langgraph-tenancy 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Abhishek Chauhan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,138 @@
+# langgraph-tenancy
+
+[![CI](https://github.com/ac12644/langgraph-tenancy-js/actions/workflows/ci.yml/badge.svg)](https://github.com/ac12644/langgraph-tenancy-js/actions/workflows/ci.yml)
+[![npm](https://img.shields.io/npm/v/langgraph-tenancy.svg)](https://www.npmjs.com/package/langgraph-tenancy)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+
+**Tenant isolation for LangGraph.js persistence — as a drop-in wrapper.**
+
+> Python version: [langgraph-tenancy on PyPI](https://pypi.org/project/langgraph-tenancy/)
+
+LangGraph's own [threat model](https://github.com/langchain-ai/langgraph/blob/main/.github/THREAT_MODEL.md) says it plainly:
+
+> Checkpoint savers index by `thread_id`. Without application-level auth, any
+> caller with a valid thread_id can access that thread's state. [...] Users
+> embedding LangGraph directly must implement their own access controls.
+
+If you run a multi-tenant product on open-source LangGraph.js, the only thing
+between Customer A's agent state and Customer B's is a query filter in your
+application code. This package replaces that convention with enforcement.
+
+## Install
+
+```bash
+npm install langgraph-tenancy
+```
+
+## Usage
+
+Wrap your existing checkpointer and store. `tenant_id` becomes required.
+
+```ts
+import {
+  TenantScopedCheckpointer,
+  TenantScopedStore,
+  getTenantStore,
+  InMemoryUsageLedger,
+} from "langgraph-tenancy";
+
+const ledger = new InMemoryUsageLedger();
+const checkpointer = new TenantScopedCheckpointer(new PostgresSaver(...), {
+  usageLedger: ledger,
+});
+const store = new TenantScopedStore(new InMemoryStore());
+
+const graph = builder.compile({ checkpointer, store });
+
+await graph.invoke(input, {
+  configurable: { thread_id: "t1", tenant_id: "acme" },
+});
+
+// free per-tenant token metering, extracted from checkpointed messages
+ledger.totals("acme"); // { inputTokens, outputTokens, totalTokens, byModel }
+```
+
+Inside nodes, access the store through `getTenantStore(config)`:
+
+```ts
+const myNode = async (state, config) => {
+  const store = getTenantStore(config); // reads tenant_id from the run config
+  await store.put(["memories"], "k", { note: "..." });
+  const items = await store.search(["memories"]);
+  // namespaces in results come back unprefixed — the tenant never leaks out
+};
+```
+
+Outside a run (admin scripts, background jobs):
+
+```ts
+const acme = store.forTenant("acme");
+await acme.search(["memories"]);
+await checkpointer.forTenant("acme").deleteThread("t1");
+```
+
+## What it enforces
+
+| Raw LangGraph.js behavior | With `langgraph-tenancy` |
+|---|---|
+| Any caller with a `thread_id` reads that thread | Threads are physically keyed `tenant::thread`; wrong-thread_id bugs cannot cross tenants |
+| Missing filter → silent unscoped query | Missing `tenant_id` → `TenantRequiredError`, nothing read or written |
+| `saver.list({})` enumerates **every** tenant's threads | Refused — a tenant is mandatory before anything is read |
+| Store namespaces are convention; any node can read any namespace | Every operation must go through a tenant-scoped entry point |
+| Raw `config.store.put(...)` in a node writes unscoped | **Fails closed** with `UnscopedAccessError` — it cannot silently leak |
+| `deleteThread("t1")` deletes whoever owns `t1` | Requires an explicit `forTenant("acme").deleteThread("t1")` handle |
+| `usage_metadata` buried in checkpoint blobs, unqueryable | Aggregated per tenant (and per model), deduped by message id |
+
+## Why the store API differs from the Python package
+
+In Python, the store wrapper resolves the tenant ambiently from the run
+config on every call. That design cannot work in LangGraph.js: the compiled
+graph wraps your store in an `AsyncBatchedStore` whose background queue
+processes operations **outside** the run's `AsyncLocalStorage` context, so
+the run config is unavailable by the time operations reach the wrapped store.
+
+Instead, scoping happens at the call site, where the config *is* available
+(`getTenantStore(config)` in nodes, `forTenant()` outside runs), and
+`TenantScopedStore` **refuses any operation that did not go through a scoped
+entry point**. The guarantee is the same — unscoped access is impossible, not
+merely discouraged — the entry point is just explicit.
+
+## No magic
+
+The entire mechanism is key prefixing plus mandatory-context checks:
+
+- thread ids become `"{tenant_id}::{thread_id}"` before reaching your
+  database; the prefix is stripped from everything returned.
+- store namespaces `["memories"]` become `["{tenant_id}", "memories"]`.
+- tenant ids containing the separator are rejected, so `acme` can never craft
+  a key that collides with another tenant's space.
+
+It composes with any `BaseCheckpointSaver` / `BaseStore` implementation —
+Postgres, SQLite, MongoDB, Redis, in-memory — because it never touches
+storage itself.
+
+## What it is not
+
+- Not authentication. You decide which tenant a request belongs to; this
+  package guarantees that decision is enforced everywhere downstream.
+- Not a replacement for database-level controls in high-assurance setups
+  (RLS, schema-per-tenant) — it's the layer that makes your *application*
+  unable to leak, whatever the database allows.
+
+## Tested
+
+The adversarial test suite — every test attempts a cross-tenant access the
+raw LangGraph.js API allows — runs against the real `MemorySaver` and
+`InMemoryStore` in CI, including a test that proves raw `config.store`
+access inside a node fails closed.
+
+## Status
+
+Early (0.1.x). Covered today: checkpointer paths, store paths via
+`getTenantStore`/`forTenant`, in-memory backends. Not yet covered:
+`PostgresSaver` integration tests, subgraph `checkpoint_ns` edge cases,
+semantic search (`index`/`query`) pass-through. Issues and PRs welcome.
+
+## License
+
+[MIT](LICENSE)

package/dist/index.cjs

@@ -0,0 +1,344 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  InMemoryUsageLedger: () => InMemoryUsageLedger,
+  InvalidTenantError: () => InvalidTenantError,
+  SEP: () => SEP,
+  TENANT_NS_SENTINEL: () => TENANT_NS_SENTINEL,
+  TenancyError: () => TenancyError,
+  TenantCheckpointerHandle: () => TenantCheckpointerHandle,
+  TenantRequiredError: () => TenantRequiredError,
+  TenantScopedCheckpointer: () => TenantScopedCheckpointer,
+  TenantScopedStore: () => TenantScopedStore,
+  TenantStoreView: () => TenantStoreView,
+  UnscopedAccessError: () => UnscopedAccessError,
+  extractUsage: () => extractUsage,
+  getTenantStore: () => getTenantStore,
+  validateTenant: () => validateTenant
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/checkpointer.ts
+var import_langgraph_checkpoint = require("@langchain/langgraph-checkpoint");
+
+// src/errors.ts
+var TenancyError = class extends Error {
+  name = "TenancyError";
+};
+var TenantRequiredError = class extends TenancyError {
+  name = "TenantRequiredError";
+  constructor(where) {
+    super(
+      `${where} requires a tenant. Pass it in the run config: { configurable: { thread_id, tenant_id } }, use getTenantStore(config) inside nodes, or .forTenant(tenantId) for out-of-band access.`
+    );
+  }
+};
+var UnscopedAccessError = class extends TenancyError {
+  name = "UnscopedAccessError";
+};
+var InvalidTenantError = class extends TenancyError {
+  name = "InvalidTenantError";
+};
+
+// src/tenant.ts
+var SEP = "::";
+function validateTenant(tenant, where) {
+  if (typeof tenant !== "string" || tenant.length === 0) {
+    throw new TenantRequiredError(where);
+  }
+  if (tenant.includes(SEP)) {
+    throw new InvalidTenantError(
+      `tenant_id may not contain '${SEP}': ${JSON.stringify(tenant)}`
+    );
+  }
+  return tenant;
+}
+
+// src/usage.ts
+var emptyUsage = () => ({
+  inputTokens: 0,
+  outputTokens: 0,
+  totalTokens: 0,
+  messages: 0,
+  byModel: {}
+});
+var InMemoryUsageLedger = class {
+  seen = /* @__PURE__ */ new Set();
+  byTenant = /* @__PURE__ */ new Map();
+  record(tenantId, record) {
+    const key = `${tenantId}\0${record.messageId}`;
+    if (this.seen.has(key)) return;
+    this.seen.add(key);
+    let usage = this.byTenant.get(tenantId);
+    if (!usage) {
+      usage = emptyUsage();
+      this.byTenant.set(tenantId, usage);
+    }
+    usage.inputTokens += record.inputTokens;
+    usage.outputTokens += record.outputTokens;
+    usage.totalTokens += record.totalTokens;
+    usage.messages += 1;
+    if (record.model) {
+      usage.byModel[record.model] = (usage.byModel[record.model] ?? 0) + record.totalTokens;
+    }
+  }
+  totals(tenantId) {
+    return this.byTenant.get(tenantId) ?? emptyUsage();
+  }
+};
+function extractUsage(checkpoint) {
+  const records = [];
+  for (const value of Object.values(checkpoint.channel_values ?? {})) {
+    const items = Array.isArray(value) ? value : [value];
+    for (const item of items) {
+      const message = item;
+      const usage = message?.usage_metadata;
+      const id = message?.id;
+      if (!usage || typeof id !== "string") continue;
+      records.push({
+        messageId: id,
+        model: message?.response_metadata?.model_name,
+        inputTokens: usage.input_tokens ?? 0,
+        outputTokens: usage.output_tokens ?? 0,
+        totalTokens: usage.total_tokens ?? 0
+      });
+    }
+  }
+  return records;
+}
+
+// src/checkpointer.ts
+var TenantScopedCheckpointer = class extends import_langgraph_checkpoint.BaseCheckpointSaver {
+  inner;
+  usageLedger;
+  constructor(inner, options) {
+    super(inner.serde);
+    this.inner = inner;
+    this.usageLedger = options?.usageLedger;
+  }
+  scope(config, where) {
+    const conf = config?.configurable ?? {};
+    const tenant = validateTenant(conf.tenant_id, where);
+    return [
+      tenant,
+      {
+        ...config,
+        configurable: { ...conf, thread_id: `${tenant}${SEP}${conf.thread_id}` }
+      }
+    ];
+  }
+  unscopeConfig(tenant, config) {
+    if (!config) return config;
+    const conf = { ...config.configurable ?? {} };
+    const threadId = conf.thread_id;
+    const prefix = `${tenant}${SEP}`;
+    if (typeof threadId === "string" && threadId.startsWith(prefix)) {
+      conf.thread_id = threadId.slice(prefix.length);
+      conf.tenant_id = tenant;
+    }
+    return { ...config, configurable: conf };
+  }
+  unscopeTuple(tenant, tuple) {
+    if (!tuple) return tuple;
+    return {
+      ...tuple,
+      config: this.unscopeConfig(tenant, tuple.config),
+      parentConfig: this.unscopeConfig(tenant, tuple.parentConfig)
+    };
+  }
+  async getTuple(config) {
+    const [tenant, scoped] = this.scope(config, "getTuple()");
+    return this.unscopeTuple(tenant, await this.inner.getTuple(scoped));
+  }
+  async *list(config, options) {
+    const [tenant, scoped] = this.scope(config ?? {}, "list()");
+    const scopedOptions = options?.before ? { ...options, before: this.scope(options.before, "list({before})")[1] } : options;
+    for await (const tuple of this.inner.list(scoped, scopedOptions)) {
+      yield this.unscopeTuple(tenant, tuple);
+    }
+  }
+  async put(config, checkpoint, metadata, newVersions) {
+    const [tenant, scoped] = this.scope(config, "put()");
+    if (this.usageLedger) {
+      for (const record of extractUsage(checkpoint)) {
+        this.usageLedger.record(tenant, record);
+      }
+    }
+    return this.unscopeConfig(
+      tenant,
+      await this.inner.put(scoped, checkpoint, metadata, newVersions)
+    );
+  }
+  async putWrites(config, writes, taskId) {
+    const [, scoped] = this.scope(config, "putWrites()");
+    return this.inner.putWrites(scoped, writes, taskId);
+  }
+  async deleteThread(_threadId) {
+    throw new UnscopedAccessError(
+      "deleteThread() has no tenant context; use forTenant(tenantId).deleteThread(threadId)."
+    );
+  }
+  getNextVersion(current) {
+    return this.inner.getNextVersion(current);
+  }
+  /** Admin/maintenance handle pinned to one tenant. */
+  forTenant(tenantId) {
+    return new TenantCheckpointerHandle(
+      this.inner,
+      validateTenant(tenantId, "forTenant()")
+    );
+  }
+};
+var TenantCheckpointerHandle = class {
+  constructor(inner, tenant) {
+    this.inner = inner;
+    this.tenant = tenant;
+  }
+  inner;
+  tenant;
+  async deleteThread(threadId) {
+    return this.inner.deleteThread(`${this.tenant}${SEP}${threadId}`);
+  }
+};
+
+// src/store.ts
+var import_langgraph_checkpoint2 = require("@langchain/langgraph-checkpoint");
+var TENANT_NS_SENTINEL = "~tenant~";
+var UNSCOPED_MESSAGE = "Store accessed without tenant scoping. Use getTenantStore(config) inside nodes, or store.forTenant(tenantId) outside runs. Raw store access is refused so it cannot silently read or write across tenants.";
+var TenantScopedStore = class extends import_langgraph_checkpoint2.BaseStore {
+  inner;
+  constructor(inner) {
+    super();
+    this.inner = inner;
+  }
+  /** A view of the store pinned to one tenant, for use outside a run. */
+  forTenant(tenantId) {
+    return new TenantStoreView(this, validateTenant(tenantId, "forTenant()"));
+  }
+  async batch(operations) {
+    const scoped = operations.map((op) => this.requireScoped(op));
+    return this.inner.batch(scoped);
+  }
+  requireScoped(op) {
+    if ("namespacePrefix" in op) {
+      this.assertSentinel(op.namespacePrefix);
+      return { ...op, namespacePrefix: op.namespacePrefix.slice(1) };
+    }
+    if ("namespace" in op) {
+      this.assertSentinel(op.namespace);
+      return { ...op, namespace: op.namespace.slice(1) };
+    }
+    const conditions = op.matchConditions ?? [];
+    const prefixIndex = conditions.findIndex((c) => c.matchType === "prefix");
+    if (prefixIndex < 0) throw new UnscopedAccessError(UNSCOPED_MESSAGE);
+    this.assertSentinel(conditions[prefixIndex].path);
+    const next = conditions.map(
+      (c, i) => i === prefixIndex ? { ...c, path: c.path.slice(1) } : c
+    );
+    return { ...op, matchConditions: next };
+  }
+  assertSentinel(namespace) {
+    if (namespace[0] !== TENANT_NS_SENTINEL || typeof namespace[1] !== "string" || namespace[1].length === 0) {
+      throw new UnscopedAccessError(UNSCOPED_MESSAGE);
+    }
+  }
+  async start() {
+    await this.inner.start();
+  }
+  async stop() {
+    await this.inner.stop();
+  }
+};
+var TenantStoreView = class {
+  constructor(target, tenant) {
+    this.target = target;
+    this.tenant = tenant;
+  }
+  target;
+  tenant;
+  scopeNs(namespace) {
+    return [TENANT_NS_SENTINEL, this.tenant, ...namespace];
+  }
+  unscopeItem(item) {
+    if (item) item.namespace = item.namespace.slice(1);
+    return item;
+  }
+  async get(namespace, key) {
+    return this.unscopeItem(await this.target.get(this.scopeNs(namespace), key));
+  }
+  async search(namespacePrefix, options) {
+    const items = await this.target.search(
+      this.scopeNs(namespacePrefix),
+      options
+    );
+    for (const item of items) this.unscopeItem(item);
+    return items;
+  }
+  async put(namespace, key, value) {
+    return this.target.put(this.scopeNs(namespace), key, value);
+  }
+  async delete(namespace, key) {
+    return this.target.delete(this.scopeNs(namespace), key);
+  }
+  async listNamespaces(options = {}) {
+    if (!this.target.listNamespaces) {
+      throw new TenancyError(
+        "listNamespaces is not available through config.store (LangGraph batches in-graph store access); call it on store.forTenant(tenantId) instead."
+      );
+    }
+    const results = await this.target.listNamespaces({
+      ...options,
+      prefix: this.scopeNs(options.prefix ?? []),
+      maxDepth: options.maxDepth == null ? void 0 : options.maxDepth + 1
+    });
+    return results.filter((ns) => ns[0] === this.tenant).map((ns) => ns.slice(1));
+  }
+};
+function getTenantStore(config) {
+  const tenant = validateTenant(
+    config?.configurable?.tenant_id,
+    "getTenantStore()"
+  );
+  if (!config.store) {
+    throw new TenancyError(
+      "getTenantStore(config): config.store is missing \u2014 was the graph compiled with a store?"
+    );
+  }
+  return new TenantStoreView(config.store, tenant);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  InMemoryUsageLedger,
+  InvalidTenantError,
+  SEP,
+  TENANT_NS_SENTINEL,
+  TenancyError,
+  TenantCheckpointerHandle,
+  TenantRequiredError,
+  TenantScopedCheckpointer,
+  TenantScopedStore,
+  TenantStoreView,
+  UnscopedAccessError,
+  extractUsage,
+  getTenantStore,
+  validateTenant
+});

package/dist/index.d.cts

@@ -0,0 +1,226 @@
+import { RunnableConfig } from '@langchain/core/runnables';
+import { BaseCheckpointSaver, CheckpointTuple, CheckpointListOptions, Checkpoint, CheckpointMetadata, ChannelVersions, PendingWrite, BaseStore, Item, SearchItem, Operation, OperationResults } from '@langchain/langgraph-checkpoint';
+
+/**
+ * Per-tenant token usage, extracted at the checkpoint boundary.
+ *
+ * LangGraph already persists `usage_metadata` on every AI message inside
+ * `checkpoint.channel_values` — it is just never indexed or aggregated.
+ * Since the tenant-scoped checkpointer sees every checkpoint anyway, it can
+ * pull usage out and attribute it to the tenant for free.
+ *
+ * Messages are deduplicated by message id, so re-checkpointing the same
+ * conversation does not double-count.
+ */
+interface UsageRecord {
+    messageId: string;
+    model?: string;
+    inputTokens: number;
+    outputTokens: number;
+    totalTokens: number;
+}
+/**
+ * Anything that can receive per-tenant usage records. Swap the in-memory
+ * default for one backed by your own database, StatsD, OpenMeter, etc.
+ */
+interface UsageLedger {
+    record(tenantId: string, record: UsageRecord): void;
+}
+interface TenantUsage {
+    inputTokens: number;
+    outputTokens: number;
+    totalTokens: number;
+    messages: number;
+    byModel: Record<string, number>;
+}
+/** Reference ledger: per-tenant totals, deduped by message id. */
+declare class InMemoryUsageLedger implements UsageLedger {
+    private seen;
+    private byTenant;
+    record(tenantId: string, record: UsageRecord): void;
+    totals(tenantId: string): TenantUsage;
+}
+/** Pull usage records out of message objects in a checkpoint's channels. */
+declare function extractUsage(checkpoint: {
+    channel_values?: Record<string, unknown>;
+}): UsageRecord[];
+
+/**
+ * Tenant-scoped wrapper around any `BaseCheckpointSaver`.
+ *
+ * - Reads `tenant_id` from `config.configurable` on every call. Missing
+ *   tenant -> `TenantRequiredError`. There is no unscoped fallback.
+ * - Physically prefixes `thread_id` with the tenant (`acme::thread-1`) before
+ *   it reaches the inner saver, and strips the prefix from everything
+ *   returned. A wrong-thread_id bug in app code therefore cannot cross a
+ *   tenant boundary: the key the database sees is always tenant-qualified.
+ * - Blocks the dangerous raw-API escape hatch: `deleteThread()` takes a bare
+ *   thread id with no config, so it is refused and redirected to an explicit
+ *   `forTenant()` handle.
+ * - Optionally records per-tenant token usage from checkpointed messages
+ *   into a `UsageLedger` — same integration point, free metering.
+ */
+
+declare class TenantScopedCheckpointer extends BaseCheckpointSaver {
+    readonly inner: BaseCheckpointSaver;
+    readonly usageLedger?: UsageLedger;
+    constructor(inner: BaseCheckpointSaver, options?: {
+        usageLedger?: UsageLedger;
+    });
+    private scope;
+    private unscopeConfig;
+    private unscopeTuple;
+    getTuple(config: RunnableConfig): Promise<CheckpointTuple | undefined>;
+    list(config: RunnableConfig, options?: CheckpointListOptions): AsyncGenerator<CheckpointTuple>;
+    put(config: RunnableConfig, checkpoint: Checkpoint, metadata: CheckpointMetadata, newVersions: ChannelVersions): Promise<RunnableConfig>;
+    putWrites(config: RunnableConfig, writes: PendingWrite[], taskId: string): Promise<void>;
+    deleteThread(_threadId: string): Promise<void>;
+    getNextVersion(current: number | undefined): number;
+    /** Admin/maintenance handle pinned to one tenant. */
+    forTenant(tenantId: string): TenantCheckpointerHandle;
+}
+/**
+ * Maintenance operations pre-bound to a single tenant. Exists because
+ * `deleteThread` takes a bare thread id with no config, so there is no
+ * per-call tenant to read.
+ */
+declare class TenantCheckpointerHandle {
+    private readonly inner;
+    private readonly tenant;
+    constructor(inner: BaseCheckpointSaver, tenant: string);
+    deleteThread(threadId: string): Promise<void>;
+}
+
+/**
+ * Errors raised by langgraph-tenancy. Every error here exists to turn a
+ * silent cross-tenant leak into a loud failure.
+ */
+declare class TenancyError extends Error {
+    name: string;
+}
+/**
+ * An operation ran without a tenant in scope. There is no unscoped fallback:
+ * no tenant, no data.
+ */
+declare class TenantRequiredError extends TenancyError {
+    name: string;
+    constructor(where: string);
+}
+/**
+ * An operation would touch data across tenant boundaries (e.g. a store call
+ * that bypassed tenant scoping, or deleteThread without a tenant handle).
+ */
+declare class UnscopedAccessError extends TenancyError {
+    name: string;
+}
+/**
+ * A tenant id that could be used to escape its scope. Tenant ids become part
+ * of storage keys, so they must not contain the separator or be empty.
+ */
+declare class InvalidTenantError extends TenancyError {
+    name: string;
+}
+
+/**
+ * Tenant-scoped wrapper around any `BaseStore`.
+ *
+ * Raw `BaseStore` namespaces are pure convention — any caller can `get()`,
+ * `search()`, or `listNamespaces()` across all of them. This wrapper roots
+ * every operation at the tenant id, so two tenants using the identical
+ * namespace tuple (e.g. `["memories"]`) land in physically distinct
+ * locations.
+ *
+ * Why this differs from the Python package: LangGraph.js wraps the compiled
+ * graph's store in an `AsyncBatchedStore` whose background queue loses the
+ * run's AsyncLocalStorage context, so the tenant CANNOT be resolved ambiently
+ * inside `batch()`. Instead, tenant scoping happens at the call site — where
+ * the config is available — and `TenantScopedStore.batch()` fails closed on
+ * any operation that did not go through a scoped entry point:
+ *
+ * - inside nodes: `getTenantStore(config)` (reads `tenant_id` from config,
+ *   delegates to `config.store` so batching still applies)
+ * - outside runs: `store.forTenant(tenantId)`
+ * - anything else — including raw `config.store.put(...)` in a node —
+ *   throws `UnscopedAccessError` instead of silently writing unscoped.
+ */
+
+/**
+ * Marker label proving an operation went through a tenant-scoped entry
+ * point. Stripped before the operation reaches the inner store.
+ */
+declare const TENANT_NS_SENTINEL = "~tenant~";
+declare class TenantScopedStore extends BaseStore {
+    readonly inner: BaseStore;
+    constructor(inner: BaseStore);
+    /** A view of the store pinned to one tenant, for use outside a run. */
+    forTenant(tenantId: string): TenantStoreView;
+    batch<Op extends Operation[]>(operations: Op): Promise<OperationResults<Op>>;
+    private requireScoped;
+    private assertSentinel;
+    start(): Promise<void>;
+    stop(): Promise<void>;
+}
+/**
+ * The store surface a tenant view can delegate to: either the
+ * `TenantScopedStore` itself (out-of-band) or `config.store` inside a node
+ * (an `AsyncBatchedStore`, which implements get/search/put/delete only).
+ */
+interface TenantStoreTarget {
+    get(namespace: string[], key: string): Promise<Item | null>;
+    search(namespacePrefix: string[], options?: {
+        filter?: Record<string, any>;
+        limit?: number;
+        offset?: number;
+        query?: string;
+    }): Promise<SearchItem[]>;
+    put(namespace: string[], key: string, value: Record<string, any>): Promise<void>;
+    delete(namespace: string[], key: string): Promise<void>;
+    listNamespaces?(options?: {
+        prefix?: string[];
+        suffix?: string[];
+        maxDepth?: number;
+        limit?: number;
+        offset?: number;
+    }): Promise<string[][]>;
+}
+/** All operations rooted at one tenant; namespaces in results come back unprefixed. */
+declare class TenantStoreView {
+    private readonly target;
+    readonly tenant: string;
+    constructor(target: TenantStoreTarget, tenant: string);
+    private scopeNs;
+    private unscopeItem;
+    get(namespace: string[], key: string): Promise<Item | null>;
+    search(namespacePrefix: string[], options?: Parameters<TenantStoreTarget["search"]>[1]): Promise<SearchItem[]>;
+    put(namespace: string[], key: string, value: Record<string, any>): Promise<void>;
+    delete(namespace: string[], key: string): Promise<void>;
+    listNamespaces(options?: {
+        prefix?: string[];
+        suffix?: string[];
+        maxDepth?: number;
+        limit?: number;
+        offset?: number;
+    }): Promise<string[][]>;
+}
+/**
+ * Tenant-scoped store access inside a node. Reads `tenant_id` from the
+ * node's config and delegates to `config.store`, so LangGraph's operation
+ * batching still applies.
+ *
+ * ```ts
+ * const node = async (state, config) => {
+ *   const store = getTenantStore(config);
+ *   await store.put(["memories"], "k", { note: "..." });
+ * };
+ * ```
+ */
+declare function getTenantStore(config: {
+    configurable?: Record<string, unknown>;
+    store?: TenantStoreTarget;
+}): TenantStoreView;
+
+/** Separator between tenant id and thread id in physical storage keys. */
+declare const SEP = "::";
+declare function validateTenant(tenant: unknown, where: string): string;
+
+export { InMemoryUsageLedger, InvalidTenantError, SEP, TENANT_NS_SENTINEL, TenancyError, TenantCheckpointerHandle, TenantRequiredError, TenantScopedCheckpointer, TenantScopedStore, type TenantStoreTarget, TenantStoreView, type TenantUsage, UnscopedAccessError, type UsageLedger, type UsageRecord, extractUsage, getTenantStore, validateTenant };

package/dist/index.d.ts

@@ -0,0 +1,226 @@
+import { RunnableConfig } from '@langchain/core/runnables';
+import { BaseCheckpointSaver, CheckpointTuple, CheckpointListOptions, Checkpoint, CheckpointMetadata, ChannelVersions, PendingWrite, BaseStore, Item, SearchItem, Operation, OperationResults } from '@langchain/langgraph-checkpoint';
+
+/**
+ * Per-tenant token usage, extracted at the checkpoint boundary.
+ *
+ * LangGraph already persists `usage_metadata` on every AI message inside
+ * `checkpoint.channel_values` — it is just never indexed or aggregated.
+ * Since the tenant-scoped checkpointer sees every checkpoint anyway, it can
+ * pull usage out and attribute it to the tenant for free.
+ *
+ * Messages are deduplicated by message id, so re-checkpointing the same
+ * conversation does not double-count.
+ */
+interface UsageRecord {
+    messageId: string;
+    model?: string;
+    inputTokens: number;
+    outputTokens: number;
+    totalTokens: number;
+}
+/**
+ * Anything that can receive per-tenant usage records. Swap the in-memory
+ * default for one backed by your own database, StatsD, OpenMeter, etc.
+ */
+interface UsageLedger {
+    record(tenantId: string, record: UsageRecord): void;
+}
+interface TenantUsage {
+    inputTokens: number;
+    outputTokens: number;
+    totalTokens: number;
+    messages: number;
+    byModel: Record<string, number>;
+}
+/** Reference ledger: per-tenant totals, deduped by message id. */
+declare class InMemoryUsageLedger implements UsageLedger {
+    private seen;
+    private byTenant;
+    record(tenantId: string, record: UsageRecord): void;
+    totals(tenantId: string): TenantUsage;
+}
+/** Pull usage records out of message objects in a checkpoint's channels. */
+declare function extractUsage(checkpoint: {
+    channel_values?: Record<string, unknown>;
+}): UsageRecord[];
+
+/**
+ * Tenant-scoped wrapper around any `BaseCheckpointSaver`.
+ *
+ * - Reads `tenant_id` from `config.configurable` on every call. Missing
+ *   tenant -> `TenantRequiredError`. There is no unscoped fallback.
+ * - Physically prefixes `thread_id` with the tenant (`acme::thread-1`) before
+ *   it reaches the inner saver, and strips the prefix from everything
+ *   returned. A wrong-thread_id bug in app code therefore cannot cross a
+ *   tenant boundary: the key the database sees is always tenant-qualified.
+ * - Blocks the dangerous raw-API escape hatch: `deleteThread()` takes a bare
+ *   thread id with no config, so it is refused and redirected to an explicit
+ *   `forTenant()` handle.
+ * - Optionally records per-tenant token usage from checkpointed messages
+ *   into a `UsageLedger` — same integration point, free metering.
+ */
+
+declare class TenantScopedCheckpointer extends BaseCheckpointSaver {
+    readonly inner: BaseCheckpointSaver;
+    readonly usageLedger?: UsageLedger;
+    constructor(inner: BaseCheckpointSaver, options?: {
+        usageLedger?: UsageLedger;
+    });
+    private scope;
+    private unscopeConfig;
+    private unscopeTuple;
+    getTuple(config: RunnableConfig): Promise<CheckpointTuple | undefined>;
+    list(config: RunnableConfig, options?: CheckpointListOptions): AsyncGenerator<CheckpointTuple>;
+    put(config: RunnableConfig, checkpoint: Checkpoint, metadata: CheckpointMetadata, newVersions: ChannelVersions): Promise<RunnableConfig>;
+    putWrites(config: RunnableConfig, writes: PendingWrite[], taskId: string): Promise<void>;
+    deleteThread(_threadId: string): Promise<void>;
+    getNextVersion(current: number | undefined): number;
+    /** Admin/maintenance handle pinned to one tenant. */
+    forTenant(tenantId: string): TenantCheckpointerHandle;
+}
+/**
+ * Maintenance operations pre-bound to a single tenant. Exists because
+ * `deleteThread` takes a bare thread id with no config, so there is no
+ * per-call tenant to read.
+ */
+declare class TenantCheckpointerHandle {
+    private readonly inner;
+    private readonly tenant;
+    constructor(inner: BaseCheckpointSaver, tenant: string);
+    deleteThread(threadId: string): Promise<void>;
+}
+
+/**
+ * Errors raised by langgraph-tenancy. Every error here exists to turn a
+ * silent cross-tenant leak into a loud failure.
+ */
+declare class TenancyError extends Error {
+    name: string;
+}
+/**
+ * An operation ran without a tenant in scope. There is no unscoped fallback:
+ * no tenant, no data.
+ */
+declare class TenantRequiredError extends TenancyError {
+    name: string;
+    constructor(where: string);
+}
+/**
+ * An operation would touch data across tenant boundaries (e.g. a store call
+ * that bypassed tenant scoping, or deleteThread without a tenant handle).
+ */
+declare class UnscopedAccessError extends TenancyError {
+    name: string;
+}
+/**
+ * A tenant id that could be used to escape its scope. Tenant ids become part
+ * of storage keys, so they must not contain the separator or be empty.
+ */
+declare class InvalidTenantError extends TenancyError {
+    name: string;
+}
+
+/**
+ * Tenant-scoped wrapper around any `BaseStore`.
+ *
+ * Raw `BaseStore` namespaces are pure convention — any caller can `get()`,
+ * `search()`, or `listNamespaces()` across all of them. This wrapper roots
+ * every operation at the tenant id, so two tenants using the identical
+ * namespace tuple (e.g. `["memories"]`) land in physically distinct
+ * locations.
+ *
+ * Why this differs from the Python package: LangGraph.js wraps the compiled
+ * graph's store in an `AsyncBatchedStore` whose background queue loses the
+ * run's AsyncLocalStorage context, so the tenant CANNOT be resolved ambiently
+ * inside `batch()`. Instead, tenant scoping happens at the call site — where
+ * the config is available — and `TenantScopedStore.batch()` fails closed on
+ * any operation that did not go through a scoped entry point:
+ *
+ * - inside nodes: `getTenantStore(config)` (reads `tenant_id` from config,
+ *   delegates to `config.store` so batching still applies)
+ * - outside runs: `store.forTenant(tenantId)`
+ * - anything else — including raw `config.store.put(...)` in a node —
+ *   throws `UnscopedAccessError` instead of silently writing unscoped.
+ */
+
+/**
+ * Marker label proving an operation went through a tenant-scoped entry
+ * point. Stripped before the operation reaches the inner store.
+ */
+declare const TENANT_NS_SENTINEL = "~tenant~";
+declare class TenantScopedStore extends BaseStore {
+    readonly inner: BaseStore;
+    constructor(inner: BaseStore);
+    /** A view of the store pinned to one tenant, for use outside a run. */
+    forTenant(tenantId: string): TenantStoreView;
+    batch<Op extends Operation[]>(operations: Op): Promise<OperationResults<Op>>;
+    private requireScoped;
+    private assertSentinel;
+    start(): Promise<void>;
+    stop(): Promise<void>;
+}
+/**
+ * The store surface a tenant view can delegate to: either the
+ * `TenantScopedStore` itself (out-of-band) or `config.store` inside a node
+ * (an `AsyncBatchedStore`, which implements get/search/put/delete only).
+ */
+interface TenantStoreTarget {
+    get(namespace: string[], key: string): Promise<Item | null>;
+    search(namespacePrefix: string[], options?: {
+        filter?: Record<string, any>;
+        limit?: number;
+        offset?: number;
+        query?: string;
+    }): Promise<SearchItem[]>;
+    put(namespace: string[], key: string, value: Record<string, any>): Promise<void>;
+    delete(namespace: string[], key: string): Promise<void>;
+    listNamespaces?(options?: {
+        prefix?: string[];
+        suffix?: string[];
+        maxDepth?: number;
+        limit?: number;
+        offset?: number;
+    }): Promise<string[][]>;
+}
+/** All operations rooted at one tenant; namespaces in results come back unprefixed. */
+declare class TenantStoreView {
+    private readonly target;
+    readonly tenant: string;
+    constructor(target: TenantStoreTarget, tenant: string);
+    private scopeNs;
+    private unscopeItem;
+    get(namespace: string[], key: string): Promise<Item | null>;
+    search(namespacePrefix: string[], options?: Parameters<TenantStoreTarget["search"]>[1]): Promise<SearchItem[]>;
+    put(namespace: string[], key: string, value: Record<string, any>): Promise<void>;
+    delete(namespace: string[], key: string): Promise<void>;
+    listNamespaces(options?: {
+        prefix?: string[];
+        suffix?: string[];
+        maxDepth?: number;
+        limit?: number;
+        offset?: number;
+    }): Promise<string[][]>;
+}
+/**
+ * Tenant-scoped store access inside a node. Reads `tenant_id` from the
+ * node's config and delegates to `config.store`, so LangGraph's operation
+ * batching still applies.
+ *
+ * ```ts
+ * const node = async (state, config) => {
+ *   const store = getTenantStore(config);
+ *   await store.put(["memories"], "k", { note: "..." });
+ * };
+ * ```
+ */
+declare function getTenantStore(config: {
+    configurable?: Record<string, unknown>;
+    store?: TenantStoreTarget;
+}): TenantStoreView;
+
+/** Separator between tenant id and thread id in physical storage keys. */
+declare const SEP = "::";
+declare function validateTenant(tenant: unknown, where: string): string;
+
+export { InMemoryUsageLedger, InvalidTenantError, SEP, TENANT_NS_SENTINEL, TenancyError, TenantCheckpointerHandle, TenantRequiredError, TenantScopedCheckpointer, TenantScopedStore, type TenantStoreTarget, TenantStoreView, type TenantUsage, UnscopedAccessError, type UsageLedger, type UsageRecord, extractUsage, getTenantStore, validateTenant };

package/dist/index.js

@@ -0,0 +1,308 @@
+// src/checkpointer.ts
+import {
+  BaseCheckpointSaver
+} from "@langchain/langgraph-checkpoint";
+
+// src/errors.ts
+var TenancyError = class extends Error {
+  name = "TenancyError";
+};
+var TenantRequiredError = class extends TenancyError {
+  name = "TenantRequiredError";
+  constructor(where) {
+    super(
+      `${where} requires a tenant. Pass it in the run config: { configurable: { thread_id, tenant_id } }, use getTenantStore(config) inside nodes, or .forTenant(tenantId) for out-of-band access.`
+    );
+  }
+};
+var UnscopedAccessError = class extends TenancyError {
+  name = "UnscopedAccessError";
+};
+var InvalidTenantError = class extends TenancyError {
+  name = "InvalidTenantError";
+};
+
+// src/tenant.ts
+var SEP = "::";
+function validateTenant(tenant, where) {
+  if (typeof tenant !== "string" || tenant.length === 0) {
+    throw new TenantRequiredError(where);
+  }
+  if (tenant.includes(SEP)) {
+    throw new InvalidTenantError(
+      `tenant_id may not contain '${SEP}': ${JSON.stringify(tenant)}`
+    );
+  }
+  return tenant;
+}
+
+// src/usage.ts
+var emptyUsage = () => ({
+  inputTokens: 0,
+  outputTokens: 0,
+  totalTokens: 0,
+  messages: 0,
+  byModel: {}
+});
+var InMemoryUsageLedger = class {
+  seen = /* @__PURE__ */ new Set();
+  byTenant = /* @__PURE__ */ new Map();
+  record(tenantId, record) {
+    const key = `${tenantId}\0${record.messageId}`;
+    if (this.seen.has(key)) return;
+    this.seen.add(key);
+    let usage = this.byTenant.get(tenantId);
+    if (!usage) {
+      usage = emptyUsage();
+      this.byTenant.set(tenantId, usage);
+    }
+    usage.inputTokens += record.inputTokens;
+    usage.outputTokens += record.outputTokens;
+    usage.totalTokens += record.totalTokens;
+    usage.messages += 1;
+    if (record.model) {
+      usage.byModel[record.model] = (usage.byModel[record.model] ?? 0) + record.totalTokens;
+    }
+  }
+  totals(tenantId) {
+    return this.byTenant.get(tenantId) ?? emptyUsage();
+  }
+};
+function extractUsage(checkpoint) {
+  const records = [];
+  for (const value of Object.values(checkpoint.channel_values ?? {})) {
+    const items = Array.isArray(value) ? value : [value];
+    for (const item of items) {
+      const message = item;
+      const usage = message?.usage_metadata;
+      const id = message?.id;
+      if (!usage || typeof id !== "string") continue;
+      records.push({
+        messageId: id,
+        model: message?.response_metadata?.model_name,
+        inputTokens: usage.input_tokens ?? 0,
+        outputTokens: usage.output_tokens ?? 0,
+        totalTokens: usage.total_tokens ?? 0
+      });
+    }
+  }
+  return records;
+}
+
+// src/checkpointer.ts
+var TenantScopedCheckpointer = class extends BaseCheckpointSaver {
+  inner;
+  usageLedger;
+  constructor(inner, options) {
+    super(inner.serde);
+    this.inner = inner;
+    this.usageLedger = options?.usageLedger;
+  }
+  scope(config, where) {
+    const conf = config?.configurable ?? {};
+    const tenant = validateTenant(conf.tenant_id, where);
+    return [
+      tenant,
+      {
+        ...config,
+        configurable: { ...conf, thread_id: `${tenant}${SEP}${conf.thread_id}` }
+      }
+    ];
+  }
+  unscopeConfig(tenant, config) {
+    if (!config) return config;
+    const conf = { ...config.configurable ?? {} };
+    const threadId = conf.thread_id;
+    const prefix = `${tenant}${SEP}`;
+    if (typeof threadId === "string" && threadId.startsWith(prefix)) {
+      conf.thread_id = threadId.slice(prefix.length);
+      conf.tenant_id = tenant;
+    }
+    return { ...config, configurable: conf };
+  }
+  unscopeTuple(tenant, tuple) {
+    if (!tuple) return tuple;
+    return {
+      ...tuple,
+      config: this.unscopeConfig(tenant, tuple.config),
+      parentConfig: this.unscopeConfig(tenant, tuple.parentConfig)
+    };
+  }
+  async getTuple(config) {
+    const [tenant, scoped] = this.scope(config, "getTuple()");
+    return this.unscopeTuple(tenant, await this.inner.getTuple(scoped));
+  }
+  async *list(config, options) {
+    const [tenant, scoped] = this.scope(config ?? {}, "list()");
+    const scopedOptions = options?.before ? { ...options, before: this.scope(options.before, "list({before})")[1] } : options;
+    for await (const tuple of this.inner.list(scoped, scopedOptions)) {
+      yield this.unscopeTuple(tenant, tuple);
+    }
+  }
+  async put(config, checkpoint, metadata, newVersions) {
+    const [tenant, scoped] = this.scope(config, "put()");
+    if (this.usageLedger) {
+      for (const record of extractUsage(checkpoint)) {
+        this.usageLedger.record(tenant, record);
+      }
+    }
+    return this.unscopeConfig(
+      tenant,
+      await this.inner.put(scoped, checkpoint, metadata, newVersions)
+    );
+  }
+  async putWrites(config, writes, taskId) {
+    const [, scoped] = this.scope(config, "putWrites()");
+    return this.inner.putWrites(scoped, writes, taskId);
+  }
+  async deleteThread(_threadId) {
+    throw new UnscopedAccessError(
+      "deleteThread() has no tenant context; use forTenant(tenantId).deleteThread(threadId)."
+    );
+  }
+  getNextVersion(current) {
+    return this.inner.getNextVersion(current);
+  }
+  /** Admin/maintenance handle pinned to one tenant. */
+  forTenant(tenantId) {
+    return new TenantCheckpointerHandle(
+      this.inner,
+      validateTenant(tenantId, "forTenant()")
+    );
+  }
+};
+var TenantCheckpointerHandle = class {
+  constructor(inner, tenant) {
+    this.inner = inner;
+    this.tenant = tenant;
+  }
+  inner;
+  tenant;
+  async deleteThread(threadId) {
+    return this.inner.deleteThread(`${this.tenant}${SEP}${threadId}`);
+  }
+};
+
+// src/store.ts
+import {
+  BaseStore
+} from "@langchain/langgraph-checkpoint";
+var TENANT_NS_SENTINEL = "~tenant~";
+var UNSCOPED_MESSAGE = "Store accessed without tenant scoping. Use getTenantStore(config) inside nodes, or store.forTenant(tenantId) outside runs. Raw store access is refused so it cannot silently read or write across tenants.";
+var TenantScopedStore = class extends BaseStore {
+  inner;
+  constructor(inner) {
+    super();
+    this.inner = inner;
+  }
+  /** A view of the store pinned to one tenant, for use outside a run. */
+  forTenant(tenantId) {
+    return new TenantStoreView(this, validateTenant(tenantId, "forTenant()"));
+  }
+  async batch(operations) {
+    const scoped = operations.map((op) => this.requireScoped(op));
+    return this.inner.batch(scoped);
+  }
+  requireScoped(op) {
+    if ("namespacePrefix" in op) {
+      this.assertSentinel(op.namespacePrefix);
+      return { ...op, namespacePrefix: op.namespacePrefix.slice(1) };
+    }
+    if ("namespace" in op) {
+      this.assertSentinel(op.namespace);
+      return { ...op, namespace: op.namespace.slice(1) };
+    }
+    const conditions = op.matchConditions ?? [];
+    const prefixIndex = conditions.findIndex((c) => c.matchType === "prefix");
+    if (prefixIndex < 0) throw new UnscopedAccessError(UNSCOPED_MESSAGE);
+    this.assertSentinel(conditions[prefixIndex].path);
+    const next = conditions.map(
+      (c, i) => i === prefixIndex ? { ...c, path: c.path.slice(1) } : c
+    );
+    return { ...op, matchConditions: next };
+  }
+  assertSentinel(namespace) {
+    if (namespace[0] !== TENANT_NS_SENTINEL || typeof namespace[1] !== "string" || namespace[1].length === 0) {
+      throw new UnscopedAccessError(UNSCOPED_MESSAGE);
+    }
+  }
+  async start() {
+    await this.inner.start();
+  }
+  async stop() {
+    await this.inner.stop();
+  }
+};
+var TenantStoreView = class {
+  constructor(target, tenant) {
+    this.target = target;
+    this.tenant = tenant;
+  }
+  target;
+  tenant;
+  scopeNs(namespace) {
+    return [TENANT_NS_SENTINEL, this.tenant, ...namespace];
+  }
+  unscopeItem(item) {
+    if (item) item.namespace = item.namespace.slice(1);
+    return item;
+  }
+  async get(namespace, key) {
+    return this.unscopeItem(await this.target.get(this.scopeNs(namespace), key));
+  }
+  async search(namespacePrefix, options) {
+    const items = await this.target.search(
+      this.scopeNs(namespacePrefix),
+      options
+    );
+    for (const item of items) this.unscopeItem(item);
+    return items;
+  }
+  async put(namespace, key, value) {
+    return this.target.put(this.scopeNs(namespace), key, value);
+  }
+  async delete(namespace, key) {
+    return this.target.delete(this.scopeNs(namespace), key);
+  }
+  async listNamespaces(options = {}) {
+    if (!this.target.listNamespaces) {
+      throw new TenancyError(
+        "listNamespaces is not available through config.store (LangGraph batches in-graph store access); call it on store.forTenant(tenantId) instead."
+      );
+    }
+    const results = await this.target.listNamespaces({
+      ...options,
+      prefix: this.scopeNs(options.prefix ?? []),
+      maxDepth: options.maxDepth == null ? void 0 : options.maxDepth + 1
+    });
+    return results.filter((ns) => ns[0] === this.tenant).map((ns) => ns.slice(1));
+  }
+};
+function getTenantStore(config) {
+  const tenant = validateTenant(
+    config?.configurable?.tenant_id,
+    "getTenantStore()"
+  );
+  if (!config.store) {
+    throw new TenancyError(
+      "getTenantStore(config): config.store is missing \u2014 was the graph compiled with a store?"
+    );
+  }
+  return new TenantStoreView(config.store, tenant);
+}
+export {
+  InMemoryUsageLedger,
+  InvalidTenantError,
+  SEP,
+  TENANT_NS_SENTINEL,
+  TenancyError,
+  TenantCheckpointerHandle,
+  TenantRequiredError,
+  TenantScopedCheckpointer,
+  TenantScopedStore,
+  TenantStoreView,
+  UnscopedAccessError,
+  extractUsage,
+  getTenantStore,
+  validateTenant
+};

package/package.json

@@ -0,0 +1,57 @@
+{
+  "name": "langgraph-tenancy",
+  "version": "0.1.0",
+  "description": "Tenant isolation and per-tenant usage metering for LangGraph.js checkpointers and stores",
+  "license": "MIT",
+  "author": "Abhishek Chauhan <ac12644@gmail.com>",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ac12644/langgraph-tenancy-js.git"
+  },
+  "homepage": "https://github.com/ac12644/langgraph-tenancy-js#readme",
+  "bugs": {
+    "url": "https://github.com/ac12644/langgraph-tenancy-js/issues"
+  },
+  "keywords": [
+    "langgraph",
+    "langchain",
+    "multi-tenant",
+    "tenant-isolation",
+    "checkpointer",
+    "agents",
+    "llm"
+  ],
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format esm,cjs --dts --clean",
+    "test": "vitest run",
+    "lint": "tsc --noEmit"
+  },
+  "peerDependencies": {
+    "@langchain/langgraph-checkpoint": ">=0.1.0"
+  },
+  "devDependencies": {
+    "@langchain/core": "^1.1.0",
+    "@langchain/langgraph": "^1.0.0",
+    "@langchain/langgraph-checkpoint": "^1.1.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.6.0",
+    "vitest": "^3.0.0"
+  }
+}