@paybond/kit 0.10.0 → 0.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +59 -15
- package/completion-presets/catalog.json +1187 -0
- package/completion-presets/catalog.sha256 +1 -0
- package/dev/trace-ui/dashboard.html +617 -0
- package/dist/agent/adapter.d.ts +51 -0
- package/dist/agent/adapter.js +66 -0
- package/dist/agent/attach-bundle.d.ts +37 -0
- package/dist/agent/attach-bundle.js +118 -0
- package/dist/agent/authorization-cache.d.ts +22 -0
- package/dist/agent/authorization-cache.js +36 -0
- package/dist/agent/deferred-tools.d.ts +11 -0
- package/dist/agent/deferred-tools.js +62 -0
- package/dist/agent/discover.d.ts +41 -0
- package/dist/agent/discover.js +147 -0
- package/dist/agent/evidence.d.ts +9 -0
- package/dist/agent/evidence.js +28 -0
- package/dist/agent/facade.d.ts +48 -0
- package/dist/agent/facade.js +112 -0
- package/dist/agent/gateway-trace-reporter.d.ts +28 -0
- package/dist/agent/gateway-trace-reporter.js +49 -0
- package/dist/agent/generic-runner.d.ts +14 -0
- package/dist/agent/generic-runner.js +49 -0
- package/dist/agent/generic-sandbox-demo.d.ts +36 -0
- package/dist/agent/generic-sandbox-demo.js +82 -0
- package/dist/agent/guarded-agent.d.ts +49 -0
- package/dist/agent/guarded-agent.js +100 -0
- package/dist/agent/index.d.ts +13 -0
- package/dist/agent/index.js +13 -0
- package/dist/agent/instrument.d.ts +156 -0
- package/dist/agent/instrument.js +442 -0
- package/dist/agent/interceptor.d.ts +24 -0
- package/dist/agent/interceptor.js +440 -0
- package/dist/agent/lazy-context-tools.d.ts +15 -0
- package/dist/agent/lazy-context-tools.js +81 -0
- package/dist/agent/registry-file.d.ts +39 -0
- package/dist/agent/registry-file.js +219 -0
- package/dist/agent/registry.d.ts +37 -0
- package/dist/agent/registry.js +128 -0
- package/dist/agent/run.d.ts +124 -0
- package/dist/agent/run.js +301 -0
- package/dist/agent/types.d.ts +318 -0
- package/dist/agent/types.js +42 -0
- package/dist/agent-recognition.d.ts +72 -0
- package/dist/agent-recognition.js +165 -0
- package/dist/bincode-wire.d.ts +18 -0
- package/dist/bincode-wire.js +93 -0
- package/dist/claude-agents/config.d.ts +21 -0
- package/dist/claude-agents/config.js +145 -0
- package/dist/claude-agents/index.d.ts +2 -0
- package/dist/claude-agents/index.js +2 -0
- package/dist/claude-agents/sandbox-demo.d.ts +30 -0
- package/dist/claude-agents/sandbox-demo.js +91 -0
- package/dist/cli/agent/demo-loaders.d.ts +4 -0
- package/dist/cli/agent/demo-loaders.js +66 -0
- package/dist/cli/agent/env-quote.d.ts +1 -0
- package/dist/cli/agent/env-quote.js +6 -0
- package/dist/cli/agent/env-write.d.ts +8 -0
- package/dist/cli/agent/env-write.js +47 -0
- package/dist/cli/agent/paybond.d.ts +16 -0
- package/dist/cli/agent/paybond.js +55 -0
- package/dist/cli/agent/policy-file.d.ts +29 -0
- package/dist/cli/agent/policy-file.js +61 -0
- package/dist/cli/agent/production-evidence.d.ts +24 -0
- package/dist/cli/agent/production-evidence.js +98 -0
- package/dist/cli/agent/run-store.d.ts +30 -0
- package/dist/cli/agent/run-store.js +42 -0
- package/dist/cli/agent/run-trace-store.d.ts +39 -0
- package/dist/cli/agent/run-trace-store.js +143 -0
- package/dist/cli/agent-run-trace-table.d.ts +9 -0
- package/dist/cli/agent-run-trace-table.js +24 -0
- package/dist/cli/agent-sandbox-smoke-checklist.d.ts +9 -0
- package/dist/cli/agent-sandbox-smoke-checklist.js +50 -0
- package/dist/cli/command-spec.d.ts +1 -0
- package/dist/cli/command-spec.js +286 -5
- package/dist/cli/commands/agent.d.ts +16 -0
- package/dist/cli/commands/agent.js +1136 -0
- package/dist/cli/commands/dev.d.ts +7 -0
- package/dist/cli/commands/dev.js +348 -0
- package/dist/cli/commands/discovery.js +3 -3
- package/dist/cli/commands/policy.d.ts +13 -0
- package/dist/cli/commands/policy.js +769 -0
- package/dist/cli/commands/setup.d.ts +3 -0
- package/dist/cli/commands/setup.js +124 -8
- package/dist/cli/commands/workflows.js +9 -4
- package/dist/cli/config.d.ts +2 -0
- package/dist/cli/config.js +4 -2
- package/dist/cli/context.js +2 -1
- package/dist/cli/credentials.js +2 -2
- package/dist/cli/doctor-agent-middleware.d.ts +5 -0
- package/dist/cli/doctor-agent-middleware.js +49 -0
- package/dist/cli/globals.d.ts +1 -0
- package/dist/cli/globals.js +11 -1
- package/dist/cli/help.d.ts +1 -1
- package/dist/cli/help.js +35 -3
- package/dist/cli/mcp-install.js +2 -2
- package/dist/cli/mcp-policy.d.ts +3 -0
- package/dist/cli/mcp-policy.js +19 -13
- package/dist/cli/mcp-verify-config.js +9 -11
- package/dist/cli/redact.js +29 -8
- package/dist/cli/router.js +105 -2
- package/dist/cli/smoke-deep-links.d.ts +15 -0
- package/dist/cli/smoke-deep-links.js +63 -0
- package/dist/cli/telemetry.d.ts +17 -0
- package/dist/cli/telemetry.js +94 -0
- package/dist/completion-catalog-digest.d.ts +2 -0
- package/dist/completion-catalog-digest.js +2 -0
- package/dist/completion-catalog-integrity.d.ts +2 -0
- package/dist/completion-catalog-integrity.js +17 -0
- package/dist/completion-catalog.d.ts +49 -0
- package/dist/completion-catalog.js +62 -0
- package/dist/completion-contract-digest.d.ts +37 -0
- package/dist/completion-contract-digest.js +73 -0
- package/dist/completion-forbidden-fields.d.ts +5 -0
- package/dist/completion-forbidden-fields.js +26 -0
- package/dist/completion-init.d.ts +8 -0
- package/dist/completion-init.js +334 -0
- package/dist/completion-resolve.d.ts +21 -0
- package/dist/completion-resolve.js +86 -0
- package/dist/completion-validate-evidence.d.ts +24 -0
- package/dist/completion-validate-evidence.js +145 -0
- package/dist/dev/offline-gateway.d.ts +24 -0
- package/dist/dev/offline-gateway.js +102 -0
- package/dist/dev/trace-buffer.d.ts +61 -0
- package/dist/dev/trace-buffer.js +330 -0
- package/dist/dev/trace-security-headers.d.ts +11 -0
- package/dist/dev/trace-security-headers.js +16 -0
- package/dist/dev/trace-server.d.ts +8 -0
- package/dist/dev/trace-server.js +38 -0
- package/dist/dev/trace-ui.d.ts +4 -0
- package/dist/dev/trace-ui.js +25 -0
- package/dist/dev/wiremock-up.d.ts +15 -0
- package/dist/dev/wiremock-up.js +118 -0
- package/dist/doctor-completion.d.ts +17 -0
- package/dist/doctor-completion.js +428 -0
- package/dist/gateway-url.d.ts +7 -0
- package/dist/gateway-url.js +69 -0
- package/dist/index.d.ts +119 -2
- package/dist/index.js +267 -6
- package/dist/init.js +374 -57
- package/dist/langgraph/awrap-tool-call.d.ts +25 -0
- package/dist/langgraph/awrap-tool-call.js +81 -0
- package/dist/langgraph/config.d.ts +13 -0
- package/dist/langgraph/config.js +11 -0
- package/dist/langgraph/index.d.ts +4 -0
- package/dist/langgraph/index.js +4 -0
- package/dist/langgraph/sandbox-demo.d.ts +40 -0
- package/dist/langgraph/sandbox-demo.js +96 -0
- package/dist/langgraph/tool-node.d.ts +10 -0
- package/dist/langgraph/tool-node.js +38 -0
- package/dist/login.js +7 -0
- package/dist/mcp/index.d.ts +1 -0
- package/dist/mcp/index.js +1 -0
- package/dist/mcp/tool-surface.d.ts +25 -0
- package/dist/mcp/tool-surface.js +17 -0
- package/dist/mcp-capability-token-cache.d.ts +24 -0
- package/dist/mcp-capability-token-cache.js +101 -0
- package/dist/mcp-evidence-policy.d.ts +48 -0
- package/dist/mcp-evidence-policy.js +117 -0
- package/dist/mcp-policy-reload.d.ts +79 -0
- package/dist/mcp-policy-reload.js +200 -0
- package/dist/mcp-sep2828-evidence.d.ts +36 -0
- package/dist/mcp-sep2828-evidence.js +65 -0
- package/dist/mcp-server.d.ts +6 -0
- package/dist/mcp-server.js +224 -44
- package/dist/openai-agents/index.d.ts +40 -0
- package/dist/openai-agents/index.js +151 -0
- package/dist/openai-agents/sandbox-demo.d.ts +34 -0
- package/dist/openai-agents/sandbox-demo.js +118 -0
- package/dist/payee-evidence.js +2 -29
- package/dist/policy/catalog.d.ts +31 -0
- package/dist/policy/catalog.js +48 -0
- package/dist/policy/compose-utils.d.ts +3 -0
- package/dist/policy/compose-utils.js +4 -0
- package/dist/policy/compose.d.ts +20 -0
- package/dist/policy/compose.js +240 -0
- package/dist/policy/digest.d.ts +7 -0
- package/dist/policy/digest.js +75 -0
- package/dist/policy/domain.d.ts +15 -0
- package/dist/policy/domain.js +28 -0
- package/dist/policy/guardrail-spec.d.ts +17 -0
- package/dist/policy/guardrail-spec.js +140 -0
- package/dist/policy/guardrails.d.ts +48 -0
- package/dist/policy/guardrails.js +72 -0
- package/dist/policy/index.d.ts +21 -0
- package/dist/policy/index.js +21 -0
- package/dist/policy/init.d.ts +102 -0
- package/dist/policy/init.js +351 -0
- package/dist/policy/intent-spec.d.ts +52 -0
- package/dist/policy/intent-spec.js +176 -0
- package/dist/policy/json-path.d.ts +4 -0
- package/dist/policy/json-path.js +23 -0
- package/dist/policy/layers-io.d.ts +7 -0
- package/dist/policy/layers-io.js +28 -0
- package/dist/policy/load-effective.d.ts +22 -0
- package/dist/policy/load-effective.js +77 -0
- package/dist/policy/load.d.ts +85 -0
- package/dist/policy/load.js +164 -0
- package/dist/policy/merge.d.ts +29 -0
- package/dist/policy/merge.js +297 -0
- package/dist/policy/parse-text.d.ts +2 -0
- package/dist/policy/parse-text.js +126 -0
- package/dist/policy/policy-api.d.ts +45 -0
- package/dist/policy/policy-api.js +61 -0
- package/dist/policy/presets.d.ts +19 -0
- package/dist/policy/presets.js +66 -0
- package/dist/policy/registry.d.ts +7 -0
- package/dist/policy/registry.js +33 -0
- package/dist/policy/reload.d.ts +86 -0
- package/dist/policy/reload.js +233 -0
- package/dist/policy/render-yaml.d.ts +3 -0
- package/dist/policy/render-yaml.js +69 -0
- package/dist/policy/sandbox-bootstrap.d.ts +19 -0
- package/dist/policy/sandbox-bootstrap.js +66 -0
- package/dist/policy/schema.d.ts +204 -0
- package/dist/policy/schema.js +255 -0
- package/dist/policy/snapshot.d.ts +33 -0
- package/dist/policy/snapshot.js +23 -0
- package/dist/policy/validate-remote.d.ts +43 -0
- package/dist/policy/validate-remote.js +104 -0
- package/dist/policy/validate.d.ts +36 -0
- package/dist/policy/validate.js +150 -0
- package/dist/policy/watcher.d.ts +29 -0
- package/dist/policy/watcher.js +112 -0
- package/dist/principal-intent.d.ts +52 -0
- package/dist/principal-intent.js +193 -37
- package/dist/project-init.d.ts +34 -0
- package/dist/project-init.js +898 -0
- package/dist/sep2828-signature.d.ts +10 -0
- package/dist/sep2828-signature.js +134 -0
- package/dist/solutions/api.d.ts +22 -0
- package/dist/solutions/api.js +40 -0
- package/dist/solutions/catalog.d.ts +34 -0
- package/dist/solutions/catalog.js +129 -0
- package/dist/solutions/index.d.ts +2 -0
- package/dist/solutions/index.js +2 -0
- package/dist/template-init.d.ts +54 -0
- package/dist/template-init.js +203 -0
- package/dist/vercel-ai/config.d.ts +15 -0
- package/dist/vercel-ai/config.js +13 -0
- package/dist/vercel-ai/index.d.ts +4 -0
- package/dist/vercel-ai/index.js +4 -0
- package/dist/vercel-ai/sandbox-demo.d.ts +44 -0
- package/dist/vercel-ai/sandbox-demo.js +153 -0
- package/dist/vercel-ai/tool-approval.d.ts +16 -0
- package/dist/vercel-ai/tool-approval.js +41 -0
- package/dist/vercel-ai/wrap-tools.d.ts +9 -0
- package/dist/vercel-ai/wrap-tools.js +40 -0
- package/dist/x402-receipt-evidence.d.ts +29 -0
- package/dist/x402-receipt-evidence.js +97 -0
- package/dist/x402-receipt-signature.d.ts +12 -0
- package/dist/x402-receipt-signature.js +211 -0
- package/package.json +75 -3
- package/solutions/aws.json +17 -0
- package/solutions/saas.json +17 -0
- package/solutions/shopping.json +17 -0
- package/solutions/travel.json +18 -0
- package/templates/manifest.json +169 -0
- package/templates/openai-shopping-agent/.env.example +3 -0
- package/templates/openai-shopping-agent/.github/workflows/smoke.yml +20 -0
- package/templates/openai-shopping-agent/LICENSE +201 -0
- package/templates/openai-shopping-agent/README.md +29 -0
- package/templates/openai-shopping-agent/package-lock.json +1525 -0
- package/templates/openai-shopping-agent/package.json +22 -0
- package/templates/openai-shopping-agent/paybond.policy.yaml +22 -0
- package/templates/openai-shopping-agent/src/index.ts +22 -0
- package/templates/openai-shopping-agent/src/paybond.config.ts +51 -0
- package/templates/openai-shopping-agent/tsconfig.json +13 -0
- package/templates/paybond-aws-operator/.env.example +3 -0
- package/templates/paybond-aws-operator/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-aws-operator/LICENSE +201 -0
- package/templates/paybond-aws-operator/README.md +29 -0
- package/templates/paybond-aws-operator/package-lock.json +151 -0
- package/templates/paybond-aws-operator/package.json +20 -0
- package/templates/paybond-aws-operator/paybond.policy.yaml +22 -0
- package/templates/paybond-aws-operator/src/index.ts +54 -0
- package/templates/paybond-aws-operator/src/paybond.config.ts +51 -0
- package/templates/paybond-aws-operator/tsconfig.json +13 -0
- package/templates/paybond-claude-agents-demo/.env.example +3 -0
- package/templates/paybond-claude-agents-demo/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-claude-agents-demo/LICENSE +201 -0
- package/templates/paybond-claude-agents-demo/README.md +29 -0
- package/templates/paybond-claude-agents-demo/package-lock.json +1489 -0
- package/templates/paybond-claude-agents-demo/package.json +22 -0
- package/templates/paybond-claude-agents-demo/paybond.policy.yaml +22 -0
- package/templates/paybond-claude-agents-demo/src/index.ts +22 -0
- package/templates/paybond-claude-agents-demo/src/paybond.config.ts +51 -0
- package/templates/paybond-claude-agents-demo/tsconfig.json +13 -0
- package/templates/paybond-invoice-agent/.env.example +3 -0
- package/templates/paybond-invoice-agent/.github/workflows/smoke.yml +19 -0
- package/templates/paybond-invoice-agent/LICENSE +201 -0
- package/templates/paybond-invoice-agent/README.md +29 -0
- package/templates/paybond-invoice-agent/app.py +27 -0
- package/templates/paybond-invoice-agent/package.json +6 -0
- package/templates/paybond-invoice-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-invoice-agent/paybond_config.py +45 -0
- package/templates/paybond-invoice-agent/requirements.txt +2 -0
- package/templates/paybond-mcp-coding-agent/.env.example +3 -0
- package/templates/paybond-mcp-coding-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-mcp-coding-agent/LICENSE +201 -0
- package/templates/paybond-mcp-coding-agent/README.md +39 -0
- package/templates/paybond-mcp-coding-agent/package-lock.json +151 -0
- package/templates/paybond-mcp-coding-agent/package.json +20 -0
- package/templates/paybond-mcp-coding-agent/paybond.policy.yaml +25 -0
- package/templates/paybond-mcp-coding-agent/src/index.ts +40 -0
- package/templates/paybond-mcp-coding-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-mcp-coding-agent/tsconfig.json +13 -0
- package/templates/paybond-openai-agents-demo/.env.example +3 -0
- package/templates/paybond-openai-agents-demo/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-openai-agents-demo/LICENSE +201 -0
- package/templates/paybond-openai-agents-demo/README.md +29 -0
- package/templates/paybond-openai-agents-demo/package-lock.json +1525 -0
- package/templates/paybond-openai-agents-demo/package.json +22 -0
- package/templates/paybond-openai-agents-demo/paybond.policy.yaml +22 -0
- package/templates/paybond-openai-agents-demo/src/index.ts +22 -0
- package/templates/paybond-openai-agents-demo/src/paybond.config.ts +51 -0
- package/templates/paybond-openai-agents-demo/tsconfig.json +13 -0
- package/templates/paybond-procurement-agent/.env.example +3 -0
- package/templates/paybond-procurement-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-procurement-agent/LICENSE +201 -0
- package/templates/paybond-procurement-agent/README.md +29 -0
- package/templates/paybond-procurement-agent/package-lock.json +151 -0
- package/templates/paybond-procurement-agent/package.json +20 -0
- package/templates/paybond-procurement-agent/paybond.policy.yaml +25 -0
- package/templates/paybond-procurement-agent/src/index.ts +54 -0
- package/templates/paybond-procurement-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-procurement-agent/tsconfig.json +13 -0
- package/templates/paybond-travel-agent/.env.example +3 -0
- package/templates/paybond-travel-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-travel-agent/LICENSE +201 -0
- package/templates/paybond-travel-agent/README.md +29 -0
- package/templates/paybond-travel-agent/package-lock.json +444 -0
- package/templates/paybond-travel-agent/package.json +23 -0
- package/templates/paybond-travel-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-travel-agent/src/index.ts +22 -0
- package/templates/paybond-travel-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-travel-agent/tsconfig.json +13 -0
- package/templates/paybond-vercel-shopping-agent/.env.example +3 -0
- package/templates/paybond-vercel-shopping-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-vercel-shopping-agent/LICENSE +201 -0
- package/templates/paybond-vercel-shopping-agent/README.md +29 -0
- package/templates/paybond-vercel-shopping-agent/package-lock.json +265 -0
- package/templates/paybond-vercel-shopping-agent/package.json +22 -0
- package/templates/paybond-vercel-shopping-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-vercel-shopping-agent/src/index.ts +22 -0
- package/templates/paybond-vercel-shopping-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-vercel-shopping-agent/tsconfig.json +13 -0
|
@@ -0,0 +1,126 @@
|
|
|
1
|
+
import { PaybondPolicyValidationError } from "./schema.js";
|
|
2
|
+
function tokenizeYamlLines(text) {
|
|
3
|
+
const lines = [];
|
|
4
|
+
for (const raw of text.split(/\r?\n/)) {
|
|
5
|
+
const trimmed = raw.trim();
|
|
6
|
+
if (!trimmed || trimmed.startsWith("#")) {
|
|
7
|
+
continue;
|
|
8
|
+
}
|
|
9
|
+
const indent = raw.search(/\S/);
|
|
10
|
+
if (indent < 0) {
|
|
11
|
+
continue;
|
|
12
|
+
}
|
|
13
|
+
lines.push({ indent, trimmed, raw });
|
|
14
|
+
}
|
|
15
|
+
return lines;
|
|
16
|
+
}
|
|
17
|
+
function parseYamlScalar(value) {
|
|
18
|
+
if (!value) {
|
|
19
|
+
return "";
|
|
20
|
+
}
|
|
21
|
+
if (value === "true") {
|
|
22
|
+
return true;
|
|
23
|
+
}
|
|
24
|
+
if (value === "false") {
|
|
25
|
+
return false;
|
|
26
|
+
}
|
|
27
|
+
if (/^-?\d+$/.test(value)) {
|
|
28
|
+
return Number.parseInt(value, 10);
|
|
29
|
+
}
|
|
30
|
+
if (/^-?\d+\.\d+$/.test(value)) {
|
|
31
|
+
return Number.parseFloat(value);
|
|
32
|
+
}
|
|
33
|
+
if ((value.startsWith('"') && value.endsWith('"')) ||
|
|
34
|
+
(value.startsWith("'") && value.endsWith("'"))) {
|
|
35
|
+
return value.slice(1, -1);
|
|
36
|
+
}
|
|
37
|
+
return value;
|
|
38
|
+
}
|
|
39
|
+
function parseYamlBlock(lines, start, indent, sourceLabel) {
|
|
40
|
+
if (start >= lines.length || lines[start].indent < indent) {
|
|
41
|
+
return [{}, start];
|
|
42
|
+
}
|
|
43
|
+
if (lines[start].trimmed.startsWith("- ")) {
|
|
44
|
+
const items = [];
|
|
45
|
+
let index = start;
|
|
46
|
+
while (index < lines.length &&
|
|
47
|
+
lines[index].indent === indent &&
|
|
48
|
+
lines[index].trimmed.startsWith("- ")) {
|
|
49
|
+
const afterDash = lines[index].trimmed.slice(2).trim();
|
|
50
|
+
if (!afterDash) {
|
|
51
|
+
const [child, next] = parseYamlBlock(lines, index + 1, indent + 2, sourceLabel);
|
|
52
|
+
items.push(child);
|
|
53
|
+
index = next;
|
|
54
|
+
continue;
|
|
55
|
+
}
|
|
56
|
+
const inlineMap = /^([^:]+?):\s*(.*)$/.exec(afterDash);
|
|
57
|
+
if (inlineMap && !inlineMap[2]) {
|
|
58
|
+
const key = inlineMap[1].trim();
|
|
59
|
+
const [child, next] = parseYamlBlock(lines, index + 1, indent + 2, sourceLabel);
|
|
60
|
+
items.push({ [key]: child });
|
|
61
|
+
index = next;
|
|
62
|
+
continue;
|
|
63
|
+
}
|
|
64
|
+
if (inlineMap) {
|
|
65
|
+
items.push({
|
|
66
|
+
[inlineMap[1].trim()]: parseYamlScalar(inlineMap[2].trim()),
|
|
67
|
+
});
|
|
68
|
+
index += 1;
|
|
69
|
+
continue;
|
|
70
|
+
}
|
|
71
|
+
items.push(parseYamlScalar(afterDash));
|
|
72
|
+
index += 1;
|
|
73
|
+
}
|
|
74
|
+
return [items, index];
|
|
75
|
+
}
|
|
76
|
+
const objectValue = {};
|
|
77
|
+
let index = start;
|
|
78
|
+
while (index < lines.length && lines[index].indent === indent) {
|
|
79
|
+
const match = /^([^:]+?):\s*(.*)$/.exec(lines[index].trimmed);
|
|
80
|
+
if (!match) {
|
|
81
|
+
throw new PaybondPolicyValidationError(`${sourceLabel} has invalid YAML line: ${lines[index].raw}`);
|
|
82
|
+
}
|
|
83
|
+
const key = match[1].trim();
|
|
84
|
+
const rest = match[2].trim();
|
|
85
|
+
if (rest) {
|
|
86
|
+
objectValue[key] = parseYamlScalar(rest);
|
|
87
|
+
index += 1;
|
|
88
|
+
continue;
|
|
89
|
+
}
|
|
90
|
+
const [child, next] = parseYamlBlock(lines, index + 1, indent + 2, sourceLabel);
|
|
91
|
+
objectValue[key] = child;
|
|
92
|
+
index = next;
|
|
93
|
+
}
|
|
94
|
+
return [objectValue, index];
|
|
95
|
+
}
|
|
96
|
+
function parseIndentedYaml(text, sourceLabel) {
|
|
97
|
+
const lines = tokenizeYamlLines(text);
|
|
98
|
+
if (lines.length === 0) {
|
|
99
|
+
throw new PaybondPolicyValidationError(`${sourceLabel} is empty`);
|
|
100
|
+
}
|
|
101
|
+
const [value] = parseYamlBlock(lines, 0, lines[0].indent, sourceLabel);
|
|
102
|
+
if (!value || typeof value !== "object" || Array.isArray(value)) {
|
|
103
|
+
throw new PaybondPolicyValidationError(`${sourceLabel} must be a YAML object`);
|
|
104
|
+
}
|
|
105
|
+
return value;
|
|
106
|
+
}
|
|
107
|
+
/** Parse policy file text (JSON or YAML) into a raw document object. */
|
|
108
|
+
export function parsePolicyDocumentText(text, sourceLabel = "policy file") {
|
|
109
|
+
const trimmed = text.trim();
|
|
110
|
+
if (!trimmed) {
|
|
111
|
+
throw new PaybondPolicyValidationError(`${sourceLabel} is empty`);
|
|
112
|
+
}
|
|
113
|
+
try {
|
|
114
|
+
const parsed = JSON.parse(trimmed);
|
|
115
|
+
if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
|
|
116
|
+
throw new PaybondPolicyValidationError(`${sourceLabel} must be a JSON object`);
|
|
117
|
+
}
|
|
118
|
+
return parsed;
|
|
119
|
+
}
|
|
120
|
+
catch (err) {
|
|
121
|
+
if (err instanceof PaybondPolicyValidationError) {
|
|
122
|
+
throw err;
|
|
123
|
+
}
|
|
124
|
+
return parseIndentedYaml(trimmed, sourceLabel);
|
|
125
|
+
}
|
|
126
|
+
}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import { maxSpend, maxSpendUsd, type PolicyGuardrailLayer } from "./guardrails.js";
|
|
2
|
+
import { PaybondPolicy } from "./load.js";
|
|
3
|
+
import { isLayeredPolicyPresetId } from "./presets.js";
|
|
4
|
+
import type { PaybondPolicyDocumentV1 } from "./schema.js";
|
|
5
|
+
export type VerticalPolicyOptions = {
|
|
6
|
+
/** Per side-effecting tool spend cap in cents. */
|
|
7
|
+
maxSpend?: number;
|
|
8
|
+
/** Intent budget cap in USD. */
|
|
9
|
+
maxSpendUsd?: number;
|
|
10
|
+
/** Additional guardrail layers applied after bundled defaults. */
|
|
11
|
+
guardrails?: PolicyGuardrailLayer[];
|
|
12
|
+
};
|
|
13
|
+
declare function composeToPolicy(domainDocument: PaybondPolicyDocumentV1, ...layers: PolicyGuardrailLayer[]): PaybondPolicy;
|
|
14
|
+
/** Programmatic policy composition API (`paybond.policyPresets.*`). */
|
|
15
|
+
export declare const paybondPolicyPresets: {
|
|
16
|
+
readonly travel: (options?: VerticalPolicyOptions) => PaybondPolicy;
|
|
17
|
+
readonly shopping: (options?: VerticalPolicyOptions) => PaybondPolicy;
|
|
18
|
+
readonly saas: (options?: VerticalPolicyOptions) => PaybondPolicy;
|
|
19
|
+
readonly aws: (options?: VerticalPolicyOptions) => PaybondPolicy;
|
|
20
|
+
readonly readOnly: () => PaybondPolicy;
|
|
21
|
+
readonly strict: () => PaybondPolicy;
|
|
22
|
+
readonly compose: typeof composeToPolicy;
|
|
23
|
+
readonly domain: {
|
|
24
|
+
readonly travel: typeof import("./domain.js").travel;
|
|
25
|
+
readonly shopping: typeof import("./domain.js").shopping;
|
|
26
|
+
readonly saas: typeof import("./domain.js").saas;
|
|
27
|
+
readonly aws: typeof import("./domain.js").aws;
|
|
28
|
+
};
|
|
29
|
+
readonly guardrails: {
|
|
30
|
+
readonly defaultDeny: typeof import("./guardrails.js").defaultDeny;
|
|
31
|
+
readonly maxSpend: typeof maxSpend;
|
|
32
|
+
readonly maxSpendUsd: typeof maxSpendUsd;
|
|
33
|
+
readonly readOnly: typeof import("./guardrails.js").readOnly;
|
|
34
|
+
readonly readOnlySearch: typeof import("./guardrails.js").readOnlySearch;
|
|
35
|
+
readonly strict: typeof import("./guardrails.js").strict;
|
|
36
|
+
readonly requireEvidence: typeof import("./guardrails.js").requireEvidence;
|
|
37
|
+
readonly auditOnly: typeof import("./guardrails.js").auditOnly;
|
|
38
|
+
readonly allowDryRun: typeof import("./guardrails.js").allowDryRun;
|
|
39
|
+
readonly fromDocument: typeof import("./guardrails.js").guardrailLayerFromDocument;
|
|
40
|
+
};
|
|
41
|
+
readonly resolvePresetDocument: (presetId: string) => PaybondPolicyDocumentV1;
|
|
42
|
+
readonly isLayeredPreset: typeof isLayeredPolicyPresetId;
|
|
43
|
+
};
|
|
44
|
+
export type PaybondPolicyPresets = typeof paybondPolicyPresets;
|
|
45
|
+
export {};
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import { bundledDefaultGuardrails, composeBundledPresetDefault, composePolicyLayers, } from "./compose.js";
|
|
2
|
+
import { domain } from "./domain.js";
|
|
3
|
+
import { guardrails, maxSpend, maxSpendUsd } from "./guardrails.js";
|
|
4
|
+
import { PaybondPolicy } from "./load.js";
|
|
5
|
+
import { isKnownPolicyPresetId, isLayeredPolicyPresetId, resolveComposedPresetDocument, } from "./presets.js";
|
|
6
|
+
function verticalPolicy(presetId, options) {
|
|
7
|
+
const hasCustomizations = options?.maxSpend !== undefined ||
|
|
8
|
+
options?.maxSpendUsd !== undefined ||
|
|
9
|
+
(options?.guardrails?.length ?? 0) > 0;
|
|
10
|
+
if (!hasCustomizations) {
|
|
11
|
+
return PaybondPolicy.fromDocument(composeBundledPresetDefault(presetId));
|
|
12
|
+
}
|
|
13
|
+
const layers = [...bundledDefaultGuardrails(presetId)];
|
|
14
|
+
if (options?.maxSpend !== undefined) {
|
|
15
|
+
layers.push(maxSpend(options.maxSpend));
|
|
16
|
+
}
|
|
17
|
+
if (options?.maxSpendUsd !== undefined) {
|
|
18
|
+
layers.push(maxSpendUsd(options.maxSpendUsd));
|
|
19
|
+
}
|
|
20
|
+
if (options?.guardrails?.length) {
|
|
21
|
+
layers.push(...options.guardrails);
|
|
22
|
+
}
|
|
23
|
+
return PaybondPolicy.fromDocument(composePolicyLayers(domain[presetId](), ...layers));
|
|
24
|
+
}
|
|
25
|
+
function composeToPolicy(domainDocument, ...layers) {
|
|
26
|
+
return PaybondPolicy.fromDocument(composePolicyLayers(domainDocument, ...layers));
|
|
27
|
+
}
|
|
28
|
+
function presetPolicy(presetId) {
|
|
29
|
+
return PaybondPolicy.fromDocument(resolveComposedPresetDocument(presetId));
|
|
30
|
+
}
|
|
31
|
+
/** Programmatic policy composition API (`paybond.policyPresets.*`). */
|
|
32
|
+
export const paybondPolicyPresets = {
|
|
33
|
+
travel(options) {
|
|
34
|
+
return verticalPolicy("travel", options);
|
|
35
|
+
},
|
|
36
|
+
shopping(options) {
|
|
37
|
+
return verticalPolicy("shopping", options);
|
|
38
|
+
},
|
|
39
|
+
saas(options) {
|
|
40
|
+
return verticalPolicy("saas", options);
|
|
41
|
+
},
|
|
42
|
+
aws(options) {
|
|
43
|
+
return verticalPolicy("aws", options);
|
|
44
|
+
},
|
|
45
|
+
readOnly() {
|
|
46
|
+
return presetPolicy("read-only");
|
|
47
|
+
},
|
|
48
|
+
strict() {
|
|
49
|
+
return presetPolicy("strict");
|
|
50
|
+
},
|
|
51
|
+
compose: composeToPolicy,
|
|
52
|
+
domain,
|
|
53
|
+
guardrails,
|
|
54
|
+
resolvePresetDocument(presetId) {
|
|
55
|
+
if (!isKnownPolicyPresetId(presetId)) {
|
|
56
|
+
throw new Error(`unknown policy preset: ${presetId}`);
|
|
57
|
+
}
|
|
58
|
+
return resolveComposedPresetDocument(presetId);
|
|
59
|
+
},
|
|
60
|
+
isLayeredPreset: isLayeredPolicyPresetId,
|
|
61
|
+
};
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import type { LayeredPolicyPresetId } from "./compose.js";
|
|
2
|
+
import { type PaybondPolicyDocumentV1 } from "./schema.js";
|
|
3
|
+
export type { LayeredPolicyPresetId };
|
|
4
|
+
declare const KNOWN_POLICY_PRESET_IDS: readonly ["travel", "shopping", "saas", "aws", "read-only", "strict"];
|
|
5
|
+
export type PolicyPresetId = (typeof KNOWN_POLICY_PRESET_IDS)[number];
|
|
6
|
+
/** True when `value` is a bundled vertical policy preset id (not a file path). */
|
|
7
|
+
export declare function isKnownPolicyPresetId(value: string): value is PolicyPresetId;
|
|
8
|
+
/** True when the preset is composed from domain + guardrails layers. */
|
|
9
|
+
export declare function isLayeredPolicyPresetId(value: string): value is LayeredPolicyPresetId;
|
|
10
|
+
/** List bundled vertical policy preset ids shipped with Paybond Kit. */
|
|
11
|
+
export declare function listPolicyPresetIds(): PolicyPresetId[];
|
|
12
|
+
/** Resolve a bundled preset id to an on-disk `paybond.policy.yaml` path. */
|
|
13
|
+
export declare function resolvePolicyPresetPath(presetId: string): string;
|
|
14
|
+
/** Load a bundled vertical policy preset as YAML text (for tests and scaffolding). */
|
|
15
|
+
export declare function readPolicyPresetYaml(presetId: PolicyPresetId): string;
|
|
16
|
+
/** Resolve a bundled preset to its composed v1 policy document. */
|
|
17
|
+
export declare function resolveComposedPresetDocument(presetId: PolicyPresetId): PaybondPolicyDocumentV1;
|
|
18
|
+
/** @deprecated Internal alias used by YAML flat-file parity checks. */
|
|
19
|
+
export declare function readComposedPresetYamlObject(presetId: LayeredPolicyPresetId): Record<string, unknown>;
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
import { existsSync, readFileSync } from "node:fs";
|
|
2
|
+
import { dirname, join } from "node:path";
|
|
3
|
+
import { fileURLToPath } from "node:url";
|
|
4
|
+
import { composeBundledPresetDefault, composeLayeredPolicyPresetDocument, isLayeredPolicyPreset, } from "./compose.js";
|
|
5
|
+
import { parsePolicyDocumentText } from "./parse-text.js";
|
|
6
|
+
import { parsePaybondPolicyDocumentV1, } from "./schema.js";
|
|
7
|
+
const MODULE_DIR = dirname(fileURLToPath(import.meta.url));
|
|
8
|
+
const KNOWN_POLICY_PRESET_IDS = [
|
|
9
|
+
"travel",
|
|
10
|
+
"shopping",
|
|
11
|
+
"saas",
|
|
12
|
+
"aws",
|
|
13
|
+
"read-only",
|
|
14
|
+
"strict",
|
|
15
|
+
];
|
|
16
|
+
function presetCandidatePaths(presetId) {
|
|
17
|
+
const fileName = `${presetId}.yaml`;
|
|
18
|
+
const roots = [
|
|
19
|
+
join(MODULE_DIR, "../../policy/presets"),
|
|
20
|
+
join(MODULE_DIR, "../../../policy/presets"),
|
|
21
|
+
join(MODULE_DIR, "../../../../kit/policy/presets"),
|
|
22
|
+
];
|
|
23
|
+
return roots.map((root) => join(root, fileName));
|
|
24
|
+
}
|
|
25
|
+
/** True when `value` is a bundled vertical policy preset id (not a file path). */
|
|
26
|
+
export function isKnownPolicyPresetId(value) {
|
|
27
|
+
return KNOWN_POLICY_PRESET_IDS.includes(value.trim());
|
|
28
|
+
}
|
|
29
|
+
/** True when the preset is composed from domain + guardrails layers. */
|
|
30
|
+
export function isLayeredPolicyPresetId(value) {
|
|
31
|
+
return isLayeredPolicyPreset(value);
|
|
32
|
+
}
|
|
33
|
+
/** List bundled vertical policy preset ids shipped with Paybond Kit. */
|
|
34
|
+
export function listPolicyPresetIds() {
|
|
35
|
+
return [...KNOWN_POLICY_PRESET_IDS];
|
|
36
|
+
}
|
|
37
|
+
/** Resolve a bundled preset id to an on-disk `paybond.policy.yaml` path. */
|
|
38
|
+
export function resolvePolicyPresetPath(presetId) {
|
|
39
|
+
const trimmed = presetId.trim();
|
|
40
|
+
if (!isKnownPolicyPresetId(trimmed)) {
|
|
41
|
+
throw new Error(`unknown policy preset: ${trimmed}`);
|
|
42
|
+
}
|
|
43
|
+
for (const candidate of presetCandidatePaths(trimmed)) {
|
|
44
|
+
if (existsSync(candidate)) {
|
|
45
|
+
return candidate;
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
throw new Error(`policy preset file not found for: ${trimmed}`);
|
|
49
|
+
}
|
|
50
|
+
/** Load a bundled vertical policy preset as YAML text (for tests and scaffolding). */
|
|
51
|
+
export function readPolicyPresetYaml(presetId) {
|
|
52
|
+
const path = resolvePolicyPresetPath(presetId);
|
|
53
|
+
return readFileSync(path, "utf8");
|
|
54
|
+
}
|
|
55
|
+
/** Resolve a bundled preset to its composed v1 policy document. */
|
|
56
|
+
export function resolveComposedPresetDocument(presetId) {
|
|
57
|
+
if (isLayeredPolicyPreset(presetId)) {
|
|
58
|
+
return composeBundledPresetDefault(presetId);
|
|
59
|
+
}
|
|
60
|
+
const flatPath = resolvePolicyPresetPath(presetId);
|
|
61
|
+
return parsePaybondPolicyDocumentV1(parsePolicyDocumentText(readPolicyPresetYaml(presetId), flatPath));
|
|
62
|
+
}
|
|
63
|
+
/** @deprecated Internal alias used by YAML flat-file parity checks. */
|
|
64
|
+
export function readComposedPresetYamlObject(presetId) {
|
|
65
|
+
return composeLayeredPolicyPresetDocument(presetId);
|
|
66
|
+
}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { PaybondToolRegistry } from "../agent/registry.js";
|
|
2
|
+
import { PaybondToolRegistryConfig } from "../agent/types.js";
|
|
3
|
+
import type { PaybondPolicyDocumentV1 } from "./schema.js";
|
|
4
|
+
/** Convert a validated policy document into middleware registry config. */
|
|
5
|
+
export declare function policyDocumentToToolRegistryConfig(document: PaybondPolicyDocumentV1): PaybondToolRegistryConfig;
|
|
6
|
+
/** Build a validated {@link PaybondToolRegistry} from a policy document. */
|
|
7
|
+
export declare function policyToToolRegistry(document: PaybondPolicyDocumentV1): PaybondToolRegistry;
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import { createPaybondToolRegistry } from "../agent/registry.js";
|
|
2
|
+
import { resolveSpendCentsFromJsonPath } from "./json-path.js";
|
|
3
|
+
/** Convert a validated policy document into middleware registry config. */
|
|
4
|
+
export function policyDocumentToToolRegistryConfig(document) {
|
|
5
|
+
const sideEffecting = {};
|
|
6
|
+
for (const [toolName, entry] of Object.entries(document.tools)) {
|
|
7
|
+
if (!entry.side_effecting) {
|
|
8
|
+
continue;
|
|
9
|
+
}
|
|
10
|
+
const policy = {
|
|
11
|
+
evidencePreset: entry.evidence_preset,
|
|
12
|
+
};
|
|
13
|
+
if (entry.operation?.trim()) {
|
|
14
|
+
policy.operation = entry.operation.trim();
|
|
15
|
+
}
|
|
16
|
+
if (entry.max_spend_cents !== undefined) {
|
|
17
|
+
policy.spendCents = entry.max_spend_cents;
|
|
18
|
+
}
|
|
19
|
+
else if (entry.spend_from_args) {
|
|
20
|
+
const path = entry.spend_from_args;
|
|
21
|
+
policy.spendCents = (args) => resolveSpendCentsFromJsonPath(args, path, toolName);
|
|
22
|
+
}
|
|
23
|
+
sideEffecting[toolName] = policy;
|
|
24
|
+
}
|
|
25
|
+
return {
|
|
26
|
+
defaultDeny: document.default_deny,
|
|
27
|
+
sideEffecting,
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
/** Build a validated {@link PaybondToolRegistry} from a policy document. */
|
|
31
|
+
export function policyToToolRegistry(document) {
|
|
32
|
+
return createPaybondToolRegistry(policyDocumentToToolRegistryConfig(document));
|
|
33
|
+
}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
import type { PaybondAgentRun } from "../agent/run.js";
|
|
2
|
+
import { type PaybondPolicyDocumentV1 } from "./schema.js";
|
|
3
|
+
import { type PaybondPolicySnapshot } from "./snapshot.js";
|
|
4
|
+
import { type PolicyRemoteValidateClient } from "./validate-remote.js";
|
|
5
|
+
import type { PolicyEffectiveResolveClient } from "./load-effective.js";
|
|
6
|
+
/** Options for {@link PaybondAgentRun.reloadPolicy}. */
|
|
7
|
+
export type PaybondPolicyReloadOptions = {
|
|
8
|
+
/** Policy file path; defaults to the path used at bind when omitted. */
|
|
9
|
+
file?: string;
|
|
10
|
+
/** Run Gateway `POST /v1/policy/validate` before applying (recommended in production). */
|
|
11
|
+
remote?: boolean;
|
|
12
|
+
/** Resolve org inheritance via Gateway effective endpoint before validate. */
|
|
13
|
+
resolveInheritance?: boolean;
|
|
14
|
+
/** Allow policy loosening (higher caps, new side-effecting tools). Default deny. */
|
|
15
|
+
allowLoosen?: boolean;
|
|
16
|
+
/** Gateway client for remote validate / effective resolution. */
|
|
17
|
+
gateway?: PolicyRemoteValidateClient & PolicyEffectiveResolveClient;
|
|
18
|
+
};
|
|
19
|
+
export type PaybondPolicyReloadResult = {
|
|
20
|
+
applied: boolean;
|
|
21
|
+
previousDigest?: string;
|
|
22
|
+
newDigest?: string;
|
|
23
|
+
unchanged?: boolean;
|
|
24
|
+
};
|
|
25
|
+
export type PaybondPolicyReloadFailedEvent = {
|
|
26
|
+
error: PaybondPolicyReloadError;
|
|
27
|
+
};
|
|
28
|
+
export type PaybondPolicyReloadedEvent = {
|
|
29
|
+
previousDigest: string;
|
|
30
|
+
newDigest: string;
|
|
31
|
+
};
|
|
32
|
+
/** Structured reload failure (parse, validate, loosening, intent drift). */
|
|
33
|
+
export declare class PaybondPolicyReloadError extends Error {
|
|
34
|
+
readonly code: string;
|
|
35
|
+
constructor(code: string, message: string);
|
|
36
|
+
}
|
|
37
|
+
/** Thrown internally when poll/file reload finds an unchanged digest. */
|
|
38
|
+
export declare class PaybondPolicyReloadUnchangedError extends Error {
|
|
39
|
+
constructor();
|
|
40
|
+
}
|
|
41
|
+
export type PaybondPolicyReloadBindConfig = {
|
|
42
|
+
/** Watch the bound policy file and reload on change. */
|
|
43
|
+
watch?: boolean | {
|
|
44
|
+
debounceMs?: number;
|
|
45
|
+
file?: string;
|
|
46
|
+
};
|
|
47
|
+
/** Poll Gateway for effective inherited policy changes. */
|
|
48
|
+
poll?: {
|
|
49
|
+
intervalMs?: number;
|
|
50
|
+
file?: string;
|
|
51
|
+
remote?: boolean;
|
|
52
|
+
resolveInheritance?: boolean;
|
|
53
|
+
gateway?: PolicyRemoteValidateClient & PolicyEffectiveResolveClient;
|
|
54
|
+
};
|
|
55
|
+
};
|
|
56
|
+
/** Load a versioned snapshot from a policy file path. */
|
|
57
|
+
export declare function loadPolicySnapshotFromFile(filePath: string): Promise<PaybondPolicySnapshot>;
|
|
58
|
+
/** Poll Gateway effective resolution; returns unchanged when digest matches. */
|
|
59
|
+
export declare function loadPolicySnapshotFromEffectivePoll(options: {
|
|
60
|
+
overlayPath: string;
|
|
61
|
+
gateway: PolicyEffectiveResolveClient;
|
|
62
|
+
currentDigest?: string;
|
|
63
|
+
}): Promise<{
|
|
64
|
+
snapshot?: PaybondPolicySnapshot;
|
|
65
|
+
unchanged: boolean;
|
|
66
|
+
}>;
|
|
67
|
+
/** Detect policy loosening between two effective documents. */
|
|
68
|
+
export declare function detectPolicyLoosening(previous: PaybondPolicyDocumentV1, next: PaybondPolicyDocumentV1): string[];
|
|
69
|
+
/** True when reloaded policy requires operations outside the bound intent. */
|
|
70
|
+
export declare function requiresIntentRebind(document: PaybondPolicyDocumentV1, allowedTools: readonly string[]): boolean;
|
|
71
|
+
/** Mutable policy reload surface shared by agent runs and MCP servers. */
|
|
72
|
+
export type PolicyReloadHandle = {
|
|
73
|
+
readonly policyFilePath?: string;
|
|
74
|
+
readonly policyDigest?: string;
|
|
75
|
+
readonly currentSnapshot?: PaybondPolicySnapshot;
|
|
76
|
+
readonly inFlightCount: number;
|
|
77
|
+
applyPolicySnapshot(snapshot: PaybondPolicySnapshot): void;
|
|
78
|
+
};
|
|
79
|
+
/** Reload policy for any {@link PolicyReloadHandle} (agent run or MCP gate). */
|
|
80
|
+
export declare function reloadPolicyOnHandle(handle: PolicyReloadHandle, options?: PaybondPolicyReloadOptions & {
|
|
81
|
+
allowedTools?: readonly string[];
|
|
82
|
+
}): Promise<PaybondPolicyReloadResult>;
|
|
83
|
+
/** Apply a validated snapshot to a run (atomic registry swap). */
|
|
84
|
+
export declare function applyPolicySnapshotToRun(run: PaybondAgentRun, snapshot: PaybondPolicySnapshot): PaybondPolicyReloadResult;
|
|
85
|
+
/** Core reload pipeline: load, validate, guard, swap. */
|
|
86
|
+
export declare function reloadPolicyOnRun(run: PaybondAgentRun, options?: PaybondPolicyReloadOptions): Promise<PaybondPolicyReloadResult>;
|