npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@agenticprimitives/fulfillment

v0.0.0-alpha.7

Published

FulfillmentCase lifecycle + Task/Message/Artifact (re-exported from mcp-runtime/a2a) + HandoffPolicy + EvidenceCredential + OutcomeCredential issuance.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

richcanvasrichcanvas

Keywords

agenticprimitivesfulfillment

Readme

@agenticprimitives/fulfillment

Status: STUB (Wave 0.5 of the W1 implementation wave). State machines, types, and invariant guards ship today; the full fulfillment runtime lands in Wave 7b per the w1 implementation wave plan.

An agreement between two agents is worthless if no one can say, afterward, what actually happened. Who did the work, who was it handed to, what did they produce, and does the outcome match what was promised? Agent frameworks orchestrate tasks; almost none of them produce evidence. This package is the designed answer: a FulfillmentCase container where every task, message, artifact, and handoff is bound to canonical Smart Agent identities, gated by typed policy, and promoted into credentials — an OutcomeCredential that cannot exist without citing the EvidenceCredential backing it. The claim "we delivered" is structurally forced to point at proof.

This is the fulfillment slice of the substrate — spine Layers 10–12, spec'd in full, scaffolded now, landing in the implementation waves — and it shares one trust chain with the delegations that authorize the work and the payment mandates that settle it.

Part of agenticprimitives — the trust substrate for the agent economy: one canonical Smart Agent identity with custody, delegation, naming, credentials, and audit evidence designed as one system.

What ships today

Types, state machines, and invariant guards — no runtime, storage, or credential issuance yet:

  • FulfillmentCase type + lifecycle state machine — thirteen states (drafted → … → archived / canceled / disputed) with canTransition enforcing legal edges. Note: transitions are shape-checked only; actor authorization is wave work.
  • A2A Task state machinecanTaskTransition per spec 245, including the auth-required suspension loop for tasks awaiting a fresh delegation.
  • HandoffPolicy type + isHandoffAllowed — typed authority binding for cross-agent handoffs. Today's check covers the agent/class allowlists only; requiresUserApproval, preservePrivacyTier, allowedScopes, and maxHopCount enforcement is wave work (tracked openly as NEW-FLF-1 in the findings ledger).
  • Artifact + OutcomeCredentialSubject types — hash-anchored artifacts (body never on-chain) and assertOutcomeCitations, the FLF-OUT-1 guard: an outcome with zero evidence citations throws.
  • IntentTraceSpan — typed trace spans (parse / resolve / handoff / tool_call / user_approval / …) for end-to-end execution forensics.

What lands in the waves (designed, not shipped)

The operational runtime: buildFulfillmentCase, transitionLifecycle with actor authorization, handoffTask with full policy enforcement, message threads, artifact publication, promoteToEvidence / assertOutcome credential issuance into the attestation layer, trace-tree assembly, and lifecycle ↔ agreement-status reconciliation (FLF-INV-01). Workflow engines stay app-layer; this package is engine-agnostic.

Where this is heading / market context

  • Google A2A defines the Task/Message/Artifact wire model; we adopt it (via mcp-runtime, spec 245) rather than invent a rival — this package adds the case container, handoff policy, and evidence promotion A2A leaves out.
  • Google AP2 and x402 give agents payment mandates; a FulfillmentCase binds those mandates to the tasks they pay for (ContextBinding.taskId, FLF-INV-11), so a machine payment is never unmoored from the work it settled.
  • The differentiated combination: task execution, handoff authority, payment binding, and outcome evidence under one delegation + custody + audit substrate — the seam where stitched stacks lose the thread is exactly what Layers 10–12 are designed to hold.

Authoritative spec: spec 244 — fulfillment (see spec.md). Owns spine layers 10–12; bounded surface in CLAUDE.md and capability.manifest.json.

Build

pnpm --filter @agenticprimitives/fulfillment typecheck
pnpm --filter @agenticprimitives/fulfillment test
pnpm --filter @agenticprimitives/fulfillment build

Status — honest version

STUB. What ships is the typed skeleton plus pure guards; everything operational is wave work, and the two known enforcement gaps (handoff policy fields, transition authorization) are logged publicly in docs/audits/findings.yaml rather than papered over. Wave sequencing: w1-implementation-wave-plan.md.