settld 0.1.2 → 0.2.0

package/src/api/persistence.js

@@ -9,6 +9,7 @@ import { reduceMonthClose } from "../core/month-close.js";
 import { AGENT_RUN_EVENT_SCHEMA_VERSION, reduceAgentRun } from "../core/agent-runs.js";
 import { normalizeInteractionDirection } from "../core/interaction-directions.js";
 import { DEFAULT_TENANT_ID, normalizeTenantId, makeScopedKey } from "../core/tenancy.js";
+import { canonicalJsonStringify } from "../core/canonical-json.js";
 
 export const TX_LOG_VERSION = 1;
 
@@ -22,6 +23,72 @@ function normalizeMarketplaceDirectionForReplay({ fromType, toType }) {
   });
 }
 
+const EMERGENCY_SCOPE_TYPE = Object.freeze({
+  TENANT: "tenant",
+  AGENT: "agent",
+  ADAPTER: "adapter"
+});
+const EMERGENCY_SCOPE_TYPES = new Set(Object.values(EMERGENCY_SCOPE_TYPE));
+const EMERGENCY_CONTROL_TYPE = Object.freeze({
+  PAUSE: "pause",
+  QUARANTINE: "quarantine",
+  REVOKE: "revoke",
+  KILL_SWITCH: "kill-switch"
+});
+const EMERGENCY_CONTROL_TYPES = Object.values(EMERGENCY_CONTROL_TYPE);
+const EMERGENCY_CONTROL_TYPES_SET = new Set(EMERGENCY_CONTROL_TYPES);
+const EMERGENCY_ACTION = Object.freeze({
+  PAUSE: "pause",
+  QUARANTINE: "quarantine",
+  REVOKE: "revoke",
+  KILL_SWITCH: "kill-switch",
+  RESUME: "resume"
+});
+const EMERGENCY_ACTIONS = new Set(Object.values(EMERGENCY_ACTION));
+
+function normalizeEmergencyScopeTypeForReplay(raw) {
+  const value = typeof raw === "string" ? raw.trim().toLowerCase() : "";
+  if (!EMERGENCY_SCOPE_TYPES.has(value)) throw new TypeError("invalid emergency scope type");
+  return value;
+}
+
+function normalizeEmergencyScopeIdForReplay(scopeType, raw) {
+  if (scopeType === EMERGENCY_SCOPE_TYPE.TENANT) return null;
+  const value = typeof raw === "string" ? raw.trim() : "";
+  if (!value) throw new TypeError("emergency scope id is required for non-tenant scope");
+  return value;
+}
+
+function normalizeEmergencyControlTypeForReplay(raw, { allowNull = false } = {}) {
+  if (allowNull && (raw === null || raw === undefined || String(raw).trim() === "")) return null;
+  const value = typeof raw === "string" ? raw.trim().toLowerCase() : "";
+  if (!EMERGENCY_CONTROL_TYPES_SET.has(value)) throw new TypeError("invalid emergency control type");
+  return value;
+}
+
+function normalizeEmergencyActionForReplay(raw) {
+  const value = typeof raw === "string" ? raw.trim().toLowerCase() : "";
+  if (!EMERGENCY_ACTIONS.has(value)) throw new TypeError("invalid emergency action");
+  return value;
+}
+
+function normalizeEmergencyResumeControlTypesForReplay(raw) {
+  const values = Array.isArray(raw) ? raw : raw === null || raw === undefined ? EMERGENCY_CONTROL_TYPES : [raw];
+  const dedupe = new Set();
+  for (const item of values) {
+    const controlType = normalizeEmergencyControlTypeForReplay(item, { allowNull: false });
+    dedupe.add(controlType);
+  }
+  const out = Array.from(dedupe.values());
+  out.sort((left, right) => left.localeCompare(right));
+  return out;
+}
+
+function emergencyControlStateStoreKey({ tenantId, scopeType, scopeId, controlType }) {
+  const scopeToken = scopeType === EMERGENCY_SCOPE_TYPE.TENANT ? "*" : String(scopeId);
+  return makeScopedKey({ tenantId, id: `${scopeType}::${scopeToken}::${controlType}` });
+}
+
 export function createFileTxLog({ dir, filename = "proxy-tx.log" }) {
   if (typeof dir !== "string" || dir.trim() === "") throw new TypeError("dir must be a non-empty string");
   fs.mkdirSync(dir, { recursive: true });
@@ -104,6 +171,24 @@ export function applyTxRecord(store, record) {
       continue;
     }
 
+    if (kind === "AGENT_PASSPORT_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const agentPassport = op.agentPassport ?? null;
+      if (!agentPassport || typeof agentPassport !== "object" || Array.isArray(agentPassport)) {
+        throw new TypeError("AGENT_PASSPORT_UPSERT requires agentPassport");
+      }
+      const agentId = agentPassport.agentId ?? op.agentId ?? null;
+      if (!agentId) throw new TypeError("AGENT_PASSPORT_UPSERT requires agentPassport.agentId");
+      const status = typeof agentPassport.status === "string" ? agentPassport.status.trim().toLowerCase() : "";
+      if (status !== "active" && status !== "suspended" && status !== "revoked") {
+        throw new TypeError("AGENT_PASSPORT_UPSERT requires status active|suspended|revoked");
+      }
+      if (!(store.agentPassports instanceof Map)) store.agentPassports = new Map();
+      const key = makeScopedKey({ tenantId, id: String(agentId) });
+      store.agentPassports.set(key, { ...agentPassport, tenantId, agentId: String(agentId), status });
+      continue;
+    }
+
     if (kind === "AGENT_WALLET_UPSERT") {
       const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
       const wallet = op.wallet ?? null;
@@ -199,6 +284,106 @@ export function applyTxRecord(store, record) {
       continue;
     }
 
+    if (kind === "EMERGENCY_CONTROL_EVENT_APPEND") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const event = op.event ?? null;
+      if (!event || typeof event !== "object" || Array.isArray(event)) {
+        throw new TypeError("EMERGENCY_CONTROL_EVENT_APPEND requires event");
+      }
+      const eventIdRaw = event.eventId ?? event.id ?? op.eventId ?? null;
+      if (eventIdRaw === null || eventIdRaw === undefined || String(eventIdRaw).trim() === "") {
+        throw new TypeError("EMERGENCY_CONTROL_EVENT_APPEND requires event.eventId");
+      }
+      const eventId = String(eventIdRaw).trim();
+      const action = normalizeEmergencyActionForReplay(event.action ?? op.action ?? null);
+
+      const scopeRaw = event.scope && typeof event.scope === "object" && !Array.isArray(event.scope) ? event.scope : {};
+      const scopeType = normalizeEmergencyScopeTypeForReplay(scopeRaw.type ?? event.scopeType ?? EMERGENCY_SCOPE_TYPE.TENANT);
+      const scopeId = normalizeEmergencyScopeIdForReplay(scopeType, scopeRaw.id ?? event.scopeId ?? null);
+
+      const controlType =
+        action === EMERGENCY_ACTION.RESUME
+          ? normalizeEmergencyControlTypeForReplay(event.controlType ?? op.controlType ?? null, { allowNull: true })
+          : normalizeEmergencyControlTypeForReplay(event.controlType ?? action, { allowNull: false });
+      const resumeControlTypes =
+        action === EMERGENCY_ACTION.RESUME
+          ? normalizeEmergencyResumeControlTypesForReplay(event.resumeControlTypes ?? op.resumeControlTypes ?? (controlType ? [controlType] : null))
+          : [];
+
+      const effectiveAt =
+        typeof event.effectiveAt === "string" && event.effectiveAt.trim() !== "" ? event.effectiveAt.trim() : record.at ?? new Date().toISOString();
+      const createdAt =
+        typeof event.createdAt === "string" && event.createdAt.trim() !== "" ? event.createdAt.trim() : effectiveAt;
+
+      if (!(store.emergencyControlEvents instanceof Map)) store.emergencyControlEvents = new Map();
+      if (!(store.emergencyControlState instanceof Map)) store.emergencyControlState = new Map();
+
+      const eventKey = makeScopedKey({ tenantId, id: eventId });
+      const normalizedEvent = {
+        ...event,
+        schemaVersion:
+          typeof event.schemaVersion === "string" && event.schemaVersion.trim() !== ""
+            ? event.schemaVersion.trim()
+            : "OpsEmergencyControlEvent.v1",
+        tenantId,
+        eventId,
+        action,
+        controlType,
+        resumeControlTypes,
+        scope: { type: scopeType, id: scopeId },
+        effectiveAt,
+        createdAt
+      };
+      const existingEvent = store.emergencyControlEvents.get(eventKey) ?? null;
+      if (existingEvent) {
+        if (canonicalJsonStringify(existingEvent) !== canonicalJsonStringify(normalizedEvent)) {
+          const err = new Error("emergency control event conflict");
+          err.code = "EMERGENCY_CONTROL_EVENT_CONFLICT";
+          err.statusCode = 409;
+          throw err;
+        }
+        continue;
+      }
+      store.emergencyControlEvents.set(eventKey, normalizedEvent);
+
+      function putState(nextControlType, nextActive) {
+        const stateKey = emergencyControlStateStoreKey({ tenantId, scopeType, scopeId, controlType: nextControlType });
+        const existingState = store.emergencyControlState.get(stateKey) ?? null;
+        const revision = Number.isSafeInteger(Number(existingState?.revision)) ? Number(existingState.revision) + 1 : 1;
+        const next = {
+          schemaVersion: "OpsEmergencyControlState.v1",
+          tenantId,
+          scopeType,
+          scopeId,
+          controlType: nextControlType,
+          active: nextActive === true,
+          activatedAt: nextActive === true ? effectiveAt : existingState?.activatedAt ?? null,
+          resumedAt: nextActive === true ? null : effectiveAt,
+          updatedAt: effectiveAt,
+          lastEventId: eventId,
+          lastAction: action,
+          reasonCode:
+            event.reasonCode === null || event.reasonCode === undefined || String(event.reasonCode).trim() === ""
+              ? null
+              : String(event.reasonCode).trim(),
+          reason: event.reason === null || event.reason === undefined || String(event.reason).trim() === "" ? null : String(event.reason).trim(),
+          operatorAction:
+            event.operatorAction && typeof event.operatorAction === "object" && !Array.isArray(event.operatorAction) ? event.operatorAction : null,
+          revision
+        };
+        store.emergencyControlState.set(stateKey, next);
+      }
+
+      if (action === EMERGENCY_ACTION.RESUME) {
+        for (const resumeControlType of resumeControlTypes) {
+          putState(resumeControlType, false);
+        }
+      } else {
+        putState(controlType, true);
+      }
+      continue;
+    }
+
     if (kind === "CONTRACT_UPSERT") {
       const contract = op.contract;
       if (!contract?.contractId) throw new TypeError("CONTRACT_UPSERT requires contract.contractId");
@@ -411,6 +596,277 @@ export function applyTxRecord(store, record) {
       continue;
     }
 
+    if (kind === "AGREEMENT_DELEGATION_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const delegation = op.delegation ?? null;
+      if (!delegation || typeof delegation !== "object" || Array.isArray(delegation)) {
+        throw new TypeError("AGREEMENT_DELEGATION_UPSERT requires delegation");
+      }
+      const delegationId = delegation.delegationId ?? op.delegationId ?? null;
+      if (!delegationId) throw new TypeError("AGREEMENT_DELEGATION_UPSERT requires delegation.delegationId");
+      if (!(store.agreementDelegations instanceof Map)) store.agreementDelegations = new Map();
+      const key = makeScopedKey({ tenantId, id: String(delegationId) });
+      store.agreementDelegations.set(key, { ...delegation, tenantId, delegationId: String(delegationId) });
+      continue;
+    }
+
+    if (kind === "X402_GATE_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const gate = op.gate ?? null;
+      if (!gate || typeof gate !== "object" || Array.isArray(gate)) {
+        throw new TypeError("X402_GATE_UPSERT requires gate");
+      }
+      const gateId = gate.gateId ?? gate.id ?? op.gateId ?? null;
+      if (!gateId) throw new TypeError("X402_GATE_UPSERT requires gate.gateId");
+      if (!(store.x402Gates instanceof Map)) store.x402Gates = new Map();
+      const key = makeScopedKey({ tenantId, id: String(gateId) });
+      store.x402Gates.set(key, { ...gate, tenantId, gateId: String(gateId) });
+      continue;
+    }
+
+    if (kind === "X402_AGENT_LIFECYCLE_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const agentLifecycle = op.agentLifecycle ?? null;
+      if (!agentLifecycle || typeof agentLifecycle !== "object" || Array.isArray(agentLifecycle)) {
+        throw new TypeError("X402_AGENT_LIFECYCLE_UPSERT requires agentLifecycle");
+      }
+      const agentId = agentLifecycle.agentId ?? op.agentId ?? null;
+      if (!agentId) throw new TypeError("X402_AGENT_LIFECYCLE_UPSERT requires agentLifecycle.agentId");
+      const status = typeof agentLifecycle.status === "string" ? agentLifecycle.status.trim().toLowerCase() : "";
+      if (status !== "active" && status !== "frozen" && status !== "archived") {
+        throw new TypeError("X402_AGENT_LIFECYCLE_UPSERT requires status active|frozen|archived");
+      }
+      if (!(store.x402AgentLifecycles instanceof Map)) store.x402AgentLifecycles = new Map();
+      const key = makeScopedKey({ tenantId, id: String(agentId) });
+      store.x402AgentLifecycles.set(key, { ...agentLifecycle, tenantId, agentId: String(agentId), status });
+      continue;
+    }
+
+    if (kind === "X402_RECEIPT_PUT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const receipt = op.receipt ?? null;
+      if (!receipt || typeof receipt !== "object" || Array.isArray(receipt)) {
+        throw new TypeError("X402_RECEIPT_PUT requires receipt");
+      }
+      const receiptId = receipt.receiptId ?? op.receiptId ?? null;
+      if (!receiptId) throw new TypeError("X402_RECEIPT_PUT requires receipt.receiptId");
+      if (!(store.x402Receipts instanceof Map)) store.x402Receipts = new Map();
+      const key = makeScopedKey({ tenantId, id: String(receiptId) });
+      const normalized = {
+        ...receipt,
+        tenantId,
+        receiptId: String(receiptId),
+        reversal: null,
+        reversalEvents: []
+      };
+      const existing = store.x402Receipts.get(key) ?? null;
+      if (existing) {
+        const existingCanonical = canonicalJsonStringify(existing);
+        const incomingCanonical = canonicalJsonStringify(normalized);
+        if (existingCanonical !== incomingCanonical) {
+          const err = new Error("x402 receipt is immutable and cannot be changed");
+          err.code = "X402_RECEIPT_IMMUTABLE";
+          err.receiptId = String(receiptId);
+          throw err;
+        }
+        continue;
+      }
+      store.x402Receipts.set(key, normalized);
+      continue;
+    }
+
+    if (kind === "X402_WALLET_POLICY_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const policy = op.policy ?? null;
+      if (!policy || typeof policy !== "object" || Array.isArray(policy)) {
+        throw new TypeError("X402_WALLET_POLICY_UPSERT requires policy");
+      }
+      const sponsorWalletRef = typeof policy.sponsorWalletRef === "string" ? policy.sponsorWalletRef.trim() : "";
+      const policyRef = typeof policy.policyRef === "string" ? policy.policyRef.trim() : "";
+      const policyVersion = Number(policy.policyVersion);
+      if (!sponsorWalletRef) throw new TypeError("X402_WALLET_POLICY_UPSERT requires policy.sponsorWalletRef");
+      if (!policyRef) throw new TypeError("X402_WALLET_POLICY_UPSERT requires policy.policyRef");
+      if (!Number.isSafeInteger(policyVersion) || policyVersion <= 0) {
+        throw new TypeError("X402_WALLET_POLICY_UPSERT requires policy.policyVersion >= 1");
+      }
+      if (!(store.x402WalletPolicies instanceof Map)) store.x402WalletPolicies = new Map();
+      const key = makeScopedKey({ tenantId, id: `${sponsorWalletRef}::${policyRef}::${policyVersion}` });
+      store.x402WalletPolicies.set(key, {
+        ...policy,
+        tenantId,
+        sponsorWalletRef,
+        policyRef,
+        policyVersion
+      });
+      continue;
+    }
+
+    if (kind === "X402_ZK_VERIFICATION_KEY_PUT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const verificationKey = op.verificationKey ?? null;
+      if (!verificationKey || typeof verificationKey !== "object" || Array.isArray(verificationKey)) {
+        throw new TypeError("X402_ZK_VERIFICATION_KEY_PUT requires verificationKey");
+      }
+      const verificationKeyId = verificationKey.verificationKeyId ?? op.verificationKeyId ?? null;
+      if (!verificationKeyId) throw new TypeError("X402_ZK_VERIFICATION_KEY_PUT requires verificationKey.verificationKeyId");
+      if (!(store.x402ZkVerificationKeys instanceof Map)) store.x402ZkVerificationKeys = new Map();
+      const key = makeScopedKey({ tenantId, id: String(verificationKeyId) });
+      const normalized = {
+        ...verificationKey,
+        tenantId,
+        verificationKeyId: String(verificationKeyId)
+      };
+      const existing = store.x402ZkVerificationKeys.get(key) ?? null;
+      if (existing) {
+        const existingCanonical = canonicalJsonStringify(existing);
+        const incomingCanonical = canonicalJsonStringify(normalized);
+        if (existingCanonical !== incomingCanonical) {
+          const err = new Error("x402 zk verification key is immutable and cannot be changed");
+          err.code = "X402_ZK_VERIFICATION_KEY_IMMUTABLE";
+          err.verificationKeyId = String(verificationKeyId);
+          throw err;
+        }
+        continue;
+      }
+      store.x402ZkVerificationKeys.set(key, normalized);
+      continue;
+    }
+
+    if (kind === "X402_REVERSAL_EVENT_APPEND") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const event = op.event ?? null;
+      if (!event || typeof event !== "object" || Array.isArray(event)) {
+        throw new TypeError("X402_REVERSAL_EVENT_APPEND requires event");
+      }
+      const eventId = op.eventId ?? event.eventId ?? event.id ?? null;
+      const gateId = op.gateId ?? event.gateId ?? null;
+      if (!eventId) throw new TypeError("X402_REVERSAL_EVENT_APPEND requires event.eventId");
+      if (!gateId) throw new TypeError("X402_REVERSAL_EVENT_APPEND requires event.gateId");
+      if (!(store.x402ReversalEvents instanceof Map)) store.x402ReversalEvents = new Map();
+      const key = makeScopedKey({ tenantId, id: String(eventId) });
+      store.x402ReversalEvents.set(key, {
+        ...event,
+        tenantId,
+        eventId: String(eventId),
+        gateId: String(gateId)
+      });
+      continue;
+    }
+
+    if (kind === "X402_REVERSAL_NONCE_PUT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const usage = op.usage ?? null;
+      if (!usage || typeof usage !== "object" || Array.isArray(usage)) {
+        throw new TypeError("X402_REVERSAL_NONCE_PUT requires usage");
+      }
+      const sponsorRef = op.sponsorRef ?? usage.sponsorRef ?? null;
+      const nonce = op.nonce ?? usage.nonce ?? null;
+      if (!sponsorRef) throw new TypeError("X402_REVERSAL_NONCE_PUT requires sponsorRef");
+      if (!nonce) throw new TypeError("X402_REVERSAL_NONCE_PUT requires nonce");
+      if (!(store.x402ReversalNonceUsage instanceof Map)) store.x402ReversalNonceUsage = new Map();
+      const key = `${tenantId}\n${String(sponsorRef)}\n${String(nonce)}`;
+      store.x402ReversalNonceUsage.set(key, {
+        ...usage,
+        tenantId,
+        sponsorRef: String(sponsorRef),
+        nonce: String(nonce)
+      });
+      continue;
+    }
+
+    if (kind === "X402_REVERSAL_COMMAND_PUT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const usage = op.usage ?? null;
+      if (!usage || typeof usage !== "object" || Array.isArray(usage)) {
+        throw new TypeError("X402_REVERSAL_COMMAND_PUT requires usage");
+      }
+      const commandId = op.commandId ?? usage.commandId ?? null;
+      if (!commandId) throw new TypeError("X402_REVERSAL_COMMAND_PUT requires commandId");
+      if (!(store.x402ReversalCommandUsage instanceof Map)) store.x402ReversalCommandUsage = new Map();
+      const key = makeScopedKey({ tenantId, id: String(commandId) });
+      store.x402ReversalCommandUsage.set(key, {
+        ...usage,
+        tenantId,
+        commandId: String(commandId)
+      });
+      continue;
+    }
+
+    if (kind === "X402_ESCALATION_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const escalation = op.escalation ?? null;
+      if (!escalation || typeof escalation !== "object" || Array.isArray(escalation)) {
+        throw new TypeError("X402_ESCALATION_UPSERT requires escalation");
+      }
+      const escalationId = escalation.escalationId ?? op.escalationId ?? null;
+      if (!escalationId) throw new TypeError("X402_ESCALATION_UPSERT requires escalation.escalationId");
+      if (!(store.x402Escalations instanceof Map)) store.x402Escalations = new Map();
+      const key = makeScopedKey({ tenantId, id: String(escalationId) });
+      store.x402Escalations.set(key, {
+        ...escalation,
+        tenantId,
+        escalationId: String(escalationId)
+      });
+      continue;
+    }
+
+    if (kind === "X402_ESCALATION_EVENT_APPEND") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const event = op.event ?? null;
+      if (!event || typeof event !== "object" || Array.isArray(event)) {
+        throw new TypeError("X402_ESCALATION_EVENT_APPEND requires event");
+      }
+      const eventId = op.eventId ?? event.eventId ?? event.id ?? null;
+      const escalationId = op.escalationId ?? event.escalationId ?? null;
+      if (!eventId) throw new TypeError("X402_ESCALATION_EVENT_APPEND requires event.eventId");
+      if (!escalationId) throw new TypeError("X402_ESCALATION_EVENT_APPEND requires event.escalationId");
+      if (!(store.x402EscalationEvents instanceof Map)) store.x402EscalationEvents = new Map();
+      const key = makeScopedKey({ tenantId, id: String(eventId) });
+      store.x402EscalationEvents.set(key, {
+        ...event,
+        tenantId,
+        eventId: String(eventId),
+        escalationId: String(escalationId)
+      });
+      continue;
+    }
+
+    if (kind === "X402_ESCALATION_OVERRIDE_USAGE_PUT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const usage = op.usage ?? null;
+      if (!usage || typeof usage !== "object" || Array.isArray(usage)) {
+        throw new TypeError("X402_ESCALATION_OVERRIDE_USAGE_PUT requires usage");
+      }
+      const overrideId = op.overrideId ?? usage.overrideId ?? null;
+      if (!overrideId) throw new TypeError("X402_ESCALATION_OVERRIDE_USAGE_PUT requires overrideId");
+      if (!(store.x402EscalationOverrideUsage instanceof Map)) store.x402EscalationOverrideUsage = new Map();
+      const key = makeScopedKey({ tenantId, id: String(overrideId) });
+      store.x402EscalationOverrideUsage.set(key, {
+        ...usage,
+        tenantId,
+        overrideId: String(overrideId)
+      });
+      continue;
+    }
+
+    if (kind === "X402_WEBHOOK_ENDPOINT_UPSERT") {
+      const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
+      const endpoint = op.endpoint ?? null;
+      if (!endpoint || typeof endpoint !== "object" || Array.isArray(endpoint)) {
+        throw new TypeError("X402_WEBHOOK_ENDPOINT_UPSERT requires endpoint");
+      }
+      const endpointId = endpoint.endpointId ?? op.endpointId ?? null;
+      if (!endpointId) throw new TypeError("X402_WEBHOOK_ENDPOINT_UPSERT requires endpoint.endpointId");
+      if (!(store.x402WebhookEndpoints instanceof Map)) store.x402WebhookEndpoints = new Map();
+      const key = makeScopedKey({ tenantId, id: String(endpointId) });
+      store.x402WebhookEndpoints.set(key, {
+        ...endpoint,
+        tenantId,
+        endpointId: String(endpointId)
+      });
+      continue;
+    }
+
     if (kind === "TOOL_CALL_HOLD_UPSERT") {
       const tenantId = normalizeTenantId(op.tenantId ?? DEFAULT_TENANT_ID);
       const hold = op.hold ?? null;

package/src/api/server.js

@@ -8,6 +8,49 @@ import { configForLog, loadConfig } from "../core/config.js";
 const cfg = loadConfig({ mode: "api" });
 logger.info("config.effective", { config: configForLog(cfg) });
 
+const corsAllowOriginsEnv =
+  typeof process !== "undefined" && typeof process.env.PROXY_CORS_ALLOW_ORIGINS === "string"
+    ? process.env.PROXY_CORS_ALLOW_ORIGINS
+    : "";
+const corsAllowOrigins = new Set(
+  corsAllowOriginsEnv
+    .split(",")
+    .map((row) => row.trim())
+    .filter((row) => row !== "")
+);
+const DEV_CORS_ORIGIN_RE = /^https?:\/\/(localhost|127\.0\.0\.1)(:\d+)?$/i;
+
+function resolveCorsOrigin(originHeader) {
+  if (typeof originHeader !== "string" || originHeader.trim() === "") return null;
+  const origin = originHeader.trim();
+  if (corsAllowOrigins.has("*")) return "*";
+  if (corsAllowOrigins.has(origin)) return origin;
+  if (DEV_CORS_ORIGIN_RE.test(origin)) return origin;
+  return null;
+}
+
+function applyCorsHeaders(req, res) {
+  const allowOrigin = resolveCorsOrigin(req.headers?.origin);
+  if (!allowOrigin) return false;
+  res.setHeader("access-control-allow-origin", allowOrigin);
+  res.setHeader("vary", "origin");
+  res.setHeader("access-control-allow-methods", "GET,POST,PUT,PATCH,DELETE,OPTIONS");
+  res.setHeader(
+    "access-control-allow-headers",
+    [
+      "authorization",
+      "content-type",
+      "idempotency-key",
+      "x-proxy-tenant-id",
+      "x-proxy-ops-token",
+      "x-request-id",
+      "x-settld-protocol"
+    ].join(", ")
+  );
+  res.setHeader("access-control-max-age", "600");
+  return true;
+}
+
 let store;
 if (cfg.store.mode === "pg") {
   store = await createPgStore({
@@ -22,12 +65,30 @@ const api = createApi({ store });
 const { handle } = api;
 
 const port = cfg.api.port;
-const server = http.createServer(handle);
-server.listen(port, () => {
-  const storeDesc =
-    cfg.store.mode === "pg" ? "(postgres)" : cfg.store.persistenceDir ? `(dataDir=${cfg.store.persistenceDir})` : "(in-memory)";
-  logger.info("api listening", { port, storeMode: cfg.store.mode, storeDesc });
+const server = http.createServer((req, res) => {
+  applyCorsHeaders(req, res);
+  if (req.method === "OPTIONS") {
+    res.statusCode = 204;
+    res.end();
+    return;
+  }
+  return handle(req, res);
 });
+const bindHostRaw = typeof process !== "undefined" ? (process.env.PROXY_BIND_HOST ?? process.env.BIND_HOST ?? "") : "";
+const bindHost = typeof bindHostRaw === "string" && bindHostRaw.trim() !== "" ? bindHostRaw.trim() : null;
+if (bindHost) {
+  server.listen(port, bindHost, () => {
+    const storeDesc =
+      cfg.store.mode === "pg" ? "(postgres)" : cfg.store.persistenceDir ? `(dataDir=${cfg.store.persistenceDir})` : "(in-memory)";
+    logger.info("api listening", { port, host: bindHost, storeMode: cfg.store.mode, storeDesc });
+  });
+} else {
+  server.listen(port, () => {
+    const storeDesc =
+      cfg.store.mode === "pg" ? "(postgres)" : cfg.store.persistenceDir ? `(dataDir=${cfg.store.persistenceDir})` : "(in-memory)";
+    logger.info("api listening", { port, storeMode: cfg.store.mode, storeDesc });
+  });
+}
 
 const autotickIntervalMs = cfg.api.autotick.intervalMs;
 const autotickMaxMessages = cfg.api.autotick.maxMessages;
@@ -48,12 +109,27 @@ async function runAutotickOnce() {
     if (cfg.store.mode === "pg" && typeof store.processOutbox === "function") {
       await store.processOutbox({ maxMessages: autotickMaxMessages });
     }
+    if (typeof api.tickDispatch === "function") {
+      await api.tickDispatch({ maxMessages: autotickMaxMessages });
+    }
+    if (typeof api.tickProof === "function") {
+      await api.tickProof({ maxMessages: autotickMaxMessages });
+    }
     if (typeof api.tickArtifacts === "function") {
       await api.tickArtifacts({ maxMessages: autotickMaxMessages });
     }
     if (typeof api.tickDeliveries === "function") {
       await api.tickDeliveries({ maxMessages: autotickMaxMessages });
     }
+    if (typeof api.tickX402Holdbacks === "function") {
+      await api.tickX402Holdbacks({ maxMessages: autotickMaxMessages });
+    }
+    if (typeof api.tickX402InsolvencySweep === "function") {
+      await api.tickX402InsolvencySweep({ maxMessages: autotickMaxMessages });
+    }
+    if (typeof api.tickX402WinddownReversals === "function") {
+      await api.tickX402WinddownReversals({ maxMessages: autotickMaxMessages });
+    }
     if (typeof api.tickBillingStripeSync === "function") {
       await api.tickBillingStripeSync({ maxRows: autotickMaxMessages });
     }