@paybond/kit 0.11.5 → 0.11.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/README.md +1 -1
  2. package/dist/agent/interceptor.js +12 -3
  3. package/dist/cli/commands/agent.js +19 -11
  4. package/dist/cli/http-error-message.d.ts +13 -0
  5. package/dist/cli/http-error-message.js +93 -0
  6. package/dist/cli/offline-session.d.ts +9 -0
  7. package/dist/cli/offline-session.js +33 -0
  8. package/dist/cli/router.js +32 -1
  9. package/dist/gateway-retry.d.ts +16 -0
  10. package/dist/gateway-retry.js +83 -0
  11. package/dist/index.js +33 -106
  12. package/dist/mcp-server.js +1 -1
  13. package/package.json +2 -1
  14. package/templates/manifest.json +9 -9
  15. package/templates/openai-shopping-agent/package-lock.json +4 -4
  16. package/templates/openai-shopping-agent/package.json +1 -1
  17. package/templates/paybond-aws-operator/package-lock.json +4 -4
  18. package/templates/paybond-aws-operator/package.json +1 -1
  19. package/templates/paybond-claude-agents-demo/package-lock.json +4 -4
  20. package/templates/paybond-claude-agents-demo/package.json +1 -1
  21. package/templates/paybond-invoice-agent/requirements.txt +1 -1
  22. package/templates/paybond-mcp-coding-agent/package-lock.json +4 -4
  23. package/templates/paybond-mcp-coding-agent/package.json +1 -1
  24. package/templates/paybond-openai-agents-demo/package-lock.json +4 -4
  25. package/templates/paybond-openai-agents-demo/package.json +1 -1
  26. package/templates/paybond-procurement-agent/package-lock.json +4 -4
  27. package/templates/paybond-procurement-agent/package.json +1 -1
  28. package/templates/paybond-travel-agent/package-lock.json +4 -4
  29. package/templates/paybond-travel-agent/package.json +1 -1
  30. package/templates/paybond-vercel-shopping-agent/package-lock.json +4 -4
  31. package/templates/paybond-vercel-shopping-agent/package.json +1 -1
package/README.md CHANGED
@@ -70,7 +70,7 @@ npx -p @paybond/kit paybond agent sandbox smoke \
70
70
  --format json
71
71
  ```
72
72
 
73
- With `--policy-file`, Kit sends `completion_preset` from the tool's `evidence_preset` and omits `evidence_schema` and `template_id` (Gateway rejects conflicting bootstrap fields). Requires `@paybond/kit` 0.11.5+.
73
+ With `--policy-file`, Kit sends `completion_preset` from the tool's `evidence_preset` and omits `evidence_schema` and `template_id` (Gateway rejects conflicting bootstrap fields). Requires `@paybond/kit` 0.11.6+.
74
74
 
75
75
  `agent sandbox smoke` only requires `@paybond/kit`. Framework demo commands (`agent demo vercel-ai smoke`, etc.) load their optional peers on demand.
76
76
 
@@ -332,9 +332,18 @@ export class PaybondToolInterceptor {
332
332
  const toolCallId = input.toolCallId.trim();
333
333
  const operation = (input.operation ?? defaultOperation).trim();
334
334
  assertOperationAllowed(operation, this.binding.allowedTools);
335
- const requestedSpendCents = input.requestedSpendCents ??
336
- this.binding.registry.resolveSpendCents(toolName, input.arguments) ??
337
- 0;
335
+ let requestedSpendCents = input.requestedSpendCents;
336
+ if (requestedSpendCents === undefined) {
337
+ requestedSpendCents = this.binding.registry.resolveSpendCents(toolName, input.arguments);
338
+ }
339
+ if (this.binding.sandbox !== undefined) {
340
+ const sandboxSpend = this.binding.sandbox.requestedSpendCents;
341
+ requestedSpendCents =
342
+ requestedSpendCents === undefined
343
+ ? sandboxSpend
344
+ : Math.min(requestedSpendCents, sandboxSpend);
345
+ }
346
+ requestedSpendCents ??= 0;
338
347
  return {
339
348
  toolName,
340
349
  toolCallId,
@@ -748,18 +748,26 @@ export async function handleAgentSandboxSmoke(ctx, argv) {
748
748
  const bindResult = await handleAgentRunBind(ctx, bindArgv);
749
749
  smokeOperation = String(bindResult.data.operation ?? smokeOperation);
750
750
  const runId = String(bindResult.data.run_id ?? "");
751
+ const storedForExecute = await loadAgentRunContext(ctx.cwd, runId);
752
+ const executeArgv = [
753
+ ...(productionFlag.present ? ["--production"] : []),
754
+ "--run-id",
755
+ runId,
756
+ "--operation",
757
+ smokeOperation,
758
+ "--tool-call-id",
759
+ "smoke-1",
760
+ "--result-body",
761
+ JSON.stringify(resultBody),
762
+ ];
763
+ if (storedForExecute.requested_spend_cents != null) {
764
+ executeArgv.push("--requested-spend-cents", String(storedForExecute.requested_spend_cents));
765
+ }
766
+ else if (resolvedSpend) {
767
+ executeArgv.push("--requested-spend-cents", resolvedSpend);
768
+ }
751
769
  try {
752
- const executeResult = await handleAgentToolExecute(ctx, [
753
- ...(productionFlag.present ? ["--production"] : []),
754
- "--run-id",
755
- runId,
756
- "--operation",
757
- smokeOperation,
758
- "--tool-call-id",
759
- "smoke-1",
760
- "--result-body",
761
- JSON.stringify(resultBody),
762
- ]);
770
+ const executeResult = await handleAgentToolExecute(ctx, executeArgv);
763
771
  const stored = await loadAgentRunContext(ctx.cwd, runId);
764
772
  const bindForChecklist = {
765
773
  ...bindResult.data,
@@ -0,0 +1,13 @@
1
+ import type { CliErrorDetails } from "./types.js";
2
+ /**
3
+ * Summarize an HTTP error body for operator-facing CLI output.
4
+ * Never includes raw edge payloads (Cloudflare ray IDs, zones, HTML, etc.).
5
+ */
6
+ export declare function summarizeGatewayHttpError(statusCode: number, bodyText: string): {
7
+ message: string;
8
+ details: CliErrorDetails;
9
+ };
10
+ /**
11
+ * Build a CLI-safe message for SDK HTTP failures that embed raw bodies in `.message`.
12
+ */
13
+ export declare function formatSdkHttpErrorMessage(rawMessage: string, statusCode: number, bodyText: string): string;
@@ -0,0 +1,93 @@
1
+ function asRecord(value) {
2
+ return value && typeof value === "object" && !Array.isArray(value)
3
+ ? value
4
+ : undefined;
5
+ }
6
+ /**
7
+ * Summarize an HTTP error body for operator-facing CLI output.
8
+ * Never includes raw edge payloads (Cloudflare ray IDs, zones, HTML, etc.).
9
+ */
10
+ export function summarizeGatewayHttpError(statusCode, bodyText) {
11
+ const trimmed = bodyText.trim();
12
+ if (!trimmed) {
13
+ return {
14
+ message: `Gateway HTTP ${statusCode}`,
15
+ details: { gateway_status: statusCode },
16
+ };
17
+ }
18
+ try {
19
+ const body = JSON.parse(trimmed);
20
+ if (body.cloudflare_error === true) {
21
+ const retryAfter = typeof body.retry_after === "number" ? body.retry_after : undefined;
22
+ const title = typeof body.title === "string"
23
+ ? body.title.replace(/^Error \d+:\s*/i, "")
24
+ : "service temporarily unavailable";
25
+ let message = `Gateway unavailable (HTTP ${statusCode}): ${title}`;
26
+ if (retryAfter !== undefined) {
27
+ message += `. Retry after ${retryAfter} seconds.`;
28
+ }
29
+ return {
30
+ message,
31
+ details: {
32
+ gateway_status: statusCode,
33
+ ...(retryAfter !== undefined ? { retry_after: retryAfter } : {}),
34
+ },
35
+ };
36
+ }
37
+ const nested = asRecord(body.error);
38
+ if (nested) {
39
+ const gatewayCode = typeof nested.code === "string" ? nested.code : String(nested.code ?? "");
40
+ const gatewayMessage = typeof nested.message === "string" ? nested.message : "";
41
+ if (gatewayMessage) {
42
+ return {
43
+ message: gatewayMessage,
44
+ details: {
45
+ gateway_status: statusCode,
46
+ ...(gatewayCode ? { gateway_code: gatewayCode } : {}),
47
+ },
48
+ };
49
+ }
50
+ }
51
+ const flatMessage = typeof body.message === "string" ? body.message : "";
52
+ if (flatMessage) {
53
+ const gatewayCode = typeof body.code === "string" ? body.code : "";
54
+ return {
55
+ message: flatMessage,
56
+ details: {
57
+ gateway_status: statusCode,
58
+ ...(gatewayCode ? { gateway_code: gatewayCode } : {}),
59
+ },
60
+ };
61
+ }
62
+ if (typeof body.title === "string") {
63
+ const detail = typeof body.detail === "string" ? body.detail : "";
64
+ const combined = detail ? `${body.title}: ${detail}` : body.title;
65
+ const message = combined.length > 240 ? `${combined.slice(0, 237)}...` : combined;
66
+ return {
67
+ message,
68
+ details: { gateway_status: statusCode },
69
+ };
70
+ }
71
+ }
72
+ catch {
73
+ // Non-JSON bodies must not be echoed (HTML, stack traces, etc.).
74
+ }
75
+ return {
76
+ message: `Gateway HTTP ${statusCode}`,
77
+ details: { gateway_status: statusCode },
78
+ };
79
+ }
80
+ /**
81
+ * Build a CLI-safe message for SDK HTTP failures that embed raw bodies in `.message`.
82
+ */
83
+ export function formatSdkHttpErrorMessage(rawMessage, statusCode, bodyText) {
84
+ const operation = rawMessage.replace(/ HTTP \d+:[\s\S]*$/u, "").trim() || "Gateway request";
85
+ const summary = summarizeGatewayHttpError(statusCode, bodyText);
86
+ if (summary.message === `Gateway HTTP ${statusCode}`) {
87
+ return `${operation} HTTP ${statusCode}`;
88
+ }
89
+ if (summary.message.startsWith("Gateway unavailable")) {
90
+ return `${operation}: ${summary.message}`;
91
+ }
92
+ return `${operation} HTTP ${statusCode}: ${summary.message}`;
93
+ }
@@ -0,0 +1,9 @@
1
+ import type { CliContext } from "./context.js";
2
+ export type OfflineDevSession = {
3
+ ctx: CliContext;
4
+ restore: () => void;
5
+ };
6
+ /** Reject offline mode when production credentials are present in env or env file. */
7
+ export declare function assertOfflineDevCredentialsSafe(ctx: CliContext): Promise<void>;
8
+ /** Patch ctx.fetch with the in-process offline Gateway mock. */
9
+ export declare function beginOfflineDevSession(ctx: CliContext): OfflineDevSession;
@@ -0,0 +1,33 @@
1
+ import { activateOfflineDevMode, createOfflineDevGatewayFetch, isProductionApiKey, } from "../dev/offline-gateway.js";
2
+ import { loadEnvFile } from "./credentials.js";
3
+ import { CliError } from "./types.js";
4
+ function rejectOfflineWithProductionKey(apiKey) {
5
+ const trimmed = apiKey?.trim();
6
+ if (trimmed && isProductionApiKey(trimmed)) {
7
+ throw new CliError("offline dev mode cannot be used with production API keys (paybond_sk_live_...); unset PAYBOND_API_KEY or use a sandbox key", {
8
+ category: "validation",
9
+ code: "cli.dev.offline_production_key",
10
+ exitCode: 1,
11
+ });
12
+ }
13
+ }
14
+ /** Reject offline mode when production credentials are present in env or env file. */
15
+ export async function assertOfflineDevCredentialsSafe(ctx) {
16
+ rejectOfflineWithProductionKey(process.env.PAYBOND_API_KEY);
17
+ if (process.env.PAYBOND_API_KEY?.trim()) {
18
+ return;
19
+ }
20
+ const fromFile = await loadEnvFile(ctx.globals.envFile, ctx.cwd);
21
+ rejectOfflineWithProductionKey(fromFile);
22
+ }
23
+ /** Patch ctx.fetch with the in-process offline Gateway mock. */
24
+ export function beginOfflineDevSession(ctx) {
25
+ const { restore } = activateOfflineDevMode();
26
+ return {
27
+ ctx: {
28
+ ...ctx,
29
+ fetch: createOfflineDevGatewayFetch(),
30
+ },
31
+ restore,
32
+ };
33
+ }
@@ -1,4 +1,6 @@
1
+ import { HarborHttpError, SignalHttpError } from "../index.js";
1
2
  import { commandPath, createContext } from "./context.js";
3
+ import { formatSdkHttpErrorMessage, summarizeGatewayHttpError } from "./http-error-message.js";
2
4
  import { handleA2a, handleAuditExports, handleMandates, handleReceipts, handleSignal, } from "./commands/discovery.js";
3
5
  import { handleConfig, handleDoctor, handleDiagnose, handleInitCompletion, handleInitAgentMiddleware, handleInitGuardrail, handleInitWizard, handleLogin, handleMcpInstall, handleMcpServe, handleMcpTools, handleMcpVerifyConfig, handleVersion, handleWhoami, } from "./commands/setup.js";
4
6
  import { handlePolicyExtend, handlePolicyImportMcpReceipt, handlePolicyImportX402Receipt, handlePolicyInit, handlePolicyInitOrg, handlePolicyPresetsList, handlePolicyPresetsShow, handlePolicyPreview, handlePolicyTemplates, handlePolicyValidateEvidence, handlePolicyValidateTools, } from "./commands/policy.js";
@@ -13,7 +15,7 @@ import { generateRequestId } from "./request-id.js";
13
15
  import { colorize, shouldUseColor } from "./color.js";
14
16
  import { formatUnknownCommandMessage } from "./suggest.js";
15
17
  import { handleCompletionCommand, handleExamplesCommand, handleHelpCommand, handleOnboarding, } from "./ux.js";
16
- import { CliError, EXIT_SUCCESS, } from "./types.js";
18
+ import { CliError, EXIT_SUCCESS, exitCodeForHttpStatus, } from "./types.js";
17
19
  function isHelp(argv) {
18
20
  return argv.length === 0 || argv.includes("--help") || argv.includes("-h");
19
21
  }
@@ -36,6 +38,32 @@ function renderTable(command, result, globals) {
36
38
  }
37
39
  return lines;
38
40
  }
41
+ function isSdkHttpError(err) {
42
+ if (err instanceof HarborHttpError || err instanceof SignalHttpError) {
43
+ return true;
44
+ }
45
+ if (!(err instanceof Error)) {
46
+ return false;
47
+ }
48
+ const candidate = err;
49
+ return typeof candidate.statusCode === "number" && typeof candidate.bodyText === "string";
50
+ }
51
+ function sdkHttpErrorShape(err) {
52
+ const mapped = exitCodeForHttpStatus(err.statusCode);
53
+ const summary = summarizeGatewayHttpError(err.statusCode, err.bodyText);
54
+ const gatewayCode = typeof summary.details.gateway_code === "string"
55
+ ? summary.details.gateway_code
56
+ : undefined;
57
+ return {
58
+ shape: {
59
+ category: mapped.category,
60
+ code: gatewayCode || `cli.gateway.http_${err.statusCode}`,
61
+ message: formatSdkHttpErrorMessage(err.message, err.statusCode, err.bodyText),
62
+ details: summary.details,
63
+ },
64
+ exitCode: mapped.exitCode,
65
+ };
66
+ }
39
67
  function toErrorShape(err) {
40
68
  if (err instanceof CliError) {
41
69
  if (err.message === "help") {
@@ -54,6 +82,9 @@ function toErrorShape(err) {
54
82
  exitCode: err.exitCode,
55
83
  };
56
84
  }
85
+ if (isSdkHttpError(err)) {
86
+ return sdkHttpErrorShape(err);
87
+ }
57
88
  return {
58
89
  shape: {
59
90
  category: "internal",
@@ -0,0 +1,16 @@
1
+ /** True when the body is a Cloudflare-generated edge error (not Paybond gateway JSON). */
2
+ export declare function isCloudflareEdgeErrorBody(bodyText: string): boolean;
3
+ /** Whether an HTTP status/body pair should be retried by SDK gateway clients. */
4
+ export declare function shouldRetryGatewayHttpStatus(status: number, bodyText: string): boolean;
5
+ /** Inspect a response body (via clone) to decide whether to retry transient gateway errors. */
6
+ export declare function shouldRetryGatewayResponse(res: Response): Promise<boolean>;
7
+ export declare function backoffMs(attempt: number): number;
8
+ export declare function parseRetryAfterSeconds(value: string | null): number | null;
9
+ /** Prefer `Retry-After` when present; otherwise exponential backoff with jitter. */
10
+ export declare function gatewayRetryDelayMs(attempt: number, retryAfterHeader: string | null): number;
11
+ /**
12
+ * Shared 429/5xx retry loop for Paybond gateway HTTP clients.
13
+ * Skips retries on Cloudflare edge error bodies. Returns the response on success;
14
+ * otherwise throws the last network error.
15
+ */
16
+ export declare function fetchWithGatewayRetries(url: string, init: RequestInit, maxRetries: number): Promise<Response>;
@@ -0,0 +1,83 @@
1
+ /** True when the body is a Cloudflare-generated edge error (not Paybond gateway JSON). */
2
+ export function isCloudflareEdgeErrorBody(bodyText) {
3
+ const trimmed = bodyText.trim();
4
+ if (!trimmed) {
5
+ return false;
6
+ }
7
+ try {
8
+ const body = JSON.parse(trimmed);
9
+ return body.cloudflare_error === true;
10
+ }
11
+ catch {
12
+ return false;
13
+ }
14
+ }
15
+ /** Whether an HTTP status/body pair should be retried by SDK gateway clients. */
16
+ export function shouldRetryGatewayHttpStatus(status, bodyText) {
17
+ if (![429, 500, 502, 503, 504].includes(status)) {
18
+ return false;
19
+ }
20
+ if (isCloudflareEdgeErrorBody(bodyText)) {
21
+ return false;
22
+ }
23
+ return true;
24
+ }
25
+ /** Inspect a response body (via clone) to decide whether to retry transient gateway errors. */
26
+ export async function shouldRetryGatewayResponse(res) {
27
+ if (![429, 500, 502, 503, 504].includes(res.status)) {
28
+ return false;
29
+ }
30
+ const peek = await res.clone().text();
31
+ return shouldRetryGatewayHttpStatus(res.status, peek);
32
+ }
33
+ export function backoffMs(attempt) {
34
+ const base = 200 * 2 ** attempt;
35
+ const jitter = Math.random() * 100;
36
+ return Math.min(base + jitter, 5000);
37
+ }
38
+ export function parseRetryAfterSeconds(value) {
39
+ if (!value) {
40
+ return null;
41
+ }
42
+ const n = Number.parseFloat(value.trim());
43
+ if (!Number.isFinite(n)) {
44
+ return null;
45
+ }
46
+ return Math.min(n, 30);
47
+ }
48
+ /** Prefer `Retry-After` when present; otherwise exponential backoff with jitter. */
49
+ export function gatewayRetryDelayMs(attempt, retryAfterHeader) {
50
+ const raSec = parseRetryAfterSeconds(retryAfterHeader);
51
+ return raSec != null ? raSec * 1000 : backoffMs(attempt);
52
+ }
53
+ /**
54
+ * Shared 429/5xx retry loop for Paybond gateway HTTP clients.
55
+ * Skips retries on Cloudflare edge error bodies. Returns the response on success;
56
+ * otherwise throws the last network error.
57
+ */
58
+ export async function fetchWithGatewayRetries(url, init, maxRetries) {
59
+ let lastErr;
60
+ for (let attempt = 0; attempt < maxRetries; attempt++) {
61
+ let res;
62
+ try {
63
+ res = await fetch(url, init);
64
+ }
65
+ catch (e) {
66
+ lastErr = e;
67
+ if (attempt + 1 >= maxRetries) {
68
+ throw e;
69
+ }
70
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
71
+ continue;
72
+ }
73
+ if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < maxRetries) {
74
+ if (!(await shouldRetryGatewayResponse(res))) {
75
+ return res;
76
+ }
77
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
78
+ continue;
79
+ }
80
+ return res;
81
+ }
82
+ throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
83
+ }
package/dist/index.js CHANGED
@@ -6,6 +6,7 @@ import { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBindi
6
6
  import { signPayeeEvidenceBinding } from "./payee-evidence.js";
7
7
  import { PaybondAgentRunFacade, PaybondInstrumentBuilder, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondToolRegistry, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, resolveAgentPolicySource, wrapPaybondTools, } from "./agent/index.js";
8
8
  import { GatewayAgentRunTraceReporter, } from "./agent/gateway-trace-reporter.js";
9
+ import { fetchWithGatewayRetries, gatewayRetryDelayMs, shouldRetryGatewayResponse, } from "./gateway-retry.js";
9
10
  import { parsePolicyRemoteValidateResponse, policyValidateQueryString, } from "./policy/validate-remote.js";
10
11
  import { parsePolicyEffectiveResolveResponse, } from "./policy/load-effective.js";
11
12
  import { paybondPolicyPresets } from "./policy/policy-api.js";
@@ -187,19 +188,6 @@ function protocolHTTPErrorMessage(prefix, statusCode, bodyText) {
187
188
  function normalizeBase(url) {
188
189
  return requireSecureGatewayUrl(url);
189
190
  }
190
- function backoffMs(attempt) {
191
- const base = 200 * 2 ** attempt;
192
- const jitter = Math.random() * 100;
193
- return Math.min(base + jitter, 5000);
194
- }
195
- function parseRetryAfterSeconds(v) {
196
- if (!v)
197
- return null;
198
- const n = Number.parseFloat(v.trim());
199
- if (!Number.isFinite(n))
200
- return null;
201
- return Math.min(n, 30);
202
- }
203
191
  function normalizeExpectedEnvironment(value) {
204
192
  if (value === undefined)
205
193
  return null;
@@ -462,16 +450,17 @@ export class HarborClient {
462
450
  lastErr = e;
463
451
  if (attempt + 1 >= this.maxRetries)
464
452
  throw e;
465
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
453
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
466
454
  continue;
467
455
  }
468
456
  if ([429, 500, 502, 503, 504].includes(res.status)) {
469
457
  if (attempt + 1 >= this.maxRetries) {
470
458
  return res;
471
459
  }
472
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
473
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
474
- await new Promise((r) => setTimeout(r, delayMs));
460
+ if (!(await shouldRetryGatewayResponse(res))) {
461
+ return res;
462
+ }
463
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
475
464
  continue;
476
465
  }
477
466
  return res;
@@ -494,16 +483,17 @@ export class HarborClient {
494
483
  lastErr = e;
495
484
  if (attempt + 1 >= this.maxRetries)
496
485
  throw e;
497
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
486
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
498
487
  continue;
499
488
  }
500
489
  if ([429, 500, 502, 503, 504].includes(res.status)) {
501
490
  if (attempt + 1 >= this.maxRetries) {
502
491
  return res;
503
492
  }
504
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
505
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
506
- await new Promise((r) => setTimeout(r, delayMs));
493
+ if (!(await shouldRetryGatewayResponse(res))) {
494
+ return res;
495
+ }
496
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
507
497
  if (retryBodyText !== undefined) {
508
498
  init = {
509
499
  ...init,
@@ -804,28 +794,7 @@ export class GatewayHarborClient {
804
794
  return headers;
805
795
  }
806
796
  async fetchWithRetries(url, init) {
807
- let lastErr;
808
- for (let attempt = 0; attempt < this.maxRetries; attempt++) {
809
- let res;
810
- try {
811
- res = await fetch(url, init);
812
- }
813
- catch (e) {
814
- lastErr = e;
815
- if (attempt + 1 >= this.maxRetries)
816
- throw e;
817
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
818
- continue;
819
- }
820
- if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < this.maxRetries) {
821
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
822
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
823
- await new Promise((r) => setTimeout(r, delayMs));
824
- continue;
825
- }
826
- return res;
827
- }
828
- throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
797
+ return fetchWithGatewayRetries(url, init, this.maxRetries);
829
798
  }
830
799
  async postJSON(path, payload, extraHeaders) {
831
800
  return this.requestJSON("POST", path, payload, extraHeaders);
@@ -1052,28 +1021,7 @@ export class PaybondGuardrails {
1052
1021
  return headers;
1053
1022
  }
1054
1023
  async fetchWithRetries(url, init) {
1055
- let lastErr;
1056
- for (let attempt = 0; attempt < this.maxRetries; attempt++) {
1057
- let res;
1058
- try {
1059
- res = await fetch(url, init);
1060
- }
1061
- catch (e) {
1062
- lastErr = e;
1063
- if (attempt + 1 >= this.maxRetries)
1064
- throw e;
1065
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
1066
- continue;
1067
- }
1068
- if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < this.maxRetries) {
1069
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
1070
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
1071
- await new Promise((r) => setTimeout(r, delayMs));
1072
- continue;
1073
- }
1074
- return res;
1075
- }
1076
- throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
1024
+ return fetchWithGatewayRetries(url, init, this.maxRetries);
1077
1025
  }
1078
1026
  async postJSON(path, payload, options) {
1079
1027
  const url = `${this.base}${path.replace(/^\/+/, "")}`;
@@ -1118,7 +1066,7 @@ export class PaybondGuardrails {
1118
1066
  }
1119
1067
  const { res, text, url } = await this.postJSON("/v1/sandbox/guardrails/bootstrap", payload, { idempotencyKey: input.idempotencyKey });
1120
1068
  if (!res.ok) {
1121
- throw new HarborHttpError(`Gateway sandbox guardrail bootstrap HTTP ${res.status}: ${text}`, {
1069
+ throw new HarborHttpError(`Gateway sandbox guardrail bootstrap HTTP ${res.status}`, {
1122
1070
  statusCode: res.status,
1123
1071
  url,
1124
1072
  bodyText: text,
@@ -1153,7 +1101,7 @@ export class PaybondGuardrails {
1153
1101
  }
1154
1102
  const { res, text, url } = await this.postJSON(`/v1/sandbox/guardrails/${encodeURIComponent(input.intentId)}/evidence`, payload, { idempotencyKey: input.idempotencyKey });
1155
1103
  if (!res.ok) {
1156
- throw new HarborHttpError(`Gateway sandbox guardrail evidence HTTP ${res.status}: ${text}`, {
1104
+ throw new HarborHttpError(`Gateway sandbox guardrail evidence HTTP ${res.status}`, {
1157
1105
  statusCode: res.status,
1158
1106
  url,
1159
1107
  bodyText: text,
@@ -1433,16 +1381,17 @@ export class GatewaySignalClient {
1433
1381
  lastErr = e;
1434
1382
  if (attempt + 1 >= this.maxRetries)
1435
1383
  throw e;
1436
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
1384
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
1437
1385
  continue;
1438
1386
  }
1439
1387
  if ([429, 500, 502, 503, 504].includes(res.status)) {
1440
1388
  if (attempt + 1 >= this.maxRetries) {
1441
1389
  return res;
1442
1390
  }
1443
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
1444
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
1445
- await new Promise((r) => setTimeout(r, delayMs));
1391
+ if (!(await shouldRetryGatewayResponse(res))) {
1392
+ return res;
1393
+ }
1394
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
1446
1395
  continue;
1447
1396
  }
1448
1397
  return res;
@@ -1594,16 +1543,17 @@ export class GatewayFraudClient {
1594
1543
  lastErr = e;
1595
1544
  if (attempt + 1 >= this.maxRetries)
1596
1545
  throw e;
1597
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
1546
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
1598
1547
  continue;
1599
1548
  }
1600
1549
  if ([429, 500, 502, 503, 504].includes(res.status)) {
1601
1550
  if (attempt + 1 >= this.maxRetries) {
1602
1551
  return res;
1603
1552
  }
1604
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
1605
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
1606
- await new Promise((r) => setTimeout(r, delayMs));
1553
+ if (!(await shouldRetryGatewayResponse(res))) {
1554
+ return res;
1555
+ }
1556
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
1607
1557
  continue;
1608
1558
  }
1609
1559
  return res;
@@ -1875,16 +1825,17 @@ export class GatewayA2AClient {
1875
1825
  lastErr = e;
1876
1826
  if (attempt + 1 >= this.maxRetries)
1877
1827
  throw e;
1878
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
1828
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
1879
1829
  continue;
1880
1830
  }
1881
1831
  if ([429, 500, 502, 503, 504].includes(res.status)) {
1882
1832
  if (attempt + 1 >= this.maxRetries) {
1883
1833
  return res;
1884
1834
  }
1885
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
1886
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
1887
- await new Promise((r) => setTimeout(r, delayMs));
1835
+ if (!(await shouldRetryGatewayResponse(res))) {
1836
+ return res;
1837
+ }
1838
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
1888
1839
  continue;
1889
1840
  }
1890
1841
  return res;
@@ -1944,29 +1895,7 @@ export class GatewayProtocolClient {
1944
1895
  this.maxRetries = Math.max(1, init?.maxRetries ?? 3);
1945
1896
  }
1946
1897
  async fetchWithRetries(url, init) {
1947
- let lastErr;
1948
- for (let attempt = 0; attempt < this.maxRetries; attempt++) {
1949
- let res;
1950
- try {
1951
- res = await fetch(url, init);
1952
- }
1953
- catch (e) {
1954
- lastErr = e;
1955
- if (attempt + 1 >= this.maxRetries) {
1956
- throw e;
1957
- }
1958
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
1959
- continue;
1960
- }
1961
- if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < this.maxRetries) {
1962
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
1963
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
1964
- await new Promise((r) => setTimeout(r, delayMs));
1965
- continue;
1966
- }
1967
- return res;
1968
- }
1969
- throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
1898
+ return fetchWithGatewayRetries(url, init, this.maxRetries);
1970
1899
  }
1971
1900
  headers(extra) {
1972
1901
  const headers = new Headers(extra);
@@ -2132,15 +2061,13 @@ async function resolveGatewayTenantId(gatewayBaseUrl, apiKey, principalPath, max
2132
2061
  if (attempt + 1 >= maxRetries) {
2133
2062
  throw e;
2134
2063
  }
2135
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
2064
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
2136
2065
  continue;
2137
2066
  }
2138
2067
  const text = await res.text();
2139
2068
  if (!res.ok) {
2140
2069
  if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < maxRetries) {
2141
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
2142
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
2143
- await new Promise((r) => setTimeout(r, delayMs));
2070
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
2144
2071
  continue;
2145
2072
  }
2146
2073
  throw new GatewayAuthError(`gateway principal HTTP ${res.status}`, {
@@ -13,7 +13,7 @@ import { McpCapabilityTokenCache, mcpToolStoresCapabilityToken, parseMcpCapabili
13
13
  import { createMcpPolicyGatewayAdapter, McpPolicyReloadGate, parseMcpPolicyReloadConfig, } from "./mcp-policy-reload.js";
14
14
  import { DEFAULT_PAYBOND_GATEWAY_BASE_URL, GatewayFraudClient, GatewaySignalClient, } from "./index.js";
15
15
  const SERVER_NAME = "Paybond MCP";
16
- const SERVER_VERSION = "0.11.5";
16
+ const SERVER_VERSION = "0.11.6";
17
17
  const MCP_PROTOCOL_VERSION = "2025-11-25";
18
18
  const DEFAULT_PRINCIPAL_PATH = "/v1/auth/principal";
19
19
  const DEFAULT_RECOGNITION_VERIFIER_ID = "paybond-gateway";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@paybond/kit",
3
- "version": "0.11.5",
3
+ "version": "0.11.6",
4
4
  "mcpName": "io.github.nonameuserd/paybond",
5
5
  "description": "Paybond Kit for TypeScript: agent spend governance for paid tool calls with spend authorization, evidence receipts, refunds, disputes, hosted Gateway sessions, and settlement.",
6
6
  "license": "Apache-2.0",
@@ -117,6 +117,7 @@
117
117
  "test": "vitest run",
118
118
  "pack:dry-run": "npm pack --dry-run",
119
119
  "verify:release": "node ./scripts/verify-release.mjs",
120
+ "verify:template-locks": "node ./scripts/verify-template-lock-integrity.mjs",
120
121
  "prepack": "npm run build"
121
122
  },
122
123
  "peerDependencies": {
@@ -13,7 +13,7 @@
13
13
  "evidence_preset": "cost_and_completion",
14
14
  "smoke_result_body": { "status": "completed", "cost_cents": 18700 },
15
15
  "dependencies": {
16
- "@paybond/kit": "^0.11.5",
16
+ "@paybond/kit": "^0.11.6",
17
17
  "@langchain/core": "^1.2.1",
18
18
  "@langchain/langgraph": "^1.4.7",
19
19
  "zod": "^4.2.0"
@@ -33,7 +33,7 @@
33
33
  "evidence_preset": "cost_and_completion",
34
34
  "smoke_result_body": { "status": "completed", "cost_cents": 4500 },
35
35
  "dependencies": {
36
- "@paybond/kit": "^0.11.5",
36
+ "@paybond/kit": "^0.11.6",
37
37
  "ai": "^5.0.0",
38
38
  "zod": "^4.2.0"
39
39
  },
@@ -52,7 +52,7 @@
52
52
  "evidence_preset": "cost_and_completion",
53
53
  "smoke_result_body": { "status": "completed", "cost_cents": 2900 },
54
54
  "dependencies": {
55
- "@paybond/kit": "^0.11.5",
55
+ "@paybond/kit": "^0.11.6",
56
56
  "@openai/agents": "^0.4.0",
57
57
  "zod": "^4.2.0"
58
58
  },
@@ -71,7 +71,7 @@
71
71
  "evidence_preset": "cost_and_completion",
72
72
  "smoke_result_body": { "status": "completed", "cost_cents": 4500 },
73
73
  "dependencies": {
74
- "@paybond/kit": "^0.11.5",
74
+ "@paybond/kit": "^0.11.6",
75
75
  "@openai/agents": "^0.4.0",
76
76
  "zod": "^4.2.0"
77
77
  },
@@ -90,7 +90,7 @@
90
90
  "evidence_preset": "cost_and_completion",
91
91
  "smoke_result_body": { "status": "completed", "cost_cents": 18700 },
92
92
  "dependencies": {
93
- "@paybond/kit": "^0.11.5",
93
+ "@paybond/kit": "^0.11.6",
94
94
  "@anthropic-ai/claude-agent-sdk": "^0.2.100",
95
95
  "zod": "^4.2.0"
96
96
  },
@@ -110,7 +110,7 @@
110
110
  "evidence_preset": "cost_and_completion",
111
111
  "smoke_result_body": { "status": "completed", "cost_cents": 500 },
112
112
  "dependencies": {
113
- "@paybond/kit": "^0.11.5"
113
+ "@paybond/kit": "^0.11.6"
114
114
  },
115
115
  "mcp_tool_policy": "spend-write"
116
116
  },
@@ -127,7 +127,7 @@
127
127
  "evidence_preset": "cost_and_completion",
128
128
  "smoke_result_body": { "status": "completed", "cost_cents": 12000 },
129
129
  "dependencies": {
130
- "@paybond/kit": "^0.11.5"
130
+ "@paybond/kit": "^0.11.6"
131
131
  },
132
132
  "demo_mode": "generic"
133
133
  },
@@ -143,7 +143,7 @@
143
143
  "evidence_preset": "cost_and_completion",
144
144
  "smoke_result_body": { "status": "completed", "cost_cents": 12500 },
145
145
  "dependencies": {
146
- "@paybond/kit": "^0.11.5"
146
+ "@paybond/kit": "^0.11.6"
147
147
  },
148
148
  "demo_mode": "generic"
149
149
  },
@@ -159,7 +159,7 @@
159
159
  "evidence_preset": "cost_and_completion",
160
160
  "smoke_result_body": { "status": "completed", "cost_cents": 2900 },
161
161
  "python_dependencies": {
162
- "paybond-kit": ">=0.11.5",
162
+ "paybond-kit": ">=0.11.6",
163
163
  "langgraph": ">=1.2.0"
164
164
  },
165
165
  "demo_import": "paybond_kit.langgraph_sandbox_demo",
@@ -7,7 +7,7 @@
7
7
  "name": "openai-shopping-agent",
8
8
  "dependencies": {
9
9
  "@openai/agents": "^0.4.0",
10
- "@paybond/kit": "^0.11.5",
10
+ "@paybond/kit": "^0.11.6",
11
11
  "zod": "^4.2.0"
12
12
  },
13
13
  "devDependencies": {
@@ -169,9 +169,9 @@
169
169
  }
170
170
  },
171
171
  "node_modules/@paybond/kit": {
172
- "version": "0.11.5",
173
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
174
- "integrity": "sha512-Xaw0LnF/0iP7tEYqrNk/KtIjAFhBvVPezIItKeU30IZfIEnaW8iPMryw74r0IatL9uby2Ax06Icid1N5u8IaSg==",
172
+ "version": "0.11.6",
173
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.6.tgz",
174
+ "integrity": "sha512-j4MYl0iqP2XG7Y2vshOxN+tC9ZdJCjlM9burdol2z6b2r45/IpgpA2qiy0L21uLo0qaB+Q9wakoPMIlmnS1Tsg==",
175
175
  "license": "Apache-2.0",
176
176
  "dependencies": {
177
177
  "@noble/ed25519": "^2.2.1",
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation commerce.checkout --requested-spend-cents 4500 --result-body '{\"status\":\"completed\",\"cost_cents\":4500}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5",
11
+ "@paybond/kit": "^0.11.6",
12
12
  "@openai/agents": "^0.4.0",
13
13
  "zod": "^4.2.0"
14
14
  },
@@ -6,7 +6,7 @@
6
6
  "": {
7
7
  "name": "paybond-aws-operator",
8
8
  "dependencies": {
9
- "@paybond/kit": "^0.11.5"
9
+ "@paybond/kit": "^0.11.6"
10
10
  },
11
11
  "devDependencies": {
12
12
  "@types/node": "^22.10.1",
@@ -47,9 +47,9 @@
47
47
  }
48
48
  },
49
49
  "node_modules/@paybond/kit": {
50
- "version": "0.11.5",
51
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
52
- "integrity": "sha512-rU45zNsuIKzkL1YhHu5q9Mg79GSoiYg5fii+Rv4jk/4y9MDQfvn+MZAUR52Uzr71z1vBkqBo3NxgSmtQDtNDew==",
50
+ "version": "0.11.6",
51
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.6.tgz",
52
+ "integrity": "sha512-j4MYl0iqP2XG7Y2vshOxN+tC9ZdJCjlM9burdol2z6b2r45/IpgpA2qiy0L21uLo0qaB+Q9wakoPMIlmnS1Tsg==",
53
53
  "license": "Apache-2.0",
54
54
  "dependencies": {
55
55
  "@noble/ed25519": "^2.2.1",
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation aws.ec2.start_instance --requested-spend-cents 12500 --result-body '{\"status\":\"completed\",\"cost_cents\":12500}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5"
11
+ "@paybond/kit": "^0.11.6"
12
12
  },
13
13
  "devDependencies": {
14
14
  "@types/node": "^22.10.1",
@@ -7,7 +7,7 @@
7
7
  "name": "paybond-claude-agents-demo",
8
8
  "dependencies": {
9
9
  "@anthropic-ai/claude-agent-sdk": "^0.2.100",
10
- "@paybond/kit": "^0.11.5",
10
+ "@paybond/kit": "^0.11.6",
11
11
  "zod": "^4.2.0"
12
12
  },
13
13
  "devDependencies": {
@@ -260,9 +260,9 @@
260
260
  }
261
261
  },
262
262
  "node_modules/@paybond/kit": {
263
- "version": "0.11.5",
264
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
265
- "integrity": "sha512-7rWc4Qn9s1ufEsL5XcqptmgYt/+kMnp+rWvLWOsG+kif9hgjPwVwq5OfEhiWFmwFxKaseBvY95KDPcHDJgmP5A==",
263
+ "version": "0.11.6",
264
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.6.tgz",
265
+ "integrity": "sha512-j4MYl0iqP2XG7Y2vshOxN+tC9ZdJCjlM9burdol2z6b2r45/IpgpA2qiy0L21uLo0qaB+Q9wakoPMIlmnS1Tsg==",
266
266
  "license": "Apache-2.0",
267
267
  "dependencies": {
268
268
  "@noble/ed25519": "^2.2.1",
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation travel.book_hotel --requested-spend-cents 18700 --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5",
11
+ "@paybond/kit": "^0.11.6",
12
12
  "@anthropic-ai/claude-agent-sdk": "^0.2.100",
13
13
  "zod": "^4.2.0"
14
14
  },
@@ -1,2 +1,2 @@
1
- paybond-kit>=0.11.5
1
+ paybond-kit>=0.11.6
2
2
  langgraph>=1.2.0
@@ -6,7 +6,7 @@
6
6
  "": {
7
7
  "name": "paybond-mcp-coding-agent",
8
8
  "dependencies": {
9
- "@paybond/kit": "^0.11.5"
9
+ "@paybond/kit": "^0.11.6"
10
10
  },
11
11
  "devDependencies": {
12
12
  "@types/node": "^22.10.1",
@@ -47,9 +47,9 @@
47
47
  }
48
48
  },
49
49
  "node_modules/@paybond/kit": {
50
- "version": "0.11.5",
51
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
52
- "integrity": "sha512-2FMq8b++6AmgcICEfUzYnW3w2FqAjgbT9b0bslW0Fm9e5QNGbc7HwcXkVVzqJGqPySs4Ht8NtePrdEuliT0TXA==",
50
+ "version": "0.11.6",
51
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.6.tgz",
52
+ "integrity": "sha512-j4MYl0iqP2XG7Y2vshOxN+tC9ZdJCjlM9burdol2z6b2r45/IpgpA2qiy0L21uLo0qaB+Q9wakoPMIlmnS1Tsg==",
53
53
  "license": "Apache-2.0",
54
54
  "dependencies": {
55
55
  "@noble/ed25519": "^2.2.1",
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation deploy.preview --requested-spend-cents 500 --result-body '{\"status\":\"completed\",\"cost_cents\":500}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5"
11
+ "@paybond/kit": "^0.11.6"
12
12
  },
13
13
  "devDependencies": {
14
14
  "@types/node": "^22.10.1",
@@ -7,7 +7,7 @@
7
7
  "name": "paybond-openai-agents-demo",
8
8
  "dependencies": {
9
9
  "@openai/agents": "^0.4.0",
10
- "@paybond/kit": "^0.11.5",
10
+ "@paybond/kit": "^0.11.6",
11
11
  "zod": "^4.2.0"
12
12
  },
13
13
  "devDependencies": {
@@ -169,9 +169,9 @@
169
169
  }
170
170
  },
171
171
  "node_modules/@paybond/kit": {
172
- "version": "0.11.5",
173
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
174
- "integrity": "sha512-zDczNvZilk/4F1GBxCrExbSItw+E0ZlSvhSVLx9HQb8p2pYnKoA7ceapxuzXPKAc46grFyj6sXTKKob7qMtDyQ==",
172
+ "version": "0.11.6",
173
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.6.tgz",
174
+ "integrity": "sha512-j4MYl0iqP2XG7Y2vshOxN+tC9ZdJCjlM9burdol2z6b2r45/IpgpA2qiy0L21uLo0qaB+Q9wakoPMIlmnS1Tsg==",
175
175
  "license": "Apache-2.0",
176
176
  "dependencies": {
177
177
  "@noble/ed25519": "^2.2.1",
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation saas.provision_seat --requested-spend-cents 2900 --result-body '{\"status\":\"completed\",\"cost_cents\":2900}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5",
11
+ "@paybond/kit": "^0.11.6",
12
12
  "@openai/agents": "^0.4.0",
13
13
  "zod": "^4.2.0"
14
14
  },
@@ -6,7 +6,7 @@
6
6
  "": {
7
7
  "name": "paybond-procurement-agent",
8
8
  "dependencies": {
9
- "@paybond/kit": "^0.11.5"
9
+ "@paybond/kit": "^0.11.6"
10
10
  },
11
11
  "devDependencies": {
12
12
  "@types/node": "^22.10.1",
@@ -47,9 +47,9 @@
47
47
  }
48
48
  },
49
49
  "node_modules/@paybond/kit": {
50
- "version": "0.11.5",
51
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
52
- "integrity": "sha512-hcoFqLsGAlI3sQmdpA5P4SxCeH/ZawRgbUSx0+9ouJkoGVw4rfwUk2EPptjmjN27Y/4Gow/PgQA5K2ao0QX0WA==",
50
+ "version": "0.11.6",
51
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.6.tgz",
52
+ "integrity": "sha512-j4MYl0iqP2XG7Y2vshOxN+tC9ZdJCjlM9burdol2z6b2r45/IpgpA2qiy0L21uLo0qaB+Q9wakoPMIlmnS1Tsg==",
53
53
  "license": "Apache-2.0",
54
54
  "dependencies": {
55
55
  "@noble/ed25519": "^2.2.1",
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation procurement.submit_po --requested-spend-cents 12000 --result-body '{\"status\":\"completed\",\"cost_cents\":12000}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5"
11
+ "@paybond/kit": "^0.11.6"
12
12
  },
13
13
  "devDependencies": {
14
14
  "@types/node": "^22.10.1",
@@ -8,7 +8,7 @@
8
8
  "dependencies": {
9
9
  "@langchain/core": "^1.2.1",
10
10
  "@langchain/langgraph": "^1.4.7",
11
- "@paybond/kit": "^0.11.5",
11
+ "@paybond/kit": "^0.11.6",
12
12
  "zod": "^4.2.0"
13
13
  },
14
14
  "devDependencies": {
@@ -178,9 +178,9 @@
178
178
  }
179
179
  },
180
180
  "node_modules/@paybond/kit": {
181
- "version": "0.11.5",
182
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
183
- "integrity": "sha512-eyIWPe/jQGAW79+dL3eRDsEsZcWSLAP5Kq0vvULq3n9VYjHlOnmlH+erhMgkPCtX8n8P+Nm9jH7lvOSP8FXIpg==",
181
+ "version": "0.11.6",
182
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.6.tgz",
183
+ "integrity": "sha512-j4MYl0iqP2XG7Y2vshOxN+tC9ZdJCjlM9burdol2z6b2r45/IpgpA2qiy0L21uLo0qaB+Q9wakoPMIlmnS1Tsg==",
184
184
  "license": "Apache-2.0",
185
185
  "dependencies": {
186
186
  "@noble/ed25519": "^2.2.1",
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation travel.book_hotel --requested-spend-cents 18700 --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5",
11
+ "@paybond/kit": "^0.11.6",
12
12
  "@langchain/core": "^1.2.1",
13
13
  "@langchain/langgraph": "^1.4.7",
14
14
  "zod": "^4.2.0"
@@ -6,7 +6,7 @@
6
6
  "": {
7
7
  "name": "paybond-vercel-shopping-agent",
8
8
  "dependencies": {
9
- "@paybond/kit": "^0.11.5",
9
+ "@paybond/kit": "^0.11.6",
10
10
  "ai": "^5.0.0",
11
11
  "zod": "^4.2.0"
12
12
  },
@@ -104,9 +104,9 @@
104
104
  }
105
105
  },
106
106
  "node_modules/@paybond/kit": {
107
- "version": "0.11.5",
108
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
109
- "integrity": "sha512-enBWsO/QADB1wjFpG74dPoadswT/l/5qg/l5LNUSQ+8Lt7+z8TZ2E30X08lHk0eauNOhVhUCmDnSZ8Eba2g7fw==",
107
+ "version": "0.11.6",
108
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.6.tgz",
109
+ "integrity": "sha512-j4MYl0iqP2XG7Y2vshOxN+tC9ZdJCjlM9burdol2z6b2r45/IpgpA2qiy0L21uLo0qaB+Q9wakoPMIlmnS1Tsg==",
110
110
  "license": "Apache-2.0",
111
111
  "dependencies": {
112
112
  "@noble/ed25519": "^2.2.1",
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation commerce.checkout --requested-spend-cents 4500 --result-body '{\"status\":\"completed\",\"cost_cents\":4500}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5",
11
+ "@paybond/kit": "^0.11.6",
12
12
  "ai": "^5.0.0",
13
13
  "zod": "^4.2.0"
14
14
  },