integrations

AI SDK

Wrap AI SDK tools with brin checks before they install packages or fetch external content

Vercel's AI SDK runs tool logic inside each tool's execute function. That makes tools the right enforcement point for brin: check the artifact first, then call the risky action only if the verdict matches your policy.

##How it works

Put a shared brin helper in front of any tool that touches external context. That includes install tools, URL fetchers, repo readers, MCP setup flows, and any custom action that reaches outside your trusted system.

##Setup

1. Add a shared helper:

TypeScript

type BrinVerdict = "safe" | "caution" | "suspicious" | "dangerous";
 
async function assertBrinAllowed(
  path: string,
  allowed: BrinVerdict[],
): Promise<void> {
  let response: Response;
 
  try {
    response = await fetch(`https://api.brin.sh/${path}`);
  } catch {
    return;
  }
 
  if (!response.ok) {
    return;
  }
 
  const verdict = response.headers.get("x-brin-verdict") as BrinVerdict | null;
  const score = response.headers.get("x-brin-score");
 
  if (verdict && !allowed.includes(verdict)) {
    throw new Error(
      `brin blocked ${path}: verdict=${verdict} score=${score ?? "unknown"}`,
    );
  }
}

This example fails open if brin is unavailable. If you want fail-closed behavior, throw inside the catch block instead.

2. Wrap the tools that install packages or fetch pages:

TypeScript

import { tool } from "ai";
import { z } from "zod";
 
async function runInstall(manager: string, packageName: string) {
  // Replace this with your package installation path.
  return { manager, packageName, queued: true };
}
 
export const tools = {
  installPackage: tool({
    description: "Install a package after brin approves it",
    inputSchema: z.object({
      manager: z.enum(["npm", "pnpm", "yarn", "bun", "pip", "cargo"]),
      packageName: z.string(),
    }),
    execute: async ({ manager, packageName }) => {
      const origin =
        manager === "pip" ? "pypi" : manager === "cargo" ? "crate" : "npm";
 
      await assertBrinAllowed(`${origin}/${packageName}`, ["safe"]);
      return runInstall(manager, packageName);
    },
  }),
 
  fetchPage: tool({
    description: "Fetch a web page after brin approves it",
    inputSchema: z.object({
      url: z.string().url(),
    }),
    execute: async ({ url }) => {
      const target = new URL(url);
      const pagePath = `page/${target.host}${target.pathname}`;
 
      await assertBrinAllowed(pagePath, ["safe", "caution"]);
 
      const response = await fetch(url);
      return {
        url,
        body: await response.text(),
      };
    },
  }),
};

##Where to extend it

Use the same helper for every external context type:

repo/<owner>/<repo> before clone or sync tools
mcp/<owner>/<repo> before server enable flows
skill/<owner>/<repo> before loading agent skills
domain/<domain> or page/<domain/path> before browsing or scraping

If you already centralize tool creation in one module, put the brin helper there so every new tool inherits the same policy by default.

On this page

Share feedback