@paybond/kit 0.11.11 → 0.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (132) hide show
  1. package/completion-presets/catalog.json +10 -5
  2. package/completion-presets/catalog.sha256 +1 -1
  3. package/dist/agent/evidence.d.ts +10 -0
  4. package/dist/agent/evidence.js +16 -0
  5. package/dist/agent/index.d.ts +3 -2
  6. package/dist/agent/index.js +2 -1
  7. package/dist/agent/interceptor.d.ts +9 -0
  8. package/dist/agent/interceptor.js +181 -1
  9. package/dist/agent/receipt-client.d.ts +64 -0
  10. package/dist/agent/receipt-client.js +45 -0
  11. package/dist/agent/registry.js +1 -0
  12. package/dist/agent/run.d.ts +5 -0
  13. package/dist/agent/run.js +52 -0
  14. package/dist/agent/types.d.ts +70 -0
  15. package/dist/agent-mandate.d.ts +103 -0
  16. package/dist/agent-mandate.js +423 -0
  17. package/dist/agent-receipt-external-attestations.d.ts +56 -0
  18. package/dist/agent-receipt-external-attestations.js +185 -0
  19. package/dist/agent-receipt-pdf-export.d.ts +43 -0
  20. package/dist/agent-receipt-pdf-export.js +109 -0
  21. package/dist/agent-receipt-prevalidate.d.ts +7 -0
  22. package/dist/agent-receipt-prevalidate.js +63 -0
  23. package/dist/agent-receipt.d.ts +154 -0
  24. package/dist/agent-receipt.js +639 -0
  25. package/dist/audit/exports.d.ts +15 -1
  26. package/dist/audit/exports.js +55 -8
  27. package/dist/audit/index.d.ts +2 -2
  28. package/dist/audit/wire.d.ts +12 -0
  29. package/dist/audit/wire.js +13 -1
  30. package/dist/cli/command-spec.js +54 -3
  31. package/dist/cli/commands/dev.js +10 -3
  32. package/dist/cli/commands/discovery.js +17 -6
  33. package/dist/cli/commands/setup.js +19 -1
  34. package/dist/cli/commands/shopify.d.ts +53 -0
  35. package/dist/cli/commands/shopify.js +808 -0
  36. package/dist/cli/help.d.ts +1 -1
  37. package/dist/cli/help.js +15 -5
  38. package/dist/cli/router.js +15 -1
  39. package/dist/commerce-binding.d.ts +59 -0
  40. package/dist/commerce-binding.js +129 -0
  41. package/dist/completion-catalog-digest.d.ts +1 -1
  42. package/dist/completion-catalog-digest.js +1 -1
  43. package/dist/doctor-completion.d.ts +16 -0
  44. package/dist/doctor-completion.js +157 -1
  45. package/dist/index.d.ts +108 -7
  46. package/dist/index.js +221 -18
  47. package/dist/mcp-receipt-resource.d.ts +10 -0
  48. package/dist/mcp-receipt-resource.js +32 -0
  49. package/dist/mcp-server.d.ts +7 -0
  50. package/dist/mcp-server.js +81 -1
  51. package/dist/mpp-commercial.d.ts +19 -0
  52. package/dist/mpp-commercial.js +34 -0
  53. package/dist/mpp-funding.d.ts +71 -0
  54. package/dist/mpp-funding.js +192 -0
  55. package/dist/payment-transport.d.ts +30 -0
  56. package/dist/payment-transport.js +56 -0
  57. package/dist/policy/intent-spec.js +2 -0
  58. package/dist/policy/presets.d.ts +1 -1
  59. package/dist/policy/presets.js +1 -0
  60. package/dist/principal-intent.d.ts +1 -1
  61. package/dist/principal-intent.js +4 -1
  62. package/dist/project-init.d.ts +1 -1
  63. package/dist/project-init.js +1 -0
  64. package/dist/protocol-receipt.d.ts +129 -0
  65. package/dist/protocol-receipt.js +620 -0
  66. package/dist/shopify/checkout.d.ts +29 -0
  67. package/dist/shopify/checkout.js +79 -0
  68. package/dist/shopify/evidence.d.ts +13 -0
  69. package/dist/shopify/evidence.js +85 -0
  70. package/dist/shopify/index.d.ts +8 -0
  71. package/dist/shopify/index.js +6 -0
  72. package/dist/shopify/instrument.d.ts +61 -0
  73. package/dist/shopify/instrument.js +52 -0
  74. package/dist/shopify/order.d.ts +8 -0
  75. package/dist/shopify/order.js +110 -0
  76. package/dist/shopify/types.d.ts +82 -0
  77. package/dist/shopify/types.js +4 -0
  78. package/dist/solutions/catalog.d.ts +1 -1
  79. package/dist/solutions/catalog.js +1 -1
  80. package/dist/stripe-commerce/evidence.d.ts +13 -0
  81. package/dist/stripe-commerce/evidence.js +164 -0
  82. package/dist/stripe-commerce/index.d.ts +3 -0
  83. package/dist/stripe-commerce/index.js +2 -0
  84. package/dist/stripe-commerce/metadata.d.ts +11 -0
  85. package/dist/stripe-commerce/metadata.js +34 -0
  86. package/dist/stripe-commerce/types.d.ts +38 -0
  87. package/dist/stripe-commerce/types.js +1 -0
  88. package/dist/template-init.d.ts +1 -1
  89. package/dist/template-init.js +6 -1
  90. package/package.json +1 -1
  91. package/policy/presets/stripe-commerce.yaml +19 -0
  92. package/solutions/stripe-commerce.json +19 -0
  93. package/templates/manifest.json +82 -10
  94. package/templates/openai-shopping-agent/package-lock.json +13 -13
  95. package/templates/openai-shopping-agent/src/paybond.config.ts +1 -1
  96. package/templates/paybond-aws-operator/package-lock.json +7 -7
  97. package/templates/paybond-aws-operator/src/paybond.config.ts +1 -1
  98. package/templates/paybond-claude-agents-demo/package-lock.json +10 -10
  99. package/templates/paybond-claude-agents-demo/src/paybond.config.ts +1 -1
  100. package/templates/paybond-mastra-travel-agent/package-lock.json +33 -33
  101. package/templates/paybond-mastra-travel-agent/src/paybond.config.ts +1 -1
  102. package/templates/paybond-mcp-coding-agent/package-lock.json +7 -7
  103. package/templates/paybond-mcp-coding-agent/src/paybond.config.ts +1 -1
  104. package/templates/paybond-openai-agents-demo/package-lock.json +13 -13
  105. package/templates/paybond-openai-agents-demo/src/paybond.config.ts +1 -1
  106. package/templates/paybond-procurement-agent/package-lock.json +7 -7
  107. package/templates/paybond-procurement-agent/src/paybond.config.ts +1 -1
  108. package/templates/paybond-shopify-shopping-agent/.env.example +3 -0
  109. package/templates/paybond-shopify-shopping-agent/.github/workflows/smoke.yml +20 -0
  110. package/templates/paybond-shopify-shopping-agent/LICENSE +201 -0
  111. package/templates/paybond-shopify-shopping-agent/README.md +29 -0
  112. package/templates/paybond-shopify-shopping-agent/package-lock.json +223 -0
  113. package/templates/paybond-shopify-shopping-agent/package.json +20 -0
  114. package/templates/paybond-shopify-shopping-agent/paybond.policy.yaml +22 -0
  115. package/templates/paybond-shopify-shopping-agent/src/index.ts +54 -0
  116. package/templates/paybond-shopify-shopping-agent/src/paybond.config.ts +51 -0
  117. package/templates/paybond-shopify-shopping-agent/tsconfig.json +13 -0
  118. package/templates/paybond-stripe-agent-demo/.env.example +9 -0
  119. package/templates/paybond-stripe-agent-demo/.github/workflows/smoke.yml +20 -0
  120. package/templates/paybond-stripe-agent-demo/LICENSE +201 -0
  121. package/templates/paybond-stripe-agent-demo/README.md +50 -0
  122. package/templates/paybond-stripe-agent-demo/package-lock.json +223 -0
  123. package/templates/paybond-stripe-agent-demo/package.json +20 -0
  124. package/templates/paybond-stripe-agent-demo/paybond.policy.yaml +22 -0
  125. package/templates/paybond-stripe-agent-demo/src/charge-customer.ts +237 -0
  126. package/templates/paybond-stripe-agent-demo/src/index.ts +78 -0
  127. package/templates/paybond-stripe-agent-demo/src/paybond.config.ts +51 -0
  128. package/templates/paybond-stripe-agent-demo/tsconfig.json +13 -0
  129. package/templates/paybond-travel-agent/package-lock.json +13 -13
  130. package/templates/paybond-travel-agent/src/paybond.config.ts +1 -1
  131. package/templates/paybond-vercel-shopping-agent/package-lock.json +7 -7
  132. package/templates/paybond-vercel-shopping-agent/src/paybond.config.ts +1 -1
@@ -0,0 +1,56 @@
1
+ /**
2
+ * Maps partner attestation artifacts into Agent Receipt `external_attestations` entries.
3
+ *
4
+ * Partner digests are SHA-256 of canonical JSON (signature fields stripped for SEP-2828).
5
+ * These entries are never canonical inside Paybond; they provide interop hooks only.
6
+ */
7
+ import type { AgentReceiptExternalAttestationV1 } from "./agent-receipt.js";
8
+ export declare const AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828 = "sep2828_mcp";
9
+ export declare const AGENT_RECEIPT_EXTERNAL_SOURCE_X402 = "x402";
10
+ export declare const AGENT_RECEIPT_EXTERNAL_SOURCE_AP2 = "ap2";
11
+ /** SHA-256 hex digest of canonical JSON bytes. */
12
+ export declare function partnerRecordDigestSha256Hex(record: Record<string, unknown>): string;
13
+ /**
14
+ * Converts verified SEP-2828 decision/outcome records into external attestation entries.
15
+ */
16
+ export declare function sep2828RecordsToExternalAttestations(decisionInput: Record<string, unknown>, outcomeInput: Record<string, unknown>): AgentReceiptExternalAttestationV1[];
17
+ /**
18
+ * Converts a verified x402 signed delivery receipt into one external attestation entry.
19
+ */
20
+ export declare function x402ReceiptToExternalAttestations(receiptInput: Record<string, unknown>): AgentReceiptExternalAttestationV1[];
21
+ /**
22
+ * Converts a verified signed AP2 agent mandate into one external attestation entry.
23
+ */
24
+ export declare function signedMandateToExternalAttestations(signed: Record<string, unknown>, transportBinding?: {
25
+ external_authorization_id?: string;
26
+ }): AgentReceiptExternalAttestationV1[];
27
+ /**
28
+ * Converts a verified AP2 protocol authorization receipt into one external attestation entry.
29
+ */
30
+ export declare function protocolAuthorizationReceiptToExternalAttestations(receipt: Record<string, unknown>): AgentReceiptExternalAttestationV1[];
31
+ /**
32
+ * Converts a verified AP2 protocol settlement receipt into one external attestation entry.
33
+ */
34
+ export declare function protocolSettlementReceiptToExternalAttestations(receipt: Record<string, unknown>): AgentReceiptExternalAttestationV1[];
35
+ export type PaybondExternalAttestationInput = {
36
+ kind: "sep2828";
37
+ decision: Record<string, unknown>;
38
+ outcome: Record<string, unknown>;
39
+ } | {
40
+ kind: "x402";
41
+ receipt: Record<string, unknown>;
42
+ } | {
43
+ kind: "ap2_mandate";
44
+ signedMandate: Record<string, unknown>;
45
+ transportBinding?: {
46
+ external_authorization_id?: string;
47
+ };
48
+ } | {
49
+ kind: "ap2_authorization_receipt";
50
+ receipt: Record<string, unknown>;
51
+ } | {
52
+ kind: "ap2_settlement_receipt";
53
+ receipt: Record<string, unknown>;
54
+ } | AgentReceiptExternalAttestationV1;
55
+ /** Resolves pre-built or partner-native attestation inputs into normalized receipt entries. */
56
+ export declare function resolveExternalAttestations(inputs: readonly PaybondExternalAttestationInput[]): AgentReceiptExternalAttestationV1[];
@@ -0,0 +1,185 @@
1
+ /**
2
+ * Maps partner attestation artifacts into Agent Receipt `external_attestations` entries.
3
+ *
4
+ * Partner digests are SHA-256 of canonical JSON (signature fields stripped for SEP-2828).
5
+ * These entries are never canonical inside Paybond; they provide interop hooks only.
6
+ */
7
+ import { createHash } from "node:crypto";
8
+ import { readString, verifySignedAgentMandateV1 } from "./agent-mandate.js";
9
+ import { normalizeJson } from "./json-digest.js";
10
+ import { verifyProtocolAuthorizationReceiptV1, verifyProtocolSettlementReceiptV1, } from "./protocol-receipt.js";
11
+ import { stripDigestPrefix } from "./mcp-sep2828-evidence.js";
12
+ import { verifySep2828ReceiptPair } from "./sep2828-signature.js";
13
+ import { buildX402ReceiptDigestPayload, } from "./x402-receipt-evidence.js";
14
+ import { extractSignedX402Receipt, verifySignedX402Receipt } from "./x402-receipt-signature.js";
15
+ export const AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828 = "sep2828_mcp";
16
+ export const AGENT_RECEIPT_EXTERNAL_SOURCE_X402 = "x402";
17
+ export const AGENT_RECEIPT_EXTERNAL_SOURCE_AP2 = "ap2";
18
+ const SEP2828_SIGNATURE_KEYS = new Set([
19
+ "signature",
20
+ "ed25519_signature_hex",
21
+ "message_digest_sha256_hex",
22
+ "signing_public_key_ed25519_hex",
23
+ ]);
24
+ const SEP2828_ASSERTED_BLOCKS = ["issuerAsserted", "receiptAsserted"];
25
+ function readObject(value) {
26
+ if (value !== null && typeof value === "object" && !Array.isArray(value)) {
27
+ return value;
28
+ }
29
+ return undefined;
30
+ }
31
+ function canonicalJsonBytes(value) {
32
+ return new TextEncoder().encode(JSON.stringify(normalizeJson(value)));
33
+ }
34
+ /** SHA-256 hex digest of canonical JSON bytes. */
35
+ export function partnerRecordDigestSha256Hex(record) {
36
+ return createHash("sha256").update(Buffer.from(canonicalJsonBytes(record))).digest("hex");
37
+ }
38
+ function stripSep2828SignatureFields(record) {
39
+ const out = {};
40
+ for (const [key, value] of Object.entries(record)) {
41
+ if (SEP2828_SIGNATURE_KEYS.has(key)) {
42
+ continue;
43
+ }
44
+ if (SEP2828_ASSERTED_BLOCKS.includes(key)) {
45
+ const asserted = readObject(value);
46
+ if (!asserted) {
47
+ continue;
48
+ }
49
+ const stripped = {};
50
+ for (const [innerKey, innerValue] of Object.entries(asserted)) {
51
+ if (!SEP2828_SIGNATURE_KEYS.has(innerKey)) {
52
+ stripped[innerKey] = innerValue;
53
+ }
54
+ }
55
+ if (Object.keys(stripped).length > 0) {
56
+ out[key] = stripped;
57
+ }
58
+ continue;
59
+ }
60
+ out[key] = value;
61
+ }
62
+ return out;
63
+ }
64
+ function sep2828RecordDigest(record) {
65
+ return partnerRecordDigestSha256Hex(stripSep2828SignatureFields(record));
66
+ }
67
+ function x402PayloadDigestSha256Hex(payload) {
68
+ return partnerRecordDigestSha256Hex(payload);
69
+ }
70
+ /**
71
+ * Converts verified SEP-2828 decision/outcome records into external attestation entries.
72
+ */
73
+ export function sep2828RecordsToExternalAttestations(decisionInput, outcomeInput) {
74
+ verifySep2828ReceiptPair(decisionInput, outcomeInput);
75
+ const decisionBackLink = readObject(decisionInput.backLink);
76
+ const referenceID = typeof decisionBackLink?.attestationDigest === "string"
77
+ ? stripDigestPrefix(decisionBackLink.attestationDigest)
78
+ : undefined;
79
+ return [
80
+ {
81
+ source: AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828,
82
+ kind: "decision_record",
83
+ digest_sha256_hex: sep2828RecordDigest(decisionInput),
84
+ reference_id: referenceID,
85
+ },
86
+ {
87
+ source: AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828,
88
+ kind: "outcome_record",
89
+ digest_sha256_hex: sep2828RecordDigest(outcomeInput),
90
+ reference_id: referenceID,
91
+ },
92
+ ];
93
+ }
94
+ /**
95
+ * Converts a verified x402 signed delivery receipt into one external attestation entry.
96
+ */
97
+ export function x402ReceiptToExternalAttestations(receiptInput) {
98
+ const signed = extractSignedX402Receipt(receiptInput);
99
+ const verifiedPayload = verifySignedX402Receipt(signed);
100
+ const payload = buildX402ReceiptDigestPayload(verifiedPayload);
101
+ return [
102
+ {
103
+ source: AGENT_RECEIPT_EXTERNAL_SOURCE_X402,
104
+ kind: "delivery_receipt_v1",
105
+ digest_sha256_hex: x402PayloadDigestSha256Hex(payload),
106
+ reference_id: payload.resourceUrl,
107
+ },
108
+ ];
109
+ }
110
+ /**
111
+ * Converts a verified signed AP2 agent mandate into one external attestation entry.
112
+ */
113
+ export function signedMandateToExternalAttestations(signed, transportBinding) {
114
+ verifySignedAgentMandateV1(signed);
115
+ const digest = readString(signed.message_digest_sha256_hex).trim().toLowerCase();
116
+ const externalAuthorizationId = transportBinding?.external_authorization_id?.trim();
117
+ const nonce = readString(signed.nonce).trim();
118
+ const referenceID = externalAuthorizationId || nonce || undefined;
119
+ return [
120
+ {
121
+ source: AGENT_RECEIPT_EXTERNAL_SOURCE_AP2,
122
+ kind: "agent_mandate_v1",
123
+ digest_sha256_hex: digest,
124
+ reference_id: referenceID,
125
+ },
126
+ ];
127
+ }
128
+ /**
129
+ * Converts a verified AP2 protocol authorization receipt into one external attestation entry.
130
+ */
131
+ export function protocolAuthorizationReceiptToExternalAttestations(receipt) {
132
+ const verified = verifyProtocolAuthorizationReceiptV1(receipt);
133
+ return [
134
+ {
135
+ source: AGENT_RECEIPT_EXTERNAL_SOURCE_AP2,
136
+ kind: "protocol_authorization_receipt_v1",
137
+ digest_sha256_hex: verified.message_digest_sha256_hex,
138
+ reference_id: verified.intent_id,
139
+ },
140
+ ];
141
+ }
142
+ /**
143
+ * Converts a verified AP2 protocol settlement receipt into one external attestation entry.
144
+ */
145
+ export function protocolSettlementReceiptToExternalAttestations(receipt) {
146
+ const verified = verifyProtocolSettlementReceiptV1(receipt);
147
+ return [
148
+ {
149
+ source: AGENT_RECEIPT_EXTERNAL_SOURCE_AP2,
150
+ kind: "protocol_settlement_receipt_v1",
151
+ digest_sha256_hex: verified.message_digest_sha256_hex,
152
+ reference_id: verified.intent_id,
153
+ },
154
+ ];
155
+ }
156
+ /** Resolves pre-built or partner-native attestation inputs into normalized receipt entries. */
157
+ export function resolveExternalAttestations(inputs) {
158
+ const out = [];
159
+ for (const input of inputs) {
160
+ if ("source" in input && "digest_sha256_hex" in input) {
161
+ out.push(input);
162
+ continue;
163
+ }
164
+ if (input.kind === "sep2828") {
165
+ out.push(...sep2828RecordsToExternalAttestations(input.decision, input.outcome));
166
+ continue;
167
+ }
168
+ if (input.kind === "x402") {
169
+ out.push(...x402ReceiptToExternalAttestations(input.receipt));
170
+ continue;
171
+ }
172
+ if (input.kind === "ap2_mandate") {
173
+ out.push(...signedMandateToExternalAttestations(input.signedMandate, input.transportBinding));
174
+ continue;
175
+ }
176
+ if (input.kind === "ap2_authorization_receipt") {
177
+ out.push(...protocolAuthorizationReceiptToExternalAttestations(input.receipt));
178
+ continue;
179
+ }
180
+ if (input.kind === "ap2_settlement_receipt") {
181
+ out.push(...protocolSettlementReceiptToExternalAttestations(input.receipt));
182
+ }
183
+ }
184
+ return out;
185
+ }
@@ -0,0 +1,43 @@
1
+ import { type AgentReceiptV1, type VerifyAgentReceiptV1Options } from "./agent-receipt.js";
2
+ export declare const AGENT_RECEIPT_PDF_EXPORT_MANIFEST_SCHEMA_VERSION = 1;
3
+ export declare const AGENT_RECEIPT_PDF_EXPORT_MANIFEST_KIND = "paybond.agent_receipt_pdf_export_manifest_v1";
4
+ export declare const AGENT_RECEIPT_PDF_EXPORT_DERIVED_VIEW_LABEL = "Derived from paybond.agent_receipt_v1";
5
+ export declare const FORBIDDEN_PDF_EXPORT_MANIFEST_FIELDS: readonly ["embedded_receipt_json", "receipt_json", "unsigned_receipt", "canonical_receipt", "user_prompt", "system_prompt", "tool_arguments", "tool_results", "evidence_payload", "payee_signature"];
6
+ export type AgentReceiptPDFExportSourceKind = "gateway_fetch" | "audit_export" | "local_file";
7
+ export type AgentReceiptPDFExportFooterStamp = {
8
+ label: typeof AGENT_RECEIPT_PDF_EXPORT_DERIVED_VIEW_LABEL;
9
+ receipt_id: string;
10
+ message_digest_sha256_hex: string;
11
+ verify_endpoint?: string;
12
+ };
13
+ export type AgentReceiptPDFExportManifest = {
14
+ schema_version: typeof AGENT_RECEIPT_PDF_EXPORT_MANIFEST_SCHEMA_VERSION;
15
+ kind: typeof AGENT_RECEIPT_PDF_EXPORT_MANIFEST_KIND;
16
+ receipt_id: string;
17
+ message_digest_sha256_hex: string;
18
+ source_kind: AgentReceiptPDFExportSourceKind;
19
+ source_artifact?: string;
20
+ generated_at_rfc3339: string;
21
+ renderer_id?: string;
22
+ pdf_sha256_hex?: string;
23
+ pdf_page_count?: number;
24
+ derived_view_label: typeof AGENT_RECEIPT_PDF_EXPORT_DERIVED_VIEW_LABEL;
25
+ footer_stamp: AgentReceiptPDFExportFooterStamp;
26
+ };
27
+ /** Reject authority-embedding fields and validate against the published Draft 2020-12 schema. */
28
+ export declare function validateAgentReceiptPDFExportManifestJSON(value: unknown): AgentReceiptPDFExportManifest;
29
+ export declare function parseAgentReceiptPDFExportManifestJSON(raw: string | Uint8Array): AgentReceiptPDFExportManifest;
30
+ export type GateAgentReceiptPDFExportInput = {
31
+ receiptJSON: string | Uint8Array;
32
+ manifestJSON: string | Uint8Array;
33
+ pdfBytes?: Uint8Array;
34
+ verifyOptions?: VerifyAgentReceiptV1Options;
35
+ };
36
+ /**
37
+ * Enforces the PDF export verification gate before rendering or accepting a derived PDF.
38
+ * Verify signed JSON first, bind manifest/footer stamps, optionally verify PDF bytes hash.
39
+ */
40
+ export declare function gateAgentReceiptPDFExport(input: GateAgentReceiptPDFExportInput): Promise<{
41
+ receipt: AgentReceiptV1;
42
+ manifest: AgentReceiptPDFExportManifest;
43
+ }>;
@@ -0,0 +1,109 @@
1
+ import { createHash } from "node:crypto";
2
+ import { readFileSync } from "node:fs";
3
+ import { dirname, join } from "node:path";
4
+ import { fileURLToPath } from "node:url";
5
+ import { Ajv2020 } from "ajv/dist/2020.js";
6
+ import { verifyAgentReceiptV1FromJSON, } from "./agent-receipt.js";
7
+ const MODULE_DIR = dirname(fileURLToPath(import.meta.url));
8
+ const AGENT_RECEIPT_DIR = join(MODULE_DIR, "../../agent-receipt");
9
+ export const AGENT_RECEIPT_PDF_EXPORT_MANIFEST_SCHEMA_VERSION = 1;
10
+ export const AGENT_RECEIPT_PDF_EXPORT_MANIFEST_KIND = "paybond.agent_receipt_pdf_export_manifest_v1";
11
+ export const AGENT_RECEIPT_PDF_EXPORT_DERIVED_VIEW_LABEL = "Derived from paybond.agent_receipt_v1";
12
+ export const FORBIDDEN_PDF_EXPORT_MANIFEST_FIELDS = [
13
+ "embedded_receipt_json",
14
+ "receipt_json",
15
+ "unsigned_receipt",
16
+ "canonical_receipt",
17
+ "user_prompt",
18
+ "system_prompt",
19
+ "tool_arguments",
20
+ "tool_results",
21
+ "evidence_payload",
22
+ "payee_signature",
23
+ ];
24
+ let manifestSchemaValidator;
25
+ function manifestSchemaValidate() {
26
+ if (!manifestSchemaValidator) {
27
+ const ajv = new Ajv2020({ allErrors: true, strict: false });
28
+ const schema = JSON.parse(readFileSync(join(AGENT_RECEIPT_DIR, "pdf-export-manifest-schema.json"), "utf8"));
29
+ manifestSchemaValidator = ajv.compile(schema);
30
+ }
31
+ return manifestSchemaValidator;
32
+ }
33
+ function rejectForbiddenPDFExportManifestFields(value) {
34
+ if (Array.isArray(value)) {
35
+ for (const item of value) {
36
+ rejectForbiddenPDFExportManifestFields(item);
37
+ }
38
+ return;
39
+ }
40
+ if (!value || typeof value !== "object") {
41
+ return;
42
+ }
43
+ const record = value;
44
+ for (const [key, child] of Object.entries(record)) {
45
+ if (FORBIDDEN_PDF_EXPORT_MANIFEST_FIELDS.includes(key)) {
46
+ throw new Error(`agent receipt pdf export manifest: forbidden field ${JSON.stringify(key)}`);
47
+ }
48
+ rejectForbiddenPDFExportManifestFields(child);
49
+ }
50
+ }
51
+ /** Reject authority-embedding fields and validate against the published Draft 2020-12 schema. */
52
+ export function validateAgentReceiptPDFExportManifestJSON(value) {
53
+ rejectForbiddenPDFExportManifestFields(value);
54
+ const validate = manifestSchemaValidate();
55
+ if (!validate(value)) {
56
+ throw new Error(`agent receipt pdf export manifest: schema validation failed: ${JSON.stringify(validate.errors ?? [])}`);
57
+ }
58
+ return value;
59
+ }
60
+ export function parseAgentReceiptPDFExportManifestJSON(raw) {
61
+ const text = typeof raw === "string" ? raw : new TextDecoder().decode(raw);
62
+ let parsed;
63
+ try {
64
+ parsed = JSON.parse(text);
65
+ }
66
+ catch {
67
+ throw new Error("agent receipt pdf export manifest: invalid JSON");
68
+ }
69
+ return validateAgentReceiptPDFExportManifestJSON(parsed);
70
+ }
71
+ function assertManifestMatchesReceipt(manifest, receipt) {
72
+ const receiptId = receipt.receipt_id.trim().toLowerCase();
73
+ const digest = receipt.message_digest_sha256_hex.trim().toLowerCase();
74
+ if (manifest.receipt_id.trim().toLowerCase() !== receiptId) {
75
+ throw new Error("agent receipt pdf export gate: manifest receipt_id does not match verified receipt");
76
+ }
77
+ if (manifest.message_digest_sha256_hex.trim().toLowerCase() !== digest) {
78
+ throw new Error("agent receipt pdf export gate: manifest message_digest_sha256_hex does not match verified receipt");
79
+ }
80
+ if (manifest.derived_view_label !== AGENT_RECEIPT_PDF_EXPORT_DERIVED_VIEW_LABEL) {
81
+ throw new Error(`agent receipt pdf export gate: derived_view_label must be ${JSON.stringify(AGENT_RECEIPT_PDF_EXPORT_DERIVED_VIEW_LABEL)}`);
82
+ }
83
+ const stamp = manifest.footer_stamp;
84
+ if (stamp.receipt_id.trim().toLowerCase() !== receiptId) {
85
+ throw new Error("agent receipt pdf export gate: footer_stamp receipt_id does not match verified receipt");
86
+ }
87
+ if (stamp.message_digest_sha256_hex.trim().toLowerCase() !== digest) {
88
+ throw new Error("agent receipt pdf export gate: footer_stamp message_digest_sha256_hex does not match verified receipt");
89
+ }
90
+ if (stamp.label !== AGENT_RECEIPT_PDF_EXPORT_DERIVED_VIEW_LABEL) {
91
+ throw new Error(`agent receipt pdf export gate: footer_stamp label must be ${JSON.stringify(AGENT_RECEIPT_PDF_EXPORT_DERIVED_VIEW_LABEL)}`);
92
+ }
93
+ }
94
+ /**
95
+ * Enforces the PDF export verification gate before rendering or accepting a derived PDF.
96
+ * Verify signed JSON first, bind manifest/footer stamps, optionally verify PDF bytes hash.
97
+ */
98
+ export async function gateAgentReceiptPDFExport(input) {
99
+ const receipt = await verifyAgentReceiptV1FromJSON(input.receiptJSON, input.verifyOptions);
100
+ const manifest = parseAgentReceiptPDFExportManifestJSON(input.manifestJSON);
101
+ assertManifestMatchesReceipt(manifest, receipt);
102
+ if (input.pdfBytes && manifest.pdf_sha256_hex) {
103
+ const actual = createHash("sha256").update(input.pdfBytes).digest("hex");
104
+ if (actual !== manifest.pdf_sha256_hex.trim().toLowerCase()) {
105
+ throw new Error("agent receipt pdf export gate: pdf_sha256_hex mismatch");
106
+ }
107
+ }
108
+ return { receipt, manifest };
109
+ }
@@ -0,0 +1,7 @@
1
+ import type { AgentReceiptV1 } from "./agent-receipt.js";
2
+ /** Privacy-sensitive keys that MUST NOT appear anywhere in agent receipt JSON. */
3
+ export declare const FORBIDDEN_AGENT_RECEIPT_FIELDS: readonly ["user_prompt", "system_prompt", "tool_arguments", "tool_results", "evidence_payload", "payee_signature"];
4
+ /** Reject forbidden privacy fields and validate against the published Draft 2020-12 schema. */
5
+ export declare function validateAgentReceiptJSON(value: unknown): AgentReceiptV1;
6
+ /** Parse and validate untrusted agent receipt JSON before signature verification. */
7
+ export declare function parseAgentReceiptJSON(raw: string | Uint8Array): AgentReceiptV1;
@@ -0,0 +1,63 @@
1
+ import { Ajv2020 } from "ajv/dist/2020.js";
2
+ import { readFileSync } from "node:fs";
3
+ import { dirname, join } from "node:path";
4
+ import { fileURLToPath } from "node:url";
5
+ const MODULE_DIR = dirname(fileURLToPath(import.meta.url));
6
+ const AGENT_RECEIPT_DIR = join(MODULE_DIR, "../../agent-receipt");
7
+ /** Privacy-sensitive keys that MUST NOT appear anywhere in agent receipt JSON. */
8
+ export const FORBIDDEN_AGENT_RECEIPT_FIELDS = [
9
+ "user_prompt",
10
+ "system_prompt",
11
+ "tool_arguments",
12
+ "tool_results",
13
+ "evidence_payload",
14
+ "payee_signature",
15
+ ];
16
+ let schemaValidator;
17
+ function schemaValidate() {
18
+ if (!schemaValidator) {
19
+ const ajv = new Ajv2020({ allErrors: true, strict: false });
20
+ const schema = JSON.parse(readFileSync(join(AGENT_RECEIPT_DIR, "schema.json"), "utf8"));
21
+ schemaValidator = ajv.compile(schema);
22
+ }
23
+ return schemaValidator;
24
+ }
25
+ function rejectForbiddenAgentReceiptFields(value) {
26
+ if (Array.isArray(value)) {
27
+ for (const item of value) {
28
+ rejectForbiddenAgentReceiptFields(item);
29
+ }
30
+ return;
31
+ }
32
+ if (!value || typeof value !== "object") {
33
+ return;
34
+ }
35
+ const record = value;
36
+ for (const [key, child] of Object.entries(record)) {
37
+ if (FORBIDDEN_AGENT_RECEIPT_FIELDS.includes(key)) {
38
+ throw new Error(`agent receipt: forbidden field ${JSON.stringify(key)}`);
39
+ }
40
+ rejectForbiddenAgentReceiptFields(child);
41
+ }
42
+ }
43
+ /** Reject forbidden privacy fields and validate against the published Draft 2020-12 schema. */
44
+ export function validateAgentReceiptJSON(value) {
45
+ rejectForbiddenAgentReceiptFields(value);
46
+ const validate = schemaValidate();
47
+ if (!validate(value)) {
48
+ throw new Error(`agent receipt: schema validation failed: ${JSON.stringify(validate.errors ?? [])}`);
49
+ }
50
+ return value;
51
+ }
52
+ /** Parse and validate untrusted agent receipt JSON before signature verification. */
53
+ export function parseAgentReceiptJSON(raw) {
54
+ const text = typeof raw === "string" ? raw : new TextDecoder().decode(raw);
55
+ let parsed;
56
+ try {
57
+ parsed = JSON.parse(text);
58
+ }
59
+ catch {
60
+ throw new Error("agent receipt: invalid JSON");
61
+ }
62
+ return validateAgentReceiptJSON(parsed);
63
+ }
@@ -0,0 +1,154 @@
1
+ export declare const AGENT_RECEIPT_SCHEMA_VERSION = 1;
2
+ export declare const AGENT_RECEIPT_KIND_V1 = "paybond.agent_receipt_v1";
3
+ export declare const AGENT_RECEIPT_VERSION_V1 = "1";
4
+ export declare const AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519 = "ed25519-sha256-json-v1";
5
+ export declare const AGENT_RECEIPT_SCOPE_ACTION = "action";
6
+ export declare const AGENT_RECEIPT_SCOPE_INTENT_TERMINAL = "intent_terminal";
7
+ export declare const AGENT_RECEIPT_WELL_KNOWN_PATH = "/.well-known/agent-receipt-v1.json";
8
+ export declare const AGENT_RECEIPT_SIGNING_KEYS_WELL_KNOWN_PATH = "/.well-known/agent-receipt-signing-keys.json";
9
+ /** Gateway evidence proxy header carrying Kit-verified external attestation digests. */
10
+ export declare const PAYBOND_AGENT_RECEIPT_ATTESTATIONS_HEADER = "x-paybond-agent-receipt-attestations";
11
+ /** Optional agent run id bound to the attestation header for server-side audit. */
12
+ export declare const PAYBOND_AGENT_RECEIPT_SOURCE_RUN_HEADER = "x-paybond-agent-run-id";
13
+ export type AgentReceiptAgentV1 = {
14
+ operator_did: string;
15
+ model_family: string;
16
+ model_instance_id?: string;
17
+ config_hash_sha256_hex: string;
18
+ prompt_hash_sha256_hex: string;
19
+ deployment_epoch?: number;
20
+ };
21
+ export type AgentReceiptPolicyV1 = {
22
+ template_id: string;
23
+ version_seq?: number;
24
+ content_digest_sha256_hex: string;
25
+ spend_policy_version?: number;
26
+ };
27
+ export type AgentReceiptAuthorizationV1 = {
28
+ principal_did: string;
29
+ actor_subject: string;
30
+ agent: AgentReceiptAgentV1;
31
+ decision_id: string;
32
+ audit_id?: string;
33
+ policy: AgentReceiptPolicyV1;
34
+ authorized_at: string;
35
+ requested_spend_cents: number;
36
+ currency: string;
37
+ reason_codes?: string[];
38
+ };
39
+ export type AgentReceiptExecutionV1 = {
40
+ run_id: string;
41
+ tool_call_id: string;
42
+ tool_name: string;
43
+ operation: string;
44
+ arguments_digest_sha256_hex: string;
45
+ result_digest_sha256_hex?: string;
46
+ outcome: "executed" | "denied" | "skipped" | "failed";
47
+ started_at: string;
48
+ completed_at: string;
49
+ duration_ms?: number;
50
+ };
51
+ export type AgentReceiptMerchantV1 = {
52
+ payee_did: string;
53
+ vendor_id?: string;
54
+ vendor_ref_id?: string;
55
+ };
56
+ export type AgentReceiptEvidenceV1 = {
57
+ completion_preset_id: string;
58
+ payload_digest_sha256_hex: string;
59
+ artifacts_digest_sha256_hex?: string;
60
+ predicate_passed: boolean;
61
+ payee_did: string;
62
+ payee_signature_digest_sha256_hex?: string;
63
+ };
64
+ export type AgentReceiptPaymentV1 = {
65
+ intent_id: string;
66
+ settlement_rail: string;
67
+ funding_method?: string;
68
+ funding_reference?: string;
69
+ funding_receipt_digest_sha256_hex?: string;
70
+ };
71
+ export type AgentReceiptOutcomeV1 = {
72
+ harbor_state: string;
73
+ spend_reservation_outcome?: "consumed" | "released" | "pending" | "none";
74
+ predicate_passed?: boolean;
75
+ };
76
+ export type AgentReceiptReferencesV1 = {
77
+ intent_id: string;
78
+ ledger_seq?: number;
79
+ settlement_receipt_id?: string | null;
80
+ };
81
+ export type AgentReceiptExternalAttestationV1 = {
82
+ source: string;
83
+ kind: string;
84
+ digest_sha256_hex: string;
85
+ reference_id?: string;
86
+ };
87
+ export type AgentReceiptOperatorAttestationV1 = {
88
+ operator_did: string;
89
+ signing_public_key_ed25519_hex: string;
90
+ message_digest_sha256_hex: string;
91
+ ed25519_signature_hex: string;
92
+ };
93
+ export type AgentReceiptV1 = {
94
+ schema_version: number;
95
+ kind: string;
96
+ receipt_version: string;
97
+ scope: typeof AGENT_RECEIPT_SCOPE_ACTION | typeof AGENT_RECEIPT_SCOPE_INTENT_TERMINAL;
98
+ receipt_id: string;
99
+ issued_at: string;
100
+ tenant_id: string;
101
+ authorization: AgentReceiptAuthorizationV1;
102
+ execution?: AgentReceiptExecutionV1;
103
+ merchant?: AgentReceiptMerchantV1;
104
+ evidence?: AgentReceiptEvidenceV1;
105
+ payment?: AgentReceiptPaymentV1;
106
+ outcome: AgentReceiptOutcomeV1;
107
+ references: AgentReceiptReferencesV1;
108
+ external_attestations: AgentReceiptExternalAttestationV1[];
109
+ operator_attestation?: AgentReceiptOperatorAttestationV1;
110
+ signing_algorithm: string;
111
+ message_digest_sha256_hex: string;
112
+ signing_public_key_ed25519_hex: string;
113
+ ed25519_signature_hex: string;
114
+ };
115
+ export type ConfigHashInput = {
116
+ system_prompt: string;
117
+ tools_manifest: unknown;
118
+ policy_snapshot_id: string;
119
+ };
120
+ /** Returns sha256(JCS({ system_prompt, tools_manifest, policy_snapshot_id })). */
121
+ export declare function configHashSha256Hex(input: ConfigHashInput): string;
122
+ /** Returns sha256(normalized_user_prompt). */
123
+ export declare function promptHashSha256Hex(normalizedUserPrompt: string): string;
124
+ /** Returns sha256(JCS(value)). */
125
+ export declare function valueDigestSha256Hex(value: unknown): string;
126
+ /** Returns sha256(intent_id + "\\x00" + tool_call_id) as lowercase hex. */
127
+ export declare function actionReceiptId(intentId: string, toolCallId: string): string;
128
+ /** Returns canonical signing bytes for a normalized receipt body. */
129
+ export declare function canonicalAgentReceiptBytes(receipt: AgentReceiptV1): Uint8Array;
130
+ /**
131
+ * Returns sha256(canonical receipt bytes) as lowercase hex, ignoring any existing
132
+ * `message_digest_sha256_hex` on the input. Used to compose unsigned receipt drafts
133
+ * (Agent Receipt Standard Phase 1) and to compute the digest signers must sign over.
134
+ */
135
+ export declare function agentReceiptMessageDigestSha256Hex(receipt: AgentReceiptV1): string;
136
+ /** Optional trust-anchor checks during agent receipt verification. */
137
+ export type VerifyAgentReceiptV1Options = {
138
+ /** Lowercase signing_public_key_ed25519_hex values accepted when non-empty. */
139
+ expectedSigningPublicKeys?: readonly string[];
140
+ /**
141
+ * When true, require any operator_attestation signing key to appear in
142
+ * trustedOperatorPublicKeys (e.g. tenant middleware attach recognition keys). The
143
+ * operator_did binding to authorization.agent.operator_did is always enforced.
144
+ */
145
+ verifyOperatorAgainstRegistry?: boolean;
146
+ /** Lowercase operator signing pubkeys accepted when the registry check is enabled. */
147
+ trustedOperatorPublicKeys?: readonly string[];
148
+ };
149
+ /** Validates structure, receipt_id derivation, digest, and detached Ed25519 signature. */
150
+ export declare function verifyAgentReceiptV1(receipt: AgentReceiptV1, options?: VerifyAgentReceiptV1Options): Promise<AgentReceiptV1>;
151
+ /** Validate raw JSON (schema + forbidden fields) then verify signature. */
152
+ export declare function verifyAgentReceiptV1FromJSON(raw: string | Uint8Array | Record<string, unknown>, options?: VerifyAgentReceiptV1Options): Promise<AgentReceiptV1>;
153
+ /** Attach an optional operator counter-signature over the Gateway message digest. */
154
+ export declare function attachOperatorAttestationV1(receipt: AgentReceiptV1, operatorPrivateKeyHex: string, operatorDid: string): Promise<AgentReceiptV1>;