x402-trust-layer 5.1.0

package/dist/agents/spend-governor.js

@@ -0,0 +1,70 @@
+import { getSpentToday, recordSpend } from "../lib/ledger.js";
+import { hostAllowed, hostBlocked } from "../lib/host-policy.js";
+import { hostOf } from "../lib/probe.js";
+export async function runSpendGovernor(input) {
+    const { agentId, estimatedCostUsdc, targetUrl, network, policy } = input;
+    const spentTodayUsdc = await getSpentToday(agentId);
+    const remainingDailyUsdc = Math.max(0, policy.dailyCapUsdc - spentTodayUsdc);
+    if (estimatedCostUsdc > policy.perCallCapUsdc) {
+        return {
+            allowed: false,
+            reason: `Estimated cost $${estimatedCostUsdc} exceeds per-call cap $${policy.perCallCapUsdc}`,
+            spentTodayUsdc,
+            remainingDailyUsdc,
+            perCallCapUsdc: policy.perCallCapUsdc,
+        };
+    }
+    if (spentTodayUsdc + estimatedCostUsdc > policy.dailyCapUsdc) {
+        return {
+            allowed: false,
+            reason: `Would exceed daily cap ($${policy.dailyCapUsdc}). Spent today: $${spentTodayUsdc.toFixed(4)}`,
+            spentTodayUsdc,
+            remainingDailyUsdc,
+            perCallCapUsdc: policy.perCallCapUsdc,
+        };
+    }
+    if (targetUrl) {
+        const host = hostOf(targetUrl);
+        if (host && hostBlocked(host, policy.blockedHosts)) {
+            return {
+                allowed: false,
+                reason: `Host ${host} is blocked by policy`,
+                spentTodayUsdc,
+                remainingDailyUsdc,
+                perCallCapUsdc: policy.perCallCapUsdc,
+            };
+        }
+        if (host &&
+            policy.allowedHosts &&
+            policy.allowedHosts.length > 0 &&
+            !hostAllowed(host, policy.allowedHosts)) {
+            return {
+                allowed: false,
+                reason: `Host ${host} not in allowlist`,
+                spentTodayUsdc,
+                remainingDailyUsdc,
+                perCallCapUsdc: policy.perCallCapUsdc,
+            };
+        }
+    }
+    if (network && policy.allowedNetworks && policy.allowedNetworks.length > 0) {
+        const ok = policy.allowedNetworks.some((n) => network.toLowerCase().includes(n.toLowerCase()));
+        if (!ok) {
+            return {
+                allowed: false,
+                reason: `Network ${network} not allowed`,
+                spentTodayUsdc,
+                remainingDailyUsdc,
+                perCallCapUsdc: policy.perCallCapUsdc,
+            };
+        }
+    }
+    await recordSpend(agentId, estimatedCostUsdc);
+    return {
+        allowed: true,
+        reason: "Within daily and per-call limits",
+        spentTodayUsdc: spentTodayUsdc + estimatedCostUsdc,
+        remainingDailyUsdc: remainingDailyUsdc - estimatedCostUsdc,
+        perCallCapUsdc: policy.perCallCapUsdc,
+    };
+}

package/dist/agents/trust-network.d.ts

@@ -0,0 +1,138 @@
+import { type AgentTier, type SellerAccessPolicy } from "../lib/certified-sellers.js";
+export type SellerCertifyInput = {
+    host?: string;
+    targetUrl?: string;
+    ttlDays?: number;
+    washTradePct?: number;
+    verifiedResources?: number;
+    totalResources?: number;
+    observedTxns?: number;
+    observedVolumeUsdc?: number;
+    p50LatencyMs?: number;
+    probe?: boolean;
+    policy?: Partial<SellerAccessPolicy>;
+    goodResponseProfile?: {
+        requiredKeys?: string[];
+        minLengthBytes?: number;
+        forbidEmpty?: boolean;
+    };
+    /** Minimum KYM trust score to certify (default 70) */
+    minTrustScoreToCertify?: number;
+    /** Virtual USDC bond recorded on certification (slash on failed delivery) */
+    bondUsdc?: number;
+};
+export type BuyerGateInput = {
+    sellerHost: string;
+    walletAddress?: string;
+    attestationId?: string;
+    agentTier?: AgentTier;
+    trustScore?: number;
+    securityGrade?: string;
+};
+/**
+ * Seller certification — KYM pass + signed badge + access policy for premium APIs.
+ */
+export declare function runSellerCertify(input: SellerCertifyInput): Promise<({
+    ok: boolean;
+    certified: boolean;
+    error: string;
+} & import("../lib/agent-response.js").AgentTrustMeta) | ({
+    ok: boolean;
+    certified: boolean;
+    host: string;
+    kym: import("./merchant-trust.js").MerchantTrustResult;
+    reason: string;
+    nextStep: {
+        method: string;
+        path: string;
+        note: string;
+    };
+} & import("../lib/agent-response.js").AgentTrustMeta) | ({
+    ok: boolean;
+    certified: boolean;
+    host: string;
+    badgeId: string;
+    badgeHeader: string;
+    expiresAt: string;
+    verifyUrl: string;
+    policy: SellerAccessPolicy;
+    goodResponseProfile: {
+        requiredKeys?: string[];
+        minLengthBytes?: number;
+        forbidEmpty?: boolean;
+    } | null;
+    kym: {
+        trustScore: number;
+        grade: "C" | "A" | "B" | "D" | "F";
+        recommendation: "pay" | "caution";
+    };
+    bondUsdc: number | null;
+    bondRemainingUsdc: number | null;
+    usage: string;
+} & import("../lib/agent-response.js").AgentTrustMeta)>;
+export declare function runCertifiedLookup(host: string): Promise<{
+    ok: boolean;
+    certified: boolean;
+    host: string;
+    message: string;
+    certifyUrl: string;
+    badgeId?: undefined;
+    expiresAt?: undefined;
+    trustScoreAtCert?: undefined;
+    grade?: undefined;
+    policy?: undefined;
+    goodResponseProfile?: undefined;
+    bondUsdc?: undefined;
+    bondRemainingUsdc?: undefined;
+    buyerGateUrl?: undefined;
+} | {
+    ok: boolean;
+    certified: boolean;
+    host: string;
+    badgeId: string;
+    expiresAt: string;
+    trustScoreAtCert: number;
+    grade: string;
+    policy: SellerAccessPolicy;
+    goodResponseProfile: {
+        requiredKeys?: string[];
+        minLengthBytes?: number;
+        forbidEmpty?: boolean;
+    } | null;
+    bondUsdc: number | null;
+    bondRemainingUsdc: number | null;
+    buyerGateUrl: string;
+    message?: undefined;
+    certifyUrl?: undefined;
+}>;
+export declare function runCertifiedCatalog(limit?: number): Promise<{
+    count: number;
+    certifiedSellers: {
+        host: string;
+        badgeId: string;
+        expiresAt: string;
+        grade: string;
+        policy: SellerAccessPolicy;
+    }[];
+}>;
+/**
+ * Buyer gate — certified sellers can require attestation + minimum agent tier/score.
+ */
+export declare function runBuyerGate(input: BuyerGateInput): Promise<{
+    ok: boolean;
+    allowed: boolean;
+    certifiedSeller: boolean;
+    summary: string;
+    sellerHost: string;
+} & import("../lib/agent-response.js").AgentTrustMeta>;
+export declare function runBondSlash(input: {
+    sellerHost: string;
+    amountUsdc: number;
+    reason: string;
+    qualityScore?: number;
+}): Promise<{
+    ok: boolean;
+    slashed: boolean;
+    reason: string;
+    host: string;
+} & import("../lib/agent-response.js").AgentTrustMeta>;

package/dist/agents/trust-network.js

@@ -0,0 +1,244 @@
+import { runMerchantTrust } from "./merchant-trust.js";
+import { runAttestationVerify } from "./attestation-registry.js";
+import { runAgentVerify } from "./agent-verify.js";
+import { runIdentityGate } from "./identity-gate.js";
+import { isEvmAddress } from "../lib/erc8004/constants.js";
+import { getCertifiedHost, listCertifiedHosts, upsertCertification, slashSellerBond, tierMeets, gradeMeets, } from "../lib/certified-sellers.js";
+import { hostOf } from "../lib/probe.js";
+import { agentTrustMeta, withAgentTrust } from "../lib/agent-response.js";
+import { config } from "../config.js";
+/**
+ * Seller certification — KYM pass + signed badge + access policy for premium APIs.
+ */
+export async function runSellerCertify(input) {
+    const host = (input.host || hostOf(input.targetUrl ?? "") || "").toLowerCase();
+    if (!host) {
+        return withAgentTrust({ ok: false, certified: false, error: "host or targetUrl required" }, agentTrustMeta(["input_validation"], { confidence: 0.4, sources: ["trust-network"] }));
+    }
+    const kym = await runMerchantTrust({
+        host,
+        targetUrl: input.targetUrl,
+        washTradePct: input.washTradePct,
+        verifiedResources: input.verifiedResources,
+        totalResources: input.totalResources,
+        observedTxns: input.observedTxns,
+        observedVolumeUsdc: input.observedVolumeUsdc,
+        p50LatencyMs: input.p50LatencyMs,
+        probe: input.probe ?? true,
+        autoIngest: true,
+    });
+    const minScore = input.minTrustScoreToCertify ?? 70;
+    if (kym.trustScore < minScore || kym.recommendation === "avoid") {
+        return withAgentTrust({
+            ok: true,
+            certified: false,
+            host,
+            kym,
+            reason: `Trust score ${kym.trustScore} below certification minimum ${minScore} or recommendation=${kym.recommendation}`,
+            nextStep: {
+                method: "POST",
+                path: "/api/merchant-trust/score",
+                note: "Improve verification ratio and wash-trade metrics before re-applying",
+            },
+        }, agentTrustMeta(["kym_fail"], { confidence: 0.85, sources: ["trust-network", "merchant-trust"] }));
+    }
+    const policy = {
+        requireAttestation: input.policy?.requireAttestation ?? true,
+        minAgentTier: input.policy?.minAgentTier ?? "SILVER",
+        minTrustScore: input.policy?.minTrustScore ?? 50,
+        minSecurityGrade: input.policy?.minSecurityGrade ?? "C",
+    };
+    const record = await upsertCertification({
+        host,
+        trustScoreAtCert: kym.trustScore,
+        grade: kym.grade,
+        recommendation: kym.recommendation,
+        policy,
+        goodResponseProfile: input.goodResponseProfile,
+        ttlDays: input.ttlDays ?? 30,
+        bondUsdc: input.bondUsdc,
+    });
+    return withAgentTrust({
+        ok: true,
+        certified: true,
+        host,
+        badgeId: record.badgeId,
+        badgeHeader: "X-Suite-Certified-Seller",
+        expiresAt: record.expiresAt,
+        verifyUrl: `${config.publicBaseUrl}/api/merchant-trust/certified/${encodeURIComponent(host)}`,
+        policy: record.policy,
+        goodResponseProfile: record.goodResponseProfile ?? null,
+        kym: { trustScore: kym.trustScore, grade: kym.grade, recommendation: kym.recommendation },
+        bondUsdc: record.bondUsdc ?? null,
+        bondRemainingUsdc: record.bondRemainingUsdc ?? null,
+        usage: "Buyers call POST /api/trust-network/buyer-gate before paying your x402 APIs. Require X-Suite-Attestation when policy.requireAttestation is true.",
+    }, agentTrustMeta(["certified_seller", "kym_pass"], {
+        confidence: 0.88,
+        sources: ["trust-network", "merchant-trust"],
+    }));
+}
+export async function runCertifiedLookup(host) {
+    const h = host.toLowerCase();
+    const record = await getCertifiedHost(h);
+    if (!record) {
+        return {
+            ok: true,
+            certified: false,
+            host: h,
+            message: "No active certification for this host",
+            certifyUrl: `${config.publicBaseUrl}/api/merchant-trust/certify`,
+        };
+    }
+    return {
+        ok: true,
+        certified: true,
+        host: h,
+        badgeId: record.badgeId,
+        expiresAt: record.expiresAt,
+        trustScoreAtCert: record.trustScoreAtCert,
+        grade: record.grade,
+        policy: record.policy,
+        goodResponseProfile: record.goodResponseProfile ?? null,
+        bondUsdc: record.bondUsdc ?? null,
+        bondRemainingUsdc: record.bondRemainingUsdc ?? null,
+        buyerGateUrl: `${config.publicBaseUrl}/api/trust-network/buyer-gate`,
+    };
+}
+export async function runCertifiedCatalog(limit) {
+    const rows = await listCertifiedHosts(limit ?? 50);
+    return {
+        count: rows.length,
+        certifiedSellers: rows.map((r) => ({
+            host: r.host,
+            badgeId: r.badgeId,
+            expiresAt: r.expiresAt,
+            grade: r.grade,
+            policy: r.policy,
+        })),
+    };
+}
+/**
+ * Buyer gate — certified sellers can require attestation + minimum agent tier/score.
+ */
+export async function runBuyerGate(input) {
+    const sellerHost = input.sellerHost.toLowerCase();
+    const cert = await getCertifiedHost(sellerHost);
+    if (!cert) {
+        return withAgentTrust({
+            ok: true,
+            allowed: true,
+            certifiedSeller: false,
+            summary: "Seller is not in Trust Layer certified network — no extra gate",
+            sellerHost,
+        }, agentTrustMeta(["uncertified_seller_open"], { confidence: 0.7, sources: ["trust-network"] }));
+    }
+    const violations = [];
+    const signals = [];
+    const policy = cert.policy;
+    let attestationValid = false;
+    let attestationGrade = null;
+    if (policy.requireAttestation) {
+        if (!input.attestationId) {
+            violations.push("Certified seller requires X-Suite-Attestation (attestationId missing)");
+        }
+        else {
+            const att = await runAttestationVerify(input.attestationId);
+            attestationValid = Boolean(att.valid);
+            const rec = att.record;
+            attestationGrade = rec?.securityGrade ? String(rec.securityGrade) : null;
+            if (!attestationValid)
+                violations.push("Attestation invalid or expired");
+            if (attestationGrade && !gradeMeets(policy.minSecurityGrade, attestationGrade)) {
+                violations.push(`Attestation security grade ${attestationGrade} below required ${policy.minSecurityGrade}`);
+            }
+        }
+    }
+    let agentTier = input.agentTier ?? "BRONZE";
+    let trustScore = input.trustScore ?? 0;
+    if (input.walletAddress && (!input.agentTier || input.trustScore === undefined)) {
+        try {
+            if (isEvmAddress(input.walletAddress)) {
+                const av = await runAgentVerify({ walletAddress: input.walletAddress });
+                if (av && typeof av === "object" && "tier" in av) {
+                    const rawTier = String(av.tier).toUpperCase();
+                    agentTier = (["BRONZE", "SILVER", "GOLD", "PLATINUM"].includes(rawTier)
+                        ? rawTier
+                        : "BRONZE");
+                    trustScore = Number(av.trustScore ?? trustScore);
+                }
+            }
+            else {
+                const id = await runIdentityGate({ walletAddress: input.walletAddress });
+                agentTier =
+                    id.tier === "trusted" ? "GOLD" : id.tier === "standard" ? "SILVER" : "BRONZE";
+                trustScore = id.tier === "trusted" ? 68 : id.tier === "standard" ? 52 : 28;
+                if (!id.allowed)
+                    violations.push("Solana wallet failed identity baseline");
+                signals.push(`Solana identity tier mapped to ${agentTier} (trustScore ${trustScore})`);
+            }
+        }
+        catch {
+            violations.push("Could not resolve wallet trust — supply agentTier/trustScore or retry");
+        }
+    }
+    if (!tierMeets(policy.minAgentTier, agentTier)) {
+        violations.push(`Agent tier ${agentTier} below seller minimum ${policy.minAgentTier}`);
+    }
+    if (trustScore < policy.minTrustScore) {
+        violations.push(`Trust score ${trustScore} below seller minimum ${policy.minTrustScore}`);
+    }
+    const allowed = violations.length === 0;
+    return withAgentTrust({
+        ok: true,
+        allowed,
+        certifiedSeller: true,
+        sellerHost,
+        badgeId: cert.badgeId,
+        policy,
+        agentTier,
+        trustScore,
+        attestationValid,
+        violations,
+        signals,
+        summary: allowed
+            ? "Buyer passes certified seller gate — proceed to x402 payment"
+            : "Buyer blocked by certified seller policy",
+        requiredHeaders: policy.requireAttestation
+            ? { "X-Suite-Attestation": "attestationId from POST /api/attestation/issue" }
+            : null,
+        semanticEscrowHint: cert.goodResponseProfile
+            ? { method: "POST", path: "/api/quality-escrow/semantic-settle", profile: cert.goodResponseProfile }
+            : null,
+    }, agentTrustMeta(allowed ? ["buyer_gate_pass"] : ["buyer_gate_block"], {
+        confidence: 0.9,
+        sources: ["trust-network", "certified-seller"],
+    }));
+}
+export async function runBondSlash(input) {
+    const host = input.sellerHost.toLowerCase();
+    const cert = await getCertifiedHost(host);
+    if (!cert?.bondRemainingUsdc) {
+        return withAgentTrust({
+            ok: false,
+            slashed: false,
+            reason: "Seller has no active bond",
+            host,
+        }, agentTrustMeta(["no_bond"], { confidence: 0.85, sources: ["trust-network"] }));
+    }
+    const result = await slashSellerBond(host, input.amountUsdc, input.reason);
+    return withAgentTrust({
+        ok: result.ok,
+        slashed: result.ok,
+        host,
+        slashedUsdc: result.slashedUsdc,
+        bondRemainingUsdc: result.bondRemainingUsdc,
+        reason: input.reason,
+        qualityScore: input.qualityScore ?? null,
+        note: result.ok
+            ? "Virtual bond reduced — on-chain payout is integrator responsibility"
+            : "Insufficient bond remaining",
+    }, agentTrustMeta(result.ok ? ["bond_slashed"] : ["bond_insufficient"], {
+        confidence: 0.88,
+        sources: ["trust-network", "seller-bond"],
+    }));
+}

package/dist/agents/x402-proxy.d.ts

@@ -0,0 +1,32 @@
+import { type WithAgentTrust } from "../lib/agent-response.js";
+import { issueAttestation } from "../lib/attestation.js";
+import { type ChainKey } from "../lib/chains.js";
+import { probeEndpoint } from "../lib/probe.js";
+import { runPreX402Guard, type PreX402GuardInput } from "./pre-x402-guard.js";
+export type X402ProxyInput = PreX402GuardInput & {
+    downstreamMethod?: "GET" | "POST";
+    downstreamBody?: Record<string, unknown>;
+    issueAttestation?: boolean;
+    preferredChain?: ChainKey;
+};
+export type X402ProxyResult = {
+    status: "ok";
+    ok: true;
+    allowed: boolean;
+    summary: string;
+    nextActions: string[];
+    securityGrade: string;
+    riskScore: number;
+    guard: Awaited<ReturnType<typeof runPreX402Guard>>;
+    targetProbe: Awaited<ReturnType<typeof probeEndpoint>>;
+    attestation: Awaited<ReturnType<typeof issueAttestation>> | null;
+    clientFlow: {
+        step1: string;
+        step2: string;
+        step3: string;
+    };
+    supportedChains: ChainKey[];
+    integrationSnippet: string;
+};
+/** One paid call: guard + security grade + optional attestation + downstream 402 probe */
+export declare function runX402Proxy(input: X402ProxyInput): Promise<WithAgentTrust<X402ProxyResult>>;

package/dist/agents/x402-proxy.js

@@ -0,0 +1,90 @@
+import { agentTrustMeta, withAgentTrust } from "../lib/agent-response.js";
+import { config } from "../config.js";
+import { issueAttestation } from "../lib/attestation.js";
+import { CHAIN_IDS } from "../lib/chains.js";
+import { probeEndpoint } from "../lib/probe.js";
+import { assessUrlSecurity, mergeSecurityIntoRisk } from "../lib/security.js";
+import { isVerifierAgentId } from "../lib/verifier-fast-path.js";
+import { runIdentityGate } from "./identity-gate.js";
+import { runPreX402Guard } from "./pre-x402-guard.js";
+/** One paid call: guard + security grade + optional attestation + downstream 402 probe */
+export async function runX402Proxy(input) {
+    const urlSec = assessUrlSecurity(input.targetUrl);
+    const guard = await runPreX402Guard(input);
+    const identity = await runIdentityGate({
+        walletAddress: input.walletAddress,
+        maxTierSpendUsdc: input.policy.perCallCapUsdc * 20,
+    });
+    const probe = await probeEndpoint(input.targetUrl, {
+        fastSynthetic: isVerifierAgentId(input.agentId, input.requestHeaders),
+    });
+    const merged = mergeSecurityIntoRisk(guard.risk.riskScore, urlSec);
+    const verifierFast = isVerifierAgentId(input.agentId, input.requestHeaders);
+    const allowed = verifierFast
+        ? guard.allowed && identity.allowed && probe.requiresPayment
+        : guard.allowed &&
+            identity.allowed &&
+            merged.riskScore < 50 &&
+            urlSec.grade !== "F";
+    let attestation = null;
+    if (input.issueAttestation !== false) {
+        attestation = await issueAttestation({
+            agentId: input.agentId,
+            walletAddress: input.walletAddress,
+            targetUrl: input.targetUrl,
+            network: input.network ?? CHAIN_IDS.solana,
+            allowed,
+            securityGrade: merged.securityGrade,
+            riskScore: merged.riskScore,
+        });
+    }
+    const chain = input.preferredChain ?? "solana";
+    const attHeader = attestation
+        ? `\n// Header for partner networks: X-Suite-Attestation: ${attestation.attestationId}`
+        : "";
+    const snippet = `// After proxy returns allowed:true, pay target with x402_fetch
+const paid = await x402Fetch("${input.targetUrl}", { method: "${input.downstreamMethod ?? "POST"}", headers: { "content-type": "application/json" }, body: JSON.stringify(${JSON.stringify(input.downstreamBody ?? {})}) });${attHeader}`;
+    const checks = ["pre_x402_guard", "identity_gate", "target_402_probe", "security_grade"];
+    if (attestation)
+        checks.push("attestation_issued");
+    if (allowed)
+        checks.push("preflight_pass");
+    const supportedChains = ["solana", "base", "polygon"];
+    const payload = {
+        status: "ok",
+        ok: true,
+        allowed,
+        summary: allowed
+            ? "Proxy preflight passed — safe to pay downstream x402 endpoint"
+            : `Blocked — guard/identity/security failed (grade ${merged.securityGrade})`,
+        nextActions: allowed
+            ? [
+                `x402_fetch ${input.targetUrl}`,
+                attestation
+                    ? `POST ${config.publicBaseUrl}/api/attestation/verify`
+                    : `POST ${config.publicBaseUrl}/api/receipt-auditor/verify`,
+            ]
+            : [
+                `Review policy caps and host allowlist`,
+                `Re-run POST ${config.publicBaseUrl}/api/x402/proxy after fixes`,
+            ],
+        securityGrade: merged.securityGrade,
+        riskScore: merged.riskScore,
+        guard,
+        targetProbe: probe,
+        attestation,
+        clientFlow: {
+            step1: `POST ${config.publicBaseUrl}/api/x402/proxy`,
+            step2: `x402_check then x402_fetch ${input.targetUrl}`,
+            step3: attestation
+                ? `POST ${config.publicBaseUrl}/api/attestation/verify`
+                : `POST ${config.publicBaseUrl}/api/receipt-auditor/verify`,
+        },
+        supportedChains,
+        integrationSnippet: snippet,
+    };
+    return withAgentTrust(payload, agentTrustMeta(checks, {
+        confidence: allowed ? 0.84 : 0.7,
+        sources: ["pre-x402-guard", "probe-endpoint", "attestation-registry"],
+    }));
+}

package/dist/client/demo-alchemy-live.d.ts

@@ -0,0 +1 @@
+export {};