@paybond/kit 0.11.6 → 0.11.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/README.md +1 -1
  2. package/dist/cli/agent-harbor-evidence-smoke-checklist.d.ts +7 -0
  3. package/dist/cli/agent-harbor-evidence-smoke-checklist.js +23 -0
  4. package/dist/cli/agent-production-attach-smoke-checklist.d.ts +7 -0
  5. package/dist/cli/agent-production-attach-smoke-checklist.js +30 -0
  6. package/dist/cli/command-spec.js +13 -4
  7. package/dist/cli/commands/agent.d.ts +2 -0
  8. package/dist/cli/commands/agent.js +217 -4
  9. package/dist/cli/commands/setup.d.ts +11 -1
  10. package/dist/cli/commands/setup.js +42 -9
  11. package/dist/cli/help.js +2 -0
  12. package/dist/cli/http-error-message.d.ts +5 -0
  13. package/dist/cli/http-error-message.js +55 -0
  14. package/dist/cli/router.js +4 -1
  15. package/dist/cli.js +15 -1
  16. package/dist/index.d.ts +1 -1
  17. package/dist/index.js +1 -1
  18. package/dist/mcp-server.js +9 -8
  19. package/dist/payee-evidence.d.ts +9 -0
  20. package/dist/payee-evidence.js +12 -0
  21. package/package.json +1 -1
  22. package/templates/manifest.json +9 -9
  23. package/templates/openai-shopping-agent/package-lock.json +7 -7
  24. package/templates/openai-shopping-agent/package.json +1 -1
  25. package/templates/paybond-aws-operator/package-lock.json +4 -4
  26. package/templates/paybond-aws-operator/package.json +1 -1
  27. package/templates/paybond-claude-agents-demo/package-lock.json +7 -7
  28. package/templates/paybond-claude-agents-demo/package.json +1 -1
  29. package/templates/paybond-invoice-agent/requirements.txt +1 -1
  30. package/templates/paybond-mcp-coding-agent/package-lock.json +4 -4
  31. package/templates/paybond-mcp-coding-agent/package.json +1 -1
  32. package/templates/paybond-openai-agents-demo/package-lock.json +7 -7
  33. package/templates/paybond-openai-agents-demo/package.json +1 -1
  34. package/templates/paybond-procurement-agent/package-lock.json +4 -4
  35. package/templates/paybond-procurement-agent/package.json +1 -1
  36. package/templates/paybond-travel-agent/package-lock.json +7 -7
  37. package/templates/paybond-travel-agent/package.json +1 -1
  38. package/templates/paybond-vercel-shopping-agent/package-lock.json +4 -4
  39. package/templates/paybond-vercel-shopping-agent/package.json +1 -1
package/README.md CHANGED
@@ -70,7 +70,7 @@ npx -p @paybond/kit paybond agent sandbox smoke \
70
70
  --format json
71
71
  ```
72
72
 
73
- With `--policy-file`, Kit sends `completion_preset` from the tool's `evidence_preset` and omits `evidence_schema` and `template_id` (Gateway rejects conflicting bootstrap fields). Requires `@paybond/kit` 0.11.6+.
73
+ With `--policy-file`, Kit sends `completion_preset` from the tool's `evidence_preset` and omits `evidence_schema` and `template_id` (Gateway rejects conflicting bootstrap fields). Requires `@paybond/kit` 0.11.9+.
74
74
 
75
75
  `agent sandbox smoke` only requires `@paybond/kit`. Framework demo commands (`agent demo vercel-ai smoke`, etc.) load their optional peers on demand.
76
76
 
@@ -0,0 +1,7 @@
1
+ import type { GlobalOptions } from "./types.js";
2
+ /** Build human-readable harbor proxy evidence smoke checklist lines for `--format table`. */
3
+ export declare function formatAgentHarborEvidenceSmokeChecklist(options: {
4
+ intentId: string;
5
+ evidence: Record<string, unknown>;
6
+ globals: GlobalOptions;
7
+ }): string[];
@@ -0,0 +1,23 @@
1
+ import { colorize, shouldUseColor } from "./color.js";
2
+ /** Build human-readable harbor proxy evidence smoke checklist lines for `--format table`. */
3
+ export function formatAgentHarborEvidenceSmokeChecklist(options) {
4
+ const useColor = shouldUseColor(options.globals);
5
+ const mark = (line) => {
6
+ if (line.startsWith("✓") || line === "Success") {
7
+ return colorize(line, "green", useColor);
8
+ }
9
+ return line;
10
+ };
11
+ const lines = [];
12
+ const intentId = options.intentId.trim();
13
+ if (intentId) {
14
+ lines.push(mark(`✓ Intent ${intentId}`));
15
+ }
16
+ lines.push(mark("✓ POST /harbor/intents/{id}/evidence (Kit payee + recognition proof)"));
17
+ const predicatePassed = options.evidence.predicate_passed ?? options.evidence.predicatePassed;
18
+ if (predicatePassed === true) {
19
+ lines.push(mark("✓ Harbor accepted evidence (no recognition replay at upstream)"));
20
+ }
21
+ lines.push(mark("Success"));
22
+ return lines;
23
+ }
@@ -0,0 +1,7 @@
1
+ import type { GlobalOptions } from "./types.js";
2
+ /** Build human-readable production attach smoke checklist lines for `--format table`. */
3
+ export declare function formatAgentProductionAttachSmokeChecklist(options: {
4
+ bind: Record<string, unknown>;
5
+ execute: Record<string, unknown>;
6
+ globals: GlobalOptions;
7
+ }): string[];
@@ -0,0 +1,30 @@
1
+ import { colorize, shouldUseColor } from "./color.js";
2
+ /** Build human-readable production attach smoke checklist lines for `--format table`. */
3
+ export function formatAgentProductionAttachSmokeChecklist(options) {
4
+ const useColor = shouldUseColor(options.globals);
5
+ const mark = (line) => {
6
+ if (line.startsWith("✓") || line === "Success") {
7
+ return colorize(line, "green", useColor);
8
+ }
9
+ return line;
10
+ };
11
+ const lines = [];
12
+ const intentId = String(options.bind.intent_id ?? "").trim();
13
+ if (intentId) {
14
+ lines.push(mark(`✓ Production attach bound (${intentId})`));
15
+ }
16
+ const operation = String(options.bind.operation ?? "").trim();
17
+ if (operation) {
18
+ lines.push(mark(`✓ Tool call: ${operation}`));
19
+ }
20
+ const authorization = options.execute.authorization;
21
+ if (authorization?.allow) {
22
+ lines.push(mark("✓ Spend approved"));
23
+ }
24
+ const evidence = options.execute.evidence;
25
+ if (evidence?.submitted) {
26
+ lines.push(mark("✓ Harbor evidence submitted (/harbor/* + recognition)"));
27
+ }
28
+ lines.push(mark("Success"));
29
+ return lines;
30
+ }
@@ -67,6 +67,8 @@ export const COMMAND_PATHS = [
67
67
  "agent tool validate",
68
68
  "agent registry validate",
69
69
  "agent sandbox smoke",
70
+ "agent production attach smoke",
71
+ "agent harbor evidence smoke",
70
72
  "agent demo vercel-ai smoke",
71
73
  "agent demo langgraph smoke",
72
74
  "agent demo generic smoke",
@@ -341,6 +343,12 @@ export const COMMAND_EXAMPLES = {
341
343
  "paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json",
342
344
  "paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json"
343
345
  ],
346
+ "agent production attach smoke": [
347
+ "paybond agent production attach smoke --attach-intent-id <intent-id> --capability-token <token> --operation paid-tool --requested-spend-cents 100 --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json"
348
+ ],
349
+ "agent harbor evidence smoke": [
350
+ "paybond agent harbor evidence smoke --intent-id <intent-id> --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json"
351
+ ],
344
352
  "agent demo vercel-ai smoke": [
345
353
  "paybond agent demo vercel-ai smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json"
346
354
  ],
@@ -470,7 +478,8 @@ export const COMPLETIONS = {
470
478
  "run",
471
479
  "tool",
472
480
  "registry",
473
- "sandbox"
481
+ "sandbox",
482
+ "production"
474
483
  ],
475
484
  "audit": [
476
485
  "exports"
@@ -605,7 +614,7 @@ export const WORKFLOWS = [
605
614
  ];
606
615
  export const DOCS_BASE_URL = "https://docs.paybond.ai/kit";
607
616
  export const COMPLETION_SCRIPTS = {
608
- "bash": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n_paybond_completion() {\n local cur prev words cword\n COMPREPLY=()\n cur=\"${COMP_WORDS[COMP_CWORD]}\"\n prev=\"${COMP_WORDS[COMP_CWORD-1]}\"\n\n if [[ $COMP_CWORD -eq 1 ]]; then\n COMPREPLY=($(compgen -W \"onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\" -- \"$cur\"))\n return 0\n fi\n\n case \"${COMP_WORDS[1]}\" in\n init) COMPREPLY=($(compgen -W \"guardrail completion agent-middleware\" -- \"$cur\")) ;;\n mcp) COMPREPLY=($(compgen -W \"serve install verify-config tools\" -- \"$cur\")) ;;\n dev) COMPREPLY=($(compgen -W \"smoke trace loop up\" -- \"$cur\")) ;;\n config) COMPREPLY=($(compgen -W \"get set unset list\" -- \"$cur\")) ;;\n keys) COMPREPLY=($(compgen -W \"list create rotate revoke\" -- \"$cur\")) ;;\n intents) COMPREPLY=($(compgen -W \"list get create fund evidence settlement-confirm\" -- \"$cur\")) ;;\n guardrails) COMPREPLY=($(compgen -W \"bootstrap evidence\" -- \"$cur\")) ;;\n spend) COMPREPLY=($(compgen -W \"authorize\" -- \"$cur\")) ;;\n signal) COMPREPLY=($(compgen -W \"reputation portfolio fraud\" -- \"$cur\")) ;;\n receipts) COMPREPLY=($(compgen -W \"get verify\" -- \"$cur\")) ;;\n mandates) COMPREPLY=($(compgen -W \"verify import\" -- \"$cur\")) ;;\n a2a) COMPREPLY=($(compgen -W \"card contracts\" -- \"$cur\")) ;;\n policy) COMPREPLY=($(compgen -W \"init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\" -- \"$cur\")) ;;\n agent) COMPREPLY=($(compgen -W \"run tool registry sandbox\" -- \"$cur\")) ;;\n audit) COMPREPLY=($(compgen -W \"exports\" -- \"$cur\")) ;;\n completion) COMPREPLY=($(compgen -W \"bash zsh fish\" -- \"$cur\")) ;;\n init completion preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n policy preview preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n guardrails bootstrap completion-preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n *) ;;\n esac\n}\ncomplete -F _paybond_completion paybond\n",
609
- "zsh": "#compdef paybond\n# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n\n_paybond() {\n local -a commands\n commands=(\n 'onboarding' 'help' 'examples' 'completion' 'login' 'init' 'mcp' 'doctor' 'dev' 'version' 'diagnose' 'config' 'whoami' 'keys' 'intents' 'guardrails' 'spend' 'signal' 'receipts' 'mandates' 'a2a' 'policy' 'audit' 'agent'\n )\n _arguments -C \\\n '(--gateway)--gateway[Gateway base URL]:url:' \\\n '(--env-file)--env-file[Local secrets file]:path:_files' \\\n '(--format)--format[Output format]:(table json)' \\\n '(--color)--color[Color mode]:(auto always never)' \\\n '--no-color[Disable color output]' \\\n '1: :->command' \\\n '*::arg:->args'\n\n case $state in\n command)\n _describe -t commands 'paybond commands' commands\n ;;\n args)\n case $words[1] in\n 'init:subcommand:(guardrail completion agent-middleware)'\n 'mcp:subcommand:(serve install verify-config tools)'\n 'dev:subcommand:(smoke trace loop up)'\n 'config:subcommand:(get set unset list)'\n 'keys:subcommand:(list create rotate revoke)'\n 'intents:subcommand:(list get create fund evidence settlement-confirm)'\n 'guardrails:subcommand:(bootstrap evidence)'\n 'spend:subcommand:(authorize)'\n 'signal:subcommand:(reputation portfolio fraud)'\n 'receipts:subcommand:(get verify)'\n 'mandates:subcommand:(verify import)'\n 'a2a:subcommand:(card contracts)'\n 'policy:subcommand:(init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence)'\n 'agent:subcommand:(run tool registry sandbox)'\n 'audit:subcommand:(exports)'\n 'completion:subcommand:(bash zsh fish)'\n 'init completion preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n 'policy preview preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n 'guardrails bootstrap completion-preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n esac\n ;;\n esac\n}\n\ncompdef _paybond paybond\n",
610
- "fish": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\ncomplete -c paybond -f\ncomplete -c paybond -l gateway -d 'Gateway base URL'\ncomplete -c paybond -l env-file -d 'Local secrets file' -r\ncomplete -c paybond -l format -d 'Output format' -xa 'table json'\ncomplete -c paybond -l color -d 'Color mode' -xa 'auto always never'\ncomplete -c paybond -l no-color -d 'Disable color output'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'onboarding'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'help'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'examples'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'completion'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'login'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'init'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mcp'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'doctor'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'dev'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'version'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'diagnose'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'config'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'whoami'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'keys'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'intents'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'guardrails'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'spend'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'signal'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'receipts'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mandates'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'a2a'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'policy'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'audit'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'agent'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'guardrail'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'agent-middleware'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'serve'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'install'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'verify-config'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'smoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'trace'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'loop'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'up'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'set'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'unset'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'rotate'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'revoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'fund'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'settlement-confirm'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'bootstrap'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from spend' -a 'authorize'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'reputation'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'portfolio'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'fraud'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'import'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'card'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'contracts'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'init'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'templates'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'preview'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-mcp-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-x402-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'run'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'tool'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'registry'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'sandbox'\ncomplete -c paybond -n '__fish_seen_subcommand_from audit' -a 'exports'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'bash'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'zsh'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'fish'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_cost_and_completion'\n"
617
+ "bash": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n_paybond_completion() {\n local cur prev words cword\n COMPREPLY=()\n cur=\"${COMP_WORDS[COMP_CWORD]}\"\n prev=\"${COMP_WORDS[COMP_CWORD-1]}\"\n\n if [[ $COMP_CWORD -eq 1 ]]; then\n COMPREPLY=($(compgen -W \"onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\" -- \"$cur\"))\n return 0\n fi\n\n case \"${COMP_WORDS[1]}\" in\n init) COMPREPLY=($(compgen -W \"guardrail completion agent-middleware\" -- \"$cur\")) ;;\n mcp) COMPREPLY=($(compgen -W \"serve install verify-config tools\" -- \"$cur\")) ;;\n dev) COMPREPLY=($(compgen -W \"smoke trace loop up\" -- \"$cur\")) ;;\n config) COMPREPLY=($(compgen -W \"get set unset list\" -- \"$cur\")) ;;\n keys) COMPREPLY=($(compgen -W \"list create rotate revoke\" -- \"$cur\")) ;;\n intents) COMPREPLY=($(compgen -W \"list get create fund evidence settlement-confirm\" -- \"$cur\")) ;;\n guardrails) COMPREPLY=($(compgen -W \"bootstrap evidence\" -- \"$cur\")) ;;\n spend) COMPREPLY=($(compgen -W \"authorize\" -- \"$cur\")) ;;\n signal) COMPREPLY=($(compgen -W \"reputation portfolio fraud\" -- \"$cur\")) ;;\n receipts) COMPREPLY=($(compgen -W \"get verify\" -- \"$cur\")) ;;\n mandates) COMPREPLY=($(compgen -W \"verify import\" -- \"$cur\")) ;;\n a2a) COMPREPLY=($(compgen -W \"card contracts\" -- \"$cur\")) ;;\n policy) COMPREPLY=($(compgen -W \"init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\" -- \"$cur\")) ;;\n agent) COMPREPLY=($(compgen -W \"run tool registry sandbox production\" -- \"$cur\")) ;;\n audit) COMPREPLY=($(compgen -W \"exports\" -- \"$cur\")) ;;\n completion) COMPREPLY=($(compgen -W \"bash zsh fish\" -- \"$cur\")) ;;\n init completion preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n policy preview preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n guardrails bootstrap completion-preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\" -- \"$cur\")) ;;\n *) ;;\n esac\n}\ncomplete -F _paybond_completion paybond\n",
618
+ "zsh": "#compdef paybond\n# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n\n_paybond() {\n local -a commands\n commands=(\n 'onboarding' 'help' 'examples' 'completion' 'login' 'init' 'mcp' 'doctor' 'dev' 'version' 'diagnose' 'config' 'whoami' 'keys' 'intents' 'guardrails' 'spend' 'signal' 'receipts' 'mandates' 'a2a' 'policy' 'audit' 'agent'\n )\n _arguments -C \\\n '(--gateway)--gateway[Gateway base URL]:url:' \\\n '(--env-file)--env-file[Local secrets file]:path:_files' \\\n '(--format)--format[Output format]:(table json)' \\\n '(--color)--color[Color mode]:(auto always never)' \\\n '--no-color[Disable color output]' \\\n '1: :->command' \\\n '*::arg:->args'\n\n case $state in\n command)\n _describe -t commands 'paybond commands' commands\n ;;\n args)\n case $words[1] in\n 'init:subcommand:(guardrail completion agent-middleware)'\n 'mcp:subcommand:(serve install verify-config tools)'\n 'dev:subcommand:(smoke trace loop up)'\n 'config:subcommand:(get set unset list)'\n 'keys:subcommand:(list create rotate revoke)'\n 'intents:subcommand:(list get create fund evidence settlement-confirm)'\n 'guardrails:subcommand:(bootstrap evidence)'\n 'spend:subcommand:(authorize)'\n 'signal:subcommand:(reputation portfolio fraud)'\n 'receipts:subcommand:(get verify)'\n 'mandates:subcommand:(verify import)'\n 'a2a:subcommand:(card contracts)'\n 'policy:subcommand:(init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence)'\n 'agent:subcommand:(run tool registry sandbox production)'\n 'audit:subcommand:(exports)'\n 'completion:subcommand:(bash zsh fish)'\n 'init completion preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n 'policy preview preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n 'guardrails bootstrap completion-preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion)'\n esac\n ;;\n esac\n}\n\ncompdef _paybond paybond\n",
619
+ "fish": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion\ncomplete -c paybond -f\ncomplete -c paybond -l gateway -d 'Gateway base URL'\ncomplete -c paybond -l env-file -d 'Local secrets file' -r\ncomplete -c paybond -l format -d 'Output format' -xa 'table json'\ncomplete -c paybond -l color -d 'Color mode' -xa 'auto always never'\ncomplete -c paybond -l no-color -d 'Disable color output'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'onboarding'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'help'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'examples'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'completion'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'login'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'init'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mcp'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'doctor'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'dev'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'version'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'diagnose'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'config'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'whoami'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'keys'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'intents'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'guardrails'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'spend'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'signal'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'receipts'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mandates'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'a2a'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'policy'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'audit'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'agent'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'guardrail'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'agent-middleware'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'serve'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'install'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'verify-config'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'smoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'trace'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'loop'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'up'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'set'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'unset'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'rotate'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'revoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'fund'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'settlement-confirm'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'bootstrap'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from spend' -a 'authorize'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'reputation'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'portfolio'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'fraud'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'import'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'card'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'contracts'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'init'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'templates'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'preview'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-mcp-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-x402-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'run'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'tool'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'registry'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'sandbox'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'production'\ncomplete -c paybond -n '__fish_seen_subcommand_from audit' -a 'exports'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'bash'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'zsh'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'fish'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_cost_and_completion'\n"
611
620
  };
@@ -8,6 +8,8 @@ export declare function handleAgentToolExecute(ctx: CliContext, argv: string[]):
8
8
  export declare function handleAgentToolValidate(ctx: CliContext, argv: string[]): Promise<CommandResult>;
9
9
  export declare function handleAgentRegistryValidate(ctx: CliContext, argv: string[]): Promise<CommandResult>;
10
10
  export declare function handleAgentSandboxSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
11
+ export declare function handleAgentHarborEvidenceSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
12
+ export declare function handleAgentProductionAttachSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
11
13
  export declare function handleAgentDemoVercelAiSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
12
14
  export declare function handleAgentDemoLanggraphSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
13
15
  export declare function handleAgentDemoGenericSmoke(ctx: CliContext, argv: string[]): Promise<CommandResult>;
@@ -2,14 +2,18 @@ import { resolve } from "node:path";
2
2
  import { readFile } from "node:fs/promises";
3
3
  import { PaybondAgentRun } from "../../agent/run.js";
4
4
  import { PaybondAutoEvidenceSubmitError, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, } from "../../agent/types.js";
5
+ import { resolveCliGatewayErrorMessage } from "../http-error-message.js";
5
6
  import { runGenericSandboxDemo } from "../../agent/generic-sandbox-demo.js";
6
7
  import { loadRunClaudeAgentsSandboxDemo, loadRunLangGraphSandboxDemo, loadRunOpenAIAgentsSandboxDemo, loadRunVercelAiSandboxDemo, } from "../agent/demo-loaders.js";
7
8
  import { buildSmokeRegistry, loadAgentRegistryFile, validateAgentRegistryDocument, } from "../../agent/registry-file.js";
8
9
  import { createPaybondToolRegistry } from "../../agent/registry.js";
9
10
  import { devTraceStepsFromEvents, devTraceUrl, findDevTraceEventForRun, resolveDevTraceSink, recordSmokeTraceEvent, } from "../../dev/trace-buffer.js";
10
- import { PaybondSpendApprovalRequiredError, PaybondSpendDeniedError, } from "../../index.js";
11
+ import { PaybondSpendApprovalRequiredError, PaybondSpendDeniedError, signHarborEvidenceSubmitRecognitionProof, signPayeeEvidenceBinding, } from "../../index.js";
11
12
  import { readJsonBody } from "../automation.js";
12
13
  import { formatAgentSandboxSmokeChecklist } from "../agent-sandbox-smoke-checklist.js";
14
+ import { formatAgentProductionAttachSmokeChecklist } from "../agent-production-attach-smoke-checklist.js";
15
+ import { formatAgentHarborEvidenceSmokeChecklist } from "../agent-harbor-evidence-smoke-checklist.js";
16
+ import { PAYBOND_ATTACH_INTENT_ID_ENV, PAYBOND_CAPABILITY_TOKEN_ENV, } from "../../agent/attach-bundle.js";
13
17
  import { appendSmokeDeepLinkChecklistLines, buildAgentSandboxSmokeDeepLinks, } from "../smoke-deep-links.js";
14
18
  import { appendAgentRunEnvVars } from "../agent/env-write.js";
15
19
  import { productionEvidenceToPersisted, resolveProductionEvidenceForReattach, resolveProductionEvidenceFromCli, } from "../agent/production-evidence.js";
@@ -257,6 +261,7 @@ export async function handleAgentRunBind(ctx, argv) {
257
261
  let policySnapshot;
258
262
  let resolvedOperation = operationFlag.value?.trim() ?? "";
259
263
  let resolvedCompletionPreset = presetFlag.value?.trim();
264
+ let attachSmokeCompletionPreset;
260
265
  if (policyFlag.value) {
261
266
  try {
262
267
  const resolved = await resolveAgentPolicyBind({
@@ -302,6 +307,13 @@ export async function handleAgentRunBind(ctx, argv) {
302
307
  registry = buildSmokeRegistry(operationFlag.value, preset);
303
308
  defaultDeny = true;
304
309
  }
310
+ else if (operationFlag.value?.trim() && !registryFlag.value) {
311
+ const preset = presetFlag.value?.trim() || "cost_and_completion";
312
+ registry = buildSmokeRegistry(operationFlag.value.trim(), preset);
313
+ defaultDeny = true;
314
+ resolvedOperation = operationFlag.value.trim();
315
+ attachSmokeCompletionPreset = preset;
316
+ }
305
317
  else {
306
318
  registry = createPaybondToolRegistry({ defaultDeny: false, sideEffecting: {} });
307
319
  }
@@ -400,7 +412,9 @@ export async function handleAgentRunBind(ctx, argv) {
400
412
  sandbox: Boolean(sandbox),
401
413
  sandbox_lifecycle_status: sandbox?.sandboxLifecycleStatus,
402
414
  requested_spend_cents: sandbox?.requestedSpendCents,
403
- completion_preset: resolvedCompletionPreset || (!registryPath && !policyPath && !hasAttach ? "cost_and_completion" : undefined),
415
+ completion_preset: resolvedCompletionPreset ||
416
+ attachSmokeCompletionPreset ||
417
+ (!registryPath && !policyPath && !hasAttach ? "cost_and_completion" : undefined),
404
418
  registry_file: registryPath ?? policyPath,
405
419
  default_deny: defaultDeny,
406
420
  policy_digest: run.policyDigest,
@@ -412,7 +426,9 @@ export async function handleAgentRunBind(ctx, argv) {
412
426
  created_at: new Date().toISOString(),
413
427
  });
414
428
  registerGatewayAgentRun(session.paybond, run, {
415
- completionPreset: resolvedCompletionPreset || (!registryPath && !policyPath && !hasAttach ? "cost_and_completion" : undefined),
429
+ completionPreset: resolvedCompletionPreset ||
430
+ attachSmokeCompletionPreset ||
431
+ (!registryPath && !policyPath && !hasAttach ? "cost_and_completion" : undefined),
416
432
  });
417
433
  if (writeEnvFlag.present) {
418
434
  const envFile = envOutFlag.value ?? ctx.globals.envFile;
@@ -813,6 +829,185 @@ export async function handleAgentSandboxSmoke(ctx, argv) {
813
829
  throw err;
814
830
  }
815
831
  }
832
+ function nowRfc3339Seconds() {
833
+ return new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
834
+ }
835
+ export async function handleAgentHarborEvidenceSmoke(ctx, argv) {
836
+ const intentFlag = consumeFlag(argv, "--intent-id");
837
+ const payeeDidFlag = consumeFlag(intentFlag.rest, "--payee-did");
838
+ const payeeSeedFlag = consumeFlag(payeeDidFlag.rest, "--payee-signing-seed-hex");
839
+ const recognitionKeyFlag = consumeFlag(payeeSeedFlag.rest, "--agent-recognition-key-id");
840
+ const recognitionSeedFlag = consumeFlag(recognitionKeyFlag.rest, "--agent-recognition-signing-seed-hex");
841
+ const idempotencyFlag = consumeFlag(recognitionSeedFlag.rest, "--idempotency-key");
842
+ const intentId = intentFlag.value?.trim() ||
843
+ process.env[PAYBOND_ATTACH_INTENT_ID_ENV]?.trim() ||
844
+ process.env.PAYBOND_HARBOR_EVIDENCE_INTENT_ID?.trim();
845
+ if (!intentId) {
846
+ throw agentCliError("agent harbor evidence smoke requires --intent-id (or PAYBOND_ATTACH_INTENT_ID / PAYBOND_HARBOR_EVIDENCE_INTENT_ID)", { code: "cli.usage.missing_args", category: "usage" });
847
+ }
848
+ const resultParsed = await parseInlineJson(idempotencyFlag.rest, "--result-body", "--result-file");
849
+ const payload = resultParsed.payload;
850
+ if (Object.keys(payload).length === 0) {
851
+ throw agentCliError("agent harbor evidence smoke requires --result-body or --result-file", { code: "cli.usage.missing_args", category: "usage" });
852
+ }
853
+ return withPaybondAgentCli(ctx, true, async (session) => {
854
+ const productionEvidence = await resolveProductionEvidenceFromCli({
855
+ cwd: ctx.cwd,
856
+ envFile: ctx.globals.envFile,
857
+ payeeDid: payeeDidFlag.value,
858
+ payeeSigningSeedHex: payeeSeedFlag.value,
859
+ agentRecognitionKeyId: recognitionKeyFlag.value,
860
+ agentRecognitionSigningSeedHex: recognitionSeedFlag.value,
861
+ });
862
+ const tenantId = session.paybond.harbor.tenantId;
863
+ const submittedAtRfc3339 = nowRfc3339Seconds();
864
+ const wire = signPayeeEvidenceBinding({
865
+ tenantId,
866
+ intentId,
867
+ payeeDid: productionEvidence.payeeDid,
868
+ payload,
869
+ artifactsBlake3Hex: [],
870
+ submittedAtRfc3339,
871
+ payeeSigningSeed: productionEvidence.payeeSigningSeed,
872
+ });
873
+ const recognitionProof = signHarborEvidenceSubmitRecognitionProof({
874
+ tenantId,
875
+ intentId,
876
+ evidenceBody: wire,
877
+ keyId: productionEvidence.agentRecognitionKeyId,
878
+ signingSeed: productionEvidence.agentRecognitionSigningSeed,
879
+ });
880
+ const evidence = await session.paybond.harbor.submitEvidence(intentId, wire, {
881
+ idempotencyKey: idempotencyFlag.value?.trim(),
882
+ recognitionProof,
883
+ });
884
+ const evidenceRecord = evidence;
885
+ const checklistLines = formatAgentHarborEvidenceSmokeChecklist({
886
+ intentId,
887
+ evidence: evidenceRecord,
888
+ globals: ctx.globals,
889
+ });
890
+ return {
891
+ data: {
892
+ intent_id: intentId,
893
+ harbor_path: `/harbor/intents/${intentId}/evidence`,
894
+ evidence: evidenceRecord,
895
+ checklist_lines: checklistLines,
896
+ },
897
+ warnings: session.warnings,
898
+ };
899
+ });
900
+ }
901
+ export async function handleAgentProductionAttachSmoke(ctx, argv) {
902
+ const attachIntentFlag = consumeFlag(argv, "--attach-intent-id");
903
+ const capabilityFlag = consumeFlag(attachIntentFlag.rest, "--capability-token");
904
+ const operationFlag = consumeFlag(capabilityFlag.rest, "--operation");
905
+ const spendFlag = consumeFlag(operationFlag.rest, "--requested-spend-cents");
906
+ const policyFlag = consumeFlag(spendFlag.rest, "--policy-file");
907
+ const payeeDidFlag = consumeFlag(policyFlag.rest, "--payee-did");
908
+ const payeeSeedFlag = consumeFlag(payeeDidFlag.rest, "--payee-signing-seed-hex");
909
+ const recognitionKeyFlag = consumeFlag(payeeSeedFlag.rest, "--agent-recognition-key-id");
910
+ const recognitionSeedFlag = consumeFlag(recognitionKeyFlag.rest, "--agent-recognition-signing-seed-hex");
911
+ const attachIntentId = attachIntentFlag.value?.trim() ||
912
+ process.env[PAYBOND_ATTACH_INTENT_ID_ENV]?.trim();
913
+ const capabilityToken = capabilityFlag.value?.trim() ||
914
+ process.env[PAYBOND_CAPABILITY_TOKEN_ENV]?.trim();
915
+ if (!attachIntentId || !capabilityToken) {
916
+ throw agentCliError("agent production attach smoke requires --attach-intent-id and --capability-token (or PAYBOND_ATTACH_INTENT_ID and PAYBOND_CAPABILITY_TOKEN)", { code: "cli.usage.missing_args", category: "usage" });
917
+ }
918
+ const resolvedOperation = operationFlag.value?.trim();
919
+ if (!resolvedOperation) {
920
+ throw agentCliError("agent production attach smoke requires --operation", { code: "cli.usage.missing_args", category: "usage" });
921
+ }
922
+ const resultParsed = await parseInlineJson(recognitionSeedFlag.rest, "--result-body", "--result-file");
923
+ const resultBody = resultParsed.payload;
924
+ if (Object.keys(resultBody).length === 0) {
925
+ throw agentCliError("agent production attach smoke requires --result-body or --result-file", { code: "cli.usage.missing_args", category: "usage" });
926
+ }
927
+ const bindArgv = [
928
+ "--production",
929
+ "--attach-intent-id",
930
+ attachIntentId,
931
+ "--capability-token",
932
+ capabilityToken,
933
+ "--operation",
934
+ resolvedOperation,
935
+ ];
936
+ if (spendFlag.value?.trim()) {
937
+ bindArgv.push("--requested-spend-cents", spendFlag.value.trim());
938
+ }
939
+ if (policyFlag.value?.trim()) {
940
+ bindArgv.push("--policy-file", policyFlag.value.trim());
941
+ }
942
+ if (payeeDidFlag.value?.trim()) {
943
+ bindArgv.push("--payee-did", payeeDidFlag.value.trim());
944
+ }
945
+ if (payeeSeedFlag.value?.trim()) {
946
+ bindArgv.push("--payee-signing-seed-hex", payeeSeedFlag.value.trim());
947
+ }
948
+ if (recognitionKeyFlag.value?.trim()) {
949
+ bindArgv.push("--agent-recognition-key-id", recognitionKeyFlag.value.trim());
950
+ }
951
+ if (recognitionSeedFlag.value?.trim()) {
952
+ bindArgv.push("--agent-recognition-signing-seed-hex", recognitionSeedFlag.value.trim());
953
+ }
954
+ const bindResult = await handleAgentRunBind(ctx, bindArgv);
955
+ const runId = String(bindResult.data.run_id ?? "");
956
+ const storedForExecute = await loadAgentRunContext(ctx.cwd, runId);
957
+ const executeArgv = [
958
+ "--production",
959
+ "--run-id",
960
+ runId,
961
+ "--operation",
962
+ resolvedOperation,
963
+ "--tool-call-id",
964
+ "prod-attach-smoke-1",
965
+ "--result-body",
966
+ JSON.stringify(resultBody),
967
+ ];
968
+ if (storedForExecute.requested_spend_cents != null) {
969
+ executeArgv.push("--requested-spend-cents", String(storedForExecute.requested_spend_cents));
970
+ }
971
+ else if (spendFlag.value?.trim()) {
972
+ executeArgv.push("--requested-spend-cents", spendFlag.value.trim());
973
+ }
974
+ if (payeeSeedFlag.value?.trim()) {
975
+ executeArgv.push("--payee-signing-seed-hex", payeeSeedFlag.value.trim());
976
+ }
977
+ if (recognitionSeedFlag.value?.trim()) {
978
+ executeArgv.push("--agent-recognition-signing-seed-hex", recognitionSeedFlag.value.trim());
979
+ }
980
+ try {
981
+ const executeResult = await handleAgentToolExecute(ctx, executeArgv);
982
+ const checklistLines = formatAgentProductionAttachSmokeChecklist({
983
+ bind: bindResult.data,
984
+ execute: executeResult.data,
985
+ globals: ctx.globals,
986
+ });
987
+ return {
988
+ data: {
989
+ bind: bindResult.data,
990
+ execute: executeResult.data,
991
+ checklist_lines: checklistLines,
992
+ },
993
+ warnings: bindResult.warnings,
994
+ };
995
+ }
996
+ catch (err) {
997
+ if (err instanceof CliError) {
998
+ throw new CliError(err.message, {
999
+ category: err.category,
1000
+ code: err.code,
1001
+ exitCode: err.exitCode,
1002
+ details: {
1003
+ ...(err.details ?? {}),
1004
+ bind: bindResult.data,
1005
+ },
1006
+ });
1007
+ }
1008
+ throw err;
1009
+ }
1010
+ }
816
1011
  export async function handleAgentDemoVercelAiSmoke(ctx, argv) {
817
1012
  const productionFlag = consumeBooleanFlag(argv, "--production");
818
1013
  const operationFlag = consumeFlag(productionFlag.rest, "--operation");
@@ -1044,7 +1239,7 @@ function mapToolExecuteError(err, partial) {
1044
1239
  });
1045
1240
  }
1046
1241
  if (err instanceof PaybondAutoEvidenceSubmitError) {
1047
- return agentCliError(err.message, {
1242
+ return agentCliError(resolveCliGatewayErrorMessage(err), {
1048
1243
  code: "cli.agent.evidence_failed",
1049
1244
  exitCode: 5,
1050
1245
  category: "gateway",
@@ -1093,6 +1288,24 @@ export async function handleAgent(ctx, group, subcommand, argv) {
1093
1288
  if (group === "sandbox" && subcommand === "smoke") {
1094
1289
  return handleAgentSandboxSmoke(ctx, argv);
1095
1290
  }
1291
+ if (group === "production" && subcommand === "attach") {
1292
+ if (argv[0] !== "smoke") {
1293
+ throw agentCliError("agent production attach requires smoke subcommand", {
1294
+ code: "cli.usage.unknown_command",
1295
+ category: "usage",
1296
+ });
1297
+ }
1298
+ return handleAgentProductionAttachSmoke(ctx, argv.slice(1));
1299
+ }
1300
+ if (group === "harbor" && subcommand === "evidence") {
1301
+ if (argv[0] !== "smoke") {
1302
+ throw agentCliError("agent harbor evidence requires smoke subcommand", {
1303
+ code: "cli.usage.unknown_command",
1304
+ category: "usage",
1305
+ });
1306
+ }
1307
+ return handleAgentHarborEvidenceSmoke(ctx, argv.slice(1));
1308
+ }
1096
1309
  if (group === "demo" && subcommand === "vercel-ai") {
1097
1310
  if (argv[0] !== "smoke") {
1098
1311
  throw agentCliError("agent demo vercel-ai requires smoke subcommand", {
@@ -6,7 +6,17 @@ export declare function handleInitWizard(ctx: CliContext, argv: string[]): Promi
6
6
  export declare function handleInitGuardrail(ctx: CliContext, argv: string[]): Promise<CommandResult>;
7
7
  export declare function handleInitAgentMiddleware(ctx: CliContext, argv: string[]): Promise<CommandResult>;
8
8
  export declare function handleInitCompletion(ctx: CliContext, argv: string[]): Promise<CommandResult>;
9
- export declare function handleMcpServe(ctx: CliContext, argv: string[]): Promise<CommandResult>;
9
+ export declare function mcpServeArgvMatches(argv: string[]): boolean;
10
+ /** Run the blocking MCP stdio server. Must not run through the async CLI dispatcher. */
11
+ export declare function runMcpServeCommandSync(argv: string[], writers: {
12
+ stdout: {
13
+ write(chunk: string): boolean;
14
+ };
15
+ stderr: {
16
+ write(chunk: string): boolean;
17
+ };
18
+ }): number;
19
+ export declare function handleMcpServe(_ctx: CliContext, _argv: string[]): Promise<CommandResult>;
10
20
  export declare function handleMcpTools(ctx: CliContext): Promise<CommandResult>;
11
21
  export declare function handleMcpInstall(ctx: CliContext, argv: string[]): Promise<CommandResult>;
12
22
  export declare function handleMcpVerifyConfig(ctx: CliContext, argv: string[]): Promise<CommandResult>;
@@ -7,7 +7,8 @@ import { assertApiKeyShape, resolveApiKey, resolvedDefaultsForDoctor } from "../
7
7
  import { runAgentMiddlewareDoctorCheck } from "../doctor-agent-middleware.js";
8
8
  import { packageVersion, runAgentMcpChecks } from "../doctor-agent.js";
9
9
  import { runCompletionCatalogDoctorChecks } from "../../doctor-completion.js";
10
- import { consumeBooleanFlag, consumeFlag } from "../globals.js";
10
+ import { consumeBooleanFlag, consumeFlag, parseCliArgv } from "../globals.js";
11
+ import { helpForCommand } from "../help.js";
11
12
  import { maskApiKey, redactConfigValue } from "../redact.js";
12
13
  import { mergeMcpToolPolicy, parseMcpToolAllowlist, parseMcpToolPolicy, resolveMcpToolPolicy, } from "../mcp-policy.js";
13
14
  import { parseMcpInstallFormat, parseMcpInstallHost, parseMcpInstallScope, planMcpInstall, } from "../mcp-install.js";
@@ -197,16 +198,48 @@ export async function handleInitCompletion(ctx, argv) {
197
198
  },
198
199
  };
199
200
  }
200
- export async function handleMcpServe(ctx, argv) {
201
- if (argv.length > 0 && argv[0] !== "--help" && argv[0] !== "-h") {
202
- throw new CliError(`unexpected arguments: ${argv.join(" ")}`, { category: "usage", code: "cli.usage.unexpected_args" });
201
+ export function mcpServeArgvMatches(argv) {
202
+ try {
203
+ const { command } = parseCliArgv(argv);
204
+ return command.length >= 2 && command[0] === "mcp" && command[1] === "serve";
203
205
  }
204
- ctx.stderr.write("Starting Paybond MCP stdio server (stdout is reserved for MCP JSON-RPC).\n");
205
- const code = runMcpServerMain([]);
206
- if (code !== 0) {
207
- throw new CliError("mcp serve failed", { category: "internal", code: "cli.mcp.serve_failed", exitCode: code });
206
+ catch {
207
+ return false;
208
+ }
209
+ }
210
+ function isMcpServeHelpCommand(command) {
211
+ return command.length === 0 || command.includes("--help") || command.includes("-h");
212
+ }
213
+ /** Run the blocking MCP stdio server. Must not run through the async CLI dispatcher. */
214
+ export function runMcpServeCommandSync(argv, writers) {
215
+ let command;
216
+ try {
217
+ ({ command } = parseCliArgv(argv));
208
218
  }
209
- return { data: { started: true } };
219
+ catch (err) {
220
+ const message = err instanceof CliError ? err.message : String(err);
221
+ writers.stderr.write(`${message}\n`);
222
+ return err instanceof CliError ? err.exitCode : 1;
223
+ }
224
+ if (isMcpServeHelpCommand(command)) {
225
+ const helpPath = command.filter((part) => part !== "--help" && part !== "-h").join(" ") || "mcp serve";
226
+ writers.stdout.write(`${helpForCommand(helpPath)}\n`);
227
+ return 0;
228
+ }
229
+ const rest = command.slice(2);
230
+ if (rest.length > 0 && rest[0] !== "--help" && rest[0] !== "-h") {
231
+ writers.stderr.write(`unexpected arguments: ${rest.join(" ")}\n`);
232
+ return 2;
233
+ }
234
+ writers.stderr.write("Starting Paybond MCP stdio server (stdout is reserved for MCP JSON-RPC).\n");
235
+ const code = runMcpServerMain([]);
236
+ return code;
237
+ }
238
+ export async function handleMcpServe(_ctx, _argv) {
239
+ throw new CliError("mcp serve must run via the sync CLI entrypoint (not the async dispatcher)", {
240
+ category: "internal",
241
+ code: "cli.mcp.serve_async_forbidden",
242
+ });
210
243
  }
211
244
  export async function handleMcpTools(ctx) {
212
245
  const server = new PaybondMCPServer({ gatewayBaseUrl: ctx.globals.gateway, apiKey: "paybond_sk_sandbox_redacted_redacted_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" });
package/dist/cli/help.js CHANGED
@@ -68,6 +68,8 @@ export const COMMAND_HELP = {
68
68
  "agent tool validate": "Usage: paybond agent tool validate --run-id <id> --operation <name> [--requested-spend-cents <n>] [--arguments <json>]\n\nAuthorize-only dry run (no execute, no evidence). Useful for agents checking budget before side effects.\n\nExamples:\n $ paybond agent tool validate --run-id run-123 --operation travel.book_hotel --requested-spend-cents 18700 --format json\n\nDocs: https://docs.paybond.ai/kit/agent-middleware",
69
69
  "agent registry validate": "Usage: paybond agent registry validate --file <path>\n\nValidate a registry YAML/JSON file before bind (evidence_preset required on side-effecting tools).\n\nExamples:\n $ paybond agent registry validate --file ./paybond.agent.registry.yaml --format json\n\nDocs: https://docs.paybond.ai/kit/agent-middleware",
70
70
  "agent sandbox smoke": "Usage: paybond agent sandbox smoke [--production] [--preset <id> | --policy-file <path> [--operation <name>] [--requested-spend-cents <n>]] | (--operation <name> --requested-spend-cents <n> --evidence-preset <id>) --result-body <json>|--result-file <path>\n\nOne-shot end-to-end sandbox lifecycle: bind, tool execute, combined result. With --policy-file, completion_preset is derived from each tool's evidence_preset in YAML — do not pass --evidence-preset (Gateway rejects conflicting bootstrap fields).\n\nExamples:\n $ paybond agent sandbox smoke --preset travel --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent",
71
+ "agent production attach smoke": "Usage: paybond agent production attach smoke --attach-intent-id <id> --capability-token <token> --operation <name> [--requested-spend-cents <n>] [--policy-file <path>] [--payee-did <did> --payee-signing-seed-hex <hex> --agent-recognition-key-id <id> --agent-recognition-signing-seed-hex <hex>] --result-body <json>|--result-file <path>\n\nOne-shot production attach lifecycle against live /harbor/* with agent recognition proofs: bind an existing funded intent, execute a guarded tool, and submit Kit-signed payee evidence. Requires production credentials (flags or PAYBOND_ATTACH_INTENT_ID, PAYBOND_CAPABILITY_TOKEN, APP_PAYEE_*, APP_AGENT_RECOGNITION_*). Not a substitute for sandbox smoke — run in staging before production attach rollouts.\n\nExamples:\n $ paybond agent production attach smoke --attach-intent-id <intent-id> --capability-token <token> --operation paid-tool --requested-spend-cents 100 --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n\nDocs: https://docs.paybond.ai/kit/production-attach",
72
+ "agent harbor evidence smoke": "Usage: paybond agent harbor evidence smoke --intent-id <id> [--payee-did <did> --payee-signing-seed-hex <hex> --agent-recognition-key-id <id> --agent-recognition-signing-seed-hex <hex>] [--idempotency-key <key>] --result-body <json>|--result-file <path>\n\nSingle POST /harbor/intents/{id}/evidence with Kit-signed payee evidence and agent recognition proof. Use in staging with Harbor SEC-003 enforcement on to confirm gateway proxy + Harbor nonce semantics (no double-claim replay). Requires a funded intent not yet in evidence_submitted state.\n\nExamples:\n $ paybond agent harbor evidence smoke --intent-id <intent-id> --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n\nDocs: https://docs.paybond.ai/kit/production-attach",
71
73
  "agent demo vercel-ai smoke": "Usage: paybond agent demo vercel-ai smoke [--production] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM Vercel AI SDK sandbox demo: toolApproval, wrapped execute, and auto-evidence via MockLanguageModelV4.\n\nExamples:\n $ paybond agent demo vercel-ai smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/vercel-ai",
72
74
  "agent demo langgraph smoke": "Usage: paybond agent demo langgraph smoke [--production] [--runtime typescript|python] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM LangGraph sandbox demo: ToolNode interceptor, authorize, execute, and auto-evidence.\n\nExamples:\n $ paybond agent demo langgraph smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/langgraph",
73
75
  "agent demo generic smoke": "Usage: paybond agent demo generic smoke [--production] [--runtime typescript|python] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM agent-agnostic sandbox demo: createPaybondGenericAgentConfig, wrapped execute, and auto-evidence.\n\nExamples:\n $ paybond agent demo generic smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/agent-agnostic",