npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@agenticprimitives/account-custody

v1.0.0-alpha.9

Published

Custody-layer SDK: CustodyPolicy ABI, CustodyAction enum + arg builders, EIP-712 typed-data helpers, and Custodian/Trustee/CustodyCouncil types. Speaks custody-domain vocabulary only — no delegation / steward / caveat concepts (those belong in @agenticpri

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

richcanvasrichcanvas

Keywords

custodymulti-sigtrusteerecoveryagentic

Readme

@agenticprimitives/account-custody

Custody is not authority.

Most stacks blur the two: the key that lets an agent act is also the key that controls the account, so a leaked session becomes a lost identity. This package exists to keep them apart. Credential add, replace, and remove on a Smart Agent are custody-policy operations — gated by trustee quorums, guardian quorums, multi-credential self-recovery, or multi-sig — and are never modeled as delegations (ADR-0011, spec 221). A delegated party can act within its caveats; it can never promote itself into custody.

The payoff is recovery without identity loss. CustodyAction.RecoverAccount performs an atomic add-new + remove-old credential rotation under the account's custody policy. The canonical Smart Agent address never changes; every delegation it ever issued stays valid; only the credential set moves. This package is the TypeScript surface for that machinery: the CustodyPolicy ABI, CustodyAction argument builders, EIP-712 typed data, quorum signature packing, and the custody-domain types.

Part of agenticprimitives — the trust substrate for the agent economy: one canonical Smart Agent identity with custody, delegation, naming, credentials, and audit evidence designed as one system.

Install

pnpm add @agenticprimitives/account-custody

Use

import {
  CustodyAction,
  buildRecoverAccountArgs,
  custodyDomain,
  packQuorumSigs,
} from '@agenticprimitives/account-custody';

What you get:

  • custodyPolicyAbi — the ABI for the on-chain CustodyPolicy ERC-7579 module (packages/contracts/src/custody/CustodyPolicy.sol), kept in lockstep with the deployed bytecode.
  • CustodyAction enum (a mirror of the on-chain enum) plus per-action buildXxxArgs encoders — including buildRecoverAccountArgs for credential rotation.
  • EIP-712 typed-data shapes for ScheduleCustodyChangeRequest / ApplyCustodyChangeRequest / CancelScheduledChangeRequest, with custodyDomain({ chainId, verifyingContract }) — guaranteed to hash to the same structHash the Solidity computes.
  • Quorum signature packing (packQuorumSigs) and custody-domain types: Custodian, Trustee, CustodyCouncil, ScheduledChange, CustodyMode, RiskTier.

How it's different

The common pattern for org control and recovery is a third-party multi-sig (Safe) plus a separate recovery product (Argent-style guardians) bolted onto an account they don't define. That works until the seams matter: the multi-sig's notion of "owner" and the recovery product's notion of "guardian" are different identity models, and neither knows about the delegations the account has issued. Here custody is a native ERC-7579 module on the same Smart Agent — quorums, trustees, scheduled changes, and recovery in one policy, designed alongside the delegation layer it explicitly firewalls (spec 213). No third-party multi-sig dependency; we ported the signature-packing patterns worth porting and own the rest.

Boundary

This package speaks custody vocabulary only:

  • Custodian
  • Trustee
  • CustodyCouncil
  • CustodyAction
  • ScheduledChange

It does not own delegation caveats, MCP transport, passkey ceremonies, account deployment, or key-custody providers (note: key-custody is key custody — KMS backends; this is account custody). See CLAUDE.md for routing and spec.md for the contract.

Validate

pnpm --filter @agenticprimitives/account-custody typecheck
pnpm --filter @agenticprimitives/account-custody test

Status

Testnet/pilot-ready. Production launch is gated on the public checklist in the root README — including third-party contract audit and governance key rotation. Track every security finding live in docs/audits/findings.yaml.