@openbox-ai/openbox-mastra-sdk 0.1.0

package/dist/client/openbox-client.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/client/openbox-client.ts"],"sourcesContent":["import {\n  GovernanceAPIError,\n  GovernanceVerdictResponse,\n  OpenBoxAuthError,\n  OpenBoxNetworkError\n} from \"../types/index.js\";\n\nexport type OpenBoxApiErrorPolicy = \"fail_open\" | \"fail_closed\";\n\nexport interface OpenBoxClientOptions {\n  apiKey: string;\n  apiUrl: string;\n  evaluateMaxRetries?: number | undefined;\n  evaluateRetryBaseDelayMs?: number | undefined;\n  fetch?: typeof fetch;\n  onApiError?: OpenBoxApiErrorPolicy | undefined;\n  timeoutSeconds?: number | undefined;\n}\n\nexport interface ApprovalPollRequest {\n  activityId: string;\n  runId: string;\n  workflowId: string;\n}\n\nexport interface ApprovalPollResponse {\n  action?: string | undefined;\n  approval_expiration_time?: string | null | undefined;\n  expired?: boolean | undefined;\n  reason?: string | undefined;\n  verdict?: string | undefined;\n  [key: string]: unknown;\n}\n\nconst USER_AGENT = \"OpenBox-SDK/1.0\";\n\nexport class OpenBoxClient {\n  public readonly apiKey: string;\n  public readonly apiUrl: string;\n  public readonly evaluateMaxRetries: number;\n  public readonly evaluateRetryBaseDelayMs: number;\n  public readonly onApiError: OpenBoxApiErrorPolicy;\n  public readonly timeoutSeconds: number;\n\n  readonly #fetch: typeof fetch;\n  readonly #debugEnabled: boolean;\n\n  public constructor({\n    apiKey,\n    apiUrl,\n    evaluateMaxRetries = 0,\n    evaluateRetryBaseDelayMs = 150,\n    fetch: customFetch,\n    onApiError = \"fail_open\",\n    timeoutSeconds = 30\n  }: OpenBoxClientOptions) {\n    this.apiKey = apiKey;\n    this.apiUrl = apiUrl.replace(/\\/+$/, \"\");\n    this.evaluateMaxRetries = Math.max(0, Math.floor(evaluateMaxRetries));\n    this.evaluateRetryBaseDelayMs = Math.max(0, Math.floor(evaluateRetryBaseDelayMs));\n    this.onApiError = onApiError;\n    this.timeoutSeconds = timeoutSeconds;\n    this.#fetch = customFetch ?? fetch;\n    this.#debugEnabled = isOpenBoxDebugEnabled();\n  }\n\n  public async validateApiKey(): Promise<void> {\n    try {\n      const response = await this.#fetch(\n        this.#buildUrl(\"/api/v1/auth/validate\"),\n        {\n          headers: {\n            Authorization: `Bearer ${this.apiKey}`,\n            \"Content-Type\": \"application/json\",\n            \"User-Agent\": USER_AGENT\n          },\n          method: \"GET\",\n          signal: AbortSignal.timeout(this.timeoutSeconds * 1000)\n        }\n      );\n\n      if (response.status === 200) {\n        return;\n      }\n\n      if (response.status === 401 || response.status === 403) {\n        throw new OpenBoxAuthError(\n          \"Invalid API key. Check your API key at dashboard.openbox.ai\"\n        );\n      }\n\n      throw new OpenBoxNetworkError(\n        `Cannot reach OpenBox Core at ${this.apiUrl}: HTTP ${response.status}`\n      );\n    } catch (error) {\n      if (error instanceof OpenBoxAuthError || error instanceof OpenBoxNetworkError) {\n        throw error;\n      }\n\n      throw new OpenBoxNetworkError(\n        `Cannot reach OpenBox Core at ${this.apiUrl}: ${this.#errorMessage(error)}`\n      );\n    }\n  }\n\n  public async evaluate(\n    payload: Record<string, unknown>\n  ): Promise<GovernanceVerdictResponse | null> {\n    const normalizedPayload = normalizeEvaluatePayload(payload);\n\n    return this.#withApiPolicy(async () =>\n      this.#evaluateWithRetry(normalizedPayload)\n    );\n  }\n\n  public async pollApproval(\n    payload: ApprovalPollRequest\n  ): Promise<ApprovalPollResponse | null> {\n    try {\n      if (this.#debugEnabled) {\n        console.info(\"[openbox-sdk] approval.request\", {\n          activity_id: payload.activityId,\n          run_id: payload.runId,\n          workflow_id: payload.workflowId\n        });\n      }\n\n      const response = await this.#fetch(\n        this.#buildUrl(\"/api/v1/governance/approval\"),\n        {\n          body: JSON.stringify({\n            activity_id: payload.activityId,\n            run_id: payload.runId,\n            workflow_id: payload.workflowId\n          }),\n          headers: {\n            Authorization: `Bearer ${this.apiKey}`,\n            \"Content-Type\": \"application/json\",\n            \"User-Agent\": USER_AGENT\n          },\n          method: \"POST\",\n          signal: AbortSignal.timeout(this.timeoutSeconds * 1000)\n        }\n      );\n\n      if (response.status !== 200) {\n        const body = await response.text().catch(() => \"\");\n        if (this.#debugEnabled) {\n          console.error(\"[openbox-sdk] approval.response\", {\n            reason: body,\n            status: response.status\n          });\n        }\n\n        return null;\n      }\n\n      const data = (await response.json()) as ApprovalPollResponse;\n      if (this.#debugEnabled) {\n        console.info(\"[openbox-sdk] approval.response\", {\n          action: data.action,\n          status: response.status,\n          verdict: data.verdict\n        });\n      }\n      const expirationTime = data.approval_expiration_time;\n\n      if (typeof expirationTime === \"string\") {\n        const parsed = parseApprovalExpiration(expirationTime);\n\n        if (parsed && Date.now() > parsed.getTime()) {\n          return {\n            ...data,\n            expired: true\n          };\n        }\n      }\n\n      return data;\n    } catch {\n      return null;\n    }\n  }\n\n  #buildUrl(pathname: string): string {\n    return `${this.apiUrl}${pathname}`;\n  }\n\n  async #evaluateWithRetry(\n    payload: Record<string, unknown>\n  ): Promise<GovernanceVerdictResponse> {\n    let attempt = 0;\n\n    while (true) {\n      try {\n        return await this.#evaluateOnce(payload);\n      } catch (error) {\n        if (\n          attempt >= this.evaluateMaxRetries ||\n          !isRetryableEvaluateError(error)\n        ) {\n          throw error;\n        }\n\n        const waitMs = this.evaluateRetryBaseDelayMs * 2 ** attempt;\n\n        if (this.#debugEnabled) {\n          console.warn(\"[openbox-sdk] evaluate.retry\", {\n            attempt: attempt + 1,\n            error:\n              error instanceof Error ? error.message : String(error),\n            wait_ms: waitMs\n          });\n        }\n\n        attempt += 1;\n\n        if (waitMs > 0) {\n          await delay(waitMs);\n        }\n      }\n    }\n  }\n\n  async #evaluateOnce(\n    payload: Record<string, unknown>\n  ): Promise<GovernanceVerdictResponse> {\n    if (this.#debugEnabled) {\n      console.info(\"[openbox-sdk] evaluate.request\", summarizeEvaluatePayload(payload));\n    }\n\n    const response = await this.#fetch(\n      this.#buildUrl(\"/api/v1/governance/evaluate\"),\n      {\n        body: JSON.stringify(payload),\n        headers: {\n          Authorization: `Bearer ${this.apiKey}`,\n          \"Content-Type\": \"application/json\",\n          \"User-Agent\": USER_AGENT\n        },\n        method: \"POST\",\n        signal: AbortSignal.timeout(this.timeoutSeconds * 1000)\n      }\n    );\n\n    if (response.status !== 200) {\n      const body = await response.text();\n\n      if (this.#debugEnabled) {\n        console.error(\"[openbox-sdk] evaluate.response\", {\n          event_type: payload.event_type,\n          reason: body,\n          status: response.status\n        });\n      }\n\n      throw new GovernanceAPIError(\n        `HTTP ${response.status}: ${body}`\n      );\n    }\n\n    const parsed = (await response.json()) as Parameters<\n      typeof GovernanceVerdictResponse.fromObject\n    >[0];\n\n    if (this.#debugEnabled) {\n      const ageResult =\n        parsed && typeof parsed === \"object\" && \"age_result\" in parsed\n          ? (parsed as { age_result?: Record<string, unknown> }).age_result\n          : undefined;\n      console.info(\"[openbox-sdk] evaluate.response\", {\n        action: parsed.action,\n        age_fallback_used:\n          ageResult && typeof ageResult === \"object\"\n            ? ageResult.fallback_used\n            : undefined,\n        age_goal_alignment_checked:\n          ageResult && typeof ageResult === \"object\"\n            ? ageResult.goal_alignment_checked\n            : undefined,\n        age_goal_drifted:\n          ageResult && typeof ageResult === \"object\"\n            ? ageResult.goal_drifted\n            : undefined,\n        event_type: payload.event_type,\n        status: response.status,\n        verdict: parsed.verdict\n      });\n    }\n\n    return GovernanceVerdictResponse.fromObject(parsed);\n  }\n\n  async #withApiPolicy<T>(operation: () => Promise<T>): Promise<T | null> {\n    try {\n      return await operation();\n    } catch (error) {\n      if (this.onApiError === \"fail_open\") {\n        return null;\n      }\n\n      if (error instanceof GovernanceAPIError) {\n        throw error;\n      }\n\n      throw new GovernanceAPIError(this.#errorMessage(error));\n    }\n  }\n\n  #errorMessage(error: unknown): string {\n    if (error instanceof Error) {\n      return error.message;\n    }\n\n    return String(error);\n  }\n}\n\nfunction isOpenBoxDebugEnabled(): boolean {\n  const value = process.env.OPENBOX_DEBUG?.trim().toLowerCase();\n  return value === \"1\" || value === \"true\" || value === \"yes\";\n}\n\nfunction summarizeEvaluatePayload(\n  payload: Record<string, unknown>\n): Record<string, unknown> {\n  const spanSummary = summarizeSpans(payload.spans);\n\n  return {\n    activity_id: payload.activity_id,\n    activity_type: payload.activity_type,\n    event_type: payload.event_type,\n    has_activity_input: payload.activity_input !== undefined,\n    has_activity_output: payload.activity_output !== undefined,\n    has_error: payload.error !== undefined,\n    has_goal:\n      typeof payload.goal === \"string\" && payload.goal.trim().length > 0,\n    has_signal_args: payload.signal_args !== undefined,\n    has_spans: spanSummary.hasSpans,\n    has_workflow_input: payload.workflow_input !== undefined,\n    has_workflow_output: payload.workflow_output !== undefined,\n    hook_stage:\n      payload.hook_trigger === true ? spanSummary.latestSpanStage : undefined,\n    run_id: payload.run_id,\n    span_count:\n      typeof payload.span_count === \"number\"\n        ? payload.span_count\n        : spanSummary.detectedSpanCount,\n    synthetic_model_usage_span: spanSummary.syntheticModelUsageSpan,\n    workflow_model_id:\n      typeof payload.model_id === \"string\" ? payload.model_id : undefined,\n    workflow_model_provider:\n      typeof payload.model_provider === \"string\"\n        ? payload.model_provider\n        : typeof payload.provider === \"string\"\n          ? payload.provider\n          : undefined,\n    workflow_id: payload.workflow_id,\n    workflow_type: payload.workflow_type\n  };\n}\n\nfunction normalizeEvaluatePayload(\n  payload: Record<string, unknown>\n): Record<string, unknown> {\n  const normalized: Record<string, unknown> = { ...payload };\n  const eventType =\n    typeof normalized.event_type === \"string\" ? normalized.event_type : undefined;\n  const legacyHookSpan = extractLegacyHookSpanFromTrigger(normalized.hook_trigger);\n  const normalizedHookTrigger = normalizeHookTrigger(normalized.hook_trigger);\n\n  if (normalizedHookTrigger !== undefined) {\n    normalized.hook_trigger = normalizedHookTrigger;\n  }\n\n  if (eventType === \"ActivityCompleted\") {\n    const normalizedSpans =\n      normalizeSpansField(normalized.spans) ??\n      (legacyHookSpan ? [legacyHookSpan] : undefined);\n\n    if (normalizedHookTrigger === true || legacyHookSpan !== undefined) {\n      normalized.hook_trigger = true;\n      normalized.spans = normalizedSpans ?? [];\n      normalized.span_count = (normalized.spans as unknown[]).length;\n      return normalized;\n    }\n\n    delete normalized.spans;\n    delete normalized.hook_trigger;\n    normalized.span_count = 0;\n\n    return normalized;\n  }\n\n  if (eventType === \"ActivityStarted\") {\n    const normalizedSpans =\n      normalizeSpansField(normalized.spans) ??\n      (legacyHookSpan ? [legacyHookSpan] : undefined);\n\n    if (normalizedSpans !== undefined) {\n      normalized.spans = normalizedSpans;\n      normalized.span_count = normalizedSpans.length;\n      return normalized;\n    }\n\n    if (normalized.hook_trigger === true) {\n      normalized.spans = [];\n      normalized.span_count = 0;\n    }\n  }\n\n  return normalized;\n}\n\nfunction normalizeHookTrigger(value: unknown): boolean | undefined {\n  if (value === undefined) {\n    return undefined;\n  }\n\n  if (typeof value === \"boolean\") {\n    return value;\n  }\n\n  if (typeof value === \"number\") {\n    return value !== 0;\n  }\n\n  if (typeof value === \"string\") {\n    const normalized = value.trim().toLowerCase();\n\n    if (\n      normalized === \"true\" ||\n      normalized === \"1\" ||\n      normalized === \"yes\" ||\n      normalized === \"on\"\n    ) {\n      return true;\n    }\n\n    if (\n      normalized === \"false\" ||\n      normalized === \"0\" ||\n      normalized === \"no\" ||\n      normalized === \"off\" ||\n      normalized.length === 0\n    ) {\n      return false;\n    }\n  }\n\n  if (typeof value === \"object\") {\n    return value !== null;\n  }\n\n  return Boolean(value);\n}\n\nfunction extractLegacyHookSpanFromTrigger(\n  value: unknown\n): Record<string, unknown> | undefined {\n  if (!value || typeof value !== \"object\" || Array.isArray(value)) {\n    return undefined;\n  }\n\n  const record = value as Record<string, unknown>;\n  const hasHookShape =\n    typeof record.type === \"string\" ||\n    typeof record.hook_type === \"string\" ||\n    typeof record.stage === \"string\" ||\n    typeof record.method === \"string\" ||\n    typeof record.url === \"string\" ||\n    typeof record.http_method === \"string\" ||\n    typeof record.http_url === \"string\" ||\n    typeof record.db_operation === \"string\" ||\n    typeof record.db_statement === \"string\" ||\n    typeof record.file_operation === \"string\" ||\n    typeof record.file_path === \"string\" ||\n    typeof record.function === \"string\";\n\n  if (!hasHookShape) {\n    return undefined;\n  }\n\n  const normalized: Record<string, unknown> = {\n    ...record\n  };\n\n  if (\n    typeof normalized.type === \"string\" &&\n    typeof normalized.hook_type !== \"string\"\n  ) {\n    normalized.hook_type = normalized.type;\n  }\n\n  delete normalized.type;\n  return normalized;\n}\n\nfunction normalizeSpansField(\n  value: unknown\n): Record<string, unknown>[] | undefined {\n  if (value === undefined) {\n    return undefined;\n  }\n\n  if (Array.isArray(value)) {\n    return value.filter(\n      span => span !== null && typeof span === \"object\"\n    ) as Record<string, unknown>[];\n  }\n\n  if (value !== null && typeof value === \"object\") {\n    return [value as Record<string, unknown>];\n  }\n\n  return [];\n}\n\nfunction summarizeSpans(\n  spans: unknown\n): {\n  detectedSpanCount: number;\n  hasSpans: boolean;\n  latestSpanStage: string | undefined;\n  syntheticModelUsageSpan: boolean;\n} {\n  if (!Array.isArray(spans)) {\n    return {\n      detectedSpanCount: 0,\n      hasSpans: false,\n      latestSpanStage: undefined,\n      syntheticModelUsageSpan: false\n    };\n  }\n\n  const spanList = spans as unknown[];\n  const latestSpan =\n    spanList.length > 0 ? spanList[spanList.length - 1] : undefined;\n  const latestSpanStage =\n    latestSpan && typeof latestSpan === \"object\"\n      ? (() => {\n          const stage = (latestSpan as Record<string, unknown>).stage;\n\n          return typeof stage === \"string\" ? stage : undefined;\n        })()\n      : undefined;\n\n  return {\n    detectedSpanCount: spanList.length,\n    hasSpans: spanList.length > 0,\n    latestSpanStage,\n    syntheticModelUsageSpan: spanList.some(span => {\n      if (!span || typeof span !== \"object\") {\n        return false;\n      }\n\n      return (\n        (span as Record<string, unknown>).name === \"openbox.synthetic.model_usage\"\n      );\n    })\n  };\n}\n\nfunction isRetryableEvaluateError(error: unknown): boolean {\n  if (error instanceof GovernanceAPIError) {\n    if (/HTTP\\s(429|5\\d\\d)\\b/i.test(error.message)) {\n      return true;\n    }\n\n    return /(context deadline exceeded|temporarily unavailable|timeout|timed out|connection reset|econnreset|etimedout|upstream connect error)/i.test(\n      error.message\n    );\n  }\n\n  if (!(error instanceof Error)) {\n    return false;\n  }\n\n  if (error.name === \"AbortError\") {\n    return true;\n  }\n\n  return /(fetch failed|network|econnreset|etimedout|connection reset)/i.test(\n    error.message\n  );\n}\n\nfunction delay(ms: number): Promise<void> {\n  return new Promise(resolve => {\n    setTimeout(resolve, ms);\n  });\n}\n\nfunction parseApprovalExpiration(value: string): Date | null {\n  const normalized = value.replace(\" \", \"T\").replace(/Z$/, \"+00:00\");\n  const withTimezone = /([+-]\\d{2}:\\d{2})$/.test(normalized)\n    ? normalized\n    : `${normalized}Z`;\n  const parsed = new Date(withTimezone);\n\n  return Number.isNaN(parsed.getTime()) ? null : parsed;\n}\n"],"mappings":"AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AA6BP,MAAM,aAAa;AAEZ,MAAM,cAAc;AAAA,EACT;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEP;AAAA,EACA;AAAA,EAEF,YAAY;AAAA,IACjB;AAAA,IACA;AAAA,IACA,qBAAqB;AAAA,IACrB,2BAA2B;AAAA,IAC3B,OAAO;AAAA,IACP,aAAa;AAAA,IACb,iBAAiB;AAAA,EACnB,GAAyB;AACvB,SAAK,SAAS;AACd,SAAK,SAAS,OAAO,QAAQ,QAAQ,EAAE;AACvC,SAAK,qBAAqB,KAAK,IAAI,GAAG,KAAK,MAAM,kBAAkB,CAAC;AACpE,SAAK,2BAA2B,KAAK,IAAI,GAAG,KAAK,MAAM,wBAAwB,CAAC;AAChF,SAAK,aAAa;AAClB,SAAK,iBAAiB;AACtB,SAAK,SAAS,eAAe;AAC7B,SAAK,gBAAgB,sBAAsB;AAAA,EAC7C;AAAA,EAEA,MAAa,iBAAgC;AAC3C,QAAI;AACF,YAAM,WAAW,MAAM,KAAK;AAAA,QAC1B,KAAK,UAAU,uBAAuB;AAAA,QACtC;AAAA,UACE,SAAS;AAAA,YACP,eAAe,UAAU,KAAK,MAAM;AAAA,YACpC,gBAAgB;AAAA,YAChB,cAAc;AAAA,UAChB;AAAA,UACA,QAAQ;AAAA,UACR,QAAQ,YAAY,QAAQ,KAAK,iBAAiB,GAAI;AAAA,QACxD;AAAA,MACF;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B;AAAA,MACF;AAEA,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,gCAAgC,KAAK,MAAM,UAAU,SAAS,MAAM;AAAA,MACtE;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,oBAAoB,iBAAiB,qBAAqB;AAC7E,cAAM;AAAA,MACR;AAEA,YAAM,IAAI;AAAA,QACR,gCAAgC,KAAK,MAAM,KAAK,KAAK,cAAc,KAAK,CAAC;AAAA,MAC3E;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAa,SACX,SAC2C;AAC3C,UAAM,oBAAoB,yBAAyB,OAAO;AAE1D,WAAO,KAAK;AAAA,MAAe,YACzB,KAAK,mBAAmB,iBAAiB;AAAA,IAC3C;AAAA,EACF;AAAA,EAEA,MAAa,aACX,SACsC;AACtC,QAAI;AACF,UAAI,KAAK,eAAe;AACtB,gBAAQ,KAAK,kCAAkC;AAAA,UAC7C,aAAa,QAAQ;AAAA,UACrB,QAAQ,QAAQ;AAAA,UAChB,aAAa,QAAQ;AAAA,QACvB,CAAC;AAAA,MACH;AAEA,YAAM,WAAW,MAAM,KAAK;AAAA,QAC1B,KAAK,UAAU,6BAA6B;AAAA,QAC5C;AAAA,UACE,MAAM,KAAK,UAAU;AAAA,YACnB,aAAa,QAAQ;AAAA,YACrB,QAAQ,QAAQ;AAAA,YAChB,aAAa,QAAQ;AAAA,UACvB,CAAC;AAAA,UACD,SAAS;AAAA,YACP,eAAe,UAAU,KAAK,MAAM;AAAA,YACpC,gBAAgB;AAAA,YAChB,cAAc;AAAA,UAChB;AAAA,UACA,QAAQ;AAAA,UACR,QAAQ,YAAY,QAAQ,KAAK,iBAAiB,GAAI;AAAA,QACxD;AAAA,MACF;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,OAAO,MAAM,SAAS,KAAK,EAAE,MAAM,MAAM,EAAE;AACjD,YAAI,KAAK,eAAe;AACtB,kBAAQ,MAAM,mCAAmC;AAAA,YAC/C,QAAQ;AAAA,YACR,QAAQ,SAAS;AAAA,UACnB,CAAC;AAAA,QACH;AAEA,eAAO;AAAA,MACT;AAEA,YAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,UAAI,KAAK,eAAe;AACtB,gBAAQ,KAAK,mCAAmC;AAAA,UAC9C,QAAQ,KAAK;AAAA,UACb,QAAQ,SAAS;AAAA,UACjB,SAAS,KAAK;AAAA,QAChB,CAAC;AAAA,MACH;AACA,YAAM,iBAAiB,KAAK;AAE5B,UAAI,OAAO,mBAAmB,UAAU;AACtC,cAAM,SAAS,wBAAwB,cAAc;AAErD,YAAI,UAAU,KAAK,IAAI,IAAI,OAAO,QAAQ,GAAG;AAC3C,iBAAO;AAAA,YACL,GAAG;AAAA,YACH,SAAS;AAAA,UACX;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,UAAU,UAA0B;AAClC,WAAO,GAAG,KAAK,MAAM,GAAG,QAAQ;AAAA,EAClC;AAAA,EAEA,MAAM,mBACJ,SACoC;AACpC,QAAI,UAAU;AAEd,WAAO,MAAM;AACX,UAAI;AACF,eAAO,MAAM,KAAK,cAAc,OAAO;AAAA,MACzC,SAAS,OAAO;AACd,YACE,WAAW,KAAK,sBAChB,CAAC,yBAAyB,KAAK,GAC/B;AACA,gBAAM;AAAA,QACR;AAEA,cAAM,SAAS,KAAK,2BAA2B,KAAK;AAEpD,YAAI,KAAK,eAAe;AACtB,kBAAQ,KAAK,gCAAgC;AAAA,YAC3C,SAAS,UAAU;AAAA,YACnB,OACE,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,YACvD,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,mBAAW;AAEX,YAAI,SAAS,GAAG;AACd,gBAAM,MAAM,MAAM;AAAA,QACpB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,cACJ,SACoC;AACpC,QAAI,KAAK,eAAe;AACtB,cAAQ,KAAK,kCAAkC,yBAAyB,OAAO,CAAC;AAAA,IAClF;AAEA,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B,KAAK,UAAU,6BAA6B;AAAA,MAC5C;AAAA,QACE,MAAM,KAAK,UAAU,OAAO;AAAA,QAC5B,SAAS;AAAA,UACP,eAAe,UAAU,KAAK,MAAM;AAAA,UACpC,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB;AAAA,QACA,QAAQ;AAAA,QACR,QAAQ,YAAY,QAAQ,KAAK,iBAAiB,GAAI;AAAA,MACxD;AAAA,IACF;AAEA,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,UAAI,KAAK,eAAe;AACtB,gBAAQ,MAAM,mCAAmC;AAAA,UAC/C,YAAY,QAAQ;AAAA,UACpB,QAAQ;AAAA,UACR,QAAQ,SAAS;AAAA,QACnB,CAAC;AAAA,MACH;AAEA,YAAM,IAAI;AAAA,QACR,QAAQ,SAAS,MAAM,KAAK,IAAI;AAAA,MAClC;AAAA,IACF;AAEA,UAAM,SAAU,MAAM,SAAS,KAAK;AAIpC,QAAI,KAAK,eAAe;AACtB,YAAM,YACJ,UAAU,OAAO,WAAW,YAAY,gBAAgB,SACnD,OAAoD,aACrD;AACN,cAAQ,KAAK,mCAAmC;AAAA,QAC9C,QAAQ,OAAO;AAAA,QACf,mBACE,aAAa,OAAO,cAAc,WAC9B,UAAU,gBACV;AAAA,QACN,4BACE,aAAa,OAAO,cAAc,WAC9B,UAAU,yBACV;AAAA,QACN,kBACE,aAAa,OAAO,cAAc,WAC9B,UAAU,eACV;AAAA,QACN,YAAY,QAAQ;AAAA,QACpB,QAAQ,SAAS;AAAA,QACjB,SAAS,OAAO;AAAA,MAClB,CAAC;AAAA,IACH;AAEA,WAAO,0BAA0B,WAAW,MAAM;AAAA,EACpD;AAAA,EAEA,MAAM,eAAkB,WAAgD;AACtE,QAAI;AACF,aAAO,MAAM,UAAU;AAAA,IACzB,SAAS,OAAO;AACd,UAAI,KAAK,eAAe,aAAa;AACnC,eAAO;AAAA,MACT;AAEA,UAAI,iBAAiB,oBAAoB;AACvC,cAAM;AAAA,MACR;AAEA,YAAM,IAAI,mBAAmB,KAAK,cAAc,KAAK,CAAC;AAAA,IACxD;AAAA,EACF;AAAA,EAEA,cAAc,OAAwB;AACpC,QAAI,iBAAiB,OAAO;AAC1B,aAAO,MAAM;AAAA,IACf;AAEA,WAAO,OAAO,KAAK;AAAA,EACrB;AACF;AAEA,SAAS,wBAAiC;AACxC,QAAM,QAAQ,QAAQ,IAAI,eAAe,KAAK,EAAE,YAAY;AAC5D,SAAO,UAAU,OAAO,UAAU,UAAU,UAAU;AACxD;AAEA,SAAS,yBACP,SACyB;AACzB,QAAM,cAAc,eAAe,QAAQ,KAAK;AAEhD,SAAO;AAAA,IACL,aAAa,QAAQ;AAAA,IACrB,eAAe,QAAQ;AAAA,IACvB,YAAY,QAAQ;AAAA,IACpB,oBAAoB,QAAQ,mBAAmB;AAAA,IAC/C,qBAAqB,QAAQ,oBAAoB;AAAA,IACjD,WAAW,QAAQ,UAAU;AAAA,IAC7B,UACE,OAAO,QAAQ,SAAS,YAAY,QAAQ,KAAK,KAAK,EAAE,SAAS;AAAA,IACnE,iBAAiB,QAAQ,gBAAgB;AAAA,IACzC,WAAW,YAAY;AAAA,IACvB,oBAAoB,QAAQ,mBAAmB;AAAA,IAC/C,qBAAqB,QAAQ,oBAAoB;AAAA,IACjD,YACE,QAAQ,iBAAiB,OAAO,YAAY,kBAAkB;AAAA,IAChE,QAAQ,QAAQ;AAAA,IAChB,YACE,OAAO,QAAQ,eAAe,WAC1B,QAAQ,aACR,YAAY;AAAA,IAClB,4BAA4B,YAAY;AAAA,IACxC,mBACE,OAAO,QAAQ,aAAa,WAAW,QAAQ,WAAW;AAAA,IAC5D,yBACE,OAAO,QAAQ,mBAAmB,WAC9B,QAAQ,iBACR,OAAO,QAAQ,aAAa,WAC1B,QAAQ,WACR;AAAA,IACR,aAAa,QAAQ;AAAA,IACrB,eAAe,QAAQ;AAAA,EACzB;AACF;AAEA,SAAS,yBACP,SACyB;AACzB,QAAM,aAAsC,EAAE,GAAG,QAAQ;AACzD,QAAM,YACJ,OAAO,WAAW,eAAe,WAAW,WAAW,aAAa;AACtE,QAAM,iBAAiB,iCAAiC,WAAW,YAAY;AAC/E,QAAM,wBAAwB,qBAAqB,WAAW,YAAY;AAE1E,MAAI,0BAA0B,QAAW;AACvC,eAAW,eAAe;AAAA,EAC5B;AAEA,MAAI,cAAc,qBAAqB;AACrC,UAAM,kBACJ,oBAAoB,WAAW,KAAK,MACnC,iBAAiB,CAAC,cAAc,IAAI;AAEvC,QAAI,0BAA0B,QAAQ,mBAAmB,QAAW;AAClE,iBAAW,eAAe;AAC1B,iBAAW,QAAQ,mBAAmB,CAAC;AACvC,iBAAW,aAAc,WAAW,MAAoB;AACxD,aAAO;AAAA,IACT;AAEA,WAAO,WAAW;AAClB,WAAO,WAAW;AAClB,eAAW,aAAa;AAExB,WAAO;AAAA,EACT;AAEA,MAAI,cAAc,mBAAmB;AACnC,UAAM,kBACJ,oBAAoB,WAAW,KAAK,MACnC,iBAAiB,CAAC,cAAc,IAAI;AAEvC,QAAI,oBAAoB,QAAW;AACjC,iBAAW,QAAQ;AACnB,iBAAW,aAAa,gBAAgB;AACxC,aAAO;AAAA,IACT;AAEA,QAAI,WAAW,iBAAiB,MAAM;AACpC,iBAAW,QAAQ,CAAC;AACpB,iBAAW,aAAa;AAAA,IAC1B;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,qBAAqB,OAAqC;AACjE,MAAI,UAAU,QAAW;AACvB,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,UAAU,WAAW;AAC9B,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,UAAU;AAAA,EACnB;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,aAAa,MAAM,KAAK,EAAE,YAAY;AAE5C,QACE,eAAe,UACf,eAAe,OACf,eAAe,SACf,eAAe,MACf;AACA,aAAO;AAAA,IACT;AAEA,QACE,eAAe,WACf,eAAe,OACf,eAAe,QACf,eAAe,SACf,WAAW,WAAW,GACtB;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,UAAU;AAAA,EACnB;AAEA,SAAO,QAAQ,KAAK;AACtB;AAEA,SAAS,iCACP,OACqC;AACrC,MAAI,CAAC,SAAS,OAAO,UAAU,YAAY,MAAM,QAAQ,KAAK,GAAG;AAC/D,WAAO;AAAA,EACT;AAEA,QAAM,SAAS;AACf,QAAM,eACJ,OAAO,OAAO,SAAS,YACvB,OAAO,OAAO,cAAc,YAC5B,OAAO,OAAO,UAAU,YACxB,OAAO,OAAO,WAAW,YACzB,OAAO,OAAO,QAAQ,YACtB,OAAO,OAAO,gBAAgB,YAC9B,OAAO,OAAO,aAAa,YAC3B,OAAO,OAAO,iBAAiB,YAC/B,OAAO,OAAO,iBAAiB,YAC/B,OAAO,OAAO,mBAAmB,YACjC,OAAO,OAAO,cAAc,YAC5B,OAAO,OAAO,aAAa;AAE7B,MAAI,CAAC,cAAc;AACjB,WAAO;AAAA,EACT;AAEA,QAAM,aAAsC;AAAA,IAC1C,GAAG;AAAA,EACL;AAEA,MACE,OAAO,WAAW,SAAS,YAC3B,OAAO,WAAW,cAAc,UAChC;AACA,eAAW,YAAY,WAAW;AAAA,EACpC;AAEA,SAAO,WAAW;AAClB,SAAO;AACT;AAEA,SAAS,oBACP,OACuC;AACvC,MAAI,UAAU,QAAW;AACvB,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM;AAAA,MACX,UAAQ,SAAS,QAAQ,OAAO,SAAS;AAAA,IAC3C;AAAA,EACF;AAEA,MAAI,UAAU,QAAQ,OAAO,UAAU,UAAU;AAC/C,WAAO,CAAC,KAAgC;AAAA,EAC1C;AAEA,SAAO,CAAC;AACV;AAEA,SAAS,eACP,OAMA;AACA,MAAI,CAAC,MAAM,QAAQ,KAAK,GAAG;AACzB,WAAO;AAAA,MACL,mBAAmB;AAAA,MACnB,UAAU;AAAA,MACV,iBAAiB;AAAA,MACjB,yBAAyB;AAAA,IAC3B;AAAA,EACF;AAEA,QAAM,WAAW;AACjB,QAAM,aACJ,SAAS,SAAS,IAAI,SAAS,SAAS,SAAS,CAAC,IAAI;AACxD,QAAM,kBACJ,cAAc,OAAO,eAAe,YAC/B,MAAM;AACL,UAAM,QAAS,WAAuC;AAEtD,WAAO,OAAO,UAAU,WAAW,QAAQ;AAAA,EAC7C,GAAG,IACH;AAEN,SAAO;AAAA,IACL,mBAAmB,SAAS;AAAA,IAC5B,UAAU,SAAS,SAAS;AAAA,IAC5B;AAAA,IACA,yBAAyB,SAAS,KAAK,UAAQ;AAC7C,UAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,eAAO;AAAA,MACT;AAEA,aACG,KAAiC,SAAS;AAAA,IAE/C,CAAC;AAAA,EACH;AACF;AAEA,SAAS,yBAAyB,OAAyB;AACzD,MAAI,iBAAiB,oBAAoB;AACvC,QAAI,uBAAuB,KAAK,MAAM,OAAO,GAAG;AAC9C,aAAO;AAAA,IACT;AAEA,WAAO,sIAAsI;AAAA,MAC3I,MAAM;AAAA,IACR;AAAA,EACF;AAEA,MAAI,EAAE,iBAAiB,QAAQ;AAC7B,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,SAAS,cAAc;AAC/B,WAAO;AAAA,EACT;AAEA,SAAO,gEAAgE;AAAA,IACrE,MAAM;AAAA,EACR;AACF;AAEA,SAAS,MAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,aAAW;AAC5B,eAAW,SAAS,EAAE;AAAA,EACxB,CAAC;AACH;AAEA,SAAS,wBAAwB,OAA4B;AAC3D,QAAM,aAAa,MAAM,QAAQ,KAAK,GAAG,EAAE,QAAQ,MAAM,QAAQ;AACjE,QAAM,eAAe,qBAAqB,KAAK,UAAU,IACrD,aACA,GAAG,UAAU;AACjB,QAAM,SAAS,IAAI,KAAK,YAAY;AAEpC,SAAO,OAAO,MAAM,OAAO,QAAQ,CAAC,IAAI,OAAO;AACjD;","names":[]}

package/dist/config/index.d.ts

@@ -0,0 +1,5 @@
+export { API_KEY_PATTERN, OpenBoxConfig, OpenBoxConfigInput, getOpenBoxConfig, initializeOpenBox, parseOpenBoxConfig, setOpenBoxConfig, validateApiKeyFormat, validateUrlSecurity } from './openbox-config.js';
+import '../client/openbox-client.js';
+import '../types/governance-verdict-response.js';
+import '../types/guardrails.js';
+import '../types/verdict.js';

package/dist/config/index.js

@@ -0,0 +1,2 @@
+export * from "./openbox-config.js";
+//# sourceMappingURL=index.js.map

package/dist/config/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/config/index.ts"],"sourcesContent":["export * from \"./openbox-config.js\";\n"],"mappings":"AAAA,cAAc;","names":[]}

package/dist/config/openbox-config.d.ts

@@ -0,0 +1,54 @@
+import { OpenBoxApiErrorPolicy } from '../client/openbox-client.js';
+import '../types/governance-verdict-response.js';
+import '../types/guardrails.js';
+import '../types/verdict.js';
+
+declare const API_KEY_PATTERN: RegExp;
+interface OpenBoxConfigInput {
+    apiKey?: string | undefined;
+    apiUrl?: string | undefined;
+    evaluateMaxRetries?: number | undefined;
+    evaluateRetryBaseDelayMs?: number | undefined;
+    governanceTimeout?: number | undefined;
+    hitlEnabled?: boolean | undefined;
+    httpCapture?: boolean | undefined;
+    instrumentDatabases?: boolean | undefined;
+    instrumentFileIo?: boolean | undefined;
+    maxEvaluatePayloadBytes?: number | undefined;
+    onApiError?: OpenBoxApiErrorPolicy | undefined;
+    sendActivityStartEvent?: boolean | undefined;
+    sendStartEvent?: boolean | undefined;
+    skipActivityTypes?: Iterable<string> | undefined;
+    skipHitlActivityTypes?: Iterable<string> | undefined;
+    skipSignals?: Iterable<string> | undefined;
+    skipWorkflowTypes?: Iterable<string> | undefined;
+    validate?: boolean | undefined;
+}
+interface OpenBoxConfig {
+    apiKey: string;
+    apiUrl: string;
+    evaluateMaxRetries: number;
+    evaluateRetryBaseDelayMs: number;
+    governanceTimeout: number;
+    hitlEnabled: boolean;
+    httpCapture: boolean;
+    instrumentDatabases: boolean;
+    instrumentFileIo: boolean;
+    maxEvaluatePayloadBytes: number;
+    onApiError: OpenBoxApiErrorPolicy;
+    sendActivityStartEvent: boolean;
+    sendStartEvent: boolean;
+    skipActivityTypes: Set<string>;
+    skipHitlActivityTypes: Set<string>;
+    skipSignals: Set<string>;
+    skipWorkflowTypes: Set<string>;
+    validate: boolean;
+}
+declare function validateApiKeyFormat(apiKey: string): boolean;
+declare function validateUrlSecurity(apiUrl: string): void;
+declare function parseOpenBoxConfig(input?: OpenBoxConfigInput, env?: NodeJS.ProcessEnv): OpenBoxConfig;
+declare function initializeOpenBox(input?: OpenBoxConfigInput): Promise<OpenBoxConfig>;
+declare function getOpenBoxConfig(): OpenBoxConfig | undefined;
+declare function setOpenBoxConfig(config: OpenBoxConfig): void;
+
+export { API_KEY_PATTERN, type OpenBoxConfig, type OpenBoxConfigInput, getOpenBoxConfig, initializeOpenBox, parseOpenBoxConfig, setOpenBoxConfig, validateApiKeyFormat, validateUrlSecurity };

package/dist/config/openbox-config.js

@@ -0,0 +1,162 @@
+import { z } from "zod";
+import { OpenBoxClient } from "../client/index.js";
+import {
+  OpenBoxAuthError,
+  OpenBoxConfigError,
+  OpenBoxInsecureURLError
+} from "../types/index.js";
+const API_KEY_PATTERN = /^obx_(live|test)_[a-zA-Z0-9_]+$/;
+const OPENBOX_CONFIG_SCHEMA = z.object({
+  apiKey: z.string().regex(API_KEY_PATTERN, {
+    message: "Invalid API key format. Expected 'obx_live_*' or 'obx_test_*'."
+  }),
+  apiUrl: z.string().min(1),
+  evaluateMaxRetries: z.number().int().nonnegative().default(2),
+  evaluateRetryBaseDelayMs: z.number().int().nonnegative().default(150),
+  governanceTimeout: z.number().nonnegative().default(30),
+  hitlEnabled: z.boolean().default(true),
+  httpCapture: z.boolean().default(true),
+  instrumentDatabases: z.boolean().default(true),
+  instrumentFileIo: z.boolean().default(false),
+  maxEvaluatePayloadBytes: z.number().int().positive().default(256e3),
+  onApiError: z.enum(["fail_open", "fail_closed"]).default("fail_open"),
+  sendActivityStartEvent: z.boolean().default(true),
+  sendStartEvent: z.boolean().default(true),
+  skipActivityTypes: z.set(z.string()).default(/* @__PURE__ */ new Set(["send_governance_event"])),
+  skipHitlActivityTypes: z.set(z.string()).default(/* @__PURE__ */ new Set(["send_governance_event"])),
+  skipSignals: z.set(z.string()).default(/* @__PURE__ */ new Set()),
+  skipWorkflowTypes: z.set(z.string()).default(/* @__PURE__ */ new Set()),
+  validate: z.boolean().default(true)
+});
+let globalConfig;
+function validateApiKeyFormat(apiKey) {
+  return API_KEY_PATTERN.test(apiKey);
+}
+function validateUrlSecurity(apiUrl) {
+  const url = new URL(apiUrl);
+  const hostname = url.hostname.replace(/^\[(.*)\]$/, "$1");
+  const isLocalhost = hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1";
+  if (url.protocol === "http:" && !isLocalhost) {
+    throw new OpenBoxInsecureURLError(
+      `Insecure HTTP URL detected: ${apiUrl}. Use HTTPS for non-localhost URLs to protect API keys in transit.`
+    );
+  }
+}
+function parseOpenBoxConfig(input = {}, env = process.env) {
+  const apiUrl = input.apiUrl ?? env.OPENBOX_URL;
+  const apiKey = input.apiKey ?? env.OPENBOX_API_KEY;
+  if (!apiUrl || !apiKey) {
+    throw new OpenBoxConfigError(
+      "Missing OpenBox configuration. Both OPENBOX_URL and OPENBOX_API_KEY are required."
+    );
+  }
+  if (!validateApiKeyFormat(apiKey)) {
+    throw new OpenBoxAuthError(
+      "Invalid API key format. Expected 'obx_live_*' or 'obx_test_*'."
+    );
+  }
+  validateUrlSecurity(apiUrl);
+  const parsed = OPENBOX_CONFIG_SCHEMA.parse({
+    apiKey,
+    apiUrl: apiUrl.replace(/\/+$/, ""),
+    evaluateMaxRetries: input.evaluateMaxRetries ?? parseInteger(env.OPENBOX_EVALUATE_MAX_RETRIES, 2),
+    evaluateRetryBaseDelayMs: input.evaluateRetryBaseDelayMs ?? parseInteger(env.OPENBOX_EVALUATE_RETRY_BASE_DELAY_MS, 150),
+    governanceTimeout: input.governanceTimeout ?? parseNumber(env.OPENBOX_GOVERNANCE_TIMEOUT, 30),
+    hitlEnabled: input.hitlEnabled ?? parseBoolean(env.OPENBOX_HITL_ENABLED, true),
+    httpCapture: input.httpCapture ?? parseBoolean(env.OPENBOX_HTTP_CAPTURE, true),
+    instrumentDatabases: input.instrumentDatabases ?? parseBoolean(env.OPENBOX_INSTRUMENT_DATABASES, true),
+    instrumentFileIo: input.instrumentFileIo ?? parseBoolean(env.OPENBOX_INSTRUMENT_FILE_IO, false),
+    maxEvaluatePayloadBytes: input.maxEvaluatePayloadBytes ?? parseInteger(env.OPENBOX_MAX_EVALUATE_PAYLOAD_BYTES, 256e3),
+    onApiError: input.onApiError ?? parsePolicy(env.OPENBOX_GOVERNANCE_POLICY, "fail_open"),
+    sendActivityStartEvent: input.sendActivityStartEvent ?? parseBoolean(env.OPENBOX_SEND_ACTIVITY_START_EVENT, true),
+    sendStartEvent: input.sendStartEvent ?? parseBoolean(env.OPENBOX_SEND_START_EVENT, true),
+    skipActivityTypes: iterableToSet(input.skipActivityTypes) ?? parseCsvSet(env.OPENBOX_SKIP_ACTIVITY_TYPES, ["send_governance_event"]),
+    skipHitlActivityTypes: iterableToSet(input.skipHitlActivityTypes) ?? parseCsvSet(env.OPENBOX_SKIP_HITL_ACTIVITY_TYPES, ["send_governance_event"]),
+    skipSignals: iterableToSet(input.skipSignals) ?? parseCsvSet(env.OPENBOX_SKIP_SIGNALS),
+    skipWorkflowTypes: iterableToSet(input.skipWorkflowTypes) ?? parseCsvSet(env.OPENBOX_SKIP_WORKFLOW_TYPES),
+    validate: input.validate ?? parseBoolean(env.OPENBOX_VALIDATE, true)
+  });
+  return parsed;
+}
+async function initializeOpenBox(input = {}) {
+  const config = parseOpenBoxConfig(input);
+  if (config.validate) {
+    const client = new OpenBoxClient({
+      apiKey: config.apiKey,
+      apiUrl: config.apiUrl,
+      timeoutSeconds: config.governanceTimeout
+    });
+    await client.validateApiKey();
+  }
+  globalConfig = config;
+  return config;
+}
+function getOpenBoxConfig() {
+  return globalConfig;
+}
+function setOpenBoxConfig(config) {
+  globalConfig = config;
+}
+function parseBoolean(value, defaultValue) {
+  if (value == null) {
+    return defaultValue;
+  }
+  const normalized = value.trim().toLowerCase();
+  if (normalized === "true" || normalized === "1" || normalized === "yes") {
+    return true;
+  }
+  if (normalized === "false" || normalized === "0" || normalized === "no") {
+    return false;
+  }
+  throw new OpenBoxConfigError(`Invalid boolean value: ${value}`);
+}
+function parseCsvSet(value, defaults = []) {
+  if (!value) {
+    return new Set(defaults);
+  }
+  return new Set(
+    value.split(",").map((item) => item.trim()).filter(Boolean)
+  );
+}
+function parseNumber(value, defaultValue) {
+  if (!value) {
+    return defaultValue;
+  }
+  const parsed = Number(value);
+  if (Number.isNaN(parsed)) {
+    throw new OpenBoxConfigError(`Invalid numeric value: ${value}`);
+  }
+  return parsed;
+}
+function parseInteger(value, defaultValue) {
+  if (!value) {
+    return defaultValue;
+  }
+  const parsed = Number(value);
+  if (!Number.isFinite(parsed) || !Number.isInteger(parsed)) {
+    throw new OpenBoxConfigError(`Invalid integer value: ${value}`);
+  }
+  return parsed;
+}
+function parsePolicy(value, defaultValue) {
+  if (!value) {
+    return defaultValue;
+  }
+  if (value === "fail_open" || value === "fail_closed") {
+    return value;
+  }
+  throw new OpenBoxConfigError(`Invalid OpenBox governance policy: ${value}`);
+}
+function iterableToSet(value) {
+  return value ? new Set(value) : void 0;
+}
+export {
+  API_KEY_PATTERN,
+  getOpenBoxConfig,
+  initializeOpenBox,
+  parseOpenBoxConfig,
+  setOpenBoxConfig,
+  validateApiKeyFormat,
+  validateUrlSecurity
+};
+//# sourceMappingURL=openbox-config.js.map

package/dist/config/openbox-config.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/config/openbox-config.ts"],"sourcesContent":["import { z } from \"zod\";\n\nimport { OpenBoxClient, type OpenBoxApiErrorPolicy } from \"../client/index.js\";\nimport {\n  OpenBoxAuthError,\n  OpenBoxConfigError,\n  OpenBoxInsecureURLError\n} from \"../types/index.js\";\n\nexport const API_KEY_PATTERN = /^obx_(live|test)_[a-zA-Z0-9_]+$/;\n\nexport interface OpenBoxConfigInput {\n  apiKey?: string | undefined;\n  apiUrl?: string | undefined;\n  evaluateMaxRetries?: number | undefined;\n  evaluateRetryBaseDelayMs?: number | undefined;\n  governanceTimeout?: number | undefined;\n  hitlEnabled?: boolean | undefined;\n  httpCapture?: boolean | undefined;\n  instrumentDatabases?: boolean | undefined;\n  instrumentFileIo?: boolean | undefined;\n  maxEvaluatePayloadBytes?: number | undefined;\n  onApiError?: OpenBoxApiErrorPolicy | undefined;\n  sendActivityStartEvent?: boolean | undefined;\n  sendStartEvent?: boolean | undefined;\n  skipActivityTypes?: Iterable<string> | undefined;\n  skipHitlActivityTypes?: Iterable<string> | undefined;\n  skipSignals?: Iterable<string> | undefined;\n  skipWorkflowTypes?: Iterable<string> | undefined;\n  validate?: boolean | undefined;\n}\n\nexport interface OpenBoxConfig {\n  apiKey: string;\n  apiUrl: string;\n  evaluateMaxRetries: number;\n  evaluateRetryBaseDelayMs: number;\n  governanceTimeout: number;\n  hitlEnabled: boolean;\n  httpCapture: boolean;\n  instrumentDatabases: boolean;\n  instrumentFileIo: boolean;\n  maxEvaluatePayloadBytes: number;\n  onApiError: OpenBoxApiErrorPolicy;\n  sendActivityStartEvent: boolean;\n  sendStartEvent: boolean;\n  skipActivityTypes: Set<string>;\n  skipHitlActivityTypes: Set<string>;\n  skipSignals: Set<string>;\n  skipWorkflowTypes: Set<string>;\n  validate: boolean;\n}\n\nconst OPENBOX_CONFIG_SCHEMA = z.object({\n  apiKey: z.string().regex(API_KEY_PATTERN, {\n    message: \"Invalid API key format. Expected 'obx_live_*' or 'obx_test_*'.\"\n  }),\n  apiUrl: z.string().min(1),\n  evaluateMaxRetries: z.number().int().nonnegative().default(2),\n  evaluateRetryBaseDelayMs: z.number().int().nonnegative().default(150),\n  governanceTimeout: z.number().nonnegative().default(30),\n  hitlEnabled: z.boolean().default(true),\n  httpCapture: z.boolean().default(true),\n  instrumentDatabases: z.boolean().default(true),\n  instrumentFileIo: z.boolean().default(false),\n  maxEvaluatePayloadBytes: z.number().int().positive().default(256_000),\n  onApiError: z.enum([\"fail_open\", \"fail_closed\"]).default(\"fail_open\"),\n  sendActivityStartEvent: z.boolean().default(true),\n  sendStartEvent: z.boolean().default(true),\n  skipActivityTypes: z.set(z.string()).default(new Set([\"send_governance_event\"])),\n  skipHitlActivityTypes: z\n    .set(z.string())\n    .default(new Set([\"send_governance_event\"])),\n  skipSignals: z.set(z.string()).default(new Set()),\n  skipWorkflowTypes: z.set(z.string()).default(new Set()),\n  validate: z.boolean().default(true)\n});\n\nlet globalConfig: OpenBoxConfig | undefined;\n\nexport function validateApiKeyFormat(apiKey: string): boolean {\n  return API_KEY_PATTERN.test(apiKey);\n}\n\nexport function validateUrlSecurity(apiUrl: string): void {\n  const url = new URL(apiUrl);\n  const hostname = url.hostname.replace(/^\\[(.*)\\]$/, \"$1\");\n  const isLocalhost =\n    hostname === \"localhost\" || hostname === \"127.0.0.1\" || hostname === \"::1\";\n\n  if (url.protocol === \"http:\" && !isLocalhost) {\n    throw new OpenBoxInsecureURLError(\n      `Insecure HTTP URL detected: ${apiUrl}. Use HTTPS for non-localhost URLs to protect API keys in transit.`\n    );\n  }\n}\n\nexport function parseOpenBoxConfig(\n  input: OpenBoxConfigInput = {},\n  env: NodeJS.ProcessEnv = process.env\n): OpenBoxConfig {\n  const apiUrl = input.apiUrl ?? env.OPENBOX_URL;\n  const apiKey = input.apiKey ?? env.OPENBOX_API_KEY;\n\n  if (!apiUrl || !apiKey) {\n    throw new OpenBoxConfigError(\n      \"Missing OpenBox configuration. Both OPENBOX_URL and OPENBOX_API_KEY are required.\"\n    );\n  }\n\n  if (!validateApiKeyFormat(apiKey)) {\n    throw new OpenBoxAuthError(\n      \"Invalid API key format. Expected 'obx_live_*' or 'obx_test_*'.\"\n    );\n  }\n\n  validateUrlSecurity(apiUrl);\n\n  const parsed = OPENBOX_CONFIG_SCHEMA.parse({\n    apiKey,\n    apiUrl: apiUrl.replace(/\\/+$/, \"\"),\n    evaluateMaxRetries:\n      input.evaluateMaxRetries ??\n      parseInteger(env.OPENBOX_EVALUATE_MAX_RETRIES, 2),\n    evaluateRetryBaseDelayMs:\n      input.evaluateRetryBaseDelayMs ??\n      parseInteger(env.OPENBOX_EVALUATE_RETRY_BASE_DELAY_MS, 150),\n    governanceTimeout:\n      input.governanceTimeout ?? parseNumber(env.OPENBOX_GOVERNANCE_TIMEOUT, 30),\n    hitlEnabled: input.hitlEnabled ?? parseBoolean(env.OPENBOX_HITL_ENABLED, true),\n    httpCapture: input.httpCapture ?? parseBoolean(env.OPENBOX_HTTP_CAPTURE, true),\n    instrumentDatabases:\n      input.instrumentDatabases ??\n      parseBoolean(env.OPENBOX_INSTRUMENT_DATABASES, true),\n    instrumentFileIo:\n      input.instrumentFileIo ?? parseBoolean(env.OPENBOX_INSTRUMENT_FILE_IO, false),\n    maxEvaluatePayloadBytes:\n      input.maxEvaluatePayloadBytes ??\n      parseInteger(env.OPENBOX_MAX_EVALUATE_PAYLOAD_BYTES, 256_000),\n    onApiError:\n      input.onApiError ??\n      parsePolicy(env.OPENBOX_GOVERNANCE_POLICY, \"fail_open\"),\n    sendActivityStartEvent:\n      input.sendActivityStartEvent ??\n      parseBoolean(env.OPENBOX_SEND_ACTIVITY_START_EVENT, true),\n    sendStartEvent:\n      input.sendStartEvent ?? parseBoolean(env.OPENBOX_SEND_START_EVENT, true),\n    skipActivityTypes:\n      iterableToSet(input.skipActivityTypes) ??\n      parseCsvSet(env.OPENBOX_SKIP_ACTIVITY_TYPES, [\"send_governance_event\"]),\n    skipHitlActivityTypes:\n      iterableToSet(input.skipHitlActivityTypes) ??\n      parseCsvSet(env.OPENBOX_SKIP_HITL_ACTIVITY_TYPES, [\"send_governance_event\"]),\n    skipSignals:\n      iterableToSet(input.skipSignals) ?? parseCsvSet(env.OPENBOX_SKIP_SIGNALS),\n    skipWorkflowTypes:\n      iterableToSet(input.skipWorkflowTypes) ??\n      parseCsvSet(env.OPENBOX_SKIP_WORKFLOW_TYPES),\n    validate: input.validate ?? parseBoolean(env.OPENBOX_VALIDATE, true)\n  });\n\n  return parsed;\n}\n\nexport async function initializeOpenBox(\n  input: OpenBoxConfigInput = {}\n): Promise<OpenBoxConfig> {\n  const config = parseOpenBoxConfig(input);\n\n  if (config.validate) {\n    const client = new OpenBoxClient({\n      apiKey: config.apiKey,\n      apiUrl: config.apiUrl,\n      timeoutSeconds: config.governanceTimeout\n    });\n\n    await client.validateApiKey();\n  }\n\n  globalConfig = config;\n\n  return config;\n}\n\nexport function getOpenBoxConfig(): OpenBoxConfig | undefined {\n  return globalConfig;\n}\n\nexport function setOpenBoxConfig(config: OpenBoxConfig): void {\n  globalConfig = config;\n}\n\nfunction parseBoolean(value: string | undefined, defaultValue: boolean): boolean {\n  if (value == null) {\n    return defaultValue;\n  }\n\n  const normalized = value.trim().toLowerCase();\n\n  if (normalized === \"true\" || normalized === \"1\" || normalized === \"yes\") {\n    return true;\n  }\n\n  if (normalized === \"false\" || normalized === \"0\" || normalized === \"no\") {\n    return false;\n  }\n\n  throw new OpenBoxConfigError(`Invalid boolean value: ${value}`);\n}\n\nfunction parseCsvSet(\n  value: string | undefined,\n  defaults: Iterable<string> = []\n): Set<string> {\n  if (!value) {\n    return new Set(defaults);\n  }\n\n  return new Set(\n    value\n      .split(\",\")\n      .map(item => item.trim())\n      .filter(Boolean)\n  );\n}\n\nfunction parseNumber(value: string | undefined, defaultValue: number): number {\n  if (!value) {\n    return defaultValue;\n  }\n\n  const parsed = Number(value);\n\n  if (Number.isNaN(parsed)) {\n    throw new OpenBoxConfigError(`Invalid numeric value: ${value}`);\n  }\n\n  return parsed;\n}\n\nfunction parseInteger(value: string | undefined, defaultValue: number): number {\n  if (!value) {\n    return defaultValue;\n  }\n\n  const parsed = Number(value);\n\n  if (!Number.isFinite(parsed) || !Number.isInteger(parsed)) {\n    throw new OpenBoxConfigError(`Invalid integer value: ${value}`);\n  }\n\n  return parsed;\n}\n\nfunction parsePolicy(\n  value: string | undefined,\n  defaultValue: OpenBoxApiErrorPolicy\n): OpenBoxApiErrorPolicy {\n  if (!value) {\n    return defaultValue;\n  }\n\n  if (value === \"fail_open\" || value === \"fail_closed\") {\n    return value;\n  }\n\n  throw new OpenBoxConfigError(`Invalid OpenBox governance policy: ${value}`);\n}\n\nfunction iterableToSet(\n  value: Iterable<string> | undefined\n): Set<string> | undefined {\n  return value ? new Set(value) : undefined;\n}\n"],"mappings":"AAAA,SAAS,SAAS;AAElB,SAAS,qBAAiD;AAC1D;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEA,MAAM,kBAAkB;AA4C/B,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,QAAQ,EAAE,OAAO,EAAE,MAAM,iBAAiB;AAAA,IACxC,SAAS;AAAA,EACX,CAAC;AAAA,EACD,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACxB,oBAAoB,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,CAAC;AAAA,EAC5D,0BAA0B,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,GAAG;AAAA,EACpE,mBAAmB,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE;AAAA,EACtD,aAAa,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EACrC,aAAa,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EACrC,qBAAqB,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EAC7C,kBAAkB,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EAC3C,yBAAyB,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,KAAO;AAAA,EACpE,YAAY,EAAE,KAAK,CAAC,aAAa,aAAa,CAAC,EAAE,QAAQ,WAAW;AAAA,EACpE,wBAAwB,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EAChD,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EACxC,mBAAmB,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE,QAAQ,oBAAI,IAAI,CAAC,uBAAuB,CAAC,CAAC;AAAA,EAC/E,uBAAuB,EACpB,IAAI,EAAE,OAAO,CAAC,EACd,QAAQ,oBAAI,IAAI,CAAC,uBAAuB,CAAC,CAAC;AAAA,EAC7C,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE,QAAQ,oBAAI,IAAI,CAAC;AAAA,EAChD,mBAAmB,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE,QAAQ,oBAAI,IAAI,CAAC;AAAA,EACtD,UAAU,EAAE,QAAQ,EAAE,QAAQ,IAAI;AACpC,CAAC;AAED,IAAI;AAEG,SAAS,qBAAqB,QAAyB;AAC5D,SAAO,gBAAgB,KAAK,MAAM;AACpC;AAEO,SAAS,oBAAoB,QAAsB;AACxD,QAAM,MAAM,IAAI,IAAI,MAAM;AAC1B,QAAM,WAAW,IAAI,SAAS,QAAQ,cAAc,IAAI;AACxD,QAAM,cACJ,aAAa,eAAe,aAAa,eAAe,aAAa;AAEvE,MAAI,IAAI,aAAa,WAAW,CAAC,aAAa;AAC5C,UAAM,IAAI;AAAA,MACR,+BAA+B,MAAM;AAAA,IACvC;AAAA,EACF;AACF;AAEO,SAAS,mBACd,QAA4B,CAAC,GAC7B,MAAyB,QAAQ,KAClB;AACf,QAAM,SAAS,MAAM,UAAU,IAAI;AACnC,QAAM,SAAS,MAAM,UAAU,IAAI;AAEnC,MAAI,CAAC,UAAU,CAAC,QAAQ;AACtB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,qBAAqB,MAAM,GAAG;AACjC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,sBAAoB,MAAM;AAE1B,QAAM,SAAS,sBAAsB,MAAM;AAAA,IACzC;AAAA,IACA,QAAQ,OAAO,QAAQ,QAAQ,EAAE;AAAA,IACjC,oBACE,MAAM,sBACN,aAAa,IAAI,8BAA8B,CAAC;AAAA,IAClD,0BACE,MAAM,4BACN,aAAa,IAAI,sCAAsC,GAAG;AAAA,IAC5D,mBACE,MAAM,qBAAqB,YAAY,IAAI,4BAA4B,EAAE;AAAA,IAC3E,aAAa,MAAM,eAAe,aAAa,IAAI,sBAAsB,IAAI;AAAA,IAC7E,aAAa,MAAM,eAAe,aAAa,IAAI,sBAAsB,IAAI;AAAA,IAC7E,qBACE,MAAM,uBACN,aAAa,IAAI,8BAA8B,IAAI;AAAA,IACrD,kBACE,MAAM,oBAAoB,aAAa,IAAI,4BAA4B,KAAK;AAAA,IAC9E,yBACE,MAAM,2BACN,aAAa,IAAI,oCAAoC,KAAO;AAAA,IAC9D,YACE,MAAM,cACN,YAAY,IAAI,2BAA2B,WAAW;AAAA,IACxD,wBACE,MAAM,0BACN,aAAa,IAAI,mCAAmC,IAAI;AAAA,IAC1D,gBACE,MAAM,kBAAkB,aAAa,IAAI,0BAA0B,IAAI;AAAA,IACzE,mBACE,cAAc,MAAM,iBAAiB,KACrC,YAAY,IAAI,6BAA6B,CAAC,uBAAuB,CAAC;AAAA,IACxE,uBACE,cAAc,MAAM,qBAAqB,KACzC,YAAY,IAAI,kCAAkC,CAAC,uBAAuB,CAAC;AAAA,IAC7E,aACE,cAAc,MAAM,WAAW,KAAK,YAAY,IAAI,oBAAoB;AAAA,IAC1E,mBACE,cAAc,MAAM,iBAAiB,KACrC,YAAY,IAAI,2BAA2B;AAAA,IAC7C,UAAU,MAAM,YAAY,aAAa,IAAI,kBAAkB,IAAI;AAAA,EACrE,CAAC;AAED,SAAO;AACT;AAEA,eAAsB,kBACpB,QAA4B,CAAC,GACL;AACxB,QAAM,SAAS,mBAAmB,KAAK;AAEvC,MAAI,OAAO,UAAU;AACnB,UAAM,SAAS,IAAI,cAAc;AAAA,MAC/B,QAAQ,OAAO;AAAA,MACf,QAAQ,OAAO;AAAA,MACf,gBAAgB,OAAO;AAAA,IACzB,CAAC;AAED,UAAM,OAAO,eAAe;AAAA,EAC9B;AAEA,iBAAe;AAEf,SAAO;AACT;AAEO,SAAS,mBAA8C;AAC5D,SAAO;AACT;AAEO,SAAS,iBAAiB,QAA6B;AAC5D,iBAAe;AACjB;AAEA,SAAS,aAAa,OAA2B,cAAgC;AAC/E,MAAI,SAAS,MAAM;AACjB,WAAO;AAAA,EACT;AAEA,QAAM,aAAa,MAAM,KAAK,EAAE,YAAY;AAE5C,MAAI,eAAe,UAAU,eAAe,OAAO,eAAe,OAAO;AACvE,WAAO;AAAA,EACT;AAEA,MAAI,eAAe,WAAW,eAAe,OAAO,eAAe,MAAM;AACvE,WAAO;AAAA,EACT;AAEA,QAAM,IAAI,mBAAmB,0BAA0B,KAAK,EAAE;AAChE;AAEA,SAAS,YACP,OACA,WAA6B,CAAC,GACjB;AACb,MAAI,CAAC,OAAO;AACV,WAAO,IAAI,IAAI,QAAQ;AAAA,EACzB;AAEA,SAAO,IAAI;AAAA,IACT,MACG,MAAM,GAAG,EACT,IAAI,UAAQ,KAAK,KAAK,CAAC,EACvB,OAAO,OAAO;AAAA,EACnB;AACF;AAEA,SAAS,YAAY,OAA2B,cAA8B;AAC5E,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,QAAM,SAAS,OAAO,KAAK;AAE3B,MAAI,OAAO,MAAM,MAAM,GAAG;AACxB,UAAM,IAAI,mBAAmB,0BAA0B,KAAK,EAAE;AAAA,EAChE;AAEA,SAAO;AACT;AAEA,SAAS,aAAa,OAA2B,cAA8B;AAC7E,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,QAAM,SAAS,OAAO,KAAK;AAE3B,MAAI,CAAC,OAAO,SAAS,MAAM,KAAK,CAAC,OAAO,UAAU,MAAM,GAAG;AACzD,UAAM,IAAI,mBAAmB,0BAA0B,KAAK,EAAE;AAAA,EAChE;AAEA,SAAO;AACT;AAEA,SAAS,YACP,OACA,cACuB;AACvB,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,MAAI,UAAU,eAAe,UAAU,eAAe;AACpD,WAAO;AAAA,EACT;AAEA,QAAM,IAAI,mBAAmB,sCAAsC,KAAK,EAAE;AAC5E;AAEA,SAAS,cACP,OACyB;AACzB,SAAO,QAAQ,IAAI,IAAI,KAAK,IAAI;AAClC;","names":[]}

package/dist/governance/activity-runtime.d.ts

@@ -0,0 +1,42 @@
+import { ToolExecutionContext } from '@mastra/core/tools';
+import { OpenBoxClient } from '../client/openbox-client.js';
+import { OpenBoxConfig } from '../config/openbox-config.js';
+import { OpenBoxSpanProcessor } from '../span/openbox-span-processor.js';
+import '../types/governance-verdict-response.js';
+import '../types/guardrails.js';
+import '../types/verdict.js';
+import '@opentelemetry/api';
+import '@opentelemetry/sdk-trace-base';
+import '../types/workflow-span-buffer.js';
+
+interface WorkflowSuspendContext {
+    runId: string;
+    setState: (state: unknown) => void | Promise<void>;
+    state: unknown;
+    suspend: (payload: unknown, options?: Record<string, unknown>) => unknown | Promise<unknown>;
+    workflowId: string;
+}
+interface ToolExecutionContextLike {
+    agent?: ToolExecutionContext["agent"];
+    requestContext?: ToolExecutionContext["requestContext"];
+    workflow?: WorkflowSuspendContext | undefined;
+}
+interface ActivityRuntimeDependencies {
+    client: OpenBoxClient;
+    config: OpenBoxConfig;
+    spanProcessor: OpenBoxSpanProcessor;
+}
+interface GovernedActivityOptions<TInput, TOutput> {
+    dependencies: ActivityRuntimeDependencies;
+    execute: (input: TInput) => Promise<TOutput>;
+    input: TInput;
+    runtimeContext: ToolExecutionContextLike;
+    type: string;
+}
+declare function executeGovernedActivity<TInput, TOutput>({ dependencies, execute, input, runtimeContext, type }: GovernedActivityOptions<TInput, TOutput>): Promise<TOutput | undefined>;
+declare function serializeValue(value: unknown): unknown;
+declare function normalizeSpansForGovernance(spans: Array<Record<string, unknown>>): Array<Record<string, unknown>>;
+declare function appendGoalToActivityInput(activityInput: unknown, goal: string | undefined): unknown;
+declare function applyRedaction(original: unknown, redacted: unknown): unknown;
+
+export { type ActivityRuntimeDependencies, type GovernedActivityOptions, type ToolExecutionContextLike, type WorkflowSuspendContext, appendGoalToActivityInput, applyRedaction, executeGovernedActivity, normalizeSpansForGovernance, serializeValue };