[PUBLISHED ON NPMJS] @takk/agenticstash@1.0.0

STATUS: PUBLISHED ON NPMJS. This version was published to the npm registry on 2026-06-19T15:41:18Z with provenance attestation. View on npm: https://www.npmjs.com/package/@takk/agenticstash/v/1.0.0

[1.0.0] - 2026-06-19T14:21:18Z

Initial stable release. Agentic Stash is the embeddable, zero-runtime-dependency record and replay engine for Massive Intelligence (IM) agents and non-human entities (NHEs): the rr of the agentic world, the git stash of agent runs. Capture every source of non-determinism a run touches, then replay it deterministically, fork it, diff it, and seal it.

Added

Recording and replay core

• createStash(options): the unified record-or-replay facade. Instrument an agent once with intercept / interceptSync / value; construct without a recording to record, with one to replay. Determinism is by substitution: the replayer serves the exact values the original run observed, it does not make a model deterministic.
• createRecorder(options): captures non-determinism transparently. record / recordAsync run a producer and store its return value or thrown error as a content-addressed event; value records an already-produced value. Each event carries a (channel, key, ordinal) identity plus an optional input hash.
• createReplayer(recording, options): serves recorded values by (channel, key) ordinal, re-throws recorded errors at the original site, and supports an opt-in live tail for fork continuations.

Divergence detection (council revision)

• Replay checks a supplied input against the recorded input hash. With the default onDivergence: 'throw' a mismatch raises ERR_DIVERGENCE on the spot.
• With onDivergence: 'collect', every divergence is recorded and replay continues, so one pass yields a full DivergenceReport (input-mismatch, extra-call, missing-call, plus the earliest divergence) of exactly where the code under replay departed from the recording. This makes the "find where the bug diverged" debugging workflow a first-class, single-pass operation.

Tamper-evident sealing (council revision)

• sealRecording(recording): folds the recording id and every event (with its value and input payloads) into a SHA-256 hash chain and returns the root digest, via the Web Crypto API so it stays dependency-free and runs in Node, edge runtimes, and the browser.
• verifyRecording(recording, seal): recomputes the chain and reports whether the recording is byte-for-byte the one that was sealed, the integrity property the EU AI Act Article 12 tamper-evident logging requirement asks of agent execution records. It is an integrity seal, not a digital signature: it proves a recording matches a trusted root, not who produced it.

Redaction (council revision)

• redact (on createStash and createRecorder): a record-time transform (value, { channel, key, kind }) => value applied to every value and input before it reaches storage, so secrets and PII never enter a recording. Return a masked value to keep structure while hiding content, or the exported DROP sentinel to store only a redaction marker (a metadata-only event) for the strictest HIPAA, GDPR, and PCI environments. Redaction is one-way: a redacted field replays as its redacted form, so it pairs naturally with the integrity seal, you seal exactly what you chose to keep.

Storage, fork, and diff

• Content-addressed BlobStore deduplicates structurally equal payloads (a repeated tool response, the same system prompt on every step) via a dependency-free cyrb53 content hash, with full-content collision safety and defensive copies.
• encodeRecording / decodeRecording move a recording to and from portable JSON, validating shape with ERR_INVALID_RECORDING; recordingStats summarizes it.
• fork(recording, options): keep every event before a point, optionally override that decision with a new value, drop the tail; replaying the fork serves the shared prefix then runs live, so one recorded run roots an alternate branch.
• diffRecordings(a, b): aligns two recordings by (channel, key, ordinal) identity and reports added, removed, and changed events plus the first divergence.

Interceptors, MCP bridge, CLI

• createDeterministicClock, createSeededRandom (mulberry32, seed recorded once), and wrap / wrapSync to make any function recordable, all framework-agnostic.
• @takk/agenticstash/mcp: a duck-typed interceptMcpClient / recordMcpTool bridge that records and replays MCP tool calls, importing no MCP SDK.
• CLI agenticstash: inspect, diff, fork, seal, and verify over recording JSON files, with sysexits exit codes (0 success, 64 usage, 65 bad data, 66 unreadable; verify exits 1 on a failed seal).

Entry points and tooling

• Ten library entry points: core, ./record, ./replay, ./storage, ./fork, ./diff, ./interceptors, ./mcp, ./seal, ./edge. The whole engine is free of any Node built-in (the seal uses Web Crypto, not node:crypto), so the edge entry is the full core and runs in Cloudflare Workers, Vercel Edge, Deno, Bun, and the browser.

Quality

• 86 tests across 14 suites passing under Vitest 4, green on Node 20, 22, and 24.
• Coverage: statements 88.0%, lines 88.6%, functions 89.8%, branches 76.9%.
• TypeScript strict mode at maximum under TypeScript 6, lint and format clean under Biome 2, publint clean, are-the-types-wrong clean across all ten entry points.
• Every library bundle is verified free of any Node built-in; the CLI uses only node:fs and node:process.

Honest scope

• Record and replay is by substitution. Agentic Stash captures and replays the values a run observed; it does not make a model deterministic, and a code path that changes its calls or their order will (correctly) diverge. The deterministic-replay category is also served by Forkline, LangGraph time-travel, and replay-testing in LangSmith, Braintrust, and Langfuse; Agentic Stash is the embeddable, zero-dependency, in-process option that re-executes your code (rather than restoring framework state) and runs on the edge.
• The integrity seal is tamper-evident (a SHA-256 hash chain), not a digital signature; pair the root with your own signing or notarization for non-repudiation.

Security

• Published with --provenance (SLSA attestation by GitHub Actions). Consumers can verify via npm view @takk/agenticstash --json | jq .dist.attestations.
• Zero outbound network calls and no telemetry. Recordings can contain whatever you pass through them (prompts, tool payloads); use the redact hook to keep secrets and PII out of storage, and seal the result for integrity. See SECURITY.md.

Licensing

• Licensed under the Apache License, Version 2.0. The NOTICE file ships in the tarball alongside LICENSE.

Engines

• Node >=20.0.0. Tested on Node 20, 22, and 24.