x402-trust-layer 5.1.0

package/dist/lib/bazaar.js

@@ -0,0 +1,341 @@
+import { config } from "../config.js";
+import { listEndpoints } from "../routes.js";
+import { SUITE_VERSION } from "./version.js";
+const SERVICE_NAME = "x402 Trust Layer";
+const SERVICE_DESCRIPTION = "55 paid x402 trust infrastructure APIs: guard, semantic escrow, mandate diff, certified sellers, ERC-8004, plus Agent Trust Protocol v4 (passport, trust v2, fraud, oracle, PoE, escrow FSM, replay, zk, credit bureau).";
+const ENDPOINT_META = {
+    "/api/x402/proxy": {
+        summary: "One-call preflight: guard + security grade + attestation + probe",
+        category: "Infrastructure",
+        tags: ["x402", "proxy", "preflight", "guard"],
+    },
+    "/api/mpp/session": {
+        summary: "MPP session open, voucher, and close for batch settlement savings",
+        category: "Infrastructure",
+        tags: ["mpp", "batch", "solana"],
+    },
+    "/api/attestation/issue": {
+        summary: "Issue signed preflight attestation for trust networks",
+        category: "Trust",
+        tags: ["attestation", "trust", "security"],
+    },
+    "/api/attestation/verify": {
+        summary: "Verify attestation signature before downstream payment",
+        category: "Trust",
+        tags: ["attestation", "verify"],
+    },
+    "/api/attestation/registry": {
+        summary: "Query active attestations registry",
+        category: "Trust",
+        tags: ["attestation", "registry"],
+    },
+    "/api/guard/pre-x402": {
+        summary: "Spend + identity + risk + security grade before any x402 pay",
+        category: "Infrastructure",
+        tags: ["guard", "preflight", "policy"],
+    },
+    "/api/agent/verify": {
+        summary: "ERC-8004 TrustScore on Base mainnet — agent identity and reputation",
+        category: "Trust",
+        tags: ["erc-8004", "identity", "trust-score", "agent"],
+    },
+    "/api/pipeline/execute": {
+        summary: "Full agent pipeline: guard, plan, facilitator, routing in one call",
+        category: "Orchestration",
+        tags: ["pipeline", "orchestration"],
+    },
+    "/api/payment-intent/compile": {
+        summary: "Compile multi-step x402 execution plan from natural language",
+        category: "Orchestration",
+        tags: ["plan", "compiler"],
+    },
+    "/api/facilitator/failover": {
+        summary: "Rank facilitators and recommend failover path",
+        category: "Infrastructure",
+        tags: ["facilitator", "failover"],
+    },
+    "/api/mpp/session-plan": {
+        summary: "Estimate MPP session vs per-call settlement savings",
+        category: "Infrastructure",
+        tags: ["mpp", "estimate"],
+    },
+    "/api/spend-governor/check": {
+        summary: "Enforce agent daily and per-call spend caps",
+        category: "Policy",
+        tags: ["spend", "budget", "policy"],
+    },
+    "/api/identity-gate/check": {
+        summary: "Wallet identity tier and risk scoring",
+        category: "Policy",
+        tags: ["identity", "wallet", "kyc"],
+    },
+    "/api/risk-gate/scan": {
+        summary: "Probe URL security, HTTPS, and x402 payment requirements",
+        category: "Security",
+        tags: ["risk", "scan", "security"],
+    },
+    "/api/router/route": {
+        summary: "Route capability query to best x402 API (suite-first)",
+        category: "Discovery",
+        tags: ["router", "marketplace"],
+    },
+    "/api/research/brief": {
+        summary: "Research pipeline plan and cost estimate",
+        category: "Research",
+        tags: ["research", "brief"],
+    },
+    "/api/receipt-auditor/verify": {
+        summary: "Verify x402 settlement receipt on-chain",
+        category: "Audit",
+        tags: ["receipt", "audit", "settlement"],
+    },
+    "/api/refund-arbiter/evaluate": {
+        summary: "Evaluate refund eligibility from verification signals",
+        category: "Trust",
+        tags: ["refund", "arbiter"],
+    },
+    "/api/budget-allocator/run": {
+        summary: "Allocate shared USDC pool across agent fleet",
+        category: "Enterprise",
+        tags: ["budget", "fleet"],
+    },
+    "/api/settlement-graph/next": {
+        summary: "Recommend next paid APIs after a settlement",
+        category: "Intelligence",
+        tags: ["graph", "recommendations"],
+    },
+    "/api/quality-monitor/probe": {
+        summary: "Regression probe up to 10 x402 endpoints",
+        category: "Quality",
+        tags: ["monitor", "quality"],
+    },
+    "/api/evidence-locker/export": {
+        summary: "Export compliance audit bundle for settlements",
+        category: "Enterprise",
+        tags: ["compliance", "audit"],
+    },
+    "/api/agent-escrow": {
+        summary: "Create, status, or release agent-to-agent USDC escrow",
+        category: "Enterprise",
+        tags: ["escrow", "agents"],
+    },
+    "/api/market/buy-advisor": {
+        summary: "x402 buy quote: rank paid APIs, policy, chain, MPP before you pay",
+        category: "Discovery",
+        tags: ["marketplace", "quote", "discovery"],
+    },
+    "/api/seller/audition-coach": {
+        summary: "Seller audition coach: OpenAPI, 402 probes, x402gle fixes before ingest",
+        category: "Quality",
+        tags: ["seller", "audition", "discovery", "quality"],
+    },
+    "/api/merchant-trust/score": {
+        summary: "Know-Your-Merchant trust + wash-trading score before payment",
+        category: "Trust",
+        tags: ["trust", "kym", "wash-trade", "preflight"],
+    },
+    "/api/mandate/compile": {
+        summary: "Compile signed AP2-style payment mandate from human intent",
+        category: "Trust",
+        tags: ["mandate", "ap2", "intent", "governance"],
+    },
+    "/api/mandate/verify": {
+        summary: "Verify mandate signature and scope a proposed payment",
+        category: "Trust",
+        tags: ["mandate", "verify", "governance"],
+    },
+    "/api/rail-optimizer/route": {
+        summary: "Choose best rail: Visa CLI, Stripe MPP, Circle, Base, Solana",
+        category: "Infrastructure",
+        tags: ["rail", "router", "visa-cli", "mpp"],
+    },
+    "/api/compliance/ledger": {
+        summary: "CFO/SOC2-grade spend reconciliation with tamper-evident hash",
+        category: "Enterprise",
+        tags: ["compliance", "audit", "cfo", "ledger"],
+    },
+    "/api/dispute/resolve": {
+        summary: "Visa chargeback dossier or on-chain refund claim builder",
+        category: "Trust",
+        tags: ["dispute", "chargeback", "visa", "refund"],
+    },
+    "/api/quality-escrow/settle": {
+        summary: "Quality-gated escrow with response verification and auto-refund",
+        category: "Trust",
+        tags: ["escrow", "quality", "refund", "trust"],
+    },
+    "/api/quality-escrow/semantic-settle": {
+        summary: "Semantic delivery escrow: intent rubric + schema match before release/refund",
+        category: "Trust",
+        tags: ["escrow", "semantic", "delivery", "trust"],
+    },
+    "/api/mandate/diff": {
+        summary: "Intent diff: mandate scope vs MCP tool trace before payment",
+        category: "Trust",
+        tags: ["mandate", "intent", "diff", "governance"],
+    },
+    "/api/merchant-trust/certify": {
+        summary: "Certify x402 seller with badge and buyer access policy",
+        category: "Trust",
+        tags: ["certification", "seller", "kym", "trust-network"],
+    },
+    "/api/trust-network/buyer-gate": {
+        summary: "Buyer gate for certified sellers: attestation + tier check",
+        category: "Trust",
+        tags: ["trust-network", "attestation", "buyer", "gate"],
+    },
+    "/api/pipeline/trust-v2": {
+        summary: "One-shot: mandate diff + KYM ingest + guard + certified buyer gate",
+        category: "Orchestration",
+        tags: ["pipeline", "trust-v2", "orchestration"],
+    },
+    "/api/trust-network/bond/slash": {
+        summary: "Slash certified seller virtual bond after failed delivery",
+        category: "Trust",
+        tags: ["bond", "slash", "seller", "trust-network"],
+    },
+    "/api/protocol/pipeline/full-trust": {
+        summary: "Full Agent Trust Protocol v4 pipeline before x402 payment",
+        category: "Protocol",
+        tags: ["protocol", "trust", "pipeline"],
+    },
+    "/api/protocol/passport/issue": {
+        summary: "Issue Agent Passport DID verifiable credential",
+        category: "Protocol",
+        tags: ["did", "identity", "passport"],
+    },
+    "/api/protocol/trust-score/v2": {
+        summary: "Tamper-resistant TrustScore v2 with HMAC proof",
+        category: "Protocol",
+        tags: ["trust-score", "erc8004"],
+    },
+    "/api/protocol/fraud/scan": {
+        summary: "Graph fraud scan: Sybil, wash trading, circular payments",
+        category: "Protocol",
+        tags: ["fraud", "risk"],
+    },
+    "/api/protocol/execution/issue": {
+        summary: "Proof of Execution receipt with tool and settlement proofs",
+        category: "Protocol",
+        tags: ["poe", "receipt", "audit"],
+    },
+    "/api/protocol/escrow/create": {
+        summary: "Create escrow state machine (CREATED)",
+        category: "Protocol",
+        tags: ["escrow", "fsm"],
+    },
+    "/api/protocol/replay/bind": {
+        summary: "Replay-safe binding: nonce + resource hash + request hash",
+        category: "Protocol",
+        tags: ["replay", "security"],
+    },
+    "/api/protocol/credit/score": {
+        summary: "AI Agent Credit Bureau score 300-900",
+        category: "Protocol",
+        tags: ["credit", "bureau"],
+    },
+};
+function parseEndpointEntry(entry) {
+    const [method, route] = entry.path.split(" ");
+    const priceUsdc = Number(entry.price.replace(/^\$/, "")) || 0;
+    return { method: method ?? "POST", path: route ?? entry.path, priceUsdc };
+}
+export function buildBazaarRoutes() {
+    return listEndpoints().map((entry) => {
+        const { method, path, priceUsdc } = parseEndpointEntry(entry);
+        const meta = ENDPOINT_META[path] ?? {
+            summary: entry.path,
+            category: "Infrastructure",
+            tags: ["x402"],
+        };
+        const resource = `${config.publicBaseUrl}${path}`;
+        return {
+            resource,
+            method,
+            path,
+            priceUsdc,
+            priceDisplay: entry.price,
+            tier: entry.tier,
+            summary: meta.summary,
+            category: meta.category,
+            tags: meta.tags,
+            networks: config.networks,
+            payTo: config.payTo,
+            facilitatorUrl: config.facilitatorUrl,
+            extensions: {
+                bazaar: {
+                    discoverable: true,
+                    category: meta.category,
+                    tags: meta.tags,
+                },
+            },
+        };
+    });
+}
+export function buildServicesManifest() {
+    return {
+        x402Version: 2,
+        name: SERVICE_NAME,
+        description: SERVICE_DESCRIPTION,
+        baseUrl: config.publicBaseUrl,
+        facilitatorUrl: config.facilitatorUrl,
+        payTo: config.payTo,
+        networks: config.networks,
+        openapi: `${config.publicBaseUrl}/openapi.json`,
+        discover: `${config.publicBaseUrl}/x402/api/discover`,
+        routes: buildBazaarRoutes(),
+        updatedAt: new Date().toISOString(),
+    };
+}
+export function buildWellKnownX402() {
+    const payToMap = {};
+    for (const network of config.networks) {
+        if (network.startsWith("solana:"))
+            payToMap[network] = config.payTo;
+        else
+            payToMap[network] = config.payToEvm || config.payTo;
+    }
+    return {
+        x402Version: 2,
+        name: SERVICE_NAME,
+        version: SUITE_VERSION,
+        description: SERVICE_DESCRIPTION,
+        baseUrl: config.publicBaseUrl,
+        paymentRequired: true,
+        facilitator: config.facilitatorUrl,
+        payTo: payToMap,
+        networks: config.networks,
+        discovery: {
+            services: `${config.publicBaseUrl}/x402/api/services.json`,
+            discover: `${config.publicBaseUrl}/x402/api/discover`,
+            openapi: `${config.publicBaseUrl}/openapi.json`,
+        },
+        agenticMarket: {
+            validateUrl: "https://agentic.market/",
+            note: "Use Validate Endpoint per resource URL; settlements via CDP facilitator index faster on Agentic Market",
+        },
+    };
+}
+export function buildDiscoverCatalog() {
+    const routes = buildBazaarRoutes();
+    return {
+        service: SERVICE_NAME,
+        version: SUITE_VERSION,
+        endpointCount: routes.length,
+        resources: routes.map((r) => ({
+            url: r.resource,
+            method: r.method,
+            description: r.summary,
+            priceUsdc: r.priceUsdc,
+            category: r.category,
+            tags: r.tags,
+            accepts: r.networks.map((network) => ({
+                scheme: "exact",
+                network,
+                payTo: config.payTo,
+                amountUsdc: r.priceUsdc,
+            })),
+            extensions: r.extensions,
+        })),
+    };
+}

package/dist/lib/certified-sellers.d.ts

@@ -0,0 +1,41 @@
+export type AgentTier = "BRONZE" | "SILVER" | "GOLD" | "PLATINUM";
+export type SellerAccessPolicy = {
+    requireAttestation: boolean;
+    minAgentTier: AgentTier;
+    minTrustScore: number;
+    minSecurityGrade: "A" | "B" | "C" | "D";
+};
+export type CertifiedSellerRecord = {
+    host: string;
+    badgeId: string;
+    certifiedAt: string;
+    expiresAt: string;
+    trustScoreAtCert: number;
+    grade: string;
+    recommendation: string;
+    policy: SellerAccessPolicy;
+    goodResponseProfile?: {
+        requiredKeys?: string[];
+        minLengthBytes?: number;
+        forbidEmpty?: boolean;
+    };
+    /** USDC bond (virtual ledger) — slash on failed delivery claims */
+    bondUsdc?: number;
+    bondRemainingUsdc?: number;
+    signature: string;
+};
+export declare function tierMeets(min: AgentTier, actual: AgentTier): boolean;
+export declare function gradeMeets(min: SellerAccessPolicy["minSecurityGrade"], actual: string): boolean;
+export declare function upsertCertification(input: Omit<CertifiedSellerRecord, "badgeId" | "certifiedAt" | "expiresAt" | "signature"> & {
+    ttlDays?: number;
+    bondUsdc?: number;
+}): Promise<CertifiedSellerRecord>;
+export declare function getCertifiedHost(host: string): Promise<CertifiedSellerRecord | null>;
+export declare function slashSellerBond(host: string, amountUsdc: number, reason: string): Promise<{
+    ok: boolean;
+    host: string;
+    slashedUsdc: number;
+    bondRemainingUsdc: number;
+    reason: string;
+}>;
+export declare function listCertifiedHosts(limit?: number): Promise<CertifiedSellerRecord[]>;

package/dist/lib/certified-sellers.js

@@ -0,0 +1,129 @@
+import { createHmac, randomBytes } from "node:crypto";
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { config } from "../config.js";
+const root = path.dirname(fileURLToPath(import.meta.url));
+const storePath = path.join(root, "..", "..", "data", "certified-sellers.json");
+const TIER_ORDER = ["BRONZE", "SILVER", "GOLD", "PLATINUM"];
+const GRADE_ORDER = ["A", "B", "C", "D", "F"];
+export function tierMeets(min, actual) {
+    return TIER_ORDER.indexOf(actual) >= TIER_ORDER.indexOf(min);
+}
+export function gradeMeets(min, actual) {
+    const a = GRADE_ORDER.indexOf(min);
+    const b = GRADE_ORDER.indexOf(actual);
+    if (a < 0 || b < 0)
+        return false;
+    return b <= a;
+}
+async function loadStore() {
+    try {
+        const raw = await readFile(storePath, "utf8");
+        const parsed = JSON.parse(raw);
+        return Array.isArray(parsed) ? parsed : [];
+    }
+    catch {
+        return [];
+    }
+}
+async function saveStore(rows) {
+    await mkdir(path.dirname(storePath), { recursive: true });
+    await writeFile(storePath, JSON.stringify(rows.slice(-200), null, 2), "utf8");
+}
+function canonical(record) {
+    return JSON.stringify({
+        host: record.host,
+        badgeId: record.badgeId,
+        certifiedAt: record.certifiedAt,
+        expiresAt: record.expiresAt,
+        trustScoreAtCert: record.trustScoreAtCert,
+        policy: record.policy,
+        bondRemainingUsdc: record.bondRemainingUsdc ?? 0,
+    });
+}
+function sign(payload) {
+    return createHmac("sha256", config.attestationHmacSecret).update(payload).digest("hex");
+}
+export async function upsertCertification(input) {
+    const host = input.host.toLowerCase();
+    const badgeId = `cert_${randomBytes(6).toString("hex")}`;
+    const certifiedAt = new Date().toISOString();
+    const ttlDays = input.ttlDays ?? 30;
+    const expiresAt = new Date(Date.now() + ttlDays * 24 * 60 * 60_000).toISOString();
+    const bondUsdc = input.bondUsdc ?? 0;
+    const base = {
+        host,
+        badgeId,
+        certifiedAt,
+        expiresAt,
+        trustScoreAtCert: input.trustScoreAtCert,
+        grade: input.grade,
+        recommendation: input.recommendation,
+        policy: input.policy,
+        goodResponseProfile: input.goodResponseProfile,
+        bondUsdc: bondUsdc > 0 ? bondUsdc : undefined,
+        bondRemainingUsdc: bondUsdc > 0 ? bondUsdc : undefined,
+    };
+    const signature = sign(canonical(base));
+    const record = { ...base, signature };
+    const rows = await loadStore().then((r) => r.filter((x) => x.host !== host));
+    rows.push(record);
+    await saveStore(rows);
+    return record;
+}
+export async function getCertifiedHost(host) {
+    const h = host.toLowerCase();
+    const rows = await loadStore();
+    const record = rows.find((r) => r.host === h) ?? null;
+    if (!record)
+        return null;
+    if (new Date(record.expiresAt) < new Date())
+        return null;
+    const expected = sign(canonical({
+        host: record.host,
+        badgeId: record.badgeId,
+        certifiedAt: record.certifiedAt,
+        expiresAt: record.expiresAt,
+        trustScoreAtCert: record.trustScoreAtCert,
+        grade: record.grade,
+        recommendation: record.recommendation,
+        policy: record.policy,
+        goodResponseProfile: record.goodResponseProfile,
+        bondUsdc: record.bondUsdc,
+        bondRemainingUsdc: record.bondRemainingUsdc,
+    }));
+    if (expected !== record.signature)
+        return null;
+    return record;
+}
+export async function slashSellerBond(host, amountUsdc, reason) {
+    const h = host.toLowerCase();
+    const rows = await loadStore();
+    const idx = rows.findIndex((r) => r.host === h);
+    if (idx < 0) {
+        return { ok: false, host: h, slashedUsdc: 0, bondRemainingUsdc: 0, reason: "not_certified" };
+    }
+    const record = rows[idx];
+    const remaining = Math.max(0, (record.bondRemainingUsdc ?? 0) - amountUsdc);
+    const slashed = Math.min(amountUsdc, record.bondRemainingUsdc ?? 0);
+    const updated = {
+        ...record,
+        bondRemainingUsdc: remaining,
+        signature: sign(canonical({
+            ...record,
+            bondRemainingUsdc: remaining,
+        })),
+    };
+    rows[idx] = updated;
+    await saveStore(rows);
+    return { ok: slashed > 0, host: h, slashedUsdc: slashed, bondRemainingUsdc: remaining, reason };
+}
+export async function listCertifiedHosts(limit = 50) {
+    const now = Date.now();
+    const rows = await loadStore();
+    return rows
+        .filter((r) => new Date(r.expiresAt).getTime() > now)
+        .slice(-limit)
+        .reverse();
+}

package/dist/lib/chains.d.ts

@@ -0,0 +1,20 @@
+/** Supported x402 settlement networks (CAIP-2) */
+export declare const CHAIN_IDS: {
+    readonly solana: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp";
+    readonly base: "eip155:8453";
+    readonly polygon: "eip155:137";
+    readonly base_sepolia: "eip155:84532";
+    readonly solana_devnet: "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1";
+};
+export type ChainKey = keyof typeof CHAIN_IDS;
+/** USDC token address / mint per chain (Agentic + CDP expect network-correct asset) */
+export declare const USDC_ASSET: Record<ChainKey, string>;
+export declare function usdcAssetForCaip2(network: string): string | undefined;
+export declare function parseChainList(raw: string | undefined): ChainKey[];
+export declare function caip2Networks(chains: ChainKey[]): string[];
+/** Human chain keys → CAIP-2 (x402 v2 discovery). */
+export declare const NETWORK_ALIAS_TO_CAIP2: Record<string, string>;
+export declare function normalizeToCaip2(network: string): string;
+export declare function isEvmChain(chain: ChainKey): boolean;
+export declare function isTestnetChain(chain: ChainKey): boolean;
+export declare function detectChainFromAddress(address: string): ChainKey | null;

package/dist/lib/chains.js

@@ -0,0 +1,78 @@
+/** Supported x402 settlement networks (CAIP-2) */
+export const CHAIN_IDS = {
+    solana: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",
+    base: "eip155:8453",
+    polygon: "eip155:137",
+    base_sepolia: "eip155:84532",
+    solana_devnet: "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",
+};
+/** USDC token address / mint per chain (Agentic + CDP expect network-correct asset) */
+export const USDC_ASSET = {
+    solana: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
+    base: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+    polygon: "0x3c499c542cEF5E3811e1192ce70d8cC03d5c335",
+    base_sepolia: "0x036CbD53842c5426634e7929541eC2318f3dCF7e",
+    solana_devnet: "4zMMC9srt5Ri5X14GAgXhaHii3GnPEPBNLW2nN2H4V2",
+};
+export function usdcAssetForCaip2(network) {
+    for (const key of Object.keys(CHAIN_IDS)) {
+        if (CHAIN_IDS[key] === network)
+            return USDC_ASSET[key];
+    }
+    return undefined;
+}
+const CHAIN_ALIASES = {
+    "base-sepolia": "base_sepolia",
+    base_sepolia: "base_sepolia",
+    "solana-devnet": "solana_devnet",
+    solana_devnet: "solana_devnet",
+};
+export function parseChainList(raw) {
+    if (!raw || raw === "all")
+        return ["base", "solana", "polygon"];
+    const keys = raw
+        .split(",")
+        .map((s) => s.trim().toLowerCase())
+        .filter(Boolean);
+    const out = [];
+    for (const k of keys) {
+        const resolved = (CHAIN_ALIASES[k] ?? k);
+        if (resolved in CHAIN_IDS && !out.includes(resolved))
+            out.push(resolved);
+    }
+    // Preserve the operator-specified order so NETWORKS controls which chain is
+    // advertised first in the 402 `accepts` list (and therefore preferred by payers).
+    return out.length ? out : ["solana"];
+}
+export function caip2Networks(chains) {
+    return chains.map((c) => CHAIN_IDS[c]);
+}
+/** Human chain keys → CAIP-2 (x402 v2 discovery). */
+export const NETWORK_ALIAS_TO_CAIP2 = {
+    base: CHAIN_IDS.base,
+    solana: CHAIN_IDS.solana,
+    polygon: CHAIN_IDS.polygon,
+    "base-sepolia": CHAIN_IDS.base_sepolia,
+    base_sepolia: CHAIN_IDS.base_sepolia,
+    "solana-devnet": CHAIN_IDS.solana_devnet,
+    solana_devnet: CHAIN_IDS.solana_devnet,
+};
+export function normalizeToCaip2(network) {
+    const trimmed = network.trim();
+    if (trimmed.includes(":"))
+        return trimmed;
+    return NETWORK_ALIAS_TO_CAIP2[trimmed.toLowerCase()] ?? trimmed;
+}
+export function isEvmChain(chain) {
+    return chain === "base" || chain === "polygon" || chain === "base_sepolia";
+}
+export function isTestnetChain(chain) {
+    return chain === "base_sepolia" || chain === "solana_devnet";
+}
+export function detectChainFromAddress(address) {
+    if (/^0x[a-fA-F0-9]{40}$/.test(address.trim()))
+        return "base";
+    if (/^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(address.trim()))
+        return "solana";
+    return null;
+}

package/dist/lib/db-persistence.d.ts

@@ -0,0 +1,7 @@
+import type { MppSession } from "../agents/mpp-session-v2.js";
+import type { EscrowRecord } from "./escrow-ledger.js";
+export declare function saveMppSessionToDb(session: MppSession): void;
+export declare function loadMppSessionsFromDb(agentId?: string): MppSession[];
+export declare function getMppSessionFromDb(sessionId: string): MppSession | null;
+export declare function saveEscrowToDb(record: EscrowRecord): void;
+export declare function getEscrowFromDb(id: string): EscrowRecord | null;

package/dist/lib/db-persistence.js

@@ -0,0 +1,65 @@
+import { db } from "./db.js";
+const getMpp = db.prepare("SELECT session_id, agent_id, budget_usdc, spent_usdc, status, created_at, closed_at, payload FROM mpp_sessions WHERE session_id = ?");
+const upsertMpp = db.prepare(`
+  INSERT INTO mpp_sessions (session_id, agent_id, budget_usdc, spent_usdc, status, created_at, closed_at, payload)
+  VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+  ON CONFLICT(session_id) DO UPDATE SET
+    spent_usdc = excluded.spent_usdc,
+    status = excluded.status,
+    closed_at = excluded.closed_at,
+    payload = excluded.payload
+`);
+const listMppByAgent = db.prepare("SELECT payload FROM mpp_sessions WHERE agent_id = ? ORDER BY created_at DESC LIMIT 50");
+const getEscrow = db.prepare("SELECT escrow_id, buyer_agent_id, seller_agent_id, amount_usdc, condition_hash, status, created_at, released_at, payload FROM escrow_records WHERE escrow_id = ?");
+const upsertEscrow = db.prepare(`
+  INSERT INTO escrow_records (escrow_id, buyer_agent_id, seller_agent_id, amount_usdc, condition_hash, status, created_at, released_at, payload)
+  VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+  ON CONFLICT(escrow_id) DO UPDATE SET
+    status = excluded.status,
+    released_at = excluded.released_at,
+    payload = excluded.payload
+`);
+export function saveMppSessionToDb(session) {
+    const spent = session.callsUsed * session.avgPricePerCallUsdc;
+    upsertMpp.run(session.sessionId, session.agentId, session.maxBudgetUsdc, spent, session.status, Math.floor(new Date(session.openedAt).getTime() / 1000), session.closedAt ? Math.floor(new Date(session.closedAt).getTime() / 1000) : null, JSON.stringify(session));
+}
+export function loadMppSessionsFromDb(agentId) {
+    if (!agentId)
+        return [];
+    const rows = listMppByAgent.all(agentId);
+    const out = [];
+    for (const row of rows) {
+        try {
+            out.push(JSON.parse(row.payload));
+        }
+        catch {
+            /* skip corrupt */
+        }
+    }
+    return out;
+}
+export function getMppSessionFromDb(sessionId) {
+    const row = getMpp.get(sessionId);
+    if (!row?.payload)
+        return null;
+    try {
+        return JSON.parse(row.payload);
+    }
+    catch {
+        return null;
+    }
+}
+export function saveEscrowToDb(record) {
+    upsertEscrow.run(record.id, record.payerAgentId, record.payeeAgentId, record.amountUsdc, record.releaseCondition.slice(0, 128), record.status, Math.floor(new Date(record.createdAt).getTime() / 1000), record.releasedAt ? Math.floor(new Date(record.releasedAt).getTime() / 1000) : null, JSON.stringify(record));
+}
+export function getEscrowFromDb(id) {
+    const row = getEscrow.get(id);
+    if (!row?.payload)
+        return null;
+    try {
+        return JSON.parse(row.payload);
+    }
+    catch {
+        return null;
+    }
+}