@1claw/sdk 0.16.3 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/README.md +58 -1
  2. package/dist/generated/api-types.d.ts +441 -2
  3. package/dist/generated/api-types.d.ts.map +1 -1
  4. package/dist/index.d.ts +1 -1
  5. package/dist/index.d.ts.map +1 -1
  6. package/dist/resources/vault.d.ts +4 -2
  7. package/dist/resources/vault.d.ts.map +1 -1
  8. package/dist/resources/vault.js +13 -7
  9. package/dist/resources/vault.js.map +1 -1
  10. package/dist/types.d.ts +59 -0
  11. package/dist/types.d.ts.map +1 -1
  12. package/package.json +1 -1
package/README.md CHANGED
@@ -76,7 +76,7 @@ await client.auth.resetPassword({ token: "...", new_password: "..." });
76
76
 
77
77
  | Resource | Methods |
78
78
  | ------------------ | ------------------------------------------------------------------------------------------------------------------- |
79
- | `client.vault` | `create`, `get`, `list`, `delete` |
79
+ | `client.vault` | `create`, `get`, `list`, `delete`, `enableMpc`, `disableMpc` |
80
80
  | `client.secrets` | `set`, `get`, `delete`, `list`, `rotate` |
81
81
  | `client.access` | `grantHuman`, `grantAgent`, `update`, `revoke`, `listGrants` |
82
82
  | `client.agents` | `create`, `getSelf`, `get`, `list`, `update`, `delete`, `rotateKey`, `submitTransaction`, `signTransaction`, `getTransaction`, `listTransactions`, `simulateTransaction`, `simulateBundle` |
@@ -265,6 +265,30 @@ const job = await client.vault.getRotationJobStatus(vaultId, jobId);
265
265
  console.log(job.data?.status, job.data?.processed, "/", job.data?.total_secrets);
266
266
  ```
267
267
 
268
+ ## MPC Vault Support
269
+
270
+ Vaults can optionally use multi-party computation (MPC) for secret splitting. When MPC is enabled, the server holds one share and the client holds another — neither party can reconstruct the secret alone.
271
+
272
+ ```typescript
273
+ // Enable MPC on a vault
274
+ await client.vault.enableMpc(vaultId);
275
+
276
+ // Store a secret — response includes the client_share
277
+ const res = await client.secrets.set(vaultId, "my-key", "secret-value");
278
+ const clientShare = res.data?.client_share; // Save this securely on your side
279
+
280
+ // Retrieve a secret — pass client_share to reconstruct
281
+ const secret = await client.secrets.get(vaultId, "my-key", {
282
+ client_share: clientShare,
283
+ });
284
+ console.log(secret.data?.value);
285
+
286
+ // Disable MPC (converts back to standard encryption)
287
+ await client.vault.disableMpc(vaultId);
288
+ ```
289
+
290
+ When MPC is enabled, `set` responses include a `client_share` field that must be stored client-side. The `get` method accepts an optional `client_share` parameter to reconstruct the full secret. Without the client share, the server returns only its share.
291
+
268
292
  ## Agent Token Auto-Refresh
269
293
 
270
294
  When using agent credentials (`agentId` + `apiKey`), the SDK automatically refreshes tokens 60 seconds before expiry. No manual token management needed:
@@ -368,6 +392,39 @@ const { data } = await client.agents.create({
368
392
  network_detection: { enabled: true, action: "warn" },
369
393
  filesystem_detection: { enabled: false }, // disabled by default
370
394
 
395
+ // Advanced inspection (Phase 2+3)
396
+ tool_call_inspection: {
397
+ enabled: true,
398
+ scan_arguments: true,
399
+ block_credential_exfil: true,
400
+ action: "block",
401
+ },
402
+ output_policy: {
403
+ enabled: true,
404
+ blocked_entities: ["CompetitorCo"],
405
+ block_harmful_content: true,
406
+ harmful_categories: ["malware", "illegal"],
407
+ action: "warn",
408
+ },
409
+ secret_injection_detection: {
410
+ enabled: true,
411
+ action: "block",
412
+ sensitivity: "medium",
413
+ },
414
+ advanced_redaction: {
415
+ enabled: true,
416
+ detect_base64_encoded: true,
417
+ detect_split_secrets: true,
418
+ detect_prefix_leak: true,
419
+ },
420
+ semantic_policy: {
421
+ enabled: true,
422
+ allowed_topics: ["customer_support"],
423
+ denied_tasks: ["code_generation", "data_export"],
424
+ action: "warn",
425
+ },
426
+ flagged_request_retention_days: 30,
427
+
371
428
  // Global settings
372
429
  sanitization_mode: "block", // block | surgical | log_only
373
430
  threat_logging: true,
package/dist/generated/api-types.d.ts CHANGED
@@ -539,6 +539,28 @@ export interface paths {
539
539
  patch?: never;
540
540
  trace?: never;
541
541
  };
542
+ "/v1/vaults/{vault_id}/mpc": {
543
+ parameters: {
544
+ query?: never;
545
+ header?: never;
546
+ path?: never;
547
+ cookie?: never;
548
+ };
549
+ get?: never;
550
+ put?: never;
551
+ /**
552
+ * Enable MPC custody on a vault
553
+ * @description Enable MPC custody on an existing vault. Requires Business or Enterprise plan.
554
+ * Splits secret encryption keys across multiple providers using the specified
555
+ * custody mode (e.g. 2-of-2, 2-of-3).
556
+ */
557
+ post: operations["enableMpc"];
558
+ delete?: never;
559
+ options?: never;
560
+ head?: never;
561
+ patch?: never;
562
+ trace?: never;
563
+ };
542
564
  "/v1/vaults/{vault_id}/secrets": {
543
565
  parameters: {
544
566
  query?: never;
@@ -1703,6 +1725,152 @@ export interface paths {
1703
1725
  patch?: never;
1704
1726
  trace?: never;
1705
1727
  };
1728
+ "/v1/shroud/activity": {
1729
+ parameters: {
1730
+ query?: never;
1731
+ header?: never;
1732
+ path?: never;
1733
+ cookie?: never;
1734
+ };
1735
+ /**
1736
+ * List Shroud activity events
1737
+ * @description Returns recent Shroud proxy activity for the organization (LLM requests, inspections, policy actions).
1738
+ */
1739
+ get: {
1740
+ parameters: {
1741
+ query?: {
1742
+ /** @description Filter by agent ID */
1743
+ agent_id?: string;
1744
+ /** @description Filter by action (allowed, blocked, warned) */
1745
+ action?: string;
1746
+ /** @description Maximum events to return */
1747
+ limit?: number;
1748
+ /** @description Pagination offset */
1749
+ offset?: number;
1750
+ };
1751
+ header?: never;
1752
+ path?: never;
1753
+ cookie?: never;
1754
+ };
1755
+ requestBody?: never;
1756
+ responses: {
1757
+ /** @description Activity events */
1758
+ 200: {
1759
+ headers: {
1760
+ [name: string]: unknown;
1761
+ };
1762
+ content: {
1763
+ "application/json": {
1764
+ events?: components["schemas"]["ShroudActivityEvent"][];
1765
+ total?: number;
1766
+ };
1767
+ };
1768
+ };
1769
+ /** @description Unauthorized */
1770
+ 401: {
1771
+ headers: {
1772
+ [name: string]: unknown;
1773
+ };
1774
+ content?: never;
1775
+ };
1776
+ };
1777
+ };
1778
+ put?: never;
1779
+ /**
1780
+ * Ingest Shroud activity event (internal)
1781
+ * @description Called by the Shroud proxy to record activity events. Not intended for external use.
1782
+ */
1783
+ post: {
1784
+ parameters: {
1785
+ query?: never;
1786
+ header?: never;
1787
+ path?: never;
1788
+ cookie?: never;
1789
+ };
1790
+ requestBody: {
1791
+ content: {
1792
+ "application/json": components["schemas"]["IngestShroudActivityRequest"];
1793
+ };
1794
+ };
1795
+ responses: {
1796
+ /** @description Event recorded */
1797
+ 201: {
1798
+ headers: {
1799
+ [name: string]: unknown;
1800
+ };
1801
+ content?: never;
1802
+ };
1803
+ /** @description Unauthorized */
1804
+ 401: {
1805
+ headers: {
1806
+ [name: string]: unknown;
1807
+ };
1808
+ content?: never;
1809
+ };
1810
+ };
1811
+ };
1812
+ delete?: never;
1813
+ options?: never;
1814
+ head?: never;
1815
+ patch?: never;
1816
+ trace?: never;
1817
+ };
1818
+ "/v1/shroud/threat-summary": {
1819
+ parameters: {
1820
+ query?: never;
1821
+ header?: never;
1822
+ path?: never;
1823
+ cookie?: never;
1824
+ };
1825
+ /**
1826
+ * Shroud threat analytics summary
1827
+ * @description Aggregated threat metrics for the organization from `shroud_activity` (detectors, blocked counts, recent flagged requests). Query `period` selects the window; the previous window of equal length is used for request volume trend.
1828
+ */
1829
+ get: {
1830
+ parameters: {
1831
+ query?: {
1832
+ /** @description Rolling window ending now */
1833
+ period?: "1h" | "24h" | "7d" | "30d";
1834
+ };
1835
+ header?: never;
1836
+ path?: never;
1837
+ cookie?: never;
1838
+ };
1839
+ requestBody?: never;
1840
+ responses: {
1841
+ /** @description Threat summary */
1842
+ 200: {
1843
+ headers: {
1844
+ [name: string]: unknown;
1845
+ };
1846
+ content: {
1847
+ "application/json": components["schemas"]["ShroudThreatSummary"];
1848
+ };
1849
+ };
1850
+ /** @description Invalid period */
1851
+ 400: {
1852
+ headers: {
1853
+ [name: string]: unknown;
1854
+ };
1855
+ content?: never;
1856
+ };
1857
+ /** @description Unauthorized */
1858
+ 401: {
1859
+ headers: {
1860
+ [name: string]: unknown;
1861
+ };
1862
+ content?: never;
1863
+ };
1864
+ };
1865
+ };
1866
+ put?: never;
1867
+ post?: never;
1868
+ delete?: never;
1869
+ options?: never;
1870
+ head?: never;
1871
+ patch?: never;
1872
+ trace?: never;
1873
+ };
1706
1874
  }
1707
1875
  export type webhooks = Record<string, never>;
1708
1876
  export interface components {
@@ -1901,6 +2069,8 @@ export interface components {
1901
2069
  CreateVaultRequest: {
1902
2070
  name: string;
1903
2071
  description?: string;
2072
+ /** @description MPC custody mode to enable at creation (e.g. "2-of-2", "2-of-3") */
2073
+ mpc_custody?: string;
1904
2074
  };
1905
2075
  VaultResponse: {
1906
2076
  /** Format: uuid */
@@ -1915,6 +2085,12 @@ export interface components {
1915
2085
  cmek_enabled?: boolean;
1916
2086
  /** @description SHA-256 fingerprint of the CMEK key (64 hex chars) */
1917
2087
  cmek_fingerprint?: string;
2088
+ /** @description MPC custody mode (e.g. "2-of-2", "2-of-3"), absent when MPC is not enabled */
2089
+ mpc_custody?: string;
2090
+ /** @description Number of shares required to reconstruct the key */
2091
+ mpc_threshold?: number;
2092
+ /** @description List of MPC share providers (e.g. ["server", "client"]) */
2093
+ mpc_providers?: string[];
1918
2094
  };
1919
2095
  VaultListResponse: {
1920
2096
  vaults?: components["schemas"]["VaultResponse"][];
@@ -1946,6 +2122,10 @@ export interface components {
1946
2122
  /** Format: date-time */
1947
2123
  created_at: string;
1948
2124
  };
2125
+ EnableMpcRequest: {
2126
+ /** @description MPC custody mode (e.g. "2-of-2", "2-of-3") */
2127
+ mpc_custody: string;
2128
+ };
1949
2129
  PutSecretRequest: {
1950
2130
  /**
1951
2131
  * @description Secret type (generic, password, api_key, certificate, private_key, ssh_key, env)
@@ -1977,6 +2157,23 @@ export interface components {
1977
2157
  /** Format: date-time */
1978
2158
  expires_at?: string;
1979
2159
  };
2160
+ /** @description Returned when a secret is created or updated. Extends SecretMetadataResponse with an optional client_share for MPC vaults. */
2161
+ SecretCreatedResponse: {
2162
+ /** Format: uuid */
2163
+ id: string;
2164
+ path: string;
2165
+ type: string;
2166
+ version: number;
2167
+ metadata?: {
2168
+ [key: string]: unknown;
2169
+ };
2170
+ /** Format: date-time */
2171
+ created_at: string;
2172
+ /** Format: date-time */
2173
+ expires_at?: string;
2174
+ /** @description Base64-encoded client key share. Returned only for MPC 2-of-2 vaults. The client must store this share securely — it is not persisted server-side. */
2175
+ client_share?: string;
2176
+ };
1980
2177
  SecretResponse: {
1981
2178
  /** Format: uuid */
1982
2179
  id: string;
@@ -2254,6 +2451,13 @@ export interface components {
2254
2451
  * @default true
2255
2452
  */
2256
2453
  threat_logging: boolean;
2454
+ tool_call_inspection?: components["schemas"]["ToolCallPolicy"];
2455
+ output_policy?: components["schemas"]["OutputPolicy"];
2456
+ secret_injection_detection?: components["schemas"]["SecretInjectionConfig"];
2457
+ advanced_redaction?: components["schemas"]["AdvancedRedactionConfig"];
2458
+ semantic_policy?: components["schemas"]["SemanticPolicy"];
2459
+ /** @description Number of days to retain flagged request bodies for replay/investigation */
2460
+ flagged_request_retention_days?: number;
2257
2461
  };
2258
2462
  /** @description Unicode normalization and homoglyph detection settings */
2259
2463
  UnicodeNormalizationConfig: {
@@ -2384,6 +2588,129 @@ export interface components {
2384
2588
  /** @description Path patterns to block (e.g., /etc/passwd, ~/.ssh) */
2385
2589
  blocked_paths?: string[];
2386
2590
  };
2591
+ /** @description Tool/function call inspection settings */
2592
+ ToolCallPolicy: {
2593
+ /**
2594
+ * @description Enable tool call inspection
2595
+ * @default false
2596
+ */
2597
+ enabled: boolean;
2598
+ /** @description Allowed tool/function names (empty = all allowed) */
2599
+ allowed_tool_names?: string[];
2600
+ /** @description Denied tool/function names */
2601
+ denied_tool_names?: string[];
2602
+ /**
2603
+ * @description Scan tool call arguments for credential exfiltration
2604
+ * @default true
2605
+ */
2606
+ scan_arguments: boolean;
2607
+ /**
2608
+ * @description Block tool calls that appear to exfiltrate credentials
2609
+ * @default true
2610
+ */
2611
+ block_credential_exfil: boolean;
2612
+ /**
2613
+ * @description Action when a tool call violation is detected
2614
+ * @default block
2615
+ * @enum {string}
2616
+ */
2617
+ action: "block" | "sanitize" | "warn" | "log";
2618
+ };
2619
+ /** @description Output content policy settings for LLM responses */
2620
+ OutputPolicy: {
2621
+ /**
2622
+ * @description Enable output content policies
2623
+ * @default false
2624
+ */
2625
+ enabled: boolean;
2626
+ /** @description Custom regex patterns to block in responses */
2627
+ blocked_patterns?: string[];
2628
+ /** @description Named entities to block (e.g., competitor names) */
2629
+ blocked_entities?: string[];
2630
+ /**
2631
+ * @description Block responses containing harmful content categories
2632
+ * @default false
2633
+ */
2634
+ block_harmful_content: boolean;
2635
+ /** @description Harm categories to block */
2636
+ harmful_categories?: ("violence" | "self_harm" | "illegal" | "hate" | "sexual" | "malware")[];
2637
+ /**
2638
+ * @description Action when output policy is violated
2639
+ * @default warn
2640
+ * @enum {string}
2641
+ */
2642
+ action: "block" | "sanitize" | "warn" | "log";
2643
+ };
2644
+ /** @description Detects credentials injected into prompts that are not from the vault */
2645
+ SecretInjectionConfig: {
2646
+ /**
2647
+ * @description Enable secret injection detection
2648
+ * @default false
2649
+ */
2650
+ enabled: boolean;
2651
+ /**
2652
+ * @description Action when injected credentials are detected
2653
+ * @default block
2654
+ * @enum {string}
2655
+ */
2656
+ action: "block" | "sanitize" | "warn" | "log";
2657
+ /**
2658
+ * @description Detection sensitivity level
2659
+ * @default medium
2660
+ * @enum {string}
2661
+ */
2662
+ sensitivity: "low" | "medium" | "high";
2663
+ };
2664
+ /** @description Advanced secret redaction settings (base64-encoded, split, prefix leaks) */
2665
+ AdvancedRedactionConfig: {
2666
+ /**
2667
+ * @description Enable advanced redaction checks
2668
+ * @default false
2669
+ */
2670
+ enabled: boolean;
2671
+ /**
2672
+ * @description Detect base64-encoded vault secrets
2673
+ * @default false
2674
+ */
2675
+ detect_base64_encoded: boolean;
2676
+ /**
2677
+ * @description Detect secrets split across tokens or messages
2678
+ * @default false
2679
+ */
2680
+ detect_split_secrets: boolean;
2681
+ /**
2682
+ * @description Detect partial/prefix leaks of vault secrets
2683
+ * @default false
2684
+ */
2685
+ detect_prefix_leak: boolean;
2686
+ /**
2687
+ * @description Minimum secret length to consider for advanced matching
2688
+ * @default 16
2689
+ */
2690
+ min_secret_length: number;
2691
+ };
2692
+ /** @description Semantic/intent-level policy enforcement */
2693
+ SemanticPolicy: {
2694
+ /**
2695
+ * @description Enable semantic policy enforcement
2696
+ * @default false
2697
+ */
2698
+ enabled: boolean;
2699
+ /** @description Topics the agent is allowed to discuss (empty = all) */
2700
+ allowed_topics?: string[];
2701
+ /** @description Topics to block */
2702
+ denied_topics?: string[];
2703
+ /** @description Tasks the agent is allowed to perform (empty = all) */
2704
+ allowed_tasks?: string[];
2705
+ /** @description Tasks to block (e.g., code_generation, data_export) */
2706
+ denied_tasks?: string[];
2707
+ /**
2708
+ * @description Action when semantic policy is violated
2709
+ * @default warn
2710
+ * @enum {string}
2711
+ */
2712
+ action: "block" | "sanitize" | "warn" | "log";
2713
+ };
2387
2714
  AgentCreatedResponse: {
2388
2715
  agent: components["schemas"]["AgentResponse"];
2389
2716
  /** @description One-time API key (only present for api_key auth method) */
@@ -2972,6 +3299,86 @@ export interface components {
2972
3299
  }[];
2973
3300
  description?: string;
2974
3301
  };
3302
+ ShroudActivityEvent: {
3303
+ /** Format: uuid */
3304
+ id?: string;
3305
+ /** Format: uuid */
3306
+ org_id?: string;
3307
+ agent_id?: string;
3308
+ provider?: string;
3309
+ model?: string;
3310
+ /** @description Action taken (allowed, blocked, warned) */
3311
+ action?: string;
3312
+ request_tokens?: number;
3313
+ response_tokens?: number;
3314
+ latency_ms?: number;
3315
+ had_secrets_redacted?: boolean;
3316
+ had_pii_detected?: boolean;
3317
+ injection_score?: number;
3318
+ policy_violations?: string[];
3319
+ metadata?: Record<string, never>;
3320
+ /** Format: date-time */
3321
+ timestamp?: string;
3322
+ };
3323
+ IngestShroudActivityRequest: {
3324
+ agent_id: string;
3325
+ provider?: string;
3326
+ model?: string;
3327
+ action: string;
3328
+ /** @default 0 */
3329
+ request_tokens: number;
3330
+ /** @default 0 */
3331
+ response_tokens: number;
3332
+ latency_ms?: number;
3333
+ /** @default false */
3334
+ had_secrets_redacted: boolean;
3335
+ /** @default false */
3336
+ had_pii_detected: boolean;
3337
+ /** @default 0 */
3338
+ injection_score: number;
3339
+ policy_violations?: string[];
3340
+ metadata?: Record<string, never>;
3341
+ };
3342
+ ShroudThreatSummary: {
3343
+ /** Format: int64 */
3344
+ total_requests?: number;
3345
+ /** Format: int64 */
3346
+ total_requests_prev?: number;
3347
+ /** Format: int64 */
3348
+ blocked_requests?: number;
3349
+ /** Format: int64 */
3350
+ detectors_triggered?: number;
3351
+ /** Format: int64 */
3352
+ active_agents?: number;
3353
+ detectors?: components["schemas"]["ShroudDetectorStats"][];
3354
+ flagged_requests?: components["schemas"]["ShroudFlaggedRequest"][];
3355
+ };
3356
+ ShroudDetectorStats: {
3357
+ detector?: string;
3358
+ /** Format: int64 */
3359
+ detections?: number;
3360
+ /** Format: int64 */
3361
+ blocks?: number;
3362
+ actions?: {
3363
+ /** Format: int64 */
3364
+ blocked?: number;
3365
+ /** Format: int64 */
3366
+ warned?: number;
3367
+ /** Format: int64 */
3368
+ logged?: number;
3369
+ };
3370
+ };
3371
+ ShroudFlaggedRequest: {
3372
+ id?: string;
3373
+ /** Format: date-time */
3374
+ timestamp?: string;
3375
+ agent_id?: string;
3376
+ agent_name?: string;
3377
+ score?: number;
3378
+ reason?: string;
3379
+ /** @enum {string} */
3380
+ action?: "blocked" | "warned" | "logged";
3381
+ };
2975
3382
  HealthResponse: {
2976
3383
  /** @enum {string} */
2977
3384
  status?: "healthy" | "degraded";
@@ -3894,6 +4301,35 @@ export interface operations {
3894
4301
  404: components["responses"]["NotFound"];
3895
4302
  };
3896
4303
  };
4304
+ enableMpc: {
4305
+ parameters: {
4306
+ query?: never;
4307
+ header?: never;
4308
+ path: {
4309
+ vault_id: components["parameters"]["VaultId"];
4310
+ };
4311
+ cookie?: never;
4312
+ };
4313
+ requestBody: {
4314
+ content: {
4315
+ "application/json": components["schemas"]["EnableMpcRequest"];
4316
+ };
4317
+ };
4318
+ responses: {
4319
+ /** @description MPC custody enabled */
4320
+ 200: {
4321
+ headers: {
4322
+ [name: string]: unknown;
4323
+ };
4324
+ content: {
4325
+ "application/json": components["schemas"]["VaultResponse"];
4326
+ };
4327
+ };
4328
+ 400: components["responses"]["BadRequest"];
4329
+ 403: components["responses"]["Forbidden"];
4330
+ 404: components["responses"]["NotFound"];
4331
+ };
4332
+ };
3897
4333
  listSecrets: {
3898
4334
  parameters: {
3899
4335
  query?: {
@@ -3923,7 +4359,10 @@ export interface operations {
3923
4359
  getSecret: {
3924
4360
  parameters: {
3925
4361
  query?: never;
3926
- header?: never;
4362
+ header?: {
4363
+ /** @description Base64-encoded client key share for MPC 2-of-2 vaults. Required when the vault uses 2-of-2 MPC custody. */
4364
+ "x-client-share"?: string;
4365
+ };
3927
4366
  path: {
3928
4367
  vault_id: components["parameters"]["VaultId"];
3929
4368
  /** @description Secret path (e.g. "db/credentials") */
@@ -3969,7 +4408,7 @@ export interface operations {
3969
4408
  [name: string]: unknown;
3970
4409
  };
3971
4410
  content: {
3972
- "application/json": components["schemas"]["SecretMetadataResponse"];
4411
+ "application/json": components["schemas"]["SecretCreatedResponse"];
3973
4412
  };
3974
4413
  };
3975
4414
  400: components["responses"]["BadRequest"];