npm - @svsprotocol/solana - Versions diffs - 0.1.0 - Mend

@svsprotocol/solana 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/LICENSE +158 -0
package/README.md +365 -0
package/dist/action-production-proof-evidence.js +553 -0
package/dist/adapter-catalog.d.ts +29 -0
package/dist/adapter-catalog.js +146 -0
package/dist/adapter-core.d.ts +48 -0
package/dist/adapter-core.js +249 -0
package/dist/approval-signature.js +197 -0
package/dist/base58.js +69 -0
package/dist/bot-auth.js +50 -0
package/dist/bot-certification-evidence.js +342 -0
package/dist/bot-first-action-runbook.js +299 -0
package/dist/bot-integration-contract.js +41 -0
package/dist/certified-submit-status.js +176 -0
package/dist/common.d.ts +1135 -0
package/dist/elizaos.d.ts +43 -0
package/dist/elizaos.js +227 -0
package/dist/goat.d.ts +47 -0
package/dist/goat.js +261 -0
package/dist/index.d.ts +330 -0
package/dist/index.js +128 -0
package/dist/protocol.d.ts +205 -0
package/dist/protocol.js +900 -0
package/dist/receipt.js +51 -0
package/dist/signed-proof-read-protection.js +495 -0
package/dist/solana-agent-kit.d.ts +35 -0
package/dist/solana-agent-kit.js +151 -0
package/dist/svs-client.js +1232 -0
package/dist/vercel-ai.d.ts +47 -0
package/dist/vercel-ai.js +266 -0
package/dist/verified-agent-adoption-kit.js +471 -0
package/dist/verified-agent-profile.js +329 -0
package/dist/verified-agent-registry-consumer.js +421 -0
package/dist/verified-agent-registry.d.ts +36 -0
package/dist/verified-agent-registry.js +826 -0
package/dist/verified-agent-trust-score.js +335 -0
package/dist/webhooks.js +834 -0
package/package.json +72 -0

package/dist/protocol.js ADDED Viewed

@@ -0,0 +1,900 @@
+import {
+  ACTION_PRODUCTION_PROOF_EVIDENCE_VERSION,
+  APPROVAL_MESSAGE_DOMAIN,
+  LEGACY_APPROVAL_MESSAGE_DOMAIN,
+  VERIFIED_AGENT_TRUST_SCORE_HIGH_TRUST_MIN,
+  productionCertificationIsReady,
+  summarizeApprovalDomain,
+  SolanaVerificationClient,
+  verifyActionProductionProofEvidence,
+  verifyVerifiedAgentRegistryUrl
+} from "./index.js";
+import { hashObject } from "./receipt.js";
+export const VERIFIED_AGENT_REQUIREMENT_VERSION = "svs.verified-agent-requirement.v1";
+export const CURRENT_APPROVAL_DOMAIN_REQUIREMENT_VERSION = "svs.current-approval-domain-requirement.v1";
+export const HOSTED_VERIFIED_AGENT_REGISTRY_REQUIREMENT_VERSION = "svs.hosted-verified-agent-registry-requirement.v1";
+export const VERIFIED_AGENT_STANDARD_CONFORMANCE_FIXTURES_VERSION = "svs.verified-agent-standard-conformance-fixtures.v1";
+export const VERIFIED_AGENT_STANDARD_CONFORMANCE_VERSION = "svs.verified-agent-standard-conformance.v1";
+export const HOSTED_VERIFIED_AGENT_TRUST_POLICY_STANDARD = "standard";
+export const HOSTED_VERIFIED_AGENT_TRUST_POLICY_HIGH_TRUST = "high-trust";
+export const HOSTED_VERIFIED_AGENT_TRUST_POLICY_CUSTOM = "custom";
+export const HOSTED_VERIFIED_AGENT_TRUST_POLICY_VALUES = [
+  HOSTED_VERIFIED_AGENT_TRUST_POLICY_STANDARD,
+  HOSTED_VERIFIED_AGENT_TRUST_POLICY_HIGH_TRUST,
+  HOSTED_VERIFIED_AGENT_TRUST_POLICY_CUSTOM
+];
+export async function requireVerifiedAgent({
+  client = null,
+  baseUrl,
+  apiKey,
+  requestSigningSecret,
+  botId,
+  agentWallet = null,
+  action = null,
+  minCertification = "production_verified",
+  staleAfterMs = undefined,
+  requireCurrentIntegrationContract = true
+} = {}) {
+  if (!botId) {
+    throw new Error("botId is required.");
+  }
+  const svs = client ?? new SolanaVerificationClient({
+    baseUrl,
+    apiKey,
+    requestSigningSecret
+  });
+  const certification = await svs.requireProductionCertification({
+    botId,
+    staleAfterMs,
+    requireCurrentIntegrationContract
+  });
+  const ok = productionCertificationIsReady(certification);
+  if (!ok) {
+    throw new Error(`SVS verified agent requirement failed for ${botId}.`);
+  }
+  return {
+    version: VERIFIED_AGENT_REQUIREMENT_VERSION,
+    ok: true,
+    status: "verified",
+    minCertification,
+    botId,
+    agentWallet,
+    action,
+    certificationHash: certification.certification?.certificationHash ?? null,
+    recordId: certification.certification?.recordId ?? null,
+    qualityTarget: certification.qualityTarget ?? null,
+    integrationContract: certification.integrationContract ?? null,
+    proofs: certification.proofs ?? null,
+    nextAction: {
+      code: "none",
+      message: "Agent satisfies SVS production certification requirements."
+    }
+  };
+}
+export function requireCurrentApprovalDomain(proofEvidenceOrHumanApproval, {
+  action = null
+} = {}) {
+  const humanApproval = proofEvidenceOrHumanApproval?.humanApproval ?? proofEvidenceOrHumanApproval;
+  const domain = summarizeApprovalDomain(humanApproval);
+  const status = humanApproval?.domainStatus ?? domain.status;
+  const current = domain.domain === APPROVAL_MESSAGE_DOMAIN && status === "current";
+  if (!current) {
+    const error = new Error(`SVS approval domain is not current: ${status}.`);
+    error.name = "SvsCurrentApprovalDomainError";
+    error.details = {
+      version: CURRENT_APPROVAL_DOMAIN_REQUIREMENT_VERSION,
+      ok: false,
+      status,
+      domain: domain.domain,
+      expectedDomain: APPROVAL_MESSAGE_DOMAIN,
+      action,
+      nextAction: {
+        code: status === "legacy_compatible"
+          ? "approval_domain_legacy_compatible"
+          : "approval_domain_not_current",
+        message: status === "legacy_compatible"
+          ? "This proof uses the legacy approval domain. Keep it for historical audit compatibility, but require current-domain proofs for new production bot actions."
+          : "Require a current SVS approval-domain proof before accepting this bot action."
+      }
+    };
+    throw error;
+  }
+  return {
+    version: CURRENT_APPROVAL_DOMAIN_REQUIREMENT_VERSION,
+    ok: true,
+    status: "current",
+    domain: domain.domain,
+    expectedDomain: APPROVAL_MESSAGE_DOMAIN,
+    action,
+    nextAction: {
+      code: "none",
+      message: "SVS approval domain is current."
+    }
+  };
+}
+export async function requireHostedVerifiedAgentRegistry({
+  registryUrl,
+  trustManifestUrl = null,
+  expectedRegistryHash,
+  botId,
+  requireVerified = true,
+  trustPolicy = null,
+  requireHighTrustScore = false,
+  minimumTrustScore = null,
+  requireTrustScoreEvidenceComplete = null,
+  maxTrustScoreBlockingSignals = null,
+  staleAfterMs = null,
+  now = new Date(),
+  fetchImpl = globalThis.fetch
+} = {}) {
+  if (!botId) {
+    throw new Error("botId is required.");
+  }
+  const resolvedTrustPolicy = resolveHostedTrustScorePolicyOptions({
+    trustPolicy,
+    requireHighTrustScore,
+    minimumTrustScore,
+    requireTrustScoreEvidenceComplete,
+    maxTrustScoreBlockingSignals
+  });
+  const verification = await verifyVerifiedAgentRegistryUrl({
+    registryUrl,
+    trustManifestUrl,
+    expectedRegistryHash,
+    requireVerified,
+    staleAfterMs,
+    now,
+    fetchImpl
+  });
+  const agent = verification.agents?.find((item) => item.botId === botId) ?? null;
+  const trustScorePolicy = evaluateHostedTrustScorePolicy(agent?.trustScore, resolvedTrustPolicy);
+  const ok = verification.ok === true && agent?.ok === true && trustScorePolicy.ok === true;
+  if (!ok) {
+    const firstFailure = trustScorePolicy.ok === false
+      ? {
+          name: "Hosted registry trust score policy satisfied",
+          ok: false,
+          detail: trustScorePolicy.detail
+        }
+      : agent?.failedChecks?.[0] ?? verification.failedChecks?.[0];
+    const error = new Error(
+      `SVS hosted verified-agent registry requirement failed for ${botId}: ${firstFailure?.name ?? verification.status ?? "failed"}.`
+    );
+    error.name = "SvsHostedVerifiedAgentRegistryError";
+    error.details = {
+      version: HOSTED_VERIFIED_AGENT_REGISTRY_REQUIREMENT_VERSION,
+      ok: false,
+      status: trustScorePolicy.ok === false
+        ? "trust_score_policy_failed"
+        : verification.status === "verified"
+          ? "agent_not_verified"
+          : verification.status,
+      botId,
+      registryUrl,
+      trustManifestUrl: verification.trustManifestUrl ?? trustManifestUrl ?? null,
+      expectedRegistryHash,
+      registryHash: verification.registryHash ?? null,
+      trustManifest: verification.trustManifest ?? null,
+      trustScorePolicy,
+      failedCheckCount: verification.failedCheckCount ?? null,
+      firstFailure: firstFailure ?? null,
+      agent: agent ? summarizeRegistryAgentForRequirement(agent) : null,
+      nextAction: {
+        code: trustScorePolicy.ok === false
+          ? "raise_hosted_verified_agent_trust_score"
+          : agent
+            ? "fix_hosted_verified_agent_registry"
+            : "publish_verified_agent_to_registry",
+        message: trustScorePolicy.ok === false
+          ? "Refresh or strengthen SVS proof evidence until the hosted registry trust-score policy passes."
+          : agent
+            ? "Fix the hosted SVS registry, trust manifest, or linked profile before accepting this agent."
+            : "Publish this bot to the hosted SVS verified-agent registry before accepting it."
+      }
+    };
+    throw error;
+  }
+  return {
+    version: HOSTED_VERIFIED_AGENT_REGISTRY_REQUIREMENT_VERSION,
+    ok: true,
+    status: "verified",
+    botId,
+    registryUrl,
+    trustManifestUrl: verification.trustManifestUrl ?? trustManifestUrl ?? null,
+    expectedRegistryHash,
+    registryHash: verification.registryHash ?? null,
+    trustManifest: verification.trustManifest ?? null,
+    trustScorePolicy,
+    agent: summarizeRegistryAgentForRequirement(agent),
+    profileCount: verification.profileCount ?? null,
+    verifiedAgentCount: verification.verifiedAgentCount ?? null,
+    nextAction: {
+      code: "none",
+      message: "Hosted SVS registry, trust manifest, and linked profile checks passed for this agent."
+    }
+  };
+}
+export function createHostedVerifiedAgentRegistryMiddleware({
+  registryUrl,
+  trustManifestUrl = null,
+  expectedRegistryHash,
+  requireVerified = true,
+  trustPolicy = null,
+  requireHighTrustScore = false,
+  minimumTrustScore = null,
+  requireTrustScoreEvidenceComplete = null,
+  maxTrustScoreBlockingSignals = null,
+  staleAfterMs = null,
+  now = new Date(),
+  fetchImpl = globalThis.fetch
+} = {}) {
+  return async function svsHostedVerifiedAgentRegistryMiddleware(request = {}) {
+    const botId = request.botId ?? request.agent?.botId ?? request.body?.botId;
+    return requireHostedVerifiedAgentRegistry({
+      registryUrl,
+      trustManifestUrl,
+      expectedRegistryHash,
+      botId,
+      requireVerified,
+      trustPolicy,
+      requireHighTrustScore,
+      minimumTrustScore,
+      requireTrustScoreEvidenceComplete,
+      maxTrustScoreBlockingSignals,
+      staleAfterMs,
+      now,
+      fetchImpl
+    });
+  };
+}
+function summarizeRegistryAgentForRequirement(agent) {
+  return {
+    index: agent.index ?? null,
+    botId: agent.botId ?? null,
+    profilePath: agent.profilePath ?? null,
+    profileUrl: agent.profileUrl ?? null,
+    profileHash: agent.profileHash ?? null,
+    trustScore: agent.trustScore
+      ? {
+          version: agent.trustScore.version ?? null,
+          status: agent.trustScore.status ?? null,
+          score: agent.trustScore.score ?? null,
+          maxScore: agent.trustScore.maxScore ?? null,
+          evidenceComplete: agent.trustScore.evidenceComplete === true,
+          blockingSignalCount: agent.trustScore.blockingSignalCount ?? null,
+          trustScoreHash: agent.trustScore.trustScoreHash ?? null,
+          computedTrustScoreHash: agent.trustScore.computedTrustScoreHash ?? null,
+          hashValid: agent.trustScore.hashValid === true,
+          highTrustMinimumScore: agent.trustScore.highTrustMinimumScore ?? null,
+          nextAction: agent.trustScore.nextAction ?? null
+        }
+      : null,
+    ok: agent.ok === true,
+    failedCheckCount: agent.failedCheckCount ?? 0
+  };
+}
+function evaluateHostedTrustScorePolicy(trustScore, {
+  trustPolicy = HOSTED_VERIFIED_AGENT_TRUST_POLICY_STANDARD,
+  requireHighTrustScore = false,
+  minimumTrustScore = null,
+  requireTrustScoreEvidenceComplete = null,
+  maxTrustScoreBlockingSignals = null
+} = {}) {
+  const effectiveMinimum = normalizeOptionalNumber(minimumTrustScore);
+  const effectiveBlockingMax = normalizeOptionalNumber(maxTrustScoreBlockingSignals);
+  const policyEnabled = requireHighTrustScore ||
+    effectiveMinimum !== null ||
+    requireTrustScoreEvidenceComplete === true ||
+    effectiveBlockingMax !== null;
+  if (!policyEnabled) {
+    return {
+      ok: true,
+      status: "not_required",
+      required: false,
+      trustPolicy,
+      detail: "No hosted registry trust-score policy was requested."
+    };
+  }
+  const minScore = requireHighTrustScore
+    ? effectiveMinimum ?? trustScore?.highTrustMinimumScore ?? VERIFIED_AGENT_TRUST_SCORE_HIGH_TRUST_MIN
+    : effectiveMinimum;
+  const mustComplete = requireHighTrustScore || requireTrustScoreEvidenceComplete === true;
+  const maxBlocking = requireHighTrustScore ? 0 : effectiveBlockingMax;
+  const failures = [];
+  if (!trustScore) {
+    failures.push("trust score missing");
+  } else {
+    if (trustScore.hashValid !== true) {
+      failures.push("trust score hash invalid");
+    }
+    if (minScore !== null && Number(trustScore.score ?? -1) < minScore) {
+      failures.push(`score ${trustScore.score ?? "missing"} below ${minScore}`);
+    }
+    if (mustComplete && trustScore.evidenceComplete !== true) {
+      failures.push("required evidence incomplete");
+    }
+    if (maxBlocking !== null && Number(trustScore.blockingSignalCount ?? Number.POSITIVE_INFINITY) > maxBlocking) {
+      failures.push(`blocking signals ${trustScore.blockingSignalCount ?? "missing"} above ${maxBlocking}`);
+    }
+  }
+  const ok = failures.length === 0;
+  return {
+    ok,
+    status: ok ? "passed" : "failed",
+    required: true,
+    trustPolicy,
+    requireHighTrustScore: Boolean(requireHighTrustScore),
+    minimumTrustScore: minScore,
+    requireTrustScoreEvidenceComplete: mustComplete,
+    maxTrustScoreBlockingSignals: maxBlocking,
+    detail: ok
+      ? `score=${trustScore?.score ?? "missing"} min=${minScore ?? "not_required"} blocking=${trustScore?.blockingSignalCount ?? "missing"} maxBlocking=${maxBlocking ?? "not_required"}`
+      : failures.join("; ")
+  };
+}
+function resolveHostedTrustScorePolicyOptions({
+  trustPolicy = null,
+  requireHighTrustScore = false,
+  minimumTrustScore = null,
+  requireTrustScoreEvidenceComplete = null,
+  maxTrustScoreBlockingSignals = null
+} = {}) {
+  const explicitPolicy = normalizeHostedTrustPolicy(trustPolicy);
+  const hasCustomScoreOptions = normalizeOptionalNumber(minimumTrustScore) !== null ||
+    requireTrustScoreEvidenceComplete === true ||
+    normalizeOptionalNumber(maxTrustScoreBlockingSignals) !== null;
+  if (explicitPolicy === HOSTED_VERIFIED_AGENT_TRUST_POLICY_CUSTOM && !hasCustomScoreOptions) {
+    throw new Error(
+      'trustPolicy "custom" requires minimumTrustScore, requireTrustScoreEvidenceComplete, or maxTrustScoreBlockingSignals.'
+    );
+  }
+  let resolvedPolicy = explicitPolicy ??
+    (requireHighTrustScore
+      ? HOSTED_VERIFIED_AGENT_TRUST_POLICY_HIGH_TRUST
+      : hasCustomScoreOptions
+        ? HOSTED_VERIFIED_AGENT_TRUST_POLICY_CUSTOM
+        : HOSTED_VERIFIED_AGENT_TRUST_POLICY_STANDARD);
+  if (resolvedPolicy === HOSTED_VERIFIED_AGENT_TRUST_POLICY_STANDARD && hasCustomScoreOptions) {
+    resolvedPolicy = HOSTED_VERIFIED_AGENT_TRUST_POLICY_CUSTOM;
+  }
+  return {
+    trustPolicy: resolvedPolicy,
+    requireHighTrustScore: requireHighTrustScore ||
+      resolvedPolicy === HOSTED_VERIFIED_AGENT_TRUST_POLICY_HIGH_TRUST,
+    minimumTrustScore,
+    requireTrustScoreEvidenceComplete,
+    maxTrustScoreBlockingSignals
+  };
+}
+function normalizeHostedTrustPolicy(value) {
+  if (value === null || value === undefined || value === "") {
+    return null;
+  }
+  const normalized = String(value).trim().toLowerCase().replaceAll("_", "-");
+  if (["standard", "baseline", "default"].includes(normalized)) {
+    return HOSTED_VERIFIED_AGENT_TRUST_POLICY_STANDARD;
+  }
+  if (["high-trust", "hightrust", "strict"].includes(normalized)) {
+    return HOSTED_VERIFIED_AGENT_TRUST_POLICY_HIGH_TRUST;
+  }
+  if (normalized === "custom") {
+    return HOSTED_VERIFIED_AGENT_TRUST_POLICY_CUSTOM;
+  }
+  throw new Error(
+    `Unsupported hosted registry trustPolicy "${value}". Use one of: ${HOSTED_VERIFIED_AGENT_TRUST_POLICY_VALUES.join(", ")}.`
+  );
+}
+function normalizeOptionalNumber(value) {
+  if (value === null || value === undefined || value === "") {
+    return null;
+  }
+  const number = Number(value);
+  return Number.isFinite(number) ? number : null;
+}
+export function createVerifiedAgentStandardConformanceFixtures({
+  now = new Date(),
+  botId = "svs-conformance-agent",
+  agentWallet = "ConformanceController111111111111111111111111",
+  action = "treasury_transfer",
+  recordId = "svs-conformance-record-1"
+} = {}) {
+  const generatedAt = normalizeDate(now).toISOString();
+  const baseCertification = createConformanceCertification({ recordId });
+  const baseEvidence = createConformanceActionProofEvidence({
+    generatedAt,
+    botId,
+    recordId,
+    approvalDomain: APPROVAL_MESSAGE_DOMAIN,
+    approvalDomainStatus: "current"
+  });
+  const scenarios = [
+    {
+      id: "accept_current_verified_agent_action",
+      label: "Accept current verified agent action",
+      expectedAccepted: true,
+      requirement: "Protocol accepts only when certification, action proof, current approval domain, signed bot request, human approval, broadcast, custom registry, and action-record verification pass.",
+      botId,
+      agentWallet,
+      action,
+      recordId,
+      certification: baseCertification,
+      actionProductionProofEvidence: baseEvidence
+    },
+    {
+      id: "reject_legacy_approval_domain",
+      label: "Reject legacy approval domain for new protocol acceptance",
+      expectedAccepted: false,
+      expectedFailureCode: "approval_domain_legacy_compatible",
+      requirement: "Protocol must fail closed when a new action proof uses the legacy approval domain.",
+      botId,
+      agentWallet,
+      action,
+      recordId,
+      certification: baseCertification,
+      actionProductionProofEvidence: createConformanceActionProofEvidence({
+        generatedAt,
+        botId,
+        recordId,
+        approvalDomain: LEGACY_APPROVAL_MESSAGE_DOMAIN,
+        approvalDomainStatus: "legacy_compatible"
+      })
+    },
+    {
+      id: "reject_stale_action_proof",
+      label: "Reject stale action production proof",
+      expectedAccepted: false,
+      expectedFailureCode: "action_proof_verification_failed",
+      requirement: "Protocol must fail closed when the action production proof is older than the configured freshness window.",
+      botId,
+      agentWallet,
+      action,
+      recordId,
+      certification: baseCertification,
+      actionProductionProofEvidence: createConformanceActionProofEvidence({
+        generatedAt: new Date(normalizeDate(now).getTime() - 3_600_000).toISOString(),
+        botId,
+        recordId,
+        approvalDomain: APPROVAL_MESSAGE_DOMAIN,
+        approvalDomainStatus: "current"
+      }),
+      staleAfterMs: 1_000
+    },
+    {
+      id: "reject_missing_custom_registry_proof",
+      label: "Reject missing custom receipt-registry proof",
+      expectedAccepted: false,
+      expectedFailureCode: "action_proof_verification_failed",
+      requirement: "Protocol must fail closed when production rules require the custom receipt registry and the proof does not show a confirmed registry write.",
+      botId,
+      agentWallet,
+      action,
+      recordId,
+      certification: baseCertification,
+      actionProductionProofEvidence: createConformanceActionProofEvidence({
+        generatedAt,
+        botId,
+        recordId,
+        receiptRegistryConfirmed: false,
+        approvalDomain: APPROVAL_MESSAGE_DOMAIN,
+        approvalDomainStatus: "current"
+      })
+    },
+    {
+      id: "reject_unauthenticated_bot_request",
+      label: "Reject unauthenticated bot request",
+      expectedAccepted: false,
+      expectedFailureCode: "action_proof_verification_failed",
+      requirement: "Protocol must fail closed when the action proof is not tied to an authenticated signed bot request.",
+      botId,
+      agentWallet,
+      action,
+      recordId,
+      certification: baseCertification,
+      actionProductionProofEvidence: createConformanceActionProofEvidence({
+        generatedAt,
+        botId,
+        recordId,
+        requestSignatureVerified: false,
+        approvalDomain: APPROVAL_MESSAGE_DOMAIN,
+        approvalDomainStatus: "current"
+      })
+    },
+    {
+      id: "reject_record_mismatch",
+      label: "Reject action proof for another record",
+      expectedAccepted: false,
+      expectedFailureCode: "action_proof_verification_failed",
+      requirement: "Protocol must fail closed when the action production proof does not match the record being accepted.",
+      botId,
+      agentWallet,
+      action,
+      recordId,
+      certification: baseCertification,
+      expectedRecordId: "svs-conformance-record-2",
+      actionProductionProofEvidence: baseEvidence
+    },
+    {
+      id: "reject_uncertified_agent",
+      label: "Reject uncertified agent",
+      expectedAccepted: false,
+      expectedFailureCode: "verified_agent_requirement_failed",
+      requirement: "Protocol must fail closed when SVS production certification is missing, stale, incomplete, or below policy.",
+      botId,
+      agentWallet,
+      action,
+      recordId,
+      certification: createConformanceCertification({
+        recordId,
+        ok: false,
+        qualityReady: false,
+        score: 70,
+        status: "incomplete"
+      }),
+      actionProductionProofEvidence: baseEvidence
+    }
+  ];
+  return {
+    version: VERIFIED_AGENT_STANDARD_CONFORMANCE_FIXTURES_VERSION,
+    generatedAt,
+    standard: "Verified Agent Standard",
+    botId,
+    agentWallet,
+    action,
+    recordId,
+    scenarioCount: scenarios.length,
+    scenarios
+  };
+}
+export async function runVerifiedAgentStandardConformance({
+  fixtures = null,
+  now = new Date(),
+  staleAfterMs = 86_400_000
+} = {}) {
+  const checkedAt = normalizeDate(now).toISOString();
+  const resolvedFixtures = fixtures ?? createVerifiedAgentStandardConformanceFixtures({ now });
+  const scenarios = [];
+  for (const fixture of resolvedFixtures.scenarios ?? []) {
+    scenarios.push(await evaluateVerifiedAgentStandardScenario(fixture, {
+      now: normalizeDate(now),
+      staleAfterMs
+    }));
+  }
+  const failedScenarios = scenarios.filter((scenario) => scenario.ok !== true);
+  const unsigned = {
+    version: VERIFIED_AGENT_STANDARD_CONFORMANCE_VERSION,
+    ok: failedScenarios.length === 0,
+    status: failedScenarios.length === 0 ? "verified" : "failed",
+    checkedAt,
+    fixtureVersion: resolvedFixtures.version ?? null,
+    scenarioCount: scenarios.length,
+    passedScenarioCount: scenarios.filter((scenario) => scenario.ok === true).length,
+    failedScenarioCount: failedScenarios.length,
+    scenarios,
+    nextAction: failedScenarios[0]
+      ? {
+          code: failedScenarios[0].id,
+          message: `Fix Verified Agent Standard conformance scenario ${failedScenarios[0].id}: ${failedScenarios[0].detail}.`
+        }
+      : {
+          code: "none",
+          message: "Verified Agent Standard pass/fail conformance fixtures match SDK verifier behavior."
+        }
+  };
+  return {
+    ...unsigned,
+    conformanceHash: hashObject(unsigned)
+  };
+}
+async function evaluateVerifiedAgentStandardScenario(fixture, {
+  now,
+  staleAfterMs
+}) {
+  const expectedAccepted = fixture.expectedAccepted === true;
+  const expectedRecordId = fixture.expectedRecordId ?? fixture.recordId ?? null;
+  const scenarioStaleAfterMs = fixture.staleAfterMs ?? staleAfterMs;
+  try {
+    const verifiedAgent = await requireVerifiedAgent({
+      client: {
+        async requireProductionCertification(options) {
+          return {
+            ...(fixture.certification ?? {}),
+            requestedOptions: options
+          };
+        }
+      },
+      botId: fixture.botId,
+      agentWallet: fixture.agentWallet ?? null,
+      action: fixture.action ?? null,
+      staleAfterMs: fixture.certificationStaleAfterMs,
+      requireCurrentIntegrationContract: true
+    });
+    const actionProof = verifyActionProductionProofEvidence(fixture.actionProductionProofEvidence, {
+      expectedRecordId,
+      staleAfterMs: scenarioStaleAfterMs,
+      now
+    });
+    if (actionProof.ok !== true) {
+      return createConformanceScenarioResult({
+        fixture,
+        expectedAccepted,
+        accepted: false,
+        failureCode: "action_proof_verification_failed",
+        detail: actionProof.failedChecks?.[0]?.name ?? actionProof.status,
+        verifiedAgent,
+        actionProof
+      });
+    }
+    const approvalDomain = requireCurrentApprovalDomain(fixture.actionProductionProofEvidence, {
+      action: fixture.action ?? null
+    });
+    return createConformanceScenarioResult({
+      fixture,
+      expectedAccepted,
+      accepted: true,
+      failureCode: null,
+      detail: "accepted",
+      verifiedAgent,
+      actionProof,
+      approvalDomain
+    });
+  } catch (error) {
+    return createConformanceScenarioResult({
+      fixture,
+      expectedAccepted,
+      accepted: false,
+      failureCode: classifyConformanceError(error),
+      detail: error.message,
+      errorName: error.name
+    });
+  }
+}
+function createConformanceScenarioResult({
+  fixture,
+  expectedAccepted,
+  accepted,
+  failureCode,
+  detail,
+  errorName = null,
+  verifiedAgent = null,
+  actionProof = null,
+  approvalDomain = null
+}) {
+  const expectedFailureCode = expectedAccepted ? null : fixture.expectedFailureCode ?? null;
+  const ok = accepted === expectedAccepted &&
+    (expectedAccepted || !expectedFailureCode || failureCode === expectedFailureCode);
+  return {
+    id: fixture.id,
+    label: fixture.label,
+    ok,
+    expectedAccepted,
+    accepted,
+    expectedFailureCode,
+    failureCode,
+    errorName,
+    detail,
+    requirement: fixture.requirement,
+    verification: verifiedAgent
+      ? {
+          ok: verifiedAgent.ok,
+          status: verifiedAgent.status,
+          certificationHash: verifiedAgent.certificationHash,
+          recordId: verifiedAgent.recordId
+        }
+      : null,
+    actionProductionProof: actionProof
+      ? {
+          ok: actionProof.ok,
+          status: actionProof.status,
+          recordId: actionProof.recordId,
+          evidenceHash: actionProof.evidenceHash,
+          failedCheckCount: actionProof.failedCheckCount,
+          failedChecks: actionProof.failedChecks?.slice(0, 3) ?? []
+        }
+      : null,
+    approvalDomain: approvalDomain
+      ? {
+          ok: approvalDomain.ok,
+          status: approvalDomain.status,
+          domain: approvalDomain.domain,
+          expectedDomain: approvalDomain.expectedDomain
+        }
+      : null
+  };
+}
+function classifyConformanceError(error) {
+  if (error?.name === "SvsCurrentApprovalDomainError") {
+    return error.details?.nextAction?.code ?? "approval_domain_not_current";
+  }
+  if (/SVS verified agent requirement failed/.test(error?.message ?? "")) {
+    return "verified_agent_requirement_failed";
+  }
+  return "unexpected_error";
+}
+function createConformanceCertification({
+  recordId,
+  ok = true,
+  qualityReady = true,
+  score = 100,
+  status = "excellent"
+} = {}) {
+  return {
+    ok,
+    certification: {
+      certificationHash: ok ? "a".repeat(64) : null,
+      recordId
+    },
+    qualityTarget: {
+      ready: qualityReady,
+      score,
+      targetScore: 100,
+      status
+    },
+    integrationContract: {
+      ok,
+      status: ok ? "current" : "missing"
+    },
+    proofs: {
+      actionRecordVerificationOk: ok
+    },
+    nextAction: ok
+      ? { code: "none", message: "Production certification is current." }
+      : { code: "complete_certification", message: "Complete SVS production certification before protocol acceptance." }
+  };
+}
+function createConformanceActionProofEvidence({
+  generatedAt,
+  botId,
+  recordId,
+  approvalDomain,
+  approvalDomainStatus,
+  requestSignatureVerified = true,
+  receiptRegistryConfirmed = true
+} = {}) {
+  const unsigned = {
+    version: ACTION_PRODUCTION_PROOF_EVIDENCE_VERSION,
+    generatedAt,
+    source: {
+      recordPath: `data/actions/${recordId}.json`,
+      statusVersion: "svs.action-production-proof-status.v1"
+    },
+    productionProof: {
+      ready: true,
+      status: "ready",
+      recordId,
+      botId,
+      receiptId: "svs-conformance-receipt-1",
+      nextAction: { code: "none", message: "Production proof is ready." },
+      checks: []
+    },
+    request: {
+      authenticatedBotId: requestSignatureVerified ? botId : null,
+      requestSignatureVerified,
+      requestSignatureSlot: requestSignatureVerified ? "primary" : null,
+      requestSignatureVersion: requestSignatureVerified ? "v1" : null,
+      requestNonce: requestSignatureVerified ? "svs-conformance-nonce-1" : null,
+      requestId: "svs-conformance-request-1",
+      idempotencyKey: "svs-conformance-request-1",
+      requestTimestamp: generatedAt
+    },
+    humanApproval: {
+      approved: true,
+      reviewer: "operator",
+      signer: "ConformanceController111111111111111111111111",
+      verified: true,
+      messageHash: "c".repeat(64),
+      domain: approvalDomain,
+      domainStatus: approvalDomainStatus,
+      currentDomain: approvalDomainStatus === "current",
+      legacyDomainCompatible: approvalDomainStatus === "legacy_compatible"
+    },
+    broadcast: {
+      confirmed: true,
+      signature: "svs-conformance-broadcast-signature",
+      confirmationStatus: "confirmed",
+      slot: 100,
+      rpcUrl: "https://api.devnet.solana.com"
+    },
+    receiptRegistry: {
+      confirmed: receiptRegistryConfirmed,
+      signature: receiptRegistryConfirmed ? "svs-conformance-registry-signature" : null,
+      confirmationStatus: receiptRegistryConfirmed ? "confirmed" : null,
+      slot: receiptRegistryConfirmed ? 101 : null,
+      programId: "ReceiptRegistry111111111111111111111111111111",
+      receiptAccount: receiptRegistryConfirmed ? "ReceiptAccount111111111111111111111111111111" : null,
+      planHash: receiptRegistryConfirmed ? "d".repeat(64) : null,
+      transactionPlanHash: receiptRegistryConfirmed ? "e".repeat(64) : null
+    },
+    actionRecordVerification: {
+      ok: true,
+      version: "svs.action-record-verification.v1",
+      checkedAt: generatedAt,
+      receiptId: "svs-conformance-receipt-1",
+      receiptAccount: receiptRegistryConfirmed ? "ReceiptAccount111111111111111111111111111111" : null,
+      registryTransactionSignature: receiptRegistryConfirmed ? "svs-conformance-registry-signature" : null,
+      failedCheckCount: 0
+    },
+    policy: {
+      controllerWallet: "ConformanceController111111111111111111111111",
+      policyHash: "f".repeat(64),
+      intentHash: "1".repeat(64),
+      simulationHash: "2".repeat(64)
+    },
+    reportSafety: {
+      secretsIncluded: false,
+      redactedFields: [
+        "SVS_BOT_API_KEY",
+        "SVS_BOT_REQUEST_SIGNING_SECRET",
+        "SVS_BOT_PENDING_REQUEST_SIGNING_SECRET",
+        "apiKey",
+        "requestSigningSecret",
+        "pendingRequestSigningSecret",
+        "webhookSecret"
+      ]
+    }
+  };
+  return {
+    ...unsigned,
+    evidenceHash: hashObject(unsigned)
+  };
+}
+function normalizeDate(value) {
+  return value instanceof Date ? value : new Date(value);
+}