integrations

AI SDK

Add brin to Vercel AI SDK. Wrap tool execute functions so brin checks every package, page, repo, and MCP server before the action runs.

Vercel's AI SDK runs tool logic inside each tool's execute function. that makes tools the right enforcement point: check the artifact first, then call the risky action only if the verdict matches your policy.

##how it works

put a shared brin helper in front of any tool that touches external context — install tools, URL fetchers, repo readers, MCP setup flows, anything that reaches outside your trusted system.

##setup

1. Add a shared helper:

TypeScript

type BrinVerdict = "safe" | "caution" | "suspicious" | "dangerous";
 
async function assertBrinAllowed(
  path: string,
  allowed: BrinVerdict[],
): Promise<void> {
  let response: Response;
 
  try {
    response = await fetch(`https://api.brin.sh/${path}`);
  } catch {
    return;
  }
 
  if (!response.ok) {
    return;
  }
 
  const verdict = response.headers.get("x-brin-verdict") as BrinVerdict | null;
  const score = response.headers.get("x-brin-score");
 
  if (verdict && !allowed.includes(verdict)) {
    throw new Error(
      `brin blocked ${path}: verdict=${verdict} score=${score ?? "unknown"}`,
    );
  }
}

this example fails open if brin is unavailable. for fail-closed behavior, throw inside the catch block instead.

2. Wrap the tools that install packages or fetch pages:

TypeScript

import { tool } from "ai";
import { z } from "zod";
 
async function runInstall(manager: string, packageName: string) {
  // Replace this with your package installation path.
  return { manager, packageName, queued: true };
}
 
export const tools = {
  installPackage: tool({
    description: "Install a package after brin approves it",
    inputSchema: z.object({
      manager: z.enum(["npm", "pnpm", "yarn", "bun", "pip", "cargo"]),
      packageName: z.string(),
    }),
    execute: async ({ manager, packageName }) => {
      const origin =
        manager === "pip" ? "pypi" : manager === "cargo" ? "crate" : "npm";
 
      await assertBrinAllowed(`${origin}/${packageName}`, ["safe"]);
      return runInstall(manager, packageName);
    },
  }),
 
  fetchPage: tool({
    description: "Fetch a web page after brin approves it",
    inputSchema: z.object({
      url: z.string().url(),
    }),
    execute: async ({ url }) => {
      const target = new URL(url);
      const pagePath = `page/${target.host}${target.pathname}`;
 
      await assertBrinAllowed(pagePath, ["safe", "caution"]);
 
      const response = await fetch(url);
      return {
        url,
        body: await response.text(),
      };
    },
  }),
};

##where to extend it

use the same helper for every external context type:

repo/<owner>/<repo> before clone or sync tools
mcp/<owner>/<repo> before server enable flows
skill/<owner>/<repo> before loading agent skills
domain/<domain> or page/<domain/path> before browsing or scraping

if you centralize tool creation in one module, put the brin helper there so every new tool inherits the same policy by default.

On this page

Share feedback