@inherence/mastra
Cryptographic policy gating for Mastra agents.

See it in motion.

Live-running CSS animation — no recording, no video file, no external deps. 28 seconds.

Why an adapter, not an SDK.

Mastra has its own tool model. So does every other agent framework. Inherence stays out of the framework — we wrap the one function where the policy check matters (execute) and route the call to the policy gate. The model gets a tool failure on denial; the agent's repair loop already handles that path. Same loop, broader coverage.

Integration in three lines.

import { createTool } from "@mastra/core/tools";
import { gatedExecute } from "@inherence/mastra";
import { z } from "zod";

export const payVendor = createTool({
  id: "pay_vendor",
  description: "Charge a vendor via Stripe Issuing.",
  inputSchema: z.object({
    vendor_id: z.string(),
    amount_usd: z.number(),
  }),
  execute: gatedExecute(
    "pay_vendor",
    async ({ vendor_id, amount_usd }) => {
      return await stripeIssuing.authorize({ vendor_id, amount_usd });
    },
    { apiKey: process.env.INHERENCE_API_KEY },
  ),
});

The wrapped execute checks Inherence's gate first. Allow → your function runs. Deny → throws InherencePolicyDenial, which Mastra surfaces as a tool failure. Your code doesn't change shape.

What you get on every call.

Architecture — dumb plumbing.

The adapter has zero policy logic. It serializes {tool, args, identity} to JSON, POSTs to mcp.inherencelabs.com/v1/check, returns the decision. All compilation + proof generation lives at the backend. No crypto primitives are imported beyond Node's fetch. This is non-negotiable: the patent-protected logic stays at the gate, the adapter ships under Apache 2.0.

Community contribution.

Not endorsed by Mastra — yet. If you're building a Mastra agent that needs an auditor-grade compliance story, try the adapter and tell us what's missing.