docs: comprehensive documentation consistency and clarity pass

- Fix all broken ./doc/ links in README.md → correct ./docs/implementation/ and
  ./docs/reference/ paths; update repo structure diagram (doc → docs)
- Fix examples/parking/fleet-policy.json: allowedAssets string array → object
  array format matching spec (kind/currency/issuer)
- Fix SDK docs: add missing required grantId parameter to
  createBudgetAuthorization and createSignedBudgetAuthorization examples in both
  docs/reference/sdk.md and docs/implementation/sdk.md; add null-return note
- Fix stale path references: parking-session/ → parking/ (3 occurrences in
  parking/README.md and .gitignore), fleet-simulator/ → machine-commerce/
  (machine-commerce/README.md, simulate.mjs, reference-profiles.md)
- Differentiate SDK docs: rewrite docs/implementation/sdk.md as a lifecycle
  guide (PolicyGrant → SBA → SPA → verify, chain linkage table, end-to-end
  example); docs/reference/sdk.md remains the pure API reference
- Add Vehicle Wallet Roles section to machine-wallet-guardrails.md: session
  authority role (creates/signs SBA) and payment decision service role
  (evaluates requests, signs SPA locally)
- Add Key Resolution section to verifier.md: HTTPS well-known baseline,
  optional DID resolution, and inline keys for self-contained bundles

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: 2 people

.gitignore

@@ -5,7 +5,7 @@ dist/
 *.test.d.ts
 .DS_Store
 diff.tmp
-examples/parking-session/guardrails-demo-bundle.json
-examples/parking-session/guardrails-demo-tampered.json
+examples/parking/guardrails-demo-bundle.json
+examples/parking/guardrails-demo-tampered.json
 examples/fleet-payment/fleet-demo-bundle.json
-examples/parking-session/offline-demo-bundle.json
+examples/parking/offline-demo-bundle.json

README.md

@@ -9,26 +9,23 @@ The service is designed to sit between **application logic** (such as parking sy
 
 For the rationale behind the protocol, see:
 
-[Why MPCP Exists](./doc/Why_MPCP.md)
+[Why MPCP Exists](https://github.com/mpcp-protocol/mpcp-spec/blob/main/docs/overview/what-is-mpcp.md)
 
-For the full documentation site (overview, guides, examples, reference), see **[docs/](./docs/)**. When [GitHub Pages](https://docs.github.com/en/pages) is enabled, the site is published automatically from `main`.
-
-**To enable the docs site:** go to **Settings → Pages** → Source: **Deploy from a branch** → Branch: **gh-pages** → Save. The workflow pushes the built site to `gh-pages` on each push to `main`.
+For the full documentation site (overview, guides, examples, reference), see **[docs/](./docs/)**.
 
 For the full protocol specification, see:
 
-[Machine Payment Control Protocol Specification](./doc/protocol/mpcp.md)
+[Machine Payment Control Protocol Specification](https://github.com/mpcp-protocol/mpcp-spec/blob/main/docs/protocol/mpcp.md)
 
 This document defines the MPCP artifacts, verification rules, canonical hashing, replay protection, the authorization lifecycle, and the verification algorithm used by MPCP implementations.
 
-For compatibility and versioning policy (what is stable, how 1.0/1.1/2.0 evolve), see [Compatibility and Versioning](./doc/architecture/COMPATIBILITY_AND_VERSIONING.md).
-
 ## Documentation Layout
 
-This repository contains two documentation layers:
+This repository contains one documentation layer:
+
+- **docs/** — Developer documentation site (guides, examples, reference, API)
 
-- **doc/** — Protocol specification and architecture documents (normative)
-- **docs/** — Developer documentation site (guides, examples, reference)
+The canonical protocol specification lives in the [mpcp-spec](https://github.com/mpcp-protocol/mpcp-spec) repository.
 
 ---
 
@@ -205,20 +202,20 @@ These are used to bind authorizations to a specific settlement intent.
 
 ## Intent Anchoring (optional)
 
-Optional support for publishing intent hashes to distributed ledgers (public auditability, dispute protection). **Mock anchor** for development; **Hedera HCS** adapter for real anchoring. See [Intent Anchoring](./doc/architecture/INTENT_ANCHORING.md).
+Optional support for publishing intent hashes to distributed ledgers (public auditability, dispute protection). **Mock anchor** for development; **Hedera HCS** adapter for real anchoring. See [Intent Anchoring](./docs/implementation/intent-anchoring.md).
 
 ## Dispute Verification (optional)
 
-`verifyDisputedSettlement` validates disputed settlements using the full MPCP chain plus optional ledger anchor. See [Dispute Verification](./doc/architecture/DISPUTE_VERIFICATION.md).
+`verifyDisputedSettlement` validates disputed settlements using the full MPCP chain plus optional ledger anchor. See [Dispute Verification](./docs/implementation/dispute-verification.md).
 
 ## Reference Service API (optional)
 
-Backend-friendly facade: `issueBudget`, `verifySettlementService`, `verifyDispute` / `verifyDisputeAsync`, `anchorIntent`. See [REFERENCE_SERVICE_API](./doc/architecture/REFERENCE_SERVICE_API.md). Import from `mpcp-service/service`.
+Backend-friendly facade: `issueBudget`, `verifySettlementService`, `verifyDispute` / `verifyDisputeAsync`, `anchorIntent`. See [Reference Service API](./docs/reference/service-api.md). Import from `mpcp-service/service`.
 
 ## Fleet Operator Tooling (optional)
 
 - **Settlement verification logs** — `mpcp verify <file> --append-log audit.jsonl` appends verification results to a JSONL audit trail
-- **Fleet policy summary** — `mpcp policy-summary <policy.json>` prints policy constraints. Use `--profile <name>` for lightweight reference-profile validation [(parking, charging, fleet-offline, hosted-rail)](./doc/architecture/REFERENCE_PROFILES.md). See [Fleet Operator Tooling](./doc/architecture/FLEET_OPERATOR_TOOLING.md).
+- **Fleet policy summary** — `mpcp policy-summary <policy.json>` prints policy constraints. Use `--profile <name>` for lightweight reference-profile validation [(parking, charging, fleet-offline, hosted-rail)](./docs/implementation/reference-profiles.md). See [Fleet Operator Tooling](./docs/implementation/fleet-operator-tooling.md).
 
 ---
 
@@ -299,7 +296,7 @@ mpcp-service
  │   └── ...
  │
  ├── test
- ├── doc
+ ├── docs
  ├── package.json
  └── tsconfig.json
 ```

docs/implementation/machine-wallet-guardrails.md

@@ -35,6 +35,41 @@ MPCP provides three layers of enforcement before a machine can pay:
 - **Intent hash** — SPA binds to a canonical SettlementIntent
 - **Tamper resistance** — SettlementIntent and final settlement must match the signed authorization
 
+## Vehicle Wallet Roles
+
+In an autonomous deployment, the vehicle wallet plays **two distinct roles** in the MPCP authorization pipeline.
+
+### Session Authority
+
+The wallet creates and signs the **SignedBudgetAuthorization (SBA)** before the session begins. This establishes the session-level spending envelope:
+
+- Sets `maxAmountMinor` — the total spend ceiling for the session
+- Sets `destinationAllowlist` — the permitted payees
+- Binds to the PolicyGrant via `grantId`
+
+The SBA is signed with the wallet's SBA key (`MPCP_SBA_SIGNING_PRIVATE_KEY_PEM`). Verifiers check this signature to confirm the budget was set by a trusted session authority.
+
+### Payment Decision Service
+
+For each payment request within the session, the wallet evaluates the request against the loaded policy chain and, if approved, creates and signs a **SignedPaymentAuthorization (SPA)**:
+
+- Assigns a unique `decisionId`
+- Commits to the specific amount, destination, and asset
+- Computes and binds an `intentHash` to a canonical SettlementIntent
+- Signs with the wallet's SPA key (`MPCP_SPA_SIGNING_PRIVATE_KEY_PEM`)
+
+This decision is made **locally** — no central approval API is contacted. The SPA is a cryptographic proof that the wallet approved this specific payment within the authorized budget.
+
+### Why Two Roles?
+
+Separating session authority from payment decisions allows fleet operators to:
+
+- Pre-authorize a spending envelope (SBA) before the vehicle enters service
+- Let the vehicle make individual payment decisions (SPA) locally within that envelope
+- Give verifiers a complete, self-contained authorization chain to validate
+
+---
+
 ## Wallet Integration
 
 A machine wallet integrates MPCP by performing checks *before* signing an SPA.

docs/implementation/reference-profiles.md

@@ -93,7 +93,7 @@ Profiles define expected policy shape. Use `mpcp policy-summary` with `--profile
 ```bash
 mpcp policy-summary profiles/parking.json --profile parking
 mpcp policy-summary profiles/xrpl-stablecoin.json --profile xrpl-stablecoin
-mpcp policy-summary examples/fleet-simulator/fleet-policy.json --profile parking
+mpcp policy-summary examples/machine-commerce/fleet-policy.json --profile parking
 ```
 
 Validation checks: `allowedRails` in the policy must be a subset of the profile’s allowed rails; if the policy declares `_profile`, it must match the profile name.

docs/implementation/sdk.md

@@ -1,54 +1,50 @@
-# SDK Reference
+# SDK — Implementation Guide
 
-The MPCP SDK provides lower-level artifact creation, hashing, and verification.
+The MPCP SDK creates and verifies authorization artifacts. This guide shows how the artifacts fit together as a connected lifecycle.
 
-## Install
+For the full API reference (all function signatures, parameters, and env vars), see [SDK Reference](../reference/sdk.md).
 
-```bash
-npm install mpcp-service
+## Artifact Lifecycle
+
+MPCP authorization flows through three artifact types, each constraining the next:
+
+```
+PolicyGrant  →  SBA (session budget)  →  SPA (per-payment)  →  Settlement
 ```
 
-## Import
+Each artifact references the previous via shared fields:
+
+| Field | Carried by | Links to |
+|-------|-----------|----------|
+| `grantId` | SBA | `PolicyGrant.grantId` |
+| `sessionId` | SPA | `SBA.authorization.sessionId` |
+| `intentHash` | SPA | `computeSettlementIntentHash(intent)` |
+
+## Full Lifecycle Example
 
 ```typescript
 import {
   createPolicyGrant,
-  createBudgetAuthorization,
   createSignedBudgetAuthorization,
-  createSignedPaymentAuthorization,
   createSettlementIntent,
+  createSignedPaymentAuthorization,
   computeSettlementIntentHash,
-  computeIntentHash,
-  canonicalJson,
-  verifyPolicyGrant,
-  verifySettlement,
-  verifySettlementWithReport,
-  verifySettlementDetailed,
 } from "mpcp-service/sdk";
-```
-
-## Policy Grant
-
-```typescript
-import { createPolicyGrant } from "mpcp-service/sdk";
 
+// 1. PolicyGrant — fleet policy evaluation result
+//    Defines allowed rails, assets, and expiration for this session.
 const grant = createPolicyGrant({
   policyHash: "a1b2c3",
-  allowedRails: ["xrpl", "evm"],
+  allowedRails: ["xrpl"],
   allowedAssets: [{ kind: "IOU", currency: "RLUSD", issuer: "rIssuer" }],
   expiresAt: "2030-12-31T23:59:59Z",
 });
-```
-
-## Budget Authorization
-
-```typescript
-import {
-  createBudgetAuthorization,
-  createSignedBudgetAuthorization,
-} from "mpcp-service/sdk";
 
-const budgetAuth = createBudgetAuthorization({
+// 2. SBA — session spending envelope
+//    grantId binds this SBA to the PolicyGrant above.
+//    Returns null if MPCP_SBA_SIGNING_PRIVATE_KEY_PEM is not set.
+const sba = createSignedBudgetAuthorization({
+  grantId: grant.grantId,
   sessionId: "sess-123",
   vehicleId: "veh-456",
   policyHash: "a1b2c3",
@@ -60,36 +56,17 @@ const budgetAuth = createBudgetAuthorization({
   expiresAt: "2030-12-31T23:59:59Z",
 });
 
-// Signed (requires MPCP_SBA_SIGNING_PRIVATE_KEY_PEM)
-const sba = createSignedBudgetAuthorization({
-  sessionId: budgetAuth.sessionId,
-  vehicleId: budgetAuth.vehicleId,
-  policyHash: budgetAuth.policyHash,
-  currency: budgetAuth.currency,
-  maxAmountMinor: budgetAuth.maxAmountMinor,
-  allowedRails: budgetAuth.allowedRails,
-  allowedAssets: budgetAuth.allowedAssets,
-  destinationAllowlist: budgetAuth.destinationAllowlist,
-  expiresAt: budgetAuth.expiresAt,
-});
-```
-
-## Payment Authorization
-
-```typescript
-import {
-  createSignedPaymentAuthorization,
-  createSettlementIntent,
-  computeSettlementIntentHash,
-} from "mpcp-service/sdk";
-
+// 3. SettlementIntent — canonical representation of the payment
 const intent = createSettlementIntent({
   rail: "xrpl",
   amount: "1000",
   destination: "rParking",
   asset: { kind: "IOU", currency: "RLUSD", issuer: "rIssuer" },
 });
 
+// 4. SPA — per-payment authorization
+//    sessionId matches SBA. intentHash binds SPA to the specific settlement.
+//    Returns null if MPCP_SPA_SIGNING_PRIVATE_KEY_PEM is not set.
 const spa = createSignedPaymentAuthorization({
   decisionId: "dec-789",
   sessionId: "sess-123",
@@ -102,42 +79,43 @@ const spa = createSignedPaymentAuthorization({
   intentHash: computeSettlementIntentHash(intent),
   expiresAt: "2030-12-31T23:59:59Z",
 });
-```
-
-Requires `MPCP_SPA_SIGNING_PRIVATE_KEY_PEM`.
-
-## Hashing
 
-```typescript
-import { computeSettlementIntentHash, computeIntentHash, canonicalJson } from "mpcp-service/sdk";
+// 5. Verify the settlement bundle
+import { verifySettlement } from "mpcp-service/sdk";
 
-const intentHash = computeSettlementIntentHash(intent);
-const canonical = canonicalJson({ rail: "xrpl", amount: "1000", destination: "rDest" });
+const result = verifySettlement({
+  policyGrant: grant,
+  signedBudgetAuthorization: sba,
+  signedPaymentAuthorization: spa,
+  settlementIntent: intent,
+  settlement: { rail: "xrpl", amount: "1000", destination: "rParking", asset: intent.asset },
+});
+// result.valid === true
 ```
 
-## Verification
+## Vehicle Wallet Roles
 
-```typescript
-import { verifySettlement, verifySettlementWithReport, verifySettlementDetailed } from "mpcp-service/sdk";
+In an autonomous deployment, the wallet plays both roles in this lifecycle:
 
-const result = verifySettlement(context);
-const { result, steps } = verifySettlementWithReport(context);
-const { valid, checks } = verifySettlementDetailed(context);
-```
+- **Session authority** — signs the SBA, establishing the session budget
+- **Payment decision service** — evaluates each payment request and signs the SPA locally
+
+See [Machine Wallet Guardrails](machine-wallet-guardrails.md) for the full guardrail model, threat analysis, and integration checklist.
 
 ## Environment Variables
 
 | Variable | Purpose |
 |----------|---------|
 | MPCP_SBA_SIGNING_PRIVATE_KEY_PEM | Private key for signing SBAs |
 | MPCP_SBA_SIGNING_PUBLIC_KEY_PEM | Public key for verifying SBAs |
-| MPCP_SBA_SIGNING_KEY_ID | Key identifier (default: mpcp-sba-signing-key-1) |
+| MPCP_SBA_SIGNING_KEY_ID | Key identifier (default: `mpcp-sba-signing-key-1`) |
 | MPCP_SPA_SIGNING_PRIVATE_KEY_PEM | Private key for signing SPAs |
 | MPCP_SPA_SIGNING_PUBLIC_KEY_PEM | Public key for verifying SPAs |
-| MPCP_SPA_SIGNING_KEY_ID | Key identifier (default: mpcp-spa-signing-key-1) |
+| MPCP_SPA_SIGNING_KEY_ID | Key identifier (default: `mpcp-spa-signing-key-1`) |
 
 ## See Also
 
+- [SDK Reference](../reference/sdk.md) — Full API reference
 - [MPCP Reference Flow](https://github.com/mpcp-protocol/mpcp-spec/blob/main/docs/architecture/reference-flow.md) — End-to-end flow with SDK usage
 - [Service API](../reference/service-api.md) — Higher-level facade
 - [Build a Machine Wallet](https://github.com/mpcp-protocol/mpcp-spec/blob/main/docs/guides/build-a-machine-wallet.md)

docs/implementation/verifier.md

@@ -40,6 +40,49 @@ if (result.valid) {
 
 The `context` includes policyGrant, signedBudgetAuthorization, signedPaymentAuthorization, settlement, paymentPolicyDecision, decisionId, and optional settlementIntent.
 
+## Key Resolution
+
+MPCP signatures include an `issuerKeyId` field that identifies which public key to use for verification. Verifiers resolve the key using one of two mechanisms.
+
+### HTTPS Well-Known (Baseline)
+
+The issuer publishes their public keys at:
+
+```
+https://{issuerDomain}/.well-known/mpcp-keys.json
+```
+
+Format:
+
+```json
+{
+  "keys": [
+    {
+      "keyId": "mpcp-sba-signing-key-1",
+      "publicKeyPem": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n",
+      "use": "sba"
+    },
+    {
+      "keyId": "mpcp-spa-signing-key-1",
+      "publicKeyPem": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n",
+      "use": "spa"
+    }
+  ]
+}
+```
+
+The `issuerKeyId` in the signed envelope identifies which entry to use.
+
+### DID Document (Optional)
+
+For issuers using decentralized identifiers, keys may be resolved via a DID document. The `issuerKeyId` corresponds to a `verificationMethod` in the DID document. DID resolution is an optional enhancement over the HTTPS well-known baseline.
+
+### Inline Keys (Self-Contained Bundles)
+
+Settlement bundles for development and conformance testing may include `sbaPublicKeyPem` and `spaPublicKeyPem` directly. This avoids external resolution and makes bundles self-contained for `mpcp verify`.
+
+---
+
 ## Dispute Verification
 
 When a settlement is disputed, `verifyDisputedSettlement` runs full chain verification plus optional ledger anchor verification. If the intent was anchored (e.g., to Hedera HCS), the anchor can be checked against the expected intentHash.

docs/reference/sdk.md

@@ -2,6 +2,8 @@
 
 The MPCP SDK provides lower-level artifact creation, hashing, and verification.
 
+For a narrative walkthrough showing how the artifacts connect end-to-end, see [SDK — Implementation Guide](../implementation/sdk.md).
+
 ## Install
 
 ```bash
@@ -49,6 +51,7 @@ import {
 } from "mpcp-service/sdk";
 
 const budgetAuth = createBudgetAuthorization({
+  grantId: grant.grantId,      // from createPolicyGrant
   sessionId: "sess-123",
   vehicleId: "veh-456",
   policyHash: "a1b2c3",
@@ -60,8 +63,9 @@ const budgetAuth = createBudgetAuthorization({
   expiresAt: "2030-12-31T23:59:59Z",
 });
 
-// Signed (requires MPCP_SBA_SIGNING_PRIVATE_KEY_PEM)
+// Signed (requires MPCP_SBA_SIGNING_PRIVATE_KEY_PEM — returns null if not set)
 const sba = createSignedBudgetAuthorization({
+  grantId: budgetAuth.grantId,
   sessionId: budgetAuth.sessionId,
   vehicleId: budgetAuth.vehicleId,
   policyHash: budgetAuth.policyHash,