Release 0.6.0: version bump and installation docs

CHANGELOG.md

@@ -5,6 +5,102 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.6.0] - 2026-02-22
+
+### Added
+
+#### New Crate: tap-cli
+- Full-featured command-line interface for all TAP agent operations
+- Agent management (`agent create`, `agent list`)
+- Transaction creation for all message types (`transfer`, `payment`, `connect`, `escrow`, `capture`)
+- Transaction lifecycle actions (`authorize`, `reject`, `cancel`, `settle`, `revert`)
+- Customer management with IVMS101 data generation (`customer create`, `customer ivms101`)
+- Message delivery tracking and received message inspection
+- DID operations (`did generate`, `did lookup`, `did keys`)
+- Communication commands (`comm ping`, `comm message`)
+- JSON and text output formats with `--format` flag
+
+#### Transaction State Machine (tap-node)
+- Formal finite state machine (`TransactionFsm`) for TAP transaction lifecycle
+- 8 states: Received, PolicyRequired, PartiallyAuthorized, ReadyToSettle, Settled, Rejected, Cancelled, Reverted
+- 3 explicit decision points: AuthorizationRequired, PolicySatisfactionRequired, SettlementRequired
+- Configurable decision modes: AutoApprove, EventBus, Custom handler
+
+#### External Decision Support (tap-http, tap-node, tap-mcp)
+- `--decision-mode poll`: decisions logged to `decision_log` SQLite table for external polling
+- `--decision-exec`: spawn a long-running child process communicating via JSON-RPC 2.0 over stdin/stdout
+- `DecisionLogHandler` and `DecisionStateHandler` for durable decision management
+- Process lifecycle management with health monitoring, restart with backoff, and graceful shutdown
+- Decision replay on process reconnect for crash recovery
+- Auto-resolve: action tools (`tap_authorize`, `tap_reject`, `tap_settle`, `tap_cancel`, `tap_revert`) automatically resolve matching pending decisions
+- New MCP tools: `tap_list_pending_decisions`, `tap_resolve_decision`
+
+#### did:web Hosting (tap-http)
+- Optional `/.well-known/did.json` endpoint for serving did:web DID documents
+- Derives DID from HTTP Host header with RFC 1035 domain validation
+- Auto-creates agents with Ed25519 keys and DIDCommMessaging service endpoint
+- Enabled via `--enable-web-did` flag or `TAP_ENABLE_WEB_DID` env var
+
+#### WASM Agent v2 (tap-wasm, tap-ts)
+- Complete rewrite of WASM bindings with browser-first design
+- Real Ed25519 cryptographic key generation replacing UUID-based DID generation
+- End-to-end message signing and verification working in browser
+- TypeScript SDK (`@taprsvp/agent`) with full DIDComm v2 support
+- Pluggable DID resolver interface for JavaScript delegation
+- Multiple key types: Ed25519, P-256, secp256k1
+- Optimized bundle: 272KB WASM gzipped, 3.72KB TypeScript gzipped
+- Verified Veramo interoperability with 15+ integration tests
+
+#### Asset Exchange & Quote Messages (TAIP-18)
+- New `Exchange` message type for initiating asset exchanges between parties
+- New `Quote` message type for responding to exchange requests with pricing
+- Full validation, builders, CLI subcommands, and MCP tools for both message types
+
+#### Transfer & Payment Enhancements (TAIP-3, TAIP-14)
+- `transactionValue` and `expiry` fields on Transfer messages (TAIP-3)
+- Flexible asset pricing in Payment via `SupportedAsset` enum with Simple and Priced variants (TAIP-14)
+- `expiry`, `invoice`, and `fallbackSettlementAddresses` exposed in Payment MCP tools and CLI
+
+#### Connect Message Restructure (TAIP-15)
+- `requester`, `agents`, `agreement`, and `expiry` fields on Connect messages
+- Expanded `TransactionLimits` with per-day/week/month/year limits
+- Expanded `ConnectionConstraints` with `allowedBeneficiaries`, `allowedSettlementAddresses`, `allowedAssets`
+
+#### Agent Management CLI Commands (TAIP-5, TAIP-7)
+- `agent-mgmt add-agents` subcommand for adding agents to transactions
+- `agent-mgmt remove-agent` and `agent-mgmt replace-agent` subcommands
+- `agent-mgmt update-policies` subcommand (TAIP-7)
+
+#### Decision Management CLI Commands (tap-cli)
+- `decision list` and `decision resolve` subcommands matching tap-mcp's decision tools
+- Auto-resolve on all action commands (`authorize`, `reject`, `cancel`, `settle`, `revert`)
+- Detailed `--help` text with decision type references and auto-resolve mapping
+
+#### Docker Support (tap-http)
+- Multi-stage Dockerfile for containerized deployment
+- docker-compose.yml with persistent volume at `/data/tap`
+- Single volume for keys, databases, and logs
+
+### Changed
+- `tap-agent` default features now include all three crypto backends (`crypto-ed25519`, `crypto-p256`, `crypto-secp256k1`)
+- `Complete` message type removed per updated TAIP specifications
+- Improved installation documentation across all README files with explicit `cargo install` and `cargo add` instructions
+
+### Security
+- Replace insecure XOR-based key wrapping with AES-KW (RFC 3394)
+- Implement Concat KDF (NIST SP 800-56A) for ECDH key derivation
+- Fix `encrypt_to_jwk` to use real ECDH-ES+A256KW encryption
+- Fix `verify_jws` to perform actual cryptographic signature verification
+- Add bounds checking to prevent panics on malformed DID and PayTo URI input
+- JWE messages encrypted with old XOR method are no longer decryptable (intentional — the old method provided no security)
+
+### Breaking Changes
+- `Complete` message type removed
+- JWE encryption format changed (AES-KW replaces XOR key wrapping)
+- `AuthorizationRequired` field `url` renamed to `authorizationUrl` (from 0.5.0)
+- Connect message restructured with new `requester`, `agents`, `agreement`, `expiry` fields (TAIP-15)
+- Transfer message gains `transactionValue` and `expiry` fields (TAIP-3)
+
 ## [0.5.0] - 2025-08-14
 
 ### Added

CLAUDE.md

@@ -107,7 +107,14 @@ When done run the linter and formatter, then mark each individual task as done w
 - Do a full `cargo build`
 - Commit and push to GitHub, creating a new PR
 - Publish each crate one by one
-- When doing a release please review git history and add a comprehensive changelog to CHANGELOG.md
+
+### Documentation Updates (required for every minor/major release)
+- **CHANGELOG.md** (root): Add a comprehensive entry covering all changes since the last release, organized by Added/Changed/Fixed/Security/Breaking Changes
+- **tap-ts/CHANGELOG.md**: Update with TypeScript/WASM-specific changes for the release
+- **README.md** (root): Update version references, feature highlights, and Getting Started instructions
+- **Crate-level README.md files**: Update version numbers, installation instructions (`cargo install`, `cargo add`), and feature documentation for any crate that changed
+- **CLAUDE.md files**: Update build commands, feature lists, test counts, and any structural changes in both the root and crate-level CLAUDE.md files
+- Review git history (`git log`) to ensure no changes are missed in the changelog
 
 ## Security
 - IMPORTANT!! Always perform real encryption, decryption, signing and signature verification. Never use simplified placeholders. Always use well tested cryptography libraries.

Cargo.toml

@@ -12,7 +12,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
-version = "0.5.0"
+version = "0.6.0"
 edition = "2021"
 authors = ["Pelle Braendgaard <pelle@notabene.id>"]
 description = "Rust implementation of the Transaction Authorization Protocol (TAP)"

README.md

@@ -2,11 +2,11 @@
 
 This repository contains a Rust implementation of the Transaction Authorization Protocol (TAP), a decentralized protocol for securely authorizing blockchain transactions before they are submitted on-chain. TAP-RS targets payment-related use cases, Travel Rule compliance, and secure transaction coordination.
 
-**New in v0.5.0**: 
-- PayTo URI support (RFC 8905) for traditional payment systems (IBAN, ACH, BIC, UPI)
-- Fallback settlement addresses for flexible payment options
-- Schema.org Product attributes for invoice line items
-- Enhanced Agent and Party structures with Organization fields
+**New in v0.6.0**:
+- External decision executable support for pluggable authorization workflows
+- Poll mode for decision management via MCP tools
+- `tap-cli` command-line interface for full TAP agent operations
+- `did:web` DID document hosting in `tap-http`
 
 ## Project Structure
 
@@ -52,38 +52,46 @@ This project has successfully implemented all core TAP message types and flows a
 
 ### Prerequisites
 
-- Rust 1.71.0 or later
-- Cargo
+- [Rust](https://www.rust-lang.org/tools/install) 1.71.0 or later (includes Cargo)
 
-### Building
+### Installing Command-line Tools
 
-```bash
-# Clone the repository
-git clone https://github.com/notabene/tap-rs.git
-cd tap-rs
+The quickest way to get started is to install the CLI tools. No need to clone the repository.
 
-# Build all crates
-cargo build
+#### From crates.io (recommended)
 
-# Run tests
-cargo test
+```bash
+# Install all CLI tools at once
+cargo install tap-cli tap-http tap-agent
+
+# Or install only what you need:
+cargo install tap-cli    # Full-featured TAP CLI (agents, transactions, customers, DIDs)
+cargo install tap-http   # HTTP DIDComm server + payment simulator
+cargo install tap-agent  # Low-level DID/key management + message packing
+cargo install tap-mcp    # MCP server for AI/LLM integration
 ```
 
-### Installing Command-line Tools
-
-TAP-RS includes several useful command-line tools that can be installed from crates.io or from source:
+#### From source
 
 ```bash
-# Install tools from crates.io
-cargo install tap-agent tap-http tap-cli
+git clone https://github.com/TransactionAuthorizationProtocol/tap-rs.git
+cd tap-rs
+cargo install --path tap-cli
+cargo install --path tap-http
+cargo install --path tap-agent
+cargo install --path tap-mcp
+```
 
-# Or install from the repository
-cargo install --path tap-rs/tap-agent
-cargo install --path tap-rs/tap-http
-cargo install --path tap-rs/tap-cli
+#### Verify installation
+
+```bash
+tap-cli --help
+tap-http --help
+tap-agent-cli --help
+tap-mcp --help
 ```
 
-Available command-line tools:
+### Available CLI Tools
 
 1. **tap-cli**: Full-featured CLI for TAP Agent operations
    ```bash
@@ -159,8 +167,46 @@ Available command-line tools:
    tap-payment-simulator --url http://localhost:8000/didcomm --did <server-agent-did>
    ```
 
+5. **tap-mcp**: MCP server for AI/LLM integration (Claude Desktop, etc.)
+   ```bash
+   # Run as MCP server (communicates via stdin/stdout)
+   tap-mcp
+
+   # With custom settings
+   tap-mcp --tap-root /path/to/data --debug
+   ```
+
 See individual tool READMEs for detailed usage instructions.
 
+### Using as Rust Libraries
+
+Add any TAP crate to your project:
+
+```bash
+cargo add tap-msg      # Core message types and validation
+cargo add tap-agent    # Agent identity, key management, message packing
+cargo add tap-caip     # CAIP-2/10/19 blockchain identifier parsing
+cargo add tap-node     # Node orchestration, storage, event handling
+cargo add tap-ivms101  # IVMS 101.2023 Travel Rule data structures
+```
+
+### TypeScript / JavaScript SDK
+
+```bash
+npm install @taprsvp/agent
+```
+
+See the [tap-ts README](./tap-ts/README.md) for complete documentation.
+
+### Building from Source
+
+```bash
+git clone https://github.com/TransactionAuthorizationProtocol/tap-rs.git
+cd tap-rs
+cargo build
+cargo test
+```
+
 ## Key Features
 
 - **Complete TAP Implementation**: Support for all TAP message types (Transfer, Payment, Connect, Escrow, Exchange, Quote, Authorize, Reject, Settle, Cancel, Revert, AddAgents, RemoveAgent, ReplaceAgent, UpdatePolicies, and more)
@@ -229,7 +275,7 @@ let message = transfer.to_didcomm_with_route(
 
 See the [tap-msg README](./tap-msg/README.md) for more detailed examples.
 
-## New in v0.5.0: Settlement Address Flexibility
+## Settlement Address Flexibility
 
 TAP-RS now supports both blockchain and traditional payment settlement addresses:
 
@@ -488,31 +534,13 @@ Comprehensive documentation for TAP-RS is available in the [docs](./docs) direct
 
 ## Build Commands
 
-The following commands are available for working with the codebase:
-
 ```bash
-# Build all crates
-cargo build
-
-# Run tests for all crates
-cargo test
-
-# Run tests for a specific crate
-cargo test --package tap-msg
-
-# Run benchmarks
-cargo bench
-
-# Format code
-cargo fmt
-
-# Lint code
-cargo clippy
-
-# Install command-line tools
-cargo install --path tap-agent
-cargo install --path tap-http
-cargo install --path tap-cli
+cargo build                    # Build all crates
+cargo test                     # Run all tests
+cargo test --package tap-msg   # Run tests for a specific crate
+cargo bench                    # Run benchmarks
+cargo fmt                      # Format code
+cargo clippy                   # Lint code
 ```
 
 ## CLI Tools Reference

tap-agent/Cargo.toml

@@ -9,8 +9,8 @@ license.workspace = true
 readme = "README.md"
 
 [dependencies]
-tap-msg = { version = "0.5.0", path = "../tap-msg" }
-tap-caip = { version = "0.5.0", path = "../tap-caip" }
+tap-msg = { version = "0.6.0", path = "../tap-msg" }
+tap-caip = { version = "0.6.0", path = "../tap-caip" }
 async-trait = { workspace = true }
 thiserror = "1.0"
 serde = { workspace = true }
@@ -70,7 +70,7 @@ name = "agent_benchmark"
 harness = false
 
 [features]
-default = ["native", "crypto-ed25519"]
+default = ["native", "crypto-ed25519", "crypto-p256", "crypto-secp256k1"]
 native = ["reqwest"]
 test-utils = ["tempfile"]
 examples = ["tempfile"]

tap-agent/README.md

@@ -2,6 +2,23 @@
 
 The `tap-agent` crate implements the agent functionality for the Transaction Authorization Protocol (TAP), providing a secure and extensible framework for handling TAP messages, managing cryptographic operations, and resolving decentralized identifiers (DIDs).
 
+## Installation
+
+### As a library
+
+```bash
+cargo add tap-agent
+```
+
+### As a CLI tool
+
+The `tap-agent` crate also includes the `tap-agent-cli` binary for DID generation, key management, and DIDComm message packing/unpacking:
+
+```bash
+cargo install tap-agent
+tap-agent-cli --help
+```
+
 ## Overview
 
 The TAP Agent serves as the foundation for secure communication in the TAP ecosystem, enabling entities to:

tap-caip/README.md

@@ -2,6 +2,12 @@
 
 Implementation of Chain Agnostic Identifier Standards for the Transaction Authorization Protocol (TAP).
 
+## Installation
+
+```bash
+cargo add tap-caip
+```
+
 ## Features
 
 - **CAIP-2**: Support for Chain IDs in namespace:reference format

tap-cli/Cargo.toml

@@ -19,10 +19,10 @@ path = "src/lib.rs"
 
 [dependencies]
 # TAP ecosystem dependencies
-tap-node = { version = "0.5.0", path = "../tap-node" }
-tap-agent = { version = "0.5.0", path = "../tap-agent" }
-tap-msg = { version = "0.5.0", path = "../tap-msg" }
-tap-caip = { version = "0.5.0", path = "../tap-caip" }
+tap-node = { version = "0.6.0", path = "../tap-node" }
+tap-agent = { version = "0.6.0", path = "../tap-agent" }
+tap-msg = { version = "0.6.0", path = "../tap-msg" }
+tap-caip = { version = "0.6.0", path = "../tap-caip" }
 
 # Async runtime and I/O
 tokio = { version = "1.0", features = ["full"] }