mythos-sentinel 0.1.0

package/src/core/telemetry.js

@@ -0,0 +1,214 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { ensureDir, exists } from './fs.js';
+import { normalizeDomain, domainMatches } from './policy.js';
+import { seedX402Services } from './routescore.js';
+
+export const TELEMETRY_VERSION = '0.10';
+export const DEFAULT_TELEMETRY_DIR = '.mythos/telemetry';
+export const DEFAULT_EVENTS_FILE = 'events.jsonl';
+
+export function telemetryEnabled(policy = {}) {
+  return Boolean(policy?.routeScore?.telemetry?.enabled || policy?.telemetry?.enabled);
+}
+
+export function telemetryPrivacy(policy = {}) {
+  const configured = policy?.routeScore?.telemetry || policy?.telemetry || {};
+  return {
+    enabled: telemetryEnabled(policy),
+    anonymous: configured.anonymous !== false,
+    localOnly: configured.localOnly !== false,
+    collectPrompts: false,
+    collectResponses: false,
+    collectWalletBalances: false,
+    storePath: configured.storePath || `${DEFAULT_TELEMETRY_DIR}/${DEFAULT_EVENTS_FILE}`,
+    note: 'Local opt-in telemetry stores only sanitized endpoint reliability metadata. Prompts, responses, secrets, private files, and wallet balances are never collected.'
+  };
+}
+
+export function telemetryPath(rootDir = process.cwd(), policy = {}) {
+  const configured = policy?.routeScore?.telemetry?.storePath || policy?.telemetry?.storePath || `${DEFAULT_TELEMETRY_DIR}/${DEFAULT_EVENTS_FILE}`;
+  return path.isAbsolute(configured) ? configured : path.join(rootDir, configured);
+}
+
+export async function setTelemetryEnabled({ rootDir = process.cwd(), policy, enabled }) {
+  if (!policy || typeof policy !== 'object') throw new Error('Policy object is required.');
+  policy.routeScore ||= {};
+  policy.routeScore.telemetry ||= {};
+  policy.routeScore.telemetry.enabled = Boolean(enabled);
+  policy.routeScore.telemetry.anonymous = true;
+  policy.routeScore.telemetry.localOnly = true;
+  policy.routeScore.telemetry.collectPrompts = false;
+  policy.routeScore.telemetry.collectResponses = false;
+  policy.routeScore.telemetry.collectWalletBalances = false;
+  policy.routeScore.telemetry.storePath ||= `${DEFAULT_TELEMETRY_DIR}/${DEFAULT_EVENTS_FILE}`;
+  if (enabled) await ensureDir(path.dirname(telemetryPath(rootDir, policy)));
+  return policy;
+}
+
+export async function appendTelemetryEvent({ rootDir = process.cwd(), policy = {}, event = {} } = {}) {
+  if (!telemetryEnabled(policy)) {
+    return { ok: true, stored: false, reason: 'telemetry_disabled', privacy: telemetryPrivacy(policy) };
+  }
+
+  const sanitized = sanitizeTelemetryEvent(event);
+  const file = telemetryPath(rootDir, policy);
+  await ensureDir(path.dirname(file));
+  await fs.appendFile(file, `${JSON.stringify(sanitized)}\n`, 'utf8');
+  return { ok: true, stored: true, path: file, event: sanitized, privacy: telemetryPrivacy(policy) };
+}
+
+export async function readTelemetryEvents({ rootDir = process.cwd(), policy = {}, limit = 1000 } = {}) {
+  const file = telemetryPath(rootDir, policy);
+  if (!(await exists(file))) return [];
+  const raw = await fs.readFile(file, 'utf8');
+  const lines = raw.split(/\r?\n/).filter(Boolean);
+  const selected = Number.isFinite(Number(limit)) && Number(limit) > 0 ? lines.slice(-Number(limit)) : lines;
+  const events = [];
+  for (const line of selected) {
+    try { events.push(JSON.parse(line)); } catch { /* ignore malformed local telemetry line */ }
+  }
+  return events;
+}
+
+export async function telemetrySummary({ rootDir = process.cwd(), policy = {}, services = seedX402Services, limit = 5000 } = {}) {
+  const events = await readTelemetryEvents({ rootDir, policy, limit });
+  return summarizeTelemetryEvents(events, services);
+}
+
+export function summarizeTelemetryEvents(events = [], services = seedX402Services) {
+  const byKey = new Map();
+  for (const event of events) {
+    const key = event.serviceId || serviceIdForDomain(event.domain, services) || event.domain || 'unknown';
+    if (!byKey.has(key)) byKey.set(key, emptyAggregate(key));
+    const aggregate = byKey.get(key);
+    aggregate.samples += 1;
+    aggregate.successes += event.ok === true ? 1 : 0;
+    aggregate.failures += event.ok === false ? 1 : 0;
+    aggregate.schemaOk += event.schemaOk === true ? 1 : 0;
+    aggregate.schemaSamples += event.schemaOk === null || event.schemaOk === undefined ? 0 : 1;
+    aggregate.priceMatched += event.priceMatchedQuote === false ? 0 : 1;
+    aggregate.priceSamples += event.priceMatchedQuote === null || event.priceMatchedQuote === undefined ? 0 : 1;
+    aggregate.totalAmountUSDC += Number.isFinite(Number(event.amountUSDC)) ? Number(event.amountUSDC) : 0;
+    if (Number.isFinite(Number(event.latencyMs))) aggregate.latencies.push(Number(event.latencyMs));
+    if (event.domain && !aggregate.domains.includes(event.domain)) aggregate.domains.push(event.domain);
+    if (event.category && !aggregate.categories.includes(event.category)) aggregate.categories.push(event.category);
+    if (event.observedAt) aggregate.lastObservedAt = maxIso(aggregate.lastObservedAt, event.observedAt);
+    if (event.ok === false) {
+      aggregate.recentFailureCount += 1;
+      if (event.errorType) aggregate.errorTypes[event.errorType] = (aggregate.errorTypes[event.errorType] || 0) + 1;
+    }
+  }
+
+  const aggregates = [...byKey.values()].map(finalizeAggregate);
+  const telemetry = {};
+  for (const aggregate of aggregates) {
+    telemetry[aggregate.serviceId || aggregate.key] = {
+      successRate: aggregate.successRate,
+      schemaSuccessRate: aggregate.schemaSuccessRate,
+      medianLatencyMs: aggregate.medianLatencyMs,
+      samples: aggregate.samples,
+      recentFailureCount: aggregate.recentFailureCount,
+      priceMatchedQuote: aggregate.priceMatchedQuote,
+      lastObservedAt: aggregate.lastObservedAt,
+      amountUSDC: aggregate.totalAmountUSDC
+    };
+  }
+
+  return {
+    ok: true,
+    eventCount: events.length,
+    generatedAt: new Date().toISOString(),
+    aggregates,
+    telemetry,
+    privacy: {
+      anonymous: true,
+      localOnly: true,
+      excludes: ['prompts', 'responses', 'secrets', 'private file contents', 'wallet balances']
+    }
+  };
+}
+
+export function sanitizeTelemetryEvent(event = {}) {
+  const domain = normalizeDomain(event.domain || domainFromUrl(event.endpoint) || domainFromUrl(event.url) || 'unknown.local');
+  const serviceId = event.serviceId || serviceIdForDomain(domain, seedX402Services) || null;
+  return {
+    version: TELEMETRY_VERSION,
+    source: String(event.source || 'runtime').slice(0, 64),
+    mode: String(event.mode || 'local').slice(0, 64),
+    serviceId,
+    domain,
+    category: event.category ? String(event.category).slice(0, 64) : null,
+    upstream: event.upstream ? String(event.upstream).slice(0, 128) : null,
+    tool: event.tool ? String(event.tool).slice(0, 128) : null,
+    decision: event.decision ? String(event.decision).slice(0, 64) : null,
+    ok: event.ok === undefined ? null : Boolean(event.ok),
+    latencyMs: Number.isFinite(Number(event.latencyMs)) ? Math.max(0, Math.round(Number(event.latencyMs))) : null,
+    amountUSDC: Number.isFinite(Number(event.amountUSDC)) ? Math.max(0, Number(event.amountUSDC)) : 0,
+    schemaOk: event.schemaOk === undefined ? null : Boolean(event.schemaOk),
+    priceMatchedQuote: event.priceMatchedQuote === undefined ? null : Boolean(event.priceMatchedQuote),
+    errorType: event.errorType ? String(event.errorType).slice(0, 96) : null,
+    observedAt: event.observedAt || new Date().toISOString(),
+    privacy: 'sanitized endpoint metadata only; no prompts/responses/secrets/wallet balances'
+  };
+}
+
+export function serviceIdForDomain(domain, services = seedX402Services) {
+  const normalized = normalizeDomain(domain);
+  const match = services.find((service) => domainMatches(normalized, service.domain));
+  return match?.id || null;
+}
+
+function emptyAggregate(key) {
+  return {
+    key,
+    serviceId: key,
+    domains: [],
+    categories: [],
+    samples: 0,
+    successes: 0,
+    failures: 0,
+    schemaOk: 0,
+    schemaSamples: 0,
+    priceMatched: 0,
+    priceSamples: 0,
+    totalAmountUSDC: 0,
+    latencies: [],
+    recentFailureCount: 0,
+    errorTypes: {},
+    lastObservedAt: null
+  };
+}
+
+function finalizeAggregate(aggregate) {
+  const medianLatencyMs = median(aggregate.latencies);
+  const successRate = aggregate.samples ? aggregate.successes / aggregate.samples : 0;
+  const schemaSuccessRate = aggregate.schemaSamples ? aggregate.schemaOk / aggregate.schemaSamples : 1;
+  const priceMatchedQuote = aggregate.priceSamples ? aggregate.priceMatched / aggregate.priceSamples >= 0.95 : true;
+  return {
+    ...aggregate,
+    successRate,
+    schemaSuccessRate,
+    priceMatchedQuote,
+    medianLatencyMs,
+    averageAmountUSDC: aggregate.samples ? aggregate.totalAmountUSDC / aggregate.samples : 0,
+    errorTypes: aggregate.errorTypes
+  };
+}
+
+function median(values) {
+  if (!values.length) return null;
+  const sorted = [...values].sort((a, b) => a - b);
+  const mid = Math.floor(sorted.length / 2);
+  return sorted.length % 2 ? sorted[mid] : Math.round((sorted[mid - 1] + sorted[mid]) / 2);
+}
+
+function maxIso(a, b) {
+  if (!a) return b;
+  return new Date(a).getTime() >= new Date(b).getTime() ? a : b;
+}
+
+function domainFromUrl(value) {
+  if (!value || typeof value !== 'string') return null;
+  try { return new URL(value).hostname; } catch { return null; }
+}

package/src/core/x402-receipts.js

@@ -0,0 +1,303 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import crypto from 'node:crypto';
+import { ensureDir, exists } from './fs.js';
+import { normalizeDomain } from './policy.js';
+import { appendTelemetryEvent } from './telemetry.js';
+
+export const X402_RECEIPTS_VERSION = '0.10';
+export const DEFAULT_X402_RECEIPTS_DIR = '.mythos/x402';
+export const DEFAULT_X402_RECEIPTS_FILE = 'receipts.jsonl';
+
+const HEADER_KEYS = [
+  'x-payment-response',
+  'x-payment',
+  'x402-receipt',
+  'x402-payment-response',
+  'payment-response',
+  'payment'
+];
+
+export function x402ReceiptsPath(rootDir = process.cwd()) {
+  return path.join(rootDir, DEFAULT_X402_RECEIPTS_DIR, DEFAULT_X402_RECEIPTS_FILE);
+}
+
+export async function ingestX402Receipt(input, { rootDir = process.cwd(), policy = {}, source = 'manual', store = true } = {}) {
+  const receipt = normalizeX402Receipt(input, { source });
+  if (store) {
+    const file = x402ReceiptsPath(rootDir);
+    await ensureDir(path.dirname(file));
+    await fs.appendFile(file, `${JSON.stringify(receipt)}\n`, 'utf8');
+    receipt.storePath = file;
+  }
+
+  const telemetry = await appendTelemetryEvent({
+    rootDir,
+    policy,
+    event: receiptToTelemetryEvent(receipt)
+  });
+
+  return {
+    ok: true,
+    stored: Boolean(store),
+    receipt,
+    telemetry: { stored: telemetry.stored, reason: telemetry.reason || null }
+  };
+}
+
+export async function ingestX402ReceiptFile(filePath, { rootDir = process.cwd(), policy = {}, source = 'file' } = {}) {
+  const raw = await fs.readFile(path.resolve(rootDir, filePath), 'utf8');
+  return ingestX402Receipt(parseReceiptInput(raw), { rootDir, policy, source });
+}
+
+export async function readX402Receipts({ rootDir = process.cwd(), limit = 500 } = {}) {
+  const file = x402ReceiptsPath(rootDir);
+  if (!(await exists(file))) return [];
+  const raw = await fs.readFile(file, 'utf8');
+  const lines = raw.split(/\r?\n/).filter(Boolean);
+  const selected = Number.isFinite(Number(limit)) && Number(limit) > 0 ? lines.slice(-Number(limit)) : lines;
+  const receipts = [];
+  for (const line of selected) {
+    try { receipts.push(JSON.parse(line)); } catch { /* ignore malformed local receipt line */ }
+  }
+  return receipts;
+}
+
+export async function summarizeX402Receipts({ rootDir = process.cwd(), limit = 5000 } = {}) {
+  return summarizeReceiptList(await readX402Receipts({ rootDir, limit }));
+}
+
+export function summarizeReceiptList(receipts = []) {
+  const byDomain = new Map();
+  let settled = 0;
+  let failed = 0;
+  let pending = 0;
+  let totalAmountUSDC = 0;
+
+  for (const receipt of receipts) {
+    const domain = receipt.domain || 'unknown.local';
+    if (!byDomain.has(domain)) byDomain.set(domain, { domain, count: 0, settled: 0, failed: 0, pending: 0, totalAmountUSDC: 0, networks: new Set(), assets: new Set(), lastObservedAt: null });
+    const item = byDomain.get(domain);
+    item.count += 1;
+    item.totalAmountUSDC += Number(receipt.amountUSDC || 0);
+    item.networks.add(receipt.network || 'unknown');
+    item.assets.add(receipt.asset || 'unknown');
+    item.lastObservedAt = maxIso(item.lastObservedAt, receipt.observedAt);
+    totalAmountUSDC += Number(receipt.amountUSDC || 0);
+    if (receipt.settlementStatus === 'settled') { settled += 1; item.settled += 1; }
+    else if (receipt.settlementStatus === 'failed') { failed += 1; item.failed += 1; }
+    else { pending += 1; item.pending += 1; }
+  }
+
+  return {
+    ok: true,
+    receiptCount: receipts.length,
+    settled,
+    failed,
+    pending,
+    totalAmountUSDC,
+    generatedAt: new Date().toISOString(),
+    domains: [...byDomain.values()].map((item) => ({
+      ...item,
+      totalAmountUSDC: Number(item.totalAmountUSDC.toFixed(8)),
+      networks: [...item.networks],
+      assets: [...item.assets]
+    })).sort((a, b) => b.count - a.count || a.domain.localeCompare(b.domain)),
+    privacy: {
+      localOnly: true,
+      excludes: ['prompts', 'responses', 'private request bodies', 'secrets', 'private keys', 'wallet balances']
+    }
+  };
+}
+
+export function normalizeX402Receipt(input, { source = 'manual' } = {}) {
+  const payload = parseReceiptInput(input);
+  const extracted = extractReceiptPayload(payload);
+  const endpoint = firstString(
+    extracted.endpoint,
+    extracted.resource,
+    extracted.url,
+    extracted.target,
+    extracted.request?.url,
+    extracted.response?.url,
+    extracted.payment?.resource,
+    extracted.x402?.resource
+  );
+  const domain = normalizeDomain(firstString(extracted.domain, domainFromUrl(endpoint), extracted.host, extracted.hostname, extracted.service?.domain));
+  const amountUSDC = normalizeAmountUSDC(extracted);
+  const settlementStatus = normalizeSettlementStatus(extracted);
+  const receipt = {
+    version: X402_RECEIPTS_VERSION,
+    receiptId: '',
+    source,
+    domain: domain || 'unknown.local',
+    endpoint: endpoint || null,
+    resource: firstString(extracted.resource, extracted.payment?.resource, endpoint),
+    amountUSDC,
+    asset: firstString(extracted.asset, extracted.token, extracted.currency, extracted.payment?.asset, extracted.accepts?.[0]?.asset, 'USDC'),
+    network: normalizeNetwork(firstString(extracted.network, extracted.chain, extracted.chainId, extracted.payment?.network, extracted.accepts?.[0]?.network, 'base')),
+    payer: sanitizeAddress(firstString(extracted.payer, extracted.from, extracted.account, extracted.wallet, extracted.payment?.from)),
+    payTo: sanitizeAddress(firstString(extracted.payTo, extracted.to, extracted.receiver, extracted.recipient, extracted.payment?.to)),
+    facilitator: firstString(extracted.facilitator, extracted.facilitatorUrl, extracted.x402?.facilitator) || null,
+    transactionHash: firstString(extracted.transactionHash, extracted.txHash, extracted.tx, extracted.hash, extracted.settlement?.txHash, extracted.payment?.txHash) || null,
+    settlementStatus,
+    settled: settlementStatus === 'settled',
+    settledAt: firstString(extracted.settledAt, extracted.completedAt, extracted.settlement?.settledAt) || null,
+    scheme: firstString(extracted.scheme, extracted.payment?.scheme, 'x402') || 'x402',
+    paymentVersion: firstString(extracted.x402Version, extracted.paymentVersion, extracted.version) || null,
+    latencyMs: numberOrNull(extracted.latencyMs, extracted.durationMs, extracted.timing?.latencyMs),
+    observedAt: firstString(extracted.observedAt, extracted.timestamp, extracted.createdAt, new Date().toISOString()),
+    metadata: sanitizeMetadata(extracted)
+  };
+  receipt.receiptId = receiptId(receipt);
+  return receipt;
+}
+
+export function parseReceiptInput(input) {
+  if (input === undefined || input === null || input === '') return {};
+  if (typeof input === 'object' && !Buffer.isBuffer(input)) return input;
+  const raw = Buffer.isBuffer(input) ? input.toString('utf8') : String(input).trim();
+  if (!raw) return {};
+  try { return JSON.parse(raw); } catch { /* continue */ }
+  const decoded = tryDecodePaymentBlob(raw);
+  if (decoded) return decoded;
+  return { raw };
+}
+
+export function extractReceiptFromHeaders(headers = {}) {
+  const normalized = {};
+  if (headers instanceof Headers) {
+    for (const [key, value] of headers.entries()) normalized[key.toLowerCase()] = value;
+  } else {
+    for (const [key, value] of Object.entries(headers || {})) normalized[String(key).toLowerCase()] = Array.isArray(value) ? value[0] : value;
+  }
+  for (const key of HEADER_KEYS) {
+    if (!normalized[key]) continue;
+    return parseReceiptInput(normalized[key]);
+  }
+  return null;
+}
+
+export function receiptToTelemetryEvent(receipt = {}) {
+  return {
+    source: 'x402_receipt',
+    mode: 'receipt_ingestion',
+    domain: receipt.domain,
+    endpoint: receipt.endpoint,
+    decision: receipt.settlementStatus,
+    ok: receipt.settlementStatus === 'settled' ? true : receipt.settlementStatus === 'failed' ? false : null,
+    latencyMs: receipt.latencyMs,
+    amountUSDC: receipt.amountUSDC,
+    schemaOk: true,
+    priceMatchedQuote: true,
+    errorType: receipt.settlementStatus === 'failed' ? 'x402_settlement_failed' : null,
+    observedAt: receipt.observedAt
+  };
+}
+
+function extractReceiptPayload(payload) {
+  if (payload?.headers) {
+    const headerPayload = extractReceiptFromHeaders(payload.headers);
+    if (headerPayload) return { ...payload, ...headerPayload };
+  }
+  if (payload?.receipt) return { ...payload, ...payload.receipt };
+  if (payload?.paymentReceipt) return { ...payload, ...payload.paymentReceipt };
+  if (payload?.paymentResponse) return { ...payload, ...parseReceiptInput(payload.paymentResponse) };
+  if (payload?.raw) {
+    const decoded = tryDecodePaymentBlob(payload.raw);
+    if (decoded) return { ...payload, ...decoded };
+  }
+  return payload || {};
+}
+
+function tryDecodePaymentBlob(value) {
+  const raw = String(value || '').trim();
+  const candidates = [raw];
+  if (/^[A-Za-z0-9+/=_-]+$/.test(raw) && raw.length > 12) {
+    candidates.push(Buffer.from(raw.replace(/-/g, '+').replace(/_/g, '/'), 'base64').toString('utf8'));
+  }
+  for (const candidate of candidates) {
+    try {
+      const parsed = JSON.parse(candidate);
+      if (parsed && typeof parsed === 'object') return parsed;
+    } catch { /* ignore */ }
+  }
+  return null;
+}
+
+function normalizeAmountUSDC(payload = {}) {
+  const amount = firstNumber(payload.amountUSDC, payload.amountUsd, payload.usdc, payload.priceUSDC, payload.price, payload.amount, payload.payment?.amount, payload.settlement?.amount, payload.accepts?.[0]?.amount);
+  if (amount === null) return 0;
+  const asset = String(firstString(payload.asset, payload.token, payload.currency, payload.accepts?.[0]?.asset, 'USDC')).toLowerCase();
+  if (amount >= 1000 && /usdc|usd/.test(asset)) return Number((amount / 1_000_000).toFixed(8));
+  return Number(amount.toFixed ? amount.toFixed(8) : Number(amount).toFixed(8));
+}
+
+function normalizeSettlementStatus(payload = {}) {
+  const raw = String(firstString(payload.settlementStatus, payload.status, payload.state, payload.payment?.status, payload.settlement?.status) || '').toLowerCase();
+  if (payload.settled === true || payload.success === true || ['settled', 'success', 'succeeded', 'paid', 'confirmed', 'complete', 'completed'].includes(raw)) return 'settled';
+  if (payload.settled === false || payload.success === false || ['failed', 'reverted', 'declined', 'error'].includes(raw)) return 'failed';
+  if (['pending', 'submitted', 'processing'].includes(raw)) return 'pending';
+  return payload.transactionHash || payload.txHash || payload.hash ? 'settled' : 'unknown';
+}
+
+function sanitizeMetadata(payload = {}) {
+  const allowed = {};
+  const allowKeys = ['requestId', 'paymentId', 'chainId', 'type', 'method', 'statusCode', 'httpStatus', 'searchMethod'];
+  for (const key of allowKeys) {
+    if (payload[key] !== undefined) allowed[key] = payload[key];
+  }
+  return allowed;
+}
+
+function receiptId(receipt) {
+  const stable = [receipt.domain, receipt.endpoint, receipt.amountUSDC, receipt.asset, receipt.network, receipt.transactionHash, receipt.observedAt].join('|');
+  return `x402_${crypto.createHash('sha256').update(stable).digest('hex').slice(0, 24)}`;
+}
+
+function firstString(...values) {
+  for (const value of values) {
+    if (typeof value === 'string' && value.trim()) return value.trim();
+    if (typeof value === 'number' && Number.isFinite(value)) return String(value);
+  }
+  return null;
+}
+
+function firstNumber(...values) {
+  for (const value of values) {
+    if (value === undefined || value === null || value === '') continue;
+    const number = Number(value);
+    if (Number.isFinite(number)) return number;
+  }
+  return null;
+}
+
+function numberOrNull(...values) {
+  const number = firstNumber(...values);
+  return number === null ? null : Math.max(0, Math.round(number));
+}
+
+function sanitizeAddress(value) {
+  const raw = firstString(value);
+  if (!raw) return null;
+  if (/^0x[a-fA-F0-9]{40}$/.test(raw)) return raw;
+  return raw.slice(0, 96);
+}
+
+function domainFromUrl(value) {
+  if (!value || typeof value !== 'string') return null;
+  try { return new URL(value).hostname; } catch { return null; }
+}
+
+function normalizeNetwork(network) {
+  const raw = String(network || '').toLowerCase();
+  if (raw === 'eip155:8453' || raw === '8453') return 'base';
+  if (raw === 'eip155:84532' || raw === '84532') return 'base-sepolia';
+  if (raw === '1' || raw === 'eip155:1') return 'ethereum';
+  return raw || 'base';
+}
+
+function maxIso(a, b) {
+  if (!a) return b;
+  return new Date(a).getTime() >= new Date(b).getTime() ? a : b;
+}

package/src/index.js

@@ -0,0 +1,19 @@
+export { scanPath, scanText } from './scanner/scan.js';
+export {
+  loadPolicy,
+  defaultPolicy,
+  evaluateFindings,
+  checkPayment,
+  checkCommand,
+  checkFilesystemAccess,
+  checkNetwork
+} from './core/policy.js';
+export { createSnapshot, diffSnapshots } from './core/snapshot.js';
+export { createReceipt, verifyReceipt } from './core/receipt.js';
+export { executeFallbackRoute, fetchBazaarResources, fetchBazaarSearch, importServicesFile, listServiceCategories, loadRouteScoreServices, recommendService, routeService, saveCustomServices, seedX402Services, scoreService, serviceForDomain, passiveTelemetryEvent } from './core/routescore.js';
+export { appendTelemetryEvent, readTelemetryEvents, telemetrySummary, telemetryEnabled, telemetryPrivacy, setTelemetryEnabled } from './core/telemetry.js';
+export { runMcpServer, handleMessage } from './mcp/server.js';
+export { VERSION } from './version.js';
+export { runMcpProxy, McpProxy, evaluateToolCall, classifyToolCall } from './mcp/proxy.js';
+
+export { ingestX402Receipt, ingestX402ReceiptFile, normalizeX402Receipt, readX402Receipts, summarizeX402Receipts, receiptToTelemetryEvent } from './core/x402-receipts.js';