npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@veritera.ai/forge-mastra

v0.1.1

Published

Forge Verify middleware and tools for Mastra — verify every agent action before execution

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

veriteraveritera

Keywords

mastraforgeveriteraverificationai-safetyagent

Readme

@veritera.ai/forge-mastra

Forge Verify middleware and tools for Mastra -- verify every agent action before execution.

Install

npm install @veritera.ai/forge-mastra @veritera.ai/forge-verify

@mastra/core is a peer dependency and must be installed in your project.

Quick Start

ForgeIntegration

Shared verification client for use across agents, tools, and middleware.

import { ForgeIntegration } from "@veritera.ai/forge-mastra";

const forge = new ForgeIntegration({
  apiKey: "vt_live_...",
  policy: "production-safety",
});

const result = await forge.verify("payment.create", { amount: 500 });
if (!result.verified) {
  console.log("Blocked:", result.reason);
}

forgeVerifyTool

A Mastra Tool that agents can call to explicitly verify an action.

import { Agent } from "@mastra/core";
import { forgeVerifyTool } from "@veritera.ai/forge-mastra";

const agent = new Agent({
  tools: {
    forge_verify: forgeVerifyTool({
      apiKey: "vt_live_...",
      policy: "finance-controls",
    }),
  },
});

forgeMiddleware

Middleware that verifies every tool call before execution. If verification fails, the tool is never called.

import { Agent } from "@mastra/core";
import { forgeMiddleware } from "@veritera.ai/forge-mastra";

const middleware = forgeMiddleware({
  apiKey: "vt_live_...",
  policy: "production-safety",
  failClosed: true,
});

const agent = new Agent({
  middleware: [middleware],
});

forgeWrapTool

Wraps any individual Mastra tool with Forge verification.

import { forgeWrapTool } from "@veritera.ai/forge-mastra";

const protectedTool = forgeWrapTool(myPaymentTool, {
  apiKey: "vt_live_...",
  policy: "finance-controls",
});

const agent = new Agent({
  tools: { payment: protectedTool },
});

Configuration

All exports accept the same ForgeConfig options:

| Option | Type | Default | Description | |--------|------|---------|-------------| | apiKey | string | VERITERA_API_KEY env | Forge API key (vt_live_... or vt_test_...) | | baseUrl | string | https://forge.veritera.ai | Forge API base URL | | agentId | string | "mastra-agent" | Agent identifier for audit trail | | policy | string | -- | Policy name to evaluate against | | failClosed | boolean | true | Block actions when verification service errors | | timeout | number | 10000 | Request timeout in milliseconds | | skipActions | string[] | [] | Actions that bypass verification | | onVerified | function | -- | Callback when an action is verified | | onBlocked | function | -- | Callback when an action is blocked |

Error Handling

When an action is blocked, a ForgeBlockedError is thrown:

import { ForgeBlockedError } from "@veritera.ai/forge-mastra";

try {
  await agent.execute(task);
} catch (err) {
  if (err instanceof ForgeBlockedError) {
    console.log("Action:", err.action);
    console.log("Reason:", err.reason);
    console.log("Verification ID:", err.verificationId);
  }
}

Environment Variable

Set VERITERA_API_KEY to avoid passing apiKey in every config:

export VERITERA_API_KEY=vt_live_...

License

MIT