Package Exports
- vouch-guard
- vouch-guard/src/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (vouch-guard) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
vouch-guard
Governance guard for Claude Managed Agents. Evaluates every tool call before execution.
ACCEPTED flows. RESTRICTED steers. BLOCKED stops.
Install
npm install vouch-guardQuick Start
import Anthropic from "@anthropic-ai/sdk";
import { guardSession } from "vouch-guard";
const client = new Anthropic();
// Create agent and session (see Anthropic docs)
const session = await client.beta.sessions.create({ agent: agentId, environment_id: envId });
// Send the task
await client.beta.sessions.events.send(session.id, {
events: [{ type: "user.message", content: [{ type: "text", text: "Deploy the latest build" }] }],
});
// Guard the session — every tool call evaluated by Vouch
const audit = await guardSession(client, session.id, {
apiKey: process.env.VOUCH_API_KEY,
onVerdict: (v) => console.log(`${v.tool}: ${v.verdict} (${v.duration_ms}ms)`),
});
console.log(`Session complete. ${audit.governed} calls governed, ${audit.blocked} blocked.`);Two Patterns
Pattern 1: Event Monitor (built-in tools)
Guard built-in tools (bash, write, edit, web_fetch). Governance is reactive — the tool may start executing before the verdict arrives. If RESTRICTED or BLOCKED, the guard steers the agent away from repeating the action.
const audit = await guardSession(client, sessionId, {
apiKey: process.env.VOUCH_API_KEY,
});Pattern 2: Custom Tool Wrapper (full prevention)
Replace built-in tools with governed custom tools. The tool does NOT execute until Vouch clears it.
import { guardSession, GOVERNED_TOOL_DEFINITIONS } from "vouch-guard";
// Create agent with governed tools instead of built-ins
const agent = await client.beta.agents.create({
name: "Governed Assistant",
model: "claude-sonnet-4-6",
tools: [
{
type: "agent_toolset_20260401",
default_config: { enabled: false },
configs: [
{ name: "read", enabled: true },
{ name: "glob", enabled: true },
{ name: "grep", enabled: true },
],
},
...GOVERNED_TOOL_DEFINITIONS,
],
});
// Guard with a tool executor
const audit = await guardSession(client, sessionId, {
apiKey: process.env.VOUCH_API_KEY,
executeTool: async (name, input) => {
// Your execution logic here
if (name === "governed_bash") {
return execSync(input.command).toString();
}
},
});API
guardSession(client, sessionId, options)
Guards a managed agent session. Returns an audit summary when the session goes idle.
Options:
| Option | Type | Required | Description |
|---|---|---|---|
apiKey |
string | Yes | Vouch API key |
apiUrl |
string | No | Vouch API URL (default: vouch.atlaswithiris.com) |
policy |
object | No | Custom governance policy |
onVerdict |
function | No | Callback on each verdict |
onError |
function | No | Callback on Vouch errors |
executeTool |
function | No | Handler for custom tool execution (Pattern 2) |
failOpen |
boolean | No | Fail open if Vouch unreachable (default: true) |
Returns: Audit summary object.
extractPlan(name, input)
Convert a tool call into a Vouch plan description.
GOVERNED_TOOL_DEFINITIONS
Pre-built custom tool definitions for governed_bash, governed_write, governed_edit, governed_fetch. Spread into your agent's tools array.
VouchClient
Thin API client for POST /api/v1/vouch.
License
MIT