Agent middleware
Model-agnostic spend middleware for agent tool calls.
Authorize at the tool boundary, submit evidence automatically, and keep one intent per agent run — across OpenAI, Claude, Gemini, LangGraph, MCP, and custom orchestrators.
Why tool boundary, not model boundary
Paybond does not proxy LLM inference. Model providers handle token usage; Paybond authorizes paid and side-effecting tools before they execute and records proof afterward.
| Dimension | Paybond middleware | Without Paybond middleware |
|---|---|---|
| Spend scope | Paid tools, vendor APIs, bookings, settlement workflows | Model token budgets (LiteLLM, provider dashboards) |
| Integration point | Tool handler / MCP tool / graph node | Model API proxy or gateway |
| Evidence | Automatic on successful side-effecting calls | Usage logs or invoices |
| Authorization model | Capability-scoped authorization — intent bound per agent run | Pre-call if-check in app (easy to bypass per tool) |
Sandbox smoke (CLI)
Rehearse spend authorization and evidence in sandbox without writing integration code. JSON output for coding agents.
paybond login
paybond agent sandbox smoke \
--operation paid-tool \
--requested-spend-cents 100 \
--evidence-preset cost_and_completion \
--result-body '{"status":"ok","cost_cents":100}' \
--format jsonClone a starter template
Public GitHub template repos ship paybond.policy.yaml, .env.example, npm run smoke (policy-file based), and CI. git clone → paybond login → npm run smoke in under a minute.
Scaffold locally
paybond init --template travel-agent --framework langgraphOr clone from GitHub
git clone https://github.com/nonameuserd/paybond-travel-agent.git
cd paybond-travel-agent
cp .env.example .env.local
paybond login
npm install
npm run smokeInvoice agent (Python)
langgraph · saas
pip install -r requirements.txt && npm run smoke
Use template on GitHub →
Framework adapters
Bilingual frameworks ship TypeScript and Python docs, exports, and smoke on one page — complete sandbox smoke in either language without reading the other kit.
Agent-agnostic core
DefaultavailableTypeScriptPython
Default recommended when you have no framework SDK — custom orchestrators, Claude/Gemini tool-use, or queue workers. createPaybondGenericAgentConfig in TypeScript and Python with identical semantics.
Adapter docs →paybond agent demo generic smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format jsonLangGraph
availableTypeScriptPython
ToolNode hooks in both kits — paybondAwrapToolCall / paybond_awrap_tool_call and paybondToolNode parity. Bilingual docs and smoke; no need to read the other kit.
Adapter docs →paybond agent demo langgraph smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format jsonClaude Agents SDK
availableTypeScriptPython
In-process MCP custom tools wrapped with Paybond middleware. TypeScript (@anthropic-ai/claude-agent-sdk) and Python (claude-agent-sdk) parity — bilingual docs and smoke.
Adapter docs →paybond agent demo claude-agents smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format jsonVercel AI SDK
availableTypeScript
toolApproval + paybondVercelWrapTools for AI SDK generateText / streamText. TypeScript only — Python Kit links here.
Adapter docs →paybond agent demo vercel-ai smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format jsonOpenAI Agents SDK
availableTypeScript
Input guardrails + wrapped invoke for OpenAI Agents function tools. TypeScript only — Python Kit links here.
Adapter docs →paybond agent demo openai-agents smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format jsonMCP hosts
availableTypeScriptPython
Tenant-bound stdio paybond-mcp-server for Claude Desktop, Codex, and generic MCP orchestrators. TypeScript and Python kits ship the same tool surface.
Adapter docs →paybond login # Launch: npx -y -p @paybond/kit paybond-mcp-server # Or see /docs/kit/coding-agent-setupMastra
plannedTypeScript
Native Mastra runner helper is planned. Use agent-agnostic wrapTools or MCP today — request the adapter if Mastra is your primary stack.
Adapter docs →paybond agent demo generic smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format jsonCrewAI
plannedPython
Native CrewAI runner helper is planned. Use agent-agnostic wrap_tools or MCP today — request the adapter if CrewAI is your primary stack.
Adapter docs →paybond agent demo generic smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format jsonCloudflare Agents
plannedTypeScript
Native Cloudflare Agents runner helper is planned. Use agent-agnostic wrapTools or MCP today — request the adapter if Cloudflare Agents is your primary stack.
Adapter docs →paybond agent demo generic smoke --operation paid-tool --requested-spend-cents 100 --evidence-preset cost_and_completion --format json
Full install surfaces and rails: Kit support matrix
FAQ
- Is this model-agnostic?
- Yes. Your model provider client stays on the provider API; Paybond wraps tool handlers at the spend boundary.
- Do I call submitEvidence manually?
- Not when using middleware for registered side-effecting tools. Auto-evidence is required middleware behavior. See the docs for legacy per-tool guard paths.
- Sandbox vs production?
- Sandbox rehearses authorization and evidence with funded sandbox intents. Production attaches to live intents on your tenant.
- How is this different from LiteLLM budgets?
- LiteLLM caps model token spend. Paybond authorizes delegated paid work, submits signed evidence, and supports settlement lifecycle (release, refund, dispute).