x402-trust-layer 5.1.0

package/dist/lib/suite-catalog.d.ts

@@ -0,0 +1,83 @@
+export type SuiteStep = {
+    step: number;
+    agent: string;
+    method: string;
+    path: string;
+    priceUsdc: number;
+    purpose: string;
+};
+/** Buyer onboarding — only these three in README / INTEGRATE lead */
+export declare const PRIMARY_ENTRYPOINTS: readonly [{
+    readonly path: "/api/x402/proxy";
+    readonly method: "POST";
+    readonly priceUsdc: 0.08;
+    readonly label: "Default preflight (guard + probe + optional attestation)";
+}, {
+    readonly path: "/api/guard/pre-x402";
+    readonly method: "POST";
+    readonly priceUsdc: 0.05;
+    readonly label: "Lightweight bundle (spend + identity + risk)";
+}, {
+    readonly path: "/api/pipeline/execute";
+    readonly method: "POST";
+    readonly priceUsdc: 0.25;
+    readonly label: "Full orchestration for multi-step tasks";
+}];
+/** Seller / marketplace growth */
+export declare const KILLER_SELLER_ENDPOINTS: readonly [{
+    readonly path: "/api/market/buy-advisor";
+    readonly method: "POST";
+    readonly priceUsdc: 0.08;
+    readonly label: "Rank paid APIs before you spend (Jupiter-style quote)";
+}, {
+    readonly path: "/api/seller/audition-coach";
+    readonly method: "POST";
+    readonly priceUsdc: 0.06;
+    readonly label: "Pre-audition fix list before Dexter ingest";
+}];
+export declare const SUITE_PRICES: {
+    readonly spendGovernor: 0.03;
+    readonly receiptAuditor: 0.05;
+    readonly riskGate: 0.08;
+    readonly apiRouter: 0.02;
+    readonly researchBrief: 0.2;
+    readonly paymentCompiler: 0.15;
+    readonly facilitatorFailover: 0.05;
+    readonly mppBroker: 0.02;
+    readonly refundArbiter: 0.08;
+    readonly budgetAllocator: 0.03;
+    readonly settlementGraph: 0.02;
+    readonly qualityMonitor: 0.03;
+    readonly identityGate: 0.05;
+    readonly evidenceLocker: 0.1;
+    readonly agentEscrow: 0.12;
+    readonly preX402Guard: 0.05;
+    readonly pipelineExecute: 0.25;
+    readonly x402Proxy: 0.08;
+    readonly mppSessionV2: 0.03;
+    readonly attestationIssue: 0.04;
+    readonly attestationVerify: 0.02;
+    readonly trustRegistry: 0.02;
+    readonly marketBuyAdvisor: 0.08;
+    readonly auditionCoach: 0.06;
+    readonly agentVerify: 0.04;
+    readonly merchantTrust: 0.06;
+    readonly mandateCompile: 0.08;
+    readonly mandateVerify: 0.02;
+    readonly railOptimizer: 0.04;
+    readonly complianceLedger: 0.12;
+    readonly disputeResolve: 0.1;
+    readonly qualityEscrow: 0.1;
+    readonly mandateDiff: 0.04;
+    readonly qualityEscrowSemantic: 0.12;
+    readonly merchantCertify: 0.15;
+    readonly buyerGate: 0.03;
+    readonly pipelineTrustV2: 0.35;
+    readonly bondSlash: 0.03;
+};
+export declare function suiteUrl(path: string): string;
+export declare function buildDefaultPipeline(options: {
+    includeResearch: boolean;
+    includeRouter: boolean;
+    externalCallEstimateUsdc: number;
+}): SuiteStep[];

package/dist/lib/suite-catalog.js

@@ -0,0 +1,131 @@
+import { config } from "../config.js";
+/** Buyer onboarding — only these three in README / INTEGRATE lead */
+export const PRIMARY_ENTRYPOINTS = [
+    {
+        path: "/api/x402/proxy",
+        method: "POST",
+        priceUsdc: 0.08,
+        label: "Default preflight (guard + probe + optional attestation)",
+    },
+    {
+        path: "/api/guard/pre-x402",
+        method: "POST",
+        priceUsdc: 0.05,
+        label: "Lightweight bundle (spend + identity + risk)",
+    },
+    {
+        path: "/api/pipeline/execute",
+        method: "POST",
+        priceUsdc: 0.25,
+        label: "Full orchestration for multi-step tasks",
+    },
+];
+/** Seller / marketplace growth */
+export const KILLER_SELLER_ENDPOINTS = [
+    {
+        path: "/api/market/buy-advisor",
+        method: "POST",
+        priceUsdc: 0.08,
+        label: "Rank paid APIs before you spend (Jupiter-style quote)",
+    },
+    {
+        path: "/api/seller/audition-coach",
+        method: "POST",
+        priceUsdc: 0.06,
+        label: "Pre-audition fix list before Dexter ingest",
+    },
+];
+export const SUITE_PRICES = {
+    spendGovernor: 0.03,
+    receiptAuditor: 0.05,
+    riskGate: 0.08,
+    apiRouter: 0.02,
+    researchBrief: 0.2,
+    paymentCompiler: 0.15,
+    facilitatorFailover: 0.05,
+    mppBroker: 0.02,
+    refundArbiter: 0.08,
+    budgetAllocator: 0.03,
+    settlementGraph: 0.02,
+    qualityMonitor: 0.03,
+    identityGate: 0.05,
+    evidenceLocker: 0.1,
+    agentEscrow: 0.12,
+    preX402Guard: 0.05,
+    pipelineExecute: 0.25,
+    x402Proxy: 0.08,
+    mppSessionV2: 0.03,
+    attestationIssue: 0.04,
+    attestationVerify: 0.02,
+    trustRegistry: 0.02,
+    marketBuyAdvisor: 0.08,
+    auditionCoach: 0.06,
+    agentVerify: 0.04,
+    merchantTrust: 0.06,
+    mandateCompile: 0.08,
+    mandateVerify: 0.02,
+    railOptimizer: 0.04,
+    complianceLedger: 0.12,
+    disputeResolve: 0.1,
+    qualityEscrow: 0.1,
+    mandateDiff: 0.04,
+    qualityEscrowSemantic: 0.12,
+    merchantCertify: 0.15,
+    buyerGate: 0.03,
+    pipelineTrustV2: 0.35,
+    bondSlash: 0.03,
+};
+export function suiteUrl(path) {
+    return `${config.publicBaseUrl}${path}`;
+}
+export function buildDefaultPipeline(options) {
+    const steps = [
+        {
+            step: 1,
+            agent: "pre-x402-guard",
+            method: "POST",
+            path: "/api/guard/pre-x402",
+            priceUsdc: SUITE_PRICES.preX402Guard,
+            purpose: "Single call: spend + identity + risk before any x402 payment",
+        },
+    ];
+    if (options.includeRouter) {
+        steps.push({
+            step: steps.length + 1,
+            agent: "api-router",
+            method: "POST",
+            path: "/api/router/route",
+            priceUsdc: SUITE_PRICES.apiRouter,
+            purpose: "Select best marketplace API for capability",
+        });
+    }
+    if (options.externalCallEstimateUsdc > 0) {
+        steps.push({
+            step: steps.length + 1,
+            agent: "external-x402",
+            method: "POST",
+            path: "(marketplace-selected-url)",
+            priceUsdc: options.externalCallEstimateUsdc,
+            purpose: "Execute downstream paid API call",
+        });
+    }
+    if (options.includeResearch) {
+        steps.push({
+            step: steps.length + 1,
+            agent: "research-brief",
+            method: "POST",
+            path: "/api/research/brief",
+            priceUsdc: SUITE_PRICES.researchBrief,
+            purpose: "Build research pipeline and cost estimate",
+        });
+    }
+    steps.push({
+        step: steps.length + 1,
+        agent: "receipt-auditor",
+        method: "POST",
+        path: "/api/receipt-auditor/verify",
+        priceUsdc: SUITE_PRICES.receiptAuditor,
+        purpose: "Verify settlement receipt on-chain",
+    });
+    return steps;
+}

package/dist/lib/telemetry.d.ts

@@ -0,0 +1,5 @@
+type CounterName = "http_requests" | "x402_settlements" | "x402_settlement_failures" | "replay_blocked" | "idempotency_replay";
+export declare function incCounter(name: CounterName, delta?: number): void;
+export declare function telemetryMiddleware(_req: import("express").Request, _res: import("express").Response, next: import("express").NextFunction): void;
+export declare function metricsPayload(): Record<string, unknown>;
+export {};

package/dist/lib/telemetry.js

@@ -0,0 +1,37 @@
+import { db } from "./db.js";
+const incStmt = db.prepare(`
+  INSERT INTO telemetry_counters(name, value) VALUES(?, ?)
+  ON CONFLICT(name) DO UPDATE SET value = value + ?, updated_at = unixepoch()
+`);
+const startedAt = Date.now();
+export function incCounter(name, delta = 1) {
+    incStmt.run(name, delta, delta);
+}
+export function telemetryMiddleware(_req, _res, next) {
+    incCounter("http_requests");
+    next();
+}
+export function metricsPayload() {
+    const rows = db
+        .prepare("SELECT name, value FROM telemetry_counters")
+        .all();
+    const counters = {
+        http_requests: 0,
+        x402_settlements: 0,
+        x402_settlement_failures: 0,
+        replay_blocked: 0,
+        idempotency_replay: 0,
+    };
+    for (const r of rows)
+        counters[r.name] = r.value;
+    return {
+        service: "x402-trust-layer",
+        uptimeSec: Math.floor((Date.now() - startedAt) / 1000),
+        counters,
+        nonceBackend: process.env.REDIS_URL
+            ? "redis"
+            : process.env.UPSTASH_REDIS_REST_URL
+                ? "upstash-rest"
+                : "sqlite",
+    };
+}

package/dist/lib/verifier-fast-path.d.ts

@@ -0,0 +1,10 @@
+import type { ProbeResult } from "./probe.js";
+/** Canonical agent id injected by applyVerifierExampleBody for x402gle / Dexter audits */
+export declare const VERIFIER_AGENT_ID = "dexter-verifier-probe";
+/**
+ * Synthetic probe fast path — only when explicitly enabled (ALLOW_VERIFIER_PROBE_IDS=1)
+ * or a matching X-Verifier-Fast-Path-Secret header is sent (VERIFIER_FAST_PATH_SECRET).
+ */
+export declare function isVerifierAgentId(agentId?: string, reqHeaders?: Record<string, unknown>): boolean;
+/** Synthetic x402 probe — avoids slow outbound calls during marketplace verification. */
+export declare function syntheticPaidProbe(targetUrl: string): ProbeResult;

package/dist/lib/verifier-fast-path.js

@@ -0,0 +1,44 @@
+import { config } from "../config.js";
+/** Canonical agent id injected by applyVerifierExampleBody for x402gle / Dexter audits */
+export const VERIFIER_AGENT_ID = "dexter-verifier-probe";
+const VERIFIER_HEADER = "x-verifier-fast-path-secret";
+function headerSecretMatches(reqHeaders) {
+    const expected = config.verifierFastPathSecret;
+    if (!expected)
+        return false;
+    const raw = reqHeaders?.[VERIFIER_HEADER] ?? reqHeaders?.[VERIFIER_HEADER.toUpperCase()];
+    const provided = Array.isArray(raw) ? raw[0] : raw;
+    return typeof provided === "string" && provided.length > 0 && provided === expected;
+}
+/**
+ * Synthetic probe fast path — only when explicitly enabled (ALLOW_VERIFIER_PROBE_IDS=1)
+ * or a matching X-Verifier-Fast-Path-Secret header is sent (VERIFIER_FAST_PATH_SECRET).
+ */
+export function isVerifierAgentId(agentId, reqHeaders) {
+    if (agentId !== VERIFIER_AGENT_ID)
+        return false;
+    if (headerSecretMatches(reqHeaders))
+        return true;
+    return config.allowVerifierProbeIds;
+}
+/** Synthetic x402 probe — avoids slow outbound calls during marketplace verification. */
+export function syntheticPaidProbe(targetUrl) {
+    return {
+        url: targetUrl,
+        status: 402,
+        requiresPayment: true,
+        authMode: "paid",
+        priceUsdc: 0.05,
+        network: "eip155:8453",
+        payTo: null,
+        paymentOptions: [
+            {
+                priceUsdc: 0.05,
+                network: "eip155:8453",
+                payTo: null,
+                scheme: "exact",
+            },
+        ],
+        warnings: ["synthetic_probe:verifier_fast_path"],
+    };
+}

package/dist/lib/verifier-probe-protocol.d.ts

@@ -0,0 +1,7 @@
+export declare const VERIFIER_PROBE_PASSPORT_DID = "did:agent:dexter_verifier_probe:0000000000000001";
+export declare const VERIFIER_PROBE_RECEIPT_ID = "poe_verifier_probe_example";
+export declare const VERIFIER_PROBE_AUDIT_ID = "aud_verifier_probe_example";
+export declare const VERIFIER_PROBE_ESCROW_ID = "00000000-0000-4000-8000-000000000001";
+export declare const VERIFIER_PROBE_BINDING_ID = "rb_verifier_probe_example";
+/** Stable protocol artifacts for x402gle verify-* paid probes. */
+export declare function ensureVerifierProbeProtocol(): Promise<void>;

package/dist/lib/verifier-probe-protocol.js

@@ -0,0 +1,115 @@
+import { VERIFY_EXAMPLES } from "./verify-examples.js";
+import { hmacSign } from "../protocol/crypto.js";
+import { readProtocolStore, writeProtocolStore } from "../protocol/store.js";
+export const VERIFIER_PROBE_PASSPORT_DID = "did:agent:dexter_verifier_probe:0000000000000001";
+export const VERIFIER_PROBE_RECEIPT_ID = "poe_verifier_probe_example";
+export const VERIFIER_PROBE_AUDIT_ID = "aud_verifier_probe_example";
+export const VERIFIER_PROBE_ESCROW_ID = "00000000-0000-4000-8000-000000000001";
+export const VERIFIER_PROBE_BINDING_ID = "rb_verifier_probe_example";
+async function seedPassport() {
+    const store = await readProtocolStore("passports", {});
+    if (store[VERIFIER_PROBE_PASSPORT_DID])
+        return;
+    const payload = {
+        did: VERIFIER_PROBE_PASSPORT_DID,
+        agentId: "dexter-verifier-probe",
+        publicKey: "probe_public_key",
+        ownerIdentity: "9c7tE587KpGYBjiNQrjw3nGvxQHhSYKU4Ba6WRgQsHkt",
+        capabilities: ["x402.pay", "x402.preflight", "tool.invoke"],
+        permissions: ["spend:usdc", "attest:issue"],
+        metadata: { probe: true },
+        riskTier: "LOW",
+        reputationProfileId: "verifier_probe",
+        issuedAt: new Date().toISOString(),
+        credentialType: "AgentPassportVC",
+    };
+    const signature = hmacSign(JSON.stringify(payload));
+    store[VERIFIER_PROBE_PASSPORT_DID] = { ...payload, signature };
+    await writeProtocolStore("passports", store);
+}
+async function seedExecutionReceipt() {
+    const store = await readProtocolStore("execution-receipts", {});
+    if (store[VERIFIER_PROBE_RECEIPT_ID])
+        return;
+    const receipt = {
+        receiptId: VERIFIER_PROBE_RECEIPT_ID,
+        taskId: "verifier_probe_task",
+        executionHash: "exec_verifier_probe_hash",
+        toolTraceHash: "tool_verifier_probe_hash",
+        decisionTraceHash: "decision_verifier_probe_hash",
+        verificationProof: hmacSign(`${VERIFIER_PROBE_RECEIPT_ID}:exec_verifier_probe_hash:tool_verifier_probe_hash:decision_verifier_probe_hash`),
+        settlementProof: null,
+        issuedAt: new Date().toISOString(),
+        thirdPartyVerifyUrl: "https://x402trustlayer.xyz/api/protocol/execution/verify",
+    };
+    const payload = JSON.stringify(receipt);
+    store[VERIFIER_PROBE_RECEIPT_ID] = {
+        ...receipt,
+        signature: hmacSign(payload),
+        payload,
+    };
+    await writeProtocolStore("execution-receipts", store);
+}
+async function seedReasoningAudit() {
+    const store = await readProtocolStore("reasoning-audits", {});
+    if (store[VERIFIER_PROBE_AUDIT_ID])
+        return;
+    const root = hmacSign("verifier_probe_merkle_root");
+    store[VERIFIER_PROBE_AUDIT_ID] = {
+        merkleRoot: root,
+        leaves: ["leaf_verifier_probe_0", "leaf_verifier_probe_1"],
+        agentId: "dexter-verifier-probe",
+        committedAt: new Date().toISOString(),
+        signature: hmacSign(`${VERIFIER_PROBE_AUDIT_ID}:${root}`),
+    };
+    await writeProtocolStore("reasoning-audits", store);
+}
+async function seedEscrow() {
+    const store = await readProtocolStore("escrow-fsm", {});
+    if (store[VERIFIER_PROBE_ESCROW_ID])
+        return;
+    const ex = VERIFY_EXAMPLES["/api/protocol/escrow/create"];
+    const now = new Date().toISOString();
+    store[VERIFIER_PROBE_ESCROW_ID] = {
+        escrowId: VERIFIER_PROBE_ESCROW_ID,
+        payerAgentId: String(ex.payerAgentId ?? "dexter-verifier-probe"),
+        payeeMerchant: String(ex.payeeMerchant ?? "api.myceliasignal.com"),
+        amountUsdc: Number(ex.amountUsdc ?? 0.05),
+        state: "CREATED",
+        resourceHash: String(ex.resourceHash ?? "res_verifier_probe"),
+        history: [{ state: "CREATED", at: now }],
+        createdAt: now,
+        updatedAt: now,
+        stateProof: hmacSign(`${VERIFIER_PROBE_ESCROW_ID}:CREATED:${now}`),
+    };
+    await writeProtocolStore("escrow-fsm", store);
+}
+async function seedReplayBinding() {
+    const store = await readProtocolStore("replay-bindings", {});
+    if (store[VERIFIER_PROBE_BINDING_ID])
+        return;
+    const ex = VERIFY_EXAMPLES["/api/protocol/replay/bind"];
+    const expiresAt = new Date(Date.now() + 3600_000).toISOString();
+    const payload = {
+        bindingId: VERIFIER_PROBE_BINDING_ID,
+        nonce: "nonce_verifier_probe",
+        resourceHash: hmacSign(`POST:${String(ex.resourceUrl ?? "")}`),
+        requestHash: hmacSign(JSON.stringify(ex.requestBody ?? {})),
+        agentId: String(ex.agentId ?? "dexter-verifier-probe"),
+        sessionId: "sess_verifier_probe",
+        expiresAt,
+    };
+    store[VERIFIER_PROBE_BINDING_ID] = {
+        ...payload,
+        signature: hmacSign(JSON.stringify(payload)),
+    };
+    await writeProtocolStore("replay-bindings", store);
+}
+/** Stable protocol artifacts for x402gle verify-* paid probes. */
+export async function ensureVerifierProbeProtocol() {
+    await seedPassport();
+    await seedExecutionReceipt();
+    await seedReasoningAudit();
+    await seedEscrow();
+    await seedReplayBinding();
+}

package/dist/lib/verify-examples.d.ts

@@ -0,0 +1,2 @@
+/** Canonical probe bodies used when Dexter AI verifier sends an empty POST body */
+export declare const VERIFY_EXAMPLES: Record<string, unknown>;