@paybond/kit 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -111,7 +111,7 @@ Advanced exports:
111
111
 
112
112
  `allowedTools` values are your own tool or operation names, not a Paybond-owned catalog. Harbor enforces string matching against whatever names you chose when creating the intent.
113
113
 
114
- `settlementRail` on intent creation is only a rail request. Stripe destinations and x402 receive addresses stay tenant-owned server-side config and are never supplied by the SDK caller.
114
+ `settlementRail` on intent creation is a principal-signed rail request. Stripe destinations and x402 receive addresses stay tenant-owned server-side config and are never supplied by the SDK caller.
115
115
 
116
116
  The protocol-v2 surface is trust-first: signed mandates, recognition proofs, and receipts work across supported settlement adapters instead of treating any single rail as the product boundary.
117
117
 
package/dist/index.d.ts CHANGED
@@ -946,8 +946,8 @@ export declare class ServiceAccountFraudSession {
946
946
  }
947
947
  /**
948
948
  * Parameters for {@link PaybondIntents.create} (tenant is taken from the bound Harbor client).
949
- * `settlementRail`, when set, requests one allowed rail; Harbor still resolves the destination
950
- * from tenant-owned settlement config.
949
+ * `settlementRail` is principal-signed and requests one allowed rail; Harbor still resolves the
950
+ * destination from tenant-owned settlement config.
951
951
  */
952
952
  export type PaybondCreateIntentParams = Omit<BuildSignedCreateIntentParams, "tenantId" | "intentId"> & {
953
953
  intentId?: string;
@@ -962,7 +962,7 @@ export declare class PaybondIntents {
962
962
  constructor(harbor: HarborClient);
963
963
  /**
964
964
  * Build a principal-signed `POST /intents` body and submit it. `principalSigningSeed` must be
965
- * 32 bytes. `settlementRail` only requests an allowed rail; destinations stay server-owned.
965
+ * 32 bytes. `settlementRail` is signed as the requested rail; destinations stay server-owned.
966
966
  */
967
967
  create(params: PaybondCreateIntentParams & {
968
968
  idempotencyKey?: string;
package/dist/index.js CHANGED
@@ -1537,7 +1537,7 @@ export class PaybondIntents {
1537
1537
  }
1538
1538
  /**
1539
1539
  * Build a principal-signed `POST /intents` body and submit it. `principalSigningSeed` must be
1540
- * 32 bytes. `settlementRail` only requests an allowed rail; destinations stay server-owned.
1540
+ * 32 bytes. `settlementRail` is signed as the requested rail; destinations stay server-owned.
1541
1541
  */
1542
1542
  async create(params) {
1543
1543
  const { idempotencyKey, intentId: maybeIntentId, ...fields } = params;
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env node
2
2
  import { GatewayAuthError, GatewayFraudClient, GatewaySignalClient, HarborHttpError, ServiceAccountHarborSession, SignalHttpError, } from "./index.js";
3
3
  const SERVER_NAME = "Paybond MCP";
4
- const SERVER_VERSION = "0.5.0";
4
+ const SERVER_VERSION = "0.6.0";
5
5
  const MCP_PROTOCOL_VERSION = "2025-11-25";
6
6
  const DEFAULT_HARBOR_ACCESS_PATH = "/v1/auth/harbor-access";
7
7
  const DEFAULT_PRINCIPAL_PATH = "/v1/auth/principal";
@@ -17,6 +17,7 @@ export declare function intentCreationSignBytesRaw(input: {
17
17
  predicate: Record<string, unknown>;
18
18
  predicateRef: string;
19
19
  allowedTools: string[];
20
+ settlementRail: SettlementRail;
20
21
  }): Uint8Array;
21
22
  export type BuildSignedCreateIntentParams = {
22
23
  tenantId: string;
@@ -32,11 +33,11 @@ export type BuildSignedCreateIntentParams = {
32
33
  deadlineRfc3339: string;
33
34
  allowedTools: string[];
34
35
  predicateRef?: string;
35
- /** Optional rail request for the new intent. Harbor resolves the destination server-side. */
36
- settlementRail?: SettlementRail;
36
+ /** Rail request for the new intent. Harbor resolves the destination server-side. */
37
+ settlementRail: SettlementRail;
37
38
  };
38
39
  /**
39
40
  * Build a Harbor `POST /intents` JSON body with principal Ed25519 detached signature.
40
- * `settlementRail` only requests an allowed rail; destinations remain tenant-owned server-side.
41
+ * `settlementRail` is included in the signature; destinations remain tenant-owned server-side.
41
42
  */
42
43
  export declare function buildSignedCreateIntentBody(params: BuildSignedCreateIntentParams): Record<string, unknown>;
@@ -49,15 +49,15 @@ function allowedToolsDigest(tools) {
49
49
  .filter((v, i, a) => a.indexOf(v) === i);
50
50
  return jsonValueDigest(sorted);
51
51
  }
52
- /** Bincode payload for principal intent creation (wire format revision byte `2`). */
52
+ /** Bincode payload for principal intent creation (wire format revision byte `4`). */
53
53
  function encodeIntentCreationSign(input) {
54
- const version = new Uint8Array([2]);
54
+ const version = new Uint8Array([4]);
55
55
  const intentBytes = parseUuid(input.intentId);
56
56
  if (intentBytes.length !== 16) {
57
57
  throw new Error("intentId must be a UUID string");
58
58
  }
59
59
  // Serde `Uuid` + bincode uses a u64 length prefix (16) before the raw 16 bytes (matches Rust).
60
- return concatBytes(version, encodeBincodeString(input.tenantId), encodeU64(16), intentBytes, encodeBincodeString(input.principalDid), encodeBincodeString(input.payeeDid), encodeI64(input.amountCents), encodeBincodeString(input.currency), encodeBincodeString(input.deadlineRfc3339), input.budgetDigest, input.evidenceSchemaDigest, input.predicateDslDigest, encodeBincodeString(input.predicateRef), input.allowedToolsDigest);
60
+ return concatBytes(version, encodeBincodeString(input.tenantId), encodeU64(16), intentBytes, encodeBincodeString(input.principalDid), encodeBincodeString(input.payeeDid), encodeI64(input.amountCents), encodeBincodeString(input.currency), encodeBincodeString(input.deadlineRfc3339), input.budgetDigest, input.evidenceSchemaDigest, input.predicateDslDigest, encodeBincodeString(input.predicateRef), input.allowedToolsDigest, encodeBincodeString(input.settlementRail));
61
61
  }
62
62
  export function intentCreationSignBytesRaw(input) {
63
63
  const budgetDigest = jsonValueDigest(input.budget);
@@ -77,6 +77,7 @@ export function intentCreationSignBytesRaw(input) {
77
77
  predicateDslDigest,
78
78
  predicateRef: input.predicateRef,
79
79
  allowedToolsDigest: allowedDigest,
80
+ settlementRail: input.settlementRail,
80
81
  });
81
82
  }
82
83
  function bytesToBase64(bytes) {
@@ -87,7 +88,7 @@ function bytesToBase64(bytes) {
87
88
  }
88
89
  /**
89
90
  * Build a Harbor `POST /intents` JSON body with principal Ed25519 detached signature.
90
- * `settlementRail` only requests an allowed rail; destinations remain tenant-owned server-side.
91
+ * `settlementRail` is included in the signature; destinations remain tenant-owned server-side.
91
92
  */
92
93
  export function buildSignedCreateIntentBody(params) {
93
94
  if (params.principalSigningSeed.length !== 32) {
@@ -96,9 +97,7 @@ export function buildSignedCreateIntentBody(params) {
96
97
  if (params.allowedTools.length === 0) {
97
98
  throw new Error("allowedTools must be non-empty");
98
99
  }
99
- const settlementRail = params.settlementRail
100
- ? validateSettlementRail(params.settlementRail)
101
- : undefined;
100
+ const settlementRail = validateSettlementRail(params.settlementRail);
102
101
  const predicateRef = params.predicateRef ?? "";
103
102
  const msg = intentCreationSignBytesRaw({
104
103
  tenantId: params.tenantId,
@@ -113,6 +112,7 @@ export function buildSignedCreateIntentBody(params) {
113
112
  predicate: params.predicate,
114
113
  predicateRef,
115
114
  allowedTools: params.allowedTools,
115
+ settlementRail,
116
116
  });
117
117
  const sig = sign(msg, params.principalSigningSeed);
118
118
  const pub = getPublicKey(params.principalSigningSeed);
@@ -128,15 +128,13 @@ export function buildSignedCreateIntentBody(params) {
128
128
  evidence_schema: params.evidenceSchema,
129
129
  deadline: params.deadlineRfc3339,
130
130
  predicate_dsl: params.predicate,
131
- signing_version: 2,
131
+ settlement_rail: settlementRail,
132
+ signing_version: 4,
132
133
  policy_binding: null,
133
134
  allowed_tools: params.allowedTools,
134
135
  };
135
136
  if (predicateRef.trim() !== "") {
136
137
  body.predicate_ref = predicateRef;
137
138
  }
138
- if (settlementRail) {
139
- body.settlement_rail = settlementRail;
140
- }
141
139
  return body;
142
140
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@paybond/kit",
3
- "version": "0.5.0",
3
+ "version": "0.6.0",
4
4
  "description": "Paybond Kit for TypeScript: tenant-bound Harbor sessions, capability verification, and signed intent/evidence flows.",
5
5
  "license": "Apache-2.0",
6
6
  "type": "module",