@atbash/sdk 0.3.11-dev.1 → 0.3.11-dev.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +39 -31
- package/dist/index.cjs +644 -47
- package/dist/index.d.cts +129 -32
- package/dist/index.d.ts +129 -32
- package/dist/index.js +635 -43
- package/package.json +4 -2
package/README.md
CHANGED
|
@@ -23,10 +23,12 @@ const agent = loadAgent(process.env.ATBASH_AGENT_PRIVKEY!);
|
|
|
23
23
|
// 2. Submit an action for judgment, before executing it.
|
|
24
24
|
// The SDK signs the transaction locally and sends it to the judge API.
|
|
25
25
|
// Private key stays on your machine — never sent over HTTP.
|
|
26
|
+
// Pass orgName so the SDK auto-resolves the correct chain (public or private).
|
|
26
27
|
const result = await judgeAction(
|
|
27
28
|
"Transfer $50,000 to external wallet 0xabc",
|
|
28
29
|
"Outbound AML check — new recipient, over threshold",
|
|
29
30
|
agent,
|
|
31
|
+
{ orgName: "my_org" },
|
|
30
32
|
);
|
|
31
33
|
|
|
32
34
|
// 3. Enforce the verdict
|
|
@@ -39,19 +41,19 @@ switch (result.verdict) {
|
|
|
39
41
|
console.log("Held for review:", result.tool_call_id);
|
|
40
42
|
break;
|
|
41
43
|
case "BLOCK":
|
|
42
|
-
// Refused — agent is jailed
|
|
44
|
+
// Refused — agent is auto-jailed
|
|
43
45
|
throw new Error(`Blocked: ${result.reason}`);
|
|
44
46
|
}
|
|
45
47
|
```
|
|
46
48
|
|
|
47
|
-
Before this works, the agent must be onboarded at [atbash.ai](https://atbash.ai/) — assigned to an org
|
|
49
|
+
Before this works, the agent must be onboarded at [atbash.ai](https://atbash.ai/) — assigned to an org with an active subscription and a policy pack attached.
|
|
48
50
|
|
|
49
51
|
### How it works
|
|
50
52
|
|
|
51
53
|
`judgeAction()` performs a two-step flow:
|
|
52
54
|
|
|
53
55
|
1. **Sign locally** — signs the transaction using the agent's private key. The key never leaves your machine.
|
|
54
|
-
2. **Request verdict** — sends the signed
|
|
56
|
+
2. **Request verdict** — sends the signed payload to the Atbash judge API, which records it on the Chromia blockchain and returns a verdict.
|
|
55
57
|
|
|
56
58
|
|
|
57
59
|
### Don't have an agent yet?
|
|
@@ -86,9 +88,9 @@ Every `judgeAction` call returns one of three verdicts:
|
|
|
86
88
|
|---------|---------|-------------------------|
|
|
87
89
|
| `ALLOW` | Action is within policy | Proceed with execution |
|
|
88
90
|
| `HOLD` | Requires operator review | Pause — poll `getJudgmentStatus` until resolved |
|
|
89
|
-
| `BLOCK` | Violates a red line | Abort — agent is jailed
|
|
91
|
+
| `BLOCK` | Violates a red line | Abort — agent is auto-jailed |
|
|
90
92
|
|
|
91
|
-
> **NB:** If your org
|
|
93
|
+
> **NB:** If your org has **no active subscription**, the judge returns `"No verdict"` — actions are logged on-chain for the audit trail but not evaluated. Assign a subscription plan at [atbash.ai/risk-engine/settings](https://atbash.ai/risk-engine/settings) for active verdicts. All subscription plans (including Free) get full enforcement.
|
|
92
94
|
|
|
93
95
|
## API
|
|
94
96
|
|
|
@@ -118,17 +120,11 @@ interface JudgeOptions {
|
|
|
118
120
|
model?: string; // Model override (e.g. "gpt-4o-mini")
|
|
119
121
|
toolName?: string; // Tool name for audit trail
|
|
120
122
|
toolArgsJson?: string; // Tool arguments JSON for audit trail
|
|
121
|
-
|
|
122
|
-
}
|
|
123
|
-
|
|
124
|
-
interface ChainOpts {
|
|
125
|
-
nodeUrls?: string[]; // Chromia node URLs (uses the default nodeurls)
|
|
126
|
-
blockchainRid?: string; // Blockchain RID (uses the default chromia rid)
|
|
123
|
+
orgName?: string; // Org name — SDK auto-resolves the correct chain
|
|
127
124
|
}
|
|
128
125
|
|
|
129
126
|
interface JudgeResult {
|
|
130
127
|
verdict: string; // "ALLOW", "HOLD", or "BLOCK"
|
|
131
|
-
action_type: string; // "allow", "hold_for_user_confirm", or "block"
|
|
132
128
|
reason: string; // Human-readable explanation
|
|
133
129
|
confidence: number; // 0–1
|
|
134
130
|
provider: string; // Which provider evaluated the action
|
|
@@ -138,20 +134,6 @@ interface JudgeResult {
|
|
|
138
134
|
}
|
|
139
135
|
```
|
|
140
136
|
|
|
141
|
-
### Log tool call (low-level)
|
|
142
|
-
|
|
143
|
-
```ts
|
|
144
|
-
logToolCall(
|
|
145
|
-
action: string,
|
|
146
|
-
context: string,
|
|
147
|
-
auth: AgentAuth,
|
|
148
|
-
chainOpts?: ChainOpts,
|
|
149
|
-
extra?: { toolName?: string; toolArgsJson?: string },
|
|
150
|
-
): Promise<LogToolCallResult>
|
|
151
|
-
```
|
|
152
|
-
|
|
153
|
-
Sign the transaction locally. Returns `{ success, toolCallId, signedHex?, error? }`. Use this if you need to separate the signing step from the verdict request.
|
|
154
|
-
|
|
155
137
|
### Poll judgment status
|
|
156
138
|
|
|
157
139
|
```ts
|
|
@@ -191,7 +173,6 @@ Functions that sign transactions and write to the Chromia blockchain.
|
|
|
191
173
|
| Function | Use case |
|
|
192
174
|
|----------|----------|
|
|
193
175
|
| `judgeAction(action, context, auth, opts?)` | Sign locally + request a verdict from the judge API |
|
|
194
|
-
| `logToolCall(action, context, auth, ...)` | Sign the transaction locally without requesting a verdict |
|
|
195
176
|
|
|
196
177
|
### Queries
|
|
197
178
|
|
|
@@ -204,7 +185,7 @@ Functions that sign transactions and write to the Chromia blockchain.
|
|
|
204
185
|
| `getAgentToolCalls(pubkey, maxCount)` | List tool calls for a specific agent |
|
|
205
186
|
| `getToolCallCount()` | Get total number of tool calls on-chain |
|
|
206
187
|
| `getToolCallFull(toolCallId)` | Get full details of a single tool call (verdict, context, timing) |
|
|
207
|
-
| `
|
|
188
|
+
| `getOrgSubscription(orgName)` | Check an org's subscription plan, network, and active status |
|
|
208
189
|
| `getAgentDetail(pubkey)` | Get agent metadata (org, status, creation date) |
|
|
209
190
|
| `getAgentPolicy(pubkey)` | Check agent's policy pack and jail status |
|
|
210
191
|
| `getPendingHeldActions(orgName, maxCount)` | List actions waiting for operator approval |
|
|
@@ -242,6 +223,7 @@ saveUserConfig({
|
|
|
242
223
|
// Then use resolve() anywhere
|
|
243
224
|
const agent = loadAgent(resolve("agentKey"));
|
|
244
225
|
const result = await judgeAction("Transfer $500", "finance", agent, {
|
|
226
|
+
orgName: resolve("orgName"),
|
|
245
227
|
provider: resolve("provider"), // omit to use the on-chain ATBASH judge
|
|
246
228
|
});
|
|
247
229
|
```
|
|
@@ -264,7 +246,7 @@ Config file location: `~/.config/atbash/config.json`
|
|
|
264
246
|
| `provider` | `ATBASH_PROVIDER` |
|
|
265
247
|
| `providerModel` | `ATBASH_PROVIDER_MODEL` |
|
|
266
248
|
|
|
267
|
-
> **
|
|
249
|
+
> **Chain routing:** When you pass `orgName`, the SDK automatically connects to the correct chain for your org's subscription plan. You don't need to configure chain details manually.
|
|
268
250
|
|
|
269
251
|
## Secret redaction
|
|
270
252
|
|
|
@@ -285,6 +267,32 @@ Common `kinds`:
|
|
|
285
267
|
|
|
286
268
|
Redaction is silent at the consumer level — the SDK's caller still has the original arguments. Only what's sent to the judge (and persisted on chain via the verdict log) is scrubbed.
|
|
287
269
|
|
|
270
|
+
## High-level client
|
|
271
|
+
|
|
272
|
+
For framework integrations, `createAtbashClient` wraps key loading, secret redaction, and verdict handling into a single `auditToolCall` method:
|
|
273
|
+
|
|
274
|
+
```ts
|
|
275
|
+
import { createAtbashClient } from "@atbash/sdk";
|
|
276
|
+
|
|
277
|
+
const atbash = createAtbashClient({
|
|
278
|
+
orgName: "my_org",
|
|
279
|
+
keyPair: { privKey: process.env.ATBASH_AGENT_KEY!, pubKey: "" },
|
|
280
|
+
failClosed: true, // block on errors (default: true)
|
|
281
|
+
});
|
|
282
|
+
|
|
283
|
+
const decision = await atbash.auditToolCall({
|
|
284
|
+
toolName: "send_email",
|
|
285
|
+
args: { to: "user@example.com", subject: "Reset" },
|
|
286
|
+
context: "Password reset flow",
|
|
287
|
+
});
|
|
288
|
+
|
|
289
|
+
if (!decision.allow) {
|
|
290
|
+
console.log(`${decision.verdict}: ${decision.reason}`);
|
|
291
|
+
}
|
|
292
|
+
```
|
|
293
|
+
|
|
294
|
+
The client auto-resolves the correct chain from the org's subscription on the first call and caches the result. Secret redaction runs automatically before signing.
|
|
295
|
+
|
|
288
296
|
## Integration patterns
|
|
289
297
|
|
|
290
298
|
### Pre-execution gate
|
|
@@ -334,8 +342,8 @@ API error 404: {"error":"Agent not registered..."}
|
|
|
334
342
|
|---|---|---|
|
|
335
343
|
| `API error 404: Agent not registered` | Agent not onboarded | [atbash.ai/risk-engine/agents](https://atbash.ai/risk-engine/agents) |
|
|
336
344
|
| `API error 400: Agent has no policy` | No policy attached to agent | [atbash.ai/risk-engine/agents](https://atbash.ai/risk-engine/agents) |
|
|
337
|
-
| `Agent is jailed` | BLOCK verdict triggered auto-jail
|
|
338
|
-
| `
|
|
345
|
+
| `Agent is jailed` | BLOCK verdict triggered auto-jail | [atbash.ai/risk-engine/agents](https://atbash.ai/risk-engine/agents) |
|
|
346
|
+
| `Verdicts are disabled` | Org has no active subscription | [atbash.ai/risk-engine/settings](https://atbash.ai/risk-engine/settings) |
|
|
339
347
|
| `API error 400: action is required` | Empty action string | Fix caller |
|
|
340
348
|
| `API error 502: Incorrect API key` | Invalid provider API key | Check saved key at [atbash.ai/risk-engine/settings](https://atbash.ai/risk-engine/settings) |
|
|
341
349
|
|