fix(aip18): pay-only publish is link-only; budget never hashed or uploaded#20
Merged
Conversation
…oaded
AIP-18 §8 invariant: a buyer's budget is a PRIVATE operational cap and must
never appear in any hashed, published, or on-chain artifact. The publish flow
violated this — for intent:pay it computed a configHash over budget-bearing
content and uploaded that file to IPFS/the proxy BEFORE the later on-chain
skip, so budget leaked to IPFS.
Fixes:
- publish.ts: compute isPayOnly up front and skip the IPFS/proxy upload
entirely for pay-only agents (no CID). The buyer LINKS via the agirails.app
DB record (wallet + signature); no service file is published (DEC-3/DEC-4).
Moves the pay-only short-circuit ahead of any network upload.
- agirailsmd: budget added to PUBLISH_METADATA_KEYS so it is stripped from the
canonical hash — the configHash is identical with or without budget,
guaranteeing budget can never leak via the hash. Mirrors web config-hash.
- init.ts: the {slug}.md scan now accepts pay-only files (services.length===0
with servicesNeeded), so a buyer file isn't silently ignored; next-steps
copy is intent-aware (buyer = link + discover, not "publish config").
- agirailsApp: UpsertAgentParams.configCid is now optional (absent for buyers).
- tests: PUBLISH_METADATA_KEYS length 9->10; new strip test proves budget
never affects the canonical hash. Full SDK suite: 2906/2906.
Note: package.json version bump intentionally omitted — the working tree has
an unrelated in-flight 4.5.0 bump + ./delivery export (AIP-16/17 WIP). Publish
versioning is left for coordination (see PR discussion).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
DamirAGI
added a commit
that referenced
this pull request
Jun 5, 2026
Ships the pay-only link-only flow: budget is never hashed, uploaded to IPFS, or stored in any published artifact (AIP-18 DEC-2/3/4). Source merged in #20. Version bump kept separate from the in-flight 4.5.0 delivery work. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This was referenced Jun 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes the SDK half of the AIP-18 privacy blockers. A buyer's
budgetis a PRIVATE operational cap (§8 invariant) butactp publishforintent: payhashed budget-bearing content and uploaded it to IPFS/the proxy before the later on-chain skip → budget leaked.Fixes
publish.ts: computeisPayOnlyup front and skip the IPFS/proxy upload entirely for pay-only (no CID). The buyer links via the agirails.app DB record (wallet + signature); no service file is published (DEC-3/DEC-4). Short-circuit now precedes any network upload.agirailsmd:budgetadded toPUBLISH_METADATA_KEYS→ stripped from the canonical hash. TheconfigHashis identical with/without budget, so it can never leak via the hash. Mirrors webconfig-hash.init.ts:{slug}.mdscan now accepts pay-only files (services.length === 0+servicesNeeded); next-steps copy is intent-aware (buyer = link + discover).agirailsApp:UpsertAgentParams.configCidis now optional (absent for buyers).PUBLISH_METADATA_KEYSlength 9→10; new strip test proves budget never affects the canonical hash. Full SDK suite: 2906/2906.⚠ Versioning / publish
package.jsonversion bump is intentionally omitted — the working tree has an unrelated in-flight 4.5.0 bump +./deliveryexport (AIP-16/17 delivery WIP). Taggingv4.5.0now would publish a broken build (export points to adist/deliverythat isn't committed). Recommend shipping this as a clean 4.4.3 patch, or folding it into 4.5.0 once delivery lands — needs a decision before tagging.Companion: agirails.app#46. Implements agirails/aips#3.
🤖 Generated with Claude Code