feat(PR25): human-to-agent delegation profile (#41)

Extends MPCP to support human DID principals delegating bounded spending
authority to AI agents via PolicyGrant.

Schema / types:
- PolicyGrantLike + CreatePolicyGrantInput: revocationEndpoint, allowedPurposes
- BudgetScope: add TRIP for multi-day/multi-session delegations
- budgetScopeSchema: add TRIP
- policyGrantForVerificationSchema: add both new fields
- SBA verifier: accept TRIP scope alongside SESSION

New utility:
- src/protocol/revocation.ts: checkRevocation() — async endpoint check with
  timeout; verifier stays stateless and synchronous
- Exported from sdk/index.ts

Demo:
- examples/human-agent-trip/: Alice delegates $800 Paris trip to AI agent
  Shows purpose filtering, budget enforcement, post-trip audit, revocation
- npm run example:human-agent-trip

Tests:
- test/protocol/revocation.test.ts (8 tests)
- test/schema/artifact-schemas.test.ts: TRIP scope
- test/protocol/policyGrant.test.ts: revocationEndpoint + allowedPurposes

Co-authored-by: NAOR YUVAL <naoryuval@NAORs-MacBook-Air.local>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: 3 people

examples/human-agent-trip/README.md

@@ -0,0 +1,79 @@
+# Human-to-Agent Travel Budget Demo
+
+Demonstrates MPCP's human-to-agent delegation pattern: Alice signs a PolicyGrant with her DID key,
+delegating an $800 travel budget to her AI trip planner for a 3-day Paris trip.
+
+## Delegation chain
+
+```
+Alice (DID key) → PolicyGrant → AI Agent → SBA (TRIP scope) → SPA → Settlement
+```
+
+This mirrors the fleet pattern exactly:
+
+```
+Fleet Operator (DID) → PolicyGrant → Vehicle Wallet → SBA → SPA → Settlement
+Human (DID)          → PolicyGrant → AI Agent        → SBA → SPA → Settlement
+```
+
+## What this demo shows
+
+| Feature | Demo behavior |
+|---------|--------------|
+| `allowedPurposes` | Agent enforces category filter — dining request skipped |
+| `revocationEndpoint` | Alice cancels mid-trip; `checkRevocation()` returns `{ revoked: true }` |
+| TRIP scope | Single SBA covers all 3 days, agent tracks cumulative spend |
+| Budget exceeded | $300 hotel attempt rejected ($550 + $300 > $800) |
+| Stateless verifier | Merchant verifies chain without calling Alice's wallet |
+| DID-signed PolicyGrant | Human principal, not fleet operator |
+
+## Stops
+
+| # | Service | Amount | Outcome |
+|---|---------|--------|---------|
+| 1 | Hotel (Mercure Paris) | $250 | Authorized |
+| 2 | Eurostar tickets | $120 | Authorized |
+| 3 | Restaurant booking | — | Skipped (`travel:dining` not in `allowedPurposes`) |
+| 4 | Car rental (Europcar) | $180 | Authorized |
+| 5 | Extra hotel night | $300 | Rejected (budget exceeded: $550 + $300 > $800) |
+
+## Key fields
+
+### PolicyGrant (signed by Alice)
+
+```json
+{
+  "allowedPurposes": ["travel:hotel", "travel:flight", "travel:transport"],
+  "revocationEndpoint": "https://wallet.alice.example.com/revoke",
+  "issuer": "did:key:z6Mk..."
+}
+```
+
+### SBA (created by AI agent)
+
+```json
+{
+  "budgetScope": "TRIP",
+  "maxAmountMinor": "80000",
+  "vehicleId": "ai-trip-planner-v2"
+}
+```
+
+### Revocation check
+
+```javascript
+const { revoked, revokedAt } = await checkRevocation(endpoint, grantId);
+// → { revoked: true, revokedAt: "2026-04-11T14:22:00Z" }
+```
+
+## Run
+
+```bash
+npm run build && npm run example:human-agent-trip
+```
+
+## See also
+
+- [`docs/profiles/human-agent-profile.md`](../../mpcp-spec/docs/profiles/human-agent-profile.md)
+- [`src/protocol/revocation.ts`](../../src/protocol/revocation.ts)
+- Fleet trip demo: [`examples/fleet-trip/`](../fleet-trip/)

examples/human-agent-trip/bundle-stop1-hotel.json

@@ -0,0 +1,148 @@
+{
+  "settlement": {
+    "amount": "250000000",
+    "rail": "xrpl",
+    "asset": {
+      "kind": "IOU",
+      "currency": "RLUSD",
+      "issuer": "rIssuer"
+    },
+    "destination": "rHotelMercureParis",
+    "nowISO": "2026-04-10T15:00:00Z"
+  },
+  "settlementIntent": {
+    "version": "1.0",
+    "rail": "xrpl",
+    "amount": "250000000",
+    "createdAt": "2026-04-10T15:00:00Z",
+    "destination": "rHotelMercureParis",
+    "asset": {
+      "kind": "IOU",
+      "currency": "RLUSD",
+      "issuer": "rIssuer"
+    }
+  },
+  "spa": {
+    "authorization": {
+      "version": "1.0",
+      "decisionId": "dec-hotel-001",
+      "sessionId": "paris-trip-2026-alice",
+      "policyHash": "a1b2c3d4e5f6",
+      "budgetId": "b597142d-d0a3-416b-9494-a2ebfdc36232",
+      "quoteId": "q-hotel-001",
+      "rail": "xrpl",
+      "asset": {
+        "kind": "IOU",
+        "currency": "RLUSD",
+        "issuer": "rIssuer"
+      },
+      "amount": "250000000",
+      "destination": "rHotelMercureParis",
+      "intentHash": "d7a7c201c1f42401b9f0209482c560396d7caf8365a69d0cb1f92848c98adfed",
+      "expiresAt": "2030-12-31T23:59:59Z",
+      "nonce": "3794c12e-369e-4ff3-9092-b583bcb398e6"
+    },
+    "issuerKeyId": "agent-spa-key-1",
+    "signature": "Og+BPRUdt/G01MnZh84vLCrvnMNPYqvxkiAAowqU/zuDvOORGtL++bxOfUm+2JM0n+13JytNtPJFce2ZnB98Aw=="
+  },
+  "sba": {
+    "authorization": {
+      "version": "1.0",
+      "budgetId": "b597142d-d0a3-416b-9494-a2ebfdc36232",
+      "grantId": "1aae4310-fbe4-4efb-b53b-67bbb69eeb9d",
+      "sessionId": "paris-trip-2026-alice",
+      "vehicleId": "ai-trip-planner-v2",
+      "policyHash": "a1b2c3d4e5f6",
+      "currency": "USD",
+      "minorUnit": 2,
+      "budgetScope": "TRIP",
+      "maxAmountMinor": "80000",
+      "allowedRails": [
+        "xrpl"
+      ],
+      "allowedAssets": [
+        {
+          "kind": "IOU",
+          "currency": "RLUSD",
+          "issuer": "rIssuer"
+        }
+      ],
+      "destinationAllowlist": [
+        "rHotelMercureParis",
+        "rEurostar",
+        "rEuropcarParis"
+      ],
+      "expiresAt": "2030-12-31T23:59:59Z"
+    },
+    "issuerKeyId": "agent-sba-key-1",
+    "signature": "5keYWTKG/h1c0c2JGGcKwmJNbL7+V/5UCQMyz14Nz/gpW7KWRVycZ4RdagckpuOOX1ig/AtpK414xbrrTaP6Cw=="
+  },
+  "policyGrant": {
+    "grantId": "1aae4310-fbe4-4efb-b53b-67bbb69eeb9d",
+    "policyHash": "a1b2c3d4e5f6",
+    "expiresAt": "2030-12-31T23:59:59Z",
+    "allowedRails": [
+      "xrpl"
+    ],
+    "allowedAssets": [
+      {
+        "kind": "IOU",
+        "currency": "RLUSD",
+        "issuer": "rIssuer"
+      }
+    ],
+    "revocationEndpoint": "https://wallet.alice.example.com/revoke",
+    "allowedPurposes": [
+      "travel:hotel",
+      "travel:flight",
+      "travel:transport"
+    ],
+    "issuer": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
+    "issuerKeyId": "alice-did-key-1",
+    "signature": "Wr2m1JmmPzzVJ7lkAqhGPPHOnVzL+9oF4Fr84JDDX/hKWPmfZfjPKdWes7EvQxZ+vydmjKAP1IHGjrgBMh70BQ=="
+  },
+  "paymentPolicyDecision": {
+    "decisionId": "dec-hotel-001",
+    "policyHash": "a1b2c3d4e5f6",
+    "action": "ALLOW",
+    "reasons": [
+      "Within budget",
+      "Purpose authorized",
+      "Destination authorized"
+    ],
+    "expiresAtISO": "2030-12-31T23:59:59Z",
+    "rail": "xrpl",
+    "asset": {
+      "kind": "IOU",
+      "currency": "RLUSD",
+      "issuer": "rIssuer"
+    },
+    "priceFiat": {
+      "amountMinor": "25000",
+      "currency": "USD"
+    },
+    "chosen": {
+      "rail": "xrpl",
+      "quoteId": "q-hotel-001"
+    },
+    "settlementQuotes": [
+      {
+        "quoteId": "q-hotel-001",
+        "rail": "xrpl",
+        "amount": {
+          "amount": "250000000",
+          "decimals": 6
+        },
+        "destination": "rHotelMercureParis",
+        "expiresAt": "2030-12-31T23:59:59Z",
+        "asset": {
+          "kind": "IOU",
+          "currency": "RLUSD",
+          "issuer": "rIssuer"
+        }
+      }
+    ]
+  },
+  "sbaPublicKeyPem": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAyruO/mCPiFMN58KD2MNnt1XXOx2pi3menrxgj8ErYJ8=\n-----END PUBLIC KEY-----\n",
+  "spaPublicKeyPem": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAHsx6sy9p36RfOiPe7m+AVrES7Sqfoy4rPJsbRr5QHkA=\n-----END PUBLIC KEY-----\n"
+}

examples/human-agent-trip/bundle-stop2-eurostar.json

@@ -0,0 +1,148 @@
+{
+  "settlement": {
+    "amount": "120000000",
+    "rail": "xrpl",
+    "asset": {
+      "kind": "IOU",
+      "currency": "RLUSD",
+      "issuer": "rIssuer"
+    },
+    "destination": "rEurostar",
+    "nowISO": "2026-04-11T08:30:00Z"
+  },
+  "settlementIntent": {
+    "version": "1.0",
+    "rail": "xrpl",
+    "amount": "120000000",
+    "createdAt": "2026-04-11T08:30:00Z",
+    "destination": "rEurostar",
+    "asset": {
+      "kind": "IOU",
+      "currency": "RLUSD",
+      "issuer": "rIssuer"
+    }
+  },
+  "spa": {
+    "authorization": {
+      "version": "1.0",
+      "decisionId": "dec-train-001",
+      "sessionId": "paris-trip-2026-alice",
+      "policyHash": "a1b2c3d4e5f6",
+      "budgetId": "b597142d-d0a3-416b-9494-a2ebfdc36232",
+      "quoteId": "q-train-001",
+      "rail": "xrpl",
+      "asset": {
+        "kind": "IOU",
+        "currency": "RLUSD",
+        "issuer": "rIssuer"
+      },
+      "amount": "120000000",
+      "destination": "rEurostar",
+      "intentHash": "2fee5e6437ebc327e7281c06f7f11f4d1c098b255cbc846a77e23554b3a732d0",
+      "expiresAt": "2030-12-31T23:59:59Z",
+      "nonce": "2f680707-a541-460c-8d5a-e6fd5a736124"
+    },
+    "issuerKeyId": "agent-spa-key-1",
+    "signature": "4eICYdryBOHj+dNO1M1+wpYDcmPNchhl5d/64pNm+qJbuXLvnl5yz7aEiBY+DS8B/EVaHrGgaq4+iC6FoCLjCg=="
+  },
+  "sba": {
+    "authorization": {
+      "version": "1.0",
+      "budgetId": "b597142d-d0a3-416b-9494-a2ebfdc36232",
+      "grantId": "1aae4310-fbe4-4efb-b53b-67bbb69eeb9d",
+      "sessionId": "paris-trip-2026-alice",
+      "vehicleId": "ai-trip-planner-v2",
+      "policyHash": "a1b2c3d4e5f6",
+      "currency": "USD",
+      "minorUnit": 2,
+      "budgetScope": "TRIP",
+      "maxAmountMinor": "80000",
+      "allowedRails": [
+        "xrpl"
+      ],
+      "allowedAssets": [
+        {
+          "kind": "IOU",
+          "currency": "RLUSD",
+          "issuer": "rIssuer"
+        }
+      ],
+      "destinationAllowlist": [
+        "rHotelMercureParis",
+        "rEurostar",
+        "rEuropcarParis"
+      ],
+      "expiresAt": "2030-12-31T23:59:59Z"
+    },
+    "issuerKeyId": "agent-sba-key-1",
+    "signature": "5keYWTKG/h1c0c2JGGcKwmJNbL7+V/5UCQMyz14Nz/gpW7KWRVycZ4RdagckpuOOX1ig/AtpK414xbrrTaP6Cw=="
+  },
+  "policyGrant": {
+    "grantId": "1aae4310-fbe4-4efb-b53b-67bbb69eeb9d",
+    "policyHash": "a1b2c3d4e5f6",
+    "expiresAt": "2030-12-31T23:59:59Z",
+    "allowedRails": [
+      "xrpl"
+    ],
+    "allowedAssets": [
+      {
+        "kind": "IOU",
+        "currency": "RLUSD",
+        "issuer": "rIssuer"
+      }
+    ],
+    "revocationEndpoint": "https://wallet.alice.example.com/revoke",
+    "allowedPurposes": [
+      "travel:hotel",
+      "travel:flight",
+      "travel:transport"
+    ],
+    "issuer": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
+    "issuerKeyId": "alice-did-key-1",
+    "signature": "Wr2m1JmmPzzVJ7lkAqhGPPHOnVzL+9oF4Fr84JDDX/hKWPmfZfjPKdWes7EvQxZ+vydmjKAP1IHGjrgBMh70BQ=="
+  },
+  "paymentPolicyDecision": {
+    "decisionId": "dec-train-001",
+    "policyHash": "a1b2c3d4e5f6",
+    "action": "ALLOW",
+    "reasons": [
+      "Within budget",
+      "Purpose authorized",
+      "Destination authorized"
+    ],
+    "expiresAtISO": "2030-12-31T23:59:59Z",
+    "rail": "xrpl",
+    "asset": {
+      "kind": "IOU",
+      "currency": "RLUSD",
+      "issuer": "rIssuer"
+    },
+    "priceFiat": {
+      "amountMinor": "12000",
+      "currency": "USD"
+    },
+    "chosen": {
+      "rail": "xrpl",
+      "quoteId": "q-train-001"
+    },
+    "settlementQuotes": [
+      {
+        "quoteId": "q-train-001",
+        "rail": "xrpl",
+        "amount": {
+          "amount": "120000000",
+          "decimals": 6
+        },
+        "destination": "rEurostar",
+        "expiresAt": "2030-12-31T23:59:59Z",
+        "asset": {
+          "kind": "IOU",
+          "currency": "RLUSD",
+          "issuer": "rIssuer"
+        }
+      }
+    ]
+  },
+  "sbaPublicKeyPem": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAyruO/mCPiFMN58KD2MNnt1XXOx2pi3menrxgj8ErYJ8=\n-----END PUBLIC KEY-----\n",
+  "spaPublicKeyPem": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAHsx6sy9p36RfOiPe7m+AVrES7Sqfoy4rPJsbRr5QHkA=\n-----END PUBLIC KEY-----\n"
+}