@paybond/kit 0.11.5 → 0.11.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/agent/interceptor.js +12 -3
- package/dist/cli/agent-harbor-evidence-smoke-checklist.d.ts +7 -0
- package/dist/cli/agent-harbor-evidence-smoke-checklist.js +23 -0
- package/dist/cli/agent-production-attach-smoke-checklist.d.ts +7 -0
- package/dist/cli/agent-production-attach-smoke-checklist.js +30 -0
- package/dist/cli/command-spec.js +13 -4
- package/dist/cli/commands/agent.d.ts +2 -0
- package/dist/cli/commands/agent.js +236 -15
- package/dist/cli/commands/setup.d.ts +11 -1
- package/dist/cli/commands/setup.js +42 -9
- package/dist/cli/help.js +2 -0
- package/dist/cli/http-error-message.d.ts +18 -0
- package/dist/cli/http-error-message.js +148 -0
- package/dist/cli/offline-session.d.ts +9 -0
- package/dist/cli/offline-session.js +33 -0
- package/dist/cli/router.js +36 -2
- package/dist/cli.js +15 -1
- package/dist/gateway-retry.d.ts +16 -0
- package/dist/gateway-retry.js +83 -0
- package/dist/index.d.ts +1 -1
- package/dist/index.js +34 -107
- package/dist/mcp-server.js +7 -8
- package/dist/payee-evidence.d.ts +9 -0
- package/dist/payee-evidence.js +12 -0
- package/package.json +2 -1
- package/templates/manifest.json +9 -9
- package/templates/openai-shopping-agent/package-lock.json +7 -7
- package/templates/openai-shopping-agent/package.json +1 -1
- package/templates/paybond-aws-operator/package-lock.json +4 -4
- package/templates/paybond-aws-operator/package.json +1 -1
- package/templates/paybond-claude-agents-demo/package-lock.json +7 -7
- package/templates/paybond-claude-agents-demo/package.json +1 -1
- package/templates/paybond-invoice-agent/requirements.txt +1 -1
- package/templates/paybond-mcp-coding-agent/package-lock.json +4 -4
- package/templates/paybond-mcp-coding-agent/package.json +1 -1
- package/templates/paybond-openai-agents-demo/package-lock.json +7 -7
- package/templates/paybond-openai-agents-demo/package.json +1 -1
- package/templates/paybond-procurement-agent/package-lock.json +4 -4
- package/templates/paybond-procurement-agent/package.json +1 -1
- package/templates/paybond-travel-agent/package-lock.json +7 -7
- package/templates/paybond-travel-agent/package.json +1 -1
- package/templates/paybond-vercel-shopping-agent/package-lock.json +4 -4
- package/templates/paybond-vercel-shopping-agent/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -6,6 +6,7 @@ import { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBindi
|
|
|
6
6
|
import { signPayeeEvidenceBinding } from "./payee-evidence.js";
|
|
7
7
|
import { PaybondAgentRunFacade, PaybondInstrumentBuilder, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondToolRegistry, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, resolveAgentPolicySource, wrapPaybondTools, } from "./agent/index.js";
|
|
8
8
|
import { GatewayAgentRunTraceReporter, } from "./agent/gateway-trace-reporter.js";
|
|
9
|
+
import { fetchWithGatewayRetries, gatewayRetryDelayMs, shouldRetryGatewayResponse, } from "./gateway-retry.js";
|
|
9
10
|
import { parsePolicyRemoteValidateResponse, policyValidateQueryString, } from "./policy/validate-remote.js";
|
|
10
11
|
import { parsePolicyEffectiveResolveResponse, } from "./policy/load-effective.js";
|
|
11
12
|
import { paybondPolicyPresets } from "./policy/policy-api.js";
|
|
@@ -187,19 +188,6 @@ function protocolHTTPErrorMessage(prefix, statusCode, bodyText) {
|
|
|
187
188
|
function normalizeBase(url) {
|
|
188
189
|
return requireSecureGatewayUrl(url);
|
|
189
190
|
}
|
|
190
|
-
function backoffMs(attempt) {
|
|
191
|
-
const base = 200 * 2 ** attempt;
|
|
192
|
-
const jitter = Math.random() * 100;
|
|
193
|
-
return Math.min(base + jitter, 5000);
|
|
194
|
-
}
|
|
195
|
-
function parseRetryAfterSeconds(v) {
|
|
196
|
-
if (!v)
|
|
197
|
-
return null;
|
|
198
|
-
const n = Number.parseFloat(v.trim());
|
|
199
|
-
if (!Number.isFinite(n))
|
|
200
|
-
return null;
|
|
201
|
-
return Math.min(n, 30);
|
|
202
|
-
}
|
|
203
191
|
function normalizeExpectedEnvironment(value) {
|
|
204
192
|
if (value === undefined)
|
|
205
193
|
return null;
|
|
@@ -462,16 +450,17 @@ export class HarborClient {
|
|
|
462
450
|
lastErr = e;
|
|
463
451
|
if (attempt + 1 >= this.maxRetries)
|
|
464
452
|
throw e;
|
|
465
|
-
await new Promise((r) => setTimeout(r,
|
|
453
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
|
|
466
454
|
continue;
|
|
467
455
|
}
|
|
468
456
|
if ([429, 500, 502, 503, 504].includes(res.status)) {
|
|
469
457
|
if (attempt + 1 >= this.maxRetries) {
|
|
470
458
|
return res;
|
|
471
459
|
}
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
460
|
+
if (!(await shouldRetryGatewayResponse(res))) {
|
|
461
|
+
return res;
|
|
462
|
+
}
|
|
463
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
|
|
475
464
|
continue;
|
|
476
465
|
}
|
|
477
466
|
return res;
|
|
@@ -494,16 +483,17 @@ export class HarborClient {
|
|
|
494
483
|
lastErr = e;
|
|
495
484
|
if (attempt + 1 >= this.maxRetries)
|
|
496
485
|
throw e;
|
|
497
|
-
await new Promise((r) => setTimeout(r,
|
|
486
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
|
|
498
487
|
continue;
|
|
499
488
|
}
|
|
500
489
|
if ([429, 500, 502, 503, 504].includes(res.status)) {
|
|
501
490
|
if (attempt + 1 >= this.maxRetries) {
|
|
502
491
|
return res;
|
|
503
492
|
}
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
493
|
+
if (!(await shouldRetryGatewayResponse(res))) {
|
|
494
|
+
return res;
|
|
495
|
+
}
|
|
496
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
|
|
507
497
|
if (retryBodyText !== undefined) {
|
|
508
498
|
init = {
|
|
509
499
|
...init,
|
|
@@ -804,28 +794,7 @@ export class GatewayHarborClient {
|
|
|
804
794
|
return headers;
|
|
805
795
|
}
|
|
806
796
|
async fetchWithRetries(url, init) {
|
|
807
|
-
|
|
808
|
-
for (let attempt = 0; attempt < this.maxRetries; attempt++) {
|
|
809
|
-
let res;
|
|
810
|
-
try {
|
|
811
|
-
res = await fetch(url, init);
|
|
812
|
-
}
|
|
813
|
-
catch (e) {
|
|
814
|
-
lastErr = e;
|
|
815
|
-
if (attempt + 1 >= this.maxRetries)
|
|
816
|
-
throw e;
|
|
817
|
-
await new Promise((r) => setTimeout(r, backoffMs(attempt)));
|
|
818
|
-
continue;
|
|
819
|
-
}
|
|
820
|
-
if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < this.maxRetries) {
|
|
821
|
-
const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
|
|
822
|
-
const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
|
|
823
|
-
await new Promise((r) => setTimeout(r, delayMs));
|
|
824
|
-
continue;
|
|
825
|
-
}
|
|
826
|
-
return res;
|
|
827
|
-
}
|
|
828
|
-
throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
|
|
797
|
+
return fetchWithGatewayRetries(url, init, this.maxRetries);
|
|
829
798
|
}
|
|
830
799
|
async postJSON(path, payload, extraHeaders) {
|
|
831
800
|
return this.requestJSON("POST", path, payload, extraHeaders);
|
|
@@ -1052,28 +1021,7 @@ export class PaybondGuardrails {
|
|
|
1052
1021
|
return headers;
|
|
1053
1022
|
}
|
|
1054
1023
|
async fetchWithRetries(url, init) {
|
|
1055
|
-
|
|
1056
|
-
for (let attempt = 0; attempt < this.maxRetries; attempt++) {
|
|
1057
|
-
let res;
|
|
1058
|
-
try {
|
|
1059
|
-
res = await fetch(url, init);
|
|
1060
|
-
}
|
|
1061
|
-
catch (e) {
|
|
1062
|
-
lastErr = e;
|
|
1063
|
-
if (attempt + 1 >= this.maxRetries)
|
|
1064
|
-
throw e;
|
|
1065
|
-
await new Promise((r) => setTimeout(r, backoffMs(attempt)));
|
|
1066
|
-
continue;
|
|
1067
|
-
}
|
|
1068
|
-
if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < this.maxRetries) {
|
|
1069
|
-
const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
|
|
1070
|
-
const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
|
|
1071
|
-
await new Promise((r) => setTimeout(r, delayMs));
|
|
1072
|
-
continue;
|
|
1073
|
-
}
|
|
1074
|
-
return res;
|
|
1075
|
-
}
|
|
1076
|
-
throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
|
|
1024
|
+
return fetchWithGatewayRetries(url, init, this.maxRetries);
|
|
1077
1025
|
}
|
|
1078
1026
|
async postJSON(path, payload, options) {
|
|
1079
1027
|
const url = `${this.base}${path.replace(/^\/+/, "")}`;
|
|
@@ -1118,7 +1066,7 @@ export class PaybondGuardrails {
|
|
|
1118
1066
|
}
|
|
1119
1067
|
const { res, text, url } = await this.postJSON("/v1/sandbox/guardrails/bootstrap", payload, { idempotencyKey: input.idempotencyKey });
|
|
1120
1068
|
if (!res.ok) {
|
|
1121
|
-
throw new HarborHttpError(`Gateway sandbox guardrail bootstrap HTTP ${res.status}
|
|
1069
|
+
throw new HarborHttpError(`Gateway sandbox guardrail bootstrap HTTP ${res.status}`, {
|
|
1122
1070
|
statusCode: res.status,
|
|
1123
1071
|
url,
|
|
1124
1072
|
bodyText: text,
|
|
@@ -1153,7 +1101,7 @@ export class PaybondGuardrails {
|
|
|
1153
1101
|
}
|
|
1154
1102
|
const { res, text, url } = await this.postJSON(`/v1/sandbox/guardrails/${encodeURIComponent(input.intentId)}/evidence`, payload, { idempotencyKey: input.idempotencyKey });
|
|
1155
1103
|
if (!res.ok) {
|
|
1156
|
-
throw new HarborHttpError(`Gateway sandbox guardrail evidence HTTP ${res.status}
|
|
1104
|
+
throw new HarborHttpError(`Gateway sandbox guardrail evidence HTTP ${res.status}`, {
|
|
1157
1105
|
statusCode: res.status,
|
|
1158
1106
|
url,
|
|
1159
1107
|
bodyText: text,
|
|
@@ -1433,16 +1381,17 @@ export class GatewaySignalClient {
|
|
|
1433
1381
|
lastErr = e;
|
|
1434
1382
|
if (attempt + 1 >= this.maxRetries)
|
|
1435
1383
|
throw e;
|
|
1436
|
-
await new Promise((r) => setTimeout(r,
|
|
1384
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
|
|
1437
1385
|
continue;
|
|
1438
1386
|
}
|
|
1439
1387
|
if ([429, 500, 502, 503, 504].includes(res.status)) {
|
|
1440
1388
|
if (attempt + 1 >= this.maxRetries) {
|
|
1441
1389
|
return res;
|
|
1442
1390
|
}
|
|
1443
|
-
|
|
1444
|
-
|
|
1445
|
-
|
|
1391
|
+
if (!(await shouldRetryGatewayResponse(res))) {
|
|
1392
|
+
return res;
|
|
1393
|
+
}
|
|
1394
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
|
|
1446
1395
|
continue;
|
|
1447
1396
|
}
|
|
1448
1397
|
return res;
|
|
@@ -1594,16 +1543,17 @@ export class GatewayFraudClient {
|
|
|
1594
1543
|
lastErr = e;
|
|
1595
1544
|
if (attempt + 1 >= this.maxRetries)
|
|
1596
1545
|
throw e;
|
|
1597
|
-
await new Promise((r) => setTimeout(r,
|
|
1546
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
|
|
1598
1547
|
continue;
|
|
1599
1548
|
}
|
|
1600
1549
|
if ([429, 500, 502, 503, 504].includes(res.status)) {
|
|
1601
1550
|
if (attempt + 1 >= this.maxRetries) {
|
|
1602
1551
|
return res;
|
|
1603
1552
|
}
|
|
1604
|
-
|
|
1605
|
-
|
|
1606
|
-
|
|
1553
|
+
if (!(await shouldRetryGatewayResponse(res))) {
|
|
1554
|
+
return res;
|
|
1555
|
+
}
|
|
1556
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
|
|
1607
1557
|
continue;
|
|
1608
1558
|
}
|
|
1609
1559
|
return res;
|
|
@@ -1875,16 +1825,17 @@ export class GatewayA2AClient {
|
|
|
1875
1825
|
lastErr = e;
|
|
1876
1826
|
if (attempt + 1 >= this.maxRetries)
|
|
1877
1827
|
throw e;
|
|
1878
|
-
await new Promise((r) => setTimeout(r,
|
|
1828
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
|
|
1879
1829
|
continue;
|
|
1880
1830
|
}
|
|
1881
1831
|
if ([429, 500, 502, 503, 504].includes(res.status)) {
|
|
1882
1832
|
if (attempt + 1 >= this.maxRetries) {
|
|
1883
1833
|
return res;
|
|
1884
1834
|
}
|
|
1885
|
-
|
|
1886
|
-
|
|
1887
|
-
|
|
1835
|
+
if (!(await shouldRetryGatewayResponse(res))) {
|
|
1836
|
+
return res;
|
|
1837
|
+
}
|
|
1838
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
|
|
1888
1839
|
continue;
|
|
1889
1840
|
}
|
|
1890
1841
|
return res;
|
|
@@ -1944,29 +1895,7 @@ export class GatewayProtocolClient {
|
|
|
1944
1895
|
this.maxRetries = Math.max(1, init?.maxRetries ?? 3);
|
|
1945
1896
|
}
|
|
1946
1897
|
async fetchWithRetries(url, init) {
|
|
1947
|
-
|
|
1948
|
-
for (let attempt = 0; attempt < this.maxRetries; attempt++) {
|
|
1949
|
-
let res;
|
|
1950
|
-
try {
|
|
1951
|
-
res = await fetch(url, init);
|
|
1952
|
-
}
|
|
1953
|
-
catch (e) {
|
|
1954
|
-
lastErr = e;
|
|
1955
|
-
if (attempt + 1 >= this.maxRetries) {
|
|
1956
|
-
throw e;
|
|
1957
|
-
}
|
|
1958
|
-
await new Promise((r) => setTimeout(r, backoffMs(attempt)));
|
|
1959
|
-
continue;
|
|
1960
|
-
}
|
|
1961
|
-
if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < this.maxRetries) {
|
|
1962
|
-
const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
|
|
1963
|
-
const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
|
|
1964
|
-
await new Promise((r) => setTimeout(r, delayMs));
|
|
1965
|
-
continue;
|
|
1966
|
-
}
|
|
1967
|
-
return res;
|
|
1968
|
-
}
|
|
1969
|
-
throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
|
|
1898
|
+
return fetchWithGatewayRetries(url, init, this.maxRetries);
|
|
1970
1899
|
}
|
|
1971
1900
|
headers(extra) {
|
|
1972
1901
|
const headers = new Headers(extra);
|
|
@@ -2132,15 +2061,13 @@ async function resolveGatewayTenantId(gatewayBaseUrl, apiKey, principalPath, max
|
|
|
2132
2061
|
if (attempt + 1 >= maxRetries) {
|
|
2133
2062
|
throw e;
|
|
2134
2063
|
}
|
|
2135
|
-
await new Promise((r) => setTimeout(r,
|
|
2064
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
|
|
2136
2065
|
continue;
|
|
2137
2066
|
}
|
|
2138
2067
|
const text = await res.text();
|
|
2139
2068
|
if (!res.ok) {
|
|
2140
2069
|
if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < maxRetries) {
|
|
2141
|
-
|
|
2142
|
-
const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
|
|
2143
|
-
await new Promise((r) => setTimeout(r, delayMs));
|
|
2070
|
+
await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
|
|
2144
2071
|
continue;
|
|
2145
2072
|
}
|
|
2146
2073
|
throw new GatewayAuthError(`gateway principal HTTP ${res.status}`, {
|
|
@@ -2397,7 +2324,7 @@ export class Paybond {
|
|
|
2397
2324
|
}
|
|
2398
2325
|
export { normalizeJson, jsonValueDigest } from "./json-digest.js";
|
|
2399
2326
|
export { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBinding, intentCreationSignBytesRaw, intentCreationSignBytesWithPolicyBinding, } from "./principal-intent.js";
|
|
2400
|
-
export { artifactsDigest, signPayeeEvidenceBinding } from "./payee-evidence.js";
|
|
2327
|
+
export { artifactsDigest, evidenceSignBytesV1, signPayeeEvidenceBinding, } from "./payee-evidence.js";
|
|
2401
2328
|
export { AGENT_RECOGNITION_GATEWAY_VERIFIER_ID, AGENT_RECOGNITION_PROOF_KIND_V1, AGENT_RECOGNITION_PURPOSE_EVIDENCE_SUBMIT, newAgentRecognitionRequestEnvelope, signAgentRecognitionProofV1, signHarborEvidenceSubmitRecognitionProof, } from "./agent-recognition.js";
|
|
2402
2329
|
export { validateCompletionEvidence, } from "./completion-validate-evidence.js";
|
|
2403
2330
|
export { completionSchemaDigestHex, computeVendorContractDigests, verifyVendorContract, verifyCatalogVendorContracts, } from "./completion-contract-digest.js";
|
package/dist/mcp-server.js
CHANGED
|
@@ -5,7 +5,7 @@ import fs from "node:fs/promises";
|
|
|
5
5
|
import path from "node:path";
|
|
6
6
|
import { fileURLToPath, pathToFileURL } from "node:url";
|
|
7
7
|
import { requireSecureGatewayUrl } from "./gateway-url.js";
|
|
8
|
-
import {
|
|
8
|
+
import { deprecatedAliasWarning } from "./cli/automation.js";
|
|
9
9
|
import { redactSensitiveFields } from "./cli/redact.js";
|
|
10
10
|
import { MCP_TOOL_ALLOWLIST_ENV, MCP_TOOL_POLICY_ENV, mergeMcpToolPolicy, parseMcpToolAllowlist, parseMcpToolPolicy, resolveMcpToolPolicy, toolAllowedByPolicy, } from "./cli/mcp-policy.js";
|
|
11
11
|
import { MCP_EVIDENCE_POLICY_ENV, McpEvidenceValidationGate, completionEvidenceValidationOk, extractHarborEvidenceValidationInput, extractSandboxGuardrailValidationInput, parseMcpEvidencePolicy, } from "./mcp-evidence-policy.js";
|
|
@@ -13,7 +13,7 @@ import { McpCapabilityTokenCache, mcpToolStoresCapabilityToken, parseMcpCapabili
|
|
|
13
13
|
import { createMcpPolicyGatewayAdapter, McpPolicyReloadGate, parseMcpPolicyReloadConfig, } from "./mcp-policy-reload.js";
|
|
14
14
|
import { DEFAULT_PAYBOND_GATEWAY_BASE_URL, GatewayFraudClient, GatewaySignalClient, } from "./index.js";
|
|
15
15
|
const SERVER_NAME = "Paybond MCP";
|
|
16
|
-
const SERVER_VERSION = "0.11.
|
|
16
|
+
const SERVER_VERSION = "0.11.7";
|
|
17
17
|
const MCP_PROTOCOL_VERSION = "2025-11-25";
|
|
18
18
|
const DEFAULT_PRINCIPAL_PATH = "/v1/auth/principal";
|
|
19
19
|
const DEFAULT_RECOGNITION_VERIFIER_ID = "paybond-gateway";
|
|
@@ -1697,12 +1697,11 @@ invokedFromCLI().then((invoked) => {
|
|
|
1697
1697
|
if (!invoked) {
|
|
1698
1698
|
return;
|
|
1699
1699
|
}
|
|
1700
|
-
|
|
1701
|
-
|
|
1702
|
-
|
|
1703
|
-
|
|
1704
|
-
|
|
1705
|
-
});
|
|
1700
|
+
const aliasWarning = deprecatedAliasWarning(process.argv[1]);
|
|
1701
|
+
if (aliasWarning) {
|
|
1702
|
+
process.stderr.write(`${aliasWarning}\n`);
|
|
1703
|
+
}
|
|
1704
|
+
process.exitCode = main(process.argv.slice(2));
|
|
1706
1705
|
}, (err) => {
|
|
1707
1706
|
process.stderr.write(`${formatError(err)}\n`);
|
|
1708
1707
|
process.exitCode = 1;
|
package/dist/payee-evidence.d.ts
CHANGED
|
@@ -3,6 +3,15 @@
|
|
|
3
3
|
*/
|
|
4
4
|
/** BLAKE3 digest of concatenated artifact hashes (empty list matches Harbor / `paybond-evidence`). */
|
|
5
5
|
export declare function artifactsDigest(artifactHashes32: Uint8Array[]): Uint8Array;
|
|
6
|
+
/** Canonical EvidenceSignV1 signing bytes (matches `paybond-evidence` / gateway binwire). */
|
|
7
|
+
export declare function evidenceSignBytesV1(input: {
|
|
8
|
+
tenantId: string;
|
|
9
|
+
intentId: string;
|
|
10
|
+
payeeDid: string;
|
|
11
|
+
payload: Record<string, unknown>;
|
|
12
|
+
artifactsBlake3Hex: string[];
|
|
13
|
+
submittedAtRfc3339: string;
|
|
14
|
+
}): Uint8Array;
|
|
6
15
|
export type SignPayeeEvidenceParams = {
|
|
7
16
|
tenantId: string;
|
|
8
17
|
intentId: string;
|
package/dist/payee-evidence.js
CHANGED
|
@@ -18,6 +18,18 @@ export function artifactsDigest(artifactHashes32) {
|
|
|
18
18
|
function encodeEvidenceSignV1(input) {
|
|
19
19
|
return concatBytes(encodeU8(EVIDENCE_SIGN_VERSION), encodeBincodeString(input.tenantId), encodeBincodeUuid(input.intentId), encodeBincodeString(input.payeeDid), encodeFixed32(input.payloadDigest), encodeFixed32(input.artifactsDigest), encodeBincodeString(input.submittedAtRfc3339));
|
|
20
20
|
}
|
|
21
|
+
/** Canonical EvidenceSignV1 signing bytes (matches `paybond-evidence` / gateway binwire). */
|
|
22
|
+
export function evidenceSignBytesV1(input) {
|
|
23
|
+
const artifactBin = input.artifactsBlake3Hex.map((h) => hexToBytes(h));
|
|
24
|
+
return encodeEvidenceSignV1({
|
|
25
|
+
tenantId: input.tenantId,
|
|
26
|
+
intentId: input.intentId,
|
|
27
|
+
payeeDid: input.payeeDid,
|
|
28
|
+
payloadDigest: jsonValueDigest(input.payload),
|
|
29
|
+
artifactsDigest: artifactsDigest(artifactBin),
|
|
30
|
+
submittedAtRfc3339: input.submittedAtRfc3339,
|
|
31
|
+
});
|
|
32
|
+
}
|
|
21
33
|
function bytesToBase64(bytes) {
|
|
22
34
|
let binary = "";
|
|
23
35
|
for (let i = 0; i < bytes.length; i++)
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@paybond/kit",
|
|
3
|
-
"version": "0.11.
|
|
3
|
+
"version": "0.11.7",
|
|
4
4
|
"mcpName": "io.github.nonameuserd/paybond",
|
|
5
5
|
"description": "Paybond Kit for TypeScript: agent spend governance for paid tool calls with spend authorization, evidence receipts, refunds, disputes, hosted Gateway sessions, and settlement.",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -117,6 +117,7 @@
|
|
|
117
117
|
"test": "vitest run",
|
|
118
118
|
"pack:dry-run": "npm pack --dry-run",
|
|
119
119
|
"verify:release": "node ./scripts/verify-release.mjs",
|
|
120
|
+
"verify:template-locks": "node ./scripts/verify-template-lock-integrity.mjs",
|
|
120
121
|
"prepack": "npm run build"
|
|
121
122
|
},
|
|
122
123
|
"peerDependencies": {
|
package/templates/manifest.json
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
"evidence_preset": "cost_and_completion",
|
|
14
14
|
"smoke_result_body": { "status": "completed", "cost_cents": 18700 },
|
|
15
15
|
"dependencies": {
|
|
16
|
-
"@paybond/kit": "^0.11.
|
|
16
|
+
"@paybond/kit": "^0.11.7",
|
|
17
17
|
"@langchain/core": "^1.2.1",
|
|
18
18
|
"@langchain/langgraph": "^1.4.7",
|
|
19
19
|
"zod": "^4.2.0"
|
|
@@ -33,7 +33,7 @@
|
|
|
33
33
|
"evidence_preset": "cost_and_completion",
|
|
34
34
|
"smoke_result_body": { "status": "completed", "cost_cents": 4500 },
|
|
35
35
|
"dependencies": {
|
|
36
|
-
"@paybond/kit": "^0.11.
|
|
36
|
+
"@paybond/kit": "^0.11.7",
|
|
37
37
|
"ai": "^5.0.0",
|
|
38
38
|
"zod": "^4.2.0"
|
|
39
39
|
},
|
|
@@ -52,7 +52,7 @@
|
|
|
52
52
|
"evidence_preset": "cost_and_completion",
|
|
53
53
|
"smoke_result_body": { "status": "completed", "cost_cents": 2900 },
|
|
54
54
|
"dependencies": {
|
|
55
|
-
"@paybond/kit": "^0.11.
|
|
55
|
+
"@paybond/kit": "^0.11.7",
|
|
56
56
|
"@openai/agents": "^0.4.0",
|
|
57
57
|
"zod": "^4.2.0"
|
|
58
58
|
},
|
|
@@ -71,7 +71,7 @@
|
|
|
71
71
|
"evidence_preset": "cost_and_completion",
|
|
72
72
|
"smoke_result_body": { "status": "completed", "cost_cents": 4500 },
|
|
73
73
|
"dependencies": {
|
|
74
|
-
"@paybond/kit": "^0.11.
|
|
74
|
+
"@paybond/kit": "^0.11.7",
|
|
75
75
|
"@openai/agents": "^0.4.0",
|
|
76
76
|
"zod": "^4.2.0"
|
|
77
77
|
},
|
|
@@ -90,7 +90,7 @@
|
|
|
90
90
|
"evidence_preset": "cost_and_completion",
|
|
91
91
|
"smoke_result_body": { "status": "completed", "cost_cents": 18700 },
|
|
92
92
|
"dependencies": {
|
|
93
|
-
"@paybond/kit": "^0.11.
|
|
93
|
+
"@paybond/kit": "^0.11.7",
|
|
94
94
|
"@anthropic-ai/claude-agent-sdk": "^0.2.100",
|
|
95
95
|
"zod": "^4.2.0"
|
|
96
96
|
},
|
|
@@ -110,7 +110,7 @@
|
|
|
110
110
|
"evidence_preset": "cost_and_completion",
|
|
111
111
|
"smoke_result_body": { "status": "completed", "cost_cents": 500 },
|
|
112
112
|
"dependencies": {
|
|
113
|
-
"@paybond/kit": "^0.11.
|
|
113
|
+
"@paybond/kit": "^0.11.7"
|
|
114
114
|
},
|
|
115
115
|
"mcp_tool_policy": "spend-write"
|
|
116
116
|
},
|
|
@@ -127,7 +127,7 @@
|
|
|
127
127
|
"evidence_preset": "cost_and_completion",
|
|
128
128
|
"smoke_result_body": { "status": "completed", "cost_cents": 12000 },
|
|
129
129
|
"dependencies": {
|
|
130
|
-
"@paybond/kit": "^0.11.
|
|
130
|
+
"@paybond/kit": "^0.11.7"
|
|
131
131
|
},
|
|
132
132
|
"demo_mode": "generic"
|
|
133
133
|
},
|
|
@@ -143,7 +143,7 @@
|
|
|
143
143
|
"evidence_preset": "cost_and_completion",
|
|
144
144
|
"smoke_result_body": { "status": "completed", "cost_cents": 12500 },
|
|
145
145
|
"dependencies": {
|
|
146
|
-
"@paybond/kit": "^0.11.
|
|
146
|
+
"@paybond/kit": "^0.11.7"
|
|
147
147
|
},
|
|
148
148
|
"demo_mode": "generic"
|
|
149
149
|
},
|
|
@@ -159,7 +159,7 @@
|
|
|
159
159
|
"evidence_preset": "cost_and_completion",
|
|
160
160
|
"smoke_result_body": { "status": "completed", "cost_cents": 2900 },
|
|
161
161
|
"python_dependencies": {
|
|
162
|
-
"paybond-kit": ">=0.11.
|
|
162
|
+
"paybond-kit": ">=0.11.7",
|
|
163
163
|
"langgraph": ">=1.2.0"
|
|
164
164
|
},
|
|
165
165
|
"demo_import": "paybond_kit.langgraph_sandbox_demo",
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
"name": "openai-shopping-agent",
|
|
8
8
|
"dependencies": {
|
|
9
9
|
"@openai/agents": "^0.4.0",
|
|
10
|
-
"@paybond/kit": "^0.11.
|
|
10
|
+
"@paybond/kit": "^0.11.7",
|
|
11
11
|
"zod": "^4.2.0"
|
|
12
12
|
},
|
|
13
13
|
"devDependencies": {
|
|
@@ -169,9 +169,9 @@
|
|
|
169
169
|
}
|
|
170
170
|
},
|
|
171
171
|
"node_modules/@paybond/kit": {
|
|
172
|
-
"version": "0.11.
|
|
173
|
-
"resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.
|
|
174
|
-
"integrity": "sha512-
|
|
172
|
+
"version": "0.11.7",
|
|
173
|
+
"resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.7.tgz",
|
|
174
|
+
"integrity": "sha512-wAVwT7CklrzUKjK+qVKbrxT88hW9xvDBg2tDUl75b2xt57kf9Bv8K0z+fdA0HTgGpJGdjuQRuYbzeSIAiWUgNA==",
|
|
175
175
|
"license": "Apache-2.0",
|
|
176
176
|
"dependencies": {
|
|
177
177
|
"@noble/ed25519": "^2.2.1",
|
|
@@ -829,9 +829,9 @@
|
|
|
829
829
|
}
|
|
830
830
|
},
|
|
831
831
|
"node_modules/iconv-lite": {
|
|
832
|
-
"version": "0.7.
|
|
833
|
-
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.
|
|
834
|
-
"integrity": "sha512-
|
|
832
|
+
"version": "0.7.3",
|
|
833
|
+
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.3.tgz",
|
|
834
|
+
"integrity": "sha512-IKXpvIzjnC9XTAUbVBcMfGS0EPaIXtW6v+zr+RRp+hqULEpo0owZax6wyRwPOJbWbzjYspQwusTsfVr0ifh4uQ==",
|
|
835
835
|
"license": "MIT",
|
|
836
836
|
"optional": true,
|
|
837
837
|
"dependencies": {
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
"smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation commerce.checkout --requested-spend-cents 4500 --result-body '{\"status\":\"completed\",\"cost_cents\":4500}' --format json"
|
|
9
9
|
},
|
|
10
10
|
"dependencies": {
|
|
11
|
-
"@paybond/kit": "^0.11.
|
|
11
|
+
"@paybond/kit": "^0.11.7",
|
|
12
12
|
"@openai/agents": "^0.4.0",
|
|
13
13
|
"zod": "^4.2.0"
|
|
14
14
|
},
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
"": {
|
|
7
7
|
"name": "paybond-aws-operator",
|
|
8
8
|
"dependencies": {
|
|
9
|
-
"@paybond/kit": "^0.11.
|
|
9
|
+
"@paybond/kit": "^0.11.7"
|
|
10
10
|
},
|
|
11
11
|
"devDependencies": {
|
|
12
12
|
"@types/node": "^22.10.1",
|
|
@@ -47,9 +47,9 @@
|
|
|
47
47
|
}
|
|
48
48
|
},
|
|
49
49
|
"node_modules/@paybond/kit": {
|
|
50
|
-
"version": "0.11.
|
|
51
|
-
"resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.
|
|
52
|
-
"integrity": "sha512-
|
|
50
|
+
"version": "0.11.7",
|
|
51
|
+
"resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.7.tgz",
|
|
52
|
+
"integrity": "sha512-wAVwT7CklrzUKjK+qVKbrxT88hW9xvDBg2tDUl75b2xt57kf9Bv8K0z+fdA0HTgGpJGdjuQRuYbzeSIAiWUgNA==",
|
|
53
53
|
"license": "Apache-2.0",
|
|
54
54
|
"dependencies": {
|
|
55
55
|
"@noble/ed25519": "^2.2.1",
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
"smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation aws.ec2.start_instance --requested-spend-cents 12500 --result-body '{\"status\":\"completed\",\"cost_cents\":12500}' --format json"
|
|
9
9
|
},
|
|
10
10
|
"dependencies": {
|
|
11
|
-
"@paybond/kit": "^0.11.
|
|
11
|
+
"@paybond/kit": "^0.11.7"
|
|
12
12
|
},
|
|
13
13
|
"devDependencies": {
|
|
14
14
|
"@types/node": "^22.10.1",
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
"name": "paybond-claude-agents-demo",
|
|
8
8
|
"dependencies": {
|
|
9
9
|
"@anthropic-ai/claude-agent-sdk": "^0.2.100",
|
|
10
|
-
"@paybond/kit": "^0.11.
|
|
10
|
+
"@paybond/kit": "^0.11.7",
|
|
11
11
|
"zod": "^4.2.0"
|
|
12
12
|
},
|
|
13
13
|
"devDependencies": {
|
|
@@ -260,9 +260,9 @@
|
|
|
260
260
|
}
|
|
261
261
|
},
|
|
262
262
|
"node_modules/@paybond/kit": {
|
|
263
|
-
"version": "0.11.
|
|
264
|
-
"resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.
|
|
265
|
-
"integrity": "sha512-
|
|
263
|
+
"version": "0.11.7",
|
|
264
|
+
"resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.7.tgz",
|
|
265
|
+
"integrity": "sha512-wAVwT7CklrzUKjK+qVKbrxT88hW9xvDBg2tDUl75b2xt57kf9Bv8K0z+fdA0HTgGpJGdjuQRuYbzeSIAiWUgNA==",
|
|
266
266
|
"license": "Apache-2.0",
|
|
267
267
|
"dependencies": {
|
|
268
268
|
"@noble/ed25519": "^2.2.1",
|
|
@@ -875,9 +875,9 @@
|
|
|
875
875
|
}
|
|
876
876
|
},
|
|
877
877
|
"node_modules/iconv-lite": {
|
|
878
|
-
"version": "0.7.
|
|
879
|
-
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.
|
|
880
|
-
"integrity": "sha512-
|
|
878
|
+
"version": "0.7.3",
|
|
879
|
+
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.3.tgz",
|
|
880
|
+
"integrity": "sha512-IKXpvIzjnC9XTAUbVBcMfGS0EPaIXtW6v+zr+RRp+hqULEpo0owZax6wyRwPOJbWbzjYspQwusTsfVr0ifh4uQ==",
|
|
881
881
|
"license": "MIT",
|
|
882
882
|
"dependencies": {
|
|
883
883
|
"safer-buffer": ">= 2.1.2 < 3.0.0"
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
"smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation travel.book_hotel --requested-spend-cents 18700 --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json"
|
|
9
9
|
},
|
|
10
10
|
"dependencies": {
|
|
11
|
-
"@paybond/kit": "^0.11.
|
|
11
|
+
"@paybond/kit": "^0.11.7",
|
|
12
12
|
"@anthropic-ai/claude-agent-sdk": "^0.2.100",
|
|
13
13
|
"zod": "^4.2.0"
|
|
14
14
|
},
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
paybond-kit>=0.11.
|
|
1
|
+
paybond-kit>=0.11.7
|
|
2
2
|
langgraph>=1.2.0
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
"": {
|
|
7
7
|
"name": "paybond-mcp-coding-agent",
|
|
8
8
|
"dependencies": {
|
|
9
|
-
"@paybond/kit": "^0.11.
|
|
9
|
+
"@paybond/kit": "^0.11.7"
|
|
10
10
|
},
|
|
11
11
|
"devDependencies": {
|
|
12
12
|
"@types/node": "^22.10.1",
|
|
@@ -47,9 +47,9 @@
|
|
|
47
47
|
}
|
|
48
48
|
},
|
|
49
49
|
"node_modules/@paybond/kit": {
|
|
50
|
-
"version": "0.11.
|
|
51
|
-
"resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.
|
|
52
|
-
"integrity": "sha512-
|
|
50
|
+
"version": "0.11.7",
|
|
51
|
+
"resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.7.tgz",
|
|
52
|
+
"integrity": "sha512-wAVwT7CklrzUKjK+qVKbrxT88hW9xvDBg2tDUl75b2xt57kf9Bv8K0z+fdA0HTgGpJGdjuQRuYbzeSIAiWUgNA==",
|
|
53
53
|
"license": "Apache-2.0",
|
|
54
54
|
"dependencies": {
|
|
55
55
|
"@noble/ed25519": "^2.2.1",
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
"smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation deploy.preview --requested-spend-cents 500 --result-body '{\"status\":\"completed\",\"cost_cents\":500}' --format json"
|
|
9
9
|
},
|
|
10
10
|
"dependencies": {
|
|
11
|
-
"@paybond/kit": "^0.11.
|
|
11
|
+
"@paybond/kit": "^0.11.7"
|
|
12
12
|
},
|
|
13
13
|
"devDependencies": {
|
|
14
14
|
"@types/node": "^22.10.1",
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
"name": "paybond-openai-agents-demo",
|
|
8
8
|
"dependencies": {
|
|
9
9
|
"@openai/agents": "^0.4.0",
|
|
10
|
-
"@paybond/kit": "^0.11.
|
|
10
|
+
"@paybond/kit": "^0.11.7",
|
|
11
11
|
"zod": "^4.2.0"
|
|
12
12
|
},
|
|
13
13
|
"devDependencies": {
|
|
@@ -169,9 +169,9 @@
|
|
|
169
169
|
}
|
|
170
170
|
},
|
|
171
171
|
"node_modules/@paybond/kit": {
|
|
172
|
-
"version": "0.11.
|
|
173
|
-
"resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.
|
|
174
|
-
"integrity": "sha512-
|
|
172
|
+
"version": "0.11.7",
|
|
173
|
+
"resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.7.tgz",
|
|
174
|
+
"integrity": "sha512-wAVwT7CklrzUKjK+qVKbrxT88hW9xvDBg2tDUl75b2xt57kf9Bv8K0z+fdA0HTgGpJGdjuQRuYbzeSIAiWUgNA==",
|
|
175
175
|
"license": "Apache-2.0",
|
|
176
176
|
"dependencies": {
|
|
177
177
|
"@noble/ed25519": "^2.2.1",
|
|
@@ -829,9 +829,9 @@
|
|
|
829
829
|
}
|
|
830
830
|
},
|
|
831
831
|
"node_modules/iconv-lite": {
|
|
832
|
-
"version": "0.7.
|
|
833
|
-
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.
|
|
834
|
-
"integrity": "sha512-
|
|
832
|
+
"version": "0.7.3",
|
|
833
|
+
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.3.tgz",
|
|
834
|
+
"integrity": "sha512-IKXpvIzjnC9XTAUbVBcMfGS0EPaIXtW6v+zr+RRp+hqULEpo0owZax6wyRwPOJbWbzjYspQwusTsfVr0ifh4uQ==",
|
|
835
835
|
"license": "MIT",
|
|
836
836
|
"optional": true,
|
|
837
837
|
"dependencies": {
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
"smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation saas.provision_seat --requested-spend-cents 2900 --result-body '{\"status\":\"completed\",\"cost_cents\":2900}' --format json"
|
|
9
9
|
},
|
|
10
10
|
"dependencies": {
|
|
11
|
-
"@paybond/kit": "^0.11.
|
|
11
|
+
"@paybond/kit": "^0.11.7",
|
|
12
12
|
"@openai/agents": "^0.4.0",
|
|
13
13
|
"zod": "^4.2.0"
|
|
14
14
|
},
|