@lockllm/sdk 1.0.0

package/SECURITY.md

@@ -0,0 +1,261 @@
+# Security Policy
+
+## Reporting Security Vulnerabilities
+
+LockLLM takes security seriously. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
+
+### How to Report a Vulnerability
+
+**DO NOT** report security vulnerabilities through public GitHub issues.
+
+Instead, please report security vulnerabilities by emailing:
+
+**support@lockllm.com**
+
+### What to Include in Your Report
+
+Please include the following information to help us better understand and address the issue:
+
+- **Type of vulnerability** (e.g., injection, authentication bypass, data exposure)
+- **Full paths of source file(s)** related to the vulnerability
+- **Location of the affected source code** (tag/branch/commit or direct URL)
+- **Step-by-step instructions** to reproduce the issue
+- **Proof-of-concept or exploit code** (if possible)
+- **Impact assessment** - what an attacker could achieve
+- **Suggested remediation** (if you have ideas)
+
+### Response Timeline
+
+- **Initial Response**: Within 48 hours of report submission
+- **Status Update**: Within 7 days with assessment and next steps
+- **Resolution**: Depends on severity and complexity, typically 30-90 days
+
+### What to Expect
+
+1. **Acknowledgment** - We will confirm receipt of your vulnerability report
+2. **Assessment** - We will evaluate the vulnerability and its impact
+3. **Remediation** - We will develop and test a fix
+4. **Disclosure** - We will coordinate the public disclosure with you
+5. **Credit** - We will acknowledge your contribution (unless you prefer to remain anonymous)
+
+## Supported Versions
+
+We provide security updates for the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.1.x   | :white_check_mark: |
+| 1.0.x   | :white_check_mark: |
+| < 1.0   | :x:                |
+
+## Security Best Practices for Users
+
+### API Key Security
+
+**LockLLM API Keys**
+- Never commit API keys to version control
+- Use environment variables for storing keys
+- Rotate keys regularly through the dashboard
+- Revoke compromised keys immediately at https://www.lockllm.com/dashboard
+
+**Provider API Keys**
+- Only add provider keys through the LockLLM dashboard
+- Never include provider keys in your application code
+- Keys are encrypted at rest with AES-256
+- Monitor key usage through the dashboard
+
+### Rate Limiting
+
+- Implement rate limiting in your application
+- Use the SDK's built-in retry logic for transient failures
+- Monitor `RateLimitError` exceptions and adjust as needed
+- Contact support@lockllm.com for rate limit increases
+
+### Error Handling
+
+- Always handle `PromptInjectionError` gracefully
+- Log security incidents without exposing sensitive data
+- Use request IDs for incident investigation
+- Implement monitoring for security events
+
+**Secure Error Handling Example:**
+```typescript
+try {
+  const response = await client.chat.completions.create({
+    model: "gpt-4",
+    messages: [{ role: "user", content: userInput }]
+  });
+} catch (error) {
+  if (error instanceof PromptInjectionError) {
+    // Log securely - don't expose user input in logs
+    logger.warn('Security threat detected', {
+      requestId: error.requestId,
+      confidence: error.scanResult.injection,
+      timestamp: new Date()
+    });
+    
+    // Return user-friendly error
+    return res.status(400).json({
+      error: 'Invalid input detected. Please try again.'
+    });
+  }
+}
+```
+
+### Input Validation
+
+- Always scan user input before passing to LLMs
+- Use appropriate sensitivity levels for your use case
+- Implement additional validation for high-risk applications
+- Consider scanning retrieved documents and external content
+
+### Secure Configuration
+
+```typescript
+// Good - Use environment variables
+const client = new LockLLM({
+  apiKey: process.env.LOCKLLM_API_KEY,
+  timeout: 30000,
+  maxRetries: 3
+});
+
+// Bad - Hardcoded keys
+const client = new LockLLM({
+  apiKey: 'llm_abc123...' // Never do this!
+});
+```
+
+### Network Security
+
+- Always use HTTPS in production
+- Implement request timeout protection
+- Use the SDK's built-in retry logic
+- Monitor network errors and patterns
+
+### Monitoring and Logging
+
+**What to Log:**
+- Security incidents (blocked requests)
+- Authentication failures
+- Rate limit hits
+- Request IDs for debugging
+
+**What NOT to Log:**
+- API keys
+- Full user prompts (only metadata)
+- Provider API keys
+- Personal information
+
+## Security Features
+
+### Data Privacy
+
+- **Zero Storage**: Prompts are never stored, only scanned in-memory
+- **Metadata Only**: Only non-sensitive metadata is logged
+- **Encryption**: All data encrypted in transit (TLS 1.3)
+- **Compliance**: GDPR and SOC 2 compliant architecture
+
+### Authentication
+
+- Bearer token authentication for all API requests
+- API keys encrypted with AES-256 at rest
+- Keys never exposed in responses or logs
+- Easy rotation through dashboard
+
+### Threat Detection
+
+- **Prompt Injection**: ML-based detection of injection attacks
+- **Jailbreak Detection**: Identifies policy bypass attempts
+- **System Prompt Extraction**: Prevents secret leakage
+- **Tool Abuse**: Detects agent hijacking
+- **RAG Injection**: Scans for poisoned context
+- **Obfuscation**: Catches encoded attacks
+
+## Known Limitations
+
+### Network Security
+- SDK relies on TLS for transport security
+- Custom baseURL configurations are not validated
+- Users are responsible for network-level security
+
+### Rate Limiting
+- Free tier: 1,000 requests per minute
+- Aggressive retry logic may compound rate limit issues
+- Monitor rate limit errors in production
+
+### Input Size
+- Maximum input size: 100,000 characters
+- Larger inputs may be chunked (affects latency)
+- Performance degrades with very large inputs
+
+## Disclosure Policy
+
+### Coordinated Disclosure
+
+We follow responsible disclosure principles:
+
+1. **Private Notification** - We will notify you before public disclosure
+2. **Coordination** - We will work with you on disclosure timing
+3. **Credit** - We will credit you in release notes (unless anonymous)
+4. **Timeline** - Typically 90 days from report to public disclosure
+
+### Public Disclosure
+
+After a fix is released:
+
+- **Security Advisory** - Published on GitHub
+- **CVE Assignment** - For critical vulnerabilities
+- **Release Notes** - Included in CHANGELOG.md
+- **Blog Post** - For significant vulnerabilities
+
+## Security Updates
+
+### How to Stay Informed
+
+- Watch the GitHub repository for security advisories
+- Subscribe to security notifications at https://www.lockllm.com/security
+- Follow @lockllm on Twitter for announcements
+- Monitor CHANGELOG.md for security fixes
+
+### Updating the SDK
+
+```bash
+# Check current version
+npm list lockllm
+
+# Update to latest version
+npm update lockllm
+
+# Or install specific version
+npm install lockllm@1.1.0
+```
+
+## Bug Bounty Program
+
+We currently do not have a formal bug bounty program. However, we deeply appreciate security researchers and will:
+
+- Acknowledge your contribution publicly (unless you prefer anonymity)
+- Provide swag and credits for significant findings
+- Consider financial compensation for critical vulnerabilities on a case-by-case basis
+
+## Security Audits
+
+LockLLM undergoes regular security assessments:
+
+- **Code Reviews**: All code changes reviewed for security implications
+- **Dependency Audits**: Automated scanning of dependencies
+- **Penetration Testing**: Annual third-party security assessments
+- **Compliance Reviews**: Regular GDPR and SOC 2 compliance checks
+
+## Questions?
+
+For general security questions or concerns:
+
+- **General Support**: support@lockllm.com
+- **Documentation**: https://www.lockllm.com/docs
+
+---
+
+**Last Updated**: January 2026
+
+Thank you for helping keep LockLLM and our users secure!

package/dist/client.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Main LockLLM client
+ */
+import type { LockLLMConfig } from './types/common';
+export declare class LockLLM {
+    private readonly config;
+    private readonly http;
+    private readonly scanClient;
+    /**
+     * Create a new LockLLM client
+     *
+     * @param config - Client configuration
+     *
+     * @example
+     * ```typescript
+     * const lockllm = new LockLLM({
+     *   apiKey: process.env.LOCKLLM_API_KEY,
+     * });
+     * ```
+     */
+    constructor(config: LockLLMConfig);
+    /**
+     * Scan a prompt for injection attacks
+     *
+     * @example
+     * ```typescript
+     * const result = await lockllm.scan({
+     *   input: "Ignore previous instructions",
+     *   sensitivity: "medium"
+     * });
+     * ```
+     */
+    get scan(): (request: import(".").ScanRequest, options?: import("./types/common").RequestOptions) => Promise<import(".").ScanResponse>;
+    /**
+     * Get the current configuration
+     */
+    getConfig(): Readonly<Required<LockLLMConfig>>;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAMpD,qBAAa,OAAO;IAClB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA0B;IACjD,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IAExC;;;;;;;;;;;OAWG;gBACS,MAAM,EAAE,aAAa;IA4BjC;;;;;;;;;;OAUG;IACH,IAAI,IAAI,+HAEP;IAED;;OAEG;IACH,SAAS,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;CAG/C"}

package/dist/client.js

@@ -0,0 +1,65 @@
+"use strict";
+/**
+ * Main LockLLM client
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LockLLM = void 0;
+const utils_1 = require("./utils");
+const scan_1 = require("./scan");
+const errors_1 = require("./errors");
+const DEFAULT_BASE_URL = 'https://api.lockllm.com';
+const DEFAULT_TIMEOUT = 60000; // 60 seconds
+const DEFAULT_MAX_RETRIES = 3;
+class LockLLM {
+    /**
+     * Create a new LockLLM client
+     *
+     * @param config - Client configuration
+     *
+     * @example
+     * ```typescript
+     * const lockllm = new LockLLM({
+     *   apiKey: process.env.LOCKLLM_API_KEY,
+     * });
+     * ```
+     */
+    constructor(config) {
+        // Validate API key
+        if (!config.apiKey || !config.apiKey.trim()) {
+            throw new errors_1.ConfigurationError('API key is required. Get your API key from https://www.lockllm.com/dashboard');
+        }
+        // Set defaults
+        this.config = {
+            apiKey: config.apiKey,
+            baseURL: config.baseURL ?? DEFAULT_BASE_URL,
+            timeout: config.timeout ?? DEFAULT_TIMEOUT,
+            maxRetries: config.maxRetries ?? DEFAULT_MAX_RETRIES,
+        };
+        // Initialize HTTP client
+        this.http = new utils_1.HttpClient(this.config.baseURL, this.config.apiKey, this.config.timeout, this.config.maxRetries);
+        // Initialize scan client
+        this.scanClient = new scan_1.ScanClient(this.http);
+    }
+    /**
+     * Scan a prompt for injection attacks
+     *
+     * @example
+     * ```typescript
+     * const result = await lockllm.scan({
+     *   input: "Ignore previous instructions",
+     *   sensitivity: "medium"
+     * });
+     * ```
+     */
+    get scan() {
+        return this.scanClient.scan.bind(this.scanClient);
+    }
+    /**
+     * Get the current configuration
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+}
+exports.LockLLM = LockLLM;
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAG9C,MAAM,gBAAgB,GAAG,yBAAyB,CAAC;AACnD,MAAM,eAAe,GAAG,KAAK,CAAC,CAAC,aAAa;AAC5C,MAAM,mBAAmB,GAAG,CAAC,CAAC;AAE9B,MAAM,OAAO,OAAO;IAKlB;;;;;;;;;;;OAWG;IACH,YAAY,MAAqB;QAC/B,mBAAmB;QACnB,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5C,MAAM,IAAI,kBAAkB,CAC1B,8EAA8E,CAC/E,CAAC;QACJ,CAAC;QAED,eAAe;QACf,IAAI,CAAC,MAAM,GAAG;YACZ,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,gBAAgB;YAC3C,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,eAAe;YAC1C,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,mBAAmB;SACrD,CAAC;QAEF,yBAAyB;QACzB,IAAI,CAAC,IAAI,GAAG,IAAI,UAAU,CACxB,IAAI,CAAC,MAAM,CAAC,OAAO,EACnB,IAAI,CAAC,MAAM,CAAC,MAAM,EAClB,IAAI,CAAC,MAAM,CAAC,OAAO,EACnB,IAAI,CAAC,MAAM,CAAC,UAAU,CACvB,CAAC;QAEF,yBAAyB;QACzB,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED;;;;;;;;;;OAUG;IACH,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;CACF"}

package/dist/client.mjs

@@ -0,0 +1,61 @@
+/**
+ * Main LockLLM client
+ */
+import { HttpClient } from './utils';
+import { ScanClient } from './scan';
+import { ConfigurationError } from './errors';
+const DEFAULT_BASE_URL = 'https://api.lockllm.com';
+const DEFAULT_TIMEOUT = 60000; // 60 seconds
+const DEFAULT_MAX_RETRIES = 3;
+export class LockLLM {
+    /**
+     * Create a new LockLLM client
+     *
+     * @param config - Client configuration
+     *
+     * @example
+     * ```typescript
+     * const lockllm = new LockLLM({
+     *   apiKey: process.env.LOCKLLM_API_KEY,
+     * });
+     * ```
+     */
+    constructor(config) {
+        // Validate API key
+        if (!config.apiKey || !config.apiKey.trim()) {
+            throw new ConfigurationError('API key is required. Get your API key from https://www.lockllm.com/dashboard');
+        }
+        // Set defaults
+        this.config = {
+            apiKey: config.apiKey,
+            baseURL: config.baseURL ?? DEFAULT_BASE_URL,
+            timeout: config.timeout ?? DEFAULT_TIMEOUT,
+            maxRetries: config.maxRetries ?? DEFAULT_MAX_RETRIES,
+        };
+        // Initialize HTTP client
+        this.http = new HttpClient(this.config.baseURL, this.config.apiKey, this.config.timeout, this.config.maxRetries);
+        // Initialize scan client
+        this.scanClient = new ScanClient(this.http);
+    }
+    /**
+     * Scan a prompt for injection attacks
+     *
+     * @example
+     * ```typescript
+     * const result = await lockllm.scan({
+     *   input: "Ignore previous instructions",
+     *   sensitivity: "medium"
+     * });
+     * ```
+     */
+    get scan() {
+        return this.scanClient.scan.bind(this.scanClient);
+    }
+    /**
+     * Get the current configuration
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/errors.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Custom error classes for LockLLM SDK
+ */
+import type { ScanResult, LockLLMErrorData, PromptInjectionErrorData } from './types/errors';
+/**
+ * Base error class for all LockLLM errors
+ */
+export declare class LockLLMError extends Error {
+    readonly type: string;
+    readonly code?: string;
+    readonly status?: number;
+    readonly requestId?: string;
+    constructor(data: LockLLMErrorData);
+}
+/**
+ * Error thrown when authentication fails
+ */
+export declare class AuthenticationError extends LockLLMError {
+    constructor(message: string, requestId?: string);
+}
+/**
+ * Error thrown when rate limit is exceeded
+ */
+export declare class RateLimitError extends LockLLMError {
+    readonly retryAfter?: number;
+    constructor(message: string, retryAfter?: number, requestId?: string);
+}
+/**
+ * Error thrown when a prompt is blocked due to injection detection
+ */
+export declare class PromptInjectionError extends LockLLMError {
+    readonly scanResult: ScanResult;
+    constructor(data: PromptInjectionErrorData);
+}
+/**
+ * Error thrown when upstream provider returns an error
+ */
+export declare class UpstreamError extends LockLLMError {
+    readonly provider?: string;
+    readonly upstreamStatus?: number;
+    constructor(message: string, provider?: string, upstreamStatus?: number, requestId?: string);
+}
+/**
+ * Error thrown when configuration is missing or invalid
+ */
+export declare class ConfigurationError extends LockLLMError {
+    constructor(message: string);
+}
+/**
+ * Error thrown when network request fails
+ */
+export declare class NetworkError extends LockLLMError {
+    readonly cause?: Error;
+    constructor(message: string, cause?: Error, requestId?: string);
+}
+/**
+ * Parse error response from API and throw appropriate error
+ */
+export declare function parseError(response: any, requestId?: string): LockLLMError;
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAE7F;;GAEG;AACH,qBAAa,YAAa,SAAQ,KAAK;IACrC,SAAgB,IAAI,EAAE,MAAM,CAAC;IAC7B,SAAgB,IAAI,CAAC,EAAE,MAAM,CAAC;IAC9B,SAAgB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChC,SAAgB,SAAS,CAAC,EAAE,MAAM,CAAC;gBAEvB,IAAI,EAAE,gBAAgB;CAanC;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,YAAY;gBACvC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM;CAUhD;AAED;;GAEG;AACH,qBAAa,cAAe,SAAQ,YAAY;IAC9C,SAAgB,UAAU,CAAC,EAAE,MAAM,CAAC;gBAExB,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM;CAWrE;AAED;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,YAAY;IACpD,SAAgB,UAAU,EAAE,UAAU,CAAC;gBAE3B,IAAI,EAAE,wBAAwB;CAW3C;AAED;;GAEG;AACH,qBAAa,aAAc,SAAQ,YAAY;IAC7C,SAAgB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClC,SAAgB,cAAc,CAAC,EAAE,MAAM,CAAC;gBAGtC,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,MAAM,EACjB,cAAc,CAAC,EAAE,MAAM,EACvB,SAAS,CAAC,EAAE,MAAM;CAarB;AAED;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,YAAY;gBACtC,OAAO,EAAE,MAAM;CAS5B;AAED;;GAEG;AACH,qBAAa,YAAa,SAAQ,YAAY;IAC5C,SAAgB,KAAK,CAAC,EAAE,KAAK,CAAC;gBAElB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE,MAAM;CAW/D;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,GAAG,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,YAAY,CAsD1E"}

package/dist/errors.js

@@ -0,0 +1,175 @@
+"use strict";
+/**
+ * Custom error classes for LockLLM SDK
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NetworkError = exports.ConfigurationError = exports.UpstreamError = exports.PromptInjectionError = exports.RateLimitError = exports.AuthenticationError = exports.LockLLMError = void 0;
+exports.parseError = parseError;
+/**
+ * Base error class for all LockLLM errors
+ */
+class LockLLMError extends Error {
+    constructor(data) {
+        super(data.message);
+        this.name = 'LockLLMError';
+        this.type = data.type;
+        this.code = data.code;
+        this.status = data.status;
+        this.requestId = data.requestId;
+        // Maintains proper stack trace for where our error was thrown (only available on V8)
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, this.constructor);
+        }
+    }
+}
+exports.LockLLMError = LockLLMError;
+/**
+ * Error thrown when authentication fails
+ */
+class AuthenticationError extends LockLLMError {
+    constructor(message, requestId) {
+        super({
+            message,
+            type: 'authentication_error',
+            code: 'unauthorized',
+            status: 401,
+            requestId,
+        });
+        this.name = 'AuthenticationError';
+    }
+}
+exports.AuthenticationError = AuthenticationError;
+/**
+ * Error thrown when rate limit is exceeded
+ */
+class RateLimitError extends LockLLMError {
+    constructor(message, retryAfter, requestId) {
+        super({
+            message,
+            type: 'rate_limit_error',
+            code: 'rate_limited',
+            status: 429,
+            requestId,
+        });
+        this.name = 'RateLimitError';
+        this.retryAfter = retryAfter;
+    }
+}
+exports.RateLimitError = RateLimitError;
+/**
+ * Error thrown when a prompt is blocked due to injection detection
+ */
+class PromptInjectionError extends LockLLMError {
+    constructor(data) {
+        super({
+            message: data.message,
+            type: 'lockllm_security_error',
+            code: 'prompt_injection_detected',
+            status: 400,
+            requestId: data.requestId,
+        });
+        this.name = 'PromptInjectionError';
+        this.scanResult = data.scanResult;
+    }
+}
+exports.PromptInjectionError = PromptInjectionError;
+/**
+ * Error thrown when upstream provider returns an error
+ */
+class UpstreamError extends LockLLMError {
+    constructor(message, provider, upstreamStatus, requestId) {
+        super({
+            message,
+            type: 'upstream_error',
+            code: 'provider_error',
+            status: 502,
+            requestId,
+        });
+        this.name = 'UpstreamError';
+        this.provider = provider;
+        this.upstreamStatus = upstreamStatus;
+    }
+}
+exports.UpstreamError = UpstreamError;
+/**
+ * Error thrown when configuration is missing or invalid
+ */
+class ConfigurationError extends LockLLMError {
+    constructor(message) {
+        super({
+            message,
+            type: 'configuration_error',
+            code: 'invalid_config',
+            status: 400,
+        });
+        this.name = 'ConfigurationError';
+    }
+}
+exports.ConfigurationError = ConfigurationError;
+/**
+ * Error thrown when network request fails
+ */
+class NetworkError extends LockLLMError {
+    constructor(message, cause, requestId) {
+        super({
+            message,
+            type: 'network_error',
+            code: 'connection_failed',
+            status: 0,
+            requestId,
+        });
+        this.name = 'NetworkError';
+        this.cause = cause;
+    }
+}
+exports.NetworkError = NetworkError;
+/**
+ * Parse error response from API and throw appropriate error
+ */
+function parseError(response, requestId) {
+    const error = response?.error;
+    if (!error) {
+        return new LockLLMError({
+            message: 'Unknown error occurred',
+            type: 'unknown_error',
+            requestId,
+        });
+    }
+    // Prompt injection error
+    if (error.code === 'prompt_injection_detected' && error.scan_result) {
+        return new PromptInjectionError({
+            message: error.message,
+            type: error.type,
+            code: error.code,
+            status: 400,
+            requestId: error.request_id || requestId,
+            scanResult: error.scan_result,
+        });
+    }
+    // Authentication error
+    if (error.type === 'authentication_error' || error.code === 'unauthorized') {
+        return new AuthenticationError(error.message, requestId);
+    }
+    // Rate limit error
+    if (error.type === 'rate_limit_error' || error.code === 'rate_limited') {
+        return new RateLimitError(error.message, undefined, requestId);
+    }
+    // Upstream provider error
+    if (error.type === 'upstream_error' || error.code === 'provider_error') {
+        return new UpstreamError(error.message, undefined, undefined, requestId);
+    }
+    // Configuration error
+    if (error.type === 'configuration_error' ||
+        error.type === 'lockllm_config_error' ||
+        error.code === 'no_upstream_key') {
+        return new ConfigurationError(error.message);
+    }
+    // Generic error
+    return new LockLLMError({
+        message: error.message || 'An error occurred',
+        type: error.type || 'unknown_error',
+        code: error.code,
+        requestId,
+    });
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;GAEG;AACH,MAAM,OAAO,YAAa,SAAQ,KAAK;IAMrC,YAAY,IAAsB;QAChC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpB,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACtB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACtB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAEhC,qFAAqF;QACrF,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;YAC5B,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,mBAAoB,SAAQ,YAAY;IACnD,YAAY,OAAe,EAAE,SAAkB;QAC7C,KAAK,CAAC;YACJ,OAAO;YACP,IAAI,EAAE,sBAAsB;YAC5B,IAAI,EAAE,cAAc;YACpB,MAAM,EAAE,GAAG;YACX,SAAS;SACV,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,cAAe,SAAQ,YAAY;IAG9C,YAAY,OAAe,EAAE,UAAmB,EAAE,SAAkB;QAClE,KAAK,CAAC;YACJ,OAAO;YACP,IAAI,EAAE,kBAAkB;YACxB,IAAI,EAAE,cAAc;YACpB,MAAM,EAAE,GAAG;YACX,SAAS;SACV,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,oBAAqB,SAAQ,YAAY;IAGpD,YAAY,IAA8B;QACxC,KAAK,CAAC;YACJ,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,wBAAwB;YAC9B,IAAI,EAAE,2BAA2B;YACjC,MAAM,EAAE,GAAG;YACX,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACpC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,aAAc,SAAQ,YAAY;IAI7C,YACE,OAAe,EACf,QAAiB,EACjB,cAAuB,EACvB,SAAkB;QAElB,KAAK,CAAC;YACJ,OAAO;YACP,IAAI,EAAE,gBAAgB;YACtB,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,GAAG;YACX,SAAS;SACV,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;QAC5B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACvC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,kBAAmB,SAAQ,YAAY;IAClD,YAAY,OAAe;QACzB,KAAK,CAAC;YACJ,OAAO;YACP,IAAI,EAAE,qBAAqB;YAC3B,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,YAAa,SAAQ,YAAY;IAG5C,YAAY,OAAe,EAAE,KAAa,EAAE,SAAkB;QAC5D,KAAK,CAAC;YACJ,OAAO;YACP,IAAI,EAAE,eAAe;YACrB,IAAI,EAAE,mBAAmB;YACzB,MAAM,EAAE,CAAC;YACT,SAAS;SACV,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;QAC3B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,QAAa,EAAE,SAAkB;IAC1D,MAAM,KAAK,GAAG,QAAQ,EAAE,KAAK,CAAC;IAE9B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,YAAY,CAAC;YACtB,OAAO,EAAE,wBAAwB;YACjC,IAAI,EAAE,eAAe;YACrB,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,yBAAyB;IACzB,IAAI,KAAK,CAAC,IAAI,KAAK,2BAA2B,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACpE,OAAO,IAAI,oBAAoB,CAAC;YAC9B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,MAAM,EAAE,GAAG;YACX,SAAS,EAAE,KAAK,CAAC,UAAU,IAAI,SAAS;YACxC,UAAU,EAAE,KAAK,CAAC,WAAW;SAC9B,CAAC,CAAC;IACL,CAAC;IAED,uBAAuB;IACvB,IAAI,KAAK,CAAC,IAAI,KAAK,sBAAsB,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QAC3E,OAAO,IAAI,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC3D,CAAC;IAED,mBAAmB;IACnB,IAAI,KAAK,CAAC,IAAI,KAAK,kBAAkB,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QACvE,OAAO,IAAI,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACjE,CAAC;IAED,0BAA0B;IAC1B,IAAI,KAAK,CAAC,IAAI,KAAK,gBAAgB,IAAI,KAAK,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACvE,OAAO,IAAI,aAAa,CAAC,KAAK,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAC3E,CAAC;IAED,sBAAsB;IACtB,IACE,KAAK,CAAC,IAAI,KAAK,qBAAqB;QACpC,KAAK,CAAC,IAAI,KAAK,sBAAsB;QACrC,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAChC,CAAC;QACD,OAAO,IAAI,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED,gBAAgB;IAChB,OAAO,IAAI,YAAY,CAAC;QACtB,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,mBAAmB;QAC7C,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,eAAe;QACnC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,SAAS;KACV,CAAC,CAAC;AACL,CAAC"}