npm - @atbash/sdk - Versions diffs - 0.3.7 → 0.3.9-dev.1 - Mend

@atbash/sdk 0.3.7 → 0.3.9-dev.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -21,8 +21,8 @@ import { loadAgent, judgeAction } from "@atbash/sdk";
 const agent = loadAgent(process.env.ATBASH_AGENT_PRIVKEY!);
 // 2. Submit an action for judgment, before executing it.
-//    The SDK signs and broadcasts log_tool_call to the Chromia chain
-//    (private key stays local), then requests a verdict from the judge API.
+//    The SDK signs the transaction locally and sends it to the judge API.
+//    Private key stays on your machine — never sent over HTTP.
 const result = await judgeAction(
   "Transfer $50,000 to external wallet 0xabc",
   "Outbound AML check — new recipient, over threshold",
@@ -50,10 +50,9 @@ Before this works, the agent must be onboarded at [atbash.ai](https://atbash.ai/
 `judgeAction()` performs a two-step flow:
-1. **Sign on-chain** — signs and broadcasts a `log_tool_call` transaction to the Chromia blockchain using the agent's private key. The key never leaves your machine.
-2. **Request verdict** — sends the resulting `tool_call_id` and `agent_pubkey` to the Atbash judge API. No private key is transmitted over HTTP.
+1. **Sign locally** — signs the transaction using the agent's private key. The key never leaves your machine.
+2. **Request verdict** — sends the signed transaction, `tool_call_id`, and `agent_pubkey` to the Atbash judge API. The server broadcasts it to the Chromia blockchain and returns a verdict.
-If you need finer control, you can call `logToolCall()` and the judge API separately.
 ### Don't have an agent yet?
@@ -75,12 +74,9 @@ const agent = loadAgent(privKey);
 ### Secret storage
-The private key is used to sign on-chain transactions locally. Treat it like any other long-lived credential:
-- Load it from an environment variable (`ATBASH_AGENT_PRIVKEY`) or a secret manager (AWS Secrets Manager, HashiCorp Vault, 1Password, etc.) — never hardcode it.
-- Never commit `.env` files containing the key. Add them to `.gitignore`.
-- If a key leaks, revoke the agent and create a new one in the [Atbash dashboard](https://atbash.ai/risk-engine/agents).
-- The SDK is **server-side only** — the key must never ship to a browser bundle.
+- Load the private key from an environment variable (`ATBASH_AGENT_KEY`) or a secret manager — never hardcode it.
+- Never commit `.env` files containing the key.
+- If a key leaks, stop using it and create a new agent in the [dashboard](https://atbash.ai/risk-engine/agents).
 ## Verdicts
@@ -107,7 +103,7 @@ judgeAction(
 ): Promise<JudgeResult>
 ```
-Submit an action for judgment before execution. Signs `log_tool_call` on-chain, then requests a verdict. Returns the verdict, reason, confidence, provider, latency, and tool call ID.
+Submit an action for judgment before execution. Signs the transaction locally and sends it to the judge API for a verdict.
 ```ts
 interface AgentAuth {
@@ -154,12 +150,12 @@ logToolCall(
 ): Promise<LogToolCallResult>
 ```
-Sign `log_tool_call` on the Chromia chain. Returns `{ success, toolCallId, error? }`. Use this if you need to separate the on-chain logging step from the verdict request.
+Sign the transaction locally. Returns `{ success, toolCallId, signedHex?, error? }`. Use this if you need to separate the signing step from the verdict request.
 ### Poll judgment status
 ```ts
-getJudgmentStatus(judgmentId: string, opts?: ClientOpts): Promise<JudgmentStatus>
+getJudgmentStatus(judgmentId: string, agentPubkey: string, opts?: ClientOpts): Promise<JudgmentStatus>
 ```
 Check whether a held action has been approved or rejected by an operator.
@@ -194,15 +190,15 @@ Functions that sign transactions and write to the Chromia blockchain.
 | Function | Use case |
 |----------|----------|
-| `judgeAction(action, context, auth, opts?)` | Sign `log_tool_call` on-chain + request a verdict from the judge API |
-| `logToolCall(action, context, auth, ...)` | Sign and broadcast `log_tool_call` to chain without requesting a verdict |
+| `judgeAction(action, context, auth, opts?)` | Sign locally + request a verdict from the judge API |
+| `logToolCall(action, context, auth, ...)` | Sign the transaction locally without requesting a verdict |
 ### Queries
 | Function | Use case |
 |----------|----------|
 | `checkAgentExists(pubkey, opts?)` | Check if an agent is onboarded before signing |
-| `getJudgmentStatus(judgmentId, opts?)` | Poll whether a held action has been approved or rejected |
+| `getJudgmentStatus(judgmentId, agentPubkey, opts?)` | Poll whether a held action has been approved or rejected |
 | `getToolCalls(maxCount)` | List recent tool calls across all agents |
 | `getOrgToolCalls(orgName, maxCount)` | List tool calls for a specific org |
 | `getAgentToolCalls(pubkey, maxCount)` | List tool calls for a specific agent |
@@ -217,24 +213,78 @@ Functions that sign transactions and write to the Chromia blockchain.
 ## Configuration
-The SDK reads no environment variables and has no global state. Pass configuration explicitly:
+You can pass configuration inline or use the built-in config module that reads from `~/.config/atbash/config.json`.
+### Inline
 ```ts
-// Custom endpoint
 const result = await judgeAction(action, context, auth, {
   endpoint: "https://your-instance.example.com",
+  provider: "openai",
+  model: "gpt-4o",
 });
+```
-// Custom provider (API keys are saved in the dashboard, not passed here)
-const result = await judgeAction(action, context, auth, {
+### Persistent config
+Save configuration once — the SDK resolves values with priority: **flag > env var > config file**.
+```ts
+import { saveUserConfig, resolve, loadAgent, judgeAction } from "@atbash/sdk";
+// Save once
+saveUserConfig({
+  agentKey: "9cd07a...",
+  orgName: "my_org",
   provider: "openai",
-  model: "gpt-4o",
 });
+// Then use resolve() anywhere
+const agent = loadAgent(resolve("agentKey"));
+const result = await judgeAction("Transfer $500", "finance", agent, {
+  provider: resolve("provider"), // omit to use the on-chain ATBASH judge
+});
 ```
+Config file location: `~/.config/atbash/config.json`
+| Function | Purpose |
+|----------|---------|
+| `saveUserConfig(config)` | Write config to disk |
+| `loadUserConfig()` | Read config from disk |
+| `resolve(key, flagValue?)` | Resolve a value: flag > env > file > `""` |
+| `getConfigPath()` | Returns the config file path |
+| Config key | Env var |
+|------------|--------|
+| `agentKey` | `ATBASH_AGENT_KEY` |
+| `orgName` | `ATBASH_ORG_NAME` |
+| `judgeEndpoint` | `ATBASH_ENDPOINT` |
+| `blockchainRid` | `ATBASH_BLOCKCHAIN_RID` |
+| `provider` | `ATBASH_PROVIDER` |
+| `providerModel` | `ATBASH_PROVIDER_MODEL` |
 > **Advanced:** The SDK connects to the default Atbash Chromia chain. To use a different chain, pass `chainOpts` with custom `nodeUrls` and `blockchainRid` in `JudgeOptions`.
+## Secret redaction
+Before each `auditToolCall` signs anything, the SDK scans `args` and `context` for secret-shaped values (API keys, tokens, JWTs, PEM blocks, etc.) and replaces matches with `[REDACTED:<kind>]`. Redaction happens **before signing**, so secrets never reach the signed bytes, the request body, the on-chain log, or the prompt sent to the AI provider.
+When the redactor fires, you'll see a warning via the configured `logger`:
+```
+[atbash] redacted secrets before judge call { tool: "exec", count: 2, kinds: ["anthropic", "generic_token"] }
+```
+Common `kinds`:
+- `anthropic`, `openai`, `github`, `google`, `aws_access_key`, `stripe`, `slack`, `jwt`, `private_key_pem` — high-confidence vendor patterns; if you see these, a real secret was almost certainly in your input
+- `context_secret` — a value next to a label like `api_key=`, `token:`, `password=`, etc.
+- `generic_token` — long random-looking strings (32+ alphanumeric chars). Catches unknown-vendor secrets, but can also match UUIDs, content hashes, and other opaque identifiers. The judge sees `[REDACTED:generic_token]` instead of the original; for verdict purposes the shape of the action matters more than the exact ID, so this is generally safe — but worth knowing if you see it unexpectedly.
+- `base64` — long base64-encoded values; can match legitimate image/file data
+Redaction is silent at the consumer level — the SDK's caller still has the original arguments. Only what's sent to the judge (and persisted on chain via the verdict log) is scrubbed.
 ## Integration patterns
 ### Pre-execution gate
@@ -253,7 +303,7 @@ async function safeExecute(action: string, context: string, execute: () => Promi
 ```ts
 async function waitForApproval(toolCallId: string): Promise<string> {
   while (true) {
-    const status = await getJudgmentStatus(toolCallId);
+    const status = await getJudgmentStatus(toolCallId, auth.pubkey);
     if (status.status === "answered") return status.verdict;
     if (status.status === "error") throw new Error(status.reason);
     await new Promise((r) => setTimeout(r, 5000));

package/dist/index.cjs CHANGED Viewed

@@ -40,6 +40,8 @@ __export(index_exports, {
   getAgentDetail: () => getAgentDetail,
   getAgentPolicy: () => getAgentPolicy,
   getAgentToolCalls: () => getAgentToolCalls,
+  getConfigDir: () => getConfigDir,
+  getConfigPath: () => getConfigPath,
   getHeldActionReviews: () => getHeldActionReviews,
   getJudgmentStatus: () => getJudgmentStatus,
   getOrgTierInfo: () => getOrgTierInfo,
@@ -53,8 +55,11 @@ __export(index_exports, {
   judgeAction: () => judgeAction,
   loadAgent: () => loadAgent,
   loadAgentFromFile: () => loadAgentFromFile,
+  loadUserConfig: () => loadUserConfig,
   logToolCall: () => logToolCall,
+  resolve: () => resolve,
   resolveKeyPath: () => resolveKeyPath,
+  saveUserConfig: () => saveUserConfig,
   toPubkeyHex: () => toPubkeyHex,
   validateJudgeEndpoint: () => validateJudgeEndpoint,
   verifyJudgeResponseSignature: () => verifyJudgeResponseSignature
@@ -93,7 +98,7 @@ function verifyJudgeResponseSignature(bodyBytes, signatureHex, pubKeyHex) {
 // src/client.ts
 var { createClient, encryption: encryption2, newSignatureProvider } = import_postchain_client2.default;
-var DEFAULT_ENDPOINT = "https://atbash.ai";
+var DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 var DEFAULT_CHROMIA_NODE_URLS = [
   "https://node6.testnet.chromia.com:7740",
   "https://node7.testnet.chromia.com:7740",
@@ -333,8 +338,8 @@ async function judgeAction(action, context = "", auth, opts) {
     on_chain: Boolean(data.on_chain)
   };
 }
-async function getJudgmentStatus(judgmentId, opts) {
-  const url = `${baseUrl(opts)}/api/v1/judge?tool_call_id=${encodeURIComponent(judgmentId)}`;
+async function getJudgmentStatus(judgmentId, agentPubkey, opts) {
+  const url = `${baseUrl(opts)}/api/v1/judge?tool_call_id=${encodeURIComponent(judgmentId)}&agent_pubkey=${encodeURIComponent(agentPubkey)}`;
   const data = await getJson(url, opts);
   return {
     status: normalizeStatus(data.status),
@@ -540,6 +545,77 @@ function loadAgentFromFile(keyPath) {
   return loadAgent(privKey);
 }
+// src/redact-secrets.ts
+var PATTERNS = [
+  { kind: "anthropic", re: /\bsk-ant-[A-Za-z0-9_-]{20,}/g },
+  { kind: "openai_project", re: /\bsk-proj-[A-Za-z0-9_-]{20,}/g },
+  { kind: "openai", re: /\bsk-[A-Za-z0-9]{20,}/g },
+  { kind: "github", re: /\b(?:gh[pousr]|github_pat)_[A-Za-z0-9_]{30,}/g },
+  { kind: "google", re: /\bAIza[0-9A-Za-z_-]{35}/g },
+  { kind: "google_oauth", re: /\bya29\.[0-9A-Za-z_-]{20,}/g },
+  {
+    kind: "aws_access_key",
+    re: /\b(?:AKIA|ASIA|AGPA|AROA|ANPA|ANVA|ASCA|AIDA|AIPA)[0-9A-Z]{16}\b/g
+  },
+  { kind: "stripe", re: /\b(?:sk|rk|pk)_(?:live|test)_[A-Za-z0-9]{20,}/g },
+  { kind: "slack", re: /\bxox[abprseo]-[A-Za-z0-9-]{10,}/g },
+  {
+    kind: "slack_webhook",
+    re: /https:\/\/hooks\.slack\.com\/services\/T[A-Za-z0-9]+\/B[A-Za-z0-9]+\/[A-Za-z0-9]{20,}/g
+  },
+  { kind: "sendgrid", re: /\bSG\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}/g },
+  { kind: "twilio_sid", re: /\bAC[0-9a-fA-F]{32}\b/g },
+  { kind: "mailgun", re: /\bkey-[0-9a-f]{32}\b/g },
+  { kind: "npm_token", re: /\bnpm_[A-Za-z0-9]{36,}\b/g },
+  { kind: "jwt", re: /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g },
+  {
+    kind: "private_key_pem",
+    re: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g
+  },
+  {
+    kind: "aws_secret_key",
+    re: /(?:aws[_-]?secret|secret[_-]?access[_-]?key)["'\s:=]{1,10}[A-Za-z0-9/+=]{40}/gi
+  },
+  {
+    kind: "generic_token",
+    re: /\b(?=[A-Za-z0-9_-]*[0-9])(?=[A-Za-z0-9_-]*[A-Za-z])(?![0-9a-fA-F]+$)[A-Za-z0-9_-]{32,}\b/g
+  },
+  {
+    kind: "base64",
+    re: /(?<![A-Za-z0-9+/])(?=[A-Za-z0-9+/]*[+/])(?=[A-Za-z0-9+/]*[0-9])(?=[A-Za-z0-9+/]*[A-Za-z])[A-Za-z0-9+/]{40,}={0,2}(?![A-Za-z0-9+/=])/g
+  },
+  {
+    kind: "context_secret",
+    re: /(?<![A-Za-z0-9_])(?:api[_-]?key|api[_-]?secret|access[_-]?token|refresh[_-]?token|auth[_-]?token|client[_-]?secret|password|passwd|pwd|secret|token|credential|private[_-]?key)["']?\s*[:=]\s*["']?([A-Za-z0-9+/=._-]{12,})(?=["'\s,;)\]}>]|$)/gi,
+    groupOnly: true
+  },
+  {
+    kind: "bearer",
+    re: /(?<![A-Za-z0-9_])Bearer\s+([A-Za-z0-9._-]{20,})\b/gi,
+    groupOnly: true
+  }
+];
+function redactSecrets(input) {
+  if (!input) return { redacted: input ?? "", found: [] };
+  const found = [];
+  let working = input;
+  for (const { kind, re, groupOnly } of PATTERNS) {
+    if (groupOnly) {
+      working = working.replace(re, (full, value) => {
+        if (typeof value !== "string" || !value) return full;
+        found.push({ kind, length: value.length });
+        return full.replace(value, `[REDACTED:${kind}]`);
+      });
+    } else {
+      working = working.replace(re, (m) => {
+        found.push({ kind, length: m.length });
+        return `[REDACTED:${kind}]`;
+      });
+    }
+  }
+  return { redacted: working, found };
+}
 // src/factory.ts
 function createAtbashClient(config = {}) {
   const validated = validateJudgeEndpoint(config.judge);
@@ -576,9 +652,23 @@ function createAtbashClient(config = {}) {
         return fail("key load failed, blocking for safety");
       }
       const toolName = input.toolName || "unknown";
-      const argsJson = stringifyArgs(input.args);
+      const argsRedaction = redactSecrets(stringifyArgs(input.args));
+      const ctxRedaction = redactSecrets(input.context ?? toolName);
+      const argsJson = argsRedaction.redacted;
       const actionText = truncate(argsJson);
-      const contextText = input.context ?? toolName;
+      const contextText = ctxRedaction.redacted;
+      const totalRedactions = argsRedaction.found.length + ctxRedaction.found.length;
+      if (totalRedactions > 0) {
+        const kinds = [.../* @__PURE__ */ new Set([
+          ...argsRedaction.found.map((f) => f.kind),
+          ...ctxRedaction.found.map((f) => f.kind)
+        ])];
+        logger.warn?.("[atbash] redacted secrets before judge call", {
+          tool: toolName,
+          count: totalRedactions,
+          kinds
+        });
+      }
       try {
         logger.info?.("[atbash] judge API called", { tool: toolName });
         const result = await judgeAction(actionText, contextText, agent, {
@@ -648,6 +738,56 @@ function truncate(text) {
   if (text.length <= MAX_ACTION_LEN) return text;
   return text.slice(0, MAX_ACTION_LEN) + "\u2026";
 }
+// src/user-config.ts
+var import_node_fs2 = require("fs");
+var import_node_os2 = require("os");
+var import_node_path2 = require("path");
+var ENV_MAP = {
+  agentKey: "ATBASH_AGENT_KEY",
+  orgName: "ATBASH_ORG_NAME",
+  judgeEndpoint: "ATBASH_ENDPOINT",
+  blockchainRid: "ATBASH_BLOCKCHAIN_RID",
+  provider: "ATBASH_PROVIDER",
+  providerModel: "ATBASH_PROVIDER_MODEL"
+};
+function getConfigDir() {
+  const home = process.env.HOME || (0, import_node_os2.homedir)() || "";
+  return (0, import_node_path2.join)(home, ".config", "atbash");
+}
+function getConfigPath() {
+  return (0, import_node_path2.join)(getConfigDir(), "config.json");
+}
+function loadUserConfig() {
+  try {
+    const p = getConfigPath();
+    if (!(0, import_node_fs2.existsSync)(p)) return {};
+    const raw = (0, import_node_fs2.readFileSync)(p, "utf-8").trim();
+    if (!raw) return {};
+    return JSON.parse(raw);
+  } catch (err) {
+    console.error("Failed to load config file", err);
+    return {};
+  }
+}
+function saveUserConfig(config) {
+  const dir = getConfigDir();
+  if (!(0, import_node_fs2.existsSync)(dir)) {
+    (0, import_node_fs2.mkdirSync)(dir, { recursive: true });
+  }
+  (0, import_node_fs2.writeFileSync)(getConfigPath(), JSON.stringify(config, null, 2) + "\n", "utf-8");
+}
+function resolve(key, flagValue) {
+  if (flagValue) return flagValue;
+  const envName = ENV_MAP[key];
+  if (envName) {
+    const envVal = process.env[envName];
+    if (envVal) return envVal;
+  }
+  const fileVal = loadUserConfig()[key];
+  if (fileVal != null) return String(fileVal);
+  return "";
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   DEFAULT_BLOCKCHAIN_RID,
@@ -660,6 +800,8 @@ function truncate(text) {
   getAgentDetail,
   getAgentPolicy,
   getAgentToolCalls,
+  getConfigDir,
+  getConfigPath,
   getHeldActionReviews,
   getJudgmentStatus,
   getOrgTierInfo,
@@ -673,8 +815,11 @@ function truncate(text) {
   judgeAction,
   loadAgent,
   loadAgentFromFile,
+  loadUserConfig,
   logToolCall,
+  resolve,
   resolveKeyPath,
+  saveUserConfig,
   toPubkeyHex,
   validateJudgeEndpoint,
   verifyJudgeResponseSignature

package/dist/index.d.cts CHANGED Viewed

@@ -1,5 +1,5 @@
 type Verdict = "ALLOW" | "HOLD" | "BLOCK" | "No verdict";
-type Provider = "atbash" | "openai" | "google" | "microsoft" | "custom" | (string & {});
+type Provider = "openai" | "google" | "microsoft" | "custom" | (string & {});
 type Tier = "audit" | "audit_plus" | "enforcement" | (string & {});
 type ActionType = "allow" | "hold_for_user_confirm" | "block" | (string & {});
 type PubkeyValue = string | Buffer | {
@@ -148,7 +148,7 @@ interface AtbashClientConfig {
     };
 }
-declare const DEFAULT_ENDPOINT = "https://atbash.ai";
+declare const DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 declare const DEFAULT_CHROMIA_NODE_URLS: string[];
 declare const DEFAULT_BLOCKCHAIN_RID = "25B41DF620C489349C54944496FF5C6E58CFCEFED0C51658780B67299D40E8ED";
 declare function isValidPrivateKey(hex: string): boolean;
@@ -176,7 +176,7 @@ declare function logToolCall(action: string, context: string, auth: AgentAuth, c
     toolArgsJson?: string;
 }, clientOpts?: ClientOpts): Promise<LogToolCallResult>;
 declare function judgeAction(action: string, context: string | undefined, auth: AgentAuth, opts?: JudgeOptions): Promise<JudgeResult>;
-declare function getJudgmentStatus(judgmentId: string, opts?: ClientOpts): Promise<JudgmentStatus>;
+declare function getJudgmentStatus(judgmentId: string, agentPubkey: string, opts?: ClientOpts): Promise<JudgmentStatus>;
 declare function getToolCalls(maxCount: number, opts?: ClientOpts): Promise<ToolCallRecord[]>;
 declare function getOrgToolCalls(orgName: string, maxCount: number, opts?: ClientOpts): Promise<ToolCallRecord[]>;
 declare function getAgentToolCalls(agentPubkey: string, maxCount: number, opts?: ClientOpts): Promise<ToolCallRecord[]>;
@@ -204,4 +204,18 @@ declare function verifyJudgeResponseSignature(bodyBytes: Uint8Array, signatureHe
     reason?: string;
 };
-export { type ActionType, type AgentAuth, type AgentPolicy, type AtbashClient, type AtbashClientConfig, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type Decision, type DecisionVerdict, type HeldAction, type HeldActionReview, type JudgeEndpointConfig, type JudgeOptions, type JudgeResult, type JudgmentStatus, type JudgmentStatusState, type LogToolCallResult, type Provider, type PubkeyValue, type Tier, type TierInfo, type ToolCallFull, type ToolCallInput, type ToolCallRecord, type ValidatedEndpoint, type Verdict, checkAgentExists, createAtbashClient, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, loadAgent, loadAgentFromFile, logToolCall, resolveKeyPath, toPubkeyHex, validateJudgeEndpoint, verifyJudgeResponseSignature };
+interface AtbashUserConfig {
+    agentKey?: string;
+    orgName?: string;
+    judgeEndpoint?: string;
+    blockchainRid?: string;
+    provider?: string;
+    providerModel?: string;
+}
+declare function getConfigDir(): string;
+declare function getConfigPath(): string;
+declare function loadUserConfig(): AtbashUserConfig;
+declare function saveUserConfig(config: AtbashUserConfig): void;
+declare function resolve(key: keyof AtbashUserConfig, flagValue?: string): string;
+export { type ActionType, type AgentAuth, type AgentPolicy, type AtbashClient, type AtbashClientConfig, type AtbashUserConfig, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type Decision, type DecisionVerdict, type HeldAction, type HeldActionReview, type JudgeEndpointConfig, type JudgeOptions, type JudgeResult, type JudgmentStatus, type JudgmentStatusState, type LogToolCallResult, type Provider, type PubkeyValue, type Tier, type TierInfo, type ToolCallFull, type ToolCallInput, type ToolCallRecord, type ValidatedEndpoint, type Verdict, checkAgentExists, createAtbashClient, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getConfigDir, getConfigPath, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, loadAgent, loadAgentFromFile, loadUserConfig, logToolCall, resolve, resolveKeyPath, saveUserConfig, toPubkeyHex, validateJudgeEndpoint, verifyJudgeResponseSignature };

package/dist/index.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 type Verdict = "ALLOW" | "HOLD" | "BLOCK" | "No verdict";
-type Provider = "atbash" | "openai" | "google" | "microsoft" | "custom" | (string & {});
+type Provider = "openai" | "google" | "microsoft" | "custom" | (string & {});
 type Tier = "audit" | "audit_plus" | "enforcement" | (string & {});
 type ActionType = "allow" | "hold_for_user_confirm" | "block" | (string & {});
 type PubkeyValue = string | Buffer | {
@@ -148,7 +148,7 @@ interface AtbashClientConfig {
     };
 }
-declare const DEFAULT_ENDPOINT = "https://atbash.ai";
+declare const DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 declare const DEFAULT_CHROMIA_NODE_URLS: string[];
 declare const DEFAULT_BLOCKCHAIN_RID = "25B41DF620C489349C54944496FF5C6E58CFCEFED0C51658780B67299D40E8ED";
 declare function isValidPrivateKey(hex: string): boolean;
@@ -176,7 +176,7 @@ declare function logToolCall(action: string, context: string, auth: AgentAuth, c
     toolArgsJson?: string;
 }, clientOpts?: ClientOpts): Promise<LogToolCallResult>;
 declare function judgeAction(action: string, context: string | undefined, auth: AgentAuth, opts?: JudgeOptions): Promise<JudgeResult>;
-declare function getJudgmentStatus(judgmentId: string, opts?: ClientOpts): Promise<JudgmentStatus>;
+declare function getJudgmentStatus(judgmentId: string, agentPubkey: string, opts?: ClientOpts): Promise<JudgmentStatus>;
 declare function getToolCalls(maxCount: number, opts?: ClientOpts): Promise<ToolCallRecord[]>;
 declare function getOrgToolCalls(orgName: string, maxCount: number, opts?: ClientOpts): Promise<ToolCallRecord[]>;
 declare function getAgentToolCalls(agentPubkey: string, maxCount: number, opts?: ClientOpts): Promise<ToolCallRecord[]>;
@@ -204,4 +204,18 @@ declare function verifyJudgeResponseSignature(bodyBytes: Uint8Array, signatureHe
     reason?: string;
 };
-export { type ActionType, type AgentAuth, type AgentPolicy, type AtbashClient, type AtbashClientConfig, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type Decision, type DecisionVerdict, type HeldAction, type HeldActionReview, type JudgeEndpointConfig, type JudgeOptions, type JudgeResult, type JudgmentStatus, type JudgmentStatusState, type LogToolCallResult, type Provider, type PubkeyValue, type Tier, type TierInfo, type ToolCallFull, type ToolCallInput, type ToolCallRecord, type ValidatedEndpoint, type Verdict, checkAgentExists, createAtbashClient, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, loadAgent, loadAgentFromFile, logToolCall, resolveKeyPath, toPubkeyHex, validateJudgeEndpoint, verifyJudgeResponseSignature };
+interface AtbashUserConfig {
+    agentKey?: string;
+    orgName?: string;
+    judgeEndpoint?: string;
+    blockchainRid?: string;
+    provider?: string;
+    providerModel?: string;
+}
+declare function getConfigDir(): string;
+declare function getConfigPath(): string;
+declare function loadUserConfig(): AtbashUserConfig;
+declare function saveUserConfig(config: AtbashUserConfig): void;
+declare function resolve(key: keyof AtbashUserConfig, flagValue?: string): string;
+export { type ActionType, type AgentAuth, type AgentPolicy, type AtbashClient, type AtbashClientConfig, type AtbashUserConfig, type ChainOpts, type ClientOpts, DEFAULT_BLOCKCHAIN_RID, DEFAULT_CHROMIA_NODE_URLS, DEFAULT_ENDPOINT, type Decision, type DecisionVerdict, type HeldAction, type HeldActionReview, type JudgeEndpointConfig, type JudgeOptions, type JudgeResult, type JudgmentStatus, type JudgmentStatusState, type LogToolCallResult, type Provider, type PubkeyValue, type Tier, type TierInfo, type ToolCallFull, type ToolCallInput, type ToolCallRecord, type ValidatedEndpoint, type Verdict, checkAgentExists, createAtbashClient, derivePublicKey, generateKeyPair, getAgentDetail, getAgentPolicy, getAgentToolCalls, getConfigDir, getConfigPath, getHeldActionReviews, getJudgmentStatus, getOrgTierInfo, getOrgToolCalls, getPendingHeldActions, getSafetyStats, getToolCallCount, getToolCallFull, getToolCalls, isValidPrivateKey, judgeAction, loadAgent, loadAgentFromFile, loadUserConfig, logToolCall, resolve, resolveKeyPath, saveUserConfig, toPubkeyHex, validateJudgeEndpoint, verifyJudgeResponseSignature };

package/dist/index.js CHANGED Viewed

@@ -30,7 +30,7 @@ function verifyJudgeResponseSignature(bodyBytes, signatureHex, pubKeyHex) {
 // src/client.ts
 var { createClient, encryption: encryption2, newSignatureProvider } = postchain2;
-var DEFAULT_ENDPOINT = "https://atbash.ai";
+var DEFAULT_ENDPOINT = "https://chromia-verified-ai-dev-two.vercel.app";
 var DEFAULT_CHROMIA_NODE_URLS = [
   "https://node6.testnet.chromia.com:7740",
   "https://node7.testnet.chromia.com:7740",
@@ -270,8 +270,8 @@ async function judgeAction(action, context = "", auth, opts) {
     on_chain: Boolean(data.on_chain)
   };
 }
-async function getJudgmentStatus(judgmentId, opts) {
-  const url = `${baseUrl(opts)}/api/v1/judge?tool_call_id=${encodeURIComponent(judgmentId)}`;
+async function getJudgmentStatus(judgmentId, agentPubkey, opts) {
+  const url = `${baseUrl(opts)}/api/v1/judge?tool_call_id=${encodeURIComponent(judgmentId)}&agent_pubkey=${encodeURIComponent(agentPubkey)}`;
   const data = await getJson(url, opts);
   return {
     status: normalizeStatus(data.status),
@@ -477,6 +477,77 @@ function loadAgentFromFile(keyPath) {
   return loadAgent(privKey);
 }
+// src/redact-secrets.ts
+var PATTERNS = [
+  { kind: "anthropic", re: /\bsk-ant-[A-Za-z0-9_-]{20,}/g },
+  { kind: "openai_project", re: /\bsk-proj-[A-Za-z0-9_-]{20,}/g },
+  { kind: "openai", re: /\bsk-[A-Za-z0-9]{20,}/g },
+  { kind: "github", re: /\b(?:gh[pousr]|github_pat)_[A-Za-z0-9_]{30,}/g },
+  { kind: "google", re: /\bAIza[0-9A-Za-z_-]{35}/g },
+  { kind: "google_oauth", re: /\bya29\.[0-9A-Za-z_-]{20,}/g },
+  {
+    kind: "aws_access_key",
+    re: /\b(?:AKIA|ASIA|AGPA|AROA|ANPA|ANVA|ASCA|AIDA|AIPA)[0-9A-Z]{16}\b/g
+  },
+  { kind: "stripe", re: /\b(?:sk|rk|pk)_(?:live|test)_[A-Za-z0-9]{20,}/g },
+  { kind: "slack", re: /\bxox[abprseo]-[A-Za-z0-9-]{10,}/g },
+  {
+    kind: "slack_webhook",
+    re: /https:\/\/hooks\.slack\.com\/services\/T[A-Za-z0-9]+\/B[A-Za-z0-9]+\/[A-Za-z0-9]{20,}/g
+  },
+  { kind: "sendgrid", re: /\bSG\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}/g },
+  { kind: "twilio_sid", re: /\bAC[0-9a-fA-F]{32}\b/g },
+  { kind: "mailgun", re: /\bkey-[0-9a-f]{32}\b/g },
+  { kind: "npm_token", re: /\bnpm_[A-Za-z0-9]{36,}\b/g },
+  { kind: "jwt", re: /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g },
+  {
+    kind: "private_key_pem",
+    re: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g
+  },
+  {
+    kind: "aws_secret_key",
+    re: /(?:aws[_-]?secret|secret[_-]?access[_-]?key)["'\s:=]{1,10}[A-Za-z0-9/+=]{40}/gi
+  },
+  {
+    kind: "generic_token",
+    re: /\b(?=[A-Za-z0-9_-]*[0-9])(?=[A-Za-z0-9_-]*[A-Za-z])(?![0-9a-fA-F]+$)[A-Za-z0-9_-]{32,}\b/g
+  },
+  {
+    kind: "base64",
+    re: /(?<![A-Za-z0-9+/])(?=[A-Za-z0-9+/]*[+/])(?=[A-Za-z0-9+/]*[0-9])(?=[A-Za-z0-9+/]*[A-Za-z])[A-Za-z0-9+/]{40,}={0,2}(?![A-Za-z0-9+/=])/g
+  },
+  {
+    kind: "context_secret",
+    re: /(?<![A-Za-z0-9_])(?:api[_-]?key|api[_-]?secret|access[_-]?token|refresh[_-]?token|auth[_-]?token|client[_-]?secret|password|passwd|pwd|secret|token|credential|private[_-]?key)["']?\s*[:=]\s*["']?([A-Za-z0-9+/=._-]{12,})(?=["'\s,;)\]}>]|$)/gi,
+    groupOnly: true
+  },
+  {
+    kind: "bearer",
+    re: /(?<![A-Za-z0-9_])Bearer\s+([A-Za-z0-9._-]{20,})\b/gi,
+    groupOnly: true
+  }
+];
+function redactSecrets(input) {
+  if (!input) return { redacted: input ?? "", found: [] };
+  const found = [];
+  let working = input;
+  for (const { kind, re, groupOnly } of PATTERNS) {
+    if (groupOnly) {
+      working = working.replace(re, (full, value) => {
+        if (typeof value !== "string" || !value) return full;
+        found.push({ kind, length: value.length });
+        return full.replace(value, `[REDACTED:${kind}]`);
+      });
+    } else {
+      working = working.replace(re, (m) => {
+        found.push({ kind, length: m.length });
+        return `[REDACTED:${kind}]`;
+      });
+    }
+  }
+  return { redacted: working, found };
+}
 // src/factory.ts
 function createAtbashClient(config = {}) {
   const validated = validateJudgeEndpoint(config.judge);
@@ -513,9 +584,23 @@ function createAtbashClient(config = {}) {
         return fail("key load failed, blocking for safety");
       }
       const toolName = input.toolName || "unknown";
-      const argsJson = stringifyArgs(input.args);
+      const argsRedaction = redactSecrets(stringifyArgs(input.args));
+      const ctxRedaction = redactSecrets(input.context ?? toolName);
+      const argsJson = argsRedaction.redacted;
       const actionText = truncate(argsJson);
-      const contextText = input.context ?? toolName;
+      const contextText = ctxRedaction.redacted;
+      const totalRedactions = argsRedaction.found.length + ctxRedaction.found.length;
+      if (totalRedactions > 0) {
+        const kinds = [.../* @__PURE__ */ new Set([
+          ...argsRedaction.found.map((f) => f.kind),
+          ...ctxRedaction.found.map((f) => f.kind)
+        ])];
+        logger.warn?.("[atbash] redacted secrets before judge call", {
+          tool: toolName,
+          count: totalRedactions,
+          kinds
+        });
+      }
       try {
         logger.info?.("[atbash] judge API called", { tool: toolName });
         const result = await judgeAction(actionText, contextText, agent, {
@@ -585,6 +670,56 @@ function truncate(text) {
   if (text.length <= MAX_ACTION_LEN) return text;
   return text.slice(0, MAX_ACTION_LEN) + "\u2026";
 }
+// src/user-config.ts
+import { readFileSync as readFileSync2, writeFileSync, mkdirSync, existsSync } from "fs";
+import { homedir as homedir2 } from "os";
+import { join as join2 } from "path";
+var ENV_MAP = {
+  agentKey: "ATBASH_AGENT_KEY",
+  orgName: "ATBASH_ORG_NAME",
+  judgeEndpoint: "ATBASH_ENDPOINT",
+  blockchainRid: "ATBASH_BLOCKCHAIN_RID",
+  provider: "ATBASH_PROVIDER",
+  providerModel: "ATBASH_PROVIDER_MODEL"
+};
+function getConfigDir() {
+  const home = process.env.HOME || homedir2() || "";
+  return join2(home, ".config", "atbash");
+}
+function getConfigPath() {
+  return join2(getConfigDir(), "config.json");
+}
+function loadUserConfig() {
+  try {
+    const p = getConfigPath();
+    if (!existsSync(p)) return {};
+    const raw = readFileSync2(p, "utf-8").trim();
+    if (!raw) return {};
+    return JSON.parse(raw);
+  } catch (err) {
+    console.error("Failed to load config file", err);
+    return {};
+  }
+}
+function saveUserConfig(config) {
+  const dir = getConfigDir();
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  writeFileSync(getConfigPath(), JSON.stringify(config, null, 2) + "\n", "utf-8");
+}
+function resolve(key, flagValue) {
+  if (flagValue) return flagValue;
+  const envName = ENV_MAP[key];
+  if (envName) {
+    const envVal = process.env[envName];
+    if (envVal) return envVal;
+  }
+  const fileVal = loadUserConfig()[key];
+  if (fileVal != null) return String(fileVal);
+  return "";
+}
 export {
   DEFAULT_BLOCKCHAIN_RID,
   DEFAULT_CHROMIA_NODE_URLS,
@@ -596,6 +731,8 @@ export {
   getAgentDetail,
   getAgentPolicy,
   getAgentToolCalls,
+  getConfigDir,
+  getConfigPath,
   getHeldActionReviews,
   getJudgmentStatus,
   getOrgTierInfo,
@@ -609,8 +746,11 @@ export {
   judgeAction,
   loadAgent,
   loadAgentFromFile,
+  loadUserConfig,
   logToolCall,
+  resolve,
   resolveKeyPath,
+  saveUserConfig,
   toPubkeyHex,
   validateJudgeEndpoint,
   verifyJudgeResponseSignature

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@atbash/sdk",
-  "version": "0.3.7",
+  "version": "0.3.9-dev.1",
   "description": "Atbash SDK — control boundary before the last irreversible step in an agent workflow",
   "homepage": "https://atbash.ai",
   "author": "Atbash",