@paybond/kit 0.10.0 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (335) hide show
  1. package/completion-presets/catalog.json +1187 -0
  2. package/completion-presets/catalog.sha256 +1 -0
  3. package/dev/trace-ui/dashboard.html +617 -0
  4. package/dist/agent/adapter.d.ts +51 -0
  5. package/dist/agent/adapter.js +66 -0
  6. package/dist/agent/attach-bundle.d.ts +37 -0
  7. package/dist/agent/attach-bundle.js +118 -0
  8. package/dist/agent/authorization-cache.d.ts +22 -0
  9. package/dist/agent/authorization-cache.js +36 -0
  10. package/dist/agent/deferred-tools.d.ts +11 -0
  11. package/dist/agent/deferred-tools.js +62 -0
  12. package/dist/agent/discover.d.ts +41 -0
  13. package/dist/agent/discover.js +147 -0
  14. package/dist/agent/evidence.d.ts +9 -0
  15. package/dist/agent/evidence.js +28 -0
  16. package/dist/agent/facade.d.ts +48 -0
  17. package/dist/agent/facade.js +112 -0
  18. package/dist/agent/gateway-trace-reporter.d.ts +28 -0
  19. package/dist/agent/gateway-trace-reporter.js +49 -0
  20. package/dist/agent/generic-runner.d.ts +14 -0
  21. package/dist/agent/generic-runner.js +49 -0
  22. package/dist/agent/generic-sandbox-demo.d.ts +36 -0
  23. package/dist/agent/generic-sandbox-demo.js +82 -0
  24. package/dist/agent/guarded-agent.d.ts +49 -0
  25. package/dist/agent/guarded-agent.js +100 -0
  26. package/dist/agent/index.d.ts +13 -0
  27. package/dist/agent/index.js +13 -0
  28. package/dist/agent/instrument.d.ts +156 -0
  29. package/dist/agent/instrument.js +442 -0
  30. package/dist/agent/interceptor.d.ts +24 -0
  31. package/dist/agent/interceptor.js +440 -0
  32. package/dist/agent/lazy-context-tools.d.ts +15 -0
  33. package/dist/agent/lazy-context-tools.js +81 -0
  34. package/dist/agent/registry-file.d.ts +39 -0
  35. package/dist/agent/registry-file.js +219 -0
  36. package/dist/agent/registry.d.ts +37 -0
  37. package/dist/agent/registry.js +128 -0
  38. package/dist/agent/run.d.ts +124 -0
  39. package/dist/agent/run.js +301 -0
  40. package/dist/agent/types.d.ts +318 -0
  41. package/dist/agent/types.js +42 -0
  42. package/dist/agent-recognition.d.ts +72 -0
  43. package/dist/agent-recognition.js +165 -0
  44. package/dist/bincode-wire.d.ts +18 -0
  45. package/dist/bincode-wire.js +93 -0
  46. package/dist/claude-agents/config.d.ts +21 -0
  47. package/dist/claude-agents/config.js +145 -0
  48. package/dist/claude-agents/index.d.ts +2 -0
  49. package/dist/claude-agents/index.js +2 -0
  50. package/dist/claude-agents/sandbox-demo.d.ts +30 -0
  51. package/dist/claude-agents/sandbox-demo.js +91 -0
  52. package/dist/cli/agent/env-quote.d.ts +1 -0
  53. package/dist/cli/agent/env-quote.js +6 -0
  54. package/dist/cli/agent/env-write.d.ts +8 -0
  55. package/dist/cli/agent/env-write.js +47 -0
  56. package/dist/cli/agent/paybond.d.ts +16 -0
  57. package/dist/cli/agent/paybond.js +55 -0
  58. package/dist/cli/agent/policy-file.d.ts +29 -0
  59. package/dist/cli/agent/policy-file.js +61 -0
  60. package/dist/cli/agent/production-evidence.d.ts +24 -0
  61. package/dist/cli/agent/production-evidence.js +98 -0
  62. package/dist/cli/agent/run-store.d.ts +30 -0
  63. package/dist/cli/agent/run-store.js +42 -0
  64. package/dist/cli/agent/run-trace-store.d.ts +39 -0
  65. package/dist/cli/agent/run-trace-store.js +143 -0
  66. package/dist/cli/agent-run-trace-table.d.ts +9 -0
  67. package/dist/cli/agent-run-trace-table.js +24 -0
  68. package/dist/cli/agent-sandbox-smoke-checklist.d.ts +9 -0
  69. package/dist/cli/agent-sandbox-smoke-checklist.js +50 -0
  70. package/dist/cli/command-spec.d.ts +1 -0
  71. package/dist/cli/command-spec.js +286 -5
  72. package/dist/cli/commands/agent.d.ts +16 -0
  73. package/dist/cli/commands/agent.js +1135 -0
  74. package/dist/cli/commands/dev.d.ts +7 -0
  75. package/dist/cli/commands/dev.js +348 -0
  76. package/dist/cli/commands/discovery.js +3 -3
  77. package/dist/cli/commands/policy.d.ts +13 -0
  78. package/dist/cli/commands/policy.js +769 -0
  79. package/dist/cli/commands/setup.d.ts +3 -0
  80. package/dist/cli/commands/setup.js +124 -8
  81. package/dist/cli/commands/workflows.js +9 -4
  82. package/dist/cli/config.d.ts +2 -0
  83. package/dist/cli/config.js +4 -2
  84. package/dist/cli/context.js +2 -1
  85. package/dist/cli/credentials.js +2 -2
  86. package/dist/cli/doctor-agent-middleware.d.ts +5 -0
  87. package/dist/cli/doctor-agent-middleware.js +49 -0
  88. package/dist/cli/globals.d.ts +1 -0
  89. package/dist/cli/globals.js +11 -1
  90. package/dist/cli/help.d.ts +1 -1
  91. package/dist/cli/help.js +35 -3
  92. package/dist/cli/mcp-install.js +2 -2
  93. package/dist/cli/mcp-policy.d.ts +3 -0
  94. package/dist/cli/mcp-policy.js +19 -13
  95. package/dist/cli/mcp-verify-config.js +9 -11
  96. package/dist/cli/redact.js +29 -8
  97. package/dist/cli/router.js +105 -2
  98. package/dist/cli/smoke-deep-links.d.ts +15 -0
  99. package/dist/cli/smoke-deep-links.js +63 -0
  100. package/dist/cli/telemetry.d.ts +17 -0
  101. package/dist/cli/telemetry.js +94 -0
  102. package/dist/completion-catalog-digest.d.ts +2 -0
  103. package/dist/completion-catalog-digest.js +2 -0
  104. package/dist/completion-catalog-integrity.d.ts +2 -0
  105. package/dist/completion-catalog-integrity.js +17 -0
  106. package/dist/completion-catalog.d.ts +49 -0
  107. package/dist/completion-catalog.js +62 -0
  108. package/dist/completion-contract-digest.d.ts +37 -0
  109. package/dist/completion-contract-digest.js +73 -0
  110. package/dist/completion-forbidden-fields.d.ts +5 -0
  111. package/dist/completion-forbidden-fields.js +26 -0
  112. package/dist/completion-init.d.ts +8 -0
  113. package/dist/completion-init.js +334 -0
  114. package/dist/completion-resolve.d.ts +21 -0
  115. package/dist/completion-resolve.js +86 -0
  116. package/dist/completion-validate-evidence.d.ts +24 -0
  117. package/dist/completion-validate-evidence.js +145 -0
  118. package/dist/dev/offline-gateway.d.ts +24 -0
  119. package/dist/dev/offline-gateway.js +102 -0
  120. package/dist/dev/trace-buffer.d.ts +61 -0
  121. package/dist/dev/trace-buffer.js +330 -0
  122. package/dist/dev/trace-security-headers.d.ts +11 -0
  123. package/dist/dev/trace-security-headers.js +16 -0
  124. package/dist/dev/trace-server.d.ts +8 -0
  125. package/dist/dev/trace-server.js +38 -0
  126. package/dist/dev/trace-ui.d.ts +4 -0
  127. package/dist/dev/trace-ui.js +25 -0
  128. package/dist/dev/wiremock-up.d.ts +15 -0
  129. package/dist/dev/wiremock-up.js +118 -0
  130. package/dist/doctor-completion.d.ts +17 -0
  131. package/dist/doctor-completion.js +428 -0
  132. package/dist/gateway-url.d.ts +7 -0
  133. package/dist/gateway-url.js +69 -0
  134. package/dist/index.d.ts +119 -2
  135. package/dist/index.js +267 -6
  136. package/dist/init.js +374 -57
  137. package/dist/langgraph/awrap-tool-call.d.ts +25 -0
  138. package/dist/langgraph/awrap-tool-call.js +81 -0
  139. package/dist/langgraph/config.d.ts +13 -0
  140. package/dist/langgraph/config.js +11 -0
  141. package/dist/langgraph/index.d.ts +4 -0
  142. package/dist/langgraph/index.js +4 -0
  143. package/dist/langgraph/sandbox-demo.d.ts +40 -0
  144. package/dist/langgraph/sandbox-demo.js +96 -0
  145. package/dist/langgraph/tool-node.d.ts +10 -0
  146. package/dist/langgraph/tool-node.js +38 -0
  147. package/dist/login.js +7 -0
  148. package/dist/mcp/index.d.ts +1 -0
  149. package/dist/mcp/index.js +1 -0
  150. package/dist/mcp/tool-surface.d.ts +25 -0
  151. package/dist/mcp/tool-surface.js +17 -0
  152. package/dist/mcp-capability-token-cache.d.ts +24 -0
  153. package/dist/mcp-capability-token-cache.js +101 -0
  154. package/dist/mcp-evidence-policy.d.ts +48 -0
  155. package/dist/mcp-evidence-policy.js +117 -0
  156. package/dist/mcp-policy-reload.d.ts +79 -0
  157. package/dist/mcp-policy-reload.js +200 -0
  158. package/dist/mcp-sep2828-evidence.d.ts +36 -0
  159. package/dist/mcp-sep2828-evidence.js +65 -0
  160. package/dist/mcp-server.d.ts +6 -0
  161. package/dist/mcp-server.js +224 -44
  162. package/dist/openai-agents/index.d.ts +40 -0
  163. package/dist/openai-agents/index.js +151 -0
  164. package/dist/openai-agents/sandbox-demo.d.ts +34 -0
  165. package/dist/openai-agents/sandbox-demo.js +118 -0
  166. package/dist/payee-evidence.js +2 -29
  167. package/dist/policy/catalog.d.ts +31 -0
  168. package/dist/policy/catalog.js +48 -0
  169. package/dist/policy/compose-utils.d.ts +3 -0
  170. package/dist/policy/compose-utils.js +4 -0
  171. package/dist/policy/compose.d.ts +20 -0
  172. package/dist/policy/compose.js +240 -0
  173. package/dist/policy/digest.d.ts +7 -0
  174. package/dist/policy/digest.js +75 -0
  175. package/dist/policy/domain.d.ts +15 -0
  176. package/dist/policy/domain.js +28 -0
  177. package/dist/policy/guardrail-spec.d.ts +17 -0
  178. package/dist/policy/guardrail-spec.js +140 -0
  179. package/dist/policy/guardrails.d.ts +48 -0
  180. package/dist/policy/guardrails.js +72 -0
  181. package/dist/policy/index.d.ts +21 -0
  182. package/dist/policy/index.js +21 -0
  183. package/dist/policy/init.d.ts +102 -0
  184. package/dist/policy/init.js +351 -0
  185. package/dist/policy/intent-spec.d.ts +52 -0
  186. package/dist/policy/intent-spec.js +176 -0
  187. package/dist/policy/json-path.d.ts +4 -0
  188. package/dist/policy/json-path.js +23 -0
  189. package/dist/policy/layers-io.d.ts +7 -0
  190. package/dist/policy/layers-io.js +28 -0
  191. package/dist/policy/load-effective.d.ts +22 -0
  192. package/dist/policy/load-effective.js +77 -0
  193. package/dist/policy/load.d.ts +85 -0
  194. package/dist/policy/load.js +164 -0
  195. package/dist/policy/merge.d.ts +29 -0
  196. package/dist/policy/merge.js +297 -0
  197. package/dist/policy/parse-text.d.ts +2 -0
  198. package/dist/policy/parse-text.js +126 -0
  199. package/dist/policy/policy-api.d.ts +45 -0
  200. package/dist/policy/policy-api.js +61 -0
  201. package/dist/policy/presets.d.ts +19 -0
  202. package/dist/policy/presets.js +66 -0
  203. package/dist/policy/registry.d.ts +7 -0
  204. package/dist/policy/registry.js +33 -0
  205. package/dist/policy/reload.d.ts +86 -0
  206. package/dist/policy/reload.js +233 -0
  207. package/dist/policy/render-yaml.d.ts +3 -0
  208. package/dist/policy/render-yaml.js +69 -0
  209. package/dist/policy/sandbox-bootstrap.d.ts +19 -0
  210. package/dist/policy/sandbox-bootstrap.js +66 -0
  211. package/dist/policy/schema.d.ts +204 -0
  212. package/dist/policy/schema.js +255 -0
  213. package/dist/policy/snapshot.d.ts +33 -0
  214. package/dist/policy/snapshot.js +23 -0
  215. package/dist/policy/validate-remote.d.ts +43 -0
  216. package/dist/policy/validate-remote.js +104 -0
  217. package/dist/policy/validate.d.ts +36 -0
  218. package/dist/policy/validate.js +150 -0
  219. package/dist/policy/watcher.d.ts +29 -0
  220. package/dist/policy/watcher.js +112 -0
  221. package/dist/principal-intent.d.ts +52 -0
  222. package/dist/principal-intent.js +193 -37
  223. package/dist/project-init.d.ts +34 -0
  224. package/dist/project-init.js +898 -0
  225. package/dist/sep2828-signature.d.ts +10 -0
  226. package/dist/sep2828-signature.js +134 -0
  227. package/dist/solutions/api.d.ts +22 -0
  228. package/dist/solutions/api.js +40 -0
  229. package/dist/solutions/catalog.d.ts +34 -0
  230. package/dist/solutions/catalog.js +129 -0
  231. package/dist/solutions/index.d.ts +2 -0
  232. package/dist/solutions/index.js +2 -0
  233. package/dist/template-init.d.ts +54 -0
  234. package/dist/template-init.js +203 -0
  235. package/dist/vercel-ai/config.d.ts +15 -0
  236. package/dist/vercel-ai/config.js +13 -0
  237. package/dist/vercel-ai/index.d.ts +4 -0
  238. package/dist/vercel-ai/index.js +4 -0
  239. package/dist/vercel-ai/sandbox-demo.d.ts +44 -0
  240. package/dist/vercel-ai/sandbox-demo.js +153 -0
  241. package/dist/vercel-ai/tool-approval.d.ts +16 -0
  242. package/dist/vercel-ai/tool-approval.js +41 -0
  243. package/dist/vercel-ai/wrap-tools.d.ts +9 -0
  244. package/dist/vercel-ai/wrap-tools.js +40 -0
  245. package/dist/x402-receipt-evidence.d.ts +29 -0
  246. package/dist/x402-receipt-evidence.js +97 -0
  247. package/dist/x402-receipt-signature.d.ts +12 -0
  248. package/dist/x402-receipt-signature.js +211 -0
  249. package/package.json +75 -3
  250. package/solutions/aws.json +17 -0
  251. package/solutions/saas.json +17 -0
  252. package/solutions/shopping.json +17 -0
  253. package/solutions/travel.json +18 -0
  254. package/templates/manifest.json +169 -0
  255. package/templates/openai-shopping-agent/.env.example +3 -0
  256. package/templates/openai-shopping-agent/.github/workflows/smoke.yml +20 -0
  257. package/templates/openai-shopping-agent/LICENSE +201 -0
  258. package/templates/openai-shopping-agent/README.md +29 -0
  259. package/templates/openai-shopping-agent/package.json +22 -0
  260. package/templates/openai-shopping-agent/paybond.policy.yaml +22 -0
  261. package/templates/openai-shopping-agent/src/index.ts +22 -0
  262. package/templates/openai-shopping-agent/src/paybond.config.ts +51 -0
  263. package/templates/openai-shopping-agent/tsconfig.json +13 -0
  264. package/templates/paybond-aws-operator/.env.example +3 -0
  265. package/templates/paybond-aws-operator/.github/workflows/smoke.yml +20 -0
  266. package/templates/paybond-aws-operator/LICENSE +201 -0
  267. package/templates/paybond-aws-operator/README.md +29 -0
  268. package/templates/paybond-aws-operator/package.json +20 -0
  269. package/templates/paybond-aws-operator/paybond.policy.yaml +22 -0
  270. package/templates/paybond-aws-operator/src/index.ts +54 -0
  271. package/templates/paybond-aws-operator/src/paybond.config.ts +51 -0
  272. package/templates/paybond-aws-operator/tsconfig.json +13 -0
  273. package/templates/paybond-claude-agents-demo/.env.example +3 -0
  274. package/templates/paybond-claude-agents-demo/.github/workflows/smoke.yml +20 -0
  275. package/templates/paybond-claude-agents-demo/LICENSE +201 -0
  276. package/templates/paybond-claude-agents-demo/README.md +29 -0
  277. package/templates/paybond-claude-agents-demo/package.json +22 -0
  278. package/templates/paybond-claude-agents-demo/paybond.policy.yaml +22 -0
  279. package/templates/paybond-claude-agents-demo/src/index.ts +22 -0
  280. package/templates/paybond-claude-agents-demo/src/paybond.config.ts +51 -0
  281. package/templates/paybond-claude-agents-demo/tsconfig.json +13 -0
  282. package/templates/paybond-invoice-agent/.env.example +3 -0
  283. package/templates/paybond-invoice-agent/.github/workflows/smoke.yml +19 -0
  284. package/templates/paybond-invoice-agent/LICENSE +201 -0
  285. package/templates/paybond-invoice-agent/README.md +29 -0
  286. package/templates/paybond-invoice-agent/app.py +27 -0
  287. package/templates/paybond-invoice-agent/package.json +6 -0
  288. package/templates/paybond-invoice-agent/paybond.policy.yaml +22 -0
  289. package/templates/paybond-invoice-agent/paybond_config.py +45 -0
  290. package/templates/paybond-invoice-agent/requirements.txt +2 -0
  291. package/templates/paybond-mcp-coding-agent/.env.example +3 -0
  292. package/templates/paybond-mcp-coding-agent/.github/workflows/smoke.yml +20 -0
  293. package/templates/paybond-mcp-coding-agent/LICENSE +201 -0
  294. package/templates/paybond-mcp-coding-agent/README.md +39 -0
  295. package/templates/paybond-mcp-coding-agent/package.json +20 -0
  296. package/templates/paybond-mcp-coding-agent/paybond.policy.yaml +25 -0
  297. package/templates/paybond-mcp-coding-agent/src/index.ts +40 -0
  298. package/templates/paybond-mcp-coding-agent/src/paybond.config.ts +51 -0
  299. package/templates/paybond-mcp-coding-agent/tsconfig.json +13 -0
  300. package/templates/paybond-openai-agents-demo/.env.example +3 -0
  301. package/templates/paybond-openai-agents-demo/.github/workflows/smoke.yml +20 -0
  302. package/templates/paybond-openai-agents-demo/LICENSE +201 -0
  303. package/templates/paybond-openai-agents-demo/README.md +29 -0
  304. package/templates/paybond-openai-agents-demo/package.json +22 -0
  305. package/templates/paybond-openai-agents-demo/paybond.policy.yaml +22 -0
  306. package/templates/paybond-openai-agents-demo/src/index.ts +22 -0
  307. package/templates/paybond-openai-agents-demo/src/paybond.config.ts +51 -0
  308. package/templates/paybond-openai-agents-demo/tsconfig.json +13 -0
  309. package/templates/paybond-procurement-agent/.env.example +3 -0
  310. package/templates/paybond-procurement-agent/.github/workflows/smoke.yml +20 -0
  311. package/templates/paybond-procurement-agent/LICENSE +201 -0
  312. package/templates/paybond-procurement-agent/README.md +29 -0
  313. package/templates/paybond-procurement-agent/package.json +20 -0
  314. package/templates/paybond-procurement-agent/paybond.policy.yaml +25 -0
  315. package/templates/paybond-procurement-agent/src/index.ts +54 -0
  316. package/templates/paybond-procurement-agent/src/paybond.config.ts +51 -0
  317. package/templates/paybond-procurement-agent/tsconfig.json +13 -0
  318. package/templates/paybond-travel-agent/.env.example +3 -0
  319. package/templates/paybond-travel-agent/.github/workflows/smoke.yml +20 -0
  320. package/templates/paybond-travel-agent/LICENSE +201 -0
  321. package/templates/paybond-travel-agent/README.md +29 -0
  322. package/templates/paybond-travel-agent/package.json +23 -0
  323. package/templates/paybond-travel-agent/paybond.policy.yaml +22 -0
  324. package/templates/paybond-travel-agent/src/index.ts +22 -0
  325. package/templates/paybond-travel-agent/src/paybond.config.ts +51 -0
  326. package/templates/paybond-travel-agent/tsconfig.json +13 -0
  327. package/templates/paybond-vercel-shopping-agent/.env.example +3 -0
  328. package/templates/paybond-vercel-shopping-agent/.github/workflows/smoke.yml +20 -0
  329. package/templates/paybond-vercel-shopping-agent/LICENSE +201 -0
  330. package/templates/paybond-vercel-shopping-agent/README.md +29 -0
  331. package/templates/paybond-vercel-shopping-agent/package.json +22 -0
  332. package/templates/paybond-vercel-shopping-agent/paybond.policy.yaml +22 -0
  333. package/templates/paybond-vercel-shopping-agent/src/index.ts +22 -0
  334. package/templates/paybond-vercel-shopping-agent/src/paybond.config.ts +51 -0
  335. package/templates/paybond-vercel-shopping-agent/tsconfig.json +13 -0
@@ -0,0 +1,72 @@
1
+ export type SignedAgentRecognitionProofV1 = {
2
+ schema_version: number;
3
+ kind: string;
4
+ key_id: string;
5
+ signature_algorithm: string;
6
+ issued_at: string;
7
+ expires_at: string;
8
+ nonce: string;
9
+ purpose: string;
10
+ verifier_context: {
11
+ tenant_id: string;
12
+ verifier_id: string;
13
+ };
14
+ request_envelope: {
15
+ method: string;
16
+ path: string;
17
+ body_digest_sha256_hex: string;
18
+ };
19
+ message_digest_sha256_hex: string;
20
+ signing_public_key_ed25519_hex: string;
21
+ ed25519_signature_hex: string;
22
+ };
23
+ export declare const AGENT_RECOGNITION_PROOF_SCHEMA_VERSION = 1;
24
+ export declare const AGENT_RECOGNITION_PROOF_KIND_V1 = "paybond.agent_recognition_proof_v1";
25
+ export declare const AGENT_RECOGNITION_SIGNATURE_ALGORITHM_ED25519 = "ed25519-sha256-json-v1";
26
+ export declare const AGENT_RECOGNITION_GATEWAY_VERIFIER_ID = "paybond-gateway";
27
+ export declare const AGENT_RECOGNITION_PURPOSE_EVIDENCE_SUBMIT = "harbor.intent.evidence.submit";
28
+ export declare const AGENT_RECOGNITION_MAX_FRESHNESS_MS: number;
29
+ export type SignAgentRecognitionProofV1Params = {
30
+ keyId: string;
31
+ purpose: string;
32
+ tenantId: string;
33
+ verifierId?: string;
34
+ method: string;
35
+ path: string;
36
+ body: Uint8Array | Record<string, unknown>;
37
+ issuedAt?: Date;
38
+ expiresAt?: Date;
39
+ nonce?: string;
40
+ };
41
+ type CanonicalRecognitionProof = {
42
+ schemaVersion: number;
43
+ kind: string;
44
+ keyId: string;
45
+ signatureAlgorithm: string;
46
+ issuedAt: string;
47
+ expiresAt: string;
48
+ nonce: string;
49
+ purpose: string;
50
+ verifierContext: {
51
+ tenantId: string;
52
+ verifierId: string;
53
+ };
54
+ requestEnvelope: {
55
+ method: string;
56
+ path: string;
57
+ bodyDigestSha256Hex: string;
58
+ };
59
+ };
60
+ /** Canonicalize request metadata that recognition proofs bind to. */
61
+ export declare function newAgentRecognitionRequestEnvelope(method: string, path: string, body: Uint8Array | Record<string, unknown>): CanonicalRecognitionProof["requestEnvelope"];
62
+ /** Validate, canonicalize, and sign a replay-safe `AgentRecognitionProofV1`. */
63
+ export declare function signAgentRecognitionProofV1(signingSeed: Uint8Array, params: SignAgentRecognitionProofV1Params): SignedAgentRecognitionProofV1;
64
+ /** Build a recognition proof for Gateway `POST /harbor/intents/{intentId}/evidence`. */
65
+ export declare function signHarborEvidenceSubmitRecognitionProof(input: {
66
+ tenantId: string;
67
+ intentId: string;
68
+ evidenceBody: Record<string, unknown>;
69
+ keyId: string;
70
+ signingSeed: Uint8Array;
71
+ }): SignedAgentRecognitionProofV1;
72
+ export {};
@@ -0,0 +1,165 @@
1
+ import { createHash, randomUUID } from "node:crypto";
2
+ import { sign, getPublicKey } from "@noble/ed25519";
3
+ import { ensureEd25519Sha512Sync } from "./ed25519-sync.js";
4
+ export const AGENT_RECOGNITION_PROOF_SCHEMA_VERSION = 1;
5
+ export const AGENT_RECOGNITION_PROOF_KIND_V1 = "paybond.agent_recognition_proof_v1";
6
+ export const AGENT_RECOGNITION_SIGNATURE_ALGORITHM_ED25519 = "ed25519-sha256-json-v1";
7
+ export const AGENT_RECOGNITION_GATEWAY_VERIFIER_ID = "paybond-gateway";
8
+ export const AGENT_RECOGNITION_PURPOSE_EVIDENCE_SUBMIT = "harbor.intent.evidence.submit";
9
+ export const AGENT_RECOGNITION_MAX_FRESHNESS_MS = 10 * 60 * 1000;
10
+ const SCOPE_TOKEN_RE = /^[a-z0-9][a-z0-9._:/-]{0,127}$/;
11
+ const HEX64_RE = /^[0-9a-f]{64}$/;
12
+ function bytesToHex(bytes) {
13
+ return Array.from(bytes, (byte) => byte.toString(16).padStart(2, "0")).join("");
14
+ }
15
+ function sha256Hex(data) {
16
+ return createHash("sha256").update(data).digest("hex");
17
+ }
18
+ function formatRfc3339Seconds(date) {
19
+ return date.toISOString().replace(/\.\d{3}Z$/, "Z");
20
+ }
21
+ function normalizeScopeToken(value, field) {
22
+ const normalized = value.trim().toLowerCase();
23
+ if (!normalized) {
24
+ throw new Error(`agent recognition proof: ${field} is required`);
25
+ }
26
+ if (!SCOPE_TOKEN_RE.test(normalized)) {
27
+ throw new Error(`agent recognition proof: ${field} ${JSON.stringify(normalized)} is not canonical`);
28
+ }
29
+ return normalized;
30
+ }
31
+ function requestBodyBytes(body) {
32
+ if (body instanceof Uint8Array) {
33
+ return body;
34
+ }
35
+ return new TextEncoder().encode(JSON.stringify(body));
36
+ }
37
+ /** Canonicalize request metadata that recognition proofs bind to. */
38
+ export function newAgentRecognitionRequestEnvelope(method, path, body) {
39
+ const normalizedMethod = method.trim().toUpperCase();
40
+ const normalizedPath = path.trim() || "/";
41
+ if (!normalizedMethod) {
42
+ throw new Error("agent recognition proof: request_envelope.method is required");
43
+ }
44
+ if (!normalizedPath.startsWith("/")) {
45
+ throw new Error('agent recognition proof: request_envelope.path must begin with "/"');
46
+ }
47
+ return {
48
+ method: normalizedMethod,
49
+ path: normalizedPath,
50
+ bodyDigestSha256Hex: sha256Hex(requestBodyBytes(body)),
51
+ };
52
+ }
53
+ function marshalCanonicalAgentRecognitionProof(proof) {
54
+ const payload = {
55
+ schema_version: proof.schemaVersion,
56
+ kind: proof.kind,
57
+ key_id: proof.keyId,
58
+ signature_algorithm: proof.signatureAlgorithm,
59
+ issued_at: proof.issuedAt,
60
+ expires_at: proof.expiresAt,
61
+ nonce: proof.nonce,
62
+ purpose: proof.purpose,
63
+ verifier_context: {
64
+ tenant_id: proof.verifierContext.tenantId,
65
+ verifier_id: proof.verifierContext.verifierId,
66
+ },
67
+ request_envelope: {
68
+ method: proof.requestEnvelope.method,
69
+ path: proof.requestEnvelope.path,
70
+ body_digest_sha256_hex: proof.requestEnvelope.bodyDigestSha256Hex,
71
+ },
72
+ };
73
+ return new TextEncoder().encode(JSON.stringify(payload));
74
+ }
75
+ function normalizeRecognitionProof(params) {
76
+ const tenantId = params.tenantId.trim();
77
+ if (!tenantId) {
78
+ throw new Error("agent recognition proof: verifier_context.tenant_id is required");
79
+ }
80
+ const issuedAt = params.issuedAt ?? new Date(Date.now() - 60_000);
81
+ const expiresAt = params.expiresAt ?? new Date(issuedAt.getTime() + 4 * 60_000);
82
+ const issuedAtUtc = new Date(issuedAt.toISOString());
83
+ const expiresAtUtc = new Date(expiresAt.toISOString());
84
+ if (expiresAtUtc.getTime() <= issuedAtUtc.getTime()) {
85
+ throw new Error("agent recognition proof: expires_at must be after issued_at");
86
+ }
87
+ if (expiresAtUtc.getTime() - issuedAtUtc.getTime() > AGENT_RECOGNITION_MAX_FRESHNESS_MS) {
88
+ throw new Error("agent recognition proof: freshness window must not exceed 10m0s");
89
+ }
90
+ const nonce = params.nonce?.trim();
91
+ if (!nonce) {
92
+ throw new Error("agent recognition proof: nonce is required");
93
+ }
94
+ if (nonce.length > 256) {
95
+ throw new Error("agent recognition proof: nonce must be 256 bytes or fewer");
96
+ }
97
+ const requestEnvelope = newAgentRecognitionRequestEnvelope(params.method, params.path, params.body);
98
+ if (!HEX64_RE.test(requestEnvelope.bodyDigestSha256Hex)) {
99
+ throw new Error("agent recognition proof: request_envelope.body_digest_sha256_hex must be a lowercase 64-byte hex SHA-256 digest");
100
+ }
101
+ return {
102
+ schemaVersion: AGENT_RECOGNITION_PROOF_SCHEMA_VERSION,
103
+ kind: AGENT_RECOGNITION_PROOF_KIND_V1,
104
+ keyId: normalizeScopeToken(params.keyId, "key_id"),
105
+ signatureAlgorithm: AGENT_RECOGNITION_SIGNATURE_ALGORITHM_ED25519,
106
+ issuedAt: formatRfc3339Seconds(issuedAtUtc),
107
+ expiresAt: formatRfc3339Seconds(expiresAtUtc),
108
+ nonce,
109
+ purpose: normalizeScopeToken(params.purpose, "purpose"),
110
+ verifierContext: {
111
+ tenantId,
112
+ verifierId: normalizeScopeToken(params.verifierId ?? AGENT_RECOGNITION_GATEWAY_VERIFIER_ID, "verifier_context.verifier_id"),
113
+ },
114
+ requestEnvelope,
115
+ };
116
+ }
117
+ /** Validate, canonicalize, and sign a replay-safe `AgentRecognitionProofV1`. */
118
+ export function signAgentRecognitionProofV1(signingSeed, params) {
119
+ if (signingSeed.length !== 32) {
120
+ throw new Error("agent recognition proof: signing key must be an ed25519 private key");
121
+ }
122
+ ensureEd25519Sha512Sync();
123
+ const normalized = normalizeRecognitionProof({
124
+ ...params,
125
+ nonce: params.nonce?.trim() || randomUUID(),
126
+ });
127
+ const canonical = marshalCanonicalAgentRecognitionProof(normalized);
128
+ const digest = sha256Hex(canonical);
129
+ const digestBytes = createHash("sha256").update(canonical).digest();
130
+ const signature = sign(digestBytes, signingSeed);
131
+ const publicKey = getPublicKey(signingSeed);
132
+ return {
133
+ schema_version: normalized.schemaVersion,
134
+ kind: normalized.kind,
135
+ key_id: normalized.keyId,
136
+ signature_algorithm: normalized.signatureAlgorithm,
137
+ issued_at: normalized.issuedAt,
138
+ expires_at: normalized.expiresAt,
139
+ nonce: normalized.nonce,
140
+ purpose: normalized.purpose,
141
+ verifier_context: {
142
+ tenant_id: normalized.verifierContext.tenantId,
143
+ verifier_id: normalized.verifierContext.verifierId,
144
+ },
145
+ request_envelope: {
146
+ method: normalized.requestEnvelope.method,
147
+ path: normalized.requestEnvelope.path,
148
+ body_digest_sha256_hex: normalized.requestEnvelope.bodyDigestSha256Hex,
149
+ },
150
+ message_digest_sha256_hex: digest,
151
+ signing_public_key_ed25519_hex: bytesToHex(publicKey),
152
+ ed25519_signature_hex: bytesToHex(signature),
153
+ };
154
+ }
155
+ /** Build a recognition proof for Gateway `POST /harbor/intents/{intentId}/evidence`. */
156
+ export function signHarborEvidenceSubmitRecognitionProof(input) {
157
+ return signAgentRecognitionProofV1(input.signingSeed, {
158
+ keyId: input.keyId,
159
+ purpose: AGENT_RECOGNITION_PURPOSE_EVIDENCE_SUBMIT,
160
+ tenantId: input.tenantId,
161
+ method: "POST",
162
+ path: `/harbor/intents/${input.intentId}/evidence`,
163
+ body: input.evidenceBody,
164
+ });
165
+ }
@@ -0,0 +1,18 @@
1
+ /**
2
+ * bincode 2 `config::standard()` serde wire helpers.
3
+ * Matches `crates/paybond-evidence/src/wire.rs` (`encode_wire`).
4
+ */
5
+ /** Signed payload revision for evidence binding (`EvidenceSignV1.version`). */
6
+ export declare const EVIDENCE_SIGN_VERSION = 2;
7
+ /** Completion contract tail revision (`CompletionContractSignV1.version`). */
8
+ export declare const COMPLETION_CONTRACT_SIGN_VERSION = 2;
9
+ export declare function concatBytes(...parts: Uint8Array[]): Uint8Array;
10
+ /** bincode 2 standard unsigned varint (little-endian multi-byte tails). */
11
+ export declare function encodeVarintU64(value: bigint): Uint8Array;
12
+ export declare function encodeVarintU32(n: number): Uint8Array;
13
+ export declare function encodeVarintI64(n: number): Uint8Array;
14
+ export declare function encodeU8(n: number): Uint8Array;
15
+ export declare function encodeBincodeString(s: string): Uint8Array;
16
+ /** UUID serializes as varint-prefixed 16 raw bytes under bincode 2 serde. */
17
+ export declare function encodeBincodeUuid(intentId: string): Uint8Array;
18
+ export declare function encodeFixed32(bytes: Uint8Array): Uint8Array;
@@ -0,0 +1,93 @@
1
+ /**
2
+ * bincode 2 `config::standard()` serde wire helpers.
3
+ * Matches `crates/paybond-evidence/src/wire.rs` (`encode_wire`).
4
+ */
5
+ import { parse as parseUuid } from "uuid";
6
+ const SINGLE_BYTE_MAX = 250;
7
+ const U16_BYTE = 251;
8
+ const U32_BYTE = 252;
9
+ const U64_BYTE = 253;
10
+ /** Signed payload revision for evidence binding (`EvidenceSignV1.version`). */
11
+ export const EVIDENCE_SIGN_VERSION = 2;
12
+ /** Completion contract tail revision (`CompletionContractSignV1.version`). */
13
+ export const COMPLETION_CONTRACT_SIGN_VERSION = 2;
14
+ export function concatBytes(...parts) {
15
+ const n = parts.reduce((a, p) => a + p.length, 0);
16
+ const out = new Uint8Array(n);
17
+ let o = 0;
18
+ for (const p of parts) {
19
+ out.set(p, o);
20
+ o += p.length;
21
+ }
22
+ return out;
23
+ }
24
+ function zigzagU64(n) {
25
+ if (n < 0n) {
26
+ return BigInt.asUintN(64, ~n) * 2n + 1n;
27
+ }
28
+ return n * 2n;
29
+ }
30
+ /** bincode 2 standard unsigned varint (little-endian multi-byte tails). */
31
+ export function encodeVarintU64(value) {
32
+ if (value < 0n) {
33
+ throw new Error("encodeVarintU64: expected non-negative value");
34
+ }
35
+ if (value <= BigInt(SINGLE_BYTE_MAX)) {
36
+ return new Uint8Array([Number(value)]);
37
+ }
38
+ if (value <= 65535n) {
39
+ const out = new Uint8Array(3);
40
+ out[0] = U16_BYTE;
41
+ new DataView(out.buffer).setUint16(1, Number(value), true);
42
+ return out;
43
+ }
44
+ if (value <= 4294967295n) {
45
+ const out = new Uint8Array(5);
46
+ out[0] = U32_BYTE;
47
+ new DataView(out.buffer).setUint32(1, Number(value), true);
48
+ return out;
49
+ }
50
+ if (value <= 18446744073709551615n) {
51
+ const out = new Uint8Array(9);
52
+ out[0] = U64_BYTE;
53
+ new DataView(out.buffer).setBigUint64(1, value, true);
54
+ return out;
55
+ }
56
+ throw new Error("encodeVarintU64: value exceeds u64 range");
57
+ }
58
+ export function encodeVarintU32(n) {
59
+ if (!Number.isInteger(n) || n < 0) {
60
+ throw new Error("encodeVarintU32: expected non-negative integer");
61
+ }
62
+ return encodeVarintU64(BigInt(n));
63
+ }
64
+ export function encodeVarintI64(n) {
65
+ if (!Number.isInteger(n)) {
66
+ throw new Error("encodeVarintI64: expected integer");
67
+ }
68
+ return encodeVarintU64(zigzagU64(BigInt(n)));
69
+ }
70
+ export function encodeU8(n) {
71
+ if (!Number.isInteger(n) || n < 0 || n > 255) {
72
+ throw new Error("encodeU8: expected u8");
73
+ }
74
+ return new Uint8Array([n]);
75
+ }
76
+ export function encodeBincodeString(s) {
77
+ const utf8 = new TextEncoder().encode(s);
78
+ return concatBytes(encodeVarintU64(BigInt(utf8.length)), utf8);
79
+ }
80
+ /** UUID serializes as varint-prefixed 16 raw bytes under bincode 2 serde. */
81
+ export function encodeBincodeUuid(intentId) {
82
+ const intentBytes = parseUuid(intentId);
83
+ if (intentBytes.length !== 16) {
84
+ throw new Error("intentId must be a UUID string");
85
+ }
86
+ return concatBytes(encodeVarintU64(16n), intentBytes);
87
+ }
88
+ export function encodeFixed32(bytes) {
89
+ if (bytes.length !== 32) {
90
+ throw new Error("encodeFixed32: expected 32 bytes");
91
+ }
92
+ return bytes;
93
+ }
@@ -0,0 +1,21 @@
1
+ import { createSdkMcpServer, type SdkMcpToolDefinition } from "@anthropic-ai/claude-agent-sdk";
2
+ import type { PaybondAgentRun } from "../agent/run.js";
3
+ /** Pre-built SDK tool from `tool()` in `@anthropic-ai/claude-agent-sdk`. */
4
+ export type ClaudeAgentSdkTool = SdkMcpToolDefinition;
5
+ export type PaybondClaudeAgentsConfigOptions = {
6
+ /** MCP server name; defaults to `"paybond"`. */
7
+ serverName?: string;
8
+ /** Optional version passed to `createSdkMcpServer`. */
9
+ serverVersion?: string;
10
+ };
11
+ export type ClaudeAgentsConfig = {
12
+ mcpServer: ReturnType<typeof createSdkMcpServer>;
13
+ allowedTools: string[];
14
+ /** Same tool array as input — side-effecting handlers are wrapped in-place. */
15
+ agentTools: ClaudeAgentSdkTool[];
16
+ };
17
+ /**
18
+ * Wrap Claude Agent SDK `tool()` handlers with Paybond middleware and bundle them
19
+ * into an in-process MCP server for `query({ options: { mcpServers, allowedTools } })`.
20
+ */
21
+ export declare function createPaybondClaudeAgentsConfig(run: PaybondAgentRun, tools: ClaudeAgentSdkTool[], options?: PaybondClaudeAgentsConfigOptions): ClaudeAgentsConfig;
@@ -0,0 +1,145 @@
1
+ import { createSdkMcpServer, } from "@anthropic-ai/claude-agent-sdk";
2
+ import { PaybondAutoEvidenceSubmitError, PaybondUnregisteredSideEffectingToolError, } from "../agent/types.js";
3
+ import { PaybondSpendApprovalRequiredError, PaybondSpendDeniedError, } from "../index.js";
4
+ function claudeMcpAllowedToolName(serverName, toolName) {
5
+ return `mcp__${serverName}__${toolName}`;
6
+ }
7
+ function resolveClaudeToolCallId(extra) {
8
+ if (typeof extra === "object" && extra !== null) {
9
+ const record = extra;
10
+ for (const key of ["toolUseID", "tool_use_id", "toolCallId", "tool_call_id", "id"]) {
11
+ const value = record[key];
12
+ if (typeof value === "string" && value.trim()) {
13
+ return value.trim();
14
+ }
15
+ }
16
+ }
17
+ return globalThis.crypto.randomUUID();
18
+ }
19
+ function extractCallToolResultPayload(result) {
20
+ if (result.structuredContent && typeof result.structuredContent === "object") {
21
+ return result.structuredContent;
22
+ }
23
+ for (const block of result.content) {
24
+ if (block.type !== "text") {
25
+ continue;
26
+ }
27
+ const text = "text" in block && typeof block.text === "string" ? block.text.trim() : "";
28
+ if (!text) {
29
+ continue;
30
+ }
31
+ try {
32
+ return JSON.parse(text);
33
+ }
34
+ catch {
35
+ return { text };
36
+ }
37
+ }
38
+ return result;
39
+ }
40
+ function toCallToolResult(payload) {
41
+ if (typeof payload === "object" && payload !== null && "content" in payload) {
42
+ return payload;
43
+ }
44
+ if (typeof payload === "string") {
45
+ return { content: [{ type: "text", text: payload }] };
46
+ }
47
+ if (payload === undefined || payload === null) {
48
+ return { content: [{ type: "text", text: "" }] };
49
+ }
50
+ if (typeof payload === "object") {
51
+ return {
52
+ content: [{ type: "text", text: JSON.stringify(payload) }],
53
+ structuredContent: payload,
54
+ };
55
+ }
56
+ return { content: [{ type: "text", text: String(payload) }] };
57
+ }
58
+ function paybondErrorCallToolResult(message) {
59
+ return {
60
+ content: [{ type: "text", text: message }],
61
+ isError: true,
62
+ };
63
+ }
64
+ function assertClaudeAgentSdkTools(tools) {
65
+ if (!Array.isArray(tools)) {
66
+ throw new TypeError("claude-agents framework tools must be an array of SDK tool() definitions");
67
+ }
68
+ for (const tool of tools) {
69
+ if (typeof tool !== "object" || tool === null) {
70
+ throw new TypeError("each claude-agents tool must be an SDK tool() definition");
71
+ }
72
+ const record = tool;
73
+ if (typeof record.name !== "string" || !record.name.trim()) {
74
+ throw new TypeError("each claude-agents tool must have a non-empty name");
75
+ }
76
+ if (typeof record.handler !== "function") {
77
+ throw new TypeError("each claude-agents tool must have a handler function");
78
+ }
79
+ }
80
+ return tools;
81
+ }
82
+ function wrapClaudeAgentSdkTool(run, sdkTool) {
83
+ if (!run.registry.isSideEffecting(sdkTool.name)) {
84
+ return sdkTool;
85
+ }
86
+ const originalHandler = sdkTool.handler.bind(sdkTool);
87
+ const mutableTool = sdkTool;
88
+ mutableTool.handler = async (args, extra) => {
89
+ const toolCallId = resolveClaudeToolCallId(extra);
90
+ try {
91
+ const wrapped = await run.interceptor.wrapExecute({
92
+ toolName: sdkTool.name,
93
+ toolCallId,
94
+ arguments: args,
95
+ approvalToken: run.getApprovalToken(toolCallId),
96
+ execute: async () => {
97
+ const mcpResult = await originalHandler(args, extra);
98
+ return extractCallToolResultPayload(mcpResult);
99
+ },
100
+ });
101
+ return toCallToolResult(wrapped.toolResult);
102
+ }
103
+ catch (err) {
104
+ if (err instanceof PaybondUnregisteredSideEffectingToolError) {
105
+ return paybondErrorCallToolResult(`Paybond capability denied: unregistered side-effecting tool (${err.message})`);
106
+ }
107
+ if (err instanceof PaybondSpendApprovalRequiredError) {
108
+ const decisionId = err.result.decisionId;
109
+ const suffix = decisionId ? ` (decision_id=${decisionId})` : "";
110
+ const msg = err.result.message ?? err.result.code ?? "approval required";
111
+ return paybondErrorCallToolResult(`Paybond capability approval required: ${msg}${suffix}`);
112
+ }
113
+ if (err instanceof PaybondSpendDeniedError) {
114
+ const msg = err.result.message ?? err.result.code ?? "capability denied";
115
+ return paybondErrorCallToolResult(`Paybond capability denied: ${msg}`);
116
+ }
117
+ if (err instanceof PaybondAutoEvidenceSubmitError) {
118
+ return paybondErrorCallToolResult(`Paybond evidence submit failed: ${err.message}`);
119
+ }
120
+ throw err;
121
+ }
122
+ };
123
+ return sdkTool;
124
+ }
125
+ /**
126
+ * Wrap Claude Agent SDK `tool()` handlers with Paybond middleware and bundle them
127
+ * into an in-process MCP server for `query({ options: { mcpServers, allowedTools } })`.
128
+ */
129
+ export function createPaybondClaudeAgentsConfig(run, tools, options) {
130
+ const sdkTools = assertClaudeAgentSdkTools(tools);
131
+ const serverName = options?.serverName?.trim() || "paybond";
132
+ for (const sdkTool of sdkTools) {
133
+ wrapClaudeAgentSdkTool(run, sdkTool);
134
+ }
135
+ const mcpServer = createSdkMcpServer({
136
+ name: serverName,
137
+ ...(options?.serverVersion ? { version: options.serverVersion } : {}),
138
+ tools: sdkTools,
139
+ });
140
+ return {
141
+ mcpServer,
142
+ allowedTools: sdkTools.map((sdkTool) => claudeMcpAllowedToolName(serverName, sdkTool.name)),
143
+ agentTools: sdkTools,
144
+ };
145
+ }
@@ -0,0 +1,2 @@
1
+ export { createPaybondClaudeAgentsConfig, type ClaudeAgentSdkTool, type ClaudeAgentsConfig, type PaybondClaudeAgentsConfigOptions, } from "./config.js";
2
+ export { runClaudeAgentsSandboxDemo, type RunClaudeAgentsSandboxDemoInput, type RunClaudeAgentsSandboxDemoResult, } from "./sandbox-demo.js";
@@ -0,0 +1,2 @@
1
+ export { createPaybondClaudeAgentsConfig, } from "./config.js";
2
+ export { runClaudeAgentsSandboxDemo, } from "./sandbox-demo.js";
@@ -0,0 +1,30 @@
1
+ import type { Paybond } from "../index.js";
2
+ export type RunClaudeAgentsSandboxDemoInput = {
3
+ paybond: Paybond;
4
+ operation?: string;
5
+ requestedSpendCents?: number;
6
+ evidencePreset?: string;
7
+ toolCallId?: string;
8
+ };
9
+ export type RunClaudeAgentsSandboxDemoResult = {
10
+ bind: {
11
+ run_id: string;
12
+ tenant_id: string;
13
+ intent_id: string;
14
+ capability_token: string;
15
+ operation: string;
16
+ sandbox_lifecycle_status?: string;
17
+ };
18
+ allowed_tools: string[];
19
+ tool_result?: unknown;
20
+ evidence: {
21
+ submitted: boolean;
22
+ sandbox_lifecycle_status?: string;
23
+ predicate_passed?: boolean | null;
24
+ };
25
+ };
26
+ /**
27
+ * No-LLM Claude Agent SDK sandbox demo: wrapped in-process MCP tool handlers +
28
+ * auto-evidence.
29
+ */
30
+ export declare function runClaudeAgentsSandboxDemo(input: RunClaudeAgentsSandboxDemoInput): Promise<RunClaudeAgentsSandboxDemoResult>;
@@ -0,0 +1,91 @@
1
+ import { tool } from "@anthropic-ai/claude-agent-sdk";
2
+ import { z } from "zod";
3
+ import { createPaybondToolRegistry } from "../agent/registry.js";
4
+ import { createPaybondClaudeAgentsConfig } from "./config.js";
5
+ /**
6
+ * No-LLM Claude Agent SDK sandbox demo: wrapped in-process MCP tool handlers +
7
+ * auto-evidence.
8
+ */
9
+ export async function runClaudeAgentsSandboxDemo(input) {
10
+ const operation = (input.operation ?? "paid-tool").trim();
11
+ const requestedSpendCents = input.requestedSpendCents ?? 100;
12
+ const evidencePreset = (input.evidencePreset ?? "cost_and_completion").trim();
13
+ const toolCallId = (input.toolCallId ?? "claude-demo-1").trim();
14
+ const registry = createPaybondToolRegistry({
15
+ defaultDeny: true,
16
+ sideEffecting: {
17
+ [operation]: {
18
+ operation,
19
+ evidencePreset,
20
+ spendCents: requestedSpendCents,
21
+ evidenceMapper: (result) => {
22
+ const payload = result;
23
+ return {
24
+ status: payload.status,
25
+ cost_cents: payload.cost_cents,
26
+ };
27
+ },
28
+ },
29
+ },
30
+ });
31
+ const run = await input.paybond.agentRun.bind({
32
+ bootstrap: {
33
+ kind: "sandbox",
34
+ operation,
35
+ requestedSpendCents,
36
+ completionPreset: evidencePreset,
37
+ },
38
+ registry,
39
+ });
40
+ const sdkTools = [
41
+ tool(operation, `Paid operation ${operation}`, { estimatedPriceCents: z.number().int().nonnegative() }, async (args) => ({
42
+ content: [
43
+ {
44
+ type: "text",
45
+ text: JSON.stringify({
46
+ status: "completed",
47
+ cost_cents: args.estimatedPriceCents,
48
+ }),
49
+ },
50
+ ],
51
+ structuredContent: {
52
+ status: "completed",
53
+ cost_cents: args.estimatedPriceCents,
54
+ },
55
+ })),
56
+ ];
57
+ const config = createPaybondClaudeAgentsConfig(run, sdkTools);
58
+ const paidTool = config.agentTools[0];
59
+ if (!paidTool) {
60
+ throw new Error("claude-agents sandbox demo missing paid tool");
61
+ }
62
+ const mcpResult = await paidTool.handler({ estimatedPriceCents: requestedSpendCents }, { toolUseID: toolCallId });
63
+ const sandboxStatus = run.binding.sandbox?.sandboxLifecycleStatus;
64
+ const structured = typeof mcpResult === "object" &&
65
+ mcpResult !== null &&
66
+ "structuredContent" in mcpResult &&
67
+ typeof mcpResult.structuredContent === "object"
68
+ ? mcpResult.structuredContent
69
+ : undefined;
70
+ const isError = typeof mcpResult === "object" &&
71
+ mcpResult !== null &&
72
+ "isError" in mcpResult &&
73
+ Boolean(mcpResult.isError);
74
+ return {
75
+ bind: {
76
+ run_id: run.runId,
77
+ tenant_id: run.tenantId,
78
+ intent_id: run.intentId,
79
+ capability_token: run.capabilityToken,
80
+ operation,
81
+ sandbox_lifecycle_status: sandboxStatus,
82
+ },
83
+ allowed_tools: config.allowedTools,
84
+ tool_result: structured,
85
+ evidence: {
86
+ submitted: !isError,
87
+ sandbox_lifecycle_status: sandboxStatus,
88
+ predicate_passed: !isError ? true : null,
89
+ },
90
+ };
91
+ }
@@ -0,0 +1 @@
1
+ export declare function quoteEnvValue(value: string): string;
@@ -0,0 +1,6 @@
1
+ export function quoteEnvValue(value) {
2
+ if (/^[A-Za-z0-9_./:@+-]+$/.test(value)) {
3
+ return value;
4
+ }
5
+ return JSON.stringify(value);
6
+ }
@@ -0,0 +1,8 @@
1
+ export type AgentEnvWriteInput = {
2
+ envFile: string;
3
+ cwd: string;
4
+ intentId: string;
5
+ capabilityToken: string;
6
+ runId: string;
7
+ };
8
+ export declare function appendAgentRunEnvVars(input: AgentEnvWriteInput): Promise<string>;