Securing Vercel AI SDK Agents with Cryptographic Scopes
Enforce tool-level boundaries, X.509 certificate verification, and audit logs in Next.js.
Tool Access Control in Autonomous Agent Workflows
The Vercel AI SDK (generateText, streamText) has become the standard stack for building AI agents in Next.js. But as these agents transition from retrieving data to executing transactions, the risk of unscoped tool calling increases.
If an LLM is manipulated or suffers a hallucination loop, it has absolute authority to invoke any tool configured in its runtime.
To safely deploy AI agents under regulations like the EU AI Act Article 12 (Traceability) and MiCA Article 72 (Algorithmic Trading Kill Switch), developers need active, real-time scope enforcement.
Introducing @kakunin/ai-sdk
To address this challenge, we have released @kakunin/ai-sdk. This package provides drop-in compliance tools that integrate directly with the Vercel AI SDK.
Instead of writing custom validation checks inside every function tool, you pass Kakunin tools directly into the AI SDK runtime. The library verifies that the agent holds a valid, active X.509 certificate and the required scopes (e.g. trade.execute) before execution.
3-Step Implementation
Securing a streaming chat agent in Next.js requires just three steps:
Step 1: Install the Package
Add the @kakunin/ai-sdk package alongside your Vercel AI SDK dependencies:
npm install @kakunin/sdk @kakunin/ai-sdk ai @ai-sdk/openai zod
Step 2: Configure the Compliance Tools
Initialize the Kakunin tools registry in your backend route, passing in your API key and the target agent's certificate identity:
import { createKakuninTools } from '@kakunin/ai-sdk';
const complianceTools = createKakuninTools({ apiKey: process.env.KAKUNIN_API_KEY!, agentId: 'agt-production-trader', // Verifies this agent's active cert });
Step 3: Bind to the Stream Route
Pass the tools directly into Vercel AI SDK's streamText function in your Next.js Route Handler (/app/api/chat/route.ts):
import { openai } from '@ai-sdk/openai'; import { streamText } from 'ai';
export async function POST(req: Request) { const { messages } = await req.json();
const result = await streamText({ model: openai('gpt-4o'), messages, tools: complianceTools, // Auto-binds certificate & scope checks });
return result.toDataStreamResponse(); }
The Four Governance Tools Provided
When you instantiate createKakuninTools, the package exposes four security controls directly to the LLM:
verifyAgentCertificate: Checks the active status, expiration date, and revocation state of the agent's X.509 certificate.checkAgentScope: Performs a pre-flight check to verify if a specific action (e.g.trade.execute) is present in the certificate's permitted actions.getBehaviorRiskScore: Returns the agent's real-time risk score. Critical risk scores trigger automatic certificate revocation.emitBehaviorEvent: Streams behavioral actions to the Kakunin audit trail, fulfilling EU AI Act immutable logging requirements.
Cryptographic Security for Next.js Agents
Decoupling authorization from your application code and binding it directly to the agent's cryptographic certificate provides two key benefits:
Autonomous Kill Switch: Revoking or suspending the agent's certificate in your Kakunin dashboard instantly blocks all protected tool invocations globally.
Standardized Compliance: Your agent stack is audit-ready out of the box with verifiable logs of every tool execution attempt.
