npm - x402-trust-layer - Versions diffs - 5.1.0 - Mend

x402-trust-layer 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (293) hide show

package/CHANGELOG.md +55 -0
package/DEPLOY.md +53 -0
package/Dockerfile +30 -0
package/LICENSE +21 -0
package/README.md +294 -0
package/dist/agents/a2a-payment.d.ts +37 -0
package/dist/agents/a2a-payment.js +105 -0
package/dist/agents/agent-escrow.d.ts +30 -0
package/dist/agents/agent-escrow.js +23 -0
package/dist/agents/agent-verify.d.ts +15 -0
package/dist/agents/agent-verify.js +112 -0
package/dist/agents/api-router.d.ts +32 -0
package/dist/agents/api-router.js +228 -0
package/dist/agents/attestation-registry.d.ts +35 -0
package/dist/agents/attestation-registry.js +76 -0
package/dist/agents/audition-coach.d.ts +45 -0
package/dist/agents/audition-coach.js +257 -0
package/dist/agents/bedrock-bridge.d.ts +3 -0
package/dist/agents/bedrock-bridge.js +60 -0
package/dist/agents/budget-allocator.d.ts +24 -0
package/dist/agents/budget-allocator.js +31 -0
package/dist/agents/compliance-ledger.d.ts +66 -0
package/dist/agents/compliance-ledger.js +80 -0
package/dist/agents/dispute-resolver.d.ts +62 -0
package/dist/agents/dispute-resolver.js +124 -0
package/dist/agents/evidence-locker.d.ts +30 -0
package/dist/agents/evidence-locker.js +47 -0
package/dist/agents/facilitator-failover.d.ts +15 -0
package/dist/agents/facilitator-failover.js +18 -0
package/dist/agents/identity-gate.d.ts +20 -0
package/dist/agents/identity-gate.js +79 -0
package/dist/agents/mandate-compiler.d.ts +51 -0
package/dist/agents/mandate-compiler.js +73 -0
package/dist/agents/mandate-diff.d.ts +41 -0
package/dist/agents/mandate-diff.js +170 -0
package/dist/agents/market-buy-advisor.d.ts +65 -0
package/dist/agents/market-buy-advisor.js +234 -0
package/dist/agents/merchant-trust.d.ts +38 -0
package/dist/agents/merchant-trust.js +171 -0
package/dist/agents/mpp-session-broker.d.ts +27 -0
package/dist/agents/mpp-session-broker.js +29 -0
package/dist/agents/mpp-session-v2.d.ts +76 -0
package/dist/agents/mpp-session-v2.js +269 -0
package/dist/agents/payment-intent-compiler.d.ts +21 -0
package/dist/agents/payment-intent-compiler.js +45 -0
package/dist/agents/pipeline-execute.d.ts +40 -0
package/dist/agents/pipeline-execute.js +100 -0
package/dist/agents/pipeline-trust-v2.d.ts +31 -0
package/dist/agents/pipeline-trust-v2.js +111 -0
package/dist/agents/pre-x402-guard.d.ts +35 -0
package/dist/agents/pre-x402-guard.js +84 -0
package/dist/agents/quality-escrow-semantic.d.ts +88 -0
package/dist/agents/quality-escrow-semantic.js +137 -0
package/dist/agents/quality-escrow.d.ts +65 -0
package/dist/agents/quality-escrow.js +104 -0
package/dist/agents/quality-monitor.d.ts +32 -0
package/dist/agents/quality-monitor.js +77 -0
package/dist/agents/rail-optimizer.d.ts +33 -0
package/dist/agents/rail-optimizer.js +133 -0
package/dist/agents/receipt-auditor.d.ts +14 -0
package/dist/agents/receipt-auditor.js +145 -0
package/dist/agents/refund-arbiter.d.ts +24 -0
package/dist/agents/refund-arbiter.js +70 -0
package/dist/agents/research-brief.d.ts +14 -0
package/dist/agents/research-brief.js +66 -0
package/dist/agents/risk-gate.d.ts +11 -0
package/dist/agents/risk-gate.js +78 -0
package/dist/agents/settlement-graph.d.ts +16 -0
package/dist/agents/settlement-graph.js +38 -0
package/dist/agents/spend-governor.d.ts +2 -0
package/dist/agents/spend-governor.js +70 -0
package/dist/agents/trust-network.d.ts +138 -0
package/dist/agents/trust-network.js +244 -0
package/dist/agents/x402-proxy.d.ts +32 -0
package/dist/agents/x402-proxy.js +90 -0
package/dist/client/demo-alchemy-live.d.ts +1 -0
package/dist/client/demo-alchemy-live.js +226 -0
package/dist/client/demo-tail.d.ts +1 -0
package/dist/client/demo-tail.js +100 -0
package/dist/client/demo.d.ts +1 -0
package/dist/client/demo.js +293 -0
package/dist/config.d.ts +94 -0
package/dist/config.js +223 -0
package/dist/index.d.ts +1 -0
package/dist/index.js +389 -0
package/dist/lib/agent-response.d.ts +14 -0
package/dist/lib/agent-response.js +13 -0
package/dist/lib/agentic-gateways.d.ts +5 -0
package/dist/lib/agentic-gateways.js +15 -0
package/dist/lib/agentic-probes.d.ts +10 -0
package/dist/lib/agentic-probes.js +49 -0
package/dist/lib/alchemy-x402-fetch.d.ts +16 -0
package/dist/lib/alchemy-x402-fetch.js +95 -0
package/dist/lib/apply-verifier-body.d.ts +7 -0
package/dist/lib/apply-verifier-body.js +179 -0
package/dist/lib/attestation.d.ts +30 -0
package/dist/lib/attestation.js +107 -0
package/dist/lib/bazaar-extension.d.ts +15 -0
package/dist/lib/bazaar-extension.js +265 -0
package/dist/lib/bazaar.d.ts +100 -0
package/dist/lib/bazaar.js +341 -0
package/dist/lib/certified-sellers.d.ts +41 -0
package/dist/lib/certified-sellers.js +129 -0
package/dist/lib/chains.d.ts +20 -0
package/dist/lib/chains.js +78 -0
package/dist/lib/db-persistence.d.ts +7 -0
package/dist/lib/db-persistence.js +65 -0
package/dist/lib/db.d.ts +5 -0
package/dist/lib/db.js +113 -0
package/dist/lib/discovery-page.d.ts +2 -0
package/dist/lib/discovery-page.js +71 -0
package/dist/lib/ecosystem-telemetry.d.ts +20 -0
package/dist/lib/ecosystem-telemetry.js +80 -0
package/dist/lib/erc8004/agent-card.d.ts +34 -0
package/dist/lib/erc8004/agent-card.js +151 -0
package/dist/lib/erc8004/cache.d.ts +3 -0
package/dist/lib/erc8004/cache.js +17 -0
package/dist/lib/erc8004/constants.d.ts +22 -0
package/dist/lib/erc8004/constants.js +35 -0
package/dist/lib/erc8004/registry.d.ts +19 -0
package/dist/lib/erc8004/registry.js +171 -0
package/dist/lib/erc8004/resolve-agent.d.ts +7 -0
package/dist/lib/erc8004/resolve-agent.js +70 -0
package/dist/lib/erc8004/trust-score.d.ts +33 -0
package/dist/lib/erc8004/trust-score.js +136 -0
package/dist/lib/escrow-ledger.d.ts +14 -0
package/dist/lib/escrow-ledger.js +54 -0
package/dist/lib/escrow-unified.d.ts +15 -0
package/dist/lib/escrow-unified.js +28 -0
package/dist/lib/facilitator-extra.d.ts +13 -0
package/dist/lib/facilitator-extra.js +52 -0
package/dist/lib/facilitators.d.ts +20 -0
package/dist/lib/facilitators.js +89 -0
package/dist/lib/host-policy.d.ts +4 -0
package/dist/lib/host-policy.js +20 -0
package/dist/lib/idempotency.d.ts +4 -0
package/dist/lib/idempotency.js +120 -0
package/dist/lib/ledger.d.ts +2 -0
package/dist/lib/ledger.js +17 -0
package/dist/lib/logger.d.ts +6 -0
package/dist/lib/logger.js +24 -0
package/dist/lib/mandate-vc.d.ts +20 -0
package/dist/lib/mandate-vc.js +25 -0
package/dist/lib/mandate.d.ts +44 -0
package/dist/lib/mandate.js +190 -0
package/dist/lib/marketplace.d.ts +7 -0
package/dist/lib/marketplace.js +127 -0
package/dist/lib/migrations.d.ts +2 -0
package/dist/lib/migrations.js +130 -0
package/dist/lib/nonce-store.d.ts +6 -0
package/dist/lib/nonce-store.js +109 -0
package/dist/lib/openapi-agentcash.d.ts +5 -0
package/dist/lib/openapi-agentcash.js +288 -0
package/dist/lib/openapi-meta.d.ts +5 -0
package/dist/lib/openapi-meta.js +235 -0
package/dist/lib/otel.d.ts +2 -0
package/dist/lib/otel.js +25 -0
package/dist/lib/paid-resource-url.d.ts +6 -0
package/dist/lib/paid-resource-url.js +47 -0
package/dist/lib/parse-with-verifier-fallback.d.ts +3 -0
package/dist/lib/parse-with-verifier-fallback.js +13 -0
package/dist/lib/payment-request-context.d.ts +10 -0
package/dist/lib/payment-request-context.js +5 -0
package/dist/lib/payment-response.d.ts +13 -0
package/dist/lib/payment-response.js +39 -0
package/dist/lib/payto-guard.d.ts +10 -0
package/dist/lib/payto-guard.js +20 -0
package/dist/lib/probe.d.ts +29 -0
package/dist/lib/probe.js +157 -0
package/dist/lib/problem-detail.d.ts +10 -0
package/dist/lib/problem-detail.js +14 -0
package/dist/lib/rate-limit.d.ts +12 -0
package/dist/lib/rate-limit.js +126 -0
package/dist/lib/replay-middleware.d.ts +3 -0
package/dist/lib/replay-middleware.js +27 -0
package/dist/lib/response-guard.d.ts +5 -0
package/dist/lib/response-guard.js +40 -0
package/dist/lib/safe-fetch.d.ts +5 -0
package/dist/lib/safe-fetch.js +19 -0
package/dist/lib/security.d.ts +13 -0
package/dist/lib/security.js +61 -0
package/dist/lib/semantic-judge.d.ts +14 -0
package/dist/lib/semantic-judge.js +107 -0
package/dist/lib/semantic-judge.test.d.ts +1 -0
package/dist/lib/semantic-judge.test.js +11 -0
package/dist/lib/ssrf.d.ts +10 -0
package/dist/lib/ssrf.js +130 -0
package/dist/lib/ssrf.test.d.ts +1 -0
package/dist/lib/ssrf.test.js +16 -0
package/dist/lib/suite-catalog.d.ts +83 -0
package/dist/lib/suite-catalog.js +131 -0
package/dist/lib/telemetry.d.ts +5 -0
package/dist/lib/telemetry.js +37 -0
package/dist/lib/verifier-fast-path.d.ts +10 -0
package/dist/lib/verifier-fast-path.js +44 -0
package/dist/lib/verifier-probe-protocol.d.ts +7 -0
package/dist/lib/verifier-probe-protocol.js +115 -0
package/dist/lib/verify-examples.d.ts +2 -0
package/dist/lib/verify-examples.js +438 -0
package/dist/lib/version.d.ts +2 -0
package/dist/lib/version.js +2 -0
package/dist/lib/webhook-auth.d.ts +3 -0
package/dist/lib/webhook-auth.js +34 -0
package/dist/lib/webhook-routes.d.ts +2 -0
package/dist/lib/webhook-routes.js +112 -0
package/dist/lib/webhooks.d.ts +23 -0
package/dist/lib/webhooks.js +123 -0
package/dist/lib/webhooks.test.d.ts +1 -0
package/dist/lib/webhooks.test.js +16 -0
package/dist/lib/x402-client-options.d.ts +28 -0
package/dist/lib/x402-client-options.js +138 -0
package/dist/lib/x402-headers.d.ts +10 -0
package/dist/lib/x402-headers.js +27 -0
package/dist/lib/x402-paid.d.ts +5 -0
package/dist/lib/x402-paid.js +252 -0
package/dist/lib/x402-payment-replay.d.ts +22 -0
package/dist/lib/x402-payment-replay.js +57 -0
package/dist/lib/x402gle-host-verify.d.ts +3 -0
package/dist/lib/x402gle-host-verify.js +27 -0
package/dist/protocol/agent-passport.d.ts +34 -0
package/dist/protocol/agent-passport.js +44 -0
package/dist/protocol/compliance-v2.d.ts +21 -0
package/dist/protocol/compliance-v2.js +19 -0
package/dist/protocol/credit-bureau.d.ts +18 -0
package/dist/protocol/credit-bureau.js +44 -0
package/dist/protocol/crypto.d.ts +6 -0
package/dist/protocol/crypto.js +41 -0
package/dist/protocol/escrow-fsm.d.ts +33 -0
package/dist/protocol/escrow-fsm.js +99 -0
package/dist/protocol/fraud-engine.d.ts +28 -0
package/dist/protocol/fraud-engine.js +77 -0
package/dist/protocol/observability.d.ts +14 -0
package/dist/protocol/observability.js +21 -0
package/dist/protocol/pipeline-full-trust.d.ts +40 -0
package/dist/protocol/pipeline-full-trust.js +96 -0
package/dist/protocol/proof-of-execution.d.ts +36 -0
package/dist/protocol/proof-of-execution.js +48 -0
package/dist/protocol/reasoning-audit.d.ts +27 -0
package/dist/protocol/reasoning-audit.js +51 -0
package/dist/protocol/replay-guard.d.ts +28 -0
package/dist/protocol/replay-guard.js +76 -0
package/dist/protocol/replay-guard.test.d.ts +1 -0
package/dist/protocol/replay-guard.test.js +10 -0
package/dist/protocol/security-audit.d.ts +18 -0
package/dist/protocol/security-audit.js +45 -0
package/dist/protocol/store.d.ts +5 -0
package/dist/protocol/store.js +59 -0
package/dist/protocol/threat-catalog.d.ts +13 -0
package/dist/protocol/threat-catalog.js +75 -0
package/dist/protocol/trust-oracle.d.ts +23 -0
package/dist/protocol/trust-oracle.js +30 -0
package/dist/protocol/trust-score-v2.d.ts +33 -0
package/dist/protocol/trust-score-v2.js +78 -0
package/dist/protocol/zk-proofs.d.ts +24 -0
package/dist/protocol/zk-proofs.js +32 -0
package/dist/routes/a2a-agent-card.d.ts +3 -0
package/dist/routes/a2a-agent-card.js +28 -0
package/dist/routes/catalog.d.ts +5 -0
package/dist/routes/catalog.js +47 -0
package/dist/routes/register-all.d.ts +3 -0
package/dist/routes/register-all.js +1240 -0
package/dist/routes/schemas.d.ts +83 -0
package/dist/routes/schemas.js +38 -0
package/dist/routes/shared.d.ts +16 -0
package/dist/routes/shared.js +27 -0
package/dist/routes-protocol.d.ts +10 -0
package/dist/routes-protocol.js +322 -0
package/dist/routes.d.ts +2 -0
package/dist/routes.js +2 -0
package/dist/types.d.ts +66 -0
package/dist/types.js +1 -0
package/openapi.json +7940 -0
package/package.json +124 -0
package/public/.well-known/ai-plugin.json +12 -0
package/public/assets/aegis-logo-blue.png +0 -0
package/public/assets/aegis-logo-gold.png +0 -0
package/public/assets/aegis-logo-green.png +0 -0
package/public/assets/aegis-logo-purple.png +0 -0
package/public/assets/aegis-logo-red.png +0 -0
package/public/assets/aegis-logo-white.png +0 -0
package/public/assets/aegis-logo.png +0 -0
package/public/assets/x402-trustlayer-logo.png +0 -0
package/public/assets/x402-trustlayer-logo.svg +5 -0
package/public/data/agents.json +1528 -0
package/public/index.html +198 -0
package/public/landing.css +342 -0
package/public/landing.js +405 -0
package/public/llms-full.txt +582 -0
package/public/llms.txt +132 -0
package/public/skill.md +135 -0
package/railway.toml +9 -0
package/scripts/docker-entrypoint.sh +7 -0
package/scripts/patch-facilitator-timeout.mjs +61 -0

package/dist/lib/marketplace.js ADDED Viewed

@@ -0,0 +1,127 @@
+function normalizeQuery(q) {
+    return q.toLowerCase().trim();
+}
+function matchesQuery(resource, query) {
+    const q = normalizeQuery(query);
+    const haystack = [resource.name, resource.description, ...(resource.tags ?? [])]
+        .filter(Boolean)
+        .join(" ")
+        .toLowerCase();
+    const terms = q.split(/\s+/).filter(Boolean);
+    if (terms.length === 0)
+        return true;
+    return terms.some((t) => haystack.includes(t));
+}
+function mapLabResource(r) {
+    return {
+        name: r.name,
+        description: r.description,
+        url: r.public_url,
+        priceUsdc: r.base_price_usdc,
+        network: "solana",
+    };
+}
+function mergeResources(body) {
+    const nested = body.data;
+    const fromData = Array.isArray(nested)
+        ? nested
+        : nested && typeof nested === "object"
+            ? nested.resources
+            : undefined;
+    const merged = [
+        ...(body.resources ?? []),
+        ...(fromData ?? []),
+        ...(body.strongResults ?? []),
+        ...(body.relatedResults ?? []),
+        ...(body.items ?? []),
+    ];
+    const seen = new Set();
+    return merged.filter((r) => {
+        if (!r.url || seen.has(r.url))
+            return false;
+        seen.add(r.url);
+        return true;
+    });
+}
+async function searchFacilitatorCatalog(query, options) {
+    const url = new URL("https://api.dexter.cash/api/facilitator/marketplace/resources");
+    url.searchParams.set("search", query);
+    url.searchParams.set("sort", "quality_score");
+    url.searchParams.set("limit", String(options.limit ?? 15));
+    if (options.verified !== false)
+        url.searchParams.set("verified", "true");
+    if (options.maxPriceUsdc != null) {
+        url.searchParams.set("maxPrice", String(options.maxPriceUsdc));
+    }
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), 20_000);
+    const res = await fetch(url, {
+        headers: { accept: "application/json" },
+        signal: controller.signal,
+    });
+    clearTimeout(timer);
+    if (!res.ok) {
+        throw new Error(`facilitator catalog HTTP ${res.status}`);
+    }
+    const body = (await res.json());
+    return mergeResources(body);
+}
+async function searchLabCatalog(query, options) {
+    const url = new URL("https://api.dexter.cash/api/dexter-lab/resources/public");
+    url.searchParams.set("limit", String(Math.min(options.limit ?? 15, 50)));
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), 20_000);
+    const res = await fetch(url, {
+        headers: { accept: "application/json" },
+        signal: controller.signal,
+    });
+    clearTimeout(timer);
+    if (!res.ok) {
+        throw new Error(`lab catalog HTTP ${res.status}`);
+    }
+    const body = (await res.json());
+    let list = (body.resources ?? []).map(mapLabResource);
+    list = list.filter((r) => matchesQuery({ name: r.name, description: r.description }, query));
+    if (options.maxPriceUsdc != null) {
+        list = list.filter((r) => (r.priceUsdc ?? 999) <= options.maxPriceUsdc);
+    }
+    return list.slice(0, options.limit ?? 15);
+}
+export async function searchMarketplace(query, options = {}) {
+    try {
+        const primary = await searchFacilitatorCatalog(query, options);
+        if (primary.length > 0)
+            return primary;
+    }
+    catch (err) {
+        console.warn(`[marketplace] facilitator catalog:`, err);
+    }
+    try {
+        return await searchLabCatalog(query, options);
+    }
+    catch (err) {
+        console.warn(`[marketplace] lab catalog fallback failed for "${query}":`, err);
+        return [];
+    }
+}
+export function pickBestResource(resources, preferNetwork, query) {
+    if (resources.length === 0)
+        return null;
+    const scored = resources
+        .map((r) => {
+        const quality = r.qualityScore ?? 50;
+        const price = r.priceUsdc ?? 1;
+        const latencyPenalty = (r.latencyP50Ms ?? 0) / 100_000;
+        const networkBoost = preferNetwork && r.network?.toLowerCase().includes(preferNetwork.toLowerCase()) ? 5 : 0;
+        const haystack = [r.name, r.description, r.url].filter(Boolean).join(" ").toLowerCase();
+        const q = (query ?? "").toLowerCase();
+        const wantsOracle = /eth|ethereum|oracle|price|usd|btc|bitcoin/.test(q);
+        const oracleBoost = wantsOracle && /mycelia|oracle\/price/.test(haystack) ? 12 : 0;
+        return {
+            r,
+            score: quality * 2 - price * 10 - latencyPenalty + networkBoost + oracleBoost,
+        };
+    })
+        .sort((a, b) => b.score - a.score);
+    return scored[0]?.r ?? null;
+}

package/dist/lib/migrations.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { Database as SqliteDatabase } from "better-sqlite3";
2	+ export declare function runMigrations(db: SqliteDatabase): void;

package/dist/lib/migrations.js ADDED Viewed

@@ -0,0 +1,130 @@
+const MIGRATIONS = [
+    {
+        version: 1,
+        sql: `
+      CREATE TABLE IF NOT EXISTS schema_version (version INTEGER PRIMARY KEY);
+    `,
+    },
+    {
+        version: 2,
+        sql: `
+      CREATE TABLE IF NOT EXISTS mandates (
+        mandate_id TEXT PRIMARY KEY,
+        principal TEXT NOT NULL,
+        agent_id TEXT NOT NULL,
+        intent TEXT NOT NULL,
+        intent_hash TEXT NOT NULL,
+        scope JSON NOT NULL,
+        signature TEXT NOT NULL,
+        issued_at TEXT NOT NULL,
+        expires_at INTEGER,
+        suite_version TEXT NOT NULL
+      );
+      CREATE INDEX IF NOT EXISTS idx_mandates_agent ON mandates(agent_id);
+      CREATE INDEX IF NOT EXISTS idx_mandates_expires ON mandates(expires_at);
+    `,
+    },
+    {
+        version: 3,
+        sql: `
+      CREATE TABLE IF NOT EXISTS protocol_kv (
+        store TEXT NOT NULL,
+        key TEXT NOT NULL,
+        value JSON NOT NULL,
+        updated_at INTEGER NOT NULL DEFAULT (unixepoch()),
+        PRIMARY KEY (store, key)
+      );
+      CREATE INDEX IF NOT EXISTS idx_kv_store ON protocol_kv(store, updated_at);
+    `,
+    },
+    {
+        version: 4,
+        sql: `
+      CREATE TABLE IF NOT EXISTS idempotency_cache (
+        cache_key TEXT PRIMARY KEY,
+        status INTEGER NOT NULL,
+        body JSON NOT NULL,
+        body_hash TEXT NOT NULL,
+        route TEXT NOT NULL,
+        created_at INTEGER NOT NULL DEFAULT (unixepoch())
+      );
+      CREATE TABLE IF NOT EXISTS idempotency_inflight (
+        cache_key TEXT PRIMARY KEY,
+        created_at INTEGER NOT NULL DEFAULT (unixepoch())
+      );
+    `,
+    },
+    {
+        version: 5,
+        sql: `
+      CREATE TABLE IF NOT EXISTS webhook_subscriptions (
+        id TEXT PRIMARY KEY,
+        fleet_id TEXT NOT NULL,
+        url TEXT NOT NULL,
+        events JSON NOT NULL,
+        secret TEXT NOT NULL,
+        created_at TEXT NOT NULL,
+        active INTEGER NOT NULL DEFAULT 1
+      );
+      CREATE INDEX IF NOT EXISTS idx_webhooks_fleet ON webhook_subscriptions(fleet_id, active);
+    `,
+    },
+    {
+        version: 6,
+        sql: `
+      CREATE UNIQUE INDEX IF NOT EXISTS idx_spend_tx_hash ON spend_ledger(tx_hash)
+        WHERE tx_hash IS NOT NULL;
+      CREATE INDEX IF NOT EXISTS idx_spend_wallet ON spend_ledger(wallet_address, day_key);
+    `,
+    },
+    {
+        version: 7,
+        sql: `
+      CREATE TABLE IF NOT EXISTS telemetry_counters (
+        name TEXT PRIMARY KEY,
+        value INTEGER NOT NULL DEFAULT 0,
+        updated_at INTEGER NOT NULL DEFAULT (unixepoch())
+      );
+    `,
+    },
+    {
+        version: 8,
+        sql: `
+      CREATE TABLE IF NOT EXISTS escrows (
+        escrow_id TEXT PRIMARY KEY,
+        payer_agent_id TEXT NOT NULL,
+        payee_id TEXT NOT NULL,
+        amount_usdc REAL NOT NULL,
+        state TEXT NOT NULL DEFAULT 'CREATED',
+        resource_hash TEXT,
+        session_id TEXT,
+        release_condition TEXT,
+        quality_score REAL,
+        created_at INTEGER NOT NULL DEFAULT (unixepoch()),
+        updated_at INTEGER NOT NULL DEFAULT (unixepoch()),
+        settled_at INTEGER,
+        state_proof TEXT NOT NULL,
+        metadata JSON
+      );
+      CREATE TABLE IF NOT EXISTS escrow_transitions (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        escrow_id TEXT NOT NULL,
+        from_state TEXT NOT NULL,
+        to_state TEXT NOT NULL,
+        note TEXT,
+        transitioned_at INTEGER NOT NULL DEFAULT (unixepoch()),
+        proof TEXT
+      );
+      CREATE INDEX IF NOT EXISTS idx_escrow_state ON escrows(state, updated_at);
+    `,
+    },
+];
+export function runMigrations(db) {
+    db.exec("CREATE TABLE IF NOT EXISTS schema_version (version INTEGER PRIMARY KEY)");
+    const row = db.prepare("SELECT MAX(version) AS v FROM schema_version").get();
+    const current = row?.v ?? 0;
+    for (const m of MIGRATIONS.filter((x) => x.version > current)) {
+        db.exec(m.sql);
+        db.prepare("INSERT INTO schema_version (version) VALUES (?)").run(m.version);
+    }
+}

package/dist/lib/nonce-store.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/** Claim a nonce/idempotency key once (payment, protocol replay, idempotency). */
+export declare function claimNonceKey(rawKey: string, network?: string, ttlSec?: number): Promise<boolean>;
+export declare function isNonceKeyUsed(rawKey: string): boolean;
+export declare function extractIdempotencyKey(req: {
+    headers: Record<string, unknown>;
+}): string | undefined;

package/dist/lib/nonce-store.js ADDED Viewed

@@ -0,0 +1,109 @@
+import { db } from "./db.js";
+import { assertSafeOutboundUrl } from "./ssrf.js";
+const checkNonce = db.prepare("SELECT 1 AS ok FROM used_nonces WHERE nonce = ?");
+const insertNonce = db.prepare("INSERT OR IGNORE INTO used_nonces (nonce, network) VALUES (?, ?)");
+const cleanOld = db.prepare("DELETE FROM used_nonces WHERE used_at < ?");
+const REDIS_REST_URL = (process.env.UPSTASH_REDIS_REST_URL ?? "").trim();
+const REDIS_REST_TOKEN = (process.env.UPSTASH_REDIS_REST_TOKEN ?? "").trim();
+const REDIS_URL = (process.env.REDIS_URL ?? "").trim();
+let redisSetNx = null;
+let redisInit = null;
+async function ensureRedis() {
+    if (redisSetNx)
+        return true;
+    if (!REDIS_URL)
+        return false;
+    if (!redisInit) {
+        redisInit = (async () => {
+            try {
+                const mod = await import("redis");
+                const client = mod.createClient({ url: REDIS_URL });
+                client.on("error", (err) => console.warn("[nonce-store] redis:", err.message));
+                await client.connect();
+                redisSetNx = async (key, ttlSec) => {
+                    const r = await client.set(key, "1", { NX: true, EX: ttlSec });
+                    return r === "OK";
+                };
+            }
+            catch (err) {
+                console.warn("[nonce-store] REDIS_URL set but redis package unavailable — using SQLite only:", err instanceof Error ? err.message : err);
+            }
+        })();
+    }
+    await redisInit;
+    return !!redisSetNx;
+}
+async function redisRestSetNx(key, ttlSec) {
+    if (!REDIS_REST_URL || !REDIS_REST_TOKEN)
+        return false;
+    assertSafeOutboundUrl(REDIS_REST_URL);
+    if (!REDIS_REST_URL.startsWith("https://")) {
+        throw new Error("Redis REST must be HTTPS");
+    }
+    const res = await fetch(REDIS_REST_URL, {
+        method: "POST",
+        headers: {
+            Authorization: `Bearer ${REDIS_REST_TOKEN}`,
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify(["SET", key, "1", "NX", "EX", String(ttlSec)]),
+    });
+    if (!res.ok)
+        return false;
+    const data = (await res.json());
+    return data.result === "OK";
+}
+function sqliteClaim(key, network) {
+    if (checkNonce.get(key))
+        return false;
+    insertNonce.run(key, network);
+    return true;
+}
+function maybeCleanSqlite() {
+    if (Math.random() < 0.02) {
+        cleanOld.run(Math.floor(Date.now() / 1000) - 86_400 * 7);
+    }
+}
+/** Claim a nonce/idempotency key once (payment, protocol replay, idempotency). */
+export async function claimNonceKey(rawKey, network = "unknown", ttlSec = 86_400 * 7) {
+    const key = rawKey.trim();
+    if (!key || key.length < 8)
+        return true;
+    const storeKey = key.length > 200 ? key.slice(0, 200) : key;
+    if (await ensureRedis()) {
+        const ok = await redisSetNx(`x402:nonce:${storeKey}`, ttlSec);
+        if (ok) {
+            sqliteClaim(storeKey, network);
+            return true;
+        }
+        return false;
+    }
+    if (REDIS_REST_URL && REDIS_REST_TOKEN) {
+        const ok = await redisRestSetNx(`x402:nonce:${storeKey}`, ttlSec);
+        if (ok) {
+            sqliteClaim(storeKey, network);
+            return true;
+        }
+        if (checkNonce.get(storeKey))
+            return false;
+        return false;
+    }
+    maybeCleanSqlite();
+    if (checkNonce.get(storeKey))
+        return false;
+    insertNonce.run(storeKey, network);
+    return true;
+}
+export function isNonceKeyUsed(rawKey) {
+    const key = rawKey.trim();
+    if (!key || key.length < 8)
+        return false;
+    const storeKey = key.length > 200 ? key.slice(0, 200) : key;
+    return !!checkNonce.get(storeKey);
+}
+export function extractIdempotencyKey(req) {
+    const raw = req.headers["idempotency-key"] ??
+        req.headers["x-idempotency-key"];
+    const v = Array.isArray(raw) ? raw[0] : raw;
+    return typeof v === "string" && v.trim().length >= 8 ? v.trim() : undefined;
+}

package/dist/lib/openapi-agentcash.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export declare function buildAgentCashOpenApi(): Record<string, unknown>;
+/** AgentCash / x402scan 2026 spec v2 — per-resource accepts with micro-units. */
+export declare function buildWellKnownX402V2(): Record<string, unknown>;
+/** x402scan / AgentCash compatibility fan-out */
+export declare function buildWellKnownX402Resources(): Record<string, unknown>;

package/dist/lib/openapi-agentcash.js ADDED Viewed

@@ -0,0 +1,288 @@
+import { config } from "../config.js";
+import { SUITE_VERSION } from "./version.js";
+import { listEndpoints } from "../routes/catalog.js";
+import { pricing } from "../config.js";
+import { defaultOutputExample } from "./bazaar-extension.js";
+import { ENDPOINT_META } from "./openapi-meta.js";
+import { VERIFY_EXAMPLES } from "./verify-examples.js";
+const X402_PROTOCOLS = [{ x402: {} }];
+const MPP_SESSION_PROTOCOLS = [
+    { x402: {} },
+    { mpp: { method: "POST", intent: "session", currency: "0x20c000000000000000000000b9537d11c60e8b50" } },
+];
+const AGENT_GUIDANCE = `x402 Trust Layer — 58 paid agent payment infrastructure APIs on Base, Solana, and Polygon via Dexter facilitator.
+Typical flow:
+1. POST /api/guard/pre-x402 or POST /api/x402/proxy before any downstream x402 payment.
+2. POST /api/merchant-trust/score for Know-Your-Merchant preflight on unknown hosts.
+3. POST /api/mandate/compile for AP2-style signed intent; POST /api/mandate/diff + /api/mandate/verify before spend.
+4. POST /api/trust-network/buyer-gate when paying certified sellers; POST /api/merchant-trust/certify to join network.
+5. POST /api/quality-escrow/semantic-settle after delivery for auto-refund on bad responses.
+6. POST /api/payment-intent/compile or POST /api/pipeline/execute for multi-step orchestration.
+7. POST /api/mpp/session with action open|voucher|close for batch settlement savings.
+8. POST /api/attestation/issue then pass X-Suite-Attestation on partner calls.
+9. POST /api/receipt-auditor/verify after external settlements; POST /api/compliance/ledger for audit.
+Pay with x402 (USDC). Unpaid GET probes return 402; send Payment-Signature on POST for full JSON responses.
+Free (not in this catalog): GET /health — monitoring only, returns 200 without payment.`;
+function formatUsdAmount(priceStr) {
+    const n = Number(priceStr.replace(/^\$/, ""));
+    if (!Number.isFinite(n))
+        return "0.010000";
+    return n.toFixed(6);
+}
+function exampleToSchema(value) {
+    if (value === null)
+        return { type: "null" };
+    if (Array.isArray(value)) {
+        const items = value.length ? exampleToSchema(value[0]) : { type: "object" };
+        return { type: "array", items };
+    }
+    switch (typeof value) {
+        case "string":
+            return { type: "string" };
+        case "number":
+            return { type: "number" };
+        case "boolean":
+            return { type: "boolean" };
+        case "object": {
+            const obj = value;
+            const properties = {};
+            for (const [k, v] of Object.entries(obj)) {
+                properties[k] = exampleToSchema(v);
+            }
+            return {
+                type: "object",
+                properties,
+                required: Object.keys(obj),
+            };
+        }
+        default:
+            return { type: "string" };
+    }
+}
+function operationId(path, method) {
+    const slug = path.replace(/^\/api\//, "").replace(/\//g, "_").replace(/-/g, "_");
+    return `${method}_${slug}`;
+}
+function paymentProtocols(path) {
+    if (path === "/api/mpp/session" || path === "/api/mpp/session-plan") {
+        return MPP_SESSION_PROTOCOLS;
+    }
+    return X402_PROTOCOLS;
+}
+function paidResponseSchema() {
+    return {
+        type: "object",
+        description: "Successful response after x402 settlement",
+        properties: {
+            ok: { type: "boolean" },
+            allowed: { type: "boolean" },
+            summary: { type: "string" },
+            confidence: { type: "number" },
+            checks_passed: { type: "array", items: { type: "string" } },
+        },
+        additionalProperties: true,
+    };
+}
+function paid200Response(path) {
+    const example = defaultOutputExample(path);
+    return {
+        description: "Successful response after x402 settlement",
+        content: {
+            "application/json": {
+                schema: paidResponseSchema(),
+                example,
+            },
+        },
+    };
+}
+function paymentRequiredResponse() {
+    return {
+        description: "Payment Required (x402 v2). Unpaid requests must receive HTTP 402 with Payment-Required header and non-empty accepts.",
+        headers: {
+            "Payment-Required": {
+                description: "Base64-encoded x402 payment requirements (v2)",
+                schema: { type: "string" },
+            },
+        },
+    };
+}
+function buildOperation(path, method, priceDisplay, tier) {
+    const meta = ENDPOINT_META[path] ?? { summary: path, tags: ["x402"] };
+    const priceUsd = formatUsdAmount(priceDisplay);
+    const upper = method.toUpperCase();
+    const example = VERIFY_EXAMPLES[path];
+    const op = {
+        operationId: operationId(path, method),
+        summary: meta.summary,
+        description: `${meta.summary} — ${priceDisplay} USDC via x402 (Dexter facilitator ${config.facilitatorUrl}).`,
+        tags: [tier, ...(meta.tags ?? [])],
+        security: [{ x402: [] }],
+        "x-payment-info": {
+            price: { mode: "fixed", currency: "USD", amount: priceUsd },
+            protocols: paymentProtocols(path),
+        },
+        responses: {
+            "200": paid200Response(path),
+            "402": paymentRequiredResponse(),
+        },
+    };
+    if (upper === "GET") {
+        if (path === "/api/attestation/registry") {
+            op.parameters = [
+                { name: "minGrade", in: "query", schema: { type: "string" }, required: false },
+                { name: "agentId", in: "query", schema: { type: "string" }, required: false },
+                { name: "limit", in: "query", schema: { type: "integer" }, required: false },
+            ];
+            op.responses = {
+                "200": {
+                    description: "Registry records after payment",
+                    content: {
+                        "application/json": {
+                            schema: paidResponseSchema(),
+                            example: defaultOutputExample(path),
+                        },
+                    },
+                },
+                "402": paymentRequiredResponse(),
+            };
+        }
+    }
+    else if (example && typeof example === "object") {
+        op.requestBody = {
+            required: true,
+            content: {
+                "application/json": {
+                    schema: exampleToSchema(example),
+                    example,
+                },
+            },
+        };
+    }
+    else {
+        op.requestBody = {
+            required: true,
+            content: {
+                "application/json": {
+                    schema: { type: "object", additionalProperties: true },
+                },
+            },
+        };
+    }
+    return op;
+}
+export function buildAgentCashOpenApi() {
+    const base = config.publicBaseUrl.replace(/\/$/, "");
+    const paths = {};
+    for (const entry of listEndpoints()) {
+        const [method, route] = entry.path.split(" ");
+        const m = (method ?? "POST").toLowerCase();
+        if (!paths[route])
+            paths[route] = {};
+        paths[route][m] = buildOperation(route, m, entry.price, entry.tier);
+    }
+    const ownershipProofs = [config.payToEvm, config.payTo].filter((v) => typeof v === "string" && v.length > 0);
+    return {
+        openapi: "3.1.0",
+        components: {
+            securitySchemes: {
+                x402: {
+                    type: "apiKey",
+                    in: "header",
+                    name: "Payment-Signature",
+                    description: "x402 v2 payment payload (base64)",
+                },
+            },
+        },
+        info: {
+            title: "x402 Trust Layer",
+            version: SUITE_VERSION,
+            description: "36 paid x402 trust infrastructure APIs: guard, semantic escrow, mandate diff, certified seller network, KYM, mandates, compliance, disputes, and orchestration.",
+            "x-guidance": AGENT_GUIDANCE,
+        },
+        "x-discovery": {
+            ownershipProofs,
+            publicEndpoints: [`${base}/health`, `${base}/.well-known/x402`],
+            freeEndpoints: [
+                { path: "/health", method: "GET", purpose: "Monitoring — not in OpenAPI paths" },
+                {
+                    path: "/.well-known/x402",
+                    method: "GET",
+                    purpose: "Paid URL catalog — register /api/* from resources[]",
+                },
+            ],
+        },
+        "x-x402scan": {
+            discoveryMode: "openapi-first",
+            paidRouteCount: listEndpoints().length,
+            note: `OpenAPI lists ${listEndpoints().length} paid /api/* operations. Free routes documented under x-discovery.freeEndpoints.`,
+        },
+        servers: [{ url: config.publicBaseUrl }],
+        paths,
+    };
+}
+const BASE_USDC = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
+function priceToMicro(priceStr) {
+    const n = Number(priceStr.replace(/^\$/, ""));
+    if (!Number.isFinite(n) || n <= 0)
+        return "10000";
+    return String(Math.round(n * 1_000_000));
+}
+function endpointAccepts(priceLabel) {
+    const payTo = config.payToEvm || config.payTo;
+    return {
+        scheme: "exact",
+        network: "eip155:8453",
+        asset: { address: BASE_USDC, decimals: 6 },
+        maxAmountRequired: priceToMicro(priceLabel),
+        payTo,
+        extra: { name: "USDC on Base" },
+    };
+}
+/** AgentCash / x402scan 2026 spec v2 — per-resource accepts with micro-units. */
+export function buildWellKnownX402V2() {
+    const base = config.publicBaseUrl.replace(/\/$/, "");
+    const resources = listEndpoints()
+        .filter((e) => e.path.startsWith("POST "))
+        .map((e) => {
+        const [, route] = e.path.split(" ");
+        return {
+            url: `${base}${route}`,
+            method: "POST",
+            description: `${route} — ${e.tier} tier trust API`,
+            accepts: [endpointAccepts(e.price)],
+            tags: ["x402", "trust", e.tier],
+            "x-agent-hint": "Call before any external x402 payment when using guard or proxy flows",
+        };
+    });
+    return {
+        x402Version: 2,
+        protocolVersion: "2.14.0",
+        resources,
+        capabilities: ["guard", "mandate", "escrow", "attestation", "receipt-audit"],
+        pricing: {
+            preX402Guard: pricing.preX402Guard,
+            x402Proxy: pricing.x402Proxy,
+        },
+    };
+}
+/** x402scan / AgentCash compatibility fan-out */
+export function buildWellKnownX402Resources() {
+    const ownershipProofs = [config.payToEvm, config.payTo].filter((v) => typeof v === "string" && v.length > 0);
+    const base = config.publicBaseUrl.replace(/\/$/, "");
+    const resources = listEndpoints().map((e) => {
+        const [, route] = e.path.split(" ");
+        return `${base}${route}`;
+    });
+    return {
+        x402Version: 2,
+        protocolVersion: "2.14.0",
+        version: 1,
+        resources,
+        ownershipProofs,
+        instructions: "Free catalog endpoint (HTTP 200). Register paid resource URLs from resources[] — not this URL. Paid routes: POST with Payment-Signature; GET /api/* returns 402 when unpaid.",
+        v2: `${base}/.well-known/x402/v2`,
+    };
+}

package/dist/lib/openapi-meta.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+/** OpenAPI / Bazaar summaries per route */
+export declare const ENDPOINT_META: Record<string, {
+    summary: string;
+    tags: string[];
+}>;