@atbash/sdk 0.2.1 → 0.3.2

package/README.md

@@ -13,12 +13,12 @@ Requires Node.js 18 or higher. Server-side only — private keys are used for lo
 ## Quickstart
 
 ```ts
-import { createAgent, judgeAction } from "@atbash/sdk";
+import { loadAgent, judgeAction } from "@atbash/sdk";
 
 // 1. Load your agent identity — paste the private key from the Atbash
-//    dashboard (https://atbash.ai/risk-engine/agents). createAgent()
+//    dashboard (https://atbash.ai/risk-engine/agents). loadAgent()
 //    validates the key and derives the matching public key for you.
-const agent = createAgent(process.env.ATBASH_AGENT_PRIVKEY!);
+const agent = loadAgent(process.env.ATBASH_AGENT_PRIVKEY!);
 
 // 2. Submit an action for judgment, before executing it.
 //    The SDK signs and broadcasts log_tool_call to the Chromia chain
@@ -60,11 +60,11 @@ If you need finer control, you can call `logToolCall()` and the judge API separa
 Generate one programmatically for local development:
 
 ```ts
-import { generateKeyPair, createAgent } from "@atbash/sdk";
+import { generateKeyPair, loadAgent } from "@atbash/sdk";
 
 const { privKey } = generateKeyPair();
 console.log("Save this private key somewhere safe:", privKey);
-const agent = createAgent(privKey);
+const agent = loadAgent(privKey);
 ```
 
 For production, always create agents in the dashboard so operators can attach policy packs and manage tier / jail state.
@@ -175,14 +175,14 @@ interface JudgmentStatus {
 ### Agent identity
 
 ```ts
-createAgent(privkey: string): AgentAuth
+loadAgent(privkey: string): AgentAuth
 generateKeyPair(): { privKey: string; pubKey: string }
 derivePublicKey(privKeyHex: string): string
 isValidPrivateKey(hex: string): boolean
 toPubkeyHex(val: unknown): string
 ```
 
-`createAgent(privkey)` is the canonical loader — pass in the private key from the dashboard, get back `{ pubkey, privkey }` ready for `judgeAction`. It accepts `0x`-prefixed, padded, or mixed-case input and throws on malformed keys. Use `generateKeyPair()` only for local development; for production, create agents in the dashboard so operators can attach policies.
+`loadAgent(privkey)` is the canonical loader — pass in the private key from the dashboard, get back `{ pubkey, privkey }` ready for `judgeAction`. It accepts `0x`-prefixed, padded, or mixed-case input and throws on malformed keys. Use `generateKeyPair()` only for local development; for production, create agents in the dashboard so operators can attach policies.
 
 ### Query APIs
 

package/dist/index.cjs

@@ -33,7 +33,7 @@ __export(index_exports, {
   DEFAULT_BLOCKCHAIN_RID: () => DEFAULT_BLOCKCHAIN_RID,
   DEFAULT_CHROMIA_NODE_URLS: () => DEFAULT_CHROMIA_NODE_URLS,
   DEFAULT_ENDPOINT: () => DEFAULT_ENDPOINT,
-  createAgent: () => createAgent,
+  checkAgentExists: () => checkAgentExists,
   derivePublicKey: () => derivePublicKey,
   generateKeyPair: () => generateKeyPair,
   getAgentDetail: () => getAgentDetail,
@@ -50,6 +50,7 @@ __export(index_exports, {
   getToolCalls: () => getToolCalls,
   isValidPrivateKey: () => isValidPrivateKey,
   judgeAction: () => judgeAction,
+  loadAgent: () => loadAgent,
   logToolCall: () => logToolCall,
   toPubkeyHex: () => toPubkeyHex
 });
@@ -59,7 +60,7 @@ module.exports = __toCommonJS(index_exports);
 var import_crypto = require("crypto");
 var import_postchain_client = __toESM(require("postchain-client"), 1);
 var { createClient, encryption, newSignatureProvider } = import_postchain_client.default;
-var DEFAULT_ENDPOINT = "https://atbash.ai";
+var DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 var DEFAULT_CHROMIA_NODE_URLS = [
   "https://node6.testnet.chromia.com:7740",
   "https://node7.testnet.chromia.com:7740",
@@ -82,7 +83,7 @@ function generateKeyPair() {
     pubKey: ecdh.getPublicKey("hex", "compressed")
   };
 }
-function createAgent(privkey) {
+function loadAgent(privkey) {
   const clean = privkey.replace(/^0x/, "").trim().toLowerCase();
   if (!isValidPrivateKey(clean)) {
     throw new Error(
@@ -109,41 +110,67 @@ function generateToolCallId() {
   const rand = (0, import_crypto.randomBytes)(4).toString("hex");
   return `tc-${ts}-${rand}`;
 }
-async function logToolCall(action, context, auth, chainOpts, extra) {
-  const nodeUrls = chainOpts?.nodeUrls ?? DEFAULT_CHROMIA_NODE_URLS;
-  const blockchainRid = chainOpts?.blockchainRid ?? DEFAULT_BLOCKCHAIN_RID;
-  const client = await createClient({
-    nodeUrlPool: nodeUrls,
-    blockchainRid
-  });
-  const privKeyBuf = Buffer.from(auth.privkey, "hex");
-  const keyPair = encryption.makeKeyPair(privKeyBuf);
-  const sigProvider = newSignatureProvider({
-    privKey: keyPair.privKey,
-    pubKey: keyPair.pubKey
-  });
-  const toolCallId = generateToolCallId();
-  await client.signAndSendUniqueTransaction(
-    {
-      name: "log_tool_call",
-      args: [
-        toolCallId,
-        action,
-        context || "",
-        extra?.toolName || "",
-        extra?.toolArgsJson || ""
-      ]
-    },
-    sigProvider
-  );
-  return toolCallId;
+async function checkAgentExists(pubkey, opts) {
+  try {
+    const url = `${baseUrl(opts)}/api/ai/exists?pubkey=${encodeURIComponent(pubkey)}`;
+    const data = await getJson(url, opts);
+    return Boolean(data.registered);
+  } catch {
+    return false;
+  }
+}
+async function logToolCall(action, context, auth, chainOpts, extra, clientOpts) {
+  const exists = await checkAgentExists(auth.pubkey, clientOpts);
+  if (!exists) {
+    return {
+      success: false,
+      toolCallId: null,
+      error: "Agent not registered. Onboard the agent at the dashboard before submitting actions."
+    };
+  }
+  try {
+    const nodeUrls = chainOpts?.nodeUrls ?? DEFAULT_CHROMIA_NODE_URLS;
+    const blockchainRid = chainOpts?.blockchainRid ?? DEFAULT_BLOCKCHAIN_RID;
+    const client = await createClient({
+      nodeUrlPool: nodeUrls,
+      blockchainRid
+    });
+    const privKeyBuf = Buffer.from(auth.privkey, "hex");
+    const keyPair = encryption.makeKeyPair(privKeyBuf);
+    const sigProvider = newSignatureProvider({
+      privKey: keyPair.privKey,
+      pubKey: keyPair.pubKey
+    });
+    const toolCallId = generateToolCallId();
+    await client.signAndSendUniqueTransaction(
+      {
+        name: "log_tool_call",
+        args: [
+          toolCallId,
+          action,
+          context || "",
+          extra?.toolName || "",
+          extra?.toolArgsJson || ""
+        ]
+      },
+      sigProvider
+    );
+    return { success: true, toolCallId };
+  } catch (err) {
+    return {
+      success: false,
+      toolCallId: null,
+      error: err instanceof Error ? err.message : "Failed to log tool call on-chain"
+    };
+  }
 }
 function normalizeVerdict(raw) {
-  const v = String(raw || "").toUpperCase();
+  if (raw === null || raw === void 0) return "LOGGED";
+  const v = String(raw).toUpperCase();
   if (v === "ALLOW" || v === "GREEN") return "ALLOW";
   if (v === "HOLD" || v === "YELLOW") return "HOLD";
   if (v === "BLOCK" || v === "RED") return "BLOCK";
-  return "BLOCK";
+  return "HOLD";
 }
 function normalizeStatus(raw) {
   const s = String(raw || "").toLowerCase();
@@ -197,26 +224,30 @@ async function getJson(url, opts) {
   return resp.json();
 }
 async function judgeAction(action, context, auth, opts) {
-  const toolCallId = await logToolCall(
+  const logResult = await logToolCall(
     action,
     context,
     auth,
     opts?.chainOpts,
-    { toolName: opts?.toolName, toolArgsJson: opts?.toolArgsJson }
+    { toolName: opts?.toolName, toolArgsJson: opts?.toolArgsJson },
+    opts
   );
+  if (!logResult.success || !logResult.toolCallId) {
+    throw new Error(logResult.error || "Failed to log tool call on-chain");
+  }
   const url = `${baseUrl(opts)}/api/v1/judge`;
   const data = await postJson(
     url,
     {
-      tool_call_id: toolCallId,
+      tool_call_id: logResult.toolCallId,
       agent_pubkey: auth.pubkey,
       action,
-      context: context || "",
-      provider: opts?.provider || "",
-      tool_name: opts?.toolName || "",
-      api_key: opts?.apiKey || "",
-      endpoint_url: opts?.providerEndpoint || "",
-      model: opts?.model || ""
+      ...context && { context },
+      ...opts?.provider && { provider: opts.provider },
+      ...opts?.toolName && { tool_name: opts.toolName },
+      ...opts?.apiKey && { api_key: opts.apiKey },
+      ...opts?.providerEndpoint && { endpoint_url: opts.providerEndpoint },
+      ...opts?.model && { model: opts.model }
     },
     opts
   );
@@ -227,7 +258,7 @@ async function judgeAction(action, context, auth, opts) {
     confidence: Number(data.confidence ?? 0),
     provider: String(data.provider || ""),
     latency_ms: Number(data.latency_ms ?? 0),
-    tool_call_id: String(data.tool_call_id || toolCallId),
+    tool_call_id: String(data.tool_call_id || logResult.toolCallId),
     on_chain: Boolean(data.on_chain)
   };
 }
@@ -351,7 +382,7 @@ async function getSafetyStats(opts) {
   DEFAULT_BLOCKCHAIN_RID,
   DEFAULT_CHROMIA_NODE_URLS,
   DEFAULT_ENDPOINT,
-  createAgent,
+  checkAgentExists,
   derivePublicKey,
   generateKeyPair,
   getAgentDetail,
@@ -368,6 +399,7 @@ async function getSafetyStats(opts) {
   getToolCalls,
   isValidPrivateKey,
   judgeAction,
+  loadAgent,
   logToolCall,
   toPubkeyHex
 });

package/dist/index.d.cts

@@ -1,7 +1,7 @@
-declare const DEFAULT_ENDPOINT = "https://atbash.ai";
+declare const DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 declare const DEFAULT_CHROMIA_NODE_URLS: string[];
 declare const DEFAULT_BLOCKCHAIN_RID = "25B41DF620C489349C54944496FF5C6E58CFCEFED0C51658780B67299D40E8ED";
-type Verdict = "ALLOW" | "HOLD" | "BLOCK";
+type Verdict = "ALLOW" | "HOLD" | "BLOCK" | "LOGGED";
 type Provider = "atbash" | "openai" | "google" | "microsoft" | "custom" | (string & {});
 type Tier = "audit" | "audit_plus" | "enforcement" | (string & {});
 type ActionType = "allow" | "hold_for_user_confirm" | "block" | (string & {});
@@ -19,7 +19,7 @@ interface AgentAuth {
     pubkey: string;
     privkey: string;
 }
-declare function createAgent(privkey: string): AgentAuth;
+declare function loadAgent(privkey: string): AgentAuth;
 declare function toPubkeyHex(val: unknown): string;
 interface ClientOpts {
     endpoint?: string;
@@ -29,16 +29,26 @@ interface ChainOpts {
     nodeUrls?: string[];
     blockchainRid?: string;
 }
+interface LogToolCallResult {
+    success: boolean;
+    toolCallId: string | null;
+    error?: string;
+}
+/**
+ * Check if an agent is onboarded before signing anything.
+ * Calls GET /api/ai/exists?pubkey=<66-hex>
+ */
+declare function checkAgentExists(pubkey: string, opts?: ClientOpts): Promise<boolean>;
 /**
  * Sign and broadcast `log_tool_call` to the Chromia chain.
  *
- * The agent's private key is used to sign the transaction locally —
- * it is never sent over the network. Returns the tool_call_id.
+ * Checks that the agent is onboarded before signing. The agent's private
+ * key is used to sign the transaction locally — never sent over the network.
  */
 declare function logToolCall(action: string, context: string, auth: AgentAuth, chainOpts?: ChainOpts, extra?: {
     toolName?: string;
     toolArgsJson?: string;
-}): Promise<string>;
+}, clientOpts?: ClientOpts): Promise<LogToolCallResult>;
 interface JudgeResult {
     verdict: Verdict;
     action_type: ActionType;
@@ -137,4 +147,4 @@ declare function getAgentDetail(agentPubkey: string, opts?: ClientOpts): Promise
 declare function getAgentPolicy(agentPubkey: string, opts?: ClientOpts): Promise<AgentPolicy>;
 declare function getSafetyStats(opts?: ClientOpts): Promise<Record<string, unknown>>;
 
-export { type AgentAuth, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type HeldAction, type HeldActionReview, type JudgeOptions, type JudgeResult, type JudgmentStatus, type TierInfo, type ToolCallFull, type ToolCallRecord, type Verdict, createAgent, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, logToolCall, toPubkeyHex };
+export { type AgentAuth, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type HeldAction, type HeldActionReview, type JudgeOptions, type JudgeResult, type JudgmentStatus, type LogToolCallResult, type TierInfo, type ToolCallFull, type ToolCallRecord, type Verdict, checkAgentExists, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, loadAgent, logToolCall, toPubkeyHex };

package/dist/index.d.ts

@@ -1,7 +1,7 @@
-declare const DEFAULT_ENDPOINT = "https://atbash.ai";
+declare const DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 declare const DEFAULT_CHROMIA_NODE_URLS: string[];
 declare const DEFAULT_BLOCKCHAIN_RID = "25B41DF620C489349C54944496FF5C6E58CFCEFED0C51658780B67299D40E8ED";
-type Verdict = "ALLOW" | "HOLD" | "BLOCK";
+type Verdict = "ALLOW" | "HOLD" | "BLOCK" | "LOGGED";
 type Provider = "atbash" | "openai" | "google" | "microsoft" | "custom" | (string & {});
 type Tier = "audit" | "audit_plus" | "enforcement" | (string & {});
 type ActionType = "allow" | "hold_for_user_confirm" | "block" | (string & {});
@@ -19,7 +19,7 @@ interface AgentAuth {
     pubkey: string;
     privkey: string;
 }
-declare function createAgent(privkey: string): AgentAuth;
+declare function loadAgent(privkey: string): AgentAuth;
 declare function toPubkeyHex(val: unknown): string;
 interface ClientOpts {
     endpoint?: string;
@@ -29,16 +29,26 @@ interface ChainOpts {
     nodeUrls?: string[];
     blockchainRid?: string;
 }
+interface LogToolCallResult {
+    success: boolean;
+    toolCallId: string | null;
+    error?: string;
+}
+/**
+ * Check if an agent is onboarded before signing anything.
+ * Calls GET /api/ai/exists?pubkey=<66-hex>
+ */
+declare function checkAgentExists(pubkey: string, opts?: ClientOpts): Promise<boolean>;
 /**
  * Sign and broadcast `log_tool_call` to the Chromia chain.
  *
- * The agent's private key is used to sign the transaction locally —
- * it is never sent over the network. Returns the tool_call_id.
+ * Checks that the agent is onboarded before signing. The agent's private
+ * key is used to sign the transaction locally — never sent over the network.
  */
 declare function logToolCall(action: string, context: string, auth: AgentAuth, chainOpts?: ChainOpts, extra?: {
     toolName?: string;
     toolArgsJson?: string;
-}): Promise<string>;
+}, clientOpts?: ClientOpts): Promise<LogToolCallResult>;
 interface JudgeResult {
     verdict: Verdict;
     action_type: ActionType;
@@ -137,4 +147,4 @@ declare function getAgentDetail(agentPubkey: string, opts?: ClientOpts): Promise
 declare function getAgentPolicy(agentPubkey: string, opts?: ClientOpts): Promise<AgentPolicy>;
 declare function getSafetyStats(opts?: ClientOpts): Promise<Record<string, unknown>>;
 
-export { type AgentAuth, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type HeldAction, type HeldActionReview, type JudgeOptions, type JudgeResult, type JudgmentStatus, type TierInfo, type ToolCallFull, type ToolCallRecord, type Verdict, createAgent, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, logToolCall, toPubkeyHex };
+export { type AgentAuth, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type HeldAction, type HeldActionReview, type JudgeOptions, type JudgeResult, type JudgmentStatus, type LogToolCallResult, type TierInfo, type ToolCallFull, type ToolCallRecord, type Verdict, checkAgentExists, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, loadAgent, logToolCall, toPubkeyHex };

package/dist/index.js

@@ -2,7 +2,7 @@
 import { createECDH, randomBytes } from "crypto";
 import postchain from "postchain-client";
 var { createClient, encryption, newSignatureProvider } = postchain;
-var DEFAULT_ENDPOINT = "https://atbash.ai";
+var DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 var DEFAULT_CHROMIA_NODE_URLS = [
   "https://node6.testnet.chromia.com:7740",
   "https://node7.testnet.chromia.com:7740",
@@ -25,7 +25,7 @@ function generateKeyPair() {
     pubKey: ecdh.getPublicKey("hex", "compressed")
   };
 }
-function createAgent(privkey) {
+function loadAgent(privkey) {
   const clean = privkey.replace(/^0x/, "").trim().toLowerCase();
   if (!isValidPrivateKey(clean)) {
     throw new Error(
@@ -52,41 +52,67 @@ function generateToolCallId() {
   const rand = randomBytes(4).toString("hex");
   return `tc-${ts}-${rand}`;
 }
-async function logToolCall(action, context, auth, chainOpts, extra) {
-  const nodeUrls = chainOpts?.nodeUrls ?? DEFAULT_CHROMIA_NODE_URLS;
-  const blockchainRid = chainOpts?.blockchainRid ?? DEFAULT_BLOCKCHAIN_RID;
-  const client = await createClient({
-    nodeUrlPool: nodeUrls,
-    blockchainRid
-  });
-  const privKeyBuf = Buffer.from(auth.privkey, "hex");
-  const keyPair = encryption.makeKeyPair(privKeyBuf);
-  const sigProvider = newSignatureProvider({
-    privKey: keyPair.privKey,
-    pubKey: keyPair.pubKey
-  });
-  const toolCallId = generateToolCallId();
-  await client.signAndSendUniqueTransaction(
-    {
-      name: "log_tool_call",
-      args: [
-        toolCallId,
-        action,
-        context || "",
-        extra?.toolName || "",
-        extra?.toolArgsJson || ""
-      ]
-    },
-    sigProvider
-  );
-  return toolCallId;
+async function checkAgentExists(pubkey, opts) {
+  try {
+    const url = `${baseUrl(opts)}/api/ai/exists?pubkey=${encodeURIComponent(pubkey)}`;
+    const data = await getJson(url, opts);
+    return Boolean(data.registered);
+  } catch {
+    return false;
+  }
+}
+async function logToolCall(action, context, auth, chainOpts, extra, clientOpts) {
+  const exists = await checkAgentExists(auth.pubkey, clientOpts);
+  if (!exists) {
+    return {
+      success: false,
+      toolCallId: null,
+      error: "Agent not registered. Onboard the agent at the dashboard before submitting actions."
+    };
+  }
+  try {
+    const nodeUrls = chainOpts?.nodeUrls ?? DEFAULT_CHROMIA_NODE_URLS;
+    const blockchainRid = chainOpts?.blockchainRid ?? DEFAULT_BLOCKCHAIN_RID;
+    const client = await createClient({
+      nodeUrlPool: nodeUrls,
+      blockchainRid
+    });
+    const privKeyBuf = Buffer.from(auth.privkey, "hex");
+    const keyPair = encryption.makeKeyPair(privKeyBuf);
+    const sigProvider = newSignatureProvider({
+      privKey: keyPair.privKey,
+      pubKey: keyPair.pubKey
+    });
+    const toolCallId = generateToolCallId();
+    await client.signAndSendUniqueTransaction(
+      {
+        name: "log_tool_call",
+        args: [
+          toolCallId,
+          action,
+          context || "",
+          extra?.toolName || "",
+          extra?.toolArgsJson || ""
+        ]
+      },
+      sigProvider
+    );
+    return { success: true, toolCallId };
+  } catch (err) {
+    return {
+      success: false,
+      toolCallId: null,
+      error: err instanceof Error ? err.message : "Failed to log tool call on-chain"
+    };
+  }
 }
 function normalizeVerdict(raw) {
-  const v = String(raw || "").toUpperCase();
+  if (raw === null || raw === void 0) return "LOGGED";
+  const v = String(raw).toUpperCase();
   if (v === "ALLOW" || v === "GREEN") return "ALLOW";
   if (v === "HOLD" || v === "YELLOW") return "HOLD";
   if (v === "BLOCK" || v === "RED") return "BLOCK";
-  return "BLOCK";
+  return "HOLD";
 }
 function normalizeStatus(raw) {
   const s = String(raw || "").toLowerCase();
@@ -140,26 +166,30 @@ async function getJson(url, opts) {
   return resp.json();
 }
 async function judgeAction(action, context, auth, opts) {
-  const toolCallId = await logToolCall(
+  const logResult = await logToolCall(
     action,
     context,
     auth,
     opts?.chainOpts,
-    { toolName: opts?.toolName, toolArgsJson: opts?.toolArgsJson }
+    { toolName: opts?.toolName, toolArgsJson: opts?.toolArgsJson },
+    opts
   );
+  if (!logResult.success || !logResult.toolCallId) {
+    throw new Error(logResult.error || "Failed to log tool call on-chain");
+  }
   const url = `${baseUrl(opts)}/api/v1/judge`;
   const data = await postJson(
     url,
     {
-      tool_call_id: toolCallId,
+      tool_call_id: logResult.toolCallId,
       agent_pubkey: auth.pubkey,
       action,
-      context: context || "",
-      provider: opts?.provider || "",
-      tool_name: opts?.toolName || "",
-      api_key: opts?.apiKey || "",
-      endpoint_url: opts?.providerEndpoint || "",
-      model: opts?.model || ""
+      ...context && { context },
+      ...opts?.provider && { provider: opts.provider },
+      ...opts?.toolName && { tool_name: opts.toolName },
+      ...opts?.apiKey && { api_key: opts.apiKey },
+      ...opts?.providerEndpoint && { endpoint_url: opts.providerEndpoint },
+      ...opts?.model && { model: opts.model }
     },
     opts
   );
@@ -170,7 +200,7 @@ async function judgeAction(action, context, auth, opts) {
     confidence: Number(data.confidence ?? 0),
     provider: String(data.provider || ""),
     latency_ms: Number(data.latency_ms ?? 0),
-    tool_call_id: String(data.tool_call_id || toolCallId),
+    tool_call_id: String(data.tool_call_id || logResult.toolCallId),
     on_chain: Boolean(data.on_chain)
   };
 }
@@ -293,7 +323,7 @@ export {
   DEFAULT_BLOCKCHAIN_RID,
   DEFAULT_CHROMIA_NODE_URLS,
   DEFAULT_ENDPOINT,
-  createAgent,
+  checkAgentExists,
   derivePublicKey,
   generateKeyPair,
   getAgentDetail,
@@ -310,6 +340,7 @@ export {
   getToolCalls,
   isValidPrivateKey,
   judgeAction,
+  loadAgent,
   logToolCall,
   toPubkeyHex
 };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@atbash/sdk",
-  "version": "0.2.1",
-  "description": "TypeScript SDK for the Atbash risk-engine / judge API",
+  "version": "0.3.2",
+  "description": "Atbash SDK — control boundary before the last irreversible step in an agent workflow",
   "homepage": "https://atbash.ai",
   "author": "Atbash",
   "license": "SEE LICENSE IN LICENSE",