TypeScript SDK
Route outbound tool calls and verify inbound agents from TypeScript.
@axiorank/sdk covers both
directions: governing the tool calls your agents make (outbound) and verifying
the AI agents that visit your site (inbound).
Install
npm install @axiorank/sdkOutbound: guard a tool call
import { AxioRank, AxioRankDeniedError } from "@axiorank/sdk";
const axio = new AxioRank({ apiKey: process.env.AXIORANK_API_KEY! });
// enforce() throws on a deny:
try {
await axio.enforce({ tool: "aws.delete_bucket", arguments: { name: "prod" } });
} catch (e) {
if (e instanceof AxioRankDeniedError) console.warn(e.result.reason);
}
// ...or read the decision:
const { decision, risk, reason } = await axio.toolCall({
tool: "github.push",
arguments: { repo: "myrepo" },
});A require_approval hold is waited out transparently and resolves to the final
allow / deny.
Outbound: preflight an external server
const card = await axio.verifyCard({ url: "https://mcp.acme.com" });
// card.decision is "allow" | "review" | "deny"
await axio.enforceCard({ url: "https://mcp.acme.com" }); // throws on denyInbound: verify visiting agents
Drop axioGuard into your edge middleware to verify the AI agents (GPTBot,
ClaudeBot, …) hitting your site. It's framework-agnostic — it takes a standard
Request. Fail-open by default, so a verification outage never takes your site
down.
// middleware.ts
import { axioGuard } from "@axiorank/sdk";
export const middleware = axioGuard({
apiKey: process.env.AXIORANK_SITE_KEY!, // axr_site_...
onChallenge: (req) => Response.redirect(new URL("/verify-human", req.url), 302),
});
export const config = { matcher: ["/api/:path*", "/admin/:path*"] };Next steps
- Gateway API — the HTTP contract behind the SDK.
- Protocol adapters — what card preflight inspects.