@paybond/kit 0.11.10 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/completion-presets/catalog.json +374 -3
- package/completion-presets/catalog.sha256 +1 -1
- package/dist/agent/facade.js +13 -0
- package/dist/agent/guarded-agent.d.ts +1 -1
- package/dist/agent/guarded-agent.js +19 -0
- package/dist/agent/index.d.ts +2 -1
- package/dist/agent/index.js +1 -0
- package/dist/agent/instrument.d.ts +6 -0
- package/dist/agent/instrument.js +6 -0
- package/dist/agent/interceptor.d.ts +9 -0
- package/dist/agent/interceptor.js +177 -1
- package/dist/agent/receipt-client.d.ts +49 -0
- package/dist/agent/receipt-client.js +45 -0
- package/dist/agent/registry.js +1 -0
- package/dist/agent/run.d.ts +2 -0
- package/dist/agent/run.js +52 -0
- package/dist/agent/types.d.ts +70 -0
- package/dist/agent-receipt-external-attestations.d.ts +29 -0
- package/dist/agent-receipt-external-attestations.js +124 -0
- package/dist/agent-receipt.d.ts +134 -0
- package/dist/agent-receipt.js +580 -0
- package/dist/agent-recognition.d.ts +25 -0
- package/dist/agent-recognition.js +36 -0
- package/dist/audit/exports.d.ts +72 -0
- package/dist/audit/exports.js +185 -0
- package/dist/audit/index.d.ts +3 -0
- package/dist/audit/index.js +3 -0
- package/dist/audit/verify.d.ts +8 -0
- package/dist/audit/verify.js +113 -0
- package/dist/audit/wire.d.ts +54 -0
- package/dist/audit/wire.js +80 -0
- package/dist/cli/agent/demo-loaders.d.ts +2 -0
- package/dist/cli/agent/demo-loaders.js +24 -0
- package/dist/cli/agent/production-evidence.d.ts +11 -0
- package/dist/cli/agent/production-evidence.js +17 -0
- package/dist/cli/audit-export.d.ts +2 -7
- package/dist/cli/audit-export.js +2 -120
- package/dist/cli/command-spec.js +43 -10
- package/dist/cli/commands/agent.d.ts +3 -0
- package/dist/cli/commands/agent.js +143 -1
- package/dist/cli/commands/discovery.js +39 -36
- package/dist/cli/commands/workflows.js +116 -18
- package/dist/cli/help.d.ts +1 -1
- package/dist/cli/help.js +12 -8
- package/dist/cli/intents-harbor-mutation.d.ts +18 -0
- package/dist/cli/intents-harbor-mutation.js +33 -0
- package/dist/cli/paybond.d.ts +9 -0
- package/dist/cli/paybond.js +23 -0
- package/dist/cli/redact.js +3 -0
- package/dist/cloudflare-agents/config.d.ts +24 -0
- package/dist/cloudflare-agents/config.js +23 -0
- package/dist/cloudflare-agents/index.d.ts +3 -0
- package/dist/cloudflare-agents/index.js +3 -0
- package/dist/cloudflare-agents/peer.d.ts +9 -0
- package/dist/cloudflare-agents/peer.js +20 -0
- package/dist/cloudflare-agents/sandbox-demo.d.ts +36 -0
- package/dist/cloudflare-agents/sandbox-demo.js +89 -0
- package/dist/completion-catalog-digest.d.ts +1 -1
- package/dist/completion-catalog-digest.js +1 -1
- package/dist/completion-init.js +8 -3
- package/dist/dev/offline-gateway.d.ts +2 -1
- package/dist/dev/offline-gateway.js +34 -3
- package/dist/dev/x402-fund-mock.d.ts +28 -0
- package/dist/dev/x402-fund-mock.js +124 -0
- package/dist/index.d.ts +125 -9
- package/dist/index.js +264 -17
- package/dist/init.js +113 -2
- package/dist/mastra/config.d.ts +30 -0
- package/dist/mastra/config.js +58 -0
- package/dist/mastra/index.d.ts +2 -0
- package/dist/mastra/index.js +2 -0
- package/dist/mastra/peer.d.ts +11 -0
- package/dist/mastra/peer.js +24 -0
- package/dist/mastra/sandbox-demo.d.ts +36 -0
- package/dist/mastra/sandbox-demo.js +87 -0
- package/dist/mcp/index.d.ts +1 -0
- package/dist/mcp/index.js +1 -0
- package/dist/mcp/sandbox-demo.d.ts +38 -0
- package/dist/mcp/sandbox-demo.js +112 -0
- package/dist/mcp-receipt-resource.d.ts +10 -0
- package/dist/mcp-receipt-resource.js +32 -0
- package/dist/mcp-server.d.ts +6 -0
- package/dist/mcp-server.js +124 -1
- package/dist/mpp-commercial.d.ts +19 -0
- package/dist/mpp-commercial.js +34 -0
- package/dist/mpp-funding.d.ts +71 -0
- package/dist/mpp-funding.js +192 -0
- package/dist/payment-transport.d.ts +30 -0
- package/dist/payment-transport.js +56 -0
- package/dist/policy/init.js +2 -0
- package/dist/policy/intent-spec.js +2 -0
- package/dist/principal-intent.d.ts +1 -1
- package/dist/principal-intent.js +4 -1
- package/dist/project-init.js +8 -0
- package/dist/template-init.d.ts +2 -2
- package/dist/template-init.js +6 -2
- package/dist/x402-funding.d.ts +52 -0
- package/dist/x402-funding.js +124 -0
- package/package.json +20 -2
- package/templates/manifest.json +28 -9
- package/templates/openai-shopping-agent/package-lock.json +16 -8
- package/templates/openai-shopping-agent/package.json +1 -1
- package/templates/paybond-aws-operator/package-lock.json +13 -5
- package/templates/paybond-aws-operator/package.json +1 -1
- package/templates/paybond-claude-agents-demo/package-lock.json +16 -8
- package/templates/paybond-claude-agents-demo/package.json +1 -1
- package/templates/paybond-invoice-agent/requirements.txt +1 -1
- package/templates/paybond-mastra-travel-agent/.env.example +3 -0
- package/templates/paybond-mastra-travel-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-mastra-travel-agent/LICENSE +201 -0
- package/templates/paybond-mastra-travel-agent/README.md +29 -0
- package/templates/paybond-mastra-travel-agent/package-lock.json +3377 -0
- package/templates/paybond-mastra-travel-agent/package.json +22 -0
- package/templates/paybond-mastra-travel-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-mastra-travel-agent/src/index.ts +22 -0
- package/templates/paybond-mastra-travel-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-mastra-travel-agent/tsconfig.json +13 -0
- package/templates/paybond-mcp-coding-agent/package-lock.json +13 -5
- package/templates/paybond-mcp-coding-agent/package.json +1 -1
- package/templates/paybond-openai-agents-demo/package-lock.json +16 -8
- package/templates/paybond-openai-agents-demo/package.json +1 -1
- package/templates/paybond-procurement-agent/package-lock.json +13 -5
- package/templates/paybond-procurement-agent/package.json +1 -1
- package/templates/paybond-travel-agent/package-lock.json +16 -8
- package/templates/paybond-travel-agent/package.json +1 -1
- package/templates/paybond-vercel-shopping-agent/package-lock.json +13 -5
- package/templates/paybond-vercel-shopping-agent/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -4,14 +4,18 @@
|
|
|
4
4
|
*/
|
|
5
5
|
import { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBinding, } from "./principal-intent.js";
|
|
6
6
|
import { signPayeeEvidenceBinding } from "./payee-evidence.js";
|
|
7
|
-
import { PaybondAgentRunFacade, PaybondInstrumentBuilder, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondToolRegistry, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, resolveAgentPolicySource, wrapPaybondTools, } from "./agent/index.js";
|
|
7
|
+
import { PaybondAgentRunFacade, createPaybondAgentCallable, PaybondInstrumentBuilder, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondToolRegistry, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, resolveAgentPolicySource, wrapPaybondTools, } from "./agent/index.js";
|
|
8
8
|
import { GatewayAgentRunTraceReporter, } from "./agent/gateway-trace-reporter.js";
|
|
9
9
|
import { fetchWithGatewayRetries, gatewayRetryDelayMs, shouldRetryGatewayResponse, } from "./gateway-retry.js";
|
|
10
|
+
import { PaybondAudit, PaybondAuditExports } from "./audit/index.js";
|
|
11
|
+
import { formatPaymentAuthorizationValue, paymentAuthorizationGatewayHeader, readFundPaymentTransportHeaders, } from "./payment-transport.js";
|
|
10
12
|
import { parsePolicyRemoteValidateResponse, policyValidateQueryString, } from "./policy/validate-remote.js";
|
|
11
13
|
import { parsePolicyEffectiveResolveResponse, } from "./policy/load-effective.js";
|
|
12
14
|
import { paybondPolicyPresets } from "./policy/policy-api.js";
|
|
13
15
|
import { paybondSolutionPresets } from "./solutions/api.js";
|
|
14
16
|
import { requireSecureGatewayUrl } from "./gateway-url.js";
|
|
17
|
+
import { executeFundWithX402, } from "./x402-funding.js";
|
|
18
|
+
import { executeFundWithMppCharge, executeFundWithMppSession, } from "./mpp-funding.js";
|
|
15
19
|
function parseVerifyCapabilityBody(body, expectedTenant, expectedIntentId) {
|
|
16
20
|
const tenant = String(body.tenant ?? "");
|
|
17
21
|
const intentId = String(body.intent_id ?? "");
|
|
@@ -81,6 +85,12 @@ function verifyCapabilityPayload(input) {
|
|
|
81
85
|
payload.approval_token = input.approvalToken.trim();
|
|
82
86
|
if (input.idempotencyKey?.trim())
|
|
83
87
|
payload.idempotency_key = input.idempotencyKey.trim();
|
|
88
|
+
if (input.modelFamily?.trim())
|
|
89
|
+
payload.model_family = input.modelFamily.trim();
|
|
90
|
+
if (input.configHashHex?.trim())
|
|
91
|
+
payload.config_hash_hex = input.configHashHex.trim().toLowerCase();
|
|
92
|
+
if (input.promptHashHex?.trim())
|
|
93
|
+
payload.prompt_hash_hex = input.promptHashHex.trim().toLowerCase();
|
|
84
94
|
return payload;
|
|
85
95
|
}
|
|
86
96
|
export const DEFAULT_PAYBOND_GATEWAY_BASE_URL = "https://api.paybond.ai";
|
|
@@ -467,7 +477,7 @@ export class HarborClient {
|
|
|
467
477
|
}
|
|
468
478
|
throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
|
|
469
479
|
}
|
|
470
|
-
async fetchWithRetries(url, init, { retryBody, retryBodyText, }) {
|
|
480
|
+
async fetchWithRetries(url, init, { retryBody, retryBodyText, appendAuthorization, } = {}) {
|
|
471
481
|
let lastErr;
|
|
472
482
|
for (let attempt = 0; attempt < this.maxRetries; attempt++) {
|
|
473
483
|
let res;
|
|
@@ -477,6 +487,9 @@ export class HarborClient {
|
|
|
477
487
|
for (const [k, v] of Object.entries(auth)) {
|
|
478
488
|
headers.set(k, v);
|
|
479
489
|
}
|
|
490
|
+
for (const value of appendAuthorization ?? []) {
|
|
491
|
+
headers.append("authorization", value);
|
|
492
|
+
}
|
|
480
493
|
res = await fetch(url, { ...init, headers });
|
|
481
494
|
}
|
|
482
495
|
catch (e) {
|
|
@@ -598,11 +611,18 @@ export class HarborClient {
|
|
|
598
611
|
if (options?.paymentSignature?.trim()) {
|
|
599
612
|
headers["payment-signature"] = options.paymentSignature.trim();
|
|
600
613
|
}
|
|
614
|
+
const appendAuthorization = options?.paymentAuthorization?.trim() !== undefined &&
|
|
615
|
+
options.paymentAuthorization.trim() !== ""
|
|
616
|
+
? [formatPaymentAuthorizationValue(options.paymentAuthorization)]
|
|
617
|
+
: undefined;
|
|
601
618
|
const res = await this.fetchWithRetries(url, {
|
|
602
619
|
method: "POST",
|
|
603
620
|
headers,
|
|
604
621
|
body: "",
|
|
605
|
-
}, {
|
|
622
|
+
}, {
|
|
623
|
+
retryBodyText: "",
|
|
624
|
+
appendAuthorization,
|
|
625
|
+
});
|
|
606
626
|
const text = await res.text();
|
|
607
627
|
if (![200, 202, 402].includes(res.status)) {
|
|
608
628
|
throw new HarborHttpError(`Harbor fund intent HTTP ${res.status}: ${text}`, {
|
|
@@ -612,6 +632,7 @@ export class HarborClient {
|
|
|
612
632
|
});
|
|
613
633
|
}
|
|
614
634
|
const body = assertJSONObject(JSON.parse(text));
|
|
635
|
+
const transport = readFundPaymentTransportHeaders(res.headers);
|
|
615
636
|
const tenant = String(body.tenant ?? "");
|
|
616
637
|
if (tenant !== this.tenantId) {
|
|
617
638
|
throw new Error(`fund tenant mismatch: client=${this.tenantId} harbor=${tenant}`);
|
|
@@ -634,6 +655,9 @@ export class HarborClient {
|
|
|
634
655
|
statusCode: res.status,
|
|
635
656
|
paymentRequired: res.headers.get("payment-required") ?? undefined,
|
|
636
657
|
paymentResponse: res.headers.get("payment-response") ?? undefined,
|
|
658
|
+
wwwAuthenticate: transport.wwwAuthenticate,
|
|
659
|
+
paymentReceipt: transport.paymentReceipt,
|
|
660
|
+
cacheControl: transport.cacheControl,
|
|
637
661
|
intentId: echoedIntentId,
|
|
638
662
|
tenant,
|
|
639
663
|
state: body.state,
|
|
@@ -684,6 +708,34 @@ export class HarborClient {
|
|
|
684
708
|
predicatePassed: body.predicate_passed,
|
|
685
709
|
};
|
|
686
710
|
}
|
|
711
|
+
/**
|
|
712
|
+
* POST `/intents/{intentId}/settlement/confirm` — confirms the settlement action implied by
|
|
713
|
+
* stored evidence evaluation (does not choose release vs refund).
|
|
714
|
+
*/
|
|
715
|
+
async confirmSettlement(intentId, body = {}, options) {
|
|
716
|
+
const url = `${this.base}intents/${intentId}/settlement/confirm`;
|
|
717
|
+
const headers = {
|
|
718
|
+
"content-type": "application/json",
|
|
719
|
+
"x-tenant-id": this.tenantId,
|
|
720
|
+
};
|
|
721
|
+
if (options?.idempotencyKey?.trim()) {
|
|
722
|
+
headers["idempotency-key"] = options.idempotencyKey.trim();
|
|
723
|
+
}
|
|
724
|
+
const res = await this.fetchWithRetries(url, {
|
|
725
|
+
method: "POST",
|
|
726
|
+
headers,
|
|
727
|
+
body: JSON.stringify(body),
|
|
728
|
+
}, { retryBody: body });
|
|
729
|
+
const text = await res.text();
|
|
730
|
+
if (!res.ok) {
|
|
731
|
+
throw new HarborHttpError(`Harbor settlement confirm HTTP ${res.status}: ${text}`, {
|
|
732
|
+
statusCode: res.status,
|
|
733
|
+
url,
|
|
734
|
+
bodyText: text,
|
|
735
|
+
});
|
|
736
|
+
}
|
|
737
|
+
return JSON.parse(text);
|
|
738
|
+
}
|
|
687
739
|
/**
|
|
688
740
|
* `GET /ledger/v1/tip` — latest sequence and entry commitment for the authenticated tenant.
|
|
689
741
|
*
|
|
@@ -966,9 +1018,13 @@ export class GatewayHarborClient {
|
|
|
966
1018
|
return JSON.parse(text);
|
|
967
1019
|
}
|
|
968
1020
|
async fundIntent(intentId, options) {
|
|
969
|
-
const
|
|
1021
|
+
const paymentHeaders = {
|
|
970
1022
|
...(options.paymentSignature?.trim() ? { "payment-signature": options.paymentSignature.trim() } : {}),
|
|
971
|
-
|
|
1023
|
+
...(options.paymentAuthorization?.trim()
|
|
1024
|
+
? paymentAuthorizationGatewayHeader(options.paymentAuthorization)
|
|
1025
|
+
: {}),
|
|
1026
|
+
};
|
|
1027
|
+
const { res, text, url } = await this.postJSON(`/harbor/intents/${encodeURIComponent(intentId)}/fund`, {}, this.mutationHeaders("fundIntent", options, paymentHeaders));
|
|
972
1028
|
if (![200, 202, 402].includes(res.status)) {
|
|
973
1029
|
throw new HarborHttpError(`Gateway Harbor fund intent HTTP ${res.status}: ${text}`, {
|
|
974
1030
|
statusCode: res.status,
|
|
@@ -976,12 +1032,16 @@ export class GatewayHarborClient {
|
|
|
976
1032
|
bodyText: text,
|
|
977
1033
|
});
|
|
978
1034
|
}
|
|
1035
|
+
const transport = readFundPaymentTransportHeaders(res.headers);
|
|
979
1036
|
return parseFundIntentResponse(assertJSONObject(JSON.parse(text)), {
|
|
980
1037
|
tenantId: this.tenantId,
|
|
981
1038
|
intentId,
|
|
982
1039
|
statusCode: res.status,
|
|
983
1040
|
paymentRequired: res.headers.get("payment-required") ?? undefined,
|
|
984
1041
|
paymentResponse: res.headers.get("payment-response") ?? undefined,
|
|
1042
|
+
wwwAuthenticate: transport.wwwAuthenticate,
|
|
1043
|
+
paymentReceipt: transport.paymentReceipt,
|
|
1044
|
+
cacheControl: transport.cacheControl,
|
|
985
1045
|
source: "gateway",
|
|
986
1046
|
});
|
|
987
1047
|
}
|
|
@@ -996,6 +1056,18 @@ export class GatewayHarborClient {
|
|
|
996
1056
|
}
|
|
997
1057
|
return parseSubmitEvidenceResponse(JSON.parse(text));
|
|
998
1058
|
}
|
|
1059
|
+
/** Recognition-gated Gateway Harbor settlement confirmation. */
|
|
1060
|
+
async confirmSettlement(intentId, body, options) {
|
|
1061
|
+
const { res, text, url } = await this.postJSON(`/harbor/intents/${encodeURIComponent(intentId)}/settlement/confirm`, body, this.mutationHeaders("confirmSettlement", options));
|
|
1062
|
+
if (!res.ok) {
|
|
1063
|
+
throw new HarborHttpError(`Gateway Harbor settlement confirm HTTP ${res.status}: ${text}`, {
|
|
1064
|
+
statusCode: res.status,
|
|
1065
|
+
url,
|
|
1066
|
+
bodyText: text,
|
|
1067
|
+
});
|
|
1068
|
+
}
|
|
1069
|
+
return JSON.parse(text);
|
|
1070
|
+
}
|
|
999
1071
|
}
|
|
1000
1072
|
/**
|
|
1001
1073
|
* Gateway sandbox guardrail helpers.
|
|
@@ -1117,7 +1189,7 @@ export class PaybondGuardrails {
|
|
|
1117
1189
|
}
|
|
1118
1190
|
}
|
|
1119
1191
|
const DEFAULT_PRINCIPAL_PATH = "/v1/auth/principal";
|
|
1120
|
-
const SETTLEMENT_RAIL_VALUES = new Set(["stripe_connect", "stripe_ach_debit", "x402_usdc_base"]);
|
|
1192
|
+
const SETTLEMENT_RAIL_VALUES = new Set(["stripe_connect", "stripe_ach_debit", "stripe_mpp", "x402_usdc_base"]);
|
|
1121
1193
|
const FRAUD_REVIEW_EVENT_TYPES = new Set([
|
|
1122
1194
|
"review_open_requested",
|
|
1123
1195
|
"appeal_requested",
|
|
@@ -1169,6 +1241,9 @@ function parseFundIntentResponse(body, init) {
|
|
|
1169
1241
|
statusCode: init.statusCode,
|
|
1170
1242
|
paymentRequired: init.paymentRequired,
|
|
1171
1243
|
paymentResponse: init.paymentResponse,
|
|
1244
|
+
wwwAuthenticate: init.wwwAuthenticate,
|
|
1245
|
+
paymentReceipt: init.paymentReceipt,
|
|
1246
|
+
cacheControl: init.cacheControl,
|
|
1172
1247
|
intentId: echoedIntentId,
|
|
1173
1248
|
tenant,
|
|
1174
1249
|
state: body.state,
|
|
@@ -1318,6 +1393,9 @@ function parseIntentFundingResult(value) {
|
|
|
1318
1393
|
settlementRail: readSettlementRailValue(body.settlement_rail, "funding.settlement_rail"),
|
|
1319
1394
|
harborFundEndpoint: readOptionalString("harbor_fund_endpoint"),
|
|
1320
1395
|
status: readOptionalString("status"),
|
|
1396
|
+
intent: readOptionalString("intent"),
|
|
1397
|
+
method: readOptionalString("method"),
|
|
1398
|
+
challengeId: readOptionalString("challenge_id"),
|
|
1321
1399
|
paymentSessionId: readOptionalString("payment_session_id"),
|
|
1322
1400
|
paymentUrl: readOptionalString("payment_url"),
|
|
1323
1401
|
stripePaymentIntentId: readOptionalString("stripe_payment_intent_id"),
|
|
@@ -1333,6 +1411,17 @@ function parseIntentFundingResult(value) {
|
|
|
1333
1411
|
bankName: readOptionalString("bank_name"),
|
|
1334
1412
|
asset: readOptionalString("asset"),
|
|
1335
1413
|
network: readOptionalString("network"),
|
|
1414
|
+
settlementAsset: readOptionalString("settlement_asset"),
|
|
1415
|
+
settlementNetwork: readOptionalString("settlement_network"),
|
|
1416
|
+
channelId: readOptionalString("channel_id"),
|
|
1417
|
+
sessionProtocol: readOptionalString("session_protocol"),
|
|
1418
|
+
depositAmountBaseUnits: readOptionalString("deposit_amount_base_units"),
|
|
1419
|
+
acceptedCumulativeBaseUnits: readOptionalString("accepted_cumulative_base_units"),
|
|
1420
|
+
pendingCumulativeBaseUnits: readOptionalString("pending_cumulative_base_units"),
|
|
1421
|
+
descriptorHash: readOptionalString("descriptor_hash"),
|
|
1422
|
+
lastVoucherAt: readOptionalString("last_voucher_at"),
|
|
1423
|
+
lastSettleTxHash: readOptionalString("last_settle_tx_hash"),
|
|
1424
|
+
channelStatus: readOptionalString("channel_status"),
|
|
1336
1425
|
authorizationId: readOptionalString("authorization_id"),
|
|
1337
1426
|
captureId: readOptionalString("capture_id"),
|
|
1338
1427
|
voidId: readOptionalString("void_id"),
|
|
@@ -2008,6 +2097,80 @@ export class GatewayProtocolClient {
|
|
|
2008
2097
|
}
|
|
2009
2098
|
return assertJSONObject(JSON.parse(text));
|
|
2010
2099
|
}
|
|
2100
|
+
async getAgentReceiptV1ByID(receiptId) {
|
|
2101
|
+
const enc = encodeURIComponent(receiptId);
|
|
2102
|
+
const url = `${this.base}protocol/v2/agent-receipts/${enc}`;
|
|
2103
|
+
const res = await this.fetchWithRetries(url, {
|
|
2104
|
+
method: "GET",
|
|
2105
|
+
headers: this.headers(),
|
|
2106
|
+
});
|
|
2107
|
+
const text = await res.text();
|
|
2108
|
+
if (!res.ok) {
|
|
2109
|
+
const parsed = parseGatewayErrorEnvelope(text);
|
|
2110
|
+
throw new ProtocolHttpError(protocolHTTPErrorMessage("agent receipt", res.status, text), {
|
|
2111
|
+
statusCode: res.status,
|
|
2112
|
+
url,
|
|
2113
|
+
bodyText: text,
|
|
2114
|
+
errorCode: parsed.errorCode,
|
|
2115
|
+
errorMessage: parsed.errorMessage,
|
|
2116
|
+
});
|
|
2117
|
+
}
|
|
2118
|
+
const body = assertJSONObject(JSON.parse(text));
|
|
2119
|
+
if (String(body.receipt_id ?? "").trim() !== receiptId) {
|
|
2120
|
+
throw new Error(`agent receipt mismatch: requested=${receiptId} gateway=${String(body.receipt_id ?? "")}`);
|
|
2121
|
+
}
|
|
2122
|
+
if (String(body.tenant_id ?? "").trim() !== this.tenantId) {
|
|
2123
|
+
throw new Error(`agent receipt tenant mismatch: client=${this.tenantId} gateway=${String(body.tenant_id ?? "")}`);
|
|
2124
|
+
}
|
|
2125
|
+
return body;
|
|
2126
|
+
}
|
|
2127
|
+
async getAgentReceiptV1ByIntentToolCall(init) {
|
|
2128
|
+
const params = new URLSearchParams({
|
|
2129
|
+
intent_id: init.intentId,
|
|
2130
|
+
tool_call_id: init.toolCallId,
|
|
2131
|
+
});
|
|
2132
|
+
const url = `${this.base}protocol/v2/agent-receipts?${params.toString()}`;
|
|
2133
|
+
const res = await this.fetchWithRetries(url, {
|
|
2134
|
+
method: "GET",
|
|
2135
|
+
headers: this.headers(),
|
|
2136
|
+
});
|
|
2137
|
+
const text = await res.text();
|
|
2138
|
+
if (!res.ok) {
|
|
2139
|
+
const parsed = parseGatewayErrorEnvelope(text);
|
|
2140
|
+
throw new ProtocolHttpError(protocolHTTPErrorMessage("agent receipt lookup", res.status, text), {
|
|
2141
|
+
statusCode: res.status,
|
|
2142
|
+
url,
|
|
2143
|
+
bodyText: text,
|
|
2144
|
+
errorCode: parsed.errorCode,
|
|
2145
|
+
errorMessage: parsed.errorMessage,
|
|
2146
|
+
});
|
|
2147
|
+
}
|
|
2148
|
+
const body = assertJSONObject(JSON.parse(text));
|
|
2149
|
+
if (String(body.tenant_id ?? "").trim() !== this.tenantId) {
|
|
2150
|
+
throw new Error(`agent receipt tenant mismatch: client=${this.tenantId} gateway=${String(body.tenant_id ?? "")}`);
|
|
2151
|
+
}
|
|
2152
|
+
return body;
|
|
2153
|
+
}
|
|
2154
|
+
async verifyAgentReceiptV1(receipt) {
|
|
2155
|
+
const url = `${this.base}protocol/v2/agent-receipts/verify`;
|
|
2156
|
+
const res = await this.fetchWithRetries(url, {
|
|
2157
|
+
method: "POST",
|
|
2158
|
+
headers: this.headers({ "content-type": "application/json" }),
|
|
2159
|
+
body: JSON.stringify(receipt),
|
|
2160
|
+
});
|
|
2161
|
+
const text = await res.text();
|
|
2162
|
+
if (!res.ok) {
|
|
2163
|
+
const parsed = parseGatewayErrorEnvelope(text);
|
|
2164
|
+
throw new ProtocolHttpError(protocolHTTPErrorMessage("agent receipt verify", res.status, text), {
|
|
2165
|
+
statusCode: res.status,
|
|
2166
|
+
url,
|
|
2167
|
+
bodyText: text,
|
|
2168
|
+
errorCode: parsed.errorCode,
|
|
2169
|
+
errorMessage: parsed.errorMessage,
|
|
2170
|
+
});
|
|
2171
|
+
}
|
|
2172
|
+
return assertJSONObject(JSON.parse(text));
|
|
2173
|
+
}
|
|
2011
2174
|
async createHarborIntent(init) {
|
|
2012
2175
|
return this.postJSON("/harbor/intents", init.body, gatewayMutationHeaders(init.recognitionProof, {
|
|
2013
2176
|
...(init.idempotencyKey?.trim() ? { "idempotency-key": init.idempotencyKey.trim() } : {}),
|
|
@@ -2131,7 +2294,8 @@ function nowRfc3339Seconds() {
|
|
|
2131
2294
|
return new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
|
|
2132
2295
|
}
|
|
2133
2296
|
/**
|
|
2134
|
-
* Ergonomic intent helpers: principal-signed intent create, x402 funding,
|
|
2297
|
+
* Ergonomic intent helpers: principal-signed intent create, x402 funding, payee-signed evidence,
|
|
2298
|
+
* and settlement confirmation.
|
|
2135
2299
|
*/
|
|
2136
2300
|
export class PaybondIntents {
|
|
2137
2301
|
harbor;
|
|
@@ -2174,10 +2338,78 @@ export class PaybondIntents {
|
|
|
2174
2338
|
async fund(params) {
|
|
2175
2339
|
return this.harbor.fundIntent(params.intentId, {
|
|
2176
2340
|
paymentSignature: params.paymentSignature,
|
|
2341
|
+
paymentAuthorization: params.paymentAuthorization,
|
|
2177
2342
|
idempotencyKey: params.idempotencyKey,
|
|
2178
2343
|
recognitionProof: params.recognitionProof,
|
|
2179
2344
|
});
|
|
2180
2345
|
}
|
|
2346
|
+
/**
|
|
2347
|
+
* One-call x402 fund flow: sign 402 challenges, retry with `payment-signature`, and poll until funded.
|
|
2348
|
+
*
|
|
2349
|
+
* Wallet keys stay app-owned — pass injectable `signPayment` and `issueRecognitionProof` callbacks.
|
|
2350
|
+
*/
|
|
2351
|
+
async fundWithX402(params) {
|
|
2352
|
+
const { intentId, recognitionProof, signPayment, issueRecognitionProof, pollOptions, idempotencyKey } = params;
|
|
2353
|
+
return executeFundWithX402({
|
|
2354
|
+
intentId,
|
|
2355
|
+
recognitionProof,
|
|
2356
|
+
signPayment,
|
|
2357
|
+
issueRecognitionProof,
|
|
2358
|
+
pollOptions,
|
|
2359
|
+
fund: ({ recognitionProof: proof, paymentSignature }) => this.fund({
|
|
2360
|
+
intentId,
|
|
2361
|
+
recognitionProof: proof,
|
|
2362
|
+
paymentSignature,
|
|
2363
|
+
idempotencyKey,
|
|
2364
|
+
}),
|
|
2365
|
+
});
|
|
2366
|
+
}
|
|
2367
|
+
/**
|
|
2368
|
+
* One-shot Stripe MPP charge fund flow: create Payment Auth credentials from 402 challenges,
|
|
2369
|
+
* retry with `paymentAuthorization`, and poll until funded.
|
|
2370
|
+
*
|
|
2371
|
+
* MPP wallet and SPT secrets stay app-owned — pass injectable `createPaymentCredential` and
|
|
2372
|
+
* `issueRecognitionProof` callbacks.
|
|
2373
|
+
*/
|
|
2374
|
+
async fundWithMppCharge(params) {
|
|
2375
|
+
const { intentId, recognitionProof, createPaymentCredential, issueRecognitionProof, pollOptions, idempotencyKey, } = params;
|
|
2376
|
+
return executeFundWithMppCharge({
|
|
2377
|
+
intentId,
|
|
2378
|
+
recognitionProof,
|
|
2379
|
+
createPaymentCredential,
|
|
2380
|
+
issueRecognitionProof,
|
|
2381
|
+
pollOptions,
|
|
2382
|
+
fund: ({ recognitionProof: proof, paymentAuthorization }) => this.fund({
|
|
2383
|
+
intentId,
|
|
2384
|
+
recognitionProof: proof,
|
|
2385
|
+
paymentAuthorization,
|
|
2386
|
+
idempotencyKey,
|
|
2387
|
+
}),
|
|
2388
|
+
});
|
|
2389
|
+
}
|
|
2390
|
+
/**
|
|
2391
|
+
* Tempo MPP session fund flow: open a session channel deposit via Payment Auth credentials,
|
|
2392
|
+
* retry with `paymentAuthorization`, and poll until the intent is funded.
|
|
2393
|
+
*
|
|
2394
|
+
* MPP wallet and SPT secrets stay app-owned — pass injectable `createPaymentCredential` and
|
|
2395
|
+
* `issueRecognitionProof` callbacks.
|
|
2396
|
+
*/
|
|
2397
|
+
async fundWithMppSession(params) {
|
|
2398
|
+
const { intentId, recognitionProof, createPaymentCredential, issueRecognitionProof, pollOptions, idempotencyKey, } = params;
|
|
2399
|
+
return executeFundWithMppSession({
|
|
2400
|
+
intentId,
|
|
2401
|
+
recognitionProof,
|
|
2402
|
+
createPaymentCredential,
|
|
2403
|
+
issueRecognitionProof,
|
|
2404
|
+
pollOptions,
|
|
2405
|
+
fund: ({ recognitionProof: proof, paymentAuthorization }) => this.fund({
|
|
2406
|
+
intentId,
|
|
2407
|
+
recognitionProof: proof,
|
|
2408
|
+
paymentAuthorization,
|
|
2409
|
+
idempotencyKey,
|
|
2410
|
+
}),
|
|
2411
|
+
});
|
|
2412
|
+
}
|
|
2181
2413
|
/**
|
|
2182
2414
|
* Sign payee evidence and POST it. `payeeSigningSeed` must be 32 bytes.
|
|
2183
2415
|
*/
|
|
@@ -2191,6 +2423,14 @@ export class PaybondIntents {
|
|
|
2191
2423
|
});
|
|
2192
2424
|
return this.harbor.submitEvidence(rest.intentId, wire, { idempotencyKey, recognitionProof });
|
|
2193
2425
|
}
|
|
2426
|
+
/**
|
|
2427
|
+
* Confirm Harbor settlement through Gateway `POST /harbor/intents/{id}/settlement/confirm`.
|
|
2428
|
+
* Confirms the action implied by stored evidence; does not choose release vs refund.
|
|
2429
|
+
*/
|
|
2430
|
+
async confirmSettlement(params) {
|
|
2431
|
+
const { intentId, recognitionProof, body = {}, idempotencyKey } = params;
|
|
2432
|
+
return this.harbor.confirmSettlement(intentId, body, { idempotencyKey, recognitionProof });
|
|
2433
|
+
}
|
|
2194
2434
|
}
|
|
2195
2435
|
/**
|
|
2196
2436
|
* High-level Kit entrypoint: tenant-bound Gateway clients plus ergonomic intent helpers.
|
|
@@ -2203,8 +2443,10 @@ export class Paybond {
|
|
|
2203
2443
|
a2a;
|
|
2204
2444
|
protocol;
|
|
2205
2445
|
intents;
|
|
2446
|
+
audit;
|
|
2206
2447
|
agentRun;
|
|
2207
|
-
|
|
2448
|
+
agent;
|
|
2449
|
+
constructor(harbor, guardrails, signal, fraud, a2a, protocol, audit) {
|
|
2208
2450
|
this.harbor = harbor;
|
|
2209
2451
|
this.guardrails = guardrails;
|
|
2210
2452
|
this.signal = signal;
|
|
@@ -2212,7 +2454,9 @@ export class Paybond {
|
|
|
2212
2454
|
this.a2a = a2a;
|
|
2213
2455
|
this.protocol = protocol;
|
|
2214
2456
|
this.intents = new PaybondIntents(harbor);
|
|
2457
|
+
this.audit = audit;
|
|
2215
2458
|
this.agentRun = new PaybondAgentRunFacade(this);
|
|
2459
|
+
this.agent = createPaybondAgentCallable(protocol, (input) => createPaybondAgent(this, input));
|
|
2216
2460
|
}
|
|
2217
2461
|
/** Open a tenant-bound hosted Paybond session from a service-account API key. */
|
|
2218
2462
|
static async open(init) {
|
|
@@ -2243,7 +2487,11 @@ export class Paybond {
|
|
|
2243
2487
|
staticGatewayBearerToken: init.apiKey,
|
|
2244
2488
|
maxRetries,
|
|
2245
2489
|
});
|
|
2246
|
-
|
|
2490
|
+
const audit = new PaybondAudit(PaybondAuditExports.open(gatewayBaseUrl, tenantId, {
|
|
2491
|
+
staticGatewayBearerToken: init.apiKey,
|
|
2492
|
+
maxRetries,
|
|
2493
|
+
}));
|
|
2494
|
+
return new Paybond(harbor, guardrails, signal, fraud, a2a, protocol, audit);
|
|
2247
2495
|
}
|
|
2248
2496
|
/** Reserved for future HTTP client cleanup; safe to call after work completes. */
|
|
2249
2497
|
async aclose() {
|
|
@@ -2295,13 +2543,6 @@ export class Paybond {
|
|
|
2295
2543
|
instrumentMCP(input) {
|
|
2296
2544
|
return instrumentPaybondMCP(this, input);
|
|
2297
2545
|
}
|
|
2298
|
-
/**
|
|
2299
|
-
* Opinionated quickstart: resolve named policy presets (for example `travel`) or file paths,
|
|
2300
|
-
* then instrument tools for the selected framework.
|
|
2301
|
-
*/
|
|
2302
|
-
agent(input) {
|
|
2303
|
-
return createPaybondAgent(this, input);
|
|
2304
|
-
}
|
|
2305
2546
|
/** Wrap tools for an existing bound run without reloading policy. */
|
|
2306
2547
|
wrapTools(run, tools, options) {
|
|
2307
2548
|
return wrapPaybondTools(run, tools, options);
|
|
@@ -2325,10 +2566,16 @@ export class Paybond {
|
|
|
2325
2566
|
export { normalizeJson, jsonValueDigest } from "./json-digest.js";
|
|
2326
2567
|
export { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBinding, intentCreationSignBytesRaw, intentCreationSignBytesWithPolicyBinding, } from "./principal-intent.js";
|
|
2327
2568
|
export { artifactsDigest, evidenceSignBytesV1, signPayeeEvidenceBinding, } from "./payee-evidence.js";
|
|
2328
|
-
export { AGENT_RECOGNITION_GATEWAY_VERIFIER_ID, AGENT_RECOGNITION_PROOF_KIND_V1, AGENT_RECOGNITION_PURPOSE_EVIDENCE_SUBMIT, newAgentRecognitionRequestEnvelope, signAgentRecognitionProofV1, signHarborEvidenceSubmitRecognitionProof, } from "./agent-recognition.js";
|
|
2569
|
+
export { AGENT_RECOGNITION_GATEWAY_VERIFIER_ID, AGENT_RECOGNITION_PROOF_KIND_V1, AGENT_RECOGNITION_PURPOSE_CREATE, AGENT_RECOGNITION_PURPOSE_FUND, AGENT_RECOGNITION_PURPOSE_EVIDENCE_SUBMIT, newAgentRecognitionRequestEnvelope, signAgentRecognitionProofV1, signHarborCreateRecognitionProof, signHarborFundRecognitionProof, signHarborEvidenceSubmitRecognitionProof, signHarborSettlementConfirmRecognitionProof, } from "./agent-recognition.js";
|
|
2570
|
+
export { executeFundWithX402, buildX402FundRequestEnvelope, PaybondX402FundingFailedError, PaybondX402FundingPendingError, } from "./x402-funding.js";
|
|
2571
|
+
export { executeFundWithMpp, executeFundWithMppCharge, executeFundWithMppSession, buildMppFundRequestEnvelope, parsePaymentAuthChallenge, selectMppChargeChallenge, selectMppSessionChallenge, PaybondMppFundingFailedError, PaybondMppFundingPendingError, } from "./mpp-funding.js";
|
|
2329
2572
|
export { validateCompletionEvidence, } from "./completion-validate-evidence.js";
|
|
2330
2573
|
export { completionSchemaDigestHex, computeVendorContractDigests, verifyVendorContract, verifyCatalogVendorContracts, } from "./completion-contract-digest.js";
|
|
2331
2574
|
export { contractSnapshotForPreset, mapVendorEvidenceToCanonical, resolveCompletionPreset, } from "./completion-resolve.js";
|
|
2332
2575
|
export { PaybondAgentRun, PaybondAgentRunBindError, PaybondAgentRunFacade, PaybondEvidenceSubmitError, PaybondToolInterceptor, PaybondToolRegistry, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, buildAutoEvidencePayload, createGenericToolExecutor, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondGenericAgentConfig, createPaybondGenericInputGuard, createPaybondToolRegistry, createToolInputGuardAdapter, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, paybondGenericToolExecutorAdapter, paybondToolInputGuardAdapter, resolveAgentPolicySource, toPaybondAgentResult, wrapPaybondTools, PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, } from "./agent/index.js";
|
|
2576
|
+
export { PaybondAudit, PaybondAuditExports, GatewayAuditExportsClient, parseAuditExportList, parseAuditExportJobGet, verifyAuditManifest, verifyAuditBundleLocal, } from "./audit/index.js";
|
|
2333
2577
|
export { PaybondPolicy, composePolicyLayers, composeBundledPresetDefault, domain, guardrails, paybondPolicyPresets, resolveComposedPresetDocument, } from "./policy/index.js";
|
|
2334
2578
|
export { getSolutionSmokeDefaults, isKnownSolutionId, listSolutionIds, loadSolutionManifest, paybondSolutionPresets, } from "./solutions/index.js";
|
|
2579
|
+
export { appendDirectHarborPaymentAuthorization, formatPaymentAuthorizationValue, PAYBOND_PAYMENT_AUTHORIZATION_HEADER, PAYMENT_TRANSPORT_RESPONSE_HEADERS, paymentAuthorizationGatewayHeader, readFundPaymentTransportHeaders, } from "./payment-transport.js";
|
|
2580
|
+
export { AGENT_RECEIPT_KIND_V1, AGENT_RECEIPT_SCHEMA_VERSION, AGENT_RECEIPT_SCOPE_ACTION, AGENT_RECEIPT_SCOPE_INTENT_TERMINAL, AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519, AGENT_RECEIPT_VERSION_V1, AGENT_RECEIPT_WELL_KNOWN_PATH, actionReceiptId, canonicalAgentReceiptBytes, configHashSha256Hex, promptHashSha256Hex, valueDigestSha256Hex, verifyAgentReceiptV1, } from "./agent-receipt.js";
|
|
2581
|
+
export { AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828, AGENT_RECEIPT_EXTERNAL_SOURCE_X402, partnerRecordDigestSha256Hex, resolveExternalAttestations, sep2828RecordsToExternalAttestations, x402ReceiptToExternalAttestations, } from "./agent-receipt-external-attestations.js";
|
package/dist/init.js
CHANGED
|
@@ -22,6 +22,9 @@ const AGENT_MIDDLEWARE_FRAMEWORKS = new Set([
|
|
|
22
22
|
"openai",
|
|
23
23
|
"langgraph",
|
|
24
24
|
"vercel-ai",
|
|
25
|
+
"mastra",
|
|
26
|
+
"cloudflare-agents",
|
|
27
|
+
"mcp",
|
|
25
28
|
]);
|
|
26
29
|
const AGENT_MIDDLEWARE_FRAMEWORK_ALIASES = {
|
|
27
30
|
"provider-agnostic": "generic",
|
|
@@ -31,6 +34,30 @@ const PRESET_DEFAULT_OUT = {
|
|
|
31
34
|
"paid-tool-guard": "paybond-paid-tool-guard.ts",
|
|
32
35
|
"agent-middleware": "paybond-agent-middleware.ts",
|
|
33
36
|
};
|
|
37
|
+
/** Comment block for production intent create via policy_binding (signing v7). */
|
|
38
|
+
function productionPolicyBindingComments(harborTemplateId) {
|
|
39
|
+
return `// Production (signing v7): publish managed template head for ${harborTemplateId}, then create a funded intent.
|
|
40
|
+
// import { PaybondPolicy } from "@paybond/kit";
|
|
41
|
+
// const policy = await PaybondPolicy.load("./paybond.policy.yaml");
|
|
42
|
+
// const publishedHead = {
|
|
43
|
+
// templateId: "<template_id>",
|
|
44
|
+
// versionSeq: 1,
|
|
45
|
+
// materializedPredicate: { /* from publish response */ },
|
|
46
|
+
// policyContentDigestHex: "<digest_hex>",
|
|
47
|
+
// };
|
|
48
|
+
// const intentInput = policy.toIntentCreateInput({
|
|
49
|
+
// principalDid,
|
|
50
|
+
// principalSigningSeed: principalSeed32,
|
|
51
|
+
// payeeDid,
|
|
52
|
+
// payeeSigningSeed: payeeSeed32,
|
|
53
|
+
// deadlineRfc3339,
|
|
54
|
+
// settlementRail: "stripe_connect",
|
|
55
|
+
// recognitionProof,
|
|
56
|
+
// publishedPolicyHead: publishedHead,
|
|
57
|
+
// });
|
|
58
|
+
// const created = await paybond.intents.createWithPolicyBinding(intentInput);
|
|
59
|
+
// Fund if needed, then attach middleware: paybond.agentRun.bind({ attach: { intentId, capabilityToken, productionEvidence }, registry })`;
|
|
60
|
+
}
|
|
34
61
|
const FRAMEWORK_NOTES = {
|
|
35
62
|
generic: "Wrap the returned function around any side-effecting tool handler.",
|
|
36
63
|
"provider-agnostic": "Use the guarded handler with OpenAI, Gemini, Claude/Anthropic, local models, or any custom runtime.",
|
|
@@ -52,7 +79,7 @@ function usage() {
|
|
|
52
79
|
" agent-middleware PaybondAgentRun + tool registry middleware",
|
|
53
80
|
"",
|
|
54
81
|
"Frameworks (paid-tool-guard): generic|provider-agnostic|openai|claude|anthropic|gemini|google-ai|vercel-ai|langgraph|mcp",
|
|
55
|
-
"Frameworks (agent-middleware): generic|claude-agents|openai|langgraph|vercel-ai",
|
|
82
|
+
"Frameworks (agent-middleware): generic|claude-agents|openai|langgraph|vercel-ai|mastra|cloudflare-agents|mcp",
|
|
56
83
|
].join("\n");
|
|
57
84
|
}
|
|
58
85
|
function normalizeAgentMiddlewareFramework(framework) {
|
|
@@ -197,6 +224,24 @@ export async function openPaybondFromEnv(options: OpenPaybondFromEnvOptions = {}
|
|
|
197
224
|
});
|
|
198
225
|
}`;
|
|
199
226
|
}
|
|
227
|
+
function agentMiddlewareHeaderComments(framework) {
|
|
228
|
+
const smokeCommands = {
|
|
229
|
+
generic: 'paybond agent sandbox smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --result-body \'{"reservation":{"status":"confirmed","price_cents":20000}}\'',
|
|
230
|
+
"claude-agents": "paybond agent demo claude-agents smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --format json",
|
|
231
|
+
openai: "paybond agent demo openai smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --format json",
|
|
232
|
+
langgraph: "paybond agent demo langgraph smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --format json",
|
|
233
|
+
"vercel-ai": "paybond agent demo vercel-ai smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --format json",
|
|
234
|
+
mastra: "paybond agent demo mastra smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --format json",
|
|
235
|
+
"cloudflare-agents": "paybond agent demo cloudflare-agents smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --format json",
|
|
236
|
+
mcp: "paybond agent demo mcp smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --format json",
|
|
237
|
+
};
|
|
238
|
+
return [
|
|
239
|
+
"// Paybond for paid tools; provider-native limits for LLM token caps only.",
|
|
240
|
+
"// Policy: ./paybond.policy.yaml (scaffold with paybond policy init).",
|
|
241
|
+
`// Smoke: ${smokeCommands[framework]}`,
|
|
242
|
+
"// Production: createWithPolicyBinding after publishing the managed template head — see block below.",
|
|
243
|
+
].join("\n");
|
|
244
|
+
}
|
|
200
245
|
function agentMiddlewareFrameworkBlock(framework) {
|
|
201
246
|
switch (framework) {
|
|
202
247
|
case "claude-agents":
|
|
@@ -326,6 +371,66 @@ export async function runGuardedGenerateText(
|
|
|
326
371
|
toolApproval: paybondVercelToolApproval(run),
|
|
327
372
|
prompt,
|
|
328
373
|
});
|
|
374
|
+
}`;
|
|
375
|
+
case "mastra":
|
|
376
|
+
return `import { createTool } from "@mastra/core/tools";
|
|
377
|
+
import { z } from "zod";
|
|
378
|
+
import { createPaybondMastraConfig } from "@paybond/kit/mastra";
|
|
379
|
+
import type { PaybondAgentRun } from "@paybond/kit/agent";
|
|
380
|
+
|
|
381
|
+
/** Wrap Mastra \`createTool()\` definitions with Paybond middleware on \`execute\`. */
|
|
382
|
+
export function createGuardedMastraTools(run: PaybondAgentRun) {
|
|
383
|
+
const tools = [
|
|
384
|
+
createTool({
|
|
385
|
+
id: "travel.book_hotel",
|
|
386
|
+
description: "Book a hotel room",
|
|
387
|
+
inputSchema: z.object({
|
|
388
|
+
city: z.string(),
|
|
389
|
+
estimatedPriceCents: z.number().int().nonnegative(),
|
|
390
|
+
}),
|
|
391
|
+
execute: async (args) => bookHotel(args),
|
|
392
|
+
}),
|
|
393
|
+
createTool({
|
|
394
|
+
id: "search.web",
|
|
395
|
+
description: "Search the web",
|
|
396
|
+
inputSchema: z.object({ query: z.string() }),
|
|
397
|
+
execute: async (args) => searchWeb(args),
|
|
398
|
+
}),
|
|
399
|
+
];
|
|
400
|
+
return createPaybondMastraConfig(run, tools).tools;
|
|
401
|
+
}`;
|
|
402
|
+
case "cloudflare-agents":
|
|
403
|
+
return `import { tool } from "ai";
|
|
404
|
+
import { z } from "zod";
|
|
405
|
+
import { createPaybondCloudflareAgentsConfig } from "@paybond/kit/cloudflare-agents";
|
|
406
|
+
import type { PaybondAgentRun } from "@paybond/kit/agent";
|
|
407
|
+
|
|
408
|
+
/** Wrap Cloudflare Agents \`getTools()\` AI SDK tool definitions with Paybond middleware on \`execute\`. */
|
|
409
|
+
export function createGuardedCloudflareAgentTools(run: PaybondAgentRun) {
|
|
410
|
+
const tools = {
|
|
411
|
+
"travel.book_hotel": tool({
|
|
412
|
+
description: "Book a hotel room",
|
|
413
|
+
inputSchema: z.object({
|
|
414
|
+
city: z.string(),
|
|
415
|
+
estimatedPriceCents: z.number().int().nonnegative(),
|
|
416
|
+
}),
|
|
417
|
+
execute: async (args) => bookHotel(args),
|
|
418
|
+
}),
|
|
419
|
+
searchWeb: tool({
|
|
420
|
+
description: "Search the web",
|
|
421
|
+
inputSchema: z.object({ query: z.string() }),
|
|
422
|
+
execute: async (args) => searchWeb(args),
|
|
423
|
+
}),
|
|
424
|
+
};
|
|
425
|
+
return createPaybondCloudflareAgentsConfig(run, tools);
|
|
426
|
+
}`;
|
|
427
|
+
case "mcp":
|
|
428
|
+
return `import { createPaybondMcpToolSurface } from "@paybond/kit/mcp";
|
|
429
|
+
import type { PaybondAgentRun } from "@paybond/kit/agent";
|
|
430
|
+
|
|
431
|
+
/** Stdio MCP host config — bind a run first, then \`paybond mcp install\` for coding-agent hosts. */
|
|
432
|
+
export function createMcpToolSurface(run: PaybondAgentRun) {
|
|
433
|
+
return createPaybondMcpToolSurface(run, { envFile: ".env.local" });
|
|
329
434
|
}`;
|
|
330
435
|
default:
|
|
331
436
|
return `import { createPaybondGenericAgentConfig } from "@paybond/kit/agent";
|
|
@@ -360,6 +465,8 @@ import {
|
|
|
360
465
|
|
|
361
466
|
${envHelpersBlock()}
|
|
362
467
|
|
|
468
|
+
${agentMiddlewareHeaderComments(framework)}
|
|
469
|
+
|
|
363
470
|
// Agent middleware preset maps to completion catalog archetype: cost_and_completion (${completionPreset.harbor_template_id}).
|
|
364
471
|
const COMPLETION_PRESET_ID = "cost_and_completion";
|
|
365
472
|
const DEFAULT_OPERATION = "travel.book_hotel";
|
|
@@ -426,6 +533,8 @@ export async function bindAgentRun(
|
|
|
426
533
|
return paybond.agentRun.bind(bindInput);
|
|
427
534
|
}
|
|
428
535
|
|
|
536
|
+
${productionPolicyBindingComments(completionPreset.harbor_template_id)}
|
|
537
|
+
|
|
429
538
|
${agentMiddlewareFrameworkBlock(framework)}
|
|
430
539
|
`;
|
|
431
540
|
}
|
|
@@ -454,12 +563,14 @@ export function buildCompletionEvidence(fields: CompletionEvidence): Record<stri
|
|
|
454
563
|
return { ...fields };
|
|
455
564
|
}
|
|
456
565
|
|
|
457
|
-
// Production: use buildSignedCreateIntentBodyWithPolicyBinding from @paybond/kit after publishing ${completionPreset.harbor_template_id}.
|
|
458
566
|
export const policyBindingStub = {
|
|
459
567
|
template_id: HARBOR_TEMPLATE_ID,
|
|
460
568
|
parameters: ${jsonLiteral(completionPreset.parameters, 2)} as const,
|
|
569
|
+
// version_seq and head_digest are assigned after publishing the managed template head.
|
|
461
570
|
};
|
|
462
571
|
|
|
572
|
+
${productionPolicyBindingComments(completionPreset.harbor_template_id)}
|
|
573
|
+
|
|
463
574
|
const DEFAULT_OPERATION = "paid_tool.operation";
|
|
464
575
|
const DEFAULT_REQUESTED_SPEND_CENTS = 500;
|
|
465
576
|
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import type { PaybondAgentRun } from "../agent/run.js";
|
|
2
|
+
/** Minimal Mastra tool shape — matches `createTool()` output without importing `@mastra/core`. */
|
|
3
|
+
export type MastraToolLike = {
|
|
4
|
+
id: string;
|
|
5
|
+
description: string;
|
|
6
|
+
inputSchema?: unknown;
|
|
7
|
+
outputSchema?: unknown;
|
|
8
|
+
suspendSchema?: unknown;
|
|
9
|
+
resumeSchema?: unknown;
|
|
10
|
+
requestContextSchema?: unknown;
|
|
11
|
+
execute?: (inputData: unknown, context?: unknown) => unknown | Promise<unknown>;
|
|
12
|
+
};
|
|
13
|
+
/** Mastra runner config: guarded tools with wrapped `execute` handlers. */
|
|
14
|
+
export type PaybondMastraConfig<TTools extends MastraToolLike[]> = {
|
|
15
|
+
tools: TTools;
|
|
16
|
+
};
|
|
17
|
+
/**
|
|
18
|
+
* Wrap side-effecting Mastra tools with Paybond `wrapExecute` so Harbor verify,
|
|
19
|
+
* spend finalize, and auto-evidence run after successful execution.
|
|
20
|
+
*
|
|
21
|
+
* Read-only tools pass through unchanged.
|
|
22
|
+
*/
|
|
23
|
+
export declare function paybondMastraWrapTools<TTools extends MastraToolLike[]>(run: PaybondAgentRun, tools: TTools): TTools;
|
|
24
|
+
/**
|
|
25
|
+
* Framework runner helper for Mastra `createTool({ execute })` definitions.
|
|
26
|
+
*
|
|
27
|
+
* Preserves schema, id, and description; replaces `execute` only on
|
|
28
|
+
* side-effecting registry tools.
|
|
29
|
+
*/
|
|
30
|
+
export declare function createPaybondMastraConfig<TTools extends MastraToolLike[]>(run: PaybondAgentRun, tools: TTools): PaybondMastraConfig<TTools>;
|