@ottochain/sdk 2.3.0 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (209) hide show
  1. package/dist/cjs/apps/contracts/index.js +15 -8
  2. package/dist/cjs/apps/contracts/state-machines/contract-agreement.js +35 -40
  3. package/dist/cjs/apps/contracts/state-machines/contract-escrow.js +80 -37
  4. package/dist/cjs/apps/contracts/state-machines/contract-universal.js +4 -4
  5. package/dist/cjs/apps/corporate/index.js +2 -2
  6. package/dist/cjs/apps/corporate/state-machines/corp-board.js +169 -59
  7. package/dist/cjs/apps/corporate/state-machines/corp-entity.js +245 -47
  8. package/dist/cjs/apps/corporate/state-machines/corp-securities.js +407 -99
  9. package/dist/cjs/apps/corporate/state-machines/corp-shareholders.js +151 -37
  10. package/dist/cjs/apps/governance/index.js +14 -14
  11. package/dist/cjs/apps/governance/state-machines/dao-multisig.js +58 -40
  12. package/dist/cjs/apps/governance/state-machines/dao-reputation.js +46 -40
  13. package/dist/cjs/apps/governance/state-machines/dao-single.js +28 -11
  14. package/dist/cjs/apps/governance/state-machines/dao-token.js +67 -41
  15. package/dist/cjs/apps/governance/state-machines/governance-simple.js +93 -61
  16. package/dist/cjs/apps/governance/state-machines/governance-universal.js +2 -2
  17. package/dist/cjs/apps/identity/constants.js +55 -14
  18. package/dist/cjs/apps/identity/index.js +27 -11
  19. package/dist/cjs/apps/identity/state-machines/identity-agent.js +3 -3
  20. package/dist/cjs/apps/identity/state-machines/identity-oracle.js +25 -22
  21. package/dist/cjs/apps/identity/state-machines/identity-registry.js +288 -0
  22. package/dist/cjs/apps/identity/state-machines/identity-universal.js +3 -3
  23. package/dist/cjs/apps/identity/state-machines/index.js +3 -1
  24. package/dist/cjs/apps/index.js +19 -8
  25. package/dist/cjs/apps/lending/assets.js +223 -0
  26. package/dist/cjs/apps/lending/credit-scoring.js +87 -0
  27. package/dist/cjs/apps/lending/eligibility.js +121 -0
  28. package/dist/cjs/apps/lending/index.js +91 -0
  29. package/dist/cjs/apps/lending/state-machines/index.js +9 -0
  30. package/dist/cjs/apps/lending/state-machines/lending-zk-loan.js +412 -0
  31. package/dist/cjs/apps/markets/index.js +21 -11
  32. package/dist/cjs/apps/markets/state-machines/market-auction.js +14 -13
  33. package/dist/cjs/apps/markets/state-machines/market-crowdfund.js +29 -24
  34. package/dist/cjs/apps/markets/state-machines/market-group-buy.js +24 -26
  35. package/dist/cjs/apps/markets/state-machines/market-prediction.js +80 -53
  36. package/dist/cjs/apps/markets/state-machines/market-universal.js +5 -5
  37. package/dist/cjs/apps/oracles/index.js +2 -2
  38. package/dist/cjs/errors.js +3 -3
  39. package/dist/cjs/generated/google/protobuf/struct.js +4 -4
  40. package/dist/cjs/generated/index.js +11 -7
  41. package/dist/cjs/generated/openapi.js +6 -0
  42. package/dist/cjs/generated/ottochain/apps/contracts/v1/contract.js +50 -50
  43. package/dist/cjs/generated/ottochain/apps/corporate/v1/corporate.js +19 -20
  44. package/dist/cjs/generated/ottochain/apps/governance/v1/governance.js +13 -13
  45. package/dist/cjs/generated/ottochain/apps/identity/v1/attestation.js +4 -4
  46. package/dist/cjs/generated/ottochain/apps/identity/v1/identity.js +124 -130
  47. package/dist/cjs/generated/ottochain/apps/markets/v1/market.js +107 -107
  48. package/dist/cjs/generated/ottochain/v1/common.js +4 -4
  49. package/dist/cjs/generated/ottochain/v1/fiber.js +4 -4
  50. package/dist/cjs/index.js +41 -7
  51. package/dist/cjs/openapi.js +2 -0
  52. package/dist/cjs/ottochain/drop-nulls.js +1 -2
  53. package/dist/cjs/ottochain/genesis-manifest.js +11 -11
  54. package/dist/cjs/ottochain/index.js +23 -13
  55. package/dist/cjs/ottochain/metagraph-client.js +65 -8
  56. package/dist/cjs/ottochain/snapshot.js +11 -12
  57. package/dist/cjs/ottochain/transaction.js +57 -14
  58. package/dist/cjs/ottochain/types.js +16 -2
  59. package/dist/cjs/privacy/index.js +14 -0
  60. package/dist/cjs/privacy/sealed-bid.js +210 -0
  61. package/dist/cjs/privacy/shield-app.js +131 -0
  62. package/dist/cjs/schema/effects.js +40 -0
  63. package/dist/cjs/schema/fiber-app.js +19 -13
  64. package/dist/cjs/schema/guard-lint.js +352 -0
  65. package/dist/cjs/schema/guards.js +246 -0
  66. package/dist/cjs/signing.js +80 -0
  67. package/dist/cjs/types.js +2 -3
  68. package/dist/cjs/validation.js +8 -8
  69. package/dist/cjs/verify.js +9 -4
  70. package/dist/cjs/zk/commit.js +53 -0
  71. package/dist/cjs/zk/guard.js +107 -0
  72. package/dist/cjs/zk/index.js +48 -0
  73. package/dist/cjs/zk/preimage.js +37 -0
  74. package/dist/cjs/zk/prover.js +87 -0
  75. package/dist/cjs/zk/registry.js +62 -0
  76. package/dist/cjs/zk/types.js +28 -0
  77. package/dist/cjs/zk/witness.js +19 -0
  78. package/dist/esm/apps/contracts/index.js +7 -3
  79. package/dist/esm/apps/contracts/state-machines/contract-agreement.js +35 -40
  80. package/dist/esm/apps/contracts/state-machines/contract-escrow.js +80 -37
  81. package/dist/esm/apps/contracts/state-machines/contract-universal.js +4 -4
  82. package/dist/esm/apps/corporate/state-machines/corp-board.js +169 -59
  83. package/dist/esm/apps/corporate/state-machines/corp-entity.js +245 -47
  84. package/dist/esm/apps/corporate/state-machines/corp-securities.js +407 -99
  85. package/dist/esm/apps/corporate/state-machines/corp-shareholders.js +151 -37
  86. package/dist/esm/apps/governance/state-machines/dao-multisig.js +58 -40
  87. package/dist/esm/apps/governance/state-machines/dao-reputation.js +46 -40
  88. package/dist/esm/apps/governance/state-machines/dao-single.js +28 -11
  89. package/dist/esm/apps/governance/state-machines/dao-token.js +67 -41
  90. package/dist/esm/apps/governance/state-machines/governance-simple.js +93 -61
  91. package/dist/esm/apps/governance/state-machines/governance-universal.js +2 -2
  92. package/dist/esm/apps/identity/constants.js +51 -12
  93. package/dist/esm/apps/identity/index.js +12 -7
  94. package/dist/esm/apps/identity/state-machines/identity-agent.js +3 -3
  95. package/dist/esm/apps/identity/state-machines/identity-oracle.js +25 -22
  96. package/dist/esm/apps/identity/state-machines/identity-registry.js +285 -0
  97. package/dist/esm/apps/identity/state-machines/identity-universal.js +3 -3
  98. package/dist/esm/apps/identity/state-machines/index.js +1 -0
  99. package/dist/esm/apps/index.js +1 -0
  100. package/dist/esm/apps/lending/assets.js +207 -0
  101. package/dist/esm/apps/lending/credit-scoring.js +81 -0
  102. package/dist/esm/apps/lending/eligibility.js +115 -0
  103. package/dist/esm/apps/lending/index.js +69 -0
  104. package/dist/esm/apps/lending/state-machines/index.js +5 -0
  105. package/dist/esm/apps/lending/state-machines/lending-zk-loan.js +409 -0
  106. package/dist/esm/apps/markets/index.js +8 -4
  107. package/dist/esm/apps/markets/state-machines/market-auction.js +14 -13
  108. package/dist/esm/apps/markets/state-machines/market-crowdfund.js +29 -24
  109. package/dist/esm/apps/markets/state-machines/market-group-buy.js +24 -26
  110. package/dist/esm/apps/markets/state-machines/market-prediction.js +80 -53
  111. package/dist/esm/apps/markets/state-machines/market-universal.js +5 -5
  112. package/dist/esm/generated/index.js +9 -5
  113. package/dist/esm/generated/openapi.js +5 -0
  114. package/dist/esm/generated/ottochain/apps/contracts/v1/contract.js +46 -46
  115. package/dist/esm/generated/ottochain/apps/identity/v1/identity.js +114 -120
  116. package/dist/esm/generated/ottochain/apps/markets/v1/market.js +100 -100
  117. package/dist/esm/index.js +21 -2
  118. package/dist/esm/openapi.js +1 -0
  119. package/dist/esm/ottochain/genesis-manifest.js +9 -9
  120. package/dist/esm/ottochain/index.js +2 -3
  121. package/dist/esm/ottochain/metagraph-client.js +65 -8
  122. package/dist/esm/ottochain/snapshot.js +4 -4
  123. package/dist/esm/ottochain/transaction.js +43 -3
  124. package/dist/esm/ottochain/types.js +15 -1
  125. package/dist/esm/privacy/index.js +6 -0
  126. package/dist/esm/privacy/sealed-bid.js +206 -0
  127. package/dist/esm/privacy/shield-app.js +127 -0
  128. package/dist/esm/schema/effects.js +35 -0
  129. package/dist/esm/schema/fiber-app.js +13 -6
  130. package/dist/esm/schema/guard-lint.js +346 -0
  131. package/dist/esm/schema/guards.js +229 -0
  132. package/dist/esm/signing.js +74 -0
  133. package/dist/esm/verify.js +8 -2
  134. package/dist/esm/zk/commit.js +44 -0
  135. package/dist/esm/zk/guard.js +99 -0
  136. package/dist/esm/zk/index.js +19 -0
  137. package/dist/esm/zk/preimage.js +30 -0
  138. package/dist/esm/zk/prover.js +82 -0
  139. package/dist/esm/zk/registry.js +55 -0
  140. package/dist/esm/zk/types.js +25 -0
  141. package/dist/esm/zk/witness.js +15 -0
  142. package/dist/types/apps/contracts/index.d.ts +69 -209
  143. package/dist/types/apps/contracts/state-machines/contract-agreement.d.ts +20 -95
  144. package/dist/types/apps/contracts/state-machines/contract-escrow.d.ts +46 -112
  145. package/dist/types/apps/corporate/index.d.ts +1040 -304
  146. package/dist/types/apps/corporate/state-machines/corp-board.d.ts +188 -52
  147. package/dist/types/apps/corporate/state-machines/corp-entity.d.ts +267 -62
  148. package/dist/types/apps/corporate/state-machines/corp-securities.d.ts +355 -131
  149. package/dist/types/apps/corporate/state-machines/corp-shareholders.d.ts +225 -53
  150. package/dist/types/apps/governance/index.d.ts +296 -398
  151. package/dist/types/apps/governance/state-machines/dao-multisig.d.ts +77 -92
  152. package/dist/types/apps/governance/state-machines/dao-reputation.d.ts +42 -66
  153. package/dist/types/apps/governance/state-machines/dao-single.d.ts +25 -47
  154. package/dist/types/apps/governance/state-machines/dao-token.d.ts +60 -49
  155. package/dist/types/apps/governance/state-machines/governance-simple.d.ts +87 -117
  156. package/dist/types/apps/governance/state-machines/governance-universal.d.ts +2 -2
  157. package/dist/types/apps/identity/constants.d.ts +32 -4
  158. package/dist/types/apps/identity/index.d.ts +378 -94
  159. package/dist/types/apps/identity/state-machines/identity-oracle.d.ts +16 -87
  160. package/dist/types/apps/identity/state-machines/identity-registry.d.ts +379 -0
  161. package/dist/types/apps/identity/state-machines/index.d.ts +1 -0
  162. package/dist/types/apps/index.d.ts +1 -0
  163. package/dist/types/apps/lending/assets.d.ts +258 -0
  164. package/dist/types/apps/lending/credit-scoring.d.ts +80 -0
  165. package/dist/types/apps/lending/eligibility.d.ts +83 -0
  166. package/dist/types/apps/lending/index.d.ts +548 -0
  167. package/dist/types/apps/lending/state-machines/index.d.ts +5 -0
  168. package/dist/types/apps/lending/state-machines/lending-zk-loan.d.ts +528 -0
  169. package/dist/types/apps/markets/index.d.ts +108 -203
  170. package/dist/types/apps/markets/state-machines/market-auction.d.ts +13 -37
  171. package/dist/types/apps/markets/state-machines/market-crowdfund.d.ts +16 -34
  172. package/dist/types/apps/markets/state-machines/market-group-buy.d.ts +17 -43
  173. package/dist/types/apps/markets/state-machines/market-prediction.d.ts +51 -72
  174. package/dist/types/apps/markets/state-machines/market-universal.d.ts +5 -5
  175. package/dist/types/generated/index.d.ts +5 -5
  176. package/dist/types/generated/openapi.d.ts +1257 -0
  177. package/dist/types/generated/ottochain/apps/contracts/v1/contract.d.ts +5 -5
  178. package/dist/types/generated/ottochain/apps/identity/v1/identity.d.ts +12 -12
  179. package/dist/types/generated/ottochain/apps/markets/v1/market.d.ts +11 -11
  180. package/dist/types/index.d.ts +6 -2
  181. package/dist/types/openapi.d.ts +22 -0
  182. package/dist/types/ottochain/genesis-manifest.d.ts +5 -5
  183. package/dist/types/ottochain/index.d.ts +5 -6
  184. package/dist/types/ottochain/metagraph-client.d.ts +49 -7
  185. package/dist/types/ottochain/snapshot.d.ts +6 -6
  186. package/dist/types/ottochain/transaction.d.ts +33 -1
  187. package/dist/types/ottochain/types.d.ts +335 -30
  188. package/dist/types/privacy/index.d.ts +6 -0
  189. package/dist/types/privacy/sealed-bid.d.ts +348 -0
  190. package/dist/types/privacy/shield-app.d.ts +48 -0
  191. package/dist/types/schema/effects.d.ts +34 -0
  192. package/dist/types/schema/fiber-app.d.ts +1 -2
  193. package/dist/types/schema/guard-lint.d.ts +111 -0
  194. package/dist/types/schema/guards.d.ts +134 -0
  195. package/dist/types/signing.d.ts +45 -0
  196. package/dist/types/validation.d.ts +22 -217
  197. package/dist/types/verify.d.ts +4 -0
  198. package/dist/types/zk/commit.d.ts +28 -0
  199. package/dist/types/zk/guard.d.ts +46 -0
  200. package/dist/types/zk/index.d.ts +19 -0
  201. package/dist/types/zk/preimage.d.ts +10 -0
  202. package/dist/types/zk/prover.d.ts +34 -0
  203. package/dist/types/zk/registry.d.ts +34 -0
  204. package/dist/types/zk/types.d.ts +33 -0
  205. package/dist/types/zk/witness.d.ts +40 -0
  206. package/package.json +27 -13
  207. package/dist/cjs/ottochain/normalize.js +0 -186
  208. package/dist/esm/ottochain/normalize.js +0 -179
  209. package/dist/types/ottochain/normalize.d.ts +0 -79
@@ -5,7 +5,7 @@
5
5
  *
6
6
  * @packageDocumentation
7
7
  */
8
- import { IdentityState } from "../../generated/ottochain/apps/identity/v1/identity.js";
8
+ import { State } from "../../generated/ottochain/apps/identity/v1/identity.js";
9
9
  import { AttestationType } from "../../generated/ottochain/apps/identity/v1/attestation.js";
10
10
  // ---------------------------------------------------------------------------
11
11
  // State Machine Transitions
@@ -16,25 +16,25 @@ import { AttestationType } from "../../generated/ottochain/apps/identity/v1/atte
16
16
  * Note: Some transitions are type-specific (agent vs oracle)
17
17
  */
18
18
  export const IDENTITY_TRANSITIONS = {
19
- [IdentityState.IDENTITY_STATE_UNSPECIFIED]: [],
20
- [IdentityState.IDENTITY_STATE_UNREGISTERED]: ["register"],
21
- [IdentityState.IDENTITY_STATE_REGISTERED]: ["activate", "withdraw"],
22
- [IdentityState.IDENTITY_STATE_ACTIVE]: [
19
+ [State.IDENTITY_STATE_UNSPECIFIED]: [],
20
+ [State.IDENTITY_STATE_UNREGISTERED]: ["register"],
21
+ [State.IDENTITY_STATE_REGISTERED]: ["activate", "withdraw"],
22
+ [State.IDENTITY_STATE_ACTIVE]: [
23
23
  "challenge",
24
24
  "slash",
25
25
  "deactivate",
26
26
  "withdraw",
27
27
  ],
28
- [IdentityState.IDENTITY_STATE_CHALLENGED]: [
28
+ [State.IDENTITY_STATE_CHALLENGED]: [
29
29
  "uphold_challenge",
30
30
  "dismiss_challenge",
31
31
  ],
32
- [IdentityState.IDENTITY_STATE_SUSPENDED]: ["begin_probation"],
33
- [IdentityState.IDENTITY_STATE_PROBATION]: ["complete_probation"],
34
- [IdentityState.IDENTITY_STATE_SLASHED]: ["reactivate", "withdraw"],
35
- [IdentityState.IDENTITY_STATE_INACTIVE]: ["activate", "withdraw"],
36
- [IdentityState.IDENTITY_STATE_WITHDRAWN]: [], // Terminal state
37
- [IdentityState.UNRECOGNIZED]: [],
32
+ [State.IDENTITY_STATE_SUSPENDED]: ["begin_probation"],
33
+ [State.IDENTITY_STATE_PROBATION]: ["complete_probation"],
34
+ [State.IDENTITY_STATE_SLASHED]: ["reactivate", "withdraw"],
35
+ [State.IDENTITY_STATE_INACTIVE]: ["activate", "withdraw"],
36
+ [State.IDENTITY_STATE_WITHDRAWN]: [], // Terminal state
37
+ [State.UNRECOGNIZED]: [],
38
38
  };
39
39
  // Legacy alias
40
40
  export const AGENT_TRANSITIONS = IDENTITY_TRANSITIONS;
@@ -53,6 +53,45 @@ export const ATTESTATION_DELTAS = {
53
53
  [AttestationType.ATTESTATION_TYPE_BEHAVIORAL]: 3,
54
54
  [AttestationType.UNRECOGNIZED]: 0,
55
55
  };
56
+ // ---------------------------------------------------------------------------
57
+ // Identity Registry — role attestations
58
+ // ---------------------------------------------------------------------------
59
+ /**
60
+ * Role-attestation types issued by the identity registry (identity-registry fiber).
61
+ * These are the ecosystem-wide authority roles consumer apps gate on via the registry
62
+ * dependency + `signerHasRole` (see docs/design/app-hardening-identity-integration.md §4.2).
63
+ */
64
+ export const REGISTRY_ROLES = {
65
+ ARBITER: "ARBITER",
66
+ SLASHER: "SLASHER",
67
+ ISSUER: "ISSUER",
68
+ BOARD_MEMBER: "BOARD_MEMBER",
69
+ };
70
+ /**
71
+ * Maps each role to the registry's flat per-role state-map field. A consumer app reads
72
+ * `machines.<registryDep>.state.<field>` (a `{ <address>: true }` map) and binds membership to a
73
+ * verified signer with `signerHasRole`. Kept in lock-step with the identity-registry stateSchema.
74
+ */
75
+ export const REGISTRY_ROLE_MAP = {
76
+ ARBITER: "arbiters",
77
+ SLASHER: "slashers",
78
+ ISSUER: "issuers",
79
+ BOARD_MEMBER: "boardMembers",
80
+ };
81
+ /**
82
+ * Build the `machines.<registryDep>.state.<roleMap>` var path a consumer guard reads to check a role,
83
+ * e.g. `registryRolePath("reg-uuid", "ARBITER")` → `"machines.reg-uuid.state.arbiters"`.
84
+ */
85
+ export function registryRolePath(registryDep, role) {
86
+ return `machines.${registryDep}.state.${REGISTRY_ROLE_MAP[role]}`;
87
+ }
88
+ /**
89
+ * Build the `machines.<registryDep>.state.reputations` var path a consumer guard reads for a
90
+ * reputation gate (`signerHasReputation`).
91
+ */
92
+ export function registryReputationPath(registryDep) {
93
+ return `machines.${registryDep}.state.reputations`;
94
+ }
56
95
  /**
57
96
  * Check if a transition is valid for the given state.
58
97
  */
@@ -16,13 +16,17 @@
16
16
  *
17
17
  * @packageDocumentation
18
18
  */
19
- // Re-export generated protobuf types (source of truth)
20
- export { IdentityType, IdentityState, Platform, PlatformLink, Reputation, PenaltyEvent, Identity, RegisterIdentityRequest, ActivateIdentityRequest, LinkPlatformRequest, ChallengeIdentityRequest, AddStakeRequest, WithdrawIdentityRequest, IdentityDefinition, identityTypeFromJSON, identityTypeToJSON, identityStateFromJSON, identityStateToJSON, platformFromJSON, platformToJSON, } from "../../generated/ottochain/apps/identity/v1/identity.js";
19
+ // Re-export generated protobuf types (source of truth).
20
+ // The nested lifecycle/kind enums dropped their app prefix in the proto; under
21
+ // this app-scoped entrypoint they are unambiguously Type / State.
22
+ export { Type, State, Platform, PlatformLink, Reputation, PenaltyEvent, Identity, RegisterIdentityRequest, ActivateIdentityRequest, LinkPlatformRequest, ChallengeIdentityRequest, AddStakeRequest, WithdrawIdentityRequest, IdentityDefinition, typeFromJSON, typeToJSON, stateFromJSON, stateToJSON, platformFromJSON, platformToJSON, } from "../../generated/ottochain/apps/identity/v1/identity.js";
21
23
  // Legacy aliases for backward compatibility
22
- export { IdentityState as AgentState } from "../../generated/ottochain/apps/identity/v1/identity.js";
24
+ export { State as AgentState } from "../../generated/ottochain/apps/identity/v1/identity.js";
25
+ // Deprecated app-prefixed aliases (renamed to Type / State); kept for compat.
26
+ export { Type as IdentityType, State as IdentityState, typeFromJSON as identityTypeFromJSON, typeToJSON as identityTypeToJSON, stateFromJSON as identityStateFromJSON, stateToJSON as identityStateToJSON, } from "../../generated/ottochain/apps/identity/v1/identity.js";
23
27
  export { AttestationType, ReputationDelta, Attestation, VouchRequest, ChallengeRequest, ReputationConfig, attestationTypeFromJSON, attestationTypeToJSON, } from "../../generated/ottochain/apps/identity/v1/attestation.js";
24
28
  // Re-export constants and utilities
25
- export { IDENTITY_TRANSITIONS, AGENT_TRANSITIONS, ATTESTATION_DELTAS, canTransition, getReputationDelta, } from "./constants.js";
29
+ export { IDENTITY_TRANSITIONS, AGENT_TRANSITIONS, ATTESTATION_DELTAS, REGISTRY_ROLES, REGISTRY_ROLE_MAP, registryRolePath, registryReputationPath, canTransition, getReputationDelta, } from "./constants.js";
26
30
  // ---------------------------------------------------------------------------
27
31
  // Configuration Defaults
28
32
  // ---------------------------------------------------------------------------
@@ -41,17 +45,18 @@ export const DEFAULT_REPUTATION_CONFIG = {
41
45
  // ---------------------------------------------------------------------------
42
46
  // State Machine Definitions (generated from JSON at build time)
43
47
  // ---------------------------------------------------------------------------
44
- import { identityUniversalDef, identityAgentDef, identityOracleDef, } from "./state-machines/index.js";
45
- export { identityUniversalDef, identityAgentDef, identityOracleDef };
48
+ import { identityUniversalDef, identityAgentDef, identityOracleDef, identityRegistryDef, } from "./state-machines/index.js";
49
+ export { identityUniversalDef, identityAgentDef, identityOracleDef, identityRegistryDef, };
46
50
  /** All identity state machine definitions */
47
51
  export const IDENTITY_DEFINITIONS = {
48
52
  universal: identityUniversalDef,
49
53
  agent: identityAgentDef,
50
54
  oracle: identityOracleDef,
55
+ registry: identityRegistryDef,
51
56
  };
52
57
  /**
53
58
  * Get an identity state machine definition by type.
54
- * @param type - 'universal' | 'agent' | 'oracle' (default: 'agent')
59
+ * @param type - 'universal' | 'agent' | 'oracle' | 'registry' (default: 'agent')
55
60
  */
56
61
  export function getIdentityDefinition(type = "agent") {
57
62
  return IDENTITY_DEFINITIONS[type];
@@ -194,7 +194,7 @@ export const identityAgentDef = defineFiberApp({
194
194
  effect: {
195
195
  merge: [
196
196
  { var: "state" },
197
- { status: "ACTIVE", activatedAt: { var: "$timestamp" } },
197
+ { status: "ACTIVE", activatedAt: { var: "$ordinal" } },
198
198
  ],
199
199
  },
200
200
  },
@@ -251,7 +251,7 @@ export const identityAgentDef = defineFiberApp({
251
251
  effect: {
252
252
  merge: [
253
253
  { var: "state" },
254
- { status: "SUSPENDED", suspendedAt: { var: "$timestamp" } },
254
+ { status: "SUSPENDED", suspendedAt: { var: "$ordinal" } },
255
255
  ],
256
256
  },
257
257
  },
@@ -263,7 +263,7 @@ export const identityAgentDef = defineFiberApp({
263
263
  effect: {
264
264
  merge: [
265
265
  { var: "state" },
266
- { status: "PROBATION", probationStartedAt: { var: "$timestamp" } },
266
+ { status: "PROBATION", probationStartedAt: { var: "$ordinal" } },
267
267
  ],
268
268
  },
269
269
  },
@@ -1,4 +1,5 @@
1
1
  import { defineFiberApp } from "../../../schema/fiber-app.js";
2
+ import { signerIsParty } from "../../../schema/guards.js";
2
3
  /**
3
4
  * Oracle identity with staking, attestations, reputation, and slashing mechanics.
4
5
  */
@@ -11,13 +12,18 @@ export const identityOracleDef = defineFiberApp({
11
12
  description: "Oracle identity with staking, attestations, reputation, and slashing mechanics",
12
13
  },
13
14
  createSchema: {
14
- required: ["owner", "stake", "domains"],
15
+ required: ["owner", "stake", "domains", "slasher"],
15
16
  properties: {
16
17
  owner: {
17
18
  type: "address",
18
19
  description: "Oracle owner DAG address",
19
20
  immutable: true,
20
21
  },
22
+ slasher: {
23
+ type: "address",
24
+ description: "DAG address of the slasher authorized to penalize this oracle's stake",
25
+ immutable: true,
26
+ },
21
27
  stake: {
22
28
  type: "integer",
23
29
  minimum: 0,
@@ -38,6 +44,7 @@ export const identityOracleDef = defineFiberApp({
38
44
  stateSchema: {
39
45
  properties: {
40
46
  owner: { type: "address", immutable: true },
47
+ slasher: { type: "address", immutable: true },
41
48
  address: { type: "address", computed: true },
42
49
  stake: { type: "integer", computed: true },
43
50
  minStake: { type: "integer" },
@@ -85,7 +92,6 @@ export const identityOracleDef = defineFiberApp({
85
92
  required: ["agent"],
86
93
  properties: {
87
94
  agent: { type: "address" },
88
- adminOverride: { type: "boolean", default: false },
89
95
  },
90
96
  },
91
97
  add_stake: {
@@ -189,7 +195,7 @@ export const identityOracleDef = defineFiberApp({
189
195
  status: "REGISTERED",
190
196
  address: { var: "event.agent" },
191
197
  stake: { var: "event.stake" },
192
- registeredAt: { var: "$timestamp" },
198
+ registeredAt: { var: "$ordinal" },
193
199
  reputation: {
194
200
  accuracy: 100,
195
201
  totalResolutions: 0,
@@ -206,16 +212,12 @@ export const identityOracleDef = defineFiberApp({
206
212
  from: "REGISTERED",
207
213
  to: "ACTIVE",
208
214
  eventName: "activate",
209
- guard: {
210
- or: [
211
- { "===": [{ var: "event.agent" }, { var: "state.address" }] },
212
- { var: "event.adminOverride" },
213
- ],
214
- },
215
+ // authority gate — an ARBITER/SLASHER attestation check layers on additively when the identity registry lands (see docs/design/app-hardening-identity-integration.md §4.2)
216
+ guard: signerIsParty("state.address"),
215
217
  effect: {
216
218
  merge: [
217
219
  { var: "state" },
218
- { status: "ACTIVE", activatedAt: { var: "$timestamp" } },
220
+ { status: "ACTIVE", activatedAt: { var: "$ordinal" } },
219
221
  ],
220
222
  },
221
223
  },
@@ -225,7 +227,7 @@ export const identityOracleDef = defineFiberApp({
225
227
  eventName: "add_stake",
226
228
  guard: {
227
229
  and: [
228
- { "===": [{ var: "event.agent" }, { var: "state.address" }] },
230
+ signerIsParty("state.address"),
229
231
  { ">": [{ var: "event.amount" }, 0] },
230
232
  ],
231
233
  },
@@ -234,7 +236,7 @@ export const identityOracleDef = defineFiberApp({
234
236
  { var: "state" },
235
237
  {
236
238
  stake: { "+": [{ var: "state.stake" }, { var: "event.amount" }] },
237
- lastStakeAt: { var: "$timestamp" },
239
+ lastStakeAt: { var: "$ordinal" },
238
240
  },
239
241
  ],
240
242
  },
@@ -265,7 +267,7 @@ export const identityOracleDef = defineFiberApp({
265
267
  },
266
268
  ],
267
269
  },
268
- lastResolutionAt: { var: "$timestamp" },
270
+ lastResolutionAt: { var: "$ordinal" },
269
271
  },
270
272
  ],
271
273
  },
@@ -274,9 +276,10 @@ export const identityOracleDef = defineFiberApp({
274
276
  from: "ACTIVE",
275
277
  to: "SLASHED",
276
278
  eventName: "slash",
279
+ // authority gate — an ARBITER/SLASHER attestation check layers on additively when the identity registry lands (see docs/design/app-hardening-identity-integration.md §4.2)
277
280
  guard: {
278
281
  and: [
279
- { var: "event.reason" },
282
+ signerIsParty("state.slasher"),
280
283
  { ">": [{ var: "event.amount" }, 0] },
281
284
  { "<=": [{ var: "event.amount" }, { var: "state.stake" }] },
282
285
  ],
@@ -295,12 +298,12 @@ export const identityOracleDef = defineFiberApp({
295
298
  reason: { var: "event.reason" },
296
299
  amount: { var: "event.amount" },
297
300
  marketId: { var: "event.marketId" },
298
- slashedAt: { var: "$timestamp" },
301
+ slashedAt: { var: "$ordinal" },
299
302
  },
300
303
  ],
301
304
  ],
302
305
  },
303
- slashedAt: { var: "$timestamp" },
306
+ slashedAt: { var: "$ordinal" },
304
307
  },
305
308
  ],
306
309
  },
@@ -311,14 +314,14 @@ export const identityOracleDef = defineFiberApp({
311
314
  eventName: "reactivate",
312
315
  guard: {
313
316
  and: [
314
- { "===": [{ var: "event.agent" }, { var: "state.address" }] },
317
+ signerIsParty("state.address"),
315
318
  { ">=": [{ var: "state.stake" }, { var: "state.minStake" }] },
316
319
  ],
317
320
  },
318
321
  effect: {
319
322
  merge: [
320
323
  { var: "state" },
321
- { status: "ACTIVE", reactivatedAt: { var: "$timestamp" } },
324
+ { status: "ACTIVE", reactivatedAt: { var: "$ordinal" } },
322
325
  ],
323
326
  },
324
327
  },
@@ -326,13 +329,13 @@ export const identityOracleDef = defineFiberApp({
326
329
  from: "ACTIVE",
327
330
  to: "WITHDRAWN",
328
331
  eventName: "withdraw",
329
- guard: { "===": [{ var: "event.agent" }, { var: "state.address" }] },
332
+ guard: signerIsParty("state.address"),
330
333
  effect: {
331
334
  merge: [
332
335
  { var: "state" },
333
336
  {
334
337
  status: "WITHDRAWN",
335
- withdrawnAt: { var: "$timestamp" },
338
+ withdrawnAt: { var: "$ordinal" },
336
339
  finalStake: { var: "state.stake" },
337
340
  },
338
341
  ],
@@ -342,13 +345,13 @@ export const identityOracleDef = defineFiberApp({
342
345
  from: "SLASHED",
343
346
  to: "WITHDRAWN",
344
347
  eventName: "withdraw",
345
- guard: { "===": [{ var: "event.agent" }, { var: "state.address" }] },
348
+ guard: signerIsParty("state.address"),
346
349
  effect: {
347
350
  merge: [
348
351
  { var: "state" },
349
352
  {
350
353
  status: "WITHDRAWN",
351
- withdrawnAt: { var: "$timestamp" },
354
+ withdrawnAt: { var: "$ordinal" },
352
355
  finalStake: { var: "state.stake" },
353
356
  },
354
357
  ],
@@ -0,0 +1,285 @@
1
+ import { defineFiberApp } from "../../../schema/fiber-app.js";
2
+ import { signerIsParty } from "../../../schema/guards.js";
3
+ /**
4
+ * Identity Registry — the ecosystem authority & reputation source.
5
+ *
6
+ * Aggregates, under a single authority-governed fiber:
7
+ * - `reputations: { <address>: int }` — the public reputation read by reputation-gated apps
8
+ * (dao-reputation, credit-scoring) via a declared dependency + the `signerHasReputation` helper.
9
+ * - role attestations (ARBITER / SLASHER / ISSUER / BOARD_MEMBER) as FLAT per-role maps
10
+ * `{ <address>: true }`, read via the `signerHasRole` helper for judicial / issuance / governance
11
+ * authority gates.
12
+ *
13
+ * Writes are gated to the registry's pinned `authority` (immutable, set at create) and bound to the
14
+ * CHAIN-VERIFIED signer via `signerIsParty("state.authority")` — never `event.agent`. Reads happen
15
+ * cross-fiber: a consumer app declares this registry as a dependency and reads
16
+ * `machines.<registryDep>.state.reputations` / `.arbiters` / … bound to `proofs[].address`.
17
+ *
18
+ * Roles are flat per-role maps rather than a nested `roles[addr][ROLE]` map on purpose: metakit
19
+ * `get`/`has` on a NULL inner map throw (they are not null-total), so a nested read would error for
20
+ * any signer with no roles entry — the common case. Flat maps keep both the write (`set`/`unset`) and
21
+ * the read (`has`) total and fail-closed. New role types are added as new state maps + a cascade arm.
22
+ *
23
+ * See docs/design/app-hardening-identity-integration.md §3–§4 and src/schema/guards.ts
24
+ * (signerHasReputation / signerHasRole).
25
+ */
26
+ export const identityRegistryDef = defineFiberApp({
27
+ metadata: {
28
+ name: "IdentityRegistry",
29
+ app: "identity",
30
+ type: "registry",
31
+ version: "1.0.0",
32
+ description: "Ecosystem reputation + role-attestation registry; authority-gated writes, dependency reads.",
33
+ crossReferences: {
34
+ IdentityAgent: "per-agent reputation source",
35
+ Governance: "reputation-gated participation",
36
+ Contracts: "ARBITER-gated dispute settlement",
37
+ Corporate: "ISSUER / BOARD_MEMBER authority",
38
+ },
39
+ },
40
+ createSchema: {
41
+ required: ["authority"],
42
+ properties: {
43
+ authority: {
44
+ type: "address",
45
+ description: "DAG address authorized to write reputation + role attestations (immutable)",
46
+ immutable: true,
47
+ },
48
+ },
49
+ },
50
+ stateSchema: {
51
+ properties: {
52
+ authority: { type: "address", immutable: true },
53
+ // { <address>: int } — public reputation, read via signerHasReputation
54
+ reputations: { type: "object", computed: true },
55
+ // FLAT per-role attestation maps { <address>: true }, read via signerHasRole
56
+ arbiters: { type: "object", computed: true },
57
+ slashers: { type: "object", computed: true },
58
+ issuers: { type: "object", computed: true },
59
+ boardMembers: { type: "object", computed: true },
60
+ },
61
+ },
62
+ eventSchemas: {
63
+ set_reputation: {
64
+ description: "Authority sets an address's reputation to an absolute score",
65
+ required: ["subject", "score"],
66
+ properties: {
67
+ subject: { type: "address" },
68
+ score: { type: "integer" },
69
+ },
70
+ },
71
+ adjust_reputation: {
72
+ description: "Authority adjusts an address's reputation by a signed delta",
73
+ required: ["subject", "delta"],
74
+ properties: {
75
+ subject: { type: "address" },
76
+ delta: { type: "integer" },
77
+ },
78
+ },
79
+ grant_role: {
80
+ description: "Authority grants a role attestation (ARBITER|SLASHER|ISSUER|BOARD_MEMBER) to an address",
81
+ required: ["subject", "role"],
82
+ properties: {
83
+ subject: { type: "address" },
84
+ role: {
85
+ type: "string",
86
+ enum: ["ARBITER", "SLASHER", "ISSUER", "BOARD_MEMBER"],
87
+ },
88
+ },
89
+ },
90
+ revoke_role: {
91
+ description: "Authority revokes a role attestation from an address",
92
+ required: ["subject", "role"],
93
+ properties: {
94
+ subject: { type: "address" },
95
+ role: {
96
+ type: "string",
97
+ enum: ["ARBITER", "SLASHER", "ISSUER", "BOARD_MEMBER"],
98
+ },
99
+ },
100
+ },
101
+ },
102
+ states: {
103
+ ACTIVE: {
104
+ id: "ACTIVE",
105
+ isFinal: false,
106
+ metadata: {
107
+ label: "Active",
108
+ description: "Registry accepting authority writes",
109
+ category: "active",
110
+ },
111
+ },
112
+ },
113
+ initialState: "ACTIVE",
114
+ transitions: [
115
+ // ACTIVE → ACTIVE: set_reputation (absolute)
116
+ {
117
+ from: "ACTIVE",
118
+ to: "ACTIVE",
119
+ eventName: "set_reputation",
120
+ guard: signerIsParty("state.authority"),
121
+ effect: {
122
+ merge: [
123
+ { var: "state" },
124
+ {
125
+ reputations: {
126
+ set: [
127
+ { var: "state.reputations" },
128
+ { var: "event.subject" },
129
+ { var: "event.score" },
130
+ ],
131
+ },
132
+ },
133
+ ],
134
+ },
135
+ dependencies: [],
136
+ },
137
+ // ACTIVE → ACTIVE: adjust_reputation (signed delta; absent subject starts from 0)
138
+ {
139
+ from: "ACTIVE",
140
+ to: "ACTIVE",
141
+ eventName: "adjust_reputation",
142
+ guard: signerIsParty("state.authority"),
143
+ effect: {
144
+ merge: [
145
+ { var: "state" },
146
+ {
147
+ reputations: {
148
+ set: [
149
+ { var: "state.reputations" },
150
+ { var: "event.subject" },
151
+ {
152
+ "+": [
153
+ {
154
+ get: [
155
+ { var: "state.reputations" },
156
+ { var: "event.subject" },
157
+ ],
158
+ },
159
+ { var: "event.delta" },
160
+ ],
161
+ },
162
+ ],
163
+ },
164
+ },
165
+ ],
166
+ },
167
+ dependencies: [],
168
+ },
169
+ // ACTIVE → ACTIVE: grant_role (cascade selects the flat per-role map)
170
+ {
171
+ from: "ACTIVE",
172
+ to: "ACTIVE",
173
+ eventName: "grant_role",
174
+ guard: signerIsParty("state.authority"),
175
+ effect: {
176
+ merge: [
177
+ { var: "state" },
178
+ {
179
+ arbiters: {
180
+ if: [
181
+ { "==": [{ var: "event.role" }, "ARBITER"] },
182
+ {
183
+ set: [
184
+ { var: "state.arbiters" },
185
+ { var: "event.subject" },
186
+ true,
187
+ ],
188
+ },
189
+ { var: "state.arbiters" },
190
+ ],
191
+ },
192
+ slashers: {
193
+ if: [
194
+ { "==": [{ var: "event.role" }, "SLASHER"] },
195
+ {
196
+ set: [
197
+ { var: "state.slashers" },
198
+ { var: "event.subject" },
199
+ true,
200
+ ],
201
+ },
202
+ { var: "state.slashers" },
203
+ ],
204
+ },
205
+ issuers: {
206
+ if: [
207
+ { "==": [{ var: "event.role" }, "ISSUER"] },
208
+ {
209
+ set: [
210
+ { var: "state.issuers" },
211
+ { var: "event.subject" },
212
+ true,
213
+ ],
214
+ },
215
+ { var: "state.issuers" },
216
+ ],
217
+ },
218
+ boardMembers: {
219
+ if: [
220
+ { "==": [{ var: "event.role" }, "BOARD_MEMBER"] },
221
+ {
222
+ set: [
223
+ { var: "state.boardMembers" },
224
+ { var: "event.subject" },
225
+ true,
226
+ ],
227
+ },
228
+ { var: "state.boardMembers" },
229
+ ],
230
+ },
231
+ },
232
+ ],
233
+ },
234
+ dependencies: [],
235
+ },
236
+ // ACTIVE → ACTIVE: revoke_role (cascade unsets from the flat per-role map)
237
+ {
238
+ from: "ACTIVE",
239
+ to: "ACTIVE",
240
+ eventName: "revoke_role",
241
+ guard: signerIsParty("state.authority"),
242
+ effect: {
243
+ merge: [
244
+ { var: "state" },
245
+ {
246
+ arbiters: {
247
+ if: [
248
+ { "==": [{ var: "event.role" }, "ARBITER"] },
249
+ { unset: [{ var: "state.arbiters" }, { var: "event.subject" }] },
250
+ { var: "state.arbiters" },
251
+ ],
252
+ },
253
+ slashers: {
254
+ if: [
255
+ { "==": [{ var: "event.role" }, "SLASHER"] },
256
+ { unset: [{ var: "state.slashers" }, { var: "event.subject" }] },
257
+ { var: "state.slashers" },
258
+ ],
259
+ },
260
+ issuers: {
261
+ if: [
262
+ { "==": [{ var: "event.role" }, "ISSUER"] },
263
+ { unset: [{ var: "state.issuers" }, { var: "event.subject" }] },
264
+ { var: "state.issuers" },
265
+ ],
266
+ },
267
+ boardMembers: {
268
+ if: [
269
+ { "==": [{ var: "event.role" }, "BOARD_MEMBER"] },
270
+ {
271
+ unset: [
272
+ { var: "state.boardMembers" },
273
+ { var: "event.subject" },
274
+ ],
275
+ },
276
+ { var: "state.boardMembers" },
277
+ ],
278
+ },
279
+ },
280
+ ],
281
+ },
282
+ dependencies: [],
283
+ },
284
+ ],
285
+ });
@@ -92,7 +92,7 @@ export const identityUniversalDef = defineFiberApp({
92
92
  effect: {
93
93
  merge: [
94
94
  { var: "state" },
95
- { status: "ACTIVE", activatedAt: { var: "$timestamp" } },
95
+ { status: "ACTIVE", activatedAt: { var: "$ordinal" } },
96
96
  ],
97
97
  },
98
98
  },
@@ -105,7 +105,7 @@ export const identityUniversalDef = defineFiberApp({
105
105
  merge: [
106
106
  { var: "state" },
107
107
  {
108
- updatedAt: { var: "$timestamp" },
108
+ updatedAt: { var: "$ordinal" },
109
109
  metadata: { var: "event.metadata" },
110
110
  },
111
111
  ],
@@ -119,7 +119,7 @@ export const identityUniversalDef = defineFiberApp({
119
119
  effect: {
120
120
  merge: [
121
121
  { var: "state" },
122
- { status: "INACTIVE", deactivatedAt: { var: "$timestamp" } },
122
+ { status: "INACTIVE", deactivatedAt: { var: "$ordinal" } },
123
123
  ],
124
124
  },
125
125
  },
@@ -5,3 +5,4 @@
5
5
  export { identityAgentDef } from './identity-agent.js';
6
6
  export { identityOracleDef } from './identity-oracle.js';
7
7
  export { identityUniversalDef } from './identity-universal.js';
8
+ export { identityRegistryDef } from './identity-registry.js';
@@ -32,3 +32,4 @@ export * as contracts from "./contracts/index.js";
32
32
  export * as markets from "./markets/index.js";
33
33
  export * as governance from "./governance/index.js";
34
34
  export * as corporate from "./corporate/index.js";
35
+ export * as lending from "./lending/index.js";