Integrations

Documentation Map

• Overview

• Quick Start

• Installation

• Configuration

• Operations

• Troubleshooting

• Release Notes

• Compatibility

• Architecture

• API Reference

• Security

• Integrations

• Capabilities

• Data Model

• Roadmap

• Project Plan

• OSS Inventory

• Channel: stable

• Source repo: JaddaHelpifyr/jhf-spindle

Integrations

This file follows the repository-owned structure from jhf-fabric/docs/contracts/INTEGRATIONS_DOC_STANDARD.md.

It documents only real repository-owned integrations and their current boundaries. It does not define a new control plane or a new workflow architecture.

Integration Contract Matrix

key	direction	contract_type	auth	trigger	stability	source_doc
openclaw-approval-loop	bidirectional	product-adapter	signed callback + trusted internal workflow caller	approval packet dispatch and callback decision intake	stable	docs/contracts/openclaw-approval-callback.json
n8n-workflow-bridge	bidirectional	execution-contract	signed webhooks/callbacks + trusted internal workflow caller	staged intake, approval dispatch, decision and job-result callbacks	stable	docs/contracts/n8n-supplier-intake.json, docs/contracts/n8n-hil-decision.json, docs/contracts/n8n-document-dispatch.json
jhf-wire-bundle	bidirectional	execution-contract	dispatch target config + signed callback intake	dispatch job execution and signed job-result callback	stable	docs/contracts/n8n-document-dispatch.json
mission-control-plane	outgoing	operator-consumer	API token	exception and reporting relay when configured	partial	docs/INTEGRATIONS.md (section mission-control-plane)
paddle-revenue-webhook	incoming	webhook	HMAC (PADDLE_WEBHOOK_SECRET)	provider webhook push	stable	docs/contracts/paddle-transaction-completed.json
stripe-revenue-webhook	incoming	webhook	HMAC (STRIPE_WEBHOOK_SECRET)	provider webhook push	stable	docs/contracts/stripe-invoice-paid.json
supplier-intake-event	incoming	repository-intake	signed intake webhook + trusted posting caller	external supplier intake and internal posting	stable	docs/contracts/n8n-supplier-intake.json
website-contact-intake	incoming	repository-intake	signed intake webhook	website contact intake to ERP lead creation	stable	docs/contracts/website-contact-intake.json
revenue-event-staging	incoming	repository-intake	provider HMAC + trusted posting caller	provider event intake and posting workflow call	stable	docs/contracts/paddle-transaction-completed.json, docs/contracts/stripe-invoice-paid.json
approval-decision-callbacks	incoming	execution-contract	signed callback + idempotency key	OpenClaw and n8n decision callback	stable	docs/contracts/openclaw-approval-callback.json, docs/contracts/n8n-hil-decision.json
dispatch-job-result-callback	incoming	execution-contract	signed callback + idempotency key	n8n/jhf-wire result callback	stable	docs/contracts/n8n-document-dispatch.json
zammad-support-bridge	bidirectional	execution-contract	signed inbound webhook + authenticated outbound caller + optional outbound token	support ticket/message/state synchronization	stable	docs/contracts/zammad-support-inbound.json, docs/contracts/zammad-support-outbound.json, docs/contracts/support-case-envelope.json, docs/ZAMMAD_ENABLEMENT.md
jhf-spindle-mcp-gateway	incoming	mcp	X-JHF-Spindle-Key (/healthz unauthenticated)	JSON-RPC MCP request	stable	docs/MCP.md, docs/MCP_OPERATIONS.md
identity-plane-access-projection	outgoing	identity-contract	ERP session or trusted internal caller	business identity change or projection pull	stable	docs/IDENTITY_PLANE_ACCESS.md, docs/contracts/plane-access-fact.json, docs/contracts/lifecycle-access-fact.json
identity-surface-access-posture	outgoing	identity-contract	read-only contract consumer	business role to admitted-surface posture mapping pull	stable	docs/IDENTITY_SURFACE_ACCESS_POSTURE.md, docs/contracts/surface-access-posture-model.json
identity-superadmin-and-nonhuman-drift	outgoing	identity-contract	read-only contract consumer	superadmin lifecycle and non-human drift policy pull	stable	docs/IDENTITY_SUPERADMIN_NON_HUMAN_DRIFT.md, docs/contracts/superadmin-lifecycle-nonhuman-drift.json
identity-voice-eligibility	outgoing	identity-contract	read-only contract consumer	voice eligibility pull for Jadda/Sales profiles and fail-closed fallback	stable	docs/IDENTITY_VOICE_ELIGIBILITY.md, docs/contracts/voice-eligibility-business-truth.json
zammad-identity-projection-contract	outgoing (planned read contract consumer)	identity-contract	contract-driven consumer; no local access-policy authority in spindle or Zammad	optional Zammad SSO projection, revocation, orphan cleanup, and deprovision verdict consumption	planned	docs/IDENTITY_ZAMMAD_PROJECTION_CONTRACT.md, docs/contracts/identity-zammad-projection-contract.json, docs/contracts/identity-zammad-deprovision-contract.json, docs/IDENTITY_EVENT_OWNERSHIP.md
jhf-warp-agent-registration-request	incoming (planned request contract)	identity-contract	repository contract consumer; no write endpoint published yet	downstream request for persistent AI-agent business registration in Spindle	planned	docs/AI_AGENT_REGISTRATION_REQUEST_CONTRACT.md, docs/contracts/ai-agent-registration-request.json
jhf-warp-identity-owner-contract	outgoing (read contract consumer)	identity-contract	contract-driven consumer; no token issuance in spindle	warp runtime ownership, revocation, lifecycle governance, and scope reads from spindle truth	planned	docs/IDENTITY_WARP_OWNERSHIP_CONTRACT.md, docs/contracts/identity-warp-owner-contract.json, docs/contracts/agent-registry-governance-fact.json, docs/IDENTITY_EVENT_OWNERSHIP.md
jhf-fabric	incoming (planned read-only consumer) + outgoing (read-only consumer)	repo-read	repository reader + guest-readable narrow presence endpoints	metadata and safe runtime presence polling plus read-only combination-profile and governance-contract truth consumption	planned	fabric-manifest.json, docs/FABRIC_TOOL_PROFILE.md, docs/FABRIC_CONTRACT.md, docs/contracts/fabric-governance-adoption.json, docs/contracts/fabric-optional-carrier-cti-consumption.json, docs/OPENCLAW_PLUS_ACCEPTANCE.md

Internal Helpifyr Integrations

openclaw-approval-loop

• Direction: bidirectional logical integration
• Type: product-adapter
• Surface: POST /api/method/jhf_spindle_core.api.workflows.request_approval, POST /api/method/jhf_spindle_core.api.workflows.dispatch_approval_packet, POST /api/method/jhf_spindle_core.api.callbacks.openclaw_approval
• Auth: ERP session or trusted internal caller on workflow paths; shared-secret HMAC on callback intake
• Stability: stable
• Versioning: unversioned-contract backed by stable Frappe method paths and docs/contracts/openclaw-approval-callback.json
• Owner: Helpifyr Spindle owns approval packet persistence and ERP-side decision application; OpenClaw owns the external approval UI and reviewer interaction

Implemented:

• Helpifyr Spindle creates or reuses Approval Packet records and can dispatch them toward OpenClaw.
• Helpifyr Spindle validates signed callback payloads before applying decisions to ERP-side state.

n8n-workflow-bridge

• Direction: bidirectional logical integration
• Type: execution-contract
• Surface: POST /api/method/jhf_spindle_core.api.webhooks.supplier_intake, POST /api/method/jhf_spindle_core.api.workflows.request_supplier_intake_approval, POST /api/method/jhf_spindle_core.api.workflows.request_revenue_event_approval, POST /api/method/jhf_spindle_core.api.callbacks.n8n_job_result, POST /api/method/jhf_spindle_core.api.callbacks.n8n_hil_decision
• Auth: shared-secret HMAC on webhook and callback paths; trusted internal caller or ERP session on workflow paths
• Stability: stable
• Versioning: unversioned-contract backed by checked-in JSON fixtures and additive workflow-path evolution
• Owner: Helpifyr Spindle owns ERP-side intake, dispatch evidence, and approval application; n8n owns external workflow execution

Implemented:

• Supplier intake, HiL decision intake, and job-result callbacks are live repo-owned HTTP contracts.
• The same workflow bridge can be driven by ERP-side services or tightly coupled orchestrators.

jhf-wire-bundle

• Direction: bidirectional logical integration
• Type: execution-contract
• Surface: N8N_DISPATCH_SEPA_WEBHOOK_URL, N8N_DISPATCH_BANK_SYNC_WEBHOOK_URL, N8N_DISPATCH_XRECHNUNG_WEBHOOK_URL, N8N_DISPATCH_ELSTER_WEBHOOK_URL, N8N_ENTITY_SCREENING_WEBHOOK_URL, POST /api/method/jhf_spindle_core.api.callbacks.n8n_job_result
• Auth: configured webhook targets plus HMAC-validated signed callback intake using N8N_JOB_RESULT_SHARED_SECRET
• Stability: stable
• Versioning: unversioned-contract backed by narrow environment-variable naming and the existing signed callback contract
• Owner: Helpifyr Spindle owns ERP-side dispatch intent, evidence, and callback reconciliation; jhf-wire owns provider-facing or mock-facing execution outside this repository

Implemented:

• Helpifyr Spindle can dispatch bounded SEPA, bank-sync, XRechnung, ELSTER, and entity-screening work packages to configured jhf-wire webhook targets.
• Helpifyr Spindle accepts only the signed result back into ERP-side evidence through the existing n8n_job_result callback.
• callback transport is explicitly operator-configurable through N8N_DISPATCH_CALLBACK_URL; if unset, callback URL falls back to the public site base

Planned:

• no broader fabric-level bundle discovery or registration is implemented in this repository today

identity-plane-access-projection

• Direction: outgoing
• Type: identity-contract
• Surface:
  • POST /api/method/jhf_spindle_core.api.identity_projections.plane_access_fact
  • POST /api/method/jhf_spindle_core.api.identity_projections.plane_access_fact_batch
  • POST /api/method/jhf_spindle_core.api.identity_projections.lifecycle_fact_batch
  • POST /api/method/jhf_spindle_core.api.identity_projections.keystore_bootstrap_principal_truth
• Auth: ERP session auth or trusted internal caller
• Stability: stable
• Versioning: additive contract evolution through docs/contracts/plane-access-fact.json and docs/contracts/lifecycle-access-fact.json
• Owner: Helpifyr Spindle owns lifecycle, business-role mapping, binding-drift posture, and deny-on-conflict dominance

Implemented:

• spindle now publishes fail-closed Plane access facts with canonical fields:
  • app_access.plane (allowed|denied|suspended|pending)
  • plane_access_role (user|admin|denied)
  • user_external_id
  • optional break_glass_eligible
• lifecycle facts are projection-ready with explicit dominance outputs for:
  • active, suspended, disabled, offboarded, leave_of_absence
• drifted or revoked technical bindings force deny posture and never grant access.

identity-surface-access-posture

• Direction: outgoing
• Type: identity-contract
• Surface:
  • docs/contracts/surface-access-posture-model.json
  • docs/IDENTITY_SURFACE_ACCESS_POSTURE.md
• Auth: read-only contract consumer
• Stability: stable
• Versioning: additive contract evolution in spindle-owned docs/contracts
• Owner: Helpifyr Spindle owns business role profile mapping, scope-binding posture, and effective posture projection semantics

Implemented:

• spindle publishes explicit surface_id, surface_role_profile, scope_binding, and effective_posture records for all current Wave A1 admitted surfaces.
• spindle consumes Fabric surface registry truth read-only from GET /api/v1/identity/contracts/surface-admission and does not define competing local surface registry truth.
• tenant/environment mismatch is deny-first and must emit auditable drift posture.

identity-superadmin-and-nonhuman-drift

• Direction: outgoing
• Type: identity-contract
• Surface:
  • docs/contracts/superadmin-lifecycle-nonhuman-drift.json
  • docs/IDENTITY_SUPERADMIN_NON_HUMAN_DRIFT.md
• Auth: read-only contract consumer
• Stability: stable
• Versioning: additive contract evolution in spindle-owned docs/contracts
• Owner: Helpifyr Spindle owns superadmin lifecycle and non-human drift diagnosis semantics

Implemented:

• superadmin lifecycle states are explicit: created, active, suspended, disabled, deleted, recovery_only.
• disable/delete constraints require replacement-path or lockdown evidence to avoid lockout ambiguity.
• service-account and AI-agent drift cases are explicit and deny-first (deny_and_audit) instead of implicit local heuristics.

identity-voice-eligibility

• Direction: outgoing
• Type: identity-contract
• Surface:
  • docs/contracts/voice-eligibility-business-truth.json
  • docs/IDENTITY_VOICE_ELIGIBILITY.md
• Auth: read-only contract consumer
• Stability: stable
• Versioning: additive contract evolution in spindle-owned docs/contracts
• Owner: Helpifyr Spindle owns voice eligibility business-truth semantics

Implemented:

• explicit hot eligibility for jadda_main_main_hot and sales_permanent_hot
• explicit warm-pool eligibility for sales_warm_pool
• explicit async_default for admitted but non-hot/non-warm principals
• explicit fail-closed voice_unavailable posture for non-admitted or ambiguous principals
• no duplicate local voice-eligibility truth is allowed in jhf-tenter, jhf-warp, or OpenClaw consumers

mission-control-plane

• Direction: outgoing
• Type: operator-consumer
• Surface: configured MISSION_CONTROL_BASE_URL, PLANE_BASE_URL, and API-token-based exception/reporting integration from repo-owned services
• Auth: API token
• Stability: partial
• Versioning: unversioned-contract; optional operator integration without a repository-owned compatibility API
• Owner: external operator systems own their APIs; Helpifyr Spindle owns only its outbound exception/reporting calls

Implemented:

• Helpifyr Spindle can emit operator-follow-up and rollout-context signals when the optional integration is configured.

External Integrations

paddle-revenue-webhook

• Direction: incoming
• Type: webhook
• Surface: POST /api/method/jhf_spindle_core.api.webhooks.paddle
• Auth: HMAC signature validation using PADDLE_WEBHOOK_SECRET
• Stability: stable
• Versioning: provider payload evolution normalized into repo-owned staging records; checked-in fixture docs/contracts/paddle-transaction-completed.json
• Owner: Helpifyr Spindle owns staging, idempotency, and posting preparation; Paddle owns the upstream event shape

stripe-revenue-webhook

• Direction: incoming
• Type: webhook
• Surface: POST /api/method/jhf_spindle_core.api.webhooks.stripe
• Auth: HMAC signature validation using STRIPE_WEBHOOK_SECRET
• Stability: stable
• Versioning: provider payload evolution normalized into repo-owned staging records; checked-in fixture docs/contracts/stripe-invoice-paid.json
• Owner: Helpifyr Spindle owns staging, idempotency, and posting preparation; Stripe owns the upstream event shape

Event Contracts

supplier-intake-event

• Direction: incoming
• Type: repository-intake
• Surface: POST /api/method/jhf_spindle_core.api.webhooks.supplier_intake, POST /api/method/jhf_spindle_core.api.workflows.post_supplier_intake, docs/contracts/n8n-supplier-intake.json
• Auth: HMAC signature validation on intake; ERP session or trusted internal caller on posting workflow
• Stability: stable
• Versioning: additive contract evolution around the checked-in n8n fixture and repo-owned posting semantics
• Owner: Helpifyr Spindle

Implemented:

• Intake payloads are normalized into staged Supplier Intake evidence.
• Approved staged evidence can be posted into draft Purchase Invoice records through the documented workflow path.

website-contact-intake

• Direction: incoming
• Type: repository-intake
• Surface: POST /api/method/jhf_spindle_core.api.webhooks.website_contact_intake, docs/contracts/website-contact-intake.json
• Auth: HMAC signature validation on intake using ERP_API_SHARED_SECRET
• Stability: stable
• Versioning: additive contract evolution around the checked-in website intake fixture and repo-owned lead-creation semantics
• Owner: Helpifyr Spindle

Implemented:

• Website-originated Helpifyr contact intake can now enter Spindle directly as signed integration evidence.
• The intake is normalized into a reproducible ERP lead path and returns an acknowledgement bundle the caller can use for a human confirmation response.

revenue-event-staging

• Direction: incoming
• Type: repository-intake
• Surface: POST /api/method/jhf_spindle_core.api.webhooks.paddle, POST /api/method/jhf_spindle_core.api.webhooks.stripe, POST /api/method/jhf_spindle_core.api.workflows.post_revenue_event
• Auth: provider HMAC on inbound webhooks; ERP session or trusted internal caller on posting workflow
• Stability: stable
• Versioning: additive normalization into repo-owned Revenue Event staging; provider examples are fixture-backed
• Owner: Helpifyr Spindle

Implemented:

• Revenue provider events are persisted first as append-only integration evidence.
• Staged revenue evidence can be posted into draft Sales Invoice records through the documented workflow path.

approval-decision-callbacks

• Direction: incoming
• Type: execution-contract
• Surface: POST /api/method/jhf_spindle_core.api.callbacks.openclaw_approval, POST /api/method/jhf_spindle_core.api.callbacks.n8n_hil_decision
• Auth: HMAC signature validation plus optional idempotency headers
• Stability: stable
• Versioning: unversioned-contract backed by checked-in callback fixtures and repo-owned packet semantics
• Owner: Helpifyr Spindle

Implemented:

• Approval decisions from OpenClaw or n8n are applied only through packet-backed, signed callback paths.

dispatch-job-result-callback

• Direction: incoming
• Type: execution-contract
• Surface: POST /api/method/jhf_spindle_core.api.callbacks.n8n_job_result, docs/contracts/n8n-document-dispatch.json
• Auth: HMAC signature validation plus optional idempotency headers
• Stability: stable
• Versioning: unversioned-contract backed by checked-in dispatch-result fixture and additive ERP-side evidence handling
• Owner: Helpifyr Spindle

Implemented:

• Dispatch and workflow outcomes are reconciled into Integration Event, Dispatch Job, and related evidence records.

zammad-support-bridge

• Direction: bidirectional
• Type: execution-contract
• Surface: POST /api/method/jhf_spindle_core.api.support_cases.zammad_inbound, POST /api/method/jhf_spindle_core.api.support_cases.zammad_outbound, POST /api/method/jhf_spindle_core.api.support_cases.support_context
• Auth:
  • inbound: HMAC signature X-Signature with ZAMMAD_WEBHOOK_SECRET (fallback N8N_SHARED_SECRET)
  • outbound/context: ERP session auth or trusted internal caller
  • optional runtime delivery to Zammad additionally requires ZAMMAD_BASE_URL + ZAMMAD_API_TOKEN
• Stability: stable
• Versioning: unversioned-contract with explicit JSON fixtures and additive fields
• Owner: Helpifyr Spindle owns event normalization, idempotency, audit evidence, envelope correlation, and context hydration

Implemented:

• inbound adapter validates signature, enforces sequence ordering when available, and rejects divergent duplicate idempotency keys
• outbound adapter records auditable intent for reply/note/status updates and attempts runtime delivery when Zammad runtime credentials are present
• support context endpoint exposes replay-safe business-object hydration with explicit partial/missing markers
• ticket split/merge, reopen-after-entitlement-change, and partial enrichment semantics are contract-defined in docs/SUPPORT_ZAMMAD_FOUNDATION.md
• tenant-side enablement, required Zammad trigger/webhook objects, and operator verification flow are defined in docs/ZAMMAD_ENABLEMENT.md

External boundary:

• repository code is contract-ready, but real tenant activation still requires Zammad admin + platform operator actions documented in docs/ZAMMAD_ENABLEMENT.md

MCP Integration

jhf-spindle-mcp-gateway

• Direction: incoming
• Type: mcp
• Surface: POST /mcp, GET /healthz
• Auth: X-JHF-Spindle-Key for productive MCP requests; GET /healthz remains unauthenticated liveness only
• Stability: stable
• Versioning: unversioned JSON-RPC/MCP surface with repo-owned tool/resource evolution
• Owner: Helpifyr Spindle

Implemented:

• Operators and agents can use the repo-owned MCP gateway for read-oriented and explicitly guarded write-capable flows.
• GET /healthz is a real liveness surface.

Read-first boundary:

• current verify path is read-first only for Fabric-like consumers
• no Fabric write-back is implemented

Planned Connections

jhf-fabric

• Direction: incoming
• Type: repo-read
• Surface: fabric-manifest.json, docs/FABRIC_TOOL_PROFILE.md, docs/FABRIC_CONTRACT.md, docs/CAPABILITIES.md, GET /api/method/jhf_spindle_core.api.health.integration_status, GET /healthz, GET /api/v1/combinations/profiles, GET /api/v1/combinations/optional-slices, GET /api/v1/combinations/optional-slices/sipgate-carrier-cti (Fabric-owned, consumed read-only by acceptance monitoring)
• Auth: repository-reader access for checked-in artifacts; no auth on the two narrow runtime presence surfaces
• Stability: planned
• Versioning: manifest version plus Git-backed repository versioning; no dedicated runtime /version or /readiness contract exists today
• Owner: Helpifyr Spindle owns the repo-side metadata and safe presence surfaces; jhf-fabric would own any future aggregation or discovery consumer

Implemented:

• Fabric-readable repository artifacts already exist.
• integration_status and MCP /healthz are the real narrow runtime presence signals.
• Current version source is the README version marker plus Git revision on main.
• OpenClaw-plus acceptance monitoring consumes Fabric canonical profile truth from /api/v1/combinations/profiles and reports drift when fabric-all no longer requires JaddaHelpifyr/jhf-spindle.
• Fabric governance adoption now consumes canonical contract truth from:
  • GET /api/v1/contracts/matrix
  • GET /api/v1/contracts/docs-standard
  • declared family/version contract in docs/contracts/fabric-governance-adoption.json (helpifyr-schema-governance-docs-standard, accepted 1.0.0)
• Spindle does not define local bundle or local detection truth; Fabric remains canonical owner of combination semantics.
• Spindle does not define local schema truth for Fabric-owned governance families; matrix/docs-standard remain canonical.

Planned:

• optional future discovery may consume the existing read-first artifacts and safe presence surfaces
• no Fabric registration endpoint, Fabric-specific callback, dedicated /readiness, or dedicated /version endpoint is implemented

jhf-warp-identity-owner-contract

• Direction: outgoing
• Type: identity-contract
• Surface: docs/IDENTITY_WARP_OWNERSHIP_CONTRACT.md, docs/contracts/identity-warp-owner-contract.json, docs/contracts/helpifyr-access-model-v1.2.json, docs/IDENTITY_EVENT_OWNERSHIP.md, docs/IDENTITY_SYNC_DRIFT_RULES.md
• Auth: repository contract consumer; spindle does not issue tokens or sessions
• Stability: planned
• Versioning: additive contract evolution in repo-owned docs/contracts
• Owner: Helpifyr Spindle owns business identity and binding truth; jhf-warp consumes this truth for runtime orchestration guardrails

Implemented:

• spindle-owned ownership fields, revocation events, scope projection, and degraded-read posture are explicitly documented
• deny-on-conflict posture is explicit for tenant/company mismatch and missing business binding
• agent-registry lifecycle/governance truth for disable/revoke/retire/legal-hold/GC projection is explicitly versioned in docs/contracts/agent-registry-governance-fact.json

Planned:

• downstream runtime enforcement and acceptance evidence remains in jhf-warp

zammad-identity-projection-contract

• Direction: outgoing
• Type: identity-contract
• Surface: docs/IDENTITY_ZAMMAD_PROJECTION_CONTRACT.md, docs/contracts/identity-zammad-projection-contract.json, docs/contracts/identity-zammad-deprovision-contract.json, docs/IDENTITY_EVENT_OWNERSHIP.md
• Auth: repository contract consumer; spindle and Zammad do not define local semantic access overrides
• Stability: planned
• Versioning: additive contract evolution in repo-owned docs/contracts
• Owner: Helpifyr Spindle owns business identity, binding, and lifecycle facts; helpifyr-fabric remains canonical owner of downstream admission and breakglass truth consumed by the Zammad lane

Implemented:

• the Zammad lane consumer/executor split is explicit, with projection-consumer behavior allowed and local identity-semantic authority denied
• revocation, orphan, and breakglass defaults are fail-closed and machine-readable
• disable/delete/revoke application semantics now define non-green partial and blocked outcomes plus the only terminal green verdict revoked-and-deleted

Planned:

• downstream runtime enforcement and live tenant evidence remain outside this repository

jhf-warp-agent-registration-request

• Direction: incoming (planned request contract)
• Type: identity-contract
• Surface: docs/AI_AGENT_REGISTRATION_REQUEST_CONTRACT.md, docs/contracts/ai-agent-registration-request.json
• Auth: repository contract consumer; no dedicated write endpoint is published from spindle yet
• Stability: planned
• Versioning: additive contract evolution in repo-owned docs/contracts
• Owner: Helpifyr Spindle owns the business-truth registration boundary; jhf-warp may request registration but not assign rights directly

Implemented:

• spindle now publishes one explicit AI-agent registration request contract for downstream runtimes
• the contract requires stable business identity, sponsor linkage, team boundary, lifecycle intent, and class inputs
• missing sponsor or business identity truth is explicitly fail-closed

Explicit non-scope:

• no direct tool-right grants
• no downstream provisioning semantics
• no secret or API-key issuance

---

License notice: AGPLv3 (GNU Affero General Public License v3.0)
Website: https://helpifyr.com