feat(PR31): remove SPA and SettlementIntent — chain ends at SBA (#49)

* feat(PR30): add budgetMinor, budgetEscrowRef, authorizedGateway, offlineMaxSinglePayment to PolicyGrantLike

XRPL-escrow budget enforcement requires these PA-signed fields in the PolicyGrant
so the Trust Gateway can enforce ceilings from a tamper-proof source rather than
trusting agent-reported values.

- PolicyGrantLike: budgetMinor, budgetCurrency, budgetEscrowRef, authorizedGateway,
  offlineMaxSinglePayment, offlineMaxSinglePaymentCurrency
- policyGrantForVerificationSchema: Zod validators for all six fields (numeric strings
  validated via regex)
- createPolicyGrant / CreatePolicyGrantInput: factory and input type updated

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: review corrections — JSDoc consistency and rail-agnostic wording

- types.ts: authorizedGateway — remove XRPL-specific "address" wording, use rail-agnostic description
- types.ts: offlineMaxSinglePayment — "(drops)" → "minor units" (rail-agnostic)
- types.ts: budgetEscrowRef example — add lockId to eth example for consistency with spec
- createPolicyGrant.ts: add missing JSDoc for authorizedGateway, offlineMaxSinglePayment,
  offlineMaxSinglePaymentCurrency (other new fields had docs, these three did not)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(PR31): remove SPA and SettlementIntent — Trust Gateway is mandatory, chain ends at SBA

The Trust Gateway is now a mandatory actor that submits XRPL payments directly.
A separate SignedPaymentAuthorization (SPA) artifact is no longer needed.
The authorization chain is simplified: PolicyGrant → SBA → [gateway verifies + submits XRPL tx] → receipt.

Deleted: src/protocol/spa.ts, src/protocol/schema/paymentAuthorization.ts,
src/protocol/schema/settlementIntent.ts, src/hash/computeSettlementIntentHash.ts,
src/sdk/createSettlementIntent.ts, src/verifier/verifyPaymentAuthorization.ts,
src/verifier/verifyDisputedSettlement.ts, src/verifier/verifySettlementIntent.ts.

Updated: verifyPipeline, verifySettlement family, SettlementVerificationContext,
VerificationReport (removed hashBindingChecked), CLI bundle/verify/formatReport,
sdk/index, hash/index, protocol/schema/index, service/index, and all tests.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: NAOR YUVAL <naoryuval@NAORs-MacBook-Air.local>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: 3 people

src/cli/bundle.ts

@@ -1,30 +1,23 @@
 import type {
   PaymentPolicyDecision,
-  SettlementResult,
 } from "../policy-core/types.js";
 import type { SignedSessionBudgetAuthorization } from "../protocol/sba.js";
-import type { SignedPaymentAuthorization } from "../protocol/spa.js";
 import type { PolicyGrantLike } from "../verifier/types.js";
 import type { SettlementVerificationContext } from "../verifier/types.js";
 
 /**
  * JSON artifact bundle format for CLI verification.
  * Alternative to full SettlementVerificationContext — artifacts keyed by type.
  *
- * Optional sbaPublicKeyPem and spaPublicKeyPem make the bundle self-contained:
- * verification can run without env vars when these are present.
+ * Optional sbaPublicKeyPem makes the bundle self-contained:
+ * verification can run without env vars when this is present.
  */
 export interface SettlementBundle {
-  settlement: SettlementResult;
-  settlementIntent?: unknown;
-  spa: SignedPaymentAuthorization;
   sba: SignedSessionBudgetAuthorization;
   policyGrant: PolicyGrantLike;
   paymentPolicyDecision?: PaymentPolicyDecision;
   /** PEM of SBA signing public key. When present, enables verify without MPCP_SBA_SIGNING_PUBLIC_KEY_PEM env. */
   sbaPublicKeyPem?: string;
-  /** PEM of SPA signing public key. When present, enables verify without MPCP_SPA_SIGNING_PUBLIC_KEY_PEM env. */
-  spaPublicKeyPem?: string;
 }
 
 function isBundleLike(obj: unknown): obj is Record<string, unknown> {
@@ -37,59 +30,31 @@ function isBundleLike(obj: unknown): obj is Record<string, unknown> {
 export function isSettlementBundle(obj: unknown): obj is SettlementBundle {
   if (!isBundleLike(obj)) return false;
   return (
-    "settlement" in obj &&
-    "spa" in obj &&
     "sba" in obj &&
     "policyGrant" in obj &&
-    !("signedBudgetAuthorization" in obj) &&
-    !("signedPaymentAuthorization" in obj)
+    !("signedBudgetAuthorization" in obj)
   );
 }
 
-/**
- * Build a minimal PaymentPolicyDecision from SPA authorization.
- * Used when bundle omits paymentPolicyDecision.
- */
-function decisionFromSpa(spa: SignedPaymentAuthorization): PaymentPolicyDecision & { _synthesized: true } {
-  const a = spa.authorization;
-  const quote = {
-    quoteId: a.quoteId,
-    rail: a.rail,
-    amount: { amount: a.amount, decimals: 6 },
-    destination: a.destination ?? "",
-    expiresAt: a.expiresAt,
-    asset: a.asset,
-  };
-  return {
-    decisionId: a.decisionId,
-    policyHash: a.policyHash,
-    action: "ALLOW",
-    reasons: ["OK"],
-    expiresAtISO: a.expiresAt,
-    rail: a.rail,
-    asset: a.asset,
-    chosen: { rail: a.rail, quoteId: a.quoteId },
-    settlementQuotes: [quote],
-    _synthesized: true,
-  };
-}
-
 /**
  * Convert a settlement bundle to SettlementVerificationContext.
  */
 export function bundleToContext(bundle: SettlementBundle): SettlementVerificationContext {
-  const decision =
-    bundle.paymentPolicyDecision ?? decisionFromSpa(bundle.spa);
   if (!bundle.paymentPolicyDecision) {
-    console.warn("[mpcp] Warning: paymentPolicyDecision absent — synthesized from SPA. Policy evaluation not verified.");
+    console.warn("[mpcp] Warning: paymentPolicyDecision absent — budget policy evaluation not verified.");
   }
+  const decision = bundle.paymentPolicyDecision ?? ({
+    decisionId: "unknown",
+    policyHash: bundle.sba.authorization.policyHash,
+    action: "ALLOW",
+    reasons: ["synthesized"] as unknown as import("../policy-core/types.js").PolicyReasonCode[],
+    expiresAtISO: bundle.sba.authorization.expiresAt,
+    rail: bundle.sba.authorization.allowedRails[0] ?? "xrpl",
+    _synthesized: true,
+  } as unknown as PaymentPolicyDecision & { _synthesized: true });
   return {
     policyGrant: bundle.policyGrant,
     signedBudgetAuthorization: bundle.sba,
-    signedPaymentAuthorization: bundle.spa,
-    settlement: bundle.settlement,
     paymentPolicyDecision: decision,
-    decisionId: bundle.spa.authorization.decisionId,
-    settlementIntent: bundle.settlementIntent ?? (bundle as { intent?: unknown }).intent,
   };
 }

src/cli/formatReport.ts

@@ -4,15 +4,12 @@
  */
 
 import type { VerificationReport, VerificationStep } from "../verifier/types.js";
-import type { PaymentPolicyDecision } from "../policy-core/types.js";
 
 const CHECK = "✔";
 const CROSS = "✗";
 
-/** Reverse execution order for chain display: leaf (intent) → root (grant). */
+/** Reverse execution order for chain display: leaf (budget) → root (grant). */
 const CHAIN_ORDER = [
-  "SettlementIntent.intentHash",
-  "SignedPaymentAuthorization.valid",
   "SignedBudgetAuthorization.valid",
   "PolicyGrant.valid",
 ];
@@ -26,15 +23,10 @@ function orderSteps(steps: VerificationStep[]): VerificationStep[] {
   return ordered;
 }
 
-export function formatVerificationReport(report: VerificationReport & { decision?: PaymentPolicyDecision & { _synthesized?: boolean } }): string {
+export function formatVerificationReport(report: VerificationReport): string {
   const lines: string[] = [];
   const ordered = orderSteps(report.steps);
 
-  if (report.decision?._synthesized) {
-    lines.push("⚠ Policy decision: SYNTHESIZED FROM SPA (policy evaluation not verified)");
-    lines.push("");
-  }
-
   for (const step of ordered) {
     const icon = step.ok ? CHECK : CROSS;
     const msg = step.ok ? step.name : `${step.name}: ${step.reason ?? "failed"}`;
@@ -43,12 +35,6 @@ export function formatVerificationReport(report: VerificationReport & { decision
 
   if (ordered.length > 0) lines.push("");
 
-  if (report.hashBindingChecked === true) {
-    lines.push("Hash binding: CHECKED");
-  } else if (report.hashBindingChecked === false) {
-    lines.push("Hash binding: NOT CHECKED (Lite Profile — intentHash absent)");
-  }
-
   if (report.result.valid) {
     lines.push("MPCP verification PASSED");
   } else {

src/cli/index.ts

@@ -26,7 +26,7 @@ Verify options:
 
 Accepts:
   - Full SettlementVerificationContext (policyGrant, signedBudgetAuthorization, etc.)
-  - JSON artifact bundle: settlement, intent, spa, sba, policyGrant
+  - JSON artifact bundle: sba, policyGrant
 
 Examples:
   mpcp verify examples/parking/settlement-bundle.json

src/cli/verify.ts

@@ -70,12 +70,6 @@ export function runVerify(
       process.env.MPCP_SBA_SIGNING_PUBLIC_KEY_PEM = data.sbaPublicKeyPem;
       process.env.MPCP_SBA_SIGNING_KEY_ID = data.sba.issuerKeyId;
     }
-    if (data.spaPublicKeyPem) {
-      saved.MPCP_SPA_SIGNING_PUBLIC_KEY_PEM = process.env.MPCP_SPA_SIGNING_PUBLIC_KEY_PEM;
-      saved.MPCP_SPA_SIGNING_KEY_ID = process.env.MPCP_SPA_SIGNING_KEY_ID;
-      process.env.MPCP_SPA_SIGNING_PUBLIC_KEY_PEM = data.spaPublicKeyPem;
-      process.env.MPCP_SPA_SIGNING_KEY_ID = data.spa.issuerKeyId;
-    }
   }
 
   try {

src/hash/computeSettlementIntentHash.ts

@@ -1,6 +1,2 @@
 export { canonicalJson } from "./canonicalJson.js";
 export { sha256Hex } from "./sha256.js";
-export { computeSettlementIntentHash } from "./computeSettlementIntentHash.js";
-
-/** @deprecated Use computeSettlementIntentHash instead */
-export { computeSettlementIntentHash as computeIntentHash } from "./computeSettlementIntentHash.js";

src/hash/index.ts

@@ -1,7 +1,6 @@
 export * from "./anchor/index.js";
 export * from "./policy-core/index.js";
 export * from "./protocol/types.js";
-export * from "./protocol/spa.js";
 export * from "./protocol/sba.js";
 export * from "./hash/index.js";
 export * from "./sdk/index.js";

src/index.ts

@@ -1,47 +1,23 @@
 import { z } from "zod";
-import { railSchema, assetSchema, iso8601DatetimeSchema } from "./shared.js";
 import { signedBudgetAuthorizationSchema } from "./signedBudgetAuthorization.js";
-import { signedPaymentAuthorizationSchema } from "./paymentAuthorization.js";
 import { policyGrantForVerificationSchema } from "./verifySchemas.js";
-import { settlementIntentForVerificationSchema } from "./verifySchemas.js";
-
-/**
- * Settlement result (executed settlement) for verification.
- * Rail-specific fields (txHash, payer, etc.) may be present.
- */
-export const settlementResultSchema = z
-  .object({
-    amount: z.string(),
-    rail: railSchema,
-    asset: assetSchema.optional(),
-    destination: z.string().optional(),
-    nowISO: iso8601DatetimeSchema.optional(),
-  })
-  .passthrough();
-
-export type SettlementResultSchema = z.infer<typeof settlementResultSchema>;
 
 /**
  * Canonical MPCP artifact bundle format.
- * Packages complete payment verification data for exchange between systems.
+ * Packages complete authorization verification data for exchange between systems.
  *
- * Required: policyGrant, sba, spa, settlement
- * Optional: settlementIntent, paymentPolicyDecision, ledgerAnchor, public keys
+ * Required: policyGrant, sba
+ * Optional: paymentPolicyDecision, public key
  *
- * When sbaPublicKeyPem and spaPublicKeyPem are present, the bundle is self-contained
- * and verification can run without MPCP_*_SIGNING_PUBLIC_KEY_PEM env vars.
+ * When sbaPublicKeyPem is present, the bundle is self-contained
+ * and verification can run without MPCP_SBA_SIGNING_PUBLIC_KEY_PEM env var.
  */
 export const artifactBundleSchema = z
   .object({
     policyGrant: policyGrantForVerificationSchema,
     sba: signedBudgetAuthorizationSchema,
-    spa: signedPaymentAuthorizationSchema,
-    settlement: settlementResultSchema,
-    settlementIntent: settlementIntentForVerificationSchema.optional(),
     paymentPolicyDecision: z.record(z.unknown()).optional(),
-    ledgerAnchor: z.record(z.unknown()).optional(),
     sbaPublicKeyPem: z.string().optional(),
-    spaPublicKeyPem: z.string().optional(),
   })
   .strict();
 

src/protocol/schema/artifactBundle.ts

@@ -3,8 +3,6 @@ export * from "./artifactBundle.js";
 export * from "./policyGrant.js";
 export * from "./budgetAuthorization.js";
 export * from "./signedBudgetAuthorization.js";
-export * from "./paymentAuthorization.js";
-export * from "./settlementIntent.js";
 export * from "./fleetPolicyAuthorization.js";
 export * from "./verifySchemas.js";
 export { validateWithSchema } from "./validate.js";