Java SDK Integration

The official Java SDK for AIM provides enterprise-grade agent security with one-line registration, AspectJ annotations, and comprehensive SOC/SIEM integration. Perfect for Spring Boot and LangChain4j applications.

One-Line Setup

AIMClient.secure("name")

Ed25519 Crypto

BouncyCastle security

@SecureAction

AspectJ annotations

SOC/SIEM Ready

Enterprise logging

100% Test Pass Rate— Java SDK v1.1.0 passes all 19 tests

System Requirements

Prerequisites

• Java 17+ (LTS recommended)
• Maven 3.6+ or Gradle 7+
• BouncyCastle 1.77+ - Ed25519 cryptography
• OkHttp 4.12+ - HTTP client
• Jackson 2.16+ - JSON processing

Installation

Download Pre-Configured SDK

Download the SDK from your AIM dashboard. It comes with your embedded credentials - zero configuration required.

1. Login to AIM dashboard
2. Navigate to Settings → SDK Download
3. Click "Download Java SDK"
4. Extract the ZIP file to your project directory

Maven

<dependency>
    <groupId>org.opena2a</groupId>
    <artifactId>aim-sdk</artifactId>
    <version>1.1.0</version>
</dependency>

Gradle

implementation 'org.opena2a:aim-sdk:1.1.0'

Quick Start

One Line Registration

import org.opena2a.aim.client.AIMClient;
import org.opena2a.aim.client.AgentType;
import java.util.Arrays;
import java.util.Map;

// ══════════════════════════════════════════════════════════════════════════
// AGENT REGISTRATION - One Line Setup!
// ══════════════════════════════════════════════════════════════════════════
AIMClient agent = AIMClient.secure("my-ai-assistant");

// Or with full configuration
AIMClient agent = AIMClient.secure(
    "my-ai-assistant",                           // agentName
    Arrays.asList("db:read", "api:call"),        // capabilities
    AgentType.LANGCHAIN,                         // agentType
    Arrays.asList("filesystem", "github"),       // talksTo (MCP servers)
    "Customer support AI agent",                 // description
    Arrays.asList("production", "gpt-4"),        // tags
    Map.of("model", "gpt-4", "team", "support")  // metadata
);

// ══════════════════════════════════════════════════════════════════════════
// TRACK ACTIONS & RISKS - Log all agent activities in AIM
// ══════════════════════════════════════════════════════════════════════════

// Basic action with lambda
User user = agent.performAction("db:read", "users_table", () -> {
    return userRepository.findById(userId);
});

// With risk level
PaymentResult payment = agent.performAction(
    "payment:process",
    "stripe_api",
    RiskLevel.HIGH,
    () -> paymentService.process(request)
);

// Get agent details
Map<String, Object> details = agent.getAgentDetails();
System.out.println("Trust Score: " + details.get("trustScore"));

@SecureAction Annotations

Use AspectJ annotations for declarative security. The SDK automatically verifies capabilities before method execution.

import org.opena2a.aim.annotations.SecureAction;
import org.opena2a.aim.client.RiskLevel;

public class UserService {

    // Low-risk: read operations
    @SecureAction(capability = "db:read", resource = "users_table")
    public User getUserById(String id) {
        return userRepository.findById(id);
    }

    // High-risk: payment processing
    @SecureAction(
        capability = "payment:process",
        resource = "stripe",
        riskLevel = RiskLevel.HIGH
    )
    public PaymentResult processPayment(PaymentRequest request) {
        return paymentService.process(request);
    }

    // Critical-risk with JIT access (requires admin approval)
    @SecureAction(
        capability = "db:delete",
        resource = "users_table",
        riskLevel = RiskLevel.CRITICAL,
        jitAccess = true,
        jitTimeout = 300  // 5 minutes to approve
    )
    public void deleteUser(String userId) {
        // Execution pauses until admin approval
        userRepository.deleteById(userId);
    }
}

Spring Boot Configuration

import org.opena2a.aim.annotations.SecureActionAspect;
import org.opena2a.aim.client.AIMClient;

@Configuration
@EnableAspectJAutoProxy
public class SecurityConfig {

    @Bean
    public AIMClient aimClient() {
        return AIMClient.secure("my-spring-agent");
    }

    @PostConstruct
    public void configureAspect() {
        SecureActionAspect.setClient(aimClient());
    }
}

Enterprise Security Features

The Java SDK includes enterprise-grade security infrastructure for SOC/SIEM integration, risk analysis, and supply chain compliance.

SecurityLogger - SOC/SIEM Integration

JSON event logging compatible with Splunk, ELK, Datadog, and other SIEM platforms.

import org.opena2a.aim.security.SecurityLogger;
import org.opena2a.aim.security.EventTypes;

SecurityLogger logger = SecurityLogger.getInstance();
String sessionId = logger.startSession();

// Set agent context for all subsequent logs
logger.setAgentContext(
    agent.getAgentId().toString(),
    agent.getAgentName(),
    "user-123",
    "org-456"
);

// Log authentication events (SOC/SIEM compatible JSON)
logger.logAuthentication(
    EventTypes.Authn.TOKEN_REFRESH,
    true,
    "Token refreshed successfully",
    Map.of("tokenId", "abc123")
);

// Log authorization events
logger.logAuthorizationEvent(
    EventTypes.Authz.CAPABILITY_GRANTED,
    "db:read",
    "users_table",
    true,
    Map.of("riskLevel", "LOW")
);

RiskDetector - Pattern-Based Risk Analysis

Automatic risk level detection based on capability patterns.

import org.opena2a.aim.security.RiskDetector;
import org.opena2a.aim.security.RiskLevel;

RiskDetector detector = RiskDetector.getInstance();

// Detect risk for a capability
RiskLevel level = detector.detectRisk("admin:delete");
// Returns: CRITICAL

// Risk patterns:
// api:*, file:read          → LOW
// db:read, db:write         → MEDIUM
// db:delete, payment:*      → HIGH
// admin:*, system:*         → CRITICAL

// Aggregate risk for multiple capabilities
List<String> capabilities = Arrays.asList("api:call", "db:read", "payment:process");
RiskLevel aggregate = detector.detectAggregateRisk(capabilities);
// Returns: HIGH (highest of all)

// Check if approval required
if (level.requiresApproval()) {
    // Trigger JIT access workflow
}

AttestationCache - MCP Drift Detection

Cache MCP attestations and detect capability drift (supply chain changes).

import org.opena2a.aim.mcp.AttestationCache;
import org.opena2a.aim.integrations.mcp.discovery.MCPDiscoveryResult;
import org.opena2a.aim.integrations.mcp.discovery.MCPTool;

AttestationCache cache = AttestationCache.getInstance();

// Store initial attestation
List<MCPTool> tools = Arrays.asList(
    new MCPTool("read_file", "Read file contents", null),
    new MCPTool("write_file", "Write to file", null)
);

MCPDiscoveryResult discovery = MCPDiscoveryResult.builder()
    .serverName("filesystem-mcp")
    .tools(tools)
    .connectionLatencyMs(50)
    .build();

cache.store("filesystem-mcp", discovery, "attestation-123");

// Later, check for drift (new tool added - possible supply chain attack!)
List<MCPTool> currentTools = Arrays.asList(
    new MCPTool("read_file", "Read file contents", null),
    new MCPTool("write_file", "Write to file", null),
    new MCPTool("delete_file", "DELETE FILES!", null)  // NEW!
);

MCPDiscoveryResult currentDiscovery = MCPDiscoveryResult.builder()
    .serverName("filesystem-mcp")
    .tools(currentTools)
    .build();

AttestationCache.DriftReport drift = cache.detectDrift("filesystem-mcp", currentDiscovery);

if (drift.hasDrift()) {
    System.out.println("ALERT: MCP capability drift detected!");
}

SupplyChainReporter - ABOM Generation

Generate Agent Bill of Materials (ABOM) for compliance audits. CycloneDX-compliant format.

import org.opena2a.aim.security.SupplyChainReporter;

SupplyChainReporter reporter = SupplyChainReporter.getInstance();

// Record MCP servers
reporter.recordMcpServer("filesystem-mcp", "npx @mcp/filesystem", discovery);
reporter.recordMcpServer("github-mcp", "npx @mcp/github", githubDiscovery);

// Generate ABOM (Agent Bill of Materials)
SupplyChainReporter.SBOM sbom = reporter.generateSBOM(agent.getAgentName());

System.out.println("Format: " + sbom.format);           // CycloneDX
System.out.println("Components: " + sbom.componentCount);
System.out.println("Generated: " + sbom.generatedAt);

// Export for compliance audits
for (SupplyChainReporter.SBOMComponent component : sbom.components) {
    System.out.println("- " + component.name + " v" + component.version);
    System.out.println("  PURL: " + component.purl);
}

MCP Server Integration

// Register MCP Server
Map<String, Object> result = agent.registerMcp(
    "filesystem-mcp",     // server ID
    "sdk_registration",   // detection method
    0.85                  // confidence score
);

// List MCP Servers
List<Map<String, Object>> servers = agent.listMcpServers(20);
for (Map<String, Object> server : servers) {
    System.out.println(server.get("name") + ": " + server.get("status"));
}

// Attest MCP Server (cryptographic verification)
Map<String, Object> attestation = agent.attestMcp(
    serverId,
    "http://localhost:3001",
    "filesystem-mcp",
    Arrays.asList("read_file", "write_file"),
    45.0  // confidence threshold
);

// Record tool usage
agent.useMcpTool(serverId, "read_file", "http://localhost:3001", "filesystem-mcp");

LangChain4j Integration

Wrap LangChain4j tools with AIM security verification for enterprise-grade AI applications.

import org.opena2a.aim.integration.langchain4j.AIMToolExecutor;
import org.opena2a.aim.integration.langchain4j.AIMAgentCallback;

// Create tool executor with security wrapper
AIMToolExecutor executor = new AIMToolExecutor(agent);

// Register tools with required capabilities
executor.register("search_web", "Search the web",
    input -> webSearch(input), "api:call");

executor.register("read_database", "Query database",
    input -> queryDatabase(input), "db:read");

executor.register("admin_override", "Admin operations",
    input -> adminOp(input), "admin:override");

// Configure risk-based blocking
executor.setBlockHighRisk(true);
executor.setApprovalThreshold(RiskLevel.HIGH);

// Execute with automatic verification
try {
    Object result = executor.execute("search_web", "AI safety");
    // Success - capability verified
} catch (AIMToolExecutor.ToolBlockedException e) {
    System.out.println("Tool blocked: " + e.getRiskLevel());
}

// Get execution metrics
Map<String, Map<String, Object>> metrics = executor.getAllMetrics();

Error Handling

import org.opena2a.aim.exceptions.*;

try {
    agent.performAction("db:delete", "users", () -> deleteAllUsers());
} catch (ActionDeniedException e) {
    System.err.println("Denied: " + e.getCapability() + " on " + e.getResource());
} catch (VerificationException e) {
    System.err.println("Verification failed: " + e.getMessage());
} catch (AuthenticationException e) {
    System.err.println("Auth failed: " + e.getMessage());
} catch (CredentialException e) {
    System.err.println("Credential error: " + e.getMessage());
} catch (AIMException e) {
    System.err.println("AIM error: " + e.getMessage());
}

Risk Levels

Level	Patterns	Requires Approval
LOW	api:*, file:read, config:read	No
MEDIUM	db:read, db:write, file:write	No
HIGH	db:delete, payment:*, user:delete	Optional (JIT)
CRITICAL	admin:, system:, *:delete_all	Yes

Credential Lookup Order

1. Environment Variables (highest priority) - AIM_URL, AIM_REFRESH_TOKEN, AIM_SDK_TOKEN_ID
2. Home Directory - ~/.aim/sdk_credentials.json
3. Local Directory - .aim/sdk_credentials.json
4. Classpath - Bundled in JAR

Next Steps

Python SDK Guide →ABOM Documentation →MCP Attestation →Trust Scoring →