paybondpaybond
Sign in

Agent middleware

Model-agnostic spend middleware for agent tool calls.

Authorize at the tool boundary, submit evidence automatically, and keep one intent per agent run — across OpenAI, Claude, Gemini, LangGraph, MCP, and custom orchestrators.

Why tool boundary, not model boundary

Paybond does not proxy LLM inference. Model providers handle token usage; Paybond authorizes paid and side-effecting tools before they execute and records proof afterward.

DimensionPaybond middlewareWithout Paybond middleware
Spend scopePaid tools, vendor APIs, bookings, settlement workflowsModel token budgets (LiteLLM, provider dashboards)
Integration pointTool handler / MCP tool / graph nodeModel API proxy or gateway
EvidenceAutomatic on successful side-effecting callsUsage logs or invoices
Authorization modelCapability-scoped authorization — intent bound per agent runPre-call if-check in app (easy to bypass per tool)

Sandbox smoke (CLI)

Rehearse spend authorization and evidence in sandbox without writing integration code. JSON output for coding agents.

paybond login
paybond agent sandbox smoke \
  --operation paid-tool \
  --requested-spend-cents 100 \
  --evidence-preset cost_and_completion \
  --result-body '{"status":"ok","cost_cents":100}' \
  --format json

Clone a starter template

Public GitHub template repos ship paybond.policy.yaml, .env.example, npm run smoke (policy-file based), and CI. git clone → paybond login → npm run smoke in under a minute.

Scaffold locally

paybond init --template travel-agent --framework langgraph

Or clone from GitHub

git clone https://github.com/nonameuserd/paybond-travel-agent.git
cd paybond-travel-agent
cp .env.example .env.local
paybond login
npm install
npm run smoke

Framework adapters

Bilingual frameworks ship TypeScript and Python docs, exports, and smoke on one page — complete sandbox smoke in either language without reading the other kit.

  • Agent-agnostic core

    Defaultavailable

    TypeScriptPython

    Default recommended when you have no framework SDK — custom orchestrators, Claude/Gemini tool-use, or queue workers. createPaybondGenericAgentConfig in TypeScript and Python with identical semantics.

    paybond agent demo generic smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json
    Adapter docs →
  • LangGraph

    available

    TypeScriptPython

    ToolNode hooks in both kits — paybondAwrapToolCall / paybond_awrap_tool_call and paybondToolNode parity. Bilingual docs and smoke; no need to read the other kit.

    paybond agent demo langgraph smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json
    Adapter docs →
  • Claude Agents SDK

    available

    TypeScriptPython

    In-process MCP custom tools wrapped with Paybond middleware. TypeScript (@anthropic-ai/claude-agent-sdk) and Python (claude-agent-sdk) parity — bilingual docs and smoke.

    paybond agent demo claude-agents smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json
    Adapter docs →
  • Vercel AI SDK

    available

    TypeScript

    toolApproval + paybondVercelWrapTools for AI SDK generateText / streamText. TypeScript only — Python Kit links here.

    paybond agent demo vercel-ai smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json
    Adapter docs →
  • OpenAI Agents SDK

    available

    TypeScript

    Input guardrails + wrapped invoke for OpenAI Agents function tools. TypeScript only — Python Kit links here.

    paybond agent demo openai-agents smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json
    Adapter docs →
  • MCP hosts

    available

    TypeScriptPython

    Tenant-bound stdio paybond-mcp-server for Claude Desktop, Codex, and generic MCP orchestrators. TypeScript and Python kits ship the same tool surface.

    paybond login
    # Launch: npx -y -p @paybond/kit paybond-mcp-server
    # Or see /docs/kit/coding-agent-setup
    Adapter docs →
  • Mastra

    planned

    TypeScript

    Native Mastra runner helper is planned. Use agent-agnostic wrapTools or MCP today — request the adapter if Mastra is your primary stack.

    paybond agent demo generic smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json
    Adapter docs →
  • CrewAI

    planned

    Python

    Native CrewAI runner helper is planned. Use agent-agnostic wrap_tools or MCP today — request the adapter if CrewAI is your primary stack.

    paybond agent demo generic smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json
    Adapter docs →
  • Cloudflare Agents

    planned

    TypeScript

    Native Cloudflare Agents runner helper is planned. Use agent-agnostic wrapTools or MCP today — request the adapter if Cloudflare Agents is your primary stack.

    paybond agent demo generic smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json
    Adapter docs →

Full install surfaces and rails: Kit support matrix

FAQ

Is this model-agnostic?
Yes. Your model provider client stays on the provider API; Paybond wraps tool handlers at the spend boundary.
Do I call submitEvidence manually?
Not when using middleware for registered side-effecting tools. Auto-evidence is required middleware behavior. See the docs for legacy per-tool guard paths.
Sandbox vs production?
Sandbox rehearses authorization and evidence with funded sandbox intents. Production attaches to live intents on your tenant.
How is this different from LiteLLM budgets?
LiteLLM caps model token spend. Paybond authorizes delegated paid work, submits signed evidence, and supports settlement lifecycle (release, refund, dispute).