@paybond/kit 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.ts CHANGED
@@ -95,6 +95,553 @@ export declare class SignalHttpError extends Error {
95
95
  bodyText: string;
96
96
  });
97
97
  }
98
+ export type SignalMetrics = {
99
+ terminal_intents: number;
100
+ released: number;
101
+ refunded: number;
102
+ disputed: number;
103
+ success_rate_bps: number;
104
+ dispute_rate_bps: number;
105
+ refund_rate_bps: number;
106
+ mean_latency_nanos: number;
107
+ latency_sample_count: number;
108
+ receipted_volume_cents: number;
109
+ };
110
+ export type SignalConfidence = {
111
+ band: string;
112
+ support_score: number;
113
+ summary: string;
114
+ };
115
+ export type SignalSupportDepth = {
116
+ band: string;
117
+ terminal_intents: number;
118
+ receipted_volume_cents: number;
119
+ history_depth: number;
120
+ latency_sample_count: number;
121
+ };
122
+ export type SignalExplanationMetricDelta = {
123
+ metric: string;
124
+ previous: number;
125
+ current: number;
126
+ delta: number;
127
+ };
128
+ export type SignalExplanationDelta = {
129
+ basis: string;
130
+ previous_score: number;
131
+ score_delta: number;
132
+ previous_ledger_watermark_seq: number;
133
+ changed_metrics: SignalExplanationMetricDelta[];
134
+ reason_codes_added: string[];
135
+ reason_codes_removed: string[];
136
+ summary: string;
137
+ };
138
+ export type SignalSignedReceipt = {
139
+ schema_version: number;
140
+ receipt_version: string;
141
+ tenant_id: string;
142
+ operator_did: string;
143
+ score_version: string;
144
+ scoring_model: string;
145
+ scoring_narrative: string;
146
+ explanation_summary: string;
147
+ ledger_watermark_seq: number;
148
+ reason_codes: string[];
149
+ confidence?: SignalConfidence;
150
+ support_depth?: SignalSupportDepth;
151
+ review_state?: string;
152
+ explanation_delta?: SignalExplanationDelta;
153
+ metrics: SignalMetrics;
154
+ score: number;
155
+ signing_algorithm: string;
156
+ message_digest_hex: string;
157
+ signing_public_key_hex: string;
158
+ signature_hex: string;
159
+ };
160
+ export type SignalReceiptEnvelope = {
161
+ schema_version: number;
162
+ updated_at: string;
163
+ receipt: SignalSignedReceipt;
164
+ };
165
+ export type SignalPortfolioOperator = {
166
+ operator_did: string;
167
+ receipt_version?: string;
168
+ score: number;
169
+ ledger_watermark_seq: number;
170
+ receipt_message_digest_hex: string;
171
+ confidence?: SignalConfidence;
172
+ support_depth?: SignalSupportDepth;
173
+ review_state?: string;
174
+ explanation_delta?: SignalExplanationDelta;
175
+ };
176
+ export type SignalSignedPortfolioArtifact = {
177
+ schema_version: number;
178
+ artifact_version: string;
179
+ kind: string;
180
+ tenant_id: string;
181
+ score_model_version: string;
182
+ scoring_model: string;
183
+ checkpoint_last_ledger_seq: number;
184
+ operators: SignalPortfolioOperator[];
185
+ signing_algorithm: string;
186
+ message_digest_hex: string;
187
+ signing_public_key_hex: string;
188
+ signature_hex: string;
189
+ };
190
+ export type SignalPortfolioSummary = {
191
+ schema_version: number;
192
+ tenant_id: string;
193
+ score_model_version: string;
194
+ scoring_model: string;
195
+ checkpoint_last_ledger_seq: number;
196
+ operator_count: number;
197
+ average_score: number;
198
+ total_terminal_intents: number;
199
+ total_receipted_volume_cents: number;
200
+ operators_under_review: number;
201
+ };
202
+ export type SignalFraudSeverity = "elevated" | "high" | "critical";
203
+ export type SignalReviewState = "none" | "open" | "in_review" | "closed" | "all";
204
+ export type SignalFraudSignal = {
205
+ code: string;
206
+ severity: SignalFraudSeverity | string;
207
+ category: string;
208
+ window: string;
209
+ evidence_count: number;
210
+ summary: string;
211
+ affects_score: false;
212
+ signal_source?: string;
213
+ first_seen_at?: string;
214
+ last_seen_at?: string;
215
+ evidence_binding_strength?: string;
216
+ provider_event_refs?: string[];
217
+ intent_refs?: string[];
218
+ };
219
+ export type SignalFraudAssessment = {
220
+ fraud_signal_version: string;
221
+ level: "none" | SignalFraudSeverity | string;
222
+ highest_severity: "none" | SignalFraudSeverity | string;
223
+ review_priority: "normal" | "elevated" | "high" | "urgent" | string;
224
+ signal_count: number;
225
+ severe_signal_count: number;
226
+ summary: string;
227
+ };
228
+ export type SignalFraudReleaseGateMode = "review_only" | "critical_hold";
229
+ export type SignalFraudReleaseGateConfig = {
230
+ mode: SignalFraudReleaseGateMode | string;
231
+ };
232
+ export type SignalFraudSignalFamilyReliability = {
233
+ signal_family: string;
234
+ reliable: boolean;
235
+ stale: boolean;
236
+ sparse: boolean;
237
+ reviewed_count: number;
238
+ labeled_outcome_count: number;
239
+ review_precision_bps: number;
240
+ min_signal_family_labeled_outcome_count: number;
241
+ last_labeled_at?: string;
242
+ reasons: string[];
243
+ summary: string;
244
+ };
245
+ export type SignalFraudReleaseGateMetricsReliability = {
246
+ reliable: boolean;
247
+ stale: boolean;
248
+ sparse: boolean;
249
+ reviewed_count: number;
250
+ labeled_outcome_count: number;
251
+ review_precision_bps: number;
252
+ min_reviewed_count: number;
253
+ min_labeled_outcome_count: number;
254
+ min_signal_family_labeled_outcome_count: number;
255
+ min_review_precision_bps: number;
256
+ last_labeled_at?: string;
257
+ signal_families?: SignalFraudSignalFamilyReliability[];
258
+ reasons: string[];
259
+ summary: string;
260
+ };
261
+ export type SignalFraudReleaseGateDecision = {
262
+ mode: SignalFraudReleaseGateMode | string;
263
+ enforcement_enabled: boolean;
264
+ metrics_reliable: boolean;
265
+ release_allowed: boolean;
266
+ hold_required: boolean;
267
+ critical_signal_count: number;
268
+ critical_signal_codes: string[];
269
+ blocking_signal_codes?: string[];
270
+ blocking_evidence_refs?: string[];
271
+ reliability_reasons?: string[];
272
+ reasons: string[];
273
+ summary: string;
274
+ };
275
+ export type SignalFraudAssessmentResponse = {
276
+ schema_version: number;
277
+ tenant_id: string;
278
+ operator_did: string;
279
+ score_model_version: string;
280
+ review_state: string;
281
+ review_outcome: string;
282
+ review_reasons: string[];
283
+ fraud_signals: SignalFraudSignal[];
284
+ fraud_assessment: SignalFraudAssessment;
285
+ release_gate?: SignalFraudReleaseGateDecision;
286
+ [key: string]: unknown;
287
+ };
288
+ export type SignalFraudReviewQueueItem = {
289
+ operator_did: string;
290
+ review_state: string;
291
+ review_outcome: string;
292
+ review_reasons: string[];
293
+ anomaly_flagged: boolean;
294
+ opened_at: string;
295
+ reviewed_at: string;
296
+ updated_at: string;
297
+ last_receipt_message_digest_hex: string;
298
+ fraud_signals: SignalFraudSignal[];
299
+ fraud_assessment: SignalFraudAssessment;
300
+ release_gate?: SignalFraudReleaseGateDecision;
301
+ [key: string]: unknown;
302
+ };
303
+ export type SignalFraudReviewQueueResponse = {
304
+ schema_version: number;
305
+ tenant_id: string;
306
+ score_model_version: string;
307
+ items: SignalFraudReviewQueueItem[];
308
+ };
309
+ export type SignalFraudMetricsWindow = "24h" | "7d" | "30d";
310
+ export type SignalFraudMetricsResponse = {
311
+ schema_version: number;
312
+ tenant_id: string;
313
+ score_model_version: string;
314
+ fraud_signal_version: string;
315
+ window: SignalFraudMetricsWindow | string;
316
+ window_started_at: string;
317
+ window_ended_at: string;
318
+ generated_at: string;
319
+ flagged_operator_count: number;
320
+ critical_signal_count: number;
321
+ high_signal_count: number;
322
+ elevated_signal_count: number;
323
+ review_open_count: number;
324
+ review_load_count: number;
325
+ reviewed_count: number;
326
+ labeled_outcome_count: number;
327
+ confirmed_risk_count: number;
328
+ false_positive_count: number;
329
+ needs_more_evidence_count: number;
330
+ review_precision_bps: number;
331
+ false_positive_rate_bps: number;
332
+ confirmed_risk_rate_bps: number;
333
+ labeled_coverage_bps: number;
334
+ median_time_to_review_seconds: number;
335
+ refund_burst_count: number;
336
+ dispute_cluster_count: number;
337
+ replay_appeal_abuse_count: number;
338
+ critical_signal_hold_candidate_count: number;
339
+ provider_signal_count: number;
340
+ stale_label_gap_seconds: number;
341
+ stale_signal_family_label_gap_count: number;
342
+ backtest_summary: string;
343
+ release_gate_config?: SignalFraudReleaseGateConfig;
344
+ release_gate_metrics_reliability?: SignalFraudReleaseGateMetricsReliability;
345
+ };
346
+ export type SignalFraudReleaseGateConfigResponse = {
347
+ schema_version: number;
348
+ tenant_id: string;
349
+ score_model_version: string;
350
+ fraud_signal_version: string;
351
+ generated_at: string;
352
+ config: SignalFraudReleaseGateConfig;
353
+ metrics_reliability: SignalFraudReleaseGateMetricsReliability;
354
+ };
355
+ export type SignalFraudReviewEventType = "review_open_requested" | "appeal_requested" | "replay_requested" | "review_outcome_recorded" | SignalFraudReviewOutcome;
356
+ export type SignalFraudReviewOutcome = "confirmed_risk" | "false_positive" | "needs_more_evidence";
357
+ export type SignalFraudReviewEventInput = {
358
+ eventType: SignalFraudReviewEventType | string;
359
+ reviewOutcome?: SignalFraudReviewOutcome | string;
360
+ review_outcome?: SignalFraudReviewOutcome | string;
361
+ signalCode?: string;
362
+ signal_code?: string;
363
+ intentId?: string;
364
+ intent_id?: string;
365
+ providerEventId?: string;
366
+ provider_event_id?: string;
367
+ summary: string;
368
+ };
369
+ export type SignalFraudReviewEventResponse = {
370
+ schema_version: number;
371
+ tenant_id: string;
372
+ operator_did: string;
373
+ score_model_version: string;
374
+ requested_event_type: string;
375
+ recorded_event_type: string;
376
+ review_outcome?: string;
377
+ signal_code?: string;
378
+ intent_id?: string;
379
+ provider_event_id?: string;
380
+ accepted: boolean;
381
+ next_eligible_at?: string;
382
+ [key: string]: unknown;
383
+ };
384
+ export type ListFraudReviewQueueOptions = {
385
+ state?: SignalReviewState | string;
386
+ severity?: SignalFraudSeverity | string;
387
+ limit?: number;
388
+ scoreVersion?: string;
389
+ };
390
+ export type GetFraudMetricsOptions = {
391
+ window?: SignalFraudMetricsWindow | string;
392
+ scoreVersion?: string;
393
+ };
394
+ export type A2AAgentCard = {
395
+ name: string;
396
+ description: string;
397
+ supportedInterfaces: Array<{
398
+ url: string;
399
+ protocolBinding: string;
400
+ protocolVersion: string;
401
+ tenant?: string;
402
+ }>;
403
+ provider?: {
404
+ url: string;
405
+ organization: string;
406
+ };
407
+ version: string;
408
+ documentationUrl?: string;
409
+ capabilities: {
410
+ streaming?: boolean;
411
+ pushNotifications?: boolean;
412
+ extendedAgentCard?: boolean;
413
+ extensions?: Array<{
414
+ uri?: string;
415
+ description?: string;
416
+ required?: boolean;
417
+ params?: Record<string, unknown>;
418
+ }>;
419
+ };
420
+ securitySchemes?: Record<string, unknown>;
421
+ defaultInputModes: string[];
422
+ defaultOutputModes: string[];
423
+ skills: Array<{
424
+ id: string;
425
+ name: string;
426
+ description: string;
427
+ tags: string[];
428
+ examples?: string[];
429
+ inputModes?: string[];
430
+ outputModes?: string[];
431
+ securityRequirements?: Array<Record<string, string[]>>;
432
+ }>;
433
+ };
434
+ export type A2ATaskField = {
435
+ name: string;
436
+ type: string;
437
+ required: boolean;
438
+ description: string;
439
+ };
440
+ export type A2ATaskParticipant = {
441
+ role: string;
442
+ required: boolean;
443
+ description: string;
444
+ };
445
+ export type A2ATaskExample = {
446
+ name: string;
447
+ description: string;
448
+ sampleInput?: Record<string, unknown>;
449
+ sampleResponse?: Record<string, unknown>;
450
+ };
451
+ export type A2ASettlementTaskContractV1 = {
452
+ schemaVersion: number;
453
+ kind: string;
454
+ id: string;
455
+ name: string;
456
+ description: string;
457
+ url: string;
458
+ routeBindings: string[];
459
+ requiredTrustArtifacts: string[];
460
+ settlementPhases: string[];
461
+ participants: A2ATaskParticipant[];
462
+ inputModes: string[];
463
+ outputModes: string[];
464
+ taskMetadataFields?: A2ATaskField[];
465
+ inputFields: A2ATaskField[];
466
+ resultFields: A2ATaskField[];
467
+ examples?: A2ATaskExample[];
468
+ };
469
+ export type A2ATaskContractCatalogV1 = {
470
+ schemaVersion: number;
471
+ kind: string;
472
+ agentCardUrl: string;
473
+ documentationUrl?: string;
474
+ contracts: A2ASettlementTaskContractV1[];
475
+ };
476
+ export type AgentMandateAuthorization = {
477
+ kind: string;
478
+ tenant_id: string;
479
+ principal_subject?: string;
480
+ principal_type?: string;
481
+ };
482
+ export type AgentMandateAgentIdentity = {
483
+ subject: string;
484
+ issuer?: string;
485
+ key_id?: string;
486
+ display_name?: string;
487
+ };
488
+ export type AgentMandateSpendCeiling = {
489
+ amount_minor: number;
490
+ currency: string;
491
+ };
492
+ export type AgentMandateSettlementRailPolicy = {
493
+ default_rail: string;
494
+ allowed_rails: string[];
495
+ };
496
+ export type AgentMandateConstraintReference = {
497
+ kind: string;
498
+ id?: string;
499
+ version?: string;
500
+ digest_sha256_hex?: string;
501
+ uri?: string;
502
+ };
503
+ export type AgentMandateV1 = {
504
+ schema_version: number;
505
+ kind: string;
506
+ authorization: AgentMandateAuthorization;
507
+ agent: AgentMandateAgentIdentity;
508
+ allowed_actions: string[];
509
+ allowed_tools: string[];
510
+ spend_ceiling: AgentMandateSpendCeiling;
511
+ settlement: AgentMandateSettlementRailPolicy;
512
+ constraint: AgentMandateConstraintReference;
513
+ expires_at: string;
514
+ nonce: string;
515
+ human_presence_mode: string;
516
+ };
517
+ export type SignedAgentMandateV1 = AgentMandateV1 & {
518
+ signing_algorithm: string;
519
+ message_digest_sha256_hex: string;
520
+ signing_public_key_ed25519_hex: string;
521
+ ed25519_signature_hex: string;
522
+ };
523
+ export type AgentRecognitionVerifierContext = {
524
+ tenant_id: string;
525
+ verifier_id: string;
526
+ };
527
+ export type AgentRecognitionRequestEnvelope = {
528
+ method: string;
529
+ path: string;
530
+ body_digest_sha256_hex: string;
531
+ };
532
+ export type AgentRecognitionProofV1 = {
533
+ schema_version?: number;
534
+ kind?: string;
535
+ key_id: string;
536
+ signature_algorithm?: string;
537
+ issued_at: string;
538
+ expires_at: string;
539
+ nonce: string;
540
+ purpose: string;
541
+ verifier_context: AgentRecognitionVerifierContext;
542
+ request_envelope: AgentRecognitionRequestEnvelope;
543
+ message_digest_sha256_hex?: string;
544
+ signing_public_key_ed25519_hex?: string;
545
+ ed25519_signature_hex?: string;
546
+ };
547
+ export type ProtocolTransportBindingV1 = {
548
+ source_protocol?: string;
549
+ partner_platform?: string;
550
+ external_authorization_id?: string;
551
+ request_id?: string;
552
+ };
553
+ export type ProtocolAuthorizationReceiptV1 = {
554
+ schema_version: number;
555
+ kind: string;
556
+ receipt_version: string;
557
+ receipt_id: string;
558
+ issued_at: string;
559
+ status: string;
560
+ intent_id: string;
561
+ tenant_id: string;
562
+ verifier_id: string;
563
+ transport_binding: ProtocolTransportBindingV1;
564
+ mandate_digest_sha256_hex: string;
565
+ imported_mandate_signing_public_key_ed25519_hex: string;
566
+ authorization: AgentMandateAuthorization;
567
+ agent: AgentMandateAgentIdentity;
568
+ allowed_actions: string[];
569
+ allowed_tools: string[];
570
+ spend_ceiling: AgentMandateSpendCeiling;
571
+ settlement: AgentMandateSettlementRailPolicy;
572
+ constraint: AgentMandateConstraintReference;
573
+ expires_at: string;
574
+ nonce: string;
575
+ human_presence_mode: string;
576
+ signing_algorithm: string;
577
+ message_digest_sha256_hex: string;
578
+ signing_public_key_ed25519_hex: string;
579
+ ed25519_signature_hex: string;
580
+ };
581
+ export type ProtocolSettlementReceiptV1 = {
582
+ schema_version: number;
583
+ kind: string;
584
+ receipt_version: string;
585
+ receipt_id: string;
586
+ issued_at: string;
587
+ intent_id: string;
588
+ tenant_id: string;
589
+ verifier_id: string;
590
+ transport_binding: ProtocolTransportBindingV1;
591
+ authorization_receipt_id: string;
592
+ mandate_digest_sha256_hex: string;
593
+ harbor_state: string;
594
+ predicate_passed?: boolean;
595
+ settlement_rail: string;
596
+ settlement_mode: string;
597
+ principal_did: string;
598
+ payee_did: string;
599
+ currency: string;
600
+ amount_cents: number;
601
+ terminal_observed_at: string;
602
+ signing_algorithm: string;
603
+ message_digest_sha256_hex: string;
604
+ signing_public_key_ed25519_hex: string;
605
+ ed25519_signature_hex: string;
606
+ };
607
+ export type ImportAgentMandateV1Result = {
608
+ valid: boolean;
609
+ intent_id: string;
610
+ mandate_digest_sha256_hex: string;
611
+ mandate: AgentMandateV1;
612
+ authorization_receipt: ProtocolAuthorizationReceiptV1;
613
+ };
614
+ export type VerifyProtocolReceiptV1Result = {
615
+ valid: boolean;
616
+ kind: string;
617
+ receipt_id: string;
618
+ tenant_id: string;
619
+ receipt: ProtocolAuthorizationReceiptV1 | ProtocolSettlementReceiptV1 | Record<string, unknown>;
620
+ };
621
+ export declare class A2AHttpError extends Error {
622
+ readonly statusCode: number;
623
+ readonly url: string;
624
+ readonly bodyText: string;
625
+ constructor(message: string, init: {
626
+ statusCode: number;
627
+ url: string;
628
+ bodyText: string;
629
+ });
630
+ }
631
+ export declare class ProtocolHttpError extends Error {
632
+ readonly statusCode: number;
633
+ readonly url: string;
634
+ readonly bodyText: string;
635
+ readonly errorCode?: string;
636
+ readonly errorMessage?: string;
637
+ constructor(message: string, init: {
638
+ statusCode: number;
639
+ url: string;
640
+ bodyText: string;
641
+ errorCode?: string;
642
+ errorMessage?: string;
643
+ });
644
+ }
98
645
  /**
99
646
  * Exchanges a `paybond_sk_` API key for short-lived Harbor JWTs and caches tenant realm from the
100
647
  * gateway response (no separate tenant env var for the default path).
@@ -261,6 +808,10 @@ type GatewaySignalClientOptions = {
261
808
  staticGatewayBearerToken: string;
262
809
  maxRetries?: number;
263
810
  };
811
+ type GatewayFraudClientOptions = {
812
+ staticGatewayBearerToken: string;
813
+ maxRetries?: number;
814
+ };
264
815
  /**
265
816
  * Tenant-bound reader for gateway Signal routes.
266
817
  */
@@ -273,17 +824,108 @@ export declare class GatewaySignalClient {
273
824
  private fetchGetWithRetries;
274
825
  private assertTenant;
275
826
  private scoreQuery;
276
- getReputationReceipt(operatorDid: string, scoreVersion?: string): Promise<Record<string, unknown> | null>;
277
- getPortfolioSummary(scoreVersion?: string): Promise<Record<string, unknown>>;
827
+ getReputationReceipt(operatorDid: string, scoreVersion?: string): Promise<SignalReceiptEnvelope | null>;
828
+ getPortfolioSummary(scoreVersion?: string): Promise<SignalPortfolioSummary>;
829
+ getSignedPortfolioArtifact(scoreVersion?: string): Promise<SignalSignedPortfolioArtifact>;
278
830
  getOperatorExplanation(operatorDid: string, scoreVersion?: string): Promise<Record<string, unknown> | null>;
279
831
  getOperatorReviewStatus(operatorDid: string, scoreVersion?: string): Promise<Record<string, unknown> | null>;
280
832
  }
833
+ /**
834
+ * Tenant-bound client for gateway fraud review and metrics routes.
835
+ */
836
+ export declare class GatewayFraudClient {
837
+ private readonly base;
838
+ readonly tenantId: string;
839
+ private readonly bearerToken;
840
+ private readonly maxRetries;
841
+ constructor(gatewayBaseUrl: string, tenantId: string, options: GatewayFraudClientOptions);
842
+ private fetchGetWithRetries;
843
+ private fetchPostJSON;
844
+ private fetchPutJSON;
845
+ private assertTenant;
846
+ private assertOperator;
847
+ private query;
848
+ private normalizedSeverity;
849
+ private normalizedWindow;
850
+ private normalizedReleaseGateMode;
851
+ private normalizedReviewEventType;
852
+ private normalizedReviewOutcome;
853
+ private optionalReviewContext;
854
+ getFraudAssessment(operatorDid: string, scoreVersion?: string): Promise<SignalFraudAssessmentResponse | null>;
855
+ listFraudReviewQueue(options?: ListFraudReviewQueueOptions): Promise<SignalFraudReviewQueueResponse>;
856
+ getFraudMetrics(options?: GetFraudMetricsOptions): Promise<SignalFraudMetricsResponse>;
857
+ getFraudReleaseGateConfig(scoreVersion?: string): Promise<SignalFraudReleaseGateConfigResponse>;
858
+ setFraudReleaseGateMode(mode: SignalFraudReleaseGateMode | string): Promise<SignalFraudReleaseGateConfigResponse>;
859
+ recordFraudReviewEvent(operatorDid: string, event: SignalFraudReviewEventInput, scoreVersion?: string): Promise<SignalFraudReviewEventResponse>;
860
+ }
861
+ type GatewayA2AClientOptions = {
862
+ staticGatewayBearerToken?: string;
863
+ maxRetries?: number;
864
+ };
865
+ /**
866
+ * Public or optionally authenticated reader for the gateway's A2A discovery surface.
867
+ */
868
+ export declare class GatewayA2AClient {
869
+ private readonly base;
870
+ private readonly bearerToken?;
871
+ private readonly maxRetries;
872
+ constructor(gatewayBaseUrl: string, options?: GatewayA2AClientOptions);
873
+ private fetchGetWithRetries;
874
+ getAgentCard(): Promise<A2AAgentCard>;
875
+ getTaskContracts(): Promise<A2ATaskContractCatalogV1>;
876
+ getTaskContract(contractId: string): Promise<A2ASettlementTaskContractV1>;
877
+ }
878
+ export declare class GatewayProtocolClient {
879
+ readonly tenantId: string;
880
+ private readonly base;
881
+ private readonly staticGatewayBearerToken;
882
+ private readonly maxRetries;
883
+ constructor(gatewayBaseUrl: string, tenantId: string, init?: {
884
+ staticGatewayBearerToken?: string;
885
+ maxRetries?: number;
886
+ });
887
+ private fetchWithRetries;
888
+ private headers;
889
+ private postJSON;
890
+ importAgentMandateV1(init: {
891
+ signedMandate: SignedAgentMandateV1;
892
+ intentId: string;
893
+ transportBinding?: ProtocolTransportBindingV1;
894
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
895
+ }): Promise<ImportAgentMandateV1Result>;
896
+ getSettlementReceiptV1(receiptId: string): Promise<ProtocolSettlementReceiptV1>;
897
+ verifyProtocolReceiptV1(receipt: ProtocolAuthorizationReceiptV1 | ProtocolSettlementReceiptV1 | Record<string, unknown>): Promise<VerifyProtocolReceiptV1Result>;
898
+ createHarborIntent(init: {
899
+ body: Record<string, unknown>;
900
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
901
+ idempotencyKey?: string;
902
+ }): Promise<Record<string, unknown>>;
903
+ fundHarborIntent(init: {
904
+ intentId: string;
905
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
906
+ paymentSignature?: string;
907
+ idempotencyKey?: string;
908
+ }): Promise<Record<string, unknown>>;
909
+ submitHarborEvidence(init: {
910
+ intentId: string;
911
+ body: Record<string, unknown>;
912
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
913
+ idempotencyKey?: string;
914
+ }): Promise<Record<string, unknown>>;
915
+ confirmHarborSettlement(init: {
916
+ intentId: string;
917
+ body: Record<string, unknown>;
918
+ recognitionProof: AgentRecognitionProofV1 | Record<string, unknown>;
919
+ idempotencyKey?: string;
920
+ }): Promise<Record<string, unknown>>;
921
+ }
281
922
  export type ServiceAccountSignalSessionInit = {
282
923
  gatewayBaseUrl: string;
283
924
  apiKey: string;
284
925
  principalPath?: string;
285
926
  maxRetries?: number;
286
927
  };
928
+ export type ServiceAccountFraudSessionInit = ServiceAccountSignalSessionInit;
287
929
  /**
288
930
  * Read-only tenant-bound Signal session for one service-account API key.
289
931
  */
@@ -293,6 +935,15 @@ export declare class ServiceAccountSignalSession {
293
935
  static open(init: ServiceAccountSignalSessionInit): Promise<ServiceAccountSignalSession>;
294
936
  aclose(): Promise<void>;
295
937
  }
938
+ /**
939
+ * Tenant-bound fraud review and metrics session for one service-account API key.
940
+ */
941
+ export declare class ServiceAccountFraudSession {
942
+ readonly fraud: GatewayFraudClient;
943
+ private constructor();
944
+ static open(init: ServiceAccountFraudSessionInit): Promise<ServiceAccountFraudSession>;
945
+ aclose(): Promise<void>;
946
+ }
296
947
  /**
297
948
  * Parameters for {@link PaybondIntents.create} (tenant is taken from the bound Harbor client).
298
949
  * `settlementRail`, when set, requests one allowed rail; Harbor still resolves the destination
@@ -337,6 +988,9 @@ export declare class PaybondIntents {
337
988
  export declare class Paybond {
338
989
  readonly harbor: HarborClient;
339
990
  readonly signal: GatewaySignalClient;
991
+ readonly fraud: GatewayFraudClient;
992
+ readonly a2a: GatewayA2AClient;
993
+ readonly protocol: GatewayProtocolClient;
340
994
  readonly intents: PaybondIntents;
341
995
  private readonly session;
342
996
  private constructor();