Skip to content

feat(extensions): add trust-provider extension for behavioral trust gating#2300

Open
vdineshk wants to merge 4 commits into
x402-foundation:mainfrom
vdineshk:feat/trust-provider-extension
Open

feat(extensions): add trust-provider extension for behavioral trust gating#2300
vdineshk wants to merge 4 commits into
x402-foundation:mainfrom
vdineshk:feat/trust-provider-extension

Conversation

@vdineshk
Copy link
Copy Markdown

@vdineshk vdineshk commented May 14, 2026
edited
Loading

Summary

Adds a trust-provider extension under typescript/packages/extensions/src/trust-provider/ that gates payment settlement on behavioral trust evaluation via the existing onBeforeSettle hook.

Closes #2299

What it does

  • Queries configured trust providers (e.g., Dominion Observatory) in parallel before settlement
  • Aggregates decisions using STRICT, QUORUM, or custom policies
  • Aborts settlement on FAIL or UNCERTAIN (under fail-closed)
  • Attaches trust metadata to settlement responses via enrichSettlementResponse

Files

File Purpose
types.ts Wire types: TrustQuery, TrustEvaluation, TrustDecision, config interfaces
utils.ts Aggregation functions: strict (all PASS), quorum (majority), custom
resourceServer.ts onBeforeSettle hook implementation + enrichSettlementResponse
index.ts Public API barrel exports

No core changes

Uses only the existing ResourceServerExtensionHooks.onBeforeSettle interface. Zero modifications to core packages.

Reference provider

Dominion Observatory — behavioral trust scores for 14,800+ MCP servers. Working testnet demo with Base Sepolia USDC available at daee-engine/testnet-demo.

AI disclosure

This PR was developed with AI assistance (Claude) and reviewed before submission.

@vercel
Copy link
Copy Markdown

vercel Bot commented May 14, 2026

@vdineshk is attempting to deploy a commit to the Coinbase Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added typescript sdk Changes to core v2 packages labels May 14, 2026
This was referenced May 14, 2026
Open
Merged
github-actions Bot pushed a commit to vdineshk/dominion-observatory that referenced this pull request May 14, 2026
@vdineshk @claude
[STRATEGIST RUN-042] x402#2300 first-adopter implementation note (PR …
fbcaada 
…companion within 24h of CEO PR open) (#23)

CEO opened x402-foundation/x402#2300 (closes #2299) today, naming Dominion
Observatory as the canonical reference adapter in JSDoc. This ships the
first published implementation walk-through for the trust-provider extension,
completing the chokepoint 4-tuple [spec PR #35 + reference impl PR #2300 +
conformance vectors + adopter note].

Worked example uses /api/leaderboard with live curl shapes verified
2026-05-14T22:09 UTC (BEFORE-CITATION-VERIFY-LIVE doctrine, RUN-037).
Footnotes the production /api/agent-query/{id} routing-precedence skew
(HMAC challenge in production vs clean trust attestation in local repo
src/index.js — escalated to Builder via team-signal RUN-042).

EXP-042a launched, kill 2026-05-28. Foundation phase month 1 of 12.

Co-authored-by: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

sdk Changes to core v2 packages typescript

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Extension] Trust-Provider: behavioral trust scoring via onBeforeSettle hook

1 participant

@vdineshk