npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@chio-protocol/ai-sdk

v0.1.0

Published

Chio protocol wrapper for the Vercel AI SDK -- streaming-safe chioTool()

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

bbconnorbbconnor

Keywords

Readme

@chio-protocol/ai-sdk

Streaming-safe wrapper around the Vercel AI SDK tool() helper that routes every tool invocation through the Chio sidecar for capability-based policy evaluation.

  • Gates tool calls at the execute entry point before any side effects.
  • Preserves ReadableStream / async-generator return values without buffering, so streamText / streamObject / SSE keep working.
  • Keeps full TypeScript generic inference from the underlying tool().
  • Fails closed by default; opt-in fail-open for degraded-mode operation.

Install

npm install @chio-protocol/ai-sdk

Requires the Chio sidecar running locally (default http://127.0.0.1:9090). Peer dependencies: ai@>=3.4 <6, zod@>=3.23 <4.

Quickstart

import { streamText } from "ai";
import { openai } from "@ai-sdk/openai";
import { z } from "zod";
import { chioTool } from "@chio-protocol/ai-sdk";

const searchTool = chioTool({
  description: "Search the web",
  parameters: z.object({
    query: z.string().describe("search query"),
  }),
  execute: async ({ query }) => {
    return await fetchSearchResults(query);
  },
  scope: {
    toolServer: "web-tools",
    toolName: "search",
    capabilityToken: process.env.CHIO_CAPABILITY_TOKEN!,
  },
});

const result = streamText({
  model: openai("gpt-4o"),
  tools: { search: searchTool },
  prompt: "Research quantum computing advances",
});

for await (const chunk of result.textStream) {
  process.stdout.write(chunk);
}

If the sidecar denies the call, execute throws ChioToolError. The Vercel AI SDK surfaces the error through its standard onError / result.error channels.

Streaming example

chioTool never buffers the value returned from the underlying execute. You can return a ReadableStream or an async generator and the caller (or the Vercel AI SDK streaming pipeline) receives the exact same object reference.

const streamingTool = chioTool({
  description: "Stream rows from a warehouse query",
  parameters: z.object({ sql: z.string() }),
  execute: async ({ sql }) => {
    // Returning a ReadableStream -- passed through unchanged.
    return runQueryAsStream(sql);
  },
  scope: { toolServer: "warehouse", toolName: "query" },
});
const progressiveTool = chioTool({
  description: "Yield partial results as they arrive",
  parameters: z.object({ topic: z.string() }),
  execute: async function* ({ topic }) {
    // Async generators are also forwarded unchanged.
    for await (const item of researchIterator(topic)) {
      yield item;
    }
  },
  scope: { toolServer: "research", toolName: "deep-dive" },
});

API

chioTool(options)

| Option | Type | Description | | ----------------- | ------------------------------------- | ----------------------------------------------------------------------- | | description | string | Forwarded to the Vercel AI SDK tool. | | parameters | ZodSchema | Input schema (AI SDK v3/v4 shape). | | inputSchema | ZodSchema | Input schema (AI SDK v5 shape). | | execute | (params, options?) => T | Underlying tool implementation; called when Chio allows the call. | | scope | ChioToolScope | Chio evaluation binding (toolServer, toolName, capabilityToken, ...). | | client | ChioClient | Optional shared client. | | clientOptions | ChioClientOptions | Inline client options (sidecarUrl, timeoutMs, fetch, debug). | | onSidecarError | "deny" | "allow" | Default "deny" -- throw on transport failure. | | debug | (message, data?) => void | Optional debug hook; the wrapper never writes to stdout. | | resolveCapabilityToken | (capabilityId) => token | Optional resolver when scope.capabilityId is only an indirection key. |

Returns a tool object with the same structural shape as the input so it drops directly into streamText({ tools: { ... } }).

scope.capabilityId is only a request hint. Chio deny-by-default sidecar evaluation still requires a signed capability token to be presented via scope.capabilityToken or resolveCapabilityToken.

ChioToolError

Thrown when the sidecar denies a tool call or the transport fails in fail-closed mode. Fields: verdict, guard, reason, receiptId.

ChioClient

Minimal HTTP client for POST /chio/evaluate. Can be shared across many chioTool() instances to amortize construction cost. The client builds an ChioHttpRequest-compatible payload for tool calls, accepts the sidecar's canonical EvaluateResponse { verdict, receipt, evidence } shape, and still normalizes the Lambda evaluator's legacy { receipt_id, decision } wire contract into the same ChioReceipt API.

License

MIT