Skip to main content

agents-chain

Identity, auth, and audit for AI agent systems

Zero-dependency security layer for AI agent systems

Get Startednpm install agents-chain

Cryptographic Identity

Ed25519 keypairs for every Host and Agent. JWK thumbprints as stable IDs. Full delegation chain verification on every call.

11-Step Verification

Every capability call mints a signed JWT and passes through 11 verification steps — signature, replay protection, grant check, constraint enforcement — before your code runs.

Grant Constraints

Field-level constraints on call arguments: max, min, in, not_in, exact equality. Required fields from the schema are enforced. No reasoning required — the gate holds.

Access Requests

When an agent is denied, the call suspends and waits for human approval out-of-band. HMAC-verified codes, 4 approval scopes, tamper-proof rule storage.

Encrypted Audit Trail

AES-256-GCM in-memory ring buffer. Every call, denial, and error recorded with auth overhead. Drain to any HTTP endpoint or custom exporter.

Zero Dependencies

Ships ESM + CJS. Everything defaults to in-memory. External systems (Redis, databases) are adapter-injected by you. Node.js 18+ only.

Sponsored by Melduo