npm - settld - Versions diffs - 0.1.2 → 0.2.0 - Mend

settld 0.1.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (483) hide show

package/README.md +93 -3
package/SETTLD_VERSION +1 -1
package/bin/settld-mcp +2 -0
package/bin/settld.js +71 -0
package/conformance/kernel-v0/README.md +7 -0
package/conformance/kernel-v0/run.mjs +292 -4
package/docs/ACCESS.md +57 -0
package/docs/ADOPTION_CHECKLIST.md +44 -0
package/docs/ALERTS.md +198 -0
package/docs/ARCHITECTURE.md +69 -0
package/docs/ARCHITECTURE_FOUNDER_GUIDE.md +284 -0
package/docs/ARTIFACTS.md +60 -0
package/docs/CERTIFICATION_CHECKLIST.md +33 -0
package/docs/CIRCLE_SANDBOX_E2E.md +152 -0
package/docs/CONFIG.md +297 -0
package/docs/CONTRACTS_APIS.md +23 -0
package/docs/DEPRECATION.md +31 -0
package/docs/DOMAIN_MODEL.md +92 -0
package/docs/EVENT_ENVELOPE.md +53 -0
package/docs/FINANCE_PACK_FORMAT.md +53 -0
package/docs/INCIDENT_TAXONOMY.md +30 -0
package/docs/JOB_STATE_MACHINE.md +66 -0
package/docs/KERNEL_COMPATIBLE.md +60 -0
package/docs/KERNEL_V0.md +40 -0
package/docs/KEY_ROTATION.md +80 -0
package/docs/LEDGER.md +82 -0
package/docs/LIVENESS.md +76 -0
package/docs/MVP_BUILD_ORDER.md +36 -0
package/docs/ONCALL_PLAYBOOK.md +39 -0
package/docs/OPERATIONS_SIGNING.md +20 -0
package/docs/OVERVIEW.md +190 -0
package/docs/PERF_BASELINE.md +85 -0
package/docs/PRD.md +77 -0
package/docs/QUICKSTART_KERNEL_V0.md +96 -0
package/docs/QUICKSTART_MCP.md +377 -0
package/docs/QUICKSTART_MCP_HOSTS.md +210 -0
package/docs/QUICKSTART_POLICY_PACKS.md +65 -0
package/docs/QUICKSTART_PRODUCE.md +61 -0
package/docs/QUICKSTART_PROFILES.md +198 -0
package/docs/QUICKSTART_RELEASE_VERIFY.md +39 -0
package/docs/QUICKSTART_SDK.md +125 -0
package/docs/QUICKSTART_SDK_PYTHON.md +111 -0
package/docs/QUICKSTART_VERIFY.md +54 -0
package/docs/QUICKSTART_X402_GATEWAY.md +317 -0
package/docs/README.md +33 -0
package/docs/RELEASE_CHECKLIST.md +182 -0
package/docs/RELEASING.md +82 -0
package/docs/REPO_SETTINGS.md +37 -0
package/docs/RUNBOOK.md +86 -0
package/docs/SKILLS.md +42 -0
package/docs/SKILL_BUNDLE_FORMAT.md +48 -0
package/docs/SLO.md +131 -0
package/docs/SUMMARY.md +17 -0
package/docs/SUPPORT.md +31 -0
package/docs/THREAT_MODEL.md +36 -0
package/docs/TRUST.md +59 -0
package/docs/WORKFLOW.md +35 -0
package/docs/X402_BATCH_SETTLEMENT.md +126 -0
package/docs/blog/2026-02-14-your-ai-agent-just-spent-500-where-is-the-receipt.md +73 -0
package/docs/examples/x402-provider-payout-registry.example.json +14 -0
package/docs/gitbook/README.md +64 -0
package/docs/gitbook/SETUP.md +25 -0
package/docs/gitbook/SUMMARY.md +15 -0
package/docs/gitbook/api-reference.md +73 -0
package/docs/gitbook/closepacks.md +55 -0
package/docs/gitbook/conformance.md +59 -0
package/docs/gitbook/core-primitives.md +85 -0
package/docs/gitbook/dispute-lifecycle.md +33 -0
package/docs/gitbook/faq.md +21 -0
package/docs/gitbook/guides.md +49 -0
package/docs/gitbook/operations-runbook.md +36 -0
package/docs/gitbook/quickstart.md +103 -0
package/docs/gitbook/replay-and-audit.md +30 -0
package/docs/gitbook/sdk-reference.md +35 -0
package/docs/gitbook/security-model.md +58 -0
package/docs/integrations/README.md +15 -0
package/docs/integrations/github-actions-verify.yml +31 -0
package/docs/integrations/github-actions.md +34 -0
package/docs/integrations/openclaw/CLAWHUB_PUBLISH_CHECKLIST.md +65 -0
package/docs/integrations/openclaw/PUBLIC_QUICKSTART.md +95 -0
package/docs/integrations/openclaw/settld-mcp-skill/SKILL.md +69 -0
package/docs/integrations/openclaw/settld-mcp-skill/mcp-server.example.json +12 -0
package/docs/kernel-compatible/capabilities.json +36 -0
package/docs/marketing/agent-commerce-substrate.md +78 -0
package/docs/marketing/hn-repost-2026-02-17.md +102 -0
package/docs/marketing/show-hn-post.md +45 -0
package/docs/ops/ARTIFACT_VERIFICATION_STATUS.md +43 -0
package/docs/ops/BILLING_WEBHOOK_REPLAY.md +105 -0
package/docs/ops/CI_FLAKE_BUDGET.md +31 -0
package/docs/ops/DISPUTE_FINANCE_RECONCILIATION_PACKET.md +56 -0
package/docs/ops/GO_LIVE_GATE_S13.md +27 -0
package/docs/ops/HOSTED_BASELINE_R2.md +129 -0
package/docs/ops/KERNEL_V0_SHIP_GATE.md +69 -0
package/docs/ops/LIGHTHOUSE_PRODUCTION_CLOSE.md +51 -0
package/docs/ops/MCP_COMPATIBILITY_MATRIX.md +30 -0
package/docs/ops/MINIMUM_PRODUCTION_TOPOLOGY.md +89 -0
package/docs/ops/P0_BACKEND_PROGRESS.md +150 -0
package/docs/ops/PAYMENTS_ALPHA_R5.md +105 -0
package/docs/ops/PILOT_ONBOARDING_RUNBOOK.md +112 -0
package/docs/ops/PRODUCTION_DEPLOYMENT_CHECKLIST.md +140 -0
package/docs/ops/R1_SLOS.md +66 -0
package/docs/ops/RELEASE_SIGNING_INCIDENT.md +58 -0
package/docs/ops/SELF_SERVE_LAUNCH_AUTOMATION.md +89 -0
package/docs/ops/THROUGHPUT_DRILL_10X.md +48 -0
package/docs/ops/TRUST_CONFIG_WIZARD.md +60 -0
package/docs/ops/X402_PILOT_WEEKLY_METRICS.md +76 -0
package/docs/ops/tool-call-disputes-holdback.md +52 -0
package/docs/pilot-kit/PILOT_PACKAGE_SCORECARD_X402.md +46 -0
package/docs/pilot-kit/README.md +29 -0
package/docs/pilot-kit/architecture-one-pager.md +48 -0
package/docs/pilot-kit/buyer-email.txt +19 -0
package/docs/pilot-kit/buyer-one-pager.md +31 -0
package/docs/pilot-kit/gtm-pilot-playbook.md +182 -0
package/docs/pilot-kit/offline-verify.md +33 -0
package/docs/pilot-kit/procurement-one-pager.md +50 -0
package/docs/pilot-kit/rfp-clause.md +46 -0
package/docs/pilot-kit/roi-calculator-template.csv +2 -0
package/docs/pilot-kit/security-qa.md +153 -0
package/docs/pilot-kit/security-summary.md +35 -0
package/docs/plans/2026-02-13-mcp-spike-design.md +113 -0
package/docs/plans/2026-02-20-trust-os-v1-jira-backlog.md +348 -0
package/docs/plans/2026-02-21-agent-economic-actor-operating-model.md +169 -0
package/docs/plans/2026-02-21-trust-os-v1-strategy.md +241 -0
package/docs/research/2026-02-21-agent-spend-host-landscape.md +57 -0
package/docs/spec/AcceptanceCriteria.v1.md +17 -0
package/docs/spec/AcceptanceEvaluation.v1.md +10 -0
package/docs/spec/AgentEvent.v1.md +47 -0
package/docs/spec/AgentIdentity.v1.md +62 -0
package/docs/spec/AgentPassport.v1.md +95 -0
package/docs/spec/AgentReputation.v1.md +59 -0
package/docs/spec/AgentReputation.v2.md +52 -0
package/docs/spec/AgentRun.v1.md +47 -0
package/docs/spec/AgentRunSettlement.v1.md +52 -0
package/docs/spec/AgentWallet.v1.md +43 -0
package/docs/spec/AgreementDelegation.v1.md +109 -0
package/docs/spec/ArbitrationCase.v1.md +67 -0
package/docs/spec/ArbitrationOutcomeMapping.v1.md +62 -0
package/docs/spec/ArbitrationVerdict.v1.md +60 -0
package/docs/spec/BundleHeadAttestation.v1.md +32 -0
package/docs/spec/CANONICAL_JSON.md +31 -0
package/docs/spec/CRYPTOGRAPHY.md +61 -0
package/docs/spec/ClosePack.v1.md +49 -0
package/docs/spec/ClosePackManifest.v1.md +24 -0
package/docs/spec/DelegationGrant.v1.md +90 -0
package/docs/spec/DisputeCaseLifecycle.v1.md +51 -0
package/docs/spec/DisputeOpenEnvelope.v1.md +43 -0
package/docs/spec/ERRORS.md +76 -0
package/docs/spec/ESCROW_NETTING_INVARIANTS.md +71 -0
package/docs/spec/EvidenceIndex.v1.md +20 -0
package/docs/spec/ExecutionIntent.v1.md +90 -0
package/docs/spec/FinancePackBundleManifest.v1.md +24 -0
package/docs/spec/FundingHold.v1.md +60 -0
package/docs/spec/GovernancePolicy.v1.md +34 -0
package/docs/spec/GovernancePolicy.v2.md +30 -0
package/docs/spec/INVARIANTS.md +389 -0
package/docs/spec/InteractionDirectionMatrix.v1.md +30 -0
package/docs/spec/InvoiceBundleManifest.v1.md +24 -0
package/docs/spec/InvoiceClaim.v1.md +11 -0
package/docs/spec/MONEY_RAIL_STATE_MACHINE.md +58 -0
package/docs/spec/MarketplaceAcceptance.v2.md +46 -0
package/docs/spec/MarketplaceOffer.v2.md +54 -0
package/docs/spec/MeteringReport.v1.md +18 -0
package/docs/spec/OperatorAction.v1.md +90 -0
package/docs/spec/PRODUCER_ERRORS.md +42 -0
package/docs/spec/PolicyDecision.v1.md +83 -0
package/docs/spec/PricingMatrix.v1.md +20 -0
package/docs/spec/PricingMatrixSignatures.v1.md +30 -0
package/docs/spec/PricingMatrixSignatures.v2.md +29 -0
package/docs/spec/ProduceCliOutput.v1.md +46 -0
package/docs/spec/ProofBundleManifest.v1.md +24 -0
package/docs/spec/README.md +109 -0
package/docs/spec/REFERENCE_IMPLEMENTATIONS.md +29 -0
package/docs/spec/REFERENCE_VERIFIER_BEHAVIOR.md +68 -0
package/docs/spec/REMOTE_SIGNER.md +66 -0
package/docs/spec/ReleaseIndex.v1.md +32 -0
package/docs/spec/ReleaseIndexSignatures.v1.md +17 -0
package/docs/spec/ReleaseTrust.v1.md +13 -0
package/docs/spec/ReleaseTrust.v2.md +26 -0
package/docs/spec/RemoteSignerRequest.v1.md +21 -0
package/docs/spec/RemoteSignerResponse.v1.md +16 -0
package/docs/spec/ReputationEvent.v1.md +63 -0
package/docs/spec/RevocationList.v1.md +28 -0
package/docs/spec/SIGNER_PROVIDER_PLUGIN.md +32 -0
package/docs/spec/STRICTNESS.md +68 -0
package/docs/spec/SUPPLY_CHAIN.md +33 -0
package/docs/spec/SettlementAdjustment.v1.md +45 -0
package/docs/spec/SettlementDecisionRecord.v1.md +48 -0
package/docs/spec/SettlementDecisionRecord.v2.md +53 -0
package/docs/spec/SettlementDecisionReport.v1.md +44 -0
package/docs/spec/SettlementKernel.v1.md +59 -0
package/docs/spec/SettlementReceipt.v1.md +63 -0
package/docs/spec/SlaDefinition.v1.md +24 -0
package/docs/spec/SlaEvaluation.v1.md +12 -0
package/docs/spec/THREAT_MODEL.md +113 -0
package/docs/spec/TOOL_PROVENANCE.md +30 -0
package/docs/spec/TRUST_ANCHORS.md +84 -0
package/docs/spec/TenantSettings.v1.md +90 -0
package/docs/spec/TenantSettings.v2.md +99 -0
package/docs/spec/TimestampProof.v1.md +25 -0
package/docs/spec/ToolCallAgreement.v1.md +34 -0
package/docs/spec/ToolCallEvidence.v1.md +47 -0
package/docs/spec/ToolManifest.v1.md +47 -0
package/docs/spec/VERIFIER_ENVIRONMENT.md +38 -0
package/docs/spec/VERSIONING.md +107 -0
package/docs/spec/VerificationReport.v1.md +50 -0
package/docs/spec/VerifyAboutOutput.v1.md +10 -0
package/docs/spec/VerifyCliOutput.v1.md +28 -0
package/docs/spec/WARNINGS.md +83 -0
package/docs/spec/error-codes.v1.txt +285 -0
package/docs/spec/examples/agreement_delegation_v1.example.json +21 -0
package/docs/spec/examples/arbitration_case_v1.example.json +26 -0
package/docs/spec/examples/arbitration_verdict_v1.example.json +32 -0
package/docs/spec/examples/dispute_open_envelope_v1.example.json +18 -0
package/docs/spec/examples/produce_cli_output_v1.example.json +32 -0
package/docs/spec/examples/release_index_signature_v1.example.json +9 -0
package/docs/spec/examples/release_index_signatures_v1.example.json +14 -0
package/docs/spec/examples/release_index_v1.example.json +15 -0
package/docs/spec/examples/release_trust_v1.example.json +7 -0
package/docs/spec/examples/release_trust_v2.example.json +22 -0
package/docs/spec/examples/remote_signer_request_v1.example.json +18 -0
package/docs/spec/examples/remote_signer_response_v1.example.json +8 -0
package/docs/spec/examples/reputation_event_v1.example.json +29 -0
package/docs/spec/examples/verification_report_v1.example.json +24 -0
package/docs/spec/examples/verify_about_output_v1.example.json +29 -0
package/docs/spec/examples/verify_cli_output_v1.example.json +13 -0
package/docs/spec/legacy/MarketplaceAcceptance.v1.md +48 -0
package/docs/spec/legacy/MarketplaceOffer.v1.md +56 -0
package/docs/spec/legacy/schemas/MarketplaceAcceptance.v1.schema.json +53 -0
package/docs/spec/legacy/schemas/MarketplaceOffer.v1.schema.json +61 -0
package/docs/spec/producer-error-codes.v1.txt +14 -0
package/docs/spec/schemas/AcceptanceCriteria.v1.schema.json +24 -0
package/docs/spec/schemas/AcceptanceEvaluation.v1.schema.json +26 -0
package/docs/spec/schemas/AgentEvent.v1.schema.json +49 -0
package/docs/spec/schemas/AgentIdentity.v1.schema.json +129 -0
package/docs/spec/schemas/AgentPassport.v1.schema.json +112 -0
package/docs/spec/schemas/AgentReputation.v1.schema.json +151 -0
package/docs/spec/schemas/AgentReputation.v2.schema.json +120 -0
package/docs/spec/schemas/AgentRun.v1.schema.json +71 -0
package/docs/spec/schemas/AgentRunSettlement.v1.schema.json +75 -0
package/docs/spec/schemas/AgentWallet.v1.schema.json +54 -0
package/docs/spec/schemas/AgreementDelegation.v1.schema.json +50 -0
package/docs/spec/schemas/ArbitrationCase.v1.schema.json +133 -0
package/docs/spec/schemas/ArbitrationVerdict.v1.schema.json +149 -0
package/docs/spec/schemas/BundleHeadAttestation.v1.schema.json +21 -0
package/docs/spec/schemas/ClosePackManifest.v1.schema.json +38 -0
package/docs/spec/schemas/DelegationGrant.v1.schema.json +102 -0
package/docs/spec/schemas/DisputeOpenEnvelope.v1.schema.json +78 -0
package/docs/spec/schemas/EvidenceIndex.v1.schema.json +41 -0
package/docs/spec/schemas/ExecutionIntent.v1.schema.json +85 -0
package/docs/spec/schemas/FinancePackBundleManifest.v1.schema.json +38 -0
package/docs/spec/schemas/FundingHold.v1.schema.json +46 -0
package/docs/spec/schemas/GovernancePolicy.v1.schema.json +45 -0
package/docs/spec/schemas/GovernancePolicy.v2.schema.json +70 -0
package/docs/spec/schemas/InteractionDirectionMatrix.v1.schema.json +43 -0
package/docs/spec/schemas/InvoiceBundleManifest.v1.schema.json +38 -0
package/docs/spec/schemas/InvoiceClaim.v1.schema.json +39 -0
package/docs/spec/schemas/MarketplaceAcceptance.v2.schema.json +53 -0
package/docs/spec/schemas/MarketplaceOffer.v2.schema.json +61 -0
package/docs/spec/schemas/MeteringReport.v1.schema.json +45 -0
package/docs/spec/schemas/OperatorAction.v1.schema.json +113 -0
package/docs/spec/schemas/PolicyDecision.v1.schema.json +74 -0
package/docs/spec/schemas/PricingMatrix.v1.schema.json +24 -0
package/docs/spec/schemas/PricingMatrixSignatures.v1.schema.json +24 -0
package/docs/spec/schemas/PricingMatrixSignatures.v2.schema.json +24 -0
package/docs/spec/schemas/ProduceCliOutput.v1.schema.json +107 -0
package/docs/spec/schemas/ProofBundleManifest.v1.schema.json +37 -0
package/docs/spec/schemas/PublicKeys.v1.schema.json +33 -0
package/docs/spec/schemas/ReleaseIndex.v1.schema.json +45 -0
package/docs/spec/schemas/ReleaseIndexSignature.v1.schema.json +16 -0
package/docs/spec/schemas/ReleaseIndexSignatures.v1.schema.json +16 -0
package/docs/spec/schemas/ReleaseTrust.v1.schema.json +15 -0
package/docs/spec/schemas/ReleaseTrust.v2.schema.json +37 -0
package/docs/spec/schemas/RemoteSignerPublicKeyResponse.v1.schema.json +14 -0
package/docs/spec/schemas/RemoteSignerRequest.v1.schema.json +24 -0
package/docs/spec/schemas/RemoteSignerResponse.v1.schema.json +10 -0
package/docs/spec/schemas/RemoteSignerSignRequest.v1.schema.json +27 -0
package/docs/spec/schemas/RemoteSignerSignResponse.v1.schema.json +16 -0
package/docs/spec/schemas/ReputationEvent.v1.schema.json +164 -0
package/docs/spec/schemas/RevocationList.v1.schema.json +51 -0
package/docs/spec/schemas/SettlementAdjustment.v1.schema.json +44 -0
package/docs/spec/schemas/SettlementDecisionRecord.v1.schema.json +66 -0
package/docs/spec/schemas/SettlementDecisionRecord.v2.schema.json +149 -0
package/docs/spec/schemas/SettlementDecisionReport.v1.schema.json +61 -0
package/docs/spec/schemas/SettlementReceipt.v1.schema.json +135 -0
package/docs/spec/schemas/SlaDefinition.v1.schema.json +33 -0
package/docs/spec/schemas/SlaEvaluation.v1.schema.json +26 -0
package/docs/spec/schemas/TenantSettings.v1.schema.json +90 -0
package/docs/spec/schemas/TenantSettings.v2.schema.json +161 -0
package/docs/spec/schemas/TimestampProof.v1.schema.json +17 -0
package/docs/spec/schemas/ToolCallAgreement.v1.schema.json +34 -0
package/docs/spec/schemas/ToolCallEvidence.v1.schema.json +45 -0
package/docs/spec/schemas/ToolManifest.v1.schema.json +54 -0
package/docs/spec/schemas/VerificationReport.v1.schema.json +83 -0
package/docs/spec/schemas/VerifyAboutOutput.v1.schema.json +54 -0
package/docs/spec/schemas/VerifyCliOutput.v1.schema.json +75 -0
package/docs/spec/schemas/VerifyReleaseOutput.v1.schema.json +47 -0
package/docs/spec/x402-error-codes.v1.txt +35 -0
package/docs/templates/buyer-email.txt +18 -0
package/docs/templates/buyer-one-pager.md +24 -0
package/package.json +53 -6
package/scripts/acceptance/full-stack.mjs +734 -0
package/scripts/acceptance/full-stack.sh +99 -0
package/scripts/audit/build-audit-packet.mjs +242 -0
package/scripts/backup-pg.sh +45 -0
package/scripts/backup-restore/README.md +18 -0
package/scripts/backup-restore/capture-state.mjs +130 -0
package/scripts/backup-restore/client.mjs +97 -0
package/scripts/backup-restore/seed-workload.mjs +235 -0
package/scripts/backup-restore/verify-state.mjs +139 -0
package/scripts/backup-restore-test.sh +217 -0
package/scripts/chaos.js +221 -0
package/scripts/ci/build-launch-cutover-packet.mjs +304 -0
package/scripts/ci/build-self-serve-benchmark-report.mjs +122 -0
package/scripts/ci/changelog-guard.mjs +145 -0
package/scripts/ci/check-kernel-v0-launch-gate.mjs +233 -0
package/scripts/ci/check-secret-hygiene.mjs +78 -0
package/scripts/ci/check-version-consistency.mjs +42 -0
package/scripts/ci/cli-pack-smoke.mjs +160 -0
package/scripts/ci/flake-budget-guard.mjs +68 -0
package/scripts/ci/generate-error-codes.mjs +54 -0
package/scripts/ci/lib/lighthouse-tracker.mjs +90 -0
package/scripts/ci/lib/self-serve-launch-gate.mjs +89 -0
package/scripts/ci/npm-pack-smoke.mjs +454 -0
package/scripts/ci/run-10x-throughput-drill.mjs +318 -0
package/scripts/ci/run-10x-throughput-incident-rehearsal.mjs +368 -0
package/scripts/ci/run-arbitration-workspace-browser-e2e.sh +22 -0
package/scripts/ci/run-circle-sandbox-smoke.mjs +237 -0
package/scripts/ci/run-go-live-gate.mjs +150 -0
package/scripts/ci/run-kernel-v0-ship-gate.mjs +97 -0
package/scripts/ci/run-mcp-host-cert-matrix.mjs +201 -0
package/scripts/ci/run-mcp-host-smoke.mjs +473 -0
package/scripts/ci/run-offline-verification-parity-gate.mjs +762 -0
package/scripts/ci/run-onboarding-host-success-gate.mjs +516 -0
package/scripts/ci/run-onboarding-policy-slo-gate.mjs +537 -0
package/scripts/ci/run-production-cutover-gate.mjs +540 -0
package/scripts/ci/run-public-openclaw-npx-smoke.mjs +148 -0
package/scripts/ci/run-release-promotion-guard.mjs +756 -0
package/scripts/ci/run-self-serve-launch-gate.mjs +56 -0
package/scripts/ci/runtime-import-smoke.mjs +58 -0
package/scripts/ci/update-lighthouse-tracker.mjs +112 -0
package/scripts/closepack/lib.mjs +286 -0
package/scripts/collect-debug.sh +263 -0
package/scripts/demo/compositional-settlement-3hop.mjs +237 -0
package/scripts/demo/delivery-robot/export-ui-fixture.mjs +188 -0
package/scripts/demo/delivery-robot/generate.mjs +377 -0
package/scripts/demo/kernel-agent-goes-shopping.mjs +202 -0
package/scripts/demo/magic-link-first-green.mjs +118 -0
package/scripts/demo/magic-link-kind-smoke.mjs +577 -0
package/scripts/demo/mcp-paid-exa.mjs +1110 -0
package/scripts/dev/billing-doctor.sh +145 -0
package/scripts/dev/billing-smoke-prod.sh +219 -0
package/scripts/dev/billing-webhook-replay.sh +161 -0
package/scripts/dev/env.dev.example +29 -0
package/scripts/dev/env.sh +37 -0
package/scripts/dev/new-sdk-key.sh +81 -0
package/scripts/dev/sdk-first-run.sh +21 -0
package/scripts/dev/smoke-x402-gateway.sh +115 -0
package/scripts/dev/start-api.sh +24 -0
package/scripts/doctor/mcp-host.mjs +120 -0
package/scripts/examples/produce-and-verify-jobproof.mjs +191 -0
package/scripts/examples/sdk-first-paid-rfq.py +105 -0
package/scripts/examples/sdk-first-verified-run.mjs +85 -0
package/scripts/examples/sdk-first-verified-run.py +99 -0
package/scripts/examples/sdk-tenant-analytics.mjs +103 -0
package/scripts/examples/sdk-tenant-analytics.py +118 -0
package/scripts/finance-pack/bundle.mjs +284 -0
package/scripts/fixtures/generate-bundle-fixtures.mjs +877 -0
package/scripts/governance/export.mjs +169 -0
package/scripts/load/delivery-stress.k6.js +183 -0
package/scripts/load/ingest-burst.k6.js +236 -0
package/scripts/load/run-delivery-load.js +66 -0
package/scripts/load/webhook-receiver.js +131 -0
package/scripts/magic-link/migrate-run-records-to-db.mjs +35 -0
package/scripts/mcp/probe.mjs +238 -0
package/scripts/mcp/settld-mcp-http-gateway.mjs +178 -0
package/scripts/mcp/settld-mcp-server.mjs +1511 -0
package/scripts/openapi/write.mjs +13 -0
package/scripts/ops/bootstrap-tenant-conformance.mjs +185 -0
package/scripts/ops/build-x402-pilot-reliability-report.mjs +489 -0
package/scripts/ops/check-x402-receipt-sample.mjs +181 -0
package/scripts/ops/design-partner-run-packet.mjs +466 -0
package/scripts/ops/dispute-finance-reconciliation-packet.mjs +313 -0
package/scripts/ops/hosted-baseline-evidence.mjs +890 -0
package/scripts/ops/money-rails-chargeback-evidence.mjs +509 -0
package/scripts/ops/money-rails-reconcile-evidence.mjs +180 -0
package/scripts/ops/p0-seed-money-rail-operation.mjs +432 -0
package/scripts/ops/run-x402-hitl-smoke.mjs +607 -0
package/scripts/pilot/finance-pack.mjs +495 -0
package/scripts/pilot/fixtures/robot-keypair.json +4 -0
package/scripts/pilot/fixtures/server-signer.json +4 -0
package/scripts/policy/cli.mjs +600 -0
package/scripts/profile/cli.mjs +1324 -0
package/scripts/proof-bundle/job.mjs +109 -0
package/scripts/proof-bundle/lib.mjs +92 -0
package/scripts/proof-bundle/month.mjs +103 -0
package/scripts/provider/conformance-run.mjs +159 -0
package/scripts/provider/keys-generate.mjs +135 -0
package/scripts/provider/publish.mjs +420 -0
package/scripts/quickstart/x402.mjs +334 -0
package/scripts/register-entity-secret.mjs +102 -0
package/scripts/release/build-artifacts.mjs +181 -0
package/scripts/release/generate-release-index.mjs +112 -0
package/scripts/release/release-index-lib.mjs +232 -0
package/scripts/release/sign-release-index.mjs +85 -0
package/scripts/release/validate-release-assets.mjs +170 -0
package/scripts/release/verify-release.mjs +261 -0
package/scripts/restore-pg.sh +34 -0
package/scripts/scaffold/create-settld-paid-tool.mjs +19 -0
package/scripts/sdk/smoke-python.py +30 -0
package/scripts/sdk/smoke.mjs +16 -0
package/scripts/settlement/x402-batch-worker.mjs +1091 -0
package/scripts/setup/circle-bootstrap.mjs +310 -0
package/scripts/setup/host-config.mjs +617 -0
package/scripts/setup/onboard.mjs +1337 -0
package/scripts/setup/openclaw-onboard.mjs +423 -0
package/scripts/setup/wizard.mjs +986 -0
package/scripts/slo/check.mjs +239 -0
package/scripts/smoke/k8s-smoke.mjs +214 -0
package/scripts/spec/generate-protocol-vectors.mjs +1019 -0
package/scripts/test/check-no-generated-artifacts.sh +12 -0
package/scripts/test/run.sh +59 -0
package/scripts/trust/validate-trust-file.mjs +57 -0
package/scripts/trust-config/rotate-settld-pay.mjs +277 -0
package/scripts/trust-config/wizard.mjs +161 -0
package/scripts/vendor-contract-test-lib.mjs +182 -0
package/scripts/vendor-contract-test.mjs +55 -0
package/scripts/vercel/build-mkdocs.sh +9 -0
package/scripts/vercel/ignore-mkdocs.sh +25 -0
package/scripts/vercel/install-mkdocs.sh +6 -0
package/scripts/verify-pg.js +217 -0
package/scripts/x402/receipt-verify.mjs +289 -0
package/services/finance-sink/src/dedupe-store.js +29 -6
package/services/receiver/src/dedupe-store.js +29 -5
package/services/x402-gateway/Dockerfile +13 -0
package/services/x402-gateway/README.md +58 -0
package/services/x402-gateway/examples/upstream-mock.js +337 -0
package/services/x402-gateway/src/server.js +1058 -0
package/src/api/app.js +34658 -16940
package/src/api/maintenance.js +70 -0
package/src/api/middleware/trust-kernel.js +114 -0
package/src/api/openapi.js +1778 -70
package/src/api/persistence.js +456 -0
package/src/api/server.js +81 -5
package/src/api/store.js +1581 -62
package/src/api/workers/deliveries.js +99 -4
package/src/api/workers/insolvency-sweep.js +159 -0
package/src/core/agent-card.js +69 -0
package/src/core/agent-wallets.js +231 -0
package/src/core/agreement-delegation.js +549 -0
package/src/core/billing-plans.js +40 -6
package/src/core/circle-reserve-adapter.js +845 -0
package/src/core/event-policy.js +21 -2
package/src/core/maintenance-locks.js +1 -0
package/src/core/operator-action.js +303 -0
package/src/core/paid-tool-manifest.js +318 -0
package/src/core/policy-decision.js +322 -0
package/src/core/policy-packs.js +207 -0
package/src/core/profile-fingerprint.js +27 -0
package/src/core/profile-simulation-reasons.js +84 -0
package/src/core/profile-templates.js +242 -0
package/src/core/provider-publish-conformance.js +525 -0
package/src/core/provider-publish-proof.js +396 -0
package/src/core/provider-quote-signature.js +170 -0
package/src/core/settld-keys.js +112 -0
package/src/core/settld-pay-token.js +344 -0
package/src/core/settlement-kernel.js +239 -2
package/src/core/settlement-verifier.js +335 -0
package/src/core/tool-call-agreement.js +112 -0
package/src/core/tool-call-evidence.js +144 -0
package/src/core/tool-provider-signature.js +98 -0
package/src/core/wallet-assignment-resolver.js +129 -0
package/src/core/wallet-provider-bootstrap.js +365 -0
package/src/core/x402-escalation-override.js +258 -0
package/src/core/x402-gate.js +118 -0
package/src/core/x402-provider-refund-decision.js +220 -0
package/src/core/x402-receipt-verifier.js +708 -0
package/src/core/x402-reversal-command.js +251 -0
package/src/core/x402-wallet-issuer-decision.js +252 -0
package/src/core/zk-verifier.js +300 -0
package/src/db/migrations/029_reputation_event_index.sql +54 -0
package/src/db/migrations/030_artifacts_source_event_unique_job_only.sql +15 -0
package/src/db/pg.js +18 -7
package/src/db/store-pg.js +1508 -111

package/scripts/test/check-no-generated-artifacts.sh ADDED Viewed

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+cd "$(dirname "$0")/../.."
+bad="$(git ls-files -z -- '*.pyc' '**/__pycache__/**' '.venv/**' | tr '\0' '\n' | sed '/^$/d' || true)"
+if [[ -n "$bad" ]]; then
+  echo "generated artifacts are tracked in git (must be removed):" >&2
+  echo "$bad" >&2
+  exit 1
+fi

package/scripts/test/run.sh ADDED Viewed

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+set -euo pipefail
+cd "$(dirname "$0")/../.."
+PROBLEM_TESTS=(
+  "test/api-e2e-x402-authorize-payment.test.js"
+  "test/api-python-sdk-first-paid-task-smoke.test.js"
+  "test/api-python-sdk-first-verified-run-smoke.test.js"
+  "test/magic-link-onboarding-live-contract.test.js"
+  "test/magic-link-service.test.js"
+  "test/mcp-http-gateway.test.js"
+  "test/mcp-stdio-spike.test.js"
+  "test/payment-triggers.test.js"
+  "test/sdk-tenant-analytics-examples-smoke.test.js"
+  "test/trust-config-wizard-cli.test.js"
+)
+NOO_REGRESSION_TEST_FILE="test/api-e2e-x402-authorize-payment.test.js"
+REQUIRED_NOO_REGRESSION_TESTS=(
+  "API e2e: x402 authorize-payment and verify fail closed on missing or revoked passport when required"
+  "API e2e: x402 authorize-payment requires valid execution intent when enabled"
+  "API e2e: verify enforces strict request binding evidence for quote-bound authorization"
+)
+for test_name in "${REQUIRED_NOO_REGRESSION_TESTS[@]}"; do
+  if ! grep -F "test(\"${test_name}\"" "$NOO_REGRESSION_TEST_FILE" >/dev/null; then
+    echo "missing required NOO regression test: ${test_name}" >&2
+    exit 1
+  fi
+done
+SAFE_TESTS=()
+for fp in $(ls test/*.test.js | sort); do
+  is_problem_test=0
+  for problem in "${PROBLEM_TESTS[@]}"; do
+    if [[ "$fp" == "$problem" ]]; then
+      is_problem_test=1
+      break
+    fi
+  done
+  if [[ "$is_problem_test" -eq 0 ]]; then
+    SAFE_TESTS+=("$fp")
+  fi
+done
+# Phase 1: bulk suite (fast).
+# NOTE: These files sporadically fail when executed *after* a large multi-file
+# `node --test` run (Node 18 test runner multi-file mode), while they pass when
+# run first in a fresh process. Running them first keeps `npm test` stable.
+for fp in "${PROBLEM_TESTS[@]}"; do
+  node --test "$fp"
+done
+# Phase 2: bulk suite (fast).
+node --test "${SAFE_TESTS[@]}"
+# Post-check: ensure we never accidentally track generated artifacts.
+bash scripts/test/check-no-generated-artifacts.sh

package/scripts/trust/validate-trust-file.mjs ADDED Viewed

@@ -0,0 +1,57 @@
+import fs from "node:fs/promises";
+import fsSync from "node:fs";
+import path from "node:path";
+function usage() {
+  fsSync.writeFileSync(2, "usage: node scripts/trust/validate-trust-file.mjs <trust.json>\n");
+  process.exit(2);
+}
+function isPlainObject(v) {
+  return Boolean(v && typeof v === "object" && !Array.isArray(v) && (Object.getPrototypeOf(v) === Object.prototype || Object.getPrototypeOf(v) === null));
+}
+function validateKeyMap(map, label) {
+  if (map === undefined || map === null) return { ok: true, keys: 0 };
+  if (!isPlainObject(map)) return { ok: false, error: `${label} must be an object mapping keyId -> publicKeyPem` };
+  for (const [k, v] of Object.entries(map)) {
+    if (typeof k !== "string" || !k.trim()) return { ok: false, error: `${label} has an invalid keyId` };
+    if (typeof v !== "string" || !v.trim()) return { ok: false, error: `${label}[${k}] must be a non-empty PEM string` };
+    // Best-effort sanity check (format may evolve, but we at least reject obvious garbage).
+    if (!v.includes("BEGIN PUBLIC KEY") || !v.includes("END PUBLIC KEY")) return { ok: false, error: `${label}[${k}] does not look like a public key PEM` };
+  }
+  return { ok: true, keys: Object.keys(map).length };
+}
+async function main() {
+  const fp = process.argv[2] ?? null;
+  if (!fp || fp === "--help" || fp === "-h") usage();
+  const abs = path.resolve(process.cwd(), fp);
+  const raw = await fs.readFile(abs, "utf8");
+  let json;
+  try {
+    json = JSON.parse(raw);
+  } catch (err) {
+    fsSync.writeFileSync(2, `invalid JSON: ${err?.message ?? String(err ?? "")}\n`);
+    process.exit(2);
+  }
+  if (!isPlainObject(json)) {
+    fsSync.writeFileSync(2, "trust.json must be an object\n");
+    process.exit(2);
+  }
+  const gov = validateKeyMap(json.governanceRoots, "governanceRoots");
+  if (!gov.ok) {
+    fsSync.writeFileSync(2, String(gov.error ?? "invalid governanceRoots") + "\n");
+    process.exit(2);
+  }
+  const time = validateKeyMap(json.timeAuthorities, "timeAuthorities");
+  if (!time.ok) {
+    fsSync.writeFileSync(2, String(time.error ?? "invalid timeAuthorities") + "\n");
+    process.exit(2);
+  }
+  fsSync.writeFileSync(1, `ok governanceRoots=${gov.keys} timeAuthorities=${time.keys}\n`);
+}
+await main();

package/scripts/trust-config/rotate-settld-pay.mjs ADDED Viewed

@@ -0,0 +1,277 @@
+#!/usr/bin/env node
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import fs from "node:fs";
+import path from "node:path";
+import process from "node:process";
+import { createEd25519Keypair, keyIdFromPublicKeyPem } from "../../src/core/crypto.js";
+import { buildSettldPayKeysetV1 } from "../../src/core/settld-keys.js";
+const SERVER_SIGNER_FILENAME = "server-signer.json";
+const SETTLD_PAY_KEYSET_STORE_FILENAME = "settld-pay-keyset-store.json";
+function usage() {
+  return [
+    "Usage:",
+    "  node scripts/trust-config/rotate-settld-pay.mjs [--data-dir <path>] [--report <path>] [--keep-previous <n>] [--bootstrap]",
+    "",
+    "Options:",
+    "  --data-dir <path>      Data directory containing signer material (default: $PROXY_DATA_DIR or ./data)",
+    "  --report <path>        Optional JSON artifact path for rotation report",
+    "  --keep-previous <n>    Number of previous public keys to keep published (default: 2)",
+    "  --bootstrap            Allow creating an initial signer if no existing signer is found",
+    "  --help                 Show this help"
+  ].join("\n");
+}
+function parseArgs(argv) {
+  const out = {
+    dataDir: process.env.PROXY_DATA_DIR && String(process.env.PROXY_DATA_DIR).trim() !== "" ? String(process.env.PROXY_DATA_DIR).trim() : "data",
+    reportPath: null,
+    keepPrevious: 2,
+    bootstrap: false
+  };
+  for (let i = 0; i < argv.length; i += 1) {
+    const a = String(argv[i] ?? "");
+    if (a === "--help" || a === "-h") {
+      out.help = true;
+      continue;
+    }
+    if (a === "--bootstrap") {
+      out.bootstrap = true;
+      continue;
+    }
+    if (a === "--data-dir") {
+      const value = argv[i + 1];
+      if (!value) throw new Error("--data-dir requires a value");
+      out.dataDir = String(value);
+      i += 1;
+      continue;
+    }
+    if (a === "--report") {
+      const value = argv[i + 1];
+      if (!value) throw new Error("--report requires a value");
+      out.reportPath = String(value);
+      i += 1;
+      continue;
+    }
+    if (a === "--keep-previous") {
+      const value = Number(argv[i + 1]);
+      if (!Number.isSafeInteger(value) || value < 0) throw new Error("--keep-previous must be a non-negative integer");
+      out.keepPrevious = value;
+      i += 1;
+      continue;
+    }
+    throw new Error(`unknown argument: ${a}`);
+  }
+  return out;
+}
+function normalizeKeyRow(row, { requirePrivate = false, fieldPath = "key" } = {}) {
+  if (!row || typeof row !== "object" || Array.isArray(row)) throw new Error(`${fieldPath} must be an object`);
+  const publicKeyPem = typeof row.publicKeyPem === "string" && row.publicKeyPem.trim() !== "" ? row.publicKeyPem : null;
+  if (!publicKeyPem) throw new Error(`${fieldPath}.publicKeyPem is required`);
+  const privateKeyPem = typeof row.privateKeyPem === "string" && row.privateKeyPem.trim() !== "" ? row.privateKeyPem : null;
+  if (requirePrivate && !privateKeyPem) throw new Error(`${fieldPath}.privateKeyPem is required`);
+  const derivedKeyId = keyIdFromPublicKeyPem(publicKeyPem);
+  const keyId = typeof row.keyId === "string" && row.keyId.trim() !== "" ? row.keyId.trim() : derivedKeyId;
+  if (keyId !== derivedKeyId) throw new Error(`${fieldPath}.keyId does not match publicKeyPem`);
+  return {
+    keyId,
+    publicKeyPem,
+    privateKeyPem,
+    rotatedAt: typeof row.rotatedAt === "string" && row.rotatedAt.trim() !== "" ? row.rotatedAt : null
+  };
+}
+function dedupePrevious(rows, { max = 2 } = {}) {
+  const out = [];
+  const seen = new Set();
+  for (const row of rows) {
+    if (!row || typeof row !== "object" || Array.isArray(row)) continue;
+    const normalized = normalizeKeyRow(row, { requirePrivate: false, fieldPath: "previous[]" });
+    if (seen.has(normalized.keyId)) continue;
+    seen.add(normalized.keyId);
+    out.push({
+      keyId: normalized.keyId,
+      publicKeyPem: normalized.publicKeyPem,
+      rotatedAt: normalized.rotatedAt
+    });
+    if (out.length >= max) break;
+  }
+  return out;
+}
+async function readJsonFileSafe(filePath) {
+  if (!fs.existsSync(filePath)) return null;
+  const raw = await readFile(filePath, "utf8");
+  return JSON.parse(raw);
+}
+async function loadSignerMaterial({ dataDir }) {
+  const keysetStorePath = path.join(dataDir, SETTLD_PAY_KEYSET_STORE_FILENAME);
+  const signerPath = path.join(dataDir, SERVER_SIGNER_FILENAME);
+  const keysetStore = await readJsonFileSafe(keysetStorePath);
+  if (keysetStore) {
+    const active = normalizeKeyRow(keysetStore.active, { requirePrivate: true, fieldPath: "active" });
+    const previous = Array.isArray(keysetStore.previous)
+      ? keysetStore.previous.map((row, idx) => normalizeKeyRow(row, { requirePrivate: false, fieldPath: `previous[${idx}]` }))
+      : [];
+    return {
+      source: "keyset-store",
+      active,
+      previous
+    };
+  }
+  const signer = await readJsonFileSafe(signerPath);
+  if (signer) {
+    const active = normalizeKeyRow(signer, { requirePrivate: true, fieldPath: "server-signer" });
+    return { source: "legacy-signer", active, previous: [] };
+  }
+  return null;
+}
+function buildProviderNotificationSnippet({
+  keysetUrl = "https://<your-settld-host>/.well-known/settld-keys.json",
+  newKeyId,
+  previousKeyIds,
+  overlapRecommendation
+} = {}) {
+  const previous = Array.isArray(previousKeyIds) && previousKeyIds.length > 0 ? previousKeyIds.join(", ") : "none";
+  return [
+    "Subject: SettldPay signing key rotation notice",
+    "",
+    `Settld has rotated its SettldPay signing key.`,
+    `- New active kid: ${newKeyId}`,
+    `- Previous kids still published: ${previous}`,
+    `- Keyset URL: ${keysetUrl}`,
+    "",
+    "Action requested:",
+    "1. Keep verifying tokens by resolving kid from the keyset URL.",
+    "2. Refresh cached keyset according to Cache-Control (or immediately if pinned).",
+    `3. Do not remove previously cached keys before overlap window ends (${overlapRecommendation}).`
+  ].join("\n");
+}
+async function main() {
+  let args;
+  try {
+    args = parseArgs(process.argv.slice(2));
+  } catch (err) {
+    process.stderr.write(`${err?.message ?? String(err)}\n\n${usage()}\n`);
+    process.exitCode = 1;
+    return;
+  }
+  if (args.help) {
+    process.stdout.write(usage() + "\n");
+    return;
+  }
+  const dataDir = path.resolve(process.cwd(), args.dataDir);
+  await mkdir(dataDir, { recursive: true });
+  const existing = await loadSignerMaterial({ dataDir });
+  if (!existing && !args.bootstrap) {
+    throw new Error(
+      `no existing signer found in ${dataDir}; rerun with --bootstrap to create the initial signer and keyset store`
+    );
+  }
+  const nowIso = new Date().toISOString();
+  const newKeypair = createEd25519Keypair();
+  const newKeyId = keyIdFromPublicKeyPem(newKeypair.publicKeyPem);
+  const oldActive = existing?.active ?? null;
+  const previousRows = dedupePrevious(
+    [
+      ...(oldActive
+        ? [
+            {
+              keyId: oldActive.keyId,
+              publicKeyPem: oldActive.publicKeyPem,
+              rotatedAt: nowIso
+            }
+          ]
+        : []),
+      ...(existing?.previous ?? [])
+    ],
+    { max: args.keepPrevious }
+  );
+  const keysetStore = {
+    schemaVersion: "SettldPayKeysetStore.v1",
+    updatedAt: nowIso,
+    active: {
+      keyId: newKeyId,
+      publicKeyPem: newKeypair.publicKeyPem,
+      privateKeyPem: newKeypair.privateKeyPem,
+      rotatedFromKeyId: oldActive?.keyId ?? null
+    },
+    previous: previousRows
+  };
+  const signerCompat = {
+    publicKeyPem: newKeypair.publicKeyPem,
+    privateKeyPem: newKeypair.privateKeyPem
+  };
+  const keysetStorePath = path.join(dataDir, SETTLD_PAY_KEYSET_STORE_FILENAME);
+  const signerPath = path.join(dataDir, SERVER_SIGNER_FILENAME);
+  await writeFile(keysetStorePath, JSON.stringify(keysetStore, null, 2) + "\n", "utf8");
+  await writeFile(signerPath, JSON.stringify(signerCompat, null, 2) + "\n", "utf8");
+  const servedKeyset = buildSettldPayKeysetV1({
+    activeKey: { keyId: newKeyId, publicKeyPem: newKeypair.publicKeyPem },
+    fallbackKeys: previousRows.map((row) => ({ keyId: row.keyId, publicKeyPem: row.publicKeyPem })),
+    refreshedAt: nowIso
+  });
+  const activeJwksEntry = Array.isArray(servedKeyset.keys) ? servedKeyset.keys.find((row) => row.kid === newKeyId) : null;
+  const notification = buildProviderNotificationSnippet({
+    newKeyId,
+    previousKeyIds: previousRows.map((row) => row.keyId),
+    overlapRecommendation: "token TTL + cache max-age safety margin"
+  });
+  const report = {
+    schemaVersion: "SettldPayKeyRotationReport.v1",
+    rotatedAt: nowIso,
+    dataDir,
+    source: existing?.source ?? "bootstrap",
+    oldActiveKeyId: oldActive?.keyId ?? null,
+    newActiveKeyId: newKeyId,
+    previousKeyIds: previousRows.map((row) => row.keyId),
+    files: {
+      keysetStorePath,
+      signerCompatPath: signerPath
+    },
+    servedKeyset
+  };
+  if (args.reportPath) {
+    const reportPath = path.resolve(process.cwd(), args.reportPath);
+    await mkdir(path.dirname(reportPath), { recursive: true });
+    await writeFile(reportPath, JSON.stringify(report, null, 2) + "\n", "utf8");
+    report.reportPath = reportPath;
+  }
+  process.stdout.write(`rotated_at=${nowIso}\n`);
+  process.stdout.write(`data_dir=${dataDir}\n`);
+  process.stdout.write(`old_active_kid=${oldActive?.keyId ?? "none"}\n`);
+  process.stdout.write(`new_active_kid=${newKeyId}\n`);
+  process.stdout.write(`previous_kids=${previousRows.map((row) => row.keyId).join(",") || "none"}\n`);
+  process.stdout.write("\nJWKS active entry:\n");
+  process.stdout.write(JSON.stringify(activeJwksEntry ?? null, null, 2) + "\n");
+  process.stdout.write("\nProvider notification snippet:\n");
+  process.stdout.write(notification + "\n");
+  if (report.reportPath) {
+    process.stdout.write(`\nrotation_report=${report.reportPath}\n`);
+  }
+}
+main().catch((err) => {
+  process.stderr.write(`${err?.stack ?? err?.message ?? String(err)}\n`);
+  process.exitCode = 1;
+});

package/scripts/trust-config/wizard.mjs ADDED Viewed

@@ -0,0 +1,161 @@
+#!/usr/bin/env node
+import fs from "node:fs/promises";
+import {
+  SLA_POLICY_TEMPLATE_CATALOG_VERSION,
+  getSlaPolicyTemplate,
+  listSlaPolicyTemplates,
+  renderSlaPolicyTemplate
+} from "../../src/core/sla-policy-templates.js";
+function usage() {
+  const text = [
+    "usage:",
+    "  node scripts/trust-config/wizard.mjs list [--vertical delivery|security] [--format json|text]",
+    "  node scripts/trust-config/wizard.mjs show --template <templateId> [--format json|text]",
+    "  node scripts/trust-config/wizard.mjs render --template <templateId> [--overrides-json <json>] [--out <path>] [--format json|text]",
+    "  node scripts/trust-config/wizard.mjs validate --template <templateId> [--overrides-json <json>] [--format json|text]"
+  ].join("\n");
+  process.stderr.write(text + "\n");
+}
+function parseArgs(argv) {
+  const out = {
+    command: argv[0] ?? null,
+    templateId: null,
+    vertical: null,
+    overridesJson: null,
+    outPath: null,
+    format: "json"
+  };
+  for (let i = 1; i < argv.length; i += 1) {
+    const arg = argv[i];
+    if (arg === "--template") {
+      out.templateId = String(argv[i + 1] ?? "");
+      i += 1;
+      continue;
+    }
+    if (arg === "--vertical") {
+      out.vertical = String(argv[i + 1] ?? "");
+      i += 1;
+      continue;
+    }
+    if (arg === "--overrides-json") {
+      out.overridesJson = String(argv[i + 1] ?? "");
+      i += 1;
+      continue;
+    }
+    if (arg === "--out") {
+      out.outPath = String(argv[i + 1] ?? "");
+      i += 1;
+      continue;
+    }
+    if (arg === "--format") {
+      out.format = String(argv[i + 1] ?? "").trim().toLowerCase();
+      i += 1;
+      continue;
+    }
+    if (arg === "--help" || arg === "-h") {
+      usage();
+      process.exit(0);
+    }
+    throw new Error(`unknown argument: ${arg}`);
+  }
+  if (!out.command) throw new Error("command is required");
+  if (out.format !== "json" && out.format !== "text") throw new Error("format must be json or text");
+  return out;
+}
+function parseOverrides(overridesJson) {
+  if (!overridesJson || !String(overridesJson).trim()) return null;
+  try {
+    return JSON.parse(String(overridesJson));
+  } catch (err) {
+    throw new Error(`invalid --overrides-json: ${err?.message ?? "parse failed"}`);
+  }
+}
+function renderTextList(templates) {
+  const lines = [];
+  for (const template of templates) {
+    lines.push(`${template.templateId}\t${template.vertical}\t${template.name}`);
+  }
+  return lines.join("\n") + (lines.length ? "\n" : "");
+}
+function renderTextShow(template) {
+  return [
+    `templateId: ${template.templateId}`,
+    `vertical: ${template.vertical}`,
+    `name: ${template.name}`,
+    `description: ${template.description}`
+  ].join("\n") + "\n";
+}
+async function output({ format, payload, text, outPath }) {
+  const body = format === "json" ? JSON.stringify(payload, null, 2) + "\n" : text;
+  if (outPath) {
+    await fs.writeFile(outPath, body, "utf8");
+    return;
+  }
+  process.stdout.write(body);
+}
+async function main() {
+  let parsed;
+  try {
+    parsed = parseArgs(process.argv.slice(2));
+  } catch (err) {
+    usage();
+    process.stderr.write(`${err?.message ?? "invalid arguments"}\n`);
+    process.exit(2);
+  }
+  const overrides = parseOverrides(parsed.overridesJson);
+  if (parsed.command === "list") {
+    const templates = listSlaPolicyTemplates({ vertical: parsed.vertical });
+    const payload = { schemaVersion: SLA_POLICY_TEMPLATE_CATALOG_VERSION, templates };
+    await output({ format: parsed.format, payload, text: renderTextList(templates), outPath: parsed.outPath });
+    return;
+  }
+  if (parsed.command === "show") {
+    if (!parsed.templateId) throw new Error("--template is required for show");
+    const template = getSlaPolicyTemplate({ templateId: parsed.templateId });
+    if (!template) throw new Error("template not found");
+    await output({ format: parsed.format, payload: template, text: renderTextShow(template), outPath: parsed.outPath });
+    return;
+  }
+  if (parsed.command === "render") {
+    if (!parsed.templateId) throw new Error("--template is required for render");
+    const rendered = renderSlaPolicyTemplate({ templateId: parsed.templateId, overrides });
+    if (!rendered) throw new Error("template not found");
+    const payload = {
+      schemaVersion: "SettldTrustWizardOutput.v1",
+      templateId: rendered.templateId,
+      config: rendered.defaults
+    };
+    const text = JSON.stringify(payload.config, null, 2) + "\n";
+    await output({ format: parsed.format, payload, text, outPath: parsed.outPath });
+    return;
+  }
+  if (parsed.command === "validate") {
+    if (!parsed.templateId) throw new Error("--template is required for validate");
+    const rendered = renderSlaPolicyTemplate({ templateId: parsed.templateId, overrides });
+    if (!rendered) throw new Error("template not found");
+    const payload = { ok: true, templateId: rendered.templateId };
+    const text = "ok\n";
+    await output({ format: parsed.format, payload, text, outPath: parsed.outPath });
+    return;
+  }
+  throw new Error(`unsupported command: ${parsed.command}`);
+}
+main().catch((err) => {
+  process.stderr.write(`${err?.message ?? "error"}\n`);
+  process.exit(1);
+});