@actpass/sdk
v1.1.3
Published
ActPass security middleware for MCP servers — verify Action Passports (EdDSA/JWKS), enforce deterministic policy, detect capability drift.
Maintainers
Readme
@actpass/sdk
ActPass security middleware for AI agents and MCP servers. Wrap a risky tool call and get a deterministic allow / deny / needs-approval decision from the managed ActPass cloud — backed by signed Action Passports and a tamper-evident evidence ledger. Fails closed on any error.
Install
npm i @actpass/sdkQuick start — one key, that's it
import { ActPass } from '@actpass/sdk';
// The API key IS your identity — apk_… (gateway/agent) or apdv_… (developer);
// ACTPASS_DEVELOPER_KEY holds your apdv_… key. Server resolves tenant + agent from it.
const actpass = new ActPass({ apiKey: process.env.ACTPASS_DEVELOPER_KEY! });
const decision = await actpass.enforcePolicy({
toolName: 'stripe.refund.create',
args: { chargeId: 'ch_123', amount: 14900, currency: 'USD' },
});
if (decision.status !== 'ALLOWED') {
throw new Error(decision.reason); // BLOCKED or PENDING_HUMAN_REVIEW
}
// ...safe to execute the tool...Lower-level client + guard()
import { createActPass } from '@actpass/sdk';
const client = createActPass({ apiKey: process.env.ACTPASS_DEVELOPER_KEY! });
const { decision, result } = await client.guard({
goal: 'resolve_refund_request',
tool: 'stripe.refund.create',
args: { chargeId: 'ch_123', amount: 14900 },
execute: async () => stripe.refunds.create({ charge: 'ch_123', amount: 14900 }),
});
// execute() runs ONLY when decision.decision is 'allow' or 'warn'.Configuration
| Field | Required | Notes |
|---|---|---|
| apiKey | yes | Your apdv_… developer key or apk_… agent key. |
| baseUrl | no | Defaults to https://www.api.actpass.org; override with ACTPASS_API_BASE_URL. |
| tenantId / agentId | no | Optional hints only — the server resolves both from the key (§11.2). |
Behavior
- Fails closed: any non-2xx, auth failure, or network error →
BLOCKED. - Zero config beyond the key: no tenant/agent to wire up.
MIT licensed.
