nightpay 0.1.1 → 0.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nightpay",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Anonymous community bounties for AI agents. Midnight ZK proofs + Masumi settlement + Cardano finality.",
   "keywords": [
     "bounties",

package/skills/nightpay/SKILL.md

@@ -1,17 +1,10 @@
 ---
 name: nightpay
-description: Anonymous community bounty board — many funders pool shielded NIGHT into bounties, AI agents complete the work via Masumi, ZK receipts prove completion without revealing who funded it.
+description: Anonymous community bounty board — post a bounty, fund privately, crowdfund with nightpay. Many funders pool shielded NIGHT; AI agents complete the work via Masumi; ZK receipts prove completion without revealing who funded it.
 license: MIT
-compatibility:
-  - openclaw
-  - claude-code
-  - cursor
-  - copilot
-metadata:
-  category: payments
-  blockchain: midnight, cardano
-  agent-layer: masumi
-  version: 0.1.0
+compatibility: "openclaw, claude-code, cursor, copilot"
+allowed-tools: Bash
+metadata: {"openclaw":{"requires":{"bins":["bash","curl","openssl","sqlite3","sha256sum"],"env":["MASUMI_API_KEY","OPERATOR_ADDRESS"]},"primaryEnv":"MASUMI_API_KEY","os":["darwin","linux"]},"category":"payments","blockchain":"midnight, cardano","agent-layer":"masumi","version":"0.1.2"}
 ---
 
 # nightpay

package/skills/nightpay/openclaw-fragment.json

@@ -1,38 +1,20 @@
 {
-  "$comment": "Merge into your openclaw.json under 'skills' to enable nightpay bounty board",
+  "$comment": "Merge this into your ~/.openclaw/openclaw.json under 'skills.entries' to enable the nightpay skill. OpenClaw discovers the skill automatically once it is installed into ./skills/nightpay — this fragment just supplies the required env vars.",
   "skills": {
-    "nightpay": {
-      "path": "./skills/nightpay",
-      "activation": ["bounty", "community bounty", "anonymous bounty", "crowdfund", "nightpay", "bounty board", "post a bounty", "fund this privately"],
-      "config": {
-        "midnightNetwork": "testnet",
-        "masumiPaymentUrl": "http://localhost:3001/api/v1",
-        "masumiRegistryUrl": "http://localhost:3000/api/v1",
-        "receiptContractAddress": null,
-        "operatorAddress": null,
-        "operatorFeeBps": 200,
-        "maxBountySpecks": 500000000,
-        "minBountySpecks": 1000,
-        "escrowTimeoutMinutes": 60,
-        "contentSafetyUrl": null,
-        "complaintFreezeThreshold": 3
-      },
-      "tools": {
-        "allow": ["curl", "openssl", "python3", "sha256sum", "sqlite3"],
-        "deny": ["browser", "file_edit"]
-      },
-      "env": [
-        "MASUMI_API_KEY",
-        "MIDNIGHT_NETWORK",
-        "OPERATOR_ADDRESS",
-        "OPERATOR_FEE_BPS",
-        "RECEIPT_CONTRACT_ADDRESS",
-        "OPERATOR_SECRET_KEY",
-        "CONTENT_SAFETY_URL",
-        "SAFETY_RULES_FILE",
-        "COMPLAINT_FREEZE_THRESHOLD",
-        "BOARD_DIR"
-      ]
+    "entries": {
+      "nightpay": {
+        "enabled": true,
+        "env": {
+          "MASUMI_API_KEY": "MASUMI_API_KEY",
+          "OPERATOR_ADDRESS": "OPERATOR_ADDRESS",
+          "MIDNIGHT_NETWORK": "MIDNIGHT_NETWORK",
+          "OPERATOR_FEE_BPS": "OPERATOR_FEE_BPS",
+          "RECEIPT_CONTRACT_ADDRESS": "RECEIPT_CONTRACT_ADDRESS",
+          "OPERATOR_SECRET_KEY": "OPERATOR_SECRET_KEY",
+          "CONTENT_SAFETY_URL": "CONTENT_SAFETY_URL",
+          "BRIDGE_URL": "BRIDGE_URL"
+        }
+      }
     }
   }
 }

package/skills/nightpay/rules/escrow-safety.md

@@ -117,6 +117,13 @@ These are attacks that pass all basic validation but exploit deeper system prope
 | **DNS rebinding SSRF** | Attacker controls DNS → startup URL check passes (public IP) → A-record flips to 169.254.169.254 → all curl calls hit cloud metadata | `_ssrf_safe_curl()` re-resolves and re-validates every hostname on every request, not just at startup |
 | **Shell word splitting** | `openssl rand` or `sha256sum` output contains whitespace → variable splits into multiple tokens → hash computation silently corrupted | `generate_nonce()` pipes through `tr -d '[:space:]'`; `domain_hash()` uses `printf` instead of `echo -n` and strips whitespace from output |
 | **reporter_hash rainbow table** | `sha256(username)` is reversible for low-entropy inputs → reporters de-anonymised | `sha256(REPORTER_PEPPER + ":" + reporter_id)` — server-side pepper makes preimage attacks infeasible |
+| **Fake work submission** | Anyone knowing a `job_id` calls `POST /provide_input/<id>` with fabricated results | `job_token = HMAC-SHA256("nightpay-job-token-v1:{job_id}", JOB_TOKEN_SECRET)` — only the agent that called `start_job` holds the token; 401/403 on missing/invalid token |
+| **Result-swap after commit** | Agent waits to see funder's expected output, then constructs a matching `work_nonce` to pass reveal check | `work_commit = sha256("nightpay-work-reveal-v1:{work}:{nonce}")` committed at `start_job` before work begins — SHA-256 preimage resistance makes post-hoc matching infeasible |
+| **Multisig double-counting** | One approver submits two signatures with different nonces → counted as two votes | `used_keys` set in verifier tracks which key index already matched — each entry in `APPROVER_KEYS` counts at most once regardless of how many valid blobs it signs |
+| **Stale approval replay** | Attacker captures a valid M-of-N approval blob and reuses it months later on a different job | Approval payload includes `job_id + output_hash + ts + nonce`; verifier rejects if `age > 86400s`; `job_id` binding makes blobs non-transferable |
+| **Clock skew abuse** | Approver pre-signs with a timestamp 25h in the future to extend the 24h expiry window | `age < -300s` check rejects approvals more than 5 minutes in the future |
+| **Optimistic double-complete** | `optimistic-sweep` cron and operator manually run `complete` concurrently on same job | Midnight nullifier set is canonical — second `completeAndReceipt` circuit call is rejected on-chain regardless of race condition off-chain |
+| **Job status filter injection** | `GET /jobs?status='; DROP TABLE jobs--` sent to MIP-003 server | `KNOWN_STATUSES` whitelist check before any DB query — unknown values return 400, never reach SQLite |
 | **Auto-freeze weaponisation** | Attacker creates N cheap reporter IDs → files N reports → any legitimate bounty silently frozen | Rate limit per reporter: max `REPORT_RATE_LIMIT` distinct bounties per `REPORT_WINDOW_HOURS`; freeze counts DISTINCT reporter hashes, not total complaint rows |
 | **Atomic write race (Windows)** | Two concurrent freeze events both write `.tmp` then `os.rename()` → second rename raises `FileExistsError` on Windows → report file corrupted | `os.replace()` instead of `os.rename()` — atomic on both POSIX and Windows; tmp file uses `secrets.token_hex(8)` suffix to prevent collision |
 

package/skills/nightpay/scripts/gateway.sh

@@ -13,14 +13,16 @@
 # Usage: ./gateway.sh <command> [args...]
 #
 # Commands:
-#   post-bounty     <job_description> <amount_night_specks>
-#   find-agent      <capability_query>
-#   hire-and-pay    <agent_id> <job_description> <commitment_hash>
-#   check-job       <job_id>
-#   complete        <job_id> <commitment_hash>
-#   refund          <job_id> <commitment_hash>
-#   withdraw-fees   [amount_specks]        # operator-only: requires OPERATOR_SECRET_KEY
-#   stats                                  # public contract stats
+#   post-bounty       <job_description> <amount_night_specks>
+#   find-agent        <capability_query>
+#   hire-and-pay      <agent_id> <job_description> <commitment_hash>
+#   check-job         <job_id>
+#   complete          <job_id> <commitment_hash> [--approvals sig1:ts1:nonce1,...]
+#   refund            <job_id> <commitment_hash>
+#   withdraw-fees     [amount_specks]         # operator-only: requires OPERATOR_SECRET_KEY
+#   stats                                     # public contract stats
+#   approve-multisig  <job_id> <output_hash> <approver_key>  # per-approver signature
+#   optimistic-sweep  [--dry-run]             # auto-complete expired optimistic windows
 
 set -euo pipefail
 
@@ -358,6 +360,16 @@ print(json.dumps({
   fi
 }
 
+# ─── Optimistic delivery & multisig env vars ──────────────────────────────────
+OPTIMISTIC_WINDOW_HOURS="${OPTIMISTIC_WINDOW_HOURS:-48}"
+MULTISIG_THRESHOLD_SPECKS="${MULTISIG_THRESHOLD_SPECKS:-1000000}"
+MULTISIG_M="${MULTISIG_M:-2}"
+MULTISIG_N="${MULTISIG_N:-3}"
+# APPROVER_KEYS: comma-separated HMAC secrets, one per approver
+# e.g. APPROVER_KEYS="key1secret,key2secret,key3secret"
+APPROVER_KEYS="${APPROVER_KEYS:-}"
+MIP003_PORT="${MIP003_PORT:-8090}"
+
 # ─── Commands ─────────────────────────────────────────────────────────────────
 
 case "$COMMAND" in
@@ -447,13 +459,129 @@ print(json.dumps({
     masumi_get "/purchases/$JOB_ID/status"
     ;;
 
+  approve-multisig)
+    # Each approver runs this with their own key.
+    # Collect M blobs and pass all sigs to: gateway.sh complete <id> <commit> --approvals sig1:ts1:nonce1,...
+    JOB_ID="${1:?Usage: approve-multisig <job_id> <output_hash> <approver_key>}"
+    OUTPUT_HASH="${2:?Usage: approve-multisig <job_id> <output_hash> <approver_key>}"
+    APPROVER_KEY="${3:?Usage: approve-multisig <job_id> <output_hash> <approver_key>}"
+
+    validate_job_id "$JOB_ID"
+    validate_commitment "$OUTPUT_HASH"  # reuse 64-hex validator
+
+    TS=$(date +%s)
+    NONCE=$(generate_nonce)
+    # SECURITY: timestamp + nonce in payload — each approval is unique, stale replays rejected by complete
+    SIG_PAYLOAD="${JOB_ID}:${OUTPUT_HASH}:${TS}:${NONCE}"
+    SIG=$(echo -n "$SIG_PAYLOAD" | openssl dgst -sha256 -hmac "$APPROVER_KEY" | awk '{print $2}')
+
+    python3 -c "
+import sys, json
+print(json.dumps({
+    'job_id':      sys.argv[1],
+    'output_hash': sys.argv[2],
+    'sig':         sys.argv[3],
+    'ts':          int(sys.argv[4]),
+    'nonce':       sys.argv[5],
+    'approval_blob': f'{sys.argv[3]}:{sys.argv[4]}:{sys.argv[5]}',
+    'note': 'Pass all collected approval_blobs to: gateway.sh complete <job_id> <commitment> --approvals blob1,blob2'
+}, indent=2))
+" "$JOB_ID" "$OUTPUT_HASH" "$SIG" "$TS" "$NONCE"
+    ;;
+
   complete)
-    JOB_ID="${1:?Usage: complete <job_id> <commitment_hash>}"
+    JOB_ID="${1:?Usage: complete <job_id> <commitment_hash> [--approvals sig1:ts1:nonce1,...]}"
     COMMITMENT="${2:?Usage: complete <job_id> <commitment_hash>}"
+    # Optional: $3 = "--approvals", $4 = comma-separated sig:ts:nonce blobs
+    APPROVALS_FLAG="${3:-}"
+    APPROVALS_RAW="${4:-}"
 
     validate_job_id "$JOB_ID"       # SECURITY: prevent path traversal
     validate_commitment "$COMMITMENT"
 
+    # ── Multisig verification (for high-value bounties) ────────────────────
+    # Query the MIP-003 server for job amount to decide if multisig required
+    JOB_AMOUNT=0
+    if command -v curl >/dev/null 2>&1; then
+      _JOB_INFO=$(curl -sf --max-time 5 "http://localhost:${MIP003_PORT}/status/${JOB_ID}" 2>/dev/null || echo '{}')
+      JOB_AMOUNT=$(echo "$_JOB_INFO" | python3 -c "
+import sys, json
+try:
+    d = json.load(sys.stdin)
+    print(d.get('amount_specks') or 0)
+except: print(0)
+" 2>/dev/null || echo 0)
+    fi
+
+    if (( JOB_AMOUNT >= MULTISIG_THRESHOLD_SPECKS )); then
+      if [[ -z "$APPROVALS_RAW" || "$APPROVALS_FLAG" != "--approvals" ]]; then
+        echo "ERROR: job amount ${JOB_AMOUNT} specks >= threshold ${MULTISIG_THRESHOLD_SPECKS}" >&2
+        echo "  Multisig required. Each approver runs:" >&2
+        echo "    gateway.sh approve-multisig $JOB_ID <output_hash> <approver_key>" >&2
+        echo "  Then collect M approval_blobs and run:" >&2
+        echo "    gateway.sh complete $JOB_ID $COMMITMENT --approvals blob1,blob2" >&2
+        exit 1
+      fi
+
+      # Verify M-of-N approvals using Python stdlib only (no new deps)
+      VERIFY_OK=$(python3 -c "
+import sys, json, hmac, hashlib, time
+
+job_id        = sys.argv[1]
+output_hash   = sys.argv[2]
+approvals_raw = sys.argv[3]
+approver_keys = [k for k in sys.argv[4].split(',') if k] if sys.argv[4] else []
+required_m    = int(sys.argv[5])
+max_age_secs  = 86400   # approvals expire after 24h — prevents replay attacks
+
+# Parse: each entry is sig:ts:nonce
+approvals = []
+for entry in approvals_raw.split(','):
+    parts = entry.split(':')
+    if len(parts) != 3:
+        print(f'ERROR: malformed approval blob (expected sig:ts:nonce): {entry}', file=sys.stderr)
+        sys.exit(1)
+    try:
+        approvals.append({'sig': parts[0], 'ts': int(parts[1]), 'nonce': parts[2]})
+    except ValueError:
+        print(f'ERROR: non-integer timestamp in approval: {entry}', file=sys.stderr)
+        sys.exit(1)
+
+now         = int(time.time())
+valid_count = 0
+used_keys   = set()   # SECURITY: each key index counts once — no double-counting
+
+for approval in approvals:
+    age = now - approval['ts']
+    if age > max_age_secs:
+        print(f'WARN: approval ts={approval[\"ts\"]} is too old (age={age}s > {max_age_secs}s)', file=sys.stderr)
+        continue
+    if age < -300:  # 5-min future clock skew tolerance
+        print(f'WARN: approval ts={approval[\"ts\"]} is too far in future (age={age}s)', file=sys.stderr)
+        continue
+
+    payload = f'{job_id}:{output_hash}:{approval[\"ts\"]}:{approval[\"nonce\"]}'
+    for i, key in enumerate(approver_keys):
+        if i in used_keys:
+            continue
+        expected = hmac.new(key.encode(), payload.encode(), hashlib.sha256).hexdigest()
+        if hmac.compare_digest(expected, approval['sig']):
+            used_keys.add(i)
+            valid_count += 1
+            break
+
+if valid_count >= required_m:
+    print(f'ok:{valid_count}')
+else:
+    print(f'ERROR: only {valid_count} valid approvals, need {required_m}', file=sys.stderr)
+    sys.exit(1)
+" "$JOB_ID" "$COMMITMENT" "$APPROVALS_RAW" "$APPROVER_KEYS" "$MULTISIG_M" 2>&1) || {
+        echo "SECURITY ERROR: multisig verification failed — $VERIFY_OK" >&2
+        exit 1
+      }
+      echo "  Multisig: $VERIFY_OK approvals verified" >&2
+    fi
+
     RESULT_DATA=$(masumi_get "/purchases/$JOB_ID/result")
 
     # SECURITY: canonical JSON (sorted keys, no whitespace) prevents hash
@@ -571,8 +699,80 @@ print(json.dumps({
 " "$RECEIPT_CONTRACT" "$MIDNIGHT_NETWORK"
     ;;
 
+  optimistic-sweep)
+    # Scan for jobs whose optimistic window has expired and auto-complete them.
+    # Run on a cron: */30 * * * * bash gateway.sh optimistic-sweep
+    # Dry-run: gateway.sh optimistic-sweep --dry-run
+    DRY_RUN=0
+    [[ "${1:-}" == "--dry-run" ]] && DRY_RUN=1
+
+    MIP003_URL="http://localhost:${MIP003_PORT}"
+    echo "Scanning for auto-approvable jobs (window=${OPTIMISTIC_WINDOW_HOURS}h, url=${MIP003_URL})..." >&2
+
+    # Fetch jobs in awaiting_approval state
+    JOBS_JSON=$(curl -sf --max-time 10 "${MIP003_URL}/jobs?status=awaiting_approval" 2>/dev/null || echo '{"jobs":[]}')
+
+    # Filter for expired windows and auto-complete each
+    python3 -c "
+import sys, json, subprocess, os
+from datetime import datetime, timezone
+
+jobs_json  = sys.argv[1]
+gateway    = sys.argv[2]
+dry_run    = sys.argv[3] == '1'
+env        = os.environ.copy()
+
+try:
+    data = json.loads(jobs_json)
+except Exception as e:
+    print(f'ERROR: could not parse /jobs response: {e}', file=sys.stderr)
+    sys.exit(1)
+
+now    = datetime.now(timezone.utc).isoformat()
+jobs   = data.get('jobs', [])
+done   = 0
+errors = 0
+
+for job in jobs:
+    jid         = job.get('job_id', '')
+    approved_at = job.get('approved_at')
+    input_data  = job.get('input_data') or {}
+
+    if not approved_at or approved_at > now:
+        continue   # window not yet expired
+
+    # Extract commitmentHash from input_data (set by hire-and-pay)
+    if isinstance(input_data, str):
+        try: input_data = json.loads(input_data)
+        except: input_data = {}
+    commit = input_data.get('commitmentHash', '')
+
+    if not commit:
+        print(f'SKIP {jid}: no commitmentHash in input_data')
+        errors += 1
+        continue
+
+    if dry_run:
+        print(f'DRY-RUN: would complete job_id={jid} commitment={commit[:16]}...')
+        done += 1
+    else:
+        result = subprocess.run(
+            ['/usr/bin/env', 'bash', gateway, 'complete', jid, commit],
+            env=env, capture_output=True, text=True
+        )
+        if result.returncode == 0:
+            print(f'AUTO-COMPLETE OK: {jid}')
+            done += 1
+        else:
+            print(f'AUTO-COMPLETE FAILED: {jid} — {result.stderr.strip()}')
+            errors += 1
+
+print(f'Sweep complete: {done} completed, {errors} errors.', file=sys.stderr)
+" "$JOBS_JSON" "$0" "$DRY_RUN"
+    ;;
+
   *)
-    echo "Commands: post-bounty, find-agent, hire-and-pay, check-job, complete, refund, withdraw-fees, stats"
+    echo "Commands: post-bounty, find-agent, hire-and-pay, check-job, complete, refund, withdraw-fees, stats, approve-multisig, optimistic-sweep"
     exit 1
     ;;
 esac

package/skills/nightpay/scripts/mip003-server.sh

@@ -7,6 +7,14 @@
 # Usage: ./mip003-server.sh [port]
 # Default port: 8090
 #
+# Required env vars:
+#   JOB_TOKEN_SECRET       — HMAC secret for job_token generation (never stored)
+#   OPERATOR_SECRET_KEY    — HMAC secret for operator dispute auth
+#
+# Optional env vars:
+#   OPTIMISTIC_WINDOW_HOURS    — hours before auto-complete fires (default: 48)
+#   MULTISIG_THRESHOLD_SPECKS  — above this value, multisig required (default: 1000000)
+#
 # Register with Masumi after starting:
 #   curl -X POST http://localhost:3001/api/v1/registry \
 #     -H "token: $MASUMI_API_KEY" \
@@ -16,7 +24,7 @@
 #       "description": "Anonymous community bounty board — pool shielded NIGHT, hire AI agents, get ZK receipts",
 #       "apiBaseUrl": "http://your-server:8090",
 #       "capabilityName": "nightpay-bounties",
-#       "capabilityVersion": "0.1.0",
+#       "capabilityVersion": "0.2.0",
 #       "pricingUnit": "lovelace",
 #       "pricingQuantity": "0",
 #       "network": "Preprod",
@@ -31,6 +39,11 @@ PORT="${1:-8090}"
 DATA_DIR="${DATA_DIR:-${HOME}/.nightpay}"
 DB_PATH="${DATA_DIR}/jobs.db"
 
+JOB_TOKEN_SECRET="${JOB_TOKEN_SECRET:?SECURITY: Set JOB_TOKEN_SECRET env var}"
+OPERATOR_SECRET_KEY="${OPERATOR_SECRET_KEY:?SECURITY: Set OPERATOR_SECRET_KEY env var}"
+OPTIMISTIC_WINDOW_HOURS="${OPTIMISTIC_WINDOW_HOURS:-48}"
+MULTISIG_THRESHOLD_SPECKS="${MULTISIG_THRESHOLD_SPECKS:-1000000}"
+
 mkdir -p "$DATA_DIR"
 chmod 700 "$DATA_DIR"
 
@@ -39,13 +52,42 @@ command -v python3 >/dev/null 2>&1 || { echo "python3 required"; exit 1; }
 echo "nightpay MIP-003 service starting on port $PORT..."
 
 python3 -c "
-import http.server, json, uuid, sys, sqlite3, threading
-from datetime import datetime, timezone
+import http.server, json, uuid, sys, sqlite3, threading, hmac, hashlib, re, os
+from datetime import datetime, timezone, timedelta
+from urllib.parse import urlparse, parse_qs
+
+PORT                     = int(sys.argv[1])
+DB_PATH                  = sys.argv[2]
+JOB_TOKEN_SECRET         = sys.argv[3]
+OPERATOR_SECRET_KEY      = sys.argv[4]
+OPTIMISTIC_WINDOW_HOURS  = int(sys.argv[5])
+MULTISIG_THRESHOLD_SPECKS = int(sys.argv[6])
+
+KNOWN_STATUSES = ('running', 'awaiting_approval', 'multisig_pending', 'disputed', 'completed')
+
+# ─── Security helpers ─────────────────────────────────────────────────────────
+
+def make_job_token(job_id):
+    # domain-separated — cannot be reused as any other HMAC in the system
+    msg = f'nightpay-job-token-v1:{job_id}'
+    return hmac.new(JOB_TOKEN_SECRET.encode(), msg.encode(), hashlib.sha256).hexdigest()
+
+def verify_job_token(job_id, token):
+    return hmac.compare_digest(make_job_token(job_id), token)
 
-PORT = int(sys.argv[1])
-DB_PATH = sys.argv[2]
+def verify_work_reveal(work_commit, work, nonce):
+    # SECURITY: domain-separated reveal hash — matches gateway.sh convention
+    revealed = hashlib.sha256(f'nightpay-work-reveal-v1:{work}:{nonce}'.encode()).hexdigest()
+    return hmac.compare_digest(revealed, work_commit)
+
+def verify_operator_sig(job_id, reason, sig):
+    # Operator signs: HMAC(OPERATOR_SECRET_KEY, 'dispute:{job_id}:{reason}')
+    msg = f'dispute:{job_id}:{reason}'
+    expected = hmac.new(OPERATOR_SECRET_KEY.encode(), msg.encode(), hashlib.sha256).hexdigest()
+    return hmac.compare_digest(expected, sig)
+
+# ─── SQLite ───────────────────────────────────────────────────────────────────
 
-# Thread-local connections for SQLite (one per request handler thread)
 local = threading.local()
 
 def get_db():
@@ -61,18 +103,40 @@ conn = sqlite3.connect(DB_PATH)
 conn.execute('PRAGMA journal_mode=WAL')
 conn.executescript('''
     CREATE TABLE IF NOT EXISTS jobs (
-        job_id      TEXT PRIMARY KEY,
-        status      TEXT NOT NULL DEFAULT \"running\",
-        input_data  TEXT,
-        extra_input TEXT,
-        result      TEXT,
-        started_at  TEXT NOT NULL,
-        updated_at  TEXT NOT NULL
+        job_id         TEXT PRIMARY KEY,
+        status         TEXT NOT NULL DEFAULT \"running\",
+        input_data     TEXT,
+        extra_input    TEXT,
+        result         TEXT,
+        started_at     TEXT NOT NULL,
+        updated_at     TEXT NOT NULL,
+        work_commit    TEXT,
+        amount_specks  INTEGER,
+        approved_at    TEXT,
+        dispute_reason TEXT,
+        approvals      TEXT
     );
-    CREATE INDEX IF NOT EXISTS idx_jobs_status ON jobs(status);
+    CREATE INDEX IF NOT EXISTS idx_jobs_status   ON jobs(status);
+    CREATE INDEX IF NOT EXISTS idx_jobs_approved ON jobs(approved_at)
+        WHERE approved_at IS NOT NULL;
 ''')
+# Idempotent migration for existing DBs (ALTER TABLE is safe — ignores dup column)
+for col_def in [
+    'ALTER TABLE jobs ADD COLUMN work_commit    TEXT',
+    'ALTER TABLE jobs ADD COLUMN amount_specks  INTEGER',
+    'ALTER TABLE jobs ADD COLUMN approved_at    TEXT',
+    'ALTER TABLE jobs ADD COLUMN dispute_reason TEXT',
+    'ALTER TABLE jobs ADD COLUMN approvals      TEXT',
+]:
+    try:
+        conn.execute(col_def)
+    except Exception:
+        pass  # column already exists — idempotent
+conn.commit()
 conn.close()
 
+# ─── HTTP handler ─────────────────────────────────────────────────────────────
+
 class MIP003Handler(http.server.BaseHTTPRequestHandler):
     def log_message(self, fmt, *args):
         print(f'[nightpay] {args[0]}')
@@ -85,10 +149,20 @@ class MIP003Handler(http.server.BaseHTTPRequestHandler):
         self.end_headers()
         self.wfile.write(body)
 
+    def _read_body(self):
+        length = int(self.headers.get('Content-Length', 0))
+        return json.loads(self.rfile.read(length)) if length else {}
+
+    def _validate_job_id(self, job_id):
+        # Mirrors validate_job_id in gateway.sh — prevents path traversal
+        return bool(re.match(r'^[a-zA-Z0-9_-]{1,128}$', job_id))
+
+    # ── GET ──────────────────────────────────────────────────────────────────
+
     def do_GET(self):
         if self.path == '/availability':
             db = get_db()
-            total = db.execute('SELECT COUNT(*) FROM jobs').fetchone()[0]
+            total  = db.execute('SELECT COUNT(*) FROM jobs').fetchone()[0]
             active = db.execute('SELECT COUNT(*) FROM jobs WHERE status = ?', ('running',)).fetchone()[0]
             self.respond(200, {
                 'status': 'available',
@@ -107,6 +181,10 @@ class MIP003Handler(http.server.BaseHTTPRequestHandler):
                     'amount_specks': {
                         'type': 'integer',
                         'description': 'Bounty amount in NIGHT specks'
+                    },
+                    'work_commit': {
+                        'type': 'string',
+                        'description': 'sha256(nightpay-work-reveal-v1:{work}:{nonce}) — commit before reveal'
                     }
                 },
                 'required': ['description', 'amount_specks']
@@ -114,6 +192,9 @@ class MIP003Handler(http.server.BaseHTTPRequestHandler):
 
         elif self.path.startswith('/status/'):
             job_id = self.path.split('/')[-1]
+            if not self._validate_job_id(job_id):
+                self.respond(400, {'error': 'invalid job_id format'})
+                return
             db = get_db()
             row = db.execute('SELECT * FROM jobs WHERE job_id = ?', (job_id,)).fetchone()
             if not row:
@@ -128,37 +209,201 @@ class MIP003Handler(http.server.BaseHTTPRequestHandler):
                     job['result'] = json.loads(job['result'])
                 self.respond(200, job)
 
+        elif self.path.startswith('/jobs'):
+            # GET /jobs?status=<value> — used by optimistic-sweep in gateway.sh
+            parsed = urlparse(self.path)
+            params = parse_qs(parsed.query)
+            status_filter = params.get('status', [None])[0]
+
+            # SECURITY: whitelist status values — prevents SQL injection via status param
+            if status_filter and status_filter not in KNOWN_STATUSES:
+                self.respond(400, {'error': f'unknown status filter: {status_filter}'})
+                return
+
+            db = get_db()
+            if status_filter:
+                rows = db.execute(
+                    'SELECT job_id, status, approved_at, amount_specks, input_data FROM jobs WHERE status = ? LIMIT 500',
+                    (status_filter,)
+                ).fetchall()
+            else:
+                rows = db.execute(
+                    'SELECT job_id, status, approved_at, amount_specks, input_data FROM jobs LIMIT 500'
+                ).fetchall()
+
+            jobs = []
+            for r in rows:
+                j = dict(r)
+                if j.get('input_data'):
+                    try:
+                        j['input_data'] = json.loads(j['input_data'])
+                    except Exception:
+                        pass
+                jobs.append(j)
+
+            self.respond(200, {'jobs': jobs})
+
         else:
             self.respond(404, {'error': 'not found'})
 
+    # ── POST ─────────────────────────────────────────────────────────────────
+
     def do_POST(self):
-        length = int(self.headers.get('Content-Length', 0))
-        body = json.loads(self.rfile.read(length)) if length else {}
+        body = self._read_body()
 
         if self.path == '/start_job':
+            # ── Validate optional work_commit ─────────────────────────────
+            work_commit = body.get('work_commit')
+            if work_commit is not None:
+                if not re.match(r'^[0-9a-f]{64}$', str(work_commit)):
+                    self.respond(400, {'error': 'work_commit must be 64-char lowercase hex sha256'})
+                    return
+
+            # ── Validate optional amount_specks ───────────────────────────
+            amount_specks = body.get('amount_specks')
+            if amount_specks is not None:
+                try:
+                    amount_specks = int(amount_specks)
+                    if amount_specks < 0:
+                        raise ValueError
+                except (ValueError, TypeError):
+                    self.respond(400, {'error': 'amount_specks must be a non-negative integer'})
+                    return
+
             job_id = str(uuid.uuid4())
-            now = datetime.now(timezone.utc).isoformat()
-            db = get_db()
+            now    = datetime.now(timezone.utc).isoformat()
+            db     = get_db()
             db.execute(
-                'INSERT INTO jobs(job_id, status, input_data, started_at, updated_at) VALUES (?, ?, ?, ?, ?)',
-                (job_id, 'running', json.dumps(body.get('input_data', {})), now, now)
+                '''INSERT INTO jobs(job_id, status, input_data, work_commit, amount_specks, started_at, updated_at)
+                   VALUES (?, ?, ?, ?, ?, ?, ?)''',
+                (job_id, 'running', json.dumps(body.get('input_data', {})),
+                 work_commit, amount_specks, now, now)
             )
             db.commit()
-            self.respond(200, {'job_id': job_id, 'status': 'running'})
+
+            # SECURITY: job_token is ephemeral — derived on demand, never stored
+            job_token = make_job_token(job_id)
+
+            self.respond(200, {
+                'job_id':    job_id,
+                'job_token': job_token,
+                'status':    'running'
+            })
 
         elif self.path.startswith('/provide_input/'):
             job_id = self.path.split('/')[-1]
-            db = get_db()
+
+            # SECURITY: validate job_id format
+            if not self._validate_job_id(job_id):
+                self.respond(400, {'error': 'invalid job_id format'})
+                return
+
+            # SECURITY: require valid job_token — hard cutover, no legacy fallback
+            auth_header = self.headers.get('Authorization', '')
+            if not auth_header.startswith('Bearer '):
+                self.respond(401, {'error': 'Authorization: Bearer <job_token> required'})
+                return
+            provided_token = auth_header[len('Bearer '):]
+            if not verify_job_token(job_id, provided_token):
+                self.respond(403, {'error': 'invalid job_token'})
+                return
+
+            db  = get_db()
+            row = db.execute(
+                'SELECT work_commit, amount_specks, status FROM jobs WHERE job_id = ?',
+                (job_id,)
+            ).fetchone()
+            if not row:
+                self.respond(404, {'error': 'job not found'})
+                return
+
+            # SECURITY: only accept input while job is still running
+            if row['status'] != 'running':
+                self.respond(409, {'error': f'job is not running (status: {row[\"status\"]})'})
+                return
+
+            # SECURITY: commit-reveal verification (skipped if no work_commit — backward compat)
+            work_commit = row['work_commit']
+            if work_commit is not None:
+                work  = body.get('work')
+                nonce = body.get('work_nonce')
+                if not work or not nonce:
+                    self.respond(400, {'error': 'work and work_nonce required for commit-reveal jobs'})
+                    return
+                if not verify_work_reveal(work_commit, str(work), str(nonce)):
+                    self.respond(400, {'error': 'commit-reveal mismatch: sha256(nightpay-work-reveal-v1:work:nonce) != work_commit'})
+                    return
+
+            now           = datetime.now(timezone.utc)
+            amount_specks = row['amount_specks'] or 0
+
+            # Determine delivery path
+            if amount_specks >= MULTISIG_THRESHOLD_SPECKS:
+                next_status = 'multisig_pending'
+                approved_at = None  # no auto-approve until M-of-N collected
+            else:
+                next_status = 'awaiting_approval'
+                approved_at = (now + timedelta(hours=OPTIMISTIC_WINDOW_HOURS)).isoformat()
+
+            db.execute(
+                '''UPDATE jobs
+                   SET extra_input = ?, status = ?, approved_at = ?, updated_at = ?
+                   WHERE job_id = ?''',
+                (json.dumps(body), next_status, approved_at, now.isoformat(), job_id)
+            )
+            db.commit()
+            self.respond(200, {
+                'status':      next_status,
+                'approved_at': approved_at,
+                'message':     'work accepted, optimistic window started'
+                               if next_status == 'awaiting_approval'
+                               else 'work accepted, awaiting multisig approval'
+            })
+
+        elif self.path.startswith('/dispute/'):
+            job_id = self.path.split('/')[-1]
+
+            if not self._validate_job_id(job_id):
+                self.respond(400, {'error': 'invalid job_id format'})
+                return
+
+            reason = str(body.get('reason', 'no reason given'))[:500]
+
+            # SECURITY: either the job_token holder OR the operator can dispute
+            auth_header   = self.headers.get('Authorization', '')
+            op_sig_header = self.headers.get('X-Operator-Sig', '')
+            authorized    = False
+
+            if auth_header.startswith('Bearer '):
+                token = auth_header[len('Bearer '):]
+                if verify_job_token(job_id, token):
+                    authorized = True
+
+            if not authorized and op_sig_header:
+                if verify_operator_sig(job_id, reason, op_sig_header):
+                    authorized = True
+
+            if not authorized:
+                self.respond(403, {'error': 'dispute requires valid job_token or X-Operator-Sig'})
+                return
+
+            db  = get_db()
             now = datetime.now(timezone.utc).isoformat()
             cur = db.execute(
-                'UPDATE jobs SET extra_input = ?, updated_at = ? WHERE job_id = ?',
-                (json.dumps(body), now, job_id)
+                '''UPDATE jobs SET status = 'disputed', dispute_reason = ?, updated_at = ?
+                   WHERE job_id = ? AND status = 'awaiting_approval' ''',
+                (reason, now, job_id)
             )
             if cur.rowcount == 0:
-                self.respond(404, {'error': 'job not found'})
+                # Check if job exists at all
+                exists = db.execute('SELECT status FROM jobs WHERE job_id = ?', (job_id,)).fetchone()
+                if not exists:
+                    self.respond(404, {'error': 'job not found'})
+                else:
+                    self.respond(409, {'error': f'job cannot be disputed in current state (status: {exists[\"status\"]})'})
             else:
                 db.commit()
-                self.respond(200, {'status': 'input_received'})
+                self.respond(200, {'status': 'disputed', 'reason': reason})
 
         else:
             self.respond(404, {'error': 'not found'})
@@ -169,6 +414,7 @@ class ThreadedHTTPServer(http.server.ThreadingHTTPServer):
 httpd = ThreadedHTTPServer(('0.0.0.0', PORT), MIP003Handler)
 print(f'[nightpay] MIP-003 threaded service ready on port {PORT}')
 print(f'[nightpay] DB: {DB_PATH}')
-print(f'[nightpay] Endpoints: /availability, /input_schema, /start_job, /status/<id>, /provide_input/<id>')
+print(f'[nightpay] Optimistic window: {OPTIMISTIC_WINDOW_HOURS}h | Multisig threshold: {MULTISIG_THRESHOLD_SPECKS} specks')
+print(f'[nightpay] Endpoints: /availability /input_schema /start_job /status/<id> /provide_input/<id> /dispute/<id> /jobs')
 httpd.serve_forever()
-" "$PORT" "$DB_PATH"
+" "$PORT" "$DB_PATH" "$JOB_TOKEN_SECRET" "$OPERATOR_SECRET_KEY" "$OPTIMISTIC_WINDOW_HOURS" "$MULTISIG_THRESHOLD_SPECKS"