@paybond/kit 0.11.11 → 0.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (132) hide show
  1. package/completion-presets/catalog.json +10 -5
  2. package/completion-presets/catalog.sha256 +1 -1
  3. package/dist/agent/evidence.d.ts +10 -0
  4. package/dist/agent/evidence.js +16 -0
  5. package/dist/agent/index.d.ts +3 -2
  6. package/dist/agent/index.js +2 -1
  7. package/dist/agent/interceptor.d.ts +9 -0
  8. package/dist/agent/interceptor.js +181 -1
  9. package/dist/agent/receipt-client.d.ts +64 -0
  10. package/dist/agent/receipt-client.js +45 -0
  11. package/dist/agent/registry.js +1 -0
  12. package/dist/agent/run.d.ts +5 -0
  13. package/dist/agent/run.js +52 -0
  14. package/dist/agent/types.d.ts +70 -0
  15. package/dist/agent-mandate.d.ts +103 -0
  16. package/dist/agent-mandate.js +423 -0
  17. package/dist/agent-receipt-external-attestations.d.ts +56 -0
  18. package/dist/agent-receipt-external-attestations.js +185 -0
  19. package/dist/agent-receipt-pdf-export.d.ts +43 -0
  20. package/dist/agent-receipt-pdf-export.js +109 -0
  21. package/dist/agent-receipt-prevalidate.d.ts +7 -0
  22. package/dist/agent-receipt-prevalidate.js +63 -0
  23. package/dist/agent-receipt.d.ts +154 -0
  24. package/dist/agent-receipt.js +639 -0
  25. package/dist/audit/exports.d.ts +15 -1
  26. package/dist/audit/exports.js +55 -8
  27. package/dist/audit/index.d.ts +2 -2
  28. package/dist/audit/wire.d.ts +12 -0
  29. package/dist/audit/wire.js +13 -1
  30. package/dist/cli/command-spec.js +54 -3
  31. package/dist/cli/commands/dev.js +10 -3
  32. package/dist/cli/commands/discovery.js +17 -6
  33. package/dist/cli/commands/setup.js +19 -1
  34. package/dist/cli/commands/shopify.d.ts +53 -0
  35. package/dist/cli/commands/shopify.js +808 -0
  36. package/dist/cli/help.d.ts +1 -1
  37. package/dist/cli/help.js +15 -5
  38. package/dist/cli/router.js +15 -1
  39. package/dist/commerce-binding.d.ts +59 -0
  40. package/dist/commerce-binding.js +129 -0
  41. package/dist/completion-catalog-digest.d.ts +1 -1
  42. package/dist/completion-catalog-digest.js +1 -1
  43. package/dist/doctor-completion.d.ts +16 -0
  44. package/dist/doctor-completion.js +157 -1
  45. package/dist/index.d.ts +108 -7
  46. package/dist/index.js +221 -18
  47. package/dist/mcp-receipt-resource.d.ts +10 -0
  48. package/dist/mcp-receipt-resource.js +32 -0
  49. package/dist/mcp-server.d.ts +7 -0
  50. package/dist/mcp-server.js +81 -1
  51. package/dist/mpp-commercial.d.ts +19 -0
  52. package/dist/mpp-commercial.js +34 -0
  53. package/dist/mpp-funding.d.ts +71 -0
  54. package/dist/mpp-funding.js +192 -0
  55. package/dist/payment-transport.d.ts +30 -0
  56. package/dist/payment-transport.js +56 -0
  57. package/dist/policy/intent-spec.js +2 -0
  58. package/dist/policy/presets.d.ts +1 -1
  59. package/dist/policy/presets.js +1 -0
  60. package/dist/principal-intent.d.ts +1 -1
  61. package/dist/principal-intent.js +4 -1
  62. package/dist/project-init.d.ts +1 -1
  63. package/dist/project-init.js +1 -0
  64. package/dist/protocol-receipt.d.ts +129 -0
  65. package/dist/protocol-receipt.js +620 -0
  66. package/dist/shopify/checkout.d.ts +29 -0
  67. package/dist/shopify/checkout.js +79 -0
  68. package/dist/shopify/evidence.d.ts +13 -0
  69. package/dist/shopify/evidence.js +85 -0
  70. package/dist/shopify/index.d.ts +8 -0
  71. package/dist/shopify/index.js +6 -0
  72. package/dist/shopify/instrument.d.ts +61 -0
  73. package/dist/shopify/instrument.js +52 -0
  74. package/dist/shopify/order.d.ts +8 -0
  75. package/dist/shopify/order.js +110 -0
  76. package/dist/shopify/types.d.ts +82 -0
  77. package/dist/shopify/types.js +4 -0
  78. package/dist/solutions/catalog.d.ts +1 -1
  79. package/dist/solutions/catalog.js +1 -1
  80. package/dist/stripe-commerce/evidence.d.ts +13 -0
  81. package/dist/stripe-commerce/evidence.js +164 -0
  82. package/dist/stripe-commerce/index.d.ts +3 -0
  83. package/dist/stripe-commerce/index.js +2 -0
  84. package/dist/stripe-commerce/metadata.d.ts +11 -0
  85. package/dist/stripe-commerce/metadata.js +34 -0
  86. package/dist/stripe-commerce/types.d.ts +38 -0
  87. package/dist/stripe-commerce/types.js +1 -0
  88. package/dist/template-init.d.ts +1 -1
  89. package/dist/template-init.js +6 -1
  90. package/package.json +1 -1
  91. package/policy/presets/stripe-commerce.yaml +19 -0
  92. package/solutions/stripe-commerce.json +19 -0
  93. package/templates/manifest.json +82 -10
  94. package/templates/openai-shopping-agent/package-lock.json +13 -13
  95. package/templates/openai-shopping-agent/src/paybond.config.ts +1 -1
  96. package/templates/paybond-aws-operator/package-lock.json +7 -7
  97. package/templates/paybond-aws-operator/src/paybond.config.ts +1 -1
  98. package/templates/paybond-claude-agents-demo/package-lock.json +10 -10
  99. package/templates/paybond-claude-agents-demo/src/paybond.config.ts +1 -1
  100. package/templates/paybond-mastra-travel-agent/package-lock.json +33 -33
  101. package/templates/paybond-mastra-travel-agent/src/paybond.config.ts +1 -1
  102. package/templates/paybond-mcp-coding-agent/package-lock.json +7 -7
  103. package/templates/paybond-mcp-coding-agent/src/paybond.config.ts +1 -1
  104. package/templates/paybond-openai-agents-demo/package-lock.json +13 -13
  105. package/templates/paybond-openai-agents-demo/src/paybond.config.ts +1 -1
  106. package/templates/paybond-procurement-agent/package-lock.json +7 -7
  107. package/templates/paybond-procurement-agent/src/paybond.config.ts +1 -1
  108. package/templates/paybond-shopify-shopping-agent/.env.example +3 -0
  109. package/templates/paybond-shopify-shopping-agent/.github/workflows/smoke.yml +20 -0
  110. package/templates/paybond-shopify-shopping-agent/LICENSE +201 -0
  111. package/templates/paybond-shopify-shopping-agent/README.md +29 -0
  112. package/templates/paybond-shopify-shopping-agent/package-lock.json +223 -0
  113. package/templates/paybond-shopify-shopping-agent/package.json +20 -0
  114. package/templates/paybond-shopify-shopping-agent/paybond.policy.yaml +22 -0
  115. package/templates/paybond-shopify-shopping-agent/src/index.ts +54 -0
  116. package/templates/paybond-shopify-shopping-agent/src/paybond.config.ts +51 -0
  117. package/templates/paybond-shopify-shopping-agent/tsconfig.json +13 -0
  118. package/templates/paybond-stripe-agent-demo/.env.example +9 -0
  119. package/templates/paybond-stripe-agent-demo/.github/workflows/smoke.yml +20 -0
  120. package/templates/paybond-stripe-agent-demo/LICENSE +201 -0
  121. package/templates/paybond-stripe-agent-demo/README.md +50 -0
  122. package/templates/paybond-stripe-agent-demo/package-lock.json +223 -0
  123. package/templates/paybond-stripe-agent-demo/package.json +20 -0
  124. package/templates/paybond-stripe-agent-demo/paybond.policy.yaml +22 -0
  125. package/templates/paybond-stripe-agent-demo/src/charge-customer.ts +237 -0
  126. package/templates/paybond-stripe-agent-demo/src/index.ts +78 -0
  127. package/templates/paybond-stripe-agent-demo/src/paybond.config.ts +51 -0
  128. package/templates/paybond-stripe-agent-demo/tsconfig.json +13 -0
  129. package/templates/paybond-travel-agent/package-lock.json +13 -13
  130. package/templates/paybond-travel-agent/src/paybond.config.ts +1 -1
  131. package/templates/paybond-vercel-shopping-agent/package-lock.json +7 -7
  132. package/templates/paybond-vercel-shopping-agent/src/paybond.config.ts +1 -1
package/dist/index.js CHANGED
@@ -4,16 +4,19 @@
4
4
  */
5
5
  import { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBinding, } from "./principal-intent.js";
6
6
  import { signPayeeEvidenceBinding } from "./payee-evidence.js";
7
- import { PaybondAgentRunFacade, PaybondInstrumentBuilder, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondToolRegistry, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, resolveAgentPolicySource, wrapPaybondTools, } from "./agent/index.js";
7
+ import { PAYBOND_AGENT_RECEIPT_ATTESTATIONS_HEADER, PAYBOND_AGENT_RECEIPT_SOURCE_RUN_HEADER, } from "./agent-receipt.js";
8
+ import { PaybondAgentRunFacade, createPaybondAgentCallable, PaybondInstrumentBuilder, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondToolRegistry, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, resolveAgentPolicySource, wrapPaybondTools, } from "./agent/index.js";
8
9
  import { GatewayAgentRunTraceReporter, } from "./agent/gateway-trace-reporter.js";
9
10
  import { fetchWithGatewayRetries, gatewayRetryDelayMs, shouldRetryGatewayResponse, } from "./gateway-retry.js";
10
11
  import { PaybondAudit, PaybondAuditExports } from "./audit/index.js";
12
+ import { formatPaymentAuthorizationValue, paymentAuthorizationGatewayHeader, readFundPaymentTransportHeaders, } from "./payment-transport.js";
11
13
  import { parsePolicyRemoteValidateResponse, policyValidateQueryString, } from "./policy/validate-remote.js";
12
14
  import { parsePolicyEffectiveResolveResponse, } from "./policy/load-effective.js";
13
15
  import { paybondPolicyPresets } from "./policy/policy-api.js";
14
16
  import { paybondSolutionPresets } from "./solutions/api.js";
15
17
  import { requireSecureGatewayUrl } from "./gateway-url.js";
16
18
  import { executeFundWithX402, } from "./x402-funding.js";
19
+ import { executeFundWithMppCharge, executeFundWithMppSession, } from "./mpp-funding.js";
17
20
  function parseVerifyCapabilityBody(body, expectedTenant, expectedIntentId) {
18
21
  const tenant = String(body.tenant ?? "");
19
22
  const intentId = String(body.intent_id ?? "");
@@ -83,6 +86,12 @@ function verifyCapabilityPayload(input) {
83
86
  payload.approval_token = input.approvalToken.trim();
84
87
  if (input.idempotencyKey?.trim())
85
88
  payload.idempotency_key = input.idempotencyKey.trim();
89
+ if (input.modelFamily?.trim())
90
+ payload.model_family = input.modelFamily.trim();
91
+ if (input.configHashHex?.trim())
92
+ payload.config_hash_hex = input.configHashHex.trim().toLowerCase();
93
+ if (input.promptHashHex?.trim())
94
+ payload.prompt_hash_hex = input.promptHashHex.trim().toLowerCase();
86
95
  return payload;
87
96
  }
88
97
  export const DEFAULT_PAYBOND_GATEWAY_BASE_URL = "https://api.paybond.ai";
@@ -469,7 +478,7 @@ export class HarborClient {
469
478
  }
470
479
  throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
471
480
  }
472
- async fetchWithRetries(url, init, { retryBody, retryBodyText, }) {
481
+ async fetchWithRetries(url, init, { retryBody, retryBodyText, appendAuthorization, } = {}) {
473
482
  let lastErr;
474
483
  for (let attempt = 0; attempt < this.maxRetries; attempt++) {
475
484
  let res;
@@ -479,6 +488,9 @@ export class HarborClient {
479
488
  for (const [k, v] of Object.entries(auth)) {
480
489
  headers.set(k, v);
481
490
  }
491
+ for (const value of appendAuthorization ?? []) {
492
+ headers.append("authorization", value);
493
+ }
482
494
  res = await fetch(url, { ...init, headers });
483
495
  }
484
496
  catch (e) {
@@ -600,11 +612,18 @@ export class HarborClient {
600
612
  if (options?.paymentSignature?.trim()) {
601
613
  headers["payment-signature"] = options.paymentSignature.trim();
602
614
  }
615
+ const appendAuthorization = options?.paymentAuthorization?.trim() !== undefined &&
616
+ options.paymentAuthorization.trim() !== ""
617
+ ? [formatPaymentAuthorizationValue(options.paymentAuthorization)]
618
+ : undefined;
603
619
  const res = await this.fetchWithRetries(url, {
604
620
  method: "POST",
605
621
  headers,
606
622
  body: "",
607
- }, { retryBodyText: "" });
623
+ }, {
624
+ retryBodyText: "",
625
+ appendAuthorization,
626
+ });
608
627
  const text = await res.text();
609
628
  if (![200, 202, 402].includes(res.status)) {
610
629
  throw new HarborHttpError(`Harbor fund intent HTTP ${res.status}: ${text}`, {
@@ -614,6 +633,7 @@ export class HarborClient {
614
633
  });
615
634
  }
616
635
  const body = assertJSONObject(JSON.parse(text));
636
+ const transport = readFundPaymentTransportHeaders(res.headers);
617
637
  const tenant = String(body.tenant ?? "");
618
638
  if (tenant !== this.tenantId) {
619
639
  throw new Error(`fund tenant mismatch: client=${this.tenantId} harbor=${tenant}`);
@@ -636,6 +656,9 @@ export class HarborClient {
636
656
  statusCode: res.status,
637
657
  paymentRequired: res.headers.get("payment-required") ?? undefined,
638
658
  paymentResponse: res.headers.get("payment-response") ?? undefined,
659
+ wwwAuthenticate: transport.wwwAuthenticate,
660
+ paymentReceipt: transport.paymentReceipt,
661
+ cacheControl: transport.cacheControl,
639
662
  intentId: echoedIntentId,
640
663
  tenant,
641
664
  state: body.state,
@@ -912,6 +935,14 @@ export class GatewayHarborClient {
912
935
  return gatewayMutationHeaders(proof, {
913
936
  ...(headers ?? {}),
914
937
  ...(options?.idempotencyKey?.trim() ? { "idempotency-key": options.idempotencyKey.trim() } : {}),
938
+ ...(options?.agentReceiptAttestations !== undefined
939
+ ? {
940
+ [PAYBOND_AGENT_RECEIPT_ATTESTATIONS_HEADER]: JSON.stringify(options.agentReceiptAttestations),
941
+ }
942
+ : {}),
943
+ ...(options?.agentReceiptSourceRunId?.trim()
944
+ ? { [PAYBOND_AGENT_RECEIPT_SOURCE_RUN_HEADER]: options.agentReceiptSourceRunId.trim() }
945
+ : {}),
915
946
  });
916
947
  }
917
948
  async verifyCapability(input) {
@@ -996,9 +1027,13 @@ export class GatewayHarborClient {
996
1027
  return JSON.parse(text);
997
1028
  }
998
1029
  async fundIntent(intentId, options) {
999
- const { res, text, url } = await this.postJSON(`/harbor/intents/${encodeURIComponent(intentId)}/fund`, {}, this.mutationHeaders("fundIntent", options, {
1030
+ const paymentHeaders = {
1000
1031
  ...(options.paymentSignature?.trim() ? { "payment-signature": options.paymentSignature.trim() } : {}),
1001
- }));
1032
+ ...(options.paymentAuthorization?.trim()
1033
+ ? paymentAuthorizationGatewayHeader(options.paymentAuthorization)
1034
+ : {}),
1035
+ };
1036
+ const { res, text, url } = await this.postJSON(`/harbor/intents/${encodeURIComponent(intentId)}/fund`, {}, this.mutationHeaders("fundIntent", options, paymentHeaders));
1002
1037
  if (![200, 202, 402].includes(res.status)) {
1003
1038
  throw new HarborHttpError(`Gateway Harbor fund intent HTTP ${res.status}: ${text}`, {
1004
1039
  statusCode: res.status,
@@ -1006,12 +1041,16 @@ export class GatewayHarborClient {
1006
1041
  bodyText: text,
1007
1042
  });
1008
1043
  }
1044
+ const transport = readFundPaymentTransportHeaders(res.headers);
1009
1045
  return parseFundIntentResponse(assertJSONObject(JSON.parse(text)), {
1010
1046
  tenantId: this.tenantId,
1011
1047
  intentId,
1012
1048
  statusCode: res.status,
1013
1049
  paymentRequired: res.headers.get("payment-required") ?? undefined,
1014
1050
  paymentResponse: res.headers.get("payment-response") ?? undefined,
1051
+ wwwAuthenticate: transport.wwwAuthenticate,
1052
+ paymentReceipt: transport.paymentReceipt,
1053
+ cacheControl: transport.cacheControl,
1015
1054
  source: "gateway",
1016
1055
  });
1017
1056
  }
@@ -1159,7 +1198,7 @@ export class PaybondGuardrails {
1159
1198
  }
1160
1199
  }
1161
1200
  const DEFAULT_PRINCIPAL_PATH = "/v1/auth/principal";
1162
- const SETTLEMENT_RAIL_VALUES = new Set(["stripe_connect", "stripe_ach_debit", "x402_usdc_base"]);
1201
+ const SETTLEMENT_RAIL_VALUES = new Set(["stripe_connect", "stripe_ach_debit", "stripe_mpp", "x402_usdc_base"]);
1163
1202
  const FRAUD_REVIEW_EVENT_TYPES = new Set([
1164
1203
  "review_open_requested",
1165
1204
  "appeal_requested",
@@ -1211,6 +1250,9 @@ function parseFundIntentResponse(body, init) {
1211
1250
  statusCode: init.statusCode,
1212
1251
  paymentRequired: init.paymentRequired,
1213
1252
  paymentResponse: init.paymentResponse,
1253
+ wwwAuthenticate: init.wwwAuthenticate,
1254
+ paymentReceipt: init.paymentReceipt,
1255
+ cacheControl: init.cacheControl,
1214
1256
  intentId: echoedIntentId,
1215
1257
  tenant,
1216
1258
  state: body.state,
@@ -1360,6 +1402,9 @@ function parseIntentFundingResult(value) {
1360
1402
  settlementRail: readSettlementRailValue(body.settlement_rail, "funding.settlement_rail"),
1361
1403
  harborFundEndpoint: readOptionalString("harbor_fund_endpoint"),
1362
1404
  status: readOptionalString("status"),
1405
+ intent: readOptionalString("intent"),
1406
+ method: readOptionalString("method"),
1407
+ challengeId: readOptionalString("challenge_id"),
1363
1408
  paymentSessionId: readOptionalString("payment_session_id"),
1364
1409
  paymentUrl: readOptionalString("payment_url"),
1365
1410
  stripePaymentIntentId: readOptionalString("stripe_payment_intent_id"),
@@ -1375,6 +1420,17 @@ function parseIntentFundingResult(value) {
1375
1420
  bankName: readOptionalString("bank_name"),
1376
1421
  asset: readOptionalString("asset"),
1377
1422
  network: readOptionalString("network"),
1423
+ settlementAsset: readOptionalString("settlement_asset"),
1424
+ settlementNetwork: readOptionalString("settlement_network"),
1425
+ channelId: readOptionalString("channel_id"),
1426
+ sessionProtocol: readOptionalString("session_protocol"),
1427
+ depositAmountBaseUnits: readOptionalString("deposit_amount_base_units"),
1428
+ acceptedCumulativeBaseUnits: readOptionalString("accepted_cumulative_base_units"),
1429
+ pendingCumulativeBaseUnits: readOptionalString("pending_cumulative_base_units"),
1430
+ descriptorHash: readOptionalString("descriptor_hash"),
1431
+ lastVoucherAt: readOptionalString("last_voucher_at"),
1432
+ lastSettleTxHash: readOptionalString("last_settle_tx_hash"),
1433
+ channelStatus: readOptionalString("channel_status"),
1378
1434
  authorizationId: readOptionalString("authorization_id"),
1379
1435
  captureId: readOptionalString("capture_id"),
1380
1436
  voidId: readOptionalString("void_id"),
@@ -2050,6 +2106,80 @@ export class GatewayProtocolClient {
2050
2106
  }
2051
2107
  return assertJSONObject(JSON.parse(text));
2052
2108
  }
2109
+ async getAgentReceiptV1ByID(receiptId) {
2110
+ const enc = encodeURIComponent(receiptId);
2111
+ const url = `${this.base}protocol/v2/agent-receipts/${enc}`;
2112
+ const res = await this.fetchWithRetries(url, {
2113
+ method: "GET",
2114
+ headers: this.headers(),
2115
+ });
2116
+ const text = await res.text();
2117
+ if (!res.ok) {
2118
+ const parsed = parseGatewayErrorEnvelope(text);
2119
+ throw new ProtocolHttpError(protocolHTTPErrorMessage("agent receipt", res.status, text), {
2120
+ statusCode: res.status,
2121
+ url,
2122
+ bodyText: text,
2123
+ errorCode: parsed.errorCode,
2124
+ errorMessage: parsed.errorMessage,
2125
+ });
2126
+ }
2127
+ const body = assertJSONObject(JSON.parse(text));
2128
+ if (String(body.receipt_id ?? "").trim() !== receiptId) {
2129
+ throw new Error(`agent receipt mismatch: requested=${receiptId} gateway=${String(body.receipt_id ?? "")}`);
2130
+ }
2131
+ if (String(body.tenant_id ?? "").trim() !== this.tenantId) {
2132
+ throw new Error(`agent receipt tenant mismatch: client=${this.tenantId} gateway=${String(body.tenant_id ?? "")}`);
2133
+ }
2134
+ return body;
2135
+ }
2136
+ async getAgentReceiptV1ByIntentToolCall(init) {
2137
+ const params = new URLSearchParams({
2138
+ intent_id: init.intentId,
2139
+ tool_call_id: init.toolCallId,
2140
+ });
2141
+ const url = `${this.base}protocol/v2/agent-receipts?${params.toString()}`;
2142
+ const res = await this.fetchWithRetries(url, {
2143
+ method: "GET",
2144
+ headers: this.headers(),
2145
+ });
2146
+ const text = await res.text();
2147
+ if (!res.ok) {
2148
+ const parsed = parseGatewayErrorEnvelope(text);
2149
+ throw new ProtocolHttpError(protocolHTTPErrorMessage("agent receipt lookup", res.status, text), {
2150
+ statusCode: res.status,
2151
+ url,
2152
+ bodyText: text,
2153
+ errorCode: parsed.errorCode,
2154
+ errorMessage: parsed.errorMessage,
2155
+ });
2156
+ }
2157
+ const body = assertJSONObject(JSON.parse(text));
2158
+ if (String(body.tenant_id ?? "").trim() !== this.tenantId) {
2159
+ throw new Error(`agent receipt tenant mismatch: client=${this.tenantId} gateway=${String(body.tenant_id ?? "")}`);
2160
+ }
2161
+ return body;
2162
+ }
2163
+ async verifyAgentReceiptV1(receipt) {
2164
+ const url = `${this.base}protocol/v2/agent-receipts/verify`;
2165
+ const res = await this.fetchWithRetries(url, {
2166
+ method: "POST",
2167
+ headers: this.headers({ "content-type": "application/json" }),
2168
+ body: JSON.stringify(receipt),
2169
+ });
2170
+ const text = await res.text();
2171
+ if (!res.ok) {
2172
+ const parsed = parseGatewayErrorEnvelope(text);
2173
+ throw new ProtocolHttpError(protocolHTTPErrorMessage("agent receipt verify", res.status, text), {
2174
+ statusCode: res.status,
2175
+ url,
2176
+ bodyText: text,
2177
+ errorCode: parsed.errorCode,
2178
+ errorMessage: parsed.errorMessage,
2179
+ });
2180
+ }
2181
+ return assertJSONObject(JSON.parse(text));
2182
+ }
2053
2183
  async createHarborIntent(init) {
2054
2184
  return this.postJSON("/harbor/intents", init.body, gatewayMutationHeaders(init.recognitionProof, {
2055
2185
  ...(init.idempotencyKey?.trim() ? { "idempotency-key": init.idempotencyKey.trim() } : {}),
@@ -2081,7 +2211,14 @@ function gatewayMutationHeaders(recognitionProof, headers) {
2081
2211
  function encodeRecognitionProofHeader(proof) {
2082
2212
  return Buffer.from(JSON.stringify(proof), "utf8").toString("base64url");
2083
2213
  }
2084
- async function resolveGatewayTenantId(gatewayBaseUrl, apiKey, principalPath, maxRetries, expectedEnvironment) {
2214
+ function readPrincipalEnvironment(actualRaw) {
2215
+ const actual = typeof actualRaw === "string" ? actualRaw.trim() : "";
2216
+ if (actual === "live" || actual === "sandbox") {
2217
+ return actual;
2218
+ }
2219
+ return null;
2220
+ }
2221
+ async function resolveGatewayPrincipal(gatewayBaseUrl, apiKey, principalPath, maxRetries, expectedEnvironment) {
2085
2222
  const base = normalizeBase(gatewayBaseUrl);
2086
2223
  const path = principalPath.startsWith("/") ? principalPath : `/${principalPath}`;
2087
2224
  const url = `${base}${path}`;
@@ -2125,10 +2262,14 @@ async function resolveGatewayTenantId(gatewayBaseUrl, apiKey, principalPath, max
2125
2262
  });
2126
2263
  }
2127
2264
  assertExpectedEnvironment("gateway principal", body.environment, expected, text);
2128
- return tenant;
2265
+ return { tenantId: tenant, environment: readPrincipalEnvironment(body.environment) };
2129
2266
  }
2130
2267
  throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
2131
2268
  }
2269
+ async function resolveGatewayTenantId(gatewayBaseUrl, apiKey, principalPath, maxRetries, expectedEnvironment) {
2270
+ const principal = await resolveGatewayPrincipal(gatewayBaseUrl, apiKey, principalPath, maxRetries, expectedEnvironment);
2271
+ return principal.tenantId;
2272
+ }
2132
2273
  /**
2133
2274
  * Read-only tenant-bound Signal session for one service-account API key.
2134
2275
  */
@@ -2217,6 +2358,7 @@ export class PaybondIntents {
2217
2358
  async fund(params) {
2218
2359
  return this.harbor.fundIntent(params.intentId, {
2219
2360
  paymentSignature: params.paymentSignature,
2361
+ paymentAuthorization: params.paymentAuthorization,
2220
2362
  idempotencyKey: params.idempotencyKey,
2221
2363
  recognitionProof: params.recognitionProof,
2222
2364
  });
@@ -2242,6 +2384,52 @@ export class PaybondIntents {
2242
2384
  }),
2243
2385
  });
2244
2386
  }
2387
+ /**
2388
+ * One-shot Stripe MPP charge fund flow: create Payment Auth credentials from 402 challenges,
2389
+ * retry with `paymentAuthorization`, and poll until funded.
2390
+ *
2391
+ * MPP wallet and SPT secrets stay app-owned — pass injectable `createPaymentCredential` and
2392
+ * `issueRecognitionProof` callbacks.
2393
+ */
2394
+ async fundWithMppCharge(params) {
2395
+ const { intentId, recognitionProof, createPaymentCredential, issueRecognitionProof, pollOptions, idempotencyKey, } = params;
2396
+ return executeFundWithMppCharge({
2397
+ intentId,
2398
+ recognitionProof,
2399
+ createPaymentCredential,
2400
+ issueRecognitionProof,
2401
+ pollOptions,
2402
+ fund: ({ recognitionProof: proof, paymentAuthorization }) => this.fund({
2403
+ intentId,
2404
+ recognitionProof: proof,
2405
+ paymentAuthorization,
2406
+ idempotencyKey,
2407
+ }),
2408
+ });
2409
+ }
2410
+ /**
2411
+ * Tempo MPP session fund flow: open a session channel deposit via Payment Auth credentials,
2412
+ * retry with `paymentAuthorization`, and poll until the intent is funded.
2413
+ *
2414
+ * MPP wallet and SPT secrets stay app-owned — pass injectable `createPaymentCredential` and
2415
+ * `issueRecognitionProof` callbacks.
2416
+ */
2417
+ async fundWithMppSession(params) {
2418
+ const { intentId, recognitionProof, createPaymentCredential, issueRecognitionProof, pollOptions, idempotencyKey, } = params;
2419
+ return executeFundWithMppSession({
2420
+ intentId,
2421
+ recognitionProof,
2422
+ createPaymentCredential,
2423
+ issueRecognitionProof,
2424
+ pollOptions,
2425
+ fund: ({ recognitionProof: proof, paymentAuthorization }) => this.fund({
2426
+ intentId,
2427
+ recognitionProof: proof,
2428
+ paymentAuthorization,
2429
+ idempotencyKey,
2430
+ }),
2431
+ });
2432
+ }
2245
2433
  /**
2246
2434
  * Sign payee evidence and POST it. `payeeSigningSeed` must be 32 bytes.
2247
2435
  */
@@ -2277,7 +2465,15 @@ export class Paybond {
2277
2465
  intents;
2278
2466
  audit;
2279
2467
  agentRun;
2280
- constructor(harbor, guardrails, signal, fraud, a2a, protocol, audit) {
2468
+ agent;
2469
+ /**
2470
+ * Deployment environment this session is bound to, as reported by the gateway principal
2471
+ * (`"live"` or `"sandbox"`), or `null` when the gateway did not report one. Server-derived —
2472
+ * prefer this over the client-supplied `expectedEnvironment` hint when gating environment-sensitive
2473
+ * behavior (for example, refusing live Stripe secrets in a sandbox-only demo).
2474
+ */
2475
+ environment;
2476
+ constructor(harbor, guardrails, signal, fraud, a2a, protocol, audit, environment) {
2281
2477
  this.harbor = harbor;
2282
2478
  this.guardrails = guardrails;
2283
2479
  this.signal = signal;
@@ -2287,12 +2483,15 @@ export class Paybond {
2287
2483
  this.intents = new PaybondIntents(harbor);
2288
2484
  this.audit = audit;
2289
2485
  this.agentRun = new PaybondAgentRunFacade(this);
2486
+ this.agent = createPaybondAgentCallable(protocol, (input) => createPaybondAgent(this, input));
2487
+ this.environment = environment;
2290
2488
  }
2291
2489
  /** Open a tenant-bound hosted Paybond session from a service-account API key. */
2292
2490
  static async open(init) {
2293
2491
  const gatewayBaseUrl = defaultGatewayBaseUrl(init.gatewayBaseUrl);
2294
2492
  const maxRetries = Math.max(1, init.maxRetries ?? 3);
2295
- const tenantId = await resolveGatewayTenantId(gatewayBaseUrl, init.apiKey, init.principalPath ?? DEFAULT_PRINCIPAL_PATH, maxRetries, init.expectedEnvironment);
2493
+ const principal = await resolveGatewayPrincipal(gatewayBaseUrl, init.apiKey, init.principalPath ?? DEFAULT_PRINCIPAL_PATH, maxRetries, init.expectedEnvironment);
2494
+ const tenantId = principal.tenantId;
2296
2495
  const harbor = new GatewayHarborClient(gatewayBaseUrl, tenantId, {
2297
2496
  staticGatewayBearerToken: init.apiKey,
2298
2497
  maxRetries,
@@ -2321,7 +2520,7 @@ export class Paybond {
2321
2520
  staticGatewayBearerToken: init.apiKey,
2322
2521
  maxRetries,
2323
2522
  }));
2324
- return new Paybond(harbor, guardrails, signal, fraud, a2a, protocol, audit);
2523
+ return new Paybond(harbor, guardrails, signal, fraud, a2a, protocol, audit, principal.environment);
2325
2524
  }
2326
2525
  /** Reserved for future HTTP client cleanup; safe to call after work completes. */
2327
2526
  async aclose() {
@@ -2373,13 +2572,6 @@ export class Paybond {
2373
2572
  instrumentMCP(input) {
2374
2573
  return instrumentPaybondMCP(this, input);
2375
2574
  }
2376
- /**
2377
- * Opinionated quickstart: resolve named policy presets (for example `travel`) or file paths,
2378
- * then instrument tools for the selected framework.
2379
- */
2380
- agent(input) {
2381
- return createPaybondAgent(this, input);
2382
- }
2383
2575
  /** Wrap tools for an existing bound run without reloading policy. */
2384
2576
  wrapTools(run, tools, options) {
2385
2577
  return wrapPaybondTools(run, tools, options);
@@ -2405,6 +2597,10 @@ export { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBindi
2405
2597
  export { artifactsDigest, evidenceSignBytesV1, signPayeeEvidenceBinding, } from "./payee-evidence.js";
2406
2598
  export { AGENT_RECOGNITION_GATEWAY_VERIFIER_ID, AGENT_RECOGNITION_PROOF_KIND_V1, AGENT_RECOGNITION_PURPOSE_CREATE, AGENT_RECOGNITION_PURPOSE_FUND, AGENT_RECOGNITION_PURPOSE_EVIDENCE_SUBMIT, newAgentRecognitionRequestEnvelope, signAgentRecognitionProofV1, signHarborCreateRecognitionProof, signHarborFundRecognitionProof, signHarborEvidenceSubmitRecognitionProof, signHarborSettlementConfirmRecognitionProof, } from "./agent-recognition.js";
2407
2599
  export { executeFundWithX402, buildX402FundRequestEnvelope, PaybondX402FundingFailedError, PaybondX402FundingPendingError, } from "./x402-funding.js";
2600
+ export { executeFundWithMpp, executeFundWithMppCharge, executeFundWithMppSession, buildMppFundRequestEnvelope, parsePaymentAuthChallenge, selectMppChargeChallenge, selectMppSessionChallenge, PaybondMppFundingFailedError, PaybondMppFundingPendingError, } from "./mpp-funding.js";
2601
+ export { buildPaybondStripeMetadata, assertNotStripeFundingWebhook, mapStripeToolResultToEvidence, STRIPE_COMMERCE_MAPPER_VERSION, PAYBOND_STRIPE_METADATA_TENANT_ID_KEY, PAYBOND_STRIPE_METADATA_INTENT_ID_KEY, PAYBOND_STRIPE_METADATA_RAIL_KEY, } from "./stripe-commerce/index.js";
2602
+ export { PAYBOND_UCP_AGENT_PROFILE_URL, PAYBOND_SHOPIFY_UCP_VERSION, SHOPIFY_COMMERCE_MAPPER_VERSION, assertNotShopifyFundingWebhook, createCheckoutWithBinding, createGuardedShopifyCheckoutHandler, getOrder, instrumentShopifyCheckout, mapShopifyToolResultToEvidence, mergeBindingIntoCheckoutPayload, toUcpCheckoutLineItems, } from "./shopify/index.js";
2603
+ export { normalizeCommerceBinding, encodeCommerceBindingToStripeMetadata, decodeCommerceBindingFromStripeMetadata, encodeCommerceBindingToShopifyNoteAttributes, decodeCommerceBindingFromShopifyNoteAttributes, PAYBOND_COMMERCE_BINDING_TENANT_ID_KEY, PAYBOND_COMMERCE_BINDING_INTENT_ID_KEY, } from "./commerce-binding.js";
2408
2604
  export { validateCompletionEvidence, } from "./completion-validate-evidence.js";
2409
2605
  export { completionSchemaDigestHex, computeVendorContractDigests, verifyVendorContract, verifyCatalogVendorContracts, } from "./completion-contract-digest.js";
2410
2606
  export { contractSnapshotForPreset, mapVendorEvidenceToCanonical, resolveCompletionPreset, } from "./completion-resolve.js";
@@ -2412,3 +2608,10 @@ export { PaybondAgentRun, PaybondAgentRunBindError, PaybondAgentRunFacade, Paybo
2412
2608
  export { PaybondAudit, PaybondAuditExports, GatewayAuditExportsClient, parseAuditExportList, parseAuditExportJobGet, verifyAuditManifest, verifyAuditBundleLocal, } from "./audit/index.js";
2413
2609
  export { PaybondPolicy, composePolicyLayers, composeBundledPresetDefault, domain, guardrails, paybondPolicyPresets, resolveComposedPresetDocument, } from "./policy/index.js";
2414
2610
  export { getSolutionSmokeDefaults, isKnownSolutionId, listSolutionIds, loadSolutionManifest, paybondSolutionPresets, } from "./solutions/index.js";
2611
+ export { appendDirectHarborPaymentAuthorization, formatPaymentAuthorizationValue, PAYBOND_PAYMENT_AUTHORIZATION_HEADER, PAYMENT_TRANSPORT_RESPONSE_HEADERS, paymentAuthorizationGatewayHeader, readFundPaymentTransportHeaders, } from "./payment-transport.js";
2612
+ export { AGENT_RECEIPT_KIND_V1, AGENT_RECEIPT_SCHEMA_VERSION, AGENT_RECEIPT_SCOPE_ACTION, AGENT_RECEIPT_SCOPE_INTENT_TERMINAL, AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519, AGENT_RECEIPT_VERSION_V1, AGENT_RECEIPT_SIGNING_KEYS_WELL_KNOWN_PATH, AGENT_RECEIPT_WELL_KNOWN_PATH, PAYBOND_AGENT_RECEIPT_ATTESTATIONS_HEADER, PAYBOND_AGENT_RECEIPT_SOURCE_RUN_HEADER, actionReceiptId, attachOperatorAttestationV1, canonicalAgentReceiptBytes, configHashSha256Hex, promptHashSha256Hex, valueDigestSha256Hex, verifyAgentReceiptV1, verifyAgentReceiptV1FromJSON, } from "./agent-receipt.js";
2613
+ export { FORBIDDEN_AGENT_RECEIPT_FIELDS, parseAgentReceiptJSON, validateAgentReceiptJSON, } from "./agent-receipt-prevalidate.js";
2614
+ export { AGENT_RECEIPT_EXTERNAL_SOURCE_AP2, AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828, AGENT_RECEIPT_EXTERNAL_SOURCE_X402, partnerRecordDigestSha256Hex, protocolAuthorizationReceiptToExternalAttestations, protocolSettlementReceiptToExternalAttestations, resolveExternalAttestations, sep2828RecordsToExternalAttestations, signedMandateToExternalAttestations, x402ReceiptToExternalAttestations, } from "./agent-receipt-external-attestations.js";
2615
+ export { AGENT_RECEIPT_PDF_EXPORT_DERIVED_VIEW_LABEL, AGENT_RECEIPT_PDF_EXPORT_MANIFEST_KIND, AGENT_RECEIPT_PDF_EXPORT_MANIFEST_SCHEMA_VERSION, FORBIDDEN_PDF_EXPORT_MANIFEST_FIELDS, gateAgentReceiptPDFExport, parseAgentReceiptPDFExportManifestJSON, validateAgentReceiptPDFExportManifestJSON, } from "./agent-receipt-pdf-export.js";
2616
+ export { AGENT_AUTHORIZATION_KIND_PRINCIPAL, AGENT_AUTHORIZATION_KIND_TENANT, AGENT_MANDATE_KIND_V1, AGENT_MANDATE_SCHEMA_VERSION, AGENT_MANDATE_SIGNING_ALGORITHM_ED25519_SHA256, CONSTRAINT_REFERENCE_KIND_POLICY, CONSTRAINT_REFERENCE_KIND_PREDICATE, HUMAN_PRESENCE_MODE_HUMAN_NOT_PRESENT, HUMAN_PRESENCE_MODE_HUMAN_PRESENT, agentMandateDigestSha256Hex, canonicalAgentMandateJsonBytes, normalizeAgentMandateV1, signAgentMandateV1, verifySignedAgentMandateV1, } from "./agent-mandate.js";
2617
+ export { PROTOCOL_AUTHORIZATION_RECEIPT_KIND_V1, PROTOCOL_RECEIPT_SCHEMA_VERSION, PROTOCOL_RECEIPT_SIGNING_ALGORITHM_ED25519_SHA256, PROTOCOL_RECEIPT_STATUS_AUTHORIZED, PROTOCOL_RECEIPT_VERSION_V1, PROTOCOL_SETTLEMENT_RECEIPT_KIND_V1, PROTOCOL_SOURCE_ACP, PROTOCOL_SOURCE_AP2, PROTOCOL_SOURCE_UCP, normalizeProtocolAuthorizationReceiptV1, normalizeProtocolSettlementReceiptV1, signProtocolAuthorizationReceiptV1, signProtocolSettlementReceiptV1, verifyProtocolAuthorizationReceiptV1, verifyProtocolSettlementReceiptV1, } from "./protocol-receipt.js";
@@ -0,0 +1,10 @@
1
+ /** MCP resource URI helpers for tenant-bound agent receipt handoff. */
2
+ export declare const MCP_AGENT_RECEIPT_RESOURCE_SCHEME = "paybond";
3
+ export declare const MCP_AGENT_RECEIPT_RESOURCE_HOST = "receipt";
4
+ export declare const MCP_AGENT_RECEIPT_RESOURCE_URI_TEMPLATE = "paybond://receipt/{receipt_id}";
5
+ export declare const MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE = "application/json";
6
+ /** Parse `paybond://receipt/{receipt_id}` into a canonical receipt id. */
7
+ export declare function parseAgentReceiptResourceUri(uri: string): string;
8
+ /** Build the MCP resource URI for one signed agent receipt id. */
9
+ export declare function agentReceiptResourceUri(receiptId: string): string;
10
+ export declare function agentReceiptResourceTemplateDefinition(): Record<string, unknown>;
@@ -0,0 +1,32 @@
1
+ /** MCP resource URI helpers for tenant-bound agent receipt handoff. */
2
+ export const MCP_AGENT_RECEIPT_RESOURCE_SCHEME = "paybond";
3
+ export const MCP_AGENT_RECEIPT_RESOURCE_HOST = "receipt";
4
+ export const MCP_AGENT_RECEIPT_RESOURCE_URI_TEMPLATE = "paybond://receipt/{receipt_id}";
5
+ export const MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE = "application/json";
6
+ const RECEIPT_URI_RE = /^paybond:\/\/receipt\/([0-9a-f]{64}|[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})$/i;
7
+ /** Parse `paybond://receipt/{receipt_id}` into a canonical receipt id. */
8
+ export function parseAgentReceiptResourceUri(uri) {
9
+ const trimmed = uri.trim();
10
+ const match = RECEIPT_URI_RE.exec(trimmed);
11
+ if (!match) {
12
+ throw new Error(`unsupported resource URI ${trimmed}; expected ${MCP_AGENT_RECEIPT_RESOURCE_URI_TEMPLATE}`);
13
+ }
14
+ return match[1].toLowerCase();
15
+ }
16
+ /** Build the MCP resource URI for one signed agent receipt id. */
17
+ export function agentReceiptResourceUri(receiptId) {
18
+ const normalized = receiptId.trim().toLowerCase();
19
+ if (!RECEIPT_URI_RE.test(`paybond://receipt/${normalized}`)) {
20
+ throw new Error("receipt_id must be a lowercase SHA-256 hex digest or canonical UUID");
21
+ }
22
+ return `paybond://receipt/${normalized}`;
23
+ }
24
+ export function agentReceiptResourceTemplateDefinition() {
25
+ return {
26
+ uriTemplate: MCP_AGENT_RECEIPT_RESOURCE_URI_TEMPLATE,
27
+ name: "paybond_agent_receipt",
28
+ title: "Paybond Agent Receipt",
29
+ description: "Signed paybond.agent_receipt_v1 JSON fetched tenant-bound from Gateway GET /protocol/v2/agent-receipts/{receipt_id}.",
30
+ mimeType: MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE,
31
+ };
32
+ }
@@ -44,6 +44,13 @@ export declare class PaybondMCPServer {
44
44
  private readonly toolPolicy;
45
45
  private initialized;
46
46
  constructor(settings: PaybondMCPSettings);
47
+ listResourceTemplates(): Array<Record<string, unknown>>;
48
+ readResource(uri: string): Promise<{
49
+ uri: string;
50
+ mimeType: string;
51
+ text: string;
52
+ _meta?: Record<string, unknown>;
53
+ }>;
47
54
  listTools(): Array<Record<string, unknown>>;
48
55
  callTool(name: string, args?: Record<string, unknown>): Promise<MCPCallToolResult>;
49
56
  handleMessage(message: JSONRPCRequest): Promise<JSONRPCResponse | null>;
@@ -11,9 +11,11 @@ import { MCP_TOOL_ALLOWLIST_ENV, MCP_TOOL_POLICY_ENV, mergeMcpToolPolicy, parseM
11
11
  import { MCP_EVIDENCE_POLICY_ENV, McpEvidenceValidationGate, completionEvidenceValidationOk, extractHarborEvidenceValidationInput, extractSandboxGuardrailValidationInput, parseMcpEvidencePolicy, } from "./mcp-evidence-policy.js";
12
12
  import { McpCapabilityTokenCache, mcpToolStoresCapabilityToken, parseMcpCapabilityTokenCacheConfig, } from "./mcp-capability-token-cache.js";
13
13
  import { createMcpPolicyGatewayAdapter, McpPolicyReloadGate, parseMcpPolicyReloadConfig, } from "./mcp-policy-reload.js";
14
+ import { verifyAgentReceiptV1FromJSON } from "./agent-receipt.js";
15
+ import { agentReceiptResourceTemplateDefinition, agentReceiptResourceUri, MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE, parseAgentReceiptResourceUri, } from "./mcp-receipt-resource.js";
14
16
  import { DEFAULT_PAYBOND_GATEWAY_BASE_URL, GatewayFraudClient, GatewaySignalClient, } from "./index.js";
15
17
  const SERVER_NAME = "Paybond MCP";
16
- const SERVER_VERSION = "0.11.11";
18
+ const SERVER_VERSION = "0.12.1";
17
19
  const MCP_PROTOCOL_VERSION = "2025-11-25";
18
20
  const DEFAULT_PRINCIPAL_PATH = "/v1/auth/principal";
19
21
  const DEFAULT_RECOGNITION_VERIFIER_ID = "paybond-gateway";
@@ -846,6 +848,22 @@ class PaybondMCPRuntime {
846
848
  "x-tenant-id": await this.tenantId(),
847
849
  });
848
850
  }
851
+ async getAgentReceiptV1(receiptId) {
852
+ const normalized = receiptId.trim().toLowerCase();
853
+ const body = await this.gateway.getJSON(`/protocol/v2/agent-receipts/${encodeURIComponent(normalized)}`, {
854
+ "x-tenant-id": await this.tenantId(),
855
+ });
856
+ const expectedTenant = await this.tenantId();
857
+ const echoedTenant = String(body.tenant_id ?? "").trim();
858
+ if (echoedTenant !== expectedTenant) {
859
+ throw new Error(`tenant mismatch: expected=${expectedTenant} gateway=${echoedTenant}`);
860
+ }
861
+ const echoedReceipt = String(body.receipt_id ?? "").trim().toLowerCase();
862
+ if (echoedReceipt !== normalized) {
863
+ throw new Error(`receipt mismatch: requested=${normalized} gateway=${echoedReceipt}`);
864
+ }
865
+ return body;
866
+ }
849
867
  async createHarborIntent(init) {
850
868
  return this.gateway.postJSON("/harbor/intents", init.body, gatewayMutationHeaders(await this.tenantId(), init.recognitionProof, optionalMutationHeaders(init.idempotencyKey)));
851
869
  }
@@ -896,6 +914,31 @@ export class PaybondMCPServer {
896
914
  this.runtime = new PaybondMCPRuntime(settings);
897
915
  this.tools = this.buildTools(settings).filter((tool) => toolAllowedByPolicy(tool.name, tool.annotations, this.toolPolicy));
898
916
  }
917
+ listResourceTemplates() {
918
+ return [agentReceiptResourceTemplateDefinition()];
919
+ }
920
+ async readResource(uri) {
921
+ const receiptId = parseAgentReceiptResourceUri(uri);
922
+ const receipt = await this.runtime.getAgentReceiptV1(receiptId);
923
+ let verified;
924
+ try {
925
+ verified = await verifyAgentReceiptV1FromJSON(receipt);
926
+ }
927
+ catch (err) {
928
+ throw new Error(`agent receipt verification failed for ${receiptId}: ${formatError(err)}`);
929
+ }
930
+ return {
931
+ uri: agentReceiptResourceUri(receiptId),
932
+ mimeType: MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE,
933
+ text: JSON.stringify(receipt, null, 2),
934
+ _meta: {
935
+ verification: {
936
+ valid: true,
937
+ message_digest: verified.message_digest_sha256_hex,
938
+ },
939
+ },
940
+ };
941
+ }
899
942
  listTools() {
900
943
  return this.tools.map((tool) => ({
901
944
  name: tool.name,
@@ -973,6 +1016,10 @@ export class PaybondMCPServer {
973
1016
  tools: {
974
1017
  listChanged: false,
975
1018
  },
1019
+ resources: {
1020
+ subscribe: false,
1021
+ listChanged: false,
1022
+ },
976
1023
  },
977
1024
  serverInfo: {
978
1025
  name: SERVER_NAME,
@@ -1002,6 +1049,39 @@ export class PaybondMCPServer {
1002
1049
  tools: this.listTools(),
1003
1050
  },
1004
1051
  };
1052
+ case "resources/list":
1053
+ return {
1054
+ jsonrpc: "2.0",
1055
+ id: message.id,
1056
+ result: {
1057
+ resources: [],
1058
+ },
1059
+ };
1060
+ case "resources/templates/list":
1061
+ return {
1062
+ jsonrpc: "2.0",
1063
+ id: message.id,
1064
+ result: {
1065
+ resourceTemplates: this.listResourceTemplates(),
1066
+ },
1067
+ };
1068
+ case "resources/read": {
1069
+ const params = ensureObject(message.params, "resources/read params");
1070
+ const uri = stringArg(params.uri, "uri");
1071
+ try {
1072
+ const contents = await this.readResource(uri);
1073
+ return {
1074
+ jsonrpc: "2.0",
1075
+ id: message.id,
1076
+ result: {
1077
+ contents: [contents],
1078
+ },
1079
+ };
1080
+ }
1081
+ catch (err) {
1082
+ return responseError(message.id, -32000, formatError(err));
1083
+ }
1084
+ }
1005
1085
  case "tools/call": {
1006
1086
  const params = ensureObject(message.params, "tools/call params");
1007
1087
  const name = stringArg(params.name, "name");
@@ -0,0 +1,19 @@
1
+ /**
2
+ * MPP commercial denomination helpers for Paybond MVP.
3
+ *
4
+ * Paybond intent commercial fields remain USD-denominated (`amount_cents`, `currency`).
5
+ * Tempo session deposits use USDC base units (6 decimals): `amount_cents * 10_000`.
6
+ */
7
+ import type { SettlementRail } from "./principal-intent.js";
8
+ /** USDC uses 6 decimal places; one USD cent maps to 10_000 base units. */
9
+ export declare const USDC_BASE_UNITS_PER_USD_CENT = 10000;
10
+ /** Rails that require USD-denominated commercial intent fields for MVP. */
11
+ export declare const USD_DENOMINATED_SETTLEMENT_RAILS: Set<SettlementRail>;
12
+ /**
13
+ * Rejects non-USD intents on rails that remain USD-denominated for MVP.
14
+ */
15
+ export declare function validateUsdDenominatedSettlement(settlementRail: SettlementRail, currency: string): void;
16
+ /**
17
+ * Converts Paybond USD cents to Tempo USDC base units.
18
+ */
19
+ export declare function usdCentsToUsdcBaseUnits(amountCents: number): bigint;