@paybond/kit 0.12.4 → 0.12.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (114) hide show
  1. package/dist/agent/facade.d.ts +2 -0
  2. package/dist/agent/facade.js +10 -2
  3. package/dist/agent/guarded-agent.d.ts +3 -1
  4. package/dist/agent/guarded-agent.js +13 -2
  5. package/dist/agent/index.d.ts +2 -2
  6. package/dist/agent/index.js +1 -1
  7. package/dist/agent/instrument.d.ts +3 -0
  8. package/dist/agent/instrument.js +21 -10
  9. package/dist/agent/interceptor.js +19 -0
  10. package/dist/agent/types.d.ts +14 -0
  11. package/dist/agent-receipt-acta.d.ts +58 -0
  12. package/dist/agent-receipt-acta.js +140 -0
  13. package/dist/agent-receipt-inclusion.d.ts +40 -0
  14. package/dist/agent-receipt-inclusion.js +209 -0
  15. package/dist/agent-receipt-owner-disclosure.d.ts +71 -0
  16. package/dist/agent-receipt-owner-disclosure.js +277 -0
  17. package/dist/agent-receipt-pef.d.ts +69 -0
  18. package/dist/agent-receipt-pef.js +121 -0
  19. package/dist/agent-receipt-scitt.d.ts +50 -0
  20. package/dist/agent-receipt-scitt.js +382 -0
  21. package/dist/agent-receipt.d.ts +55 -0
  22. package/dist/agent-receipt.js +297 -4
  23. package/dist/claude-agents/config.d.ts +21 -2
  24. package/dist/claude-agents/config.js +37 -0
  25. package/dist/claude-agents/index.d.ts +1 -1
  26. package/dist/claude-agents/index.js +1 -1
  27. package/dist/cli/agent/demo-loaders.d.ts +1 -0
  28. package/dist/cli/agent/demo-loaders.js +12 -0
  29. package/dist/cli/command-spec.js +16 -1
  30. package/dist/cli/commands/agent.d.ts +4 -0
  31. package/dist/cli/commands/agent.js +107 -1
  32. package/dist/cli/help.js +4 -1
  33. package/dist/cloudflare-agents/config.d.ts +1 -1
  34. package/dist/cloudflare-agents/config.js +2 -2
  35. package/dist/google-adk/config.d.ts +36 -0
  36. package/dist/google-adk/config.js +172 -0
  37. package/dist/google-adk/index.d.ts +2 -0
  38. package/dist/google-adk/index.js +2 -0
  39. package/dist/google-adk/sandbox-demo.d.ts +32 -0
  40. package/dist/google-adk/sandbox-demo.js +104 -0
  41. package/dist/index.d.ts +10 -2
  42. package/dist/index.js +11 -3
  43. package/dist/init.js +29 -0
  44. package/dist/mcp-receipt-resource.js +3 -1
  45. package/dist/mcp-server.js +182 -10
  46. package/dist/policy/adapter-options.d.ts +9 -0
  47. package/dist/policy/adapter-options.js +11 -0
  48. package/dist/policy/index.d.ts +1 -0
  49. package/dist/policy/index.js +1 -0
  50. package/dist/policy/load.d.ts +7 -0
  51. package/dist/policy/load.js +13 -0
  52. package/dist/policy/merge.js +26 -0
  53. package/dist/policy/schema.d.ts +20 -0
  54. package/dist/policy/schema.js +34 -2
  55. package/dist/shopify/instrument.d.ts +8 -8
  56. package/dist/template-init.d.ts +2 -2
  57. package/dist/template-init.js +12 -4
  58. package/dist/vercel-ai/config.d.ts +2 -1
  59. package/dist/vercel-ai/config.js +2 -2
  60. package/dist/vercel-ai/index.d.ts +2 -1
  61. package/dist/vercel-ai/index.js +2 -1
  62. package/dist/vercel-ai/provider-executed.d.ts +7 -0
  63. package/dist/vercel-ai/provider-executed.js +20 -0
  64. package/dist/vercel-ai/tool-approval.d.ts +5 -0
  65. package/dist/vercel-ai/tool-approval.js +8 -1
  66. package/dist/vercel-ai/wrap-tools.d.ts +8 -1
  67. package/dist/vercel-ai/wrap-tools.js +17 -4
  68. package/glama.json +6 -0
  69. package/package.json +15 -5
  70. package/templates/manifest.json +57 -12
  71. package/templates/openai-shopping-agent/package-lock.json +379 -14
  72. package/templates/openai-shopping-agent/package.json +2 -2
  73. package/templates/paybond-aws-operator/package-lock.json +376 -11
  74. package/templates/paybond-aws-operator/package.json +2 -2
  75. package/templates/paybond-claude-agents-demo/package-lock.json +379 -14
  76. package/templates/paybond-claude-agents-demo/package.json +2 -2
  77. package/templates/paybond-cloudflare-shopping-agent/.env.example +3 -0
  78. package/templates/paybond-cloudflare-shopping-agent/.github/workflows/smoke.yml +20 -0
  79. package/templates/paybond-cloudflare-shopping-agent/LICENSE +201 -0
  80. package/templates/paybond-cloudflare-shopping-agent/README.md +29 -0
  81. package/templates/paybond-cloudflare-shopping-agent/package-lock.json +2671 -0
  82. package/templates/paybond-cloudflare-shopping-agent/package.json +23 -0
  83. package/templates/paybond-cloudflare-shopping-agent/paybond.policy.yaml +22 -0
  84. package/templates/paybond-cloudflare-shopping-agent/src/agent.ts +109 -0
  85. package/templates/paybond-cloudflare-shopping-agent/src/index.ts +22 -0
  86. package/templates/paybond-cloudflare-shopping-agent/src/paybond.config.ts +51 -0
  87. package/templates/paybond-cloudflare-shopping-agent/tsconfig.json +13 -0
  88. package/templates/paybond-crewai-procurement-agent/.env.example +3 -0
  89. package/templates/paybond-crewai-procurement-agent/.github/workflows/smoke.yml +19 -0
  90. package/templates/paybond-crewai-procurement-agent/LICENSE +201 -0
  91. package/templates/paybond-crewai-procurement-agent/README.md +73 -0
  92. package/templates/paybond-crewai-procurement-agent/app.py +79 -0
  93. package/templates/paybond-crewai-procurement-agent/crew.py +117 -0
  94. package/templates/paybond-crewai-procurement-agent/package.json +6 -0
  95. package/templates/paybond-crewai-procurement-agent/paybond.policy.yaml +28 -0
  96. package/templates/paybond-crewai-procurement-agent/paybond_config.py +45 -0
  97. package/templates/paybond-crewai-procurement-agent/requirements.txt +2 -0
  98. package/templates/paybond-invoice-agent/requirements.txt +1 -1
  99. package/templates/paybond-mastra-travel-agent/package-lock.json +379 -14
  100. package/templates/paybond-mastra-travel-agent/package.json +2 -2
  101. package/templates/paybond-mcp-coding-agent/package-lock.json +376 -11
  102. package/templates/paybond-mcp-coding-agent/package.json +2 -2
  103. package/templates/paybond-openai-agents-demo/package-lock.json +379 -14
  104. package/templates/paybond-openai-agents-demo/package.json +2 -2
  105. package/templates/paybond-procurement-agent/package-lock.json +376 -11
  106. package/templates/paybond-procurement-agent/package.json +2 -2
  107. package/templates/paybond-shopify-shopping-agent/package-lock.json +376 -11
  108. package/templates/paybond-shopify-shopping-agent/package.json +2 -2
  109. package/templates/paybond-stripe-agent-demo/package-lock.json +376 -11
  110. package/templates/paybond-stripe-agent-demo/package.json +2 -2
  111. package/templates/paybond-travel-agent/package-lock.json +376 -11
  112. package/templates/paybond-travel-agent/package.json +2 -2
  113. package/templates/paybond-vercel-shopping-agent/package-lock.json +376 -11
  114. package/templates/paybond-vercel-shopping-agent/package.json +2 -2
@@ -42,6 +42,8 @@ export type PaybondWrapToolsOptions = {
42
42
  sandbox?: boolean;
43
43
  attach?: import("./instrument.js").PaybondInstrumentAttachInput;
44
44
  context?: import("./instrument.js").PaybondInstrumentContextInput;
45
+ /** Fail closed on provider-executed AI SDK tools (Vercel AI / Cloudflare Agents). */
46
+ denyProviderExecutedTools?: boolean;
45
47
  };
46
48
  /** Wrap tools for an existing bound run without reloading policy. */
47
49
  export declare function wrapPaybondTools(run: PaybondAgentRun, tools: unknown, options?: PaybondWrapToolsOptions): unknown;
@@ -3,6 +3,7 @@ import { createPaybondOpenAIAgentsConfig } from "../openai-agents/index.js";
3
3
  import { isKnownPolicyPresetId, resolvePolicyPresetPath } from "../policy/presets.js";
4
4
  import { createPaybondCloudflareAgentsConfig } from "../cloudflare-agents/config.js";
5
5
  import { createPaybondMastraConfig } from "../mastra/config.js";
6
+ import { createPaybondGoogleAdkConfig } from "../google-adk/config.js";
6
7
  import { createPaybondVercelAgentConfig } from "../vercel-ai/config.js";
7
8
  import { createPaybondGenericAgentConfig, createPaybondGenericInputGuard, } from "./generic-runner.js";
8
9
  import { instrumentPaybondAgent, PaybondInstrumentRuntime, } from "./instrument.js";
@@ -62,6 +63,8 @@ export function toPaybondAgentResult(result) {
62
63
  break;
63
64
  case "mastra":
64
65
  break;
66
+ case "google-adk":
67
+ break;
65
68
  case "cloudflare-agents":
66
69
  if (result.toolApproval) {
67
70
  hooks.toolApproval = result.toolApproval;
@@ -102,19 +105,24 @@ export async function createPaybondAgent(paybond, input) {
102
105
  /** Wrap tools for an existing bound run without reloading policy. */
103
106
  export function wrapPaybondTools(run, tools, options) {
104
107
  const framework = options?.framework ?? "generic";
108
+ const adapterOptions = options?.denyProviderExecutedTools === true
109
+ ? { denyProviderExecutedTools: true }
110
+ : undefined;
105
111
  switch (framework) {
106
112
  case "generic":
107
113
  return createPaybondGenericAgentConfig(run, tools).tools;
108
114
  case "vercel-ai":
109
- return createPaybondVercelAgentConfig(run, tools).tools;
115
+ return createPaybondVercelAgentConfig(run, tools, adapterOptions).tools;
110
116
  case "openai-agents":
111
117
  return createPaybondOpenAIAgentsConfig(run, tools).tools;
112
118
  case "claude-agents":
113
119
  return createPaybondClaudeAgentsConfig(run, tools).agentTools;
114
120
  case "mastra":
115
121
  return createPaybondMastraConfig(run, tools).tools;
122
+ case "google-adk":
123
+ return createPaybondGoogleAdkConfig(run, tools).tools;
116
124
  case "cloudflare-agents":
117
- return createPaybondCloudflareAgentsConfig(run, tools).tools;
125
+ return createPaybondCloudflareAgentsConfig(run, tools, adapterOptions).tools;
118
126
  case "langgraph":
119
127
  throw new Error('framework "langgraph" does not wrap tools in place; use instrument() or createPaybondLangGraphHooks(run)');
120
128
  default: {
@@ -7,11 +7,12 @@ import { paybondVercelToolApproval } from "../vercel-ai/tool-approval.js";
7
7
  import { type PaybondLangGraphAwrapToolCall } from "../langgraph/awrap-tool-call.js";
8
8
  import { paybondToolNode } from "../langgraph/tool-node.js";
9
9
  import { type ClaudeAgentsConfig } from "../claude-agents/config.js";
10
+ import { type PaybondGoogleAdkConfig } from "../google-adk/config.js";
10
11
  import type { PaybondToolRegistry } from "./registry.js";
11
12
  import type { PaybondAgentRunHost } from "./run.js";
12
13
  import { PaybondAgentRun } from "./run.js";
13
14
  import type { PaybondRunBindingAttachInput } from "./types.js";
14
- export type GuardedAgentFramework = "generic" | "openai-agents" | "vercel-ai" | "langgraph" | "claude-agents" | "mastra" | "cloudflare-agents";
15
+ export type GuardedAgentFramework = "generic" | "openai-agents" | "google-adk" | "vercel-ai" | "langgraph" | "claude-agents" | "mastra" | "cloudflare-agents";
15
16
  export type CreateGuardedAgentInput<TTools = unknown> = {
16
17
  policy: PaybondPolicyLoadSource | PaybondPolicy;
17
18
  /** Agent-agnostic wrapping when omitted. Pass a framework only when SDK-specific hooks are required. */
@@ -39,6 +40,7 @@ export type CreateGuardedAgentResultBase = {
39
40
  openAIAgentsAdapter?: ReturnType<typeof createOpenAIAgentsAdapter>;
40
41
  runConfig?: ReturnType<typeof createOpenAIAgentsAdapter>["runConfig"];
41
42
  claudeAgentsConfig?: ClaudeAgentsConfig;
43
+ googleAdkConfig?: PaybondGoogleAdkConfig;
42
44
  };
43
45
  export type CreateGuardedAgentResult<TTools = unknown> = CreateGuardedAgentResultBase & {
44
46
  agentTools: TTools;
@@ -5,6 +5,7 @@ import { createPaybondLangGraphHooks } from "../langgraph/config.js";
5
5
  import { createPaybondClaudeAgentsConfig, } from "../claude-agents/config.js";
6
6
  import { createPaybondCloudflareAgentsConfig, } from "../cloudflare-agents/config.js";
7
7
  import { createPaybondMastraConfig, } from "../mastra/config.js";
8
+ import { createPaybondGoogleAdkConfig, } from "../google-adk/config.js";
8
9
  import { createPaybondGenericAgentConfig, } from "./generic-runner.js";
9
10
  import { PaybondAgentRun } from "./run.js";
10
11
  async function resolvePolicy(source) {
@@ -48,13 +49,14 @@ export async function createGuardedAgent(paybond, input) {
48
49
  const run = await bindGuardedRun(paybond, policy, input);
49
50
  const base = { run, policy, registry };
50
51
  const framework = input.framework ?? "generic";
52
+ const adapterOptions = policy.toAdapterOptions();
51
53
  switch (framework) {
52
54
  case "generic": {
53
55
  const config = createPaybondGenericAgentConfig(run, input.tools);
54
56
  return { ...base, framework: "generic", agentTools: config.tools };
55
57
  }
56
58
  case "vercel-ai": {
57
- const config = createPaybondVercelAgentConfig(run, input.tools);
59
+ const config = createPaybondVercelAgentConfig(run, input.tools, adapterOptions);
58
60
  return {
59
61
  ...base,
60
62
  framework: "vercel-ai",
@@ -73,6 +75,15 @@ export async function createGuardedAgent(paybond, input) {
73
75
  runConfig: config.runConfig,
74
76
  };
75
77
  }
78
+ case "google-adk": {
79
+ const googleAdkConfig = createPaybondGoogleAdkConfig(run, input.tools);
80
+ return {
81
+ ...base,
82
+ framework: "google-adk",
83
+ agentTools: googleAdkConfig.tools,
84
+ googleAdkConfig,
85
+ };
86
+ }
76
87
  case "langgraph": {
77
88
  const hooks = createPaybondLangGraphHooks(run);
78
89
  return {
@@ -101,7 +112,7 @@ export async function createGuardedAgent(paybond, input) {
101
112
  };
102
113
  }
103
114
  case "cloudflare-agents": {
104
- const config = createPaybondCloudflareAgentsConfig(run, input.tools);
115
+ const config = createPaybondCloudflareAgentsConfig(run, input.tools, adapterOptions);
105
116
  return {
106
117
  ...base,
107
118
  framework: "cloudflare-agents",
@@ -1,7 +1,7 @@
1
1
  export { PaybondAgentFacade, createPaybondAgentCallable, type GetAgentReceiptInput, type PaybondAgentCallable, } from "./receipt-client.js";
2
2
  export { createGuardedAgent, createGuardedAgentRunner, type CreateGuardedAgentInput, type CreateGuardedAgentResult, type CreateGuardedAgentResultBase, type GuardedAgentFramework, } from "./guarded-agent.js";
3
3
  export { createPaybondAgent, resolveAgentPolicySource, toPaybondAgentResult, wrapPaybondTools, type PaybondAgentHooks, type PaybondAgentInput, type PaybondAgentResult, type PaybondInstrumentInput, type PaybondWrapToolsOptions, } from "./facade.js";
4
- export { PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, type PaybondAgentInstrumentation, type PaybondInlinePolicy, type PaybondInstrumentAgentOptions, type PaybondInstrumentAttachInput, type PaybondInstrumentBinding, type PaybondInstrumentContext, type PaybondInstrumentContextInput, type PaybondInstrumentContextProvider, } from "./instrument.js";
4
+ export { PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondGoogleAdk, instrumentPaybondVercel, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, type PaybondAgentInstrumentation, type PaybondInlinePolicy, type PaybondInstrumentAgentOptions, type PaybondInstrumentAttachInput, type PaybondInstrumentBinding, type PaybondInstrumentContext, type PaybondInstrumentContextInput, type PaybondInstrumentContextProvider, } from "./instrument.js";
5
5
  export { formatPaybondAttachEnvSnippet, openPaybondAttachBundle, PAYBOND_ATTACH_BUNDLE_ENV, PAYBOND_ATTACH_BUNDLE_PREFIX, PAYBOND_ATTACH_INTENT_ID_ENV, PAYBOND_CAPABILITY_TOKEN_ENV, productionEvidenceFromAttachBundle, resolveAttachContextFromEnv, sealPaybondAttachBundle, type PaybondAttachBundlePayloadV1, type PaybondAttachEnvRecord, } from "./attach-bundle.js";
6
6
  export { createPaybondGenericAgentConfig, createPaybondGenericInputGuard, type PaybondGenericAgentConfig, } from "./generic-runner.js";
7
7
  export { runGenericSandboxDemo, type RunGenericSandboxDemoInput, type RunGenericSandboxDemoResult, } from "./generic-sandbox-demo.js";
@@ -11,4 +11,4 @@ export { PaybondToolInterceptor } from "./interceptor.js";
11
11
  export { PaybondToolRegistry, createPaybondToolRegistry, } from "./registry.js";
12
12
  export { PaybondAgentRun, PaybondAgentRunFacade, type PaybondAgentRunHost, } from "./run.js";
13
13
  export { agentRegistryDocumentToConfig, buildSmokeRegistry, loadAgentRegistryFile, parseAgentRegistryText, validateAgentRegistryDocument, type AgentRegistryFileDocument, type AgentRegistryValidationResult, } from "./registry-file.js";
14
- export { PaybondAgentRunBindError, PaybondAutoEvidenceError, PaybondAutoEvidenceSubmitError, PaybondEvidenceSubmitError, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, type PaybondAgentRunBindInput, type PaybondAuthorizeToolCallInput, type PaybondEvidenceMapper, type PaybondExternalAttestationMapper, type PaybondInterceptEvidenceResult, type PaybondInterceptWrapExecuteInput, type PaybondInterceptWrapExecuteResult, type PaybondRunBinding, type PaybondRunBindingAttachInput, type PaybondRunBindingSandboxBootstrapInput, type PaybondRunProductionEvidenceCredentials, type PaybondRunGuard, type PaybondSideEffectingToolEntry, type PaybondSideEffectingToolPolicy, type PaybondSpendResolver, type PaybondToolCallContext, type PaybondToolInputGuardAllowDecision, type PaybondToolInputGuardApprovalRequiredDecision, type PaybondToolInputGuardDecision, type PaybondToolInputGuardDenyDecision, type PaybondToolRegistryConfig, type PaybondToolResolution, type PaybondTraceEvent, type PaybondTraceSink, } from "./types.js";
14
+ export { PaybondAgentRunBindError, PaybondAutoEvidenceError, PaybondAutoEvidenceSubmitError, PaybondEvidenceSubmitError, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, type PaybondAgentRunBindInput, type PaybondAuthorizeToolCallInput, type PaybondEvidenceMapper, type PaybondExternalAttestationMapper, type AgentReceiptComposeResult, type AgentReceiptComposeStatus, type PaybondInterceptEvidenceResult, type PaybondInterceptWrapExecuteInput, type PaybondInterceptWrapExecuteResult, type PaybondRunBinding, type PaybondRunBindingAttachInput, type PaybondRunBindingSandboxBootstrapInput, type PaybondRunProductionEvidenceCredentials, type PaybondRunGuard, type PaybondSideEffectingToolEntry, type PaybondSideEffectingToolPolicy, type PaybondSpendResolver, type PaybondToolCallContext, type PaybondToolInputGuardAllowDecision, type PaybondToolInputGuardApprovalRequiredDecision, type PaybondToolInputGuardDecision, type PaybondToolInputGuardDenyDecision, type PaybondToolRegistryConfig, type PaybondToolResolution, type PaybondTraceEvent, type PaybondTraceSink, } from "./types.js";
@@ -1,7 +1,7 @@
1
1
  export { PaybondAgentFacade, createPaybondAgentCallable, } from "./receipt-client.js";
2
2
  export { createGuardedAgent, createGuardedAgentRunner, } from "./guarded-agent.js";
3
3
  export { createPaybondAgent, resolveAgentPolicySource, toPaybondAgentResult, wrapPaybondTools, } from "./facade.js";
4
- export { PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, } from "./instrument.js";
4
+ export { PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondGoogleAdk, instrumentPaybondVercel, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, } from "./instrument.js";
5
5
  export { formatPaybondAttachEnvSnippet, openPaybondAttachBundle, PAYBOND_ATTACH_BUNDLE_ENV, PAYBOND_ATTACH_BUNDLE_PREFIX, PAYBOND_ATTACH_INTENT_ID_ENV, PAYBOND_CAPABILITY_TOKEN_ENV, productionEvidenceFromAttachBundle, resolveAttachContextFromEnv, sealPaybondAttachBundle, } from "./attach-bundle.js";
6
6
  export { createPaybondGenericAgentConfig, createPaybondGenericInputGuard, } from "./generic-runner.js";
7
7
  export { runGenericSandboxDemo, } from "./generic-sandbox-demo.js";
@@ -145,6 +145,9 @@ export declare function instrumentPaybondLangGraph<TTools>(paybond: PaybondAgent
145
145
  export declare function instrumentPaybondOpenAI<TTools>(paybond: PaybondAgentRunHost, input: Omit<PaybondInstrumentBaseInput<TTools>, "framework"> & {
146
146
  tools: TTools;
147
147
  }): Promise<PaybondInstrumented<TTools> | PaybondInstrumentRuntime<TTools>>;
148
+ export declare function instrumentPaybondGoogleAdk<TTools>(paybond: PaybondAgentRunHost, input: Omit<PaybondInstrumentBaseInput<TTools>, "framework"> & {
149
+ tools: TTools;
150
+ }): Promise<PaybondInstrumented<TTools> | PaybondInstrumentRuntime<TTools>>;
148
151
  export declare function instrumentPaybondVercel<TTools>(paybond: PaybondAgentRunHost, input: Omit<PaybondInstrumentBaseInput<TTools>, "framework"> & {
149
152
  tools: TTools;
150
153
  }): Promise<PaybondInstrumented<TTools> | PaybondInstrumentRuntime<TTools>>;
@@ -3,6 +3,8 @@ import { wrapDeferredTools } from "./deferred-tools.js";
3
3
  import { PaybondLazyContextError, wrapLazyContextTools } from "./lazy-context-tools.js";
4
4
  import { attachPaybondAgentInstrumentation, discoverPolicyFromAgent, discoverToolsFromAgent, isInstrumentableAgentObject, } from "./discover.js";
5
5
  import { createGuardedAgent, } from "./guarded-agent.js";
6
+ import { createPaybondGenericInputGuard, } from "./generic-runner.js";
7
+ import { paybondVercelToolApproval } from "../vercel-ai/tool-approval.js";
6
8
  import { toPaybondAgentResult, wrapPaybondTools, } from "./facade.js";
7
9
  import { PaybondAgentRun } from "./run.js";
8
10
  import { resolveAttachContextFromEnv, } from "./attach-bundle.js";
@@ -186,14 +188,25 @@ function bindingFromRun(run, mode, userId) {
186
188
  function hooksFromGuardedResult(result) {
187
189
  return toPaybondAgentResult(result).hooks;
188
190
  }
189
- function wrapToolsForFramework(run, rawTools, framework, guarded) {
191
+ function wrapToolsForFramework(run, rawTools, framework, guarded, adapterOptions) {
190
192
  if (framework === "langgraph") {
191
193
  return rawTools;
192
194
  }
193
195
  if (guarded) {
194
196
  return guarded.agentTools;
195
197
  }
196
- return wrapPaybondTools(run, rawTools, { framework });
198
+ return wrapPaybondTools(run, rawTools, { framework, ...adapterOptions });
199
+ }
200
+ function hooksForAttachedFramework(run, framework, adapterOptions) {
201
+ const hooks = {};
202
+ if (framework === "generic") {
203
+ hooks.inputGuard = createPaybondGenericInputGuard(run);
204
+ return hooks;
205
+ }
206
+ if (framework === "vercel-ai" || framework === "cloudflare-agents") {
207
+ hooks.toolApproval = paybondVercelToolApproval(run, adapterOptions);
208
+ }
209
+ return hooks;
197
210
  }
198
211
  /**
199
212
  * Bound Paybond runtime for one agent session — immutable; create a new runtime per request.
@@ -299,14 +312,9 @@ async function createBoundRuntime(paybond, policy, rawTools, framework, context,
299
312
  attach,
300
313
  traceSink,
301
314
  });
302
- const tools = wrapToolsForFramework(run, rawTools, framework);
303
- const hooks = hooksFromGuardedResult({
304
- run,
305
- policy,
306
- registry: policy.toToolRegistry(),
307
- framework,
308
- agentTools: tools,
309
- });
315
+ const adapterOptions = policy.toAdapterOptions();
316
+ const tools = wrapToolsForFramework(run, rawTools, framework, undefined, adapterOptions);
317
+ const hooks = hooksForAttachedFramework(run, framework, adapterOptions);
310
318
  return new PaybondInstrumentRuntime(tools, run, policy, hooks, bindingFromRun(run, "attach", context.userId));
311
319
  }
312
320
  function toPaybondInstrumentRuntime(result, rawTools, bindMode, userId) {
@@ -431,6 +439,9 @@ export function instrumentPaybondLangGraph(paybond, input) {
431
439
  export function instrumentPaybondOpenAI(paybond, input) {
432
440
  return frameworkInstrument(paybond, "openai-agents", input);
433
441
  }
442
+ export function instrumentPaybondGoogleAdk(paybond, input) {
443
+ return frameworkInstrument(paybond, "google-adk", input);
444
+ }
434
445
  export function instrumentPaybondVercel(paybond, input) {
435
446
  return frameworkInstrument(paybond, "vercel-ai", input);
436
447
  }
@@ -23,6 +23,23 @@ function assertOperationAllowed(operation, allowedTools) {
23
23
  throw new Error(`operation "${operation}" is not in bound intent allowedTools (${allowedTools.join(", ")})`);
24
24
  }
25
25
  }
26
+ function parseAgentReceiptComposeResult(value) {
27
+ if (!value || typeof value !== "object" || Array.isArray(value)) {
28
+ return undefined;
29
+ }
30
+ const record = value;
31
+ const composeStatus = record.compose_status;
32
+ if (composeStatus !== "composed" && composeStatus !== "failed") {
33
+ return undefined;
34
+ }
35
+ return {
36
+ composeStatus,
37
+ receiptId: typeof record.receipt_id === "string" ? record.receipt_id : undefined,
38
+ scope: typeof record.scope === "string" ? record.scope : undefined,
39
+ warningCode: typeof record.warning_code === "string" ? record.warning_code : undefined,
40
+ warningMessage: typeof record.warning_message === "string" ? record.warning_message : undefined,
41
+ };
42
+ }
26
43
  function mapSandboxEvidenceResult(result) {
27
44
  return {
28
45
  submitted: true,
@@ -31,6 +48,7 @@ function mapSandboxEvidenceResult(result) {
31
48
  sandboxLifecycleStatus: result.sandbox_lifecycle_status,
32
49
  payloadDigestSha256Hex: result.payload_digest?.trim().toLowerCase() || undefined,
33
50
  artifactsDigestSha256Hex: result.artifacts_digest?.trim().toLowerCase() || undefined,
51
+ agentReceipt: parseAgentReceiptComposeResult(result.agent_receipt),
34
52
  };
35
53
  }
36
54
  function isSpendApprovalRequiredError(err) {
@@ -486,6 +504,7 @@ export class PaybondToolInterceptor {
486
504
  predicatePassed,
487
505
  payloadDigestSha256Hex,
488
506
  artifactsDigestSha256Hex,
507
+ agentReceipt: parseAgentReceiptComposeResult(resultRecord.agent_receipt),
489
508
  };
490
509
  }
491
510
  catch (err) {
@@ -165,6 +165,15 @@ export type PaybondRunGuard = {
165
165
  assertSpendAuthorized(input: PaybondRunGuardAuthInput): Promise<PaybondRunGuardAuthResult>;
166
166
  completeSpendAuthorization(decisionId: string, outcome: "consumed" | "released"): Promise<void>;
167
167
  };
168
+ export type AgentReceiptComposeStatus = "composed" | "failed";
169
+ /** Structured Gateway compose outcome attached to Harbor evidence responses when signing is configured. */
170
+ export type AgentReceiptComposeResult = {
171
+ composeStatus: AgentReceiptComposeStatus;
172
+ receiptId?: string;
173
+ scope?: string;
174
+ warningCode?: string;
175
+ warningMessage?: string;
176
+ };
168
177
  export type PaybondInterceptEvidenceResult = {
169
178
  submitted: true;
170
179
  intentId: string;
@@ -175,6 +184,11 @@ export type PaybondInterceptEvidenceResult = {
175
184
  payloadDigestSha256Hex?: string;
176
185
  /** sha256 hex digest of submitted evidence artifacts, when returned by Harbor. */
177
186
  artifactsDigestSha256Hex?: string;
187
+ /**
188
+ * Gateway agent-receipt compose outcome when `PAYBOND_AGENT_RECEIPT_SIGNING_KEY_HEX` is
189
+ * configured. `composeStatus: "failed"` is a structured warning — evidence still succeeded.
190
+ */
191
+ agentReceipt?: AgentReceiptComposeResult;
178
192
  };
179
193
  export type PaybondInterceptWrapExecuteResult<TResult> = {
180
194
  toolResult: TResult;
@@ -0,0 +1,58 @@
1
+ /**
2
+ * ACTA decision-receipt projection for `paybond.agent_receipt_v1`.
3
+ *
4
+ * Maps ARS fields into the ACTA Signed Decision Receipt shape
5
+ * (`draft-farley-acta-signed-receipts`) for MCP / governance handoff.
6
+ * This is an export projection only — ARS remains the canonical wire format
7
+ * and authenticity is verified via native ARS verify, not ACTA JCS re-sign.
8
+ */
9
+ import type { AgentReceiptV1 } from "./agent-receipt.js";
10
+ /** ACTA payload `type` for Paybond agent-receipt projections. */
11
+ export declare const ACTA_AGENT_RECEIPT_TYPE = "paybond:agent_receipt";
12
+ /** ACTA signature algorithm label used in the projected envelope. */
13
+ export declare const ACTA_SIGNATURE_ALG_EDDSA = "EdDSA";
14
+ export type ActaDecision = "allow" | "deny";
15
+ export type ActaDecisionReceiptPayloadV1 = {
16
+ type: typeof ACTA_AGENT_RECEIPT_TYPE;
17
+ issued_at: string;
18
+ issuer_id: string;
19
+ tool_name?: string;
20
+ decision: ActaDecision;
21
+ reason?: string;
22
+ policy_digest?: string;
23
+ session_id?: string;
24
+ action_ref?: string;
25
+ payload_digest?: string;
26
+ /** Correlation: native ARS receipt_id. */
27
+ ars_receipt_id: string;
28
+ /** Correlation: ARS scope (`action` | `intent_terminal`). */
29
+ ars_scope: string;
30
+ /** Correlation: ARS kind constant. */
31
+ ars_kind: "paybond.agent_receipt_v1";
32
+ };
33
+ export type ActaDecisionReceiptSignatureV1 = {
34
+ alg: typeof ACTA_SIGNATURE_ALG_EDDSA;
35
+ kid: string;
36
+ sig: string;
37
+ };
38
+ /**
39
+ * ACTA-shaped decision receipt projected from a verified/composed ARS envelope.
40
+ *
41
+ * `signature` copies ARS Ed25519 material for correlation. Consumers MUST verify
42
+ * the original ARS envelope (or `payload_digest`) with native ARS verify —
43
+ * ACTA JCS signing over this projected payload is not performed.
44
+ */
45
+ export type ActaDecisionReceiptV1 = {
46
+ payload: ActaDecisionReceiptPayloadV1;
47
+ signature: ActaDecisionReceiptSignatureV1;
48
+ };
49
+ /**
50
+ * Maps ARS execution / outcome fields to an ACTA allow/deny decision.
51
+ */
52
+ export declare function projectActaDecisionFromAgentReceipt(receipt: AgentReceiptV1 | Record<string, unknown>): ActaDecision;
53
+ /**
54
+ * Projects a composed/verified ARS receipt into an ACTA decision-receipt shape.
55
+ *
56
+ * @throws Error when required ARS correlation fields are missing
57
+ */
58
+ export declare function projectAgentReceiptToActaDecisionReceipt(receipt: AgentReceiptV1 | Record<string, unknown>): ActaDecisionReceiptV1;
@@ -0,0 +1,140 @@
1
+ /**
2
+ * ACTA decision-receipt projection for `paybond.agent_receipt_v1`.
3
+ *
4
+ * Maps ARS fields into the ACTA Signed Decision Receipt shape
5
+ * (`draft-farley-acta-signed-receipts`) for MCP / governance handoff.
6
+ * This is an export projection only — ARS remains the canonical wire format
7
+ * and authenticity is verified via native ARS verify, not ACTA JCS re-sign.
8
+ */
9
+ /** ACTA payload `type` for Paybond agent-receipt projections. */
10
+ export const ACTA_AGENT_RECEIPT_TYPE = "paybond:agent_receipt";
11
+ /** ACTA signature algorithm label used in the projected envelope. */
12
+ export const ACTA_SIGNATURE_ALG_EDDSA = "EdDSA";
13
+ function asRecord(value) {
14
+ if (!value || typeof value !== "object" || Array.isArray(value)) {
15
+ return null;
16
+ }
17
+ return value;
18
+ }
19
+ function optionalString(value) {
20
+ if (typeof value !== "string") {
21
+ return undefined;
22
+ }
23
+ const trimmed = value.trim();
24
+ return trimmed.length > 0 ? trimmed : undefined;
25
+ }
26
+ function sha256Prefixed(hexDigest) {
27
+ const normalized = hexDigest.trim().toLowerCase();
28
+ if (normalized.startsWith("sha256:")) {
29
+ return normalized;
30
+ }
31
+ return `sha256:${normalized}`;
32
+ }
33
+ /**
34
+ * Maps ARS execution / outcome fields to an ACTA allow/deny decision.
35
+ */
36
+ export function projectActaDecisionFromAgentReceipt(receipt) {
37
+ const doc = receipt;
38
+ const scope = optionalString(doc.scope)?.toLowerCase();
39
+ const outcome = asRecord(doc.outcome);
40
+ const execution = asRecord(doc.execution);
41
+ const evidence = asRecord(doc.evidence);
42
+ if (scope === "intent_terminal") {
43
+ const settlement = optionalString(outcome?.settlement_outcome)?.toUpperCase();
44
+ if (settlement === "FAILED" || settlement === "REVERSED") {
45
+ return "deny";
46
+ }
47
+ if (settlement === "SETTLED" || settlement === "PENDING_FINALITY") {
48
+ return "allow";
49
+ }
50
+ const harbor = optionalString(outcome?.harbor_state)?.toLowerCase();
51
+ if (harbor === "failed" || harbor === "failure" || harbor === "refunded") {
52
+ return "deny";
53
+ }
54
+ return "allow";
55
+ }
56
+ const execOutcome = optionalString(execution?.outcome)?.toLowerCase();
57
+ if (execOutcome && execOutcome !== "executed") {
58
+ return "deny";
59
+ }
60
+ if (evidence?.predicate_passed === false || outcome?.predicate_passed === false) {
61
+ return "deny";
62
+ }
63
+ return "allow";
64
+ }
65
+ /**
66
+ * Projects a composed/verified ARS receipt into an ACTA decision-receipt shape.
67
+ *
68
+ * @throws Error when required ARS correlation fields are missing
69
+ */
70
+ export function projectAgentReceiptToActaDecisionReceipt(receipt) {
71
+ const doc = receipt;
72
+ const receiptId = optionalString(doc.receipt_id);
73
+ const issuedAt = optionalString(doc.issued_at);
74
+ const scope = optionalString(doc.scope);
75
+ const pubKey = optionalString(doc.signing_public_key_ed25519_hex)?.toLowerCase();
76
+ const sig = optionalString(doc.ed25519_signature_hex)?.toLowerCase();
77
+ const messageDigest = optionalString(doc.message_digest_sha256_hex)?.toLowerCase();
78
+ if (!receiptId) {
79
+ throw new Error("acta projection: receipt_id is required");
80
+ }
81
+ if (!issuedAt) {
82
+ throw new Error("acta projection: issued_at is required");
83
+ }
84
+ if (!scope) {
85
+ throw new Error("acta projection: scope is required");
86
+ }
87
+ if (!pubKey) {
88
+ throw new Error("acta projection: signing_public_key_ed25519_hex is required");
89
+ }
90
+ if (!sig) {
91
+ throw new Error("acta projection: ed25519_signature_hex is required");
92
+ }
93
+ const authorization = asRecord(doc.authorization);
94
+ const policy = asRecord(authorization?.policy);
95
+ const execution = asRecord(doc.execution);
96
+ const outcome = asRecord(doc.outcome);
97
+ const continuity = asRecord(doc.continuity);
98
+ const policyDigestHex = optionalString(policy?.content_digest_sha256_hex);
99
+ const toolName = optionalString(execution?.tool_name);
100
+ const sessionId = optionalString(execution?.run_id) ?? optionalString(continuity?.run_id);
101
+ const actionRef = optionalString(execution?.arguments_digest_sha256_hex) ?? messageDigest;
102
+ const reason = optionalString(outcome?.harbor_state) ??
103
+ optionalString(outcome?.spend_reservation_outcome) ??
104
+ optionalString(outcome?.settlement_outcome);
105
+ const payload = {
106
+ type: ACTA_AGENT_RECEIPT_TYPE,
107
+ issued_at: issuedAt,
108
+ issuer_id: pubKey,
109
+ decision: projectActaDecisionFromAgentReceipt(doc),
110
+ ars_receipt_id: receiptId,
111
+ ars_scope: scope,
112
+ ars_kind: "paybond.agent_receipt_v1",
113
+ };
114
+ if (toolName) {
115
+ payload.tool_name = toolName;
116
+ }
117
+ if (reason) {
118
+ payload.reason = reason;
119
+ }
120
+ if (policyDigestHex) {
121
+ payload.policy_digest = sha256Prefixed(policyDigestHex);
122
+ }
123
+ if (sessionId) {
124
+ payload.session_id = sessionId;
125
+ }
126
+ if (actionRef) {
127
+ payload.action_ref = actionRef.toLowerCase();
128
+ }
129
+ if (messageDigest) {
130
+ payload.payload_digest = sha256Prefixed(messageDigest);
131
+ }
132
+ return {
133
+ payload,
134
+ signature: {
135
+ alg: ACTA_SIGNATURE_ALG_EDDSA,
136
+ kid: pubKey,
137
+ sig,
138
+ },
139
+ };
140
+ }
@@ -0,0 +1,40 @@
1
+ import { type VerifyAgentReceiptV1Options } from "./agent-receipt.js";
2
+ export declare const AGENT_RECEIPT_TRANSPARENCY_STH_KIND_V1 = "paybond.agent_receipt_transparency_sth_v1";
3
+ export declare const AGENT_RECEIPT_TRANSPARENCY_INCLUSION_PROOF_KIND_V1 = "paybond.agent_receipt_transparency_inclusion_proof_v1";
4
+ export declare const AGENT_RECEIPT_TRANSPARENCY_SCHEMA_VERSION = 1;
5
+ export type SignedTreeHeadV1 = {
6
+ kind: string;
7
+ schema_version: number;
8
+ tenant_id: string;
9
+ tree_size: number;
10
+ root_hash_sha256_hex: string;
11
+ issued_at: string;
12
+ signing_algorithm: string;
13
+ signing_public_key_ed25519_hex: string;
14
+ message_digest_sha256_hex: string;
15
+ ed25519_signature_hex: string;
16
+ };
17
+ export type InclusionProofV1 = {
18
+ kind: string;
19
+ schema_version: number;
20
+ tenant_id: string;
21
+ receipt_id: string;
22
+ message_digest_sha256_hex: string;
23
+ leaf_index: number;
24
+ tree_size: number;
25
+ leaf_hash_sha256_hex: string;
26
+ audit_path_sha256_hex: string[];
27
+ root_hash_sha256_hex: string;
28
+ tree_head: SignedTreeHeadV1;
29
+ };
30
+ /** RFC 6962 leaf hash: SHA-256(0x00 || leafData). */
31
+ export declare function merkleLeafHashRFC6962(leafData: Uint8Array): Uint8Array;
32
+ /** RFC 6962 internal node hash: SHA-256(0x01 || left || right). */
33
+ export declare function merkleNodeHashRFC6962(left: Uint8Array, right: Uint8Array): Uint8Array;
34
+ /** Verifies a signed tree head (digest + Ed25519). */
35
+ export declare function verifySignedTreeHeadV1(sth: SignedTreeHeadV1, options?: VerifyAgentReceiptV1Options): Promise<SignedTreeHeadV1>;
36
+ /**
37
+ * Verifies that a receipt message digest is included in a published signed tree head
38
+ * via an RFC 6962 Merkle inclusion proof.
39
+ */
40
+ export declare function verifyAgentReceiptInclusion(proof: InclusionProofV1, options?: VerifyAgentReceiptV1Options): Promise<InclusionProofV1>;