@paybond/kit 0.11.5 → 0.11.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/README.md +1 -1
  2. package/dist/agent/interceptor.js +12 -3
  3. package/dist/cli/agent-harbor-evidence-smoke-checklist.d.ts +7 -0
  4. package/dist/cli/agent-harbor-evidence-smoke-checklist.js +23 -0
  5. package/dist/cli/agent-production-attach-smoke-checklist.d.ts +7 -0
  6. package/dist/cli/agent-production-attach-smoke-checklist.js +30 -0
  7. package/dist/cli/command-spec.js +13 -4
  8. package/dist/cli/commands/agent.d.ts +2 -0
  9. package/dist/cli/commands/agent.js +236 -15
  10. package/dist/cli/commands/setup.d.ts +11 -1
  11. package/dist/cli/commands/setup.js +42 -9
  12. package/dist/cli/help.js +2 -0
  13. package/dist/cli/http-error-message.d.ts +18 -0
  14. package/dist/cli/http-error-message.js +148 -0
  15. package/dist/cli/offline-session.d.ts +9 -0
  16. package/dist/cli/offline-session.js +33 -0
  17. package/dist/cli/router.js +36 -2
  18. package/dist/cli.js +15 -1
  19. package/dist/gateway-retry.d.ts +16 -0
  20. package/dist/gateway-retry.js +83 -0
  21. package/dist/index.d.ts +1 -1
  22. package/dist/index.js +34 -107
  23. package/dist/mcp-server.js +7 -8
  24. package/dist/payee-evidence.d.ts +9 -0
  25. package/dist/payee-evidence.js +12 -0
  26. package/package.json +2 -1
  27. package/templates/manifest.json +9 -9
  28. package/templates/openai-shopping-agent/package-lock.json +7 -7
  29. package/templates/openai-shopping-agent/package.json +1 -1
  30. package/templates/paybond-aws-operator/package-lock.json +4 -4
  31. package/templates/paybond-aws-operator/package.json +1 -1
  32. package/templates/paybond-claude-agents-demo/package-lock.json +7 -7
  33. package/templates/paybond-claude-agents-demo/package.json +1 -1
  34. package/templates/paybond-invoice-agent/requirements.txt +1 -1
  35. package/templates/paybond-mcp-coding-agent/package-lock.json +4 -4
  36. package/templates/paybond-mcp-coding-agent/package.json +1 -1
  37. package/templates/paybond-openai-agents-demo/package-lock.json +7 -7
  38. package/templates/paybond-openai-agents-demo/package.json +1 -1
  39. package/templates/paybond-procurement-agent/package-lock.json +4 -4
  40. package/templates/paybond-procurement-agent/package.json +1 -1
  41. package/templates/paybond-travel-agent/package-lock.json +7 -7
  42. package/templates/paybond-travel-agent/package.json +1 -1
  43. package/templates/paybond-vercel-shopping-agent/package-lock.json +4 -4
  44. package/templates/paybond-vercel-shopping-agent/package.json +1 -1
package/README.md CHANGED
@@ -70,7 +70,7 @@ npx -p @paybond/kit paybond agent sandbox smoke \
70
70
  --format json
71
71
  ```
72
72
 
73
- With `--policy-file`, Kit sends `completion_preset` from the tool's `evidence_preset` and omits `evidence_schema` and `template_id` (Gateway rejects conflicting bootstrap fields). Requires `@paybond/kit` 0.11.5+.
73
+ With `--policy-file`, Kit sends `completion_preset` from the tool's `evidence_preset` and omits `evidence_schema` and `template_id` (Gateway rejects conflicting bootstrap fields). Requires `@paybond/kit` 0.11.7+.
74
74
 
75
75
  `agent sandbox smoke` only requires `@paybond/kit`. Framework demo commands (`agent demo vercel-ai smoke`, etc.) load their optional peers on demand.
76
76
 
@@ -332,9 +332,18 @@ export class PaybondToolInterceptor {
332
332
  const toolCallId = input.toolCallId.trim();
333
333
  const operation = (input.operation ?? defaultOperation).trim();
334
334
  assertOperationAllowed(operation, this.binding.allowedTools);
335
- const requestedSpendCents = input.requestedSpendCents ??
336
- this.binding.registry.resolveSpendCents(toolName, input.arguments) ??
337
- 0;
335
+ let requestedSpendCents = input.requestedSpendCents;
336
+ if (requestedSpendCents === undefined) {
337
+ requestedSpendCents = this.binding.registry.resolveSpendCents(toolName, input.arguments);
338
+ }
339
+ if (this.binding.sandbox !== undefined) {
340
+ const sandboxSpend = this.binding.sandbox.requestedSpendCents;
341
+ requestedSpendCents =
342
+ requestedSpendCents === undefined
343
+ ? sandboxSpend
344
+ : Math.min(requestedSpendCents, sandboxSpend);
345
+ }
346
+ requestedSpendCents ??= 0;
338
347
  return {
339
348
  toolName,
340
349
  toolCallId,
@@ -0,0 +1,7 @@
1
+ import type { GlobalOptions } from "./types.js";
2
+ /** Build human-readable harbor proxy evidence smoke checklist lines for `--format table`. */
3
+ export declare function formatAgentHarborEvidenceSmokeChecklist(options: {
4
+ intentId: string;
5
+ evidence: Record<string, unknown>;
6
+ globals: GlobalOptions;
7
+ }): string[];
@@ -0,0 +1,23 @@
1
+ import { colorize, shouldUseColor } from "./color.js";
2
+ /** Build human-readable harbor proxy evidence smoke checklist lines for `--format table`. */
3
+ export function formatAgentHarborEvidenceSmokeChecklist(options) {
4
+ const useColor = shouldUseColor(options.globals);
5
+ const mark = (line) => {
6
+ if (line.startsWith("✓") || line === "Success") {
7
+ return colorize(line, "green", useColor);
8
+ }
9
+ return line;
10
+ };
11
+ const lines = [];
12
+ const intentId = options.intentId.trim();
13
+ if (intentId) {
14
+ lines.push(mark(`✓ Intent ${intentId}`));
15
+ }
16
+ lines.push(mark("✓ POST /harbor/intents/{id}/evidence (Kit payee + recognition proof)"));
17
+ const predicatePassed = options.evidence.predicate_passed ?? options.evidence.predicatePassed;
18
+ if (predicatePassed === true) {
19
+ lines.push(mark("✓ Harbor accepted evidence (no recognition replay at upstream)"));
20
+ }
21
+ lines.push(mark("Success"));
22
+ return lines;
23
+ }
@@ -0,0 +1,7 @@
1
+ import type { GlobalOptions } from "./types.js";
2
+ /** Build human-readable production attach smoke checklist lines for `--format table`. */
3
+ export declare function formatAgentProductionAttachSmokeChecklist(options: {
4
+ bind: Record<string, unknown>;
5
+ execute: Record<string, unknown>;
6
+ globals: GlobalOptions;
7
+ }): string[];
@@ -0,0 +1,30 @@
1
+ import { colorize, shouldUseColor } from "./color.js";
2
+ /** Build human-readable production attach smoke checklist lines for `--format table`. */
3
+ export function formatAgentProductionAttachSmokeChecklist(options) {
4
+ const useColor = shouldUseColor(options.globals);
5
+ const mark = (line) => {
6
+ if (line.startsWith("✓") || line === "Success") {
7
+ return colorize(line, "green", useColor);
8
+ }
9
+ return line;
10
+ };
11
+ const lines = [];
12
+ const intentId = String(options.bind.intent_id ?? "").trim();
13
+ if (intentId) {
14
+ lines.push(mark(`✓ Production attach bound (${intentId})`));
15
+ }
16
+ const operation = String(options.bind.operation ?? "").trim();
17
+ if (operation) {
18
+ lines.push(mark(`✓ Tool call: ${operation}`));
19
+ }
20
+ const authorization = options.execute.authorization;
21
+ if (authorization?.allow) {
22
+ lines.push(mark("✓ Spend approved"));
23
+ }
24
+ const evidence = options.execute.evidence;
25
+ if (evidence?.submitted) {
26
+ lines.push(mark("✓ Harbor evidence submitted (/harbor/* + recognition)"));
27
+ }
28
+ lines.push(mark("Success"));
29
+ return lines;
30
+ }
@@ -67,6 +67,8 @@ export const COMMAND_PATHS = [
67
67
  "agent tool validate",
68
68
  "agent registry validate",
69
69
  "agent sandbox smoke",
70
+ "agent production attach smoke",
71
+ "agent harbor evidence smoke",
70
72
  "agent demo vercel-ai smoke",
71
73
  "agent demo langgraph smoke",
72
74
  "agent demo generic smoke",
@@ -341,6 +343,12 @@ export const COMMAND_EXAMPLES = {
341
343
  "paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json",
342
344
  "paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json"
343
345
  ],
346
+ "agent production attach smoke": [
347
+ "paybond agent production attach smoke --attach-intent-id <intent-id> --capability-token <token> --operation paid-tool --requested-spend-cents 100 --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json"
348
+ ],
349
+ "agent harbor evidence smoke": [
350
+ "paybond agent harbor evidence smoke --intent-id <intent-id> --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json"
351
+ ],
344
352
  "agent demo vercel-ai smoke": [
345
353
  "paybond agent demo vercel-ai smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json"
346
354
  ],
@@ -470,7 +478,8 @@ export const COMPLETIONS = {
470
478
  "run",
471
479
  "tool",
472
480
  "registry",
473
- "sandbox"
481
+ "sandbox",
482
+ "production"
474
483
  ],
475
484
  "audit": [
476
485
  "exports"
@@ -605,7 +614,7 @@ export const WORKFLOWS = [
605
614
  ];
606
615
  export const DOCS_BASE_URL = "https://docs.paybond.ai/kit";
607
616
  export const COMPLETION_SCRIPTS = {
608
- "bash": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n_paybond_completion() {\n local cur prev words cword\n COMPREPLY=()\n cur=\"${COMP_WORDS[COMP_CWORD]}\"\n prev=\"${COMP_WORDS[COMP_CWORD-1]}\"\n\n if [[ $COMP_CWORD -eq 1 ]]; then\n COMPREPLY=($(compgen -W \"onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\" -- \"$cur\"))\n return 0\n fi\n\n case \"${COMP_WORDS[1]}\" in\n init) COMPREPLY=($(compgen -W \"guardrail completion agent-middleware\" -- \"$cur\")) ;;\n mcp) COMPREPLY=($(compgen -W \"serve install verify-config tools\" -- \"$cur\")) ;;\n dev) COMPREPLY=($(compgen -W \"smoke trace loop up\" -- \"$cur\")) ;;\n config) COMPREPLY=($(compgen -W \"get set unset list\" -- \"$cur\")) ;;\n keys) COMPREPLY=($(compgen -W \"list create rotate revoke\" -- \"$cur\")) ;;\n intents) COMPREPLY=($(compgen -W \"list get create fund evidence settlement-confirm\" -- \"$cur\")) ;;\n guardrails) COMPREPLY=($(compgen -W \"bootstrap evidence\" -- \"$cur\")) ;;\n spend) COMPREPLY=($(compgen -W \"authorize\" -- \"$cur\")) ;;\n signal) COMPREPLY=($(compgen -W \"reputation portfolio fraud\" -- \"$cur\")) ;;\n receipts) COMPREPLY=($(compgen -W \"get verify\" -- \"$cur\")) ;;\n mandates) COMPREPLY=($(compgen -W \"verify import\" -- \"$cur\")) ;;\n a2a) COMPREPLY=($(compgen -W \"card contracts\" -- \"$cur\")) ;;\n policy) COMPREPLY=($(compgen -W \"init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\" -- \"$cur\")) ;;\n agent) COMPREPLY=($(compgen -W \"run tool registry sandbox\" -- \"$cur\")) ;;\n audit) COMPREPLY=($(compgen -W \"exports\" -- \"$cur\")) ;;\n completion) COMPREPLY=($(compgen -W \"bash zsh fish\" -- \"$cur\")) ;;\n init completion preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n policy preview preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n guardrails bootstrap completion-preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n *) ;;\n esac\n}\ncomplete -F _paybond_completion paybond\n",
609
- "zsh": "#compdef paybond\n# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n\n_paybond() {\n local -a commands\n commands=(\n 'onboarding' 'help' 'examples' 'completion' 'login' 'init' 'mcp' 'doctor' 'dev' 'version' 'diagnose' 'config' 'whoami' 'keys' 'intents' 'guardrails' 'spend' 'signal' 'receipts' 'mandates' 'a2a' 'policy' 'audit' 'agent'\n )\n _arguments -C \\\n '(--gateway)--gateway[Gateway base URL]:url:' \\\n '(--env-file)--env-file[Local secrets file]:path:_files' \\\n '(--format)--format[Output format]:(table json)' \\\n '(--color)--color[Color mode]:(auto always never)' \\\n '--no-color[Disable color output]' \\\n '1: :->command' \\\n '*::arg:->args'\n\n case $state in\n command)\n _describe -t commands 'paybond commands' commands\n ;;\n args)\n case $words[1] in\n 'init:subcommand:(guardrail completion agent-middleware)'\n 'mcp:subcommand:(serve install verify-config tools)'\n 'dev:subcommand:(smoke trace loop up)'\n 'config:subcommand:(get set unset list)'\n 'keys:subcommand:(list create rotate revoke)'\n 'intents:subcommand:(list get create fund evidence settlement-confirm)'\n 'guardrails:subcommand:(bootstrap evidence)'\n 'spend:subcommand:(authorize)'\n 'signal:subcommand:(reputation portfolio fraud)'\n 'receipts:subcommand:(get verify)'\n 'mandates:subcommand:(verify import)'\n 'a2a:subcommand:(card contracts)'\n 'policy:subcommand:(init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence)'\n 'agent:subcommand:(run tool registry sandbox)'\n 'audit:subcommand:(exports)'\n 'completion:subcommand:(bash zsh fish)'\n 'init completion preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n 'policy preview preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n 'guardrails bootstrap completion-preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n esac\n ;;\n esac\n}\n\ncompdef _paybond paybond\n",
610
- "fish": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\ncomplete -c paybond -f\ncomplete -c paybond -l gateway -d 'Gateway base URL'\ncomplete -c paybond -l env-file -d 'Local secrets file' -r\ncomplete -c paybond -l format -d 'Output format' -xa 'table json'\ncomplete -c paybond -l color -d 'Color mode' -xa 'auto always never'\ncomplete -c paybond -l no-color -d 'Disable color output'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'onboarding'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'help'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'examples'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'completion'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'login'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'init'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mcp'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'doctor'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'dev'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'version'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'diagnose'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'config'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'whoami'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'keys'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'intents'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'guardrails'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'spend'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'signal'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'receipts'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mandates'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'a2a'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'policy'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'audit'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'agent'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'guardrail'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'agent-middleware'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'serve'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'install'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'verify-config'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'smoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'trace'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'loop'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'up'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'set'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'unset'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'rotate'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'revoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'fund'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'settlement-confirm'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'bootstrap'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from spend' -a 'authorize'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'reputation'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'portfolio'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'fraud'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'import'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'card'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'contracts'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'init'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'templates'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'preview'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-mcp-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-x402-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'run'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'tool'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'registry'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'sandbox'\ncomplete -c paybond -n '__fish_seen_subcommand_from audit' -a 'exports'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'bash'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'zsh'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'fish'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_cost_and_completion'\n"
617
+ "bash": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n_paybond_completion() {\n local cur prev words cword\n COMPREPLY=()\n cur=\"${COMP_WORDS[COMP_CWORD]}\"\n prev=\"${COMP_WORDS[COMP_CWORD-1]}\"\n\n if [[ $COMP_CWORD -eq 1 ]]; then\n COMPREPLY=($(compgen -W \"onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\" -- \"$cur\"))\n return 0\n fi\n\n case \"${COMP_WORDS[1]}\" in\n init) COMPREPLY=($(compgen -W \"guardrail completion agent-middleware\" -- \"$cur\")) ;;\n mcp) COMPREPLY=($(compgen -W \"serve install verify-config tools\" -- \"$cur\")) ;;\n dev) COMPREPLY=($(compgen -W \"smoke trace loop up\" -- \"$cur\")) ;;\n config) COMPREPLY=($(compgen -W \"get set unset list\" -- \"$cur\")) ;;\n keys) COMPREPLY=($(compgen -W \"list create rotate revoke\" -- \"$cur\")) ;;\n intents) COMPREPLY=($(compgen -W \"list get create fund evidence settlement-confirm\" -- \"$cur\")) ;;\n guardrails) COMPREPLY=($(compgen -W \"bootstrap evidence\" -- \"$cur\")) ;;\n spend) COMPREPLY=($(compgen -W \"authorize\" -- \"$cur\")) ;;\n signal) COMPREPLY=($(compgen -W \"reputation portfolio fraud\" -- \"$cur\")) ;;\n receipts) COMPREPLY=($(compgen -W \"get verify\" -- \"$cur\")) ;;\n mandates) COMPREPLY=($(compgen -W \"verify import\" -- \"$cur\")) ;;\n a2a) COMPREPLY=($(compgen -W \"card contracts\" -- \"$cur\")) ;;\n policy) COMPREPLY=($(compgen -W \"init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\" -- \"$cur\")) ;;\n agent) COMPREPLY=($(compgen -W \"run tool registry sandbox production\" -- \"$cur\")) ;;\n audit) COMPREPLY=($(compgen -W \"exports\" -- \"$cur\")) ;;\n completion) COMPREPLY=($(compgen -W \"bash zsh fish\" -- \"$cur\")) ;;\n init completion preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n policy preview preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n guardrails bootstrap completion-preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n *) ;;\n esac\n}\ncomplete -F _paybond_completion paybond\n",
618
+ "zsh": "#compdef paybond\n# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n\n_paybond() {\n local -a commands\n commands=(\n 'onboarding' 'help' 'examples' 'completion' 'login' 'init' 'mcp' 'doctor' 'dev' 'version' 'diagnose' 'config' 'whoami' 'keys' 'intents' 'guardrails' 'spend' 'signal' 'receipts' 'mandates' 'a2a' 'policy' 'audit' 'agent'\n )\n _arguments -C \\\n '(--gateway)--gateway[Gateway base URL]:url:' \\\n '(--env-file)--env-file[Local secrets file]:path:_files' \\\n '(--format)--format[Output format]:(table json)' \\\n '(--color)--color[Color mode]:(auto always never)' \\\n '--no-color[Disable color output]' \\\n '1: :->command' \\\n '*::arg:->args'\n\n case $state in\n command)\n _describe -t commands 'paybond commands' commands\n ;;\n args)\n case $words[1] in\n 'init:subcommand:(guardrail completion agent-middleware)'\n 'mcp:subcommand:(serve install verify-config tools)'\n 'dev:subcommand:(smoke trace loop up)'\n 'config:subcommand:(get set unset list)'\n 'keys:subcommand:(list create rotate revoke)'\n 'intents:subcommand:(list get create fund evidence settlement-confirm)'\n 'guardrails:subcommand:(bootstrap evidence)'\n 'spend:subcommand:(authorize)'\n 'signal:subcommand:(reputation portfolio fraud)'\n 'receipts:subcommand:(get verify)'\n 'mandates:subcommand:(verify import)'\n 'a2a:subcommand:(card contracts)'\n 'policy:subcommand:(init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence)'\n 'agent:subcommand:(run tool registry sandbox production)'\n 'audit:subcommand:(exports)'\n 'completion:subcommand:(bash zsh fish)'\n 'init completion preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n 'policy preview preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n 'guardrails bootstrap completion-preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n esac\n ;;\n esac\n}\n\ncompdef _paybond paybond\n",
619
+ "fish": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\ncomplete -c paybond -f\ncomplete -c paybond -l gateway -d 'Gateway base URL'\ncomplete -c paybond -l env-file -d 'Local secrets file' -r\ncomplete -c paybond -l format -d 'Output format' -xa 'table json'\ncomplete -c paybond -l color -d 'Color mode' -xa 'auto always never'\ncomplete -c paybond -l no-color -d 'Disable color output'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'onboarding'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'help'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'examples'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'completion'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'login'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'init'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mcp'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'doctor'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'dev'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'version'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'diagnose'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'config'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'whoami'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'keys'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'intents'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'guardrails'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'spend'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'signal'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'receipts'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mandates'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'a2a'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'policy'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'audit'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'agent'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'guardrail'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'agent-middleware'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'serve'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'install'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'verify-config'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'smoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'trace'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'loop'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'up'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'set'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'unset'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'rotate'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'revoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'fund'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'settlement-confirm'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'bootstrap'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from spend' -a 'authorize'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'reputation'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'portfolio'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'fraud'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'import'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'card'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'contracts'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'init'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'templates'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'preview'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-mcp-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-x402-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'run'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'tool'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'registry'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'sandbox'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'production'\ncomplete -c paybond -n '__fish_seen_subcommand_from audit' -a 'exports'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'bash'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'zsh'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'fish'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_cost_and_completion'\n"
611
620
  };
@@ -8,6 +8,8 @@ export declare function handleAgentToolExecute(ctx: CliContext, argv: string[]):
8
8
  export declare function handleAgentToolValidate(ctx: CliContext, argv: string[]): Promise<CommandResult>;
9
9
  export declare function handleAgentRegistryValidate(ctx: CliContext, argv: string[]): Promise<CommandResult>;
10
10
  export declare function handleAgentSandboxSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
11
+ export declare function handleAgentHarborEvidenceSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
12
+ export declare function handleAgentProductionAttachSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
11
13
  export declare function handleAgentDemoVercelAiSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
12
14
  export declare function handleAgentDemoLanggraphSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
13
15
  export declare function handleAgentDemoGenericSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
@@ -2,14 +2,18 @@ import { resolve } from "node:path";
2
2
  import { readFile } from "node:fs/promises";
3
3
  import { PaybondAgentRun } from "../../agent/run.js";
4
4
  import { PaybondAutoEvidenceSubmitError, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, } from "../../agent/types.js";
5
+ import { resolveCliGatewayErrorMessage } from "../http-error-message.js";
5
6
  import { runGenericSandboxDemo } from "../../agent/generic-sandbox-demo.js";
6
7
  import { loadRunClaudeAgentsSandboxDemo, loadRunLangGraphSandboxDemo, loadRunOpenAIAgentsSandboxDemo, loadRunVercelAiSandboxDemo, } from "../agent/demo-loaders.js";
7
8
  import { buildSmokeRegistry, loadAgentRegistryFile, validateAgentRegistryDocument, } from "../../agent/registry-file.js";
8
9
  import { createPaybondToolRegistry } from "../../agent/registry.js";
9
10
  import { devTraceStepsFromEvents, devTraceUrl, findDevTraceEventForRun, resolveDevTraceSink, recordSmokeTraceEvent, } from "../../dev/trace-buffer.js";
10
- import { PaybondSpendApprovalRequiredError, PaybondSpendDeniedError, } from "../../index.js";
11
+ import { PaybondSpendApprovalRequiredError, PaybondSpendDeniedError, signHarborEvidenceSubmitRecognitionProof, signPayeeEvidenceBinding, } from "../../index.js";
11
12
  import { readJsonBody } from "../automation.js";
12
13
  import { formatAgentSandboxSmokeChecklist } from "../agent-sandbox-smoke-checklist.js";
14
+ import { formatAgentProductionAttachSmokeChecklist } from "../agent-production-attach-smoke-checklist.js";
15
+ import { formatAgentHarborEvidenceSmokeChecklist } from "../agent-harbor-evidence-smoke-checklist.js";
16
+ import { PAYBOND_ATTACH_INTENT_ID_ENV, PAYBOND_CAPABILITY_TOKEN_ENV, } from "../../agent/attach-bundle.js";
13
17
  import { appendSmokeDeepLinkChecklistLines, buildAgentSandboxSmokeDeepLinks, } from "../smoke-deep-links.js";
14
18
  import { appendAgentRunEnvVars } from "../agent/env-write.js";
15
19
  import { productionEvidenceToPersisted, resolveProductionEvidenceForReattach, resolveProductionEvidenceFromCli, } from "../agent/production-evidence.js";
@@ -257,6 +261,7 @@ export async function handleAgentRunBind(ctx, argv) {
257
261
  let policySnapshot;
258
262
  let resolvedOperation = operationFlag.value?.trim() ?? "";
259
263
  let resolvedCompletionPreset = presetFlag.value?.trim();
264
+ let attachSmokeCompletionPreset;
260
265
  if (policyFlag.value) {
261
266
  try {
262
267
  const resolved = await resolveAgentPolicyBind({
@@ -302,6 +307,13 @@ export async function handleAgentRunBind(ctx, argv) {
302
307
  registry = buildSmokeRegistry(operationFlag.value, preset);
303
308
  defaultDeny = true;
304
309
  }
310
+ else if (operationFlag.value?.trim() && !registryFlag.value) {
311
+ const preset = presetFlag.value?.trim() || "cost_and_completion";
312
+ registry = buildSmokeRegistry(operationFlag.value.trim(), preset);
313
+ defaultDeny = true;
314
+ resolvedOperation = operationFlag.value.trim();
315
+ attachSmokeCompletionPreset = preset;
316
+ }
305
317
  else {
306
318
  registry = createPaybondToolRegistry({ defaultDeny: false, sideEffecting: {} });
307
319
  }
@@ -400,7 +412,9 @@ export async function handleAgentRunBind(ctx, argv) {
400
412
  sandbox: Boolean(sandbox),
401
413
  sandbox_lifecycle_status: sandbox?.sandboxLifecycleStatus,
402
414
  requested_spend_cents: sandbox?.requestedSpendCents,
403
- completion_preset: resolvedCompletionPreset || (!registryPath && !policyPath && !hasAttach ? "cost_and_completion" : undefined),
415
+ completion_preset: resolvedCompletionPreset ||
416
+ attachSmokeCompletionPreset ||
417
+ (!registryPath && !policyPath && !hasAttach ? "cost_and_completion" : undefined),
404
418
  registry_file: registryPath ?? policyPath,
405
419
  default_deny: defaultDeny,
406
420
  policy_digest: run.policyDigest,
@@ -412,7 +426,9 @@ export async function handleAgentRunBind(ctx, argv) {
412
426
  created_at: new Date().toISOString(),
413
427
  });
414
428
  registerGatewayAgentRun(session.paybond, run, {
415
- completionPreset: resolvedCompletionPreset || (!registryPath && !policyPath && !hasAttach ? "cost_and_completion" : undefined),
429
+ completionPreset: resolvedCompletionPreset ||
430
+ attachSmokeCompletionPreset ||
431
+ (!registryPath && !policyPath && !hasAttach ? "cost_and_completion" : undefined),
416
432
  });
417
433
  if (writeEnvFlag.present) {
418
434
  const envFile = envOutFlag.value ?? ctx.globals.envFile;
@@ -748,18 +764,26 @@ export async function handleAgentSandboxSmoke(ctx, argv) {
748
764
  const bindResult = await handleAgentRunBind(ctx, bindArgv);
749
765
  smokeOperation = String(bindResult.data.operation ?? smokeOperation);
750
766
  const runId = String(bindResult.data.run_id ?? "");
767
+ const storedForExecute = await loadAgentRunContext(ctx.cwd, runId);
768
+ const executeArgv = [
769
+ ...(productionFlag.present ? ["--production"] : []),
770
+ "--run-id",
771
+ runId,
772
+ "--operation",
773
+ smokeOperation,
774
+ "--tool-call-id",
775
+ "smoke-1",
776
+ "--result-body",
777
+ JSON.stringify(resultBody),
778
+ ];
779
+ if (storedForExecute.requested_spend_cents != null) {
780
+ executeArgv.push("--requested-spend-cents", String(storedForExecute.requested_spend_cents));
781
+ }
782
+ else if (resolvedSpend) {
783
+ executeArgv.push("--requested-spend-cents", resolvedSpend);
784
+ }
751
785
  try {
752
- const executeResult = await handleAgentToolExecute(ctx, [
753
- ...(productionFlag.present ? ["--production"] : []),
754
- "--run-id",
755
- runId,
756
- "--operation",
757
- smokeOperation,
758
- "--tool-call-id",
759
- "smoke-1",
760
- "--result-body",
761
- JSON.stringify(resultBody),
762
- ]);
786
+ const executeResult = await handleAgentToolExecute(ctx, executeArgv);
763
787
  const stored = await loadAgentRunContext(ctx.cwd, runId);
764
788
  const bindForChecklist = {
765
789
  ...bindResult.data,
@@ -805,6 +829,185 @@ export async function handleAgentSandboxSmoke(ctx, argv) {
805
829
  throw err;
806
830
  }
807
831
  }
832
+ function nowRfc3339Seconds() {
833
+ return new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
834
+ }
835
+ export async function handleAgentHarborEvidenceSmoke(ctx, argv) {
836
+ const intentFlag = consumeFlag(argv, "--intent-id");
837
+ const payeeDidFlag = consumeFlag(intentFlag.rest, "--payee-did");
838
+ const payeeSeedFlag = consumeFlag(payeeDidFlag.rest, "--payee-signing-seed-hex");
839
+ const recognitionKeyFlag = consumeFlag(payeeSeedFlag.rest, "--agent-recognition-key-id");
840
+ const recognitionSeedFlag = consumeFlag(recognitionKeyFlag.rest, "--agent-recognition-signing-seed-hex");
841
+ const idempotencyFlag = consumeFlag(recognitionSeedFlag.rest, "--idempotency-key");
842
+ const intentId = intentFlag.value?.trim() ||
843
+ process.env[PAYBOND_ATTACH_INTENT_ID_ENV]?.trim() ||
844
+ process.env.PAYBOND_HARBOR_EVIDENCE_INTENT_ID?.trim();
845
+ if (!intentId) {
846
+ throw agentCliError("agent harbor evidence smoke requires --intent-id (or PAYBOND_ATTACH_INTENT_ID / PAYBOND_HARBOR_EVIDENCE_INTENT_ID)", { code: "cli.usage.missing_args", category: "usage" });
847
+ }
848
+ const resultParsed = await parseInlineJson(idempotencyFlag.rest, "--result-body", "--result-file");
849
+ const payload = resultParsed.payload;
850
+ if (Object.keys(payload).length === 0) {
851
+ throw agentCliError("agent harbor evidence smoke requires --result-body or --result-file", { code: "cli.usage.missing_args", category: "usage" });
852
+ }
853
+ return withPaybondAgentCli(ctx, true, async (session) => {
854
+ const productionEvidence = await resolveProductionEvidenceFromCli({
855
+ cwd: ctx.cwd,
856
+ envFile: ctx.globals.envFile,
857
+ payeeDid: payeeDidFlag.value,
858
+ payeeSigningSeedHex: payeeSeedFlag.value,
859
+ agentRecognitionKeyId: recognitionKeyFlag.value,
860
+ agentRecognitionSigningSeedHex: recognitionSeedFlag.value,
861
+ });
862
+ const tenantId = session.paybond.harbor.tenantId;
863
+ const submittedAtRfc3339 = nowRfc3339Seconds();
864
+ const wire = signPayeeEvidenceBinding({
865
+ tenantId,
866
+ intentId,
867
+ payeeDid: productionEvidence.payeeDid,
868
+ payload,
869
+ artifactsBlake3Hex: [],
870
+ submittedAtRfc3339,
871
+ payeeSigningSeed: productionEvidence.payeeSigningSeed,
872
+ });
873
+ const recognitionProof = signHarborEvidenceSubmitRecognitionProof({
874
+ tenantId,
875
+ intentId,
876
+ evidenceBody: wire,
877
+ keyId: productionEvidence.agentRecognitionKeyId,
878
+ signingSeed: productionEvidence.agentRecognitionSigningSeed,
879
+ });
880
+ const evidence = await session.paybond.harbor.submitEvidence(intentId, wire, {
881
+ idempotencyKey: idempotencyFlag.value?.trim(),
882
+ recognitionProof,
883
+ });
884
+ const evidenceRecord = evidence;
885
+ const checklistLines = formatAgentHarborEvidenceSmokeChecklist({
886
+ intentId,
887
+ evidence: evidenceRecord,
888
+ globals: ctx.globals,
889
+ });
890
+ return {
891
+ data: {
892
+ intent_id: intentId,
893
+ harbor_path: `/harbor/intents/${intentId}/evidence`,
894
+ evidence: evidenceRecord,
895
+ checklist_lines: checklistLines,
896
+ },
897
+ warnings: session.warnings,
898
+ };
899
+ });
900
+ }
901
+ export async function handleAgentProductionAttachSmoke(ctx, argv) {
902
+ const attachIntentFlag = consumeFlag(argv, "--attach-intent-id");
903
+ const capabilityFlag = consumeFlag(attachIntentFlag.rest, "--capability-token");
904
+ const operationFlag = consumeFlag(capabilityFlag.rest, "--operation");
905
+ const spendFlag = consumeFlag(operationFlag.rest, "--requested-spend-cents");
906
+ const policyFlag = consumeFlag(spendFlag.rest, "--policy-file");
907
+ const payeeDidFlag = consumeFlag(policyFlag.rest, "--payee-did");
908
+ const payeeSeedFlag = consumeFlag(payeeDidFlag.rest, "--payee-signing-seed-hex");
909
+ const recognitionKeyFlag = consumeFlag(payeeSeedFlag.rest, "--agent-recognition-key-id");
910
+ const recognitionSeedFlag = consumeFlag(recognitionKeyFlag.rest, "--agent-recognition-signing-seed-hex");
911
+ const attachIntentId = attachIntentFlag.value?.trim() ||
912
+ process.env[PAYBOND_ATTACH_INTENT_ID_ENV]?.trim();
913
+ const capabilityToken = capabilityFlag.value?.trim() ||
914
+ process.env[PAYBOND_CAPABILITY_TOKEN_ENV]?.trim();
915
+ if (!attachIntentId || !capabilityToken) {
916
+ throw agentCliError("agent production attach smoke requires --attach-intent-id and --capability-token (or PAYBOND_ATTACH_INTENT_ID and PAYBOND_CAPABILITY_TOKEN)", { code: "cli.usage.missing_args", category: "usage" });
917
+ }
918
+ const resolvedOperation = operationFlag.value?.trim();
919
+ if (!resolvedOperation) {
920
+ throw agentCliError("agent production attach smoke requires --operation", { code: "cli.usage.missing_args", category: "usage" });
921
+ }
922
+ const resultParsed = await parseInlineJson(recognitionSeedFlag.rest, "--result-body", "--result-file");
923
+ const resultBody = resultParsed.payload;
924
+ if (Object.keys(resultBody).length === 0) {
925
+ throw agentCliError("agent production attach smoke requires --result-body or --result-file", { code: "cli.usage.missing_args", category: "usage" });
926
+ }
927
+ const bindArgv = [
928
+ "--production",
929
+ "--attach-intent-id",
930
+ attachIntentId,
931
+ "--capability-token",
932
+ capabilityToken,
933
+ "--operation",
934
+ resolvedOperation,
935
+ ];
936
+ if (spendFlag.value?.trim()) {
937
+ bindArgv.push("--requested-spend-cents", spendFlag.value.trim());
938
+ }
939
+ if (policyFlag.value?.trim()) {
940
+ bindArgv.push("--policy-file", policyFlag.value.trim());
941
+ }
942
+ if (payeeDidFlag.value?.trim()) {
943
+ bindArgv.push("--payee-did", payeeDidFlag.value.trim());
944
+ }
945
+ if (payeeSeedFlag.value?.trim()) {
946
+ bindArgv.push("--payee-signing-seed-hex", payeeSeedFlag.value.trim());
947
+ }
948
+ if (recognitionKeyFlag.value?.trim()) {
949
+ bindArgv.push("--agent-recognition-key-id", recognitionKeyFlag.value.trim());
950
+ }
951
+ if (recognitionSeedFlag.value?.trim()) {
952
+ bindArgv.push("--agent-recognition-signing-seed-hex", recognitionSeedFlag.value.trim());
953
+ }
954
+ const bindResult = await handleAgentRunBind(ctx, bindArgv);
955
+ const runId = String(bindResult.data.run_id ?? "");
956
+ const storedForExecute = await loadAgentRunContext(ctx.cwd, runId);
957
+ const executeArgv = [
958
+ "--production",
959
+ "--run-id",
960
+ runId,
961
+ "--operation",
962
+ resolvedOperation,
963
+ "--tool-call-id",
964
+ "prod-attach-smoke-1",
965
+ "--result-body",
966
+ JSON.stringify(resultBody),
967
+ ];
968
+ if (storedForExecute.requested_spend_cents != null) {
969
+ executeArgv.push("--requested-spend-cents", String(storedForExecute.requested_spend_cents));
970
+ }
971
+ else if (spendFlag.value?.trim()) {
972
+ executeArgv.push("--requested-spend-cents", spendFlag.value.trim());
973
+ }
974
+ if (payeeSeedFlag.value?.trim()) {
975
+ executeArgv.push("--payee-signing-seed-hex", payeeSeedFlag.value.trim());
976
+ }
977
+ if (recognitionSeedFlag.value?.trim()) {
978
+ executeArgv.push("--agent-recognition-signing-seed-hex", recognitionSeedFlag.value.trim());
979
+ }
980
+ try {
981
+ const executeResult = await handleAgentToolExecute(ctx, executeArgv);
982
+ const checklistLines = formatAgentProductionAttachSmokeChecklist({
983
+ bind: bindResult.data,
984
+ execute: executeResult.data,
985
+ globals: ctx.globals,
986
+ });
987
+ return {
988
+ data: {
989
+ bind: bindResult.data,
990
+ execute: executeResult.data,
991
+ checklist_lines: checklistLines,
992
+ },
993
+ warnings: bindResult.warnings,
994
+ };
995
+ }
996
+ catch (err) {
997
+ if (err instanceof CliError) {
998
+ throw new CliError(err.message, {
999
+ category: err.category,
1000
+ code: err.code,
1001
+ exitCode: err.exitCode,
1002
+ details: {
1003
+ ...(err.details ?? {}),
1004
+ bind: bindResult.data,
1005
+ },
1006
+ });
1007
+ }
1008
+ throw err;
1009
+ }
1010
+ }
808
1011
  export async function handleAgentDemoVercelAiSmoke(ctx, argv) {
809
1012
  const productionFlag = consumeBooleanFlag(argv, "--production");
810
1013
  const operationFlag = consumeFlag(productionFlag.rest, "--operation");
@@ -1036,7 +1239,7 @@ function mapToolExecuteError(err, partial) {
1036
1239
  });
1037
1240
  }
1038
1241
  if (err instanceof PaybondAutoEvidenceSubmitError) {
1039
- return agentCliError(err.message, {
1242
+ return agentCliError(resolveCliGatewayErrorMessage(err), {
1040
1243
  code: "cli.agent.evidence_failed",
1041
1244
  exitCode: 5,
1042
1245
  category: "gateway",
@@ -1085,6 +1288,24 @@ export async function handleAgent(ctx, group, subcommand, argv) {
1085
1288
  if (group === "sandbox" && subcommand === "smoke") {
1086
1289
  return handleAgentSandboxSmoke(ctx, argv);
1087
1290
  }
1291
+ if (group === "production" && subcommand === "attach") {
1292
+ if (argv[0] !== "smoke") {
1293
+ throw agentCliError("agent production attach requires smoke subcommand", {
1294
+ code: "cli.usage.unknown_command",
1295
+ category: "usage",
1296
+ });
1297
+ }
1298
+ return handleAgentProductionAttachSmoke(ctx, argv.slice(1));
1299
+ }
1300
+ if (group === "harbor" && subcommand === "evidence") {
1301
+ if (argv[0] !== "smoke") {
1302
+ throw agentCliError("agent harbor evidence requires smoke subcommand", {
1303
+ code: "cli.usage.unknown_command",
1304
+ category: "usage",
1305
+ });
1306
+ }
1307
+ return handleAgentHarborEvidenceSmoke(ctx, argv.slice(1));
1308
+ }
1088
1309
  if (group === "demo" && subcommand === "vercel-ai") {
1089
1310
  if (argv[0] !== "smoke") {
1090
1311
  throw agentCliError("agent demo vercel-ai requires smoke subcommand", {
@@ -6,7 +6,17 @@ export declare function handleInitWizard(ctx: CliContext, argv: string[]): Promi
6
6
  export declare function handleInitGuardrail(ctx: CliContext, argv: string[]): Promise<CommandResult>;
7
7
  export declare function handleInitAgentMiddleware(ctx: CliContext, argv: string[]): Promise<CommandResult>;
8
8
  export declare function handleInitCompletion(ctx: CliContext, argv: string[]): Promise<CommandResult>;
9
- export declare function handleMcpServe(ctx: CliContext, argv: string[]): Promise<CommandResult>;
9
+ export declare function mcpServeArgvMatches(argv: string[]): boolean;
10
+ /** Run the blocking MCP stdio server. Must not run through the async CLI dispatcher. */
11
+ export declare function runMcpServeCommandSync(argv: string[], writers: {
12
+ stdout: {
13
+ write(chunk: string): boolean;
14
+ };
15
+ stderr: {
16
+ write(chunk: string): boolean;
17
+ };
18
+ }): number;
19
+ export declare function handleMcpServe(_ctx: CliContext, _argv: string[]): Promise<CommandResult>;
10
20
  export declare function handleMcpTools(ctx: CliContext): Promise<CommandResult>;
11
21
  export declare function handleMcpInstall(ctx: CliContext, argv: string[]): Promise<CommandResult>;
12
22
  export declare function handleMcpVerifyConfig(ctx: CliContext, argv: string[]): Promise<CommandResult>;