@tangle-network/agent-eval
Trace-first evaluation framework for Tangle agents. Core (spans, pipelines, sandbox harness, OTLP export), trust (dataset, red-team, calibration, behavior DSL), builder-of-builders (three-layer eval, resumable sessions, meta-runtime correlation), and fron
3
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
drewstonetjemmmictin-tangle-toolsshady-tangle
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | missing-githead | AI (provenance): Build environment change (removed prepare script) explains missing gitHead; no malicious indicators present. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): All four new deps are established ecosystem packages; addition aligns with OpenAPI/HTTP feature visible in package.json scripts. | ai | |
| provenance | no-provenance | AI (provenance): Package consistently lacks Sigstore provenance; no other risk signals present. | ai | |
| source-diff | obfuscated-file:dist/index-ekBXweiQ.d.ts | AI (source-diff): Bundler-generated TypeScript declaration file with long re-export lines; not obfuscated malicious code. | ai | |
| source-diff | obfuscated-file:dist/rl.d.ts | AI (source-diff): Bundler-generated TypeScript declaration file with long re-export lines; not obfuscated malicious code. | ai | |
| source-diff | obfuscated-file:dist/traces.d.ts | AI (source-diff): Bundler-generated TypeScript declaration file with long re-export lines; not obfuscated malicious code. | ai |
v0.2.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.