npm - settld - Versions diffs - 0.1.2 → 0.2.0 - Mend

settld 0.1.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (483) hide show

package/README.md +93 -3
package/SETTLD_VERSION +1 -1
package/bin/settld-mcp +2 -0
package/bin/settld.js +71 -0
package/conformance/kernel-v0/README.md +7 -0
package/conformance/kernel-v0/run.mjs +292 -4
package/docs/ACCESS.md +57 -0
package/docs/ADOPTION_CHECKLIST.md +44 -0
package/docs/ALERTS.md +198 -0
package/docs/ARCHITECTURE.md +69 -0
package/docs/ARCHITECTURE_FOUNDER_GUIDE.md +284 -0
package/docs/ARTIFACTS.md +60 -0
package/docs/CERTIFICATION_CHECKLIST.md +33 -0
package/docs/CIRCLE_SANDBOX_E2E.md +152 -0
package/docs/CONFIG.md +297 -0
package/docs/CONTRACTS_APIS.md +23 -0
package/docs/DEPRECATION.md +31 -0
package/docs/DOMAIN_MODEL.md +92 -0
package/docs/EVENT_ENVELOPE.md +53 -0
package/docs/FINANCE_PACK_FORMAT.md +53 -0
package/docs/INCIDENT_TAXONOMY.md +30 -0
package/docs/JOB_STATE_MACHINE.md +66 -0
package/docs/KERNEL_COMPATIBLE.md +60 -0
package/docs/KERNEL_V0.md +40 -0
package/docs/KEY_ROTATION.md +80 -0
package/docs/LEDGER.md +82 -0
package/docs/LIVENESS.md +76 -0
package/docs/MVP_BUILD_ORDER.md +36 -0
package/docs/ONCALL_PLAYBOOK.md +39 -0
package/docs/OPERATIONS_SIGNING.md +20 -0
package/docs/OVERVIEW.md +190 -0
package/docs/PERF_BASELINE.md +85 -0
package/docs/PRD.md +77 -0
package/docs/QUICKSTART_KERNEL_V0.md +96 -0
package/docs/QUICKSTART_MCP.md +377 -0
package/docs/QUICKSTART_MCP_HOSTS.md +210 -0
package/docs/QUICKSTART_POLICY_PACKS.md +65 -0
package/docs/QUICKSTART_PRODUCE.md +61 -0
package/docs/QUICKSTART_PROFILES.md +198 -0
package/docs/QUICKSTART_RELEASE_VERIFY.md +39 -0
package/docs/QUICKSTART_SDK.md +125 -0
package/docs/QUICKSTART_SDK_PYTHON.md +111 -0
package/docs/QUICKSTART_VERIFY.md +54 -0
package/docs/QUICKSTART_X402_GATEWAY.md +317 -0
package/docs/README.md +33 -0
package/docs/RELEASE_CHECKLIST.md +182 -0
package/docs/RELEASING.md +82 -0
package/docs/REPO_SETTINGS.md +37 -0
package/docs/RUNBOOK.md +86 -0
package/docs/SKILLS.md +42 -0
package/docs/SKILL_BUNDLE_FORMAT.md +48 -0
package/docs/SLO.md +131 -0
package/docs/SUMMARY.md +17 -0
package/docs/SUPPORT.md +31 -0
package/docs/THREAT_MODEL.md +36 -0
package/docs/TRUST.md +59 -0
package/docs/WORKFLOW.md +35 -0
package/docs/X402_BATCH_SETTLEMENT.md +126 -0
package/docs/blog/2026-02-14-your-ai-agent-just-spent-500-where-is-the-receipt.md +73 -0
package/docs/examples/x402-provider-payout-registry.example.json +14 -0
package/docs/gitbook/README.md +64 -0
package/docs/gitbook/SETUP.md +25 -0
package/docs/gitbook/SUMMARY.md +15 -0
package/docs/gitbook/api-reference.md +73 -0
package/docs/gitbook/closepacks.md +55 -0
package/docs/gitbook/conformance.md +59 -0
package/docs/gitbook/core-primitives.md +85 -0
package/docs/gitbook/dispute-lifecycle.md +33 -0
package/docs/gitbook/faq.md +21 -0
package/docs/gitbook/guides.md +49 -0
package/docs/gitbook/operations-runbook.md +36 -0
package/docs/gitbook/quickstart.md +103 -0
package/docs/gitbook/replay-and-audit.md +30 -0
package/docs/gitbook/sdk-reference.md +35 -0
package/docs/gitbook/security-model.md +58 -0
package/docs/integrations/README.md +15 -0
package/docs/integrations/github-actions-verify.yml +31 -0
package/docs/integrations/github-actions.md +34 -0
package/docs/integrations/openclaw/CLAWHUB_PUBLISH_CHECKLIST.md +65 -0
package/docs/integrations/openclaw/PUBLIC_QUICKSTART.md +95 -0
package/docs/integrations/openclaw/settld-mcp-skill/SKILL.md +69 -0
package/docs/integrations/openclaw/settld-mcp-skill/mcp-server.example.json +12 -0
package/docs/kernel-compatible/capabilities.json +36 -0
package/docs/marketing/agent-commerce-substrate.md +78 -0
package/docs/marketing/hn-repost-2026-02-17.md +102 -0
package/docs/marketing/show-hn-post.md +45 -0
package/docs/ops/ARTIFACT_VERIFICATION_STATUS.md +43 -0
package/docs/ops/BILLING_WEBHOOK_REPLAY.md +105 -0
package/docs/ops/CI_FLAKE_BUDGET.md +31 -0
package/docs/ops/DISPUTE_FINANCE_RECONCILIATION_PACKET.md +56 -0
package/docs/ops/GO_LIVE_GATE_S13.md +27 -0
package/docs/ops/HOSTED_BASELINE_R2.md +129 -0
package/docs/ops/KERNEL_V0_SHIP_GATE.md +69 -0
package/docs/ops/LIGHTHOUSE_PRODUCTION_CLOSE.md +51 -0
package/docs/ops/MCP_COMPATIBILITY_MATRIX.md +30 -0
package/docs/ops/MINIMUM_PRODUCTION_TOPOLOGY.md +89 -0
package/docs/ops/P0_BACKEND_PROGRESS.md +150 -0
package/docs/ops/PAYMENTS_ALPHA_R5.md +105 -0
package/docs/ops/PILOT_ONBOARDING_RUNBOOK.md +112 -0
package/docs/ops/PRODUCTION_DEPLOYMENT_CHECKLIST.md +140 -0
package/docs/ops/R1_SLOS.md +66 -0
package/docs/ops/RELEASE_SIGNING_INCIDENT.md +58 -0
package/docs/ops/SELF_SERVE_LAUNCH_AUTOMATION.md +89 -0
package/docs/ops/THROUGHPUT_DRILL_10X.md +48 -0
package/docs/ops/TRUST_CONFIG_WIZARD.md +60 -0
package/docs/ops/X402_PILOT_WEEKLY_METRICS.md +76 -0
package/docs/ops/tool-call-disputes-holdback.md +52 -0
package/docs/pilot-kit/PILOT_PACKAGE_SCORECARD_X402.md +46 -0
package/docs/pilot-kit/README.md +29 -0
package/docs/pilot-kit/architecture-one-pager.md +48 -0
package/docs/pilot-kit/buyer-email.txt +19 -0
package/docs/pilot-kit/buyer-one-pager.md +31 -0
package/docs/pilot-kit/gtm-pilot-playbook.md +182 -0
package/docs/pilot-kit/offline-verify.md +33 -0
package/docs/pilot-kit/procurement-one-pager.md +50 -0
package/docs/pilot-kit/rfp-clause.md +46 -0
package/docs/pilot-kit/roi-calculator-template.csv +2 -0
package/docs/pilot-kit/security-qa.md +153 -0
package/docs/pilot-kit/security-summary.md +35 -0
package/docs/plans/2026-02-13-mcp-spike-design.md +113 -0
package/docs/plans/2026-02-20-trust-os-v1-jira-backlog.md +348 -0
package/docs/plans/2026-02-21-agent-economic-actor-operating-model.md +169 -0
package/docs/plans/2026-02-21-trust-os-v1-strategy.md +241 -0
package/docs/research/2026-02-21-agent-spend-host-landscape.md +57 -0
package/docs/spec/AcceptanceCriteria.v1.md +17 -0
package/docs/spec/AcceptanceEvaluation.v1.md +10 -0
package/docs/spec/AgentEvent.v1.md +47 -0
package/docs/spec/AgentIdentity.v1.md +62 -0
package/docs/spec/AgentPassport.v1.md +95 -0
package/docs/spec/AgentReputation.v1.md +59 -0
package/docs/spec/AgentReputation.v2.md +52 -0
package/docs/spec/AgentRun.v1.md +47 -0
package/docs/spec/AgentRunSettlement.v1.md +52 -0
package/docs/spec/AgentWallet.v1.md +43 -0
package/docs/spec/AgreementDelegation.v1.md +109 -0
package/docs/spec/ArbitrationCase.v1.md +67 -0
package/docs/spec/ArbitrationOutcomeMapping.v1.md +62 -0
package/docs/spec/ArbitrationVerdict.v1.md +60 -0
package/docs/spec/BundleHeadAttestation.v1.md +32 -0
package/docs/spec/CANONICAL_JSON.md +31 -0
package/docs/spec/CRYPTOGRAPHY.md +61 -0
package/docs/spec/ClosePack.v1.md +49 -0
package/docs/spec/ClosePackManifest.v1.md +24 -0
package/docs/spec/DelegationGrant.v1.md +90 -0
package/docs/spec/DisputeCaseLifecycle.v1.md +51 -0
package/docs/spec/DisputeOpenEnvelope.v1.md +43 -0
package/docs/spec/ERRORS.md +76 -0
package/docs/spec/ESCROW_NETTING_INVARIANTS.md +71 -0
package/docs/spec/EvidenceIndex.v1.md +20 -0
package/docs/spec/ExecutionIntent.v1.md +90 -0
package/docs/spec/FinancePackBundleManifest.v1.md +24 -0
package/docs/spec/FundingHold.v1.md +60 -0
package/docs/spec/GovernancePolicy.v1.md +34 -0
package/docs/spec/GovernancePolicy.v2.md +30 -0
package/docs/spec/INVARIANTS.md +389 -0
package/docs/spec/InteractionDirectionMatrix.v1.md +30 -0
package/docs/spec/InvoiceBundleManifest.v1.md +24 -0
package/docs/spec/InvoiceClaim.v1.md +11 -0
package/docs/spec/MONEY_RAIL_STATE_MACHINE.md +58 -0
package/docs/spec/MarketplaceAcceptance.v2.md +46 -0
package/docs/spec/MarketplaceOffer.v2.md +54 -0
package/docs/spec/MeteringReport.v1.md +18 -0
package/docs/spec/OperatorAction.v1.md +90 -0
package/docs/spec/PRODUCER_ERRORS.md +42 -0
package/docs/spec/PolicyDecision.v1.md +83 -0
package/docs/spec/PricingMatrix.v1.md +20 -0
package/docs/spec/PricingMatrixSignatures.v1.md +30 -0
package/docs/spec/PricingMatrixSignatures.v2.md +29 -0
package/docs/spec/ProduceCliOutput.v1.md +46 -0
package/docs/spec/ProofBundleManifest.v1.md +24 -0
package/docs/spec/README.md +109 -0
package/docs/spec/REFERENCE_IMPLEMENTATIONS.md +29 -0
package/docs/spec/REFERENCE_VERIFIER_BEHAVIOR.md +68 -0
package/docs/spec/REMOTE_SIGNER.md +66 -0
package/docs/spec/ReleaseIndex.v1.md +32 -0
package/docs/spec/ReleaseIndexSignatures.v1.md +17 -0
package/docs/spec/ReleaseTrust.v1.md +13 -0
package/docs/spec/ReleaseTrust.v2.md +26 -0
package/docs/spec/RemoteSignerRequest.v1.md +21 -0
package/docs/spec/RemoteSignerResponse.v1.md +16 -0
package/docs/spec/ReputationEvent.v1.md +63 -0
package/docs/spec/RevocationList.v1.md +28 -0
package/docs/spec/SIGNER_PROVIDER_PLUGIN.md +32 -0
package/docs/spec/STRICTNESS.md +68 -0
package/docs/spec/SUPPLY_CHAIN.md +33 -0
package/docs/spec/SettlementAdjustment.v1.md +45 -0
package/docs/spec/SettlementDecisionRecord.v1.md +48 -0
package/docs/spec/SettlementDecisionRecord.v2.md +53 -0
package/docs/spec/SettlementDecisionReport.v1.md +44 -0
package/docs/spec/SettlementKernel.v1.md +59 -0
package/docs/spec/SettlementReceipt.v1.md +63 -0
package/docs/spec/SlaDefinition.v1.md +24 -0
package/docs/spec/SlaEvaluation.v1.md +12 -0
package/docs/spec/THREAT_MODEL.md +113 -0
package/docs/spec/TOOL_PROVENANCE.md +30 -0
package/docs/spec/TRUST_ANCHORS.md +84 -0
package/docs/spec/TenantSettings.v1.md +90 -0
package/docs/spec/TenantSettings.v2.md +99 -0
package/docs/spec/TimestampProof.v1.md +25 -0
package/docs/spec/ToolCallAgreement.v1.md +34 -0
package/docs/spec/ToolCallEvidence.v1.md +47 -0
package/docs/spec/ToolManifest.v1.md +47 -0
package/docs/spec/VERIFIER_ENVIRONMENT.md +38 -0
package/docs/spec/VERSIONING.md +107 -0
package/docs/spec/VerificationReport.v1.md +50 -0
package/docs/spec/VerifyAboutOutput.v1.md +10 -0
package/docs/spec/VerifyCliOutput.v1.md +28 -0
package/docs/spec/WARNINGS.md +83 -0
package/docs/spec/error-codes.v1.txt +285 -0
package/docs/spec/examples/agreement_delegation_v1.example.json +21 -0
package/docs/spec/examples/arbitration_case_v1.example.json +26 -0
package/docs/spec/examples/arbitration_verdict_v1.example.json +32 -0
package/docs/spec/examples/dispute_open_envelope_v1.example.json +18 -0
package/docs/spec/examples/produce_cli_output_v1.example.json +32 -0
package/docs/spec/examples/release_index_signature_v1.example.json +9 -0
package/docs/spec/examples/release_index_signatures_v1.example.json +14 -0
package/docs/spec/examples/release_index_v1.example.json +15 -0
package/docs/spec/examples/release_trust_v1.example.json +7 -0
package/docs/spec/examples/release_trust_v2.example.json +22 -0
package/docs/spec/examples/remote_signer_request_v1.example.json +18 -0
package/docs/spec/examples/remote_signer_response_v1.example.json +8 -0
package/docs/spec/examples/reputation_event_v1.example.json +29 -0
package/docs/spec/examples/verification_report_v1.example.json +24 -0
package/docs/spec/examples/verify_about_output_v1.example.json +29 -0
package/docs/spec/examples/verify_cli_output_v1.example.json +13 -0
package/docs/spec/legacy/MarketplaceAcceptance.v1.md +48 -0
package/docs/spec/legacy/MarketplaceOffer.v1.md +56 -0
package/docs/spec/legacy/schemas/MarketplaceAcceptance.v1.schema.json +53 -0
package/docs/spec/legacy/schemas/MarketplaceOffer.v1.schema.json +61 -0
package/docs/spec/producer-error-codes.v1.txt +14 -0
package/docs/spec/schemas/AcceptanceCriteria.v1.schema.json +24 -0
package/docs/spec/schemas/AcceptanceEvaluation.v1.schema.json +26 -0
package/docs/spec/schemas/AgentEvent.v1.schema.json +49 -0
package/docs/spec/schemas/AgentIdentity.v1.schema.json +129 -0
package/docs/spec/schemas/AgentPassport.v1.schema.json +112 -0
package/docs/spec/schemas/AgentReputation.v1.schema.json +151 -0
package/docs/spec/schemas/AgentReputation.v2.schema.json +120 -0
package/docs/spec/schemas/AgentRun.v1.schema.json +71 -0
package/docs/spec/schemas/AgentRunSettlement.v1.schema.json +75 -0
package/docs/spec/schemas/AgentWallet.v1.schema.json +54 -0
package/docs/spec/schemas/AgreementDelegation.v1.schema.json +50 -0
package/docs/spec/schemas/ArbitrationCase.v1.schema.json +133 -0
package/docs/spec/schemas/ArbitrationVerdict.v1.schema.json +149 -0
package/docs/spec/schemas/BundleHeadAttestation.v1.schema.json +21 -0
package/docs/spec/schemas/ClosePackManifest.v1.schema.json +38 -0
package/docs/spec/schemas/DelegationGrant.v1.schema.json +102 -0
package/docs/spec/schemas/DisputeOpenEnvelope.v1.schema.json +78 -0
package/docs/spec/schemas/EvidenceIndex.v1.schema.json +41 -0
package/docs/spec/schemas/ExecutionIntent.v1.schema.json +85 -0
package/docs/spec/schemas/FinancePackBundleManifest.v1.schema.json +38 -0
package/docs/spec/schemas/FundingHold.v1.schema.json +46 -0
package/docs/spec/schemas/GovernancePolicy.v1.schema.json +45 -0
package/docs/spec/schemas/GovernancePolicy.v2.schema.json +70 -0
package/docs/spec/schemas/InteractionDirectionMatrix.v1.schema.json +43 -0
package/docs/spec/schemas/InvoiceBundleManifest.v1.schema.json +38 -0
package/docs/spec/schemas/InvoiceClaim.v1.schema.json +39 -0
package/docs/spec/schemas/MarketplaceAcceptance.v2.schema.json +53 -0
package/docs/spec/schemas/MarketplaceOffer.v2.schema.json +61 -0
package/docs/spec/schemas/MeteringReport.v1.schema.json +45 -0
package/docs/spec/schemas/OperatorAction.v1.schema.json +113 -0
package/docs/spec/schemas/PolicyDecision.v1.schema.json +74 -0
package/docs/spec/schemas/PricingMatrix.v1.schema.json +24 -0
package/docs/spec/schemas/PricingMatrixSignatures.v1.schema.json +24 -0
package/docs/spec/schemas/PricingMatrixSignatures.v2.schema.json +24 -0
package/docs/spec/schemas/ProduceCliOutput.v1.schema.json +107 -0
package/docs/spec/schemas/ProofBundleManifest.v1.schema.json +37 -0
package/docs/spec/schemas/PublicKeys.v1.schema.json +33 -0
package/docs/spec/schemas/ReleaseIndex.v1.schema.json +45 -0
package/docs/spec/schemas/ReleaseIndexSignature.v1.schema.json +16 -0
package/docs/spec/schemas/ReleaseIndexSignatures.v1.schema.json +16 -0
package/docs/spec/schemas/ReleaseTrust.v1.schema.json +15 -0
package/docs/spec/schemas/ReleaseTrust.v2.schema.json +37 -0
package/docs/spec/schemas/RemoteSignerPublicKeyResponse.v1.schema.json +14 -0
package/docs/spec/schemas/RemoteSignerRequest.v1.schema.json +24 -0
package/docs/spec/schemas/RemoteSignerResponse.v1.schema.json +10 -0
package/docs/spec/schemas/RemoteSignerSignRequest.v1.schema.json +27 -0
package/docs/spec/schemas/RemoteSignerSignResponse.v1.schema.json +16 -0
package/docs/spec/schemas/ReputationEvent.v1.schema.json +164 -0
package/docs/spec/schemas/RevocationList.v1.schema.json +51 -0
package/docs/spec/schemas/SettlementAdjustment.v1.schema.json +44 -0
package/docs/spec/schemas/SettlementDecisionRecord.v1.schema.json +66 -0
package/docs/spec/schemas/SettlementDecisionRecord.v2.schema.json +149 -0
package/docs/spec/schemas/SettlementDecisionReport.v1.schema.json +61 -0
package/docs/spec/schemas/SettlementReceipt.v1.schema.json +135 -0
package/docs/spec/schemas/SlaDefinition.v1.schema.json +33 -0
package/docs/spec/schemas/SlaEvaluation.v1.schema.json +26 -0
package/docs/spec/schemas/TenantSettings.v1.schema.json +90 -0
package/docs/spec/schemas/TenantSettings.v2.schema.json +161 -0
package/docs/spec/schemas/TimestampProof.v1.schema.json +17 -0
package/docs/spec/schemas/ToolCallAgreement.v1.schema.json +34 -0
package/docs/spec/schemas/ToolCallEvidence.v1.schema.json +45 -0
package/docs/spec/schemas/ToolManifest.v1.schema.json +54 -0
package/docs/spec/schemas/VerificationReport.v1.schema.json +83 -0
package/docs/spec/schemas/VerifyAboutOutput.v1.schema.json +54 -0
package/docs/spec/schemas/VerifyCliOutput.v1.schema.json +75 -0
package/docs/spec/schemas/VerifyReleaseOutput.v1.schema.json +47 -0
package/docs/spec/x402-error-codes.v1.txt +35 -0
package/docs/templates/buyer-email.txt +18 -0
package/docs/templates/buyer-one-pager.md +24 -0
package/package.json +53 -6
package/scripts/acceptance/full-stack.mjs +734 -0
package/scripts/acceptance/full-stack.sh +99 -0
package/scripts/audit/build-audit-packet.mjs +242 -0
package/scripts/backup-pg.sh +45 -0
package/scripts/backup-restore/README.md +18 -0
package/scripts/backup-restore/capture-state.mjs +130 -0
package/scripts/backup-restore/client.mjs +97 -0
package/scripts/backup-restore/seed-workload.mjs +235 -0
package/scripts/backup-restore/verify-state.mjs +139 -0
package/scripts/backup-restore-test.sh +217 -0
package/scripts/chaos.js +221 -0
package/scripts/ci/build-launch-cutover-packet.mjs +304 -0
package/scripts/ci/build-self-serve-benchmark-report.mjs +122 -0
package/scripts/ci/changelog-guard.mjs +145 -0
package/scripts/ci/check-kernel-v0-launch-gate.mjs +233 -0
package/scripts/ci/check-secret-hygiene.mjs +78 -0
package/scripts/ci/check-version-consistency.mjs +42 -0
package/scripts/ci/cli-pack-smoke.mjs +160 -0
package/scripts/ci/flake-budget-guard.mjs +68 -0
package/scripts/ci/generate-error-codes.mjs +54 -0
package/scripts/ci/lib/lighthouse-tracker.mjs +90 -0
package/scripts/ci/lib/self-serve-launch-gate.mjs +89 -0
package/scripts/ci/npm-pack-smoke.mjs +454 -0
package/scripts/ci/run-10x-throughput-drill.mjs +318 -0
package/scripts/ci/run-10x-throughput-incident-rehearsal.mjs +368 -0
package/scripts/ci/run-arbitration-workspace-browser-e2e.sh +22 -0
package/scripts/ci/run-circle-sandbox-smoke.mjs +237 -0
package/scripts/ci/run-go-live-gate.mjs +150 -0
package/scripts/ci/run-kernel-v0-ship-gate.mjs +97 -0
package/scripts/ci/run-mcp-host-cert-matrix.mjs +201 -0
package/scripts/ci/run-mcp-host-smoke.mjs +473 -0
package/scripts/ci/run-offline-verification-parity-gate.mjs +762 -0
package/scripts/ci/run-onboarding-host-success-gate.mjs +516 -0
package/scripts/ci/run-onboarding-policy-slo-gate.mjs +537 -0
package/scripts/ci/run-production-cutover-gate.mjs +540 -0
package/scripts/ci/run-public-openclaw-npx-smoke.mjs +148 -0
package/scripts/ci/run-release-promotion-guard.mjs +756 -0
package/scripts/ci/run-self-serve-launch-gate.mjs +56 -0
package/scripts/ci/runtime-import-smoke.mjs +58 -0
package/scripts/ci/update-lighthouse-tracker.mjs +112 -0
package/scripts/closepack/lib.mjs +286 -0
package/scripts/collect-debug.sh +263 -0
package/scripts/demo/compositional-settlement-3hop.mjs +237 -0
package/scripts/demo/delivery-robot/export-ui-fixture.mjs +188 -0
package/scripts/demo/delivery-robot/generate.mjs +377 -0
package/scripts/demo/kernel-agent-goes-shopping.mjs +202 -0
package/scripts/demo/magic-link-first-green.mjs +118 -0
package/scripts/demo/magic-link-kind-smoke.mjs +577 -0
package/scripts/demo/mcp-paid-exa.mjs +1110 -0
package/scripts/dev/billing-doctor.sh +145 -0
package/scripts/dev/billing-smoke-prod.sh +219 -0
package/scripts/dev/billing-webhook-replay.sh +161 -0
package/scripts/dev/env.dev.example +29 -0
package/scripts/dev/env.sh +37 -0
package/scripts/dev/new-sdk-key.sh +81 -0
package/scripts/dev/sdk-first-run.sh +21 -0
package/scripts/dev/smoke-x402-gateway.sh +115 -0
package/scripts/dev/start-api.sh +24 -0
package/scripts/doctor/mcp-host.mjs +120 -0
package/scripts/examples/produce-and-verify-jobproof.mjs +191 -0
package/scripts/examples/sdk-first-paid-rfq.py +105 -0
package/scripts/examples/sdk-first-verified-run.mjs +85 -0
package/scripts/examples/sdk-first-verified-run.py +99 -0
package/scripts/examples/sdk-tenant-analytics.mjs +103 -0
package/scripts/examples/sdk-tenant-analytics.py +118 -0
package/scripts/finance-pack/bundle.mjs +284 -0
package/scripts/fixtures/generate-bundle-fixtures.mjs +877 -0
package/scripts/governance/export.mjs +169 -0
package/scripts/load/delivery-stress.k6.js +183 -0
package/scripts/load/ingest-burst.k6.js +236 -0
package/scripts/load/run-delivery-load.js +66 -0
package/scripts/load/webhook-receiver.js +131 -0
package/scripts/magic-link/migrate-run-records-to-db.mjs +35 -0
package/scripts/mcp/probe.mjs +238 -0
package/scripts/mcp/settld-mcp-http-gateway.mjs +178 -0
package/scripts/mcp/settld-mcp-server.mjs +1511 -0
package/scripts/openapi/write.mjs +13 -0
package/scripts/ops/bootstrap-tenant-conformance.mjs +185 -0
package/scripts/ops/build-x402-pilot-reliability-report.mjs +489 -0
package/scripts/ops/check-x402-receipt-sample.mjs +181 -0
package/scripts/ops/design-partner-run-packet.mjs +466 -0
package/scripts/ops/dispute-finance-reconciliation-packet.mjs +313 -0
package/scripts/ops/hosted-baseline-evidence.mjs +890 -0
package/scripts/ops/money-rails-chargeback-evidence.mjs +509 -0
package/scripts/ops/money-rails-reconcile-evidence.mjs +180 -0
package/scripts/ops/p0-seed-money-rail-operation.mjs +432 -0
package/scripts/ops/run-x402-hitl-smoke.mjs +607 -0
package/scripts/pilot/finance-pack.mjs +495 -0
package/scripts/pilot/fixtures/robot-keypair.json +4 -0
package/scripts/pilot/fixtures/server-signer.json +4 -0
package/scripts/policy/cli.mjs +600 -0
package/scripts/profile/cli.mjs +1324 -0
package/scripts/proof-bundle/job.mjs +109 -0
package/scripts/proof-bundle/lib.mjs +92 -0
package/scripts/proof-bundle/month.mjs +103 -0
package/scripts/provider/conformance-run.mjs +159 -0
package/scripts/provider/keys-generate.mjs +135 -0
package/scripts/provider/publish.mjs +420 -0
package/scripts/quickstart/x402.mjs +334 -0
package/scripts/register-entity-secret.mjs +102 -0
package/scripts/release/build-artifacts.mjs +181 -0
package/scripts/release/generate-release-index.mjs +112 -0
package/scripts/release/release-index-lib.mjs +232 -0
package/scripts/release/sign-release-index.mjs +85 -0
package/scripts/release/validate-release-assets.mjs +170 -0
package/scripts/release/verify-release.mjs +261 -0
package/scripts/restore-pg.sh +34 -0
package/scripts/scaffold/create-settld-paid-tool.mjs +19 -0
package/scripts/sdk/smoke-python.py +30 -0
package/scripts/sdk/smoke.mjs +16 -0
package/scripts/settlement/x402-batch-worker.mjs +1091 -0
package/scripts/setup/circle-bootstrap.mjs +310 -0
package/scripts/setup/host-config.mjs +617 -0
package/scripts/setup/onboard.mjs +1337 -0
package/scripts/setup/openclaw-onboard.mjs +423 -0
package/scripts/setup/wizard.mjs +986 -0
package/scripts/slo/check.mjs +239 -0
package/scripts/smoke/k8s-smoke.mjs +214 -0
package/scripts/spec/generate-protocol-vectors.mjs +1019 -0
package/scripts/test/check-no-generated-artifacts.sh +12 -0
package/scripts/test/run.sh +59 -0
package/scripts/trust/validate-trust-file.mjs +57 -0
package/scripts/trust-config/rotate-settld-pay.mjs +277 -0
package/scripts/trust-config/wizard.mjs +161 -0
package/scripts/vendor-contract-test-lib.mjs +182 -0
package/scripts/vendor-contract-test.mjs +55 -0
package/scripts/vercel/build-mkdocs.sh +9 -0
package/scripts/vercel/ignore-mkdocs.sh +25 -0
package/scripts/vercel/install-mkdocs.sh +6 -0
package/scripts/verify-pg.js +217 -0
package/scripts/x402/receipt-verify.mjs +289 -0
package/services/finance-sink/src/dedupe-store.js +29 -6
package/services/receiver/src/dedupe-store.js +29 -5
package/services/x402-gateway/Dockerfile +13 -0
package/services/x402-gateway/README.md +58 -0
package/services/x402-gateway/examples/upstream-mock.js +337 -0
package/services/x402-gateway/src/server.js +1058 -0
package/src/api/app.js +34658 -16940
package/src/api/maintenance.js +70 -0
package/src/api/middleware/trust-kernel.js +114 -0
package/src/api/openapi.js +1778 -70
package/src/api/persistence.js +456 -0
package/src/api/server.js +81 -5
package/src/api/store.js +1581 -62
package/src/api/workers/deliveries.js +99 -4
package/src/api/workers/insolvency-sweep.js +159 -0
package/src/core/agent-card.js +69 -0
package/src/core/agent-wallets.js +231 -0
package/src/core/agreement-delegation.js +549 -0
package/src/core/billing-plans.js +40 -6
package/src/core/circle-reserve-adapter.js +845 -0
package/src/core/event-policy.js +21 -2
package/src/core/maintenance-locks.js +1 -0
package/src/core/operator-action.js +303 -0
package/src/core/paid-tool-manifest.js +318 -0
package/src/core/policy-decision.js +322 -0
package/src/core/policy-packs.js +207 -0
package/src/core/profile-fingerprint.js +27 -0
package/src/core/profile-simulation-reasons.js +84 -0
package/src/core/profile-templates.js +242 -0
package/src/core/provider-publish-conformance.js +525 -0
package/src/core/provider-publish-proof.js +396 -0
package/src/core/provider-quote-signature.js +170 -0
package/src/core/settld-keys.js +112 -0
package/src/core/settld-pay-token.js +344 -0
package/src/core/settlement-kernel.js +239 -2
package/src/core/settlement-verifier.js +335 -0
package/src/core/tool-call-agreement.js +112 -0
package/src/core/tool-call-evidence.js +144 -0
package/src/core/tool-provider-signature.js +98 -0
package/src/core/wallet-assignment-resolver.js +129 -0
package/src/core/wallet-provider-bootstrap.js +365 -0
package/src/core/x402-escalation-override.js +258 -0
package/src/core/x402-gate.js +118 -0
package/src/core/x402-provider-refund-decision.js +220 -0
package/src/core/x402-receipt-verifier.js +708 -0
package/src/core/x402-reversal-command.js +251 -0
package/src/core/x402-wallet-issuer-decision.js +252 -0
package/src/core/zk-verifier.js +300 -0
package/src/db/migrations/029_reputation_event_index.sql +54 -0
package/src/db/migrations/030_artifacts_source_event_unique_job_only.sql +15 -0
package/src/db/pg.js +18 -7
package/src/db/store-pg.js +1508 -111

package/src/core/event-policy.js CHANGED Viewed

@@ -33,13 +33,22 @@ const OPERATOR_SIGNED_TYPES = new Set([
   "OPERATOR_SHIFT_CLOSED"
 ]);
+const OPERATOR_EMERGENCY_SIGNED_TYPES = new Set([
+  "OPERATOR_EMERGENCY_PAUSE",
+  "OPERATOR_EMERGENCY_QUARANTINE",
+  "OPERATOR_EMERGENCY_REVOKE",
+  "OPERATOR_EMERGENCY_REVOKE_DELEGATION",
+  "OPERATOR_EMERGENCY_KILL_SWITCH",
+  "OPERATOR_EMERGENCY_RESUME"
+]);
 const ROBOT_OR_OPERATOR_SIGNED_TYPES = new Set(["ACCESS_GRANTED", "ACCESS_DENIED", "SKILL_USED", "ZONE_COVERAGE_REPORTED"]);
 const SERVER_OR_OPERATOR_SIGNED_TYPES = new Set(["INCIDENT_REPORTED", "CLAIM_TRIAGED"]);
 const SERVER_OR_ROBOT_SIGNED_TYPES = new Set(["EVIDENCE_CAPTURED", "JOB_EXECUTION_ABORTED", "JOB_EXECUTION_RESUMED", "ROBOT_UNHEALTHY"]);
-  const SERVER_SIGNED_TYPES = new Set([
+const SERVER_SIGNED_TYPES = new Set([
   "JOB_CREATED",
   "QUOTE_PROPOSED",
   "RISK_SCORED",
@@ -104,6 +113,8 @@ const SERVER_OR_ROBOT_SIGNED_TYPES = new Set(["EVIDENCE_CAPTURED", "JOB_EXECUTIO
 export function requiredSignerKindForEventType(eventType) {
   if (ROBOT_SIGNED_TYPES.has(eventType)) return SIGNER_KIND.ROBOT;
   if (OPERATOR_SIGNED_TYPES.has(eventType)) return SIGNER_KIND.OPERATOR;
+  if (OPERATOR_EMERGENCY_SIGNED_TYPES.has(eventType)) return SIGNER_KIND.OPERATOR;
+  if (typeof eventType === "string" && eventType.startsWith("OPERATOR_EMERGENCY_")) return SIGNER_KIND.OPERATOR;
   if (ROBOT_OR_OPERATOR_SIGNED_TYPES.has(eventType)) return SIGNER_KIND.ROBOT_OR_OPERATOR;
   if (SERVER_OR_OPERATOR_SIGNED_TYPES.has(eventType)) return SIGNER_KIND.SERVER_OR_OPERATOR;
   if (SERVER_OR_ROBOT_SIGNED_TYPES.has(eventType)) return SIGNER_KIND.SERVER_OR_ROBOT;
@@ -113,7 +124,15 @@ export function requiredSignerKindForEventType(eventType) {
 export function listKnownEventTypes() {
   const all = new Set();
-  for (const s of [ROBOT_SIGNED_TYPES, OPERATOR_SIGNED_TYPES, ROBOT_OR_OPERATOR_SIGNED_TYPES, SERVER_OR_OPERATOR_SIGNED_TYPES, SERVER_OR_ROBOT_SIGNED_TYPES, SERVER_SIGNED_TYPES]) {
+  for (const s of [
+    ROBOT_SIGNED_TYPES,
+    OPERATOR_SIGNED_TYPES,
+    OPERATOR_EMERGENCY_SIGNED_TYPES,
+    ROBOT_OR_OPERATOR_SIGNED_TYPES,
+    SERVER_OR_OPERATOR_SIGNED_TYPES,
+    SERVER_OR_ROBOT_SIGNED_TYPES,
+    SERVER_SIGNED_TYPES
+  ]) {
     for (const t of s) all.add(t);
   }
   return Array.from(all).sort();

package/src/core/maintenance-locks.js CHANGED Viewed

@@ -1,3 +1,4 @@
 export const RETENTION_CLEANUP_ADVISORY_LOCK_KEY = "settld:maintenance:retention_cleanup:v1";
 export const FINANCE_RECONCILE_ADVISORY_LOCK_KEY = "settld:maintenance:finance_reconcile:v1";
+export const MONEY_RAIL_RECONCILE_ADVISORY_LOCK_KEY = "settld:maintenance:money_rail_reconcile:v1";
 export const MIGRATIONS_ADVISORY_LOCK_KEY = "settld:migrations:v1";

package/src/core/operator-action.js ADDED Viewed

@@ -0,0 +1,303 @@
+import { canonicalJsonStringify, normalizeForCanonicalJson } from "./canonical-json.js";
+import { keyIdFromPublicKeyPem, sha256Hex, signHashHexEd25519, verifyHashHexEd25519 } from "./crypto.js";
+export const OPERATOR_ACTION_SCHEMA_VERSION = "OperatorAction.v1";
+export const OPERATOR_ACTION_SIGNATURE_SCHEMA_VERSION = "OperatorActionSignature.v1";
+const ALLOWED_CASE_KINDS = new Set(["challenge", "dispute", "escalation"]);
+const ALLOWED_ACTIONS = new Set(["APPROVE", "REJECT", "REQUEST_INFO", "OVERRIDE_ALLOW", "OVERRIDE_DENY"]);
+function assertPlainObject(value, name) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) throw new TypeError(`${name} must be an object`);
+  if (Object.getPrototypeOf(value) !== Object.prototype && Object.getPrototypeOf(value) !== null) {
+    throw new TypeError(`${name} must be a plain object`);
+  }
+}
+function assertNonEmptyString(value, name) {
+  if (typeof value !== "string" || value.trim() === "") throw new TypeError(`${name} must be a non-empty string`);
+  return String(value).trim();
+}
+function assertIsoDateTime(value, name) {
+  const out = assertNonEmptyString(value, name);
+  if (!/^\d{4}-\d{2}-\d{2}T/.test(out)) throw new TypeError(`${name} must be an ISO date-time`);
+  if (!Number.isFinite(Date.parse(out))) throw new TypeError(`${name} must be an ISO date-time`);
+  return new Date(out).toISOString();
+}
+function assertPemString(value, name) {
+  if (typeof value !== "string" || value.trim() === "") throw new TypeError(`${name} must be a non-empty PEM string`);
+  return value;
+}
+function assertId(value, name, { max = 200 } = {}) {
+  const out = assertNonEmptyString(value, name);
+  if (out.length > max) throw new TypeError(`${name} must be <= ${max} chars`);
+  if (!/^[A-Za-z0-9:._/-]+$/.test(out)) throw new TypeError(`${name} must match ^[A-Za-z0-9:._/-]+$`);
+  return out;
+}
+function assertOptionalId(value, name, { max = 200 } = {}) {
+  if (value === null || value === undefined || String(value).trim() === "") return null;
+  return assertId(value, name, { max });
+}
+function assertSha256Hex(value, name) {
+  const out = assertNonEmptyString(value, name).toLowerCase();
+  if (!/^[0-9a-f]{64}$/.test(out)) throw new TypeError(`${name} must be sha256 hex`);
+  return out;
+}
+function assertAction(value, name = "action.action") {
+  const out = assertNonEmptyString(value, name).toUpperCase();
+  if (!ALLOWED_ACTIONS.has(out)) {
+    throw new TypeError(`${name} must be APPROVE|REJECT|REQUEST_INFO|OVERRIDE_ALLOW|OVERRIDE_DENY`);
+  }
+  return out;
+}
+function assertJustificationCode(value, name = "action.justificationCode") {
+  const out = assertNonEmptyString(value, name).toUpperCase();
+  if (out.length > 128) throw new TypeError(`${name} must be <= 128 chars`);
+  if (!/^[A-Z][A-Z0-9._:-]*$/.test(out)) throw new TypeError(`${name} must match ^[A-Z][A-Z0-9._:-]*$`);
+  return out;
+}
+function assertOptionalJustificationText(value, name = "action.justification", { max = 2000 } = {}) {
+  if (value === null || value === undefined || String(value).trim() === "") return null;
+  const out = String(value).trim();
+  if (out.length > max) throw new TypeError(`${name} must be <= ${max} chars`);
+  return out;
+}
+function assertOptionalToken(value, name, { max = 128 } = {}) {
+  if (value === null || value === undefined || String(value).trim() === "") return null;
+  const out = String(value).trim().toLowerCase();
+  if (out.length > max) throw new TypeError(`${name} must be <= ${max} chars`);
+  if (!/^[a-z0-9._:-]+$/.test(out)) throw new TypeError(`${name} must match ^[a-z0-9._:-]+$`);
+  return out;
+}
+function normalizeCaseRef(action) {
+  const caseRefRaw = action.caseRef;
+  if (!caseRefRaw || typeof caseRefRaw !== "object" || Array.isArray(caseRefRaw)) {
+    throw new TypeError("action.caseRef must be an object");
+  }
+  const caseKind = assertNonEmptyString(caseRefRaw.kind, "action.caseRef.kind").toLowerCase();
+  if (!ALLOWED_CASE_KINDS.has(caseKind)) {
+    throw new TypeError("action.caseRef.kind must be challenge|dispute|escalation");
+  }
+  return normalizeForCanonicalJson(
+    {
+      kind: caseKind,
+      caseId: assertId(caseRefRaw.caseId, "action.caseRef.caseId", { max: 240 })
+    },
+    { path: "$.caseRef" }
+  );
+}
+function normalizeActor(actor) {
+  assertPlainObject(actor, "action.actor");
+  const operatorId = assertOptionalId(actor.operatorId ?? actor.id, "action.actor.operatorId", { max: 200 });
+  if (!operatorId) throw new TypeError("action.actor.operatorId is required");
+  const role = assertOptionalToken(actor.role, "action.actor.role", { max: 128 });
+  const tenantId = assertOptionalId(actor.tenantId, "action.actor.tenantId", { max: 128 });
+  const sessionId = assertOptionalId(actor.sessionId, "action.actor.sessionId", { max: 256 });
+  let metadata = null;
+  if (Object.prototype.hasOwnProperty.call(actor, "metadata")) {
+    assertPlainObject(actor.metadata, "action.actor.metadata");
+    metadata = normalizeForCanonicalJson(actor.metadata, { path: "$.actor.metadata" });
+  }
+  return normalizeForCanonicalJson(
+    {
+      operatorId,
+      ...(role ? { role } : {}),
+      ...(tenantId ? { tenantId } : {}),
+      ...(sessionId ? { sessionId } : {}),
+      ...(metadata ? { metadata } : {})
+    },
+    { path: "$.actor" }
+  );
+}
+function normalizeOperatorActionSignature(signature) {
+  assertPlainObject(signature, "action.signature");
+  return normalizeForCanonicalJson(
+    {
+      schemaVersion: (() => {
+        const schemaVersion = assertNonEmptyString(signature.schemaVersion, "action.signature.schemaVersion");
+        if (schemaVersion !== OPERATOR_ACTION_SIGNATURE_SCHEMA_VERSION) {
+          throw new TypeError(`action.signature.schemaVersion must be ${OPERATOR_ACTION_SIGNATURE_SCHEMA_VERSION}`);
+        }
+        return schemaVersion;
+      })(),
+      algorithm: (() => {
+        const algorithm = assertNonEmptyString(signature.algorithm, "action.signature.algorithm").toLowerCase();
+        if (algorithm !== "ed25519") throw new TypeError("action.signature.algorithm must be ed25519");
+        return "ed25519";
+      })(),
+      keyId: assertId(signature.keyId, "action.signature.keyId", { max: 256 }),
+      signedAt: assertIsoDateTime(signature.signedAt, "action.signature.signedAt"),
+      actionHash: assertSha256Hex(signature.actionHash, "action.signature.actionHash"),
+      signatureBase64: assertNonEmptyString(signature.signatureBase64, "action.signature.signatureBase64")
+    },
+    { path: "$.signature" }
+  );
+}
+export function buildOperatorActionV1(action = {}) {
+  assertPlainObject(action, "action");
+  if (action.schemaVersion !== undefined && action.schemaVersion !== null) {
+    const schemaVersion = assertNonEmptyString(action.schemaVersion, "action.schemaVersion");
+    if (schemaVersion !== OPERATOR_ACTION_SCHEMA_VERSION) {
+      throw new TypeError(`action.schemaVersion must be ${OPERATOR_ACTION_SCHEMA_VERSION}`);
+    }
+  }
+  let metadata = null;
+  if (Object.prototype.hasOwnProperty.call(action, "metadata")) {
+    assertPlainObject(action.metadata, "action.metadata");
+    metadata = normalizeForCanonicalJson(action.metadata, { path: "$.metadata" });
+  }
+  const normalized = normalizeForCanonicalJson(
+    {
+      schemaVersion: OPERATOR_ACTION_SCHEMA_VERSION,
+      ...(assertOptionalId(action.actionId, "action.actionId", { max: 240 })
+        ? { actionId: assertOptionalId(action.actionId, "action.actionId", { max: 240 }) }
+        : {}),
+      caseRef: normalizeCaseRef(action),
+      action: assertAction(action.action),
+      justificationCode: assertJustificationCode(action.justificationCode),
+      ...(assertOptionalJustificationText(action.justification) ? { justification: assertOptionalJustificationText(action.justification) } : {}),
+      actor: normalizeActor(action.actor),
+      actedAt: assertIsoDateTime(action.actedAt, "action.actedAt"),
+      ...(metadata ? { metadata } : {})
+    },
+    { path: "$" }
+  );
+  return normalized;
+}
+function normalizeSignedOperatorActionV1(action = {}) {
+  const normalizedAction = buildOperatorActionV1(action);
+  const signature = normalizeOperatorActionSignature(action.signature);
+  return normalizeForCanonicalJson(
+    {
+      ...normalizedAction,
+      signature
+    },
+    { path: "$" }
+  );
+}
+export function computeOperatorActionHashV1({ action } = {}) {
+  const normalizedAction = buildOperatorActionV1(action ?? {});
+  return sha256Hex(canonicalJsonStringify(normalizedAction));
+}
+export function signOperatorActionV1({ action, signedAt, publicKeyPem, privateKeyPem } = {}) {
+  const normalizedAction = buildOperatorActionV1(action ?? {});
+  const signerPublicKeyPem = assertPemString(publicKeyPem, "publicKeyPem");
+  const signerPrivateKeyPem = assertPemString(privateKeyPem, "privateKeyPem");
+  const actionHash = computeOperatorActionHashV1({ action: normalizedAction });
+  const signatureBase64 = signHashHexEd25519(actionHash, signerPrivateKeyPem);
+  return normalizeForCanonicalJson(
+    {
+      ...normalizedAction,
+      signature: {
+        schemaVersion: OPERATOR_ACTION_SIGNATURE_SCHEMA_VERSION,
+        algorithm: "ed25519",
+        keyId: keyIdFromPublicKeyPem(signerPublicKeyPem),
+        signedAt: assertIsoDateTime(signedAt ?? normalizedAction.actedAt, "signedAt"),
+        actionHash,
+        signatureBase64
+      }
+    },
+    { path: "$" }
+  );
+}
+export function verifyOperatorActionV1({ action, publicKeyPem } = {}) {
+  try {
+    const signerPublicKeyPem = assertPemString(publicKeyPem, "publicKeyPem");
+    assertPlainObject(action, "action");
+    const schemaVersion = assertNonEmptyString(action.schemaVersion, "action.schemaVersion");
+    if (schemaVersion !== OPERATOR_ACTION_SCHEMA_VERSION) {
+      return {
+        ok: false,
+        code: "OPERATOR_ACTION_SCHEMA_MISMATCH",
+        error: `action.schemaVersion must be ${OPERATOR_ACTION_SCHEMA_VERSION}`
+      };
+    }
+    if (!action.signature || typeof action.signature !== "object" || Array.isArray(action.signature)) {
+      return {
+        ok: false,
+        code: "OPERATOR_ACTION_SCHEMA_INVALID",
+        error: "action.signature must be an object"
+      };
+    }
+    if (String(action.signature.schemaVersion ?? "") !== OPERATOR_ACTION_SIGNATURE_SCHEMA_VERSION) {
+      return {
+        ok: false,
+        code: "OPERATOR_ACTION_SIGNATURE_SCHEMA_MISMATCH",
+        error: `action.signature.schemaVersion must be ${OPERATOR_ACTION_SIGNATURE_SCHEMA_VERSION}`
+      };
+    }
+    const normalized = normalizeSignedOperatorActionV1(action);
+    const expectedKeyId = keyIdFromPublicKeyPem(signerPublicKeyPem);
+    if (normalized.signature.keyId !== expectedKeyId) {
+      return {
+        ok: false,
+        code: "OPERATOR_ACTION_KEY_ID_MISMATCH",
+        error: "signature keyId mismatch"
+      };
+    }
+    const actionHash = computeOperatorActionHashV1({ action: normalized });
+    if (normalized.signature.actionHash !== actionHash) {
+      return {
+        ok: false,
+        code: "OPERATOR_ACTION_HASH_MISMATCH",
+        error: "action hash mismatch"
+      };
+    }
+    const signatureValid = verifyHashHexEd25519({
+      hashHex: actionHash,
+      signatureBase64: normalized.signature.signatureBase64,
+      publicKeyPem: signerPublicKeyPem
+    });
+    if (!signatureValid) {
+      return {
+        ok: false,
+        code: "OPERATOR_ACTION_SIGNATURE_INVALID",
+        error: "signature invalid"
+      };
+    }
+    const normalizedAction = buildOperatorActionV1(normalized);
+    return {
+      ok: true,
+      code: null,
+      error: null,
+      actionHash,
+      keyId: normalized.signature.keyId,
+      action: normalizedAction,
+      signedAction: normalized
+    };
+  } catch (err) {
+    return {
+      ok: false,
+      code: "OPERATOR_ACTION_SCHEMA_INVALID",
+      error: err?.message ?? String(err ?? "")
+    };
+  }
+}

package/src/core/paid-tool-manifest.js ADDED Viewed

@@ -0,0 +1,318 @@
+import { canonicalJsonStringify, normalizeForCanonicalJson } from "./canonical-json.js";
+import { sha256Hex } from "./crypto.js";
+export const PAID_TOOL_MANIFEST_SCHEMA_VERSION_V1 = "PaidToolManifest.v1";
+export const PAID_TOOL_MANIFEST_SCHEMA_VERSION_V2 = "PaidToolManifest.v2";
+export const PAID_TOOL_MANIFEST_SCHEMA_VERSION = PAID_TOOL_MANIFEST_SCHEMA_VERSION_V1;
+function assertPlainObject(value, name) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    throw new TypeError(`${name} must be an object`);
+  }
+}
+function normalizeNonEmptyString(value, name, { max = 256 } = {}) {
+  const text = typeof value === "string" ? value.trim() : "";
+  if (!text) throw new TypeError(`${name} is required`);
+  if (text.length > max) throw new TypeError(`${name} must be <= ${max} chars`);
+  return text;
+}
+function normalizeOptionalString(value, name, { max = 2048 } = {}) {
+  if (value === null || value === undefined || String(value).trim() === "") return null;
+  const text = String(value).trim();
+  if (text.length > max) throw new TypeError(`${name} must be <= ${max} chars`);
+  return text;
+}
+function normalizeOptionalAbsoluteHttpUrl(value, name) {
+  const raw = normalizeOptionalString(value, name, { max: 2048 });
+  if (!raw) return null;
+  let parsed = null;
+  try {
+    parsed = new URL(raw);
+  } catch {
+    throw new TypeError(`${name} must be an absolute URL`);
+  }
+  if (parsed.protocol !== "https:" && parsed.protocol !== "http:") {
+    throw new TypeError(`${name} must use http or https`);
+  }
+  return parsed.toString();
+}
+function normalizeManifestSchemaVersion(value) {
+  const text = normalizeNonEmptyString(value, "manifest.schemaVersion", { max: 64 });
+  if (text === PAID_TOOL_MANIFEST_SCHEMA_VERSION_V1 || text === PAID_TOOL_MANIFEST_SCHEMA_VERSION_V2) return text;
+  throw new TypeError(
+    `manifest.schemaVersion must be ${PAID_TOOL_MANIFEST_SCHEMA_VERSION_V1} or ${PAID_TOOL_MANIFEST_SCHEMA_VERSION_V2}`
+  );
+}
+function normalizeToolClass(value, name) {
+  const raw = normalizeOptionalString(value, name, { max: 32 });
+  const normalized = raw ? raw.toLowerCase() : null;
+  if (normalized === null) return null;
+  if (!["read", "compute", "action"].includes(normalized)) {
+    throw new TypeError(`${name} must be read|compute|action`);
+  }
+  return normalized;
+}
+function normalizeRiskLevel(value, name) {
+  const raw = normalizeOptionalString(value, name, { max: 32 });
+  if (!raw) return null;
+  const normalized = raw.toLowerCase() === "med" ? "medium" : raw.toLowerCase();
+  if (!["low", "medium", "high"].includes(normalized)) {
+    throw new TypeError(`${name} must be low|medium|high`);
+  }
+  return normalized;
+}
+function normalizeStringArray(value, name, { maxItems = 32, maxLen = 64 } = {}) {
+  if (value === null || value === undefined) return [];
+  if (!Array.isArray(value)) throw new TypeError(`${name} must be an array`);
+  const out = [];
+  const seen = new Set();
+  for (let i = 0; i < value.length; i += 1) {
+    const row = normalizeNonEmptyString(value[i], `${name}[${i}]`, { max: maxLen }).toLowerCase();
+    if (seen.has(row)) continue;
+    seen.add(row);
+    out.push(row);
+    if (out.length > maxItems) throw new TypeError(`${name} must contain <= ${maxItems} items`);
+  }
+  return out;
+}
+function normalizeRequiredSignatures(value, name) {
+  const allowed = new Set(["quote", "output", "refund_decision"]);
+  const out = normalizeStringArray(value, name, { maxItems: 8, maxLen: 32 });
+  for (const item of out) {
+    if (!allowed.has(item)) throw new TypeError(`${name} contains unsupported value: ${item}`);
+  }
+  return out;
+}
+function normalizeRequestBinding(value, name) {
+  const raw = normalizeOptionalString(value, name, { max: 32 });
+  if (!raw) return null;
+  const normalized = raw.toLowerCase();
+  if (!["strict", "recommended", "none"].includes(normalized)) {
+    throw new TypeError(`${name} must be strict|recommended|none`);
+  }
+  return normalized;
+}
+function normalizeHttpMethod(value, name) {
+  const method = normalizeNonEmptyString(value ?? "GET", name, { max: 16 }).toUpperCase();
+  if (!["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"].includes(method)) {
+    throw new TypeError(`${name} must be GET|POST|PUT|PATCH|DELETE|HEAD`);
+  }
+  return method;
+}
+function normalizeCurrency(value, name) {
+  const raw = typeof value === "string" && value.trim() !== "" ? value.trim().toUpperCase() : "USD";
+  if (!/^[A-Z][A-Z0-9_]{2,11}$/.test(raw)) throw new TypeError(`${name} must match ^[A-Z][A-Z0-9_]{2,11}$`);
+  return raw;
+}
+function normalizePositiveSafeInt(value, name) {
+  const n = Number(value);
+  if (!Number.isSafeInteger(n) || n <= 0) throw new TypeError(`${name} must be a positive safe integer`);
+  return n;
+}
+function normalizeRoutePath(value, name) {
+  const text = normalizeNonEmptyString(value, name, { max: 1024 });
+  if (!text.startsWith("/")) throw new TypeError(`${name} must start with /`);
+  if (text.includes("..")) throw new TypeError(`${name} must not contain path traversal`);
+  return text;
+}
+function normalizePricing(rawPricing, defaults, fieldPath) {
+  const pricing = rawPricing && typeof rawPricing === "object" && !Array.isArray(rawPricing) ? rawPricing : {};
+  const amountCents = normalizePositiveSafeInt(pricing.amountCents ?? defaults.amountCents ?? 500, `${fieldPath}.amountCents`);
+  const currency = normalizeCurrency(pricing.currency ?? defaults.currency ?? "USD", `${fieldPath}.currency`);
+  return normalizeForCanonicalJson({ amountCents, currency }, { path: "$" });
+}
+function normalizeToolSecurity(rawSecurity, defaults, fieldPath) {
+  const security = rawSecurity && typeof rawSecurity === "object" && !Array.isArray(rawSecurity) ? rawSecurity : {};
+  const requiredSignatures = normalizeRequiredSignatures(
+    security.requiredSignatures ?? security.required_signatures ?? defaults.requiredSignatures ?? [],
+    `${fieldPath}.requiredSignatures`
+  );
+  const requestBinding =
+    normalizeRequestBinding(security.requestBinding ?? security.request_binding ?? defaults.requestBinding, `${fieldPath}.requestBinding`) ??
+    "recommended";
+  return normalizeForCanonicalJson(
+    {
+      requiredSignatures,
+      requestBinding
+    },
+    { path: "$" }
+  );
+}
+function normalizeTool(rawTool, defaults, { index, schemaVersion }) {
+  assertPlainObject(rawTool, `tools[${index}]`);
+  const toolId = normalizeNonEmptyString(rawTool.toolId, `tools[${index}].toolId`, { max: 128 });
+  const mcpToolName = normalizeOptionalString(rawTool.mcpToolName, `tools[${index}].mcpToolName`, { max: 180 });
+  const description = normalizeOptionalString(rawTool.description, `tools[${index}].description`, { max: 1000 });
+  const method = normalizeHttpMethod(rawTool.method ?? "GET", `tools[${index}].method`);
+  const upstreamPath = normalizeOptionalString(rawTool.upstreamPath, `tools[${index}].upstreamPath`, { max: 1024 });
+  const paidPath = normalizeRoutePath(rawTool.paidPath, `tools[${index}].paidPath`);
+  const idempotency = normalizeOptionalString(rawTool.idempotency, `tools[${index}].idempotency`, { max: 64 }) ?? defaults.idempotency ?? "idempotent";
+  const signatureMode = normalizeOptionalString(rawTool.signatureMode, `tools[${index}].signatureMode`, { max: 64 }) ?? defaults.signatureMode ?? "required";
+  if (!["idempotent", "non_idempotent", "side_effecting"].includes(String(idempotency))) {
+    throw new TypeError(`tools[${index}].idempotency must be idempotent|non_idempotent|side_effecting`);
+  }
+  if (!["required", "optional"].includes(String(signatureMode))) {
+    throw new TypeError(`tools[${index}].signatureMode must be required|optional`);
+  }
+  const pricing = normalizePricing(rawTool.pricing, defaults, `tools[${index}].pricing`);
+  const auth =
+    rawTool.auth && typeof rawTool.auth === "object" && !Array.isArray(rawTool.auth)
+      ? normalizeForCanonicalJson(rawTool.auth, { path: "$" })
+      : normalizeForCanonicalJson({ mode: "none" }, { path: "$" });
+  const metadata =
+    rawTool.metadata && typeof rawTool.metadata === "object" && !Array.isArray(rawTool.metadata)
+      ? normalizeForCanonicalJson(rawTool.metadata, { path: "$" })
+      : null;
+  const isV2 = schemaVersion === PAID_TOOL_MANIFEST_SCHEMA_VERSION_V2;
+  const toolClass = normalizeToolClass(
+    rawTool.toolClass ?? rawTool.tool_class ?? defaults.toolClass ?? null,
+    `tools[${index}].toolClass`
+  );
+  const riskLevel = normalizeRiskLevel(
+    rawTool.riskLevel ?? rawTool.risk_level ?? defaults.riskLevel ?? null,
+    `tools[${index}].riskLevel`
+  );
+  const capabilityTags = normalizeStringArray(
+    rawTool.capabilityTags ?? rawTool.capability_tags ?? rawTool.tags ?? [],
+    `tools[${index}].capabilityTags`,
+    { maxItems: 64, maxLen: 80 }
+  );
+  const security = normalizeToolSecurity(rawTool.security ?? null, defaults, `tools[${index}].security`);
+  return normalizeForCanonicalJson(
+    {
+      toolId,
+      mcpToolName,
+      description,
+      method,
+      upstreamPath,
+      paidPath,
+      pricing,
+      idempotency,
+      signatureMode,
+      auth,
+      metadata,
+      ...(isV2
+        ? {
+            toolClass: toolClass ?? "read",
+            riskLevel: riskLevel ?? "low",
+            capabilityTags,
+            security
+          }
+        : {})
+    },
+    { path: "$" }
+  );
+}
+export function normalizePaidToolManifestV1(manifestInput) {
+  assertPlainObject(manifestInput, "manifest");
+  const schemaVersion = normalizeManifestSchemaVersion(manifestInput.schemaVersion);
+  const isV2 = schemaVersion === PAID_TOOL_MANIFEST_SCHEMA_VERSION_V2;
+  const providerId = normalizeNonEmptyString(manifestInput.providerId, "manifest.providerId", { max: 160 });
+  const upstreamBaseUrl = normalizeOptionalString(manifestInput.upstreamBaseUrl, "manifest.upstreamBaseUrl", { max: 2048 });
+  const publishProofJwksUrl = normalizeOptionalAbsoluteHttpUrl(
+    manifestInput.publishProofJwksUrl,
+    "manifest.publishProofJwksUrl"
+  );
+  const sourceOpenApiPath = normalizeOptionalString(manifestInput.sourceOpenApiPath, "manifest.sourceOpenApiPath", { max: 2048 });
+  const defaultsRaw =
+    manifestInput.defaults && typeof manifestInput.defaults === "object" && !Array.isArray(manifestInput.defaults)
+      ? manifestInput.defaults
+      : {};
+  const defaults = normalizeForCanonicalJson(
+    {
+      amountCents: normalizePositiveSafeInt(defaultsRaw.amountCents ?? 500, "manifest.defaults.amountCents"),
+      currency: normalizeCurrency(defaultsRaw.currency ?? "USD", "manifest.defaults.currency"),
+      idempotency: normalizeOptionalString(defaultsRaw.idempotency, "manifest.defaults.idempotency", { max: 64 }) ?? "idempotent",
+      signatureMode: normalizeOptionalString(defaultsRaw.signatureMode, "manifest.defaults.signatureMode", { max: 64 }) ?? "required",
+      ...(isV2
+        ? {
+            toolClass: normalizeToolClass(defaultsRaw.toolClass ?? defaultsRaw.tool_class ?? null, "manifest.defaults.toolClass") ?? "read",
+            riskLevel: normalizeRiskLevel(defaultsRaw.riskLevel ?? defaultsRaw.risk_level ?? null, "manifest.defaults.riskLevel") ?? "low",
+            requiredSignatures: normalizeRequiredSignatures(
+              defaultsRaw.requiredSignatures ?? defaultsRaw.required_signatures ?? ["output"],
+              "manifest.defaults.requiredSignatures"
+            ),
+            requestBinding:
+              normalizeRequestBinding(
+                defaultsRaw.requestBinding ?? defaultsRaw.request_binding ?? null,
+                "manifest.defaults.requestBinding"
+              ) ?? "recommended"
+          }
+        : {})
+    },
+    { path: "$" }
+  );
+  if (!["idempotent", "non_idempotent", "side_effecting"].includes(String(defaults.idempotency))) {
+    throw new TypeError("manifest.defaults.idempotency must be idempotent|non_idempotent|side_effecting");
+  }
+  if (!["required", "optional"].includes(String(defaults.signatureMode))) {
+    throw new TypeError("manifest.defaults.signatureMode must be required|optional");
+  }
+  if (!Array.isArray(manifestInput.tools) || manifestInput.tools.length === 0) {
+    throw new TypeError("manifest.tools must be a non-empty array");
+  }
+  const tools = manifestInput.tools.map((row, index) => normalizeTool(row, defaults, { index, schemaVersion }));
+  const seenToolIds = new Set();
+  const seenPaidPaths = new Set();
+  for (const tool of tools) {
+    if (seenToolIds.has(tool.toolId)) throw new TypeError(`manifest.tools contains duplicate toolId: ${tool.toolId}`);
+    if (seenPaidPaths.has(tool.paidPath)) throw new TypeError(`manifest.tools contains duplicate paidPath: ${tool.paidPath}`);
+    seenToolIds.add(tool.toolId);
+    seenPaidPaths.add(tool.paidPath);
+  }
+  const capabilityTags = normalizeStringArray(
+    manifestInput.capabilityTags ?? manifestInput.capability_tags ?? manifestInput.tags ?? [],
+    "manifest.capabilityTags",
+    { maxItems: 64, maxLen: 80 }
+  );
+  return normalizeForCanonicalJson(
+    {
+      schemaVersion,
+      providerId,
+      upstreamBaseUrl,
+      publishProofJwksUrl,
+      sourceOpenApiPath,
+      defaults,
+      tools,
+      ...(isV2 ? { capabilityTags } : {})
+    },
+    { path: "$" }
+  );
+}
+export function validatePaidToolManifestV1(manifestInput) {
+  try {
+    const manifest = normalizePaidToolManifestV1(manifestInput);
+    return { ok: true, manifest };
+  } catch (err) {
+    return { ok: false, code: "PAID_TOOL_MANIFEST_INVALID", message: err?.message ?? String(err ?? "") };
+  }
+}
+export function computePaidToolManifestHashV1(manifestInput) {
+  const manifest = normalizePaidToolManifestV1(manifestInput);
+  return sha256Hex(canonicalJsonStringify(manifest));
+}