@openmobilehub/attestomcp-gate 0.1.0

package/dist/ceremony/checkout-page.js

@@ -0,0 +1,269 @@
+// renderRequirements() — ONE polished three-gate checkout page, served by both the
+// committed demo and @openmobilehub/attestomcp-storefront. Driven by the `requires`
+// manifest (the data `requirements()` emits) + this order's per-order verification
+// state, so the page reflects exactly what the buyer has and hasn't done.
+//
+// ROUTE-AGNOSTIC. The renderer never hardcodes a ceremony route: each non-payment
+// gate links to its own manifest entry's `approveUrl` (the demo's token-bearing
+// `/credential-gate/*` link or the storefront's mounted `/attestomcp/*` link, both flow
+// through unchanged). The payment section's affordances are supplied by the host
+// (`PaymentMethod[]` + the place-order endpoint), so the demo can reproduce its rich
+// passkey / cross-device / instant-demo group while a leaner host derives a single
+// Pay CTA from the payment entry's `approveUrl`.
+//
+// Security note: this is PRESENTATION. The lock the page renders is render-only —
+// every completion path (place-order, the rails' /verify handlers) re-enforces the
+// age gate server-side (Security invariant 1). Hiding the payment group is not the
+// control; it just keeps the UI honest about what the server will refuse.
+import { pageHead, brandHeader, progressRail, trustFooter } from "./theme.js";
+// ── Helpers ─────────────────────────────────────────────────────────────────
+function formatMoney(amount, currency) {
+    return new Intl.NumberFormat("en-US", { style: "currency", currency }).format(amount);
+}
+function escapeHtml(s) {
+    return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+// The single honesty surface (FR-011 / Principle VII): every entry carries the same
+// trust_level; state it once on the page (the shared discreet footer) so the gates
+// never read as a real safety control. Suppressed only when the flow is issuer-verified.
+function trustNote(entries) {
+    if (entries[0]?.trust_level === "issuer-verified")
+        return "";
+    return trustFooter();
+}
+// Map the manifest to the three-step progress rail (Age · Membership · Pay) with live
+// status, so the hub mirrors the same stepper the gate pages render. A gate the manifest
+// doesn't carry simply doesn't appear; payment is always the trailing step.
+function railSteps(gateEntries, ageVerified, loyaltyApplied, paid) {
+    const steps = [];
+    for (const e of gateEntries) {
+        if (e.effect === "gate" && e.credential === "age")
+            steps.push({ label: "Age", done: ageVerified || paid });
+        else if (e.effect === "discount")
+            steps.push({ label: "Membership", done: loyaltyApplied || paid });
+    }
+    steps.push({ label: "Pay", done: paid });
+    return steps;
+}
+// ── The page ──────────────────────────────────────────────────────────────────
+/**
+ * Render the unified checkout page: the order summary, the numbered gates (in policy
+ * order, payment LAST) with live status, and the payment section — locked until every
+ * blocking gate passes. The membership discount is reflected in the displayed total
+ * via `order.discount` (the host re-prices server-side and passes the priced order).
+ */
+export function renderRequirements(order, manifest, verification = {}, opts = {}) {
+    const ageVerified = !!verification.ageVerified;
+    const loyaltyApplied = !!verification.loyaltyApplied;
+    const paid = opts.paid ?? null;
+    // Payment settles last: split the manifest into the blocking/discount gates (kept
+    // in declared order) and the single authorize entry, which becomes the payment
+    // section. requirements() already sorts authorize last, but be explicit so a
+    // hand-built manifest renders the same.
+    const gateEntries = manifest.filter((e) => e.effect !== "authorize");
+    const paymentEntry = manifest.find((e) => e.effect === "authorize");
+    // A REQUIRED gate that isn't yet satisfied blocks payment. Age is the demo's
+    // blocking gate; a discount never blocks (it's an opt-in saving).
+    const isSatisfied = (e) => {
+        if (e.effect === "gate" && e.credential === "age")
+            return ageVerified;
+        if (e.effect === "discount")
+            return loyaltyApplied;
+        return false;
+    };
+    const blocked = gateEntries.some((e) => e.required && e.effect === "gate" && !isSatisfied(e));
+    // ── order summary ────────────────────────────────────────────────────────
+    // A paid revisit arrives after completion CLEARED this order's verification, so a
+    // re-priced order may have dropped the discount it was actually paid at and disagree
+    // with the recorded `paid.amount`. Anchor the displayed total on that authoritative
+    // amount, deriving the discount row from the line-sum − paid difference so the table
+    // and the paid banner always agree (a host that pre-anchors gets the same numbers).
+    const lineSum = order.lines.reduce((s, l) => s + l.lineTotal, 0);
+    const displayTotal = paid ? paid.amount : order.total;
+    const displayDiscount = paid
+        ? Math.max(0, Math.round((lineSum - paid.amount) * 100) / 100)
+        : order.discount;
+    const rows = order.lines
+        .map((l) => {
+        const name = l.name ?? l.id ?? "Item";
+        return `<tr class="line"><td>${escapeHtml(name)} <span class="qty">×${l.quantity}</span></td><td class="num">${formatMoney(l.lineTotal, l.currency ?? order.currency)}</td></tr>`;
+    })
+        .join("\n");
+    const discountPct = manifest.find((e) => e.effect === "discount")?.discountPct;
+    const discountRow = displayDiscount > 0
+        ? `<tr class="disc"><td>Loyalty discount${discountPct != null ? ` (${discountPct}%)` : ""}</td><td class="num">-${formatMoney(displayDiscount, order.currency)}</td></tr>`
+        : "";
+    // ── numbered gates (live status) ───────────────────────────────────────────
+    const gateSections = gateEntries
+        .map((e, i) => renderGate(e, i + 1, isSatisfied(e)))
+        .filter((s) => s !== "")
+        .join("\n");
+    // ── payment section (locked until the blocking gates pass) ─────────────────
+    // Resolve the method list ONCE so the rendered group and its CTA script agree:
+    // either the host's explicit methods, or a single Pay CTA derived from the
+    // authorize entry's approveUrl (route-agnostic — works for any mounted rail).
+    const methods = opts.payment?.methods ??
+        (paymentEntry?.approveUrl
+            ? [{ value: "pay", name: paymentEntry.label ?? "Authorize payment", desc: "Authorize on your device.", href: paymentEntry.approveUrl, checked: true }]
+            : []);
+    const paymentNumber = gateEntries.length + 1;
+    const paidSection = paid ? renderPaid(paid) : "";
+    // Calm, muted lock — never alarming. Keeps the literal "Payment is locked" the flow
+    // tests pin, framed as a gentle "unlocks after age verification" message.
+    const paymentSection = paid
+        ? `<div class="card section">${paidSection}</div>`
+        : blocked
+            ? `<div class="lock">🔒 Payment is locked · unlocks after age verification</div>`
+            : renderPayment(order, paymentNumber, methods);
+    const placeScript = paid || blocked ? "" : renderPlaceScript(order, methods, opts.payment);
+    // Progress rail mirrors the live gate status; current = first not-done step.
+    const steps = railSteps(gateEntries, ageVerified, loyaltyApplied, !!paid);
+    const rail = progressRail(steps, steps.findIndex((s) => !s.done));
+    const itemCount = order.itemCount ?? order.lines.reduce((n, l) => n + l.quantity, 0);
+    // bfcache guard. After authorizing on a gate page (passkey / dc-payment), a buyer
+    // who taps the browser BACK button lands on this checkout restored from the
+    // back/forward cache — a STALE snapshot of the pre-payment page, with its Pay
+    // button still live. Server-side completion is idempotent (a resubmit never
+    // double-charges — completion.ts re-reads the recorded order), but the UI would
+    // wrongly invite a second payment. `pageshow` with `persisted` is the
+    // cross-browser-reliable bfcache signal (Safari kept bfcache despite `no-store`);
+    // on a restore we force a fresh GET so the page reflects current server state
+    // (the paid banner, not the picker).
+    const bfcacheGuard = `<script>window.addEventListener("pageshow",function(e){if(e.persisted)location.reload();});</script>`;
+    return `<!doctype html>
+<html lang="en">
+${pageHead(`Checkout · ${order.id}`)}
+<body>
+  <div class="wrap">
+  ${brandHeader({ h1: "Checkout", tagline: "Prove it. Then pay." })}
+  <div class="card summary">
+    <p class="card-title">Order ${escapeHtml(order.id)} · ${itemCount} item(s)</p>
+    <table>
+    ${rows}
+    ${discountRow}
+    <tr class="total"><td>Total</td><td class="num">${formatMoney(displayTotal, order.currency)}</td></tr>
+    </table>
+  </div>
+
+  ${rail}
+  ${paid ? "" : gateSections}
+  ${paymentSection}
+  ${placeScript}
+  ${paid ? "" : trustNote(manifest)}
+  ${bfcacheGuard}
+  </div>
+</body>
+</html>`;
+}
+// One numbered gate card with live status (pending → ✓), built from its manifest
+// entry. Links to the entry's OWN approveUrl (route-agnostic). Returns "" for a
+// discount entry that the host renders no approve link for.
+function renderGate(entry, n, satisfied) {
+    // `step-no` is kept (tests + the rail both read off the numbered policy order); the
+    // card chrome and teal accent come from the shared design system.
+    const no = `<span class="step-no">${n}.</span>`;
+    if (entry.effect === "discount") {
+        const pct = entry.discountPct;
+        return satisfied
+            ? `<div class="card"><div class="row-ok">${no} ✓ Loyalty discount applied${pct != null ? ` (${pct}% off)` : ""}</div></div>`
+            : entry.approveUrl
+                ? `<div class="card"><a class="btn btn-secondary" href="${escapeHtml(entry.approveUrl)}">${no} Apply loyalty discount${pct != null ? ` (${pct}% off)` : ""}</a></div>`
+                : "";
+    }
+    // gate effect (age):
+    const age = entry.minAge ?? 21;
+    if (satisfied) {
+        return `<div class="card"><div class="row-ok">${no} ✓ Age verified — ${age}+</div></div>`;
+    }
+    const link = entry.approveUrl
+        ? `<a class="btn btn-primary" href="${escapeHtml(entry.approveUrl)}">Verify age (${age}+)</a>`
+        : "";
+    return `<div class="card"><div class="row-pending">${no} 🔒 This order contains age-restricted items. Verify you're ${age} or older to continue.</div>${link ? `<div style="margin-top:12px;">${link}</div>` : ""}</div>`;
+}
+// The Shopify-style payment-method group (one radio group, one Pay CTA). The methods
+// are resolved by the caller (host-supplied, or derived from the authorize entry's
+// approveUrl) and shared with the CTA script so the two never disagree.
+function renderPayment(order, n, methods) {
+    const payLabel = `Pay ${formatMoney(order.total, order.currency)}`;
+    if (methods.length === 0)
+        return "";
+    const anyChecked = methods.some((m) => m.checked);
+    const rows = methods
+        .map((m, i) => {
+        const checked = m.checked ?? (!anyChecked && i === 0);
+        return `    <label class="pm-row">
+      <input type="radio" name="pm" value="${escapeHtml(m.value)}"${checked ? " checked" : ""} />
+      <span class="pm-text"><span class="pm-name">${escapeHtml(m.name)}</span>
+      <span class="pm-desc">${escapeHtml(m.desc)}</span></span>
+    </label>`;
+    })
+        .join("\n");
+    return `<div class="card">
+  <h2 class="pm-head">${n}. Payment method</h2>
+  <div class="pm-group" role="radiogroup" aria-label="Payment method">
+${rows}
+  </div>
+  <button id="pay" class="btn btn-primary" style="margin-top:14px;">${payLabel}</button>
+  <p class="small" style="text-align:center;margin:10px 0 0;">You'll confirm the exact amount with your device. Demo — no real charge.</p>
+</div>`;
+}
+// The CTA script: selecting a method narrates the CTA; paying navigates to that
+// method's href (a gate page) or POSTs the order token for the instant-demo method.
+function renderPlaceScript(order, methods, payment) {
+    const payLabel = `Pay ${formatMoney(order.total, order.currency)}`;
+    if (methods.length === 0)
+        return "";
+    const placePath = payment?.placeOrderPath ?? "/checkout/place-order";
+    const token = payment?.orderToken ?? "";
+    // value → { href? , placeOrder? } for the client to act on.
+    const map = {};
+    for (const m of methods)
+        map[m.value] = { ...(m.href ? { href: m.href } : {}), ...(m.placeOrder ? { placeOrder: true } : {}) };
+    return `<script>
+    const METHODS = ${JSON.stringify(map)};
+    const PAY_LABEL = ${JSON.stringify(payLabel)};
+    const PLACE_PATH = ${JSON.stringify(placePath)};
+    const ORDER_TOKEN = ${JSON.stringify(token)};
+    const pay = document.getElementById('pay');
+    if (pay) {
+      const selected = () => document.querySelector('input[name="pm"]:checked').value;
+      const relabel = () => {
+        const m = METHODS[selected()] || {};
+        pay.textContent = m.placeOrder ? 'Place order (instant demo)' : PAY_LABEL;
+      };
+      document.querySelectorAll('input[name="pm"]').forEach((r) => r.addEventListener('change', relabel));
+      relabel();
+      pay.addEventListener('click', async function () {
+        const m = METHODS[selected()] || {};
+        if (!m.placeOrder) { if (m.href) window.location.href = m.href; return; }
+        this.disabled = true;
+        this.textContent = 'Placing order…';
+        try {
+          const res = await fetch(PLACE_PATH, {
+            method: 'POST',
+            headers: { 'content-type': 'application/json' },
+            body: JSON.stringify({ order: ORDER_TOKEN }),
+          });
+          if (!res.ok) throw new Error('place-order failed: ' + res.status);
+          this.textContent = 'Order placed ✓ (demo)';
+        } catch (e) {
+          this.disabled = false;
+          this.textContent = 'Place order (instant demo)';
+          alert('Could not place the order. Please try again.');
+        }
+      });
+    }
+  </script>`;
+}
+// The paid banner shown when revisiting an already-completed order. Settlement
+// details (when present) carry the public on-chain proof.
+function renderPaid(paid) {
+    const via = paid.settlement ? " via x402" : paid.method === "passkey" ? " via passkey" : "";
+    // The order is complete — lead with the prominent handoff (close the window, the
+    // agent polls order-status and continues), then the on-chain proof below.
+    const banner = `<div class="complete-banner"><div class="big">✓ Order paid · ${formatMoney(paid.amount, paid.currency)}${via}</div><div class="sub">You can <strong>close this window</strong> and continue in your agent — it has your order and will pick up from here.</div></div>`;
+    const detail = paid.settlement
+        ? `<p class="small" style="margin:0;">Settled on ${escapeHtml(paid.settlement.network)} · paid from ${escapeHtml(paid.settlement.payer.accountId)} · <a href="${escapeHtml(paid.settlement.hashscanUrl)}" target="_blank" rel="noopener">View on HashScan</a></p>`
+        : `<p class="small" style="margin:0;">No on-chain settlement for this payment method.</p>`;
+    return banner + detail;
+}

package/dist/ceremony/completion.d.ts

@@ -0,0 +1,41 @@
+import type { VerificationStore } from "../types.js";
+import type { CeremonyCatalog, CompletionInput, CompletionResult, GateOutcome } from "./types.js";
+export interface SettlementRecordLike {
+    network: string;
+    txId: string;
+    status: string;
+    [k: string]: unknown;
+}
+export interface CompletedRecord {
+    orderId: string;
+    mandateId: string;
+    amount: number;
+    currency: string;
+    method: string;
+    instrument?: unknown;
+    gates: GateOutcome[];
+    completedAt: string;
+    settlement?: SettlementRecordLike;
+}
+export interface CompletedOrderStore {
+    read(orderId: string): CompletedRecord | undefined | Promise<CompletedRecord | undefined>;
+    write(record: CompletedRecord): void | Promise<void>;
+}
+export interface ClearableCart {
+    clear(): void | Promise<void>;
+}
+export interface CompletionContext {
+    catalog: CeremonyCatalog;
+    verificationStore: VerificationStore;
+    /** Idempotent completed-order store, keyed by order id. */
+    records: CompletedOrderStore;
+    /** Cart to empty on completion (optional). */
+    cart?: ClearableCart;
+    /** Optional demo-mode settlement; throwing GATES completion (no record). */
+    settle?: (order: CompletionInput["order"]) => Promise<SettlementRecordLike>;
+    /** Optional HMAC key for Cart Mandate verification. When set AND the input carries a
+     *  `cartMandate`, completion verifies it (signature + order-id binding + expiry)
+     *  before re-pricing. Absent ⇒ the cart-mandate check is skipped (additive). */
+    signingKey?: string;
+}
+export declare function completeOrder(input: CompletionInput, ctx: CompletionContext): Promise<CompletionResult>;

package/dist/ceremony/completion.js

@@ -0,0 +1,90 @@
+import { verifyCartMandate } from "./cartMandate.js";
+import { reconcileCartPayment } from "./reconciliation.js";
+export async function completeOrder(input, ctx) {
+    // Every deterministic gate must have passed; one failure refuses, recording
+    // nothing.
+    if (!input.gates.every((g) => g.pass))
+        return { completed: false, reason: "gates" };
+    // Idempotency: a replayed verify for an already-recorded order echoes the
+    // recorded outcome — it settles/records nothing twice. Keyed by order id so it
+    // can't collide across orders, and it runs BEFORE re-pricing because completion
+    // clears the order's verification (a replayed discounted order would otherwise
+    // reprice high and refuse).
+    const existing = await ctx.records.read(input.order.id);
+    if (existing) {
+        return { completed: true, ...(existing.settlement ? { settlement: existing.settlement } : {}) };
+    }
+    // Cart Mandate integrity (additive, fail-closed): if a signed cart mandate rode along
+    // AND we hold the key, verify it BEFORE re-pricing — a tampered, replayed (wrong-order)
+    // or expired cart is refused here with an explicit reason. The catalog STILL re-derives
+    // the price below; the signature proves the server issued the cart, not the price
+    // (invariant 2). A valid-signature-but-wrong-price mandate therefore still fails the
+    // re-price check — the mandate is defense-in-depth, never a substitute for it. The
+    // verified mandate is reconciled against the Payment Mandate's binding AFTER re-pricing.
+    let cartMandate;
+    if (input.cartMandate && ctx.signingKey) {
+        const verdict = verifyCartMandate(input.cartMandate, input.order.id, ctx.signingKey);
+        if (!verdict.ok)
+            return { completed: false, reason: "cart-mandate" };
+        cartMandate = verdict.mandate;
+    }
+    // Invariant 2: never trust the order token — re-price the lines against the
+    // catalog and refuse if the inbound total doesn't match what those items cost.
+    // Invariant 3: a loyalty discount only counts when THIS order's verification
+    // says it was applied; a token merely claiming the discounted total reprices
+    // higher and is refused.
+    const verification = await ctx.verificationStore.read(input.order.id);
+    const loyaltyApplied = !!verification?.loyalty?.applied;
+    const items = input.order.lines.map((l) => ({ productId: l.id, quantity: l.quantity }));
+    const repriced = ctx.catalog.createOrder(items, input.order.id, { loyaltyApplied });
+    if (repriced.total !== input.order.total)
+        return { completed: false, reason: "reprice" };
+    // Invariant 3: when a signed Cart Mandate AND a signed Payment Mandate are both
+    // present, the two envelopes must tell ONE story before completing — same order,
+    // consistent currency, and the cart's sealed total == the catalog-RE-DERIVED total
+    // == the Payment Mandate's bound amount (`input.amount`, projected from
+    // `mandate.payment` by every rail). This binds the cart's seal to the payment's
+    // signature across ALL paths: a cart sealed for X paired with a payment for Y≠X, a
+    // currency or order mismatch, or a discount one path blesses and another refuses is
+    // refused here, never silently under-charged. Re-priced (not the token) per invariant 2.
+    if (cartMandate) {
+        const agree = reconcileCartPayment(cartMandate, { amount: input.amount, currency: input.currency, orderId: input.order.id }, repriced.total);
+        if (!agree.ok)
+            return { completed: false, reason: "reconcile" };
+    }
+    // Invariant 1: enforce the age gate on EVERY completion path. The age restriction
+    // is re-derived from the catalog-priced lines (never the token); an age-restricted
+    // order must carry a positive per-order age claim — written by the credential
+    // gate's verify handler (credential-gate/routes.ts) — before it can complete. This
+    // is the shared-completion-seam half of CT9; the demo's place-order + MCP
+    // order-completion-tool halves are wired in T014.
+    const ageRestricted = repriced.lines.some((l) => typeof l.minimumAge === "number" && l.minimumAge > 0);
+    if (ageRestricted && verification?.ageVerified !== true) {
+        return { completed: false, reason: "age" };
+    }
+    let settlement;
+    if (ctx.settle) {
+        try {
+            settlement = await ctx.settle(input.order);
+        }
+        catch (err) {
+            return { completed: false, settlementError: err.message };
+        }
+    }
+    await ctx.records.write({
+        orderId: input.order.id,
+        mandateId: input.mandateId,
+        amount: input.amount,
+        currency: input.currency,
+        method: input.method,
+        instrument: input.instrument,
+        gates: input.gates,
+        completedAt: new Date().toISOString(),
+        ...(settlement ? { settlement } : {}),
+    });
+    if (ctx.cart)
+        await ctx.cart.clear();
+    // Completed purchase: clear this order's age/loyalty verification.
+    await ctx.verificationStore.clear(input.order.id);
+    return { completed: true, ...(settlement ? { settlement } : {}) };
+}

package/dist/ceremony/credential-gate/dcql.d.ts

@@ -0,0 +1,10 @@
+import type { DcqlQuery } from "../../types.js";
+export type CredentialKind = "age" | "membership";
+export interface CredentialDcqlOpts {
+    /** Age threshold (defaults to 21 — the strictest common restriction). */
+    minimumAge?: number;
+    /** Membership discount percent (defaults to 10). */
+    percent?: number;
+}
+/** The DCQL the signed request embeds for this credential kind. */
+export declare function buildCredentialDcql(kind: CredentialKind, opts?: CredentialDcqlOpts): DcqlQuery;

package/dist/ceremony/credential-gate/dcql.js

@@ -0,0 +1,12 @@
+// DCQL for the credential gate (age / membership). One query per kind, reused
+// from the package's own credential builders (credentials.ts) so the request the
+// wallet receives is the SAME shape the policy layer describes — no second source
+// of truth to drift. age → ISO 18013-5 mDL + EU PID over-age claims; membership →
+// the loyalty doctype. verify.ts maps the disclosed claims back to a boolean.
+import { age, membership } from "../../credentials.js";
+/** The DCQL the signed request embeds for this credential kind. */
+export function buildCredentialDcql(kind, opts = {}) {
+    return kind === "age"
+        ? age.over(opts.minimumAge ?? 21).request
+        : membership.discount(opts.percent ?? 10).request;
+}

package/dist/ceremony/credential-gate/doc-spec.d.ts

@@ -0,0 +1,3 @@
+import type { MdocDocSpec } from "../mdoc/mdoc-iso.js";
+import type { CredentialKind } from "./dcql.js";
+export declare function mdocDocSpec(kind: CredentialKind, minimumAge?: number): MdocDocSpec;

package/dist/ceremony/credential-gate/doc-spec.js

@@ -0,0 +1,16 @@
+export function mdocDocSpec(kind, minimumAge = 21) {
+    if (kind === "age") {
+        return {
+            docType: "org.iso.18013.5.1.mDL",
+            namespace: "org.iso.18013.5.1",
+            // Ask for the over-age booleans bracketing the threshold; verify.ts requires
+            // the explicit positive at THIS threshold (a sub-threshold proof is refused).
+            elements: minimumAge >= 21 ? ["age_over_21", "age_over_18"] : ["age_over_18"],
+        };
+    }
+    return {
+        docType: "org.multipaz.loyalty.1",
+        namespace: "org.multipaz.loyalty.1",
+        elements: ["membership_number", "tier"],
+    };
+}

package/dist/ceremony/credential-gate/mdoc-verify.d.ts

@@ -0,0 +1,15 @@
+import type { Origin } from "../origin.js";
+import { type CredGateResult } from "./verify.js";
+import type { CredentialKind } from "./dcql.js";
+export declare function verifyMdocPresentation(args: {
+    kind: CredentialKind;
+    result: {
+        protocol?: string;
+        data?: unknown;
+    };
+    mdocContextToken: string;
+    origin: Origin;
+    secret: string;
+    minimumAge?: number;
+    percent?: number;
+}): Promise<CredGateResult>;

package/dist/ceremony/credential-gate/mdoc-verify.js

@@ -0,0 +1,29 @@
+import { evaluateDisclosed } from "./verify.js";
+import { mdocDocSpec } from "./doc-spec.js";
+import { openMdocContext, buildSessionTranscript, decryptDeviceResponse, disclosedFromDeviceResponse, } from "../mdoc/mdoc-iso.js";
+export async function verifyMdocPresentation(args) {
+    const { kind, result, mdocContextToken, origin, secret, minimumAge, percent } = args;
+    const ctx = await openMdocContext(mdocContextToken, secret);
+    let data = result?.data;
+    if (typeof data === "string") {
+        try {
+            data = JSON.parse(data);
+        }
+        catch { /* leave as string */ }
+    }
+    const responseB64Url = data?.response ??
+        (typeof data === "string" ? data : undefined);
+    if (!responseB64Url)
+        throw new Error("no .response in org-iso-mdoc result.data");
+    const sessionTranscript = buildSessionTranscript(ctx.base64EncryptionInfo, origin.origin);
+    const deviceResponse = await decryptDeviceResponse({
+        responseB64Url,
+        readerPrivateJwk: ctx.readerPrivateJwk,
+        sessionTranscript,
+    });
+    const disclosed = disclosedFromDeviceResponse(deviceResponse);
+    // The iOS DeviceRequest is built from this same doc spec; keep it referenced so
+    // the request/verify pair stays aligned to one doctype definition.
+    void mdocDocSpec(kind, minimumAge);
+    return evaluateDisclosed(kind, disclosed, { minimumAge, percent });
+}

package/dist/ceremony/credential-gate/page.d.ts

@@ -0,0 +1,20 @@
+import type { CredentialKind } from "./dcql.js";
+export interface CredentialPageArgs {
+    kind: CredentialKind;
+    /** Order id, echoed back so verify is scoped to one order. */
+    order: string;
+    /** Re-derived from the catalog (age gate). */
+    minimumAge?: number;
+    /** Catalog-priced total, shown for context (never the token's). */
+    total?: number;
+    currency?: string;
+    /** Membership discount percent (membership gate). */
+    percent?: number;
+    /**
+     * Where to send the buyer after this gate succeeds — the checkout hub, so the
+     * sequence flows (hub → gate → back to hub with this gate ✓ → next gate).
+     * Defaults to this server's `/checkout?order=<id>`.
+     */
+    returnUrl?: string;
+}
+export declare function renderCredentialPage(args: CredentialPageArgs): string;