@od-oneapp/ai-platform 0.1.0

package/dist/telemetry-2eKMojIb.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"telemetry-2eKMojIb.mjs","names":[],"sources":["../src/governance/policies/guardrails.ts","../src/governance/policies/loop-controls.ts","../src/governance/policies/telemetry.ts"],"sourcesContent":["/**\n * @fileoverview Guardrails and content filtering policies\n *\n * Provides multi-layer defense for AI agent inputs and outputs including:\n * - Pattern blocking (SQL injection, destructive commands, privilege escalation)\n * - PII sanitization (email, SSN, phone, credit card, addresses, etc.)\n * - Stream monitoring (real-time output validation)\n *\n * @module @od-oneapp/ai-platform/policies/guardrails\n */\n\nimport { randomUUID } from 'node:crypto';\n\nimport {\n  complianceSignalSchema,\n  type ComplianceSignal,\n  type RiskLevel,\n} from '../compliance/schemas';\n\nimport type { SDKLanguageModelV3 } from '../../shared';\n\n/**\n * Banned patterns for content filtering.\n * Detects dangerous SQL commands, injection attempts, and privilege escalation.\n * @internal\n */\nconst BANNED_PATTERNS: Array<{ pattern: RegExp; reason: string; risk: RiskLevel }> = [\n  // Destructive SQL commands\n  {\n    pattern: /drop\\s+(table|database|schema|index)/gi,\n    reason: 'Destructive SQL command detected (DROP)',\n    risk: 'high',\n  },\n  {\n    pattern: /truncate\\s+table/gi,\n    reason: 'Destructive SQL command detected (TRUNCATE)',\n    risk: 'high',\n  },\n  {\n    pattern: /delete\\s+from\\s+\\w+\\s+(where\\s+1\\s*=\\s*1|without\\s+where)/gi,\n    reason: 'Dangerous DELETE operation without proper WHERE clause',\n    risk: 'high',\n  },\n  // Sensitive data access\n  {\n    pattern: /select\\s+\\*\\s+from\\s+(users|passwords|credentials|secrets|tokens)/gi,\n    reason: 'Direct sensitive data extraction requires manual approval',\n    risk: 'high',\n  },\n  {\n    pattern: /update\\s+(users|accounts)\\s+set\\s+(role|permissions|is_admin)/gi,\n    reason: 'Privilege escalation attempt detected',\n    risk: 'high',\n  },\n  // SQL injection patterns\n  {\n    pattern: /;\\s*(drop|delete|update|insert)/gi,\n    reason: 'Potential SQL injection with chained commands',\n    risk: 'high',\n  },\n  {\n    pattern: /(union\\s+select|union\\s+all\\s+select)/gi,\n    reason: 'Potential SQL injection with UNION',\n    risk: 'high',\n  },\n  // System commands\n  {\n    pattern: /(exec|execute)\\s+(xp_|sp_)/gi,\n    reason: 'Potential system stored procedure execution',\n    risk: 'high',\n  },\n  {\n    pattern: /into\\s+outfile|load_file\\(/gi,\n    reason: 'File system access attempt detected',\n    risk: 'high',\n  },\n];\n\n/**\n * Enterprise-grade PII pattern configuration.\n * Uses context-aware detection to reduce false positives while maintaining security.\n * @internal\n */\ninterface PiiPatternConfig {\n  /** Primary regex pattern for detection */\n  regex: RegExp;\n  /** Replacement placeholder text */\n  placeholder: string;\n  /** Signal type for compliance tracking */\n  type: ComplianceSignal['type'];\n  /** Optional context keywords - pattern only matches if text contains these keywords nearby */\n  contextKeywords?: string[];\n  /** Window size (chars) to look for context keywords (default: 50) */\n  contextWindow?: number;\n  /** Luhn checksum validation for card numbers */\n  luhnValidation?: boolean;\n  /** Custom validator function for additional validation */\n  validator?: (match: string, text: string) => boolean;\n}\n\n/**\n * Validates credit card number using Luhn algorithm.\n * @param num - Numeric string to validate\n * @returns True if valid Luhn checksum\n * @internal\n */\nconst isValidLuhn = (num: string): boolean => {\n  const digits = num.replace(/\\D/g, '');\n  if (digits.length < 13 || digits.length > 19) return false;\n\n  let sum = 0;\n  let isEven = false;\n  for (let i = digits.length - 1; i >= 0; i--) {\n    let digit = parseInt(digits[i] ?? '0', 10);\n    if (isEven) {\n      digit *= 2;\n      if (digit > 9) digit -= 9;\n    }\n    sum += digit;\n    isEven = !isEven;\n  }\n  return sum % 10 === 0;\n};\n\n/**\n * Checks if context keywords exist within a window around a match position.\n * @param text - Full text to search\n * @param matchStart - Start position of the match\n * @param matchEnd - End position of the match\n * @param keywords - Keywords to search for\n * @param windowSize - Character window to search\n * @returns True if any keyword is found within the window\n * @internal\n */\nconst hasContextKeyword = (\n  text: string,\n  matchStart: number,\n  matchEnd: number,\n  keywords: string[],\n  windowSize: number,\n): boolean => {\n  const windowStart = Math.max(0, matchStart - windowSize);\n  const windowEnd = Math.min(text.length, matchEnd + windowSize);\n  const contextText = text.slice(windowStart, windowEnd).toLowerCase();\n  return keywords.some(keyword => contextText.includes(keyword.toLowerCase()));\n};\n\n/**\n * Enterprise-grade PII patterns with context-aware detection.\n * Reduces false positives by requiring context keywords for ambiguous patterns.\n * @internal\n */\nconst PII_PATTERNS: PiiPatternConfig[] = [\n  // Email addresses - high confidence, no context needed\n  {\n    regex: /[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,}/gi,\n    placeholder: '[redacted-email]',\n    type: 'guardrail.sanitized',\n  },\n  // US Social Security Numbers (SSN) - formatted SSNs are high confidence\n  {\n    regex: /\\b\\d{3}-\\d{2}-\\d{4}\\b/g,\n    placeholder: '[redacted-ssn]',\n    type: 'guardrail.sanitized',\n  },\n  // SSN without dashes - requires context to avoid false positives\n  {\n    regex: /\\b\\d{9}\\b/g,\n    placeholder: '[redacted-ssn]',\n    type: 'guardrail.sanitized',\n    contextKeywords: ['ssn', 'social security', 'social-security', 'tax id', 'taxpayer'],\n    contextWindow: 50,\n  },\n  // US Phone numbers (various formats)\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded pattern with limited quantifiers\n    regex: /\\b(?:\\+1[-.\\s]?)?(?:\\(?\\d{3}\\)?[-.\\s]?)?\\d{3}[-.\\s]?\\d{4}\\b/g,\n    placeholder: '[redacted-phone]',\n    type: 'guardrail.sanitized',\n    contextKeywords: ['phone', 'call', 'tel', 'mobile', 'cell', 'contact', 'fax', 'number'],\n    contextWindow: 30,\n  },\n  // Credit card numbers with Luhn validation - high confidence\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded pattern for credit cards\n    regex: /\\b(?:\\d{4}[-\\s]?){3}\\d{4,7}\\b/g,\n    placeholder: '[redacted-card]',\n    type: 'guardrail.sanitized',\n    luhnValidation: true,\n  },\n  // Credit card with context keywords (for non-Luhn passing numbers)\n  {\n    regex: /\\b\\d{13,19}\\b/g,\n    placeholder: '[redacted-card]',\n    type: 'guardrail.sanitized',\n    contextKeywords: [\n      'card',\n      'credit',\n      'debit',\n      'visa',\n      'mastercard',\n      'amex',\n      'discover',\n      'payment',\n    ],\n    contextWindow: 40,\n    luhnValidation: true,\n  },\n  // IPv4 addresses - no context needed (high specificity)\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded IPv4 pattern\n    regex: /\\b(?:(?:25[0-5]|2[0-4]\\d|[01]?\\d{1,2})\\.){3}(?:25[0-5]|2[0-4]\\d|[01]?\\d{1,2})\\b/g,\n    placeholder: '[redacted-ip]',\n    type: 'guardrail.sanitized',\n    // Exclude common non-PII IPs (localhost, version numbers)\n    validator: (match: string) => {\n      const nonPiiPatterns = ['127.0.0.1', '0.0.0.0', '255.255.255.255'];\n      if (nonPiiPatterns.includes(match)) return false;\n      // Exclude version-like patterns (e.g., 1.2.3.4 where first octet is single digit)\n      const octets = match.split('.').map(Number);\n      // Valid IP octets are 0-255\n      return octets.every(o => o >= 0 && o <= 255);\n    },\n  },\n  // US Passport numbers - REQUIRES context (9-digit is too common)\n  {\n    regex: /\\b[A-Z]?\\d{8,9}\\b/g,\n    placeholder: '[redacted-passport]',\n    type: 'guardrail.sanitized',\n    contextKeywords: ['passport', 'travel document', 'travel doc', 'passport number', 'passport#'],\n    contextWindow: 60,\n  },\n  // Date of birth patterns - requires context\n  {\n    regex: /\\b(0?[1-9]|1[0-2])[\\/\\-](0?[1-9]|[12]\\d|3[01])[\\/\\-](19|20)\\d{2}\\b/g,\n    placeholder: '[redacted-dob]',\n    type: 'guardrail.sanitized',\n    contextKeywords: [\n      'dob',\n      'birth',\n      'birthday',\n      'born',\n      'date of birth',\n      'birthdate',\n      'd.o.b',\n      'age',\n    ],\n    contextWindow: 40,\n  },\n  // Street addresses (basic pattern for US addresses)\n  {\n    regex:\n      // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded US address pattern\n      /\\b\\d+\\s+[A-Za-z]+(?:\\s+[A-Za-z]+)?\\s+(?:Street|St|Avenue|Ave|Road|Rd|Drive|Dr|Lane|Ln|Court|Ct|Boulevard|Blvd|Way|Place|Pl|Circle|Cir)\\.?\\b/gi,\n    placeholder: '[redacted-address]',\n    type: 'guardrail.sanitized',\n  },\n  // ZIP codes (US 5 or 9 digit) - requires address context\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded pattern, optional group is safe\n    regex: /\\b\\d{5}(?:-\\d{4})?\\b/g,\n    placeholder: '[redacted-zip]',\n    type: 'guardrail.sanitized',\n    contextKeywords: ['zip', 'postal', 'address', 'city', 'state', 'mail', 'ship'],\n    contextWindow: 50,\n  },\n  // Bank account numbers - REQUIRES context (8-17 digits is too common)\n  {\n    regex: /\\b\\d{8,17}\\b/g,\n    placeholder: '[redacted-account]',\n    type: 'guardrail.sanitized',\n    contextKeywords: [\n      'account',\n      'acct',\n      'routing',\n      'bank',\n      'iban',\n      'aba',\n      'swift',\n      'wire',\n      'deposit',\n      'checking',\n      'savings',\n    ],\n    contextWindow: 50,\n  },\n  // Driver's license numbers - requires context\n  {\n    regex: /\\b[A-Z]{1,2}\\d{5,8}\\b/g,\n    placeholder: '[redacted-license]',\n    type: 'guardrail.sanitized',\n    contextKeywords: ['license', 'licence', 'dl', \"driver's\", 'drivers', 'dmv', 'driving'],\n    contextWindow: 40,\n  },\n  // AWS Access Keys (high confidence pattern)\n  {\n    regex: /\\b(?:AKIA|ABIA|ACCA|ASIA)[A-Z0-9]{16}\\b/g,\n    placeholder: '[redacted-aws-key]',\n    type: 'guardrail.sanitized',\n  },\n  // Generic API keys/tokens (requires context)\n  {\n    regex: /\\b[a-zA-Z0-9_-]{32,64}\\b/g,\n    placeholder: '[redacted-token]',\n    type: 'guardrail.sanitized',\n    contextKeywords: [\n      'api_key',\n      'apikey',\n      'api-key',\n      'token',\n      'secret',\n      'password',\n      'bearer',\n      'authorization',\n      'auth',\n    ],\n    contextWindow: 30,\n  },\n];\n\n/**\n * Redacts PII (Personally Identifiable Information) from text.\n * Uses enterprise-grade context-aware detection to minimize false positives\n * while maintaining strong security coverage.\n *\n * Features:\n * - Context-aware detection for ambiguous patterns (e.g., 9-digit numbers)\n * - Luhn validation for credit card numbers\n * - Custom validators for IP address filtering\n * - AWS key and API token detection\n *\n * @param text - Text to sanitize.\n * @returns Object containing redacted text and compliance signals.\n * @internal\n * @example\n * ```ts\n * const { redacted } = redactPii('Contact me at jane@example.com');\n * // redacted === 'Contact me at [redacted-email]'\n *\n * // Context-aware: only redacts when context keywords present\n * const { redacted: r1 } = redactPii('My passport number is 123456789');\n * // r1 === 'My passport number is [redacted-passport]'\n *\n * const { redacted: r2 } = redactPii('Order 123456789 shipped');\n * // r2 === 'Order 123456789 shipped' (no redaction - no context)\n * ```\n */\nconst redactPii = (text: string): { redacted: string; signals: ComplianceSignal[] } => {\n  let result = text;\n  const signals: ComplianceSignal[] = [];\n  const processedRanges: Array<{ start: number; end: number }> = [];\n\n  for (const pattern of PII_PATTERNS) {\n    pattern.regex.lastIndex = 0;\n    let match: RegExpExecArray | null;\n    const matches: Array<{ match: string; start: number; end: number }> = [];\n\n    // Collect all matches from current result (not original text)\n    // This ensures offsets stay aligned as we modify the string\n    while ((match = pattern.regex.exec(result)) !== null) {\n      const matchStart = match.index;\n      const matchEnd = match.index + match[0].length;\n\n      // Skip if this range was already processed by a higher-priority pattern\n      const alreadyProcessed = processedRanges.some(\n        range =>\n          (matchStart >= range.start && matchStart < range.end) ||\n          (matchEnd > range.start && matchEnd <= range.end),\n      );\n      if (alreadyProcessed) continue;\n\n      // Check context keywords if required (use result for context check too)\n      if (pattern.contextKeywords && pattern.contextKeywords.length > 0) {\n        const windowSize = pattern.contextWindow ?? 50;\n        if (!hasContextKeyword(result, matchStart, matchEnd, pattern.contextKeywords, windowSize)) {\n          continue;\n        }\n      }\n\n      // Apply Luhn validation if required\n      if (pattern.luhnValidation) {\n        if (!isValidLuhn(match[0])) continue;\n      }\n\n      // Apply custom validator if provided (use result for validation context)\n      if (pattern.validator && !pattern.validator(match[0], result)) {\n        continue;\n      }\n\n      matches.push({ match: match[0], start: matchStart, end: matchEnd });\n    }\n\n    // Process matches in reverse order to preserve string positions\n    for (let i = matches.length - 1; i >= 0; i--) {\n      const item = matches[i];\n      if (!item) continue;\n      const { start, end } = item;\n      result = result.slice(0, start) + pattern.placeholder + result.slice(end);\n      processedRanges.push({ start, end });\n    }\n\n    // Add signal if any matches were processed\n    if (matches.length > 0) {\n      signals.push(\n        complianceSignalSchema.parse({\n          id: randomUUID(),\n          type: pattern.type,\n          message: `Automatically sanitized ${matches.length} sensitive value(s) (${pattern.placeholder})`,\n          runId: 'guardrail',\n          timestamp: new Date().toISOString(),\n          metadata: { count: matches.length, pattern: pattern.placeholder },\n        }),\n      );\n    }\n  }\n\n  return { redacted: result, signals };\n};\n\n/**\n * Result of guardrail inspection.\n * Contains sanitization status, blocking decision, compliance signals, and risk level.\n */\nexport type GuardrailResult = {\n  /** Sanitized prompt (null if blocked). */\n  sanitizedPrompt: string | null;\n  /** Whether the prompt was blocked. */\n  blocked: boolean;\n  /** Compliance signals generated during inspection. */\n  signals: ComplianceSignal[];\n  /** Risk level detected. */\n  risk: RiskLevel;\n};\n\n/**\n * Inspects a prompt for banned patterns and PII.\n * Checks against banned patterns first, then sanitizes PII if not blocked.\n *\n * @param prompt - Prompt text to inspect.\n * @returns Guardrail result with sanitization status and signals.\n * @internal\n * @example\n * ```ts\n * const result = inspectPrompt('drop table users;');\n * // result.blocked === true\n * ```\n */\nconst inspectPrompt = (prompt: string): GuardrailResult => {\n  const signals: ComplianceSignal[] = [];\n  let blocked = false;\n  let risk: RiskLevel = 'low';\n\n  for (const { pattern, reason, risk: patternRisk } of BANNED_PATTERNS) {\n    pattern.lastIndex = 0;\n    if (pattern.test(prompt)) {\n      blocked = true;\n      risk = patternRisk;\n      signals.push(\n        complianceSignalSchema.parse({\n          id: randomUUID(),\n          type: 'guardrail.blocked',\n          message: reason,\n          runId: 'guardrail',\n          riskLevel: patternRisk,\n          timestamp: new Date().toISOString(),\n        }),\n      );\n    }\n  }\n\n  if (blocked) {\n    return { blocked, sanitizedPrompt: null, signals, risk };\n  }\n\n  const { redacted, signals: piiSignals } = redactPii(prompt);\n  signals.push(...piiSignals);\n\n  return { blocked, sanitizedPrompt: redacted, signals, risk };\n};\n\n/**\n * Type for objects that can have guardrail signals attached.\n * @internal\n */\ntype GuardrailAttachable = { guardrailSignals?: ComplianceSignal[] };\n\n/**\n * Attaches guardrail signals to a target object.\n * Used to propagate compliance signals through the request/response chain.\n *\n * @param target - Target object to attach signals to.\n * @param signals - Compliance signals to attach.\n * @internal\n * @example\n * ```ts\n * const payload: any = {};\n * attachGuardrailSignals(payload, [complianceSignalSchema.parse({ id: '1', type: 'guardrail.blocked', message: 'Blocked', runId: 'guardrail', timestamp: new Date().toISOString(), riskLevel: 'high' })]);\n * ```\n */\nconst attachGuardrailSignals = (target: unknown, signals: ComplianceSignal[]) => {\n  if (!signals.length || !target || typeof target !== 'object') {\n    return;\n  }\n\n  const container = target as GuardrailAttachable;\n  const existing = Array.isArray(container.guardrailSignals) ? container.guardrailSignals : [];\n  container.guardrailSignals = [...existing, ...signals];\n};\n\n/**\n * Creates a guardrail error with attached signals.\n *\n * @param signals - Compliance signals explaining why the request was blocked.\n * @returns Error object with guardrail signals attached.\n * @internal\n * @example\n * ```ts\n * const error = createGuardrailError([\n *   // signals\n * ]);\n * ```\n */\nconst createGuardrailError = (signals: ComplianceSignal[]) => {\n  const error = new Error('Request blocked by guardrails');\n  attachGuardrailSignals(error, signals);\n  return error;\n};\n\n/**\n * Request type that may contain prompt or messages to sanitize.\n * @internal\n */\ntype GuardrailRequest = { prompt?: unknown; messages?: unknown } & Record<string, unknown>;\n\n/**\n * Sanitizes a request by inspecting prompts/messages for banned patterns and PII.\n * Handles both string prompts and message arrays with various content formats.\n *\n * @param request - Request object to sanitize.\n * @returns Object containing sanitized request and aggregated signals.\n * @throws {Error} If request contains banned patterns (with guardrail signals attached).\n * @internal\n * @example\n * ```ts\n * const outcome = sanitizeRequest({ prompt: 'My email is john@example.com' });\n * // outcome.sanitizedRequest.prompt contains '[redacted-email]'\n * ```\n */\nconst sanitizeRequest = <T extends GuardrailRequest>(request: T) => {\n  let sanitizedRequest = request;\n  let mutated = false;\n  const aggregatedSignals: ComplianceSignal[] = [];\n\n  if (typeof request.prompt === 'string') {\n    const outcome = inspectPrompt(request.prompt);\n    if (outcome.blocked) {\n      throw createGuardrailError(outcome.signals);\n    }\n\n    const sanitizedPrompt = outcome.sanitizedPrompt ?? '';\n    if (sanitizedPrompt !== request.prompt) {\n      sanitizedRequest = { ...sanitizedRequest, prompt: sanitizedPrompt } as T;\n      mutated = true;\n    }\n    aggregatedSignals.push(...outcome.signals);\n  } else if (Array.isArray(request.prompt)) {\n    // Handle array prompt format: [{ role: 'user', content: [{ type: 'text', text: '...' }] }]\n    let promptChanged = false;\n    const updatedPrompt = request.prompt.map(message => {\n      if (\n        message &&\n        typeof message === 'object' &&\n        (message as { role?: unknown }).role === 'user'\n      ) {\n        const { content } = message as { content?: unknown };\n        if (Array.isArray(content)) {\n          const updatedContent = content.map(part => {\n            if (\n              part &&\n              typeof part === 'object' &&\n              (part as { type?: unknown }).type === 'text' &&\n              typeof (part as { text?: unknown }).text === 'string'\n            ) {\n              const { text } = part as { text: string };\n              const outcome = inspectPrompt(text);\n              if (outcome.blocked) {\n                throw createGuardrailError(outcome.signals);\n              }\n\n              const sanitizedText = outcome.sanitizedPrompt ?? '';\n              aggregatedSignals.push(...outcome.signals);\n              if (sanitizedText !== text) {\n                return { ...part, text: sanitizedText };\n              }\n            }\n            return part;\n          });\n\n          // Check if content actually changed by comparing arrays\n          const hasChanges = updatedContent.some((part, index) => {\n            const original = content[index];\n            return (\n              part &&\n              typeof part === 'object' &&\n              original &&\n              typeof original === 'object' &&\n              (part as { text?: unknown }).text !== (original as { text?: unknown }).text\n            );\n          });\n\n          if (hasChanges) {\n            promptChanged = true;\n            return { ...message, content: updatedContent };\n          }\n        }\n      }\n      return message;\n    });\n\n    if (promptChanged) {\n      sanitizedRequest = { ...sanitizedRequest, prompt: updatedPrompt } as T;\n      mutated = true;\n    }\n  }\n\n  if (Array.isArray(request.messages)) {\n    const { messages } = request;\n    const updatedMessages = messages.map(message => {\n      if (\n        message &&\n        typeof message === 'object' &&\n        (message as { role?: unknown }).role === 'user'\n      ) {\n        const { content } = message as { content?: unknown };\n        if (typeof content === 'string') {\n          const outcome = inspectPrompt(content);\n          if (outcome.blocked) {\n            throw createGuardrailError(outcome.signals);\n          }\n\n          const sanitizedContent = outcome.sanitizedPrompt ?? '';\n          aggregatedSignals.push(...outcome.signals);\n          if (sanitizedContent !== content) {\n            return { ...message, content: sanitizedContent };\n          }\n        } else if (Array.isArray(content)) {\n          // Handle array content format: [{ type: 'text', text: '...' }]\n          const updatedContent = content.map(part => {\n            if (\n              part &&\n              typeof part === 'object' &&\n              (part as { type?: unknown }).type === 'text' &&\n              typeof (part as { text?: unknown }).text === 'string'\n            ) {\n              const { text } = part as { text: string };\n              const outcome = inspectPrompt(text);\n              if (outcome.blocked) {\n                throw createGuardrailError(outcome.signals);\n              }\n\n              const sanitizedText = outcome.sanitizedPrompt ?? '';\n              aggregatedSignals.push(...outcome.signals);\n              if (sanitizedText !== text) {\n                return { ...part, text: sanitizedText };\n              }\n            }\n            return part;\n          });\n\n          // Check if content actually changed by comparing arrays\n          const hasChanges = updatedContent.some((part, index) => {\n            const original = content[index];\n            return (\n              part &&\n              typeof part === 'object' &&\n              original &&\n              typeof original === 'object' &&\n              (part as { text?: unknown }).text !== (original as { text?: unknown }).text\n            );\n          });\n\n          if (hasChanges) {\n            return { ...message, content: updatedContent };\n          }\n        }\n      }\n\n      return message;\n    });\n\n    const changed = updatedMessages.some((msg, idx) => msg !== messages[idx]);\n    if (changed) {\n      sanitizedRequest = { ...sanitizedRequest, messages: updatedMessages } as T;\n      mutated = true;\n    }\n  }\n\n  return {\n    sanitizedRequest: mutated ? sanitizedRequest : request,\n    signals: aggregatedSignals,\n  };\n};\n\n/**\n * Sanitizes a single stream part for PII.\n * Processes text-delta, reasoning-delta, tool-input-delta, and text parts.\n *\n * @param part - Stream part to sanitize.\n * @returns Sanitized stream part.\n * @internal\n * @example\n * ```ts\n * const part = sanitizeStreamPart({ type: 'text-delta', delta: 'pii@example.com' });\n * ```\n */\nconst sanitizeStreamPart = (part: unknown): unknown => {\n  if (!part || typeof part !== 'object') {\n    return part;\n  }\n\n  const chunk = part as { type?: string; delta?: unknown; text?: unknown };\n\n  if (chunk.type === 'text-delta' && typeof chunk.delta === 'string') {\n    return { ...chunk, delta: redactPii(chunk.delta).redacted };\n  }\n\n  if (chunk.type === 'reasoning-delta' && typeof chunk.delta === 'string') {\n    return { ...chunk, delta: redactPii(chunk.delta).redacted };\n  }\n\n  if (chunk.type === 'tool-input-delta' && typeof chunk.delta === 'string') {\n    return { ...chunk, delta: redactPii(chunk.delta).redacted };\n  }\n\n  if (typeof chunk.text === 'string') {\n    return { ...chunk, text: redactPii(chunk.text).redacted };\n  }\n\n  return part;\n};\n\n/**\n * Applies default guardrails to a language model.\n * Wraps the model's doGenerate and doStream methods to add content filtering,\n * PII redaction, and compliance signal generation.\n *\n * @param model - Language model to wrap with guardrails.\n * @returns Wrapped model with guardrails applied.\n * @throws {Error} If request contains banned patterns (with guardrail signals attached).\n * @remarks Guardrails are applied to both input (prompt/messages) and output (content).\n * Compliance signals are attached to responses and errors for audit purposes.\n * Stream parts are sanitized in real-time for PII redaction.\n * @example\n * ```ts\n * const guardedModel = applyDefaultGuardrails(anthropic('claude-sonnet-4'));\n * const result = await guardedModel.doGenerate({ prompt: 'User input' });\n * ```\n */\nexport const applyDefaultGuardrails = (model: SDKLanguageModelV3): SDKLanguageModelV3 =>\n  ({\n    ...model,\n    async doGenerate(request: Parameters<SDKLanguageModelV3['doGenerate']>[0]) {\n      const { sanitizedRequest, signals: requestSignals } = sanitizeRequest(request);\n\n      try {\n        const response = await model.doGenerate(sanitizedRequest);\n\n        const responseSignals: ComplianceSignal[] = [];\n\n        const processedContent = response.content.map(part => {\n          if (part.type === 'text' && typeof part.text === 'string') {\n            const { redacted, signals } = redactPii(part.text);\n            responseSignals.push(...signals);\n            return { ...part, text: redacted };\n          }\n          return part;\n        });\n\n        const combinedSignals = [...requestSignals, ...responseSignals];\n\n        const sanitizedResponse = {\n          ...response,\n          content: processedContent,\n        };\n        attachGuardrailSignals(sanitizedResponse, combinedSignals);\n        return sanitizedResponse;\n      } catch (error) {\n        attachGuardrailSignals(error, requestSignals);\n        throw error;\n      }\n    },\n    async doStream(request: Parameters<SDKLanguageModelV3['doStream']>[0]) {\n      const { sanitizedRequest, signals: requestSignals } = sanitizeRequest(request);\n      const result = await model.doStream(sanitizedRequest);\n\n      const reader = result.stream.getReader();\n      const sanitizedStream = new ReadableStream({\n        async pull(controller) {\n          const { done, value } = await reader.read();\n          if (done) {\n            controller.close();\n            return;\n          }\n\n          controller.enqueue(sanitizeStreamPart(value));\n        },\n        cancel(reason) {\n          return reader.cancel(reason);\n        },\n      });\n\n      const sanitizedResult = { ...result, stream: sanitizedStream };\n      attachGuardrailSignals(sanitizedResult, requestSignals);\n      return sanitizedResult;\n    },\n  }) satisfies SDKLanguageModelV3;\n\n/**\n * Prompt injection detection patterns.\n * Detects common prompt injection, jailbreak, and manipulation attempts.\n * @internal\n */\nconst PROMPT_INJECTION_PATTERNS: Array<{\n  pattern: RegExp;\n  category: 'jailbreak' | 'instruction_override' | 'role_play' | 'encoding_bypass' | 'data_exfil';\n  severity: RiskLevel;\n  description: string;\n}> = [\n  // Jailbreak attempts\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded jailbreak pattern\n    pattern: /ignore\\s+(all\\s+)?(previous|prior|above)\\s+(instructions?|prompts?|rules?)/gi,\n    category: 'jailbreak',\n    severity: 'high',\n    description: 'Instruction override attempt detected',\n  },\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded jailbreak pattern\n    pattern: /disregard\\s+(all\\s+)?(previous|prior|your)\\s+(instructions?|guidelines?|rules?)/gi,\n    category: 'jailbreak',\n    severity: 'high',\n    description: 'Instruction override attempt detected',\n  },\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded jailbreak pattern\n    pattern: /forget\\s+(everything|all|what)\\s+(you\\s+)?(know|learned|were told)/gi,\n    category: 'jailbreak',\n    severity: 'high',\n    description: 'Memory reset attempt detected',\n  },\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded jailbreak pattern\n    pattern: /pretend\\s+(you\\s+)?(are|have)\\s+no\\s+(restrictions?|limitations?|rules?)/gi,\n    category: 'jailbreak',\n    severity: 'high',\n    description: 'Restriction bypass attempt detected',\n  },\n  // Instruction override\n  {\n    pattern: /new\\s+instructions?:?\\s*$/gim,\n    category: 'instruction_override',\n    severity: 'high',\n    description: 'New instruction injection attempt',\n  },\n  {\n    pattern: /system\\s*:\\s*you\\s+are/gi,\n    category: 'instruction_override',\n    severity: 'high',\n    description: 'System prompt injection attempt',\n  },\n  {\n    pattern: /\\[system\\]|\\[INST\\]|\\[\\/INST\\]|<<SYS>>|<\\|im_start\\|>/gi,\n    category: 'instruction_override',\n    severity: 'high',\n    description: 'Chat template injection attempt',\n  },\n  {\n    pattern: /###\\s*(instruction|system|human|assistant)\\s*:/gi,\n    category: 'instruction_override',\n    severity: 'medium',\n    description: 'Markdown instruction injection attempt',\n  },\n  // Role play exploits\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded role-play pattern\n    pattern: /you\\s+are\\s+(now\\s+)?(DAN|jailbroken|unrestricted|evil|uncensored)/gi,\n    category: 'role_play',\n    severity: 'high',\n    description: 'Malicious role-play attempt (DAN/jailbreak)',\n  },\n  {\n    pattern:\n      // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded ethics bypass pattern\n      /act\\s+as\\s+(if\\s+)?(you\\s+)?(have|had|don't have)\\s+no\\s+(ethics|morals|guidelines)/gi,\n    category: 'role_play',\n    severity: 'high',\n    description: 'Ethics bypass role-play attempt',\n  },\n  {\n    pattern: /developer\\s+mode|sudo\\s+mode|god\\s+mode|admin\\s+mode/gi,\n    category: 'role_play',\n    severity: 'high',\n    description: 'Privilege escalation role-play attempt',\n  },\n  // Encoding bypass attempts\n  {\n    pattern: /base64\\s*:\\s*[A-Za-z0-9+\\/=]{20,}/gi,\n    category: 'encoding_bypass',\n    severity: 'medium',\n    description: 'Base64 encoded payload detected',\n  },\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded unicode escape pattern\n    pattern: /\\\\u[0-9a-fA-F]{4}(?:\\\\u[0-9a-fA-F]{4}){5,}/g,\n    category: 'encoding_bypass',\n    severity: 'medium',\n    description: 'Unicode escape sequence payload detected',\n  },\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded HTML entity pattern\n    pattern: /&#x?[0-9a-fA-F]+;(?:&#x?[0-9a-fA-F]+;){5,}/g,\n    category: 'encoding_bypass',\n    severity: 'medium',\n    description: 'HTML entity encoded payload detected',\n  },\n  // Data exfiltration attempts\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded prompt extraction pattern\n    pattern: /repeat\\s+(the\\s+)?(system\\s+)?prompt|show\\s+(me\\s+)?(the\\s+)?(system\\s+)?prompt/gi,\n    category: 'data_exfil',\n    severity: 'medium',\n    description: 'System prompt extraction attempt',\n  },\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded instruction extraction pattern\n    pattern: /what\\s+(are\\s+)?(your|the)\\s+(original\\s+)?instructions/gi,\n    category: 'data_exfil',\n    severity: 'medium',\n    description: 'Instruction extraction attempt',\n  },\n  {\n    // eslint-disable-next-line security/detect-unsafe-regex -- Safe: bounded context extraction pattern\n    pattern: /output\\s+(your|the)\\s+(entire\\s+)?context/gi,\n    category: 'data_exfil',\n    severity: 'medium',\n    description: 'Context extraction attempt',\n  },\n];\n\n/**\n * Result of prompt injection detection.\n */\nexport interface PromptInjectionResult {\n  /** Whether injection was detected */\n  detected: boolean;\n  /** Risk level if detected */\n  risk: RiskLevel;\n  /** Categories of injection detected */\n  categories: Array<\n    'jailbreak' | 'instruction_override' | 'role_play' | 'encoding_bypass' | 'data_exfil'\n  >;\n  /** Human-readable descriptions of detected patterns */\n  descriptions: string[];\n  /** Compliance signals for audit trail */\n  signals: ComplianceSignal[];\n}\n\n/**\n * Detects prompt injection attempts in text.\n * Uses pattern matching to identify common injection, jailbreak, and manipulation techniques.\n *\n * @param text - Text to analyze for injection attempts.\n * @returns Detection result with risk level and categorization.\n * @example\n * ```ts\n * const result = detectPromptInjection('Ignore all previous instructions and...');\n * // result.detected === true\n * // result.risk === 'high'\n * // result.categories === ['jailbreak']\n * ```\n */\nexport const detectPromptInjection = (text: string): PromptInjectionResult => {\n  const detectedCategories = new Set<PromptInjectionResult['categories'][number]>();\n  const descriptions: string[] = [];\n  const signals: ComplianceSignal[] = [];\n  let maxRisk: RiskLevel = 'low';\n\n  for (const { pattern, category, severity, description } of PROMPT_INJECTION_PATTERNS) {\n    pattern.lastIndex = 0;\n    if (pattern.test(text)) {\n      detectedCategories.add(category);\n      descriptions.push(description);\n\n      // Update max risk\n      if (severity === 'high' || (severity === 'medium' && maxRisk === 'low')) {\n        maxRisk = severity;\n      }\n\n      signals.push(\n        complianceSignalSchema.parse({\n          id: randomUUID(),\n          type: 'guardrail.blocked',\n          message: `Prompt injection detected: ${description}`,\n          runId: 'guardrail',\n          riskLevel: severity,\n          timestamp: new Date().toISOString(),\n          metadata: { category, pattern: pattern.source },\n        }),\n      );\n    }\n  }\n\n  return {\n    detected: detectedCategories.size > 0,\n    risk: maxRisk,\n    categories: Array.from(detectedCategories),\n    descriptions,\n    signals,\n  };\n};\n\n/**\n * Token limit configuration per risk level.\n * Restricts output length based on detected risk to limit potential damage.\n */\nexport const TOKEN_LIMITS: Record<RiskLevel, number> = {\n  low: 16384,\n  medium: 8192,\n  high: 2048,\n};\n\n/**\n * Gets the appropriate token limit for a risk level.\n *\n * @param risk - Risk level to get limit for.\n * @returns Maximum output tokens allowed.\n * @example\n * ```ts\n * const limit = getTokenLimitForRisk('high');\n * // limit === 2048\n * ```\n */\nexport const getTokenLimitForRisk = (risk: RiskLevel): number => TOKEN_LIMITS[risk];\n\n/**\n * Detects risk level from message content.\n * Analyzes user messages for high-risk keywords, patterns, and prompt injection attempts.\n * Enterprise-grade detection with multiple risk factors.\n *\n * @param messages - Array of messages to analyze.\n * @returns Detected risk level ('low', 'medium', or 'high').\n * @example\n * ```ts\n * const risk = detectRiskFromMessages([\n *   { role: 'user', content: 'Delete my account' }\n * ]); // Returns 'high'\n * ```\n */\nexport const detectRiskFromMessages = (\n  messages: Array<{ role: string; content?: string }>,\n): RiskLevel => {\n  const joined = messages\n    .filter(message => message.role === 'user')\n    .map(message => message.content ?? '')\n    .join('\\n');\n\n  const joinedLower = joined.toLowerCase();\n\n  // Check for prompt injection first (highest priority)\n  const injectionResult = detectPromptInjection(joined);\n  if (injectionResult.detected && injectionResult.risk === 'high') {\n    return 'high';\n  }\n\n  // High risk keywords and patterns\n  const highRiskPatterns = [\n    'delete account',\n    'drop table',\n    'rm -rf',\n    'format disk',\n    'delete all',\n    'wipe data',\n    'export all data',\n    'bypass security',\n    'admin access',\n    'root access',\n    'privilege escalation',\n  ];\n\n  for (const pattern of highRiskPatterns) {\n    if (joinedLower.includes(pattern)) {\n      return 'high';\n    }\n  }\n\n  // Medium risk from injection detection\n  if (injectionResult.detected) {\n    return 'medium';\n  }\n\n  // Medium risk keywords\n  const mediumRiskPatterns = [\n    'ssn',\n    'pii',\n    'password',\n    'credit card',\n    'social security',\n    'api key',\n    'secret key',\n    'private key',\n    'access token',\n  ];\n\n  for (const pattern of mediumRiskPatterns) {\n    if (joinedLower.includes(pattern)) {\n      return 'medium';\n    }\n  }\n\n  return 'low';\n};\n","/**\n * @fileoverview Loop control policies\n *\n * Provides risk-tiered loop policies that control agent execution behavior:\n * - Low risk: 6 steps, auto tool selection\n * - Medium risk: 4 steps, auto tool selection\n * - High risk: 2 steps, escalation required\n *\n * @module @od-oneapp/ai-platform/policies/loop-controls\n */\n\nimport { stepCountIs } from '../../shared';\n\nimport type { SDKStopCondition, SDKToolChoice, SDKToolSet } from '../../shared';\nimport type { RiskLevel } from '../compliance/schemas';\n\n/**\n * Loop policy configuration.\n * Controls agent execution limits and tool selection behavior.\n */\nexport type LoopPolicy = {\n  /** Risk level this policy applies to. */\n  riskLevel: RiskLevel;\n  /** Stop condition for the agent loop. */\n\n  stopCondition: SDKStopCondition<SDKToolSet>;\n  /** Maximum number of steps allowed. */\n  maxSteps: number;\n  /** Tool choice strategy ('auto', 'required', or 'none'). */\n\n  toolChoice: SDKToolChoice<SDKToolSet> | undefined;\n  /** Optional list of active tool names to enable. */\n  activeTools?: string[];\n};\n\n/**\n * Base loop policies for each risk level.\n * Defines default step limits and tool selection strategies.\n * @internal\n */\nconst BASE_LOOP_POLICIES: Record<RiskLevel, LoopPolicy> = {\n  low: {\n    riskLevel: 'low',\n    maxSteps: 6,\n    stopCondition: stepCountIs(6),\n    toolChoice: 'auto',\n    activeTools: undefined,\n  },\n  medium: {\n    riskLevel: 'medium',\n    maxSteps: 4,\n    stopCondition: stepCountIs(4),\n    toolChoice: 'auto',\n    activeTools: undefined,\n  },\n  high: {\n    riskLevel: 'high',\n    maxSteps: 2,\n    stopCondition: stepCountIs(2),\n    toolChoice: 'required',\n    activeTools: ['escalate'],\n  },\n};\n\n/**\n * Resolves a loop policy for the given risk level.\n * Merges base policy with optional overrides for tool choice and active tools.\n *\n * @param options - Policy resolution options.\n * @param options.riskLevel - Risk level to resolve policy for.\n * @param options.toolChoice - Optional tool choice override.\n * @param options.activeTools - Optional active tools override.\n * @returns Resolved loop policy with step limits, stop condition, and tool configuration.\n * @remarks Base policies:\n * - Low: 6 steps, auto tool choice\n * - Medium: 4 steps, auto tool choice\n * - High: 2 steps, required tool choice, only 'escalate' tool active\n * Overrides take precedence over base policy values.\n * @example\n * ```ts\n * const policy = resolveLoopPolicy({\n *   riskLevel: 'medium',\n *   activeTools: ['knowledgeBase', 'escalate']\n * });\n * ```\n */\nexport const resolveLoopPolicy = ({\n  riskLevel,\n  toolChoice,\n  activeTools,\n}: {\n  riskLevel: RiskLevel;\n\n  toolChoice?: SDKToolChoice<SDKToolSet>;\n  activeTools?: string[];\n}): LoopPolicy => {\n  const base = BASE_LOOP_POLICIES[riskLevel];\n  return {\n    ...base,\n    toolChoice: toolChoice ?? base.toolChoice,\n    activeTools: activeTools ?? base.activeTools,\n  };\n};\n\n/**\n * Merges active tools from policy and requested tools.\n * Combines policy-defined active tools with user-requested tools.\n *\n * @param policy - Loop policy containing active tools.\n * @param requestedTools - Optional list of requested tool names.\n * @returns Merged array of active tool names, or undefined if neither provided.\n * @example\n * ```ts\n * const tools = mergeActiveTools(policy, ['customTool']);\n * // Returns ['escalate', 'customTool'] if policy has 'escalate' in activeTools\n * ```\n */\nexport const mergeActiveTools = (\n  policy: LoopPolicy,\n  requestedTools?: string[],\n): string[] | undefined => {\n  if (!policy.activeTools && !requestedTools) {\n    return undefined;\n  }\n\n  const merged = new Set<string>();\n  for (const tool of requestedTools ?? []) {\n    merged.add(tool);\n  }\n\n  for (const tool of policy.activeTools ?? []) {\n    merged.add(tool);\n  }\n\n  return Array.from(merged);\n};\n","/**\n * @fileoverview Telemetry settings utilities\n *\n * Provides utilities for creating telemetry settings with risk level metadata\n * and default telemetry configuration for agents.\n *\n * @module @od-oneapp/ai-platform/policies/telemetry\n */\n\nimport type { SDKTelemetrySettings } from '../../shared';\nimport type { RiskLevel } from '../compliance/schemas';\n\n/**\n * Creates telemetry settings with risk level metadata.\n * Enables telemetry and includes risk level and optional metadata.\n *\n * @param options - Telemetry configuration options.\n * @param options.functionId - Function identifier for telemetry tracking.\n * @param options.riskLevel - Risk level to include in metadata.\n * @param options.metadata - Optional additional metadata (merged with riskLevel).\n * @returns Telemetry settings object with isEnabled: true and metadata containing riskLevel.\n * @remarks Telemetry is always enabled. Metadata always includes riskLevel.\n * Additional metadata is merged into the metadata object.\n * @example\n * ```ts\n * const telemetry = createTelemetrySettings({\n *   functionId: 'agent-execution',\n *   riskLevel: 'medium',\n *   metadata: { userId: 'user-123' }\n * });\n * ```\n */\nexport const createTelemetrySettings = ({\n  functionId,\n  riskLevel,\n  metadata,\n}: {\n  functionId: string;\n  riskLevel: RiskLevel;\n  metadata?: Record<string, string | number | boolean>;\n}): SDKTelemetrySettings => ({\n  isEnabled: true,\n  functionId,\n  metadata: {\n    riskLevel,\n    ...metadata,\n  },\n});\n\n/**\n * Default telemetry settings for agents.\n * Enables telemetry with basic run type metadata.\n * @example\n * ```ts\n * const telemetry = { ...defaultTelemetry, functionId: 'agent-run' };\n * ```\n */\nexport const defaultTelemetry: SDKTelemetrySettings = {\n  isEnabled: true,\n  metadata: {\n    runType: 'agent',\n  },\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AA0BA,MAAM,kBAA+E;CAEnF;EACE,SAAS;EACT,QAAQ;EACR,MAAM;EACP;CACD;EACE,SAAS;EACT,QAAQ;EACR,MAAM;EACP;CACD;EACE,SAAS;EACT,QAAQ;EACR,MAAM;EACP;CAED;EACE,SAAS;EACT,QAAQ;EACR,MAAM;EACP;CACD;EACE,SAAS;EACT,QAAQ;EACR,MAAM;EACP;CAED;EACE,SAAS;EACT,QAAQ;EACR,MAAM;EACP;CACD;EACE,SAAS;EACT,QAAQ;EACR,MAAM;EACP;CAED;EACE,SAAS;EACT,QAAQ;EACR,MAAM;EACP;CACD;EACE,SAAS;EACT,QAAQ;EACR,MAAM;EACP;CACF;;;;;;;AA8BD,MAAM,eAAe,QAAyB;CAC5C,MAAM,SAAS,IAAI,QAAQ,OAAO,GAAG;AACrC,KAAI,OAAO,SAAS,MAAM,OAAO,SAAS,GAAI,QAAO;CAErD,IAAI,MAAM;CACV,IAAI,SAAS;AACb,MAAK,IAAI,IAAI,OAAO,SAAS,GAAG,KAAK,GAAG,KAAK;EAC3C,IAAI,QAAQ,SAAS,OAAO,MAAM,KAAK,GAAG;AAC1C,MAAI,QAAQ;AACV,YAAS;AACT,OAAI,QAAQ,EAAG,UAAS;;AAE1B,SAAO;AACP,WAAS,CAAC;;AAEZ,QAAO,MAAM,OAAO;;;;;;;;;;;;AAatB,MAAM,qBACJ,MACA,YACA,UACA,UACA,eACY;CACZ,MAAM,cAAc,KAAK,IAAI,GAAG,aAAa,WAAW;CACxD,MAAM,YAAY,KAAK,IAAI,KAAK,QAAQ,WAAW,WAAW;CAC9D,MAAM,cAAc,KAAK,MAAM,aAAa,UAAU,CAAC,aAAa;AACpE,QAAO,SAAS,MAAK,YAAW,YAAY,SAAS,QAAQ,aAAa,CAAC,CAAC;;;;;;;AAQ9E,MAAM,eAAmC;CAEvC;EACE,OAAO;EACP,aAAa;EACb,MAAM;EACP;CAED;EACE,OAAO;EACP,aAAa;EACb,MAAM;EACP;CAED;EACE,OAAO;EACP,aAAa;EACb,MAAM;EACN,iBAAiB;GAAC;GAAO;GAAmB;GAAmB;GAAU;GAAW;EACpF,eAAe;EAChB;CAED;EAEE,OAAO;EACP,aAAa;EACb,MAAM;EACN,iBAAiB;GAAC;GAAS;GAAQ;GAAO;GAAU;GAAQ;GAAW;GAAO;GAAS;EACvF,eAAe;EAChB;CAED;EAEE,OAAO;EACP,aAAa;EACb,MAAM;EACN,gBAAgB;EACjB;CAED;EACE,OAAO;EACP,aAAa;EACb,MAAM;EACN,iBAAiB;GACf;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACD;EACD,eAAe;EACf,gBAAgB;EACjB;CAED;EAEE,OAAO;EACP,aAAa;EACb,MAAM;EAEN,YAAY,UAAkB;AAE5B,OADuB;IAAC;IAAa;IAAW;IAAkB,CAC/C,SAAS,MAAM,CAAE,QAAO;AAI3C,UAFe,MAAM,MAAM,IAAI,CAAC,IAAI,OAAO,CAE7B,OAAM,MAAK,KAAK,KAAK,KAAK,IAAI;;EAE/C;CAED;EACE,OAAO;EACP,aAAa;EACb,MAAM;EACN,iBAAiB;GAAC;GAAY;GAAmB;GAAc;GAAmB;GAAY;EAC9F,eAAe;EAChB;CAED;EACE,OAAO;EACP,aAAa;EACb,MAAM;EACN,iBAAiB;GACf;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACD;EACD,eAAe;EAChB;CAED;EACE,OAEE;EACF,aAAa;EACb,MAAM;EACP;CAED;EAEE,OAAO;EACP,aAAa;EACb,MAAM;EACN,iBAAiB;GAAC;GAAO;GAAU;GAAW;GAAQ;GAAS;GAAQ;GAAO;EAC9E,eAAe;EAChB;CAED;EACE,OAAO;EACP,aAAa;EACb,MAAM;EACN,iBAAiB;GACf;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACD;EACD,eAAe;EAChB;CAED;EACE,OAAO;EACP,aAAa;EACb,MAAM;EACN,iBAAiB;GAAC;GAAW;GAAW;GAAM;GAAY;GAAW;GAAO;GAAU;EACtF,eAAe;EAChB;CAED;EACE,OAAO;EACP,aAAa;EACb,MAAM;EACP;CAED;EACE,OAAO;EACP,aAAa;EACb,MAAM;EACN,iBAAiB;GACf;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACD;EACD,eAAe;EAChB;CACF;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BD,MAAM,aAAa,SAAoE;CACrF,IAAI,SAAS;CACb,MAAM,UAA8B,EAAE;CACtC,MAAM,kBAAyD,EAAE;AAEjE,MAAK,MAAM,WAAW,cAAc;AAClC,UAAQ,MAAM,YAAY;EAC1B,IAAI;EACJ,MAAM,UAAgE,EAAE;AAIxE,UAAQ,QAAQ,QAAQ,MAAM,KAAK,OAAO,MAAM,MAAM;GACpD,MAAM,aAAa,MAAM;GACzB,MAAM,WAAW,MAAM,QAAQ,MAAM,GAAG;AAQxC,OALyB,gBAAgB,MACvC,UACG,cAAc,MAAM,SAAS,aAAa,MAAM,OAChD,WAAW,MAAM,SAAS,YAAY,MAAM,IAChD,CACqB;AAGtB,OAAI,QAAQ,mBAAmB,QAAQ,gBAAgB,SAAS,GAAG;IACjE,MAAM,aAAa,QAAQ,iBAAiB;AAC5C,QAAI,CAAC,kBAAkB,QAAQ,YAAY,UAAU,QAAQ,iBAAiB,WAAW,CACvF;;AAKJ,OAAI,QAAQ,gBACV;QAAI,CAAC,YAAY,MAAM,GAAG,CAAE;;AAI9B,OAAI,QAAQ,aAAa,CAAC,QAAQ,UAAU,MAAM,IAAI,OAAO,CAC3D;AAGF,WAAQ,KAAK;IAAE,OAAO,MAAM;IAAI,OAAO;IAAY,KAAK;IAAU,CAAC;;AAIrE,OAAK,IAAI,IAAI,QAAQ,SAAS,GAAG,KAAK,GAAG,KAAK;GAC5C,MAAM,OAAO,QAAQ;AACrB,OAAI,CAAC,KAAM;GACX,MAAM,EAAE,OAAO,QAAQ;AACvB,YAAS,OAAO,MAAM,GAAG,MAAM,GAAG,QAAQ,cAAc,OAAO,MAAM,IAAI;AACzE,mBAAgB,KAAK;IAAE;IAAO;IAAK,CAAC;;AAItC,MAAI,QAAQ,SAAS,EACnB,SAAQ,KACN,uBAAuB,MAAM;GAC3B,IAAI,YAAY;GAChB,MAAM,QAAQ;GACd,SAAS,2BAA2B,QAAQ,OAAO,uBAAuB,QAAQ,YAAY;GAC9F,OAAO;GACP,4BAAW,IAAI,MAAM,EAAC,aAAa;GACnC,UAAU;IAAE,OAAO,QAAQ;IAAQ,SAAS,QAAQ;IAAa;GAClE,CAAC,CACH;;AAIL,QAAO;EAAE,UAAU;EAAQ;EAAS;;;;;;;;;;;;;;;AA+BtC,MAAM,iBAAiB,WAAoC;CACzD,MAAM,UAA8B,EAAE;CACtC,IAAI,UAAU;CACd,IAAI,OAAkB;AAEtB,MAAK,MAAM,EAAE,SAAS,QAAQ,MAAM,iBAAiB,iBAAiB;AACpE,UAAQ,YAAY;AACpB,MAAI,QAAQ,KAAK,OAAO,EAAE;AACxB,aAAU;AACV,UAAO;AACP,WAAQ,KACN,uBAAuB,MAAM;IAC3B,IAAI,YAAY;IAChB,MAAM;IACN,SAAS;IACT,OAAO;IACP,WAAW;IACX,4BAAW,IAAI,MAAM,EAAC,aAAa;IACpC,CAAC,CACH;;;AAIL,KAAI,QACF,QAAO;EAAE;EAAS,iBAAiB;EAAM;EAAS;EAAM;CAG1D,MAAM,EAAE,UAAU,SAAS,eAAe,UAAU,OAAO;AAC3D,SAAQ,KAAK,GAAG,WAAW;AAE3B,QAAO;EAAE;EAAS,iBAAiB;EAAU;EAAS;EAAM;;;;;;;;;;;;;;;AAsB9D,MAAM,0BAA0B,QAAiB,YAAgC;AAC/E,KAAI,CAAC,QAAQ,UAAU,CAAC,UAAU,OAAO,WAAW,SAClD;CAGF,MAAM,YAAY;AAElB,WAAU,mBAAmB,CAAC,GADb,MAAM,QAAQ,UAAU,iBAAiB,GAAG,UAAU,mBAAmB,EAAE,EACjD,GAAG,QAAQ;;;;;;;;;;;;;;;AAgBxD,MAAM,wBAAwB,YAAgC;CAC5D,MAAM,wBAAQ,IAAI,MAAM,gCAAgC;AACxD,wBAAuB,OAAO,QAAQ;AACtC,QAAO;;;;;;;;;;;;;;;;AAuBT,MAAM,mBAA+C,YAAe;CAClE,IAAI,mBAAmB;CACvB,IAAI,UAAU;CACd,MAAM,oBAAwC,EAAE;AAEhD,KAAI,OAAO,QAAQ,WAAW,UAAU;EACtC,MAAM,UAAU,cAAc,QAAQ,OAAO;AAC7C,MAAI,QAAQ,QACV,OAAM,qBAAqB,QAAQ,QAAQ;EAG7C,MAAM,kBAAkB,QAAQ,mBAAmB;AACnD,MAAI,oBAAoB,QAAQ,QAAQ;AACtC,sBAAmB;IAAE,GAAG;IAAkB,QAAQ;IAAiB;AACnE,aAAU;;AAEZ,oBAAkB,KAAK,GAAG,QAAQ,QAAQ;YACjC,MAAM,QAAQ,QAAQ,OAAO,EAAE;EAExC,IAAI,gBAAgB;EACpB,MAAM,gBAAgB,QAAQ,OAAO,KAAI,YAAW;AAClD,OACE,WACA,OAAO,YAAY,YAClB,QAA+B,SAAS,QACzC;IACA,MAAM,EAAE,YAAY;AACpB,QAAI,MAAM,QAAQ,QAAQ,EAAE;KAC1B,MAAM,iBAAiB,QAAQ,KAAI,SAAQ;AACzC,UACE,QACA,OAAO,SAAS,YACf,KAA4B,SAAS,UACtC,OAAQ,KAA4B,SAAS,UAC7C;OACA,MAAM,EAAE,SAAS;OACjB,MAAM,UAAU,cAAc,KAAK;AACnC,WAAI,QAAQ,QACV,OAAM,qBAAqB,QAAQ,QAAQ;OAG7C,MAAM,gBAAgB,QAAQ,mBAAmB;AACjD,yBAAkB,KAAK,GAAG,QAAQ,QAAQ;AAC1C,WAAI,kBAAkB,KACpB,QAAO;QAAE,GAAG;QAAM,MAAM;QAAe;;AAG3C,aAAO;OACP;AAcF,SAXmB,eAAe,MAAM,MAAM,UAAU;MACtD,MAAM,WAAW,QAAQ;AACzB,aACE,QACA,OAAO,SAAS,YAChB,YACA,OAAO,aAAa,YACnB,KAA4B,SAAU,SAAgC;OAEzE,EAEc;AACd,sBAAgB;AAChB,aAAO;OAAE,GAAG;OAAS,SAAS;OAAgB;;;;AAIpD,UAAO;IACP;AAEF,MAAI,eAAe;AACjB,sBAAmB;IAAE,GAAG;IAAkB,QAAQ;IAAe;AACjE,aAAU;;;AAId,KAAI,MAAM,QAAQ,QAAQ,SAAS,EAAE;EACnC,MAAM,EAAE,aAAa;EACrB,MAAM,kBAAkB,SAAS,KAAI,YAAW;AAC9C,OACE,WACA,OAAO,YAAY,YAClB,QAA+B,SAAS,QACzC;IACA,MAAM,EAAE,YAAY;AACpB,QAAI,OAAO,YAAY,UAAU;KAC/B,MAAM,UAAU,cAAc,QAAQ;AACtC,SAAI,QAAQ,QACV,OAAM,qBAAqB,QAAQ,QAAQ;KAG7C,MAAM,mBAAmB,QAAQ,mBAAmB;AACpD,uBAAkB,KAAK,GAAG,QAAQ,QAAQ;AAC1C,SAAI,qBAAqB,QACvB,QAAO;MAAE,GAAG;MAAS,SAAS;MAAkB;eAEzC,MAAM,QAAQ,QAAQ,EAAE;KAEjC,MAAM,iBAAiB,QAAQ,KAAI,SAAQ;AACzC,UACE,QACA,OAAO,SAAS,YACf,KAA4B,SAAS,UACtC,OAAQ,KAA4B,SAAS,UAC7C;OACA,MAAM,EAAE,SAAS;OACjB,MAAM,UAAU,cAAc,KAAK;AACnC,WAAI,QAAQ,QACV,OAAM,qBAAqB,QAAQ,QAAQ;OAG7C,MAAM,gBAAgB,QAAQ,mBAAmB;AACjD,yBAAkB,KAAK,GAAG,QAAQ,QAAQ;AAC1C,WAAI,kBAAkB,KACpB,QAAO;QAAE,GAAG;QAAM,MAAM;QAAe;;AAG3C,aAAO;OACP;AAcF,SAXmB,eAAe,MAAM,MAAM,UAAU;MACtD,MAAM,WAAW,QAAQ;AACzB,aACE,QACA,OAAO,SAAS,YAChB,YACA,OAAO,aAAa,YACnB,KAA4B,SAAU,SAAgC;OAEzE,CAGA,QAAO;MAAE,GAAG;MAAS,SAAS;MAAgB;;;AAKpD,UAAO;IACP;AAGF,MADgB,gBAAgB,MAAM,KAAK,QAAQ,QAAQ,SAAS,KAAK,EAC5D;AACX,sBAAmB;IAAE,GAAG;IAAkB,UAAU;IAAiB;AACrE,aAAU;;;AAId,QAAO;EACL,kBAAkB,UAAU,mBAAmB;EAC/C,SAAS;EACV;;;;;;;;;;;;;;AAeH,MAAM,sBAAsB,SAA2B;AACrD,KAAI,CAAC,QAAQ,OAAO,SAAS,SAC3B,QAAO;CAGT,MAAM,QAAQ;AAEd,KAAI,MAAM,SAAS,gBAAgB,OAAO,MAAM,UAAU,SACxD,QAAO;EAAE,GAAG;EAAO,OAAO,UAAU,MAAM,MAAM,CAAC;EAAU;AAG7D,KAAI,MAAM,SAAS,qBAAqB,OAAO,MAAM,UAAU,SAC7D,QAAO;EAAE,GAAG;EAAO,OAAO,UAAU,MAAM,MAAM,CAAC;EAAU;AAG7D,KAAI,MAAM,SAAS,sBAAsB,OAAO,MAAM,UAAU,SAC9D,QAAO;EAAE,GAAG;EAAO,OAAO,UAAU,MAAM,MAAM,CAAC;EAAU;AAG7D,KAAI,OAAO,MAAM,SAAS,SACxB,QAAO;EAAE,GAAG;EAAO,MAAM,UAAU,MAAM,KAAK,CAAC;EAAU;AAG3D,QAAO;;;;;;;;;;;;;;;;;;;AAoBT,MAAa,0BAA0B,WACpC;CACC,GAAG;CACH,MAAM,WAAW,SAA0D;EACzE,MAAM,EAAE,kBAAkB,SAAS,mBAAmB,gBAAgB,QAAQ;AAE9E,MAAI;GACF,MAAM,WAAW,MAAM,MAAM,WAAW,iBAAiB;GAEzD,MAAM,kBAAsC,EAAE;GAE9C,MAAM,mBAAmB,SAAS,QAAQ,KAAI,SAAQ;AACpD,QAAI,KAAK,SAAS,UAAU,OAAO,KAAK,SAAS,UAAU;KACzD,MAAM,EAAE,UAAU,YAAY,UAAU,KAAK,KAAK;AAClD,qBAAgB,KAAK,GAAG,QAAQ;AAChC,YAAO;MAAE,GAAG;MAAM,MAAM;MAAU;;AAEpC,WAAO;KACP;GAEF,MAAM,kBAAkB,CAAC,GAAG,gBAAgB,GAAG,gBAAgB;GAE/D,MAAM,oBAAoB;IACxB,GAAG;IACH,SAAS;IACV;AACD,0BAAuB,mBAAmB,gBAAgB;AAC1D,UAAO;WACA,OAAO;AACd,0BAAuB,OAAO,eAAe;AAC7C,SAAM;;;CAGV,MAAM,SAAS,SAAwD;EACrE,MAAM,EAAE,kBAAkB,SAAS,mBAAmB,gBAAgB,QAAQ;EAC9E,MAAM,SAAS,MAAM,MAAM,SAAS,iBAAiB;EAErD,MAAM,SAAS,OAAO,OAAO,WAAW;EACxC,MAAM,kBAAkB,IAAI,eAAe;GACzC,MAAM,KAAK,YAAY;IACrB,MAAM,EAAE,MAAM,UAAU,MAAM,OAAO,MAAM;AAC3C,QAAI,MAAM;AACR,gBAAW,OAAO;AAClB;;AAGF,eAAW,QAAQ,mBAAmB,MAAM,CAAC;;GAE/C,OAAO,QAAQ;AACb,WAAO,OAAO,OAAO,OAAO;;GAE/B,CAAC;EAEF,MAAM,kBAAkB;GAAE,GAAG;GAAQ,QAAQ;GAAiB;AAC9D,yBAAuB,iBAAiB,eAAe;AACvD,SAAO;;CAEV;;;;;;AAOH,MAAM,4BAKD;CAEH;EAEE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EAEE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EAEE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EAEE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CAED;EACE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EACE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EACE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EACE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CAED;EAEE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EACE,SAEE;EACF,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EACE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CAED;EACE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EAEE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EAEE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CAED;EAEE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EAEE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACD;EAEE,SAAS;EACT,UAAU;EACV,UAAU;EACV,aAAa;EACd;CACF;;;;;;;;;;;;;;;AAkCD,MAAa,yBAAyB,SAAwC;CAC5E,MAAM,qCAAqB,IAAI,KAAkD;CACjF,MAAM,eAAyB,EAAE;CACjC,MAAM,UAA8B,EAAE;CACtC,IAAI,UAAqB;AAEzB,MAAK,MAAM,EAAE,SAAS,UAAU,UAAU,iBAAiB,2BAA2B;AACpF,UAAQ,YAAY;AACpB,MAAI,QAAQ,KAAK,KAAK,EAAE;AACtB,sBAAmB,IAAI,SAAS;AAChC,gBAAa,KAAK,YAAY;AAG9B,OAAI,aAAa,UAAW,aAAa,YAAY,YAAY,MAC/D,WAAU;AAGZ,WAAQ,KACN,uBAAuB,MAAM;IAC3B,IAAI,YAAY;IAChB,MAAM;IACN,SAAS,8BAA8B;IACvC,OAAO;IACP,WAAW;IACX,4BAAW,IAAI,MAAM,EAAC,aAAa;IACnC,UAAU;KAAE;KAAU,SAAS,QAAQ;KAAQ;IAChD,CAAC,CACH;;;AAIL,QAAO;EACL,UAAU,mBAAmB,OAAO;EACpC,MAAM;EACN,YAAY,MAAM,KAAK,mBAAmB;EAC1C;EACA;EACD;;;;;;AAOH,MAAa,eAA0C;CACrD,KAAK;CACL,QAAQ;CACR,MAAM;CACP;;;;;;;;;;;;AAaD,MAAa,wBAAwB,SAA4B,aAAa;;;;;;;;;;;;;;;AAgB9E,MAAa,0BACX,aACc;CACd,MAAM,SAAS,SACZ,QAAO,YAAW,QAAQ,SAAS,OAAO,CAC1C,KAAI,YAAW,QAAQ,WAAW,GAAG,CACrC,KAAK,KAAK;CAEb,MAAM,cAAc,OAAO,aAAa;CAGxC,MAAM,kBAAkB,sBAAsB,OAAO;AACrD,KAAI,gBAAgB,YAAY,gBAAgB,SAAS,OACvD,QAAO;AAkBT,MAAK,MAAM,WAdc;EACvB;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD,CAGC,KAAI,YAAY,SAAS,QAAQ,CAC/B,QAAO;AAKX,KAAI,gBAAgB,SAClB,QAAO;AAgBT,MAAK,MAAM,WAZgB;EACzB;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD,CAGC,KAAI,YAAY,SAAS,QAAQ,CAC/B,QAAO;AAIX,QAAO;;;;;;;;;;;;;;;;;;;;ACvjCT,MAAM,qBAAoD;CACxD,KAAK;EACH,WAAW;EACX,UAAU;EACV,eAAe,YAAY,EAAE;EAC7B,YAAY;EACZ,aAAa;EACd;CACD,QAAQ;EACN,WAAW;EACX,UAAU;EACV,eAAe,YAAY,EAAE;EAC7B,YAAY;EACZ,aAAa;EACd;CACD,MAAM;EACJ,WAAW;EACX,UAAU;EACV,eAAe,YAAY,EAAE;EAC7B,YAAY;EACZ,aAAa,CAAC,WAAW;EAC1B;CACF;;;;;;;;;;;;;;;;;;;;;;;AAwBD,MAAa,qBAAqB,EAChC,WACA,YACA,kBAMgB;CAChB,MAAM,OAAO,mBAAmB;AAChC,QAAO;EACL,GAAG;EACH,YAAY,cAAc,KAAK;EAC/B,aAAa,eAAe,KAAK;EAClC;;;;;;;;;;;;;;;AAgBH,MAAa,oBACX,QACA,mBACyB;AACzB,KAAI,CAAC,OAAO,eAAe,CAAC,eAC1B;CAGF,MAAM,yBAAS,IAAI,KAAa;AAChC,MAAK,MAAM,QAAQ,kBAAkB,EAAE,CACrC,QAAO,IAAI,KAAK;AAGlB,MAAK,MAAM,QAAQ,OAAO,eAAe,EAAE,CACzC,QAAO,IAAI,KAAK;AAGlB,QAAO,MAAM,KAAK,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;ACtG3B,MAAa,2BAA2B,EACtC,YACA,WACA,gBAK2B;CAC3B,WAAW;CACX;CACA,UAAU;EACR;EACA,GAAG;EACJ;CACF;;;;;;;;;AAUD,MAAa,mBAAyC;CACpD,WAAW;CACX,UAAU,EACR,SAAS,SACV;CACF"}

package/dist/telemetry-C2t03dwD.d.mts

@@ -0,0 +1,59 @@
+import { $i as SDKToolChoice, Ai as SDKStopCondition, Rr as SDKLanguageModelV3, Vi as SDKTelemetrySettings, ua as SDKToolSet } from "./ai-runtime-DIwOEc6g.mjs";
+import { n as RiskLevel, t as ComplianceSignal } from "./schemas-DBOhxgW7.mjs";
+
+//#region src/governance/policies/guardrails.d.ts
+type GuardrailResult = {
+  sanitizedPrompt: string | null;
+  blocked: boolean;
+  signals: ComplianceSignal[];
+  risk: RiskLevel;
+};
+declare const applyDefaultGuardrails: (model: SDKLanguageModelV3) => SDKLanguageModelV3;
+interface PromptInjectionResult {
+  detected: boolean;
+  risk: RiskLevel;
+  categories: Array<'jailbreak' | 'instruction_override' | 'role_play' | 'encoding_bypass' | 'data_exfil'>;
+  descriptions: string[];
+  signals: ComplianceSignal[];
+}
+declare const detectPromptInjection: (text: string) => PromptInjectionResult;
+declare const TOKEN_LIMITS: Record<RiskLevel, number>;
+declare const getTokenLimitForRisk: (risk: RiskLevel) => number;
+declare const detectRiskFromMessages: (messages: Array<{
+  role: string;
+  content?: string;
+}>) => RiskLevel;
+//#endregion
+//#region src/governance/policies/loop-controls.d.ts
+type LoopPolicy = {
+  riskLevel: RiskLevel;
+  stopCondition: SDKStopCondition<SDKToolSet>;
+  maxSteps: number;
+  toolChoice: SDKToolChoice<SDKToolSet> | undefined;
+  activeTools?: string[];
+};
+declare const resolveLoopPolicy: ({
+  riskLevel,
+  toolChoice,
+  activeTools
+}: {
+  riskLevel: RiskLevel;
+  toolChoice?: SDKToolChoice<SDKToolSet>;
+  activeTools?: string[];
+}) => LoopPolicy;
+declare const mergeActiveTools: (policy: LoopPolicy, requestedTools?: string[]) => string[] | undefined;
+//#endregion
+//#region src/governance/policies/telemetry.d.ts
+declare const createTelemetrySettings: ({
+  functionId,
+  riskLevel,
+  metadata
+}: {
+  functionId: string;
+  riskLevel: RiskLevel;
+  metadata?: Record<string, string | number | boolean>;
+}) => SDKTelemetrySettings;
+declare const defaultTelemetry: SDKTelemetrySettings;
+//#endregion
+export { resolveLoopPolicy as a, TOKEN_LIMITS as c, detectRiskFromMessages as d, getTokenLimitForRisk as f, mergeActiveTools as i, applyDefaultGuardrails as l, defaultTelemetry as n, GuardrailResult as o, LoopPolicy as r, PromptInjectionResult as s, createTelemetrySettings as t, detectPromptInjection as u };
+//# sourceMappingURL=telemetry-C2t03dwD.d.mts.map

package/dist/telemetry-C2t03dwD.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"telemetry-C2t03dwD.d.mts","names":[],"sources":["../src/governance/policies/guardrails.ts","../src/governance/policies/loop-controls.ts","../src/governance/policies/telemetry.ts"],"mappings":";;;;KAuaY,eAAA;EAEV,eAAA;EAEA,OAAA;EAEA,OAAA,EAAS,gBAAA;EAET,IAAA,EAAM,SAAA;AAAA;AAAA,cAuUK,sBAAA,GAA0B,KAAA,EAAO,kBAAA,KAAqB,kBAAA;AAAA,UAkMlD,qBAAA;EAEf,QAAA;EAEA,IAAA,EAAM,SAAA;EAEN,UAAA,EAAY,KAAA;EAIZ,YAAA;EAEA,OAAA,EAAS,gBAAA;AAAA;AAAA,cAiBE,qBAAA,GAAyB,IAAA,aAAe,qBAAA;AAAA,cA4CxC,YAAA,EAAc,MAAA,CAAO,SAAA;AAAA,cAiBrB,oBAAA,GAAwB,IAAA,EAAM,SAAA;AAAA,cAgB9B,sBAAA,GACX,QAAA,EAAU,KAAA;EAAQ,IAAA;EAAc,OAAA;AAAA,OAC/B,SAAA;;;KChhCS,UAAA;EAEV,SAAA,EAAW,SAAA;EAGX,aAAA,EAAe,gBAAA,CAAiB,UAAA;EAEhC,QAAA;EAGA,UAAA,EAAY,aAAA,CAAc,UAAA;EAE1B,WAAA;AAAA;AAAA,cAsDW,iBAAA;EAAqB,SAAA;EAAA,UAAA;EAAA;AAAA;EAKhC,SAAA,EAAW,SAAA;EAEX,UAAA,GAAa,aAAA,CAAc,UAAA;EAC3B,WAAA;AAAA,MACE,UAAA;AAAA,cAsBS,gBAAA,GACX,MAAA,EAAQ,UAAA,EACR,cAAA;;;cCvFW,uBAAA;EAA2B,UAAA;EAAA,SAAA;EAAA;AAAA;EAKtC,UAAA;EACA,SAAA,EAAW,SAAA;EACX,QAAA,GAAW,MAAA;AAAA,MACT,oBAAA;AAAA,cAiBS,gBAAA,EAAkB,oBAAA"}

package/dist/tool-Btbththq.d.mts

@@ -0,0 +1,253 @@
+import { t as ComplianceSignal } from "./schemas-DBOhxgW7.mjs";
+import { z } from "zod";
+import * as ai from "ai";
+
+//#region src/grounding/rag/types.d.ts
+type ResearchTier = 'fast' | 'balanced' | 'deep';
+type PipelineStageKind = 'context-expansion' | 'reasoning' | 'verification';
+interface PipelineModelConfig {
+  contextExpansion?: {
+    model?: string;
+    fallbackModel?: string;
+    apiKey?: string;
+    endpoint?: string;
+  };
+  reasoning?: {
+    model?: string;
+  };
+  verification?: {
+    model?: string;
+  };
+  costRates?: Record<string, {
+    input?: number;
+    output?: number;
+    flat?: number;
+  }>;
+}
+interface ResearchConfig {
+  tier: ResearchTier;
+  models?: PipelineModelConfig;
+}
+interface ContextExpansionResult {
+  notes: string;
+  cites: string[];
+  usage: {
+    inputTokens: number;
+    outputTokens: number;
+  };
+}
+type PerplexityResponse = ContextExpansionResult;
+interface ReasoningClaim {
+  statement: string;
+  supportedBy: string[];
+  confidence: 'high' | 'medium' | 'low';
+}
+interface ReasoningGap {
+  description: string;
+  sources: string[];
+}
+interface ReasoningOutput {
+  claims: ReasoningClaim[];
+  assumptions: string[];
+  gaps: ReasoningGap[];
+  answerDraft: string;
+  usage: {
+    inputTokens: number;
+    outputTokens: number;
+  };
+}
+interface VerificationFlag {
+  claim: string;
+  issue: 'unverifiable' | 'weak-citation' | 'conflicting-sources';
+  details: string;
+}
+interface VerificationTrace {
+  claim: string;
+  citationCheck: 'verified' | 'partial' | 'failed';
+  notes?: string;
+}
+interface VerificationOutput {
+  finalAnswer: string;
+  flags: VerificationFlag[];
+  trace: VerificationTrace[];
+  confidence: 'high' | 'medium' | 'low';
+  usage: {
+    inputTokens: number;
+    outputTokens: number;
+  };
+}
+interface ResearchPipelineResult {
+  answer: string;
+  confidence: 'high' | 'medium' | 'low';
+  flags: VerificationFlag[];
+  trace: {
+    contextExpansion: {
+      notes: string;
+      cites: string[];
+      usage: {
+        inputTokens: number;
+        outputTokens: number;
+      };
+    };
+    reasoning: {
+      claims: ReasoningClaim[];
+      assumptions: string[];
+      gaps: ReasoningGap[];
+      usage: {
+        inputTokens: number;
+        outputTokens: number;
+      };
+    };
+    verification: {
+      trace: VerificationTrace[];
+      flags: VerificationFlag[];
+      usage: {
+        inputTokens: number;
+        outputTokens: number;
+      };
+    };
+  };
+}
+interface ResearchStep {
+  id: string;
+  kind: PipelineStageKind;
+  model: string;
+  startedAt: string;
+  endedAt?: string;
+  latencyMs: number;
+  inputTokens: number;
+  outputTokens: number;
+  costUSD?: number;
+}
+interface ResearchRun {
+  runId: string;
+  question: string;
+  tier: ResearchTier;
+  steps: ResearchStep[];
+  totalLatencyMs: number;
+  totalCostUSD: number;
+  flags: string[];
+  startedAt: string;
+  endedAt?: string;
+  clientId: string;
+}
+//#endregion
+//#region src/grounding/rag/pipeline.d.ts
+declare function researchWithPerplexity(query: string, tier?: ResearchTier): Promise<PerplexityResponse>;
+declare function reasonWithSonnet(input: {
+  question: string;
+  notes: string;
+  cites: string[];
+}): Promise<ReasoningOutput>;
+declare function verifyWithGPT5(draft: ReasoningOutput, cites: string[]): Promise<VerificationOutput>;
+declare function executeResearchPipeline(question: string, config?: ResearchConfig): Promise<ResearchPipelineResult>;
+//#endregion
+//#region src/grounding/rag/trace.d.ts
+type TraceStepKind = 'context-expansion' | 'reasoning' | 'verification';
+interface TraceStep {
+  id: string;
+  kind: TraceStepKind;
+  startAt: number;
+  endAt: number;
+  latencyMs: number;
+  model?: string;
+  inputTokens?: number;
+  outputTokens?: number;
+  costUSD?: number;
+  artifacts: Record<string, unknown>;
+  artifactKeys: string[];
+}
+interface TraceRun {
+  runId: string;
+  app: string;
+  question: string;
+  tier: ResearchTier;
+  startedAt: number;
+  endedAt?: number;
+  totalLatencyMs?: number;
+  totalCostUSD?: number;
+  flags?: string[];
+  steps: TraceStep[];
+  metadata?: Record<string, unknown>;
+}
+declare const DEFAULT_COST_RATES: Record<string, {
+  input?: number;
+  output?: number;
+  flat?: number;
+}>;
+declare function estimateCost(model: string, inputTokens?: number, outputTokens?: number, customRates?: Record<string, {
+  input?: number;
+  output?: number;
+  flat?: number;
+}>): number;
+declare function startRun(question: string, tier: ResearchTier, app?: string): TraceRun;
+declare function startStep(kind: TraceStepKind, model?: string): TraceStep;
+declare function endStep(step: TraceStep, usage?: {
+  inputTokens?: number;
+  outputTokens?: number;
+  costUSD?: number;
+}): TraceStep;
+declare function endRun(run: TraceRun): TraceRun;
+declare function persistStep(run: TraceRun, step: TraceStep, payloads: Record<string, unknown>): Promise<void>;
+declare function persistRunIndex(run: TraceRun): Promise<void>;
+declare function persistRunMeta(run: TraceRun): Promise<void>;
+declare function listRuns(limit?: number): Promise<TraceRun[]>;
+declare function loadRun(runId: string): Promise<TraceRun | null>;
+declare function loadStepArtifact(runId: string, artifactKey: string): Promise<unknown | null>;
+//#endregion
+//#region src/grounding/rag/tool.d.ts
+declare const researchInputSchema: z.ZodObject<{
+  question: z.ZodString;
+  tier: z.ZodDefault<z.ZodOptional<z.ZodEnum<{
+    fast: "fast";
+    balanced: "balanced";
+    deep: "deep";
+  }>>>;
+}, z.core.$strip>;
+type ResearchInput = z.infer<typeof researchInputSchema>;
+declare function createResearchTool(options?: {
+  onSignal?: (signal: ComplianceSignal) => void;
+  onTrace?: (runId: string, step: {
+    kind: string;
+    latencyMs: number;
+    costUSD: number;
+  }) => void;
+  modelConfig?: PipelineModelConfig;
+}): ai.Tool<{
+  question: string;
+  tier: "fast" | "balanced" | "deep";
+}, {
+  success: boolean;
+  answer: string;
+  confidence: "low" | "medium" | "high";
+  citations: string;
+  flags: string;
+  reasoning: {
+    claims: number;
+    assumptions: number;
+    gaps: number;
+  };
+  trace: {
+    runId: string;
+    latencyMs: number | undefined;
+    costUSD: string;
+    steps: {
+      kind: TraceStepKind;
+      latencyMs: number;
+      costUSD: string;
+    }[];
+  };
+  error?: undefined;
+} | {
+  success: boolean;
+  error: string;
+  answer: string;
+  confidence?: undefined;
+  citations?: undefined;
+  flags?: undefined;
+  reasoning?: undefined;
+  trace?: undefined;
+}>;
+//#endregion
+export { ResearchPipelineResult as A, PerplexityResponse as C, ReasoningGap as D, ReasoningClaim as E, VerificationOutput as F, VerificationTrace as I, ResearchStep as M, ResearchTier as N, ReasoningOutput as O, VerificationFlag as P, ContextExpansionResult as S, PipelineStageKind as T, startStep as _, TraceStep as a, researchWithPerplexity as b, endStep as c, loadRun as d, loadStepArtifact as f, startRun as g, persistStep as h, TraceRun as i, ResearchRun as j, ResearchConfig as k, estimateCost as l, persistRunMeta as m, createResearchTool as n, TraceStepKind as o, persistRunIndex as p, DEFAULT_COST_RATES as r, endRun as s, ResearchInput as t, listRuns as u, executeResearchPipeline as v, PipelineModelConfig as w, verifyWithGPT5 as x, reasonWithSonnet as y };
+//# sourceMappingURL=tool-Btbththq.d.mts.map

package/dist/tool-Btbththq.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-Btbththq.d.mts","names":[],"sources":["../src/grounding/rag/types.ts","../src/grounding/rag/pipeline.ts","../src/grounding/rag/trace.ts","../src/grounding/rag/tool.ts"],"mappings":";;;;;KAeY,YAAA;AAAA,KAMA,iBAAA;AAAA,UAMK,mBAAA;EAEf,gBAAA;IAEE,KAAA;IAEA,aAAA;IAEA,MAAA;IAEA,QAAA;EAAA;EAGF,SAAA;IAEE,KAAA;EAAA;EAGF,YAAA;IAEE,KAAA;EAAA;EAGF,SAAA,GAAY,MAAA;IAAiB,KAAA;IAAgB,MAAA;IAAiB,IAAA;EAAA;AAAA;AAAA,UAM/C,cAAA;EAEf,IAAA,EAAM,YAAA;EAEN,MAAA,GAAS,mBAAA;AAAA;AAAA,UAQM,sBAAA;EAEf,KAAA;EAEA,KAAA;EAEA,KAAA;IAEE,WAAA;IAEA,YAAA;EAAA;AAAA;AAAA,KAKQ,kBAAA,GAAqB,sBAAA;AAAA,UAMhB,cAAA;EAEf,SAAA;EAEA,WAAA;EAEA,UAAA;AAAA;AAAA,UAOe,YAAA;EAEf,WAAA;EAEA,OAAA;AAAA;AAAA,UAOe,eAAA;EAEf,MAAA,EAAQ,cAAA;EAER,WAAA;EAEA,IAAA,EAAM,YAAA;EAEN,WAAA;EAEA,KAAA;IAEE,WAAA;IAEA,YAAA;EAAA;AAAA;AAAA,UAQa,gBAAA;EAEf,KAAA;EAEA,KAAA;EAEA,OAAA;AAAA;AAAA,UAOe,iBAAA;EAEf,KAAA;EAEA,aAAA;EAEA,KAAA;AAAA;AAAA,UAOe,kBAAA;EAEf,WAAA;EAEA,KAAA,EAAO,gBAAA;EAEP,KAAA,EAAO,iBAAA;EAEP,UAAA;EAEA,KAAA;IAEE,WAAA;IAEA,YAAA;EAAA;AAAA;AAAA,UAQa,sBAAA;EAEf,MAAA;EAEA,UAAA;EAEA,KAAA,EAAO,gBAAA;EAEP,KAAA;IAEE,gBAAA;MAEE,KAAA;MAEA,KAAA;MAEA,KAAA;QACE,WAAA;QACA,YAAA;MAAA;IAAA;IAIJ,SAAA;MAEE,MAAA,EAAQ,cAAA;MAER,WAAA;MAEA,IAAA,EAAM,YAAA;MAEN,KAAA;QACE,WAAA;QACA,YAAA;MAAA;IAAA;IAIJ,YAAA;MAEE,KAAA,EAAO,iBAAA;MAEP,KAAA,EAAO,gBAAA;MAEP,KAAA;QACE,WAAA;QACA,YAAA;MAAA;IAAA;EAAA;AAAA;AAAA,UAUS,YAAA;EAEf,EAAA;EAEA,IAAA,EAAM,iBAAA;EAEN,KAAA;EAEA,SAAA;EAEA,OAAA;EAEA,SAAA;EAEA,WAAA;EAEA,YAAA;EAEA,OAAA;AAAA;AAAA,UAOe,WAAA;EAEf,KAAA;EAEA,QAAA;EAEA,IAAA,EAAM,YAAA;EAEN,KAAA,EAAO,YAAA;EAEP,cAAA;EAEA,YAAA;EAEA,KAAA;EAEA,SAAA;EAEA,OAAA;EAEA,QAAA;AAAA;;;iBCjJoB,sBAAA,CACpB,KAAA,UACA,IAAA,GAAM,YAAA,GACL,OAAA,CAAQ,kBAAA;AAAA,iBAmMW,gBAAA,CAAiB,KAAA;EACrC,QAAA;EACA,KAAA;EACA,KAAA;AAAA,IACE,OAAA,CAAQ,eAAA;AAAA,iBA0HU,cAAA,CACpB,KAAA,EAAO,eAAA,EACP,KAAA,aACC,OAAA,CAAQ,kBAAA;AAAA,iBAiGW,uBAAA,CACpB,QAAA,UACA,MAAA,GAAQ,cAAA,GACP,OAAA,CAAQ,sBAAA;;;KCzeC,aAAA;AAAA,UAEK,SAAA;EAEf,EAAA;EAEA,IAAA,EAAM,aAAA;EAEN,OAAA;EAEA,KAAA;EAEA,SAAA;EAEA,KAAA;EAEA,WAAA;EAEA,YAAA;EAEA,OAAA;EAEA,SAAA,EAAW,MAAA;EAEX,YAAA;AAAA;AAAA,UAOe,QAAA;EAEf,KAAA;EAEA,GAAA;EAEA,QAAA;EAEA,IAAA,EAAM,YAAA;EAEN,SAAA;EAEA,OAAA;EAEA,cAAA;EAEA,YAAA;EAEA,KAAA;EAEA,KAAA,EAAO,SAAA;EAEP,QAAA,GAAW,MAAA;AAAA;AAAA,cAOA,kBAAA,EAAoB,MAAA;EAE7B,KAAA;EAAgB,MAAA;EAAiB,IAAA;AAAA;AAAA,iBA2BrB,YAAA,CACd,KAAA,UACA,WAAA,WACA,YAAA,WACA,WAAA,GAAc,MAAA;EAAiB,KAAA;EAAgB,MAAA;EAAiB,IAAA;AAAA;AAAA,iBAsClD,QAAA,CAAS,QAAA,UAAkB,IAAA,EAAM,YAAA,EAAc,GAAA,YAAyB,QAAA;AAAA,iBA0BxE,SAAA,CAAU,IAAA,EAAM,aAAA,EAAe,KAAA,YAAiB,SAAA;AAAA,iBA4BhD,OAAA,CACd,IAAA,EAAM,SAAA,EACN,KAAA;EAAU,WAAA;EAAsB,YAAA;EAAuB,OAAA;AAAA,IACtD,SAAA;AAAA,iBA2Ba,MAAA,CAAO,GAAA,EAAK,QAAA,GAAW,QAAA;AAAA,iBA0BjB,WAAA,CACpB,GAAA,EAAK,QAAA,EACL,IAAA,EAAM,SAAA,EACN,QAAA,EAAU,MAAA,oBACT,OAAA;AAAA,iBA+BmB,eAAA,CAAgB,GAAA,EAAK,QAAA,GAAW,OAAA;AAAA,iBAiChC,cAAA,CAAe,GAAA,EAAK,QAAA,GAAW,OAAA;AAAA,iBA8B/B,QAAA,CAAS,KAAA,YAAc,OAAA,CAAQ,QAAA;AAAA,iBAqC/B,OAAA,CAAQ,KAAA,WAAgB,OAAA,CAAQ,QAAA;AAAA,iBA6BhC,gBAAA,CACpB,KAAA,UACA,WAAA,WACC,OAAA;;;cC7bU,mBAAA,EAAmB,CAAA,CAAA,SAAA;;;;;;;;KAYpB,aAAA,GAAgB,CAAA,CAAE,KAAA,QAAa,mBAAA;AAAA,iBA2B3B,kBAAA,CAAmB,OAAA;EACjC,QAAA,IAAY,MAAA,EAAQ,gBAAA;EACpB,OAAA,IAAW,KAAA,UAAe,IAAA;IAAQ,IAAA;IAAc,SAAA;IAAmB,OAAA;EAAA;EAEnE,WAAA,GAAc,mBAAA;AAAA,OACf,IAAA;;;;;;;;;;;;;;;;;;;YADkC,aAAA"}