npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

occ-agent

v1.0.0

Published

Verifiable execution receipts for AI tool calls via OCC

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

occ-coreocc-core

Keywords

occproofcryptographicagenttool-executionreceiptsverifiable

Readme

@occ/agent

Verifiable execution receipts for AI tool calls via OCC.

What is OCC Agent?

Agent Skills define what a tool can do. OCC Agent proves what a tool actually did.

@occ/agent is a trust layer for skill execution. It wraps any tool call, creates a canonical execution envelope, hashes it, commits it through OCC, and returns a portable cryptographic receipt alongside the normal tool output.

tool execution → canonical execution envelope → OCC commit → portable receipt

How it relates to OCC

OCC (Origin Controlled Computing) provides cryptographic proof that digital events entered a causal sequence. The proof format (occ/1) was designed for arbitrary digital artifacts — files are just one case.

@occ/agent reuses the existing OCC proof format directly. The "artifact" committed is the SHA-256 hash of a canonical execution envelope. No new proof schema. No parallel receipt format. Just the same occ/1 proof with tool execution metadata.

How it works

1. Normalize input  → deterministic JSON
2. Hash input        → SHA-256
3. Execute tool      → get output
4. Normalize output  → deterministic JSON
5. Hash output       → SHA-256
6. Build envelope    → canonical execution envelope
7. Hash envelope     → SHA-256(canonicalize(envelope))
8. Commit digest     → POST /commit with envelope hash
9. Return            → { output, executionEnvelope, occProof }

The Canonical Execution Envelope

{
  "type": "tool-execution",
  "tool": "fetch_url",
  "toolVersion": "1.0.0",
  "runtime": "agent-skills",
  "adapter": "occ-agent",
  "inputHashB64": "base64(SHA-256(canonicalize(input)))",
  "outputHashB64": "base64(SHA-256(canonicalize(output)))",
  "timestamp": 1740000000
}

The envelope contains only hashes — never raw input or output. This preserves privacy while still proving that a specific execution record was committed.

What the proof proves

  • A canonical execution record was committed through OCC
  • The envelope hash matches the committed artifact digest (proof.artifact.digestB64)
  • The execution entered the OCC causal sequence at a specific counter position
  • The commit was signed by a specific enclave key
  • (When available) Hardware attestation, external timestamps, and causal ordering

What the proof does NOT prove

  • That the tool output is correct or complete
  • That the input/output hashes correspond to specific content (unless you have the originals)
  • That the execution happened at a specific wall-clock time (timestamps are advisory)

Quick Start

Wrap a tool

import { wrapTool, fetchUrlTool } from "@occ/agent";

const verifiedFetch = wrapTool(fetchUrlTool, {
  apiUrl: "https://your-occ-service.example/commit",
  apiKey: "your-api-key",
});

const result = await verifiedFetch({ url: "https://example.com" });
// result.output         — normal tool output
// result.executionEnvelope — the canonical envelope
// result.occProof       — full OCC proof (occ/1 format)

One-shot execution

import { runVerifiedTool, fetchUrlTool } from "@occ/agent";

const result = await runVerifiedTool(
  fetchUrlTool,
  { url: "https://example.com" },
  { apiUrl: "https://your-occ-service.example/commit" },
);

Define a custom tool

import { wrapTool, type ToolDefinition } from "@occ/agent";

const myTool: ToolDefinition<{ query: string }, { answer: string }> = {
  name: "my_tool",
  version: "1.0.0",

  async execute(input) {
    const answer = await someService(input.query);
    return { answer };
  },

  normalizeInput(input) {
    return { query: input.query.trim().toLowerCase() };
  },

  normalizeOutput(output) {
    return { answer: output.answer };
  },
};

const verifiedTool = wrapTool(myTool, config);
const result = await verifiedTool({ query: "Hello World" });

Verify a receipt

import { verifyExecutionReceipt } from "@occ/agent";

const verification = await verifyExecutionReceipt(
  result.executionEnvelope,
  result.occProof,
);
// verification.valid    — true if all checks pass
// verification.checks   — individual check results

API Reference

wrapTool(tool, config)

Wraps a ToolDefinition to produce verified execution receipts. Returns an async function.

runVerifiedTool(tool, input, config)

Wrap and immediately execute. Convenience for one-shot calls.

createExecutionEnvelope(opts)

Build a canonical execution envelope from hashed input/output.

hashExecutionEnvelope(envelope)

SHA-256 hash of the canonicalized envelope. This is the digest committed to OCC.

hashValue(value)

Canonicalize and SHA-256 hash any value. Used for input/output hashing.

commitExecutionEnvelope(envelope, config)

Commit an envelope through the OCC /commit endpoint.

verifyExecutionReceipt(envelope, proof)

Local verification: envelope hash match + OCC proof signature.

verifyExecutionReceiptRemote(envelope, proof, config)

Remote verification via the OCC /verify endpoint.

fetchUrlTool

Built-in tool definition for URL fetching with deterministic output normalization.

Privacy Model

  • Only hashes are committed to OCC — never raw input or output
  • Raw values may be shown in local UI for demonstration
  • The canonical execution envelope contains inputHashB64 and outputHashB64, not the values themselves
  • Proof generation and privacy boundaries are cleanly separated

Running the Demo

cd apps/occ-agent-demo
npm install
npm run dev
# → http://localhost:3002

Set OCC_API_URL and OCC_API_KEY environment variables to connect to a live OCC commit service. Without them, the demo runs in demonstration mode (tool execution works, but no real proofs are generated).

Integration with Claude / Agent Skills

This package is designed to be the trust layer for agent skill execution. Future integration could look like:

  1. MCP Server wrapper — An MCP server that wraps tool calls with OCC receipts, making any MCP tool verifiable
  2. Agent SDK middleware — Interceptor in the Claude Agent SDK that automatically generates receipts for every tool call
  3. Skill metadata — Skills could declare whether they require OCC verification, and the runtime would enforce it
  4. Receipt chains — Using prevB64 proof chaining to create tamper-evident logs of entire agent sessions

The key insight: Agent Skills package capability. OCC provides verifiable execution receipts. Together, they form a complete trust model for autonomous AI actions.

License

Apache-2.0