@agentguard-run/spend 0.2.1 → 0.3.0

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 0.3.0
+
+- Added streaming true-up for OpenAI, Anthropic, and Bedrock, including signed settlement entries.
+- Added native TypeScript Anthropic and Bedrock bindings.
+- Added OpenRouter model aliases, catalog sync, local pricing overrides, and auth CLI.
+- Added models picker, guided wizard, tips system, and five task templates.
+- Added public verifier demo receipt export and README quickstarts for the wizard flow.
+
+## 0.2.2
+
+- Emit opt-in sdk_init beacon on package import so adoption metrics capture executed SDK loads before guard construction. Install IDs persist in ~/.agentguard/install.json and telemetry remains best effort.
+
 ## 0.2.1
 
 - Beacon endpoint moved from merchantguard.ai to agentguard.run for clean positioning. No SDK behavior change.

package/LICENSE

@@ -1,4 +1,4 @@
-AgentGuard(TM) Spend SDK — Alpha License
+AgentGuard(TM) Spend SDK - Alpha License
 Copyright (c) 2026 Dunecrest Ventures Inc.
 
 1. SCOPE.

package/README.es-419.md

@@ -1,128 +1,54 @@
 # @agentguard-run/spend
 
-> Límites de gasto de tiempo de ejecución local y enrutamiento de modelos con capacidades para agentes de IA.
-
-Cada decisión de política se ejecuta dentro de su proceso. Los prompts, claves API del proveedor y claves de firma nunca salen de su entorno de ejecución. Cada decisión de aplicación produce un recibo firmado con Ed25519, encadenado por hash, apto para auditoría y revisión de cumplimiento.
+> Límites de gasto en runtime local, enrutamiento de modelos por capacidad y recibos firmados para agentes de IA.
 
 > Disponible también en: [English](README.md) · [Português (BR)](README.pt-BR.md)
 
-## Por qué sin proxy
-
-Cada competidor financiado en gobernanza del gasto en IA (Portkey, Helicone, LiteLLM, Cloudflare AI Gateway, Vercel AI Gateway) usa proxy sobre su tráfico. Eso significa que sus prompts y claves de proveedor pasan por la infraestructura de ellos. `@agentguard-run/spend` nunca ve nada de eso. La política corre en su proceso. El registro firmado vive en su almacenamiento.
+Cada decisión de política corre dentro de su proceso. Prompts, respuestas, claves API del proveedor, claves de firma, políticas y overrides de costo nunca van a infraestructura de AgentGuard. Las llamadas a OpenRouter salen directo desde su runtime hacia `openrouter.ai` con su clave.
 
-## Instalación
+## Quickstart en 90 segundos
 
 ```bash
 npm install @agentguard-run/spend
-# o
-pnpm add @agentguard-run/spend
-# o
-yarn add @agentguard-run/spend
+agentguard auth openrouter
+agentguard wizard
 ```
 
-## Inicio rápido
-
-```ts
-import OpenAI from 'openai';
-import {
-  withSpendGuard,
-  AgentGuardBlockedError,
-  type SpendPolicy,
-} from '@agentguard-run/spend';
-import { randomBytes } from 'crypto';
-
-const policy: SpendPolicy = {
-  id: 'finance-ops-v1',
-  name: 'Límites diarios de operaciones financieras',
-  scope: { tenantId: 'acme-corp' },
-  caps: [
-    {
-      amountCents: 500,
-      window: 'per_day',
-      action: 'downgrade',
-      downgradeTo: 'gpt-4o-mini',
-      reason: 'Límite blando diario alcanzado, enrutando al modelo más económico',
-    },
-    {
-      amountCents: 2000,
-      window: 'per_day',
-      action: 'block',
-      reason: 'Tope diario duro',
-    },
-  ],
-  mode: 'enforce',
-  version: 1,
-  effectiveFrom: '2026-05-24T00:00:00Z',
-};
-
-const privateKey = new Uint8Array(randomBytes(32));
-
-const client = withSpendGuard(new OpenAI(), {
-  policy,
-  scope: { tenantId: 'acme-corp', agentId: 'finance-bot' },
-  config: {
-    policy,
-    signingKeys: {
-      privateKey,
-      publicKey: new Uint8Array(32),  // derivar de privateKey en producción
-    },
-    locale: 'es-419',  // opcional - también detecta automáticamente
-  },
-});
-
-try {
-  const completion = await client.chat.completions.create({
-    model: 'gpt-4o',
-    messages: [{ role: 'user', content: 'Hola' }],
-  });
-} catch (err) {
-  if (err instanceof AgentGuardBlockedError) {
-    // El mensaje será mostrado en español por el detector de locale
-    console.error(err.message);
-  }
-}
-```
+El wizard escribe `~/.agentguard/policy.yaml`, `~/.agentguard/quickstart.ts` y `~/.agentguard/quickstart.py`. También imprime el snippet listo para pegar en su app.
 
-Cuando se dispara la política:
+## Por qué OpenRouter
 
-| Acción      | Resultado                                                                          |
-|-------------|------------------------------------------------------------------------------------|
-| `allow`     | La llamada pasa sin modificaciones                                                 |
-| `downgrade` | El parámetro `model` se reescribe a `downgradeTo`, luego la llamada continúa       |
-| `block`     | Se lanza `AgentGuardBlockedError` antes de contactar al proveedor                  |
-| `shadow`    | La llamada pasa; la decisión se registra solo para análisis                        |
+Una clave de OpenRouter da acceso a cientos de modelos de muchos proveedores. Finanzas ve una factura. AgentGuard aplica quién usa qué, qué tiers de tarea pueden llegar a qué modelos y cuánto puede gastar cada llamada. La clave vive en `OPENROUTER_API_KEY` o `~/.agentguard/openrouter-key` con modo `600`.
 
-## Localización (v0.1.4+)
-
-Los mensajes de bloqueo legibles están localizados en **inglés (en-US)**, **español de América Latina (es-419)** y **portugués brasileño (pt-BR)**. La resolución del locale sigue la cadena de prioridad estándar:
+```bash
+agentguard models --sync-pricing
+agentguard models --task payment-approval
+agentguard models --search gpt-4o --json
+```
 
-1. Configuración explícita: `config: { locale: 'es-419', ... }`
-2. Variable de entorno: `export AGENTGUARD_LOCALE=es-419`
-3. Variables de entorno del sistema: `LC_ALL`, `LC_MESSAGES`, `LANG`
-4. `Intl.DateTimeFormat().resolvedOptions().locale` (navegador / Deno / Bun)
-5. Respaldo: `en-US`
+Los overrides de precios se guardan localmente en `~/.agentguard/cost-overrides.json`.
 
-## Estado
+## Verificar cualquier recibo
 
-Vista previa privada. Diseñado para integración empresarial, OEM y de plataforma.
+Comparta https://agentguard.run/verify con su auditor. Pegue un recibo y la clave pública en el navegador para verificar firma Ed25519, hash de entrada y enlace de cadena. El recibo nunca sale de la página.
 
-Para acceso a evaluación, licencias OEM o consultas de asociación estratégica: `invest@agentguard.run`
+```bash
+agentguard demo
+agentguard verify --trace latest
+```
 
-## Licencia y umbrales de uso
+## Templates de tarea
 
-El SDK es **gratuito** para:
+`agentguard wizard` incluye `risk-review`, `payment-approval`, `chargeback-evidence`, `agent-support` y `code-scan`. Cada template define modelos OpenRouter recomendados, tier de capacidad, fallback, caps e instrucciones de sistema.
 
-- Evaluación, prototipado y desarrollo no comercial a cualquier volumen
-- Despliegues de producción que procesan **hasta 10 000 llamadas de aplicación por mes calendario**
+## Sin proxy
 
-Se requiere una licencia comercial separada para volúmenes mayores o redistribución. Consultas: `invest@agentguard.run`
+AgentGuard Spend es una biblioteca, no un gateway. No proxyea tráfico, no guarda prompts, no retiene claves de proveedor y no aloja estado de política. El log firmado vive en su almacenamiento.
 
-## Aviso de patentes
+## Telemetría
 
-Protegido por solicitudes de patente pendientes en EE. UU. (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626; 64/071,781; 64/071,789).
+La telemetría es opt-in. Use `AGENTGUARD_TELEMETRY=1` o `agentguard telemetry enable`. El beacon envía solo versión del SDK, runtime, familia de OS, ID anónimo de instalación, flag de CI, flag de TTY y nombre del evento. No envía prompts, respuestas, claves de proveedor, claves de firma, detalles de política ni overrides de costo.
 
-## Enlaces
+## Aviso de patentes
 
-- agentguard.run
-- Contacto: `invest@agentguard.run`
-- SDK Python: [`agentguard-spend`](https://pypi.org/project/agentguard-spend/)
+Protegido por tecnología con patente pendiente en EE. UU. (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626; 64/071,781; 64/071,789). Aviso constructivo bajo 35 U.S.C. § 287. Patentes adicionales pendientes.

package/README.md

@@ -1,165 +1,91 @@
 # @agentguard-run/spend
 
-> Local-runtime spend caps and capability-gated model routing for AI agents.
+> Local-runtime spend caps, capability-gated model routing, and signed receipts for AI agents.
 
 > Also available in: [Español (LATAM)](README.es-419.md) · [Português (BR)](README.pt-BR.md)
 
-Every policy decision runs inside your process. Prompts, provider API keys, and signing keys never leave your runtime. Each enforcement decision produces an Ed25519-signed, hash-chained receipt suitable for audit and compliance review.
+Every policy decision runs inside your process. Prompts, completions, provider API keys, signing keys, policies, and cost overrides never go to AgentGuard infrastructure. OpenRouter calls go directly from your runtime to `openrouter.ai` with your key.
 
-## Why no proxy
+## Quickstart in 90 seconds
 
-Every funded competitor in AI spend governance (Portkey, Helicone, LiteLLM, Cloudflare AI Gateway, Vercel AI Gateway) proxies your traffic. That means your prompts and provider keys flow through their infrastructure. AgentGuard Spend never sees any of that. The policy runs in your process. The signed log lives in your storage.
-
-The procurement consequence: your security review covers this SDK like any other library, not like a vendor that handles your data.
-
-## Status
-
-Private preview. Designed for enterprise, OEM, and platform integration.
-
-For evaluation access, OEM licensing, or strategic partnership inquiries: `invest@agentguard.run`
-
-## Architecture
-
-```
-Your code
-   │
-   ▼
- withSpendGuard(openai, { policy, scope })
-   ├── estimate tokens
-   ├── evaluatePolicy()  ──►  SpendStore (your storage)
-   ├── signDecision() with Ed25519
-   ├── append to DecisionLog (your storage)
-   └── pass-through / downgrade / block
-   │
-   ▼
- Provider (OpenAI / Anthropic / Bedrock)
+```bash
+npm install @agentguard-run/spend
+agentguard auth openrouter
+agentguard wizard
 ```
 
-No part of this picture sends data to AgentGuard infrastructure.
+The wizard writes:
 
-## Quick start
+- `~/.agentguard/policy.yaml`
+- `~/.agentguard/quickstart.ts`
+- `~/.agentguard/quickstart.py`
 
-```bash
-npm install @agentguard-run/spend
-```
+It also prints the snippet to paste into your app:
 
 ```ts
-import OpenAI from 'openai';
-import { randomBytes } from 'node:crypto';
-import * as ed from '@noble/ed25519';
-import {
-  withSpendGuard,
-  type SpendPolicy,
-} from '@agentguard-run/spend';
-
-// Generate or load your signing keys. They never leave your runtime.
-// In production these come from your HSM / KMS / Vault.
-const privateKey = randomBytes(32);            // 32-byte Ed25519 secret seed
-const publicKey  = await ed.getPublicKeyAsync(privateKey);
-
-const policy: SpendPolicy = {
-  id: 'finance-ops-v1',
-  name: 'Finance ops daily caps',
-  version: 1,
-  effectiveFrom: new Date().toISOString(),
-  mode: 'enforce',
-  scope: { tenantId: 'acme-corp' },
-  caps: [
-    {
-      amountCents: 500,
-      window: 'per_day',
-      action: 'downgrade',
-      downgradeTo: 'claude-sonnet-4-6',
-      reason: 'Opus daily soft cap reached, route to Sonnet',
-    },
-    {
-      amountCents: 1000,
-      window: 'per_day',
-      action: 'block',
-      reason: 'Hard daily ceiling',
-    },
-  ],
-};
-
-const openai = new OpenAI();
-const guarded = withSpendGuard(openai, {
-  policy,
-  scope: { tenantId: 'acme-corp', userId: 'alice', agentId: 'finance-bot' },
-  config: { signingKeys: { privateKey, publicKey } },
-});
-
-// Drop-in: same API as openai.chat.completions.create
-const completion = await guarded.chat.completions.create({
-  model: 'gpt-4o',
-  messages: [{ role: 'user', content: 'Hello' }],
+const response = await guardedClient.chat.completions.create({
+  model: 'openai/gpt-4o-mini',
+  messages: [{ role: 'user', content: 'Run the governed task.' }],
 });
 ```
 
-When the policy fires:
+Then run your agent. AgentGuard decides locally before any provider call starts, signs the receipt, and applies allow, downgrade, shadow, or block.
 
-| Action | Result |
-|---|---|
-| `allow` | Call passes through unchanged |
-| `downgrade` | The `model` parameter is rewritten to `downgradeTo`, then the call proceeds |
-| `block` | An `AgentGuardBlockedError` is thrown before the provider is contacted |
-| `shadow` | Call passes through; the decision is logged for analysis but no enforcement happens |
+## Why OpenRouter?
 
-## Capability-gated escalation
+One OpenRouter key gives your team access to hundreds of models across many providers. Your CFO sees one invoice. AgentGuard enforces who uses what, which task tiers can reach which models, and what each call can spend. The OpenRouter key can live in `OPENROUTER_API_KEY` or `~/.agentguard/openrouter-key` with mode `600`.
 
-You can require a capability tier on a policy:
+Sync pricing when you want local cost math refreshed:
 
-```ts
-const policy: SpendPolicy = {
-  // ...
-  requiredCapability: 'payment_initiate',
-};
+```bash
+agentguard models --sync-pricing
+agentguard models --task payment-approval
+agentguard models --search gpt-4o --json
 ```
 
-Calls that do not present a `capabilityClaim` at or above this tier are blocked immediately. Tiers (ascending): `read_only` < `data_write` < `payment_initiate` < `payment_execute`.
+Pricing overrides are stored locally in `~/.agentguard/cost-overrides.json`.
 
-## Verifying a signed log
+## Verify any receipt
 
-Anyone with the public key can verify the chain:
+Share https://agentguard.run/verify with an auditor or reviewer. Paste a receipt and public key in the browser to verify the Ed25519 signature, entry hash, and chain link. The receipt never leaves the page.
 
-```ts
-import { verifyChain } from '@agentguard-run/spend';
+CLI verification is still local:
 
-const entries = await loadEntries(); // from your storage
-const result = await verifyChain(entries, publicKey);
-if (!result.ok) {
-  console.error('chain invalid at sequence', result.sequence, ':', result.reason);
-}
+```bash
+agentguard demo
+agentguard verify --trace latest
 ```
 
-Each entry binds the previous entry's hash via SHA-256 and is signed with Ed25519. Tampering with any field of any entry invalidates the chain from that point forward.
+## Task templates
 
-## License & usage thresholds
+`agentguard wizard` ships templates for:
 
-The SDK is **free** for:
+- `risk-review`: read-only review with a $0.50 per-call cap
+- `payment-approval`: payment initiation review with a $5.00 per-call cap
+- `chargeback-evidence`: evidence assembly with a $1.00 per-call cap
+- `agent-support`: data-write support workflow with a $0.25 per-call cap
+- `code-scan`: long-context read-only scan with a $0.10 per-call cap
 
-- Evaluation, prototyping, and non-commercial development at any volume
-- Production deployments processing **up to 10,000 enforcement calls per calendar month**
+Each template sets recommended OpenRouter model assignments, capability tier, fallback model, caps, and system instructions.
 
-A separate commercial license is required for:
+## Provider bindings
 
-- Production deployments processing **more than 10,000 enforcement calls per month**
-- Deployments operated as a service to third parties
-- Redistribution, sublicensing, public hosting, republication
+TypeScript includes native OpenAI, Anthropic, and Bedrock bindings. Streaming usage is settled from provider usage events when available, with local token-estimator fallback when usage is missing. Settlement entries are signed into the same hash chain as enforcement decisions.
 
-Inbound commercial-license inquiries: `invest@agentguard.run`
+Python includes OpenAI, Anthropic, Bedrock, LangChain, CrewAI, and LlamaIndex integration helpers.
 
-Full terms in `LICENSE`. All patent rights expressly reserved (see Section 2 of `LICENSE`).
+## No proxy
 
-## Patent notice
+AgentGuard Spend is a library, not a gateway. It does not proxy traffic, store prompts, hold provider keys, or host policy state. The signed log lives in your storage.
 
-Protected by 6 U.S. patent-pending applications:
+## Telemetry
 
-- 63/983,615 · 63/983,621 · 63/983,843 · 63/984,626 (filed February 2026)
-- 64/071,781 · 64/071,789 (filed May 21, 2026)
+Telemetry is opt-in. Set `AGENTGUARD_TELEMETRY=1` or run `agentguard telemetry enable`. The beacon sends only SDK version, runtime, OS family, anonymous install ID, CI flag, TTY flag, and event name. No prompts, completions, provider keys, signing keys, policy details, or cost overrides are sent.
 
-See `LICENSE` Section 7.
+## License and usage thresholds
 
-## Links
+The SDK is free for evaluation, prototyping, non-commercial development, and production deployments processing up to 10,000 enforcement calls per calendar month. Commercial use above that threshold requires a paid license from Dunecrest Ventures Inc. Full terms are in `LICENSE`.
+
+## Patent notice
 
-- agentguard.run
-- Contact: `invest@agentguard.run`
+Protected by U.S. patent-pending technology (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626; 64/071,781; 64/071,789). 35 U.S.C. § 287 constructive notice. Additional patents pending.

package/README.pt-BR.md

@@ -1,128 +1,54 @@
 # @agentguard-run/spend
 
-> Limites de gasto em tempo de execução local e roteamento de modelos com capacidades para agentes de IA.
-
-Toda decisão de política é executada dentro do seu processo. Prompts, chaves de API do provedor e chaves de assinatura nunca saem do seu runtime. Cada decisão de aplicação produz um recibo assinado com Ed25519, encadeado por hash, adequado para auditoria e revisão de compliance.
+> Limites de gasto no runtime local, roteamento de modelos por capacidade e recibos assinados para agentes de IA.
 
 > Disponível também em: [English](README.md) · [Español (LATAM)](README.es-419.md)
 
-## Por que sem proxy
-
-Todo concorrente financiado em governança de gasto em IA (Portkey, Helicone, LiteLLM, Cloudflare AI Gateway, Vercel AI Gateway) faz proxy do seu tráfego. Isso significa que seus prompts e chaves de provedor passam pela infraestrutura deles. `@agentguard-run/spend` nunca vê nada disso. A política roda no seu processo. O log assinado vive no seu armazenamento.
+Cada decisão de política roda dentro do seu processo. Prompts, respostas, chaves API do provedor, chaves de assinatura, políticas e overrides de custo nunca vão para a infraestrutura da AgentGuard. Chamadas OpenRouter saem direto do seu runtime para `openrouter.ai` com a sua chave.
 
-## Instalação
+## Quickstart em 90 segundos
 
 ```bash
 npm install @agentguard-run/spend
-# ou
-pnpm add @agentguard-run/spend
-# ou
-yarn add @agentguard-run/spend
+agentguard auth openrouter
+agentguard wizard
 ```
 
-## Quickstart
-
-```ts
-import OpenAI from 'openai';
-import {
-  withSpendGuard,
-  AgentGuardBlockedError,
-  type SpendPolicy,
-} from '@agentguard-run/spend';
-import { randomBytes } from 'crypto';
-
-const policy: SpendPolicy = {
-  id: 'finance-ops-v1',
-  name: 'Limites diários de operações financeiras',
-  scope: { tenantId: 'acme-corp' },
-  caps: [
-    {
-      amountCents: 500,
-      window: 'per_day',
-      action: 'downgrade',
-      downgradeTo: 'gpt-4o-mini',
-      reason: 'Limite leve diário atingido, redirecionando para modelo mais barato',
-    },
-    {
-      amountCents: 2000,
-      window: 'per_day',
-      action: 'block',
-      reason: 'Teto diário rígido',
-    },
-  ],
-  mode: 'enforce',
-  version: 1,
-  effectiveFrom: '2026-05-24T00:00:00Z',
-};
-
-const privateKey = new Uint8Array(randomBytes(32));
-
-const client = withSpendGuard(new OpenAI(), {
-  policy,
-  scope: { tenantId: 'acme-corp', agentId: 'finance-bot' },
-  config: {
-    policy,
-    signingKeys: {
-      privateKey,
-      publicKey: new Uint8Array(32),  // derivar de privateKey em produção
-    },
-    locale: 'pt-BR',  // opcional - também detecta automaticamente
-  },
-});
-
-try {
-  const completion = await client.chat.completions.create({
-    model: 'gpt-4o',
-    messages: [{ role: 'user', content: 'Olá' }],
-  });
-} catch (err) {
-  if (err instanceof AgentGuardBlockedError) {
-    // A mensagem será exibida em português pelo detector de locale
-    console.error(err.message);
-  }
-}
-```
+O wizard escreve `~/.agentguard/policy.yaml`, `~/.agentguard/quickstart.ts` e `~/.agentguard/quickstart.py`. Ele também imprime o snippet pronto para colar no app.
 
-Quando a política dispara:
+## Por que OpenRouter
 
-| Ação        | Resultado                                                                                |
-|-------------|------------------------------------------------------------------------------------------|
-| `allow`     | A chamada passa sem alterações                                                           |
-| `downgrade` | O parâmetro `model` é reescrito para `downgradeTo`, então a chamada prossegue            |
-| `block`     | `AgentGuardBlockedError` é lançado antes de contatar o provedor                          |
-| `shadow`    | A chamada passa; a decisão é registrada apenas para análise                              |
+Uma chave OpenRouter dá acesso a centenas de modelos de muitos provedores. Finanças vê uma fatura. AgentGuard aplica quem usa o quê, quais tiers de tarefa podem acessar quais modelos e quanto cada chamada pode gastar. A chave fica em `OPENROUTER_API_KEY` ou `~/.agentguard/openrouter-key` com modo `600`.
 
-## Localização (v0.1.4+)
-
-Mensagens de bloqueio legíveis estão localizadas em **inglês (en-US)**, **espanhol latino-americano (es-419)** e **português brasileiro (pt-BR)**. A resolução do locale segue a cadeia de prioridade padrão:
+```bash
+agentguard models --sync-pricing
+agentguard models --task payment-approval
+agentguard models --search gpt-4o --json
+```
 
-1. Configuração explícita: `config: { locale: 'pt-BR', ... }`
-2. Variável de ambiente: `export AGENTGUARD_LOCALE=pt-BR`
-3. Variáveis de ambiente do sistema: `LC_ALL`, `LC_MESSAGES`, `LANG`
-4. `Intl.DateTimeFormat().resolvedOptions().locale` (browser / Deno / Bun)
-5. Fallback: `en-US`
+Overrides de preço ficam localmente em `~/.agentguard/cost-overrides.json`.
 
-## Status
+## Verificar qualquer recibo
 
-Preview privado. Projetado para integração corporativa, OEM e de plataforma.
+Compartilhe https://agentguard.run/verify com seu auditor. Cole um recibo e a chave pública no navegador para verificar assinatura Ed25519, hash da entrada e link da cadeia. O recibo nunca sai da página.
 
-Para acesso de avaliação, licenciamento OEM ou consultas de parceria estratégica: `invest@agentguard.run`
+```bash
+agentguard demo
+agentguard verify --trace latest
+```
 
-## Licença e limiares de uso
+## Templates de tarefa
 
-O SDK é **gratuito** para:
+`agentguard wizard` inclui `risk-review`, `payment-approval`, `chargeback-evidence`, `agent-support` e `code-scan`. Cada template define modelos OpenRouter recomendados, tier de capacidade, fallback, caps e instruções de sistema.
 
-- Avaliação, prototipagem e desenvolvimento não comercial em qualquer volume
-- Implantações de produção processando **até 10.000 chamadas de aplicação por mês calendário**
+## Sem proxy
 
-Uma licença comercial separada é necessária para volumes maiores ou redistribuição. Consultas: `invest@agentguard.run`
+AgentGuard Spend é uma biblioteca, não um gateway. Não faz proxy de tráfego, não guarda prompts, não retém chaves de provedor e não hospeda estado de política. O log assinado vive no seu armazenamento.
 
-## Aviso de patentes
+## Telemetria
 
-Protegido por aplicações de patente pendentes nos EUA (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626; 64/071,781; 64/071,789).
+A telemetria é opt-in. Use `AGENTGUARD_TELEMETRY=1` ou `agentguard telemetry enable`. O beacon envia somente versão do SDK, runtime, família de OS, ID anônimo de instalação, flag de CI, flag de TTY e nome do evento. Não envia prompts, respostas, chaves de provedor, chaves de assinatura, detalhes de política nem overrides de custo.
 
-## Links
+## Aviso de patentes
 
-- agentguard.run
-- Contato: `invest@agentguard.run`
-- SDK Python: [`agentguard-spend`](https://pypi.org/project/agentguard-spend/)
+Protegido por tecnologia com patente pendente nos EUA (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626; 64/071,781; 64/071,789). Aviso construtivo sob 35 U.S.C. § 287. Patentes adicionais pendentes.

package/dist/bindings/anthropic.d.ts

@@ -0,0 +1,11 @@
+/** Native Anthropic binding for AgentGuard Spend. */
+import type { CapabilityTier, SpendPolicy, SpendScope } from '../types';
+import { type SpendGuardConfig } from '../spend-guard';
+export interface AnthropicBindingOptions {
+    policy: SpendPolicy;
+    scope: SpendScope;
+    capabilityClaim?: CapabilityTier;
+    config?: Omit<SpendGuardConfig, 'policy'>;
+}
+export declare function withSpendGuardAnthropic(client: any, opts: AnthropicBindingOptions): any;
+//# sourceMappingURL=anthropic.d.ts.map

package/dist/bindings/anthropic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"anthropic.d.ts","sourceRoot":"","sources":["../../src/bindings/anthropic.ts"],"names":[],"mappings":"AAAA,qDAAqD;AAErD,OAAO,KAAK,EAAE,cAAc,EAAyB,WAAW,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAC/F,OAAO,EAGL,KAAK,gBAAgB,EAMtB,MAAM,gBAAgB,CAAC;AAExB,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,WAAW,CAAC;IACpB,KAAK,EAAE,UAAU,CAAC;IAClB,eAAe,CAAC,EAAE,cAAc,CAAC;IACjC,MAAM,CAAC,EAAE,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;CAC3C;AAED,wBAAgB,uBAAuB,CAErC,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,uBAAuB,GAE5B,GAAG,CAyCL"}