feat: implement full OSP x Sardis x better-npm master plan (250 issues)#255
Merged
Conversation
Define the canonical paid provisioning contract as normative baseline for OSP Paid Core, covering payment method selection, proof requirements, idempotency semantics, and escrow correlation. Closes #75 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add normative provider obligations (verification, idempotency, failure handling, timeout, settlement correlation) and agent obligations (nonce freshness, proof scope, settlement correlation, error recovery) to the paid provisioning contract section. Closes #76 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add normative flow diagrams and JSON examples for free, paid non-escrow, escrow-backed, and approval-required provisioning sequences including error examples. Closes #77 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
14 test vectors covering key sorting, nesting, arrays, unicode, nulls, booleans, numeric precision, manifest-shaped objects, payment proofs, case-sensitive ordering, and special character escaping. Closes #93 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Run shared canonical JSON vector pack against both TypeScript and Python SDK implementations to verify cross-language deterministic output. Closes #94 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Run shared canonical JSON vector pack against Go SDK CanonicalJSONFromBytes to verify cross-language deterministic output. Closes #95 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
6 manifest fixtures: valid signed, tampered display_name, tampered price, missing signature, wrong key, and empty offerings. Each declares expected verification outcome for cross-SDK parity testing. Closes #96 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Define required behavior matrix for invalid manifests across all SDKs: tampered fields, missing signatures, wrong keys, malformed encoding. All SDKs must return consistent error categories. Closes #97 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Define what manifest verification proves (integrity, authenticity, non-repudiation) and what it does not prove (trust, freshness, key ownership). Include algorithm details and SDK requirements. Closes #98 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add evaluateEstimate() and buildPaidProvisionRequest() helpers that turn an estimate response into a payment decision and construct the appropriate provision request with proof attachment. Closes #99 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Export PaymentProofEnvelope, serializePaymentProof, parsePaymentProof, isProofExpired, and buildPaidProvisionRequest from the SDK entry point. Agents can now construct proof-bearing provision requests via the public API. Closes #100 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add typed EstimateResponse, EstimateCost, EstimateDecision models with evaluate_estimate() helper. Add PaymentProofEnvelope with serialize/parse/ expiry check. Add build_paid_provision_request() for constructing proof-bearing requests. Add async poll_paid_provision() with configurable polling and typed error classes. Closes #102 Closes #103 Closes #104 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add VaultBundleV1 and VaultBundleV2 types, migrateBundle() for v1→v2 upgrade, VaultStore with rotation tracking and bulk migration. Closes #108 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Document bundle version history, v1→v2 migration defaults, rollback procedure, and SDK behavior requirements for version handling. Closes #110 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add MandateService with idempotent mandate creation, provider/offering scoping, budget checks, policy evaluation, provider allowlist enforcement, per-tx amount limits, and structured error mapping for budget_exceeded, provider_not_allowed, approval_required, and policy_violation failures. Closes #150 Closes #151 Closes #152 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…iation Add EscrowService with idempotent hold creation, timeout/dispute metadata persistence, release with provider acknowledgement, refund on failure/ timeout, dispute with window enforcement, expiry scanning, and settlement status reconciliation. Closes #153 Closes #154 Closes #155 Closes #156 Closes #157 Closes #158 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add DisputeService with receipt creation, evidence tracking, operator resolution workflow, and withdrawal. Add LedgerService with balanced double-entry transactions for holds, releases, refunds, and charges with resource/provider query filters and balance verification. Closes #159 Closes #160 Closes #161 Closes #162 Closes #163 Closes #164 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… and contract tests Add tracing.ts with correlation ID generation and Sardis trace alignment. Add paid provisioning flow examples covering free, paid, escrow, approval, and failure modes. Add contract test suite for input/output schemas, mock provider integration, and backward compatibility. Closes #138 Closes #139 Closes #140 Closes #141 Closes #142 Closes #143 Closes #144 Closes #145 Closes #146 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…tion Add pluggable persistence interfaces (MandateStore, EscrowStore, ChargeStore, LedgerStore) with in-memory implementations. Add provider verification SDK with proof validation, webhook signature checking, and settlement callbacks. Add reconciliation workers for paid-without- resource and unsettled-hold scanning. Closes #165 Closes #166 Closes #167 Closes #168 Closes #169 Closes #170 Closes #171 Closes #172 Closes #173 Closes #174 Closes #175 Closes #176 Closes #177 Closes #178 Closes #179 Closes #180 Closes #181 Closes #182 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…on, fallback, and analytics Add PaymentAwareSearchQuery with capability/escrow/trust filters and sort options. Add TrustMetadata with verification status, conformance level, and provision success rate. Add SignedRegistryRecord for cache validation. Add ProviderReview lifecycle with certification badges. Add CuratedProviderPack for offline fallback. Add RegistryAnalyticsEvent for instrumentation. Document trust metadata model with scoring weights. Closes #111 Closes #112 Closes #113 Closes #114 Closes #115 Closes #116 Closes #117 Closes #118 Closes #119 Closes #120 Closes #121 Closes #122 Closes #123 Closes #124 Closes #125 Closes #126 Closes #127 Closes #128 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add command specs for discover, provision, vault, services list/status, rotate, deprovision, env generation with framework-specific outputs. Cover JSON/human output modes, OSP API call sequences, payment flows, async polling, vault encryption, migration, environment scoping, and safety warnings for destructive actions. Closes #183 Closes #184 Closes #185 Closes #186 Closes #187 Closes #188 Closes #189 Closes #190 Closes #191 Closes #192 Closes #193 Closes #194 Closes #195 Closes #196 Closes #197 Closes #198 Closes #199 Closes #200 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…search specs Add Sardis login/credential storage/session specs. Add paid provisioning with mandate/escrow flow. Add multi-environment scoping with clone. Add preview environment workflow with TTL teardown. Add GitHub Actions (setup, provision, teardown) with full PR preview workflow. Add registry-unified search combining npm and OSP results. Closes #201 Closes #202 Closes #203 Closes #204 Closes #205 Closes #206 Closes #207 Closes #208 Closes #209 Closes #210 Closes #211 Closes #212 Closes #213 Closes #214 Closes #215 Closes #216 Closes #217 Closes #218 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…nciliation, and runbooks Add organization-level provider allowlists/denylists and spend caps. Add approval workflow engine with threshold rules and callback interface. Add end-to-end observability with instrumented paths and correlation IDs. Define SLOs for all provisioning paths. Add reconciliation and drift detection specs. Add incident runbooks for provider, payment, and registry outages. Add chaos testing scenarios. Closes #219 Closes #220 Closes #221 Closes #222 Closes #223 Closes #224 Closes #225 Closes #226 Closes #227 Closes #228 Closes #229 Closes #230 Closes #231 Closes #232 Closes #233 Closes #234 Closes #235 Closes #236 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…demos, and dashboards Add paid provisioning narrative and category positioning. Add one-hour provider onboarding quickstart with paid-core certification path. Add MCP, CLI, and CI golden paths. Add design partner program with scoring rubric and success metrics. Add demo scripts for free, paid, and preview flows. Add adoption dashboards and monthly review templates. Closes #237 Closes #238 Closes #239 Closes #240 Closes #241 Closes #242 Closes #243 Closes #244 Closes #245 Closes #246 Closes #247 Closes #248 Closes #249 Closes #250 Closes #251 Closes #252 Closes #253 Closes #254 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Programs Delivered
Test plan
spec/osp-v1.0.mdare consistent with existing sectionsconformance-tests/fixtures/🤖 Generated with Claude Code