Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

@agenttrust/sdk

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@agenttrust/sdk

Official SDK for AgentTrust — AI agent security, prompt injection detection, and identity verification

latest
Source
npmnpm
Version
0.2.0
Version published
Weekly downloads
7
-50%
Maintainers
1
Weekly downloads
 
Created
Source

@agenttrust/sdk

Official JavaScript/TypeScript SDK for AgentTrust — prompt injection detection, agent identity verification, and audit trails for autonomous AI agents.

Installation

npm install @agenttrust/sdk
# or
yarn add @agenttrust/sdk
# or
pnpm add @agenttrust/sdk

Quick Start

import { AgentTrust } from '@agenttrust/sdk'

// From environment variable (recommended)
const at = AgentTrust.fromEnv() // reads AGENTTRUST_API_KEY

// Or explicitly
const at = new AgentTrust({ apiKey: 'atk_YOUR_API_KEY' })

Get your API key at agenttrust.ai. Keys are prefixed with atk_.

InjectionGuard

Scan any text for prompt injection, command execution attempts, and social engineering before your agent acts on it.

const result = await at.injectionGuard(text, {
  capabilities: ['send_messages', 'open_links'],
  channel: 'email',
  use_llm_review: true,
})

if (result.blocked) {
  // Hard block — do not proceed
  console.log('Triggers:', result.triggers)
  console.log('Mitigations:', result.mitigations)
} else if (result.requiresHuman) {
  // Queue for human review
} else {
  // Safe to execute
}

Options

OptionTypeRequiredDescription
capabilitiesstring[]What your agent can do (e.g. send_messages, open_links, data_access)
channel'email' | 'chat' | 'api'Source channel for better contextual analysis
use_llm_reviewbooleanEnable additional LLM-based risk assessment
exclusionsstring[]Terms that suppress trigger detection
custom_keywordsCustomKeyword[]Your own keyword triggers with severity
// Custom keywords example
custom_keywords: [
  { keyword: 'powershell', severity: 'high' },
  { keyword: 'wget', severity: 'medium' },
]

Dashboard-configured keywords and exclusions are automatically merged with request values.

Response

FieldTypeDescription
risk_level'low' | 'medium' | 'high'Overall risk assessment
suggested_mode'allow_execute' | 'draft_only' | 'require_human' | 'block'Recommended handling
triggersstring[]Rules that matched
trigger_excerptsRecord<string, string[]>Supporting excerpts per trigger
mitigationsstring[]Suggested mitigation actions
ruleset_versionstringDetection ruleset version
llm_reviewLLMReview | undefinedAI review block (when use_llm_review: true)
blockedbooleanConvenience: true when suggested_mode === 'block'
requiresHumanbooleanConvenience: true when suggested_mode === 'require_human'

TrustCode — Identity Verification

Issue a TrustCode

Prove your agent's identity when reaching out to users or other systems.

const trustCode = await at.issue({
  preset: 'draft_only',
  ttl_seconds: 3600, // 1 hour (default: 86400)
  payload: {
    intent: 'schedule_meeting',
    message: 'Scheduling a meeting on behalf of Acme Corp.',
  },
})

console.log(trustCode.code)        // e.g. "gFs2-jbQE-GddW"
console.log(trustCode.verify_url)  // shareable verification link
console.log(trustCode.badge_html)  // embeddable HTML trust badge

Verify a TrustCode

No API key required — anyone can verify.

const identity = await at.verify('gFs2-jbQE-GddW')

if (identity.verified) {
  console.log('Agent:', identity.issuer_agent_id)
  console.log('Org:', identity.issuer_org_id)
  console.log('Intent:', identity.payload.intent)
}

Framework Examples

Express middleware

import express from 'express'
import { AgentTrust } from '@agenttrust/sdk'

const at = AgentTrust.fromEnv()
const app = express()
app.use(express.json())

app.post('/agent/run', async (req, res) => {
  const check = await at.injectionGuard(req.body.message, {
    capabilities: ['data_access'],
    channel: 'api',
  })

  if (check.blocked) {
    return res.status(400).json({
      error: 'Prompt injection detected',
      triggers: check.triggers,
    })
  }

  if (check.requiresHuman) {
    return res.status(202).json({ status: 'queued_for_review' })
  }

  // Continue with agent logic...
})

LangChain tool wrapper

import { AgentTrust } from '@agenttrust/sdk'

const at = AgentTrust.fromEnv()

async function secureToolCall(input: string, capabilities: string[]) {
  const check = await at.injectionGuard(input, {
    capabilities,
    use_llm_review: true,
  })

  if (check.blocked) {
    throw new Error(`Blocked by AgentTrust: ${check.triggers.join(', ')}`)
  }

  // Call your tool...
}

Configuration

const at = new AgentTrust({
  apiKey: 'atk_YOUR_API_KEY', // required — get from dashboard
  baseUrl: 'https://agenttrust.ai/api', // optional, override for testing
})

Environment variable

Set AGENTTRUST_API_KEY and use AgentTrust.fromEnv() for cleaner setup.

Requirements

  • Node.js 18+ (uses native fetch)
  • Works with Bun, Deno, and any modern JS/TS runtime

Links

Keywords

agenttrust
prompt-injection
ai-security
agent-security
injection-guard
trustcode

FAQs

Package last updated on 18 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

US Government Forces Anthropic to Pull Claude Fable Days After Launch

Security News

US Government Forces Anthropic to Pull Claude Fable Days After Launch

Anthropic says the directive cited national security concerns over a narrow jailbreak, but offered no specific technical details.

By Sarah Gooding  -  Jun 13, 2026