SDKs

Two official clients with the same shape: construct with an API key, then preflight() for decisions or guard() to gate real execution. Both fail closed on network errors.

TypeScript — @actpass/sdk

npm

npm install @actpass/sdk

setup

import { ActPass } from '@actpass/sdk';

const actpass = new ActPass({
  apiKey: process.env.ACTPASS_API_KEY!,
  tenantId: 'your-team-id',
  agentId: 'support_agent',
  // baseUrl defaults to the hosted API; point it at your self-hosted gateway if needed
});

Decide, then act: guard()

guard() runs preflight and only invokes your execute callback on allow. Anything else — deny, pending approval, drifted tool — and your code simply doesn't run.

TypeScript

const { decision, result, error } = await actpass.guard({
  goal: 'resolve_refund_request',
  tool: 'stripe.refund.create',
  resource: 'stripe:charge:ch_123',
  args: { amount: 4900, currency: 'usd' },
  mode: 'enforce',
  execute: async ({ credential }) =>
    // credential is injected when a vaulted credential is bound to this tool
    stripe.refunds.create({ charge: 'ch_123', amount: 4900 }),
});

switch (decision.decision) {
  case 'allow':
    return result;
  case 'require_approval':
    return notify(`Held for review: ${decision.approval_request_id}`);
  default:
    log.warn(decision.reason_code, decision.explain.summary);
}

Decision only: preflight()

TypeScript

const d = await actpass.preflight({
  goal: 'send_status_update',
  tool: 'gmail.send',
  args: { to: 'customer@example.com' },
});
// d.decision, d.reason_code, d.risk_tier, d.explain.matched_rules

Passports

TypeScript

const { token } = await actpass.issuePassport({
  audience: 'mcp://stripe-production',
  goal: 'resolve_refund_request',
  allowedTools: ['stripe.refund.create'],
  allowedResources: ['stripe:charge:ch_123'],
  resourceConstraints: { max_amount: 10000, currency: 'usd' },
});
// pass `token` as `passport` in preflight/guard calls

await actpass.verifyPassport({ token, audience: 'mcp://stripe-production' });
await actpass.revokePassport('ap_...', 'session ended');

Python — actpass

pip

pip install actpass

Python

from actpass import ActPassClient

client = ActPassClient(
    api_key=os.environ["ACTPASS_API_KEY"],
    tenant_id="your-team-id",
    agent_id="support_agent",
)

# Decision only
d = client.preflight(
    goal="resolve_refund_request",
    tool="stripe.refund.create",
    args={"amount": 4900, "currency": "usd"},
    resource="stripe:charge:ch_123",
)
print(d["decision"], d["reason_code"])

# Gate real execution
out = client.guard(
    goal="resolve_refund_request",
    tool="stripe.refund.create",
    args={"amount": 4900, "currency": "usd"},
    execute_fn=lambda ctx: stripe.Refund.create(charge="ch_123", amount=4900),
)

The Python client mirrors the TypeScript surface: issue_passport(), verify_passport(), revoke_passport(), and record_evidence() for custom audit events.

Important:Both SDKs fail closed: if the ActPass API is unreachable in enforce mode, guard() reports a blocked decision and your execute callback does not run. Use mode: "monitor" during rollout if you need observe-only behavior.

CLI & CI →

Scan agent configs before they ship.

API Reference →

The raw HTTP surface under the SDKs.

TypeScript — @actpass/sdk

npm

npm install @actpass/sdk

setup

import { ActPass } from '@actpass/sdk';

const actpass = new ActPass({
  apiKey: process.env.ACTPASS_API_KEY!,
  tenantId: 'your-team-id',
  agentId: 'support_agent',
  // baseUrl defaults to the hosted API; point it at your self-hosted gateway if needed
});

Decide, then act: guard()

guard() runs preflight and only invokes your execute callback on allow. Anything else — deny, pending approval, drifted tool — and your code simply doesn't run.

TypeScript

const { decision, result, error } = await actpass.guard({
  goal: 'resolve_refund_request',
  tool: 'stripe.refund.create',
  resource: 'stripe:charge:ch_123',
  args: { amount: 4900, currency: 'usd' },
  mode: 'enforce',
  execute: async ({ credential }) =>
    // credential is injected when a vaulted credential is bound to this tool
    stripe.refunds.create({ charge: 'ch_123', amount: 4900 }),
});

switch (decision.decision) {
  case 'allow':
    return result;
  case 'require_approval':
    return notify(`Held for review: ${decision.approval_request_id}`);
  default:
    log.warn(decision.reason_code, decision.explain.summary);
}

Decision only: preflight()

TypeScript

const d = await actpass.preflight({
  goal: 'send_status_update',
  tool: 'gmail.send',
  args: { to: 'customer@example.com' },
});
// d.decision, d.reason_code, d.risk_tier, d.explain.matched_rules

Passports

TypeScript

const { token } = await actpass.issuePassport({
  audience: 'mcp://stripe-production',
  goal: 'resolve_refund_request',
  allowedTools: ['stripe.refund.create'],
  allowedResources: ['stripe:charge:ch_123'],
  resourceConstraints: { max_amount: 10000, currency: 'usd' },
});
// pass `token` as `passport` in preflight/guard calls

await actpass.verifyPassport({ token, audience: 'mcp://stripe-production' });
await actpass.revokePassport('ap_...', 'session ended');

Python — actpass

pip

pip install actpass

Python

from actpass import ActPassClient

client = ActPassClient(
    api_key=os.environ["ACTPASS_API_KEY"],
    tenant_id="your-team-id",
    agent_id="support_agent",
)

# Decision only
d = client.preflight(
    goal="resolve_refund_request",
    tool="stripe.refund.create",
    args={"amount": 4900, "currency": "usd"},
    resource="stripe:charge:ch_123",
)
print(d["decision"], d["reason_code"])

# Gate real execution
out = client.guard(
    goal="resolve_refund_request",
    tool="stripe.refund.create",
    args={"amount": 4900, "currency": "usd"},
    execute_fn=lambda ctx: stripe.Refund.create(charge="ch_123", amount=4900),
)

The Python client mirrors the TypeScript surface: issue_passport(), verify_passport(), revoke_passport(), and record_evidence() for custom audit events.