settld 0.1.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (483) hide show
  1. package/README.md +93 -3
  2. package/SETTLD_VERSION +1 -1
  3. package/bin/settld-mcp +2 -0
  4. package/bin/settld.js +71 -0
  5. package/conformance/kernel-v0/README.md +7 -0
  6. package/conformance/kernel-v0/run.mjs +292 -4
  7. package/docs/ACCESS.md +57 -0
  8. package/docs/ADOPTION_CHECKLIST.md +44 -0
  9. package/docs/ALERTS.md +198 -0
  10. package/docs/ARCHITECTURE.md +69 -0
  11. package/docs/ARCHITECTURE_FOUNDER_GUIDE.md +284 -0
  12. package/docs/ARTIFACTS.md +60 -0
  13. package/docs/CERTIFICATION_CHECKLIST.md +33 -0
  14. package/docs/CIRCLE_SANDBOX_E2E.md +152 -0
  15. package/docs/CONFIG.md +297 -0
  16. package/docs/CONTRACTS_APIS.md +23 -0
  17. package/docs/DEPRECATION.md +31 -0
  18. package/docs/DOMAIN_MODEL.md +92 -0
  19. package/docs/EVENT_ENVELOPE.md +53 -0
  20. package/docs/FINANCE_PACK_FORMAT.md +53 -0
  21. package/docs/INCIDENT_TAXONOMY.md +30 -0
  22. package/docs/JOB_STATE_MACHINE.md +66 -0
  23. package/docs/KERNEL_COMPATIBLE.md +60 -0
  24. package/docs/KERNEL_V0.md +40 -0
  25. package/docs/KEY_ROTATION.md +80 -0
  26. package/docs/LEDGER.md +82 -0
  27. package/docs/LIVENESS.md +76 -0
  28. package/docs/MVP_BUILD_ORDER.md +36 -0
  29. package/docs/ONCALL_PLAYBOOK.md +39 -0
  30. package/docs/OPERATIONS_SIGNING.md +20 -0
  31. package/docs/OVERVIEW.md +190 -0
  32. package/docs/PERF_BASELINE.md +85 -0
  33. package/docs/PRD.md +77 -0
  34. package/docs/QUICKSTART_KERNEL_V0.md +96 -0
  35. package/docs/QUICKSTART_MCP.md +377 -0
  36. package/docs/QUICKSTART_MCP_HOSTS.md +210 -0
  37. package/docs/QUICKSTART_POLICY_PACKS.md +65 -0
  38. package/docs/QUICKSTART_PRODUCE.md +61 -0
  39. package/docs/QUICKSTART_PROFILES.md +198 -0
  40. package/docs/QUICKSTART_RELEASE_VERIFY.md +39 -0
  41. package/docs/QUICKSTART_SDK.md +125 -0
  42. package/docs/QUICKSTART_SDK_PYTHON.md +111 -0
  43. package/docs/QUICKSTART_VERIFY.md +54 -0
  44. package/docs/QUICKSTART_X402_GATEWAY.md +317 -0
  45. package/docs/README.md +33 -0
  46. package/docs/RELEASE_CHECKLIST.md +182 -0
  47. package/docs/RELEASING.md +82 -0
  48. package/docs/REPO_SETTINGS.md +37 -0
  49. package/docs/RUNBOOK.md +86 -0
  50. package/docs/SKILLS.md +42 -0
  51. package/docs/SKILL_BUNDLE_FORMAT.md +48 -0
  52. package/docs/SLO.md +131 -0
  53. package/docs/SUMMARY.md +17 -0
  54. package/docs/SUPPORT.md +31 -0
  55. package/docs/THREAT_MODEL.md +36 -0
  56. package/docs/TRUST.md +59 -0
  57. package/docs/WORKFLOW.md +35 -0
  58. package/docs/X402_BATCH_SETTLEMENT.md +126 -0
  59. package/docs/blog/2026-02-14-your-ai-agent-just-spent-500-where-is-the-receipt.md +73 -0
  60. package/docs/examples/x402-provider-payout-registry.example.json +14 -0
  61. package/docs/gitbook/README.md +64 -0
  62. package/docs/gitbook/SETUP.md +25 -0
  63. package/docs/gitbook/SUMMARY.md +15 -0
  64. package/docs/gitbook/api-reference.md +73 -0
  65. package/docs/gitbook/closepacks.md +55 -0
  66. package/docs/gitbook/conformance.md +59 -0
  67. package/docs/gitbook/core-primitives.md +85 -0
  68. package/docs/gitbook/dispute-lifecycle.md +33 -0
  69. package/docs/gitbook/faq.md +21 -0
  70. package/docs/gitbook/guides.md +49 -0
  71. package/docs/gitbook/operations-runbook.md +36 -0
  72. package/docs/gitbook/quickstart.md +103 -0
  73. package/docs/gitbook/replay-and-audit.md +30 -0
  74. package/docs/gitbook/sdk-reference.md +35 -0
  75. package/docs/gitbook/security-model.md +58 -0
  76. package/docs/integrations/README.md +15 -0
  77. package/docs/integrations/github-actions-verify.yml +31 -0
  78. package/docs/integrations/github-actions.md +34 -0
  79. package/docs/integrations/openclaw/CLAWHUB_PUBLISH_CHECKLIST.md +65 -0
  80. package/docs/integrations/openclaw/PUBLIC_QUICKSTART.md +95 -0
  81. package/docs/integrations/openclaw/settld-mcp-skill/SKILL.md +69 -0
  82. package/docs/integrations/openclaw/settld-mcp-skill/mcp-server.example.json +12 -0
  83. package/docs/kernel-compatible/capabilities.json +36 -0
  84. package/docs/marketing/agent-commerce-substrate.md +78 -0
  85. package/docs/marketing/hn-repost-2026-02-17.md +102 -0
  86. package/docs/marketing/show-hn-post.md +45 -0
  87. package/docs/ops/ARTIFACT_VERIFICATION_STATUS.md +43 -0
  88. package/docs/ops/BILLING_WEBHOOK_REPLAY.md +105 -0
  89. package/docs/ops/CI_FLAKE_BUDGET.md +31 -0
  90. package/docs/ops/DISPUTE_FINANCE_RECONCILIATION_PACKET.md +56 -0
  91. package/docs/ops/GO_LIVE_GATE_S13.md +27 -0
  92. package/docs/ops/HOSTED_BASELINE_R2.md +129 -0
  93. package/docs/ops/KERNEL_V0_SHIP_GATE.md +69 -0
  94. package/docs/ops/LIGHTHOUSE_PRODUCTION_CLOSE.md +51 -0
  95. package/docs/ops/MCP_COMPATIBILITY_MATRIX.md +30 -0
  96. package/docs/ops/MINIMUM_PRODUCTION_TOPOLOGY.md +89 -0
  97. package/docs/ops/P0_BACKEND_PROGRESS.md +150 -0
  98. package/docs/ops/PAYMENTS_ALPHA_R5.md +105 -0
  99. package/docs/ops/PILOT_ONBOARDING_RUNBOOK.md +112 -0
  100. package/docs/ops/PRODUCTION_DEPLOYMENT_CHECKLIST.md +140 -0
  101. package/docs/ops/R1_SLOS.md +66 -0
  102. package/docs/ops/RELEASE_SIGNING_INCIDENT.md +58 -0
  103. package/docs/ops/SELF_SERVE_LAUNCH_AUTOMATION.md +89 -0
  104. package/docs/ops/THROUGHPUT_DRILL_10X.md +48 -0
  105. package/docs/ops/TRUST_CONFIG_WIZARD.md +60 -0
  106. package/docs/ops/X402_PILOT_WEEKLY_METRICS.md +76 -0
  107. package/docs/ops/tool-call-disputes-holdback.md +52 -0
  108. package/docs/pilot-kit/PILOT_PACKAGE_SCORECARD_X402.md +46 -0
  109. package/docs/pilot-kit/README.md +29 -0
  110. package/docs/pilot-kit/architecture-one-pager.md +48 -0
  111. package/docs/pilot-kit/buyer-email.txt +19 -0
  112. package/docs/pilot-kit/buyer-one-pager.md +31 -0
  113. package/docs/pilot-kit/gtm-pilot-playbook.md +182 -0
  114. package/docs/pilot-kit/offline-verify.md +33 -0
  115. package/docs/pilot-kit/procurement-one-pager.md +50 -0
  116. package/docs/pilot-kit/rfp-clause.md +46 -0
  117. package/docs/pilot-kit/roi-calculator-template.csv +2 -0
  118. package/docs/pilot-kit/security-qa.md +153 -0
  119. package/docs/pilot-kit/security-summary.md +35 -0
  120. package/docs/plans/2026-02-13-mcp-spike-design.md +113 -0
  121. package/docs/plans/2026-02-20-trust-os-v1-jira-backlog.md +348 -0
  122. package/docs/plans/2026-02-21-agent-economic-actor-operating-model.md +169 -0
  123. package/docs/plans/2026-02-21-trust-os-v1-strategy.md +241 -0
  124. package/docs/research/2026-02-21-agent-spend-host-landscape.md +57 -0
  125. package/docs/spec/AcceptanceCriteria.v1.md +17 -0
  126. package/docs/spec/AcceptanceEvaluation.v1.md +10 -0
  127. package/docs/spec/AgentEvent.v1.md +47 -0
  128. package/docs/spec/AgentIdentity.v1.md +62 -0
  129. package/docs/spec/AgentPassport.v1.md +95 -0
  130. package/docs/spec/AgentReputation.v1.md +59 -0
  131. package/docs/spec/AgentReputation.v2.md +52 -0
  132. package/docs/spec/AgentRun.v1.md +47 -0
  133. package/docs/spec/AgentRunSettlement.v1.md +52 -0
  134. package/docs/spec/AgentWallet.v1.md +43 -0
  135. package/docs/spec/AgreementDelegation.v1.md +109 -0
  136. package/docs/spec/ArbitrationCase.v1.md +67 -0
  137. package/docs/spec/ArbitrationOutcomeMapping.v1.md +62 -0
  138. package/docs/spec/ArbitrationVerdict.v1.md +60 -0
  139. package/docs/spec/BundleHeadAttestation.v1.md +32 -0
  140. package/docs/spec/CANONICAL_JSON.md +31 -0
  141. package/docs/spec/CRYPTOGRAPHY.md +61 -0
  142. package/docs/spec/ClosePack.v1.md +49 -0
  143. package/docs/spec/ClosePackManifest.v1.md +24 -0
  144. package/docs/spec/DelegationGrant.v1.md +90 -0
  145. package/docs/spec/DisputeCaseLifecycle.v1.md +51 -0
  146. package/docs/spec/DisputeOpenEnvelope.v1.md +43 -0
  147. package/docs/spec/ERRORS.md +76 -0
  148. package/docs/spec/ESCROW_NETTING_INVARIANTS.md +71 -0
  149. package/docs/spec/EvidenceIndex.v1.md +20 -0
  150. package/docs/spec/ExecutionIntent.v1.md +90 -0
  151. package/docs/spec/FinancePackBundleManifest.v1.md +24 -0
  152. package/docs/spec/FundingHold.v1.md +60 -0
  153. package/docs/spec/GovernancePolicy.v1.md +34 -0
  154. package/docs/spec/GovernancePolicy.v2.md +30 -0
  155. package/docs/spec/INVARIANTS.md +389 -0
  156. package/docs/spec/InteractionDirectionMatrix.v1.md +30 -0
  157. package/docs/spec/InvoiceBundleManifest.v1.md +24 -0
  158. package/docs/spec/InvoiceClaim.v1.md +11 -0
  159. package/docs/spec/MONEY_RAIL_STATE_MACHINE.md +58 -0
  160. package/docs/spec/MarketplaceAcceptance.v2.md +46 -0
  161. package/docs/spec/MarketplaceOffer.v2.md +54 -0
  162. package/docs/spec/MeteringReport.v1.md +18 -0
  163. package/docs/spec/OperatorAction.v1.md +90 -0
  164. package/docs/spec/PRODUCER_ERRORS.md +42 -0
  165. package/docs/spec/PolicyDecision.v1.md +83 -0
  166. package/docs/spec/PricingMatrix.v1.md +20 -0
  167. package/docs/spec/PricingMatrixSignatures.v1.md +30 -0
  168. package/docs/spec/PricingMatrixSignatures.v2.md +29 -0
  169. package/docs/spec/ProduceCliOutput.v1.md +46 -0
  170. package/docs/spec/ProofBundleManifest.v1.md +24 -0
  171. package/docs/spec/README.md +109 -0
  172. package/docs/spec/REFERENCE_IMPLEMENTATIONS.md +29 -0
  173. package/docs/spec/REFERENCE_VERIFIER_BEHAVIOR.md +68 -0
  174. package/docs/spec/REMOTE_SIGNER.md +66 -0
  175. package/docs/spec/ReleaseIndex.v1.md +32 -0
  176. package/docs/spec/ReleaseIndexSignatures.v1.md +17 -0
  177. package/docs/spec/ReleaseTrust.v1.md +13 -0
  178. package/docs/spec/ReleaseTrust.v2.md +26 -0
  179. package/docs/spec/RemoteSignerRequest.v1.md +21 -0
  180. package/docs/spec/RemoteSignerResponse.v1.md +16 -0
  181. package/docs/spec/ReputationEvent.v1.md +63 -0
  182. package/docs/spec/RevocationList.v1.md +28 -0
  183. package/docs/spec/SIGNER_PROVIDER_PLUGIN.md +32 -0
  184. package/docs/spec/STRICTNESS.md +68 -0
  185. package/docs/spec/SUPPLY_CHAIN.md +33 -0
  186. package/docs/spec/SettlementAdjustment.v1.md +45 -0
  187. package/docs/spec/SettlementDecisionRecord.v1.md +48 -0
  188. package/docs/spec/SettlementDecisionRecord.v2.md +53 -0
  189. package/docs/spec/SettlementDecisionReport.v1.md +44 -0
  190. package/docs/spec/SettlementKernel.v1.md +59 -0
  191. package/docs/spec/SettlementReceipt.v1.md +63 -0
  192. package/docs/spec/SlaDefinition.v1.md +24 -0
  193. package/docs/spec/SlaEvaluation.v1.md +12 -0
  194. package/docs/spec/THREAT_MODEL.md +113 -0
  195. package/docs/spec/TOOL_PROVENANCE.md +30 -0
  196. package/docs/spec/TRUST_ANCHORS.md +84 -0
  197. package/docs/spec/TenantSettings.v1.md +90 -0
  198. package/docs/spec/TenantSettings.v2.md +99 -0
  199. package/docs/spec/TimestampProof.v1.md +25 -0
  200. package/docs/spec/ToolCallAgreement.v1.md +34 -0
  201. package/docs/spec/ToolCallEvidence.v1.md +47 -0
  202. package/docs/spec/ToolManifest.v1.md +47 -0
  203. package/docs/spec/VERIFIER_ENVIRONMENT.md +38 -0
  204. package/docs/spec/VERSIONING.md +107 -0
  205. package/docs/spec/VerificationReport.v1.md +50 -0
  206. package/docs/spec/VerifyAboutOutput.v1.md +10 -0
  207. package/docs/spec/VerifyCliOutput.v1.md +28 -0
  208. package/docs/spec/WARNINGS.md +83 -0
  209. package/docs/spec/error-codes.v1.txt +285 -0
  210. package/docs/spec/examples/agreement_delegation_v1.example.json +21 -0
  211. package/docs/spec/examples/arbitration_case_v1.example.json +26 -0
  212. package/docs/spec/examples/arbitration_verdict_v1.example.json +32 -0
  213. package/docs/spec/examples/dispute_open_envelope_v1.example.json +18 -0
  214. package/docs/spec/examples/produce_cli_output_v1.example.json +32 -0
  215. package/docs/spec/examples/release_index_signature_v1.example.json +9 -0
  216. package/docs/spec/examples/release_index_signatures_v1.example.json +14 -0
  217. package/docs/spec/examples/release_index_v1.example.json +15 -0
  218. package/docs/spec/examples/release_trust_v1.example.json +7 -0
  219. package/docs/spec/examples/release_trust_v2.example.json +22 -0
  220. package/docs/spec/examples/remote_signer_request_v1.example.json +18 -0
  221. package/docs/spec/examples/remote_signer_response_v1.example.json +8 -0
  222. package/docs/spec/examples/reputation_event_v1.example.json +29 -0
  223. package/docs/spec/examples/verification_report_v1.example.json +24 -0
  224. package/docs/spec/examples/verify_about_output_v1.example.json +29 -0
  225. package/docs/spec/examples/verify_cli_output_v1.example.json +13 -0
  226. package/docs/spec/legacy/MarketplaceAcceptance.v1.md +48 -0
  227. package/docs/spec/legacy/MarketplaceOffer.v1.md +56 -0
  228. package/docs/spec/legacy/schemas/MarketplaceAcceptance.v1.schema.json +53 -0
  229. package/docs/spec/legacy/schemas/MarketplaceOffer.v1.schema.json +61 -0
  230. package/docs/spec/producer-error-codes.v1.txt +14 -0
  231. package/docs/spec/schemas/AcceptanceCriteria.v1.schema.json +24 -0
  232. package/docs/spec/schemas/AcceptanceEvaluation.v1.schema.json +26 -0
  233. package/docs/spec/schemas/AgentEvent.v1.schema.json +49 -0
  234. package/docs/spec/schemas/AgentIdentity.v1.schema.json +129 -0
  235. package/docs/spec/schemas/AgentPassport.v1.schema.json +112 -0
  236. package/docs/spec/schemas/AgentReputation.v1.schema.json +151 -0
  237. package/docs/spec/schemas/AgentReputation.v2.schema.json +120 -0
  238. package/docs/spec/schemas/AgentRun.v1.schema.json +71 -0
  239. package/docs/spec/schemas/AgentRunSettlement.v1.schema.json +75 -0
  240. package/docs/spec/schemas/AgentWallet.v1.schema.json +54 -0
  241. package/docs/spec/schemas/AgreementDelegation.v1.schema.json +50 -0
  242. package/docs/spec/schemas/ArbitrationCase.v1.schema.json +133 -0
  243. package/docs/spec/schemas/ArbitrationVerdict.v1.schema.json +149 -0
  244. package/docs/spec/schemas/BundleHeadAttestation.v1.schema.json +21 -0
  245. package/docs/spec/schemas/ClosePackManifest.v1.schema.json +38 -0
  246. package/docs/spec/schemas/DelegationGrant.v1.schema.json +102 -0
  247. package/docs/spec/schemas/DisputeOpenEnvelope.v1.schema.json +78 -0
  248. package/docs/spec/schemas/EvidenceIndex.v1.schema.json +41 -0
  249. package/docs/spec/schemas/ExecutionIntent.v1.schema.json +85 -0
  250. package/docs/spec/schemas/FinancePackBundleManifest.v1.schema.json +38 -0
  251. package/docs/spec/schemas/FundingHold.v1.schema.json +46 -0
  252. package/docs/spec/schemas/GovernancePolicy.v1.schema.json +45 -0
  253. package/docs/spec/schemas/GovernancePolicy.v2.schema.json +70 -0
  254. package/docs/spec/schemas/InteractionDirectionMatrix.v1.schema.json +43 -0
  255. package/docs/spec/schemas/InvoiceBundleManifest.v1.schema.json +38 -0
  256. package/docs/spec/schemas/InvoiceClaim.v1.schema.json +39 -0
  257. package/docs/spec/schemas/MarketplaceAcceptance.v2.schema.json +53 -0
  258. package/docs/spec/schemas/MarketplaceOffer.v2.schema.json +61 -0
  259. package/docs/spec/schemas/MeteringReport.v1.schema.json +45 -0
  260. package/docs/spec/schemas/OperatorAction.v1.schema.json +113 -0
  261. package/docs/spec/schemas/PolicyDecision.v1.schema.json +74 -0
  262. package/docs/spec/schemas/PricingMatrix.v1.schema.json +24 -0
  263. package/docs/spec/schemas/PricingMatrixSignatures.v1.schema.json +24 -0
  264. package/docs/spec/schemas/PricingMatrixSignatures.v2.schema.json +24 -0
  265. package/docs/spec/schemas/ProduceCliOutput.v1.schema.json +107 -0
  266. package/docs/spec/schemas/ProofBundleManifest.v1.schema.json +37 -0
  267. package/docs/spec/schemas/PublicKeys.v1.schema.json +33 -0
  268. package/docs/spec/schemas/ReleaseIndex.v1.schema.json +45 -0
  269. package/docs/spec/schemas/ReleaseIndexSignature.v1.schema.json +16 -0
  270. package/docs/spec/schemas/ReleaseIndexSignatures.v1.schema.json +16 -0
  271. package/docs/spec/schemas/ReleaseTrust.v1.schema.json +15 -0
  272. package/docs/spec/schemas/ReleaseTrust.v2.schema.json +37 -0
  273. package/docs/spec/schemas/RemoteSignerPublicKeyResponse.v1.schema.json +14 -0
  274. package/docs/spec/schemas/RemoteSignerRequest.v1.schema.json +24 -0
  275. package/docs/spec/schemas/RemoteSignerResponse.v1.schema.json +10 -0
  276. package/docs/spec/schemas/RemoteSignerSignRequest.v1.schema.json +27 -0
  277. package/docs/spec/schemas/RemoteSignerSignResponse.v1.schema.json +16 -0
  278. package/docs/spec/schemas/ReputationEvent.v1.schema.json +164 -0
  279. package/docs/spec/schemas/RevocationList.v1.schema.json +51 -0
  280. package/docs/spec/schemas/SettlementAdjustment.v1.schema.json +44 -0
  281. package/docs/spec/schemas/SettlementDecisionRecord.v1.schema.json +66 -0
  282. package/docs/spec/schemas/SettlementDecisionRecord.v2.schema.json +149 -0
  283. package/docs/spec/schemas/SettlementDecisionReport.v1.schema.json +61 -0
  284. package/docs/spec/schemas/SettlementReceipt.v1.schema.json +135 -0
  285. package/docs/spec/schemas/SlaDefinition.v1.schema.json +33 -0
  286. package/docs/spec/schemas/SlaEvaluation.v1.schema.json +26 -0
  287. package/docs/spec/schemas/TenantSettings.v1.schema.json +90 -0
  288. package/docs/spec/schemas/TenantSettings.v2.schema.json +161 -0
  289. package/docs/spec/schemas/TimestampProof.v1.schema.json +17 -0
  290. package/docs/spec/schemas/ToolCallAgreement.v1.schema.json +34 -0
  291. package/docs/spec/schemas/ToolCallEvidence.v1.schema.json +45 -0
  292. package/docs/spec/schemas/ToolManifest.v1.schema.json +54 -0
  293. package/docs/spec/schemas/VerificationReport.v1.schema.json +83 -0
  294. package/docs/spec/schemas/VerifyAboutOutput.v1.schema.json +54 -0
  295. package/docs/spec/schemas/VerifyCliOutput.v1.schema.json +75 -0
  296. package/docs/spec/schemas/VerifyReleaseOutput.v1.schema.json +47 -0
  297. package/docs/spec/x402-error-codes.v1.txt +35 -0
  298. package/docs/templates/buyer-email.txt +18 -0
  299. package/docs/templates/buyer-one-pager.md +24 -0
  300. package/package.json +53 -6
  301. package/scripts/acceptance/full-stack.mjs +734 -0
  302. package/scripts/acceptance/full-stack.sh +99 -0
  303. package/scripts/audit/build-audit-packet.mjs +242 -0
  304. package/scripts/backup-pg.sh +45 -0
  305. package/scripts/backup-restore/README.md +18 -0
  306. package/scripts/backup-restore/capture-state.mjs +130 -0
  307. package/scripts/backup-restore/client.mjs +97 -0
  308. package/scripts/backup-restore/seed-workload.mjs +235 -0
  309. package/scripts/backup-restore/verify-state.mjs +139 -0
  310. package/scripts/backup-restore-test.sh +217 -0
  311. package/scripts/chaos.js +221 -0
  312. package/scripts/ci/build-launch-cutover-packet.mjs +304 -0
  313. package/scripts/ci/build-self-serve-benchmark-report.mjs +122 -0
  314. package/scripts/ci/changelog-guard.mjs +145 -0
  315. package/scripts/ci/check-kernel-v0-launch-gate.mjs +233 -0
  316. package/scripts/ci/check-secret-hygiene.mjs +78 -0
  317. package/scripts/ci/check-version-consistency.mjs +42 -0
  318. package/scripts/ci/cli-pack-smoke.mjs +160 -0
  319. package/scripts/ci/flake-budget-guard.mjs +68 -0
  320. package/scripts/ci/generate-error-codes.mjs +54 -0
  321. package/scripts/ci/lib/lighthouse-tracker.mjs +90 -0
  322. package/scripts/ci/lib/self-serve-launch-gate.mjs +89 -0
  323. package/scripts/ci/npm-pack-smoke.mjs +454 -0
  324. package/scripts/ci/run-10x-throughput-drill.mjs +318 -0
  325. package/scripts/ci/run-10x-throughput-incident-rehearsal.mjs +368 -0
  326. package/scripts/ci/run-arbitration-workspace-browser-e2e.sh +22 -0
  327. package/scripts/ci/run-circle-sandbox-smoke.mjs +237 -0
  328. package/scripts/ci/run-go-live-gate.mjs +150 -0
  329. package/scripts/ci/run-kernel-v0-ship-gate.mjs +97 -0
  330. package/scripts/ci/run-mcp-host-cert-matrix.mjs +201 -0
  331. package/scripts/ci/run-mcp-host-smoke.mjs +473 -0
  332. package/scripts/ci/run-offline-verification-parity-gate.mjs +762 -0
  333. package/scripts/ci/run-onboarding-host-success-gate.mjs +516 -0
  334. package/scripts/ci/run-onboarding-policy-slo-gate.mjs +537 -0
  335. package/scripts/ci/run-production-cutover-gate.mjs +540 -0
  336. package/scripts/ci/run-public-openclaw-npx-smoke.mjs +148 -0
  337. package/scripts/ci/run-release-promotion-guard.mjs +756 -0
  338. package/scripts/ci/run-self-serve-launch-gate.mjs +56 -0
  339. package/scripts/ci/runtime-import-smoke.mjs +58 -0
  340. package/scripts/ci/update-lighthouse-tracker.mjs +112 -0
  341. package/scripts/closepack/lib.mjs +286 -0
  342. package/scripts/collect-debug.sh +263 -0
  343. package/scripts/demo/compositional-settlement-3hop.mjs +237 -0
  344. package/scripts/demo/delivery-robot/export-ui-fixture.mjs +188 -0
  345. package/scripts/demo/delivery-robot/generate.mjs +377 -0
  346. package/scripts/demo/kernel-agent-goes-shopping.mjs +202 -0
  347. package/scripts/demo/magic-link-first-green.mjs +118 -0
  348. package/scripts/demo/magic-link-kind-smoke.mjs +577 -0
  349. package/scripts/demo/mcp-paid-exa.mjs +1110 -0
  350. package/scripts/dev/billing-doctor.sh +145 -0
  351. package/scripts/dev/billing-smoke-prod.sh +219 -0
  352. package/scripts/dev/billing-webhook-replay.sh +161 -0
  353. package/scripts/dev/env.dev.example +29 -0
  354. package/scripts/dev/env.sh +37 -0
  355. package/scripts/dev/new-sdk-key.sh +81 -0
  356. package/scripts/dev/sdk-first-run.sh +21 -0
  357. package/scripts/dev/smoke-x402-gateway.sh +115 -0
  358. package/scripts/dev/start-api.sh +24 -0
  359. package/scripts/doctor/mcp-host.mjs +120 -0
  360. package/scripts/examples/produce-and-verify-jobproof.mjs +191 -0
  361. package/scripts/examples/sdk-first-paid-rfq.py +105 -0
  362. package/scripts/examples/sdk-first-verified-run.mjs +85 -0
  363. package/scripts/examples/sdk-first-verified-run.py +99 -0
  364. package/scripts/examples/sdk-tenant-analytics.mjs +103 -0
  365. package/scripts/examples/sdk-tenant-analytics.py +118 -0
  366. package/scripts/finance-pack/bundle.mjs +284 -0
  367. package/scripts/fixtures/generate-bundle-fixtures.mjs +877 -0
  368. package/scripts/governance/export.mjs +169 -0
  369. package/scripts/load/delivery-stress.k6.js +183 -0
  370. package/scripts/load/ingest-burst.k6.js +236 -0
  371. package/scripts/load/run-delivery-load.js +66 -0
  372. package/scripts/load/webhook-receiver.js +131 -0
  373. package/scripts/magic-link/migrate-run-records-to-db.mjs +35 -0
  374. package/scripts/mcp/probe.mjs +238 -0
  375. package/scripts/mcp/settld-mcp-http-gateway.mjs +178 -0
  376. package/scripts/mcp/settld-mcp-server.mjs +1511 -0
  377. package/scripts/openapi/write.mjs +13 -0
  378. package/scripts/ops/bootstrap-tenant-conformance.mjs +185 -0
  379. package/scripts/ops/build-x402-pilot-reliability-report.mjs +489 -0
  380. package/scripts/ops/check-x402-receipt-sample.mjs +181 -0
  381. package/scripts/ops/design-partner-run-packet.mjs +466 -0
  382. package/scripts/ops/dispute-finance-reconciliation-packet.mjs +313 -0
  383. package/scripts/ops/hosted-baseline-evidence.mjs +890 -0
  384. package/scripts/ops/money-rails-chargeback-evidence.mjs +509 -0
  385. package/scripts/ops/money-rails-reconcile-evidence.mjs +180 -0
  386. package/scripts/ops/p0-seed-money-rail-operation.mjs +432 -0
  387. package/scripts/ops/run-x402-hitl-smoke.mjs +607 -0
  388. package/scripts/pilot/finance-pack.mjs +495 -0
  389. package/scripts/pilot/fixtures/robot-keypair.json +4 -0
  390. package/scripts/pilot/fixtures/server-signer.json +4 -0
  391. package/scripts/policy/cli.mjs +600 -0
  392. package/scripts/profile/cli.mjs +1324 -0
  393. package/scripts/proof-bundle/job.mjs +109 -0
  394. package/scripts/proof-bundle/lib.mjs +92 -0
  395. package/scripts/proof-bundle/month.mjs +103 -0
  396. package/scripts/provider/conformance-run.mjs +159 -0
  397. package/scripts/provider/keys-generate.mjs +135 -0
  398. package/scripts/provider/publish.mjs +420 -0
  399. package/scripts/quickstart/x402.mjs +334 -0
  400. package/scripts/register-entity-secret.mjs +102 -0
  401. package/scripts/release/build-artifacts.mjs +181 -0
  402. package/scripts/release/generate-release-index.mjs +112 -0
  403. package/scripts/release/release-index-lib.mjs +232 -0
  404. package/scripts/release/sign-release-index.mjs +85 -0
  405. package/scripts/release/validate-release-assets.mjs +170 -0
  406. package/scripts/release/verify-release.mjs +261 -0
  407. package/scripts/restore-pg.sh +34 -0
  408. package/scripts/scaffold/create-settld-paid-tool.mjs +19 -0
  409. package/scripts/sdk/smoke-python.py +30 -0
  410. package/scripts/sdk/smoke.mjs +16 -0
  411. package/scripts/settlement/x402-batch-worker.mjs +1091 -0
  412. package/scripts/setup/circle-bootstrap.mjs +310 -0
  413. package/scripts/setup/host-config.mjs +617 -0
  414. package/scripts/setup/onboard.mjs +1337 -0
  415. package/scripts/setup/openclaw-onboard.mjs +423 -0
  416. package/scripts/setup/wizard.mjs +986 -0
  417. package/scripts/slo/check.mjs +239 -0
  418. package/scripts/smoke/k8s-smoke.mjs +214 -0
  419. package/scripts/spec/generate-protocol-vectors.mjs +1019 -0
  420. package/scripts/test/check-no-generated-artifacts.sh +12 -0
  421. package/scripts/test/run.sh +59 -0
  422. package/scripts/trust/validate-trust-file.mjs +57 -0
  423. package/scripts/trust-config/rotate-settld-pay.mjs +277 -0
  424. package/scripts/trust-config/wizard.mjs +161 -0
  425. package/scripts/vendor-contract-test-lib.mjs +182 -0
  426. package/scripts/vendor-contract-test.mjs +55 -0
  427. package/scripts/vercel/build-mkdocs.sh +9 -0
  428. package/scripts/vercel/ignore-mkdocs.sh +25 -0
  429. package/scripts/vercel/install-mkdocs.sh +6 -0
  430. package/scripts/verify-pg.js +217 -0
  431. package/scripts/x402/receipt-verify.mjs +289 -0
  432. package/services/finance-sink/src/dedupe-store.js +29 -6
  433. package/services/receiver/src/dedupe-store.js +29 -5
  434. package/services/x402-gateway/Dockerfile +13 -0
  435. package/services/x402-gateway/README.md +58 -0
  436. package/services/x402-gateway/examples/upstream-mock.js +337 -0
  437. package/services/x402-gateway/src/server.js +1058 -0
  438. package/src/api/app.js +34658 -16940
  439. package/src/api/maintenance.js +70 -0
  440. package/src/api/middleware/trust-kernel.js +114 -0
  441. package/src/api/openapi.js +1778 -70
  442. package/src/api/persistence.js +456 -0
  443. package/src/api/server.js +81 -5
  444. package/src/api/store.js +1581 -62
  445. package/src/api/workers/deliveries.js +99 -4
  446. package/src/api/workers/insolvency-sweep.js +159 -0
  447. package/src/core/agent-card.js +69 -0
  448. package/src/core/agent-wallets.js +231 -0
  449. package/src/core/agreement-delegation.js +549 -0
  450. package/src/core/billing-plans.js +40 -6
  451. package/src/core/circle-reserve-adapter.js +845 -0
  452. package/src/core/event-policy.js +21 -2
  453. package/src/core/maintenance-locks.js +1 -0
  454. package/src/core/operator-action.js +303 -0
  455. package/src/core/paid-tool-manifest.js +318 -0
  456. package/src/core/policy-decision.js +322 -0
  457. package/src/core/policy-packs.js +207 -0
  458. package/src/core/profile-fingerprint.js +27 -0
  459. package/src/core/profile-simulation-reasons.js +84 -0
  460. package/src/core/profile-templates.js +242 -0
  461. package/src/core/provider-publish-conformance.js +525 -0
  462. package/src/core/provider-publish-proof.js +396 -0
  463. package/src/core/provider-quote-signature.js +170 -0
  464. package/src/core/settld-keys.js +112 -0
  465. package/src/core/settld-pay-token.js +344 -0
  466. package/src/core/settlement-kernel.js +239 -2
  467. package/src/core/settlement-verifier.js +335 -0
  468. package/src/core/tool-call-agreement.js +112 -0
  469. package/src/core/tool-call-evidence.js +144 -0
  470. package/src/core/tool-provider-signature.js +98 -0
  471. package/src/core/wallet-assignment-resolver.js +129 -0
  472. package/src/core/wallet-provider-bootstrap.js +365 -0
  473. package/src/core/x402-escalation-override.js +258 -0
  474. package/src/core/x402-gate.js +118 -0
  475. package/src/core/x402-provider-refund-decision.js +220 -0
  476. package/src/core/x402-receipt-verifier.js +708 -0
  477. package/src/core/x402-reversal-command.js +251 -0
  478. package/src/core/x402-wallet-issuer-decision.js +252 -0
  479. package/src/core/zk-verifier.js +300 -0
  480. package/src/db/migrations/029_reputation_event_index.sql +54 -0
  481. package/src/db/migrations/030_artifacts_source_event_unique_job_only.sql +15 -0
  482. package/src/db/pg.js +18 -7
  483. package/src/db/store-pg.js +1508 -111
package/src/api/openapi.js CHANGED
@@ -67,6 +67,167 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
67
67
  }
68
68
  };
69
69
 
70
+ const X402ExecutionProofV1 = {
71
+ type: "object",
72
+ additionalProperties: false,
73
+ required: ["protocol", "publicSignals", "proofData"],
74
+ properties: {
75
+ schemaVersion: { type: "string", enum: ["X402ExecutionProof.v1"] },
76
+ protocol: { type: "string", enum: ["groth16", "plonk", "stark"] },
77
+ publicSignals: { type: "array", items: {} },
78
+ proofData: { type: "object", additionalProperties: true },
79
+ verificationKey: { type: "object", nullable: true, additionalProperties: true },
80
+ verificationKeyRef: { type: "string", nullable: true },
81
+ statementHashSha256: { type: "string", pattern: "^[0-9a-f]{64}$", nullable: true },
82
+ inputDigestSha256: { type: "string", pattern: "^[0-9a-f]{64}$", nullable: true },
83
+ outputDigestSha256: { type: "string", pattern: "^[0-9a-f]{64}$", nullable: true }
84
+ }
85
+ };
86
+
87
+ const X402GateVerifyRequest = {
88
+ type: "object",
89
+ additionalProperties: true,
90
+ required: ["gateId"],
91
+ properties: {
92
+ gateId: { type: "string" },
93
+ proof: { ...X402ExecutionProofV1, nullable: true }
94
+ }
95
+ };
96
+
97
+ const X402GateAuthorizePaymentRequest = {
98
+ type: "object",
99
+ additionalProperties: true,
100
+ required: ["gateId"],
101
+ properties: {
102
+ gateId: { type: "string" },
103
+ quoteId: { type: "string", nullable: true },
104
+ requestBindingMode: { type: "string", enum: ["strict"], nullable: true },
105
+ requestBindingSha256: { type: "string", pattern: "^[0-9a-f]{64}$", nullable: true },
106
+ walletAuthorizationDecisionToken: { type: "string", nullable: true },
107
+ escalationOverrideToken: { type: "string", nullable: true },
108
+ executionIntent: {
109
+ type: "object",
110
+ nullable: true,
111
+ additionalProperties: true,
112
+ description: "ExecutionIntent.v1 payload bound to authorize-payment preconditions."
113
+ }
114
+ }
115
+ };
116
+
117
+ const X402WalletAssignment = {
118
+ type: "object",
119
+ additionalProperties: false,
120
+ required: ["sponsorWalletRef", "policyRef", "policyVersion"],
121
+ properties: {
122
+ sponsorWalletRef: { type: "string" },
123
+ policyRef: { type: "string" },
124
+ policyVersion: { type: "integer", minimum: 1 }
125
+ }
126
+ };
127
+
128
+ const X402WalletAssignmentResolveRequest = {
129
+ type: "object",
130
+ additionalProperties: false,
131
+ properties: {
132
+ profileRef: { type: "string", nullable: true },
133
+ riskClass: { type: "string", enum: ["read", "compute", "action", "financial"], nullable: true },
134
+ delegationRef: { type: "string", nullable: true },
135
+ delegationDepth: { type: "integer", minimum: 0, nullable: true }
136
+ }
137
+ };
138
+
139
+ const X402WalletAssignmentResolveResponse = {
140
+ type: "object",
141
+ additionalProperties: false,
142
+ required: ["ok", "tenantId", "assignment"],
143
+ properties: {
144
+ ok: { type: "boolean" },
145
+ tenantId: { type: "string" },
146
+ profileRef: { type: "string", nullable: true },
147
+ riskClass: { type: "string", enum: ["read", "compute", "action", "financial"], nullable: true },
148
+ delegationRef: { type: "string", nullable: true },
149
+ delegationDepth: { type: "integer", minimum: 0, nullable: true },
150
+ assignment: { ...X402WalletAssignment, nullable: true }
151
+ }
152
+ };
153
+
154
+ const X402AuthorizePaymentTaErrorCodes = Object.freeze([
155
+ "X402_EXECUTION_INTENT_REQUIRED",
156
+ "X402_EXECUTION_INTENT_IDEMPOTENCY_MISMATCH",
157
+ "X402_EXECUTION_INTENT_CONFLICT"
158
+ ]);
159
+
160
+ const X402AuthorizePaymentBadRequestKnownErrorCodes = Object.freeze([
161
+ "SCHEMA_INVALID",
162
+ "X402_EXECUTION_INTENT_HASH_MISMATCH"
163
+ ]);
164
+
165
+ const X402AuthorizePaymentConflictKnownErrorCodes = Object.freeze([
166
+ ...X402AuthorizePaymentTaErrorCodes,
167
+ "X402_EXECUTION_INTENT_INVALID",
168
+ "X402_EXECUTION_INTENT_TIME_INVALID",
169
+ "X402_EXECUTION_INTENT_TENANT_MISMATCH",
170
+ "X402_EXECUTION_INTENT_AGENT_MISMATCH",
171
+ "X402_EXECUTION_INTENT_SIDE_EFFECTING_REQUIRED",
172
+ "X402_EXECUTION_INTENT_REQUEST_BINDING_REQUIRED",
173
+ "X402_EXECUTION_INTENT_REQUEST_MISMATCH",
174
+ "X402_EXECUTION_INTENT_SPEND_LIMIT_EXCEEDED",
175
+ "X402_EXECUTION_INTENT_CURRENCY_MISMATCH",
176
+ "X402_EXECUTION_INTENT_RUN_MISMATCH",
177
+ "X402_EXECUTION_INTENT_AGREEMENT_MISMATCH",
178
+ "X402_EXECUTION_INTENT_QUOTE_MISMATCH",
179
+ "X402_EXECUTION_INTENT_POLICY_VERSION_MISMATCH",
180
+ "X402_EXECUTION_INTENT_POLICY_HASH_MISMATCH",
181
+ "X402_EXECUTION_INTENT_EXPIRES_AT_INVALID",
182
+ "X402_EXECUTION_INTENT_EXPIRED"
183
+ ]);
184
+
185
+ const X402GateVerifyBadRequestKnownErrorCodes = Object.freeze(["SCHEMA_INVALID"]);
186
+
187
+ const X402GateVerifyConflictKnownErrorCodes = Object.freeze([
188
+ "X402_INVALID_VERIFICATION_KEY_REF",
189
+ "X402_MISSING_REQUIRED_PROOF",
190
+ "X402_INVALID_CRYPTOGRAPHIC_PROOF",
191
+ "X402_SPEND_AUTH_POLICY_FINGERPRINT_MISMATCH",
192
+ "X402_REQUEST_BINDING_REQUIRED",
193
+ "X402_REQUEST_BINDING_EVIDENCE_REQUIRED",
194
+ "X402_REQUEST_BINDING_EVIDENCE_MISMATCH"
195
+ ]);
196
+
197
+ function errorResponseWithKnownCodes(knownCodes) {
198
+ return {
199
+ allOf: [
200
+ ErrorResponse,
201
+ {
202
+ type: "object",
203
+ additionalProperties: true,
204
+ properties: {
205
+ code: {
206
+ anyOf: [{ type: "string", enum: [...knownCodes] }, { type: "string" }],
207
+ description: "Known stable codes are listed in docs/spec/x402-error-codes.v1.txt."
208
+ }
209
+ }
210
+ }
211
+ ]
212
+ };
213
+ }
214
+
215
+ const X402ZkVerificationKeyV1 = {
216
+ type: "object",
217
+ additionalProperties: false,
218
+ required: ["schemaVersion", "verificationKeyId", "protocol", "verificationKey", "createdAt", "updatedAt"],
219
+ properties: {
220
+ schemaVersion: { type: "string", enum: ["X402ZkVerificationKey.v1"] },
221
+ verificationKeyId: { type: "string" },
222
+ protocol: { type: "string", enum: ["groth16", "plonk", "stark"] },
223
+ verificationKey: { type: "object", additionalProperties: true },
224
+ providerRef: { type: "string", nullable: true },
225
+ metadata: { type: "object", additionalProperties: true, nullable: true },
226
+ createdAt: { type: "string", format: "date-time" },
227
+ updatedAt: { type: "string", format: "date-time" }
228
+ }
229
+ };
230
+
70
231
  const JobCreateRequest = {
71
232
  type: "object",
72
233
  additionalProperties: false,
@@ -209,6 +370,187 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
209
370
  }
210
371
  };
211
372
 
373
+ const AgentPassportV1 = {
374
+ type: "object",
375
+ additionalProperties: false,
376
+ required: [
377
+ "schemaVersion",
378
+ "passportId",
379
+ "agentId",
380
+ "tenantId",
381
+ "principalRef",
382
+ "identityAnchors",
383
+ "delegationRoot",
384
+ "policyEnvelope",
385
+ "status",
386
+ "createdAt",
387
+ "updatedAt",
388
+ "sponsorRef",
389
+ "agentKeyId",
390
+ "delegationRef",
391
+ "lineageRequired"
392
+ ],
393
+ properties: {
394
+ schemaVersion: { type: "string", enum: ["AgentPassport.v1"] },
395
+ passportId: { type: "string" },
396
+ agentId: { type: "string" },
397
+ tenantId: { type: "string" },
398
+ principalRef: {
399
+ type: "object",
400
+ additionalProperties: false,
401
+ required: ["principalType", "principalId"],
402
+ properties: {
403
+ principalType: { type: "string", enum: ["human", "business", "service", "dao"] },
404
+ principalId: { type: "string" },
405
+ jurisdiction: { type: "string" }
406
+ }
407
+ },
408
+ identityAnchors: {
409
+ type: "object",
410
+ additionalProperties: false,
411
+ required: ["jwksUri", "activeKeyId", "keysetHash"],
412
+ properties: {
413
+ did: { type: "string" },
414
+ jwksUri: { type: "string", format: "uri" },
415
+ activeKeyId: { type: "string" },
416
+ keysetHash: { type: "string", pattern: "^[0-9a-f]{64}$" }
417
+ }
418
+ },
419
+ delegationRoot: {
420
+ type: "object",
421
+ additionalProperties: false,
422
+ required: ["rootGrantId", "rootGrantHash", "issuedAt"],
423
+ properties: {
424
+ rootGrantId: { type: "string" },
425
+ rootGrantHash: { type: "string", pattern: "^[0-9a-f]{64}$" },
426
+ issuedAt: { type: "string", format: "date-time" },
427
+ expiresAt: { type: "string", format: "date-time", nullable: true },
428
+ revokedAt: { type: "string", format: "date-time", nullable: true }
429
+ }
430
+ },
431
+ capabilityCredentials: { type: "array", items: { type: "object", additionalProperties: true } },
432
+ policyEnvelope: {
433
+ type: "object",
434
+ additionalProperties: false,
435
+ required: ["maxPerCallCents", "maxDailyCents", "allowedRiskClasses"],
436
+ properties: {
437
+ maxPerCallCents: { type: "integer", minimum: 0 },
438
+ maxDailyCents: { type: "integer", minimum: 0 },
439
+ allowedRiskClasses: { type: "array", items: { type: "string", enum: ["read", "compute", "action", "financial"] } },
440
+ requireApprovalAboveCents: { type: "integer", minimum: 0, nullable: true },
441
+ allowlistRefs: { type: "array", items: { type: "string" } }
442
+ }
443
+ },
444
+ status: { type: "string", enum: ["active", "suspended", "revoked"] },
445
+ metadata: { type: "object", nullable: true, additionalProperties: true },
446
+ createdAt: { type: "string", format: "date-time" },
447
+ updatedAt: { type: "string", format: "date-time" },
448
+ sponsorRef: { type: "string" },
449
+ sponsorWalletRef: { type: "string" },
450
+ agentKeyId: { type: "string" },
451
+ delegationRef: { type: "string" },
452
+ policyRef: { type: "string" },
453
+ policyVersion: { type: "integer", minimum: 1 },
454
+ delegationDepth: { type: "integer", minimum: 0 },
455
+ maxDelegationDepth: { type: "integer", minimum: 0 },
456
+ expiresAt: { type: "string", format: "date-time" },
457
+ lineageRequired: { type: "boolean" }
458
+ }
459
+ };
460
+
461
+ const AgentPassportUpsertRequest = {
462
+ type: "object",
463
+ additionalProperties: false,
464
+ required: ["agentPassport"],
465
+ properties: {
466
+ agentPassport: AgentPassportV1
467
+ }
468
+ };
469
+
470
+ const AgentPassportRevokeRequest = {
471
+ type: "object",
472
+ additionalProperties: false,
473
+ properties: {
474
+ revokedAt: { type: "string", format: "date-time", nullable: true },
475
+ reasonCode: { type: "string" },
476
+ reason: { type: "string" }
477
+ }
478
+ };
479
+
480
+ const ToolCallAgreementV1 = {
481
+ type: "object",
482
+ additionalProperties: false,
483
+ required: [
484
+ "schemaVersion",
485
+ "toolId",
486
+ "manifestHash",
487
+ "callId",
488
+ "inputHash",
489
+ "acceptanceCriteria",
490
+ "settlementTerms",
491
+ "payerAgentId",
492
+ "payeeAgentId",
493
+ "createdAt",
494
+ "agreementHash"
495
+ ],
496
+ properties: {
497
+ schemaVersion: { type: "string", enum: ["ToolCallAgreement.v1"] },
498
+ toolId: { type: "string" },
499
+ manifestHash: { type: "string", pattern: "^[0-9a-f]{64}$" },
500
+ callId: { type: "string" },
501
+ inputHash: { type: "string", pattern: "^[0-9a-f]{64}$" },
502
+ acceptanceCriteria: { type: "object", nullable: true, additionalProperties: true },
503
+ settlementTerms: { type: "object", nullable: true, additionalProperties: true },
504
+ payerAgentId: { type: "string", nullable: true },
505
+ payeeAgentId: { type: "string", nullable: true },
506
+ createdAt: { type: "string", format: "date-time" },
507
+ agreementHash: { type: "string", pattern: "^[0-9a-f]{64}$" }
508
+ }
509
+ };
510
+
511
+ const ToolCallEvidenceV1 = {
512
+ type: "object",
513
+ additionalProperties: false,
514
+ required: [
515
+ "schemaVersion",
516
+ "agreementHash",
517
+ "callId",
518
+ "inputHash",
519
+ "outputHash",
520
+ "outputRef",
521
+ "metrics",
522
+ "startedAt",
523
+ "completedAt",
524
+ "createdAt",
525
+ "evidenceHash"
526
+ ],
527
+ properties: {
528
+ schemaVersion: { type: "string", enum: ["ToolCallEvidence.v1"] },
529
+ agreementHash: { type: "string", pattern: "^[0-9a-f]{64}$" },
530
+ callId: { type: "string" },
531
+ inputHash: { type: "string", pattern: "^[0-9a-f]{64}$" },
532
+ outputHash: { type: "string", pattern: "^[0-9a-f]{64}$" },
533
+ outputRef: { type: "string", nullable: true },
534
+ metrics: { type: "object", nullable: true, additionalProperties: true },
535
+ startedAt: { type: "string", format: "date-time" },
536
+ completedAt: { type: "string", format: "date-time" },
537
+ createdAt: { type: "string", format: "date-time" },
538
+ evidenceHash: { type: "string", pattern: "^[0-9a-f]{64}$" },
539
+ signature: {
540
+ type: "object",
541
+ nullable: true,
542
+ additionalProperties: false,
543
+ required: ["algorithm", "signerKeyId", "evidenceHash", "signature"],
544
+ properties: {
545
+ algorithm: { type: "string", enum: ["ed25519"] },
546
+ signerKeyId: { type: "string" },
547
+ evidenceHash: { type: "string", pattern: "^[0-9a-f]{64}$" },
548
+ signature: { type: "string" }
549
+ }
550
+ }
551
+ }
552
+ };
553
+
212
554
  const AgentRunV1 = {
213
555
  type: "object",
214
556
  additionalProperties: false,
@@ -402,6 +744,7 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
402
744
  closedByAgentId: { type: "string", nullable: true },
403
745
  summary: { type: "string", nullable: true },
404
746
  closedAt: { type: "string", format: "date-time", nullable: true },
747
+ releaseRatePct: { type: "integer", minimum: 0, maximum: 100, nullable: true },
405
748
  evidenceRefs: { type: "array", items: { type: "string" } }
406
749
  }
407
750
  },
@@ -1161,6 +1504,224 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
1161
1504
  }
1162
1505
  };
1163
1506
 
1507
+ const OpsEmergencyControlType = {
1508
+ type: "string",
1509
+ enum: ["pause", "quarantine", "revoke", "kill-switch"]
1510
+ };
1511
+
1512
+ const OpsEmergencyAction = {
1513
+ type: "string",
1514
+ enum: ["pause", "quarantine", "revoke", "kill-switch", "resume"]
1515
+ };
1516
+
1517
+ const OpsEmergencyScope = {
1518
+ type: "object",
1519
+ additionalProperties: false,
1520
+ required: ["type"],
1521
+ properties: {
1522
+ type: { type: "string", enum: ["tenant", "agent", "adapter"] },
1523
+ id: { type: "string", nullable: true }
1524
+ }
1525
+ };
1526
+
1527
+ const OpsEmergencyRequestedBy = {
1528
+ type: "object",
1529
+ additionalProperties: false,
1530
+ properties: {
1531
+ keyId: { type: "string", nullable: true },
1532
+ principalId: { type: "string", nullable: true }
1533
+ }
1534
+ };
1535
+
1536
+ const OpsEmergencyControlEvent = {
1537
+ type: "object",
1538
+ additionalProperties: false,
1539
+ required: ["schemaVersion", "eventId", "tenantId", "action", "scope", "requestedBy", "createdAt", "effectiveAt"],
1540
+ properties: {
1541
+ schemaVersion: { type: "string", enum: ["OpsEmergencyControlEvent.v1"] },
1542
+ eventId: { type: "string" },
1543
+ tenantId: { type: "string" },
1544
+ action: OpsEmergencyAction,
1545
+ controlType: { ...OpsEmergencyControlType, nullable: true },
1546
+ resumeControlTypes: { type: "array", items: OpsEmergencyControlType },
1547
+ scope: OpsEmergencyScope,
1548
+ reasonCode: { type: "string", nullable: true },
1549
+ reason: { type: "string", nullable: true },
1550
+ operatorAction: { type: "object", additionalProperties: true, nullable: true },
1551
+ secondOperatorAction: { type: "object", additionalProperties: true, nullable: true },
1552
+ requestedBy: OpsEmergencyRequestedBy,
1553
+ requestId: { type: "string", nullable: true },
1554
+ createdAt: { type: "string", format: "date-time" },
1555
+ effectiveAt: { type: "string", format: "date-time" }
1556
+ }
1557
+ };
1558
+
1559
+ const OpsEmergencyControlState = {
1560
+ type: "object",
1561
+ additionalProperties: false,
1562
+ required: [
1563
+ "schemaVersion",
1564
+ "tenantId",
1565
+ "scopeType",
1566
+ "scopeId",
1567
+ "controlType",
1568
+ "active",
1569
+ "activatedAt",
1570
+ "resumedAt",
1571
+ "updatedAt",
1572
+ "lastEventId",
1573
+ "lastAction",
1574
+ "reasonCode",
1575
+ "reason",
1576
+ "operatorAction",
1577
+ "revision"
1578
+ ],
1579
+ properties: {
1580
+ schemaVersion: { type: "string", enum: ["OpsEmergencyControlState.v1"] },
1581
+ tenantId: { type: "string" },
1582
+ scopeType: { type: "string", enum: ["tenant", "agent", "adapter"] },
1583
+ scopeId: { type: "string", nullable: true },
1584
+ controlType: OpsEmergencyControlType,
1585
+ active: { type: "boolean" },
1586
+ activatedAt: { type: "string", format: "date-time" },
1587
+ resumedAt: { type: "string", format: "date-time", nullable: true },
1588
+ updatedAt: { type: "string", format: "date-time" },
1589
+ lastEventId: { type: "string", nullable: true },
1590
+ lastAction: { ...OpsEmergencyAction, nullable: true },
1591
+ reasonCode: { type: "string", nullable: true },
1592
+ reason: { type: "string", nullable: true },
1593
+ operatorAction: { type: "object", additionalProperties: true, nullable: true },
1594
+ revision: { type: "integer", minimum: 0 }
1595
+ }
1596
+ };
1597
+
1598
+ const OpsEmergencyPauseRequest = {
1599
+ type: "object",
1600
+ additionalProperties: false,
1601
+ required: ["operatorAction"],
1602
+ properties: {
1603
+ scope: OpsEmergencyScope,
1604
+ scopeType: { type: "string", enum: ["tenant", "agent", "adapter"], nullable: true },
1605
+ scopeId: { type: "string", nullable: true },
1606
+ agentId: { type: "string", nullable: true },
1607
+ adapterId: { type: "string", nullable: true },
1608
+ providerId: { type: "string", nullable: true },
1609
+ reasonCode: { type: "string", nullable: true },
1610
+ reason: { type: "string", nullable: true },
1611
+ operatorAction: { type: "object", additionalProperties: true },
1612
+ secondOperatorAction: { type: "object", additionalProperties: true, nullable: true },
1613
+ effectiveAt: { type: "string", format: "date-time", nullable: true }
1614
+ }
1615
+ };
1616
+
1617
+ const OpsEmergencyQuarantineRequest = {
1618
+ type: "object",
1619
+ additionalProperties: false,
1620
+ required: ["operatorAction"],
1621
+ properties: {
1622
+ scope: OpsEmergencyScope,
1623
+ scopeType: { type: "string", enum: ["tenant", "agent", "adapter"], nullable: true },
1624
+ scopeId: { type: "string", nullable: true },
1625
+ agentId: { type: "string", nullable: true },
1626
+ adapterId: { type: "string", nullable: true },
1627
+ providerId: { type: "string", nullable: true },
1628
+ reasonCode: { type: "string", nullable: true },
1629
+ reason: { type: "string", nullable: true },
1630
+ operatorAction: { type: "object", additionalProperties: true },
1631
+ secondOperatorAction: { type: "object", additionalProperties: true, nullable: true },
1632
+ effectiveAt: { type: "string", format: "date-time", nullable: true }
1633
+ }
1634
+ };
1635
+
1636
+ const OpsEmergencyRevokeRequest = {
1637
+ type: "object",
1638
+ additionalProperties: false,
1639
+ required: ["operatorAction"],
1640
+ properties: {
1641
+ scope: OpsEmergencyScope,
1642
+ scopeType: { type: "string", enum: ["tenant", "agent", "adapter"], nullable: true },
1643
+ scopeId: { type: "string", nullable: true },
1644
+ agentId: { type: "string", nullable: true },
1645
+ adapterId: { type: "string", nullable: true },
1646
+ providerId: { type: "string", nullable: true },
1647
+ reasonCode: { type: "string", nullable: true },
1648
+ reason: { type: "string", nullable: true },
1649
+ operatorAction: { type: "object", additionalProperties: true },
1650
+ secondOperatorAction: { type: "object", additionalProperties: true, nullable: true },
1651
+ effectiveAt: { type: "string", format: "date-time", nullable: true }
1652
+ }
1653
+ };
1654
+
1655
+ const OpsEmergencyKillSwitchRequest = {
1656
+ type: "object",
1657
+ additionalProperties: false,
1658
+ required: ["operatorAction"],
1659
+ properties: {
1660
+ scope: OpsEmergencyScope,
1661
+ scopeType: { type: "string", enum: ["tenant", "agent", "adapter"], nullable: true },
1662
+ scopeId: { type: "string", nullable: true },
1663
+ agentId: { type: "string", nullable: true },
1664
+ adapterId: { type: "string", nullable: true },
1665
+ providerId: { type: "string", nullable: true },
1666
+ reasonCode: { type: "string", nullable: true },
1667
+ reason: { type: "string", nullable: true },
1668
+ operatorAction: { type: "object", additionalProperties: true },
1669
+ secondOperatorAction: { type: "object", additionalProperties: true, nullable: true },
1670
+ effectiveAt: { type: "string", format: "date-time", nullable: true }
1671
+ }
1672
+ };
1673
+
1674
+ const OpsEmergencyResumeRequest = {
1675
+ type: "object",
1676
+ additionalProperties: false,
1677
+ required: ["operatorAction"],
1678
+ properties: {
1679
+ scope: OpsEmergencyScope,
1680
+ scopeType: { type: "string", enum: ["tenant", "agent", "adapter"], nullable: true },
1681
+ scopeId: { type: "string", nullable: true },
1682
+ agentId: { type: "string", nullable: true },
1683
+ adapterId: { type: "string", nullable: true },
1684
+ providerId: { type: "string", nullable: true },
1685
+ controlType: OpsEmergencyControlType,
1686
+ controlTypes: { type: "array", items: OpsEmergencyControlType },
1687
+ resumeControlType: OpsEmergencyControlType,
1688
+ resumeControlTypes: { type: "array", items: OpsEmergencyControlType },
1689
+ reasonCode: { type: "string", nullable: true },
1690
+ reason: { type: "string", nullable: true },
1691
+ operatorAction: { type: "object", additionalProperties: true },
1692
+ secondOperatorAction: { type: "object", additionalProperties: true, nullable: true },
1693
+ effectiveAt: { type: "string", format: "date-time", nullable: true }
1694
+ }
1695
+ };
1696
+
1697
+ const OpsEmergencyDualControlStatus = {
1698
+ type: "object",
1699
+ additionalProperties: false,
1700
+ required: ["required", "satisfied"],
1701
+ properties: {
1702
+ required: { type: "boolean" },
1703
+ satisfied: { type: "boolean", nullable: true }
1704
+ }
1705
+ };
1706
+
1707
+ const OpsEmergencyControlResponse = {
1708
+ type: "object",
1709
+ additionalProperties: false,
1710
+ required: ["tenantId", "applied", "action"],
1711
+ properties: {
1712
+ tenantId: { type: "string" },
1713
+ applied: { type: "boolean" },
1714
+ action: OpsEmergencyAction,
1715
+ reason: { type: "string", nullable: true },
1716
+ event: { ...OpsEmergencyControlEvent, nullable: true },
1717
+ scope: { ...OpsEmergencyScope, nullable: true },
1718
+ controlType: { ...OpsEmergencyControlType, nullable: true },
1719
+ resumeControlTypes: { type: "array", items: OpsEmergencyControlType },
1720
+ dualControl: { ...OpsEmergencyDualControlStatus, nullable: true },
1721
+ control: { ...OpsEmergencyControlState, nullable: true }
1722
+ }
1723
+ };
1724
+
1164
1725
  const MarketplaceAgreementAcceptanceSignatureV2 = {
1165
1726
  type: "object",
1166
1727
  additionalProperties: false,
@@ -1536,31 +2097,194 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
1536
2097
  }
1537
2098
  };
1538
2099
 
1539
- const MarketplaceRfqV1 = {
2100
+ const ProviderConformanceVerdictV1 = {
1540
2101
  type: "object",
1541
2102
  additionalProperties: false,
1542
- required: ["schemaVersion", "rfqId", "tenantId", "title", "status", "currency", "createdAt", "updatedAt"],
2103
+ required: ["ok", "requiredChecks", "passedChecks"],
1543
2104
  properties: {
1544
- schemaVersion: { type: "string", enum: ["MarketplaceRfq.v1"] },
1545
- rfqId: { type: "string" },
1546
- tenantId: { type: "string" },
1547
- title: { type: "string" },
1548
- description: { type: "string", nullable: true },
1549
- capability: { type: "string", nullable: true },
1550
- fromType: InteractionDirectionEntityType,
1551
- toType: InteractionDirectionEntityType,
1552
- posterAgentId: { type: "string", nullable: true },
1553
- status: { type: "string", enum: ["open", "assigned", "cancelled", "closed"] },
1554
- budgetCents: { type: "integer", nullable: true, minimum: 1 },
1555
- currency: { type: "string" },
1556
- deadlineAt: { type: "string", format: "date-time", nullable: true },
1557
- acceptedBidId: { type: "string", nullable: true },
1558
- acceptedBidderAgentId: { type: "string", nullable: true },
1559
- acceptedAt: { type: "string", format: "date-time", nullable: true },
1560
- acceptedByAgentId: { type: "string", nullable: true },
1561
- counterOfferPolicy: { ...MarketplaceCounterOfferPolicyV1, nullable: true },
1562
- runId: { type: "string", nullable: true },
1563
- agreementId: { type: "string", nullable: true },
2105
+ ok: { type: "boolean" },
2106
+ requiredChecks: { type: "integer", minimum: 0 },
2107
+ passedChecks: { type: "integer", minimum: 0 }
2108
+ }
2109
+ };
2110
+
2111
+ const ProviderConformanceSummaryV1 = {
2112
+ type: "object",
2113
+ additionalProperties: false,
2114
+ required: ["schemaVersion", "generatedAt", "verdict"],
2115
+ properties: {
2116
+ schemaVersion: { type: "string" },
2117
+ generatedAt: { type: "string", format: "date-time", nullable: true },
2118
+ verdict: ProviderConformanceVerdictV1
2119
+ }
2120
+ };
2121
+
2122
+ const MarketplaceProviderCertificationBadgeV1 = {
2123
+ type: "object",
2124
+ additionalProperties: false,
2125
+ required: [
2126
+ "schemaVersion",
2127
+ "providerId",
2128
+ "providerRef",
2129
+ "publicationId",
2130
+ "status",
2131
+ "certified",
2132
+ "manifestHash",
2133
+ "providerSigningKeyId",
2134
+ "toolCount",
2135
+ "conformance",
2136
+ "badgeHash"
2137
+ ],
2138
+ properties: {
2139
+ schemaVersion: { type: "string", enum: ["MarketplaceProviderCertificationBadge.v1"] },
2140
+ providerId: { type: "string" },
2141
+ providerRef: { type: "string" },
2142
+ publicationId: { type: "string" },
2143
+ status: { type: "string", enum: ["certified", "conformance_failed", "draft"] },
2144
+ certified: { type: "boolean" },
2145
+ certifiedAt: { type: "string", format: "date-time", nullable: true },
2146
+ updatedAt: { type: "string", format: "date-time", nullable: true },
2147
+ manifestHash: { type: "string", pattern: "^[0-9a-f]{64}$" },
2148
+ providerSigningKeyId: { type: "string", nullable: true },
2149
+ toolCount: { type: "integer", minimum: 0 },
2150
+ conformance: { ...ProviderConformanceSummaryV1, nullable: true },
2151
+ badgeHash: { type: "string", pattern: "^[0-9a-f]{64}$" }
2152
+ }
2153
+ };
2154
+
2155
+ const MarketplaceProviderPublicationSummaryV1 = {
2156
+ type: "object",
2157
+ additionalProperties: false,
2158
+ required: [
2159
+ "schemaVersion",
2160
+ "publicationId",
2161
+ "tenantId",
2162
+ "providerId",
2163
+ "providerRef",
2164
+ "status",
2165
+ "certified",
2166
+ "baseUrl",
2167
+ "tags",
2168
+ "toolCount",
2169
+ "manifestSchemaVersion",
2170
+ "manifestHash",
2171
+ "conformance",
2172
+ "certificationBadge",
2173
+ "publishedAt",
2174
+ "certifiedAt",
2175
+ "updatedAt"
2176
+ ],
2177
+ properties: {
2178
+ schemaVersion: { type: "string" },
2179
+ publicationId: { type: "string" },
2180
+ tenantId: { type: "string" },
2181
+ providerId: { type: "string" },
2182
+ providerRef: { type: "string", nullable: true },
2183
+ status: { type: "string", enum: ["certified", "conformance_failed", "draft"] },
2184
+ certified: { type: "boolean" },
2185
+ baseUrl: { type: "string" },
2186
+ description: { type: "string", nullable: true },
2187
+ tags: {
2188
+ type: "array",
2189
+ items: { type: "string" }
2190
+ },
2191
+ toolCount: { type: "integer", minimum: 0 },
2192
+ manifestSchemaVersion: { type: "string" },
2193
+ manifestHash: { type: "string", pattern: "^[0-9a-f]{64}$" },
2194
+ conformance: { ...ProviderConformanceSummaryV1, nullable: true },
2195
+ certificationBadge: { ...MarketplaceProviderCertificationBadgeV1, nullable: true },
2196
+ publishedAt: { type: "string", format: "date-time", nullable: true },
2197
+ certifiedAt: { type: "string", format: "date-time", nullable: true },
2198
+ updatedAt: { type: "string", format: "date-time", nullable: true }
2199
+ }
2200
+ };
2201
+
2202
+ const MarketplaceToolListingV1 = {
2203
+ type: "object",
2204
+ additionalProperties: false,
2205
+ required: [
2206
+ "schemaVersion",
2207
+ "providerId",
2208
+ "providerRef",
2209
+ "publicationId",
2210
+ "certified",
2211
+ "providerStatus",
2212
+ "providerTags",
2213
+ "manifestSchemaVersion",
2214
+ "manifestHash",
2215
+ "toolId",
2216
+ "pricing",
2217
+ "certificationBadge",
2218
+ "publishedAt",
2219
+ "updatedAt"
2220
+ ],
2221
+ properties: {
2222
+ schemaVersion: { type: "string", enum: ["MarketplaceToolListing.v1"] },
2223
+ providerId: { type: "string" },
2224
+ providerRef: { type: "string", nullable: true },
2225
+ publicationId: { type: "string" },
2226
+ certified: { type: "boolean" },
2227
+ providerStatus: { type: "string", enum: ["certified", "conformance_failed", "draft"] },
2228
+ providerDescription: { type: "string", nullable: true },
2229
+ providerTags: {
2230
+ type: "array",
2231
+ items: { type: "string" }
2232
+ },
2233
+ manifestSchemaVersion: { type: "string", nullable: true },
2234
+ manifestHash: { type: "string", pattern: "^[0-9a-f]{64}$", nullable: true },
2235
+ toolId: { type: "string" },
2236
+ mcpToolName: { type: "string", nullable: true },
2237
+ description: { type: "string", nullable: true },
2238
+ method: { type: "string", nullable: true },
2239
+ paidPath: { type: "string", nullable: true },
2240
+ upstreamPath: { type: "string", nullable: true },
2241
+ tags: {
2242
+ type: "array",
2243
+ items: { type: "string" }
2244
+ },
2245
+ pricing: {
2246
+ type: "object",
2247
+ additionalProperties: false,
2248
+ required: ["amountCents", "currency"],
2249
+ properties: {
2250
+ amountCents: { type: "integer", minimum: 1, nullable: true },
2251
+ currency: { type: "string", nullable: true }
2252
+ }
2253
+ },
2254
+ idempotency: { type: "string", nullable: true },
2255
+ signatureMode: { type: "string", nullable: true },
2256
+ authMode: { type: "string", nullable: true },
2257
+ certificationBadge: { ...MarketplaceProviderCertificationBadgeV1, nullable: true },
2258
+ publishedAt: { type: "string", format: "date-time", nullable: true },
2259
+ updatedAt: { type: "string", format: "date-time", nullable: true }
2260
+ }
2261
+ };
2262
+
2263
+ const MarketplaceRfqV1 = {
2264
+ type: "object",
2265
+ additionalProperties: false,
2266
+ required: ["schemaVersion", "rfqId", "tenantId", "title", "status", "currency", "createdAt", "updatedAt"],
2267
+ properties: {
2268
+ schemaVersion: { type: "string", enum: ["MarketplaceRfq.v1"] },
2269
+ rfqId: { type: "string" },
2270
+ tenantId: { type: "string" },
2271
+ title: { type: "string" },
2272
+ description: { type: "string", nullable: true },
2273
+ capability: { type: "string", nullable: true },
2274
+ fromType: InteractionDirectionEntityType,
2275
+ toType: InteractionDirectionEntityType,
2276
+ posterAgentId: { type: "string", nullable: true },
2277
+ status: { type: "string", enum: ["open", "assigned", "cancelled", "closed"] },
2278
+ budgetCents: { type: "integer", nullable: true, minimum: 1 },
2279
+ currency: { type: "string" },
2280
+ deadlineAt: { type: "string", format: "date-time", nullable: true },
2281
+ acceptedBidId: { type: "string", nullable: true },
2282
+ acceptedBidderAgentId: { type: "string", nullable: true },
2283
+ acceptedAt: { type: "string", format: "date-time", nullable: true },
2284
+ acceptedByAgentId: { type: "string", nullable: true },
2285
+ counterOfferPolicy: { ...MarketplaceCounterOfferPolicyV1, nullable: true },
2286
+ runId: { type: "string", nullable: true },
2287
+ agreementId: { type: "string", nullable: true },
1564
2288
  agreement: {
1565
2289
  type: "object",
1566
2290
  additionalProperties: true,
@@ -2023,7 +2747,6 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
2023
2747
  const RunSettlementResolveRequest = {
2024
2748
  type: "object",
2025
2749
  additionalProperties: false,
2026
- required: ["status"],
2027
2750
  properties: {
2028
2751
  status: { type: "string", enum: ["released", "refunded"] },
2029
2752
  releaseRatePct: { type: "integer", minimum: 0, maximum: 100 },
@@ -2123,6 +2846,47 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
2123
2846
  }
2124
2847
  };
2125
2848
 
2849
+ const DisputeOpenEnvelopeSignedRequest = {
2850
+ type: "object",
2851
+ additionalProperties: false,
2852
+ required: [
2853
+ "schemaVersion",
2854
+ "artifactType",
2855
+ "artifactId",
2856
+ "envelopeId",
2857
+ "caseId",
2858
+ "tenantId",
2859
+ "agreementHash",
2860
+ "receiptHash",
2861
+ "holdHash",
2862
+ "openedByAgentId",
2863
+ "openedAt",
2864
+ "reasonCode",
2865
+ "nonce",
2866
+ "signerKeyId",
2867
+ "envelopeHash",
2868
+ "signature"
2869
+ ],
2870
+ properties: {
2871
+ schemaVersion: { type: "string", enum: ["DisputeOpenEnvelope.v1"] },
2872
+ artifactType: { type: "string", enum: ["DisputeOpenEnvelope.v1"] },
2873
+ artifactId: { type: "string" },
2874
+ envelopeId: { type: "string" },
2875
+ caseId: { type: "string" },
2876
+ tenantId: { type: "string" },
2877
+ agreementHash: { type: "string" },
2878
+ receiptHash: { type: "string" },
2879
+ holdHash: { type: "string" },
2880
+ openedByAgentId: { type: "string" },
2881
+ openedAt: { type: "string", format: "date-time" },
2882
+ reasonCode: { type: "string" },
2883
+ nonce: { type: "string" },
2884
+ signerKeyId: { type: "string" },
2885
+ envelopeHash: { type: "string" },
2886
+ signature: { type: "string" }
2887
+ }
2888
+ };
2889
+
2126
2890
  const ArbitrationCaseV1 = {
2127
2891
  type: "object",
2128
2892
  additionalProperties: false,
@@ -2303,6 +3067,58 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
2303
3067
  }
2304
3068
  };
2305
3069
 
3070
+ const ToolCallReplayEvaluateResponse = {
3071
+ type: "object",
3072
+ additionalProperties: false,
3073
+ required: ["ok", "tenantId", "agreementHash", "runId", "replay", "stored", "comparisons", "issues"],
3074
+ properties: {
3075
+ ok: { type: "boolean" },
3076
+ tenantId: { type: "string" },
3077
+ agreementHash: { type: "string" },
3078
+ runId: { type: "string" },
3079
+ replay: { type: "object", additionalProperties: true },
3080
+ stored: { type: "object", additionalProperties: true },
3081
+ comparisons: { type: "object", additionalProperties: true },
3082
+ issues: { type: "array", items: { type: "string" } }
3083
+ }
3084
+ };
3085
+
3086
+ const ReputationFactsResponse = {
3087
+ type: "object",
3088
+ additionalProperties: false,
3089
+ required: ["ok", "tenantId", "agentId", "window", "asOf", "facts"],
3090
+ properties: {
3091
+ ok: { type: "boolean" },
3092
+ tenantId: { type: "string" },
3093
+ agentId: { type: "string" },
3094
+ toolId: { type: "string", nullable: true },
3095
+ window: { type: "string", enum: ["7d", "30d", "allTime"] },
3096
+ asOf: { type: "string", format: "date-time" },
3097
+ windowStartAt: { type: "string", format: "date-time", nullable: true },
3098
+ facts: {
3099
+ type: "object",
3100
+ additionalProperties: false,
3101
+ properties: {
3102
+ totals: { type: "object", additionalProperties: true },
3103
+ latencyMs: {
3104
+ type: "object",
3105
+ additionalProperties: false,
3106
+ properties: {
3107
+ count: { type: "integer", minimum: 0 },
3108
+ p50: { type: "integer", minimum: 0, nullable: true },
3109
+ p95: { type: "integer", minimum: 0, nullable: true }
3110
+ }
3111
+ }
3112
+ }
3113
+ },
3114
+ events: {
3115
+ type: "array",
3116
+ nullable: true,
3117
+ items: { type: "object", additionalProperties: true }
3118
+ }
3119
+ }
3120
+ };
3121
+
2306
3122
  const MonthCloseRequest = {
2307
3123
  type: "object",
2308
3124
  additionalProperties: false,
@@ -2812,6 +3628,11 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
2812
3628
  JobEventAppendRequest,
2813
3629
  AgentIdentityV1,
2814
3630
  AgentRegisterRequest,
3631
+ AgentPassportV1,
3632
+ AgentPassportUpsertRequest,
3633
+ AgentPassportRevokeRequest,
3634
+ ToolCallAgreementV1,
3635
+ ToolCallEvidenceV1,
2815
3636
  AgentRunV1,
2816
3637
  AgentEventV1,
2817
3638
  AgentRunCreateRequest,
@@ -2827,6 +3648,9 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
2827
3648
  AgentReputationWindowV2,
2828
3649
  AgentReputationV2,
2829
3650
  AgentReputationAny,
3651
+ X402WalletAssignment,
3652
+ X402WalletAssignmentResolveRequest,
3653
+ X402WalletAssignmentResolveResponse,
2830
3654
  VerificationMethodV1,
2831
3655
  SettlementPolicyV1,
2832
3656
  MarketplaceSettlementPolicyRefV1,
@@ -2847,6 +3671,12 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
2847
3671
  DelegationTraceListResponse,
2848
3672
  DelegationEmergencyRevokeRequest,
2849
3673
  DelegationEmergencyRevokeResponse,
3674
+ OpsEmergencyPauseRequest,
3675
+ OpsEmergencyQuarantineRequest,
3676
+ OpsEmergencyRevokeRequest,
3677
+ OpsEmergencyKillSwitchRequest,
3678
+ OpsEmergencyResumeRequest,
3679
+ OpsEmergencyControlResponse,
2850
3680
  MarketplaceAgreementAcceptanceSignatureV2,
2851
3681
  MarketplaceAgreementChangeOrderAcceptanceSignatureV2,
2852
3682
  MarketplaceAgreementCancellationAcceptanceSignatureV2,
@@ -2859,6 +3689,11 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
2859
3689
  MarketplaceCapabilityAvailabilityV1,
2860
3690
  MarketplaceCapabilityListingV1,
2861
3691
  MarketplaceCapabilityListingUpsertRequest,
3692
+ ProviderConformanceVerdictV1,
3693
+ ProviderConformanceSummaryV1,
3694
+ MarketplaceProviderCertificationBadgeV1,
3695
+ MarketplaceProviderPublicationSummaryV1,
3696
+ MarketplaceToolListingV1,
2862
3697
  MarketplaceRfqV1,
2863
3698
  MarketplaceTaskAgreementV2,
2864
3699
  MarketplaceRfqCreateRequest,
@@ -2874,9 +3709,12 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
2874
3709
  RunAgreementCancelResponse,
2875
3710
  DisputeVerdictSignedRequest,
2876
3711
  ArbitrationVerdictSignedRequest,
3712
+ DisputeOpenEnvelopeSignedRequest,
2877
3713
  ArbitrationCaseV1,
2878
3714
  RunSettlementPolicyReplayResponse,
2879
3715
  RunSettlementReplayEvaluateResponse,
3716
+ ToolCallReplayEvaluateResponse,
3717
+ ReputationFactsResponse,
2880
3718
  MonthCloseRequest,
2881
3719
  AckRequest,
2882
3720
  ArtifactVerificationSummary,
@@ -2951,16 +3789,17 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
2951
3789
  }
2952
3790
  }
2953
3791
  },
2954
- "/marketplace/capability-listings": {
3792
+ "/marketplace/providers": {
2955
3793
  get: {
2956
- summary: "List marketplace capability listings",
3794
+ summary: "List marketplace provider publications",
2957
3795
  parameters: [
2958
3796
  TenantHeader,
2959
3797
  ProtocolHeader,
2960
3798
  RequestIdHeader,
2961
- { name: "status", in: "query", required: false, schema: { type: "string", enum: ["active", "paused", "retired", "all"] } },
2962
- { name: "capability", in: "query", required: false, schema: { type: "string" } },
2963
- { name: "sellerAgentId", in: "query", required: false, schema: { type: "string" } },
3799
+ { name: "status", in: "query", required: false, schema: { type: "string", enum: ["certified", "conformance_failed", "draft", "all"] } },
3800
+ { name: "providerId", in: "query", required: false, schema: { type: "string" } },
3801
+ { name: "providerRef", in: "query", required: false, schema: { type: "string" } },
3802
+ { name: "toolId", in: "query", required: false, schema: { type: "string" } },
2964
3803
  { name: "q", in: "query", required: false, schema: { type: "string" } },
2965
3804
  { name: "limit", in: "query", required: false, schema: { type: "integer", minimum: 1, maximum: 200 } },
2966
3805
  { name: "offset", in: "query", required: false, schema: { type: "integer", minimum: 0 } }
@@ -2974,9 +3813,9 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
2974
3813
  schema: {
2975
3814
  type: "object",
2976
3815
  additionalProperties: false,
2977
- required: ["listings", "total", "limit", "offset"],
3816
+ required: ["publications", "total", "limit", "offset"],
2978
3817
  properties: {
2979
- listings: { type: "array", items: MarketplaceCapabilityListingV1 },
3818
+ publications: { type: "array", items: MarketplaceProviderPublicationSummaryV1 },
2980
3819
  total: { type: "integer", minimum: 0 },
2981
3820
  limit: { type: "integer", minimum: 1 },
2982
3821
  offset: { type: "integer", minimum: 0 }
@@ -2987,12 +3826,79 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
2987
3826
  },
2988
3827
  400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } }
2989
3828
  }
2990
- },
3829
+ }
3830
+ },
3831
+ "/marketplace/tools": {
3832
+ get: {
3833
+ summary: "List marketplace tool listings aggregated from provider publications",
3834
+ parameters: [
3835
+ TenantHeader,
3836
+ ProtocolHeader,
3837
+ RequestIdHeader,
3838
+ { name: "status", in: "query", required: false, schema: { type: "string", enum: ["certified", "conformance_failed", "draft", "all"] } },
3839
+ { name: "providerId", in: "query", required: false, schema: { type: "string" } },
3840
+ { name: "providerRef", in: "query", required: false, schema: { type: "string" } },
3841
+ { name: "toolId", in: "query", required: false, schema: { type: "string" } },
3842
+ { name: "q", in: "query", required: false, schema: { type: "string" } },
3843
+ { name: "tags", in: "query", required: false, schema: { type: "string" }, description: "Comma-separated tag filter" },
3844
+ { name: "limit", in: "query", required: false, schema: { type: "integer", minimum: 1, maximum: 200 } },
3845
+ { name: "offset", in: "query", required: false, schema: { type: "integer", minimum: 0 } }
3846
+ ],
3847
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
3848
+ responses: {
3849
+ 200: {
3850
+ description: "OK",
3851
+ content: {
3852
+ "application/json": {
3853
+ schema: {
3854
+ type: "object",
3855
+ additionalProperties: false,
3856
+ required: ["tools", "total", "limit", "offset"],
3857
+ properties: {
3858
+ tools: { type: "array", items: MarketplaceToolListingV1 },
3859
+ total: { type: "integer", minimum: 0 },
3860
+ limit: { type: "integer", minimum: 1 },
3861
+ offset: { type: "integer", minimum: 0 }
3862
+ }
3863
+ }
3864
+ }
3865
+ }
3866
+ },
3867
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } }
3868
+ }
3869
+ }
3870
+ },
3871
+ "/marketplace/providers/publish": {
2991
3872
  post: {
2992
- summary: "Create or upsert a marketplace capability listing",
3873
+ summary: "Publish provider manifest and optionally run conformance",
2993
3874
  parameters: [TenantHeader, ProtocolHeader, RequestIdHeader, IdempotencyHeader],
2994
3875
  security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
2995
- requestBody: { required: true, content: { "application/json": { schema: MarketplaceCapabilityListingUpsertRequest } } },
3876
+ requestBody: {
3877
+ required: true,
3878
+ content: {
3879
+ "application/json": {
3880
+ schema: {
3881
+ type: "object",
3882
+ additionalProperties: false,
3883
+ required: ["baseUrl", "manifest", "publishProof", "publishProofJwksUrl"],
3884
+ properties: {
3885
+ providerId: { type: "string", nullable: true },
3886
+ baseUrl: { type: "string" },
3887
+ toolId: { type: "string", nullable: true },
3888
+ providerSigningPublicKeyPem: { type: "string", nullable: true },
3889
+ publishProof: { type: "string" },
3890
+ publishProofJwksUrl: { type: "string" },
3891
+ runConformance: { type: "boolean", nullable: true },
3892
+ description: { type: "string", nullable: true },
3893
+ contactUrl: { type: "string", nullable: true },
3894
+ termsUrl: { type: "string", nullable: true },
3895
+ tags: { type: "array", items: { type: "string" } },
3896
+ manifest: { type: "object", additionalProperties: true }
3897
+ }
3898
+ }
3899
+ }
3900
+ }
3901
+ },
2996
3902
  responses: {
2997
3903
  200: {
2998
3904
  description: "Updated",
@@ -3001,8 +3907,9 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
3001
3907
  schema: {
3002
3908
  type: "object",
3003
3909
  additionalProperties: false,
3910
+ required: ["publication"],
3004
3911
  properties: {
3005
- listing: MarketplaceCapabilityListingV1
3912
+ publication: { type: "object", additionalProperties: true }
3006
3913
  }
3007
3914
  }
3008
3915
  }
@@ -3015,29 +3922,44 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
3015
3922
  schema: {
3016
3923
  type: "object",
3017
3924
  additionalProperties: false,
3925
+ required: ["publication"],
3018
3926
  properties: {
3019
- listing: MarketplaceCapabilityListingV1
3927
+ publication: { type: "object", additionalProperties: true }
3020
3928
  }
3021
3929
  }
3022
3930
  }
3023
3931
  }
3024
3932
  },
3025
3933
  400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
3026
- 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } },
3027
- 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
3934
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } },
3935
+ 502: { description: "Bad Gateway", content: { "application/json": { schema: ErrorResponse } } }
3028
3936
  }
3029
3937
  }
3030
3938
  },
3031
- "/marketplace/capability-listings/{listingId}": {
3032
- get: {
3033
- summary: "Get marketplace capability listing by id",
3034
- parameters: [
3035
- TenantHeader,
3036
- ProtocolHeader,
3037
- RequestIdHeader,
3038
- { name: "listingId", in: "path", required: true, schema: { type: "string" } }
3039
- ],
3939
+ "/marketplace/providers/conformance/run": {
3940
+ post: {
3941
+ summary: "Run provider conformance checks",
3942
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader],
3040
3943
  security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
3944
+ requestBody: {
3945
+ required: true,
3946
+ content: {
3947
+ "application/json": {
3948
+ schema: {
3949
+ type: "object",
3950
+ additionalProperties: false,
3951
+ required: ["baseUrl", "manifest"],
3952
+ properties: {
3953
+ providerId: { type: "string", nullable: true },
3954
+ baseUrl: { type: "string" },
3955
+ toolId: { type: "string", nullable: true },
3956
+ providerSigningPublicKeyPem: { type: "string", nullable: true },
3957
+ manifest: { type: "object", additionalProperties: true }
3958
+ }
3959
+ }
3960
+ }
3961
+ }
3962
+ },
3041
3963
  responses: {
3042
3964
  200: {
3043
3965
  description: "OK",
@@ -3046,50 +3968,222 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
3046
3968
  schema: {
3047
3969
  type: "object",
3048
3970
  additionalProperties: false,
3971
+ required: ["report"],
3049
3972
  properties: {
3050
- listing: MarketplaceCapabilityListingV1
3973
+ report: { type: "object", additionalProperties: true }
3051
3974
  }
3052
3975
  }
3053
3976
  }
3054
3977
  }
3055
3978
  },
3056
3979
  400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
3057
- 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } }
3980
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } },
3981
+ 502: { description: "Bad Gateway", content: { "application/json": { schema: ErrorResponse } } }
3058
3982
  }
3059
- },
3060
- post: {
3061
- summary: "Update marketplace capability listing by id",
3983
+ }
3984
+ },
3985
+ "/marketplace/providers/{providerId}": {
3986
+ get: {
3987
+ summary: "Get marketplace provider publication by id",
3062
3988
  parameters: [
3063
3989
  TenantHeader,
3064
3990
  ProtocolHeader,
3065
3991
  RequestIdHeader,
3066
- IdempotencyHeader,
3067
- { name: "listingId", in: "path", required: true, schema: { type: "string" } }
3992
+ { name: "providerId", in: "path", required: true, schema: { type: "string" } }
3068
3993
  ],
3069
3994
  security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
3070
- requestBody: { required: true, content: { "application/json": { schema: MarketplaceCapabilityListingUpsertRequest } } },
3071
3995
  responses: {
3072
3996
  200: {
3073
- description: "Updated",
3997
+ description: "OK",
3074
3998
  content: {
3075
3999
  "application/json": {
3076
4000
  schema: {
3077
4001
  type: "object",
3078
4002
  additionalProperties: false,
4003
+ required: ["publication", "certificationBadge"],
3079
4004
  properties: {
3080
- listing: MarketplaceCapabilityListingV1
4005
+ publication: { type: "object", additionalProperties: true },
4006
+ certificationBadge: MarketplaceProviderCertificationBadgeV1
3081
4007
  }
3082
4008
  }
3083
4009
  }
3084
4010
  }
3085
4011
  },
3086
4012
  400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
3087
- 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } },
3088
- 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
4013
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } }
3089
4014
  }
3090
- },
3091
- delete: {
3092
- summary: "Delete marketplace capability listing by id",
4015
+ }
4016
+ },
4017
+ "/marketplace/providers/{providerId}/badge": {
4018
+ get: {
4019
+ summary: "Get provider certification badge payload",
4020
+ parameters: [
4021
+ TenantHeader,
4022
+ ProtocolHeader,
4023
+ RequestIdHeader,
4024
+ { name: "providerId", in: "path", required: true, schema: { type: "string" } }
4025
+ ],
4026
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
4027
+ responses: {
4028
+ 200: {
4029
+ description: "OK",
4030
+ content: {
4031
+ "application/json": {
4032
+ schema: {
4033
+ type: "object",
4034
+ additionalProperties: false,
4035
+ required: ["badge"],
4036
+ properties: {
4037
+ badge: MarketplaceProviderCertificationBadgeV1
4038
+ }
4039
+ }
4040
+ }
4041
+ }
4042
+ },
4043
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
4044
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } }
4045
+ }
4046
+ }
4047
+ },
4048
+ "/marketplace/capability-listings": {
4049
+ get: {
4050
+ summary: "List marketplace capability listings",
4051
+ parameters: [
4052
+ TenantHeader,
4053
+ ProtocolHeader,
4054
+ RequestIdHeader,
4055
+ { name: "status", in: "query", required: false, schema: { type: "string", enum: ["active", "paused", "retired", "all"] } },
4056
+ { name: "capability", in: "query", required: false, schema: { type: "string" } },
4057
+ { name: "sellerAgentId", in: "query", required: false, schema: { type: "string" } },
4058
+ { name: "q", in: "query", required: false, schema: { type: "string" } },
4059
+ { name: "limit", in: "query", required: false, schema: { type: "integer", minimum: 1, maximum: 200 } },
4060
+ { name: "offset", in: "query", required: false, schema: { type: "integer", minimum: 0 } }
4061
+ ],
4062
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
4063
+ responses: {
4064
+ 200: {
4065
+ description: "OK",
4066
+ content: {
4067
+ "application/json": {
4068
+ schema: {
4069
+ type: "object",
4070
+ additionalProperties: false,
4071
+ required: ["listings", "total", "limit", "offset"],
4072
+ properties: {
4073
+ listings: { type: "array", items: MarketplaceCapabilityListingV1 },
4074
+ total: { type: "integer", minimum: 0 },
4075
+ limit: { type: "integer", minimum: 1 },
4076
+ offset: { type: "integer", minimum: 0 }
4077
+ }
4078
+ }
4079
+ }
4080
+ }
4081
+ },
4082
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } }
4083
+ }
4084
+ },
4085
+ post: {
4086
+ summary: "Create or upsert a marketplace capability listing",
4087
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader, IdempotencyHeader],
4088
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
4089
+ requestBody: { required: true, content: { "application/json": { schema: MarketplaceCapabilityListingUpsertRequest } } },
4090
+ responses: {
4091
+ 200: {
4092
+ description: "Updated",
4093
+ content: {
4094
+ "application/json": {
4095
+ schema: {
4096
+ type: "object",
4097
+ additionalProperties: false,
4098
+ properties: {
4099
+ listing: MarketplaceCapabilityListingV1
4100
+ }
4101
+ }
4102
+ }
4103
+ }
4104
+ },
4105
+ 201: {
4106
+ description: "Created",
4107
+ content: {
4108
+ "application/json": {
4109
+ schema: {
4110
+ type: "object",
4111
+ additionalProperties: false,
4112
+ properties: {
4113
+ listing: MarketplaceCapabilityListingV1
4114
+ }
4115
+ }
4116
+ }
4117
+ }
4118
+ },
4119
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
4120
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } },
4121
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
4122
+ }
4123
+ }
4124
+ },
4125
+ "/marketplace/capability-listings/{listingId}": {
4126
+ get: {
4127
+ summary: "Get marketplace capability listing by id",
4128
+ parameters: [
4129
+ TenantHeader,
4130
+ ProtocolHeader,
4131
+ RequestIdHeader,
4132
+ { name: "listingId", in: "path", required: true, schema: { type: "string" } }
4133
+ ],
4134
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
4135
+ responses: {
4136
+ 200: {
4137
+ description: "OK",
4138
+ content: {
4139
+ "application/json": {
4140
+ schema: {
4141
+ type: "object",
4142
+ additionalProperties: false,
4143
+ properties: {
4144
+ listing: MarketplaceCapabilityListingV1
4145
+ }
4146
+ }
4147
+ }
4148
+ }
4149
+ },
4150
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
4151
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } }
4152
+ }
4153
+ },
4154
+ post: {
4155
+ summary: "Update marketplace capability listing by id",
4156
+ parameters: [
4157
+ TenantHeader,
4158
+ ProtocolHeader,
4159
+ RequestIdHeader,
4160
+ IdempotencyHeader,
4161
+ { name: "listingId", in: "path", required: true, schema: { type: "string" } }
4162
+ ],
4163
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
4164
+ requestBody: { required: true, content: { "application/json": { schema: MarketplaceCapabilityListingUpsertRequest } } },
4165
+ responses: {
4166
+ 200: {
4167
+ description: "Updated",
4168
+ content: {
4169
+ "application/json": {
4170
+ schema: {
4171
+ type: "object",
4172
+ additionalProperties: false,
4173
+ properties: {
4174
+ listing: MarketplaceCapabilityListingV1
4175
+ }
4176
+ }
4177
+ }
4178
+ }
4179
+ },
4180
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
4181
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } },
4182
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
4183
+ }
4184
+ },
4185
+ delete: {
4186
+ summary: "Delete marketplace capability listing by id",
3093
4187
  parameters: [
3094
4188
  TenantHeader,
3095
4189
  ProtocolHeader,
@@ -3891,11 +4985,13 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
3891
4985
  closedByAgentId: { type: "string", nullable: true },
3892
4986
  summary: { type: "string", nullable: true },
3893
4987
  closedAt: { type: "string", format: "date-time", nullable: true },
4988
+ releaseRatePct: { type: "integer", minimum: 0, maximum: 100, nullable: true },
3894
4989
  evidenceRefs: { type: "array", items: { type: "string" } }
3895
4990
  }
3896
4991
  },
3897
4992
  resolutionOutcome: { type: "string", enum: ["accepted", "rejected", "partial", "withdrawn", "unresolved"] },
3898
4993
  resolutionEscalationLevel: { type: "string", enum: ["l1_counterparty", "l2_arbiter", "l3_external"] },
4994
+ resolutionReleaseRatePct: { type: "integer", minimum: 0, maximum: 100 },
3899
4995
  resolutionSummary: { type: "string" },
3900
4996
  closedByAgentId: { type: "string" },
3901
4997
  resolutionEvidenceRefs: { type: "array", items: { type: "string" } },
@@ -4209,6 +5305,99 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
4209
5305
  }
4210
5306
  }
4211
5307
  },
5308
+ "/agents/{agentId}/passport": {
5309
+ get: {
5310
+ summary: "Get an issued agent passport",
5311
+ parameters: [
5312
+ TenantHeader,
5313
+ ProtocolHeader,
5314
+ RequestIdHeader,
5315
+ { name: "agentId", in: "path", required: true, schema: { type: "string" } }
5316
+ ],
5317
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
5318
+ responses: {
5319
+ 200: {
5320
+ description: "OK",
5321
+ content: {
5322
+ "application/json": {
5323
+ schema: {
5324
+ type: "object",
5325
+ additionalProperties: false,
5326
+ properties: {
5327
+ agentPassport: AgentPassportV1
5328
+ }
5329
+ }
5330
+ }
5331
+ }
5332
+ },
5333
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } }
5334
+ }
5335
+ },
5336
+ post: {
5337
+ summary: "Issue or rotate an agent passport",
5338
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader, IdempotencyHeader, { name: "agentId", in: "path", required: true, schema: { type: "string" } }],
5339
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
5340
+ requestBody: { required: true, content: { "application/json": { schema: AgentPassportUpsertRequest } } },
5341
+ responses: {
5342
+ 200: {
5343
+ description: "Updated",
5344
+ content: {
5345
+ "application/json": {
5346
+ schema: {
5347
+ type: "object",
5348
+ additionalProperties: false,
5349
+ properties: {
5350
+ agentPassport: AgentPassportV1
5351
+ }
5352
+ }
5353
+ }
5354
+ }
5355
+ },
5356
+ 201: {
5357
+ description: "Issued",
5358
+ content: {
5359
+ "application/json": {
5360
+ schema: {
5361
+ type: "object",
5362
+ additionalProperties: false,
5363
+ properties: {
5364
+ agentPassport: AgentPassportV1
5365
+ }
5366
+ }
5367
+ }
5368
+ }
5369
+ },
5370
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
5371
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
5372
+ }
5373
+ }
5374
+ },
5375
+ "/agents/{agentId}/passport/revoke": {
5376
+ post: {
5377
+ summary: "Revoke an issued agent passport",
5378
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader, IdempotencyHeader, { name: "agentId", in: "path", required: true, schema: { type: "string" } }],
5379
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
5380
+ requestBody: { required: false, content: { "application/json": { schema: AgentPassportRevokeRequest } } },
5381
+ responses: {
5382
+ 200: {
5383
+ description: "Revoked",
5384
+ content: {
5385
+ "application/json": {
5386
+ schema: {
5387
+ type: "object",
5388
+ additionalProperties: false,
5389
+ properties: {
5390
+ agentPassport: AgentPassportV1
5391
+ }
5392
+ }
5393
+ }
5394
+ }
5395
+ },
5396
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } },
5397
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
5398
+ }
5399
+ }
5400
+ },
4212
5401
  "/agents/{agentId}/reputation": {
4213
5402
  get: {
4214
5403
  summary: "Get computed reputation for an agent",
@@ -4834,6 +6023,7 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
4834
6023
  panelCandidateAgentIds: { type: "array", items: { type: "string" } },
4835
6024
  summary: { type: "string" },
4836
6025
  evidenceRefs: { type: "array", items: { type: "string" } },
6026
+ disputeOpenEnvelope: DisputeOpenEnvelopeSignedRequest,
4837
6027
  adminOverride: { type: "object", additionalProperties: true }
4838
6028
  }
4839
6029
  }
@@ -4843,15 +6033,44 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
4843
6033
  responses: {
4844
6034
  201: {
4845
6035
  description: "Created",
4846
- content: { "application/json": { schema: { type: "object", additionalProperties: false, properties: { arbitrationCase: ArbitrationCaseV1 } } } }
4847
- },
4848
- 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
4849
- 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } },
4850
- 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
4851
- }
4852
- }
4853
- },
4854
- "/tool-calls/arbitration/verdict": {
6036
+ content: {
6037
+ "application/json": {
6038
+ schema: {
6039
+ type: "object",
6040
+ additionalProperties: false,
6041
+ properties: {
6042
+ arbitrationCase: ArbitrationCaseV1,
6043
+ arbitrationCaseArtifact: {
6044
+ type: "object",
6045
+ nullable: true,
6046
+ additionalProperties: false,
6047
+ properties: {
6048
+ artifactId: { type: "string" },
6049
+ artifactHash: { type: "string", nullable: true }
6050
+ }
6051
+ },
6052
+ disputeOpenEnvelopeArtifact: {
6053
+ type: "object",
6054
+ nullable: true,
6055
+ additionalProperties: false,
6056
+ properties: {
6057
+ artifactId: { type: "string" },
6058
+ artifactHash: { type: "string", nullable: true }
6059
+ }
6060
+ },
6061
+ alreadyExisted: { type: "boolean" }
6062
+ }
6063
+ }
6064
+ }
6065
+ }
6066
+ },
6067
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
6068
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } },
6069
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
6070
+ }
6071
+ }
6072
+ },
6073
+ "/tool-calls/arbitration/verdict": {
4855
6074
  post: {
4856
6075
  summary: "Submit signed arbitration verdict for a tool-call case (binary release/refund)",
4857
6076
  parameters: [TenantHeader, ProtocolHeader, RequestIdHeader, IdempotencyHeader],
@@ -4995,6 +6214,64 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
4995
6214
  }
4996
6215
  }
4997
6216
  },
6217
+ "/ops/tool-calls/replay-evaluate": {
6218
+ get: {
6219
+ summary: "Ops: replay tool-call holdback/dispute resolution by agreement hash",
6220
+ parameters: [
6221
+ TenantHeader,
6222
+ ProtocolHeader,
6223
+ RequestIdHeader,
6224
+ { name: "agreementHash", in: "query", required: true, schema: { type: "string" } }
6225
+ ],
6226
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
6227
+ "x-settld-scopes": ["ops_read"],
6228
+ responses: {
6229
+ 200: {
6230
+ description: "OK",
6231
+ content: {
6232
+ "application/json": {
6233
+ schema: ToolCallReplayEvaluateResponse
6234
+ }
6235
+ }
6236
+ },
6237
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
6238
+ 403: { description: "Forbidden", content: { "application/json": { schema: ErrorResponse } } },
6239
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } },
6240
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } },
6241
+ 501: { description: "Not Implemented", content: { "application/json": { schema: ErrorResponse } } }
6242
+ }
6243
+ }
6244
+ },
6245
+ "/ops/reputation/facts": {
6246
+ get: {
6247
+ summary: "Ops: aggregate append-only reputation facts for an agent/tool window",
6248
+ parameters: [
6249
+ TenantHeader,
6250
+ ProtocolHeader,
6251
+ RequestIdHeader,
6252
+ { name: "agentId", in: "query", required: true, schema: { type: "string" } },
6253
+ { name: "toolId", in: "query", required: false, schema: { type: "string" } },
6254
+ { name: "window", in: "query", required: false, schema: { type: "string", enum: ["7d", "30d", "allTime"] } },
6255
+ { name: "asOf", in: "query", required: false, schema: { type: "string", format: "date-time" } },
6256
+ { name: "includeEvents", in: "query", required: false, schema: { type: "string", enum: ["1"] } }
6257
+ ],
6258
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
6259
+ "x-settld-scopes": ["ops_read"],
6260
+ responses: {
6261
+ 200: {
6262
+ description: "OK",
6263
+ content: {
6264
+ "application/json": {
6265
+ schema: ReputationFactsResponse
6266
+ }
6267
+ }
6268
+ },
6269
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
6270
+ 403: { description: "Forbidden", content: { "application/json": { schema: ErrorResponse } } },
6271
+ 501: { description: "Not Implemented", content: { "application/json": { schema: ErrorResponse } } }
6272
+ }
6273
+ }
6274
+ },
4998
6275
  "/ops/tool-calls/holds/{holdHash}": {
4999
6276
  get: {
5000
6277
  summary: "Ops: get tool-call funding hold",
@@ -5142,6 +6419,85 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
5142
6419
  }
5143
6420
  }
5144
6421
  },
6422
+ "/ops/emergency/pause": {
6423
+ post: {
6424
+ summary: "Emergency pause an agent for paid execution paths",
6425
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader],
6426
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
6427
+ "x-settld-scopes": ["ops_write"],
6428
+ requestBody: { required: false, content: { "application/json": { schema: OpsEmergencyPauseRequest } } },
6429
+ responses: {
6430
+ 200: { description: "OK", content: { "application/json": { schema: OpsEmergencyControlResponse } } },
6431
+ 201: { description: "Created", content: { "application/json": { schema: OpsEmergencyControlResponse } } },
6432
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
6433
+ 403: { description: "Forbidden", content: { "application/json": { schema: ErrorResponse } } },
6434
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
6435
+ }
6436
+ }
6437
+ },
6438
+ "/ops/emergency/quarantine": {
6439
+ post: {
6440
+ summary: "Emergency quarantine an agent for paid execution paths",
6441
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader],
6442
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
6443
+ "x-settld-scopes": ["ops_write"],
6444
+ requestBody: { required: false, content: { "application/json": { schema: OpsEmergencyQuarantineRequest } } },
6445
+ responses: {
6446
+ 200: { description: "OK", content: { "application/json": { schema: OpsEmergencyControlResponse } } },
6447
+ 201: { description: "Created", content: { "application/json": { schema: OpsEmergencyControlResponse } } },
6448
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
6449
+ 403: { description: "Forbidden", content: { "application/json": { schema: ErrorResponse } } },
6450
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
6451
+ }
6452
+ }
6453
+ },
6454
+ "/ops/emergency/revoke": {
6455
+ post: {
6456
+ summary: "Emergency revoke delegated authority for paid execution paths",
6457
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader],
6458
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
6459
+ "x-settld-scopes": ["ops_write"],
6460
+ requestBody: { required: false, content: { "application/json": { schema: OpsEmergencyRevokeRequest } } },
6461
+ responses: {
6462
+ 200: { description: "OK", content: { "application/json": { schema: OpsEmergencyControlResponse } } },
6463
+ 201: { description: "Created", content: { "application/json": { schema: OpsEmergencyControlResponse } } },
6464
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
6465
+ 403: { description: "Forbidden", content: { "application/json": { schema: ErrorResponse } } },
6466
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
6467
+ }
6468
+ }
6469
+ },
6470
+ "/ops/emergency/kill-switch": {
6471
+ post: {
6472
+ summary: "Set emergency kill-switch state for high-risk execution",
6473
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader],
6474
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
6475
+ "x-settld-scopes": ["ops_write"],
6476
+ requestBody: { required: false, content: { "application/json": { schema: OpsEmergencyKillSwitchRequest } } },
6477
+ responses: {
6478
+ 200: { description: "OK", content: { "application/json": { schema: OpsEmergencyControlResponse } } },
6479
+ 201: { description: "Created", content: { "application/json": { schema: OpsEmergencyControlResponse } } },
6480
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
6481
+ 403: { description: "Forbidden", content: { "application/json": { schema: ErrorResponse } } },
6482
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
6483
+ }
6484
+ }
6485
+ },
6486
+ "/ops/emergency/resume": {
6487
+ post: {
6488
+ summary: "Resume previously paused or quarantined emergency controls",
6489
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader],
6490
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
6491
+ "x-settld-scopes": ["ops_write"],
6492
+ requestBody: { required: false, content: { "application/json": { schema: OpsEmergencyResumeRequest } } },
6493
+ responses: {
6494
+ 200: { description: "OK", content: { "application/json": { schema: OpsEmergencyControlResponse } } },
6495
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
6496
+ 403: { description: "Forbidden", content: { "application/json": { schema: ErrorResponse } } },
6497
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
6498
+ }
6499
+ }
6500
+ },
5145
6501
  "/ops/network/command-center": {
5146
6502
  get: {
5147
6503
  summary: "Network command-center summary",
@@ -5444,6 +6800,43 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
5444
6800
  }
5445
6801
  }
5446
6802
  },
6803
+ "/ops/money-rails/{providerId}/operations/{operationId}/submit": {
6804
+ post: {
6805
+ summary: "Submit a money rail payout operation to the configured provider",
6806
+ parameters: [
6807
+ TenantHeader,
6808
+ ProtocolHeader,
6809
+ RequestIdHeader,
6810
+ IdempotencyHeader,
6811
+ { name: "providerId", in: "path", required: true, schema: { type: "string" } },
6812
+ { name: "operationId", in: "path", required: true, schema: { type: "string" } }
6813
+ ],
6814
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
6815
+ "x-settld-scopes": ["finance_write"],
6816
+ requestBody: {
6817
+ required: false,
6818
+ content: {
6819
+ "application/json": {
6820
+ schema: {
6821
+ type: "object",
6822
+ additionalProperties: false,
6823
+ properties: {
6824
+ providerRef: { type: "string" }
6825
+ }
6826
+ }
6827
+ }
6828
+ }
6829
+ },
6830
+ responses: {
6831
+ 200: { description: "OK", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
6832
+ 400: { description: "Bad request", content: { "application/json": { schema: ErrorResponse } } },
6833
+ 404: { description: "Not found", content: { "application/json": { schema: ErrorResponse } } },
6834
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } },
6835
+ 502: { description: "Upstream provider error", content: { "application/json": { schema: ErrorResponse } } },
6836
+ 503: { description: "Provider circuit open", content: { "application/json": { schema: ErrorResponse } } }
6837
+ }
6838
+ }
6839
+ },
5447
6840
  "/ops/money-rails/{providerId}/events/ingest": {
5448
6841
  post: {
5449
6842
  summary: "Ingest provider event and deterministically map to operation state",
@@ -5520,6 +6913,44 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
5520
6913
  }
5521
6914
  }
5522
6915
  },
6916
+ "/ops/finance/money-rails/stripe-connect/accounts/sync": {
6917
+ post: {
6918
+ summary: "Sync Stripe Connect account KYB/capability state from Stripe",
6919
+ parameters: [
6920
+ TenantHeader,
6921
+ ProtocolHeader,
6922
+ RequestIdHeader,
6923
+ IdempotencyHeader,
6924
+ { name: "providerId", in: "query", required: false, schema: { type: "string" } }
6925
+ ],
6926
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
6927
+ "x-settld-scopes": ["finance_write"],
6928
+ requestBody: {
6929
+ required: false,
6930
+ content: {
6931
+ "application/json": {
6932
+ schema: {
6933
+ type: "object",
6934
+ additionalProperties: false,
6935
+ properties: {
6936
+ providerId: { type: "string" },
6937
+ dryRun: { type: "boolean", default: false },
6938
+ accountIds: { type: "array", items: { type: "string" } }
6939
+ }
6940
+ }
6941
+ }
6942
+ }
6943
+ },
6944
+ responses: {
6945
+ 200: { description: "OK", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
6946
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
6947
+ 404: { description: "Not found", content: { "application/json": { schema: ErrorResponse } } },
6948
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } },
6949
+ 502: { description: "Upstream provider error", content: { "application/json": { schema: ErrorResponse } } },
6950
+ 503: { description: "Provider circuit open", content: { "application/json": { schema: ErrorResponse } } }
6951
+ }
6952
+ }
6953
+ },
5523
6954
  "/ops/finance/account-map": {
5524
6955
  get: {
5525
6956
  summary: "Get finance account map",
@@ -5660,6 +7091,283 @@ export function buildOpenApiSpec({ baseUrl = null } = {}) {
5660
7091
  }
5661
7092
  }
5662
7093
  },
7094
+ "/x402/wallet-assignment/resolve": {
7095
+ post: {
7096
+ summary: "Resolve deterministic x402 wallet assignment",
7097
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader],
7098
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
7099
+ requestBody: {
7100
+ required: false,
7101
+ content: {
7102
+ "application/json": {
7103
+ schema: X402WalletAssignmentResolveRequest
7104
+ }
7105
+ }
7106
+ },
7107
+ responses: {
7108
+ 200: { description: "OK", content: { "application/json": { schema: X402WalletAssignmentResolveResponse } } },
7109
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } }
7110
+ }
7111
+ }
7112
+ },
7113
+ "/x402/gate/authorize-payment": {
7114
+ post: {
7115
+ summary: "Authorize payment for an x402 gate",
7116
+ description:
7117
+ "Uses strict preconditions (including optional ExecutionIntent.v1 binding) before minting or reusing an authorization token.",
7118
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader, IdempotencyHeader],
7119
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
7120
+ requestBody: {
7121
+ required: true,
7122
+ content: {
7123
+ "application/json": {
7124
+ schema: X402GateAuthorizePaymentRequest
7125
+ }
7126
+ }
7127
+ },
7128
+ responses: {
7129
+ 200: { description: "OK", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
7130
+ 400: {
7131
+ description: "Bad Request",
7132
+ "x-settld-known-error-codes": [...X402AuthorizePaymentBadRequestKnownErrorCodes],
7133
+ content: {
7134
+ "application/json": {
7135
+ schema: errorResponseWithKnownCodes(X402AuthorizePaymentBadRequestKnownErrorCodes)
7136
+ }
7137
+ }
7138
+ },
7139
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } },
7140
+ 409: {
7141
+ description: "Conflict",
7142
+ "x-settld-known-error-codes": [...X402AuthorizePaymentConflictKnownErrorCodes],
7143
+ content: {
7144
+ "application/json": {
7145
+ schema: errorResponseWithKnownCodes(X402AuthorizePaymentConflictKnownErrorCodes)
7146
+ }
7147
+ }
7148
+ }
7149
+ }
7150
+ }
7151
+ },
7152
+ "/x402/gate/verify": {
7153
+ post: {
7154
+ summary: "Verify x402 gated execution and settle escrow",
7155
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader, IdempotencyHeader],
7156
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
7157
+ requestBody: {
7158
+ required: true,
7159
+ content: {
7160
+ "application/json": {
7161
+ schema: X402GateVerifyRequest
7162
+ }
7163
+ }
7164
+ },
7165
+ responses: {
7166
+ 200: { description: "OK", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
7167
+ 400: {
7168
+ description: "Bad Request",
7169
+ "x-settld-known-error-codes": [...X402GateVerifyBadRequestKnownErrorCodes],
7170
+ content: {
7171
+ "application/json": {
7172
+ schema: errorResponseWithKnownCodes(X402GateVerifyBadRequestKnownErrorCodes)
7173
+ }
7174
+ }
7175
+ },
7176
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } },
7177
+ 409: {
7178
+ description: "Conflict",
7179
+ "x-settld-known-error-codes": [...X402GateVerifyConflictKnownErrorCodes],
7180
+ content: {
7181
+ "application/json": {
7182
+ schema: errorResponseWithKnownCodes(X402GateVerifyConflictKnownErrorCodes)
7183
+ }
7184
+ }
7185
+ }
7186
+ }
7187
+ }
7188
+ },
7189
+ "/x402/zk/verification-keys": {
7190
+ post: {
7191
+ summary: "Register an immutable x402 zk verification key",
7192
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader, IdempotencyHeader],
7193
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
7194
+ requestBody: {
7195
+ required: true,
7196
+ content: {
7197
+ "application/json": {
7198
+ schema: {
7199
+ type: "object",
7200
+ additionalProperties: false,
7201
+ required: ["verificationKey"],
7202
+ properties: {
7203
+ verificationKey: X402ZkVerificationKeyV1
7204
+ }
7205
+ }
7206
+ }
7207
+ }
7208
+ },
7209
+ responses: {
7210
+ 200: { description: "OK", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
7211
+ 201: { description: "Created", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
7212
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
7213
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
7214
+ }
7215
+ },
7216
+ get: {
7217
+ summary: "List x402 zk verification keys",
7218
+ parameters: [
7219
+ TenantHeader,
7220
+ ProtocolHeader,
7221
+ RequestIdHeader,
7222
+ { name: "protocol", in: "query", required: false, schema: { type: "string", enum: ["groth16", "plonk", "stark"] } },
7223
+ { name: "providerRef", in: "query", required: false, schema: { type: "string" } },
7224
+ { name: "limit", in: "query", required: false, schema: { type: "integer", minimum: 1, maximum: 2000, default: 200 } },
7225
+ { name: "offset", in: "query", required: false, schema: { type: "integer", minimum: 0, maximum: 100000, default: 0 } }
7226
+ ],
7227
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
7228
+ responses: {
7229
+ 200: { description: "OK", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
7230
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } }
7231
+ }
7232
+ }
7233
+ },
7234
+ "/x402/zk/verification-keys/{verificationKeyId}": {
7235
+ get: {
7236
+ summary: "Get x402 zk verification key by id",
7237
+ parameters: [
7238
+ TenantHeader,
7239
+ ProtocolHeader,
7240
+ RequestIdHeader,
7241
+ { name: "verificationKeyId", in: "path", required: true, schema: { type: "string" } }
7242
+ ],
7243
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
7244
+ responses: {
7245
+ 200: { description: "OK", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
7246
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } }
7247
+ }
7248
+ }
7249
+ },
7250
+ "/x402/webhooks/endpoints": {
7251
+ post: {
7252
+ summary: "Register an x402 principal webhook endpoint (secret returned once)",
7253
+ parameters: [TenantHeader, ProtocolHeader, RequestIdHeader, IdempotencyHeader],
7254
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
7255
+ requestBody: {
7256
+ required: true,
7257
+ content: {
7258
+ "application/json": {
7259
+ schema: {
7260
+ type: "object",
7261
+ additionalProperties: false,
7262
+ required: ["url", "events"],
7263
+ properties: {
7264
+ url: { type: "string", format: "uri", example: "https://principal.example.com/webhooks/settld" },
7265
+ events: {
7266
+ type: "array",
7267
+ minItems: 1,
7268
+ items: {
7269
+ type: "string",
7270
+ enum: ["x402.escalation.created", "x402.escalation.approved", "x402.escalation.denied"]
7271
+ }
7272
+ },
7273
+ description: { type: "string", maxLength: 300 },
7274
+ status: { type: "string", enum: ["active", "disabled"], default: "active" }
7275
+ }
7276
+ }
7277
+ }
7278
+ }
7279
+ },
7280
+ responses: {
7281
+ 201: { description: "Created", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
7282
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } }
7283
+ }
7284
+ },
7285
+ get: {
7286
+ summary: "List x402 webhook endpoints",
7287
+ parameters: [
7288
+ TenantHeader,
7289
+ ProtocolHeader,
7290
+ RequestIdHeader,
7291
+ { name: "status", in: "query", required: false, schema: { type: "string", enum: ["active", "disabled", "revoked"] } },
7292
+ {
7293
+ name: "event",
7294
+ in: "query",
7295
+ required: false,
7296
+ schema: { type: "string", enum: ["x402.escalation.created", "x402.escalation.approved", "x402.escalation.denied"] }
7297
+ },
7298
+ { name: "limit", in: "query", required: false, schema: { type: "integer", minimum: 1, maximum: 1000, default: 200 } },
7299
+ { name: "offset", in: "query", required: false, schema: { type: "integer", minimum: 0, maximum: 100000, default: 0 } }
7300
+ ],
7301
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
7302
+ responses: {
7303
+ 200: { description: "OK", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
7304
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } }
7305
+ }
7306
+ }
7307
+ },
7308
+ "/x402/webhooks/endpoints/{endpointId}": {
7309
+ get: {
7310
+ summary: "Get x402 webhook endpoint",
7311
+ parameters: [
7312
+ TenantHeader,
7313
+ ProtocolHeader,
7314
+ RequestIdHeader,
7315
+ { name: "endpointId", in: "path", required: true, schema: { type: "string" } }
7316
+ ],
7317
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
7318
+ responses: {
7319
+ 200: { description: "OK", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
7320
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } }
7321
+ }
7322
+ },
7323
+ delete: {
7324
+ summary: "Revoke x402 webhook endpoint",
7325
+ parameters: [
7326
+ TenantHeader,
7327
+ ProtocolHeader,
7328
+ RequestIdHeader,
7329
+ IdempotencyHeader,
7330
+ { name: "endpointId", in: "path", required: true, schema: { type: "string" } }
7331
+ ],
7332
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
7333
+ responses: {
7334
+ 200: { description: "OK", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
7335
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } }
7336
+ }
7337
+ }
7338
+ },
7339
+ "/x402/webhooks/endpoints/{endpointId}/rotate-secret": {
7340
+ post: {
7341
+ summary: "Rotate x402 webhook endpoint secret (returns new secret once)",
7342
+ parameters: [
7343
+ TenantHeader,
7344
+ ProtocolHeader,
7345
+ RequestIdHeader,
7346
+ { name: "endpointId", in: "path", required: true, schema: { type: "string" } }
7347
+ ],
7348
+ security: [{ BearerAuth: [] }, { ProxyApiKey: [] }],
7349
+ requestBody: {
7350
+ required: false,
7351
+ content: {
7352
+ "application/json": {
7353
+ schema: {
7354
+ type: "object",
7355
+ additionalProperties: false,
7356
+ properties: {
7357
+ gracePeriodSeconds: { type: "integer", minimum: 1, maximum: 604800, default: 86400 }
7358
+ }
7359
+ }
7360
+ }
7361
+ }
7362
+ },
7363
+ responses: {
7364
+ 200: { description: "OK", content: { "application/json": { schema: { type: "object", additionalProperties: true } } } },
7365
+ 400: { description: "Bad Request", content: { "application/json": { schema: ErrorResponse } } },
7366
+ 404: { description: "Not Found", content: { "application/json": { schema: ErrorResponse } } },
7367
+ 409: { description: "Conflict", content: { "application/json": { schema: ErrorResponse } } }
7368
+ }
7369
+ }
7370
+ },
5663
7371
  "/exports/ack": {
5664
7372
  post: {
5665
7373
  summary: "ACK a delivery (destination-signed)",