@paybond/kit 0.9.8 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/completion-presets/catalog.json +1187 -0
- package/completion-presets/catalog.sha256 +1 -0
- package/dev/trace-ui/dashboard.html +617 -0
- package/dist/agent/adapter.d.ts +51 -0
- package/dist/agent/adapter.js +66 -0
- package/dist/agent/attach-bundle.d.ts +37 -0
- package/dist/agent/attach-bundle.js +118 -0
- package/dist/agent/authorization-cache.d.ts +22 -0
- package/dist/agent/authorization-cache.js +36 -0
- package/dist/agent/deferred-tools.d.ts +11 -0
- package/dist/agent/deferred-tools.js +62 -0
- package/dist/agent/discover.d.ts +41 -0
- package/dist/agent/discover.js +147 -0
- package/dist/agent/evidence.d.ts +9 -0
- package/dist/agent/evidence.js +28 -0
- package/dist/agent/facade.d.ts +48 -0
- package/dist/agent/facade.js +112 -0
- package/dist/agent/gateway-trace-reporter.d.ts +28 -0
- package/dist/agent/gateway-trace-reporter.js +49 -0
- package/dist/agent/generic-runner.d.ts +14 -0
- package/dist/agent/generic-runner.js +49 -0
- package/dist/agent/generic-sandbox-demo.d.ts +36 -0
- package/dist/agent/generic-sandbox-demo.js +82 -0
- package/dist/agent/guarded-agent.d.ts +49 -0
- package/dist/agent/guarded-agent.js +100 -0
- package/dist/agent/index.d.ts +13 -0
- package/dist/agent/index.js +13 -0
- package/dist/agent/instrument.d.ts +156 -0
- package/dist/agent/instrument.js +442 -0
- package/dist/agent/interceptor.d.ts +24 -0
- package/dist/agent/interceptor.js +440 -0
- package/dist/agent/lazy-context-tools.d.ts +15 -0
- package/dist/agent/lazy-context-tools.js +81 -0
- package/dist/agent/registry-file.d.ts +39 -0
- package/dist/agent/registry-file.js +219 -0
- package/dist/agent/registry.d.ts +37 -0
- package/dist/agent/registry.js +128 -0
- package/dist/agent/run.d.ts +124 -0
- package/dist/agent/run.js +301 -0
- package/dist/agent/types.d.ts +318 -0
- package/dist/agent/types.js +42 -0
- package/dist/agent-recognition.d.ts +72 -0
- package/dist/agent-recognition.js +165 -0
- package/dist/bincode-wire.d.ts +18 -0
- package/dist/bincode-wire.js +93 -0
- package/dist/claude-agents/config.d.ts +21 -0
- package/dist/claude-agents/config.js +145 -0
- package/dist/claude-agents/index.d.ts +2 -0
- package/dist/claude-agents/index.js +2 -0
- package/dist/claude-agents/sandbox-demo.d.ts +30 -0
- package/dist/claude-agents/sandbox-demo.js +91 -0
- package/dist/cli/agent/env-quote.d.ts +1 -0
- package/dist/cli/agent/env-quote.js +6 -0
- package/dist/cli/agent/env-write.d.ts +8 -0
- package/dist/cli/agent/env-write.js +47 -0
- package/dist/cli/agent/paybond.d.ts +16 -0
- package/dist/cli/agent/paybond.js +55 -0
- package/dist/cli/agent/policy-file.d.ts +29 -0
- package/dist/cli/agent/policy-file.js +61 -0
- package/dist/cli/agent/production-evidence.d.ts +24 -0
- package/dist/cli/agent/production-evidence.js +98 -0
- package/dist/cli/agent/run-store.d.ts +30 -0
- package/dist/cli/agent/run-store.js +42 -0
- package/dist/cli/agent/run-trace-store.d.ts +39 -0
- package/dist/cli/agent/run-trace-store.js +143 -0
- package/dist/cli/agent-run-trace-table.d.ts +9 -0
- package/dist/cli/agent-run-trace-table.js +24 -0
- package/dist/cli/agent-sandbox-smoke-checklist.d.ts +9 -0
- package/dist/cli/agent-sandbox-smoke-checklist.js +50 -0
- package/dist/cli/audit-export.d.ts +7 -0
- package/dist/cli/audit-export.js +120 -0
- package/dist/cli/automation.d.ts +25 -0
- package/dist/cli/automation.js +297 -0
- package/dist/cli/body.d.ts +7 -0
- package/dist/cli/body.js +22 -0
- package/dist/cli/color.d.ts +15 -0
- package/dist/cli/color.js +39 -0
- package/dist/cli/command-spec.d.ts +13 -0
- package/dist/cli/command-spec.js +611 -0
- package/dist/cli/commands/agent.d.ts +16 -0
- package/dist/cli/commands/agent.js +1135 -0
- package/dist/cli/commands/dev.d.ts +7 -0
- package/dist/cli/commands/dev.js +348 -0
- package/dist/cli/commands/discovery.d.ts +8 -0
- package/dist/cli/commands/discovery.js +194 -0
- package/dist/cli/commands/policy.d.ts +13 -0
- package/dist/cli/commands/policy.js +769 -0
- package/dist/cli/commands/setup.d.ts +18 -0
- package/dist/cli/commands/setup.js +513 -0
- package/dist/cli/commands/workflows.d.ts +7 -0
- package/dist/cli/commands/workflows.js +214 -0
- package/dist/cli/config.d.ts +16 -0
- package/dist/cli/config.js +98 -0
- package/dist/cli/context.d.ts +22 -0
- package/dist/cli/context.js +110 -0
- package/dist/cli/credentials.d.ts +21 -0
- package/dist/cli/credentials.js +141 -0
- package/dist/cli/doctor-agent-middleware.d.ts +5 -0
- package/dist/cli/doctor-agent-middleware.js +49 -0
- package/dist/cli/doctor-agent.d.ts +15 -0
- package/dist/cli/doctor-agent.js +311 -0
- package/dist/cli/envelope.d.ts +14 -0
- package/dist/cli/envelope.js +46 -0
- package/dist/cli/globals.d.ts +23 -0
- package/dist/cli/globals.js +248 -0
- package/dist/cli/help.d.ts +3 -0
- package/dist/cli/help.js +83 -0
- package/dist/cli/mcp-install.d.ts +41 -0
- package/dist/cli/mcp-install.js +95 -0
- package/dist/cli/mcp-policy.d.ts +26 -0
- package/dist/cli/mcp-policy.js +110 -0
- package/dist/cli/mcp-verify-config.d.ts +37 -0
- package/dist/cli/mcp-verify-config.js +172 -0
- package/dist/cli/redact.d.ts +4 -0
- package/dist/cli/redact.js +88 -0
- package/dist/cli/request-id.d.ts +2 -0
- package/dist/cli/request-id.js +5 -0
- package/dist/cli/router.d.ts +2 -0
- package/dist/cli/router.js +378 -0
- package/dist/cli/smoke-deep-links.d.ts +15 -0
- package/dist/cli/smoke-deep-links.js +63 -0
- package/dist/cli/suggest.d.ts +4 -0
- package/dist/cli/suggest.js +58 -0
- package/dist/cli/support-diagnostics.d.ts +19 -0
- package/dist/cli/support-diagnostics.js +47 -0
- package/dist/cli/telemetry.d.ts +17 -0
- package/dist/cli/telemetry.js +94 -0
- package/dist/cli/types.d.ts +72 -0
- package/dist/cli/types.js +60 -0
- package/dist/cli/ux.d.ts +8 -0
- package/dist/cli/ux.js +164 -0
- package/dist/cli.d.ts +2 -0
- package/dist/cli.js +38 -0
- package/dist/completion-catalog-digest.d.ts +2 -0
- package/dist/completion-catalog-digest.js +2 -0
- package/dist/completion-catalog-integrity.d.ts +2 -0
- package/dist/completion-catalog-integrity.js +17 -0
- package/dist/completion-catalog.d.ts +49 -0
- package/dist/completion-catalog.js +62 -0
- package/dist/completion-contract-digest.d.ts +37 -0
- package/dist/completion-contract-digest.js +73 -0
- package/dist/completion-forbidden-fields.d.ts +5 -0
- package/dist/completion-forbidden-fields.js +26 -0
- package/dist/completion-init.d.ts +8 -0
- package/dist/completion-init.js +334 -0
- package/dist/completion-resolve.d.ts +21 -0
- package/dist/completion-resolve.js +86 -0
- package/dist/completion-validate-evidence.d.ts +24 -0
- package/dist/completion-validate-evidence.js +145 -0
- package/dist/dev/offline-gateway.d.ts +24 -0
- package/dist/dev/offline-gateway.js +102 -0
- package/dist/dev/trace-buffer.d.ts +61 -0
- package/dist/dev/trace-buffer.js +330 -0
- package/dist/dev/trace-security-headers.d.ts +11 -0
- package/dist/dev/trace-security-headers.js +16 -0
- package/dist/dev/trace-server.d.ts +8 -0
- package/dist/dev/trace-server.js +38 -0
- package/dist/dev/trace-ui.d.ts +4 -0
- package/dist/dev/trace-ui.js +25 -0
- package/dist/dev/wiremock-up.d.ts +15 -0
- package/dist/dev/wiremock-up.js +118 -0
- package/dist/doctor-completion.d.ts +17 -0
- package/dist/doctor-completion.js +428 -0
- package/dist/gateway-url.d.ts +7 -0
- package/dist/gateway-url.js +69 -0
- package/dist/index.d.ts +119 -2
- package/dist/index.js +267 -6
- package/dist/init.js +380 -68
- package/dist/langgraph/awrap-tool-call.d.ts +25 -0
- package/dist/langgraph/awrap-tool-call.js +81 -0
- package/dist/langgraph/config.d.ts +13 -0
- package/dist/langgraph/config.js +11 -0
- package/dist/langgraph/index.d.ts +4 -0
- package/dist/langgraph/index.js +4 -0
- package/dist/langgraph/sandbox-demo.d.ts +40 -0
- package/dist/langgraph/sandbox-demo.js +96 -0
- package/dist/langgraph/tool-node.d.ts +10 -0
- package/dist/langgraph/tool-node.js +38 -0
- package/dist/login.d.ts +14 -1
- package/dist/login.js +130 -63
- package/dist/mcp/index.d.ts +1 -0
- package/dist/mcp/index.js +1 -0
- package/dist/mcp/tool-surface.d.ts +25 -0
- package/dist/mcp/tool-surface.js +17 -0
- package/dist/mcp-capability-token-cache.d.ts +24 -0
- package/dist/mcp-capability-token-cache.js +101 -0
- package/dist/mcp-evidence-policy.d.ts +48 -0
- package/dist/mcp-evidence-policy.js +117 -0
- package/dist/mcp-policy-reload.d.ts +79 -0
- package/dist/mcp-policy-reload.js +200 -0
- package/dist/mcp-sep2828-evidence.d.ts +36 -0
- package/dist/mcp-sep2828-evidence.js +65 -0
- package/dist/mcp-server.d.ts +10 -0
- package/dist/mcp-server.js +423 -115
- package/dist/openai-agents/index.d.ts +40 -0
- package/dist/openai-agents/index.js +151 -0
- package/dist/openai-agents/sandbox-demo.d.ts +34 -0
- package/dist/openai-agents/sandbox-demo.js +118 -0
- package/dist/payee-evidence.js +2 -29
- package/dist/policy/catalog.d.ts +31 -0
- package/dist/policy/catalog.js +48 -0
- package/dist/policy/compose-utils.d.ts +3 -0
- package/dist/policy/compose-utils.js +4 -0
- package/dist/policy/compose.d.ts +20 -0
- package/dist/policy/compose.js +240 -0
- package/dist/policy/digest.d.ts +7 -0
- package/dist/policy/digest.js +75 -0
- package/dist/policy/domain.d.ts +15 -0
- package/dist/policy/domain.js +28 -0
- package/dist/policy/guardrail-spec.d.ts +17 -0
- package/dist/policy/guardrail-spec.js +140 -0
- package/dist/policy/guardrails.d.ts +48 -0
- package/dist/policy/guardrails.js +72 -0
- package/dist/policy/index.d.ts +21 -0
- package/dist/policy/index.js +21 -0
- package/dist/policy/init.d.ts +102 -0
- package/dist/policy/init.js +351 -0
- package/dist/policy/intent-spec.d.ts +52 -0
- package/dist/policy/intent-spec.js +176 -0
- package/dist/policy/json-path.d.ts +4 -0
- package/dist/policy/json-path.js +23 -0
- package/dist/policy/layers-io.d.ts +7 -0
- package/dist/policy/layers-io.js +28 -0
- package/dist/policy/load-effective.d.ts +22 -0
- package/dist/policy/load-effective.js +77 -0
- package/dist/policy/load.d.ts +85 -0
- package/dist/policy/load.js +164 -0
- package/dist/policy/merge.d.ts +29 -0
- package/dist/policy/merge.js +297 -0
- package/dist/policy/parse-text.d.ts +2 -0
- package/dist/policy/parse-text.js +126 -0
- package/dist/policy/policy-api.d.ts +45 -0
- package/dist/policy/policy-api.js +61 -0
- package/dist/policy/presets.d.ts +19 -0
- package/dist/policy/presets.js +66 -0
- package/dist/policy/registry.d.ts +7 -0
- package/dist/policy/registry.js +33 -0
- package/dist/policy/reload.d.ts +86 -0
- package/dist/policy/reload.js +233 -0
- package/dist/policy/render-yaml.d.ts +3 -0
- package/dist/policy/render-yaml.js +69 -0
- package/dist/policy/sandbox-bootstrap.d.ts +19 -0
- package/dist/policy/sandbox-bootstrap.js +66 -0
- package/dist/policy/schema.d.ts +204 -0
- package/dist/policy/schema.js +255 -0
- package/dist/policy/snapshot.d.ts +33 -0
- package/dist/policy/snapshot.js +23 -0
- package/dist/policy/validate-remote.d.ts +43 -0
- package/dist/policy/validate-remote.js +104 -0
- package/dist/policy/validate.d.ts +36 -0
- package/dist/policy/validate.js +150 -0
- package/dist/policy/watcher.d.ts +29 -0
- package/dist/policy/watcher.js +112 -0
- package/dist/principal-intent.d.ts +52 -0
- package/dist/principal-intent.js +193 -37
- package/dist/project-init.d.ts +34 -0
- package/dist/project-init.js +898 -0
- package/dist/sep2828-signature.d.ts +10 -0
- package/dist/sep2828-signature.js +134 -0
- package/dist/solutions/api.d.ts +22 -0
- package/dist/solutions/api.js +40 -0
- package/dist/solutions/catalog.d.ts +34 -0
- package/dist/solutions/catalog.js +129 -0
- package/dist/solutions/index.d.ts +2 -0
- package/dist/solutions/index.js +2 -0
- package/dist/template-init.d.ts +54 -0
- package/dist/template-init.js +203 -0
- package/dist/vercel-ai/config.d.ts +15 -0
- package/dist/vercel-ai/config.js +13 -0
- package/dist/vercel-ai/index.d.ts +4 -0
- package/dist/vercel-ai/index.js +4 -0
- package/dist/vercel-ai/sandbox-demo.d.ts +44 -0
- package/dist/vercel-ai/sandbox-demo.js +153 -0
- package/dist/vercel-ai/tool-approval.d.ts +16 -0
- package/dist/vercel-ai/tool-approval.js +41 -0
- package/dist/vercel-ai/wrap-tools.d.ts +9 -0
- package/dist/vercel-ai/wrap-tools.js +40 -0
- package/dist/x402-receipt-evidence.d.ts +29 -0
- package/dist/x402-receipt-evidence.js +97 -0
- package/dist/x402-receipt-signature.d.ts +12 -0
- package/dist/x402-receipt-signature.js +211 -0
- package/package.json +79 -4
- package/solutions/aws.json +17 -0
- package/solutions/saas.json +17 -0
- package/solutions/shopping.json +17 -0
- package/solutions/travel.json +18 -0
- package/templates/manifest.json +169 -0
- package/templates/openai-shopping-agent/.env.example +3 -0
- package/templates/openai-shopping-agent/.github/workflows/smoke.yml +20 -0
- package/templates/openai-shopping-agent/LICENSE +201 -0
- package/templates/openai-shopping-agent/README.md +29 -0
- package/templates/openai-shopping-agent/package.json +22 -0
- package/templates/openai-shopping-agent/paybond.policy.yaml +22 -0
- package/templates/openai-shopping-agent/src/index.ts +22 -0
- package/templates/openai-shopping-agent/src/paybond.config.ts +51 -0
- package/templates/openai-shopping-agent/tsconfig.json +13 -0
- package/templates/paybond-aws-operator/.env.example +3 -0
- package/templates/paybond-aws-operator/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-aws-operator/LICENSE +201 -0
- package/templates/paybond-aws-operator/README.md +29 -0
- package/templates/paybond-aws-operator/package.json +20 -0
- package/templates/paybond-aws-operator/paybond.policy.yaml +22 -0
- package/templates/paybond-aws-operator/src/index.ts +54 -0
- package/templates/paybond-aws-operator/src/paybond.config.ts +51 -0
- package/templates/paybond-aws-operator/tsconfig.json +13 -0
- package/templates/paybond-claude-agents-demo/.env.example +3 -0
- package/templates/paybond-claude-agents-demo/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-claude-agents-demo/LICENSE +201 -0
- package/templates/paybond-claude-agents-demo/README.md +29 -0
- package/templates/paybond-claude-agents-demo/package.json +22 -0
- package/templates/paybond-claude-agents-demo/paybond.policy.yaml +22 -0
- package/templates/paybond-claude-agents-demo/src/index.ts +22 -0
- package/templates/paybond-claude-agents-demo/src/paybond.config.ts +51 -0
- package/templates/paybond-claude-agents-demo/tsconfig.json +13 -0
- package/templates/paybond-invoice-agent/.env.example +3 -0
- package/templates/paybond-invoice-agent/.github/workflows/smoke.yml +19 -0
- package/templates/paybond-invoice-agent/LICENSE +201 -0
- package/templates/paybond-invoice-agent/README.md +29 -0
- package/templates/paybond-invoice-agent/app.py +27 -0
- package/templates/paybond-invoice-agent/package.json +6 -0
- package/templates/paybond-invoice-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-invoice-agent/paybond_config.py +45 -0
- package/templates/paybond-invoice-agent/requirements.txt +2 -0
- package/templates/paybond-mcp-coding-agent/.env.example +3 -0
- package/templates/paybond-mcp-coding-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-mcp-coding-agent/LICENSE +201 -0
- package/templates/paybond-mcp-coding-agent/README.md +39 -0
- package/templates/paybond-mcp-coding-agent/package.json +20 -0
- package/templates/paybond-mcp-coding-agent/paybond.policy.yaml +25 -0
- package/templates/paybond-mcp-coding-agent/src/index.ts +40 -0
- package/templates/paybond-mcp-coding-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-mcp-coding-agent/tsconfig.json +13 -0
- package/templates/paybond-openai-agents-demo/.env.example +3 -0
- package/templates/paybond-openai-agents-demo/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-openai-agents-demo/LICENSE +201 -0
- package/templates/paybond-openai-agents-demo/README.md +29 -0
- package/templates/paybond-openai-agents-demo/package.json +22 -0
- package/templates/paybond-openai-agents-demo/paybond.policy.yaml +22 -0
- package/templates/paybond-openai-agents-demo/src/index.ts +22 -0
- package/templates/paybond-openai-agents-demo/src/paybond.config.ts +51 -0
- package/templates/paybond-openai-agents-demo/tsconfig.json +13 -0
- package/templates/paybond-procurement-agent/.env.example +3 -0
- package/templates/paybond-procurement-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-procurement-agent/LICENSE +201 -0
- package/templates/paybond-procurement-agent/README.md +29 -0
- package/templates/paybond-procurement-agent/package.json +20 -0
- package/templates/paybond-procurement-agent/paybond.policy.yaml +25 -0
- package/templates/paybond-procurement-agent/src/index.ts +54 -0
- package/templates/paybond-procurement-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-procurement-agent/tsconfig.json +13 -0
- package/templates/paybond-travel-agent/.env.example +3 -0
- package/templates/paybond-travel-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-travel-agent/LICENSE +201 -0
- package/templates/paybond-travel-agent/README.md +29 -0
- package/templates/paybond-travel-agent/package.json +23 -0
- package/templates/paybond-travel-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-travel-agent/src/index.ts +22 -0
- package/templates/paybond-travel-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-travel-agent/tsconfig.json +13 -0
- package/templates/paybond-vercel-shopping-agent/.env.example +3 -0
- package/templates/paybond-vercel-shopping-agent/.github/workflows/smoke.yml +20 -0
- package/templates/paybond-vercel-shopping-agent/LICENSE +201 -0
- package/templates/paybond-vercel-shopping-agent/README.md +29 -0
- package/templates/paybond-vercel-shopping-agent/package.json +22 -0
- package/templates/paybond-vercel-shopping-agent/paybond.policy.yaml +22 -0
- package/templates/paybond-vercel-shopping-agent/src/index.ts +22 -0
- package/templates/paybond-vercel-shopping-agent/src/paybond.config.ts +51 -0
- package/templates/paybond-vercel-shopping-agent/tsconfig.json +13 -0
|
@@ -0,0 +1,440 @@
|
|
|
1
|
+
import { evictExpiredAuthorizationCache, takeValidCachedAuthorization, } from "./authorization-cache.js";
|
|
2
|
+
import { buildAutoEvidencePayload } from "./evidence.js";
|
|
3
|
+
import { signHarborEvidenceSubmitRecognitionProof } from "../agent-recognition.js";
|
|
4
|
+
import { signPayeeEvidenceBinding } from "../payee-evidence.js";
|
|
5
|
+
import { PaybondAutoEvidenceSubmitError, PaybondUnregisteredSideEffectingToolError, } from "./types.js";
|
|
6
|
+
export { PaybondAutoEvidenceSubmitError, PaybondEvidenceSubmitError } from "./types.js";
|
|
7
|
+
function nowRfc3339Seconds() {
|
|
8
|
+
return new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
|
|
9
|
+
}
|
|
10
|
+
function traceTimestamp() {
|
|
11
|
+
return new Date().toISOString();
|
|
12
|
+
}
|
|
13
|
+
function evidenceIdempotencyKey(intentId, toolCallId) {
|
|
14
|
+
return `evidence:${intentId}:${toolCallId}`;
|
|
15
|
+
}
|
|
16
|
+
function authorizationCacheKey(toolCallId, operation) {
|
|
17
|
+
return `${toolCallId}:${operation}`;
|
|
18
|
+
}
|
|
19
|
+
function assertOperationAllowed(operation, allowedTools) {
|
|
20
|
+
if (!allowedTools.includes(operation)) {
|
|
21
|
+
throw new Error(`operation "${operation}" is not in bound intent allowedTools (${allowedTools.join(", ")})`);
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
function mapSandboxEvidenceResult(result) {
|
|
25
|
+
return {
|
|
26
|
+
submitted: true,
|
|
27
|
+
intentId: result.intent_id,
|
|
28
|
+
predicatePassed: result.predicate_passed ?? undefined,
|
|
29
|
+
sandboxLifecycleStatus: result.sandbox_lifecycle_status,
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
function isSpendApprovalRequiredError(err) {
|
|
33
|
+
return err instanceof Error && err.name === "PaybondSpendApprovalRequiredError";
|
|
34
|
+
}
|
|
35
|
+
function isSpendDeniedError(err) {
|
|
36
|
+
return err instanceof Error && err.name === "PaybondSpendDeniedError";
|
|
37
|
+
}
|
|
38
|
+
function mapSpendErrorToDecision(err, operation, kind) {
|
|
39
|
+
const result = err.result;
|
|
40
|
+
const message = result?.message ??
|
|
41
|
+
result?.code ??
|
|
42
|
+
err.message ??
|
|
43
|
+
(kind === "approval_required" ? "approval_required" : "denied");
|
|
44
|
+
const base = {
|
|
45
|
+
message,
|
|
46
|
+
operation,
|
|
47
|
+
auditId: result?.auditId,
|
|
48
|
+
code: result?.code,
|
|
49
|
+
};
|
|
50
|
+
return kind === "approval_required"
|
|
51
|
+
? { kind: "approval_required", ...base }
|
|
52
|
+
: { kind: "deny", ...base };
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Pre/post intercept for side-effecting tools: authorize, execute, finalize spend, auto-evidence.
|
|
56
|
+
*/
|
|
57
|
+
export class PaybondToolInterceptor {
|
|
58
|
+
binding;
|
|
59
|
+
host;
|
|
60
|
+
authorizedCalls = new Map();
|
|
61
|
+
_inFlightCount = 0;
|
|
62
|
+
constructor(binding, host) {
|
|
63
|
+
this.binding = binding;
|
|
64
|
+
this.host = host;
|
|
65
|
+
}
|
|
66
|
+
/** Active in-flight authorize/execute cycles (blocks policy reload until zero). */
|
|
67
|
+
get inFlightCount() {
|
|
68
|
+
return this._inFlightCount;
|
|
69
|
+
}
|
|
70
|
+
beginInFlight() {
|
|
71
|
+
this._inFlightCount += 1;
|
|
72
|
+
return this.binding.policySnapshot?.digest;
|
|
73
|
+
}
|
|
74
|
+
endInFlight() {
|
|
75
|
+
this._inFlightCount = Math.max(0, this._inFlightCount - 1);
|
|
76
|
+
}
|
|
77
|
+
emitTrace(event) {
|
|
78
|
+
this.binding.onTrace?.(event);
|
|
79
|
+
}
|
|
80
|
+
/** Authorize-only pre-execution check for framework tool input guardrails. */
|
|
81
|
+
async authorizeToolCall(input) {
|
|
82
|
+
const toolName = input.toolName.trim();
|
|
83
|
+
const toolCallId = input.toolCallId.trim();
|
|
84
|
+
if (!toolName) {
|
|
85
|
+
throw new Error("toolName must be non-empty");
|
|
86
|
+
}
|
|
87
|
+
if (!toolCallId) {
|
|
88
|
+
throw new Error("toolCallId must be non-empty");
|
|
89
|
+
}
|
|
90
|
+
const pinnedDigest = this.beginInFlight();
|
|
91
|
+
try {
|
|
92
|
+
const resolution = this.binding.registry.resolveTool(toolName, {
|
|
93
|
+
allowedTools: this.binding.allowedTools,
|
|
94
|
+
});
|
|
95
|
+
if (resolution.kind === "passthrough") {
|
|
96
|
+
return { kind: "allow", passthrough: true, operation: toolName };
|
|
97
|
+
}
|
|
98
|
+
if (resolution.kind === "denied") {
|
|
99
|
+
return {
|
|
100
|
+
kind: "deny",
|
|
101
|
+
operation: resolution.operation,
|
|
102
|
+
message: `side-effecting tool "${resolution.toolName}" (operation "${resolution.operation}") is in intent allowedTools but not registered`,
|
|
103
|
+
};
|
|
104
|
+
}
|
|
105
|
+
let resolved;
|
|
106
|
+
try {
|
|
107
|
+
resolved = this.resolveSideEffectingCall(input, resolution.entry, resolution.operation);
|
|
108
|
+
}
|
|
109
|
+
catch (err) {
|
|
110
|
+
if (err instanceof Error) {
|
|
111
|
+
return { kind: "deny", message: err.message, operation: resolution.operation };
|
|
112
|
+
}
|
|
113
|
+
throw err;
|
|
114
|
+
}
|
|
115
|
+
this.emitTrace({
|
|
116
|
+
type: "tool_selected",
|
|
117
|
+
runId: this.binding.runId,
|
|
118
|
+
toolName: resolved.toolName,
|
|
119
|
+
toolCallId: resolved.toolCallId,
|
|
120
|
+
operation: resolved.operation,
|
|
121
|
+
recordedAt: traceTimestamp(),
|
|
122
|
+
});
|
|
123
|
+
try {
|
|
124
|
+
const auth = await this.binding.guard.assertSpendAuthorized(resolved.authInput);
|
|
125
|
+
evictExpiredAuthorizationCache(this.authorizedCalls);
|
|
126
|
+
this.authorizedCalls.set(authorizationCacheKey(toolCallId, resolved.operation), {
|
|
127
|
+
auth,
|
|
128
|
+
policyDigest: pinnedDigest,
|
|
129
|
+
operation: resolved.operation,
|
|
130
|
+
requestedSpendCents: resolved.requestedSpendCents,
|
|
131
|
+
toolName: resolved.toolName,
|
|
132
|
+
cachedAtMs: Date.now(),
|
|
133
|
+
});
|
|
134
|
+
this.emitTrace({
|
|
135
|
+
type: "spend_authorized",
|
|
136
|
+
runId: this.binding.runId,
|
|
137
|
+
toolCallId: resolved.toolCallId,
|
|
138
|
+
operation: resolved.operation,
|
|
139
|
+
auditId: auth.auditId,
|
|
140
|
+
decisionId: auth.decisionId,
|
|
141
|
+
amountCents: resolved.requestedSpendCents,
|
|
142
|
+
recordedAt: traceTimestamp(),
|
|
143
|
+
});
|
|
144
|
+
return {
|
|
145
|
+
kind: "allow",
|
|
146
|
+
operation: resolved.operation,
|
|
147
|
+
auditId: auth.auditId,
|
|
148
|
+
decisionId: auth.decisionId,
|
|
149
|
+
policyDigest: pinnedDigest,
|
|
150
|
+
};
|
|
151
|
+
}
|
|
152
|
+
catch (err) {
|
|
153
|
+
if (isSpendApprovalRequiredError(err)) {
|
|
154
|
+
const decision = mapSpendErrorToDecision(err, resolved.operation, "approval_required");
|
|
155
|
+
if (decision.kind === "approval_required") {
|
|
156
|
+
this.emitTrace({
|
|
157
|
+
type: "approval_required",
|
|
158
|
+
runId: this.binding.runId,
|
|
159
|
+
toolCallId: resolved.toolCallId,
|
|
160
|
+
operation: resolved.operation,
|
|
161
|
+
message: decision.message,
|
|
162
|
+
auditId: decision.auditId,
|
|
163
|
+
code: decision.code,
|
|
164
|
+
recordedAt: traceTimestamp(),
|
|
165
|
+
});
|
|
166
|
+
}
|
|
167
|
+
return decision;
|
|
168
|
+
}
|
|
169
|
+
if (isSpendDeniedError(err)) {
|
|
170
|
+
const decision = mapSpendErrorToDecision(err, resolved.operation, "deny");
|
|
171
|
+
if (decision.kind === "deny") {
|
|
172
|
+
this.emitTrace({
|
|
173
|
+
type: "spend_denied",
|
|
174
|
+
runId: this.binding.runId,
|
|
175
|
+
toolCallId: resolved.toolCallId,
|
|
176
|
+
operation: resolved.operation,
|
|
177
|
+
message: decision.message,
|
|
178
|
+
auditId: decision.auditId,
|
|
179
|
+
code: decision.code,
|
|
180
|
+
recordedAt: traceTimestamp(),
|
|
181
|
+
});
|
|
182
|
+
}
|
|
183
|
+
return decision;
|
|
184
|
+
}
|
|
185
|
+
throw err;
|
|
186
|
+
}
|
|
187
|
+
}
|
|
188
|
+
finally {
|
|
189
|
+
this.endInFlight();
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
/** Run one tool through the middleware authorize → execute → evidence cycle. */
|
|
193
|
+
async wrapExecute(input) {
|
|
194
|
+
const toolName = input.toolName.trim();
|
|
195
|
+
const toolCallId = input.toolCallId.trim();
|
|
196
|
+
if (!toolName) {
|
|
197
|
+
throw new Error("toolName must be non-empty");
|
|
198
|
+
}
|
|
199
|
+
if (!toolCallId) {
|
|
200
|
+
throw new Error("toolCallId must be non-empty");
|
|
201
|
+
}
|
|
202
|
+
const pinnedDigest = this.beginInFlight();
|
|
203
|
+
try {
|
|
204
|
+
const resolution = this.binding.registry.resolveTool(toolName, {
|
|
205
|
+
allowedTools: this.binding.allowedTools,
|
|
206
|
+
});
|
|
207
|
+
if (resolution.kind === "passthrough") {
|
|
208
|
+
return { toolResult: await input.execute() };
|
|
209
|
+
}
|
|
210
|
+
if (resolution.kind === "denied") {
|
|
211
|
+
throw new PaybondUnregisteredSideEffectingToolError(resolution.toolName, resolution.operation);
|
|
212
|
+
}
|
|
213
|
+
const resolved = this.resolveSideEffectingCall(input, resolution.entry, resolution.operation);
|
|
214
|
+
this.emitTrace({
|
|
215
|
+
type: "tool_selected",
|
|
216
|
+
runId: this.binding.runId,
|
|
217
|
+
toolName: resolved.toolName,
|
|
218
|
+
toolCallId: resolved.toolCallId,
|
|
219
|
+
operation: resolved.operation,
|
|
220
|
+
recordedAt: traceTimestamp(),
|
|
221
|
+
});
|
|
222
|
+
const cacheKey = authorizationCacheKey(toolCallId, resolved.operation);
|
|
223
|
+
const cached = takeValidCachedAuthorization(this.authorizedCalls, cacheKey, {
|
|
224
|
+
operation: resolved.operation,
|
|
225
|
+
requestedSpendCents: resolved.requestedSpendCents,
|
|
226
|
+
toolName: resolved.toolName,
|
|
227
|
+
});
|
|
228
|
+
const evidencePolicyDigest = cached?.policyDigest ?? pinnedDigest;
|
|
229
|
+
let auth;
|
|
230
|
+
if (cached) {
|
|
231
|
+
auth = cached.auth;
|
|
232
|
+
}
|
|
233
|
+
else {
|
|
234
|
+
auth = await this.binding.guard.assertSpendAuthorized(resolved.authInput);
|
|
235
|
+
this.emitTrace({
|
|
236
|
+
type: "spend_authorized",
|
|
237
|
+
runId: this.binding.runId,
|
|
238
|
+
toolCallId: resolved.toolCallId,
|
|
239
|
+
operation: resolved.operation,
|
|
240
|
+
auditId: auth.auditId,
|
|
241
|
+
decisionId: auth.decisionId,
|
|
242
|
+
amountCents: resolved.requestedSpendCents,
|
|
243
|
+
recordedAt: traceTimestamp(),
|
|
244
|
+
});
|
|
245
|
+
}
|
|
246
|
+
const executeStartedAt = Date.now();
|
|
247
|
+
try {
|
|
248
|
+
const toolResult = await input.execute();
|
|
249
|
+
this.emitTrace({
|
|
250
|
+
type: "tool_executed",
|
|
251
|
+
runId: this.binding.runId,
|
|
252
|
+
toolCallId: resolved.toolCallId,
|
|
253
|
+
operation: resolved.operation,
|
|
254
|
+
durationMs: Date.now() - executeStartedAt,
|
|
255
|
+
recordedAt: traceTimestamp(),
|
|
256
|
+
});
|
|
257
|
+
if (auth.decisionId) {
|
|
258
|
+
await this.binding.guard.completeSpendAuthorization(auth.decisionId, "consumed");
|
|
259
|
+
this.emitTrace({
|
|
260
|
+
type: "spend_finalized",
|
|
261
|
+
runId: this.binding.runId,
|
|
262
|
+
toolCallId: resolved.toolCallId,
|
|
263
|
+
operation: resolved.operation,
|
|
264
|
+
status: "consumed",
|
|
265
|
+
recordedAt: traceTimestamp(),
|
|
266
|
+
});
|
|
267
|
+
}
|
|
268
|
+
const evidenceId = evidenceIdempotencyKey(this.binding.intentId, toolCallId);
|
|
269
|
+
const evidence = await this.submitAutoEvidence({
|
|
270
|
+
entry: resolved.entry,
|
|
271
|
+
toolName,
|
|
272
|
+
toolCallId,
|
|
273
|
+
operation: resolved.operation,
|
|
274
|
+
arguments: input.arguments,
|
|
275
|
+
requestedSpendCents: resolved.requestedSpendCents,
|
|
276
|
+
toolResult,
|
|
277
|
+
auth,
|
|
278
|
+
evidenceId,
|
|
279
|
+
});
|
|
280
|
+
this.emitTrace({
|
|
281
|
+
type: "evidence_submitted",
|
|
282
|
+
runId: this.binding.runId,
|
|
283
|
+
toolCallId: resolved.toolCallId,
|
|
284
|
+
operation: resolved.operation,
|
|
285
|
+
evidenceId,
|
|
286
|
+
presetId: resolved.entry.evidencePreset,
|
|
287
|
+
evidencePreset: resolved.entry.evidencePreset,
|
|
288
|
+
sandboxLifecycleStatus: evidence.sandboxLifecycleStatus,
|
|
289
|
+
predicatePassed: evidence.predicatePassed,
|
|
290
|
+
recordedAt: traceTimestamp(),
|
|
291
|
+
});
|
|
292
|
+
return {
|
|
293
|
+
toolResult,
|
|
294
|
+
authorization: {
|
|
295
|
+
allow: true,
|
|
296
|
+
auditId: auth.auditId,
|
|
297
|
+
decisionId: auth.decisionId,
|
|
298
|
+
policyDigest: evidencePolicyDigest,
|
|
299
|
+
},
|
|
300
|
+
evidence,
|
|
301
|
+
};
|
|
302
|
+
}
|
|
303
|
+
catch (err) {
|
|
304
|
+
if (err instanceof PaybondAutoEvidenceSubmitError) {
|
|
305
|
+
throw err;
|
|
306
|
+
}
|
|
307
|
+
if (auth.decisionId) {
|
|
308
|
+
try {
|
|
309
|
+
await this.binding.guard.completeSpendAuthorization(auth.decisionId, "released");
|
|
310
|
+
this.emitTrace({
|
|
311
|
+
type: "spend_finalized",
|
|
312
|
+
runId: this.binding.runId,
|
|
313
|
+
toolCallId: resolved.toolCallId,
|
|
314
|
+
operation: resolved.operation,
|
|
315
|
+
status: "released",
|
|
316
|
+
recordedAt: traceTimestamp(),
|
|
317
|
+
});
|
|
318
|
+
}
|
|
319
|
+
catch {
|
|
320
|
+
// Best-effort release when the guarded handler fails.
|
|
321
|
+
}
|
|
322
|
+
}
|
|
323
|
+
throw err;
|
|
324
|
+
}
|
|
325
|
+
}
|
|
326
|
+
finally {
|
|
327
|
+
this.endInFlight();
|
|
328
|
+
}
|
|
329
|
+
}
|
|
330
|
+
resolveSideEffectingCall(input, entry, defaultOperation) {
|
|
331
|
+
const toolName = input.toolName.trim();
|
|
332
|
+
const toolCallId = input.toolCallId.trim();
|
|
333
|
+
const operation = (input.operation ?? defaultOperation).trim();
|
|
334
|
+
assertOperationAllowed(operation, this.binding.allowedTools);
|
|
335
|
+
const requestedSpendCents = input.requestedSpendCents ??
|
|
336
|
+
this.binding.registry.resolveSpendCents(toolName, input.arguments) ??
|
|
337
|
+
0;
|
|
338
|
+
return {
|
|
339
|
+
toolName,
|
|
340
|
+
toolCallId,
|
|
341
|
+
operation,
|
|
342
|
+
requestedSpendCents,
|
|
343
|
+
entry,
|
|
344
|
+
authInput: {
|
|
345
|
+
operation,
|
|
346
|
+
requestedSpendCents,
|
|
347
|
+
toolCallId,
|
|
348
|
+
toolName,
|
|
349
|
+
vendorId: input.vendorId,
|
|
350
|
+
taskId: input.taskId,
|
|
351
|
+
workflowId: input.workflowId,
|
|
352
|
+
currency: input.currency,
|
|
353
|
+
agentSubject: input.agentSubject,
|
|
354
|
+
approvalToken: input.approvalToken,
|
|
355
|
+
idempotencyKey: input.idempotencyKey,
|
|
356
|
+
},
|
|
357
|
+
};
|
|
358
|
+
}
|
|
359
|
+
async submitAutoEvidence(options) {
|
|
360
|
+
const ctx = {
|
|
361
|
+
toolName: options.toolName,
|
|
362
|
+
toolCallId: options.toolCallId,
|
|
363
|
+
operation: options.operation,
|
|
364
|
+
arguments: options.arguments,
|
|
365
|
+
};
|
|
366
|
+
let payload;
|
|
367
|
+
try {
|
|
368
|
+
payload = buildAutoEvidencePayload(options.entry, options.toolResult, ctx);
|
|
369
|
+
}
|
|
370
|
+
catch (err) {
|
|
371
|
+
throw new PaybondAutoEvidenceSubmitError(options.toolResult, err);
|
|
372
|
+
}
|
|
373
|
+
const idempotencyKey = options.evidenceId;
|
|
374
|
+
try {
|
|
375
|
+
if (this.binding.sandbox) {
|
|
376
|
+
const result = await this.host.guardrails.submitSandboxEvidence({
|
|
377
|
+
intentId: this.binding.intentId,
|
|
378
|
+
payload,
|
|
379
|
+
operation: options.operation,
|
|
380
|
+
requestedSpendCents: options.requestedSpendCents,
|
|
381
|
+
metadata: {
|
|
382
|
+
tool_name: options.toolName,
|
|
383
|
+
tool_call_id: options.toolCallId,
|
|
384
|
+
evidence_preset: options.entry.evidencePreset,
|
|
385
|
+
decision_id: options.auth.decisionId,
|
|
386
|
+
},
|
|
387
|
+
idempotencyKey,
|
|
388
|
+
});
|
|
389
|
+
return mapSandboxEvidenceResult(result);
|
|
390
|
+
}
|
|
391
|
+
const productionEvidence = this.binding.productionEvidence;
|
|
392
|
+
if (!productionEvidence) {
|
|
393
|
+
throw new Error("production agent run bind requires attach.productionEvidence for auto-evidence submission");
|
|
394
|
+
}
|
|
395
|
+
const wire = signPayeeEvidenceBinding({
|
|
396
|
+
tenantId: this.binding.tenantId,
|
|
397
|
+
intentId: this.binding.intentId,
|
|
398
|
+
payeeDid: productionEvidence.payeeDid,
|
|
399
|
+
payload,
|
|
400
|
+
artifactsBlake3Hex: [],
|
|
401
|
+
submittedAtRfc3339: nowRfc3339Seconds(),
|
|
402
|
+
payeeSigningSeed: productionEvidence.payeeSigningSeed,
|
|
403
|
+
});
|
|
404
|
+
const recognitionProof = signHarborEvidenceSubmitRecognitionProof({
|
|
405
|
+
tenantId: this.binding.tenantId,
|
|
406
|
+
intentId: this.binding.intentId,
|
|
407
|
+
evidenceBody: wire,
|
|
408
|
+
keyId: productionEvidence.agentRecognitionKeyId,
|
|
409
|
+
signingSeed: productionEvidence.agentRecognitionSigningSeed,
|
|
410
|
+
});
|
|
411
|
+
const result = await this.host.harbor.submitEvidence(this.binding.intentId, wire, {
|
|
412
|
+
idempotencyKey,
|
|
413
|
+
recognitionProof,
|
|
414
|
+
});
|
|
415
|
+
const resultRecord = result;
|
|
416
|
+
const intentState = typeof resultRecord.intent_state === "string"
|
|
417
|
+
? resultRecord.intent_state
|
|
418
|
+
: typeof resultRecord.state === "string"
|
|
419
|
+
? resultRecord.state
|
|
420
|
+
: undefined;
|
|
421
|
+
const predicatePassed = typeof resultRecord.predicate_passed === "boolean"
|
|
422
|
+
? resultRecord.predicate_passed
|
|
423
|
+
: typeof resultRecord.predicatePassed === "boolean"
|
|
424
|
+
? resultRecord.predicatePassed
|
|
425
|
+
: undefined;
|
|
426
|
+
return {
|
|
427
|
+
submitted: true,
|
|
428
|
+
intentId: this.binding.intentId,
|
|
429
|
+
intentState,
|
|
430
|
+
predicatePassed,
|
|
431
|
+
};
|
|
432
|
+
}
|
|
433
|
+
catch (err) {
|
|
434
|
+
if (err instanceof PaybondAutoEvidenceSubmitError) {
|
|
435
|
+
throw err;
|
|
436
|
+
}
|
|
437
|
+
throw new PaybondAutoEvidenceSubmitError(options.toolResult, err);
|
|
438
|
+
}
|
|
439
|
+
}
|
|
440
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export declare const PAYBOND_LAZY_CONTEXT_MESSAGE = "context provider must return { intentId, capabilityToken } for the active request before executing side-effecting tools.";
|
|
2
|
+
/** Thrown when a lazy-context provider returns incomplete binding material. */
|
|
3
|
+
export declare class PaybondLazyContextError extends Error {
|
|
4
|
+
constructor(message?: string);
|
|
5
|
+
}
|
|
6
|
+
export type LazyRuntimeResolver<TTools = unknown> = {
|
|
7
|
+
resolve: () => Promise<{
|
|
8
|
+
tools: TTools;
|
|
9
|
+
}>;
|
|
10
|
+
};
|
|
11
|
+
/**
|
|
12
|
+
* Wrap tools so each execution resolves request context via {@link LazyRuntimeResolver}.
|
|
13
|
+
* Safe to register once; binding happens per active request at execute time.
|
|
14
|
+
*/
|
|
15
|
+
export declare function wrapLazyContextTools<TTools>(rawTools: TTools, resolver: LazyRuntimeResolver<TTools>): TTools;
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
export const PAYBOND_LAZY_CONTEXT_MESSAGE = "context provider must return { intentId, capabilityToken } for the active request before executing side-effecting tools.";
|
|
2
|
+
/** Thrown when a lazy-context provider returns incomplete binding material. */
|
|
3
|
+
export class PaybondLazyContextError extends Error {
|
|
4
|
+
constructor(message = PAYBOND_LAZY_CONTEXT_MESSAGE) {
|
|
5
|
+
super(message);
|
|
6
|
+
this.name = "PaybondLazyContextError";
|
|
7
|
+
}
|
|
8
|
+
}
|
|
9
|
+
function isRecord(value) {
|
|
10
|
+
return typeof value === "object" && value !== null;
|
|
11
|
+
}
|
|
12
|
+
function isGenericToolDefinition(value) {
|
|
13
|
+
if (!isRecord(value)) {
|
|
14
|
+
return false;
|
|
15
|
+
}
|
|
16
|
+
return typeof value.name === "string" && value.name.trim().length > 0 && typeof value.execute === "function";
|
|
17
|
+
}
|
|
18
|
+
async function executeGuardedTool(runtimeTools, toolName, call) {
|
|
19
|
+
if (Array.isArray(runtimeTools)) {
|
|
20
|
+
const tool = runtimeTools.find((entry) => isGenericToolDefinition(entry) && entry.name === toolName);
|
|
21
|
+
if (!tool) {
|
|
22
|
+
throw new Error(`guarded tool not found after lazy bind: ${toolName}`);
|
|
23
|
+
}
|
|
24
|
+
return tool.execute(call);
|
|
25
|
+
}
|
|
26
|
+
if (isRecord(runtimeTools)) {
|
|
27
|
+
const tool = runtimeTools[toolName];
|
|
28
|
+
if (typeof tool === "function") {
|
|
29
|
+
return tool(call);
|
|
30
|
+
}
|
|
31
|
+
if (isGenericToolDefinition(tool)) {
|
|
32
|
+
return tool.execute(call);
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
throw new Error(`guarded tool not found after lazy bind: ${toolName}`);
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Wrap tools so each execution resolves request context via {@link LazyRuntimeResolver}.
|
|
39
|
+
* Safe to register once; binding happens per active request at execute time.
|
|
40
|
+
*/
|
|
41
|
+
export function wrapLazyContextTools(rawTools, resolver) {
|
|
42
|
+
const runGuarded = async (toolName, call) => {
|
|
43
|
+
const runtime = await resolver.resolve();
|
|
44
|
+
return executeGuardedTool(runtime.tools, toolName, call);
|
|
45
|
+
};
|
|
46
|
+
if (Array.isArray(rawTools)) {
|
|
47
|
+
return rawTools.map((tool) => {
|
|
48
|
+
if (!isGenericToolDefinition(tool)) {
|
|
49
|
+
return tool;
|
|
50
|
+
}
|
|
51
|
+
const { execute: _ignored, ...rest } = tool;
|
|
52
|
+
return {
|
|
53
|
+
...rest,
|
|
54
|
+
name: tool.name,
|
|
55
|
+
execute: async (call) => runGuarded(tool.name, call),
|
|
56
|
+
};
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
if (isRecord(rawTools)) {
|
|
60
|
+
const wrapped = {};
|
|
61
|
+
for (const [name, tool] of Object.entries(rawTools)) {
|
|
62
|
+
if (typeof tool === "function") {
|
|
63
|
+
wrapped[name] = async (call) => runGuarded(name, call);
|
|
64
|
+
continue;
|
|
65
|
+
}
|
|
66
|
+
if (isGenericToolDefinition(tool)) {
|
|
67
|
+
const toolName = tool.name.trim() || name;
|
|
68
|
+
const { execute: _ignored, ...rest } = tool;
|
|
69
|
+
wrapped[name] = {
|
|
70
|
+
...rest,
|
|
71
|
+
name: toolName,
|
|
72
|
+
execute: async (call) => runGuarded(toolName, call),
|
|
73
|
+
};
|
|
74
|
+
continue;
|
|
75
|
+
}
|
|
76
|
+
wrapped[name] = tool;
|
|
77
|
+
}
|
|
78
|
+
return wrapped;
|
|
79
|
+
}
|
|
80
|
+
return rawTools;
|
|
81
|
+
}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import { PaybondToolRegistry } from "./registry.js";
|
|
2
|
+
import { PaybondToolRegistryConfig } from "./types.js";
|
|
3
|
+
export type AgentRegistryFileDocument = {
|
|
4
|
+
version?: number;
|
|
5
|
+
default_deny?: boolean;
|
|
6
|
+
defaultDeny?: boolean;
|
|
7
|
+
tools?: Record<string, AgentRegistryToolEntry>;
|
|
8
|
+
};
|
|
9
|
+
export type AgentRegistryToolEntry = {
|
|
10
|
+
side_effecting?: boolean;
|
|
11
|
+
sideEffecting?: boolean;
|
|
12
|
+
evidence_preset?: string;
|
|
13
|
+
evidencePreset?: string;
|
|
14
|
+
operation?: string;
|
|
15
|
+
};
|
|
16
|
+
export type AgentRegistryValidationIssue = {
|
|
17
|
+
code: string;
|
|
18
|
+
message: string;
|
|
19
|
+
tool?: string;
|
|
20
|
+
};
|
|
21
|
+
export type AgentRegistryValidationResult = {
|
|
22
|
+
ok: boolean;
|
|
23
|
+
version: number | null;
|
|
24
|
+
default_deny: boolean;
|
|
25
|
+
tool_count: number;
|
|
26
|
+
side_effecting_count: number;
|
|
27
|
+
issues: AgentRegistryValidationIssue[];
|
|
28
|
+
registry?: PaybondToolRegistry;
|
|
29
|
+
};
|
|
30
|
+
/** Parse registry file text (JSON or YAML). */
|
|
31
|
+
export declare function parseAgentRegistryText(text: string, sourceLabel?: string): AgentRegistryFileDocument;
|
|
32
|
+
/** Load and parse a registry file from disk. */
|
|
33
|
+
export declare function loadAgentRegistryFile(path: string): Promise<AgentRegistryFileDocument>;
|
|
34
|
+
/** Convert a registry file document into middleware registry config. */
|
|
35
|
+
export declare function agentRegistryDocumentToConfig(doc: AgentRegistryFileDocument): PaybondToolRegistryConfig;
|
|
36
|
+
/** Validate registry document semantics before bind or smoke tests. */
|
|
37
|
+
export declare function validateAgentRegistryDocument(doc: AgentRegistryFileDocument): AgentRegistryValidationResult;
|
|
38
|
+
/** Build a single-tool registry for sandbox smoke when no registry file is supplied. */
|
|
39
|
+
export declare function buildSmokeRegistry(operation: string, evidencePresetId: string): PaybondToolRegistry;
|