@ouro.bot/cli 0.1.0-alpha.652 → 0.1.0-alpha.654

package/dist/commerce/store.js

@@ -0,0 +1,755 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.commerceConfirmationMessage = commerceConfirmationMessage;
+exports.commerceAuthorityToken = commerceAuthorityToken;
+exports.createCommercePreview = createCommercePreview;
+exports.readCommerceRecord = readCommerceRecord;
+exports.confirmCommercePreview = confirmCommercePreview;
+exports.validateCommerceAuthorityToken = validateCommerceAuthorityToken;
+exports.validateCommerceAuthority = validateCommerceAuthority;
+exports.reserveCommerceAuthority = reserveCommerceAuthority;
+exports.consumeReservedCommerceAuthority = consumeReservedCommerceAuthority;
+exports.markReservedCommerceAuthorityAttempted = markReservedCommerceAuthorityAttempted;
+exports.releaseReservedCommerceAuthority = releaseReservedCommerceAuthority;
+exports.consumeCommerceAuthorityToken = consumeCommerceAuthorityToken;
+exports.readCommerceAccessLog = readCommerceAccessLog;
+exports.confirmationPhrase = confirmationPhrase;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const node_crypto_1 = require("node:crypto");
+const runtime_1 = require("../nerves/runtime");
+const DEFAULT_EXPIRES_MINUTES = 30;
+const CONFIRMATION_PHRASE = "CONFIRM_PURCHASE";
+function commerceRoot(agentRoot) {
+    return path.join(agentRoot, "state", "commerce");
+}
+function recordsDir(agentRoot) {
+    return path.join(commerceRoot(agentRoot), "checkouts");
+}
+function accessLogPath(agentRoot) {
+    return path.join(commerceRoot(agentRoot), "access-log.jsonl");
+}
+function recordPath(agentRoot, checkoutId) {
+    return path.join(recordsDir(agentRoot), `${checkoutId}.json`);
+}
+function recordLockPath(agentRoot, checkoutId) {
+    return `${recordPath(agentRoot, checkoutId)}.lock`;
+}
+function canonicalMandatePayload(input) {
+    return JSON.stringify({
+        friendId: input.friendId,
+        merchant: input.merchant.trim(),
+        items: input.items.map((item) => ({
+            name: item.name.trim(),
+            ...(item.quantity !== undefined ? { quantity: item.quantity } : {}),
+            ...(item.amount !== undefined ? { amount: item.amount } : {}),
+        })),
+        amount: input.amount,
+        currency: input.currency.trim().toLowerCase(),
+        allowedTools: [...input.allowedTools].sort(),
+        constraints: Object.fromEntries(Object.entries(input.constraints).sort(([a], [b]) => a.localeCompare(b))),
+        reason: input.reason.trim(),
+        expiresAt: input.expiresAt,
+    });
+}
+function digestFor(input) {
+    return (0, node_crypto_1.createHash)("sha256").update(canonicalMandatePayload(input)).digest("hex");
+}
+function digestForRecord(record) {
+    return digestFor({
+        friendId: record.friendId,
+        merchant: record.merchant,
+        items: record.items,
+        amount: record.amount,
+        currency: record.currency,
+        /* v8 ignore next -- legacy records missing allowedTools are rejected before validation digest checks; fallback keeps digesting total @preserve */
+        allowedTools: record.allowedTools ?? [],
+        /* v8 ignore next -- legacy records missing constraints are rejected before validation digest checks; fallback keeps digesting total @preserve */
+        constraints: record.constraints ?? {},
+        reason: record.reason,
+        expiresAt: record.expiresAt,
+    });
+}
+function consentSummary(record) {
+    const tools = [...(record.allowedTools ?? [])].sort().join(",");
+    const constraints = JSON.stringify(Object.fromEntries(Object.entries(record.constraints ?? {}).sort(([a], [b]) => a.localeCompare(b))));
+    return `${record.merchant} ${record.amount} ${record.currency} via ${tools} constraints ${constraints}`;
+}
+function expectedConfirmationMessage(record) {
+    return `${CONFIRMATION_PHRASE} checkout ${record.id} digest ${record.digest} for ${consentSummary(record)}`;
+}
+function commerceConfirmationMessage(record) {
+    (0, runtime_1.emitNervesEvent)({
+        component: "repertoire",
+        event: "repertoire.commerce_confirmation_message_built",
+        message: "built commerce confirmation message",
+        meta: { checkoutId: record.id },
+    });
+    return expectedConfirmationMessage(record);
+}
+function parseAmount(value) {
+    if (!Number.isFinite(value) || value <= 0) {
+        throw new Error("commerce amount must be a positive number");
+    }
+    return Math.round(value * 100) / 100;
+}
+function normalizeItems(items, merchant, amount) {
+    if (!items || items.length === 0)
+        return [{ name: merchant, quantity: 1, amount }];
+    return items.map((item) => ({
+        name: item.name.trim(),
+        ...(item.quantity !== undefined ? { quantity: item.quantity } : {}),
+        ...(item.amount !== undefined ? { amount: parseAmount(item.amount) } : {}),
+    }));
+}
+function normalizeToolName(toolName) {
+    const normalized = toolName.trim();
+    if (!normalized)
+        throw new Error("commerce allowed tool is required");
+    return normalized;
+}
+function normalizeAllowedTools(allowedTools) {
+    const tools = (allowedTools ?? []).map(normalizeToolName);
+    if (tools.length === 0)
+        throw new Error("commerce preview must name at least one allowed tool");
+    return [...new Set(tools)].sort();
+}
+function normalizeConstraints(constraints) {
+    const normalized = {};
+    for (const [key, value] of Object.entries(constraints ?? {})) {
+        const cleanKey = key.trim();
+        const cleanValue = String(value).trim();
+        if (!cleanKey || !cleanValue)
+            continue;
+        normalized[cleanKey] = cleanValue;
+    }
+    return Object.fromEntries(Object.entries(normalized).sort(([a], [b]) => a.localeCompare(b)));
+}
+function appendAccessLog(agentRoot, entry) {
+    fs.mkdirSync(commerceRoot(agentRoot), { recursive: true });
+    fs.appendFileSync(accessLogPath(agentRoot), `${JSON.stringify({ at: new Date().toISOString(), ...entry })}\n`, "utf-8");
+}
+function timestampMillis(value) {
+    const parsed = Date.parse(value);
+    return Number.isFinite(parsed) ? parsed : null;
+}
+function writeRecord(agentRoot, record) {
+    fs.mkdirSync(recordsDir(agentRoot), { recursive: true });
+    const { authorityToken: _authorityToken, ...persisted } = record;
+    fs.writeFileSync(recordPath(agentRoot, record.id), `${JSON.stringify(persisted, null, 2)}\n`, "utf-8");
+}
+function sleepSync(ms) {
+    Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
+}
+function withRecordLock(agentRoot, checkoutId, fn) {
+    fs.mkdirSync(recordsDir(agentRoot), { recursive: true });
+    const lockPath = recordLockPath(agentRoot, checkoutId);
+    const deadline = Date.now() + 5_000;
+    let fd = null;
+    while (fd === null) {
+        try {
+            fd = fs.openSync(lockPath, "wx");
+            fs.writeFileSync(fd, JSON.stringify({ pid: process.pid, at: new Date().toISOString() }));
+        }
+        catch (error) {
+            if (error.code !== "EEXIST")
+                throw error;
+            try {
+                const ageMs = Date.now() - fs.statSync(lockPath).mtimeMs;
+                if (ageMs > 30_000) {
+                    fs.unlinkSync(lockPath);
+                    continue;
+                }
+            }
+            catch {
+                /* v8 ignore next -- another process can remove a stale lock between failed open and stat; the next loop rechecks from scratch @preserve */
+                continue;
+            }
+            if (Date.now() >= deadline)
+                throw new Error("commerce_authority lock timed out");
+            sleepSync(25);
+        }
+    }
+    try {
+        return fn();
+    }
+    finally {
+        fs.closeSync(fd);
+        try {
+            fs.unlinkSync(lockPath);
+        }
+        catch {
+            /* v8 ignore next -- lock cleanup is best-effort after successful close; stale-lock reap handles rare removal races @preserve */
+        }
+    }
+}
+function tokenHash(token) {
+    return (0, node_crypto_1.createHash)("sha256").update(token).digest("hex");
+}
+function reservationToken() {
+    return (0, node_crypto_1.randomUUID)();
+}
+function createCommerceAuthorityToken(record) {
+    return `commerce:${record.id}:${record.digest}:${(0, node_crypto_1.randomUUID)()}`;
+}
+function commerceAuthorityToken(record) {
+    if (!record.authorityToken)
+        throw new Error("commerce authority token is only available after confirmation");
+    const token = record.authorityToken;
+    (0, runtime_1.emitNervesEvent)({
+        component: "repertoire",
+        event: "repertoire.commerce_authority_token_built",
+        message: "built commerce authority token",
+        meta: { checkoutId: record.id },
+    });
+    return token;
+}
+function createCommercePreview(input) {
+    const now = new Date();
+    const amount = parseAmount(input.amount);
+    const currency = input.currency.trim().toLowerCase();
+    if (!currency)
+        throw new Error("commerce currency is required");
+    const merchant = input.merchant.trim();
+    if (!merchant)
+        throw new Error("commerce merchant is required");
+    const reason = input.reason.trim();
+    if (!reason)
+        throw new Error("commerce reason is required");
+    const allowedTools = normalizeAllowedTools(input.allowedTools);
+    const constraints = normalizeConstraints(input.constraints);
+    const expiresAt = new Date(now.getTime() + (input.expiresInMinutes ?? DEFAULT_EXPIRES_MINUTES) * 60_000).toISOString();
+    const items = normalizeItems(input.items, merchant, amount);
+    const digest = digestFor({
+        friendId: input.friendId,
+        merchant,
+        items,
+        amount,
+        currency,
+        allowedTools,
+        constraints,
+        reason,
+        expiresAt,
+    });
+    const record = {
+        id: (0, node_crypto_1.randomUUID)(),
+        status: "previewed",
+        friendId: input.friendId,
+        merchant,
+        items,
+        amount,
+        currency,
+        allowedTools,
+        constraints,
+        reason,
+        digest,
+        createdAt: now.toISOString(),
+        updatedAt: now.toISOString(),
+        expiresAt,
+    };
+    writeRecord(input.agentRoot, record);
+    appendAccessLog(input.agentRoot, { checkoutId: record.id, action: "preview", friendId: input.friendId, ok: true });
+    (0, runtime_1.emitNervesEvent)({
+        component: "repertoire",
+        event: "repertoire.commerce_preview_created",
+        message: "created commerce checkout preview",
+        meta: { checkoutId: record.id, merchant, amount, currency },
+    });
+    return record;
+}
+function readCommerceRecord(agentRoot, checkoutId) {
+    try {
+        const raw = fs.readFileSync(recordPath(agentRoot, checkoutId), "utf-8");
+        const record = JSON.parse(raw);
+        appendAccessLog(agentRoot, { checkoutId, action: "read", ok: true });
+        (0, runtime_1.emitNervesEvent)({
+            component: "repertoire",
+            event: "repertoire.commerce_record_read",
+            message: "read commerce checkout record",
+            meta: { checkoutId },
+        });
+        return record;
+    }
+    catch {
+        appendAccessLog(agentRoot, { checkoutId, action: "read", ok: false, reason: "not_found" });
+        return null;
+    }
+}
+function confirmCommercePreview(input) {
+    const record = readCommerceRecord(input.agentRoot, input.checkoutId);
+    if (!record)
+        throw new Error(`commerce checkout not found: ${input.checkoutId}`);
+    if (record.friendId !== input.friendId)
+        throw new Error("commerce checkout belongs to a different friend");
+    if (record.status !== "previewed")
+        throw new Error(`commerce checkout is ${record.status}, not previewed`);
+    const expiresAtMs = timestampMillis(record.expiresAt);
+    if (expiresAtMs === null)
+        throw new Error("commerce checkout preview has invalid expiry");
+    if (expiresAtMs <= Date.now())
+        throw new Error("commerce checkout preview has expired");
+    if (record.digest !== input.digest)
+        throw new Error("commerce digest mismatch");
+    if (digestForRecord(record) !== record.digest)
+        throw new Error("commerce record digest mismatch");
+    if (input.confirmation.trim() !== CONFIRMATION_PHRASE)
+        throw new Error(`confirmation must be ${CONFIRMATION_PHRASE}`);
+    const currentUserMessage = input.currentUserMessage?.trim() ?? "";
+    if (currentUserMessage !== expectedConfirmationMessage(record)) {
+        throw new Error(`current human message must exactly equal: ${expectedConfirmationMessage(record)}`);
+    }
+    const now = new Date().toISOString();
+    const authorityToken = createCommerceAuthorityToken(record);
+    const confirmed = {
+        ...record,
+        status: "confirmed",
+        confirmedAt: now,
+        updatedAt: now,
+        confirmation: CONFIRMATION_PHRASE,
+        confirmedByMessage: currentUserMessage,
+        authorityToken,
+        authorityTokenHash: tokenHash(authorityToken),
+    };
+    writeRecord(input.agentRoot, confirmed);
+    appendAccessLog(input.agentRoot, { checkoutId: record.id, action: "confirm", friendId: input.friendId, ok: true });
+    (0, runtime_1.emitNervesEvent)({
+        component: "repertoire",
+        event: "repertoire.commerce_preview_confirmed",
+        message: "confirmed commerce checkout preview",
+        meta: { checkoutId: record.id },
+    });
+    return confirmed;
+}
+function amountFromArgs(args) {
+    if (!args)
+        return null;
+    const raw = args.amount ?? args.spend_limit;
+    if (!raw)
+        return null;
+    if (!/^\d+(?:\.\d{1,2})?$/.test(raw.trim()))
+        return Number.NaN;
+    const parsed = Number(raw);
+    return Number.isFinite(parsed) ? parsed : null;
+}
+function currencyFromArgs(args) {
+    const raw = args?.currency;
+    return raw ? raw.trim().toLowerCase() : null;
+}
+function requiredAmountForTool(toolName) {
+    if (toolName === "stripe_create_card")
+        return "spend_limit";
+    if (toolName === "flight_hold" || toolName === "flight_book")
+        return "amount";
+    return null;
+}
+function requiredConstraintsForTool(toolName) {
+    if (toolName === "stripe_create_card")
+        return ["type", "merchant_categories"];
+    if (toolName === "flight_hold" || toolName === "flight_book")
+        return ["offer_id"];
+    return [];
+}
+function authorityRecordValidationReason(record, input, options = {}) {
+    const expiresAtMs = timestampMillis(record.expiresAt);
+    if (!Array.isArray(record.allowedTools) || record.allowedTools.length === 0)
+        return "commerce_authority is missing allowed tools";
+    if (!record.constraints || typeof record.constraints !== "object" || Array.isArray(record.constraints)) {
+        return "commerce_authority constraints are invalid";
+    }
+    if (expiresAtMs === null)
+        return "commerce_authority has invalid expiry";
+    if (record.digest !== digestForRecord(record))
+        return "commerce_authority record digest mismatch";
+    if (record.status !== "confirmed")
+        return `commerce checkout is ${record.status}, not confirmed`;
+    if (timestampMillis(record.confirmedAt ?? "") === null)
+        return "commerce_authority confirmation state is invalid";
+    if (record.confirmation !== CONFIRMATION_PHRASE)
+        return "commerce_authority confirmation state is invalid";
+    if (record.confirmedByMessage !== expectedConfirmationMessage(record))
+        return "commerce_authority confirmation state is invalid";
+    if (typeof record.authorityTokenHash !== "string" || !/^[a-f0-9]{64}$/.test(record.authorityTokenHash)) {
+        return "commerce_authority confirmation state is invalid";
+    }
+    if (options.token !== undefined && record.authorityTokenHash !== tokenHash(options.token))
+        return "commerce_authority token mismatch";
+    if (input.friendId && record.friendId !== input.friendId)
+        return "commerce_authority belongs to a different friend";
+    if (options.digest !== undefined && record.digest !== options.digest)
+        return "commerce_authority digest mismatch";
+    if (expiresAtMs <= Date.now())
+        return "commerce_authority expired";
+    if (!record.allowedTools.includes(input.toolName))
+        return "tool is not allowed by commerce_authority";
+    const requiredAmountKey = requiredAmountForTool(input.toolName);
+    const amount = amountFromArgs(input.args);
+    if (requiredAmountKey && amount === null)
+        return `tool ${requiredAmountKey} is required for commerce_authority validation`;
+    if (amount !== null && (!Number.isFinite(amount) || amount !== record.amount))
+        return "tool amount does not match commerce_authority amount";
+    const currency = currencyFromArgs(input.args);
+    if (requiredAmountKey && !currency)
+        return "tool currency is required for commerce_authority validation";
+    if (currency && currency !== record.currency)
+        return "tool currency does not match commerce_authority";
+    for (const key of requiredConstraintsForTool(input.toolName)) {
+        if (!record.constraints[key])
+            return `commerce_authority is missing required ${key} constraint`;
+    }
+    for (const [key, expected] of Object.entries(record.constraints)) {
+        const actual = input.args?.[key]?.trim();
+        if (actual !== expected)
+            return `tool ${key} does not match commerce_authority`;
+    }
+    return null;
+}
+function validateCommerceAuthorityToken(input) {
+    const token = input.token?.trim();
+    if (!token)
+        return { ok: false, reason: "missing commerce_authority token" };
+    const match = /^commerce:([^:]+):([a-f0-9]{64}):([0-9a-f-]{36})$/.exec(token);
+    if (!match)
+        return { ok: false, reason: "invalid commerce_authority token format" };
+    const checkoutId = match[1];
+    const digest = match[2];
+    const record = readCommerceRecord(input.agentRoot, checkoutId);
+    if (!record)
+        return { ok: false, reason: "commerce checkout not found" };
+    const reason = authorityRecordValidationReason(record, input, { token, digest });
+    const ok = !reason;
+    appendAccessLog(input.agentRoot, {
+        checkoutId,
+        action: "validate",
+        toolName: input.toolName,
+        ok,
+        ...(reason ? { reason } : {}),
+    });
+    (0, runtime_1.emitNervesEvent)({
+        component: "repertoire",
+        event: "repertoire.commerce_authority_validated",
+        message: "validated commerce authority token",
+        meta: { checkoutId, toolName: input.toolName, ok, reason: reason ?? "" },
+    });
+    return ok ? { ok: true, record } : { ok: false, reason: reason };
+}
+function readAllCommerceRecords(agentRoot) {
+    try {
+        return fs.readdirSync(recordsDir(agentRoot))
+            .filter((file) => file.endsWith(".json"))
+            .flatMap((file) => {
+            try {
+                return [JSON.parse(fs.readFileSync(path.join(recordsDir(agentRoot), file), "utf-8"))];
+            }
+            catch {
+                return [];
+            }
+        });
+    }
+    catch {
+        return [];
+    }
+}
+function matchingCommerceRecords(input) {
+    return readAllCommerceRecords(input.agentRoot)
+        .filter((record) => authorityRecordValidationReason(record, input) === null);
+}
+function noMatchingAuthorityReason(records, input) {
+    const reasons = records
+        .map((record) => authorityRecordValidationReason(record, input))
+        .filter((reason) => typeof reason === "string");
+    const uniqueReasons = [...new Set(reasons)];
+    return uniqueReasons.length === 1 ? uniqueReasons[0] : "no matching confirmed commerce_authority";
+}
+function validateMatchingCommerceAuthority(input) {
+    const records = readAllCommerceRecords(input.agentRoot);
+    const matching = records.filter((record) => authorityRecordValidationReason(record, input) === null);
+    if (matching.length === 0)
+        return { ok: false, reason: noMatchingAuthorityReason(records, input) };
+    if (matching.length > 1)
+        return { ok: false, reason: "multiple matching confirmed commerce_authority records" };
+    return { ok: true, record: matching[0] };
+}
+function validateCommerceAuthority(input) {
+    return input.token?.trim() ? validateCommerceAuthorityToken(input) : validateMatchingCommerceAuthority(input);
+}
+function consumeValidatedCommerceRecord(agentRoot, record, input) {
+    const now = new Date().toISOString();
+    const consumed = {
+        ...record,
+        status: "consumed",
+        reservedAt: undefined,
+        reservedByTool: undefined,
+        reservationTokenHash: undefined,
+        attemptedAt: undefined,
+        attemptedByTool: undefined,
+        consumedAt: now,
+        consumedByTool: input.toolName,
+        updatedAt: now,
+    };
+    writeRecord(agentRoot, consumed);
+    appendAccessLog(agentRoot, {
+        checkoutId: record.id,
+        action: "consume",
+        toolName: input.toolName,
+        friendId: input.friendId,
+        ok: true,
+    });
+    (0, runtime_1.emitNervesEvent)({
+        component: "repertoire",
+        event: "repertoire.commerce_authority_consumed",
+        message: "consumed commerce authority token",
+        meta: { checkoutId: record.id, toolName: input.toolName },
+    });
+    return { ok: true, record: consumed };
+}
+function consumeMatchingCommerceAuthority(input) {
+    const matching = matchingCommerceRecords(input);
+    if (matching.length === 0)
+        return { ok: false, reason: "no matching confirmed commerce_authority" };
+    if (matching.length > 1)
+        return { ok: false, reason: "multiple matching confirmed commerce_authority records" };
+    const record = matching[0];
+    return withRecordLock(input.agentRoot, record.id, () => {
+        const fresh = readCommerceRecord(input.agentRoot, record.id);
+        /* v8 ignore next -- race-defense: matching records can disappear between directory scan and checkout lock @preserve */
+        if (!fresh)
+            return { ok: false, reason: "commerce checkout not found" };
+        const reason = authorityRecordValidationReason(fresh, input);
+        /* v8 ignore next -- race-defense: matching records can change between directory scan and checkout lock @preserve */
+        if (reason)
+            return { ok: false, reason };
+        return consumeValidatedCommerceRecord(input.agentRoot, fresh, input);
+    });
+}
+function checkoutIdFromAuthorityToken(token) {
+    return token ? /^commerce:([^:]+):[a-f0-9]{64}:[0-9a-f-]{36}$/.exec(token)?.[1] : undefined;
+}
+function reserveValidatedCommerceRecord(agentRoot, record, input) {
+    const now = new Date().toISOString();
+    const token = reservationToken();
+    const reserved = {
+        ...record,
+        status: "reserved",
+        reservedAt: now,
+        reservedByTool: input.toolName,
+        reservationTokenHash: tokenHash(token),
+        updatedAt: now,
+    };
+    writeRecord(agentRoot, reserved);
+    appendAccessLog(agentRoot, {
+        checkoutId: record.id,
+        action: "reserve",
+        toolName: input.toolName,
+        friendId: input.friendId,
+        ok: true,
+    });
+    (0, runtime_1.emitNervesEvent)({
+        component: "repertoire",
+        event: "repertoire.commerce_authority_reserved",
+        message: "reserved commerce authority for tool execution",
+        meta: { checkoutId: record.id, toolName: input.toolName },
+    });
+    return { ok: true, checkoutId: record.id, reservationToken: token, record: reserved };
+}
+function reserveMatchingCommerceAuthority(input) {
+    const records = readAllCommerceRecords(input.agentRoot);
+    const matching = records.filter((record) => authorityRecordValidationReason(record, input) === null);
+    if (matching.length === 0)
+        return { ok: false, reason: noMatchingAuthorityReason(records, input) };
+    if (matching.length > 1)
+        return { ok: false, reason: "multiple matching confirmed commerce_authority records" };
+    const record = matching[0];
+    return withRecordLock(input.agentRoot, record.id, () => {
+        const fresh = readCommerceRecord(input.agentRoot, record.id);
+        /* v8 ignore next -- race-defense: matching records can disappear between directory scan and checkout lock @preserve */
+        if (!fresh)
+            return { ok: false, reason: "commerce checkout not found" };
+        const reason = authorityRecordValidationReason(fresh, input);
+        /* v8 ignore next -- race-defense: matching records can change between directory scan and checkout lock @preserve */
+        if (reason)
+            return { ok: false, reason };
+        return reserveValidatedCommerceRecord(input.agentRoot, fresh, input);
+    });
+}
+function reserveCommerceAuthority(input) {
+    const token = input.token?.trim();
+    const checkoutId = checkoutIdFromAuthorityToken(token);
+    if (!checkoutId) {
+        if (!token)
+            return reserveMatchingCommerceAuthority(input);
+        return { ok: false, reason: "invalid commerce_authority token format" };
+    }
+    return withRecordLock(input.agentRoot, checkoutId, () => {
+        const validation = validateCommerceAuthorityToken(input);
+        if (!validation.ok)
+            return validation;
+        return reserveValidatedCommerceRecord(input.agentRoot, validation.record, input);
+    });
+}
+function consumeReservedCommerceAuthority(input) {
+    return withRecordLock(input.agentRoot, input.checkoutId, () => {
+        const record = readCommerceRecord(input.agentRoot, input.checkoutId);
+        if (!record)
+            return { ok: false, reason: "commerce checkout not found" };
+        if (record.status !== "reserved" && record.status !== "attempted") {
+            return { ok: false, reason: `commerce checkout is ${record.status}, not reserved or attempted` };
+        }
+        if (record.reservedByTool !== input.toolName)
+            return { ok: false, reason: "commerce_authority reservation belongs to a different tool" };
+        if (input.friendId && record.friendId !== input.friendId)
+            return { ok: false, reason: "commerce_authority belongs to a different friend" };
+        if (record.reservationTokenHash !== tokenHash(input.reservationToken))
+            return { ok: false, reason: "commerce_authority reservation token mismatch" };
+        return consumeValidatedCommerceRecord(input.agentRoot, record, {
+            agentRoot: input.agentRoot,
+            token: undefined,
+            toolName: input.toolName,
+            friendId: input.friendId,
+        });
+    });
+}
+function markReservedCommerceAuthorityAttempted(input) {
+    return withRecordLock(input.agentRoot, input.checkoutId, () => {
+        const record = readCommerceRecord(input.agentRoot, input.checkoutId);
+        if (!record)
+            return { ok: false, reason: "commerce checkout not found" };
+        if (record.status !== "reserved")
+            return { ok: false, reason: `commerce checkout is ${record.status}, not reserved` };
+        if (record.reservedByTool !== input.toolName)
+            return { ok: false, reason: "commerce_authority reservation belongs to a different tool" };
+        if (input.friendId && record.friendId !== input.friendId)
+            return { ok: false, reason: "commerce_authority belongs to a different friend" };
+        if (record.reservationTokenHash !== tokenHash(input.reservationToken))
+            return { ok: false, reason: "commerce_authority reservation token mismatch" };
+        const now = new Date().toISOString();
+        const attempted = {
+            ...record,
+            status: "attempted",
+            attemptedAt: now,
+            attemptedByTool: input.toolName,
+            updatedAt: now,
+        };
+        writeRecord(input.agentRoot, attempted);
+        appendAccessLog(input.agentRoot, {
+            checkoutId: record.id,
+            action: "attempt",
+            toolName: input.toolName,
+            friendId: input.friendId,
+            ok: true,
+        });
+        (0, runtime_1.emitNervesEvent)({
+            component: "repertoire",
+            event: "repertoire.commerce_authority_attempted",
+            message: "marked commerce authority as externally attempted",
+            meta: { checkoutId: record.id, toolName: input.toolName },
+        });
+        return { ok: true, record: attempted };
+    });
+}
+function releaseReservedCommerceAuthority(input) {
+    return withRecordLock(input.agentRoot, input.checkoutId, () => {
+        const record = readCommerceRecord(input.agentRoot, input.checkoutId);
+        if (!record || record.status !== "reserved")
+            return { ok: false, reason: "commerce checkout is not reserved" };
+        if (record.reservedByTool !== input.toolName)
+            return { ok: false, reason: "commerce_authority reservation belongs to a different tool" };
+        if (input.friendId && record.friendId !== input.friendId)
+            return { ok: false, reason: "commerce_authority belongs to a different friend" };
+        if (record.reservationTokenHash !== tokenHash(input.reservationToken))
+            return { ok: false, reason: "commerce_authority reservation token mismatch" };
+        const now = new Date().toISOString();
+        const released = {
+            ...record,
+            status: "confirmed",
+            reservedAt: undefined,
+            reservedByTool: undefined,
+            reservationTokenHash: undefined,
+            updatedAt: now,
+        };
+        writeRecord(input.agentRoot, released);
+        appendAccessLog(input.agentRoot, {
+            checkoutId: record.id,
+            action: "release",
+            toolName: input.toolName,
+            friendId: input.friendId,
+            ok: true,
+        });
+        (0, runtime_1.emitNervesEvent)({
+            component: "repertoire",
+            event: "repertoire.commerce_authority_released",
+            message: "released reserved commerce authority",
+            meta: { checkoutId: record.id, toolName: input.toolName },
+        });
+        return { ok: true, record: released };
+    });
+}
+function consumeCommerceAuthorityToken(input) {
+    const token = input.token?.trim();
+    const checkoutId = checkoutIdFromAuthorityToken(token);
+    if (!checkoutId)
+        return token ? validateCommerceAuthorityToken(input) : consumeMatchingCommerceAuthority(input);
+    return withRecordLock(input.agentRoot, checkoutId, () => {
+        const validation = validateCommerceAuthorityToken(input);
+        if (!validation.ok)
+            return validation;
+        return consumeValidatedCommerceRecord(input.agentRoot, validation.record, input);
+    });
+}
+function readCommerceAccessLog(agentRoot, limit = 20) {
+    try {
+        const lines = fs.readFileSync(accessLogPath(agentRoot), "utf-8").trim().split("\n").filter(Boolean);
+        const entries = lines.map((line) => JSON.parse(line));
+        (0, runtime_1.emitNervesEvent)({
+            component: "repertoire",
+            event: "repertoire.commerce_access_log_read",
+            message: "read commerce access log",
+            meta: { limit },
+        });
+        return entries.slice(-limit);
+    }
+    catch {
+        return [];
+    }
+}
+function confirmationPhrase() {
+    (0, runtime_1.emitNervesEvent)({
+        component: "repertoire",
+        event: "repertoire.commerce_confirmation_phrase_read",
+        message: "read commerce confirmation phrase",
+        meta: {},
+    });
+    return CONFIRMATION_PHRASE;
+}