xytara 2.3.0 → 2.5.0

package/lib/account_auth.js

@@ -44,6 +44,84 @@ function buildCredentialPublicView(credential, includeToken = false) {
   return view;
 }
 
+function buildAuthorityBindingPublicView(binding, credential, includeToken = false) {
+  if (!binding) return null;
+  const view = {
+    binding_id: binding.binding_id,
+    account_id: binding.account_id,
+    status: binding.status,
+    authority_kind: binding.authority_kind,
+    spend_posture: binding.spend_posture,
+    scope: binding.scope,
+    authority_scope: ensureArray(binding.authority_scope),
+    allowed_consequence_families: ensureArray(binding.allowed_consequence_families),
+    consequence_bounds: binding.consequence_bounds || {
+      max_commit_units: null,
+      max_reserve_units: null,
+      max_reversal_units: null
+    },
+    agent_id: binding.agent_id,
+    budget_id: binding.budget_id,
+    pack_id: binding.pack_id || null,
+    entitlement_id: binding.entitlement_id || null,
+    credential_id: binding.credential_id || null,
+    issued_by: binding.issued_by || null,
+    labels: ensureArray(binding.labels),
+    expires_at_iso: binding.expires_at_iso || null,
+    rotated_from_binding_id: binding.rotated_from_binding_id || null,
+    replaced_by_binding_id: binding.replaced_by_binding_id || null,
+    created_at_iso: binding.created_at_iso,
+    updated_at_iso: binding.updated_at_iso,
+    revoked_at_iso: binding.revoked_at_iso || null,
+    revoke_reason: binding.revoke_reason || null,
+    spend_credential: buildCredentialPublicView(credential, includeToken)
+  };
+  return view;
+}
+
+function buildAuthorityBindingContractSummary(binding, credential) {
+  if (!binding) return null;
+  const publicView = buildAuthorityBindingPublicView(binding, credential, false);
+  return {
+    summary_version: "xytara-authority-binding-contract-summary-v1",
+    binding_id: binding.binding_id,
+    account_id: binding.account_id,
+    authority_kind: binding.authority_kind,
+    spend_posture: binding.spend_posture,
+    authority_scope: ensureArray(binding.authority_scope),
+    allowed_consequence_families: ensureArray(binding.allowed_consequence_families),
+    consequence_bounds: publicView.consequence_bounds,
+    linked_credential_id: binding.credential_id || null,
+    contract_state: binding.status === "active" ? "active_contract" : "inactive_contract",
+    linked_surfaces: {
+      binding_ref: `/v1/account-auth/authority-bindings/${encodeURIComponent(binding.binding_id)}`,
+      spend_credential_ref: binding.credential_id ? `/v1/account-auth/spend-credentials/${encodeURIComponent(binding.credential_id)}` : null
+    }
+  };
+}
+
+function buildAuthorityBindingRotationSummary(binding, credential) {
+  if (!binding) return null;
+  const active = binding.status === "active";
+  return {
+    summary_version: "xytara-authority-binding-rotation-summary-v1",
+    binding_id: binding.binding_id,
+    account_id: binding.account_id,
+    status: binding.status,
+    renewable_state: active ? "renewable" : "inactive",
+    rotatable_state: active ? "rotatable" : "inactive",
+    expires_at_iso: binding.expires_at_iso || null,
+    rotated_from_binding_id: binding.rotated_from_binding_id || null,
+    replaced_by_binding_id: binding.replaced_by_binding_id || null,
+    linked_credential_id: binding.credential_id || null,
+    linked_surfaces: {
+      binding_ref: `/v1/account-auth/authority-bindings/${encodeURIComponent(binding.binding_id)}`,
+      contract_summary_ref: `/v1/account-auth/authority-bindings/${encodeURIComponent(binding.binding_id)}/contract-summary`,
+      spend_credential_ref: binding.credential_id ? `/v1/account-auth/spend-credentials/${encodeURIComponent(binding.credential_id)}` : null
+    }
+  };
+}
+
 function isCredentialExpired(credential) {
   if (!credential || !credential.expires_at_iso) return false;
   const expiresAt = Date.parse(credential.expires_at_iso);
@@ -84,6 +162,57 @@ function createSpendCredential(state, body) {
   return buildCredentialPublicView(credential, true);
 }
 
+function createAuthorityBinding(state, body) {
+  const payload = ensureObject(body);
+  const bindingId = normalizeString(payload.binding_id, `authority_binding_${state.accountAuthorityBindings.size + 1}`);
+  const credential = createSpendCredential(state, {
+    credential_id: normalizeString(payload.credential_id, `spend_for_${bindingId}`),
+    bearer_token: normalizeString(payload.bearer_token, null),
+    account_id: normalizeString(payload.account_id, "acct_demo"),
+    agent_id: normalizeString(payload.agent_id, null),
+    budget_id: normalizeString(payload.budget_id, null),
+    pack_id: normalizeString(payload.pack_id, null),
+    entitlement_id: normalizeString(payload.entitlement_id, null),
+    scope: normalizeString(payload.scope, "runtime_spend"),
+    labels: ensureArray(payload.labels),
+    status: normalizeString(payload.status, "active"),
+    issued_by: normalizeString(payload.issued_by, "operator"),
+    expires_at_iso: normalizeString(payload.expires_at_iso, null)
+  });
+  const createdAtIso = nowIso();
+  const binding = {
+    binding_id: bindingId,
+    account_id: credential.account_id,
+    credential_id: credential.credential_id,
+    authority_kind: normalizeString(payload.authority_kind, "delegated_runtime_spend"),
+    spend_posture: credential.spend_posture,
+    scope: credential.scope,
+    authority_scope: ensureArray(payload.authority_scope).map((value) => String(value || "").trim()).filter(Boolean),
+    allowed_consequence_families: ensureArray(payload.allowed_consequence_families).map((value) => String(value || "").trim()).filter(Boolean),
+    consequence_bounds: {
+      max_commit_units: Number.isFinite(Number(payload.max_commit_units)) ? Number(payload.max_commit_units) : null,
+      max_reserve_units: Number.isFinite(Number(payload.max_reserve_units)) ? Number(payload.max_reserve_units) : null,
+      max_reversal_units: Number.isFinite(Number(payload.max_reversal_units)) ? Number(payload.max_reversal_units) : null
+    },
+    agent_id: credential.agent_id,
+    budget_id: credential.budget_id,
+    pack_id: credential.pack_id || null,
+    entitlement_id: credential.entitlement_id || null,
+    status: normalizeString(payload.status, "active"),
+    issued_by: normalizeString(payload.issued_by, "operator"),
+    labels: ensureArray(payload.labels),
+    expires_at_iso: credential.expires_at_iso,
+    rotated_from_binding_id: normalizeString(payload.rotated_from_binding_id, null),
+    replaced_by_binding_id: normalizeString(payload.replaced_by_binding_id, null),
+    created_at_iso: createdAtIso,
+    updated_at_iso: createdAtIso,
+    revoked_at_iso: null,
+    revoke_reason: null
+  };
+  state.accountAuthorityBindings.set(bindingId, binding);
+  return buildAuthorityBindingPublicView(binding, state.accountSpendCredentials.get(credential.credential_id), true);
+}
+
 function listSpendCredentials(state, filters) {
   const payload = ensureObject(filters);
   const accountId = normalizeString(payload.account_id, null);
@@ -102,6 +231,116 @@ function getSpendCredential(state, credentialId) {
   return buildCredentialPublicView(state.accountSpendCredentials.get(credentialId), false);
 }
 
+function listAuthorityBindings(state, filters) {
+  const payload = ensureObject(filters);
+  const accountId = normalizeString(payload.account_id, null);
+  const status = normalizeString(payload.status, null);
+  return Array.from(state.accountAuthorityBindings.values())
+    .filter((binding) => {
+      if (accountId && binding.account_id !== accountId) return false;
+      if (status && binding.status !== status) return false;
+      return true;
+    })
+    .map((binding) => buildAuthorityBindingPublicView(binding, state.accountSpendCredentials.get(binding.credential_id), false));
+}
+
+function getAuthorityBinding(state, bindingId) {
+  if (!bindingId || !state.accountAuthorityBindings.has(bindingId)) return null;
+  const binding = state.accountAuthorityBindings.get(bindingId);
+  return buildAuthorityBindingPublicView(binding, state.accountSpendCredentials.get(binding.credential_id), false);
+}
+
+function getAuthorityBindingContractSummary(state, bindingId) {
+  if (!bindingId || !state.accountAuthorityBindings.has(bindingId)) return null;
+  const binding = state.accountAuthorityBindings.get(bindingId);
+  return buildAuthorityBindingContractSummary(binding, state.accountSpendCredentials.get(binding.credential_id));
+}
+
+function getAuthorityBindingRotationSummary(state, bindingId) {
+  if (!bindingId || !state.accountAuthorityBindings.has(bindingId)) return null;
+  const binding = state.accountAuthorityBindings.get(bindingId);
+  return buildAuthorityBindingRotationSummary(binding, state.accountSpendCredentials.get(binding.credential_id));
+}
+
+function evaluateAuthorityBindingAction(binding, action, units) {
+  const target = binding && typeof binding === "object" ? binding : null;
+  const numericUnits = Number.isFinite(Number(units)) ? Number(units) : 0;
+  const allowedScopes = target ? ensureArray(target.authority_scope) : [];
+  const allowedFamilies = target ? ensureArray(target.allowed_consequence_families) : [];
+  const bounds = target && target.consequence_bounds ? target.consequence_bounds : {};
+
+  if (!target) {
+    return { ok: true };
+  }
+  if (target.status !== "active") {
+    return { ok: false, reason: "authority_binding_inactive", binding_id: target.binding_id };
+  }
+
+  const scopeMap = {
+    delegated_credit_spend: "runtime.execute",
+    reserve: "economics.reserve",
+    release: "economics.release",
+    reverse: "economics.reverse"
+  };
+  const familyMap = {
+    delegated_credit_spend: "commit",
+    reserve: "reserve",
+    release: "release",
+    reverse: "reverse"
+  };
+  const boundKeyMap = {
+    delegated_credit_spend: "max_commit_units",
+    reserve: "max_reserve_units",
+    reverse: "max_reversal_units"
+  };
+
+  const requiredScope = scopeMap[action] || null;
+  if (requiredScope && allowedScopes.length > 0 && !allowedScopes.includes(requiredScope)) {
+    return {
+      ok: false,
+      reason: "authority_scope_not_allowed",
+      binding_id: target.binding_id,
+      required_scope: requiredScope,
+      authority_scope: allowedScopes
+    };
+  }
+
+  const requiredFamily = familyMap[action] || null;
+  if (requiredFamily && allowedFamilies.length > 0 && !allowedFamilies.includes(requiredFamily)) {
+    return {
+      ok: false,
+      reason: "authority_consequence_family_not_allowed",
+      binding_id: target.binding_id,
+      required_consequence_family: requiredFamily,
+      allowed_consequence_families: allowedFamilies
+    };
+  }
+
+  const boundKey = boundKeyMap[action] || null;
+  if (boundKey && Number.isFinite(Number(bounds[boundKey])) && numericUnits > Number(bounds[boundKey])) {
+    return {
+      ok: false,
+      reason: "authority_consequence_bound_exceeded",
+      binding_id: target.binding_id,
+      bound_key: boundKey,
+      max_units: Number(bounds[boundKey]),
+      attempted_units: numericUnits
+    };
+  }
+
+  return {
+    ok: true,
+    binding_id: target.binding_id,
+    authority_scope: allowedScopes,
+    allowed_consequence_families: allowedFamilies,
+    consequence_bounds: {
+      max_commit_units: Number.isFinite(Number(bounds.max_commit_units)) ? Number(bounds.max_commit_units) : null,
+      max_reserve_units: Number.isFinite(Number(bounds.max_reserve_units)) ? Number(bounds.max_reserve_units) : null,
+      max_reversal_units: Number.isFinite(Number(bounds.max_reversal_units)) ? Number(bounds.max_reversal_units) : null
+    }
+  };
+}
+
 function revokeSpendCredential(state, credentialId, body) {
   if (!credentialId || !state.accountSpendCredentials.has(credentialId)) return null;
   const payload = ensureObject(body);
@@ -117,6 +356,94 @@ function revokeSpendCredential(state, credentialId, body) {
   return buildCredentialPublicView(next, false);
 }
 
+function revokeAuthorityBinding(state, bindingId, body) {
+  if (!bindingId || !state.accountAuthorityBindings.has(bindingId)) return null;
+  const payload = ensureObject(body);
+  const current = state.accountAuthorityBindings.get(bindingId);
+  const next = {
+    ...current,
+    status: "revoked",
+    revoked_at_iso: nowIso(),
+    revoke_reason: normalizeString(payload.reason, "operator_revoked"),
+    updated_at_iso: nowIso()
+  };
+  state.accountAuthorityBindings.set(bindingId, next);
+  if (current.credential_id) {
+    revokeSpendCredential(state, current.credential_id, payload);
+  }
+  return buildAuthorityBindingPublicView(next, current.credential_id ? state.accountSpendCredentials.get(current.credential_id) : null, false);
+}
+
+function renewAuthorityBinding(state, bindingId, body) {
+  if (!bindingId || !state.accountAuthorityBindings.has(bindingId)) return null;
+  const payload = ensureObject(body);
+  const current = state.accountAuthorityBindings.get(bindingId);
+  const nextExpiresAtIso = normalizeString(payload.expires_at_iso, current.expires_at_iso || null);
+  const updatedAtIso = nowIso();
+  const next = {
+    ...current,
+    expires_at_iso: nextExpiresAtIso,
+    updated_at_iso: updatedAtIso
+  };
+  state.accountAuthorityBindings.set(bindingId, next);
+  if (current.credential_id && state.accountSpendCredentials.has(current.credential_id)) {
+    const credential = state.accountSpendCredentials.get(current.credential_id);
+    state.accountSpendCredentials.set(current.credential_id, {
+      ...credential,
+      expires_at_iso: nextExpiresAtIso,
+      updated_at_iso: updatedAtIso
+    });
+  }
+  return buildAuthorityBindingPublicView(next, current.credential_id ? state.accountSpendCredentials.get(current.credential_id) : null, false);
+}
+
+function rotateAuthorityBinding(state, bindingId, body) {
+  if (!bindingId || !state.accountAuthorityBindings.has(bindingId)) return null;
+  const payload = ensureObject(body);
+  const current = state.accountAuthorityBindings.get(bindingId);
+  const currentCredential = current.credential_id ? state.accountSpendCredentials.get(current.credential_id) : null;
+  const successorBindingId = normalizeString(payload.successor_binding_id, `${bindingId}_rotated`);
+  const successorCredentialId = normalizeString(payload.successor_credential_id, current.credential_id ? `${current.credential_id}_rotated` : `spend_for_${successorBindingId}`);
+  const successor = createAuthorityBinding(state, {
+    binding_id: successorBindingId,
+    credential_id: successorCredentialId,
+    bearer_token: normalizeString(payload.bearer_token, null),
+    account_id: current.account_id,
+    agent_id: normalizeString(payload.agent_id, current.agent_id),
+    budget_id: normalizeString(payload.budget_id, current.budget_id),
+    pack_id: normalizeString(payload.pack_id, current.pack_id),
+    entitlement_id: normalizeString(payload.entitlement_id, current.entitlement_id),
+    scope: normalizeString(payload.scope, current.scope),
+    authority_kind: normalizeString(payload.authority_kind, current.authority_kind),
+    authority_scope: ensureArray(payload.authority_scope).length > 0 ? ensureArray(payload.authority_scope) : ensureArray(current.authority_scope),
+    allowed_consequence_families: ensureArray(payload.allowed_consequence_families).length > 0 ? ensureArray(payload.allowed_consequence_families) : ensureArray(current.allowed_consequence_families),
+    max_commit_units: Number.isFinite(Number(payload.max_commit_units)) ? Number(payload.max_commit_units) : current.consequence_bounds.max_commit_units,
+    max_reserve_units: Number.isFinite(Number(payload.max_reserve_units)) ? Number(payload.max_reserve_units) : current.consequence_bounds.max_reserve_units,
+    max_reversal_units: Number.isFinite(Number(payload.max_reversal_units)) ? Number(payload.max_reversal_units) : current.consequence_bounds.max_reversal_units,
+    labels: ensureArray(payload.labels).length > 0 ? ensureArray(payload.labels) : ensureArray(current.labels),
+    issued_by: normalizeString(payload.issued_by, current.issued_by || "operator"),
+    expires_at_iso: normalizeString(payload.expires_at_iso, current.expires_at_iso || (currentCredential ? currentCredential.expires_at_iso : null)),
+    rotated_from_binding_id: current.binding_id
+  });
+  const revoked = revokeAuthorityBinding(state, bindingId, {
+    reason: normalizeString(payload.reason, "rotated_to_successor")
+  });
+  const successorRecord = state.accountAuthorityBindings.get(successor.binding_id);
+  state.accountAuthorityBindings.set(successor.binding_id, {
+    ...successorRecord,
+    rotated_from_binding_id: current.binding_id
+  });
+  state.accountAuthorityBindings.set(bindingId, {
+    ...state.accountAuthorityBindings.get(bindingId),
+    replaced_by_binding_id: successor.binding_id
+  });
+  return {
+    rotated_binding: buildAuthorityBindingPublicView(state.accountAuthorityBindings.get(bindingId), current.credential_id ? state.accountSpendCredentials.get(current.credential_id) : null, false),
+    successor_authority_binding: buildAuthorityBindingPublicView(state.accountAuthorityBindings.get(successor.binding_id), state.accountSpendCredentials.get(successor.credential_id), true),
+    previous_view: revoked
+  };
+}
+
 function resolveSpendCredential(state, bearerToken) {
   const token = normalizeString(bearerToken, null);
   if (!token) {
@@ -147,26 +474,45 @@ function resolveSpendCredential(state, bearerToken) {
       credential: buildCredentialPublicView(credential, false)
     };
   }
+  const binding = Array.from(state.accountAuthorityBindings.values()).find((entry) => entry && entry.credential_id === credentialId && entry.status === "active") || null;
   return {
     ok: true,
     credential,
+    binding,
     authorization_context: {
       verification_mode: "delegated_spend_credential",
       wallet_id: credential.credential_id,
       payment_payload: {
+        binding_id: binding ? binding.binding_id : null,
         credential_id: credential.credential_id,
         spend_posture: credential.spend_posture,
         pack_id: credential.pack_id || null,
-        entitlement_id: credential.entitlement_id || null
+        entitlement_id: credential.entitlement_id || null,
+        authority_scope: binding ? ensureArray(binding.authority_scope) : [],
+        allowed_consequence_families: binding ? ensureArray(binding.allowed_consequence_families) : [],
+        consequence_bounds: binding && binding.consequence_bounds ? binding.consequence_bounds : {
+          max_commit_units: null,
+          max_reserve_units: null,
+          max_reversal_units: null
+        }
       }
     }
   };
 }
 
 module.exports = {
+  createAuthorityBinding,
   createSpendCredential,
+  evaluateAuthorityBindingAction,
+  getAuthorityBinding,
+  getAuthorityBindingContractSummary,
+  getAuthorityBindingRotationSummary,
   getSpendCredential,
+  listAuthorityBindings,
   listSpendCredentials,
+  renewAuthorityBinding,
   resolveSpendCredential,
+  rotateAuthorityBinding,
+  revokeAuthorityBinding,
   revokeSpendCredential
 };

package/lib/artifact_distribution_lane_contract.js

@@ -0,0 +1,54 @@
+"use strict";
+
+function buildArtifactDistributionLanePack() {
+  return {
+    product: "xytara",
+    category: "machine-commerce-artifact-distribution-lane-pack",
+    pack_version: "xytara-artifact-distribution-lane-pack-v1",
+    lane_state: "first_party_artifact_distribution_lane_present",
+    posture: "oci_style_distribution_and_export_lane",
+    standards: ["oci_artifacts", "oras_style_distribution"],
+    artifact_families: ["adapter_packs", "submission_bundles", "registry_snapshots", "release_artifacts"],
+    supported_surfaces: {
+      integrations_ref: "/v1/integrations",
+      integration_snapshot_ref: "/v1/integrations/review/registry-snapshot",
+      adapter_pack_ref: "/v1/adapter-pack",
+      release_center_ref: "/v1/release-center",
+      release_pack_ref: "/v1/release-pack"
+    },
+    first_run_flows: [
+      {
+        flow_ref: "artifact_distribution_alignment",
+        recommended_reason: "best path for teams that want portable adapter, registry, and release artifacts instead of ad hoc zip-and-doc distribution",
+        sequence: [
+          "inspect_artifact_distribution_lane_summary",
+          "inspect_adapter_and_registry_export_surfaces",
+          "treat_release_and_submission bundles as distribution-ready artifacts",
+          "publish_or_transfer_artifacts through standard registries later without changing canonical shapes"
+        ]
+      }
+    ],
+    guardrails: [
+      "artifact portability should preserve canonical bundle shapes instead of inventing a second artifact model",
+      "distribution posture should remain subordinate to runtime, proof, and integration truth"
+    ]
+  };
+}
+
+function summarizeArtifactDistributionLanePack() {
+  const pack = buildArtifactDistributionLanePack();
+  return {
+    product: "xytara",
+    category: "machine-commerce-artifact-distribution-lane-pack-summary",
+    summary_version: "xytara-artifact-distribution-lane-pack-summary-v1",
+    lane_state: pack.lane_state,
+    standard_count: pack.standards.length,
+    artifact_family_count: pack.artifact_families.length,
+    linked_surfaces: pack.supported_surfaces
+  };
+}
+
+module.exports = {
+  buildArtifactDistributionLanePack,
+  summarizeArtifactDistributionLanePack
+};

package/lib/asyncapi_contract.js

@@ -0,0 +1,150 @@
+"use strict";
+
+const pkg = require("../package.json");
+
+function buildAsyncApiDocument() {
+  return {
+    asyncapi: "3.0.0",
+    info: {
+      title: "xytara Event Contract",
+      version: pkg.version,
+      summary: "Machine-commerce runtime event and handoff contract.",
+      description: "This AsyncAPI document describes the stable runtime event and handoff surfaces that outside builders and partners should rely on first."
+    },
+    servers: {
+      httpRuntime: {
+        host: "127.0.0.1:4320",
+        protocol: "http",
+        description: "Local xytara HTTP event and handoff entrypoint"
+      }
+    },
+    channels: {
+      "runtime/events/emit": {
+        address: "/v1/runtime/emit",
+        messages: {
+          runtimeEmitRequest: {
+            name: "runtimeEmitRequest",
+            title: "Runtime emit request",
+            summary: "Append a runtime event record."
+          }
+        }
+      },
+      "runtime/events/anchor": {
+        address: "/v1/runtime/anchor",
+        messages: {
+          runtimeAnchorRequest: {
+            name: "runtimeAnchorRequest",
+            title: "Runtime anchor request",
+            summary: "Anchor a runtime event into registry/anchor posture."
+          }
+        }
+      },
+      "runtime/events/emit-anchor": {
+        address: "/v1/runtime/emit-anchor",
+        messages: {
+          runtimeEmitAnchorRequest: {
+            name: "runtimeEmitAnchorRequest",
+            title: "Runtime emit-anchor request",
+            summary: "Emit and anchor a runtime event in one call."
+          }
+        }
+      },
+      "handoffs/trust/emit": {
+        address: "/v1/trust/handoffs/emit",
+        messages: {
+          trustHandoffEmitRequest: {
+            name: "trustHandoffEmitRequest",
+            title: "Trust handoff emit request",
+            summary: "Emit a trust-compatible handoff bundle."
+          }
+        }
+      },
+      "handoffs/execution-receipts/emit": {
+        address: "/v1/execution-receipts/handoffs/emit",
+        messages: {
+          executionReceiptHandoffEmitRequest: {
+            name: "executionReceiptHandoffEmitRequest",
+            title: "Execution receipt handoff emit request",
+            summary: "Emit an execution receipt handoff bundle."
+          }
+        }
+      },
+      "handoffs/receipt-ledger/emit": {
+        address: "/v1/receipt-ledger/handoffs/emit",
+        messages: {
+          receiptLedgerHandoffEmitRequest: {
+            name: "receiptLedgerHandoffEmitRequest",
+            title: "Receipt ledger handoff emit request",
+            summary: "Emit a receipt-ledger handoff bundle."
+          }
+        }
+      }
+    },
+    operations: {
+      publishRuntimeEvent: {
+        action: "send",
+        channel: { $ref: "#/channels/runtime/events/emit" },
+        summary: "Publish runtime event data through the stable emit surface."
+      },
+      publishRuntimeAnchor: {
+        action: "send",
+        channel: { $ref: "#/channels/runtime/events/anchor" },
+        summary: "Publish anchoring data through the stable anchor surface."
+      },
+      publishRuntimeEmitAnchor: {
+        action: "send",
+        channel: { $ref: "#/channels/runtime/events/emit-anchor" },
+        summary: "Publish combined emit-anchor data through the stable combined surface."
+      },
+      publishTrustHandoff: {
+        action: "send",
+        channel: { $ref: "#/channels/handoffs/trust/emit" },
+        summary: "Publish trust handoff data for proof followthrough."
+      },
+      publishExecutionReceiptHandoff: {
+        action: "send",
+        channel: { $ref: "#/channels/handoffs/execution-receipts/emit" },
+        summary: "Publish execution receipt handoff data."
+      },
+      publishReceiptLedgerHandoff: {
+        action: "send",
+        channel: { $ref: "#/channels/handoffs/receipt-ledger/emit" },
+        summary: "Publish receipt-ledger handoff data."
+      }
+    },
+    "x-naxytra-contract": {
+      product: "xytara",
+      stability: "stable_public_event_layer",
+      channel_count: 6,
+      linked_docs: [
+        "SERVICE_CONTRACT.md",
+        "FINAL_CONTRACT.md",
+        "START_HERE.md"
+      ]
+    }
+  };
+}
+
+function summarizeAsyncApiDocument() {
+  const document = buildAsyncApiDocument();
+  return {
+    product: "xytara",
+    category: "machine-commerce-asyncapi-contract-summary",
+    summary_version: "xytara-asyncapi-contract-summary-v1",
+    asyncapi_version: document.asyncapi,
+    info_version: document.info.version,
+    channel_count: Object.keys(document.channels).length,
+    operation_count: Object.keys(document.operations).length,
+    primary_event_lanes: ["runtime", "handoff"],
+    linked_surfaces: {
+      asyncapi_ref: "/asyncapi.json",
+      service_contract_ref: "SERVICE_CONTRACT.md",
+      openapi_ref: "/openapi.json"
+    }
+  };
+}
+
+module.exports = {
+  buildAsyncApiDocument,
+  summarizeAsyncApiDocument
+};

package/lib/auth_interop_contract.js

@@ -0,0 +1,80 @@
+"use strict";
+
+const pkg = require("../package.json");
+
+function buildAuthInteropContract() {
+  return {
+    product: "xytara",
+    category: "machine-commerce-auth-interop-contract",
+    contract_version: "xytara-auth-interop-contract-v1",
+    service_version: pkg.version,
+    primary_posture: "native_authority_with_oauth_oidc_token_exchange_interop",
+    supported_interop_profiles: [
+      {
+        profile_id: "oauth_client_credentials_runtime",
+        standards: ["oauth_2_0", "oidc_optional"],
+        intended_use: "machine-to-machine runtime invocation",
+        primary_routes: ["/v1/commands/execute", "/v1/mcp/tools/invoke"]
+      },
+      {
+        profile_id: "bounded_delegation_token_exchange",
+        standards: ["oauth_2_0_token_exchange", "jwt_bearer_optional"],
+        intended_use: "map upstream bearer posture into bounded delegated authority",
+        primary_routes: [
+          "/v1/account-auth/spend-credentials",
+          "/v1/account-auth/authority-bindings",
+          "/v1/commands/execute"
+        ]
+      },
+      {
+        profile_id: "mcp_a2a_a2c_interop_auth",
+        standards: ["oauth_2_0", "oidc", "token_exchange_optional"],
+        intended_use: "protocol-lane authentication for MCP, A2A, and A2C usage",
+        primary_routes: ["/v1/mcp/tools/invoke", "/x402/mcp/tools/invoke", "/v1/commands/execute"]
+      },
+      {
+        profile_id: "x402_payment_plus_bounded_auth",
+        standards: ["oauth_2_0_optional", "x402"],
+        intended_use: "combine payment challenge posture with bounded authenticated execution",
+        primary_routes: ["/x402/mcp/tools/invoke", "/x402/commands/execute"]
+      }
+    ],
+    native_authority_mapping: {
+      authority_bindings: "/v1/account-auth/authority-bindings",
+      spend_credentials: "/v1/account-auth/spend-credentials",
+      execution_entry: "/v1/commands/execute",
+      mcp_entry: "/v1/mcp/tools/invoke"
+    },
+    guardrails: [
+      "native authority bindings remain canonical for bounded execution",
+      "oauth or oidc interop must not replace native consequence bounds",
+      "token exchange may map into delegation but must not bypass authority contracts",
+      "payment verification and auth posture remain separate concerns even when combined in one flow"
+    ],
+    linked_surfaces: {
+      openapi_ref: "/openapi.json",
+      asyncapi_ref: "/asyncapi.json",
+      cloudevents_ref: "/cloudevents.json",
+      service_contract_ref: "SERVICE_CONTRACT.md"
+    }
+  };
+}
+
+function summarizeAuthInteropContract() {
+  const contract = buildAuthInteropContract();
+  return {
+    product: "xytara",
+    category: "machine-commerce-auth-interop-contract-summary",
+    summary_version: "xytara-auth-interop-contract-summary-v1",
+    contract_version: contract.contract_version,
+    profile_count: contract.supported_interop_profiles.length,
+    primary_posture: contract.primary_posture,
+    primary_protocol_lanes: ["mcp", "a2a", "a2c", "x402"],
+    linked_surfaces: contract.linked_surfaces
+  };
+}
+
+module.exports = {
+  buildAuthInteropContract,
+  summarizeAuthInteropContract
+};