@paybond/kit 0.12.3 → 0.12.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -59,6 +59,8 @@ export const COMMAND_PATHS = [
59
59
  "guardrails bootstrap",
60
60
  "guardrails evidence",
61
61
  "spend authorize",
62
+ "spend budget-remaining",
63
+ "spend explain-policy",
62
64
  "signal reputation",
63
65
  "signal portfolio",
64
66
  "signal fraud",
@@ -335,6 +337,12 @@ export const COMMAND_EXAMPLES = {
335
337
  "spend authorize": [
336
338
  "paybond spend authorize --intent-id intent-123 --token cap --operation paid-tool"
337
339
  ],
340
+ "spend budget-remaining": [
341
+ "paybond spend budget-remaining --intent-id 550e8400-e29b-41d4-a716-446655440000 --operation paid-tool --requested-spend-cents 100 --format json"
342
+ ],
343
+ "spend explain-policy": [
344
+ "paybond spend explain-policy --intent-id 550e8400-e29b-41d4-a716-446655440000 --operation paid-tool --requested-spend-cents 75000 --format json"
345
+ ],
338
346
  "signal reputation": [
339
347
  "paybond signal reputation --did did:example:alice"
340
348
  ],
@@ -516,7 +524,9 @@ export const COMPLETIONS = {
516
524
  "evidence"
517
525
  ],
518
526
  "spend": [
519
- "authorize"
527
+ "authorize",
528
+ "budget-remaining",
529
+ "explain-policy"
520
530
  ],
521
531
  "signal": [
522
532
  "reputation",
@@ -696,7 +706,7 @@ export const WORKFLOWS = [
696
706
  ];
697
707
  export const DOCS_BASE_URL = "https://docs.paybond.ai/kit";
698
708
  export const COMPLETION_SCRIPTS = {
699
- "bash": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n_paybond_completion() {\n local cur prev words cword\n COMPREPLY=()\n cur=\"${COMP_WORDS[COMP_CWORD]}\"\n prev=\"${COMP_WORDS[COMP_CWORD-1]}\"\n\n if [[ $COMP_CWORD -eq 1 ]]; then\n COMPREPLY=($(compgen -W \"onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\" -- \"$cur\"))\n return 0\n fi\n\n case \"${COMP_WORDS[1]}\" in\n init) COMPREPLY=($(compgen -W \"guardrail completion agent-middleware\" -- \"$cur\")) ;;\n mcp) COMPREPLY=($(compgen -W \"serve install verify-config tools\" -- \"$cur\")) ;;\n dev) COMPREPLY=($(compgen -W \"smoke trace loop up\" -- \"$cur\")) ;;\n config) COMPREPLY=($(compgen -W \"get set unset list\" -- \"$cur\")) ;;\n keys) COMPREPLY=($(compgen -W \"list create rotate revoke\" -- \"$cur\")) ;;\n intents) COMPREPLY=($(compgen -W \"list get create fund evidence settlement-confirm\" -- \"$cur\")) ;;\n guardrails) COMPREPLY=($(compgen -W \"bootstrap evidence\" -- \"$cur\")) ;;\n spend) COMPREPLY=($(compgen -W \"authorize\" -- \"$cur\")) ;;\n signal) COMPREPLY=($(compgen -W \"reputation portfolio fraud\" -- \"$cur\")) ;;\n receipts) COMPREPLY=($(compgen -W \"get verify\" -- \"$cur\")) ;;\n mandates) COMPREPLY=($(compgen -W \"verify import\" -- \"$cur\")) ;;\n a2a) COMPREPLY=($(compgen -W \"card contracts\" -- \"$cur\")) ;;\n policy) COMPREPLY=($(compgen -W \"init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\" -- \"$cur\")) ;;\n agent) COMPREPLY=($(compgen -W \"run tool registry sandbox production\" -- \"$cur\")) ;;\n audit) COMPREPLY=($(compgen -W \"exports\" -- \"$cur\")) ;;\n completion) COMPREPLY=($(compgen -W \"bash zsh fish\" -- \"$cur\")) ;;\n init completion preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\" -- \"$cur\")) ;;\n policy preview preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\" -- \"$cur\")) ;;\n guardrails bootstrap completion-preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\" -- \"$cur\")) ;;\n *) ;;\n esac\n}\ncomplete -F _paybond_completion paybond\n",
700
- "zsh": "#compdef paybond\n# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n\n_paybond() {\n local -a commands\n commands=(\n 'onboarding' 'help' 'examples' 'completion' 'login' 'init' 'mcp' 'doctor' 'dev' 'version' 'diagnose' 'config' 'whoami' 'keys' 'intents' 'guardrails' 'spend' 'signal' 'receipts' 'mandates' 'a2a' 'policy' 'audit' 'agent'\n )\n _arguments -C \\\n '(--gateway)--gateway[Gateway base URL]:url:' \\\n '(--env-file)--env-file[Local secrets file]:path:_files' \\\n '(--format)--format[Output format]:(table json)' \\\n '(--color)--color[Color mode]:(auto always never)' \\\n '--no-color[Disable color output]' \\\n '1: :->command' \\\n '*::arg:->args'\n\n case $state in\n command)\n _describe -t commands 'paybond commands' commands\n ;;\n args)\n case $words[1] in\n 'init:subcommand:(guardrail completion agent-middleware)'\n 'mcp:subcommand:(serve install verify-config tools)'\n 'dev:subcommand:(smoke trace loop up)'\n 'config:subcommand:(get set unset list)'\n 'keys:subcommand:(list create rotate revoke)'\n 'intents:subcommand:(list get create fund evidence settlement-confirm)'\n 'guardrails:subcommand:(bootstrap evidence)'\n 'spend:subcommand:(authorize)'\n 'signal:subcommand:(reputation portfolio fraud)'\n 'receipts:subcommand:(get verify)'\n 'mandates:subcommand:(verify import)'\n 'a2a:subcommand:(card contracts)'\n 'policy:subcommand:(init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence)'\n 'agent:subcommand:(run tool registry sandbox production)'\n 'audit:subcommand:(exports)'\n 'completion:subcommand:(bash zsh fish)'\n 'init completion preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed)'\n 'policy preview preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed)'\n 'guardrails bootstrap completion-preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed)'\n esac\n ;;\n esac\n}\n\ncompdef _paybond paybond\n",
701
- "fish": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\ncomplete -c paybond -f\ncomplete -c paybond -l gateway -d 'Gateway base URL'\ncomplete -c paybond -l env-file -d 'Local secrets file' -r\ncomplete -c paybond -l format -d 'Output format' -xa 'table json'\ncomplete -c paybond -l color -d 'Color mode' -xa 'auto always never'\ncomplete -c paybond -l no-color -d 'Disable color output'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'onboarding'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'help'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'examples'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'completion'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'login'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'init'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mcp'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'doctor'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'dev'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'version'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'diagnose'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'config'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'whoami'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'keys'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'intents'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'guardrails'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'spend'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'signal'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'receipts'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mandates'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'a2a'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'policy'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'audit'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'agent'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'guardrail'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'agent-middleware'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'serve'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'install'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'verify-config'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'smoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'trace'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'loop'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'up'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'set'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'unset'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'rotate'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'revoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'fund'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'settlement-confirm'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'bootstrap'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from spend' -a 'authorize'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'reputation'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'portfolio'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'fraud'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'import'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'card'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'contracts'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'init'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'templates'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'preview'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-mcp-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-x402-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'run'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'tool'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'registry'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'sandbox'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'production'\ncomplete -c paybond -n '__fish_seen_subcommand_from audit' -a 'exports'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'bash'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'zsh'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'fish'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_saas_api_purchase'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'invoice_payment_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_saas_api_purchase'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'invoice_payment_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_saas_api_purchase'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'invoice_payment_confirmed'\n"
709
+ "bash": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize budget-remaining explain-policy\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n_paybond_completion() {\n local cur prev words cword\n COMPREPLY=()\n cur=\"${COMP_WORDS[COMP_CWORD]}\"\n prev=\"${COMP_WORDS[COMP_CWORD-1]}\"\n\n if [[ $COMP_CWORD -eq 1 ]]; then\n COMPREPLY=($(compgen -W \"onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\" -- \"$cur\"))\n return 0\n fi\n\n case \"${COMP_WORDS[1]}\" in\n init) COMPREPLY=($(compgen -W \"guardrail completion agent-middleware\" -- \"$cur\")) ;;\n mcp) COMPREPLY=($(compgen -W \"serve install verify-config tools\" -- \"$cur\")) ;;\n dev) COMPREPLY=($(compgen -W \"smoke trace loop up\" -- \"$cur\")) ;;\n config) COMPREPLY=($(compgen -W \"get set unset list\" -- \"$cur\")) ;;\n keys) COMPREPLY=($(compgen -W \"list create rotate revoke\" -- \"$cur\")) ;;\n intents) COMPREPLY=($(compgen -W \"list get create fund evidence settlement-confirm\" -- \"$cur\")) ;;\n guardrails) COMPREPLY=($(compgen -W \"bootstrap evidence\" -- \"$cur\")) ;;\n spend) COMPREPLY=($(compgen -W \"authorize budget-remaining explain-policy\" -- \"$cur\")) ;;\n signal) COMPREPLY=($(compgen -W \"reputation portfolio fraud\" -- \"$cur\")) ;;\n receipts) COMPREPLY=($(compgen -W \"get verify\" -- \"$cur\")) ;;\n mandates) COMPREPLY=($(compgen -W \"verify import\" -- \"$cur\")) ;;\n a2a) COMPREPLY=($(compgen -W \"card contracts\" -- \"$cur\")) ;;\n policy) COMPREPLY=($(compgen -W \"init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\" -- \"$cur\")) ;;\n agent) COMPREPLY=($(compgen -W \"run tool registry sandbox production\" -- \"$cur\")) ;;\n audit) COMPREPLY=($(compgen -W \"exports\" -- \"$cur\")) ;;\n completion) COMPREPLY=($(compgen -W \"bash zsh fish\" -- \"$cur\")) ;;\n init completion preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\" -- \"$cur\")) ;;\n policy preview preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\" -- \"$cur\")) ;;\n guardrails bootstrap completion-preset) COMPREPLY=($(compgen -W \"api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\" -- \"$cur\")) ;;\n *) ;;\n esac\n}\ncomplete -F _paybond_completion paybond\n",
710
+ "zsh": "#compdef paybond\n# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize budget-remaining explain-policy\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n\n_paybond() {\n local -a commands\n commands=(\n 'onboarding' 'help' 'examples' 'completion' 'login' 'init' 'mcp' 'doctor' 'dev' 'version' 'diagnose' 'config' 'whoami' 'keys' 'intents' 'guardrails' 'spend' 'signal' 'receipts' 'mandates' 'a2a' 'policy' 'audit' 'agent'\n )\n _arguments -C \\\n '(--gateway)--gateway[Gateway base URL]:url:' \\\n '(--env-file)--env-file[Local secrets file]:path:_files' \\\n '(--format)--format[Output format]:(table json)' \\\n '(--color)--color[Color mode]:(auto always never)' \\\n '--no-color[Disable color output]' \\\n '1: :->command' \\\n '*::arg:->args'\n\n case $state in\n command)\n _describe -t commands 'paybond commands' commands\n ;;\n args)\n case $words[1] in\n 'init:subcommand:(guardrail completion agent-middleware)'\n 'mcp:subcommand:(serve install verify-config tools)'\n 'dev:subcommand:(smoke trace loop up)'\n 'config:subcommand:(get set unset list)'\n 'keys:subcommand:(list create rotate revoke)'\n 'intents:subcommand:(list get create fund evidence settlement-confirm)'\n 'guardrails:subcommand:(bootstrap evidence)'\n 'spend:subcommand:(authorize budget-remaining explain-policy)'\n 'signal:subcommand:(reputation portfolio fraud)'\n 'receipts:subcommand:(get verify)'\n 'mandates:subcommand:(verify import)'\n 'a2a:subcommand:(card contracts)'\n 'policy:subcommand:(init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence)'\n 'agent:subcommand:(run tool registry sandbox production)'\n 'audit:subcommand:(exports)'\n 'completion:subcommand:(bash zsh fish)'\n 'init completion preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed)'\n 'policy preview preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed)'\n 'guardrails bootstrap completion-preset:subcommand:(api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed)'\n esac\n ;;\n esac\n}\n\ncompdef _paybond paybond\n",
711
+ "fish": "# Generated by kit/cli-parity/generate.mjs — do not edit by hand.\n# # top_level: onboarding help examples completion login init mcp doctor dev version diagnose config whoami keys intents guardrails spend signal receipts mandates a2a policy audit agent\n# init: guardrail completion agent-middleware\n# mcp: serve install verify-config tools\n# dev: smoke trace loop up\n# config: get set unset list\n# keys: list create rotate revoke\n# intents: list get create fund evidence settlement-confirm\n# guardrails: bootstrap evidence\n# spend: authorize budget-remaining explain-policy\n# signal: reputation portfolio fraud\n# receipts: get verify\n# mandates: verify import\n# a2a: card contracts\n# policy: init validate-tools templates preview import-mcp-receipt import-x402-receipt validate-evidence\n# agent: run tool registry sandbox production\n# audit: exports\n# completion: bash zsh fish\n# init completion preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# policy preview preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\n# guardrails bootstrap completion-preset: api_response_ok webhook_confirmed artifact_attested cost_and_completion sandbox_permissive stripe_charge vendor_webhook_confirmed stripe_webhook_payment ach_paid_api_ok ach_travel_booking ach_vendor_webhook x402_paid_api_ok x402_delivery_receipt x402_cost_and_completion x402_saas_api_purchase x402_travel_booking invoice_payment_confirmed\ncomplete -c paybond -f\ncomplete -c paybond -l gateway -d 'Gateway base URL'\ncomplete -c paybond -l env-file -d 'Local secrets file' -r\ncomplete -c paybond -l format -d 'Output format' -xa 'table json'\ncomplete -c paybond -l color -d 'Color mode' -xa 'auto always never'\ncomplete -c paybond -l no-color -d 'Disable color output'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'onboarding'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'help'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'examples'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'completion'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'login'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'init'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mcp'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'doctor'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'dev'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'version'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'diagnose'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'config'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'whoami'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'keys'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'intents'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'guardrails'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'spend'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'signal'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'receipts'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'mandates'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'a2a'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'policy'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'audit'\ncomplete -c paybond -n '__fish_use_subcommand' -a 'agent'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'guardrail'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init' -a 'agent-middleware'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'serve'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'install'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'verify-config'\ncomplete -c paybond -n '__fish_seen_subcommand_from mcp' -a 'tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'smoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'trace'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'loop'\ncomplete -c paybond -n '__fish_seen_subcommand_from dev' -a 'up'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'set'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'unset'\ncomplete -c paybond -n '__fish_seen_subcommand_from config' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'rotate'\ncomplete -c paybond -n '__fish_seen_subcommand_from keys' -a 'revoke'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'list'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'create'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'fund'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from intents' -a 'settlement-confirm'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'bootstrap'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails' -a 'evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from spend' -a 'authorize'\ncomplete -c paybond -n '__fish_seen_subcommand_from spend' -a 'budget-remaining'\ncomplete -c paybond -n '__fish_seen_subcommand_from spend' -a 'explain-policy'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'reputation'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'portfolio'\ncomplete -c paybond -n '__fish_seen_subcommand_from signal' -a 'fraud'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'get'\ncomplete -c paybond -n '__fish_seen_subcommand_from receipts' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'verify'\ncomplete -c paybond -n '__fish_seen_subcommand_from mandates' -a 'import'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'card'\ncomplete -c paybond -n '__fish_seen_subcommand_from a2a' -a 'contracts'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'init'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-tools'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'templates'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'preview'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-mcp-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'import-x402-receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy' -a 'validate-evidence'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'run'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'tool'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'registry'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'sandbox'\ncomplete -c paybond -n '__fish_seen_subcommand_from agent' -a 'production'\ncomplete -c paybond -n '__fish_seen_subcommand_from audit' -a 'exports'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'bash'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'zsh'\ncomplete -c paybond -n '__fish_seen_subcommand_from completion' -a 'fish'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_saas_api_purchase'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'x402_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from init completion preset' -a 'invoice_payment_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_saas_api_purchase'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'x402_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from policy preview preset' -a 'invoice_payment_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'api_response_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'artifact_attested'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'sandbox_permissive'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_charge'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'vendor_webhook_confirmed'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'stripe_webhook_payment'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'ach_vendor_webhook'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_paid_api_ok'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_delivery_receipt'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_cost_and_completion'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_saas_api_purchase'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'x402_travel_booking'\ncomplete -c paybond -n '__fish_seen_subcommand_from guardrails bootstrap completion-preset' -a 'invoice_payment_confirmed'\n"
702
712
  };
@@ -4,4 +4,6 @@ export declare function handleKeys(ctx: CliContext, subcommand: string, argv: st
4
4
  export declare function handleIntents(ctx: CliContext, subcommand: string, argv: string[]): Promise<CommandResult>;
5
5
  export declare function handleGuardrails(ctx: CliContext, subcommand: string, argv: string[]): Promise<CommandResult>;
6
6
  export declare function handleSpendAuthorize(ctx: CliContext, argv: string[]): Promise<CommandResult>;
7
+ export declare function handleSpendBudgetRemaining(ctx: CliContext, argv: string[]): Promise<CommandResult>;
8
+ export declare function handleSpendExplainPolicy(ctx: CliContext, argv: string[]): Promise<CommandResult>;
7
9
  export { commandPath };
@@ -309,4 +309,121 @@ export async function handleSpendAuthorize(ctx, argv) {
309
309
  };
310
310
  });
311
311
  }
312
+ function parseSpendPreflightCliArgs(argv) {
313
+ const intentFlag = consumeFlag(argv, "--intent-id");
314
+ const operationFlag = consumeFlag(intentFlag.rest, "--operation");
315
+ const spendFlag = consumeFlag(operationFlag.rest, "--requested-spend-cents");
316
+ const vendorFlag = consumeFlag(spendFlag.rest, "--vendor-id");
317
+ const toolFlag = consumeFlag(vendorFlag.rest, "--tool-name");
318
+ const taskFlag = consumeFlag(toolFlag.rest, "--task-id");
319
+ const workflowFlag = consumeFlag(taskFlag.rest, "--workflow-id");
320
+ const toolCallFlag = consumeFlag(workflowFlag.rest, "--tool-call-id");
321
+ const currencyFlag = consumeFlag(toolCallFlag.rest, "--currency");
322
+ const agentFlag = consumeFlag(currencyFlag.rest, "--agent-subject");
323
+ const approvalFlag = consumeFlag(agentFlag.rest, "--approval-token");
324
+ if (!intentFlag.value) {
325
+ throw new CliError("spend preflight requires --intent-id", {
326
+ category: "usage",
327
+ code: "cli.usage.missing_args",
328
+ });
329
+ }
330
+ const operation = operationFlag.value?.trim() || "*";
331
+ const spendCents = parseOptionalNonNegativeInt(spendFlag.value, "--requested-spend-cents");
332
+ const payload = {
333
+ intent_id: intentFlag.value,
334
+ operation,
335
+ requested_spend_cents: spendCents,
336
+ };
337
+ if (vendorFlag.value) {
338
+ payload.vendor_id = vendorFlag.value;
339
+ }
340
+ if (toolFlag.value) {
341
+ payload.tool_name = toolFlag.value;
342
+ }
343
+ if (taskFlag.value) {
344
+ payload.task_id = taskFlag.value;
345
+ }
346
+ if (workflowFlag.value) {
347
+ payload.workflow_id = workflowFlag.value;
348
+ }
349
+ if (toolCallFlag.value) {
350
+ payload.tool_call_id = toolCallFlag.value;
351
+ }
352
+ if (currencyFlag.value) {
353
+ payload.currency = currencyFlag.value;
354
+ }
355
+ if (agentFlag.value) {
356
+ payload.agent_subject = agentFlag.value;
357
+ }
358
+ if (approvalFlag.value) {
359
+ payload.approval_token = approvalFlag.value;
360
+ }
361
+ return {
362
+ intentId: intentFlag.value,
363
+ operation,
364
+ requestedSpendCents: spendCents,
365
+ payload,
366
+ rest: approvalFlag.rest,
367
+ };
368
+ }
369
+ function normalizeExplainPolicyOutcome(outcome, classification) {
370
+ const normalized = outcome.trim().toLowerCase();
371
+ if (normalized === "allow" || normalized === "anomaly_observe") {
372
+ return "allow";
373
+ }
374
+ if (normalized === "approval_required" || normalized === "anomaly_escalate") {
375
+ return "approval_required";
376
+ }
377
+ if (normalized === "deny") {
378
+ return "deny";
379
+ }
380
+ const classNorm = classification.trim().toLowerCase();
381
+ if (classNorm === "allow") {
382
+ return "allow";
383
+ }
384
+ if (classNorm === "hold") {
385
+ return "approval_required";
386
+ }
387
+ return "deny";
388
+ }
389
+ export async function handleSpendBudgetRemaining(ctx, argv) {
390
+ return withGateway(ctx, async (gateway) => {
391
+ const parsed = parseSpendPreflightCliArgs(argv);
392
+ const body = await gateway.postJson("/v1/spend/preflight", parsed.payload);
393
+ return {
394
+ data: {
395
+ remaining_cents: body.remaining_cents ?? null,
396
+ spend_scope: body.spend_scope ?? null,
397
+ policy_version: body.policy_version ?? null,
398
+ intent_id: parsed.intentId,
399
+ operation: parsed.operation,
400
+ requested_spend_cents: parsed.requestedSpendCents,
401
+ },
402
+ };
403
+ });
404
+ }
405
+ export async function handleSpendExplainPolicy(ctx, argv) {
406
+ return withGateway(ctx, async (gateway) => {
407
+ const parsed = parseSpendPreflightCliArgs(argv);
408
+ const body = await gateway.postJson("/v1/spend/preflight", parsed.payload);
409
+ const reasonCodes = Array.isArray(body.reason_codes)
410
+ ? body.reason_codes.map((code) => String(code))
411
+ : [];
412
+ const outcome = normalizeExplainPolicyOutcome(String(body.outcome ?? ""), String(body.classification ?? ""));
413
+ return {
414
+ data: {
415
+ outcome,
416
+ reason_codes: reasonCodes,
417
+ explanation: String(body.explanation ?? ""),
418
+ remaining_cents: body.remaining_cents ?? null,
419
+ approval_threshold_exceeded: reasonCodes.includes("approval_threshold_exceeded") || outcome === "approval_required"
420
+ ? reasonCodes.includes("approval_threshold_exceeded")
421
+ : undefined,
422
+ intent_id: parsed.intentId,
423
+ operation: parsed.operation,
424
+ requested_spend_cents: parsed.requestedSpendCents,
425
+ },
426
+ };
427
+ });
428
+ }
312
429
  export { commandPath };
@@ -1,3 +1,3 @@
1
- export declare const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent or Shopify setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel/shopping smoke, trace dashboard, WireMock up, and guided setup\n shopify doctor|link|dev|webhook trigger|checkout smoke|order show|capture ready|payments doctor|payments smoke|payments session show\n Shopify agentic commerce orchestration: readiness, dev loop, webhook trigger, checkout smoke, and Payments app rail smoke\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize Authorize delegated spend for a tool call\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement and agent action receipts (--kind agent)\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
1
+ export declare const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent or Shopify setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel/shopping smoke, trace dashboard, WireMock up, and guided setup\n shopify doctor|link|dev|webhook trigger|checkout smoke|order show|capture ready|payments doctor|payments smoke|payments session show\n Shopify agentic commerce orchestration: readiness, dev loop, webhook trigger, checkout smoke, and Payments app rail smoke\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize|budget-remaining|explain-policy\n Authorize delegated spend or dry-run budget/policy preflight\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement and agent action receipts (--kind agent)\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
2
2
  export declare const COMMAND_HELP: Record<string, string>;
3
3
  export declare function helpForCommand(path: string): string;
package/dist/cli/help.js CHANGED
@@ -1,5 +1,5 @@
1
1
  // Generated by kit/cli-parity/generate.mjs — do not edit by hand.
2
- export const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent or Shopify setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel/shopping smoke, trace dashboard, WireMock up, and guided setup\n shopify doctor|link|dev|webhook trigger|checkout smoke|order show|capture ready|payments doctor|payments smoke|payments session show\n Shopify agentic commerce orchestration: readiness, dev loop, webhook trigger, checkout smoke, and Payments app rail smoke\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize Authorize delegated spend for a tool call\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement and agent action receipts (--kind agent)\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
2
+ export const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent or Shopify setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel/shopping smoke, trace dashboard, WireMock up, and guided setup\n shopify doctor|link|dev|webhook trigger|checkout smoke|order show|capture ready|payments doctor|payments smoke|payments session show\n Shopify agentic commerce orchestration: readiness, dev loop, webhook trigger, checkout smoke, and Payments app rail smoke\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize|budget-remaining|explain-policy\n Authorize delegated spend or dry-run budget/policy preflight\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement and agent action receipts (--kind agent)\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
3
3
  export const COMMAND_HELP = {
4
4
  "onboarding": "Usage: paybond onboarding [--host claude|codex|openai|generic]\n\nRuns a guided, non-destructive first-run workflow: runtime check, login status, guardrail file status, MCP config preview, and doctor.\n\nExamples:\n $ paybond onboarding\n $ paybond onboarding --host claude --format json\n\nDocs: https://docs.paybond.ai/kit/coding-agent-setup\n\nNext: paybond login",
5
5
  "help": "Usage: paybond help [<command> [<subcommand> ...]]\n\nShows detailed help for a command path. Without arguments, prints root help.\n\nExamples:\n $ paybond help\n $ paybond help login\n $ paybond help mcp install",
@@ -60,6 +60,8 @@ export const COMMAND_HELP = {
60
60
  "guardrails bootstrap": "Usage: paybond guardrails bootstrap --operation <name> --requested-spend-cents <n>\n\nExamples:\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100",
61
61
  "guardrails evidence": "Usage: paybond guardrails evidence --intent-id <id> --body <json-file>\n\nExamples:\n $ paybond guardrails evidence --intent-id intent-123 --body evidence.json",
62
62
  "spend authorize": "Usage: paybond spend authorize --intent-id <id> --token <capability> --operation <name> [--requested-spend-cents <n>]\n\nExamples:\n $ paybond spend authorize --intent-id intent-123 --token cap --operation paid-tool",
63
+ "spend budget-remaining": "Usage: paybond spend budget-remaining --intent-id <id> [--operation <name>] [--requested-spend-cents <n>] [--vendor-id <id>] [--tool-name <name>]\n\nRead-only dry-run of remaining spend budget via POST /v1/spend/preflight. Tenant scope comes from authenticated credentials only.\n\nExamples:\n $ paybond spend budget-remaining --intent-id 550e8400-e29b-41d4-a716-446655440000 --operation paid-tool --requested-spend-cents 100 --format json",
64
+ "spend explain-policy": "Usage: paybond spend explain-policy --intent-id <id> [--operation <name>] [--requested-spend-cents <n>] [--vendor-id <id>] [--tool-name <name>]\n\nRead-only dry-run explanation of allow / approval_required / deny via POST /v1/spend/preflight. Does not create decisions or approval requests.\n\nExamples:\n $ paybond spend explain-policy --intent-id 550e8400-e29b-41d4-a716-446655440000 --operation paid-tool --requested-spend-cents 75000 --format json",
63
65
  "signal reputation": "Usage: paybond signal reputation --did <did>\n\nExamples:\n $ paybond signal reputation --did did:example:alice",
64
66
  "signal portfolio": "Usage: paybond signal portfolio\n\nExamples:\n $ paybond signal portfolio",
65
67
  "signal fraud": "Usage: paybond signal fraud --did <did>\n\nExamples:\n $ paybond signal fraud --did did:example:alice",
@@ -7,7 +7,7 @@ import { handlePolicyExtend, handlePolicyImportMcpReceipt, handlePolicyImportX40
7
7
  import { handleAgent } from "./commands/agent.js";
8
8
  import { handleDev } from "./commands/dev.js";
9
9
  import { handleShopify } from "./commands/shopify.js";
10
- import { handleGuardrails, handleIntents, handleKeys, handleSpendAuthorize, } from "./commands/workflows.js";
10
+ import { handleGuardrails, handleIntents, handleKeys, handleSpendAuthorize, handleSpendBudgetRemaining, handleSpendExplainPolicy, } from "./commands/workflows.js";
11
11
  import { failureEnvelope, prepareCommandOutput, successEnvelope, writeEnvelope, writeTableLines } from "./envelope.js";
12
12
  import { defaultGlobalOptions, parseCliArgv } from "./globals.js";
13
13
  import { deprecatedAliasWarning } from "./automation.js";
@@ -257,6 +257,14 @@ export async function runCli(argv, deps = {}) {
257
257
  canonical = "spend authorize";
258
258
  result = await handleSpendAuthorize(ctx, tail);
259
259
  }
260
+ else if (head === "spend" && second === "budget-remaining") {
261
+ canonical = "spend budget-remaining";
262
+ result = await handleSpendBudgetRemaining(ctx, tail);
263
+ }
264
+ else if (head === "spend" && second === "explain-policy") {
265
+ canonical = "spend explain-policy";
266
+ result = await handleSpendExplainPolicy(ctx, tail);
267
+ }
260
268
  else if (head === "signal" && second) {
261
269
  canonical = commandPath(["signal", second]);
262
270
  result = await handleSignal(ctx, second, tail);
@@ -95,6 +95,17 @@ export function createOfflineDevGatewayFetch(options = {}) {
95
95
  decision_id: "00000000-0000-4000-8000-000000000003",
96
96
  });
97
97
  }
98
+ if (url.endsWith("/v1/spend/preflight")) {
99
+ return jsonResponse({
100
+ classification: "allow",
101
+ outcome: "allow",
102
+ reason_codes: [],
103
+ remaining_cents: 100000,
104
+ spend_scope: { scope_type: "tenant", scope_key: "" },
105
+ policy_version: 1,
106
+ explanation: "Spend is allowed under the current policy.",
107
+ });
108
+ }
98
109
  if (url.endsWith(`/v1/sandbox/guardrails/${OFFLINE_DEV_INTENT_ID}/evidence`)) {
99
110
  return jsonResponse({
100
111
  tenant_id: OFFLINE_DEV_TENANT_ID,