@paybond/kit 0.2.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # `@paybond/kit`
2
2
 
3
- Paybond Kit for TypeScript provides a tenant-bound Harbor client, gateway-backed service-account sessions, capability verification, canonical signing helpers for intent creation and evidence submission, tenant-scoped ledger provenance reads, and tenant-scoped Signal analytics and reputation reads.
3
+ Paybond Kit for TypeScript provides a tenant-bound Harbor client, gateway-backed service-account sessions, capability verification, canonical signing helpers for intent creation and evidence submission, x402 / USDC-on-Base intent funding helpers, tenant-scoped ledger provenance reads, and tenant-scoped Signal analytics and reputation reads.
4
4
 
5
5
  Install the public package with:
6
6
 
@@ -56,21 +56,31 @@ try {
56
56
  ## What the package includes
57
57
 
58
58
  - `Paybond.open(...)` for gateway-authenticated, tenant-derived Harbor sessions
59
- - `HarborClient` for capability verification, intent creation, evidence submission, and ledger reads
60
- - `GatewaySignalClient` and `ServiceAccountSignalSession` for tenant-scoped Signal reads
59
+ - `HarborClient` for capability verification, intent creation, x402 funding, evidence submission, and ledger reads
60
+ - Protocol-v2 helpers for mandate verification, replay-safe recognition proof verification, receipt reads, and A2A discovery
61
+ - `GatewaySignalClient` and `ServiceAccountSignalSession` for tenant-scoped Signal reads and signed portfolio artifacts
61
62
  - `paybond.signal` on `Paybond` sessions opened from one service-account API key
62
- - `PaybondIntents` helpers for principal-signed intent creation and payee-signed evidence submission
63
+ - `PaybondIntents` helpers for principal-signed intent creation, x402 funding, and payee-signed evidence submission
64
+ - `paybond-mcp-server` for tenant-bound MCP tool exposure to any MCP-compatible host
63
65
  - Low-level signing helpers exported for advanced callers
64
66
 
65
67
  `allowedTools` values are your own tool or operation names, not a Paybond-owned catalog. Harbor enforces string matching against whatever names you chose when creating the intent.
66
68
 
69
+ `settlementRail` on intent creation is only a rail request. Stripe destinations and x402 receive addresses stay tenant-owned server-side config and are never supplied by the SDK caller.
70
+
71
+ The protocol-v2 surface is trust-first: signed mandates, recognition proofs, and receipts work across supported settlement adapters instead of treating any single rail as the product boundary.
72
+
73
+ Gateway-backed protocol helpers throw `ProtocolHttpError` with parsed `errorCode` and `errorMessage` fields when the gateway returns a JSON error envelope. Recognition-gated flows surface `unregistered_key`, `revoked_key`, `mandate_agent_key_mismatch`, and `protocol_binding_mismatch` explicitly.
74
+
67
75
  ## What it does not include
68
76
 
69
77
  - No operator-tier settlement or console workflows
78
+ - No model-provider-specific MCP wrapper; the MCP server is host-agnostic and works with any MCP-compatible runtime
70
79
 
71
80
  ## Docs
72
81
 
73
82
  - Long-form docs: `docs/kit/`
83
+ - MCP server guide: `docs/kit/mcp-server.md`
74
84
  - Agents SDK tutorial: `docs/kit/openai-agents.md`
75
85
  - TypeScript quickstart: `docs/kit/quickstart-typescript.md`
76
86
  - TypeScript SDK reference: `docs/kit/sdk-reference-typescript.md`
package/dist/index.d.ts CHANGED
@@ -2,7 +2,7 @@
2
2
  * Paybond Kit — TypeScript Harbor client with tenant binding, retries, optional upstream JWT,
3
3
  * and gateway service-account token exchange (`POST /v1/auth/harbor-access`).
4
4
  */
5
- import { type BuildSignedCreateIntentParams } from "./principal-intent.js";
5
+ import { type BuildSignedCreateIntentParams, type SettlementRail } from "./principal-intent.js";
6
6
  import { type SignPayeeEvidenceParams } from "./payee-evidence.js";
7
7
  export type VerifyCapabilityResult = {
8
8
  allow: boolean;
@@ -18,6 +18,44 @@ export type SubmitEvidenceResult = {
18
18
  state: string;
19
19
  predicatePassed?: boolean;
20
20
  };
21
+ export type IntentFundingResult = {
22
+ settlementRail: SettlementRail;
23
+ harborFundEndpoint?: string;
24
+ status?: string;
25
+ paymentSessionId?: string;
26
+ paymentUrl?: string;
27
+ asset?: string;
28
+ network?: string;
29
+ authorizationId?: string;
30
+ captureId?: string;
31
+ voidId?: string;
32
+ refundId?: string;
33
+ sourceAddress?: string;
34
+ targetAddress?: string;
35
+ authorizationExpiresAt?: string;
36
+ captureExpiresAt?: string;
37
+ refundExpiresAt?: string;
38
+ onchainTransactionHashes?: {
39
+ authorizations?: string[];
40
+ captures?: string[];
41
+ voids?: string[];
42
+ refunds?: string[];
43
+ };
44
+ };
45
+ export type FundIntentResult = {
46
+ statusCode: 200 | 202 | 402;
47
+ paymentRequired?: string;
48
+ paymentResponse?: string;
49
+ intentId: string;
50
+ tenant: string;
51
+ state: string;
52
+ settlementRail: SettlementRail;
53
+ currency: string;
54
+ amountCents: number;
55
+ funded: boolean;
56
+ capabilityToken?: string;
57
+ funding?: IntentFundingResult;
58
+ };
21
59
  /** Async supplier for short-lived Harbor JWTs minted by the Paybond gateway. */
22
60
  export type HarborBearerSupplier = () => Promise<string | null | undefined>;
23
61
  /**
@@ -57,6 +95,361 @@ export declare class SignalHttpError extends Error {
57
95
  bodyText: string;
58
96
  });
59
97
  }
98
+ export type SignalMetrics = {
99
+ terminal_intents: number;
100
+ released: number;
101
+ refunded: number;
102
+ disputed: number;
103
+ success_rate_bps: number;
104
+ dispute_rate_bps: number;
105
+ refund_rate_bps: number;
106
+ mean_latency_nanos: number;
107
+ latency_sample_count: number;
108
+ receipted_volume_cents: number;
109
+ };
110
+ export type SignalConfidence = {
111
+ band: string;
112
+ support_score: number;
113
+ summary: string;
114
+ };
115
+ export type SignalSupportDepth = {
116
+ band: string;
117
+ terminal_intents: number;
118
+ receipted_volume_cents: number;
119
+ history_depth: number;
120
+ latency_sample_count: number;
121
+ };
122
+ export type SignalExplanationMetricDelta = {
123
+ metric: string;
124
+ previous: number;
125
+ current: number;
126
+ delta: number;
127
+ };
128
+ export type SignalExplanationDelta = {
129
+ basis: string;
130
+ previous_score: number;
131
+ score_delta: number;
132
+ previous_ledger_watermark_seq: number;
133
+ changed_metrics: SignalExplanationMetricDelta[];
134
+ reason_codes_added: string[];
135
+ reason_codes_removed: string[];
136
+ summary: string;
137
+ };
138
+ export type SignalSignedReceipt = {
139
+ schema_version: number;
140
+ receipt_version: string;
141
+ tenant_id: string;
142
+ operator_did: string;
143
+ score_version: string;
144
+ scoring_model: string;
145
+ scoring_narrative: string;
146
+ explanation_summary: string;
147
+ ledger_watermark_seq: number;
148
+ reason_codes: string[];
149
+ confidence?: SignalConfidence;
150
+ support_depth?: SignalSupportDepth;
151
+ review_state?: string;
152
+ explanation_delta?: SignalExplanationDelta;
153
+ metrics: SignalMetrics;
154
+ score: number;
155
+ signing_algorithm: string;
156
+ message_digest_hex: string;
157
+ signing_public_key_hex: string;
158
+ signature_hex: string;
159
+ };
160
+ export type SignalReceiptEnvelope = {
161
+ schema_version: number;
162
+ updated_at: string;
163
+ receipt: SignalSignedReceipt;
164
+ };
165
+ export type SignalPortfolioOperator = {
166
+ operator_did: string;
167
+ receipt_version?: string;
168
+ score: number;
169
+ ledger_watermark_seq: number;
170
+ receipt_message_digest_hex: string;
171
+ confidence?: SignalConfidence;
172
+ support_depth?: SignalSupportDepth;
173
+ review_state?: string;
174
+ explanation_delta?: SignalExplanationDelta;
175
+ };
176
+ export type SignalSignedPortfolioArtifact = {
177
+ schema_version: number;
178
+ artifact_version: string;
179
+ kind: string;
180
+ tenant_id: string;
181
+ score_model_version: string;
182
+ scoring_model: string;
183
+ checkpoint_last_ledger_seq: number;
184
+ operators: SignalPortfolioOperator[];
185
+ signing_algorithm: string;
186
+ message_digest_hex: string;
187
+ signing_public_key_hex: string;
188
+ signature_hex: string;
189
+ };
190
+ export type SignalPortfolioSummary = {
191
+ schema_version: number;
192
+ tenant_id: string;
193
+ score_model_version: string;
194
+ scoring_model: string;
195
+ checkpoint_last_ledger_seq: number;
196
+ operator_count: number;
197
+ average_score: number;
198
+ total_terminal_intents: number;
199
+ total_receipted_volume_cents: number;
200
+ operators_under_review: number;
201
+ };
202
+ export type A2AAgentCard = {
203
+ name: string;
204
+ description: string;
205
+ supportedInterfaces: Array<{
206
+ url: string;
207
+ protocolBinding: string;
208
+ protocolVersion: string;
209
+ tenant?: string;
210
+ }>;
211
+ provider?: {
212
+ url: string;
213
+ organization: string;
214
+ };
215
+ version: string;
216
+ documentationUrl?: string;
217
+ capabilities: {
218
+ streaming?: boolean;
219
+ pushNotifications?: boolean;
220
+ extendedAgentCard?: boolean;
221
+ extensions?: Array<{
222
+ uri?: string;
223
+ description?: string;
224
+ required?: boolean;
225
+ params?: Record<string, unknown>;
226
+ }>;
227
+ };
228
+ securitySchemes?: Record<string, unknown>;
229
+ defaultInputModes: string[];
230
+ defaultOutputModes: string[];
231
+ skills: Array<{
232
+ id: string;
233
+ name: string;
234
+ description: string;
235
+ tags: string[];
236
+ examples?: string[];
237
+ inputModes?: string[];
238
+ outputModes?: string[];
239
+ securityRequirements?: Array<Record<string, string[]>>;
240
+ }>;
241
+ };
242
+ export type A2ATaskField = {
243
+ name: string;
244
+ type: string;
245
+ required: boolean;
246
+ description: string;
247
+ };
248
+ export type A2ATaskParticipant = {
249
+ role: string;
250
+ required: boolean;
251
+ description: string;
252
+ };
253
+ export type A2ATaskExample = {
254
+ name: string;
255
+ description: string;
256
+ sampleInput?: Record<string, unknown>;
257
+ sampleResponse?: Record<string, unknown>;
258
+ };
259
+ export type A2ASettlementTaskContractV1 = {
260
+ schemaVersion: number;
261
+ kind: string;
262
+ id: string;
263
+ name: string;
264
+ description: string;
265
+ url: string;
266
+ routeBindings: string[];
267
+ requiredTrustArtifacts: string[];
268
+ settlementPhases: string[];
269
+ participants: A2ATaskParticipant[];
270
+ inputModes: string[];
271
+ outputModes: string[];
272
+ taskMetadataFields?: A2ATaskField[];
273
+ inputFields: A2ATaskField[];
274
+ resultFields: A2ATaskField[];
275
+ examples?: A2ATaskExample[];
276
+ };
277
+ export type A2ATaskContractCatalogV1 = {
278
+ schemaVersion: number;
279
+ kind: string;
280
+ agentCardUrl: string;
281
+ documentationUrl?: string;
282
+ contracts: A2ASettlementTaskContractV1[];
283
+ };
284
+ export type AgentMandateAuthorization = {
285
+ kind: string;
286
+ tenant_id: string;
287
+ principal_subject?: string;
288
+ principal_type?: string;
289
+ };
290
+ export type AgentMandateAgentIdentity = {
291
+ subject: string;
292
+ issuer?: string;
293
+ key_id?: string;
294
+ display_name?: string;
295
+ };
296
+ export type AgentMandateSpendCeiling = {
297
+ amount_minor: number;
298
+ currency: string;
299
+ };
300
+ export type AgentMandateSettlementRailPolicy = {
301
+ default_rail: string;
302
+ allowed_rails: string[];
303
+ };
304
+ export type AgentMandateConstraintReference = {
305
+ kind: string;
306
+ id?: string;
307
+ version?: string;
308
+ digest_sha256_hex?: string;
309
+ uri?: string;
310
+ };
311
+ export type AgentMandateV1 = {
312
+ schema_version: number;
313
+ kind: string;
314
+ authorization: AgentMandateAuthorization;
315
+ agent: AgentMandateAgentIdentity;
316
+ allowed_actions: string[];
317
+ allowed_tools: string[];
318
+ spend_ceiling: AgentMandateSpendCeiling;
319
+ settlement: AgentMandateSettlementRailPolicy;
320
+ constraint: AgentMandateConstraintReference;
321
+ expires_at: string;
322
+ nonce: string;
323
+ human_presence_mode: string;
324
+ };
325
+ export type SignedAgentMandateV1 = AgentMandateV1 & {
326
+ signing_algorithm: string;
327
+ message_digest_sha256_hex: string;
328
+ signing_public_key_ed25519_hex: string;
329
+ ed25519_signature_hex: string;
330
+ };
331
+ export type AgentRecognitionVerifierContext = {
332
+ tenant_id: string;
333
+ verifier_id: string;
334
+ };
335
+ export type AgentRecognitionRequestEnvelope = {
336
+ method: string;
337
+ path: string;
338
+ body_digest_sha256_hex: string;
339
+ };
340
+ export type AgentRecognitionProofV1 = {
341
+ schema_version?: number;
342
+ kind?: string;
343
+ key_id: string;
344
+ signature_algorithm?: string;
345
+ issued_at: string;
346
+ expires_at: string;
347
+ nonce: string;
348
+ purpose: string;
349
+ verifier_context: AgentRecognitionVerifierContext;
350
+ request_envelope: AgentRecognitionRequestEnvelope;
351
+ message_digest_sha256_hex?: string;
352
+ signing_public_key_ed25519_hex?: string;
353
+ ed25519_signature_hex?: string;
354
+ };
355
+ export type ProtocolTransportBindingV1 = {
356
+ source_protocol?: string;
357
+ partner_platform?: string;
358
+ external_authorization_id?: string;
359
+ request_id?: string;
360
+ };
361
+ export type ProtocolAuthorizationReceiptV1 = {
362
+ schema_version: number;
363
+ kind: string;
364
+ receipt_version: string;
365
+ receipt_id: string;
366
+ issued_at: string;
367
+ status: string;
368
+ intent_id: string;
369
+ tenant_id: string;
370
+ verifier_id: string;
371
+ transport_binding: ProtocolTransportBindingV1;
372
+ mandate_digest_sha256_hex: string;
373
+ imported_mandate_signing_public_key_ed25519_hex: string;
374
+ authorization: AgentMandateAuthorization;
375
+ agent: AgentMandateAgentIdentity;
376
+ allowed_actions: string[];
377
+ allowed_tools: string[];
378
+ spend_ceiling: AgentMandateSpendCeiling;
379
+ settlement: AgentMandateSettlementRailPolicy;
380
+ constraint: AgentMandateConstraintReference;
381
+ expires_at: string;
382
+ nonce: string;
383
+ human_presence_mode: string;
384
+ signing_algorithm: string;
385
+ message_digest_sha256_hex: string;
386
+ signing_public_key_ed25519_hex: string;
387
+ ed25519_signature_hex: string;
388
+ };
389
+ export type ProtocolSettlementReceiptV1 = {
390
+ schema_version: number;
391
+ kind: string;
392
+ receipt_version: string;
393
+ receipt_id: string;
394
+ issued_at: string;
395
+ intent_id: string;
396
+ tenant_id: string;
397
+ verifier_id: string;
398
+ transport_binding: ProtocolTransportBindingV1;
399
+ authorization_receipt_id: string;
400
+ mandate_digest_sha256_hex: string;
401
+ harbor_state: string;
402
+ predicate_passed?: boolean;
403
+ settlement_rail: string;
404
+ settlement_mode: string;
405
+ principal_did: string;
406
+ payee_did: string;
407
+ currency: string;
408
+ amount_cents: number;
409
+ terminal_observed_at: string;
410
+ signing_algorithm: string;
411
+ message_digest_sha256_hex: string;
412
+ signing_public_key_ed25519_hex: string;
413
+ ed25519_signature_hex: string;
414
+ };
415
+ export type ImportAgentMandateV1Result = {
416
+ valid: boolean;
417
+ intent_id: string;
418
+ mandate_digest_sha256_hex: string;
419
+ mandate: AgentMandateV1;
420
+ authorization_receipt: ProtocolAuthorizationReceiptV1;
421
+ };
422
+ export type VerifyProtocolReceiptV1Result = {
423
+ valid: boolean;
424
+ kind: string;
425
+ receipt_id: string;
426
+ tenant_id: string;
427
+ receipt: ProtocolAuthorizationReceiptV1 | ProtocolSettlementReceiptV1 | Record<string, unknown>;
428
+ };
429
+ export declare class A2AHttpError extends Error {
430
+ readonly statusCode: number;
431
+ readonly url: string;
432
+ readonly bodyText: string;
433
+ constructor(message: string, init: {
434
+ statusCode: number;
435
+ url: string;
436
+ bodyText: string;
437
+ });
438
+ }
439
+ export declare class ProtocolHttpError extends Error {
440
+ readonly statusCode: number;
441
+ readonly url: string;
442
+ readonly bodyText: string;
443
+ readonly errorCode?: string;
444
+ readonly errorMessage?: string;
445
+ constructor(message: string, init: {
446
+ statusCode: number;
447
+ url: string;
448
+ bodyText: string;
449
+ errorCode?: string;
450
+ errorMessage?: string;
451
+ });
452
+ }
60
453
  /**
61
454
  * Exchanges a `paybond_sk_` API key for short-lived Harbor JWTs and caches tenant realm from the
62
455
  * gateway response (no separate tenant env var for the default path).
@@ -172,6 +565,21 @@ export declare class HarborClient {
172
565
  createIntent(body: Record<string, unknown>, options?: {
173
566
  idempotencyKey?: string;
174
567
  }): Promise<Record<string, unknown>>;
568
+ /**
569
+ * POST `/intents/{intentId}/fund` for x402 / USDC-on-Base funding.
570
+ *
571
+ * Harbor returns:
572
+ * - `402` with `paymentRequired` details when a facilitator or wallet must sign
573
+ * - `202` while authorization is pending
574
+ * - `200` once the intent is funded and any capability token is available
575
+ *
576
+ * @throws HarborHttpError for non-funding HTTP errors
577
+ * @throws Error when Harbor echoes a different tenant or intent than requested
578
+ */
579
+ fundIntent(intentId: string, options?: {
580
+ paymentSignature?: string;
581
+ idempotencyKey?: string;
582
+ }): Promise<FundIntentResult>;
175
583
  /**
176
584
  * POST `/intents/{intentId}/evidence` with a signed evidence JSON body.
177
585
  *
@@ -220,11 +628,73 @@ export declare class GatewaySignalClient {
220
628
  private fetchGetWithRetries;
221
629
  private assertTenant;
222
630
  private scoreQuery;
223
- getReputationReceipt(operatorDid: string, scoreVersion?: string): Promise<Record<string, unknown> | null>;
224
- getPortfolioSummary(scoreVersion?: string): Promise<Record<string, unknown>>;
631
+ getReputationReceipt(operatorDid: string, scoreVersion?: string): Promise<SignalReceiptEnvelope | null>;
632
+ getPortfolioSummary(scoreVersion?: string): Promise<SignalPortfolioSummary>;
633
+ getSignedPortfolioArtifact(scoreVersion?: string): Promise<SignalSignedPortfolioArtifact>;
225
634
  getOperatorExplanation(operatorDid: string, scoreVersion?: string): Promise<Record<string, unknown> | null>;
226
635
  getOperatorReviewStatus(operatorDid: string, scoreVersion?: string): Promise<Record<string, unknown> | null>;
227
636
  }
637
+ type GatewayA2AClientOptions = {
638
+ staticGatewayBearerToken?: string;
639
+ maxRetries?: number;
640
+ };
641
+ /**
642
+ * Public or optionally authenticated reader for the gateway's A2A discovery surface.
643
+ */
644
+ export declare class GatewayA2AClient {
645
+ private readonly base;
646
+ private readonly bearerToken?;
647
+ private readonly maxRetries;
648
+ constructor(gatewayBaseUrl: string, options?: GatewayA2AClientOptions);
649
+ private fetchGetWithRetries;
650
+ getAgentCard(): Promise<A2AAgentCard>;
651
+ getTaskContracts(): Promise<A2ATaskContractCatalogV1>;
652
+ getTaskContract(contractId: string): Promise<A2ASettlementTaskContractV1>;
653
+ }
654
+ export declare class GatewayProtocolClient {
655
+ readonly tenantId: string;
656
+ private readonly base;
657
+ private readonly staticGatewayBearerToken;
658
+ private readonly maxRetries;
659
+ constructor(gatewayBaseUrl: string, tenantId: string, init?: {
660
+ staticGatewayBearerToken?: string;
661
+ maxRetries?: number;
662
+ });
663
+ private fetchWithRetries;
664
+ private headers;
665
+ private postJSON;
666
+ importAgentMandateV1(init: {
667
+ signedMandate: SignedAgentMandateV1;
668
+ intentId: string;
669
+ transportBinding?: ProtocolTransportBindingV1;
670
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
671
+ }): Promise<ImportAgentMandateV1Result>;
672
+ getSettlementReceiptV1(receiptId: string): Promise<ProtocolSettlementReceiptV1>;
673
+ verifyProtocolReceiptV1(receipt: ProtocolAuthorizationReceiptV1 | ProtocolSettlementReceiptV1 | Record<string, unknown>): Promise<VerifyProtocolReceiptV1Result>;
674
+ createHarborIntent(init: {
675
+ body: Record<string, unknown>;
676
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
677
+ idempotencyKey?: string;
678
+ }): Promise<Record<string, unknown>>;
679
+ fundHarborIntent(init: {
680
+ intentId: string;
681
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
682
+ paymentSignature?: string;
683
+ idempotencyKey?: string;
684
+ }): Promise<Record<string, unknown>>;
685
+ submitHarborEvidence(init: {
686
+ intentId: string;
687
+ body: Record<string, unknown>;
688
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
689
+ idempotencyKey?: string;
690
+ }): Promise<Record<string, unknown>>;
691
+ confirmHarborSettlement(init: {
692
+ intentId: string;
693
+ body: Record<string, unknown>;
694
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
695
+ idempotencyKey?: string;
696
+ }): Promise<Record<string, unknown>>;
697
+ }
228
698
  export type ServiceAccountSignalSessionInit = {
229
699
  gatewayBaseUrl: string;
230
700
  apiKey: string;
@@ -240,24 +710,37 @@ export declare class ServiceAccountSignalSession {
240
710
  static open(init: ServiceAccountSignalSessionInit): Promise<ServiceAccountSignalSession>;
241
711
  aclose(): Promise<void>;
242
712
  }
243
- /** Parameters for {@link PaybondIntents.create} (tenant is taken from the bound Harbor client). */
713
+ /**
714
+ * Parameters for {@link PaybondIntents.create} (tenant is taken from the bound Harbor client).
715
+ * `settlementRail`, when set, requests one allowed rail; Harbor still resolves the destination
716
+ * from tenant-owned settlement config.
717
+ */
244
718
  export type PaybondCreateIntentParams = Omit<BuildSignedCreateIntentParams, "tenantId" | "intentId"> & {
245
719
  intentId?: string;
246
720
  };
247
721
  /** Parameters for {@link PaybondIntents.submitEvidence} (tenant is taken from the bound Harbor client). */
248
722
  export type PaybondSubmitEvidenceParams = Omit<SignPayeeEvidenceParams, "tenantId">;
249
723
  /**
250
- * Ergonomic intent helpers: principal-signed intent create and payee-signed evidence.
724
+ * Ergonomic intent helpers: principal-signed intent create, x402 funding, and payee-signed evidence.
251
725
  */
252
726
  export declare class PaybondIntents {
253
727
  private readonly harbor;
254
728
  constructor(harbor: HarborClient);
255
729
  /**
256
- * Build a principal-signed `POST /intents` body and submit it. `principalSigningSeed` must be 32 bytes.
730
+ * Build a principal-signed `POST /intents` body and submit it. `principalSigningSeed` must be
731
+ * 32 bytes. `settlementRail` only requests an allowed rail; destinations stay server-owned.
257
732
  */
258
733
  create(params: PaybondCreateIntentParams & {
259
734
  idempotencyKey?: string;
260
735
  }): Promise<Record<string, unknown>>;
736
+ /**
737
+ * Advance Harbor `/intents/{id}/fund` for x402 / USDC-on-Base intents.
738
+ */
739
+ fund(params: {
740
+ intentId: string;
741
+ paymentSignature?: string;
742
+ idempotencyKey?: string;
743
+ }): Promise<FundIntentResult>;
261
744
  /**
262
745
  * Sign payee evidence and POST it. `payeeSigningSeed` must be 32 bytes.
263
746
  */
@@ -271,6 +754,8 @@ export declare class PaybondIntents {
271
754
  export declare class Paybond {
272
755
  readonly harbor: HarborClient;
273
756
  readonly signal: GatewaySignalClient;
757
+ readonly a2a: GatewayA2AClient;
758
+ readonly protocol: GatewayProtocolClient;
274
759
  readonly intents: PaybondIntents;
275
760
  private readonly session;
276
761
  private constructor();
@@ -281,5 +766,5 @@ export declare class Paybond {
281
766
  aclose(): Promise<void>;
282
767
  }
283
768
  export { normalizeJson, jsonValueDigest } from "./json-digest.js";
284
- export { buildSignedCreateIntentBody, intentCreationSignBytesRaw, type BuildSignedCreateIntentParams, } from "./principal-intent.js";
769
+ export { buildSignedCreateIntentBody, intentCreationSignBytesRaw, type BuildSignedCreateIntentParams, type SettlementRail, } from "./principal-intent.js";
285
770
  export { artifactsDigest, signPayeeEvidenceBinding, type SignPayeeEvidenceParams } from "./payee-evidence.js";