@driftgard/node 1.10.0 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +51 -0
  2. package/dist/index.js +8 -0
  3. package/dist/types.d.ts +12 -0
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -53,6 +53,53 @@ const result = await dg.evaluate({
53
53
 
54
54
  This enables chain depth protection (prevents infinite agent loops) and lets you trace evaluation lineage in the dashboard. When `sequence_no` is provided, DriftGard enforces ordering — if an eval arrives out of order, the response includes a `sequence_warning`.
55
55
 
56
+ ## Agent identity
57
+
58
+ Identify which agent made a decision using `agent_id` and `agent_role`:
59
+
60
+ ```typescript
61
+ const result = await dg.evaluate({
62
+ project_id: "your-project-id",
63
+ prompt: "Transfer $500",
64
+ response: "Transfer initiated.",
65
+ model_id: "gpt-4o",
66
+ agent_id: "agent_payments_prod", // which agent instance
67
+ agent_role: "payments_agent", // agent's role for policy scoping
68
+ on_behalf_of: "user_12345", // which end-user triggered this
69
+ // parent_agent_id: "agent_orchestrator", // optional — which parent agent delegated
70
+ session_id: "sess_abc123",
71
+ });
72
+ ```
73
+
74
+ Agent identity fields are stored on the evaluation record and visible in the Live Activity detail dialog. The `on_behalf_of` field tracks which end-user triggered the agent action. The `parent_agent_id` field identifies which orchestrator agent delegated to this one in multi-agent systems.
75
+
76
+ ### Per-tool identity rules
77
+
78
+ Control packs support `identity_rules` on each tool — restricting which agents, roles, users, or parent agents can call it. Rules use OR logic across entries and AND logic within each entry:
79
+
80
+ ```json
81
+ {
82
+ "tool_rules": {
83
+ "tool_policy": "deny_unlisted",
84
+ "rules": {
85
+ "transfer_money": {
86
+ "parameters": { ... },
87
+ "identity_rules": [
88
+ { "allowed_roles": ["payments_agent"], "allowed_users": ["user_alice", "user_bob"] },
89
+ { "allowed_roles": ["admin_agent"] }
90
+ ]
91
+ }
92
+ }
93
+ }
94
+ }
95
+ ```
96
+
97
+ In this example, `transfer_money` is allowed when:
98
+ - The caller has `agent_role=payments_agent` AND `on_behalf_of` is `user_alice` or `user_bob`, OR
99
+ - The caller has `agent_role=admin_agent` (any user)
100
+
101
+ If no `identity_rules` are defined on a tool, any caller can use it (subject to parameter validation). All four fields are optional within each rule — only specified fields are checked.
102
+
56
103
  ## A/B experiments
57
104
 
58
105
  Tag evaluations with an `experiment_id` to compare governance metrics across models:
@@ -117,6 +164,10 @@ const result = await dg.evaluateToolCall({
117
164
  tool_name: "transfer_money",
118
165
  parameters: { amount: 500, to_account: "account_123" },
119
166
  session_id: "sess_abc123",
167
+ agent_id: "agent_payments_prod",
168
+ agent_role: "payments_agent",
169
+ on_behalf_of: "user_12345",
170
+ // parent_agent_id: "agent_orchestrator",
120
171
  });
121
172
 
122
173
  if (!result.evaluation.allowed) {
package/dist/index.js CHANGED
@@ -61,6 +61,10 @@ class Driftgard {
61
61
  ...(req.eval_mode ? { eval_mode: req.eval_mode } : {}),
62
62
  ...(req.tool_call ? { tool_call: req.tool_call } : {}),
63
63
  ...(req.sequence_no != null ? { sequence_no: req.sequence_no } : {}),
64
+ ...(req.agent_id ? { agent_id: req.agent_id } : {}),
65
+ ...(req.agent_role ? { agent_role: req.agent_role } : {}),
66
+ ...(req.on_behalf_of ? { on_behalf_of: req.on_behalf_of } : {}),
67
+ ...(req.parent_agent_id ? { parent_agent_id: req.parent_agent_id } : {}),
64
68
  ...(req.usage ? { usage: req.usage } : {}),
65
69
  }, idempotencyKey);
66
70
  // Success — reset circuit breaker
@@ -135,6 +139,10 @@ class Driftgard {
135
139
  parent_evaluation_id: req.parent_evaluation_id,
136
140
  idempotency_key: req.idempotency_key,
137
141
  sequence_no: req.sequence_no,
142
+ agent_id: req.agent_id,
143
+ agent_role: req.agent_role,
144
+ on_behalf_of: req.on_behalf_of,
145
+ parent_agent_id: req.parent_agent_id,
138
146
  });
139
147
  }
140
148
  /**
package/dist/types.d.ts CHANGED
@@ -35,6 +35,14 @@ export interface EvaluateRequest {
35
35
  idempotency_key?: string;
36
36
  /** Sequence number within a session for ordering. Optional — if sent, ordering is enforced. */
37
37
  sequence_no?: number;
38
+ /** Agent identity — who or what is making this decision. */
39
+ agent_id?: string;
40
+ /** Agent role — scopes what the agent is allowed to do. */
41
+ agent_role?: string;
42
+ /** End-user ID — which human triggered this agent action. */
43
+ on_behalf_of?: string;
44
+ /** Parent agent ID — which orchestrator agent delegated to this one. */
45
+ parent_agent_id?: string;
38
46
  usage?: {
39
47
  prompt_tokens?: number;
40
48
  completion_tokens?: number;
@@ -141,6 +149,10 @@ export interface ToolCallRequest {
141
149
  parent_evaluation_id?: string;
142
150
  idempotency_key?: string;
143
151
  sequence_no?: number;
152
+ agent_id?: string;
153
+ agent_role?: string;
154
+ on_behalf_of?: string;
155
+ parent_agent_id?: string;
144
156
  }
145
157
  export interface OutcomeRequest {
146
158
  execution_status: "success" | "failed" | "rolled_back";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@driftgard/node",
3
- "version": "1.10.0",
3
+ "version": "1.11.0",
4
4
  "description": "Official DriftGard Node.js SDK — evaluate LLM interactions against your compliance policy",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",