@paybond/kit 0.11.11 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/completion-presets/catalog.json +10 -5
  2. package/completion-presets/catalog.sha256 +1 -1
  3. package/dist/agent/index.d.ts +2 -1
  4. package/dist/agent/index.js +1 -0
  5. package/dist/agent/interceptor.d.ts +9 -0
  6. package/dist/agent/interceptor.js +177 -1
  7. package/dist/agent/receipt-client.d.ts +49 -0
  8. package/dist/agent/receipt-client.js +45 -0
  9. package/dist/agent/registry.js +1 -0
  10. package/dist/agent/run.d.ts +2 -0
  11. package/dist/agent/run.js +52 -0
  12. package/dist/agent/types.d.ts +70 -0
  13. package/dist/agent-receipt-external-attestations.d.ts +29 -0
  14. package/dist/agent-receipt-external-attestations.js +124 -0
  15. package/dist/agent-receipt.d.ts +134 -0
  16. package/dist/agent-receipt.js +580 -0
  17. package/dist/audit/exports.d.ts +15 -1
  18. package/dist/audit/exports.js +55 -8
  19. package/dist/audit/index.d.ts +2 -2
  20. package/dist/audit/wire.d.ts +12 -0
  21. package/dist/audit/wire.js +13 -1
  22. package/dist/cli/command-spec.js +4 -2
  23. package/dist/cli/commands/discovery.js +17 -6
  24. package/dist/cli/help.d.ts +1 -1
  25. package/dist/cli/help.js +3 -3
  26. package/dist/completion-catalog-digest.d.ts +1 -1
  27. package/dist/completion-catalog-digest.js +1 -1
  28. package/dist/index.d.ts +83 -7
  29. package/dist/index.js +180 -13
  30. package/dist/mcp-receipt-resource.d.ts +10 -0
  31. package/dist/mcp-receipt-resource.js +32 -0
  32. package/dist/mcp-server.d.ts +6 -0
  33. package/dist/mcp-server.js +62 -1
  34. package/dist/mpp-commercial.d.ts +19 -0
  35. package/dist/mpp-commercial.js +34 -0
  36. package/dist/mpp-funding.d.ts +71 -0
  37. package/dist/mpp-funding.js +192 -0
  38. package/dist/payment-transport.d.ts +30 -0
  39. package/dist/payment-transport.js +56 -0
  40. package/dist/policy/intent-spec.js +2 -0
  41. package/dist/principal-intent.d.ts +1 -1
  42. package/dist/principal-intent.js +4 -1
  43. package/package.json +1 -1
  44. package/templates/openai-shopping-agent/package-lock.json +7 -7
  45. package/templates/paybond-aws-operator/package-lock.json +4 -4
  46. package/templates/paybond-claude-agents-demo/package-lock.json +7 -7
  47. package/templates/paybond-mastra-travel-agent/package-lock.json +10 -10
  48. package/templates/paybond-mcp-coding-agent/package-lock.json +4 -4
  49. package/templates/paybond-openai-agents-demo/package-lock.json +7 -7
  50. package/templates/paybond-procurement-agent/package-lock.json +4 -4
  51. package/templates/paybond-travel-agent/package-lock.json +7 -7
  52. package/templates/paybond-vercel-shopping-agent/package-lock.json +4 -4
@@ -0,0 +1,192 @@
1
+ import { buildX402FundRequestEnvelope, } from "./x402-funding.js";
2
+ const DEFAULT_MAX_ATTEMPTS = 30;
3
+ const DEFAULT_INTERVAL_MS = 2_000;
4
+ const TERMINAL_MPP_FUNDING_STATUSES = new Set([
5
+ "authorization_failed",
6
+ "capture_failed",
7
+ "void_failed",
8
+ "credential_rejected",
9
+ "payment_failed",
10
+ "charge_failed",
11
+ "session_open_failed",
12
+ ]);
13
+ const MPP_CHARGE_EXPECTED = { intent: "charge", method: "stripe" };
14
+ const MPP_SESSION_EXPECTED = { intent: "session", method: "tempo" };
15
+ /** Raised when MPP funding cannot complete (missing challenge, terminal rail status, unexpected HTTP). */
16
+ export class PaybondMppFundingFailedError extends Error {
17
+ intentId;
18
+ lastResult;
19
+ constructor(message, init) {
20
+ super(message, { cause: init.cause });
21
+ this.name = "PaybondMppFundingFailedError";
22
+ this.intentId = init.intentId;
23
+ this.lastResult = init.lastResult;
24
+ }
25
+ }
26
+ /** Raised when polling exhausts `maxAttempts` before Harbor returns a funded capability token. */
27
+ export class PaybondMppFundingPendingError extends Error {
28
+ intentId;
29
+ lastResult;
30
+ attempts;
31
+ constructor(message, init) {
32
+ super(message);
33
+ this.name = "PaybondMppFundingPendingError";
34
+ this.intentId = init.intentId;
35
+ this.lastResult = init.lastResult;
36
+ this.attempts = init.attempts;
37
+ }
38
+ }
39
+ /**
40
+ * Parses a `WWW-Authenticate: Payment …` challenge into structured parameters.
41
+ *
42
+ * @throws Error when the value is empty or does not start with the Payment scheme.
43
+ */
44
+ export function parsePaymentAuthChallenge(raw) {
45
+ const trimmed = raw.trim();
46
+ if (!trimmed) {
47
+ throw new Error("Payment Auth challenge must be non-empty");
48
+ }
49
+ if (!/^payment\b/i.test(trimmed)) {
50
+ throw new Error("expected Payment Auth challenge");
51
+ }
52
+ const params = {};
53
+ const afterScheme = trimmed.replace(/^payment\s+/i, "");
54
+ const paramRe = /([a-zA-Z_][\w-]*)=(?:"([^"]*)"|([^,\s]+))/g;
55
+ let match;
56
+ while ((match = paramRe.exec(afterScheme)) !== null) {
57
+ params[match[1].toLowerCase()] = match[2] ?? match[3] ?? "";
58
+ }
59
+ return {
60
+ raw: trimmed,
61
+ id: params.id,
62
+ realm: params.realm,
63
+ method: params.method,
64
+ intent: params.intent,
65
+ request: params.request,
66
+ };
67
+ }
68
+ function selectMppPaymentChallenge(wwwAuthenticate, expected) {
69
+ if (!wwwAuthenticate?.length) {
70
+ throw new Error("MPP fund challenge missing WWW-Authenticate Payment header");
71
+ }
72
+ for (const header of wwwAuthenticate) {
73
+ const parsed = parsePaymentAuthChallenge(header);
74
+ if (parsed.intent === expected.intent && parsed.method === expected.method) {
75
+ return parsed.raw;
76
+ }
77
+ }
78
+ if (wwwAuthenticate.length === 1) {
79
+ const parsed = parsePaymentAuthChallenge(wwwAuthenticate[0]);
80
+ if (parsed.intent !== expected.intent || parsed.method !== expected.method) {
81
+ throw new Error(`MPP fund challenge intent/method mismatch: expected intent=${expected.intent} method=${expected.method}, got intent=${parsed.intent ?? "unknown"} method=${parsed.method ?? "unknown"}`);
82
+ }
83
+ return parsed.raw;
84
+ }
85
+ throw new Error(`MPP fund challenge missing Payment Auth header for intent=${expected.intent} method=${expected.method}`);
86
+ }
87
+ /** Selects the Stripe MPP charge challenge from `WWW-Authenticate` values. */
88
+ export function selectMppChargeChallenge(wwwAuthenticate) {
89
+ return selectMppPaymentChallenge(wwwAuthenticate, MPP_CHARGE_EXPECTED);
90
+ }
91
+ /** Selects the Tempo MPP session challenge from `WWW-Authenticate` values. */
92
+ export function selectMppSessionChallenge(wwwAuthenticate) {
93
+ return selectMppPaymentChallenge(wwwAuthenticate, MPP_SESSION_EXPECTED);
94
+ }
95
+ /** Canonical `/fund` request envelope for Gateway `POST /harbor/intents/{intentId}/fund`. */
96
+ export function buildMppFundRequestEnvelope(intentId) {
97
+ return buildX402FundRequestEnvelope(intentId);
98
+ }
99
+ function isFundingComplete(result) {
100
+ if (result.capabilityToken?.trim()) {
101
+ return true;
102
+ }
103
+ return result.statusCode === 200 && result.funded;
104
+ }
105
+ function isTerminalFundingFailure(result) {
106
+ const status = result.funding?.status?.trim();
107
+ return status !== undefined && TERMINAL_MPP_FUNDING_STATUSES.has(status);
108
+ }
109
+ function failureMessage(result) {
110
+ const status = result.funding?.status ?? result.state;
111
+ return `MPP funding failed for intent ${result.intentId} (status=${status})`;
112
+ }
113
+ async function sleep(ms) {
114
+ await new Promise((resolve) => setTimeout(resolve, ms));
115
+ }
116
+ /**
117
+ * Orchestrate MPP `/fund`: handle 402 Payment Auth challenges, retry with credentials, poll until funded.
118
+ *
119
+ * Wallet and SPT secrets stay app-owned — pass injectable `createPaymentCredential` and
120
+ * `issueRecognitionProof` callbacks; Paybond never stores MPP signing material.
121
+ */
122
+ export async function executeFundWithMpp(params) {
123
+ const intentId = params.intentId.trim();
124
+ if (!intentId) {
125
+ throw new Error("fundWithMpp: intentId is required");
126
+ }
127
+ const maxAttempts = Math.max(1, params.pollOptions?.maxAttempts ?? DEFAULT_MAX_ATTEMPTS);
128
+ const intervalMs = Math.max(0, params.pollOptions?.intervalMs ?? DEFAULT_INTERVAL_MS);
129
+ const envelope = buildMppFundRequestEnvelope(intentId);
130
+ let paymentAuthorization;
131
+ let result = await params.fund({ recognitionProof: params.recognitionProof });
132
+ if (result.statusCode === 402) {
133
+ const challenge = params.selectChallenge(result.wwwAuthenticate);
134
+ paymentAuthorization = (await params.createPaymentCredential(challenge)).trim();
135
+ if (!paymentAuthorization) {
136
+ throw new PaybondMppFundingFailedError("MPP createPaymentCredential returned an empty credential", {
137
+ intentId,
138
+ lastResult: result,
139
+ });
140
+ }
141
+ const retryProof = await params.issueRecognitionProof(envelope);
142
+ result = await params.fund({
143
+ recognitionProof: retryProof,
144
+ paymentAuthorization,
145
+ });
146
+ }
147
+ if (isTerminalFundingFailure(result)) {
148
+ throw new PaybondMppFundingFailedError(failureMessage(result), { intentId, lastResult: result });
149
+ }
150
+ if (isFundingComplete(result)) {
151
+ return result;
152
+ }
153
+ let attempts = 0;
154
+ while (result.statusCode === 202 || (!isFundingComplete(result) && result.statusCode === 200)) {
155
+ attempts += 1;
156
+ if (attempts > maxAttempts) {
157
+ throw new PaybondMppFundingPendingError(`MPP funding still pending after ${maxAttempts} poll attempt(s) for intent ${intentId}`, { intentId, lastResult: result, attempts: maxAttempts });
158
+ }
159
+ if (intervalMs > 0) {
160
+ await sleep(intervalMs);
161
+ }
162
+ const pollProof = await params.issueRecognitionProof(envelope);
163
+ result = await params.fund({
164
+ recognitionProof: pollProof,
165
+ ...(paymentAuthorization ? { paymentAuthorization } : {}),
166
+ });
167
+ if (isTerminalFundingFailure(result)) {
168
+ throw new PaybondMppFundingFailedError(failureMessage(result), { intentId, lastResult: result });
169
+ }
170
+ if (isFundingComplete(result)) {
171
+ return result;
172
+ }
173
+ }
174
+ if (isFundingComplete(result)) {
175
+ return result;
176
+ }
177
+ throw new PaybondMppFundingFailedError(`unexpected MPP fund response HTTP ${result.statusCode} for intent ${intentId}`, { intentId, lastResult: result });
178
+ }
179
+ /** One-shot Stripe MPP charge funding through Payment Auth semantics. */
180
+ export async function executeFundWithMppCharge(params) {
181
+ return executeFundWithMpp({
182
+ ...params,
183
+ selectChallenge: selectMppChargeChallenge,
184
+ });
185
+ }
186
+ /** Tempo MPP session funding through Payment Auth semantics. */
187
+ export async function executeFundWithMppSession(params) {
188
+ return executeFundWithMpp({
189
+ ...params,
190
+ selectChallenge: selectMppSessionChallenge,
191
+ });
192
+ }
@@ -0,0 +1,30 @@
1
+ /**
2
+ * Payment Auth transport headers for MPP funding through the Paybond Gateway.
3
+ *
4
+ * Kit callers send `x-paybond-payment-authorization: Payment <credential>` so
5
+ * `Authorization: Bearer` remains available for Paybond tenant authentication.
6
+ * The gateway translates this to `Authorization: Payment` when forwarding to Harbor.
7
+ */
8
+ /** Gateway-facing Payment Auth credential header (avoids clashing with Bearer auth). */
9
+ export declare const PAYBOND_PAYMENT_AUTHORIZATION_HEADER = "x-paybond-payment-authorization";
10
+ /** Payment Auth response headers propagated by the gateway from Harbor. */
11
+ export declare const PAYMENT_TRANSPORT_RESPONSE_HEADERS: readonly ["www-authenticate", "payment-receipt", "cache-control"];
12
+ /**
13
+ * Normalizes a Payment Auth credential for HTTP headers.
14
+ *
15
+ * Accepts either a raw credential token or a value already prefixed with `Payment `.
16
+ */
17
+ export declare function formatPaymentAuthorizationValue(credential: string): string;
18
+ /** Header entry for gateway Harbor fund/verify retries. */
19
+ export declare function paymentAuthorizationGatewayHeader(credential: string): Record<string, string>;
20
+ /**
21
+ * Appends `Authorization: Payment …` for direct Harbor calls that already carry Bearer auth.
22
+ */
23
+ export declare function appendDirectHarborPaymentAuthorization(headers: Headers, credential: string): void;
24
+ export type FundPaymentTransportHeaders = {
25
+ wwwAuthenticate?: string[];
26
+ paymentReceipt?: string;
27
+ cacheControl?: string;
28
+ };
29
+ /** Reads Payment Auth transport headers from a fund response. */
30
+ export declare function readFundPaymentTransportHeaders(headers: Headers): FundPaymentTransportHeaders;
@@ -0,0 +1,56 @@
1
+ /**
2
+ * Payment Auth transport headers for MPP funding through the Paybond Gateway.
3
+ *
4
+ * Kit callers send `x-paybond-payment-authorization: Payment <credential>` so
5
+ * `Authorization: Bearer` remains available for Paybond tenant authentication.
6
+ * The gateway translates this to `Authorization: Payment` when forwarding to Harbor.
7
+ */
8
+ /** Gateway-facing Payment Auth credential header (avoids clashing with Bearer auth). */
9
+ export const PAYBOND_PAYMENT_AUTHORIZATION_HEADER = "x-paybond-payment-authorization";
10
+ /** Payment Auth response headers propagated by the gateway from Harbor. */
11
+ export const PAYMENT_TRANSPORT_RESPONSE_HEADERS = [
12
+ "www-authenticate",
13
+ "payment-receipt",
14
+ "cache-control",
15
+ ];
16
+ /**
17
+ * Normalizes a Payment Auth credential for HTTP headers.
18
+ *
19
+ * Accepts either a raw credential token or a value already prefixed with `Payment `.
20
+ */
21
+ export function formatPaymentAuthorizationValue(credential) {
22
+ const trimmed = credential.trim();
23
+ if (!trimmed) {
24
+ throw new Error("payment authorization credential must be non-empty");
25
+ }
26
+ if (/^payment\s+/i.test(trimmed)) {
27
+ return trimmed;
28
+ }
29
+ return `Payment ${trimmed}`;
30
+ }
31
+ /** Header entry for gateway Harbor fund/verify retries. */
32
+ export function paymentAuthorizationGatewayHeader(credential) {
33
+ return {
34
+ [PAYBOND_PAYMENT_AUTHORIZATION_HEADER]: formatPaymentAuthorizationValue(credential),
35
+ };
36
+ }
37
+ /**
38
+ * Appends `Authorization: Payment …` for direct Harbor calls that already carry Bearer auth.
39
+ */
40
+ export function appendDirectHarborPaymentAuthorization(headers, credential) {
41
+ headers.append("authorization", formatPaymentAuthorizationValue(credential));
42
+ }
43
+ /** Reads Payment Auth transport headers from a fund response. */
44
+ export function readFundPaymentTransportHeaders(headers) {
45
+ const wwwAuthenticate = [];
46
+ headers.forEach((value, key) => {
47
+ if (key.toLowerCase() === "www-authenticate") {
48
+ wwwAuthenticate.push(value);
49
+ }
50
+ });
51
+ return {
52
+ wwwAuthenticate: wwwAuthenticate.length > 0 ? wwwAuthenticate : undefined,
53
+ paymentReceipt: headers.get("payment-receipt") ?? undefined,
54
+ cacheControl: headers.get("cache-control") ?? undefined,
55
+ };
56
+ }
@@ -1,5 +1,6 @@
1
1
  import { PaybondToolRegistryValidationError } from "../agent/types.js";
2
2
  import { resolveCompletionPreset, contractSnapshotForPreset } from "../completion-resolve.js";
3
+ import { validateUsdDenominatedSettlement } from "../mpp-commercial.js";
3
4
  import { policyToToolRegistry } from "./registry.js";
4
5
  /** Raised when policy intent fields cannot be aligned to a Harbor create payload. */
5
6
  export class PaybondPolicyIntentSpecError extends Error {
@@ -142,6 +143,7 @@ export function policyToIntentCreateInput(document, overrides) {
142
143
  const allowedTools = resolveAllowedHarborOperations(document, registry, overrides.allowedTools);
143
144
  const policyBinding = resolvePolicyBindingRef(document, overrides.publishedPolicyHead, overrides.policyBinding);
144
145
  const { budget, currency, amountCents } = resolveBudgetFields(document, overrides);
146
+ validateUsdDenominatedSettlement(overrides.settlementRail, currency);
145
147
  const completionPresetId = overrides.completionPresetId ??
146
148
  resolveEvidencePresetForOperations(registry, allowedTools);
147
149
  const resolvedPreset = resolveCompletionPreset(completionPresetId);
@@ -3,7 +3,7 @@
3
3
  * Matches `crates/harbor-intent-escrow/src/signing.rs` (`intent_creation_sign_bytes_raw`).
4
4
  */
5
5
  /** Tenant-configured settlement rail names. Clients may request a rail, not a destination. */
6
- export type SettlementRail = "stripe_connect" | "stripe_ach_debit" | "x402_usdc_base";
6
+ export type SettlementRail = "stripe_connect" | "stripe_ach_debit" | "stripe_mpp" | "x402_usdc_base";
7
7
  export type CompletionContractSnapshot = {
8
8
  completionPresetId: string;
9
9
  vendorContractProvider?: string;
@@ -6,7 +6,8 @@ import { sign, getPublicKey } from "@noble/ed25519";
6
6
  import { ensureEd25519Sha512Sync } from "./ed25519-sync.js";
7
7
  import { jsonValueDigest } from "./json-digest.js";
8
8
  import { COMPLETION_CONTRACT_SIGN_VERSION, concatBytes, encodeBincodeString, encodeBincodeUuid, encodeFixed32, encodeU8, encodeVarintI64, encodeVarintU32, } from "./bincode-wire.js";
9
- const SETTLEMENT_RAIL_VALUES = new Set(["stripe_connect", "stripe_ach_debit", "x402_usdc_base"]);
9
+ import { validateUsdDenominatedSettlement } from "./mpp-commercial.js";
10
+ const SETTLEMENT_RAIL_VALUES = new Set(["stripe_connect", "stripe_ach_debit", "stripe_mpp", "x402_usdc_base"]);
10
11
  function validateSettlementRail(value) {
11
12
  if (!SETTLEMENT_RAIL_VALUES.has(value)) {
12
13
  throw new Error(`settlementRail must be one of ${[...SETTLEMENT_RAIL_VALUES].join(", ")}`);
@@ -171,6 +172,7 @@ export function buildSignedCreateIntentBodyWithPolicyBinding(params) {
171
172
  throw new Error("allowedTools must be non-empty");
172
173
  }
173
174
  const settlementRail = validateSettlementRail(params.settlementRail);
175
+ validateUsdDenominatedSettlement(settlementRail, params.currency);
174
176
  const predicateRef = params.predicateRef ?? "";
175
177
  const head = params.publishedPolicyHead;
176
178
  if (head.templateId !== params.policyBinding.templateId || head.versionSeq !== params.policyBinding.versionSeq) {
@@ -248,6 +250,7 @@ export function buildSignedCreateIntentBody(params) {
248
250
  throw new Error("allowedTools must be non-empty");
249
251
  }
250
252
  const settlementRail = validateSettlementRail(params.settlementRail);
253
+ validateUsdDenominatedSettlement(settlementRail, params.currency);
251
254
  const predicateRef = params.predicateRef ?? "";
252
255
  ensureEd25519Sha512Sync();
253
256
  const payeePub = getPublicKey(params.payeeSigningSeed);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@paybond/kit",
3
- "version": "0.11.11",
3
+ "version": "0.12.0",
4
4
  "mcpName": "io.github.nonameuserd/paybond",
5
5
  "description": "Paybond Kit for TypeScript: agent spend governance for paid tool calls with spend authorization, evidence receipts, refunds, disputes, hosted Gateway sessions, and settlement.",
6
6
  "license": "Apache-2.0",
@@ -7,7 +7,7 @@
7
7
  "name": "openai-shopping-agent",
8
8
  "dependencies": {
9
9
  "@openai/agents": "^0.4.0",
10
- "@paybond/kit": "^0.11.11",
10
+ "@paybond/kit": "^0.12.0",
11
11
  "zod": "^4.2.0"
12
12
  },
13
13
  "devDependencies": {
@@ -169,9 +169,9 @@
169
169
  }
170
170
  },
171
171
  "node_modules/@paybond/kit": {
172
- "version": "0.11.11",
173
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.11.tgz",
174
- "integrity": "sha512-WHqh6PKUYPRvFV0ID3QixMJGRwmgNoq13mueHqJnGrj8erEt3FwQo49Z0IXovTWAJcsW+3+v8SkKp4/UAz93fg==",
172
+ "version": "0.12.0",
173
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.12.0.tgz",
174
+ "integrity": "sha512-iAluOkqE8aINum1GF/LkR6Oi04xH9cNCZDJRF5BBFUQMqcNUpN1g/zNQK78jIGVlwcssexnLmiet31Z0NJ5jbg==",
175
175
  "license": "Apache-2.0",
176
176
  "dependencies": {
177
177
  "@noble/ed25519": "^2.2.1",
@@ -806,9 +806,9 @@
806
806
  }
807
807
  },
808
808
  "node_modules/hono": {
809
- "version": "4.12.27",
810
- "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.27.tgz",
811
- "integrity": "sha512-1yrb/+w6HWQJrUCLkJ2IF5jNIPvvFkblV5RNOYl6bV+OA6p9GLcMpHFFGTosSvHvcAUibuUukRqhlYI4z32C7Q==",
809
+ "version": "4.12.28",
810
+ "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.28.tgz",
811
+ "integrity": "sha512-YwUvVpSF7m1yOblFPrU3Hbo8XhPheBoiyfGuII6z19LnOr6JpDnyyp7LFNrfV56wS8tpvtBFGRISHN02pDdLOA==",
812
812
  "license": "MIT",
813
813
  "optional": true,
814
814
  "engines": {
@@ -6,7 +6,7 @@
6
6
  "": {
7
7
  "name": "paybond-aws-operator",
8
8
  "dependencies": {
9
- "@paybond/kit": "^0.11.11"
9
+ "@paybond/kit": "^0.12.0"
10
10
  },
11
11
  "devDependencies": {
12
12
  "@types/node": "^22.10.1",
@@ -47,9 +47,9 @@
47
47
  }
48
48
  },
49
49
  "node_modules/@paybond/kit": {
50
- "version": "0.11.11",
51
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.11.tgz",
52
- "integrity": "sha512-WHqh6PKUYPRvFV0ID3QixMJGRwmgNoq13mueHqJnGrj8erEt3FwQo49Z0IXovTWAJcsW+3+v8SkKp4/UAz93fg==",
50
+ "version": "0.12.0",
51
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.12.0.tgz",
52
+ "integrity": "sha512-iAluOkqE8aINum1GF/LkR6Oi04xH9cNCZDJRF5BBFUQMqcNUpN1g/zNQK78jIGVlwcssexnLmiet31Z0NJ5jbg==",
53
53
  "license": "Apache-2.0",
54
54
  "dependencies": {
55
55
  "@noble/ed25519": "^2.2.1",
@@ -7,7 +7,7 @@
7
7
  "name": "paybond-claude-agents-demo",
8
8
  "dependencies": {
9
9
  "@anthropic-ai/claude-agent-sdk": "^0.2.100",
10
- "@paybond/kit": "^0.11.11",
10
+ "@paybond/kit": "^0.12.0",
11
11
  "zod": "^4.2.0"
12
12
  },
13
13
  "devDependencies": {
@@ -260,9 +260,9 @@
260
260
  }
261
261
  },
262
262
  "node_modules/@paybond/kit": {
263
- "version": "0.11.11",
264
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.11.tgz",
265
- "integrity": "sha512-WHqh6PKUYPRvFV0ID3QixMJGRwmgNoq13mueHqJnGrj8erEt3FwQo49Z0IXovTWAJcsW+3+v8SkKp4/UAz93fg==",
263
+ "version": "0.12.0",
264
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.12.0.tgz",
265
+ "integrity": "sha512-iAluOkqE8aINum1GF/LkR6Oi04xH9cNCZDJRF5BBFUQMqcNUpN1g/zNQK78jIGVlwcssexnLmiet31Z0NJ5jbg==",
266
266
  "license": "Apache-2.0",
267
267
  "dependencies": {
268
268
  "@noble/ed25519": "^2.2.1",
@@ -854,9 +854,9 @@
854
854
  }
855
855
  },
856
856
  "node_modules/hono": {
857
- "version": "4.12.27",
858
- "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.27.tgz",
859
- "integrity": "sha512-1yrb/+w6HWQJrUCLkJ2IF5jNIPvvFkblV5RNOYl6bV+OA6p9GLcMpHFFGTosSvHvcAUibuUukRqhlYI4z32C7Q==",
857
+ "version": "4.12.28",
858
+ "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.28.tgz",
859
+ "integrity": "sha512-YwUvVpSF7m1yOblFPrU3Hbo8XhPheBoiyfGuII6z19LnOr6JpDnyyp7LFNrfV56wS8tpvtBFGRISHN02pDdLOA==",
860
860
  "license": "MIT",
861
861
  "engines": {
862
862
  "node": ">=16.9.0"
@@ -7,7 +7,7 @@
7
7
  "name": "paybond-mastra-travel-agent",
8
8
  "dependencies": {
9
9
  "@mastra/core": "^1.49.0",
10
- "@paybond/kit": "^0.11.11",
10
+ "@paybond/kit": "^0.12.0",
11
11
  "zod": "^4.2.0"
12
12
  },
13
13
  "devDependencies": {
@@ -278,9 +278,9 @@
278
278
  }
279
279
  },
280
280
  "node_modules/@mastra/core": {
281
- "version": "1.49.0",
282
- "resolved": "https://registry.npmjs.org/@mastra/core/-/core-1.49.0.tgz",
283
- "integrity": "sha512-ZZGiPY317qIMv4qpSdxpOdEz9IbBiFJEexDBN0ALV7vK5yAAbT7AlN40SZEObc8bVxpjnI8jZTcEZQZGsQ8PmQ==",
281
+ "version": "1.50.0",
282
+ "resolved": "https://registry.npmjs.org/@mastra/core/-/core-1.50.0.tgz",
283
+ "integrity": "sha512-gccYBkLk7jjXl13YnjvPVgnvWcedNTzHdqku5xd3pAt/zsxAbnXrNlBRn3vjcdb8DKVC6U6HXMogpM65/kqjMA==",
284
284
  "license": "Apache-2.0",
285
285
  "dependencies": {
286
286
  "@a2a-js/sdk": "~0.3.13",
@@ -412,9 +412,9 @@
412
412
  }
413
413
  },
414
414
  "node_modules/@paybond/kit": {
415
- "version": "0.11.11",
416
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.11.tgz",
417
- "integrity": "sha512-WHqh6PKUYPRvFV0ID3QixMJGRwmgNoq13mueHqJnGrj8erEt3FwQo49Z0IXovTWAJcsW+3+v8SkKp4/UAz93fg==",
415
+ "version": "0.12.0",
416
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.12.0.tgz",
417
+ "integrity": "sha512-iAluOkqE8aINum1GF/LkR6Oi04xH9cNCZDJRF5BBFUQMqcNUpN1g/zNQK78jIGVlwcssexnLmiet31Z0NJ5jbg==",
418
418
  "license": "Apache-2.0",
419
419
  "dependencies": {
420
420
  "@noble/ed25519": "^2.2.1",
@@ -1390,9 +1390,9 @@
1390
1390
  }
1391
1391
  },
1392
1392
  "node_modules/hono": {
1393
- "version": "4.12.27",
1394
- "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.27.tgz",
1395
- "integrity": "sha512-1yrb/+w6HWQJrUCLkJ2IF5jNIPvvFkblV5RNOYl6bV+OA6p9GLcMpHFFGTosSvHvcAUibuUukRqhlYI4z32C7Q==",
1393
+ "version": "4.12.28",
1394
+ "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.28.tgz",
1395
+ "integrity": "sha512-YwUvVpSF7m1yOblFPrU3Hbo8XhPheBoiyfGuII6z19LnOr6JpDnyyp7LFNrfV56wS8tpvtBFGRISHN02pDdLOA==",
1396
1396
  "license": "MIT",
1397
1397
  "engines": {
1398
1398
  "node": ">=16.9.0"
@@ -6,7 +6,7 @@
6
6
  "": {
7
7
  "name": "paybond-mcp-coding-agent",
8
8
  "dependencies": {
9
- "@paybond/kit": "^0.11.11"
9
+ "@paybond/kit": "^0.12.0"
10
10
  },
11
11
  "devDependencies": {
12
12
  "@types/node": "^22.10.1",
@@ -47,9 +47,9 @@
47
47
  }
48
48
  },
49
49
  "node_modules/@paybond/kit": {
50
- "version": "0.11.11",
51
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.11.tgz",
52
- "integrity": "sha512-WHqh6PKUYPRvFV0ID3QixMJGRwmgNoq13mueHqJnGrj8erEt3FwQo49Z0IXovTWAJcsW+3+v8SkKp4/UAz93fg==",
50
+ "version": "0.12.0",
51
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.12.0.tgz",
52
+ "integrity": "sha512-iAluOkqE8aINum1GF/LkR6Oi04xH9cNCZDJRF5BBFUQMqcNUpN1g/zNQK78jIGVlwcssexnLmiet31Z0NJ5jbg==",
53
53
  "license": "Apache-2.0",
54
54
  "dependencies": {
55
55
  "@noble/ed25519": "^2.2.1",
@@ -7,7 +7,7 @@
7
7
  "name": "paybond-openai-agents-demo",
8
8
  "dependencies": {
9
9
  "@openai/agents": "^0.4.0",
10
- "@paybond/kit": "^0.11.11",
10
+ "@paybond/kit": "^0.12.0",
11
11
  "zod": "^4.2.0"
12
12
  },
13
13
  "devDependencies": {
@@ -169,9 +169,9 @@
169
169
  }
170
170
  },
171
171
  "node_modules/@paybond/kit": {
172
- "version": "0.11.11",
173
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.11.tgz",
174
- "integrity": "sha512-WHqh6PKUYPRvFV0ID3QixMJGRwmgNoq13mueHqJnGrj8erEt3FwQo49Z0IXovTWAJcsW+3+v8SkKp4/UAz93fg==",
172
+ "version": "0.12.0",
173
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.12.0.tgz",
174
+ "integrity": "sha512-iAluOkqE8aINum1GF/LkR6Oi04xH9cNCZDJRF5BBFUQMqcNUpN1g/zNQK78jIGVlwcssexnLmiet31Z0NJ5jbg==",
175
175
  "license": "Apache-2.0",
176
176
  "dependencies": {
177
177
  "@noble/ed25519": "^2.2.1",
@@ -806,9 +806,9 @@
806
806
  }
807
807
  },
808
808
  "node_modules/hono": {
809
- "version": "4.12.27",
810
- "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.27.tgz",
811
- "integrity": "sha512-1yrb/+w6HWQJrUCLkJ2IF5jNIPvvFkblV5RNOYl6bV+OA6p9GLcMpHFFGTosSvHvcAUibuUukRqhlYI4z32C7Q==",
809
+ "version": "4.12.28",
810
+ "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.28.tgz",
811
+ "integrity": "sha512-YwUvVpSF7m1yOblFPrU3Hbo8XhPheBoiyfGuII6z19LnOr6JpDnyyp7LFNrfV56wS8tpvtBFGRISHN02pDdLOA==",
812
812
  "license": "MIT",
813
813
  "optional": true,
814
814
  "engines": {
@@ -6,7 +6,7 @@
6
6
  "": {
7
7
  "name": "paybond-procurement-agent",
8
8
  "dependencies": {
9
- "@paybond/kit": "^0.11.11"
9
+ "@paybond/kit": "^0.12.0"
10
10
  },
11
11
  "devDependencies": {
12
12
  "@types/node": "^22.10.1",
@@ -47,9 +47,9 @@
47
47
  }
48
48
  },
49
49
  "node_modules/@paybond/kit": {
50
- "version": "0.11.11",
51
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.11.tgz",
52
- "integrity": "sha512-WHqh6PKUYPRvFV0ID3QixMJGRwmgNoq13mueHqJnGrj8erEt3FwQo49Z0IXovTWAJcsW+3+v8SkKp4/UAz93fg==",
50
+ "version": "0.12.0",
51
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.12.0.tgz",
52
+ "integrity": "sha512-iAluOkqE8aINum1GF/LkR6Oi04xH9cNCZDJRF5BBFUQMqcNUpN1g/zNQK78jIGVlwcssexnLmiet31Z0NJ5jbg==",
53
53
  "license": "Apache-2.0",
54
54
  "dependencies": {
55
55
  "@noble/ed25519": "^2.2.1",
@@ -8,7 +8,7 @@
8
8
  "dependencies": {
9
9
  "@langchain/core": "^1.2.1",
10
10
  "@langchain/langgraph": "^1.4.7",
11
- "@paybond/kit": "^0.11.11",
11
+ "@paybond/kit": "^0.12.0",
12
12
  "zod": "^4.2.0"
13
13
  },
14
14
  "devDependencies": {
@@ -178,9 +178,9 @@
178
178
  }
179
179
  },
180
180
  "node_modules/@paybond/kit": {
181
- "version": "0.11.11",
182
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.11.tgz",
183
- "integrity": "sha512-WHqh6PKUYPRvFV0ID3QixMJGRwmgNoq13mueHqJnGrj8erEt3FwQo49Z0IXovTWAJcsW+3+v8SkKp4/UAz93fg==",
181
+ "version": "0.12.0",
182
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.12.0.tgz",
183
+ "integrity": "sha512-iAluOkqE8aINum1GF/LkR6Oi04xH9cNCZDJRF5BBFUQMqcNUpN1g/zNQK78jIGVlwcssexnLmiet31Z0NJ5jbg==",
184
184
  "license": "Apache-2.0",
185
185
  "dependencies": {
186
186
  "@noble/ed25519": "^2.2.1",
@@ -358,9 +358,9 @@
358
358
  "license": "MIT"
359
359
  },
360
360
  "node_modules/langsmith": {
361
- "version": "0.7.15",
362
- "resolved": "https://registry.npmjs.org/langsmith/-/langsmith-0.7.15.tgz",
363
- "integrity": "sha512-huRfzLKcREE+ABkqKEriXK8Ax9V+xuV3d3x4PINEGi+hi4qyTvB4Nc2dpLSyfW/Ioj6+6d7T8majjWCe7mXc8A==",
361
+ "version": "0.7.16",
362
+ "resolved": "https://registry.npmjs.org/langsmith/-/langsmith-0.7.16.tgz",
363
+ "integrity": "sha512-Cn4PL7ujYQwxAOotesBhOuF2xsEIcW6mwKW41SXhu3WyjmU0R+ywCdbHYMSYh6QCaLg9pTluJMw2+L5ApyrZHg==",
364
364
  "license": "MIT",
365
365
  "dependencies": {
366
366
  "p-queue": "6.6.2"
@@ -6,7 +6,7 @@
6
6
  "": {
7
7
  "name": "paybond-vercel-shopping-agent",
8
8
  "dependencies": {
9
- "@paybond/kit": "^0.11.11",
9
+ "@paybond/kit": "^0.12.0",
10
10
  "ai": "^5.0.0",
11
11
  "zod": "^4.2.0"
12
12
  },
@@ -104,9 +104,9 @@
104
104
  }
105
105
  },
106
106
  "node_modules/@paybond/kit": {
107
- "version": "0.11.11",
108
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.11.tgz",
109
- "integrity": "sha512-WHqh6PKUYPRvFV0ID3QixMJGRwmgNoq13mueHqJnGrj8erEt3FwQo49Z0IXovTWAJcsW+3+v8SkKp4/UAz93fg==",
107
+ "version": "0.12.0",
108
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.12.0.tgz",
109
+ "integrity": "sha512-iAluOkqE8aINum1GF/LkR6Oi04xH9cNCZDJRF5BBFUQMqcNUpN1g/zNQK78jIGVlwcssexnLmiet31Z0NJ5jbg==",
110
110
  "license": "Apache-2.0",
111
111
  "dependencies": {
112
112
  "@noble/ed25519": "^2.2.1",