Canonical reference for the OSuite SDK (v2.5.0). Node.js and Python parity across all core governance features.
Capability model
The SDK is one product surface inside the broader OSuite governance stack. Governance depth depends on runtime control points, while self-host and future SaaS are control-plane deployment models.
Self-host and future SaaS are deployment models for the OSuite control plane. They do not determine governance level by themselves.
Governance levels
Evidence Import
OSuite ingests evidence and supports replay, audit, and post-facto analysis.
Advisory Governance
OSuite evaluates policy before execution, but the external runtime may not enforce the stop.
Approval-Orchestrated Governance
OSuite can pause execution, wait for approval, and resume or deny deterministically.
Runtime-Enforced Governance
OSuite sits at the real execution boundary and can enforce before side effects happen.
Product surfaces
Embedded Runtime SDK / Package
Instrument customer-controlled runtimes, tools, and orchestrators from inside the code.
Runtime Boundary Adapter
Intercept real tool or action execution at the boundary where side effects occur.
Control Plane
Run policy, approvals, replay, and evidence management as the operator system of record.
Evidence Import Surface
Import actions, traces, and logs when the external runtime cannot be governed directly.
Deployment models
Self-Hosted Control Plane
Run the OSuite control plane in your own infrastructure and under your own operations model.
SaaS Control Plane
Use a OSuite-managed control plane once the hosted service is available.
npm install osuite
import { OSuite } from 'osuite';
const claw = new OSuite({
baseUrl: process.env.OSUITE_BASE_URL,
apiKey: process.env.OSUITE_API_KEY,
agentId: 'my-agent'
});// 1. Ask permission
const result = await claw.guard({
action_type: 'deploy',
risk_score: 85,
declared_goal: 'Update auth service to v2.1.1'
});
if (result.decision === 'block') {
throw new Error(`Blocked: ${result.reasons.join(', ')}`);
}
// 2. Log intent
const { action_id } = await claw.createAction({
action_type: 'deploy',
declared_goal: 'Update auth service to v2.1.1'
});
try {
// 3. Log evidence
await claw.recordAssumption({
action_id,
assumption: 'Tests passed'
});
// ... deploy ...
// 4. Record outcome
await claw.updateOutcome(action_id, { status: 'completed' });
} catch (err) {
await claw.updateOutcome(action_id, { status: 'failed', error_message: err.message });
}const claw = new OSuite({ baseUrl, apiKey, agentId });| Parameter | Type | Required | Description |
|---|---|---|---|
| baseUrl / base_url | string | Yes | Dashboard URL |
| apiKey / api_key | string | Yes | API Key |
| agentId / agent_id | string | Yes | Unique Agent ID |
Evaluate guard policies for a proposed action. Call this before risky operations. The guard response includes a `learning` field with historical performance context when available (recent scores, drift status, learned patterns, feedback summary).
| Parameter | Type | Required | Description |
|---|---|---|---|
| action_type | string | Yes | Proposed action type |
| risk_score | number | No | 0-100 |
Returns: Promise<{ decision: string, reasons: string[], risk_score: number, agent_risk_score: number | null }>
const result = await claw.guard({ action_type: 'deploy', risk_score: 85 });Create a new action record.
Returns: Promise<{ action_id: string }>
const { action_id } = await claw.createAction({ action_type: 'deploy' });Poll for human approval.
await claw.waitForApproval(action_id);
Log final results.
await claw.updateOutcome(action_id, { status: 'completed' });Track agent beliefs.
await claw.recordAssumption({ action_id, assumption: '...' });Get current risk signals across all agents.
Returns: Promise<{ signals: Object[] }>
const { signals } = await claw.getSignals();Report agent presence and health to the control plane. Call periodically to indicate the agent is alive.
| Parameter | Type | Required | Description |
|---|---|---|---|
| status | string | No | Agent status — 'online', 'busy', 'idle'. Defaults to 'online' |
| metadata | object | No | Arbitrary metadata to include with the heartbeat |
await claw.heartbeat('online', { cycle: 42, uptime_ms: 360000 });Report active provider connections and their status. Appears in the agent's Fleet profile.
| Parameter | Type | Required | Description |
|---|---|---|---|
| connections | Array<Object> | Yes | List of { name, type, status } connection objects |
await claw.reportConnections([
{ name: 'OpenAI', type: 'llm', status: 'connected' },
{ name: 'Postgres', type: 'database', status: 'connected' },
]);Register an unresolved dependency for a decision. Open loops track work that must be completed before the decision is fully resolved.
| Parameter | Type | Required | Description |
|---|---|---|---|
| action_id | string | Yes | Associated action |
| loop_type | string | Yes | The category of the loop |
| description | string | Yes | What needs to be resolved |
await claw.registerOpenLoop(action_id, 'validation', 'Waiting for PR review');
Resolve a pending loop.
await claw.resolveOpenLoop(loop_id, 'completed', 'Approved');
Record what the agent believed to be true when making a decision.
await claw.recordAssumption({ action_id, assumption: 'User is authenticated' });Compute learning velocity (rate of score improvement) for agents.
Returns: Promise<{ velocity: Array<Object> }>
const { velocity } = await claw.getLearningVelocity();Compute learning curves per action type to measure efficiency gains.
const curves = await claw.getLearningCurves();
Fetch consolidated lessons from scored outcomes — what OSuite has learned about this agent's performance patterns.
| Parameter | Type | Required | Description |
|---|---|---|---|
| actionType | string | No | Filter by action type |
| limit | number | No | Max lessons to return (default 10) |
Returns: Promise<{ lessons: Object[], drift_warnings: Object[], agent_id: string }>
const { lessons, drift_warnings } = await claw.getLessons({ actionType: 'deploy' });
lessons.forEach(l => console.log(l.guidance));Fetch rendered prompt from OSuite.
const { rendered } = await claw.renderPrompt({
template_id: 'marketing',
variables: { company: 'Apple' }
});Create a reusable scorer definition for automated evaluation.
| Parameter | Type | Required | Description |
|---|---|---|---|
| name | string | Yes | Scorer name |
| scorer_type | string | Yes | Type (llm_judge, regex, range) |
| config | object | No | Scorer configuration |
await claw.createScorer('toxicity', 'regex', { pattern: 'bad-word' });Define weighted quality scoring profiles across multiple scorers.
await claw.createScoringProfile({
name: 'prod-quality',
dimensions: [{ scorer: 'toxicity', weight: 0.5 }]
});Send a point-to-point message or broadcast to all agents in the organization.
| Parameter | Type | Required | Description |
|---|---|---|---|
| to | string | No | Target agent ID (omit for broadcast) |
| body | string | Yes | Message content |
| type | string | No | action|info|lesson|question |
| urgent | boolean | No | Mark as high priority |
await claw.sendMessage({
to: 'scout-agent-01',
body: 'I have finished indexing the repository. You can start the analysis.',
type: 'status'
});Retrieve messages from the agent inbox with optional filtering.
| Parameter | Type | Required | Description |
|---|---|---|---|
| type | string | No | Filter by message type |
| unread | boolean | No | Only return unread messages |
| limit | number | No | Max messages to return |
Returns: Promise<{ messages, total, unread_count }>
const { messages } = await claw.getInbox({ unread: true, limit: 10 });Create a session handoff document to persist state between agent sessions or transfer context to another agent.
await claw.createHandoff({
summary: 'Completed initial data collection from Jira.',
key_decisions: ['Prioritize high-severity bugs', 'Ignore closed tickets'],
open_tasks: ['Run security scan on src/', 'Draft fix for #123'],
next_priorities: ['Security audit']
});Retrieve the most recent handoff for the current agent.
Returns: Promise<Object|null>
const handoff = await claw.getLatestHandoff();
Scan untrusted input for potential prompt injection or jailbreak attempts.
| Parameter | Type | Required | Description |
|---|---|---|---|
| text | string | Yes | Untrusted input to scan |
Returns: Promise<{ clean: boolean, risk_level: string, recommendation: string }>
const result = await claw.scanPromptInjection(userInput);
if (!result.clean) {
console.warn('Injection risk:', result.risk_level);
}Submit feedback for a specific agent action. Used for human evaluation of agent performance.
| Parameter | Type | Required | Description |
|---|---|---|---|
| action_id | string | Yes | Target action ID |
| rating | number | Yes | 1-5 star rating |
| comment | string | No | Textual feedback |
| category | string | No | Grouping tag |
await claw.submitFeedback({
action_id: 'act_4b2s8...',
rating: 4,
comment: 'Action was safe and effective but took longer than expected.',
category: 'performance_review'
});Create a new context thread to track a multi-step reasoning chain or investigation.
| Parameter | Type | Required | Description |
|---|---|---|---|
| name | string | Yes | Thread name |
| summary | string | No | Initial thread summary |
Returns: Promise<{ thread, thread_id }>
const { thread } = await claw.createThread({ name: 'Deploy analysis', summary: 'Evaluating safety' });Append an observation, conclusion, or decision to an existing context thread.
| Parameter | Type | Required | Description |
|---|---|---|---|
| threadId | string | Yes | Thread ID to append to |
| content | string | Yes | Entry content |
| entryType | string | Yes | 'observation' | 'conclusion' | 'decision' |
await claw.addThreadEntry('ct_abc123', 'Staging checks passed', 'observation');Close a context thread, optionally providing a final summary.
| Parameter | Type | Required | Description |
|---|---|---|---|
| threadId | string | Yes | Thread ID to close |
| summary | string | No | Final summary of the thread |
await claw.closeThread('ct_abc123', 'Deploy approved after staging check');Bulk-sync agent state including decisions, lessons, goals, context, relationships, memory, and preferences in a single call.
| Parameter | Type | Required | Description |
|---|---|---|---|
| state | object | Yes | State object with keys: decisions, lessons, goals, context, relationships, memory, preferences |
await claw.syncState({ decisions: [...], lessons: [...], goals: [...] });Enroll agents via public-key pairing and manage approved identities. Pairing requests are created by agents; approval is an admin action. Once approved, the agent's public key is registered as a trusted identity for signature verification.
Create an agent pairing request. The agent submits its public key and waits for operator approval.
| Parameter | Type | Required | Description |
|---|---|---|---|
| public_key | string | Yes | PEM-encoded RSA public key |
| algorithm | string | No | Key algorithm. Default: RSASSA-PKCS1-v1_5 |
| agent_name | string | No | Human-readable label for the agent |
Returns: { pairing: { id, status, agent_name, created_at } }
// Node SDK (v1 legacy)
import { OSuite } from 'osuite/legacy';
const claw = new OSuite({ baseUrl, apiKey, agentId });
const { pairing } = await claw.createPairing(publicKeyPem, 'RSASSA-PKCS1-v1_5', 'my-agent');
console.log(pairing.id); // pair_...List all pairing requests for the organization. Admin API key required.
Returns: { pairings: Array<{ id, status, agent_name, created_at, approved_at }> }
const res = await fetch('/api/pairings', {
headers: { 'x-api-key': adminApiKey }
});
const { pairings } = await res.json();Get a specific pairing request by ID. Used by agents to poll for approval status.
Returns: { pairing: { id, status, agent_name, created_at, approved_at } }
// Node SDK (v1 legacy) const status = await claw.getPairing(pairingId); console.log(status.pairing.status); // pending | approved | expired
Approve a pending pairing request. Admin API key required. On approval, the agent's public key is registered as a trusted identity.
Returns: { pairing: { id, status, approved_at } }
const res = await fetch(`/api/pairings/${pairingId}/approve`, {
method: 'POST',
headers: { 'x-api-key': adminApiKey }
});Directly register an agent's public key as a trusted identity. Admin API key required. Bypasses the pairing flow.
| Parameter | Type | Required | Description |
|---|---|---|---|
| agent_id | string | Yes | Unique agent identifier |
| public_key | string | Yes | PEM-encoded RSA public key |
| algorithm | string | No | Key algorithm. Default: RSASSA-PKCS1-v1_5 |
Returns: { identity: { agent_id, algorithm, created_at } }
// Node SDK (v1 legacy)
await claw.registerIdentity('agent-007', publicKeyPem, 'RSASSA-PKCS1-v1_5');List all registered agent identities for the organization. Admin API key required.
Returns: { identities: Array<{ agent_id, algorithm, created_at }> }
// Node SDK (v1 legacy)
const { identities } = await claw.getIdentities();Revoke a registered agent identity. Admin API key required. The agent's public key is removed and signature verification will fail for future actions.
Returns: { success: true }
const res = await fetch(`/api/identities/${agentId}`, {
method: 'DELETE',
headers: { 'x-api-key': adminApiKey }
});{ message: "Validation failed", status: 400 }