settld 0.1.1 → 0.1.5

package/src/api/persistence.js

@@ -9,6 +9,7 @@ import { reduceMonthClose } from "../core/month-close.js";
 import { AGENT_RUN_EVENT_SCHEMA_VERSION, reduceAgentRun } from "../core/agent-runs.js";
 import { normalizeInteractionDirection } from "../core/interaction-directions.js";
 import { DEFAULT_TENANT_ID, normalizeTenantId, makeScopedKey } from "../core/tenancy.js";
+import { canonicalJsonStringify } from "../core/canonical-json.js";
 
 export const TX_LOG_VERSION = 1;
 
@@ -411,6 +412,277 @@ export function applyTxRecord(store, record) {
       continue;
     }
 
+    if (kind === "AGREEMENT_DELEGATION_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const delegation = op.delegation ?? null;
+      if (!delegation || typeof delegation !== "object" || Array.isArray(delegation)) {
+        throw new TypeError("AGREEMENT_DELEGATION_UPSERT requires delegation");
+      }
+      const delegationId = delegation.delegationId ?? op.delegationId ?? null;
+      if (!delegationId) throw new TypeError("AGREEMENT_DELEGATION_UPSERT requires delegation.delegationId");
+      if (!(store.agreementDelegations instanceof Map)) store.agreementDelegations = new Map();
+      const key = makeScopedKey({ tenantId, id: String(delegationId) });
+      store.agreementDelegations.set(key, { ...delegation, tenantId, delegationId: String(delegationId) });
+      continue;
+    }
+
+    if (kind === "X402_GATE_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const gate = op.gate ?? null;
+      if (!gate || typeof gate !== "object" || Array.isArray(gate)) {
+        throw new TypeError("X402_GATE_UPSERT requires gate");
+      }
+      const gateId = gate.gateId ?? gate.id ?? op.gateId ?? null;
+      if (!gateId) throw new TypeError("X402_GATE_UPSERT requires gate.gateId");
+      if (!(store.x402Gates instanceof Map)) store.x402Gates = new Map();
+      const key = makeScopedKey({ tenantId, id: String(gateId) });
+      store.x402Gates.set(key, { ...gate, tenantId, gateId: String(gateId) });
+      continue;
+    }
+
+    if (kind === "X402_AGENT_LIFECYCLE_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const agentLifecycle = op.agentLifecycle ?? null;
+      if (!agentLifecycle || typeof agentLifecycle !== "object" || Array.isArray(agentLifecycle)) {
+        throw new TypeError("X402_AGENT_LIFECYCLE_UPSERT requires agentLifecycle");
+      }
+      const agentId = agentLifecycle.agentId ?? op.agentId ?? null;
+      if (!agentId) throw new TypeError("X402_AGENT_LIFECYCLE_UPSERT requires agentLifecycle.agentId");
+      const status = typeof agentLifecycle.status === "string" ? agentLifecycle.status.trim().toLowerCase() : "";
+      if (status !== "active" && status !== "frozen" && status !== "archived") {
+        throw new TypeError("X402_AGENT_LIFECYCLE_UPSERT requires status active|frozen|archived");
+      }
+      if (!(store.x402AgentLifecycles instanceof Map)) store.x402AgentLifecycles = new Map();
+      const key = makeScopedKey({ tenantId, id: String(agentId) });
+      store.x402AgentLifecycles.set(key, { ...agentLifecycle, tenantId, agentId: String(agentId), status });
+      continue;
+    }
+
+    if (kind === "X402_RECEIPT_PUT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const receipt = op.receipt ?? null;
+      if (!receipt || typeof receipt !== "object" || Array.isArray(receipt)) {
+        throw new TypeError("X402_RECEIPT_PUT requires receipt");
+      }
+      const receiptId = receipt.receiptId ?? op.receiptId ?? null;
+      if (!receiptId) throw new TypeError("X402_RECEIPT_PUT requires receipt.receiptId");
+      if (!(store.x402Receipts instanceof Map)) store.x402Receipts = new Map();
+      const key = makeScopedKey({ tenantId, id: String(receiptId) });
+      const normalized = {
+        ...receipt,
+        tenantId,
+        receiptId: String(receiptId),
+        reversal: null,
+        reversalEvents: []
+      };
+      const existing = store.x402Receipts.get(key) ?? null;
+      if (existing) {
+        const existingCanonical = canonicalJsonStringify(existing);
+        const incomingCanonical = canonicalJsonStringify(normalized);
+        if (existingCanonical !== incomingCanonical) {
+          const err = new Error("x402 receipt is immutable and cannot be changed");
+          err.code = "X402_RECEIPT_IMMUTABLE";
+          err.receiptId = String(receiptId);
+          throw err;
+        }
+        continue;
+      }
+      store.x402Receipts.set(key, normalized);
+      continue;
+    }
+
+    if (kind === "X402_WALLET_POLICY_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const policy = op.policy ?? null;
+      if (!policy || typeof policy !== "object" || Array.isArray(policy)) {
+        throw new TypeError("X402_WALLET_POLICY_UPSERT requires policy");
+      }
+      const sponsorWalletRef = typeof policy.sponsorWalletRef === "string" ? policy.sponsorWalletRef.trim() : "";
+      const policyRef = typeof policy.policyRef === "string" ? policy.policyRef.trim() : "";
+      const policyVersion = Number(policy.policyVersion);
+      if (!sponsorWalletRef) throw new TypeError("X402_WALLET_POLICY_UPSERT requires policy.sponsorWalletRef");
+      if (!policyRef) throw new TypeError("X402_WALLET_POLICY_UPSERT requires policy.policyRef");
+      if (!Number.isSafeInteger(policyVersion) || policyVersion <= 0) {
+        throw new TypeError("X402_WALLET_POLICY_UPSERT requires policy.policyVersion >= 1");
+      }
+      if (!(store.x402WalletPolicies instanceof Map)) store.x402WalletPolicies = new Map();
+      const key = makeScopedKey({ tenantId, id: `${sponsorWalletRef}::${policyRef}::${policyVersion}` });
+      store.x402WalletPolicies.set(key, {
+        ...policy,
+        tenantId,
+        sponsorWalletRef,
+        policyRef,
+        policyVersion
+      });
+      continue;
+    }
+
+    if (kind === "X402_ZK_VERIFICATION_KEY_PUT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const verificationKey = op.verificationKey ?? null;
+      if (!verificationKey || typeof verificationKey !== "object" || Array.isArray(verificationKey)) {
+        throw new TypeError("X402_ZK_VERIFICATION_KEY_PUT requires verificationKey");
+      }
+      const verificationKeyId = verificationKey.verificationKeyId ?? op.verificationKeyId ?? null;
+      if (!verificationKeyId) throw new TypeError("X402_ZK_VERIFICATION_KEY_PUT requires verificationKey.verificationKeyId");
+      if (!(store.x402ZkVerificationKeys instanceof Map)) store.x402ZkVerificationKeys = new Map();
+      const key = makeScopedKey({ tenantId, id: String(verificationKeyId) });
+      const normalized = {
+        ...verificationKey,
+        tenantId,
+        verificationKeyId: String(verificationKeyId)
+      };
+      const existing = store.x402ZkVerificationKeys.get(key) ?? null;
+      if (existing) {
+        const existingCanonical = canonicalJsonStringify(existing);
+        const incomingCanonical = canonicalJsonStringify(normalized);
+        if (existingCanonical !== incomingCanonical) {
+          const err = new Error("x402 zk verification key is immutable and cannot be changed");
+          err.code = "X402_ZK_VERIFICATION_KEY_IMMUTABLE";
+          err.verificationKeyId = String(verificationKeyId);
+          throw err;
+        }
+        continue;
+      }
+      store.x402ZkVerificationKeys.set(key, normalized);
+      continue;
+    }
+
+    if (kind === "X402_REVERSAL_EVENT_APPEND") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const event = op.event ?? null;
+      if (!event || typeof event !== "object" || Array.isArray(event)) {
+        throw new TypeError("X402_REVERSAL_EVENT_APPEND requires event");
+      }
+      const eventId = op.eventId ?? event.eventId ?? event.id ?? null;
+      const gateId = op.gateId ?? event.gateId ?? null;
+      if (!eventId) throw new TypeError("X402_REVERSAL_EVENT_APPEND requires event.eventId");
+      if (!gateId) throw new TypeError("X402_REVERSAL_EVENT_APPEND requires event.gateId");
+      if (!(store.x402ReversalEvents instanceof Map)) store.x402ReversalEvents = new Map();
+      const key = makeScopedKey({ tenantId, id: String(eventId) });
+      store.x402ReversalEvents.set(key, {
+        ...event,
+        tenantId,
+        eventId: String(eventId),
+        gateId: String(gateId)
+      });
+      continue;
+    }
+
+    if (kind === "X402_REVERSAL_NONCE_PUT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const usage = op.usage ?? null;
+      if (!usage || typeof usage !== "object" || Array.isArray(usage)) {
+        throw new TypeError("X402_REVERSAL_NONCE_PUT requires usage");
+      }
+      const sponsorRef = op.sponsorRef ?? usage.sponsorRef ?? null;
+      const nonce = op.nonce ?? usage.nonce ?? null;
+      if (!sponsorRef) throw new TypeError("X402_REVERSAL_NONCE_PUT requires sponsorRef");
+      if (!nonce) throw new TypeError("X402_REVERSAL_NONCE_PUT requires nonce");
+      if (!(store.x402ReversalNonceUsage instanceof Map)) store.x402ReversalNonceUsage = new Map();
+      const key = `${tenantId}\n${String(sponsorRef)}\n${String(nonce)}`;
+      store.x402ReversalNonceUsage.set(key, {
+        ...usage,
+        tenantId,
+        sponsorRef: String(sponsorRef),
+        nonce: String(nonce)
+      });
+      continue;
+    }
+
+    if (kind === "X402_REVERSAL_COMMAND_PUT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const usage = op.usage ?? null;
+      if (!usage || typeof usage !== "object" || Array.isArray(usage)) {
+        throw new TypeError("X402_REVERSAL_COMMAND_PUT requires usage");
+      }
+      const commandId = op.commandId ?? usage.commandId ?? null;
+      if (!commandId) throw new TypeError("X402_REVERSAL_COMMAND_PUT requires commandId");
+      if (!(store.x402ReversalCommandUsage instanceof Map)) store.x402ReversalCommandUsage = new Map();
+      const key = makeScopedKey({ tenantId, id: String(commandId) });
+      store.x402ReversalCommandUsage.set(key, {
+        ...usage,
+        tenantId,
+        commandId: String(commandId)
+      });
+      continue;
+    }
+
+    if (kind === "X402_ESCALATION_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const escalation = op.escalation ?? null;
+      if (!escalation || typeof escalation !== "object" || Array.isArray(escalation)) {
+        throw new TypeError("X402_ESCALATION_UPSERT requires escalation");
+      }
+      const escalationId = escalation.escalationId ?? op.escalationId ?? null;
+      if (!escalationId) throw new TypeError("X402_ESCALATION_UPSERT requires escalation.escalationId");
+      if (!(store.x402Escalations instanceof Map)) store.x402Escalations = new Map();
+      const key = makeScopedKey({ tenantId, id: String(escalationId) });
+      store.x402Escalations.set(key, {
+        ...escalation,
+        tenantId,
+        escalationId: String(escalationId)
+      });
+      continue;
+    }
+
+    if (kind === "X402_ESCALATION_EVENT_APPEND") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const event = op.event ?? null;
+      if (!event || typeof event !== "object" || Array.isArray(event)) {
+        throw new TypeError("X402_ESCALATION_EVENT_APPEND requires event");
+      }
+      const eventId = op.eventId ?? event.eventId ?? event.id ?? null;
+      const escalationId = op.escalationId ?? event.escalationId ?? null;
+      if (!eventId) throw new TypeError("X402_ESCALATION_EVENT_APPEND requires event.eventId");
+      if (!escalationId) throw new TypeError("X402_ESCALATION_EVENT_APPEND requires event.escalationId");
+      if (!(store.x402EscalationEvents instanceof Map)) store.x402EscalationEvents = new Map();
+      const key = makeScopedKey({ tenantId, id: String(eventId) });
+      store.x402EscalationEvents.set(key, {
+        ...event,
+        tenantId,
+        eventId: String(eventId),
+        escalationId: String(escalationId)
+      });
+      continue;
+    }
+
+    if (kind === "X402_ESCALATION_OVERRIDE_USAGE_PUT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const usage = op.usage ?? null;
+      if (!usage || typeof usage !== "object" || Array.isArray(usage)) {
+        throw new TypeError("X402_ESCALATION_OVERRIDE_USAGE_PUT requires usage");
+      }
+      const overrideId = op.overrideId ?? usage.overrideId ?? null;
+      if (!overrideId) throw new TypeError("X402_ESCALATION_OVERRIDE_USAGE_PUT requires overrideId");
+      if (!(store.x402EscalationOverrideUsage instanceof Map)) store.x402EscalationOverrideUsage = new Map();
+      const key = makeScopedKey({ tenantId, id: String(overrideId) });
+      store.x402EscalationOverrideUsage.set(key, {
+        ...usage,
+        tenantId,
+        overrideId: String(overrideId)
+      });
+      continue;
+    }
+
+    if (kind === "X402_WEBHOOK_ENDPOINT_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const endpoint = op.endpoint ?? null;
+      if (!endpoint || typeof endpoint !== "object" || Array.isArray(endpoint)) {
+        throw new TypeError("X402_WEBHOOK_ENDPOINT_UPSERT requires endpoint");
+      }
+      const endpointId = endpoint.endpointId ?? op.endpointId ?? null;
+      if (!endpointId) throw new TypeError("X402_WEBHOOK_ENDPOINT_UPSERT requires endpoint.endpointId");
+      if (!(store.x402WebhookEndpoints instanceof Map)) store.x402WebhookEndpoints = new Map();
+      const key = makeScopedKey({ tenantId, id: String(endpointId) });
+      store.x402WebhookEndpoints.set(key, {
+        ...endpoint,
+        tenantId,
+        endpointId: String(endpointId)
+      });
+      continue;
+    }
+
     if (kind === "TOOL_CALL_HOLD_UPSERT") {
       const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
       const hold = op.hold ?? null;

package/src/api/server.js

@@ -8,6 +8,49 @@ import { configForLog, loadConfig } from "../core/config.js";
 const cfg = loadConfig({ mode: "api" });
 logger.info("config.effective", { config: configForLog(cfg) });
 
+const corsAllowOriginsEnv =
+  typeof process !== "undefined" && typeof process.env.PROXY_CORS_ALLOW_ORIGINS === "string"
+    ? process.env.PROXY_CORS_ALLOW_ORIGINS
+    : "";
+const corsAllowOrigins = new Set(
+  corsAllowOriginsEnv
+    .split(",")
+    .map((row) => row.trim())
+    .filter((row) => row !== "")
+);
+const DEV_CORS_ORIGIN_RE = /^https?:\/\/(localhost|127\.0\.0\.1)(:\d+)?$/i;
+
+function resolveCorsOrigin(originHeader) {
+  if (typeof originHeader !== "string" || originHeader.trim() === "") return null;
+  const origin = originHeader.trim();
+  if (corsAllowOrigins.has("*")) return "*";
+  if (corsAllowOrigins.has(origin)) return origin;
+  if (DEV_CORS_ORIGIN_RE.test(origin)) return origin;
+  return null;
+}
+
+function applyCorsHeaders(req, res) {
+  const allowOrigin = resolveCorsOrigin(req.headers?.origin);
+  if (!allowOrigin) return false;
+  res.setHeader("access-control-allow-origin", allowOrigin);
+  res.setHeader("vary", "origin");
+  res.setHeader("access-control-allow-methods", "GET,POST,PUT,PATCH,DELETE,OPTIONS");
+  res.setHeader(
+    "access-control-allow-headers",
+    [
+      "authorization",
+      "content-type",
+      "idempotency-key",
+      "x-proxy-tenant-id",
+      "x-proxy-ops-token",
+      "x-request-id",
+      "x-settld-protocol"
+    ].join(", ")
+  );
+  res.setHeader("access-control-max-age", "600");
+  return true;
+}
+
 let store;
 if (cfg.store.mode === "pg") {
   store = await createPgStore({
@@ -22,12 +65,30 @@ const api = createApi({ store });
 const { handle } = api;
 
 const port = cfg.api.port;
-const server = http.createServer(handle);
-server.listen(port, () => {
-  const storeDesc =
-    cfg.store.mode === "pg" ? "(postgres)" : cfg.store.persistenceDir ? `(dataDir=${cfg.store.persistenceDir})` : "(in-memory)";
-  logger.info("api listening", { port, storeMode: cfg.store.mode, storeDesc });
+const server = http.createServer((req, res) => {
+  applyCorsHeaders(req, res);
+  if (req.method === "OPTIONS") {
+    res.statusCode = 204;
+    res.end();
+    return;
+  }
+  return handle(req, res);
 });
+const bindHostRaw = typeof process !== "undefined" ? (process.env.PROXY_BIND_HOST ?? process.env.BIND_HOST ?? "") : "";
+const bindHost = typeof bindHostRaw === "string" && bindHostRaw.trim() !== "" ? bindHostRaw.trim() : null;
+if (bindHost) {
+  server.listen(port, bindHost, () => {
+    const storeDesc =
+      cfg.store.mode === "pg" ? "(postgres)" : cfg.store.persistenceDir ? `(dataDir=${cfg.store.persistenceDir})` : "(in-memory)";
+    logger.info("api listening", { port, host: bindHost, storeMode: cfg.store.mode, storeDesc });
+  });
+} else {
+  server.listen(port, () => {
+    const storeDesc =
+      cfg.store.mode === "pg" ? "(postgres)" : cfg.store.persistenceDir ? `(dataDir=${cfg.store.persistenceDir})` : "(in-memory)";
+    logger.info("api listening", { port, storeMode: cfg.store.mode, storeDesc });
+  });
+}
 
 const autotickIntervalMs = cfg.api.autotick.intervalMs;
 const autotickMaxMessages = cfg.api.autotick.maxMessages;
@@ -48,12 +109,27 @@ async function runAutotickOnce() {
     if (cfg.store.mode === "pg" && typeof store.processOutbox === "function") {
       await store.processOutbox({ maxMessages: autotickMaxMessages });
     }
+    if (typeof api.tickDispatch === "function") {
+      await api.tickDispatch({ maxMessages: autotickMaxMessages });
+    }
+    if (typeof api.tickProof === "function") {
+      await api.tickProof({ maxMessages: autotickMaxMessages });
+    }
     if (typeof api.tickArtifacts === "function") {
       await api.tickArtifacts({ maxMessages: autotickMaxMessages });
     }
     if (typeof api.tickDeliveries === "function") {
       await api.tickDeliveries({ maxMessages: autotickMaxMessages });
     }
+    if (typeof api.tickX402Holdbacks === "function") {
+      await api.tickX402Holdbacks({ maxMessages: autotickMaxMessages });
+    }
+    if (typeof api.tickX402InsolvencySweep === "function") {
+      await api.tickX402InsolvencySweep({ maxMessages: autotickMaxMessages });
+    }
+    if (typeof api.tickX402WinddownReversals === "function") {
+      await api.tickX402WinddownReversals({ maxMessages: autotickMaxMessages });
+    }
     if (typeof api.tickBillingStripeSync === "function") {
       await api.tickBillingStripeSync({ maxRows: autotickMaxMessages });
     }