npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@kernel.chat/kbot-finance

v0.2.0

Published

Audit-grade AI infrastructure for capital markets. Deterministic engine adapters + content-addressed envelopes + hash-chained audit log + regulatory verifier + MCP server. The AI Intelligence Layer never produces the number.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

isaacsightisaacsight

Keywords

capital-marketsai-infrastructuredeterministicauditmcppolymarketcompliance-as-code

Readme

@kernel.chat/kbot-finance

Audit-grade AI infrastructure for capital markets.

The AI Intelligence Layer never produces the number. The deterministic engine does. Every action is content-addressed, every step is hash-chained, every approval is signed.

Apache 2.0. Node 22+. Replit-importable.

What this is

A reference implementation of three layers that together form an AI-Native Capital Markets Operating System:

  1. Deterministic engine adapters — call known-good engines (Polymarket Gamma in v0.1; QuantLib, NautilusTrader, Aeron, alts-NAV in later versions). The AI agent cannot compute the number — it can only request one inside a content-addressed envelope.

  2. Regulatory verifier — Norm-AI-pattern rules-as-code. Every action passes through before reaching the engine. Failures emit adverse-action reason codes. Jurisdiction-aware (US, EU, UK, SG, HK, UAE, GLOBAL).

  3. Hash-chained audit log — append-only, WORM-compatible. Every verifier check, engine request, engine response, approval, and incident is recorded with a hash linking it to the previous entry. Tampering anywhere invalidates everything after.

Plus a material-gate approval substrate for actions that require a signed human approver token before execution.

Try it on Replit

This subdirectory is self-contained. Import the repo into Replit and the first Run will:

  1. npm install
  2. npm run demo — runs the end-to-end flow against the live Polymarket Gamma API, prints the audit log, verifies the hash chain.

No keys, no setup. Public API only.

Run locally

cd packages/kbot-finance
npm install
npm run demo        # live end-to-end
npm test            # unit + integration
npm run test:live   # explicit live-smoke against Gamma
KBOT_FINANCE_OFFLINE=1 npm test  # CI without network

Architecture (one diagram)

┌──────────────────────────────────────────────────────────────────┐
│  AI Intelligence Layer  (kbot agent calls polymarketQuery(...))   │
└─────────────┬────────────────────────────────────────────────────┘
              │ content-addressed request envelope
              ▼
┌──────────────────────────────────────────────────────────────────┐
│  Regulatory Verifier  (rules-as-code, jurisdiction-aware)         │
└─────────────┬────────────────────────────────────────────────────┘
              │ pass / adverse-action reason code
              ▼
┌──────────────────────────────────────────────────────────────────┐
│  Material-Gate Approval  (signed token, if action is material)    │
└─────────────┬────────────────────────────────────────────────────┘
              │
              ▼
┌──────────────────────────────────────────────────────────────────┐
│  Deterministic Engine Adapter  (Polymarket Gamma in v0.1)         │
└─────────────┬────────────────────────────────────────────────────┘
              │ sealed envelope: { request_hash, engine_version, value, ... }
              ▼
┌──────────────────────────────────────────────────────────────────┐
│  Hash-Chained Audit Log  (append-only, replayable, WORM-ready)    │
└──────────────────────────────────────────────────────────────────┘

Public API

import {
  // Content addressing
  canonicalize,
  requestHash,
  sealEnvelope,
  // Audit
  AppendOnlyAuditLog,
  // Governance
  Approver,
  verifyApproval,
  // Verifier
  runVerifier,
  makePositionLimitRule,
  makeKellyCapRule,
  // Engines
  polymarket,
  // Tools
  polymarketQuery,
} from "@kernel.chat/kbot-finance";

What v0.1 demonstrates

  • Content addressing. Two calls with logically identical inputs produce byte-identical request_hash. Independent of object key order.
  • Audit-log integrity. Tampering with any entry is detectable by AppendOnlyAuditLog.verify(). Concurrent appends serialize correctly.
  • Verifier short-circuit. A rule rejection prevents the engine call entirely; the failure is logged with an adverse-action code.
  • Honesty primitive. byte_identical_replayable: false on the Polymarket envelope — markets move; the live Gamma API is not deterministic at the block level. A future adapter that pins to a Goldsky/Graph snapshot will flip this flag to true.
  • Approval tokens. HMAC-signed (Ed25519 in v0.2), bound to the exact request_hash + materiality + summary the approver saw.

What v0.1 deliberately does NOT do

  • No trading / signing / order placement on Polymarket. Read-only. Write comes after the audit primitives are proven.
  • No deterministic floating-point. QuantLib + CRlibm integration lands in v0.2 when the rates/alts adapters arrive.
  • No on-chain proofs. zk-STARK-verified compute against a Goldsky subgraph is the v3 audit primitive; v0.1 is HTTPS + content-hash.
  • No MCP server wrapper. v0.2 ships an MCP server that exposes polymarket_query to any MCP client (Claude Code, Cursor, kbot core).

Layout

src/
  envelope.ts                    # canonical JSON + SHA-256 + sealEnvelope()
  audit-log.ts                   # hash-chained append-only log + verify()
  governance.ts                  # Approver + verifyApproval()
  verifier/
    index.ts                     # Rule + VerifierContext + runVerifier()
    position-limit.ts            # Pre-trade size + notional caps (Rule 15c3-5 echo)
    kelly-cap.ts                 # Half-Kelly position-sizing cap
  adapters/
    polymarket/
      types.ts                   # Gamma API + outcome union types
      client.ts                  # HTTPS client; never throws across boundary
      commands.ts                # listMarkets / getMarket / listEvents
      index.ts
  tools/
    polymarket-query.ts          # The kbot-shaped tool wiring all layers
  demo.ts                        # End-to-end script (npm run demo)
  index.ts                       # Public surface
test/
  envelope.test.ts
  audit-log.test.ts
  verifier.test.ts
  governance.test.ts
  polymarket.live.test.ts        # LIVE SMOKE — hits real Gamma

Strategic positioning

This is the open-source counter to Palantir AIP: same architectural pattern (deterministic substrate + AI orchestration + governance), but MIT/Apache core, BYOK, MCP-native, lower price floor, developer-first.

Bloomberg ASKB shipped the "AI emits engine query, engine produces number" pattern (BQL emission) in Feb 2026. That pattern, generalized, is the content-addressed envelope. ASKB picked their own proprietary engine; this package picks open ones and ships the deterministic-replay MCP extension spec MCP currently lacks.

The 12-18 month window is the gap between Bloomberg validates the pattern (done) and first nine-figure AI enforcement action lands (H2 2026 - H1 2027). After that, the spec freezes around whoever shipped first.

License

Apache 2.0. Built to underpin commercial premium offerings (SOC 2, hosted replay-retention, certified determinism) — the Aeron / PyKX dual-shape.

Status

v0.1 reference implementation. Not yet certified for production trading. Not investment advice. Not affiliated with Polymarket, Bloomberg, FINOS, ISDA, or any regulator.