@paybond/kit 0.12.4 → 0.12.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent/facade.d.ts +2 -0
- package/dist/agent/facade.js +10 -2
- package/dist/agent/guarded-agent.d.ts +3 -1
- package/dist/agent/guarded-agent.js +13 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/agent/index.js +1 -1
- package/dist/agent/instrument.d.ts +3 -0
- package/dist/agent/instrument.js +21 -10
- package/dist/agent/interceptor.js +19 -0
- package/dist/agent/types.d.ts +14 -0
- package/dist/agent-receipt-acta.d.ts +58 -0
- package/dist/agent-receipt-acta.js +140 -0
- package/dist/agent-receipt-inclusion.d.ts +40 -0
- package/dist/agent-receipt-inclusion.js +209 -0
- package/dist/agent-receipt-owner-disclosure.d.ts +71 -0
- package/dist/agent-receipt-owner-disclosure.js +277 -0
- package/dist/agent-receipt-pef.d.ts +69 -0
- package/dist/agent-receipt-pef.js +121 -0
- package/dist/agent-receipt-scitt.d.ts +50 -0
- package/dist/agent-receipt-scitt.js +382 -0
- package/dist/agent-receipt.d.ts +55 -0
- package/dist/agent-receipt.js +297 -4
- package/dist/claude-agents/config.d.ts +21 -2
- package/dist/claude-agents/config.js +37 -0
- package/dist/claude-agents/index.d.ts +1 -1
- package/dist/claude-agents/index.js +1 -1
- package/dist/cli/agent/demo-loaders.d.ts +1 -0
- package/dist/cli/agent/demo-loaders.js +12 -0
- package/dist/cli/command-spec.js +16 -1
- package/dist/cli/commands/agent.d.ts +4 -0
- package/dist/cli/commands/agent.js +107 -1
- package/dist/cli/help.js +4 -1
- package/dist/cloudflare-agents/config.d.ts +1 -1
- package/dist/cloudflare-agents/config.js +2 -2
- package/dist/google-adk/config.d.ts +36 -0
- package/dist/google-adk/config.js +172 -0
- package/dist/google-adk/index.d.ts +2 -0
- package/dist/google-adk/index.js +2 -0
- package/dist/google-adk/sandbox-demo.d.ts +32 -0
- package/dist/google-adk/sandbox-demo.js +104 -0
- package/dist/index.d.ts +10 -2
- package/dist/index.js +11 -3
- package/dist/init.js +29 -0
- package/dist/mcp-receipt-resource.js +3 -1
- package/dist/mcp-server.js +182 -10
- package/dist/policy/adapter-options.d.ts +9 -0
- package/dist/policy/adapter-options.js +11 -0
- package/dist/policy/index.d.ts +1 -0
- package/dist/policy/index.js +1 -0
- package/dist/policy/load.d.ts +7 -0
- package/dist/policy/load.js +13 -0
- package/dist/policy/merge.js +26 -0
- package/dist/policy/schema.d.ts +20 -0
- package/dist/policy/schema.js +34 -2
- package/dist/shopify/instrument.d.ts +8 -8
- package/dist/template-init.d.ts +2 -2
- package/dist/template-init.js +12 -4
- package/dist/vercel-ai/config.d.ts +2 -1
- package/dist/vercel-ai/config.js +2 -2
- package/dist/vercel-ai/index.d.ts +2 -1
- package/dist/vercel-ai/index.js +2 -1
- package/dist/vercel-ai/provider-executed.d.ts +7 -0
- package/dist/vercel-ai/provider-executed.js +20 -0
- package/dist/vercel-ai/tool-approval.d.ts +5 -0
- package/dist/vercel-ai/tool-approval.js +8 -1
- package/dist/vercel-ai/wrap-tools.d.ts +8 -1
- package/dist/vercel-ai/wrap-tools.js +17 -4
- package/glama.json +6 -0
- package/package.json +15 -5
- package/templates/manifest.json +57 -12
- package/templates/openai-shopping-agent/package-lock.json +379 -14
- package/templates/openai-shopping-agent/package.json +2 -2
- package/templates/paybond-aws-operator/package-lock.json +376 -11
- package/templates/paybond-aws-operator/package.json +2 -2
- package/templates/paybond-claude-agents-demo/package-lock.json +379 -14
- package/templates/paybond-claude-agents-demo/package.json +2 -2
- package/templates/paybond-cloudflare-shopping-agent/.env.example +3 -0
- package/templates/paybond-cloudflare-shopping-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-cloudflare-shopping-agent/LICENSE +201 -0
- package/templates/paybond-cloudflare-shopping-agent/README.md +29 -0
- package/templates/paybond-cloudflare-shopping-agent/package-lock.json +2671 -0
- package/templates/paybond-cloudflare-shopping-agent/package.json +23 -0
- package/templates/paybond-cloudflare-shopping-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-cloudflare-shopping-agent/src/agent.ts +109 -0
- package/templates/paybond-cloudflare-shopping-agent/src/index.ts +22 -0
- package/templates/paybond-cloudflare-shopping-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-cloudflare-shopping-agent/tsconfig.json +13 -0
- package/templates/paybond-crewai-procurement-agent/.env.example +3 -0
- package/templates/paybond-crewai-procurement-agent/.github/workflows/smoke.yml +19 -0
- package/templates/paybond-crewai-procurement-agent/LICENSE +201 -0
- package/templates/paybond-crewai-procurement-agent/README.md +73 -0
- package/templates/paybond-crewai-procurement-agent/app.py +79 -0
- package/templates/paybond-crewai-procurement-agent/crew.py +117 -0
- package/templates/paybond-crewai-procurement-agent/package.json +6 -0
- package/templates/paybond-crewai-procurement-agent/paybond.policy.yaml +28 -0
- package/templates/paybond-crewai-procurement-agent/paybond_config.py +45 -0
- package/templates/paybond-crewai-procurement-agent/requirements.txt +2 -0
- package/templates/paybond-invoice-agent/requirements.txt +1 -1
- package/templates/paybond-mastra-travel-agent/package-lock.json +379 -14
- package/templates/paybond-mastra-travel-agent/package.json +2 -2
- package/templates/paybond-mcp-coding-agent/package-lock.json +376 -11
- package/templates/paybond-mcp-coding-agent/package.json +2 -2
- package/templates/paybond-openai-agents-demo/package-lock.json +379 -14
- package/templates/paybond-openai-agents-demo/package.json +2 -2
- package/templates/paybond-procurement-agent/package-lock.json +376 -11
- package/templates/paybond-procurement-agent/package.json +2 -2
- package/templates/paybond-shopify-shopping-agent/package-lock.json +376 -11
- package/templates/paybond-shopify-shopping-agent/package.json +2 -2
- package/templates/paybond-stripe-agent-demo/package-lock.json +376 -11
- package/templates/paybond-stripe-agent-demo/package.json +2 -2
- package/templates/paybond-travel-agent/package-lock.json +376 -11
- package/templates/paybond-travel-agent/package.json +2 -2
- package/templates/paybond-vercel-shopping-agent/package-lock.json +376 -11
- package/templates/paybond-vercel-shopping-agent/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
import { buildSignedCreateIntentBody, buildSignedCreateIntentBodyWithPolicyBinding, } from "./principal-intent.js";
|
|
6
6
|
import { signPayeeEvidenceBinding } from "./payee-evidence.js";
|
|
7
7
|
import { PAYBOND_AGENT_RECEIPT_ATTESTATIONS_HEADER, PAYBOND_AGENT_RECEIPT_SOURCE_RUN_HEADER, } from "./agent-receipt.js";
|
|
8
|
-
import { PaybondAgentRunFacade, createPaybondAgentCallable, PaybondInstrumentBuilder, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondToolRegistry, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, resolveAgentPolicySource, wrapPaybondTools, } from "./agent/index.js";
|
|
8
|
+
import { PaybondAgentRunFacade, createPaybondAgentCallable, PaybondInstrumentBuilder, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondToolRegistry, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondGoogleAdk, instrumentPaybondVercel, resolveAgentPolicySource, wrapPaybondTools, } from "./agent/index.js";
|
|
9
9
|
import { GatewayAgentRunTraceReporter, } from "./agent/gateway-trace-reporter.js";
|
|
10
10
|
import { fetchWithGatewayRetries, gatewayRetryDelayMs, shouldRetryGatewayResponse, } from "./gateway-retry.js";
|
|
11
11
|
import { PaybondAudit, PaybondAuditExports } from "./audit/index.js";
|
|
@@ -2562,6 +2562,9 @@ export class Paybond {
|
|
|
2562
2562
|
instrumentOpenAI(input) {
|
|
2563
2563
|
return instrumentPaybondOpenAI(this, input);
|
|
2564
2564
|
}
|
|
2565
|
+
instrumentGoogleAdk(input) {
|
|
2566
|
+
return instrumentPaybondGoogleAdk(this, input);
|
|
2567
|
+
}
|
|
2565
2568
|
instrumentVercel(input) {
|
|
2566
2569
|
return instrumentPaybondVercel(this, input);
|
|
2567
2570
|
}
|
|
@@ -2604,12 +2607,17 @@ export { normalizeCommerceBinding, encodeCommerceBindingToStripeMetadata, decode
|
|
|
2604
2607
|
export { validateCompletionEvidence, } from "./completion-validate-evidence.js";
|
|
2605
2608
|
export { completionSchemaDigestHex, computeVendorContractDigests, verifyVendorContract, verifyCatalogVendorContracts, } from "./completion-contract-digest.js";
|
|
2606
2609
|
export { contractSnapshotForPreset, mapVendorEvidenceToCanonical, resolveCompletionPreset, } from "./completion-resolve.js";
|
|
2607
|
-
export { PaybondAgentRun, PaybondAgentRunBindError, PaybondAgentRunFacade, PaybondEvidenceSubmitError, PaybondToolInterceptor, PaybondToolRegistry, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, buildAutoEvidencePayload, createGenericToolExecutor, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondGenericAgentConfig, createPaybondGenericInputGuard, createPaybondToolRegistry, createToolInputGuardAdapter, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondVercel, paybondGenericToolExecutorAdapter, paybondToolInputGuardAdapter, resolveAgentPolicySource, toPaybondAgentResult, wrapPaybondTools, PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, } from "./agent/index.js";
|
|
2610
|
+
export { PaybondAgentRun, PaybondAgentRunBindError, PaybondAgentRunFacade, PaybondEvidenceSubmitError, PaybondToolInterceptor, PaybondToolRegistry, PaybondToolRegistryValidationError, PaybondUnregisteredSideEffectingToolError, buildAutoEvidencePayload, createGenericToolExecutor, createGuardedAgent, createGuardedAgentRunner, createPaybondAgent, createPaybondGenericAgentConfig, createPaybondGenericInputGuard, createPaybondToolRegistry, createToolInputGuardAdapter, instrumentPaybondAgent, instrumentPaybondClaudeAgents, instrumentPaybondLangGraph, instrumentPaybondMCP, instrumentPaybondOpenAI, instrumentPaybondGoogleAdk, instrumentPaybondVercel, paybondGenericToolExecutorAdapter, paybondToolInputGuardAdapter, resolveAgentPolicySource, toPaybondAgentResult, wrapPaybondTools, PaybondInstrumentBuilder, PaybondInstrumented, PaybondInstrumentRuntime, PaybondLazyContextError, PaybondUnboundContextError, discoverPolicyFromAgent, discoverToolNames, discoverToolsFromAgent, inlinePolicyToDocument, isInlinePolicy, isInstrumentableAgentObject, readPaybondAgentInstrumentation, } from "./agent/index.js";
|
|
2608
2611
|
export { PaybondAudit, PaybondAuditExports, GatewayAuditExportsClient, parseAuditExportList, parseAuditExportJobGet, verifyAuditManifest, verifyAuditBundleLocal, } from "./audit/index.js";
|
|
2609
2612
|
export { PaybondPolicy, composePolicyLayers, composeBundledPresetDefault, domain, guardrails, paybondPolicyPresets, resolveComposedPresetDocument, } from "./policy/index.js";
|
|
2610
2613
|
export { getSolutionSmokeDefaults, isKnownSolutionId, listSolutionIds, loadSolutionManifest, paybondSolutionPresets, } from "./solutions/index.js";
|
|
2611
2614
|
export { appendDirectHarborPaymentAuthorization, formatPaymentAuthorizationValue, PAYBOND_PAYMENT_AUTHORIZATION_HEADER, PAYMENT_TRANSPORT_RESPONSE_HEADERS, paymentAuthorizationGatewayHeader, readFundPaymentTransportHeaders, } from "./payment-transport.js";
|
|
2612
|
-
export { AGENT_RECEIPT_KIND_V1, AGENT_RECEIPT_SCHEMA_VERSION, AGENT_RECEIPT_SCOPE_ACTION, AGENT_RECEIPT_SCOPE_INTENT_TERMINAL, AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519, AGENT_RECEIPT_VERSION_V1, AGENT_RECEIPT_SIGNING_KEYS_WELL_KNOWN_PATH, AGENT_RECEIPT_WELL_KNOWN_PATH, PAYBOND_AGENT_RECEIPT_ATTESTATIONS_HEADER, PAYBOND_AGENT_RECEIPT_SOURCE_RUN_HEADER, actionReceiptId, attachOperatorAttestationV1, canonicalAgentReceiptBytes, configHashSha256Hex, promptHashSha256Hex, valueDigestSha256Hex, verifyAgentReceiptV1, verifyAgentReceiptV1FromJSON, } from "./agent-receipt.js";
|
|
2615
|
+
export { AGENT_RECEIPT_KIND_V1, AGENT_RECEIPT_SCHEMA_VERSION, AGENT_RECEIPT_SCOPE_ACTION, AGENT_RECEIPT_SCOPE_INTENT_TERMINAL, AGENT_RECEIPT_SIGNING_ALGORITHM_ED25519, AGENT_RECEIPT_VERSION_V1, AGENT_RECEIPT_SIGNING_KEYS_WELL_KNOWN_PATH, AGENT_RECEIPT_WELL_KNOWN_PATH, AGENT_RECEIPT_VALIDITY_TIER_OPERATIONAL, AGENT_RECEIPT_VALIDITY_TIER_PRIMARY, AGENT_RECEIPT_VALIDITY_TIER_ATTESTED, EXTERNAL_ATTESTATION_KIND_AGENT_MANDATE_V1, SETTLEMENT_OUTCOME_SETTLED, SETTLEMENT_OUTCOME_PENDING_FINALITY, SETTLEMENT_OUTCOME_REVERSED, SETTLEMENT_OUTCOME_FAILED, PAYBOND_AGENT_RECEIPT_ATTESTATIONS_HEADER, PAYBOND_AGENT_RECEIPT_SOURCE_RUN_HEADER, actionReceiptId, achievedValidityTier, attachOperatorAttestationV1, canonicalAgentReceiptBytes, configHashSha256Hex, continuityFromPrior, promptHashSha256Hex, valueDigestSha256Hex, verifyAgentReceiptV1, verifyAgentReceiptV1FromJSON, verifyContinuityChain, } from "./agent-receipt.js";
|
|
2616
|
+
export { AGENT_RECEIPT_TRANSPARENCY_INCLUSION_PROOF_KIND_V1, AGENT_RECEIPT_TRANSPARENCY_SCHEMA_VERSION, AGENT_RECEIPT_TRANSPARENCY_STH_KIND_V1, merkleLeafHashRFC6962, merkleNodeHashRFC6962, verifyAgentReceiptInclusion, verifySignedTreeHeadV1, } from "./agent-receipt-inclusion.js";
|
|
2617
|
+
export { ACTA_AGENT_RECEIPT_TYPE, ACTA_SIGNATURE_ALG_EDDSA, projectActaDecisionFromAgentReceipt, projectAgentReceiptToActaDecisionReceipt, } from "./agent-receipt-acta.js";
|
|
2618
|
+
export { PEF_CANON_VERSION_JCS_RFC8785_V1, PEF_CLAIM_TYPE_AGENT_RECEIPT_V1, PEF_RECEIPT_FORMAT_AGENT_RECEIPT_V1, PEF_VERSION_V1, agentReceiptPefFrameId, agentReceiptPefPreimage, agentReceiptPefReceiptHash, buildAgentReceiptPefFrame, jcsCanonicalBytes, verifyAgentReceiptPefFrameId, } from "./agent-receipt-pef.js";
|
|
2619
|
+
export { AGENT_RECEIPT_SCITT_EXPORT_KIND_V1, AGENT_RECEIPT_SCITT_STATEMENT_KIND_V1, COSE_ALG_EDDSA, buildAgentReceiptScittExport, verifyAgentReceiptScittExport, } from "./agent-receipt-scitt.js";
|
|
2620
|
+
export { AGENT_RECEIPT_OWNER_DISCLOSURE_HPKE_SUITE, AGENT_RECEIPT_OWNER_DISCLOSURE_INFO, AGENT_RECEIPT_OWNER_DISCLOSURE_KIND_V1, AGENT_RECEIPT_OWNER_DISCLOSURE_PLAINTEXT_KIND_V1, AGENT_RECEIPT_OWNER_DISCLOSURE_SCHEMA_VERSION, decryptOwnerDisclosurePackage, deriveOwnerDisclosurePlaintext, encryptOwnerDisclosurePackage, generateX25519KeyPairHex, openHpkeBaseX25519Aes128Gcm, sealHpkeBaseX25519Aes128Gcm, } from "./agent-receipt-owner-disclosure.js";
|
|
2613
2621
|
export { FORBIDDEN_AGENT_RECEIPT_FIELDS, parseAgentReceiptJSON, validateAgentReceiptJSON, } from "./agent-receipt-prevalidate.js";
|
|
2614
2622
|
export { AGENT_RECEIPT_EXTERNAL_SOURCE_AP2, AGENT_RECEIPT_EXTERNAL_SOURCE_SEP2828, AGENT_RECEIPT_EXTERNAL_SOURCE_X402, partnerRecordDigestSha256Hex, protocolAuthorizationReceiptToExternalAttestations, protocolSettlementReceiptToExternalAttestations, resolveExternalAttestations, sep2828RecordsToExternalAttestations, signedMandateToExternalAttestations, x402ReceiptToExternalAttestations, } from "./agent-receipt-external-attestations.js";
|
|
2615
2623
|
export { AGENT_RECEIPT_PDF_EXPORT_DERIVED_VIEW_LABEL, AGENT_RECEIPT_PDF_EXPORT_MANIFEST_KIND, AGENT_RECEIPT_PDF_EXPORT_MANIFEST_SCHEMA_VERSION, FORBIDDEN_PDF_EXPORT_MANIFEST_FIELDS, gateAgentReceiptPDFExport, parseAgentReceiptPDFExportManifestJSON, validateAgentReceiptPDFExportManifestJSON, } from "./agent-receipt-pdf-export.js";
|
package/dist/init.js
CHANGED
|
@@ -24,6 +24,7 @@ const AGENT_MIDDLEWARE_FRAMEWORKS = new Set([
|
|
|
24
24
|
"vercel-ai",
|
|
25
25
|
"mastra",
|
|
26
26
|
"cloudflare-agents",
|
|
27
|
+
"google-adk",
|
|
27
28
|
"mcp",
|
|
28
29
|
]);
|
|
29
30
|
const AGENT_MIDDLEWARE_FRAMEWORK_ALIASES = {
|
|
@@ -233,6 +234,7 @@ function agentMiddlewareHeaderComments(framework) {
|
|
|
233
234
|
"vercel-ai": "paybond agent demo vercel-ai smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --format json",
|
|
234
235
|
mastra: "paybond agent demo mastra smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --format json",
|
|
235
236
|
"cloudflare-agents": "paybond agent demo cloudflare-agents smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --format json",
|
|
237
|
+
"google-adk": "paybond agent demo google-adk smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json",
|
|
236
238
|
mcp: "paybond agent demo mcp smoke --operation travel.book_hotel --requested-spend-cents 20000 --evidence-preset cost_and_completion --format json",
|
|
237
239
|
};
|
|
238
240
|
return [
|
|
@@ -398,6 +400,33 @@ export function createGuardedMastraTools(run: PaybondAgentRun) {
|
|
|
398
400
|
}),
|
|
399
401
|
];
|
|
400
402
|
return createPaybondMastraConfig(run, tools).tools;
|
|
403
|
+
}`;
|
|
404
|
+
case "google-adk":
|
|
405
|
+
return `import { FunctionTool } from "@google/adk";
|
|
406
|
+
import { z } from "zod";
|
|
407
|
+
import { createPaybondGoogleAdkConfig } from "@paybond/kit/google-adk";
|
|
408
|
+
import type { PaybondAgentRun } from "@paybond/kit/agent";
|
|
409
|
+
|
|
410
|
+
/** Wrap Google ADK FunctionTool definitions with Paybond middleware on \`execute\`. */
|
|
411
|
+
export function createGuardedGoogleAdkTools(run: PaybondAgentRun) {
|
|
412
|
+
const tools = [
|
|
413
|
+
new FunctionTool({
|
|
414
|
+
name: "travel.book_hotel",
|
|
415
|
+
description: "Book a hotel room",
|
|
416
|
+
parameters: z.object({
|
|
417
|
+
city: z.string(),
|
|
418
|
+
estimatedPriceCents: z.number().int().nonnegative(),
|
|
419
|
+
}),
|
|
420
|
+
execute: async (args) => bookHotel(args),
|
|
421
|
+
}),
|
|
422
|
+
new FunctionTool({
|
|
423
|
+
name: "search.web",
|
|
424
|
+
description: "Search the web",
|
|
425
|
+
parameters: z.object({ query: z.string() }),
|
|
426
|
+
execute: async (args) => searchWeb(args),
|
|
427
|
+
}),
|
|
428
|
+
];
|
|
429
|
+
return createPaybondGoogleAdkConfig(run, tools).tools;
|
|
401
430
|
}`;
|
|
402
431
|
case "cloudflare-agents":
|
|
403
432
|
return `import { tool } from "ai";
|
|
@@ -26,7 +26,9 @@ export function agentReceiptResourceTemplateDefinition() {
|
|
|
26
26
|
uriTemplate: MCP_AGENT_RECEIPT_RESOURCE_URI_TEMPLATE,
|
|
27
27
|
name: "paybond_agent_receipt",
|
|
28
28
|
title: "Paybond Agent Receipt",
|
|
29
|
-
description: "
|
|
29
|
+
description: "Agent-to-agent handoff of signed paybond.agent_receipt_v1 JSON. " +
|
|
30
|
+
"resources/read fetches tenant-bound GET /protocol/v2/agent-receipts/{receipt_id} " +
|
|
31
|
+
"and runs an operational-tier signature verify before returning contents.",
|
|
30
32
|
mimeType: MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE,
|
|
31
33
|
};
|
|
32
34
|
}
|
package/dist/mcp-server.js
CHANGED
|
@@ -11,11 +11,11 @@ import { MCP_TOOL_ALLOWLIST_ENV, MCP_TOOL_POLICY_ENV, mergeMcpToolPolicy, parseM
|
|
|
11
11
|
import { MCP_EVIDENCE_POLICY_ENV, McpEvidenceValidationGate, completionEvidenceValidationOk, extractHarborEvidenceValidationInput, extractSandboxGuardrailValidationInput, parseMcpEvidencePolicy, } from "./mcp-evidence-policy.js";
|
|
12
12
|
import { McpCapabilityTokenCache, mcpToolStoresCapabilityToken, parseMcpCapabilityTokenCacheConfig, } from "./mcp-capability-token-cache.js";
|
|
13
13
|
import { createMcpPolicyGatewayAdapter, McpPolicyReloadGate, parseMcpPolicyReloadConfig, } from "./mcp-policy-reload.js";
|
|
14
|
-
import { verifyAgentReceiptV1FromJSON } from "./agent-receipt.js";
|
|
14
|
+
import { AGENT_RECEIPT_KIND_V1, verifyAgentReceiptV1FromJSON, } from "./agent-receipt.js";
|
|
15
15
|
import { agentReceiptResourceTemplateDefinition, agentReceiptResourceUri, MCP_AGENT_RECEIPT_RESOURCE_MIME_TYPE, parseAgentReceiptResourceUri, } from "./mcp-receipt-resource.js";
|
|
16
16
|
import { DEFAULT_PAYBOND_GATEWAY_BASE_URL, GatewayFraudClient, GatewaySignalClient, } from "./index.js";
|
|
17
17
|
const SERVER_NAME = "Paybond MCP";
|
|
18
|
-
const SERVER_VERSION = "0.12.
|
|
18
|
+
const SERVER_VERSION = "0.12.6";
|
|
19
19
|
const MCP_PROTOCOL_VERSION = "2025-11-25";
|
|
20
20
|
const DEFAULT_PRINCIPAL_PATH = "/v1/auth/principal";
|
|
21
21
|
const DEFAULT_RECOGNITION_VERIFIER_ID = "paybond-gateway";
|
|
@@ -63,14 +63,31 @@ const AUTHORIZE_SPEND_OUTPUT_PROPERTIES = {
|
|
|
63
63
|
const TOOL_SELECTION_METADATA = {
|
|
64
64
|
paybond_get_principal: {
|
|
65
65
|
title: "Get Paybond Principal",
|
|
66
|
+
description: "Use this when you need to confirm which tenant-bound service-account principal the configured PAYBOND_API_KEY authenticates as " +
|
|
67
|
+
"(tenant_id, subject, and roles). Call early as a prerequisite before Harbor escrow, Signal reads, or other tenant-scoped tools when " +
|
|
68
|
+
"tenant identity is unknown. Not required before every later call once tenant_id is already known from a prior principal response or host config. " +
|
|
69
|
+
"Do not use this when you need Harbor intent escrow detail; use paybond_get_intent instead when you have an intent_id. " +
|
|
70
|
+
"Do not use this for A2A discovery; use paybond_get_a2a_agent_card instead. " +
|
|
71
|
+
"Makes one read-only external GET to the gateway principal endpoint; idempotent identity lookup with no side effects " +
|
|
72
|
+
"(no mutations, spend reservations, escrow changes, or ledger writes); auth or gateway failures surface as tool errors.",
|
|
66
73
|
annotations: readOnlyToolAnnotations("Get Paybond Principal"),
|
|
67
74
|
outputSchema: outputObjectSchema({
|
|
68
75
|
tenant_id: {
|
|
69
76
|
type: "string",
|
|
70
77
|
description: "Tenant bound to the configured Paybond API key.",
|
|
78
|
+
examples: ["tenant-a"],
|
|
79
|
+
},
|
|
80
|
+
subject: {
|
|
81
|
+
type: "string",
|
|
82
|
+
description: "Service-account subject identifier echoed by the gateway for the authenticated API key (example: service-account-1).",
|
|
83
|
+
examples: ["service-account-1"],
|
|
84
|
+
},
|
|
85
|
+
roles: {
|
|
86
|
+
type: "array",
|
|
87
|
+
items: { type: "string" },
|
|
88
|
+
description: "RBAC roles granted to this principal for the authenticated tenant (example: [\"operator\"]).",
|
|
89
|
+
examples: [["operator"]],
|
|
71
90
|
},
|
|
72
|
-
subject: { type: "string" },
|
|
73
|
-
roles: { type: "array", items: { type: "string" } },
|
|
74
91
|
}),
|
|
75
92
|
},
|
|
76
93
|
paybond_verify_capability: {
|
|
@@ -330,12 +347,37 @@ const TOOL_SELECTION_METADATA = {
|
|
|
330
347
|
},
|
|
331
348
|
paybond_get_signed_portfolio_artifact: {
|
|
332
349
|
title: "Get Signed Portfolio Artifact",
|
|
350
|
+
description: "Use this when you need a portable, tenant-scoped signed Signal portfolio snapshot (operator list plus Ed25519 signing material) " +
|
|
351
|
+
"for offline verifier checks or partner sharing—not a public leaderboard. " +
|
|
352
|
+
"Requires PAYBOND_API_KEY with Signal analytics read access. Omit score_version to use the gateway default current model (1.0). " +
|
|
353
|
+
"Do not use this for tenant-wide aggregates without signatures—call paybond_get_portfolio_summary—or for one operator's signed receipt—call " +
|
|
354
|
+
"paybond_get_reputation_receipt—or for one operator's fraud review posture—call paybond_get_fraud_assessment. " +
|
|
355
|
+
"Idempotent read with no side effects; auth, RBAC, feature, or gateway failures surface as tool errors.",
|
|
333
356
|
annotations: readOnlyToolAnnotations("Get Signed Portfolio Artifact"),
|
|
334
357
|
outputSchema: outputObjectSchema({
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
358
|
+
kind: {
|
|
359
|
+
type: "string",
|
|
360
|
+
description: "Artifact kind identifier (currently paybond.signal.portfolio_snapshot).",
|
|
361
|
+
examples: ["paybond.signal.portfolio_snapshot"],
|
|
362
|
+
},
|
|
363
|
+
tenant_id: {
|
|
364
|
+
type: "string",
|
|
365
|
+
description: "Tenant echoed by the gateway for the authenticated API key (example: tenant-a). Never invent tenant identifiers.",
|
|
366
|
+
examples: ["tenant-a"],
|
|
367
|
+
},
|
|
368
|
+
score_model_version: {
|
|
369
|
+
type: "string",
|
|
370
|
+
description: "Score model version used for the artifact (echoes the requested score_version or the gateway default 1.0).",
|
|
371
|
+
examples: ["1.0"],
|
|
372
|
+
},
|
|
373
|
+
checkpoint_last_ledger_seq: {
|
|
374
|
+
type: "integer",
|
|
375
|
+
description: "Last ledger sequence included in the tenant Signal checkpoint for this artifact.",
|
|
376
|
+
},
|
|
377
|
+
signature_hex: {
|
|
378
|
+
type: "string",
|
|
379
|
+
description: "Ed25519 signature hex over the canonical portfolio artifact payload.",
|
|
380
|
+
},
|
|
339
381
|
}),
|
|
340
382
|
},
|
|
341
383
|
paybond_get_fraud_assessment: {
|
|
@@ -508,6 +550,65 @@ const TOOL_SELECTION_METADATA = {
|
|
|
508
550
|
intent_id: { type: "string" },
|
|
509
551
|
}, ["tenant_id", "receipt_id"]),
|
|
510
552
|
},
|
|
553
|
+
paybond_get_agent_receipt_v1: {
|
|
554
|
+
title: "Get Agent Receipt",
|
|
555
|
+
description: "Use this when you need the signed paybond.agent_receipt_v1 JSON for one receipt_id " +
|
|
556
|
+
"(SHA-256 action id or intent-terminal UUID) via tenant-bound Gateway GET. " +
|
|
557
|
+
"Do not use this for protocol settlement receipts—call paybond_get_settlement_receipt_v1. " +
|
|
558
|
+
"For agent-to-agent handoff without embedding JSON in prompts, prefer the MCP resource " +
|
|
559
|
+
"paybond://receipt/{receipt_id} (resources/read verifies at the operational tier). " +
|
|
560
|
+
"Validity tiers beyond operational, continuity-chain, inclusion proofs, owner disclosure, " +
|
|
561
|
+
"and ACTA/PEF/SCITT adapters are Kit/CLI/Gateway auditor surfaces—not this tool's job. " +
|
|
562
|
+
"Read-only and side-effect free.",
|
|
563
|
+
annotations: readOnlyToolAnnotations("Get Agent Receipt"),
|
|
564
|
+
outputSchema: outputObjectSchema({
|
|
565
|
+
tenant_id: { type: "string" },
|
|
566
|
+
receipt_id: { type: "string" },
|
|
567
|
+
kind: { type: "string" },
|
|
568
|
+
}, ["tenant_id", "receipt_id"]),
|
|
569
|
+
},
|
|
570
|
+
paybond_verify_agent_receipt_v1: {
|
|
571
|
+
title: "Verify Agent Receipt",
|
|
572
|
+
description: "Use this when you already have a signed paybond.agent_receipt_v1 JSON object and need an " +
|
|
573
|
+
"offline operational-tier (default) Ed25519 signature check—schema, digest, and Gateway " +
|
|
574
|
+
"signature—matching resources/read on paybond://receipt/{receipt_id}. " +
|
|
575
|
+
"Optional validity_tier=primary|attested raises the bar (payee digest / operator attestation). " +
|
|
576
|
+
"Do not use this for protocol authorization/settlement receipts—call paybond_verify_protocol_receipt_v1. " +
|
|
577
|
+
"Continuity-chain audits, inclusion proofs, owner disclosure, and ACTA/PEF/SCITT are Kit/CLI/Gateway " +
|
|
578
|
+
"auditor surfaces. Read-only and side-effect free: success returns valid=true with kind, receipt_id, " +
|
|
579
|
+
"tenant_id, and the normalized receipt; failures raise a clear verification error.",
|
|
580
|
+
annotations: readOnlyToolAnnotations("Verify Agent Receipt"),
|
|
581
|
+
outputSchema: outputObjectSchema({
|
|
582
|
+
valid: {
|
|
583
|
+
type: "boolean",
|
|
584
|
+
description: "True when operational (or requested) validity checks passed. Example: true.",
|
|
585
|
+
examples: [true],
|
|
586
|
+
},
|
|
587
|
+
kind: {
|
|
588
|
+
type: "string",
|
|
589
|
+
description: "Verified receipt kind (paybond.agent_receipt_v1).",
|
|
590
|
+
examples: ["paybond.agent_receipt_v1"],
|
|
591
|
+
},
|
|
592
|
+
receipt_id: {
|
|
593
|
+
type: "string",
|
|
594
|
+
description: "Canonical receipt identifier from the verified receipt.",
|
|
595
|
+
},
|
|
596
|
+
tenant_id: {
|
|
597
|
+
type: "string",
|
|
598
|
+
description: "Tenant id embedded in the verified receipt (not invented by the caller).",
|
|
599
|
+
},
|
|
600
|
+
validity_tier: {
|
|
601
|
+
type: "string",
|
|
602
|
+
description: "Requested validity tier used for this verify (operational, primary, or attested).",
|
|
603
|
+
examples: ["operational", "primary", "attested"],
|
|
604
|
+
},
|
|
605
|
+
receipt: {
|
|
606
|
+
type: "object",
|
|
607
|
+
additionalProperties: true,
|
|
608
|
+
description: "Normalized verified paybond.agent_receipt_v1 object.",
|
|
609
|
+
},
|
|
610
|
+
}),
|
|
611
|
+
},
|
|
511
612
|
paybond_verify_protocol_receipt_v1: {
|
|
512
613
|
title: "Verify Protocol Receipt",
|
|
513
614
|
description: "Use this when you already have a signed protocol-v2 authorization or settlement receipt JSON object and need offline Ed25519 verification (structure, message digest, and signature) through the gateway. " +
|
|
@@ -1508,7 +1609,13 @@ export class PaybondMCPServer {
|
|
|
1508
1609
|
const tools = [
|
|
1509
1610
|
{
|
|
1510
1611
|
name: "paybond_get_principal",
|
|
1511
|
-
description: "
|
|
1612
|
+
description: "Use this when you need to confirm which tenant-bound service-account principal the configured PAYBOND_API_KEY authenticates as " +
|
|
1613
|
+
"(tenant_id, subject, and roles). Call early as a prerequisite before Harbor escrow, Signal reads, or other tenant-scoped tools when " +
|
|
1614
|
+
"tenant identity is unknown. Not required before every later call once tenant_id is already known from a prior principal response or host config. " +
|
|
1615
|
+
"Do not use this when you need Harbor intent escrow detail; use paybond_get_intent instead when you have an intent_id. " +
|
|
1616
|
+
"Do not use this for A2A discovery; use paybond_get_a2a_agent_card instead. " +
|
|
1617
|
+
"Makes one read-only external GET to the gateway principal endpoint; idempotent identity lookup with no side effects " +
|
|
1618
|
+
"(no mutations, spend reservations, escrow changes, or ledger writes); auth or gateway failures surface as tool errors.",
|
|
1512
1619
|
inputSchema: emptyObjectSchema(),
|
|
1513
1620
|
call: async () => this.runtime.principal(),
|
|
1514
1621
|
},
|
|
@@ -1782,7 +1889,11 @@ export class PaybondMCPServer {
|
|
|
1782
1889
|
name: "paybond_get_signed_portfolio_artifact",
|
|
1783
1890
|
description: "Fetch the tenant-scoped signed Signal portfolio artifact for portable verifier and partner sharing.",
|
|
1784
1891
|
inputSchema: objectSchema({
|
|
1785
|
-
score_version: {
|
|
1892
|
+
score_version: {
|
|
1893
|
+
type: "string",
|
|
1894
|
+
description: "Optional Signal score model version to query. Omit to use the gateway default current model (1.0). Example: 1.0.",
|
|
1895
|
+
examples: ["1.0"],
|
|
1896
|
+
},
|
|
1786
1897
|
}),
|
|
1787
1898
|
call: async (args) => (await this.runtime.signal()).getSignedPortfolioArtifact(optionalString(args.score_version)),
|
|
1788
1899
|
},
|
|
@@ -1896,6 +2007,61 @@ export class PaybondMCPServer {
|
|
|
1896
2007
|
}, ["receipt_id"]),
|
|
1897
2008
|
call: async (args) => this.runtime.getSettlementReceiptV1(uuidArg(args.receipt_id, "receipt_id")),
|
|
1898
2009
|
},
|
|
2010
|
+
{
|
|
2011
|
+
name: "paybond_get_agent_receipt_v1",
|
|
2012
|
+
description: "Fetch the signed paybond.agent_receipt_v1 for one receipt_id.",
|
|
2013
|
+
inputSchema: objectSchema({
|
|
2014
|
+
receipt_id: {
|
|
2015
|
+
type: "string",
|
|
2016
|
+
description: "Agent receipt id: lowercase SHA-256 hex (action scope) or canonical UUID (intent_terminal). " +
|
|
2017
|
+
"Must belong to the authenticated tenant; do not invent tenant identifiers.",
|
|
2018
|
+
},
|
|
2019
|
+
}, ["receipt_id"]),
|
|
2020
|
+
call: async (args) => this.runtime.getAgentReceiptV1(agentReceiptIdArg(args.receipt_id)),
|
|
2021
|
+
},
|
|
2022
|
+
{
|
|
2023
|
+
name: "paybond_verify_agent_receipt_v1",
|
|
2024
|
+
description: "Verify a signed paybond.agent_receipt_v1 offline (operational tier by default).",
|
|
2025
|
+
inputSchema: objectSchema({
|
|
2026
|
+
receipt: {
|
|
2027
|
+
type: "object",
|
|
2028
|
+
additionalProperties: true,
|
|
2029
|
+
description: "Complete signed paybond.agent_receipt_v1 object (not a receipt_id string). " +
|
|
2030
|
+
"Obtain from paybond_get_agent_receipt_v1, paybond://receipt/{receipt_id}, " +
|
|
2031
|
+
"audit export (agent_receipts/{id}.json; PEF companions may also appear as *.pef.json), " +
|
|
2032
|
+
"or partner handoff—do not invent digests or signatures.",
|
|
2033
|
+
},
|
|
2034
|
+
validity_tier: {
|
|
2035
|
+
type: "string",
|
|
2036
|
+
description: "Optional validity bar: operational (default), primary, or attested. " +
|
|
2037
|
+
"Higher tiers are auditor-oriented; MCP handoff only requires operational.",
|
|
2038
|
+
enum: ["operational", "primary", "attested"],
|
|
2039
|
+
},
|
|
2040
|
+
}, ["receipt"]),
|
|
2041
|
+
call: async (args) => {
|
|
2042
|
+
const receipt = ensureObject(args.receipt, "receipt");
|
|
2043
|
+
const validityTier = args.validity_tier === undefined
|
|
2044
|
+
? "operational"
|
|
2045
|
+
: stringArg(args.validity_tier, "validity_tier").toLowerCase();
|
|
2046
|
+
let verified;
|
|
2047
|
+
try {
|
|
2048
|
+
verified = await verifyAgentReceiptV1FromJSON(receipt, {
|
|
2049
|
+
requiredValidityTier: validityTier,
|
|
2050
|
+
});
|
|
2051
|
+
}
|
|
2052
|
+
catch (err) {
|
|
2053
|
+
throw new Error(`agent receipt verification failed: ${formatError(err)}`);
|
|
2054
|
+
}
|
|
2055
|
+
return {
|
|
2056
|
+
valid: true,
|
|
2057
|
+
kind: AGENT_RECEIPT_KIND_V1,
|
|
2058
|
+
receipt_id: verified.receipt_id,
|
|
2059
|
+
tenant_id: verified.tenant_id,
|
|
2060
|
+
validity_tier: validityTier,
|
|
2061
|
+
receipt: verified,
|
|
2062
|
+
};
|
|
2063
|
+
},
|
|
2064
|
+
},
|
|
1899
2065
|
{
|
|
1900
2066
|
name: "paybond_verify_protocol_receipt_v1",
|
|
1901
2067
|
description: "Verify a signed protocol-v2 authorization or settlement receipt through the gateway.",
|
|
@@ -2186,6 +2352,12 @@ function uuidArg(value, field) {
|
|
|
2186
2352
|
}
|
|
2187
2353
|
return raw;
|
|
2188
2354
|
}
|
|
2355
|
+
/** Accept action-scope SHA-256 hex or intent-terminal UUID receipt ids. */
|
|
2356
|
+
function agentReceiptIdArg(value) {
|
|
2357
|
+
const raw = stringArg(value, "receipt_id").toLowerCase();
|
|
2358
|
+
// Validates via URI helper shared with resources/read.
|
|
2359
|
+
return parseAgentReceiptResourceUri(`paybond://receipt/${raw}`);
|
|
2360
|
+
}
|
|
2189
2361
|
function stringArrayArg(value, field) {
|
|
2190
2362
|
if (!Array.isArray(value)) {
|
|
2191
2363
|
throw new Error(`${field} must be an array`);
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { PaybondPolicyDocumentV1 } from "./schema.js";
|
|
2
|
+
import type { PaybondVercelAgentConfigOptions } from "../vercel-ai/config.js";
|
|
3
|
+
/** Adapter options derived from a flat effective `paybond.policy.yaml` document. */
|
|
4
|
+
export type PaybondPolicyAdapterOptions = Pick<PaybondVercelAgentConfigOptions, "denyProviderExecutedTools">;
|
|
5
|
+
/**
|
|
6
|
+
* Map policy `adapter.deny_provider_executed_tools` to Vercel AI / Cloudflare Agents options.
|
|
7
|
+
* Returns an empty object when the policy leaves the flag unset (adapter default applies).
|
|
8
|
+
*/
|
|
9
|
+
export declare function policyToAdapterOptions(document: PaybondPolicyDocumentV1): PaybondPolicyAdapterOptions;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Map policy `adapter.deny_provider_executed_tools` to Vercel AI / Cloudflare Agents options.
|
|
3
|
+
* Returns an empty object when the policy leaves the flag unset (adapter default applies).
|
|
4
|
+
*/
|
|
5
|
+
export function policyToAdapterOptions(document) {
|
|
6
|
+
const deny = document.adapter?.deny_provider_executed_tools;
|
|
7
|
+
if (deny !== true) {
|
|
8
|
+
return {};
|
|
9
|
+
}
|
|
10
|
+
return { denyProviderExecutedTools: true };
|
|
11
|
+
}
|
package/dist/policy/index.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export { canonicalPolicyDocumentDigest, policyDocumentToDict, policyVersionLabel, } from "./digest.js";
|
|
2
|
+
export { policyToAdapterOptions, type PaybondPolicyAdapterOptions, } from "./adapter-options.js";
|
|
2
3
|
export { PaybondPolicy, type PaybondPolicyLoadSource, type PaybondPolicyLoadEffectiveResult } from "./load.js";
|
|
3
4
|
export { isKnownPolicyPresetId, isLayeredPolicyPresetId, listPolicyPresetIds, readPolicyPresetYaml, resolveComposedPresetDocument, resolvePolicyPresetPath, type LayeredPolicyPresetId, type PolicyPresetId, } from "./presets.js";
|
|
4
5
|
export { assertLayeredPresetMatchesFlat, bundledDefaultGuardrails, composeBundledPresetDefault, composeLayeredPolicyPresetDocument, composePolicyLayers, composePolicyPresetLayers, isLayeredPolicyPreset, LAYERED_POLICY_PRESET_IDS, } from "./compose.js";
|
package/dist/policy/index.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export { canonicalPolicyDocumentDigest, policyDocumentToDict, policyVersionLabel, } from "./digest.js";
|
|
2
|
+
export { policyToAdapterOptions, } from "./adapter-options.js";
|
|
2
3
|
export { PaybondPolicy } from "./load.js";
|
|
3
4
|
export { isKnownPolicyPresetId, isLayeredPolicyPresetId, listPolicyPresetIds, readPolicyPresetYaml, resolveComposedPresetDocument, resolvePolicyPresetPath, } from "./presets.js";
|
|
4
5
|
export { assertLayeredPresetMatchesFlat, bundledDefaultGuardrails, composeBundledPresetDefault, composeLayeredPolicyPresetDocument, composePolicyLayers, composePolicyPresetLayers, isLayeredPolicyPreset, LAYERED_POLICY_PRESET_IDS, } from "./compose.js";
|
package/dist/policy/load.d.ts
CHANGED
|
@@ -3,6 +3,7 @@ import { type PaybondPolicyIntentCreateInput, type PaybondPolicyIntentCreateOver
|
|
|
3
3
|
import { type PolicyMergeOptions, type PolicyMergeResult } from "./merge.js";
|
|
4
4
|
import { type PaybondPolicyDocument, type PaybondPolicyDocumentV1 } from "./schema.js";
|
|
5
5
|
import { type PaybondPolicySandboxBootstrapOptions } from "./sandbox-bootstrap.js";
|
|
6
|
+
import { type PaybondPolicyAdapterOptions } from "./adapter-options.js";
|
|
6
7
|
import { type PolicyValidatorOptions, type PolicyValidatorResult } from "./validate.js";
|
|
7
8
|
import { type PolicyRemoteValidateClient, type PolicyRemoteValidateOptions, type PolicyRemoteValidateResult } from "./validate-remote.js";
|
|
8
9
|
import { type PolicyEffectiveResolveClient } from "./load-effective.js";
|
|
@@ -31,6 +32,12 @@ export declare class PaybondPolicy {
|
|
|
31
32
|
get defaultDeny(): boolean;
|
|
32
33
|
/** Optional intent section from the policy file. */
|
|
33
34
|
get intent(): PaybondPolicyDocumentV1["intent"];
|
|
35
|
+
/** Optional adapter section from the policy file. */
|
|
36
|
+
get adapter(): PaybondPolicyDocumentV1["adapter"];
|
|
37
|
+
/** Whether provider-executed AI SDK tools should fail closed (Vercel AI / Cloudflare Agents). */
|
|
38
|
+
get denyProviderExecutedTools(): boolean;
|
|
39
|
+
/** Map policy adapter settings to framework runner options. */
|
|
40
|
+
toAdapterOptions(): PaybondPolicyAdapterOptions;
|
|
34
41
|
/**
|
|
35
42
|
* Load and validate a policy from a file path or pre-parsed document object.
|
|
36
43
|
* File paths accept JSON (`.json`) or YAML (`.yaml` / `.yml`).
|
package/dist/policy/load.js
CHANGED
|
@@ -6,6 +6,7 @@ import { parsePolicyDocumentText } from "./parse-text.js";
|
|
|
6
6
|
import { policyToToolRegistry } from "./registry.js";
|
|
7
7
|
import { isPaybondPolicyDocumentV2, isPaybondPolicyOverlay, parsePaybondPolicyDocument, parsePaybondPolicyDocumentV1, } from "./schema.js";
|
|
8
8
|
import { policySandboxBootstrap, } from "./sandbox-bootstrap.js";
|
|
9
|
+
import { policyToAdapterOptions } from "./adapter-options.js";
|
|
9
10
|
import { PolicyValidator } from "./validate.js";
|
|
10
11
|
import { validatePolicyRemote, validatePolicyPayloadRemote, } from "./validate-remote.js";
|
|
11
12
|
import { resolvePolicyEffectiveRemote, } from "./load-effective.js";
|
|
@@ -32,6 +33,18 @@ export class PaybondPolicy {
|
|
|
32
33
|
get intent() {
|
|
33
34
|
return this.document.intent;
|
|
34
35
|
}
|
|
36
|
+
/** Optional adapter section from the policy file. */
|
|
37
|
+
get adapter() {
|
|
38
|
+
return this.document.adapter;
|
|
39
|
+
}
|
|
40
|
+
/** Whether provider-executed AI SDK tools should fail closed (Vercel AI / Cloudflare Agents). */
|
|
41
|
+
get denyProviderExecutedTools() {
|
|
42
|
+
return this.document.adapter?.deny_provider_executed_tools === true;
|
|
43
|
+
}
|
|
44
|
+
/** Map policy adapter settings to framework runner options. */
|
|
45
|
+
toAdapterOptions() {
|
|
46
|
+
return policyToAdapterOptions(this.document);
|
|
47
|
+
}
|
|
35
48
|
/**
|
|
36
49
|
* Load and validate a policy from a file path or pre-parsed document object.
|
|
37
50
|
* File paths accept JSON (`.json`) or YAML (`.yaml` / `.yml`).
|
package/dist/policy/merge.js
CHANGED
|
@@ -177,6 +177,30 @@ function intersectAllowedTools(orgAllowed, tenantAllowed, denied, report) {
|
|
|
177
177
|
}
|
|
178
178
|
return intersection;
|
|
179
179
|
}
|
|
180
|
+
function mergeAdapterSection(base, overlay, override, denied, report) {
|
|
181
|
+
const values = [
|
|
182
|
+
base?.deny_provider_executed_tools,
|
|
183
|
+
overlay?.deny_provider_executed_tools,
|
|
184
|
+
override?.deny_provider_executed_tools,
|
|
185
|
+
];
|
|
186
|
+
if (values.every((value) => value === undefined)) {
|
|
187
|
+
return undefined;
|
|
188
|
+
}
|
|
189
|
+
if (base?.deny_provider_executed_tools === true &&
|
|
190
|
+
(overlay?.deny_provider_executed_tools === false ||
|
|
191
|
+
override?.deny_provider_executed_tools === false)) {
|
|
192
|
+
denied.push({
|
|
193
|
+
path: "adapter.deny_provider_executed_tools",
|
|
194
|
+
code: "policy.cannot_relax_provider_executed_deny",
|
|
195
|
+
message: "tenant cannot disable org-required deny_provider_executed_tools",
|
|
196
|
+
});
|
|
197
|
+
}
|
|
198
|
+
if (override?.deny_provider_executed_tools !== undefined) {
|
|
199
|
+
report.overrides_applied.push("overrides.adapter.deny_provider_executed_tools");
|
|
200
|
+
}
|
|
201
|
+
const deny = mergeStricterDefaultDeny(...values);
|
|
202
|
+
return deny ? { deny_provider_executed_tools: true } : { deny_provider_executed_tools: false };
|
|
203
|
+
}
|
|
180
204
|
function baseDocumentToEffectiveV1(document) {
|
|
181
205
|
return {
|
|
182
206
|
version: PAYBOND_POLICY_SCHEMA_VERSION,
|
|
@@ -184,6 +208,7 @@ function baseDocumentToEffectiveV1(document) {
|
|
|
184
208
|
default_deny: document.default_deny,
|
|
185
209
|
tools: Object.fromEntries(Object.entries(document.tools).map(([toolName, entry]) => [toolName, cloneToolEntry(entry)])),
|
|
186
210
|
intent: document.intent ? structuredClone(document.intent) : undefined,
|
|
211
|
+
adapter: document.adapter ? structuredClone(document.adapter) : undefined,
|
|
187
212
|
};
|
|
188
213
|
}
|
|
189
214
|
function assertOverlay(document) {
|
|
@@ -258,6 +283,7 @@ export function mergePaybondPolicies(base, overlay, options = {}) {
|
|
|
258
283
|
effective.intent = structuredClone(base.intent);
|
|
259
284
|
}
|
|
260
285
|
}
|
|
286
|
+
effective.adapter = mergeAdapterSection(base.adapter, overlay.adapter, overlay.overrides?.adapter, denied, report);
|
|
261
287
|
if (options.approvedEvidencePresets) {
|
|
262
288
|
const approved = new Set(options.approvedEvidencePresets);
|
|
263
289
|
for (const [toolName, entry] of Object.entries(effective.tools)) {
|
package/dist/policy/schema.d.ts
CHANGED
|
@@ -44,6 +44,12 @@ declare const policyIntentSchema: z.ZodObject<{
|
|
|
44
44
|
}, z.core.$loose>>;
|
|
45
45
|
allowed_tools: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
46
46
|
}, z.core.$strict>;
|
|
47
|
+
declare const policyAdapterSchema: z.ZodObject<{
|
|
48
|
+
deny_provider_executed_tools: z.ZodOptional<z.ZodBoolean>;
|
|
49
|
+
}, z.core.$strict>;
|
|
50
|
+
declare const policyAdapterOverrideSchema: z.ZodObject<{
|
|
51
|
+
deny_provider_executed_tools: z.ZodOptional<z.ZodBoolean>;
|
|
52
|
+
}, z.core.$strict>;
|
|
47
53
|
declare const policyIntentOverrideSchema: z.ZodObject<{
|
|
48
54
|
policy_binding: z.ZodOptional<z.ZodObject<{
|
|
49
55
|
template_id: z.ZodOptional<z.ZodString>;
|
|
@@ -84,6 +90,9 @@ declare const policyOverridesSchema: z.ZodObject<{
|
|
|
84
90
|
}, z.core.$loose>>;
|
|
85
91
|
allowed_tools: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
86
92
|
}, z.core.$strict>>;
|
|
93
|
+
adapter: z.ZodOptional<z.ZodObject<{
|
|
94
|
+
deny_provider_executed_tools: z.ZodOptional<z.ZodBoolean>;
|
|
95
|
+
}, z.core.$strict>>;
|
|
87
96
|
}, z.core.$strict>;
|
|
88
97
|
export declare const paybondPolicyDocumentV1Schema: z.ZodObject<{
|
|
89
98
|
version: z.ZodLiteral<1>;
|
|
@@ -109,6 +118,9 @@ export declare const paybondPolicyDocumentV1Schema: z.ZodObject<{
|
|
|
109
118
|
}, z.core.$loose>>;
|
|
110
119
|
allowed_tools: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
111
120
|
}, z.core.$strict>>;
|
|
121
|
+
adapter: z.ZodOptional<z.ZodObject<{
|
|
122
|
+
deny_provider_executed_tools: z.ZodOptional<z.ZodBoolean>;
|
|
123
|
+
}, z.core.$strict>>;
|
|
112
124
|
}, z.core.$strict>;
|
|
113
125
|
export declare const paybondPolicyDocumentV2Schema: z.ZodObject<{
|
|
114
126
|
version: z.ZodLiteral<2>;
|
|
@@ -142,6 +154,9 @@ export declare const paybondPolicyDocumentV2Schema: z.ZodObject<{
|
|
|
142
154
|
}, z.core.$loose>>;
|
|
143
155
|
allowed_tools: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
144
156
|
}, z.core.$strict>>;
|
|
157
|
+
adapter: z.ZodOptional<z.ZodObject<{
|
|
158
|
+
deny_provider_executed_tools: z.ZodOptional<z.ZodBoolean>;
|
|
159
|
+
}, z.core.$strict>>;
|
|
145
160
|
}, z.core.$strict>>;
|
|
146
161
|
tools: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
147
162
|
side_effecting: z.ZodBoolean;
|
|
@@ -163,6 +178,9 @@ export declare const paybondPolicyDocumentV2Schema: z.ZodObject<{
|
|
|
163
178
|
}, z.core.$loose>>;
|
|
164
179
|
allowed_tools: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
165
180
|
}, z.core.$strict>>;
|
|
181
|
+
adapter: z.ZodOptional<z.ZodObject<{
|
|
182
|
+
deny_provider_executed_tools: z.ZodOptional<z.ZodBoolean>;
|
|
183
|
+
}, z.core.$strict>>;
|
|
166
184
|
}, z.core.$strict>;
|
|
167
185
|
export type PaybondPolicyToolEntry = z.infer<typeof policyToolEntrySchema>;
|
|
168
186
|
export type PaybondPolicyToolOverrideEntry = z.infer<typeof policyToolOverrideEntrySchema>;
|
|
@@ -170,6 +188,8 @@ export type PaybondPolicyBinding = z.infer<typeof policyBindingSchema>;
|
|
|
170
188
|
export type PaybondPolicyBindingOverride = z.infer<typeof policyBindingOverrideSchema>;
|
|
171
189
|
export type PaybondPolicyBudget = z.infer<typeof policyBudgetSchema>;
|
|
172
190
|
export type PaybondPolicyIntentSection = z.infer<typeof policyIntentSchema>;
|
|
191
|
+
export type PaybondPolicyAdapterSection = z.infer<typeof policyAdapterSchema>;
|
|
192
|
+
export type PaybondPolicyAdapterOverrideSection = z.infer<typeof policyAdapterOverrideSchema>;
|
|
173
193
|
export type PaybondPolicyIntentOverrideSection = z.infer<typeof policyIntentOverrideSchema>;
|
|
174
194
|
export type PaybondPolicyExtends = z.infer<typeof policyExtendsSchema>;
|
|
175
195
|
export type PaybondPolicyOverrides = z.infer<typeof policyOverridesSchema>;
|
package/dist/policy/schema.js
CHANGED
|
@@ -114,6 +114,34 @@ const policyIntentSchema = z
|
|
|
114
114
|
allowed_tools: z.array(toolNameSchema).optional(),
|
|
115
115
|
})
|
|
116
116
|
.strict();
|
|
117
|
+
const policyAdapterSchema = z
|
|
118
|
+
.object({
|
|
119
|
+
deny_provider_executed_tools: z.boolean().optional(),
|
|
120
|
+
})
|
|
121
|
+
.strict()
|
|
122
|
+
.superRefine((adapter, ctx) => {
|
|
123
|
+
if (Object.keys(adapter).length === 0) {
|
|
124
|
+
ctx.addIssue({
|
|
125
|
+
code: "custom",
|
|
126
|
+
path: [],
|
|
127
|
+
message: "adapter must set at least one field",
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
});
|
|
131
|
+
const policyAdapterOverrideSchema = z
|
|
132
|
+
.object({
|
|
133
|
+
deny_provider_executed_tools: z.boolean().optional(),
|
|
134
|
+
})
|
|
135
|
+
.strict()
|
|
136
|
+
.superRefine((adapter, ctx) => {
|
|
137
|
+
if (Object.keys(adapter).length === 0) {
|
|
138
|
+
ctx.addIssue({
|
|
139
|
+
code: "custom",
|
|
140
|
+
path: [],
|
|
141
|
+
message: "adapter override must set at least one field",
|
|
142
|
+
});
|
|
143
|
+
}
|
|
144
|
+
});
|
|
117
145
|
const policyIntentOverrideSchema = z
|
|
118
146
|
.object({
|
|
119
147
|
policy_binding: policyBindingOverrideSchema.optional(),
|
|
@@ -145,16 +173,18 @@ const policyOverridesSchema = z
|
|
|
145
173
|
default_deny: z.boolean().optional(),
|
|
146
174
|
tools: z.record(toolNameSchema, policyToolOverrideEntrySchema).optional(),
|
|
147
175
|
intent: policyIntentOverrideSchema.optional(),
|
|
176
|
+
adapter: policyAdapterOverrideSchema.optional(),
|
|
148
177
|
})
|
|
149
178
|
.strict()
|
|
150
179
|
.superRefine((overrides, ctx) => {
|
|
151
180
|
if (overrides.default_deny === undefined &&
|
|
152
181
|
!overrides.tools &&
|
|
153
|
-
!overrides.intent
|
|
182
|
+
!overrides.intent &&
|
|
183
|
+
!overrides.adapter) {
|
|
154
184
|
ctx.addIssue({
|
|
155
185
|
code: "custom",
|
|
156
186
|
path: [],
|
|
157
|
-
message: "overrides must set default_deny, tools, and/or
|
|
187
|
+
message: "overrides must set default_deny, tools, intent, and/or adapter",
|
|
158
188
|
});
|
|
159
189
|
}
|
|
160
190
|
});
|
|
@@ -169,6 +199,7 @@ export const paybondPolicyDocumentV1Schema = z
|
|
|
169
199
|
message: "tools must declare at least one entry",
|
|
170
200
|
}),
|
|
171
201
|
intent: policyIntentSchema.optional(),
|
|
202
|
+
adapter: policyAdapterSchema.optional(),
|
|
172
203
|
})
|
|
173
204
|
.strict();
|
|
174
205
|
export const paybondPolicyDocumentV2Schema = z
|
|
@@ -180,6 +211,7 @@ export const paybondPolicyDocumentV2Schema = z
|
|
|
180
211
|
overrides: policyOverridesSchema.optional(),
|
|
181
212
|
tools: z.record(toolNameSchema, policyToolEntrySchema),
|
|
182
213
|
intent: policyIntentSchema.optional(),
|
|
214
|
+
adapter: policyAdapterSchema.optional(),
|
|
183
215
|
})
|
|
184
216
|
.strict()
|
|
185
217
|
.superRefine((document, ctx) => {
|