@vorim/sdk 3.5.0 → 3.6.1

package/dist/integrations/langgraph.cjs

@@ -0,0 +1,200 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/integrations/langgraph.ts
+var langgraph_exports = {};
+__export(langgraph_exports, {
+  wrapGraphTool: () => wrapGraphTool,
+  wrapGraphTools: () => wrapGraphTools
+});
+module.exports = __toCommonJS(langgraph_exports);
+
+// src/replay.ts
+function jcsCanonicalise(value) {
+  if (value === null) return "null";
+  if (value === true) return "true";
+  if (value === false) return "false";
+  if (typeof value === "number") {
+    if (!Number.isFinite(value)) {
+      throw new Error("jcsCanonicalise: NaN and Infinity are not JCS-valid");
+    }
+    return value.toString();
+  }
+  if (typeof value === "string") {
+    return JSON.stringify(value);
+  }
+  if (Array.isArray(value)) {
+    return "[" + value.map(jcsCanonicalise).join(",") + "]";
+  }
+  if (typeof value === "object") {
+    const obj = value;
+    const keys = Object.keys(obj).filter((k) => obj[k] !== void 0).sort();
+    const parts = keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalise(obj[k]));
+    return "{" + parts.join(",") + "}";
+  }
+  throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);
+}
+async function sha256Hex(input) {
+  const bytes = typeof input === "string" ? new TextEncoder().encode(input) : input;
+  const subtle = globalThis.crypto?.subtle;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", bytes);
+    return Array.from(new Uint8Array(buf)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const nodeCrypto = await import("crypto");
+  return nodeCrypto.createHash("sha256").update(bytes).digest("hex");
+}
+async function hashTool(tool) {
+  const normalised = {
+    name: tool.name,
+    description: tool.description ?? "",
+    schema: tool.schema ?? {}
+  };
+  const hex = await sha256Hex(jcsCanonicalise(normalised));
+  return `sha256:${hex}`;
+}
+async function hashToolCatalogue(tools) {
+  if (tools.length === 0) {
+    return `sha256:${await sha256Hex("[]")}`;
+  }
+  const perTool = await Promise.all(tools.map(hashTool));
+  perTool.sort();
+  const hex = await sha256Hex(perTool.join(""));
+  return `sha256:${hex}`;
+}
+async function hashSystemPrompt(prompt) {
+  const hex = await sha256Hex(prompt);
+  return `sha256:${hex}`;
+}
+async function prepareReplayContext(inputs) {
+  const ctx = {};
+  if (inputs.modelVersion) ctx.model_version = inputs.modelVersion;
+  if (inputs.tools) ctx.tool_catalogue_hash = await hashToolCatalogue(inputs.tools);
+  if (inputs.systemPrompt) ctx.system_prompt_hash = await hashSystemPrompt(inputs.systemPrompt);
+  return ctx;
+}
+
+// src/integrations/langchain.ts
+function wrapTool(tool, config) {
+  const { vorim, agentId, permissionMap = {}, defaultPermission = "agent:execute", asyncAudit = true, replay, framework = "langchain" } = config;
+  const originalCall = tool._call.bind(tool);
+  const getReplayCtx = makeReplayContextGetter(replay);
+  tool._call = async function vorimGuardedCall(arg, runManager, parentConfig) {
+    const scope = permissionMap[tool.name] ?? defaultPermission;
+    const { allowed, reason } = await vorim.check(agentId, scope);
+    const replayCtx = await getReplayCtx();
+    if (!allowed) {
+      const event2 = {
+        agent_id: agentId,
+        event_type: "tool_call",
+        action: tool.name,
+        resource: truncate(JSON.stringify(arg), 500),
+        permission: scope,
+        result: "denied",
+        metadata: { reason, framework },
+        ...replayCtx
+      };
+      await emitAudit(vorim, event2, asyncAudit);
+      throw new Error(`Vorim: permission denied for "${tool.name}" \u2014 scope "${scope}"${reason ? `: ${reason}` : ""}`);
+    }
+    const start = Date.now();
+    let result;
+    try {
+      result = await originalCall(arg, runManager, parentConfig);
+    } catch (err) {
+      const event2 = {
+        agent_id: agentId,
+        event_type: "tool_call",
+        action: tool.name,
+        resource: truncate(JSON.stringify(arg), 500),
+        permission: scope,
+        result: "error",
+        latency_ms: Date.now() - start,
+        error_code: err instanceof Error ? err.name : "UNKNOWN",
+        metadata: { error: err instanceof Error ? err.message : String(err), framework },
+        ...replayCtx
+      };
+      await emitAudit(vorim, event2, asyncAudit);
+      throw err;
+    }
+    const event = {
+      agent_id: agentId,
+      event_type: "tool_call",
+      action: tool.name,
+      resource: truncate(JSON.stringify(arg), 500),
+      permission: scope,
+      result: "success",
+      latency_ms: Date.now() - start,
+      metadata: { framework },
+      ...replayCtx
+    };
+    await emitAudit(vorim, event, asyncAudit);
+    return result;
+  };
+  return tool;
+}
+function makeReplayContextGetter(replay) {
+  if (!replay) return async () => ({});
+  let cached = null;
+  return () => {
+    if (!cached) cached = prepareReplayContext(replay);
+    return cached;
+  };
+}
+function wrapTools(tools, config) {
+  return tools.map((t) => wrapTool(t, config));
+}
+function truncate(str, max) {
+  return str.length > max ? str.slice(0, max) + "\u2026" : str;
+}
+function emitAudit(vorim, event, async) {
+  if (async) {
+    vorim.emit(event).catch(() => {
+    });
+    return;
+  }
+  return vorim.emit(event).then(() => void 0).catch(() => void 0);
+}
+
+// src/integrations/langgraph.ts
+function wrapGraphTool(tool, config) {
+  return wrapTool(tool, withFramework(config));
+}
+function wrapGraphTools(tools, config) {
+  return wrapTools(tools, withFramework(config));
+}
+function withFramework(config) {
+  return { ...config, framework: config.framework ?? "langgraph" };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  wrapGraphTool,
+  wrapGraphTools
+});
+//# sourceMappingURL=langgraph.cjs.map

package/dist/integrations/langgraph.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/integrations/langgraph.ts","../../src/replay.ts","../../src/integrations/langchain.ts"],"sourcesContent":["// ============================================================================\n// VORIM SDK — LangGraph Integration\n// LangGraph builds stateful agent graphs out of LangChain tools. The right\n// place to enforce identity, permissions, and audit is the tool boundary —\n// every time a node executes a tool, it passes through a Vorim gate and emits\n// a signed audit event. This module reuses the LangChain tool wrappers (a\n// LangGraph tool IS a LangChain tool) and tags events with framework\n// \"langgraph\" so your audit trail names the graph correctly.\n//\n// Peer dependency: @langchain/core >=0.3.0 (and @langchain/langgraph to build\n// the graph itself — Vorim does not need it directly).\n//\n// Usage:\n//   import { ToolNode } from '@langchain/langgraph/prebuilt';\n//   import createVorim from '@vorim/sdk';\n//   import { wrapGraphTools } from '@vorim/sdk/integrations/langgraph';\n//\n//   const vorim = createVorim({ apiKey: 'agid_sk_live_...' });\n//   const guarded = wrapGraphTools([searchTool, writeTool], {\n//     vorim, agentId: 'agid_acme_a1b2c3d4',\n//     permissionMap: { writeTool: 'agent:write' },\n//   });\n//   const toolNode = new ToolNode(guarded);   // drop into your StateGraph\n// ============================================================================\n\nimport { wrapTool, wrapTools, type VorimLangChainConfig } from './langchain.js';\n\n/** Config for the LangGraph wrappers (same shape as the LangChain config). */\nexport type VorimLangGraphConfig = VorimLangChainConfig;\n\n/**\n * Wrap a single tool used inside a LangGraph node. Each execution is gated by\n * a Vorim permission (or runtime-control) check and recorded in the signed\n * audit trail under framework \"langgraph\". A denied call throws so the graph\n * records the tool error.\n */\nexport function wrapGraphTool<T>(tool: T, config: VorimLangGraphConfig): T {\n  return wrapTool(tool as any, withFramework(config)) as T;\n}\n\n/**\n * Wrap the array of tools you hand to a ToolNode / prebuilt ReAct agent.\n * Returns the same tools, each guarded.\n */\nexport function wrapGraphTools<T>(tools: T[], config: VorimLangGraphConfig): T[] {\n  return wrapTools(tools as any[], withFramework(config)) as T[];\n}\n\n// Tag audit events as \"langgraph\" (the shared wrapper defaults to\n// 'langchain') so the audit trail names graph runs correctly, without\n// mutating the caller's config object.\nfunction withFramework(config: VorimLangGraphConfig): VorimLangGraphConfig {\n  return { ...config, framework: config.framework ?? 'langgraph' };\n}\n","/**\n * Replayable agent decision evidence helpers.\n *\n * Canonical-form hashing for the VAIP -02 schema fields that the SDK\n * attaches to audit events. The hashes recorded in audit_events.tool_catalogue_hash\n * and audit_events.system_prompt_hash use these functions, so the bytes\n * an auditor or counterparty reconstructs must match what the SDK produced.\n *\n * These helpers are intentionally separate from the signing path. The\n * v0 canonical signature form (event_type|action|resource|input_hash|\n * output_hash|result) does NOT cover model_version, tool_catalogue_hash,\n * or system_prompt_hash. They will enter the canonical bytes in v1\n * (RFC 8785 JCS) in a follow-up release.\n *\n * Stable across SDK versions: the canonical-form version is documented\n * in CANONICAL_TOOL_CATALOGUE_VERSION. Future changes get a v2 etc;\n * never edit the existing v1 logic, or already-recorded hashes lose\n * their meaning.\n */\n\n// ─── Versioning ───────────────────────────────────────────────────────────\n\n/**\n * Canonical-form version for tool catalogue hashes produced by this SDK.\n * Recorded in tool_catalogue_canon_version on the event metadata (when\n * the metadata field is used) so verifiers know which hash recipe to\n * reproduce. Increment ONLY if the algorithm changes in a way that\n * would change the hash for the same logical catalogue.\n */\nexport const CANONICAL_TOOL_CATALOGUE_VERSION = 'v1' as const;\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/**\n * Minimum shape a tool needs for catalogue hashing. The framework\n * integrations adapt their native tool objects to this shape before\n * calling hashToolCatalogue.\n */\nexport interface CatalogueTool {\n  /** The name the model sees and calls. Required. */\n  name: string;\n  /** Human-readable description shown to the model. Optional; absent ↔ empty string. */\n  description?: string;\n  /**\n   * JSON Schema describing the tool's input parameters. Optional;\n   * absent ↔ empty object `{}`. The schema gets RFC 8785 JCS-canonicalised\n   * before hashing so semantically-equivalent variations (key order,\n   * whitespace) produce the same hash.\n   */\n  schema?: Record<string, unknown> | null;\n}\n\n// ─── RFC 8785 JCS subset ──────────────────────────────────────────────────\n\n/**\n * RFC 8785 JSON Canonicalization Scheme, sufficient subset for tool\n * catalogue values.\n *\n * Rules:\n *  - Object keys sorted lexicographically by UTF-16 code units (which\n *    is what JS string comparison does naturally).\n *  - No whitespace between tokens.\n *  - Numbers: integers as integers, finite floats per ECMAScript\n *    Number.prototype.toString. JCS forbids NaN and Infinity.\n *  - Strings: JSON-escape using minimal set per RFC 8259 § 7.\n *  - null, true, false, arrays: as JSON.stringify produces them, since\n *    JSON.stringify already produces the canonical form for these.\n *\n * Not vendoring a full library because tool schemas don't carry\n * non-integer numbers in practice and the JS spec for Number.toString\n * happens to coincide with JCS § 3.2.2.2 for the integer case.\n */\nexport function jcsCanonicalise(value: unknown): string {\n  if (value === null) return 'null';\n  if (value === true) return 'true';\n  if (value === false) return 'false';\n\n  if (typeof value === 'number') {\n    if (!Number.isFinite(value)) {\n      throw new Error('jcsCanonicalise: NaN and Infinity are not JCS-valid');\n    }\n    // For integers in safe range, .toString() matches JCS. For\n    // non-integer floats, .toString() also matches in modern JS\n    // engines (V8, JavaScriptCore, SpiderMonkey all use the shortest\n    // round-trip representation, which is what JCS § 3.2.2.2 requires).\n    return value.toString();\n  }\n\n  if (typeof value === 'string') {\n    return JSON.stringify(value);\n  }\n\n  if (Array.isArray(value)) {\n    return '[' + value.map(jcsCanonicalise).join(',') + ']';\n  }\n\n  if (typeof value === 'object') {\n    const obj = value as Record<string, unknown>;\n    // Filter undefined-valued fields, matching @vorim/verify and\n    // @vorim/shared-types. Without this the SDK throws on { a: 1, b: undefined }\n    // while the verifier silently drops b — a cross-module canonical-form\n    // divergence that would break signature verification on such events.\n    const keys = Object.keys(obj).filter(k => obj[k] !== undefined).sort();\n    const parts = keys.map(k => JSON.stringify(k) + ':' + jcsCanonicalise(obj[k]));\n    return '{' + parts.join(',') + '}';\n  }\n\n  // undefined, function, symbol, bigint — not JSON-representable\n  throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);\n}\n\n// ─── SHA-256 ──────────────────────────────────────────────────────────────\n\nasync function sha256Hex(input: string | Uint8Array): Promise<string> {\n  const bytes = typeof input === 'string' ? new TextEncoder().encode(input) : input;\n\n  // Node.js Web Crypto (Node 18+) supports digest. Browser Web Crypto does too.\n  // Fall back to node:crypto if Web Crypto is unavailable.\n  const subtle = (globalThis as any).crypto?.subtle;\n  if (subtle) {\n    const buf = await subtle.digest('SHA-256', bytes);\n    return Array.from(new Uint8Array(buf))\n      .map(b => b.toString(16).padStart(2, '0'))\n      .join('');\n  }\n\n  // Node fallback\n  const nodeCrypto = await import('node:crypto');\n  return nodeCrypto.createHash('sha256').update(bytes).digest('hex');\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/**\n * Hash a single tool definition. Returns `sha256:<hex>`.\n *\n * Canonical form (v1):\n *   JCS-canonicalised JSON of `{name, description, schema}` where\n *   absent fields substitute `description: \"\"` and `schema: {}`.\n */\nexport async function hashTool(tool: CatalogueTool): Promise<string> {\n  const normalised = {\n    name: tool.name,\n    description: tool.description ?? '',\n    schema: tool.schema ?? {},\n  };\n  const hex = await sha256Hex(jcsCanonicalise(normalised));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash an entire tool catalogue. Returns `sha256:<hex>`.\n *\n * Reordering tools does NOT change the hash (tool hashes sorted\n * lexicographically before concatenation). Adding, removing, or\n * modifying a tool DOES change the hash.\n *\n * Per-tool hashing first means a verifier comparing two catalogue\n * hashes that differ can also be given the per-tool hashes to\n * identify which specific tool changed.\n */\nexport async function hashToolCatalogue(tools: CatalogueTool[]): Promise<string> {\n  if (tools.length === 0) {\n    // Empty catalogue has a deterministic, stable hash distinct from \"no field\"\n    return `sha256:${await sha256Hex('[]')}`;\n  }\n  const perTool = await Promise.all(tools.map(hashTool));\n  perTool.sort();\n  const hex = await sha256Hex(perTool.join(''));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash a system prompt. Returns `sha256:<hex>`.\n *\n * The prompt is UTF-8 encoded and hashed verbatim — no normalisation.\n * If a caller wants to ignore whitespace or comment differences, they\n * should normalise before calling. The intent here is deterministic\n * reproducibility, not semantic equivalence.\n */\nexport async function hashSystemPrompt(prompt: string): Promise<string> {\n  const hex = await sha256Hex(prompt);\n  return `sha256:${hex}`;\n}\n\n/**\n * Convenience: hash the previous event's canonical bytes for use in\n * the prev_event_hash field of hash-chained ingest. Caller provides\n * the canonical bytes (use canonicalPayloadV0 from the main module).\n */\nexport async function hashPreviousEvent(canonicalBytes: string): Promise<string> {\n  const hex = await sha256Hex(canonicalBytes);\n  return `sha256:${hex}`;\n}\n\n// ─── Replay context — framework integration helper ────────────────────────\n\n/**\n * Raw inputs the integration captures from the framework. Set by the\n * integration's config; turned into hashes by {@link prepareReplayContext}.\n */\nexport interface ReplayInputs {\n  /** Stable identifier for the model. E.g. `\"anthropic:claude-opus-4-8\"`. */\n  modelVersion?: string;\n  /** Tools available to the agent at call time. Hashed via {@link hashToolCatalogue}. */\n  tools?: CatalogueTool[];\n  /** System prompt active at call time. Hashed via {@link hashSystemPrompt}. */\n  systemPrompt?: string;\n}\n\n/**\n * Pre-computed hashes ready to attach to audit events. The three keys\n * match the audit_events column names.\n */\nexport interface ReplayContext {\n  model_version?: string;\n  tool_catalogue_hash?: string;\n  system_prompt_hash?: string;\n}\n\n/**\n * Compute replay context once from raw inputs. Use at integration\n * setup time so each emit can attach the hashes without re-hashing.\n *\n * Returns an object suitable for spreading into an AuditEventInput:\n *   `await vorim.emit({ ...event, ...replayContext })`\n *\n * If a field is absent in the inputs, it is absent in the result\n * (not the empty string). That keeps the event lean.\n */\nexport async function prepareReplayContext(\n  inputs: ReplayInputs,\n): Promise<ReplayContext> {\n  const ctx: ReplayContext = {};\n  if (inputs.modelVersion) ctx.model_version = inputs.modelVersion;\n  if (inputs.tools) ctx.tool_catalogue_hash = await hashToolCatalogue(inputs.tools);\n  if (inputs.systemPrompt) ctx.system_prompt_hash = await hashSystemPrompt(inputs.systemPrompt);\n  return ctx;\n}\n","// ============================================================================\n// VORIM SDK — LangChain / LangGraph JS Integration\n// Provides tool wrapping with permission checks + audit trail,\n// a callback handler for observability, and a factory for creating\n// Vorim-secured LangGraph ReAct agents.\n//\n// Peer dependencies:\n//   @langchain/core >=0.3.0\n//   @langchain/langgraph >=0.2.0\n// ============================================================================\n\nimport type { VorimSDK } from '../index.js';\nimport type { PermissionScope, AuditEventInput } from '../types.js';\nimport {\n  prepareReplayContext,\n  type ReplayInputs,\n  type ReplayContext,\n  type CatalogueTool,\n} from '../replay.js';\n\n// ─── Re-declared LangChain types (peer dependency — not bundled) ──────────\n// These mirror the actual types from @langchain/core so consumers don't\n// need to import them separately for basic usage.\n\n/** Minimal subset of @langchain/core Serialized */\ninterface Serialized {\n  lc: number;\n  type: string;\n  id: string[];\n  kwargs?: Record<string, unknown>;\n}\n\n// ─── Configuration ────────────────────────────────────────────────────────\n\nexport interface VorimLangChainConfig {\n  /** Vorim SDK instance. */\n  vorim: VorimSDK;\n  /** The Vorim agent_id to associate with this LangChain agent. */\n  agentId: string;\n  /** Map tool names → Vorim permission scopes. Unmapped tools default to 'agent:execute'. */\n  permissionMap?: Record<string, PermissionScope>;\n  /** Default permission scope for tools not in permissionMap. @default 'agent:execute' */\n  defaultPermission?: PermissionScope;\n  /** Whether to emit audit events asynchronously (fire-and-forget). @default true */\n  asyncAudit?: boolean;\n  /**\n   * Framework name recorded on each audit event's metadata. Defaults to\n   * 'langchain'. The LangGraph wrapper sets this to 'langgraph' so the audit\n   * trail names the graph correctly while reusing this tool-wrapping logic.\n   * @default 'langchain'\n   */\n  framework?: string;\n  /**\n   * Replayable agent decision evidence (VAIP -02). When provided, the\n   * hashes of the model version, tool catalogue, and system prompt are\n   * attached to every emitted audit event so an auditor can later\n   * reproduce the agent's decision context.\n   *\n   * Hashes are computed once on first emit and cached for subsequent\n   * emits in this config's lifetime.\n   *\n   * These fields are NOT covered by the v0 canonical signature form;\n   * advisory only until v1 (RFC 8785 JCS) lands.\n   */\n  replay?: ReplayInputs;\n}\n\n// ─── Tool Wrapper ─────────────────────────────────────────────────────────\n\n/**\n * Wraps a LangChain `StructuredTool` (or `DynamicStructuredTool`) with\n * Vorim permission checks before execution and audit event emission after.\n *\n * Works with any tool that has `name`, `description`, `schema`, and `_call`.\n *\n * @example\n * ```ts\n * import { DynamicStructuredTool } from \"@langchain/core/tools\";\n * import { wrapTool } from \"@vorim/sdk/integrations/langchain\";\n *\n * const guarded = wrapTool(myTool, {\n *   vorim, agentId: \"agid_acme_a1b2c3d4\",\n *   permissionMap: { search_docs: \"agent:read\" },\n * });\n * ```\n */\nexport function wrapTool<T extends LangChainTool>(\n  tool: T,\n  config: VorimLangChainConfig,\n): T {\n  const { vorim, agentId, permissionMap = {}, defaultPermission = 'agent:execute', asyncAudit = true, replay, framework = 'langchain' } = config;\n\n  const originalCall = tool._call.bind(tool);\n  const getReplayCtx = makeReplayContextGetter(replay);\n\n  // Override _call to inject permission check + audit\n  (tool as any)._call = async function vorimGuardedCall(\n    arg: unknown,\n    runManager?: unknown,\n    parentConfig?: unknown,\n  ): Promise<unknown> {\n    const scope = permissionMap[tool.name] ?? defaultPermission;\n\n    // 1. Permission check\n    const { allowed, reason } = await vorim.check(agentId, scope);\n    const replayCtx = await getReplayCtx();\n\n    if (!allowed) {\n      const event: AuditEventInput = {\n        agent_id: agentId,\n        event_type: 'tool_call',\n        action: tool.name,\n        resource: truncate(JSON.stringify(arg), 500),\n        permission: scope,\n        result: 'denied',\n        metadata: { reason, framework },\n        ...replayCtx,\n      };\n      await emitAudit(vorim, event, asyncAudit);\n      throw new Error(`Vorim: permission denied for \"${tool.name}\" — scope \"${scope}\"${reason ? `: ${reason}` : ''}`);\n    }\n\n    // 2. Execute the original tool\n    const start = Date.now();\n    let result: unknown;\n    try {\n      result = await originalCall(arg, runManager, parentConfig);\n    } catch (err) {\n      const event: AuditEventInput = {\n        agent_id: agentId,\n        event_type: 'tool_call',\n        action: tool.name,\n        resource: truncate(JSON.stringify(arg), 500),\n        permission: scope,\n        result: 'error',\n        latency_ms: Date.now() - start,\n        error_code: err instanceof Error ? err.name : 'UNKNOWN',\n        metadata: { error: err instanceof Error ? err.message : String(err), framework },\n        ...replayCtx,\n      };\n      await emitAudit(vorim, event, asyncAudit);\n      throw err;\n    }\n\n    // 3. Audit success\n    const event: AuditEventInput = {\n      agent_id: agentId,\n      event_type: 'tool_call',\n      action: tool.name,\n      resource: truncate(JSON.stringify(arg), 500),\n      permission: scope,\n      result: 'success',\n      latency_ms: Date.now() - start,\n      metadata: { framework },\n      ...replayCtx,\n    };\n    await emitAudit(vorim, event, asyncAudit);\n\n    return result;\n  };\n\n  return tool;\n}\n\n/**\n * Lazy-cached replay context getter. The hashes are computed once on\n * first call and reused for subsequent calls in this closure's lifetime.\n * Returns an empty object when no `replay` config was provided so the\n * spread is a no-op.\n */\nfunction makeReplayContextGetter(replay: ReplayInputs | undefined): () => Promise<ReplayContext> {\n  if (!replay) return async () => ({});\n  let cached: Promise<ReplayContext> | null = null;\n  return () => {\n    if (!cached) cached = prepareReplayContext(replay);\n    return cached;\n  };\n}\n\n/**\n * Wraps an array of LangChain tools with Vorim permission + audit.\n */\nexport function wrapTools<T extends LangChainTool>(\n  tools: T[],\n  config: VorimLangChainConfig,\n): T[] {\n  return tools.map(t => wrapTool(t, config));\n}\n\n// ─── Callback Handler ─────────────────────────────────────────────────────\n\n/**\n * LangChain callback handler that emits Vorim audit events for every\n * tool invocation. This is a **non-intrusive** observability layer —\n * it does not block or modify tool execution.\n *\n * Attach it to any LangChain invoke/stream call:\n * ```ts\n * const handler = new VorimCallbackHandler(vorim, \"agid_acme_a1b2c3d4\");\n * await agent.invoke({ messages }, { callbacks: [handler] });\n * ```\n */\nexport class VorimCallbackHandler {\n  name = 'VorimCallbackHandler';\n  private vorim: VorimSDK;\n  private agentId: string;\n  private runMap = new Map<string, { tool: string; input: string; startTime: number }>();\n  private getReplayCtx: () => Promise<ReplayContext>;\n\n  // Flags to satisfy BaseCallbackHandler interface\n  ignoreLLM = true;\n  ignoreChain = true;\n  ignoreAgent = true;\n  ignoreRetriever = true;\n  ignoreCustomEvent = true;\n  lc_serializable = false;\n\n  get lc_id(): string[] { return ['vorim', 'callbacks', 'VorimCallbackHandler']; }\n  get lc_namespace(): string[] { return ['vorim', 'callbacks']; }\n\n  /**\n   * @param vorim Vorim SDK instance.\n   * @param agentId The Vorim agent_id whose actions this callback audits.\n   * @param replay Optional replayable-evidence inputs. Same shape as\n   *               {@link VorimLangChainConfig.replay}; hashes are\n   *               computed once and attached to every audit event.\n   */\n  constructor(vorim: VorimSDK, agentId: string, replay?: ReplayInputs) {\n    this.vorim = vorim;\n    this.agentId = agentId;\n    this.getReplayCtx = makeReplayContextGetter(replay);\n  }\n\n  async handleToolStart(\n    tool: Serialized,\n    input: string,\n    runId: string,\n    _parentRunId?: string,\n    _tags?: string[],\n    _metadata?: Record<string, unknown>,\n    runName?: string,\n  ): Promise<void> {\n    const toolName = runName ?? tool.id?.[tool.id.length - 1] ?? 'unknown';\n    this.runMap.set(runId, { tool: toolName, input, startTime: Date.now() });\n  }\n\n  async handleToolEnd(\n    _output: unknown,\n    runId: string,\n  ): Promise<void> {\n    const run = this.runMap.get(runId);\n    if (!run) return;\n    this.runMap.delete(runId);\n    const replayCtx = await this.getReplayCtx();\n\n    await this.vorim.emit({\n      agent_id: this.agentId,\n      event_type: 'tool_call',\n      action: run.tool,\n      resource: truncate(run.input, 500),\n      result: 'success',\n      latency_ms: Date.now() - run.startTime,\n      metadata: { framework: 'langchain' },\n      ...replayCtx,\n    }).catch(() => {}); // never throw from callback\n  }\n\n  async handleToolError(\n    err: Error,\n    runId: string,\n  ): Promise<void> {\n    const run = this.runMap.get(runId);\n    if (!run) return;\n    this.runMap.delete(runId);\n    const replayCtx = await this.getReplayCtx();\n\n    await this.vorim.emit({\n      agent_id: this.agentId,\n      event_type: 'tool_call',\n      action: run.tool,\n      resource: truncate(run.input, 500),\n      result: 'error',\n      latency_ms: Date.now() - run.startTime,\n      error_code: err.name,\n      metadata: { error: err.message, framework: 'langchain' },\n      ...replayCtx,\n    }).catch(() => {});\n  }\n\n  // Required by BaseCallbackHandler — no-op for events we don't need\n  copy(): VorimCallbackHandler {\n    return new VorimCallbackHandler(this.vorim, this.agentId);\n  }\n\n  toJSON() {\n    return { lc: 1, type: 'not_implemented', id: this.lc_id };\n  }\n\n  toJSONNotImplemented() {\n    return this.toJSON();\n  }\n}\n\n// ─── Agent Factory ────────────────────────────────────────────────────────\n\nexport interface CreateVorimAgentConfig extends VorimLangChainConfig {\n  /** Display name for the agent when registering with Vorim. */\n  name: string;\n  /** Agent capabilities (e.g. [\"web_search\", \"code_execution\"]). */\n  capabilities: string[];\n  /** Initial permission scopes to grant. */\n  scopes: PermissionScope[];\n  /** Optional description. */\n  description?: string;\n}\n\n/**\n * Registers a new agent with Vorim and returns wrapped tools + callback handler\n * ready to use with `createReactAgent` or any LangChain agent.\n *\n * @example\n * ```ts\n * import { createReactAgent } from \"@langchain/langgraph/prebuilt\";\n * import { ChatOpenAI } from \"@langchain/openai\";\n * import { createVorimAgent } from \"@vorim/sdk/integrations/langchain\";\n *\n * const { agentId, tools, callbackHandler } = await createVorimAgent({\n *   vorim,\n *   name: \"research-agent\",\n *   capabilities: [\"web_search\"],\n *   scopes: [\"agent:read\", \"agent:execute\"],\n *   tools: [searchTool, analysisTool],\n * });\n *\n * const agent = createReactAgent({\n *   llm: new ChatOpenAI({ model: \"gpt-4o\" }),\n *   tools,\n * });\n *\n * const result = await agent.invoke(\n *   { messages: [{ role: \"user\", content: \"Research AI trends\" }] },\n *   { callbacks: [callbackHandler] },\n * );\n * ```\n */\nexport async function createVorimAgent<T extends LangChainTool>(config: CreateVorimAgentConfig & { tools: T[] }) {\n  const { vorim, name, capabilities, scopes, description, tools: rawTools, permissionMap, defaultPermission, asyncAudit, replay } = config;\n\n  // Register agent with Vorim\n  const registration = await vorim.register({\n    name,\n    description,\n    capabilities,\n    scopes,\n  });\n\n  const agentId = registration.agent.agent_id;\n\n  // If the caller passed `replay.tools`, use those. Otherwise derive a\n  // tool catalogue from the rawTools we're about to wrap so the\n  // replayable-evidence story works automatically.\n  const derivedReplay: ReplayInputs | undefined = replay\n    ? { ...replay, tools: replay.tools ?? deriveCatalogueFromLangChainTools(rawTools) }\n    : { tools: deriveCatalogueFromLangChainTools(rawTools) };\n\n  const agentConfig: VorimLangChainConfig = {\n    vorim, agentId, permissionMap, defaultPermission, asyncAudit, replay: derivedReplay,\n  };\n\n  // Wrap tools with permission checks\n  const tools = wrapTools(rawTools, agentConfig);\n\n  // Create callback handler for audit trail\n  const callbackHandler = new VorimCallbackHandler(vorim, agentId, derivedReplay);\n\n  return {\n    /** The Vorim agent_id. */\n    agentId,\n    /** The full agent registration result. */\n    registration,\n    /** Tools wrapped with Vorim permission checks + audit. */\n    tools,\n    /** Callback handler for audit trail observability. */\n    callbackHandler,\n    /** The private key (store securely — shown once). */\n    privateKey: registration.private_key,\n  };\n}\n\n// ─── Internal helpers ─────────────────────────────────────────────────────\n\n/** Minimal interface matching any LangChain StructuredTool / DynamicStructuredTool. */\ninterface LangChainTool {\n  name: string;\n  description: string;\n  schema: unknown;\n  _call(arg: any, runManager?: any, parentConfig?: any): Promise<any>;\n}\n\nfunction truncate(str: string, max: number): string {\n  return str.length > max ? str.slice(0, max) + '…' : str;\n}\n\nfunction emitAudit(vorim: VorimSDK, event: AuditEventInput, async: boolean): Promise<void> | void {\n  if (async) {\n    vorim.emit(event).catch(() => {});\n    return;\n  }\n  // asyncAudit=false: return the awaitable so callers can ensure the audit\n  // event is persisted before the process exits.\n  return vorim.emit(event).then(() => undefined).catch(() => undefined);\n}\n\n/**\n * Convert LangChain tools to the catalogue shape used by hashToolCatalogue.\n * Best-effort: LangChain tool schemas can be Zod or plain JSON Schema.\n * If we can't get a serialisable shape, we fall back to `null` schema\n * which the hashing treats as `{}`.\n */\nfunction deriveCatalogueFromLangChainTools(tools: LangChainTool[]): CatalogueTool[] {\n  return tools.map(t => {\n    let schema: Record<string, unknown> | null = null;\n    const raw = t.schema as unknown;\n    if (raw && typeof raw === 'object') {\n      // If it's already plain JSON-serialisable, use it. Otherwise null.\n      try {\n        schema = JSON.parse(JSON.stringify(raw));\n      } catch {\n        schema = null;\n      }\n    }\n    return {\n      name: t.name,\n      description: t.description ?? '',\n      schema,\n    };\n  });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACwEO,SAAS,gBAAgB,OAAwB;AACtD,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,MAAO,QAAO;AAE5B,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI,CAAC,OAAO,SAAS,KAAK,GAAG;AAC3B,YAAM,IAAI,MAAM,qDAAqD;AAAA,IACvE;AAKA,WAAO,MAAM,SAAS;AAAA,EACxB;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,MAAM,IAAI,eAAe,EAAE,KAAK,GAAG,IAAI;AAAA,EACtD;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,MAAM;AAKZ,UAAM,OAAO,OAAO,KAAK,GAAG,EAAE,OAAO,OAAK,IAAI,CAAC,MAAM,MAAS,EAAE,KAAK;AACrE,UAAM,QAAQ,KAAK,IAAI,OAAK,KAAK,UAAU,CAAC,IAAI,MAAM,gBAAgB,IAAI,CAAC,CAAC,CAAC;AAC7E,WAAO,MAAM,MAAM,KAAK,GAAG,IAAI;AAAA,EACjC;AAGA,QAAM,IAAI,MAAM,4CAA4C,OAAO,KAAK,EAAE;AAC5E;AAIA,eAAe,UAAU,OAA6C;AACpE,QAAM,QAAQ,OAAO,UAAU,WAAW,IAAI,YAAY,EAAE,OAAO,KAAK,IAAI;AAI5E,QAAM,SAAU,WAAmB,QAAQ;AAC3C,MAAI,QAAQ;AACV,UAAM,MAAM,MAAM,OAAO,OAAO,WAAW,KAAK;AAChD,WAAO,MAAM,KAAK,IAAI,WAAW,GAAG,CAAC,EAClC,IAAI,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EACxC,KAAK,EAAE;AAAA,EACZ;AAGA,QAAM,aAAa,MAAM,OAAO,QAAa;AAC7C,SAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO,KAAK;AACnE;AAWA,eAAsB,SAAS,MAAsC;AACnE,QAAM,aAAa;AAAA,IACjB,MAAM,KAAK;AAAA,IACX,aAAa,KAAK,eAAe;AAAA,IACjC,QAAQ,KAAK,UAAU,CAAC;AAAA,EAC1B;AACA,QAAM,MAAM,MAAM,UAAU,gBAAgB,UAAU,CAAC;AACvD,SAAO,UAAU,GAAG;AACtB;AAaA,eAAsB,kBAAkB,OAAyC;AAC/E,MAAI,MAAM,WAAW,GAAG;AAEtB,WAAO,UAAU,MAAM,UAAU,IAAI,CAAC;AAAA,EACxC;AACA,QAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,QAAQ,CAAC;AACrD,UAAQ,KAAK;AACb,QAAM,MAAM,MAAM,UAAU,QAAQ,KAAK,EAAE,CAAC;AAC5C,SAAO,UAAU,GAAG;AACtB;AAUA,eAAsB,iBAAiB,QAAiC;AACtE,QAAM,MAAM,MAAM,UAAU,MAAM;AAClC,SAAO,UAAU,GAAG;AACtB;AA+CA,eAAsB,qBACpB,QACwB;AACxB,QAAM,MAAqB,CAAC;AAC5B,MAAI,OAAO,aAAc,KAAI,gBAAgB,OAAO;AACpD,MAAI,OAAO,MAAO,KAAI,sBAAsB,MAAM,kBAAkB,OAAO,KAAK;AAChF,MAAI,OAAO,aAAc,KAAI,qBAAqB,MAAM,iBAAiB,OAAO,YAAY;AAC5F,SAAO;AACT;;;ACxJO,SAAS,SACd,MACA,QACG;AACH,QAAM,EAAE,OAAO,SAAS,gBAAgB,CAAC,GAAG,oBAAoB,iBAAiB,aAAa,MAAM,QAAQ,YAAY,YAAY,IAAI;AAExI,QAAM,eAAe,KAAK,MAAM,KAAK,IAAI;AACzC,QAAM,eAAe,wBAAwB,MAAM;AAGnD,EAAC,KAAa,QAAQ,eAAe,iBACnC,KACA,YACA,cACkB;AAClB,UAAM,QAAQ,cAAc,KAAK,IAAI,KAAK;AAG1C,UAAM,EAAE,SAAS,OAAO,IAAI,MAAM,MAAM,MAAM,SAAS,KAAK;AAC5D,UAAM,YAAY,MAAM,aAAa;AAErC,QAAI,CAAC,SAAS;AACZ,YAAMA,SAAyB;AAAA,QAC7B,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,QAAQ,KAAK;AAAA,QACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,QAC3C,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,UAAU,EAAE,QAAQ,UAAU;AAAA,QAC9B,GAAG;AAAA,MACL;AACA,YAAM,UAAU,OAAOA,QAAO,UAAU;AACxC,YAAM,IAAI,MAAM,iCAAiC,KAAK,IAAI,mBAAc,KAAK,IAAI,SAAS,KAAK,MAAM,KAAK,EAAE,EAAE;AAAA,IAChH;AAGA,UAAM,QAAQ,KAAK,IAAI;AACvB,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,aAAa,KAAK,YAAY,YAAY;AAAA,IAC3D,SAAS,KAAK;AACZ,YAAMA,SAAyB;AAAA,QAC7B,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,QAAQ,KAAK;AAAA,QACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,QAC3C,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,YAAY,KAAK,IAAI,IAAI;AAAA,QACzB,YAAY,eAAe,QAAQ,IAAI,OAAO;AAAA,QAC9C,UAAU,EAAE,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,GAAG,UAAU;AAAA,QAC/E,GAAG;AAAA,MACL;AACA,YAAM,UAAU,OAAOA,QAAO,UAAU;AACxC,YAAM;AAAA,IACR;AAGA,UAAM,QAAyB;AAAA,MAC7B,UAAU;AAAA,MACV,YAAY;AAAA,MACZ,QAAQ,KAAK;AAAA,MACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,MAC3C,YAAY;AAAA,MACZ,QAAQ;AAAA,MACR,YAAY,KAAK,IAAI,IAAI;AAAA,MACzB,UAAU,EAAE,UAAU;AAAA,MACtB,GAAG;AAAA,IACL;AACA,UAAM,UAAU,OAAO,OAAO,UAAU;AAExC,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAQA,SAAS,wBAAwB,QAAgE;AAC/F,MAAI,CAAC,OAAQ,QAAO,aAAa,CAAC;AAClC,MAAI,SAAwC;AAC5C,SAAO,MAAM;AACX,QAAI,CAAC,OAAQ,UAAS,qBAAqB,MAAM;AACjD,WAAO;AAAA,EACT;AACF;AAKO,SAAS,UACd,OACA,QACK;AACL,SAAO,MAAM,IAAI,OAAK,SAAS,GAAG,MAAM,CAAC;AAC3C;AAoNA,SAAS,SAAS,KAAa,KAAqB;AAClD,SAAO,IAAI,SAAS,MAAM,IAAI,MAAM,GAAG,GAAG,IAAI,WAAM;AACtD;AAEA,SAAS,UAAU,OAAiB,OAAwB,OAAsC;AAChG,MAAI,OAAO;AACT,UAAM,KAAK,KAAK,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAChC;AAAA,EACF;AAGA,SAAO,MAAM,KAAK,KAAK,EAAE,KAAK,MAAM,MAAS,EAAE,MAAM,MAAM,MAAS;AACtE;;;AFvXO,SAAS,cAAiB,MAAS,QAAiC;AACzE,SAAO,SAAS,MAAa,cAAc,MAAM,CAAC;AACpD;AAMO,SAAS,eAAkB,OAAY,QAAmC;AAC/E,SAAO,UAAU,OAAgB,cAAc,MAAM,CAAC;AACxD;AAKA,SAAS,cAAc,QAAoD;AACzE,SAAO,EAAE,GAAG,QAAQ,WAAW,OAAO,aAAa,YAAY;AACjE;","names":["event"]}

package/dist/integrations/langgraph.d.cts

@@ -0,0 +1,20 @@
+import { VorimLangChainConfig } from './langchain.cjs';
+import '../types-B22WnXEW.cjs';
+import '../index.cjs';
+
+/** Config for the LangGraph wrappers (same shape as the LangChain config). */
+type VorimLangGraphConfig = VorimLangChainConfig;
+/**
+ * Wrap a single tool used inside a LangGraph node. Each execution is gated by
+ * a Vorim permission (or runtime-control) check and recorded in the signed
+ * audit trail under framework "langgraph". A denied call throws so the graph
+ * records the tool error.
+ */
+declare function wrapGraphTool<T>(tool: T, config: VorimLangGraphConfig): T;
+/**
+ * Wrap the array of tools you hand to a ToolNode / prebuilt ReAct agent.
+ * Returns the same tools, each guarded.
+ */
+declare function wrapGraphTools<T>(tools: T[], config: VorimLangGraphConfig): T[];
+
+export { type VorimLangGraphConfig, wrapGraphTool, wrapGraphTools };

package/dist/integrations/langgraph.d.ts

@@ -0,0 +1,20 @@
+import { VorimLangChainConfig } from './langchain.js';
+import '../types-B22WnXEW.js';
+import '../index.js';
+
+/** Config for the LangGraph wrappers (same shape as the LangChain config). */
+type VorimLangGraphConfig = VorimLangChainConfig;
+/**
+ * Wrap a single tool used inside a LangGraph node. Each execution is gated by
+ * a Vorim permission (or runtime-control) check and recorded in the signed
+ * audit trail under framework "langgraph". A denied call throws so the graph
+ * records the tool error.
+ */
+declare function wrapGraphTool<T>(tool: T, config: VorimLangGraphConfig): T;
+/**
+ * Wrap the array of tools you hand to a ToolNode / prebuilt ReAct agent.
+ * Returns the same tools, each guarded.
+ */
+declare function wrapGraphTools<T>(tools: T[], config: VorimLangGraphConfig): T[];
+
+export { type VorimLangGraphConfig, wrapGraphTool, wrapGraphTools };

package/dist/integrations/langgraph.js

@@ -0,0 +1,162 @@
+// src/replay.ts
+function jcsCanonicalise(value) {
+  if (value === null) return "null";
+  if (value === true) return "true";
+  if (value === false) return "false";
+  if (typeof value === "number") {
+    if (!Number.isFinite(value)) {
+      throw new Error("jcsCanonicalise: NaN and Infinity are not JCS-valid");
+    }
+    return value.toString();
+  }
+  if (typeof value === "string") {
+    return JSON.stringify(value);
+  }
+  if (Array.isArray(value)) {
+    return "[" + value.map(jcsCanonicalise).join(",") + "]";
+  }
+  if (typeof value === "object") {
+    const obj = value;
+    const keys = Object.keys(obj).filter((k) => obj[k] !== void 0).sort();
+    const parts = keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalise(obj[k]));
+    return "{" + parts.join(",") + "}";
+  }
+  throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);
+}
+async function sha256Hex(input) {
+  const bytes = typeof input === "string" ? new TextEncoder().encode(input) : input;
+  const subtle = globalThis.crypto?.subtle;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", bytes);
+    return Array.from(new Uint8Array(buf)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const nodeCrypto = await import("crypto");
+  return nodeCrypto.createHash("sha256").update(bytes).digest("hex");
+}
+async function hashTool(tool) {
+  const normalised = {
+    name: tool.name,
+    description: tool.description ?? "",
+    schema: tool.schema ?? {}
+  };
+  const hex = await sha256Hex(jcsCanonicalise(normalised));
+  return `sha256:${hex}`;
+}
+async function hashToolCatalogue(tools) {
+  if (tools.length === 0) {
+    return `sha256:${await sha256Hex("[]")}`;
+  }
+  const perTool = await Promise.all(tools.map(hashTool));
+  perTool.sort();
+  const hex = await sha256Hex(perTool.join(""));
+  return `sha256:${hex}`;
+}
+async function hashSystemPrompt(prompt) {
+  const hex = await sha256Hex(prompt);
+  return `sha256:${hex}`;
+}
+async function prepareReplayContext(inputs) {
+  const ctx = {};
+  if (inputs.modelVersion) ctx.model_version = inputs.modelVersion;
+  if (inputs.tools) ctx.tool_catalogue_hash = await hashToolCatalogue(inputs.tools);
+  if (inputs.systemPrompt) ctx.system_prompt_hash = await hashSystemPrompt(inputs.systemPrompt);
+  return ctx;
+}
+
+// src/integrations/langchain.ts
+function wrapTool(tool, config) {
+  const { vorim, agentId, permissionMap = {}, defaultPermission = "agent:execute", asyncAudit = true, replay, framework = "langchain" } = config;
+  const originalCall = tool._call.bind(tool);
+  const getReplayCtx = makeReplayContextGetter(replay);
+  tool._call = async function vorimGuardedCall(arg, runManager, parentConfig) {
+    const scope = permissionMap[tool.name] ?? defaultPermission;
+    const { allowed, reason } = await vorim.check(agentId, scope);
+    const replayCtx = await getReplayCtx();
+    if (!allowed) {
+      const event2 = {
+        agent_id: agentId,
+        event_type: "tool_call",
+        action: tool.name,
+        resource: truncate(JSON.stringify(arg), 500),
+        permission: scope,
+        result: "denied",
+        metadata: { reason, framework },
+        ...replayCtx
+      };
+      await emitAudit(vorim, event2, asyncAudit);
+      throw new Error(`Vorim: permission denied for "${tool.name}" \u2014 scope "${scope}"${reason ? `: ${reason}` : ""}`);
+    }
+    const start = Date.now();
+    let result;
+    try {
+      result = await originalCall(arg, runManager, parentConfig);
+    } catch (err) {
+      const event2 = {
+        agent_id: agentId,
+        event_type: "tool_call",
+        action: tool.name,
+        resource: truncate(JSON.stringify(arg), 500),
+        permission: scope,
+        result: "error",
+        latency_ms: Date.now() - start,
+        error_code: err instanceof Error ? err.name : "UNKNOWN",
+        metadata: { error: err instanceof Error ? err.message : String(err), framework },
+        ...replayCtx
+      };
+      await emitAudit(vorim, event2, asyncAudit);
+      throw err;
+    }
+    const event = {
+      agent_id: agentId,
+      event_type: "tool_call",
+      action: tool.name,
+      resource: truncate(JSON.stringify(arg), 500),
+      permission: scope,
+      result: "success",
+      latency_ms: Date.now() - start,
+      metadata: { framework },
+      ...replayCtx
+    };
+    await emitAudit(vorim, event, asyncAudit);
+    return result;
+  };
+  return tool;
+}
+function makeReplayContextGetter(replay) {
+  if (!replay) return async () => ({});
+  let cached = null;
+  return () => {
+    if (!cached) cached = prepareReplayContext(replay);
+    return cached;
+  };
+}
+function wrapTools(tools, config) {
+  return tools.map((t) => wrapTool(t, config));
+}
+function truncate(str, max) {
+  return str.length > max ? str.slice(0, max) + "\u2026" : str;
+}
+function emitAudit(vorim, event, async) {
+  if (async) {
+    vorim.emit(event).catch(() => {
+    });
+    return;
+  }
+  return vorim.emit(event).then(() => void 0).catch(() => void 0);
+}
+
+// src/integrations/langgraph.ts
+function wrapGraphTool(tool, config) {
+  return wrapTool(tool, withFramework(config));
+}
+function wrapGraphTools(tools, config) {
+  return wrapTools(tools, withFramework(config));
+}
+function withFramework(config) {
+  return { ...config, framework: config.framework ?? "langgraph" };
+}
+export {
+  wrapGraphTool,
+  wrapGraphTools
+};
+//# sourceMappingURL=langgraph.js.map

package/dist/integrations/langgraph.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/replay.ts","../../src/integrations/langchain.ts","../../src/integrations/langgraph.ts"],"sourcesContent":["/**\n * Replayable agent decision evidence helpers.\n *\n * Canonical-form hashing for the VAIP -02 schema fields that the SDK\n * attaches to audit events. The hashes recorded in audit_events.tool_catalogue_hash\n * and audit_events.system_prompt_hash use these functions, so the bytes\n * an auditor or counterparty reconstructs must match what the SDK produced.\n *\n * These helpers are intentionally separate from the signing path. The\n * v0 canonical signature form (event_type|action|resource|input_hash|\n * output_hash|result) does NOT cover model_version, tool_catalogue_hash,\n * or system_prompt_hash. They will enter the canonical bytes in v1\n * (RFC 8785 JCS) in a follow-up release.\n *\n * Stable across SDK versions: the canonical-form version is documented\n * in CANONICAL_TOOL_CATALOGUE_VERSION. Future changes get a v2 etc;\n * never edit the existing v1 logic, or already-recorded hashes lose\n * their meaning.\n */\n\n// ─── Versioning ───────────────────────────────────────────────────────────\n\n/**\n * Canonical-form version for tool catalogue hashes produced by this SDK.\n * Recorded in tool_catalogue_canon_version on the event metadata (when\n * the metadata field is used) so verifiers know which hash recipe to\n * reproduce. Increment ONLY if the algorithm changes in a way that\n * would change the hash for the same logical catalogue.\n */\nexport const CANONICAL_TOOL_CATALOGUE_VERSION = 'v1' as const;\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/**\n * Minimum shape a tool needs for catalogue hashing. The framework\n * integrations adapt their native tool objects to this shape before\n * calling hashToolCatalogue.\n */\nexport interface CatalogueTool {\n  /** The name the model sees and calls. Required. */\n  name: string;\n  /** Human-readable description shown to the model. Optional; absent ↔ empty string. */\n  description?: string;\n  /**\n   * JSON Schema describing the tool's input parameters. Optional;\n   * absent ↔ empty object `{}`. The schema gets RFC 8785 JCS-canonicalised\n   * before hashing so semantically-equivalent variations (key order,\n   * whitespace) produce the same hash.\n   */\n  schema?: Record<string, unknown> | null;\n}\n\n// ─── RFC 8785 JCS subset ──────────────────────────────────────────────────\n\n/**\n * RFC 8785 JSON Canonicalization Scheme, sufficient subset for tool\n * catalogue values.\n *\n * Rules:\n *  - Object keys sorted lexicographically by UTF-16 code units (which\n *    is what JS string comparison does naturally).\n *  - No whitespace between tokens.\n *  - Numbers: integers as integers, finite floats per ECMAScript\n *    Number.prototype.toString. JCS forbids NaN and Infinity.\n *  - Strings: JSON-escape using minimal set per RFC 8259 § 7.\n *  - null, true, false, arrays: as JSON.stringify produces them, since\n *    JSON.stringify already produces the canonical form for these.\n *\n * Not vendoring a full library because tool schemas don't carry\n * non-integer numbers in practice and the JS spec for Number.toString\n * happens to coincide with JCS § 3.2.2.2 for the integer case.\n */\nexport function jcsCanonicalise(value: unknown): string {\n  if (value === null) return 'null';\n  if (value === true) return 'true';\n  if (value === false) return 'false';\n\n  if (typeof value === 'number') {\n    if (!Number.isFinite(value)) {\n      throw new Error('jcsCanonicalise: NaN and Infinity are not JCS-valid');\n    }\n    // For integers in safe range, .toString() matches JCS. For\n    // non-integer floats, .toString() also matches in modern JS\n    // engines (V8, JavaScriptCore, SpiderMonkey all use the shortest\n    // round-trip representation, which is what JCS § 3.2.2.2 requires).\n    return value.toString();\n  }\n\n  if (typeof value === 'string') {\n    return JSON.stringify(value);\n  }\n\n  if (Array.isArray(value)) {\n    return '[' + value.map(jcsCanonicalise).join(',') + ']';\n  }\n\n  if (typeof value === 'object') {\n    const obj = value as Record<string, unknown>;\n    // Filter undefined-valued fields, matching @vorim/verify and\n    // @vorim/shared-types. Without this the SDK throws on { a: 1, b: undefined }\n    // while the verifier silently drops b — a cross-module canonical-form\n    // divergence that would break signature verification on such events.\n    const keys = Object.keys(obj).filter(k => obj[k] !== undefined).sort();\n    const parts = keys.map(k => JSON.stringify(k) + ':' + jcsCanonicalise(obj[k]));\n    return '{' + parts.join(',') + '}';\n  }\n\n  // undefined, function, symbol, bigint — not JSON-representable\n  throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);\n}\n\n// ─── SHA-256 ──────────────────────────────────────────────────────────────\n\nasync function sha256Hex(input: string | Uint8Array): Promise<string> {\n  const bytes = typeof input === 'string' ? new TextEncoder().encode(input) : input;\n\n  // Node.js Web Crypto (Node 18+) supports digest. Browser Web Crypto does too.\n  // Fall back to node:crypto if Web Crypto is unavailable.\n  const subtle = (globalThis as any).crypto?.subtle;\n  if (subtle) {\n    const buf = await subtle.digest('SHA-256', bytes);\n    return Array.from(new Uint8Array(buf))\n      .map(b => b.toString(16).padStart(2, '0'))\n      .join('');\n  }\n\n  // Node fallback\n  const nodeCrypto = await import('node:crypto');\n  return nodeCrypto.createHash('sha256').update(bytes).digest('hex');\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/**\n * Hash a single tool definition. Returns `sha256:<hex>`.\n *\n * Canonical form (v1):\n *   JCS-canonicalised JSON of `{name, description, schema}` where\n *   absent fields substitute `description: \"\"` and `schema: {}`.\n */\nexport async function hashTool(tool: CatalogueTool): Promise<string> {\n  const normalised = {\n    name: tool.name,\n    description: tool.description ?? '',\n    schema: tool.schema ?? {},\n  };\n  const hex = await sha256Hex(jcsCanonicalise(normalised));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash an entire tool catalogue. Returns `sha256:<hex>`.\n *\n * Reordering tools does NOT change the hash (tool hashes sorted\n * lexicographically before concatenation). Adding, removing, or\n * modifying a tool DOES change the hash.\n *\n * Per-tool hashing first means a verifier comparing two catalogue\n * hashes that differ can also be given the per-tool hashes to\n * identify which specific tool changed.\n */\nexport async function hashToolCatalogue(tools: CatalogueTool[]): Promise<string> {\n  if (tools.length === 0) {\n    // Empty catalogue has a deterministic, stable hash distinct from \"no field\"\n    return `sha256:${await sha256Hex('[]')}`;\n  }\n  const perTool = await Promise.all(tools.map(hashTool));\n  perTool.sort();\n  const hex = await sha256Hex(perTool.join(''));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash a system prompt. Returns `sha256:<hex>`.\n *\n * The prompt is UTF-8 encoded and hashed verbatim — no normalisation.\n * If a caller wants to ignore whitespace or comment differences, they\n * should normalise before calling. The intent here is deterministic\n * reproducibility, not semantic equivalence.\n */\nexport async function hashSystemPrompt(prompt: string): Promise<string> {\n  const hex = await sha256Hex(prompt);\n  return `sha256:${hex}`;\n}\n\n/**\n * Convenience: hash the previous event's canonical bytes for use in\n * the prev_event_hash field of hash-chained ingest. Caller provides\n * the canonical bytes (use canonicalPayloadV0 from the main module).\n */\nexport async function hashPreviousEvent(canonicalBytes: string): Promise<string> {\n  const hex = await sha256Hex(canonicalBytes);\n  return `sha256:${hex}`;\n}\n\n// ─── Replay context — framework integration helper ────────────────────────\n\n/**\n * Raw inputs the integration captures from the framework. Set by the\n * integration's config; turned into hashes by {@link prepareReplayContext}.\n */\nexport interface ReplayInputs {\n  /** Stable identifier for the model. E.g. `\"anthropic:claude-opus-4-8\"`. */\n  modelVersion?: string;\n  /** Tools available to the agent at call time. Hashed via {@link hashToolCatalogue}. */\n  tools?: CatalogueTool[];\n  /** System prompt active at call time. Hashed via {@link hashSystemPrompt}. */\n  systemPrompt?: string;\n}\n\n/**\n * Pre-computed hashes ready to attach to audit events. The three keys\n * match the audit_events column names.\n */\nexport interface ReplayContext {\n  model_version?: string;\n  tool_catalogue_hash?: string;\n  system_prompt_hash?: string;\n}\n\n/**\n * Compute replay context once from raw inputs. Use at integration\n * setup time so each emit can attach the hashes without re-hashing.\n *\n * Returns an object suitable for spreading into an AuditEventInput:\n *   `await vorim.emit({ ...event, ...replayContext })`\n *\n * If a field is absent in the inputs, it is absent in the result\n * (not the empty string). That keeps the event lean.\n */\nexport async function prepareReplayContext(\n  inputs: ReplayInputs,\n): Promise<ReplayContext> {\n  const ctx: ReplayContext = {};\n  if (inputs.modelVersion) ctx.model_version = inputs.modelVersion;\n  if (inputs.tools) ctx.tool_catalogue_hash = await hashToolCatalogue(inputs.tools);\n  if (inputs.systemPrompt) ctx.system_prompt_hash = await hashSystemPrompt(inputs.systemPrompt);\n  return ctx;\n}\n","// ============================================================================\n// VORIM SDK — LangChain / LangGraph JS Integration\n// Provides tool wrapping with permission checks + audit trail,\n// a callback handler for observability, and a factory for creating\n// Vorim-secured LangGraph ReAct agents.\n//\n// Peer dependencies:\n//   @langchain/core >=0.3.0\n//   @langchain/langgraph >=0.2.0\n// ============================================================================\n\nimport type { VorimSDK } from '../index.js';\nimport type { PermissionScope, AuditEventInput } from '../types.js';\nimport {\n  prepareReplayContext,\n  type ReplayInputs,\n  type ReplayContext,\n  type CatalogueTool,\n} from '../replay.js';\n\n// ─── Re-declared LangChain types (peer dependency — not bundled) ──────────\n// These mirror the actual types from @langchain/core so consumers don't\n// need to import them separately for basic usage.\n\n/** Minimal subset of @langchain/core Serialized */\ninterface Serialized {\n  lc: number;\n  type: string;\n  id: string[];\n  kwargs?: Record<string, unknown>;\n}\n\n// ─── Configuration ────────────────────────────────────────────────────────\n\nexport interface VorimLangChainConfig {\n  /** Vorim SDK instance. */\n  vorim: VorimSDK;\n  /** The Vorim agent_id to associate with this LangChain agent. */\n  agentId: string;\n  /** Map tool names → Vorim permission scopes. Unmapped tools default to 'agent:execute'. */\n  permissionMap?: Record<string, PermissionScope>;\n  /** Default permission scope for tools not in permissionMap. @default 'agent:execute' */\n  defaultPermission?: PermissionScope;\n  /** Whether to emit audit events asynchronously (fire-and-forget). @default true */\n  asyncAudit?: boolean;\n  /**\n   * Framework name recorded on each audit event's metadata. Defaults to\n   * 'langchain'. The LangGraph wrapper sets this to 'langgraph' so the audit\n   * trail names the graph correctly while reusing this tool-wrapping logic.\n   * @default 'langchain'\n   */\n  framework?: string;\n  /**\n   * Replayable agent decision evidence (VAIP -02). When provided, the\n   * hashes of the model version, tool catalogue, and system prompt are\n   * attached to every emitted audit event so an auditor can later\n   * reproduce the agent's decision context.\n   *\n   * Hashes are computed once on first emit and cached for subsequent\n   * emits in this config's lifetime.\n   *\n   * These fields are NOT covered by the v0 canonical signature form;\n   * advisory only until v1 (RFC 8785 JCS) lands.\n   */\n  replay?: ReplayInputs;\n}\n\n// ─── Tool Wrapper ─────────────────────────────────────────────────────────\n\n/**\n * Wraps a LangChain `StructuredTool` (or `DynamicStructuredTool`) with\n * Vorim permission checks before execution and audit event emission after.\n *\n * Works with any tool that has `name`, `description`, `schema`, and `_call`.\n *\n * @example\n * ```ts\n * import { DynamicStructuredTool } from \"@langchain/core/tools\";\n * import { wrapTool } from \"@vorim/sdk/integrations/langchain\";\n *\n * const guarded = wrapTool(myTool, {\n *   vorim, agentId: \"agid_acme_a1b2c3d4\",\n *   permissionMap: { search_docs: \"agent:read\" },\n * });\n * ```\n */\nexport function wrapTool<T extends LangChainTool>(\n  tool: T,\n  config: VorimLangChainConfig,\n): T {\n  const { vorim, agentId, permissionMap = {}, defaultPermission = 'agent:execute', asyncAudit = true, replay, framework = 'langchain' } = config;\n\n  const originalCall = tool._call.bind(tool);\n  const getReplayCtx = makeReplayContextGetter(replay);\n\n  // Override _call to inject permission check + audit\n  (tool as any)._call = async function vorimGuardedCall(\n    arg: unknown,\n    runManager?: unknown,\n    parentConfig?: unknown,\n  ): Promise<unknown> {\n    const scope = permissionMap[tool.name] ?? defaultPermission;\n\n    // 1. Permission check\n    const { allowed, reason } = await vorim.check(agentId, scope);\n    const replayCtx = await getReplayCtx();\n\n    if (!allowed) {\n      const event: AuditEventInput = {\n        agent_id: agentId,\n        event_type: 'tool_call',\n        action: tool.name,\n        resource: truncate(JSON.stringify(arg), 500),\n        permission: scope,\n        result: 'denied',\n        metadata: { reason, framework },\n        ...replayCtx,\n      };\n      await emitAudit(vorim, event, asyncAudit);\n      throw new Error(`Vorim: permission denied for \"${tool.name}\" — scope \"${scope}\"${reason ? `: ${reason}` : ''}`);\n    }\n\n    // 2. Execute the original tool\n    const start = Date.now();\n    let result: unknown;\n    try {\n      result = await originalCall(arg, runManager, parentConfig);\n    } catch (err) {\n      const event: AuditEventInput = {\n        agent_id: agentId,\n        event_type: 'tool_call',\n        action: tool.name,\n        resource: truncate(JSON.stringify(arg), 500),\n        permission: scope,\n        result: 'error',\n        latency_ms: Date.now() - start,\n        error_code: err instanceof Error ? err.name : 'UNKNOWN',\n        metadata: { error: err instanceof Error ? err.message : String(err), framework },\n        ...replayCtx,\n      };\n      await emitAudit(vorim, event, asyncAudit);\n      throw err;\n    }\n\n    // 3. Audit success\n    const event: AuditEventInput = {\n      agent_id: agentId,\n      event_type: 'tool_call',\n      action: tool.name,\n      resource: truncate(JSON.stringify(arg), 500),\n      permission: scope,\n      result: 'success',\n      latency_ms: Date.now() - start,\n      metadata: { framework },\n      ...replayCtx,\n    };\n    await emitAudit(vorim, event, asyncAudit);\n\n    return result;\n  };\n\n  return tool;\n}\n\n/**\n * Lazy-cached replay context getter. The hashes are computed once on\n * first call and reused for subsequent calls in this closure's lifetime.\n * Returns an empty object when no `replay` config was provided so the\n * spread is a no-op.\n */\nfunction makeReplayContextGetter(replay: ReplayInputs | undefined): () => Promise<ReplayContext> {\n  if (!replay) return async () => ({});\n  let cached: Promise<ReplayContext> | null = null;\n  return () => {\n    if (!cached) cached = prepareReplayContext(replay);\n    return cached;\n  };\n}\n\n/**\n * Wraps an array of LangChain tools with Vorim permission + audit.\n */\nexport function wrapTools<T extends LangChainTool>(\n  tools: T[],\n  config: VorimLangChainConfig,\n): T[] {\n  return tools.map(t => wrapTool(t, config));\n}\n\n// ─── Callback Handler ─────────────────────────────────────────────────────\n\n/**\n * LangChain callback handler that emits Vorim audit events for every\n * tool invocation. This is a **non-intrusive** observability layer —\n * it does not block or modify tool execution.\n *\n * Attach it to any LangChain invoke/stream call:\n * ```ts\n * const handler = new VorimCallbackHandler(vorim, \"agid_acme_a1b2c3d4\");\n * await agent.invoke({ messages }, { callbacks: [handler] });\n * ```\n */\nexport class VorimCallbackHandler {\n  name = 'VorimCallbackHandler';\n  private vorim: VorimSDK;\n  private agentId: string;\n  private runMap = new Map<string, { tool: string; input: string; startTime: number }>();\n  private getReplayCtx: () => Promise<ReplayContext>;\n\n  // Flags to satisfy BaseCallbackHandler interface\n  ignoreLLM = true;\n  ignoreChain = true;\n  ignoreAgent = true;\n  ignoreRetriever = true;\n  ignoreCustomEvent = true;\n  lc_serializable = false;\n\n  get lc_id(): string[] { return ['vorim', 'callbacks', 'VorimCallbackHandler']; }\n  get lc_namespace(): string[] { return ['vorim', 'callbacks']; }\n\n  /**\n   * @param vorim Vorim SDK instance.\n   * @param agentId The Vorim agent_id whose actions this callback audits.\n   * @param replay Optional replayable-evidence inputs. Same shape as\n   *               {@link VorimLangChainConfig.replay}; hashes are\n   *               computed once and attached to every audit event.\n   */\n  constructor(vorim: VorimSDK, agentId: string, replay?: ReplayInputs) {\n    this.vorim = vorim;\n    this.agentId = agentId;\n    this.getReplayCtx = makeReplayContextGetter(replay);\n  }\n\n  async handleToolStart(\n    tool: Serialized,\n    input: string,\n    runId: string,\n    _parentRunId?: string,\n    _tags?: string[],\n    _metadata?: Record<string, unknown>,\n    runName?: string,\n  ): Promise<void> {\n    const toolName = runName ?? tool.id?.[tool.id.length - 1] ?? 'unknown';\n    this.runMap.set(runId, { tool: toolName, input, startTime: Date.now() });\n  }\n\n  async handleToolEnd(\n    _output: unknown,\n    runId: string,\n  ): Promise<void> {\n    const run = this.runMap.get(runId);\n    if (!run) return;\n    this.runMap.delete(runId);\n    const replayCtx = await this.getReplayCtx();\n\n    await this.vorim.emit({\n      agent_id: this.agentId,\n      event_type: 'tool_call',\n      action: run.tool,\n      resource: truncate(run.input, 500),\n      result: 'success',\n      latency_ms: Date.now() - run.startTime,\n      metadata: { framework: 'langchain' },\n      ...replayCtx,\n    }).catch(() => {}); // never throw from callback\n  }\n\n  async handleToolError(\n    err: Error,\n    runId: string,\n  ): Promise<void> {\n    const run = this.runMap.get(runId);\n    if (!run) return;\n    this.runMap.delete(runId);\n    const replayCtx = await this.getReplayCtx();\n\n    await this.vorim.emit({\n      agent_id: this.agentId,\n      event_type: 'tool_call',\n      action: run.tool,\n      resource: truncate(run.input, 500),\n      result: 'error',\n      latency_ms: Date.now() - run.startTime,\n      error_code: err.name,\n      metadata: { error: err.message, framework: 'langchain' },\n      ...replayCtx,\n    }).catch(() => {});\n  }\n\n  // Required by BaseCallbackHandler — no-op for events we don't need\n  copy(): VorimCallbackHandler {\n    return new VorimCallbackHandler(this.vorim, this.agentId);\n  }\n\n  toJSON() {\n    return { lc: 1, type: 'not_implemented', id: this.lc_id };\n  }\n\n  toJSONNotImplemented() {\n    return this.toJSON();\n  }\n}\n\n// ─── Agent Factory ────────────────────────────────────────────────────────\n\nexport interface CreateVorimAgentConfig extends VorimLangChainConfig {\n  /** Display name for the agent when registering with Vorim. */\n  name: string;\n  /** Agent capabilities (e.g. [\"web_search\", \"code_execution\"]). */\n  capabilities: string[];\n  /** Initial permission scopes to grant. */\n  scopes: PermissionScope[];\n  /** Optional description. */\n  description?: string;\n}\n\n/**\n * Registers a new agent with Vorim and returns wrapped tools + callback handler\n * ready to use with `createReactAgent` or any LangChain agent.\n *\n * @example\n * ```ts\n * import { createReactAgent } from \"@langchain/langgraph/prebuilt\";\n * import { ChatOpenAI } from \"@langchain/openai\";\n * import { createVorimAgent } from \"@vorim/sdk/integrations/langchain\";\n *\n * const { agentId, tools, callbackHandler } = await createVorimAgent({\n *   vorim,\n *   name: \"research-agent\",\n *   capabilities: [\"web_search\"],\n *   scopes: [\"agent:read\", \"agent:execute\"],\n *   tools: [searchTool, analysisTool],\n * });\n *\n * const agent = createReactAgent({\n *   llm: new ChatOpenAI({ model: \"gpt-4o\" }),\n *   tools,\n * });\n *\n * const result = await agent.invoke(\n *   { messages: [{ role: \"user\", content: \"Research AI trends\" }] },\n *   { callbacks: [callbackHandler] },\n * );\n * ```\n */\nexport async function createVorimAgent<T extends LangChainTool>(config: CreateVorimAgentConfig & { tools: T[] }) {\n  const { vorim, name, capabilities, scopes, description, tools: rawTools, permissionMap, defaultPermission, asyncAudit, replay } = config;\n\n  // Register agent with Vorim\n  const registration = await vorim.register({\n    name,\n    description,\n    capabilities,\n    scopes,\n  });\n\n  const agentId = registration.agent.agent_id;\n\n  // If the caller passed `replay.tools`, use those. Otherwise derive a\n  // tool catalogue from the rawTools we're about to wrap so the\n  // replayable-evidence story works automatically.\n  const derivedReplay: ReplayInputs | undefined = replay\n    ? { ...replay, tools: replay.tools ?? deriveCatalogueFromLangChainTools(rawTools) }\n    : { tools: deriveCatalogueFromLangChainTools(rawTools) };\n\n  const agentConfig: VorimLangChainConfig = {\n    vorim, agentId, permissionMap, defaultPermission, asyncAudit, replay: derivedReplay,\n  };\n\n  // Wrap tools with permission checks\n  const tools = wrapTools(rawTools, agentConfig);\n\n  // Create callback handler for audit trail\n  const callbackHandler = new VorimCallbackHandler(vorim, agentId, derivedReplay);\n\n  return {\n    /** The Vorim agent_id. */\n    agentId,\n    /** The full agent registration result. */\n    registration,\n    /** Tools wrapped with Vorim permission checks + audit. */\n    tools,\n    /** Callback handler for audit trail observability. */\n    callbackHandler,\n    /** The private key (store securely — shown once). */\n    privateKey: registration.private_key,\n  };\n}\n\n// ─── Internal helpers ─────────────────────────────────────────────────────\n\n/** Minimal interface matching any LangChain StructuredTool / DynamicStructuredTool. */\ninterface LangChainTool {\n  name: string;\n  description: string;\n  schema: unknown;\n  _call(arg: any, runManager?: any, parentConfig?: any): Promise<any>;\n}\n\nfunction truncate(str: string, max: number): string {\n  return str.length > max ? str.slice(0, max) + '…' : str;\n}\n\nfunction emitAudit(vorim: VorimSDK, event: AuditEventInput, async: boolean): Promise<void> | void {\n  if (async) {\n    vorim.emit(event).catch(() => {});\n    return;\n  }\n  // asyncAudit=false: return the awaitable so callers can ensure the audit\n  // event is persisted before the process exits.\n  return vorim.emit(event).then(() => undefined).catch(() => undefined);\n}\n\n/**\n * Convert LangChain tools to the catalogue shape used by hashToolCatalogue.\n * Best-effort: LangChain tool schemas can be Zod or plain JSON Schema.\n * If we can't get a serialisable shape, we fall back to `null` schema\n * which the hashing treats as `{}`.\n */\nfunction deriveCatalogueFromLangChainTools(tools: LangChainTool[]): CatalogueTool[] {\n  return tools.map(t => {\n    let schema: Record<string, unknown> | null = null;\n    const raw = t.schema as unknown;\n    if (raw && typeof raw === 'object') {\n      // If it's already plain JSON-serialisable, use it. Otherwise null.\n      try {\n        schema = JSON.parse(JSON.stringify(raw));\n      } catch {\n        schema = null;\n      }\n    }\n    return {\n      name: t.name,\n      description: t.description ?? '',\n      schema,\n    };\n  });\n}\n","// ============================================================================\n// VORIM SDK — LangGraph Integration\n// LangGraph builds stateful agent graphs out of LangChain tools. The right\n// place to enforce identity, permissions, and audit is the tool boundary —\n// every time a node executes a tool, it passes through a Vorim gate and emits\n// a signed audit event. This module reuses the LangChain tool wrappers (a\n// LangGraph tool IS a LangChain tool) and tags events with framework\n// \"langgraph\" so your audit trail names the graph correctly.\n//\n// Peer dependency: @langchain/core >=0.3.0 (and @langchain/langgraph to build\n// the graph itself — Vorim does not need it directly).\n//\n// Usage:\n//   import { ToolNode } from '@langchain/langgraph/prebuilt';\n//   import createVorim from '@vorim/sdk';\n//   import { wrapGraphTools } from '@vorim/sdk/integrations/langgraph';\n//\n//   const vorim = createVorim({ apiKey: 'agid_sk_live_...' });\n//   const guarded = wrapGraphTools([searchTool, writeTool], {\n//     vorim, agentId: 'agid_acme_a1b2c3d4',\n//     permissionMap: { writeTool: 'agent:write' },\n//   });\n//   const toolNode = new ToolNode(guarded);   // drop into your StateGraph\n// ============================================================================\n\nimport { wrapTool, wrapTools, type VorimLangChainConfig } from './langchain.js';\n\n/** Config for the LangGraph wrappers (same shape as the LangChain config). */\nexport type VorimLangGraphConfig = VorimLangChainConfig;\n\n/**\n * Wrap a single tool used inside a LangGraph node. Each execution is gated by\n * a Vorim permission (or runtime-control) check and recorded in the signed\n * audit trail under framework \"langgraph\". A denied call throws so the graph\n * records the tool error.\n */\nexport function wrapGraphTool<T>(tool: T, config: VorimLangGraphConfig): T {\n  return wrapTool(tool as any, withFramework(config)) as T;\n}\n\n/**\n * Wrap the array of tools you hand to a ToolNode / prebuilt ReAct agent.\n * Returns the same tools, each guarded.\n */\nexport function wrapGraphTools<T>(tools: T[], config: VorimLangGraphConfig): T[] {\n  return wrapTools(tools as any[], withFramework(config)) as T[];\n}\n\n// Tag audit events as \"langgraph\" (the shared wrapper defaults to\n// 'langchain') so the audit trail names graph runs correctly, without\n// mutating the caller's config object.\nfunction withFramework(config: VorimLangGraphConfig): VorimLangGraphConfig {\n  return { ...config, framework: config.framework ?? 'langgraph' };\n}\n"],"mappings":";AAwEO,SAAS,gBAAgB,OAAwB;AACtD,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,MAAO,QAAO;AAE5B,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI,CAAC,OAAO,SAAS,KAAK,GAAG;AAC3B,YAAM,IAAI,MAAM,qDAAqD;AAAA,IACvE;AAKA,WAAO,MAAM,SAAS;AAAA,EACxB;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,MAAM,IAAI,eAAe,EAAE,KAAK,GAAG,IAAI;AAAA,EACtD;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,MAAM;AAKZ,UAAM,OAAO,OAAO,KAAK,GAAG,EAAE,OAAO,OAAK,IAAI,CAAC,MAAM,MAAS,EAAE,KAAK;AACrE,UAAM,QAAQ,KAAK,IAAI,OAAK,KAAK,UAAU,CAAC,IAAI,MAAM,gBAAgB,IAAI,CAAC,CAAC,CAAC;AAC7E,WAAO,MAAM,MAAM,KAAK,GAAG,IAAI;AAAA,EACjC;AAGA,QAAM,IAAI,MAAM,4CAA4C,OAAO,KAAK,EAAE;AAC5E;AAIA,eAAe,UAAU,OAA6C;AACpE,QAAM,QAAQ,OAAO,UAAU,WAAW,IAAI,YAAY,EAAE,OAAO,KAAK,IAAI;AAI5E,QAAM,SAAU,WAAmB,QAAQ;AAC3C,MAAI,QAAQ;AACV,UAAM,MAAM,MAAM,OAAO,OAAO,WAAW,KAAK;AAChD,WAAO,MAAM,KAAK,IAAI,WAAW,GAAG,CAAC,EAClC,IAAI,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EACxC,KAAK,EAAE;AAAA,EACZ;AAGA,QAAM,aAAa,MAAM,OAAO,QAAa;AAC7C,SAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO,KAAK;AACnE;AAWA,eAAsB,SAAS,MAAsC;AACnE,QAAM,aAAa;AAAA,IACjB,MAAM,KAAK;AAAA,IACX,aAAa,KAAK,eAAe;AAAA,IACjC,QAAQ,KAAK,UAAU,CAAC;AAAA,EAC1B;AACA,QAAM,MAAM,MAAM,UAAU,gBAAgB,UAAU,CAAC;AACvD,SAAO,UAAU,GAAG;AACtB;AAaA,eAAsB,kBAAkB,OAAyC;AAC/E,MAAI,MAAM,WAAW,GAAG;AAEtB,WAAO,UAAU,MAAM,UAAU,IAAI,CAAC;AAAA,EACxC;AACA,QAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,QAAQ,CAAC;AACrD,UAAQ,KAAK;AACb,QAAM,MAAM,MAAM,UAAU,QAAQ,KAAK,EAAE,CAAC;AAC5C,SAAO,UAAU,GAAG;AACtB;AAUA,eAAsB,iBAAiB,QAAiC;AACtE,QAAM,MAAM,MAAM,UAAU,MAAM;AAClC,SAAO,UAAU,GAAG;AACtB;AA+CA,eAAsB,qBACpB,QACwB;AACxB,QAAM,MAAqB,CAAC;AAC5B,MAAI,OAAO,aAAc,KAAI,gBAAgB,OAAO;AACpD,MAAI,OAAO,MAAO,KAAI,sBAAsB,MAAM,kBAAkB,OAAO,KAAK;AAChF,MAAI,OAAO,aAAc,KAAI,qBAAqB,MAAM,iBAAiB,OAAO,YAAY;AAC5F,SAAO;AACT;;;ACxJO,SAAS,SACd,MACA,QACG;AACH,QAAM,EAAE,OAAO,SAAS,gBAAgB,CAAC,GAAG,oBAAoB,iBAAiB,aAAa,MAAM,QAAQ,YAAY,YAAY,IAAI;AAExI,QAAM,eAAe,KAAK,MAAM,KAAK,IAAI;AACzC,QAAM,eAAe,wBAAwB,MAAM;AAGnD,EAAC,KAAa,QAAQ,eAAe,iBACnC,KACA,YACA,cACkB;AAClB,UAAM,QAAQ,cAAc,KAAK,IAAI,KAAK;AAG1C,UAAM,EAAE,SAAS,OAAO,IAAI,MAAM,MAAM,MAAM,SAAS,KAAK;AAC5D,UAAM,YAAY,MAAM,aAAa;AAErC,QAAI,CAAC,SAAS;AACZ,YAAMA,SAAyB;AAAA,QAC7B,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,QAAQ,KAAK;AAAA,QACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,QAC3C,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,UAAU,EAAE,QAAQ,UAAU;AAAA,QAC9B,GAAG;AAAA,MACL;AACA,YAAM,UAAU,OAAOA,QAAO,UAAU;AACxC,YAAM,IAAI,MAAM,iCAAiC,KAAK,IAAI,mBAAc,KAAK,IAAI,SAAS,KAAK,MAAM,KAAK,EAAE,EAAE;AAAA,IAChH;AAGA,UAAM,QAAQ,KAAK,IAAI;AACvB,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,aAAa,KAAK,YAAY,YAAY;AAAA,IAC3D,SAAS,KAAK;AACZ,YAAMA,SAAyB;AAAA,QAC7B,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,QAAQ,KAAK;AAAA,QACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,QAC3C,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,YAAY,KAAK,IAAI,IAAI;AAAA,QACzB,YAAY,eAAe,QAAQ,IAAI,OAAO;AAAA,QAC9C,UAAU,EAAE,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,GAAG,UAAU;AAAA,QAC/E,GAAG;AAAA,MACL;AACA,YAAM,UAAU,OAAOA,QAAO,UAAU;AACxC,YAAM;AAAA,IACR;AAGA,UAAM,QAAyB;AAAA,MAC7B,UAAU;AAAA,MACV,YAAY;AAAA,MACZ,QAAQ,KAAK;AAAA,MACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,MAC3C,YAAY;AAAA,MACZ,QAAQ;AAAA,MACR,YAAY,KAAK,IAAI,IAAI;AAAA,MACzB,UAAU,EAAE,UAAU;AAAA,MACtB,GAAG;AAAA,IACL;AACA,UAAM,UAAU,OAAO,OAAO,UAAU;AAExC,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAQA,SAAS,wBAAwB,QAAgE;AAC/F,MAAI,CAAC,OAAQ,QAAO,aAAa,CAAC;AAClC,MAAI,SAAwC;AAC5C,SAAO,MAAM;AACX,QAAI,CAAC,OAAQ,UAAS,qBAAqB,MAAM;AACjD,WAAO;AAAA,EACT;AACF;AAKO,SAAS,UACd,OACA,QACK;AACL,SAAO,MAAM,IAAI,OAAK,SAAS,GAAG,MAAM,CAAC;AAC3C;AAoNA,SAAS,SAAS,KAAa,KAAqB;AAClD,SAAO,IAAI,SAAS,MAAM,IAAI,MAAM,GAAG,GAAG,IAAI,WAAM;AACtD;AAEA,SAAS,UAAU,OAAiB,OAAwB,OAAsC;AAChG,MAAI,OAAO;AACT,UAAM,KAAK,KAAK,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAChC;AAAA,EACF;AAGA,SAAO,MAAM,KAAK,KAAK,EAAE,KAAK,MAAM,MAAS,EAAE,MAAM,MAAM,MAAS;AACtE;;;ACvXO,SAAS,cAAiB,MAAS,QAAiC;AACzE,SAAO,SAAS,MAAa,cAAc,MAAM,CAAC;AACpD;AAMO,SAAS,eAAkB,OAAY,QAAmC;AAC/E,SAAO,UAAU,OAAgB,cAAc,MAAM,CAAC;AACxD;AAKA,SAAS,cAAc,QAAoD;AACzE,SAAO,EAAE,GAAG,QAAQ,WAAW,OAAO,aAAa,YAAY;AACjE;","names":["event"]}

package/dist/integrations/llamaindex.cjs

@@ -55,10 +55,9 @@ function jcsCanonicalise(value) {
     return "[" + value.map(jcsCanonicalise).join(",") + "]";
   }
   if (typeof value === "object") {
-    const keys = Object.keys(value).sort();
-    const parts = keys.map((k) => {
-      return JSON.stringify(k) + ":" + jcsCanonicalise(value[k]);
-    });
+    const obj = value;
+    const keys = Object.keys(obj).filter((k) => obj[k] !== void 0).sort();
+    const parts = keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalise(obj[k]));
     return "{" + parts.join(",") + "}";
   }
   throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);