@ixo/editor 5.0.0 → 5.1.0

package/dist/{chunk-YA5P7BXL.mjs → chunk-75MWYZJ2.mjs}

@@ -75,7 +75,17 @@ var CAN_TO_TYPE = {
   "pod/entity-single-selection": "qi/pod.entity-single-selection",
   "pod/governance-config": "qi/pod.governance-config",
   "pod/member-multi-select": "qi/pod.member-multi-select",
-  "pod/list-domain-flows": "qi/pod.list-domain-flows"
+  "pod/list-domain-flows": "qi/pod.list-domain-flows",
+  "wallet/generate": "qi/wallet.generate",
+  "wallet/fund": "qi/wallet.fund",
+  "iid/create": "qi/iid.create",
+  "matrix/register": "qi/matrix.register",
+  "entity/createOracle": "qi/entity.createOracle",
+  "sandbox/provision": "qi/sandbox.provision",
+  "oracle/contract": "qi/oracle.contract",
+  "oracle/storeSecrets": "qi/oracle.storeSecrets",
+  "oracle/storeConfig": "qi/oracle.storeConfig",
+  "oracle/configureOracle": "qi/oracle.configureOracle"
 };
 var TYPE_TO_CAN = Object.fromEntries(Object.entries(CAN_TO_TYPE).map(([can, type]) => [type, can]));
 function canToType(can) {
@@ -148,6 +158,30 @@ function buildServicesFromHandlers(handlers) {
     } : void 0,
     matrix: handlers?.storeMatrixCredential ? {
       storeCredential: async (params) => handlers.storeMatrixCredential(params)
+    } : void 0,
+    oracle: handlers?.generateWallet ? {
+      generateWallet: async () => handlers.generateWallet(),
+      fundWallet: async (params) => handlers.fundWallet(params),
+      createIidDocument: async (params) => handlers.createIidDocument(params),
+      registerMatrixAccount: async (params) => handlers.registerMatrixAccount(params),
+      createOracleEntity: async (params) => handlers.createOracleEntity(params),
+      contract: async (params) => handlers.oracleContract(params),
+      provisionSandbox: async (params) => handlers.provisionSandbox(params),
+      storeSecrets: async (params) => handlers.storeSecrets(params),
+      storeConfig: async (params) => handlers.storeOracleConfig(params),
+      validateMcpServer: handlers.validateMcpServer || (async () => ({ success: false, error: "Handler not configured" })),
+      encryptForOracle: async (params) => handlers.encryptSecretForOracle(params),
+      readStoredSecrets: async (params) => handlers.readStoredSecrets(params),
+      getNetworkConstants: async (params) => handlers.getNetworkConstants(params),
+      deploySetup: handlers.deploySetup || (async () => {
+        throw new Error("deploySetup handler not configured");
+      }),
+      deployStart: handlers.deployStart || (async () => {
+        throw new Error("deployStart handler not configured");
+      }),
+      updateOracleDomain: handlers.updateOracleDomain || (async () => {
+        throw new Error("updateOracleDomain handler not configured");
+      })
     } : void 0
   };
 }
@@ -2702,6 +2736,853 @@ registerAction({
   }
 });
 
+// src/core/lib/actionRegistry/actions/walletGenerate.ts
+registerAction({
+  type: "qi/wallet.generate",
+  can: "wallet/generate",
+  sideEffect: false,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "address", displayName: "Wallet Address", type: "string", description: "The generated IXO wallet address" },
+    { path: "did", displayName: "DID", type: "string", description: "The DID derived from the wallet address" },
+    { path: "pubKey", displayName: "Public Key", type: "string", description: "The secp256k1 public key (hex)" },
+    { path: "mnemonic", displayName: "Mnemonic", type: "string", description: "The BIP39 mnemonic seed phrase" }
+  ],
+  run: async (_inputs, ctx) => {
+    if (!ctx.services.oracle?.generateWallet) {
+      throw new Error("oracle.generateWallet handler not available");
+    }
+    const result = await ctx.services.oracle.generateWallet();
+    return { output: result };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/walletFund.ts
+registerAction({
+  type: "qi/wallet.fund",
+  can: "wallet/fund",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  outputSchema: [
+    { path: "transactionHash", displayName: "Transaction Hash", type: "string", description: "The funding transaction hash" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.oracle?.fundWallet) {
+      throw new Error("oracle.fundWallet handler not available");
+    }
+    if (!inputs.address) throw new Error("address is required");
+    const result = await ctx.services.oracle.fundWallet({
+      address: inputs.address,
+      amount: inputs.amount || 25e4
+    });
+    return { output: result };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/walletGenerateAndFund.ts
+registerAction({
+  type: "qi/wallet.generateAndFund",
+  can: "wallet/generateAndFund",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "address", displayName: "Wallet Address", type: "string", description: "The generated IXO wallet address" },
+    { path: "did", displayName: "DID", type: "string", description: "The DID derived from the wallet address" },
+    { path: "pubKey", displayName: "Public Key", type: "string", description: "The secp256k1 public key (hex)" },
+    { path: "mnemonic", displayName: "Mnemonic", type: "string", description: "The BIP39 mnemonic seed phrase" },
+    { path: "transactionHash", displayName: "Transaction Hash", type: "string", description: "The funding transaction hash" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.oracle?.generateWallet) {
+      throw new Error("oracle.generateWallet handler not available");
+    }
+    if (!ctx.services.oracle?.fundWallet) {
+      throw new Error("oracle.fundWallet handler not available");
+    }
+    const walletResult = await ctx.services.oracle.generateWallet();
+    if (!walletResult?.address) {
+      throw new Error("generateWallet did not return an address");
+    }
+    const fundResult = await ctx.services.oracle.fundWallet({
+      address: walletResult.address,
+      amount: inputs.amount || 25e4
+    });
+    if (!fundResult?.transactionHash) {
+      throw new Error("fundWallet did not return a transactionHash");
+    }
+    return {
+      output: {
+        address: walletResult.address,
+        did: walletResult.did,
+        pubKey: walletResult.pubKey,
+        mnemonic: walletResult.mnemonic,
+        transactionHash: fundResult.transactionHash
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/iidCreate.ts
+registerAction({
+  type: "qi/iid.create",
+  can: "iid/create",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "did", displayName: "DID", type: "string", description: "The IID document DID" },
+    { path: "transactionHash", displayName: "Transaction Hash", type: "string", description: "The IID creation transaction hash" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.oracle?.createIidDocument) {
+      throw new Error("oracle.createIidDocument handler not available");
+    }
+    if (!inputs.mnemonic) throw new Error("mnemonic is required");
+    if (!inputs.did) throw new Error("did is required");
+    if (!inputs.address) throw new Error("address is required");
+    if (!inputs.pubKey) throw new Error("pubKey is required");
+    const result = await ctx.services.oracle.createIidDocument({
+      mnemonic: inputs.mnemonic,
+      did: inputs.did,
+      address: inputs.address,
+      pubKey: inputs.pubKey
+    });
+    return { output: result };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/matrixRegister.ts
+registerAction({
+  type: "qi/matrix.register",
+  can: "matrix/register",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "matrixUserId", displayName: "Matrix User ID", type: "string", description: "The Matrix user ID" },
+    { path: "matrixAccessToken", displayName: "Matrix Access Token", type: "string", description: "The Matrix access token" },
+    { path: "matrixRoomId", displayName: "Matrix Room ID", type: "string", description: "The Matrix room ID" },
+    { path: "matrixDeviceId", displayName: "Matrix Device ID", type: "string", description: "The Matrix device ID" },
+    { path: "matrixMnemonic", displayName: "Matrix Mnemonic", type: "string", description: "The Matrix account mnemonic" },
+    { path: "matrixPassword", displayName: "Matrix Password", type: "string", description: "The Matrix account password" },
+    { path: "matrixRecoveryPhrase", displayName: "Recovery Phrase", type: "string", description: "The Matrix recovery phrase" },
+    { path: "matrixHomeServerUrl", displayName: "Matrix Homeserver", type: "string", description: "The Matrix homeserver URL" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.oracle?.registerMatrixAccount) {
+      throw new Error("oracle.registerMatrixAccount handler not available");
+    }
+    if (!inputs.mnemonic) throw new Error("mnemonic is required");
+    if (!inputs.address) throw new Error("address is required");
+    if (!inputs.did) throw new Error("did is required");
+    if (!inputs.pin) throw new Error("pin is required");
+    if (!inputs.oracleName) throw new Error("oracleName is required");
+    const result = await ctx.services.oracle.registerMatrixAccount({
+      mnemonic: inputs.mnemonic,
+      address: inputs.address,
+      did: inputs.did,
+      pin: inputs.pin,
+      oracleName: inputs.oracleName,
+      avatarUrl: inputs.avatarUrl
+    });
+    return { output: result };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/identityCreate.ts
+registerAction({
+  type: "qi/identity.create",
+  can: "identity/create",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "did", displayName: "DID", type: "string", description: "The IID document DID" },
+    { path: "transactionHash", displayName: "Transaction Hash", type: "string", description: "The IID creation transaction hash" },
+    { path: "alreadyExisted", displayName: "Already Existed", type: "boolean", description: "Whether the IID document already existed" },
+    { path: "matrixUserId", displayName: "Matrix User ID", type: "string", description: "The Matrix user ID" },
+    { path: "matrixAccessToken", displayName: "Matrix Access Token", type: "string", description: "The Matrix access token" },
+    { path: "matrixRoomId", displayName: "Matrix Room ID", type: "string", description: "The Matrix room ID" },
+    { path: "matrixDeviceId", displayName: "Matrix Device ID", type: "string", description: "The Matrix device ID" },
+    { path: "matrixMnemonic", displayName: "Matrix Mnemonic", type: "string", description: "The Matrix account mnemonic" },
+    { path: "matrixPassword", displayName: "Matrix Password", type: "string", description: "The Matrix account password" },
+    { path: "matrixRecoveryPhrase", displayName: "Recovery Phrase", type: "string", description: "The Matrix recovery phrase" },
+    { path: "matrixHomeServerUrl", displayName: "Matrix Homeserver", type: "string", description: "The Matrix homeserver URL" }
+  ],
+  run: async (rawInputs, ctx) => {
+    const form = (() => {
+      const raw = rawInputs.formAnswers;
+      if (typeof raw !== "string" || !raw) return {};
+      try {
+        const parsed = JSON.parse(raw);
+        return parsed && typeof parsed === "object" ? parsed : {};
+      } catch {
+        return {};
+      }
+    })();
+    const inputs = {
+      // Rename: form.logoUrl → avatarUrl for the registerMatrixAccount handler
+      avatarUrl: form.logoUrl,
+      ...form,
+      ...rawInputs
+    };
+    if (!ctx.services.oracle?.createIidDocument) {
+      throw new Error("oracle.createIidDocument handler not available");
+    }
+    if (!ctx.services.oracle?.registerMatrixAccount) {
+      throw new Error("oracle.registerMatrixAccount handler not available");
+    }
+    if (!inputs.mnemonic) throw new Error("mnemonic is required");
+    if (!inputs.did) throw new Error("did is required");
+    if (!inputs.address) throw new Error("address is required");
+    if (!inputs.pubKey) throw new Error("pubKey is required");
+    if (!inputs.pin) throw new Error("pin is required");
+    if (!inputs.oracleName) throw new Error("oracleName is required");
+    const iidResult = await ctx.services.oracle.createIidDocument({
+      mnemonic: inputs.mnemonic,
+      did: inputs.did,
+      address: inputs.address,
+      pubKey: inputs.pubKey
+    });
+    if (!iidResult?.transactionHash && !iidResult?.alreadyExisted) {
+      throw new Error("IID creation returned success without a transaction hash or alreadyExisted flag");
+    }
+    const matrixResult = await ctx.services.oracle.registerMatrixAccount({
+      mnemonic: inputs.mnemonic,
+      address: inputs.address,
+      did: inputs.did,
+      pin: inputs.pin,
+      oracleName: inputs.oracleName,
+      avatarUrl: inputs.avatarUrl
+    });
+    if (!matrixResult?.matrixUserId) {
+      throw new Error("Matrix registration returned success without a matrixUserId");
+    }
+    return {
+      output: {
+        did: iidResult.did || inputs.did,
+        transactionHash: iidResult.transactionHash,
+        alreadyExisted: iidResult.alreadyExisted || false,
+        matrixUserId: matrixResult.matrixUserId,
+        matrixAccessToken: matrixResult.matrixAccessToken,
+        matrixRoomId: matrixResult.matrixRoomId,
+        matrixDeviceId: matrixResult.matrixDeviceId,
+        matrixMnemonic: matrixResult.matrixMnemonic,
+        matrixPassword: matrixResult.matrixPassword,
+        matrixRecoveryPhrase: matrixResult.matrixRecoveryPhrase,
+        matrixHomeServerUrl: matrixResult.matrixHomeServerUrl
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/entityCreateOracle.ts
+registerAction({
+  type: "qi/entity.createOracle",
+  can: "entity/createOracle",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "entityDid", displayName: "Entity DID", type: "string", description: "The oracle entity DID" },
+    { path: "transactionHash", displayName: "Transaction Hash", type: "string", description: "The entity creation transaction hash" },
+    { path: "encryptionPublicKeyMultibase", displayName: "Encryption Public Key (multibase)", type: "string", description: "Multibase-encoded P-256 public key registered as a keyAgreement vm on the entity DID" },
+    { path: "encryptionVerificationMethodId", displayName: "Encryption Verification Method ID", type: "string", description: "DID verification method id of the P-256 keyAgreement key" }
+  ],
+  run: async (rawInputs, ctx) => {
+    const form = (() => {
+      const raw = rawInputs.formAnswers;
+      if (typeof raw !== "string" || !raw) return {};
+      try {
+        const parsed = JSON.parse(raw);
+        return parsed && typeof parsed === "object" ? parsed : {};
+      } catch {
+        return {};
+      }
+    })();
+    const inputs = { ...form, ...rawInputs };
+    if (!ctx.services.oracle?.createOracleEntity) {
+      throw new Error("oracle.createOracleEntity handler not available");
+    }
+    if (!inputs.mnemonic) throw new Error("mnemonic is required");
+    if (!inputs.address) throw new Error("address is required");
+    if (!inputs.did) throw new Error("did is required");
+    if (!inputs.pubKey) throw new Error("pubKey is required");
+    if (!inputs.pin) throw new Error("pin is required");
+    if (!inputs.matrixAccessToken) throw new Error("matrixAccessToken is required");
+    if (!inputs.matrixRoomId) throw new Error("matrixRoomId is required");
+    if (!inputs.oracleName) throw new Error("oracleName is required");
+    if (!inputs.apiUrl) throw new Error("apiUrl is required");
+    if (!inputs.price) throw new Error("price is required");
+    const result = await ctx.services.oracle.createOracleEntity({
+      mnemonic: inputs.mnemonic,
+      address: inputs.address,
+      did: inputs.did,
+      pubKey: inputs.pubKey,
+      pin: inputs.pin,
+      matrixAccessToken: inputs.matrixAccessToken,
+      matrixRoomId: inputs.matrixRoomId,
+      oracleName: inputs.oracleName,
+      orgName: inputs.orgName,
+      description: inputs.description,
+      location: inputs.location,
+      logoUrl: inputs.logoUrl,
+      coverImageUrl: inputs.coverImageUrl,
+      apiUrl: inputs.apiUrl,
+      price: inputs.price,
+      llmModel: inputs.llmModel,
+      opening: inputs.opening,
+      communicationStyle: inputs.communicationStyle,
+      capabilities: inputs.capabilities,
+      mcpConfig: inputs.mcpConfig,
+      parentProtocol: inputs.parentProtocol
+    });
+    return { output: result };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/sandboxProvision.ts
+registerAction({
+  type: "qi/sandbox.provision",
+  can: "sandbox/provision",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "sandboxUrl", displayName: "Sandbox URL", type: "string", description: "The provisioned sandbox URL" },
+    { path: "status", displayName: "Status", type: "string", description: "Provisioning status" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.oracle?.provisionSandbox) {
+      throw new Error("oracle.provisionSandbox handler not available");
+    }
+    if (!inputs.entityDid) throw new Error("entityDid is required");
+    if (!inputs.matrixRoomId) throw new Error("matrixRoomId is required");
+    const result = await ctx.services.oracle.provisionSandbox({
+      entityDid: inputs.entityDid,
+      matrixRoomId: inputs.matrixRoomId
+    });
+    return { output: result };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/oracleContract.ts
+registerAction({
+  type: "qi/oracle.contract",
+  can: "oracle/contract",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "userOracleRoomId", displayName: "User\u2194Oracle Room ID", type: "string", description: "Matrix room id of the user\u2194oracle DM room" },
+    { path: "userOracleRoomAlias", displayName: "User\u2194Oracle Room Alias", type: "string", description: "Matrix alias of the user\u2194oracle DM room" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.oracle?.contract) {
+      throw new Error("oracle.contract handler not available");
+    }
+    if (!inputs.oracleEntityDid) throw new Error("oracleEntityDid is required (from entity.createOracle output)");
+    const result = await ctx.services.oracle.contract({
+      oracleEntityDid: inputs.oracleEntityDid
+    });
+    return { output: result };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/oracleStoreSecrets.ts
+var SENSITIVE_PLAINTEXT_KEYS = [
+  "SECP_MNEMONIC",
+  "MATRIX_ORACLE_ADMIN_PASSWORD",
+  "MATRIX_RECOVERY_PHRASE",
+  "MATRIX_VALUE_PIN"
+];
+registerAction({
+  type: "qi/oracle.storeSecrets",
+  can: "oracle/storeSecrets",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "storedSecrets", displayName: "Stored Secrets", type: "array", description: "List of secret names stored" },
+    { path: "roomId", displayName: "Room ID", type: "string", description: "Matrix room where secrets are stored" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.oracle?.storeSecrets) {
+      throw new Error("oracle.storeSecrets handler not available");
+    }
+    if (!inputs.matrixRoomId) throw new Error("matrixRoomId is required (from oracle.contract output)");
+    if (!inputs.publicKeyMultibase) throw new Error("publicKeyMultibase is required (from entity.createOracle output)");
+    if (!inputs.verificationMethodId) throw new Error("verificationMethodId is required (from entity.createOracle output)");
+    if (!inputs.matrixHomeServerUrl) throw new Error("matrixHomeServerUrl is required (from matrix.register output)");
+    if (!inputs.matrixUsername) throw new Error("matrixUsername is required (from matrix.register output matrixUserId)");
+    if (!inputs.matrixPassword) throw new Error("matrixPassword is required (from matrix.register output)");
+    if (!inputs.mnemonic) throw new Error("mnemonic is required (from wallet.generate output)");
+    if (!inputs.matrixRecoveryPhrase) throw new Error("matrixRecoveryPhrase is required (from matrix.register output)");
+    if (!inputs.pin) throw new Error("pin is required (from form output)");
+    if (!inputs.openRouterApiKeyJwe) {
+      throw new Error("OPEN_ROUTER_API_KEY is required \u2014 enter it in the form before submitting");
+    }
+    const secrets = {
+      SECP_MNEMONIC: inputs.mnemonic,
+      MATRIX_ORACLE_ADMIN_PASSWORD: inputs.matrixPassword,
+      MATRIX_RECOVERY_PHRASE: inputs.matrixRecoveryPhrase,
+      MATRIX_VALUE_PIN: inputs.pin
+    };
+    const preEncryptedSecrets = {
+      OPEN_ROUTER_API_KEY: inputs.openRouterApiKeyJwe
+    };
+    if (inputs.mcpAuthSecrets) {
+      try {
+        const mcpSecrets = typeof inputs.mcpAuthSecrets === "string" ? JSON.parse(inputs.mcpAuthSecrets) : inputs.mcpAuthSecrets;
+        if (mcpSecrets && typeof mcpSecrets === "object") {
+          Object.assign(preEncryptedSecrets, mcpSecrets);
+        }
+      } catch {
+        console.warn("[oracle.storeSecrets] Failed to parse mcpAuthSecrets");
+      }
+    }
+    for (const k of SENSITIVE_PLAINTEXT_KEYS) {
+      if (!secrets[k]) throw new Error(`${k} is empty after assembly \u2014 refusing to call storeSecrets`);
+    }
+    const result = await ctx.services.oracle.storeSecrets({
+      matrixRoomId: inputs.matrixRoomId,
+      publicKeyMultibase: inputs.publicKeyMultibase,
+      verificationMethodId: inputs.verificationMethodId,
+      matrixHomeServerUrl: inputs.matrixHomeServerUrl,
+      matrixUsername: inputs.matrixUsername,
+      matrixPassword: inputs.matrixPassword,
+      secrets,
+      preEncryptedSecrets
+    });
+    return { output: result };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/oracleStoreConfig.ts
+registerAction({
+  type: "qi/oracle.storeConfig",
+  can: "oracle/storeConfig",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "configStored", displayName: "Config Stored", type: "boolean", description: "Whether the oracle config was stored successfully" },
+    { path: "roomId", displayName: "Room ID", type: "string", description: "The Matrix room ID where config was stored" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.oracle?.storeConfig) {
+      throw new Error("oracle.storeConfig handler not available");
+    }
+    if (!inputs.matrixRoomId) throw new Error("matrixRoomId is required (from oracle.contract output)");
+    if (!inputs.oracleName) throw new Error("oracleName is required");
+    if (!inputs.entityDid) throw new Error("entityDid is required");
+    const result = await ctx.services.oracle.storeConfig({
+      matrixRoomId: inputs.matrixRoomId,
+      config: {
+        oracleName: inputs.oracleName,
+        orgName: inputs.orgName || "",
+        description: inputs.description || "",
+        location: inputs.location || "",
+        price: inputs.price ?? 0,
+        apiUrl: inputs.apiUrl || "",
+        entityDid: inputs.entityDid,
+        logoUrl: inputs.logoUrl || "",
+        llmModel: inputs.llmModel || "",
+        opening: inputs.opening,
+        communicationStyle: inputs.communicationStyle,
+        capabilities: inputs.capabilities,
+        skills: inputs.skills,
+        mcpServers: inputs.mcpServers,
+        matrixUserId: inputs.matrixUserId || "",
+        matrixAccountRoomId: inputs.matrixAccountRoomId || "",
+        oracleAddress: inputs.oracleAddress || "",
+        oracleDid: inputs.oracleDid || ""
+      }
+    });
+    return { output: result };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/oracleStoreSecretsAndConfig.ts
+var SENSITIVE_PLAINTEXT_KEYS2 = [
+  "SECP_MNEMONIC",
+  "MATRIX_ORACLE_ADMIN_PASSWORD",
+  "MATRIX_RECOVERY_PHRASE",
+  "MATRIX_VALUE_PIN"
+];
+registerAction({
+  type: "qi/oracle.storeSecretsAndConfig",
+  can: "oracle/storeSecretsAndConfig",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "storedSecrets", displayName: "Stored Secrets", type: "array", description: "List of secret names stored" },
+    { path: "roomId", displayName: "Room ID", type: "string", description: "Matrix room where data is stored" },
+    { path: "configStored", displayName: "Config Stored", type: "boolean", description: "Whether oracle config was stored" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.oracle?.storeSecrets) throw new Error("oracle.storeSecrets handler not available");
+    if (!ctx.services.oracle?.storeConfig) throw new Error("oracle.storeConfig handler not available");
+    if (!inputs.matrixRoomId) throw new Error("matrixRoomId is required (from oracle.contract output)");
+    if (!inputs.publicKeyMultibase) throw new Error("publicKeyMultibase is required (from entity.createOracle output)");
+    if (!inputs.verificationMethodId) throw new Error("verificationMethodId is required (from entity.createOracle output)");
+    if (!inputs.matrixHomeServerUrl) throw new Error("matrixHomeServerUrl is required (from matrix.register output)");
+    if (!inputs.matrixUsername) throw new Error("matrixUsername is required (from matrix.register output matrixUserId)");
+    if (!inputs.matrixPassword) throw new Error("matrixPassword is required (from matrix.register output)");
+    if (!inputs.mnemonic) throw new Error("mnemonic is required (from wallet.generate output)");
+    if (!inputs.matrixRecoveryPhrase) throw new Error("matrixRecoveryPhrase is required (from matrix.register output)");
+    if (!inputs.pin) throw new Error("pin is required (from form output)");
+    if (!inputs.openRouterApiKeyJwe) {
+      throw new Error("OPEN_ROUTER_API_KEY is required \u2014 enter it in the form before submitting");
+    }
+    const secrets = {
+      SECP_MNEMONIC: inputs.mnemonic,
+      MATRIX_ORACLE_ADMIN_PASSWORD: inputs.matrixPassword,
+      MATRIX_RECOVERY_PHRASE: inputs.matrixRecoveryPhrase,
+      MATRIX_VALUE_PIN: inputs.pin
+    };
+    const preEncryptedSecrets = {
+      OPEN_ROUTER_API_KEY: inputs.openRouterApiKeyJwe
+    };
+    if (inputs.mcpAuthSecrets) {
+      try {
+        const mcpSecrets = typeof inputs.mcpAuthSecrets === "string" ? JSON.parse(inputs.mcpAuthSecrets) : inputs.mcpAuthSecrets;
+        if (mcpSecrets && typeof mcpSecrets === "object") {
+          Object.assign(preEncryptedSecrets, mcpSecrets);
+        }
+      } catch {
+        console.warn("[oracle.storeSecretsAndConfig] Failed to parse mcpAuthSecrets");
+      }
+    }
+    for (const k of SENSITIVE_PLAINTEXT_KEYS2) {
+      if (!secrets[k]) throw new Error(`${k} is empty after assembly \u2014 refusing to call storeSecrets`);
+    }
+    console.log("[oracle.storeSecretsAndConfig] Phase 1: storing secrets");
+    const secretsResult = await ctx.services.oracle.storeSecrets({
+      matrixRoomId: inputs.matrixRoomId,
+      publicKeyMultibase: inputs.publicKeyMultibase,
+      verificationMethodId: inputs.verificationMethodId,
+      matrixHomeServerUrl: inputs.matrixHomeServerUrl,
+      matrixUsername: inputs.matrixUsername,
+      matrixPassword: inputs.matrixPassword,
+      secrets,
+      preEncryptedSecrets
+    });
+    if (!secretsResult.storedSecrets || secretsResult.storedSecrets.length === 0) {
+      throw new Error("storeSecrets returned success without any storedSecrets");
+    }
+    if (!inputs.oracleName) throw new Error("oracleName is required");
+    if (!inputs.entityDid) throw new Error("entityDid is required");
+    console.log("[oracle.storeSecretsAndConfig] Phase 2: storing config");
+    const configResult = await ctx.services.oracle.storeConfig({
+      matrixRoomId: inputs.matrixRoomId,
+      config: {
+        oracleName: inputs.oracleName,
+        orgName: inputs.orgName || "",
+        description: inputs.description || "",
+        location: inputs.location || "",
+        price: inputs.price ?? 0,
+        apiUrl: inputs.apiUrl || "",
+        entityDid: inputs.entityDid,
+        logoUrl: inputs.logoUrl || "",
+        llmModel: inputs.llmModel || "",
+        opening: inputs.opening,
+        communicationStyle: inputs.communicationStyle,
+        capabilities: inputs.capabilities,
+        skills: inputs.skills,
+        mcpServers: inputs.mcpServers,
+        matrixUserId: inputs.matrixUserId || "",
+        matrixAccountRoomId: inputs.matrixAccountRoomId || "",
+        oracleAddress: inputs.oracleAddress || "",
+        oracleDid: inputs.oracleDid || ""
+      }
+    });
+    if (!configResult.configStored) {
+      throw new Error("storeConfig returned success without configStored=true");
+    }
+    console.log("[oracle.storeSecretsAndConfig] Both phases complete");
+    return {
+      output: {
+        storedSecrets: secretsResult.storedSecrets,
+        roomId: secretsResult.roomId,
+        configStored: configResult.configStored
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/oracleConfigureOracle.ts
+var SENSITIVE_PLAINTEXT_KEYS3 = [
+  "SECP_MNEMONIC",
+  "MATRIX_ORACLE_ADMIN_PASSWORD",
+  "MATRIX_RECOVERY_PHRASE",
+  "MATRIX_VALUE_PIN"
+];
+registerAction({
+  type: "qi/oracle.configureOracle",
+  can: "oracle/configureOracle",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "userOracleRoomId", displayName: "User-Oracle Room ID", type: "string", description: "Matrix room id from contract phase" },
+    { path: "userOracleRoomAlias", displayName: "User-Oracle Room Alias", type: "string", description: "Matrix alias from contract phase" },
+    { path: "storedSecrets", displayName: "Stored Secrets", type: "array", description: "List of secret names stored" },
+    { path: "roomId", displayName: "Room ID", type: "string", description: "Matrix room where data is stored" },
+    { path: "configStored", displayName: "Config Stored", type: "boolean", description: "Whether oracle config was stored" },
+    { path: "freshAccessToken", displayName: "Fresh Access Token", type: "string", description: "Fresh Matrix access token from mxLogin during secret storage" },
+    { path: "openRouterApiKeyPlaintext", displayName: "OpenRouter API Key", type: "string", description: "Plaintext OpenRouter API key for deploy" }
+  ],
+  run: async (rawInputs, ctx) => {
+    const form = (() => {
+      const raw = rawInputs.formAnswers;
+      if (typeof raw !== "string" || !raw) return {};
+      try {
+        const parsed = JSON.parse(raw);
+        return parsed && typeof parsed === "object" ? parsed : {};
+      } catch {
+        return {};
+      }
+    })();
+    const inputs = { ...form, ...rawInputs };
+    if (!ctx.services.oracle?.contract) throw new Error("oracle.contract handler not available");
+    if (!ctx.services.oracle?.storeSecrets) throw new Error("oracle.storeSecrets handler not available");
+    if (!ctx.services.oracle?.storeConfig) throw new Error("oracle.storeConfig handler not available");
+    if (!inputs.oracleEntityDid) throw new Error("oracleEntityDid is required (from entity.createOracle output)");
+    if (!inputs.publicKeyMultibase) throw new Error("publicKeyMultibase is required (from entity.createOracle output)");
+    if (!inputs.verificationMethodId) throw new Error("verificationMethodId is required (from entity.createOracle output)");
+    if (!inputs.matrixHomeServerUrl) throw new Error("matrixHomeServerUrl is required (from matrix.register output)");
+    if (!inputs.matrixUsername) throw new Error("matrixUsername is required (from matrix.register output matrixUserId)");
+    if (!inputs.matrixPassword) throw new Error("matrixPassword is required (from matrix.register output)");
+    if (!inputs.mnemonic) throw new Error("mnemonic is required (from wallet.generate output)");
+    if (!inputs.matrixRecoveryPhrase) throw new Error("matrixRecoveryPhrase is required (from matrix.register output)");
+    if (!inputs.pin) throw new Error("pin is required (from form output)");
+    if (!inputs.openRouterApiKeyJwe) {
+      throw new Error("OPEN_ROUTER_API_KEY is required \u2014 enter it in the form before submitting");
+    }
+    if (!inputs.oracleName) throw new Error("oracleName is required");
+    if (!inputs.entityDid) throw new Error("entityDid is required");
+    console.log("[oracle.configureOracle] Phase 1: contracting oracle");
+    const contractResult = await ctx.services.oracle.contract({
+      oracleEntityDid: inputs.oracleEntityDid
+    });
+    if (!contractResult.userOracleRoomId) {
+      throw new Error("contract returned success without userOracleRoomId");
+    }
+    const matrixRoomId = contractResult.userOracleRoomId;
+    const secrets = {
+      SECP_MNEMONIC: inputs.mnemonic,
+      MATRIX_ORACLE_ADMIN_PASSWORD: inputs.matrixPassword,
+      MATRIX_RECOVERY_PHRASE: inputs.matrixRecoveryPhrase,
+      MATRIX_VALUE_PIN: inputs.pin
+    };
+    const preEncryptedSecrets = {
+      OPEN_ROUTER_API_KEY: inputs.openRouterApiKeyJwe
+    };
+    if (inputs.mcpAuthSecrets) {
+      try {
+        const mcpSecrets = typeof inputs.mcpAuthSecrets === "string" ? JSON.parse(inputs.mcpAuthSecrets) : inputs.mcpAuthSecrets;
+        if (mcpSecrets && typeof mcpSecrets === "object") {
+          Object.assign(preEncryptedSecrets, mcpSecrets);
+        }
+      } catch {
+        console.warn("[oracle.configureOracle] Failed to parse mcpAuthSecrets");
+      }
+    }
+    for (const k of SENSITIVE_PLAINTEXT_KEYS3) {
+      if (!secrets[k]) throw new Error(`${k} is empty after assembly \u2014 refusing to call storeSecrets`);
+    }
+    console.log("[oracle.configureOracle] Phase 2: storing secrets");
+    const secretsResult = await ctx.services.oracle.storeSecrets({
+      matrixRoomId,
+      publicKeyMultibase: inputs.publicKeyMultibase,
+      verificationMethodId: inputs.verificationMethodId,
+      matrixHomeServerUrl: inputs.matrixHomeServerUrl,
+      matrixUsername: inputs.matrixUsername,
+      matrixPassword: inputs.matrixPassword,
+      secrets,
+      preEncryptedSecrets
+    });
+    if (!secretsResult.storedSecrets || secretsResult.storedSecrets.length === 0) {
+      throw new Error("storeSecrets returned success without any storedSecrets");
+    }
+    console.log("[oracle.configureOracle] Phase 3: storing config");
+    const configResult = await ctx.services.oracle.storeConfig({
+      matrixRoomId,
+      config: {
+        oracleName: inputs.oracleName,
+        orgName: inputs.orgName || "",
+        description: inputs.description || "",
+        location: inputs.location || "",
+        price: inputs.price ?? 0,
+        apiUrl: inputs.apiUrl || "",
+        entityDid: inputs.entityDid,
+        logoUrl: inputs.logoUrl || "",
+        llmModel: inputs.llmModel || "",
+        opening: inputs.opening,
+        communicationStyle: inputs.communicationStyle,
+        capabilities: inputs.capabilities,
+        skills: inputs.skills,
+        mcpServers: inputs.mcpServers,
+        matrixUserId: inputs.matrixUserId || "",
+        matrixAccountRoomId: inputs.matrixAccountRoomId || "",
+        oracleAddress: inputs.oracleAddress || "",
+        oracleDid: inputs.oracleDid || ""
+      }
+    });
+    if (!configResult.configStored) {
+      throw new Error("storeConfig returned success without configStored=true");
+    }
+    console.log("[oracle.configureOracle] All 3 phases complete");
+    return {
+      output: {
+        userOracleRoomId: contractResult.userOracleRoomId,
+        userOracleRoomAlias: contractResult.userOracleRoomAlias,
+        storedSecrets: secretsResult.storedSecrets,
+        roomId: secretsResult.roomId,
+        configStored: configResult.configStored,
+        freshAccessToken: secretsResult.freshAccessToken || "",
+        openRouterApiKeyPlaintext: inputs.openRouterApiKeyPlaintext || ""
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/oracleDeploySetup.ts
+registerAction({
+  type: "qi/oracle.deploySetup",
+  can: "oracle/deploySetup",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "setupComplete", displayName: "Setup Complete", type: "boolean", description: "Whether the oracle setup completed successfully" },
+    { path: "stdout", displayName: "Build Output", type: "string", description: "Build stdout output" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.oracle?.deploySetup) {
+      throw new Error("oracle.deploySetup handler not available");
+    }
+    if (!inputs.name) throw new Error("name is required (project name from form)");
+    const config = typeof inputs.config === "string" ? JSON.parse(inputs.config) : inputs.config;
+    if (!config || typeof config !== "object") throw new Error("config is required (oracle config object)");
+    if (!inputs.roomId) throw new Error("roomId is required (from oracle contract/configure output)");
+    const result = await ctx.services.oracle.deploySetup({ name: inputs.name, config, roomId: inputs.roomId });
+    return { output: result };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/oracleDeployStart.ts
+registerAction({
+  type: "qi/oracle.deployStart",
+  can: "oracle/deployStart",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "processId", displayName: "Process ID", type: "string", description: "Running process identifier" },
+    { path: "status", displayName: "Status", type: "string", description: "Oracle process status" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.oracle?.deployStart) {
+      throw new Error("oracle.deployStart handler not available");
+    }
+    if (!inputs.name) throw new Error("name is required (project name from form)");
+    if (!inputs.entityDid) throw new Error("entityDid is required (from entity.createOracle output)");
+    if (!inputs.roomId) throw new Error("roomId is required (from oracle contract/configure output)");
+    const result = await ctx.services.oracle.deployStart({ name: inputs.name, entityDid: inputs.entityDid, roomId: inputs.roomId });
+    return { output: result };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/oracleDeploy.ts
+registerAction({
+  type: "qi/oracle.deploy",
+  can: "oracle/deploy",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "setupComplete", displayName: "Setup Complete", type: "boolean", description: "Whether the oracle setup completed successfully" },
+    { path: "processId", displayName: "Process ID", type: "string", description: "Running process identifier" },
+    { path: "status", displayName: "Status", type: "string", description: "Oracle process status" },
+    { path: "deploymentUrl", displayName: "Deployment URL", type: "string", description: "The URL where the oracle was deployed" },
+    { path: "domainUpdateTxHash", displayName: "Domain Update Tx", type: "string", description: "Transaction hash of the on-chain domain update" }
+  ],
+  run: async (rawInputs, ctx) => {
+    const form = (() => {
+      const raw = rawInputs.formAnswers;
+      if (typeof raw !== "string" || !raw) return {};
+      try {
+        const parsed = JSON.parse(raw);
+        return parsed && typeof parsed === "object" ? parsed : {};
+      } catch {
+        return {};
+      }
+    })();
+    const inputs = {
+      // Rename: form.projectName → name for deploy handler
+      name: form.projectName,
+      ...form,
+      ...rawInputs
+    };
+    if (!ctx.services.oracle?.deploySetup) {
+      throw new Error("oracle.deploySetup handler not available");
+    }
+    if (!ctx.services.oracle?.deployStart) {
+      throw new Error("oracle.deployStart handler not available");
+    }
+    if (!inputs.name) throw new Error("name is required (project name from form)");
+    if (!inputs.entityDid) throw new Error("entityDid is required (from entity.createOracle output)");
+    if (!inputs.roomId) throw new Error("roomId is required (from oracle.configureOracle output)");
+    const config = {
+      oracleName: inputs.oracleName,
+      orgName: inputs.orgName,
+      description: inputs.description,
+      location: inputs.location,
+      price: inputs.price,
+      apiUrl: inputs.apiUrl,
+      logoUrl: inputs.logoUrl,
+      llmModel: inputs.llmModel,
+      opening: inputs.opening,
+      communicationStyle: inputs.communicationStyle,
+      capabilities: inputs.capabilities,
+      skills: inputs.skills,
+      mcpServers: inputs.mcpServers,
+      entityDid: inputs.entityDid
+    };
+    const secrets = {
+      mnemonic: inputs.mnemonic,
+      matrixPassword: inputs.matrixPassword,
+      matrixRecoveryPhrase: inputs.matrixRecoveryPhrase,
+      pin: inputs.pin,
+      matrixUsername: inputs.matrixUsername,
+      matrixAccountRoomId: inputs.matrixAccountRoomId,
+      freshAccessToken: inputs.freshAccessToken,
+      openRouterApiKey: inputs.openRouterApiKey
+    };
+    const setupResult = await ctx.services.oracle.deploySetup({ name: inputs.name, config, roomId: inputs.roomId, secrets });
+    if (!setupResult.setupComplete) {
+      throw new Error(`Deploy setup failed: ${setupResult.stderr || "setupComplete was not true"}`);
+    }
+    const startResult = await ctx.services.oracle.deployStart({ name: inputs.name, entityDid: inputs.entityDid, roomId: inputs.roomId, secrets });
+    if (!startResult.processId && startResult.status !== "running") {
+      throw new Error("Deploy start failed: no processId returned and status is not running");
+    }
+    let deploymentUrl;
+    let domainUpdateTxHash;
+    if (startResult.url) {
+      if (!ctx.services.oracle?.updateOracleDomain) {
+        console.warn("[oracle.deploy] updateOracleDomain handler not available, skipping domain update");
+      } else {
+        const domainResult = await ctx.services.oracle.updateOracleDomain({
+          entityDid: inputs.entityDid,
+          newApiUrl: startResult.url
+        });
+        deploymentUrl = startResult.url;
+        domainUpdateTxHash = domainResult.transactionHash;
+      }
+    }
+    return {
+      output: {
+        setupComplete: setupResult.setupComplete,
+        processId: startResult.processId,
+        status: startResult.status,
+        deploymentUrl,
+        domainUpdateTxHash
+      }
+    };
+  }
+});
+
 // src/core/lib/actionRegistry/actions/bid/bid.diff.ts
 registerDiffResolver("bid", {
   resolver: async (inputs, _ctx) => {
@@ -2984,6 +3865,40 @@ registerDiffResolver("evaluateClaim", {
   }
 });
 
+// src/core/lib/actionRegistry/actions/walletFund.diff.ts
+registerDiffResolver("qi/wallet.fund", {
+  resolver: async (inputs, _ctx) => {
+    const address = String(inputs.address || "").trim();
+    const amount = String(inputs.amount || "250000").trim();
+    const network = String(inputs.network || "devnet").trim();
+    const ixoAmount = (Number(amount) / 1e6).toFixed(6);
+    return [
+      {
+        key: "recipient",
+        label: "Recipient",
+        before: "N/A",
+        after: address || "Pending wallet generation",
+        changeType: address ? "replace" : "unchanged"
+      },
+      {
+        key: "amount",
+        label: "Amount",
+        before: "0 IXO",
+        after: `${ixoAmount} IXO (${amount} uixo)`,
+        changeType: "replace",
+        severity: "info"
+      },
+      {
+        key: "network",
+        label: "Network",
+        before: network,
+        after: network,
+        changeType: "unchanged"
+      }
+    ];
+  }
+});
+
 // src/core/services/ucanService.ts
 import {
   createDelegation as ucanCreateDelegation,
@@ -5487,4 +6402,4 @@ export {
   readFlow,
   setupFlowFromBaseUcan
 };
-//# sourceMappingURL=chunk-YA5P7BXL.mjs.map
+//# sourceMappingURL=chunk-75MWYZJ2.mjs.map