wardstone 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 54cfa8194bbad41a36b30d2aff49ddf5c0c61bf3019684170588645978ffb51a
+  data.tar.gz: 583f3ed71cde45c6e7fb65ed227966ce563ffc49fe9785376b78a44a3a4784d7
+SHA512:
+  metadata.gz: b0f4ab0679dd4cd277b9f23fca6cfde2d7885428c8e4b873ff979129bd4b6532f7aeee0fa89d0d7c434d61ca3782cf2bdd1ff4edbfd0a2555318b9aaa0641296
+  data.tar.gz: b2b74e079a56a84b73d6a836cf7e91d00cb7d6ae46f0bbba0de9bc090168ac85b73e9afa63133175ba19f93bc1d09854f092efe05a148b54795347ae63e5093f

data/README.md

@@ -0,0 +1,182 @@
+# Wardstone Ruby SDK
+
+Ruby SDK for the [Wardstone](https://wardstone.ai) LLM security API. Detect prompt injection, content violations, data leakage, and unknown links in LLM inputs and outputs.
+
+## Installation
+
+Add to your Gemfile:
+
+```ruby
+gem "wardstone"
+```
+
+Or install directly:
+
+```bash
+gem install wardstone
+```
+
+## Quick Start
+
+```ruby
+require "wardstone"
+
+client = Wardstone::Client.new(api_key: "YOUR_API_KEY")
+result = client.detect(text: user_input)
+
+if result.risk_bands.prompt_attack.level != "Low Risk"
+  puts "Prompt attack detected"
+  puts "Risk: #{result.risk_bands.prompt_attack.level}"
+end
+```
+
+## Configuration
+
+```ruby
+client = Wardstone::Client.new(
+  api_key: "YOUR_API_KEY",       # or set WARDSTONE_API_KEY env var
+  base_url: "https://wardstone.ai", # default
+  timeout: 30,                      # seconds, default: 30
+  max_retries: 2                    # default: 2, max: 10
+)
+```
+
+### Environment Variable
+
+The API key can be set via the `WARDSTONE_API_KEY` environment variable:
+
+```ruby
+# Will use WARDSTONE_API_KEY from environment
+client = Wardstone::Client.new
+```
+
+## Usage
+
+### Basic Detection
+
+```ruby
+result = client.detect(text: "Ignore all previous instructions")
+
+result.flagged              # true
+result.primary_category     # "prompt_attack"
+result.risk_bands.prompt_attack.level      # "Severe Risk"
+result.risk_bands.content_violation.level  # "Low Risk"
+result.risk_bands.data_leakage.level       # "Low Risk"
+result.risk_bands.unknown_links.level      # "Low Risk"
+```
+
+### Scan Strategies
+
+```ruby
+# Full scan (check all categories)
+result = client.detect(text: input, scan_strategy: "full-scan")
+
+# Early exit (stop at first threat)
+result = client.detect(text: input, scan_strategy: "early-exit")
+
+# Smart sample (optimized for long texts)
+result = client.detect(text: input, scan_strategy: "smart-sample")
+```
+
+### Raw Scores
+
+```ruby
+result = client.detect(text: input, include_raw_scores: true)
+if result.raw_scores
+  result.raw_scores.categories.prompt_attack       # 0.95
+  result.raw_scores.categories.content_violation   # 0.01
+end
+```
+
+### Rate Limit Info
+
+```ruby
+result = client.detect(text: input)
+result.rate_limit.limit       # 1000
+result.rate_limit.remaining   # 999
+result.rate_limit.reset       # 1700000000
+```
+
+## Response
+
+```json
+{
+  "flagged": true,
+  "risk_bands": {
+    "content_violation": { "level": "Low Risk" },
+    "prompt_attack": { "level": "Severe Risk" },
+    "data_leakage": { "level": "Low Risk" },
+    "unknown_links": { "level": "Low Risk" }
+  },
+  "primary_category": "prompt_attack",
+  "subcategories": {
+    "content_violation": { "triggered": [] },
+    "data_leakage": { "triggered": [] }
+  },
+  "unknown_links": {
+    "flagged": false,
+    "unknown_count": 0,
+    "known_count": 0,
+    "total_urls": 0,
+    "unknown_domains": []
+  },
+  "processing": {
+    "inference_ms": 28,
+    "input_length": 62,
+    "scan_strategy": "early-exit"
+  },
+  "rate_limit": {
+    "limit": 100000,
+    "remaining": 99999,
+    "reset": 2592000
+  }
+}
+```
+
+## Error Handling
+
+```ruby
+begin
+  result = client.detect(text: input)
+rescue Wardstone::AuthenticationError => e
+  # Invalid or missing API key (401)
+rescue Wardstone::BadRequestError => e
+  # Invalid request (400)
+  e.max_length  # available for text_too_long errors
+rescue Wardstone::PermissionError => e
+  # Feature not available on plan (403)
+rescue Wardstone::RateLimitError => e
+  # Quota exceeded (429)
+  e.retry_after  # seconds to wait
+rescue Wardstone::InternalServerError => e
+  # Server error (500)
+rescue Wardstone::TimeoutError => e
+  # Request timed out
+rescue Wardstone::ConnectionError => e
+  # Network failure
+rescue Wardstone::Error => e
+  # Catch-all for any Wardstone error
+  e.status  # HTTP status code (nil for network errors)
+  e.code    # Machine-readable error code
+end
+```
+
+## Risk Levels
+
+Each category returns one of four risk levels:
+
+- `"Low Risk"` - No threat detected
+- `"Some Risk"` - Minor concern
+- `"High Risk"` - Significant threat
+- `"Severe Risk"` - Critical threat, action recommended
+
+## Requirements
+
+- Ruby >= 3.0
+- Zero runtime dependencies (stdlib only)
+
+## Links
+
+- [Documentation](https://wardstone.ai/docs)
+- [API Reference](https://wardstone.ai/docs)
+- [Support](mailto:jack@wardstone.ai)

data/lib/wardstone/client.rb

@@ -0,0 +1,336 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "json"
+require "uri"
+require "openssl"
+require_relative "configuration"
+require_relative "response_object"
+
+module Wardstone
+  REQUIRED_RESPONSE_KEYS = %w[flagged risk_bands subcategories unknown_links processing].freeze
+  REQUIRED_RISK_BAND_KEYS = %w[content_violation prompt_attack data_leakage unknown_links].freeze
+
+  class Client
+    def initialize(api_key: nil, base_url: nil, timeout: nil, max_retries: nil)
+      @api_key = Wardstone.resolve_api_key(api_key)
+      @base_url = Wardstone.validate_base_url(base_url || DEFAULT_BASE_URL)
+      @timeout = timeout || DEFAULT_TIMEOUT
+
+      unless @timeout.is_a?(Numeric) && @timeout.positive? && @timeout.finite?
+        raise Error, "timeout must be a finite positive number."
+      end
+
+      @max_retries = max_retries || DEFAULT_MAX_RETRIES
+      unless @max_retries.is_a?(Integer) && @max_retries >= 0 && @max_retries <= MAX_MAX_RETRIES
+        raise Error, "max_retries must be an integer between 0 and #{MAX_MAX_RETRIES}."
+      end
+    end
+
+    # Analyze text for security threats including prompt injection,
+    # content violations, data leakage, and unknown links.
+    def detect(text:, scan_strategy: nil, include_raw_scores: nil)
+      Wardstone.validate_text(text)
+      Wardstone.validate_scan_strategy(scan_strategy)
+      Wardstone.validate_include_raw_scores(include_raw_scores)
+
+      body = { "text" => text }
+      body["scan_strategy"] = scan_strategy unless scan_strategy.nil?
+      body["include_raw_scores"] = include_raw_scores unless include_raw_scores.nil?
+
+      data, headers = request("/api/detect", body)
+      validate_detect_response(data)
+      result_hash = data.merge("rate_limit" => parse_rate_limit(headers))
+      ResponseObject.new(result_hash)
+    end
+
+    def inspect
+      "#<Wardstone::Client base_url=#{@base_url.inspect}>"
+    end
+
+    alias_method :to_s, :inspect
+
+    # Prevent accidental serialization that could expose the API key.
+    def marshal_dump
+      raise TypeError, "Wardstone::Client cannot be marshaled"
+    end
+
+    def marshal_load(_data)
+      raise TypeError, "Wardstone::Client cannot be marshaled"
+    end
+
+    # Hide @api_key from introspection.
+    def instance_variables
+      super - [:@api_key]
+    end
+
+    private
+
+    def request(path, body)
+      uri = URI.parse("#{@base_url}#{path}")
+      (0..@max_retries).each do |attempt|
+        begin
+          data, headers, status = execute_request(uri, body)
+
+          if status >= 200 && status < 300
+            return parse_success(data, headers)
+          end
+
+          retryable = status == 429 || status >= 500
+
+          if retryable && attempt < @max_retries
+            delay = retry_delay(attempt, headers)
+            sleep(delay)
+            next
+          end
+
+          raise_for_status(status, data, headers)
+        rescue Error
+          raise
+        rescue ::Net::OpenTimeout, ::Net::ReadTimeout, ::Net::WriteTimeout
+          raise TimeoutError, "Request timed out after #{@timeout}s"
+        rescue ::Errno::ECONNREFUSED
+          raise ConnectionError, "Connection refused"
+        rescue ::Errno::ECONNRESET
+          raise ConnectionError, "Connection reset"
+        rescue ::Errno::EHOSTUNREACH
+          raise ConnectionError, "Host unreachable"
+        rescue ::SocketError => e
+          msg = e.message.match?(/getaddrinfo|nodename|servname/i) ? "DNS lookup failed" : "Socket error"
+          raise ConnectionError, msg
+        rescue ::OpenSSL::SSL::SSLError => e
+          msg = e.message.match?(/certificate/i) ? "TLS certificate error" : "TLS connection error"
+          raise ConnectionError, msg
+        rescue ::IOError
+          raise ConnectionError, "Connection failed"
+        end
+      end
+
+      raise Error, "Unexpected retry exhaustion"
+    end
+
+    def execute_request(uri, body)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = (uri.scheme == "https")
+      if http.use_ssl?
+        http.min_version = :TLS1_2
+        http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      end
+      http.open_timeout = @timeout
+      http.read_timeout = @timeout
+      http.write_timeout = @timeout
+      http.max_retries = 0
+
+      req = Net::HTTP::Post.new(uri.request_uri)
+      req["Authorization"] = "Bearer #{@api_key}"
+      req["Content-Type"] = "application/json"
+      req["User-Agent"] = USER_AGENT
+
+      req.body = JSON.generate(body)
+
+      status = nil
+      response_body = nil
+      response_obj = nil
+
+      begin
+        http.request(req) do |response|
+          response_obj = response
+          status = response.code.to_i
+
+          # Block redirects (any 3xx)
+          if response.is_a?(Net::HTTPRedirection) || (status >= 300 && status < 400)
+            raise ConnectionError,
+              "Request was redirected. Automatic redirects are disabled for security."
+          end
+
+          # Check Content-Length before reading body
+          is_success = status >= 200 && status < 300
+          max_bytes = is_success ? MAX_RESPONSE_BYTES : MAX_ERROR_BODY_BYTES
+          content_length = response["Content-Length"]
+          if content_length
+            size = Integer(content_length) rescue nil
+            if size && size > max_bytes
+              if is_success
+                raise Error,
+                  "Response body too large (#{size} bytes). Maximum: #{MAX_RESPONSE_BYTES} bytes."
+              end
+            end
+          end
+
+          # Read body incrementally with size cap
+          response_body = read_body_with_limit(response, max_bytes, is_success)
+        end
+      ensure
+        http.finish if http.started?
+      end
+
+      # Validate Content-Type for success responses
+      if status >= 200 && status < 300
+        content_type = response_obj["Content-Type"]
+        unless content_type && content_type.include?("application/json")
+          ct_display = content_type ? content_type[0, 200] : nil
+          raise Error, "Unexpected Content-Type: #{ct_display.inspect}. Expected application/json."
+        end
+      end
+
+      data = begin
+        JSON.parse(response_body)
+      rescue JSON::ParserError
+        if status >= 200 && status < 300
+          raise Error, "Invalid API response: expected JSON."
+        end
+        nil
+      end
+
+      [data, response_obj, status]
+    end
+
+    def read_body_with_limit(response, max_bytes, is_success)
+      chunks = []
+      total = 0
+
+      response.read_body do |chunk|
+        total += chunk.bytesize
+        if total > max_bytes
+          if is_success
+            raise Error,
+              "Response body too large (>#{MAX_RESPONSE_BYTES} bytes). Maximum: #{MAX_RESPONSE_BYTES} bytes."
+          end
+          # For error bodies, truncate silently (force binary to avoid multibyte split)
+          remaining = max_bytes - (total - chunk.bytesize)
+          chunks << chunk.b.byteslice(0, remaining) if remaining > 0
+          break
+        end
+        chunks << chunk
+      end
+
+      chunks.join
+    end
+
+    def validate_detect_response(data)
+      REQUIRED_RESPONSE_KEYS.each do |key|
+        unless data.key?(key)
+          raise Error, "Invalid API response: missing '#{key}' field."
+        end
+      end
+
+      unless data["flagged"] == true || data["flagged"] == false
+        raise Error, "Invalid API response: missing or invalid 'flagged' field."
+      end
+
+      risk_bands = data["risk_bands"]
+      unless risk_bands.is_a?(Hash)
+        raise Error, "Invalid API response: missing or invalid 'risk_bands' field."
+      end
+
+      REQUIRED_RISK_BAND_KEYS.each do |key|
+        band = risk_bands[key]
+        unless band.is_a?(Hash) && band.key?("level") && band["level"].is_a?(String)
+          raise Error, "Invalid API response: missing risk_bands.#{key}.level."
+        end
+      end
+
+      # Validate subcategories structure
+      subcategories = data["subcategories"]
+      unless subcategories.is_a?(Hash)
+        raise Error, "Invalid API response: missing or invalid 'subcategories' field."
+      end
+      %w[content_violation data_leakage].each do |key|
+        sub = subcategories[key]
+        unless sub.is_a?(Hash)
+          raise Error, "Invalid API response: missing subcategories.#{key}."
+        end
+        unless sub.key?("triggered") && sub["triggered"].is_a?(Array)
+          raise Error, "Invalid API response: subcategories.#{key}.triggered must be an array."
+        end
+        unless sub["triggered"].all? { |t| t.is_a?(String) }
+          raise Error, "Invalid API response: subcategories.#{key}.triggered must contain only strings."
+        end
+      end
+
+      # Validate unknown_links structure
+      unknown_links = data["unknown_links"]
+      unless unknown_links.is_a?(Hash) && (unknown_links["flagged"] == true || unknown_links["flagged"] == false)
+        raise Error, "Invalid API response: missing unknown_links.flagged."
+      end
+
+      # Validate processing structure
+      processing = data["processing"]
+      unless processing.is_a?(Hash) && processing.key?("inference_ms") && processing["inference_ms"].is_a?(Numeric)
+        raise Error, "Invalid API response: missing or invalid processing.inference_ms."
+      end
+    end
+
+    def parse_success(data, headers)
+      unless data.is_a?(Hash)
+        raise Error, "Invalid API response: expected a JSON object."
+      end
+      [data, headers]
+    end
+
+    def raise_for_status(status, data, headers)
+      raw_message = (data.is_a?(Hash) && data["message"]) || "Request failed"
+      message = Wardstone.sanitize_message(raw_message)
+      raw_code = data.is_a?(Hash) ? data["error"] : nil
+      error_code = raw_code.is_a?(String) ? Wardstone.sanitize_message(raw_code) : nil
+
+      case status
+      when 400
+        raise BadRequestError.new(
+          message,
+          code: error_code || "bad_request",
+          max_length: data.is_a?(Hash) ? data["maxLength"] : nil
+        )
+      when 401
+        raise AuthenticationError, message
+      when 403
+        raise PermissionError, message
+      when 429
+        retry_after = headers["Retry-After"]
+        retry_val = parse_retry_after(retry_after)
+        raise RateLimitError.new(message, retry_after: retry_val)
+      else
+        if status >= 500
+          raise InternalServerError, message
+        end
+        raise Error.new(message, status: status, code: error_code)
+      end
+    end
+
+    def retry_delay(attempt, headers)
+      if headers
+        retry_after = headers["Retry-After"]
+        if retry_after
+          val = parse_retry_after(retry_after)
+          if val && val > 0
+            return [val, MAX_RETRY_DELAY].min
+          end
+        end
+      end
+      base = [0.5 * (2**attempt), 8.0].min
+      base * (0.5 + rand * 0.5)
+    end
+
+    def parse_retry_after(value)
+      return nil if value.nil?
+      Float(value)
+    rescue ArgumentError, TypeError
+      nil
+    end
+
+    def parse_rate_limit(headers)
+      {
+        "limit" => safe_int(headers["X-RateLimit-Limit"]),
+        "remaining" => safe_int(headers["X-RateLimit-Remaining"]),
+        "reset" => safe_int(headers["X-RateLimit-Reset"])
+      }
+    end
+
+    def safe_int(val)
+      return 0 if val.nil?
+      Integer(val)
+    rescue ArgumentError, TypeError
+      0
+    end
+  end
+end

data/lib/wardstone/configuration.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+require "uri"
+require_relative "version"
+require_relative "errors"
+
+module Wardstone
+  DEFAULT_BASE_URL = "https://wardstone.ai"
+  DEFAULT_TIMEOUT = 30
+  DEFAULT_MAX_RETRIES = 2
+  MAX_MAX_RETRIES = 10
+  MAX_RETRY_DELAY = 60.0
+  MAX_RESPONSE_BYTES = 10_485_760   # 10 MB
+  MAX_ERROR_BODY_BYTES = 65_536     # 64 KB
+  MAX_TEXT_LENGTH = 8_000_000
+  MAX_ERROR_MESSAGE_LENGTH = 1000
+  MIN_API_KEY_LENGTH = 8
+
+  VALID_SCAN_STRATEGIES = %w[early-exit full-scan smart-sample].freeze
+  LOCALHOST_HOSTS = %w[localhost 127.0.0.1 ::1 [::1]].freeze
+
+  USER_AGENT = "wardstone-ruby/#{VERSION}"
+
+  # All control characters including \t \n \r (matches Node/Python SDKs)
+  CONTROL_CHARS_RE = /[\x00-\x1F\x7F]/
+
+  module_function
+
+  def resolve_api_key(api_key)
+    raw = api_key || ENV["WARDSTONE_API_KEY"]
+    if raw.nil? || raw.strip.empty?
+      raise AuthenticationError,
+        "API key is required. Pass it via the api_key option or set the WARDSTONE_API_KEY environment variable."
+    end
+
+    key = raw.strip
+    if key.length < MIN_API_KEY_LENGTH
+      raise AuthenticationError,
+        "API key is too short (minimum #{MIN_API_KEY_LENGTH} characters). " \
+        "Check that you are using a valid Wardstone API key."
+    end
+
+    key
+  end
+
+  def validate_base_url(url)
+    trimmed = url.sub(/\/+$/, "")
+    uri = URI.parse(trimmed)
+
+    safe_url = url.length > 200 ? url[0, 200] + "..." : url
+
+    unless %w[https http].include?(uri.scheme)
+      raise Error, "Invalid base_url scheme \"#{uri.scheme}\". Only https and http are supported."
+    end
+
+    unless uri.host && !uri.host.empty?
+      raise Error, "Invalid base_url: \"#{safe_url}\" has no hostname."
+    end
+
+    if uri.host.match?(CONTROL_CHARS_RE) || uri.host.include?("\x00")
+      raise Error, "Invalid base_url: hostname contains invalid characters."
+    end
+
+    if uri.userinfo
+      raise Error, "base_url must not contain credentials (user:pass@host)."
+    end
+
+    if uri.query
+      raise Error, "base_url must not contain a query string."
+    end
+
+    if uri.fragment
+      raise Error, "base_url must not contain a fragment."
+    end
+
+    if uri.scheme == "http" && !LOCALHOST_HOSTS.include?(uri.host)
+      raise Error,
+        "Insecure base_url: HTTP is only allowed for localhost. Use HTTPS for remote hosts."
+    end
+
+    trimmed
+  rescue URI::InvalidURIError
+    safe_url_fallback = url.length > 200 ? url[0, 200] + "..." : url
+    raise Error, "Invalid base_url: \"#{safe_url_fallback}\" is not a valid URL."
+  end
+
+  def validate_text(text)
+    if !text.is_a?(String) || text.empty?
+      raise BadRequestError.new("text must be a non-empty string.", code: "invalid_input")
+    end
+
+    if text.length > MAX_TEXT_LENGTH
+      raise BadRequestError.new(
+        "text exceeds maximum length of #{MAX_TEXT_LENGTH} characters.",
+        code: "text_too_long",
+        max_length: MAX_TEXT_LENGTH
+      )
+    end
+  end
+
+  def validate_scan_strategy(strategy)
+    return if strategy.nil?
+
+    unless VALID_SCAN_STRATEGIES.include?(strategy)
+      raise BadRequestError.new(
+        "Invalid scan_strategy. Must be one of: #{VALID_SCAN_STRATEGIES.join(", ")}.",
+        code: "invalid_input"
+      )
+    end
+  end
+
+  def validate_include_raw_scores(value)
+    return if value.nil?
+
+    unless value == true || value == false
+      raise BadRequestError.new("include_raw_scores must be a boolean.", code: "invalid_input")
+    end
+  end
+
+  def sanitize_message(msg)
+    truncated = if msg.length > MAX_ERROR_MESSAGE_LENGTH
+      msg[0, MAX_ERROR_MESSAGE_LENGTH] + "..."
+    else
+      msg
+    end
+    truncated.gsub(CONTROL_CHARS_RE, "")
+  end
+end

data/lib/wardstone/errors.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Wardstone
+  # Base exception for all Wardstone SDK errors.
+  class Error < StandardError
+    attr_reader :status, :code
+
+    def initialize(message = "An error occurred", status: nil, code: nil)
+      super(message)
+      @status = status
+      @code = code
+    end
+  end
+
+  # Raised when the API key is missing or invalid (401).
+  class AuthenticationError < Error
+    def initialize(message = "Invalid or missing API key")
+      super(message, status: 401, code: "authentication_error")
+    end
+  end
+
+  # Raised on 400 responses (invalid JSON, missing text, text too long).
+  class BadRequestError < Error
+    attr_reader :max_length
+
+    def initialize(message = "Bad request", code: "bad_request", max_length: nil)
+      super(message, status: 400, code: code)
+      @max_length = max_length
+    end
+  end
+
+  # Raised when a feature is not available on the current plan (403).
+  class PermissionError < Error
+    def initialize(message = "Permission denied")
+      super(message, status: 403, code: "permission_error")
+    end
+  end
+
+  # Raised when the monthly quota is exceeded (429).
+  class RateLimitError < Error
+    attr_reader :retry_after
+
+    def initialize(message = "Rate limit exceeded", retry_after: nil)
+      super(message, status: 429, code: "rate_limit_error")
+      @retry_after = retry_after
+    end
+  end
+
+  # Raised on 5xx server errors.
+  class InternalServerError < Error
+    def initialize(message = "Internal server error")
+      super(message, status: 500, code: "internal_server_error")
+    end
+  end
+
+  # Raised when the HTTP connection fails.
+  class ConnectionError < Error
+    def initialize(message = "Connection failed")
+      super(message, status: nil, code: "connection_error")
+    end
+  end
+
+  # Raised when a request exceeds the configured timeout.
+  class TimeoutError < Error
+    def initialize(message = "Request timed out")
+      super(message, status: nil, code: "timeout_error")
+    end
+  end
+end

data/lib/wardstone/response_object.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+require "json"
+
+module Wardstone
+  # Immutable object providing dot-notation access to API response data.
+  #
+  # Unlike OpenStruct (deprecated in Ruby 3.0+), this class raises NoMethodError
+  # on unknown keys instead of silently returning nil.
+  class ResponseObject
+    def initialize(data)
+      @data = deep_convert(data)
+      @data.freeze
+      freeze
+    end
+
+    def method_missing(name, *args)
+      key = name.to_s
+      if @data.key?(key)
+        raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 0)" unless args.empty?
+        @data[key]
+      else
+        super
+      end
+    end
+
+    def respond_to_missing?(name, include_private = false)
+      @data.key?(name.to_s) || super
+    end
+
+    def to_h
+      deep_unconvert(@data)
+    end
+
+    def to_json(*args)
+      to_h.to_json(*args)
+    end
+
+    def inspect
+      "#<Wardstone::ResponseObject #{to_h.inspect}>"
+    end
+
+    def ==(other)
+      return to_h == other.to_h if other.is_a?(ResponseObject)
+      false
+    end
+
+    def [](key)
+      @data[key.to_s]
+    end
+
+    private
+
+    def deep_convert(obj)
+      case obj
+      when Hash
+        obj.each_with_object({}) do |(k, v), hash|
+          hash[k.to_s] = wrap(v)
+        end
+      else
+        obj
+      end
+    end
+
+    def wrap(obj)
+      case obj
+      when Hash
+        ResponseObject.new(obj)
+      when Array
+        obj.map { |v| wrap(v) }.freeze
+      else
+        obj.frozen? ? obj : obj.dup.freeze
+      end
+    end
+
+    def deep_unconvert(obj)
+      case obj
+      when ResponseObject
+        obj.to_h
+      when Hash
+        obj.each_with_object({}) do |(k, v), hash|
+          hash[k] = deep_unconvert(v)
+        end
+      when Array
+        obj.map { |v| deep_unconvert(v) }
+      else
+        obj
+      end
+    end
+  end
+end

data/lib/wardstone/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Wardstone
+  VERSION = "0.1.0"
+end

data/lib/wardstone.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require_relative "wardstone/version"
+require_relative "wardstone/errors"
+require_relative "wardstone/response_object"
+require_relative "wardstone/configuration"
+require_relative "wardstone/client"

metadata

@@ -0,0 +1,94 @@
+--- !ruby/object:Gem::Specification
+name: wardstone
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Wardstone
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Detect prompt injection, content violations, data leakage, and unknown
+  links in LLM inputs and outputs.
+email:
+- jack@wardstone.ai
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/wardstone.rb
+- lib/wardstone/client.rb
+- lib/wardstone/configuration.rb
+- lib/wardstone/errors.rb
+- lib/wardstone/response_object.rb
+- lib/wardstone/version.rb
+homepage: https://wardstone.ai
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://wardstone.ai
+  source_code_uri: https://github.com/Wardstone-AI/wardstone-ruby
+  documentation_uri: https://wardstone.ai/docs
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Ruby SDK for the Wardstone LLM security API
+test_files: []