paybond-mcp-Python
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| PAYBOND_API_KEY | Yes | Paybond service-account API key (paybond_sk_sandbox_... or paybond_sk_live_...) | |
| PAYBOND_GATEWAY_URL | No | Optional Paybond gateway base URL. Defaults to https://api.paybond.ai | |
| PAYBOND_MCP_MAX_RETRIES | No | Optional max retries for MCP gateway calls |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| paybond_get_principalA | Use this when you need to confirm which tenant-bound service-account principal the configured PAYBOND_API_KEY authenticates as (tenant_id, subject, and roles). Call early as a prerequisite before Harbor escrow, Signal reads, or other tenant-scoped tools when tenant identity is unknown. Not required before every later call once tenant_id is already known from a prior principal response or host config. Do not use this when you need Harbor intent escrow detail; use paybond_get_intent instead when you have an intent_id. Do not use this for A2A discovery; use paybond_get_a2a_agent_card instead. Makes one read-only external GET to the gateway principal endpoint; idempotent identity lookup with no side effects (no mutations, spend reservations, escrow changes, or ledger writes); auth or gateway failures surface as tool errors. |
| paybond_verify_capabilityA | Use this when you need raw capability-token verification for one tenant-bound Harbor intent. Do not use this to create, fund, or modify intents; use paybond_authorize_agent_spend as the clearer gate before side-effecting agent tools. |
| paybond_authorize_agent_spendA | Use this when an agent has an intent_id and capability_token and needs a tenant-bound spend gate before calling a side-effecting tool, paid API, vendor action, or settlement workflow. Do not use this for creating, funding, or changing intents; call paybond_create_spend_intent or paybond_fund_intent first when no funded capability token exists. |
| paybond_get_budget_remainingA | Use this when you need a read-only dry-run of remaining spend budget for a tenant-bound intent before authorizing a paid tool. Do not use this to authorize spend or create decisions; call paybond_authorize_agent_spend when you are ready to gate a side-effecting tool. |
| paybond_explain_policyA | Use this when you need a read-only explanation of whether a proposed spend would allow, require approval, or deny under the tenant spend-control policy. Do not use this to authorize spend or create approval requests; call paybond_authorize_agent_spend to persist a decision. |
| paybond_bootstrap_sandbox_guardrailA | Use this when building or testing a first paid-tool integration and you need a sandbox-only guardrail intent with no live settlement rails. Do not use this for production live money movement or already-created Harbor intents. |
| paybond_validate_completion_evidenceA | Pre-validates vendor and canonical completion evidence against catalog JSON Schemas and preset forbidden_evidence_fields. Required before evidence submit tools when PAYBOND_MCP_EVIDENCE_POLICY=strict. Harbor remains authoritative at submit time. |
| paybond_submit_sandbox_guardrail_evidenceA | Use this when a sandbox guardrail intent needs evidence to complete simulator settlement or predicate checks. Do not use this for live Harbor spend evidence; use paybond_submit_spend_evidence for production spend intents. |
| paybond_list_intentsA | List tenant-scoped Harbor intents through the gateway operator view. Supports optional status, operator DID, limit, and cursor filters. |
| paybond_get_intentA | Fetch one tenant-scoped Harbor intent detail through the gateway operator view. |
| paybond_list_audit_exportsA | List tenant-scoped compliance audit export jobs through the gateway operator view. |
| paybond_get_audit_exportA | Fetch one tenant-scoped compliance audit export job detail through the gateway operator view. |
| paybond_get_reputation_receiptA | Use this when you need the signed Signal reputation receipt for one known tenant-scoped operator DID (score, metrics, reason codes, and Ed25519 signing material under receipt). Requires PAYBOND_API_KEY with Signal analytics read access. Do not use this for tenant-wide aggregates—call paybond_get_portfolio_summary—or a portable signed operator list—call paybond_get_signed_portfolio_artifact—or one operator's fraud review posture—call paybond_get_fraud_assessment. Idempotent read with no side effects; returns null when no receipt exists for that operator and score_version. |
| paybond_get_portfolio_summaryA | Use this when you need a read-only, tenant-scoped Signal portfolio aggregate for the authenticated API key (operator_count, average_score, total_terminal_intents, total_receipted_volume_cents, operators_under_review, and checkpoint_last_ledger_seq). Requires PAYBOND_API_KEY with Signal analytics read access and the private-dashboards feature. Do not use this when you need a portable signed operator list for partner or verifier sharing—call paybond_get_signed_portfolio_artifact instead—or for one operator's signed receipt—call paybond_get_reputation_receipt. Idempotent read with no side effects; auth, RBAC, feature, or gateway failures surface as tool errors. |
| paybond_get_signed_portfolio_artifactA | Use this when you need a portable, tenant-scoped signed Signal portfolio snapshot (operator list plus Ed25519 signing material) for offline verifier checks or partner sharing—not a public leaderboard. Requires PAYBOND_API_KEY with Signal analytics read access. Omit score_version to use the gateway default current model (1.0). Do not use this for tenant-wide aggregates without signatures—call paybond_get_portfolio_summary—or for one operator's signed receipt—call paybond_get_reputation_receipt—or for one operator's fraud review posture—call paybond_get_fraud_assessment. Idempotent read with no side effects; auth, RBAC, feature, or gateway failures surface as tool errors. |
| paybond_get_fraud_assessmentA | Use this when you need the read-only fraud assessment and review posture for one known tenant-scoped operator DID (review state, fraud signals, and compact fraud_assessment). Example: look up operator_did=did:web:vendor.example#booker-agent (optionally score_version=1.0) before deciding whether to continue a spend workflow for that operator. Do not use this for tenant-wide fraud backtesting metrics—call paybond_get_fraud_metrics instead—or for Harbor intent escrow detail—call paybond_get_intent. Idempotent read; returns null when no assessment exists for that operator. |
| paybond_get_fraud_metricsA | Use this when you need tenant-wide Signal fraud backtesting and monitoring metrics over a rolling window (flagged operators, severity counts, review outcomes, precision/false-positive rates, and backtest_summary). Requires PAYBOND_API_KEY with Signal analytics read access and the private-dashboards feature. Do not use this for one operator's fraud posture—call paybond_get_fraud_assessment instead—or for Harbor intent escrow detail—call paybond_get_intent. Idempotent read with no side effects; omit window to default to 24h; unsupported windows fail with HTTP 400 ("window must be one of 24h, 7d, or 30d"). |
| paybond_get_a2a_agent_cardA | Fetch the published Paybond A2A discovery card for protocol-trust delegation. |
| paybond_list_a2a_task_contractsA | Fetch the published catalog of Paybond A2A task contracts for delegated Harbor workflows. |
| paybond_get_a2a_task_contractA | Fetch one published Paybond A2A task contract by identifier. |
| paybond_verify_agent_mandate_v1C | Verify a signed AgentMandateV1 envelope through the gateway v2 protocol surface. |
| paybond_verify_agent_recognition_proof_v1A | Verify a replay-safe AgentRecognitionProofV1 against an expected purpose and request envelope. Verifier context (tenant_id, verifier_id) is derived from the authenticated MCP session only. |
| paybond_import_agent_mandate_v1A | Import a signed AgentMandateV1 through the gateway v2 protocol surface and bind it to one Harbor intent using a replay-safe recognition proof. |
| paybond_get_settlement_receipt_v1B | Fetch the signed protocol-v2 settlement receipt for one Harbor intent. |
| paybond_get_agent_receipt_v1A | Use this when you need the signed paybond.agent_receipt_v1 JSON for one receipt_id (SHA-256 action id or intent-terminal UUID) via tenant-bound Gateway GET. Do not use this for protocol settlement receipts—call paybond_get_settlement_receipt_v1. For agent-to-agent handoff without embedding JSON in prompts, prefer the MCP resource paybond://receipt/{receipt_id} (resources/read verifies at the operational tier). Validity tiers beyond operational, continuity-chain, inclusion proofs, owner disclosure, and ACTA/PEF/SCITT adapters are Kit/CLI/Gateway auditor surfaces—not this tool's job. Read-only and side-effect free. |
| paybond_verify_agent_receipt_v1A | Use this when you already have a signed paybond.agent_receipt_v1 JSON object and need an offline operational-tier (default) Ed25519 signature check—schema, digest, and Gateway signature—matching resources/read on paybond://receipt/{receipt_id}. Optional validity_tier=primary|attested raises the bar (payee digest / operator attestation). Do not use this for protocol authorization/settlement receipts—call paybond_verify_protocol_receipt_v1. Continuity-chain audits, inclusion proofs, owner disclosure, and ACTA/PEF/SCITT are Kit/CLI/Gateway auditor surfaces. Read-only and side-effect free: success returns valid=true with kind, receipt_id, tenant_id, and the normalized receipt; failures raise a clear verification error. |
| paybond_verify_protocol_receipt_v1A | Use this when you already have a signed protocol-v2 authorization or settlement receipt JSON object and need offline Ed25519 verification (structure, message digest, and signature) through the gateway. Do not use this to verify AgentMandateV1 envelopes—call paybond_verify_agent_mandate_v1—or to check a Harbor capability token before spend—call paybond_verify_capability or paybond_authorize_agent_spend. To load a settlement receipt by intent UUID first, call paybond_get_settlement_receipt_v1 then pass its body here. Read-only and side-effect free: success returns valid=true with kind, receipt_id, tenant_id, and the normalized receipt; unsupported kind, malformed JSON, digest mismatch, or bad signature fail with a gateway error (typically HTTP 400). |
| paybond_create_intentA | Use this when you already have a fully signed Harbor intent request body and replay-safe recognition proof for the gateway /harbor/intents route. Do not use this for the normal agent spend-control path unless you specifically need the low-level Harbor API; prefer paybond_create_spend_intent. |
| paybond_create_spend_intentA | Use this when an agent workflow needs a new Paybond spend intent with bounded budget, allowed operations, evidence requirements, and settlement review. Do not use this for checking an already funded capability token; use paybond_authorize_agent_spend before the paid action. |
| paybond_submit_evidenceA | Use this when you already have a Harbor evidence request body and recognition proof for the gateway /harbor/intents/{id}/evidence route. Do not use this for the high-level spend-control path unless you need the low-level Harbor API; prefer paybond_submit_spend_evidence. |
| paybond_submit_spend_evidenceA | Use this when a Paybond spend intent needs signed evidence so release, refund, review, and receipt generation use the same audit-ready record. Do not use this to create or fund intents, and do not use it for sandbox guardrail evidence. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/nonameuserd/paybond-kit-python'
If you have feedback or need assistance with the MCP directory API, please join our Discord server