@trizloom/quorum

The Trust Layer for AI Agents.
Secure agent interactions with cryptographic finality, local policy enforcement, and immutable audit trails.

Installation

npm install @trizloom/quorum

Prerequisites

• Node.js 18.x or higher
• A Trizloom API Key (from the Dashboard)
• An Agent ID and Ed25519 Private Key (generated once via registerAgent)

Agent Lifecycle

Every Quorum integration follows a strictly defined lifecycle to ensure every action has an authorized, verifiable provenance.

Step 0. Register the Agent (One-time Setup)

Run this once. Store the returned id and privateKey securely in your vault.

const bootstrap = new Quorum({ apiKey: process.env.QUORUM_API_KEY });

const identity = await bootstrap.registerAgent({
  name: 'Procurement-Agent-Alpha',
  type: 'FLEET_MEMBER'
});

console.log(identity.id);         // Store this as AGENT_ID
console.log(identity.privateKey); // Store this as AGENT_SECRET — shown only once

Step 1. Initialization

On every subsequent run, load your stored identity from the vault.

const quorum = new Quorum({
  apiKey: process.env.QUORUM_API_KEY,
  agentId: process.env.AGENT_ID,
  agentSecret: process.env.AGENT_SECRET, // Ed25519 Private Key
  policy: { maxSpendPerTx: 5000 }
});

Step 2. Pre-flight Verification

Check the action against local guardrails before any signature is generated. This zero-latency operation protects your agent from overstepping its mandate.

await quorum.verify({ action: 'BUY', amount: 450 });
// Throws if policy is violated, halting execution at the edge.

Step 3. Recording and Witnessing

Commit the action to the audit trail. Choose the mode based on the risk profile:

• STRICT Mode: Blocks execution until the Trizloom Authorization Service countersigns the record. Required for payments and contracts.
• FAST Mode: Spools the record to a local WAL and synchronizes with the witness in the background. For high-volume data access logs.

const receipt = await quorum.record({
  action: 'BUY',
  amount: 450,
  idempotencyKey: 'pay_v771', // Required for financial safety
  mode: 'STRICT'
});

console.log(`Verified Receipt: ${receipt.verifyUrl}`);

STRICT vs. FAST: Decision Matrix

| Feature | STRICT Mode | FAST Mode | | :--- | :--- | :--- | | Execution | Synchronous / Blocking | Asynchronous | | Latency | ~150–300ms | < 1ms (Local Sign) | | Safety | Audit Complete Before Action | Retroactive Audit Trace | | Primary Use | Payments, Contracts, Deletion | Data Access, High-Volume Logs |

Settlement: Banking Finality

For financial actions, use .waitForSettlement() to confirm the authorized intent has cleared the banking system.

try {
  const result = await quorum.waitForSettlement(receipt.id);

  if (result.status === 'SETTLED') {
    console.log(`Funds cleared: ${result.stripePaymentId}`);
  } else if (result.status === 'AMOUNT_MISMATCH') {
    // CRITICAL: Bank movement differs from authorization
    await alertFinanceOps('Settlement Amount Mismatch Detected');
  }
} catch (error) {
  throw error;
}

Identity & Multi-Language Support

Quorum's signature verification uses RFC 8785 Canonical JSON. This ensures that Python, Go, and Node.js agents produce identical cryptographic fingerprints for identical payloads, regardless of key ordering or serialization differences.

Error Handling

In STRICT mode, the SDK follows a "Halt on Doubt" philosophy. If authorization fails or times out, the SDK throws, preventing the agent from proceeding with downstream logic.

try {
  const receipt = await quorum.record({ ..., mode: 'STRICT' });
  // Proceed with external logic only after witness confirmation
} catch (error) {
  // 1. STOP execution immediately.
  // 2. Notify human operators.
  throw error;
}

Access

Documentation, governance templates, and production deployment guides are available to authorized partners only.

Request access at trizloom.com.

License: ISC
© 2026 Trizloom. All rights reserved.