@paybond/kit 0.11.11 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/completion-presets/catalog.json +10 -5
- package/completion-presets/catalog.sha256 +1 -1
- package/dist/agent/index.d.ts +2 -1
- package/dist/agent/index.js +1 -0
- package/dist/agent/interceptor.d.ts +9 -0
- package/dist/agent/interceptor.js +177 -1
- package/dist/agent/receipt-client.d.ts +49 -0
- package/dist/agent/receipt-client.js +45 -0
- package/dist/agent/registry.js +1 -0
- package/dist/agent/run.d.ts +2 -0
- package/dist/agent/run.js +52 -0
- package/dist/agent/types.d.ts +70 -0
- package/dist/agent-receipt-external-attestations.d.ts +29 -0
- package/dist/agent-receipt-external-attestations.js +124 -0
- package/dist/agent-receipt.d.ts +134 -0
- package/dist/agent-receipt.js +580 -0
- package/dist/audit/exports.d.ts +15 -1
- package/dist/audit/exports.js +55 -8
- package/dist/audit/index.d.ts +2 -2
- package/dist/audit/wire.d.ts +12 -0
- package/dist/audit/wire.js +13 -1
- package/dist/cli/command-spec.js +4 -2
- package/dist/cli/commands/discovery.js +17 -6
- package/dist/cli/help.d.ts +1 -1
- package/dist/cli/help.js +3 -3
- package/dist/completion-catalog-digest.d.ts +1 -1
- package/dist/completion-catalog-digest.js +1 -1
- package/dist/index.d.ts +83 -7
- package/dist/index.js +180 -13
- package/dist/mcp-receipt-resource.d.ts +10 -0
- package/dist/mcp-receipt-resource.js +32 -0
- package/dist/mcp-server.d.ts +6 -0
- package/dist/mcp-server.js +62 -1
- package/dist/mpp-commercial.d.ts +19 -0
- package/dist/mpp-commercial.js +34 -0
- package/dist/mpp-funding.d.ts +71 -0
- package/dist/mpp-funding.js +192 -0
- package/dist/payment-transport.d.ts +30 -0
- package/dist/payment-transport.js +56 -0
- package/dist/policy/intent-spec.js +2 -0
- package/dist/principal-intent.d.ts +1 -1
- package/dist/principal-intent.js +4 -1
- package/package.json +1 -1
- package/templates/openai-shopping-agent/package-lock.json +7 -7
- package/templates/paybond-aws-operator/package-lock.json +4 -4
- package/templates/paybond-claude-agents-demo/package-lock.json +7 -7
- package/templates/paybond-mastra-travel-agent/package-lock.json +10 -10
- package/templates/paybond-mcp-coding-agent/package-lock.json +4 -4
- package/templates/paybond-openai-agents-demo/package-lock.json +7 -7
- package/templates/paybond-procurement-agent/package-lock.json +4 -4
- package/templates/paybond-travel-agent/package-lock.json +7 -7
- package/templates/paybond-vercel-shopping-agent/package-lock.json +4 -4
package/dist/agent/types.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { AgentReceiptExternalAttestationV1 } from "../agent-receipt.js";
|
|
1
2
|
/** Context passed to evidence mappers after a successful side-effecting tool call. */
|
|
2
3
|
export type PaybondToolCallContext = {
|
|
3
4
|
toolName: string;
|
|
@@ -9,6 +10,8 @@ export type PaybondToolCallContext = {
|
|
|
9
10
|
export type PaybondSpendResolver<TArgs = unknown> = (args: TArgs) => number | undefined;
|
|
10
11
|
/** Customize auto-evidence payload extraction from a tool result. */
|
|
11
12
|
export type PaybondEvidenceMapper<TResult = unknown> = (result: TResult, ctx: PaybondToolCallContext) => Record<string, unknown>;
|
|
13
|
+
/** Optional partner attestation material for Agent Receipt `external_attestations`. */
|
|
14
|
+
export type PaybondExternalAttestationMapper<TResult = unknown> = (result: TResult, ctx: PaybondToolCallContext) => PaybondExternalAttestationInput | PaybondExternalAttestationInput[] | undefined;
|
|
12
15
|
/** Policy for one registered side-effecting tool. */
|
|
13
16
|
export type PaybondSideEffectingToolPolicy<TArgs = unknown, TResult = unknown> = {
|
|
14
17
|
/** Harbor `allowed_tools` operation; defaults to the registry key (tool name). */
|
|
@@ -17,6 +20,7 @@ export type PaybondSideEffectingToolPolicy<TArgs = unknown, TResult = unknown> =
|
|
|
17
20
|
/** Required completion catalog preset id for auto-evidence. */
|
|
18
21
|
evidencePreset: string;
|
|
19
22
|
evidenceMapper?: PaybondEvidenceMapper<TResult>;
|
|
23
|
+
externalAttestationMapper?: PaybondExternalAttestationMapper<TResult>;
|
|
20
24
|
};
|
|
21
25
|
export type PaybondToolRegistryConfig = {
|
|
22
26
|
sideEffecting?: Record<string, PaybondSideEffectingToolPolicy>;
|
|
@@ -29,6 +33,7 @@ export type PaybondSideEffectingToolEntry = {
|
|
|
29
33
|
spendCents?: number | PaybondSpendResolver;
|
|
30
34
|
evidencePreset: string;
|
|
31
35
|
evidenceMapper?: PaybondEvidenceMapper;
|
|
36
|
+
externalAttestationMapper?: PaybondExternalAttestationMapper;
|
|
32
37
|
};
|
|
33
38
|
export type PaybondToolResolution = {
|
|
34
39
|
kind: "passthrough";
|
|
@@ -50,6 +55,8 @@ export declare class PaybondToolRegistryValidationError extends Error {
|
|
|
50
55
|
import type { PaybondToolRegistry } from "./registry.js";
|
|
51
56
|
import type { PaybondPolicySnapshot } from "../policy/snapshot.js";
|
|
52
57
|
import type { PaybondPolicyReloadBindConfig } from "../policy/reload.js";
|
|
58
|
+
import type { AgentReceiptV1 } from "../agent-receipt.js";
|
|
59
|
+
import type { PaybondExternalAttestationInput } from "../agent-receipt-external-attestations.js";
|
|
53
60
|
/** Spend authorization input forwarded to the run-bound guard. */
|
|
54
61
|
export type PaybondRunGuardAuthInput = {
|
|
55
62
|
operation: string;
|
|
@@ -63,6 +70,54 @@ export type PaybondRunGuardAuthInput = {
|
|
|
63
70
|
agentSubject?: string;
|
|
64
71
|
approvalToken?: string;
|
|
65
72
|
idempotencyKey?: string;
|
|
73
|
+
/** Agent Receipt Standard context forwarded to Gateway `/verify` for audit correlation. */
|
|
74
|
+
modelFamily?: string;
|
|
75
|
+
configHashHex?: string;
|
|
76
|
+
promptHashHex?: string;
|
|
77
|
+
};
|
|
78
|
+
/**
|
|
79
|
+
* Materials to auto-compute `config_hash_hex` as `sha256(JCS({ system_prompt, tools_manifest,
|
|
80
|
+
* policy_snapshot_id }))` per the Agent Receipt Standard spec. `policySnapshotId` defaults to
|
|
81
|
+
* the bound policy snapshot digest (without the `sha256:` prefix) when omitted.
|
|
82
|
+
*/
|
|
83
|
+
export type PaybondRunConfigHashMaterials = {
|
|
84
|
+
systemPrompt: string;
|
|
85
|
+
toolsManifest: unknown;
|
|
86
|
+
policySnapshotId?: string;
|
|
87
|
+
};
|
|
88
|
+
/**
|
|
89
|
+
* Optional agent identity/config context for {@link PaybondAgentRun.bind}. Threaded onto every
|
|
90
|
+
* spend verify call and used to compose the unsigned Agent Receipt Standard draft returned from
|
|
91
|
+
* {@link PaybondToolInterceptor.wrapExecute}. Raw prompts are hashed locally and never retained
|
|
92
|
+
* or transmitted; only `promptHashHex` is kept on the resolved binding.
|
|
93
|
+
*/
|
|
94
|
+
export type PaybondRunAgentContextInput = {
|
|
95
|
+
modelFamily: string;
|
|
96
|
+
modelInstanceId?: string;
|
|
97
|
+
/** Precomputed sha256 hex digest; mutually exclusive with {@link configHashMaterials}. */
|
|
98
|
+
configHashHex?: string;
|
|
99
|
+
/** Auto-computed into `configHashHex` at bind time when `configHashHex` is omitted. */
|
|
100
|
+
configHashMaterials?: PaybondRunConfigHashMaterials;
|
|
101
|
+
/** Precomputed sha256 hex digest; mutually exclusive with {@link normalizedUserPrompt}. */
|
|
102
|
+
promptHashHex?: string;
|
|
103
|
+
/** Hashed locally at bind time into `promptHashHex`; never stored or transmitted raw. */
|
|
104
|
+
normalizedUserPrompt?: string;
|
|
105
|
+
/** Agent receipt `authorization.principal_did`; omitted from receipt drafts when unset. */
|
|
106
|
+
principalDid?: string;
|
|
107
|
+
/** Agent receipt `authorization.agent.operator_did`; omitted from receipt drafts when unset. */
|
|
108
|
+
operatorDid?: string;
|
|
109
|
+
/** Agent receipt `authorization.policy.template_id`; omitted from receipt drafts when unset. */
|
|
110
|
+
policyTemplateId?: string;
|
|
111
|
+
};
|
|
112
|
+
/** Resolved agent context stored on the run binding after bind-time hash computation. */
|
|
113
|
+
export type PaybondRunAgentContext = {
|
|
114
|
+
modelFamily: string;
|
|
115
|
+
modelInstanceId?: string;
|
|
116
|
+
configHashHex?: string;
|
|
117
|
+
promptHashHex?: string;
|
|
118
|
+
principalDid?: string;
|
|
119
|
+
operatorDid?: string;
|
|
120
|
+
policyTemplateId?: string;
|
|
66
121
|
};
|
|
67
122
|
/** Spend authorization result from Harbor verify. */
|
|
68
123
|
export type PaybondRunGuardAuthResult = {
|
|
@@ -116,6 +171,10 @@ export type PaybondInterceptEvidenceResult = {
|
|
|
116
171
|
predicatePassed?: boolean | null;
|
|
117
172
|
sandboxLifecycleStatus?: string;
|
|
118
173
|
intentState?: string;
|
|
174
|
+
/** sha256 hex digest of the submitted evidence payload, when returned by Harbor. */
|
|
175
|
+
payloadDigestSha256Hex?: string;
|
|
176
|
+
/** sha256 hex digest of submitted evidence artifacts, when returned by Harbor. */
|
|
177
|
+
artifactsDigestSha256Hex?: string;
|
|
119
178
|
};
|
|
120
179
|
export type PaybondInterceptWrapExecuteResult<TResult> = {
|
|
121
180
|
toolResult: TResult;
|
|
@@ -126,6 +185,12 @@ export type PaybondInterceptWrapExecuteResult<TResult> = {
|
|
|
126
185
|
policyDigest?: string;
|
|
127
186
|
};
|
|
128
187
|
evidence?: PaybondInterceptEvidenceResult;
|
|
188
|
+
/**
|
|
189
|
+
* Unsigned Agent Receipt Standard draft (Phase 1: composed locally, never signed or persisted).
|
|
190
|
+
* Omitted when required context (agentContext hashes, principal/operator DID, policy template,
|
|
191
|
+
* decision id) is unavailable — receipt composition is always best-effort and never throws.
|
|
192
|
+
*/
|
|
193
|
+
receiptDraft?: AgentReceiptV1;
|
|
129
194
|
};
|
|
130
195
|
export type PaybondInterceptWrapExecuteInput<TResult> = {
|
|
131
196
|
toolName: string;
|
|
@@ -241,6 +306,7 @@ export type PaybondTraceEvidenceSubmittedEvent = {
|
|
|
241
306
|
evidencePreset?: string;
|
|
242
307
|
sandboxLifecycleStatus?: string;
|
|
243
308
|
predicatePassed?: boolean | null;
|
|
309
|
+
externalAttestations?: AgentReceiptExternalAttestationV1[];
|
|
244
310
|
recordedAt: string;
|
|
245
311
|
};
|
|
246
312
|
export type PaybondTraceSpendFinalizedEvent = {
|
|
@@ -275,6 +341,8 @@ export type PaybondRunBinding = {
|
|
|
275
341
|
policySnapshot?: PaybondPolicySnapshot;
|
|
276
342
|
/** Optional trace sink for dev observability (see {@link PaybondAgentRunBindInput.traceSink}). */
|
|
277
343
|
onTrace?: PaybondTraceSink;
|
|
344
|
+
/** Resolved Agent Receipt Standard context, when bound with {@link PaybondAgentRunBindInput.agentContext}. */
|
|
345
|
+
agentContext?: PaybondRunAgentContext;
|
|
278
346
|
};
|
|
279
347
|
export type PaybondAgentRunBindInput = {
|
|
280
348
|
bootstrap?: PaybondRunBindingSandboxBootstrapInput;
|
|
@@ -295,6 +363,8 @@ export type PaybondAgentRunBindInput = {
|
|
|
295
363
|
traceSink?: PaybondTraceSink;
|
|
296
364
|
/** @deprecated Use {@link PaybondAgentRunBindInput.traceSink}. */
|
|
297
365
|
onTrace?: PaybondTraceSink;
|
|
366
|
+
/** Optional Agent Receipt Standard agent identity/config context (see {@link PaybondRunAgentContextInput}). */
|
|
367
|
+
agentContext?: PaybondRunAgentContextInput;
|
|
298
368
|
};
|
|
299
369
|
export declare class PaybondAgentRunBindError extends Error {
|
|
300
370
|
constructor(message: string);
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Maps partner attestation artifacts into Agent Receipt `external_attestations` entries.
|
|
3
|
+
*
|
|
4
|
+
* Partner digests are SHA-256 of canonical JSON (signature fields stripped for SEP-2828).
|
|
5
|
+
* These entries are never canonical inside Paybond; they provide interop hooks only.
|
|
6
|
+
*/
|
|
7
|
+
import type { AgentReceiptExternalAttestationV1 } from "./agent-receipt.js";
|
|
8
|
+
export declare const AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828 = "sep2828_mcp";
|
|
9
|
+
export declare const AGENT_RECEIPT_EXTERNAL_SOURCE_X402 = "x402";
|
|
10
|
+
/** SHA-256 hex digest of canonical JSON bytes. */
|
|
11
|
+
export declare function partnerRecordDigestSha256Hex(record: Record<string, unknown>): string;
|
|
12
|
+
/**
|
|
13
|
+
* Converts verified SEP-2828 decision/outcome records into external attestation entries.
|
|
14
|
+
*/
|
|
15
|
+
export declare function sep2828RecordsToExternalAttestations(decisionInput: Record<string, unknown>, outcomeInput: Record<string, unknown>): AgentReceiptExternalAttestationV1[];
|
|
16
|
+
/**
|
|
17
|
+
* Converts a verified x402 signed delivery receipt into one external attestation entry.
|
|
18
|
+
*/
|
|
19
|
+
export declare function x402ReceiptToExternalAttestations(receiptInput: Record<string, unknown>): AgentReceiptExternalAttestationV1[];
|
|
20
|
+
export type PaybondExternalAttestationInput = {
|
|
21
|
+
kind: "sep2828";
|
|
22
|
+
decision: Record<string, unknown>;
|
|
23
|
+
outcome: Record<string, unknown>;
|
|
24
|
+
} | {
|
|
25
|
+
kind: "x402";
|
|
26
|
+
receipt: Record<string, unknown>;
|
|
27
|
+
} | AgentReceiptExternalAttestationV1;
|
|
28
|
+
/** Resolves pre-built or partner-native attestation inputs into normalized receipt entries. */
|
|
29
|
+
export declare function resolveExternalAttestations(inputs: readonly PaybondExternalAttestationInput[]): AgentReceiptExternalAttestationV1[];
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Maps partner attestation artifacts into Agent Receipt `external_attestations` entries.
|
|
3
|
+
*
|
|
4
|
+
* Partner digests are SHA-256 of canonical JSON (signature fields stripped for SEP-2828).
|
|
5
|
+
* These entries are never canonical inside Paybond; they provide interop hooks only.
|
|
6
|
+
*/
|
|
7
|
+
import { createHash } from "node:crypto";
|
|
8
|
+
import { normalizeJson } from "./json-digest.js";
|
|
9
|
+
import { stripDigestPrefix } from "./mcp-sep2828-evidence.js";
|
|
10
|
+
import { verifySep2828ReceiptPair } from "./sep2828-signature.js";
|
|
11
|
+
import { buildX402ReceiptDigestPayload, } from "./x402-receipt-evidence.js";
|
|
12
|
+
import { extractSignedX402Receipt, verifySignedX402Receipt } from "./x402-receipt-signature.js";
|
|
13
|
+
export const AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828 = "sep2828_mcp";
|
|
14
|
+
export const AGENT_RECEIPT_EXTERNAL_SOURCE_X402 = "x402";
|
|
15
|
+
const SEP2828_SIGNATURE_KEYS = new Set([
|
|
16
|
+
"signature",
|
|
17
|
+
"ed25519_signature_hex",
|
|
18
|
+
"message_digest_sha256_hex",
|
|
19
|
+
"signing_public_key_ed25519_hex",
|
|
20
|
+
]);
|
|
21
|
+
const SEP2828_ASSERTED_BLOCKS = ["issuerAsserted", "receiptAsserted"];
|
|
22
|
+
function readObject(value) {
|
|
23
|
+
if (value !== null && typeof value === "object" && !Array.isArray(value)) {
|
|
24
|
+
return value;
|
|
25
|
+
}
|
|
26
|
+
return undefined;
|
|
27
|
+
}
|
|
28
|
+
function canonicalJsonBytes(value) {
|
|
29
|
+
return new TextEncoder().encode(JSON.stringify(normalizeJson(value)));
|
|
30
|
+
}
|
|
31
|
+
/** SHA-256 hex digest of canonical JSON bytes. */
|
|
32
|
+
export function partnerRecordDigestSha256Hex(record) {
|
|
33
|
+
return createHash("sha256").update(Buffer.from(canonicalJsonBytes(record))).digest("hex");
|
|
34
|
+
}
|
|
35
|
+
function stripSep2828SignatureFields(record) {
|
|
36
|
+
const out = {};
|
|
37
|
+
for (const [key, value] of Object.entries(record)) {
|
|
38
|
+
if (SEP2828_SIGNATURE_KEYS.has(key)) {
|
|
39
|
+
continue;
|
|
40
|
+
}
|
|
41
|
+
if (SEP2828_ASSERTED_BLOCKS.includes(key)) {
|
|
42
|
+
const asserted = readObject(value);
|
|
43
|
+
if (!asserted) {
|
|
44
|
+
continue;
|
|
45
|
+
}
|
|
46
|
+
const stripped = {};
|
|
47
|
+
for (const [innerKey, innerValue] of Object.entries(asserted)) {
|
|
48
|
+
if (!SEP2828_SIGNATURE_KEYS.has(innerKey)) {
|
|
49
|
+
stripped[innerKey] = innerValue;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
if (Object.keys(stripped).length > 0) {
|
|
53
|
+
out[key] = stripped;
|
|
54
|
+
}
|
|
55
|
+
continue;
|
|
56
|
+
}
|
|
57
|
+
out[key] = value;
|
|
58
|
+
}
|
|
59
|
+
return out;
|
|
60
|
+
}
|
|
61
|
+
function sep2828RecordDigest(record) {
|
|
62
|
+
return partnerRecordDigestSha256Hex(stripSep2828SignatureFields(record));
|
|
63
|
+
}
|
|
64
|
+
function x402PayloadDigestSha256Hex(payload) {
|
|
65
|
+
return partnerRecordDigestSha256Hex(payload);
|
|
66
|
+
}
|
|
67
|
+
/**
|
|
68
|
+
* Converts verified SEP-2828 decision/outcome records into external attestation entries.
|
|
69
|
+
*/
|
|
70
|
+
export function sep2828RecordsToExternalAttestations(decisionInput, outcomeInput) {
|
|
71
|
+
verifySep2828ReceiptPair(decisionInput, outcomeInput);
|
|
72
|
+
const decisionBackLink = readObject(decisionInput.backLink);
|
|
73
|
+
const referenceID = typeof decisionBackLink?.attestationDigest === "string"
|
|
74
|
+
? stripDigestPrefix(decisionBackLink.attestationDigest)
|
|
75
|
+
: undefined;
|
|
76
|
+
return [
|
|
77
|
+
{
|
|
78
|
+
source: AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828,
|
|
79
|
+
kind: "decision_record",
|
|
80
|
+
digest_sha256_hex: sep2828RecordDigest(decisionInput),
|
|
81
|
+
reference_id: referenceID,
|
|
82
|
+
},
|
|
83
|
+
{
|
|
84
|
+
source: AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828,
|
|
85
|
+
kind: "outcome_record",
|
|
86
|
+
digest_sha256_hex: sep2828RecordDigest(outcomeInput),
|
|
87
|
+
reference_id: referenceID,
|
|
88
|
+
},
|
|
89
|
+
];
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Converts a verified x402 signed delivery receipt into one external attestation entry.
|
|
93
|
+
*/
|
|
94
|
+
export function x402ReceiptToExternalAttestations(receiptInput) {
|
|
95
|
+
const signed = extractSignedX402Receipt(receiptInput);
|
|
96
|
+
const verifiedPayload = verifySignedX402Receipt(signed);
|
|
97
|
+
const payload = buildX402ReceiptDigestPayload(verifiedPayload);
|
|
98
|
+
return [
|
|
99
|
+
{
|
|
100
|
+
source: AGENT_RECEIPT_EXTERNAL_SOURCE_X402,
|
|
101
|
+
kind: "delivery_receipt_v1",
|
|
102
|
+
digest_sha256_hex: x402PayloadDigestSha256Hex(payload),
|
|
103
|
+
reference_id: payload.resourceUrl,
|
|
104
|
+
},
|
|
105
|
+
];
|
|
106
|
+
}
|
|
107
|
+
/** Resolves pre-built or partner-native attestation inputs into normalized receipt entries. */
|
|
108
|
+
export function resolveExternalAttestations(inputs) {
|
|
109
|
+
const out = [];
|
|
110
|
+
for (const input of inputs) {
|
|
111
|
+
if ("source" in input && "digest_sha256_hex" in input) {
|
|
112
|
+
out.push(input);
|
|
113
|
+
continue;
|
|
114
|
+
}
|
|
115
|
+
if (input.kind === "sep2828") {
|
|
116
|
+
out.push(...sep2828RecordsToExternalAttestations(input.decision, input.outcome));
|
|
117
|
+
continue;
|
|
118
|
+
}
|
|
119
|
+
if (input.kind === "x402") {
|
|
120
|
+
out.push(...x402ReceiptToExternalAttestations(input.receipt));
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
return out;
|
|
124
|
+
}
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
export declare const AGENT_RECEIPT_SCHEMA_VERSION = 1;
|
|
2
|
+
export declare const AGENT_RECEIPT_KIND_V1 = "paybond.agent_receipt_v1";
|
|
3
|
+
export declare const AGENT_RECEIPT_VERSION_V1 = "1";
|
|
4
|
+
export declare const AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519 = "ed25519-sha256-json-v1";
|
|
5
|
+
export declare const AGENT_RECEIPT_SCOPE_ACTION = "action";
|
|
6
|
+
export declare const AGENT_RECEIPT_SCOPE_INTENT_TERMINAL = "intent_terminal";
|
|
7
|
+
export declare const AGENT_RECEIPT_WELL_KNOWN_PATH = "/.well-known/agent-receipt-v1.json";
|
|
8
|
+
export type AgentReceiptAgentV1 = {
|
|
9
|
+
operator_did: string;
|
|
10
|
+
model_family: string;
|
|
11
|
+
model_instance_id?: string;
|
|
12
|
+
config_hash_sha256_hex: string;
|
|
13
|
+
prompt_hash_sha256_hex: string;
|
|
14
|
+
deployment_epoch?: number;
|
|
15
|
+
};
|
|
16
|
+
export type AgentReceiptPolicyV1 = {
|
|
17
|
+
template_id: string;
|
|
18
|
+
version_seq?: number;
|
|
19
|
+
content_digest_sha256_hex: string;
|
|
20
|
+
spend_policy_version?: number;
|
|
21
|
+
};
|
|
22
|
+
export type AgentReceiptAuthorizationV1 = {
|
|
23
|
+
principal_did: string;
|
|
24
|
+
actor_subject: string;
|
|
25
|
+
agent: AgentReceiptAgentV1;
|
|
26
|
+
decision_id: string;
|
|
27
|
+
audit_id?: string;
|
|
28
|
+
policy: AgentReceiptPolicyV1;
|
|
29
|
+
authorized_at: string;
|
|
30
|
+
requested_spend_cents: number;
|
|
31
|
+
currency: string;
|
|
32
|
+
reason_codes?: string[];
|
|
33
|
+
};
|
|
34
|
+
export type AgentReceiptExecutionV1 = {
|
|
35
|
+
run_id: string;
|
|
36
|
+
tool_call_id: string;
|
|
37
|
+
tool_name: string;
|
|
38
|
+
operation: string;
|
|
39
|
+
arguments_digest_sha256_hex: string;
|
|
40
|
+
result_digest_sha256_hex?: string;
|
|
41
|
+
outcome: "executed" | "denied" | "skipped" | "failed";
|
|
42
|
+
started_at: string;
|
|
43
|
+
completed_at: string;
|
|
44
|
+
duration_ms?: number;
|
|
45
|
+
};
|
|
46
|
+
export type AgentReceiptMerchantV1 = {
|
|
47
|
+
payee_did: string;
|
|
48
|
+
vendor_id?: string;
|
|
49
|
+
vendor_ref_id?: string;
|
|
50
|
+
};
|
|
51
|
+
export type AgentReceiptEvidenceV1 = {
|
|
52
|
+
completion_preset_id: string;
|
|
53
|
+
payload_digest_sha256_hex: string;
|
|
54
|
+
artifacts_digest_sha256_hex?: string;
|
|
55
|
+
predicate_passed: boolean;
|
|
56
|
+
payee_did: string;
|
|
57
|
+
payee_signature_digest_sha256_hex?: string;
|
|
58
|
+
};
|
|
59
|
+
export type AgentReceiptPaymentV1 = {
|
|
60
|
+
intent_id: string;
|
|
61
|
+
settlement_rail: string;
|
|
62
|
+
funding_method?: string;
|
|
63
|
+
funding_reference?: string;
|
|
64
|
+
funding_receipt_digest_sha256_hex?: string;
|
|
65
|
+
};
|
|
66
|
+
export type AgentReceiptOutcomeV1 = {
|
|
67
|
+
harbor_state: string;
|
|
68
|
+
spend_reservation_outcome?: "consumed" | "released" | "pending" | "none";
|
|
69
|
+
predicate_passed?: boolean;
|
|
70
|
+
};
|
|
71
|
+
export type AgentReceiptReferencesV1 = {
|
|
72
|
+
intent_id: string;
|
|
73
|
+
ledger_seq?: number;
|
|
74
|
+
settlement_receipt_id?: string | null;
|
|
75
|
+
};
|
|
76
|
+
export type AgentReceiptExternalAttestationV1 = {
|
|
77
|
+
source: string;
|
|
78
|
+
kind: string;
|
|
79
|
+
digest_sha256_hex: string;
|
|
80
|
+
reference_id?: string;
|
|
81
|
+
};
|
|
82
|
+
export type AgentReceiptOperatorAttestationV1 = {
|
|
83
|
+
operator_did: string;
|
|
84
|
+
signing_public_key_ed25519_hex: string;
|
|
85
|
+
message_digest_sha256_hex: string;
|
|
86
|
+
ed25519_signature_hex: string;
|
|
87
|
+
};
|
|
88
|
+
export type AgentReceiptV1 = {
|
|
89
|
+
schema_version: number;
|
|
90
|
+
kind: string;
|
|
91
|
+
receipt_version: string;
|
|
92
|
+
scope: typeof AGENT_RECEIPT_SCOPE_ACTION | typeof AGENT_RECEIPT_SCOPE_INTENT_TERMINAL;
|
|
93
|
+
receipt_id: string;
|
|
94
|
+
issued_at: string;
|
|
95
|
+
tenant_id: string;
|
|
96
|
+
authorization: AgentReceiptAuthorizationV1;
|
|
97
|
+
execution?: AgentReceiptExecutionV1;
|
|
98
|
+
merchant?: AgentReceiptMerchantV1;
|
|
99
|
+
evidence?: AgentReceiptEvidenceV1;
|
|
100
|
+
payment?: AgentReceiptPaymentV1;
|
|
101
|
+
outcome: AgentReceiptOutcomeV1;
|
|
102
|
+
references: AgentReceiptReferencesV1;
|
|
103
|
+
external_attestations: AgentReceiptExternalAttestationV1[];
|
|
104
|
+
operator_attestation?: AgentReceiptOperatorAttestationV1;
|
|
105
|
+
signing_algorithm: string;
|
|
106
|
+
message_digest_sha256_hex: string;
|
|
107
|
+
signing_public_key_ed25519_hex: string;
|
|
108
|
+
ed25519_signature_hex: string;
|
|
109
|
+
};
|
|
110
|
+
export type ConfigHashInput = {
|
|
111
|
+
system_prompt: string;
|
|
112
|
+
tools_manifest: unknown;
|
|
113
|
+
policy_snapshot_id: string;
|
|
114
|
+
};
|
|
115
|
+
/** Returns sha256(JCS({ system_prompt, tools_manifest, policy_snapshot_id })). */
|
|
116
|
+
export declare function configHashSha256Hex(input: ConfigHashInput): string;
|
|
117
|
+
/** Returns sha256(normalized_user_prompt). */
|
|
118
|
+
export declare function promptHashSha256Hex(normalizedUserPrompt: string): string;
|
|
119
|
+
/** Returns sha256(JCS(value)). */
|
|
120
|
+
export declare function valueDigestSha256Hex(value: unknown): string;
|
|
121
|
+
/** Returns sha256(intent_id + "\\x00" + tool_call_id) as lowercase hex. */
|
|
122
|
+
export declare function actionReceiptId(intentId: string, toolCallId: string): string;
|
|
123
|
+
/** Returns canonical signing bytes for a normalized receipt body. */
|
|
124
|
+
export declare function canonicalAgentReceiptBytes(receipt: AgentReceiptV1): Uint8Array;
|
|
125
|
+
/**
|
|
126
|
+
* Returns sha256(canonical receipt bytes) as lowercase hex, ignoring any existing
|
|
127
|
+
* `message_digest_sha256_hex` on the input. Used to compose unsigned receipt drafts
|
|
128
|
+
* (Agent Receipt Standard Phase 1) and to compute the digest signers must sign over.
|
|
129
|
+
*/
|
|
130
|
+
export declare function agentReceiptMessageDigestSha256Hex(receipt: AgentReceiptV1): string;
|
|
131
|
+
/** Validates structure, receipt_id derivation, digest, and detached Ed25519 signature. */
|
|
132
|
+
export declare function verifyAgentReceiptV1(receipt: AgentReceiptV1): Promise<AgentReceiptV1>;
|
|
133
|
+
/** Attach an optional operator counter-signature over the Gateway message digest. */
|
|
134
|
+
export declare function attachOperatorAttestationV1(receipt: AgentReceiptV1, operatorPrivateKeyHex: string, operatorDid: string): Promise<AgentReceiptV1>;
|