@paybond/kit 0.11.5 → 0.11.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/README.md +1 -1
  2. package/dist/agent/interceptor.js +12 -3
  3. package/dist/cli/agent-harbor-evidence-smoke-checklist.d.ts +7 -0
  4. package/dist/cli/agent-harbor-evidence-smoke-checklist.js +23 -0
  5. package/dist/cli/agent-production-attach-smoke-checklist.d.ts +7 -0
  6. package/dist/cli/agent-production-attach-smoke-checklist.js +30 -0
  7. package/dist/cli/command-spec.js +13 -4
  8. package/dist/cli/commands/agent.d.ts +2 -0
  9. package/dist/cli/commands/agent.js +236 -15
  10. package/dist/cli/commands/setup.d.ts +11 -1
  11. package/dist/cli/commands/setup.js +42 -9
  12. package/dist/cli/help.js +2 -0
  13. package/dist/cli/http-error-message.d.ts +18 -0
  14. package/dist/cli/http-error-message.js +148 -0
  15. package/dist/cli/offline-session.d.ts +9 -0
  16. package/dist/cli/offline-session.js +33 -0
  17. package/dist/cli/router.js +36 -2
  18. package/dist/cli.js +15 -1
  19. package/dist/gateway-retry.d.ts +16 -0
  20. package/dist/gateway-retry.js +83 -0
  21. package/dist/index.d.ts +1 -1
  22. package/dist/index.js +34 -107
  23. package/dist/mcp-server.js +7 -8
  24. package/dist/payee-evidence.d.ts +9 -0
  25. package/dist/payee-evidence.js +12 -0
  26. package/package.json +2 -1
  27. package/templates/manifest.json +9 -9
  28. package/templates/openai-shopping-agent/package-lock.json +7 -7
  29. package/templates/openai-shopping-agent/package.json +1 -1
  30. package/templates/paybond-aws-operator/package-lock.json +4 -4
  31. package/templates/paybond-aws-operator/package.json +1 -1
  32. package/templates/paybond-claude-agents-demo/package-lock.json +7 -7
  33. package/templates/paybond-claude-agents-demo/package.json +1 -1
  34. package/templates/paybond-invoice-agent/requirements.txt +1 -1
  35. package/templates/paybond-mcp-coding-agent/package-lock.json +4 -4
  36. package/templates/paybond-mcp-coding-agent/package.json +1 -1
  37. package/templates/paybond-openai-agents-demo/package-lock.json +7 -7
  38. package/templates/paybond-openai-agents-demo/package.json +1 -1
  39. package/templates/paybond-procurement-agent/package-lock.json +4 -4
  40. package/templates/paybond-procurement-agent/package.json +1 -1
  41. package/templates/paybond-travel-agent/package-lock.json +7 -7
  42. package/templates/paybond-travel-agent/package.json +1 -1
  43. package/templates/paybond-vercel-shopping-agent/package-lock.json +4 -4
  44. package/templates/paybond-vercel-shopping-agent/package.json +1 -1
package/dist/index.js CHANGED
@@ -6,6 +6,7 @@ import { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBindi
6
6
  import { signPayeeEvidenceBinding } from "./payee-evidence.js";
7
7
  import { PaybondAgentRunFacade, PaybondInstrumentBuilder, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondToolRegistry, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, resolveAgentPolicySource, wrapPaybondTools, } from "./agent/index.js";
8
8
  import { GatewayAgentRunTraceReporter, } from "./agent/gateway-trace-reporter.js";
9
+ import { fetchWithGatewayRetries, gatewayRetryDelayMs, shouldRetryGatewayResponse, } from "./gateway-retry.js";
9
10
  import { parsePolicyRemoteValidateResponse, policyValidateQueryString, } from "./policy/validate-remote.js";
10
11
  import { parsePolicyEffectiveResolveResponse, } from "./policy/load-effective.js";
11
12
  import { paybondPolicyPresets } from "./policy/policy-api.js";
@@ -187,19 +188,6 @@ function protocolHTTPErrorMessage(prefix, statusCode, bodyText) {
187
188
  function normalizeBase(url) {
188
189
  return requireSecureGatewayUrl(url);
189
190
  }
190
- function backoffMs(attempt) {
191
- const base = 200 * 2 ** attempt;
192
- const jitter = Math.random() * 100;
193
- return Math.min(base + jitter, 5000);
194
- }
195
- function parseRetryAfterSeconds(v) {
196
- if (!v)
197
- return null;
198
- const n = Number.parseFloat(v.trim());
199
- if (!Number.isFinite(n))
200
- return null;
201
- return Math.min(n, 30);
202
- }
203
191
  function normalizeExpectedEnvironment(value) {
204
192
  if (value === undefined)
205
193
  return null;
@@ -462,16 +450,17 @@ export class HarborClient {
462
450
  lastErr = e;
463
451
  if (attempt + 1 >= this.maxRetries)
464
452
  throw e;
465
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
453
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
466
454
  continue;
467
455
  }
468
456
  if ([429, 500, 502, 503, 504].includes(res.status)) {
469
457
  if (attempt + 1 >= this.maxRetries) {
470
458
  return res;
471
459
  }
472
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
473
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
474
- await new Promise((r) => setTimeout(r, delayMs));
460
+ if (!(await shouldRetryGatewayResponse(res))) {
461
+ return res;
462
+ }
463
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
475
464
  continue;
476
465
  }
477
466
  return res;
@@ -494,16 +483,17 @@ export class HarborClient {
494
483
  lastErr = e;
495
484
  if (attempt + 1 >= this.maxRetries)
496
485
  throw e;
497
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
486
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
498
487
  continue;
499
488
  }
500
489
  if ([429, 500, 502, 503, 504].includes(res.status)) {
501
490
  if (attempt + 1 >= this.maxRetries) {
502
491
  return res;
503
492
  }
504
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
505
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
506
- await new Promise((r) => setTimeout(r, delayMs));
493
+ if (!(await shouldRetryGatewayResponse(res))) {
494
+ return res;
495
+ }
496
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
507
497
  if (retryBodyText !== undefined) {
508
498
  init = {
509
499
  ...init,
@@ -804,28 +794,7 @@ export class GatewayHarborClient {
804
794
  return headers;
805
795
  }
806
796
  async fetchWithRetries(url, init) {
807
- let lastErr;
808
- for (let attempt = 0; attempt < this.maxRetries; attempt++) {
809
- let res;
810
- try {
811
- res = await fetch(url, init);
812
- }
813
- catch (e) {
814
- lastErr = e;
815
- if (attempt + 1 >= this.maxRetries)
816
- throw e;
817
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
818
- continue;
819
- }
820
- if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < this.maxRetries) {
821
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
822
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
823
- await new Promise((r) => setTimeout(r, delayMs));
824
- continue;
825
- }
826
- return res;
827
- }
828
- throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
797
+ return fetchWithGatewayRetries(url, init, this.maxRetries);
829
798
  }
830
799
  async postJSON(path, payload, extraHeaders) {
831
800
  return this.requestJSON("POST", path, payload, extraHeaders);
@@ -1052,28 +1021,7 @@ export class PaybondGuardrails {
1052
1021
  return headers;
1053
1022
  }
1054
1023
  async fetchWithRetries(url, init) {
1055
- let lastErr;
1056
- for (let attempt = 0; attempt < this.maxRetries; attempt++) {
1057
- let res;
1058
- try {
1059
- res = await fetch(url, init);
1060
- }
1061
- catch (e) {
1062
- lastErr = e;
1063
- if (attempt + 1 >= this.maxRetries)
1064
- throw e;
1065
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
1066
- continue;
1067
- }
1068
- if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < this.maxRetries) {
1069
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
1070
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
1071
- await new Promise((r) => setTimeout(r, delayMs));
1072
- continue;
1073
- }
1074
- return res;
1075
- }
1076
- throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
1024
+ return fetchWithGatewayRetries(url, init, this.maxRetries);
1077
1025
  }
1078
1026
  async postJSON(path, payload, options) {
1079
1027
  const url = `${this.base}${path.replace(/^\/+/, "")}`;
@@ -1118,7 +1066,7 @@ export class PaybondGuardrails {
1118
1066
  }
1119
1067
  const { res, text, url } = await this.postJSON("/v1/sandbox/guardrails/bootstrap", payload, { idempotencyKey: input.idempotencyKey });
1120
1068
  if (!res.ok) {
1121
- throw new HarborHttpError(`Gateway sandbox guardrail bootstrap HTTP ${res.status}: ${text}`, {
1069
+ throw new HarborHttpError(`Gateway sandbox guardrail bootstrap HTTP ${res.status}`, {
1122
1070
  statusCode: res.status,
1123
1071
  url,
1124
1072
  bodyText: text,
@@ -1153,7 +1101,7 @@ export class PaybondGuardrails {
1153
1101
  }
1154
1102
  const { res, text, url } = await this.postJSON(`/v1/sandbox/guardrails/${encodeURIComponent(input.intentId)}/evidence`, payload, { idempotencyKey: input.idempotencyKey });
1155
1103
  if (!res.ok) {
1156
- throw new HarborHttpError(`Gateway sandbox guardrail evidence HTTP ${res.status}: ${text}`, {
1104
+ throw new HarborHttpError(`Gateway sandbox guardrail evidence HTTP ${res.status}`, {
1157
1105
  statusCode: res.status,
1158
1106
  url,
1159
1107
  bodyText: text,
@@ -1433,16 +1381,17 @@ export class GatewaySignalClient {
1433
1381
  lastErr = e;
1434
1382
  if (attempt + 1 >= this.maxRetries)
1435
1383
  throw e;
1436
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
1384
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
1437
1385
  continue;
1438
1386
  }
1439
1387
  if ([429, 500, 502, 503, 504].includes(res.status)) {
1440
1388
  if (attempt + 1 >= this.maxRetries) {
1441
1389
  return res;
1442
1390
  }
1443
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
1444
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
1445
- await new Promise((r) => setTimeout(r, delayMs));
1391
+ if (!(await shouldRetryGatewayResponse(res))) {
1392
+ return res;
1393
+ }
1394
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
1446
1395
  continue;
1447
1396
  }
1448
1397
  return res;
@@ -1594,16 +1543,17 @@ export class GatewayFraudClient {
1594
1543
  lastErr = e;
1595
1544
  if (attempt + 1 >= this.maxRetries)
1596
1545
  throw e;
1597
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
1546
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
1598
1547
  continue;
1599
1548
  }
1600
1549
  if ([429, 500, 502, 503, 504].includes(res.status)) {
1601
1550
  if (attempt + 1 >= this.maxRetries) {
1602
1551
  return res;
1603
1552
  }
1604
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
1605
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
1606
- await new Promise((r) => setTimeout(r, delayMs));
1553
+ if (!(await shouldRetryGatewayResponse(res))) {
1554
+ return res;
1555
+ }
1556
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
1607
1557
  continue;
1608
1558
  }
1609
1559
  return res;
@@ -1875,16 +1825,17 @@ export class GatewayA2AClient {
1875
1825
  lastErr = e;
1876
1826
  if (attempt + 1 >= this.maxRetries)
1877
1827
  throw e;
1878
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
1828
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
1879
1829
  continue;
1880
1830
  }
1881
1831
  if ([429, 500, 502, 503, 504].includes(res.status)) {
1882
1832
  if (attempt + 1 >= this.maxRetries) {
1883
1833
  return res;
1884
1834
  }
1885
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
1886
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
1887
- await new Promise((r) => setTimeout(r, delayMs));
1835
+ if (!(await shouldRetryGatewayResponse(res))) {
1836
+ return res;
1837
+ }
1838
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
1888
1839
  continue;
1889
1840
  }
1890
1841
  return res;
@@ -1944,29 +1895,7 @@ export class GatewayProtocolClient {
1944
1895
  this.maxRetries = Math.max(1, init?.maxRetries ?? 3);
1945
1896
  }
1946
1897
  async fetchWithRetries(url, init) {
1947
- let lastErr;
1948
- for (let attempt = 0; attempt < this.maxRetries; attempt++) {
1949
- let res;
1950
- try {
1951
- res = await fetch(url, init);
1952
- }
1953
- catch (e) {
1954
- lastErr = e;
1955
- if (attempt + 1 >= this.maxRetries) {
1956
- throw e;
1957
- }
1958
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
1959
- continue;
1960
- }
1961
- if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < this.maxRetries) {
1962
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
1963
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
1964
- await new Promise((r) => setTimeout(r, delayMs));
1965
- continue;
1966
- }
1967
- return res;
1968
- }
1969
- throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
1898
+ return fetchWithGatewayRetries(url, init, this.maxRetries);
1970
1899
  }
1971
1900
  headers(extra) {
1972
1901
  const headers = new Headers(extra);
@@ -2132,15 +2061,13 @@ async function resolveGatewayTenantId(gatewayBaseUrl, apiKey, principalPath, max
2132
2061
  if (attempt + 1 >= maxRetries) {
2133
2062
  throw e;
2134
2063
  }
2135
- await new Promise((r) => setTimeout(r, backoffMs(attempt)));
2064
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, null)));
2136
2065
  continue;
2137
2066
  }
2138
2067
  const text = await res.text();
2139
2068
  if (!res.ok) {
2140
2069
  if ([429, 500, 502, 503, 504].includes(res.status) && attempt + 1 < maxRetries) {
2141
- const raSec = parseRetryAfterSeconds(res.headers.get("retry-after"));
2142
- const delayMs = raSec != null ? raSec * 1000 : backoffMs(attempt);
2143
- await new Promise((r) => setTimeout(r, delayMs));
2070
+ await new Promise((r) => setTimeout(r, gatewayRetryDelayMs(attempt, res.headers.get("retry-after"))));
2144
2071
  continue;
2145
2072
  }
2146
2073
  throw new GatewayAuthError(`gateway principal HTTP ${res.status}`, {
@@ -2397,7 +2324,7 @@ export class Paybond {
2397
2324
  }
2398
2325
  export { normalizeJson, jsonValueDigest } from "./json-digest.js";
2399
2326
  export { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBinding, intentCreationSignBytesRaw, intentCreationSignBytesWithPolicyBinding, } from "./principal-intent.js";
2400
- export { artifactsDigest, signPayeeEvidenceBinding } from "./payee-evidence.js";
2327
+ export { artifactsDigest, evidenceSignBytesV1, signPayeeEvidenceBinding, } from "./payee-evidence.js";
2401
2328
  export { AGENT_RECOGNITION_GATEWAY_VERIFIER_ID, AGENT_RECOGNITION_PROOF_KIND_V1, AGENT_RECOGNITION_PURPOSE_EVIDENCE_SUBMIT, newAgentRecognitionRequestEnvelope, signAgentRecognitionProofV1, signHarborEvidenceSubmitRecognitionProof, } from "./agent-recognition.js";
2402
2329
  export { validateCompletionEvidence, } from "./completion-validate-evidence.js";
2403
2330
  export { completionSchemaDigestHex, computeVendorContractDigests, verifyVendorContract, verifyCatalogVendorContracts, } from "./completion-contract-digest.js";
@@ -5,7 +5,7 @@ import fs from "node:fs/promises";
5
5
  import path from "node:path";
6
6
  import { fileURLToPath, pathToFileURL } from "node:url";
7
7
  import { requireSecureGatewayUrl } from "./gateway-url.js";
8
- import { runCli } from "./cli/router.js";
8
+ import { deprecatedAliasWarning } from "./cli/automation.js";
9
9
  import { redactSensitiveFields } from "./cli/redact.js";
10
10
  import { MCP_TOOL_ALLOWLIST_ENV, MCP_TOOL_POLICY_ENV, mergeMcpToolPolicy, parseMcpToolAllowlist, parseMcpToolPolicy, resolveMcpToolPolicy, toolAllowedByPolicy, } from "./cli/mcp-policy.js";
11
11
  import { MCP_EVIDENCE_POLICY_ENV, McpEvidenceValidationGate, completionEvidenceValidationOk, extractHarborEvidenceValidationInput, extractSandboxGuardrailValidationInput, parseMcpEvidencePolicy, } from "./mcp-evidence-policy.js";
@@ -13,7 +13,7 @@ import { McpCapabilityTokenCache, mcpToolStoresCapabilityToken, parseMcpCapabili
13
13
  import { createMcpPolicyGatewayAdapter, McpPolicyReloadGate, parseMcpPolicyReloadConfig, } from "./mcp-policy-reload.js";
14
14
  import { DEFAULT_PAYBOND_GATEWAY_BASE_URL, GatewayFraudClient, GatewaySignalClient, } from "./index.js";
15
15
  const SERVER_NAME = "Paybond MCP";
16
- const SERVER_VERSION = "0.11.5";
16
+ const SERVER_VERSION = "0.11.7";
17
17
  const MCP_PROTOCOL_VERSION = "2025-11-25";
18
18
  const DEFAULT_PRINCIPAL_PATH = "/v1/auth/principal";
19
19
  const DEFAULT_RECOGNITION_VERIFIER_ID = "paybond-gateway";
@@ -1697,12 +1697,11 @@ invokedFromCLI().then((invoked) => {
1697
1697
  if (!invoked) {
1698
1698
  return;
1699
1699
  }
1700
- runCli(["mcp", "serve", ...process.argv.slice(2)]).then((code) => {
1701
- process.exitCode = code;
1702
- }, (err) => {
1703
- process.stderr.write(`${formatError(err)}\n`);
1704
- process.exitCode = 1;
1705
- });
1700
+ const aliasWarning = deprecatedAliasWarning(process.argv[1]);
1701
+ if (aliasWarning) {
1702
+ process.stderr.write(`${aliasWarning}\n`);
1703
+ }
1704
+ process.exitCode = main(process.argv.slice(2));
1706
1705
  }, (err) => {
1707
1706
  process.stderr.write(`${formatError(err)}\n`);
1708
1707
  process.exitCode = 1;
@@ -3,6 +3,15 @@
3
3
  */
4
4
  /** BLAKE3 digest of concatenated artifact hashes (empty list matches Harbor / `paybond-evidence`). */
5
5
  export declare function artifactsDigest(artifactHashes32: Uint8Array[]): Uint8Array;
6
+ /** Canonical EvidenceSignV1 signing bytes (matches `paybond-evidence` / gateway binwire). */
7
+ export declare function evidenceSignBytesV1(input: {
8
+ tenantId: string;
9
+ intentId: string;
10
+ payeeDid: string;
11
+ payload: Record<string, unknown>;
12
+ artifactsBlake3Hex: string[];
13
+ submittedAtRfc3339: string;
14
+ }): Uint8Array;
6
15
  export type SignPayeeEvidenceParams = {
7
16
  tenantId: string;
8
17
  intentId: string;
@@ -18,6 +18,18 @@ export function artifactsDigest(artifactHashes32) {
18
18
  function encodeEvidenceSignV1(input) {
19
19
  return concatBytes(encodeU8(EVIDENCE_SIGN_VERSION), encodeBincodeString(input.tenantId), encodeBincodeUuid(input.intentId), encodeBincodeString(input.payeeDid), encodeFixed32(input.payloadDigest), encodeFixed32(input.artifactsDigest), encodeBincodeString(input.submittedAtRfc3339));
20
20
  }
21
+ /** Canonical EvidenceSignV1 signing bytes (matches `paybond-evidence` / gateway binwire). */
22
+ export function evidenceSignBytesV1(input) {
23
+ const artifactBin = input.artifactsBlake3Hex.map((h) => hexToBytes(h));
24
+ return encodeEvidenceSignV1({
25
+ tenantId: input.tenantId,
26
+ intentId: input.intentId,
27
+ payeeDid: input.payeeDid,
28
+ payloadDigest: jsonValueDigest(input.payload),
29
+ artifactsDigest: artifactsDigest(artifactBin),
30
+ submittedAtRfc3339: input.submittedAtRfc3339,
31
+ });
32
+ }
21
33
  function bytesToBase64(bytes) {
22
34
  let binary = "";
23
35
  for (let i = 0; i < bytes.length; i++)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@paybond/kit",
3
- "version": "0.11.5",
3
+ "version": "0.11.7",
4
4
  "mcpName": "io.github.nonameuserd/paybond",
5
5
  "description": "Paybond Kit for TypeScript: agent spend governance for paid tool calls with spend authorization, evidence receipts, refunds, disputes, hosted Gateway sessions, and settlement.",
6
6
  "license": "Apache-2.0",
@@ -117,6 +117,7 @@
117
117
  "test": "vitest run",
118
118
  "pack:dry-run": "npm pack --dry-run",
119
119
  "verify:release": "node ./scripts/verify-release.mjs",
120
+ "verify:template-locks": "node ./scripts/verify-template-lock-integrity.mjs",
120
121
  "prepack": "npm run build"
121
122
  },
122
123
  "peerDependencies": {
@@ -13,7 +13,7 @@
13
13
  "evidence_preset": "cost_and_completion",
14
14
  "smoke_result_body": { "status": "completed", "cost_cents": 18700 },
15
15
  "dependencies": {
16
- "@paybond/kit": "^0.11.5",
16
+ "@paybond/kit": "^0.11.7",
17
17
  "@langchain/core": "^1.2.1",
18
18
  "@langchain/langgraph": "^1.4.7",
19
19
  "zod": "^4.2.0"
@@ -33,7 +33,7 @@
33
33
  "evidence_preset": "cost_and_completion",
34
34
  "smoke_result_body": { "status": "completed", "cost_cents": 4500 },
35
35
  "dependencies": {
36
- "@paybond/kit": "^0.11.5",
36
+ "@paybond/kit": "^0.11.7",
37
37
  "ai": "^5.0.0",
38
38
  "zod": "^4.2.0"
39
39
  },
@@ -52,7 +52,7 @@
52
52
  "evidence_preset": "cost_and_completion",
53
53
  "smoke_result_body": { "status": "completed", "cost_cents": 2900 },
54
54
  "dependencies": {
55
- "@paybond/kit": "^0.11.5",
55
+ "@paybond/kit": "^0.11.7",
56
56
  "@openai/agents": "^0.4.0",
57
57
  "zod": "^4.2.0"
58
58
  },
@@ -71,7 +71,7 @@
71
71
  "evidence_preset": "cost_and_completion",
72
72
  "smoke_result_body": { "status": "completed", "cost_cents": 4500 },
73
73
  "dependencies": {
74
- "@paybond/kit": "^0.11.5",
74
+ "@paybond/kit": "^0.11.7",
75
75
  "@openai/agents": "^0.4.0",
76
76
  "zod": "^4.2.0"
77
77
  },
@@ -90,7 +90,7 @@
90
90
  "evidence_preset": "cost_and_completion",
91
91
  "smoke_result_body": { "status": "completed", "cost_cents": 18700 },
92
92
  "dependencies": {
93
- "@paybond/kit": "^0.11.5",
93
+ "@paybond/kit": "^0.11.7",
94
94
  "@anthropic-ai/claude-agent-sdk": "^0.2.100",
95
95
  "zod": "^4.2.0"
96
96
  },
@@ -110,7 +110,7 @@
110
110
  "evidence_preset": "cost_and_completion",
111
111
  "smoke_result_body": { "status": "completed", "cost_cents": 500 },
112
112
  "dependencies": {
113
- "@paybond/kit": "^0.11.5"
113
+ "@paybond/kit": "^0.11.7"
114
114
  },
115
115
  "mcp_tool_policy": "spend-write"
116
116
  },
@@ -127,7 +127,7 @@
127
127
  "evidence_preset": "cost_and_completion",
128
128
  "smoke_result_body": { "status": "completed", "cost_cents": 12000 },
129
129
  "dependencies": {
130
- "@paybond/kit": "^0.11.5"
130
+ "@paybond/kit": "^0.11.7"
131
131
  },
132
132
  "demo_mode": "generic"
133
133
  },
@@ -143,7 +143,7 @@
143
143
  "evidence_preset": "cost_and_completion",
144
144
  "smoke_result_body": { "status": "completed", "cost_cents": 12500 },
145
145
  "dependencies": {
146
- "@paybond/kit": "^0.11.5"
146
+ "@paybond/kit": "^0.11.7"
147
147
  },
148
148
  "demo_mode": "generic"
149
149
  },
@@ -159,7 +159,7 @@
159
159
  "evidence_preset": "cost_and_completion",
160
160
  "smoke_result_body": { "status": "completed", "cost_cents": 2900 },
161
161
  "python_dependencies": {
162
- "paybond-kit": ">=0.11.5",
162
+ "paybond-kit": ">=0.11.7",
163
163
  "langgraph": ">=1.2.0"
164
164
  },
165
165
  "demo_import": "paybond_kit.langgraph_sandbox_demo",
@@ -7,7 +7,7 @@
7
7
  "name": "openai-shopping-agent",
8
8
  "dependencies": {
9
9
  "@openai/agents": "^0.4.0",
10
- "@paybond/kit": "^0.11.5",
10
+ "@paybond/kit": "^0.11.7",
11
11
  "zod": "^4.2.0"
12
12
  },
13
13
  "devDependencies": {
@@ -169,9 +169,9 @@
169
169
  }
170
170
  },
171
171
  "node_modules/@paybond/kit": {
172
- "version": "0.11.5",
173
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
174
- "integrity": "sha512-Xaw0LnF/0iP7tEYqrNk/KtIjAFhBvVPezIItKeU30IZfIEnaW8iPMryw74r0IatL9uby2Ax06Icid1N5u8IaSg==",
172
+ "version": "0.11.7",
173
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.7.tgz",
174
+ "integrity": "sha512-wAVwT7CklrzUKjK+qVKbrxT88hW9xvDBg2tDUl75b2xt57kf9Bv8K0z+fdA0HTgGpJGdjuQRuYbzeSIAiWUgNA==",
175
175
  "license": "Apache-2.0",
176
176
  "dependencies": {
177
177
  "@noble/ed25519": "^2.2.1",
@@ -829,9 +829,9 @@
829
829
  }
830
830
  },
831
831
  "node_modules/iconv-lite": {
832
- "version": "0.7.2",
833
- "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.2.tgz",
834
- "integrity": "sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw==",
832
+ "version": "0.7.3",
833
+ "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.3.tgz",
834
+ "integrity": "sha512-IKXpvIzjnC9XTAUbVBcMfGS0EPaIXtW6v+zr+RRp+hqULEpo0owZax6wyRwPOJbWbzjYspQwusTsfVr0ifh4uQ==",
835
835
  "license": "MIT",
836
836
  "optional": true,
837
837
  "dependencies": {
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation commerce.checkout --requested-spend-cents 4500 --result-body '{\"status\":\"completed\",\"cost_cents\":4500}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5",
11
+ "@paybond/kit": "^0.11.7",
12
12
  "@openai/agents": "^0.4.0",
13
13
  "zod": "^4.2.0"
14
14
  },
@@ -6,7 +6,7 @@
6
6
  "": {
7
7
  "name": "paybond-aws-operator",
8
8
  "dependencies": {
9
- "@paybond/kit": "^0.11.5"
9
+ "@paybond/kit": "^0.11.7"
10
10
  },
11
11
  "devDependencies": {
12
12
  "@types/node": "^22.10.1",
@@ -47,9 +47,9 @@
47
47
  }
48
48
  },
49
49
  "node_modules/@paybond/kit": {
50
- "version": "0.11.5",
51
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
52
- "integrity": "sha512-rU45zNsuIKzkL1YhHu5q9Mg79GSoiYg5fii+Rv4jk/4y9MDQfvn+MZAUR52Uzr71z1vBkqBo3NxgSmtQDtNDew==",
50
+ "version": "0.11.7",
51
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.7.tgz",
52
+ "integrity": "sha512-wAVwT7CklrzUKjK+qVKbrxT88hW9xvDBg2tDUl75b2xt57kf9Bv8K0z+fdA0HTgGpJGdjuQRuYbzeSIAiWUgNA==",
53
53
  "license": "Apache-2.0",
54
54
  "dependencies": {
55
55
  "@noble/ed25519": "^2.2.1",
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation aws.ec2.start_instance --requested-spend-cents 12500 --result-body '{\"status\":\"completed\",\"cost_cents\":12500}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5"
11
+ "@paybond/kit": "^0.11.7"
12
12
  },
13
13
  "devDependencies": {
14
14
  "@types/node": "^22.10.1",
@@ -7,7 +7,7 @@
7
7
  "name": "paybond-claude-agents-demo",
8
8
  "dependencies": {
9
9
  "@anthropic-ai/claude-agent-sdk": "^0.2.100",
10
- "@paybond/kit": "^0.11.5",
10
+ "@paybond/kit": "^0.11.7",
11
11
  "zod": "^4.2.0"
12
12
  },
13
13
  "devDependencies": {
@@ -260,9 +260,9 @@
260
260
  }
261
261
  },
262
262
  "node_modules/@paybond/kit": {
263
- "version": "0.11.5",
264
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
265
- "integrity": "sha512-7rWc4Qn9s1ufEsL5XcqptmgYt/+kMnp+rWvLWOsG+kif9hgjPwVwq5OfEhiWFmwFxKaseBvY95KDPcHDJgmP5A==",
263
+ "version": "0.11.7",
264
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.7.tgz",
265
+ "integrity": "sha512-wAVwT7CklrzUKjK+qVKbrxT88hW9xvDBg2tDUl75b2xt57kf9Bv8K0z+fdA0HTgGpJGdjuQRuYbzeSIAiWUgNA==",
266
266
  "license": "Apache-2.0",
267
267
  "dependencies": {
268
268
  "@noble/ed25519": "^2.2.1",
@@ -875,9 +875,9 @@
875
875
  }
876
876
  },
877
877
  "node_modules/iconv-lite": {
878
- "version": "0.7.2",
879
- "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.2.tgz",
880
- "integrity": "sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw==",
878
+ "version": "0.7.3",
879
+ "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.3.tgz",
880
+ "integrity": "sha512-IKXpvIzjnC9XTAUbVBcMfGS0EPaIXtW6v+zr+RRp+hqULEpo0owZax6wyRwPOJbWbzjYspQwusTsfVr0ifh4uQ==",
881
881
  "license": "MIT",
882
882
  "dependencies": {
883
883
  "safer-buffer": ">= 2.1.2 < 3.0.0"
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation travel.book_hotel --requested-spend-cents 18700 --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5",
11
+ "@paybond/kit": "^0.11.7",
12
12
  "@anthropic-ai/claude-agent-sdk": "^0.2.100",
13
13
  "zod": "^4.2.0"
14
14
  },
@@ -1,2 +1,2 @@
1
- paybond-kit>=0.11.5
1
+ paybond-kit>=0.11.7
2
2
  langgraph>=1.2.0
@@ -6,7 +6,7 @@
6
6
  "": {
7
7
  "name": "paybond-mcp-coding-agent",
8
8
  "dependencies": {
9
- "@paybond/kit": "^0.11.5"
9
+ "@paybond/kit": "^0.11.7"
10
10
  },
11
11
  "devDependencies": {
12
12
  "@types/node": "^22.10.1",
@@ -47,9 +47,9 @@
47
47
  }
48
48
  },
49
49
  "node_modules/@paybond/kit": {
50
- "version": "0.11.5",
51
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
52
- "integrity": "sha512-2FMq8b++6AmgcICEfUzYnW3w2FqAjgbT9b0bslW0Fm9e5QNGbc7HwcXkVVzqJGqPySs4Ht8NtePrdEuliT0TXA==",
50
+ "version": "0.11.7",
51
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.7.tgz",
52
+ "integrity": "sha512-wAVwT7CklrzUKjK+qVKbrxT88hW9xvDBg2tDUl75b2xt57kf9Bv8K0z+fdA0HTgGpJGdjuQRuYbzeSIAiWUgNA==",
53
53
  "license": "Apache-2.0",
54
54
  "dependencies": {
55
55
  "@noble/ed25519": "^2.2.1",
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation deploy.preview --requested-spend-cents 500 --result-body '{\"status\":\"completed\",\"cost_cents\":500}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5"
11
+ "@paybond/kit": "^0.11.7"
12
12
  },
13
13
  "devDependencies": {
14
14
  "@types/node": "^22.10.1",
@@ -7,7 +7,7 @@
7
7
  "name": "paybond-openai-agents-demo",
8
8
  "dependencies": {
9
9
  "@openai/agents": "^0.4.0",
10
- "@paybond/kit": "^0.11.5",
10
+ "@paybond/kit": "^0.11.7",
11
11
  "zod": "^4.2.0"
12
12
  },
13
13
  "devDependencies": {
@@ -169,9 +169,9 @@
169
169
  }
170
170
  },
171
171
  "node_modules/@paybond/kit": {
172
- "version": "0.11.5",
173
- "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.5.tgz",
174
- "integrity": "sha512-zDczNvZilk/4F1GBxCrExbSItw+E0ZlSvhSVLx9HQb8p2pYnKoA7ceapxuzXPKAc46grFyj6sXTKKob7qMtDyQ==",
172
+ "version": "0.11.7",
173
+ "resolved": "https://registry.npmjs.org/@paybond/kit/-/kit-0.11.7.tgz",
174
+ "integrity": "sha512-wAVwT7CklrzUKjK+qVKbrxT88hW9xvDBg2tDUl75b2xt57kf9Bv8K0z+fdA0HTgGpJGdjuQRuYbzeSIAiWUgNA==",
175
175
  "license": "Apache-2.0",
176
176
  "dependencies": {
177
177
  "@noble/ed25519": "^2.2.1",
@@ -829,9 +829,9 @@
829
829
  }
830
830
  },
831
831
  "node_modules/iconv-lite": {
832
- "version": "0.7.2",
833
- "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.2.tgz",
834
- "integrity": "sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw==",
832
+ "version": "0.7.3",
833
+ "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.3.tgz",
834
+ "integrity": "sha512-IKXpvIzjnC9XTAUbVBcMfGS0EPaIXtW6v+zr+RRp+hqULEpo0owZax6wyRwPOJbWbzjYspQwusTsfVr0ifh4uQ==",
835
835
  "license": "MIT",
836
836
  "optional": true,
837
837
  "dependencies": {
@@ -8,7 +8,7 @@
8
8
  "smoke": "paybond agent sandbox smoke --policy-file paybond.policy.yaml --operation saas.provision_seat --requested-spend-cents 2900 --result-body '{\"status\":\"completed\",\"cost_cents\":2900}' --format json"
9
9
  },
10
10
  "dependencies": {
11
- "@paybond/kit": "^0.11.5",
11
+ "@paybond/kit": "^0.11.7",
12
12
  "@openai/agents": "^0.4.0",
13
13
  "zod": "^4.2.0"
14
14
  },