Bylaw ALCV — TypeScript SDK for SOX 404 compliance enforcement on AI agent tool calls.
The SDK acts as a shim that intercepts AI agent tool calls, sends clearance requests to an ALCV Vault server, and only allows execution if the Vault approves and returns a signed A-JWT (Agentic JSON Web Token, Ed25519/EdDSA).
npm install bylaw-ts# LangChain.js
npm install bylaw-ts @langchain/core
# LlamaIndex.ts
npm install bylaw-ts llamaindex
# Vercel AI SDK
npm install bylaw-ts ai// bylaw.json
// {
// "enforce": [
// { "tool": "stripe*", "policyId": "financial-high-risk" },
// { "tool": "*", "policyId": "default" }
// ]
// }
import { configure, autoInstrument, currentToken } from "bylaw-ts";
const rawTools = {
async stripeRefund(amount: number, reason: string) {
const token = currentToken();
return { refunded: amount, reason, token };
},
};
configure({ agentId: "payments-agent" });
const tools = autoInstrument(rawTools);
const result = await tools.stripeRefund(45, "Late package");
console.log(result.token);autoInstrument() reads bylaw.json from the current working directory by default, wraps matching functions automatically, and leaves unmatched entries unchanged.
| Option | Env Variable | Default | Description |
|---|---|---|---|
vaultUrl |
BYLAW_VAULT_URL |
http://localhost:8000 |
Vault server URL |
vaultApiKey |
BYLAW_VAULT_API_KEY |
"" |
API key for auth |
vaultTimeout |
BYLAW_VAULT_TIMEOUT |
30000 |
Timeout in ms |
verifyJwt |
BYLAW_VERIFY_JWT |
true |
Auto-verify A-JWTs |
jwtIssuer |
BYLAW_JWT_ISSUER |
alcv-vault |
Expected A-JWT issuer |
jwtAudience |
BYLAW_JWT_AUDIENCE |
ledgix-sdk |
Expected A-JWT audience |
agentId |
BYLAW_AGENT_ID |
"default-agent" |
Agent identifier |
sessionId |
BYLAW_SESSION_ID |
"" |
Session identifier |
const client = new BylawClient(config?);
await client.requestClearance(request); // → ClearanceResponse
await client.registerPolicy(policy); // → PolicyRegistrationResponse
await client.fetchJwks(); // → JWKS object
await client.verifyToken(token); // → decoded payload
await client.close(); // cleanupimport * as rawTools from "./tools.js";
const tools = autoInstrument(rawTools);
const toolsFromInline = autoInstrument(rawTools, {
enforce: [{ tool: "stripe*", policyId: "financial-high-risk" }],
});const specialFn = tool(async function specialRefund(amount: number) {
return currentToken();
});
const overrideFn = tool(
async function stripeCharge(amount: number) {
return currentToken();
},
{ policyId: "override-policy" },
);const guarded = vaultEnforce(client, {
toolName: "my_tool",
policyId: "policy-001",
context: { key: "value" },
})(myAsyncFunction);await withVaultContext(
client,
"stripe_refund",
{ amount: 45 },
{ policyId: "refund-policy" },
async (clearance) => {
// Use clearance.token
},
);// LangChain.js
import { wrapLangChainTool } from "bylaw-ts/adapters/langchain";
// LlamaIndex.ts
import { wrapTool } from "bylaw-ts/adapters/llamaindex";
// Vercel AI SDK
import { wrapVercelTool } from "bylaw-ts/adapters/vercel-ai";import {
ClearanceDeniedError,
VaultConnectionError,
TokenVerificationError,
PolicyRegistrationError,
} from "bylaw-ts";npx tsx demo.tsMIT