npm - settld - Versions diffs - 0.1.2 → 0.2.0 - Mend

settld 0.1.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (483) hide show

package/README.md +93 -3
package/SETTLD_VERSION +1 -1
package/bin/settld-mcp +2 -0
package/bin/settld.js +71 -0
package/conformance/kernel-v0/README.md +7 -0
package/conformance/kernel-v0/run.mjs +292 -4
package/docs/ACCESS.md +57 -0
package/docs/ADOPTION_CHECKLIST.md +44 -0
package/docs/ALERTS.md +198 -0
package/docs/ARCHITECTURE.md +69 -0
package/docs/ARCHITECTURE_FOUNDER_GUIDE.md +284 -0
package/docs/ARTIFACTS.md +60 -0
package/docs/CERTIFICATION_CHECKLIST.md +33 -0
package/docs/CIRCLE_SANDBOX_E2E.md +152 -0
package/docs/CONFIG.md +297 -0
package/docs/CONTRACTS_APIS.md +23 -0
package/docs/DEPRECATION.md +31 -0
package/docs/DOMAIN_MODEL.md +92 -0
package/docs/EVENT_ENVELOPE.md +53 -0
package/docs/FINANCE_PACK_FORMAT.md +53 -0
package/docs/INCIDENT_TAXONOMY.md +30 -0
package/docs/JOB_STATE_MACHINE.md +66 -0
package/docs/KERNEL_COMPATIBLE.md +60 -0
package/docs/KERNEL_V0.md +40 -0
package/docs/KEY_ROTATION.md +80 -0
package/docs/LEDGER.md +82 -0
package/docs/LIVENESS.md +76 -0
package/docs/MVP_BUILD_ORDER.md +36 -0
package/docs/ONCALL_PLAYBOOK.md +39 -0
package/docs/OPERATIONS_SIGNING.md +20 -0
package/docs/OVERVIEW.md +190 -0
package/docs/PERF_BASELINE.md +85 -0
package/docs/PRD.md +77 -0
package/docs/QUICKSTART_KERNEL_V0.md +96 -0
package/docs/QUICKSTART_MCP.md +377 -0
package/docs/QUICKSTART_MCP_HOSTS.md +210 -0
package/docs/QUICKSTART_POLICY_PACKS.md +65 -0
package/docs/QUICKSTART_PRODUCE.md +61 -0
package/docs/QUICKSTART_PROFILES.md +198 -0
package/docs/QUICKSTART_RELEASE_VERIFY.md +39 -0
package/docs/QUICKSTART_SDK.md +125 -0
package/docs/QUICKSTART_SDK_PYTHON.md +111 -0
package/docs/QUICKSTART_VERIFY.md +54 -0
package/docs/QUICKSTART_X402_GATEWAY.md +317 -0
package/docs/README.md +33 -0
package/docs/RELEASE_CHECKLIST.md +182 -0
package/docs/RELEASING.md +82 -0
package/docs/REPO_SETTINGS.md +37 -0
package/docs/RUNBOOK.md +86 -0
package/docs/SKILLS.md +42 -0
package/docs/SKILL_BUNDLE_FORMAT.md +48 -0
package/docs/SLO.md +131 -0
package/docs/SUMMARY.md +17 -0
package/docs/SUPPORT.md +31 -0
package/docs/THREAT_MODEL.md +36 -0
package/docs/TRUST.md +59 -0
package/docs/WORKFLOW.md +35 -0
package/docs/X402_BATCH_SETTLEMENT.md +126 -0
package/docs/blog/2026-02-14-your-ai-agent-just-spent-500-where-is-the-receipt.md +73 -0
package/docs/examples/x402-provider-payout-registry.example.json +14 -0
package/docs/gitbook/README.md +64 -0
package/docs/gitbook/SETUP.md +25 -0
package/docs/gitbook/SUMMARY.md +15 -0
package/docs/gitbook/api-reference.md +73 -0
package/docs/gitbook/closepacks.md +55 -0
package/docs/gitbook/conformance.md +59 -0
package/docs/gitbook/core-primitives.md +85 -0
package/docs/gitbook/dispute-lifecycle.md +33 -0
package/docs/gitbook/faq.md +21 -0
package/docs/gitbook/guides.md +49 -0
package/docs/gitbook/operations-runbook.md +36 -0
package/docs/gitbook/quickstart.md +103 -0
package/docs/gitbook/replay-and-audit.md +30 -0
package/docs/gitbook/sdk-reference.md +35 -0
package/docs/gitbook/security-model.md +58 -0
package/docs/integrations/README.md +15 -0
package/docs/integrations/github-actions-verify.yml +31 -0
package/docs/integrations/github-actions.md +34 -0
package/docs/integrations/openclaw/CLAWHUB_PUBLISH_CHECKLIST.md +65 -0
package/docs/integrations/openclaw/PUBLIC_QUICKSTART.md +95 -0
package/docs/integrations/openclaw/settld-mcp-skill/SKILL.md +69 -0
package/docs/integrations/openclaw/settld-mcp-skill/mcp-server.example.json +12 -0
package/docs/kernel-compatible/capabilities.json +36 -0
package/docs/marketing/agent-commerce-substrate.md +78 -0
package/docs/marketing/hn-repost-2026-02-17.md +102 -0
package/docs/marketing/show-hn-post.md +45 -0
package/docs/ops/ARTIFACT_VERIFICATION_STATUS.md +43 -0
package/docs/ops/BILLING_WEBHOOK_REPLAY.md +105 -0
package/docs/ops/CI_FLAKE_BUDGET.md +31 -0
package/docs/ops/DISPUTE_FINANCE_RECONCILIATION_PACKET.md +56 -0
package/docs/ops/GO_LIVE_GATE_S13.md +27 -0
package/docs/ops/HOSTED_BASELINE_R2.md +129 -0
package/docs/ops/KERNEL_V0_SHIP_GATE.md +69 -0
package/docs/ops/LIGHTHOUSE_PRODUCTION_CLOSE.md +51 -0
package/docs/ops/MCP_COMPATIBILITY_MATRIX.md +30 -0
package/docs/ops/MINIMUM_PRODUCTION_TOPOLOGY.md +89 -0
package/docs/ops/P0_BACKEND_PROGRESS.md +150 -0
package/docs/ops/PAYMENTS_ALPHA_R5.md +105 -0
package/docs/ops/PILOT_ONBOARDING_RUNBOOK.md +112 -0
package/docs/ops/PRODUCTION_DEPLOYMENT_CHECKLIST.md +140 -0
package/docs/ops/R1_SLOS.md +66 -0
package/docs/ops/RELEASE_SIGNING_INCIDENT.md +58 -0
package/docs/ops/SELF_SERVE_LAUNCH_AUTOMATION.md +89 -0
package/docs/ops/THROUGHPUT_DRILL_10X.md +48 -0
package/docs/ops/TRUST_CONFIG_WIZARD.md +60 -0
package/docs/ops/X402_PILOT_WEEKLY_METRICS.md +76 -0
package/docs/ops/tool-call-disputes-holdback.md +52 -0
package/docs/pilot-kit/PILOT_PACKAGE_SCORECARD_X402.md +46 -0
package/docs/pilot-kit/README.md +29 -0
package/docs/pilot-kit/architecture-one-pager.md +48 -0
package/docs/pilot-kit/buyer-email.txt +19 -0
package/docs/pilot-kit/buyer-one-pager.md +31 -0
package/docs/pilot-kit/gtm-pilot-playbook.md +182 -0
package/docs/pilot-kit/offline-verify.md +33 -0
package/docs/pilot-kit/procurement-one-pager.md +50 -0
package/docs/pilot-kit/rfp-clause.md +46 -0
package/docs/pilot-kit/roi-calculator-template.csv +2 -0
package/docs/pilot-kit/security-qa.md +153 -0
package/docs/pilot-kit/security-summary.md +35 -0
package/docs/plans/2026-02-13-mcp-spike-design.md +113 -0
package/docs/plans/2026-02-20-trust-os-v1-jira-backlog.md +348 -0
package/docs/plans/2026-02-21-agent-economic-actor-operating-model.md +169 -0
package/docs/plans/2026-02-21-trust-os-v1-strategy.md +241 -0
package/docs/research/2026-02-21-agent-spend-host-landscape.md +57 -0
package/docs/spec/AcceptanceCriteria.v1.md +17 -0
package/docs/spec/AcceptanceEvaluation.v1.md +10 -0
package/docs/spec/AgentEvent.v1.md +47 -0
package/docs/spec/AgentIdentity.v1.md +62 -0
package/docs/spec/AgentPassport.v1.md +95 -0
package/docs/spec/AgentReputation.v1.md +59 -0
package/docs/spec/AgentReputation.v2.md +52 -0
package/docs/spec/AgentRun.v1.md +47 -0
package/docs/spec/AgentRunSettlement.v1.md +52 -0
package/docs/spec/AgentWallet.v1.md +43 -0
package/docs/spec/AgreementDelegation.v1.md +109 -0
package/docs/spec/ArbitrationCase.v1.md +67 -0
package/docs/spec/ArbitrationOutcomeMapping.v1.md +62 -0
package/docs/spec/ArbitrationVerdict.v1.md +60 -0
package/docs/spec/BundleHeadAttestation.v1.md +32 -0
package/docs/spec/CANONICAL_JSON.md +31 -0
package/docs/spec/CRYPTOGRAPHY.md +61 -0
package/docs/spec/ClosePack.v1.md +49 -0
package/docs/spec/ClosePackManifest.v1.md +24 -0
package/docs/spec/DelegationGrant.v1.md +90 -0
package/docs/spec/DisputeCaseLifecycle.v1.md +51 -0
package/docs/spec/DisputeOpenEnvelope.v1.md +43 -0
package/docs/spec/ERRORS.md +76 -0
package/docs/spec/ESCROW_NETTING_INVARIANTS.md +71 -0
package/docs/spec/EvidenceIndex.v1.md +20 -0
package/docs/spec/ExecutionIntent.v1.md +90 -0
package/docs/spec/FinancePackBundleManifest.v1.md +24 -0
package/docs/spec/FundingHold.v1.md +60 -0
package/docs/spec/GovernancePolicy.v1.md +34 -0
package/docs/spec/GovernancePolicy.v2.md +30 -0
package/docs/spec/INVARIANTS.md +389 -0
package/docs/spec/InteractionDirectionMatrix.v1.md +30 -0
package/docs/spec/InvoiceBundleManifest.v1.md +24 -0
package/docs/spec/InvoiceClaim.v1.md +11 -0
package/docs/spec/MONEY_RAIL_STATE_MACHINE.md +58 -0
package/docs/spec/MarketplaceAcceptance.v2.md +46 -0
package/docs/spec/MarketplaceOffer.v2.md +54 -0
package/docs/spec/MeteringReport.v1.md +18 -0
package/docs/spec/OperatorAction.v1.md +90 -0
package/docs/spec/PRODUCER_ERRORS.md +42 -0
package/docs/spec/PolicyDecision.v1.md +83 -0
package/docs/spec/PricingMatrix.v1.md +20 -0
package/docs/spec/PricingMatrixSignatures.v1.md +30 -0
package/docs/spec/PricingMatrixSignatures.v2.md +29 -0
package/docs/spec/ProduceCliOutput.v1.md +46 -0
package/docs/spec/ProofBundleManifest.v1.md +24 -0
package/docs/spec/README.md +109 -0
package/docs/spec/REFERENCE_IMPLEMENTATIONS.md +29 -0
package/docs/spec/REFERENCE_VERIFIER_BEHAVIOR.md +68 -0
package/docs/spec/REMOTE_SIGNER.md +66 -0
package/docs/spec/ReleaseIndex.v1.md +32 -0
package/docs/spec/ReleaseIndexSignatures.v1.md +17 -0
package/docs/spec/ReleaseTrust.v1.md +13 -0
package/docs/spec/ReleaseTrust.v2.md +26 -0
package/docs/spec/RemoteSignerRequest.v1.md +21 -0
package/docs/spec/RemoteSignerResponse.v1.md +16 -0
package/docs/spec/ReputationEvent.v1.md +63 -0
package/docs/spec/RevocationList.v1.md +28 -0
package/docs/spec/SIGNER_PROVIDER_PLUGIN.md +32 -0
package/docs/spec/STRICTNESS.md +68 -0
package/docs/spec/SUPPLY_CHAIN.md +33 -0
package/docs/spec/SettlementAdjustment.v1.md +45 -0
package/docs/spec/SettlementDecisionRecord.v1.md +48 -0
package/docs/spec/SettlementDecisionRecord.v2.md +53 -0
package/docs/spec/SettlementDecisionReport.v1.md +44 -0
package/docs/spec/SettlementKernel.v1.md +59 -0
package/docs/spec/SettlementReceipt.v1.md +63 -0
package/docs/spec/SlaDefinition.v1.md +24 -0
package/docs/spec/SlaEvaluation.v1.md +12 -0
package/docs/spec/THREAT_MODEL.md +113 -0
package/docs/spec/TOOL_PROVENANCE.md +30 -0
package/docs/spec/TRUST_ANCHORS.md +84 -0
package/docs/spec/TenantSettings.v1.md +90 -0
package/docs/spec/TenantSettings.v2.md +99 -0
package/docs/spec/TimestampProof.v1.md +25 -0
package/docs/spec/ToolCallAgreement.v1.md +34 -0
package/docs/spec/ToolCallEvidence.v1.md +47 -0
package/docs/spec/ToolManifest.v1.md +47 -0
package/docs/spec/VERIFIER_ENVIRONMENT.md +38 -0
package/docs/spec/VERSIONING.md +107 -0
package/docs/spec/VerificationReport.v1.md +50 -0
package/docs/spec/VerifyAboutOutput.v1.md +10 -0
package/docs/spec/VerifyCliOutput.v1.md +28 -0
package/docs/spec/WARNINGS.md +83 -0
package/docs/spec/error-codes.v1.txt +285 -0
package/docs/spec/examples/agreement_delegation_v1.example.json +21 -0
package/docs/spec/examples/arbitration_case_v1.example.json +26 -0
package/docs/spec/examples/arbitration_verdict_v1.example.json +32 -0
package/docs/spec/examples/dispute_open_envelope_v1.example.json +18 -0
package/docs/spec/examples/produce_cli_output_v1.example.json +32 -0
package/docs/spec/examples/release_index_signature_v1.example.json +9 -0
package/docs/spec/examples/release_index_signatures_v1.example.json +14 -0
package/docs/spec/examples/release_index_v1.example.json +15 -0
package/docs/spec/examples/release_trust_v1.example.json +7 -0
package/docs/spec/examples/release_trust_v2.example.json +22 -0
package/docs/spec/examples/remote_signer_request_v1.example.json +18 -0
package/docs/spec/examples/remote_signer_response_v1.example.json +8 -0
package/docs/spec/examples/reputation_event_v1.example.json +29 -0
package/docs/spec/examples/verification_report_v1.example.json +24 -0
package/docs/spec/examples/verify_about_output_v1.example.json +29 -0
package/docs/spec/examples/verify_cli_output_v1.example.json +13 -0
package/docs/spec/legacy/MarketplaceAcceptance.v1.md +48 -0
package/docs/spec/legacy/MarketplaceOffer.v1.md +56 -0
package/docs/spec/legacy/schemas/MarketplaceAcceptance.v1.schema.json +53 -0
package/docs/spec/legacy/schemas/MarketplaceOffer.v1.schema.json +61 -0
package/docs/spec/producer-error-codes.v1.txt +14 -0
package/docs/spec/schemas/AcceptanceCriteria.v1.schema.json +24 -0
package/docs/spec/schemas/AcceptanceEvaluation.v1.schema.json +26 -0
package/docs/spec/schemas/AgentEvent.v1.schema.json +49 -0
package/docs/spec/schemas/AgentIdentity.v1.schema.json +129 -0
package/docs/spec/schemas/AgentPassport.v1.schema.json +112 -0
package/docs/spec/schemas/AgentReputation.v1.schema.json +151 -0
package/docs/spec/schemas/AgentReputation.v2.schema.json +120 -0
package/docs/spec/schemas/AgentRun.v1.schema.json +71 -0
package/docs/spec/schemas/AgentRunSettlement.v1.schema.json +75 -0
package/docs/spec/schemas/AgentWallet.v1.schema.json +54 -0
package/docs/spec/schemas/AgreementDelegation.v1.schema.json +50 -0
package/docs/spec/schemas/ArbitrationCase.v1.schema.json +133 -0
package/docs/spec/schemas/ArbitrationVerdict.v1.schema.json +149 -0
package/docs/spec/schemas/BundleHeadAttestation.v1.schema.json +21 -0
package/docs/spec/schemas/ClosePackManifest.v1.schema.json +38 -0
package/docs/spec/schemas/DelegationGrant.v1.schema.json +102 -0
package/docs/spec/schemas/DisputeOpenEnvelope.v1.schema.json +78 -0
package/docs/spec/schemas/EvidenceIndex.v1.schema.json +41 -0
package/docs/spec/schemas/ExecutionIntent.v1.schema.json +85 -0
package/docs/spec/schemas/FinancePackBundleManifest.v1.schema.json +38 -0
package/docs/spec/schemas/FundingHold.v1.schema.json +46 -0
package/docs/spec/schemas/GovernancePolicy.v1.schema.json +45 -0
package/docs/spec/schemas/GovernancePolicy.v2.schema.json +70 -0
package/docs/spec/schemas/InteractionDirectionMatrix.v1.schema.json +43 -0
package/docs/spec/schemas/InvoiceBundleManifest.v1.schema.json +38 -0
package/docs/spec/schemas/InvoiceClaim.v1.schema.json +39 -0
package/docs/spec/schemas/MarketplaceAcceptance.v2.schema.json +53 -0
package/docs/spec/schemas/MarketplaceOffer.v2.schema.json +61 -0
package/docs/spec/schemas/MeteringReport.v1.schema.json +45 -0
package/docs/spec/schemas/OperatorAction.v1.schema.json +113 -0
package/docs/spec/schemas/PolicyDecision.v1.schema.json +74 -0
package/docs/spec/schemas/PricingMatrix.v1.schema.json +24 -0
package/docs/spec/schemas/PricingMatrixSignatures.v1.schema.json +24 -0
package/docs/spec/schemas/PricingMatrixSignatures.v2.schema.json +24 -0
package/docs/spec/schemas/ProduceCliOutput.v1.schema.json +107 -0
package/docs/spec/schemas/ProofBundleManifest.v1.schema.json +37 -0
package/docs/spec/schemas/PublicKeys.v1.schema.json +33 -0
package/docs/spec/schemas/ReleaseIndex.v1.schema.json +45 -0
package/docs/spec/schemas/ReleaseIndexSignature.v1.schema.json +16 -0
package/docs/spec/schemas/ReleaseIndexSignatures.v1.schema.json +16 -0
package/docs/spec/schemas/ReleaseTrust.v1.schema.json +15 -0
package/docs/spec/schemas/ReleaseTrust.v2.schema.json +37 -0
package/docs/spec/schemas/RemoteSignerPublicKeyResponse.v1.schema.json +14 -0
package/docs/spec/schemas/RemoteSignerRequest.v1.schema.json +24 -0
package/docs/spec/schemas/RemoteSignerResponse.v1.schema.json +10 -0
package/docs/spec/schemas/RemoteSignerSignRequest.v1.schema.json +27 -0
package/docs/spec/schemas/RemoteSignerSignResponse.v1.schema.json +16 -0
package/docs/spec/schemas/ReputationEvent.v1.schema.json +164 -0
package/docs/spec/schemas/RevocationList.v1.schema.json +51 -0
package/docs/spec/schemas/SettlementAdjustment.v1.schema.json +44 -0
package/docs/spec/schemas/SettlementDecisionRecord.v1.schema.json +66 -0
package/docs/spec/schemas/SettlementDecisionRecord.v2.schema.json +149 -0
package/docs/spec/schemas/SettlementDecisionReport.v1.schema.json +61 -0
package/docs/spec/schemas/SettlementReceipt.v1.schema.json +135 -0
package/docs/spec/schemas/SlaDefinition.v1.schema.json +33 -0
package/docs/spec/schemas/SlaEvaluation.v1.schema.json +26 -0
package/docs/spec/schemas/TenantSettings.v1.schema.json +90 -0
package/docs/spec/schemas/TenantSettings.v2.schema.json +161 -0
package/docs/spec/schemas/TimestampProof.v1.schema.json +17 -0
package/docs/spec/schemas/ToolCallAgreement.v1.schema.json +34 -0
package/docs/spec/schemas/ToolCallEvidence.v1.schema.json +45 -0
package/docs/spec/schemas/ToolManifest.v1.schema.json +54 -0
package/docs/spec/schemas/VerificationReport.v1.schema.json +83 -0
package/docs/spec/schemas/VerifyAboutOutput.v1.schema.json +54 -0
package/docs/spec/schemas/VerifyCliOutput.v1.schema.json +75 -0
package/docs/spec/schemas/VerifyReleaseOutput.v1.schema.json +47 -0
package/docs/spec/x402-error-codes.v1.txt +35 -0
package/docs/templates/buyer-email.txt +18 -0
package/docs/templates/buyer-one-pager.md +24 -0
package/package.json +53 -6
package/scripts/acceptance/full-stack.mjs +734 -0
package/scripts/acceptance/full-stack.sh +99 -0
package/scripts/audit/build-audit-packet.mjs +242 -0
package/scripts/backup-pg.sh +45 -0
package/scripts/backup-restore/README.md +18 -0
package/scripts/backup-restore/capture-state.mjs +130 -0
package/scripts/backup-restore/client.mjs +97 -0
package/scripts/backup-restore/seed-workload.mjs +235 -0
package/scripts/backup-restore/verify-state.mjs +139 -0
package/scripts/backup-restore-test.sh +217 -0
package/scripts/chaos.js +221 -0
package/scripts/ci/build-launch-cutover-packet.mjs +304 -0
package/scripts/ci/build-self-serve-benchmark-report.mjs +122 -0
package/scripts/ci/changelog-guard.mjs +145 -0
package/scripts/ci/check-kernel-v0-launch-gate.mjs +233 -0
package/scripts/ci/check-secret-hygiene.mjs +78 -0
package/scripts/ci/check-version-consistency.mjs +42 -0
package/scripts/ci/cli-pack-smoke.mjs +160 -0
package/scripts/ci/flake-budget-guard.mjs +68 -0
package/scripts/ci/generate-error-codes.mjs +54 -0
package/scripts/ci/lib/lighthouse-tracker.mjs +90 -0
package/scripts/ci/lib/self-serve-launch-gate.mjs +89 -0
package/scripts/ci/npm-pack-smoke.mjs +454 -0
package/scripts/ci/run-10x-throughput-drill.mjs +318 -0
package/scripts/ci/run-10x-throughput-incident-rehearsal.mjs +368 -0
package/scripts/ci/run-arbitration-workspace-browser-e2e.sh +22 -0
package/scripts/ci/run-circle-sandbox-smoke.mjs +237 -0
package/scripts/ci/run-go-live-gate.mjs +150 -0
package/scripts/ci/run-kernel-v0-ship-gate.mjs +97 -0
package/scripts/ci/run-mcp-host-cert-matrix.mjs +201 -0
package/scripts/ci/run-mcp-host-smoke.mjs +473 -0
package/scripts/ci/run-offline-verification-parity-gate.mjs +762 -0
package/scripts/ci/run-onboarding-host-success-gate.mjs +516 -0
package/scripts/ci/run-onboarding-policy-slo-gate.mjs +537 -0
package/scripts/ci/run-production-cutover-gate.mjs +540 -0
package/scripts/ci/run-public-openclaw-npx-smoke.mjs +148 -0
package/scripts/ci/run-release-promotion-guard.mjs +756 -0
package/scripts/ci/run-self-serve-launch-gate.mjs +56 -0
package/scripts/ci/runtime-import-smoke.mjs +58 -0
package/scripts/ci/update-lighthouse-tracker.mjs +112 -0
package/scripts/closepack/lib.mjs +286 -0
package/scripts/collect-debug.sh +263 -0
package/scripts/demo/compositional-settlement-3hop.mjs +237 -0
package/scripts/demo/delivery-robot/export-ui-fixture.mjs +188 -0
package/scripts/demo/delivery-robot/generate.mjs +377 -0
package/scripts/demo/kernel-agent-goes-shopping.mjs +202 -0
package/scripts/demo/magic-link-first-green.mjs +118 -0
package/scripts/demo/magic-link-kind-smoke.mjs +577 -0
package/scripts/demo/mcp-paid-exa.mjs +1110 -0
package/scripts/dev/billing-doctor.sh +145 -0
package/scripts/dev/billing-smoke-prod.sh +219 -0
package/scripts/dev/billing-webhook-replay.sh +161 -0
package/scripts/dev/env.dev.example +29 -0
package/scripts/dev/env.sh +37 -0
package/scripts/dev/new-sdk-key.sh +81 -0
package/scripts/dev/sdk-first-run.sh +21 -0
package/scripts/dev/smoke-x402-gateway.sh +115 -0
package/scripts/dev/start-api.sh +24 -0
package/scripts/doctor/mcp-host.mjs +120 -0
package/scripts/examples/produce-and-verify-jobproof.mjs +191 -0
package/scripts/examples/sdk-first-paid-rfq.py +105 -0
package/scripts/examples/sdk-first-verified-run.mjs +85 -0
package/scripts/examples/sdk-first-verified-run.py +99 -0
package/scripts/examples/sdk-tenant-analytics.mjs +103 -0
package/scripts/examples/sdk-tenant-analytics.py +118 -0
package/scripts/finance-pack/bundle.mjs +284 -0
package/scripts/fixtures/generate-bundle-fixtures.mjs +877 -0
package/scripts/governance/export.mjs +169 -0
package/scripts/load/delivery-stress.k6.js +183 -0
package/scripts/load/ingest-burst.k6.js +236 -0
package/scripts/load/run-delivery-load.js +66 -0
package/scripts/load/webhook-receiver.js +131 -0
package/scripts/magic-link/migrate-run-records-to-db.mjs +35 -0
package/scripts/mcp/probe.mjs +238 -0
package/scripts/mcp/settld-mcp-http-gateway.mjs +178 -0
package/scripts/mcp/settld-mcp-server.mjs +1511 -0
package/scripts/openapi/write.mjs +13 -0
package/scripts/ops/bootstrap-tenant-conformance.mjs +185 -0
package/scripts/ops/build-x402-pilot-reliability-report.mjs +489 -0
package/scripts/ops/check-x402-receipt-sample.mjs +181 -0
package/scripts/ops/design-partner-run-packet.mjs +466 -0
package/scripts/ops/dispute-finance-reconciliation-packet.mjs +313 -0
package/scripts/ops/hosted-baseline-evidence.mjs +890 -0
package/scripts/ops/money-rails-chargeback-evidence.mjs +509 -0
package/scripts/ops/money-rails-reconcile-evidence.mjs +180 -0
package/scripts/ops/p0-seed-money-rail-operation.mjs +432 -0
package/scripts/ops/run-x402-hitl-smoke.mjs +607 -0
package/scripts/pilot/finance-pack.mjs +495 -0
package/scripts/pilot/fixtures/robot-keypair.json +4 -0
package/scripts/pilot/fixtures/server-signer.json +4 -0
package/scripts/policy/cli.mjs +600 -0
package/scripts/profile/cli.mjs +1324 -0
package/scripts/proof-bundle/job.mjs +109 -0
package/scripts/proof-bundle/lib.mjs +92 -0
package/scripts/proof-bundle/month.mjs +103 -0
package/scripts/provider/conformance-run.mjs +159 -0
package/scripts/provider/keys-generate.mjs +135 -0
package/scripts/provider/publish.mjs +420 -0
package/scripts/quickstart/x402.mjs +334 -0
package/scripts/register-entity-secret.mjs +102 -0
package/scripts/release/build-artifacts.mjs +181 -0
package/scripts/release/generate-release-index.mjs +112 -0
package/scripts/release/release-index-lib.mjs +232 -0
package/scripts/release/sign-release-index.mjs +85 -0
package/scripts/release/validate-release-assets.mjs +170 -0
package/scripts/release/verify-release.mjs +261 -0
package/scripts/restore-pg.sh +34 -0
package/scripts/scaffold/create-settld-paid-tool.mjs +19 -0
package/scripts/sdk/smoke-python.py +30 -0
package/scripts/sdk/smoke.mjs +16 -0
package/scripts/settlement/x402-batch-worker.mjs +1091 -0
package/scripts/setup/circle-bootstrap.mjs +310 -0
package/scripts/setup/host-config.mjs +617 -0
package/scripts/setup/onboard.mjs +1337 -0
package/scripts/setup/openclaw-onboard.mjs +423 -0
package/scripts/setup/wizard.mjs +986 -0
package/scripts/slo/check.mjs +239 -0
package/scripts/smoke/k8s-smoke.mjs +214 -0
package/scripts/spec/generate-protocol-vectors.mjs +1019 -0
package/scripts/test/check-no-generated-artifacts.sh +12 -0
package/scripts/test/run.sh +59 -0
package/scripts/trust/validate-trust-file.mjs +57 -0
package/scripts/trust-config/rotate-settld-pay.mjs +277 -0
package/scripts/trust-config/wizard.mjs +161 -0
package/scripts/vendor-contract-test-lib.mjs +182 -0
package/scripts/vendor-contract-test.mjs +55 -0
package/scripts/vercel/build-mkdocs.sh +9 -0
package/scripts/vercel/ignore-mkdocs.sh +25 -0
package/scripts/vercel/install-mkdocs.sh +6 -0
package/scripts/verify-pg.js +217 -0
package/scripts/x402/receipt-verify.mjs +289 -0
package/services/finance-sink/src/dedupe-store.js +29 -6
package/services/receiver/src/dedupe-store.js +29 -5
package/services/x402-gateway/Dockerfile +13 -0
package/services/x402-gateway/README.md +58 -0
package/services/x402-gateway/examples/upstream-mock.js +337 -0
package/services/x402-gateway/src/server.js +1058 -0
package/src/api/app.js +34658 -16940
package/src/api/maintenance.js +70 -0
package/src/api/middleware/trust-kernel.js +114 -0
package/src/api/openapi.js +1778 -70
package/src/api/persistence.js +456 -0
package/src/api/server.js +81 -5
package/src/api/store.js +1581 -62
package/src/api/workers/deliveries.js +99 -4
package/src/api/workers/insolvency-sweep.js +159 -0
package/src/core/agent-card.js +69 -0
package/src/core/agent-wallets.js +231 -0
package/src/core/agreement-delegation.js +549 -0
package/src/core/billing-plans.js +40 -6
package/src/core/circle-reserve-adapter.js +845 -0
package/src/core/event-policy.js +21 -2
package/src/core/maintenance-locks.js +1 -0
package/src/core/operator-action.js +303 -0
package/src/core/paid-tool-manifest.js +318 -0
package/src/core/policy-decision.js +322 -0
package/src/core/policy-packs.js +207 -0
package/src/core/profile-fingerprint.js +27 -0
package/src/core/profile-simulation-reasons.js +84 -0
package/src/core/profile-templates.js +242 -0
package/src/core/provider-publish-conformance.js +525 -0
package/src/core/provider-publish-proof.js +396 -0
package/src/core/provider-quote-signature.js +170 -0
package/src/core/settld-keys.js +112 -0
package/src/core/settld-pay-token.js +344 -0
package/src/core/settlement-kernel.js +239 -2
package/src/core/settlement-verifier.js +335 -0
package/src/core/tool-call-agreement.js +112 -0
package/src/core/tool-call-evidence.js +144 -0
package/src/core/tool-provider-signature.js +98 -0
package/src/core/wallet-assignment-resolver.js +129 -0
package/src/core/wallet-provider-bootstrap.js +365 -0
package/src/core/x402-escalation-override.js +258 -0
package/src/core/x402-gate.js +118 -0
package/src/core/x402-provider-refund-decision.js +220 -0
package/src/core/x402-receipt-verifier.js +708 -0
package/src/core/x402-reversal-command.js +251 -0
package/src/core/x402-wallet-issuer-decision.js +252 -0
package/src/core/zk-verifier.js +300 -0
package/src/db/migrations/029_reputation_event_index.sql +54 -0
package/src/db/migrations/030_artifacts_source_event_unique_job_only.sql +15 -0
package/src/db/pg.js +18 -7
package/src/db/store-pg.js +1508 -111

package/src/core/provider-publish-proof.js ADDED Viewed

@@ -0,0 +1,396 @@
+import { createPublicKey, verify as nodeVerify, sign as nodeSign } from "node:crypto";
+import { canonicalJsonStringify, normalizeForCanonicalJson } from "./canonical-json.js";
+import { checkUrlSafety } from "./url-safety.js";
+import { keyIdFromPublicKeyPem, sha256Hex } from "./crypto.js";
+import { keyMapFromSettldKeyset } from "./settld-keys.js";
+export const PROVIDER_PUBLISH_PROOF_AUDIENCE = "settld.marketplace.publish";
+export const PROVIDER_PUBLISH_PROOF_TYPE = "settld.marketplace.publish_proof.v1";
+export const PROVIDER_PUBLISH_PROOF_SCHEMA_VERSION = "ProviderPublishProofPayload.v1";
+function assertNonEmptyString(value, name) {
+  if (typeof value !== "string" || value.trim() === "") throw new TypeError(`${name} must be a non-empty string`);
+  return String(value).trim();
+}
+function assertNonEmptyPem(value, name) {
+  if (typeof value !== "string" || value.trim() === "") throw new TypeError(`${name} must be a non-empty string`);
+  return String(value);
+}
+function normalizeUnixSeconds(value, name) {
+  const n = Number(value);
+  if (!Number.isSafeInteger(n) || n <= 0) throw new TypeError(`${name} must be a positive safe integer unix timestamp`);
+  return n;
+}
+function normalizeSha256Hex(value, name) {
+  const out = assertNonEmptyString(value, name).toLowerCase();
+  if (!/^[0-9a-f]{64}$/.test(out)) throw new TypeError(`${name} must be sha256 hex`);
+  return out;
+}
+function normalizeOptionalText(value, name, { max = 256 } = {}) {
+  if (value === null || value === undefined || String(value).trim() === "") return null;
+  const out = String(value).trim();
+  if (out.length > max) throw new TypeError(`${name} must be <= ${max} chars`);
+  return out;
+}
+function b64urlJson(value) {
+  return Buffer.from(canonicalJsonStringify(normalizeForCanonicalJson(value, { path: "$" })), "utf8").toString("base64url");
+}
+function parseCompactJws(token) {
+  const raw = assertNonEmptyString(token, "publishProof");
+  const parts = raw.split(".");
+  if (parts.length !== 3) throw new TypeError("publishProof must be compact JWS with 3 segments");
+  const [headerB64, payloadB64, sigB64] = parts;
+  if (!headerB64 || !payloadB64 || !sigB64) throw new TypeError("publishProof contains empty JWS segment");
+  let header = null;
+  let payload = null;
+  let signature = null;
+  try {
+    header = JSON.parse(Buffer.from(headerB64, "base64url").toString("utf8"));
+  } catch (err) {
+    throw new TypeError(`publishProof header is invalid: ${err?.message ?? String(err ?? "")}`);
+  }
+  try {
+    payload = JSON.parse(Buffer.from(payloadB64, "base64url").toString("utf8"));
+  } catch (err) {
+    throw new TypeError(`publishProof payload is invalid: ${err?.message ?? String(err ?? "")}`);
+  }
+  try {
+    signature = Buffer.from(sigB64, "base64url");
+  } catch (err) {
+    throw new TypeError(`publishProof signature is invalid: ${err?.message ?? String(err ?? "")}`);
+  }
+  if (!header || typeof header !== "object" || Array.isArray(header)) throw new TypeError("publishProof header must be an object");
+  if (!payload || typeof payload !== "object" || Array.isArray(payload)) throw new TypeError("publishProof payload must be an object");
+  if (signature.length === 0) throw new TypeError("publishProof signature must be non-empty");
+  return {
+    token: raw,
+    header,
+    payload,
+    signature,
+    signingInput: `${headerB64}.${payloadB64}`
+  };
+}
+function normalizeOkpEd25519Jwk(input, fieldPath = "jwk") {
+  if (!input || typeof input !== "object" || Array.isArray(input)) throw new TypeError(`${fieldPath} must be an object`);
+  const kty = assertNonEmptyString(input.kty, `${fieldPath}.kty`);
+  const crv = assertNonEmptyString(input.crv, `${fieldPath}.crv`);
+  const x = assertNonEmptyString(input.x, `${fieldPath}.x`);
+  if (kty !== "OKP") throw new TypeError(`${fieldPath}.kty must be OKP`);
+  if (crv !== "Ed25519") throw new TypeError(`${fieldPath}.crv must be Ed25519`);
+  return normalizeForCanonicalJson({ kty: "OKP", crv: "Ed25519", x }, { path: "$" });
+}
+function keyEntryToKeyEvidence(keyEntry, expectedKid) {
+  if (!keyEntry || typeof keyEntry !== "object" || Array.isArray(keyEntry)) {
+    throw new TypeError("keyEntry must be an object");
+  }
+  const publicKeyPem = assertNonEmptyPem(keyEntry.publicKeyPem, "keyEntry.publicKeyPem");
+  const derivedKid = keyIdFromPublicKeyPem(publicKeyPem);
+  const kid = expectedKid ? assertNonEmptyString(expectedKid, "kid") : derivedKid;
+  if (kid !== derivedKid) throw new TypeError("publish proof kid does not match resolved public key");
+  let jwk = null;
+  if (keyEntry.kty || keyEntry.crv || keyEntry.x) {
+    jwk = normalizeOkpEd25519Jwk(keyEntry, "jwks.keys[]");
+  } else {
+    const exported = createPublicKey(publicKeyPem).export({ format: "jwk" });
+    jwk = normalizeOkpEd25519Jwk(exported, "publicKeyPem.jwk");
+  }
+  const jwkThumbprintSha256 = sha256Hex(canonicalJsonStringify(jwk));
+  return normalizeForCanonicalJson(
+    {
+      schemaVersion: "VerificationKeyEvidence.v1",
+      keyId: kid,
+      publicKeyPem,
+      jwk,
+      jwkThumbprintSha256
+    },
+    { path: "$" }
+  );
+}
+export function computeProviderRefFromPublishProofJwk(jwkInput) {
+  const jwk = normalizeOkpEd25519Jwk(jwkInput, "jwk");
+  const thumbprint = sha256Hex(canonicalJsonStringify(jwk));
+  return `jwk:${thumbprint}`;
+}
+export function buildProviderPublishProofPayloadV1({
+  aud = PROVIDER_PUBLISH_PROOF_AUDIENCE,
+  typ = PROVIDER_PUBLISH_PROOF_TYPE,
+  manifestHash,
+  providerId,
+  iat,
+  exp,
+  nonce = null
+} = {}) {
+  const normalizedIat = normalizeUnixSeconds(iat, "iat");
+  const normalizedExp = normalizeUnixSeconds(exp, "exp");
+  if (normalizedExp <= normalizedIat) throw new TypeError("exp must be greater than iat");
+  return normalizeForCanonicalJson(
+    {
+      schemaVersion: PROVIDER_PUBLISH_PROOF_SCHEMA_VERSION,
+      aud: assertNonEmptyString(aud, "aud"),
+      typ: assertNonEmptyString(typ, "typ"),
+      manifestHash: normalizeSha256Hex(manifestHash, "manifestHash"),
+      providerId: assertNonEmptyString(providerId, "providerId"),
+      iat: normalizedIat,
+      exp: normalizedExp,
+      ...(normalizeOptionalText(nonce, "nonce", { max: 256 }) ? { nonce: normalizeOptionalText(nonce, "nonce", { max: 256 }) } : {})
+    },
+    { path: "$" }
+  );
+}
+export function mintProviderPublishProofTokenV1({ payload, keyId = null, publicKeyPem = null, privateKeyPem } = {}) {
+  const normalizedPayload = buildProviderPublishProofPayloadV1(payload ?? {});
+  const privatePem = assertNonEmptyPem(privateKeyPem, "privateKeyPem");
+  const normalizedPublicKeyPem =
+    publicKeyPem === null || publicKeyPem === undefined ? null : assertNonEmptyPem(publicKeyPem, "publicKeyPem");
+  const derivedKid = normalizedPublicKeyPem ? keyIdFromPublicKeyPem(normalizedPublicKeyPem) : null;
+  const normalizedKid = keyId === null || keyId === undefined || String(keyId).trim() === "" ? derivedKid : String(keyId).trim();
+  if (!normalizedKid) throw new TypeError("keyId is required (or provide publicKeyPem)");
+  if (derivedKid && normalizedKid !== derivedKid) throw new TypeError("keyId does not match publicKeyPem");
+  const header = normalizeForCanonicalJson(
+    {
+      alg: "EdDSA",
+      kid: normalizedKid,
+      typ: "JWT"
+    },
+    { path: "$" }
+  );
+  const headerB64 = b64urlJson(header);
+  const payloadB64 = b64urlJson(normalizedPayload);
+  const signingInput = `${headerB64}.${payloadB64}`;
+  const signature = nodeSign(null, Buffer.from(signingInput, "utf8"), privatePem);
+  const token = `${signingInput}.${signature.toString("base64url")}`;
+  return {
+    token,
+    tokenSha256: sha256Hex(token),
+    header,
+    payload: normalizedPayload,
+    kid: normalizedKid
+  };
+}
+export function verifyProviderPublishProofTokenV1({
+  token,
+  jwks,
+  expectedManifestHash,
+  expectedProviderId,
+  expectedAudience = PROVIDER_PUBLISH_PROOF_AUDIENCE,
+  expectedType = PROVIDER_PUBLISH_PROOF_TYPE,
+  nowUnixSeconds = Math.floor(Date.now() / 1000)
+} = {}) {
+  try {
+    const parsed = parseCompactJws(token);
+    const alg = assertNonEmptyString(parsed.header.alg, "publishProof.header.alg");
+    if (alg !== "EdDSA") {
+      return { ok: false, code: "PROVIDER_PUBLISH_PROOF_ALG_INVALID", message: "publishProof.header.alg must be EdDSA" };
+    }
+    const kid = assertNonEmptyString(parsed.header.kid, "publishProof.header.kid");
+    if (!Number.isSafeInteger(nowUnixSeconds) || nowUnixSeconds <= 0) {
+      throw new TypeError("nowUnixSeconds must be a positive safe integer");
+    }
+    const payload = buildProviderPublishProofPayloadV1(parsed.payload);
+    if (payload.aud !== expectedAudience) {
+      return {
+        ok: false,
+        code: "PROVIDER_PUBLISH_PROOF_AUD_MISMATCH",
+        message: "publish proof aud mismatch",
+        expected: expectedAudience,
+        actual: payload.aud
+      };
+    }
+    if (payload.typ !== expectedType) {
+      return {
+        ok: false,
+        code: "PROVIDER_PUBLISH_PROOF_TYPE_MISMATCH",
+        message: "publish proof typ mismatch",
+        expected: expectedType,
+        actual: payload.typ
+      };
+    }
+    const expectedManifest = normalizeSha256Hex(expectedManifestHash, "expectedManifestHash");
+    if (payload.manifestHash !== expectedManifest) {
+      return {
+        ok: false,
+        code: "PROVIDER_PUBLISH_PROOF_MANIFEST_HASH_MISMATCH",
+        message: "publish proof manifest hash mismatch",
+        expected: expectedManifest,
+        actual: payload.manifestHash
+      };
+    }
+    const expectedProvider = assertNonEmptyString(expectedProviderId, "expectedProviderId");
+    if (payload.providerId !== expectedProvider) {
+      return {
+        ok: false,
+        code: "PROVIDER_PUBLISH_PROOF_PROVIDER_MISMATCH",
+        message: "publish proof providerId mismatch",
+        expected: expectedProvider,
+        actual: payload.providerId
+      };
+    }
+    if (payload.exp <= nowUnixSeconds) {
+      return { ok: false, code: "PROVIDER_PUBLISH_PROOF_EXPIRED", message: "publish proof is expired" };
+    }
+    if (payload.iat > nowUnixSeconds + 300) {
+      return { ok: false, code: "PROVIDER_PUBLISH_PROOF_IAT_FUTURE", message: "publish proof iat is too far in the future" };
+    }
+    const keyMap = keyMapFromSettldKeyset(jwks);
+    const keyEntry = keyMap.get(kid) ?? null;
+    if (!keyEntry?.publicKeyPem) {
+      return { ok: false, code: "PROVIDER_PUBLISH_PROOF_UNKNOWN_KID", message: "publish proof kid not found in jwks", kid };
+    }
+    if (keyEntry.alg && String(keyEntry.alg).trim() !== "" && String(keyEntry.alg).trim() !== "EdDSA") {
+      return {
+        ok: false,
+        code: "PROVIDER_PUBLISH_PROOF_KEY_ALG_INVALID",
+        message: "jwks key alg must be EdDSA when provided",
+        kid
+      };
+    }
+    const signatureValid = nodeVerify(
+      null,
+      Buffer.from(parsed.signingInput, "utf8"),
+      keyEntry.publicKeyPem,
+      parsed.signature
+    );
+    if (!signatureValid) {
+      return { ok: false, code: "PROVIDER_PUBLISH_PROOF_SIGNATURE_INVALID", message: "publish proof signature verification failed", kid };
+    }
+    const keyEvidence = keyEntryToKeyEvidence(keyEntry, kid);
+    const providerRef = computeProviderRefFromPublishProofJwk(keyEvidence.jwk);
+    return {
+      ok: true,
+      code: null,
+      header: parsed.header,
+      payload,
+      kid,
+      keyEvidence,
+      providerRef,
+      tokenSha256: sha256Hex(assertNonEmptyString(token, "token"))
+    };
+  } catch (err) {
+    return {
+      ok: false,
+      code: "PROVIDER_PUBLISH_PROOF_INVALID",
+      message: err?.message ?? String(err ?? "")
+    };
+  }
+}
+function makeProofError(code, message, details = null, { statusCode = 400 } = {}) {
+  const err = new Error(message);
+  err.code = code;
+  err.statusCode = statusCode;
+  if (details !== null && details !== undefined) err.details = details;
+  return err;
+}
+export async function fetchProviderPublishProofJwks({
+  jwksUrl,
+  fetchFn = globalThis.fetch,
+  timeoutMs = 8_000,
+  maxBytes = 256 * 1024,
+  allowHttp = false,
+  allowPrivate = false,
+  allowLoopback = false
+} = {}) {
+  const urlText = assertNonEmptyString(jwksUrl, "publishProofJwksUrl");
+  const safe = await checkUrlSafety(urlText, {
+    allowHttp,
+    allowPrivate,
+    allowLoopback,
+    allowedSchemes: ["https"]
+  });
+  if (!safe.ok) {
+    throw makeProofError(
+      "PROVIDER_PUBLISH_PROOF_JWKS_URL_UNSAFE",
+      "publish proof jwks url is unsafe",
+      { code: safe.code, message: safe.message, hostname: safe.hostname ?? null }
+    );
+  }
+  if (typeof fetchFn !== "function") {
+    throw makeProofError("PROVIDER_PUBLISH_PROOF_FETCH_UNAVAILABLE", "fetch is unavailable in this runtime");
+  }
+  const timeout = Number(timeoutMs);
+  const controller = new AbortController();
+  const timer = Number.isFinite(timeout) && timeout > 0 ? setTimeout(() => controller.abort(), timeout) : null;
+  let response = null;
+  try {
+    response = await fetchFn(urlText, {
+      method: "GET",
+      headers: {
+        accept: "application/json"
+      },
+      redirect: "error",
+      signal: controller.signal
+    });
+  } catch (err) {
+    throw makeProofError(
+      "PROVIDER_PUBLISH_PROOF_JWKS_FETCH_FAILED",
+      `publish proof jwks fetch failed: ${err?.message ?? String(err ?? "")}`,
+      null,
+      { statusCode: 502 }
+    );
+  } finally {
+    if (timer) clearTimeout(timer);
+  }
+  if (!response?.ok) {
+    throw makeProofError(
+      "PROVIDER_PUBLISH_PROOF_JWKS_FETCH_FAILED",
+      `publish proof jwks fetch returned ${Number(response?.status ?? 0)}`,
+      { statusCode: Number(response?.status ?? 0) || null },
+      { statusCode: 502 }
+    );
+  }
+  let text = "";
+  try {
+    text = await response.text();
+  } catch (err) {
+    throw makeProofError(
+      "PROVIDER_PUBLISH_PROOF_JWKS_BODY_INVALID",
+      `publish proof jwks body read failed: ${err?.message ?? String(err ?? "")}`
+    );
+  }
+  if (Buffer.byteLength(text, "utf8") > Number(maxBytes)) {
+    throw makeProofError("PROVIDER_PUBLISH_PROOF_JWKS_BODY_TOO_LARGE", `publish proof jwks body must be <= ${Number(maxBytes)} bytes`);
+  }
+  let parsed = null;
+  try {
+    parsed = JSON.parse(text);
+  } catch (err) {
+    throw makeProofError("PROVIDER_PUBLISH_PROOF_JWKS_JSON_INVALID", `publish proof jwks must be valid JSON: ${err?.message ?? String(err ?? "")}`);
+  }
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw makeProofError("PROVIDER_PUBLISH_PROOF_JWKS_JSON_INVALID", "publish proof jwks must be an object");
+  }
+  if (!Array.isArray(parsed.keys) || parsed.keys.length === 0) {
+    throw makeProofError("PROVIDER_PUBLISH_PROOF_JWKS_KEYS_MISSING", "publish proof jwks.keys must be a non-empty array");
+  }
+  return normalizeForCanonicalJson(parsed, { path: "$" });
+}

package/src/core/provider-quote-signature.js ADDED Viewed

@@ -0,0 +1,170 @@
+import { canonicalJsonStringify, normalizeForCanonicalJson } from "./canonical-json.js";
+import { keyIdFromPublicKeyPem, sha256Hex, signHashHexEd25519, verifyHashHexEd25519 } from "./crypto.js";
+export const TOOL_PROVIDER_QUOTE_PAYLOAD_SCHEMA_VERSION = "ToolProviderQuotePayload.v1";
+export const TOOL_PROVIDER_QUOTE_SIGNATURE_SCHEMA_VERSION = "ToolProviderQuoteSignature.v1";
+function assertNonEmptyString(v, name) {
+  if (typeof v !== "string" || v.trim() === "") throw new TypeError(`${name} must be a non-empty string`);
+  return v.trim();
+}
+function assertIsoDate(v, name) {
+  const value = assertNonEmptyString(v, name);
+  const t = Date.parse(value);
+  if (!Number.isFinite(t)) throw new TypeError(`${name} must be an ISO date-time`);
+  return value;
+}
+function assertPositiveSafeInt(v, name) {
+  const n = Number(v);
+  if (!Number.isSafeInteger(n) || n <= 0) throw new TypeError(`${name} must be a positive safe integer`);
+  return n;
+}
+function assertOptionalId(v, name) {
+  if (v === null || v === undefined || String(v).trim() === "") return null;
+  const out = String(v).trim();
+  if (!/^[A-Za-z0-9:._/-]+$/.test(out)) throw new TypeError(`${name} must match ^[A-Za-z0-9:._/-]+$`);
+  if (out.length > 200) throw new TypeError(`${name} must be <= 200 chars`);
+  return out;
+}
+function assertCurrency(v, name) {
+  const out = assertNonEmptyString(v, name).toUpperCase();
+  if (!/^[A-Z][A-Z0-9_]{2,11}$/.test(out)) throw new TypeError(`${name} must match ^[A-Z][A-Z0-9_]{2,11}$`);
+  return out;
+}
+function assertRequestBindingMode(v, name) {
+  const out = assertNonEmptyString(v, name).toLowerCase();
+  if (out !== "none" && out !== "strict") throw new TypeError(`${name} must be none|strict`);
+  return out;
+}
+function assertOptionalSha256Hex(v, name) {
+  if (v === null || v === undefined || String(v).trim() === "") return null;
+  const out = String(v).trim().toLowerCase();
+  if (!/^[0-9a-f]{64}$/.test(out)) throw new TypeError(`${name} must be sha256 hex`);
+  return out;
+}
+function assertSha256Hex(v, name) {
+  const out = assertNonEmptyString(v, name).toLowerCase();
+  if (!/^[0-9a-f]{64}$/.test(out)) throw new TypeError(`${name} must be sha256 hex`);
+  return out;
+}
+function assertNonceHex(v, name) {
+  const out = assertNonEmptyString(v, name).toLowerCase();
+  if (!/^[0-9a-f]{16,128}$/.test(out)) throw new TypeError(`${name} must be hex (16..128 chars)`);
+  return out;
+}
+function normalizeBoolean(v) {
+  if (v === true) return true;
+  if (v === false) return false;
+  if (v === null || v === undefined) return false;
+  const raw = String(v).trim().toLowerCase();
+  return raw === "1" || raw === "true" || raw === "yes" || raw === "on";
+}
+export function buildToolProviderQuotePayloadV1({
+  providerId,
+  toolId,
+  amountCents,
+  currency,
+  address,
+  network,
+  requestBindingMode = "none",
+  requestBindingSha256 = null,
+  quoteRequired = false,
+  quoteId = null,
+  spendAuthorizationMode = "optional",
+  quotedAt,
+  expiresAt
+} = {}) {
+  const normalizedRequestBindingMode = assertRequestBindingMode(requestBindingMode, "requestBindingMode");
+  const normalizedRequestBindingSha256 = assertOptionalSha256Hex(requestBindingSha256, "requestBindingSha256");
+  if (normalizedRequestBindingMode === "strict" && !normalizedRequestBindingSha256) {
+    throw new TypeError("requestBindingSha256 is required when requestBindingMode=strict");
+  }
+  const normalizedSpendAuthorizationMode = assertNonEmptyString(spendAuthorizationMode, "spendAuthorizationMode").toLowerCase();
+  if (normalizedSpendAuthorizationMode !== "optional" && normalizedSpendAuthorizationMode !== "required") {
+    throw new TypeError("spendAuthorizationMode must be optional|required");
+  }
+  const normalizedQuoteId = assertOptionalId(quoteId, "quoteId");
+  const payload = normalizeForCanonicalJson(
+    {
+      schemaVersion: TOOL_PROVIDER_QUOTE_PAYLOAD_SCHEMA_VERSION,
+      providerId: assertOptionalId(providerId, "providerId") ?? (() => {
+        throw new TypeError("providerId is required");
+      })(),
+      toolId: assertOptionalId(toolId, "toolId") ?? (() => {
+        throw new TypeError("toolId is required");
+      })(),
+      amountCents: assertPositiveSafeInt(amountCents, "amountCents"),
+      currency: assertCurrency(currency, "currency"),
+      address: assertNonEmptyString(address, "address"),
+      network: assertNonEmptyString(network, "network"),
+      requestBindingMode: normalizedRequestBindingMode,
+      ...(normalizedRequestBindingSha256 ? { requestBindingSha256: normalizedRequestBindingSha256 } : {}),
+      quoteRequired: normalizeBoolean(quoteRequired),
+      ...(normalizedQuoteId ? { quoteId: normalizedQuoteId } : {}),
+      spendAuthorizationMode: normalizedSpendAuthorizationMode,
+      quotedAt: assertIsoDate(quotedAt, "quotedAt"),
+      expiresAt: assertIsoDate(expiresAt, "expiresAt")
+    },
+    { path: "$" }
+  );
+  if (Date.parse(payload.expiresAt) <= Date.parse(payload.quotedAt)) {
+    throw new TypeError("expiresAt must be after quotedAt");
+  }
+  return payload;
+}
+export function computeToolProviderQuotePayloadHashV1({ quote } = {}) {
+  const payload = buildToolProviderQuotePayloadV1(quote);
+  return sha256Hex(canonicalJsonStringify(payload));
+}
+export function signToolProviderQuoteSignatureV1({ quote, nonce, signedAt, publicKeyPem, privateKeyPem } = {}) {
+  assertNonEmptyString(publicKeyPem, "publicKeyPem");
+  assertNonEmptyString(privateKeyPem, "privateKeyPem");
+  const keyId = keyIdFromPublicKeyPem(publicKeyPem);
+  const payload = buildToolProviderQuotePayloadV1(quote);
+  const payloadHashHex = computeToolProviderQuotePayloadHashV1({ quote: payload });
+  const signatureBase64 = signHashHexEd25519(payloadHashHex, privateKeyPem);
+  return normalizeForCanonicalJson(
+    {
+      schemaVersion: TOOL_PROVIDER_QUOTE_SIGNATURE_SCHEMA_VERSION,
+      algorithm: "ed25519",
+      keyId,
+      signedAt: assertIsoDate(signedAt, "signedAt"),
+      nonce: assertNonceHex(nonce, "nonce"),
+      payloadHash: payloadHashHex,
+      signatureBase64
+    },
+    { path: "$" }
+  );
+}
+export function verifyToolProviderQuoteSignatureV1({ quote, signature, publicKeyPem } = {}) {
+  if (!signature || typeof signature !== "object" || Array.isArray(signature)) throw new TypeError("signature must be an object");
+  assertNonEmptyString(publicKeyPem, "publicKeyPem");
+  if (signature.schemaVersion !== TOOL_PROVIDER_QUOTE_SIGNATURE_SCHEMA_VERSION) {
+    throw new TypeError(`signature.schemaVersion must be ${TOOL_PROVIDER_QUOTE_SIGNATURE_SCHEMA_VERSION}`);
+  }
+  if (String(signature.algorithm ?? "").toLowerCase() !== "ed25519") {
+    throw new TypeError("signature.algorithm must be ed25519");
+  }
+  const expectedKeyId = keyIdFromPublicKeyPem(publicKeyPem);
+  if (String(signature.keyId ?? "").trim() !== expectedKeyId) return false;
+  const payloadHashHex = computeToolProviderQuotePayloadHashV1({ quote });
+  if (assertSha256Hex(signature.payloadHash, "signature.payloadHash") !== payloadHashHex) return false;
+  const signatureBase64 = assertNonEmptyString(signature.signatureBase64, "signature.signatureBase64");
+  return verifyHashHexEd25519({ hashHex: payloadHashHex, signatureBase64, publicKeyPem });
+}

package/src/core/settld-keys.js ADDED Viewed

@@ -0,0 +1,112 @@
+import { createPublicKey } from "node:crypto";
+import { normalizeForCanonicalJson } from "./canonical-json.js";
+import { keyIdFromPublicKeyPem } from "./crypto.js";
+function assertNonEmptyString(value, name) {
+  if (typeof value !== "string" || value.trim() === "") throw new TypeError(`${name} must be a non-empty string`);
+  return String(value).trim();
+}
+function assertIsoDate(value, name) {
+  assertNonEmptyString(value, name);
+  if (!Number.isFinite(Date.parse(value))) throw new TypeError(`${name} must be an ISO date-time`);
+}
+function normalizeKeyId({ keyId, publicKeyPem, fieldName = "keyId" } = {}) {
+  const derived = keyIdFromPublicKeyPem(publicKeyPem);
+  if (keyId === null || keyId === undefined || String(keyId).trim() === "") return derived;
+  const normalized = assertNonEmptyString(keyId, fieldName);
+  if (normalized !== derived) throw new TypeError(`${fieldName} does not match publicKeyPem`);
+  return normalized;
+}
+export function publicKeyPemToEd25519X(publicKeyPem) {
+  if (typeof publicKeyPem !== "string" || publicKeyPem.trim() === "") throw new TypeError("publicKeyPem must be a non-empty string");
+  const pem = publicKeyPem;
+  let jwk;
+  try {
+    jwk = createPublicKey(pem).export({ format: "jwk" });
+  } catch (err) {
+    throw new TypeError(`publicKeyPem is not a valid Ed25519 key: ${err?.message ?? String(err ?? "")}`);
+  }
+  if (!jwk || typeof jwk !== "object") throw new TypeError("publicKeyPem did not export as JWK");
+  if (String(jwk.kty ?? "") !== "OKP") throw new TypeError("publicKeyPem must export to JWK kty=OKP");
+  if (String(jwk.crv ?? "") !== "Ed25519") throw new TypeError("publicKeyPem must export to JWK crv=Ed25519");
+  const x = assertNonEmptyString(jwk.x, "jwk.x");
+  return x;
+}
+export function ed25519XToPublicKeyPem(x) {
+  const normalizedX = assertNonEmptyString(x, "x");
+  try {
+    const keyObj = createPublicKey({
+      key: { kty: "OKP", crv: "Ed25519", x: normalizedX },
+      format: "jwk"
+    });
+    return keyObj.export({ format: "pem", type: "spki" }).toString();
+  } catch (err) {
+    throw new TypeError(`x is not a valid Ed25519 JWK coordinate: ${err?.message ?? String(err ?? "")}`);
+  }
+}
+export function buildSettldPayKeysetV1({ activeKey, fallbackKeys = [], refreshedAt = new Date().toISOString() } = {}) {
+  if (!activeKey || typeof activeKey !== "object" || Array.isArray(activeKey)) {
+    throw new TypeError("activeKey must be an object");
+  }
+  assertIsoDate(refreshedAt, "refreshedAt");
+  const keyRows = [activeKey, ...(Array.isArray(fallbackKeys) ? fallbackKeys : [])];
+  const byKid = new Map();
+  for (const row of keyRows) {
+    if (!row || typeof row !== "object" || Array.isArray(row)) continue;
+    if (typeof row.publicKeyPem !== "string" || row.publicKeyPem.trim() === "") throw new TypeError("publicKeyPem must be a non-empty string");
+    const publicKeyPem = row.publicKeyPem;
+    const kid = normalizeKeyId({ keyId: row.keyId ?? row.kid ?? null, publicKeyPem, fieldName: "keyId" });
+    if (byKid.has(kid)) continue;
+    byKid.set(
+      kid,
+      normalizeForCanonicalJson(
+        {
+          kty: "OKP",
+          crv: "Ed25519",
+          x: publicKeyPemToEd25519X(publicKeyPem),
+          kid,
+          use: "sig",
+          alg: "EdDSA"
+        },
+        { path: "$" }
+      )
+    );
+  }
+  return normalizeForCanonicalJson(
+    {
+      keys: Array.from(byKid.values()),
+      refreshedAt
+    },
+    { path: "$" }
+  );
+}
+export function publicKeyPemFromSettldKeysetEntry(entry) {
+  if (!entry || typeof entry !== "object" || Array.isArray(entry)) throw new TypeError("entry must be an object");
+  if (typeof entry.publicKeyPem === "string" && entry.publicKeyPem.trim() !== "") return entry.publicKeyPem;
+  const kty = assertNonEmptyString(entry.kty, "entry.kty");
+  const crv = assertNonEmptyString(entry.crv, "entry.crv");
+  if (kty !== "OKP" || crv !== "Ed25519") throw new TypeError("entry must be an Ed25519 OKP key");
+  return ed25519XToPublicKeyPem(entry.x);
+}
+export function keyMapFromSettldKeyset(keyset) {
+  if (!keyset || typeof keyset !== "object" || Array.isArray(keyset)) throw new TypeError("keyset must be an object");
+  const rows = Array.isArray(keyset.keys) ? keyset.keys : [];
+  const out = new Map();
+  for (const row of rows) {
+    if (!row || typeof row !== "object" || Array.isArray(row)) continue;
+    const kid = assertNonEmptyString(row.kid, "keyset.keys[].kid");
+    const publicKeyPem = publicKeyPemFromSettldKeysetEntry(row);
+    out.set(kid, { ...row, kid, publicKeyPem });
+  }
+  return out;
+}