@paybond/kit 0.11.11 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/completion-presets/catalog.json +10 -5
- package/completion-presets/catalog.sha256 +1 -1
- package/dist/agent/index.d.ts +2 -1
- package/dist/agent/index.js +1 -0
- package/dist/agent/interceptor.d.ts +9 -0
- package/dist/agent/interceptor.js +177 -1
- package/dist/agent/receipt-client.d.ts +49 -0
- package/dist/agent/receipt-client.js +45 -0
- package/dist/agent/registry.js +1 -0
- package/dist/agent/run.d.ts +2 -0
- package/dist/agent/run.js +52 -0
- package/dist/agent/types.d.ts +70 -0
- package/dist/agent-receipt-external-attestations.d.ts +29 -0
- package/dist/agent-receipt-external-attestations.js +124 -0
- package/dist/agent-receipt.d.ts +134 -0
- package/dist/agent-receipt.js +580 -0
- package/dist/audit/exports.d.ts +15 -1
- package/dist/audit/exports.js +55 -8
- package/dist/audit/index.d.ts +2 -2
- package/dist/audit/wire.d.ts +12 -0
- package/dist/audit/wire.js +13 -1
- package/dist/cli/command-spec.js +4 -2
- package/dist/cli/commands/discovery.js +17 -6
- package/dist/cli/help.d.ts +1 -1
- package/dist/cli/help.js +3 -3
- package/dist/completion-catalog-digest.d.ts +1 -1
- package/dist/completion-catalog-digest.js +1 -1
- package/dist/index.d.ts +83 -7
- package/dist/index.js +180 -13
- package/dist/mcp-receipt-resource.d.ts +10 -0
- package/dist/mcp-receipt-resource.js +32 -0
- package/dist/mcp-server.d.ts +6 -0
- package/dist/mcp-server.js +62 -1
- package/dist/mpp-commercial.d.ts +19 -0
- package/dist/mpp-commercial.js +34 -0
- package/dist/mpp-funding.d.ts +71 -0
- package/dist/mpp-funding.js +192 -0
- package/dist/payment-transport.d.ts +30 -0
- package/dist/payment-transport.js +56 -0
- package/dist/policy/intent-spec.js +2 -0
- package/dist/principal-intent.d.ts +1 -1
- package/dist/principal-intent.js +4 -1
- package/package.json +1 -1
- package/templates/openai-shopping-agent/package-lock.json +7 -7
- package/templates/paybond-aws-operator/package-lock.json +4 -4
- package/templates/paybond-claude-agents-demo/package-lock.json +7 -7
- package/templates/paybond-mastra-travel-agent/package-lock.json +10 -10
- package/templates/paybond-mcp-coding-agent/package-lock.json +4 -4
- package/templates/paybond-openai-agents-demo/package-lock.json +7 -7
- package/templates/paybond-procurement-agent/package-lock.json +4 -4
- package/templates/paybond-travel-agent/package-lock.json +7 -7
- package/templates/paybond-vercel-shopping-agent/package-lock.json +4 -4
package/dist/audit/exports.js
CHANGED
|
@@ -34,22 +34,28 @@ export class GatewayAuditExportsClient {
|
|
|
34
34
|
async getJson(path) {
|
|
35
35
|
return this.requestJSON("GET", path);
|
|
36
36
|
}
|
|
37
|
+
async postJson(path, body) {
|
|
38
|
+
return this.requestJSON("POST", path, body);
|
|
39
|
+
}
|
|
37
40
|
async deleteJson(path) {
|
|
38
41
|
return this.requestJSON("DELETE", path);
|
|
39
42
|
}
|
|
40
|
-
async requestJSON(method, path) {
|
|
43
|
+
async requestJSON(method, path, body) {
|
|
41
44
|
const url = `${this.base}${path.replace(/^\//, "")}`;
|
|
42
45
|
let lastErr;
|
|
43
46
|
for (let attempt = 0; attempt < this.maxRetries; attempt++) {
|
|
44
47
|
let res;
|
|
45
48
|
try {
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
49
|
+
const headers = {
|
|
50
|
+
accept: "application/json",
|
|
51
|
+
authorization: `Bearer ${this.bearerToken}`,
|
|
52
|
+
};
|
|
53
|
+
const init = { method, headers };
|
|
54
|
+
if (method === "POST") {
|
|
55
|
+
headers["content-type"] = "application/json";
|
|
56
|
+
init.body = JSON.stringify(body ?? {});
|
|
57
|
+
}
|
|
58
|
+
res = await fetch(url, init);
|
|
53
59
|
}
|
|
54
60
|
catch (err) {
|
|
55
61
|
lastErr = err;
|
|
@@ -80,6 +86,36 @@ export class GatewayAuditExportsClient {
|
|
|
80
86
|
throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
|
|
81
87
|
}
|
|
82
88
|
}
|
|
89
|
+
function buildAuditExportCreateBody(params) {
|
|
90
|
+
const filter = {};
|
|
91
|
+
const f = params.filter;
|
|
92
|
+
if (f.time_start?.trim()) {
|
|
93
|
+
filter.time_start = f.time_start.trim();
|
|
94
|
+
}
|
|
95
|
+
if (f.time_end?.trim()) {
|
|
96
|
+
filter.time_end = f.time_end.trim();
|
|
97
|
+
}
|
|
98
|
+
if (f.intent_id?.trim()) {
|
|
99
|
+
filter.intent_id = f.intent_id.trim();
|
|
100
|
+
}
|
|
101
|
+
if (f.case_id?.trim()) {
|
|
102
|
+
filter.case_id = f.case_id.trim();
|
|
103
|
+
}
|
|
104
|
+
if (f.operator_did?.trim()) {
|
|
105
|
+
filter.operator_did = f.operator_did.trim();
|
|
106
|
+
}
|
|
107
|
+
if (f.includes && f.includes.length > 0) {
|
|
108
|
+
filter.includes = [...f.includes];
|
|
109
|
+
}
|
|
110
|
+
const body = {
|
|
111
|
+
filter,
|
|
112
|
+
disclosure_tier: params.disclosureTier ?? "standard",
|
|
113
|
+
};
|
|
114
|
+
if (params.retentionHours != null && params.retentionHours > 0) {
|
|
115
|
+
body.retention_hours = params.retentionHours;
|
|
116
|
+
}
|
|
117
|
+
return body;
|
|
118
|
+
}
|
|
83
119
|
/**
|
|
84
120
|
* SDK surface for compliance audit export jobs and local bundle verification.
|
|
85
121
|
*/
|
|
@@ -111,6 +147,17 @@ export class PaybondAuditExports {
|
|
|
111
147
|
const body = await this.gateway.getJson(`/v1/compliance/audit-exports/${encodeURIComponent(jobId)}${query}`);
|
|
112
148
|
return parseAuditExportJobGet(body);
|
|
113
149
|
}
|
|
150
|
+
/**
|
|
151
|
+
* Create a compliance audit export job (`POST /v1/compliance/audit-exports`).
|
|
152
|
+
* Tenant scope comes from the API key — never pass a tenant id.
|
|
153
|
+
*/
|
|
154
|
+
async create(params) {
|
|
155
|
+
if (!this.gateway.postJson) {
|
|
156
|
+
throw new Error("audit export create is not supported by this gateway adapter");
|
|
157
|
+
}
|
|
158
|
+
const body = await this.gateway.postJson("/v1/compliance/audit-exports", buildAuditExportCreateBody(params));
|
|
159
|
+
return parseAuditExportJobGet(body);
|
|
160
|
+
}
|
|
114
161
|
async delete(jobId) {
|
|
115
162
|
if (!this.gateway.deleteJson) {
|
|
116
163
|
throw new Error("audit export delete is not supported by this gateway adapter");
|
package/dist/audit/index.d.ts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export { GatewayAuditExportsClient, PaybondAudit, PaybondAuditExports, type AuditExportsGateway, type GatewayAuditExportsClientOptions, type PaybondAuditExportsGetParams, type PaybondAuditExportsListParams, } from "./exports.js";
|
|
1
|
+
export { GatewayAuditExportsClient, PaybondAudit, PaybondAuditExports, type AuditExportsGateway, type GatewayAuditExportsClientOptions, type PaybondAuditExportsCreateParams, type PaybondAuditExportsGetParams, type PaybondAuditExportsListParams, } from "./exports.js";
|
|
2
2
|
export { auditVerifyResult, buildManifestCore, manifestCoreBytes, readManifestFromBundle, verifyAuditBundleLocal, verifyAuditManifest, MANIFEST_CORE_FIELD_ORDER, } from "./verify.js";
|
|
3
|
-
export { parseAuditExportJobGet, parseAuditExportList, type AuditExportJobDetail, type AuditExportJobGetResponse, type AuditExportJobSummary, type AuditExportListPage, type AuditVerifyResult, } from "./wire.js";
|
|
3
|
+
export { parseAuditExportJobGet, parseAuditExportList, type AuditExportCreateFilter, type AuditExportJobDetail, type AuditExportJobGetResponse, type AuditExportJobSummary, type AuditExportListPage, type AuditVerifyResult, } from "./wire.js";
|
package/dist/audit/wire.d.ts
CHANGED
|
@@ -14,6 +14,14 @@ export type AuditExportListPage = Readonly<{
|
|
|
14
14
|
jobs: ReadonlyArray<AuditExportJobSummary>;
|
|
15
15
|
next_cursor?: string;
|
|
16
16
|
}>;
|
|
17
|
+
export type AuditExportCreateFilter = Readonly<{
|
|
18
|
+
time_start?: string;
|
|
19
|
+
time_end?: string;
|
|
20
|
+
intent_id?: string;
|
|
21
|
+
case_id?: string;
|
|
22
|
+
operator_did?: string;
|
|
23
|
+
includes?: ReadonlyArray<string>;
|
|
24
|
+
}>;
|
|
17
25
|
export type AuditExportJobDetail = Readonly<{
|
|
18
26
|
id: string;
|
|
19
27
|
status: string;
|
|
@@ -25,6 +33,10 @@ export type AuditExportJobDetail = Readonly<{
|
|
|
25
33
|
manifest_sha256: string;
|
|
26
34
|
bundle_sha256: string;
|
|
27
35
|
download_token?: string;
|
|
36
|
+
/** Present on `POST /v1/compliance/audit-exports` create responses. */
|
|
37
|
+
bundle_size_bytes?: number;
|
|
38
|
+
download_token_expires?: string;
|
|
39
|
+
download_path?: string;
|
|
28
40
|
}>;
|
|
29
41
|
export type AuditExportJobGetResponse = Readonly<{
|
|
30
42
|
job: AuditExportJobDetail;
|
package/dist/audit/wire.js
CHANGED
|
@@ -52,17 +52,29 @@ export function parseAuditExportJobGet(json) {
|
|
|
52
52
|
assertJsonObject(json);
|
|
53
53
|
const jobRaw = json.job ?? json;
|
|
54
54
|
assertJsonObject(jobRaw);
|
|
55
|
+
const bundleSize = typeof jobRaw.bundle_size_bytes === "number" && Number.isFinite(jobRaw.bundle_size_bytes)
|
|
56
|
+
? jobRaw.bundle_size_bytes
|
|
57
|
+
: undefined;
|
|
58
|
+
const downloadTokenExpires = typeof jobRaw.download_token_expires === "string" && jobRaw.download_token_expires
|
|
59
|
+
? jobRaw.download_token_expires
|
|
60
|
+
: typeof jobRaw.download_token_expires_at === "string" && jobRaw.download_token_expires_at
|
|
61
|
+
? jobRaw.download_token_expires_at
|
|
62
|
+
: undefined;
|
|
63
|
+
const downloadPath = typeof jobRaw.download_path === "string" && jobRaw.download_path ? jobRaw.download_path : undefined;
|
|
55
64
|
const job = {
|
|
56
65
|
id: readString(jobRaw.id ?? jobRaw.job_id, "job.id"),
|
|
57
66
|
status: readString(jobRaw.status, "job.status"),
|
|
58
67
|
tenant_realm_id: readString(jobRaw.tenant_realm_id, "job.tenant_realm_id"),
|
|
59
68
|
disclosure_tier: readString(jobRaw.disclosure_tier, "job.disclosure_tier"),
|
|
60
|
-
created_at:
|
|
69
|
+
created_at: typeof jobRaw.created_at === "string" ? jobRaw.created_at : "",
|
|
61
70
|
expires_at: readString(jobRaw.expires_at, "job.expires_at"),
|
|
62
71
|
error: typeof jobRaw.error === "string" ? jobRaw.error : "",
|
|
63
72
|
manifest_sha256: typeof jobRaw.manifest_sha256 === "string" ? jobRaw.manifest_sha256 : "",
|
|
64
73
|
bundle_sha256: typeof jobRaw.bundle_sha256 === "string" ? jobRaw.bundle_sha256 : "",
|
|
65
74
|
download_token: typeof jobRaw.download_token === "string" && jobRaw.download_token ? jobRaw.download_token : undefined,
|
|
75
|
+
bundle_size_bytes: bundleSize,
|
|
76
|
+
download_token_expires: downloadTokenExpires,
|
|
77
|
+
download_path: downloadPath,
|
|
66
78
|
};
|
|
67
79
|
return { job };
|
|
68
80
|
}
|
package/dist/cli/command-spec.js
CHANGED
|
@@ -296,10 +296,12 @@ export const COMMAND_EXAMPLES = {
|
|
|
296
296
|
"paybond signal fraud --did did:example:alice"
|
|
297
297
|
],
|
|
298
298
|
"receipts get": [
|
|
299
|
-
"paybond receipts get receipt-123"
|
|
299
|
+
"paybond receipts get receipt-123",
|
|
300
|
+
"paybond receipts get sha256:abc... --kind agent --format json"
|
|
300
301
|
],
|
|
301
302
|
"receipts verify": [
|
|
302
|
-
"paybond receipts verify receipt-123"
|
|
303
|
+
"paybond receipts verify receipt-123",
|
|
304
|
+
"paybond receipts verify sha256:abc... --kind agent --format json"
|
|
303
305
|
],
|
|
304
306
|
"mandates verify": [
|
|
305
307
|
"paybond mandates verify --body mandate.json"
|
|
@@ -7,10 +7,8 @@ import { consumeBooleanFlag, consumeFlag } from "../globals.js";
|
|
|
7
7
|
import { CliError } from "../types.js";
|
|
8
8
|
export async function handleSignal(ctx, subcommand, argv) {
|
|
9
9
|
return withGateway(ctx, async (gateway) => {
|
|
10
|
-
const principal = await gateway.getJson("/v1/auth/principal");
|
|
11
|
-
const tenantId = String(principal.tenant_id ?? "");
|
|
12
10
|
if (subcommand === "portfolio") {
|
|
13
|
-
const body = await gateway.getJson(
|
|
11
|
+
const body = await gateway.getJson("/signal/v1/portfolio/summary");
|
|
14
12
|
return { data: body };
|
|
15
13
|
}
|
|
16
14
|
const didFlag = consumeFlag(argv, "--did");
|
|
@@ -18,11 +16,11 @@ export async function handleSignal(ctx, subcommand, argv) {
|
|
|
18
16
|
throw new CliError(`signal ${subcommand} requires --did`, { category: "usage", code: "cli.usage.missing_did" });
|
|
19
17
|
}
|
|
20
18
|
if (subcommand === "reputation") {
|
|
21
|
-
const body = await gateway.getJson(`/
|
|
19
|
+
const body = await gateway.getJson(`/reputation/${encodeURIComponent(didFlag.value)}`);
|
|
22
20
|
return { data: body };
|
|
23
21
|
}
|
|
24
22
|
if (subcommand === "fraud") {
|
|
25
|
-
const body = await gateway.getJson(`/
|
|
23
|
+
const body = await gateway.getJson(`/signal/v1/operators/${encodeURIComponent(didFlag.value)}/review-status`);
|
|
26
24
|
return { data: body };
|
|
27
25
|
}
|
|
28
26
|
throw new CliError(`unknown signal subcommand: ${subcommand}`, { category: "usage", code: "cli.usage.unknown_command" });
|
|
@@ -30,10 +28,23 @@ export async function handleSignal(ctx, subcommand, argv) {
|
|
|
30
28
|
}
|
|
31
29
|
export async function handleReceipts(ctx, subcommand, argv) {
|
|
32
30
|
return withGateway(ctx, async (gateway) => {
|
|
31
|
+
const kindFlag = consumeFlag(argv, "--kind");
|
|
32
|
+
const kind = (kindFlag.value ?? "protocol").trim().toLowerCase();
|
|
33
33
|
const receiptId = argv[0];
|
|
34
34
|
if (!receiptId) {
|
|
35
35
|
throw new CliError(`receipts ${subcommand} requires <receipt_id>`, { category: "usage", code: "cli.usage.missing_receipt_id" });
|
|
36
36
|
}
|
|
37
|
+
if (kind === "agent") {
|
|
38
|
+
if (subcommand === "get") {
|
|
39
|
+
const body = await gateway.getJson(`/protocol/v2/agent-receipts/${encodeURIComponent(receiptId)}`);
|
|
40
|
+
return { data: body };
|
|
41
|
+
}
|
|
42
|
+
if (subcommand === "verify") {
|
|
43
|
+
const fetched = await gateway.getJson(`/protocol/v2/agent-receipts/${encodeURIComponent(receiptId)}`);
|
|
44
|
+
const body = await gateway.postJson("/protocol/v2/agent-receipts/verify", fetched);
|
|
45
|
+
return { data: body };
|
|
46
|
+
}
|
|
47
|
+
}
|
|
37
48
|
if (subcommand === "get") {
|
|
38
49
|
const body = await gateway.getJson(`/protocol/v2/receipts/${encodeURIComponent(receiptId)}`);
|
|
39
50
|
return { data: body };
|
|
@@ -55,7 +66,7 @@ export async function handleMandates(ctx, subcommand, argv) {
|
|
|
55
66
|
return { data: body };
|
|
56
67
|
}
|
|
57
68
|
if (subcommand === "import") {
|
|
58
|
-
const body = await gateway.postJson("/protocol/v2/mandates
|
|
69
|
+
const body = await gateway.postJson("/protocol/v2/mandates", payload);
|
|
59
70
|
return { data: body };
|
|
60
71
|
}
|
|
61
72
|
throw new CliError(`unknown mandates subcommand: ${subcommand}`, { category: "usage", code: "cli.usage.unknown_command" });
|
package/dist/cli/help.d.ts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export declare const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel smoke, trace dashboard, WireMock up, and guided setup\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize Authorize delegated spend for a tool call\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement receipts\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
|
|
1
|
+
export declare const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel smoke, trace dashboard, WireMock up, and guided setup\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize Authorize delegated spend for a tool call\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement and agent action receipts (--kind agent)\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
|
|
2
2
|
export declare const COMMAND_HELP: Record<string, string>;
|
|
3
3
|
export declare function helpForCommand(path: string): string;
|
package/dist/cli/help.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
// Generated by kit/cli-parity/generate.mjs — do not edit by hand.
|
|
2
|
-
export const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel smoke, trace dashboard, WireMock up, and guided setup\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize Authorize delegated spend for a tool call\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement receipts\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
|
|
2
|
+
export const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel smoke, trace dashboard, WireMock up, and guided setup\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize Authorize delegated spend for a tool call\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement and agent action receipts (--kind agent)\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
|
|
3
3
|
export const COMMAND_HELP = {
|
|
4
4
|
"onboarding": "Usage: paybond onboarding [--host claude|codex|openai|generic]\n\nRuns a guided, non-destructive first-run workflow: runtime check, login status, guardrail file status, MCP config preview, and doctor.\n\nExamples:\n $ paybond onboarding\n $ paybond onboarding --host claude --format json\n\nDocs: https://docs.paybond.ai/kit/coding-agent-setup\n\nNext: paybond login",
|
|
5
5
|
"help": "Usage: paybond help [<command> [<subcommand> ...]]\n\nShows detailed help for a command path. Without arguments, prints root help.\n\nExamples:\n $ paybond help\n $ paybond help login\n $ paybond help mcp install",
|
|
@@ -53,8 +53,8 @@ export const COMMAND_HELP = {
|
|
|
53
53
|
"signal reputation": "Usage: paybond signal reputation --did <did>\n\nExamples:\n $ paybond signal reputation --did did:example:alice",
|
|
54
54
|
"signal portfolio": "Usage: paybond signal portfolio\n\nExamples:\n $ paybond signal portfolio",
|
|
55
55
|
"signal fraud": "Usage: paybond signal fraud --did <did>\n\nExamples:\n $ paybond signal fraud --did did:example:alice",
|
|
56
|
-
"receipts get": "Usage: paybond receipts get <receipt_id
|
|
57
|
-
"receipts verify": "Usage: paybond receipts verify <receipt_id
|
|
56
|
+
"receipts get": "Usage: paybond receipts get <receipt_id> [--kind protocol|agent]\n\nFetch a signed protocol settlement receipt (default) or agent action receipt (--kind agent).\n\nExamples:\n $ paybond receipts get receipt-123\n $ paybond receipts get sha256:abc... --kind agent --format json",
|
|
57
|
+
"receipts verify": "Usage: paybond receipts verify <receipt_id> [--kind protocol|agent]\n\nVerify a protocol settlement receipt (default) or agent action receipt (--kind agent) via Gateway offline verify.\n\nExamples:\n $ paybond receipts verify receipt-123\n $ paybond receipts verify sha256:abc... --kind agent --format json",
|
|
58
58
|
"mandates verify": "Usage: paybond mandates verify --body <json-file>\n\nExamples:\n $ paybond mandates verify --body mandate.json",
|
|
59
59
|
"mandates import": "Usage: paybond mandates import --body <json-file>\n\nExamples:\n $ paybond mandates import --body mandate.json",
|
|
60
60
|
"a2a card": "Usage: paybond a2a card\n\nExamples:\n $ paybond a2a card",
|
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
/** Generated by kit/scripts/sync-completion-catalog.mjs — do not edit. */
|
|
2
|
-
export declare const BUNDLED_COMPLETION_CATALOG_SHA256_HEX: "
|
|
2
|
+
export declare const BUNDLED_COMPLETION_CATALOG_SHA256_HEX: "a738febc9ee8b5b66f05991c4582ba24e6857cdc574196b0aeefc5c77e192ea9";
|
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
/** Generated by kit/scripts/sync-completion-catalog.mjs — do not edit. */
|
|
2
|
-
export const BUNDLED_COMPLETION_CATALOG_SHA256_HEX = "
|
|
2
|
+
export const BUNDLED_COMPLETION_CATALOG_SHA256_HEX = "a738febc9ee8b5b66f05991c4582ba24e6857cdc574196b0aeefc5c77e192ea9";
|
package/dist/index.d.ts
CHANGED
|
@@ -4,12 +4,13 @@
|
|
|
4
4
|
*/
|
|
5
5
|
import { type BuildSignedCreateIntentParams, type BuildSignedCreateIntentWithPolicyBindingParams, type SettlementRail } from "./principal-intent.js";
|
|
6
6
|
import { type SignPayeeEvidenceParams } from "./payee-evidence.js";
|
|
7
|
-
import { PaybondAgentRunFacade, PaybondInstrumentBuilder, PaybondInstrumentRuntime, PaybondToolRegistry, type CreateGuardedAgentInput, type CreateGuardedAgentResult, type
|
|
7
|
+
import { PaybondAgentRunFacade, type PaybondAgentCallable, PaybondInstrumentBuilder, PaybondInstrumentRuntime, PaybondToolRegistry, type CreateGuardedAgentInput, type CreateGuardedAgentResult, type PaybondInlinePolicy, type PaybondInstrumentAgentOptions, type PaybondInstrumentInput, type PaybondInstrumented, type PaybondToolRegistryConfig, type PaybondWrapToolsOptions } from "./agent/index.js";
|
|
8
8
|
import { GatewayAgentRunTraceReporter } from "./agent/gateway-trace-reporter.js";
|
|
9
9
|
import { PaybondAudit } from "./audit/index.js";
|
|
10
10
|
import { type PolicyRemoteValidateOptions, type PolicyRemoteValidateResult } from "./policy/validate-remote.js";
|
|
11
11
|
import { type PolicyEffectiveResolveResult } from "./policy/load-effective.js";
|
|
12
12
|
import { type FundRequestEnvelope, type PaymentRequired, type X402FundPollOptions } from "./x402-funding.js";
|
|
13
|
+
import { type MppFundPollOptions, type PaymentAuthChallenge } from "./mpp-funding.js";
|
|
13
14
|
export type SpendScope = {
|
|
14
15
|
scope_type: string;
|
|
15
16
|
scope_key: string;
|
|
@@ -43,6 +44,13 @@ export type PaybondSpendAuthorizationInput = {
|
|
|
43
44
|
agentSubject?: string;
|
|
44
45
|
approvalToken?: string;
|
|
45
46
|
idempotencyKey?: string;
|
|
47
|
+
/**
|
|
48
|
+
* Agent Receipt Standard context (Phase 1): forwarded to Gateway `/verify` on every call for
|
|
49
|
+
* audit correlation. See `go/gateway/internal/spendauth/types.go` `VerifyRequest`.
|
|
50
|
+
*/
|
|
51
|
+
modelFamily?: string;
|
|
52
|
+
configHashHex?: string;
|
|
53
|
+
promptHashHex?: string;
|
|
46
54
|
};
|
|
47
55
|
export type SubmitEvidenceResult = {
|
|
48
56
|
intentId: string;
|
|
@@ -54,6 +62,12 @@ export type IntentFundingResult = {
|
|
|
54
62
|
settlementRail: SettlementRail;
|
|
55
63
|
harborFundEndpoint?: string;
|
|
56
64
|
status?: string;
|
|
65
|
+
/** MPP Payment Auth challenge `intent` (`charge` or `session`). */
|
|
66
|
+
intent?: string;
|
|
67
|
+
/** MPP Payment Auth challenge `method` (`stripe` or `tempo`). */
|
|
68
|
+
method?: string;
|
|
69
|
+
/** MPP Payment Auth challenge id from `WWW-Authenticate: Payment`. */
|
|
70
|
+
challengeId?: string;
|
|
57
71
|
paymentSessionId?: string;
|
|
58
72
|
paymentUrl?: string;
|
|
59
73
|
stripePaymentIntentId?: string;
|
|
@@ -69,6 +83,22 @@ export type IntentFundingResult = {
|
|
|
69
83
|
bankName?: string;
|
|
70
84
|
asset?: string;
|
|
71
85
|
network?: string;
|
|
86
|
+
/** MPP settlement asset (e.g. `usdc`). */
|
|
87
|
+
settlementAsset?: string;
|
|
88
|
+
/** MPP settlement network (e.g. `tempo`). */
|
|
89
|
+
settlementNetwork?: string;
|
|
90
|
+
/** Tempo session channel id (`stripe_mpp` session funding). */
|
|
91
|
+
channelId?: string;
|
|
92
|
+
/** Tempo session protocol version (e.g. `v2`). */
|
|
93
|
+
sessionProtocol?: string;
|
|
94
|
+
/** Required Tempo deposit in USDC base units. */
|
|
95
|
+
depositAmountBaseUnits?: string;
|
|
96
|
+
acceptedCumulativeBaseUnits?: string;
|
|
97
|
+
pendingCumulativeBaseUnits?: string;
|
|
98
|
+
descriptorHash?: string;
|
|
99
|
+
lastVoucherAt?: string;
|
|
100
|
+
lastSettleTxHash?: string;
|
|
101
|
+
channelStatus?: string;
|
|
72
102
|
authorizationId?: string;
|
|
73
103
|
captureId?: string;
|
|
74
104
|
voidId?: string;
|
|
@@ -94,6 +124,12 @@ export type FundIntentResult = {
|
|
|
94
124
|
statusCode: 200 | 202 | 402;
|
|
95
125
|
paymentRequired?: string;
|
|
96
126
|
paymentResponse?: string;
|
|
127
|
+
/** Payment Auth challenges from `WWW-Authenticate` (MPP charge/session). */
|
|
128
|
+
wwwAuthenticate?: string[];
|
|
129
|
+
/** Payment Auth receipt from `Payment-Receipt` when Harbor confirms payment progress. */
|
|
130
|
+
paymentReceipt?: string;
|
|
131
|
+
/** Cache policy echoed from Harbor (`Cache-Control`). */
|
|
132
|
+
cacheControl?: string;
|
|
97
133
|
intentId: string;
|
|
98
134
|
tenant: string;
|
|
99
135
|
state: string;
|
|
@@ -722,6 +758,7 @@ export type VerifyProtocolReceiptV1Result = {
|
|
|
722
758
|
tenant_id: string;
|
|
723
759
|
receipt: ProtocolAuthorizationReceiptV1 | ProtocolSettlementReceiptV1 | Record<string, unknown>;
|
|
724
760
|
};
|
|
761
|
+
export type { VerifyAgentReceiptV1Result } from "./agent/receipt-client.js";
|
|
725
762
|
export declare class A2AHttpError extends Error {
|
|
726
763
|
readonly statusCode: number;
|
|
727
764
|
readonly url: string;
|
|
@@ -900,6 +937,7 @@ export declare class HarborClient {
|
|
|
900
937
|
*/
|
|
901
938
|
fundIntent(intentId: string, options?: {
|
|
902
939
|
paymentSignature?: string;
|
|
940
|
+
paymentAuthorization?: string;
|
|
903
941
|
idempotencyKey?: string;
|
|
904
942
|
}): Promise<FundIntentResult>;
|
|
905
943
|
/**
|
|
@@ -1009,6 +1047,7 @@ export declare class GatewayHarborClient {
|
|
|
1009
1047
|
createIntent(body: Record<string, unknown>, options: GatewayHarborMutationOptions): Promise<Record<string, unknown>>;
|
|
1010
1048
|
fundIntent(intentId: string, options: GatewayHarborMutationOptions & {
|
|
1011
1049
|
paymentSignature?: string;
|
|
1050
|
+
paymentAuthorization?: string;
|
|
1012
1051
|
}): Promise<FundIntentResult>;
|
|
1013
1052
|
submitEvidence(intentId: string, evidenceBody: Record<string, unknown>, options: GatewayHarborMutationOptions): Promise<SubmitEvidenceResult>;
|
|
1014
1053
|
/** Recognition-gated Gateway Harbor settlement confirmation. */
|
|
@@ -1127,6 +1166,12 @@ export declare class GatewayProtocolClient {
|
|
|
1127
1166
|
}): Promise<ImportAgentMandateV1Result>;
|
|
1128
1167
|
getSettlementReceiptV1(receiptId: string): Promise<ProtocolSettlementReceiptV1>;
|
|
1129
1168
|
verifyProtocolReceiptV1(receipt: ProtocolAuthorizationReceiptV1 | ProtocolSettlementReceiptV1 | Record<string, unknown>): Promise<VerifyProtocolReceiptV1Result>;
|
|
1169
|
+
getAgentReceiptV1ByID(receiptId: string): Promise<import("./agent-receipt.js").AgentReceiptV1>;
|
|
1170
|
+
getAgentReceiptV1ByIntentToolCall(init: {
|
|
1171
|
+
intentId: string;
|
|
1172
|
+
toolCallId: string;
|
|
1173
|
+
}): Promise<import("./agent-receipt.js").AgentReceiptV1>;
|
|
1174
|
+
verifyAgentReceiptV1(receipt: import("./agent-receipt.js").AgentReceiptV1 | Record<string, unknown>): Promise<import("./agent/receipt-client.js").VerifyAgentReceiptV1Result>;
|
|
1130
1175
|
createHarborIntent(init: {
|
|
1131
1176
|
body: Record<string, unknown>;
|
|
1132
1177
|
recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
|
|
@@ -1234,6 +1279,7 @@ export declare class PaybondIntents {
|
|
|
1234
1279
|
intentId: string;
|
|
1235
1280
|
recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
|
|
1236
1281
|
paymentSignature?: string;
|
|
1282
|
+
paymentAuthorization?: string;
|
|
1237
1283
|
idempotencyKey?: string;
|
|
1238
1284
|
}): Promise<FundIntentResult>;
|
|
1239
1285
|
/**
|
|
@@ -1249,6 +1295,36 @@ export declare class PaybondIntents {
|
|
|
1249
1295
|
pollOptions?: X402FundPollOptions;
|
|
1250
1296
|
idempotencyKey?: string;
|
|
1251
1297
|
}): Promise<FundIntentResult>;
|
|
1298
|
+
/**
|
|
1299
|
+
* One-shot Stripe MPP charge fund flow: create Payment Auth credentials from 402 challenges,
|
|
1300
|
+
* retry with `paymentAuthorization`, and poll until funded.
|
|
1301
|
+
*
|
|
1302
|
+
* MPP wallet and SPT secrets stay app-owned — pass injectable `createPaymentCredential` and
|
|
1303
|
+
* `issueRecognitionProof` callbacks.
|
|
1304
|
+
*/
|
|
1305
|
+
fundWithMppCharge(params: {
|
|
1306
|
+
intentId: string;
|
|
1307
|
+
recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
|
|
1308
|
+
createPaymentCredential: (challenge: PaymentAuthChallenge) => Promise<string>;
|
|
1309
|
+
issueRecognitionProof: (envelope: FundRequestEnvelope) => Promise<AgentRecognitionProofV1 | Record<string, unknown>>;
|
|
1310
|
+
pollOptions?: MppFundPollOptions;
|
|
1311
|
+
idempotencyKey?: string;
|
|
1312
|
+
}): Promise<FundIntentResult>;
|
|
1313
|
+
/**
|
|
1314
|
+
* Tempo MPP session fund flow: open a session channel deposit via Payment Auth credentials,
|
|
1315
|
+
* retry with `paymentAuthorization`, and poll until the intent is funded.
|
|
1316
|
+
*
|
|
1317
|
+
* MPP wallet and SPT secrets stay app-owned — pass injectable `createPaymentCredential` and
|
|
1318
|
+
* `issueRecognitionProof` callbacks.
|
|
1319
|
+
*/
|
|
1320
|
+
fundWithMppSession(params: {
|
|
1321
|
+
intentId: string;
|
|
1322
|
+
recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
|
|
1323
|
+
createPaymentCredential: (challenge: PaymentAuthChallenge) => Promise<string>;
|
|
1324
|
+
issueRecognitionProof: (envelope: FundRequestEnvelope) => Promise<AgentRecognitionProofV1 | Record<string, unknown>>;
|
|
1325
|
+
pollOptions?: MppFundPollOptions;
|
|
1326
|
+
idempotencyKey?: string;
|
|
1327
|
+
}): Promise<FundIntentResult>;
|
|
1252
1328
|
/**
|
|
1253
1329
|
* Sign payee evidence and POST it. `payeeSigningSeed` must be 32 bytes.
|
|
1254
1330
|
*/
|
|
@@ -1274,6 +1350,7 @@ export declare class Paybond {
|
|
|
1274
1350
|
readonly intents: PaybondIntents;
|
|
1275
1351
|
readonly audit: PaybondAudit;
|
|
1276
1352
|
readonly agentRun: PaybondAgentRunFacade;
|
|
1353
|
+
readonly agent: PaybondAgentCallable;
|
|
1277
1354
|
private constructor();
|
|
1278
1355
|
/** Open a tenant-bound hosted Paybond session from a service-account API key. */
|
|
1279
1356
|
static open(init: PaybondOpenOptions): Promise<Paybond>;
|
|
@@ -1318,11 +1395,6 @@ export declare class Paybond {
|
|
|
1318
1395
|
instrumentMCP<TTools>(input: Omit<PaybondInstrumentInput<TTools>, "framework"> & {
|
|
1319
1396
|
tools: TTools;
|
|
1320
1397
|
}): Promise<PaybondInstrumented<TTools> | PaybondInstrumentRuntime<TTools>>;
|
|
1321
|
-
/**
|
|
1322
|
-
* Opinionated quickstart: resolve named policy presets (for example `travel`) or file paths,
|
|
1323
|
-
* then instrument tools for the selected framework.
|
|
1324
|
-
*/
|
|
1325
|
-
agent<TTools>(input: PaybondAgentInput<TTools>): Promise<PaybondAgentResult<TTools>>;
|
|
1326
1398
|
/** Wrap tools for an existing bound run without reloading policy. */
|
|
1327
1399
|
wrapTools(run: import("./agent/run.js").PaybondAgentRun, tools: unknown, options?: PaybondWrapToolsOptions): unknown;
|
|
1328
1400
|
/**
|
|
@@ -1342,10 +1414,14 @@ export { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBindi
|
|
|
1342
1414
|
export { artifactsDigest, evidenceSignBytesV1, signPayeeEvidenceBinding, type SignPayeeEvidenceParams, } from "./payee-evidence.js";
|
|
1343
1415
|
export { AGENT_RECOGNITION_GATEWAY_VERIFIER_ID, AGENT_RECOGNITION_PROOF_KIND_V1, AGENT_RECOGNITION_PURPOSE_CREATE, AGENT_RECOGNITION_PURPOSE_FUND, AGENT_RECOGNITION_PURPOSE_EVIDENCE_SUBMIT, newAgentRecognitionRequestEnvelope, signAgentRecognitionProofV1, signHarborCreateRecognitionProof, signHarborFundRecognitionProof, signHarborEvidenceSubmitRecognitionProof, signHarborSettlementConfirmRecognitionProof, type SignAgentRecognitionProofV1Params, type SignedAgentRecognitionProofV1, } from "./agent-recognition.js";
|
|
1344
1416
|
export { executeFundWithX402, buildX402FundRequestEnvelope, PaybondX402FundingFailedError, PaybondX402FundingPendingError, type FundRequestEnvelope, type PaymentRequired, type X402FundPollOptions, } from "./x402-funding.js";
|
|
1417
|
+
export { executeFundWithMpp, executeFundWithMppCharge, executeFundWithMppSession, buildMppFundRequestEnvelope, parsePaymentAuthChallenge, selectMppChargeChallenge, selectMppSessionChallenge, PaybondMppFundingFailedError, PaybondMppFundingPendingError, type MppFundPollOptions, type ParsedPaymentAuthChallenge, type PaymentAuthChallenge, } from "./mpp-funding.js";
|
|
1345
1418
|
export { validateCompletionEvidence, type CompletionEvidenceValidationReport, } from "./completion-validate-evidence.js";
|
|
1346
1419
|
export { completionSchemaDigestHex, computeVendorContractDigests, verifyVendorContract, verifyCatalogVendorContracts, type VendorContract, type VendorContractDigests, } from "./completion-contract-digest.js";
|
|
1347
1420
|
export { contractSnapshotForPreset, mapVendorEvidenceToCanonical, resolveCompletionPreset, } from "./completion-resolve.js";
|
|
1348
|
-
export { PaybondAgentRun, PaybondAgentRunBindError, PaybondAgentRunFacade, PaybondEvidenceSubmitError, PaybondFrameworkAdapter, PaybondToolInterceptor, PaybondToolRegistry, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, buildAutoEvidencePayload, createGenericToolExecutor, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondGenericAgentConfig, createPaybondGenericInputGuard, createPaybondToolRegistry, createToolInputGuardAdapter, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, paybondGenericToolExecutorAdapter, paybondToolInputGuardAdapter, resolveAgentPolicySource, toPaybondAgentResult, wrapPaybondTools, PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, type CreateGuardedAgentInput, type CreateGuardedAgentResult, type GuardedAgentFramework, type PaybondAgentHooks, type PaybondAgentInput, type PaybondAgentResult, type PaybondAgentRunBindInput, type PaybondAuthorizeToolCallInput, type PaybondEvidenceMapper, type PaybondGenericAgentConfig, type PaybondGenericToolCall, type PaybondGenericToolDefinition, type PaybondGenericWrappedToolDefinition, type PaybondInlinePolicy, type PaybondAgentInstrumentation, type PaybondInstrumentAgentOptions, type PaybondInstrumentBinding, type PaybondInstrumentContext, type PaybondInstrumentContextInput, type PaybondInstrumentContextProvider, type PaybondInstrumentInput, type PaybondInterceptEvidenceResult, type PaybondInterceptWrapExecuteInput, type PaybondInterceptWrapExecuteResult, type PaybondRunBinding, type PaybondRunBindingAttachInput, type PaybondRunBindingSandboxBootstrapInput, type PaybondRunGuard, type PaybondSideEffectingToolEntry, type PaybondSideEffectingToolPolicy, type PaybondSpendResolver, type PaybondToolCallContext, type PaybondToolInputGuardAllowDecision, type PaybondToolInputGuardApprovalRequiredDecision, type PaybondToolInputGuardDecision, type PaybondToolInputGuardDenyDecision, type PaybondToolInputGuardAdapter, type PaybondToolRegistryConfig, type PaybondToolResolution, type PaybondWrapToolsOptions, } from "./agent/index.js";
|
|
1421
|
+
export { PaybondAgentRun, PaybondAgentRunBindError, PaybondAgentRunFacade, PaybondEvidenceSubmitError, PaybondFrameworkAdapter, PaybondToolInterceptor, PaybondToolRegistry, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, buildAutoEvidencePayload, createGenericToolExecutor, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondGenericAgentConfig, createPaybondGenericInputGuard, createPaybondToolRegistry, createToolInputGuardAdapter, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, paybondGenericToolExecutorAdapter, paybondToolInputGuardAdapter, resolveAgentPolicySource, toPaybondAgentResult, wrapPaybondTools, PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, type CreateGuardedAgentInput, type CreateGuardedAgentResult, type GuardedAgentFramework, type PaybondAgentHooks, type PaybondAgentInput, type PaybondAgentResult, type PaybondAgentRunBindInput, type PaybondAuthorizeToolCallInput, type PaybondEvidenceMapper, type PaybondExternalAttestationMapper, type PaybondGenericAgentConfig, type PaybondGenericToolCall, type PaybondGenericToolDefinition, type PaybondGenericWrappedToolDefinition, type PaybondInlinePolicy, type PaybondAgentInstrumentation, type PaybondInstrumentAgentOptions, type PaybondInstrumentBinding, type PaybondInstrumentContext, type PaybondInstrumentContextInput, type PaybondInstrumentContextProvider, type PaybondInstrumentInput, type PaybondInterceptEvidenceResult, type PaybondInterceptWrapExecuteInput, type PaybondInterceptWrapExecuteResult, type PaybondRunBinding, type PaybondRunBindingAttachInput, type PaybondRunBindingSandboxBootstrapInput, type PaybondRunGuard, type PaybondSideEffectingToolEntry, type PaybondSideEffectingToolPolicy, type PaybondSpendResolver, type PaybondToolCallContext, type PaybondToolInputGuardAllowDecision, type PaybondToolInputGuardApprovalRequiredDecision, type PaybondToolInputGuardDecision, type PaybondToolInputGuardDenyDecision, type PaybondToolInputGuardAdapter, type PaybondToolRegistryConfig, type PaybondToolResolution, type PaybondWrapToolsOptions, } from "./agent/index.js";
|
|
1349
1422
|
export { PaybondAudit, PaybondAuditExports, GatewayAuditExportsClient, parseAuditExportList, parseAuditExportJobGet, verifyAuditManifest, verifyAuditBundleLocal, type AuditExportJobDetail, type AuditExportJobGetResponse, type AuditExportJobSummary, type AuditExportListPage, type AuditVerifyResult, type AuditExportsGateway, } from "./audit/index.js";
|
|
1350
1423
|
export { PaybondPolicy, composePolicyLayers, composeBundledPresetDefault, domain, guardrails, paybondPolicyPresets, resolveComposedPresetDocument, type LayeredPolicyPresetId, type PaybondPolicyPresets, type PolicyGuardrailLayer, type PolicyPresetId, type VerticalPolicyOptions, } from "./policy/index.js";
|
|
1351
1424
|
export { getSolutionSmokeDefaults, isKnownSolutionId, listSolutionIds, loadSolutionManifest, paybondSolutionPresets, type PaybondSolutionBundle, type PaybondSolutionPresets, type SolutionId, type SolutionManifest, type SolutionSmokeDefaults, } from "./solutions/index.js";
|
|
1425
|
+
export { appendDirectHarborPaymentAuthorization, formatPaymentAuthorizationValue, PAYBOND_PAYMENT_AUTHORIZATION_HEADER, PAYMENT_TRANSPORT_RESPONSE_HEADERS, paymentAuthorizationGatewayHeader, readFundPaymentTransportHeaders, type FundPaymentTransportHeaders, } from "./payment-transport.js";
|
|
1426
|
+
export { AGENT_RECEIPT_KIND_V1, AGENT_RECEIPT_SCHEMA_VERSION, AGENT_RECEIPT_SCOPE_ACTION, AGENT_RECEIPT_SCOPE_INTENT_TERMINAL, AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519, AGENT_RECEIPT_VERSION_V1, AGENT_RECEIPT_WELL_KNOWN_PATH, actionReceiptId, canonicalAgentReceiptBytes, configHashSha256Hex, promptHashSha256Hex, valueDigestSha256Hex, verifyAgentReceiptV1, type AgentReceiptAgentV1, type AgentReceiptAuthorizationV1, type AgentReceiptEvidenceV1, type AgentReceiptExecutionV1, type AgentReceiptExternalAttestationV1, type AgentReceiptMerchantV1, type AgentReceiptOutcomeV1, type AgentReceiptPaymentV1, type AgentReceiptPolicyV1, type AgentReceiptReferencesV1, type AgentReceiptV1, type ConfigHashInput, } from "./agent-receipt.js";
|
|
1427
|
+
export { AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828, AGENT_RECEIPT_EXTERNAL_SOURCE_X402, partnerRecordDigestSha256Hex, resolveExternalAttestations, sep2828RecordsToExternalAttestations, x402ReceiptToExternalAttestations, type PaybondExternalAttestationInput, } from "./agent-receipt-external-attestations.js";
|