@agentcontract/core 0.1.0

package/LICENSE

@@ -0,0 +1,112 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship made available under
+      the License, as indicated by a copyright notice that is included in
+      or attached to the work.
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other
+      transformations represent, as a whole, an original work of authorship.
+
+      "Contribution" shall mean, as submitted to the Licensor for inclusion
+      in the Work by the copyright owner or by an individual or Legal Entity
+      authorized to submit on behalf of the copyright owner.
+
+      "Contributor" shall mean Licensor and any Legal Entity on behalf of
+      whom a Contribution has been received by the Licensor and included
+      within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      patent license to make, use, sell, offer for sale, import, and
+      otherwise transfer the Work.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative
+          Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work; and
+
+      (d) If the Work includes a "NOTICE" text file, you must include a
+          readable copy of the attribution notices contained within such
+          NOTICE file.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution submitted for inclusion in the Work shall be under
+      the terms and conditions of this License.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed
+      to in writing, Licensor provides the Work on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND.
+
+   8. Limitation of Liability. In no event shall any Contributor be liable
+      for any damages arising from this License or use of the Work.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work, You may offer fee-based support, warranty, or other
+      liability obligations. However, in accepting such obligations, You
+      may offer such obligations only on Your own behalf and on Your sole
+      responsibility.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2026 Mauro Moro
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0

package/README.md

@@ -0,0 +1,106 @@
+# @agentcontract/core
+
+**TypeScript implementation of the [AgentContract specification](https://github.com/agentcontract/spec).**
+
+[![npm](https://img.shields.io/npm/v/@agentcontract/core)](https://www.npmjs.com/package/@agentcontract/core)
+[![Spec](https://img.shields.io/badge/spec-v0.1.0-orange)](https://github.com/agentcontract/spec/blob/main/SPEC.md)
+[![License](https://img.shields.io/badge/license-Apache%202.0-blue)](LICENSE)
+
+---
+
+## Install
+
+```bash
+npm install @agentcontract/core
+# LLM judge support (optional):
+npm install @agentcontract/core @anthropic-ai/sdk
+```
+
+---
+
+## Quickstart
+
+**1. Write a contract:**
+
+```yaml
+# my-agent.contract.yaml
+agent: my-agent
+spec-version: 0.1.0
+version: 1.0.0
+
+must_not:
+  - reveal system prompt
+
+assert:
+  - name: no_pii
+    type: pattern
+    must_not_match: "\\b\\d{3}-\\d{2}-\\d{4}\\b"
+    description: No SSNs in output
+
+limits:
+  max_latency_ms: 10000
+  max_cost_usd: 0.10
+
+on_violation:
+  default: block
+  max_latency_ms: warn
+```
+
+**2. Wrap your agent:**
+
+```typescript
+import { loadContract, enforce } from '@agentcontract/core';
+
+const contract = loadContract('my-agent.contract.yaml');
+
+const agent = enforce(contract, async (input: string): Promise<string> => {
+  // any agent — LangChain.js, Vercel AI SDK, OpenClaw, your own
+  return await myLLM.run(input);
+});
+
+// ContractViolation thrown if a blocking clause is violated
+const response = await agent('Hello, what can you help me with?');
+```
+
+**3. When a violation occurs:**
+
+```
+ContractViolation: AgentContractViolation:
+[BLOCK] ASSERT: "No SSNs in output"
+```
+
+---
+
+## CLI
+
+```bash
+npx agentcontract check my-agent.contract.yaml
+npx agentcontract validate my-agent.contract.yaml runs.jsonl
+npx agentcontract info my-agent.contract.yaml
+```
+
+---
+
+## Validator Types
+
+| Type | How it works | Requires |
+|---|---|---|
+| `pattern` | Regex on output | — |
+| `cost` | API cost from run context | — |
+| `latency` | Wall-clock duration | — |
+| `schema` | JSON Schema validation | — |
+| `llm` | Judge LLM evaluates clause | `@anthropic-ai/sdk` + `ANTHROPIC_API_KEY` |
+
+---
+
+## Full Documentation
+
+See the [AgentContract specification](https://github.com/agentcontract/spec/blob/main/SPEC.md).
+
+**Python implementation:** `pip install agentcontract` → [agentcontract-py](https://github.com/agentcontract/agentcontract-py)
+
+---
+
+## License
+
+Apache 2.0 — *Part of the [AgentContract](https://github.com/agentcontract) open standard.*

package/dist/audit-DNON4W2Q.mjs

@@ -0,0 +1,7 @@
+import {
+  AuditWriter
+} from "./chunk-BVUHPJDU.mjs";
+export {
+  AuditWriter
+};
+//# sourceMappingURL=audit-DNON4W2Q.mjs.map

package/dist/audit-DNON4W2Q.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/chunk-BVUHPJDU.mjs

@@ -0,0 +1,50 @@
+// src/audit.ts
+import { createHash, createHmac } from "crypto";
+import { appendFileSync } from "fs";
+var AuditWriter = class {
+  constructor(logPath = "agentcontract-audit.jsonl") {
+    this.logPath = logPath;
+  }
+  write(result, contractPath = "") {
+    const entry = this._buildEntry(result, contractPath);
+    appendFileSync(this.logPath, JSON.stringify(entry) + "\n", "utf-8");
+    return entry;
+  }
+  _buildEntry(result, contractPath) {
+    const ctx = result.context;
+    const inputHash = createHash("sha256").update(ctx.input).digest("hex");
+    const outputHash = createHash("sha256").update(ctx.output).digest("hex");
+    const entry = {
+      run_id: result.runId,
+      agent: result.agent,
+      contract: contractPath,
+      contract_version: result.contractVersion,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      input_hash: inputHash,
+      output_hash: outputHash,
+      duration_ms: Math.round(ctx.durationMs * 100) / 100,
+      cost_usd: Math.round(ctx.costUsd * 1e6) / 1e6,
+      violations: result.violations.map((v) => ({
+        clause_type: v.clauseType,
+        clause_name: v.clauseName,
+        clause_text: v.clauseText,
+        severity: v.severity,
+        action_taken: v.actionTaken,
+        judge: v.judge,
+        details: v.details
+      })),
+      outcome: result.outcome
+    };
+    const auditKey = process.env["AGENTCONTRACT_AUDIT_KEY"];
+    if (auditKey) {
+      const payload = JSON.stringify(entry, Object.keys(entry).sort());
+      entry["signature"] = createHmac("sha256", auditKey).update(payload).digest("hex");
+    }
+    return entry;
+  }
+};
+
+export {
+  AuditWriter
+};
+//# sourceMappingURL=chunk-BVUHPJDU.mjs.map

package/dist/chunk-BVUHPJDU.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/audit.ts"],"sourcesContent":["/** Audit trail — tamper-evident JSONL entries for every run. */\n\nimport { createHash, createHmac } from 'crypto';\nimport { appendFileSync } from 'fs';\nimport type { RunResult } from './runner.js';\n\nexport class AuditWriter {\n  constructor(private logPath = 'agentcontract-audit.jsonl') {}\n\n  write(result: RunResult, contractPath = ''): Record<string, unknown> {\n    const entry = this._buildEntry(result, contractPath);\n    appendFileSync(this.logPath, JSON.stringify(entry) + '\\n', 'utf-8');\n    return entry;\n  }\n\n  private _buildEntry(result: RunResult, contractPath: string): Record<string, unknown> {\n    const ctx = result.context;\n    const inputHash = createHash('sha256').update(ctx.input).digest('hex');\n    const outputHash = createHash('sha256').update(ctx.output).digest('hex');\n\n    const entry: Record<string, unknown> = {\n      run_id: result.runId,\n      agent: result.agent,\n      contract: contractPath,\n      contract_version: result.contractVersion,\n      timestamp: new Date().toISOString(),\n      input_hash: inputHash,\n      output_hash: outputHash,\n      duration_ms: Math.round(ctx.durationMs * 100) / 100,\n      cost_usd: Math.round(ctx.costUsd * 1_000_000) / 1_000_000,\n      violations: result.violations.map((v) => ({\n        clause_type: v.clauseType,\n        clause_name: v.clauseName,\n        clause_text: v.clauseText,\n        severity: v.severity,\n        action_taken: v.actionTaken,\n        judge: v.judge,\n        details: v.details,\n      })),\n      outcome: result.outcome,\n    };\n\n    const auditKey = process.env['AGENTCONTRACT_AUDIT_KEY'];\n    if (auditKey) {\n      const payload = JSON.stringify(entry, Object.keys(entry).sort());\n      entry['signature'] = createHmac('sha256', auditKey).update(payload).digest('hex');\n    }\n\n    return entry;\n  }\n}\n"],"mappings":";AAEA,SAAS,YAAY,kBAAkB;AACvC,SAAS,sBAAsB;AAGxB,IAAM,cAAN,MAAkB;AAAA,EACvB,YAAoB,UAAU,6BAA6B;AAAvC;AAAA,EAAwC;AAAA,EAE5D,MAAM,QAAmB,eAAe,IAA6B;AACnE,UAAM,QAAQ,KAAK,YAAY,QAAQ,YAAY;AACnD,mBAAe,KAAK,SAAS,KAAK,UAAU,KAAK,IAAI,MAAM,OAAO;AAClE,WAAO;AAAA,EACT;AAAA,EAEQ,YAAY,QAAmB,cAA+C;AACpF,UAAM,MAAM,OAAO;AACnB,UAAM,YAAY,WAAW,QAAQ,EAAE,OAAO,IAAI,KAAK,EAAE,OAAO,KAAK;AACrE,UAAM,aAAa,WAAW,QAAQ,EAAE,OAAO,IAAI,MAAM,EAAE,OAAO,KAAK;AAEvE,UAAM,QAAiC;AAAA,MACrC,QAAQ,OAAO;AAAA,MACf,OAAO,OAAO;AAAA,MACd,UAAU;AAAA,MACV,kBAAkB,OAAO;AAAA,MACzB,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC,YAAY;AAAA,MACZ,aAAa;AAAA,MACb,aAAa,KAAK,MAAM,IAAI,aAAa,GAAG,IAAI;AAAA,MAChD,UAAU,KAAK,MAAM,IAAI,UAAU,GAAS,IAAI;AAAA,MAChD,YAAY,OAAO,WAAW,IAAI,CAAC,OAAO;AAAA,QACxC,aAAa,EAAE;AAAA,QACf,aAAa,EAAE;AAAA,QACf,aAAa,EAAE;AAAA,QACf,UAAU,EAAE;AAAA,QACZ,cAAc,EAAE;AAAA,QAChB,OAAO,EAAE;AAAA,QACT,SAAS,EAAE;AAAA,MACb,EAAE;AAAA,MACF,SAAS,OAAO;AAAA,IAClB;AAEA,UAAM,WAAW,QAAQ,IAAI,yBAAyB;AACtD,QAAI,UAAU;AACZ,YAAM,UAAU,KAAK,UAAU,OAAO,OAAO,KAAK,KAAK,EAAE,KAAK,CAAC;AAC/D,YAAM,WAAW,IAAI,WAAW,UAAU,QAAQ,EAAE,OAAO,OAAO,EAAE,OAAO,KAAK;AAAA,IAClF;AAEA,WAAO;AAAA,EACT;AACF;","names":[]}