x402-trust-layer 5.1.0

package/dist/lib/x402-payment-replay.js

@@ -0,0 +1,57 @@
+import { claimNonceKey, extractIdempotencyKey, isNonceKeyUsed, } from "./nonce-store.js";
+export { extractIdempotencyKey };
+/** True if this nonce was already used for a successful settlement. */
+export function isNonceAlreadyUsed(nonce) {
+    return isNonceKeyUsed(`pay:${nonce}`);
+}
+/** Record nonce only after facilitator settlement succeeds. */
+export async function markNonceUsed(nonce, network) {
+    await claimNonceKey(`pay:${nonce}`, network || "unknown");
+}
+export async function checkAndConsumeNonce(nonce, network) {
+    if (!nonce || nonce.length < 8)
+        return true;
+    if (isNonceKeyUsed(`pay:${nonce}`))
+        return false;
+    return claimNonceKey(`pay:${nonce}`, network);
+}
+export function idempotencyCompositeKey(req, resourcePath) {
+    const key = extractIdempotencyKey(req);
+    if (!key)
+        return undefined;
+    return `idem:${resourcePath}:${key}`;
+}
+/** Block only after a prior request with this key completed settlement. */
+export function isIdempotencyKeyConsumed(req, resourcePath) {
+    const composite = idempotencyCompositeKey(req, resourcePath);
+    return composite ? isNonceKeyUsed(composite) : false;
+}
+export async function markIdempotencyKeyUsed(req, resourcePath) {
+    const composite = idempotencyCompositeKey(req, resourcePath);
+    if (!composite)
+        return;
+    await claimNonceKey(composite, "idempotency", 86_400);
+}
+export function extractNonceFromPaymentHeader(header) {
+    try {
+        const parsed = JSON.parse(Buffer.from(header, "base64").toString("utf8"));
+        const payload = parsed.payload;
+        const accepted = parsed.accepted;
+        const nonce = (typeof payload?.nonce === "string" && payload.nonce) ||
+            (typeof parsed.nonce === "string" && parsed.nonce) ||
+            undefined;
+        const network = (typeof accepted?.network === "string" && accepted.network) ||
+            (typeof parsed.network === "string" && parsed.network) ||
+            undefined;
+        const payTo = (typeof accepted?.payTo === "string" && accepted.payTo) ||
+            (typeof payload?.authorization === "object" &&
+                payload.authorization !== null &&
+                typeof payload.authorization.to === "string" &&
+                payload.authorization.to) ||
+            undefined;
+        return { nonce, network, payTo };
+    }
+    catch {
+        return {};
+    }
+}

package/dist/lib/x402gle-host-verify.d.ts

@@ -0,0 +1,3 @@
+/** x402gle / Dexter host claim — set in Railway when verifying domain ownership */
+export declare function x402gleChallengeToken(): string;
+export declare function registerX402gleHostVerification(app: import("express").Express): void;

package/dist/lib/x402gle-host-verify.js

@@ -0,0 +1,27 @@
+/** x402gle / Dexter host claim — set in Railway when verifying domain ownership */
+export function x402gleChallengeToken() {
+    return (process.env.X402GLE_CHALLENGE_TOKEN ?? "").trim();
+}
+export function registerX402gleHostVerification(app) {
+    const token = x402gleChallengeToken();
+    const serveToken = (_req, res) => {
+        if (!token) {
+            res.status(404).type("text/plain").send("X402GLE_CHALLENGE_TOKEN not configured");
+            return;
+        }
+        res.type("text/plain").send(token);
+    };
+    const serveJson = (_req, res) => {
+        if (!token) {
+            res.status(404).json({ error: "X402GLE_CHALLENGE_TOKEN not configured" });
+            return;
+        }
+        res.json({ challenge: token });
+    };
+    app.get("/.well-known/x402-host-challenge", serveToken);
+    app.get("/.well-known/x402gle-challenge", serveToken);
+    app.get("/.well-known/x402-host-challenge.txt", serveToken);
+    app.get("/.well-known/x402gle-challenge.txt", serveToken);
+    app.get("/.well-known/x402-host-challenge.json", serveJson);
+    app.get("/.well-known/x402gle-challenge.json", serveJson);
+}

package/dist/protocol/agent-passport.d.ts

@@ -0,0 +1,34 @@
+export type AgentPassport = {
+    did: string;
+    agentId: string;
+    publicKey: string;
+    ownerIdentity: string;
+    capabilities: string[];
+    permissions: string[];
+    metadata: Record<string, unknown>;
+    riskTier: "LOW" | "MEDIUM" | "HIGH";
+    reputationProfileId: string;
+    issuedAt: string;
+    credentialType: "AgentPassportVC";
+    signature: string;
+};
+export type IssuePassportInput = {
+    agentId: string;
+    publicKey?: string;
+    ownerIdentity?: string;
+    walletAddress?: string;
+    capabilities?: string[];
+    permissions?: string[];
+    metadata?: Record<string, unknown>;
+};
+export declare function issueAgentPassport(input: IssuePassportInput): Promise<AgentPassport>;
+export declare function verifyAgentPassport(did: string): Promise<{
+    valid: boolean;
+    passport: AgentPassport | null;
+    reason?: string;
+}>;
+export declare function hardwareAttestationStub(agentId: string): {
+    attestationType: "tpm-simulated";
+    quote: string;
+    agentId: string;
+};

package/dist/protocol/agent-passport.js

@@ -0,0 +1,44 @@
+import { randomBytes } from "node:crypto";
+import { hmacSign, newDid, sha256Hex, verifyHmac } from "./crypto.js";
+import { readProtocolStore, writeProtocolStore } from "./store.js";
+export async function issueAgentPassport(input) {
+    const store = await readProtocolStore("passports", {});
+    const did = newDid(input.agentId);
+    const publicKey = input.publicKey ?? sha256Hex(`${input.agentId}:${input.walletAddress ?? "anon"}`);
+    const payload = {
+        did,
+        agentId: input.agentId,
+        publicKey,
+        ownerIdentity: input.ownerIdentity ?? input.walletAddress ?? "unknown",
+        capabilities: input.capabilities ?? ["x402.pay", "x402.preflight", "tool.invoke"],
+        permissions: input.permissions ?? ["spend:usdc", "attest:issue"],
+        metadata: input.metadata ?? {},
+        riskTier: "MEDIUM",
+        reputationProfileId: sha256Hex(did).slice(0, 16),
+        issuedAt: new Date().toISOString(),
+        credentialType: "AgentPassportVC",
+    };
+    const signature = hmacSign(JSON.stringify(payload));
+    const passport = { ...payload, signature };
+    store[did] = passport;
+    await writeProtocolStore("passports", store);
+    return passport;
+}
+export async function verifyAgentPassport(did) {
+    const store = await readProtocolStore("passports", {});
+    const passport = store[did] ?? null;
+    if (!passport)
+        return { valid: false, passport: null, reason: "DID not found" };
+    const { signature, ...payload } = passport;
+    if (!verifyHmac(JSON.stringify(payload), signature)) {
+        return { valid: false, passport, reason: "Invalid credential signature" };
+    }
+    return { valid: true, passport };
+}
+export function hardwareAttestationStub(agentId) {
+    return {
+        attestationType: "tpm-simulated",
+        quote: sha256Hex(`tpm:${agentId}:${randomBytes(8).toString("hex")}`),
+        agentId,
+    };
+}

package/dist/protocol/compliance-v2.d.ts

@@ -0,0 +1,21 @@
+export type ComplianceAssessInput = {
+    organizationId: string;
+    agentId: string;
+    jurisdiction?: string;
+    monthlyVolumeUsdc?: number;
+    rails?: string[];
+    requiresKyc?: boolean;
+};
+export type ComplianceAssessResult = {
+    allowed: boolean;
+    amlRisk: "low" | "medium" | "high";
+    kycRequired: boolean;
+    auditTrailId: string;
+    policyDecisions: string[];
+    regulatoryReporting: {
+        sarThresholdUsdc: number;
+        ctrThresholdUsdc: number;
+    };
+    forensicLogRef: string;
+};
+export declare function assessCompliance(input: ComplianceAssessInput): ComplianceAssessResult;

package/dist/protocol/compliance-v2.js

@@ -0,0 +1,19 @@
+export function assessCompliance(input) {
+    const volume = input.monthlyVolumeUsdc ?? 0;
+    const amlRisk = volume > 10000 ? "high" : volume > 1000 ? "medium" : "low";
+    const kycRequired = input.requiresKyc === true || volume > 5000;
+    const allowed = amlRisk !== "high" || kycRequired;
+    return {
+        allowed,
+        amlRisk,
+        kycRequired,
+        auditTrailId: `comp_${input.organizationId}_${Date.now().toString(36)}`,
+        policyDecisions: [
+            kycRequired ? "kyc_gate_required" : "kyc_optional",
+            `aml_risk_${amlRisk}`,
+            "ledger_export_via_compliance_ledger",
+        ],
+        regulatoryReporting: { sarThresholdUsdc: 5000, ctrThresholdUsdc: 10000 },
+        forensicLogRef: `forensic://${input.organizationId}/${input.agentId}`,
+    };
+}

package/dist/protocol/credit-bureau.d.ts

@@ -0,0 +1,18 @@
+export type CreditScoreInput = {
+    agentId: string;
+    walletAddress: string;
+    disputeCount?: number;
+    settlementCount?: number;
+    uptimePct?: number;
+};
+export type CreditScoreResult = {
+    creditScore: number;
+    band: "exceptional" | "good" | "fair" | "poor" | "high_risk";
+    range: "300-900";
+    factors: Record<string, number>;
+    limits: {
+        suggestedDailyCapUsdc: number;
+        suggestedPerCallCapUsdc: number;
+    };
+};
+export declare function computeAgentCreditScore(input: CreditScoreInput): Promise<CreditScoreResult>;

package/dist/protocol/credit-bureau.js

@@ -0,0 +1,44 @@
+import { computeTrustScoreV2 } from "./trust-score-v2.js";
+import { readProtocolStoreKey, writeProtocolStoreKey } from "./store.js";
+export async function computeAgentCreditScore(input) {
+    const trust = await computeTrustScoreV2({
+        agentId: input.agentId,
+        walletAddress: input.walletAddress,
+        disputeRatePct: (input.disputeCount ?? 0) * 2,
+        uptimePct: input.uptimePct ?? 95,
+    });
+    const key = input.agentId;
+    const agentHistory = await readProtocolStoreKey("credit-bureau", key, { scores: [] });
+    const prev = agentHistory.scores ?? [];
+    const settlements = input.settlementCount ?? prev.length;
+    const reliability = Math.min(200, settlements * 4);
+    const disputePenalty = Math.min(150, (input.disputeCount ?? 0) * 25);
+    const raw = 300 + trust.trustScore * 4 + reliability - disputePenalty;
+    const creditScore = Math.round(Math.max(300, Math.min(900, raw)));
+    const band = creditScore >= 800
+        ? "exceptional"
+        : creditScore >= 700
+            ? "good"
+            : creditScore >= 600
+                ? "fair"
+                : creditScore >= 500
+                    ? "poor"
+                    : "high_risk";
+    const updatedHistory = { scores: [...prev, creditScore].slice(-50) };
+    await writeProtocolStoreKey("credit-bureau", key, updatedHistory);
+    return {
+        creditScore,
+        band,
+        range: "300-900",
+        factors: {
+            trust_v2: trust.trustScore,
+            settlement_history: reliability,
+            dispute_penalty: -disputePenalty,
+            uptime: input.uptimePct ?? 95,
+        },
+        limits: {
+            suggestedDailyCapUsdc: creditScore >= 700 ? 50 : creditScore >= 600 ? 10 : 2,
+            suggestedPerCallCapUsdc: creditScore >= 700 ? 2 : creditScore >= 600 ? 0.5 : 0.1,
+        },
+    };
+}

package/dist/protocol/crypto.d.ts

@@ -0,0 +1,6 @@
+export declare function sha256Hex(input: string | Buffer): string;
+export declare function hmacSign(payload: string): string;
+export declare function verifyHmac(payload: string, signature: string): boolean;
+export declare function merkleRoot(leaves: string[]): string;
+export declare function newDid(agentId: string): string;
+export declare function randomNonce(): string;

package/dist/protocol/crypto.js

@@ -0,0 +1,41 @@
+import { createHash, createHmac, randomBytes, timingSafeEqual } from "node:crypto";
+import { config } from "../config.js";
+export function sha256Hex(input) {
+    return createHash("sha256").update(input).digest("hex");
+}
+export function hmacSign(payload) {
+    return createHmac("sha256", config.attestationHmacSecret).update(payload).digest("hex");
+}
+export function verifyHmac(payload, signature) {
+    const expected = hmacSign(payload);
+    if (expected.length !== signature.length)
+        return false;
+    try {
+        return timingSafeEqual(Buffer.from(expected, "utf8"), Buffer.from(signature, "utf8"));
+    }
+    catch {
+        return false;
+    }
+}
+export function merkleRoot(leaves) {
+    if (leaves.length === 0)
+        return sha256Hex("empty");
+    let layer = leaves.map((l) => sha256Hex(l));
+    while (layer.length > 1) {
+        const next = [];
+        for (let i = 0; i < layer.length; i += 2) {
+            const left = layer[i];
+            const right = layer[i + 1] ?? left;
+            next.push(sha256Hex(`${left}:${right}`));
+        }
+        layer = next;
+    }
+    return layer[0];
+}
+export function newDid(agentId) {
+    const slug = agentId.replace(/[^a-zA-Z0-9._-]/g, "_").slice(0, 48);
+    return `did:agent:${slug}:${randomBytes(8).toString("hex")}`;
+}
+export function randomNonce() {
+    return randomBytes(16).toString("hex");
+}

package/dist/protocol/escrow-fsm.d.ts

@@ -0,0 +1,33 @@
+export declare const ESCROW_STATES: readonly ["CREATED", "FUNDED", "LOCKED", "EXECUTING", "DELIVERED", "VERIFIED", "SETTLED", "REFUNDED", "DISPUTED", "CANCELLED"];
+export type EscrowState = (typeof ESCROW_STATES)[number];
+export type ProtocolEscrow = {
+    escrowId: string;
+    payerAgentId: string;
+    payeeMerchant: string;
+    amountUsdc: number;
+    state: EscrowState;
+    resourceHash?: string;
+    sessionId?: string;
+    multiSigRecovery?: string[];
+    history: Array<{
+        state: EscrowState;
+        at: string;
+        note?: string;
+    }>;
+    createdAt: string;
+    updatedAt: string;
+    stateProof: string;
+};
+export declare function createProtocolEscrow(input: {
+    payerAgentId: string;
+    payeeMerchant: string;
+    amountUsdc: number;
+    resourceHash?: string;
+    sessionId?: string;
+}): Promise<ProtocolEscrow>;
+export declare function transitionEscrow(escrowId: string, nextState: EscrowState, note?: string): Promise<{
+    ok: boolean;
+    escrow?: ProtocolEscrow;
+    error?: string;
+}>;
+export declare function getEscrowStatus(escrowId: string): Promise<ProtocolEscrow | null>;

package/dist/protocol/escrow-fsm.js

@@ -0,0 +1,99 @@
+import { randomUUID } from "node:crypto";
+import { hmacSign } from "./crypto.js";
+import { recordEscrowTransition, syncProtocolEscrow } from "../lib/escrow-unified.js";
+import { readProtocolStore, writeProtocolStore } from "./store.js";
+export const ESCROW_STATES = [
+    "CREATED",
+    "FUNDED",
+    "LOCKED",
+    "EXECUTING",
+    "DELIVERED",
+    "VERIFIED",
+    "SETTLED",
+    "REFUNDED",
+    "DISPUTED",
+    "CANCELLED",
+];
+const VALID_TRANSITIONS = {
+    CREATED: ["FUNDED", "CANCELLED"],
+    FUNDED: ["LOCKED", "CANCELLED"],
+    LOCKED: ["EXECUTING", "DISPUTED", "CANCELLED"],
+    EXECUTING: ["DELIVERED", "DISPUTED", "CANCELLED"],
+    DELIVERED: ["VERIFIED", "DISPUTED"],
+    VERIFIED: ["SETTLED", "REFUNDED", "DISPUTED"],
+    SETTLED: [],
+    REFUNDED: [],
+    DISPUTED: ["SETTLED", "REFUNDED", "CANCELLED"],
+    CANCELLED: [],
+};
+export async function createProtocolEscrow(input) {
+    const store = await readProtocolStore("escrow-fsm", {});
+    const escrowId = randomUUID();
+    const now = new Date().toISOString();
+    const escrow = {
+        escrowId,
+        payerAgentId: input.payerAgentId,
+        payeeMerchant: input.payeeMerchant,
+        amountUsdc: input.amountUsdc,
+        state: "CREATED",
+        resourceHash: input.resourceHash,
+        sessionId: input.sessionId,
+        history: [{ state: "CREATED", at: now }],
+        createdAt: now,
+        updatedAt: now,
+        stateProof: "",
+    };
+    escrow.stateProof = hmacSign(`${escrowId}:${escrow.state}:${now}`);
+    store[escrowId] = escrow;
+    await writeProtocolStore("escrow-fsm", store);
+    syncProtocolEscrow({
+        escrowId,
+        payerAgentId: input.payerAgentId,
+        payeeId: input.payeeMerchant,
+        amountUsdc: input.amountUsdc,
+        state: escrow.state,
+        resourceHash: input.resourceHash,
+        sessionId: input.sessionId,
+        stateProof: escrow.stateProof,
+        metadata: { source: "protocol-fsm" },
+    });
+    return escrow;
+}
+export async function transitionEscrow(escrowId, nextState, note) {
+    const store = await readProtocolStore("escrow-fsm", {});
+    const escrow = store[escrowId];
+    if (!escrow)
+        return { ok: false, error: "Escrow not found" };
+    const allowed = VALID_TRANSITIONS[escrow.state];
+    if (!allowed.includes(nextState)) {
+        return {
+            ok: false,
+            error: `Invalid transition ${escrow.state} -> ${nextState}`,
+        };
+    }
+    const now = new Date().toISOString();
+    const fromState = escrow.state;
+    escrow.state = nextState;
+    escrow.updatedAt = now;
+    escrow.history.push({ state: nextState, at: now, note });
+    escrow.stateProof = hmacSign(`${escrowId}:${nextState}:${now}`);
+    store[escrowId] = escrow;
+    await writeProtocolStore("escrow-fsm", store);
+    recordEscrowTransition(escrowId, fromState, nextState, note, escrow.stateProof);
+    syncProtocolEscrow({
+        escrowId,
+        payerAgentId: escrow.payerAgentId,
+        payeeId: escrow.payeeMerchant,
+        amountUsdc: escrow.amountUsdc,
+        state: nextState,
+        resourceHash: escrow.resourceHash,
+        sessionId: escrow.sessionId,
+        stateProof: escrow.stateProof,
+        metadata: { source: "protocol-fsm", historyLen: escrow.history.length },
+    });
+    return { ok: true, escrow };
+}
+export async function getEscrowStatus(escrowId) {
+    const store = await readProtocolStore("escrow-fsm", {});
+    return store[escrowId] ?? null;
+}

package/dist/protocol/fraud-engine.d.ts

@@ -0,0 +1,28 @@
+export type FraudScanInput = {
+    agentId?: string;
+    walletAddress?: string;
+    merchantHost?: string;
+    transactionHashes?: string[];
+    amountUsdc?: number;
+    peerWallets?: string[];
+};
+export type FraudScanResult = {
+    fraudScore: number;
+    riskScore: number;
+    confidence: number;
+    signals: Array<{
+        code: string;
+        severity: "low" | "medium" | "high";
+        detail: string;
+    }>;
+    graph: {
+        nodes: number;
+        edges: number;
+        circularPaymentDetected: boolean;
+        washTradingSuspected: boolean;
+        walletClusterSuspected: boolean;
+    };
+    recommendation: string;
+};
+export declare function runFraudScan(input: FraudScanInput): Promise<FraudScanResult>;
+export declare function fingerprintAgent(agentId: string, wallet?: string): string;

package/dist/protocol/fraud-engine.js

@@ -0,0 +1,77 @@
+import { sha256Hex } from "./crypto.js";
+import { readProtocolStore, writeProtocolStore } from "./store.js";
+export async function runFraudScan(input) {
+    const graph = await readProtocolStore("fraud-graph", { wallets: {} });
+    const signals = [];
+    let fraudScore = 8;
+    let riskScore = 12;
+    const wallet = input.walletAddress?.toLowerCase();
+    if (wallet) {
+        const entry = graph.wallets[wallet] ?? { peers: [], volumeUsdc: 0, txCount: 0 };
+        entry.txCount += 1;
+        entry.volumeUsdc += input.amountUsdc ?? 0;
+        for (const peer of input.peerWallets ?? []) {
+            if (!entry.peers.includes(peer))
+                entry.peers.push(peer);
+        }
+        graph.wallets[wallet] = entry;
+        await writeProtocolStore("fraud-graph", graph);
+        if (entry.peers.length > 8 && entry.volumeUsdc < 1) {
+            signals.push({
+                code: "WALLET_CLUSTER_LOW_VALUE",
+                severity: "high",
+                detail: "Many peers with low aggregate volume — possible Sybil cluster",
+            });
+            fraudScore += 35;
+            riskScore += 30;
+        }
+    }
+    const hashes = input.transactionHashes ?? [];
+    if (hashes.length >= 3) {
+        const unique = new Set(hashes.map((h) => h.slice(0, 12)));
+        if (unique.size <= 1) {
+            signals.push({
+                code: "CIRCULAR_OR_REPEATED_TX",
+                severity: "high",
+                detail: "Repeated transaction hash prefix pattern",
+            });
+            fraudScore += 28;
+        }
+    }
+    if ((input.amountUsdc ?? 0) > 0 && (input.amountUsdc ?? 0) < 0.02 && hashes.length > 5) {
+        signals.push({
+            code: "WASH_MICRO_PAYMENTS",
+            severity: "medium",
+            detail: "High txn count with micro amounts",
+        });
+        fraudScore += 22;
+    }
+    const circularPaymentDetected = signals.some((s) => s.code === "CIRCULAR_OR_REPEATED_TX");
+    const washTradingSuspected = signals.some((s) => s.code === "WASH_MICRO_PAYMENTS");
+    const walletClusterSuspected = signals.some((s) => s.code === "WALLET_CLUSTER_LOW_VALUE");
+    fraudScore = Math.min(100, fraudScore);
+    riskScore = Math.min(100, Math.max(fraudScore, riskScore));
+    const nodeSet = new Set(Object.keys(graph.wallets));
+    const edgeCount = Object.values(graph.wallets).reduce((a, w) => a + w.peers.length, 0);
+    return {
+        fraudScore,
+        riskScore,
+        confidence: signals.length ? 0.78 : 0.55,
+        signals,
+        graph: {
+            nodes: nodeSet.size,
+            edges: edgeCount,
+            circularPaymentDetected,
+            washTradingSuspected,
+            walletClusterSuspected,
+        },
+        recommendation: fraudScore >= 50
+            ? "Block or require manual review before x402 settlement"
+            : fraudScore >= 25
+                ? "Require escrow + elevated guard caps"
+                : "Proceed with standard pre-x402 guard",
+    };
+}
+export function fingerprintAgent(agentId, wallet) {
+    return sha256Hex(`${agentId}:${wallet ?? ""}`).slice(0, 20);
+}

package/dist/protocol/observability.d.ts

@@ -0,0 +1,14 @@
+type MetricEvent = {
+    name: string;
+    at: string;
+    labels: Record<string, string>;
+    value: number;
+};
+export declare function recordProtocolMetric(name: string, labels?: Record<string, string>, value?: number): Promise<void>;
+export declare function getProtocolMetricsSnapshot(): Promise<{
+    openTelemetryCompatible: boolean;
+    traceFormat: string;
+    recent: MetricEvent[];
+    counters: Record<string, number>;
+}>;
+export {};

package/dist/protocol/observability.js

@@ -0,0 +1,21 @@
+import { readProtocolStore, writeProtocolStore } from "./store.js";
+export async function recordProtocolMetric(name, labels = {}, value = 1) {
+    const store = await readProtocolStore("otel-metrics", { events: [] });
+    store.events.push({ name, at: new Date().toISOString(), labels, value });
+    if (store.events.length > 5000)
+        store.events = store.events.slice(-3000);
+    await writeProtocolStore("otel-metrics", store);
+}
+export async function getProtocolMetricsSnapshot() {
+    const store = await readProtocolStore("otel-metrics", { events: [] });
+    const counters = {};
+    for (const e of store.events) {
+        counters[e.name] = (counters[e.name] ?? 0) + e.value;
+    }
+    return {
+        openTelemetryCompatible: true,
+        traceFormat: "x402-trust-layer-trace-v1",
+        recent: store.events.slice(-50),
+        counters,
+    };
+}

package/dist/protocol/pipeline-full-trust.d.ts

@@ -0,0 +1,40 @@
+export type FullTrustPipelineInput = {
+    agentId: string;
+    walletAddress: string;
+    targetUrl: string;
+    estimatedCostUsdc: number;
+    organizationId?: string;
+    policy: {
+        dailyCapUsdc: number;
+        perCallCapUsdc: number;
+        allowedHosts?: string[];
+    };
+};
+export declare function runFullTrustPipeline(input: FullTrustPipelineInput): Promise<{
+    status: string;
+    allowed: boolean;
+    summary: string;
+    passport: {
+        did: string;
+        riskTier: "LOW" | "MEDIUM" | "HIGH";
+    };
+    trustV2: import("./trust-score-v2.js").TrustScoreV2Result;
+    fraud: import("./fraud-engine.js").FraudScanResult;
+    oracle: import("./trust-oracle.js").OracleConsensusResult;
+    credit: import("./credit-bureau.js").CreditScoreResult;
+    compliance: import("./compliance-v2.js").ComplianceAssessResult;
+    replayBinding: {
+        bindingId: string;
+        header: string;
+        nonce: string;
+        expiresAt: string;
+    };
+    guard: {
+        allowed: boolean;
+        securityGrade: string;
+        summary: string;
+    };
+    nextSteps: string[];
+    protocolVersion: string;
+    docs: string;
+}>;