@paybond/kit 0.10.0 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (346) hide show
  1. package/README.md +59 -15
  2. package/completion-presets/catalog.json +1187 -0
  3. package/completion-presets/catalog.sha256 +1 -0
  4. package/dev/trace-ui/dashboard.html +617 -0
  5. package/dist/agent/adapter.d.ts +51 -0
  6. package/dist/agent/adapter.js +66 -0
  7. package/dist/agent/attach-bundle.d.ts +37 -0
  8. package/dist/agent/attach-bundle.js +118 -0
  9. package/dist/agent/authorization-cache.d.ts +22 -0
  10. package/dist/agent/authorization-cache.js +36 -0
  11. package/dist/agent/deferred-tools.d.ts +11 -0
  12. package/dist/agent/deferred-tools.js +62 -0
  13. package/dist/agent/discover.d.ts +41 -0
  14. package/dist/agent/discover.js +147 -0
  15. package/dist/agent/evidence.d.ts +9 -0
  16. package/dist/agent/evidence.js +28 -0
  17. package/dist/agent/facade.d.ts +48 -0
  18. package/dist/agent/facade.js +112 -0
  19. package/dist/agent/gateway-trace-reporter.d.ts +28 -0
  20. package/dist/agent/gateway-trace-reporter.js +49 -0
  21. package/dist/agent/generic-runner.d.ts +14 -0
  22. package/dist/agent/generic-runner.js +49 -0
  23. package/dist/agent/generic-sandbox-demo.d.ts +36 -0
  24. package/dist/agent/generic-sandbox-demo.js +82 -0
  25. package/dist/agent/guarded-agent.d.ts +49 -0
  26. package/dist/agent/guarded-agent.js +100 -0
  27. package/dist/agent/index.d.ts +13 -0
  28. package/dist/agent/index.js +13 -0
  29. package/dist/agent/instrument.d.ts +156 -0
  30. package/dist/agent/instrument.js +442 -0
  31. package/dist/agent/interceptor.d.ts +24 -0
  32. package/dist/agent/interceptor.js +440 -0
  33. package/dist/agent/lazy-context-tools.d.ts +15 -0
  34. package/dist/agent/lazy-context-tools.js +81 -0
  35. package/dist/agent/registry-file.d.ts +39 -0
  36. package/dist/agent/registry-file.js +219 -0
  37. package/dist/agent/registry.d.ts +37 -0
  38. package/dist/agent/registry.js +128 -0
  39. package/dist/agent/run.d.ts +124 -0
  40. package/dist/agent/run.js +301 -0
  41. package/dist/agent/types.d.ts +318 -0
  42. package/dist/agent/types.js +42 -0
  43. package/dist/agent-recognition.d.ts +72 -0
  44. package/dist/agent-recognition.js +165 -0
  45. package/dist/bincode-wire.d.ts +18 -0
  46. package/dist/bincode-wire.js +93 -0
  47. package/dist/claude-agents/config.d.ts +21 -0
  48. package/dist/claude-agents/config.js +145 -0
  49. package/dist/claude-agents/index.d.ts +2 -0
  50. package/dist/claude-agents/index.js +2 -0
  51. package/dist/claude-agents/sandbox-demo.d.ts +30 -0
  52. package/dist/claude-agents/sandbox-demo.js +91 -0
  53. package/dist/cli/agent/demo-loaders.d.ts +4 -0
  54. package/dist/cli/agent/demo-loaders.js +66 -0
  55. package/dist/cli/agent/env-quote.d.ts +1 -0
  56. package/dist/cli/agent/env-quote.js +6 -0
  57. package/dist/cli/agent/env-write.d.ts +8 -0
  58. package/dist/cli/agent/env-write.js +47 -0
  59. package/dist/cli/agent/paybond.d.ts +16 -0
  60. package/dist/cli/agent/paybond.js +55 -0
  61. package/dist/cli/agent/policy-file.d.ts +29 -0
  62. package/dist/cli/agent/policy-file.js +61 -0
  63. package/dist/cli/agent/production-evidence.d.ts +24 -0
  64. package/dist/cli/agent/production-evidence.js +98 -0
  65. package/dist/cli/agent/run-store.d.ts +30 -0
  66. package/dist/cli/agent/run-store.js +42 -0
  67. package/dist/cli/agent/run-trace-store.d.ts +39 -0
  68. package/dist/cli/agent/run-trace-store.js +143 -0
  69. package/dist/cli/agent-run-trace-table.d.ts +9 -0
  70. package/dist/cli/agent-run-trace-table.js +24 -0
  71. package/dist/cli/agent-sandbox-smoke-checklist.d.ts +9 -0
  72. package/dist/cli/agent-sandbox-smoke-checklist.js +50 -0
  73. package/dist/cli/command-spec.d.ts +1 -0
  74. package/dist/cli/command-spec.js +286 -5
  75. package/dist/cli/commands/agent.d.ts +16 -0
  76. package/dist/cli/commands/agent.js +1136 -0
  77. package/dist/cli/commands/dev.d.ts +7 -0
  78. package/dist/cli/commands/dev.js +348 -0
  79. package/dist/cli/commands/discovery.js +3 -3
  80. package/dist/cli/commands/policy.d.ts +13 -0
  81. package/dist/cli/commands/policy.js +769 -0
  82. package/dist/cli/commands/setup.d.ts +3 -0
  83. package/dist/cli/commands/setup.js +124 -8
  84. package/dist/cli/commands/workflows.js +9 -4
  85. package/dist/cli/config.d.ts +2 -0
  86. package/dist/cli/config.js +4 -2
  87. package/dist/cli/context.js +2 -1
  88. package/dist/cli/credentials.js +2 -2
  89. package/dist/cli/doctor-agent-middleware.d.ts +5 -0
  90. package/dist/cli/doctor-agent-middleware.js +49 -0
  91. package/dist/cli/globals.d.ts +1 -0
  92. package/dist/cli/globals.js +11 -1
  93. package/dist/cli/help.d.ts +1 -1
  94. package/dist/cli/help.js +35 -3
  95. package/dist/cli/mcp-install.js +2 -2
  96. package/dist/cli/mcp-policy.d.ts +3 -0
  97. package/dist/cli/mcp-policy.js +19 -13
  98. package/dist/cli/mcp-verify-config.js +9 -11
  99. package/dist/cli/redact.js +29 -8
  100. package/dist/cli/router.js +105 -2
  101. package/dist/cli/smoke-deep-links.d.ts +15 -0
  102. package/dist/cli/smoke-deep-links.js +63 -0
  103. package/dist/cli/telemetry.d.ts +17 -0
  104. package/dist/cli/telemetry.js +94 -0
  105. package/dist/completion-catalog-digest.d.ts +2 -0
  106. package/dist/completion-catalog-digest.js +2 -0
  107. package/dist/completion-catalog-integrity.d.ts +2 -0
  108. package/dist/completion-catalog-integrity.js +17 -0
  109. package/dist/completion-catalog.d.ts +49 -0
  110. package/dist/completion-catalog.js +62 -0
  111. package/dist/completion-contract-digest.d.ts +37 -0
  112. package/dist/completion-contract-digest.js +73 -0
  113. package/dist/completion-forbidden-fields.d.ts +5 -0
  114. package/dist/completion-forbidden-fields.js +26 -0
  115. package/dist/completion-init.d.ts +8 -0
  116. package/dist/completion-init.js +334 -0
  117. package/dist/completion-resolve.d.ts +21 -0
  118. package/dist/completion-resolve.js +86 -0
  119. package/dist/completion-validate-evidence.d.ts +24 -0
  120. package/dist/completion-validate-evidence.js +145 -0
  121. package/dist/dev/offline-gateway.d.ts +24 -0
  122. package/dist/dev/offline-gateway.js +102 -0
  123. package/dist/dev/trace-buffer.d.ts +61 -0
  124. package/dist/dev/trace-buffer.js +330 -0
  125. package/dist/dev/trace-security-headers.d.ts +11 -0
  126. package/dist/dev/trace-security-headers.js +16 -0
  127. package/dist/dev/trace-server.d.ts +8 -0
  128. package/dist/dev/trace-server.js +38 -0
  129. package/dist/dev/trace-ui.d.ts +4 -0
  130. package/dist/dev/trace-ui.js +25 -0
  131. package/dist/dev/wiremock-up.d.ts +15 -0
  132. package/dist/dev/wiremock-up.js +118 -0
  133. package/dist/doctor-completion.d.ts +17 -0
  134. package/dist/doctor-completion.js +428 -0
  135. package/dist/gateway-url.d.ts +7 -0
  136. package/dist/gateway-url.js +69 -0
  137. package/dist/index.d.ts +119 -2
  138. package/dist/index.js +267 -6
  139. package/dist/init.js +374 -57
  140. package/dist/langgraph/awrap-tool-call.d.ts +25 -0
  141. package/dist/langgraph/awrap-tool-call.js +81 -0
  142. package/dist/langgraph/config.d.ts +13 -0
  143. package/dist/langgraph/config.js +11 -0
  144. package/dist/langgraph/index.d.ts +4 -0
  145. package/dist/langgraph/index.js +4 -0
  146. package/dist/langgraph/sandbox-demo.d.ts +40 -0
  147. package/dist/langgraph/sandbox-demo.js +96 -0
  148. package/dist/langgraph/tool-node.d.ts +10 -0
  149. package/dist/langgraph/tool-node.js +38 -0
  150. package/dist/login.js +7 -0
  151. package/dist/mcp/index.d.ts +1 -0
  152. package/dist/mcp/index.js +1 -0
  153. package/dist/mcp/tool-surface.d.ts +25 -0
  154. package/dist/mcp/tool-surface.js +17 -0
  155. package/dist/mcp-capability-token-cache.d.ts +24 -0
  156. package/dist/mcp-capability-token-cache.js +101 -0
  157. package/dist/mcp-evidence-policy.d.ts +48 -0
  158. package/dist/mcp-evidence-policy.js +117 -0
  159. package/dist/mcp-policy-reload.d.ts +79 -0
  160. package/dist/mcp-policy-reload.js +200 -0
  161. package/dist/mcp-sep2828-evidence.d.ts +36 -0
  162. package/dist/mcp-sep2828-evidence.js +65 -0
  163. package/dist/mcp-server.d.ts +6 -0
  164. package/dist/mcp-server.js +224 -44
  165. package/dist/openai-agents/index.d.ts +40 -0
  166. package/dist/openai-agents/index.js +151 -0
  167. package/dist/openai-agents/sandbox-demo.d.ts +34 -0
  168. package/dist/openai-agents/sandbox-demo.js +118 -0
  169. package/dist/payee-evidence.js +2 -29
  170. package/dist/policy/catalog.d.ts +31 -0
  171. package/dist/policy/catalog.js +48 -0
  172. package/dist/policy/compose-utils.d.ts +3 -0
  173. package/dist/policy/compose-utils.js +4 -0
  174. package/dist/policy/compose.d.ts +20 -0
  175. package/dist/policy/compose.js +240 -0
  176. package/dist/policy/digest.d.ts +7 -0
  177. package/dist/policy/digest.js +75 -0
  178. package/dist/policy/domain.d.ts +15 -0
  179. package/dist/policy/domain.js +28 -0
  180. package/dist/policy/guardrail-spec.d.ts +17 -0
  181. package/dist/policy/guardrail-spec.js +140 -0
  182. package/dist/policy/guardrails.d.ts +48 -0
  183. package/dist/policy/guardrails.js +72 -0
  184. package/dist/policy/index.d.ts +21 -0
  185. package/dist/policy/index.js +21 -0
  186. package/dist/policy/init.d.ts +102 -0
  187. package/dist/policy/init.js +351 -0
  188. package/dist/policy/intent-spec.d.ts +52 -0
  189. package/dist/policy/intent-spec.js +176 -0
  190. package/dist/policy/json-path.d.ts +4 -0
  191. package/dist/policy/json-path.js +23 -0
  192. package/dist/policy/layers-io.d.ts +7 -0
  193. package/dist/policy/layers-io.js +28 -0
  194. package/dist/policy/load-effective.d.ts +22 -0
  195. package/dist/policy/load-effective.js +77 -0
  196. package/dist/policy/load.d.ts +85 -0
  197. package/dist/policy/load.js +164 -0
  198. package/dist/policy/merge.d.ts +29 -0
  199. package/dist/policy/merge.js +297 -0
  200. package/dist/policy/parse-text.d.ts +2 -0
  201. package/dist/policy/parse-text.js +126 -0
  202. package/dist/policy/policy-api.d.ts +45 -0
  203. package/dist/policy/policy-api.js +61 -0
  204. package/dist/policy/presets.d.ts +19 -0
  205. package/dist/policy/presets.js +66 -0
  206. package/dist/policy/registry.d.ts +7 -0
  207. package/dist/policy/registry.js +33 -0
  208. package/dist/policy/reload.d.ts +86 -0
  209. package/dist/policy/reload.js +233 -0
  210. package/dist/policy/render-yaml.d.ts +3 -0
  211. package/dist/policy/render-yaml.js +69 -0
  212. package/dist/policy/sandbox-bootstrap.d.ts +19 -0
  213. package/dist/policy/sandbox-bootstrap.js +66 -0
  214. package/dist/policy/schema.d.ts +204 -0
  215. package/dist/policy/schema.js +255 -0
  216. package/dist/policy/snapshot.d.ts +33 -0
  217. package/dist/policy/snapshot.js +23 -0
  218. package/dist/policy/validate-remote.d.ts +43 -0
  219. package/dist/policy/validate-remote.js +104 -0
  220. package/dist/policy/validate.d.ts +36 -0
  221. package/dist/policy/validate.js +150 -0
  222. package/dist/policy/watcher.d.ts +29 -0
  223. package/dist/policy/watcher.js +112 -0
  224. package/dist/principal-intent.d.ts +52 -0
  225. package/dist/principal-intent.js +193 -37
  226. package/dist/project-init.d.ts +34 -0
  227. package/dist/project-init.js +898 -0
  228. package/dist/sep2828-signature.d.ts +10 -0
  229. package/dist/sep2828-signature.js +134 -0
  230. package/dist/solutions/api.d.ts +22 -0
  231. package/dist/solutions/api.js +40 -0
  232. package/dist/solutions/catalog.d.ts +34 -0
  233. package/dist/solutions/catalog.js +129 -0
  234. package/dist/solutions/index.d.ts +2 -0
  235. package/dist/solutions/index.js +2 -0
  236. package/dist/template-init.d.ts +54 -0
  237. package/dist/template-init.js +203 -0
  238. package/dist/vercel-ai/config.d.ts +15 -0
  239. package/dist/vercel-ai/config.js +13 -0
  240. package/dist/vercel-ai/index.d.ts +4 -0
  241. package/dist/vercel-ai/index.js +4 -0
  242. package/dist/vercel-ai/sandbox-demo.d.ts +44 -0
  243. package/dist/vercel-ai/sandbox-demo.js +153 -0
  244. package/dist/vercel-ai/tool-approval.d.ts +16 -0
  245. package/dist/vercel-ai/tool-approval.js +41 -0
  246. package/dist/vercel-ai/wrap-tools.d.ts +9 -0
  247. package/dist/vercel-ai/wrap-tools.js +40 -0
  248. package/dist/x402-receipt-evidence.d.ts +29 -0
  249. package/dist/x402-receipt-evidence.js +97 -0
  250. package/dist/x402-receipt-signature.d.ts +12 -0
  251. package/dist/x402-receipt-signature.js +211 -0
  252. package/package.json +75 -3
  253. package/solutions/aws.json +17 -0
  254. package/solutions/saas.json +17 -0
  255. package/solutions/shopping.json +17 -0
  256. package/solutions/travel.json +18 -0
  257. package/templates/manifest.json +169 -0
  258. package/templates/openai-shopping-agent/.env.example +3 -0
  259. package/templates/openai-shopping-agent/.github/workflows/smoke.yml +20 -0
  260. package/templates/openai-shopping-agent/LICENSE +201 -0
  261. package/templates/openai-shopping-agent/README.md +29 -0
  262. package/templates/openai-shopping-agent/package-lock.json +1525 -0
  263. package/templates/openai-shopping-agent/package.json +22 -0
  264. package/templates/openai-shopping-agent/paybond.policy.yaml +22 -0
  265. package/templates/openai-shopping-agent/src/index.ts +22 -0
  266. package/templates/openai-shopping-agent/src/paybond.config.ts +51 -0
  267. package/templates/openai-shopping-agent/tsconfig.json +13 -0
  268. package/templates/paybond-aws-operator/.env.example +3 -0
  269. package/templates/paybond-aws-operator/.github/workflows/smoke.yml +20 -0
  270. package/templates/paybond-aws-operator/LICENSE +201 -0
  271. package/templates/paybond-aws-operator/README.md +29 -0
  272. package/templates/paybond-aws-operator/package-lock.json +151 -0
  273. package/templates/paybond-aws-operator/package.json +20 -0
  274. package/templates/paybond-aws-operator/paybond.policy.yaml +22 -0
  275. package/templates/paybond-aws-operator/src/index.ts +54 -0
  276. package/templates/paybond-aws-operator/src/paybond.config.ts +51 -0
  277. package/templates/paybond-aws-operator/tsconfig.json +13 -0
  278. package/templates/paybond-claude-agents-demo/.env.example +3 -0
  279. package/templates/paybond-claude-agents-demo/.github/workflows/smoke.yml +20 -0
  280. package/templates/paybond-claude-agents-demo/LICENSE +201 -0
  281. package/templates/paybond-claude-agents-demo/README.md +29 -0
  282. package/templates/paybond-claude-agents-demo/package-lock.json +1489 -0
  283. package/templates/paybond-claude-agents-demo/package.json +22 -0
  284. package/templates/paybond-claude-agents-demo/paybond.policy.yaml +22 -0
  285. package/templates/paybond-claude-agents-demo/src/index.ts +22 -0
  286. package/templates/paybond-claude-agents-demo/src/paybond.config.ts +51 -0
  287. package/templates/paybond-claude-agents-demo/tsconfig.json +13 -0
  288. package/templates/paybond-invoice-agent/.env.example +3 -0
  289. package/templates/paybond-invoice-agent/.github/workflows/smoke.yml +19 -0
  290. package/templates/paybond-invoice-agent/LICENSE +201 -0
  291. package/templates/paybond-invoice-agent/README.md +29 -0
  292. package/templates/paybond-invoice-agent/app.py +27 -0
  293. package/templates/paybond-invoice-agent/package.json +6 -0
  294. package/templates/paybond-invoice-agent/paybond.policy.yaml +22 -0
  295. package/templates/paybond-invoice-agent/paybond_config.py +45 -0
  296. package/templates/paybond-invoice-agent/requirements.txt +2 -0
  297. package/templates/paybond-mcp-coding-agent/.env.example +3 -0
  298. package/templates/paybond-mcp-coding-agent/.github/workflows/smoke.yml +20 -0
  299. package/templates/paybond-mcp-coding-agent/LICENSE +201 -0
  300. package/templates/paybond-mcp-coding-agent/README.md +39 -0
  301. package/templates/paybond-mcp-coding-agent/package-lock.json +151 -0
  302. package/templates/paybond-mcp-coding-agent/package.json +20 -0
  303. package/templates/paybond-mcp-coding-agent/paybond.policy.yaml +25 -0
  304. package/templates/paybond-mcp-coding-agent/src/index.ts +40 -0
  305. package/templates/paybond-mcp-coding-agent/src/paybond.config.ts +51 -0
  306. package/templates/paybond-mcp-coding-agent/tsconfig.json +13 -0
  307. package/templates/paybond-openai-agents-demo/.env.example +3 -0
  308. package/templates/paybond-openai-agents-demo/.github/workflows/smoke.yml +20 -0
  309. package/templates/paybond-openai-agents-demo/LICENSE +201 -0
  310. package/templates/paybond-openai-agents-demo/README.md +29 -0
  311. package/templates/paybond-openai-agents-demo/package-lock.json +1525 -0
  312. package/templates/paybond-openai-agents-demo/package.json +22 -0
  313. package/templates/paybond-openai-agents-demo/paybond.policy.yaml +22 -0
  314. package/templates/paybond-openai-agents-demo/src/index.ts +22 -0
  315. package/templates/paybond-openai-agents-demo/src/paybond.config.ts +51 -0
  316. package/templates/paybond-openai-agents-demo/tsconfig.json +13 -0
  317. package/templates/paybond-procurement-agent/.env.example +3 -0
  318. package/templates/paybond-procurement-agent/.github/workflows/smoke.yml +20 -0
  319. package/templates/paybond-procurement-agent/LICENSE +201 -0
  320. package/templates/paybond-procurement-agent/README.md +29 -0
  321. package/templates/paybond-procurement-agent/package-lock.json +151 -0
  322. package/templates/paybond-procurement-agent/package.json +20 -0
  323. package/templates/paybond-procurement-agent/paybond.policy.yaml +25 -0
  324. package/templates/paybond-procurement-agent/src/index.ts +54 -0
  325. package/templates/paybond-procurement-agent/src/paybond.config.ts +51 -0
  326. package/templates/paybond-procurement-agent/tsconfig.json +13 -0
  327. package/templates/paybond-travel-agent/.env.example +3 -0
  328. package/templates/paybond-travel-agent/.github/workflows/smoke.yml +20 -0
  329. package/templates/paybond-travel-agent/LICENSE +201 -0
  330. package/templates/paybond-travel-agent/README.md +29 -0
  331. package/templates/paybond-travel-agent/package-lock.json +444 -0
  332. package/templates/paybond-travel-agent/package.json +23 -0
  333. package/templates/paybond-travel-agent/paybond.policy.yaml +22 -0
  334. package/templates/paybond-travel-agent/src/index.ts +22 -0
  335. package/templates/paybond-travel-agent/src/paybond.config.ts +51 -0
  336. package/templates/paybond-travel-agent/tsconfig.json +13 -0
  337. package/templates/paybond-vercel-shopping-agent/.env.example +3 -0
  338. package/templates/paybond-vercel-shopping-agent/.github/workflows/smoke.yml +20 -0
  339. package/templates/paybond-vercel-shopping-agent/LICENSE +201 -0
  340. package/templates/paybond-vercel-shopping-agent/README.md +29 -0
  341. package/templates/paybond-vercel-shopping-agent/package-lock.json +265 -0
  342. package/templates/paybond-vercel-shopping-agent/package.json +22 -0
  343. package/templates/paybond-vercel-shopping-agent/paybond.policy.yaml +22 -0
  344. package/templates/paybond-vercel-shopping-agent/src/index.ts +22 -0
  345. package/templates/paybond-vercel-shopping-agent/src/paybond.config.ts +51 -0
  346. package/templates/paybond-vercel-shopping-agent/tsconfig.json +13 -0
@@ -0,0 +1,301 @@
1
+ import { PaybondToolInterceptor } from "./interceptor.js";
2
+ import { PaybondAgentRunBindError, } from "./types.js";
3
+ import { reloadPolicyOnRun, } from "../policy/reload.js";
4
+ import { PaybondPolicyReloadController } from "../policy/watcher.js";
5
+ import { resolveDevTraceSink } from "../dev/trace-buffer.js";
6
+ function newRunId(explicit) {
7
+ const trimmed = explicit?.trim();
8
+ if (trimmed) {
9
+ return trimmed;
10
+ }
11
+ return globalThis.crypto.randomUUID();
12
+ }
13
+ function readAllowedTools(intent) {
14
+ const raw = intent.allowed_tools;
15
+ if (!Array.isArray(raw)) {
16
+ return [];
17
+ }
18
+ return raw.filter((entry) => typeof entry === "string" && entry.trim().length > 0);
19
+ }
20
+ function normalizeProductionEvidence(raw, sandbox) {
21
+ if (sandbox !== undefined) {
22
+ return undefined;
23
+ }
24
+ if (!raw) {
25
+ throw new PaybondAgentRunBindError("attach.productionEvidence is required for production auto-evidence submission");
26
+ }
27
+ const payeeDid = raw.payeeDid.trim();
28
+ const agentRecognitionKeyId = raw.agentRecognitionKeyId.trim();
29
+ if (!payeeDid) {
30
+ throw new PaybondAgentRunBindError("attach.productionEvidence requires a payee identity");
31
+ }
32
+ if (!agentRecognitionKeyId) {
33
+ throw new PaybondAgentRunBindError("attach.productionEvidence.agentRecognitionKeyId must be non-empty");
34
+ }
35
+ if (raw.payeeSigningSeed.length !== 32) {
36
+ throw new PaybondAgentRunBindError("attach.productionEvidence.payeeSigningSeed must be 32 bytes");
37
+ }
38
+ if (raw.agentRecognitionSigningSeed.length !== 32) {
39
+ throw new PaybondAgentRunBindError("attach.productionEvidence.agentRecognitionSigningSeed must be 32 bytes");
40
+ }
41
+ return {
42
+ payeeDid,
43
+ payeeSigningSeed: raw.payeeSigningSeed,
44
+ agentRecognitionKeyId,
45
+ agentRecognitionSigningSeed: raw.agentRecognitionSigningSeed,
46
+ };
47
+ }
48
+ function assertExclusiveBindMode(input) {
49
+ const hasBootstrap = input.bootstrap !== undefined;
50
+ const hasAttach = input.attach !== undefined;
51
+ if (hasBootstrap === hasAttach) {
52
+ throw new PaybondAgentRunBindError("agent run bind requires exactly one of bootstrap or attach");
53
+ }
54
+ }
55
+ async function resolveAttachBinding(paybond, attach) {
56
+ const intentId = attach.intentId.trim();
57
+ const capabilityToken = attach.capabilityToken.trim();
58
+ if (!intentId) {
59
+ throw new PaybondAgentRunBindError("attach.intentId must be non-empty");
60
+ }
61
+ if (!capabilityToken) {
62
+ throw new PaybondAgentRunBindError("attach.capabilityToken must be non-empty");
63
+ }
64
+ let allowedTools = attach.allowedTools;
65
+ if (allowedTools === undefined) {
66
+ const intent = await paybond.harbor.getIntent(intentId);
67
+ allowedTools = readAllowedTools(intent);
68
+ }
69
+ if (allowedTools.length === 0) {
70
+ throw new PaybondAgentRunBindError(`attach: intent ${intentId} has no allowed_tools; pass attach.allowedTools explicitly`);
71
+ }
72
+ return { intentId, capabilityToken, allowedTools };
73
+ }
74
+ async function resolveSandboxBootstrap(paybond, bootstrap) {
75
+ if (bootstrap.kind !== "sandbox") {
76
+ throw new PaybondAgentRunBindError('bootstrap.kind must be "sandbox"');
77
+ }
78
+ const operation = bootstrap.operation.trim();
79
+ if (!operation) {
80
+ throw new PaybondAgentRunBindError("bootstrap.operation must be non-empty");
81
+ }
82
+ if (!Number.isFinite(bootstrap.requestedSpendCents) || bootstrap.requestedSpendCents < 0) {
83
+ throw new PaybondAgentRunBindError("bootstrap.requestedSpendCents must be a non-negative number");
84
+ }
85
+ const bootstrapResult = await paybond.guardrails.bootstrapSandbox({
86
+ operation,
87
+ requestedSpendCents: bootstrap.requestedSpendCents,
88
+ currency: bootstrap.currency,
89
+ evidenceSchema: bootstrap.evidenceSchema,
90
+ metadata: bootstrap.metadata,
91
+ idempotencyKey: bootstrap.idempotencyKey,
92
+ completionPreset: bootstrap.completionPreset,
93
+ templateId: bootstrap.templateId,
94
+ parameters: bootstrap.parameters,
95
+ });
96
+ return {
97
+ binding: {
98
+ intentId: bootstrapResult.intent_id,
99
+ capabilityToken: bootstrapResult.capability_token,
100
+ allowedTools: [bootstrapResult.operation],
101
+ sandbox: {
102
+ operation: bootstrapResult.operation,
103
+ requestedSpendCents: bootstrapResult.requested_spend_cents,
104
+ sandboxLifecycleStatus: bootstrapResult.sandbox_lifecycle_status,
105
+ },
106
+ },
107
+ };
108
+ }
109
+ /**
110
+ * Run-scoped agent middleware context for one agent task.
111
+ * Bind once per run; do not share across concurrent agent tasks.
112
+ */
113
+ export class PaybondAgentRun {
114
+ _currentSnapshot;
115
+ binding;
116
+ interceptor;
117
+ policyFilePath;
118
+ reloadController;
119
+ approvalTokens = new Map();
120
+ listeners = new Map();
121
+ constructor(binding, host, _currentSnapshot, policyFilePath) {
122
+ this._currentSnapshot = _currentSnapshot;
123
+ this.binding = binding;
124
+ this.interceptor = new PaybondToolInterceptor(binding, host);
125
+ this.policyFilePath = policyFilePath;
126
+ }
127
+ /** Start file watcher and/or Gateway poll reload (called from bind when `reload` is set). */
128
+ startPolicyReload(config) {
129
+ if (!this.policyFilePath) {
130
+ throw new Error("startPolicyReload requires policyFilePath from bind");
131
+ }
132
+ this.stopPolicyReload();
133
+ const runner = {
134
+ reloadPolicy: (options) => this.reloadPolicy(options),
135
+ };
136
+ this.reloadController = PaybondPolicyReloadController.start(runner, config, this.policyFilePath);
137
+ }
138
+ /** Active policy snapshot for this run (undefined when bind omitted policy tracking). */
139
+ get currentSnapshot() {
140
+ return this._currentSnapshot;
141
+ }
142
+ /** `sha256:<hex>` digest of the active policy snapshot, when tracked. */
143
+ get policyDigest() {
144
+ return this._currentSnapshot?.digest;
145
+ }
146
+ /** `{policy_name}@{digest_short}` version label of the active snapshot. */
147
+ get policyVersion() {
148
+ return this._currentSnapshot?.version;
149
+ }
150
+ /** RFC3339 timestamp when the active policy snapshot was loaded. */
151
+ get policyLoadedAt() {
152
+ return this._currentSnapshot?.loadedAt;
153
+ }
154
+ /** Active in-flight authorize/execute cycles (blocks policy reload until zero). */
155
+ get inFlightCount() {
156
+ return this.interceptor.inFlightCount;
157
+ }
158
+ get runId() {
159
+ return this.binding.runId;
160
+ }
161
+ get tenantId() {
162
+ return this.binding.tenantId;
163
+ }
164
+ get intentId() {
165
+ return this.binding.intentId;
166
+ }
167
+ get capabilityToken() {
168
+ return this.binding.capabilityToken;
169
+ }
170
+ get guard() {
171
+ return this.binding.guard;
172
+ }
173
+ get registry() {
174
+ return this.binding.registry;
175
+ }
176
+ get allowedTools() {
177
+ return this.binding.allowedTools;
178
+ }
179
+ /** Subscribe to policy reload lifecycle events. */
180
+ on(event, listener) {
181
+ let set = this.listeners.get(event);
182
+ if (!set) {
183
+ set = new Set();
184
+ this.listeners.set(event, set);
185
+ }
186
+ set.add(listener);
187
+ }
188
+ /** Unsubscribe from policy reload lifecycle events. */
189
+ off(event, listener) {
190
+ this.listeners.get(event)?.delete(listener);
191
+ }
192
+ emit(event, payload) {
193
+ for (const listener of this.listeners.get(event) ?? []) {
194
+ listener(payload);
195
+ }
196
+ }
197
+ /** Atomically swap registry and snapshot on the run binding (Tier 7 hot-reload). */
198
+ applyPolicySnapshot(snapshot) {
199
+ this.binding.registry = snapshot.registry;
200
+ this.binding.policySnapshot = snapshot;
201
+ this._currentSnapshot = snapshot;
202
+ }
203
+ /** Reload policy from disk or Gateway effective resolution without re-binding the run. */
204
+ async reloadPolicy(options = {}) {
205
+ try {
206
+ const result = await reloadPolicyOnRun(this, options);
207
+ if (result.applied && result.previousDigest && result.newDigest) {
208
+ this.emit("policyReloaded", {
209
+ previousDigest: result.previousDigest,
210
+ newDigest: result.newDigest,
211
+ });
212
+ }
213
+ return result;
214
+ }
215
+ catch (error) {
216
+ const err = error instanceof Error ? error : new Error(String(error));
217
+ this.emit("policyReloadFailed", { error: err });
218
+ throw error;
219
+ }
220
+ }
221
+ /** Stop background reload watchers started at bind time. */
222
+ stopPolicyReload() {
223
+ this.reloadController?.stop();
224
+ }
225
+ /** Store an operator approval token for retry after a Harbor approval hold. */
226
+ storeApprovalToken(toolCallId, token) {
227
+ const id = toolCallId.trim();
228
+ const value = token.trim();
229
+ if (!id) {
230
+ throw new Error("toolCallId must be non-empty");
231
+ }
232
+ if (!value) {
233
+ throw new Error("approval token must be non-empty");
234
+ }
235
+ this.approvalTokens.set(id, value);
236
+ }
237
+ /** Read a stored approval token for a tool call retry. */
238
+ getApprovalToken(toolCallId) {
239
+ return this.approvalTokens.get(toolCallId.trim());
240
+ }
241
+ /** Bind a run-scoped middleware context via sandbox bootstrap or attach. */
242
+ static async bind(paybond, input) {
243
+ assertExclusiveBindMode(input);
244
+ const runId = newRunId(input.runId);
245
+ const tenantId = paybond.harbor.tenantId;
246
+ let intentId;
247
+ let capabilityToken;
248
+ let allowedTools;
249
+ let sandbox;
250
+ let productionEvidence;
251
+ if (input.bootstrap !== undefined) {
252
+ const resolved = await resolveSandboxBootstrap(paybond, input.bootstrap);
253
+ intentId = resolved.binding.intentId;
254
+ capabilityToken = resolved.binding.capabilityToken;
255
+ allowedTools = resolved.binding.allowedTools;
256
+ sandbox = resolved.binding.sandbox;
257
+ productionEvidence = undefined;
258
+ }
259
+ else {
260
+ const resolved = await resolveAttachBinding(paybond, input.attach);
261
+ intentId = resolved.intentId;
262
+ capabilityToken = resolved.capabilityToken;
263
+ allowedTools = resolved.allowedTools;
264
+ sandbox = input.attach.sandbox;
265
+ productionEvidence = normalizeProductionEvidence(input.attach.productionEvidence, sandbox);
266
+ }
267
+ const snapshot = input.policySnapshot;
268
+ const registry = snapshot?.registry ?? input.registry;
269
+ registry.validateForBind(allowedTools);
270
+ const guard = paybond.spendGuard(intentId, capabilityToken);
271
+ const binding = {
272
+ runId,
273
+ tenantId,
274
+ intentId,
275
+ capabilityToken,
276
+ guard,
277
+ registry,
278
+ allowedTools,
279
+ sandbox,
280
+ productionEvidence,
281
+ policySnapshot: snapshot,
282
+ onTrace: input.traceSink ?? input.onTrace ?? resolveDevTraceSink(),
283
+ };
284
+ const policyFilePath = input.policyFile?.trim();
285
+ const run = new PaybondAgentRun(binding, paybond, snapshot, policyFilePath);
286
+ if (input.reload && policyFilePath) {
287
+ run.startPolicyReload(input.reload);
288
+ }
289
+ return run;
290
+ }
291
+ }
292
+ /** Facade exposed as `paybond.agentRun`. */
293
+ export class PaybondAgentRunFacade {
294
+ paybond;
295
+ constructor(paybond) {
296
+ this.paybond = paybond;
297
+ }
298
+ bind(input) {
299
+ return PaybondAgentRun.bind(this.paybond, input);
300
+ }
301
+ }
@@ -0,0 +1,318 @@
1
+ /** Context passed to evidence mappers after a successful side-effecting tool call. */
2
+ export type PaybondToolCallContext = {
3
+ toolName: string;
4
+ toolCallId: string;
5
+ operation: string;
6
+ arguments: unknown;
7
+ };
8
+ /** Resolve requested spend from tool arguments at intercept time. */
9
+ export type PaybondSpendResolver<TArgs = unknown> = (args: TArgs) => number | undefined;
10
+ /** Customize auto-evidence payload extraction from a tool result. */
11
+ export type PaybondEvidenceMapper<TResult = unknown> = (result: TResult, ctx: PaybondToolCallContext) => Record<string, unknown>;
12
+ /** Policy for one registered side-effecting tool. */
13
+ export type PaybondSideEffectingToolPolicy<TArgs = unknown, TResult = unknown> = {
14
+ /** Harbor `allowed_tools` operation; defaults to the registry key (tool name). */
15
+ operation?: string;
16
+ spendCents?: number | PaybondSpendResolver<TArgs>;
17
+ /** Required completion catalog preset id for auto-evidence. */
18
+ evidencePreset: string;
19
+ evidenceMapper?: PaybondEvidenceMapper<TResult>;
20
+ };
21
+ export type PaybondToolRegistryConfig = {
22
+ sideEffecting?: Record<string, PaybondSideEffectingToolPolicy>;
23
+ /** When true, deny tool calls whose operation is in intent allowedTools but missing from the registry. */
24
+ defaultDeny?: boolean;
25
+ };
26
+ export type PaybondSideEffectingToolEntry = {
27
+ toolName: string;
28
+ operation: string;
29
+ spendCents?: number | PaybondSpendResolver;
30
+ evidencePreset: string;
31
+ evidenceMapper?: PaybondEvidenceMapper;
32
+ };
33
+ export type PaybondToolResolution = {
34
+ kind: "passthrough";
35
+ toolName: string;
36
+ } | {
37
+ kind: "side_effecting";
38
+ toolName: string;
39
+ operation: string;
40
+ entry: PaybondSideEffectingToolEntry;
41
+ } | {
42
+ kind: "denied";
43
+ toolName: string;
44
+ operation: string;
45
+ reason: "unregistered_side_effecting";
46
+ };
47
+ export declare class PaybondToolRegistryValidationError extends Error {
48
+ constructor(message: string);
49
+ }
50
+ import type { PaybondToolRegistry } from "./registry.js";
51
+ import type { PaybondPolicySnapshot } from "../policy/snapshot.js";
52
+ import type { PaybondPolicyReloadBindConfig } from "../policy/reload.js";
53
+ /** Spend authorization input forwarded to the run-bound guard. */
54
+ export type PaybondRunGuardAuthInput = {
55
+ operation: string;
56
+ requestedSpendCents?: number;
57
+ vendorId?: string;
58
+ taskId?: string;
59
+ workflowId?: string;
60
+ toolCallId?: string;
61
+ toolName?: string;
62
+ currency?: string;
63
+ agentSubject?: string;
64
+ approvalToken?: string;
65
+ idempotencyKey?: string;
66
+ };
67
+ /** Spend authorization result from Harbor verify. */
68
+ export type PaybondRunGuardAuthResult = {
69
+ allow: boolean;
70
+ auditId: string;
71
+ decisionId?: string;
72
+ approvalRequired?: boolean;
73
+ };
74
+ /** Sandbox bootstrap input for {@link PaybondAgentRun.bind}. */
75
+ export type PaybondRunBindingSandboxBootstrapInput = {
76
+ kind: "sandbox";
77
+ operation: string;
78
+ requestedSpendCents: number;
79
+ currency?: string;
80
+ evidenceSchema?: Record<string, unknown>;
81
+ metadata?: Record<string, unknown>;
82
+ idempotencyKey?: string;
83
+ completionPreset?: string;
84
+ templateId?: string;
85
+ parameters?: Record<string, unknown>;
86
+ };
87
+ /** Ed25519 credentials for production auto-evidence (payee binding + agent recognition proof). */
88
+ export type PaybondRunProductionEvidenceCredentials = {
89
+ payeeDid: string;
90
+ /** 32-byte Ed25519 seed matching the payee key bound on the intent. */
91
+ payeeSigningSeed: Uint8Array;
92
+ /** Tenant-registered trusted agent key id for recognition proofs. */
93
+ agentRecognitionKeyId: string;
94
+ /** 32-byte Ed25519 seed matching `agentRecognitionKeyId` in the trusted agent key registry. */
95
+ agentRecognitionSigningSeed: Uint8Array;
96
+ };
97
+ /** Attach an existing funded intent for {@link PaybondAgentRun.bind}. */
98
+ export type PaybondRunBindingAttachInput = {
99
+ intentId: string;
100
+ capabilityToken: string;
101
+ /** When omitted, allowed tools are loaded from Harbor for the bound intent. */
102
+ allowedTools?: readonly string[];
103
+ /** Rehydrate sandbox guardrails evidence routing for attach binds (for example CLI run store). */
104
+ sandbox?: PaybondRunBinding["sandbox"];
105
+ /** Required for production attach binds that submit auto-evidence through Gateway Harbor. */
106
+ productionEvidence?: PaybondRunProductionEvidenceCredentials;
107
+ };
108
+ /** Spend guard handle stored on a run binding for interceptors. */
109
+ export type PaybondRunGuard = {
110
+ assertSpendAuthorized(input: PaybondRunGuardAuthInput): Promise<PaybondRunGuardAuthResult>;
111
+ completeSpendAuthorization(decisionId: string, outcome: "consumed" | "released"): Promise<void>;
112
+ };
113
+ export type PaybondInterceptEvidenceResult = {
114
+ submitted: true;
115
+ intentId: string;
116
+ predicatePassed?: boolean | null;
117
+ sandboxLifecycleStatus?: string;
118
+ intentState?: string;
119
+ };
120
+ export type PaybondInterceptWrapExecuteResult<TResult> = {
121
+ toolResult: TResult;
122
+ authorization?: {
123
+ allow: true;
124
+ auditId?: string;
125
+ decisionId?: string;
126
+ policyDigest?: string;
127
+ };
128
+ evidence?: PaybondInterceptEvidenceResult;
129
+ };
130
+ export type PaybondInterceptWrapExecuteInput<TResult> = {
131
+ toolName: string;
132
+ toolCallId: string;
133
+ arguments: unknown;
134
+ execute: () => TResult | Promise<TResult>;
135
+ operation?: string;
136
+ requestedSpendCents?: number;
137
+ vendorId?: string;
138
+ taskId?: string;
139
+ workflowId?: string;
140
+ currency?: string;
141
+ agentSubject?: string;
142
+ approvalToken?: string;
143
+ idempotencyKey?: string;
144
+ };
145
+ /** Authorize-only input for pre-execution guard evaluation (no execute, no evidence). */
146
+ export type PaybondAuthorizeToolCallInput = {
147
+ toolName: string;
148
+ toolCallId: string;
149
+ arguments: unknown;
150
+ operation?: string;
151
+ requestedSpendCents?: number;
152
+ vendorId?: string;
153
+ taskId?: string;
154
+ workflowId?: string;
155
+ currency?: string;
156
+ agentSubject?: string;
157
+ approvalToken?: string;
158
+ idempotencyKey?: string;
159
+ };
160
+ export type PaybondToolInputGuardAllowDecision = {
161
+ kind: "allow";
162
+ /** True when the tool is read-only and Harbor verify was skipped. */
163
+ passthrough?: boolean;
164
+ operation?: string;
165
+ auditId?: string;
166
+ decisionId?: string;
167
+ /** Policy digest pinned at authorize time for audit (Tier 7). */
168
+ policyDigest?: string;
169
+ };
170
+ export type PaybondToolInputGuardDenyDecision = {
171
+ kind: "deny";
172
+ message: string;
173
+ operation?: string;
174
+ auditId?: string;
175
+ code?: string;
176
+ };
177
+ export type PaybondToolInputGuardApprovalRequiredDecision = {
178
+ kind: "approval_required";
179
+ message: string;
180
+ operation?: string;
181
+ auditId?: string;
182
+ code?: string;
183
+ };
184
+ /** Framework-neutral pre-execution spend decision. */
185
+ export type PaybondToolInputGuardDecision = PaybondToolInputGuardAllowDecision | PaybondToolInputGuardDenyDecision | PaybondToolInputGuardApprovalRequiredDecision;
186
+ /** Structured middleware trace event (dev observability; opt-in via {@link PaybondAgentRunBindInput.traceSink}). */
187
+ export type PaybondTraceToolSelectedEvent = {
188
+ type: "tool_selected";
189
+ runId: string;
190
+ toolName: string;
191
+ toolCallId: string;
192
+ operation: string;
193
+ recordedAt: string;
194
+ };
195
+ export type PaybondTraceSpendAuthorizedEvent = {
196
+ type: "spend_authorized";
197
+ runId: string;
198
+ toolCallId: string;
199
+ operation: string;
200
+ auditId: string;
201
+ decisionId?: string;
202
+ amountCents: number;
203
+ recordedAt: string;
204
+ };
205
+ export type PaybondTraceSpendDeniedEvent = {
206
+ type: "spend_denied";
207
+ runId: string;
208
+ toolCallId: string;
209
+ operation: string;
210
+ message: string;
211
+ auditId?: string;
212
+ code?: string;
213
+ recordedAt: string;
214
+ };
215
+ export type PaybondTraceApprovalRequiredEvent = {
216
+ type: "approval_required";
217
+ runId: string;
218
+ toolCallId: string;
219
+ operation: string;
220
+ message: string;
221
+ auditId?: string;
222
+ code?: string;
223
+ recordedAt: string;
224
+ };
225
+ export type PaybondTraceToolExecutedEvent = {
226
+ type: "tool_executed";
227
+ runId: string;
228
+ toolCallId: string;
229
+ operation: string;
230
+ durationMs: number;
231
+ recordedAt: string;
232
+ };
233
+ export type PaybondTraceEvidenceSubmittedEvent = {
234
+ type: "evidence_submitted";
235
+ runId: string;
236
+ toolCallId: string;
237
+ operation: string;
238
+ evidenceId: string;
239
+ presetId: string;
240
+ /** @deprecated Use {@link PaybondTraceEvidenceSubmittedEvent.presetId}. */
241
+ evidencePreset?: string;
242
+ sandboxLifecycleStatus?: string;
243
+ predicatePassed?: boolean | null;
244
+ recordedAt: string;
245
+ };
246
+ export type PaybondTraceSpendFinalizedEvent = {
247
+ type: "spend_finalized";
248
+ runId: string;
249
+ toolCallId: string;
250
+ operation: string;
251
+ status: "consumed" | "released";
252
+ recordedAt: string;
253
+ };
254
+ export type PaybondTraceEvent = PaybondTraceToolSelectedEvent | PaybondTraceSpendAuthorizedEvent | PaybondTraceSpendDeniedEvent | PaybondTraceApprovalRequiredEvent | PaybondTraceToolExecutedEvent | PaybondTraceEvidenceSubmittedEvent | PaybondTraceSpendFinalizedEvent;
255
+ /** Optional dev observability sink; not enabled in production binds by default. */
256
+ export type PaybondTraceSink = (event: PaybondTraceEvent) => void;
257
+ /** Run-scoped middleware context: one intent + capability per agent task. */
258
+ export type PaybondRunBinding = {
259
+ runId: string;
260
+ tenantId: string;
261
+ intentId: string;
262
+ capabilityToken: string;
263
+ guard: PaybondRunGuard;
264
+ /** Mutable for Tier 7 hot-reload registry swap. */
265
+ registry: PaybondToolRegistry;
266
+ allowedTools: readonly string[];
267
+ sandbox?: {
268
+ operation: string;
269
+ requestedSpendCents: number;
270
+ sandboxLifecycleStatus: string;
271
+ };
272
+ /** Production attach credentials for signed payee evidence and recognition proofs. */
273
+ productionEvidence?: PaybondRunProductionEvidenceCredentials;
274
+ /** Mutable for Tier 7 hot-reload registry swap. */
275
+ policySnapshot?: PaybondPolicySnapshot;
276
+ /** Optional trace sink for dev observability (see {@link PaybondAgentRunBindInput.traceSink}). */
277
+ onTrace?: PaybondTraceSink;
278
+ };
279
+ export type PaybondAgentRunBindInput = {
280
+ bootstrap?: PaybondRunBindingSandboxBootstrapInput;
281
+ attach?: PaybondRunBindingAttachInput;
282
+ registry: PaybondToolRegistry;
283
+ /** Optional versioned policy snapshot; registry is taken from the snapshot when set. */
284
+ policySnapshot?: PaybondPolicySnapshot;
285
+ /** Optional client correlation id; generated when omitted. */
286
+ runId?: string;
287
+ /** Policy file path for hot-reload (watch/poll/manual reload). */
288
+ policyFile?: string;
289
+ /** Enable file watcher and/or Gateway poll reload after bind. */
290
+ reload?: PaybondPolicyReloadBindConfig;
291
+ /**
292
+ * Optional dev trace sink; omitted in production binds unless explicitly set.
293
+ * When `paybond dev loop` activates a collector, bind resolves it automatically.
294
+ */
295
+ traceSink?: PaybondTraceSink;
296
+ /** @deprecated Use {@link PaybondAgentRunBindInput.traceSink}. */
297
+ onTrace?: PaybondTraceSink;
298
+ };
299
+ export declare class PaybondAgentRunBindError extends Error {
300
+ constructor(message: string);
301
+ }
302
+ /** Raised when auto-evidence payload construction fails before submit. */
303
+ export declare class PaybondAutoEvidenceError extends Error {
304
+ constructor(message: string);
305
+ }
306
+ /** Raised when auto-evidence submission fails after a successful tool execution. */
307
+ export declare class PaybondAutoEvidenceSubmitError extends Error {
308
+ readonly toolResult: unknown;
309
+ constructor(toolResult: unknown, cause: unknown);
310
+ }
311
+ /** @deprecated Use {@link PaybondAutoEvidenceSubmitError}. */
312
+ export declare const PaybondEvidenceSubmitError: typeof PaybondAutoEvidenceSubmitError;
313
+ /** Raised when `defaultDeny` blocks a side-effecting tool that was not registered. */
314
+ export declare class PaybondUnregisteredSideEffectingToolError extends Error {
315
+ readonly toolName: string;
316
+ readonly operation: string;
317
+ constructor(toolName: string, operation: string);
318
+ }
@@ -0,0 +1,42 @@
1
+ export class PaybondToolRegistryValidationError extends Error {
2
+ constructor(message) {
3
+ super(message);
4
+ this.name = "PaybondToolRegistryValidationError";
5
+ }
6
+ }
7
+ export class PaybondAgentRunBindError extends Error {
8
+ constructor(message) {
9
+ super(message);
10
+ this.name = "PaybondAgentRunBindError";
11
+ }
12
+ }
13
+ /** Raised when auto-evidence payload construction fails before submit. */
14
+ export class PaybondAutoEvidenceError extends Error {
15
+ constructor(message) {
16
+ super(message);
17
+ this.name = "PaybondAutoEvidenceError";
18
+ }
19
+ }
20
+ /** Raised when auto-evidence submission fails after a successful tool execution. */
21
+ export class PaybondAutoEvidenceSubmitError extends Error {
22
+ toolResult;
23
+ constructor(toolResult, cause) {
24
+ const message = cause instanceof Error ? cause.message : "auto-evidence submission failed";
25
+ super(message, cause instanceof Error ? { cause } : undefined);
26
+ this.name = "PaybondAutoEvidenceSubmitError";
27
+ this.toolResult = toolResult;
28
+ }
29
+ }
30
+ /** @deprecated Use {@link PaybondAutoEvidenceSubmitError}. */
31
+ export const PaybondEvidenceSubmitError = PaybondAutoEvidenceSubmitError;
32
+ /** Raised when `defaultDeny` blocks a side-effecting tool that was not registered. */
33
+ export class PaybondUnregisteredSideEffectingToolError extends Error {
34
+ toolName;
35
+ operation;
36
+ constructor(toolName, operation) {
37
+ super(`side-effecting tool "${toolName}" (operation "${operation}") is in intent allowedTools but not registered`);
38
+ this.name = "PaybondUnregisteredSideEffectingToolError";
39
+ this.toolName = toolName;
40
+ this.operation = operation;
41
+ }
42
+ }