@paybond/kit 0.11.11 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/completion-presets/catalog.json +10 -5
- package/completion-presets/catalog.sha256 +1 -1
- package/dist/agent/index.d.ts +2 -1
- package/dist/agent/index.js +1 -0
- package/dist/agent/interceptor.d.ts +9 -0
- package/dist/agent/interceptor.js +177 -1
- package/dist/agent/receipt-client.d.ts +49 -0
- package/dist/agent/receipt-client.js +45 -0
- package/dist/agent/registry.js +1 -0
- package/dist/agent/run.d.ts +2 -0
- package/dist/agent/run.js +52 -0
- package/dist/agent/types.d.ts +70 -0
- package/dist/agent-receipt-external-attestations.d.ts +29 -0
- package/dist/agent-receipt-external-attestations.js +124 -0
- package/dist/agent-receipt.d.ts +134 -0
- package/dist/agent-receipt.js +580 -0
- package/dist/audit/exports.d.ts +15 -1
- package/dist/audit/exports.js +55 -8
- package/dist/audit/index.d.ts +2 -2
- package/dist/audit/wire.d.ts +12 -0
- package/dist/audit/wire.js +13 -1
- package/dist/cli/command-spec.js +4 -2
- package/dist/cli/commands/discovery.js +17 -6
- package/dist/cli/help.d.ts +1 -1
- package/dist/cli/help.js +3 -3
- package/dist/completion-catalog-digest.d.ts +1 -1
- package/dist/completion-catalog-digest.js +1 -1
- package/dist/index.d.ts +83 -7
- package/dist/index.js +180 -13
- package/dist/mcp-receipt-resource.d.ts +10 -0
- package/dist/mcp-receipt-resource.js +32 -0
- package/dist/mcp-server.d.ts +6 -0
- package/dist/mcp-server.js +62 -1
- package/dist/mpp-commercial.d.ts +19 -0
- package/dist/mpp-commercial.js +34 -0
- package/dist/mpp-funding.d.ts +71 -0
- package/dist/mpp-funding.js +192 -0
- package/dist/payment-transport.d.ts +30 -0
- package/dist/payment-transport.js +56 -0
- package/dist/policy/intent-spec.js +2 -0
- package/dist/principal-intent.d.ts +1 -1
- package/dist/principal-intent.js +4 -1
- package/package.json +1 -1
- package/templates/openai-shopping-agent/package-lock.json +7 -7
- package/templates/paybond-aws-operator/package-lock.json +4 -4
- package/templates/paybond-claude-agents-demo/package-lock.json +7 -7
- package/templates/paybond-mastra-travel-agent/package-lock.json +10 -10
- package/templates/paybond-mcp-coding-agent/package-lock.json +4 -4
- package/templates/paybond-openai-agents-demo/package-lock.json +7 -7
- package/templates/paybond-procurement-agent/package-lock.json +4 -4
- package/templates/paybond-travel-agent/package-lock.json +7 -7
- package/templates/paybond-vercel-shopping-agent/package-lock.json +4 -4
package/dist/index.js
CHANGED
|
@@ -4,16 +4,18 @@
|
|
|
4
4
|
*/
|
|
5
5
|
import { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBinding, } from "./principal-intent.js";
|
|
6
6
|
import { signPayeeEvidenceBinding } from "./payee-evidence.js";
|
|
7
|
-
import { PaybondAgentRunFacade, PaybondInstrumentBuilder, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondToolRegistry, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, resolveAgentPolicySource, wrapPaybondTools, } from "./agent/index.js";
|
|
7
|
+
import { PaybondAgentRunFacade, createPaybondAgentCallable, PaybondInstrumentBuilder, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondToolRegistry, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, resolveAgentPolicySource, wrapPaybondTools, } from "./agent/index.js";
|
|
8
8
|
import { GatewayAgentRunTraceReporter, } from "./agent/gateway-trace-reporter.js";
|
|
9
9
|
import { fetchWithGatewayRetries, gatewayRetryDelayMs, shouldRetryGatewayResponse, } from "./gateway-retry.js";
|
|
10
10
|
import { PaybondAudit, PaybondAuditExports } from "./audit/index.js";
|
|
11
|
+
import { formatPaymentAuthorizationValue, paymentAuthorizationGatewayHeader, readFundPaymentTransportHeaders, } from "./payment-transport.js";
|
|
11
12
|
import { parsePolicyRemoteValidateResponse, policyValidateQueryString, } from "./policy/validate-remote.js";
|
|
12
13
|
import { parsePolicyEffectiveResolveResponse, } from "./policy/load-effective.js";
|
|
13
14
|
import { paybondPolicyPresets } from "./policy/policy-api.js";
|
|
14
15
|
import { paybondSolutionPresets } from "./solutions/api.js";
|
|
15
16
|
import { requireSecureGatewayUrl } from "./gateway-url.js";
|
|
16
17
|
import { executeFundWithX402, } from "./x402-funding.js";
|
|
18
|
+
import { executeFundWithMppCharge, executeFundWithMppSession, } from "./mpp-funding.js";
|
|
17
19
|
function parseVerifyCapabilityBody(body, expectedTenant, expectedIntentId) {
|
|
18
20
|
const tenant = String(body.tenant ?? "");
|
|
19
21
|
const intentId = String(body.intent_id ?? "");
|
|
@@ -83,6 +85,12 @@ function verifyCapabilityPayload(input) {
|
|
|
83
85
|
payload.approval_token = input.approvalToken.trim();
|
|
84
86
|
if (input.idempotencyKey?.trim())
|
|
85
87
|
payload.idempotency_key = input.idempotencyKey.trim();
|
|
88
|
+
if (input.modelFamily?.trim())
|
|
89
|
+
payload.model_family = input.modelFamily.trim();
|
|
90
|
+
if (input.configHashHex?.trim())
|
|
91
|
+
payload.config_hash_hex = input.configHashHex.trim().toLowerCase();
|
|
92
|
+
if (input.promptHashHex?.trim())
|
|
93
|
+
payload.prompt_hash_hex = input.promptHashHex.trim().toLowerCase();
|
|
86
94
|
return payload;
|
|
87
95
|
}
|
|
88
96
|
export const DEFAULT_PAYBOND_GATEWAY_BASE_URL = "https://api.paybond.ai";
|
|
@@ -469,7 +477,7 @@ export class HarborClient {
|
|
|
469
477
|
}
|
|
470
478
|
throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
|
|
471
479
|
}
|
|
472
|
-
async fetchWithRetries(url, init, { retryBody, retryBodyText, }) {
|
|
480
|
+
async fetchWithRetries(url, init, { retryBody, retryBodyText, appendAuthorization, } = {}) {
|
|
473
481
|
let lastErr;
|
|
474
482
|
for (let attempt = 0; attempt < this.maxRetries; attempt++) {
|
|
475
483
|
let res;
|
|
@@ -479,6 +487,9 @@ export class HarborClient {
|
|
|
479
487
|
for (const [k, v] of Object.entries(auth)) {
|
|
480
488
|
headers.set(k, v);
|
|
481
489
|
}
|
|
490
|
+
for (const value of appendAuthorization ?? []) {
|
|
491
|
+
headers.append("authorization", value);
|
|
492
|
+
}
|
|
482
493
|
res = await fetch(url, { ...init, headers });
|
|
483
494
|
}
|
|
484
495
|
catch (e) {
|
|
@@ -600,11 +611,18 @@ export class HarborClient {
|
|
|
600
611
|
if (options?.paymentSignature?.trim()) {
|
|
601
612
|
headers["payment-signature"] = options.paymentSignature.trim();
|
|
602
613
|
}
|
|
614
|
+
const appendAuthorization = options?.paymentAuthorization?.trim() !== undefined &&
|
|
615
|
+
options.paymentAuthorization.trim() !== ""
|
|
616
|
+
? [formatPaymentAuthorizationValue(options.paymentAuthorization)]
|
|
617
|
+
: undefined;
|
|
603
618
|
const res = await this.fetchWithRetries(url, {
|
|
604
619
|
method: "POST",
|
|
605
620
|
headers,
|
|
606
621
|
body: "",
|
|
607
|
-
}, {
|
|
622
|
+
}, {
|
|
623
|
+
retryBodyText: "",
|
|
624
|
+
appendAuthorization,
|
|
625
|
+
});
|
|
608
626
|
const text = await res.text();
|
|
609
627
|
if (![200, 202, 402].includes(res.status)) {
|
|
610
628
|
throw new HarborHttpError(`Harbor fund intent HTTP ${res.status}: ${text}`, {
|
|
@@ -614,6 +632,7 @@ export class HarborClient {
|
|
|
614
632
|
});
|
|
615
633
|
}
|
|
616
634
|
const body = assertJSONObject(JSON.parse(text));
|
|
635
|
+
const transport = readFundPaymentTransportHeaders(res.headers);
|
|
617
636
|
const tenant = String(body.tenant ?? "");
|
|
618
637
|
if (tenant !== this.tenantId) {
|
|
619
638
|
throw new Error(`fund tenant mismatch: client=${this.tenantId} harbor=${tenant}`);
|
|
@@ -636,6 +655,9 @@ export class HarborClient {
|
|
|
636
655
|
statusCode: res.status,
|
|
637
656
|
paymentRequired: res.headers.get("payment-required") ?? undefined,
|
|
638
657
|
paymentResponse: res.headers.get("payment-response") ?? undefined,
|
|
658
|
+
wwwAuthenticate: transport.wwwAuthenticate,
|
|
659
|
+
paymentReceipt: transport.paymentReceipt,
|
|
660
|
+
cacheControl: transport.cacheControl,
|
|
639
661
|
intentId: echoedIntentId,
|
|
640
662
|
tenant,
|
|
641
663
|
state: body.state,
|
|
@@ -996,9 +1018,13 @@ export class GatewayHarborClient {
|
|
|
996
1018
|
return JSON.parse(text);
|
|
997
1019
|
}
|
|
998
1020
|
async fundIntent(intentId, options) {
|
|
999
|
-
const
|
|
1021
|
+
const paymentHeaders = {
|
|
1000
1022
|
...(options.paymentSignature?.trim() ? { "payment-signature": options.paymentSignature.trim() } : {}),
|
|
1001
|
-
|
|
1023
|
+
...(options.paymentAuthorization?.trim()
|
|
1024
|
+
? paymentAuthorizationGatewayHeader(options.paymentAuthorization)
|
|
1025
|
+
: {}),
|
|
1026
|
+
};
|
|
1027
|
+
const { res, text, url } = await this.postJSON(`/harbor/intents/${encodeURIComponent(intentId)}/fund`, {}, this.mutationHeaders("fundIntent", options, paymentHeaders));
|
|
1002
1028
|
if (![200, 202, 402].includes(res.status)) {
|
|
1003
1029
|
throw new HarborHttpError(`Gateway Harbor fund intent HTTP ${res.status}: ${text}`, {
|
|
1004
1030
|
statusCode: res.status,
|
|
@@ -1006,12 +1032,16 @@ export class GatewayHarborClient {
|
|
|
1006
1032
|
bodyText: text,
|
|
1007
1033
|
});
|
|
1008
1034
|
}
|
|
1035
|
+
const transport = readFundPaymentTransportHeaders(res.headers);
|
|
1009
1036
|
return parseFundIntentResponse(assertJSONObject(JSON.parse(text)), {
|
|
1010
1037
|
tenantId: this.tenantId,
|
|
1011
1038
|
intentId,
|
|
1012
1039
|
statusCode: res.status,
|
|
1013
1040
|
paymentRequired: res.headers.get("payment-required") ?? undefined,
|
|
1014
1041
|
paymentResponse: res.headers.get("payment-response") ?? undefined,
|
|
1042
|
+
wwwAuthenticate: transport.wwwAuthenticate,
|
|
1043
|
+
paymentReceipt: transport.paymentReceipt,
|
|
1044
|
+
cacheControl: transport.cacheControl,
|
|
1015
1045
|
source: "gateway",
|
|
1016
1046
|
});
|
|
1017
1047
|
}
|
|
@@ -1159,7 +1189,7 @@ export class PaybondGuardrails {
|
|
|
1159
1189
|
}
|
|
1160
1190
|
}
|
|
1161
1191
|
const DEFAULT_PRINCIPAL_PATH = "/v1/auth/principal";
|
|
1162
|
-
const SETTLEMENT_RAIL_VALUES = new Set(["stripe_connect", "stripe_ach_debit", "x402_usdc_base"]);
|
|
1192
|
+
const SETTLEMENT_RAIL_VALUES = new Set(["stripe_connect", "stripe_ach_debit", "stripe_mpp", "x402_usdc_base"]);
|
|
1163
1193
|
const FRAUD_REVIEW_EVENT_TYPES = new Set([
|
|
1164
1194
|
"review_open_requested",
|
|
1165
1195
|
"appeal_requested",
|
|
@@ -1211,6 +1241,9 @@ function parseFundIntentResponse(body, init) {
|
|
|
1211
1241
|
statusCode: init.statusCode,
|
|
1212
1242
|
paymentRequired: init.paymentRequired,
|
|
1213
1243
|
paymentResponse: init.paymentResponse,
|
|
1244
|
+
wwwAuthenticate: init.wwwAuthenticate,
|
|
1245
|
+
paymentReceipt: init.paymentReceipt,
|
|
1246
|
+
cacheControl: init.cacheControl,
|
|
1214
1247
|
intentId: echoedIntentId,
|
|
1215
1248
|
tenant,
|
|
1216
1249
|
state: body.state,
|
|
@@ -1360,6 +1393,9 @@ function parseIntentFundingResult(value) {
|
|
|
1360
1393
|
settlementRail: readSettlementRailValue(body.settlement_rail, "funding.settlement_rail"),
|
|
1361
1394
|
harborFundEndpoint: readOptionalString("harbor_fund_endpoint"),
|
|
1362
1395
|
status: readOptionalString("status"),
|
|
1396
|
+
intent: readOptionalString("intent"),
|
|
1397
|
+
method: readOptionalString("method"),
|
|
1398
|
+
challengeId: readOptionalString("challenge_id"),
|
|
1363
1399
|
paymentSessionId: readOptionalString("payment_session_id"),
|
|
1364
1400
|
paymentUrl: readOptionalString("payment_url"),
|
|
1365
1401
|
stripePaymentIntentId: readOptionalString("stripe_payment_intent_id"),
|
|
@@ -1375,6 +1411,17 @@ function parseIntentFundingResult(value) {
|
|
|
1375
1411
|
bankName: readOptionalString("bank_name"),
|
|
1376
1412
|
asset: readOptionalString("asset"),
|
|
1377
1413
|
network: readOptionalString("network"),
|
|
1414
|
+
settlementAsset: readOptionalString("settlement_asset"),
|
|
1415
|
+
settlementNetwork: readOptionalString("settlement_network"),
|
|
1416
|
+
channelId: readOptionalString("channel_id"),
|
|
1417
|
+
sessionProtocol: readOptionalString("session_protocol"),
|
|
1418
|
+
depositAmountBaseUnits: readOptionalString("deposit_amount_base_units"),
|
|
1419
|
+
acceptedCumulativeBaseUnits: readOptionalString("accepted_cumulative_base_units"),
|
|
1420
|
+
pendingCumulativeBaseUnits: readOptionalString("pending_cumulative_base_units"),
|
|
1421
|
+
descriptorHash: readOptionalString("descriptor_hash"),
|
|
1422
|
+
lastVoucherAt: readOptionalString("last_voucher_at"),
|
|
1423
|
+
lastSettleTxHash: readOptionalString("last_settle_tx_hash"),
|
|
1424
|
+
channelStatus: readOptionalString("channel_status"),
|
|
1378
1425
|
authorizationId: readOptionalString("authorization_id"),
|
|
1379
1426
|
captureId: readOptionalString("capture_id"),
|
|
1380
1427
|
voidId: readOptionalString("void_id"),
|
|
@@ -2050,6 +2097,80 @@ export class GatewayProtocolClient {
|
|
|
2050
2097
|
}
|
|
2051
2098
|
return assertJSONObject(JSON.parse(text));
|
|
2052
2099
|
}
|
|
2100
|
+
async getAgentReceiptV1ByID(receiptId) {
|
|
2101
|
+
const enc = encodeURIComponent(receiptId);
|
|
2102
|
+
const url = `${this.base}protocol/v2/agent-receipts/${enc}`;
|
|
2103
|
+
const res = await this.fetchWithRetries(url, {
|
|
2104
|
+
method: "GET",
|
|
2105
|
+
headers: this.headers(),
|
|
2106
|
+
});
|
|
2107
|
+
const text = await res.text();
|
|
2108
|
+
if (!res.ok) {
|
|
2109
|
+
const parsed = parseGatewayErrorEnvelope(text);
|
|
2110
|
+
throw new ProtocolHttpError(protocolHTTPErrorMessage("agent receipt", res.status, text), {
|
|
2111
|
+
statusCode: res.status,
|
|
2112
|
+
url,
|
|
2113
|
+
bodyText: text,
|
|
2114
|
+
errorCode: parsed.errorCode,
|
|
2115
|
+
errorMessage: parsed.errorMessage,
|
|
2116
|
+
});
|
|
2117
|
+
}
|
|
2118
|
+
const body = assertJSONObject(JSON.parse(text));
|
|
2119
|
+
if (String(body.receipt_id ?? "").trim() !== receiptId) {
|
|
2120
|
+
throw new Error(`agent receipt mismatch: requested=${receiptId} gateway=${String(body.receipt_id ?? "")}`);
|
|
2121
|
+
}
|
|
2122
|
+
if (String(body.tenant_id ?? "").trim() !== this.tenantId) {
|
|
2123
|
+
throw new Error(`agent receipt tenant mismatch: client=${this.tenantId} gateway=${String(body.tenant_id ?? "")}`);
|
|
2124
|
+
}
|
|
2125
|
+
return body;
|
|
2126
|
+
}
|
|
2127
|
+
async getAgentReceiptV1ByIntentToolCall(init) {
|
|
2128
|
+
const params = new URLSearchParams({
|
|
2129
|
+
intent_id: init.intentId,
|
|
2130
|
+
tool_call_id: init.toolCallId,
|
|
2131
|
+
});
|
|
2132
|
+
const url = `${this.base}protocol/v2/agent-receipts?${params.toString()}`;
|
|
2133
|
+
const res = await this.fetchWithRetries(url, {
|
|
2134
|
+
method: "GET",
|
|
2135
|
+
headers: this.headers(),
|
|
2136
|
+
});
|
|
2137
|
+
const text = await res.text();
|
|
2138
|
+
if (!res.ok) {
|
|
2139
|
+
const parsed = parseGatewayErrorEnvelope(text);
|
|
2140
|
+
throw new ProtocolHttpError(protocolHTTPErrorMessage("agent receipt lookup", res.status, text), {
|
|
2141
|
+
statusCode: res.status,
|
|
2142
|
+
url,
|
|
2143
|
+
bodyText: text,
|
|
2144
|
+
errorCode: parsed.errorCode,
|
|
2145
|
+
errorMessage: parsed.errorMessage,
|
|
2146
|
+
});
|
|
2147
|
+
}
|
|
2148
|
+
const body = assertJSONObject(JSON.parse(text));
|
|
2149
|
+
if (String(body.tenant_id ?? "").trim() !== this.tenantId) {
|
|
2150
|
+
throw new Error(`agent receipt tenant mismatch: client=${this.tenantId} gateway=${String(body.tenant_id ?? "")}`);
|
|
2151
|
+
}
|
|
2152
|
+
return body;
|
|
2153
|
+
}
|
|
2154
|
+
async verifyAgentReceiptV1(receipt) {
|
|
2155
|
+
const url = `${this.base}protocol/v2/agent-receipts/verify`;
|
|
2156
|
+
const res = await this.fetchWithRetries(url, {
|
|
2157
|
+
method: "POST",
|
|
2158
|
+
headers: this.headers({ "content-type": "application/json" }),
|
|
2159
|
+
body: JSON.stringify(receipt),
|
|
2160
|
+
});
|
|
2161
|
+
const text = await res.text();
|
|
2162
|
+
if (!res.ok) {
|
|
2163
|
+
const parsed = parseGatewayErrorEnvelope(text);
|
|
2164
|
+
throw new ProtocolHttpError(protocolHTTPErrorMessage("agent receipt verify", res.status, text), {
|
|
2165
|
+
statusCode: res.status,
|
|
2166
|
+
url,
|
|
2167
|
+
bodyText: text,
|
|
2168
|
+
errorCode: parsed.errorCode,
|
|
2169
|
+
errorMessage: parsed.errorMessage,
|
|
2170
|
+
});
|
|
2171
|
+
}
|
|
2172
|
+
return assertJSONObject(JSON.parse(text));
|
|
2173
|
+
}
|
|
2053
2174
|
async createHarborIntent(init) {
|
|
2054
2175
|
return this.postJSON("/harbor/intents", init.body, gatewayMutationHeaders(init.recognitionProof, {
|
|
2055
2176
|
...(init.idempotencyKey?.trim() ? { "idempotency-key": init.idempotencyKey.trim() } : {}),
|
|
@@ -2217,6 +2338,7 @@ export class PaybondIntents {
|
|
|
2217
2338
|
async fund(params) {
|
|
2218
2339
|
return this.harbor.fundIntent(params.intentId, {
|
|
2219
2340
|
paymentSignature: params.paymentSignature,
|
|
2341
|
+
paymentAuthorization: params.paymentAuthorization,
|
|
2220
2342
|
idempotencyKey: params.idempotencyKey,
|
|
2221
2343
|
recognitionProof: params.recognitionProof,
|
|
2222
2344
|
});
|
|
@@ -2242,6 +2364,52 @@ export class PaybondIntents {
|
|
|
2242
2364
|
}),
|
|
2243
2365
|
});
|
|
2244
2366
|
}
|
|
2367
|
+
/**
|
|
2368
|
+
* One-shot Stripe MPP charge fund flow: create Payment Auth credentials from 402 challenges,
|
|
2369
|
+
* retry with `paymentAuthorization`, and poll until funded.
|
|
2370
|
+
*
|
|
2371
|
+
* MPP wallet and SPT secrets stay app-owned — pass injectable `createPaymentCredential` and
|
|
2372
|
+
* `issueRecognitionProof` callbacks.
|
|
2373
|
+
*/
|
|
2374
|
+
async fundWithMppCharge(params) {
|
|
2375
|
+
const { intentId, recognitionProof, createPaymentCredential, issueRecognitionProof, pollOptions, idempotencyKey, } = params;
|
|
2376
|
+
return executeFundWithMppCharge({
|
|
2377
|
+
intentId,
|
|
2378
|
+
recognitionProof,
|
|
2379
|
+
createPaymentCredential,
|
|
2380
|
+
issueRecognitionProof,
|
|
2381
|
+
pollOptions,
|
|
2382
|
+
fund: ({ recognitionProof: proof, paymentAuthorization }) => this.fund({
|
|
2383
|
+
intentId,
|
|
2384
|
+
recognitionProof: proof,
|
|
2385
|
+
paymentAuthorization,
|
|
2386
|
+
idempotencyKey,
|
|
2387
|
+
}),
|
|
2388
|
+
});
|
|
2389
|
+
}
|
|
2390
|
+
/**
|
|
2391
|
+
* Tempo MPP session fund flow: open a session channel deposit via Payment Auth credentials,
|
|
2392
|
+
* retry with `paymentAuthorization`, and poll until the intent is funded.
|
|
2393
|
+
*
|
|
2394
|
+
* MPP wallet and SPT secrets stay app-owned — pass injectable `createPaymentCredential` and
|
|
2395
|
+
* `issueRecognitionProof` callbacks.
|
|
2396
|
+
*/
|
|
2397
|
+
async fundWithMppSession(params) {
|
|
2398
|
+
const { intentId, recognitionProof, createPaymentCredential, issueRecognitionProof, pollOptions, idempotencyKey, } = params;
|
|
2399
|
+
return executeFundWithMppSession({
|
|
2400
|
+
intentId,
|
|
2401
|
+
recognitionProof,
|
|
2402
|
+
createPaymentCredential,
|
|
2403
|
+
issueRecognitionProof,
|
|
2404
|
+
pollOptions,
|
|
2405
|
+
fund: ({ recognitionProof: proof, paymentAuthorization }) => this.fund({
|
|
2406
|
+
intentId,
|
|
2407
|
+
recognitionProof: proof,
|
|
2408
|
+
paymentAuthorization,
|
|
2409
|
+
idempotencyKey,
|
|
2410
|
+
}),
|
|
2411
|
+
});
|
|
2412
|
+
}
|
|
2245
2413
|
/**
|
|
2246
2414
|
* Sign payee evidence and POST it. `payeeSigningSeed` must be 32 bytes.
|
|
2247
2415
|
*/
|
|
@@ -2277,6 +2445,7 @@ export class Paybond {
|
|
|
2277
2445
|
intents;
|
|
2278
2446
|
audit;
|
|
2279
2447
|
agentRun;
|
|
2448
|
+
agent;
|
|
2280
2449
|
constructor(harbor, guardrails, signal, fraud, a2a, protocol, audit) {
|
|
2281
2450
|
this.harbor = harbor;
|
|
2282
2451
|
this.guardrails = guardrails;
|
|
@@ -2287,6 +2456,7 @@ export class Paybond {
|
|
|
2287
2456
|
this.intents = new PaybondIntents(harbor);
|
|
2288
2457
|
this.audit = audit;
|
|
2289
2458
|
this.agentRun = new PaybondAgentRunFacade(this);
|
|
2459
|
+
this.agent = createPaybondAgentCallable(protocol, (input) => createPaybondAgent(this, input));
|
|
2290
2460
|
}
|
|
2291
2461
|
/** Open a tenant-bound hosted Paybond session from a service-account API key. */
|
|
2292
2462
|
static async open(init) {
|
|
@@ -2373,13 +2543,6 @@ export class Paybond {
|
|
|
2373
2543
|
instrumentMCP(input) {
|
|
2374
2544
|
return instrumentPaybondMCP(this, input);
|
|
2375
2545
|
}
|
|
2376
|
-
/**
|
|
2377
|
-
* Opinionated quickstart: resolve named policy presets (for example `travel`) or file paths,
|
|
2378
|
-
* then instrument tools for the selected framework.
|
|
2379
|
-
*/
|
|
2380
|
-
agent(input) {
|
|
2381
|
-
return createPaybondAgent(this, input);
|
|
2382
|
-
}
|
|
2383
2546
|
/** Wrap tools for an existing bound run without reloading policy. */
|
|
2384
2547
|
wrapTools(run, tools, options) {
|
|
2385
2548
|
return wrapPaybondTools(run, tools, options);
|
|
@@ -2405,6 +2568,7 @@ export { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBindi
|
|
|
2405
2568
|
export { artifactsDigest, evidenceSignBytesV1, signPayeeEvidenceBinding, } from "./payee-evidence.js";
|
|
2406
2569
|
export { AGENT_RECOGNITION_GATEWAY_VERIFIER_ID, AGENT_RECOGNITION_PROOF_KIND_V1, AGENT_RECOGNITION_PURPOSE_CREATE, AGENT_RECOGNITION_PURPOSE_FUND, AGENT_RECOGNITION_PURPOSE_EVIDENCE_SUBMIT, newAgentRecognitionRequestEnvelope, signAgentRecognitionProofV1, signHarborCreateRecognitionProof, signHarborFundRecognitionProof, signHarborEvidenceSubmitRecognitionProof, signHarborSettlementConfirmRecognitionProof, } from "./agent-recognition.js";
|
|
2407
2570
|
export { executeFundWithX402, buildX402FundRequestEnvelope, PaybondX402FundingFailedError, PaybondX402FundingPendingError, } from "./x402-funding.js";
|
|
2571
|
+
export { executeFundWithMpp, executeFundWithMppCharge, executeFundWithMppSession, buildMppFundRequestEnvelope, parsePaymentAuthChallenge, selectMppChargeChallenge, selectMppSessionChallenge, PaybondMppFundingFailedError, PaybondMppFundingPendingError, } from "./mpp-funding.js";
|
|
2408
2572
|
export { validateCompletionEvidence, } from "./completion-validate-evidence.js";
|
|
2409
2573
|
export { completionSchemaDigestHex, computeVendorContractDigests, verifyVendorContract, verifyCatalogVendorContracts, } from "./completion-contract-digest.js";
|
|
2410
2574
|
export { contractSnapshotForPreset, mapVendorEvidenceToCanonical, resolveCompletionPreset, } from "./completion-resolve.js";
|
|
@@ -2412,3 +2576,6 @@ export { PaybondAgentRun, PaybondAgentRunBindError, PaybondAgentRunFacade, Paybo
|
|
|
2412
2576
|
export { PaybondAudit, PaybondAuditExports, GatewayAuditExportsClient, parseAuditExportList, parseAuditExportJobGet, verifyAuditManifest, verifyAuditBundleLocal, } from "./audit/index.js";
|
|
2413
2577
|
export { PaybondPolicy, composePolicyLayers, composeBundledPresetDefault, domain, guardrails, paybondPolicyPresets, resolveComposedPresetDocument, } from "./policy/index.js";
|
|
2414
2578
|
export { getSolutionSmokeDefaults, isKnownSolutionId, listSolutionIds, loadSolutionManifest, paybondSolutionPresets, } from "./solutions/index.js";
|
|
2579
|
+
export { appendDirectHarborPaymentAuthorization, formatPaymentAuthorizationValue, PAYBOND_PAYMENT_AUTHORIZATION_HEADER, PAYMENT_TRANSPORT_RESPONSE_HEADERS, paymentAuthorizationGatewayHeader, readFundPaymentTransportHeaders, } from "./payment-transport.js";
|
|
2580
|
+
export { AGENT_RECEIPT_KIND_V1, AGENT_RECEIPT_SCHEMA_VERSION, AGENT_RECEIPT_SCOPE_ACTION, AGENT_RECEIPT_SCOPE_INTENT_TERMINAL, AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519, AGENT_RECEIPT_VERSION_V1, AGENT_RECEIPT_WELL_KNOWN_PATH, actionReceiptId, canonicalAgentReceiptBytes, configHashSha256Hex, promptHashSha256Hex, valueDigestSha256Hex, verifyAgentReceiptV1, } from "./agent-receipt.js";
|
|
2581
|
+
export { AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828, AGENT_RECEIPT_EXTERNAL_SOURCE_X402, partnerRecordDigestSha256Hex, resolveExternalAttestations, sep2828RecordsToExternalAttestations, x402ReceiptToExternalAttestations, } from "./agent-receipt-external-attestations.js";
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/** MCP resource URI helpers for tenant-bound agent receipt handoff. */
|
|
2
|
+
export declare const MCP_AGENT_RECEIPT_RESOURCE_SCHEME = "paybond";
|
|
3
|
+
export declare const MCP_AGENT_RECEIPT_RESOURCE_HOST = "receipt";
|
|
4
|
+
export declare const MCP_AGENT_RECEIPT_RESOURCE_URI_TEMPLATE = "paybond://receipt/{receipt_id}";
|
|
5
|
+
export declare const MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE = "application/json";
|
|
6
|
+
/** Parse `paybond://receipt/{receipt_id}` into a canonical receipt id. */
|
|
7
|
+
export declare function parseAgentReceiptResourceUri(uri: string): string;
|
|
8
|
+
/** Build the MCP resource URI for one signed agent receipt id. */
|
|
9
|
+
export declare function agentReceiptResourceUri(receiptId: string): string;
|
|
10
|
+
export declare function agentReceiptResourceTemplateDefinition(): Record<string, unknown>;
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/** MCP resource URI helpers for tenant-bound agent receipt handoff. */
|
|
2
|
+
export const MCP_AGENT_RECEIPT_RESOURCE_SCHEME = "paybond";
|
|
3
|
+
export const MCP_AGENT_RECEIPT_RESOURCE_HOST = "receipt";
|
|
4
|
+
export const MCP_AGENT_RECEIPT_RESOURCE_URI_TEMPLATE = "paybond://receipt/{receipt_id}";
|
|
5
|
+
export const MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE = "application/json";
|
|
6
|
+
const RECEIPT_URI_RE = /^paybond:\/\/receipt\/([0-9a-f]{64}|[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})$/i;
|
|
7
|
+
/** Parse `paybond://receipt/{receipt_id}` into a canonical receipt id. */
|
|
8
|
+
export function parseAgentReceiptResourceUri(uri) {
|
|
9
|
+
const trimmed = uri.trim();
|
|
10
|
+
const match = RECEIPT_URI_RE.exec(trimmed);
|
|
11
|
+
if (!match) {
|
|
12
|
+
throw new Error(`unsupported resource URI ${trimmed}; expected ${MCP_AGENT_RECEIPT_RESOURCE_URI_TEMPLATE}`);
|
|
13
|
+
}
|
|
14
|
+
return match[1].toLowerCase();
|
|
15
|
+
}
|
|
16
|
+
/** Build the MCP resource URI for one signed agent receipt id. */
|
|
17
|
+
export function agentReceiptResourceUri(receiptId) {
|
|
18
|
+
const normalized = receiptId.trim().toLowerCase();
|
|
19
|
+
if (!RECEIPT_URI_RE.test(`paybond://receipt/${normalized}`)) {
|
|
20
|
+
throw new Error("receipt_id must be a lowercase SHA-256 hex digest or canonical UUID");
|
|
21
|
+
}
|
|
22
|
+
return `paybond://receipt/${normalized}`;
|
|
23
|
+
}
|
|
24
|
+
export function agentReceiptResourceTemplateDefinition() {
|
|
25
|
+
return {
|
|
26
|
+
uriTemplate: MCP_AGENT_RECEIPT_RESOURCE_URI_TEMPLATE,
|
|
27
|
+
name: "paybond_agent_receipt",
|
|
28
|
+
title: "Paybond Agent Receipt",
|
|
29
|
+
description: "Signed paybond.agent_receipt_v1 JSON fetched tenant-bound from Gateway GET /protocol/v2/agent-receipts/{receipt_id}.",
|
|
30
|
+
mimeType: MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE,
|
|
31
|
+
};
|
|
32
|
+
}
|
package/dist/mcp-server.d.ts
CHANGED
|
@@ -44,6 +44,12 @@ export declare class PaybondMCPServer {
|
|
|
44
44
|
private readonly toolPolicy;
|
|
45
45
|
private initialized;
|
|
46
46
|
constructor(settings: PaybondMCPSettings);
|
|
47
|
+
listResourceTemplates(): Array<Record<string, unknown>>;
|
|
48
|
+
readResource(uri: string): Promise<{
|
|
49
|
+
uri: string;
|
|
50
|
+
mimeType: string;
|
|
51
|
+
text: string;
|
|
52
|
+
}>;
|
|
47
53
|
listTools(): Array<Record<string, unknown>>;
|
|
48
54
|
callTool(name: string, args?: Record<string, unknown>): Promise<MCPCallToolResult>;
|
|
49
55
|
handleMessage(message: JSONRPCRequest): Promise<JSONRPCResponse | null>;
|
package/dist/mcp-server.js
CHANGED
|
@@ -11,9 +11,10 @@ import { MCP_TOOL_ALLOWLIST_ENV, MCP_TOOL_POLICY_ENV, mergeMcpToolPolicy, parseM
|
|
|
11
11
|
import { MCP_EVIDENCE_POLICY_ENV, McpEvidenceValidationGate, completionEvidenceValidationOk, extractHarborEvidenceValidationInput, extractSandboxGuardrailValidationInput, parseMcpEvidencePolicy, } from "./mcp-evidence-policy.js";
|
|
12
12
|
import { McpCapabilityTokenCache, mcpToolStoresCapabilityToken, parseMcpCapabilityTokenCacheConfig, } from "./mcp-capability-token-cache.js";
|
|
13
13
|
import { createMcpPolicyGatewayAdapter, McpPolicyReloadGate, parseMcpPolicyReloadConfig, } from "./mcp-policy-reload.js";
|
|
14
|
+
import { agentReceiptResourceTemplateDefinition, agentReceiptResourceUri, MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE, parseAgentReceiptResourceUri, } from "./mcp-receipt-resource.js";
|
|
14
15
|
import { DEFAULT_PAYBOND_GATEWAY_BASE_URL, GatewayFraudClient, GatewaySignalClient, } from "./index.js";
|
|
15
16
|
const SERVER_NAME = "Paybond MCP";
|
|
16
|
-
const SERVER_VERSION = "0.
|
|
17
|
+
const SERVER_VERSION = "0.12.0";
|
|
17
18
|
const MCP_PROTOCOL_VERSION = "2025-11-25";
|
|
18
19
|
const DEFAULT_PRINCIPAL_PATH = "/v1/auth/principal";
|
|
19
20
|
const DEFAULT_RECOGNITION_VERIFIER_ID = "paybond-gateway";
|
|
@@ -846,6 +847,22 @@ class PaybondMCPRuntime {
|
|
|
846
847
|
"x-tenant-id": await this.tenantId(),
|
|
847
848
|
});
|
|
848
849
|
}
|
|
850
|
+
async getAgentReceiptV1(receiptId) {
|
|
851
|
+
const normalized = receiptId.trim().toLowerCase();
|
|
852
|
+
const body = await this.gateway.getJSON(`/protocol/v2/agent-receipts/${encodeURIComponent(normalized)}`, {
|
|
853
|
+
"x-tenant-id": await this.tenantId(),
|
|
854
|
+
});
|
|
855
|
+
const expectedTenant = await this.tenantId();
|
|
856
|
+
const echoedTenant = String(body.tenant_id ?? "").trim();
|
|
857
|
+
if (echoedTenant !== expectedTenant) {
|
|
858
|
+
throw new Error(`tenant mismatch: expected=${expectedTenant} gateway=${echoedTenant}`);
|
|
859
|
+
}
|
|
860
|
+
const echoedReceipt = String(body.receipt_id ?? "").trim().toLowerCase();
|
|
861
|
+
if (echoedReceipt !== normalized) {
|
|
862
|
+
throw new Error(`receipt mismatch: requested=${normalized} gateway=${echoedReceipt}`);
|
|
863
|
+
}
|
|
864
|
+
return body;
|
|
865
|
+
}
|
|
849
866
|
async createHarborIntent(init) {
|
|
850
867
|
return this.gateway.postJSON("/harbor/intents", init.body, gatewayMutationHeaders(await this.tenantId(), init.recognitionProof, optionalMutationHeaders(init.idempotencyKey)));
|
|
851
868
|
}
|
|
@@ -896,6 +913,18 @@ export class PaybondMCPServer {
|
|
|
896
913
|
this.runtime = new PaybondMCPRuntime(settings);
|
|
897
914
|
this.tools = this.buildTools(settings).filter((tool) => toolAllowedByPolicy(tool.name, tool.annotations, this.toolPolicy));
|
|
898
915
|
}
|
|
916
|
+
listResourceTemplates() {
|
|
917
|
+
return [agentReceiptResourceTemplateDefinition()];
|
|
918
|
+
}
|
|
919
|
+
async readResource(uri) {
|
|
920
|
+
const receiptId = parseAgentReceiptResourceUri(uri);
|
|
921
|
+
const receipt = await this.runtime.getAgentReceiptV1(receiptId);
|
|
922
|
+
return {
|
|
923
|
+
uri: agentReceiptResourceUri(receiptId),
|
|
924
|
+
mimeType: MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE,
|
|
925
|
+
text: JSON.stringify(receipt, null, 2),
|
|
926
|
+
};
|
|
927
|
+
}
|
|
899
928
|
listTools() {
|
|
900
929
|
return this.tools.map((tool) => ({
|
|
901
930
|
name: tool.name,
|
|
@@ -973,6 +1002,10 @@ export class PaybondMCPServer {
|
|
|
973
1002
|
tools: {
|
|
974
1003
|
listChanged: false,
|
|
975
1004
|
},
|
|
1005
|
+
resources: {
|
|
1006
|
+
subscribe: false,
|
|
1007
|
+
listChanged: false,
|
|
1008
|
+
},
|
|
976
1009
|
},
|
|
977
1010
|
serverInfo: {
|
|
978
1011
|
name: SERVER_NAME,
|
|
@@ -1002,6 +1035,34 @@ export class PaybondMCPServer {
|
|
|
1002
1035
|
tools: this.listTools(),
|
|
1003
1036
|
},
|
|
1004
1037
|
};
|
|
1038
|
+
case "resources/list":
|
|
1039
|
+
return {
|
|
1040
|
+
jsonrpc: "2.0",
|
|
1041
|
+
id: message.id,
|
|
1042
|
+
result: {
|
|
1043
|
+
resources: [],
|
|
1044
|
+
},
|
|
1045
|
+
};
|
|
1046
|
+
case "resources/templates/list":
|
|
1047
|
+
return {
|
|
1048
|
+
jsonrpc: "2.0",
|
|
1049
|
+
id: message.id,
|
|
1050
|
+
result: {
|
|
1051
|
+
resourceTemplates: this.listResourceTemplates(),
|
|
1052
|
+
},
|
|
1053
|
+
};
|
|
1054
|
+
case "resources/read": {
|
|
1055
|
+
const params = ensureObject(message.params, "resources/read params");
|
|
1056
|
+
const uri = stringArg(params.uri, "uri");
|
|
1057
|
+
const contents = await this.readResource(uri);
|
|
1058
|
+
return {
|
|
1059
|
+
jsonrpc: "2.0",
|
|
1060
|
+
id: message.id,
|
|
1061
|
+
result: {
|
|
1062
|
+
contents: [contents],
|
|
1063
|
+
},
|
|
1064
|
+
};
|
|
1065
|
+
}
|
|
1005
1066
|
case "tools/call": {
|
|
1006
1067
|
const params = ensureObject(message.params, "tools/call params");
|
|
1007
1068
|
const name = stringArg(params.name, "name");
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MPP commercial denomination helpers for Paybond MVP.
|
|
3
|
+
*
|
|
4
|
+
* Paybond intent commercial fields remain USD-denominated (`amount_cents`, `currency`).
|
|
5
|
+
* Tempo session deposits use USDC base units (6 decimals): `amount_cents * 10_000`.
|
|
6
|
+
*/
|
|
7
|
+
import type { SettlementRail } from "./principal-intent.js";
|
|
8
|
+
/** USDC uses 6 decimal places; one USD cent maps to 10_000 base units. */
|
|
9
|
+
export declare const USDC_BASE_UNITS_PER_USD_CENT = 10000;
|
|
10
|
+
/** Rails that require USD-denominated commercial intent fields for MVP. */
|
|
11
|
+
export declare const USD_DENOMINATED_SETTLEMENT_RAILS: Set<SettlementRail>;
|
|
12
|
+
/**
|
|
13
|
+
* Rejects non-USD intents on rails that remain USD-denominated for MVP.
|
|
14
|
+
*/
|
|
15
|
+
export declare function validateUsdDenominatedSettlement(settlementRail: SettlementRail, currency: string): void;
|
|
16
|
+
/**
|
|
17
|
+
* Converts Paybond USD cents to Tempo USDC base units.
|
|
18
|
+
*/
|
|
19
|
+
export declare function usdCentsToUsdcBaseUnits(amountCents: number): bigint;
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MPP commercial denomination helpers for Paybond MVP.
|
|
3
|
+
*
|
|
4
|
+
* Paybond intent commercial fields remain USD-denominated (`amount_cents`, `currency`).
|
|
5
|
+
* Tempo session deposits use USDC base units (6 decimals): `amount_cents * 10_000`.
|
|
6
|
+
*/
|
|
7
|
+
/** USDC uses 6 decimal places; one USD cent maps to 10_000 base units. */
|
|
8
|
+
export const USDC_BASE_UNITS_PER_USD_CENT = 10_000;
|
|
9
|
+
/** Rails that require USD-denominated commercial intent fields for MVP. */
|
|
10
|
+
export const USD_DENOMINATED_SETTLEMENT_RAILS = new Set([
|
|
11
|
+
"x402_usdc_base",
|
|
12
|
+
"stripe_ach_debit",
|
|
13
|
+
"stripe_mpp",
|
|
14
|
+
]);
|
|
15
|
+
/**
|
|
16
|
+
* Rejects non-USD intents on rails that remain USD-denominated for MVP.
|
|
17
|
+
*/
|
|
18
|
+
export function validateUsdDenominatedSettlement(settlementRail, currency) {
|
|
19
|
+
if (!USD_DENOMINATED_SETTLEMENT_RAILS.has(settlementRail)) {
|
|
20
|
+
return;
|
|
21
|
+
}
|
|
22
|
+
if (currency.trim().toLowerCase() !== "usd") {
|
|
23
|
+
throw new Error(`currency must be usd when settlementRail is ${settlementRail} until multi-currency policy is defined`);
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Converts Paybond USD cents to Tempo USDC base units.
|
|
28
|
+
*/
|
|
29
|
+
export function usdCentsToUsdcBaseUnits(amountCents) {
|
|
30
|
+
if (!Number.isInteger(amountCents) || amountCents < 0) {
|
|
31
|
+
throw new Error("amountCents must be a non-negative integer");
|
|
32
|
+
}
|
|
33
|
+
return BigInt(amountCents) * BigInt(USDC_BASE_UNITS_PER_USD_CENT);
|
|
34
|
+
}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
import type { AgentRecognitionProofV1, FundIntentResult } from "./index.js";
|
|
2
|
+
import { type FundRequestEnvelope, type X402FundPollOptions } from "./x402-funding.js";
|
|
3
|
+
/** Raw `WWW-Authenticate: Payment …` challenge value from Harbor or the gateway. */
|
|
4
|
+
export type PaymentAuthChallenge = string;
|
|
5
|
+
/** Parsed Payment Auth challenge parameters from a `WWW-Authenticate` header value. */
|
|
6
|
+
export type ParsedPaymentAuthChallenge = {
|
|
7
|
+
raw: string;
|
|
8
|
+
id?: string;
|
|
9
|
+
realm?: string;
|
|
10
|
+
method?: string;
|
|
11
|
+
intent?: string;
|
|
12
|
+
request?: string;
|
|
13
|
+
};
|
|
14
|
+
export type MppFundPollOptions = X402FundPollOptions;
|
|
15
|
+
/** Raised when MPP funding cannot complete (missing challenge, terminal rail status, unexpected HTTP). */
|
|
16
|
+
export declare class PaybondMppFundingFailedError extends Error {
|
|
17
|
+
readonly intentId: string;
|
|
18
|
+
readonly lastResult?: FundIntentResult;
|
|
19
|
+
constructor(message: string, init: {
|
|
20
|
+
intentId: string;
|
|
21
|
+
lastResult?: FundIntentResult;
|
|
22
|
+
cause?: unknown;
|
|
23
|
+
});
|
|
24
|
+
}
|
|
25
|
+
/** Raised when polling exhausts `maxAttempts` before Harbor returns a funded capability token. */
|
|
26
|
+
export declare class PaybondMppFundingPendingError extends Error {
|
|
27
|
+
readonly intentId: string;
|
|
28
|
+
readonly lastResult: FundIntentResult;
|
|
29
|
+
readonly attempts: number;
|
|
30
|
+
constructor(message: string, init: {
|
|
31
|
+
intentId: string;
|
|
32
|
+
lastResult: FundIntentResult;
|
|
33
|
+
attempts: number;
|
|
34
|
+
});
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Parses a `WWW-Authenticate: Payment …` challenge into structured parameters.
|
|
38
|
+
*
|
|
39
|
+
* @throws Error when the value is empty or does not start with the Payment scheme.
|
|
40
|
+
*/
|
|
41
|
+
export declare function parsePaymentAuthChallenge(raw: string): ParsedPaymentAuthChallenge;
|
|
42
|
+
/** Selects the Stripe MPP charge challenge from `WWW-Authenticate` values. */
|
|
43
|
+
export declare function selectMppChargeChallenge(wwwAuthenticate: string[] | undefined): PaymentAuthChallenge;
|
|
44
|
+
/** Selects the Tempo MPP session challenge from `WWW-Authenticate` values. */
|
|
45
|
+
export declare function selectMppSessionChallenge(wwwAuthenticate: string[] | undefined): PaymentAuthChallenge;
|
|
46
|
+
/** Canonical `/fund` request envelope for Gateway `POST /harbor/intents/{intentId}/fund`. */
|
|
47
|
+
export declare function buildMppFundRequestEnvelope(intentId: string): FundRequestEnvelope;
|
|
48
|
+
export type ExecuteFundWithMppParams = {
|
|
49
|
+
intentId: string;
|
|
50
|
+
recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
|
|
51
|
+
/** App-owned callback that turns a Payment Auth challenge into a credential token or header value. */
|
|
52
|
+
createPaymentCredential: (challenge: PaymentAuthChallenge) => Promise<string>;
|
|
53
|
+
issueRecognitionProof: (envelope: FundRequestEnvelope) => Promise<AgentRecognitionProofV1 | Record<string, unknown>>;
|
|
54
|
+
pollOptions?: MppFundPollOptions;
|
|
55
|
+
selectChallenge: (wwwAuthenticate: string[] | undefined) => PaymentAuthChallenge;
|
|
56
|
+
fund: (args: {
|
|
57
|
+
recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
|
|
58
|
+
paymentAuthorization?: string;
|
|
59
|
+
}) => Promise<FundIntentResult>;
|
|
60
|
+
};
|
|
61
|
+
/**
|
|
62
|
+
* Orchestrate MPP `/fund`: handle 402 Payment Auth challenges, retry with credentials, poll until funded.
|
|
63
|
+
*
|
|
64
|
+
* Wallet and SPT secrets stay app-owned — pass injectable `createPaymentCredential` and
|
|
65
|
+
* `issueRecognitionProof` callbacks; Paybond never stores MPP signing material.
|
|
66
|
+
*/
|
|
67
|
+
export declare function executeFundWithMpp(params: ExecuteFundWithMppParams): Promise<FundIntentResult>;
|
|
68
|
+
/** One-shot Stripe MPP charge funding through Payment Auth semantics. */
|
|
69
|
+
export declare function executeFundWithMppCharge(params: Omit<ExecuteFundWithMppParams, "selectChallenge">): Promise<FundIntentResult>;
|
|
70
|
+
/** Tempo MPP session funding through Payment Auth semantics. */
|
|
71
|
+
export declare function executeFundWithMppSession(params: Omit<ExecuteFundWithMppParams, "selectChallenge">): Promise<FundIntentResult>;
|