x402-trust-layer 5.1.0

package/CHANGELOG.md

@@ -0,0 +1,55 @@
+# Changelog
+
+All notable changes to this project are documented here. Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+
+## [5.1.0] - 2026-06-03
+
+### Added
+
+- **58 paid routes** including Agent Trust Protocol v4 (`/api/protocol/*`), A2A execute, Bedrock preflight.
+- Production Docker: non-root user, `scripts/docker-entrypoint.sh` (Railway volume `chown`), `DATA_DIR=/app/data`.
+- Docs: [RAILWAY-DEPLOY.md](docs/RAILWAY-DEPLOY.md), [PRODUCTION-HARDENING.md](docs/PRODUCTION-HARDENING.md), [X402GLE-COOLDOWN.md](docs/X402GLE-COOLDOWN.md).
+- `npm run sync:public` — sync `public/data/agents.json`, `llms.txt`, `skill.md` from catalog + OpenAPI.
+- Health/deploy metadata: `GET /health` includes `deploy`, `documentation`, `facilitator`, SQLite path.
+
+### Changed
+
+- Routes modularized under `src/routes/` (`register-all.ts`, `catalog.ts`, `schemas.ts`, `shared.ts`).
+- Landing site and agent docs updated to 58 endpoints; npm package `x402-trust-layer@5.1.0`.
+
+## [3.1.0] - 2026-05-19
+
+### Security
+
+- SSRF hardening: deny private/metadata/reserved hosts before outbound `fetch`; probes no longer follow redirects.
+- Attestations signed with server-only `ATTESTATION_HMAC_SECRET` (HMAC-SHA256); removed public-`payTo` signing.
+- Verifier probe IDs gated behind `ALLOW_VERIFIER_PROBE_IDS=1` (exact `att_verifier_probe_example` only).
+- Host allow/block lists use exact/subdomain matching (no substring bypass).
+- x402gle challenge token removed from global response headers.
+- Paid resource URLs canonicalized in production (forged `Host` ignored off localhost).
+- Rate limiting on `/api/*` (default 120 req/min/IP).
+- Production 500 responses no longer leak exception messages.
+- Solana receipt auditor fails closed until on-chain verification exists.
+- Verifier example bodies cannot override `targetUrl`, `policy`, or `origin`.
+
+### Fixed
+
+- Demo client: Solana RPC override, payer/receive wallet guard, Base payment preference.
+- x402 resource URL mismatch for local demo vs `PUBLIC_BASE_URL`.
+- OpenAPI lists 24 paid paths only (free `/health`, `/.well-known/x402` omitted from `paths`).
+
+### Added
+
+- `docs/ARCHITECTURE.md`, `CONTRIBUTING.md`, expanded `docs/SECURITY.md`.
+- GitHub Actions CI: typecheck, bazaar verify, production 402 probe.
+- `docs/DEPLOY-CHECKLIST.md`, `docs/ROADMAP.md`.
+- MIT `LICENSE`, package metadata (author, repository).
+
+## [3.0.0] - 2026-05
+
+- 24 paid x402 routes: buy-advisor, audition-coach, proxy, guard, pipeline, MPP v2, attestations.
+- Multi-chain Base + Solana via Dexter facilitator.
+- Agentic Market / OpenAPI / Bazaar discovery.
+
+[5.1.0]: https://github.com/mimranchohan/x402-trust-layer/compare/v5.0.0...v5.1.0
+[3.1.0]: https://github.com/mimranchohan/x402-trust-layer/compare/v3.0.0...v3.1.0

package/DEPLOY.md

@@ -0,0 +1,53 @@
+# Deployment Guide
+
+Deploy **x402 Trust Layer v5.1** (58 paid endpoints) to Railway via Docker.
+
+**Canonical checklist:** [docs/RAILWAY-DEPLOY.md](docs/RAILWAY-DEPLOY.md)  
+**Production hardening:** [docs/PRODUCTION-HARDENING.md](docs/PRODUCTION-HARDENING.md)
+
+## Prerequisites
+
+- GitHub: https://github.com/mimranchohan/x402-trust-layer
+- Solana + Base (+ optional Polygon) USDC receive wallets
+- Railway account
+
+## Railway (recommended)
+
+`railway.toml` uses `builder = "DOCKERFILE"`. The image runs `scripts/docker-entrypoint.sh` so SQLite can write to a volume at **`/app/data`** (not `/app`).
+
+### Variables
+
+| Variable | Required | Value |
+|----------|----------|--------|
+| `PAY_TO_ADDRESS` | **Yes** | Solana USDC receive |
+| `PAY_TO_EVM` | **Yes** | EVM USDC receive |
+| `NETWORKS` | **Yes** | `base,solana,polygon` |
+| `ATTESTATION_HMAC_SECRET` | **Yes** | `openssl rand -hex 32` |
+| `PUBLIC_BASE_URL` | **Yes** (custom domain) | `https://x402trustlayer.xyz` |
+| `DATA_DIR` | No | `/app/data` (default; match volume mount) |
+| `FACILITATOR_URL` | No | `https://x402.dexter.cash` |
+
+**Never** put payer private keys on Railway.
+
+### Volume
+
+Mount **`/app/data`** only. See troubleshooting in [docs/RAILWAY-DEPLOY.md](docs/RAILWAY-DEPLOY.md) for `dist/index.js` and `SQLITE_CANTOPEN` errors.
+
+### Verify
+
+```bash
+curl https://x402trustlayer.xyz/health
+npm run probe:production
+```
+
+## npm package
+
+Publish or install the server package:
+
+```bash
+npm install x402-trust-layer
+```
+
+Registry: https://www.npmjs.com/package/x402-trust-layer
+
+Client helpers: `packages/x402-preflight`, `packages/trust-layer-mcp`.

package/Dockerfile

@@ -0,0 +1,30 @@
+FROM node:22-alpine AS build
+RUN apk add --no-cache python3 make g++
+WORKDIR /app
+COPY package.json package-lock.json ./
+COPY scripts/patch-facilitator-timeout.mjs scripts/patch-facilitator-timeout.mjs
+RUN npm ci
+COPY tsconfig.json openapi.json ./
+COPY src ./src
+RUN npm run build
+
+FROM node:22-alpine
+RUN apk add --no-cache su-exec
+RUN addgroup -S app && adduser -S app -G app
+WORKDIR /app
+ENV NODE_ENV=production
+COPY package.json package-lock.json ./
+COPY scripts/patch-facilitator-timeout.mjs scripts/patch-facilitator-timeout.mjs
+RUN npm ci --omit=dev
+COPY --from=build /app/dist ./dist
+COPY openapi.json ./
+COPY public ./public
+RUN mkdir -p /app/data && chown -R app:app /app
+COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+ENV DATA_DIR=/app/data
+EXPOSE 3402
+HEALTHCHECK --interval=30s --timeout=10s --start-period=15s \
+  CMD node -e "const http=require('http');const p=process.env.PORT||3402;http.get('http://127.0.0.1:'+p+'/health',r=>{process.exit(r.statusCode===200?0:1)}).on('error',()=>process.exit(1))"
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+CMD ["node", "dist/index.js"]

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Mimran Chohan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,294 @@
+<p align="center">
+  <img src="public/assets/x402-trustlayer-logo.png" alt="x402 Trust Layer" width="280" />
+</p>
+
+<h1 align="center">x402 Trust Layer</h1>
+
+<p align="center"><strong>The trust layer for agent payments.</strong><br/>
+<code>x402trustlayer.xyz</code> · Guard · Attest · Comply · Audit</p>
+
+<p align="center">
+<a href="https://x402trustlayer.xyz"><img src="https://img.shields.io/badge/x402%20Trust%20Layer-live-16C7C0" alt="live"/></a>
+<a href="https://x402gle.com/servers/x402trustlayer.xyz"><img src="https://img.shields.io/badge/x402gle-listed-16C7C0" alt="x402gle"/></a>
+<a href="https://dexter.cash/sellers/9c7tE587KpGYBjiNQrjw3nGvxQHhSYKU4Ba6WRgQsHkt"><img src="https://img.shields.io/badge/Dexter-seller-green" alt="Dexter"/></a>
+<a href="https://www.npmjs.com/package/x402-trust-layer"><img src="https://img.shields.io/badge/npm-x402--trust--layer-CB3837" alt="npm"/></a>
+<a href="https://github.com/mimranchohan/x402-trust-layer"><img src="https://img.shields.io/badge/GitHub-x402--trust--layer-24292f" alt="github"/></a>
+</p>
+
+---
+
+> **x402 Trust Layer** *(x402 Agent Suite Pro)* — **58 paid x402 APIs** for guard,
+> attestation, compliance, settlement, and **Agent Trust Protocol v4**. Live at **https://x402trustlayer.xyz**
+
+A control plane for autonomous agent commerce. Fifty-eight paid x402 APIs that an
+AI agent calls *before, during, and after* it spends money — to decide whether a
+merchant is trustworthy, whether a payment is allowed, which rail is cheapest, and
+whether the response it paid for was actually worth it. Everything settles in USDC
+over the [Dexter facilitator](https://x402.dexter.cash), on Base or Solana, for a
+few cents a call.
+
+**Live:** https://x402trustlayer.xyz *
+
+
+### The four layers
+
+| | Layer | Does | Key endpoints |
+|---|-------|------|---------------|
+| **01** | **Guard** | Preflight spend / identity / risk before any payment | `/guard/pre-x402` · `/x402/proxy` |
+| **02** | **Attestation** | Issue, verify & register agent credentials and mandates | `/attestation/*` · `/mandate/*` |
+| **03** | **Compliance** | Ledgers, evidence bundles, disputes, refunds | `/compliance/ledger` · `/dispute/resolve` · `/refund-arbiter` |
+| **04** | **Settlement Ops** | Rail routing, MPP sessions, escrow, receipt audit | `/rail-optimizer` · `/mpp/session` · `/receipt-auditor` |
+
+---
+
+## Why this exists
+
+The agentic-payments stack has matured fast — Visa shipped a CLI that lets agents
+pay over card rails, Stripe has MPP on Tempo, Google published AP2, and Coinbase's
+x402 turned any HTTP 402 into a settlement instruction. What's missing is the
+*judgement layer*. An agent can now pay anyone, instantly, with no human in the loop.
+That's exactly the problem.
+
+This suite is the missing judgement layer. It answers the questions a careful
+finance team would ask on the agent's behalf, in the milliseconds before money moves:
+
+- *Is this merchant real, or is it a wash-traded shell I should avoid?*
+- *Is this payment inside the mandate the human actually authorized?*
+- *Base, Solana, Visa, or Stripe — which rail is cheapest and most disputable here?*
+- *Did I get the data I paid for, or should this be refunded?*
+- *Can I hand my CFO a clean, signed, tax-ready record of everything the fleet spent?*
+
+Each answer is its own endpoint, priced per call, and composable into a single
+guarded pipeline.
+
+---
+
+## What's new (v5.1)
+
+- **58 paid routes** — protocol v4 (`/api/protocol/*`), A2A, Bedrock preflight, trust v2 bundles.
+- **Production hardening** — SQLite mandates/idempotency/webhooks, HMAC attestations, SSRF DNS guard, helmet/cors, Vitest, RFC 9457 errors. See [PRODUCTION-HARDENING.md](docs/PRODUCTION-HARDENING.md).
+- **Railway Docker** — volume at `/app/data`, entrypoint fixes permissions, `GET /health` reports `deploy` + `documentation` links.
+- **npm:** [`x402-trust-layer`](https://www.npmjs.com/package/x402-trust-layer) · **GitHub:** [mimranchohan/x402-trust-layer](https://github.com/mimranchohan/x402-trust-layer)
+
+```bash
+npm run sync:public   # refresh public/data/agents.json, llms.txt, skill.md
+npm run ci            # before deploy
+```
+
+---
+
+## Proof it works
+
+This isn't a mock. As of the last release every route was exercised with **real,
+on-chain USDC settlement on Base**, and the whole origin is indexed on x402scan:
+
+- **OpenAPI / discovery** — 58 paid paths; `npm run verify:bazaar` + `npm run probe:production`.
+- **Live paid pass** — endpoints return `402` on unpaid probes; settlement via [Dexter](https://x402.dexter.cash) / OpenDexter.
+- **x402gle auditions** (live, paid, response-scored):
+  - `POST /api/pipeline/execute` → **93** · [audition](https://x402gle.com/audition/04540084-c255-44fd-957a-1487eafaa23d)
+  - `POST /api/mpp/session-plan` → **86** · [audition](https://x402gle.com/audition/4e16c507-5c6e-4b9e-96e2-a1cba9732a55)
+  - `POST /api/quality-monitor/probe` → **82** · [audition](https://x402gle.com/audition/fbad6aad-d2f8-4ccb-9684-3f6474c03784)
+
+Want to run the pass yourself? See **[docs/TESTING.md](docs/TESTING.md)** — it has a
+ready-to-send request body for every single endpoint.
+
+---
+
+## The three things most agents need
+
+You rarely need all 58 routes at once. For the common case, reach for one of these:
+
+| Endpoint | Price | Use it when |
+|----------|-------|-------------|
+| `POST /api/x402/proxy` | **$0.08** | Default preflight before any external `x402_fetch` — policy + risk + attestation in one call |
+| `POST /api/guard/pre-x402` | **$0.05** | Same policy bundle, no downstream probe |
+| `POST /api/pipeline/execute` | **$0.25** | Full orchestration: pick a marketplace API, guard it, route the payment, return a plan |
+
+Spend-governor, identity-gate, and risk-gate run *inside* guard and proxy. Call them
+on their own only when you're debugging a specific decision.
+
+```typescript
+// The 3-line integration most fleets ship
+const pre = await x402Fetch(`${BASE}/api/x402/proxy`, {
+  method: "POST",
+  body: JSON.stringify({ agentId, walletAddress, targetUrl, estimatedCostUsdc: 0.05, policy }),
+});
+if (!(await pre.json()).allowed) throw new Error("blocked by policy");
+// → now x402_check / x402_fetch the target, then POST /api/receipt-auditor/verify
+```
+
+---
+
+## The full catalog — 58 paid APIs
+
+Canonical list: **`GET /openapi.json`**, **`GET /api/agents`**, or **[docs/AGENT-CATALOG.md](docs/AGENT-CATALOG.md)**. Includes **Agent Trust Protocol v4** (`POST /api/protocol/*`). Short version:
+
+### Tier-1 — enterprise control plane
+
+The newest layer, built for the Visa CLI / AP2 era: trust, verifiable intent,
+cross-rail routing, compliance, disputes, and quality-gated settlement.
+
+| Endpoint | Price | What it does |
+|----------|-------|--------------|
+| `POST /api/merchant-trust/score` | $0.06 | Know-Your-Merchant score: wash-trading, verified ratio, latency, live probe → pay / caution / avoid |
+| `POST /api/mandate/compile` | $0.08 | Turns a human intent into a signed, scoped AP2-style payment mandate |
+| `POST /api/mandate/verify` | $0.02 | Checks a proposed payment against a mandate's signature and scope |
+| `POST /api/rail-optimizer/route` | $0.04 | Picks the cheapest, most disputable rail across Visa CLI / Stripe MPP / Circle / Base / Solana |
+| `POST /api/compliance/ledger` | $0.12 | CFO/SOC2-grade spend reconciliation with policy-violation flags |
+| `POST /api/dispute/resolve` | $0.10 | Builds a Visa chargeback dossier or an on-chain refund claim |
+| `POST /api/quality-escrow/settle` | $0.10 | Holds payment in escrow, releases only if the response clears a quality bar |
+
+### Entry points & orchestration
+
+| Endpoint | Price | What it does |
+|----------|-------|--------------|
+| `POST /api/x402/proxy` | $0.08 | One-call preflight: policy + risk + optional probe + attestation |
+| `POST /api/guard/pre-x402` | $0.05 | Combined spend / identity / risk gate |
+| `POST /api/pipeline/execute` | $0.25 | Marketplace pick → guard → route → execution plan |
+| `POST /api/payment-intent/compile` | $0.15 | Compiles a natural-language task into a budgeted payment intent |
+| `POST /api/facilitator/failover` | $0.05 | Health-checks facilitators and picks a live one |
+| `POST /api/mpp/session-plan` | $0.02 | Estimates the cost/shape of a Stripe-MPP-style metered session |
+
+### Core gates & utilities
+
+| Endpoint | Price | What it does |
+|----------|-------|--------------|
+| `POST /api/spend-governor/check` | $0.03 | Per-call and daily cap enforcement |
+| `POST /api/identity-gate/check` | $0.05 | Wallet tier / network checks before spending |
+| `POST /api/risk-gate/scan` | $0.08 | Target-URL and price sanity scan |
+| `POST /api/router/route` | $0.02 | Finds the best marketplace API for a query |
+| `POST /api/research/brief` | $0.20 | Quick grounded brief, optionally with price data |
+| `POST /api/receipt-auditor/verify` | $0.05 | Verifies a settlement receipt against the expected amount/network |
+
+### MPP, attestation, trust & enterprise
+
+| Endpoint | Price | What it does |
+|----------|-------|--------------|
+| `POST /api/mpp/session` | $0.03 | Open / close a metered payment session |
+| `POST /api/attestation/issue` | $0.04 | Issues a signed attestation that a payment passed policy |
+| `POST /api/attestation/verify` | $0.02 | Verifies an attestation by id |
+| `GET  /api/attestation/registry` | $0.02 | Queries the trust registry of valid attestations |
+| `POST /api/refund-arbiter/evaluate` | $0.08 | Decides whether a weak response merits a refund |
+| `POST /api/settlement-graph/next` | $0.02 | Suggests the next logical endpoint in a workflow |
+| `POST /api/quality-monitor/probe` | $0.03 | Probes a set of URLs for liveness and response quality |
+| `POST /api/budget-allocator/run` | $0.03 | Allocates a shared pool across a fleet by priority |
+| `POST /api/evidence-locker/export` | $0.10 | Exports an immutable evidence bundle of spend records |
+| `POST /api/agent-escrow` | $0.12 | Create / release agent-to-agent escrow |
+
+### Seller / buyer tooling
+
+| Endpoint | Price | What it does |
+|----------|-------|--------------|
+| `POST /api/market/buy-advisor` | $0.08 | Ranks marketplace APIs before you pay |
+| `POST /api/seller/audition-coach` | $0.06 | Flags OpenAPI/402 problems before a Dexter audition |
+
+Every paid response carries a **trust envelope** — `confidence`, `checks_passed`,
+`sources`, and an `accuracy_note` — so the calling agent can reason about how much
+to rely on the answer.
+
+---
+
+## How to test it
+
+Three levels, from free to fully paid. The complete walkthrough with a request body
+for every endpoint is in **[docs/TESTING.md](docs/TESTING.md)**.
+
+```bash
+BASE=https://x402trustlayer.xyz
+
+# 1) Free — confirm everything is alive and paywalled
+npm run probe:production
+curl -i -X POST $BASE/api/merchant-trust/score          # expect HTTP 402
+
+# 2) One paid call (any x402 client / OpenDexter x402_fetch)
+#    point it at an endpoint, set a per-call cap, send the example body
+
+# 3) Full paid pass — npm run demo (see docs/TESTING.md for per-route bodies)
+npm run demo
+```
+
+Paid calls need a wallet with a little USDC. Most endpoints cost $0.02–$0.12;
+`pipeline/execute` is the priciest at $0.25. Always set a per-call cap.
+
+---
+
+## Discovery surfaces
+
+| URL | Purpose |
+|-----|---------|
+| `GET /openapi.json` | Canonical contract (x402scan / AgentCash read this first) |
+| `GET /.well-known/x402` | Paid resource catalog |
+| `GET /.well-known/x402/v2` | x402 v2 discovery |
+| `GET /llms.txt` · `GET /skill.md` | Agent index (sync via `npm run sync:public`) |
+| `GET /x402/api/services.json` | Bazaar manifest |
+| `GET /api/agents` | Live route list with prices and tiers |
+
+Re-register on x402scan any time with `node scripts/register-x402scan.mjs`
+(or the [Add API](https://www.x402scan.com/resources/register) form). Don't register
+`/health` — it isn't payable.
+
+---
+
+## Run it locally
+
+```bash
+git clone https://github.com/mimranchohan/x402-trust-layer.git
+cd x402-trust-layer
+cp .env.example .env
+npm install
+npm run dev
+```
+
+Multi-chain config (Base-first, Solana enabled):
+
+```env
+NETWORKS=base,solana
+PAY_TO_EVM=0xYourEvmWallet
+PAY_TO_ADDRESS=YourSolanaWallet
+FACILITATOR_URL=https://x402.dexter.cash
+```
+
+---
+
+## Deploy (Railway)
+
+Dockerfile + `railway.toml`. Persistent SQLite: volume mount **`/app/data`**, `DATA_DIR=/app/data` (or omit). Do **not** mount `/app` — it hides `dist/index.js`.
+
+Full steps: **[docs/RAILWAY-DEPLOY.md](docs/RAILWAY-DEPLOY.md)** · **[DEPLOY.md](DEPLOY.md)**
+
+```bash
+curl https://x402trustlayer.xyz/health   # expect db: ok, endpointCount: 58
+```
+
+## npm
+
+| Package | Purpose |
+|---------|---------|
+| [`x402-trust-layer`](https://www.npmjs.com/package/x402-trust-layer) | This server (58 paid APIs) |
+| `x402-agent-suite-preflight` | Client preflight helpers (`packages/x402-preflight`) |
+| `@mimranakb/trust-layer-mcp` | MCP tools (`packages/trust-layer-mcp`) |
+
+```bash
+npm install x402-trust-layer
+npm publish   # maintainers only, after version bump
+```
+
+---
+
+## Docs
+
+| Doc | Topic |
+|-----|-------|
+| [RAILWAY-DEPLOY.md](docs/RAILWAY-DEPLOY.md) | Volume mount, env, crash troubleshooting |
+| [PRODUCTION-HARDENING.md](docs/PRODUCTION-HARDENING.md) | Security & data phases 1–8 |
+| [AGENT-CATALOG.md](docs/AGENT-CATALOG.md) | Agent reference — logic, schemas, examples |
+| [TESTING.md](docs/TESTING.md) | Test every endpoint, ready-to-send bodies |
+| [X402GLE-COOLDOWN.md](docs/X402GLE-COOLDOWN.md) | x402gle audition cooldown |
+| [ARCHITECTURE.md](docs/ARCHITECTURE.md) | System design and request lifecycle |
+| [INTEGRATE.md](docs/INTEGRATE.md) | Fleet flow, attestation, the 3-line rule |
+| [MARKETPLACES.md](docs/MARKETPLACES.md) | Dexter + x402scan + Agentic listing |
+| [CHANGELOG.md](CHANGELOG.md) | Release notes |
+
+---
+
+MIT © mimranchohan

package/dist/agents/a2a-payment.d.ts

@@ -0,0 +1,37 @@
+import { z } from "zod";
+import type { Request, Response } from "express";
+declare const A2APaymentSchema: z.ZodObject<{
+    buyerAgentId: z.ZodString;
+    sellerAgentId: z.ZodString;
+    sellerEndpoint: z.ZodString;
+    taskDescription: z.ZodString;
+    maxBudgetUsdc: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    buyerAgentId: string;
+    sellerEndpoint: string;
+    maxBudgetUsdc: number;
+    sellerAgentId: string;
+    taskDescription: string;
+}, {
+    buyerAgentId: string;
+    sellerEndpoint: string;
+    maxBudgetUsdc: number;
+    sellerAgentId: string;
+    taskDescription: string;
+}>;
+export type A2APaymentInput = z.infer<typeof A2APaymentSchema>;
+export declare function executeA2APayment(params: A2APaymentInput): Promise<{
+    success: boolean;
+    sellerResponse: any;
+    paymentReceipt: string | null;
+}>;
+export declare function runA2APayment(input: A2APaymentInput): Promise<{
+    buyerAgentId: string;
+    sellerAgentId: string;
+    sellerEndpoint: string;
+    success: boolean;
+    sellerResponse: any;
+    paymentReceipt: string | null;
+} & import("../lib/agent-response.js").AgentTrustMeta>;
+export declare function handleA2APaymentRoute(req: Request, res: Response): Promise<void>;
+export {};

package/dist/agents/a2a-payment.js

@@ -0,0 +1,105 @@
+import { z } from "zod";
+import { config } from "../config.js";
+function isProduction() {
+    return process.env.NODE_ENV === "production" || !!process.env.RAILWAY_ENVIRONMENT;
+}
+function assertA2AOrchestratorAllowed() {
+    if (isProduction() && !config.a2aOrchestratorEnabled) {
+        throw new Error("A2A orchestrator disabled in production. Set A2A_ORCHESTRATOR_ENABLED=1 only on dedicated signing hosts.");
+    }
+}
+import { agentTrustMeta, withAgentTrust } from "../lib/agent-response.js";
+import { assertSafeOutboundUrl } from "../lib/ssrf.js";
+import { buildX402Fetch } from "../lib/x402-client-options.js";
+import { parseWithVerifierFallback } from "../lib/parse-with-verifier-fallback.js";
+const A2APaymentSchema = z.object({
+    buyerAgentId: z.string().min(1),
+    sellerAgentId: z.string().min(1),
+    sellerEndpoint: z.string().url(),
+    taskDescription: z.string().min(1).max(4000),
+    maxBudgetUsdc: z.number().positive().max(10),
+});
+async function payerFetch(maxBudgetUsdc) {
+    const evm = process.env.EVM_PRIVATE_KEY?.trim();
+    const sol = process.env.SOLANA_PRIVATE_KEY?.trim();
+    if (!evm && !sol) {
+        throw new Error("A2A execute requires EVM_PRIVATE_KEY or SOLANA_PRIVATE_KEY on the orchestrator (never pass keys in request body)");
+    }
+    return buildX402Fetch(fetch, {
+        maxAmountAtomic: String(Math.ceil(maxBudgetUsdc * 1_000_000)),
+        preferredNetwork: "eip155:8453",
+    });
+}
+export async function executeA2APayment(params) {
+    assertA2AOrchestratorAllowed();
+    const validated = A2APaymentSchema.parse(params);
+    assertSafeOutboundUrl(validated.sellerEndpoint);
+    const trustRes = await fetch(`${config.publicBaseUrl}/api/merchant-trust/score`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ targetUrl: validated.sellerEndpoint }),
+    });
+    const trust = (await trustRes.json());
+    if (trust.recommendation === "avoid") {
+        throw new Error(`A2A payment blocked: seller trust too low (score=${trust.score ?? "unknown"})`);
+    }
+    const agentFetch = await payerFetch(validated.maxBudgetUsdc);
+    const response = await agentFetch(validated.sellerEndpoint, {
+        method: "POST",
+        headers: {
+            "content-type": "application/json",
+            "x-buyer-agent-id": validated.buyerAgentId,
+            "x-seller-agent-id": validated.sellerAgentId,
+        },
+        body: JSON.stringify({ task: validated.taskDescription }),
+    });
+    if (!response.ok) {
+        throw new Error(`A2A call failed: HTTP ${response.status}`);
+    }
+    return {
+        success: true,
+        sellerResponse: await response.json(),
+        paymentReceipt: response.headers.get("PAYMENT-RESPONSE"),
+    };
+}
+export async function runA2APayment(input) {
+    const result = await executeA2APayment(input);
+    return withAgentTrust({
+        ...result,
+        buyerAgentId: input.buyerAgentId,
+        sellerAgentId: input.sellerAgentId,
+        sellerEndpoint: input.sellerEndpoint,
+    }, agentTrustMeta(["a2a_preflight", "trust_score", "spend_cap"], {
+        confidence: 0.95,
+        sources: ["a2a-x402", "merchant-trust"],
+        accuracy_note: "Agent-to-agent orchestration; payer keys never accepted from client body.",
+    }));
+}
+export async function handleA2APaymentRoute(req, res) {
+    const parsed = parseWithVerifierFallback("/api/a2a/execute", A2APaymentSchema, req.body);
+    if (!parsed.success) {
+        res.status(400).json({ error: parsed.error.flatten() });
+        return;
+    }
+    try {
+        const result = await runA2APayment(parsed.data);
+        res.json(result);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        const orchestratorReady = !/EVM_PRIVATE_KEY|SOLANA_PRIVATE_KEY/i.test(message);
+        res.json({
+            success: false,
+            allowed: false,
+            orchestratorReady,
+            error: message,
+            buyerAgentId: parsed.data.buyerAgentId,
+            sellerAgentId: parsed.data.sellerAgentId,
+            sellerEndpoint: parsed.data.sellerEndpoint,
+            checks_passed: orchestratorReady ? [] : ["a2a_schema_valid"],
+            accuracy_note: orchestratorReady
+                ? "A2A call failed at runtime"
+                : "Orchestrator payer keys not configured — schema and trust preflight still valid for catalog probes",
+        });
+    }
+}

package/dist/agents/agent-escrow.d.ts

@@ -0,0 +1,30 @@
+export type EscrowInput = {
+    action: "create";
+    payerAgentId: string;
+    payeeAgentId: string;
+    amountUsdc: number;
+    releaseCondition: string;
+    metadata?: Record<string, unknown>;
+} | {
+    action: "status";
+    escrowId: string;
+} | {
+    action: "release";
+    escrowId: string;
+};
+export declare function runAgentEscrow(input: EscrowInput): Promise<{
+    ok: boolean;
+    escrow: import("../lib/escrow-ledger.js").EscrowRecord;
+    error?: undefined;
+    message?: undefined;
+} | {
+    ok: boolean;
+    error: string;
+    escrow?: undefined;
+    message?: undefined;
+} | {
+    ok: boolean;
+    escrow: import("../lib/escrow-ledger.js").EscrowRecord;
+    message: string;
+    error?: undefined;
+}>;

package/dist/agents/agent-escrow.js

@@ -0,0 +1,23 @@
+import { createEscrow, getEscrow, releaseEscrow } from "../lib/escrow-ledger.js";
+export async function runAgentEscrow(input) {
+    if (input.action === "create") {
+        const record = await createEscrow({
+            payerAgentId: input.payerAgentId,
+            payeeAgentId: input.payeeAgentId,
+            amountUsdc: input.amountUsdc,
+            releaseCondition: input.releaseCondition,
+            metadata: input.metadata,
+        });
+        return { ok: true, escrow: record };
+    }
+    if (input.action === "status") {
+        const record = await getEscrow(input.escrowId);
+        if (!record)
+            return { ok: false, error: "Escrow not found" };
+        return { ok: true, escrow: record };
+    }
+    const record = await releaseEscrow(input.escrowId);
+    if (!record)
+        return { ok: false, error: "Escrow not found or not pending" };
+    return { ok: true, escrow: record, message: "Escrow marked released. Execute USDC transfer via your agent wallet." };
+}

package/dist/agents/agent-verify.d.ts

@@ -0,0 +1,15 @@
+import type { Request, Response } from "express";
+import { type WithAgentTrust } from "../lib/agent-response.js";
+import { type TrustScoreResult } from "../lib/erc8004/trust-score.js";
+export type AgentVerifyInput = {
+    walletAddress: string;
+    agentId?: string | number;
+    skipCache?: boolean;
+    requestHeaders?: Record<string, unknown>;
+};
+export type AgentVerifyResult = WithAgentTrust<TrustScoreResult & {
+    recommendation: string;
+    integrationHint: string;
+}>;
+export declare function runAgentVerify(input: AgentVerifyInput): Promise<AgentVerifyResult>;
+export declare function handleAgentLookup(req: Request, res: Response): Promise<void>;