@paybond/kit 0.10.0 → 0.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +59 -15
- package/completion-presets/catalog.json +1187 -0
- package/completion-presets/catalog.sha256 +1 -0
- package/dev/trace-ui/dashboard.html +617 -0
- package/dist/agent/adapter.d.ts +51 -0
- package/dist/agent/adapter.js +66 -0
- package/dist/agent/attach-bundle.d.ts +37 -0
- package/dist/agent/attach-bundle.js +118 -0
- package/dist/agent/authorization-cache.d.ts +22 -0
- package/dist/agent/authorization-cache.js +36 -0
- package/dist/agent/deferred-tools.d.ts +11 -0
- package/dist/agent/deferred-tools.js +62 -0
- package/dist/agent/discover.d.ts +41 -0
- package/dist/agent/discover.js +147 -0
- package/dist/agent/evidence.d.ts +9 -0
- package/dist/agent/evidence.js +28 -0
- package/dist/agent/facade.d.ts +48 -0
- package/dist/agent/facade.js +112 -0
- package/dist/agent/gateway-trace-reporter.d.ts +28 -0
- package/dist/agent/gateway-trace-reporter.js +49 -0
- package/dist/agent/generic-runner.d.ts +14 -0
- package/dist/agent/generic-runner.js +49 -0
- package/dist/agent/generic-sandbox-demo.d.ts +36 -0
- package/dist/agent/generic-sandbox-demo.js +82 -0
- package/dist/agent/guarded-agent.d.ts +49 -0
- package/dist/agent/guarded-agent.js +100 -0
- package/dist/agent/index.d.ts +13 -0
- package/dist/agent/index.js +13 -0
- package/dist/agent/instrument.d.ts +156 -0
- package/dist/agent/instrument.js +442 -0
- package/dist/agent/interceptor.d.ts +24 -0
- package/dist/agent/interceptor.js +440 -0
- package/dist/agent/lazy-context-tools.d.ts +15 -0
- package/dist/agent/lazy-context-tools.js +81 -0
- package/dist/agent/registry-file.d.ts +39 -0
- package/dist/agent/registry-file.js +219 -0
- package/dist/agent/registry.d.ts +37 -0
- package/dist/agent/registry.js +128 -0
- package/dist/agent/run.d.ts +124 -0
- package/dist/agent/run.js +301 -0
- package/dist/agent/types.d.ts +318 -0
- package/dist/agent/types.js +42 -0
- package/dist/agent-recognition.d.ts +72 -0
- package/dist/agent-recognition.js +165 -0
- package/dist/bincode-wire.d.ts +18 -0
- package/dist/bincode-wire.js +93 -0
- package/dist/claude-agents/config.d.ts +21 -0
- package/dist/claude-agents/config.js +145 -0
- package/dist/claude-agents/index.d.ts +2 -0
- package/dist/claude-agents/index.js +2 -0
- package/dist/claude-agents/sandbox-demo.d.ts +30 -0
- package/dist/claude-agents/sandbox-demo.js +91 -0
- package/dist/cli/agent/demo-loaders.d.ts +4 -0
- package/dist/cli/agent/demo-loaders.js +66 -0
- package/dist/cli/agent/env-quote.d.ts +1 -0
- package/dist/cli/agent/env-quote.js +6 -0
- package/dist/cli/agent/env-write.d.ts +8 -0
- package/dist/cli/agent/env-write.js +47 -0
- package/dist/cli/agent/paybond.d.ts +16 -0
- package/dist/cli/agent/paybond.js +55 -0
- package/dist/cli/agent/policy-file.d.ts +29 -0
- package/dist/cli/agent/policy-file.js +61 -0
- package/dist/cli/agent/production-evidence.d.ts +24 -0
- package/dist/cli/agent/production-evidence.js +98 -0
- package/dist/cli/agent/run-store.d.ts +30 -0
- package/dist/cli/agent/run-store.js +42 -0
- package/dist/cli/agent/run-trace-store.d.ts +39 -0
- package/dist/cli/agent/run-trace-store.js +143 -0
- package/dist/cli/agent-run-trace-table.d.ts +9 -0
- package/dist/cli/agent-run-trace-table.js +24 -0
- package/dist/cli/agent-sandbox-smoke-checklist.d.ts +9 -0
- package/dist/cli/agent-sandbox-smoke-checklist.js +50 -0
- package/dist/cli/command-spec.d.ts +1 -0
- package/dist/cli/command-spec.js +286 -5
- package/dist/cli/commands/agent.d.ts +16 -0
- package/dist/cli/commands/agent.js +1136 -0
- package/dist/cli/commands/dev.d.ts +7 -0
- package/dist/cli/commands/dev.js +348 -0
- package/dist/cli/commands/discovery.js +3 -3
- package/dist/cli/commands/policy.d.ts +13 -0
- package/dist/cli/commands/policy.js +769 -0
- package/dist/cli/commands/setup.d.ts +3 -0
- package/dist/cli/commands/setup.js +124 -8
- package/dist/cli/commands/workflows.js +9 -4
- package/dist/cli/config.d.ts +2 -0
- package/dist/cli/config.js +4 -2
- package/dist/cli/context.js +2 -1
- package/dist/cli/credentials.js +2 -2
- package/dist/cli/doctor-agent-middleware.d.ts +5 -0
- package/dist/cli/doctor-agent-middleware.js +49 -0
- package/dist/cli/globals.d.ts +1 -0
- package/dist/cli/globals.js +11 -1
- package/dist/cli/help.d.ts +1 -1
- package/dist/cli/help.js +35 -3
- package/dist/cli/mcp-install.js +2 -2
- package/dist/cli/mcp-policy.d.ts +3 -0
- package/dist/cli/mcp-policy.js +19 -13
- package/dist/cli/mcp-verify-config.js +9 -11
- package/dist/cli/redact.js +29 -8
- package/dist/cli/router.js +105 -2
- package/dist/cli/smoke-deep-links.d.ts +15 -0
- package/dist/cli/smoke-deep-links.js +63 -0
- package/dist/cli/telemetry.d.ts +17 -0
- package/dist/cli/telemetry.js +94 -0
- package/dist/completion-catalog-digest.d.ts +2 -0
- package/dist/completion-catalog-digest.js +2 -0
- package/dist/completion-catalog-integrity.d.ts +2 -0
- package/dist/completion-catalog-integrity.js +17 -0
- package/dist/completion-catalog.d.ts +49 -0
- package/dist/completion-catalog.js +62 -0
- package/dist/completion-contract-digest.d.ts +37 -0
- package/dist/completion-contract-digest.js +73 -0
- package/dist/completion-forbidden-fields.d.ts +5 -0
- package/dist/completion-forbidden-fields.js +26 -0
- package/dist/completion-init.d.ts +8 -0
- package/dist/completion-init.js +334 -0
- package/dist/completion-resolve.d.ts +21 -0
- package/dist/completion-resolve.js +86 -0
- package/dist/completion-validate-evidence.d.ts +24 -0
- package/dist/completion-validate-evidence.js +145 -0
- package/dist/dev/offline-gateway.d.ts +24 -0
- package/dist/dev/offline-gateway.js +102 -0
- package/dist/dev/trace-buffer.d.ts +61 -0
- package/dist/dev/trace-buffer.js +330 -0
- package/dist/dev/trace-security-headers.d.ts +11 -0
- package/dist/dev/trace-security-headers.js +16 -0
- package/dist/dev/trace-server.d.ts +8 -0
- package/dist/dev/trace-server.js +38 -0
- package/dist/dev/trace-ui.d.ts +4 -0
- package/dist/dev/trace-ui.js +25 -0
- package/dist/dev/wiremock-up.d.ts +15 -0
- package/dist/dev/wiremock-up.js +118 -0
- package/dist/doctor-completion.d.ts +17 -0
- package/dist/doctor-completion.js +428 -0
- package/dist/gateway-url.d.ts +7 -0
- package/dist/gateway-url.js +69 -0
- package/dist/index.d.ts +119 -2
- package/dist/index.js +267 -6
- package/dist/init.js +374 -57
- package/dist/langgraph/awrap-tool-call.d.ts +25 -0
- package/dist/langgraph/awrap-tool-call.js +81 -0
- package/dist/langgraph/config.d.ts +13 -0
- package/dist/langgraph/config.js +11 -0
- package/dist/langgraph/index.d.ts +4 -0
- package/dist/langgraph/index.js +4 -0
- package/dist/langgraph/sandbox-demo.d.ts +40 -0
- package/dist/langgraph/sandbox-demo.js +96 -0
- package/dist/langgraph/tool-node.d.ts +10 -0
- package/dist/langgraph/tool-node.js +38 -0
- package/dist/login.js +7 -0
- package/dist/mcp/index.d.ts +1 -0
- package/dist/mcp/index.js +1 -0
- package/dist/mcp/tool-surface.d.ts +25 -0
- package/dist/mcp/tool-surface.js +17 -0
- package/dist/mcp-capability-token-cache.d.ts +24 -0
- package/dist/mcp-capability-token-cache.js +101 -0
- package/dist/mcp-evidence-policy.d.ts +48 -0
- package/dist/mcp-evidence-policy.js +117 -0
- package/dist/mcp-policy-reload.d.ts +79 -0
- package/dist/mcp-policy-reload.js +200 -0
- package/dist/mcp-sep2828-evidence.d.ts +36 -0
- package/dist/mcp-sep2828-evidence.js +65 -0
- package/dist/mcp-server.d.ts +6 -0
- package/dist/mcp-server.js +224 -44
- package/dist/openai-agents/index.d.ts +40 -0
- package/dist/openai-agents/index.js +151 -0
- package/dist/openai-agents/sandbox-demo.d.ts +34 -0
- package/dist/openai-agents/sandbox-demo.js +118 -0
- package/dist/payee-evidence.js +2 -29
- package/dist/policy/catalog.d.ts +31 -0
- package/dist/policy/catalog.js +48 -0
- package/dist/policy/compose-utils.d.ts +3 -0
- package/dist/policy/compose-utils.js +4 -0
- package/dist/policy/compose.d.ts +20 -0
- package/dist/policy/compose.js +240 -0
- package/dist/policy/digest.d.ts +7 -0
- package/dist/policy/digest.js +75 -0
- package/dist/policy/domain.d.ts +15 -0
- package/dist/policy/domain.js +28 -0
- package/dist/policy/guardrail-spec.d.ts +17 -0
- package/dist/policy/guardrail-spec.js +140 -0
- package/dist/policy/guardrails.d.ts +48 -0
- package/dist/policy/guardrails.js +72 -0
- package/dist/policy/index.d.ts +21 -0
- package/dist/policy/index.js +21 -0
- package/dist/policy/init.d.ts +102 -0
- package/dist/policy/init.js +351 -0
- package/dist/policy/intent-spec.d.ts +52 -0
- package/dist/policy/intent-spec.js +176 -0
- package/dist/policy/json-path.d.ts +4 -0
- package/dist/policy/json-path.js +23 -0
- package/dist/policy/layers-io.d.ts +7 -0
- package/dist/policy/layers-io.js +28 -0
- package/dist/policy/load-effective.d.ts +22 -0
- package/dist/policy/load-effective.js +77 -0
- package/dist/policy/load.d.ts +85 -0
- package/dist/policy/load.js +164 -0
- package/dist/policy/merge.d.ts +29 -0
- package/dist/policy/merge.js +297 -0
- package/dist/policy/parse-text.d.ts +2 -0
- package/dist/policy/parse-text.js +126 -0
- package/dist/policy/policy-api.d.ts +45 -0
- package/dist/policy/policy-api.js +61 -0
- package/dist/policy/presets.d.ts +19 -0
- package/dist/policy/presets.js +66 -0
- package/dist/policy/registry.d.ts +7 -0
- package/dist/policy/registry.js +33 -0
- package/dist/policy/reload.d.ts +86 -0
- package/dist/policy/reload.js +233 -0
- package/dist/policy/render-yaml.d.ts +3 -0
- package/dist/policy/render-yaml.js +69 -0
- package/dist/policy/sandbox-bootstrap.d.ts +19 -0
- package/dist/policy/sandbox-bootstrap.js +66 -0
- package/dist/policy/schema.d.ts +204 -0
- package/dist/policy/schema.js +255 -0
- package/dist/policy/snapshot.d.ts +33 -0
- package/dist/policy/snapshot.js +23 -0
- package/dist/policy/validate-remote.d.ts +43 -0
- package/dist/policy/validate-remote.js +104 -0
- package/dist/policy/validate.d.ts +36 -0
- package/dist/policy/validate.js +150 -0
- package/dist/policy/watcher.d.ts +29 -0
- package/dist/policy/watcher.js +112 -0
- package/dist/principal-intent.d.ts +52 -0
- package/dist/principal-intent.js +193 -37
- package/dist/project-init.d.ts +34 -0
- package/dist/project-init.js +898 -0
- package/dist/sep2828-signature.d.ts +10 -0
- package/dist/sep2828-signature.js +134 -0
- package/dist/solutions/api.d.ts +22 -0
- package/dist/solutions/api.js +40 -0
- package/dist/solutions/catalog.d.ts +34 -0
- package/dist/solutions/catalog.js +129 -0
- package/dist/solutions/index.d.ts +2 -0
- package/dist/solutions/index.js +2 -0
- package/dist/template-init.d.ts +54 -0
- package/dist/template-init.js +203 -0
- package/dist/vercel-ai/config.d.ts +15 -0
- package/dist/vercel-ai/config.js +13 -0
- package/dist/vercel-ai/index.d.ts +4 -0
- package/dist/vercel-ai/index.js +4 -0
- package/dist/vercel-ai/sandbox-demo.d.ts +44 -0
- package/dist/vercel-ai/sandbox-demo.js +153 -0
- package/dist/vercel-ai/tool-approval.d.ts +16 -0
- package/dist/vercel-ai/tool-approval.js +41 -0
- package/dist/vercel-ai/wrap-tools.d.ts +9 -0
- package/dist/vercel-ai/wrap-tools.js +40 -0
- package/dist/x402-receipt-evidence.d.ts +29 -0
- package/dist/x402-receipt-evidence.js +97 -0
- package/dist/x402-receipt-signature.d.ts +12 -0
- package/dist/x402-receipt-signature.js +211 -0
- package/package.json +75 -3
- package/solutions/aws.json +17 -0
- package/solutions/saas.json +17 -0
- package/solutions/shopping.json +17 -0
- package/solutions/travel.json +18 -0
- package/templates/manifest.json +169 -0
- package/templates/openai-shopping-agent/.env.example +3 -0
- package/templates/openai-shopping-agent/.github/workflows/smoke.yml +20 -0
- package/templates/openai-shopping-agent/LICENSE +201 -0
- package/templates/openai-shopping-agent/README.md +29 -0
- package/templates/openai-shopping-agent/package-lock.json +1525 -0
- package/templates/openai-shopping-agent/package.json +22 -0
- package/templates/openai-shopping-agent/paybond.policy.yaml +22 -0
- package/templates/openai-shopping-agent/src/index.ts +22 -0
- package/templates/openai-shopping-agent/src/paybond.config.ts +51 -0
- package/templates/openai-shopping-agent/tsconfig.json +13 -0
- package/templates/paybond-aws-operator/.env.example +3 -0
- package/templates/paybond-aws-operator/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-aws-operator/LICENSE +201 -0
- package/templates/paybond-aws-operator/README.md +29 -0
- package/templates/paybond-aws-operator/package-lock.json +151 -0
- package/templates/paybond-aws-operator/package.json +20 -0
- package/templates/paybond-aws-operator/paybond.policy.yaml +22 -0
- package/templates/paybond-aws-operator/src/index.ts +54 -0
- package/templates/paybond-aws-operator/src/paybond.config.ts +51 -0
- package/templates/paybond-aws-operator/tsconfig.json +13 -0
- package/templates/paybond-claude-agents-demo/.env.example +3 -0
- package/templates/paybond-claude-agents-demo/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-claude-agents-demo/LICENSE +201 -0
- package/templates/paybond-claude-agents-demo/README.md +29 -0
- package/templates/paybond-claude-agents-demo/package-lock.json +1489 -0
- package/templates/paybond-claude-agents-demo/package.json +22 -0
- package/templates/paybond-claude-agents-demo/paybond.policy.yaml +22 -0
- package/templates/paybond-claude-agents-demo/src/index.ts +22 -0
- package/templates/paybond-claude-agents-demo/src/paybond.config.ts +51 -0
- package/templates/paybond-claude-agents-demo/tsconfig.json +13 -0
- package/templates/paybond-invoice-agent/.env.example +3 -0
- package/templates/paybond-invoice-agent/.github/workflows/smoke.yml +19 -0
- package/templates/paybond-invoice-agent/LICENSE +201 -0
- package/templates/paybond-invoice-agent/README.md +29 -0
- package/templates/paybond-invoice-agent/app.py +27 -0
- package/templates/paybond-invoice-agent/package.json +6 -0
- package/templates/paybond-invoice-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-invoice-agent/paybond_config.py +45 -0
- package/templates/paybond-invoice-agent/requirements.txt +2 -0
- package/templates/paybond-mcp-coding-agent/.env.example +3 -0
- package/templates/paybond-mcp-coding-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-mcp-coding-agent/LICENSE +201 -0
- package/templates/paybond-mcp-coding-agent/README.md +39 -0
- package/templates/paybond-mcp-coding-agent/package-lock.json +151 -0
- package/templates/paybond-mcp-coding-agent/package.json +20 -0
- package/templates/paybond-mcp-coding-agent/paybond.policy.yaml +25 -0
- package/templates/paybond-mcp-coding-agent/src/index.ts +40 -0
- package/templates/paybond-mcp-coding-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-mcp-coding-agent/tsconfig.json +13 -0
- package/templates/paybond-openai-agents-demo/.env.example +3 -0
- package/templates/paybond-openai-agents-demo/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-openai-agents-demo/LICENSE +201 -0
- package/templates/paybond-openai-agents-demo/README.md +29 -0
- package/templates/paybond-openai-agents-demo/package-lock.json +1525 -0
- package/templates/paybond-openai-agents-demo/package.json +22 -0
- package/templates/paybond-openai-agents-demo/paybond.policy.yaml +22 -0
- package/templates/paybond-openai-agents-demo/src/index.ts +22 -0
- package/templates/paybond-openai-agents-demo/src/paybond.config.ts +51 -0
- package/templates/paybond-openai-agents-demo/tsconfig.json +13 -0
- package/templates/paybond-procurement-agent/.env.example +3 -0
- package/templates/paybond-procurement-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-procurement-agent/LICENSE +201 -0
- package/templates/paybond-procurement-agent/README.md +29 -0
- package/templates/paybond-procurement-agent/package-lock.json +151 -0
- package/templates/paybond-procurement-agent/package.json +20 -0
- package/templates/paybond-procurement-agent/paybond.policy.yaml +25 -0
- package/templates/paybond-procurement-agent/src/index.ts +54 -0
- package/templates/paybond-procurement-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-procurement-agent/tsconfig.json +13 -0
- package/templates/paybond-travel-agent/.env.example +3 -0
- package/templates/paybond-travel-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-travel-agent/LICENSE +201 -0
- package/templates/paybond-travel-agent/README.md +29 -0
- package/templates/paybond-travel-agent/package-lock.json +444 -0
- package/templates/paybond-travel-agent/package.json +23 -0
- package/templates/paybond-travel-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-travel-agent/src/index.ts +22 -0
- package/templates/paybond-travel-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-travel-agent/tsconfig.json +13 -0
- package/templates/paybond-vercel-shopping-agent/.env.example +3 -0
- package/templates/paybond-vercel-shopping-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-vercel-shopping-agent/LICENSE +201 -0
- package/templates/paybond-vercel-shopping-agent/README.md +29 -0
- package/templates/paybond-vercel-shopping-agent/package-lock.json +265 -0
- package/templates/paybond-vercel-shopping-agent/package.json +22 -0
- package/templates/paybond-vercel-shopping-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-vercel-shopping-agent/src/index.ts +22 -0
- package/templates/paybond-vercel-shopping-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-vercel-shopping-agent/tsconfig.json +13 -0
|
@@ -2,7 +2,10 @@ import { commandPath, type CliContext } from "../context.js";
|
|
|
2
2
|
import { type CommandResult } from "../types.js";
|
|
3
3
|
declare function readJsonFile(filePath: string): Promise<Record<string, unknown>>;
|
|
4
4
|
export declare function handleLogin(ctx: CliContext, argv: string[]): Promise<CommandResult>;
|
|
5
|
+
export declare function handleInitWizard(ctx: CliContext, argv: string[]): Promise<CommandResult>;
|
|
5
6
|
export declare function handleInitGuardrail(ctx: CliContext, argv: string[]): Promise<CommandResult>;
|
|
7
|
+
export declare function handleInitAgentMiddleware(ctx: CliContext, argv: string[]): Promise<CommandResult>;
|
|
8
|
+
export declare function handleInitCompletion(ctx: CliContext, argv: string[]): Promise<CommandResult>;
|
|
6
9
|
export declare function handleMcpServe(ctx: CliContext, argv: string[]): Promise<CommandResult>;
|
|
7
10
|
export declare function handleMcpTools(ctx: CliContext): Promise<CommandResult>;
|
|
8
11
|
export declare function handleMcpInstall(ctx: CliContext, argv: string[]): Promise<CommandResult>;
|
|
@@ -4,15 +4,20 @@ import { readJsonBody } from "../automation.js";
|
|
|
4
4
|
import { listConfigEntries, resolveConfigValue, setConfigValue, unsetConfigValue } from "../config.js";
|
|
5
5
|
import { commandPath, withGateway } from "../context.js";
|
|
6
6
|
import { assertApiKeyShape, resolveApiKey, resolvedDefaultsForDoctor } from "../credentials.js";
|
|
7
|
+
import { runAgentMiddlewareDoctorCheck } from "../doctor-agent-middleware.js";
|
|
7
8
|
import { packageVersion, runAgentMcpChecks } from "../doctor-agent.js";
|
|
9
|
+
import { runCompletionCatalogDoctorChecks } from "../../doctor-completion.js";
|
|
8
10
|
import { consumeBooleanFlag, consumeFlag } from "../globals.js";
|
|
9
11
|
import { maskApiKey, redactConfigValue } from "../redact.js";
|
|
10
|
-
import { mergeMcpToolPolicy, parseMcpToolAllowlist, parseMcpToolPolicy, } from "../mcp-policy.js";
|
|
12
|
+
import { mergeMcpToolPolicy, parseMcpToolAllowlist, parseMcpToolPolicy, resolveMcpToolPolicy, } from "../mcp-policy.js";
|
|
11
13
|
import { parseMcpInstallFormat, parseMcpInstallHost, parseMcpInstallScope, planMcpInstall, } from "../mcp-install.js";
|
|
12
14
|
import { verifyMcpInstallPlan } from "../mcp-verify-config.js";
|
|
13
15
|
import { buildSupportDiagnostics, formatSupportDiagnosticsTable } from "../support-diagnostics.js";
|
|
14
16
|
import { CliError } from "../types.js";
|
|
15
17
|
import { main as runInitMain } from "../../init.js";
|
|
18
|
+
import { parseCompletionInitArgs, scaffoldCompletionInit } from "../../completion-init.js";
|
|
19
|
+
import { parseProjectInitArgv, runProjectInit } from "../../project-init.js";
|
|
20
|
+
import { copyTemplateToDirectory, normalizeTemplateId, templateInitUsage, } from "../../template-init.js";
|
|
16
21
|
import { parseArgs as parseLoginArgs, runLogin } from "../../login.js";
|
|
17
22
|
import { main as runMcpServerMain } from "../../mcp-server.js";
|
|
18
23
|
import { PaybondMCPServer } from "../../mcp-server.js";
|
|
@@ -89,19 +94,105 @@ export async function handleLogin(ctx, argv) {
|
|
|
89
94
|
}
|
|
90
95
|
return { data: loginResultData(result) };
|
|
91
96
|
}
|
|
97
|
+
export async function handleInitWizard(ctx, argv) {
|
|
98
|
+
let parsed;
|
|
99
|
+
try {
|
|
100
|
+
parsed = parseProjectInitArgv(argv);
|
|
101
|
+
}
|
|
102
|
+
catch (err) {
|
|
103
|
+
throw new CliError(err instanceof Error ? err.message : String(err), {
|
|
104
|
+
category: "usage",
|
|
105
|
+
code: "cli.usage.invalid_init",
|
|
106
|
+
});
|
|
107
|
+
}
|
|
108
|
+
if (parsed === "help") {
|
|
109
|
+
throw new CliError(templateInitUsage(), { category: "usage", code: "cli.help" });
|
|
110
|
+
}
|
|
111
|
+
try {
|
|
112
|
+
if (parsed.template) {
|
|
113
|
+
const result = await copyTemplateToDirectory({
|
|
114
|
+
cwd: ctx.cwd,
|
|
115
|
+
templateId: normalizeTemplateId(parsed.template),
|
|
116
|
+
framework: parsed.framework,
|
|
117
|
+
force: parsed.force,
|
|
118
|
+
writeStdout(line) {
|
|
119
|
+
if (ctx.globals.format !== "json") {
|
|
120
|
+
ctx.stdout.write(`${line}\n`);
|
|
121
|
+
}
|
|
122
|
+
},
|
|
123
|
+
});
|
|
124
|
+
return { data: result };
|
|
125
|
+
}
|
|
126
|
+
const { template: _template, ...wizardOptions } = parsed;
|
|
127
|
+
const result = await runProjectInit({
|
|
128
|
+
cwd: ctx.cwd,
|
|
129
|
+
...wizardOptions,
|
|
130
|
+
writeStdout(line) {
|
|
131
|
+
if (ctx.globals.format !== "json") {
|
|
132
|
+
ctx.stdout.write(`${line}\n`);
|
|
133
|
+
}
|
|
134
|
+
},
|
|
135
|
+
});
|
|
136
|
+
return { data: result };
|
|
137
|
+
}
|
|
138
|
+
catch (err) {
|
|
139
|
+
throw new CliError(err instanceof Error ? err.message : String(err), {
|
|
140
|
+
category: "validation",
|
|
141
|
+
code: "cli.init.failed",
|
|
142
|
+
});
|
|
143
|
+
}
|
|
144
|
+
}
|
|
92
145
|
export async function handleInitGuardrail(ctx, argv) {
|
|
93
|
-
|
|
146
|
+
return handleInitScaffold(ctx, argv, "paid-tool-guard", "paybond-paid-tool-guard.ts");
|
|
147
|
+
}
|
|
148
|
+
export async function handleInitAgentMiddleware(ctx, argv) {
|
|
149
|
+
return handleInitScaffold(ctx, argv, "agent-middleware", "paybond-agent-middleware.ts");
|
|
150
|
+
}
|
|
151
|
+
async function handleInitScaffold(ctx, argv, defaultPreset, defaultOut) {
|
|
152
|
+
const code = await runInitMain(["--preset", defaultPreset, ...argv]);
|
|
94
153
|
if (code !== 0) {
|
|
95
|
-
throw new CliError(
|
|
154
|
+
throw new CliError(`init ${defaultPreset} failed`, { category: "validation", code: "cli.init.failed", exitCode: code });
|
|
96
155
|
}
|
|
97
156
|
const outFlag = consumeFlag(argv, "--out");
|
|
98
157
|
const frameworkFlag = consumeFlag(argv, "--framework");
|
|
99
|
-
const presetFlag = consumeFlag(argv, "--preset");
|
|
100
158
|
return {
|
|
101
159
|
data: {
|
|
102
|
-
out: outFlag.value ??
|
|
103
|
-
preset:
|
|
104
|
-
framework: frameworkFlag.value ?? "provider-agnostic",
|
|
160
|
+
out: outFlag.value ?? defaultOut,
|
|
161
|
+
preset: defaultPreset,
|
|
162
|
+
framework: frameworkFlag.value ?? (defaultPreset === "agent-middleware" ? "generic" : "provider-agnostic"),
|
|
163
|
+
bytes_written: true,
|
|
164
|
+
completion_preset: "cost_and_completion",
|
|
165
|
+
},
|
|
166
|
+
};
|
|
167
|
+
}
|
|
168
|
+
export async function handleInitCompletion(ctx, argv) {
|
|
169
|
+
let parsed;
|
|
170
|
+
try {
|
|
171
|
+
const result = parseCompletionInitArgs(argv);
|
|
172
|
+
if (result === "help") {
|
|
173
|
+
throw new CliError("help", { category: "usage", code: "cli.help" });
|
|
174
|
+
}
|
|
175
|
+
parsed = result;
|
|
176
|
+
}
|
|
177
|
+
catch (err) {
|
|
178
|
+
throw new CliError(err instanceof Error ? err.message : String(err), {
|
|
179
|
+
category: "usage",
|
|
180
|
+
code: "cli.usage.invalid_init_completion",
|
|
181
|
+
});
|
|
182
|
+
}
|
|
183
|
+
try {
|
|
184
|
+
await scaffoldCompletionInit(parsed);
|
|
185
|
+
}
|
|
186
|
+
catch (err) {
|
|
187
|
+
throw new CliError(err instanceof Error ? err.message : String(err), {
|
|
188
|
+
category: "validation",
|
|
189
|
+
code: "cli.init.failed",
|
|
190
|
+
});
|
|
191
|
+
}
|
|
192
|
+
return {
|
|
193
|
+
data: {
|
|
194
|
+
out: parsed.out,
|
|
195
|
+
preset: parsed.preset,
|
|
105
196
|
bytes_written: true,
|
|
106
197
|
},
|
|
107
198
|
};
|
|
@@ -158,7 +249,7 @@ export async function handleMcpInstall(ctx, argv) {
|
|
|
158
249
|
out: outFlag.value,
|
|
159
250
|
cwd: ctx.cwd,
|
|
160
251
|
home: process.env.HOME ?? process.env.USERPROFILE ?? ctx.cwd,
|
|
161
|
-
toolPolicy: toolPolicy
|
|
252
|
+
toolPolicy: resolveMcpToolPolicy(toolPolicy),
|
|
162
253
|
});
|
|
163
254
|
if (plan.printed) {
|
|
164
255
|
if (ctx.globals.format !== "json") {
|
|
@@ -301,7 +392,32 @@ export async function handleDoctor(ctx, argv) {
|
|
|
301
392
|
});
|
|
302
393
|
checks.push(...agentChecks);
|
|
303
394
|
}
|
|
395
|
+
if (apiKey) {
|
|
396
|
+
checks.push(await runAgentMiddlewareDoctorCheck(ctx, apiKey));
|
|
397
|
+
}
|
|
398
|
+
else {
|
|
399
|
+
checks.push({
|
|
400
|
+
name: "agent_middleware_smoke",
|
|
401
|
+
ok: false,
|
|
402
|
+
message: "skipped (missing API key)",
|
|
403
|
+
});
|
|
404
|
+
}
|
|
304
405
|
}
|
|
406
|
+
const completionChecks = await runCompletionCatalogDoctorChecks({
|
|
407
|
+
cwd: ctx.cwd,
|
|
408
|
+
gateway: apiKey
|
|
409
|
+
? {
|
|
410
|
+
async getJson(path) {
|
|
411
|
+
const result = await withGateway(ctx, async (gateway) => {
|
|
412
|
+
const body = await gateway.getJson(path);
|
|
413
|
+
return { data: body };
|
|
414
|
+
});
|
|
415
|
+
return result.data;
|
|
416
|
+
},
|
|
417
|
+
}
|
|
418
|
+
: undefined,
|
|
419
|
+
});
|
|
420
|
+
checks.push(...completionChecks);
|
|
305
421
|
const summary = checks.every((check) => check.ok) ? "pass" : "fail";
|
|
306
422
|
return { data: { checks, summary } };
|
|
307
423
|
}
|
|
@@ -146,23 +146,28 @@ export async function handleGuardrails(ctx, subcommand, argv) {
|
|
|
146
146
|
if (subcommand === "bootstrap") {
|
|
147
147
|
const operationFlag = consumeFlag(argv, "--operation");
|
|
148
148
|
const spendFlag = consumeFlag(argv, "--requested-spend-cents");
|
|
149
|
+
const presetFlag = consumeFlag(argv, "--completion-preset");
|
|
149
150
|
if (!operationFlag.value || !spendFlag.value) {
|
|
150
151
|
throw new CliError("guardrails bootstrap requires --operation and --requested-spend-cents", { category: "usage", code: "cli.usage.missing_args" });
|
|
151
152
|
}
|
|
152
153
|
const spendCents = parseRequiredNonNegativeInt(spendFlag.value, "--requested-spend-cents");
|
|
153
|
-
const
|
|
154
|
+
const bodyPayload = {
|
|
154
155
|
operation: operationFlag.value,
|
|
155
156
|
requested_spend_cents: spendCents,
|
|
156
|
-
}
|
|
157
|
+
};
|
|
158
|
+
if (presetFlag.value) {
|
|
159
|
+
bodyPayload.completion_preset = presetFlag.value;
|
|
160
|
+
}
|
|
161
|
+
const body = await gateway.postJson("/v1/sandbox/guardrails/bootstrap", bodyPayload);
|
|
157
162
|
return {
|
|
158
|
-
data: {
|
|
163
|
+
data: redactSensitiveFields({
|
|
159
164
|
tenant_id: String(body.tenant_id ?? ""),
|
|
160
165
|
intent_id: String(body.intent_id ?? ""),
|
|
161
166
|
capability_token: String(body.capability_token ?? ""),
|
|
162
167
|
operation: String(body.operation ?? operationFlag.value),
|
|
163
168
|
requested_spend_cents: Number(body.requested_spend_cents ?? spendCents),
|
|
164
169
|
sandbox_lifecycle_status: String(body.sandbox_lifecycle_status ?? ""),
|
|
165
|
-
},
|
|
170
|
+
}),
|
|
166
171
|
};
|
|
167
172
|
}
|
|
168
173
|
if (subcommand === "evidence") {
|
package/dist/cli/config.d.ts
CHANGED
package/dist/cli/config.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { mkdir, readFile, writeFile } from "node:fs/promises";
|
|
2
2
|
import { redactConfigValue } from "./redact.js";
|
|
3
|
+
import { validateCliGateway } from "./globals.js";
|
|
3
4
|
import { CliError } from "./types.js";
|
|
4
5
|
export function configFilePath() {
|
|
5
6
|
const home = process.env.HOME?.trim() || process.env.USERPROFILE?.trim() || "";
|
|
@@ -40,15 +41,16 @@ export async function resolveConfigValue(key, profile) {
|
|
|
40
41
|
return config.values?.[key];
|
|
41
42
|
}
|
|
42
43
|
export async function setConfigValue(key, value, profile) {
|
|
44
|
+
const storedValue = key.toLowerCase() === "gateway" ? validateCliGateway(value) : value;
|
|
43
45
|
const config = await loadConfigFile();
|
|
44
46
|
if (profile) {
|
|
45
47
|
config.profiles ??= {};
|
|
46
48
|
config.profiles[profile] ??= {};
|
|
47
|
-
config.profiles[profile][key] =
|
|
49
|
+
config.profiles[profile][key] = storedValue;
|
|
48
50
|
}
|
|
49
51
|
else {
|
|
50
52
|
config.values ??= {};
|
|
51
|
-
config.values[key] =
|
|
53
|
+
config.values[key] = storedValue;
|
|
52
54
|
}
|
|
53
55
|
await saveConfigFile(config);
|
|
54
56
|
}
|
package/dist/cli/context.js
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { resolveApiKeyWithMeta } from "./credentials.js";
|
|
2
|
+
import { requireSecureGatewayUrl } from "../gateway-url.js";
|
|
2
3
|
import { CliError, exitCodeForHttpStatus, } from "./types.js";
|
|
3
4
|
export function gatewayUrl(base, path) {
|
|
4
|
-
return `${base
|
|
5
|
+
return `${requireSecureGatewayUrl(base)}${path.startsWith("/") ? path : `/${path}`}`;
|
|
5
6
|
}
|
|
6
7
|
function parseGatewayErrorBody(body, status) {
|
|
7
8
|
const nested = body.error;
|
package/dist/cli/credentials.js
CHANGED
|
@@ -2,7 +2,7 @@ import { readFile } from "node:fs/promises";
|
|
|
2
2
|
import path from "node:path";
|
|
3
3
|
import { resolveConfigValue } from "./config.js";
|
|
4
4
|
import { CLI_WARN_ENV_FALLBACK, formatWarning } from "./automation.js";
|
|
5
|
-
import { DEFAULT_ENV_FILE, DEFAULT_GATEWAY } from "./globals.js";
|
|
5
|
+
import { DEFAULT_ENV_FILE, DEFAULT_GATEWAY, validateCliGateway } from "./globals.js";
|
|
6
6
|
import { CliError } from "./types.js";
|
|
7
7
|
function resolvePath(cwd, envFile) {
|
|
8
8
|
return path.isAbsolute(envFile) ? path.resolve(envFile) : path.resolve(cwd, envFile);
|
|
@@ -68,7 +68,7 @@ export async function resolveApiKeyWithMeta(globals, cwd) {
|
|
|
68
68
|
warnings.push(formatWarning(CLI_WARN_ENV_FALLBACK, `using profile ${globals.profile} env_file`));
|
|
69
69
|
}
|
|
70
70
|
if (profileGateway) {
|
|
71
|
-
gateway = profileGateway;
|
|
71
|
+
gateway = validateCliGateway(profileGateway);
|
|
72
72
|
warnings.push(formatWarning(CLI_WARN_ENV_FALLBACK, `using profile ${globals.profile} gateway`));
|
|
73
73
|
}
|
|
74
74
|
}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { CliContext } from "./context.js";
|
|
2
|
+
import type { DoctorCheck } from "./doctor-agent.js";
|
|
3
|
+
export declare const AGENT_MIDDLEWARE_SMOKE_NEXT = "paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json";
|
|
4
|
+
/** Run sandbox middleware smoke as a doctor --agent check (uses ctx.fetch / project cwd). */
|
|
5
|
+
export declare function runAgentMiddlewareDoctorCheck(ctx: CliContext, apiKey: string): Promise<DoctorCheck>;
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
import { apiKeyEnvironment } from "./agent/paybond.js";
|
|
2
|
+
import { handleAgentSandboxSmoke } from "./commands/agent.js";
|
|
3
|
+
import { CliError } from "./types.js";
|
|
4
|
+
export const AGENT_MIDDLEWARE_SMOKE_NEXT = "paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json";
|
|
5
|
+
/** Run sandbox middleware smoke as a doctor --agent check (uses ctx.fetch / project cwd). */
|
|
6
|
+
export async function runAgentMiddlewareDoctorCheck(ctx, apiKey) {
|
|
7
|
+
if (!apiKey) {
|
|
8
|
+
return {
|
|
9
|
+
name: "agent_middleware_smoke",
|
|
10
|
+
ok: false,
|
|
11
|
+
message: "skipped (missing API key)",
|
|
12
|
+
details: { next_command: AGENT_MIDDLEWARE_SMOKE_NEXT },
|
|
13
|
+
};
|
|
14
|
+
}
|
|
15
|
+
if (apiKeyEnvironment(apiKey) === "live") {
|
|
16
|
+
return {
|
|
17
|
+
name: "agent_middleware_smoke",
|
|
18
|
+
ok: true,
|
|
19
|
+
message: "skipped (live API key; smoke uses sandbox guardrails bootstrap)",
|
|
20
|
+
details: { next_command: AGENT_MIDDLEWARE_SMOKE_NEXT },
|
|
21
|
+
};
|
|
22
|
+
}
|
|
23
|
+
try {
|
|
24
|
+
await handleAgentSandboxSmoke(ctx, [
|
|
25
|
+
"--operation",
|
|
26
|
+
"paid-tool",
|
|
27
|
+
"--requested-spend-cents",
|
|
28
|
+
"100",
|
|
29
|
+
"--evidence-preset",
|
|
30
|
+
"cost_and_completion",
|
|
31
|
+
"--result-body",
|
|
32
|
+
'{"status":"ok","cost_cents":100}',
|
|
33
|
+
]);
|
|
34
|
+
return {
|
|
35
|
+
name: "agent_middleware_smoke",
|
|
36
|
+
ok: true,
|
|
37
|
+
message: "bind, authorize, execute, and auto-evidence succeeded",
|
|
38
|
+
};
|
|
39
|
+
}
|
|
40
|
+
catch (err) {
|
|
41
|
+
const message = err instanceof CliError ? err.message : err instanceof Error ? err.message : String(err);
|
|
42
|
+
return {
|
|
43
|
+
name: "agent_middleware_smoke",
|
|
44
|
+
ok: false,
|
|
45
|
+
message,
|
|
46
|
+
details: { next_command: AGENT_MIDDLEWARE_SMOKE_NEXT },
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
}
|
package/dist/cli/globals.d.ts
CHANGED
|
@@ -3,6 +3,7 @@ export declare const DEFAULT_GATEWAY = "https://api.paybond.ai";
|
|
|
3
3
|
export declare const DEFAULT_ENV_FILE = ".env.local";
|
|
4
4
|
export declare const TENANT_OVERRIDE_FLAGS: readonly ["--tenant-id", "--tenant", "--tenant_id"];
|
|
5
5
|
export declare function rejectsTenantOverrideFlag(arg: string): boolean;
|
|
6
|
+
export declare function validateCliGateway(url: string): string;
|
|
6
7
|
export declare function parseRequiredNonNegativeInt(raw: string, field: string): number;
|
|
7
8
|
export declare function parseOptionalNonNegativeInt(raw: string | undefined, field: string): number;
|
|
8
9
|
export declare function defaultGlobalOptions(): GlobalOptions;
|
package/dist/cli/globals.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { generateRequestId } from "./request-id.js";
|
|
2
2
|
import { parseColorMode, resolveColorModeFromEnv } from "./color.js";
|
|
3
3
|
import { formatUnknownGlobalFlagMessage } from "./suggest.js";
|
|
4
|
+
import { InsecureGatewayURLError, requireSecureGatewayUrl } from "../gateway-url.js";
|
|
4
5
|
import { CliError } from "./types.js";
|
|
5
6
|
export const DEFAULT_GATEWAY = "https://api.paybond.ai";
|
|
6
7
|
export const DEFAULT_ENV_FILE = ".env.local";
|
|
@@ -13,6 +14,15 @@ export function rejectsTenantOverrideFlag(arg) {
|
|
|
13
14
|
}
|
|
14
15
|
return false;
|
|
15
16
|
}
|
|
17
|
+
export function validateCliGateway(url) {
|
|
18
|
+
try {
|
|
19
|
+
return requireSecureGatewayUrl(url);
|
|
20
|
+
}
|
|
21
|
+
catch (err) {
|
|
22
|
+
const message = err instanceof InsecureGatewayURLError ? err.message : String(err);
|
|
23
|
+
throw new CliError(message, { category: "validation", code: "cli.validation.insecure_gateway" });
|
|
24
|
+
}
|
|
25
|
+
}
|
|
16
26
|
export function parseRequiredNonNegativeInt(raw, field) {
|
|
17
27
|
const text = raw.trim();
|
|
18
28
|
if (!text) {
|
|
@@ -131,7 +141,7 @@ export function parseCliArgv(argv) {
|
|
|
131
141
|
if (!value.trim()) {
|
|
132
142
|
throw new CliError("invalid --gateway", { category: "usage", code: "cli.usage.invalid_gateway" });
|
|
133
143
|
}
|
|
134
|
-
globals.gateway = value.trim();
|
|
144
|
+
globals.gateway = validateCliGateway(value.trim());
|
|
135
145
|
i += consumed;
|
|
136
146
|
continue;
|
|
137
147
|
}
|
package/dist/cli/help.d.ts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export declare const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init guardrail
|
|
1
|
+
export declare const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel smoke, trace dashboard, WireMock up, and guided setup\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize Authorize delegated spend for a tool call\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement receipts\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
|
|
2
2
|
export declare const COMMAND_HELP: Record<string, string>;
|
|
3
3
|
export declare function helpForCommand(path: string): string;
|
package/dist/cli/help.js
CHANGED
|
@@ -1,17 +1,35 @@
|
|
|
1
1
|
// Generated by kit/cli-parity/generate.mjs — do not edit by hand.
|
|
2
|
-
export const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init guardrail
|
|
2
|
+
export const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel smoke, trace dashboard, WireMock up, and guided setup\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize Authorize delegated spend for a tool call\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement receipts\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
|
|
3
3
|
export const COMMAND_HELP = {
|
|
4
4
|
"onboarding": "Usage: paybond onboarding [--host claude|codex|openai|generic]\n\nRuns a guided, non-destructive first-run workflow: runtime check, login status, guardrail file status, MCP config preview, and doctor.\n\nExamples:\n $ paybond onboarding\n $ paybond onboarding --host claude --format json\n\nDocs: https://docs.paybond.ai/kit/coding-agent-setup\n\nNext: paybond login",
|
|
5
5
|
"help": "Usage: paybond help [<command> [<subcommand> ...]]\n\nShows detailed help for a command path. Without arguments, prints root help.\n\nExamples:\n $ paybond help\n $ paybond help login\n $ paybond help mcp install",
|
|
6
6
|
"examples": "Usage: paybond examples [<command> [<subcommand> ...]]\n\nLists copy-paste examples from the command spec. Filter with an optional command path.\n\nExamples:\n $ paybond examples\n $ paybond examples doctor",
|
|
7
7
|
"completion": "Usage: paybond completion bash|zsh|fish\n\nPrints a shell completion script generated from the command spec. Pipe to your shell config.\n\nExamples:\n $ paybond completion bash >> ~/.bashrc\n $ paybond completion zsh >> ~/.zshrc\n $ paybond completion fish | source",
|
|
8
8
|
"login": "Usage: paybond login [--env sandbox] [--env-file .env.local] [--gateway <url>] [--no-open] [--force]\n\nStarts sandbox device login and writes PAYBOND_API_KEY to the env file.\n\nExamples:\n $ paybond login\n $ paybond login --no-open --format json\n\nDocs: https://docs.paybond.ai/kit/authentication\n\nNext: paybond doctor",
|
|
9
|
-
"init
|
|
9
|
+
"init": "Usage: paybond init [--solution shopping|travel|saas|mcp-server|aws] [--max-spend-usd <n>] [--framework openai|langgraph|mcp|generic] [--language typescript|python] [--non-interactive] [--force]\n\nInteractive first-run scaffold: solution bundle policy, client bootstrap, framework instrument stub, .env.example, and npm smoke script.\n\nExamples:\n $ paybond init\n $ paybond init --solution travel --max-spend-usd 500 --framework langgraph --non-interactive\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent\n\nNext: paybond login",
|
|
10
|
+
"init guardrail": "Usage: paybond init guardrail [--preset paid-tool-guard] [--framework <name>] [--out <path>] [--force]\n\nScaffolds a sandbox paid-tool guardrail integration file aligned with the cost_and_completion catalog archetype.\n\nExamples:\n $ paybond init guardrail\n $ paybond init guardrail --framework openai --out guard.ts\n\nDocs: https://docs.paybond.ai/kit/index\n\nNext: paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100",
|
|
11
|
+
"init completion": "Usage: paybond init completion --preset <archetype> [--out <path>] [--force]\n\nScaffolds a completion evidence helper from the shared preset catalog (evidence_schema, buildCompletionEvidence, policy_binding stub).\n\nExamples:\n $ paybond init completion --preset api_response_ok\n $ paybond init completion --preset cost_and_completion --out paybond-completion.ts\n\nDocs: https://docs.paybond.ai/kit/completion-presets\n\nNext: paybond policy preview --preset api_response_ok --evidence-file evidence.json",
|
|
12
|
+
"policy templates": "Usage: paybond policy templates\n\nLists completion preset archetypes from kit/completion-presets/catalog.json.\n\nExamples:\n $ paybond policy templates\n $ paybond policy templates --format json\n\nDocs: https://docs.paybond.ai/kit/completion-presets\n\nNext: paybond policy preview --preset api_response_ok --evidence-file evidence.json",
|
|
13
|
+
"policy preview": "Usage: paybond policy preview --template <id>|--preset <archetype> [--parameters-file <path>] --evidence-file <path> [--schema-file <path>] [--amount-cents <n>]\n\nMaterializes a Harbor managed template and evaluates sample evidence (preview + test) against the gateway.\n\nExamples:\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n $ paybond policy preview --template api_response_v1 --parameters-file parameters.json --evidence-file evidence.json\n\nDocs: https://docs.paybond.ai/kit/completion-presets",
|
|
14
|
+
"policy import-mcp-receipt": "Usage: paybond policy import-mcp-receipt --decision-file <path> --outcome-file <path> [--write-evidence-file <path>]\n\nVerifies Ed25519 signatures on paired SEP-2828 MCP decision and outcome records, then maps them into artifact_attested evidence fields.\n\nExamples:\n $ paybond policy import-mcp-receipt --decision-file decision.json --outcome-file outcome.json\n $ paybond policy import-mcp-receipt --decision-file decision.json --outcome-file outcome.json --write-evidence-file evidence.json\n\nDocs: https://docs.paybond.ai/kit/completion-presets",
|
|
15
|
+
"policy import-x402-receipt": "Usage: paybond policy import-x402-receipt --receipt-file <path> [--write-evidence-file <path>]\n\nVerifies a signed x402 offer-receipt artifact (JWS or EIP-712), then maps it into artifact_attested evidence fields (BLAKE3 digest of JCS-canonical receipt bytes).\n\nExamples:\n $ paybond policy import-x402-receipt --receipt-file receipt.json\n $ paybond policy import-x402-receipt --receipt-file receipt.json --write-evidence-file evidence.json\n\nDocs: https://docs.paybond.ai/kit/completion-presets",
|
|
16
|
+
"policy validate-evidence": "Usage: paybond policy validate-evidence --preset <id> [--vendor-file <path>] [--canonical-file <path>] [--frozen-api-version <ver>] [--frozen-vendor-schema-digest <hex>] [--frozen-canonical-schema-digest <hex>]\n\nPre-validates vendor and canonical completion evidence against catalog JSON Schemas and preset forbidden_evidence_fields (signal-only; Harbor remains authoritative at submit).\n\nExamples:\n $ paybond policy validate-evidence --preset stripe_charge --vendor-file vendor.json\n $ paybond policy validate-evidence --preset ach_travel_booking --vendor-file booking.json --frozen-api-version 2024-10-28.acacia\n\nDocs: https://docs.paybond.ai/kit/completion-presets",
|
|
17
|
+
"policy presets list": "Usage: paybond policy presets list\n\nLists bundled policy domains, guardrails, flat/composed presets, and solution manifests.\n\nExamples:\n $ paybond policy presets list\n $ paybond policy presets list --format json\n\nDocs: https://docs.paybond.ai/kit/agent-policy\n\nNext: paybond policy presets show travel",
|
|
18
|
+
"policy presets show": "Usage: paybond policy presets show <preset>|--preset <id> [--max-spend <usd>] [--domain <id> --guardrails <csv>]\n\nPreview composed paybond.policy.yaml for a bundled preset or custom domain + guardrails composition.\n\nExamples:\n $ paybond policy presets show travel\n $ paybond policy presets show --preset travel --max-spend 500\n $ paybond policy presets show --domain travel --guardrails read-only,max-spend:500\n\nDocs: https://docs.paybond.ai/kit/agent-policy\n\nNext: paybond policy init --preset travel --out paybond.policy.yaml",
|
|
19
|
+
"policy init": "Usage: paybond policy init [--out <path>] [--preset <id>] [--domain <id> --guardrails <csv>] [--max-spend <usd>] [--operation <name>] [--evidence-preset <id>] [--force]\n\nScaffolds paybond.policy.yaml from a bundled vertical preset, composed domain + guardrails, or a single-operation starter template.\n\nExamples:\n $ paybond policy init --preset travel --out paybond.policy.yaml\n $ paybond policy init --preset travel --max-spend 500 --out paybond.policy.yaml\n $ paybond policy init --domain travel --guardrails read-only,max-spend:500 --out paybond.policy.yaml\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy init --operation travel.book_hotel --evidence-preset cost_and_completion\n\nDocs: https://docs.paybond.ai/kit/agent-policy\n\nNext: paybond policy validate-tools --file paybond.policy.yaml",
|
|
20
|
+
"policy init-org": "Usage: paybond policy init-org --policy-id <id> [--out <path>] [--operation <name>] [--evidence-preset <id>] [--max-spend-cents <n>] [--force]\n\nScaffolds a v2 org base policy for platform operators. Publish with PUT /v1/admin/org-policies/{policy_id}?org_id=... after review.\n\nExamples:\n $ paybond policy init-org --policy-id acme-agent-spend-v1 --out org-agent-spend-v1.yaml\n $ paybond policy init-org --policy-id acme-agent-spend-v1 --operation travel.book_hotel --max-spend-cents 20000\n\nDocs: https://docs.paybond.ai/kit/enterprise-policy-inheritance\n\nNext: paybond policy extend --extends org_acme_corp/acme-agent-spend-v1",
|
|
21
|
+
"policy extend": "Usage: paybond policy extend --extends <org_id/org_policy_id> [--out <path>] [--name <overlay_name>] [--operation <tenant_tool>] [--evidence-preset <id>] [--base-policy <path>] [--force]\n\nScaffolds a v2 tenant overlay paybond.policy.yaml that extends a published org base policy.\n\nExamples:\n $ paybond policy extend --extends org_acme_corp/acme-agent-spend-v1 --out paybond.policy.yaml\n $ paybond policy extend --extends org_acme_corp/acme-agent-spend-v1 --operation acme.internal.approve_po --evidence-preset cost_and_completion\n\nDocs: https://docs.paybond.ai/kit/enterprise-policy-inheritance\n\nNext: paybond policy validate-tools --file paybond.policy.yaml --remote --resolve-inheritance",
|
|
22
|
+
"policy validate-tools": "Usage: paybond policy validate-tools --file <path> [--remote] [--local-only] [--strict] [--check-gateway] [--resolve-inheritance]\n\nValidates a paybond.policy.yaml file before deploy or agent bind. Uses Gateway POST /v1/policy/validate when logged in (--remote, or default with credentials). --resolve-inheritance merges org base server-side for tenant overlays.\n\nExamples:\n $ paybond policy validate-tools --file paybond.policy.yaml --local-only\n $ paybond policy validate-tools --file paybond.policy.yaml --remote --format json\n $ paybond policy validate-tools --file paybond.policy.yaml --remote --resolve-inheritance --format json\n\nDocs: https://docs.paybond.ai/kit/agent-policy-validate",
|
|
10
23
|
"mcp serve": "Usage: paybond mcp serve\n\nRuns the stdio MCP server until the host process exits. Diagnostics print to stderr; stdout is reserved for MCP JSON-RPC.\n\nExamples:\n $ paybond mcp serve",
|
|
11
24
|
"mcp install": "Usage: paybond mcp install --host claude|codex|openai|generic [--scope local|project|user] [--format json|toml] [--out <path>] [--env-file <path>] [--tool-policy readonly|spend-write|allowlist] [--tool-allowlist <names>]\n\nWrites a stdio MCP server entry that references PAYBOND_ENV_FILE (never raw API keys).\nDefault format is TOML for codex and JSON for other hosts. --scope local prints without writing.\nOptional --tool-policy controls which Paybond MCP tools the server exposes.\n\nExamples:\n $ paybond mcp install --host claude\n $ paybond mcp install --host generic --scope project --tool-policy readonly\n\nDocs: https://docs.paybond.ai/kit/coding-agent-setup\n\nNext: paybond mcp verify-config --host claude",
|
|
12
25
|
"mcp verify-config": "Usage: paybond mcp verify-config --host claude|codex|openai|generic [--format json|toml] [--env-file <path>] [--config <path>]\n\nValidates a generated or on-disk MCP host config without launching the MCP server.\n\nExamples:\n $ paybond mcp verify-config --host claude\n $ paybond mcp verify-config --host generic --config .paybond/mcp.json\n\nDocs: https://docs.paybond.ai/kit/coding-agent-setup\n\nNext: paybond doctor --agent",
|
|
13
26
|
"mcp tools": "Usage: paybond mcp tools\n\nLists tools exposed by the local MCP server.\n\nExamples:\n $ paybond mcp tools",
|
|
14
|
-
"doctor": "Usage: paybond doctor [--agent] [--host claude|codex|openai|generic]\n\nValidates runtime, package version, env file, key shape, principal lookup, and with --agent deep MCP checks
|
|
27
|
+
"doctor": "Usage: paybond doctor [--agent] [--host claude|codex|openai|generic]\n\nValidates runtime, package version, env file, key shape, principal lookup, and with --agent deep MCP checks plus agent middleware sandbox smoke (bind, authorize, execute, auto-evidence).\n\nExamples:\n $ paybond doctor\n $ paybond doctor --agent --format json\n\nDocs: https://docs.paybond.ai/kit/coding-agent-setup\n\nNext: paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json",
|
|
28
|
+
"dev": "Usage: paybond dev <smoke|trace|loop|up> [args]\n\nLocal sandbox developer workflows: travel smoke with checklist output, trace dashboard, optional WireMock Gateway (`dev up`), and a guided login → policy → validate → smoke loop. Use `--offline` on smoke/loop for in-process mock capability and simulated settlement without PAYBOND_API_KEY.\n\nExamples:\n $ paybond dev smoke --offline\n $ paybond dev trace\n $ paybond dev loop\n $ paybond dev up\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent\n\nNext: paybond dev loop --offline",
|
|
29
|
+
"dev smoke": "Usage: paybond dev smoke [--preset travel] [--offline] [--format table|json]\n\nRuns agent sandbox smoke with travel preset defaults and records a local trace event. With `--offline`, uses an in-process mock capability and simulated settlement lifecycle (no PAYBOND_API_KEY required).\n\nExamples:\n $ paybond dev smoke\n $ paybond dev smoke --offline\n $ paybond dev smoke --format json\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent\n\nNext: paybond dev trace",
|
|
30
|
+
"dev trace": "Usage: paybond dev trace [--port 9477]\n\nStarts a local HTTP trace dashboard on port 9477 showing recent tool authorization events from dev smoke runs.\n\nExamples:\n $ paybond dev trace\n $ paybond dev trace --port 9477\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent",
|
|
31
|
+
"dev loop": "Usage: paybond dev loop [--policy-file paybond.policy.yaml] [--offline] [--no-login]\n\nGuided local loop: login when needed (skipped with `--offline`), scaffold travel policy, validate tools locally, then run dev smoke. Prints a startup banner with trace and audit log paths.\n\nExamples:\n $ paybond dev loop\n $ paybond dev loop --offline\n $ paybond dev loop --format json\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent\n\nNext: paybond dev trace",
|
|
32
|
+
"dev up": "Usage: paybond dev up [--port 18089] [--down]\n\nStarts or stops a local WireMock Gateway using bundled partner-dry-run mappings (Docker required). After `dev up`, point `--gateway` at the printed URL for HTTP-level sandbox smoke.\n\nExamples:\n $ paybond dev up\n $ paybond dev up --port 18089\n $ paybond dev up --down\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent\n\nNext: paybond dev loop --gateway http://127.0.0.1:18089 --no-login",
|
|
15
33
|
"version": "Usage: paybond version [--verbose]\n\nPrints the installed Kit package version. With --verbose, includes runtime, platform, config paths, gateway URL, request ID, MCP tool count, and redacted credential source.\n\nExamples:\n $ paybond version\n $ paybond version --verbose --format json\n\nDocs: https://docs.paybond.ai/kit/package-provenance",
|
|
16
34
|
"diagnose": "Usage: paybond diagnose --redacted\n\nEmits a redacted support bundle for troubleshooting. Never prints raw API keys.\n\nExamples:\n $ paybond diagnose --redacted\n $ paybond diagnose --redacted --format json\n\nDocs: https://docs.paybond.ai/kit/package-provenance",
|
|
17
35
|
"config get": "Usage: paybond config get <key>\n\nExamples:\n $ paybond config get gateway",
|
|
@@ -41,6 +59,20 @@ export const COMMAND_HELP = {
|
|
|
41
59
|
"mandates import": "Usage: paybond mandates import --body <json-file>\n\nExamples:\n $ paybond mandates import --body mandate.json",
|
|
42
60
|
"a2a card": "Usage: paybond a2a card\n\nExamples:\n $ paybond a2a card",
|
|
43
61
|
"a2a contracts": "Usage: paybond a2a contracts [--contract-id <id>]\n\nExamples:\n $ paybond a2a contracts",
|
|
62
|
+
"init agent-middleware": "Usage: paybond init agent-middleware [--framework <name>] [--out <path>] [--force]\n\nScaffolds an agent middleware integration file (PaybondAgentRun, tool registry, interceptor). Default framework is generic (agent-agnostic).\n\nExamples:\n $ paybond init agent-middleware\n $ paybond init agent-middleware --framework claude-agents --out paybond-claude-agents.ts\n $ paybond init agent-middleware --framework openai --out paybond-agent-middleware.ts\n\nDocs: https://docs.paybond.ai/kit/agent-middleware\n\nNext: paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}'",
|
|
63
|
+
"agent run bind": "Usage: paybond agent run bind [--sandbox] [--production] [--policy-file <path>] [--watch] [--operation <name> --requested-spend-cents <n>] [--completion-preset <id>] [--registry-file <path>] [--run-id <id>] [--attach-intent-id <id> --capability-token <token> --payee-did <did> --payee-signing-seed-hex <hex> --agent-recognition-key-id <id> --agent-recognition-signing-seed-hex <hex>] [--write-env]\n\nBind a run-scoped middleware context via sandbox bootstrap or attach an existing funded intent. Production attach requires payee and agent-recognition signing credentials (flags or APP_PAYEE_DID, APP_PAYEE_SEED_HEX, APP_AGENT_RECOGNITION_KEY_ID, APP_AGENT_RECOGNITION_SEED_HEX). Persists context to .paybond/runs/<run_id>.json (mode 0600). Use --watch with --policy-file to record file-watcher reload config for long-lived processes.\n\nExamples:\n $ paybond agent run bind --policy-file paybond.policy.yaml --format json\n $ paybond agent run bind --sandbox --operation travel.book_hotel --requested-spend-cents 20000 --completion-preset cost_and_completion --registry-file ./paybond.agent.registry.yaml --format json\n\nDocs: https://docs.paybond.ai/kit/agent-policy\n\nNext: paybond agent tool execute --help",
|
|
64
|
+
"agent run status": "Usage: paybond agent run status --run-id <id>\n\nInspect a bound run (tenant, intent, allowed tools, policy digest, reload metadata).\n\nExamples:\n $ paybond agent run status --run-id run-123 --format json\n\nDocs: https://docs.paybond.ai/kit/agent-middleware",
|
|
65
|
+
"agent run trace": "Usage: paybond agent run trace --run-id <id>\n\nShow middleware trace events for a bound run (tool selection, spend authorization, evidence, settlement). Reads .paybond/runs/<run_id>.trace.json written during tool execute.\n\nExamples:\n $ paybond agent run trace --run-id run-123 --format json\n $ paybond agent run trace --run-id run-123 --format table\n\nDocs: https://docs.paybond.ai/kit/agent-middleware#trace-events-and-observability",
|
|
66
|
+
"agent run reload-policy": "Usage: paybond agent run reload-policy --run-id <id> [--policy-file <path>] [--remote] [--resolve-inheritance] [--allow-loosen]\n\nReload policy for a persisted run without re-binding the intent. Validates locally and optionally via Gateway before swapping the registry.\n\nExamples:\n $ paybond agent run reload-policy --run-id run-123 --format json\n $ paybond agent run reload-policy --run-id run-123 --policy-file ./paybond.policy.yaml --remote --format json\n\nDocs: https://docs.paybond.ai/kit/policy-hot-reload",
|
|
67
|
+
"agent tool execute": "Usage: paybond agent tool execute --run-id <id> --operation <name> --tool-call-id <id> [--arguments <json>] --result-body <json>|--result-file <path>\n\nRun one tool through the middleware interceptor: authorize, simulated execute, auto-evidence. CLI supplies --result-body; external processes are not invoked in v1.\n\nExamples:\n $ paybond agent tool execute --run-id run-123 --operation travel.book_hotel --tool-call-id call-1 --arguments '{\"city\":\"Lisbon\",\"estimated_price_cents\":18700}' --result-body '{\"reservation\":{\"status\":\"confirmed\",\"price_cents\":18700}}' --format json\n\nDocs: https://docs.paybond.ai/kit/agent-middleware",
|
|
68
|
+
"agent tool validate": "Usage: paybond agent tool validate --run-id <id> --operation <name> [--requested-spend-cents <n>] [--arguments <json>]\n\nAuthorize-only dry run (no execute, no evidence). Useful for agents checking budget before side effects.\n\nExamples:\n $ paybond agent tool validate --run-id run-123 --operation travel.book_hotel --requested-spend-cents 18700 --format json\n\nDocs: https://docs.paybond.ai/kit/agent-middleware",
|
|
69
|
+
"agent registry validate": "Usage: paybond agent registry validate --file <path>\n\nValidate a registry YAML/JSON file before bind (evidence_preset required on side-effecting tools).\n\nExamples:\n $ paybond agent registry validate --file ./paybond.agent.registry.yaml --format json\n\nDocs: https://docs.paybond.ai/kit/agent-middleware",
|
|
70
|
+
"agent sandbox smoke": "Usage: paybond agent sandbox smoke [--production] [--preset <id>] [--policy-file <path>] [--operation <name> --requested-spend-cents <n> --evidence-preset <id>] --result-body <json>|--result-file <path>\n\nOne-shot end-to-end sandbox lifecycle: bind, tool execute, combined result. Ideal for CI and coding agents.\n\nExamples:\n $ paybond agent sandbox smoke --preset travel --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent",
|
|
71
|
+
"agent demo vercel-ai smoke": "Usage: paybond agent demo vercel-ai smoke [--production] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM Vercel AI SDK sandbox demo: toolApproval, wrapped execute, and auto-evidence via MockLanguageModelV4.\n\nExamples:\n $ paybond agent demo vercel-ai smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/vercel-ai",
|
|
72
|
+
"agent demo langgraph smoke": "Usage: paybond agent demo langgraph smoke [--production] [--runtime typescript|python] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM LangGraph sandbox demo: ToolNode interceptor, authorize, execute, and auto-evidence.\n\nExamples:\n $ paybond agent demo langgraph smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/langgraph",
|
|
73
|
+
"agent demo generic smoke": "Usage: paybond agent demo generic smoke [--production] [--runtime typescript|python] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM agent-agnostic sandbox demo: createPaybondGenericAgentConfig, wrapped execute, and auto-evidence.\n\nExamples:\n $ paybond agent demo generic smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/agent-agnostic",
|
|
74
|
+
"agent demo claude-agents smoke": "Usage: paybond agent demo claude-agents smoke [--production] [--runtime typescript|python] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM Claude Agent SDK sandbox demo: in-process MCP tool handlers, authorize, execute, and auto-evidence.\n\nExamples:\n $ paybond agent demo claude-agents smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/claude-agents",
|
|
75
|
+
"agent demo openai-agents smoke": "Usage: paybond agent demo openai-agents smoke [--production] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM OpenAI Agents SDK sandbox demo: input guardrail pre-check, guarded invoke, and auto-evidence.\n\nExamples:\n $ paybond agent demo openai-agents smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/openai-agents",
|
|
44
76
|
"audit exports list": "Usage: paybond audit exports list\n\nExamples:\n $ paybond audit exports list --format json",
|
|
45
77
|
"audit exports get": "Usage: paybond audit exports get <job_id> [--issue-download]\n\nExamples:\n $ paybond audit exports get job-123",
|
|
46
78
|
"audit exports verify": "Usage: paybond audit exports verify <path>\n\nExamples:\n $ paybond audit exports verify ./bundle",
|
package/dist/cli/mcp-install.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { fileURLToPath } from "node:url";
|
|
2
|
-
import { mcpToolPolicyEnv } from "./mcp-policy.js";
|
|
2
|
+
import { mcpToolPolicyEnv, resolveMcpToolPolicy } from "./mcp-policy.js";
|
|
3
3
|
export const MCP_INSTALL_HOSTS = ["claude", "codex", "openai", "generic"];
|
|
4
4
|
export function resolvePackageLocalMcpServerCommand() {
|
|
5
5
|
const mcpServerJs = fileURLToPath(new URL("../mcp-server.js", import.meta.url));
|
|
@@ -12,7 +12,7 @@ export function buildMcpServerEntry(envFile, serverCommand, toolPolicy) {
|
|
|
12
12
|
return {
|
|
13
13
|
command: serverCommand[0],
|
|
14
14
|
args: serverCommand.slice(1),
|
|
15
|
-
env: { PAYBOND_ENV_FILE: envFile, ...mcpToolPolicyEnv(toolPolicy ?? { policy: null, allowlist: [] }) },
|
|
15
|
+
env: { PAYBOND_ENV_FILE: envFile, ...mcpToolPolicyEnv(resolveMcpToolPolicy(toolPolicy ?? { policy: null, allowlist: [] })) },
|
|
16
16
|
};
|
|
17
17
|
}
|
|
18
18
|
export function serializeMcpInstallPayload(format, entry) {
|
package/dist/cli/mcp-policy.d.ts
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
1
|
export type McpToolPolicy = "readonly" | "spend-write" | "allowlist";
|
|
2
2
|
export declare const MCP_TOOL_POLICY_ENV = "PAYBOND_MCP_TOOL_POLICY";
|
|
3
3
|
export declare const MCP_TOOL_ALLOWLIST_ENV = "PAYBOND_MCP_TOOL_ALLOWLIST";
|
|
4
|
+
export declare const DEFAULT_MCP_TOOL_POLICY: McpToolPolicy;
|
|
4
5
|
export declare const LIVE_MONEY_TOOL_NAMES: Set<string>;
|
|
5
6
|
export type McpToolPolicyConfig = {
|
|
6
7
|
policy: McpToolPolicy | null;
|
|
7
8
|
allowlist: readonly string[];
|
|
8
9
|
};
|
|
10
|
+
export declare function defaultMcpToolPolicyConfig(): McpToolPolicyConfig;
|
|
11
|
+
export declare function resolveMcpToolPolicy(config: McpToolPolicyConfig): McpToolPolicyConfig;
|
|
9
12
|
export type McpToolAnnotations = {
|
|
10
13
|
readOnlyHint?: boolean;
|
|
11
14
|
destructiveHint?: boolean;
|