@axonflow/sdk 3.5.0 → 3.7.0

package/dist/esm/client.js

@@ -755,6 +755,142 @@ export class AxonFlow {
     async mcpExecute(options) {
         return this.mcpQuery(options);
     }
+    /**
+     * Validate an MCP request against configured policies without executing it.
+     * Use this when an external orchestrator (e.g., LangGraph, CrewAI) manages MCP execution
+     * but needs AxonFlow policy enforcement as a pre-execution gate.
+     *
+     * @example
+     * ```typescript
+     * const result = await axonflow.mcpCheckInput({
+     *   connectorType: 'postgres',
+     *   statement: 'SELECT * FROM users WHERE id = $1',
+     *   parameters: { '$1': '123' },
+     * });
+     *
+     * if (!result.allowed) {
+     *   console.log('Blocked:', result.block_reason);
+     * }
+     * ```
+     *
+     * @param options - Input check options including connector type and statement
+     * @returns MCPCheckInputResponse with allowed status and policy evaluation details
+     * @throws ConnectorError if the request fails (non-403 errors)
+     */
+    async mcpCheckInput(options) {
+        const url = `${this.config.endpoint}/api/v1/mcp/check-input`;
+        const headers = {
+            'Content-Type': 'application/json',
+            ...this.getAuthHeaders(),
+        };
+        const body = {
+            connector_type: options.connectorType,
+            statement: options.statement,
+        };
+        if (options.parameters) {
+            body.parameters = options.parameters;
+        }
+        if (options.operation) {
+            body.operation = options.operation;
+        }
+        if (this.config.debug) {
+            debugLog('MCP Check Input', {
+                connectorType: options.connectorType,
+                statement: options.statement.substring(0, 50),
+            });
+        }
+        const response = await fetch(url, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(body),
+            signal: AbortSignal.timeout(this.config.timeout),
+        });
+        const responseData = await response.json();
+        // 403 means policy blocked — this is a valid check response, not an error
+        if (!response.ok && response.status !== 403) {
+            throw new ConnectorError(responseData.error || 'MCP check-input failed', options.connectorType, 'check-input');
+        }
+        if (this.config.debug) {
+            debugLog('MCP Check Input result', {
+                connectorType: options.connectorType,
+                allowed: responseData.allowed,
+                policiesEvaluated: responseData.policies_evaluated,
+            });
+        }
+        return responseData;
+    }
+    /**
+     * Validate MCP response data against configured policies.
+     * Use this when an external orchestrator manages MCP execution but needs AxonFlow
+     * policy enforcement as a post-execution gate (PII redaction, exfiltration limits).
+     *
+     * @example
+     * ```typescript
+     * const result = await axonflow.mcpCheckOutput({
+     *   connectorType: 'postgres',
+     *   responseData: [{ id: 1, name: 'Alice', ssn: '123-45-6789' }],
+     *   rowCount: 1,
+     * });
+     *
+     * if (result.redacted_data) {
+     *   console.log('Data was redacted:', result.redacted_data);
+     * }
+     * if (result.exfiltration_info && !result.exfiltration_info.within_limits) {
+     *   console.log('Exfiltration limit exceeded');
+     * }
+     * ```
+     *
+     * @param options - Output check options including connector type and response data
+     * @returns MCPCheckOutputResponse with allowed status, redacted data, and policy details
+     * @throws ConnectorError if the request fails (non-403 errors)
+     */
+    async mcpCheckOutput(options) {
+        const url = `${this.config.endpoint}/api/v1/mcp/check-output`;
+        const headers = {
+            'Content-Type': 'application/json',
+            ...this.getAuthHeaders(),
+        };
+        const body = {
+            connector_type: options.connectorType,
+        };
+        if (options.responseData !== undefined) {
+            body.response_data = options.responseData;
+        }
+        if (options.message !== undefined) {
+            body.message = options.message;
+        }
+        if (options.metadata) {
+            body.metadata = options.metadata;
+        }
+        if (options.rowCount !== undefined && options.rowCount > 0) {
+            body.row_count = options.rowCount;
+        }
+        if (this.config.debug) {
+            debugLog('MCP Check Output', {
+                connectorType: options.connectorType,
+                rowCount: options.rowCount,
+            });
+        }
+        const response = await fetch(url, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(body),
+            signal: AbortSignal.timeout(this.config.timeout),
+        });
+        const responseData = await response.json();
+        // 403 means policy blocked — this is a valid check response, not an error
+        if (!response.ok && response.status !== 403) {
+            throw new ConnectorError(responseData.error || 'MCP check-output failed', options.connectorType, 'check-output');
+        }
+        if (this.config.debug) {
+            debugLog('MCP Check Output result', {
+                connectorType: options.connectorType,
+                allowed: responseData.allowed,
+                policiesEvaluated: responseData.policies_evaluated,
+            });
+        }
+        return responseData;
+    }
     /**
      * Generate a multi-agent execution plan from a natural language query
      * @param query - Natural language query describing the task
@@ -4574,6 +4710,111 @@ export class AxonFlow {
         const response = await this.orchestratorRequest('GET', '/api/v1/hitl/stats');
         return response.data;
     }
+    // ============================================================================
+    // Media Governance Config Methods (Issue #1222)
+    // ============================================================================
+    /**
+     * Get the current media governance configuration for the authenticated tenant.
+     *
+     * Returns whether media analysis is enabled, which analyzers are allowed,
+     * and when the config was last updated.
+     *
+     * @returns Media governance configuration for the tenant
+     *
+     * @example
+     * ```typescript
+     * const config = await client.getMediaGovernanceConfig();
+     * console.log(`Media governance enabled: ${config.enabled}`);
+     * if (config.allowedAnalyzers) {
+     *   console.log(`Allowed analyzers: ${config.allowedAnalyzers.join(', ')}`);
+     * }
+     * ```
+     */
+    async getMediaGovernanceConfig() {
+        if (this.config.debug) {
+            debugLog('Getting media governance config');
+        }
+        const data = await this.orchestratorRequest('GET', '/api/v1/media-governance/config');
+        // Transform snake_case response to camelCase
+        return {
+            tenantId: data.tenant_id,
+            enabled: data.enabled,
+            allowedAnalyzers: data.allowed_analyzers,
+            updatedAt: data.updated_at,
+            updatedBy: data.updated_by,
+        };
+    }
+    /**
+     * Update the media governance configuration for the authenticated tenant.
+     *
+     * Use this to enable/disable media analysis or restrict which analyzers
+     * are available for the tenant.
+     *
+     * @param request - Fields to update
+     * @returns Updated media governance configuration
+     *
+     * @example
+     * ```typescript
+     * // Disable media governance
+     * const updated = await client.updateMediaGovernanceConfig({ enabled: false });
+     *
+     * // Enable with specific analyzers only
+     * const config = await client.updateMediaGovernanceConfig({
+     *   enabled: true,
+     *   allowedAnalyzers: ['nsfw', 'pii']
+     * });
+     * ```
+     */
+    async updateMediaGovernanceConfig(request) {
+        if (this.config.debug) {
+            debugLog('Updating media governance config', { request });
+        }
+        // Convert camelCase to snake_case for API compatibility
+        const requestBody = {};
+        if (request.enabled !== undefined)
+            requestBody.enabled = request.enabled;
+        if (request.allowedAnalyzers !== undefined)
+            requestBody.allowed_analyzers = request.allowedAnalyzers;
+        const data = await this.orchestratorRequest('PUT', '/api/v1/media-governance/config', requestBody);
+        // Transform snake_case response to camelCase
+        return {
+            tenantId: data.tenant_id,
+            enabled: data.enabled,
+            allowedAnalyzers: data.allowed_analyzers,
+            updatedAt: data.updated_at,
+            updatedBy: data.updated_by,
+        };
+    }
+    /**
+     * Get the platform-level media governance status.
+     *
+     * Reports whether media governance is available on this platform instance,
+     * the default enablement state, whether per-tenant control is supported,
+     * and the required license tier.
+     *
+     * @returns Media governance platform status
+     *
+     * @example
+     * ```typescript
+     * const status = await client.getMediaGovernanceStatus();
+     * console.log(`Available: ${status.available}`);
+     * console.log(`Tier: ${status.tier}`);
+     * console.log(`Per-tenant control: ${status.perTenantControl}`);
+     * ```
+     */
+    async getMediaGovernanceStatus() {
+        if (this.config.debug) {
+            debugLog('Getting media governance status');
+        }
+        const data = await this.orchestratorRequest('GET', '/api/v1/media-governance/status');
+        // Transform snake_case response to camelCase
+        return {
+            available: data.available,
+            enabledByDefault: data.enabled_by_default,
+            perTenantControl: data.per_tenant_control,
+            tier: data.tier,
+        };
+    }
     /**
      * Stream real-time execution status updates via Server-Sent Events (SSE).
      *