@openmobilehub/attestomcp-gate 0.1.0

package/dist/credentials.js

@@ -0,0 +1,127 @@
+// Policy builders — the typed surface a developer writes (Principle I).
+//
+//   required(age.over(21).when(hasAlcohol))   // 21+, only when the predicate is true
+//   optional(membership.discount(10))          // 10% off if a loyalty credential is presented
+//   required(payment.in("usd"))                // amount derived from the order; settles last
+//
+// Each builder returns a `Credential` carrying an `effect`; `.when()` attaches a
+// call-site conditional. These hold FUNCTIONS — they live in your server and are
+// resolved to data by `requirements()` (the code→data boundary). Nothing here
+// crosses the wire.
+import { ageDcql } from "./envelope.js";
+// ── Effects (tagged data the resolver interprets) ──────────────────────────
+export function gate() {
+    return { kind: "gate" };
+}
+export function discount(opts) {
+    return { kind: "discount", ...opts };
+}
+export function authorize() {
+    return { kind: "authorize" };
+}
+// ── DCQL sugar ─────────────────────────────────────────────────────────────
+/**
+ * Concise DCQL for a single mdoc credential: name the doctype and the claim
+ * leaves, get back the full verifier-shaped `DcqlQuery`. Selective disclosure
+ * (never retain) is the default.
+ */
+export function dcql(spec) {
+    return {
+        credentials: [
+            {
+                id: spec.docType.split(".").pop() ?? spec.docType,
+                format: "mso_mdoc",
+                meta: { doctype_value: spec.docType },
+                claims: spec.claims.map((leaf) => ({ path: [spec.docType, leaf], intent_to_retain: false })),
+            },
+        ],
+    };
+}
+// ── Credential factory (non-mutating, chainable `.when()`) ─────────────────
+/**
+ * Build a Credential and attach the chainable `.when()`. `.when()` returns a
+ * fresh Credential whose predicate is AND-ed onto any existing `appliesTo`, so
+ * `defineCredential`'s definition-time conditional and a call-site `.when()`
+ * compose (both must hold for the gate to apply).
+ */
+function makeCredential(base) {
+    return {
+        ...base,
+        when(predicate) {
+            const prev = base.appliesTo;
+            return makeCredential({
+                ...base,
+                appliesTo: prev ? (order) => prev(order) && predicate(order) : predicate,
+            });
+        },
+    };
+}
+// ── Built-in credentials ───────────────────────────────────────────────────
+/** Age verification. `age.over(21)` proves the `age_over_21` claim (explicit positive). */
+export const age = {
+    over(minAge) {
+        return makeCredential({
+            id: "age",
+            request: ageDcql(),
+            // Security invariant 5: require the explicit positive claim at THIS threshold
+            // (an 18+ proof must not satisfy a 21+ gate).
+            verify: (claims) => claims[`age_over_${minAge}`] === true,
+            effect: gate(),
+            ui: { label: `Age ${minAge}+`, action: `Verify you are ${minAge} or older` },
+            params: { minAge },
+        });
+    },
+};
+/** Loyalty / membership — optional; presenting it applies a discount. */
+export const membership = {
+    discount(percent) {
+        return makeCredential({
+            id: "membership",
+            // Real, interoperable loyalty doctype a wallet actually holds (Multipaz),
+            // matching the demo — NOT a branded placeholder, or the wallet finds nothing.
+            request: dcql({ docType: "org.multipaz.loyalty.1", claims: ["membership_number", "tier"] }),
+            verify: (claims) => typeof claims.membership_number === "string" && claims.membership_number.length > 0,
+            effect: discount({ percent }),
+            ui: { label: `${percent}% member discount`, action: "Present your membership" },
+            params: { percent },
+        });
+    },
+};
+/**
+ * Payment authorization. Settles LAST (the resolver sorts authorize-effect
+ * entries to the end). The amount is derived from the order server-side, never
+ * passed as a field (Principle IV / Security invariant 2).
+ */
+export const payment = {
+    in(currency) {
+        return makeCredential({
+            id: "payment",
+            request: dcql({ docType: "org.openwallet.payment.1", claims: ["account"] }),
+            verify: (claims) => claims.authorized === true,
+            effect: authorize(),
+            ui: { label: `Pay (${currency.toUpperCase()})`, action: "Authorize payment" },
+            params: { currency },
+        });
+    },
+};
+// ── Extensibility ──────────────────────────────────────────────────────────
+/** Define a custom credential — gate ANY consequential action with ANY credential. */
+export function defineCredential(c) {
+    return makeCredential({
+        id: c.id,
+        request: c.request,
+        verify: c.verify,
+        effect: c.effect,
+        appliesTo: c.appliesTo,
+        ui: c.ui,
+    });
+}
+// ── Policy entries ─────────────────────────────────────────────────────────
+/** A required gate — present in the manifest whenever it applies. */
+export function required(c) {
+    return { credential: c, required: true };
+}
+/** An optional gate — surfaced but never blocking. */
+export function optional(c) {
+    return { credential: c, required: false };
+}

package/dist/envelope.d.ts

@@ -0,0 +1,62 @@
+import type { DcqlQuery, TrustLevel } from "./types.js";
+export declare const ENVELOPE_VERSION: "attestomcp.verification/v1";
+export declare const ENVELOPE_SENTINEL: "verification_required";
+/** Built-in credential kinds the envelope describes. */
+export type BuiltinKind = "age" | "membership" | "payment";
+/**
+ * The age DCQL, matching the reference verifier (ISO 18013-5 mDL + EU PID).
+ * Mirrors the server's credential-gate/dcql.ts so the envelope describes the
+ * request the wallet will actually receive.
+ */
+export declare function ageDcql(): DcqlQuery;
+export interface VerificationRequired {
+    /** Sentinel an agent/client keys on to detect a consent handshake. */
+    _attestomcp: typeof ENVELOPE_SENTINEL;
+    version: typeof ENVELOPE_VERSION;
+    order: {
+        id: string;
+        total: number;
+        currency: string;
+    };
+    reason: {
+        gate: string;
+        pass: false;
+        detail: string;
+    };
+    present: {
+        credential: BuiltinKind;
+        /** Age threshold, when the credential is `age`. */
+        min_age?: number;
+        /** The DCQL the wallet will receive. */
+        request: DcqlQuery;
+        /** Per-order link the buyer opens to prove the credential on their phone. */
+        approve_url: string;
+    };
+    /** How the agent resumes once the buyer has proven the credential. */
+    resume: {
+        tool: string;
+        poll: string;
+    };
+    trust_level: TrustLevel;
+}
+export interface BuildEnvelopeArgs {
+    order: {
+        id: string;
+        total: number;
+        currency: string;
+    };
+    credential: BuiltinKind;
+    request: DcqlQuery;
+    approveUrl: string;
+    detail: string;
+    minAge?: number;
+    gate?: string;
+    resumeTool?: string;
+    trustLevel?: TrustLevel;
+}
+/** Build the typed refusal an agent can drive. Pure — no I/O. */
+export declare function buildVerificationRequired(args: BuildEnvelopeArgs): VerificationRequired;
+/** True if a tool result is a verification_required envelope (for agents/clients). */
+export declare function isVerificationRequired(v: unknown): v is VerificationRequired;
+/** A one-line, agent-facing instruction string to carry alongside the envelope. */
+export declare function envelopeInstruction(env: VerificationRequired): string;

package/dist/envelope.js

@@ -0,0 +1,72 @@
+// The `verification_required` envelope — AttestoMcp's Mode-B / roadmap primitive.
+//
+// Mode A (consolidated checkout) is the v0.1 default: the tool mints the link +
+// surfaces a `requires` manifest, and the page runs the gates. This envelope is
+// the BLOCKING shape for page-less tools (Mode B, roadmap): a tool that has no
+// checkout page returns a typed refusal an agent can DRIVE (why it stopped,
+// which credential, a per-order approve link, the tool to poll) instead of a
+// dead error string. Its wire shape is a tested contract — do NOT break it.
+export const ENVELOPE_VERSION = "attestomcp.verification/v1";
+export const ENVELOPE_SENTINEL = "verification_required";
+/**
+ * The age DCQL, matching the reference verifier (ISO 18013-5 mDL + EU PID).
+ * Mirrors the server's credential-gate/dcql.ts so the envelope describes the
+ * request the wallet will actually receive.
+ */
+export function ageDcql() {
+    return {
+        credentials: [
+            {
+                id: "mdl",
+                format: "mso_mdoc",
+                meta: { doctype_value: "org.iso.18013.5.1.mDL" },
+                claims: [
+                    { path: ["org.iso.18013.5.1", "age_over_21"], intent_to_retain: false },
+                    { path: ["org.iso.18013.5.1", "age_over_18"], intent_to_retain: false },
+                ],
+            },
+            {
+                id: "eupid",
+                format: "mso_mdoc",
+                meta: { doctype_value: "eu.europa.ec.eudi.pid.1" },
+                claims: [{ path: ["eu.europa.ec.eudi.pid.1", "age_over_18"], intent_to_retain: false }],
+            },
+        ],
+    };
+}
+/** Build the typed refusal an agent can drive. Pure — no I/O. */
+export function buildVerificationRequired(args) {
+    return {
+        _attestomcp: ENVELOPE_SENTINEL,
+        version: ENVELOPE_VERSION,
+        order: { id: args.order.id, total: args.order.total, currency: args.order.currency },
+        reason: {
+            gate: args.gate ?? (args.minAge != null ? `Age over ${args.minAge}` : "Verification"),
+            pass: false,
+            detail: args.detail,
+        },
+        present: {
+            credential: args.credential,
+            ...(args.minAge != null ? { min_age: args.minAge } : {}),
+            request: args.request,
+            approve_url: args.approveUrl,
+        },
+        resume: { tool: args.resumeTool ?? "get-order-status", poll: "until status=completed or refused" },
+        trust_level: args.trustLevel ?? "presence-only-demo",
+    };
+}
+/** True if a tool result is a verification_required envelope (for agents/clients). */
+export function isVerificationRequired(v) {
+    return (typeof v === "object" &&
+        v !== null &&
+        v._attestomcp === ENVELOPE_SENTINEL);
+}
+/** A one-line, agent-facing instruction string to carry alongside the envelope. */
+export function envelopeInstruction(env) {
+    const what = env.present.credential === "age"
+        ? `age verification (${env.present.min_age ?? 21}+)`
+        : `a ${env.present.credential} credential`;
+    return (`This order needs ${what} before it can be placed. Share this link with the buyer to ` +
+        `prove it on their phone: ${env.present.approve_url} — then poll \`${env.resume.tool}\` ` +
+        `until it completes. Do not tell the user the order is placed until then.`);
+}

package/dist/gated.d.ts

@@ -0,0 +1,39 @@
+import type { DcqlQuery, GateOrder } from "./types.js";
+export interface MinimalToolResult {
+    structuredContent?: Record<string, unknown>;
+    content: {
+        type: "text";
+        text: string;
+    }[];
+    isError?: boolean;
+}
+export interface EasyGatePolicy {
+    /** Require age verification. `true` uses the cart's strictest item threshold. */
+    age?: boolean;
+}
+export interface GateDeps<A, O extends GateOrder> {
+    /** Resolve the order from the tool args (created ONCE, so the id is stable). */
+    resolveOrder: (args: A) => O | Promise<O>;
+    /** True iff this order is age-restricted AND has no recorded age verification. */
+    isAgeUnverified: (order: O) => boolean | Promise<boolean>;
+    /** Per-order link the buyer opens to prove age. */
+    approveUrl: (order: O) => string;
+    /** The age threshold for this order (e.g. 21), or undefined. */
+    minAge?: (order: O) => number | undefined;
+    /** The DCQL to request; defaults to `ageDcql()`. */
+    request?: DcqlQuery;
+    resumeTool?: string;
+}
+/**
+ * @deprecated v0.1 uses consolidated Mode A — wrap your checkout tool with
+ * `AttestoMcp.requirements(order, policy)` instead. `gated()` is the Mode-B
+ * blocking shim, kept for page-less tools / one minor version.
+ *
+ * Wrap an MCP tool handler so it returns a `verification_required` envelope when
+ * the age gate isn't met, instead of completing. The handler receives the
+ * resolved order so it never re-creates it (a fresh id would desync the approve
+ * link from the verified order).
+ */
+export declare function gated<A, O extends GateOrder>(handler: (args: A, ctx: {
+    order: O;
+}) => MinimalToolResult | Promise<MinimalToolResult>, policy: EasyGatePolicy, deps: GateDeps<A, O>): (args: A) => Promise<MinimalToolResult>;

package/dist/gated.js

@@ -0,0 +1,41 @@
+// gated() — the v0-overnight blocking wrapper, kept as a DEPRECATED shim.
+//
+// v0.1 is consolidated Mode A: the checkout tool mints the link + surfaces a
+// `requires` manifest (see AttestoMcp.requirements), and the page runs the gates.
+// gated() is the Mode-B blocking shape — it withholds completion and returns a
+// `verification_required` envelope. Retained for page-less tools / one minor
+// version; prefer `requirements()` for checkout. Will be removed after v0.2.
+import { ageDcql, buildVerificationRequired, envelopeInstruction } from "./envelope.js";
+/**
+ * @deprecated v0.1 uses consolidated Mode A — wrap your checkout tool with
+ * `AttestoMcp.requirements(order, policy)` instead. `gated()` is the Mode-B
+ * blocking shim, kept for page-less tools / one minor version.
+ *
+ * Wrap an MCP tool handler so it returns a `verification_required` envelope when
+ * the age gate isn't met, instead of completing. The handler receives the
+ * resolved order so it never re-creates it (a fresh id would desync the approve
+ * link from the verified order).
+ */
+export function gated(handler, policy, deps) {
+    return async (args) => {
+        const order = await deps.resolveOrder(args);
+        if (policy.age && (await deps.isAgeUnverified(order))) {
+            const minAge = deps.minAge?.(order);
+            const env = buildVerificationRequired({
+                order,
+                credential: "age",
+                request: deps.request ?? ageDcql(),
+                approveUrl: deps.approveUrl(order),
+                detail: `Cart contains age-restricted items. No age verification on file for order ${order.id}.`,
+                minAge,
+                resumeTool: deps.resumeTool,
+            });
+            return {
+                // VerificationRequired is a plain JSON object; widen to the tool-result shape.
+                structuredContent: env,
+                content: [{ type: "text", text: envelopeInstruction(env) }],
+            };
+        }
+        return handler(args, { order });
+    };
+}

package/dist/index.d.ts

@@ -0,0 +1,18 @@
+export { AttestoMcp } from "./client.js";
+export type { ExpressApp } from "./client.js";
+export { age, membership, payment, required, optional, defineCredential, dcql, gate, discount, authorize } from "./credentials.js";
+export { MemoryVerificationStore } from "./store.js";
+export { completeOrder } from "./ceremony/completion.js";
+export { issueCartMandate, verifyCartMandate, DEFAULT_CART_MANDATE_TTL_MS } from "./ceremony/cartMandate.js";
+export type { CartMandate, CartMandateLine, CartMandateRefusal, CartMandateVerdict, IssueCartMandateArgs } from "./ceremony/cartMandate.js";
+export { reconcileCartPayment } from "./ceremony/reconciliation.js";
+export type { PaymentBinding, ReconcileRefusal, ReconcileVerdict } from "./ceremony/reconciliation.js";
+export { renderRequirements } from "./ceremony/checkout-page.js";
+export type { RenderOrder, RenderOrderLine, RenderVerification, RenderPaid, PaymentMethod, PaymentOptions, RenderRequirementsOptions, } from "./ceremony/checkout-page.js";
+export type { CompletionContext, CompletedRecord, CompletedOrderStore, ClearableCart, SettlementRecordLike, } from "./ceremony/completion.js";
+export type { CeremonyOrder, CeremonyOrderLine, CeremonyOrderStore, CeremonyCatalog, CartItemRef, RepriceOpts, CompletionInput, CompletionResult, CompletionSeam, SettlementSeam, GateOutcome, } from "./ceremony/types.js";
+export type { AttestoMcpOptions, GateOrder, OrderLine, Credential, Step, Effect, VerificationManifestEntry, VerificationStore, VerificationRecord, TrustLevel, DcqlQuery, DcqlClaim, DcqlCredentialOption, } from "./types.js";
+export { ageDcql, buildVerificationRequired, isVerificationRequired, envelopeInstruction, ENVELOPE_VERSION, ENVELOPE_SENTINEL, } from "./envelope.js";
+export type { VerificationRequired, BuildEnvelopeArgs, BuiltinKind } from "./envelope.js";
+export { gated } from "./gated.js";
+export type { EasyGatePolicy, GateDeps, MinimalToolResult } from "./gated.js";

package/dist/index.js

@@ -0,0 +1,49 @@
+// @openmobilehub/attestomcp-gate — the consent layer for AI agents (v0.1).
+//
+// Require a verifiable credential from the user's phone wallet before a
+// consequential MCP tool completes. Identity leads; payments is one application.
+//
+// The v0.1 surface (consolidated Mode A):
+//   • new AttestoMcp({ walletOrigin })            — configure once
+//   • attestomcp.requirements(order, policy)      — Context 1: policy → serializable manifest
+//   • attestomcp.mount(app)                       — Context 2: ceremony seam
+//   • required/optional over age/membership/payment builders, .when() conditional
+//   • defineCredential + gate/discount/authorize + dcql — gate ANY credential
+// The `verification_required` envelope + gated() are retained as the Mode-B /
+// roadmap blocking primitive (page-less tools); see ROADMAP.
+// ── Client ───────────────────────────────────────────────────────────────
+export { AttestoMcp } from "./client.js";
+// ── Policy builders + extensibility ────────────────────────────────────────
+export { age, membership, payment, required, optional, defineCredential, dcql, gate, discount, authorize } from "./credentials.js";
+// ── Store ────────────────────────────────────────────────────────────────
+export { MemoryVerificationStore } from "./store.js";
+// ── Ceremony composition (host-side: bind completion over YOUR stores) ──────
+// A composing host (e.g. @openmobilehub/attestomcp-storefront) binds `completeOrder`
+// to its completed-order / cart stores + catalog and exposes it as the `completion`
+// seam on `app.locals.attestomcp`, so a finished ceremony records + clears through the
+// SAME shared path every rail uses (FR-008). The ceremony entity types let the host
+// type those seam adapters without re-declaring them.
+export { completeOrder } from "./ceremony/completion.js";
+// ── Cart Mandate (ap2.CartMandate) — signed, tamper-evident cart envelope ────
+// Additive + fail-closed: `issueCartMandate` seals a server-priced cart with the host's
+// HMAC key; `verifyCartMandate` (and `completeOrder`, when given a `cartMandate` +
+// `signingKey`) refuses a tampered / replayed / expired cart BEFORE re-pricing. The
+// catalog stays the price authority (invariant 2); trust_level is presence-only-demo.
+export { issueCartMandate, verifyCartMandate, DEFAULT_CART_MANDATE_TTL_MS } from "./ceremony/cartMandate.js";
+// ── Cart ↔ Payment reconciliation — signed cart + signed payment agree on amount ──
+// When BOTH a Cart Mandate and a Payment Mandate ride along, `completeOrder`
+// reconciles them at the shared seam: same order, consistent currency, and the
+// cart's sealed total == the catalog-re-derived total == the Payment Mandate's bound
+// amount. One amount binding across every payment path (invariant 3); refuses on any
+// mismatch. Exposed for hosts that reconcile outside the bundled completion seam.
+export { reconcileCartPayment } from "./ceremony/reconciliation.js";
+// ── Ceremony presentation (the ONE shared three-gate checkout page) ─────────
+// Both the committed demo and @openmobilehub/attestomcp-storefront render their
+// checkout page through `renderRequirements(order, manifest, verification)` — one
+// polished, route-agnostic page driven by the `requires` manifest (each gate links
+// to its OWN approveUrl) so the two surfaces never drift (T030).
+export { renderRequirements } from "./ceremony/checkout-page.js";
+// ── Retained: Mode-B / roadmap blocking primitive (do NOT break the wire shape) ──
+export { ageDcql, buildVerificationRequired, isVerificationRequired, envelopeInstruction, ENVELOPE_VERSION, ENVELOPE_SENTINEL, } from "./envelope.js";
+// gated() — deprecated Mode-B shim (use requirements() for checkout).
+export { gated } from "./gated.js";

package/dist/manifest.d.ts

@@ -0,0 +1,28 @@
+import type { GateOrder, Step, TrustLevel, VerificationManifestEntry } from "./types.js";
+export interface ResolveContext {
+    /** Origin the per-order approve link binds to. */
+    walletOrigin: string;
+    /** mdoc trust honestly stated in every entry; v0.1 is presence-only. */
+    trustLevel?: TrustLevel;
+    /**
+     * Where the gates are enforced. v0.1 is consolidated Mode A: every gate runs
+     * on the checkout page (Context 2), so entries are `"checkout"`. (`"tool"` is
+     * the Mode-B / blocking shape — roadmap.)
+     */
+    enforcedAt?: "tool" | "checkout";
+    /**
+     * Set once `attestomcp.mount()` has wired the ceremony rails onto the host app, so
+     * the approve links resolve to THIS server's mounted `/attestomcp/*` routes instead
+     * of the legacy `/credential-gate/*` shape. age/membership share the credential
+     * page (`?cred=…`); payment authorizes on the dc-payment page.
+     */
+    mountedRoutes?: boolean;
+}
+/**
+ * Resolve a policy against an order into the serializable manifest.
+ *
+ * Ordering: declared order is preserved EXCEPT that `authorize`-effect entries
+ * (payment) are moved to the end — payment always settles last, even when a
+ * developer declares it earlier in the policy (Principle IV / contract CT3).
+ */
+export declare function resolveRequirements(order: GateOrder, policy: Step[], ctx: ResolveContext): VerificationManifestEntry[];

package/dist/manifest.js

@@ -0,0 +1,76 @@
+// requirements() — the code→data boundary (Principle VI).
+//
+// Runs each Step's `appliesTo` predicate server-side (Context 1), drops the
+// gates that don't apply, orders them (payment / authorize settles LAST), and
+// emits a flat, JSON-safe manifest: NO functions, NO closures. This is the only
+// place policy code becomes wire data — `structuredContent.requires` is exactly
+// what the agent and the widget receive.
+/** Per-order approve link, e.g. `https://shop.example/credential-gate/age?order=ORD-1`. */
+function approveUrlFor(walletOrigin, credentialId, orderId) {
+    const origin = walletOrigin.replace(/\/$/, "");
+    return `${origin}/credential-gate/${credentialId}?order=${encodeURIComponent(orderId)}`;
+}
+/**
+ * Per-order approve link onto the MOUNTED ceremony routes (`attestomcp.mount()`):
+ *   payment/authorize → `…/attestomcp/dc-payment?order=…`  (passkey is the alt rail)
+ *   age / membership / other gate → `…/attestomcp/credential?order=…&cred=<id>`
+ * Same origin the checkout link uses, so the host can re-home it onto its own base.
+ */
+function mountedApproveUrlFor(walletOrigin, credentialId, effect, orderId) {
+    const origin = walletOrigin.replace(/\/$/, "");
+    const order = encodeURIComponent(orderId);
+    if (effect === "authorize" || credentialId === "payment") {
+        return `${origin}/attestomcp/dc-payment?order=${order}`;
+    }
+    return `${origin}/attestomcp/credential?order=${order}&cred=${encodeURIComponent(credentialId)}`;
+}
+/**
+ * Resolve a policy against an order into the serializable manifest.
+ *
+ * Ordering: declared order is preserved EXCEPT that `authorize`-effect entries
+ * (payment) are moved to the end — payment always settles last, even when a
+ * developer declares it earlier in the policy (Principle IV / contract CT3).
+ */
+export function resolveRequirements(order, policy, ctx) {
+    const trust_level = ctx.trustLevel ?? "presence-only-demo";
+    const enforcedAt = ctx.enforcedAt ?? "checkout";
+    const entries = policy
+        // Drop gates whose inclusion predicate (defineCredential appliesTo + any
+        // composed .when()) is present and returns false.
+        .filter((step) => {
+        const applies = step.credential.appliesTo;
+        return applies ? applies(order) : true;
+    })
+        .map((step) => {
+        const c = step.credential;
+        const effect = c.effect.kind;
+        const entry = {
+            credential: c.id,
+            required: step.required,
+            effect,
+            enforcedAt,
+            trust_level,
+            label: c.ui.label,
+        };
+        if (c.params?.minAge != null)
+            entry.minAge = c.params.minAge;
+        if (effect === "discount" && c.params?.percent != null)
+            entry.discountPct = c.params.percent;
+        if (ctx.mountedRoutes) {
+            // Ceremony is mounted: every entry that maps to a `/attestomcp/*` route gets a
+            // per-order approve link — including the membership discount, which is
+            // proven on the same credential page (so the buyer can opt into the discount).
+            entry.approveUrl = mountedApproveUrlFor(ctx.walletOrigin, c.id, effect, order.id);
+        }
+        else if (effect === "gate" || effect === "authorize") {
+            // Legacy `/credential-gate/*` shape — a gate/authorize is proven via a
+            // per-order ceremony link; a discount is merely presented, no approve link.
+            entry.approveUrl = approveUrlFor(ctx.walletOrigin, c.id, order.id);
+        }
+        return entry;
+    });
+    // Stable payment-last: non-authorize entries keep their order, then authorize.
+    const settleLast = entries.filter((e) => e.effect === "authorize");
+    const rest = entries.filter((e) => e.effect !== "authorize");
+    return [...rest, ...settleLast];
+}

package/dist/store.d.ts

@@ -0,0 +1,7 @@
+import type { VerificationRecord, VerificationStore } from "./types.js";
+export declare class MemoryVerificationStore implements VerificationStore {
+    private readonly records;
+    read(orderId: string): VerificationRecord | undefined;
+    write(orderId: string, record: VerificationRecord): void;
+    clear(orderId: string): void;
+}

package/dist/store.js

@@ -0,0 +1,16 @@
+// Per-order verification store. Keyed by order id — NEVER process-global, so one
+// shopper's verification can never unlock another's checkout (Security invariant 4).
+// Default is in-process; swap in Redis (Upstash) for serverless by implementing
+// VerificationStore.
+export class MemoryVerificationStore {
+    records = new Map();
+    read(orderId) {
+        return this.records.get(orderId);
+    }
+    write(orderId, record) {
+        this.records.set(orderId, record);
+    }
+    clear(orderId) {
+        this.records.delete(orderId);
+    }
+}