),
+  channel_id: import_zod9.z.string().optional()
 });
-var TransactionContextHashSchema = import_zod7.z.string().regex(/^[a-f0-9]{64}$/, "Must be 64-char lowercase hex");
+var TransactionContextHashSchema = import_zod9.z.string().regex(/^[a-f0-9]{64}$/, "Must be 64-char lowercase hex");
 var W_GOLDEN_FIXTURES = {
   /**
    * encodeEpoch(1706486400000) = 2024-01-29T00:00:00.000Z
@@ -682,236 +939,199 @@ function validateTimeWindow(context) {
 }
 
 // src/agents.ts
-var import_zod8 = require("zod");
-var AgentStatusSchema = import_zod8.z.enum(["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]).or(import_zod8.z.string().min(1));
-var AgentTypeSchema = import_zod8.z.enum(["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]).or(import_zod8.z.string().min(1));
-var AgentListItemSchema = import_zod8.z.object({
-  id: import_zod8.z.string().min(1),
-  external_id: import_zod8.z.string().min(1),
-  name: import_zod8.z.string().min(1),
+var import_zod10 = require("zod");
+var AgentStatusSchema = import_zod10.z.enum(["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]).or(import_zod10.z.string().min(1));
+var AgentTypeSchema = import_zod10.z.enum(["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]).or(import_zod10.z.string().min(1));
+var AgentListItemSchema = import_zod10.z.object({
+  id: import_zod10.z.string().min(1),
+  external_id: import_zod10.z.string().min(1),
+  name: import_zod10.z.string().min(1),
   status: AgentStatusSchema,
   agent_type: AgentTypeSchema,
-  trust_score: import_zod8.z.number().int().min(0).max(1e3),
-  hosting_model: import_zod8.z.null(),
-  declared_tier: import_zod8.z.null(),
-  created_at: import_zod8.z.string().datetime()
+  trust_score: import_zod10.z.number().int().min(0).max(1e3),
+  hosting_model: import_zod10.z.null(),
+  declared_tier: import_zod10.z.null(),
+  created_at: import_zod10.z.string().datetime()
 }).passthrough();
-var AgentsListResponseSchema = import_zod8.z.object({
-  agents: import_zod8.z.array(AgentListItemSchema),
-  _meta: import_zod8.z.object({
-    source: import_zod8.z.literal("hlos")
+var AgentsListResponseSchema = import_zod10.z.object({
+  agents: import_zod10.z.array(AgentListItemSchema),
+  _meta: import_zod10.z.object({
+    source: import_zod10.z.literal("hlos")
   })
 }).passthrough();
-var AgentPassportStubResponseSchema = import_zod8.z.object({
-  passport_id: import_zod8.z.null(),
-  agent_id: import_zod8.z.string().min(1),
-  hosting_model: import_zod8.z.null(),
-  declared_tier: import_zod8.z.null(),
-  effective_tier: import_zod8.z.null(),
-  finality_level: import_zod8.z.null(),
-  graph: import_zod8.z.object({
-    incoming_edges: import_zod8.z.null(),
-    outgoing_edges: import_zod8.z.null(),
-    active_visas: import_zod8.z.null()
+var AgentPassportStubResponseSchema = import_zod10.z.object({
+  passport_id: import_zod10.z.null(),
+  agent_id: import_zod10.z.string().min(1),
+  hosting_model: import_zod10.z.null(),
+  declared_tier: import_zod10.z.null(),
+  effective_tier: import_zod10.z.null(),
+  finality_level: import_zod10.z.null(),
+  graph: import_zod10.z.object({
+    incoming_edges: import_zod10.z.null(),
+    outgoing_edges: import_zod10.z.null(),
+    active_visas: import_zod10.z.null()
   }).passthrough(),
-  links: import_zod8.z.object({
-    passport_url: import_zod8.z.string().startsWith("/agent-passport/agents/"),
-    docs_url: import_zod8.z.literal("/agents/passport")
+  links: import_zod10.z.object({
+    passport_url: import_zod10.z.string().startsWith("/agent-passport/agents/"),
+    docs_url: import_zod10.z.literal("/agents/passport")
   }).passthrough(),
-  _meta: import_zod8.z.object({
-    source: import_zod8.z.literal("stub")
+  _meta: import_zod10.z.object({
+    source: import_zod10.z.literal("stub")
   })
 }).passthrough();
 
-// src/encoding.ts
-var import_zod9 = require("zod");
-function bytesToBase64url(bytes) {
-  let binary = "";
-  for (let i = 0; i < bytes.length; i++) {
-    binary += String.fromCharCode(bytes[i]);
-  }
-  const base64 = btoa(binary);
-  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-function base64urlToBytes(str) {
-  const base64 = str.replace(/-/g, "+").replace(/_/g, "/");
-  const padded = base64 + "=".repeat((4 - base64.length % 4) % 4);
-  const binary = atob(padded);
-  const bytes = new Uint8Array(binary.length);
-  for (let i = 0; i < binary.length; i++) {
-    bytes[i] = binary.charCodeAt(i);
-  }
-  return bytes;
-}
-var BASE64URL_SHA256_REGEX = /^[A-Za-z0-9_-]{43}$/;
-var Base64urlSha256Schema = import_zod9.z.string().regex(
-  BASE64URL_SHA256_REGEX,
-  "Must be 43-char base64url (32-byte SHA-256 digest)"
+// src/dispatch-chain.ts
+var import_zod11 = require("zod");
+var CHAIN_STAGE_ORDER = ["CR", "LAT", "EGP", "SA"];
+var ChainStageTypeSchema = import_zod11.z.enum(CHAIN_STAGE_ORDER);
+var ReceiptHashRefSchema = Base64urlSha256Schema.describe(
+  "receipt_hash: base64url(SHA-256(JCS(entire_receipt_envelope)))"
 );
-var Base64urlEd25519SigSchema = import_zod9.z.string().regex(
-  /^[A-Za-z0-9_-]{86}$/,
-  "Must be 86-char base64url (64-byte Ed25519 signature)"
+var ContentHashRefSchema = Base64urlSha256Schema.describe(
+  "content_hash reference: base64url(SHA-256(JCS(content_field_only)))"
 );
-
-// src/receipt-hash.ts
-var import_meta = {};
-var cachedSha256 = null;
-function sortKeysDeep(value) {
-  if (Array.isArray(value)) return value.map(sortKeysDeep);
-  if (value !== null && typeof value === "object") {
-    const obj = value;
-    const out = {};
-    for (const key of Object.keys(obj).sort()) {
-      out[key] = sortKeysDeep(obj[key]);
-    }
-    return out;
+var CustodyReceiptContentSchema = import_zod11.z.object({
+  type: import_zod11.z.literal("CustodyReceipt"),
+  stage_type: import_zod11.z.literal("CR"),
+  stage_version: import_zod11.z.literal(0),
+  stage_index: import_zod11.z.literal(0),
+  dispatch_id: DispatchIdSchema,
+  previous_receipt_hash: import_zod11.z.null(),
+  // CR-specific
+  actor_passport_id: import_zod11.z.string().min(1),
+  surface: import_zod11.z.string().min(1),
+  task_scope: import_zod11.z.string().min(1),
+  settlement_authority: import_zod11.z.literal(SETTLEMENT_AUTHORITY)
+}).strict();
+var LiabilityAttestationContentSchema = import_zod11.z.object({
+  type: import_zod11.z.literal("LiabilityAttestation"),
+  stage_type: import_zod11.z.literal("LAT"),
+  stage_version: import_zod11.z.literal(0),
+  stage_index: import_zod11.z.literal(1),
+  dispatch_id: DispatchIdSchema,
+  previous_receipt_hash: ReceiptHashRefSchema,
+  chain_root_content_hash: ContentHashRefSchema,
+  // LAT-specific
+  policy_snapshot_hash: Base64urlSha256Schema,
+  capabilities_granted: import_zod11.z.array(import_zod11.z.string().min(1)).min(1),
+  authorization_scope: import_zod11.z.string().min(1),
+  /** Receipt issuer authority (HLOS issues all chain artifacts). */
+  settlement_authority: import_zod11.z.literal(SETTLEMENT_AUTHORITY)
+}).strict();
+var EconomicGateProofContentSchema = import_zod11.z.object({
+  type: import_zod11.z.literal("EconomicGateProof"),
+  stage_type: import_zod11.z.literal("EGP"),
+  stage_version: import_zod11.z.literal(0),
+  stage_index: import_zod11.z.literal(2),
+  dispatch_id: DispatchIdSchema,
+  previous_receipt_hash: ReceiptHashRefSchema,
+  chain_root_content_hash: ContentHashRefSchema,
+  // EGP-specific
+  wallet_id: import_zod11.z.string().min(1),
+  hold_id: import_zod11.z.string().min(1).optional(),
+  amount_mills: import_zod11.z.number().int().nonnegative(),
+  currency: import_zod11.z.literal("USD"),
+  settlement_authority: import_zod11.z.literal(SETTLEMENT_AUTHORITY)
+}).strict();
+var SettlementAnchorContentSchema = import_zod11.z.object({
+  type: import_zod11.z.literal("SettlementAnchor"),
+  stage_type: import_zod11.z.literal("SA"),
+  stage_version: import_zod11.z.literal(0),
+  stage_index: import_zod11.z.literal(3),
+  dispatch_id: DispatchIdSchema,
+  previous_receipt_hash: ReceiptHashRefSchema,
+  chain_root_content_hash: ContentHashRefSchema,
+  // SA-specific
+  settlement_receipt_hash: ReceiptHashRefSchema,
+  crossing_id: import_zod11.z.string().optional(),
+  final_amount_mills: import_zod11.z.number().int().nonnegative(),
+  settlement_authority: import_zod11.z.literal(SETTLEMENT_AUTHORITY)
+}).strict();
+var DispatchChainContentSchema = import_zod11.z.discriminatedUnion("type", [
+  CustodyReceiptContentSchema,
+  LiabilityAttestationContentSchema,
+  EconomicGateProofContentSchema,
+  SettlementAnchorContentSchema
+]);
+function assertValidChainLink(expectedPreviousHash, actualPreviousHash, stageType) {
+  if (expectedPreviousHash !== actualPreviousHash) {
+    throw new Error(
+      `Chain link broken at ${stageType}: expected previous_receipt_hash=${expectedPreviousHash}, got=${actualPreviousHash}`
+    );
   }
-  return value;
 }
-function jcsCanonicalize(value) {
-  return JSON.stringify(sortKeysDeep(value), (_key, v) => {
-    if (v === void 0) throw new Error("JCS: undefined is not allowed");
-    if (typeof v === "function") throw new Error("JCS: function is not allowed");
-    if (typeof v === "symbol") throw new Error("JCS: symbol is not allowed");
-    if (typeof v === "bigint") throw new Error("JCS: bigint is not allowed");
-    if (typeof v === "number" && !Number.isFinite(v))
-      throw new Error("JCS: non-finite number is not allowed");
-    return v;
-  });
-}
-function computeReceiptHash(receipt) {
-  const sha256 = loadSha256();
-  const canonical = jcsCanonicalize(receipt);
-  const digest = sha256(new TextEncoder().encode(canonical));
-  return bytesToBase64url(digest);
-}
-function computeContentHash(content) {
-  const sha256 = loadSha256();
-  const canonical = jcsCanonicalize(content);
-  const digest = sha256(new TextEncoder().encode(canonical));
-  return bytesToBase64url(digest);
-}
-function loadSha256() {
-  if (cachedSha256) return cachedSha256;
-  let _require;
-  try {
-    const { createRequire } = require("module");
-    _require = createRequire(import_meta.url);
-  } catch {
-    _require = require;
-  }
-  let sha256;
-  try {
-    sha256 = _require("@noble/hashes/sha2.js").sha256;
-  } catch {
-    try {
-      sha256 = _require("@noble/hashes/sha2").sha256;
-    } catch {
-      throw new Error(
-        "computeReceiptHash/computeContentHash requires @noble/hashes as a peer dependency. Install it: npm install @noble/hashes"
-      );
-    }
+function assertRootHash(actualRootHash, expectedRootHash, stageType) {
+  if (actualRootHash !== expectedRootHash) {
+    throw new Error(
+      `Chain root mismatch at ${stageType}: expected chain_root_content_hash=${expectedRootHash}, got=${actualRootHash}`
+    );
   }
-  cachedSha256 = sha256;
-  return sha256;
 }
-var ReceiptHashSchema = Base64urlSha256Schema.describe(
-  "receipt_hash: base64url(SHA-256(JCS(receipt)))"
-);
-var RECEIPT_HASH_GOLDEN_FIXTURE = {
-  receipt: {
-    "@type": "https://hlos.ai/schema/SignedReceiptV0",
-    version: 0,
-    receipt_id: "rcpt_01HZGOLDENTEST000000000000",
-    content: {
-      type: "CrossingSettled",
-      crossingId: "cross_test123abc456def789ghi",
-      settlement_authority: "hlos.ai"
-    },
-    // Placeholder bytes (NOT a valid cryptographic signature)
-    content_hash: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
-    signature: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
-    key_id: "hlos-v2-1",
-    issued_at: "2026-01-27T00:00:00.000Z"
-  },
-  /**
-   * Expected JCS canonical form of the receipt.
-   * Keys are lexicographically sorted at all levels.
-   */
-  expectedJcs: '{"@type":"https://hlos.ai/schema/SignedReceiptV0","content":{"crossingId":"cross_test123abc456def789ghi","settlement_authority":"hlos.ai","type":"CrossingSettled"},"content_hash":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA","issued_at":"2026-01-27T00:00:00.000Z","key_id":"hlos-v2-1","receipt_id":"rcpt_01HZGOLDENTEST000000000000","signature":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA","version":0}',
-  /**
-   * Expected receipt_hash (FROZEN).
-   * Compute: JCS canonicalize receipt → SHA-256 → base64url (no padding)
-   *
-   * DO NOT CHANGE unless the receipt fixture above changes.
-   */
-  expectedReceiptHash: "uLiQVUeVKcE35Rdje2fArZQfTcECDgwK6UbmQB_36Pg"
-};
 
 // src/finality.ts
-var import_zod10 = require("zod");
+var import_zod12 = require("zod");
 var NA_ID_PREFIX = "na_";
 var FinalityLevel = {
   SOFT: "SOFT",
   HARD: "HARD"
 };
-var NotaryAttestationIdFormatSchema = import_zod10.z.string().regex(
+var NotaryAttestationIdFormatSchema = import_zod12.z.string().regex(
   /^na_[a-zA-Z0-9]{20,}$/,
   "NA ID must match na_[a-zA-Z0-9]{20,}"
 );
-var LogInclusionProofSchema = import_zod10.z.object({
+var LogInclusionProofSchema = import_zod12.z.object({
   /** Merkle root hash (base64url SHA-256) */
   root: Base64urlSha256Schema,
   /** Sibling hashes along the path (base64url SHA-256 each) */
-  proof: import_zod10.z.array(Base64urlSha256Schema),
+  proof: import_zod12.z.array(Base64urlSha256Schema),
   /** Leaf index in the log */
-  index: import_zod10.z.number().int().nonnegative()
+  index: import_zod12.z.number().int().nonnegative()
 });
-var NotaryAttestationSchema = import_zod10.z.object({
+var NotaryAttestationSchema = import_zod12.z.object({
   // --- Required ---
   /** Unique NA identifier */
   na_id: NotaryAttestationIdFormatSchema,
   /** The receipt_hash this NA attests to */
   receipt_hash: Base64urlSha256Schema,
   /** Notary service identifier (e.g. "staampid") */
-  notary_id: import_zod10.z.string().min(1),
+  notary_id: import_zod12.z.string().min(1),
   /** ISO 8601 timestamp when NA was issued */
-  issued_at: import_zod10.z.string().datetime(),
+  issued_at: import_zod12.z.string().datetime(),
   /** Notary's countersignature (base64url encoded) */
-  signature: import_zod10.z.string().min(1),
+  signature: import_zod12.z.string().min(1),
   /** Signature algorithm (e.g. "EdDSA") */
-  signature_alg: import_zod10.z.string().min(1),
+  signature_alg: import_zod12.z.string().min(1),
   // --- Optional (future-proof) ---
   /** Receipt type being attested */
-  receipt_type: import_zod10.z.string().optional(),
+  receipt_type: import_zod12.z.string().optional(),
   /** Receipt version being attested */
-  receipt_version: import_zod10.z.number().int().nonnegative().optional(),
+  receipt_version: import_zod12.z.number().int().nonnegative().optional(),
   /** Settlement authority that issued the receipt (cross-check) */
-  settlement_authority: import_zod10.z.string().optional(),
+  settlement_authority: import_zod12.z.string().optional(),
   /** TTL in seconds for this attestation */
-  validity_window_seconds: import_zod10.z.number().int().positive().optional(),
+  validity_window_seconds: import_zod12.z.number().int().positive().optional(),
   /** ISO 8601 expiry (derived from issued_at + validity_window_seconds) */
-  expires_at: import_zod10.z.string().datetime().optional(),
+  expires_at: import_zod12.z.string().datetime().optional(),
   /** Merkle proof for append-only log inclusion */
   log_inclusion: LogInclusionProofSchema.optional()
 });
-var NotaryRequestSchema = import_zod10.z.object({
+var NotaryRequestSchema = import_zod12.z.object({
   /** receipt_hash to be attested (base64url SHA-256) */
   receipt_hash: Base64urlSha256Schema,
   /** Must be literal 'hlos.ai' */
-  settlement_authority: import_zod10.z.literal(SETTLEMENT_AUTHORITY),
+  settlement_authority: import_zod12.z.literal(SETTLEMENT_AUTHORITY),
   /** Crossing this receipt belongs to */
-  crossing_id: import_zod10.z.string().min(1),
+  crossing_id: import_zod12.z.string().min(1),
   /** Type of the receipt being attested */
-  receipt_type: import_zod10.z.string().min(1),
+  receipt_type: import_zod12.z.string().min(1),
   /** Version of the receipt being attested */
-  receipt_version: import_zod10.z.number().int().nonnegative(),
+  receipt_version: import_zod12.z.number().int().nonnegative(),
   /** ISO 8601 timestamp of the request */
-  timestamp: import_zod10.z.string().datetime(),
+  timestamp: import_zod12.z.string().datetime(),
   /** Optional: requested validity window in seconds */
-  validity_window_seconds: import_zod10.z.number().int().positive().optional()
+  validity_window_seconds: import_zod12.z.number().int().positive().optional()
 });
-var NotarizeStatusSchema = import_zod10.z.enum([
+var NotarizeStatusSchema = import_zod12.z.enum([
   "HARD",
   // NA obtained, finality upgraded
   "PENDING",
@@ -921,7 +1141,7 @@ var NotarizeStatusSchema = import_zod10.z.enum([
   "ALREADY_HARD"
   // Receipt already has NA
 ]);
-var NotarizeResponseSchema = import_zod10.z.object({
+var NotarizeResponseSchema = import_zod12.z.object({
   /** Finality status after this operation */
   status: NotarizeStatusSchema,
   /** The receipt_hash that was notarized */
@@ -931,13 +1151,13 @@ var NotarizeResponseSchema = import_zod10.z.object({
   /** The full NA object (optional embed) */
   na: NotaryAttestationSchema.optional(),
   /** Notary service identifier */
-  notary: import_zod10.z.string().min(1).optional(),
+  notary: import_zod12.z.string().min(1).optional(),
   /** NA ID for retrieval */
-  notary_receipt_id: import_zod10.z.string().optional(),
+  notary_receipt_id: import_zod12.z.string().optional(),
   /** ISO 8601 timestamp */
-  timestamp: import_zod10.z.string().datetime(),
+  timestamp: import_zod12.z.string().datetime(),
   /** Error details (present when status is FAILED) */
-  error: import_zod10.z.string().optional()
+  error: import_zod12.z.string().optional()
 });
 function isNotaryAttestation(value) {
   return NotaryAttestationSchema.safeParse(value).success;
@@ -945,17 +1165,17 @@ function isNotaryAttestation(value) {
 function isNotaryRequest(value) {
   return NotaryRequestSchema.safeParse(value).success;
 }
-var ArtifactRefSchema = import_zod10.z.object({
+var ArtifactRefSchema = import_zod12.z.object({
   /** Artifact type */
-  type: import_zod10.z.enum(["CR", "LAT", "EGP", "SA", "SignedReceiptV0", "NA"]),
+  type: import_zod12.z.enum(["CR", "LAT", "EGP", "SA", "SignedReceiptV0", "NA"]),
   /** base64url SHA-256 hash of the artifact */
   hash: Base64urlSha256Schema,
   /** Issuer of the artifact */
-  issuer: import_zod10.z.string().min(1),
+  issuer: import_zod12.z.string().min(1),
   /** Schema version */
-  version: import_zod10.z.string().min(1),
+  version: import_zod12.z.string().min(1),
   /** Optional retrieval URI */
-  uri: import_zod10.z.string().url().optional()
+  uri: import_zod12.z.string().url().optional()
 });
 var FINALITY_GOLDEN_FIXTURES = {
   /** Sample NotaryAttestation */
@@ -989,8 +1209,569 @@ var FINALITY_GOLDEN_FIXTURES = {
     timestamp: "2026-01-27T00:01:00.000Z"
   }
 };
+
+// src/eval-artifact.ts
+var import_zod13 = require("zod");
+var ULID_REGEX = /^[0-9A-HJKMNP-TV-Z]{26}$/;
+var EvalTranscriptStageSchema = import_zod13.z.union([
+  ChainStageTypeSchema,
+  import_zod13.z.literal("HTTP")
+]);
+var EvalTranscriptStepSchema = import_zod13.z.object({
+  step_index: import_zod13.z.number().int().nonnegative(),
+  stage: EvalTranscriptStageSchema,
+  input_hash: Base64urlSha256Schema,
+  output_hash: Base64urlSha256Schema.nullable(),
+  verdict: import_zod13.z.enum(["pass", "fail", "skip"]),
+  error: import_zod13.z.string().nullable(),
+  elapsed_ms: import_zod13.z.number().int().nonnegative()
+}).strict();
+var EvalGraderResultSchema = import_zod13.z.object({
+  grader_id: import_zod13.z.string().min(1),
+  verdict: import_zod13.z.enum(["pass", "fail"]),
+  confidence: import_zod13.z.number().min(0).max(1),
+  details: import_zod13.z.string().nullable()
+}).strict();
+var EvalFailureSchema = import_zod13.z.object({
+  step_index: import_zod13.z.number().int().nonnegative(),
+  grader_id: import_zod13.z.string().min(1),
+  code: import_zod13.z.string().min(1),
+  message: import_zod13.z.string().nullable()
+}).strict();
+var EvalArtifactSchema = import_zod13.z.object({
+  schema_version: import_zod13.z.literal(1),
+  // Trial metadata
+  trial_id: import_zod13.z.string().regex(ULID_REGEX, "Expected ULID format"),
+  seed: import_zod13.z.string().nullable(),
+  suite: import_zod13.z.string().min(1),
+  environment: import_zod13.z.enum(["local", "ci", "staging", "production"]),
+  started_at: import_zod13.z.string().datetime(),
+  completed_at: import_zod13.z.string().datetime().nullable(),
+  duration_ms: import_zod13.z.number().int().nonnegative().nullable(),
+  // Transcript — ordered steps
+  transcript: import_zod13.z.array(EvalTranscriptStepSchema),
+  // Grader results
+  grader_results: import_zod13.z.array(EvalGraderResultSchema),
+  // Compact failure records
+  failures: import_zod13.z.array(EvalFailureSchema),
+  // Aggregate metrics
+  pass_rate: import_zod13.z.number().min(0).max(1),
+  consecutive_pass_rate: import_zod13.z.number().min(0).max(1),
+  k: import_zod13.z.number().int().positive()
+}).strict();
+var DUMMY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+var EVAL_GOLDEN_FIXTURES = {
+  /**
+   * Valid 4-step transcript (CR→LAT→EGP→SA, all pass).
+   */
+  valid_full_pass: {
+    schema_version: 1,
+    trial_id: "01HZABCDEF1234567890ABCDEF",
+    seed: "test-seed-001",
+    suite: "kernel-invariant",
+    environment: "ci",
+    started_at: "2026-02-22T10:00:00.000Z",
+    completed_at: "2026-02-22T10:00:01.234Z",
+    duration_ms: 1234,
+    transcript: [
+      { step_index: 0, stage: "CR", input_hash: DUMMY_HASH, output_hash: DUMMY_HASH, verdict: "pass", error: null, elapsed_ms: 5 },
+      { step_index: 1, stage: "LAT", input_hash: DUMMY_HASH, output_hash: DUMMY_HASH, verdict: "pass", error: null, elapsed_ms: 8 },
+      { step_index: 2, stage: "EGP", input_hash: DUMMY_HASH, output_hash: DUMMY_HASH, verdict: "pass", error: null, elapsed_ms: 3 },
+      { step_index: 3, stage: "SA", input_hash: DUMMY_HASH, output_hash: DUMMY_HASH, verdict: "pass", error: null, elapsed_ms: 12 }
+    ],
+    grader_results: [
+      { grader_id: "cr_grader", verdict: "pass", confidence: 1, details: null },
+      { grader_id: "lat_grader", verdict: "pass", confidence: 1, details: null },
+      { grader_id: "egp_grader", verdict: "pass", confidence: 1, details: null },
+      { grader_id: "sa_grader", verdict: "pass", confidence: 1, details: null }
+    ],
+    failures: [],
+    pass_rate: 1,
+    consecutive_pass_rate: 1,
+    k: 10
+  },
+  /**
+   * Single failure: LAT grader fails (broken CR→LAT binding).
+   */
+  lat_failure: {
+    schema_version: 1,
+    trial_id: "01HZABCDEF1234567890ABCDEG",
+    seed: "test-seed-002",
+    suite: "kernel-invariant",
+    environment: "ci",
+    started_at: "2026-02-22T10:01:00.000Z",
+    completed_at: "2026-02-22T10:01:00.456Z",
+    duration_ms: 456,
+    transcript: [
+      { step_index: 0, stage: "CR", input_hash: DUMMY_HASH, output_hash: DUMMY_HASH, verdict: "pass", error: null, elapsed_ms: 5 },
+      { step_index: 1, stage: "LAT", input_hash: DUMMY_HASH, output_hash: null, verdict: "fail", error: "CR hash mismatch", elapsed_ms: 3 },
+      { step_index: 2, stage: "EGP", input_hash: DUMMY_HASH, output_hash: null, verdict: "skip", error: null, elapsed_ms: 0 },
+      { step_index: 3, stage: "SA", input_hash: DUMMY_HASH, output_hash: null, verdict: "skip", error: null, elapsed_ms: 0 }
+    ],
+    grader_results: [
+      { grader_id: "cr_grader", verdict: "pass", confidence: 1, details: null },
+      { grader_id: "lat_grader", verdict: "fail", confidence: 1, details: "LAT.cr_hash does not match computed CR hash" },
+      { grader_id: "egp_grader", verdict: "pass", confidence: 0, details: "Skipped: LAT failed" },
+      { grader_id: "sa_grader", verdict: "pass", confidence: 0, details: "Skipped: upstream failure" }
+    ],
+    failures: [
+      { step_index: 1, grader_id: "lat_grader", code: "BINDING_MISMATCH", message: "LAT.cr_hash does not match computed CR hash" }
+    ],
+    pass_rate: 0.9,
+    consecutive_pass_rate: 0.9,
+    k: 10
+  },
+  /**
+   * Partial artifact: run crashed mid-flight.
+   */
+  partial_crash: {
+    schema_version: 1,
+    trial_id: "01HZABCDEF1234567890ABCDEH",
+    seed: null,
+    suite: "kernel-invariant",
+    environment: "local",
+    started_at: "2026-02-22T10:02:00.000Z",
+    completed_at: null,
+    duration_ms: null,
+    transcript: [
+      { step_index: 0, stage: "CR", input_hash: DUMMY_HASH, output_hash: DUMMY_HASH, verdict: "pass", error: null, elapsed_ms: 5 }
+    ],
+    grader_results: [
+      { grader_id: "cr_grader", verdict: "pass", confidence: 1, details: null }
+    ],
+    failures: [],
+    pass_rate: 0,
+    consecutive_pass_rate: 0,
+    k: 10
+  }
+};
+
+// src/settlement-execute.ts
+var import_zod14 = require("zod");
+var ULID_REGEX2 = /^[0-9A-HJKMNP-TV-Z]{26}$/;
+var UlidSchema = import_zod14.z.string().regex(ULID_REGEX2, "Expected ULID format");
+var UlidOrUuidSchema = import_zod14.z.string().min(1);
+var HashVersionSchema = import_zod14.z.enum(["v1", "v2"]);
+var SettlementModeSchema = import_zod14.z.enum(["execute", "dry_run"]);
+var NotaryStatusSchema = import_zod14.z.enum(["skipped", "verified", "failed"]);
+var SettlementExecuteRequestSchema = import_zod14.z.object({
+  idempotency_key: UlidOrUuidSchema,
+  seed: import_zod14.z.string().nullable().optional(),
+  hash_version: HashVersionSchema.default("v2"),
+  mode: SettlementModeSchema.default("execute"),
+  flow: import_zod14.z.object({
+    wallet_id: import_zod14.z.string().min(1),
+    sku: import_zod14.z.string().min(1),
+    amount: import_zod14.z.string().min(1),
+    currency: import_zod14.z.literal("USD"),
+    metadata: import_zod14.z.record(import_zod14.z.unknown()).optional()
+  })
+}).strict();
+var ArtifactsBlockSchema = import_zod14.z.object({
+  cr: import_zod14.z.record(import_zod14.z.unknown()).nullable(),
+  lat: import_zod14.z.record(import_zod14.z.unknown()).nullable(),
+  egp: import_zod14.z.record(import_zod14.z.unknown()).nullable(),
+  sa: import_zod14.z.record(import_zod14.z.unknown()).nullable()
+});
+var HashesBlockSchema = import_zod14.z.object({
+  cr_hash: Base64urlSha256Schema.nullable(),
+  lat_hash: Base64urlSha256Schema.nullable(),
+  egp_hash: Base64urlSha256Schema.nullable(),
+  sa_hash: Base64urlSha256Schema.nullable()
+});
+var SignatureEnvelopeSchema = import_zod14.z.object({
+  alg: import_zod14.z.literal("ed25519"),
+  sig: import_zod14.z.string().min(1),
+  pub: import_zod14.z.string().min(1)
+});
+var NotaryBlockSchema = import_zod14.z.object({
+  status: NotaryStatusSchema,
+  run_notary: import_zod14.z.object({
+    subject_hash: Base64urlSha256Schema,
+    sig: import_zod14.z.string().min(1),
+    pub: import_zod14.z.string().min(1)
+  }).nullable(),
+  graph_notary: import_zod14.z.object({
+    subject_hash: Base64urlSha256Schema,
+    sig: import_zod14.z.string().min(1),
+    pub: import_zod14.z.string().min(1)
+  }).nullable()
+});
+var TimingBlockSchema = import_zod14.z.object({
+  started_at: import_zod14.z.string().datetime(),
+  completed_at: import_zod14.z.string().datetime().nullable(),
+  duration_ms: import_zod14.z.number().int().nonnegative().nullable()
+});
+var SettlementExecuteSuccessSchema = import_zod14.z.object({
+  schema_version: import_zod14.z.literal(1),
+  flow_id: UlidSchema,
+  suite_id: import_zod14.z.string().min(1),
+  seed: import_zod14.z.string().nullable(),
+  hash_version: HashVersionSchema,
+  artifacts: ArtifactsBlockSchema.extend({
+    cr: import_zod14.z.record(import_zod14.z.unknown()),
+    lat: import_zod14.z.record(import_zod14.z.unknown()),
+    egp: import_zod14.z.record(import_zod14.z.unknown()),
+    sa: import_zod14.z.record(import_zod14.z.unknown())
+  }),
+  hashes: HashesBlockSchema.extend({
+    cr_hash: Base64urlSha256Schema,
+    lat_hash: Base64urlSha256Schema,
+    egp_hash: Base64urlSha256Schema,
+    sa_hash: Base64urlSha256Schema
+  }),
+  signatures: import_zod14.z.object({
+    settlement: import_zod14.z.object({
+      cr_sig: SignatureEnvelopeSchema,
+      lat_sig: SignatureEnvelopeSchema,
+      sa_sig: SignatureEnvelopeSchema
+    }),
+    notary: NotaryBlockSchema
+  }),
+  receipt: import_zod14.z.object({
+    // Kernel receipt IDs currently follow rcpt_ + variable base36/random suffix.
+    receipt_id: import_zod14.z.string().regex(/^rcpt_/, "Expected kernel receipt ID (rcpt_... format)"),
+    status: import_zod14.z.enum(["stored", "pending"]),
+    receipt_hash: Base64urlSha256Schema
+  }),
+  run: import_zod14.z.object({
+    run_id: UlidSchema,
+    final_state_hash: Base64urlSha256Schema,
+    terminal_event_hash: Base64urlSha256Schema,
+    sealed_at: import_zod14.z.string().datetime()
+  }),
+  timing: TimingBlockSchema.extend({
+    completed_at: import_zod14.z.string().datetime(),
+    duration_ms: import_zod14.z.number().int().nonnegative()
+  })
+});
+var SettlementErrorCodeSchema = import_zod14.z.enum([
+  "INSUFFICIENT_FUNDS",
+  "POLICY_DENIED",
+  "INVARIANT_FAILED",
+  "INVALID_AMOUNT_FORMAT",
+  "INVALID_AMOUNT_NEGATIVE",
+  "INVALID_JSON",
+  "INTERNAL"
+]);
+var SettlementExecuteErrorSchema = import_zod14.z.object({
+  schema_version: import_zod14.z.literal(1),
+  flow_id: UlidSchema,
+  suite_id: import_zod14.z.string().min(1),
+  seed: import_zod14.z.string().nullable(),
+  hash_version: HashVersionSchema,
+  error: import_zod14.z.object({
+    code: SettlementErrorCodeSchema,
+    message: import_zod14.z.string(),
+    details: import_zod14.z.record(import_zod14.z.unknown()).optional()
+  }),
+  partial: import_zod14.z.object({
+    artifacts: ArtifactsBlockSchema,
+    hashes: HashesBlockSchema
+  }),
+  timing: TimingBlockSchema
+});
+var SettlementExecuteResponseSchema = import_zod14.z.union([
+  SettlementExecuteSuccessSchema,
+  SettlementExecuteErrorSchema
+]);
+function isSettlementExecuteSuccess(response) {
+  return "artifacts" in response && !("error" in response);
+}
+function isSettlementExecuteError(response) {
+  return "error" in response;
+}
+
+// src/srr-v0.ts
+var import_zod15 = require("zod");
+var SRR_TYPE_URI = "https://hlos.ai/schema/SignedRejectionReceiptV0";
+var SRR_VERSION = 0;
+var SRR_REJECTION_DOMAIN = "kernel:k:rejection:v1";
+var SRR_SIGNATURE_ALGORITHM = "Ed25519";
+var SRR_INITIAL_REASON_CODES = [
+  "BUDGET_EXCEEDED",
+  "POLICY_VIOLATION",
+  "SAFETY_GATE_FAILED",
+  "DELEGATION_REVOKED",
+  "SETTLEMENT_TIMEOUT"
+];
+var REASON_CODE_PATTERN = /^[A-Z][A-Z0-9_]{2,63}$/;
+var SignedRejectionReceiptV0Schema = import_zod15.z.object({
+  "@type": import_zod15.z.literal(SRR_TYPE_URI),
+  version: import_zod15.z.literal(SRR_VERSION),
+  receipt_id: import_zod15.z.string().regex(
+    /^srr_[0-9A-HJKMNP-TV-Z]{26}$/i,
+    "receipt_id must be srr_ + 26-char ULID"
+  ),
+  crossing_id: import_zod15.z.string().min(1),
+  reason_code: import_zod15.z.string().regex(REASON_CODE_PATTERN, "reason_code must be UPPER_SNAKE_CASE, 3-64 chars"),
+  reason_message: import_zod15.z.string().min(1),
+  details: import_zod15.z.record(import_zod15.z.unknown()).optional(),
+  commitment_hash: Base64urlSha256Schema.optional(),
+  issuer_id: import_zod15.z.string().min(1),
+  rejected_at: import_zod15.z.string().datetime(),
+  issuer_public_key_ref: import_zod15.z.string().min(1),
+  signature_algorithm: import_zod15.z.literal(SRR_SIGNATURE_ALGORITHM),
+  signature: Base64urlEd25519SigSchema
+}).strict();
+
+// src/liability-waiver-terms-v0.ts
+var import_zod16 = require("zod");
+var LIABILITY_WAIVER_TERMS_TYPE_URI = "https://hlos.ai/schema/LiabilityWaiverTermsV0";
+var LIABILITY_WAIVER_TERMS_VERSION = 0;
+var LiabilityDispositionSchema = import_zod16.z.enum([
+  "ABSORB",
+  "RELEASE",
+  "TRANSFER",
+  "DISPUTE"
+]);
+var LiabilityWaiverTermsPartiesSchema = import_zod16.z.object({
+  offered_by: import_zod16.z.string().min(1).optional(),
+  offered_to: import_zod16.z.string().min(1).optional(),
+  beneficiary: import_zod16.z.string().min(1).optional(),
+  burdened_party: import_zod16.z.string().min(1).optional()
+}).strict();
+var LiabilityWaiverTermsScopeSchema = import_zod16.z.object({
+  crossing_id: import_zod16.z.string().min(1).optional(),
+  commitment_hash: Base64urlSha256Schema.optional(),
+  claim_scope: import_zod16.z.string().min(1).optional()
+}).strict();
+var LiabilityWaiverTermsConditionsSchema = import_zod16.z.object({
+  effective_if: import_zod16.z.record(import_zod16.z.unknown()).optional(),
+  expires_at: import_zod16.z.string().datetime().optional(),
+  jurisdiction: import_zod16.z.string().min(1).optional()
+}).strict();
+var LiabilityWaiverTermsHashInputSchema = import_zod16.z.object({
+  parties: LiabilityWaiverTermsPartiesSchema,
+  liability_effect: LiabilityDispositionSchema,
+  scope: LiabilityWaiverTermsScopeSchema,
+  conditions: LiabilityWaiverTermsConditionsSchema.optional(),
+  canonical_terms: import_zod16.z.record(import_zod16.z.unknown()).optional()
+}).strict();
+var LiabilityWaiverTermsRefV0Schema = import_zod16.z.object({
+  waiver_id: import_zod16.z.string().min(1).optional(),
+  terms_hash: Base64urlSha256Schema,
+  type: import_zod16.z.literal(LIABILITY_WAIVER_TERMS_TYPE_URI),
+  version: import_zod16.z.literal(LIABILITY_WAIVER_TERMS_VERSION)
+}).strict();
+var LiabilityWaiverTermsV0Schema = import_zod16.z.object({
+  "@type": import_zod16.z.literal(LIABILITY_WAIVER_TERMS_TYPE_URI),
+  version: import_zod16.z.literal(LIABILITY_WAIVER_TERMS_VERSION),
+  waiver_id: import_zod16.z.string().min(1),
+  terms_hash: Base64urlSha256Schema,
+  parties: LiabilityWaiverTermsPartiesSchema,
+  liability_effect: LiabilityDispositionSchema,
+  scope: LiabilityWaiverTermsScopeSchema,
+  conditions: LiabilityWaiverTermsConditionsSchema.optional(),
+  human_readable_summary: import_zod16.z.string().min(1).optional(),
+  canonical_terms: import_zod16.z.record(import_zod16.z.unknown()).optional()
+}).strict();
+var cachedSha2562 = null;
+function loadSha2562() {
+  if (cachedSha2562) return cachedSha2562;
+  const moduleApi = typeof process.getBuiltinModule === "function" ? process.getBuiltinModule("module") : require("module");
+  const createRequire = moduleApi.createRequire;
+  const requireBase = typeof __filename === "string" ? __filename : `${process.cwd()}/package.json`;
+  const _require = createRequire(requireBase);
+  let sha256;
+  try {
+    sha256 = _require("@noble/hashes/sha2.js").sha256;
+  } catch {
+    try {
+      sha256 = _require("@noble/hashes/sha2").sha256;
+    } catch {
+      throw new Error(
+        "Liability waiver hashing requires @noble/hashes as a peer dependency. Install it: npm install @noble/hashes"
+      );
+    }
+  }
+  cachedSha2562 = sha256;
+  return sha256;
+}
+function toLiabilityWaiverTermsHashInput(terms) {
+  return {
+    parties: terms.parties,
+    liability_effect: terms.liability_effect,
+    scope: terms.scope,
+    ...terms.conditions !== void 0 ? { conditions: terms.conditions } : {},
+    ...terms.canonical_terms !== void 0 ? { canonical_terms: terms.canonical_terms } : {}
+  };
+}
+function computeLiabilityWaiverTermsHash(input) {
+  const sha256 = loadSha2562();
+  const canonical = jcsCanonicalize(input);
+  const digest = sha256(new TextEncoder().encode(canonical));
+  return bytesToBase64url(digest);
+}
+
+// src/srr-v1.ts
+var import_zod17 = require("zod");
+var SRR_V1_TYPE_URI = "https://hlos.ai/schema/SignedRejectionReceiptV1";
+var SRR_V1_VERSION = 1;
+var SRR_V1_REJECTION_DOMAIN = "kernel:u:rejection:v1";
+var SRR_V1_SIGNATURE_ALGORITHM = SRR_SIGNATURE_ALGORITHM;
+var SignedRejectionReceiptV1Schema = import_zod17.z.object({
+  "@type": import_zod17.z.literal(SRR_V1_TYPE_URI),
+  version: import_zod17.z.literal(SRR_V1_VERSION),
+  receipt_id: import_zod17.z.string().regex(
+    /^srr_[0-9A-HJKMNP-TV-Z]{26}$/i,
+    "receipt_id must be srr_ + 26-char ULID"
+  ),
+  crossing_id: import_zod17.z.string().min(1),
+  reason_code: import_zod17.z.string().regex(REASON_CODE_PATTERN, "reason_code must be UPPER_SNAKE_CASE, 3-64 chars"),
+  reason_message: import_zod17.z.string().min(1),
+  details: import_zod17.z.record(import_zod17.z.unknown()).optional(),
+  commitment_hash: Base64urlSha256Schema.optional(),
+  issuer_id: import_zod17.z.string().min(1),
+  rejected_at: import_zod17.z.string().datetime(),
+  issuer_public_key_ref: import_zod17.z.string().min(1),
+  signature_algorithm: import_zod17.z.literal(SRR_V1_SIGNATURE_ALGORITHM),
+  liability_disposition: LiabilityDispositionSchema,
+  waiver_terms_ref: LiabilityWaiverTermsRefV0Schema.optional(),
+  signature: Base64urlEd25519SigSchema
+}).strict().superRefine((value, ctx) => {
+  if ((value.liability_disposition === "RELEASE" || value.liability_disposition === "TRANSFER") && value.waiver_terms_ref === void 0) {
+    ctx.addIssue({
+      code: import_zod17.z.ZodIssueCode.custom,
+      path: ["waiver_terms_ref"],
+      message: "waiver_terms_ref is required for RELEASE and TRANSFER"
+    });
+  }
+});
+
+// src/srr-signing.ts
+var textEncoder = new TextEncoder();
+var DOMAIN_BYTES_V0 = textEncoder.encode(SRR_REJECTION_DOMAIN);
+var DOMAIN_BYTES_V1 = textEncoder.encode(SRR_V1_REJECTION_DOMAIN);
+var cachedSha2563 = null;
+function loadSha2563() {
+  if (cachedSha2563) return cachedSha2563;
+  const moduleApi = typeof process.getBuiltinModule === "function" ? process.getBuiltinModule("module") : require("module");
+  const createRequire = moduleApi.createRequire;
+  const requireBase = typeof __filename === "string" ? __filename : `${process.cwd()}/package.json`;
+  const _require = createRequire(requireBase);
+  let sha256;
+  try {
+    sha256 = _require("@noble/hashes/sha2.js").sha256;
+  } catch {
+    try {
+      sha256 = _require("@noble/hashes/sha2").sha256;
+    } catch {
+      throw new Error(
+        "SRR signing requires @noble/hashes as a peer dependency. Install it: npm install @noble/hashes"
+      );
+    }
+  }
+  cachedSha2563 = sha256;
+  return sha256;
+}
+function computeSrrSigningPayload(unsignedSrr) {
+  const sha256 = loadSha2563();
+  const canonical = jcsCanonicalize(unsignedSrr);
+  const digest = sha256(textEncoder.encode(canonical));
+  const domainBytes = unsignedSrr["@type"] === SRR_V1_TYPE_URI ? DOMAIN_BYTES_V1 : unsignedSrr["@type"] === SRR_TYPE_URI ? DOMAIN_BYTES_V0 : (() => {
+    throw new Error("Unsupported SRR type for signing payload construction");
+  })();
+  const payload = new Uint8Array(domainBytes.length + digest.length);
+  payload.set(domainBytes, 0);
+  payload.set(digest, domainBytes.length);
+  return payload;
+}
+function computeSrrDigest(signedSrr) {
+  const sha256 = loadSha2563();
+  const canonical = jcsCanonicalize(signedSrr);
+  return bytesToBase64url(sha256(textEncoder.encode(canonical)));
+}
+
+// src/srr-verify.ts
+var cachedVerify = null;
+function loadVerify() {
+  if (cachedVerify) return cachedVerify;
+  const moduleApi = typeof process.getBuiltinModule === "function" ? process.getBuiltinModule("module") : require("module");
+  const createRequire = moduleApi.createRequire;
+  const requireBase = typeof __filename === "string" ? __filename : `${process.cwd()}/package.json`;
+  const _require = createRequire(requireBase);
+  let ed25519Module;
+  try {
+    ed25519Module = _require("@noble/ed25519");
+  } catch {
+    throw new Error(
+      "SRR verification requires @noble/ed25519 as a peer dependency. Install it: npm install @noble/ed25519"
+    );
+  }
+  if (!ed25519Module.hashes?.sha512) {
+    let sha512Fn;
+    try {
+      const sha2 = _require("@noble/hashes/sha2.js");
+      sha512Fn = (...m) => sha2.sha512(ed25519Module.etc.concatBytes(...m));
+    } catch {
+      try {
+        const sha2 = _require("@noble/hashes/sha2");
+        sha512Fn = (...m) => sha2.sha512(ed25519Module.etc.concatBytes(...m));
+      } catch {
+        throw new Error(
+          "SRR verification requires @noble/hashes as a peer dependency. Install it: npm install @noble/hashes"
+        );
+      }
+    }
+    if (!ed25519Module.hashes) ed25519Module.hashes = {};
+    ed25519Module.hashes.sha512 = sha512Fn;
+  }
+  const verify = ed25519Module.verify;
+  cachedVerify = verify;
+  return verify;
+}
+async function verifyDetachedEd25519(params) {
+  const verify = loadVerify();
+  try {
+    return await verify(params.signature, params.signingPayload, params.publicKey);
+  } catch {
+    return false;
+  }
+}
+async function verifySignedRejectionReceipt(params) {
+  const { srr, publicKey } = params;
+  if (!srr || typeof srr !== "object") {
+    return { valid: false, reason: "SCHEMA_VIOLATION" };
+  }
+  if (typeof srr.signature_algorithm === "string" && srr.signature_algorithm !== SRR_SIGNATURE_ALGORITHM) {
+    return { valid: false, reason: "UNSUPPORTED_ALGORITHM" };
+  }
+  const wireType = srr["@type"];
+  if (wireType !== SRR_V1_TYPE_URI && wireType !== SRR_TYPE_URI) {
+    return { valid: false, reason: "SCHEMA_VIOLATION" };
+  }
+  const parseResult = wireType === SRR_V1_TYPE_URI ? SignedRejectionReceiptV1Schema.safeParse(srr) : SignedRejectionReceiptV0Schema.safeParse(srr);
+  if (!parseResult.success) {
+    return { valid: false, reason: "SCHEMA_VIOLATION" };
+  }
+  const parsedSrr = parseResult.data;
+  let signingPayload;
+  try {
+    const { signature, ...unsignedFields } = parsedSrr;
+    signingPayload = computeSrrSigningPayload(unsignedFields);
+  } catch {
+    return { valid: false, reason: "PAYLOAD_CONSTRUCTION_ERROR" };
+  }
+  let signatureBytes;
+  try {
+    signatureBytes = base64urlToBytes(parsedSrr.signature);
+  } catch {
+    return { valid: false, reason: "INVALID_SIGNATURE" };
+  }
+  const valid = await verifyDetachedEd25519({
+    signingPayload,
+    signature: signatureBytes,
+    publicKey
+  });
+  return valid ? { valid: true } : { valid: false, reason: "INVALID_SIGNATURE" };
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  AAREnvelopeV0Schema,
+  AAREnvelopeV0TypedSchema,
+  AAR_ENVELOPE_TYPE,
+  AAR_ENVELOPE_VERSION,
   AgentListItemSchema,
   AgentPassportStubResponseSchema,
   AgentStatusSchema,
@@ -1001,7 +1782,9 @@ var FINALITY_GOLDEN_FIXTURES = {
   BASE64URL_SHA256_REGEX,
   Base64urlEd25519SigSchema,
   Base64urlSha256Schema,
+  CHAIN_STAGE_ORDER,
   CONTENT_HASH_LENGTH,
+  ChainStageTypeSchema,
   CorrelationIdSchema,
   CredentialSourceSchema,
   CrossingHashInputV0Schema,
@@ -1009,8 +1792,18 @@ var FINALITY_GOLDEN_FIXTURES = {
   CrossingIdSchema,
   CrossingSettledReceiptSchema,
   CrossingSnapshotV0Schema,
+  CustodyReceiptContentSchema,
+  DispatchChainContentSchema,
+  DispatchIdBrand,
+  DispatchIdSchema,
   ERROR_CODE_STATUS,
+  EVAL_GOLDEN_FIXTURES,
+  EconomicGateProofContentSchema,
   ErrorResponseSchema,
+  EvalArtifactSchema,
+  EvalFailureSchema,
+  EvalGraderResultSchema,
+  EvalTranscriptStepSchema,
   FINALITY_GOLDEN_FIXTURES,
   FinalityLevel,
   FundingSourceSchema,
@@ -1019,6 +1812,16 @@ var FINALITY_GOLDEN_FIXTURES = {
   KernelErrorCodeSchema,
   KernelErrorSchema,
   KernelOkSchema,
+  LIABILITY_WAIVER_TERMS_TYPE_URI,
+  LIABILITY_WAIVER_TERMS_VERSION,
+  LiabilityAttestationContentSchema,
+  LiabilityDispositionSchema,
+  LiabilityWaiverTermsConditionsSchema,
+  LiabilityWaiverTermsHashInputSchema,
+  LiabilityWaiverTermsPartiesSchema,
+  LiabilityWaiverTermsRefV0Schema,
+  LiabilityWaiverTermsScopeSchema,
+  LiabilityWaiverTermsV0Schema,
   LogInclusionProofSchema,
   NA_ID_PREFIX,
   NotarizeResponseSchema,
@@ -1029,6 +1832,7 @@ var FINALITY_GOLDEN_FIXTURES = {
   PassportIdFormatSchema,
   PassportIdSchema,
   ProviderRoleSchema,
+  REASON_CODE_PATTERN,
   RECEIPT_HASH_GOLDEN_FIXTURE,
   RECEIPT_TYPE_URI,
   RECEIPT_VERSION,
@@ -1040,9 +1844,25 @@ var FINALITY_GOLDEN_FIXTURES = {
   RotationEpochSchema,
   SETTLEMENT_AUTHORITY,
   SIGNATURE_LENGTH,
+  SRR_INITIAL_REASON_CODES,
+  SRR_REJECTION_DOMAIN,
+  SRR_SIGNATURE_ALGORITHM,
+  SRR_TYPE_URI,
+  SRR_V1_REJECTION_DOMAIN,
+  SRR_V1_SIGNATURE_ALGORITHM,
+  SRR_V1_TYPE_URI,
+  SRR_V1_VERSION,
+  SRR_VERSION,
   SURFACES,
+  SettlementAnchorContentSchema,
+  SettlementExecuteErrorSchema,
+  SettlementExecuteRequestSchema,
+  SettlementExecuteResponseSchema,
+  SettlementExecuteSuccessSchema,
   SignedReceiptV0LooseSchema,
   SignedReceiptV0Schema,
+  SignedRejectionReceiptV0Schema,
+  SignedRejectionReceiptV1Schema,
   StackConnectionSchema,
   StackProviderSchema,
   StackSchema,
@@ -1055,14 +1875,20 @@ var FINALITY_GOLDEN_FIXTURES = {
   W_TXCTX_DOMAIN,
   WalletIdFormatSchema,
   WalletIdSchema,
+  assertRootHash,
+  assertValidChainLink,
   base64urlToBytes,
   bytesToBase64url,
   computeContentHash,
+  computeLiabilityWaiverTermsHash,
   computeReceiptHash,
+  computeSrrDigest,
+  computeSrrSigningPayload,
   deriveFundingSource,
   encodeEpoch,
   error,
   generateCrossingId,
+  generateDispatchId,
   generateId,
   generatePassportId,
   generateReceiptId,
@@ -1071,11 +1897,17 @@ var FINALITY_GOLDEN_FIXTURES = {
   isCrossingSettledReceipt,
   isNotaryAttestation,
   isNotaryRequest,
+  isSettlementExecuteError,
+  isSettlementExecuteSuccess,
   isSignedReceiptV0,
   jcsCanonicalize,
   kernelError,
   kernelOk,
   success,
-  validateTimeWindow
+  toLiabilityWaiverTermsHashInput,
+  validateTimeWindow,
+  verifyAAR,
+  verifyDetachedEd25519,
+  verifySignedRejectionReceipt
 });
 //# sourceMappingURL=index.cjs.map