@driftgard/node 1.15.0 → 1.16.0

package/README.md

@@ -25,7 +25,12 @@ const result = await dg.evaluate({
 });
 
 if (result.evaluation.allowed) {
-  console.log("Safe to return to user");
+  // If sanitized, use the safe version (PII/secrets redacted)
+  if (result.evaluation.sanitized) {
+    console.log("Use sanitized:", result.evaluation.sanitized_response);
+  } else {
+    console.log("Safe to return to user");
+  }
 } else {
   // Use the fallback message if configured in your control pack
   if (result.fallback) {
@@ -123,6 +128,48 @@ const dg = new Driftgard({
 | `local` | Control pack fetch only (on init) | Maximum privacy — mental health, clinical, sovereign |
 | `local-with-audit` | Control pack fetch + verdict metadata | Privacy with compliance reporting — healthcare, regulated |
 
+### Local semantic matching (ONNX)
+
+By default, local mode only runs Layer 1 (pattern matching). Enable `localSemantic: true` to add Layer 2 (semantic similarity) locally via a quantized ONNX model — no data leaves your environment.
+
+```bash
+# Install required dependencies
+npm install onnxruntime-node @xenova/transformers
+```
+
+```typescript
+const dg = new Driftgard({
+  apiKey: process.env.DRIFTGARD_API_KEY,
+  mode: "local",
+  projectId: "your-project-id",
+  localSemantic: true,  // enables ONNX-based semantic matching
+});
+
+// First init() downloads the model (~22MB) and caches it
+await dg.init();
+
+// Evaluations now run both Layer 1 (patterns) and Layer 2 (semantic)
+const result = await dg.evaluate({ ... });
+```
+
+The model is downloaded once to `node_modules/.cache/driftgard/` and reused on subsequent runs. You can also provide a custom path:
+
+```typescript
+const dg = new Driftgard({
+  ...
+  localSemantic: true,
+  localSemanticModelPath: "/path/to/your/model.onnx",
+});
+```
+
+| Feature | `localSemantic: false` (default) | `localSemantic: true` |
+|---|---|---|
+| Pattern matching (Layer 1) | ✓ | ✓ |
+| Semantic matching (Layer 2) | ✗ | ✓ |
+| Model size | 0 | ~22MB (one-time download) |
+| Extra dependencies | None | `onnxruntime-node`, `@xenova/transformers` |
+| Coverage vs remote | ~60% | ~80% |
+
 ## Conversation tracking
 
 Link evaluations within an agent session using `session_id` and `parent_evaluation_id`:
@@ -400,6 +447,40 @@ try {
 }
 ```
 
+## Framework Integrations
+
+### LangChain.js
+
+Use `DriftGardGuardrail` as a step in your LangChain chain. It evaluates the LLM output against your control pack and either passes it through, returns a sanitized version, or throws/returns a fallback on block.
+
+```typescript
+import { DriftGardGuardrail } from "@driftgard/node";
+
+const guardrail = new DriftGardGuardrail({
+  apiKey: process.env.DRIFTGARD_API_KEY,
+  projectId: "your-project-id",
+  modelId: "langchain",       // optional — for tracking
+  onBlock: "raise",           // "raise" (throw) or "fallback" (return fallback message)
+  failOpen: true,             // allow through if DriftGard unreachable
+});
+
+// Use in a LangChain chain via pipe:
+const chain = prompt.pipe(llm).pipe(guardrail).pipe(outputParser);
+
+// Or standalone:
+try {
+  const safe = await guardrail.invoke("AI response text here");
+  console.log(safe); // original text, or sanitized version if redaction applied
+} catch (e) {
+  console.log("Blocked:", e.message);
+}
+```
+
+The guardrail handles three outcomes:
+- Allowed: returns the original text unchanged
+- Sanitized: returns `sanitized_response` (PII/patterns redacted with `[REDACTED]`)
+- Blocked: throws an error (or returns fallback message if `onBlock: "fallback"`)
+
 ## Requirements
 
 - Node.js 18+ (uses native `fetch`)

package/dist/index.d.ts

@@ -4,6 +4,8 @@ export { Violation, EvaluationResult, FallbackResponse, HitlInfo } from "./types
 export { DriftgardError, AuthError, RateLimitError, FeatureNotAvailableError, ChainDepthExceededError, OrgSuspendedError } from "./errors";
 export { evaluateLocal } from "./local-evaluator";
 export { ControlPackCache } from "./control-pack-cache";
+export { DriftGardGuardrail } from "./integrations/langchain";
+export { LocalSemanticEngine } from "./local-semantic";
 type CircuitState = "closed" | "open" | "half-open";
 export declare class Driftgard {
     private apiKey;
@@ -18,6 +20,9 @@ export declare class Driftgard {
     private cbFailures;
     private cbOpenedAt;
     private cpCache;
+    private semanticEngine;
+    private localSemantic;
+    private localSemanticModelPath?;
     private initialized;
     constructor(config: DriftgardConfig);
     /**
@@ -26,6 +31,11 @@ export declare class Driftgard {
      * No-op for remote mode.
      */
     init(): Promise<void>;
+    /**
+     * Ensure the ONNX model is downloaded. Auto-downloads on first use.
+     * Stores in node_modules/.cache/driftgard/
+     */
+    private ensureModel;
     /**
      * Stop background refresh and clean up resources.
      */

package/dist/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Driftgard = exports.ControlPackCache = exports.evaluateLocal = exports.OrgSuspendedError = exports.ChainDepthExceededError = exports.FeatureNotAvailableError = exports.RateLimitError = exports.AuthError = exports.DriftgardError = void 0;
+exports.Driftgard = exports.LocalSemanticEngine = exports.DriftGardGuardrail = exports.ControlPackCache = exports.evaluateLocal = exports.OrgSuspendedError = exports.ChainDepthExceededError = exports.FeatureNotAvailableError = exports.RateLimitError = exports.AuthError = exports.DriftgardError = void 0;
 const errors_1 = require("./errors");
 const local_evaluator_1 = require("./local-evaluator");
 const control_pack_cache_1 = require("./control-pack-cache");
@@ -15,6 +15,10 @@ var local_evaluator_2 = require("./local-evaluator");
 Object.defineProperty(exports, "evaluateLocal", { enumerable: true, get: function () { return local_evaluator_2.evaluateLocal; } });
 var control_pack_cache_2 = require("./control-pack-cache");
 Object.defineProperty(exports, "ControlPackCache", { enumerable: true, get: function () { return control_pack_cache_2.ControlPackCache; } });
+var langchain_1 = require("./integrations/langchain");
+Object.defineProperty(exports, "DriftGardGuardrail", { enumerable: true, get: function () { return langchain_1.DriftGardGuardrail; } });
+var local_semantic_1 = require("./local-semantic");
+Object.defineProperty(exports, "LocalSemanticEngine", { enumerable: true, get: function () { return local_semantic_1.LocalSemanticEngine; } });
 const DEFAULT_BASE_URL = "https://api.driftgard.com";
 const DEFAULT_TIMEOUT = 30000;
 const DEFAULT_MAX_RETRIES = 2;
@@ -28,6 +32,7 @@ class Driftgard {
         this.cbOpenedAt = 0;
         // Local mode
         this.cpCache = null;
+        this.semanticEngine = null;
         this.initialized = false;
         if (!config.apiKey)
             throw new Error("apiKey is required");
@@ -37,6 +42,8 @@ class Driftgard {
         this.maxRetries = config.maxRetries ?? DEFAULT_MAX_RETRIES;
         this.failureMode = config.failureMode ?? "open";
         this.mode = config.mode ?? "remote";
+        this.localSemantic = config.localSemantic ?? false;
+        this.localSemanticModelPath = config.localSemanticModelPath;
         this.cbThreshold = config.circuitBreaker?.threshold ?? DEFAULT_CB_THRESHOLD;
         this.cbResetMs = config.circuitBreaker?.resetTimeoutMs ?? DEFAULT_CB_RESET_MS;
         if (this.mode !== "remote") {
@@ -61,8 +68,44 @@ class Driftgard {
         if (this.cpCache) {
             await this.cpCache.init();
         }
+        // Load local semantic engine if enabled
+        if (this.mode !== "remote" && this.localSemantic) {
+            try {
+                const { LocalSemanticEngine } = require("./local-semantic");
+                const modelPath = this.localSemanticModelPath || await this.ensureModel();
+                this.semanticEngine = new LocalSemanticEngine({ modelPath });
+                await this.semanticEngine.init();
+            }
+            catch (e) {
+                console.warn(`[driftgard] Local semantic engine not available: ${e.message}`);
+                this.semanticEngine = null;
+            }
+        }
         this.initialized = true;
     }
+    /**
+     * Ensure the ONNX model is downloaded. Auto-downloads on first use.
+     * Stores in node_modules/.cache/driftgard/
+     */
+    async ensureModel() {
+        const fs = require("fs");
+        const path = require("path");
+        const cacheDir = path.join(process.cwd(), "node_modules", ".cache", "driftgard");
+        const modelFile = path.join(cacheDir, "all-MiniLM-L6-v2-quantized.onnx");
+        if (fs.existsSync(modelFile))
+            return modelFile;
+        // Download from DriftGard CDN
+        const MODEL_URL = "https://cdn.driftgard.com/models/all-MiniLM-L6-v2-quantized.onnx";
+        console.log(`[driftgard] Downloading semantic model (~22MB)...`);
+        fs.mkdirSync(cacheDir, { recursive: true });
+        const res = await fetch(MODEL_URL);
+        if (!res.ok)
+            throw new Error(`Model download failed: ${res.status}`);
+        const buffer = Buffer.from(await res.arrayBuffer());
+        fs.writeFileSync(modelFile, buffer);
+        console.log(`[driftgard] Model downloaded to ${modelFile}`);
+        return modelFile;
+    }
     /**
      * Stop background refresh and clean up resources.
      */
@@ -109,6 +152,43 @@ class Driftgard {
             ...(req.jurisdiction ? { jurisdiction: req.jurisdiction } : {}),
         };
         const verdict = (0, local_evaluator_1.evaluateLocal)(cp, wasmRequest);
+        // Run local semantic matching if engine is available
+        if (this.semanticEngine?.isReady()) {
+            try {
+                const semanticMatches = await this.semanticEngine.semanticMatch(req.prompt || "", req.response || "", cp.policy_rules || [], { defaultThreshold: 0.55 });
+                // Merge semantic matches into verdict (avoid duplicates by clause_id)
+                const existingClauses = new Set(verdict.violations.map((v) => v.clause_id));
+                for (const sm of semanticMatches) {
+                    if (!existingClauses.has(sm.clause_id)) {
+                        verdict.violations.push({
+                            clause_id: sm.clause_id,
+                            severity: sm.severity,
+                            category: sm.category,
+                            reason: sm.reason,
+                        });
+                        existingClauses.add(sm.clause_id);
+                    }
+                }
+                // Recalculate risk score with semantic matches
+                if (semanticMatches.length > 0) {
+                    const weights = { critical: 15, high: 10, medium: 5, low: 2 };
+                    for (const sm of semanticMatches) {
+                        if (!existingClauses.has(sm.clause_id))
+                            continue; // already counted
+                        verdict.risk_score += weights[sm.severity] || 5;
+                    }
+                    // Check if should block
+                    const blockThreshold = cp.risk_scoring?.block_threshold || 8;
+                    if (verdict.risk_score >= blockThreshold) {
+                        verdict.allowed = false;
+                        verdict.flags.action_blocked = true;
+                    }
+                }
+            }
+            catch {
+                // Semantic engine failure is non-fatal — Layer 1 results still valid
+            }
+        }
         const response = {
             ok: true,
             project_id: req.project_id,

package/dist/integrations/langchain.d.ts

@@ -0,0 +1,50 @@
+/**
+ * DriftGard LangChain.js Integration
+ *
+ * Provides a guardrail that evaluates LLM outputs against your DriftGard control pack.
+ *
+ * Usage:
+ *   import { DriftGardGuardrail } from '@driftgard/sdk/integrations/langchain';
+ *
+ *   const guardrail = new DriftGardGuardrail({
+ *     apiKey: 'dg_...',
+ *     projectId: 'proj_xxx',
+ *   });
+ *
+ *   // Use in a chain:
+ *   const chain = prompt.pipe(llm).pipe(guardrail).pipe(outputParser);
+ *
+ *   // Or standalone:
+ *   const safe = await guardrail.invoke("unsafe AI response");
+ */
+export interface DriftGardGuardrailConfig {
+    apiKey: string;
+    projectId: string;
+    modelId?: string;
+    baseUrl?: string;
+    /** "raise" (throw on block) or "fallback" (return fallback message). Default "raise". */
+    onBlock?: "raise" | "fallback";
+    /** Allow through if DriftGard is unreachable. Default true. */
+    failOpen?: boolean;
+    /** Optional prompt to send alongside the response for context-aware evaluation. */
+    prompt?: string;
+}
+export declare class DriftGardGuardrail {
+    private client;
+    private projectId;
+    private modelId;
+    private onBlock;
+    private prompt;
+    constructor(config: DriftGardGuardrailConfig);
+    /**
+     * Evaluate the input and return safe output.
+     * Throws if blocked (when onBlock="raise").
+     */
+    invoke(input: string | any): Promise<string>;
+    /**
+     * LangChain Runnable interface — pipe support.
+     */
+    pipe(next: any): {
+        invoke(input: any): Promise<any>;
+    };
+}

package/dist/integrations/langchain.js

@@ -0,0 +1,77 @@
+"use strict";
+/**
+ * DriftGard LangChain.js Integration
+ *
+ * Provides a guardrail that evaluates LLM outputs against your DriftGard control pack.
+ *
+ * Usage:
+ *   import { DriftGardGuardrail } from '@driftgard/sdk/integrations/langchain';
+ *
+ *   const guardrail = new DriftGardGuardrail({
+ *     apiKey: 'dg_...',
+ *     projectId: 'proj_xxx',
+ *   });
+ *
+ *   // Use in a chain:
+ *   const chain = prompt.pipe(llm).pipe(guardrail).pipe(outputParser);
+ *
+ *   // Or standalone:
+ *   const safe = await guardrail.invoke("unsafe AI response");
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DriftGardGuardrail = void 0;
+const index_1 = require("../index");
+class DriftGardGuardrail {
+    constructor(config) {
+        this.projectId = config.projectId;
+        this.modelId = config.modelId || "langchain";
+        this.onBlock = config.onBlock || "raise";
+        this.prompt = config.prompt || "";
+        this.client = new index_1.Driftgard({
+            apiKey: config.apiKey,
+            baseUrl: config.baseUrl,
+            projectId: config.projectId,
+            failureMode: config.failOpen !== false ? "open" : "closed",
+        });
+    }
+    /**
+     * Evaluate the input and return safe output.
+     * Throws if blocked (when onBlock="raise").
+     */
+    async invoke(input) {
+        const text = typeof input === "string" ? input : String(input?.content || input?.text || input);
+        const prompt = typeof input === "object" && input?.prompt ? String(input.prompt) : this.prompt;
+        const result = await this.client.evaluate({
+            project_id: this.projectId,
+            prompt,
+            response: text,
+            model_id: this.modelId,
+        });
+        const evaluation = result.evaluation;
+        if (!evaluation.allowed) {
+            const fallbackMsg = result.fallback?.message || "Response blocked by policy.";
+            if (this.onBlock === "raise") {
+                throw new Error(`[DriftGard] Blocked: ${fallbackMsg}`);
+            }
+            return fallbackMsg;
+        }
+        // If sanitized, return the safe version
+        if (evaluation.sanitized && evaluation.sanitized_response) {
+            return evaluation.sanitized_response;
+        }
+        return text;
+    }
+    /**
+     * LangChain Runnable interface — pipe support.
+     */
+    pipe(next) {
+        const self = this;
+        return {
+            async invoke(input) {
+                const mid = await self.invoke(input);
+                return next?.invoke ? next.invoke(mid) : mid;
+            },
+        };
+    }
+}
+exports.DriftGardGuardrail = DriftGardGuardrail;

package/dist/local-semantic/index.d.ts

@@ -0,0 +1,79 @@
+/**
+ * DriftGard Local Semantic — ONNX-based embedding for local evaluation mode.
+ *
+ * Provides semantic matching without any external API calls.
+ * Uses a quantized all-MiniLM-L6-v2 model (~22MB) via ONNX Runtime.
+ *
+ * Usage:
+ *   import { LocalSemanticEngine } from "@driftgard/node/local-semantic";
+ *
+ *   const engine = new LocalSemanticEngine();
+ *   await engine.init();
+ *
+ *   const matches = await engine.semanticMatch(text, rules, { defaultThreshold: 0.55 });
+ */
+export interface SemanticMatch {
+    clause_id: string;
+    category: string;
+    severity: string;
+    action: string;
+    reason: string;
+    confidence: number;
+    source: "semantic";
+    match_target?: string;
+}
+export interface PolicyRule {
+    clause_id: string;
+    description?: string;
+    category?: string;
+    severity?: string;
+    action?: string;
+    pattern_rules?: string[];
+    match_target?: string;
+    negation_aware?: boolean;
+    semantic_threshold?: number;
+    jurisdictions?: string[];
+}
+export interface SemanticMatchOptions {
+    defaultThreshold?: number;
+}
+export declare class LocalSemanticEngine {
+    private session;
+    private tokenizer;
+    private ready;
+    private modelPath;
+    constructor(opts?: {
+        modelPath?: string;
+    });
+    /**
+     * Initialize the ONNX runtime and load the model.
+     * Call once on startup.
+     */
+    init(): Promise<void>;
+    /**
+     * Check if the engine is ready.
+     */
+    isReady(): boolean;
+    /**
+     * Generate embedding for a text string.
+     * Returns a normalized Float32Array (384 dimensions for MiniLM-L6).
+     */
+    embed(text: string): Promise<Float32Array>;
+    /**
+     * Compute cosine similarity between two embeddings.
+     */
+    cosineSimilarity(a: Float32Array, b: Float32Array): number;
+    /**
+     * Run semantic matching against policy rules.
+     * Same logic as server-side semantic.js but runs locally.
+     */
+    semanticMatch(prompt: string, response: string, policyRules: PolicyRule[], opts?: SemanticMatchOptions): Promise<SemanticMatch[]>;
+    /**
+     * Extract searchable texts from a rule (patterns + description).
+     */
+    private getRuleTexts;
+    /**
+     * Clean up resources.
+     */
+    destroy(): void;
+}

package/dist/local-semantic/index.js

@@ -0,0 +1,239 @@
+"use strict";
+/**
+ * DriftGard Local Semantic — ONNX-based embedding for local evaluation mode.
+ *
+ * Provides semantic matching without any external API calls.
+ * Uses a quantized all-MiniLM-L6-v2 model (~22MB) via ONNX Runtime.
+ *
+ * Usage:
+ *   import { LocalSemanticEngine } from "@driftgard/node/local-semantic";
+ *
+ *   const engine = new LocalSemanticEngine();
+ *   await engine.init();
+ *
+ *   const matches = await engine.semanticMatch(text, rules, { defaultThreshold: 0.55 });
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LocalSemanticEngine = void 0;
+const path = __importStar(require("path"));
+// Embedding cache for rule patterns (keyed by CP id + version)
+const ruleEmbeddingCache = new Map();
+class LocalSemanticEngine {
+    constructor(opts) {
+        this.session = null;
+        this.tokenizer = null;
+        this.ready = false;
+        this.modelPath = opts?.modelPath || path.join(__dirname, "model", "all-MiniLM-L6-v2-quantized.onnx");
+    }
+    /**
+     * Initialize the ONNX runtime and load the model.
+     * Call once on startup.
+     */
+    async init() {
+        if (this.ready)
+            return;
+        try {
+            const ort = require("onnxruntime-node");
+            this.session = await ort.InferenceSession.create(this.modelPath, {
+                executionProviders: ["cpu"],
+                graphOptimizationLevel: "all",
+            });
+            // Load tokenizer
+            const { AutoTokenizer } = require("@xenova/transformers");
+            this.tokenizer = await AutoTokenizer.from_pretrained("Xenova/all-MiniLM-L6-v2");
+            this.ready = true;
+        }
+        catch (e) {
+            throw new Error(`Failed to initialize local semantic engine: ${e.message}. ` +
+                `Ensure 'onnxruntime-node' and '@xenova/transformers' are installed: ` +
+                `npm install onnxruntime-node @xenova/transformers`);
+        }
+    }
+    /**
+     * Check if the engine is ready.
+     */
+    isReady() {
+        return this.ready;
+    }
+    /**
+     * Generate embedding for a text string.
+     * Returns a normalized Float32Array (384 dimensions for MiniLM-L6).
+     */
+    async embed(text) {
+        if (!this.ready)
+            throw new Error("Engine not initialized. Call init() first.");
+        // Tokenize
+        const encoded = await this.tokenizer(text, {
+            padding: true,
+            truncation: true,
+            max_length: 128,
+        });
+        const inputIds = encoded.input_ids.data;
+        const attentionMask = encoded.attention_mask.data;
+        const ort = require("onnxruntime-node");
+        // Create tensors
+        const inputIdsTensor = new ort.Tensor("int64", BigInt64Array.from(inputIds.map((v) => BigInt(v))), [1, inputIds.length]);
+        const attentionMaskTensor = new ort.Tensor("int64", BigInt64Array.from(attentionMask.map((v) => BigInt(v))), [1, attentionMask.length]);
+        const tokenTypeIds = new ort.Tensor("int64", new BigInt64Array(inputIds.length).fill(0n), [1, inputIds.length]);
+        // Run inference
+        const results = await this.session.run({
+            input_ids: inputIdsTensor,
+            attention_mask: attentionMaskTensor,
+            token_type_ids: tokenTypeIds,
+        });
+        // Mean pooling over token embeddings (masked)
+        const output = results["last_hidden_state"] || results[Object.keys(results)[0]];
+        const data = output.data;
+        const seqLen = inputIds.length;
+        const hiddenSize = data.length / seqLen;
+        const pooled = new Float32Array(hiddenSize);
+        let maskSum = 0;
+        for (let i = 0; i < seqLen; i++) {
+            if (attentionMask[i] === 1) {
+                maskSum++;
+                for (let j = 0; j < hiddenSize; j++) {
+                    pooled[j] += data[i * hiddenSize + j];
+                }
+            }
+        }
+        for (let j = 0; j < hiddenSize; j++) {
+            pooled[j] /= maskSum;
+        }
+        // L2 normalize
+        let norm = 0;
+        for (let j = 0; j < hiddenSize; j++)
+            norm += pooled[j] * pooled[j];
+        norm = Math.sqrt(norm);
+        for (let j = 0; j < hiddenSize; j++)
+            pooled[j] /= norm;
+        return pooled;
+    }
+    /**
+     * Compute cosine similarity between two embeddings.
+     */
+    cosineSimilarity(a, b) {
+        let dot = 0;
+        for (let i = 0; i < a.length; i++)
+            dot += a[i] * b[i];
+        return dot; // already normalized, so dot product = cosine similarity
+    }
+    /**
+     * Run semantic matching against policy rules.
+     * Same logic as server-side semantic.js but runs locally.
+     */
+    async semanticMatch(prompt, response, policyRules, opts = {}) {
+        if (!this.ready)
+            return [];
+        if (!policyRules?.length)
+            return [];
+        const defaultThreshold = opts.defaultThreshold ?? 0.55;
+        const matches = [];
+        // Determine text to embed based on match_target
+        const textVariants = {
+            prompt: prompt || "",
+            response: response || "",
+            both: [prompt, response].filter(Boolean).join(" "),
+        };
+        // Embed text variants (cached per call)
+        const textEmbeddings = new Map();
+        for (const rule of policyRules) {
+            const severity = String(rule.severity || "medium").toLowerCase();
+            const hardThreshold = rule.semantic_threshold != null
+                ? rule.semantic_threshold
+                : severity === "critical" ? 0.48
+                    : severity === "high" ? 0.53
+                        : severity === "low" ? 0.58
+                            : defaultThreshold;
+            const matchTarget = String(rule.match_target || "both").toLowerCase();
+            const text = textVariants[matchTarget] || textVariants.both;
+            if (!text)
+                continue;
+            // Get or compute text embedding
+            if (!textEmbeddings.has(text)) {
+                textEmbeddings.set(text, await this.embed(text));
+            }
+            const textEmb = textEmbeddings.get(text);
+            // Get rule embeddings (from patterns + description)
+            const ruleTexts = this.getRuleTexts(rule);
+            let bestSimilarity = 0;
+            let bestPatternText = "";
+            for (const ruleText of ruleTexts) {
+                const ruleEmb = await this.embed(ruleText);
+                const sim = this.cosineSimilarity(textEmb, ruleEmb);
+                if (sim > bestSimilarity) {
+                    bestSimilarity = sim;
+                    bestPatternText = ruleText;
+                }
+            }
+            if (bestSimilarity >= hardThreshold) {
+                matches.push({
+                    clause_id: rule.clause_id,
+                    category: rule.category || "policy_compliance",
+                    severity: rule.severity || "medium",
+                    action: rule.action || "flag",
+                    reason: `Semantic match: ${Math.round(bestSimilarity * 100)}% similar to "${bestPatternText.slice(0, 50)}"`,
+                    confidence: bestSimilarity,
+                    source: "semantic",
+                    match_target: matchTarget,
+                });
+            }
+        }
+        return matches;
+    }
+    /**
+     * Extract searchable texts from a rule (patterns + description).
+     */
+    getRuleTexts(rule) {
+        const texts = [];
+        if (rule.description)
+            texts.push(rule.description);
+        for (const p of rule.pattern_rules || []) {
+            if (p && p.length > 3)
+                texts.push(p);
+        }
+        return texts.length > 0 ? texts : [""];
+    }
+    /**
+     * Clean up resources.
+     */
+    destroy() {
+        this.session = null;
+        this.tokenizer = null;
+        this.ready = false;
+        ruleEmbeddingCache.clear();
+    }
+}
+exports.LocalSemanticEngine = LocalSemanticEngine;

package/dist/types.d.ts

@@ -31,6 +31,16 @@ export interface DriftgardConfig {
         error?: string;
         stale?: boolean;
     }) => void;
+    /**
+     * Enable local semantic matching via ONNX (Layer 2).
+     * When true, the SDK downloads a quantized embedding model (~22MB) on first init
+     * and runs semantic matching locally alongside the WASM pattern engine.
+     * Requires: `npm install onnxruntime-node @xenova/transformers`
+     * Default: false (Layer 1 pattern matching only in local mode).
+     */
+    localSemantic?: boolean;
+    /** Custom path to the ONNX model file. If not set, auto-downloads to node_modules/.cache/driftgard/ */
+    localSemanticModelPath?: string;
 }
 export interface EvaluateRequest {
     project_id: string;
@@ -81,6 +91,10 @@ export interface EvaluationResult {
     allowed: boolean;
     risk_score: number;
     violations: Violation[];
+    /** Whether the response was sanitized (matched content redacted). */
+    sanitized?: boolean;
+    /** The sanitized version of the response with violations redacted. Only present when sanitized=true. */
+    sanitized_response?: string;
     /** Original policy decision before execution_mode override (only present when overridden). */
     policy_allowed?: boolean;
     flags?: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@driftgard/node",
-  "version": "1.15.0",
+  "version": "1.16.0",
   "description": "Official DriftGard Node.js SDK — evaluate LLM interactions against your compliance policy",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",