@crowdstrike/aidr 1.0.2 → 1.1.0

package/.github/CODEOWNERS

@@ -1 +1 @@
-* @kenany
+* @crowdstrike/aidr-typescript-CS-Maintainers

package/.github/workflows/ci.yml

@@ -83,46 +83,3 @@ jobs:
 
       - name: Test
         run: ./scripts/test
-
-  release:
-    needs:
-      - build
-      - lint
-      - test
-    if: github.repository == 'crowdstrike/aidr-typescript' && github.event_name != 'pull_request'
-    runs-on: ubuntu-24.04
-    environment: release
-    permissions:
-      contents: write
-      id-token: write
-      issues: write
-      packages: write
-      pull-requests: write
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          fetch-depth: 0
-          filter: blob:none
-          show-progress: false
-
-      - run: corepack enable
-
-      - name: Setup Node.js
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
-        with:
-          node-version: 24.11.1
-          cache: pnpm
-
-      - name: Install dependencies
-        run: pnpm install
-
-      - name: Build
-        run: pnpm build
-
-      - name: semantic-release
-        run: pnpx semantic-release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          LOG_LEVEL: debug

package/.github/workflows/publish.yml

@@ -0,0 +1,52 @@
+name: Publish
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  release:
+    if: github.repository == 'crowdstrike/aidr-typescript'
+    runs-on: ubuntu-24.04
+    environment: release
+    permissions:
+      contents: write
+      id-token: write
+      issues: write
+      packages: write
+      pull-requests: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          fetch-depth: 0
+          filter: blob:none
+          show-progress: false
+
+      - run: corepack enable
+
+      - name: Setup Node.js
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        with:
+          node-version: 24.11.1
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Build
+        run: pnpm build
+
+      - name: semantic-release
+        run: pnpx semantic-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          LOG_LEVEL: debug

package/README.md

@@ -1,3 +1,94 @@
 # CrowdStrike AIDR TypeScript SDK
 
 TypeScript SDK for CrowdStrike AIDR.
+
+## Installation
+
+```bash
+npm install @crowdstrike/aidr
+```
+
+```bash
+pnpm add @crowdstrike/aidr
+```
+
+```bash
+yarn add @crowdstrike/aidr
+```
+
+## Usage
+
+```typescript
+import { AIGuard } from "@crowdstrike/aidr";
+
+const client = new AIGuard({
+  token: "your-api-token",
+  baseURLTemplate: "https://api.crowdstrike.com/aidr/{SERVICE_NAME}",
+});
+
+const response = await client.guardChatCompletions({
+  guard_input: {
+    messages: [
+      {
+        role: "user",
+        content: "Hello, how can I help you?",
+      },
+    ],
+  },
+});
+
+console.log(response);
+```
+
+## Retries
+
+The SDK supports automatic retries for temporary failures (network errors or
+HTTP/5XX server errors). It supports configuring retries at the client level or
+per-request.
+
+```typescript
+// Set the default number of retries when creating the client.
+const client = new AIGuard({
+  token: "your-api-token",
+  baseURLTemplate: "https://api.crowdstrike.com/aidr/{SERVICE_NAME}",
+  maxRetries: 3, // Default is 2.
+});
+
+const response = await client.guardChatCompletions(
+  {
+    guard_input: {
+      messages: [{ role: "user", content: "Hello" }],
+    },
+  },
+  {
+    // Override the default retry count for this specific request.
+    maxRetries: 5,
+  }
+);
+```
+
+## Timeouts
+
+Configure request timeouts to control how long the client waits for a response
+before timing out.
+
+```typescript
+// Set the default timeout (in milliseconds) when creating the client.
+const client = new AIGuard({
+  token: "your-api-token",
+  baseURLTemplate: "https://api.crowdstrike.com/{SERVICE_NAME}",
+  timeout: 30000, // 30 seconds (default is 60 seconds).
+});
+
+const response = await client.guardChatCompletions(
+  {
+    guard_input: {
+      messages: [{ role: "user", content: "Hello" }],
+    },
+  },
+  {
+    // Override the default timeout for a specific request.
+    timeout: 10000, // 10 seconds.
+  }
+);
+```

package/dist/index.cjs

@@ -350,6 +350,15 @@ var AIGuard = class extends Client {
 			...options
 		});
 	}
+	/**
+	* Decrypt or unredact fpe redactions
+	*/
+	unredact(body, options) {
+		return this.post("/v1/unredact", {
+			body,
+			...options
+		});
+	}
 };
 
 //#endregion

package/dist/index.d.cts

@@ -110,6 +110,7 @@ type PangeaResponse = {
   };
 };
 type PangeaValidationErrors = PangeaResponse;
+type PangeaAcceptedResponse = PangeaResponse;
 /**
  * Device status. Allowed values are active, pending, disabled
  */
@@ -657,7 +658,7 @@ type ChatCompletionsGuard = {
   /**
    * (AIDR) Event Type.
    */
-  event_type?: 'input' | 'output' | 'tool_input' | 'tool_output' | 'tool_listing';
+  event_type?: string;
   /**
    * (AIDR) collector instance id.
    */
@@ -714,6 +715,10 @@ type ChatCompletionsGuard = {
       tools: Array<string>;
     }> | undefined;
   };
+  /**
+   * FPE (Format Preserving Encryption) context from a previous guard request. When provided, the encrypted input will be unredacted before processing.
+   */
+  input_fpe_context?: string;
 };
 type AidrPromptInjectionResult = {
   /**
@@ -1521,10 +1526,6 @@ type AidrServiceConfigResult = AidrServiceConfig;
  * A time in ISO-8601 format
  */
 type AidrTimestamp = string;
-/**
- * A time in ISO-8601 format or null
- */
-type AirdTimestampNullable = AuthnTimestamp | null;
 /**
  * Define field name and path mapping to extract from the log
  */
@@ -1761,9 +1762,28 @@ type AidrMetricResultDetectorItem = {
   };
 };
 /**
- * A time in ISO-8601 format
+ * Configuration for an individual access rule used in an AI Guard recipe. Each rule defines its matching logic and the action to apply when the logic evaluates to true.
  */
-type AuthnTimestamp = string;
+type AccessRuleSettings = {
+  /**
+   * Unique identifier for this rule. Should be user-readable and consistent across recipe updates.
+   */
+  rule_key: string;
+  /**
+   * Display label for the rule shown in user interfaces.
+   */
+  name: string;
+  /**
+   * Action to apply if the rule matches. Use 'block' to stop further processing or 'report' to simply log the match.
+   */
+  state: 'block' | 'report';
+  /**
+   * JSON Logic condition that determines whether this rule matches.
+   */
+  logic: {
+    [key: string]: unknown;
+  };
+};
 /**
  * Details about the evaluation of a single rule, including whether it matched, the action to take, the rule name, and optional debugging information.
  */
@@ -1793,49 +1813,6 @@ type AccessRuleResult = {
     [key: string]: unknown;
   };
 };
-/**
- * Defines an AI Guard recipe - a named configuration of detectors and redaction settings used to analyze and protect data flows in AI-powered applications.
- *
- * Recipes specify which detectors are active, how they behave, and may include reusable settings such as FPE tweaks.
- *
- * For details, see the [AI Guard Recipes](https://pangea.cloud/docs/ai-guard/recipes) documentation.
- */
-type RecipeConfig = {
-  /**
-   * Human-readable name of the recipe
-   */
-  name: string;
-  /**
-   * Detailed description of the recipe's purpose or use case
-   */
-  description: string;
-  /**
-   * Optional version identifier for the recipe. Can be used to track changes.
-   */
-  version?: string;
-  /**
-   * Settings for [AI Guard Detectors](https://pangea.cloud/docs/ai-guard/recipes#detectors), including which detectors to enable and how they behave
-   */
-  detectors?: DetectorSettings;
-  /**
-   * Configuration for access rules used in an AI Guard recipe.
-   */
-  access_rules?: Array<AccessRuleSettings>;
-  /**
-   * Connector-level Redact configuration. These settings allow you to define reusable redaction parameters, such as FPE tweak value.
-   */
-  connector_settings?: {
-    /**
-     * Settings for Redact integration at the recipe level
-     */
-    redact?: {
-      /**
-       * ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.
-       */
-      fpe_tweak_vault_secret_id?: string;
-    };
-  };
-};
 /**
  * Configuration for individual detectors used in an AI Guard recipe. Each entry specifies the detector to use, its enabled state, detector-specific settings, and the [action](https://pangea.cloud/docs/ai-guard/recipes#actions) to apply when detections occur.
  */
@@ -1880,6 +1857,49 @@ type DetectorSettings = Array<{
     }>;
   };
 }>;
+/**
+ * Defines an AI Guard recipe - a named configuration of detectors and redaction settings used to analyze and protect data flows in AI-powered applications.
+ *
+ * Recipes specify which detectors are active, how they behave, and may include reusable settings such as FPE tweaks.
+ *
+ * For details, see the [AI Guard Recipes](https://pangea.cloud/docs/ai-guard/recipes) documentation.
+ */
+type RecipeConfig = {
+  /**
+   * Human-readable name of the recipe
+   */
+  name: string;
+  /**
+   * Detailed description of the recipe's purpose or use case
+   */
+  description: string;
+  /**
+   * Optional version identifier for the recipe. Can be used to track changes.
+   */
+  version?: string;
+  /**
+   * Settings for [AI Guard Detectors](https://pangea.cloud/docs/ai-guard/recipes#detectors), including which detectors to enable and how they behave
+   */
+  detectors?: DetectorSettings;
+  /**
+   * Configuration for access rules used in an AI Guard recipe.
+   */
+  access_rules?: Array<AccessRuleSettings>;
+  /**
+   * Connector-level Redact configuration. These settings allow you to define reusable redaction parameters, such as FPE tweak value.
+   */
+  connector_settings?: {
+    /**
+     * Settings for Redact integration at the recipe level
+     */
+    redact?: {
+      /**
+       * ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.
+       */
+      fpe_tweak_vault_secret_id?: string;
+    };
+  };
+};
 type RuleRedactionConfig = ({
   redaction_type?: 'mask' | 'detect_only';
 } | {
@@ -1946,53 +1966,6 @@ type RuleRedactionConfig = ({
    */
   fpe_alphabet?: 'numeric' | 'alphalower' | 'alphaupper' | 'alpha' | 'alphanumericlower' | 'alphanumericupper' | 'alphanumeric' | null;
 };
-/**
- * Configuration for an individual access rule used in an AI Guard recipe. Each rule defines its matching logic and the action to apply when the logic evaluates to true.
- */
-type AccessRuleSettings = {
-  /**
-   * Unique identifier for this rule. Should be user-readable and consistent across recipe updates.
-   */
-  rule_key: string;
-  /**
-   * Display label for the rule shown in user interfaces.
-   */
-  name: string;
-  /**
-   * Action to apply if the rule matches. Use 'block' to stop further processing or 'report' to simply log the match.
-   */
-  state: 'block' | 'report';
-  /**
-   * JSON Logic condition that determines whether this rule matches.
-   */
-  logic: {
-    [key: string]: unknown;
-  };
-};
-type LanguageResult = {
-  /**
-   * The action taken by this Detector
-   */
-  action?: string;
-  language?: string;
-};
-type RedactEntityResult = {
-  /**
-   * Detected redaction rules.
-   */
-  entities?: Array<{
-    /**
-     * The action taken on this Entity
-     */
-    action: string;
-    type: string;
-    value: string;
-    redacted: boolean;
-    start_pos?: number;
-  }>;
-};
-type MaliciousEntityAction = 'report' | 'defang' | 'disabled' | 'block';
-type PiiEntityAction = 'disabled' | 'report' | 'block' | 'mask' | 'partial_masking' | 'replacement' | 'hash' | 'fpe';
 type AidrPostV1GuardChatCompletionsData = {
   body?: ChatCompletionsGuard;
   path?: never;
@@ -2132,8 +2105,52 @@ type AidrPostV1GuardChatCompletionsResponses = {
       fpe_context?: string;
     };
   };
+  /**
+   * Asynchronous request in progress
+   */
+  202: PangeaResponse & PangeaAcceptedResponse;
 };
 type AidrPostV1GuardChatCompletionsResponse = AidrPostV1GuardChatCompletionsResponses[keyof AidrPostV1GuardChatCompletionsResponses];
+type AidrPostV1UnredactData = {
+  body?: {
+    /**
+     * Data to unredact
+     */
+    redacted_data: unknown;
+    /**
+     * FPE context used to decrypt and unredact data
+     */
+    fpe_context: string;
+  };
+  path?: never;
+  query?: never;
+  url: '/v1/unredact';
+};
+type AidrPostV1UnredactErrors = {
+  /**
+   * Validation errors
+   */
+  400: PangeaResponse & PangeaValidationErrors;
+};
+type AidrPostV1UnredactError = AidrPostV1UnredactErrors[keyof AidrPostV1UnredactErrors];
+type AidrPostV1UnredactResponses = {
+  /**
+   * The unredacted data
+   */
+  200: PangeaResponse & {
+    result?: {
+      /**
+       * The unredacted data
+       */
+      data: unknown;
+    };
+  };
+  /**
+   * Asynchronous request in progress
+   */
+  202: PangeaResponse & PangeaAcceptedResponse;
+};
+type AidrPostV1UnredactResponse = AidrPostV1UnredactResponses[keyof AidrPostV1UnredactResponses];
 type GetAsyncRequestData = {
   body?: never;
   path: {
@@ -2154,11 +2171,12 @@ type GetAsyncRequestResponses = {
    * Asynchronous request in progress
    */
   202: PangeaResponse & {
-    result?: {
+    result: {
       ttl_mins?: number;
       retry_counter?: number;
       location?: string;
     };
+    status: 'Accepted';
   };
 };
 type GetAsyncRequestResponse = GetAsyncRequestResponses[keyof GetAsyncRequestResponses];
@@ -2342,6 +2360,10 @@ declare class AIGuard extends Client {
    * malicious content, and other undesirable data transfers.
    */
   guardChatCompletions(body: ChatCompletionsGuard, options?: RequestOptions): Promise<MaybeAcceptedResponse<AidrPostV1GuardChatCompletionsResponse['result']>>;
+  /**
+   * Decrypt or unredact fpe redactions
+   */
+  unredact(body: AidrPostV1UnredactData['body'], options?: RequestOptions): Promise<MaybeAcceptedResponse<AidrPostV1UnredactResponse['result']>>;
 }
 //#endregion
-export { AIGuard, APIResponse, AcceptedResponse, AccessRuleResult, AccessRuleSettings, AidrAccessRulesResponse, AidrAuditDataActivity, AidrCustomlist, AidrCustomlistResult, AidrCustomlistSearch, AidrCustomlistSearchResult, AidrDevice, AidrDeviceCheckResult, AidrDeviceId, AidrDeviceResult, AidrDeviceSearch, AidrDeviceSearchResult, AidrDeviceStatus, AidrDeviceTokenInfo, AidrEmpty, AidrFieldAlias, AidrFieldAliasResult, AidrFieldAliasSearch, AidrFieldAliasSearchResult, AidrGolangDuration, AidrIpv4OrV6, AidrLanguageResult, AidrLog, AidrLogs, AidrMaliciousEntityResult, AidrMetric, AidrMetricAggregateItem, AidrMetricAggregatesResult, AidrMetricAggregatesSearchParams, AidrMetricItem, AidrMetricOnlyData, AidrMetricResult, AidrMetricResultDetectorItem, AidrMetricpoolId, AidrMetricpoolResource, AidrOtelAnyValue, AidrOtelArrayValue, AidrOtelInstrumentationScope, AidrOtelKeyValue, AidrOtelKeyValueList, AidrOtelLogRecord, AidrOtelResource, AidrOtelResourceLogs, AidrOtelScopeLogs, AidrPolicy, AidrPolicyDefaults, AidrPolicyResult, AidrPolicySearch, AidrPolicySearchResult, AidrPolicycollectionResult, AidrPolicycollectionSearch, AidrPolicycollectionSearchResult, AidrPostV1GuardChatCompletionsData, AidrPostV1GuardChatCompletionsError, AidrPostV1GuardChatCompletionsErrors, AidrPostV1GuardChatCompletionsResponse, AidrPostV1GuardChatCompletionsResponses, AidrPromptInjectionResult, AidrPromptItem, AidrPromptItemListResult, AidrRedactEntityResult, AidrResourceFieldMapping, AidrSavedFilter, AidrSavedFilterResult, AidrSavedFilterSearch, AidrSavedFilterSearchResult, AidrSensorHealth, AidrSensorInsights, AidrSensorInsightsItem, AidrSensorInsightsResult, AidrServiceConfig, AidrServiceConfigList, AidrServiceConfigResult, AidrSingleEntityResult, AidrTimestamp, AidrTopicResult, AirdTimestampNullable, AuthnTimestamp, ChatCompletionsGuard, DetectorSettings, ErrorResponse, FilterId, GetAsyncRequestData, GetAsyncRequestResponse, GetAsyncRequestResponses, LanguageResult, MaliciousEntityAction, MaybeAcceptedResponse, PangeaResponse, PangeaValidationErrors, PiiEntityAction, PolicyId, RecipeConfig, RedactEntityResult, RuleRedactionConfig, ServiceConfigId };
+export { AIGuard, APIResponse, AcceptedResponse, AccessRuleResult, AccessRuleSettings, AidrAccessRulesResponse, AidrAuditDataActivity, AidrCustomlist, AidrCustomlistResult, AidrCustomlistSearch, AidrCustomlistSearchResult, AidrDevice, AidrDeviceCheckResult, AidrDeviceId, AidrDeviceResult, AidrDeviceSearch, AidrDeviceSearchResult, AidrDeviceStatus, AidrDeviceTokenInfo, AidrEmpty, AidrFieldAlias, AidrFieldAliasResult, AidrFieldAliasSearch, AidrFieldAliasSearchResult, AidrGolangDuration, AidrIpv4OrV6, AidrLanguageResult, AidrLog, AidrLogs, AidrMaliciousEntityResult, AidrMetric, AidrMetricAggregateItem, AidrMetricAggregatesResult, AidrMetricAggregatesSearchParams, AidrMetricItem, AidrMetricOnlyData, AidrMetricResult, AidrMetricResultDetectorItem, AidrMetricpoolId, AidrMetricpoolResource, AidrOtelAnyValue, AidrOtelArrayValue, AidrOtelInstrumentationScope, AidrOtelKeyValue, AidrOtelKeyValueList, AidrOtelLogRecord, AidrOtelResource, AidrOtelResourceLogs, AidrOtelScopeLogs, AidrPolicy, AidrPolicyDefaults, AidrPolicyResult, AidrPolicySearch, AidrPolicySearchResult, AidrPolicycollectionResult, AidrPolicycollectionSearch, AidrPolicycollectionSearchResult, AidrPostV1GuardChatCompletionsData, AidrPostV1GuardChatCompletionsError, AidrPostV1GuardChatCompletionsErrors, AidrPostV1GuardChatCompletionsResponse, AidrPostV1GuardChatCompletionsResponses, AidrPostV1UnredactData, AidrPostV1UnredactError, AidrPostV1UnredactErrors, AidrPostV1UnredactResponse, AidrPostV1UnredactResponses, AidrPromptInjectionResult, AidrPromptItem, AidrPromptItemListResult, AidrRedactEntityResult, AidrResourceFieldMapping, AidrSavedFilter, AidrSavedFilterResult, AidrSavedFilterSearch, AidrSavedFilterSearchResult, AidrSensorHealth, AidrSensorInsights, AidrSensorInsightsItem, AidrSensorInsightsResult, AidrServiceConfig, AidrServiceConfigList, AidrServiceConfigResult, AidrSingleEntityResult, AidrTimestamp, AidrTopicResult, ChatCompletionsGuard, DetectorSettings, ErrorResponse, FilterId, GetAsyncRequestData, GetAsyncRequestResponse, GetAsyncRequestResponses, MaybeAcceptedResponse, PangeaAcceptedResponse, PangeaResponse, PangeaValidationErrors, PolicyId, RecipeConfig, RuleRedactionConfig, ServiceConfigId };