@paybond/kit 0.11.11 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/completion-presets/catalog.json +10 -5
  2. package/completion-presets/catalog.sha256 +1 -1
  3. package/dist/agent/index.d.ts +2 -1
  4. package/dist/agent/index.js +1 -0
  5. package/dist/agent/interceptor.d.ts +9 -0
  6. package/dist/agent/interceptor.js +177 -1
  7. package/dist/agent/receipt-client.d.ts +49 -0
  8. package/dist/agent/receipt-client.js +45 -0
  9. package/dist/agent/registry.js +1 -0
  10. package/dist/agent/run.d.ts +2 -0
  11. package/dist/agent/run.js +52 -0
  12. package/dist/agent/types.d.ts +70 -0
  13. package/dist/agent-receipt-external-attestations.d.ts +29 -0
  14. package/dist/agent-receipt-external-attestations.js +124 -0
  15. package/dist/agent-receipt.d.ts +134 -0
  16. package/dist/agent-receipt.js +580 -0
  17. package/dist/audit/exports.d.ts +15 -1
  18. package/dist/audit/exports.js +55 -8
  19. package/dist/audit/index.d.ts +2 -2
  20. package/dist/audit/wire.d.ts +12 -0
  21. package/dist/audit/wire.js +13 -1
  22. package/dist/cli/command-spec.js +4 -2
  23. package/dist/cli/commands/discovery.js +17 -6
  24. package/dist/cli/help.d.ts +1 -1
  25. package/dist/cli/help.js +3 -3
  26. package/dist/completion-catalog-digest.d.ts +1 -1
  27. package/dist/completion-catalog-digest.js +1 -1
  28. package/dist/index.d.ts +83 -7
  29. package/dist/index.js +180 -13
  30. package/dist/mcp-receipt-resource.d.ts +10 -0
  31. package/dist/mcp-receipt-resource.js +32 -0
  32. package/dist/mcp-server.d.ts +6 -0
  33. package/dist/mcp-server.js +62 -1
  34. package/dist/mpp-commercial.d.ts +19 -0
  35. package/dist/mpp-commercial.js +34 -0
  36. package/dist/mpp-funding.d.ts +71 -0
  37. package/dist/mpp-funding.js +192 -0
  38. package/dist/payment-transport.d.ts +30 -0
  39. package/dist/payment-transport.js +56 -0
  40. package/dist/policy/intent-spec.js +2 -0
  41. package/dist/principal-intent.d.ts +1 -1
  42. package/dist/principal-intent.js +4 -1
  43. package/package.json +1 -1
  44. package/templates/openai-shopping-agent/package-lock.json +7 -7
  45. package/templates/paybond-aws-operator/package-lock.json +4 -4
  46. package/templates/paybond-claude-agents-demo/package-lock.json +7 -7
  47. package/templates/paybond-mastra-travel-agent/package-lock.json +10 -10
  48. package/templates/paybond-mcp-coding-agent/package-lock.json +4 -4
  49. package/templates/paybond-openai-agents-demo/package-lock.json +7 -7
  50. package/templates/paybond-procurement-agent/package-lock.json +4 -4
  51. package/templates/paybond-travel-agent/package-lock.json +7 -7
  52. package/templates/paybond-vercel-shopping-agent/package-lock.json +4 -4
@@ -950,7 +950,8 @@
950
950
  },
951
951
  "scope": "tool_completion",
952
952
  "rail_hints": [
953
- "x402_usdc_base"
953
+ "x402_usdc_base",
954
+ "stripe_mpp"
954
955
  ],
955
956
  "forbidden_evidence_fields": [
956
957
  "payment_session_id",
@@ -1063,7 +1064,8 @@
1063
1064
  },
1064
1065
  "scope": "tool_completion",
1065
1066
  "rail_hints": [
1066
- "x402_usdc_base"
1067
+ "x402_usdc_base",
1068
+ "stripe_mpp"
1067
1069
  ],
1068
1070
  "forbidden_evidence_fields": [
1069
1071
  "payment_session_id",
@@ -1158,7 +1160,8 @@
1158
1160
  },
1159
1161
  "scope": "tool_completion",
1160
1162
  "rail_hints": [
1161
- "x402_usdc_base"
1163
+ "x402_usdc_base",
1164
+ "stripe_mpp"
1162
1165
  ],
1163
1166
  "forbidden_evidence_fields": [
1164
1167
  "payment_session_id",
@@ -1269,7 +1272,8 @@
1269
1272
  },
1270
1273
  "scope": "tool_completion",
1271
1274
  "rail_hints": [
1272
- "x402_usdc_base"
1275
+ "x402_usdc_base",
1276
+ "stripe_mpp"
1273
1277
  ],
1274
1278
  "forbidden_evidence_fields": [
1275
1279
  "payment_session_id",
@@ -1390,7 +1394,8 @@
1390
1394
  },
1391
1395
  "scope": "tool_completion",
1392
1396
  "rail_hints": [
1393
- "x402_usdc_base"
1397
+ "x402_usdc_base",
1398
+ "stripe_mpp"
1394
1399
  ],
1395
1400
  "forbidden_evidence_fields": [
1396
1401
  "payment_session_id",
@@ -1 +1 @@
1
- df9c8e9ad04e10b682dd7877460528896216d832486e88af6c9039bad402b264
1
+ a738febc9ee8b5b66f05991c4582ba24e6857cdc574196b0aeefc5c77e192ea9
@@ -1,3 +1,4 @@
1
+ export { PaybondAgentFacade, createPaybondAgentCallable, type GetAgentReceiptInput, type PaybondAgentCallable, } from "./receipt-client.js";
1
2
  export { createGuardedAgent, createGuardedAgentRunner, type CreateGuardedAgentInput, type CreateGuardedAgentResult, type CreateGuardedAgentResultBase, type GuardedAgentFramework, } from "./guarded-agent.js";
2
3
  export { createPaybondAgent, resolveAgentPolicySource, toPaybondAgentResult, wrapPaybondTools, type PaybondAgentHooks, type PaybondAgentInput, type PaybondAgentResult, type PaybondInstrumentInput, type PaybondWrapToolsOptions, } from "./facade.js";
3
4
  export { PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, type PaybondAgentInstrumentation, type PaybondInlinePolicy, type PaybondInstrumentAgentOptions, type PaybondInstrumentAttachInput, type PaybondInstrumentBinding, type PaybondInstrumentContext, type PaybondInstrumentContextInput, type PaybondInstrumentContextProvider, } from "./instrument.js";
@@ -10,4 +11,4 @@ export { PaybondToolInterceptor } from "./interceptor.js";
10
11
  export { PaybondToolRegistry, createPaybondToolRegistry, } from "./registry.js";
11
12
  export { PaybondAgentRun, PaybondAgentRunFacade, type PaybondAgentRunHost, } from "./run.js";
12
13
  export { agentRegistryDocumentToConfig, buildSmokeRegistry, loadAgentRegistryFile, parseAgentRegistryText, validateAgentRegistryDocument, type AgentRegistryFileDocument, type AgentRegistryValidationResult, } from "./registry-file.js";
13
- export { PaybondAgentRunBindError, PaybondAutoEvidenceError, PaybondAutoEvidenceSubmitError, PaybondEvidenceSubmitError, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, type PaybondAgentRunBindInput, type PaybondAuthorizeToolCallInput, type PaybondEvidenceMapper, type PaybondInterceptEvidenceResult, type PaybondInterceptWrapExecuteInput, type PaybondInterceptWrapExecuteResult, type PaybondRunBinding, type PaybondRunBindingAttachInput, type PaybondRunBindingSandboxBootstrapInput, type PaybondRunProductionEvidenceCredentials, type PaybondRunGuard, type PaybondSideEffectingToolEntry, type PaybondSideEffectingToolPolicy, type PaybondSpendResolver, type PaybondToolCallContext, type PaybondToolInputGuardAllowDecision, type PaybondToolInputGuardApprovalRequiredDecision, type PaybondToolInputGuardDecision, type PaybondToolInputGuardDenyDecision, type PaybondToolRegistryConfig, type PaybondToolResolution, type PaybondTraceEvent, type PaybondTraceSink, } from "./types.js";
14
+ export { PaybondAgentRunBindError, PaybondAutoEvidenceError, PaybondAutoEvidenceSubmitError, PaybondEvidenceSubmitError, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, type PaybondAgentRunBindInput, type PaybondAuthorizeToolCallInput, type PaybondEvidenceMapper, type PaybondExternalAttestationMapper, type PaybondInterceptEvidenceResult, type PaybondInterceptWrapExecuteInput, type PaybondInterceptWrapExecuteResult, type PaybondRunBinding, type PaybondRunBindingAttachInput, type PaybondRunBindingSandboxBootstrapInput, type PaybondRunProductionEvidenceCredentials, type PaybondRunGuard, type PaybondSideEffectingToolEntry, type PaybondSideEffectingToolPolicy, type PaybondSpendResolver, type PaybondToolCallContext, type PaybondToolInputGuardAllowDecision, type PaybondToolInputGuardApprovalRequiredDecision, type PaybondToolInputGuardDecision, type PaybondToolInputGuardDenyDecision, type PaybondToolRegistryConfig, type PaybondToolResolution, type PaybondTraceEvent, type PaybondTraceSink, } from "./types.js";
@@ -1,3 +1,4 @@
1
+ export { PaybondAgentFacade, createPaybondAgentCallable, } from "./receipt-client.js";
1
2
  export { createGuardedAgent, createGuardedAgentRunner, } from "./guarded-agent.js";
2
3
  export { createPaybondAgent, resolveAgentPolicySource, toPaybondAgentResult, wrapPaybondTools, } from "./facade.js";
3
4
  export { PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, } from "./instrument.js";
@@ -21,4 +21,13 @@ export declare class PaybondToolInterceptor {
21
21
  wrapExecute<TResult>(input: PaybondInterceptWrapExecuteInput<TResult>): Promise<PaybondInterceptWrapExecuteResult<TResult>>;
22
22
  private resolveSideEffectingCall;
23
23
  private submitAutoEvidence;
24
+ /**
25
+ * Composes an unsigned Agent Receipt Standard draft (Phase 1) after a successful
26
+ * authorize → execute → evidence cycle. Never signed or persisted here; Phase 2 covers
27
+ * compose/sign/persist. Best-effort: returns `undefined` instead of throwing whenever
28
+ * required receipt fields (agent context, principal/operator DID, policy template, pinned
29
+ * policy digest, or a Harbor decision id) are unavailable on this binding or call.
30
+ */
31
+ private buildReceiptDraft;
32
+ private resolveToolExternalAttestations;
24
33
  }
@@ -2,6 +2,8 @@ import { evictExpiredAuthorizationCache, takeValidCachedAuthorization, } from ".
2
2
  import { buildAutoEvidencePayload } from "./evidence.js";
3
3
  import { signHarborEvidenceSubmitRecognitionProof } from "../agent-recognition.js";
4
4
  import { signPayeeEvidenceBinding } from "../payee-evidence.js";
5
+ import { AGENT_RECEIPT_KIND_V1, AGENT_RECEIPT_SCHEMA_VERSION, AGENT_RECEIPT_SCOPE_ACTION, AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519, AGENT_RECEIPT_VERSION_V1, actionReceiptId, agentReceiptMessageDigestSha256Hex, valueDigestSha256Hex, } from "../agent-receipt.js";
6
+ import { resolveExternalAttestations, } from "../agent-receipt-external-attestations.js";
5
7
  import { PaybondAutoEvidenceSubmitError, PaybondUnregisteredSideEffectingToolError, } from "./types.js";
6
8
  export { PaybondAutoEvidenceSubmitError, PaybondEvidenceSubmitError } from "./types.js";
7
9
  function nowRfc3339Seconds() {
@@ -27,6 +29,8 @@ function mapSandboxEvidenceResult(result) {
27
29
  intentId: result.intent_id,
28
30
  predicatePassed: result.predicate_passed ?? undefined,
29
31
  sandboxLifecycleStatus: result.sandbox_lifecycle_status,
32
+ payloadDigestSha256Hex: result.payload_digest?.trim().toLowerCase() || undefined,
33
+ artifactsDigestSha256Hex: result.artifacts_digest?.trim().toLowerCase() || undefined,
30
34
  };
31
35
  }
32
36
  function isSpendApprovalRequiredError(err) {
@@ -227,11 +231,14 @@ export class PaybondToolInterceptor {
227
231
  });
228
232
  const evidencePolicyDigest = cached?.policyDigest ?? pinnedDigest;
229
233
  let auth;
234
+ let authorizedAtMs;
230
235
  if (cached) {
231
236
  auth = cached.auth;
237
+ authorizedAtMs = cached.cachedAtMs;
232
238
  }
233
239
  else {
234
240
  auth = await this.binding.guard.assertSpendAuthorized(resolved.authInput);
241
+ authorizedAtMs = Date.now();
235
242
  this.emitTrace({
236
243
  type: "spend_authorized",
237
244
  runId: this.binding.runId,
@@ -266,6 +273,12 @@ export class PaybondToolInterceptor {
266
273
  });
267
274
  }
268
275
  const evidenceId = evidenceIdempotencyKey(this.binding.intentId, toolCallId);
276
+ const externalAttestations = this.resolveToolExternalAttestations(resolved.entry, toolResult, {
277
+ toolName,
278
+ toolCallId,
279
+ operation: resolved.operation,
280
+ arguments: input.arguments,
281
+ });
269
282
  const evidence = await this.submitAutoEvidence({
270
283
  entry: resolved.entry,
271
284
  toolName,
@@ -287,8 +300,27 @@ export class PaybondToolInterceptor {
287
300
  evidencePreset: resolved.entry.evidencePreset,
288
301
  sandboxLifecycleStatus: evidence.sandboxLifecycleStatus,
289
302
  predicatePassed: evidence.predicatePassed,
303
+ externalAttestations,
290
304
  recordedAt: traceTimestamp(),
291
305
  });
306
+ const receiptDraft = this.buildReceiptDraft({
307
+ toolName: resolved.toolName,
308
+ toolCallId: resolved.toolCallId,
309
+ operation: resolved.operation,
310
+ arguments: input.arguments,
311
+ agentSubject: resolved.authInput.agentSubject,
312
+ requestedSpendCents: resolved.requestedSpendCents,
313
+ currency: resolved.authInput.currency,
314
+ vendorId: resolved.authInput.vendorId,
315
+ entry: resolved.entry,
316
+ auth,
317
+ authorizedAtMs,
318
+ policyDigest: evidencePolicyDigest,
319
+ executeStartedAt,
320
+ toolResult,
321
+ evidence,
322
+ externalAttestations,
323
+ });
292
324
  return {
293
325
  toolResult,
294
326
  authorization: {
@@ -298,6 +330,7 @@ export class PaybondToolInterceptor {
298
330
  policyDigest: evidencePolicyDigest,
299
331
  },
300
332
  evidence,
333
+ receiptDraft,
301
334
  };
302
335
  }
303
336
  catch (err) {
@@ -344,6 +377,7 @@ export class PaybondToolInterceptor {
344
377
  : Math.min(requestedSpendCents, sandboxSpend);
345
378
  }
346
379
  requestedSpendCents ??= 0;
380
+ const agentContext = this.binding.agentContext;
347
381
  return {
348
382
  toolName,
349
383
  toolCallId,
@@ -359,9 +393,12 @@ export class PaybondToolInterceptor {
359
393
  taskId: input.taskId,
360
394
  workflowId: input.workflowId,
361
395
  currency: input.currency,
362
- agentSubject: input.agentSubject,
396
+ agentSubject: input.agentSubject ?? agentContext?.operatorDid,
363
397
  approvalToken: input.approvalToken,
364
398
  idempotencyKey: input.idempotencyKey,
399
+ modelFamily: agentContext?.modelFamily,
400
+ configHashHex: agentContext?.configHashHex,
401
+ promptHashHex: agentContext?.promptHashHex,
365
402
  },
366
403
  };
367
404
  }
@@ -432,11 +469,19 @@ export class PaybondToolInterceptor {
432
469
  : typeof resultRecord.predicatePassed === "boolean"
433
470
  ? resultRecord.predicatePassed
434
471
  : undefined;
472
+ const payloadDigestSha256Hex = typeof resultRecord.payload_digest === "string"
473
+ ? resultRecord.payload_digest.trim().toLowerCase() || undefined
474
+ : undefined;
475
+ const artifactsDigestSha256Hex = typeof resultRecord.artifacts_digest === "string"
476
+ ? resultRecord.artifacts_digest.trim().toLowerCase() || undefined
477
+ : undefined;
435
478
  return {
436
479
  submitted: true,
437
480
  intentId: this.binding.intentId,
438
481
  intentState,
439
482
  predicatePassed,
483
+ payloadDigestSha256Hex,
484
+ artifactsDigestSha256Hex,
440
485
  };
441
486
  }
442
487
  catch (err) {
@@ -446,4 +491,135 @@ export class PaybondToolInterceptor {
446
491
  throw new PaybondAutoEvidenceSubmitError(options.toolResult, err);
447
492
  }
448
493
  }
494
+ /**
495
+ * Composes an unsigned Agent Receipt Standard draft (Phase 1) after a successful
496
+ * authorize → execute → evidence cycle. Never signed or persisted here; Phase 2 covers
497
+ * compose/sign/persist. Best-effort: returns `undefined` instead of throwing whenever
498
+ * required receipt fields (agent context, principal/operator DID, policy template, pinned
499
+ * policy digest, or a Harbor decision id) are unavailable on this binding or call.
500
+ */
501
+ buildReceiptDraft(options) {
502
+ try {
503
+ const agentContext = this.binding.agentContext;
504
+ if (!agentContext?.operatorDid || !agentContext.principalDid || !agentContext.policyTemplateId) {
505
+ return undefined;
506
+ }
507
+ if (!agentContext.configHashHex || !agentContext.promptHashHex) {
508
+ return undefined;
509
+ }
510
+ if (!options.auth.decisionId || !options.policyDigest) {
511
+ return undefined;
512
+ }
513
+ const actorSubject = options.agentSubject ?? agentContext.operatorDid;
514
+ const bareDigest = options.policyDigest.startsWith("sha256:")
515
+ ? options.policyDigest.slice("sha256:".length)
516
+ : options.policyDigest;
517
+ const completedAtMs = Date.now();
518
+ const argumentsDigest = valueDigestSha256Hex(options.arguments);
519
+ let resultDigest;
520
+ try {
521
+ resultDigest = valueDigestSha256Hex(options.toolResult);
522
+ }
523
+ catch {
524
+ resultDigest = undefined;
525
+ }
526
+ const harborState = options.evidence.intentState ?? options.evidence.sandboxLifecycleStatus ?? "evidence_submitted";
527
+ let merchant;
528
+ let evidenceBlock;
529
+ const payeeDid = this.binding.productionEvidence?.payeeDid;
530
+ if (payeeDid && options.evidence.payloadDigestSha256Hex) {
531
+ merchant = {
532
+ payee_did: payeeDid,
533
+ vendor_id: options.vendorId,
534
+ };
535
+ evidenceBlock = {
536
+ completion_preset_id: options.entry.evidencePreset,
537
+ payload_digest_sha256_hex: options.evidence.payloadDigestSha256Hex,
538
+ artifacts_digest_sha256_hex: options.evidence.artifactsDigestSha256Hex,
539
+ predicate_passed: options.evidence.predicatePassed ?? false,
540
+ payee_did: payeeDid,
541
+ };
542
+ }
543
+ const draft = {
544
+ schema_version: AGENT_RECEIPT_SCHEMA_VERSION,
545
+ kind: AGENT_RECEIPT_KIND_V1,
546
+ receipt_version: AGENT_RECEIPT_VERSION_V1,
547
+ scope: AGENT_RECEIPT_SCOPE_ACTION,
548
+ receipt_id: actionReceiptId(this.binding.intentId, options.toolCallId),
549
+ issued_at: new Date(completedAtMs).toISOString(),
550
+ tenant_id: this.binding.tenantId,
551
+ authorization: {
552
+ principal_did: agentContext.principalDid,
553
+ actor_subject: actorSubject,
554
+ agent: {
555
+ operator_did: agentContext.operatorDid,
556
+ model_family: agentContext.modelFamily,
557
+ model_instance_id: agentContext.modelInstanceId,
558
+ config_hash_sha256_hex: agentContext.configHashHex,
559
+ prompt_hash_sha256_hex: agentContext.promptHashHex,
560
+ },
561
+ decision_id: options.auth.decisionId,
562
+ audit_id: options.auth.auditId,
563
+ policy: {
564
+ template_id: agentContext.policyTemplateId,
565
+ content_digest_sha256_hex: bareDigest,
566
+ },
567
+ authorized_at: new Date(options.authorizedAtMs).toISOString(),
568
+ requested_spend_cents: options.requestedSpendCents,
569
+ currency: options.currency ?? "usd",
570
+ },
571
+ execution: {
572
+ run_id: this.binding.runId,
573
+ tool_call_id: options.toolCallId,
574
+ tool_name: options.toolName,
575
+ operation: options.operation,
576
+ arguments_digest_sha256_hex: argumentsDigest,
577
+ result_digest_sha256_hex: resultDigest,
578
+ outcome: "executed",
579
+ started_at: new Date(options.executeStartedAt).toISOString(),
580
+ completed_at: new Date(completedAtMs).toISOString(),
581
+ duration_ms: completedAtMs - options.executeStartedAt,
582
+ },
583
+ merchant,
584
+ evidence: evidenceBlock,
585
+ outcome: {
586
+ harbor_state: harborState,
587
+ spend_reservation_outcome: "consumed",
588
+ predicate_passed: options.evidence.predicatePassed ?? undefined,
589
+ },
590
+ references: {
591
+ intent_id: this.binding.intentId,
592
+ settlement_receipt_id: null,
593
+ },
594
+ external_attestations: options.externalAttestations ?? [],
595
+ signing_algorithm: AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519,
596
+ message_digest_sha256_hex: "",
597
+ signing_public_key_ed25519_hex: "",
598
+ ed25519_signature_hex: "",
599
+ };
600
+ draft.message_digest_sha256_hex = agentReceiptMessageDigestSha256Hex(draft);
601
+ return draft;
602
+ }
603
+ catch {
604
+ // Draft composition is always best-effort; never fails tool execution (Phase 1).
605
+ return undefined;
606
+ }
607
+ }
608
+ resolveToolExternalAttestations(entry, toolResult, ctx) {
609
+ const mapper = entry.externalAttestationMapper;
610
+ if (!mapper) {
611
+ return [];
612
+ }
613
+ try {
614
+ const mapped = mapper(toolResult, ctx);
615
+ if (!mapped) {
616
+ return [];
617
+ }
618
+ const inputs = Array.isArray(mapped) ? mapped : [mapped];
619
+ return resolveExternalAttestations(inputs);
620
+ }
621
+ catch {
622
+ return [];
623
+ }
624
+ }
449
625
  }
@@ -0,0 +1,49 @@
1
+ import { type AgentReceiptV1 } from "../agent-receipt.js";
2
+ import type { PaybondAgentInput, PaybondAgentResult } from "./facade.js";
3
+ export type VerifyAgentReceiptV1Result = {
4
+ valid: boolean;
5
+ kind: string;
6
+ receipt_id: string;
7
+ tenant_id: string;
8
+ receipt: AgentReceiptV1;
9
+ };
10
+ type AgentReceiptProtocolClient = {
11
+ getAgentReceiptV1ByID(receiptId: string): Promise<AgentReceiptV1>;
12
+ getAgentReceiptV1ByIntentToolCall(init: {
13
+ intentId: string;
14
+ toolCallId: string;
15
+ }): Promise<AgentReceiptV1>;
16
+ verifyAgentReceiptV1(receipt: AgentReceiptV1 | Record<string, unknown>): Promise<VerifyAgentReceiptV1Result>;
17
+ };
18
+ export type GetAgentReceiptInput = {
19
+ receiptId: string;
20
+ intentId?: never;
21
+ toolCallId?: never;
22
+ } | {
23
+ intentId: string;
24
+ toolCallId: string;
25
+ receiptId?: never;
26
+ };
27
+ export type PaybondAgentCallable = ((input: PaybondAgentInput) => Promise<PaybondAgentResult>) & {
28
+ getReceipt(input: GetAgentReceiptInput): Promise<AgentReceiptV1>;
29
+ verifyReceipt(receipt: AgentReceiptV1, options?: {
30
+ offline?: boolean;
31
+ }): Promise<VerifyAgentReceiptV1Result | AgentReceiptV1>;
32
+ };
33
+ /** Tenant-bound agent quickstart plus receipt fetch/verify helpers. */
34
+ export declare class PaybondAgentFacade {
35
+ private readonly protocol;
36
+ private readonly invokeAgent?;
37
+ constructor(protocol: AgentReceiptProtocolClient, invokeAgent?: ((input: PaybondAgentInput) => Promise<PaybondAgentResult>) | undefined);
38
+ /** Fetch a signed `paybond.agent_receipt_v1` by receipt id or intent/tool-call lookup. */
39
+ getReceipt(input: GetAgentReceiptInput): Promise<AgentReceiptV1>;
40
+ /** Verify a signed agent receipt via Gateway or locally with {@link verifyAgentReceiptV1}. */
41
+ verifyReceipt(receipt: AgentReceiptV1, options?: {
42
+ offline?: boolean;
43
+ }): Promise<VerifyAgentReceiptV1Result | AgentReceiptV1>;
44
+ /** Opinionated quickstart: resolve policy presets and wire framework tools. */
45
+ call(input: PaybondAgentInput): Promise<PaybondAgentResult>;
46
+ }
47
+ /** Callable `paybond.agent({...})` surface with receipt helpers attached. */
48
+ export declare function createPaybondAgentCallable(protocol: AgentReceiptProtocolClient, invokeAgent: (input: PaybondAgentInput) => Promise<PaybondAgentResult>): PaybondAgentCallable;
49
+ export {};
@@ -0,0 +1,45 @@
1
+ import { verifyAgentReceiptV1, } from "../agent-receipt.js";
2
+ /** Tenant-bound agent quickstart plus receipt fetch/verify helpers. */
3
+ export class PaybondAgentFacade {
4
+ protocol;
5
+ invokeAgent;
6
+ constructor(protocol, invokeAgent) {
7
+ this.protocol = protocol;
8
+ this.invokeAgent = invokeAgent;
9
+ }
10
+ /** Fetch a signed `paybond.agent_receipt_v1` by receipt id or intent/tool-call lookup. */
11
+ async getReceipt(input) {
12
+ if ("receiptId" in input && input.receiptId?.trim()) {
13
+ return this.protocol.getAgentReceiptV1ByID(input.receiptId.trim());
14
+ }
15
+ if (input.intentId?.trim() && input.toolCallId?.trim()) {
16
+ return this.protocol.getAgentReceiptV1ByIntentToolCall({
17
+ intentId: input.intentId.trim(),
18
+ toolCallId: input.toolCallId.trim(),
19
+ });
20
+ }
21
+ throw new Error("getReceipt requires receiptId or intentId + toolCallId");
22
+ }
23
+ /** Verify a signed agent receipt via Gateway or locally with {@link verifyAgentReceiptV1}. */
24
+ async verifyReceipt(receipt, options) {
25
+ if (options?.offline) {
26
+ return verifyAgentReceiptV1(receipt);
27
+ }
28
+ return this.protocol.verifyAgentReceiptV1(receipt);
29
+ }
30
+ /** Opinionated quickstart: resolve policy presets and wire framework tools. */
31
+ async call(input) {
32
+ if (!this.invokeAgent) {
33
+ throw new Error("paybond.agent() requires a hosted Paybond session");
34
+ }
35
+ return this.invokeAgent(input);
36
+ }
37
+ }
38
+ /** Callable `paybond.agent({...})` surface with receipt helpers attached. */
39
+ export function createPaybondAgentCallable(protocol, invokeAgent) {
40
+ const facade = new PaybondAgentFacade(protocol, invokeAgent);
41
+ const callable = ((input) => facade.call(input));
42
+ callable.getReceipt = facade.getReceipt.bind(facade);
43
+ callable.verifyReceipt = facade.verifyReceipt.bind(facade);
44
+ return callable;
45
+ }
@@ -32,6 +32,7 @@ function normalizeSideEffecting(sideEffecting) {
32
32
  spendCents: policy.spendCents,
33
33
  evidencePreset,
34
34
  evidenceMapper: policy.evidenceMapper,
35
+ externalAttestationMapper: policy.externalAttestationMapper,
35
36
  });
36
37
  }
37
38
  return entries;
@@ -16,6 +16,8 @@ type SandboxGuardrailEvidenceResult = {
16
16
  intent_id: string;
17
17
  sandbox_lifecycle_status: string;
18
18
  predicate_passed?: boolean | null;
19
+ payload_digest?: string;
20
+ artifacts_digest?: string;
19
21
  };
20
22
  export type PaybondSubmitProductionEvidenceInput = {
21
23
  intentId: string;
package/dist/agent/run.js CHANGED
@@ -1,5 +1,6 @@
1
1
  import { PaybondToolInterceptor } from "./interceptor.js";
2
2
  import { PaybondAgentRunBindError, } from "./types.js";
3
+ import { configHashSha256Hex, promptHashSha256Hex } from "../agent-receipt.js";
3
4
  import { reloadPolicyOnRun, } from "../policy/reload.js";
4
5
  import { PaybondPolicyReloadController } from "../policy/watcher.js";
5
6
  import { resolveDevTraceSink } from "../dev/trace-buffer.js";
@@ -45,6 +46,55 @@ function normalizeProductionEvidence(raw, sandbox) {
45
46
  agentRecognitionSigningSeed: raw.agentRecognitionSigningSeed,
46
47
  };
47
48
  }
49
+ /** Strips the leading `sha256:` scheme from a policy snapshot digest, if present. */
50
+ function bareDigestHex(digest) {
51
+ if (!digest) {
52
+ return undefined;
53
+ }
54
+ const trimmed = digest.trim();
55
+ return trimmed.startsWith("sha256:") ? trimmed.slice("sha256:".length) : trimmed;
56
+ }
57
+ /**
58
+ * Resolves optional Agent Receipt Standard agent context at bind time: auto-computes
59
+ * `config_hash_hex` from {@link PaybondRunAgentContextInput.configHashMaterials} (per spec,
60
+ * `sha256(JCS({ system_prompt, tools_manifest, policy_snapshot_id }))`) and `prompt_hash_hex`
61
+ * from {@link PaybondRunAgentContextInput.normalizedUserPrompt} when precomputed hashes are not
62
+ * supplied directly. Raw prompt text is hashed here and discarded; only the digest is retained.
63
+ */
64
+ function resolveAgentContext(input, snapshot) {
65
+ if (!input) {
66
+ return undefined;
67
+ }
68
+ const modelFamily = input.modelFamily.trim();
69
+ if (!modelFamily) {
70
+ throw new PaybondAgentRunBindError("agentContext.modelFamily must be non-empty");
71
+ }
72
+ let configHashHex = input.configHashHex?.trim().toLowerCase();
73
+ if (!configHashHex && input.configHashMaterials) {
74
+ const policySnapshotId = input.configHashMaterials.policySnapshotId?.trim() || bareDigestHex(snapshot?.digest);
75
+ if (!policySnapshotId) {
76
+ throw new PaybondAgentRunBindError("agentContext.configHashMaterials.policySnapshotId is required when no policySnapshot is bound");
77
+ }
78
+ configHashHex = configHashSha256Hex({
79
+ system_prompt: input.configHashMaterials.systemPrompt,
80
+ tools_manifest: input.configHashMaterials.toolsManifest,
81
+ policy_snapshot_id: policySnapshotId,
82
+ });
83
+ }
84
+ let promptHashHex = input.promptHashHex?.trim().toLowerCase();
85
+ if (!promptHashHex && input.normalizedUserPrompt !== undefined) {
86
+ promptHashHex = promptHashSha256Hex(input.normalizedUserPrompt);
87
+ }
88
+ return {
89
+ modelFamily,
90
+ modelInstanceId: input.modelInstanceId?.trim() || undefined,
91
+ configHashHex,
92
+ promptHashHex,
93
+ principalDid: input.principalDid?.trim() || undefined,
94
+ operatorDid: input.operatorDid?.trim() || undefined,
95
+ policyTemplateId: input.policyTemplateId?.trim() || undefined,
96
+ };
97
+ }
48
98
  function assertExclusiveBindMode(input) {
49
99
  const hasBootstrap = input.bootstrap !== undefined;
50
100
  const hasAttach = input.attach !== undefined;
@@ -268,6 +318,7 @@ export class PaybondAgentRun {
268
318
  const registry = snapshot?.registry ?? input.registry;
269
319
  registry.validateForBind(allowedTools);
270
320
  const guard = paybond.spendGuard(intentId, capabilityToken);
321
+ const agentContext = resolveAgentContext(input.agentContext, snapshot);
271
322
  const binding = {
272
323
  runId,
273
324
  tenantId,
@@ -280,6 +331,7 @@ export class PaybondAgentRun {
280
331
  productionEvidence,
281
332
  policySnapshot: snapshot,
282
333
  onTrace: input.traceSink ?? input.onTrace ?? resolveDevTraceSink(),
334
+ agentContext,
283
335
  };
284
336
  const policyFilePath = input.policyFile?.trim();
285
337
  const run = new PaybondAgentRun(binding, paybond, snapshot, policyFilePath);