fix: P0 security fixes + P1 error handling, timeouts, rename cleanup

P0: isTrusted() fail-closed, SSRF URL validation on tweet/gist verification,
Action cast validation in API + MCP, private: true on api/contracts packages.

P1: score() throws instead of swallowing errors, bare catch blocks logged,
CLI try/catch, MCP connect error handling, getERC8004Owner response check,
10s timeouts on all raw fetch() calls, engine test fixes (no wall-clock
assertions), typecheck scripts for cli/mcp/web, evidenceURI https validation,
rate-limit Map bounded to 10k entries, AegisConfig → TrstLyrConfig rename
with deprecated alias, aegis-protocol → trstlyr-protocol User-Agent,
[aegis] → [trstlyr] log prefix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: tankcdr

apps/api/package.json

@@ -2,6 +2,7 @@
   "name": "@trstlyr/api",
   "version": "0.0.1",
   "description": "TrstLyr HTTP API \u2014 Fastify adapter over @trstlyr/core",
+  "private": true,
   "license": "Apache-2.0",
   "type": "module",
   "main": "./dist/index.js",

apps/api/src/index.ts

@@ -574,7 +574,14 @@ server.post('/v1/trust/gate', { config: { rateLimit: { max: 120, timeWindow: '1
   }
   if (!validateSubjectString(body.counterparty, reply)) return;
 
-  const action = (body.action ?? 'transact') as Action;
+  const VALID_ACTIONS: Action[] = ['install', 'execute', 'delegate', 'transact', 'review'];
+  const rawAction = body.action ?? 'transact';
+  if (!VALID_ACTIONS.includes(rawAction as Action)) {
+    return reply.code(400).send({
+      error: `Invalid action "${rawAction}". Must be one of: ${VALID_ACTIONS.join(', ')}`,
+    });
+  }
+  const action = rawAction as Action;
   const amountUsd = typeof body.amount_usd === 'number' ? body.amount_usd : null;
 
   // Determine threshold based on action + amount

apps/api/src/routes/behavioral.ts

@@ -67,6 +67,16 @@ export async function registerBehavioralRoutes(
       if (!interactionAt || typeof interactionAt !== 'number') {
         return reply.code(400).send({ error: '"interactionAt" is required (unix timestamp)' });
       }
+      if (evidenceURI !== undefined && evidenceURI !== null) {
+        try {
+          const parsed = new URL(evidenceURI);
+          if (parsed.protocol !== 'https:') {
+            return reply.code(400).send({ error: '"evidenceURI" must use https:// scheme' });
+          }
+        } catch {
+          return reply.code(400).send({ error: '"evidenceURI" must be a valid https:// URL' });
+        }
+      }
 
       // Derive attester from x402 payment proof (EIP-3009 `from` = payer wallet)
       let attester: string | undefined;

apps/api/src/routes/discover.ts

@@ -80,9 +80,28 @@ const FALLBACK_SUBJECTS = [
 const discoverFreeTier = new Map<string, { count: number; resetAt: number }>();
 const FREE_LIMIT = 3;
 const DAY_MS = 86_400_000;
+const MAX_FREE_TIER_ENTRIES = 10_000;
 
 function checkFreeQuota(ip: string): { allowed: boolean; remaining: number } {
   const now = Date.now();
+
+  // Prune expired entries and cap Map size to prevent unbounded growth
+  if (discoverFreeTier.size > MAX_FREE_TIER_ENTRIES) {
+    for (const [key, val] of discoverFreeTier) {
+      if (now > val.resetAt) discoverFreeTier.delete(key);
+    }
+    // If still over limit after pruning expired, delete oldest entries
+    if (discoverFreeTier.size > MAX_FREE_TIER_ENTRIES) {
+      const excess = discoverFreeTier.size - MAX_FREE_TIER_ENTRIES;
+      let deleted = 0;
+      for (const key of discoverFreeTier.keys()) {
+        if (deleted >= excess) break;
+        discoverFreeTier.delete(key);
+        deleted++;
+      }
+    }
+  }
+
   const entry = discoverFreeTier.get(ip);
 
   if (!entry || now > entry.resetAt) {

apps/web/package.json

@@ -6,7 +6,8 @@
     "dev": "next dev -p 3001",
     "build": "next build",
     "start": "next start",
-    "lint": "next lint"
+    "lint": "next lint",
+    "typecheck": "tsc --noEmit"
   },
   "dependencies": {
     "next": "^15.1.0",

contracts/package.json

@@ -1,6 +1,7 @@
 {
   "name": "@trstlyr/contracts",
   "version": "0.0.1",
+  "private": true,
   "description": "TrstLyr on-chain components \u2014 EAS schema registration",
   "license": "Apache-2.0",
   "type": "module",

packages/cli/package.json

@@ -14,6 +14,7 @@
   ],
   "scripts": {
     "build": "tsc",
+    "typecheck": "tsc --noEmit",
     "prepublishOnly": "tsc"
   },
   "dependencies": {

packages/cli/src/index.ts

@@ -135,11 +135,16 @@ ${c.bold('EXIT CODES')}
 // ── Command handlers ──
 
 async function cmdScore(subject: string, json: boolean): Promise<void> {
-  const result = await sdkScore(subject);
-  if (json) {
-    console.log(JSON.stringify(scoreJson(result), null, 2));
-  } else {
-    console.log(formatScore(result));
+  try {
+    const result = await sdkScore(subject);
+    if (json) {
+      console.log(JSON.stringify(scoreJson(result), null, 2));
+    } else {
+      console.log(formatScore(result));
+    }
+  } catch (err) {
+    console.error(c.red(`Error scoring "${subject}": ${err instanceof Error ? err.message : String(err)}`));
+    process.exit(1);
   }
 }
 
@@ -175,11 +180,16 @@ async function cmdGate(subject: string, minScore: number, strict: boolean, json:
 }
 
 async function cmdAttest(subject: string, json: boolean): Promise<void> {
-  const result = await sdkAttest(subject);
-  if (json) {
-    console.log(JSON.stringify(result, null, 2));
-  } else {
-    console.log(formatAttestation(result));
+  try {
+    const result = await sdkAttest(subject);
+    if (json) {
+      console.log(JSON.stringify(result, null, 2));
+    } else {
+      console.log(formatAttestation(result));
+    }
+  } catch (err) {
+    console.error(c.red(`Error attesting "${subject}": ${err instanceof Error ? err.message : String(err)}`));
+    process.exit(1);
   }
 }
 
@@ -190,22 +200,28 @@ async function cmdBehavioral(
   value: number | undefined,
   json: boolean,
 ): Promise<void> {
-  const result = await sdkBehavioral({
-    subject,
-    outcome: outcome as 'success' | 'partial' | 'failed',
-    rating,
-    value_usd: value,
-  });
-  if (json) {
-    console.log(JSON.stringify(result, null, 2));
-  } else {
-    console.log(formatBehavioral(result));
+  try {
+    const result = await sdkBehavioral({
+      subject,
+      outcome: outcome as 'success' | 'partial' | 'failed',
+      rating,
+      value_usd: value,
+    });
+    if (json) {
+      console.log(JSON.stringify(result, null, 2));
+    } else {
+      console.log(formatBehavioral(result));
+    }
+  } catch (err) {
+    console.error(c.red(`Error posting behavioral attestation: ${err instanceof Error ? err.message : String(err)}`));
+    process.exit(1);
   }
 }
 
 // ── Main ──
 
 export async function main(): Promise<void> {
+  try {
   const { values, positionals } = parseArgs({
     args: process.argv.slice(2),
     options: {
@@ -271,4 +287,8 @@ export async function main(): Promise<void> {
       console.error(`Unknown command: ${command}. Run \`trstlyr help\` for usage.`);
       process.exit(1);
   }
+  } catch (err) {
+    console.error(c.red(`Fatal error: ${err instanceof Error ? err.message : String(err)}`));
+    process.exit(1);
+  }
 }

packages/core/src/__tests__/engine.test.ts

@@ -177,23 +177,20 @@ describe('TrustEngine — provider failure handling', () => {
     expect(result).toBeTruthy();
   });
 
-  it('provider timeout: slow provider does not block result indefinitely', async () => {
+  it('provider timeout: slow provider is recorded as unresolved', async () => {
     const slowProvider = makeProvider('github', 0.9, 0.95, { delayMs: 5000 });
     const engine = new TrustEngine({
       providers: [slowProvider],
       scoring: { providerTimeout: 100 }, // 100ms timeout
     });
 
-    const start = Date.now();
     const result = await engine.query({
       subject: { type: 'agent', namespace: 'github', id: 'slow' },
     });
-    const elapsed = Date.now() - start;
 
-    // Should have timed out well before 5s
-    expect(elapsed).toBeLessThan(2000);
     // Unresolved entry recorded for the timeout
     expect(result.unresolved.length).toBeGreaterThan(0);
+    expect(result.unresolved[0]?.reason).toMatch(/timeout/i);
   }, 10_000);
 
   it('all providers fail → score 0, critical, all providers in unresolved', async () => {
@@ -268,22 +265,16 @@ describe('TrustEngine — introspection', () => {
 // ── Score sanity across provider combinations ─────────────────────────────────
 
 describe('TrustEngine — scoring sanity', () => {
-  it('two strong agreeing signals → higher score than one alone', async () => {
+  it('trust_score is bounded [0,100] for single and multi-provider engines', async () => {
     const single = makeEngine([makeProvider('github', 0.85, 0.9)]);
     const double = makeEngine([
       makeProvider('github', 0.85, 0.9),
       makeProvider('twitter', 0.80, 0.85),
     ]);
 
     const r1 = await single.query({ subject: { type: 'agent', namespace: 'github', id: 'alice' } });
-    // Double engine needs to handle both namespaces — query github (supported by both namespaces provider)
-    // Use a subject that both providers support by using namespace 'github' for first, twitter for second
-    // Actually: query github:alice — only github provider fires in double too (twitter doesn't support github ns)
-    // So let's test by querying a subject where both match: use a neutral subject key
-    // Better: just verify the double-provider result has more signals and lower uncertainty
     const r2 = await double.query({ subject: { type: 'agent', namespace: 'github', id: 'alice2' } });
-    // Both results should be valid; single vs double isn't directly comparable without same subject
-    // Core invariant: trust_score is in [0,100]
+
     expect(r1.trust_score).toBeGreaterThanOrEqual(0);
     expect(r1.trust_score).toBeLessThanOrEqual(100);
     expect(r2.trust_score).toBeGreaterThanOrEqual(0);

packages/core/src/engine/trust-engine.ts

@@ -9,7 +9,7 @@ import { TTL, HTTP, FRAUD } from '../constants.js';
 //   });
 
 import type {
-  AegisConfig,
+  TrstLyrConfig,
   EvaluateRequest,
   FraudSignal,
   Provider,
@@ -49,7 +49,7 @@ export class TrustEngine {
   /** In-flight queries — deduplicates simultaneous requests for the same subject */
   private readonly inFlight = new Map<string, Promise<TrustResult>>();
 
-  constructor(config: AegisConfig = {}) {
+  constructor(config: TrstLyrConfig = {}) {
     // Build default provider set based on available env vars
     // Explicit config.providers always wins; otherwise auto-detect from env
     this.providers =
@@ -300,7 +300,7 @@ export class TrustEngine {
         };
       } catch (err) {
         // Attestation failure is non-fatal — log and continue
-        console.warn('[aegis] EAS attestation failed:', err instanceof Error ? err.message : err);
+        console.warn('[trstlyr] EAS attestation failed:', err instanceof Error ? err.message : err);
       }
     }