Skip to content

[PUBLISHED ON NPMJS] @takk/agenticstash@1.0.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 19 Jun 15:32
v1.0.0
b73efb4

STATUS: PUBLISHED ON NPMJS. This version was published to the npm registry on 2026-06-19T15:41:18Z with provenance attestation. View on npm: https://www.npmjs.com/package/@takk/agenticstash/v/1.0.0

[1.0.0] - 2026-06-19T14:21:18Z

Initial stable release. Agentic Stash is the embeddable, zero-runtime-dependency record and replay engine for Massive Intelligence (IM) agents and non-human entities (NHEs): the rr of the agentic world, the git stash of agent runs. Capture every source of non-determinism a run touches, then replay it deterministically, fork it, diff it, and seal it.

Added

Recording and replay core

  • createStash(options): the unified record-or-replay facade. Instrument an agent once with intercept / interceptSync / value; construct without a recording to record, with one to replay. Determinism is by substitution: the replayer serves the exact values the original run observed, it does not make a model deterministic.
  • createRecorder(options): captures non-determinism transparently. record / recordAsync run a producer and store its return value or thrown error as a content-addressed event; value records an already-produced value. Each event carries a (channel, key, ordinal) identity plus an optional input hash.
  • createReplayer(recording, options): serves recorded values by (channel, key) ordinal, re-throws recorded errors at the original site, and supports an opt-in live tail for fork continuations.

Divergence detection (council revision)

  • Replay checks a supplied input against the recorded input hash. With the default onDivergence: 'throw' a mismatch raises ERR_DIVERGENCE on the spot.
  • With onDivergence: 'collect', every divergence is recorded and replay continues, so one pass yields a full DivergenceReport (input-mismatch, extra-call, missing-call, plus the earliest divergence) of exactly where the code under replay departed from the recording. This makes the "find where the bug diverged" debugging workflow a first-class, single-pass operation.

Tamper-evident sealing (council revision)

  • sealRecording(recording): folds the recording id and every event (with its value and input payloads) into a SHA-256 hash chain and returns the root digest, via the Web Crypto API so it stays dependency-free and runs in Node, edge runtimes, and the browser.
  • verifyRecording(recording, seal): recomputes the chain and reports whether the recording is byte-for-byte the one that was sealed, the integrity property the EU AI Act Article 12 tamper-evident logging requirement asks of agent execution records. It is an integrity seal, not a digital signature: it proves a recording matches a trusted root, not who produced it.

Redaction (council revision)

  • redact (on createStash and createRecorder): a record-time transform (value, { channel, key, kind }) => value applied to every value and input before it reaches storage, so secrets and PII never enter a recording. Return a masked value to keep structure while hiding content, or the exported DROP sentinel to store only a redaction marker (a metadata-only event) for the strictest HIPAA, GDPR, and PCI environments. Redaction is one-way: a redacted field replays as its redacted form, so it pairs naturally with the integrity seal, you seal exactly what you chose to keep.

Storage, fork, and diff

  • Content-addressed BlobStore deduplicates structurally equal payloads (a repeated tool response, the same system prompt on every step) via a dependency-free cyrb53 content hash, with full-content collision safety and defensive copies.
  • encodeRecording / decodeRecording move a recording to and from portable JSON, validating shape with ERR_INVALID_RECORDING; recordingStats summarizes it.
  • fork(recording, options): keep every event before a point, optionally override that decision with a new value, drop the tail; replaying the fork serves the shared prefix then runs live, so one recorded run roots an alternate branch.
  • diffRecordings(a, b): aligns two recordings by (channel, key, ordinal) identity and reports added, removed, and changed events plus the first divergence.

Interceptors, MCP bridge, CLI

  • createDeterministicClock, createSeededRandom (mulberry32, seed recorded once), and wrap / wrapSync to make any function recordable, all framework-agnostic.
  • @takk/agenticstash/mcp: a duck-typed interceptMcpClient / recordMcpTool bridge that records and replays MCP tool calls, importing no MCP SDK.
  • CLI agenticstash: inspect, diff, fork, seal, and verify over recording JSON files, with sysexits exit codes (0 success, 64 usage, 65 bad data, 66 unreadable; verify exits 1 on a failed seal).

Entry points and tooling

  • Ten library entry points: core, ./record, ./replay, ./storage, ./fork, ./diff, ./interceptors, ./mcp, ./seal, ./edge. The whole engine is free of any Node built-in (the seal uses Web Crypto, not node:crypto), so the edge entry is the full core and runs in Cloudflare Workers, Vercel Edge, Deno, Bun, and the browser.

Quality

  • 86 tests across 14 suites passing under Vitest 4, green on Node 20, 22, and 24.
  • Coverage: statements 88.0%, lines 88.6%, functions 89.8%, branches 76.9%.
  • TypeScript strict mode at maximum under TypeScript 6, lint and format clean under Biome 2, publint clean, are-the-types-wrong clean across all ten entry points.
  • Every library bundle is verified free of any Node built-in; the CLI uses only node:fs and node:process.

Honest scope

  • Record and replay is by substitution. Agentic Stash captures and replays the values a run observed; it does not make a model deterministic, and a code path that changes its calls or their order will (correctly) diverge. The deterministic-replay category is also served by Forkline, LangGraph time-travel, and replay-testing in LangSmith, Braintrust, and Langfuse; Agentic Stash is the embeddable, zero-dependency, in-process option that re-executes your code (rather than restoring framework state) and runs on the edge.
  • The integrity seal is tamper-evident (a SHA-256 hash chain), not a digital signature; pair the root with your own signing or notarization for non-repudiation.

Security

  • Published with --provenance (SLSA attestation by GitHub Actions). Consumers can verify via npm view @takk/agenticstash --json | jq .dist.attestations.
  • Zero outbound network calls and no telemetry. Recordings can contain whatever you pass through them (prompts, tool payloads); use the redact hook to keep secrets and PII out of storage, and seal the result for integrity. See SECURITY.md.

Licensing

  • Licensed under the Apache License, Version 2.0. The NOTICE file ships in the tarball alongside LICENSE.

Engines

  • Node >=20.0.0. Tested on Node 20, 22, and 24.
Assets 2
Loading