npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@vorim/sdk

v3.0.2

Published

Official TypeScript SDK for Vorim AI — AI Agent Identity, Permissions & Audit

Downloads

337

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vorim-aivorim-ai

Keywords

ai-agentagent-identitytrustpermissionsaudited25519vorimtypescriptlangchainlanggraphopenaicrewaillamaindex

Readme

@vorim/sdk

The identity and trust layer for AI agents.

Register agents with cryptographic Ed25519 identities, enforce scoped permissions in under 5ms, emit tamper-evident audit trails, and verify trust scores — all in a few lines of code.

npm version License: MIT TypeScript Node Zero Dependencies

vorim.ai — Create a free account and get your API key in 30 seconds. Documentation — Full API reference, framework integrations, and examples. Quick Start — Set up in under 5 minutes.

Why Vorim?

AI agents are shipping into production without identity, permissions, or audit trails. This is a problem:

  • No identity — agents share API keys. You can't tell which agent did what.
  • No permissions — agents get all-or-nothing access. No scoped, time-bounded controls.
  • No audit trail — no tamper-evident record of agent actions. Compliance teams are blind.
  • No trust signal — third parties can't verify an agent before interacting with it.

Vorim solves all four. One SDK. One protocol. Ships in minutes.

EU AI Act (enforced Aug 2025) mandates traceability and audit trails for high-risk AI systems. Vorim makes your agents compliant out of the box.

Install

npm install @vorim/sdk
# or
yarn add @vorim/sdk
# or
pnpm add @vorim/sdk

Quick Start

import createVorim from "@vorim/sdk";

const vorim = createVorim({
  apiKey: "agid_sk_live_...",
});

// 1. Register an agent — Ed25519 keypair generated, private key shown once
const { agent, private_key } = await vorim.register({
  name: "invoice-processor",
  capabilities: ["read_documents", "extract_data"],
  scopes: ["agent:read", "agent:execute"],
});

console.log(agent.agent_id);    // agid_acme_a1b2c3d4
console.log(agent.trust_score); // 50 (initial)

// 2. Check permissions before acting (<5ms via Redis)
const { allowed } = await vorim.check(agent.agent_id, "agent:execute");

if (allowed) {
  // 3. Perform the action, then emit an audit event
  await vorim.emit({
    agent_id: agent.agent_id,
    event_type: "tool_call",
    action: "process_invoice",
    resource: "INV-2026-0042",
    result: "success",
    latency_ms: 142,
  });
}

// 4. Verify any agent's trust (public endpoint, no auth required)
const trust = await vorim.verify(agent.agent_id);
console.log(trust.trust_score);  // 0–100
console.log(trust.active_scopes); // ['agent:read', 'agent:execute']

Framework Integration

LangChain

import createVorim from "@vorim/sdk";
import { ChatOpenAI } from "@langchain/openai";
import { AgentExecutor } from "langchain/agents";

const vorim = createVorim({ apiKey: "agid_sk_live_..." });

// Register your LangChain agent with Vorim
const { agent: identity } = await vorim.register({
  name: "langchain-research-agent",
  capabilities: ["web_browsing", "api_calls"],
  scopes: ["agent:read", "agent:execute", "agent:communicate"],
});

// Check permissions before every tool call
async function guardedToolCall(toolName: string, input: any) {
  const { allowed } = await vorim.check(identity.agent_id, "agent:execute");
  if (!allowed) throw new Error("Permission denied by Vorim");

  const result = await executeTool(toolName, input);

  // Audit every action
  await vorim.emit({
    agent_id: identity.agent_id,
    event_type: "tool_call",
    action: `${toolName}: ${JSON.stringify(input)}`,
    result: "success",
  });

  return result;
}

CrewAI

import createVorim from "@vorim/sdk";

const vorim = createVorim({ apiKey: "agid_sk_live_..." });

// Register each crew member as a Vorim agent
const researcher = await vorim.register({
  name: "crew-researcher",
  capabilities: ["web_browsing"],
  scopes: ["agent:read"],
});

const writer = await vorim.register({
  name: "crew-writer",
  capabilities: ["file_access"],
  scopes: ["agent:read", "agent:write"],
});

// Verify permissions before delegation
const { allowed } = await vorim.check(writer.agent.agent_id, "agent:write");

OpenAI Agents SDK

import createVorim from "@vorim/sdk";
import OpenAI from "openai";

const vorim = createVorim({ apiKey: "agid_sk_live_..." });
const openai = new OpenAI();

// Register your OpenAI agent
const { agent: identity } = await vorim.register({
  name: "openai-assistant",
  capabilities: ["api_calls", "code_execution"],
  scopes: ["agent:read", "agent:execute"],
});

// Wrap function calls with Vorim permission checks
async function handleFunctionCall(call: any) {
  const { allowed } = await vorim.check(identity.agent_id, "agent:execute");
  if (!allowed) return { error: "Blocked by Vorim trust layer" };

  const result = await executeFunction(call);

  await vorim.emit({
    agent_id: identity.agent_id,
    event_type: "tool_call",
    action: call.name,
    resource: JSON.stringify(call.arguments),
    result: "success",
  });

  return result;
}

API Reference

Identity

// Register a new agent (private key returned once — store it securely)
const { agent, private_key } = await vorim.register({
  name: "my-agent",
  description: "Processes invoices",
  capabilities: ["read_documents"],
  scopes: ["agent:read", "agent:execute"],
});

// Get agent details
const agent = await vorim.getAgent("agid_acme_a1b2c3d4");

// List all agents in your organisation
const { agents, meta } = await vorim.listAgents({ page: 1, per_page: 20 });

// Permanently revoke an agent
await vorim.revoke("agid_acme_a1b2c3d4");

Permissions

// Check if an agent has a specific permission (<5ms)
const { allowed, remaining_quota } = await vorim.check(
  "agid_acme_a1b2c3d4",
  "agent:execute"
);

// Grant a time-bounded, rate-limited permission
await vorim.grant("agid_acme_a1b2c3d4", "agent:transact", {
  valid_until: "2026-06-01T00:00:00Z",
  rate_limit: { max: 100, window: "1h" },
});

Permission Scopes

| Scope | Description | |-------|-------------| | agent:read | Read data and resources | | agent:write | Create or modify resources | | agent:execute | Execute tools and functions | | agent:transact | Perform financial transactions | | agent:communicate | Send messages and notifications | | agent:delegate | Delegate tasks to other agents | | agent:elevate | Request elevated privileges |

Audit

// Emit a single audit event
await vorim.emit({
  agent_id: "agid_acme_a1b2c3d4",
  event_type: "tool_call",
  action: "send_email",
  resource: "[email protected]",
  result: "success",
  latency_ms: 230,
  metadata: { template: "invoice_reminder" },
});

// Batch emit up to 1,000 events
await vorim.emitBatch([
  { agent_id: "agid_acme_a1b2c3d4", event_type: "api_request", action: "GET /users", result: "success" },
  { agent_id: "agid_acme_a1b2c3d4", event_type: "api_request", action: "POST /orders", result: "denied" },
]);

Trust Verification

// Public endpoint — no API key required
const trust = await vorim.verify("agid_acme_a1b2c3d4");

trust.verified;          // true
trust.trust_score;       // 82
trust.status;            // 'active'
trust.owner.org_name;    // 'Acme Corp'
trust.active_scopes;     // ['agent:read', 'agent:execute']
trust.key_fingerprint;   // 'a1b2c3d4...'
trust.revocation_status; // false

Trust score factors:

  • Agent status (active, suspended, revoked)
  • Account age (older = more trusted)
  • Success rate over last 30 days
  • Denial ratio (high denials = lower trust)
  • Scope breadth (too many scopes = higher risk)

Payload Signing

// Sign a payload with the agent's Ed25519 private key (client-side)
const signature = await vorim.sign(
  JSON.stringify({ action: "transfer", amount: 500 }),
  privateKeyPem
);
// Returns: "ed25519:base64signature..."

// Include signature in audit events for non-repudiation
await vorim.emit({
  agent_id: "agid_acme_a1b2c3d4",
  event_type: "tool_call",
  action: "transfer_funds",
  result: "success",
  signature,
});

Embeddable Trust Badge

Every registered agent gets a public SVG trust badge you can embed anywhere:

<!-- Embed in your docs, landing page, or agent marketplace listing -->
<img src="https://api.vorim.ai/v1/trust/badge/agid_acme_a1b2c3d4.svg" alt="Vorim Trust Badge" />

The badge displays the agent's current trust score and updates in real-time. Use it to signal trust to end users, partners, and other agents.

Configuration

import createVorim from "@vorim/sdk";

const vorim = createVorim({
  apiKey: "agid_sk_live_...",         // Required — your Vorim API key
  baseUrl: "https://api.vorim.ai",   // Optional (default)
  timeout: 10000,                     // Optional — request timeout in ms (default: 10000)
});

| Option | Type | Default | Description | |--------|------|---------|-------------| | apiKey | string | — | Your Vorim API key (agid_sk_live_... or agid_sk_test_...) | | baseUrl | string | https://api.vorim.ai | API base URL (override for self-hosted) | | timeout | number | 10000 | Request timeout in milliseconds |

Error Handling

All errors throw VorimError with structured fields:

import createVorim, { VorimError } from "@vorim/sdk";

try {
  await vorim.check("invalid_id", "agent:read");
} catch (err) {
  if (err instanceof VorimError) {
    err.status;   // 404
    err.code;     // 'AGENT_NOT_FOUND'
    err.message;  // 'Agent invalid_id not found in the trust registry'
    err.details;  // Additional context (optional)
  }
}

| Error Code | Status | Meaning | |-----------|--------|---------| | INVALID_CREDENTIALS | 401 | Bad or expired API key | | AGENT_NOT_FOUND | 404 | Agent ID doesn't exist | | PERMISSION_DENIED | 403 | Agent lacks required scope | | RATE_LIMITED | 429 | Too many requests | | VALIDATION_ERROR | 400 | Invalid request payload |

Features

| Feature | Details | |---------|---------| | Cryptographic Identity | Ed25519 keypairs with SHA-256 fingerprints | | 7 Permission Scopes | read, write, execute, transact, communicate, delegate, elevate | | Immutable Audit Trail | Append-only events with content hashing | | Trust Scoring | 5-factor algorithm producing a 0–100 score | | Payload Signing | Client-side Ed25519 via Web Crypto or Node.js crypto | | Dual Runtime | Node.js 18+ and modern browsers | | Zero Dependencies | Types bundled — nothing extra to install | | ESM + CJS | Dual module output for any bundler or runtime |

Protocol

This SDK implements the Vorim Agent Identity Protocol (VAIP) — an open standard for AI agent identity, permissions, and cryptographic audit trails.

VAIP defines 5 conformance levels, from basic identity to full cryptographic signing. The protocol is open-source under Apache 2.0 — anyone can implement it.

Read the full specification: SPEC.md

Requirements

  • Node.js 18+ or modern browser with Web Crypto API
  • TypeScript 5.0+ (optional but recommended)

Links

License

MIT — see LICENSE for details.

Built by Vorim AI