npm - x402-trust-layer - Versions diffs - 5.1.0 - Mend

x402-trust-layer 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (293) hide show

package/CHANGELOG.md +55 -0
package/DEPLOY.md +53 -0
package/Dockerfile +30 -0
package/LICENSE +21 -0
package/README.md +294 -0
package/dist/agents/a2a-payment.d.ts +37 -0
package/dist/agents/a2a-payment.js +105 -0
package/dist/agents/agent-escrow.d.ts +30 -0
package/dist/agents/agent-escrow.js +23 -0
package/dist/agents/agent-verify.d.ts +15 -0
package/dist/agents/agent-verify.js +112 -0
package/dist/agents/api-router.d.ts +32 -0
package/dist/agents/api-router.js +228 -0
package/dist/agents/attestation-registry.d.ts +35 -0
package/dist/agents/attestation-registry.js +76 -0
package/dist/agents/audition-coach.d.ts +45 -0
package/dist/agents/audition-coach.js +257 -0
package/dist/agents/bedrock-bridge.d.ts +3 -0
package/dist/agents/bedrock-bridge.js +60 -0
package/dist/agents/budget-allocator.d.ts +24 -0
package/dist/agents/budget-allocator.js +31 -0
package/dist/agents/compliance-ledger.d.ts +66 -0
package/dist/agents/compliance-ledger.js +80 -0
package/dist/agents/dispute-resolver.d.ts +62 -0
package/dist/agents/dispute-resolver.js +124 -0
package/dist/agents/evidence-locker.d.ts +30 -0
package/dist/agents/evidence-locker.js +47 -0
package/dist/agents/facilitator-failover.d.ts +15 -0
package/dist/agents/facilitator-failover.js +18 -0
package/dist/agents/identity-gate.d.ts +20 -0
package/dist/agents/identity-gate.js +79 -0
package/dist/agents/mandate-compiler.d.ts +51 -0
package/dist/agents/mandate-compiler.js +73 -0
package/dist/agents/mandate-diff.d.ts +41 -0
package/dist/agents/mandate-diff.js +170 -0
package/dist/agents/market-buy-advisor.d.ts +65 -0
package/dist/agents/market-buy-advisor.js +234 -0
package/dist/agents/merchant-trust.d.ts +38 -0
package/dist/agents/merchant-trust.js +171 -0
package/dist/agents/mpp-session-broker.d.ts +27 -0
package/dist/agents/mpp-session-broker.js +29 -0
package/dist/agents/mpp-session-v2.d.ts +76 -0
package/dist/agents/mpp-session-v2.js +269 -0
package/dist/agents/payment-intent-compiler.d.ts +21 -0
package/dist/agents/payment-intent-compiler.js +45 -0
package/dist/agents/pipeline-execute.d.ts +40 -0
package/dist/agents/pipeline-execute.js +100 -0
package/dist/agents/pipeline-trust-v2.d.ts +31 -0
package/dist/agents/pipeline-trust-v2.js +111 -0
package/dist/agents/pre-x402-guard.d.ts +35 -0
package/dist/agents/pre-x402-guard.js +84 -0
package/dist/agents/quality-escrow-semantic.d.ts +88 -0
package/dist/agents/quality-escrow-semantic.js +137 -0
package/dist/agents/quality-escrow.d.ts +65 -0
package/dist/agents/quality-escrow.js +104 -0
package/dist/agents/quality-monitor.d.ts +32 -0
package/dist/agents/quality-monitor.js +77 -0
package/dist/agents/rail-optimizer.d.ts +33 -0
package/dist/agents/rail-optimizer.js +133 -0
package/dist/agents/receipt-auditor.d.ts +14 -0
package/dist/agents/receipt-auditor.js +145 -0
package/dist/agents/refund-arbiter.d.ts +24 -0
package/dist/agents/refund-arbiter.js +70 -0
package/dist/agents/research-brief.d.ts +14 -0
package/dist/agents/research-brief.js +66 -0
package/dist/agents/risk-gate.d.ts +11 -0
package/dist/agents/risk-gate.js +78 -0
package/dist/agents/settlement-graph.d.ts +16 -0
package/dist/agents/settlement-graph.js +38 -0
package/dist/agents/spend-governor.d.ts +2 -0
package/dist/agents/spend-governor.js +70 -0
package/dist/agents/trust-network.d.ts +138 -0
package/dist/agents/trust-network.js +244 -0
package/dist/agents/x402-proxy.d.ts +32 -0
package/dist/agents/x402-proxy.js +90 -0
package/dist/client/demo-alchemy-live.d.ts +1 -0
package/dist/client/demo-alchemy-live.js +226 -0
package/dist/client/demo-tail.d.ts +1 -0
package/dist/client/demo-tail.js +100 -0
package/dist/client/demo.d.ts +1 -0
package/dist/client/demo.js +293 -0
package/dist/config.d.ts +94 -0
package/dist/config.js +223 -0
package/dist/index.d.ts +1 -0
package/dist/index.js +389 -0
package/dist/lib/agent-response.d.ts +14 -0
package/dist/lib/agent-response.js +13 -0
package/dist/lib/agentic-gateways.d.ts +5 -0
package/dist/lib/agentic-gateways.js +15 -0
package/dist/lib/agentic-probes.d.ts +10 -0
package/dist/lib/agentic-probes.js +49 -0
package/dist/lib/alchemy-x402-fetch.d.ts +16 -0
package/dist/lib/alchemy-x402-fetch.js +95 -0
package/dist/lib/apply-verifier-body.d.ts +7 -0
package/dist/lib/apply-verifier-body.js +179 -0
package/dist/lib/attestation.d.ts +30 -0
package/dist/lib/attestation.js +107 -0
package/dist/lib/bazaar-extension.d.ts +15 -0
package/dist/lib/bazaar-extension.js +265 -0
package/dist/lib/bazaar.d.ts +100 -0
package/dist/lib/bazaar.js +341 -0
package/dist/lib/certified-sellers.d.ts +41 -0
package/dist/lib/certified-sellers.js +129 -0
package/dist/lib/chains.d.ts +20 -0
package/dist/lib/chains.js +78 -0
package/dist/lib/db-persistence.d.ts +7 -0
package/dist/lib/db-persistence.js +65 -0
package/dist/lib/db.d.ts +5 -0
package/dist/lib/db.js +113 -0
package/dist/lib/discovery-page.d.ts +2 -0
package/dist/lib/discovery-page.js +71 -0
package/dist/lib/ecosystem-telemetry.d.ts +20 -0
package/dist/lib/ecosystem-telemetry.js +80 -0
package/dist/lib/erc8004/agent-card.d.ts +34 -0
package/dist/lib/erc8004/agent-card.js +151 -0
package/dist/lib/erc8004/cache.d.ts +3 -0
package/dist/lib/erc8004/cache.js +17 -0
package/dist/lib/erc8004/constants.d.ts +22 -0
package/dist/lib/erc8004/constants.js +35 -0
package/dist/lib/erc8004/registry.d.ts +19 -0
package/dist/lib/erc8004/registry.js +171 -0
package/dist/lib/erc8004/resolve-agent.d.ts +7 -0
package/dist/lib/erc8004/resolve-agent.js +70 -0
package/dist/lib/erc8004/trust-score.d.ts +33 -0
package/dist/lib/erc8004/trust-score.js +136 -0
package/dist/lib/escrow-ledger.d.ts +14 -0
package/dist/lib/escrow-ledger.js +54 -0
package/dist/lib/escrow-unified.d.ts +15 -0
package/dist/lib/escrow-unified.js +28 -0
package/dist/lib/facilitator-extra.d.ts +13 -0
package/dist/lib/facilitator-extra.js +52 -0
package/dist/lib/facilitators.d.ts +20 -0
package/dist/lib/facilitators.js +89 -0
package/dist/lib/host-policy.d.ts +4 -0
package/dist/lib/host-policy.js +20 -0
package/dist/lib/idempotency.d.ts +4 -0
package/dist/lib/idempotency.js +120 -0
package/dist/lib/ledger.d.ts +2 -0
package/dist/lib/ledger.js +17 -0
package/dist/lib/logger.d.ts +6 -0
package/dist/lib/logger.js +24 -0
package/dist/lib/mandate-vc.d.ts +20 -0
package/dist/lib/mandate-vc.js +25 -0
package/dist/lib/mandate.d.ts +44 -0
package/dist/lib/mandate.js +190 -0
package/dist/lib/marketplace.d.ts +7 -0
package/dist/lib/marketplace.js +127 -0
package/dist/lib/migrations.d.ts +2 -0
package/dist/lib/migrations.js +130 -0
package/dist/lib/nonce-store.d.ts +6 -0
package/dist/lib/nonce-store.js +109 -0
package/dist/lib/openapi-agentcash.d.ts +5 -0
package/dist/lib/openapi-agentcash.js +288 -0
package/dist/lib/openapi-meta.d.ts +5 -0
package/dist/lib/openapi-meta.js +235 -0
package/dist/lib/otel.d.ts +2 -0
package/dist/lib/otel.js +25 -0
package/dist/lib/paid-resource-url.d.ts +6 -0
package/dist/lib/paid-resource-url.js +47 -0
package/dist/lib/parse-with-verifier-fallback.d.ts +3 -0
package/dist/lib/parse-with-verifier-fallback.js +13 -0
package/dist/lib/payment-request-context.d.ts +10 -0
package/dist/lib/payment-request-context.js +5 -0
package/dist/lib/payment-response.d.ts +13 -0
package/dist/lib/payment-response.js +39 -0
package/dist/lib/payto-guard.d.ts +10 -0
package/dist/lib/payto-guard.js +20 -0
package/dist/lib/probe.d.ts +29 -0
package/dist/lib/probe.js +157 -0
package/dist/lib/problem-detail.d.ts +10 -0
package/dist/lib/problem-detail.js +14 -0
package/dist/lib/rate-limit.d.ts +12 -0
package/dist/lib/rate-limit.js +126 -0
package/dist/lib/replay-middleware.d.ts +3 -0
package/dist/lib/replay-middleware.js +27 -0
package/dist/lib/response-guard.d.ts +5 -0
package/dist/lib/response-guard.js +40 -0
package/dist/lib/safe-fetch.d.ts +5 -0
package/dist/lib/safe-fetch.js +19 -0
package/dist/lib/security.d.ts +13 -0
package/dist/lib/security.js +61 -0
package/dist/lib/semantic-judge.d.ts +14 -0
package/dist/lib/semantic-judge.js +107 -0
package/dist/lib/semantic-judge.test.d.ts +1 -0
package/dist/lib/semantic-judge.test.js +11 -0
package/dist/lib/ssrf.d.ts +10 -0
package/dist/lib/ssrf.js +130 -0
package/dist/lib/ssrf.test.d.ts +1 -0
package/dist/lib/ssrf.test.js +16 -0
package/dist/lib/suite-catalog.d.ts +83 -0
package/dist/lib/suite-catalog.js +131 -0
package/dist/lib/telemetry.d.ts +5 -0
package/dist/lib/telemetry.js +37 -0
package/dist/lib/verifier-fast-path.d.ts +10 -0
package/dist/lib/verifier-fast-path.js +44 -0
package/dist/lib/verifier-probe-protocol.d.ts +7 -0
package/dist/lib/verifier-probe-protocol.js +115 -0
package/dist/lib/verify-examples.d.ts +2 -0
package/dist/lib/verify-examples.js +438 -0
package/dist/lib/version.d.ts +2 -0
package/dist/lib/version.js +2 -0
package/dist/lib/webhook-auth.d.ts +3 -0
package/dist/lib/webhook-auth.js +34 -0
package/dist/lib/webhook-routes.d.ts +2 -0
package/dist/lib/webhook-routes.js +112 -0
package/dist/lib/webhooks.d.ts +23 -0
package/dist/lib/webhooks.js +123 -0
package/dist/lib/webhooks.test.d.ts +1 -0
package/dist/lib/webhooks.test.js +16 -0
package/dist/lib/x402-client-options.d.ts +28 -0
package/dist/lib/x402-client-options.js +138 -0
package/dist/lib/x402-headers.d.ts +10 -0
package/dist/lib/x402-headers.js +27 -0
package/dist/lib/x402-paid.d.ts +5 -0
package/dist/lib/x402-paid.js +252 -0
package/dist/lib/x402-payment-replay.d.ts +22 -0
package/dist/lib/x402-payment-replay.js +57 -0
package/dist/lib/x402gle-host-verify.d.ts +3 -0
package/dist/lib/x402gle-host-verify.js +27 -0
package/dist/protocol/agent-passport.d.ts +34 -0
package/dist/protocol/agent-passport.js +44 -0
package/dist/protocol/compliance-v2.d.ts +21 -0
package/dist/protocol/compliance-v2.js +19 -0
package/dist/protocol/credit-bureau.d.ts +18 -0
package/dist/protocol/credit-bureau.js +44 -0
package/dist/protocol/crypto.d.ts +6 -0
package/dist/protocol/crypto.js +41 -0
package/dist/protocol/escrow-fsm.d.ts +33 -0
package/dist/protocol/escrow-fsm.js +99 -0
package/dist/protocol/fraud-engine.d.ts +28 -0
package/dist/protocol/fraud-engine.js +77 -0
package/dist/protocol/observability.d.ts +14 -0
package/dist/protocol/observability.js +21 -0
package/dist/protocol/pipeline-full-trust.d.ts +40 -0
package/dist/protocol/pipeline-full-trust.js +96 -0
package/dist/protocol/proof-of-execution.d.ts +36 -0
package/dist/protocol/proof-of-execution.js +48 -0
package/dist/protocol/reasoning-audit.d.ts +27 -0
package/dist/protocol/reasoning-audit.js +51 -0
package/dist/protocol/replay-guard.d.ts +28 -0
package/dist/protocol/replay-guard.js +76 -0
package/dist/protocol/replay-guard.test.d.ts +1 -0
package/dist/protocol/replay-guard.test.js +10 -0
package/dist/protocol/security-audit.d.ts +18 -0
package/dist/protocol/security-audit.js +45 -0
package/dist/protocol/store.d.ts +5 -0
package/dist/protocol/store.js +59 -0
package/dist/protocol/threat-catalog.d.ts +13 -0
package/dist/protocol/threat-catalog.js +75 -0
package/dist/protocol/trust-oracle.d.ts +23 -0
package/dist/protocol/trust-oracle.js +30 -0
package/dist/protocol/trust-score-v2.d.ts +33 -0
package/dist/protocol/trust-score-v2.js +78 -0
package/dist/protocol/zk-proofs.d.ts +24 -0
package/dist/protocol/zk-proofs.js +32 -0
package/dist/routes/a2a-agent-card.d.ts +3 -0
package/dist/routes/a2a-agent-card.js +28 -0
package/dist/routes/catalog.d.ts +5 -0
package/dist/routes/catalog.js +47 -0
package/dist/routes/register-all.d.ts +3 -0
package/dist/routes/register-all.js +1240 -0
package/dist/routes/schemas.d.ts +83 -0
package/dist/routes/schemas.js +38 -0
package/dist/routes/shared.d.ts +16 -0
package/dist/routes/shared.js +27 -0
package/dist/routes-protocol.d.ts +10 -0
package/dist/routes-protocol.js +322 -0
package/dist/routes.d.ts +2 -0
package/dist/routes.js +2 -0
package/dist/types.d.ts +66 -0
package/dist/types.js +1 -0
package/openapi.json +7940 -0
package/package.json +124 -0
package/public/.well-known/ai-plugin.json +12 -0
package/public/assets/aegis-logo-blue.png +0 -0
package/public/assets/aegis-logo-gold.png +0 -0
package/public/assets/aegis-logo-green.png +0 -0
package/public/assets/aegis-logo-purple.png +0 -0
package/public/assets/aegis-logo-red.png +0 -0
package/public/assets/aegis-logo-white.png +0 -0
package/public/assets/aegis-logo.png +0 -0
package/public/assets/x402-trustlayer-logo.png +0 -0
package/public/assets/x402-trustlayer-logo.svg +5 -0
package/public/data/agents.json +1528 -0
package/public/index.html +198 -0
package/public/landing.css +342 -0
package/public/landing.js +405 -0
package/public/llms-full.txt +582 -0
package/public/llms.txt +132 -0
package/public/skill.md +135 -0
package/railway.toml +9 -0
package/scripts/docker-entrypoint.sh +7 -0
package/scripts/patch-facilitator-timeout.mjs +61 -0

package/dist/agents/mpp-session-v2.js ADDED Viewed

@@ -0,0 +1,269 @@
+import { randomBytes } from "node:crypto";
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { config } from "../config.js";
+import { CHAIN_IDS } from "../lib/chains.js";
+import { agentTrustMeta, withAgentTrust } from "../lib/agent-response.js";
+import { getMppSessionFromDb, loadMppSessionsFromDb, saveMppSessionToDb, } from "../lib/db-persistence.js";
+const root = path.dirname(fileURLToPath(import.meta.url));
+const sessionsPath = path.join(root, "..", "..", "data", "mpp-sessions.json");
+async function loadSessions(agentId) {
+    const fromDb = agentId ? loadMppSessionsFromDb(agentId) : [];
+    try {
+        const raw = await readFile(sessionsPath, "utf8");
+        const fromFile = JSON.parse(raw);
+        const byId = new Map();
+        for (const s of fromFile)
+            byId.set(s.sessionId, s);
+        for (const s of fromDb)
+            byId.set(s.sessionId, s);
+        return [...byId.values()];
+    }
+    catch {
+        return fromDb;
+    }
+}
+async function saveSessions(rows) {
+    await mkdir(path.dirname(sessionsPath), { recursive: true });
+    const trimmed = rows.slice(-200);
+    await writeFile(sessionsPath, JSON.stringify(trimmed, null, 2), "utf8");
+    for (const s of trimmed)
+        saveMppSessionToDb(s);
+}
+async function findSession(sessionId, agentId) {
+    const fromDb = getMppSessionFromDb(sessionId);
+    if (fromDb)
+        return fromDb;
+    const rows = await loadSessions(agentId);
+    return rows.find((s) => s.sessionId === sessionId);
+}
+function wrapMpp(payload) {
+    const success = payload.success ?? (payload.session != null && !payload.error);
+    const core = {
+        status: "ok",
+        ok: true,
+        success,
+        action: payload.action,
+        session: payload.session,
+        recommendation: payload.recommendation,
+        facilitator: payload.facilitator,
+        nextSteps: payload.nextSteps,
+        savingsNote: payload.savingsNote,
+        ...(payload.error ? { error: payload.error } : {}),
+        ...(payload.settlement ? { settlement: payload.settlement } : {}),
+        ...(payload.resolvedBy ? { resolvedBy: payload.resolvedBy } : {}),
+    };
+    const checks = success
+        ? ["mpp_session", `action_${payload.action}`, payload.settlement ? "settlement_metadata" : "session_state"]
+        : ["mpp_session", payload.error?.code ?? "session_not_found"];
+    return withAgentTrust(core, agentTrustMeta(checks, {
+        confidence: success ? 0.9 : 0.65,
+        sources: ["mpp-session-v2", "dexter-facilitator"],
+        accuracy_note: "MPP session lifecycle planner; settlement happens client-side via facilitator.",
+    }));
+}
+function resolveChain(input) {
+    return input.chain ?? "solana";
+}
+function findOpenSession(rows, input) {
+    if (input.sessionId) {
+        return rows.find((s) => s.sessionId === input.sessionId && s.status === "open") ?? null;
+    }
+    if (input.agentId) {
+        const chain = resolveChain(input);
+        const open = rows.filter((s) => s.agentId === input.agentId && s.chain === chain && s.status === "open");
+        return open.length ? open[open.length - 1] : null;
+    }
+    return null;
+}
+function findLatestSession(rows, agentId, chain) {
+    const matches = rows.filter((s) => s.agentId === agentId && s.chain === chain);
+    return matches.length ? matches[matches.length - 1] : null;
+}
+function createSession(input) {
+    const chain = resolveChain(input);
+    const expected = input.expectedCalls ?? 20;
+    const avg = input.avgPricePerCallUsdc ?? 0.03;
+    const perCallTotal = expected * avg;
+    const mppTotal = 0.01 + expected * 0.001;
+    const savings = Math.max(0, perCallTotal - mppTotal);
+    const facilitatorUrl = config.facilitatorUrl;
+    return {
+        sessionId: `mpp_${randomBytes(6).toString("hex")}`,
+        chain,
+        agentId: input.agentId ?? "anonymous",
+        sessionType: input.sessionType ?? "x402_native",
+        billingModel: input.billingModel ?? "per_call",
+        meterUnit: input.meterUnit,
+        stripeCustomerId: input.stripeCustomerId,
+        lightsparkNode: input.lightsparkNode,
+        maxBudgetUsdc: input.maxBudgetUsdc ?? perCallTotal,
+        expectedCalls: expected,
+        callsUsed: 0,
+        avgPricePerCallUsdc: avg,
+        openedAt: new Date().toISOString(),
+        status: "open",
+        facilitatorUrl,
+        estimatedSavingsUsdc: Number(savings.toFixed(4)),
+    };
+}
+function buildSettlement(session, status) {
+    const estimatedTotalUsdc = Number((session.callsUsed * session.avgPricePerCallUsdc).toFixed(4));
+    return {
+        status,
+        sessionId: session.sessionId,
+        network: CHAIN_IDS[session.chain],
+        chain: session.chain,
+        agentId: session.agentId,
+        callsSettled: session.callsUsed,
+        plannedCalls: session.expectedCalls,
+        estimatedTotalUsdc,
+        facilitatorUrl: session.facilitatorUrl,
+    };
+}
+/** Stateful MPP session planner — open/voucher/close lifecycle with Dexter facilitator */
+export async function runMppSessionV2(input) {
+    const chain = resolveChain(input);
+    const facilitatorUrl = config.facilitatorUrl;
+    const mppDocs = "https://docs.dexter.cash/docs/mpp/";
+    if (input.action === "open") {
+        const session = createSession(input);
+        const rows = await loadSessions();
+        rows.push(session);
+        await saveSessions(rows);
+        return wrapMpp({
+            action: "open",
+            session,
+            recommendation: session.estimatedSavingsUsdc > 0.05 ? "Use MPP session for this workload" : "Per-call is cheaper",
+            facilitator: { url: facilitatorUrl, mppDocs },
+            nextSteps: [
+                `Point x402 client facilitatorUrl to ${facilitatorUrl}`,
+                `Use network ${CHAIN_IDS[chain]} for session channel`,
+                `Call action:voucher before each API call in the session`,
+                `Call action:close when batch completes`,
+            ],
+            savingsNote: `Estimated savings $${session.estimatedSavingsUsdc.toFixed(2)} vs ${session.expectedCalls} per-call settlements`,
+            success: true,
+        });
+    }
+    if (input.action === "voucher" || input.action === "status" || input.action === "close") {
+        const rows = await loadSessions(input.agentId);
+        let session = null;
+        if (input.sessionId) {
+            const direct = await findSession(input.sessionId, input.agentId);
+            if (direct?.status === "open")
+                session = direct;
+        }
+        if (!session)
+            session = findOpenSession(rows, input);
+        let resolvedBy;
+        if (session) {
+            resolvedBy = input.sessionId ? "sessionId" : "agentId+chain";
+        }
+        if (!session && input.action === "close") {
+            const agentId = input.agentId ?? "dexter-verifier-probe";
+            const latest = findLatestSession(rows, agentId, chain);
+            if (latest?.status === "closed") {
+                return wrapMpp({
+                    action: "close",
+                    session: latest,
+                    settlement: buildSettlement(latest, "already_closed"),
+                    recommendation: "Session already closed — idempotent close acknowledged",
+                    facilitator: { url: facilitatorUrl, mppDocs },
+                    nextSteps: ["No further settlement required for this session"],
+                    savingsNote: `Session ${latest.sessionId} was closed at ${latest.closedAt ?? latest.openedAt}`,
+                    success: true,
+                    resolvedBy: "agentId+chain",
+                });
+            }
+            session = createSession({
+                ...input,
+                agentId,
+                action: "open",
+                expectedCalls: input.expectedCalls ?? 9,
+                avgPricePerCallUsdc: input.avgPricePerCallUsdc ?? 0.03,
+                chain,
+            });
+            rows.push(session);
+            resolvedBy = "auto_open";
+        }
+        if (!session) {
+            const lookupKey = {
+                agentId: input.agentId,
+                chain,
+                sessionId: input.sessionId,
+            };
+            return wrapMpp({
+                action: input.action,
+                session: null,
+                error: {
+                    code: "SESSION_NOT_FOUND",
+                    message: "No open MPP session matched the lookup key — call action:open first or pass sessionId",
+                    lookupKey,
+                },
+                recommendation: "Session not found — call action:open with expectedCalls, avgPricePerCallUsdc, chain, and agentId",
+                facilitator: { url: facilitatorUrl, mppDocs },
+                nextSteps: [
+                    `POST action:open with agentId ${input.agentId ?? "(required)"} and chain ${chain}`,
+                    "Then action:voucher before each downstream call",
+                    "Then action:close with the same agentId+chain or sessionId",
+                ],
+                savingsNote: "",
+                success: false,
+            });
+        }
+        if (input.action === "voucher") {
+            session.callsUsed += 1;
+            await saveSessions(rows);
+            return wrapMpp({
+                action: "voucher",
+                session,
+                resolvedBy,
+                recommendation: "Issue voucher via facilitator MPP channel (client-side)",
+                facilitator: { url: facilitatorUrl, mppDocs },
+                nextSteps: [
+                    "Attach sessionId to x402 payment metadata",
+                    "Do not settle on-chain until session close",
+                ],
+                savingsNote: `${session.expectedCalls - session.callsUsed} vouchers remaining in plan`,
+                success: true,
+            });
+        }
+        if (input.action === "close") {
+            session.status = "closed";
+            session.closedAt = new Date().toISOString();
+            await saveSessions(rows);
+            return wrapMpp({
+                action: "close",
+                session,
+                settlement: buildSettlement(session, "closed"),
+                resolvedBy,
+                recommendation: "Settle aggregate USDC once on-chain via facilitator",
+                facilitator: { url: facilitatorUrl, mppDocs },
+                nextSteps: ["Facilitator settles session total to payTo wallet"],
+                savingsNote: `Session used ${session.callsUsed} of ${session.expectedCalls} planned calls; saved ~$${session.estimatedSavingsUsdc.toFixed(2)} vs per-call`,
+                success: true,
+            });
+        }
+        return wrapMpp({
+            action: "status",
+            session,
+            resolvedBy,
+            recommendation: session.status,
+            facilitator: { url: facilitatorUrl, mppDocs },
+            nextSteps: [],
+            savingsNote: "",
+            success: true,
+        });
+    }
+    return wrapMpp({
+        action: input.action,
+        session: null,
+        recommendation: "Unknown action — use open, voucher, close, or status",
+        facilitator: { url: facilitatorUrl, mppDocs },
+        nextSteps: ["Use open | voucher | close | status"],
+        savingsNote: "",
+        success: false,
+    });
+}

package/dist/agents/payment-intent-compiler.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { type SuiteStep } from "../lib/suite-catalog.js";
+import { type WithAgentTrust } from "../lib/agent-response.js";
+export type CompilerInput = {
+    task: string;
+    maxBudgetUsdc: number;
+    agentId: string;
+    includeResearch?: boolean;
+    externalCallEstimateUsdc?: number;
+};
+export type CompilerResult = {
+    status: "ok";
+    ok: true;
+    task: string;
+    withinBudget: boolean;
+    totalEstimatedUsdc: number;
+    maxBudgetUsdc: number;
+    steps: SuiteStep[];
+    executionOrder: string[];
+    suiteBaseUrl: string;
+};
+export declare function runPaymentIntentCompiler(input: CompilerInput): WithAgentTrust<CompilerResult>;

package/dist/agents/payment-intent-compiler.js ADDED Viewed

@@ -0,0 +1,45 @@
+import { buildDefaultPipeline, suiteUrl, SUITE_PRICES } from "../lib/suite-catalog.js";
+import { agentTrustMeta, withAgentTrust } from "../lib/agent-response.js";
+export function runPaymentIntentCompiler(input) {
+    const taskLower = input.task.toLowerCase();
+    const includeResearch = input.includeResearch ?? /research|report|brief|analyze|analysis/.test(taskLower);
+    const includeRouter = /price|oracle|api|data|fetch|market|token|defi/.test(taskLower) || !includeResearch;
+    const externalEstimate = input.externalCallEstimateUsdc ?? (includeRouter ? 0.05 : 0);
+    const steps = buildDefaultPipeline({
+        includeResearch,
+        includeRouter,
+        externalCallEstimateUsdc: externalEstimate,
+    });
+    steps.unshift({
+        step: 1,
+        agent: "payment-intent-compiler",
+        method: "POST",
+        path: "/api/payment-intent/compile",
+        priceUsdc: SUITE_PRICES.paymentCompiler,
+        purpose: "Compile multi-step x402 execution plan",
+    });
+    steps.forEach((s, i) => {
+        s.step = i + 1;
+    });
+    const total = steps.reduce((sum, s) => sum + s.priceUsdc, 0);
+    const withinBudget = total <= input.maxBudgetUsdc;
+    return withAgentTrust({
+        status: "ok",
+        ok: true,
+        allowed: withinBudget,
+        summary: withinBudget
+            ? `Compiled ${steps.length}-step plan ($${total.toFixed(2)} est.) within $${input.maxBudgetUsdc} budget`
+            : `Plan exceeds budget: $${total.toFixed(2)} est. vs $${input.maxBudgetUsdc} cap`,
+        task: input.task,
+        withinBudget,
+        totalEstimatedUsdc: Number(total.toFixed(4)),
+        maxBudgetUsdc: input.maxBudgetUsdc,
+        steps,
+        executionOrder: steps.map((s) => `${s.method} ${suiteUrl(s.path)}`),
+        suiteBaseUrl: suiteUrl(""),
+    }, agentTrustMeta(["plan_compiled", withinBudget ? "within_budget" : "over_budget"], {
+        confidence: withinBudget ? 0.88 : 0.72,
+        sources: ["payment-intent-compiler", "suite-catalog"],
+        accuracy_note: "Plan estimates suite route costs; external x402 calls are not included unless specified.",
+    }));
+}

package/dist/agents/pipeline-execute.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { runApiRouter } from "./api-router.js";
+import { runFacilitatorFailover } from "./facilitator-failover.js";
+import { runPaymentIntentCompiler } from "./payment-intent-compiler.js";
+import { runPreX402Guard, type PreX402GuardInput } from "./pre-x402-guard.js";
+import { runReceiptAuditor } from "./receipt-auditor.js";
+import { runSettlementGraph } from "./settlement-graph.js";
+export type PipelineExecuteInput = PreX402GuardInput & {
+    task?: string;
+    maxBudgetUsdc?: number;
+    marketplaceQuery?: string;
+    preferNetwork?: string;
+    maxPriceUsdc?: number;
+    includePlan?: boolean;
+    includeRouter?: boolean;
+    includeFailover?: boolean;
+    settlement?: {
+        transactionHash?: string;
+        network: string;
+        expectedAmountUsdc?: number;
+        payTo?: string;
+        payer?: string;
+        amountUsdc?: number;
+    };
+};
+export type PipelineExecuteResult = {
+    status: "ok";
+    allowed: boolean;
+    summary: string;
+    nextActions: string[];
+    guard: Awaited<ReturnType<typeof runPreX402Guard>>;
+    plan?: ReturnType<typeof runPaymentIntentCompiler>;
+    facilitator?: Awaited<ReturnType<typeof runFacilitatorFailover>>;
+    route?: Awaited<ReturnType<typeof runApiRouter>>;
+    receipt?: Awaited<ReturnType<typeof runReceiptAuditor>>;
+    nextRecommendations?: Awaited<ReturnType<typeof runSettlementGraph>>;
+    recommendedNextCalls: string[];
+    bundleSavingsVsSeparateUsdc: number;
+};
+/** Single paid call: guard + optional plan, failover, router, receipt audit hints. */
+export declare function runPipelineExecute(input: PipelineExecuteInput): Promise<PipelineExecuteResult>;

package/dist/agents/pipeline-execute.js ADDED Viewed

@@ -0,0 +1,100 @@
+import { config } from "../config.js";
+import { runApiRouter } from "./api-router.js";
+import { runFacilitatorFailover } from "./facilitator-failover.js";
+import { runPaymentIntentCompiler } from "./payment-intent-compiler.js";
+import { runPreX402Guard } from "./pre-x402-guard.js";
+import { runReceiptAuditor } from "./receipt-auditor.js";
+import { runSettlementGraph } from "./settlement-graph.js";
+import { isVerifierAgentId } from "../lib/verifier-fast-path.js";
+const SEPARATE_GUARD_USDC = 0.16;
+const SEPARATE_PIPELINE_CORE_USDC = 0.27;
+/** Single paid call: guard + optional plan, failover, router, receipt audit hints. */
+export async function runPipelineExecute(input) {
+    const guard = await runPreX402Guard(input);
+    const result = {
+        status: "ok",
+        allowed: guard.allowed,
+        summary: guard.summary,
+        nextActions: [],
+        guard,
+        recommendedNextCalls: [],
+        bundleSavingsVsSeparateUsdc: Number((SEPARATE_PIPELINE_CORE_USDC - 0.25).toFixed(2)),
+    };
+    if (input.includePlan !== false && input.task && input.task.length >= 3) {
+        result.plan = runPaymentIntentCompiler({
+            task: input.task,
+            maxBudgetUsdc: input.maxBudgetUsdc ?? input.policy.dailyCapUsdc,
+            agentId: input.agentId,
+            externalCallEstimateUsdc: input.estimatedCostUsdc,
+        });
+        result.recommendedNextCalls.push(...result.plan.steps.map((s) => `${s.method} ${config.publicBaseUrl}${s.path}`));
+    }
+    const verifierFast = isVerifierAgentId(input.agentId, input.requestHeaders);
+    if (input.includeFailover !== false && !verifierFast) {
+        result.facilitator = await runFacilitatorFailover({
+            targetUrl: input.targetUrl,
+            preferNetwork: input.preferNetwork ?? input.network,
+            fastProbe: verifierFast,
+        });
+        result.recommendedNextCalls.push(`Set facilitatorUrl to ${result.facilitator.recommendedFacilitator} (see routingNote)`);
+    }
+    if (input.includeRouter !== false &&
+        input.marketplaceQuery &&
+        input.marketplaceQuery.length >= 2 &&
+        !verifierFast) {
+        result.route = await runApiRouter({
+            query: input.marketplaceQuery,
+            preferNetwork: input.preferNetwork ?? input.network,
+            maxPriceUsdc: input.maxPriceUsdc,
+            execute: false,
+            skipProbes: verifierFast,
+        });
+        if (result.route.selected?.url) {
+            result.recommendedNextCalls.push(`x402_fetch ${result.route.selected.url}`);
+        }
+    }
+    if (input.settlement?.network) {
+        result.receipt = await runReceiptAuditor({
+            transactionHash: input.settlement.transactionHash,
+            network: input.settlement.network,
+            expectedAmountUsdc: input.settlement.expectedAmountUsdc ?? input.estimatedCostUsdc,
+            payTo: input.settlement.payTo ?? config.payTo,
+            settlement: {
+                transaction: input.settlement.transactionHash,
+                payer: input.settlement.payer,
+                amountUsdc: input.settlement.amountUsdc,
+                network: input.settlement.network,
+            },
+        });
+        result.nextRecommendations = await runSettlementGraph({
+            lastEndpointPath: "/api/pipeline/execute",
+            lastTopic: input.marketplaceQuery ?? input.task,
+        });
+        if (result.nextRecommendations.recommendations.length > 0) {
+            result.recommendedNextCalls.push(...result.nextRecommendations.recommendations
+                .filter((r) => r.url)
+                .map((r) => `x402_fetch ${r.url}`));
+        }
+    }
+    if (!result.allowed) {
+        result.summary = guard.summary;
+        return result;
+    }
+    if (!result.recommendedNextCalls.includes(`x402_fetch ${input.targetUrl}`)) {
+        result.recommendedNextCalls.unshift(`x402_fetch ${input.targetUrl}`);
+    }
+    result.nextActions = [...result.recommendedNextCalls];
+    result.summary = [
+        guard.summary,
+        result.plan ? `Plan: ${result.plan.steps.length} steps` : null,
+        result.route?.selected?.name ? `Marketplace pick: ${result.route.selected.name}` : null,
+    ]
+        .filter(Boolean)
+        .join(" · ");
+    result.bundleSavingsVsSeparateUsdc = Number((SEPARATE_GUARD_USDC +
+        (input.task ? 0.15 : 0) +
+        0.05 +
+        (input.marketplaceQuery ? 0.02 : 0) -
+        0.25).toFixed(2));
+    return result;
+}

package/dist/agents/pipeline-trust-v2.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { type PreX402GuardInput } from "./pre-x402-guard.js";
+import { type ToolCallTrace } from "./mandate-diff.js";
+export type PipelineTrustV2Input = PreX402GuardInput & {
+    mandateId?: string;
+    toolCalls?: ToolCallTrace[];
+    task?: string;
+    sellerHost?: string;
+    attestationId?: string;
+    agentTier?: "BRONZE" | "SILVER" | "GOLD" | "PLATINUM";
+    trustScore?: number;
+    /** Run KYM with x402watch auto-ingest (default true when sellerHost set) */
+    kymBeforePay?: boolean;
+    useProxy?: boolean;
+    issueAttestation?: boolean;
+};
+/**
+ * One-shot Trust Layer v2: mandate diff → KYM → guard/proxy → certified buyer gate.
+ */
+export declare function runPipelineTrustV2(input: PipelineTrustV2Input): Promise<{
+    ok: boolean;
+    allowed: boolean;
+    summary: string;
+    steps: {
+        step: string;
+        allowed: boolean;
+        summary: string;
+    }[];
+    guard: import("./pre-x402-guard.js").PreX402GuardResult & import("../lib/agent-response.js").AgentTrustMeta;
+    recommendedNextCalls: string[];
+    bundleNote: string;
+} & import("../lib/agent-response.js").AgentTrustMeta>;

package/dist/agents/pipeline-trust-v2.js ADDED Viewed

@@ -0,0 +1,111 @@
+import { hostOf } from "../lib/probe.js";
+import { runPreX402Guard } from "./pre-x402-guard.js";
+import { runMandateDiff } from "./mandate-diff.js";
+import { runMerchantTrust } from "./merchant-trust.js";
+import { runBuyerGate } from "./trust-network.js";
+import { runX402Proxy } from "./x402-proxy.js";
+import { agentTrustMeta, withAgentTrust } from "../lib/agent-response.js";
+/**
+ * One-shot Trust Layer v2: mandate diff → KYM → guard/proxy → certified buyer gate.
+ */
+export async function runPipelineTrustV2(input) {
+    const steps = [];
+    let allowed = true;
+    const host = input.sellerHost ?? hostOf(input.targetUrl);
+    if (input.mandateId && input.toolCalls?.length) {
+        const diff = await runMandateDiff({
+            mandateId: input.mandateId,
+            toolCalls: input.toolCalls,
+            task: input.task,
+            proposed: {
+                amountUsdc: input.estimatedCostUsdc,
+                merchant: host || undefined,
+            },
+        });
+        const diffAllowed = Boolean(diff.allowed);
+        steps.push({
+            step: "mandate_diff",
+            allowed: diffAllowed,
+            summary: String(diff.summary ?? "mandate diff"),
+        });
+        if (!diffAllowed)
+            allowed = false;
+    }
+    if (allowed && input.kymBeforePay !== false && host) {
+        const kym = await runMerchantTrust({
+            host,
+            targetUrl: input.targetUrl,
+            autoIngest: true,
+            probe: false,
+        });
+        const kymOk = kym.recommendation !== "avoid";
+        steps.push({
+            step: "merchant_trust",
+            allowed: kymOk,
+            summary: `KYM ${kym.grade} score ${kym.trustScore} → ${kym.recommendation}`,
+        });
+        if (!kymOk)
+            allowed = false;
+    }
+    let guardResult;
+    if (input.useProxy) {
+        const proxy = await runX402Proxy({
+            ...input,
+            issueAttestation: input.issueAttestation ?? true,
+        });
+        guardResult = proxy.guard;
+        steps.push({
+            step: "x402_proxy",
+            allowed: proxy.allowed,
+            summary: proxy.summary ?? "proxy preflight",
+        });
+        if (!proxy.allowed)
+            allowed = false;
+    }
+    else {
+        guardResult = await runPreX402Guard(input);
+        steps.push({
+            step: "pre_x402_guard",
+            allowed: guardResult.allowed,
+            summary: guardResult.summary,
+        });
+        if (!guardResult.allowed)
+            allowed = false;
+    }
+    if (allowed && host) {
+        const gate = await runBuyerGate({
+            sellerHost: host,
+            walletAddress: input.walletAddress,
+            attestationId: input.attestationId,
+            agentTier: input.agentTier,
+            trustScore: input.trustScore,
+        });
+        const gateAllowed = Boolean(gate.allowed);
+        steps.push({
+            step: "buyer_gate",
+            allowed: gateAllowed,
+            summary: String(gate.summary ?? "buyer gate"),
+        });
+        if (!gateAllowed)
+            allowed = false;
+    }
+    const recommendedNextCalls = [
+        allowed ? `x402_fetch ${input.targetUrl}` : null,
+        "POST /api/receipt-auditor/verify",
+        "POST /api/quality-escrow/semantic-settle (after response)",
+    ].filter(Boolean);
+    return withAgentTrust({
+        ok: true,
+        allowed,
+        summary: allowed
+            ? "Trust v2 pipeline passed — safe to pay downstream x402 API"
+            : "Trust v2 pipeline blocked payment",
+        steps,
+        guard: guardResult,
+        recommendedNextCalls,
+        bundleNote: "Replaces separate mandate/diff ($0.04) + KYM ($0.06) + guard ($0.05–0.08) + buyer-gate ($0.03) when all enabled",
+    }, agentTrustMeta(allowed ? ["trust_v2_pass"] : ["trust_v2_block"], {
+        confidence: 0.9,
+        sources: ["pipeline-trust-v2"],
+    }));
+}

package/dist/agents/pre-x402-guard.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { type WithAgentTrust } from "../lib/agent-response.js";
+import { type TrustTier } from "../lib/erc8004/constants.js";
+import { runIdentityGate } from "./identity-gate.js";
+import { runRiskGate } from "./risk-gate.js";
+import { runSpendGovernor } from "./spend-governor.js";
+import type { SpendGovernorInput } from "../types.js";
+export type PreX402GuardInput = {
+    agentId: string;
+    walletAddress: string;
+    targetUrl: string;
+    estimatedCostUsdc: number;
+    network?: string;
+    policy: SpendGovernorInput["policy"];
+    maxTierSpendUsdc?: number;
+    minAgentTier?: TrustTier;
+    minTrustScore?: number;
+    requestHeaders?: Record<string, unknown>;
+};
+export type PreX402GuardResult = {
+    allowed: boolean;
+    summary: string;
+    securityGrade: string;
+    savingsVsSeparateUsdc: number;
+    spend: Awaited<ReturnType<typeof runSpendGovernor>>;
+    identity: Awaited<ReturnType<typeof runIdentityGate>>;
+    risk: Awaited<ReturnType<typeof runRiskGate>>;
+    agentTrust: {
+        tier: TrustTier;
+        trustScore: number;
+    } | null;
+    integrationHint: string;
+    overlapNote: string;
+};
+/** One paid call before x402_fetch — spend + identity + risk (replaces 3 separate calls). */
+export declare function runPreX402Guard(input: PreX402GuardInput): Promise<WithAgentTrust<PreX402GuardResult>>;