aira-sdk 0.2.2 → 0.3.1

package/README.md

@@ -1,6 +1,6 @@
 # Aira TypeScript SDK
 
-**Legal infrastructure for AI agents.**
+**AI compliance infrastructure for AI agents.**
 
 [![npm version](https://img.shields.io/npm/v/aira-sdk.svg)](https://www.npmjs.com/package/aira-sdk)
 [![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)
@@ -64,7 +64,7 @@ import { Aira } from "aira-sdk";
 import { AiraCallbackHandler } from "aira-sdk/extras/langchain";
 
 const aira = new Aira({ apiKey: "aira_live_xxx" });
-const handler = new AiraCallbackHandler({ client: aira, agentId: "research-agent", modelId: "gpt-4o" });
+const handler = new AiraCallbackHandler({ client: aira, agentId: "research-agent", modelId: "gpt-5.2" });
 
 // Every tool call and chain completion gets a signed receipt
 const result = await chain.invoke({ input: "Analyze Q1 revenue" }, { callbacks: [handler] });
@@ -83,7 +83,7 @@ const middleware = new AiraVercelMiddleware({ client: aira, agentId: "assistant-
 
 // Wrap your Vercel AI calls — receipts at invocation and completion
 const result = await middleware.wrapGenerateText({
-  model: openai("gpt-4o"),
+  model: openai("gpt-5.2"),
   prompt: "Summarize the contract terms",
 });
 ```
@@ -196,7 +196,7 @@ Supported event types: `action.notarized`, `action.authorized`, `agent.registere
 
 ## Core SDK Methods
 
-All 40 methods on `Aira`. Every write operation produces a cryptographic receipt.
+All 52 methods on `Aira`. Every write operation produces a cryptographic receipt.
 
 | Category | Method | Description |
 |---|---|---|
@@ -217,6 +217,16 @@ All 40 methods on `Aira`. Every write operation produces a cryptographic receipt
 | | `decommissionAgent()` | Decommission agent |
 | | `transferAgent()` | Transfer ownership to another org |
 | | `getAgentActions()` | List actions by agent |
+| **Trust Layer** | `getAgentDid()` | Retrieve agent's W3C DID (`did:web`) |
+| | `rotateAgentKeys()` | Rotate agent's Ed25519 signing keys |
+| | `getAgentCredential()` | Get agent's W3C Verifiable Credential |
+| | `verifyCredential()` | Verify a Verifiable Credential |
+| | `revokeCredential()` | Revoke agent's Verifiable Credential |
+| | `requestMutualSign()` | Initiate mutual notarization with counterparty |
+| | `completeMutualSign()` | Complete mutual notarization (counterparty signs) |
+| | `getReputation()` | Get agent reputation score and tier |
+| | `listReputationHistory()` | List reputation score history |
+| | `resolveDid()` | Resolve any DID to its DID Document |
 | **Cases** | `runCase()` | Multi-model consensus adjudication |
 | | `getCase()` | Retrieve case result |
 | | `listCases()` | List cases |
@@ -245,6 +255,125 @@ All 40 methods on `Aira`. Every write operation produces a cryptographic receipt
 
 ---
 
+## Trust Layer
+
+Standards-based identity and trust for agents: W3C DIDs, Verifiable Credentials, mutual notarization, and reputation scoring. Every agent gets a cryptographically verifiable identity that other agents (and humans) can check before interacting.
+
+### DID Identity
+
+Every registered agent gets a W3C-compliant DID (`did:web`):
+
+```typescript
+// Retrieve the agent's DID
+const did = await aira.getAgentDid("my-agent");
+console.log(did);  // "did:web:airaproof.com:agents:my-agent"
+
+// Rotate signing keys (old keys are revoked, new keys are published)
+await aira.rotateAgentKeys("my-agent");
+```
+
+### Verifiable Credentials
+
+```typescript
+// Get the agent's W3C Verifiable Credential
+const vc = await aira.getAgentCredential("my-agent");
+
+// Verify any VC (returns validity, issuer, expiry)
+const result = await aira.verifyCredential(vc);
+console.log(result.valid);  // true
+
+// Revoke a credential
+await aira.revokeCredential("my-agent", { reason: "Agent deprecated" });
+```
+
+### Mutual Notarization
+
+For high-stakes actions, both parties co-sign:
+
+```typescript
+// Agent A initiates — sends a signing request to the counterparty
+const request = await aira.requestMutualSign({
+  actionId: "act-uuid",
+  counterpartyDid: "did:web:partner.com:agents:their-agent",
+});
+
+// Agent B completes — signs the same payload
+const receipt = await aira.completeMutualSign({
+  actionId: "act-uuid",
+  did: "did:web:partner.com:agents:their-agent",
+  signature: "z...",
+  signedPayloadHash: "sha256:...",
+});
+```
+
+### Reputation
+
+```typescript
+const rep = await aira.getReputation("my-agent");
+console.log(rep.score);  // 84
+console.log(rep.tier);   // "Verified"
+```
+
+### Endpoint Verification
+
+Control which external APIs your agents can call. When `endpointUrl` is passed to `notarize()`, Aira checks it against your org's whitelist. Unrecognized endpoints are blocked in strict mode.
+
+#### Notarize with endpointUrl
+
+```typescript
+const receipt = await aira.notarize({
+  actionType: "api_call",
+  details: "Charged customer $49.99 for subscription renewal",
+  agentId: "billing-agent",
+  modelId: "claude-sonnet-4-6",
+  endpointUrl: "https://api.stripe.com/v1/charges",
+});
+```
+
+#### Handle ENDPOINT_NOT_WHITELISTED
+
+```typescript
+import { Aira, AiraError } from "aira-sdk";
+
+try {
+  const receipt = await aira.notarize({
+    actionType: "api_call",
+    details: "Send SMS via new provider",
+    agentId: "notifications-agent",
+    endpointUrl: "https://api.newprovider.com/v1/sms",
+  });
+} catch (e) {
+  if (e instanceof AiraError && e.code === "ENDPOINT_NOT_WHITELISTED") {
+    console.log(`Blocked: ${e.message}`);
+    console.log(`Approval request: ${e.details.approval_id}`);
+    console.log(`Suggested pattern: ${e.details.url_pattern_suggested}`);
+  } else {
+    throw e;
+  }
+}
+```
+
+### Trust Policy in Integrations
+
+Pass a `trustPolicy` to any framework integration to run automated trust checks before agent interactions:
+
+```typescript
+import { AiraCallbackHandler } from "aira-sdk/extras/langchain";
+
+const handler = new AiraCallbackHandler(aira, "research-agent", {
+  modelId: "gpt-5.2",
+  trustPolicy: {
+    verifyCounterparty: true,    // resolve counterparty DID
+    minReputation: 60,           // warn if reputation score below 60
+    requireValidVc: true,        // check Verifiable Credential validity
+    blockRevokedVc: true,        // block if counterparty VC is revoked
+    blockUnregistered: false,    // don't block agents without Aira DIDs
+  },
+});
+```
+
+---
+
 ## Error Handling
 
 ```typescript
@@ -286,7 +415,8 @@ const aira = new Aira({
 
 | Feature | Python | TypeScript |
 |---|---|---|
-| Core API (40 methods) | Yes | Yes |
+| Core API (45+ methods) | Yes | Yes |
+| Trust Layer (DID, VC, Reputation) | Yes | Yes |
 | LangChain | Yes | Yes |
 | CrewAI | Yes | -- (Python-only) |
 | Vercel AI | -- (JS-only) | Yes |

package/dist/client.d.ts

@@ -129,6 +129,38 @@ export declare class Aira {
         tools_used: string[];
         model_id?: string;
     }>;
+    /** Get full DID info for an agent. */
+    getAgentDid(slug: string): Promise<Record<string, unknown>>;
+    /** Rotate an agent's DID keypair. */
+    rotateAgentKeys(slug: string): Promise<Record<string, unknown>>;
+    /** Resolve any did:web DID to its DID document. */
+    resolveDid(did: string): Promise<Record<string, unknown>>;
+    /** Get the current valid VC for an agent. */
+    getAgentCredential(slug: string): Promise<Record<string, unknown>>;
+    /** Get full credential history for an agent. */
+    getAgentCredentials(slug: string): Promise<Record<string, unknown>>;
+    /** Revoke the current credential for an agent. */
+    revokeCredential(slug: string, reason?: string): Promise<Record<string, unknown>>;
+    /** Verify a Verifiable Credential — checks signature, expiry, revocation. */
+    verifyCredential(credential: Record<string, unknown>): Promise<Record<string, unknown>>;
+    /** Initiate a mutual signing request for an action. */
+    requestMutualSign(actionId: string, counterpartyDid: string): Promise<Record<string, unknown>>;
+    /** Get the action payload awaiting counterparty signature. */
+    getPendingMutualSign(actionId: string): Promise<Record<string, unknown>>;
+    /** Submit counterparty signature to complete mutual signing. */
+    completeMutualSign(actionId: string, did: string, signature: string, signedPayloadHash: string): Promise<Record<string, unknown>>;
+    /** Get the co-signed receipt for a mutually signed action. */
+    getMutualSignReceipt(actionId: string): Promise<Record<string, unknown>>;
+    /** Reject a mutual signing request. */
+    rejectMutualSign(actionId: string, reason?: string): Promise<Record<string, unknown>>;
+    /** Get current reputation score for an agent. */
+    getReputation(slug: string): Promise<Record<string, unknown>>;
+    /** Get full reputation history for an agent. */
+    getReputationHistory(slug: string): Promise<Record<string, unknown>>;
+    /** Submit a signed attestation of a successful interaction. */
+    attestReputation(slug: string, counterpartyDid: string, actionId: string, attestation: string, signature: string): Promise<Record<string, unknown>>;
+    /** Verify a reputation score by returning inputs and score_hash. */
+    verifyReputation(slug: string): Promise<Record<string, unknown>>;
     /** Create a scoped session with pre-filled defaults. */
     session(agentId: string, defaults?: Record<string, unknown>): AiraSession;
     /** Number of queued offline requests. */

package/dist/client.js

@@ -259,7 +259,77 @@ class Aira {
     }
     // ==================== Chat ====================
     async ask(message, params) {
-        return this.post("/chat", buildBody({ message, history: params?.history, model: params?.model }));
+        return this.post("/chat", buildBody({ message, history: params?.history, model_id: params?.model }));
+    }
+    // ==================== DID ====================
+    /** Get full DID info for an agent. */
+    async getAgentDid(slug) {
+        return this.get(`/agents/${slug}/did`);
+    }
+    /** Rotate an agent's DID keypair. */
+    async rotateAgentKeys(slug) {
+        return this.post(`/agents/${slug}/did/rotate`, {});
+    }
+    /** Resolve any did:web DID to its DID document. */
+    async resolveDid(did) {
+        return this.post("/dids/resolve", { did });
+    }
+    // ==================== Verifiable Credentials ====================
+    /** Get the current valid VC for an agent. */
+    async getAgentCredential(slug) {
+        return this.get(`/agents/${slug}/credential`);
+    }
+    /** Get full credential history for an agent. */
+    async getAgentCredentials(slug) {
+        return this.get(`/agents/${slug}/credentials`);
+    }
+    /** Revoke the current credential for an agent. */
+    async revokeCredential(slug, reason = "") {
+        return this.post(`/agents/${slug}/credentials/revoke`, { reason });
+    }
+    /** Verify a Verifiable Credential — checks signature, expiry, revocation. */
+    async verifyCredential(credential) {
+        return this.post("/credentials/verify", { credential });
+    }
+    // ==================== Mutual Notarization ====================
+    /** Initiate a mutual signing request for an action. */
+    async requestMutualSign(actionId, counterpartyDid) {
+        return this.post(`/actions/${actionId}/mutual-sign/request`, { counterparty_did: counterpartyDid });
+    }
+    /** Get the action payload awaiting counterparty signature. */
+    async getPendingMutualSign(actionId) {
+        return this.get(`/actions/${actionId}/mutual-sign/pending`);
+    }
+    /** Submit counterparty signature to complete mutual signing. */
+    async completeMutualSign(actionId, did, signature, signedPayloadHash) {
+        return this.post(`/actions/${actionId}/mutual-sign/complete`, { did, signature, signed_payload_hash: signedPayloadHash });
+    }
+    /** Get the co-signed receipt for a mutually signed action. */
+    async getMutualSignReceipt(actionId) {
+        return this.get(`/actions/${actionId}/mutual-sign/receipt`);
+    }
+    /** Reject a mutual signing request. */
+    async rejectMutualSign(actionId, reason = "") {
+        return this.post(`/actions/${actionId}/mutual-sign/reject`, { reason });
+    }
+    // ==================== Reputation ====================
+    /** Get current reputation score for an agent. */
+    async getReputation(slug) {
+        return this.get(`/agents/${slug}/reputation`);
+    }
+    /** Get full reputation history for an agent. */
+    async getReputationHistory(slug) {
+        return this.get(`/agents/${slug}/reputation/history`);
+    }
+    /** Submit a signed attestation of a successful interaction. */
+    async attestReputation(slug, counterpartyDid, actionId, attestation, signature) {
+        return this.post(`/agents/${slug}/reputation/attest`, {
+            counterparty_did: counterpartyDid, action_id: actionId, attestation, signature,
+        });
+    }
+    /** Verify a reputation score by returning inputs and score_hash. */
+    async verifyReputation(slug) {
+        return this.get(`/agents/${slug}/reputation/verify`);
     }
     // ==================== Session ====================
     /** Create a scoped session with pre-filled defaults. */

package/dist/extras/index.d.ts

@@ -17,3 +17,5 @@ export { createServer, getTools, handleToolCall } from "./mcp";
 export type { MCPTool, MCPTextContent } from "./mcp";
 export { verifySignature, parseEvent, WebhookEventType } from "./webhooks";
 export type { WebhookEvent, WebhookEventTypeName } from "./webhooks";
+export { checkTrust } from "./trust";
+export type { TrustPolicy, TrustContext } from "./trust";

package/dist/extras/index.js

@@ -12,7 +12,7 @@
  *   import { verifySignature, parseEvent } from "aira-sdk/extras/webhooks";
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.WebhookEventType = exports.parseEvent = exports.verifySignature = exports.handleToolCall = exports.getTools = exports.createServer = exports.AiraGuardrail = exports.AiraVercelMiddleware = exports.AiraCallbackHandler = void 0;
+exports.checkTrust = exports.WebhookEventType = exports.parseEvent = exports.verifySignature = exports.handleToolCall = exports.getTools = exports.createServer = exports.AiraGuardrail = exports.AiraVercelMiddleware = exports.AiraCallbackHandler = void 0;
 var langchain_1 = require("./langchain");
 Object.defineProperty(exports, "AiraCallbackHandler", { enumerable: true, get: function () { return langchain_1.AiraCallbackHandler; } });
 var vercel_ai_1 = require("./vercel-ai");
@@ -27,3 +27,5 @@ var webhooks_1 = require("./webhooks");
 Object.defineProperty(exports, "verifySignature", { enumerable: true, get: function () { return webhooks_1.verifySignature; } });
 Object.defineProperty(exports, "parseEvent", { enumerable: true, get: function () { return webhooks_1.parseEvent; } });
 Object.defineProperty(exports, "WebhookEventType", { enumerable: true, get: function () { return webhooks_1.WebhookEventType; } });
+var trust_1 = require("./trust");
+Object.defineProperty(exports, "checkTrust", { enumerable: true, get: function () { return trust_1.checkTrust; } });

package/dist/extras/langchain.d.ts

@@ -9,15 +9,24 @@
  *   const chain = someChain.withConfig({ callbacks: [handler] });
  */
 import type { Aira } from "../client";
+import type { TrustPolicy, TrustContext } from "./trust";
+export type { TrustPolicy, TrustContext } from "./trust";
 export declare class AiraCallbackHandler {
     private client;
     private agentId;
     private modelId?;
     private actionTypes;
+    private trustPolicy?;
     constructor(client: Aira, agentId: string, options?: {
         modelId?: string;
         actionTypes?: Record<string, string>;
+        trustPolicy?: TrustPolicy;
     });
+    /**
+     * Check trust for a counterparty agent before interacting.
+     * Advisory by default — only blocks on revoked VC or unregistered agent if configured.
+     */
+    checkTrust(counterpartyId: string): Promise<TrustContext>;
     private notarize;
     /** Called when a tool finishes. */
     handleToolEnd(output: string, name?: string): void;

package/dist/extras/langchain.js

@@ -11,16 +11,19 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AiraCallbackHandler = void 0;
+const trust_1 = require("./trust");
 const MAX_DETAILS = 5000;
 class AiraCallbackHandler {
     client;
     agentId;
     modelId;
     actionTypes;
+    trustPolicy;
     constructor(client, agentId, options) {
         this.client = client;
         this.agentId = agentId;
         this.modelId = options?.modelId;
+        this.trustPolicy = options?.trustPolicy;
         this.actionTypes = {
             tool_end: "tool_call",
             chain_end: "chain_completed",
@@ -28,6 +31,16 @@ class AiraCallbackHandler {
             ...(options?.actionTypes ?? {}),
         };
     }
+    /**
+     * Check trust for a counterparty agent before interacting.
+     * Advisory by default — only blocks on revoked VC or unregistered agent if configured.
+     */
+    async checkTrust(counterpartyId) {
+        if (!this.trustPolicy) {
+            return { counterpartyId, blocked: false, recommendation: "No trust policy configured" };
+        }
+        return (0, trust_1.checkTrust)(this.client, this.trustPolicy, counterpartyId);
+    }
     notarize(actionType, details) {
         try {
             const params = {

package/dist/extras/mcp.js

@@ -51,6 +51,51 @@ function getTools() {
                 required: ["receipt_id"],
             },
         },
+        {
+            name: "resolve_did",
+            description: "Resolve a did:web DID to its DID document",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    did: { type: "string", description: "The DID to resolve (e.g. did:web:airaproof.com:agents:my-agent)" },
+                },
+                required: ["did"],
+            },
+        },
+        {
+            name: "verify_credential",
+            description: "Verify a Verifiable Credential — checks signature, expiry, and revocation status",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    agent_id: { type: "string", description: "Agent slug whose credential to verify" },
+                },
+                required: ["agent_id"],
+            },
+        },
+        {
+            name: "get_reputation",
+            description: "Get the current reputation score and tier for an agent",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    agent_id: { type: "string", description: "Agent slug" },
+                },
+                required: ["agent_id"],
+            },
+        },
+        {
+            name: "request_mutual_sign",
+            description: "Initiate a mutual signing request for an action with a counterparty",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    action_id: { type: "string", description: "Action UUID to co-sign" },
+                    counterparty_did: { type: "string", description: "DID of the counterparty agent" },
+                },
+                required: ["action_id", "counterparty_did"],
+            },
+        },
     ];
 }
 /** Handle an MCP tool call and return text content. */
@@ -73,6 +118,23 @@ async function handleToolCall(client, name, args) {
             const result = await client.getReceipt(args.receipt_id);
             return [{ type: "text", text: JSON.stringify(result) }];
         }
+        if (name === "resolve_did") {
+            const result = await client.resolveDid(args.did);
+            return [{ type: "text", text: JSON.stringify(result) }];
+        }
+        if (name === "verify_credential") {
+            const cred = await client.getAgentCredential(args.agent_id);
+            const result = await client.verifyCredential(cred);
+            return [{ type: "text", text: JSON.stringify(result) }];
+        }
+        if (name === "get_reputation") {
+            const result = await client.getReputation(args.agent_id);
+            return [{ type: "text", text: JSON.stringify(result) }];
+        }
+        if (name === "request_mutual_sign") {
+            const result = await client.requestMutualSign(args.action_id, args.counterparty_did);
+            return [{ type: "text", text: JSON.stringify(result) }];
+        }
         return [{ type: "text", text: JSON.stringify({ error: `Unknown tool: ${name}` }) }];
     }
     catch (e) {

package/dist/extras/openai-agents.d.ts

@@ -9,13 +9,22 @@
  *   guardrail.onToolCall("search", { query: "test" });
  */
 import type { Aira } from "../client";
+import type { TrustPolicy, TrustContext } from "./trust";
+export type { TrustPolicy, TrustContext } from "./trust";
 export declare class AiraGuardrail {
     private client;
     private agentId;
     private modelId?;
+    private trustPolicy?;
     constructor(client: Aira, agentId: string, options?: {
         modelId?: string;
+        trustPolicy?: TrustPolicy;
     });
+    /**
+     * Check trust for a counterparty agent before interacting.
+     * Advisory by default — only blocks on revoked VC or unregistered agent if configured.
+     */
+    checkTrust(counterpartyId: string): Promise<TrustContext>;
     private notarize;
     /** Call after a tool execution to notarize it. */
     onToolCall(toolName: string, args?: Record<string, unknown>): void;

package/dist/extras/openai-agents.js

@@ -11,15 +11,28 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AiraGuardrail = void 0;
+const trust_1 = require("./trust");
 const MAX_DETAILS = 5000;
 class AiraGuardrail {
     client;
     agentId;
     modelId;
+    trustPolicy;
     constructor(client, agentId, options) {
         this.client = client;
         this.agentId = agentId;
         this.modelId = options?.modelId;
+        this.trustPolicy = options?.trustPolicy;
+    }
+    /**
+     * Check trust for a counterparty agent before interacting.
+     * Advisory by default — only blocks on revoked VC or unregistered agent if configured.
+     */
+    async checkTrust(counterpartyId) {
+        if (!this.trustPolicy) {
+            return { counterpartyId, blocked: false, recommendation: "No trust policy configured" };
+        }
+        return (0, trust_1.checkTrust)(this.client, this.trustPolicy, counterpartyId);
     }
     notarize(actionType, details) {
         try {

package/dist/extras/trust.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Trust layer types and helpers shared across all framework integrations.
+ */
+import type { Aira } from "../client";
+/** Policy for automated trust checks before tool execution. */
+export interface TrustPolicy {
+    verifyCounterparty?: boolean;
+    minReputation?: number;
+    requireValidVc?: boolean;
+    blockRevokedVc?: boolean;
+    blockUnregistered?: boolean;
+}
+/** Result of a trust check against a counterparty agent. */
+export interface TrustContext {
+    counterpartyId?: string;
+    didResolved?: boolean;
+    did?: string;
+    vcValid?: boolean | null;
+    reputationScore?: number | null;
+    reputationTier?: string | null;
+    reputationWarning?: string;
+    blocked?: boolean;
+    blockReason?: string;
+    recommendation?: string;
+}
+/**
+ * Run a trust check against a counterparty agent.
+ *
+ * Advisory by default — populates TrustContext with warnings.
+ * Only blocks when `blockRevokedVc` is set and the VC is revoked,
+ * or when `blockUnregistered` is set and the DID cannot be resolved.
+ */
+export declare function checkTrust(client: Aira, policy: TrustPolicy, counterpartyId: string): Promise<TrustContext>;

package/dist/extras/trust.js

@@ -0,0 +1,77 @@
+"use strict";
+/**
+ * Trust layer types and helpers shared across all framework integrations.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkTrust = checkTrust;
+/**
+ * Run a trust check against a counterparty agent.
+ *
+ * Advisory by default — populates TrustContext with warnings.
+ * Only blocks when `blockRevokedVc` is set and the VC is revoked,
+ * or when `blockUnregistered` is set and the DID cannot be resolved.
+ */
+async function checkTrust(client, policy, counterpartyId) {
+    const ctx = {
+        counterpartyId,
+        blocked: false,
+    };
+    // Step 1: Resolve DID
+    if (policy.verifyCounterparty || policy.requireValidVc || policy.blockUnregistered) {
+        try {
+            const didResult = await client.resolveDid(`did:web:airaproof.com:agents:${counterpartyId}`);
+            ctx.didResolved = true;
+            ctx.did = didResult.did;
+        }
+        catch {
+            ctx.didResolved = false;
+            if (policy.blockUnregistered) {
+                ctx.blocked = true;
+                ctx.blockReason = `Agent '${counterpartyId}' DID could not be resolved`;
+                return ctx;
+            }
+            ctx.recommendation = `Could not resolve DID for '${counterpartyId}' — proceed with caution`;
+            return ctx;
+        }
+    }
+    // Step 2: Verify credential
+    if (policy.requireValidVc || policy.blockRevokedVc) {
+        try {
+            const cred = await client.getAgentCredential(counterpartyId);
+            const verification = await client.verifyCredential(cred);
+            const valid = verification.valid;
+            ctx.vcValid = valid;
+            if (!valid && policy.blockRevokedVc) {
+                ctx.blocked = true;
+                ctx.blockReason = `Agent '${counterpartyId}' has a revoked or invalid credential`;
+                return ctx;
+            }
+            if (!valid) {
+                ctx.recommendation = `Credential for '${counterpartyId}' is invalid — proceed with caution`;
+            }
+        }
+        catch {
+            ctx.vcValid = null;
+            if (policy.blockRevokedVc) {
+                ctx.recommendation = `Could not verify credential for '${counterpartyId}' — treating as unknown`;
+            }
+        }
+    }
+    // Step 3: Check reputation
+    if (policy.minReputation != null) {
+        try {
+            const rep = await client.getReputation(counterpartyId);
+            ctx.reputationScore = rep.score;
+            ctx.reputationTier = rep.tier;
+            if (ctx.reputationScore != null && ctx.reputationScore < policy.minReputation) {
+                ctx.reputationWarning = `Reputation ${ctx.reputationScore} is below minimum ${policy.minReputation}`;
+                ctx.recommendation = ctx.reputationWarning;
+            }
+        }
+        catch {
+            ctx.reputationScore = null;
+            ctx.reputationWarning = `Could not fetch reputation for '${counterpartyId}'`;
+        }
+    }
+    return ctx;
+}

package/dist/extras/vercel-ai.d.ts

@@ -9,13 +9,22 @@
  *   // Use as wrap around tool calls or stream callbacks
  */
 import type { Aira } from "../client";
+import type { TrustPolicy, TrustContext } from "./trust";
+export type { TrustPolicy, TrustContext } from "./trust";
 export declare class AiraVercelMiddleware {
     private client;
     private agentId;
     private modelId?;
+    private trustPolicy?;
     constructor(client: Aira, agentId: string, options?: {
         modelId?: string;
+        trustPolicy?: TrustPolicy;
     });
+    /**
+     * Check trust for a counterparty agent before interacting.
+     * Advisory by default — only blocks on revoked VC or unregistered agent if configured.
+     */
+    checkTrust(counterpartyId: string): Promise<TrustContext>;
     private notarize;
     /** Call after a tool execution to notarize it. */
     onToolCall(toolName: string, argKeys?: string[]): void;

package/dist/extras/vercel-ai.js

@@ -11,15 +11,28 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AiraVercelMiddleware = void 0;
+const trust_1 = require("./trust");
 const MAX_DETAILS = 5000;
 class AiraVercelMiddleware {
     client;
     agentId;
     modelId;
+    trustPolicy;
     constructor(client, agentId, options) {
         this.client = client;
         this.agentId = agentId;
         this.modelId = options?.modelId;
+        this.trustPolicy = options?.trustPolicy;
+    }
+    /**
+     * Check trust for a counterparty agent before interacting.
+     * Advisory by default — only blocks on revoked VC or unregistered agent if configured.
+     */
+    async checkTrust(counterpartyId) {
+        if (!this.trustPolicy) {
+            return { counterpartyId, blocked: false, recommendation: "No trust policy configured" };
+        }
+        return (0, trust_1.checkTrust)(this.client, this.trustPolicy, counterpartyId);
     }
     notarize(actionType, details) {
         try {

package/dist/types.d.ts

@@ -1,12 +1,15 @@
 /** Cryptographic receipt from notarizing an action. */
 export interface ActionReceipt {
     action_id: string;
+    receipt_id: string;
     payload_hash: string;
     signature: string;
-    receipt_id: string;
-    action_type: string;
-    agent_id: string | null;
+    timestamp_token: string | null;
     created_at: string;
+    request_id: string;
+    action_type?: string;
+    agent_id?: string | null;
+    warnings?: string[] | null;
 }
 /** Full action details including receipt and authorizations. */
 export interface ActionDetail {
@@ -66,46 +69,62 @@ export interface EvidencePackage {
     id: string;
     title: string;
     description: string | null;
+    action_ids: string[];
     package_hash: string;
     signature: string;
-    action_count: number;
+    status: string;
     created_at: string;
+    request_id: string;
+    agent_slugs?: string[] | null;
 }
 /** Compliance snapshot. */
 export interface ComplianceSnapshot {
     id: string;
     framework: string;
-    agent_slug: string | null;
-    findings: Record<string, string>;
     status: string;
+    findings: Record<string, string>;
+    snapshot_hash: string;
+    signature: string;
+    snapshot_at: string;
     created_at: string;
+    request_id: string;
+    agent_id?: string | null;
 }
 /** Escrow account. */
 export interface EscrowAccount {
     id: string;
-    status: string;
     currency: string;
     balance: string;
-    purpose: string | null;
+    status: string;
     created_at: string;
+    request_id: string;
+    agent_id?: string | null;
+    counterparty_org_id?: string | null;
+    purpose?: string | null;
+    transactions?: EscrowTransaction[];
 }
 /** Escrow transaction (deposit, release, dispute). */
 export interface EscrowTransaction {
     id: string;
     transaction_type: string;
     amount: string;
-    description: string | null;
+    currency: string;
     transaction_hash: string;
     signature: string;
+    status: string;
     created_at: string;
+    description?: string | null;
+    reference_action_id?: string | null;
 }
 /** Public verification result. */
 export interface VerifyResult {
     valid: boolean;
-    receipt_id: string | null;
-    verified_at: string;
     public_key_id: string;
     message: string;
+    verified_at: string;
+    request_id: string;
+    receipt_id?: string | null;
+    action_id?: string | null;
 }
 /** Paginated list response. */
 export interface PaginatedList<T = Record<string, unknown>> {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aira-sdk",
-  "version": "0.2.2",
+  "version": "0.3.1",
   "description": "TypeScript SDK for Aira — legal infrastructure for AI agents",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",