Topology Snapshot Manual Verify Report

Date: 2026-03-06

Target

• apps/web/src/lib/governance/topologySnapshot.ts

Runtime boundary

Verified facts:

• the file begins with import "server-only";
• it also imports node:crypto
• this is therefore a server-only module, not a client/shared browser module

Implication:

• importing server-safe package modules here is acceptable
• standalone tsx execution outside Next runtime is not a reliable validation path because server-only is a Next/runtime boundary marker

Current dependencies and classification

1. @kvary/financial-layer/jurisdiction/policy-registry Current symbols:

• listJurisdictionPolicies
• JurisdictionPolicy
• SettlementDomainId Classification:
• NEEDS_NEW_SUBPATH_EXPORT Status:
• export added
• import redirected

2. @kvary/financial-layer/jurisdiction/GE/policy Current symbols:

• geJurisdictionPolicy Classification:
• NEEDS_NEW_SUBPATH_EXPORT Status:
• export added
• import redirected

3. @kvary/financial-layer/routing/scheme-map Current symbols:

• listSchemeDescriptors Classification:
• NEEDS_NEW_SUBPATH_EXPORT Status:
• export added
• import redirected

4. @kvary/financial-layer/chain/chain-binding-registry Current symbols:

• listChainBindings
• resolveChainBindingsForDomain
• resolveChainBindingsForNamespace Classification:
• SAFE_TO_REDIRECT_NOW Status:
• already exported
• import redirected

5. @kvary/financial-layer/chain/anchor-namespace Current symbols:

• buildDefaultAnchorNamespace
• parseAnchorNamespace Classification:
• NEEDS_NEW_SUBPATH_EXPORT Status:
• export added
• import redirected

6. @kvary/financial-layer/chain/anchor-plan Current symbols:

• resolveAnchorPlan Classification:
• SAFE_TO_REDIRECT_NOW Status:
• already exported
• import redirected

7. @kvary/financial-layer/chain/activation-policy Current symbols:

• resolveAnchorActivation Classification:
• SAFE_TO_REDIRECT_NOW Status:
• already exported
• import redirected

Runtime safety check

Reviewed imported financial-layer modules:

• jurisdiction/policy-registry.ts
• jurisdiction/GE/policy.ts
• routing/scheme-map.ts
• chain/chain-binding-registry.ts
• chain/anchor-namespace.ts
• chain/anchor-plan.ts
• chain/activation-policy.ts

Findings:

• no filesystem access
• no process/env coupling
• no script-oriented side effects
• no browser-only assumptions
• only pure in-memory registries, deterministic helpers, and Node-safe standard library usage

Node-specific note:

• chain/anchor-plan.ts uses crypto
• this is acceptable because topologySnapshot.ts is already server-only

What was safely changed

Added conservative subpath exports in @kvary/financial-layer for:

• ./jurisdiction/policy-registry
• ./jurisdiction/GE/policy
• ./routing/scheme-map
• ./chain/anchor-namespace

Updated apps/web/src/lib/governance/topologySnapshot.ts to replace deep relative imports with package subpath imports.

Validation

Successful validation:

• npm --prefix packages/financial-layer run build
• package resolution check for:
  • @kvary/financial-layer/jurisdiction/policy-registry
  • @kvary/financial-layer/jurisdiction/GE/policy
  • @kvary/financial-layer/routing/scheme-map
  • @kvary/financial-layer/chain/anchor-namespace
• targeted TypeScript resolution:
  • npm exec -- tsc --noEmit --target es2020 --module esnext --moduleResolution bundler apps/web/src/lib/governance/topologySnapshot.ts

Deferred / known limitation:

• standalone tsx import of topologySnapshot.ts outside Next runtime fails on server-only
• this is expected in the plain runtime harness and is not evidence of a bad financial-layer import redirect

Deferred items

• no additional web files changed
• no broader apps/web financial-layer import rewrite was attempted
• no source .js files were deleted

Conclusion

This cluster was safe to redirect.

Reason:

• exact dependency set is server-only compatible
• missing package exports were small and explicit
• static resolution passed after export extension
• no browser/runtime leakage was introduced