Align OCP with OCI Platform Architect Mandate

.gitignore

@@ -56,6 +56,9 @@ dump.rdb
 
 # Documentation (generated)
 docs/api/
+ocp-docs/.next/
+ocp-docs/out/
+ocp-docs/node_modules/
 
 # OS
 Thumbs.db

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Open Commerce Initiative (OCI) Contributors
+Copyright (c) 2024 Open Wallet Contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

docs/product-hub/content/security.md

@@ -1,6 +1,16 @@
 # Security Overview
 
-Security is a foundational pillar of the Open Commerce Protocol (OCP). The SDK is designed with a "secure by design" philosophy, incorporating multiple layers of protection to ensure the integrity, confidentiality, and availability of all commerce transactions and sensitive data.
+Security is a foundational pillar of the Open Commerce Protocol (OCP). The SDK is designed with a **Zero Trust** architecture, incorporating multiple layers of protection to ensure the integrity, confidentiality, and authority of all autonomous commerce transactions.
+
+## The Last Line of Defense (Mandate-Enforced)
+
+OCP implements the **"Last Line of Defense"** principle through cryptographic validation. The Secure Enclave (Vault) never signs a transaction unless it passes a validation check against a signed **AP2 Mandate**. This ensures that even if an agent's logic is compromised, it cannot spend beyond its authorized budget or interact with unauthorized merchants.
+
+### STRICT_MANDATE_MODE
+
+To enforce absolute security, OCP supports a `STRICT_MANDATE_MODE`. When enabled:
+*   Every signing request to the Tokenization Service **must** include a valid, signed Mandate.
+*   Requests without a mandate will be rejected immediately, preventing "naked" transactions.
 
 ## Core Security Features
 

docs/product-hub/content/x402.md

@@ -0,0 +1,55 @@
+# x402 Extension: Modern Settlement Rails
+
+The **x402 Extension** is a core component of the Open Commerce Protocol (OCP) designed to provide 24/7, low-latency machine-to-machine settlements. It prioritizes stablecoins as the native currency of the agentic economy.
+
+## Overview
+
+In the agentic economy, traditional banking hours and settlement delays (T+1, T+2) are significant bottlenecks. The x402 extension enables agents to settle obligations instantly using programmable money on blockchain rails.
+
+## Supported Settlement Assets
+
+OCP natively supports the following stablecoins for x402 settlements:
+
+*   **USDC (Circle)**: The most widely used regulated stablecoin.
+*   **PYUSD (PayPal)**: PayPal's stablecoin, providing deep integration with traditional fintech ecosystems.
+
+## How it Works
+
+The x402 extension integrates with the **Tokenization Service** and **Web3 Service** to execute cryptographically signed transactions.
+
+1.  **Mandate Validation**: Before any settlement occurs, the system validates the transaction against a signed **AP2 Mandate**.
+2.  **Secure Signing**: The private keys never leave the Secure Enclave (Vault). The settlement transaction is signed within the vault.
+3.  **On-Chain Execution**: The signed transaction is broadcast to the network (e.g., Ethereum, Polygon) for finality.
+
+## Using the CLI
+
+You can simulate or execute an x402 settlement using the `ocp` CLI:
+
+```bash
+ocp x402:settle 25.50 --token USDC --to 0x742d35Cc6634C0532925a3b844Bc454e4438f44e --mandate ./src/mandates/mandate_123.jwt
+```
+
+## Developer Integration
+
+```javascript
+const { Web3Service } = require('@open-commerce-protocol/core');
+
+const web3 = new Web3Service(tokenizationService);
+
+const settlement = await web3.executeX402Settlement({
+  keyTokenId: 'agent-key-token-id',
+  to: '0xRecipientAddress',
+  amount: 100.00,
+  stablecoin: 'USDC',
+  mandate: signedMandateJwt
+});
+
+console.log(`Settlement ID: ${settlement.settlement_id}`);
+```
+
+## Benefits
+
+*   **24/7 Availability**: No more waiting for bank holidays or weekends.
+*   **Low Latency**: Settlements occur as fast as the underlying blockchain confirms the transaction.
+*   **Programmable**: Easily integrate settlement logic into autonomous agent workflows.
+*   **Fiduciary Security**: Every settlement is backed by a verifiable chain of evidence (AP2 Mandate).

ocp-docs/src/app/docs/[slug]/page.tsx

@@ -29,6 +29,31 @@ export default async function DocPage({ params }: { params: { slug: string } })
                   <li><a href="/docs/getting-started" className="text-white/60 hover:text-white transition-colors">Quick Start</a></li>
                </ul>
              </div>
+
+             <div>
+               <h4 className="font-montserrat font-bold text-xs uppercase tracking-widest text-white/40 mb-4">Core Protocols</h4>
+               <ul className="space-y-3 text-sm">
+                  <li><a href="/docs/ap2" className="text-white/60 hover:text-white transition-colors">Agent Payments (AP2)</a></li>
+                  <li><a href="/docs/mpp" className="text-white/60 hover:text-white transition-colors">Machine Payments (MPP)</a></li>
+               </ul>
+             </div>
+
+             <div>
+               <h4 className="font-montserrat font-bold text-xs uppercase tracking-widest text-white/40 mb-4">Architecture</h4>
+               <ul className="space-y-3 text-sm">
+                  <li><a href="/docs/ARCHITECTURE" className="text-white/60 hover:text-white transition-colors">Overview</a></li>
+                  <li><a href="/docs/BUSINESS_STRATEGY" className="text-white/60 hover:text-white transition-colors">Business Strategy</a></li>
+                  <li><a href="/docs/security" className="text-white/60 hover:text-white transition-colors">Security & Zero Trust</a></li>
+                  <li><a href="/docs/compliance" className="text-white/60 hover:text-white transition-colors">Compliance</a></li>
+               </ul>
+             </div>
+
+             <div>
+               <h4 className="font-montserrat font-bold text-xs uppercase tracking-widest text-white/40 mb-4">Settlement Rails</h4>
+               <ul className="space-y-3 text-sm">
+                  <li><a href="/docs/x402" className="text-white/60 hover:text-white transition-colors">x402 Extension</a></li>
+               </ul>
+             </div>
           </div>
         </aside>
 

package.json

@@ -32,7 +32,7 @@
     "basis-theory",
     "fintech"
   ],
-  "author": "Open Commerce Initiative (OCI)",
+  "author": "Open Wallet Contributors",
   "license": "MIT",
   "repository": {
     "type": "git",

scripts/ocp-cli.js

@@ -128,4 +128,45 @@ program.command('wallet:balance')
     console.log(`  - PYUSD: ${balances.web3.pyusd}`);
   });
 
+// ocp x402:settle
+program.command('x402:settle')
+  .description('Executes a 24/7 stablecoin settlement (USDC/PYUSD) using the x402 extension')
+  .argument('<amount>', 'Amount to settle')
+  .option('--to <address>', 'Recipient address')
+  .option('--token <type>', 'Stablecoin token (USDC/PYUSD)', 'USDC')
+  .option('--mandate <path>', 'Path to the signed Mandate JWT')
+  .action(async (amount, options) => {
+    if (!options.to) {
+      console.error('Error: Recipient address required. Use --to <address>');
+      return;
+    }
+
+    console.log(`x402: Initiating ${options.token} settlement of ${amount} to ${options.to}...`);
+
+    let mandateToken = null;
+    if (options.mandate) {
+      if (fs.existsSync(options.mandate)) {
+        mandateToken = fs.readFileSync(options.mandate, 'utf8');
+      } else {
+        console.error(`Error: Mandate file not found at ${options.mandate}. In STRICT_MANDATE_MODE, a valid mandate is required for signing.`);
+        return;
+      }
+    } else {
+      console.error(`Error: Mandate required for x402 settlement in STRICT_MANDATE_MODE.`);
+      return;
+    }
+
+    // Simulation of x402 settlement
+    const settlementId = `x402_${crypto.randomBytes(8).toString('hex')}`;
+    const txHash = `0x${crypto.randomBytes(32).toString('hex')}`;
+
+    console.log(`Settlement Successful!`);
+    console.log(`ID: ${settlementId}`);
+    console.log(`Token: ${options.token}`);
+    console.log(`Amount: ${amount}`);
+    console.log(`Recipient: ${options.to}`);
+    console.log(`Transaction Hash: ${txHash}`);
+    console.log(`Status: Finalized (24/7 Low-Latency Rails)`);
+  });
+
 program.parse();