npm - settld - Versions diffs - 0.1.2 → 0.1.5 - Mend

settld 0.1.2 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (441) hide show

package/README.md +61 -3
package/SETTLD_VERSION +1 -1
package/bin/settld-mcp +2 -0
package/bin/settld.js +13 -0
package/conformance/kernel-v0/README.md +7 -0
package/conformance/kernel-v0/run.mjs +292 -4
package/docs/ACCESS.md +57 -0
package/docs/ADOPTION_CHECKLIST.md +44 -0
package/docs/ALERTS.md +198 -0
package/docs/ARCHITECTURE.md +69 -0
package/docs/ARCHITECTURE_FOUNDER_GUIDE.md +284 -0
package/docs/ARTIFACTS.md +60 -0
package/docs/CERTIFICATION_CHECKLIST.md +33 -0
package/docs/CIRCLE_SANDBOX_E2E.md +140 -0
package/docs/CONFIG.md +297 -0
package/docs/CONTRACTS_APIS.md +23 -0
package/docs/DEPRECATION.md +31 -0
package/docs/DOMAIN_MODEL.md +92 -0
package/docs/EVENT_ENVELOPE.md +53 -0
package/docs/FINANCE_PACK_FORMAT.md +53 -0
package/docs/INCIDENT_TAXONOMY.md +30 -0
package/docs/JOB_STATE_MACHINE.md +66 -0
package/docs/KERNEL_COMPATIBLE.md +60 -0
package/docs/KERNEL_V0.md +40 -0
package/docs/KEY_ROTATION.md +80 -0
package/docs/LEDGER.md +82 -0
package/docs/LIVENESS.md +76 -0
package/docs/MVP_BUILD_ORDER.md +36 -0
package/docs/ONCALL_PLAYBOOK.md +39 -0
package/docs/OPERATIONS_SIGNING.md +20 -0
package/docs/OVERVIEW.md +190 -0
package/docs/PERF_BASELINE.md +85 -0
package/docs/PRD.md +77 -0
package/docs/QUICKSTART_KERNEL_V0.md +96 -0
package/docs/QUICKSTART_MCP.md +337 -0
package/docs/QUICKSTART_MCP_HOSTS.md +143 -0
package/docs/QUICKSTART_PRODUCE.md +61 -0
package/docs/QUICKSTART_RELEASE_VERIFY.md +39 -0
package/docs/QUICKSTART_SDK.md +125 -0
package/docs/QUICKSTART_SDK_PYTHON.md +111 -0
package/docs/QUICKSTART_VERIFY.md +54 -0
package/docs/QUICKSTART_X402_GATEWAY.md +317 -0
package/docs/README.md +15 -0
package/docs/RELEASE_CHECKLIST.md +156 -0
package/docs/RELEASING.md +81 -0
package/docs/REPO_SETTINGS.md +37 -0
package/docs/RUNBOOK.md +86 -0
package/docs/SKILLS.md +42 -0
package/docs/SKILL_BUNDLE_FORMAT.md +48 -0
package/docs/SLO.md +70 -0
package/docs/SUMMARY.md +16 -0
package/docs/SUPPORT.md +31 -0
package/docs/THREAT_MODEL.md +36 -0
package/docs/TRUST.md +59 -0
package/docs/WORKFLOW.md +35 -0
package/docs/X402_BATCH_SETTLEMENT.md +126 -0
package/docs/blog/2026-02-14-your-ai-agent-just-spent-500-where-is-the-receipt.md +73 -0
package/docs/examples/x402-provider-payout-registry.example.json +14 -0
package/docs/gitbook/README.md +52 -0
package/docs/gitbook/SETUP.md +25 -0
package/docs/gitbook/SUMMARY.md +15 -0
package/docs/gitbook/api-reference.md +73 -0
package/docs/gitbook/closepacks.md +55 -0
package/docs/gitbook/conformance.md +59 -0
package/docs/gitbook/core-primitives.md +85 -0
package/docs/gitbook/dispute-lifecycle.md +33 -0
package/docs/gitbook/faq.md +21 -0
package/docs/gitbook/guides.md +49 -0
package/docs/gitbook/operations-runbook.md +36 -0
package/docs/gitbook/quickstart.md +104 -0
package/docs/gitbook/replay-and-audit.md +30 -0
package/docs/gitbook/sdk-reference.md +35 -0
package/docs/gitbook/security-model.md +58 -0
package/docs/integrations/README.md +14 -0
package/docs/integrations/github-actions-verify.yml +31 -0
package/docs/integrations/github-actions.md +34 -0
package/docs/integrations/openclaw/CLAWHUB_PUBLISH_CHECKLIST.md +65 -0
package/docs/integrations/openclaw/settld-mcp-skill/SKILL.md +69 -0
package/docs/integrations/openclaw/settld-mcp-skill/mcp-server.example.json +12 -0
package/docs/kernel-compatible/capabilities.json +36 -0
package/docs/marketing/agent-commerce-substrate.md +78 -0
package/docs/marketing/hn-repost-2026-02-17.md +102 -0
package/docs/marketing/show-hn-post.md +45 -0
package/docs/ops/ARTIFACT_VERIFICATION_STATUS.md +43 -0
package/docs/ops/BILLING_WEBHOOK_REPLAY.md +105 -0
package/docs/ops/CI_FLAKE_BUDGET.md +31 -0
package/docs/ops/GO_LIVE_GATE_S13.md +27 -0
package/docs/ops/HOSTED_BASELINE_R2.md +129 -0
package/docs/ops/KERNEL_V0_SHIP_GATE.md +67 -0
package/docs/ops/LIGHTHOUSE_PRODUCTION_CLOSE.md +51 -0
package/docs/ops/MCP_COMPATIBILITY_MATRIX.md +28 -0
package/docs/ops/MINIMUM_PRODUCTION_TOPOLOGY.md +89 -0
package/docs/ops/P0_BACKEND_PROGRESS.md +150 -0
package/docs/ops/PAYMENTS_ALPHA_R5.md +105 -0
package/docs/ops/PILOT_ONBOARDING_RUNBOOK.md +112 -0
package/docs/ops/PRODUCTION_DEPLOYMENT_CHECKLIST.md +103 -0
package/docs/ops/R1_SLOS.md +66 -0
package/docs/ops/RELEASE_SIGNING_INCIDENT.md +58 -0
package/docs/ops/SELF_SERVE_LAUNCH_AUTOMATION.md +89 -0
package/docs/ops/THROUGHPUT_DRILL_10X.md +48 -0
package/docs/ops/TRUST_CONFIG_WIZARD.md +47 -0
package/docs/ops/X402_PILOT_WEEKLY_METRICS.md +76 -0
package/docs/ops/tool-call-disputes-holdback.md +52 -0
package/docs/pilot-kit/PILOT_PACKAGE_SCORECARD_X402.md +46 -0
package/docs/pilot-kit/README.md +29 -0
package/docs/pilot-kit/architecture-one-pager.md +48 -0
package/docs/pilot-kit/buyer-email.txt +19 -0
package/docs/pilot-kit/buyer-one-pager.md +31 -0
package/docs/pilot-kit/gtm-pilot-playbook.md +182 -0
package/docs/pilot-kit/offline-verify.md +33 -0
package/docs/pilot-kit/procurement-one-pager.md +50 -0
package/docs/pilot-kit/rfp-clause.md +46 -0
package/docs/pilot-kit/roi-calculator-template.csv +2 -0
package/docs/pilot-kit/security-qa.md +153 -0
package/docs/pilot-kit/security-summary.md +35 -0
package/docs/plans/2026-02-13-mcp-spike-design.md +113 -0
package/docs/spec/AcceptanceCriteria.v1.md +17 -0
package/docs/spec/AcceptanceEvaluation.v1.md +10 -0
package/docs/spec/AgentEvent.v1.md +47 -0
package/docs/spec/AgentIdentity.v1.md +62 -0
package/docs/spec/AgentPassport.v1.md +95 -0
package/docs/spec/AgentReputation.v1.md +59 -0
package/docs/spec/AgentReputation.v2.md +52 -0
package/docs/spec/AgentRun.v1.md +47 -0
package/docs/spec/AgentRunSettlement.v1.md +52 -0
package/docs/spec/AgentWallet.v1.md +43 -0
package/docs/spec/AgreementDelegation.v1.md +109 -0
package/docs/spec/ArbitrationCase.v1.md +67 -0
package/docs/spec/ArbitrationVerdict.v1.md +60 -0
package/docs/spec/BundleHeadAttestation.v1.md +32 -0
package/docs/spec/CANONICAL_JSON.md +31 -0
package/docs/spec/CRYPTOGRAPHY.md +61 -0
package/docs/spec/ClosePack.v1.md +49 -0
package/docs/spec/ClosePackManifest.v1.md +24 -0
package/docs/spec/DelegationGrant.v1.md +90 -0
package/docs/spec/DisputeOpenEnvelope.v1.md +43 -0
package/docs/spec/ERRORS.md +76 -0
package/docs/spec/ESCROW_NETTING_INVARIANTS.md +71 -0
package/docs/spec/EvidenceIndex.v1.md +20 -0
package/docs/spec/ExecutionIntent.v1.md +90 -0
package/docs/spec/FinancePackBundleManifest.v1.md +24 -0
package/docs/spec/FundingHold.v1.md +60 -0
package/docs/spec/GovernancePolicy.v1.md +34 -0
package/docs/spec/GovernancePolicy.v2.md +30 -0
package/docs/spec/INVARIANTS.md +389 -0
package/docs/spec/InteractionDirectionMatrix.v1.md +30 -0
package/docs/spec/InvoiceBundleManifest.v1.md +24 -0
package/docs/spec/InvoiceClaim.v1.md +11 -0
package/docs/spec/MONEY_RAIL_STATE_MACHINE.md +58 -0
package/docs/spec/MarketplaceAcceptance.v2.md +46 -0
package/docs/spec/MarketplaceOffer.v2.md +54 -0
package/docs/spec/MeteringReport.v1.md +18 -0
package/docs/spec/PRODUCER_ERRORS.md +42 -0
package/docs/spec/PricingMatrix.v1.md +20 -0
package/docs/spec/PricingMatrixSignatures.v1.md +30 -0
package/docs/spec/PricingMatrixSignatures.v2.md +29 -0
package/docs/spec/ProduceCliOutput.v1.md +46 -0
package/docs/spec/ProofBundleManifest.v1.md +24 -0
package/docs/spec/README.md +104 -0
package/docs/spec/REFERENCE_IMPLEMENTATIONS.md +29 -0
package/docs/spec/REFERENCE_VERIFIER_BEHAVIOR.md +68 -0
package/docs/spec/REMOTE_SIGNER.md +66 -0
package/docs/spec/ReleaseIndex.v1.md +32 -0
package/docs/spec/ReleaseIndexSignatures.v1.md +17 -0
package/docs/spec/ReleaseTrust.v1.md +13 -0
package/docs/spec/ReleaseTrust.v2.md +26 -0
package/docs/spec/RemoteSignerRequest.v1.md +21 -0
package/docs/spec/RemoteSignerResponse.v1.md +16 -0
package/docs/spec/ReputationEvent.v1.md +63 -0
package/docs/spec/RevocationList.v1.md +28 -0
package/docs/spec/SIGNER_PROVIDER_PLUGIN.md +32 -0
package/docs/spec/STRICTNESS.md +68 -0
package/docs/spec/SUPPLY_CHAIN.md +33 -0
package/docs/spec/SettlementAdjustment.v1.md +45 -0
package/docs/spec/SettlementDecisionRecord.v1.md +48 -0
package/docs/spec/SettlementDecisionRecord.v2.md +51 -0
package/docs/spec/SettlementDecisionReport.v1.md +44 -0
package/docs/spec/SettlementKernel.v1.md +59 -0
package/docs/spec/SettlementReceipt.v1.md +63 -0
package/docs/spec/SlaDefinition.v1.md +24 -0
package/docs/spec/SlaEvaluation.v1.md +12 -0
package/docs/spec/THREAT_MODEL.md +113 -0
package/docs/spec/TOOL_PROVENANCE.md +30 -0
package/docs/spec/TRUST_ANCHORS.md +84 -0
package/docs/spec/TenantSettings.v1.md +90 -0
package/docs/spec/TenantSettings.v2.md +99 -0
package/docs/spec/TimestampProof.v1.md +25 -0
package/docs/spec/ToolCallAgreement.v1.md +34 -0
package/docs/spec/ToolCallEvidence.v1.md +47 -0
package/docs/spec/ToolManifest.v1.md +47 -0
package/docs/spec/VERIFIER_ENVIRONMENT.md +38 -0
package/docs/spec/VERSIONING.md +107 -0
package/docs/spec/VerificationReport.v1.md +50 -0
package/docs/spec/VerifyAboutOutput.v1.md +10 -0
package/docs/spec/VerifyCliOutput.v1.md +28 -0
package/docs/spec/WARNINGS.md +83 -0
package/docs/spec/error-codes.v1.txt +285 -0
package/docs/spec/examples/agreement_delegation_v1.example.json +21 -0
package/docs/spec/examples/arbitration_case_v1.example.json +26 -0
package/docs/spec/examples/arbitration_verdict_v1.example.json +32 -0
package/docs/spec/examples/dispute_open_envelope_v1.example.json +18 -0
package/docs/spec/examples/produce_cli_output_v1.example.json +32 -0
package/docs/spec/examples/release_index_signature_v1.example.json +9 -0
package/docs/spec/examples/release_index_signatures_v1.example.json +14 -0
package/docs/spec/examples/release_index_v1.example.json +15 -0
package/docs/spec/examples/release_trust_v1.example.json +7 -0
package/docs/spec/examples/release_trust_v2.example.json +22 -0
package/docs/spec/examples/remote_signer_request_v1.example.json +18 -0
package/docs/spec/examples/remote_signer_response_v1.example.json +8 -0
package/docs/spec/examples/reputation_event_v1.example.json +29 -0
package/docs/spec/examples/verification_report_v1.example.json +24 -0
package/docs/spec/examples/verify_about_output_v1.example.json +29 -0
package/docs/spec/examples/verify_cli_output_v1.example.json +13 -0
package/docs/spec/legacy/MarketplaceAcceptance.v1.md +48 -0
package/docs/spec/legacy/MarketplaceOffer.v1.md +56 -0
package/docs/spec/legacy/schemas/MarketplaceAcceptance.v1.schema.json +53 -0
package/docs/spec/legacy/schemas/MarketplaceOffer.v1.schema.json +61 -0
package/docs/spec/producer-error-codes.v1.txt +14 -0
package/docs/spec/schemas/AcceptanceCriteria.v1.schema.json +24 -0
package/docs/spec/schemas/AcceptanceEvaluation.v1.schema.json +26 -0
package/docs/spec/schemas/AgentEvent.v1.schema.json +49 -0
package/docs/spec/schemas/AgentIdentity.v1.schema.json +129 -0
package/docs/spec/schemas/AgentPassport.v1.schema.json +112 -0
package/docs/spec/schemas/AgentReputation.v1.schema.json +151 -0
package/docs/spec/schemas/AgentReputation.v2.schema.json +120 -0
package/docs/spec/schemas/AgentRun.v1.schema.json +71 -0
package/docs/spec/schemas/AgentRunSettlement.v1.schema.json +75 -0
package/docs/spec/schemas/AgentWallet.v1.schema.json +54 -0
package/docs/spec/schemas/AgreementDelegation.v1.schema.json +50 -0
package/docs/spec/schemas/ArbitrationCase.v1.schema.json +133 -0
package/docs/spec/schemas/ArbitrationVerdict.v1.schema.json +149 -0
package/docs/spec/schemas/BundleHeadAttestation.v1.schema.json +21 -0
package/docs/spec/schemas/ClosePackManifest.v1.schema.json +38 -0
package/docs/spec/schemas/DelegationGrant.v1.schema.json +102 -0
package/docs/spec/schemas/DisputeOpenEnvelope.v1.schema.json +78 -0
package/docs/spec/schemas/EvidenceIndex.v1.schema.json +41 -0
package/docs/spec/schemas/ExecutionIntent.v1.schema.json +85 -0
package/docs/spec/schemas/FinancePackBundleManifest.v1.schema.json +38 -0
package/docs/spec/schemas/FundingHold.v1.schema.json +46 -0
package/docs/spec/schemas/GovernancePolicy.v1.schema.json +45 -0
package/docs/spec/schemas/GovernancePolicy.v2.schema.json +70 -0
package/docs/spec/schemas/InteractionDirectionMatrix.v1.schema.json +43 -0
package/docs/spec/schemas/InvoiceBundleManifest.v1.schema.json +38 -0
package/docs/spec/schemas/InvoiceClaim.v1.schema.json +39 -0
package/docs/spec/schemas/MarketplaceAcceptance.v2.schema.json +53 -0
package/docs/spec/schemas/MarketplaceOffer.v2.schema.json +61 -0
package/docs/spec/schemas/MeteringReport.v1.schema.json +45 -0
package/docs/spec/schemas/PricingMatrix.v1.schema.json +24 -0
package/docs/spec/schemas/PricingMatrixSignatures.v1.schema.json +24 -0
package/docs/spec/schemas/PricingMatrixSignatures.v2.schema.json +24 -0
package/docs/spec/schemas/ProduceCliOutput.v1.schema.json +107 -0
package/docs/spec/schemas/ProofBundleManifest.v1.schema.json +37 -0
package/docs/spec/schemas/PublicKeys.v1.schema.json +33 -0
package/docs/spec/schemas/ReleaseIndex.v1.schema.json +45 -0
package/docs/spec/schemas/ReleaseIndexSignature.v1.schema.json +16 -0
package/docs/spec/schemas/ReleaseIndexSignatures.v1.schema.json +16 -0
package/docs/spec/schemas/ReleaseTrust.v1.schema.json +15 -0
package/docs/spec/schemas/ReleaseTrust.v2.schema.json +37 -0
package/docs/spec/schemas/RemoteSignerPublicKeyResponse.v1.schema.json +14 -0
package/docs/spec/schemas/RemoteSignerRequest.v1.schema.json +24 -0
package/docs/spec/schemas/RemoteSignerResponse.v1.schema.json +10 -0
package/docs/spec/schemas/RemoteSignerSignRequest.v1.schema.json +27 -0
package/docs/spec/schemas/RemoteSignerSignResponse.v1.schema.json +16 -0
package/docs/spec/schemas/ReputationEvent.v1.schema.json +164 -0
package/docs/spec/schemas/RevocationList.v1.schema.json +51 -0
package/docs/spec/schemas/SettlementAdjustment.v1.schema.json +44 -0
package/docs/spec/schemas/SettlementDecisionRecord.v1.schema.json +66 -0
package/docs/spec/schemas/SettlementDecisionRecord.v2.schema.json +148 -0
package/docs/spec/schemas/SettlementDecisionReport.v1.schema.json +61 -0
package/docs/spec/schemas/SettlementReceipt.v1.schema.json +135 -0
package/docs/spec/schemas/SlaDefinition.v1.schema.json +33 -0
package/docs/spec/schemas/SlaEvaluation.v1.schema.json +26 -0
package/docs/spec/schemas/TenantSettings.v1.schema.json +90 -0
package/docs/spec/schemas/TenantSettings.v2.schema.json +161 -0
package/docs/spec/schemas/TimestampProof.v1.schema.json +17 -0
package/docs/spec/schemas/ToolCallAgreement.v1.schema.json +34 -0
package/docs/spec/schemas/ToolCallEvidence.v1.schema.json +45 -0
package/docs/spec/schemas/ToolManifest.v1.schema.json +54 -0
package/docs/spec/schemas/VerificationReport.v1.schema.json +83 -0
package/docs/spec/schemas/VerifyAboutOutput.v1.schema.json +54 -0
package/docs/spec/schemas/VerifyCliOutput.v1.schema.json +75 -0
package/docs/spec/schemas/VerifyReleaseOutput.v1.schema.json +47 -0
package/docs/spec/x402-error-codes.v1.txt +21 -0
package/docs/templates/buyer-email.txt +18 -0
package/docs/templates/buyer-one-pager.md +24 -0
package/package.json +40 -6
package/scripts/acceptance/full-stack.mjs +734 -0
package/scripts/acceptance/full-stack.sh +99 -0
package/scripts/audit/build-audit-packet.mjs +242 -0
package/scripts/backup-pg.sh +45 -0
package/scripts/backup-restore/README.md +18 -0
package/scripts/backup-restore/capture-state.mjs +130 -0
package/scripts/backup-restore/client.mjs +97 -0
package/scripts/backup-restore/seed-workload.mjs +235 -0
package/scripts/backup-restore/verify-state.mjs +139 -0
package/scripts/backup-restore-test.sh +217 -0
package/scripts/chaos.js +221 -0
package/scripts/ci/build-launch-cutover-packet.mjs +148 -0
package/scripts/ci/build-self-serve-benchmark-report.mjs +122 -0
package/scripts/ci/changelog-guard.mjs +145 -0
package/scripts/ci/check-kernel-v0-launch-gate.mjs +233 -0
package/scripts/ci/check-secret-hygiene.mjs +78 -0
package/scripts/ci/check-version-consistency.mjs +42 -0
package/scripts/ci/cli-pack-smoke.mjs +160 -0
package/scripts/ci/flake-budget-guard.mjs +68 -0
package/scripts/ci/generate-error-codes.mjs +54 -0
package/scripts/ci/lib/lighthouse-tracker.mjs +90 -0
package/scripts/ci/lib/self-serve-launch-gate.mjs +89 -0
package/scripts/ci/npm-pack-smoke.mjs +454 -0
package/scripts/ci/run-10x-throughput-drill.mjs +246 -0
package/scripts/ci/run-10x-throughput-incident-rehearsal.mjs +325 -0
package/scripts/ci/run-arbitration-workspace-browser-e2e.sh +22 -0
package/scripts/ci/run-circle-sandbox-smoke.mjs +237 -0
package/scripts/ci/run-go-live-gate.mjs +150 -0
package/scripts/ci/run-kernel-v0-ship-gate.mjs +97 -0
package/scripts/ci/run-mcp-host-smoke.mjs +275 -0
package/scripts/ci/run-self-serve-launch-gate.mjs +56 -0
package/scripts/ci/runtime-import-smoke.mjs +58 -0
package/scripts/ci/update-lighthouse-tracker.mjs +112 -0
package/scripts/closepack/lib.mjs +286 -0
package/scripts/collect-debug.sh +263 -0
package/scripts/demo/compositional-settlement-3hop.mjs +237 -0
package/scripts/demo/delivery-robot/export-ui-fixture.mjs +188 -0
package/scripts/demo/delivery-robot/generate.mjs +377 -0
package/scripts/demo/kernel-agent-goes-shopping.mjs +202 -0
package/scripts/demo/magic-link-first-green.mjs +118 -0
package/scripts/demo/magic-link-kind-smoke.mjs +577 -0
package/scripts/demo/mcp-paid-exa.mjs +1110 -0
package/scripts/dev/billing-doctor.sh +145 -0
package/scripts/dev/billing-smoke-prod.sh +219 -0
package/scripts/dev/billing-webhook-replay.sh +161 -0
package/scripts/dev/env.dev.example +29 -0
package/scripts/dev/env.sh +37 -0
package/scripts/dev/new-sdk-key.sh +81 -0
package/scripts/dev/sdk-first-run.sh +21 -0
package/scripts/dev/smoke-x402-gateway.sh +115 -0
package/scripts/dev/start-api.sh +24 -0
package/scripts/examples/produce-and-verify-jobproof.mjs +191 -0
package/scripts/examples/sdk-first-paid-rfq.py +105 -0
package/scripts/examples/sdk-first-verified-run.mjs +85 -0
package/scripts/examples/sdk-first-verified-run.py +99 -0
package/scripts/examples/sdk-tenant-analytics.mjs +103 -0
package/scripts/examples/sdk-tenant-analytics.py +118 -0
package/scripts/finance-pack/bundle.mjs +284 -0
package/scripts/fixtures/generate-bundle-fixtures.mjs +877 -0
package/scripts/governance/export.mjs +169 -0
package/scripts/load/delivery-stress.k6.js +183 -0
package/scripts/load/ingest-burst.k6.js +236 -0
package/scripts/load/run-delivery-load.js +66 -0
package/scripts/load/webhook-receiver.js +131 -0
package/scripts/magic-link/migrate-run-records-to-db.mjs +35 -0
package/scripts/mcp/probe.mjs +238 -0
package/scripts/mcp/settld-mcp-http-gateway.mjs +178 -0
package/scripts/mcp/settld-mcp-server.mjs +1201 -0
package/scripts/openapi/write.mjs +13 -0
package/scripts/ops/bootstrap-tenant-conformance.mjs +185 -0
package/scripts/ops/build-x402-pilot-reliability-report.mjs +489 -0
package/scripts/ops/check-x402-receipt-sample.mjs +181 -0
package/scripts/ops/design-partner-run-packet.mjs +466 -0
package/scripts/ops/hosted-baseline-evidence.mjs +681 -0
package/scripts/ops/money-rails-chargeback-evidence.mjs +509 -0
package/scripts/ops/money-rails-reconcile-evidence.mjs +180 -0
package/scripts/ops/p0-seed-money-rail-operation.mjs +432 -0
package/scripts/pilot/finance-pack.mjs +495 -0
package/scripts/pilot/fixtures/robot-keypair.json +4 -0
package/scripts/pilot/fixtures/server-signer.json +4 -0
package/scripts/proof-bundle/job.mjs +109 -0
package/scripts/proof-bundle/lib.mjs +92 -0
package/scripts/proof-bundle/month.mjs +103 -0
package/scripts/provider/conformance-run.mjs +159 -0
package/scripts/provider/keys-generate.mjs +135 -0
package/scripts/provider/publish.mjs +420 -0
package/scripts/quickstart/x402.mjs +334 -0
package/scripts/release/build-artifacts.mjs +181 -0
package/scripts/release/generate-release-index.mjs +112 -0
package/scripts/release/release-index-lib.mjs +232 -0
package/scripts/release/sign-release-index.mjs +85 -0
package/scripts/release/validate-release-assets.mjs +170 -0
package/scripts/release/verify-release.mjs +261 -0
package/scripts/restore-pg.sh +34 -0
package/scripts/scaffold/create-settld-paid-tool.mjs +19 -0
package/scripts/sdk/smoke-python.py +30 -0
package/scripts/sdk/smoke.mjs +16 -0
package/scripts/settlement/x402-batch-worker.mjs +1091 -0
package/scripts/slo/check.mjs +178 -0
package/scripts/smoke/k8s-smoke.mjs +214 -0
package/scripts/spec/generate-protocol-vectors.mjs +931 -0
package/scripts/test/check-no-generated-artifacts.sh +12 -0
package/scripts/test/run.sh +45 -0
package/scripts/trust/validate-trust-file.mjs +57 -0
package/scripts/trust-config/rotate-settld-pay.mjs +277 -0
package/scripts/trust-config/wizard.mjs +161 -0
package/scripts/vendor-contract-test-lib.mjs +182 -0
package/scripts/vendor-contract-test.mjs +55 -0
package/scripts/vercel/build-mkdocs.sh +9 -0
package/scripts/vercel/ignore-mkdocs.sh +25 -0
package/scripts/vercel/install-mkdocs.sh +6 -0
package/scripts/verify-pg.js +217 -0
package/scripts/x402/receipt-verify.mjs +289 -0
package/services/finance-sink/src/dedupe-store.js +29 -6
package/services/receiver/src/dedupe-store.js +29 -5
package/services/x402-gateway/Dockerfile +13 -0
package/services/x402-gateway/README.md +58 -0
package/services/x402-gateway/examples/upstream-mock.js +337 -0
package/services/x402-gateway/src/server.js +947 -0
package/src/api/app.js +32517 -16877
package/src/api/maintenance.js +70 -0
package/src/api/openapi.js +1130 -17
package/src/api/persistence.js +272 -0
package/src/api/server.js +81 -5
package/src/api/store.js +1248 -6
package/src/api/workers/deliveries.js +99 -4
package/src/api/workers/insolvency-sweep.js +159 -0
package/src/core/agent-card.js +69 -0
package/src/core/agent-wallets.js +97 -0
package/src/core/agreement-delegation.js +549 -0
package/src/core/billing-plans.js +40 -6
package/src/core/circle-reserve-adapter.js +845 -0
package/src/core/maintenance-locks.js +1 -0
package/src/core/paid-tool-manifest.js +318 -0
package/src/core/provider-publish-conformance.js +525 -0
package/src/core/provider-publish-proof.js +396 -0
package/src/core/provider-quote-signature.js +170 -0
package/src/core/settld-keys.js +112 -0
package/src/core/settld-pay-token.js +344 -0
package/src/core/settlement-kernel.js +213 -2
package/src/core/settlement-verifier.js +335 -0
package/src/core/tool-call-agreement.js +112 -0
package/src/core/tool-call-evidence.js +144 -0
package/src/core/tool-provider-signature.js +98 -0
package/src/core/x402-escalation-override.js +258 -0
package/src/core/x402-gate.js +118 -0
package/src/core/x402-provider-refund-decision.js +220 -0
package/src/core/x402-receipt-verifier.js +708 -0
package/src/core/x402-reversal-command.js +251 -0
package/src/core/x402-wallet-issuer-decision.js +252 -0
package/src/core/zk-verifier.js +300 -0
package/src/db/migrations/029_reputation_event_index.sql +54 -0
package/src/db/migrations/030_artifacts_source_event_unique_job_only.sql +15 -0
package/src/db/pg.js +18 -7
package/src/db/store-pg.js +838 -72

package/src/core/maintenance-locks.js CHANGED Viewed

@@ -1,3 +1,4 @@
 export const RETENTION_CLEANUP_ADVISORY_LOCK_KEY = "settld:maintenance:retention_cleanup:v1";
 export const FINANCE_RECONCILE_ADVISORY_LOCK_KEY = "settld:maintenance:finance_reconcile:v1";
+export const MONEY_RAIL_RECONCILE_ADVISORY_LOCK_KEY = "settld:maintenance:money_rail_reconcile:v1";
 export const MIGRATIONS_ADVISORY_LOCK_KEY = "settld:migrations:v1";

package/src/core/paid-tool-manifest.js ADDED Viewed

@@ -0,0 +1,318 @@
+import { canonicalJsonStringify, normalizeForCanonicalJson } from "./canonical-json.js";
+import { sha256Hex } from "./crypto.js";
+export const PAID_TOOL_MANIFEST_SCHEMA_VERSION_V1 = "PaidToolManifest.v1";
+export const PAID_TOOL_MANIFEST_SCHEMA_VERSION_V2 = "PaidToolManifest.v2";
+export const PAID_TOOL_MANIFEST_SCHEMA_VERSION = PAID_TOOL_MANIFEST_SCHEMA_VERSION_V1;
+function assertPlainObject(value, name) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    throw new TypeError(`${name} must be an object`);
+  }
+}
+function normalizeNonEmptyString(value, name, { max = 256 } = {}) {
+  const text = typeof value === "string" ? value.trim() : "";
+  if (!text) throw new TypeError(`${name} is required`);
+  if (text.length > max) throw new TypeError(`${name} must be <= ${max} chars`);
+  return text;
+}
+function normalizeOptionalString(value, name, { max = 2048 } = {}) {
+  if (value === null || value === undefined || String(value).trim() === "") return null;
+  const text = String(value).trim();
+  if (text.length > max) throw new TypeError(`${name} must be <= ${max} chars`);
+  return text;
+}
+function normalizeOptionalAbsoluteHttpUrl(value, name) {
+  const raw = normalizeOptionalString(value, name, { max: 2048 });
+  if (!raw) return null;
+  let parsed = null;
+  try {
+    parsed = new URL(raw);
+  } catch {
+    throw new TypeError(`${name} must be an absolute URL`);
+  }
+  if (parsed.protocol !== "https:" && parsed.protocol !== "http:") {
+    throw new TypeError(`${name} must use http or https`);
+  }
+  return parsed.toString();
+}
+function normalizeManifestSchemaVersion(value) {
+  const text = normalizeNonEmptyString(value, "manifest.schemaVersion", { max: 64 });
+  if (text === PAID_TOOL_MANIFEST_SCHEMA_VERSION_V1 || text === PAID_TOOL_MANIFEST_SCHEMA_VERSION_V2) return text;
+  throw new TypeError(
+    `manifest.schemaVersion must be ${PAID_TOOL_MANIFEST_SCHEMA_VERSION_V1} or ${PAID_TOOL_MANIFEST_SCHEMA_VERSION_V2}`
+  );
+}
+function normalizeToolClass(value, name) {
+  const raw = normalizeOptionalString(value, name, { max: 32 });
+  const normalized = raw ? raw.toLowerCase() : null;
+  if (normalized === null) return null;
+  if (!["read", "compute", "action"].includes(normalized)) {
+    throw new TypeError(`${name} must be read|compute|action`);
+  }
+  return normalized;
+}
+function normalizeRiskLevel(value, name) {
+  const raw = normalizeOptionalString(value, name, { max: 32 });
+  if (!raw) return null;
+  const normalized = raw.toLowerCase() === "med" ? "medium" : raw.toLowerCase();
+  if (!["low", "medium", "high"].includes(normalized)) {
+    throw new TypeError(`${name} must be low|medium|high`);
+  }
+  return normalized;
+}
+function normalizeStringArray(value, name, { maxItems = 32, maxLen = 64 } = {}) {
+  if (value === null || value === undefined) return [];
+  if (!Array.isArray(value)) throw new TypeError(`${name} must be an array`);
+  const out = [];
+  const seen = new Set();
+  for (let i = 0; i < value.length; i += 1) {
+    const row = normalizeNonEmptyString(value[i], `${name}[${i}]`, { max: maxLen }).toLowerCase();
+    if (seen.has(row)) continue;
+    seen.add(row);
+    out.push(row);
+    if (out.length > maxItems) throw new TypeError(`${name} must contain <= ${maxItems} items`);
+  }
+  return out;
+}
+function normalizeRequiredSignatures(value, name) {
+  const allowed = new Set(["quote", "output", "refund_decision"]);
+  const out = normalizeStringArray(value, name, { maxItems: 8, maxLen: 32 });
+  for (const item of out) {
+    if (!allowed.has(item)) throw new TypeError(`${name} contains unsupported value: ${item}`);
+  }
+  return out;
+}
+function normalizeRequestBinding(value, name) {
+  const raw = normalizeOptionalString(value, name, { max: 32 });
+  if (!raw) return null;
+  const normalized = raw.toLowerCase();
+  if (!["strict", "recommended", "none"].includes(normalized)) {
+    throw new TypeError(`${name} must be strict|recommended|none`);
+  }
+  return normalized;
+}
+function normalizeHttpMethod(value, name) {
+  const method = normalizeNonEmptyString(value ?? "GET", name, { max: 16 }).toUpperCase();
+  if (!["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"].includes(method)) {
+    throw new TypeError(`${name} must be GET|POST|PUT|PATCH|DELETE|HEAD`);
+  }
+  return method;
+}
+function normalizeCurrency(value, name) {
+  const raw = typeof value === "string" && value.trim() !== "" ? value.trim().toUpperCase() : "USD";
+  if (!/^[A-Z][A-Z0-9_]{2,11}$/.test(raw)) throw new TypeError(`${name} must match ^[A-Z][A-Z0-9_]{2,11}$`);
+  return raw;
+}
+function normalizePositiveSafeInt(value, name) {
+  const n = Number(value);
+  if (!Number.isSafeInteger(n) || n <= 0) throw new TypeError(`${name} must be a positive safe integer`);
+  return n;
+}
+function normalizeRoutePath(value, name) {
+  const text = normalizeNonEmptyString(value, name, { max: 1024 });
+  if (!text.startsWith("/")) throw new TypeError(`${name} must start with /`);
+  if (text.includes("..")) throw new TypeError(`${name} must not contain path traversal`);
+  return text;
+}
+function normalizePricing(rawPricing, defaults, fieldPath) {
+  const pricing = rawPricing && typeof rawPricing === "object" && !Array.isArray(rawPricing) ? rawPricing : {};
+  const amountCents = normalizePositiveSafeInt(pricing.amountCents ?? defaults.amountCents ?? 500, `${fieldPath}.amountCents`);
+  const currency = normalizeCurrency(pricing.currency ?? defaults.currency ?? "USD", `${fieldPath}.currency`);
+  return normalizeForCanonicalJson({ amountCents, currency }, { path: "$" });
+}
+function normalizeToolSecurity(rawSecurity, defaults, fieldPath) {
+  const security = rawSecurity && typeof rawSecurity === "object" && !Array.isArray(rawSecurity) ? rawSecurity : {};
+  const requiredSignatures = normalizeRequiredSignatures(
+    security.requiredSignatures ?? security.required_signatures ?? defaults.requiredSignatures ?? [],
+    `${fieldPath}.requiredSignatures`
+  );
+  const requestBinding =
+    normalizeRequestBinding(security.requestBinding ?? security.request_binding ?? defaults.requestBinding, `${fieldPath}.requestBinding`) ??
+    "recommended";
+  return normalizeForCanonicalJson(
+    {
+      requiredSignatures,
+      requestBinding
+    },
+    { path: "$" }
+  );
+}
+function normalizeTool(rawTool, defaults, { index, schemaVersion }) {
+  assertPlainObject(rawTool, `tools[${index}]`);
+  const toolId = normalizeNonEmptyString(rawTool.toolId, `tools[${index}].toolId`, { max: 128 });
+  const mcpToolName = normalizeOptionalString(rawTool.mcpToolName, `tools[${index}].mcpToolName`, { max: 180 });
+  const description = normalizeOptionalString(rawTool.description, `tools[${index}].description`, { max: 1000 });
+  const method = normalizeHttpMethod(rawTool.method ?? "GET", `tools[${index}].method`);
+  const upstreamPath = normalizeOptionalString(rawTool.upstreamPath, `tools[${index}].upstreamPath`, { max: 1024 });
+  const paidPath = normalizeRoutePath(rawTool.paidPath, `tools[${index}].paidPath`);
+  const idempotency = normalizeOptionalString(rawTool.idempotency, `tools[${index}].idempotency`, { max: 64 }) ?? defaults.idempotency ?? "idempotent";
+  const signatureMode = normalizeOptionalString(rawTool.signatureMode, `tools[${index}].signatureMode`, { max: 64 }) ?? defaults.signatureMode ?? "required";
+  if (!["idempotent", "non_idempotent", "side_effecting"].includes(String(idempotency))) {
+    throw new TypeError(`tools[${index}].idempotency must be idempotent|non_idempotent|side_effecting`);
+  }
+  if (!["required", "optional"].includes(String(signatureMode))) {
+    throw new TypeError(`tools[${index}].signatureMode must be required|optional`);
+  }
+  const pricing = normalizePricing(rawTool.pricing, defaults, `tools[${index}].pricing`);
+  const auth =
+    rawTool.auth && typeof rawTool.auth === "object" && !Array.isArray(rawTool.auth)
+      ? normalizeForCanonicalJson(rawTool.auth, { path: "$" })
+      : normalizeForCanonicalJson({ mode: "none" }, { path: "$" });
+  const metadata =
+    rawTool.metadata && typeof rawTool.metadata === "object" && !Array.isArray(rawTool.metadata)
+      ? normalizeForCanonicalJson(rawTool.metadata, { path: "$" })
+      : null;
+  const isV2 = schemaVersion === PAID_TOOL_MANIFEST_SCHEMA_VERSION_V2;
+  const toolClass = normalizeToolClass(
+    rawTool.toolClass ?? rawTool.tool_class ?? defaults.toolClass ?? null,
+    `tools[${index}].toolClass`
+  );
+  const riskLevel = normalizeRiskLevel(
+    rawTool.riskLevel ?? rawTool.risk_level ?? defaults.riskLevel ?? null,
+    `tools[${index}].riskLevel`
+  );
+  const capabilityTags = normalizeStringArray(
+    rawTool.capabilityTags ?? rawTool.capability_tags ?? rawTool.tags ?? [],
+    `tools[${index}].capabilityTags`,
+    { maxItems: 64, maxLen: 80 }
+  );
+  const security = normalizeToolSecurity(rawTool.security ?? null, defaults, `tools[${index}].security`);
+  return normalizeForCanonicalJson(
+    {
+      toolId,
+      mcpToolName,
+      description,
+      method,
+      upstreamPath,
+      paidPath,
+      pricing,
+      idempotency,
+      signatureMode,
+      auth,
+      metadata,
+      ...(isV2
+        ? {
+            toolClass: toolClass ?? "read",
+            riskLevel: riskLevel ?? "low",
+            capabilityTags,
+            security
+          }
+        : {})
+    },
+    { path: "$" }
+  );
+}
+export function normalizePaidToolManifestV1(manifestInput) {
+  assertPlainObject(manifestInput, "manifest");
+  const schemaVersion = normalizeManifestSchemaVersion(manifestInput.schemaVersion);
+  const isV2 = schemaVersion === PAID_TOOL_MANIFEST_SCHEMA_VERSION_V2;
+  const providerId = normalizeNonEmptyString(manifestInput.providerId, "manifest.providerId", { max: 160 });
+  const upstreamBaseUrl = normalizeOptionalString(manifestInput.upstreamBaseUrl, "manifest.upstreamBaseUrl", { max: 2048 });
+  const publishProofJwksUrl = normalizeOptionalAbsoluteHttpUrl(
+    manifestInput.publishProofJwksUrl,
+    "manifest.publishProofJwksUrl"
+  );
+  const sourceOpenApiPath = normalizeOptionalString(manifestInput.sourceOpenApiPath, "manifest.sourceOpenApiPath", { max: 2048 });
+  const defaultsRaw =
+    manifestInput.defaults && typeof manifestInput.defaults === "object" && !Array.isArray(manifestInput.defaults)
+      ? manifestInput.defaults
+      : {};
+  const defaults = normalizeForCanonicalJson(
+    {
+      amountCents: normalizePositiveSafeInt(defaultsRaw.amountCents ?? 500, "manifest.defaults.amountCents"),
+      currency: normalizeCurrency(defaultsRaw.currency ?? "USD", "manifest.defaults.currency"),
+      idempotency: normalizeOptionalString(defaultsRaw.idempotency, "manifest.defaults.idempotency", { max: 64 }) ?? "idempotent",
+      signatureMode: normalizeOptionalString(defaultsRaw.signatureMode, "manifest.defaults.signatureMode", { max: 64 }) ?? "required",
+      ...(isV2
+        ? {
+            toolClass: normalizeToolClass(defaultsRaw.toolClass ?? defaultsRaw.tool_class ?? null, "manifest.defaults.toolClass") ?? "read",
+            riskLevel: normalizeRiskLevel(defaultsRaw.riskLevel ?? defaultsRaw.risk_level ?? null, "manifest.defaults.riskLevel") ?? "low",
+            requiredSignatures: normalizeRequiredSignatures(
+              defaultsRaw.requiredSignatures ?? defaultsRaw.required_signatures ?? ["output"],
+              "manifest.defaults.requiredSignatures"
+            ),
+            requestBinding:
+              normalizeRequestBinding(
+                defaultsRaw.requestBinding ?? defaultsRaw.request_binding ?? null,
+                "manifest.defaults.requestBinding"
+              ) ?? "recommended"
+          }
+        : {})
+    },
+    { path: "$" }
+  );
+  if (!["idempotent", "non_idempotent", "side_effecting"].includes(String(defaults.idempotency))) {
+    throw new TypeError("manifest.defaults.idempotency must be idempotent|non_idempotent|side_effecting");
+  }
+  if (!["required", "optional"].includes(String(defaults.signatureMode))) {
+    throw new TypeError("manifest.defaults.signatureMode must be required|optional");
+  }
+  if (!Array.isArray(manifestInput.tools) || manifestInput.tools.length === 0) {
+    throw new TypeError("manifest.tools must be a non-empty array");
+  }
+  const tools = manifestInput.tools.map((row, index) => normalizeTool(row, defaults, { index, schemaVersion }));
+  const seenToolIds = new Set();
+  const seenPaidPaths = new Set();
+  for (const tool of tools) {
+    if (seenToolIds.has(tool.toolId)) throw new TypeError(`manifest.tools contains duplicate toolId: ${tool.toolId}`);
+    if (seenPaidPaths.has(tool.paidPath)) throw new TypeError(`manifest.tools contains duplicate paidPath: ${tool.paidPath}`);
+    seenToolIds.add(tool.toolId);
+    seenPaidPaths.add(tool.paidPath);
+  }
+  const capabilityTags = normalizeStringArray(
+    manifestInput.capabilityTags ?? manifestInput.capability_tags ?? manifestInput.tags ?? [],
+    "manifest.capabilityTags",
+    { maxItems: 64, maxLen: 80 }
+  );
+  return normalizeForCanonicalJson(
+    {
+      schemaVersion,
+      providerId,
+      upstreamBaseUrl,
+      publishProofJwksUrl,
+      sourceOpenApiPath,
+      defaults,
+      tools,
+      ...(isV2 ? { capabilityTags } : {})
+    },
+    { path: "$" }
+  );
+}
+export function validatePaidToolManifestV1(manifestInput) {
+  try {
+    const manifest = normalizePaidToolManifestV1(manifestInput);
+    return { ok: true, manifest };
+  } catch (err) {
+    return { ok: false, code: "PAID_TOOL_MANIFEST_INVALID", message: err?.message ?? String(err ?? "") };
+  }
+}
+export function computePaidToolManifestHashV1(manifestInput) {
+  const manifest = normalizePaidToolManifestV1(manifestInput);
+  return sha256Hex(canonicalJsonStringify(manifest));
+}