npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

cobalt-ai-sdk

v2.0.0

Published

Runtime SDK for Cobalt — reads prompt config from the integrated GCP project's Firestore, calls Anthropic/OpenAI/Gemini/OpenRouter, sends execution telemetry via ADC. GCP-only.

Downloads

1,175

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

leoalopesleoalopes

Keywords

cobaltprompt-managementaillmsdk

Readme

cobalt-ai-sdk

Runtime SDK for Cobalt. Reads prompt config from your Firestore, calls Anthropic / OpenAI / Gemini / OpenRouter on your behalf, and sends fire-and-forget execution telemetry back to Cobalt.

This is a personal-tool SDK. It assumes:

  • The runtime is inside a GCP project (Cloud Functions, Cloud Run, GCE).
  • That project has been registered with Cobalt via cobalt install (CLI).
  • Prompt config lives in the project's own Firestore at ai_features/{function_id}/environments/{env}, populated by Cobalt's dual-write on publish.
  • Provider API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, OPENROUTER_API_KEY) are bound from Secret Manager into the function's env (also handled by cobalt install).

If you're looking for an HTTP-mode SDK with apiKey: cblt_..., that's v1.x. v2 dropped it.

Install

npm install cobalt-ai-sdk

Bind the provider secrets in your Cloud Functions v2 deployment:

import { defineSecret } from "firebase-functions/params";
const anthropic = defineSecret("ANTHROPIC_API_KEY");
const openai = defineSecret("OPENAI_API_KEY");
const google = defineSecret("GOOGLE_API_KEY");
const openrouter = defineSecret("OPENROUTER_API_KEY");

export const myFn = onRequest(
  { secrets: [anthropic, openai, google, openrouter] },
  handler,
);

Usage

import { Cobalt } from "cobalt-ai-sdk";
import * as admin from "firebase-admin";

if (!admin.apps.length) admin.initializeApp();

const cobalt = new Cobalt({
  firestore: admin.firestore(),  // required
});

const result = await cobalt.run("my_function_slug", {
  variables: { article_text: "..." },
});

console.log(result.output);

The SDK picks the provider adapter automatically from the prompt config's model_provider field, reads the matching env var (ANTHROPIC_API_KEY etc.), and calls the provider's API.

Options

new Cobalt({
  firestore: admin.firestore(),  // required
  environment: "prod",           // default "prod"
  realtime: false,               // true = onSnapshot listener instead of TTL-cached .get()
  cacheTtlMs: 60_000,            // .get() TTL when realtime=false
  executionTracing: true,        // send execution telemetry after each .run()
});

Run options

await cobalt.run("my_function_slug", {
  variables: { input: "..." },                     // {{var}} substitution
  metadata: { userId: "abc" },                     // attached to execution
  transformPrompt: (p) => ({                       // mutate the resolved prompt
    ...p,
    systemPrompt: p.systemPrompt + "\nExtra: ...",
  }),
  callModel: async (params) => {                   // BYO provider (overrides built-in)
    /* ... */
    return { outputText, promptTokens, completionTokens };
  },
  requestId: "req_xyz",
  sessionId: "sess_abc",
  userIdHash: "hashed_user_id",
});

Execution telemetry

After every successful run(), the SDK posts the execution payload to Cobalt's API. Authentication uses GCP Application Default Credentials: the SDK fetches a Google-signed ID token from the metadata server with aud=<cobalt-api-url> and sends it as Authorization: Bearer <jwt>. Cobalt's backend verifies the JWT and matches the email claim against the registered_projects collection.

Telemetry is fire-and-forget and silent on failure. If the metadata server isn't available (local dev) or Cobalt's API is down, your AI calls still succeed — the telemetry just doesn't land.

What's NOT in v2

  • apiKey / apiUrl / fetchTimeoutMs options — gone. Auth is ADC; URL is hardcoded (override via COBALT_API_URL env var for testing only).
  • HTTP-mode config fetching — gone. Firestore-direct is the only path.
  • runtimeSource option — gone. The source label comes from registered_projects.display_name on the backend.
  • anthropicApiKey option — gone. Use ANTHROPIC_API_KEY env var.

Versions

  • 2.x — current. Firestore-only, four built-in providers, ADC auth. GCP-only.
  • 1.x — legacy. HTTP-mode + cblt_... keys. Still published on npm for projects pinned to it.