@axonflow/sdk 1.2.0 → 1.3.0

package/dist/cjs/client.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AxonFlow = void 0;
+const errors_1 = require("./errors");
 const openai_1 = require("./interceptors/openai");
 const anthropic_1 = require("./interceptors/anthropic");
 const helpers_1 = require("./utils/helpers");
@@ -10,24 +11,49 @@ const helpers_1 = require("./utils/helpers");
 class AxonFlow {
     constructor(config) {
         this.interceptors = [];
-        // Set defaults
+        // Set defaults first to determine endpoint
+        const endpoint = config.endpoint || 'https://staging-eu.getaxonflow.com';
+        // Check if running in self-hosted mode (localhost)
+        const isLocalhost = endpoint.includes('localhost') || endpoint.includes('127.0.0.1');
+        // License key is optional for self-hosted deployments
+        // When not provided, agent must have SELF_HOSTED_MODE=true
+        if (!isLocalhost && !config.licenseKey && !config.apiKey) {
+            throw new Error('Either licenseKey or apiKey must be provided for non-localhost endpoints');
+        }
+        if (isLocalhost && !config.licenseKey && !config.apiKey && config.debug) {
+            console.warn('[AxonFlow] No license key provided - ensure agent has SELF_HOSTED_MODE=true');
+        }
+        // Set configuration
         this.config = {
             apiKey: config.apiKey,
-            endpoint: config.endpoint || 'https://staging-eu.getaxonflow.com',
-            mode: config.mode || 'production',
+            licenseKey: config.licenseKey,
+            endpoint,
+            mode: config.mode || (isLocalhost ? 'sandbox' : 'production'),
             tenant: config.tenant || 'default',
             debug: config.debug || false,
             timeout: config.timeout || 30000,
-            retry: config.retry || { enabled: true, maxAttempts: 3, delay: 1000 },
-            cache: config.cache || { enabled: true, ttl: 60000 }
+            retry: {
+                enabled: config.retry?.enabled !== false,
+                maxAttempts: config.retry?.maxAttempts || 3,
+                delay: config.retry?.delay || 1000,
+            },
+            cache: {
+                enabled: config.cache?.enabled !== false,
+                ttl: config.cache?.ttl || 60000,
+            },
         };
         // Initialize interceptors
-        this.interceptors = [
-            new openai_1.OpenAIInterceptor(),
-            new anthropic_1.AnthropicInterceptor()
-        ];
+        this.interceptors = [new openai_1.OpenAIInterceptor(), new anthropic_1.AnthropicInterceptor()];
         if (this.config.debug) {
-            (0, helpers_1.debugLog)('AxonFlow initialized', { mode: this.config.mode, endpoint: this.config.endpoint });
+            (0, helpers_1.debugLog)('AxonFlow initialized', {
+                mode: this.config.mode,
+                endpoint: this.config.endpoint,
+                authMethod: isLocalhost
+                    ? 'self-hosted (no auth)'
+                    : this.config.licenseKey
+                        ? 'license-key'
+                        : 'api-key',
+            });
         }
     }
     /**
@@ -48,7 +74,7 @@ class AxonFlow {
                 timestamp: Date.now(),
                 aiRequest,
                 mode: this.config.mode,
-                tenant: this.config.tenant
+                tenant: this.config.tenant,
             };
             // Check policies with AxonFlow Agent
             const governanceResponse = await this.checkPolicies(governanceRequest);
@@ -93,7 +119,7 @@ class AxonFlow {
             provider: 'unknown',
             model: 'unknown',
             prompt: aiCall.toString(),
-            parameters: {}
+            parameters: {},
         };
     }
     /**
@@ -104,7 +130,7 @@ class AxonFlow {
         // Transform SDK request to Agent API format
         const agentRequest = {
             query: request.aiRequest.prompt,
-            user_token: this.config.apiKey,
+            user_token: this.config.apiKey || '',
             client_id: this.config.tenant,
             request_type: 'llm_chat',
             context: {
@@ -112,16 +138,23 @@ class AxonFlow {
                 model: request.aiRequest.model,
                 parameters: request.aiRequest.parameters,
                 requestId: request.requestId,
-                mode: this.config.mode
-            }
+                mode: this.config.mode,
+            },
+        };
+        const headers = {
+            'Content-Type': 'application/json',
         };
+        // Add license key header if available (preferred auth method)
+        // Skip auth headers for localhost (self-hosted mode)
+        const isLocalhost = this.config.endpoint.includes('localhost') || this.config.endpoint.includes('127.0.0.1');
+        if (!isLocalhost && this.config.licenseKey) {
+            headers['X-License-Key'] = this.config.licenseKey;
+        }
         const response = await fetch(url, {
             method: 'POST',
-            headers: {
-                'Content-Type': 'application/json'
-            },
+            headers,
             body: JSON.stringify(agentRequest),
-            signal: AbortSignal.timeout(this.config.timeout)
+            signal: AbortSignal.timeout(this.config.timeout),
         });
         if (!response.ok) {
             const errorText = await response.text();
@@ -129,23 +162,29 @@ class AxonFlow {
         }
         const agentResponse = await response.json();
         // Transform Agent API response to SDK format
+        // Extract policy name from policy_info if available
+        const policyName = agentResponse.policy_info?.policies_evaluated?.[0] || 'agent-policy';
         return {
             requestId: request.requestId,
             allowed: !agentResponse.blocked,
-            violations: agentResponse.blocked ? [{
-                    type: 'security',
-                    severity: 'high',
-                    description: agentResponse.block_reason || 'Request blocked by policy',
-                    policy: 'agent-policy',
-                    action: 'blocked'
-                }] : [],
+            violations: agentResponse.blocked
+                ? [
+                    {
+                        type: 'security',
+                        severity: 'high',
+                        description: agentResponse.block_reason || 'Request blocked by policy',
+                        policy: policyName,
+                        action: 'blocked',
+                    },
+                ]
+                : [],
             modifiedRequest: agentResponse.data,
-            policies: [],
+            policies: agentResponse.policy_info?.policies_evaluated || [],
             audit: {
                 timestamp: Date.now(),
                 duration: parseInt(agentResponse.policy_info?.processing_time?.replace('ms', '') || '0'),
-                tenant: this.config.tenant
-            }
+                tenant: this.config.tenant,
+            },
         };
     }
     /**
@@ -158,7 +197,7 @@ class AxonFlow {
             (0, helpers_1.debugLog)('Request processed', {
                 allowed: response.allowed,
                 violations: response.violations?.length || 0,
-                duration: response.audit.duration
+                duration: response.audit.duration,
             });
         }
     }
@@ -166,9 +205,9 @@ class AxonFlow {
      * Check if an error is from AxonFlow (vs the AI provider)
      */
     isAxonFlowError(error) {
-        return error?.message?.includes('AxonFlow') ||
+        return (error?.message?.includes('AxonFlow') ||
             error?.message?.includes('governance') ||
-            error?.message?.includes('fetch');
+            error?.message?.includes('fetch'));
     }
     /**
      * Create a sandbox client for testing
@@ -178,9 +217,176 @@ class AxonFlow {
             apiKey,
             mode: 'sandbox',
             endpoint: 'https://staging-eu.getaxonflow.com',
-            debug: true
+            debug: true,
         });
     }
+    // ============================================================================
+    // Proxy Mode Methods
+    // ============================================================================
+    /**
+     * Check if AxonFlow Agent is healthy and available.
+     *
+     * @returns HealthStatus object with agent health information
+     *
+     * @example
+     * ```typescript
+     * const health = await axonflow.healthCheck();
+     * if (health.status === 'healthy') {
+     *   console.log('Agent is healthy');
+     * }
+     * ```
+     */
+    async healthCheck() {
+        const url = `${this.config.endpoint}/health`;
+        try {
+            const response = await fetch(url, {
+                method: 'GET',
+                signal: AbortSignal.timeout(this.config.timeout),
+            });
+            if (!response.ok) {
+                return {
+                    status: 'unhealthy',
+                    components: {
+                        agent: { status: 'error', message: `HTTP ${response.status}` },
+                    },
+                };
+            }
+            const data = await response.json();
+            return {
+                status: data.status === 'healthy' ? 'healthy' : 'degraded',
+                version: data.version,
+                uptime: data.uptime,
+                components: data.components,
+            };
+        }
+        catch (error) {
+            if (this.config.debug) {
+                (0, helpers_1.debugLog)('Health check failed', error);
+            }
+            return {
+                status: 'unhealthy',
+                components: {
+                    agent: {
+                        status: 'error',
+                        message: error instanceof Error ? error.message : 'Unknown error',
+                    },
+                },
+            };
+        }
+    }
+    /**
+     * Execute a query through AxonFlow with policy enforcement (Proxy Mode).
+     *
+     * This is the primary method for Proxy Mode, where AxonFlow handles policy
+     * checking and optionally routes requests to LLM providers.
+     *
+     * @param options - Query execution options
+     * @returns ExecuteQueryResponse with results or error information
+     * @throws PolicyViolationError if request is blocked by policy
+     * @throws AuthenticationError if credentials are invalid
+     * @throws APIError for other API errors
+     *
+     * @example
+     * ```typescript
+     * const response = await axonflow.executeQuery({
+     *   userToken: 'user-123',
+     *   query: 'Explain quantum computing',
+     *   requestType: 'chat',
+     *   context: { provider: 'openai', model: 'gpt-4' }
+     * });
+     *
+     * if (response.success) {
+     *   console.log('Response:', response.data);
+     * }
+     * ```
+     */
+    async executeQuery(options) {
+        const agentRequest = {
+            query: options.query,
+            user_token: options.userToken,
+            client_id: this.config.tenant,
+            request_type: options.requestType,
+            context: options.context || {},
+        };
+        const url = `${this.config.endpoint}/api/request`;
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        // Add authentication headers
+        const isLocalhost = this.config.endpoint.includes('localhost') || this.config.endpoint.includes('127.0.0.1');
+        if (!isLocalhost) {
+            if (this.config.licenseKey) {
+                headers['X-License-Key'] = this.config.licenseKey;
+            }
+            else if (this.config.apiKey) {
+                headers['X-Client-Secret'] = this.config.apiKey;
+            }
+        }
+        if (this.config.debug) {
+            (0, helpers_1.debugLog)('Proxy Mode: executeQuery', {
+                requestType: options.requestType,
+                query: options.query.substring(0, 50),
+            });
+        }
+        const response = await fetch(url, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(agentRequest),
+            signal: AbortSignal.timeout(this.config.timeout),
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            if (response.status === 401 || response.status === 403) {
+                // Try to parse as JSON for policy violation info
+                try {
+                    const errorJson = JSON.parse(errorText);
+                    if (errorJson.blocked || errorJson.block_reason) {
+                        throw new errors_1.PolicyViolationError(errorJson.block_reason || 'Request blocked by policy', errorJson.policy_info?.policies_evaluated);
+                    }
+                }
+                catch (e) {
+                    if (e instanceof errors_1.PolicyViolationError)
+                        throw e;
+                }
+                throw new errors_1.AuthenticationError(`Request failed: ${errorText}`);
+            }
+            throw new errors_1.APIError(response.status, response.statusText, errorText);
+        }
+        const data = await response.json();
+        // Check for policy violation in successful response (some blocked responses return 200)
+        if (data.blocked) {
+            throw new errors_1.PolicyViolationError(data.block_reason || 'Request blocked by policy', data.policy_info?.policies_evaluated);
+        }
+        // Transform snake_case response to camelCase
+        const result = {
+            success: data.success,
+            data: data.data,
+            result: data.result,
+            planId: data.plan_id,
+            requestId: data.request_id,
+            metadata: data.metadata || {},
+            error: data.error,
+            blocked: data.blocked || false,
+            blockReason: data.block_reason,
+        };
+        // Parse policy info if present
+        if (data.policy_info) {
+            result.policyInfo = {
+                policiesEvaluated: data.policy_info.policies_evaluated || [],
+                staticChecks: data.policy_info.static_checks || [],
+                processingTime: data.policy_info.processing_time || '',
+                tenantId: data.policy_info.tenant_id || '',
+            };
+        }
+        if (this.config.debug) {
+            (0, helpers_1.debugLog)('Proxy Mode: executeQuery result', {
+                success: result.success,
+                blocked: result.blocked,
+                hasData: !!result.data,
+            });
+        }
+        return result;
+    }
     /**
      * List all available MCP connectors from the marketplace
      */
@@ -188,7 +394,7 @@ class AxonFlow {
         const url = `${this.config.endpoint}/api/connectors`;
         const response = await fetch(url, {
             method: 'GET',
-            signal: AbortSignal.timeout(this.config.timeout)
+            signal: AbortSignal.timeout(this.config.timeout),
         });
         if (!response.ok) {
             throw new Error(`Failed to list connectors: ${response.status} ${response.statusText}`);
@@ -204,14 +410,21 @@ class AxonFlow {
      */
     async installConnector(request) {
         const url = `${this.config.endpoint}/api/connectors/install`;
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        // Add authentication headers
+        if (this.config.licenseKey) {
+            headers['X-License-Key'] = this.config.licenseKey;
+        }
+        else if (this.config.apiKey) {
+            headers['X-Client-Secret'] = this.config.apiKey;
+        }
         const response = await fetch(url, {
             method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                'X-Client-Secret': this.config.apiKey
-            },
+            headers,
             body: JSON.stringify(request),
-            signal: AbortSignal.timeout(this.config.timeout)
+            signal: AbortSignal.timeout(this.config.timeout),
         });
         if (!response.ok) {
             const errorText = await response.text();
@@ -227,22 +440,26 @@ class AxonFlow {
     async queryConnector(connectorName, query, params) {
         const agentRequest = {
             query,
-            user_token: this.config.apiKey,
+            user_token: this.config.apiKey || '',
             client_id: this.config.tenant,
             request_type: 'mcp-query',
             context: {
                 connector: connectorName,
-                params: params || {}
-            }
+                params: params || {},
+            },
         };
         const url = `${this.config.endpoint}/api/request`;
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        if (this.config.licenseKey) {
+            headers['X-License-Key'] = this.config.licenseKey;
+        }
         const response = await fetch(url, {
             method: 'POST',
-            headers: {
-                'Content-Type': 'application/json'
-            },
+            headers,
             body: JSON.stringify(agentRequest),
-            signal: AbortSignal.timeout(this.config.timeout)
+            signal: AbortSignal.timeout(this.config.timeout),
         });
         if (!response.ok) {
             const errorText = await response.text();
@@ -256,28 +473,35 @@ class AxonFlow {
             success: agentResponse.success,
             data: agentResponse.data,
             error: agentResponse.error,
-            meta: agentResponse.metadata
+            meta: agentResponse.metadata,
         };
     }
     /**
      * Generate a multi-agent execution plan from a natural language query
+     * @param query - Natural language query describing the task
+     * @param domain - Optional domain hint (travel, healthcare, etc.)
+     * @param userToken - Optional user token for authentication (defaults to tenant/client_id)
      */
-    async generatePlan(query, domain) {
+    async generatePlan(query, domain, userToken) {
         const agentRequest = {
             query,
-            user_token: this.config.apiKey,
+            user_token: userToken || this.config.tenant,
             client_id: this.config.tenant,
             request_type: 'multi-agent-plan',
-            context: domain ? { domain } : {}
+            context: domain ? { domain } : {},
         };
         const url = `${this.config.endpoint}/api/request`;
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        if (this.config.licenseKey) {
+            headers['X-License-Key'] = this.config.licenseKey;
+        }
         const response = await fetch(url, {
             method: 'POST',
-            headers: {
-                'Content-Type': 'application/json'
-            },
+            headers,
             body: JSON.stringify(agentRequest),
-            signal: AbortSignal.timeout(this.config.timeout)
+            signal: AbortSignal.timeout(this.config.timeout),
         });
         if (!response.ok) {
             const errorText = await response.text();
@@ -296,28 +520,34 @@ class AxonFlow {
             domain: agentResponse.data?.domain || domain || 'generic',
             complexity: agentResponse.data?.complexity || 0,
             parallel: agentResponse.data?.parallel || false,
-            metadata: agentResponse.metadata || {}
+            metadata: agentResponse.metadata || {},
         };
     }
     /**
      * Execute a previously generated multi-agent plan
+     * @param planId - ID of the plan to execute
+     * @param userToken - Optional user token for authentication (defaults to tenant/client_id)
      */
-    async executePlan(planId) {
+    async executePlan(planId, userToken) {
         const agentRequest = {
             query: '',
-            user_token: this.config.apiKey,
+            user_token: userToken || this.config.tenant,
             client_id: this.config.tenant,
             request_type: 'execute-plan',
-            context: { plan_id: planId }
+            context: { plan_id: planId },
         };
         const url = `${this.config.endpoint}/api/request`;
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        if (this.config.licenseKey) {
+            headers['X-License-Key'] = this.config.licenseKey;
+        }
         const response = await fetch(url, {
             method: 'POST',
-            headers: {
-                'Content-Type': 'application/json'
-            },
+            headers,
             body: JSON.stringify(agentRequest),
-            signal: AbortSignal.timeout(this.config.timeout)
+            signal: AbortSignal.timeout(this.config.timeout),
         });
         if (!response.ok) {
             const errorText = await response.text();
@@ -333,7 +563,7 @@ class AxonFlow {
             result: agentResponse.result,
             stepResults: agentResponse.metadata?.step_results,
             error: agentResponse.error,
-            duration: agentResponse.metadata?.duration
+            duration: agentResponse.metadata?.duration,
         };
     }
     /**
@@ -343,7 +573,7 @@ class AxonFlow {
         const url = `${this.config.endpoint}/api/plans/${planId}`;
         const response = await fetch(url, {
             method: 'GET',
-            signal: AbortSignal.timeout(this.config.timeout)
+            signal: AbortSignal.timeout(this.config.timeout),
         });
         if (!response.ok) {
             const errorText = await response.text();
@@ -356,191 +586,209 @@ class AxonFlow {
             result: status.result,
             stepResults: status.step_results,
             error: status.error,
-            duration: status.duration
+            duration: status.duration,
         };
     }
-    // ===========================================================================
-    // Gateway Mode SDK Methods
-    // ===========================================================================
-    // Gateway Mode allows clients to make LLM calls directly while still using
-    // AxonFlow for policy enforcement and audit logging.
-    //
-    // Usage:
-    //   1. Call getPolicyApprovedContext() before making LLM call
-    //   2. Make LLM call directly to your provider (using returned approved data)
-    //   3. Call auditLLMCall() after to record the call for compliance
-    //
-    // Example:
-    //   const ctx = await axonflow.getPolicyApprovedContext({
-    //     userToken: 'user-jwt',
-    //     dataSources: ['postgres'],
-    //     query: 'Find patients with diabetes'
-    //   });
-    //   if (!ctx.approved) throw new Error(ctx.blockReason);
-    //
-    //   const llmResp = await openai.chat.completions.create({...});  // Your LLM call
-    //
-    //   await axonflow.auditLLMCall({
-    //     contextId: ctx.contextId,
-    //     responseSummary: 'Found 5 patients',
-    //     provider: 'openai',
-    //     model: 'gpt-4',
-    //     tokenUsage: { promptTokens: 100, completionTokens: 50, totalTokens: 150 },
-    //     latencyMs: 250
-    //   });
+    // ============================================================================
+    // Gateway Mode Methods
+    // ============================================================================
     /**
-     * Perform policy pre-check before making LLM call
-     *
-     * This is the first step in Gateway Mode. Call this before making your
-     * LLM call to ensure policy compliance.
+     * Gateway Mode: Pre-check policy approval before making a direct LLM call.
+     * Alias for getPolicyApprovedContext() for simpler API.
+     */
+    async preCheck(options) {
+        return this.getPolicyApprovedContext(options);
+    }
+    /**
+     * Gateway Mode: Get policy-approved context before making a direct LLM call.
      *
-     * @param request Pre-check request containing user token, query, and optional data sources
-     * @returns PolicyApprovalResult with context ID and approved data (if any)
+     * Use this when you want to:
+     * - Make direct LLM calls (not through AxonFlow proxy)
+     * - Have full control over your LLM provider/model selection
+     * - Minimize latency by calling LLM directly
      *
      * @example
-     * const result = await axonflow.getPolicyApprovedContext({
-     *   userToken: 'user-jwt-token',
-     *   dataSources: ['postgres', 'salesforce'],
-     *   query: 'Find all patients with recent lab results'
+     * ```typescript
+     * const ctx = await axonflow.getPolicyApprovedContext({
+     *   userToken: 'user-jwt',
+     *   query: 'Analyze this customer data',
+     *   dataSources: ['postgres']
      * });
      *
-     * if (!result.approved) {
-     *   throw new Error(`Request blocked: ${result.blockReason}`);
+     * if (!ctx.approved) {
+     *   throw new Error(`Blocked: ${ctx.blockReason}`);
      * }
      *
-     * // Use result.approvedData to build your LLM prompt
-     * const prompt = buildPrompt(result.approvedData);
+     * // Make direct LLM call with approved data
+     * const response = await openai.chat.completions.create({
+     *   model: 'gpt-4',
+     *   messages: [{ role: 'user', content: JSON.stringify(ctx.approvedData) }]
+     * });
+     *
+     * // Audit the call
+     * await axonflow.auditLLMCall({
+     *   contextId: ctx.contextId,
+     *   responseSummary: response.choices[0].message.content.substring(0, 100),
+     *   provider: 'openai',
+     *   model: 'gpt-4',
+     *   tokenUsage: {
+     *     promptTokens: response.usage.prompt_tokens,
+     *     completionTokens: response.usage.completion_tokens,
+     *     totalTokens: response.usage.total_tokens
+     *   },
+     *   latencyMs: 250
+     * });
+     * ```
      */
-    async getPolicyApprovedContext(request) {
+    async getPolicyApprovedContext(options) {
         const url = `${this.config.endpoint}/api/policy/pre-check`;
-        const body = {
-            user_token: request.userToken,
+        const requestBody = {
+            user_token: options.userToken,
             client_id: this.config.tenant,
-            query: request.query,
-            data_sources: request.dataSources || [],
-            context: request.context || {}
+            query: options.query,
+            data_sources: options.dataSources || [],
+            context: options.context || {},
+        };
+        const headers = {
+            'Content-Type': 'application/json',
         };
+        // Add authentication headers
+        const isLocalhost = this.config.endpoint.includes('localhost') || this.config.endpoint.includes('127.0.0.1');
+        if (!isLocalhost) {
+            if (this.config.licenseKey) {
+                headers['X-License-Key'] = this.config.licenseKey;
+            }
+            else if (this.config.apiKey) {
+                headers['X-Client-Secret'] = this.config.apiKey;
+            }
+        }
         if (this.config.debug) {
-            (0, helpers_1.debugLog)('Gateway pre-check request', {
-                query: request.query.substring(0, 50),
-                dataSources: request.dataSources
-            });
+            (0, helpers_1.debugLog)('Gateway Mode: Pre-check', { query: options.query.substring(0, 50) });
         }
-        const startTime = Date.now();
         const response = await fetch(url, {
             method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                'X-Client-Secret': this.config.apiKey,
-                'X-License-Key': this.config.apiKey
-            },
-            body: JSON.stringify(body),
-            signal: AbortSignal.timeout(this.config.timeout)
+            headers,
+            body: JSON.stringify(requestBody),
+            signal: AbortSignal.timeout(this.config.timeout),
         });
-        const duration = Date.now() - startTime;
         if (!response.ok) {
             const errorText = await response.text();
-            throw new Error(`Pre-check failed: ${response.status} ${response.statusText} - ${errorText}`);
+            if (response.status === 401 || response.status === 403) {
+                throw new errors_1.AuthenticationError(`Policy pre-check authentication failed: ${errorText}`);
+            }
+            throw new errors_1.APIError(response.status, response.statusText, errorText);
         }
         const data = await response.json();
-        if (this.config.debug) {
-            (0, helpers_1.debugLog)('Gateway pre-check complete', {
-                contextId: data.context_id,
-                approved: data.approved,
-                duration
-            });
-        }
-        return {
+        // Transform snake_case response to camelCase
+        // Default expiration to 5 minutes from now if not provided
+        const expiresAt = data.expires_at
+            ? new Date(data.expires_at)
+            : new Date(Date.now() + 5 * 60 * 1000);
+        const result = {
             contextId: data.context_id,
             approved: data.approved,
-            approvedData: data.approved_data,
+            approvedData: data.approved_data || {},
             policies: data.policies || [],
-            rateLimitInfo: data.rate_limit ? {
+            expiresAt,
+            blockReason: data.block_reason,
+        };
+        // Parse rate limit info if present
+        if (data.rate_limit) {
+            result.rateLimitInfo = {
                 limit: data.rate_limit.limit,
                 remaining: data.rate_limit.remaining,
-                resetAt: new Date(data.rate_limit.reset_at)
-            } : undefined,
-            expiresAt: new Date(data.expires_at),
-            blockReason: data.block_reason
-        };
+                resetAt: new Date(data.rate_limit.reset_at),
+            };
+        }
+        if (this.config.debug) {
+            (0, helpers_1.debugLog)('Gateway Mode: Pre-check result', {
+                approved: result.approved,
+                contextId: result.contextId,
+                policies: result.policies.length,
+            });
+        }
+        return result;
     }
     /**
-     * Report LLM call details for audit logging
-     *
-     * This is the second step in Gateway Mode. Call this after making your
-     * LLM call to record it in the audit trail.
+     * Gateway Mode: Audit an LLM call after completion.
      *
-     * @param contextId Context ID from getPolicyApprovedContext()
-     * @param responseSummary Brief summary of the LLM response (not full response)
-     * @param provider LLM provider name
-     * @param model Model name
-     * @param tokenUsage Token counts from LLM response
-     * @param latencyMs Time taken for LLM call in milliseconds
-     * @param metadata Optional additional metadata
-     * @returns AuditResult confirming the audit was recorded
+     * Call this after making a direct LLM call to log the audit trail.
+     * This is required for compliance and monitoring.
      *
      * @example
-     * const result = await axonflow.auditLLMCall(
-     *   ctx.contextId,
-     *   'Found 5 patients with recent lab results',
-     *   'openai',
-     *   'gpt-4',
-     *   { promptTokens: 100, completionTokens: 50, totalTokens: 150 },
-     *   250,
-     *   { sessionId: 'session-123' }
-     * );
+     * ```typescript
+     * await axonflow.auditLLMCall({
+     *   contextId: ctx.contextId,
+     *   responseSummary: 'Generated report with 5 items',
+     *   provider: 'openai',
+     *   model: 'gpt-4',
+     *   tokenUsage: {
+     *     promptTokens: 100,
+     *     completionTokens: 50,
+     *     totalTokens: 150
+     *   },
+     *   latencyMs: 250
+     * });
+     * ```
      */
-    async auditLLMCall(contextId, responseSummary, provider, model, tokenUsage, latencyMs, metadata) {
+    async auditLLMCall(options) {
         const url = `${this.config.endpoint}/api/audit/llm-call`;
-        const body = {
-            context_id: contextId,
+        const requestBody = {
+            context_id: options.contextId,
             client_id: this.config.tenant,
-            response_summary: responseSummary,
-            provider,
-            model,
+            response_summary: options.responseSummary,
+            provider: options.provider,
+            model: options.model,
             token_usage: {
-                prompt_tokens: tokenUsage.promptTokens,
-                completion_tokens: tokenUsage.completionTokens,
-                total_tokens: tokenUsage.totalTokens
+                prompt_tokens: options.tokenUsage.promptTokens,
+                completion_tokens: options.tokenUsage.completionTokens,
+                total_tokens: options.tokenUsage.totalTokens,
             },
-            latency_ms: latencyMs,
-            metadata
+            latency_ms: options.latencyMs,
+            metadata: options.metadata || {},
+        };
+        const headers = {
+            'Content-Type': 'application/json',
         };
+        // Add authentication headers
+        const isLocalhost = this.config.endpoint.includes('localhost') || this.config.endpoint.includes('127.0.0.1');
+        if (!isLocalhost) {
+            if (this.config.licenseKey) {
+                headers['X-License-Key'] = this.config.licenseKey;
+            }
+            else if (this.config.apiKey) {
+                headers['X-Client-Secret'] = this.config.apiKey;
+            }
+        }
         if (this.config.debug) {
-            (0, helpers_1.debugLog)('Gateway audit request', {
-                contextId,
-                provider,
-                model,
-                tokens: tokenUsage.totalTokens
+            (0, helpers_1.debugLog)('Gateway Mode: Audit', {
+                contextId: options.contextId,
+                provider: options.provider,
+                model: options.model,
             });
         }
-        const startTime = Date.now();
         const response = await fetch(url, {
             method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                'X-Client-Secret': this.config.apiKey,
-                'X-License-Key': this.config.apiKey
-            },
-            body: JSON.stringify(body),
-            signal: AbortSignal.timeout(this.config.timeout)
+            headers,
+            body: JSON.stringify(requestBody),
+            signal: AbortSignal.timeout(this.config.timeout),
         });
-        const duration = Date.now() - startTime;
         if (!response.ok) {
             const errorText = await response.text();
-            throw new Error(`Audit failed: ${response.status} ${response.statusText} - ${errorText}`);
+            if (response.status === 401 || response.status === 403) {
+                throw new errors_1.AuthenticationError(`Audit logging authentication failed: ${errorText}`);
+            }
+            throw new errors_1.APIError(response.status, response.statusText, errorText);
         }
         const data = await response.json();
-        if (this.config.debug) {
-            (0, helpers_1.debugLog)('Gateway audit complete', {
-                auditId: data.audit_id,
-                duration
-            });
-        }
-        return {
+        const result = {
             success: data.success,
-            auditId: data.audit_id
+            auditId: data.audit_id,
         };
+        if (this.config.debug) {
+            (0, helpers_1.debugLog)('Gateway Mode: Audit logged', { auditId: result.auditId });
+        }
+        return result;
     }
 }
 exports.AxonFlow = AxonFlow;