casper-trust 0.1.0

package/README.md

@@ -0,0 +1,73 @@
+# casper-trust
+
+The settled-payment trust layer for Casper agents — read an agent's reputation in one line, gate x402 payments on it.
+
+## What it is
+
+`casper-trust` wraps three on-chain contracts (identity registry, reputation ledger, escrow) deployed on `casper-test` and exposes them through a minimal TypeScript SDK. The read path is wallet-free and gas-free. The payment path delegates the 402-handshake to `@make-software/casper-x402` + `@x402/fetch`; this SDK adds the trust-score gate on top.
+
+## Install
+
+```bash
+npm install casper-trust
+```
+
+## Wallet-free quickstart
+
+No wallet, no gas. Read any agent's trust score in one call:
+
+```ts
+import { createTrustClient, checkTrust } from "casper-trust";
+
+const client = createTrustClient();              // reads from casper-test by default
+const result = await checkTrust(client, 1);      // agentId = 1
+console.log(result.trusted, result.score);       // e.g. true, 9500n (basis points)
+```
+
+`result.trusted` is `true` when the agent is Active and `score >= minScore` (default 0).
+
+## Trust-gated x402 payment
+
+```ts
+import { createTrustClient, pay, type X402TrustClient } from "casper-trust";
+import { toClientCasperSigner } from "@make-software/casper-x402";
+
+const signer = toClientCasperSigner(yourCasperAccount);
+const client: X402TrustClient = { ...createTrustClient(), signer };
+
+const response = await pay(client, {
+  url: "https://api.example.com/protected-resource",
+  providerAgentId: 1,   // on-chain identity id of the provider
+  minScore: 5000n,      // gate: reject if score < 50 % (basis points)
+});
+```
+
+`pay()` throws `TrustGateError` before sending any money if the provider's on-chain score is below `minScore`.
+
+## API reference
+
+| Export | Description |
+|---|---|
+| `createTrustClient(overrides?)` | Returns `{ cfg, rpc }` — wallet-free read client |
+| `checkTrust(client, agentId, opts?)` | Full trust check; returns `TrustResult` |
+| `getReputation(client, agentId)` | Raw `Reputation` (jobsCompleted, scoreBps, …) |
+| `getAgent(client, agentId)` | Raw `Agent` (owner, wallet, status, bond) or `null` |
+| `pay(client, req)` | Trust-gated x402 v2 fetch |
+| `gateByTrust(checkFn, agentId, minScore)` | Standalone gate (throws `TrustGateError`) |
+| `register(cfg, signer, uri, bond)` | Build+sign a register transaction (no submit) |
+| `attestSettlement(cfg, params)` | Build the 4-tx settlement sequence (no submit) |
+| `CASPER_TEST` | Default `NetworkConfig` (testnet RPC + contract hashes) |
+
+## x402 delegation
+
+The 402-handshake (retry loop, `PAYMENT-SIGNATURE` header, amount field) is fully delegated to `@make-software/casper-x402` and `@x402/fetch`. `casper-trust` adds only the trust-score check before the handshake starts.
+
+## Network / contracts
+
+Live on `casper-test`. Contract package hashes are in `CASPER_TEST` (see `src/config.ts`) and documented with their field-index calibration in `.git/sdd/task-3-report.md` and `DEPLOYMENT.md`.
+
+> The wallet-free read path is live-verified against testnet. The full x402 payment handshake is unit-tested at the gating level; an end-to-end live run against a funded facilitator token is tracked in the demo task.
+
+## License
+
+MIT

package/dist/config.d.ts

@@ -0,0 +1,34 @@
+export interface NetworkConfig {
+    rpcUrl: string;
+    authToken?: string;
+    chainName: string;
+    facilitatorUrl: string;
+    packages: {
+        identity: string;
+        reputation: string;
+        escrow: string;
+        cep18: string;
+    };
+    /** Odra field indices — CALIBRATED against live data in Task 3, not assumed from source. */
+    fields: {
+        identity: {
+            escrowVarIndex: number;
+            agents: number;
+            count: number;
+        };
+        reputation: {
+            escrowVarIndex: number;
+            identityVarIndex: number;
+            reps: number;
+            pairs: number;
+        };
+        escrow: {
+            identityVarIndex: number;
+            reputationVarIndex: number;
+            tokenVarIndex: number;
+            jobs: number;
+            count: number;
+        };
+    };
+}
+export declare const CASPER_TEST: NetworkConfig;

package/dist/config.js

@@ -0,0 +1,38 @@
+export const CASPER_TEST = {
+    rpcUrl: process.env.CSPR_CLOUD_TOKEN
+        ? "https://node.testnet.cspr.cloud/rpc"
+        : "https://node.testnet.casper.network/rpc",
+    authToken: process.env.CSPR_CLOUD_TOKEN,
+    chainName: "casper-test",
+    facilitatorUrl: "https://x402-facilitator.cspr.cloud",
+    packages: {
+        identity: "3a51cc5f4c524f806b3b8899039030bbad141005f81ab99895615d8f050c7adc",
+        reputation: "d73fb11144c07ec05071cf986ad65b407f2da91bd871b0c10f67a974832ee7eb",
+        escrow: "fe6b0ddb307549cc9101659abcfaf114e37a8d99461c0632cbce582ebdc4902c",
+        cep18: "f962076e6c2ba423aaade9f75935ff37ef4aa4cde6077bac9a259af141c3d5c6",
+    },
+    // Indices CALIBRATED live against testnet in Task 3 — uniform +1 offset from source order.
+    // Evidence: all three contracts store the admin Address at live idx 0; declared fields
+    // shift up by 1.  See task-3-report.md for the full scan log.
+    fields: {
+        //                      source-order  →  live idx (offset +1 confirmed on all 3 contracts)
+        identity: {
+            escrowVarIndex: 2, // source 1 → live 2
+            agents: 3, // Mapping source 2 → live 3
+            count: 4, // source 3 → live 4
+        },
+        reputation: {
+            escrowVarIndex: 2, // source 1 → live 2
+            identityVarIndex: 3, // source 2 → live 3
+            reps: 4, // Mapping source 3 → live 4
+            pairs: 5, // Mapping source 4 → live 5
+        },
+        escrow: {
+            identityVarIndex: 1, // source 0 → live 1
+            reputationVarIndex: 2, // source 1 → live 2
+            tokenVarIndex: 3, // source 2 → live 3
+            jobs: 4, // Mapping source 3 → live 4
+            count: 5, // source 4 → live 5
+        },
+    },
+};

package/dist/index.d.ts

@@ -0,0 +1,24 @@
+import { type NetworkConfig } from "./config.js";
+import type { TrustClient } from "./trust/index.js";
+export { checkTrust, getReputation, getAgent, type TrustClient } from "./trust/index.js";
+export { pay, gateByTrust, TrustGateError, type PayRequest, type X402TrustClient } from "./x402/index.js";
+/**
+ * Build-and-sign helpers (offline mode).
+ *
+ * These functions BUILD and SIGN a transaction but do NOT submit it.
+ * To submit, call `rpc.putTransaction(tx)` with the returned Transaction object.
+ * Example:
+ *   const tx = register(cfg, signer, uri, bond);
+ *   await c.rpc.putTransaction(tx);
+ */
+export { buildRegister as register, buildAttestSettlement as attestSettlement, } from "./registry/index.js";
+export type { Reputation, Agent, TrustResult } from "./types.js";
+export { CASPER_TEST, type NetworkConfig } from "./config.js";
+/**
+ * Creates a wallet-free read-only trust client for casper-test (or overridden network).
+ *
+ * Returns { cfg, rpc } — sufficient for checkTrust / getReputation / getAgent.
+ * For x402 payments (pay()), construct an X402TrustClient by adding a signer:
+ *   const c: X402TrustClient = { ...createTrustClient(), signer };
+ */
+export declare function createTrustClient(overrides?: Partial<NetworkConfig>): TrustClient;

package/dist/index.js

@@ -0,0 +1,26 @@
+import { CASPER_TEST } from "./config.js";
+import { makeRpcClient } from "./rpc/client.js";
+export { checkTrust, getReputation, getAgent } from "./trust/index.js";
+export { pay, gateByTrust, TrustGateError } from "./x402/index.js";
+/**
+ * Build-and-sign helpers (offline mode).
+ *
+ * These functions BUILD and SIGN a transaction but do NOT submit it.
+ * To submit, call `rpc.putTransaction(tx)` with the returned Transaction object.
+ * Example:
+ *   const tx = register(cfg, signer, uri, bond);
+ *   await c.rpc.putTransaction(tx);
+ */
+export { buildRegister as register, buildAttestSettlement as attestSettlement, } from "./registry/index.js";
+export { CASPER_TEST } from "./config.js";
+/**
+ * Creates a wallet-free read-only trust client for casper-test (or overridden network).
+ *
+ * Returns { cfg, rpc } — sufficient for checkTrust / getReputation / getAgent.
+ * For x402 payments (pay()), construct an X402TrustClient by adding a signer:
+ *   const c: X402TrustClient = { ...createTrustClient(), signer };
+ */
+export function createTrustClient(overrides = {}) {
+    const cfg = { ...CASPER_TEST, ...overrides };
+    return { cfg, rpc: makeRpcClient(cfg) };
+}

package/dist/odra/bytesrepr.d.ts

@@ -0,0 +1,14 @@
+export declare class Reader {
+    b: Uint8Array;
+    o: number;
+    constructor(b: Uint8Array, o?: number);
+}
+export declare const u8: (r: Reader) => number;
+export declare const u32: (r: Reader) => number;
+export declare const u64: (r: Reader) => bigint;
+export declare const uN: (r: Reader) => bigint;
+export declare const bool: (r: Reader) => boolean;
+export declare const str: (r: Reader) => string;
+export declare const addr: (r: Reader) => string;
+export declare const option: <T>(r: Reader, f: (r: Reader) => T) => T | null;
+export declare const unitEnum: (r: Reader, names: string[]) => string;

package/dist/odra/bytesrepr.js

@@ -0,0 +1,38 @@
+export class Reader {
+    b;
+    o;
+    constructor(b, o = 0) {
+        this.b = b;
+        this.o = o;
+    }
+}
+export const u8 = (r) => r.b[r.o++];
+export const u32 = (r) => {
+    const v = new DataView(r.b.buffer, r.b.byteOffset + r.o, 4).getUint32(0, true);
+    r.o += 4;
+    return v;
+};
+export const u64 = (r) => { const lo = BigInt(u32(r)), hi = BigInt(u32(r)); return hi * (2n ** 32n) + lo; };
+export const uN = (r) => {
+    const n = u8(r);
+    let v = 0n;
+    for (let i = 0; i < n; i++)
+        v += BigInt(r.b[r.o + i]) << (8n * BigInt(i));
+    r.o += n;
+    return v;
+};
+export const bool = (r) => u8(r) === 1;
+export const str = (r) => {
+    const n = u32(r);
+    const s = new TextDecoder().decode(r.b.slice(r.o, r.o + n));
+    r.o += n;
+    return s;
+};
+export const addr = (r) => {
+    const tag = u8(r);
+    const h = Buffer.from(r.b.slice(r.o, r.o + 32)).toString("hex");
+    r.o += 32;
+    return (tag === 0 ? "account-hash-" : "contract-") + h;
+};
+export const option = (r, f) => (u8(r) === 1 ? f(r) : null);
+export const unitEnum = (r, names) => names[u8(r)];

package/dist/odra/keys.d.ts

@@ -0,0 +1,2 @@
+export declare const varKey: (fieldIndex: number) => string;
+export declare const mapKeyU32: (fieldIndex: number, mapKey: number) => string;

package/dist/odra/keys.js

@@ -0,0 +1,17 @@
+import { blake2b } from "blakejs";
+const u32LE = (n) => {
+    const b = new Uint8Array(4);
+    new DataView(b.buffer).setUint32(0, n >>> 0, true);
+    return b;
+};
+const u32BE = (n) => {
+    const b = new Uint8Array(4);
+    new DataView(b.buffer).setUint32(0, n >>> 0, false);
+    return b;
+};
+// Odra: index_bytes = u32 big-endian of the field index for indices <= 15.
+const idxBytes = (i) => (i > 15 ? Uint8Array.from([0xff, 1, i]) : u32BE(i));
+const cat = (a, b) => { const o = new Uint8Array(a.length + b.length); o.set(a); o.set(b, a.length); return o; };
+const hex = (b) => Buffer.from(b).toString("hex");
+export const varKey = (fieldIndex) => hex(blake2b(idxBytes(fieldIndex), undefined, 32));
+export const mapKeyU32 = (fieldIndex, mapKey) => hex(blake2b(cat(idxBytes(fieldIndex), u32LE(mapKey)), undefined, 32));

package/dist/odra/read.d.ts

@@ -0,0 +1,10 @@
+import { type RpcClient } from "casper-js-sdk";
+/**
+ * Reads a single Odra dictionary item from the "state" named key on a contract.
+ *
+ * Returns the raw payload bytes with the 4-byte List<U8> length prefix stripped,
+ * or null if the item does not exist (Odra stores type-defaults as absent keys).
+ *
+ * itemKeyHex: hex string of the dictionary item key (from varKey() / mapKeyU32())
+ */
+export declare function readOdraValue(rpc: RpcClient, contractHashHex: string, itemKeyHex: string): Promise<Uint8Array | null>;

package/dist/odra/read.js

@@ -0,0 +1,42 @@
+import { ParamDictionaryIdentifier, ParamDictionaryIdentifierContractNamedKey, } from "casper-js-sdk";
+/**
+ * Reads a single Odra dictionary item from the "state" named key on a contract.
+ *
+ * Returns the raw payload bytes with the 4-byte List<U8> length prefix stripped,
+ * or null if the item does not exist (Odra stores type-defaults as absent keys).
+ *
+ * itemKeyHex: hex string of the dictionary item key (from varKey() / mapKeyU32())
+ */
+export async function readOdraValue(rpc, contractHashHex, itemKeyHex) {
+    // contractNamedKey must be a proper class instance (TypedJSON rejects plain objects)
+    const contractNamedKey = new ParamDictionaryIdentifierContractNamedKey(`hash-${contractHashHex}`, "state", itemKeyHex);
+    const id = new ParamDictionaryIdentifier(undefined, contractNamedKey, undefined, undefined);
+    try {
+        const res = await rpc.getDictionaryItemByIdentifier(null, id);
+        // Use rawJSON (the raw RPC response) to get the hex bytes string.
+        // Path: rawJSON.stored_value.CLValue.bytes — snake_case keys in raw JSON.
+        // CLValue encoding for List<U8>: 4-byte LE length prefix followed by payload.
+        const clHex = res.rawJSON?.stored_value?.CLValue?.bytes;
+        if (typeof clHex !== "string" || clHex.length === 0) {
+            // Fallback: clValue.bytes() returns the full CLValue byte encoding for List<U8>,
+            // which is a 4-byte LE u32 length prefix followed by the payload — same layout
+            // as the rawJSON hex path above, so we slice(4) identically.
+            const clBytes = res.storedValue.clValue?.bytes();
+            if (!clBytes || clBytes.length < 4)
+                return null;
+            return clBytes.slice(4);
+        }
+        const full = Uint8Array.from(Buffer.from(clHex, "hex"));
+        // Strip 4-byte LE u32 length prefix that Odra prepends to every List<U8>
+        return full.slice(4);
+    }
+    catch (e) {
+        // getDictionaryItemByIdentifier wraps the JSON-RPC error: the -32003 (QueryFailed)
+        // code is on e.statusCode / e.sourceErr.code, NOT e.code. -32003 = the key is simply
+        // absent (Odra stores type-defaults as missing keys); any other error must propagate.
+        const code = e?.code ?? e?.statusCode ?? e?.sourceErr?.code;
+        if (code === -32003)
+            return null;
+        throw e;
+    }
+}

package/dist/registry/index.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Registry write-path: register (via proxy_caller_with_return.wasm), token approve,
+ * escrow create_job / submit_work / approve, and attestSettlement orchestration.
+ *
+ * proxy_caller arg names are taken verbatim from odra-core-2.8.1 consts.rs:
+ *   PACKAGE_HASH_ARG     = "package_hash"
+ *   ENTRY_POINT_ARG      = "entry_point"
+ *   ARGS_ARG             = "args"
+ *   ATTACHED_VALUE_ARG   = "attached_value"
+ *   AMOUNT_ARG           = "amount"
+ * (source: odra-casper-rpc-client/src/casper_client/transactions.rs lines 17, 159-164)
+ *
+ * Live submission (putTransaction) is intentionally absent — deferred to a funded-key run.
+ */
+import { type PrivateKey, type Transaction } from "casper-js-sdk";
+import type { NetworkConfig } from "../config.js";
+/**
+ * Builds and signs a register transaction routed through proxy_caller_with_return.wasm.
+ *
+ * The proxy receives five outer runtime args (names from odra-core-2.8.1/src/consts.rs):
+ *   package_hash    — Key::Hash wrapping the identity registry package hash
+ *   entry_point     — String "register"
+ *   args            — ByteArray of the CL-serialized inner RuntimeArgs (agent_uri: String)
+ *   attached_value  — UInt512 bond in motes (actual CSPR attached to the call)
+ *   amount          — UInt512 same value (grants main-purse access to the proxy)
+ *
+ * Does NOT submit. Returns the signed Transaction for offline inspection.
+ */
+export declare function buildRegister(cfg: NetworkConfig, signer: PrivateKey, agentUri: string, bondMotes: bigint, gasMotes?: number): Transaction;
+/**
+ * Builds and signs a CEP-18 approve transaction.
+ * `spenderPackageHash` is the bare 64-hex package hash of the escrow contract.
+ */
+export declare function buildApproveToken(cfg: NetworkConfig, signer: PrivateKey, spenderPackageHash: string, amount: bigint): Transaction;
+export interface CreateJobParams {
+    clientId: number;
+    provider: number;
+    amount: bigint;
+    deadline: number;
+}
+export declare function buildCreateJob(cfg: NetworkConfig, signer: PrivateKey, p: CreateJobParams): Transaction;
+export declare function buildSubmitWork(cfg: NetworkConfig, signer: PrivateKey, jobId: bigint, resultHash: string): Transaction;
+export declare function buildApproveJob(cfg: NetworkConfig, signer: PrivateKey, jobId: bigint): Transaction;
+export interface AttestSettlementParams {
+    clientSigner: PrivateKey;
+    providerSigner: PrivateKey;
+    clientId: number;
+    providerId: number;
+    tokenAmount: bigint;
+    deadline: number;
+    jobId: bigint;
+    resultHash: string;
+}
+/**
+ * Builds the ordered transaction sequence for a full settlement:
+ *   1. approveToken  (client approves escrow to spend tokens)
+ *   2. createJob     (client locks funds in escrow)
+ *   3. submitWork    (provider submits deliverable hash)
+ *   4. approveJob    (client approves work, triggers 2% burn + reputation update)
+ *
+ * Returns the four built+signed Transaction objects in sequence order so the
+ * caller can inspect structure offline, then submit in order with waitForTx
+ * between each when a funded key is available.
+ *
+ * Does NOT submit any transaction.
+ */
+export declare function buildAttestSettlement(cfg: NetworkConfig, p: AttestSettlementParams): {
+    approveTx: Transaction;
+    createJobTx: Transaction;
+    submitWorkTx: Transaction;
+    approveJobTx: Transaction;
+};

package/dist/registry/index.js

@@ -0,0 +1,170 @@
+/**
+ * Registry write-path: register (via proxy_caller_with_return.wasm), token approve,
+ * escrow create_job / submit_work / approve, and attestSettlement orchestration.
+ *
+ * proxy_caller arg names are taken verbatim from odra-core-2.8.1 consts.rs:
+ *   PACKAGE_HASH_ARG     = "package_hash"
+ *   ENTRY_POINT_ARG      = "entry_point"
+ *   ARGS_ARG             = "args"
+ *   ATTACHED_VALUE_ARG   = "attached_value"
+ *   AMOUNT_ARG           = "amount"
+ * (source: odra-casper-rpc-client/src/casper_client/transactions.rs lines 17, 159-164)
+ *
+ * Live submission (putTransaction) is intentionally absent — deferred to a funded-key run.
+ */
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname, resolve } from "node:path";
+import { ContractCallBuilder, SessionBuilder, Args, CLValue, CLTypeUInt8, Key, } from "casper-js-sdk";
+// ---------------------------------------------------------------------------
+// Wasm path: sdk/assets/proxy_caller_with_return.wasm (copied from contracts/)
+// ---------------------------------------------------------------------------
+function loadProxyCallerWasm() {
+    const __dirname = dirname(fileURLToPath(import.meta.url));
+    const wasmPath = resolve(__dirname, "../../assets/proxy_caller_with_return.wasm");
+    const buf = readFileSync(wasmPath);
+    return new Uint8Array(buf);
+}
+// ---------------------------------------------------------------------------
+// Internal non-payable contract call builder (no submission)
+// ---------------------------------------------------------------------------
+/**
+ * Default gas for a small stored-contract call. casper-test assigns a V1 tx to a
+ * lane by its serialized size, then requires the PaymentLimited amount to match
+ * that lane's gas limit — a small call (≤65_536 bytes, args ≤512) lands in the
+ * "wasm lane 5" whose gas_limit is exactly 5 CSPR. Paying less (1.5/2.5 CSPR) is
+ * rejected at submission with "Invalid payment amount for Transaction::V1".
+ * (Live-verified against the testnet chainspec wasm_lanes config.)
+ */
+const CALL_GAS_MOTES = 5_000_000_000;
+function buildCall(cfg, signer, pkgHash, entry, args, gasMotes = CALL_GAS_MOTES) {
+    const tx = new ContractCallBuilder()
+        .from(signer.publicKey)
+        .byPackageHash(pkgHash)
+        .entryPoint(entry)
+        .runtimeArgs(args)
+        .chainName(cfg.chainName)
+        .payment(gasMotes)
+        .build();
+    tx.sign(signer);
+    return tx;
+}
+// ---------------------------------------------------------------------------
+// register — payable via proxy_caller_with_return.wasm
+// ---------------------------------------------------------------------------
+/**
+ * Builds and signs a register transaction routed through proxy_caller_with_return.wasm.
+ *
+ * The proxy receives five outer runtime args (names from odra-core-2.8.1/src/consts.rs):
+ *   package_hash    — Key::Hash wrapping the identity registry package hash
+ *   entry_point     — String "register"
+ *   args            — ByteArray of the CL-serialized inner RuntimeArgs (agent_uri: String)
+ *   attached_value  — UInt512 bond in motes (actual CSPR attached to the call)
+ *   amount          — UInt512 same value (grants main-purse access to the proxy)
+ *
+ * Does NOT submit. Returns the signed Transaction for offline inspection.
+ */
+export function buildRegister(cfg, signer, agentUri, bondMotes, gasMotes = 3_000_000_000) {
+    const wasm = loadProxyCallerWasm();
+    // CL-serialise the inner args that proxy_caller forwards to identity::register.
+    const innerArgs = Args.fromMap({
+        agent_uri: CLValue.newCLString(agentUri),
+    });
+    const innerBytes = innerArgs.toBytes();
+    const bond = bondMotes.toString();
+    // proxy_caller_with_return arg types are dictated by ProxyCall::load_from_args()
+    // (odra-casper/proxy-caller/src/lib.rs @ 2.8.0):
+    //   let package_hash       = get_named_arg(PACKAGE_HASH_ARG);   // PackageHash
+    //   let entry_point_name   = get_named_arg(ENTRY_POINT_ARG);    // String
+    //   let runtime_args: Bytes = get_named_arg(ARGS_ARG);          // Bytes  == List<U8>
+    //   let attached_value: U512 = get_named_arg(ATTACHED_VALUE_ARG);
+    //
+    //   * PackageHash::cl_type() == ByteArray(32)  -> raw 32 hash bytes (NOT a Key).
+    //   * Bytes::cl_type()       == List<U8>       -> 4-byte LE length prefix + payload.
+    //
+    // Live-verified: encoding `args` as ByteArray (no length prefix) OR `package_hash`
+    // as a Key both yield ApiError::InvalidArgument on register. The host's typed
+    // get_named_arg rejects any CLType mismatch before the entry point runs.
+    const pkgBytes = Uint8Array.from(Buffer.from(cfg.packages.identity, "hex"));
+    const innerArgsList = CLValue.newCLList(CLTypeUInt8, Array.from(innerBytes, (b) => CLValue.newCLUint8(b)));
+    const tx = new SessionBuilder()
+        .from(signer.publicKey)
+        .wasm(wasm)
+        .runtimeArgs(Args.fromMap({
+        package_hash: CLValue.newCLByteArray(pkgBytes),
+        entry_point: CLValue.newCLString("register"),
+        args: innerArgsList,
+        attached_value: CLValue.newCLUInt512(bond),
+        amount: CLValue.newCLUInt512(bond),
+    }))
+        .chainName(cfg.chainName)
+        .payment(gasMotes)
+        .build();
+    tx.sign(signer);
+    return tx;
+}
+// ---------------------------------------------------------------------------
+// approveToken — CEP-18 approve(spender, amount)
+// ---------------------------------------------------------------------------
+/**
+ * Builds and signs a CEP-18 approve transaction.
+ * `spenderPackageHash` is the bare 64-hex package hash of the escrow contract.
+ */
+export function buildApproveToken(cfg, signer, spenderPackageHash, amount) {
+    // CEP-18 approve expects `spender` as a Key (package/hash variant).
+    const spenderKey = Key.newKey("hash-" + spenderPackageHash);
+    return buildCall(cfg, signer, cfg.packages.cep18, "approve", Args.fromMap({
+        spender: CLValue.newCLKey(spenderKey),
+        amount: CLValue.newCLUInt256(amount.toString()),
+    }));
+}
+export function buildCreateJob(cfg, signer, p) {
+    return buildCall(cfg, signer, cfg.packages.escrow, "create_job", Args.fromMap({
+        client_id: CLValue.newCLUInt32(p.clientId),
+        provider: CLValue.newCLUInt32(p.provider),
+        amount: CLValue.newCLUInt256(p.amount.toString()),
+        deadline: CLValue.newCLUint64(p.deadline),
+    }));
+}
+// ---------------------------------------------------------------------------
+// submitWork — Escrow submit_work(job_id, result_hash)
+// ---------------------------------------------------------------------------
+export function buildSubmitWork(cfg, signer, jobId, resultHash) {
+    return buildCall(cfg, signer, cfg.packages.escrow, "submit_work", Args.fromMap({
+        job_id: CLValue.newCLUint64(jobId.toString()),
+        result_hash: CLValue.newCLString(resultHash),
+    }));
+}
+// ---------------------------------------------------------------------------
+// approveJob — Escrow approve(job_id)
+// ---------------------------------------------------------------------------
+export function buildApproveJob(cfg, signer, jobId) {
+    return buildCall(cfg, signer, cfg.packages.escrow, "approve", Args.fromMap({
+        job_id: CLValue.newCLUint64(jobId.toString()),
+    }));
+}
+/**
+ * Builds the ordered transaction sequence for a full settlement:
+ *   1. approveToken  (client approves escrow to spend tokens)
+ *   2. createJob     (client locks funds in escrow)
+ *   3. submitWork    (provider submits deliverable hash)
+ *   4. approveJob    (client approves work, triggers 2% burn + reputation update)
+ *
+ * Returns the four built+signed Transaction objects in sequence order so the
+ * caller can inspect structure offline, then submit in order with waitForTx
+ * between each when a funded key is available.
+ *
+ * Does NOT submit any transaction.
+ */
+export function buildAttestSettlement(cfg, p) {
+    const approveTx = buildApproveToken(cfg, p.clientSigner, cfg.packages.escrow, p.tokenAmount);
+    const createJobTx = buildCreateJob(cfg, p.clientSigner, {
+        clientId: p.clientId,
+        provider: p.providerId,
+        amount: p.tokenAmount,
+        deadline: p.deadline,
+    });
+    const submitWorkTx = buildSubmitWork(cfg, p.providerSigner, p.jobId, p.resultHash);
+    const approveJobTx = buildApproveJob(cfg, p.clientSigner, p.jobId);
+    return { approveTx, createJobTx, submitWorkTx, approveJobTx };
+}

package/dist/rpc/client.d.ts

@@ -0,0 +1,3 @@
+import { RpcClient } from "casper-js-sdk";
+import type { NetworkConfig } from "../config.js";
+export declare function makeRpcClient(cfg: NetworkConfig): RpcClient;

package/dist/rpc/client.js

@@ -0,0 +1,7 @@
+import { HttpHandler, RpcClient } from "casper-js-sdk";
+export function makeRpcClient(cfg) {
+    const handler = new HttpHandler(cfg.rpcUrl, "fetch");
+    if (cfg.authToken)
+        handler.setCustomHeaders({ Authorization: cfg.authToken });
+    return new RpcClient(handler);
+}

package/dist/rpc/resolve.d.ts

@@ -0,0 +1,9 @@
+import type { RpcClient } from "casper-js-sdk";
+/**
+ * Resolves a ContractPackage hash to its active contract hash + the "state" URef.
+ * The "state" URef is the Odra dictionary seed for reading stored fields.
+ */
+export declare function resolvePackage(rpc: RpcClient, packageHashHex: string): Promise<{
+    contractHash: string;
+    stateUref: string;
+}>;

package/dist/rpc/resolve.js

@@ -0,0 +1,27 @@
+/**
+ * Resolves a ContractPackage hash to its active contract hash + the "state" URef.
+ * The "state" URef is the Odra dictionary seed for reading stored fields.
+ */
+export async function resolvePackage(rpc, packageHashHex) {
+    const pkg = await rpc.queryLatestGlobalState(`hash-${packageHashHex}`, []);
+    // StoredValue.contractPackage — lowercase 'c' in casper-js-sdk v5
+    const versions = pkg.storedValue.contractPackage?.versions;
+    if (!versions || versions.length === 0) {
+        throw new Error(`No versions found in package ${packageHashHex}`);
+    }
+    // contractHash is a ContractHash object — use .hash.toHex() for raw 64-char hex
+    const latestVersion = versions[versions.length - 1];
+    const contractHash = latestVersion.contractHash.hash.toHex();
+    const contractResult = await rpc.queryLatestGlobalState(`hash-${contractHash}`, []);
+    // StoredValue.contract.namedKeys is NamedKey[] — NamedKey.key is a Key object
+    const namedKeys = contractResult.storedValue.contract?.namedKeys;
+    if (!namedKeys) {
+        throw new Error(`No namedKeys on contract ${contractHash}`);
+    }
+    const stateEntry = namedKeys.find((k) => k.name === "state");
+    if (!stateEntry) {
+        throw new Error(`No 'state' named key on contract ${contractHash}`);
+    }
+    // Key.toPrefixedString() returns "uref-<hex>-<access>" format
+    return { contractHash, stateUref: stateEntry.key.toPrefixedString() };
+}

package/dist/trust/decode.d.ts

@@ -0,0 +1,3 @@
+import type { Reputation, Agent } from "../types.js";
+export declare function decodeReputation(p: Uint8Array): Reputation;
+export declare function decodeAgent(p: Uint8Array): Agent;

package/dist/trust/decode.js

@@ -0,0 +1,21 @@
+import { Reader, u32, u64, uN, str, addr, unitEnum } from "../odra/bytesrepr.js";
+export function decodeReputation(p) {
+    const r = new Reader(p);
+    return {
+        jobsCompleted: u64(r),
+        totalVolume: uN(r),
+        distinctClients: u32(r),
+        scoreBps: uN(r),
+        grantedOutBps: uN(r),
+    };
+}
+export function decodeAgent(p) {
+    const r = new Reader(p);
+    return {
+        owner: addr(r),
+        wallet: addr(r),
+        agentUri: str(r),
+        bond: uN(r),
+        status: unitEnum(r, ["Active", "Slashed", "Withdrawn"]),
+    };
+}

package/dist/trust/index.d.ts

@@ -0,0 +1,12 @@
+import type { RpcClient } from "casper-js-sdk";
+import type { NetworkConfig } from "../config.js";
+import type { Reputation, Agent, TrustResult } from "../types.js";
+export interface TrustClient {
+    rpc: RpcClient;
+    cfg: NetworkConfig;
+}
+export declare function getReputation(c: TrustClient, agentId: number): Promise<Reputation>;
+export declare function getAgent(c: TrustClient, agentId: number): Promise<Agent | null>;
+export declare function checkTrust(c: TrustClient, agentId: number, opts?: {
+    minScore?: bigint;
+}): Promise<TrustResult>;

package/dist/trust/index.js

@@ -0,0 +1,36 @@
+import { resolvePackage } from "../rpc/resolve.js";
+import { readOdraValue } from "../odra/read.js";
+import { mapKeyU32 } from "../odra/keys.js";
+import { decodeReputation, decodeAgent } from "./decode.js";
+const ZERO_REP = {
+    jobsCompleted: 0n,
+    totalVolume: 0n,
+    distinctClients: 0,
+    scoreBps: 0n,
+    grantedOutBps: 0n,
+};
+export async function getReputation(c, agentId) {
+    const { contractHash } = await resolvePackage(c.rpc, c.cfg.packages.reputation);
+    const p = await readOdraValue(c.rpc, contractHash, mapKeyU32(c.cfg.fields.reputation.reps, agentId));
+    return p ? decodeReputation(p) : ZERO_REP; // absent = never settled = zero (mirror on-chain default)
+}
+export async function getAgent(c, agentId) {
+    const { contractHash } = await resolvePackage(c.rpc, c.cfg.packages.identity);
+    const p = await readOdraValue(c.rpc, contractHash, mapKeyU32(c.cfg.fields.identity.agents, agentId));
+    return p ? decodeAgent(p) : null; // absent = agent does not exist
+}
+export async function checkTrust(c, agentId, opts = {}) {
+    const [agent, rep] = await Promise.all([getAgent(c, agentId), getReputation(c, agentId)]);
+    const exists = agent !== null;
+    const min = opts.minScore ?? 0n;
+    const trusted = exists && agent.status === "Active" && rep.scoreBps >= min;
+    return {
+        agentId,
+        exists,
+        trusted,
+        score: rep.scoreBps,
+        jobsCompleted: rep.jobsCompleted,
+        status: agent?.status ?? "None",
+        bond: agent?.bond ?? 0n,
+    };
+}

package/dist/types.d.ts

@@ -0,0 +1,23 @@
+export interface Reputation {
+    jobsCompleted: bigint;
+    totalVolume: bigint;
+    distinctClients: number;
+    scoreBps: bigint;
+    grantedOutBps: bigint;
+}
+export interface Agent {
+    owner: string;
+    wallet: string;
+    agentUri: string;
+    bond: bigint;
+    status: "Active" | "Slashed" | "Withdrawn";
+}
+export interface TrustResult {
+    agentId: number;
+    exists: boolean;
+    trusted: boolean;
+    score: bigint;
+    jobsCompleted: bigint;
+    status: Agent["status"] | "None";
+    bond: bigint;
+}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/dist/x402/index.d.ts

@@ -0,0 +1,64 @@
+import type { TrustClient } from "../trust/index.js";
+export declare class TrustGateError extends Error {
+    readonly agentId: number;
+    readonly score: bigint;
+    readonly minScore: bigint;
+    constructor(agentId: number, score: bigint, minScore: bigint);
+}
+type CheckFn = (agentId: number, opts: {
+    minScore?: bigint;
+}) => Promise<{
+    trusted: boolean;
+    score: bigint;
+}>;
+/**
+ * Pure gate: throws TrustGateError if a provider is below threshold.
+ * No-op when minScore or providerAgentId is undefined.
+ */
+export declare function gateByTrust(check: CheckFn, providerAgentId?: number, minScore?: bigint): Promise<void>;
+export interface PayRequest {
+    url: string;
+    providerAgentId?: number;
+    minScore?: bigint;
+    init?: RequestInit;
+}
+/**
+ * The x402 client signer shape produced by createClientCasperSigner /
+ * toClientCasperSigner from @make-software/casper-x402.
+ * The package does not export a named interface type — this mirrors the
+ * return type of toClientCasperSigner() exactly.
+ */
+export interface CasperClientSigner {
+    accountAddress(): string;
+    publicKey(): string;
+    signEIP712(digest: Uint8Array): Promise<Uint8Array>;
+}
+/**
+ * Extended TrustClient that carries an x402 client signer.
+ *
+ * Delegation: pay() builds an x402Client (from @x402/core) registered with
+ * ExactCasperScheme and delegates the 402-handshake to wrapFetchWithPayment
+ * from @x402/fetch.  That wrapper owns the retry loop and sets the
+ * PAYMENT-SIGNATURE header (x402 v2 wire contract — v1 used X-PAYMENT).
+ */
+export interface X402TrustClient extends TrustClient {
+    signer: CasperClientSigner;
+    /** CAIP-2 network override; defaults to NETWORK_CASPER_TESTNET ("casper:casper-test") */
+    network?: string;
+}
+/**
+ * Trust-gated x402 v2 payment wrapper.
+ *
+ * 1. Gates on the provider's on-chain trust score (throws TrustGateError if below minScore).
+ * 2. Delegates the 402-handshake to wrapFetchWithPayment (@x402/fetch), which:
+ *    - Detects the 402 response
+ *    - Calls x402Client.createPaymentPayload (dispatches to ExactCasperScheme)
+ *    - Retries with PAYMENT-SIGNATURE header (x402 v2 wire name; v1 was X-PAYMENT)
+ *    - Uses amount field from paymentRequirements (x402 v2 — not maxAmountRequired)
+ *
+ * Integration note: live facilitator not exercised here; the 402-loop is
+ * verified at the unit level via the gating tests. The handshake will be
+ * exercised end-to-end in the dashboard/demo task.
+ */
+export declare function pay(c: X402TrustClient, req: PayRequest): Promise<Response>;
+export {};

package/dist/x402/index.js

@@ -0,0 +1,61 @@
+import { checkTrust } from "../trust/index.js";
+import { ExactCasperScheme, NETWORK_CASPER_TESTNET } from "@make-software/casper-x402";
+import { wrapFetchWithPayment } from "@x402/fetch";
+import { x402Client } from "@x402/core/client";
+// ---------------------------------------------------------------------------
+// Trust gate
+// ---------------------------------------------------------------------------
+export class TrustGateError extends Error {
+    agentId;
+    score;
+    minScore;
+    constructor(agentId, score, minScore) {
+        super(`agent ${agentId} score ${score} < required ${minScore}`);
+        this.agentId = agentId;
+        this.score = score;
+        this.minScore = minScore;
+        this.name = "TrustGateError";
+    }
+}
+/**
+ * Pure gate: throws TrustGateError if a provider is below threshold.
+ * No-op when minScore or providerAgentId is undefined.
+ */
+export async function gateByTrust(check, providerAgentId, minScore) {
+    if (minScore === undefined || providerAgentId === undefined)
+        return;
+    const r = await check(providerAgentId, { minScore });
+    if (!r.trusted)
+        throw new TrustGateError(providerAgentId, r.score, minScore);
+}
+// ---------------------------------------------------------------------------
+// pay() — trust-gated x402 payment
+// ---------------------------------------------------------------------------
+/**
+ * Trust-gated x402 v2 payment wrapper.
+ *
+ * 1. Gates on the provider's on-chain trust score (throws TrustGateError if below minScore).
+ * 2. Delegates the 402-handshake to wrapFetchWithPayment (@x402/fetch), which:
+ *    - Detects the 402 response
+ *    - Calls x402Client.createPaymentPayload (dispatches to ExactCasperScheme)
+ *    - Retries with PAYMENT-SIGNATURE header (x402 v2 wire name; v1 was X-PAYMENT)
+ *    - Uses amount field from paymentRequirements (x402 v2 — not maxAmountRequired)
+ *
+ * Integration note: live facilitator not exercised here; the 402-loop is
+ * verified at the unit level via the gating tests. The handshake will be
+ * exercised end-to-end in the dashboard/demo task.
+ */
+export async function pay(c, req) {
+    if (!c.signer)
+        throw new Error("pay() requires a signer-bearing client; build it as { ...createTrustClient(overrides), signer }");
+    // Step 1: gate
+    await gateByTrust((id, o) => checkTrust(c, id, o), req.providerAgentId, req.minScore);
+    // Step 2: build x402Client with ExactCasperScheme and delegate the 402-loop
+    // x402 v2 wire: amount (not maxAmountRequired), PAYMENT-SIGNATURE header
+    // Network defaults to casper:casper-test per research §2 (CAIP-2 identifier)
+    const network = c.network ?? NETWORK_CASPER_TESTNET;
+    const client = new x402Client();
+    client.register(network, new ExactCasperScheme(c.signer));
+    const paymentFetch = wrapFetchWithPayment(fetch, client);
+    return paymentFetch(req.url, req.init);
+}

package/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "casper-trust",
+  "version": "0.1.0",
+  "description": "The settled-payment trust layer for Casper agents — read reputation in one line, gate x402 payments on it.",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "keywords": [
+    "casper",
+    "x402",
+    "ai-agents",
+    "agent-trust",
+    "reputation",
+    "erc-8004",
+    "escrow",
+    "web3",
+    "blockchain"
+  ],
+  "author": "Ebubekir Erdem",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Bekirerdem/casper-trust-layer.git",
+    "directory": "sdk"
+  },
+  "homepage": "https://github.com/Bekirerdem/casper-trust-layer#readme",
+  "bugs": {
+    "url": "https://github.com/Bekirerdem/casper-trust-layer/issues"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "test": "vitest run",
+    "test:live": "CASPER_LIVE=1 vitest run"
+  },
+  "license": "MIT",
+  "dependencies": {
+    "@make-software/casper-x402": "^0.1.0",
+    "@x402/fetch": "^2.15.0",
+    "blakejs": "^1.2.1",
+    "casper-js-sdk": "5.0.12"
+  },
+  "devDependencies": {
+    "@types/node": "^25.9.3",
+    "dotenv": "^16.4.0",
+    "typescript": "^5.5.0",
+    "vitest": "^2.0.0"
+  }
+}