@paybond/kit 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -57,22 +57,30 @@ try {
57
57
 
58
58
  - `Paybond.open(...)` for gateway-authenticated, tenant-derived Harbor sessions
59
59
  - `HarborClient` for capability verification, intent creation, x402 funding, evidence submission, and ledger reads
60
- - `GatewaySignalClient` and `ServiceAccountSignalSession` for tenant-scoped Signal reads
60
+ - Protocol-v2 helpers for mandate verification, replay-safe recognition proof verification, receipt reads, and A2A discovery
61
+ - `GatewaySignalClient` and `ServiceAccountSignalSession` for tenant-scoped Signal reads and signed portfolio artifacts
61
62
  - `paybond.signal` on `Paybond` sessions opened from one service-account API key
62
63
  - `PaybondIntents` helpers for principal-signed intent creation, x402 funding, and payee-signed evidence submission
64
+ - `paybond-mcp-server` for tenant-bound MCP tool exposure to any MCP-compatible host
63
65
  - Low-level signing helpers exported for advanced callers
64
66
 
65
67
  `allowedTools` values are your own tool or operation names, not a Paybond-owned catalog. Harbor enforces string matching against whatever names you chose when creating the intent.
66
68
 
67
69
  `settlementRail` on intent creation is only a rail request. Stripe destinations and x402 receive addresses stay tenant-owned server-side config and are never supplied by the SDK caller.
68
70
 
71
+ The protocol-v2 surface is trust-first: signed mandates, recognition proofs, and receipts work across supported settlement adapters instead of treating any single rail as the product boundary.
72
+
73
+ Gateway-backed protocol helpers throw `ProtocolHttpError` with parsed `errorCode` and `errorMessage` fields when the gateway returns a JSON error envelope. Recognition-gated flows surface `unregistered_key`, `revoked_key`, `mandate_agent_key_mismatch`, and `protocol_binding_mismatch` explicitly.
74
+
69
75
  ## What it does not include
70
76
 
71
77
  - No operator-tier settlement or console workflows
78
+ - No model-provider-specific MCP wrapper; the MCP server is host-agnostic and works with any MCP-compatible runtime
72
79
 
73
80
  ## Docs
74
81
 
75
82
  - Long-form docs: `docs/kit/`
83
+ - MCP server guide: `docs/kit/mcp-server.md`
76
84
  - Agents SDK tutorial: `docs/kit/openai-agents.md`
77
85
  - TypeScript quickstart: `docs/kit/quickstart-typescript.md`
78
86
  - TypeScript SDK reference: `docs/kit/sdk-reference-typescript.md`
package/dist/index.d.ts CHANGED
@@ -95,6 +95,361 @@ export declare class SignalHttpError extends Error {
95
95
  bodyText: string;
96
96
  });
97
97
  }
98
+ export type SignalMetrics = {
99
+ terminal_intents: number;
100
+ released: number;
101
+ refunded: number;
102
+ disputed: number;
103
+ success_rate_bps: number;
104
+ dispute_rate_bps: number;
105
+ refund_rate_bps: number;
106
+ mean_latency_nanos: number;
107
+ latency_sample_count: number;
108
+ receipted_volume_cents: number;
109
+ };
110
+ export type SignalConfidence = {
111
+ band: string;
112
+ support_score: number;
113
+ summary: string;
114
+ };
115
+ export type SignalSupportDepth = {
116
+ band: string;
117
+ terminal_intents: number;
118
+ receipted_volume_cents: number;
119
+ history_depth: number;
120
+ latency_sample_count: number;
121
+ };
122
+ export type SignalExplanationMetricDelta = {
123
+ metric: string;
124
+ previous: number;
125
+ current: number;
126
+ delta: number;
127
+ };
128
+ export type SignalExplanationDelta = {
129
+ basis: string;
130
+ previous_score: number;
131
+ score_delta: number;
132
+ previous_ledger_watermark_seq: number;
133
+ changed_metrics: SignalExplanationMetricDelta[];
134
+ reason_codes_added: string[];
135
+ reason_codes_removed: string[];
136
+ summary: string;
137
+ };
138
+ export type SignalSignedReceipt = {
139
+ schema_version: number;
140
+ receipt_version: string;
141
+ tenant_id: string;
142
+ operator_did: string;
143
+ score_version: string;
144
+ scoring_model: string;
145
+ scoring_narrative: string;
146
+ explanation_summary: string;
147
+ ledger_watermark_seq: number;
148
+ reason_codes: string[];
149
+ confidence?: SignalConfidence;
150
+ support_depth?: SignalSupportDepth;
151
+ review_state?: string;
152
+ explanation_delta?: SignalExplanationDelta;
153
+ metrics: SignalMetrics;
154
+ score: number;
155
+ signing_algorithm: string;
156
+ message_digest_hex: string;
157
+ signing_public_key_hex: string;
158
+ signature_hex: string;
159
+ };
160
+ export type SignalReceiptEnvelope = {
161
+ schema_version: number;
162
+ updated_at: string;
163
+ receipt: SignalSignedReceipt;
164
+ };
165
+ export type SignalPortfolioOperator = {
166
+ operator_did: string;
167
+ receipt_version?: string;
168
+ score: number;
169
+ ledger_watermark_seq: number;
170
+ receipt_message_digest_hex: string;
171
+ confidence?: SignalConfidence;
172
+ support_depth?: SignalSupportDepth;
173
+ review_state?: string;
174
+ explanation_delta?: SignalExplanationDelta;
175
+ };
176
+ export type SignalSignedPortfolioArtifact = {
177
+ schema_version: number;
178
+ artifact_version: string;
179
+ kind: string;
180
+ tenant_id: string;
181
+ score_model_version: string;
182
+ scoring_model: string;
183
+ checkpoint_last_ledger_seq: number;
184
+ operators: SignalPortfolioOperator[];
185
+ signing_algorithm: string;
186
+ message_digest_hex: string;
187
+ signing_public_key_hex: string;
188
+ signature_hex: string;
189
+ };
190
+ export type SignalPortfolioSummary = {
191
+ schema_version: number;
192
+ tenant_id: string;
193
+ score_model_version: string;
194
+ scoring_model: string;
195
+ checkpoint_last_ledger_seq: number;
196
+ operator_count: number;
197
+ average_score: number;
198
+ total_terminal_intents: number;
199
+ total_receipted_volume_cents: number;
200
+ operators_under_review: number;
201
+ };
202
+ export type A2AAgentCard = {
203
+ name: string;
204
+ description: string;
205
+ supportedInterfaces: Array<{
206
+ url: string;
207
+ protocolBinding: string;
208
+ protocolVersion: string;
209
+ tenant?: string;
210
+ }>;
211
+ provider?: {
212
+ url: string;
213
+ organization: string;
214
+ };
215
+ version: string;
216
+ documentationUrl?: string;
217
+ capabilities: {
218
+ streaming?: boolean;
219
+ pushNotifications?: boolean;
220
+ extendedAgentCard?: boolean;
221
+ extensions?: Array<{
222
+ uri?: string;
223
+ description?: string;
224
+ required?: boolean;
225
+ params?: Record<string, unknown>;
226
+ }>;
227
+ };
228
+ securitySchemes?: Record<string, unknown>;
229
+ defaultInputModes: string[];
230
+ defaultOutputModes: string[];
231
+ skills: Array<{
232
+ id: string;
233
+ name: string;
234
+ description: string;
235
+ tags: string[];
236
+ examples?: string[];
237
+ inputModes?: string[];
238
+ outputModes?: string[];
239
+ securityRequirements?: Array<Record<string, string[]>>;
240
+ }>;
241
+ };
242
+ export type A2ATaskField = {
243
+ name: string;
244
+ type: string;
245
+ required: boolean;
246
+ description: string;
247
+ };
248
+ export type A2ATaskParticipant = {
249
+ role: string;
250
+ required: boolean;
251
+ description: string;
252
+ };
253
+ export type A2ATaskExample = {
254
+ name: string;
255
+ description: string;
256
+ sampleInput?: Record<string, unknown>;
257
+ sampleResponse?: Record<string, unknown>;
258
+ };
259
+ export type A2ASettlementTaskContractV1 = {
260
+ schemaVersion: number;
261
+ kind: string;
262
+ id: string;
263
+ name: string;
264
+ description: string;
265
+ url: string;
266
+ routeBindings: string[];
267
+ requiredTrustArtifacts: string[];
268
+ settlementPhases: string[];
269
+ participants: A2ATaskParticipant[];
270
+ inputModes: string[];
271
+ outputModes: string[];
272
+ taskMetadataFields?: A2ATaskField[];
273
+ inputFields: A2ATaskField[];
274
+ resultFields: A2ATaskField[];
275
+ examples?: A2ATaskExample[];
276
+ };
277
+ export type A2ATaskContractCatalogV1 = {
278
+ schemaVersion: number;
279
+ kind: string;
280
+ agentCardUrl: string;
281
+ documentationUrl?: string;
282
+ contracts: A2ASettlementTaskContractV1[];
283
+ };
284
+ export type AgentMandateAuthorization = {
285
+ kind: string;
286
+ tenant_id: string;
287
+ principal_subject?: string;
288
+ principal_type?: string;
289
+ };
290
+ export type AgentMandateAgentIdentity = {
291
+ subject: string;
292
+ issuer?: string;
293
+ key_id?: string;
294
+ display_name?: string;
295
+ };
296
+ export type AgentMandateSpendCeiling = {
297
+ amount_minor: number;
298
+ currency: string;
299
+ };
300
+ export type AgentMandateSettlementRailPolicy = {
301
+ default_rail: string;
302
+ allowed_rails: string[];
303
+ };
304
+ export type AgentMandateConstraintReference = {
305
+ kind: string;
306
+ id?: string;
307
+ version?: string;
308
+ digest_sha256_hex?: string;
309
+ uri?: string;
310
+ };
311
+ export type AgentMandateV1 = {
312
+ schema_version: number;
313
+ kind: string;
314
+ authorization: AgentMandateAuthorization;
315
+ agent: AgentMandateAgentIdentity;
316
+ allowed_actions: string[];
317
+ allowed_tools: string[];
318
+ spend_ceiling: AgentMandateSpendCeiling;
319
+ settlement: AgentMandateSettlementRailPolicy;
320
+ constraint: AgentMandateConstraintReference;
321
+ expires_at: string;
322
+ nonce: string;
323
+ human_presence_mode: string;
324
+ };
325
+ export type SignedAgentMandateV1 = AgentMandateV1 & {
326
+ signing_algorithm: string;
327
+ message_digest_sha256_hex: string;
328
+ signing_public_key_ed25519_hex: string;
329
+ ed25519_signature_hex: string;
330
+ };
331
+ export type AgentRecognitionVerifierContext = {
332
+ tenant_id: string;
333
+ verifier_id: string;
334
+ };
335
+ export type AgentRecognitionRequestEnvelope = {
336
+ method: string;
337
+ path: string;
338
+ body_digest_sha256_hex: string;
339
+ };
340
+ export type AgentRecognitionProofV1 = {
341
+ schema_version?: number;
342
+ kind?: string;
343
+ key_id: string;
344
+ signature_algorithm?: string;
345
+ issued_at: string;
346
+ expires_at: string;
347
+ nonce: string;
348
+ purpose: string;
349
+ verifier_context: AgentRecognitionVerifierContext;
350
+ request_envelope: AgentRecognitionRequestEnvelope;
351
+ message_digest_sha256_hex?: string;
352
+ signing_public_key_ed25519_hex?: string;
353
+ ed25519_signature_hex?: string;
354
+ };
355
+ export type ProtocolTransportBindingV1 = {
356
+ source_protocol?: string;
357
+ partner_platform?: string;
358
+ external_authorization_id?: string;
359
+ request_id?: string;
360
+ };
361
+ export type ProtocolAuthorizationReceiptV1 = {
362
+ schema_version: number;
363
+ kind: string;
364
+ receipt_version: string;
365
+ receipt_id: string;
366
+ issued_at: string;
367
+ status: string;
368
+ intent_id: string;
369
+ tenant_id: string;
370
+ verifier_id: string;
371
+ transport_binding: ProtocolTransportBindingV1;
372
+ mandate_digest_sha256_hex: string;
373
+ imported_mandate_signing_public_key_ed25519_hex: string;
374
+ authorization: AgentMandateAuthorization;
375
+ agent: AgentMandateAgentIdentity;
376
+ allowed_actions: string[];
377
+ allowed_tools: string[];
378
+ spend_ceiling: AgentMandateSpendCeiling;
379
+ settlement: AgentMandateSettlementRailPolicy;
380
+ constraint: AgentMandateConstraintReference;
381
+ expires_at: string;
382
+ nonce: string;
383
+ human_presence_mode: string;
384
+ signing_algorithm: string;
385
+ message_digest_sha256_hex: string;
386
+ signing_public_key_ed25519_hex: string;
387
+ ed25519_signature_hex: string;
388
+ };
389
+ export type ProtocolSettlementReceiptV1 = {
390
+ schema_version: number;
391
+ kind: string;
392
+ receipt_version: string;
393
+ receipt_id: string;
394
+ issued_at: string;
395
+ intent_id: string;
396
+ tenant_id: string;
397
+ verifier_id: string;
398
+ transport_binding: ProtocolTransportBindingV1;
399
+ authorization_receipt_id: string;
400
+ mandate_digest_sha256_hex: string;
401
+ harbor_state: string;
402
+ predicate_passed?: boolean;
403
+ settlement_rail: string;
404
+ settlement_mode: string;
405
+ principal_did: string;
406
+ payee_did: string;
407
+ currency: string;
408
+ amount_cents: number;
409
+ terminal_observed_at: string;
410
+ signing_algorithm: string;
411
+ message_digest_sha256_hex: string;
412
+ signing_public_key_ed25519_hex: string;
413
+ ed25519_signature_hex: string;
414
+ };
415
+ export type ImportAgentMandateV1Result = {
416
+ valid: boolean;
417
+ intent_id: string;
418
+ mandate_digest_sha256_hex: string;
419
+ mandate: AgentMandateV1;
420
+ authorization_receipt: ProtocolAuthorizationReceiptV1;
421
+ };
422
+ export type VerifyProtocolReceiptV1Result = {
423
+ valid: boolean;
424
+ kind: string;
425
+ receipt_id: string;
426
+ tenant_id: string;
427
+ receipt: ProtocolAuthorizationReceiptV1 | ProtocolSettlementReceiptV1 | Record<string, unknown>;
428
+ };
429
+ export declare class A2AHttpError extends Error {
430
+ readonly statusCode: number;
431
+ readonly url: string;
432
+ readonly bodyText: string;
433
+ constructor(message: string, init: {
434
+ statusCode: number;
435
+ url: string;
436
+ bodyText: string;
437
+ });
438
+ }
439
+ export declare class ProtocolHttpError extends Error {
440
+ readonly statusCode: number;
441
+ readonly url: string;
442
+ readonly bodyText: string;
443
+ readonly errorCode?: string;
444
+ readonly errorMessage?: string;
445
+ constructor(message: string, init: {
446
+ statusCode: number;
447
+ url: string;
448
+ bodyText: string;
449
+ errorCode?: string;
450
+ errorMessage?: string;
451
+ });
452
+ }
98
453
  /**
99
454
  * Exchanges a `paybond_sk_` API key for short-lived Harbor JWTs and caches tenant realm from the
100
455
  * gateway response (no separate tenant env var for the default path).
@@ -273,11 +628,73 @@ export declare class GatewaySignalClient {
273
628
  private fetchGetWithRetries;
274
629
  private assertTenant;
275
630
  private scoreQuery;
276
- getReputationReceipt(operatorDid: string, scoreVersion?: string): Promise<Record<string, unknown> | null>;
277
- getPortfolioSummary(scoreVersion?: string): Promise<Record<string, unknown>>;
631
+ getReputationReceipt(operatorDid: string, scoreVersion?: string): Promise<SignalReceiptEnvelope | null>;
632
+ getPortfolioSummary(scoreVersion?: string): Promise<SignalPortfolioSummary>;
633
+ getSignedPortfolioArtifact(scoreVersion?: string): Promise<SignalSignedPortfolioArtifact>;
278
634
  getOperatorExplanation(operatorDid: string, scoreVersion?: string): Promise<Record<string, unknown> | null>;
279
635
  getOperatorReviewStatus(operatorDid: string, scoreVersion?: string): Promise<Record<string, unknown> | null>;
280
636
  }
637
+ type GatewayA2AClientOptions = {
638
+ staticGatewayBearerToken?: string;
639
+ maxRetries?: number;
640
+ };
641
+ /**
642
+ * Public or optionally authenticated reader for the gateway's A2A discovery surface.
643
+ */
644
+ export declare class GatewayA2AClient {
645
+ private readonly base;
646
+ private readonly bearerToken?;
647
+ private readonly maxRetries;
648
+ constructor(gatewayBaseUrl: string, options?: GatewayA2AClientOptions);
649
+ private fetchGetWithRetries;
650
+ getAgentCard(): Promise<A2AAgentCard>;
651
+ getTaskContracts(): Promise<A2ATaskContractCatalogV1>;
652
+ getTaskContract(contractId: string): Promise<A2ASettlementTaskContractV1>;
653
+ }
654
+ export declare class GatewayProtocolClient {
655
+ readonly tenantId: string;
656
+ private readonly base;
657
+ private readonly staticGatewayBearerToken;
658
+ private readonly maxRetries;
659
+ constructor(gatewayBaseUrl: string, tenantId: string, init?: {
660
+ staticGatewayBearerToken?: string;
661
+ maxRetries?: number;
662
+ });
663
+ private fetchWithRetries;
664
+ private headers;
665
+ private postJSON;
666
+ importAgentMandateV1(init: {
667
+ signedMandate: SignedAgentMandateV1;
668
+ intentId: string;
669
+ transportBinding?: ProtocolTransportBindingV1;
670
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
671
+ }): Promise<ImportAgentMandateV1Result>;
672
+ getSettlementReceiptV1(receiptId: string): Promise<ProtocolSettlementReceiptV1>;
673
+ verifyProtocolReceiptV1(receipt: ProtocolAuthorizationReceiptV1 | ProtocolSettlementReceiptV1 | Record<string, unknown>): Promise<VerifyProtocolReceiptV1Result>;
674
+ createHarborIntent(init: {
675
+ body: Record<string, unknown>;
676
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
677
+ idempotencyKey?: string;
678
+ }): Promise<Record<string, unknown>>;
679
+ fundHarborIntent(init: {
680
+ intentId: string;
681
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
682
+ paymentSignature?: string;
683
+ idempotencyKey?: string;
684
+ }): Promise<Record<string, unknown>>;
685
+ submitHarborEvidence(init: {
686
+ intentId: string;
687
+ body: Record<string, unknown>;
688
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
689
+ idempotencyKey?: string;
690
+ }): Promise<Record<string, unknown>>;
691
+ confirmHarborSettlement(init: {
692
+ intentId: string;
693
+ body: Record<string, unknown>;
694
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
695
+ idempotencyKey?: string;
696
+ }): Promise<Record<string, unknown>>;
697
+ }
281
698
  export type ServiceAccountSignalSessionInit = {
282
699
  gatewayBaseUrl: string;
283
700
  apiKey: string;
@@ -337,6 +754,8 @@ export declare class PaybondIntents {
337
754
  export declare class Paybond {
338
755
  readonly harbor: HarborClient;
339
756
  readonly signal: GatewaySignalClient;
757
+ readonly a2a: GatewayA2AClient;
758
+ readonly protocol: GatewayProtocolClient;
340
759
  readonly intents: PaybondIntents;
341
760
  private readonly session;
342
761
  private constructor();