@lockllm/sdk 1.0.1 → 1.2.0

package/dist/scan.mjs

@@ -9,27 +9,81 @@ export class ScanClient {
      * Scan a prompt for injection attacks
      *
      * @param request - Scan request parameters
-     * @param options - Request options
+     * @param options - Scan options with action headers
      * @returns Scan result with safety information
      *
      * @example
      * ```typescript
+     * // Basic scan with combined mode (default)
      * const result = await client.scan({
      *   input: "Ignore previous instructions and...",
-     *   sensitivity: "medium"
+     *   sensitivity: "medium",
+     *   mode: "combined"  // Check both core security + custom policies
+     * }, {
+     *   scanAction: "block",          // Block core injection attacks
+     *   policyAction: "allow_with_warning",  // Allow but warn on policy violations
+     *   abuseAction: "block"          // Opt-in abuse detection
      * });
      *
      * if (!result.safe) {
      *   console.log("Malicious prompt detected!");
      *   console.log("Injection score:", result.injection);
+     *
+     *   // Check for policy violations
+     *   if (result.policy_warnings) {
+     *     console.log("Policy violations:", result.policy_warnings);
+     *   }
+     *
+     *   // Check for abuse warnings
+     *   if (result.abuse_warnings) {
+     *     console.log("Abuse detected:", result.abuse_warnings);
+     *   }
      * }
      * ```
      */
     async scan(request, options) {
-        const { data } = await this.http.post('/v1/scan', {
+        // Build headers from scan options
+        const headers = {
+            ...(options?.headers || {}),
+        };
+        // Scan mode header
+        if (request.mode) {
+            headers['x-lockllm-scan-mode'] = request.mode;
+        }
+        // Sensitivity header
+        if (request.sensitivity) {
+            headers['x-lockllm-sensitivity'] = request.sensitivity;
+        }
+        // Chunk header
+        if (request.chunk !== undefined) {
+            headers['x-lockllm-chunk'] = request.chunk ? 'true' : 'false';
+        }
+        // Add action headers if provided
+        // Scan action: controls core injection detection behavior
+        if (options?.scanAction) {
+            headers['x-lockllm-scan-action'] = options.scanAction;
+        }
+        // Policy action: controls custom policy violation behavior
+        if (options?.policyAction) {
+            headers['x-lockllm-policy-action'] = options.policyAction;
+        }
+        // Abuse action: opt-in abuse detection (null/undefined means disabled)
+        if (options?.abuseAction !== undefined && options?.abuseAction !== null) {
+            headers['x-lockllm-abuse-action'] = options.abuseAction;
+        }
+        // PII action: opt-in PII detection (null/undefined means disabled)
+        if (options?.piiAction !== undefined && options?.piiAction !== null) {
+            headers['x-lockllm-pii-action'] = options.piiAction;
+        }
+        // Build request body
+        const body = {
             input: request.input,
-            sensitivity: request.sensitivity || 'medium',
-        }, options);
+        };
+        const { data } = await this.http.post('/v1/scan', body, {
+            headers,
+            timeout: options?.timeout,
+            signal: options?.signal,
+        });
         return data;
     }
 }

package/dist/types/common.d.ts

@@ -1,6 +1,7 @@
 /**
  * Common types used throughout the SDK
  */
+import type { Sensitivity } from './scan';
 export interface LockLLMConfig {
     /** Your LockLLM API key */
     apiKey: string;
@@ -28,4 +29,119 @@ export interface ErrorResponse {
     };
 }
 export type Provider = 'openai' | 'anthropic' | 'gemini' | 'cohere' | 'openrouter' | 'perplexity' | 'mistral' | 'groq' | 'deepseek' | 'together' | 'xai' | 'fireworks' | 'anyscale' | 'huggingface' | 'azure' | 'bedrock' | 'vertex-ai';
+/** Scan mode for security checks */
+export type ScanMode = 'normal' | 'policy_only' | 'combined';
+/** Scan action for threat detection */
+export type ScanAction = 'block' | 'allow_with_warning';
+/** Routing action for intelligent model selection */
+export type RouteAction = 'disabled' | 'auto' | 'custom';
+/** PII detection action (opt-in) */
+export type PIIAction = 'strip' | 'block' | 'allow_with_warning';
+/** Proxy request options with advanced headers */
+export interface ProxyRequestOptions extends RequestOptions {
+    /** Scan mode (default: combined) - Check both core security and custom policies */
+    scanMode?: ScanMode;
+    /** Scan action for core injection (default: allow_with_warning) - Threats detected but not blocked */
+    scanAction?: ScanAction;
+    /** Policy action for custom policies (default: allow_with_warning) - Violations detected but not blocked */
+    policyAction?: ScanAction;
+    /** Abuse detection action (opt-in, default: null) - When null, abuse detection is disabled */
+    abuseAction?: ScanAction | null;
+    /** Routing action (default: disabled) - No intelligent routing unless explicitly enabled */
+    routeAction?: RouteAction;
+    /** PII detection action (opt-in, default: null) - When null, PII detection is disabled */
+    piiAction?: PIIAction | null;
+    /** Detection sensitivity level (default: medium) - Controls injection detection threshold */
+    sensitivity?: Sensitivity;
+    /** Response caching (default: enabled). Set false to disable. */
+    cacheResponse?: boolean;
+    /** Cache TTL in seconds (default: 3600) */
+    cacheTTL?: number;
+}
+/** Response metadata from proxy */
+export interface ProxyResponseMetadata {
+    /** Unique request identifier */
+    request_id: string;
+    /** Whether the request was scanned */
+    scanned: boolean;
+    /** Whether the request is safe */
+    safe: boolean;
+    /** Scan mode used */
+    scan_mode: ScanMode;
+    /** Credits mode (lockllm_credits or byok) */
+    credits_mode: 'lockllm_credits' | 'byok';
+    /** Provider used */
+    provider: string;
+    /** Model used */
+    model?: string;
+    /** Detection sensitivity level used */
+    sensitivity?: string;
+    /** Safety label (0 = safe, 1 = unsafe) */
+    label?: number;
+    /** Whether the request was blocked */
+    blocked?: boolean;
+    /** Scan warning details */
+    scan_warning?: {
+        injection_score: number;
+        confidence: number;
+        detail: string;
+    };
+    /** Policy violation warnings */
+    policy_warnings?: {
+        count: number;
+        confidence: number;
+        detail: string;
+    };
+    /** Abuse detection warnings */
+    abuse_detected?: {
+        confidence: number;
+        types: string;
+        detail: string;
+    };
+    /** PII detection metadata */
+    pii_detected?: {
+        detected: boolean;
+        entity_types: string;
+        entity_count: number;
+        action: string;
+    };
+    /** Routing metadata */
+    routing?: {
+        enabled: boolean;
+        task_type: string;
+        complexity: number;
+        selected_model: string;
+        routing_reason: string;
+        original_provider: string;
+        original_model: string;
+        estimated_savings: number;
+        estimated_original_cost: number;
+        estimated_routed_cost: number;
+        estimated_input_tokens: number;
+        estimated_output_tokens: number;
+        routing_fee_reason: string;
+    };
+    /** Credits reserved for this request */
+    credits_reserved?: number;
+    /** Routing fee reserved */
+    routing_fee_reserved?: number;
+    /** Actual credits deducted (available after completion) */
+    credits_deducted?: number;
+    /** Balance after this request (available after completion) */
+    balance_after?: number;
+    /** Cache status for this response */
+    cache_status?: 'HIT' | 'MISS';
+    /** Cache age in seconds (when cache hit) */
+    cache_age?: number;
+    /** Tokens saved from cache hit */
+    tokens_saved?: number;
+    /** Cost saved from cache hit */
+    cost_saved?: number;
+    /** Decoded scan detail (from base64 header) */
+    scan_detail?: any;
+    /** Decoded policy warning detail (from base64 header) */
+    policy_detail?: any;
+    /** Decoded abuse detail (from base64 header) */
+    abuse_detail?: any;
+}
 //# sourceMappingURL=common.d.ts.map

package/dist/types/common.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../src/types/common.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE;QACL,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KACpB,CAAC;CACH;AAED,MAAM,MAAM,QAAQ,GAChB,QAAQ,GACR,WAAW,GACX,QAAQ,GACR,QAAQ,GACR,YAAY,GACZ,YAAY,GACZ,SAAS,GACT,MAAM,GACN,UAAU,GACV,UAAU,GACV,KAAK,GACL,WAAW,GACX,UAAU,GACV,aAAa,GACb,OAAO,GACP,SAAS,GACT,WAAW,CAAC"}
+{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../src/types/common.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAE1C,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE;QACL,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KACpB,CAAC;CACH;AAED,MAAM,MAAM,QAAQ,GAChB,QAAQ,GACR,WAAW,GACX,QAAQ,GACR,QAAQ,GACR,YAAY,GACZ,YAAY,GACZ,SAAS,GACT,MAAM,GACN,UAAU,GACV,UAAU,GACV,KAAK,GACL,WAAW,GACX,UAAU,GACV,aAAa,GACb,OAAO,GACP,SAAS,GACT,WAAW,CAAC;AAEhB,oCAAoC;AACpC,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,aAAa,GAAG,UAAU,CAAC;AAE7D,uCAAuC;AACvC,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,oBAAoB,CAAC;AAExD,qDAAqD;AACrD,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;AAEzD,oCAAoC;AACpC,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,OAAO,GAAG,oBAAoB,CAAC;AAEjE,kDAAkD;AAClD,MAAM,WAAW,mBAAoB,SAAQ,cAAc;IACzD,mFAAmF;IACnF,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,sGAAsG;IACtG,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,4GAA4G;IAC5G,YAAY,CAAC,EAAE,UAAU,CAAC;IAC1B,8FAA8F;IAC9F,WAAW,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;IAChC,4FAA4F;IAC5F,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,0FAA0F;IAC1F,SAAS,CAAC,EAAE,SAAS,GAAG,IAAI,CAAC;IAC7B,6FAA6F;IAC7F,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,iEAAiE;IACjE,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,mCAAmC;AACnC,MAAM,WAAW,qBAAqB;IACpC,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,kCAAkC;IAClC,IAAI,EAAE,OAAO,CAAC;IACd,qBAAqB;IACrB,SAAS,EAAE,QAAQ,CAAC;IACpB,6CAA6C;IAC7C,YAAY,EAAE,iBAAiB,GAAG,MAAM,CAAC;IACzC,oBAAoB;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0CAA0C;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sCAAsC;IACtC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,2BAA2B;IAC3B,YAAY,CAAC,EAAE;QACb,eAAe,EAAE,MAAM,CAAC;QACxB,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,gCAAgC;IAChC,eAAe,CAAC,EAAE;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,+BAA+B;IAC/B,cAAc,CAAC,EAAE;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,6BAA6B;IAC7B,YAAY,CAAC,EAAE;QACb,QAAQ,EAAE,OAAO,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,uBAAuB;IACvB,OAAO,CAAC,EAAE;QACR,OAAO,EAAE,OAAO,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,uBAAuB,EAAE,MAAM,CAAC;QAChC,qBAAqB,EAAE,MAAM,CAAC;QAC9B,sBAAsB,EAAE,MAAM,CAAC;QAC/B,uBAAuB,EAAE,MAAM,CAAC;QAChC,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,wCAAwC;IACxC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,2BAA2B;IAC3B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,2DAA2D;IAC3D,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,8DAA8D;IAC9D,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,qCAAqC;IACrC,YAAY,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;IAC9B,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,kCAAkC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gCAAgC;IAChC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,yDAAyD;IACzD,aAAa,CAAC,EAAE,GAAG,CAAC;IACpB,gDAAgD;IAChD,YAAY,CAAC,EAAE,GAAG,CAAC;CACpB"}

package/dist/types/errors.d.ts

@@ -19,4 +19,43 @@ export interface LockLLMErrorData {
 export interface PromptInjectionErrorData extends LockLLMErrorData {
     scanResult: ScanResult;
 }
+export interface PolicyViolationErrorData extends LockLLMErrorData {
+    violated_policies: Array<{
+        policy_name: string;
+        violated_categories: Array<{
+            name: string;
+        }>;
+        violation_details?: string;
+    }>;
+}
+export interface AbuseDetectedErrorData extends LockLLMErrorData {
+    abuse_details: {
+        confidence: number;
+        abuse_types: string[];
+        indicators: {
+            bot_score: number;
+            repetition_score: number;
+            resource_score: number;
+            pattern_score: number;
+        };
+        recommendation?: string;
+        details?: {
+            recommendation?: string;
+            bot_indicators?: string[];
+            repetition_indicators?: string[];
+            resource_indicators?: string[];
+            pattern_indicators?: string[];
+        };
+    };
+}
+export interface InsufficientCreditsErrorData extends LockLLMErrorData {
+    current_balance: number;
+    estimated_cost: number;
+}
+export interface PIIDetectedErrorData extends LockLLMErrorData {
+    pii_details: {
+        entity_types: string[];
+        entity_count: number;
+    };
+}
 //# sourceMappingURL=errors.d.ts.map

package/dist/types/errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/types/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CACxC;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;IAChE,UAAU,EAAE,UAAU,CAAC;CACxB"}
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/types/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CACxC;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;IAChE,UAAU,EAAE,UAAU,CAAC;CACxB;AAED,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;IAChE,iBAAiB,EAAE,KAAK,CAAC;QACvB,WAAW,EAAE,MAAM,CAAC;QACpB,mBAAmB,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAC7C,iBAAiB,CAAC,EAAE,MAAM,CAAC;KAC5B,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,sBAAuB,SAAQ,gBAAgB;IAC9D,aAAa,EAAE;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,UAAU,EAAE;YACV,SAAS,EAAE,MAAM,CAAC;YAClB,gBAAgB,EAAE,MAAM,CAAC;YACzB,cAAc,EAAE,MAAM,CAAC;YACvB,aAAa,EAAE,MAAM,CAAC;SACvB,CAAC;QACF,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,OAAO,CAAC,EAAE;YACR,cAAc,CAAC,EAAE,MAAM,CAAC;YACxB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;YAC1B,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;YACjC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;YAC/B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;SAC/B,CAAC;KACH,CAAC;CACH;AAED,MAAM,WAAW,4BAA6B,SAAQ,gBAAgB;IACpE,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;IAC5D,WAAW,EAAE;QACX,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;CACH"}

package/dist/types/scan.d.ts

@@ -1,21 +1,113 @@
 /**
  * Scan API types
  */
-import type { ScanResult } from './errors';
+import type { PIIAction } from './common';
 export type Sensitivity = 'low' | 'medium' | 'high';
+/** Scan mode determines which security checks are performed */
+export type ScanMode = 'normal' | 'policy_only' | 'combined';
+/** Scan action determines behavior when threats are detected */
+export type ScanAction = 'block' | 'allow_with_warning';
 export interface ScanRequest {
     /** The text prompt to scan for injection attacks */
     input: string;
     /** Detection sensitivity level (default: medium) */
     sensitivity?: Sensitivity;
+    /** Scan mode (default: combined) - Check both core security and custom policies */
+    mode?: ScanMode;
+    /** Force chunking for large inputs */
+    chunk?: boolean;
+}
+/** PII detection result */
+export interface PIIResult {
+    /** Whether PII was detected */
+    detected: boolean;
+    /** Types of PII entities found (user-friendly names) */
+    entity_types: string[];
+    /** Number of PII entities found */
+    entity_count: number;
+    /** Redacted input text (only present when piiAction is "strip") */
+    redacted_input?: string;
+}
+/** Scan request options with action headers */
+export interface ScanOptions {
+    /** Scan action for core injection (default: allow_with_warning) - Threats detected but not blocked */
+    scanAction?: ScanAction;
+    /** Policy action for custom policies (default: allow_with_warning) - Violations detected but not blocked */
+    policyAction?: ScanAction;
+    /** Abuse detection action (opt-in, default: null) - When null, abuse detection is disabled */
+    abuseAction?: ScanAction | null;
+    /** PII detection action (opt-in, default: null) - When null, PII detection is disabled */
+    piiAction?: PIIAction | null;
+    /** Custom headers to include in the request */
+    headers?: Record<string, string>;
+    /** Request timeout in milliseconds */
+    timeout?: number;
+    /** Abort signal for cancelling requests */
+    signal?: AbortSignal;
+}
+/** Policy violation details */
+export interface PolicyViolation {
+    /** Policy name (user-defined or built-in) */
+    policy_name: string;
+    /** Categories that were violated */
+    violated_categories: Array<{
+        /** Category name */
+        name: string;
+    }>;
+    /** Specific details about the violation */
+    violation_details?: string;
+}
+/** Scan warning when core injection is detected with allow_with_warning */
+export interface ScanWarning {
+    /** Warning message */
+    message: string;
+    /** Injection score (0-100) */
+    injection_score: number;
+    /** Confidence score (0-100) */
+    confidence: number;
+    /** Safety label (0 = safe, 1 = unsafe) */
+    label: 0 | 1;
+}
+/** Abuse detection warning */
+export interface AbuseWarning {
+    /** Whether abuse was detected */
+    detected: true;
+    /** Overall confidence score (0-100) */
+    confidence: number;
+    /** Types of abuse detected */
+    abuse_types: string[];
+    /** Individual abuse indicators */
+    indicators: {
+        /** Bot-generated content score (0-100) */
+        bot_score: number;
+        /** Repetition detection score (0-100) */
+        repetition_score: number;
+        /** Resource exhaustion score (0-100) */
+        resource_score: number;
+        /** Pattern analysis score (0-100) */
+        pattern_score: number;
+    };
+    /** Recommended mitigation action */
+    recommendation?: string;
 }
 /**
  * Full scan response from the scan API endpoint
- * Extends the base ScanResult with additional metadata
  */
-export interface ScanResponse extends ScanResult {
+export interface ScanResponse {
     /** Unique request identifier */
     request_id: string;
+    /** Whether the prompt is safe */
+    safe: boolean;
+    /** Safety label (0 = safe, 1 = unsafe) */
+    label: 0 | 1;
+    /** Detection sensitivity level used */
+    sensitivity: Sensitivity;
+    /** Core injection confidence (not present in policy_only mode) */
+    confidence?: number;
+    /** Core injection score (not present in policy_only mode) */
+    injection?: number;
+    /** Policy check confidence (present in policy_only and combined modes) */
+    policy_confidence?: number;
     /** Usage statistics */
     usage: {
         /** Number of upstream inference requests */
@@ -32,5 +124,28 @@ export interface ScanResponse extends ScanResult {
         /** Processing mode used */
         mode: 'single' | 'chunked';
     };
+    /** Policy warnings (when present in policy_only or combined modes) */
+    policy_warnings?: PolicyViolation[];
+    /** Scan warning (when core injection detected with allow_with_warning) */
+    scan_warning?: ScanWarning;
+    /** Abuse warnings (when abuse detected with allow_with_warning) */
+    abuse_warnings?: AbuseWarning;
+    /** Routing metadata (present when routing is enabled) */
+    routing?: {
+        /** Whether routing is enabled */
+        enabled: boolean;
+        /** Detected task type */
+        task_type: string;
+        /** Complexity score (0-1) */
+        complexity: number;
+        /** Model selected by router */
+        selected_model?: string;
+        /** Routing decision reasoning */
+        reasoning?: string;
+        /** Estimated cost */
+        estimated_cost?: number;
+    };
+    /** PII detection result (present when PII detection is enabled) */
+    pii_result?: PIIResult;
 }
 //# sourceMappingURL=scan.d.ts.map

package/dist/types/scan.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../src/types/scan.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAE3C,MAAM,MAAM,WAAW,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEpD,MAAM,WAAW,WAAW;IAC1B,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,oDAAoD;IACpD,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,YAAa,SAAQ,UAAU;IAC9C,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,uBAAuB;IACvB,KAAK,EAAE;QACL,4CAA4C;QAC5C,QAAQ,EAAE,MAAM,CAAC;QACjB,2CAA2C;QAC3C,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,uDAAuD;IACvD,KAAK,CAAC,EAAE;QACN,gDAAgD;QAChD,WAAW,EAAE,MAAM,CAAC;QACpB,qCAAqC;QACrC,YAAY,EAAE,MAAM,CAAC;QACrB,2BAA2B;QAC3B,IAAI,EAAE,QAAQ,GAAG,SAAS,CAAC;KAC5B,CAAC;CACH"}
+{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../src/types/scan.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAE1C,MAAM,MAAM,WAAW,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEpD,+DAA+D;AAC/D,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,aAAa,GAAG,UAAU,CAAC;AAE7D,gEAAgE;AAChE,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,oBAAoB,CAAC;AAExD,MAAM,WAAW,WAAW;IAC1B,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,oDAAoD;IACpD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,mFAAmF;IACnF,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,sCAAsC;IACtC,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,2BAA2B;AAC3B,MAAM,WAAW,SAAS;IACxB,+BAA+B;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,wDAAwD;IACxD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,mCAAmC;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,mEAAmE;IACnE,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,+CAA+C;AAC/C,MAAM,WAAW,WAAW;IAC1B,sGAAsG;IACtG,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,4GAA4G;IAC5G,YAAY,CAAC,EAAE,UAAU,CAAC;IAC1B,8FAA8F;IAC9F,WAAW,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;IAChC,0FAA0F;IAC1F,SAAS,CAAC,EAAE,SAAS,GAAG,IAAI,CAAC;IAC7B,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,+BAA+B;AAC/B,MAAM,WAAW,eAAe;IAC9B,6CAA6C;IAC7C,WAAW,EAAE,MAAM,CAAC;IACpB,oCAAoC;IACpC,mBAAmB,EAAE,KAAK,CAAC;QACzB,oBAAoB;QACpB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;IACH,2CAA2C;IAC3C,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,2EAA2E;AAC3E,MAAM,WAAW,WAAW;IAC1B,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,eAAe,EAAE,MAAM,CAAC;IACxB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,0CAA0C;IAC1C,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC;CACd;AAED,8BAA8B;AAC9B,MAAM,WAAW,YAAY;IAC3B,iCAAiC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,uCAAuC;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kCAAkC;IAClC,UAAU,EAAE;QACV,0CAA0C;QAC1C,SAAS,EAAE,MAAM,CAAC;QAClB,yCAAyC;QACzC,gBAAgB,EAAE,MAAM,CAAC;QACzB,wCAAwC;QACxC,cAAc,EAAE,MAAM,CAAC;QACvB,qCAAqC;QACrC,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,oCAAoC;IACpC,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,IAAI,EAAE,OAAO,CAAC;IACd,0CAA0C;IAC1C,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC;IACb,uCAAuC;IACvC,WAAW,EAAE,WAAW,CAAC;IACzB,kEAAkE;IAClE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6DAA6D;IAC7D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0EAA0E;IAC1E,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,uBAAuB;IACvB,KAAK,EAAE;QACL,4CAA4C;QAC5C,QAAQ,EAAE,MAAM,CAAC;QACjB,2CAA2C;QAC3C,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,uDAAuD;IACvD,KAAK,CAAC,EAAE;QACN,gDAAgD;QAChD,WAAW,EAAE,MAAM,CAAC;QACpB,qCAAqC;QACrC,YAAY,EAAE,MAAM,CAAC;QACrB,2BAA2B;QAC3B,IAAI,EAAE,QAAQ,GAAG,SAAS,CAAC;KAC5B,CAAC;IACF,sEAAsE;IACtE,eAAe,CAAC,EAAE,eAAe,EAAE,CAAC;IACpC,0EAA0E;IAC1E,YAAY,CAAC,EAAE,WAAW,CAAC;IAC3B,mEAAmE;IACnE,cAAc,CAAC,EAAE,YAAY,CAAC;IAC9B,yDAAyD;IACzD,OAAO,CAAC,EAAE;QACR,iCAAiC;QACjC,OAAO,EAAE,OAAO,CAAC;QACjB,yBAAyB;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,6BAA6B;QAC7B,UAAU,EAAE,MAAM,CAAC;QACnB,+BAA+B;QAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,iCAAiC;QACjC,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,qBAAqB;QACrB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,mEAAmE;IACnE,UAAU,CAAC,EAAE,SAAS,CAAC;CACxB"}

package/dist/utils/proxy-headers.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Proxy headers utility functions
+ */
+import type { ProxyRequestOptions, ProxyResponseMetadata } from '../types/common';
+/**
+ * Build LockLLM headers from proxy request options
+ *
+ * Default behavior (when no headers are provided):
+ * - Scan Mode: combined (check both core security and custom policies)
+ * - Scan Action: allow_with_warning (detect threats but don't block)
+ * - Policy Action: allow_with_warning (detect violations but don't block)
+ * - Abuse Action: null (abuse detection disabled, opt-in only)
+ * - Route Action: disabled (no intelligent routing)
+ */
+export declare function buildLockLLMHeaders(options?: ProxyRequestOptions): Record<string, string>;
+/**
+ * Parse proxy metadata from response headers
+ */
+export declare function parseProxyMetadata(headers: Headers | Record<string, string>): ProxyResponseMetadata;
+/**
+ * Decode base64-encoded detail field
+ */
+export declare function decodeDetailField(detail: string): any;
+//# sourceMappingURL=proxy-headers.d.ts.map

package/dist/utils/proxy-headers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-headers.d.ts","sourceRoot":"","sources":["../../src/utils/proxy-headers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAElF;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAiDzF;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,qBAAqB,CA0LnG;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,GAAG,CAOrD"}