@paybond/kit 0.10.0 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (346) hide show
  1. package/README.md +59 -15
  2. package/completion-presets/catalog.json +1187 -0
  3. package/completion-presets/catalog.sha256 +1 -0
  4. package/dev/trace-ui/dashboard.html +617 -0
  5. package/dist/agent/adapter.d.ts +51 -0
  6. package/dist/agent/adapter.js +66 -0
  7. package/dist/agent/attach-bundle.d.ts +37 -0
  8. package/dist/agent/attach-bundle.js +118 -0
  9. package/dist/agent/authorization-cache.d.ts +22 -0
  10. package/dist/agent/authorization-cache.js +36 -0
  11. package/dist/agent/deferred-tools.d.ts +11 -0
  12. package/dist/agent/deferred-tools.js +62 -0
  13. package/dist/agent/discover.d.ts +41 -0
  14. package/dist/agent/discover.js +147 -0
  15. package/dist/agent/evidence.d.ts +9 -0
  16. package/dist/agent/evidence.js +28 -0
  17. package/dist/agent/facade.d.ts +48 -0
  18. package/dist/agent/facade.js +112 -0
  19. package/dist/agent/gateway-trace-reporter.d.ts +28 -0
  20. package/dist/agent/gateway-trace-reporter.js +49 -0
  21. package/dist/agent/generic-runner.d.ts +14 -0
  22. package/dist/agent/generic-runner.js +49 -0
  23. package/dist/agent/generic-sandbox-demo.d.ts +36 -0
  24. package/dist/agent/generic-sandbox-demo.js +82 -0
  25. package/dist/agent/guarded-agent.d.ts +49 -0
  26. package/dist/agent/guarded-agent.js +100 -0
  27. package/dist/agent/index.d.ts +13 -0
  28. package/dist/agent/index.js +13 -0
  29. package/dist/agent/instrument.d.ts +156 -0
  30. package/dist/agent/instrument.js +442 -0
  31. package/dist/agent/interceptor.d.ts +24 -0
  32. package/dist/agent/interceptor.js +440 -0
  33. package/dist/agent/lazy-context-tools.d.ts +15 -0
  34. package/dist/agent/lazy-context-tools.js +81 -0
  35. package/dist/agent/registry-file.d.ts +39 -0
  36. package/dist/agent/registry-file.js +219 -0
  37. package/dist/agent/registry.d.ts +37 -0
  38. package/dist/agent/registry.js +128 -0
  39. package/dist/agent/run.d.ts +124 -0
  40. package/dist/agent/run.js +301 -0
  41. package/dist/agent/types.d.ts +318 -0
  42. package/dist/agent/types.js +42 -0
  43. package/dist/agent-recognition.d.ts +72 -0
  44. package/dist/agent-recognition.js +165 -0
  45. package/dist/bincode-wire.d.ts +18 -0
  46. package/dist/bincode-wire.js +93 -0
  47. package/dist/claude-agents/config.d.ts +21 -0
  48. package/dist/claude-agents/config.js +145 -0
  49. package/dist/claude-agents/index.d.ts +2 -0
  50. package/dist/claude-agents/index.js +2 -0
  51. package/dist/claude-agents/sandbox-demo.d.ts +30 -0
  52. package/dist/claude-agents/sandbox-demo.js +91 -0
  53. package/dist/cli/agent/demo-loaders.d.ts +4 -0
  54. package/dist/cli/agent/demo-loaders.js +66 -0
  55. package/dist/cli/agent/env-quote.d.ts +1 -0
  56. package/dist/cli/agent/env-quote.js +6 -0
  57. package/dist/cli/agent/env-write.d.ts +8 -0
  58. package/dist/cli/agent/env-write.js +47 -0
  59. package/dist/cli/agent/paybond.d.ts +16 -0
  60. package/dist/cli/agent/paybond.js +55 -0
  61. package/dist/cli/agent/policy-file.d.ts +29 -0
  62. package/dist/cli/agent/policy-file.js +61 -0
  63. package/dist/cli/agent/production-evidence.d.ts +24 -0
  64. package/dist/cli/agent/production-evidence.js +98 -0
  65. package/dist/cli/agent/run-store.d.ts +30 -0
  66. package/dist/cli/agent/run-store.js +42 -0
  67. package/dist/cli/agent/run-trace-store.d.ts +39 -0
  68. package/dist/cli/agent/run-trace-store.js +143 -0
  69. package/dist/cli/agent-run-trace-table.d.ts +9 -0
  70. package/dist/cli/agent-run-trace-table.js +24 -0
  71. package/dist/cli/agent-sandbox-smoke-checklist.d.ts +9 -0
  72. package/dist/cli/agent-sandbox-smoke-checklist.js +50 -0
  73. package/dist/cli/command-spec.d.ts +1 -0
  74. package/dist/cli/command-spec.js +286 -5
  75. package/dist/cli/commands/agent.d.ts +16 -0
  76. package/dist/cli/commands/agent.js +1136 -0
  77. package/dist/cli/commands/dev.d.ts +7 -0
  78. package/dist/cli/commands/dev.js +348 -0
  79. package/dist/cli/commands/discovery.js +3 -3
  80. package/dist/cli/commands/policy.d.ts +13 -0
  81. package/dist/cli/commands/policy.js +769 -0
  82. package/dist/cli/commands/setup.d.ts +3 -0
  83. package/dist/cli/commands/setup.js +124 -8
  84. package/dist/cli/commands/workflows.js +9 -4
  85. package/dist/cli/config.d.ts +2 -0
  86. package/dist/cli/config.js +4 -2
  87. package/dist/cli/context.js +2 -1
  88. package/dist/cli/credentials.js +2 -2
  89. package/dist/cli/doctor-agent-middleware.d.ts +5 -0
  90. package/dist/cli/doctor-agent-middleware.js +49 -0
  91. package/dist/cli/globals.d.ts +1 -0
  92. package/dist/cli/globals.js +11 -1
  93. package/dist/cli/help.d.ts +1 -1
  94. package/dist/cli/help.js +35 -3
  95. package/dist/cli/mcp-install.js +2 -2
  96. package/dist/cli/mcp-policy.d.ts +3 -0
  97. package/dist/cli/mcp-policy.js +19 -13
  98. package/dist/cli/mcp-verify-config.js +9 -11
  99. package/dist/cli/redact.js +29 -8
  100. package/dist/cli/router.js +105 -2
  101. package/dist/cli/smoke-deep-links.d.ts +15 -0
  102. package/dist/cli/smoke-deep-links.js +63 -0
  103. package/dist/cli/telemetry.d.ts +17 -0
  104. package/dist/cli/telemetry.js +94 -0
  105. package/dist/completion-catalog-digest.d.ts +2 -0
  106. package/dist/completion-catalog-digest.js +2 -0
  107. package/dist/completion-catalog-integrity.d.ts +2 -0
  108. package/dist/completion-catalog-integrity.js +17 -0
  109. package/dist/completion-catalog.d.ts +49 -0
  110. package/dist/completion-catalog.js +62 -0
  111. package/dist/completion-contract-digest.d.ts +37 -0
  112. package/dist/completion-contract-digest.js +73 -0
  113. package/dist/completion-forbidden-fields.d.ts +5 -0
  114. package/dist/completion-forbidden-fields.js +26 -0
  115. package/dist/completion-init.d.ts +8 -0
  116. package/dist/completion-init.js +334 -0
  117. package/dist/completion-resolve.d.ts +21 -0
  118. package/dist/completion-resolve.js +86 -0
  119. package/dist/completion-validate-evidence.d.ts +24 -0
  120. package/dist/completion-validate-evidence.js +145 -0
  121. package/dist/dev/offline-gateway.d.ts +24 -0
  122. package/dist/dev/offline-gateway.js +102 -0
  123. package/dist/dev/trace-buffer.d.ts +61 -0
  124. package/dist/dev/trace-buffer.js +330 -0
  125. package/dist/dev/trace-security-headers.d.ts +11 -0
  126. package/dist/dev/trace-security-headers.js +16 -0
  127. package/dist/dev/trace-server.d.ts +8 -0
  128. package/dist/dev/trace-server.js +38 -0
  129. package/dist/dev/trace-ui.d.ts +4 -0
  130. package/dist/dev/trace-ui.js +25 -0
  131. package/dist/dev/wiremock-up.d.ts +15 -0
  132. package/dist/dev/wiremock-up.js +118 -0
  133. package/dist/doctor-completion.d.ts +17 -0
  134. package/dist/doctor-completion.js +428 -0
  135. package/dist/gateway-url.d.ts +7 -0
  136. package/dist/gateway-url.js +69 -0
  137. package/dist/index.d.ts +119 -2
  138. package/dist/index.js +267 -6
  139. package/dist/init.js +374 -57
  140. package/dist/langgraph/awrap-tool-call.d.ts +25 -0
  141. package/dist/langgraph/awrap-tool-call.js +81 -0
  142. package/dist/langgraph/config.d.ts +13 -0
  143. package/dist/langgraph/config.js +11 -0
  144. package/dist/langgraph/index.d.ts +4 -0
  145. package/dist/langgraph/index.js +4 -0
  146. package/dist/langgraph/sandbox-demo.d.ts +40 -0
  147. package/dist/langgraph/sandbox-demo.js +96 -0
  148. package/dist/langgraph/tool-node.d.ts +10 -0
  149. package/dist/langgraph/tool-node.js +38 -0
  150. package/dist/login.js +7 -0
  151. package/dist/mcp/index.d.ts +1 -0
  152. package/dist/mcp/index.js +1 -0
  153. package/dist/mcp/tool-surface.d.ts +25 -0
  154. package/dist/mcp/tool-surface.js +17 -0
  155. package/dist/mcp-capability-token-cache.d.ts +24 -0
  156. package/dist/mcp-capability-token-cache.js +101 -0
  157. package/dist/mcp-evidence-policy.d.ts +48 -0
  158. package/dist/mcp-evidence-policy.js +117 -0
  159. package/dist/mcp-policy-reload.d.ts +79 -0
  160. package/dist/mcp-policy-reload.js +200 -0
  161. package/dist/mcp-sep2828-evidence.d.ts +36 -0
  162. package/dist/mcp-sep2828-evidence.js +65 -0
  163. package/dist/mcp-server.d.ts +6 -0
  164. package/dist/mcp-server.js +224 -44
  165. package/dist/openai-agents/index.d.ts +40 -0
  166. package/dist/openai-agents/index.js +151 -0
  167. package/dist/openai-agents/sandbox-demo.d.ts +34 -0
  168. package/dist/openai-agents/sandbox-demo.js +118 -0
  169. package/dist/payee-evidence.js +2 -29
  170. package/dist/policy/catalog.d.ts +31 -0
  171. package/dist/policy/catalog.js +48 -0
  172. package/dist/policy/compose-utils.d.ts +3 -0
  173. package/dist/policy/compose-utils.js +4 -0
  174. package/dist/policy/compose.d.ts +20 -0
  175. package/dist/policy/compose.js +240 -0
  176. package/dist/policy/digest.d.ts +7 -0
  177. package/dist/policy/digest.js +75 -0
  178. package/dist/policy/domain.d.ts +15 -0
  179. package/dist/policy/domain.js +28 -0
  180. package/dist/policy/guardrail-spec.d.ts +17 -0
  181. package/dist/policy/guardrail-spec.js +140 -0
  182. package/dist/policy/guardrails.d.ts +48 -0
  183. package/dist/policy/guardrails.js +72 -0
  184. package/dist/policy/index.d.ts +21 -0
  185. package/dist/policy/index.js +21 -0
  186. package/dist/policy/init.d.ts +102 -0
  187. package/dist/policy/init.js +351 -0
  188. package/dist/policy/intent-spec.d.ts +52 -0
  189. package/dist/policy/intent-spec.js +176 -0
  190. package/dist/policy/json-path.d.ts +4 -0
  191. package/dist/policy/json-path.js +23 -0
  192. package/dist/policy/layers-io.d.ts +7 -0
  193. package/dist/policy/layers-io.js +28 -0
  194. package/dist/policy/load-effective.d.ts +22 -0
  195. package/dist/policy/load-effective.js +77 -0
  196. package/dist/policy/load.d.ts +85 -0
  197. package/dist/policy/load.js +164 -0
  198. package/dist/policy/merge.d.ts +29 -0
  199. package/dist/policy/merge.js +297 -0
  200. package/dist/policy/parse-text.d.ts +2 -0
  201. package/dist/policy/parse-text.js +126 -0
  202. package/dist/policy/policy-api.d.ts +45 -0
  203. package/dist/policy/policy-api.js +61 -0
  204. package/dist/policy/presets.d.ts +19 -0
  205. package/dist/policy/presets.js +66 -0
  206. package/dist/policy/registry.d.ts +7 -0
  207. package/dist/policy/registry.js +33 -0
  208. package/dist/policy/reload.d.ts +86 -0
  209. package/dist/policy/reload.js +233 -0
  210. package/dist/policy/render-yaml.d.ts +3 -0
  211. package/dist/policy/render-yaml.js +69 -0
  212. package/dist/policy/sandbox-bootstrap.d.ts +19 -0
  213. package/dist/policy/sandbox-bootstrap.js +66 -0
  214. package/dist/policy/schema.d.ts +204 -0
  215. package/dist/policy/schema.js +255 -0
  216. package/dist/policy/snapshot.d.ts +33 -0
  217. package/dist/policy/snapshot.js +23 -0
  218. package/dist/policy/validate-remote.d.ts +43 -0
  219. package/dist/policy/validate-remote.js +104 -0
  220. package/dist/policy/validate.d.ts +36 -0
  221. package/dist/policy/validate.js +150 -0
  222. package/dist/policy/watcher.d.ts +29 -0
  223. package/dist/policy/watcher.js +112 -0
  224. package/dist/principal-intent.d.ts +52 -0
  225. package/dist/principal-intent.js +193 -37
  226. package/dist/project-init.d.ts +34 -0
  227. package/dist/project-init.js +898 -0
  228. package/dist/sep2828-signature.d.ts +10 -0
  229. package/dist/sep2828-signature.js +134 -0
  230. package/dist/solutions/api.d.ts +22 -0
  231. package/dist/solutions/api.js +40 -0
  232. package/dist/solutions/catalog.d.ts +34 -0
  233. package/dist/solutions/catalog.js +129 -0
  234. package/dist/solutions/index.d.ts +2 -0
  235. package/dist/solutions/index.js +2 -0
  236. package/dist/template-init.d.ts +54 -0
  237. package/dist/template-init.js +203 -0
  238. package/dist/vercel-ai/config.d.ts +15 -0
  239. package/dist/vercel-ai/config.js +13 -0
  240. package/dist/vercel-ai/index.d.ts +4 -0
  241. package/dist/vercel-ai/index.js +4 -0
  242. package/dist/vercel-ai/sandbox-demo.d.ts +44 -0
  243. package/dist/vercel-ai/sandbox-demo.js +153 -0
  244. package/dist/vercel-ai/tool-approval.d.ts +16 -0
  245. package/dist/vercel-ai/tool-approval.js +41 -0
  246. package/dist/vercel-ai/wrap-tools.d.ts +9 -0
  247. package/dist/vercel-ai/wrap-tools.js +40 -0
  248. package/dist/x402-receipt-evidence.d.ts +29 -0
  249. package/dist/x402-receipt-evidence.js +97 -0
  250. package/dist/x402-receipt-signature.d.ts +12 -0
  251. package/dist/x402-receipt-signature.js +211 -0
  252. package/package.json +75 -3
  253. package/solutions/aws.json +17 -0
  254. package/solutions/saas.json +17 -0
  255. package/solutions/shopping.json +17 -0
  256. package/solutions/travel.json +18 -0
  257. package/templates/manifest.json +169 -0
  258. package/templates/openai-shopping-agent/.env.example +3 -0
  259. package/templates/openai-shopping-agent/.github/workflows/smoke.yml +20 -0
  260. package/templates/openai-shopping-agent/LICENSE +201 -0
  261. package/templates/openai-shopping-agent/README.md +29 -0
  262. package/templates/openai-shopping-agent/package-lock.json +1525 -0
  263. package/templates/openai-shopping-agent/package.json +22 -0
  264. package/templates/openai-shopping-agent/paybond.policy.yaml +22 -0
  265. package/templates/openai-shopping-agent/src/index.ts +22 -0
  266. package/templates/openai-shopping-agent/src/paybond.config.ts +51 -0
  267. package/templates/openai-shopping-agent/tsconfig.json +13 -0
  268. package/templates/paybond-aws-operator/.env.example +3 -0
  269. package/templates/paybond-aws-operator/.github/workflows/smoke.yml +20 -0
  270. package/templates/paybond-aws-operator/LICENSE +201 -0
  271. package/templates/paybond-aws-operator/README.md +29 -0
  272. package/templates/paybond-aws-operator/package-lock.json +151 -0
  273. package/templates/paybond-aws-operator/package.json +20 -0
  274. package/templates/paybond-aws-operator/paybond.policy.yaml +22 -0
  275. package/templates/paybond-aws-operator/src/index.ts +54 -0
  276. package/templates/paybond-aws-operator/src/paybond.config.ts +51 -0
  277. package/templates/paybond-aws-operator/tsconfig.json +13 -0
  278. package/templates/paybond-claude-agents-demo/.env.example +3 -0
  279. package/templates/paybond-claude-agents-demo/.github/workflows/smoke.yml +20 -0
  280. package/templates/paybond-claude-agents-demo/LICENSE +201 -0
  281. package/templates/paybond-claude-agents-demo/README.md +29 -0
  282. package/templates/paybond-claude-agents-demo/package-lock.json +1489 -0
  283. package/templates/paybond-claude-agents-demo/package.json +22 -0
  284. package/templates/paybond-claude-agents-demo/paybond.policy.yaml +22 -0
  285. package/templates/paybond-claude-agents-demo/src/index.ts +22 -0
  286. package/templates/paybond-claude-agents-demo/src/paybond.config.ts +51 -0
  287. package/templates/paybond-claude-agents-demo/tsconfig.json +13 -0
  288. package/templates/paybond-invoice-agent/.env.example +3 -0
  289. package/templates/paybond-invoice-agent/.github/workflows/smoke.yml +19 -0
  290. package/templates/paybond-invoice-agent/LICENSE +201 -0
  291. package/templates/paybond-invoice-agent/README.md +29 -0
  292. package/templates/paybond-invoice-agent/app.py +27 -0
  293. package/templates/paybond-invoice-agent/package.json +6 -0
  294. package/templates/paybond-invoice-agent/paybond.policy.yaml +22 -0
  295. package/templates/paybond-invoice-agent/paybond_config.py +45 -0
  296. package/templates/paybond-invoice-agent/requirements.txt +2 -0
  297. package/templates/paybond-mcp-coding-agent/.env.example +3 -0
  298. package/templates/paybond-mcp-coding-agent/.github/workflows/smoke.yml +20 -0
  299. package/templates/paybond-mcp-coding-agent/LICENSE +201 -0
  300. package/templates/paybond-mcp-coding-agent/README.md +39 -0
  301. package/templates/paybond-mcp-coding-agent/package-lock.json +151 -0
  302. package/templates/paybond-mcp-coding-agent/package.json +20 -0
  303. package/templates/paybond-mcp-coding-agent/paybond.policy.yaml +25 -0
  304. package/templates/paybond-mcp-coding-agent/src/index.ts +40 -0
  305. package/templates/paybond-mcp-coding-agent/src/paybond.config.ts +51 -0
  306. package/templates/paybond-mcp-coding-agent/tsconfig.json +13 -0
  307. package/templates/paybond-openai-agents-demo/.env.example +3 -0
  308. package/templates/paybond-openai-agents-demo/.github/workflows/smoke.yml +20 -0
  309. package/templates/paybond-openai-agents-demo/LICENSE +201 -0
  310. package/templates/paybond-openai-agents-demo/README.md +29 -0
  311. package/templates/paybond-openai-agents-demo/package-lock.json +1525 -0
  312. package/templates/paybond-openai-agents-demo/package.json +22 -0
  313. package/templates/paybond-openai-agents-demo/paybond.policy.yaml +22 -0
  314. package/templates/paybond-openai-agents-demo/src/index.ts +22 -0
  315. package/templates/paybond-openai-agents-demo/src/paybond.config.ts +51 -0
  316. package/templates/paybond-openai-agents-demo/tsconfig.json +13 -0
  317. package/templates/paybond-procurement-agent/.env.example +3 -0
  318. package/templates/paybond-procurement-agent/.github/workflows/smoke.yml +20 -0
  319. package/templates/paybond-procurement-agent/LICENSE +201 -0
  320. package/templates/paybond-procurement-agent/README.md +29 -0
  321. package/templates/paybond-procurement-agent/package-lock.json +151 -0
  322. package/templates/paybond-procurement-agent/package.json +20 -0
  323. package/templates/paybond-procurement-agent/paybond.policy.yaml +25 -0
  324. package/templates/paybond-procurement-agent/src/index.ts +54 -0
  325. package/templates/paybond-procurement-agent/src/paybond.config.ts +51 -0
  326. package/templates/paybond-procurement-agent/tsconfig.json +13 -0
  327. package/templates/paybond-travel-agent/.env.example +3 -0
  328. package/templates/paybond-travel-agent/.github/workflows/smoke.yml +20 -0
  329. package/templates/paybond-travel-agent/LICENSE +201 -0
  330. package/templates/paybond-travel-agent/README.md +29 -0
  331. package/templates/paybond-travel-agent/package-lock.json +444 -0
  332. package/templates/paybond-travel-agent/package.json +23 -0
  333. package/templates/paybond-travel-agent/paybond.policy.yaml +22 -0
  334. package/templates/paybond-travel-agent/src/index.ts +22 -0
  335. package/templates/paybond-travel-agent/src/paybond.config.ts +51 -0
  336. package/templates/paybond-travel-agent/tsconfig.json +13 -0
  337. package/templates/paybond-vercel-shopping-agent/.env.example +3 -0
  338. package/templates/paybond-vercel-shopping-agent/.github/workflows/smoke.yml +20 -0
  339. package/templates/paybond-vercel-shopping-agent/LICENSE +201 -0
  340. package/templates/paybond-vercel-shopping-agent/README.md +29 -0
  341. package/templates/paybond-vercel-shopping-agent/package-lock.json +265 -0
  342. package/templates/paybond-vercel-shopping-agent/package.json +22 -0
  343. package/templates/paybond-vercel-shopping-agent/paybond.policy.yaml +22 -0
  344. package/templates/paybond-vercel-shopping-agent/src/index.ts +22 -0
  345. package/templates/paybond-vercel-shopping-agent/src/paybond.config.ts +51 -0
  346. package/templates/paybond-vercel-shopping-agent/tsconfig.json +13 -0
@@ -0,0 +1,7 @@
1
+ import type { CliContext } from "../context.js";
2
+ import { type CommandResult } from "../types.js";
3
+ export declare function handleDevSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
4
+ export declare function handleDevTrace(ctx: CliContext, argv: string[]): Promise<CommandResult>;
5
+ export declare function handleDevUp(ctx: CliContext, argv: string[]): Promise<CommandResult>;
6
+ export declare function handleDevLoop(ctx: CliContext, argv: string[]): Promise<CommandResult>;
7
+ export declare function handleDev(ctx: CliContext, subcommand: string, argv: string[]): Promise<CommandResult>;
@@ -0,0 +1,348 @@
1
+ import { resolve } from "node:path";
2
+ import { activateOfflineDevMode, createOfflineDevGatewayFetch, isProductionApiKey, } from "../../dev/offline-gateway.js";
3
+ import { runDevWiremockUp } from "../../dev/wiremock-up.js";
4
+ import { appendDevAuditLog, activateDevTraceCollector, buildDevStartupBannerLines, DEV_DEFAULT_POLICY_FILE, DEV_DEFAULT_PRESET, devTraceUrl, finalizeDevTraceCollector, recordSmokeTraceEvent, } from "../../dev/trace-buffer.js";
5
+ import { startDevTraceServer } from "../../dev/trace-server.js";
6
+ import { getSolutionSmokeDefaults } from "../../solutions/catalog.js";
7
+ import { describeCredentialSource, loadEnvFile } from "../credentials.js";
8
+ import { colorize, shouldUseColor } from "../color.js";
9
+ import { consumeBooleanFlag, consumeFlag } from "../globals.js";
10
+ import { CliError } from "../types.js";
11
+ import { handleAgentSandboxSmoke } from "./agent.js";
12
+ import { handleLogin } from "./setup.js";
13
+ import { handlePolicyInit, handlePolicyValidateTools } from "./policy.js";
14
+ import { scheduleCliCommandTelemetry } from "../telemetry.js";
15
+ function devCliError(message, options) {
16
+ return new CliError(message, {
17
+ category: options.category ?? "validation",
18
+ code: options.code,
19
+ details: options.details ?? {},
20
+ });
21
+ }
22
+ function appendDevLoopTraceLine(checklistLines, traceUrl, globals) {
23
+ const useColor = shouldUseColor(globals);
24
+ return [...checklistLines, colorize(`✓ Trace → ${traceUrl}`, "green", useColor)];
25
+ }
26
+ function writeDevStartupBanner(ctx) {
27
+ for (const line of buildDevStartupBannerLines()) {
28
+ ctx.stderr.write(`${line}\n`);
29
+ }
30
+ }
31
+ function rejectOfflineWithProductionKey(apiKey) {
32
+ const trimmed = apiKey?.trim();
33
+ if (trimmed && isProductionApiKey(trimmed)) {
34
+ throw devCliError("offline dev mode cannot be used with production API keys (paybond_sk_live_...); unset PAYBOND_API_KEY or use a sandbox key", { code: "cli.dev.offline_production_key", category: "validation" });
35
+ }
36
+ }
37
+ async function assertOfflineDevCredentialsSafe(ctx) {
38
+ rejectOfflineWithProductionKey(process.env.PAYBOND_API_KEY);
39
+ if (process.env.PAYBOND_API_KEY?.trim()) {
40
+ return;
41
+ }
42
+ const fromFile = await loadEnvFile(ctx.globals.envFile, ctx.cwd);
43
+ rejectOfflineWithProductionKey(fromFile);
44
+ }
45
+ function beginOfflineDevSession(ctx) {
46
+ const { restore } = activateOfflineDevMode();
47
+ return {
48
+ ctx: {
49
+ ...ctx,
50
+ fetch: createOfflineDevGatewayFetch(),
51
+ },
52
+ restore,
53
+ };
54
+ }
55
+ async function finalizeSmokeResult(ctx, preset, smokeResult, offline = false) {
56
+ const bind = smokeResult.data.bind;
57
+ const execute = smokeResult.data.execute;
58
+ const defaults = getSolutionSmokeDefaults(preset);
59
+ const resultBody = execute.tool_result && typeof execute.tool_result === "object" && !Array.isArray(execute.tool_result)
60
+ ? execute.tool_result
61
+ : defaults.resultBody;
62
+ const traceEvent = finalizeDevTraceCollector(resultBody, ctx.cwd) ??
63
+ recordSmokeTraceEvent({
64
+ preset,
65
+ bind,
66
+ execute,
67
+ resultBody,
68
+ }, ctx.cwd);
69
+ const auditLog = await appendDevAuditLog(ctx.cwd, {
70
+ kind: "dev.smoke",
71
+ recorded_at: traceEvent.recorded_at,
72
+ preset,
73
+ bind,
74
+ execute,
75
+ offline,
76
+ });
77
+ const traceUrl = devTraceUrl();
78
+ return {
79
+ data: {
80
+ ...smokeResult.data,
81
+ offline,
82
+ trace_url: `${traceUrl}/runs/${encodeURIComponent(traceEvent.id)}`,
83
+ audit_log: auditLog,
84
+ },
85
+ warnings: smokeResult.warnings,
86
+ };
87
+ }
88
+ async function runDevSmokeCore(ctx, preset, offline) {
89
+ activateDevTraceCollector({ preset, cwd: ctx.cwd });
90
+ const smokeArgv = ["--preset", preset];
91
+ const smokeResult = await handleAgentSandboxSmoke(ctx, smokeArgv);
92
+ return finalizeSmokeResult(ctx, preset, smokeResult, offline);
93
+ }
94
+ export async function handleDevSmoke(ctx, argv) {
95
+ if (argv[0] === "--help" || argv[0] === "-h") {
96
+ throw new CliError("help", { category: "usage", code: "cli.help" });
97
+ }
98
+ let rest = argv;
99
+ const offlineFlag = consumeBooleanFlag(rest, "--offline");
100
+ rest = offlineFlag.rest;
101
+ const presetFlag = consumeFlag(rest, "--preset");
102
+ if (presetFlag.rest.length > 0) {
103
+ throw devCliError(`unexpected arguments: ${presetFlag.rest.join(" ")}`, {
104
+ code: "cli.usage.unexpected_args",
105
+ category: "usage",
106
+ });
107
+ }
108
+ const preset = presetFlag.value?.trim() || DEV_DEFAULT_PRESET;
109
+ if (offlineFlag.present) {
110
+ await assertOfflineDevCredentialsSafe(ctx);
111
+ }
112
+ const offlineSession = offlineFlag.present ? beginOfflineDevSession(ctx) : null;
113
+ try {
114
+ const result = await runDevSmokeCore(offlineSession?.ctx ?? ctx, preset, offlineFlag.present);
115
+ scheduleCliCommandTelemetry(offlineSession?.ctx ?? ctx, {
116
+ commandPath: "dev smoke",
117
+ offline: offlineFlag.present,
118
+ });
119
+ return result;
120
+ }
121
+ finally {
122
+ offlineSession?.restore();
123
+ }
124
+ }
125
+ export async function handleDevTrace(ctx, argv) {
126
+ if (argv[0] === "--help" || argv[0] === "-h") {
127
+ throw new CliError("help", { category: "usage", code: "cli.help" });
128
+ }
129
+ const portFlag = consumeFlag(argv, "--port");
130
+ if (portFlag.rest.length > 0) {
131
+ throw devCliError(`unexpected arguments: ${portFlag.rest.join(" ")}`, {
132
+ code: "cli.usage.unexpected_args",
133
+ category: "usage",
134
+ });
135
+ }
136
+ const port = portFlag.value ? Number.parseInt(portFlag.value, 10) : undefined;
137
+ if (port !== undefined && (!Number.isFinite(port) || port <= 0 || port > 65535)) {
138
+ throw devCliError("dev trace --port must be a valid TCP port", {
139
+ code: "cli.usage.invalid_port",
140
+ category: "usage",
141
+ });
142
+ }
143
+ const credentials = await describeCredentialSource(ctx.globals, ctx.cwd);
144
+ if (credentials.source === "missing") {
145
+ ctx.stderr.write("No PAYBOND_API_KEY configured. Run paybond dev smoke --offline or paybond login, then paybond dev smoke.\n");
146
+ }
147
+ let traceUrl = devTraceUrl(port);
148
+ const server = await startDevTraceServer({
149
+ port,
150
+ cwd: ctx.cwd,
151
+ onListen(url) {
152
+ traceUrl = url;
153
+ ctx.stderr.write(`Paybond dev trace dashboard listening on ${url}\n`);
154
+ ctx.stderr.write("Press Ctrl+C to stop.\n");
155
+ },
156
+ });
157
+ await new Promise((resolvePromise) => {
158
+ const shutdown = () => {
159
+ server.close(() => resolvePromise());
160
+ };
161
+ process.once("SIGINT", shutdown);
162
+ process.once("SIGTERM", shutdown);
163
+ });
164
+ return {
165
+ data: {
166
+ trace_url: traceUrl,
167
+ port: port ?? devTraceUrl().match(/:(\d+)/)?.[1] ?? "9477",
168
+ events: [],
169
+ },
170
+ };
171
+ }
172
+ export async function handleDevUp(ctx, argv) {
173
+ if (argv[0] === "--help" || argv[0] === "-h") {
174
+ throw new CliError("help", { category: "usage", code: "cli.help" });
175
+ }
176
+ let rest = argv;
177
+ const downFlag = consumeBooleanFlag(rest, "--down");
178
+ rest = downFlag.rest;
179
+ const portFlag = consumeFlag(rest, "--port");
180
+ if (portFlag.rest.length > 0) {
181
+ throw devCliError(`unexpected arguments: ${portFlag.rest.join(" ")}`, {
182
+ code: "cli.usage.unexpected_args",
183
+ category: "usage",
184
+ });
185
+ }
186
+ const port = portFlag.value ? Number.parseInt(portFlag.value, 10) : undefined;
187
+ if (port !== undefined && (!Number.isFinite(port) || port <= 0 || port > 65535)) {
188
+ throw devCliError("dev up --port must be a valid TCP port", {
189
+ code: "cli.usage.invalid_port",
190
+ category: "usage",
191
+ });
192
+ }
193
+ try {
194
+ const result = await runDevWiremockUp({ port, down: downFlag.present });
195
+ if (result.status === "stopped") {
196
+ ctx.stderr.write(`Stopped WireMock container ${result.container_name}.\n`);
197
+ }
198
+ else if (result.status === "already_running") {
199
+ ctx.stderr.write(`WireMock already running at ${result.gateway_url}\n`);
200
+ }
201
+ else {
202
+ ctx.stderr.write(`WireMock Gateway listening at ${result.gateway_url}\n`);
203
+ ctx.stderr.write(`Mappings loaded from ${result.wiremock_dir}\n`);
204
+ }
205
+ if (result.next_commands.length > 0) {
206
+ ctx.stderr.write("Next:\n");
207
+ for (const command of result.next_commands) {
208
+ ctx.stderr.write(` ${command}\n`);
209
+ }
210
+ }
211
+ return { data: result };
212
+ }
213
+ catch (err) {
214
+ throw devCliError(err instanceof Error ? err.message : String(err), {
215
+ code: "cli.dev.wiremock_failed",
216
+ category: "validation",
217
+ });
218
+ }
219
+ }
220
+ export async function handleDevLoop(ctx, argv) {
221
+ if (argv[0] === "--help" || argv[0] === "-h") {
222
+ throw new CliError("help", { category: "usage", code: "cli.help" });
223
+ }
224
+ let rest = argv;
225
+ const offlineFlag = consumeBooleanFlag(rest, "--offline");
226
+ rest = offlineFlag.rest;
227
+ const policyFlag = consumeFlag(rest, "--policy-file");
228
+ rest = policyFlag.rest;
229
+ const noLoginFlag = consumeBooleanFlag(rest, "--no-login");
230
+ rest = noLoginFlag.rest;
231
+ if (rest.length > 0) {
232
+ throw devCliError(`unexpected arguments: ${rest.join(" ")}`, {
233
+ code: "cli.usage.unexpected_args",
234
+ category: "usage",
235
+ });
236
+ }
237
+ const policyFile = policyFlag.value?.trim() || DEV_DEFAULT_POLICY_FILE;
238
+ const steps = [];
239
+ const bannerLines = buildDevStartupBannerLines();
240
+ if (offlineFlag.present) {
241
+ await assertOfflineDevCredentialsSafe(ctx);
242
+ }
243
+ const offlineSession = offlineFlag.present ? beginOfflineDevSession(ctx) : null;
244
+ const activeCtx = offlineSession?.ctx ?? ctx;
245
+ writeDevStartupBanner(ctx);
246
+ try {
247
+ if (offlineFlag.present) {
248
+ steps.push({
249
+ name: "login",
250
+ ok: true,
251
+ skipped: true,
252
+ message: "offline mode (no PAYBOND_API_KEY required)",
253
+ });
254
+ }
255
+ else {
256
+ const credentials = await describeCredentialSource(ctx.globals, ctx.cwd);
257
+ if (credentials.source === "missing" && !noLoginFlag.present) {
258
+ const loginResult = await handleLogin(ctx, []);
259
+ steps.push({ name: "login", ok: true, data: loginResult.data });
260
+ }
261
+ else {
262
+ steps.push({
263
+ name: "login",
264
+ ok: credentials.source !== "missing",
265
+ skipped: credentials.source !== "missing",
266
+ message: credentials.source === "missing" ? "missing credentials; run paybond login" : "credentials present",
267
+ });
268
+ if (credentials.source === "missing") {
269
+ throw devCliError("dev loop requires sandbox credentials; run paybond login, pass --offline, or omit --no-login", {
270
+ code: "cli.dev.missing_credentials",
271
+ category: "validation",
272
+ details: { steps },
273
+ });
274
+ }
275
+ }
276
+ }
277
+ const initResult = await handlePolicyInit(activeCtx, [
278
+ "--preset",
279
+ DEV_DEFAULT_PRESET,
280
+ "--out",
281
+ policyFile,
282
+ "--force",
283
+ ]);
284
+ steps.push({ name: "policy_init", ok: true, data: initResult.data });
285
+ const validateResult = await handlePolicyValidateTools(activeCtx, [
286
+ "--file",
287
+ policyFile,
288
+ "--local-only",
289
+ ]);
290
+ const validateData = validateResult.data;
291
+ steps.push({
292
+ name: "validate_tools",
293
+ ok: validateData.valid === true,
294
+ data: validateData,
295
+ });
296
+ if (validateData.valid !== true) {
297
+ throw devCliError("dev loop failed policy validate-tools --local-only", {
298
+ code: "cli.dev.validate_failed",
299
+ category: "validation",
300
+ details: { steps },
301
+ });
302
+ }
303
+ const smokeResult = await runDevSmokeCore(activeCtx, DEV_DEFAULT_PRESET, offlineFlag.present);
304
+ steps.push({ name: "smoke", ok: true, data: smokeResult.data });
305
+ const traceUrl = String(smokeResult.data.trace_url ?? devTraceUrl());
306
+ const auditLog = String(smokeResult.data.audit_log ?? resolve(ctx.cwd, ".paybond/dev-audit.jsonl"));
307
+ const smokeChecklist = Array.isArray(smokeResult.data.checklist_lines)
308
+ ? smokeResult.data.checklist_lines
309
+ : [];
310
+ scheduleCliCommandTelemetry(activeCtx, {
311
+ commandPath: "dev loop",
312
+ offline: offlineFlag.present,
313
+ });
314
+ return {
315
+ data: {
316
+ offline: offlineFlag.present,
317
+ steps,
318
+ smoke: smokeResult.data,
319
+ trace_url: traceUrl,
320
+ audit_log: auditLog,
321
+ banner_lines: bannerLines,
322
+ checklist_lines: appendDevLoopTraceLine(smokeChecklist, traceUrl, ctx.globals),
323
+ },
324
+ warnings: smokeResult.warnings,
325
+ };
326
+ }
327
+ finally {
328
+ offlineSession?.restore();
329
+ }
330
+ }
331
+ export async function handleDev(ctx, subcommand, argv) {
332
+ if (subcommand === "smoke") {
333
+ return handleDevSmoke(ctx, argv);
334
+ }
335
+ if (subcommand === "trace") {
336
+ return handleDevTrace(ctx, argv);
337
+ }
338
+ if (subcommand === "loop") {
339
+ return handleDevLoop(ctx, argv);
340
+ }
341
+ if (subcommand === "up") {
342
+ return handleDevUp(ctx, argv);
343
+ }
344
+ throw devCliError(`unknown dev subcommand: dev ${subcommand}`, {
345
+ code: "cli.usage.unknown_command",
346
+ category: "usage",
347
+ });
348
+ }
@@ -156,11 +156,11 @@ export async function handleAuditExports(ctx, subcommand, argv) {
156
156
  code: "cli.audit.missing_download_token",
157
157
  });
158
158
  }
159
- const bundleUrl = gatewayUrl(ctx.globals.gateway, `/v1/compliance/audit-exports/${encodeURIComponent(jobId)}/bundle?token=${encodeURIComponent(token)}`);
160
- const apiKey = await import("../credentials.js").then((mod) => mod.resolveApiKey(ctx.globals, ctx.cwd));
159
+ const bundleUrl = gatewayUrl(ctx.globals.gateway, `/v1/compliance/audit-exports/${encodeURIComponent(jobId)}/bundle`);
161
160
  const response = await ctx.fetch(bundleUrl, {
161
+ method: "POST",
162
162
  headers: {
163
- authorization: `Bearer ${apiKey}`,
163
+ authorization: `Bearer ${token}`,
164
164
  "x-request-id": ctx.globals.requestId,
165
165
  },
166
166
  });
@@ -0,0 +1,13 @@
1
+ import { type CliContext } from "../context.js";
2
+ import { type CommandResult } from "../types.js";
3
+ export declare function handlePolicyPresetsList(_ctx: CliContext, argv: string[]): Promise<CommandResult>;
4
+ export declare function handlePolicyPresetsShow(ctx: CliContext, argv: string[]): Promise<CommandResult>;
5
+ export declare function handlePolicyInit(ctx: CliContext, argv: string[]): Promise<CommandResult>;
6
+ export declare function handlePolicyInitOrg(ctx: CliContext, argv: string[]): Promise<CommandResult>;
7
+ export declare function handlePolicyExtend(ctx: CliContext, argv: string[]): Promise<CommandResult>;
8
+ export declare function handlePolicyValidateTools(ctx: CliContext, argv: string[]): Promise<CommandResult>;
9
+ export declare function handlePolicyTemplates(_ctx: CliContext, argv: string[]): Promise<CommandResult>;
10
+ export declare function handlePolicyPreview(ctx: CliContext, argv: string[]): Promise<CommandResult>;
11
+ export declare function handlePolicyImportMcpReceipt(ctx: CliContext, argv: string[]): Promise<CommandResult>;
12
+ export declare function handlePolicyValidateEvidence(_ctx: CliContext, argv: string[]): Promise<CommandResult>;
13
+ export declare function handlePolicyImportX402Receipt(ctx: CliContext, argv: string[]): Promise<CommandResult>;