xytara 2.2.0 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/RELEASE_NOTES.md +16 -10
  2. package/lib/account_auth.js +347 -1
  3. package/lib/capability_registry.js +572 -0
  4. package/lib/command_flow.js +20 -1
  5. package/lib/commerce_authority.js +449 -0
  6. package/lib/commerce_client.js +38 -0
  7. package/lib/commerce_economics.js +2471 -1
  8. package/lib/commerce_identity.js +578 -0
  9. package/lib/commerce_runtime.js +4 -0
  10. package/lib/identity_auth.js +175 -0
  11. package/lib/operator_intelligence.js +90 -0
  12. package/lib/partner_intelligence.js +105 -0
  13. package/package.json +1 -1
  14. package/server.js +1308 -59
package/server.js CHANGED
@@ -64,6 +64,15 @@ const {
64
64
  previewRailCredits,
65
65
  applyRailCredits,
66
66
  buildCreditBalanceSummary,
67
+ buildWalletSummary,
68
+ buildWalletLifecycleSummary,
69
+ buildWalletReserveSummary,
70
+ buildWalletCommitSummary,
71
+ buildWalletLedgerBundle,
72
+ buildWalletLedgerSummary,
73
+ applyWalletLifecycleEvent,
74
+ buildEconomicsIntelligenceSummary,
75
+ buildTreasuryIntelligenceSummary,
67
76
  buildTreasurySummary,
68
77
  buildLedgerExport,
69
78
  buildTreasuryDrilldown,
@@ -74,6 +83,56 @@ const {
74
83
  buildPolicySummary,
75
84
  buildAccountCreditSpendPolicyPack,
76
85
  buildAgentCreditSpendPolicyView,
86
+ buildPricingPolicySummary,
87
+ buildPricingPolicyOperatorBundle,
88
+ buildPricingPolicyPack,
89
+ buildPricingPolicyApplicationSummary,
90
+ buildPricingPolicyPackage,
91
+ buildQuotePolicyDecisionSummary,
92
+ buildPricingBandDecisionSummary,
93
+ buildQuotePolicyOperatorBundle,
94
+ summarizeQuotePolicyOperatorBundle,
95
+ buildQuotePolicyPack,
96
+ summarizeQuotePolicyPack,
97
+ buildQuotePolicyApplicationSummary,
98
+ buildQuotePolicyPackage,
99
+ summarizeQuotePolicyPackage,
100
+ buildTrustInputSummary,
101
+ buildTrustLayerSummary,
102
+ buildTrustLayerOperatorBundle,
103
+ summarizeTrustLayerOperatorBundle,
104
+ buildTrustLayerPolicyPack,
105
+ summarizeTrustLayerPolicyPack,
106
+ buildTrustLayerApplicationSummary,
107
+ buildTrustLayerPackage,
108
+ summarizeTrustLayerPackage,
109
+ listNetworkParticipants,
110
+ getNetworkParticipant,
111
+ buildNetworkParticipationAdmissionPreview,
112
+ createNetworkParticipant,
113
+ buildNetworkParticipationReviewBundle,
114
+ buildNetworkParticipationAttentionSummary,
115
+ buildNetworkParticipationSummary,
116
+ buildNetworkParticipationOperatorBundle,
117
+ buildNetworkParticipationPackage,
118
+ listMultiOperatorParticipants,
119
+ getMultiOperatorParticipant,
120
+ buildMultiOperatorAdmissionPreview,
121
+ createMultiOperatorParticipant,
122
+ renewMultiOperatorParticipant,
123
+ revokeMultiOperatorParticipant,
124
+ rotateMultiOperatorParticipant,
125
+ buildMultiOperatorParticipantRotationSummary,
126
+ buildMultiOperatorReviewBundle,
127
+ buildMultiOperatorAttentionSummary,
128
+ buildMultiOperatorParticipationSummary,
129
+ buildMultiOperatorParticipationOperatorBundle,
130
+ summarizeMultiOperatorParticipationOperatorBundle,
131
+ buildMultiOperatorParticipationPolicyPack,
132
+ summarizeMultiOperatorParticipationPolicyPack,
133
+ buildMultiOperatorParticipationApplicationSummary,
134
+ buildMultiOperatorParticipationPackage,
135
+ summarizeMultiOperatorParticipationPackage,
77
136
  buildRailSummary,
78
137
  buildEntitlementSummary,
79
138
  buildEntitlementReplenishmentSummary,
@@ -108,17 +167,60 @@ const {
108
167
  buildOperatorExportPack,
109
168
  buildReconciliationReport
110
169
  } = require("./lib/commerce_reports");
170
+ const {
171
+ buildAuthoritySummary,
172
+ buildAuthorityBundle,
173
+ buildAuthorityUsageSummary,
174
+ buildAuthorityReviewBundle,
175
+ buildAuthorityAttentionSummary,
176
+ buildAuthorityLineageSummary,
177
+ buildAuthorityPolicyPack,
178
+ buildAuthorityPolicyPackSummary
179
+ } = require("./lib/commerce_authority");
180
+ const {
181
+ buildMachineIdentitySummary,
182
+ buildMachineIdentityBundle,
183
+ buildMachineIdentityAttachmentSummary,
184
+ buildMachineIdentityLineageSummary,
185
+ buildMachineIdentityBindingLineageSummary,
186
+ buildMachineIdentityProfile,
187
+ buildMachineIdentityPolicyPack,
188
+ buildMachineIdentityPolicyPackSummary,
189
+ buildMachineIdentityPolicyApplicationSummary,
190
+ buildMachineIdentityReviewBundle,
191
+ buildMachineIdentityAttentionSummary,
192
+ buildMachineIdentityOperatorBundle
193
+ } = require("./lib/commerce_identity");
111
194
  const {
112
195
  createExternalCreditGrant,
113
196
  getExternalCreditGrant,
114
197
  listExternalCreditGrants
115
198
  } = require("./lib/external_credit_bridge");
116
199
  const {
200
+ createAuthorityBinding,
117
201
  createSpendCredential,
202
+ evaluateAuthorityBindingAction,
203
+ getAuthorityBinding,
204
+ getAuthorityBindingContractSummary,
205
+ getAuthorityBindingRotationSummary,
118
206
  getSpendCredential,
207
+ listAuthorityBindings,
119
208
  listSpendCredentials,
209
+ renewAuthorityBinding,
210
+ resolveSpendCredential,
211
+ rotateAuthorityBinding,
212
+ revokeAuthorityBinding,
120
213
  revokeSpendCredential
121
214
  } = require("./lib/account_auth");
215
+ const {
216
+ createIdentityBinding,
217
+ listIdentityBindings,
218
+ getIdentityBinding,
219
+ getIdentityBindingRotationSummary,
220
+ renewIdentityBinding,
221
+ revokeIdentityBinding,
222
+ rotateIdentityBinding
223
+ } = require("./lib/identity_auth");
122
224
  const {
123
225
  getBsvSettlementRecord,
124
226
  listBsvSettlementRecords,
@@ -242,6 +344,27 @@ const {
242
344
  buildAdapterPartnerPack,
243
345
  summarizeAdapterPartnerPack
244
346
  } = require("./lib/adapter_partner_pack");
347
+ const {
348
+ buildCapabilityRegistrySummary,
349
+ buildCapabilityRegistryBundle,
350
+ buildCapabilityRegistryClassificationSummary,
351
+ buildCapabilityRegistryLineageSummary,
352
+ buildCapabilityRegistryOperatorBundle,
353
+ buildCapabilityRegistryPolicyPack,
354
+ summarizeCapabilityRegistryPolicyPack,
355
+ buildCapabilityRegistryPolicyApplicationSummary,
356
+ buildCapabilityRegistryPackage,
357
+ summarizeCapabilityRegistryPackage,
358
+ summarizeCapabilityRegistryOperatorBundle
359
+ } = require("./lib/capability_registry");
360
+ const {
361
+ buildPartnerIntelligencePack,
362
+ summarizePartnerIntelligencePack
363
+ } = require("./lib/partner_intelligence");
364
+ const {
365
+ buildOperatorIntelligencePack,
366
+ summarizeOperatorIntelligencePack
367
+ } = require("./lib/operator_intelligence");
245
368
  const {
246
369
  buildSoftLaunchPack,
247
370
  summarizeSoftLaunchPack
@@ -863,6 +986,19 @@ function parseBearerToken(headers) {
863
986
  return match ? match[1].trim() : null;
864
987
  }
865
988
 
989
+ function resolveDelegatedAuthorityForHeaders(state, headers) {
990
+ const bearerToken = parseBearerToken(headers);
991
+ const delegatedSpendRequested = typeof bearerToken === "string" && bearerToken.startsWith("xytara_spend_");
992
+ if (!delegatedSpendRequested) {
993
+ return { requested: false, ok: false, reason: "spend_credential_not_requested" };
994
+ }
995
+ const delegatedSpend = resolveSpendCredential(state, bearerToken);
996
+ return {
997
+ requested: true,
998
+ ...delegatedSpend
999
+ };
1000
+ }
1001
+
866
1002
  function verifyAccountAuthWriteAccess(headers) {
867
1003
  const expectedToken = getAccountAuthBearerToken();
868
1004
  if (!expectedToken) {
@@ -888,6 +1024,18 @@ function verifyAccountAuthWriteAccess(headers) {
888
1024
  };
889
1025
  }
890
1026
 
1027
+ function mergeIdentityBindingPolicyPayload(policySummary, body, accountId) {
1028
+ const payload = body && typeof body === "object" && !Array.isArray(body) ? body : {};
1029
+ const suggested = policySummary && policySummary.suggested_binding_payload && typeof policySummary.suggested_binding_payload === "object"
1030
+ ? policySummary.suggested_binding_payload
1031
+ : {};
1032
+ return {
1033
+ ...suggested,
1034
+ ...payload,
1035
+ account_id: accountId
1036
+ };
1037
+ }
1038
+
891
1039
  function verifyCreditBridgeWriteAccess(headers) {
892
1040
  const expectedToken = getCreditBridgeBearerToken();
893
1041
  if (!expectedToken) {
@@ -3259,6 +3407,112 @@ async function routeRequest(req, res) {
3259
3407
  return;
3260
3408
  }
3261
3409
 
3410
+ if (req.method === "GET" && url.pathname === "/v1/capability-registry") {
3411
+ sendJson(res, 200, buildCapabilityRegistryBundle());
3412
+ return;
3413
+ }
3414
+
3415
+ if (req.method === "GET" && url.pathname === "/v1/capability-registry/summary") {
3416
+ sendJson(res, 200, buildCapabilityRegistrySummary());
3417
+ return;
3418
+ }
3419
+
3420
+ if (req.method === "GET" && url.pathname === "/v1/capability-registry/classification-summary") {
3421
+ sendJson(res, 200, buildCapabilityRegistryClassificationSummary());
3422
+ return;
3423
+ }
3424
+
3425
+ if (req.method === "GET" && url.pathname === "/v1/capability-registry/lineage-summary") {
3426
+ sendJson(res, 200, buildCapabilityRegistryLineageSummary());
3427
+ return;
3428
+ }
3429
+
3430
+ if (req.method === "GET" && url.pathname === "/v1/capability-registry/operator-bundle") {
3431
+ sendJson(res, 200, buildCapabilityRegistryOperatorBundle(state, {
3432
+ account_id: url.searchParams.get("account_id") || "acct_demo"
3433
+ }));
3434
+ return;
3435
+ }
3436
+
3437
+ if (req.method === "GET" && url.pathname === "/v1/capability-registry/operator-bundle/summary") {
3438
+ sendJson(res, 200, summarizeCapabilityRegistryOperatorBundle(state, {
3439
+ account_id: url.searchParams.get("account_id") || "acct_demo"
3440
+ }));
3441
+ return;
3442
+ }
3443
+
3444
+ if (req.method === "GET" && url.pathname === "/v1/capability-registry/policy-pack") {
3445
+ sendJson(res, 200, buildCapabilityRegistryPolicyPack(state, {
3446
+ account_id: url.searchParams.get("account_id") || "acct_demo"
3447
+ }));
3448
+ return;
3449
+ }
3450
+
3451
+ if (req.method === "GET" && url.pathname === "/v1/capability-registry/policy-pack/summary") {
3452
+ sendJson(res, 200, summarizeCapabilityRegistryPolicyPack(state, {
3453
+ account_id: url.searchParams.get("account_id") || "acct_demo"
3454
+ }));
3455
+ return;
3456
+ }
3457
+
3458
+ if (req.method === "GET" && url.pathname === "/v1/capability-registry/policy-application-summary") {
3459
+ sendJson(res, 200, buildCapabilityRegistryPolicyApplicationSummary(state, {
3460
+ account_id: url.searchParams.get("account_id") || "acct_demo",
3461
+ template_id: url.searchParams.get("template_id") || ""
3462
+ }));
3463
+ return;
3464
+ }
3465
+
3466
+ if (req.method === "GET" && url.pathname === "/v1/capability-registry/package") {
3467
+ sendJson(res, 200, buildCapabilityRegistryPackage(state, {
3468
+ account_id: url.searchParams.get("account_id") || "acct_demo"
3469
+ }));
3470
+ return;
3471
+ }
3472
+
3473
+ if (req.method === "GET" && url.pathname === "/v1/capability-registry/package/summary") {
3474
+ sendJson(res, 200, summarizeCapabilityRegistryPackage(state, {
3475
+ account_id: url.searchParams.get("account_id") || "acct_demo"
3476
+ }));
3477
+ return;
3478
+ }
3479
+
3480
+ if (req.method === "GET" && url.pathname === "/v1/partner-intelligence") {
3481
+ sendJson(res, 200, buildPartnerIntelligencePack());
3482
+ return;
3483
+ }
3484
+
3485
+ if (req.method === "GET" && url.pathname === "/v1/partner-intelligence/summary") {
3486
+ sendJson(res, 200, summarizePartnerIntelligencePack());
3487
+ return;
3488
+ }
3489
+
3490
+ if (req.method === "GET" && url.pathname === "/v1/operator-intelligence") {
3491
+ sendJson(res, 200, buildOperatorIntelligencePack(state, {
3492
+ account_id: url.searchParams.get("account_id") || "acct_demo"
3493
+ }));
3494
+ return;
3495
+ }
3496
+
3497
+ if (req.method === "GET" && url.pathname === "/v1/operator-intelligence/summary") {
3498
+ sendJson(res, 200, summarizeOperatorIntelligencePack(state, {
3499
+ account_id: url.searchParams.get("account_id") || "acct_demo"
3500
+ }));
3501
+ return;
3502
+ }
3503
+
3504
+ if (req.method === "POST" && url.pathname === "/v1/operator-intelligence") {
3505
+ const body = await readJsonBody(req);
3506
+ sendJson(res, 200, buildOperatorIntelligencePack(state, body));
3507
+ return;
3508
+ }
3509
+
3510
+ if (req.method === "POST" && url.pathname === "/v1/operator-intelligence/summary") {
3511
+ const body = await readJsonBody(req);
3512
+ sendJson(res, 200, summarizeOperatorIntelligencePack(state, body));
3513
+ return;
3514
+ }
3515
+
3262
3516
  if (req.method === "GET" && url.pathname === "/v1/soft-launch") {
3263
3517
  sendJson(res, 200, buildSoftLaunchPack());
3264
3518
  return;
@@ -5270,6 +5524,78 @@ async function routeRequest(req, res) {
5270
5524
  return;
5271
5525
  }
5272
5526
 
5527
+ if (req.method === "POST" && url.pathname === "/v1/economics/rails/credits/reserve") {
5528
+ const body = await readJsonBody(req);
5529
+ const delegatedAuthority = resolveDelegatedAuthorityForHeaders(state, req.headers || {});
5530
+ if (delegatedAuthority.requested && !delegatedAuthority.ok) {
5531
+ sendJson(res, 403, { ok: false, reason: delegatedAuthority.reason });
5532
+ return;
5533
+ }
5534
+ if (delegatedAuthority.ok && delegatedAuthority.binding) {
5535
+ const units = typeof body.units === "number" ? body.units : 0;
5536
+ const authorityDecision = evaluateAuthorityBindingAction(delegatedAuthority.binding, "reserve", units);
5537
+ if (!authorityDecision.ok) {
5538
+ sendJson(res, 403, authorityDecision);
5539
+ return;
5540
+ }
5541
+ }
5542
+ const result = applyWalletLifecycleEvent(state, body, "reserve");
5543
+ if (!result.ok) {
5544
+ sendJson(res, 409, result);
5545
+ return;
5546
+ }
5547
+ sendJson(res, 200, result);
5548
+ return;
5549
+ }
5550
+
5551
+ if (req.method === "POST" && url.pathname === "/v1/economics/rails/credits/release") {
5552
+ const body = await readJsonBody(req);
5553
+ const delegatedAuthority = resolveDelegatedAuthorityForHeaders(state, req.headers || {});
5554
+ if (delegatedAuthority.requested && !delegatedAuthority.ok) {
5555
+ sendJson(res, 403, { ok: false, reason: delegatedAuthority.reason });
5556
+ return;
5557
+ }
5558
+ if (delegatedAuthority.ok && delegatedAuthority.binding) {
5559
+ const units = typeof body.units === "number" ? body.units : 0;
5560
+ const authorityDecision = evaluateAuthorityBindingAction(delegatedAuthority.binding, "release", units);
5561
+ if (!authorityDecision.ok) {
5562
+ sendJson(res, 403, authorityDecision);
5563
+ return;
5564
+ }
5565
+ }
5566
+ const result = applyWalletLifecycleEvent(state, body, "release");
5567
+ if (!result.ok) {
5568
+ sendJson(res, 409, result);
5569
+ return;
5570
+ }
5571
+ sendJson(res, 200, result);
5572
+ return;
5573
+ }
5574
+
5575
+ if (req.method === "POST" && url.pathname === "/v1/economics/rails/credits/reverse") {
5576
+ const body = await readJsonBody(req);
5577
+ const delegatedAuthority = resolveDelegatedAuthorityForHeaders(state, req.headers || {});
5578
+ if (delegatedAuthority.requested && !delegatedAuthority.ok) {
5579
+ sendJson(res, 403, { ok: false, reason: delegatedAuthority.reason });
5580
+ return;
5581
+ }
5582
+ if (delegatedAuthority.ok && delegatedAuthority.binding) {
5583
+ const units = typeof body.units === "number" ? body.units : 0;
5584
+ const authorityDecision = evaluateAuthorityBindingAction(delegatedAuthority.binding, "reverse", units);
5585
+ if (!authorityDecision.ok) {
5586
+ sendJson(res, 403, authorityDecision);
5587
+ return;
5588
+ }
5589
+ }
5590
+ const result = applyWalletLifecycleEvent(state, body, "reverse");
5591
+ if (!result.ok) {
5592
+ sendJson(res, 409, result);
5593
+ return;
5594
+ }
5595
+ sendJson(res, 200, result);
5596
+ return;
5597
+ }
5598
+
5273
5599
  if (req.method === "POST" && url.pathname === "/v1/economics/rails/credits/consume") {
5274
5600
  const body = await readJsonBody(req);
5275
5601
  const result = consumeAccountCredits(state, body);
@@ -5391,120 +5717,425 @@ async function routeRequest(req, res) {
5391
5717
  return;
5392
5718
  }
5393
5719
 
5394
- if (req.method === "POST" && url.pathname.endsWith("/revoke") && url.pathname.startsWith("/v1/account-auth/spend-credentials/")) {
5720
+ if (req.method === "GET" && url.pathname === "/v1/account-auth/authority-bindings") {
5395
5721
  const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5396
5722
  if (!authorization.ok) {
5397
5723
  sendJson(res, authorization.status, authorization.payload);
5398
5724
  return;
5399
5725
  }
5400
- const credentialId = getDecodedSuffixId(url.pathname, "/v1/account-auth/spend-credentials/").replace(/\/revoke$/, "");
5401
- const credential = revokeSpendCredential(state, credentialId, await readJsonBody(req));
5402
- if (!credential) {
5403
- sendJson(res, 404, { ok: false, reason: "spend_credential_not_found" });
5404
- return;
5405
- }
5726
+ const bindings = listAuthorityBindings(state, Object.fromEntries(url.searchParams.entries()));
5406
5727
  sendJson(res, 200, {
5407
5728
  ok: true,
5408
5729
  auth_mode: authorization.auth_mode,
5409
- spend_credential: credential
5730
+ authority_bindings: bindings
5410
5731
  });
5411
5732
  return;
5412
5733
  }
5413
5734
 
5414
- if (req.method === "GET" && url.pathname.startsWith("/v1/account-auth/spend-credentials/")) {
5735
+ if (req.method === "GET" && url.pathname === "/v1/identity/bindings") {
5415
5736
  const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5416
5737
  if (!authorization.ok) {
5417
5738
  sendJson(res, authorization.status, authorization.payload);
5418
5739
  return;
5419
5740
  }
5420
- const credentialId = getDecodedSuffixId(url.pathname, "/v1/account-auth/spend-credentials/");
5421
- const credential = getSpendCredential(state, credentialId);
5422
- if (!credential) {
5423
- sendJson(res, 404, { ok: false, reason: "spend_credential_not_found" });
5424
- return;
5425
- }
5741
+ const bindings = listIdentityBindings(state, Object.fromEntries(url.searchParams.entries()));
5426
5742
  sendJson(res, 200, {
5427
5743
  ok: true,
5428
5744
  auth_mode: authorization.auth_mode,
5429
- spend_credential: credential
5745
+ identity_bindings: bindings
5430
5746
  });
5431
5747
  return;
5432
5748
  }
5433
5749
 
5434
- if (req.method === "GET" && url.pathname === "/v1/checkout/purchase-intents") {
5750
+ if (req.method === "POST" && url.pathname === "/v1/identity/bindings") {
5751
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5752
+ if (!authorization.ok) {
5753
+ sendJson(res, authorization.status, authorization.payload);
5754
+ return;
5755
+ }
5756
+ const body = await readJsonBody(req);
5435
5757
  sendJson(res, 200, {
5436
5758
  ok: true,
5437
- purchase_intents: listHostedCheckoutPurchaseIntents(state, url.searchParams.get("account_id"))
5759
+ auth_mode: authorization.auth_mode,
5760
+ identity_binding: createIdentityBinding(state, body)
5438
5761
  });
5439
5762
  return;
5440
5763
  }
5441
5764
 
5442
- if (req.method === "POST" && url.pathname === "/v1/checkout/purchase-intents") {
5765
+ if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-policy-bindings")) {
5766
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5767
+ if (!authorization.ok) {
5768
+ sendJson(res, authorization.status, authorization.payload);
5769
+ return;
5770
+ }
5771
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-policy-bindings$/, "");
5443
5772
  const body = await readJsonBody(req);
5444
- sendJson(res, 200, { ok: true, purchase_intent: createHostedCheckoutPurchaseIntent(state, body) });
5773
+ const policySummary = buildMachineIdentityPolicyApplicationSummary(state, accountId, body && body.template_id ? body.template_id : null);
5774
+ const identityBinding = createIdentityBinding(state, mergeIdentityBindingPolicyPayload(policySummary, body, accountId));
5775
+ sendJson(res, 200, {
5776
+ ok: true,
5777
+ auth_mode: authorization.auth_mode,
5778
+ machine_identity_policy_application_summary: policySummary,
5779
+ identity_binding: identityBinding
5780
+ });
5445
5781
  return;
5446
5782
  }
5447
5783
 
5448
- if (
5449
- req.method === "GET"
5450
- && url.pathname.startsWith("/v1/checkout/purchase-intents/")
5451
- && !url.pathname.endsWith("/sessions")
5452
- && !url.pathname.endsWith("/refunds")
5453
- ) {
5454
- const purchaseIntentId = getDecodedSuffixId(url.pathname, "/v1/checkout/purchase-intents/");
5455
- const response = buildNamedRecordResponse(
5456
- "purchase_intent",
5457
- getHostedCheckoutPurchaseIntent(state, purchaseIntentId),
5458
- "purchase_intent_not_found"
5459
- );
5460
- sendJson(res, response.status, response.payload);
5784
+ if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.includes("/machine-identity-policy-rotations/")) {
5785
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5786
+ if (!authorization.ok) {
5787
+ sendJson(res, authorization.status, authorization.payload);
5788
+ return;
5789
+ }
5790
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-policy-rotations\/.*$/, "");
5791
+ const bindingId = getDecodedSuffixId(url.pathname, `/v1/economics/accounts/${encodeURIComponent(accountId)}/machine-identity-policy-rotations/`);
5792
+ const body = await readJsonBody(req);
5793
+ const policySummary = buildMachineIdentityPolicyApplicationSummary(state, accountId, body && body.template_id ? body.template_id : null);
5794
+ const rotation = rotateIdentityBinding(state, bindingId, mergeIdentityBindingPolicyPayload(policySummary, body, accountId));
5795
+ if (!rotation) {
5796
+ sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
5797
+ return;
5798
+ }
5799
+ sendJson(res, 200, {
5800
+ ok: true,
5801
+ auth_mode: authorization.auth_mode,
5802
+ machine_identity_policy_application_summary: policySummary,
5803
+ rotation
5804
+ });
5461
5805
  return;
5462
5806
  }
5463
5807
 
5464
- if (req.method === "GET" && url.pathname.startsWith("/v1/checkout/purchase-intents/") && url.pathname.endsWith("/sessions")) {
5465
- const purchaseIntentId = getDecodedSuffixId(url.pathname, "/v1/checkout/purchase-intents/").replace(/\/sessions$/, "");
5808
+ if (req.method === "POST" && url.pathname.endsWith("/revoke") && url.pathname.startsWith("/v1/identity/bindings/")) {
5809
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5810
+ if (!authorization.ok) {
5811
+ sendJson(res, authorization.status, authorization.payload);
5812
+ return;
5813
+ }
5814
+ const bindingId = getDecodedSuffixId(url.pathname, "/v1/identity/bindings/").replace(/\/revoke$/, "");
5815
+ const binding = revokeIdentityBinding(state, bindingId, await readJsonBody(req));
5816
+ if (!binding) {
5817
+ sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
5818
+ return;
5819
+ }
5466
5820
  sendJson(res, 200, {
5467
5821
  ok: true,
5468
- checkout_sessions: listHostedCheckoutSessions(state, purchaseIntentId)
5822
+ auth_mode: authorization.auth_mode,
5823
+ identity_binding: binding
5469
5824
  });
5470
5825
  return;
5471
5826
  }
5472
5827
 
5473
- if (req.method === "POST" && url.pathname.startsWith("/v1/checkout/purchase-intents/") && url.pathname.endsWith("/session")) {
5474
- const purchaseIntentId = getDecodedSuffixId(url.pathname, "/v1/checkout/purchase-intents/").replace(/\/session$/, "");
5475
- const body = await readJsonBody(req);
5476
- const session = createHostedCheckoutSession(state, purchaseIntentId, body);
5477
- const response = buildNamedRecordResponse("checkout_session", session, "purchase_intent_not_found");
5478
- sendJson(res, response.status, response.payload);
5828
+ if (req.method === "POST" && url.pathname.endsWith("/renew") && url.pathname.startsWith("/v1/identity/bindings/")) {
5829
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5830
+ if (!authorization.ok) {
5831
+ sendJson(res, authorization.status, authorization.payload);
5832
+ return;
5833
+ }
5834
+ const bindingId = getDecodedSuffixId(url.pathname, "/v1/identity/bindings/").replace(/\/renew$/, "");
5835
+ const binding = renewIdentityBinding(state, bindingId, await readJsonBody(req));
5836
+ if (!binding) {
5837
+ sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
5838
+ return;
5839
+ }
5840
+ sendJson(res, 200, {
5841
+ ok: true,
5842
+ auth_mode: authorization.auth_mode,
5843
+ identity_binding: binding
5844
+ });
5479
5845
  return;
5480
5846
  }
5481
5847
 
5482
- if (req.method === "GET" && url.pathname.startsWith("/v1/checkout/purchase-intents/") && url.pathname.endsWith("/refunds")) {
5483
- const purchaseIntentId = getDecodedSuffixId(url.pathname, "/v1/checkout/purchase-intents/").replace(/\/refunds$/, "");
5848
+ if (req.method === "POST" && url.pathname.endsWith("/rotate") && url.pathname.startsWith("/v1/identity/bindings/")) {
5849
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5850
+ if (!authorization.ok) {
5851
+ sendJson(res, authorization.status, authorization.payload);
5852
+ return;
5853
+ }
5854
+ const bindingId = getDecodedSuffixId(url.pathname, "/v1/identity/bindings/").replace(/\/rotate$/, "");
5855
+ const rotation = rotateIdentityBinding(state, bindingId, await readJsonBody(req));
5856
+ if (!rotation) {
5857
+ sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
5858
+ return;
5859
+ }
5484
5860
  sendJson(res, 200, {
5485
5861
  ok: true,
5486
- refunds: listHostedCheckoutRefunds(state, purchaseIntentId)
5862
+ auth_mode: authorization.auth_mode,
5863
+ rotation
5487
5864
  });
5488
5865
  return;
5489
5866
  }
5490
5867
 
5491
- if (req.method === "POST" && url.pathname.startsWith("/v1/checkout/purchase-intents/") && url.pathname.endsWith("/refund-request")) {
5492
- const purchaseIntentId = getDecodedSuffixId(url.pathname, "/v1/checkout/purchase-intents/").replace(/\/refund-request$/, "");
5493
- const body = await readJsonBody(req);
5494
- const refund = requestHostedCheckoutRefund(state, purchaseIntentId, body);
5495
- const response = buildNamedRecordResponse("refund", refund, "purchase_intent_not_found");
5496
- sendJson(res, response.status, response.payload);
5868
+ if (req.method === "GET" && url.pathname.startsWith("/v1/identity/bindings/")) {
5869
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5870
+ if (!authorization.ok) {
5871
+ sendJson(res, authorization.status, authorization.payload);
5872
+ return;
5873
+ }
5874
+ if (url.pathname.endsWith("/rotation-summary")) {
5875
+ const bindingId = getDecodedSuffixId(url.pathname, "/v1/identity/bindings/").replace(/\/rotation-summary$/, "");
5876
+ const bindingSummary = getIdentityBindingRotationSummary(state, bindingId);
5877
+ if (!bindingSummary) {
5878
+ sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
5879
+ return;
5880
+ }
5881
+ sendJson(res, 200, {
5882
+ ok: true,
5883
+ auth_mode: authorization.auth_mode,
5884
+ identity_binding_rotation_summary: bindingSummary
5885
+ });
5886
+ return;
5887
+ }
5888
+ const bindingId = getDecodedSuffixId(url.pathname, "/v1/identity/bindings/");
5889
+ const binding = getIdentityBinding(state, bindingId);
5890
+ if (!binding) {
5891
+ sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
5892
+ return;
5893
+ }
5894
+ sendJson(res, 200, {
5895
+ ok: true,
5896
+ auth_mode: authorization.auth_mode,
5897
+ identity_binding: binding
5898
+ });
5497
5899
  return;
5498
5900
  }
5499
5901
 
5500
- if (req.method === "GET" && url.pathname.startsWith("/v1/checkout/sessions/")) {
5501
- const checkoutSessionId = getDecodedSuffixId(url.pathname, "/v1/checkout/sessions/");
5502
- const response = buildNamedRecordResponse(
5503
- "checkout_session",
5504
- getHostedCheckoutSession(state, checkoutSessionId),
5505
- "checkout_session_not_found"
5506
- );
5507
- sendJson(res, response.status, response.payload);
5902
+ if (req.method === "POST" && url.pathname === "/v1/account-auth/authority-bindings") {
5903
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5904
+ if (!authorization.ok) {
5905
+ sendJson(res, authorization.status, authorization.payload);
5906
+ return;
5907
+ }
5908
+ const body = await readJsonBody(req);
5909
+ sendJson(res, 200, {
5910
+ ok: true,
5911
+ auth_mode: authorization.auth_mode,
5912
+ authority_binding: createAuthorityBinding(state, body)
5913
+ });
5914
+ return;
5915
+ }
5916
+
5917
+ if (req.method === "POST" && url.pathname.endsWith("/revoke") && url.pathname.startsWith("/v1/account-auth/authority-bindings/")) {
5918
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5919
+ if (!authorization.ok) {
5920
+ sendJson(res, authorization.status, authorization.payload);
5921
+ return;
5922
+ }
5923
+ const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/").replace(/\/revoke$/, "");
5924
+ const binding = revokeAuthorityBinding(state, bindingId, await readJsonBody(req));
5925
+ if (!binding) {
5926
+ sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
5927
+ return;
5928
+ }
5929
+ sendJson(res, 200, {
5930
+ ok: true,
5931
+ auth_mode: authorization.auth_mode,
5932
+ authority_binding: binding
5933
+ });
5934
+ return;
5935
+ }
5936
+
5937
+ if (req.method === "POST" && url.pathname.endsWith("/renew") && url.pathname.startsWith("/v1/account-auth/authority-bindings/")) {
5938
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5939
+ if (!authorization.ok) {
5940
+ sendJson(res, authorization.status, authorization.payload);
5941
+ return;
5942
+ }
5943
+ const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/").replace(/\/renew$/, "");
5944
+ const binding = renewAuthorityBinding(state, bindingId, await readJsonBody(req));
5945
+ if (!binding) {
5946
+ sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
5947
+ return;
5948
+ }
5949
+ sendJson(res, 200, {
5950
+ ok: true,
5951
+ auth_mode: authorization.auth_mode,
5952
+ authority_binding: binding
5953
+ });
5954
+ return;
5955
+ }
5956
+
5957
+ if (req.method === "POST" && url.pathname.endsWith("/rotate") && url.pathname.startsWith("/v1/account-auth/authority-bindings/")) {
5958
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5959
+ if (!authorization.ok) {
5960
+ sendJson(res, authorization.status, authorization.payload);
5961
+ return;
5962
+ }
5963
+ const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/").replace(/\/rotate$/, "");
5964
+ const rotation = rotateAuthorityBinding(state, bindingId, await readJsonBody(req));
5965
+ if (!rotation) {
5966
+ sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
5967
+ return;
5968
+ }
5969
+ sendJson(res, 200, {
5970
+ ok: true,
5971
+ auth_mode: authorization.auth_mode,
5972
+ rotation
5973
+ });
5974
+ return;
5975
+ }
5976
+
5977
+ if (req.method === "GET" && url.pathname.startsWith("/v1/account-auth/authority-bindings/")) {
5978
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
5979
+ if (!authorization.ok) {
5980
+ sendJson(res, authorization.status, authorization.payload);
5981
+ return;
5982
+ }
5983
+ if (url.pathname.endsWith("/contract-summary")) {
5984
+ const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/").replace(/\/contract-summary$/, "");
5985
+ const bindingSummary = getAuthorityBindingContractSummary(state, bindingId);
5986
+ if (!bindingSummary) {
5987
+ sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
5988
+ return;
5989
+ }
5990
+ sendJson(res, 200, {
5991
+ ok: true,
5992
+ auth_mode: authorization.auth_mode,
5993
+ authority_binding_contract_summary: bindingSummary
5994
+ });
5995
+ return;
5996
+ }
5997
+ if (url.pathname.endsWith("/rotation-summary")) {
5998
+ const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/").replace(/\/rotation-summary$/, "");
5999
+ const bindingSummary = getAuthorityBindingRotationSummary(state, bindingId);
6000
+ if (!bindingSummary) {
6001
+ sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
6002
+ return;
6003
+ }
6004
+ sendJson(res, 200, {
6005
+ ok: true,
6006
+ auth_mode: authorization.auth_mode,
6007
+ authority_binding_rotation_summary: bindingSummary
6008
+ });
6009
+ return;
6010
+ }
6011
+ const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/");
6012
+ const binding = getAuthorityBinding(state, bindingId);
6013
+ if (!binding) {
6014
+ sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
6015
+ return;
6016
+ }
6017
+ sendJson(res, 200, {
6018
+ ok: true,
6019
+ auth_mode: authorization.auth_mode,
6020
+ authority_binding: binding
6021
+ });
6022
+ return;
6023
+ }
6024
+
6025
+ if (req.method === "POST" && url.pathname.endsWith("/revoke") && url.pathname.startsWith("/v1/account-auth/spend-credentials/")) {
6026
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
6027
+ if (!authorization.ok) {
6028
+ sendJson(res, authorization.status, authorization.payload);
6029
+ return;
6030
+ }
6031
+ const credentialId = getDecodedSuffixId(url.pathname, "/v1/account-auth/spend-credentials/").replace(/\/revoke$/, "");
6032
+ const credential = revokeSpendCredential(state, credentialId, await readJsonBody(req));
6033
+ if (!credential) {
6034
+ sendJson(res, 404, { ok: false, reason: "spend_credential_not_found" });
6035
+ return;
6036
+ }
6037
+ sendJson(res, 200, {
6038
+ ok: true,
6039
+ auth_mode: authorization.auth_mode,
6040
+ spend_credential: credential
6041
+ });
6042
+ return;
6043
+ }
6044
+
6045
+ if (req.method === "GET" && url.pathname.startsWith("/v1/account-auth/spend-credentials/")) {
6046
+ const authorization = verifyAccountAuthWriteAccess(req.headers || {});
6047
+ if (!authorization.ok) {
6048
+ sendJson(res, authorization.status, authorization.payload);
6049
+ return;
6050
+ }
6051
+ const credentialId = getDecodedSuffixId(url.pathname, "/v1/account-auth/spend-credentials/");
6052
+ const credential = getSpendCredential(state, credentialId);
6053
+ if (!credential) {
6054
+ sendJson(res, 404, { ok: false, reason: "spend_credential_not_found" });
6055
+ return;
6056
+ }
6057
+ sendJson(res, 200, {
6058
+ ok: true,
6059
+ auth_mode: authorization.auth_mode,
6060
+ spend_credential: credential
6061
+ });
6062
+ return;
6063
+ }
6064
+
6065
+ if (req.method === "GET" && url.pathname === "/v1/checkout/purchase-intents") {
6066
+ sendJson(res, 200, {
6067
+ ok: true,
6068
+ purchase_intents: listHostedCheckoutPurchaseIntents(state, url.searchParams.get("account_id"))
6069
+ });
6070
+ return;
6071
+ }
6072
+
6073
+ if (req.method === "POST" && url.pathname === "/v1/checkout/purchase-intents") {
6074
+ const body = await readJsonBody(req);
6075
+ sendJson(res, 200, { ok: true, purchase_intent: createHostedCheckoutPurchaseIntent(state, body) });
6076
+ return;
6077
+ }
6078
+
6079
+ if (
6080
+ req.method === "GET"
6081
+ && url.pathname.startsWith("/v1/checkout/purchase-intents/")
6082
+ && !url.pathname.endsWith("/sessions")
6083
+ && !url.pathname.endsWith("/refunds")
6084
+ ) {
6085
+ const purchaseIntentId = getDecodedSuffixId(url.pathname, "/v1/checkout/purchase-intents/");
6086
+ const response = buildNamedRecordResponse(
6087
+ "purchase_intent",
6088
+ getHostedCheckoutPurchaseIntent(state, purchaseIntentId),
6089
+ "purchase_intent_not_found"
6090
+ );
6091
+ sendJson(res, response.status, response.payload);
6092
+ return;
6093
+ }
6094
+
6095
+ if (req.method === "GET" && url.pathname.startsWith("/v1/checkout/purchase-intents/") && url.pathname.endsWith("/sessions")) {
6096
+ const purchaseIntentId = getDecodedSuffixId(url.pathname, "/v1/checkout/purchase-intents/").replace(/\/sessions$/, "");
6097
+ sendJson(res, 200, {
6098
+ ok: true,
6099
+ checkout_sessions: listHostedCheckoutSessions(state, purchaseIntentId)
6100
+ });
6101
+ return;
6102
+ }
6103
+
6104
+ if (req.method === "POST" && url.pathname.startsWith("/v1/checkout/purchase-intents/") && url.pathname.endsWith("/session")) {
6105
+ const purchaseIntentId = getDecodedSuffixId(url.pathname, "/v1/checkout/purchase-intents/").replace(/\/session$/, "");
6106
+ const body = await readJsonBody(req);
6107
+ const session = createHostedCheckoutSession(state, purchaseIntentId, body);
6108
+ const response = buildNamedRecordResponse("checkout_session", session, "purchase_intent_not_found");
6109
+ sendJson(res, response.status, response.payload);
6110
+ return;
6111
+ }
6112
+
6113
+ if (req.method === "GET" && url.pathname.startsWith("/v1/checkout/purchase-intents/") && url.pathname.endsWith("/refunds")) {
6114
+ const purchaseIntentId = getDecodedSuffixId(url.pathname, "/v1/checkout/purchase-intents/").replace(/\/refunds$/, "");
6115
+ sendJson(res, 200, {
6116
+ ok: true,
6117
+ refunds: listHostedCheckoutRefunds(state, purchaseIntentId)
6118
+ });
6119
+ return;
6120
+ }
6121
+
6122
+ if (req.method === "POST" && url.pathname.startsWith("/v1/checkout/purchase-intents/") && url.pathname.endsWith("/refund-request")) {
6123
+ const purchaseIntentId = getDecodedSuffixId(url.pathname, "/v1/checkout/purchase-intents/").replace(/\/refund-request$/, "");
6124
+ const body = await readJsonBody(req);
6125
+ const refund = requestHostedCheckoutRefund(state, purchaseIntentId, body);
6126
+ const response = buildNamedRecordResponse("refund", refund, "purchase_intent_not_found");
6127
+ sendJson(res, response.status, response.payload);
6128
+ return;
6129
+ }
6130
+
6131
+ if (req.method === "GET" && url.pathname.startsWith("/v1/checkout/sessions/")) {
6132
+ const checkoutSessionId = getDecodedSuffixId(url.pathname, "/v1/checkout/sessions/");
6133
+ const response = buildNamedRecordResponse(
6134
+ "checkout_session",
6135
+ getHostedCheckoutSession(state, checkoutSessionId),
6136
+ "checkout_session_not_found"
6137
+ );
6138
+ sendJson(res, response.status, response.payload);
5508
6139
  return;
5509
6140
  }
5510
6141
 
@@ -5757,6 +6388,174 @@ async function routeRequest(req, res) {
5757
6388
  return;
5758
6389
  }
5759
6390
 
6391
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/wallet")) {
6392
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/wallet$/, "");
6393
+ sendJson(res, 200, buildWalletSummary(state, accountId));
6394
+ return;
6395
+ }
6396
+
6397
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/wallet-lifecycle-summary")) {
6398
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/wallet-lifecycle-summary$/, "");
6399
+ sendJson(res, 200, buildWalletLifecycleSummary(state, accountId));
6400
+ return;
6401
+ }
6402
+
6403
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/wallet-reserve-summary")) {
6404
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/wallet-reserve-summary$/, "");
6405
+ sendJson(res, 200, buildWalletReserveSummary(state, accountId));
6406
+ return;
6407
+ }
6408
+
6409
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/wallet-commit-summary")) {
6410
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/wallet-commit-summary$/, "");
6411
+ sendJson(res, 200, buildWalletCommitSummary(state, accountId));
6412
+ return;
6413
+ }
6414
+
6415
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/wallet-ledger-bundle")) {
6416
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/wallet-ledger-bundle$/, "");
6417
+ sendJson(res, 200, buildWalletLedgerBundle(state, accountId));
6418
+ return;
6419
+ }
6420
+
6421
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-summary")) {
6422
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-summary$/, "");
6423
+ sendJson(res, 200, buildAuthoritySummary(state, accountId));
6424
+ return;
6425
+ }
6426
+
6427
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-bundle")) {
6428
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-bundle$/, "");
6429
+ sendJson(res, 200, buildAuthorityBundle(state, accountId));
6430
+ return;
6431
+ }
6432
+
6433
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-usage-summary")) {
6434
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-usage-summary$/, "");
6435
+ sendJson(res, 200, buildAuthorityUsageSummary(state, accountId));
6436
+ return;
6437
+ }
6438
+
6439
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-review-bundle")) {
6440
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-review-bundle$/, "");
6441
+ sendJson(res, 200, buildAuthorityReviewBundle(state, accountId));
6442
+ return;
6443
+ }
6444
+
6445
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-attention-summary")) {
6446
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-attention-summary$/, "");
6447
+ sendJson(res, 200, buildAuthorityAttentionSummary(state, accountId));
6448
+ return;
6449
+ }
6450
+
6451
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-lineage-summary")) {
6452
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-lineage-summary$/, "");
6453
+ sendJson(res, 200, buildAuthorityLineageSummary(state, accountId));
6454
+ return;
6455
+ }
6456
+
6457
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-policy-pack/summary")) {
6458
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-policy-pack\/summary$/, "");
6459
+ sendJson(res, 200, buildAuthorityPolicyPackSummary(state, accountId));
6460
+ return;
6461
+ }
6462
+
6463
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-policy-pack")) {
6464
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-policy-pack$/, "");
6465
+ sendJson(res, 200, buildAuthorityPolicyPack(state, accountId));
6466
+ return;
6467
+ }
6468
+
6469
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-summary")) {
6470
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-summary$/, "");
6471
+ sendJson(res, 200, buildMachineIdentitySummary(state, accountId));
6472
+ return;
6473
+ }
6474
+
6475
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-bundle")) {
6476
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-bundle$/, "");
6477
+ sendJson(res, 200, buildMachineIdentityBundle(state, accountId));
6478
+ return;
6479
+ }
6480
+
6481
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-attachment-summary")) {
6482
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-attachment-summary$/, "");
6483
+ sendJson(res, 200, buildMachineIdentityAttachmentSummary(state, accountId));
6484
+ return;
6485
+ }
6486
+
6487
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-lineage-summary")) {
6488
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-lineage-summary$/, "");
6489
+ sendJson(res, 200, buildMachineIdentityLineageSummary(state, accountId));
6490
+ return;
6491
+ }
6492
+
6493
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-binding-lineage-summary")) {
6494
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-binding-lineage-summary$/, "");
6495
+ sendJson(res, 200, buildMachineIdentityBindingLineageSummary(state, accountId));
6496
+ return;
6497
+ }
6498
+
6499
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-profile")) {
6500
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-profile$/, "");
6501
+ sendJson(res, 200, buildMachineIdentityProfile(state, accountId));
6502
+ return;
6503
+ }
6504
+
6505
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-policy-pack/summary")) {
6506
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-policy-pack\/summary$/, "");
6507
+ sendJson(res, 200, buildMachineIdentityPolicyPackSummary(state, accountId));
6508
+ return;
6509
+ }
6510
+
6511
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-policy-application-summary")) {
6512
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-policy-application-summary$/, "");
6513
+ sendJson(res, 200, buildMachineIdentityPolicyApplicationSummary(state, accountId, url.searchParams.get("template_id")));
6514
+ return;
6515
+ }
6516
+
6517
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-policy-pack")) {
6518
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-policy-pack$/, "");
6519
+ sendJson(res, 200, buildMachineIdentityPolicyPack(state, accountId));
6520
+ return;
6521
+ }
6522
+
6523
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-review-bundle")) {
6524
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-review-bundle$/, "");
6525
+ sendJson(res, 200, buildMachineIdentityReviewBundle(state, accountId));
6526
+ return;
6527
+ }
6528
+
6529
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-attention-summary")) {
6530
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-attention-summary$/, "");
6531
+ sendJson(res, 200, buildMachineIdentityAttentionSummary(state, accountId));
6532
+ return;
6533
+ }
6534
+
6535
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-operator-bundle")) {
6536
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-operator-bundle$/, "");
6537
+ sendJson(res, 200, buildMachineIdentityOperatorBundle(state, accountId));
6538
+ return;
6539
+ }
6540
+
6541
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/wallet-ledger-summary")) {
6542
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/wallet-ledger-summary$/, "");
6543
+ sendJson(res, 200, buildWalletLedgerSummary(state, accountId));
6544
+ return;
6545
+ }
6546
+
6547
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/intelligence-summary")) {
6548
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/intelligence-summary$/, "");
6549
+ sendJson(res, 200, buildEconomicsIntelligenceSummary(state, accountId));
6550
+ return;
6551
+ }
6552
+
6553
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/treasury-intelligence-summary")) {
6554
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/treasury-intelligence-summary$/, "");
6555
+ sendJson(res, 200, buildTreasuryIntelligenceSummary(state, accountId));
6556
+ return;
6557
+ }
6558
+
5760
6559
  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/metering-summary")) {
5761
6560
  const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/metering-summary$/, "");
5762
6561
  sendJson(res, 200, buildUsageMeteringSummary(state, accountId));
@@ -5908,6 +6707,456 @@ async function routeRequest(req, res) {
5908
6707
  return;
5909
6708
  }
5910
6709
 
6710
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-policy-summary")) {
6711
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-policy-summary$/, "");
6712
+ sendJson(res, 200, buildPricingPolicySummary(state, accountId));
6713
+ return;
6714
+ }
6715
+
6716
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-policy-operator-bundle")) {
6717
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-policy-operator-bundle$/, "");
6718
+ sendJson(res, 200, buildPricingPolicyOperatorBundle(state, accountId));
6719
+ return;
6720
+ }
6721
+
6722
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-policy-pack")) {
6723
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-policy-pack$/, "");
6724
+ sendJson(res, 200, buildPricingPolicyPack(state, accountId));
6725
+ return;
6726
+ }
6727
+
6728
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-policy-application-summary")) {
6729
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-policy-application-summary$/, "");
6730
+ sendJson(res, 200, buildPricingPolicyApplicationSummary(state, accountId, url.searchParams.get("template_id") || null));
6731
+ return;
6732
+ }
6733
+
6734
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-policy-package")) {
6735
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-policy-package$/, "");
6736
+ sendJson(res, 200, buildPricingPolicyPackage(state, accountId));
6737
+ return;
6738
+ }
6739
+
6740
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-decision-summary")) {
6741
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-decision-summary$/, "");
6742
+ sendJson(res, 200, buildQuotePolicyDecisionSummary(state, {
6743
+ account_id: accountId,
6744
+ task_ref: url.searchParams.get("task_ref") || null,
6745
+ workflow_ref: url.searchParams.get("workflow_ref") || null,
6746
+ quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
6747
+ agent_id: url.searchParams.get("agent_id") || null,
6748
+ budget_id: url.searchParams.get("budget_id") || null
6749
+ }));
6750
+ return;
6751
+ }
6752
+
6753
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-band-decision-summary")) {
6754
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-band-decision-summary$/, "");
6755
+ sendJson(res, 200, buildPricingBandDecisionSummary(state, {
6756
+ account_id: accountId,
6757
+ task_ref: url.searchParams.get("task_ref") || null,
6758
+ workflow_ref: url.searchParams.get("workflow_ref") || null,
6759
+ quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null
6760
+ }));
6761
+ return;
6762
+ }
6763
+
6764
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-operator-bundle")) {
6765
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-operator-bundle$/, "");
6766
+ sendJson(res, 200, buildQuotePolicyOperatorBundle(state, {
6767
+ account_id: accountId,
6768
+ task_ref: url.searchParams.get("task_ref") || null,
6769
+ workflow_ref: url.searchParams.get("workflow_ref") || null,
6770
+ quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
6771
+ agent_id: url.searchParams.get("agent_id") || null,
6772
+ budget_id: url.searchParams.get("budget_id") || null
6773
+ }));
6774
+ return;
6775
+ }
6776
+
6777
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-operator-bundle/summary")) {
6778
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-operator-bundle\/summary$/, "");
6779
+ sendJson(res, 200, summarizeQuotePolicyOperatorBundle(state, {
6780
+ account_id: accountId,
6781
+ task_ref: url.searchParams.get("task_ref") || null,
6782
+ workflow_ref: url.searchParams.get("workflow_ref") || null,
6783
+ quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
6784
+ agent_id: url.searchParams.get("agent_id") || null,
6785
+ budget_id: url.searchParams.get("budget_id") || null
6786
+ }));
6787
+ return;
6788
+ }
6789
+
6790
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-pack")) {
6791
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-pack$/, "");
6792
+ sendJson(res, 200, buildQuotePolicyPack(state, {
6793
+ account_id: accountId,
6794
+ task_ref: url.searchParams.get("task_ref") || null,
6795
+ workflow_ref: url.searchParams.get("workflow_ref") || null,
6796
+ quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
6797
+ agent_id: url.searchParams.get("agent_id") || null,
6798
+ budget_id: url.searchParams.get("budget_id") || null
6799
+ }));
6800
+ return;
6801
+ }
6802
+
6803
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-pack/summary")) {
6804
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-pack\/summary$/, "");
6805
+ sendJson(res, 200, summarizeQuotePolicyPack(state, {
6806
+ account_id: accountId,
6807
+ task_ref: url.searchParams.get("task_ref") || null,
6808
+ workflow_ref: url.searchParams.get("workflow_ref") || null,
6809
+ quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
6810
+ agent_id: url.searchParams.get("agent_id") || null,
6811
+ budget_id: url.searchParams.get("budget_id") || null
6812
+ }));
6813
+ return;
6814
+ }
6815
+
6816
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-application-summary")) {
6817
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-application-summary$/, "");
6818
+ sendJson(res, 200, buildQuotePolicyApplicationSummary(state, {
6819
+ account_id: accountId,
6820
+ task_ref: url.searchParams.get("task_ref") || null,
6821
+ workflow_ref: url.searchParams.get("workflow_ref") || null,
6822
+ quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
6823
+ agent_id: url.searchParams.get("agent_id") || null,
6824
+ budget_id: url.searchParams.get("budget_id") || null,
6825
+ template_id: url.searchParams.get("template_id") || null
6826
+ }));
6827
+ return;
6828
+ }
6829
+
6830
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-package")) {
6831
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-package$/, "");
6832
+ sendJson(res, 200, buildQuotePolicyPackage(state, {
6833
+ account_id: accountId,
6834
+ task_ref: url.searchParams.get("task_ref") || null,
6835
+ workflow_ref: url.searchParams.get("workflow_ref") || null,
6836
+ quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
6837
+ agent_id: url.searchParams.get("agent_id") || null,
6838
+ budget_id: url.searchParams.get("budget_id") || null
6839
+ }));
6840
+ return;
6841
+ }
6842
+
6843
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-package/summary")) {
6844
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-package\/summary$/, "");
6845
+ sendJson(res, 200, summarizeQuotePolicyPackage(state, {
6846
+ account_id: accountId,
6847
+ task_ref: url.searchParams.get("task_ref") || null,
6848
+ workflow_ref: url.searchParams.get("workflow_ref") || null,
6849
+ quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
6850
+ agent_id: url.searchParams.get("agent_id") || null,
6851
+ budget_id: url.searchParams.get("budget_id") || null
6852
+ }));
6853
+ return;
6854
+ }
6855
+
6856
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-summary")) {
6857
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-summary$/, "");
6858
+ sendJson(res, 200, buildTrustLayerSummary(state, accountId));
6859
+ return;
6860
+ }
6861
+
6862
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-input-summary")) {
6863
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-input-summary$/, "");
6864
+ sendJson(res, 200, buildTrustInputSummary(state, accountId));
6865
+ return;
6866
+ }
6867
+
6868
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-operator-bundle")) {
6869
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-operator-bundle$/, "");
6870
+ sendJson(res, 200, buildTrustLayerOperatorBundle(state, accountId));
6871
+ return;
6872
+ }
6873
+
6874
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-operator-bundle/summary")) {
6875
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-operator-bundle\/summary$/, "");
6876
+ sendJson(res, 200, summarizeTrustLayerOperatorBundle(state, accountId));
6877
+ return;
6878
+ }
6879
+
6880
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-policy-pack")) {
6881
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-policy-pack$/, "");
6882
+ sendJson(res, 200, buildTrustLayerPolicyPack(state, accountId));
6883
+ return;
6884
+ }
6885
+
6886
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-policy-pack/summary")) {
6887
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-policy-pack\/summary$/, "");
6888
+ sendJson(res, 200, summarizeTrustLayerPolicyPack(state, accountId));
6889
+ return;
6890
+ }
6891
+
6892
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-application-summary")) {
6893
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-application-summary$/, "");
6894
+ sendJson(res, 200, buildTrustLayerApplicationSummary(state, accountId, url.searchParams.get("template_id") || null));
6895
+ return;
6896
+ }
6897
+
6898
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-package")) {
6899
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-package$/, "");
6900
+ sendJson(res, 200, buildTrustLayerPackage(state, accountId));
6901
+ return;
6902
+ }
6903
+
6904
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-package/summary")) {
6905
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-package\/summary$/, "");
6906
+ sendJson(res, 200, summarizeTrustLayerPackage(state, accountId));
6907
+ return;
6908
+ }
6909
+
6910
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-summary")) {
6911
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-summary$/, "");
6912
+ sendJson(res, 200, buildMultiOperatorParticipationSummary(state, accountId));
6913
+ return;
6914
+ }
6915
+
6916
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-operator-bundle")) {
6917
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-operator-bundle$/, "");
6918
+ sendJson(res, 200, buildMultiOperatorParticipationOperatorBundle(state, accountId));
6919
+ return;
6920
+ }
6921
+
6922
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-operator-bundle/summary")) {
6923
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-operator-bundle\/summary$/, "");
6924
+ sendJson(res, 200, summarizeMultiOperatorParticipationOperatorBundle(state, accountId));
6925
+ return;
6926
+ }
6927
+
6928
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-policy-pack")) {
6929
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-policy-pack$/, "");
6930
+ sendJson(res, 200, buildMultiOperatorParticipationPolicyPack(state, accountId));
6931
+ return;
6932
+ }
6933
+
6934
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-policy-pack/summary")) {
6935
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-policy-pack\/summary$/, "");
6936
+ sendJson(res, 200, summarizeMultiOperatorParticipationPolicyPack(state, accountId));
6937
+ return;
6938
+ }
6939
+
6940
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-application-summary")) {
6941
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-application-summary$/, "");
6942
+ sendJson(res, 200, buildMultiOperatorParticipationApplicationSummary(state, accountId, url.searchParams.get("template_id") || null));
6943
+ return;
6944
+ }
6945
+
6946
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-package")) {
6947
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-package$/, "");
6948
+ sendJson(res, 200, buildMultiOperatorParticipationPackage(state, accountId));
6949
+ return;
6950
+ }
6951
+
6952
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-package/summary")) {
6953
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-package\/summary$/, "");
6954
+ sendJson(res, 200, summarizeMultiOperatorParticipationPackage(state, accountId));
6955
+ return;
6956
+ }
6957
+
6958
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation-summary")) {
6959
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation-summary$/, "");
6960
+ sendJson(res, 200, buildNetworkParticipationSummary(state, accountId));
6961
+ return;
6962
+ }
6963
+
6964
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation-operator-bundle")) {
6965
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation-operator-bundle$/, "");
6966
+ sendJson(res, 200, buildNetworkParticipationOperatorBundle(state, accountId));
6967
+ return;
6968
+ }
6969
+
6970
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation-package")) {
6971
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation-package$/, "");
6972
+ sendJson(res, 200, buildNetworkParticipationPackage(state, accountId));
6973
+ return;
6974
+ }
6975
+
6976
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation-review-bundle")) {
6977
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation-review-bundle$/, "");
6978
+ sendJson(res, 200, buildNetworkParticipationReviewBundle(state, accountId));
6979
+ return;
6980
+ }
6981
+
6982
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation-attention-summary")) {
6983
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation-attention-summary$/, "");
6984
+ sendJson(res, 200, buildNetworkParticipationAttentionSummary(state, accountId));
6985
+ return;
6986
+ }
6987
+
6988
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participants")) {
6989
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participants$/, "");
6990
+ sendJson(res, 200, {
6991
+ ok: true,
6992
+ account_id: accountId,
6993
+ count: listNetworkParticipants(state, accountId).length,
6994
+ participants: listNetworkParticipants(state, accountId)
6995
+ });
6996
+ return;
6997
+ }
6998
+
6999
+ if (
7000
+ req.method === "GET"
7001
+ && url.pathname.startsWith("/v1/economics/accounts/")
7002
+ && url.pathname.includes("/network-participants/")
7003
+ ) {
7004
+ const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
7005
+ const [accountId, participantPath] = remainder.split("/network-participants/");
7006
+ const participantId = participantPath;
7007
+ const participant = getNetworkParticipant(state, accountId, participantId);
7008
+ if (!participant) {
7009
+ sendJson(res, 404, { ok: false, reason: "network_participant_not_found" });
7010
+ return;
7011
+ }
7012
+ sendJson(res, 200, { ok: true, participant });
7013
+ return;
7014
+ }
7015
+
7016
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participants")) {
7017
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participants$/, "");
7018
+ sendJson(res, 200, {
7019
+ ok: true,
7020
+ account_id: accountId,
7021
+ count: listMultiOperatorParticipants(state, accountId).length,
7022
+ participants: listMultiOperatorParticipants(state, accountId)
7023
+ });
7024
+ return;
7025
+ }
7026
+
7027
+ if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participants")) {
7028
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participants$/, "");
7029
+ const body = await readJsonBody(req);
7030
+ sendJson(res, 200, { ok: true, admission: createMultiOperatorParticipant(state, accountId, body) });
7031
+ return;
7032
+ }
7033
+
7034
+ if (
7035
+ req.method === "GET"
7036
+ && url.pathname.startsWith("/v1/economics/accounts/")
7037
+ && url.pathname.includes("/multi-operator-participants/")
7038
+ && !url.pathname.endsWith("/rotation-summary")
7039
+ ) {
7040
+ const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
7041
+ const [accountId, participantPath] = remainder.split("/multi-operator-participants/");
7042
+ const participantId = participantPath;
7043
+ const participant = getMultiOperatorParticipant(state, accountId, participantId);
7044
+ if (!participant) {
7045
+ sendJson(res, 404, { ok: false, reason: "multi_operator_participant_not_found" });
7046
+ return;
7047
+ }
7048
+ sendJson(res, 200, { ok: true, participant });
7049
+ return;
7050
+ }
7051
+
7052
+ if (
7053
+ req.method === "GET"
7054
+ && url.pathname.startsWith("/v1/economics/accounts/")
7055
+ && url.pathname.includes("/multi-operator-participants/")
7056
+ && url.pathname.endsWith("/rotation-summary")
7057
+ ) {
7058
+ const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
7059
+ const [accountId, participantPath] = remainder.split("/multi-operator-participants/");
7060
+ const participantId = participantPath.replace(/\/rotation-summary$/, "");
7061
+ const summary = buildMultiOperatorParticipantRotationSummary(state, accountId, participantId);
7062
+ if (!summary) {
7063
+ sendJson(res, 404, { ok: false, reason: "multi_operator_participant_not_found" });
7064
+ return;
7065
+ }
7066
+ sendJson(res, 200, summary);
7067
+ return;
7068
+ }
7069
+
7070
+ if (
7071
+ req.method === "POST"
7072
+ && url.pathname.startsWith("/v1/economics/accounts/")
7073
+ && url.pathname.includes("/multi-operator-participants/")
7074
+ && url.pathname.endsWith("/renew")
7075
+ ) {
7076
+ const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
7077
+ const [accountId, participantPath] = remainder.split("/multi-operator-participants/");
7078
+ const participantId = participantPath.replace(/\/renew$/, "");
7079
+ const body = await readJsonBody(req);
7080
+ const renewed = renewMultiOperatorParticipant(state, accountId, participantId, body);
7081
+ if (!renewed) {
7082
+ sendJson(res, 404, { ok: false, reason: "multi_operator_participant_not_found" });
7083
+ return;
7084
+ }
7085
+ sendJson(res, 200, { ok: true, renewal: renewed });
7086
+ return;
7087
+ }
7088
+
7089
+ if (
7090
+ req.method === "POST"
7091
+ && url.pathname.startsWith("/v1/economics/accounts/")
7092
+ && url.pathname.includes("/multi-operator-participants/")
7093
+ && url.pathname.endsWith("/rotate")
7094
+ ) {
7095
+ const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
7096
+ const [accountId, participantPath] = remainder.split("/multi-operator-participants/");
7097
+ const participantId = participantPath.replace(/\/rotate$/, "");
7098
+ const body = await readJsonBody(req);
7099
+ const rotation = rotateMultiOperatorParticipant(state, accountId, participantId, body);
7100
+ if (!rotation) {
7101
+ sendJson(res, 404, { ok: false, reason: "multi_operator_participant_not_found" });
7102
+ return;
7103
+ }
7104
+ sendJson(res, 200, { ok: true, rotation });
7105
+ return;
7106
+ }
7107
+
7108
+ if (
7109
+ req.method === "POST"
7110
+ && url.pathname.startsWith("/v1/economics/accounts/")
7111
+ && url.pathname.includes("/multi-operator-participants/")
7112
+ && url.pathname.endsWith("/revoke")
7113
+ ) {
7114
+ const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
7115
+ const [accountId, participantPath] = remainder.split("/multi-operator-participants/");
7116
+ const participantId = participantPath.replace(/\/revoke$/, "");
7117
+ const body = await readJsonBody(req);
7118
+ const revoked = revokeMultiOperatorParticipant(state, accountId, participantId, body);
7119
+ if (!revoked) {
7120
+ sendJson(res, 404, { ok: false, reason: "multi_operator_participant_not_found" });
7121
+ return;
7122
+ }
7123
+ sendJson(res, 200, { ok: true, revocation: revoked });
7124
+ return;
7125
+ }
7126
+
7127
+ if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation/admission-preview")) {
7128
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation\/admission-preview$/, "");
7129
+ const body = await readJsonBody(req);
7130
+ sendJson(res, 200, { ok: true, admission_preview: buildMultiOperatorAdmissionPreview(state, accountId, body) });
7131
+ return;
7132
+ }
7133
+
7134
+ if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation/admission-preview")) {
7135
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation\/admission-preview$/, "");
7136
+ const body = await readJsonBody(req);
7137
+ sendJson(res, 200, { ok: true, admission_preview: buildNetworkParticipationAdmissionPreview(state, accountId, body) });
7138
+ return;
7139
+ }
7140
+
7141
+ if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participants")) {
7142
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participants$/, "");
7143
+ const body = await readJsonBody(req);
7144
+ sendJson(res, 200, { ok: true, admission: createNetworkParticipant(state, accountId, body) });
7145
+ return;
7146
+ }
7147
+
7148
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-review-bundle")) {
7149
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-review-bundle$/, "");
7150
+ sendJson(res, 200, buildMultiOperatorReviewBundle(state, accountId));
7151
+ return;
7152
+ }
7153
+
7154
+ if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-attention-summary")) {
7155
+ const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-attention-summary$/, "");
7156
+ sendJson(res, 200, buildMultiOperatorAttentionSummary(state, accountId));
7157
+ return;
7158
+ }
7159
+
5911
7160
  if (
5912
7161
  req.method === "GET"
5913
7162
  && url.pathname.startsWith("/v1/economics/accounts/")