@paybond/kit 0.9.8 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/completion-presets/catalog.json +1187 -0
- package/completion-presets/catalog.sha256 +1 -0
- package/dev/trace-ui/dashboard.html +617 -0
- package/dist/agent/adapter.d.ts +51 -0
- package/dist/agent/adapter.js +66 -0
- package/dist/agent/attach-bundle.d.ts +37 -0
- package/dist/agent/attach-bundle.js +118 -0
- package/dist/agent/authorization-cache.d.ts +22 -0
- package/dist/agent/authorization-cache.js +36 -0
- package/dist/agent/deferred-tools.d.ts +11 -0
- package/dist/agent/deferred-tools.js +62 -0
- package/dist/agent/discover.d.ts +41 -0
- package/dist/agent/discover.js +147 -0
- package/dist/agent/evidence.d.ts +9 -0
- package/dist/agent/evidence.js +28 -0
- package/dist/agent/facade.d.ts +48 -0
- package/dist/agent/facade.js +112 -0
- package/dist/agent/gateway-trace-reporter.d.ts +28 -0
- package/dist/agent/gateway-trace-reporter.js +49 -0
- package/dist/agent/generic-runner.d.ts +14 -0
- package/dist/agent/generic-runner.js +49 -0
- package/dist/agent/generic-sandbox-demo.d.ts +36 -0
- package/dist/agent/generic-sandbox-demo.js +82 -0
- package/dist/agent/guarded-agent.d.ts +49 -0
- package/dist/agent/guarded-agent.js +100 -0
- package/dist/agent/index.d.ts +13 -0
- package/dist/agent/index.js +13 -0
- package/dist/agent/instrument.d.ts +156 -0
- package/dist/agent/instrument.js +442 -0
- package/dist/agent/interceptor.d.ts +24 -0
- package/dist/agent/interceptor.js +440 -0
- package/dist/agent/lazy-context-tools.d.ts +15 -0
- package/dist/agent/lazy-context-tools.js +81 -0
- package/dist/agent/registry-file.d.ts +39 -0
- package/dist/agent/registry-file.js +219 -0
- package/dist/agent/registry.d.ts +37 -0
- package/dist/agent/registry.js +128 -0
- package/dist/agent/run.d.ts +124 -0
- package/dist/agent/run.js +301 -0
- package/dist/agent/types.d.ts +318 -0
- package/dist/agent/types.js +42 -0
- package/dist/agent-recognition.d.ts +72 -0
- package/dist/agent-recognition.js +165 -0
- package/dist/bincode-wire.d.ts +18 -0
- package/dist/bincode-wire.js +93 -0
- package/dist/claude-agents/config.d.ts +21 -0
- package/dist/claude-agents/config.js +145 -0
- package/dist/claude-agents/index.d.ts +2 -0
- package/dist/claude-agents/index.js +2 -0
- package/dist/claude-agents/sandbox-demo.d.ts +30 -0
- package/dist/claude-agents/sandbox-demo.js +91 -0
- package/dist/cli/agent/env-quote.d.ts +1 -0
- package/dist/cli/agent/env-quote.js +6 -0
- package/dist/cli/agent/env-write.d.ts +8 -0
- package/dist/cli/agent/env-write.js +47 -0
- package/dist/cli/agent/paybond.d.ts +16 -0
- package/dist/cli/agent/paybond.js +55 -0
- package/dist/cli/agent/policy-file.d.ts +29 -0
- package/dist/cli/agent/policy-file.js +61 -0
- package/dist/cli/agent/production-evidence.d.ts +24 -0
- package/dist/cli/agent/production-evidence.js +98 -0
- package/dist/cli/agent/run-store.d.ts +30 -0
- package/dist/cli/agent/run-store.js +42 -0
- package/dist/cli/agent/run-trace-store.d.ts +39 -0
- package/dist/cli/agent/run-trace-store.js +143 -0
- package/dist/cli/agent-run-trace-table.d.ts +9 -0
- package/dist/cli/agent-run-trace-table.js +24 -0
- package/dist/cli/agent-sandbox-smoke-checklist.d.ts +9 -0
- package/dist/cli/agent-sandbox-smoke-checklist.js +50 -0
- package/dist/cli/audit-export.d.ts +7 -0
- package/dist/cli/audit-export.js +120 -0
- package/dist/cli/automation.d.ts +25 -0
- package/dist/cli/automation.js +297 -0
- package/dist/cli/body.d.ts +7 -0
- package/dist/cli/body.js +22 -0
- package/dist/cli/color.d.ts +15 -0
- package/dist/cli/color.js +39 -0
- package/dist/cli/command-spec.d.ts +13 -0
- package/dist/cli/command-spec.js +611 -0
- package/dist/cli/commands/agent.d.ts +16 -0
- package/dist/cli/commands/agent.js +1135 -0
- package/dist/cli/commands/dev.d.ts +7 -0
- package/dist/cli/commands/dev.js +348 -0
- package/dist/cli/commands/discovery.d.ts +8 -0
- package/dist/cli/commands/discovery.js +194 -0
- package/dist/cli/commands/policy.d.ts +13 -0
- package/dist/cli/commands/policy.js +769 -0
- package/dist/cli/commands/setup.d.ts +18 -0
- package/dist/cli/commands/setup.js +513 -0
- package/dist/cli/commands/workflows.d.ts +7 -0
- package/dist/cli/commands/workflows.js +214 -0
- package/dist/cli/config.d.ts +16 -0
- package/dist/cli/config.js +98 -0
- package/dist/cli/context.d.ts +22 -0
- package/dist/cli/context.js +110 -0
- package/dist/cli/credentials.d.ts +21 -0
- package/dist/cli/credentials.js +141 -0
- package/dist/cli/doctor-agent-middleware.d.ts +5 -0
- package/dist/cli/doctor-agent-middleware.js +49 -0
- package/dist/cli/doctor-agent.d.ts +15 -0
- package/dist/cli/doctor-agent.js +311 -0
- package/dist/cli/envelope.d.ts +14 -0
- package/dist/cli/envelope.js +46 -0
- package/dist/cli/globals.d.ts +23 -0
- package/dist/cli/globals.js +248 -0
- package/dist/cli/help.d.ts +3 -0
- package/dist/cli/help.js +83 -0
- package/dist/cli/mcp-install.d.ts +41 -0
- package/dist/cli/mcp-install.js +95 -0
- package/dist/cli/mcp-policy.d.ts +26 -0
- package/dist/cli/mcp-policy.js +110 -0
- package/dist/cli/mcp-verify-config.d.ts +37 -0
- package/dist/cli/mcp-verify-config.js +172 -0
- package/dist/cli/redact.d.ts +4 -0
- package/dist/cli/redact.js +88 -0
- package/dist/cli/request-id.d.ts +2 -0
- package/dist/cli/request-id.js +5 -0
- package/dist/cli/router.d.ts +2 -0
- package/dist/cli/router.js +378 -0
- package/dist/cli/smoke-deep-links.d.ts +15 -0
- package/dist/cli/smoke-deep-links.js +63 -0
- package/dist/cli/suggest.d.ts +4 -0
- package/dist/cli/suggest.js +58 -0
- package/dist/cli/support-diagnostics.d.ts +19 -0
- package/dist/cli/support-diagnostics.js +47 -0
- package/dist/cli/telemetry.d.ts +17 -0
- package/dist/cli/telemetry.js +94 -0
- package/dist/cli/types.d.ts +72 -0
- package/dist/cli/types.js +60 -0
- package/dist/cli/ux.d.ts +8 -0
- package/dist/cli/ux.js +164 -0
- package/dist/cli.d.ts +2 -0
- package/dist/cli.js +38 -0
- package/dist/completion-catalog-digest.d.ts +2 -0
- package/dist/completion-catalog-digest.js +2 -0
- package/dist/completion-catalog-integrity.d.ts +2 -0
- package/dist/completion-catalog-integrity.js +17 -0
- package/dist/completion-catalog.d.ts +49 -0
- package/dist/completion-catalog.js +62 -0
- package/dist/completion-contract-digest.d.ts +37 -0
- package/dist/completion-contract-digest.js +73 -0
- package/dist/completion-forbidden-fields.d.ts +5 -0
- package/dist/completion-forbidden-fields.js +26 -0
- package/dist/completion-init.d.ts +8 -0
- package/dist/completion-init.js +334 -0
- package/dist/completion-resolve.d.ts +21 -0
- package/dist/completion-resolve.js +86 -0
- package/dist/completion-validate-evidence.d.ts +24 -0
- package/dist/completion-validate-evidence.js +145 -0
- package/dist/dev/offline-gateway.d.ts +24 -0
- package/dist/dev/offline-gateway.js +102 -0
- package/dist/dev/trace-buffer.d.ts +61 -0
- package/dist/dev/trace-buffer.js +330 -0
- package/dist/dev/trace-security-headers.d.ts +11 -0
- package/dist/dev/trace-security-headers.js +16 -0
- package/dist/dev/trace-server.d.ts +8 -0
- package/dist/dev/trace-server.js +38 -0
- package/dist/dev/trace-ui.d.ts +4 -0
- package/dist/dev/trace-ui.js +25 -0
- package/dist/dev/wiremock-up.d.ts +15 -0
- package/dist/dev/wiremock-up.js +118 -0
- package/dist/doctor-completion.d.ts +17 -0
- package/dist/doctor-completion.js +428 -0
- package/dist/gateway-url.d.ts +7 -0
- package/dist/gateway-url.js +69 -0
- package/dist/index.d.ts +119 -2
- package/dist/index.js +267 -6
- package/dist/init.js +380 -68
- package/dist/langgraph/awrap-tool-call.d.ts +25 -0
- package/dist/langgraph/awrap-tool-call.js +81 -0
- package/dist/langgraph/config.d.ts +13 -0
- package/dist/langgraph/config.js +11 -0
- package/dist/langgraph/index.d.ts +4 -0
- package/dist/langgraph/index.js +4 -0
- package/dist/langgraph/sandbox-demo.d.ts +40 -0
- package/dist/langgraph/sandbox-demo.js +96 -0
- package/dist/langgraph/tool-node.d.ts +10 -0
- package/dist/langgraph/tool-node.js +38 -0
- package/dist/login.d.ts +14 -1
- package/dist/login.js +130 -63
- package/dist/mcp/index.d.ts +1 -0
- package/dist/mcp/index.js +1 -0
- package/dist/mcp/tool-surface.d.ts +25 -0
- package/dist/mcp/tool-surface.js +17 -0
- package/dist/mcp-capability-token-cache.d.ts +24 -0
- package/dist/mcp-capability-token-cache.js +101 -0
- package/dist/mcp-evidence-policy.d.ts +48 -0
- package/dist/mcp-evidence-policy.js +117 -0
- package/dist/mcp-policy-reload.d.ts +79 -0
- package/dist/mcp-policy-reload.js +200 -0
- package/dist/mcp-sep2828-evidence.d.ts +36 -0
- package/dist/mcp-sep2828-evidence.js +65 -0
- package/dist/mcp-server.d.ts +10 -0
- package/dist/mcp-server.js +423 -115
- package/dist/openai-agents/index.d.ts +40 -0
- package/dist/openai-agents/index.js +151 -0
- package/dist/openai-agents/sandbox-demo.d.ts +34 -0
- package/dist/openai-agents/sandbox-demo.js +118 -0
- package/dist/payee-evidence.js +2 -29
- package/dist/policy/catalog.d.ts +31 -0
- package/dist/policy/catalog.js +48 -0
- package/dist/policy/compose-utils.d.ts +3 -0
- package/dist/policy/compose-utils.js +4 -0
- package/dist/policy/compose.d.ts +20 -0
- package/dist/policy/compose.js +240 -0
- package/dist/policy/digest.d.ts +7 -0
- package/dist/policy/digest.js +75 -0
- package/dist/policy/domain.d.ts +15 -0
- package/dist/policy/domain.js +28 -0
- package/dist/policy/guardrail-spec.d.ts +17 -0
- package/dist/policy/guardrail-spec.js +140 -0
- package/dist/policy/guardrails.d.ts +48 -0
- package/dist/policy/guardrails.js +72 -0
- package/dist/policy/index.d.ts +21 -0
- package/dist/policy/index.js +21 -0
- package/dist/policy/init.d.ts +102 -0
- package/dist/policy/init.js +351 -0
- package/dist/policy/intent-spec.d.ts +52 -0
- package/dist/policy/intent-spec.js +176 -0
- package/dist/policy/json-path.d.ts +4 -0
- package/dist/policy/json-path.js +23 -0
- package/dist/policy/layers-io.d.ts +7 -0
- package/dist/policy/layers-io.js +28 -0
- package/dist/policy/load-effective.d.ts +22 -0
- package/dist/policy/load-effective.js +77 -0
- package/dist/policy/load.d.ts +85 -0
- package/dist/policy/load.js +164 -0
- package/dist/policy/merge.d.ts +29 -0
- package/dist/policy/merge.js +297 -0
- package/dist/policy/parse-text.d.ts +2 -0
- package/dist/policy/parse-text.js +126 -0
- package/dist/policy/policy-api.d.ts +45 -0
- package/dist/policy/policy-api.js +61 -0
- package/dist/policy/presets.d.ts +19 -0
- package/dist/policy/presets.js +66 -0
- package/dist/policy/registry.d.ts +7 -0
- package/dist/policy/registry.js +33 -0
- package/dist/policy/reload.d.ts +86 -0
- package/dist/policy/reload.js +233 -0
- package/dist/policy/render-yaml.d.ts +3 -0
- package/dist/policy/render-yaml.js +69 -0
- package/dist/policy/sandbox-bootstrap.d.ts +19 -0
- package/dist/policy/sandbox-bootstrap.js +66 -0
- package/dist/policy/schema.d.ts +204 -0
- package/dist/policy/schema.js +255 -0
- package/dist/policy/snapshot.d.ts +33 -0
- package/dist/policy/snapshot.js +23 -0
- package/dist/policy/validate-remote.d.ts +43 -0
- package/dist/policy/validate-remote.js +104 -0
- package/dist/policy/validate.d.ts +36 -0
- package/dist/policy/validate.js +150 -0
- package/dist/policy/watcher.d.ts +29 -0
- package/dist/policy/watcher.js +112 -0
- package/dist/principal-intent.d.ts +52 -0
- package/dist/principal-intent.js +193 -37
- package/dist/project-init.d.ts +34 -0
- package/dist/project-init.js +898 -0
- package/dist/sep2828-signature.d.ts +10 -0
- package/dist/sep2828-signature.js +134 -0
- package/dist/solutions/api.d.ts +22 -0
- package/dist/solutions/api.js +40 -0
- package/dist/solutions/catalog.d.ts +34 -0
- package/dist/solutions/catalog.js +129 -0
- package/dist/solutions/index.d.ts +2 -0
- package/dist/solutions/index.js +2 -0
- package/dist/template-init.d.ts +54 -0
- package/dist/template-init.js +203 -0
- package/dist/vercel-ai/config.d.ts +15 -0
- package/dist/vercel-ai/config.js +13 -0
- package/dist/vercel-ai/index.d.ts +4 -0
- package/dist/vercel-ai/index.js +4 -0
- package/dist/vercel-ai/sandbox-demo.d.ts +44 -0
- package/dist/vercel-ai/sandbox-demo.js +153 -0
- package/dist/vercel-ai/tool-approval.d.ts +16 -0
- package/dist/vercel-ai/tool-approval.js +41 -0
- package/dist/vercel-ai/wrap-tools.d.ts +9 -0
- package/dist/vercel-ai/wrap-tools.js +40 -0
- package/dist/x402-receipt-evidence.d.ts +29 -0
- package/dist/x402-receipt-evidence.js +97 -0
- package/dist/x402-receipt-signature.d.ts +12 -0
- package/dist/x402-receipt-signature.js +211 -0
- package/package.json +79 -4
- package/solutions/aws.json +17 -0
- package/solutions/saas.json +17 -0
- package/solutions/shopping.json +17 -0
- package/solutions/travel.json +18 -0
- package/templates/manifest.json +169 -0
- package/templates/openai-shopping-agent/.env.example +3 -0
- package/templates/openai-shopping-agent/.github/workflows/smoke.yml +20 -0
- package/templates/openai-shopping-agent/LICENSE +201 -0
- package/templates/openai-shopping-agent/README.md +29 -0
- package/templates/openai-shopping-agent/package.json +22 -0
- package/templates/openai-shopping-agent/paybond.policy.yaml +22 -0
- package/templates/openai-shopping-agent/src/index.ts +22 -0
- package/templates/openai-shopping-agent/src/paybond.config.ts +51 -0
- package/templates/openai-shopping-agent/tsconfig.json +13 -0
- package/templates/paybond-aws-operator/.env.example +3 -0
- package/templates/paybond-aws-operator/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-aws-operator/LICENSE +201 -0
- package/templates/paybond-aws-operator/README.md +29 -0
- package/templates/paybond-aws-operator/package.json +20 -0
- package/templates/paybond-aws-operator/paybond.policy.yaml +22 -0
- package/templates/paybond-aws-operator/src/index.ts +54 -0
- package/templates/paybond-aws-operator/src/paybond.config.ts +51 -0
- package/templates/paybond-aws-operator/tsconfig.json +13 -0
- package/templates/paybond-claude-agents-demo/.env.example +3 -0
- package/templates/paybond-claude-agents-demo/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-claude-agents-demo/LICENSE +201 -0
- package/templates/paybond-claude-agents-demo/README.md +29 -0
- package/templates/paybond-claude-agents-demo/package.json +22 -0
- package/templates/paybond-claude-agents-demo/paybond.policy.yaml +22 -0
- package/templates/paybond-claude-agents-demo/src/index.ts +22 -0
- package/templates/paybond-claude-agents-demo/src/paybond.config.ts +51 -0
- package/templates/paybond-claude-agents-demo/tsconfig.json +13 -0
- package/templates/paybond-invoice-agent/.env.example +3 -0
- package/templates/paybond-invoice-agent/.github/workflows/smoke.yml +19 -0
- package/templates/paybond-invoice-agent/LICENSE +201 -0
- package/templates/paybond-invoice-agent/README.md +29 -0
- package/templates/paybond-invoice-agent/app.py +27 -0
- package/templates/paybond-invoice-agent/package.json +6 -0
- package/templates/paybond-invoice-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-invoice-agent/paybond_config.py +45 -0
- package/templates/paybond-invoice-agent/requirements.txt +2 -0
- package/templates/paybond-mcp-coding-agent/.env.example +3 -0
- package/templates/paybond-mcp-coding-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-mcp-coding-agent/LICENSE +201 -0
- package/templates/paybond-mcp-coding-agent/README.md +39 -0
- package/templates/paybond-mcp-coding-agent/package.json +20 -0
- package/templates/paybond-mcp-coding-agent/paybond.policy.yaml +25 -0
- package/templates/paybond-mcp-coding-agent/src/index.ts +40 -0
- package/templates/paybond-mcp-coding-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-mcp-coding-agent/tsconfig.json +13 -0
- package/templates/paybond-openai-agents-demo/.env.example +3 -0
- package/templates/paybond-openai-agents-demo/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-openai-agents-demo/LICENSE +201 -0
- package/templates/paybond-openai-agents-demo/README.md +29 -0
- package/templates/paybond-openai-agents-demo/package.json +22 -0
- package/templates/paybond-openai-agents-demo/paybond.policy.yaml +22 -0
- package/templates/paybond-openai-agents-demo/src/index.ts +22 -0
- package/templates/paybond-openai-agents-demo/src/paybond.config.ts +51 -0
- package/templates/paybond-openai-agents-demo/tsconfig.json +13 -0
- package/templates/paybond-procurement-agent/.env.example +3 -0
- package/templates/paybond-procurement-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-procurement-agent/LICENSE +201 -0
- package/templates/paybond-procurement-agent/README.md +29 -0
- package/templates/paybond-procurement-agent/package.json +20 -0
- package/templates/paybond-procurement-agent/paybond.policy.yaml +25 -0
- package/templates/paybond-procurement-agent/src/index.ts +54 -0
- package/templates/paybond-procurement-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-procurement-agent/tsconfig.json +13 -0
- package/templates/paybond-travel-agent/.env.example +3 -0
- package/templates/paybond-travel-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-travel-agent/LICENSE +201 -0
- package/templates/paybond-travel-agent/README.md +29 -0
- package/templates/paybond-travel-agent/package.json +23 -0
- package/templates/paybond-travel-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-travel-agent/src/index.ts +22 -0
- package/templates/paybond-travel-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-travel-agent/tsconfig.json +13 -0
- package/templates/paybond-vercel-shopping-agent/.env.example +3 -0
- package/templates/paybond-vercel-shopping-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-vercel-shopping-agent/LICENSE +201 -0
- package/templates/paybond-vercel-shopping-agent/README.md +29 -0
- package/templates/paybond-vercel-shopping-agent/package.json +22 -0
- package/templates/paybond-vercel-shopping-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-vercel-shopping-agent/src/index.ts +22 -0
- package/templates/paybond-vercel-shopping-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-vercel-shopping-agent/tsconfig.json +13 -0
|
@@ -0,0 +1,248 @@
|
|
|
1
|
+
import { generateRequestId } from "./request-id.js";
|
|
2
|
+
import { parseColorMode, resolveColorModeFromEnv } from "./color.js";
|
|
3
|
+
import { formatUnknownGlobalFlagMessage } from "./suggest.js";
|
|
4
|
+
import { InsecureGatewayURLError, requireSecureGatewayUrl } from "../gateway-url.js";
|
|
5
|
+
import { CliError } from "./types.js";
|
|
6
|
+
export const DEFAULT_GATEWAY = "https://api.paybond.ai";
|
|
7
|
+
export const DEFAULT_ENV_FILE = ".env.local";
|
|
8
|
+
export const TENANT_OVERRIDE_FLAGS = ["--tenant-id", "--tenant", "--tenant_id"];
|
|
9
|
+
export function rejectsTenantOverrideFlag(arg) {
|
|
10
|
+
for (const flag of TENANT_OVERRIDE_FLAGS) {
|
|
11
|
+
if (arg === flag || arg.startsWith(`${flag}=`)) {
|
|
12
|
+
return true;
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
return false;
|
|
16
|
+
}
|
|
17
|
+
export function validateCliGateway(url) {
|
|
18
|
+
try {
|
|
19
|
+
return requireSecureGatewayUrl(url);
|
|
20
|
+
}
|
|
21
|
+
catch (err) {
|
|
22
|
+
const message = err instanceof InsecureGatewayURLError ? err.message : String(err);
|
|
23
|
+
throw new CliError(message, { category: "validation", code: "cli.validation.insecure_gateway" });
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
export function parseRequiredNonNegativeInt(raw, field) {
|
|
27
|
+
const text = raw.trim();
|
|
28
|
+
if (!text) {
|
|
29
|
+
throw new CliError(`invalid ${field} (expected non-negative integer)`, {
|
|
30
|
+
category: "validation",
|
|
31
|
+
code: "cli.validation.invalid_integer",
|
|
32
|
+
});
|
|
33
|
+
}
|
|
34
|
+
const value = Number(text);
|
|
35
|
+
if (!Number.isInteger(value) || value < 0) {
|
|
36
|
+
throw new CliError(`invalid ${field} (expected non-negative integer)`, {
|
|
37
|
+
category: "validation",
|
|
38
|
+
code: "cli.validation.invalid_integer",
|
|
39
|
+
});
|
|
40
|
+
}
|
|
41
|
+
return value;
|
|
42
|
+
}
|
|
43
|
+
export function parseOptionalNonNegativeInt(raw, field) {
|
|
44
|
+
if (!raw?.trim()) {
|
|
45
|
+
return 0;
|
|
46
|
+
}
|
|
47
|
+
return parseRequiredNonNegativeInt(raw, field);
|
|
48
|
+
}
|
|
49
|
+
const GLOBAL_FLAGS = new Set([
|
|
50
|
+
"--gateway",
|
|
51
|
+
"--env-file",
|
|
52
|
+
"--format",
|
|
53
|
+
"--json",
|
|
54
|
+
"--jq",
|
|
55
|
+
"--profile",
|
|
56
|
+
"--request-id",
|
|
57
|
+
"--yes",
|
|
58
|
+
"--no-open",
|
|
59
|
+
"--color",
|
|
60
|
+
"--no-color",
|
|
61
|
+
]);
|
|
62
|
+
export function defaultGlobalOptions() {
|
|
63
|
+
return {
|
|
64
|
+
gateway: DEFAULT_GATEWAY,
|
|
65
|
+
envFile: DEFAULT_ENV_FILE,
|
|
66
|
+
format: "table",
|
|
67
|
+
color: resolveColorModeFromEnv(),
|
|
68
|
+
requestId: generateRequestId(),
|
|
69
|
+
yes: false,
|
|
70
|
+
noOpen: false,
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
function parseFormat(raw) {
|
|
74
|
+
const value = raw.trim().toLowerCase();
|
|
75
|
+
if (value === "table" || value === "json") {
|
|
76
|
+
return value;
|
|
77
|
+
}
|
|
78
|
+
throw new CliError("invalid --format (expected table|json)", { category: "usage", code: "cli.usage.invalid_format" });
|
|
79
|
+
}
|
|
80
|
+
function readFlagValue(argv, index, flag) {
|
|
81
|
+
const arg = argv[index];
|
|
82
|
+
if (arg.startsWith(`${flag}=`)) {
|
|
83
|
+
return { value: arg.slice(flag.length + 1), consumed: 1 };
|
|
84
|
+
}
|
|
85
|
+
const next = argv[index + 1];
|
|
86
|
+
if (!next || next.startsWith("-")) {
|
|
87
|
+
throw new CliError(`missing value for ${flag}`, { category: "usage", code: "cli.usage.missing_flag_value" });
|
|
88
|
+
}
|
|
89
|
+
return { value: next, consumed: 2 };
|
|
90
|
+
}
|
|
91
|
+
export function parseCliArgv(argv) {
|
|
92
|
+
for (const arg of argv) {
|
|
93
|
+
if (rejectsTenantOverrideFlag(arg)) {
|
|
94
|
+
throw new CliError("tenant scope comes from authenticated credentials; do not pass --tenant-id", {
|
|
95
|
+
category: "usage",
|
|
96
|
+
code: "cli.usage.tenant_override_forbidden",
|
|
97
|
+
});
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
const globals = defaultGlobalOptions();
|
|
101
|
+
const command = [];
|
|
102
|
+
let i = 0;
|
|
103
|
+
while (i < argv.length) {
|
|
104
|
+
const arg = argv[i];
|
|
105
|
+
if (arg === "--help" || arg === "-h") {
|
|
106
|
+
command.push(arg);
|
|
107
|
+
i += 1;
|
|
108
|
+
continue;
|
|
109
|
+
}
|
|
110
|
+
if (arg === "--yes") {
|
|
111
|
+
globals.yes = true;
|
|
112
|
+
i += 1;
|
|
113
|
+
continue;
|
|
114
|
+
}
|
|
115
|
+
if (arg === "--no-open") {
|
|
116
|
+
globals.noOpen = true;
|
|
117
|
+
i += 1;
|
|
118
|
+
continue;
|
|
119
|
+
}
|
|
120
|
+
if (arg === "--no-color") {
|
|
121
|
+
globals.color = "never";
|
|
122
|
+
i += 1;
|
|
123
|
+
continue;
|
|
124
|
+
}
|
|
125
|
+
if (arg === "--color" || arg.startsWith("--color=")) {
|
|
126
|
+
const { value, consumed } = readFlagValue(argv, i, "--color");
|
|
127
|
+
try {
|
|
128
|
+
globals.color = parseColorMode(value);
|
|
129
|
+
}
|
|
130
|
+
catch (err) {
|
|
131
|
+
throw new CliError(err instanceof Error ? err.message : String(err), {
|
|
132
|
+
category: "usage",
|
|
133
|
+
code: "cli.usage.invalid_color",
|
|
134
|
+
});
|
|
135
|
+
}
|
|
136
|
+
i += consumed;
|
|
137
|
+
continue;
|
|
138
|
+
}
|
|
139
|
+
if (arg === "--gateway" || arg.startsWith("--gateway=")) {
|
|
140
|
+
const { value, consumed } = readFlagValue(argv, i, "--gateway");
|
|
141
|
+
if (!value.trim()) {
|
|
142
|
+
throw new CliError("invalid --gateway", { category: "usage", code: "cli.usage.invalid_gateway" });
|
|
143
|
+
}
|
|
144
|
+
globals.gateway = validateCliGateway(value.trim());
|
|
145
|
+
i += consumed;
|
|
146
|
+
continue;
|
|
147
|
+
}
|
|
148
|
+
if (arg === "--env-file" || arg.startsWith("--env-file=")) {
|
|
149
|
+
const { value, consumed } = readFlagValue(argv, i, "--env-file");
|
|
150
|
+
if (!value.trim()) {
|
|
151
|
+
throw new CliError("invalid --env-file", { category: "usage", code: "cli.usage.invalid_env_file" });
|
|
152
|
+
}
|
|
153
|
+
globals.envFile = value.trim();
|
|
154
|
+
i += consumed;
|
|
155
|
+
continue;
|
|
156
|
+
}
|
|
157
|
+
if (arg === "--format" || arg.startsWith("--format=")) {
|
|
158
|
+
const { value, consumed } = readFlagValue(argv, i, "--format");
|
|
159
|
+
globals.format = parseFormat(value);
|
|
160
|
+
i += consumed;
|
|
161
|
+
continue;
|
|
162
|
+
}
|
|
163
|
+
if (arg === "--profile" || arg.startsWith("--profile=")) {
|
|
164
|
+
const { value, consumed } = readFlagValue(argv, i, "--profile");
|
|
165
|
+
if (!value.trim()) {
|
|
166
|
+
throw new CliError("invalid --profile", { category: "usage", code: "cli.usage.invalid_profile" });
|
|
167
|
+
}
|
|
168
|
+
globals.profile = value.trim();
|
|
169
|
+
i += consumed;
|
|
170
|
+
continue;
|
|
171
|
+
}
|
|
172
|
+
if (arg === "--request-id" || arg.startsWith("--request-id=")) {
|
|
173
|
+
const { value, consumed } = readFlagValue(argv, i, "--request-id");
|
|
174
|
+
if (!value.trim()) {
|
|
175
|
+
throw new CliError("invalid --request-id", { category: "usage", code: "cli.usage.invalid_request_id" });
|
|
176
|
+
}
|
|
177
|
+
globals.requestId = value.trim();
|
|
178
|
+
i += consumed;
|
|
179
|
+
continue;
|
|
180
|
+
}
|
|
181
|
+
if (arg === "--json" || arg.startsWith("--json=")) {
|
|
182
|
+
const { value, consumed } = readFlagValue(argv, i, "--json");
|
|
183
|
+
if (!value.trim()) {
|
|
184
|
+
throw new CliError("invalid --json (expected comma-separated field names)", {
|
|
185
|
+
category: "usage",
|
|
186
|
+
code: "cli.usage.invalid_json_fields",
|
|
187
|
+
});
|
|
188
|
+
}
|
|
189
|
+
globals.jsonFields = value.trim();
|
|
190
|
+
i += consumed;
|
|
191
|
+
continue;
|
|
192
|
+
}
|
|
193
|
+
if (arg === "--jq" || arg.startsWith("--jq=")) {
|
|
194
|
+
const { value, consumed } = readFlagValue(argv, i, "--jq");
|
|
195
|
+
if (!value.trim()) {
|
|
196
|
+
throw new CliError("invalid --jq (expected filter expression)", { category: "usage", code: "cli.usage.invalid_jq" });
|
|
197
|
+
}
|
|
198
|
+
globals.jqExpr = value.trim();
|
|
199
|
+
i += consumed;
|
|
200
|
+
continue;
|
|
201
|
+
}
|
|
202
|
+
if (arg.startsWith("--") && !GLOBAL_FLAGS.has(arg.split("=")[0])) {
|
|
203
|
+
if (command.length === 0) {
|
|
204
|
+
throw new CliError(formatUnknownGlobalFlagMessage(arg), {
|
|
205
|
+
category: "usage",
|
|
206
|
+
code: "cli.usage.unknown_flag",
|
|
207
|
+
});
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
command.push(arg);
|
|
211
|
+
i += 1;
|
|
212
|
+
}
|
|
213
|
+
return { globals, command };
|
|
214
|
+
}
|
|
215
|
+
export function consumeFlag(argv, flag) {
|
|
216
|
+
const rest = [];
|
|
217
|
+
let present = false;
|
|
218
|
+
let value;
|
|
219
|
+
for (let i = 0; i < argv.length; i += 1) {
|
|
220
|
+
const arg = argv[i];
|
|
221
|
+
if (arg === flag) {
|
|
222
|
+
present = true;
|
|
223
|
+
const next = argv[i + 1];
|
|
224
|
+
if (!next || next.startsWith("-")) {
|
|
225
|
+
throw new CliError(`missing value for ${flag}`, { category: "usage", code: "cli.usage.missing_flag_value" });
|
|
226
|
+
}
|
|
227
|
+
value = next;
|
|
228
|
+
i += 1;
|
|
229
|
+
continue;
|
|
230
|
+
}
|
|
231
|
+
if (arg.startsWith(`${flag}=`)) {
|
|
232
|
+
present = true;
|
|
233
|
+
value = arg.slice(flag.length + 1);
|
|
234
|
+
continue;
|
|
235
|
+
}
|
|
236
|
+
rest.push(arg);
|
|
237
|
+
}
|
|
238
|
+
return { present, value, rest };
|
|
239
|
+
}
|
|
240
|
+
export function consumeBooleanFlag(argv, flag) {
|
|
241
|
+
const rest = argv.filter((arg) => {
|
|
242
|
+
if (arg === flag) {
|
|
243
|
+
return false;
|
|
244
|
+
}
|
|
245
|
+
return true;
|
|
246
|
+
});
|
|
247
|
+
return { present: argv.length !== rest.length, rest };
|
|
248
|
+
}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
export declare const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel smoke, trace dashboard, WireMock up, and guided setup\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize Authorize delegated spend for a tool call\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement receipts\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
|
|
2
|
+
export declare const COMMAND_HELP: Record<string, string>;
|
|
3
|
+
export declare function helpForCommand(path: string): string;
|
package/dist/cli/help.js
ADDED
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
// Generated by kit/cli-parity/generate.mjs — do not edit by hand.
|
|
2
|
+
export const ROOT_HELP = "Usage: paybond [--global-flags] <command> [<subcommand> ...] [args]\n\nGlobal flags:\n --gateway <url> Gateway base URL (default: https://api.paybond.ai)\n --env-file <path> Local secrets file (default: .env.local)\n --format table|json Human table or JSON envelope output (default: table)\n --json <fields> Field-selectable JSON for list/read commands (plain JSON; use --format json for envelope)\n --jq <expr> jq-style filter for list/read command output\n --profile <name> Named credential profile from the Paybond CLI config file\n --request-id <id> Correlation ID for Gateway calls and JSON output\n --yes Skip confirmation for destructive operations\n --no-open Do not open a browser for device login\n --color auto|always|never Colorize human table output and help text (default: auto)\n --no-color Disable color output (also honors NO_COLOR)\n\nCommands:\n onboarding Guided, non-destructive first-run checks\n help Detailed help for a command\n examples Copy-paste examples from the command spec\n completion bash|zsh|fish Shell completion scripts\n login Sandbox device login\n init Interactive first-run scaffold (solution, spend cap, framework, owned policy files)\n init guardrail|completion|agent-middleware\n Scaffold sandbox guardrail, completion evidence, or agent middleware integration files\n mcp serve|install|verify-config|tools MCP server and host configuration\n doctor Validate local runtime, credentials, and optional agent setup\n dev smoke|trace|loop|up\n Local sandbox developer loop: travel smoke, trace dashboard, WireMock up, and guided setup\n version Print package version (use --verbose for runtime details)\n diagnose Emit a redacted support bundle with --redacted\n config get|set|unset|list\n Manage CLI configuration values\n whoami Resolve the authenticated principal and tenant realm\n keys list|create|rotate|revoke\n Manage tenant service-account API keys\n intents list|get|create|fund|evidence|settlement-confirm\n Harbor intent workflows\n guardrails bootstrap|evidence\n Sandbox guardrail helpers\n spend authorize Authorize delegated spend for a tool call\n signal reputation|portfolio|fraud\n Signal summaries and fraud reads\n receipts get|verify\n Protocol settlement receipts\n mandates verify|import\n Agent mandate verification and import\n a2a card|contracts\n Agent card discovery and task contracts\n policy init|init-org|extend|presets list|presets show|validate-tools|templates|preview|import-mcp-receipt|import-x402-receipt|validate-evidence\n Scaffold and validate paybond.policy.yaml (including enterprise org inheritance), browse policy presets and solutions, list completion presets, preview Harbor templates, and import receipts\n agent run bind|status|trace|reload-policy|tool execute|validate|registry validate|sandbox smoke\n Agent middleware: bind runs, reload policy, execute tools, validate registry, sandbox smoke\n audit exports list|get|verify|delete\n Compliance audit export jobs and local bundle verification\n\nGetting started:\n Sandbox setup\n Authenticate, validate the runtime, and confirm tenant context.\n $ paybond login\n $ paybond doctor --format json\n Next: paybond whoami\n Agent + MCP host\n Preview MCP host config and list tools exposed to agents.\n $ paybond mcp install --host claude --scope local\n $ paybond mcp verify-config --host claude\n $ paybond mcp tools\n Next: paybond doctor --agent\n Paid-tool guardrail\n Scaffold a sandbox guardrail integration file for your agent runtime.\n $ paybond init guardrail\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100\n Next: paybond spend authorize --help\n Policy-driven agent sandbox\n Validate and smoke-test agent middleware from a versioned paybond.policy.yaml file.\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy validate-tools --file paybond.policy.yaml\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n Next: paybond policy validate-tools --help\n Agent middleware sandbox\n Bind a sandbox run and execute a guarded tool with auto-evidence.\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n Next: paybond agent run bind --help\n Completion preset\n Scaffold catalog-aligned completion evidence for Harbor release predicates.\n $ paybond init completion --preset api_response_ok\n $ paybond policy templates\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n Next: paybond policy preview --help\n\nDocumentation: https://docs.paybond.ai/kit\n\nLearn more:\n paybond help <command> Detailed help for a command\n paybond examples Copy-paste command examples\n paybond onboarding Guided first-run checks\n paybond completion <shell> Shell completions (bash|zsh|fish)\n\nLegacy aliases: paybond-kit-login, paybond-init, paybond-kit-init, paybond-mcp-server\n";
|
|
3
|
+
export const COMMAND_HELP = {
|
|
4
|
+
"onboarding": "Usage: paybond onboarding [--host claude|codex|openai|generic]\n\nRuns a guided, non-destructive first-run workflow: runtime check, login status, guardrail file status, MCP config preview, and doctor.\n\nExamples:\n $ paybond onboarding\n $ paybond onboarding --host claude --format json\n\nDocs: https://docs.paybond.ai/kit/coding-agent-setup\n\nNext: paybond login",
|
|
5
|
+
"help": "Usage: paybond help [<command> [<subcommand> ...]]\n\nShows detailed help for a command path. Without arguments, prints root help.\n\nExamples:\n $ paybond help\n $ paybond help login\n $ paybond help mcp install",
|
|
6
|
+
"examples": "Usage: paybond examples [<command> [<subcommand> ...]]\n\nLists copy-paste examples from the command spec. Filter with an optional command path.\n\nExamples:\n $ paybond examples\n $ paybond examples doctor",
|
|
7
|
+
"completion": "Usage: paybond completion bash|zsh|fish\n\nPrints a shell completion script generated from the command spec. Pipe to your shell config.\n\nExamples:\n $ paybond completion bash >> ~/.bashrc\n $ paybond completion zsh >> ~/.zshrc\n $ paybond completion fish | source",
|
|
8
|
+
"login": "Usage: paybond login [--env sandbox] [--env-file .env.local] [--gateway <url>] [--no-open] [--force]\n\nStarts sandbox device login and writes PAYBOND_API_KEY to the env file.\n\nExamples:\n $ paybond login\n $ paybond login --no-open --format json\n\nDocs: https://docs.paybond.ai/kit/authentication\n\nNext: paybond doctor",
|
|
9
|
+
"init": "Usage: paybond init [--solution shopping|travel|saas|mcp-server|aws] [--max-spend-usd <n>] [--framework openai|langgraph|mcp|generic] [--language typescript|python] [--non-interactive] [--force]\n\nInteractive first-run scaffold: solution bundle policy, client bootstrap, framework instrument stub, .env.example, and npm smoke script.\n\nExamples:\n $ paybond init\n $ paybond init --solution travel --max-spend-usd 500 --framework langgraph --non-interactive\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent\n\nNext: paybond login",
|
|
10
|
+
"init guardrail": "Usage: paybond init guardrail [--preset paid-tool-guard] [--framework <name>] [--out <path>] [--force]\n\nScaffolds a sandbox paid-tool guardrail integration file aligned with the cost_and_completion catalog archetype.\n\nExamples:\n $ paybond init guardrail\n $ paybond init guardrail --framework openai --out guard.ts\n\nDocs: https://docs.paybond.ai/kit/index\n\nNext: paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100",
|
|
11
|
+
"init completion": "Usage: paybond init completion --preset <archetype> [--out <path>] [--force]\n\nScaffolds a completion evidence helper from the shared preset catalog (evidence_schema, buildCompletionEvidence, policy_binding stub).\n\nExamples:\n $ paybond init completion --preset api_response_ok\n $ paybond init completion --preset cost_and_completion --out paybond-completion.ts\n\nDocs: https://docs.paybond.ai/kit/completion-presets\n\nNext: paybond policy preview --preset api_response_ok --evidence-file evidence.json",
|
|
12
|
+
"policy templates": "Usage: paybond policy templates\n\nLists completion preset archetypes from kit/completion-presets/catalog.json.\n\nExamples:\n $ paybond policy templates\n $ paybond policy templates --format json\n\nDocs: https://docs.paybond.ai/kit/completion-presets\n\nNext: paybond policy preview --preset api_response_ok --evidence-file evidence.json",
|
|
13
|
+
"policy preview": "Usage: paybond policy preview --template <id>|--preset <archetype> [--parameters-file <path>] --evidence-file <path> [--schema-file <path>] [--amount-cents <n>]\n\nMaterializes a Harbor managed template and evaluates sample evidence (preview + test) against the gateway.\n\nExamples:\n $ paybond policy preview --preset api_response_ok --evidence-file evidence.json\n $ paybond policy preview --template api_response_v1 --parameters-file parameters.json --evidence-file evidence.json\n\nDocs: https://docs.paybond.ai/kit/completion-presets",
|
|
14
|
+
"policy import-mcp-receipt": "Usage: paybond policy import-mcp-receipt --decision-file <path> --outcome-file <path> [--write-evidence-file <path>]\n\nVerifies Ed25519 signatures on paired SEP-2828 MCP decision and outcome records, then maps them into artifact_attested evidence fields.\n\nExamples:\n $ paybond policy import-mcp-receipt --decision-file decision.json --outcome-file outcome.json\n $ paybond policy import-mcp-receipt --decision-file decision.json --outcome-file outcome.json --write-evidence-file evidence.json\n\nDocs: https://docs.paybond.ai/kit/completion-presets",
|
|
15
|
+
"policy import-x402-receipt": "Usage: paybond policy import-x402-receipt --receipt-file <path> [--write-evidence-file <path>]\n\nVerifies a signed x402 offer-receipt artifact (JWS or EIP-712), then maps it into artifact_attested evidence fields (BLAKE3 digest of JCS-canonical receipt bytes).\n\nExamples:\n $ paybond policy import-x402-receipt --receipt-file receipt.json\n $ paybond policy import-x402-receipt --receipt-file receipt.json --write-evidence-file evidence.json\n\nDocs: https://docs.paybond.ai/kit/completion-presets",
|
|
16
|
+
"policy validate-evidence": "Usage: paybond policy validate-evidence --preset <id> [--vendor-file <path>] [--canonical-file <path>] [--frozen-api-version <ver>] [--frozen-vendor-schema-digest <hex>] [--frozen-canonical-schema-digest <hex>]\n\nPre-validates vendor and canonical completion evidence against catalog JSON Schemas and preset forbidden_evidence_fields (signal-only; Harbor remains authoritative at submit).\n\nExamples:\n $ paybond policy validate-evidence --preset stripe_charge --vendor-file vendor.json\n $ paybond policy validate-evidence --preset ach_travel_booking --vendor-file booking.json --frozen-api-version 2024-10-28.acacia\n\nDocs: https://docs.paybond.ai/kit/completion-presets",
|
|
17
|
+
"policy presets list": "Usage: paybond policy presets list\n\nLists bundled policy domains, guardrails, flat/composed presets, and solution manifests.\n\nExamples:\n $ paybond policy presets list\n $ paybond policy presets list --format json\n\nDocs: https://docs.paybond.ai/kit/agent-policy\n\nNext: paybond policy presets show travel",
|
|
18
|
+
"policy presets show": "Usage: paybond policy presets show <preset>|--preset <id> [--max-spend <usd>] [--domain <id> --guardrails <csv>]\n\nPreview composed paybond.policy.yaml for a bundled preset or custom domain + guardrails composition.\n\nExamples:\n $ paybond policy presets show travel\n $ paybond policy presets show --preset travel --max-spend 500\n $ paybond policy presets show --domain travel --guardrails read-only,max-spend:500\n\nDocs: https://docs.paybond.ai/kit/agent-policy\n\nNext: paybond policy init --preset travel --out paybond.policy.yaml",
|
|
19
|
+
"policy init": "Usage: paybond policy init [--out <path>] [--preset <id>] [--domain <id> --guardrails <csv>] [--max-spend <usd>] [--operation <name>] [--evidence-preset <id>] [--force]\n\nScaffolds paybond.policy.yaml from a bundled vertical preset, composed domain + guardrails, or a single-operation starter template.\n\nExamples:\n $ paybond policy init --preset travel --out paybond.policy.yaml\n $ paybond policy init --preset travel --max-spend 500 --out paybond.policy.yaml\n $ paybond policy init --domain travel --guardrails read-only,max-spend:500 --out paybond.policy.yaml\n $ paybond policy init --out paybond.policy.yaml\n $ paybond policy init --operation travel.book_hotel --evidence-preset cost_and_completion\n\nDocs: https://docs.paybond.ai/kit/agent-policy\n\nNext: paybond policy validate-tools --file paybond.policy.yaml",
|
|
20
|
+
"policy init-org": "Usage: paybond policy init-org --policy-id <id> [--out <path>] [--operation <name>] [--evidence-preset <id>] [--max-spend-cents <n>] [--force]\n\nScaffolds a v2 org base policy for platform operators. Publish with PUT /v1/admin/org-policies/{policy_id}?org_id=... after review.\n\nExamples:\n $ paybond policy init-org --policy-id acme-agent-spend-v1 --out org-agent-spend-v1.yaml\n $ paybond policy init-org --policy-id acme-agent-spend-v1 --operation travel.book_hotel --max-spend-cents 20000\n\nDocs: https://docs.paybond.ai/kit/enterprise-policy-inheritance\n\nNext: paybond policy extend --extends org_acme_corp/acme-agent-spend-v1",
|
|
21
|
+
"policy extend": "Usage: paybond policy extend --extends <org_id/org_policy_id> [--out <path>] [--name <overlay_name>] [--operation <tenant_tool>] [--evidence-preset <id>] [--base-policy <path>] [--force]\n\nScaffolds a v2 tenant overlay paybond.policy.yaml that extends a published org base policy.\n\nExamples:\n $ paybond policy extend --extends org_acme_corp/acme-agent-spend-v1 --out paybond.policy.yaml\n $ paybond policy extend --extends org_acme_corp/acme-agent-spend-v1 --operation acme.internal.approve_po --evidence-preset cost_and_completion\n\nDocs: https://docs.paybond.ai/kit/enterprise-policy-inheritance\n\nNext: paybond policy validate-tools --file paybond.policy.yaml --remote --resolve-inheritance",
|
|
22
|
+
"policy validate-tools": "Usage: paybond policy validate-tools --file <path> [--remote] [--local-only] [--strict] [--check-gateway] [--resolve-inheritance]\n\nValidates a paybond.policy.yaml file before deploy or agent bind. Uses Gateway POST /v1/policy/validate when logged in (--remote, or default with credentials). --resolve-inheritance merges org base server-side for tenant overlays.\n\nExamples:\n $ paybond policy validate-tools --file paybond.policy.yaml --local-only\n $ paybond policy validate-tools --file paybond.policy.yaml --remote --format json\n $ paybond policy validate-tools --file paybond.policy.yaml --remote --resolve-inheritance --format json\n\nDocs: https://docs.paybond.ai/kit/agent-policy-validate",
|
|
23
|
+
"mcp serve": "Usage: paybond mcp serve\n\nRuns the stdio MCP server until the host process exits. Diagnostics print to stderr; stdout is reserved for MCP JSON-RPC.\n\nExamples:\n $ paybond mcp serve",
|
|
24
|
+
"mcp install": "Usage: paybond mcp install --host claude|codex|openai|generic [--scope local|project|user] [--format json|toml] [--out <path>] [--env-file <path>] [--tool-policy readonly|spend-write|allowlist] [--tool-allowlist <names>]\n\nWrites a stdio MCP server entry that references PAYBOND_ENV_FILE (never raw API keys).\nDefault format is TOML for codex and JSON for other hosts. --scope local prints without writing.\nOptional --tool-policy controls which Paybond MCP tools the server exposes.\n\nExamples:\n $ paybond mcp install --host claude\n $ paybond mcp install --host generic --scope project --tool-policy readonly\n\nDocs: https://docs.paybond.ai/kit/coding-agent-setup\n\nNext: paybond mcp verify-config --host claude",
|
|
25
|
+
"mcp verify-config": "Usage: paybond mcp verify-config --host claude|codex|openai|generic [--format json|toml] [--env-file <path>] [--config <path>]\n\nValidates a generated or on-disk MCP host config without launching the MCP server.\n\nExamples:\n $ paybond mcp verify-config --host claude\n $ paybond mcp verify-config --host generic --config .paybond/mcp.json\n\nDocs: https://docs.paybond.ai/kit/coding-agent-setup\n\nNext: paybond doctor --agent",
|
|
26
|
+
"mcp tools": "Usage: paybond mcp tools\n\nLists tools exposed by the local MCP server.\n\nExamples:\n $ paybond mcp tools",
|
|
27
|
+
"doctor": "Usage: paybond doctor [--agent] [--host claude|codex|openai|generic]\n\nValidates runtime, package version, env file, key shape, principal lookup, and with --agent deep MCP checks plus agent middleware sandbox smoke (bind, authorize, execute, auto-evidence).\n\nExamples:\n $ paybond doctor\n $ paybond doctor --agent --format json\n\nDocs: https://docs.paybond.ai/kit/coding-agent-setup\n\nNext: paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json",
|
|
28
|
+
"dev": "Usage: paybond dev <smoke|trace|loop|up> [args]\n\nLocal sandbox developer workflows: travel smoke with checklist output, trace dashboard, optional WireMock Gateway (`dev up`), and a guided login → policy → validate → smoke loop. Use `--offline` on smoke/loop for in-process mock capability and simulated settlement without PAYBOND_API_KEY.\n\nExamples:\n $ paybond dev smoke --offline\n $ paybond dev trace\n $ paybond dev loop\n $ paybond dev up\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent\n\nNext: paybond dev loop --offline",
|
|
29
|
+
"dev smoke": "Usage: paybond dev smoke [--preset travel] [--offline] [--format table|json]\n\nRuns agent sandbox smoke with travel preset defaults and records a local trace event. With `--offline`, uses an in-process mock capability and simulated settlement lifecycle (no PAYBOND_API_KEY required).\n\nExamples:\n $ paybond dev smoke\n $ paybond dev smoke --offline\n $ paybond dev smoke --format json\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent\n\nNext: paybond dev trace",
|
|
30
|
+
"dev trace": "Usage: paybond dev trace [--port 9477]\n\nStarts a local HTTP trace dashboard on port 9477 showing recent tool authorization events from dev smoke runs.\n\nExamples:\n $ paybond dev trace\n $ paybond dev trace --port 9477\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent",
|
|
31
|
+
"dev loop": "Usage: paybond dev loop [--policy-file paybond.policy.yaml] [--offline] [--no-login]\n\nGuided local loop: login when needed (skipped with `--offline`), scaffold travel policy, validate tools locally, then run dev smoke. Prints a startup banner with trace and audit log paths.\n\nExamples:\n $ paybond dev loop\n $ paybond dev loop --offline\n $ paybond dev loop --format json\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent\n\nNext: paybond dev trace",
|
|
32
|
+
"dev up": "Usage: paybond dev up [--port 18089] [--down]\n\nStarts or stops a local WireMock Gateway using bundled partner-dry-run mappings (Docker required). After `dev up`, point `--gateway` at the printed URL for HTTP-level sandbox smoke.\n\nExamples:\n $ paybond dev up\n $ paybond dev up --port 18089\n $ paybond dev up --down\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent\n\nNext: paybond dev loop --gateway http://127.0.0.1:18089 --no-login",
|
|
33
|
+
"version": "Usage: paybond version [--verbose]\n\nPrints the installed Kit package version. With --verbose, includes runtime, platform, config paths, gateway URL, request ID, MCP tool count, and redacted credential source.\n\nExamples:\n $ paybond version\n $ paybond version --verbose --format json\n\nDocs: https://docs.paybond.ai/kit/package-provenance",
|
|
34
|
+
"diagnose": "Usage: paybond diagnose --redacted\n\nEmits a redacted support bundle for troubleshooting. Never prints raw API keys.\n\nExamples:\n $ paybond diagnose --redacted\n $ paybond diagnose --redacted --format json\n\nDocs: https://docs.paybond.ai/kit/package-provenance",
|
|
35
|
+
"config get": "Usage: paybond config get <key>\n\nExamples:\n $ paybond config get gateway",
|
|
36
|
+
"config set": "Usage: paybond config set <key> <value>\n\nExamples:\n $ paybond config set gateway https://api.paybond.ai",
|
|
37
|
+
"config unset": "Usage: paybond config unset <key>\n\nExamples:\n $ paybond config unset gateway",
|
|
38
|
+
"config list": "Usage: paybond config list\n\nExamples:\n $ paybond config list --format json",
|
|
39
|
+
"whoami": "Usage: paybond whoami\n\nResolves the authenticated principal and tenant realm.\n\nExamples:\n $ paybond whoami\n $ paybond whoami --format json",
|
|
40
|
+
"keys list": "Usage: paybond keys list\n\nExamples:\n $ paybond keys list --format json",
|
|
41
|
+
"keys create": "Usage: paybond keys create --name <service-account> --role <role> [--label <label>]\n\nExamples:\n $ paybond keys create --name ci-bot --role operator",
|
|
42
|
+
"keys rotate": "Usage: paybond keys rotate <key_id> [--yes]\n\nExamples:\n $ paybond keys rotate key-123 --yes",
|
|
43
|
+
"keys revoke": "Usage: paybond keys revoke <key_id> [--yes]\n\nExamples:\n $ paybond keys revoke key-123 --yes",
|
|
44
|
+
"intents list": "Usage: paybond intents list [--status <status>] [--limit <n>]\n\nExamples:\n $ paybond intents list --limit 10",
|
|
45
|
+
"intents get": "Usage: paybond intents get <intent_id>\n\nExamples:\n $ paybond intents get intent-123",
|
|
46
|
+
"intents create": "Usage: paybond intents create --body <json-file>\n\nExamples:\n $ paybond intents create --body intent.json",
|
|
47
|
+
"intents fund": "Usage: paybond intents fund <intent_id> [--body <json-file>]\n\nExamples:\n $ paybond intents fund intent-123",
|
|
48
|
+
"intents evidence": "Usage: paybond intents evidence <intent_id> --body <json-file>\n\nExamples:\n $ paybond intents evidence intent-123 --body evidence.json",
|
|
49
|
+
"intents settlement-confirm": "Usage: paybond intents settlement-confirm <intent_id> [--body <json-file>]\n\nExamples:\n $ paybond intents settlement-confirm intent-123",
|
|
50
|
+
"guardrails bootstrap": "Usage: paybond guardrails bootstrap --operation <name> --requested-spend-cents <n>\n\nExamples:\n $ paybond guardrails bootstrap --operation paid-tool --requested-spend-cents 100",
|
|
51
|
+
"guardrails evidence": "Usage: paybond guardrails evidence --intent-id <id> --body <json-file>\n\nExamples:\n $ paybond guardrails evidence --intent-id intent-123 --body evidence.json",
|
|
52
|
+
"spend authorize": "Usage: paybond spend authorize --intent-id <id> --token <capability> --operation <name> [--requested-spend-cents <n>]\n\nExamples:\n $ paybond spend authorize --intent-id intent-123 --token cap --operation paid-tool",
|
|
53
|
+
"signal reputation": "Usage: paybond signal reputation --did <did>\n\nExamples:\n $ paybond signal reputation --did did:example:alice",
|
|
54
|
+
"signal portfolio": "Usage: paybond signal portfolio\n\nExamples:\n $ paybond signal portfolio",
|
|
55
|
+
"signal fraud": "Usage: paybond signal fraud --did <did>\n\nExamples:\n $ paybond signal fraud --did did:example:alice",
|
|
56
|
+
"receipts get": "Usage: paybond receipts get <receipt_id>\n\nExamples:\n $ paybond receipts get receipt-123",
|
|
57
|
+
"receipts verify": "Usage: paybond receipts verify <receipt_id>\n\nExamples:\n $ paybond receipts verify receipt-123",
|
|
58
|
+
"mandates verify": "Usage: paybond mandates verify --body <json-file>\n\nExamples:\n $ paybond mandates verify --body mandate.json",
|
|
59
|
+
"mandates import": "Usage: paybond mandates import --body <json-file>\n\nExamples:\n $ paybond mandates import --body mandate.json",
|
|
60
|
+
"a2a card": "Usage: paybond a2a card\n\nExamples:\n $ paybond a2a card",
|
|
61
|
+
"a2a contracts": "Usage: paybond a2a contracts [--contract-id <id>]\n\nExamples:\n $ paybond a2a contracts",
|
|
62
|
+
"init agent-middleware": "Usage: paybond init agent-middleware [--framework <name>] [--out <path>] [--force]\n\nScaffolds an agent middleware integration file (PaybondAgentRun, tool registry, interceptor). Default framework is generic (agent-agnostic).\n\nExamples:\n $ paybond init agent-middleware\n $ paybond init agent-middleware --framework claude-agents --out paybond-claude-agents.ts\n $ paybond init agent-middleware --framework openai --out paybond-agent-middleware.ts\n\nDocs: https://docs.paybond.ai/kit/agent-middleware\n\nNext: paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}'",
|
|
63
|
+
"agent run bind": "Usage: paybond agent run bind [--sandbox] [--production] [--policy-file <path>] [--watch] [--operation <name> --requested-spend-cents <n>] [--completion-preset <id>] [--registry-file <path>] [--run-id <id>] [--attach-intent-id <id> --capability-token <token> --payee-did <did> --payee-signing-seed-hex <hex> --agent-recognition-key-id <id> --agent-recognition-signing-seed-hex <hex>] [--write-env]\n\nBind a run-scoped middleware context via sandbox bootstrap or attach an existing funded intent. Production attach requires payee and agent-recognition signing credentials (flags or APP_PAYEE_DID, APP_PAYEE_SEED_HEX, APP_AGENT_RECOGNITION_KEY_ID, APP_AGENT_RECOGNITION_SEED_HEX). Persists context to .paybond/runs/<run_id>.json (mode 0600). Use --watch with --policy-file to record file-watcher reload config for long-lived processes.\n\nExamples:\n $ paybond agent run bind --policy-file paybond.policy.yaml --format json\n $ paybond agent run bind --sandbox --operation travel.book_hotel --requested-spend-cents 20000 --completion-preset cost_and_completion --registry-file ./paybond.agent.registry.yaml --format json\n\nDocs: https://docs.paybond.ai/kit/agent-policy\n\nNext: paybond agent tool execute --help",
|
|
64
|
+
"agent run status": "Usage: paybond agent run status --run-id <id>\n\nInspect a bound run (tenant, intent, allowed tools, policy digest, reload metadata).\n\nExamples:\n $ paybond agent run status --run-id run-123 --format json\n\nDocs: https://docs.paybond.ai/kit/agent-middleware",
|
|
65
|
+
"agent run trace": "Usage: paybond agent run trace --run-id <id>\n\nShow middleware trace events for a bound run (tool selection, spend authorization, evidence, settlement). Reads .paybond/runs/<run_id>.trace.json written during tool execute.\n\nExamples:\n $ paybond agent run trace --run-id run-123 --format json\n $ paybond agent run trace --run-id run-123 --format table\n\nDocs: https://docs.paybond.ai/kit/agent-middleware#trace-events-and-observability",
|
|
66
|
+
"agent run reload-policy": "Usage: paybond agent run reload-policy --run-id <id> [--policy-file <path>] [--remote] [--resolve-inheritance] [--allow-loosen]\n\nReload policy for a persisted run without re-binding the intent. Validates locally and optionally via Gateway before swapping the registry.\n\nExamples:\n $ paybond agent run reload-policy --run-id run-123 --format json\n $ paybond agent run reload-policy --run-id run-123 --policy-file ./paybond.policy.yaml --remote --format json\n\nDocs: https://docs.paybond.ai/kit/policy-hot-reload",
|
|
67
|
+
"agent tool execute": "Usage: paybond agent tool execute --run-id <id> --operation <name> --tool-call-id <id> [--arguments <json>] --result-body <json>|--result-file <path>\n\nRun one tool through the middleware interceptor: authorize, simulated execute, auto-evidence. CLI supplies --result-body; external processes are not invoked in v1.\n\nExamples:\n $ paybond agent tool execute --run-id run-123 --operation travel.book_hotel --tool-call-id call-1 --arguments '{\"city\":\"Lisbon\",\"estimated_price_cents\":18700}' --result-body '{\"reservation\":{\"status\":\"confirmed\",\"price_cents\":18700}}' --format json\n\nDocs: https://docs.paybond.ai/kit/agent-middleware",
|
|
68
|
+
"agent tool validate": "Usage: paybond agent tool validate --run-id <id> --operation <name> [--requested-spend-cents <n>] [--arguments <json>]\n\nAuthorize-only dry run (no execute, no evidence). Useful for agents checking budget before side effects.\n\nExamples:\n $ paybond agent tool validate --run-id run-123 --operation travel.book_hotel --requested-spend-cents 18700 --format json\n\nDocs: https://docs.paybond.ai/kit/agent-middleware",
|
|
69
|
+
"agent registry validate": "Usage: paybond agent registry validate --file <path>\n\nValidate a registry YAML/JSON file before bind (evidence_preset required on side-effecting tools).\n\nExamples:\n $ paybond agent registry validate --file ./paybond.agent.registry.yaml --format json\n\nDocs: https://docs.paybond.ai/kit/agent-middleware",
|
|
70
|
+
"agent sandbox smoke": "Usage: paybond agent sandbox smoke [--production] [--preset <id>] [--policy-file <path>] [--operation <name> --requested-spend-cents <n> --evidence-preset <id>] --result-body <json>|--result-file <path>\n\nOne-shot end-to-end sandbox lifecycle: bind, tool execute, combined result. Ideal for CI and coding agents.\n\nExamples:\n $ paybond agent sandbox smoke --preset travel --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n $ paybond agent sandbox smoke --policy-file paybond.policy.yaml --result-body '{\"status\":\"completed\",\"cost_cents\":18700}' --format json\n $ paybond agent sandbox smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --result-body '{\"status\":\"ok\",\"cost_cents\":100}' --format json\n\nDocs: https://docs.paybond.ai/kit/quickstart-agent",
|
|
71
|
+
"agent demo vercel-ai smoke": "Usage: paybond agent demo vercel-ai smoke [--production] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM Vercel AI SDK sandbox demo: toolApproval, wrapped execute, and auto-evidence via MockLanguageModelV4.\n\nExamples:\n $ paybond agent demo vercel-ai smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/vercel-ai",
|
|
72
|
+
"agent demo langgraph smoke": "Usage: paybond agent demo langgraph smoke [--production] [--runtime typescript|python] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM LangGraph sandbox demo: ToolNode interceptor, authorize, execute, and auto-evidence.\n\nExamples:\n $ paybond agent demo langgraph smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/langgraph",
|
|
73
|
+
"agent demo generic smoke": "Usage: paybond agent demo generic smoke [--production] [--runtime typescript|python] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM agent-agnostic sandbox demo: createPaybondGenericAgentConfig, wrapped execute, and auto-evidence.\n\nExamples:\n $ paybond agent demo generic smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/agent-agnostic",
|
|
74
|
+
"agent demo claude-agents smoke": "Usage: paybond agent demo claude-agents smoke [--production] [--runtime typescript|python] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM Claude Agent SDK sandbox demo: in-process MCP tool handlers, authorize, execute, and auto-evidence.\n\nExamples:\n $ paybond agent demo claude-agents smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/claude-agents",
|
|
75
|
+
"agent demo openai-agents smoke": "Usage: paybond agent demo openai-agents smoke [--production] --operation <name> --requested-spend-cents <n> --evidence-preset <id>\n\nBundled no-LLM OpenAI Agents SDK sandbox demo: input guardrail pre-check, guarded invoke, and auto-evidence.\n\nExamples:\n $ paybond agent demo openai-agents smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json\n\nDocs: https://docs.paybond.ai/kit/openai-agents",
|
|
76
|
+
"audit exports list": "Usage: paybond audit exports list\n\nExamples:\n $ paybond audit exports list --format json",
|
|
77
|
+
"audit exports get": "Usage: paybond audit exports get <job_id> [--issue-download]\n\nExamples:\n $ paybond audit exports get job-123",
|
|
78
|
+
"audit exports verify": "Usage: paybond audit exports verify <path>\n\nExamples:\n $ paybond audit exports verify ./bundle",
|
|
79
|
+
"audit exports delete": "Usage: paybond audit exports delete <job_id> [--yes]\n\nExamples:\n $ paybond audit exports delete job-123 --yes",
|
|
80
|
+
};
|
|
81
|
+
export function helpForCommand(path) {
|
|
82
|
+
return COMMAND_HELP[path] ?? ROOT_HELP;
|
|
83
|
+
}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import { type McpToolPolicyConfig } from "./mcp-policy.js";
|
|
2
|
+
export type McpInstallFormat = "json" | "toml";
|
|
3
|
+
export type McpInstallScope = "local" | "project" | "user";
|
|
4
|
+
export type McpInstallHost = "claude" | "codex" | "openai" | "generic";
|
|
5
|
+
export declare const MCP_INSTALL_HOSTS: readonly McpInstallHost[];
|
|
6
|
+
export type McpServerEntry = {
|
|
7
|
+
command: string;
|
|
8
|
+
args: string[];
|
|
9
|
+
env: Record<string, string>;
|
|
10
|
+
};
|
|
11
|
+
export type McpInstallPlan = {
|
|
12
|
+
host: string;
|
|
13
|
+
scope: McpInstallScope;
|
|
14
|
+
format: McpInstallFormat;
|
|
15
|
+
envFile: string;
|
|
16
|
+
configPath: string | null;
|
|
17
|
+
serverCommand: string[];
|
|
18
|
+
payload: string;
|
|
19
|
+
printed: boolean;
|
|
20
|
+
toolPolicy?: McpToolPolicyConfig | null;
|
|
21
|
+
};
|
|
22
|
+
export declare function resolvePackageLocalMcpServerCommand(): string[];
|
|
23
|
+
export declare function defaultMcpServerCommand(): string[];
|
|
24
|
+
export declare function buildMcpServerEntry(envFile: string, serverCommand: string[], toolPolicy?: McpToolPolicyConfig | null): McpServerEntry;
|
|
25
|
+
export declare function serializeMcpInstallPayload(format: McpInstallFormat, entry: McpServerEntry): string;
|
|
26
|
+
export declare function resolveMcpInstallPath(scope: McpInstallScope, format: McpInstallFormat, out: string | undefined, cwd: string, home: string): string | null;
|
|
27
|
+
export declare function defaultMcpInstallFormat(host: McpInstallHost): McpInstallFormat;
|
|
28
|
+
export declare function planMcpInstall(input: {
|
|
29
|
+
host: McpInstallHost;
|
|
30
|
+
scope: McpInstallScope;
|
|
31
|
+
format: McpInstallFormat;
|
|
32
|
+
envFile: string;
|
|
33
|
+
out?: string;
|
|
34
|
+
cwd: string;
|
|
35
|
+
home: string;
|
|
36
|
+
serverCommand?: string[];
|
|
37
|
+
toolPolicy?: McpToolPolicyConfig | null;
|
|
38
|
+
}): McpInstallPlan;
|
|
39
|
+
export declare function parseMcpInstallHost(raw: string | undefined): McpInstallHost;
|
|
40
|
+
export declare function parseMcpInstallFormat(raw: string | undefined, host: McpInstallHost): McpInstallFormat;
|
|
41
|
+
export declare function parseMcpInstallScope(raw: string | undefined): McpInstallScope;
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
import { fileURLToPath } from "node:url";
|
|
2
|
+
import { mcpToolPolicyEnv, resolveMcpToolPolicy } from "./mcp-policy.js";
|
|
3
|
+
export const MCP_INSTALL_HOSTS = ["claude", "codex", "openai", "generic"];
|
|
4
|
+
export function resolvePackageLocalMcpServerCommand() {
|
|
5
|
+
const mcpServerJs = fileURLToPath(new URL("../mcp-server.js", import.meta.url));
|
|
6
|
+
return [process.execPath, mcpServerJs];
|
|
7
|
+
}
|
|
8
|
+
export function defaultMcpServerCommand() {
|
|
9
|
+
return resolvePackageLocalMcpServerCommand();
|
|
10
|
+
}
|
|
11
|
+
export function buildMcpServerEntry(envFile, serverCommand, toolPolicy) {
|
|
12
|
+
return {
|
|
13
|
+
command: serverCommand[0],
|
|
14
|
+
args: serverCommand.slice(1),
|
|
15
|
+
env: { PAYBOND_ENV_FILE: envFile, ...mcpToolPolicyEnv(resolveMcpToolPolicy(toolPolicy ?? { policy: null, allowlist: [] })) },
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
export function serializeMcpInstallPayload(format, entry) {
|
|
19
|
+
if (format === "toml") {
|
|
20
|
+
const argsJson = JSON.stringify(entry.args);
|
|
21
|
+
return [
|
|
22
|
+
"# Paybond MCP stdio server — merge into your host MCP config",
|
|
23
|
+
"[mcp_servers.paybond]",
|
|
24
|
+
`command = ${JSON.stringify(entry.command)}`,
|
|
25
|
+
`args = ${argsJson}`,
|
|
26
|
+
"",
|
|
27
|
+
"[mcp_servers.paybond.env]",
|
|
28
|
+
...Object.entries(entry.env).map(([key, value]) => `${key} = ${JSON.stringify(value)}`),
|
|
29
|
+
"",
|
|
30
|
+
].join("\n");
|
|
31
|
+
}
|
|
32
|
+
return `${JSON.stringify({
|
|
33
|
+
mcpServers: {
|
|
34
|
+
paybond: entry,
|
|
35
|
+
},
|
|
36
|
+
}, null, 2)}\n`;
|
|
37
|
+
}
|
|
38
|
+
export function resolveMcpInstallPath(scope, format, out, cwd, home) {
|
|
39
|
+
if (out?.trim()) {
|
|
40
|
+
return out.trim();
|
|
41
|
+
}
|
|
42
|
+
if (scope === "local") {
|
|
43
|
+
return null;
|
|
44
|
+
}
|
|
45
|
+
const ext = format === "toml" ? "toml" : "json";
|
|
46
|
+
const base = scope === "user" ? home : cwd;
|
|
47
|
+
return `${base.replace(/\/+$/, "")}/.paybond/mcp.${ext}`;
|
|
48
|
+
}
|
|
49
|
+
export function defaultMcpInstallFormat(host) {
|
|
50
|
+
return host === "codex" ? "toml" : "json";
|
|
51
|
+
}
|
|
52
|
+
export function planMcpInstall(input) {
|
|
53
|
+
const serverCommand = input.serverCommand ?? defaultMcpServerCommand();
|
|
54
|
+
const entry = buildMcpServerEntry(input.envFile, serverCommand, input.toolPolicy);
|
|
55
|
+
const payload = serializeMcpInstallPayload(input.format, entry);
|
|
56
|
+
const configPath = resolveMcpInstallPath(input.scope, input.format, input.out, input.cwd, input.home);
|
|
57
|
+
return {
|
|
58
|
+
host: input.host,
|
|
59
|
+
scope: input.scope,
|
|
60
|
+
format: input.format,
|
|
61
|
+
envFile: input.envFile,
|
|
62
|
+
configPath,
|
|
63
|
+
serverCommand,
|
|
64
|
+
payload,
|
|
65
|
+
printed: configPath === null,
|
|
66
|
+
toolPolicy: input.toolPolicy ?? null,
|
|
67
|
+
};
|
|
68
|
+
}
|
|
69
|
+
export function parseMcpInstallHost(raw) {
|
|
70
|
+
const value = (raw ?? "").trim().toLowerCase();
|
|
71
|
+
if (!value) {
|
|
72
|
+
throw new Error("missing --host (expected claude|codex|openai|generic)");
|
|
73
|
+
}
|
|
74
|
+
if (MCP_INSTALL_HOSTS.includes(value)) {
|
|
75
|
+
return value;
|
|
76
|
+
}
|
|
77
|
+
throw new Error("invalid --host (expected claude|codex|openai|generic)");
|
|
78
|
+
}
|
|
79
|
+
export function parseMcpInstallFormat(raw, host) {
|
|
80
|
+
if (!raw?.trim()) {
|
|
81
|
+
return defaultMcpInstallFormat(host);
|
|
82
|
+
}
|
|
83
|
+
const value = raw.trim().toLowerCase();
|
|
84
|
+
if (value === "json" || value === "toml") {
|
|
85
|
+
return value;
|
|
86
|
+
}
|
|
87
|
+
throw new Error("invalid --format (expected json|toml)");
|
|
88
|
+
}
|
|
89
|
+
export function parseMcpInstallScope(raw) {
|
|
90
|
+
const value = (raw ?? "project").trim().toLowerCase();
|
|
91
|
+
if (value === "local" || value === "project" || value === "user") {
|
|
92
|
+
return value;
|
|
93
|
+
}
|
|
94
|
+
throw new Error("invalid --scope (expected local|project|user)");
|
|
95
|
+
}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
export type McpToolPolicy = "readonly" | "spend-write" | "allowlist";
|
|
2
|
+
export declare const MCP_TOOL_POLICY_ENV = "PAYBOND_MCP_TOOL_POLICY";
|
|
3
|
+
export declare const MCP_TOOL_ALLOWLIST_ENV = "PAYBOND_MCP_TOOL_ALLOWLIST";
|
|
4
|
+
export declare const DEFAULT_MCP_TOOL_POLICY: McpToolPolicy;
|
|
5
|
+
export declare const LIVE_MONEY_TOOL_NAMES: Set<string>;
|
|
6
|
+
export type McpToolPolicyConfig = {
|
|
7
|
+
policy: McpToolPolicy | null;
|
|
8
|
+
allowlist: readonly string[];
|
|
9
|
+
};
|
|
10
|
+
export declare function defaultMcpToolPolicyConfig(): McpToolPolicyConfig;
|
|
11
|
+
export declare function resolveMcpToolPolicy(config: McpToolPolicyConfig): McpToolPolicyConfig;
|
|
12
|
+
export type McpToolAnnotations = {
|
|
13
|
+
readOnlyHint?: boolean;
|
|
14
|
+
destructiveHint?: boolean;
|
|
15
|
+
};
|
|
16
|
+
export declare function parseMcpToolPolicy(raw: string | undefined): McpToolPolicyConfig;
|
|
17
|
+
export declare function parseMcpToolAllowlist(raw: string | undefined): string[];
|
|
18
|
+
export declare function mergeMcpToolPolicy(policy: McpToolPolicyConfig, allowlist?: readonly string[]): McpToolPolicyConfig;
|
|
19
|
+
export declare function mcpToolPolicyEnv(config: McpToolPolicyConfig): Record<string, string>;
|
|
20
|
+
export declare function toolAnnotationsFlags(annotations: McpToolAnnotations | undefined): {
|
|
21
|
+
readOnly: boolean;
|
|
22
|
+
destructive: boolean;
|
|
23
|
+
};
|
|
24
|
+
export declare function toolAllowedByPolicy(name: string, annotations: McpToolAnnotations | undefined, config: McpToolPolicyConfig): boolean;
|
|
25
|
+
export declare function validateMcpToolSchema(tool: Record<string, unknown>): string[];
|
|
26
|
+
export declare function isLiveMoneyTool(name: string, annotations: McpToolAnnotations | undefined): boolean;
|