@paybond/kit 0.11.11 → 0.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/completion-presets/catalog.json +10 -5
- package/completion-presets/catalog.sha256 +1 -1
- package/dist/agent/evidence.d.ts +10 -0
- package/dist/agent/evidence.js +16 -0
- package/dist/agent/index.d.ts +3 -2
- package/dist/agent/index.js +2 -1
- package/dist/agent/interceptor.d.ts +9 -0
- package/dist/agent/interceptor.js +181 -1
- package/dist/agent/receipt-client.d.ts +64 -0
- package/dist/agent/receipt-client.js +45 -0
- package/dist/agent/registry.js +1 -0
- package/dist/agent/run.d.ts +5 -0
- package/dist/agent/run.js +52 -0
- package/dist/agent/types.d.ts +70 -0
- package/dist/agent-mandate.d.ts +103 -0
- package/dist/agent-mandate.js +423 -0
- package/dist/agent-receipt-external-attestations.d.ts +56 -0
- package/dist/agent-receipt-external-attestations.js +185 -0
- package/dist/agent-receipt-pdf-export.d.ts +43 -0
- package/dist/agent-receipt-pdf-export.js +109 -0
- package/dist/agent-receipt-prevalidate.d.ts +7 -0
- package/dist/agent-receipt-prevalidate.js +63 -0
- package/dist/agent-receipt.d.ts +154 -0
- package/dist/agent-receipt.js +639 -0
- package/dist/audit/exports.d.ts +15 -1
- package/dist/audit/exports.js +55 -8
- package/dist/audit/index.d.ts +2 -2
- package/dist/audit/wire.d.ts +12 -0
- package/dist/audit/wire.js +13 -1
- package/dist/cli/command-spec.js +54 -3
- package/dist/cli/commands/dev.js +10 -3
- package/dist/cli/commands/discovery.js +17 -6
- package/dist/cli/commands/setup.js +19 -1
- package/dist/cli/commands/shopify.d.ts +53 -0
- package/dist/cli/commands/shopify.js +808 -0
- package/dist/cli/help.d.ts +1 -1
- package/dist/cli/help.js +15 -5
- package/dist/cli/router.js +15 -1
- package/dist/commerce-binding.d.ts +59 -0
- package/dist/commerce-binding.js +129 -0
- package/dist/completion-catalog-digest.d.ts +1 -1
- package/dist/completion-catalog-digest.js +1 -1
- package/dist/doctor-completion.d.ts +16 -0
- package/dist/doctor-completion.js +157 -1
- package/dist/index.d.ts +108 -7
- package/dist/index.js +221 -18
- package/dist/mcp-receipt-resource.d.ts +10 -0
- package/dist/mcp-receipt-resource.js +32 -0
- package/dist/mcp-server.d.ts +7 -0
- package/dist/mcp-server.js +81 -1
- package/dist/mpp-commercial.d.ts +19 -0
- package/dist/mpp-commercial.js +34 -0
- package/dist/mpp-funding.d.ts +71 -0
- package/dist/mpp-funding.js +192 -0
- package/dist/payment-transport.d.ts +30 -0
- package/dist/payment-transport.js +56 -0
- package/dist/policy/intent-spec.js +2 -0
- package/dist/policy/presets.d.ts +1 -1
- package/dist/policy/presets.js +1 -0
- package/dist/principal-intent.d.ts +1 -1
- package/dist/principal-intent.js +4 -1
- package/dist/project-init.d.ts +1 -1
- package/dist/project-init.js +1 -0
- package/dist/protocol-receipt.d.ts +129 -0
- package/dist/protocol-receipt.js +620 -0
- package/dist/shopify/checkout.d.ts +29 -0
- package/dist/shopify/checkout.js +79 -0
- package/dist/shopify/evidence.d.ts +13 -0
- package/dist/shopify/evidence.js +85 -0
- package/dist/shopify/index.d.ts +8 -0
- package/dist/shopify/index.js +6 -0
- package/dist/shopify/instrument.d.ts +61 -0
- package/dist/shopify/instrument.js +52 -0
- package/dist/shopify/order.d.ts +8 -0
- package/dist/shopify/order.js +110 -0
- package/dist/shopify/types.d.ts +82 -0
- package/dist/shopify/types.js +4 -0
- package/dist/solutions/catalog.d.ts +1 -1
- package/dist/solutions/catalog.js +1 -1
- package/dist/stripe-commerce/evidence.d.ts +13 -0
- package/dist/stripe-commerce/evidence.js +164 -0
- package/dist/stripe-commerce/index.d.ts +3 -0
- package/dist/stripe-commerce/index.js +2 -0
- package/dist/stripe-commerce/metadata.d.ts +11 -0
- package/dist/stripe-commerce/metadata.js +34 -0
- package/dist/stripe-commerce/types.d.ts +38 -0
- package/dist/stripe-commerce/types.js +1 -0
- package/dist/template-init.d.ts +1 -1
- package/dist/template-init.js +6 -1
- package/package.json +1 -1
- package/policy/presets/stripe-commerce.yaml +19 -0
- package/solutions/stripe-commerce.json +19 -0
- package/templates/manifest.json +82 -10
- package/templates/openai-shopping-agent/package-lock.json +13 -13
- package/templates/openai-shopping-agent/src/paybond.config.ts +1 -1
- package/templates/paybond-aws-operator/package-lock.json +7 -7
- package/templates/paybond-aws-operator/src/paybond.config.ts +1 -1
- package/templates/paybond-claude-agents-demo/package-lock.json +10 -10
- package/templates/paybond-claude-agents-demo/src/paybond.config.ts +1 -1
- package/templates/paybond-mastra-travel-agent/package-lock.json +33 -33
- package/templates/paybond-mastra-travel-agent/src/paybond.config.ts +1 -1
- package/templates/paybond-mcp-coding-agent/package-lock.json +7 -7
- package/templates/paybond-mcp-coding-agent/src/paybond.config.ts +1 -1
- package/templates/paybond-openai-agents-demo/package-lock.json +13 -13
- package/templates/paybond-openai-agents-demo/src/paybond.config.ts +1 -1
- package/templates/paybond-procurement-agent/package-lock.json +7 -7
- package/templates/paybond-procurement-agent/src/paybond.config.ts +1 -1
- package/templates/paybond-shopify-shopping-agent/.env.example +3 -0
- package/templates/paybond-shopify-shopping-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-shopify-shopping-agent/LICENSE +201 -0
- package/templates/paybond-shopify-shopping-agent/README.md +29 -0
- package/templates/paybond-shopify-shopping-agent/package-lock.json +223 -0
- package/templates/paybond-shopify-shopping-agent/package.json +20 -0
- package/templates/paybond-shopify-shopping-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-shopify-shopping-agent/src/index.ts +54 -0
- package/templates/paybond-shopify-shopping-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-shopify-shopping-agent/tsconfig.json +13 -0
- package/templates/paybond-stripe-agent-demo/.env.example +9 -0
- package/templates/paybond-stripe-agent-demo/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-stripe-agent-demo/LICENSE +201 -0
- package/templates/paybond-stripe-agent-demo/README.md +50 -0
- package/templates/paybond-stripe-agent-demo/package-lock.json +223 -0
- package/templates/paybond-stripe-agent-demo/package.json +20 -0
- package/templates/paybond-stripe-agent-demo/paybond.policy.yaml +22 -0
- package/templates/paybond-stripe-agent-demo/src/charge-customer.ts +237 -0
- package/templates/paybond-stripe-agent-demo/src/index.ts +78 -0
- package/templates/paybond-stripe-agent-demo/src/paybond.config.ts +51 -0
- package/templates/paybond-stripe-agent-demo/tsconfig.json +13 -0
- package/templates/paybond-travel-agent/package-lock.json +13 -13
- package/templates/paybond-travel-agent/src/paybond.config.ts +1 -1
- package/templates/paybond-vercel-shopping-agent/package-lock.json +7 -7
- package/templates/paybond-vercel-shopping-agent/src/paybond.config.ts +1 -1
|
@@ -950,7 +950,8 @@
|
|
|
950
950
|
},
|
|
951
951
|
"scope": "tool_completion",
|
|
952
952
|
"rail_hints": [
|
|
953
|
-
"x402_usdc_base"
|
|
953
|
+
"x402_usdc_base",
|
|
954
|
+
"stripe_mpp"
|
|
954
955
|
],
|
|
955
956
|
"forbidden_evidence_fields": [
|
|
956
957
|
"payment_session_id",
|
|
@@ -1063,7 +1064,8 @@
|
|
|
1063
1064
|
},
|
|
1064
1065
|
"scope": "tool_completion",
|
|
1065
1066
|
"rail_hints": [
|
|
1066
|
-
"x402_usdc_base"
|
|
1067
|
+
"x402_usdc_base",
|
|
1068
|
+
"stripe_mpp"
|
|
1067
1069
|
],
|
|
1068
1070
|
"forbidden_evidence_fields": [
|
|
1069
1071
|
"payment_session_id",
|
|
@@ -1158,7 +1160,8 @@
|
|
|
1158
1160
|
},
|
|
1159
1161
|
"scope": "tool_completion",
|
|
1160
1162
|
"rail_hints": [
|
|
1161
|
-
"x402_usdc_base"
|
|
1163
|
+
"x402_usdc_base",
|
|
1164
|
+
"stripe_mpp"
|
|
1162
1165
|
],
|
|
1163
1166
|
"forbidden_evidence_fields": [
|
|
1164
1167
|
"payment_session_id",
|
|
@@ -1269,7 +1272,8 @@
|
|
|
1269
1272
|
},
|
|
1270
1273
|
"scope": "tool_completion",
|
|
1271
1274
|
"rail_hints": [
|
|
1272
|
-
"x402_usdc_base"
|
|
1275
|
+
"x402_usdc_base",
|
|
1276
|
+
"stripe_mpp"
|
|
1273
1277
|
],
|
|
1274
1278
|
"forbidden_evidence_fields": [
|
|
1275
1279
|
"payment_session_id",
|
|
@@ -1390,7 +1394,8 @@
|
|
|
1390
1394
|
},
|
|
1391
1395
|
"scope": "tool_completion",
|
|
1392
1396
|
"rail_hints": [
|
|
1393
|
-
"x402_usdc_base"
|
|
1397
|
+
"x402_usdc_base",
|
|
1398
|
+
"stripe_mpp"
|
|
1394
1399
|
],
|
|
1395
1400
|
"forbidden_evidence_fields": [
|
|
1396
1401
|
"payment_session_id",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
a738febc9ee8b5b66f05991c4582ba24e6857cdc574196b0aeefc5c77e192ea9
|
package/dist/agent/evidence.d.ts
CHANGED
|
@@ -3,7 +3,17 @@ export type BuiltAutoEvidence = {
|
|
|
3
3
|
payload: Record<string, unknown>;
|
|
4
4
|
vendorPayload?: Record<string, unknown>;
|
|
5
5
|
};
|
|
6
|
+
/**
|
|
7
|
+
* Reject Stripe funding webhook envelopes before they become completion evidence.
|
|
8
|
+
*
|
|
9
|
+
* Funding webhooks (`payment_intent.succeeded`, `charge.*`, event envelopes) fund Harbor
|
|
10
|
+
* intents; tool-completion evidence must use SDK charge/result shapes (or mapped
|
|
11
|
+
* {@link mapStripeToolResultToEvidence} outputs), not webhook bodies.
|
|
12
|
+
*/
|
|
13
|
+
export declare function assertToolResultNotFundingWebhook(toolResult: unknown): void;
|
|
6
14
|
/**
|
|
7
15
|
* Build canonical evidence payloads from a tool result using the completion catalog.
|
|
16
|
+
*
|
|
17
|
+
* Fail-closed: Stripe funding webhook-shaped tool results are rejected before mapping.
|
|
8
18
|
*/
|
|
9
19
|
export declare function buildAutoEvidencePayload(entry: Pick<PaybondSideEffectingToolEntry, "evidencePreset" | "evidenceMapper">, toolResult: unknown, ctx: PaybondToolCallContext): Record<string, unknown>;
|
package/dist/agent/evidence.js
CHANGED
|
@@ -1,15 +1,31 @@
|
|
|
1
1
|
import { getCompletionPreset, } from "../completion-catalog.js";
|
|
2
2
|
import { isVendorPack, mapVendorEvidenceToCanonical, resolveCompletionPreset, } from "../completion-resolve.js";
|
|
3
|
+
import { assertNotStripeFundingWebhook } from "../stripe-commerce/evidence.js";
|
|
3
4
|
function assertEvidenceRecord(value, message) {
|
|
4
5
|
if (typeof value !== "object" || value === null || Array.isArray(value)) {
|
|
5
6
|
throw new Error(message);
|
|
6
7
|
}
|
|
7
8
|
return value;
|
|
8
9
|
}
|
|
10
|
+
/**
|
|
11
|
+
* Reject Stripe funding webhook envelopes before they become completion evidence.
|
|
12
|
+
*
|
|
13
|
+
* Funding webhooks (`payment_intent.succeeded`, `charge.*`, event envelopes) fund Harbor
|
|
14
|
+
* intents; tool-completion evidence must use SDK charge/result shapes (or mapped
|
|
15
|
+
* {@link mapStripeToolResultToEvidence} outputs), not webhook bodies.
|
|
16
|
+
*/
|
|
17
|
+
export function assertToolResultNotFundingWebhook(toolResult) {
|
|
18
|
+
if (typeof toolResult === "object" && toolResult !== null && !Array.isArray(toolResult)) {
|
|
19
|
+
assertNotStripeFundingWebhook(toolResult);
|
|
20
|
+
}
|
|
21
|
+
}
|
|
9
22
|
/**
|
|
10
23
|
* Build canonical evidence payloads from a tool result using the completion catalog.
|
|
24
|
+
*
|
|
25
|
+
* Fail-closed: Stripe funding webhook-shaped tool results are rejected before mapping.
|
|
11
26
|
*/
|
|
12
27
|
export function buildAutoEvidencePayload(entry, toolResult, ctx) {
|
|
28
|
+
assertToolResultNotFundingWebhook(toolResult);
|
|
13
29
|
if (entry.evidenceMapper) {
|
|
14
30
|
return assertEvidenceRecord(entry.evidenceMapper(toolResult, ctx), "evidenceMapper must return a JSON object payload");
|
|
15
31
|
}
|
package/dist/agent/index.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
export { PaybondAgentFacade, createPaybondAgentCallable, type GetAgentReceiptInput, type PaybondAgentCallable, } from "./receipt-client.js";
|
|
1
2
|
export { createGuardedAgent, createGuardedAgentRunner, type CreateGuardedAgentInput, type CreateGuardedAgentResult, type CreateGuardedAgentResultBase, type GuardedAgentFramework, } from "./guarded-agent.js";
|
|
2
3
|
export { createPaybondAgent, resolveAgentPolicySource, toPaybondAgentResult, wrapPaybondTools, type PaybondAgentHooks, type PaybondAgentInput, type PaybondAgentResult, type PaybondInstrumentInput, type PaybondWrapToolsOptions, } from "./facade.js";
|
|
3
4
|
export { PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, type PaybondAgentInstrumentation, type PaybondInlinePolicy, type PaybondInstrumentAgentOptions, type PaybondInstrumentAttachInput, type PaybondInstrumentBinding, type PaybondInstrumentContext, type PaybondInstrumentContextInput, type PaybondInstrumentContextProvider, } from "./instrument.js";
|
|
@@ -5,9 +6,9 @@ export { formatPaybondAttachEnvSnippet, openPaybondAttachBundle, PAYBOND_ATTACH_
|
|
|
5
6
|
export { createPaybondGenericAgentConfig, createPaybondGenericInputGuard, type PaybondGenericAgentConfig, } from "./generic-runner.js";
|
|
6
7
|
export { runGenericSandboxDemo, type RunGenericSandboxDemoInput, type RunGenericSandboxDemoResult, } from "./generic-sandbox-demo.js";
|
|
7
8
|
export { PaybondFrameworkAdapter, createGenericToolExecutor, createToolInputGuardAdapter, paybondGenericToolExecutorAdapter, paybondToolInputGuardAdapter, type PaybondGenericToolCall, type PaybondGenericToolDefinition, type PaybondGenericWrappedToolDefinition, type PaybondToolInputGuardAdapter, } from "./adapter.js";
|
|
8
|
-
export { buildAutoEvidencePayload, type BuiltAutoEvidence } from "./evidence.js";
|
|
9
|
+
export { assertToolResultNotFundingWebhook, buildAutoEvidencePayload, type BuiltAutoEvidence, } from "./evidence.js";
|
|
9
10
|
export { PaybondToolInterceptor } from "./interceptor.js";
|
|
10
11
|
export { PaybondToolRegistry, createPaybondToolRegistry, } from "./registry.js";
|
|
11
12
|
export { PaybondAgentRun, PaybondAgentRunFacade, type PaybondAgentRunHost, } from "./run.js";
|
|
12
13
|
export { agentRegistryDocumentToConfig, buildSmokeRegistry, loadAgentRegistryFile, parseAgentRegistryText, validateAgentRegistryDocument, type AgentRegistryFileDocument, type AgentRegistryValidationResult, } from "./registry-file.js";
|
|
13
|
-
export { PaybondAgentRunBindError, PaybondAutoEvidenceError, PaybondAutoEvidenceSubmitError, PaybondEvidenceSubmitError, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, type PaybondAgentRunBindInput, type PaybondAuthorizeToolCallInput, type PaybondEvidenceMapper, type PaybondInterceptEvidenceResult, type PaybondInterceptWrapExecuteInput, type PaybondInterceptWrapExecuteResult, type PaybondRunBinding, type PaybondRunBindingAttachInput, type PaybondRunBindingSandboxBootstrapInput, type PaybondRunProductionEvidenceCredentials, type PaybondRunGuard, type PaybondSideEffectingToolEntry, type PaybondSideEffectingToolPolicy, type PaybondSpendResolver, type PaybondToolCallContext, type PaybondToolInputGuardAllowDecision, type PaybondToolInputGuardApprovalRequiredDecision, type PaybondToolInputGuardDecision, type PaybondToolInputGuardDenyDecision, type PaybondToolRegistryConfig, type PaybondToolResolution, type PaybondTraceEvent, type PaybondTraceSink, } from "./types.js";
|
|
14
|
+
export { PaybondAgentRunBindError, PaybondAutoEvidenceError, PaybondAutoEvidenceSubmitError, PaybondEvidenceSubmitError, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, type PaybondAgentRunBindInput, type PaybondAuthorizeToolCallInput, type PaybondEvidenceMapper, type PaybondExternalAttestationMapper, type PaybondInterceptEvidenceResult, type PaybondInterceptWrapExecuteInput, type PaybondInterceptWrapExecuteResult, type PaybondRunBinding, type PaybondRunBindingAttachInput, type PaybondRunBindingSandboxBootstrapInput, type PaybondRunProductionEvidenceCredentials, type PaybondRunGuard, type PaybondSideEffectingToolEntry, type PaybondSideEffectingToolPolicy, type PaybondSpendResolver, type PaybondToolCallContext, type PaybondToolInputGuardAllowDecision, type PaybondToolInputGuardApprovalRequiredDecision, type PaybondToolInputGuardDecision, type PaybondToolInputGuardDenyDecision, type PaybondToolRegistryConfig, type PaybondToolResolution, type PaybondTraceEvent, type PaybondTraceSink, } from "./types.js";
|
package/dist/agent/index.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
export { PaybondAgentFacade, createPaybondAgentCallable, } from "./receipt-client.js";
|
|
1
2
|
export { createGuardedAgent, createGuardedAgentRunner, } from "./guarded-agent.js";
|
|
2
3
|
export { createPaybondAgent, resolveAgentPolicySource, toPaybondAgentResult, wrapPaybondTools, } from "./facade.js";
|
|
3
4
|
export { PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, } from "./instrument.js";
|
|
@@ -5,7 +6,7 @@ export { formatPaybondAttachEnvSnippet, openPaybondAttachBundle, PAYBOND_ATTACH_
|
|
|
5
6
|
export { createPaybondGenericAgentConfig, createPaybondGenericInputGuard, } from "./generic-runner.js";
|
|
6
7
|
export { runGenericSandboxDemo, } from "./generic-sandbox-demo.js";
|
|
7
8
|
export { createGenericToolExecutor, createToolInputGuardAdapter, paybondGenericToolExecutorAdapter, paybondToolInputGuardAdapter, } from "./adapter.js";
|
|
8
|
-
export { buildAutoEvidencePayload } from "./evidence.js";
|
|
9
|
+
export { assertToolResultNotFundingWebhook, buildAutoEvidencePayload, } from "./evidence.js";
|
|
9
10
|
export { PaybondToolInterceptor } from "./interceptor.js";
|
|
10
11
|
export { PaybondToolRegistry, createPaybondToolRegistry, } from "./registry.js";
|
|
11
12
|
export { PaybondAgentRun, PaybondAgentRunFacade, } from "./run.js";
|
|
@@ -21,4 +21,13 @@ export declare class PaybondToolInterceptor {
|
|
|
21
21
|
wrapExecute<TResult>(input: PaybondInterceptWrapExecuteInput<TResult>): Promise<PaybondInterceptWrapExecuteResult<TResult>>;
|
|
22
22
|
private resolveSideEffectingCall;
|
|
23
23
|
private submitAutoEvidence;
|
|
24
|
+
/**
|
|
25
|
+
* Composes an unsigned Agent Receipt Standard draft (Phase 1) after a successful
|
|
26
|
+
* authorize → execute → evidence cycle. Never signed or persisted here; Phase 2 covers
|
|
27
|
+
* compose/sign/persist. Best-effort: returns `undefined` instead of throwing whenever
|
|
28
|
+
* required receipt fields (agent context, principal/operator DID, policy template, pinned
|
|
29
|
+
* policy digest, or a Harbor decision id) are unavailable on this binding or call.
|
|
30
|
+
*/
|
|
31
|
+
private buildReceiptDraft;
|
|
32
|
+
private resolveToolExternalAttestations;
|
|
24
33
|
}
|
|
@@ -2,6 +2,8 @@ import { evictExpiredAuthorizationCache, takeValidCachedAuthorization, } from ".
|
|
|
2
2
|
import { buildAutoEvidencePayload } from "./evidence.js";
|
|
3
3
|
import { signHarborEvidenceSubmitRecognitionProof } from "../agent-recognition.js";
|
|
4
4
|
import { signPayeeEvidenceBinding } from "../payee-evidence.js";
|
|
5
|
+
import { AGENT_RECEIPT_KIND_V1, AGENT_RECEIPT_SCHEMA_VERSION, AGENT_RECEIPT_SCOPE_ACTION, AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519, AGENT_RECEIPT_VERSION_V1, actionReceiptId, agentReceiptMessageDigestSha256Hex, valueDigestSha256Hex, } from "../agent-receipt.js";
|
|
6
|
+
import { resolveExternalAttestations, } from "../agent-receipt-external-attestations.js";
|
|
5
7
|
import { PaybondAutoEvidenceSubmitError, PaybondUnregisteredSideEffectingToolError, } from "./types.js";
|
|
6
8
|
export { PaybondAutoEvidenceSubmitError, PaybondEvidenceSubmitError } from "./types.js";
|
|
7
9
|
function nowRfc3339Seconds() {
|
|
@@ -27,6 +29,8 @@ function mapSandboxEvidenceResult(result) {
|
|
|
27
29
|
intentId: result.intent_id,
|
|
28
30
|
predicatePassed: result.predicate_passed ?? undefined,
|
|
29
31
|
sandboxLifecycleStatus: result.sandbox_lifecycle_status,
|
|
32
|
+
payloadDigestSha256Hex: result.payload_digest?.trim().toLowerCase() || undefined,
|
|
33
|
+
artifactsDigestSha256Hex: result.artifacts_digest?.trim().toLowerCase() || undefined,
|
|
30
34
|
};
|
|
31
35
|
}
|
|
32
36
|
function isSpendApprovalRequiredError(err) {
|
|
@@ -227,11 +231,14 @@ export class PaybondToolInterceptor {
|
|
|
227
231
|
});
|
|
228
232
|
const evidencePolicyDigest = cached?.policyDigest ?? pinnedDigest;
|
|
229
233
|
let auth;
|
|
234
|
+
let authorizedAtMs;
|
|
230
235
|
if (cached) {
|
|
231
236
|
auth = cached.auth;
|
|
237
|
+
authorizedAtMs = cached.cachedAtMs;
|
|
232
238
|
}
|
|
233
239
|
else {
|
|
234
240
|
auth = await this.binding.guard.assertSpendAuthorized(resolved.authInput);
|
|
241
|
+
authorizedAtMs = Date.now();
|
|
235
242
|
this.emitTrace({
|
|
236
243
|
type: "spend_authorized",
|
|
237
244
|
runId: this.binding.runId,
|
|
@@ -266,6 +273,12 @@ export class PaybondToolInterceptor {
|
|
|
266
273
|
});
|
|
267
274
|
}
|
|
268
275
|
const evidenceId = evidenceIdempotencyKey(this.binding.intentId, toolCallId);
|
|
276
|
+
const externalAttestations = this.resolveToolExternalAttestations(resolved.entry, toolResult, {
|
|
277
|
+
toolName,
|
|
278
|
+
toolCallId,
|
|
279
|
+
operation: resolved.operation,
|
|
280
|
+
arguments: input.arguments,
|
|
281
|
+
});
|
|
269
282
|
const evidence = await this.submitAutoEvidence({
|
|
270
283
|
entry: resolved.entry,
|
|
271
284
|
toolName,
|
|
@@ -276,6 +289,7 @@ export class PaybondToolInterceptor {
|
|
|
276
289
|
toolResult,
|
|
277
290
|
auth,
|
|
278
291
|
evidenceId,
|
|
292
|
+
externalAttestations,
|
|
279
293
|
});
|
|
280
294
|
this.emitTrace({
|
|
281
295
|
type: "evidence_submitted",
|
|
@@ -287,8 +301,27 @@ export class PaybondToolInterceptor {
|
|
|
287
301
|
evidencePreset: resolved.entry.evidencePreset,
|
|
288
302
|
sandboxLifecycleStatus: evidence.sandboxLifecycleStatus,
|
|
289
303
|
predicatePassed: evidence.predicatePassed,
|
|
304
|
+
externalAttestations,
|
|
290
305
|
recordedAt: traceTimestamp(),
|
|
291
306
|
});
|
|
307
|
+
const receiptDraft = this.buildReceiptDraft({
|
|
308
|
+
toolName: resolved.toolName,
|
|
309
|
+
toolCallId: resolved.toolCallId,
|
|
310
|
+
operation: resolved.operation,
|
|
311
|
+
arguments: input.arguments,
|
|
312
|
+
agentSubject: resolved.authInput.agentSubject,
|
|
313
|
+
requestedSpendCents: resolved.requestedSpendCents,
|
|
314
|
+
currency: resolved.authInput.currency,
|
|
315
|
+
vendorId: resolved.authInput.vendorId,
|
|
316
|
+
entry: resolved.entry,
|
|
317
|
+
auth,
|
|
318
|
+
authorizedAtMs,
|
|
319
|
+
policyDigest: evidencePolicyDigest,
|
|
320
|
+
executeStartedAt,
|
|
321
|
+
toolResult,
|
|
322
|
+
evidence,
|
|
323
|
+
externalAttestations,
|
|
324
|
+
});
|
|
292
325
|
return {
|
|
293
326
|
toolResult,
|
|
294
327
|
authorization: {
|
|
@@ -298,6 +331,7 @@ export class PaybondToolInterceptor {
|
|
|
298
331
|
policyDigest: evidencePolicyDigest,
|
|
299
332
|
},
|
|
300
333
|
evidence,
|
|
334
|
+
receiptDraft,
|
|
301
335
|
};
|
|
302
336
|
}
|
|
303
337
|
catch (err) {
|
|
@@ -344,6 +378,7 @@ export class PaybondToolInterceptor {
|
|
|
344
378
|
: Math.min(requestedSpendCents, sandboxSpend);
|
|
345
379
|
}
|
|
346
380
|
requestedSpendCents ??= 0;
|
|
381
|
+
const agentContext = this.binding.agentContext;
|
|
347
382
|
return {
|
|
348
383
|
toolName,
|
|
349
384
|
toolCallId,
|
|
@@ -359,9 +394,12 @@ export class PaybondToolInterceptor {
|
|
|
359
394
|
taskId: input.taskId,
|
|
360
395
|
workflowId: input.workflowId,
|
|
361
396
|
currency: input.currency,
|
|
362
|
-
agentSubject: input.agentSubject,
|
|
397
|
+
agentSubject: input.agentSubject ?? agentContext?.operatorDid,
|
|
363
398
|
approvalToken: input.approvalToken,
|
|
364
399
|
idempotencyKey: input.idempotencyKey,
|
|
400
|
+
modelFamily: agentContext?.modelFamily,
|
|
401
|
+
configHashHex: agentContext?.configHashHex,
|
|
402
|
+
promptHashHex: agentContext?.promptHashHex,
|
|
365
403
|
},
|
|
366
404
|
};
|
|
367
405
|
}
|
|
@@ -392,6 +430,7 @@ export class PaybondToolInterceptor {
|
|
|
392
430
|
tool_call_id: options.toolCallId,
|
|
393
431
|
evidence_preset: options.entry.evidencePreset,
|
|
394
432
|
decision_id: options.auth.decisionId,
|
|
433
|
+
external_attestations: options.externalAttestations ?? [],
|
|
395
434
|
},
|
|
396
435
|
idempotencyKey,
|
|
397
436
|
});
|
|
@@ -420,6 +459,8 @@ export class PaybondToolInterceptor {
|
|
|
420
459
|
const result = await this.host.harbor.submitEvidence(this.binding.intentId, wire, {
|
|
421
460
|
idempotencyKey,
|
|
422
461
|
recognitionProof,
|
|
462
|
+
agentReceiptAttestations: options.externalAttestations ?? [],
|
|
463
|
+
agentReceiptSourceRunId: this.binding.runId,
|
|
423
464
|
});
|
|
424
465
|
const resultRecord = result;
|
|
425
466
|
const intentState = typeof resultRecord.intent_state === "string"
|
|
@@ -432,11 +473,19 @@ export class PaybondToolInterceptor {
|
|
|
432
473
|
: typeof resultRecord.predicatePassed === "boolean"
|
|
433
474
|
? resultRecord.predicatePassed
|
|
434
475
|
: undefined;
|
|
476
|
+
const payloadDigestSha256Hex = typeof resultRecord.payload_digest === "string"
|
|
477
|
+
? resultRecord.payload_digest.trim().toLowerCase() || undefined
|
|
478
|
+
: undefined;
|
|
479
|
+
const artifactsDigestSha256Hex = typeof resultRecord.artifacts_digest === "string"
|
|
480
|
+
? resultRecord.artifacts_digest.trim().toLowerCase() || undefined
|
|
481
|
+
: undefined;
|
|
435
482
|
return {
|
|
436
483
|
submitted: true,
|
|
437
484
|
intentId: this.binding.intentId,
|
|
438
485
|
intentState,
|
|
439
486
|
predicatePassed,
|
|
487
|
+
payloadDigestSha256Hex,
|
|
488
|
+
artifactsDigestSha256Hex,
|
|
440
489
|
};
|
|
441
490
|
}
|
|
442
491
|
catch (err) {
|
|
@@ -446,4 +495,135 @@ export class PaybondToolInterceptor {
|
|
|
446
495
|
throw new PaybondAutoEvidenceSubmitError(options.toolResult, err);
|
|
447
496
|
}
|
|
448
497
|
}
|
|
498
|
+
/**
|
|
499
|
+
* Composes an unsigned Agent Receipt Standard draft (Phase 1) after a successful
|
|
500
|
+
* authorize → execute → evidence cycle. Never signed or persisted here; Phase 2 covers
|
|
501
|
+
* compose/sign/persist. Best-effort: returns `undefined` instead of throwing whenever
|
|
502
|
+
* required receipt fields (agent context, principal/operator DID, policy template, pinned
|
|
503
|
+
* policy digest, or a Harbor decision id) are unavailable on this binding or call.
|
|
504
|
+
*/
|
|
505
|
+
buildReceiptDraft(options) {
|
|
506
|
+
try {
|
|
507
|
+
const agentContext = this.binding.agentContext;
|
|
508
|
+
if (!agentContext?.operatorDid || !agentContext.principalDid || !agentContext.policyTemplateId) {
|
|
509
|
+
return undefined;
|
|
510
|
+
}
|
|
511
|
+
if (!agentContext.configHashHex || !agentContext.promptHashHex) {
|
|
512
|
+
return undefined;
|
|
513
|
+
}
|
|
514
|
+
if (!options.auth.decisionId || !options.policyDigest) {
|
|
515
|
+
return undefined;
|
|
516
|
+
}
|
|
517
|
+
const actorSubject = options.agentSubject ?? agentContext.operatorDid;
|
|
518
|
+
const bareDigest = options.policyDigest.startsWith("sha256:")
|
|
519
|
+
? options.policyDigest.slice("sha256:".length)
|
|
520
|
+
: options.policyDigest;
|
|
521
|
+
const completedAtMs = Date.now();
|
|
522
|
+
const argumentsDigest = valueDigestSha256Hex(options.arguments);
|
|
523
|
+
let resultDigest;
|
|
524
|
+
try {
|
|
525
|
+
resultDigest = valueDigestSha256Hex(options.toolResult);
|
|
526
|
+
}
|
|
527
|
+
catch {
|
|
528
|
+
resultDigest = undefined;
|
|
529
|
+
}
|
|
530
|
+
const harborState = options.evidence.intentState ?? options.evidence.sandboxLifecycleStatus ?? "evidence_submitted";
|
|
531
|
+
let merchant;
|
|
532
|
+
let evidenceBlock;
|
|
533
|
+
const payeeDid = this.binding.productionEvidence?.payeeDid;
|
|
534
|
+
if (payeeDid && options.evidence.payloadDigestSha256Hex) {
|
|
535
|
+
merchant = {
|
|
536
|
+
payee_did: payeeDid,
|
|
537
|
+
vendor_id: options.vendorId,
|
|
538
|
+
};
|
|
539
|
+
evidenceBlock = {
|
|
540
|
+
completion_preset_id: options.entry.evidencePreset,
|
|
541
|
+
payload_digest_sha256_hex: options.evidence.payloadDigestSha256Hex,
|
|
542
|
+
artifacts_digest_sha256_hex: options.evidence.artifactsDigestSha256Hex,
|
|
543
|
+
predicate_passed: options.evidence.predicatePassed ?? false,
|
|
544
|
+
payee_did: payeeDid,
|
|
545
|
+
};
|
|
546
|
+
}
|
|
547
|
+
const draft = {
|
|
548
|
+
schema_version: AGENT_RECEIPT_SCHEMA_VERSION,
|
|
549
|
+
kind: AGENT_RECEIPT_KIND_V1,
|
|
550
|
+
receipt_version: AGENT_RECEIPT_VERSION_V1,
|
|
551
|
+
scope: AGENT_RECEIPT_SCOPE_ACTION,
|
|
552
|
+
receipt_id: actionReceiptId(this.binding.intentId, options.toolCallId),
|
|
553
|
+
issued_at: new Date(completedAtMs).toISOString(),
|
|
554
|
+
tenant_id: this.binding.tenantId,
|
|
555
|
+
authorization: {
|
|
556
|
+
principal_did: agentContext.principalDid,
|
|
557
|
+
actor_subject: actorSubject,
|
|
558
|
+
agent: {
|
|
559
|
+
operator_did: agentContext.operatorDid,
|
|
560
|
+
model_family: agentContext.modelFamily,
|
|
561
|
+
model_instance_id: agentContext.modelInstanceId,
|
|
562
|
+
config_hash_sha256_hex: agentContext.configHashHex,
|
|
563
|
+
prompt_hash_sha256_hex: agentContext.promptHashHex,
|
|
564
|
+
},
|
|
565
|
+
decision_id: options.auth.decisionId,
|
|
566
|
+
audit_id: options.auth.auditId,
|
|
567
|
+
policy: {
|
|
568
|
+
template_id: agentContext.policyTemplateId,
|
|
569
|
+
content_digest_sha256_hex: bareDigest,
|
|
570
|
+
},
|
|
571
|
+
authorized_at: new Date(options.authorizedAtMs).toISOString(),
|
|
572
|
+
requested_spend_cents: options.requestedSpendCents,
|
|
573
|
+
currency: options.currency ?? "usd",
|
|
574
|
+
},
|
|
575
|
+
execution: {
|
|
576
|
+
run_id: this.binding.runId,
|
|
577
|
+
tool_call_id: options.toolCallId,
|
|
578
|
+
tool_name: options.toolName,
|
|
579
|
+
operation: options.operation,
|
|
580
|
+
arguments_digest_sha256_hex: argumentsDigest,
|
|
581
|
+
result_digest_sha256_hex: resultDigest,
|
|
582
|
+
outcome: "executed",
|
|
583
|
+
started_at: new Date(options.executeStartedAt).toISOString(),
|
|
584
|
+
completed_at: new Date(completedAtMs).toISOString(),
|
|
585
|
+
duration_ms: completedAtMs - options.executeStartedAt,
|
|
586
|
+
},
|
|
587
|
+
merchant,
|
|
588
|
+
evidence: evidenceBlock,
|
|
589
|
+
outcome: {
|
|
590
|
+
harbor_state: harborState,
|
|
591
|
+
spend_reservation_outcome: "consumed",
|
|
592
|
+
predicate_passed: options.evidence.predicatePassed ?? undefined,
|
|
593
|
+
},
|
|
594
|
+
references: {
|
|
595
|
+
intent_id: this.binding.intentId,
|
|
596
|
+
settlement_receipt_id: null,
|
|
597
|
+
},
|
|
598
|
+
external_attestations: options.externalAttestations ?? [],
|
|
599
|
+
signing_algorithm: AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519,
|
|
600
|
+
message_digest_sha256_hex: "",
|
|
601
|
+
signing_public_key_ed25519_hex: "",
|
|
602
|
+
ed25519_signature_hex: "",
|
|
603
|
+
};
|
|
604
|
+
draft.message_digest_sha256_hex = agentReceiptMessageDigestSha256Hex(draft);
|
|
605
|
+
return draft;
|
|
606
|
+
}
|
|
607
|
+
catch {
|
|
608
|
+
// Draft composition is always best-effort; never fails tool execution (Phase 1).
|
|
609
|
+
return undefined;
|
|
610
|
+
}
|
|
611
|
+
}
|
|
612
|
+
resolveToolExternalAttestations(entry, toolResult, ctx) {
|
|
613
|
+
const mapper = entry.externalAttestationMapper;
|
|
614
|
+
if (!mapper) {
|
|
615
|
+
return [];
|
|
616
|
+
}
|
|
617
|
+
try {
|
|
618
|
+
const mapped = mapper(toolResult, ctx);
|
|
619
|
+
if (!mapped) {
|
|
620
|
+
return [];
|
|
621
|
+
}
|
|
622
|
+
const inputs = Array.isArray(mapped) ? mapped : [mapped];
|
|
623
|
+
return resolveExternalAttestations(inputs);
|
|
624
|
+
}
|
|
625
|
+
catch {
|
|
626
|
+
return [];
|
|
627
|
+
}
|
|
628
|
+
}
|
|
449
629
|
}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
import { type AgentReceiptV1 } from "../agent-receipt.js";
|
|
2
|
+
import type { PaybondGenericWrappedToolDefinition } from "./adapter.js";
|
|
3
|
+
import type { PaybondAgentInput, PaybondAgentResult } from "./facade.js";
|
|
4
|
+
export type VerifyAgentReceiptV1Result = {
|
|
5
|
+
valid: boolean;
|
|
6
|
+
kind: string;
|
|
7
|
+
receipt_id: string;
|
|
8
|
+
tenant_id: string;
|
|
9
|
+
receipt: AgentReceiptV1;
|
|
10
|
+
};
|
|
11
|
+
type AgentReceiptProtocolClient = {
|
|
12
|
+
getAgentReceiptV1ByID(receiptId: string): Promise<AgentReceiptV1>;
|
|
13
|
+
getAgentReceiptV1ByIntentToolCall(init: {
|
|
14
|
+
intentId: string;
|
|
15
|
+
toolCallId: string;
|
|
16
|
+
}): Promise<AgentReceiptV1>;
|
|
17
|
+
verifyAgentReceiptV1(receipt: AgentReceiptV1 | Record<string, unknown>): Promise<VerifyAgentReceiptV1Result>;
|
|
18
|
+
};
|
|
19
|
+
export type GetAgentReceiptInput = {
|
|
20
|
+
receiptId: string;
|
|
21
|
+
intentId?: never;
|
|
22
|
+
toolCallId?: never;
|
|
23
|
+
} | {
|
|
24
|
+
intentId: string;
|
|
25
|
+
toolCallId: string;
|
|
26
|
+
receiptId?: never;
|
|
27
|
+
};
|
|
28
|
+
/**
|
|
29
|
+
* Callable `paybond.agent({...})` surface with receipt helpers attached.
|
|
30
|
+
*
|
|
31
|
+
* The generic framework (the default when `framework` is omitted or `"generic"`)
|
|
32
|
+
* normalizes a `{ name: execute }` record or `{ name, execute }[]` into
|
|
33
|
+
* middleware-wrapped tools, so `result.tools` is a
|
|
34
|
+
* {@link PaybondGenericWrappedToolDefinition} array regardless of the input shape.
|
|
35
|
+
* Framework-native paths (`vercel-ai`, `openai-agents`, `langgraph`, ...) preserve
|
|
36
|
+
* the caller's tool shape, so `result.tools` matches the input tools type.
|
|
37
|
+
*/
|
|
38
|
+
export type PaybondAgentCallable = {
|
|
39
|
+
<TTools = unknown>(input: PaybondAgentInput<TTools> & {
|
|
40
|
+
framework?: "generic";
|
|
41
|
+
}): Promise<PaybondAgentResult<PaybondGenericWrappedToolDefinition[]>>;
|
|
42
|
+
<TTools>(input: PaybondAgentInput<TTools>): Promise<PaybondAgentResult<TTools>>;
|
|
43
|
+
getReceipt(input: GetAgentReceiptInput): Promise<AgentReceiptV1>;
|
|
44
|
+
verifyReceipt(receipt: AgentReceiptV1, options?: {
|
|
45
|
+
offline?: boolean;
|
|
46
|
+
}): Promise<VerifyAgentReceiptV1Result | AgentReceiptV1>;
|
|
47
|
+
};
|
|
48
|
+
/** Tenant-bound agent quickstart plus receipt fetch/verify helpers. */
|
|
49
|
+
export declare class PaybondAgentFacade {
|
|
50
|
+
private readonly protocol;
|
|
51
|
+
private readonly invokeAgent?;
|
|
52
|
+
constructor(protocol: AgentReceiptProtocolClient, invokeAgent?: ((input: PaybondAgentInput) => Promise<PaybondAgentResult>) | undefined);
|
|
53
|
+
/** Fetch a signed `paybond.agent_receipt_v1` by receipt id or intent/tool-call lookup. */
|
|
54
|
+
getReceipt(input: GetAgentReceiptInput): Promise<AgentReceiptV1>;
|
|
55
|
+
/** Verify a signed agent receipt via Gateway or locally with {@link verifyAgentReceiptV1}. */
|
|
56
|
+
verifyReceipt(receipt: AgentReceiptV1, options?: {
|
|
57
|
+
offline?: boolean;
|
|
58
|
+
}): Promise<VerifyAgentReceiptV1Result | AgentReceiptV1>;
|
|
59
|
+
/** Opinionated quickstart: resolve policy presets and wire framework tools. */
|
|
60
|
+
call(input: PaybondAgentInput): Promise<PaybondAgentResult>;
|
|
61
|
+
}
|
|
62
|
+
/** Callable `paybond.agent({...})` surface with receipt helpers attached. */
|
|
63
|
+
export declare function createPaybondAgentCallable(protocol: AgentReceiptProtocolClient, invokeAgent: (input: PaybondAgentInput) => Promise<PaybondAgentResult>): PaybondAgentCallable;
|
|
64
|
+
export {};
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import { verifyAgentReceiptV1, } from "../agent-receipt.js";
|
|
2
|
+
/** Tenant-bound agent quickstart plus receipt fetch/verify helpers. */
|
|
3
|
+
export class PaybondAgentFacade {
|
|
4
|
+
protocol;
|
|
5
|
+
invokeAgent;
|
|
6
|
+
constructor(protocol, invokeAgent) {
|
|
7
|
+
this.protocol = protocol;
|
|
8
|
+
this.invokeAgent = invokeAgent;
|
|
9
|
+
}
|
|
10
|
+
/** Fetch a signed `paybond.agent_receipt_v1` by receipt id or intent/tool-call lookup. */
|
|
11
|
+
async getReceipt(input) {
|
|
12
|
+
if ("receiptId" in input && input.receiptId?.trim()) {
|
|
13
|
+
return this.protocol.getAgentReceiptV1ByID(input.receiptId.trim());
|
|
14
|
+
}
|
|
15
|
+
if (input.intentId?.trim() && input.toolCallId?.trim()) {
|
|
16
|
+
return this.protocol.getAgentReceiptV1ByIntentToolCall({
|
|
17
|
+
intentId: input.intentId.trim(),
|
|
18
|
+
toolCallId: input.toolCallId.trim(),
|
|
19
|
+
});
|
|
20
|
+
}
|
|
21
|
+
throw new Error("getReceipt requires receiptId or intentId + toolCallId");
|
|
22
|
+
}
|
|
23
|
+
/** Verify a signed agent receipt via Gateway or locally with {@link verifyAgentReceiptV1}. */
|
|
24
|
+
async verifyReceipt(receipt, options) {
|
|
25
|
+
if (options?.offline) {
|
|
26
|
+
return verifyAgentReceiptV1(receipt);
|
|
27
|
+
}
|
|
28
|
+
return this.protocol.verifyAgentReceiptV1(receipt);
|
|
29
|
+
}
|
|
30
|
+
/** Opinionated quickstart: resolve policy presets and wire framework tools. */
|
|
31
|
+
async call(input) {
|
|
32
|
+
if (!this.invokeAgent) {
|
|
33
|
+
throw new Error("paybond.agent() requires a hosted Paybond session");
|
|
34
|
+
}
|
|
35
|
+
return this.invokeAgent(input);
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
/** Callable `paybond.agent({...})` surface with receipt helpers attached. */
|
|
39
|
+
export function createPaybondAgentCallable(protocol, invokeAgent) {
|
|
40
|
+
const facade = new PaybondAgentFacade(protocol, invokeAgent);
|
|
41
|
+
const callable = ((input) => facade.call(input));
|
|
42
|
+
callable.getReceipt = facade.getReceipt.bind(facade);
|
|
43
|
+
callable.verifyReceipt = facade.verifyReceipt.bind(facade);
|
|
44
|
+
return callable;
|
|
45
|
+
}
|
package/dist/agent/registry.js
CHANGED
package/dist/agent/run.d.ts
CHANGED
|
@@ -2,6 +2,7 @@ import { PaybondToolInterceptor } from "./interceptor.js";
|
|
|
2
2
|
import { PaybondToolRegistry } from "./registry.js";
|
|
3
3
|
import { PaybondRunBinding, PaybondAgentRunBindInput, PaybondRunGuard } from "./types.js";
|
|
4
4
|
import type { PaybondPolicySnapshot } from "../policy/snapshot.js";
|
|
5
|
+
import { type AgentReceiptExternalAttestationV1 } from "../agent-receipt.js";
|
|
5
6
|
import { type PaybondPolicyReloadFailedEvent, type PaybondPolicyReloadOptions, type PaybondPolicyReloadedEvent, type PaybondPolicyReloadResult } from "../policy/reload.js";
|
|
6
7
|
type SandboxBootstrapResult = {
|
|
7
8
|
tenant_id: string;
|
|
@@ -16,6 +17,8 @@ type SandboxGuardrailEvidenceResult = {
|
|
|
16
17
|
intent_id: string;
|
|
17
18
|
sandbox_lifecycle_status: string;
|
|
18
19
|
predicate_passed?: boolean | null;
|
|
20
|
+
payload_digest?: string;
|
|
21
|
+
artifacts_digest?: string;
|
|
19
22
|
};
|
|
20
23
|
export type PaybondSubmitProductionEvidenceInput = {
|
|
21
24
|
intentId: string;
|
|
@@ -31,6 +34,8 @@ type AgentRunHarbor = {
|
|
|
31
34
|
submitEvidence(intentId: string, evidenceBody: Record<string, unknown>, options: {
|
|
32
35
|
idempotencyKey?: string;
|
|
33
36
|
recognitionProof: Record<string, unknown>;
|
|
37
|
+
agentReceiptAttestations?: AgentReceiptExternalAttestationV1[];
|
|
38
|
+
agentReceiptSourceRunId?: string;
|
|
34
39
|
}): Promise<Record<string, unknown>>;
|
|
35
40
|
};
|
|
36
41
|
type AgentRunGuardrails = {
|
package/dist/agent/run.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { PaybondToolInterceptor } from "./interceptor.js";
|
|
2
2
|
import { PaybondAgentRunBindError, } from "./types.js";
|
|
3
|
+
import { configHashSha256Hex, promptHashSha256Hex, } from "../agent-receipt.js";
|
|
3
4
|
import { reloadPolicyOnRun, } from "../policy/reload.js";
|
|
4
5
|
import { PaybondPolicyReloadController } from "../policy/watcher.js";
|
|
5
6
|
import { resolveDevTraceSink } from "../dev/trace-buffer.js";
|
|
@@ -45,6 +46,55 @@ function normalizeProductionEvidence(raw, sandbox) {
|
|
|
45
46
|
agentRecognitionSigningSeed: raw.agentRecognitionSigningSeed,
|
|
46
47
|
};
|
|
47
48
|
}
|
|
49
|
+
/** Strips the leading `sha256:` scheme from a policy snapshot digest, if present. */
|
|
50
|
+
function bareDigestHex(digest) {
|
|
51
|
+
if (!digest) {
|
|
52
|
+
return undefined;
|
|
53
|
+
}
|
|
54
|
+
const trimmed = digest.trim();
|
|
55
|
+
return trimmed.startsWith("sha256:") ? trimmed.slice("sha256:".length) : trimmed;
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Resolves optional Agent Receipt Standard agent context at bind time: auto-computes
|
|
59
|
+
* `config_hash_hex` from {@link PaybondRunAgentContextInput.configHashMaterials} (per spec,
|
|
60
|
+
* `sha256(JCS({ system_prompt, tools_manifest, policy_snapshot_id }))`) and `prompt_hash_hex`
|
|
61
|
+
* from {@link PaybondRunAgentContextInput.normalizedUserPrompt} when precomputed hashes are not
|
|
62
|
+
* supplied directly. Raw prompt text is hashed here and discarded; only the digest is retained.
|
|
63
|
+
*/
|
|
64
|
+
function resolveAgentContext(input, snapshot) {
|
|
65
|
+
if (!input) {
|
|
66
|
+
return undefined;
|
|
67
|
+
}
|
|
68
|
+
const modelFamily = input.modelFamily.trim();
|
|
69
|
+
if (!modelFamily) {
|
|
70
|
+
throw new PaybondAgentRunBindError("agentContext.modelFamily must be non-empty");
|
|
71
|
+
}
|
|
72
|
+
let configHashHex = input.configHashHex?.trim().toLowerCase();
|
|
73
|
+
if (!configHashHex && input.configHashMaterials) {
|
|
74
|
+
const policySnapshotId = input.configHashMaterials.policySnapshotId?.trim() || bareDigestHex(snapshot?.digest);
|
|
75
|
+
if (!policySnapshotId) {
|
|
76
|
+
throw new PaybondAgentRunBindError("agentContext.configHashMaterials.policySnapshotId is required when no policySnapshot is bound");
|
|
77
|
+
}
|
|
78
|
+
configHashHex = configHashSha256Hex({
|
|
79
|
+
system_prompt: input.configHashMaterials.systemPrompt,
|
|
80
|
+
tools_manifest: input.configHashMaterials.toolsManifest,
|
|
81
|
+
policy_snapshot_id: policySnapshotId,
|
|
82
|
+
});
|
|
83
|
+
}
|
|
84
|
+
let promptHashHex = input.promptHashHex?.trim().toLowerCase();
|
|
85
|
+
if (!promptHashHex && input.normalizedUserPrompt !== undefined) {
|
|
86
|
+
promptHashHex = promptHashSha256Hex(input.normalizedUserPrompt);
|
|
87
|
+
}
|
|
88
|
+
return {
|
|
89
|
+
modelFamily,
|
|
90
|
+
modelInstanceId: input.modelInstanceId?.trim() || undefined,
|
|
91
|
+
configHashHex,
|
|
92
|
+
promptHashHex,
|
|
93
|
+
principalDid: input.principalDid?.trim() || undefined,
|
|
94
|
+
operatorDid: input.operatorDid?.trim() || undefined,
|
|
95
|
+
policyTemplateId: input.policyTemplateId?.trim() || undefined,
|
|
96
|
+
};
|
|
97
|
+
}
|
|
48
98
|
function assertExclusiveBindMode(input) {
|
|
49
99
|
const hasBootstrap = input.bootstrap !== undefined;
|
|
50
100
|
const hasAttach = input.attach !== undefined;
|
|
@@ -268,6 +318,7 @@ export class PaybondAgentRun {
|
|
|
268
318
|
const registry = snapshot?.registry ?? input.registry;
|
|
269
319
|
registry.validateForBind(allowedTools);
|
|
270
320
|
const guard = paybond.spendGuard(intentId, capabilityToken);
|
|
321
|
+
const agentContext = resolveAgentContext(input.agentContext, snapshot);
|
|
271
322
|
const binding = {
|
|
272
323
|
runId,
|
|
273
324
|
tenantId,
|
|
@@ -280,6 +331,7 @@ export class PaybondAgentRun {
|
|
|
280
331
|
productionEvidence,
|
|
281
332
|
policySnapshot: snapshot,
|
|
282
333
|
onTrace: input.traceSink ?? input.onTrace ?? resolveDevTraceSink(),
|
|
334
|
+
agentContext,
|
|
283
335
|
};
|
|
284
336
|
const policyFilePath = input.policyFile?.trim();
|
|
285
337
|
const run = new PaybondAgentRun(binding, paybond, snapshot, policyFilePath);
|