@atbash/sdk 0.3.1 → 0.3.2

package/dist/index.cjs

@@ -33,6 +33,7 @@ __export(index_exports, {
   DEFAULT_BLOCKCHAIN_RID: () => DEFAULT_BLOCKCHAIN_RID,
   DEFAULT_CHROMIA_NODE_URLS: () => DEFAULT_CHROMIA_NODE_URLS,
   DEFAULT_ENDPOINT: () => DEFAULT_ENDPOINT,
+  checkAgentExists: () => checkAgentExists,
   derivePublicKey: () => derivePublicKey,
   generateKeyPair: () => generateKeyPair,
   getAgentDetail: () => getAgentDetail,
@@ -59,7 +60,7 @@ module.exports = __toCommonJS(index_exports);
 var import_crypto = require("crypto");
 var import_postchain_client = __toESM(require("postchain-client"), 1);
 var { createClient, encryption, newSignatureProvider } = import_postchain_client.default;
-var DEFAULT_ENDPOINT = "https://atbash.ai";
+var DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 var DEFAULT_CHROMIA_NODE_URLS = [
   "https://node6.testnet.chromia.com:7740",
   "https://node7.testnet.chromia.com:7740",
@@ -109,41 +110,67 @@ function generateToolCallId() {
   const rand = (0, import_crypto.randomBytes)(4).toString("hex");
   return `tc-${ts}-${rand}`;
 }
-async function logToolCall(action, context, auth, chainOpts, extra) {
-  const nodeUrls = chainOpts?.nodeUrls ?? DEFAULT_CHROMIA_NODE_URLS;
-  const blockchainRid = chainOpts?.blockchainRid ?? DEFAULT_BLOCKCHAIN_RID;
-  const client = await createClient({
-    nodeUrlPool: nodeUrls,
-    blockchainRid
-  });
-  const privKeyBuf = Buffer.from(auth.privkey, "hex");
-  const keyPair = encryption.makeKeyPair(privKeyBuf);
-  const sigProvider = newSignatureProvider({
-    privKey: keyPair.privKey,
-    pubKey: keyPair.pubKey
-  });
-  const toolCallId = generateToolCallId();
-  await client.signAndSendUniqueTransaction(
-    {
-      name: "log_tool_call",
-      args: [
-        toolCallId,
-        action,
-        context || "",
-        extra?.toolName || "",
-        extra?.toolArgsJson || ""
-      ]
-    },
-    sigProvider
-  );
-  return toolCallId;
+async function checkAgentExists(pubkey, opts) {
+  try {
+    const url = `${baseUrl(opts)}/api/ai/exists?pubkey=${encodeURIComponent(pubkey)}`;
+    const data = await getJson(url, opts);
+    return Boolean(data.registered);
+  } catch {
+    return false;
+  }
+}
+async function logToolCall(action, context, auth, chainOpts, extra, clientOpts) {
+  const exists = await checkAgentExists(auth.pubkey, clientOpts);
+  if (!exists) {
+    return {
+      success: false,
+      toolCallId: null,
+      error: "Agent not registered. Onboard the agent at the dashboard before submitting actions."
+    };
+  }
+  try {
+    const nodeUrls = chainOpts?.nodeUrls ?? DEFAULT_CHROMIA_NODE_URLS;
+    const blockchainRid = chainOpts?.blockchainRid ?? DEFAULT_BLOCKCHAIN_RID;
+    const client = await createClient({
+      nodeUrlPool: nodeUrls,
+      blockchainRid
+    });
+    const privKeyBuf = Buffer.from(auth.privkey, "hex");
+    const keyPair = encryption.makeKeyPair(privKeyBuf);
+    const sigProvider = newSignatureProvider({
+      privKey: keyPair.privKey,
+      pubKey: keyPair.pubKey
+    });
+    const toolCallId = generateToolCallId();
+    await client.signAndSendUniqueTransaction(
+      {
+        name: "log_tool_call",
+        args: [
+          toolCallId,
+          action,
+          context || "",
+          extra?.toolName || "",
+          extra?.toolArgsJson || ""
+        ]
+      },
+      sigProvider
+    );
+    return { success: true, toolCallId };
+  } catch (err) {
+    return {
+      success: false,
+      toolCallId: null,
+      error: err instanceof Error ? err.message : "Failed to log tool call on-chain"
+    };
+  }
 }
 function normalizeVerdict(raw) {
-  const v = String(raw || "").toUpperCase();
+  if (raw === null || raw === void 0) return "LOGGED";
+  const v = String(raw).toUpperCase();
   if (v === "ALLOW" || v === "GREEN") return "ALLOW";
   if (v === "HOLD" || v === "YELLOW") return "HOLD";
   if (v === "BLOCK" || v === "RED") return "BLOCK";
-  return "BLOCK";
+  return "HOLD";
 }
 function normalizeStatus(raw) {
   const s = String(raw || "").toLowerCase();
@@ -197,26 +224,30 @@ async function getJson(url, opts) {
   return resp.json();
 }
 async function judgeAction(action, context, auth, opts) {
-  const toolCallId = await logToolCall(
+  const logResult = await logToolCall(
     action,
     context,
     auth,
     opts?.chainOpts,
-    { toolName: opts?.toolName, toolArgsJson: opts?.toolArgsJson }
+    { toolName: opts?.toolName, toolArgsJson: opts?.toolArgsJson },
+    opts
   );
+  if (!logResult.success || !logResult.toolCallId) {
+    throw new Error(logResult.error || "Failed to log tool call on-chain");
+  }
   const url = `${baseUrl(opts)}/api/v1/judge`;
   const data = await postJson(
     url,
     {
-      tool_call_id: toolCallId,
+      tool_call_id: logResult.toolCallId,
       agent_pubkey: auth.pubkey,
       action,
-      context: context || "",
-      provider: opts?.provider || "",
-      tool_name: opts?.toolName || "",
-      api_key: opts?.apiKey || "",
-      endpoint_url: opts?.providerEndpoint || "",
-      model: opts?.model || ""
+      ...context && { context },
+      ...opts?.provider && { provider: opts.provider },
+      ...opts?.toolName && { tool_name: opts.toolName },
+      ...opts?.apiKey && { api_key: opts.apiKey },
+      ...opts?.providerEndpoint && { endpoint_url: opts.providerEndpoint },
+      ...opts?.model && { model: opts.model }
     },
     opts
   );
@@ -227,7 +258,7 @@ async function judgeAction(action, context, auth, opts) {
     confidence: Number(data.confidence ?? 0),
     provider: String(data.provider || ""),
     latency_ms: Number(data.latency_ms ?? 0),
-    tool_call_id: String(data.tool_call_id || toolCallId),
+    tool_call_id: String(data.tool_call_id || logResult.toolCallId),
     on_chain: Boolean(data.on_chain)
   };
 }
@@ -351,6 +382,7 @@ async function getSafetyStats(opts) {
   DEFAULT_BLOCKCHAIN_RID,
   DEFAULT_CHROMIA_NODE_URLS,
   DEFAULT_ENDPOINT,
+  checkAgentExists,
   derivePublicKey,
   generateKeyPair,
   getAgentDetail,

package/dist/index.d.cts

@@ -1,7 +1,7 @@
-declare const DEFAULT_ENDPOINT = "https://atbash.ai";
+declare const DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 declare const DEFAULT_CHROMIA_NODE_URLS: string[];
 declare const DEFAULT_BLOCKCHAIN_RID = "25B41DF620C489349C54944496FF5C6E58CFCEFED0C51658780B67299D40E8ED";
-type Verdict = "ALLOW" | "HOLD" | "BLOCK";
+type Verdict = "ALLOW" | "HOLD" | "BLOCK" | "LOGGED";
 type Provider = "atbash" | "openai" | "google" | "microsoft" | "custom" | (string & {});
 type Tier = "audit" | "audit_plus" | "enforcement" | (string & {});
 type ActionType = "allow" | "hold_for_user_confirm" | "block" | (string & {});
@@ -29,16 +29,26 @@ interface ChainOpts {
     nodeUrls?: string[];
     blockchainRid?: string;
 }
+interface LogToolCallResult {
+    success: boolean;
+    toolCallId: string | null;
+    error?: string;
+}
+/**
+ * Check if an agent is onboarded before signing anything.
+ * Calls GET /api/ai/exists?pubkey=<66-hex>
+ */
+declare function checkAgentExists(pubkey: string, opts?: ClientOpts): Promise<boolean>;
 /**
  * Sign and broadcast `log_tool_call` to the Chromia chain.
  *
- * The agent's private key is used to sign the transaction locally —
- * it is never sent over the network. Returns the tool_call_id.
+ * Checks that the agent is onboarded before signing. The agent's private
+ * key is used to sign the transaction locally — never sent over the network.
  */
 declare function logToolCall(action: string, context: string, auth: AgentAuth, chainOpts?: ChainOpts, extra?: {
     toolName?: string;
     toolArgsJson?: string;
-}): Promise<string>;
+}, clientOpts?: ClientOpts): Promise<LogToolCallResult>;
 interface JudgeResult {
     verdict: Verdict;
     action_type: ActionType;
@@ -137,4 +147,4 @@ declare function getAgentDetail(agentPubkey: string, opts?: ClientOpts): Promise
 declare function getAgentPolicy(agentPubkey: string, opts?: ClientOpts): Promise<AgentPolicy>;
 declare function getSafetyStats(opts?: ClientOpts): Promise<Record<string, unknown>>;
 
-export { type AgentAuth, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type HeldAction, type HeldActionReview, type JudgeOptions, type JudgeResult, type JudgmentStatus, type TierInfo, type ToolCallFull, type ToolCallRecord, type Verdict, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, loadAgent, logToolCall, toPubkeyHex };
+export { type AgentAuth, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type HeldAction, type HeldActionReview, type JudgeOptions, type JudgeResult, type JudgmentStatus, type LogToolCallResult, type TierInfo, type ToolCallFull, type ToolCallRecord, type Verdict, checkAgentExists, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, loadAgent, logToolCall, toPubkeyHex };

package/dist/index.d.ts

@@ -1,7 +1,7 @@
-declare const DEFAULT_ENDPOINT = "https://atbash.ai";
+declare const DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 declare const DEFAULT_CHROMIA_NODE_URLS: string[];
 declare const DEFAULT_BLOCKCHAIN_RID = "25B41DF620C489349C54944496FF5C6E58CFCEFED0C51658780B67299D40E8ED";
-type Verdict = "ALLOW" | "HOLD" | "BLOCK";
+type Verdict = "ALLOW" | "HOLD" | "BLOCK" | "LOGGED";
 type Provider = "atbash" | "openai" | "google" | "microsoft" | "custom" | (string & {});
 type Tier = "audit" | "audit_plus" | "enforcement" | (string & {});
 type ActionType = "allow" | "hold_for_user_confirm" | "block" | (string & {});
@@ -29,16 +29,26 @@ interface ChainOpts {
     nodeUrls?: string[];
     blockchainRid?: string;
 }
+interface LogToolCallResult {
+    success: boolean;
+    toolCallId: string | null;
+    error?: string;
+}
+/**
+ * Check if an agent is onboarded before signing anything.
+ * Calls GET /api/ai/exists?pubkey=<66-hex>
+ */
+declare function checkAgentExists(pubkey: string, opts?: ClientOpts): Promise<boolean>;
 /**
  * Sign and broadcast `log_tool_call` to the Chromia chain.
  *
- * The agent's private key is used to sign the transaction locally —
- * it is never sent over the network. Returns the tool_call_id.
+ * Checks that the agent is onboarded before signing. The agent's private
+ * key is used to sign the transaction locally — never sent over the network.
  */
 declare function logToolCall(action: string, context: string, auth: AgentAuth, chainOpts?: ChainOpts, extra?: {
     toolName?: string;
     toolArgsJson?: string;
-}): Promise<string>;
+}, clientOpts?: ClientOpts): Promise<LogToolCallResult>;
 interface JudgeResult {
     verdict: Verdict;
     action_type: ActionType;
@@ -137,4 +147,4 @@ declare function getAgentDetail(agentPubkey: string, opts?: ClientOpts): Promise
 declare function getAgentPolicy(agentPubkey: string, opts?: ClientOpts): Promise<AgentPolicy>;
 declare function getSafetyStats(opts?: ClientOpts): Promise<Record<string, unknown>>;
 
-export { type AgentAuth, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type HeldAction, type HeldActionReview, type JudgeOptions, type JudgeResult, type JudgmentStatus, type TierInfo, type ToolCallFull, type ToolCallRecord, type Verdict, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, loadAgent, logToolCall, toPubkeyHex };
+export { type AgentAuth, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type HeldAction, type HeldActionReview, type JudgeOptions, type JudgeResult, type JudgmentStatus, type LogToolCallResult, type TierInfo, type ToolCallFull, type ToolCallRecord, type Verdict, checkAgentExists, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, loadAgent, logToolCall, toPubkeyHex };

package/dist/index.js

@@ -2,7 +2,7 @@
 import { createECDH, randomBytes } from "crypto";
 import postchain from "postchain-client";
 var { createClient, encryption, newSignatureProvider } = postchain;
-var DEFAULT_ENDPOINT = "https://atbash.ai";
+var DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 var DEFAULT_CHROMIA_NODE_URLS = [
   "https://node6.testnet.chromia.com:7740",
   "https://node7.testnet.chromia.com:7740",
@@ -52,41 +52,67 @@ function generateToolCallId() {
   const rand = randomBytes(4).toString("hex");
   return `tc-${ts}-${rand}`;
 }
-async function logToolCall(action, context, auth, chainOpts, extra) {
-  const nodeUrls = chainOpts?.nodeUrls ?? DEFAULT_CHROMIA_NODE_URLS;
-  const blockchainRid = chainOpts?.blockchainRid ?? DEFAULT_BLOCKCHAIN_RID;
-  const client = await createClient({
-    nodeUrlPool: nodeUrls,
-    blockchainRid
-  });
-  const privKeyBuf = Buffer.from(auth.privkey, "hex");
-  const keyPair = encryption.makeKeyPair(privKeyBuf);
-  const sigProvider = newSignatureProvider({
-    privKey: keyPair.privKey,
-    pubKey: keyPair.pubKey
-  });
-  const toolCallId = generateToolCallId();
-  await client.signAndSendUniqueTransaction(
-    {
-      name: "log_tool_call",
-      args: [
-        toolCallId,
-        action,
-        context || "",
-        extra?.toolName || "",
-        extra?.toolArgsJson || ""
-      ]
-    },
-    sigProvider
-  );
-  return toolCallId;
+async function checkAgentExists(pubkey, opts) {
+  try {
+    const url = `${baseUrl(opts)}/api/ai/exists?pubkey=${encodeURIComponent(pubkey)}`;
+    const data = await getJson(url, opts);
+    return Boolean(data.registered);
+  } catch {
+    return false;
+  }
+}
+async function logToolCall(action, context, auth, chainOpts, extra, clientOpts) {
+  const exists = await checkAgentExists(auth.pubkey, clientOpts);
+  if (!exists) {
+    return {
+      success: false,
+      toolCallId: null,
+      error: "Agent not registered. Onboard the agent at the dashboard before submitting actions."
+    };
+  }
+  try {
+    const nodeUrls = chainOpts?.nodeUrls ?? DEFAULT_CHROMIA_NODE_URLS;
+    const blockchainRid = chainOpts?.blockchainRid ?? DEFAULT_BLOCKCHAIN_RID;
+    const client = await createClient({
+      nodeUrlPool: nodeUrls,
+      blockchainRid
+    });
+    const privKeyBuf = Buffer.from(auth.privkey, "hex");
+    const keyPair = encryption.makeKeyPair(privKeyBuf);
+    const sigProvider = newSignatureProvider({
+      privKey: keyPair.privKey,
+      pubKey: keyPair.pubKey
+    });
+    const toolCallId = generateToolCallId();
+    await client.signAndSendUniqueTransaction(
+      {
+        name: "log_tool_call",
+        args: [
+          toolCallId,
+          action,
+          context || "",
+          extra?.toolName || "",
+          extra?.toolArgsJson || ""
+        ]
+      },
+      sigProvider
+    );
+    return { success: true, toolCallId };
+  } catch (err) {
+    return {
+      success: false,
+      toolCallId: null,
+      error: err instanceof Error ? err.message : "Failed to log tool call on-chain"
+    };
+  }
 }
 function normalizeVerdict(raw) {
-  const v = String(raw || "").toUpperCase();
+  if (raw === null || raw === void 0) return "LOGGED";
+  const v = String(raw).toUpperCase();
   if (v === "ALLOW" || v === "GREEN") return "ALLOW";
   if (v === "HOLD" || v === "YELLOW") return "HOLD";
   if (v === "BLOCK" || v === "RED") return "BLOCK";
-  return "BLOCK";
+  return "HOLD";
 }
 function normalizeStatus(raw) {
   const s = String(raw || "").toLowerCase();
@@ -140,26 +166,30 @@ async function getJson(url, opts) {
   return resp.json();
 }
 async function judgeAction(action, context, auth, opts) {
-  const toolCallId = await logToolCall(
+  const logResult = await logToolCall(
     action,
     context,
     auth,
     opts?.chainOpts,
-    { toolName: opts?.toolName, toolArgsJson: opts?.toolArgsJson }
+    { toolName: opts?.toolName, toolArgsJson: opts?.toolArgsJson },
+    opts
   );
+  if (!logResult.success || !logResult.toolCallId) {
+    throw new Error(logResult.error || "Failed to log tool call on-chain");
+  }
   const url = `${baseUrl(opts)}/api/v1/judge`;
   const data = await postJson(
     url,
     {
-      tool_call_id: toolCallId,
+      tool_call_id: logResult.toolCallId,
       agent_pubkey: auth.pubkey,
       action,
-      context: context || "",
-      provider: opts?.provider || "",
-      tool_name: opts?.toolName || "",
-      api_key: opts?.apiKey || "",
-      endpoint_url: opts?.providerEndpoint || "",
-      model: opts?.model || ""
+      ...context && { context },
+      ...opts?.provider && { provider: opts.provider },
+      ...opts?.toolName && { tool_name: opts.toolName },
+      ...opts?.apiKey && { api_key: opts.apiKey },
+      ...opts?.providerEndpoint && { endpoint_url: opts.providerEndpoint },
+      ...opts?.model && { model: opts.model }
     },
     opts
   );
@@ -170,7 +200,7 @@ async function judgeAction(action, context, auth, opts) {
     confidence: Number(data.confidence ?? 0),
     provider: String(data.provider || ""),
     latency_ms: Number(data.latency_ms ?? 0),
-    tool_call_id: String(data.tool_call_id || toolCallId),
+    tool_call_id: String(data.tool_call_id || logResult.toolCallId),
     on_chain: Boolean(data.on_chain)
   };
 }
@@ -293,6 +323,7 @@ export {
   DEFAULT_BLOCKCHAIN_RID,
   DEFAULT_CHROMIA_NODE_URLS,
   DEFAULT_ENDPOINT,
+  checkAgentExists,
   derivePublicKey,
   generateKeyPair,
   getAgentDetail,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@atbash/sdk",
-  "version": "0.3.1",
-  "description": "TypeScript SDK for the Atbash risk-engine / judge API",
+  "version": "0.3.2",
+  "description": "Atbash SDK — control boundary before the last irreversible step in an agent workflow",
   "homepage": "https://atbash.ai",
   "author": "Atbash",
   "license": "SEE LICENSE IN LICENSE",