xytara 2.3.0 → 2.5.0

package/server.js

@@ -65,7 +65,12 @@ const {
   applyRailCredits,
   buildCreditBalanceSummary,
   buildWalletSummary,
+  buildWalletLifecycleSummary,
+  buildWalletReserveSummary,
+  buildWalletCommitSummary,
+  buildWalletLedgerBundle,
   buildWalletLedgerSummary,
+  applyWalletLifecycleEvent,
   buildEconomicsIntelligenceSummary,
   buildTreasuryIntelligenceSummary,
   buildTreasurySummary,
@@ -78,6 +83,56 @@ const {
   buildPolicySummary,
   buildAccountCreditSpendPolicyPack,
   buildAgentCreditSpendPolicyView,
+  buildPricingPolicySummary,
+  buildPricingPolicyOperatorBundle,
+  buildPricingPolicyPack,
+  buildPricingPolicyApplicationSummary,
+  buildPricingPolicyPackage,
+  buildQuotePolicyDecisionSummary,
+  buildPricingBandDecisionSummary,
+  buildQuotePolicyOperatorBundle,
+  summarizeQuotePolicyOperatorBundle,
+  buildQuotePolicyPack,
+  summarizeQuotePolicyPack,
+  buildQuotePolicyApplicationSummary,
+  buildQuotePolicyPackage,
+  summarizeQuotePolicyPackage,
+  buildTrustInputSummary,
+  buildTrustLayerSummary,
+  buildTrustLayerOperatorBundle,
+  summarizeTrustLayerOperatorBundle,
+  buildTrustLayerPolicyPack,
+  summarizeTrustLayerPolicyPack,
+  buildTrustLayerApplicationSummary,
+  buildTrustLayerPackage,
+  summarizeTrustLayerPackage,
+  listNetworkParticipants,
+  getNetworkParticipant,
+  buildNetworkParticipationAdmissionPreview,
+  createNetworkParticipant,
+  buildNetworkParticipationReviewBundle,
+  buildNetworkParticipationAttentionSummary,
+  buildNetworkParticipationSummary,
+  buildNetworkParticipationOperatorBundle,
+  buildNetworkParticipationPackage,
+  listMultiOperatorParticipants,
+  getMultiOperatorParticipant,
+  buildMultiOperatorAdmissionPreview,
+  createMultiOperatorParticipant,
+  renewMultiOperatorParticipant,
+  revokeMultiOperatorParticipant,
+  rotateMultiOperatorParticipant,
+  buildMultiOperatorParticipantRotationSummary,
+  buildMultiOperatorReviewBundle,
+  buildMultiOperatorAttentionSummary,
+  buildMultiOperatorParticipationSummary,
+  buildMultiOperatorParticipationOperatorBundle,
+  summarizeMultiOperatorParticipationOperatorBundle,
+  buildMultiOperatorParticipationPolicyPack,
+  summarizeMultiOperatorParticipationPolicyPack,
+  buildMultiOperatorParticipationApplicationSummary,
+  buildMultiOperatorParticipationPackage,
+  summarizeMultiOperatorParticipationPackage,
   buildRailSummary,
   buildEntitlementSummary,
   buildEntitlementReplenishmentSummary,
@@ -112,17 +167,162 @@ const {
   buildOperatorExportPack,
   buildReconciliationReport
 } = require("./lib/commerce_reports");
+const {
+  buildOpenApiDocument,
+  summarizeOpenApiDocument
+} = require("./lib/openapi_contract");
+const {
+  buildAsyncApiDocument,
+  summarizeAsyncApiDocument
+} = require("./lib/asyncapi_contract");
+const {
+  buildCloudEventsContract,
+  summarizeCloudEventsContract
+} = require("./lib/cloudevents_contract");
+const {
+  buildAuthInteropContract,
+  summarizeAuthInteropContract
+} = require("./lib/auth_interop_contract");
+const {
+  buildIdentityInteropContract,
+  summarizeIdentityInteropContract
+} = require("./lib/identity_interop_contract");
+const {
+  buildProviderLanePack,
+  summarizeProviderLanePack
+} = require("./lib/provider_lane_contract");
+const {
+  buildFrameworkLanePack,
+  summarizeFrameworkLanePack
+} = require("./lib/framework_lane_contract");
+const {
+  buildProtocolLanePack,
+  summarizeProtocolLanePack
+} = require("./lib/protocol_lane_contract");
+const {
+  buildIntegrationMatrixPack,
+  summarizeIntegrationMatrixPack
+} = require("./lib/integration_matrix_contract");
+const {
+  buildMcpLanePack,
+  summarizeMcpLanePack,
+  listMcpTools,
+  getMcpToolDetail
+} = require("./lib/mcp_lane_contract");
+const {
+  buildA2ALanePack,
+  summarizeA2ALanePack
+} = require("./lib/a2a_lane_contract");
+const {
+  buildA2CLanePack,
+  summarizeA2CLanePack
+} = require("./lib/a2c_lane_contract");
+const {
+  buildX402LanePack,
+  summarizeX402LanePack
+} = require("./lib/x402_lane_contract");
+const {
+  buildSettlementLanePack,
+  summarizeSettlementLanePack
+} = require("./lib/settlement_lane_contract");
+const {
+  buildStripeMppLanePack,
+  summarizeStripeMppLanePack
+} = require("./lib/stripe_mpp_lane_contract");
+const {
+  buildStablecoinLanePack,
+  summarizeStablecoinLanePack
+} = require("./lib/stablecoin_lane_contract");
+const {
+  buildMajorRailsLanePack,
+  summarizeMajorRailsLanePack
+} = require("./lib/major_rails_lane_contract");
+const {
+  buildTreasuryLanePack,
+  summarizeTreasuryLanePack
+} = require("./lib/treasury_lane_contract");
+const {
+  buildErc8004LanePack,
+  summarizeErc8004LanePack
+} = require("./lib/erc8004_lane_contract");
+const {
+  buildEventSystemLanePack,
+  summarizeEventSystemLanePack
+} = require("./lib/event_system_lane_contract");
+const {
+  buildTelemetryLanePack,
+  summarizeTelemetryLanePack
+} = require("./lib/telemetry_lane_contract");
+const {
+  buildProvenanceLanePack,
+  summarizeProvenanceLanePack
+} = require("./lib/provenance_lane_contract");
+const {
+  buildArtifactDistributionLanePack,
+  summarizeArtifactDistributionLanePack
+} = require("./lib/artifact_distribution_lane_contract");
+const {
+  buildSharedSignalsLanePack,
+  summarizeSharedSignalsLanePack
+} = require("./lib/shared_signals_lane_contract");
+const {
+  buildFeatureControlLanePack,
+  summarizeFeatureControlLanePack
+} = require("./lib/feature_control_lane_contract");
+const {
+  buildAuthoritySummary,
+  buildAuthorityBundle,
+  buildAuthorityUsageSummary,
+  buildAuthorityReviewBundle,
+  buildAuthorityAttentionSummary,
+  buildAuthorityLineageSummary,
+  buildAuthorityPolicyPack,
+  buildAuthorityPolicyPackSummary
+} = require("./lib/commerce_authority");
+const {
+  buildMachineIdentitySummary,
+  buildMachineIdentityBundle,
+  buildMachineIdentityAttachmentSummary,
+  buildMachineIdentityLineageSummary,
+  buildMachineIdentityBindingLineageSummary,
+  buildMachineIdentityProfile,
+  buildMachineIdentityPolicyPack,
+  buildMachineIdentityPolicyPackSummary,
+  buildMachineIdentityPolicyApplicationSummary,
+  buildMachineIdentityReviewBundle,
+  buildMachineIdentityAttentionSummary,
+  buildMachineIdentityOperatorBundle
+} = require("./lib/commerce_identity");
 const {
   createExternalCreditGrant,
   getExternalCreditGrant,
   listExternalCreditGrants
 } = require("./lib/external_credit_bridge");
 const {
+  createAuthorityBinding,
   createSpendCredential,
+  evaluateAuthorityBindingAction,
+  getAuthorityBinding,
+  getAuthorityBindingContractSummary,
+  getAuthorityBindingRotationSummary,
   getSpendCredential,
+  listAuthorityBindings,
   listSpendCredentials,
+  renewAuthorityBinding,
+  resolveSpendCredential,
+  rotateAuthorityBinding,
+  revokeAuthorityBinding,
   revokeSpendCredential
 } = require("./lib/account_auth");
+const {
+  createIdentityBinding,
+  listIdentityBindings,
+  getIdentityBinding,
+  getIdentityBindingRotationSummary,
+  renewIdentityBinding,
+  revokeIdentityBinding,
+  rotateIdentityBinding
+} = require("./lib/identity_auth");
 const {
   getBsvSettlementRecord,
   listBsvSettlementRecords,
@@ -246,6 +446,19 @@ const {
   buildAdapterPartnerPack,
   summarizeAdapterPartnerPack
 } = require("./lib/adapter_partner_pack");
+const {
+  buildCapabilityRegistrySummary,
+  buildCapabilityRegistryBundle,
+  buildCapabilityRegistryClassificationSummary,
+  buildCapabilityRegistryLineageSummary,
+  buildCapabilityRegistryOperatorBundle,
+  buildCapabilityRegistryPolicyPack,
+  summarizeCapabilityRegistryPolicyPack,
+  buildCapabilityRegistryPolicyApplicationSummary,
+  buildCapabilityRegistryPackage,
+  summarizeCapabilityRegistryPackage,
+  summarizeCapabilityRegistryOperatorBundle
+} = require("./lib/capability_registry");
 const {
   buildPartnerIntelligencePack,
   summarizePartnerIntelligencePack
@@ -875,6 +1088,19 @@ function parseBearerToken(headers) {
   return match ? match[1].trim() : null;
 }
 
+function resolveDelegatedAuthorityForHeaders(state, headers) {
+  const bearerToken = parseBearerToken(headers);
+  const delegatedSpendRequested = typeof bearerToken === "string" && bearerToken.startsWith("xytara_spend_");
+  if (!delegatedSpendRequested) {
+    return { requested: false, ok: false, reason: "spend_credential_not_requested" };
+  }
+  const delegatedSpend = resolveSpendCredential(state, bearerToken);
+  return {
+    requested: true,
+    ...delegatedSpend
+  };
+}
+
 function verifyAccountAuthWriteAccess(headers) {
   const expectedToken = getAccountAuthBearerToken();
   if (!expectedToken) {
@@ -900,6 +1126,18 @@ function verifyAccountAuthWriteAccess(headers) {
   };
 }
 
+function mergeIdentityBindingPolicyPayload(policySummary, body, accountId) {
+  const payload = body && typeof body === "object" && !Array.isArray(body) ? body : {};
+  const suggested = policySummary && policySummary.suggested_binding_payload && typeof policySummary.suggested_binding_payload === "object"
+    ? policySummary.suggested_binding_payload
+    : {};
+  return {
+    ...suggested,
+    ...payload,
+    account_id: accountId
+  };
+}
+
 function verifyCreditBridgeWriteAccess(headers) {
   const expectedToken = getCreditBridgeBearerToken();
   if (!expectedToken) {
@@ -3143,6 +3381,271 @@ async function routeRequest(req, res) {
     return;
   }
 
+  if (req.method === "GET" && (url.pathname === "/openapi.json" || url.pathname === "/v1/openapi")) {
+    sendJson(res, 200, buildOpenApiDocument());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/openapi/summary") {
+    sendJson(res, 200, summarizeOpenApiDocument());
+    return;
+  }
+
+  if (req.method === "GET" && (url.pathname === "/asyncapi.json" || url.pathname === "/v1/asyncapi")) {
+    sendJson(res, 200, buildAsyncApiDocument());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/asyncapi/summary") {
+    sendJson(res, 200, summarizeAsyncApiDocument());
+    return;
+  }
+
+  if (req.method === "GET" && (url.pathname === "/cloudevents.json" || url.pathname === "/v1/cloudevents")) {
+    sendJson(res, 200, buildCloudEventsContract());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/cloudevents/summary") {
+    sendJson(res, 200, summarizeCloudEventsContract());
+    return;
+  }
+
+  if (req.method === "GET" && (url.pathname === "/v1/auth-profiles" || url.pathname === "/v1/auth-interop")) {
+    sendJson(res, 200, buildAuthInteropContract());
+    return;
+  }
+
+  if (req.method === "GET" && (url.pathname === "/v1/auth-profiles/summary" || url.pathname === "/v1/auth-interop/summary")) {
+    sendJson(res, 200, summarizeAuthInteropContract());
+    return;
+  }
+
+  if (req.method === "GET" && (url.pathname === "/v1/identity-interop" || url.pathname === "/v1/credential-interop")) {
+    sendJson(res, 200, buildIdentityInteropContract());
+    return;
+  }
+
+  if (req.method === "GET" && (url.pathname === "/v1/identity-interop/summary" || url.pathname === "/v1/credential-interop/summary")) {
+    sendJson(res, 200, summarizeIdentityInteropContract());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/providers") {
+    sendJson(res, 200, buildProviderLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/providers/summary") {
+    sendJson(res, 200, summarizeProviderLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/frameworks") {
+    sendJson(res, 200, buildFrameworkLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/frameworks/summary") {
+    sendJson(res, 200, summarizeFrameworkLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/protocols") {
+    sendJson(res, 200, buildProtocolLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/protocols/summary") {
+    sendJson(res, 200, summarizeProtocolLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/integration-matrix") {
+    sendJson(res, 200, buildIntegrationMatrixPack(listIntegrations()));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/integration-matrix/summary") {
+    sendJson(res, 200, summarizeIntegrationMatrixPack(listIntegrations()));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/mcp") {
+    sendJson(res, 200, buildMcpLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/mcp/summary") {
+    sendJson(res, 200, summarizeMcpLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/mcp/tools") {
+    const toolName = String(url.searchParams.get("tool_name") || "").trim();
+    if (!toolName) {
+      sendJson(res, 200, listMcpTools());
+      return;
+    }
+    const tool = getMcpToolDetail(toolName);
+    if (!tool) {
+      sendJson(res, 404, { ok: false, reason: "mcp_tool_not_found", tool_name: toolName });
+      return;
+    }
+    sendJson(res, 200, { ok: true, tool });
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/a2a") {
+    sendJson(res, 200, buildA2ALanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/a2a/summary") {
+    sendJson(res, 200, summarizeA2ALanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/a2c") {
+    sendJson(res, 200, buildA2CLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/a2c/summary") {
+    sendJson(res, 200, summarizeA2CLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/x402") {
+    sendJson(res, 200, buildX402LanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/x402/summary") {
+    sendJson(res, 200, summarizeX402LanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/settlement") {
+    sendJson(res, 200, buildSettlementLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/settlement/summary") {
+    sendJson(res, 200, summarizeSettlementLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/stripe-mpp") {
+    sendJson(res, 200, buildStripeMppLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/stripe-mpp/summary") {
+    sendJson(res, 200, summarizeStripeMppLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/stablecoins") {
+    sendJson(res, 200, buildStablecoinLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/stablecoins/summary") {
+    sendJson(res, 200, summarizeStablecoinLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/major-rails") {
+    sendJson(res, 200, buildMajorRailsLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/major-rails/summary") {
+    sendJson(res, 200, summarizeMajorRailsLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/treasury") {
+    sendJson(res, 200, buildTreasuryLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/treasury/summary") {
+    sendJson(res, 200, summarizeTreasuryLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/erc8004") {
+    sendJson(res, 200, buildErc8004LanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/erc8004/summary") {
+    sendJson(res, 200, summarizeErc8004LanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/event-systems") {
+    sendJson(res, 200, buildEventSystemLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/event-systems/summary") {
+    sendJson(res, 200, summarizeEventSystemLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/telemetry") {
+    sendJson(res, 200, buildTelemetryLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/telemetry/summary") {
+    sendJson(res, 200, summarizeTelemetryLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/provenance") {
+    sendJson(res, 200, buildProvenanceLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/provenance/summary") {
+    sendJson(res, 200, summarizeProvenanceLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/artifact-distribution") {
+    sendJson(res, 200, buildArtifactDistributionLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/artifact-distribution/summary") {
+    sendJson(res, 200, summarizeArtifactDistributionLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/shared-signals") {
+    sendJson(res, 200, buildSharedSignalsLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/shared-signals/summary") {
+    sendJson(res, 200, summarizeSharedSignalsLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/feature-control") {
+    sendJson(res, 200, buildFeatureControlLanePack());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/feature-control/summary") {
+    sendJson(res, 200, summarizeFeatureControlLanePack());
+    return;
+  }
+
   if (req.method === "GET" && url.pathname === "/v1/release-pack") {
     sendJson(res, 200, buildReleasePack());
     return;
@@ -3271,6 +3774,76 @@ async function routeRequest(req, res) {
     return;
   }
 
+  if (req.method === "GET" && url.pathname === "/v1/capability-registry") {
+    sendJson(res, 200, buildCapabilityRegistryBundle());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/capability-registry/summary") {
+    sendJson(res, 200, buildCapabilityRegistrySummary());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/capability-registry/classification-summary") {
+    sendJson(res, 200, buildCapabilityRegistryClassificationSummary());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/capability-registry/lineage-summary") {
+    sendJson(res, 200, buildCapabilityRegistryLineageSummary());
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/capability-registry/operator-bundle") {
+    sendJson(res, 200, buildCapabilityRegistryOperatorBundle(state, {
+      account_id: url.searchParams.get("account_id") || "acct_demo"
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/capability-registry/operator-bundle/summary") {
+    sendJson(res, 200, summarizeCapabilityRegistryOperatorBundle(state, {
+      account_id: url.searchParams.get("account_id") || "acct_demo"
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/capability-registry/policy-pack") {
+    sendJson(res, 200, buildCapabilityRegistryPolicyPack(state, {
+      account_id: url.searchParams.get("account_id") || "acct_demo"
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/capability-registry/policy-pack/summary") {
+    sendJson(res, 200, summarizeCapabilityRegistryPolicyPack(state, {
+      account_id: url.searchParams.get("account_id") || "acct_demo"
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/capability-registry/policy-application-summary") {
+    sendJson(res, 200, buildCapabilityRegistryPolicyApplicationSummary(state, {
+      account_id: url.searchParams.get("account_id") || "acct_demo",
+      template_id: url.searchParams.get("template_id") || ""
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/capability-registry/package") {
+    sendJson(res, 200, buildCapabilityRegistryPackage(state, {
+      account_id: url.searchParams.get("account_id") || "acct_demo"
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/capability-registry/package/summary") {
+    sendJson(res, 200, summarizeCapabilityRegistryPackage(state, {
+      account_id: url.searchParams.get("account_id") || "acct_demo"
+    }));
+    return;
+  }
+
   if (req.method === "GET" && url.pathname === "/v1/partner-intelligence") {
     sendJson(res, 200, buildPartnerIntelligencePack());
     return;
@@ -5318,6 +5891,78 @@ async function routeRequest(req, res) {
     return;
   }
 
+  if (req.method === "POST" && url.pathname === "/v1/economics/rails/credits/reserve") {
+    const body = await readJsonBody(req);
+    const delegatedAuthority = resolveDelegatedAuthorityForHeaders(state, req.headers || {});
+    if (delegatedAuthority.requested && !delegatedAuthority.ok) {
+      sendJson(res, 403, { ok: false, reason: delegatedAuthority.reason });
+      return;
+    }
+    if (delegatedAuthority.ok && delegatedAuthority.binding) {
+      const units = typeof body.units === "number" ? body.units : 0;
+      const authorityDecision = evaluateAuthorityBindingAction(delegatedAuthority.binding, "reserve", units);
+      if (!authorityDecision.ok) {
+        sendJson(res, 403, authorityDecision);
+        return;
+      }
+    }
+    const result = applyWalletLifecycleEvent(state, body, "reserve");
+    if (!result.ok) {
+      sendJson(res, 409, result);
+      return;
+    }
+    sendJson(res, 200, result);
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname === "/v1/economics/rails/credits/release") {
+    const body = await readJsonBody(req);
+    const delegatedAuthority = resolveDelegatedAuthorityForHeaders(state, req.headers || {});
+    if (delegatedAuthority.requested && !delegatedAuthority.ok) {
+      sendJson(res, 403, { ok: false, reason: delegatedAuthority.reason });
+      return;
+    }
+    if (delegatedAuthority.ok && delegatedAuthority.binding) {
+      const units = typeof body.units === "number" ? body.units : 0;
+      const authorityDecision = evaluateAuthorityBindingAction(delegatedAuthority.binding, "release", units);
+      if (!authorityDecision.ok) {
+        sendJson(res, 403, authorityDecision);
+        return;
+      }
+    }
+    const result = applyWalletLifecycleEvent(state, body, "release");
+    if (!result.ok) {
+      sendJson(res, 409, result);
+      return;
+    }
+    sendJson(res, 200, result);
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname === "/v1/economics/rails/credits/reverse") {
+    const body = await readJsonBody(req);
+    const delegatedAuthority = resolveDelegatedAuthorityForHeaders(state, req.headers || {});
+    if (delegatedAuthority.requested && !delegatedAuthority.ok) {
+      sendJson(res, 403, { ok: false, reason: delegatedAuthority.reason });
+      return;
+    }
+    if (delegatedAuthority.ok && delegatedAuthority.binding) {
+      const units = typeof body.units === "number" ? body.units : 0;
+      const authorityDecision = evaluateAuthorityBindingAction(delegatedAuthority.binding, "reverse", units);
+      if (!authorityDecision.ok) {
+        sendJson(res, 403, authorityDecision);
+        return;
+      }
+    }
+    const result = applyWalletLifecycleEvent(state, body, "reverse");
+    if (!result.ok) {
+      sendJson(res, 409, result);
+      return;
+    }
+    sendJson(res, 200, result);
+    return;
+  }
+
   if (req.method === "POST" && url.pathname === "/v1/economics/rails/credits/consume") {
     const body = await readJsonBody(req);
     const result = consumeAccountCredits(state, body);
@@ -5439,6 +6084,311 @@ async function routeRequest(req, res) {
     return;
   }
 
+  if (req.method === "GET" && url.pathname === "/v1/account-auth/authority-bindings") {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const bindings = listAuthorityBindings(state, Object.fromEntries(url.searchParams.entries()));
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      authority_bindings: bindings
+    });
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname === "/v1/identity/bindings") {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const bindings = listIdentityBindings(state, Object.fromEntries(url.searchParams.entries()));
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      identity_bindings: bindings
+    });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname === "/v1/identity/bindings") {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const body = await readJsonBody(req);
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      identity_binding: createIdentityBinding(state, body)
+    });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-policy-bindings")) {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-policy-bindings$/, "");
+    const body = await readJsonBody(req);
+    const policySummary = buildMachineIdentityPolicyApplicationSummary(state, accountId, body && body.template_id ? body.template_id : null);
+    const identityBinding = createIdentityBinding(state, mergeIdentityBindingPolicyPayload(policySummary, body, accountId));
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      machine_identity_policy_application_summary: policySummary,
+      identity_binding: identityBinding
+    });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.includes("/machine-identity-policy-rotations/")) {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-policy-rotations\/.*$/, "");
+    const bindingId = getDecodedSuffixId(url.pathname, `/v1/economics/accounts/${encodeURIComponent(accountId)}/machine-identity-policy-rotations/`);
+    const body = await readJsonBody(req);
+    const policySummary = buildMachineIdentityPolicyApplicationSummary(state, accountId, body && body.template_id ? body.template_id : null);
+    const rotation = rotateIdentityBinding(state, bindingId, mergeIdentityBindingPolicyPayload(policySummary, body, accountId));
+    if (!rotation) {
+      sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
+      return;
+    }
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      machine_identity_policy_application_summary: policySummary,
+      rotation
+    });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.endsWith("/revoke") && url.pathname.startsWith("/v1/identity/bindings/")) {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const bindingId = getDecodedSuffixId(url.pathname, "/v1/identity/bindings/").replace(/\/revoke$/, "");
+    const binding = revokeIdentityBinding(state, bindingId, await readJsonBody(req));
+    if (!binding) {
+      sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
+      return;
+    }
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      identity_binding: binding
+    });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.endsWith("/renew") && url.pathname.startsWith("/v1/identity/bindings/")) {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const bindingId = getDecodedSuffixId(url.pathname, "/v1/identity/bindings/").replace(/\/renew$/, "");
+    const binding = renewIdentityBinding(state, bindingId, await readJsonBody(req));
+    if (!binding) {
+      sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
+      return;
+    }
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      identity_binding: binding
+    });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.endsWith("/rotate") && url.pathname.startsWith("/v1/identity/bindings/")) {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const bindingId = getDecodedSuffixId(url.pathname, "/v1/identity/bindings/").replace(/\/rotate$/, "");
+    const rotation = rotateIdentityBinding(state, bindingId, await readJsonBody(req));
+    if (!rotation) {
+      sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
+      return;
+    }
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      rotation
+    });
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/identity/bindings/")) {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    if (url.pathname.endsWith("/rotation-summary")) {
+      const bindingId = getDecodedSuffixId(url.pathname, "/v1/identity/bindings/").replace(/\/rotation-summary$/, "");
+      const bindingSummary = getIdentityBindingRotationSummary(state, bindingId);
+      if (!bindingSummary) {
+        sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
+        return;
+      }
+      sendJson(res, 200, {
+        ok: true,
+        auth_mode: authorization.auth_mode,
+        identity_binding_rotation_summary: bindingSummary
+      });
+      return;
+    }
+    const bindingId = getDecodedSuffixId(url.pathname, "/v1/identity/bindings/");
+    const binding = getIdentityBinding(state, bindingId);
+    if (!binding) {
+      sendJson(res, 404, { ok: false, reason: "identity_binding_not_found" });
+      return;
+    }
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      identity_binding: binding
+    });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname === "/v1/account-auth/authority-bindings") {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const body = await readJsonBody(req);
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      authority_binding: createAuthorityBinding(state, body)
+    });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.endsWith("/revoke") && url.pathname.startsWith("/v1/account-auth/authority-bindings/")) {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/").replace(/\/revoke$/, "");
+    const binding = revokeAuthorityBinding(state, bindingId, await readJsonBody(req));
+    if (!binding) {
+      sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
+      return;
+    }
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      authority_binding: binding
+    });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.endsWith("/renew") && url.pathname.startsWith("/v1/account-auth/authority-bindings/")) {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/").replace(/\/renew$/, "");
+    const binding = renewAuthorityBinding(state, bindingId, await readJsonBody(req));
+    if (!binding) {
+      sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
+      return;
+    }
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      authority_binding: binding
+    });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.endsWith("/rotate") && url.pathname.startsWith("/v1/account-auth/authority-bindings/")) {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/").replace(/\/rotate$/, "");
+    const rotation = rotateAuthorityBinding(state, bindingId, await readJsonBody(req));
+    if (!rotation) {
+      sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
+      return;
+    }
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      rotation
+    });
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/account-auth/authority-bindings/")) {
+    const authorization = verifyAccountAuthWriteAccess(req.headers || {});
+    if (!authorization.ok) {
+      sendJson(res, authorization.status, authorization.payload);
+      return;
+    }
+    if (url.pathname.endsWith("/contract-summary")) {
+      const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/").replace(/\/contract-summary$/, "");
+      const bindingSummary = getAuthorityBindingContractSummary(state, bindingId);
+      if (!bindingSummary) {
+        sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
+        return;
+      }
+      sendJson(res, 200, {
+        ok: true,
+        auth_mode: authorization.auth_mode,
+        authority_binding_contract_summary: bindingSummary
+      });
+      return;
+    }
+    if (url.pathname.endsWith("/rotation-summary")) {
+      const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/").replace(/\/rotation-summary$/, "");
+      const bindingSummary = getAuthorityBindingRotationSummary(state, bindingId);
+      if (!bindingSummary) {
+        sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
+        return;
+      }
+      sendJson(res, 200, {
+        ok: true,
+        auth_mode: authorization.auth_mode,
+        authority_binding_rotation_summary: bindingSummary
+      });
+      return;
+    }
+    const bindingId = getDecodedSuffixId(url.pathname, "/v1/account-auth/authority-bindings/");
+    const binding = getAuthorityBinding(state, bindingId);
+    if (!binding) {
+      sendJson(res, 404, { ok: false, reason: "authority_binding_not_found" });
+      return;
+    }
+    sendJson(res, 200, {
+      ok: true,
+      auth_mode: authorization.auth_mode,
+      authority_binding: binding
+    });
+    return;
+  }
+
   if (req.method === "POST" && url.pathname.endsWith("/revoke") && url.pathname.startsWith("/v1/account-auth/spend-credentials/")) {
     const authorization = verifyAccountAuthWriteAccess(req.headers || {});
     if (!authorization.ok) {
@@ -5811,6 +6761,150 @@ async function routeRequest(req, res) {
     return;
   }
 
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/wallet-lifecycle-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/wallet-lifecycle-summary$/, "");
+    sendJson(res, 200, buildWalletLifecycleSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/wallet-reserve-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/wallet-reserve-summary$/, "");
+    sendJson(res, 200, buildWalletReserveSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/wallet-commit-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/wallet-commit-summary$/, "");
+    sendJson(res, 200, buildWalletCommitSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/wallet-ledger-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/wallet-ledger-bundle$/, "");
+    sendJson(res, 200, buildWalletLedgerBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-summary$/, "");
+    sendJson(res, 200, buildAuthoritySummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-bundle$/, "");
+    sendJson(res, 200, buildAuthorityBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-usage-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-usage-summary$/, "");
+    sendJson(res, 200, buildAuthorityUsageSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-review-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-review-bundle$/, "");
+    sendJson(res, 200, buildAuthorityReviewBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-attention-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-attention-summary$/, "");
+    sendJson(res, 200, buildAuthorityAttentionSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-lineage-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-lineage-summary$/, "");
+    sendJson(res, 200, buildAuthorityLineageSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-policy-pack/summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-policy-pack\/summary$/, "");
+    sendJson(res, 200, buildAuthorityPolicyPackSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/authority-policy-pack")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/authority-policy-pack$/, "");
+    sendJson(res, 200, buildAuthorityPolicyPack(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-summary$/, "");
+    sendJson(res, 200, buildMachineIdentitySummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-bundle$/, "");
+    sendJson(res, 200, buildMachineIdentityBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-attachment-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-attachment-summary$/, "");
+    sendJson(res, 200, buildMachineIdentityAttachmentSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-lineage-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-lineage-summary$/, "");
+    sendJson(res, 200, buildMachineIdentityLineageSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-binding-lineage-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-binding-lineage-summary$/, "");
+    sendJson(res, 200, buildMachineIdentityBindingLineageSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-profile")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-profile$/, "");
+    sendJson(res, 200, buildMachineIdentityProfile(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-policy-pack/summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-policy-pack\/summary$/, "");
+    sendJson(res, 200, buildMachineIdentityPolicyPackSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-policy-application-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-policy-application-summary$/, "");
+    sendJson(res, 200, buildMachineIdentityPolicyApplicationSummary(state, accountId, url.searchParams.get("template_id")));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-policy-pack")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-policy-pack$/, "");
+    sendJson(res, 200, buildMachineIdentityPolicyPack(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-review-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-review-bundle$/, "");
+    sendJson(res, 200, buildMachineIdentityReviewBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-attention-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-attention-summary$/, "");
+    sendJson(res, 200, buildMachineIdentityAttentionSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/machine-identity-operator-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/machine-identity-operator-bundle$/, "");
+    sendJson(res, 200, buildMachineIdentityOperatorBundle(state, accountId));
+    return;
+  }
+
   if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/wallet-ledger-summary")) {
     const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/wallet-ledger-summary$/, "");
     sendJson(res, 200, buildWalletLedgerSummary(state, accountId));
@@ -5980,6 +7074,456 @@ async function routeRequest(req, res) {
     return;
   }
 
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-policy-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-policy-summary$/, "");
+    sendJson(res, 200, buildPricingPolicySummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-policy-operator-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-policy-operator-bundle$/, "");
+    sendJson(res, 200, buildPricingPolicyOperatorBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-policy-pack")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-policy-pack$/, "");
+    sendJson(res, 200, buildPricingPolicyPack(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-policy-application-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-policy-application-summary$/, "");
+    sendJson(res, 200, buildPricingPolicyApplicationSummary(state, accountId, url.searchParams.get("template_id") || null));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-policy-package")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-policy-package$/, "");
+    sendJson(res, 200, buildPricingPolicyPackage(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-decision-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-decision-summary$/, "");
+    sendJson(res, 200, buildQuotePolicyDecisionSummary(state, {
+      account_id: accountId,
+      task_ref: url.searchParams.get("task_ref") || null,
+      workflow_ref: url.searchParams.get("workflow_ref") || null,
+      quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
+      agent_id: url.searchParams.get("agent_id") || null,
+      budget_id: url.searchParams.get("budget_id") || null
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/pricing-band-decision-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/pricing-band-decision-summary$/, "");
+    sendJson(res, 200, buildPricingBandDecisionSummary(state, {
+      account_id: accountId,
+      task_ref: url.searchParams.get("task_ref") || null,
+      workflow_ref: url.searchParams.get("workflow_ref") || null,
+      quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-operator-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-operator-bundle$/, "");
+    sendJson(res, 200, buildQuotePolicyOperatorBundle(state, {
+      account_id: accountId,
+      task_ref: url.searchParams.get("task_ref") || null,
+      workflow_ref: url.searchParams.get("workflow_ref") || null,
+      quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
+      agent_id: url.searchParams.get("agent_id") || null,
+      budget_id: url.searchParams.get("budget_id") || null
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-operator-bundle/summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-operator-bundle\/summary$/, "");
+    sendJson(res, 200, summarizeQuotePolicyOperatorBundle(state, {
+      account_id: accountId,
+      task_ref: url.searchParams.get("task_ref") || null,
+      workflow_ref: url.searchParams.get("workflow_ref") || null,
+      quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
+      agent_id: url.searchParams.get("agent_id") || null,
+      budget_id: url.searchParams.get("budget_id") || null
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-pack")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-pack$/, "");
+    sendJson(res, 200, buildQuotePolicyPack(state, {
+      account_id: accountId,
+      task_ref: url.searchParams.get("task_ref") || null,
+      workflow_ref: url.searchParams.get("workflow_ref") || null,
+      quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
+      agent_id: url.searchParams.get("agent_id") || null,
+      budget_id: url.searchParams.get("budget_id") || null
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-pack/summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-pack\/summary$/, "");
+    sendJson(res, 200, summarizeQuotePolicyPack(state, {
+      account_id: accountId,
+      task_ref: url.searchParams.get("task_ref") || null,
+      workflow_ref: url.searchParams.get("workflow_ref") || null,
+      quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
+      agent_id: url.searchParams.get("agent_id") || null,
+      budget_id: url.searchParams.get("budget_id") || null
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-application-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-application-summary$/, "");
+    sendJson(res, 200, buildQuotePolicyApplicationSummary(state, {
+      account_id: accountId,
+      task_ref: url.searchParams.get("task_ref") || null,
+      workflow_ref: url.searchParams.get("workflow_ref") || null,
+      quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
+      agent_id: url.searchParams.get("agent_id") || null,
+      budget_id: url.searchParams.get("budget_id") || null,
+      template_id: url.searchParams.get("template_id") || null
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-package")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-package$/, "");
+    sendJson(res, 200, buildQuotePolicyPackage(state, {
+      account_id: accountId,
+      task_ref: url.searchParams.get("task_ref") || null,
+      workflow_ref: url.searchParams.get("workflow_ref") || null,
+      quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
+      agent_id: url.searchParams.get("agent_id") || null,
+      budget_id: url.searchParams.get("budget_id") || null
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/quote-policy-package/summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/quote-policy-package\/summary$/, "");
+    sendJson(res, 200, summarizeQuotePolicyPackage(state, {
+      account_id: accountId,
+      task_ref: url.searchParams.get("task_ref") || null,
+      workflow_ref: url.searchParams.get("workflow_ref") || null,
+      quoted_units: Number.isFinite(Number(url.searchParams.get("quoted_units"))) ? Number(url.searchParams.get("quoted_units")) : null,
+      agent_id: url.searchParams.get("agent_id") || null,
+      budget_id: url.searchParams.get("budget_id") || null
+    }));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-summary$/, "");
+    sendJson(res, 200, buildTrustLayerSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-input-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-input-summary$/, "");
+    sendJson(res, 200, buildTrustInputSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-operator-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-operator-bundle$/, "");
+    sendJson(res, 200, buildTrustLayerOperatorBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-operator-bundle/summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-operator-bundle\/summary$/, "");
+    sendJson(res, 200, summarizeTrustLayerOperatorBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-policy-pack")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-policy-pack$/, "");
+    sendJson(res, 200, buildTrustLayerPolicyPack(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-policy-pack/summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-policy-pack\/summary$/, "");
+    sendJson(res, 200, summarizeTrustLayerPolicyPack(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-application-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-application-summary$/, "");
+    sendJson(res, 200, buildTrustLayerApplicationSummary(state, accountId, url.searchParams.get("template_id") || null));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-package")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-package$/, "");
+    sendJson(res, 200, buildTrustLayerPackage(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/trust-layer-package/summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/trust-layer-package\/summary$/, "");
+    sendJson(res, 200, summarizeTrustLayerPackage(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-summary$/, "");
+    sendJson(res, 200, buildMultiOperatorParticipationSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-operator-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-operator-bundle$/, "");
+    sendJson(res, 200, buildMultiOperatorParticipationOperatorBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-operator-bundle/summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-operator-bundle\/summary$/, "");
+    sendJson(res, 200, summarizeMultiOperatorParticipationOperatorBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-policy-pack")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-policy-pack$/, "");
+    sendJson(res, 200, buildMultiOperatorParticipationPolicyPack(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-policy-pack/summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-policy-pack\/summary$/, "");
+    sendJson(res, 200, summarizeMultiOperatorParticipationPolicyPack(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-application-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-application-summary$/, "");
+    sendJson(res, 200, buildMultiOperatorParticipationApplicationSummary(state, accountId, url.searchParams.get("template_id") || null));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-package")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-package$/, "");
+    sendJson(res, 200, buildMultiOperatorParticipationPackage(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation-package/summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation-package\/summary$/, "");
+    sendJson(res, 200, summarizeMultiOperatorParticipationPackage(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation-summary$/, "");
+    sendJson(res, 200, buildNetworkParticipationSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation-operator-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation-operator-bundle$/, "");
+    sendJson(res, 200, buildNetworkParticipationOperatorBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation-package")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation-package$/, "");
+    sendJson(res, 200, buildNetworkParticipationPackage(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation-review-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation-review-bundle$/, "");
+    sendJson(res, 200, buildNetworkParticipationReviewBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation-attention-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation-attention-summary$/, "");
+    sendJson(res, 200, buildNetworkParticipationAttentionSummary(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participants")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participants$/, "");
+    sendJson(res, 200, {
+      ok: true,
+      account_id: accountId,
+      count: listNetworkParticipants(state, accountId).length,
+      participants: listNetworkParticipants(state, accountId)
+    });
+    return;
+  }
+
+  if (
+    req.method === "GET"
+    && url.pathname.startsWith("/v1/economics/accounts/")
+    && url.pathname.includes("/network-participants/")
+  ) {
+    const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
+    const [accountId, participantPath] = remainder.split("/network-participants/");
+    const participantId = participantPath;
+    const participant = getNetworkParticipant(state, accountId, participantId);
+    if (!participant) {
+      sendJson(res, 404, { ok: false, reason: "network_participant_not_found" });
+      return;
+    }
+    sendJson(res, 200, { ok: true, participant });
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participants")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participants$/, "");
+    sendJson(res, 200, {
+      ok: true,
+      account_id: accountId,
+      count: listMultiOperatorParticipants(state, accountId).length,
+      participants: listMultiOperatorParticipants(state, accountId)
+    });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participants")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participants$/, "");
+    const body = await readJsonBody(req);
+    sendJson(res, 200, { ok: true, admission: createMultiOperatorParticipant(state, accountId, body) });
+    return;
+  }
+
+  if (
+    req.method === "GET"
+    && url.pathname.startsWith("/v1/economics/accounts/")
+    && url.pathname.includes("/multi-operator-participants/")
+    && !url.pathname.endsWith("/rotation-summary")
+    ) {
+    const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
+    const [accountId, participantPath] = remainder.split("/multi-operator-participants/");
+    const participantId = participantPath;
+    const participant = getMultiOperatorParticipant(state, accountId, participantId);
+    if (!participant) {
+      sendJson(res, 404, { ok: false, reason: "multi_operator_participant_not_found" });
+      return;
+    }
+    sendJson(res, 200, { ok: true, participant });
+    return;
+  }
+
+  if (
+    req.method === "GET"
+    && url.pathname.startsWith("/v1/economics/accounts/")
+    && url.pathname.includes("/multi-operator-participants/")
+    && url.pathname.endsWith("/rotation-summary")
+  ) {
+    const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
+    const [accountId, participantPath] = remainder.split("/multi-operator-participants/");
+    const participantId = participantPath.replace(/\/rotation-summary$/, "");
+    const summary = buildMultiOperatorParticipantRotationSummary(state, accountId, participantId);
+    if (!summary) {
+      sendJson(res, 404, { ok: false, reason: "multi_operator_participant_not_found" });
+      return;
+    }
+    sendJson(res, 200, summary);
+    return;
+  }
+
+  if (
+    req.method === "POST"
+    && url.pathname.startsWith("/v1/economics/accounts/")
+    && url.pathname.includes("/multi-operator-participants/")
+    && url.pathname.endsWith("/renew")
+  ) {
+    const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
+    const [accountId, participantPath] = remainder.split("/multi-operator-participants/");
+    const participantId = participantPath.replace(/\/renew$/, "");
+    const body = await readJsonBody(req);
+    const renewed = renewMultiOperatorParticipant(state, accountId, participantId, body);
+    if (!renewed) {
+      sendJson(res, 404, { ok: false, reason: "multi_operator_participant_not_found" });
+      return;
+    }
+    sendJson(res, 200, { ok: true, renewal: renewed });
+    return;
+  }
+
+  if (
+    req.method === "POST"
+    && url.pathname.startsWith("/v1/economics/accounts/")
+    && url.pathname.includes("/multi-operator-participants/")
+    && url.pathname.endsWith("/rotate")
+  ) {
+    const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
+    const [accountId, participantPath] = remainder.split("/multi-operator-participants/");
+    const participantId = participantPath.replace(/\/rotate$/, "");
+    const body = await readJsonBody(req);
+    const rotation = rotateMultiOperatorParticipant(state, accountId, participantId, body);
+    if (!rotation) {
+      sendJson(res, 404, { ok: false, reason: "multi_operator_participant_not_found" });
+      return;
+    }
+    sendJson(res, 200, { ok: true, rotation });
+    return;
+  }
+
+  if (
+    req.method === "POST"
+    && url.pathname.startsWith("/v1/economics/accounts/")
+    && url.pathname.includes("/multi-operator-participants/")
+    && url.pathname.endsWith("/revoke")
+  ) {
+    const remainder = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/");
+    const [accountId, participantPath] = remainder.split("/multi-operator-participants/");
+    const participantId = participantPath.replace(/\/revoke$/, "");
+    const body = await readJsonBody(req);
+    const revoked = revokeMultiOperatorParticipant(state, accountId, participantId, body);
+    if (!revoked) {
+      sendJson(res, 404, { ok: false, reason: "multi_operator_participant_not_found" });
+      return;
+    }
+    sendJson(res, 200, { ok: true, revocation: revoked });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-participation/admission-preview")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-participation\/admission-preview$/, "");
+    const body = await readJsonBody(req);
+    sendJson(res, 200, { ok: true, admission_preview: buildMultiOperatorAdmissionPreview(state, accountId, body) });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participation/admission-preview")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participation\/admission-preview$/, "");
+    const body = await readJsonBody(req);
+    sendJson(res, 200, { ok: true, admission_preview: buildNetworkParticipationAdmissionPreview(state, accountId, body) });
+    return;
+  }
+
+  if (req.method === "POST" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/network-participants")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/network-participants$/, "");
+    const body = await readJsonBody(req);
+    sendJson(res, 200, { ok: true, admission: createNetworkParticipant(state, accountId, body) });
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-review-bundle")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-review-bundle$/, "");
+    sendJson(res, 200, buildMultiOperatorReviewBundle(state, accountId));
+    return;
+  }
+
+  if (req.method === "GET" && url.pathname.startsWith("/v1/economics/accounts/") && url.pathname.endsWith("/multi-operator-attention-summary")) {
+    const accountId = getDecodedSuffixId(url.pathname, "/v1/economics/accounts/").replace(/\/multi-operator-attention-summary$/, "");
+    sendJson(res, 200, buildMultiOperatorAttentionSummary(state, accountId));
+    return;
+  }
+
   if (
     req.method === "GET"
     && url.pathname.startsWith("/v1/economics/accounts/")