@letsping/sdk 0.2.0 → 0.2.1

package/README.md

@@ -8,6 +8,7 @@ LetsPing is a behavioral firewall and Human-in-the-Loop (HITL) infrastructure la
 - **The Behavioral Shield:** Silently profiles your agent's execution paths via Markov Chains. Automatically intercepts 0-probability reasoning anomalies (hallucinations/prompt injections).
 - **Cryo-Sleep State Parking:** Pauses execution and securely uploads massive agent states directly to storage using Signed URLs, entirely bypassing serverless timeouts and webhook payload limits.
 - **Smart-Accept Drift Adaptation:** Approval decisions mathematically alter the baseline. Old unused reasoning paths decay automatically via Exponential Moving Average (EMA).
+- **Agent Identity & Escrow Helpers:** Optional HMAC-based helpers (`signAgentCall`, `verifyEscrow`, `chainHandoff`) for cryptographically linking agent calls and handoffs to LetsPing requests.
 
 ## Requirements
 - Node.js 18+
@@ -22,6 +23,27 @@ npm install @letsping/sdk
 
 ## Usage
 
+### Minimal drop-in example
+
+The fastest way to see your first approval in the dashboard:
+
+```ts
+import { LetsPing } from "@letsping/sdk";
+
+const apiKey = process.env.LETSPING_API_KEY;
+if (!apiKey) throw new Error("Missing LETSPING_API_KEY env var.");
+
+const lp = new LetsPing(apiKey);
+
+const decision = await lp.ask({
+  service: "billing-agent",
+  action: "refund_user",
+  payload: { user_id: "u_123", amount: 100 },
+});
+```
+
+Every example in this README follows the same pattern: **either pass the key explicitly or rely on `LETSPING_API_KEY` via env**.
+
 ### Blocking Request (`ask`)
 
 Execution suspends until the request is approved, rejected, or times out.
@@ -34,7 +56,7 @@ const lp = new LetsPing(process.env.LETSPING_API_KEY!);
 async function processRefund(userId: string, amount: number) {
   try {
     const decision = await lp.ask({
-      service: "billing-service",
+      service: "billing-agent",
       action: "refund_user",
       priority: "high",
       payload: { userId, amount },
@@ -199,7 +221,7 @@ export async function POST(req: NextRequest) {
 }
 ```
 
-In your agent runner, you simply include `thread_id` and `state_snapshot` when you first call LetsPing from inside a LangGraph node. The checkpointer and webhook then keep the thread resumable across restarts.
+In your agent runner, you simply include `thread_id` and `state_snapshot` when you first call LetsPing from inside a LangGraph node. The checkpointer and webhook then keep the thread resumable across restarts. If the human edited the payload in the dashboard, `data.patched_payload` (or `data.payload`) is available in the webhook payload — use your framework’s normal state-update or channel overwrite semantics to inject the approved payload into the resumed graph so the run sees the correct values.
 
 ## API Reference
 
@@ -219,7 +241,7 @@ Blocks until resolved (approve / reject / timeout).
 | `payload`    | `Record<string, any>`           | Context passed to human operator (and returned in Decision)                 |
 | `priority`   | `"low" \| "medium" \| "high" \| "critical"` | Routing priority in dashboard                                               |
 | `schema`     | `object`                        | JSON Schema (draft 07) — generates editable form in dashboard               |
-| `timeoutMs`  | `number`                        | Max wait time (default: 86_400_000 ms = 24 hours)                           |
+| `timeoutMs`  | `number`                        | Max wait time in **milliseconds** (default: 86_400_000 ms = 24 hours)      |
 
 ### `lp.defer(options): Promise<{ id: string }>`
 
@@ -229,12 +251,14 @@ Fire-and-forget: queues request and returns request ID immediately. Same options
 
 ```typescript
 interface Decision {
-  status: "APPROVED" | "REJECTED";
+  status: "APPROVED" | "REJECTED" | "APPROVED_WITH_MODIFICATIONS";
   payload: Record<string, any>;          // Original payload sent by agent
   patched_payload?: Record<string, any>; // Human-edited values (if modified)
-  metadata: {
+  diff_summary?: any;                    // Field-level diff between payload and patched_payload
+  metadata?: {
     actor_id: string;                    // ID/email of the approving/rejecting human
     resolved_at: string;                 // ISO 8601 timestamp
+    method?: string;                     // Optional resolution method (e.g. "dashboard")
   };
 }
 ```
@@ -242,6 +266,17 @@ interface Decision {
 For full documentation, request schema examples, error codes, and dashboard integration see:  
 https://letsping.co/docs#sdk
 
+### Agent-to-Agent Escrow (optional)
+
+For multi-agent systems that want cryptographic guarantees around handoffs, the SDK exposes:
+
+- `signAgentCall(agentId, secret, call)` to attach `agent_id` and `agent_signature` to `/ingest` calls.
+- `signIngestBody(agentId, secret, body)` to take an existing ingest body (`{ project_id, service, action, payload }`) and return it with `agent_id` and `agent_signature` attached.
+- `verifyEscrow(event, secret)` to validate LetsPing escrow webhooks.
+- `chainHandoff(previous, nextData, secret)` to safely construct downstream handoffs tied to the original request id.
+
+See the one-page spec at `/docs/agent-escrow-spec` in the LetsPing web app for the exact wire format and interoperability rules.
+
 Deploy agents with confidence.
 
 ## 2-Minute Demo (Node/TypeScript)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@letsping/sdk",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Behavioral Firewall and Cryo-Sleep State Parking for Autonomous Agents",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",

package/src/index.d.ts

@@ -8,15 +8,67 @@ export interface RequestOptions {
     timeoutMs?: number;
 }
 export interface Decision {
-    status: "APPROVED" | "REJECTED";
+    status: "APPROVED" | "REJECTED" | "APPROVED_WITH_MODIFICATIONS";
     payload: any;
     patched_payload?: any;
+    diff_summary?: any;
     metadata?: {
         resolved_at: string;
         actor_id: string;
         method?: string;
     };
 }
+export interface EscrowEnvelope {
+    id: string;
+    event: string;
+    data: any;
+    escrow?: {
+        mode: "none" | "handoff" | "finalized";
+        handoff_signature: string | null;
+        upstream_agent_id: string | null;
+        downstream_agent_id: string | null;
+    };
+}
+export declare function verifyEscrow(event: EscrowEnvelope, secret: string): boolean;
+export interface AgentCallPayload {
+    project_id: string;
+    service: string;
+    action: string;
+    payload: any;
+}
+export declare function signAgentCall(agentId: string, secret: string, call: AgentCallPayload): {
+    agent_id: string;
+    agent_signature: string;
+};
+export declare function signIngestBody(agentId: string, secret: string, body: {
+    project_id: string;
+    service: string;
+    action: string;
+    payload: any;
+}): {
+    project_id: string;
+    service: string;
+    action: string;
+    payload: any;
+    agent_id: string;
+    agent_signature: string;
+};
+export declare function verifyAgentSignature(agentId: string, secret: string, call: AgentCallPayload, signature: string): boolean;
+export declare function chainHandoff(previous: EscrowEnvelope, nextData: {
+    service: string;
+    action: string;
+    payload: any;
+    upstream_agent_id: string;
+    downstream_agent_id: string;
+}, secret: string): {
+    payload: any;
+    escrow: {
+        mode: "handoff";
+        upstream_agent_id: string;
+        downstream_agent_id: string;
+        handoff_signature: string;
+    };
+};
 export declare class LetsPingError extends Error {
     status?: number | undefined;
     constructor(message: string, status?: number | undefined);
@@ -26,10 +78,15 @@ export declare class LetsPing {
     private readonly baseUrl;
     constructor(apiKey?: string, options?: {
         baseUrl?: string;
+        encryptionKey?: string;
     });
     ask(options: RequestOptions): Promise<Decision>;
     defer(options: RequestOptions): Promise<{
         id: string;
     }>;
+    waitForDecision(id: string, options?: {
+        originalPayload?: Record<string, any>;
+        timeoutMs?: number;
+    }): Promise<Decision>;
     private request;
 }

package/src/index.ts

@@ -1,6 +1,6 @@
 import { createCipheriv, createDecipheriv, randomBytes, createHmac } from "node:crypto";
 
-let SDK_VERSION = "0.2.0";
+let SDK_VERSION = "0.2.1";
 try {
 
     SDK_VERSION = require("../package.json").version;
@@ -153,6 +153,129 @@ function computeDiff(original: any, patched: any): any {
     return hasChanges ? changes : null;
 }
 
+export interface EscrowEnvelope {
+    id: string;
+    event: string;
+    data: any;
+    escrow?: {
+        mode: "none" | "handoff" | "finalized";
+        handoff_signature: string | null;
+        upstream_agent_id: string | null;
+        downstream_agent_id: string | null;
+    };
+}
+
+export function verifyEscrow(event: EscrowEnvelope, secret: string): boolean {
+    if (!event.escrow || !event.escrow.handoff_signature) return false;
+    const base = {
+        id: event.id,
+        event: event.event,
+        data: event.data,
+        upstream_agent_id: event.escrow.upstream_agent_id,
+        downstream_agent_id: event.escrow.downstream_agent_id,
+    };
+    const expected = createHmac("sha256", secret).update(JSON.stringify(base)).digest("hex");
+    return expected === event.escrow.handoff_signature;
+}
+
+export interface AgentCallPayload {
+    project_id: string;
+    service: string;
+    action: string;
+    payload: any;
+}
+
+export function signAgentCall(agentId: string, secret: string, call: AgentCallPayload): {
+    agent_id: string;
+    agent_signature: string;
+} {
+    const canonical = JSON.stringify({
+        project_id: call.project_id,
+        service: call.service,
+        action: call.action,
+        payload: call.payload,
+    });
+    const signature = createHmac("sha256", secret).update(canonical).digest("hex");
+    return {
+        agent_id: agentId,
+        agent_signature: signature,
+    };
+}
+
+export function signIngestBody(
+    agentId: string,
+    secret: string,
+    body: {
+        project_id: string;
+        service: string;
+        action: string;
+        payload: any;
+    }
+): {
+    project_id: string;
+    service: string;
+    action: string;
+    payload: any;
+    agent_id: string;
+    agent_signature: string;
+} {
+    const { agent_id, agent_signature } = signAgentCall(agentId, secret, {
+        project_id: body.project_id,
+        service: body.service,
+        action: body.action,
+        payload: body.payload,
+    });
+    return {
+        ...body,
+        agent_id,
+        agent_signature,
+    };
+}
+
+export function verifyAgentSignature(
+    agentId: string,
+    secret: string,
+    call: AgentCallPayload,
+    signature: string
+): boolean {
+    const { agent_signature } = signAgentCall(agentId, secret, call);
+    return agent_signature === signature;
+}
+
+export function chainHandoff(previous: EscrowEnvelope, nextData: {
+    service: string;
+    action: string;
+    payload: any;
+    upstream_agent_id: string;
+    downstream_agent_id: string;
+}, secret: string): {
+    payload: any;
+    escrow: {
+        mode: "handoff";
+        upstream_agent_id: string;
+        downstream_agent_id: string;
+        handoff_signature: string;
+    };
+} {
+    const base = {
+        id: previous.id,
+        event: previous.event,
+        data: nextData.payload,
+        upstream_agent_id: nextData.upstream_agent_id,
+        downstream_agent_id: nextData.downstream_agent_id,
+    };
+    const handoff_signature = createHmac("sha256", secret).update(JSON.stringify(base)).digest("hex");
+    return {
+        payload: nextData.payload,
+        escrow: {
+            mode: "handoff",
+            upstream_agent_id: nextData.upstream_agent_id,
+            downstream_agent_id: nextData.downstream_agent_id,
+            handoff_signature,
+        },
+    };
+}
+
 export class LetsPing {
     private readonly apiKey: string;
     private readonly baseUrl: string;
@@ -434,6 +557,56 @@ export class LetsPing {
         }
     }
 
+    async waitForDecision(
+        id: string,
+        options?: { originalPayload?: Record<string, any>; timeoutMs?: number }
+    ): Promise<Decision> {
+        const basePayload = options?.originalPayload || {};
+        const timeout = options?.timeoutMs || 24 * 60 * 60 * 1000;
+        const start = Date.now();
+        let delay = 1000;
+        const maxDelay = 10000;
+
+        while (Date.now() - start < timeout) {
+            try {
+                const check = await this.request<any>("GET", `/status/${id}`);
+
+                if (check.status === "APPROVED" || check.status === "REJECTED") {
+                    const decryptedPayload = this._decrypt(check.payload) ?? basePayload;
+                    const decryptedPatched = check.patched_payload ? this._decrypt(check.patched_payload) : undefined;
+
+                    let diff_summary;
+                    let finalStatus: Decision["status"] = check.status;
+                    if (check.status === "APPROVED" && decryptedPatched !== undefined) {
+                        finalStatus = "APPROVED_WITH_MODIFICATIONS";
+                        const diff = computeDiff(decryptedPayload, decryptedPatched);
+                        diff_summary = diff ? { changes: diff } : { changes: "Unknown structure changes" };
+                    }
+
+                    return {
+                        status: finalStatus,
+                        payload: decryptedPayload,
+                        patched_payload: decryptedPatched,
+                        diff_summary,
+                        metadata: {
+                            resolved_at: check.resolved_at,
+                            actor_id: check.actor_id,
+                        }
+                    };
+                }
+            } catch (e: any) {
+                const s = e.status;
+                if (s && s >= 400 && s < 500 && s !== 404 && s !== 429) throw e;
+            }
+
+            const jitter = Math.random() * 200;
+            await new Promise(r => setTimeout(r, delay + jitter));
+            delay = Math.min(delay * 1.5, maxDelay);
+        }
+
+        throw new LetsPingError(`Request ${id} timed out waiting for approval.`);
+    }
+
     tool(service: string, action: string, priority: Priority = "medium"): (context: string | Record<string, any>) => Promise<string> {
         return async (context: string | Record<string, any>): Promise<string> => {
             let payload: Record<string, any>;

package/dist/index.d.mts

@@ -1,37 +0,0 @@
-type Priority = "low" | "medium" | "high" | "critical";
-interface RequestOptions {
-    service: string;
-    action: string;
-    payload: Record<string, any>;
-    priority?: Priority;
-    schema?: Record<string, any>;
-    timeoutMs?: number;
-}
-interface Decision {
-    status: "APPROVED" | "REJECTED";
-    payload: any;
-    patched_payload?: any;
-    metadata?: {
-        resolved_at: string;
-        actor_id: string;
-        method?: string;
-    };
-}
-declare class LetsPingError extends Error {
-    status?: number | undefined;
-    constructor(message: string, status?: number | undefined);
-}
-declare class LetsPing {
-    private readonly apiKey;
-    private readonly baseUrl;
-    constructor(apiKey?: string, options?: {
-        baseUrl?: string;
-    });
-    ask(options: RequestOptions): Promise<Decision>;
-    defer(options: RequestOptions): Promise<{
-        id: string;
-    }>;
-    private request;
-}
-
-export { type Decision, LetsPing, LetsPingError, type Priority, type RequestOptions };

package/dist/index.d.ts

@@ -1,59 +0,0 @@
-export type Priority = "low" | "medium" | "high" | "critical";
-export interface RequestOptions {
-    service: string;
-    action: string;
-    payload: Record<string, any>;
-    priority?: Priority;
-    schema?: Record<string, any>;
-    state_snapshot?: Record<string, any>;
-    timeoutMs?: number;
-    role?: string;
-    /**
-     * Optional distributed tracing identifiers. If provided, these will be
-     * attached to the request envelope so downstream frameworks can stitch
-     * together multi-agent flows.
-     */
-    trace_id?: string;
-    parent_request_id?: string;
-}
-export interface Decision {
-    status: "APPROVED" | "REJECTED" | "APPROVED_WITH_MODIFICATIONS";
-    payload: any;
-    patched_payload?: any;
-    diff_summary?: any;
-    metadata?: {
-        resolved_at: string;
-        actor_id: string;
-        method?: string;
-    };
-}
-export declare class LetsPingError extends Error {
-    status?: number | undefined;
-    constructor(message: string, status?: number | undefined);
-}
-declare function computeDiff(original: any, patched: any): any;
-export declare class LetsPing {
-    private readonly apiKey;
-    private readonly baseUrl;
-    private readonly encryptionKey;
-    constructor(apiKey?: string, options?: {
-        baseUrl?: string;
-        encryptionKey?: string;
-    });
-    private _encrypt;
-    private _decrypt;
-    private _prepareStateUpload;
-    ask(options: RequestOptions): Promise<Decision>;
-    defer(options: RequestOptions): Promise<{
-        id: string;
-    }>;
-    private request;
-    tool(service: string, action: string, priority?: Priority): (context: string | Record<string, any>) => Promise<string>;
-    webhookHandler(payloadStr: string, signatureHeader: string, webhookSecret: string): Promise<{
-        id: string;
-        event: string;
-        data: Decision;
-        state_snapshot?: Record<string, any>;
-    }>;
-}
-export { computeDiff };