@modelcost/sdk 0.1.0

package/dist/index.mjs

@@ -0,0 +1,2045 @@
+import { z } from 'zod';
+
+// src/config.ts
+var BudgetAction = z.enum(["alert", "throttle", "block"]);
+var BudgetScope = z.enum([
+  "organization",
+  "feature",
+  "environment",
+  "custom"
+]);
+var BudgetPeriod = z.enum(["daily", "weekly", "monthly", "custom"]);
+var Provider = z.enum([
+  "openai",
+  "anthropic",
+  "google",
+  "aws_bedrock",
+  "cohere",
+  "mistral"
+]);
+
+// src/config.ts
+var ModelCostInitOptionsSchema = z.object({
+  apiKey: z.string().startsWith("mc_", { message: "API key must start with 'mc_'" }).describe("ModelCost API key"),
+  orgId: z.string().min(1, { message: "Organization ID is required" }),
+  environment: z.string().default("production"),
+  baseUrl: z.string().url().default("https://api.modelcost.ai"),
+  monthlyBudget: z.number().positive().optional(),
+  budgetAction: BudgetAction.default("alert"),
+  failOpen: z.boolean().default(true),
+  flushIntervalMs: z.number().int().positive().default(5e3),
+  flushBatchSize: z.number().int().positive().default(100),
+  syncIntervalMs: z.number().int().positive().default(1e4),
+  contentPrivacy: z.boolean().default(false)
+});
+var ModelCostConfig = class {
+  apiKey;
+  orgId;
+  environment;
+  baseUrl;
+  monthlyBudget;
+  budgetAction;
+  failOpen;
+  flushIntervalMs;
+  flushBatchSize;
+  syncIntervalMs;
+  contentPrivacy;
+  constructor(options) {
+    const merged = {
+      apiKey: options.apiKey ?? process.env["MODELCOST_API_KEY"],
+      orgId: options.orgId ?? process.env["MODELCOST_ORG_ID"],
+      environment: options.environment ?? process.env["MODELCOST_ENV"] ?? "production",
+      baseUrl: options.baseUrl ?? process.env["MODELCOST_BASE_URL"] ?? "https://api.modelcost.ai",
+      monthlyBudget: options.monthlyBudget,
+      budgetAction: options.budgetAction ?? "alert",
+      failOpen: options.failOpen ?? true,
+      flushIntervalMs: options.flushIntervalMs ?? 5e3,
+      flushBatchSize: options.flushBatchSize ?? 100,
+      syncIntervalMs: options.syncIntervalMs ?? 1e4,
+      contentPrivacy: options.contentPrivacy ?? (process.env["MODELCOST_CONTENT_PRIVACY"] === "true" || false)
+    };
+    const parsed = ModelCostInitOptionsSchema.parse(merged);
+    this.apiKey = parsed.apiKey;
+    this.orgId = parsed.orgId;
+    this.environment = parsed.environment;
+    this.baseUrl = parsed.baseUrl;
+    this.monthlyBudget = parsed.monthlyBudget;
+    this.budgetAction = parsed.budgetAction;
+    this.failOpen = parsed.failOpen;
+    this.flushIntervalMs = parsed.flushIntervalMs;
+    this.flushBatchSize = parsed.flushBatchSize;
+    this.syncIntervalMs = parsed.syncIntervalMs;
+    this.contentPrivacy = parsed.contentPrivacy;
+  }
+};
+
+// src/version.ts
+var VERSION = "0.1.0";
+
+// src/errors.ts
+var ModelCostError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ModelCostError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var ConfigurationError = class extends ModelCostError {
+  constructor(message) {
+    super(message);
+    this.name = "ConfigurationError";
+  }
+};
+var BudgetExceededError = class extends ModelCostError {
+  remainingBudget;
+  scope;
+  overrideUrl;
+  constructor(message, remainingBudget, scope, overrideUrl) {
+    super(message);
+    this.name = "BudgetExceededError";
+    this.remainingBudget = remainingBudget;
+    this.scope = scope;
+    this.overrideUrl = overrideUrl;
+  }
+};
+var RateLimitedError = class extends ModelCostError {
+  retryAfterSeconds;
+  limitDimension;
+  constructor(message, retryAfterSeconds, limitDimension) {
+    super(message);
+    this.name = "RateLimitedError";
+    this.retryAfterSeconds = retryAfterSeconds;
+    this.limitDimension = limitDimension;
+  }
+};
+var PiiDetectedError = class extends ModelCostError {
+  detectedEntities;
+  redactedText;
+  constructor(message, detectedEntities, redactedText) {
+    super(message);
+    this.name = "PiiDetectedError";
+    this.detectedEntities = detectedEntities;
+    this.redactedText = redactedText;
+  }
+};
+var SessionBudgetExceededError = class extends ModelCostError {
+  sessionId;
+  currentSpend;
+  maxSpend;
+  constructor(message, sessionId, currentSpend, maxSpend) {
+    super(message);
+    this.name = "SessionBudgetExceededError";
+    this.sessionId = sessionId;
+    this.currentSpend = currentSpend;
+    this.maxSpend = maxSpend;
+  }
+};
+var SessionIterationLimitExceededError = class extends ModelCostError {
+  sessionId;
+  currentIterations;
+  maxIterations;
+  constructor(message, sessionId, currentIterations, maxIterations) {
+    super(message);
+    this.name = "SessionIterationLimitExceededError";
+    this.sessionId = sessionId;
+    this.currentIterations = currentIterations;
+    this.maxIterations = maxIterations;
+  }
+};
+var ModelCostApiError = class extends ModelCostError {
+  statusCode;
+  errorCode;
+  constructor(message, statusCode, errorCode) {
+    super(message);
+    this.name = "ModelCostApiError";
+    this.statusCode = statusCode;
+    this.errorCode = errorCode;
+  }
+};
+z.object({
+  apiKey: z.string().min(1),
+  timestamp: z.string().datetime(),
+  provider: Provider,
+  model: z.string().min(1),
+  feature: z.string().optional(),
+  customerId: z.string().optional(),
+  inputTokens: z.number().int().min(0),
+  outputTokens: z.number().int().min(0),
+  latencyMs: z.number().int().optional(),
+  metadata: z.record(z.unknown()).optional()
+});
+function trackRequestToApi(request) {
+  return {
+    api_key: request.apiKey,
+    timestamp: request.timestamp,
+    provider: request.provider,
+    model: request.model,
+    feature: request.feature ?? null,
+    customer_id: request.customerId ?? null,
+    input_tokens: request.inputTokens,
+    output_tokens: request.outputTokens,
+    latency_ms: request.latencyMs ?? null,
+    metadata: request.metadata ?? null
+  };
+}
+var TrackResponseSchema = z.object({
+  status: z.literal("ok")
+});
+var CreateSessionResponseSchema = z.object({
+  id: z.string(),
+  session_id: z.string(),
+  status: z.string(),
+  max_spend_usd: z.number().nullable().optional(),
+  max_iterations: z.number().nullable().optional()
+}).transform((raw) => ({
+  id: raw.id,
+  sessionId: raw.session_id,
+  status: raw.status,
+  maxSpendUsd: raw.max_spend_usd ?? void 0,
+  maxIterations: raw.max_iterations ?? void 0
+}));
+function createSessionRequestToApi(req) {
+  return {
+    api_key: req.apiKey,
+    session_id: req.sessionId,
+    feature: req.feature,
+    user_id: req.userId,
+    max_spend_usd: req.maxSpendUsd,
+    max_iterations: req.maxIterations
+  };
+}
+function recordSessionCallRequestToApi(req) {
+  return {
+    api_key: req.apiKey,
+    call_sequence: req.callSequence,
+    call_type: req.callType,
+    tool_name: req.toolName,
+    input_tokens: req.inputTokens,
+    output_tokens: req.outputTokens,
+    cumulative_input_tokens: req.cumulativeInputTokens,
+    cost_usd: req.costUsd,
+    cumulative_cost_usd: req.cumulativeCostUsd,
+    pii_detected: req.piiDetected
+  };
+}
+function closeSessionRequestToApi(req) {
+  return {
+    api_key: req.apiKey,
+    status: req.status,
+    termination_reason: req.terminationReason,
+    final_spend_usd: req.finalSpendUsd,
+    final_iteration_count: req.finalIterationCount
+  };
+}
+var BudgetCheckResponseSchema = z.object({
+  allowed: z.boolean(),
+  action: z.string().nullable(),
+  throttle_percentage: z.number().nullable(),
+  reason: z.string().nullable()
+}).transform((data) => ({
+  allowed: data.allowed,
+  action: data.action,
+  throttlePercentage: data.throttle_percentage,
+  reason: data.reason
+}));
+var BudgetPolicySchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  scope: BudgetScope,
+  scope_identifier: z.string().nullable(),
+  budget_amount_usd: z.number(),
+  period: BudgetPeriod,
+  custom_period_days: z.number().int().nullable(),
+  action: BudgetAction,
+  throttle_percentage: z.number().nullable(),
+  alert_thresholds: z.array(z.number().int()).nullable(),
+  current_spend_usd: z.number(),
+  spend_percentage: z.number(),
+  period_start: z.string(),
+  is_active: z.boolean(),
+  created_at: z.string(),
+  updated_at: z.string()
+}).transform((data) => ({
+  id: data.id,
+  name: data.name,
+  scope: data.scope,
+  scopeIdentifier: data.scope_identifier,
+  budgetAmountUsd: data.budget_amount_usd,
+  period: data.period,
+  customPeriodDays: data.custom_period_days,
+  action: data.action,
+  throttlePercentage: data.throttle_percentage,
+  alertThresholds: data.alert_thresholds,
+  currentSpendUsd: data.current_spend_usd,
+  spendPercentage: data.spend_percentage,
+  periodStart: data.period_start,
+  isActive: data.is_active,
+  createdAt: data.created_at,
+  updatedAt: data.updated_at
+}));
+var BudgetStatusResponseSchema = z.object({
+  policies: z.array(BudgetPolicySchema),
+  total_budget_usd: z.number(),
+  total_spend_usd: z.number(),
+  policies_at_risk: z.number().int()
+}).transform((data) => ({
+  policies: data.policies,
+  totalBudgetUsd: data.total_budget_usd,
+  totalSpendUsd: data.total_spend_usd,
+  policiesAtRisk: data.policies_at_risk
+}));
+z.object({
+  orgId: z.string().min(1),
+  text: z.string().min(1),
+  feature: z.string().optional(),
+  environment: z.string().optional()
+});
+function governanceScanRequestToApi(request) {
+  return {
+    org_id: request.orgId,
+    text: request.text,
+    feature: request.feature ?? null,
+    environment: request.environment ?? null
+  };
+}
+var DetectedViolationSchema = z.object({
+  type: z.string(),
+  subtype: z.string(),
+  severity: z.enum(["low", "medium", "high"]),
+  start: z.number().int(),
+  end: z.number().int()
+});
+var GovernanceScanResponseSchema = z.object({
+  is_allowed: z.boolean(),
+  action: z.string().nullable(),
+  violations: z.array(DetectedViolationSchema),
+  redacted_text: z.string().nullable()
+}).transform((data) => ({
+  isAllowed: data.is_allowed,
+  action: data.action,
+  violations: data.violations,
+  redactedText: data.redacted_text
+}));
+function governanceSignalRequestToApi(request) {
+  return {
+    organization_id: request.organizationId,
+    violation_type: request.violationType,
+    violation_subtype: request.violationSubtype ?? null,
+    severity: request.severity,
+    user_id: request.userId ?? null,
+    feature: request.feature ?? null,
+    environment: request.environment ?? null,
+    action_taken: request.actionTaken,
+    was_allowed: request.wasAllowed,
+    detected_at: request.detectedAt ?? null,
+    source: request.source,
+    violation_count: request.violationCount ?? 1
+  };
+}
+
+// src/client.ts
+var CIRCUIT_BREAKER_THRESHOLD = 3;
+var CIRCUIT_BREAKER_COOLDOWN_MS = 6e4;
+var ModelCostClient = class {
+  _baseUrl;
+  _apiKey;
+  _headers;
+  _failOpen;
+  /** Circuit breaker state */
+  _consecutiveFailures = 0;
+  _circuitOpenUntil = 0;
+  constructor(config) {
+    this._baseUrl = config.baseUrl.replace(/\/+$/, "");
+    this._apiKey = config.apiKey;
+    this._failOpen = config.failOpen;
+    this._headers = {
+      "Content-Type": "application/json",
+      "X-API-Key": this._apiKey,
+      "User-Agent": `modelcost-node/${VERSION}`
+    };
+  }
+  /**
+   * Record a tracked AI API call.
+   */
+  async track(request) {
+    const body = trackRequestToApi(request);
+    const data = await this._post("/api/v1/track", body);
+    return TrackResponseSchema.parse(data);
+  }
+  /**
+   * Pre-flight budget check before making an AI call.
+   */
+  async checkBudget(orgId, feature, estimatedCost) {
+    const params = new URLSearchParams({
+      org_id: orgId,
+      feature,
+      estimated_cost: estimatedCost.toString()
+    });
+    const data = await this._post(`/api/v1/budgets/check?${params.toString()}`, {});
+    return BudgetCheckResponseSchema.parse(data);
+  }
+  /**
+   * Scan text for PII and governance violations.
+   */
+  async scanText(request) {
+    const body = governanceScanRequestToApi(request);
+    const data = await this._post("/api/v1/governance/scan", body);
+    return GovernanceScanResponseSchema.parse(data);
+  }
+  /**
+   * Report a governance signal (metadata-only mode).
+   * Sends classification signals without raw content.
+   */
+  async reportSignal(request) {
+    const body = governanceSignalRequestToApi(request);
+    await this._post("/api/v1/governance/signals", body);
+  }
+  /**
+   * Get current budget status for an organization.
+   */
+  async getBudgetStatus(orgId) {
+    const params = new URLSearchParams({ org_id: orgId });
+    const data = await this._get(`/api/v1/budgets/status?${params.toString()}`);
+    return BudgetStatusResponseSchema.parse(data);
+  }
+  /**
+   * Create a new agent session on the server.
+   */
+  async createSession(request) {
+    const body = createSessionRequestToApi(request);
+    const data = await this._post("/api/v1/sessions", body);
+    return CreateSessionResponseSchema.parse(data);
+  }
+  /**
+   * Record a call within an existing session.
+   */
+  async recordSessionCall(sessionId, request) {
+    const body = recordSessionCallRequestToApi(request);
+    await this._post(`/api/v1/sessions/${sessionId}/calls`, body);
+  }
+  /**
+   * Close an existing session on the server.
+   */
+  async closeSession(sessionId, request) {
+    const body = closeSessionRequestToApi(request);
+    await this._post(`/api/v1/sessions/${sessionId}/close`, body);
+  }
+  /**
+   * Close the client (cleanup resources).
+   */
+  close() {
+    this._consecutiveFailures = 0;
+    this._circuitOpenUntil = 0;
+  }
+  // ─── Private helpers ───────────────────────────────────────────────
+  _isCircuitOpen() {
+    if (this._consecutiveFailures < CIRCUIT_BREAKER_THRESHOLD) {
+      return false;
+    }
+    if (Date.now() >= this._circuitOpenUntil) {
+      this._consecutiveFailures = 0;
+      return false;
+    }
+    return true;
+  }
+  _recordSuccess() {
+    this._consecutiveFailures = 0;
+  }
+  _recordFailure() {
+    this._consecutiveFailures++;
+    if (this._consecutiveFailures >= CIRCUIT_BREAKER_THRESHOLD) {
+      this._circuitOpenUntil = Date.now() + CIRCUIT_BREAKER_COOLDOWN_MS;
+    }
+  }
+  async _post(path, body) {
+    return this._request("POST", path, body);
+  }
+  async _get(path) {
+    return this._request("GET", path);
+  }
+  async _request(method, path, body) {
+    if (this._isCircuitOpen()) {
+      if (this._failOpen) {
+        console.warn(
+          `[ModelCost] Circuit breaker open \u2014 skipping ${method} ${path}`
+        );
+        return this._failOpenDefault(path);
+      }
+      throw new ModelCostError(
+        `Circuit breaker is open after ${CIRCUIT_BREAKER_THRESHOLD} consecutive failures`
+      );
+    }
+    try {
+      const url = `${this._baseUrl}${path}`;
+      const init = {
+        method,
+        headers: this._headers
+      };
+      if (body !== void 0 && method !== "GET") {
+        init.body = JSON.stringify(body);
+      }
+      const response = await fetch(url, init);
+      if (!response.ok) {
+        const errorBody = await response.json().catch(() => ({
+          error: "unknown",
+          message: response.statusText
+        }));
+        this._recordFailure();
+        const err = new ModelCostApiError(
+          errorBody.message ?? `HTTP ${response.status}`,
+          response.status,
+          errorBody.error ?? "unknown"
+        );
+        if (this._failOpen) {
+          console.warn(
+            `[ModelCost] API error (fail-open): ${err.message}`
+          );
+          return this._failOpenDefault(path);
+        }
+        throw err;
+      }
+      const data = await response.json();
+      this._recordSuccess();
+      return data;
+    } catch (error) {
+      if (error instanceof ModelCostApiError) {
+        throw error;
+      }
+      this._recordFailure();
+      if (this._failOpen) {
+        console.warn(
+          `[ModelCost] Request failed (fail-open): ${error instanceof Error ? error.message : String(error)}`
+        );
+        return this._failOpenDefault(path);
+      }
+      throw new ModelCostError(
+        `Request to ${path} failed: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+  }
+  /**
+   * Returns a safe default response when operating in fail-open mode.
+   */
+  _failOpenDefault(path) {
+    if (path.includes("/budgets/check")) {
+      return {
+        allowed: true,
+        action: null,
+        throttle_percentage: null,
+        reason: "fail-open: API unavailable"
+      };
+    }
+    if (path.includes("/budgets/status")) {
+      return {
+        policies: [],
+        total_budget_usd: 0,
+        total_spend_usd: 0,
+        policies_at_risk: 0
+      };
+    }
+    if (path.includes("/governance/scan")) {
+      return {
+        is_allowed: true,
+        action: null,
+        violations: [],
+        redacted_text: null
+      };
+    }
+    if (path.includes("/sessions")) {
+      return { id: "fail-open", session_id: "fail-open", status: "active" };
+    }
+    return { status: "ok" };
+  }
+};
+
+// src/budget.ts
+var BudgetManager = class {
+  _cache = /* @__PURE__ */ new Map();
+  _lastSync = 0;
+  _syncIntervalMs;
+  constructor(syncIntervalMs) {
+    this._syncIntervalMs = syncIntervalMs;
+  }
+  /**
+   * Check whether a request with the given estimated cost is allowed.
+   * Uses the local cache if fresh, otherwise syncs from the API first.
+   */
+  async check(client, orgId, feature, estimatedCost) {
+    if (this._isStale()) {
+      await this.sync(client, orgId);
+    }
+    return client.checkBudget(orgId, feature, estimatedCost);
+  }
+  /**
+   * Sync the budget status from the server and populate the local cache.
+   */
+  async sync(client, orgId) {
+    const status = await client.getBudgetStatus(orgId);
+    this._cache.set(orgId, status);
+    this._lastSync = Date.now();
+  }
+  /**
+   * Optimistically update local spend after a tracked call,
+   * so subsequent budget checks reflect the estimated spend
+   * without waiting for the next server sync.
+   */
+  updateLocalSpend(orgId, _feature, cost) {
+    const cached = this._cache.get(orgId);
+    if (!cached) {
+      return;
+    }
+    const updated = {
+      ...cached,
+      totalSpendUsd: cached.totalSpendUsd + cost,
+      policies: cached.policies.map((policy) => ({
+        ...policy,
+        currentSpendUsd: policy.currentSpendUsd + cost,
+        spendPercentage: policy.budgetAmountUsd > 0 ? (policy.currentSpendUsd + cost) / policy.budgetAmountUsd * 100 : policy.spendPercentage
+      }))
+    };
+    this._cache.set(orgId, updated);
+  }
+  /**
+   * Get the cached budget status for an org, if available.
+   */
+  getCached(orgId) {
+    return this._cache.get(orgId);
+  }
+  /**
+   * Clear all cached state.
+   */
+  clear() {
+    this._cache.clear();
+    this._lastSync = 0;
+  }
+  _isStale() {
+    return Date.now() - this._lastSync > this._syncIntervalMs;
+  }
+};
+
+// src/tracking.ts
+function _loadBundledPricing() {
+  return /* @__PURE__ */ new Map([
+    ["gpt-4", { provider: "openai", model: "gpt-4", inputCostPer1k: 0.03, outputCostPer1k: 0.06 }],
+    ["gpt-4-turbo", { provider: "openai", model: "gpt-4-turbo", inputCostPer1k: 0.01, outputCostPer1k: 0.03 }],
+    ["gpt-4o", { provider: "openai", model: "gpt-4o", inputCostPer1k: 5e-3, outputCostPer1k: 0.015 }],
+    ["gpt-4o-mini", { provider: "openai", model: "gpt-4o-mini", inputCostPer1k: 15e-5, outputCostPer1k: 6e-4 }],
+    ["gpt-3.5-turbo", { provider: "openai", model: "gpt-3.5-turbo", inputCostPer1k: 15e-4, outputCostPer1k: 2e-3 }],
+    ["claude-opus-4", { provider: "anthropic", model: "claude-opus-4", inputCostPer1k: 0.015, outputCostPer1k: 0.075 }],
+    ["claude-sonnet-4", { provider: "anthropic", model: "claude-sonnet-4", inputCostPer1k: 3e-3, outputCostPer1k: 0.015 }],
+    ["claude-haiku-4", { provider: "anthropic", model: "claude-haiku-4", inputCostPer1k: 25e-5, outputCostPer1k: 125e-5 }],
+    ["gemini-1.5-pro", { provider: "google", model: "gemini-1.5-pro", inputCostPer1k: 125e-5, outputCostPer1k: 5e-3 }],
+    ["gemini-1.5-flash", { provider: "google", model: "gemini-1.5-flash", inputCostPer1k: 75e-6, outputCostPer1k: 3e-4 }],
+    ["gemini-2.0-flash", { provider: "google", model: "gemini-2.0-flash", inputCostPer1k: 1e-4, outputCostPer1k: 4e-4 }]
+  ]);
+}
+var _modelPricing = _loadBundledPricing();
+var MODEL_PRICING = _modelPricing;
+async function syncPricingFromApi(baseUrl, apiKey) {
+  try {
+    const url = `${baseUrl.replace(/\/+$/, "")}/api/v1/pricing/models`;
+    const response = await fetch(url, {
+      headers: { "X-API-Key": apiKey }
+    });
+    if (!response.ok) {
+      return;
+    }
+    const data = await response.json();
+    const models = data.models ?? [];
+    if (models.length === 0) {
+      return;
+    }
+    _modelPricing.clear();
+    for (const entry of models) {
+      _modelPricing.set(entry.model, {
+        provider: entry.provider,
+        model: entry.model,
+        inputCostPer1k: entry.input_cost_per_1k,
+        outputCostPer1k: entry.output_cost_per_1k
+      });
+    }
+  } catch {
+  }
+}
+function calculateCost(model, inputTokens, outputTokens) {
+  const pricing = MODEL_PRICING.get(model);
+  if (!pricing) {
+    return 0;
+  }
+  const inputCost = inputTokens / 1e3 * pricing.inputCostPer1k;
+  const outputCost = outputTokens / 1e3 * pricing.outputCostPer1k;
+  return inputCost + outputCost;
+}
+var CostTracker = class _CostTracker {
+  _buffer = [];
+  _flushTimer = null;
+  _pricingSyncTimer = null;
+  _batchSize;
+  constructor(batchSize) {
+    this._batchSize = batchSize;
+  }
+  /**
+   * Add a track request to the buffer.
+   * Automatically flushes when buffer reaches batch size.
+   */
+  record(request, client) {
+    this._buffer.push(request);
+    if (this._buffer.length >= this._batchSize && client) {
+      void this.flush(client);
+    }
+  }
+  /**
+   * Flush all buffered track requests to the API.
+   */
+  async flush(client) {
+    if (this._buffer.length === 0) {
+      return;
+    }
+    const batch = this._buffer.splice(0, this._buffer.length);
+    const promises = batch.map(
+      (request) => client.track(request).catch((error) => {
+        console.warn(
+          `[ModelCost] Failed to track request: ${error instanceof Error ? error.message : String(error)}`
+        );
+      })
+    );
+    await Promise.allSettled(promises);
+  }
+  /**
+   * Start automatic periodic flushing.
+   */
+  startAutoFlush(client, intervalMs) {
+    this.stopAutoFlush();
+    this._flushTimer = setInterval(() => {
+      void this.flush(client);
+    }, intervalMs);
+    if (this._flushTimer && typeof this._flushTimer === "object" && "unref" in this._flushTimer) {
+      this._flushTimer.unref();
+    }
+  }
+  /**
+   * Stop automatic periodic flushing.
+   */
+  stopAutoFlush() {
+    if (this._flushTimer !== null) {
+      clearInterval(this._flushTimer);
+      this._flushTimer = null;
+    }
+  }
+  static _PRICING_SYNC_INTERVAL_MS = 3e5;
+  // 5 minutes
+  /**
+   * Start periodic pricing sync from the server.
+   */
+  startPricingSync(baseUrl, apiKey) {
+    this.stopPricingSync();
+    this._pricingSyncTimer = setInterval(() => {
+      void syncPricingFromApi(baseUrl, apiKey);
+    }, _CostTracker._PRICING_SYNC_INTERVAL_MS);
+    if (this._pricingSyncTimer && typeof this._pricingSyncTimer === "object" && "unref" in this._pricingSyncTimer) {
+      this._pricingSyncTimer.unref();
+    }
+  }
+  /**
+   * Stop periodic pricing sync.
+   */
+  stopPricingSync() {
+    if (this._pricingSyncTimer !== null) {
+      clearInterval(this._pricingSyncTimer);
+      this._pricingSyncTimer = null;
+    }
+  }
+  /**
+   * Get the current number of buffered requests.
+   */
+  get bufferSize() {
+    return this._buffer.length;
+  }
+};
+
+// src/pii.ts
+var PII_PATTERNS = [
+  {
+    type: "ssn",
+    pattern: /\b\d{3}-\d{2}-\d{4}\b/g
+  },
+  {
+    type: "credit_card_visa",
+    pattern: /\b4\d{3}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g
+  },
+  {
+    type: "credit_card_mastercard",
+    pattern: /\b5[1-5]\d{2}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g
+  },
+  {
+    type: "credit_card_amex",
+    pattern: /\b3[47]\d{2}[- ]?\d{6}[- ]?\d{5}\b/g
+  },
+  {
+    type: "credit_card_discover",
+    pattern: /\b6(?:011|5\d{2})[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g
+  },
+  {
+    type: "email",
+    pattern: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/g
+  },
+  {
+    type: "phone_us",
+    pattern: /\b(?:\+?1[-.\s]?)?(?:\(?\d{3}\)?[-.\s]?)\d{3}[-.\s]?\d{4}\b/g
+  }
+];
+var CREDIT_CARD_GENERIC_PATTERN = /\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b/g;
+var SECRETS_PATTERNS = [
+  {
+    type: "api_key_openai",
+    pattern: /sk-[a-zA-Z0-9]{20,}/g,
+    severity: "critical"
+  },
+  {
+    type: "api_key_aws",
+    pattern: /AKIA[0-9A-Z]{16}/g,
+    severity: "critical"
+  },
+  {
+    type: "private_key",
+    pattern: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----/g,
+    severity: "critical"
+  },
+  {
+    type: "jwt_token",
+    pattern: /eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g,
+    severity: "high"
+  },
+  {
+    type: "generic_secret",
+    pattern: /(?:password|api_key|apikey|secret|token|bearer)\s*[:=]\s*["']?([A-Za-z0-9_\-/.]{8,})["']?/gi,
+    severity: "critical"
+  }
+];
+var FINANCIAL_PATTERNS = [
+  {
+    type: "iban",
+    pattern: /\b[A-Z]{2}\d{2}[A-Z0-9]{4}\d{7}([A-Z0-9]?){0,16}\b/g,
+    severity: "high"
+  }
+];
+var MEDICAL_TERMS = /* @__PURE__ */ new Set([
+  "diabetes",
+  "hiv",
+  "aids",
+  "cancer",
+  "tumor",
+  "disease",
+  "medication",
+  "diagnosis",
+  "treatment",
+  "surgery",
+  "prescription",
+  "patient",
+  "doctor",
+  "hospital",
+  "clinic",
+  "medical record",
+  "insulin",
+  "prozac",
+  "chemotherapy",
+  "depression",
+  "anxiety",
+  "bipolar",
+  "schizophrenia",
+  "hepatitis",
+  "tuberculosis",
+  "epilepsy",
+  "asthma",
+  "arthritis",
+  "alzheimer"
+]);
+var PiiScanner = class _PiiScanner {
+  /**
+   * Scan text and return all detected PII entities, plus a redacted version.
+   */
+  scan(text) {
+    const entities = [];
+    for (const { type, pattern } of PII_PATTERNS) {
+      const regex = new RegExp(pattern.source, pattern.flags);
+      let match;
+      while ((match = regex.exec(text)) !== null) {
+        if (type.startsWith("credit_card_")) {
+          const digits = match[0].replace(/[\s-]/g, "");
+          if (!_PiiScanner._isValidLuhn(digits)) continue;
+        }
+        entities.push({
+          type,
+          value: match[0],
+          start: match.index,
+          end: match.index + match[0].length
+        });
+      }
+    }
+    entities.sort((a, b) => a.start - b.start);
+    const deduped = this._removeOverlaps(entities);
+    const redactedText = this._redactText(text, deduped);
+    return {
+      detected: deduped.length > 0,
+      entities: deduped,
+      redactedText
+    };
+  }
+  /**
+   * Full governance scan across multiple categories.
+   * Used in metadata-only mode where content never leaves the customer's environment.
+   */
+  fullScan(text, categories = ["pii", "phi", "secrets", "financial"]) {
+    const violations = [];
+    const detectedCategories = /* @__PURE__ */ new Set();
+    if (categories.includes("pii")) {
+      const piiViolations = this._scanPiiViolations(text);
+      for (const v of piiViolations) {
+        violations.push(v);
+        detectedCategories.add("pii");
+      }
+    }
+    if (categories.includes("phi")) {
+      const phiViolations = this._scanPhi(text);
+      for (const v of phiViolations) {
+        violations.push(v);
+        detectedCategories.add("phi");
+      }
+    }
+    if (categories.includes("secrets")) {
+      const secretViolations = this._scanSecrets(text);
+      for (const v of secretViolations) {
+        violations.push(v);
+        detectedCategories.add("secrets");
+      }
+    }
+    if (categories.includes("financial")) {
+      const financialViolations = this._scanFinancial(text);
+      for (const v of financialViolations) {
+        violations.push(v);
+        detectedCategories.add("financial");
+      }
+    }
+    return {
+      detected: violations.length > 0,
+      violations,
+      categories: [...detectedCategories]
+    };
+  }
+  /**
+   * Convenience method: return only the redacted text.
+   */
+  redact(text) {
+    return this.scan(text).redactedText;
+  }
+  // ─── Category Scanners ──────────────────────────────────────────────
+  _scanPiiViolations(text) {
+    const violations = [];
+    for (const match of text.matchAll(/\b\d{3}-\d{2}-\d{4}\b/g)) {
+      violations.push({
+        category: "pii",
+        type: "ssn",
+        severity: "critical",
+        start: match.index,
+        end: match.index + match[0].length
+      });
+    }
+    for (const match of text.matchAll(
+      /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/g
+    )) {
+      violations.push({
+        category: "pii",
+        type: "email",
+        severity: "high",
+        start: match.index,
+        end: match.index + match[0].length
+      });
+    }
+    for (const match of text.matchAll(CREDIT_CARD_GENERIC_PATTERN)) {
+      const digits = match[0].replace(/[\s-]/g, "");
+      if (_PiiScanner._isValidLuhn(digits)) {
+        violations.push({
+          category: "pii",
+          type: "credit_card",
+          severity: "critical",
+          start: match.index,
+          end: match.index + match[0].length
+        });
+      }
+    }
+    for (const match of text.matchAll(
+      /\b(?:\+?1[-.\s]?)?(?:\(?\d{3}\)?[-.\s]?)\d{3}[-.\s]?\d{4}\b/g
+    )) {
+      violations.push({
+        category: "pii",
+        type: "phone",
+        severity: "medium",
+        start: match.index,
+        end: match.index + match[0].length
+      });
+    }
+    return violations;
+  }
+  _scanPhi(text) {
+    const textLower = text.toLowerCase();
+    let hasMedicalContext = false;
+    for (const term of MEDICAL_TERMS) {
+      if (textLower.includes(term)) {
+        hasMedicalContext = true;
+        break;
+      }
+    }
+    if (!hasMedicalContext) return [];
+    const piiViolations = this._scanPiiViolations(text);
+    return piiViolations.map((v) => ({
+      ...v,
+      category: "phi",
+      type: `phi_${v.type}`,
+      severity: "critical"
+    }));
+  }
+  _scanSecrets(text) {
+    const violations = [];
+    for (const { type, pattern, severity } of SECRETS_PATTERNS) {
+      const regex = new RegExp(pattern.source, pattern.flags);
+      let match;
+      while ((match = regex.exec(text)) !== null) {
+        violations.push({
+          category: "secrets",
+          type,
+          severity,
+          start: match.index,
+          end: match.index + match[0].length
+        });
+      }
+    }
+    return violations;
+  }
+  _scanFinancial(text) {
+    const violations = [];
+    for (const match of text.matchAll(CREDIT_CARD_GENERIC_PATTERN)) {
+      const digits = match[0].replace(/[\s-]/g, "");
+      if (_PiiScanner._isValidLuhn(digits)) {
+        violations.push({
+          category: "financial",
+          type: "credit_card",
+          severity: "critical",
+          start: match.index,
+          end: match.index + match[0].length
+        });
+      }
+    }
+    for (const { type, pattern, severity } of FINANCIAL_PATTERNS) {
+      const regex = new RegExp(pattern.source, pattern.flags);
+      let match;
+      while ((match = regex.exec(text)) !== null) {
+        violations.push({
+          category: "financial",
+          type,
+          severity,
+          start: match.index,
+          end: match.index + match[0].length
+        });
+      }
+    }
+    return violations;
+  }
+  // ─── Utilities ──────────────────────────────────────────────────────
+  /**
+   * Remove overlapping entities, preferring the one that starts first
+   * (and is longest in case of a tie).
+   */
+  _removeOverlaps(entities) {
+    if (entities.length === 0) return entities;
+    const result = [entities[0]];
+    for (let i = 1; i < entities.length; i++) {
+      const current = entities[i];
+      const last = result[result.length - 1];
+      if (current.start >= last.end) {
+        result.push(current);
+      } else if (current.start === last.start && current.end > last.end) {
+        result[result.length - 1] = current;
+      }
+    }
+    return result;
+  }
+  /**
+   * Replace detected entities with [REDACTED] markers.
+   */
+  _redactText(text, entities) {
+    if (entities.length === 0) return text;
+    let result = "";
+    let cursor = 0;
+    for (const entity of entities) {
+      result += text.slice(cursor, entity.start);
+      result += `[${entity.type.toUpperCase()}]`;
+      cursor = entity.end;
+    }
+    result += text.slice(cursor);
+    return result;
+  }
+  /**
+   * Luhn algorithm for credit card validation.
+   */
+  static _isValidLuhn(number) {
+    if (number.length < 13 || number.length > 19) return false;
+    let sum = 0;
+    let alternate = false;
+    for (let i = number.length - 1; i >= 0; i--) {
+      const char = number[i];
+      if (char < "0" || char > "9") return false;
+      let n = parseInt(char, 10);
+      if (alternate) {
+        n *= 2;
+        if (n > 9) n -= 9;
+      }
+      sum += n;
+      alternate = !alternate;
+    }
+    return sum % 10 === 0;
+  }
+};
+
+// src/rate-limiter.ts
+var TokenBucketRateLimiter = class {
+  _tokens;
+  _lastRefill;
+  _rate;
+  _burst;
+  _strict;
+  /**
+   * @param rate - Tokens refilled per second
+   * @param burst - Maximum tokens (bucket capacity)
+   * @param strict - If true, `allow()` throws RateLimitedError instead of returning false
+   */
+  constructor(rate, burst, strict = false) {
+    this._rate = rate;
+    this._burst = burst;
+    this._tokens = burst;
+    this._lastRefill = Date.now();
+    this._strict = strict;
+  }
+  /**
+   * Attempt to consume one token.
+   * Returns true if allowed, false if rate-limited.
+   * In strict mode, throws RateLimitedError instead of returning false.
+   */
+  allow() {
+    this._refill();
+    if (this._tokens >= 1) {
+      this._tokens -= 1;
+      return true;
+    }
+    if (this._strict) {
+      const retryAfter = Math.ceil((1 - this._tokens) / this._rate);
+      throw new RateLimitedError(
+        `Rate limit exceeded. Retry after ${retryAfter}s.`,
+        retryAfter,
+        "token_bucket"
+      );
+    }
+    return false;
+  }
+  /**
+   * Wait until a token is available, then consume it.
+   * Resolves immediately if a token is available now.
+   */
+  async wait() {
+    this._refill();
+    if (this._tokens >= 1) {
+      this._tokens -= 1;
+      return;
+    }
+    const deficit = 1 - this._tokens;
+    const waitMs = Math.ceil(deficit / this._rate * 1e3);
+    await new Promise((resolve) => setTimeout(resolve, waitMs));
+    this._refill();
+    this._tokens -= 1;
+  }
+  /**
+   * Get the current number of available tokens (for inspection/testing).
+   */
+  get availableTokens() {
+    this._refill();
+    return this._tokens;
+  }
+  _refill() {
+    const now = Date.now();
+    const elapsed = (now - this._lastRefill) / 1e3;
+    this._tokens = Math.min(this._burst, this._tokens + elapsed * this._rate);
+    this._lastRefill = now;
+  }
+};
+
+// src/providers/openai.ts
+var OpenAIProvider = class {
+  _client;
+  _config;
+  _budgetManager;
+  _costTracker;
+  _piiScanner;
+  _rateLimiter;
+  _session;
+  constructor(apiClient, config, budgetManager, costTracker, piiScanner, rateLimiter, session) {
+    this._client = apiClient;
+    this._config = config;
+    this._budgetManager = budgetManager;
+    this._costTracker = costTracker;
+    this._piiScanner = piiScanner;
+    this._rateLimiter = rateLimiter;
+    this._session = session;
+  }
+  getProviderName() {
+    return "openai";
+  }
+  extractUsage(response) {
+    const res = response;
+    return {
+      inputTokens: res.usage?.prompt_tokens ?? 0,
+      outputTokens: res.usage?.completion_tokens ?? 0
+    };
+  }
+  wrap(client) {
+    const openaiClient = client;
+    const self = this;
+    const completionsProxy = new Proxy(openaiClient.chat.completions, {
+      get(target, prop, receiver) {
+        if (prop === "create") {
+          return async (...args) => {
+            const params = args[0] ?? {};
+            const model = params["model"] ?? "unknown";
+            await self._rateLimiter.wait();
+            const messages = params["messages"];
+            if (messages) {
+              for (const msg of messages) {
+                if (typeof msg.content === "string") {
+                  const scanResult = self._piiScanner.scan(msg.content);
+                  if (scanResult.detected) {
+                    if (self._config.contentPrivacy) {
+                      const fullResult = self._piiScanner.fullScan(msg.content);
+                      if (fullResult.detected) {
+                        for (const violation of fullResult.violations) {
+                          self._client.reportSignal({
+                            organizationId: self._config.orgId,
+                            violationType: violation.category,
+                            violationSubtype: violation.type,
+                            severity: violation.severity,
+                            environment: self._config.environment,
+                            actionTaken: "block",
+                            wasAllowed: false,
+                            detectedAt: (/* @__PURE__ */ new Date()).toISOString(),
+                            source: "metadata_only",
+                            violationCount: 1
+                          }).catch(() => {
+                          });
+                        }
+                        throw new PiiDetectedError(
+                          "Sensitive content detected and blocked locally (metadata-only mode)",
+                          fullResult.violations.map((v) => ({
+                            type: v.category,
+                            subtype: v.type,
+                            severity: v.severity,
+                            start: v.start,
+                            end: v.end
+                          })),
+                          self._piiScanner.redact(msg.content)
+                        );
+                      }
+                    } else {
+                      const govResult = await self._client.scanText({
+                        orgId: self._config.orgId,
+                        text: msg.content,
+                        environment: self._config.environment
+                      });
+                      if (!govResult.isAllowed) {
+                        throw new PiiDetectedError(
+                          "PII detected in request and blocked by policy",
+                          govResult.violations,
+                          govResult.redactedText ?? scanResult.redactedText
+                        );
+                      }
+                    }
+                  }
+                }
+              }
+            }
+            const estimatedCost = calculateCost(model, 500, 500);
+            const budgetCheck = await self._budgetManager.check(
+              self._client,
+              self._config.orgId,
+              params["feature"] ?? "default",
+              estimatedCost
+            );
+            if (!budgetCheck.allowed && budgetCheck.action === "block") {
+              throw new BudgetExceededError(
+                budgetCheck.reason ?? "Budget exceeded",
+                0,
+                "organization"
+              );
+            }
+            if (self._session) {
+              self._session.preCallCheck(estimatedCost);
+            }
+            const startTime = Date.now();
+            const response = await target.create.apply(target, args);
+            const latencyMs = Date.now() - startTime;
+            const usage = self.extractUsage(response);
+            const cost = calculateCost(
+              model,
+              usage.inputTokens,
+              usage.outputTokens
+            );
+            self._costTracker.record(
+              {
+                apiKey: self._config.apiKey,
+                timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+                provider: "openai",
+                model,
+                inputTokens: usage.inputTokens,
+                outputTokens: usage.outputTokens,
+                latencyMs,
+                metadata: {}
+              },
+              self._client
+            );
+            self._budgetManager.updateLocalSpend(
+              self._config.orgId,
+              params["feature"] ?? "default",
+              cost
+            );
+            if (self._session) {
+              self._session.recordCall({
+                callType: "llm",
+                inputTokens: usage.inputTokens,
+                outputTokens: usage.outputTokens,
+                costUsd: cost
+              });
+            }
+            return response;
+          };
+        }
+        return Reflect.get(target, prop, receiver);
+      }
+    });
+    const chatProxy = new Proxy(openaiClient.chat, {
+      get(target, prop, receiver) {
+        if (prop === "completions") {
+          return completionsProxy;
+        }
+        return Reflect.get(target, prop, receiver);
+      }
+    });
+    return new Proxy(openaiClient, {
+      get(target, prop, receiver) {
+        if (prop === "chat") {
+          return chatProxy;
+        }
+        return Reflect.get(target, prop, receiver);
+      }
+    });
+  }
+};
+
+// src/providers/anthropic.ts
+var AnthropicProvider = class {
+  _client;
+  _config;
+  _budgetManager;
+  _costTracker;
+  _piiScanner;
+  _rateLimiter;
+  _session;
+  constructor(apiClient, config, budgetManager, costTracker, piiScanner, rateLimiter, session) {
+    this._client = apiClient;
+    this._config = config;
+    this._budgetManager = budgetManager;
+    this._costTracker = costTracker;
+    this._piiScanner = piiScanner;
+    this._rateLimiter = rateLimiter;
+    this._session = session;
+  }
+  getProviderName() {
+    return "anthropic";
+  }
+  extractUsage(response) {
+    const res = response;
+    return {
+      inputTokens: res.usage?.input_tokens ?? 0,
+      outputTokens: res.usage?.output_tokens ?? 0
+    };
+  }
+  wrap(client) {
+    const anthropicClient = client;
+    const self = this;
+    const messagesProxy = new Proxy(anthropicClient.messages, {
+      get(target, prop, receiver) {
+        if (prop === "create") {
+          return async (...args) => {
+            const params = args[0] ?? {};
+            const model = params["model"] ?? "unknown";
+            await self._rateLimiter.wait();
+            const messages = params["messages"];
+            if (messages) {
+              for (const msg of messages) {
+                const textContent = typeof msg.content === "string" ? msg.content : Array.isArray(msg.content) ? msg.content.map((block) => block.text ?? "").join(" ") : "";
+                if (textContent) {
+                  const scanResult = self._piiScanner.scan(textContent);
+                  if (scanResult.detected) {
+                    if (self._config.contentPrivacy) {
+                      const fullResult = self._piiScanner.fullScan(textContent);
+                      if (fullResult.detected) {
+                        for (const violation of fullResult.violations) {
+                          self._client.reportSignal({
+                            organizationId: self._config.orgId,
+                            violationType: violation.category,
+                            violationSubtype: violation.type,
+                            severity: violation.severity,
+                            environment: self._config.environment,
+                            actionTaken: "block",
+                            wasAllowed: false,
+                            detectedAt: (/* @__PURE__ */ new Date()).toISOString(),
+                            source: "metadata_only",
+                            violationCount: 1
+                          }).catch(() => {
+                          });
+                        }
+                        throw new PiiDetectedError(
+                          "Sensitive content detected and blocked locally (metadata-only mode)",
+                          fullResult.violations.map((v) => ({
+                            type: v.category,
+                            subtype: v.type,
+                            severity: v.severity,
+                            start: v.start,
+                            end: v.end
+                          })),
+                          self._piiScanner.redact(textContent)
+                        );
+                      }
+                    } else {
+                      const govResult = await self._client.scanText({
+                        orgId: self._config.orgId,
+                        text: textContent,
+                        environment: self._config.environment
+                      });
+                      if (!govResult.isAllowed) {
+                        throw new PiiDetectedError(
+                          "PII detected in request and blocked by policy",
+                          govResult.violations,
+                          govResult.redactedText ?? scanResult.redactedText
+                        );
+                      }
+                    }
+                  }
+                }
+              }
+            }
+            const estimatedCost = calculateCost(model, 500, 500);
+            const budgetCheck = await self._budgetManager.check(
+              self._client,
+              self._config.orgId,
+              params["feature"] ?? "default",
+              estimatedCost
+            );
+            if (!budgetCheck.allowed && budgetCheck.action === "block") {
+              throw new BudgetExceededError(
+                budgetCheck.reason ?? "Budget exceeded",
+                0,
+                "organization"
+              );
+            }
+            if (self._session) {
+              self._session.preCallCheck(estimatedCost);
+            }
+            const startTime = Date.now();
+            const response = await target.create.apply(target, args);
+            const latencyMs = Date.now() - startTime;
+            const usage = self.extractUsage(response);
+            const cost = calculateCost(
+              model,
+              usage.inputTokens,
+              usage.outputTokens
+            );
+            self._costTracker.record(
+              {
+                apiKey: self._config.apiKey,
+                timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+                provider: "anthropic",
+                model,
+                inputTokens: usage.inputTokens,
+                outputTokens: usage.outputTokens,
+                latencyMs,
+                metadata: {}
+              },
+              self._client
+            );
+            self._budgetManager.updateLocalSpend(
+              self._config.orgId,
+              params["feature"] ?? "default",
+              cost
+            );
+            if (self._session) {
+              self._session.recordCall({
+                callType: "llm",
+                inputTokens: usage.inputTokens,
+                outputTokens: usage.outputTokens,
+                costUsd: cost
+              });
+            }
+            return response;
+          };
+        }
+        return Reflect.get(target, prop, receiver);
+      }
+    });
+    return new Proxy(anthropicClient, {
+      get(target, prop, receiver) {
+        if (prop === "messages") {
+          return messagesProxy;
+        }
+        return Reflect.get(target, prop, receiver);
+      }
+    });
+  }
+};
+
+// src/providers/google.ts
+var GoogleProvider = class {
+  _client;
+  _config;
+  _budgetManager;
+  _costTracker;
+  _piiScanner;
+  _rateLimiter;
+  _session;
+  constructor(apiClient, config, budgetManager, costTracker, piiScanner, rateLimiter, session) {
+    this._client = apiClient;
+    this._config = config;
+    this._budgetManager = budgetManager;
+    this._costTracker = costTracker;
+    this._piiScanner = piiScanner;
+    this._rateLimiter = rateLimiter;
+    this._session = session;
+  }
+  getProviderName() {
+    return "google";
+  }
+  extractUsage(response) {
+    const res = response;
+    const metadata = res.response?.usageMetadata;
+    return {
+      inputTokens: metadata?.promptTokenCount ?? 0,
+      outputTokens: metadata?.candidatesTokenCount ?? 0
+    };
+  }
+  wrap(client) {
+    const googleClient = client;
+    const self = this;
+    return new Proxy(googleClient, {
+      get(target, prop, receiver) {
+        if (prop === "getGenerativeModel") {
+          return (params) => {
+            const model = target.getGenerativeModel(params);
+            return self._wrapModel(model, params.model);
+          };
+        }
+        return Reflect.get(target, prop, receiver);
+      }
+    });
+  }
+  _wrapModel(model, modelName) {
+    const self = this;
+    return new Proxy(model, {
+      get(target, prop, receiver) {
+        if (prop === "generateContent") {
+          return async (...args) => {
+            await self._rateLimiter.wait();
+            if (typeof args[0] === "string") {
+              const scanResult = self._piiScanner.scan(args[0]);
+              if (scanResult.detected) {
+                if (self._config.contentPrivacy) {
+                  const fullResult = self._piiScanner.fullScan(args[0]);
+                  if (fullResult.detected) {
+                    for (const violation of fullResult.violations) {
+                      self._client.reportSignal({
+                        organizationId: self._config.orgId,
+                        violationType: violation.category,
+                        violationSubtype: violation.type,
+                        severity: violation.severity,
+                        environment: self._config.environment,
+                        actionTaken: "block",
+                        wasAllowed: false,
+                        detectedAt: (/* @__PURE__ */ new Date()).toISOString(),
+                        source: "metadata_only",
+                        violationCount: 1
+                      }).catch(() => {
+                      });
+                    }
+                    throw new PiiDetectedError(
+                      "Sensitive content detected and blocked locally (metadata-only mode)",
+                      fullResult.violations.map((v) => ({
+                        type: v.category,
+                        subtype: v.type,
+                        severity: v.severity,
+                        start: v.start,
+                        end: v.end
+                      })),
+                      self._piiScanner.redact(args[0])
+                    );
+                  }
+                } else {
+                  const govResult = await self._client.scanText({
+                    orgId: self._config.orgId,
+                    text: args[0],
+                    environment: self._config.environment
+                  });
+                  if (!govResult.isAllowed) {
+                    throw new PiiDetectedError(
+                      "PII detected in request and blocked by policy",
+                      govResult.violations,
+                      govResult.redactedText ?? scanResult.redactedText
+                    );
+                  }
+                }
+              }
+            }
+            const estimatedCost = calculateCost(modelName, 500, 500);
+            const budgetCheck = await self._budgetManager.check(
+              self._client,
+              self._config.orgId,
+              "default",
+              estimatedCost
+            );
+            if (!budgetCheck.allowed && budgetCheck.action === "block") {
+              throw new BudgetExceededError(
+                budgetCheck.reason ?? "Budget exceeded",
+                0,
+                "organization"
+              );
+            }
+            if (self._session) {
+              self._session.preCallCheck(estimatedCost);
+            }
+            const startTime = Date.now();
+            const response = await target.generateContent.apply(
+              target,
+              args
+            );
+            const latencyMs = Date.now() - startTime;
+            const usage = self.extractUsage(response);
+            const cost = calculateCost(
+              modelName,
+              usage.inputTokens,
+              usage.outputTokens
+            );
+            self._costTracker.record(
+              {
+                apiKey: self._config.apiKey,
+                timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+                provider: "google",
+                model: modelName,
+                inputTokens: usage.inputTokens,
+                outputTokens: usage.outputTokens,
+                latencyMs,
+                metadata: {}
+              },
+              self._client
+            );
+            self._budgetManager.updateLocalSpend(
+              self._config.orgId,
+              "default",
+              cost
+            );
+            if (self._session) {
+              self._session.recordCall({
+                callType: "llm",
+                inputTokens: usage.inputTokens,
+                outputTokens: usage.outputTokens,
+                costUsd: cost
+              });
+            }
+            return response;
+          };
+        }
+        return Reflect.get(target, prop, receiver);
+      }
+    });
+  }
+};
+
+// src/providers/index.ts
+function detectProvider(client) {
+  const obj = client;
+  if (obj["chat"] && typeof obj["chat"] === "object") {
+    const chat = obj["chat"];
+    if (chat["completions"]) return "openai";
+  }
+  if (obj["messages"] && typeof obj["messages"] === "object") {
+    return "anthropic";
+  }
+  if (typeof obj["getGenerativeModel"] === "function") {
+    return "google";
+  }
+  return null;
+}
+function createProviderForClient(client, apiClient, config, budgetManager, costTracker, piiScanner, rateLimiter, session) {
+  const providerName = detectProvider(client);
+  switch (providerName) {
+    case "openai":
+      return new OpenAIProvider(
+        apiClient,
+        config,
+        budgetManager,
+        costTracker,
+        piiScanner,
+        rateLimiter,
+        session
+      );
+    case "anthropic":
+      return new AnthropicProvider(
+        apiClient,
+        config,
+        budgetManager,
+        costTracker,
+        piiScanner,
+        rateLimiter,
+        session
+      );
+    case "google":
+      return new GoogleProvider(
+        apiClient,
+        config,
+        budgetManager,
+        costTracker,
+        piiScanner,
+        rateLimiter,
+        session
+      );
+    default:
+      throw new Error(
+        `Unsupported AI client. Could not detect provider from client object. Supported providers: openai, anthropic, google.`
+      );
+  }
+}
+
+// src/session.ts
+var SessionContext = class {
+  sessionId;
+  serverSessionId;
+  feature;
+  userId;
+  maxSpendUsd;
+  maxIterations;
+  _currentSpendUsd = 0;
+  _iterationCount = 0;
+  _cumulativeInputTokens = 0;
+  _status = "active";
+  _terminationReason;
+  _calls = [];
+  constructor(options) {
+    this.sessionId = options.sessionId;
+    this.serverSessionId = options.serverSessionId;
+    this.feature = options.feature;
+    this.userId = options.userId;
+    this.maxSpendUsd = options.maxSpendUsd;
+    this.maxIterations = options.maxIterations;
+  }
+  // ─── Read-only accessors ──────────────────────────────────────────
+  get currentSpendUsd() {
+    return this._currentSpendUsd;
+  }
+  get iterationCount() {
+    return this._iterationCount;
+  }
+  get status() {
+    return this._status;
+  }
+  get terminationReason() {
+    return this._terminationReason;
+  }
+  get calls() {
+    return this._calls;
+  }
+  get remainingBudget() {
+    if (this.maxSpendUsd === void 0) return void 0;
+    return Math.max(0, this.maxSpendUsd - this._currentSpendUsd);
+  }
+  get remainingIterations() {
+    if (this.maxIterations === void 0) return void 0;
+    return Math.max(0, this.maxIterations - this._iterationCount);
+  }
+  // ─── Lifecycle methods ────────────────────────────────────────────
+  /**
+   * Pre-flight check before making an AI call.
+   * Throws if budget or iteration limits would be exceeded.
+   */
+  preCallCheck(estimatedCost) {
+    if (this.maxSpendUsd !== void 0) {
+      if (this._currentSpendUsd + estimatedCost > this.maxSpendUsd) {
+        this._status = "terminated";
+        this._terminationReason = "budget_exceeded";
+        throw new SessionBudgetExceededError(
+          `Session budget exceeded: current spend $${this._currentSpendUsd.toFixed(4)} + estimated $${estimatedCost.toFixed(4)} > limit $${this.maxSpendUsd.toFixed(4)}`,
+          this.sessionId,
+          this._currentSpendUsd,
+          this.maxSpendUsd
+        );
+      }
+    }
+    if (this.maxIterations !== void 0) {
+      if (this._iterationCount + 1 > this.maxIterations) {
+        this._status = "terminated";
+        this._terminationReason = "iteration_limit_exceeded";
+        throw new SessionIterationLimitExceededError(
+          `Session iteration limit exceeded: ${this._iterationCount + 1} > ${this.maxIterations}`,
+          this.sessionId,
+          this._iterationCount,
+          this.maxIterations
+        );
+      }
+    }
+  }
+  /**
+   * Record a completed call, updating cumulative counters.
+   */
+  recordCall(options) {
+    this._iterationCount++;
+    this._currentSpendUsd += options.costUsd;
+    this._cumulativeInputTokens += options.inputTokens;
+    const record = {
+      callSequence: this._iterationCount,
+      callType: options.callType,
+      toolName: options.toolName,
+      inputTokens: options.inputTokens,
+      outputTokens: options.outputTokens,
+      cumulativeInputTokens: this._cumulativeInputTokens,
+      costUsd: options.costUsd,
+      cumulativeCostUsd: this._currentSpendUsd,
+      createdAt: /* @__PURE__ */ new Date()
+    };
+    this._calls.push(record);
+    return record;
+  }
+  /**
+   * Close the session with a terminal status.
+   */
+  close(reason = "completed") {
+    this._status = reason === "completed" ? "completed" : "terminated";
+    this._terminationReason = reason;
+  }
+};
+
+// src/index.ts
+var ModelCost = class _ModelCost {
+  static _instance = null;
+  /** Prevent direct instantiation. */
+  constructor() {
+  }
+  /**
+   * Initialize the ModelCost SDK. Must be called before any other method.
+   * Subsequent calls will re-initialize (shutting down the previous instance).
+   */
+  static init(options) {
+    if (_ModelCost._instance) {
+      _ModelCost._instance.costTracker.stopAutoFlush();
+      _ModelCost._instance.costTracker.stopPricingSync();
+      _ModelCost._instance.client.close();
+    }
+    const config = new ModelCostConfig(options);
+    const client = new ModelCostClient(config);
+    const budgetManager = new BudgetManager(config.syncIntervalMs);
+    const costTracker = new CostTracker(config.flushBatchSize);
+    const piiScanner = new PiiScanner();
+    const rateLimiter = new TokenBucketRateLimiter(10, 50);
+    costTracker.startAutoFlush(client, config.flushIntervalMs);
+    costTracker.startPricingSync(config.baseUrl, config.apiKey);
+    _ModelCost._instance = {
+      config,
+      client,
+      budgetManager,
+      costTracker,
+      piiScanner,
+      rateLimiter
+    };
+  }
+  /**
+   * Wrap an AI provider client with cost tracking, budget enforcement,
+   * and PII scanning. Returns a proxied version of the same client.
+   *
+   * Supports: OpenAI, Anthropic, Google Generative AI.
+   */
+  static wrap(client, session) {
+    const inst = _ModelCost._requireInstance();
+    const provider = createProviderForClient(
+      client,
+      inst.client,
+      inst.config,
+      inst.budgetManager,
+      inst.costTracker,
+      inst.piiScanner,
+      inst.rateLimiter,
+      session
+    );
+    return provider.wrap(client);
+  }
+  /**
+   * Decorator factory for tracking costs on individual functions.
+   *
+   * @example
+   * ```ts
+   * const trackedFn = ModelCost.trackCost({ model: "gpt-4o" })(myFunction);
+   * ```
+   */
+  static trackCost(options) {
+    const inst = _ModelCost._requireInstance();
+    return (fn) => {
+      const wrapped = async (...args) => {
+        if (options.session) {
+          const estimatedCost = calculateCost(options.model, 500, 500);
+          options.session.preCallCheck(estimatedCost);
+        }
+        const startTime = Date.now();
+        const result = await fn(...args);
+        const latencyMs = Date.now() - startTime;
+        inst.costTracker.record(
+          {
+            apiKey: inst.config.apiKey,
+            timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+            provider: options.provider ?? "openai",
+            model: options.model,
+            feature: options.feature,
+            inputTokens: 0,
+            outputTokens: 0,
+            latencyMs,
+            metadata: {}
+          },
+          inst.client
+        );
+        if (options.session) {
+          options.session.recordCall({
+            callType: "llm",
+            inputTokens: 0,
+            outputTokens: 0,
+            costUsd: 0
+          });
+        }
+        return result;
+      };
+      return wrapped;
+    };
+  }
+  /**
+   * Check whether a request is allowed under current budget policies.
+   */
+  static async checkBudget(scope, id) {
+    const inst = _ModelCost._requireInstance();
+    return inst.budgetManager.check(inst.client, inst.config.orgId, `${scope}:${id}`, 0);
+  }
+  /**
+   * Get usage/spend information for a scope and period.
+   */
+  static async getUsage(scope, _period) {
+    const inst = _ModelCost._requireInstance();
+    const status = await inst.client.getBudgetStatus(
+      scope === "organization" ? inst.config.orgId : scope
+    );
+    return {
+      totalSpendUsd: status.totalSpendUsd,
+      totalBudgetUsd: status.totalBudgetUsd,
+      policiesAtRisk: status.policiesAtRisk,
+      policies: status.policies
+    };
+  }
+  /**
+   * Start a new agent session with optional budget and iteration limits.
+   * Registers the session with the server (fail-open if unavailable)
+   * and returns a local SessionContext for tracking.
+   */
+  static async startSession(options = {}) {
+    const inst = _ModelCost._requireInstance();
+    const sessionId = options.sessionId ?? crypto.randomUUID();
+    let serverSessionId;
+    try {
+      const response = await inst.client.createSession({
+        apiKey: inst.config.apiKey,
+        sessionId,
+        feature: options.feature,
+        userId: options.userId,
+        maxSpendUsd: options.maxSpendUsd,
+        maxIterations: options.maxIterations
+      });
+      serverSessionId = response.id;
+    } catch {
+      console.warn("[ModelCost] Failed to create server session (fail-open)");
+    }
+    return new SessionContext({
+      sessionId,
+      serverSessionId,
+      feature: options.feature,
+      userId: options.userId,
+      maxSpendUsd: options.maxSpendUsd,
+      maxIterations: options.maxIterations
+    });
+  }
+  /**
+   * Close an active session, recording final state on the server.
+   */
+  static async closeSession(session, reason = "completed") {
+    const inst = _ModelCost._requireInstance();
+    session.close(reason);
+    if (session.serverSessionId) {
+      try {
+        await inst.client.closeSession(session.serverSessionId, {
+          apiKey: inst.config.apiKey,
+          status: session.status,
+          terminationReason: session.terminationReason,
+          finalSpendUsd: session.currentSpendUsd,
+          finalIterationCount: session.iterationCount
+        });
+      } catch {
+        console.warn("[ModelCost] Failed to close server session (fail-open)");
+      }
+    }
+  }
+  /**
+   * Scan text for PII using the local scanner.
+   */
+  static async scanPii(text) {
+    const inst = _ModelCost._requireInstance();
+    return inst.piiScanner.scan(text);
+  }
+  /**
+   * Flush all buffered tracking events to the API.
+   */
+  static async flush() {
+    const inst = _ModelCost._requireInstance();
+    await inst.costTracker.flush(inst.client);
+  }
+  /**
+   * Gracefully shut down the SDK: flush remaining events, stop timers, close client.
+   */
+  static async shutdown() {
+    if (!_ModelCost._instance) return;
+    const inst = _ModelCost._instance;
+    inst.costTracker.stopAutoFlush();
+    inst.costTracker.stopPricingSync();
+    await inst.costTracker.flush(inst.client);
+    inst.budgetManager.clear();
+    inst.client.close();
+    _ModelCost._instance = null;
+  }
+  /**
+   * Assert the SDK has been initialized and return the instance.
+   */
+  static _requireInstance() {
+    if (!_ModelCost._instance) {
+      throw new ConfigurationError(
+        "ModelCost SDK is not initialized. Call ModelCost.init() first."
+      );
+    }
+    return _ModelCost._instance;
+  }
+};
+
+export { AnthropicProvider, BudgetExceededError, BudgetManager, ConfigurationError, CostTracker, GoogleProvider, MODEL_PRICING, ModelCost, ModelCostApiError, ModelCostClient, ModelCostConfig, ModelCostError, OpenAIProvider, PiiDetectedError, PiiScanner, RateLimitedError, SessionBudgetExceededError, SessionContext, SessionIterationLimitExceededError, TokenBucketRateLimiter, VERSION, calculateCost };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map