@paybond/kit 0.10.0 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (346) hide show
  1. package/README.md +59 -15
  2. package/completion-presets/catalog.json +1187 -0
  3. package/completion-presets/catalog.sha256 +1 -0
  4. package/dev/trace-ui/dashboard.html +617 -0
  5. package/dist/agent/adapter.d.ts +51 -0
  6. package/dist/agent/adapter.js +66 -0
  7. package/dist/agent/attach-bundle.d.ts +37 -0
  8. package/dist/agent/attach-bundle.js +118 -0
  9. package/dist/agent/authorization-cache.d.ts +22 -0
  10. package/dist/agent/authorization-cache.js +36 -0
  11. package/dist/agent/deferred-tools.d.ts +11 -0
  12. package/dist/agent/deferred-tools.js +62 -0
  13. package/dist/agent/discover.d.ts +41 -0
  14. package/dist/agent/discover.js +147 -0
  15. package/dist/agent/evidence.d.ts +9 -0
  16. package/dist/agent/evidence.js +28 -0
  17. package/dist/agent/facade.d.ts +48 -0
  18. package/dist/agent/facade.js +112 -0
  19. package/dist/agent/gateway-trace-reporter.d.ts +28 -0
  20. package/dist/agent/gateway-trace-reporter.js +49 -0
  21. package/dist/agent/generic-runner.d.ts +14 -0
  22. package/dist/agent/generic-runner.js +49 -0
  23. package/dist/agent/generic-sandbox-demo.d.ts +36 -0
  24. package/dist/agent/generic-sandbox-demo.js +82 -0
  25. package/dist/agent/guarded-agent.d.ts +49 -0
  26. package/dist/agent/guarded-agent.js +100 -0
  27. package/dist/agent/index.d.ts +13 -0
  28. package/dist/agent/index.js +13 -0
  29. package/dist/agent/instrument.d.ts +156 -0
  30. package/dist/agent/instrument.js +442 -0
  31. package/dist/agent/interceptor.d.ts +24 -0
  32. package/dist/agent/interceptor.js +440 -0
  33. package/dist/agent/lazy-context-tools.d.ts +15 -0
  34. package/dist/agent/lazy-context-tools.js +81 -0
  35. package/dist/agent/registry-file.d.ts +39 -0
  36. package/dist/agent/registry-file.js +219 -0
  37. package/dist/agent/registry.d.ts +37 -0
  38. package/dist/agent/registry.js +128 -0
  39. package/dist/agent/run.d.ts +124 -0
  40. package/dist/agent/run.js +301 -0
  41. package/dist/agent/types.d.ts +318 -0
  42. package/dist/agent/types.js +42 -0
  43. package/dist/agent-recognition.d.ts +72 -0
  44. package/dist/agent-recognition.js +165 -0
  45. package/dist/bincode-wire.d.ts +18 -0
  46. package/dist/bincode-wire.js +93 -0
  47. package/dist/claude-agents/config.d.ts +21 -0
  48. package/dist/claude-agents/config.js +145 -0
  49. package/dist/claude-agents/index.d.ts +2 -0
  50. package/dist/claude-agents/index.js +2 -0
  51. package/dist/claude-agents/sandbox-demo.d.ts +30 -0
  52. package/dist/claude-agents/sandbox-demo.js +91 -0
  53. package/dist/cli/agent/demo-loaders.d.ts +4 -0
  54. package/dist/cli/agent/demo-loaders.js +66 -0
  55. package/dist/cli/agent/env-quote.d.ts +1 -0
  56. package/dist/cli/agent/env-quote.js +6 -0
  57. package/dist/cli/agent/env-write.d.ts +8 -0
  58. package/dist/cli/agent/env-write.js +47 -0
  59. package/dist/cli/agent/paybond.d.ts +16 -0
  60. package/dist/cli/agent/paybond.js +55 -0
  61. package/dist/cli/agent/policy-file.d.ts +29 -0
  62. package/dist/cli/agent/policy-file.js +61 -0
  63. package/dist/cli/agent/production-evidence.d.ts +24 -0
  64. package/dist/cli/agent/production-evidence.js +98 -0
  65. package/dist/cli/agent/run-store.d.ts +30 -0
  66. package/dist/cli/agent/run-store.js +42 -0
  67. package/dist/cli/agent/run-trace-store.d.ts +39 -0
  68. package/dist/cli/agent/run-trace-store.js +143 -0
  69. package/dist/cli/agent-run-trace-table.d.ts +9 -0
  70. package/dist/cli/agent-run-trace-table.js +24 -0
  71. package/dist/cli/agent-sandbox-smoke-checklist.d.ts +9 -0
  72. package/dist/cli/agent-sandbox-smoke-checklist.js +50 -0
  73. package/dist/cli/command-spec.d.ts +1 -0
  74. package/dist/cli/command-spec.js +286 -5
  75. package/dist/cli/commands/agent.d.ts +16 -0
  76. package/dist/cli/commands/agent.js +1136 -0
  77. package/dist/cli/commands/dev.d.ts +7 -0
  78. package/dist/cli/commands/dev.js +348 -0
  79. package/dist/cli/commands/discovery.js +3 -3
  80. package/dist/cli/commands/policy.d.ts +13 -0
  81. package/dist/cli/commands/policy.js +769 -0
  82. package/dist/cli/commands/setup.d.ts +3 -0
  83. package/dist/cli/commands/setup.js +124 -8
  84. package/dist/cli/commands/workflows.js +9 -4
  85. package/dist/cli/config.d.ts +2 -0
  86. package/dist/cli/config.js +4 -2
  87. package/dist/cli/context.js +2 -1
  88. package/dist/cli/credentials.js +2 -2
  89. package/dist/cli/doctor-agent-middleware.d.ts +5 -0
  90. package/dist/cli/doctor-agent-middleware.js +49 -0
  91. package/dist/cli/globals.d.ts +1 -0
  92. package/dist/cli/globals.js +11 -1
  93. package/dist/cli/help.d.ts +1 -1
  94. package/dist/cli/help.js +35 -3
  95. package/dist/cli/mcp-install.js +2 -2
  96. package/dist/cli/mcp-policy.d.ts +3 -0
  97. package/dist/cli/mcp-policy.js +19 -13
  98. package/dist/cli/mcp-verify-config.js +9 -11
  99. package/dist/cli/redact.js +29 -8
  100. package/dist/cli/router.js +105 -2
  101. package/dist/cli/smoke-deep-links.d.ts +15 -0
  102. package/dist/cli/smoke-deep-links.js +63 -0
  103. package/dist/cli/telemetry.d.ts +17 -0
  104. package/dist/cli/telemetry.js +94 -0
  105. package/dist/completion-catalog-digest.d.ts +2 -0
  106. package/dist/completion-catalog-digest.js +2 -0
  107. package/dist/completion-catalog-integrity.d.ts +2 -0
  108. package/dist/completion-catalog-integrity.js +17 -0
  109. package/dist/completion-catalog.d.ts +49 -0
  110. package/dist/completion-catalog.js +62 -0
  111. package/dist/completion-contract-digest.d.ts +37 -0
  112. package/dist/completion-contract-digest.js +73 -0
  113. package/dist/completion-forbidden-fields.d.ts +5 -0
  114. package/dist/completion-forbidden-fields.js +26 -0
  115. package/dist/completion-init.d.ts +8 -0
  116. package/dist/completion-init.js +334 -0
  117. package/dist/completion-resolve.d.ts +21 -0
  118. package/dist/completion-resolve.js +86 -0
  119. package/dist/completion-validate-evidence.d.ts +24 -0
  120. package/dist/completion-validate-evidence.js +145 -0
  121. package/dist/dev/offline-gateway.d.ts +24 -0
  122. package/dist/dev/offline-gateway.js +102 -0
  123. package/dist/dev/trace-buffer.d.ts +61 -0
  124. package/dist/dev/trace-buffer.js +330 -0
  125. package/dist/dev/trace-security-headers.d.ts +11 -0
  126. package/dist/dev/trace-security-headers.js +16 -0
  127. package/dist/dev/trace-server.d.ts +8 -0
  128. package/dist/dev/trace-server.js +38 -0
  129. package/dist/dev/trace-ui.d.ts +4 -0
  130. package/dist/dev/trace-ui.js +25 -0
  131. package/dist/dev/wiremock-up.d.ts +15 -0
  132. package/dist/dev/wiremock-up.js +118 -0
  133. package/dist/doctor-completion.d.ts +17 -0
  134. package/dist/doctor-completion.js +428 -0
  135. package/dist/gateway-url.d.ts +7 -0
  136. package/dist/gateway-url.js +69 -0
  137. package/dist/index.d.ts +119 -2
  138. package/dist/index.js +267 -6
  139. package/dist/init.js +374 -57
  140. package/dist/langgraph/awrap-tool-call.d.ts +25 -0
  141. package/dist/langgraph/awrap-tool-call.js +81 -0
  142. package/dist/langgraph/config.d.ts +13 -0
  143. package/dist/langgraph/config.js +11 -0
  144. package/dist/langgraph/index.d.ts +4 -0
  145. package/dist/langgraph/index.js +4 -0
  146. package/dist/langgraph/sandbox-demo.d.ts +40 -0
  147. package/dist/langgraph/sandbox-demo.js +96 -0
  148. package/dist/langgraph/tool-node.d.ts +10 -0
  149. package/dist/langgraph/tool-node.js +38 -0
  150. package/dist/login.js +7 -0
  151. package/dist/mcp/index.d.ts +1 -0
  152. package/dist/mcp/index.js +1 -0
  153. package/dist/mcp/tool-surface.d.ts +25 -0
  154. package/dist/mcp/tool-surface.js +17 -0
  155. package/dist/mcp-capability-token-cache.d.ts +24 -0
  156. package/dist/mcp-capability-token-cache.js +101 -0
  157. package/dist/mcp-evidence-policy.d.ts +48 -0
  158. package/dist/mcp-evidence-policy.js +117 -0
  159. package/dist/mcp-policy-reload.d.ts +79 -0
  160. package/dist/mcp-policy-reload.js +200 -0
  161. package/dist/mcp-sep2828-evidence.d.ts +36 -0
  162. package/dist/mcp-sep2828-evidence.js +65 -0
  163. package/dist/mcp-server.d.ts +6 -0
  164. package/dist/mcp-server.js +224 -44
  165. package/dist/openai-agents/index.d.ts +40 -0
  166. package/dist/openai-agents/index.js +151 -0
  167. package/dist/openai-agents/sandbox-demo.d.ts +34 -0
  168. package/dist/openai-agents/sandbox-demo.js +118 -0
  169. package/dist/payee-evidence.js +2 -29
  170. package/dist/policy/catalog.d.ts +31 -0
  171. package/dist/policy/catalog.js +48 -0
  172. package/dist/policy/compose-utils.d.ts +3 -0
  173. package/dist/policy/compose-utils.js +4 -0
  174. package/dist/policy/compose.d.ts +20 -0
  175. package/dist/policy/compose.js +240 -0
  176. package/dist/policy/digest.d.ts +7 -0
  177. package/dist/policy/digest.js +75 -0
  178. package/dist/policy/domain.d.ts +15 -0
  179. package/dist/policy/domain.js +28 -0
  180. package/dist/policy/guardrail-spec.d.ts +17 -0
  181. package/dist/policy/guardrail-spec.js +140 -0
  182. package/dist/policy/guardrails.d.ts +48 -0
  183. package/dist/policy/guardrails.js +72 -0
  184. package/dist/policy/index.d.ts +21 -0
  185. package/dist/policy/index.js +21 -0
  186. package/dist/policy/init.d.ts +102 -0
  187. package/dist/policy/init.js +351 -0
  188. package/dist/policy/intent-spec.d.ts +52 -0
  189. package/dist/policy/intent-spec.js +176 -0
  190. package/dist/policy/json-path.d.ts +4 -0
  191. package/dist/policy/json-path.js +23 -0
  192. package/dist/policy/layers-io.d.ts +7 -0
  193. package/dist/policy/layers-io.js +28 -0
  194. package/dist/policy/load-effective.d.ts +22 -0
  195. package/dist/policy/load-effective.js +77 -0
  196. package/dist/policy/load.d.ts +85 -0
  197. package/dist/policy/load.js +164 -0
  198. package/dist/policy/merge.d.ts +29 -0
  199. package/dist/policy/merge.js +297 -0
  200. package/dist/policy/parse-text.d.ts +2 -0
  201. package/dist/policy/parse-text.js +126 -0
  202. package/dist/policy/policy-api.d.ts +45 -0
  203. package/dist/policy/policy-api.js +61 -0
  204. package/dist/policy/presets.d.ts +19 -0
  205. package/dist/policy/presets.js +66 -0
  206. package/dist/policy/registry.d.ts +7 -0
  207. package/dist/policy/registry.js +33 -0
  208. package/dist/policy/reload.d.ts +86 -0
  209. package/dist/policy/reload.js +233 -0
  210. package/dist/policy/render-yaml.d.ts +3 -0
  211. package/dist/policy/render-yaml.js +69 -0
  212. package/dist/policy/sandbox-bootstrap.d.ts +19 -0
  213. package/dist/policy/sandbox-bootstrap.js +66 -0
  214. package/dist/policy/schema.d.ts +204 -0
  215. package/dist/policy/schema.js +255 -0
  216. package/dist/policy/snapshot.d.ts +33 -0
  217. package/dist/policy/snapshot.js +23 -0
  218. package/dist/policy/validate-remote.d.ts +43 -0
  219. package/dist/policy/validate-remote.js +104 -0
  220. package/dist/policy/validate.d.ts +36 -0
  221. package/dist/policy/validate.js +150 -0
  222. package/dist/policy/watcher.d.ts +29 -0
  223. package/dist/policy/watcher.js +112 -0
  224. package/dist/principal-intent.d.ts +52 -0
  225. package/dist/principal-intent.js +193 -37
  226. package/dist/project-init.d.ts +34 -0
  227. package/dist/project-init.js +898 -0
  228. package/dist/sep2828-signature.d.ts +10 -0
  229. package/dist/sep2828-signature.js +134 -0
  230. package/dist/solutions/api.d.ts +22 -0
  231. package/dist/solutions/api.js +40 -0
  232. package/dist/solutions/catalog.d.ts +34 -0
  233. package/dist/solutions/catalog.js +129 -0
  234. package/dist/solutions/index.d.ts +2 -0
  235. package/dist/solutions/index.js +2 -0
  236. package/dist/template-init.d.ts +54 -0
  237. package/dist/template-init.js +203 -0
  238. package/dist/vercel-ai/config.d.ts +15 -0
  239. package/dist/vercel-ai/config.js +13 -0
  240. package/dist/vercel-ai/index.d.ts +4 -0
  241. package/dist/vercel-ai/index.js +4 -0
  242. package/dist/vercel-ai/sandbox-demo.d.ts +44 -0
  243. package/dist/vercel-ai/sandbox-demo.js +153 -0
  244. package/dist/vercel-ai/tool-approval.d.ts +16 -0
  245. package/dist/vercel-ai/tool-approval.js +41 -0
  246. package/dist/vercel-ai/wrap-tools.d.ts +9 -0
  247. package/dist/vercel-ai/wrap-tools.js +40 -0
  248. package/dist/x402-receipt-evidence.d.ts +29 -0
  249. package/dist/x402-receipt-evidence.js +97 -0
  250. package/dist/x402-receipt-signature.d.ts +12 -0
  251. package/dist/x402-receipt-signature.js +211 -0
  252. package/package.json +75 -3
  253. package/solutions/aws.json +17 -0
  254. package/solutions/saas.json +17 -0
  255. package/solutions/shopping.json +17 -0
  256. package/solutions/travel.json +18 -0
  257. package/templates/manifest.json +169 -0
  258. package/templates/openai-shopping-agent/.env.example +3 -0
  259. package/templates/openai-shopping-agent/.github/workflows/smoke.yml +20 -0
  260. package/templates/openai-shopping-agent/LICENSE +201 -0
  261. package/templates/openai-shopping-agent/README.md +29 -0
  262. package/templates/openai-shopping-agent/package-lock.json +1525 -0
  263. package/templates/openai-shopping-agent/package.json +22 -0
  264. package/templates/openai-shopping-agent/paybond.policy.yaml +22 -0
  265. package/templates/openai-shopping-agent/src/index.ts +22 -0
  266. package/templates/openai-shopping-agent/src/paybond.config.ts +51 -0
  267. package/templates/openai-shopping-agent/tsconfig.json +13 -0
  268. package/templates/paybond-aws-operator/.env.example +3 -0
  269. package/templates/paybond-aws-operator/.github/workflows/smoke.yml +20 -0
  270. package/templates/paybond-aws-operator/LICENSE +201 -0
  271. package/templates/paybond-aws-operator/README.md +29 -0
  272. package/templates/paybond-aws-operator/package-lock.json +151 -0
  273. package/templates/paybond-aws-operator/package.json +20 -0
  274. package/templates/paybond-aws-operator/paybond.policy.yaml +22 -0
  275. package/templates/paybond-aws-operator/src/index.ts +54 -0
  276. package/templates/paybond-aws-operator/src/paybond.config.ts +51 -0
  277. package/templates/paybond-aws-operator/tsconfig.json +13 -0
  278. package/templates/paybond-claude-agents-demo/.env.example +3 -0
  279. package/templates/paybond-claude-agents-demo/.github/workflows/smoke.yml +20 -0
  280. package/templates/paybond-claude-agents-demo/LICENSE +201 -0
  281. package/templates/paybond-claude-agents-demo/README.md +29 -0
  282. package/templates/paybond-claude-agents-demo/package-lock.json +1489 -0
  283. package/templates/paybond-claude-agents-demo/package.json +22 -0
  284. package/templates/paybond-claude-agents-demo/paybond.policy.yaml +22 -0
  285. package/templates/paybond-claude-agents-demo/src/index.ts +22 -0
  286. package/templates/paybond-claude-agents-demo/src/paybond.config.ts +51 -0
  287. package/templates/paybond-claude-agents-demo/tsconfig.json +13 -0
  288. package/templates/paybond-invoice-agent/.env.example +3 -0
  289. package/templates/paybond-invoice-agent/.github/workflows/smoke.yml +19 -0
  290. package/templates/paybond-invoice-agent/LICENSE +201 -0
  291. package/templates/paybond-invoice-agent/README.md +29 -0
  292. package/templates/paybond-invoice-agent/app.py +27 -0
  293. package/templates/paybond-invoice-agent/package.json +6 -0
  294. package/templates/paybond-invoice-agent/paybond.policy.yaml +22 -0
  295. package/templates/paybond-invoice-agent/paybond_config.py +45 -0
  296. package/templates/paybond-invoice-agent/requirements.txt +2 -0
  297. package/templates/paybond-mcp-coding-agent/.env.example +3 -0
  298. package/templates/paybond-mcp-coding-agent/.github/workflows/smoke.yml +20 -0
  299. package/templates/paybond-mcp-coding-agent/LICENSE +201 -0
  300. package/templates/paybond-mcp-coding-agent/README.md +39 -0
  301. package/templates/paybond-mcp-coding-agent/package-lock.json +151 -0
  302. package/templates/paybond-mcp-coding-agent/package.json +20 -0
  303. package/templates/paybond-mcp-coding-agent/paybond.policy.yaml +25 -0
  304. package/templates/paybond-mcp-coding-agent/src/index.ts +40 -0
  305. package/templates/paybond-mcp-coding-agent/src/paybond.config.ts +51 -0
  306. package/templates/paybond-mcp-coding-agent/tsconfig.json +13 -0
  307. package/templates/paybond-openai-agents-demo/.env.example +3 -0
  308. package/templates/paybond-openai-agents-demo/.github/workflows/smoke.yml +20 -0
  309. package/templates/paybond-openai-agents-demo/LICENSE +201 -0
  310. package/templates/paybond-openai-agents-demo/README.md +29 -0
  311. package/templates/paybond-openai-agents-demo/package-lock.json +1525 -0
  312. package/templates/paybond-openai-agents-demo/package.json +22 -0
  313. package/templates/paybond-openai-agents-demo/paybond.policy.yaml +22 -0
  314. package/templates/paybond-openai-agents-demo/src/index.ts +22 -0
  315. package/templates/paybond-openai-agents-demo/src/paybond.config.ts +51 -0
  316. package/templates/paybond-openai-agents-demo/tsconfig.json +13 -0
  317. package/templates/paybond-procurement-agent/.env.example +3 -0
  318. package/templates/paybond-procurement-agent/.github/workflows/smoke.yml +20 -0
  319. package/templates/paybond-procurement-agent/LICENSE +201 -0
  320. package/templates/paybond-procurement-agent/README.md +29 -0
  321. package/templates/paybond-procurement-agent/package-lock.json +151 -0
  322. package/templates/paybond-procurement-agent/package.json +20 -0
  323. package/templates/paybond-procurement-agent/paybond.policy.yaml +25 -0
  324. package/templates/paybond-procurement-agent/src/index.ts +54 -0
  325. package/templates/paybond-procurement-agent/src/paybond.config.ts +51 -0
  326. package/templates/paybond-procurement-agent/tsconfig.json +13 -0
  327. package/templates/paybond-travel-agent/.env.example +3 -0
  328. package/templates/paybond-travel-agent/.github/workflows/smoke.yml +20 -0
  329. package/templates/paybond-travel-agent/LICENSE +201 -0
  330. package/templates/paybond-travel-agent/README.md +29 -0
  331. package/templates/paybond-travel-agent/package-lock.json +444 -0
  332. package/templates/paybond-travel-agent/package.json +23 -0
  333. package/templates/paybond-travel-agent/paybond.policy.yaml +22 -0
  334. package/templates/paybond-travel-agent/src/index.ts +22 -0
  335. package/templates/paybond-travel-agent/src/paybond.config.ts +51 -0
  336. package/templates/paybond-travel-agent/tsconfig.json +13 -0
  337. package/templates/paybond-vercel-shopping-agent/.env.example +3 -0
  338. package/templates/paybond-vercel-shopping-agent/.github/workflows/smoke.yml +20 -0
  339. package/templates/paybond-vercel-shopping-agent/LICENSE +201 -0
  340. package/templates/paybond-vercel-shopping-agent/README.md +29 -0
  341. package/templates/paybond-vercel-shopping-agent/package-lock.json +265 -0
  342. package/templates/paybond-vercel-shopping-agent/package.json +22 -0
  343. package/templates/paybond-vercel-shopping-agent/paybond.policy.yaml +22 -0
  344. package/templates/paybond-vercel-shopping-agent/src/index.ts +22 -0
  345. package/templates/paybond-vercel-shopping-agent/src/paybond.config.ts +51 -0
  346. package/templates/paybond-vercel-shopping-agent/tsconfig.json +13 -0
@@ -0,0 +1,66 @@
1
+ function isGenericToolDefinition(value) {
2
+ if (typeof value !== "object" || value === null) {
3
+ return false;
4
+ }
5
+ const record = value;
6
+ return (typeof record.name === "string" &&
7
+ record.name.trim().length > 0 &&
8
+ typeof record.execute === "function");
9
+ }
10
+ function assertGenericTools(tools) {
11
+ if (!Array.isArray(tools)) {
12
+ throw new TypeError("generic tool adapter expects an array of { name, execute } tool definitions");
13
+ }
14
+ for (const tool of tools) {
15
+ if (!isGenericToolDefinition(tool)) {
16
+ throw new TypeError("each generic tool must have a non-empty name and an execute function");
17
+ }
18
+ }
19
+ return tools;
20
+ }
21
+ function wrapGenericTool(run, tool) {
22
+ const { execute: originalExecute, ...rest } = tool;
23
+ return {
24
+ ...rest,
25
+ name: tool.name,
26
+ execute: async (call) => run.interceptor.wrapExecute({
27
+ toolName: call.toolName,
28
+ toolCallId: call.toolCallId,
29
+ arguments: call.arguments,
30
+ execute: () => originalExecute(call.arguments),
31
+ operation: call.operation,
32
+ requestedSpendCents: call.requestedSpendCents,
33
+ vendorId: call.vendorId,
34
+ taskId: call.taskId,
35
+ workflowId: call.workflowId,
36
+ currency: call.currency,
37
+ agentSubject: call.agentSubject,
38
+ approvalToken: call.approvalToken,
39
+ idempotencyKey: call.idempotencyKey,
40
+ }),
41
+ };
42
+ }
43
+ const genericToolExecutorAdapter = {
44
+ name: "generic",
45
+ wrapTools(run, tools) {
46
+ return assertGenericTools(tools).map((tool) => wrapGenericTool(run, tool));
47
+ },
48
+ };
49
+ /** Provider-agnostic framework adapter for `{ name, execute }` tool definitions. */
50
+ export function createGenericToolExecutor() {
51
+ return genericToolExecutorAdapter;
52
+ }
53
+ /** Singleton generic adapter instance. */
54
+ export const paybondGenericToolExecutorAdapter = genericToolExecutorAdapter;
55
+ /** Build a run-scoped tool input guard adapter (framework-neutral). */
56
+ export function createToolInputGuardAdapter(run) {
57
+ return {
58
+ name: "tool-input-guard",
59
+ evaluate: (input) => run.interceptor.authorizeToolCall(input),
60
+ wrapExecutors: (tools) => assertGenericTools(tools).map((tool) => wrapGenericTool(run, tool)),
61
+ };
62
+ }
63
+ /** Convenience alias for {@link createToolInputGuardAdapter}. */
64
+ export function paybondToolInputGuardAdapter(run) {
65
+ return createToolInputGuardAdapter(run);
66
+ }
@@ -0,0 +1,37 @@
1
+ import type { PaybondRunProductionEvidenceCredentials } from "./types.js";
2
+ /** Attach bundle wire prefix (`ab1.`). */
3
+ export declare const PAYBOND_ATTACH_BUNDLE_PREFIX = "ab1.";
4
+ export declare const PAYBOND_ATTACH_INTENT_ID_ENV = "PAYBOND_ATTACH_INTENT_ID";
5
+ export declare const PAYBOND_CAPABILITY_TOKEN_ENV = "PAYBOND_CAPABILITY_TOKEN";
6
+ export declare const PAYBOND_ATTACH_BUNDLE_ENV = "PAYBOND_ATTACH_BUNDLE";
7
+ /** Cleartext credential payload sealed inside {@link PAYBOND_ATTACH_BUNDLE_ENV}. */
8
+ export type PaybondAttachBundlePayloadV1 = Readonly<{
9
+ v: 1;
10
+ payee_did: string;
11
+ payee_signing_seed_hex: string;
12
+ agent_recognition_key_id: string;
13
+ agent_recognition_signing_seed_hex: string;
14
+ }>;
15
+ /** Seal production signing material into an opaque attach bundle for env injection. */
16
+ export declare function sealPaybondAttachBundle(payload: PaybondAttachBundlePayloadV1): string;
17
+ /** Open a console-minted attach bundle and return the sealed credential payload. */
18
+ export declare function openPaybondAttachBundle(bundle: string): PaybondAttachBundlePayloadV1;
19
+ /** Map attach bundle payload bytes into run-scoped production evidence credentials. */
20
+ export declare function productionEvidenceFromAttachBundle(payload: PaybondAttachBundlePayloadV1): PaybondRunProductionEvidenceCredentials;
21
+ export type PaybondAttachEnvRecord = Readonly<Record<string, string | undefined>>;
22
+ /**
23
+ * Resolve funded-intent attach context from standard production env vars.
24
+ * Requires {@link PAYBOND_ATTACH_INTENT_ID_ENV}, {@link PAYBOND_CAPABILITY_TOKEN_ENV},
25
+ * and {@link PAYBOND_ATTACH_BUNDLE_ENV}.
26
+ */
27
+ export declare function resolveAttachContextFromEnv(env?: PaybondAttachEnvRecord): {
28
+ intentId: string;
29
+ capabilityToken: string;
30
+ productionEvidence: PaybondRunProductionEvidenceCredentials;
31
+ };
32
+ /** Format the console one-time env snippet for copy/paste into a secrets manager. */
33
+ export declare function formatPaybondAttachEnvSnippet(input: {
34
+ intentId: string;
35
+ capabilityToken: string;
36
+ attachBundle: string;
37
+ }): string;
@@ -0,0 +1,118 @@
1
+ import { createDecipheriv, createCipheriv, randomBytes } from "node:crypto";
2
+ /** Attach bundle wire prefix (`ab1.`). */
3
+ export const PAYBOND_ATTACH_BUNDLE_PREFIX = "ab1.";
4
+ export const PAYBOND_ATTACH_INTENT_ID_ENV = "PAYBOND_ATTACH_INTENT_ID";
5
+ export const PAYBOND_CAPABILITY_TOKEN_ENV = "PAYBOND_CAPABILITY_TOKEN";
6
+ export const PAYBOND_ATTACH_BUNDLE_ENV = "PAYBOND_ATTACH_BUNDLE";
7
+ function base64UrlEncode(bytes) {
8
+ return Buffer.from(bytes).toString("base64url");
9
+ }
10
+ function base64UrlDecode(encoded) {
11
+ return new Uint8Array(Buffer.from(encoded, "base64url"));
12
+ }
13
+ function parseSeed32Hex(raw, field) {
14
+ const hex = raw.trim().replace(/^0x/i, "");
15
+ if (!/^[0-9a-fA-F]{64}$/.test(hex)) {
16
+ throw new Error(`${field} must be a 32-byte Ed25519 seed (64 hex characters)`);
17
+ }
18
+ const out = new Uint8Array(32);
19
+ for (let i = 0; i < 32; i++) {
20
+ out[i] = Number.parseInt(hex.slice(i * 2, i * 2 + 2), 16);
21
+ }
22
+ return out;
23
+ }
24
+ /** Seal production signing material into an opaque attach bundle for env injection. */
25
+ export function sealPaybondAttachBundle(payload) {
26
+ if (payload.v !== 1) {
27
+ throw new Error("attach bundle payload version must be 1");
28
+ }
29
+ const bundleKey = randomBytes(32);
30
+ const nonce = randomBytes(12);
31
+ const cipher = createCipheriv("aes-256-gcm", bundleKey, nonce);
32
+ const plaintext = Buffer.from(JSON.stringify(payload), "utf8");
33
+ const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final(), cipher.getAuthTag()]);
34
+ const envelope = {
35
+ v: 1,
36
+ alg: "aes-256-gcm",
37
+ k: base64UrlEncode(bundleKey),
38
+ n: base64UrlEncode(nonce),
39
+ c: base64UrlEncode(ciphertext),
40
+ };
41
+ return PAYBOND_ATTACH_BUNDLE_PREFIX + Buffer.from(JSON.stringify(envelope), "utf8").toString("base64url");
42
+ }
43
+ /** Open a console-minted attach bundle and return the sealed credential payload. */
44
+ export function openPaybondAttachBundle(bundle) {
45
+ const trimmed = bundle.trim();
46
+ if (!trimmed.startsWith(PAYBOND_ATTACH_BUNDLE_PREFIX)) {
47
+ throw new Error(`attach bundle must start with ${PAYBOND_ATTACH_BUNDLE_PREFIX}`);
48
+ }
49
+ const encoded = trimmed.slice(PAYBOND_ATTACH_BUNDLE_PREFIX.length);
50
+ let envelope;
51
+ try {
52
+ envelope = JSON.parse(Buffer.from(encoded, "base64url").toString("utf8"));
53
+ }
54
+ catch {
55
+ throw new Error("attach bundle envelope is not valid base64url JSON");
56
+ }
57
+ if (envelope.v !== 1 || envelope.alg !== "aes-256-gcm") {
58
+ throw new Error("unsupported attach bundle envelope");
59
+ }
60
+ const bundleKey = base64UrlDecode(envelope.k);
61
+ const nonce = base64UrlDecode(envelope.n);
62
+ const ciphertext = base64UrlDecode(envelope.c);
63
+ if (bundleKey.length !== 32 || nonce.length !== 12 || ciphertext.length < 16) {
64
+ throw new Error("attach bundle envelope fields are malformed");
65
+ }
66
+ const authTag = ciphertext.slice(ciphertext.length - 16);
67
+ const encrypted = ciphertext.slice(0, ciphertext.length - 16);
68
+ const decipher = createDecipheriv("aes-256-gcm", bundleKey, nonce);
69
+ decipher.setAuthTag(authTag);
70
+ const plaintext = Buffer.concat([decipher.update(encrypted), decipher.final()]);
71
+ const payload = JSON.parse(plaintext.toString("utf8"));
72
+ if (payload.v !== 1) {
73
+ throw new Error("attach bundle payload version must be 1");
74
+ }
75
+ return payload;
76
+ }
77
+ /** Map attach bundle payload bytes into run-scoped production evidence credentials. */
78
+ export function productionEvidenceFromAttachBundle(payload) {
79
+ return {
80
+ payeeDid: payload.payee_did.trim(),
81
+ payeeSigningSeed: parseSeed32Hex(payload.payee_signing_seed_hex, "payee_signing_seed_hex"),
82
+ agentRecognitionKeyId: payload.agent_recognition_key_id.trim(),
83
+ agentRecognitionSigningSeed: parseSeed32Hex(payload.agent_recognition_signing_seed_hex, "agent_recognition_signing_seed_hex"),
84
+ };
85
+ }
86
+ /**
87
+ * Resolve funded-intent attach context from standard production env vars.
88
+ * Requires {@link PAYBOND_ATTACH_INTENT_ID_ENV}, {@link PAYBOND_CAPABILITY_TOKEN_ENV},
89
+ * and {@link PAYBOND_ATTACH_BUNDLE_ENV}.
90
+ */
91
+ export function resolveAttachContextFromEnv(env = process.env) {
92
+ const intentId = env[PAYBOND_ATTACH_INTENT_ID_ENV]?.trim() ?? "";
93
+ const capabilityToken = env[PAYBOND_CAPABILITY_TOKEN_ENV]?.trim() ?? "";
94
+ const bundle = env[PAYBOND_ATTACH_BUNDLE_ENV]?.trim() ?? "";
95
+ if (!intentId) {
96
+ throw new Error(`${PAYBOND_ATTACH_INTENT_ID_ENV} is required when attach is "env"`);
97
+ }
98
+ if (!capabilityToken) {
99
+ throw new Error(`${PAYBOND_CAPABILITY_TOKEN_ENV} is required when attach is "env"`);
100
+ }
101
+ if (!bundle) {
102
+ throw new Error(`${PAYBOND_ATTACH_BUNDLE_ENV} is required when attach is "env"`);
103
+ }
104
+ const payload = openPaybondAttachBundle(bundle);
105
+ return {
106
+ intentId,
107
+ capabilityToken,
108
+ productionEvidence: productionEvidenceFromAttachBundle(payload),
109
+ };
110
+ }
111
+ /** Format the console one-time env snippet for copy/paste into a secrets manager. */
112
+ export function formatPaybondAttachEnvSnippet(input) {
113
+ return [
114
+ `${PAYBOND_ATTACH_INTENT_ID_ENV}=${input.intentId}`,
115
+ `${PAYBOND_CAPABILITY_TOKEN_ENV}=${input.capabilityToken}`,
116
+ `${PAYBOND_ATTACH_BUNDLE_ENV}=${input.attachBundle}`,
117
+ ].join("\n");
118
+ }
@@ -0,0 +1,22 @@
1
+ /** Max age for authorize → wrapExecute cache reuse (seconds). */
2
+ export declare const AUTHORIZATION_CACHE_TTL_SEC = 120;
3
+ export type CachedAuthorizationEntry<TAuth> = {
4
+ auth: TAuth;
5
+ policyDigest?: string;
6
+ operation: string;
7
+ requestedSpendCents: number;
8
+ toolName: string;
9
+ cachedAtMs: number;
10
+ };
11
+ export type AuthorizationCacheExpectation = {
12
+ operation: string;
13
+ requestedSpendCents: number;
14
+ toolName: string;
15
+ };
16
+ /** Drop expired entries before inserting a new authorization. */
17
+ export declare function evictExpiredAuthorizationCache<TAuth>(cache: Map<string, CachedAuthorizationEntry<TAuth>>, ttlSec?: number, nowMs?: number): void;
18
+ /**
19
+ * Remove and return a cached authorization when it is fresh and matches the
20
+ * wrapExecute call (operation, spend, tool name).
21
+ */
22
+ export declare function takeValidCachedAuthorization<TAuth>(cache: Map<string, CachedAuthorizationEntry<TAuth>>, cacheKey: string, expected: AuthorizationCacheExpectation, ttlSec?: number, nowMs?: number): CachedAuthorizationEntry<TAuth> | undefined;
@@ -0,0 +1,36 @@
1
+ /** Max age for authorize → wrapExecute cache reuse (seconds). */
2
+ export const AUTHORIZATION_CACHE_TTL_SEC = 120;
3
+ /** Drop expired entries before inserting a new authorization. */
4
+ export function evictExpiredAuthorizationCache(cache, ttlSec = AUTHORIZATION_CACHE_TTL_SEC, nowMs = Date.now()) {
5
+ const ttlMs = ttlSec * 1000;
6
+ for (const [key, entry] of cache) {
7
+ if (nowMs - entry.cachedAtMs > ttlMs) {
8
+ cache.delete(key);
9
+ }
10
+ }
11
+ }
12
+ /**
13
+ * Remove and return a cached authorization when it is fresh and matches the
14
+ * wrapExecute call (operation, spend, tool name).
15
+ */
16
+ export function takeValidCachedAuthorization(cache, cacheKey, expected, ttlSec = AUTHORIZATION_CACHE_TTL_SEC, nowMs = Date.now()) {
17
+ const cached = cache.get(cacheKey);
18
+ if (!cached) {
19
+ return undefined;
20
+ }
21
+ cache.delete(cacheKey);
22
+ const ttlMs = ttlSec * 1000;
23
+ if (nowMs - cached.cachedAtMs > ttlMs) {
24
+ return undefined;
25
+ }
26
+ if (cached.operation !== expected.operation) {
27
+ return undefined;
28
+ }
29
+ if (cached.requestedSpendCents !== expected.requestedSpendCents) {
30
+ return undefined;
31
+ }
32
+ if (cached.toolName !== expected.toolName) {
33
+ return undefined;
34
+ }
35
+ return cached;
36
+ }
@@ -0,0 +1,11 @@
1
+ export declare const PAYBOND_BIND_CONTEXT_MESSAGE = "Call instrumented.bind({ intentId, capabilityToken }) to attach a funded intent before executing side-effecting tools.";
2
+ /** Thrown when a deferred tool executes before {@link PaybondInstrumented.bind}. */
3
+ export declare class PaybondUnboundContextError extends Error {
4
+ readonly toolName: string;
5
+ constructor(toolName: string);
6
+ }
7
+ /**
8
+ * Wrap tools for static instrumentation — safe to register with agent frameworks.
9
+ * Side-effecting execution throws until {@link PaybondInstrumented.bind} supplies a runtime.
10
+ */
11
+ export declare function wrapDeferredTools<TTools>(rawTools: TTools): TTools;
@@ -0,0 +1,62 @@
1
+ export const PAYBOND_BIND_CONTEXT_MESSAGE = "Call instrumented.bind({ intentId, capabilityToken }) to attach a funded intent before executing side-effecting tools.";
2
+ /** Thrown when a deferred tool executes before {@link PaybondInstrumented.bind}. */
3
+ export class PaybondUnboundContextError extends Error {
4
+ toolName;
5
+ constructor(toolName) {
6
+ super(`Tool "${toolName}" requires a bound Paybond context. ${PAYBOND_BIND_CONTEXT_MESSAGE}`);
7
+ this.name = "PaybondUnboundContextError";
8
+ this.toolName = toolName;
9
+ }
10
+ }
11
+ function isRecord(value) {
12
+ return typeof value === "object" && value !== null;
13
+ }
14
+ function isGenericToolDefinition(value) {
15
+ if (!isRecord(value)) {
16
+ return false;
17
+ }
18
+ return typeof value.name === "string" && value.name.trim().length > 0 && typeof value.execute === "function";
19
+ }
20
+ function deferredExecute(toolName) {
21
+ throw new PaybondUnboundContextError(toolName);
22
+ }
23
+ /**
24
+ * Wrap tools for static instrumentation — safe to register with agent frameworks.
25
+ * Side-effecting execution throws until {@link PaybondInstrumented.bind} supplies a runtime.
26
+ */
27
+ export function wrapDeferredTools(rawTools) {
28
+ if (Array.isArray(rawTools)) {
29
+ return rawTools.map((tool) => {
30
+ if (!isGenericToolDefinition(tool)) {
31
+ return tool;
32
+ }
33
+ const { execute: _ignored, ...rest } = tool;
34
+ return {
35
+ ...rest,
36
+ name: tool.name,
37
+ execute: async (_call) => deferredExecute(tool.name),
38
+ };
39
+ });
40
+ }
41
+ if (isRecord(rawTools)) {
42
+ const wrapped = {};
43
+ for (const [name, tool] of Object.entries(rawTools)) {
44
+ if (typeof tool === "function") {
45
+ wrapped[name] = async () => deferredExecute(name);
46
+ continue;
47
+ }
48
+ if (isGenericToolDefinition(tool)) {
49
+ const { execute: _ignored, ...rest } = tool;
50
+ wrapped[name] = {
51
+ ...rest,
52
+ name: tool.name?.trim() || name,
53
+ execute: async (_call) => deferredExecute(tool.name?.trim() || name),
54
+ };
55
+ continue;
56
+ }
57
+ wrapped[name] = tool;
58
+ }
59
+ return wrapped;
60
+ }
61
+ return rawTools;
62
+ }
@@ -0,0 +1,41 @@
1
+ import type { PaybondInlinePolicy } from "./instrument.js";
2
+ import type { PaybondPolicyLoadSource } from "../policy/load.js";
3
+ import type { PaybondTraceSink } from "./types.js";
4
+ /** Metadata attached to framework agent instances after {@link instrumentPaybondAgent}. */
5
+ export type PaybondAgentInstrumentation = {
6
+ run?: import("./run.js").PaybondAgentRun;
7
+ policy: import("../policy/load.js").PaybondPolicy;
8
+ hooks: import("./facade.js").PaybondAgentHooks;
9
+ tools?: unknown;
10
+ binding: import("./instrument.js").PaybondInstrumentBinding;
11
+ status?: import("./instrument.js").PaybondInstrumentBinding;
12
+ bind?: (context: import("./instrument.js").PaybondInstrumentContext) => Promise<PaybondAgentInstrumentation>;
13
+ /** @deprecated Use {@link PaybondAgentInstrumentation.bind}. */
14
+ withContext?: (context: import("./instrument.js").PaybondInstrumentContext) => Promise<PaybondAgentInstrumentation>;
15
+ };
16
+ export type PaybondInstrumentAgentOptions = {
17
+ policy?: PaybondPolicyLoadSource | PaybondInlinePolicy;
18
+ framework?: import("./guarded-agent.js").GuardedAgentFramework;
19
+ sandbox?: boolean;
20
+ attach?: import("./instrument.js").PaybondInstrumentAttachInput;
21
+ context?: import("./instrument.js").PaybondInstrumentContextInput;
22
+ traceSink?: PaybondTraceSink;
23
+ /** @deprecated Use {@link PaybondInstrumentAgentOptions.traceSink}. */
24
+ onTrace?: PaybondTraceSink;
25
+ };
26
+ /**
27
+ * Discover tools from a framework agent instance.
28
+ * Supports tool maps, `{ name, execute }[]`, and common SDK property names.
29
+ */
30
+ export declare function discoverToolsFromAgent(agent: unknown): unknown;
31
+ /**
32
+ * Resolve policy for agent instrumentation.
33
+ * Order: explicit option → agent.policy → agent.paybondPolicy → PAYBOND_POLICY env → ./paybond.policy.yaml
34
+ */
35
+ export declare function discoverPolicyFromAgent(agent: unknown, options?: PaybondInstrumentAgentOptions): PaybondPolicyLoadSource | PaybondInlinePolicy;
36
+ /** True when `value` is a framework agent object rather than an explicit `{ policy, tools }` config. */
37
+ export declare function isInstrumentableAgentObject(value: unknown): value is Record<string, unknown>;
38
+ /** Read Paybond instrumentation previously attached to an agent instance. */
39
+ export declare function readPaybondAgentInstrumentation(agent: unknown): PaybondAgentInstrumentation | undefined;
40
+ /** Attach guarded tools and Paybond metadata to a framework agent instance (in place). */
41
+ export declare function attachPaybondAgentInstrumentation(agent: object, instrumentation: PaybondAgentInstrumentation, guardedTools: unknown): void;
@@ -0,0 +1,147 @@
1
+ const INSTRUMENT_CONFIG_KEYS = new Set([
2
+ "policy",
3
+ "tools",
4
+ "framework",
5
+ "bootstrap",
6
+ "attach",
7
+ "runId",
8
+ "validatePolicy",
9
+ "openAIAgentsOptions",
10
+ "sandbox",
11
+ "context",
12
+ ]);
13
+ function isRecord(value) {
14
+ return typeof value === "object" && value !== null;
15
+ }
16
+ function isPlainInstrumentConfig(value) {
17
+ if (!("policy" in value) || !("tools" in value)) {
18
+ return false;
19
+ }
20
+ return Object.keys(value).every((key) => INSTRUMENT_CONFIG_KEYS.has(key));
21
+ }
22
+ function hasAgentRuntimeShape(value) {
23
+ if (Object.getPrototypeOf(value) !== Object.prototype) {
24
+ return true;
25
+ }
26
+ return ("model" in value ||
27
+ "run" in value ||
28
+ "invoke" in value ||
29
+ "execute" in value ||
30
+ "stream" in value ||
31
+ "mcpServer" in value ||
32
+ "paybond" in value);
33
+ }
34
+ /**
35
+ * Discover tools from a framework agent instance.
36
+ * Supports tool maps, `{ name, execute }[]`, and common SDK property names.
37
+ */
38
+ export function discoverToolsFromAgent(agent) {
39
+ if (!isRecord(agent)) {
40
+ throw new TypeError("instrument(agent) requires an object with discoverable tools");
41
+ }
42
+ const candidates = [
43
+ agent.tools,
44
+ agent.functionTools,
45
+ agent.function_tools,
46
+ agent.toolDefinitions,
47
+ agent.tool_definitions,
48
+ ];
49
+ for (const candidate of candidates) {
50
+ if (candidate === undefined) {
51
+ continue;
52
+ }
53
+ if (Array.isArray(candidate) && candidate.length === 0) {
54
+ continue;
55
+ }
56
+ if (Array.isArray(candidate) || isRecord(candidate)) {
57
+ return candidate;
58
+ }
59
+ }
60
+ throw new TypeError("could not discover tools on agent; expected .tools, .functionTools, or a tool map/array");
61
+ }
62
+ /**
63
+ * Resolve policy for agent instrumentation.
64
+ * Order: explicit option → agent.policy → agent.paybondPolicy → PAYBOND_POLICY env → ./paybond.policy.yaml
65
+ */
66
+ export function discoverPolicyFromAgent(agent, options) {
67
+ if (options?.policy !== undefined) {
68
+ return options.policy;
69
+ }
70
+ if (isRecord(agent)) {
71
+ if (agent.policy !== undefined) {
72
+ return agent.policy;
73
+ }
74
+ if (agent.paybondPolicy !== undefined) {
75
+ return agent.paybondPolicy;
76
+ }
77
+ }
78
+ const envPolicy = typeof process !== "undefined" ? process.env.PAYBOND_POLICY?.trim() : "";
79
+ if (envPolicy) {
80
+ return envPolicy;
81
+ }
82
+ return "./paybond.policy.yaml";
83
+ }
84
+ /** True when `value` is a framework agent object rather than an explicit `{ policy, tools }` config. */
85
+ export function isInstrumentableAgentObject(value) {
86
+ if (!isRecord(value)) {
87
+ return false;
88
+ }
89
+ if (isPlainInstrumentConfig(value) && !hasAgentRuntimeShape(value)) {
90
+ return false;
91
+ }
92
+ if (hasExplicitInstrumentOnlyFields(value)) {
93
+ return false;
94
+ }
95
+ try {
96
+ discoverToolsFromAgent(value);
97
+ return true;
98
+ }
99
+ catch {
100
+ return false;
101
+ }
102
+ }
103
+ function hasExplicitInstrumentOnlyFields(value) {
104
+ return (("attach" in value || "bootstrap" in value || "validatePolicy" in value) &&
105
+ !("tools" in value && hasAgentRuntimeShape(value)));
106
+ }
107
+ const PAYBOND_AGENT_SYMBOL = Symbol.for("paybond.agent.instrumentation");
108
+ /** Read Paybond instrumentation previously attached to an agent instance. */
109
+ export function readPaybondAgentInstrumentation(agent) {
110
+ if (!isRecord(agent)) {
111
+ return undefined;
112
+ }
113
+ const attached = agent[PAYBOND_AGENT_SYMBOL];
114
+ if (attached) {
115
+ return attached;
116
+ }
117
+ const legacy = agent.paybond;
118
+ return legacy;
119
+ }
120
+ /** Attach guarded tools and Paybond metadata to a framework agent instance (in place). */
121
+ export function attachPaybondAgentInstrumentation(agent, instrumentation, guardedTools) {
122
+ const record = agent;
123
+ if ("tools" in record) {
124
+ record.tools = guardedTools;
125
+ }
126
+ else if ("functionTools" in record) {
127
+ record.functionTools = guardedTools;
128
+ }
129
+ else if ("function_tools" in record) {
130
+ record.function_tools = guardedTools;
131
+ }
132
+ else {
133
+ record.tools = guardedTools;
134
+ }
135
+ Object.defineProperty(agent, PAYBOND_AGENT_SYMBOL, {
136
+ value: instrumentation,
137
+ writable: true,
138
+ configurable: true,
139
+ enumerable: false,
140
+ });
141
+ Object.defineProperty(agent, "paybond", {
142
+ value: instrumentation,
143
+ writable: true,
144
+ configurable: true,
145
+ enumerable: false,
146
+ });
147
+ }
@@ -0,0 +1,9 @@
1
+ import { PaybondSideEffectingToolEntry, PaybondToolCallContext } from "./types.js";
2
+ export type BuiltAutoEvidence = {
3
+ payload: Record<string, unknown>;
4
+ vendorPayload?: Record<string, unknown>;
5
+ };
6
+ /**
7
+ * Build canonical evidence payloads from a tool result using the completion catalog.
8
+ */
9
+ export declare function buildAutoEvidencePayload(entry: Pick<PaybondSideEffectingToolEntry, "evidencePreset" | "evidenceMapper">, toolResult: unknown, ctx: PaybondToolCallContext): Record<string, unknown>;
@@ -0,0 +1,28 @@
1
+ import { getCompletionPreset, } from "../completion-catalog.js";
2
+ import { isVendorPack, mapVendorEvidenceToCanonical, resolveCompletionPreset, } from "../completion-resolve.js";
3
+ function assertEvidenceRecord(value, message) {
4
+ if (typeof value !== "object" || value === null || Array.isArray(value)) {
5
+ throw new Error(message);
6
+ }
7
+ return value;
8
+ }
9
+ /**
10
+ * Build canonical evidence payloads from a tool result using the completion catalog.
11
+ */
12
+ export function buildAutoEvidencePayload(entry, toolResult, ctx) {
13
+ if (entry.evidenceMapper) {
14
+ return assertEvidenceRecord(entry.evidenceMapper(toolResult, ctx), "evidenceMapper must return a JSON object payload");
15
+ }
16
+ const resolved = resolveCompletionPreset(entry.evidencePreset);
17
+ const preset = resolved.preset;
18
+ if (isVendorPack(preset)) {
19
+ if (typeof toolResult === "object" && toolResult !== null && !Array.isArray(toolResult)) {
20
+ return mapVendorEvidenceToCanonical(preset, toolResult);
21
+ }
22
+ throw new Error(`side-effecting tool "${ctx.toolName}" uses vendor pack preset "${entry.evidencePreset}"; provide evidenceMapper when tool result is not a JSON object`);
23
+ }
24
+ if (typeof toolResult === "object" && toolResult !== null && !Array.isArray(toolResult)) {
25
+ return { ...toolResult };
26
+ }
27
+ return { ...getCompletionPreset(resolved.archetype.preset_id).sample_evidence };
28
+ }
@@ -0,0 +1,48 @@
1
+ import type { ClaudeAgentsConfig } from "../claude-agents/index.js";
2
+ import type { PaybondLangGraphHooks } from "../langgraph/config.js";
3
+ import { createOpenAIAgentsAdapter } from "../openai-agents/index.js";
4
+ import type { PaybondPolicy } from "../policy/load.js";
5
+ import type { PaybondPolicyLoadSource } from "../policy/load.js";
6
+ import { paybondVercelToolApproval } from "../vercel-ai/tool-approval.js";
7
+ import type { PaybondToolInputGuardAdapter } from "./adapter.js";
8
+ import { type CreateGuardedAgentResult, type GuardedAgentFramework } from "./guarded-agent.js";
9
+ import { type PaybondInstrumentInput } from "./instrument.js";
10
+ import type { PaybondAgentRun, PaybondAgentRunHost } from "./run.js";
11
+ /**
12
+ * Resolve a policy preset id (for example `travel`) or pass through file paths and in-memory documents.
13
+ */
14
+ export declare function resolveAgentPolicySource(policy: PaybondPolicyLoadSource): PaybondPolicyLoadSource;
15
+ export type PaybondAgentInput<TTools = unknown> = PaybondInstrumentInput<TTools> & {
16
+ policy: PaybondPolicyLoadSource;
17
+ };
18
+ /** Framework-native wiring returned by {@link createPaybondAgent} / {@link Paybond.agent}. */
19
+ export type PaybondAgentHooks = {
20
+ inputGuard?: PaybondToolInputGuardAdapter;
21
+ toolApproval?: ReturnType<typeof paybondVercelToolApproval>;
22
+ awrapToolCall?: PaybondLangGraphHooks["awrapToolCall"];
23
+ createToolNode?: PaybondLangGraphHooks["createToolNode"];
24
+ runConfig?: ReturnType<typeof createOpenAIAgentsAdapter>["runConfig"];
25
+ openAIAgentsAdapter?: ReturnType<typeof createOpenAIAgentsAdapter>;
26
+ mcpServer?: ClaudeAgentsConfig["mcpServer"];
27
+ allowedTools?: ClaudeAgentsConfig["allowedTools"];
28
+ };
29
+ /** Opinionated quickstart result: guarded tools plus framework hooks. */
30
+ export type PaybondAgentResult<TTools = unknown> = {
31
+ run: PaybondAgentRun;
32
+ tools: TTools;
33
+ hooks: PaybondAgentHooks;
34
+ policy: PaybondPolicy;
35
+ };
36
+ /** Normalize {@link CreateGuardedAgentResult} into the quickstart `{ run, tools, hooks, policy }` shape. */
37
+ export declare function toPaybondAgentResult<TTools>(result: CreateGuardedAgentResult<TTools>): PaybondAgentResult<TTools>;
38
+ /** Opinionated quickstart: resolve named presets, then delegate to {@link instrumentPaybondAgent}. */
39
+ export declare function createPaybondAgent<TTools>(paybond: PaybondAgentRunHost, input: PaybondAgentInput<TTools>): Promise<PaybondAgentResult<TTools>>;
40
+ export type PaybondWrapToolsOptions = {
41
+ framework?: GuardedAgentFramework;
42
+ sandbox?: boolean;
43
+ attach?: import("./instrument.js").PaybondInstrumentAttachInput;
44
+ context?: import("./instrument.js").PaybondInstrumentContextInput;
45
+ };
46
+ /** Wrap tools for an existing bound run without reloading policy. */
47
+ export declare function wrapPaybondTools(run: PaybondAgentRun, tools: unknown, options?: PaybondWrapToolsOptions): unknown;
48
+ export type { PaybondInstrumentInput } from "./instrument.js";