@orangecheck/agent-vercel
Advanced tools
Wrap Vercel AI SDK tool() invocations with OC Agent scope enforcement and emit a signed agent-action envelope per tool execution. Provider-agnostic — works under Anthropic, OpenAI, Cohere, etc.
Wrap Vercel AI SDK tool() invocations with OC Agent scope enforcement and emit a signed agent-action envelope per tool execution. Provider-agnostic — works under Anthropic, OpenAI, Cohere, or any other model the AI SDK speaks.
The Vercel AI SDK has converged on a clean tool({description, parameters, execute}) primitive that serializes naturally across providers. A single adapter at this layer covers a large fraction of teams shipping production agents.
This module wraps execute so every successful call produces a signed agent-action envelope citing the active delegation:
vercel:tool(verb=<verb>) against the delegation; refuses if not admissible).(verb, args, callId) tuple, BIP-322 sign as the agent address, emit envelope.v0.0.1 · in design. API shape is stable; the canonicalization layout ({args, call_id, verb} lexicographic, RFC 8785 canonical JSON, trailing LF) is locked. Production wiring with specific AI-SDK releases is intentionally not baked in — ocTool() is provider/SDK-agnostic so you can call it from any release of ai you're already on.
npm i @orangecheck/agent-vercel
# peer deps:
npm i @orangecheck/agent-core @orangecheck/agent-signer
import { tool } from 'ai';
import { ocTool } from '@orangecheck/agent-vercel';
const invoiceCreate = ocTool({
verb: 'invoice.create',
description: 'create a new invoice',
parameters: invoiceSchema,
execute: async (args) => myInvoiceCreateImpl(args),
});
const tools = {
'invoice.create': tool({
description: invoiceCreate.description,
parameters: invoiceCreate.parameters as never,
execute: async (args, { toolCallId }) => {
const { result, action } = await invoiceCreate.execute(args, {
agent, delegation, callId: toolCallId,
});
await yourAuditPipeline.append(action);
return result;
},
}),
};
const { text } = await generateText({
model: anthropic('claude-sonnet-4-6'),
tools,
prompt: 'invoice acme for $14.20',
});
The pattern: ocTool defines the OC-Agent-shaped wrapper; the AI SDK's tool() calls into that wrapper plus your audit pipeline.
Stamp's content.hash is a SHA-256 of:
{
"args": <canonical JSON of args>,
"call_id": "<sdk-assigned tool call id>",
"verb": "<verb>"
}
Default scope_exercised is vercel:tool(verb=<verb>). Override via scopeExercised.
canonicalizeToolCall(call) — RFC 8785 canonical bytes.toolCallHash(call) — sha256:<64-hex>.stampToolCall(input) — sign without executing.ocTool({verb, parameters, description, execute}) — provider-agnostic wrapped tool.MIT.
FAQs
Wrap Vercel AI SDK tool() invocations with OC Agent scope enforcement and emit a signed agent-action envelope per tool execution. Provider-agnostic — works under Anthropic, OpenAI, Cohere, etc.
The npm package @orangecheck/agent-vercel receives a total of 7 weekly downloads. As such, @orangecheck/agent-vercel popularity was classified as not popular.
We found that @orangecheck/agent-vercel demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.
Product
Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.
Research
More than 140 Mastra npm packages were compromised in a supply chain attack that used a typosquatted dependency to deliver a cross-platform infostealer during installation.