@punktechnologies/sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE ADDED
@@ -0,0 +1,162 @@
1
+ Apache License
2
+ Version 2.0, January 2004
3
+ http://www.apache.org/licenses/
4
+
5
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
+
7
+ 1. Definitions.
8
+
9
+ "License" shall mean the terms and conditions for use, reproduction, and
10
+ distribution as defined by Sections 1 through 9 of this document.
11
+
12
+ "Licensor" shall mean the copyright owner or entity authorized by the
13
+ copyright owner that is granting the License.
14
+
15
+ "Legal Entity" shall mean the union of the acting entity and all other
16
+ entities that control, are controlled by, or are under common control with
17
+ that entity. For the purposes of this definition, "control" means (i) the
18
+ power, direct or indirect, to cause the direction or management of such
19
+ entity, whether by contract or otherwise, or (ii) ownership of fifty percent
20
+ (50%) or more of the outstanding shares, or (iii) beneficial ownership of such
21
+ entity.
22
+
23
+ "You" (or "Your") shall mean an individual or Legal Entity exercising
24
+ permissions granted by this License.
25
+
26
+ "Source" form shall mean the preferred form for making modifications,
27
+ including but not limited to software source code, documentation source, and
28
+ configuration files.
29
+
30
+ "Object" form shall mean any form resulting from mechanical transformation or
31
+ translation of a Source form, including but not limited to compiled object
32
+ code, generated documentation, and conversions to other media types.
33
+
34
+ "Work" shall mean the work of authorship, whether in Source or Object form,
35
+ made available under the License, as indicated by a copyright notice that is
36
+ included in or attached to the work.
37
+
38
+ "Derivative Works" shall mean any work, whether in Source or Object form, that
39
+ is based on (or derived from) the Work and for which the editorial revisions,
40
+ annotations, elaborations, or other modifications represent, as a whole, an
41
+ original work of authorship. For the purposes of this License, Derivative
42
+ Works shall not include works that remain separable from, or merely link (or
43
+ bind by name) to the interfaces of, the Work and Derivative Works thereof.
44
+
45
+ "Contribution" shall mean any work of authorship, including the original
46
+ version of the Work and any modifications or additions to that Work or
47
+ Derivative Works thereof, that is intentionally submitted to Licensor for
48
+ inclusion in the Work by the copyright owner or by an individual or Legal
49
+ Entity authorized to submit on behalf of the copyright owner. For the purposes
50
+ of this definition, "submitted" means any form of electronic, verbal, or
51
+ written communication sent to the Licensor or its representatives, including
52
+ but not limited to communication on electronic mailing lists, source code
53
+ control systems, and issue tracking systems that are managed by, or on behalf
54
+ of, the Licensor for the purpose of discussing and improving the Work, but
55
+ excluding communication that is conspicuously marked or otherwise designated
56
+ in writing by the copyright owner as "Not a Contribution."
57
+
58
+ "Contributor" shall mean Licensor and any individual or Legal Entity on behalf
59
+ of whom a Contribution has been received by Licensor and subsequently
60
+ incorporated within the Work.
61
+
62
+ 2. Grant of Copyright License. Subject to the terms and conditions of this
63
+ License, each Contributor hereby grants to You a perpetual, worldwide,
64
+ non-exclusive, no-charge, royalty-free, irrevocable copyright license to
65
+ reproduce, prepare Derivative Works of, publicly display, publicly perform,
66
+ sublicense, and distribute the Work and such Derivative Works in Source or
67
+ Object form.
68
+
69
+ 3. Grant of Patent License. Subject to the terms and conditions of this
70
+ License, each Contributor hereby grants to You a perpetual, worldwide,
71
+ non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this
72
+ section) patent license to make, have made, use, offer to sell, sell, import,
73
+ and otherwise transfer the Work, where such license applies only to those
74
+ patent claims licensable by such Contributor that are necessarily infringed by
75
+ their Contribution(s) alone or by combination of their Contribution(s) with the
76
+ Work to which such Contribution(s) was submitted. If You institute patent
77
+ litigation against any entity (including a cross-claim or counterclaim in a
78
+ lawsuit) alleging that the Work or a Contribution incorporated within the Work
79
+ constitutes direct or contributory patent infringement, then any patent
80
+ licenses granted to You under this License for that Work shall terminate as of
81
+ the date such litigation is filed.
82
+
83
+ 4. Redistribution. You may reproduce and distribute copies of the Work or
84
+ Derivative Works thereof in any medium, with or without modifications, and in
85
+ Source or Object form, provided that You meet the following conditions:
86
+
87
+ (a) You must give any other recipients of the Work or Derivative Works a copy
88
+ of this License; and
89
+
90
+ (b) You must cause any modified files to carry prominent notices stating that
91
+ You changed the files; and
92
+
93
+ (c) You must retain, in the Source form of any Derivative Works that You
94
+ distribute, all copyright, patent, trademark, and attribution notices from the
95
+ Source form of the Work, excluding those notices that do not pertain to any
96
+ part of the Derivative Works; and
97
+
98
+ (d) If the Work includes a "NOTICE" text file as part of its distribution, then
99
+ any Derivative Works that You distribute must include a readable copy of the
100
+ attribution notices contained within such NOTICE file, excluding those notices
101
+ that do not pertain to any part of the Derivative Works, in at least one of the
102
+ following places: within a NOTICE text file distributed as part of the
103
+ Derivative Works; within the Source form or documentation, if provided along
104
+ with the Derivative Works; or within a display generated by the Derivative
105
+ Works, if and wherever such third-party notices normally appear. The contents
106
+ of the NOTICE file are for informational purposes only and do not modify the
107
+ License. You may add Your own attribution notices within Derivative Works that
108
+ You distribute, alongside or as an addendum to the NOTICE text from the Work,
109
+ provided that such additional attribution notices cannot be construed as
110
+ modifying the License.
111
+
112
+ You may add Your own copyright statement to Your modifications and may provide
113
+ additional or different license terms and conditions for use, reproduction, or
114
+ distribution of Your modifications, or for any such Derivative Works as a
115
+ whole, provided Your use, reproduction, and distribution of the Work otherwise
116
+ complies with the conditions stated in this License.
117
+
118
+ 5. Submission of Contributions. Unless You explicitly state otherwise, any
119
+ Contribution intentionally submitted for inclusion in the Work by You to the
120
+ Licensor shall be under the terms and conditions of this License, without any
121
+ additional terms or conditions. Notwithstanding the above, nothing herein shall
122
+ supersede or modify the terms of any separate license agreement you may have
123
+ executed with Licensor regarding such Contributions.
124
+
125
+ 6. Trademarks. This License does not grant permission to use the trade names,
126
+ trademarks, service marks, or product names of the Licensor, except as required
127
+ for reasonable and customary use in describing the origin of the Work and
128
+ reproducing the content of the NOTICE file.
129
+
130
+ 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in
131
+ writing, Licensor provides the Work (and each Contributor provides its
132
+ Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
133
+ KIND, either express or implied, including, without limitation, any warranties
134
+ or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
135
+ PARTICULAR PURPOSE. You are solely responsible for determining the
136
+ appropriateness of using or redistributing the Work and assume any risks
137
+ associated with Your exercise of permissions under this License.
138
+
139
+ 8. Limitation of Liability. In no event and under no legal theory, whether in
140
+ tort (including negligence), contract, or otherwise, unless required by
141
+ applicable law (such as deliberate and grossly negligent acts) or agreed to in
142
+ writing, shall any Contributor be liable to You for damages, including any
143
+ direct, indirect, special, incidental, or consequential damages of any
144
+ character arising as a result of this License or out of the use or inability to
145
+ use the Work (including but not limited to damages for loss of goodwill, work
146
+ stoppage, computer failure or malfunction, or any and all other commercial
147
+ damages or losses), even if such Contributor has been advised of the
148
+ possibility of such damages.
149
+
150
+ 9. Accepting Warranty or Additional Liability. While redistributing the Work or
151
+ Derivative Works thereof, You may choose to offer, and charge a fee for,
152
+ acceptance of support, warranty, indemnity, or other liability obligations
153
+ and/or rights consistent with this License. However, in accepting such
154
+ obligations, You may act only on Your own behalf and on Your sole
155
+ responsibility, not on behalf of any other Contributor, and only if You agree
156
+ to indemnify, defend, and hold each Contributor harmless for any liability
157
+ incurred by, or claims asserted against, such Contributor by reason of your
158
+ accepting any such warranty or additional liability.
159
+
160
+ END OF TERMS AND CONDITIONS
161
+
162
+ Copyright 2026 Punk Technologies, Inc.
package/README.md ADDED
@@ -0,0 +1,169 @@
1
+ # Punk SDK
2
+
3
+ Public TypeScript SDK and integration examples for Punk, the adaptive runtime for production AI agents.
4
+
5
+ Punk sits between your agent and model/tool providers. It gives existing agent apps trace IDs, route explanations, caching, governance, feedback, evidence packets, and optimization telemetry without requiring a rewrite.
6
+
7
+ This repository contains the public client boundary only: SDK source, types, examples, and developer docs. The hosted Punk runtime, optimizer, learning system, replay/shadow infrastructure, governance implementation, dashboard, and deployment code are not part of this repo.
8
+
9
+ ## Install
10
+
11
+ ```bash
12
+ npm install @punktechnologies/sdk
13
+ # or
14
+ bun add @punktechnologies/sdk
15
+ ```
16
+
17
+ Set your gateway URL and API key:
18
+
19
+ ```bash
20
+ export PUNK_BASE_URL=https://api.punktechnologies.com
21
+ export PUNK_API_KEY=pk_...
22
+ ```
23
+
24
+ For local development against a private gateway:
25
+
26
+ ```bash
27
+ export PUNK_BASE_URL=http://localhost:4100
28
+ ```
29
+
30
+ ## One-Line Gateway Integration
31
+
32
+ You do not need this SDK for the first integration. Existing OpenAI-compatible clients can route through Punk by changing `baseURL`:
33
+
34
+ ```ts
35
+ import OpenAI from "openai";
36
+
37
+ const root = process.env.PUNK_BASE_URL ?? "https://api.punktechnologies.com";
38
+
39
+ const client = new OpenAI({
40
+ baseURL: `${root.replace(/\/$/, "")}/v1`,
41
+ apiKey: process.env.PUNK_API_KEY,
42
+ defaultHeaders: {
43
+ "X-Punk-App": "support-app",
44
+ "X-Punk-Agent": "triage-agent",
45
+ "X-Punk-Subject": "user-123"
46
+ }
47
+ });
48
+
49
+ const { data, response } = await client.chat.completions
50
+ .create({
51
+ model: "gpt-4o",
52
+ messages: [{ role: "user", content: "Classify this ticket: refund request" }]
53
+ })
54
+ .withResponse();
55
+
56
+ console.log(response.headers.get("x-punk-run-id"));
57
+ console.log(response.headers.get("x-punk-route"));
58
+ console.log(data.choices[0]?.message?.content);
59
+ ```
60
+
61
+ The same pattern works with Anthropic SDK, Vercel AI SDK, LangChain, raw HTTP, and other OpenAI-compatible clients. See [`examples/`](examples/).
62
+
63
+ ## Native SDK
64
+
65
+ Use `@punktechnologies/sdk` when you want client helpers for tracing tools, feedback, SOM web fetches, route/evidence reads, learning state, and MCP registry operations.
66
+
67
+ ```ts
68
+ import { Punk } from "@punktechnologies/sdk";
69
+
70
+ const punk = new Punk({
71
+ baseUrl: process.env.PUNK_BASE_URL,
72
+ apiKey: process.env.PUNK_API_KEY,
73
+ app: "support-app",
74
+ agent: "triage-agent",
75
+ subject: "user-123"
76
+ });
77
+
78
+ const result = await punk.chat({
79
+ model: "gpt-4o",
80
+ messages: [{ role: "user", content: "Classify this ticket: refund request" }]
81
+ });
82
+
83
+ console.log(result.content);
84
+ console.log(result.route);
85
+ console.log(result.runId);
86
+ ```
87
+
88
+ ### Trace Tools
89
+
90
+ Declare side-effect levels so Punk can cache safe reads and account for writes:
91
+
92
+ ```ts
93
+ const lookupAccount = punk.traceTool({
94
+ name: "crm.lookupAccount",
95
+ sideEffectLevel: 1,
96
+ ttlSeconds: 300,
97
+ execute: async (args: { accountId: string }) => crm.get(args.accountId)
98
+ });
99
+
100
+ const account = await lookupAccount({ accountId: "acct_123" }, { runId: result.runId });
101
+ ```
102
+
103
+ Side-effect levels:
104
+
105
+ | Level | Meaning | Example |
106
+ | --- | --- | --- |
107
+ | 0 | Pure computation | parse, format, score |
108
+ | 1 | Read-only external | search, CRM read, fetch |
109
+ | 2 | Reversible/idempotent write | idempotent upsert |
110
+ | 3 | User-visible write | email, Slack, ticket create |
111
+ | 4 | High-impact write | payment, deletion, permissions |
112
+
113
+ Undeclared tools default to level 3. Levels 0-1 with a TTL can participate in tool-result caching. Levels 2-4 emit planned/executed side-effect telemetry around execution.
114
+
115
+ ### Read Evidence
116
+
117
+ ```ts
118
+ await punk.feedback(result.runId, 1);
119
+
120
+ const detail = await punk.runDetail(result.runId);
121
+ console.log(detail.run.routeExplanation);
122
+
123
+ const savings = await punk.savings();
124
+ console.log(savings.totalSavedUsd);
125
+ ```
126
+
127
+ ### Punk Chorus
128
+
129
+ Punk Chorus is selected with `model: "punk/chorus"` on the same gateway wire:
130
+
131
+ ```ts
132
+ import { Punk, punkChorusChat } from "@punktechnologies/sdk";
133
+
134
+ const answer = await punk.chat(punkChorusChat({
135
+ messages: [{ role: "user", content: "Answer with evidence and a receipt." }],
136
+ budget_limit_usd: 0.25,
137
+ latency_mode: "balanced",
138
+ quality_mode: "maximum_quality",
139
+ receipt_mode: "full",
140
+ research_mode: "som"
141
+ }));
142
+
143
+ const receipt = await punk.receipt(answer.runId);
144
+ ```
145
+
146
+ ## Repository Contents
147
+
148
+ ```text
149
+ src/ SDK source and public types
150
+ test/ SDK behavior tests
151
+ examples/ integration examples for common agent stacks
152
+ docs/ SDK reference
153
+ ```
154
+
155
+ ## Development
156
+
157
+ ```bash
158
+ bun install
159
+ bun run test
160
+ bun run build
161
+ bun run typecheck
162
+ bun run pack:check
163
+ ```
164
+
165
+ The package is dependency-free at runtime and supports Node.js 18+ and Bun.
166
+
167
+ ## Security
168
+
169
+ Security reports go to security@punktechnologies.com. Do not disclose vulnerabilities, secrets, customer data, or governance bypasses in public issues.
@@ -0,0 +1,334 @@
1
+ /**
2
+ * @punktechnologies/sdk — developer-facing client for the Punk gateway.
3
+ *
4
+ * Point your agent's gateway traffic at Punk, wrap your tools with
5
+ * `traceTool`, and the runtime observes, caches, learns and (after replay +
6
+ * shadow proof) routes repeated work through deterministic artifacts.
7
+ */
8
+ import type { Artifact, ArtifactEvaluation, McpServerRecord, McpTestResult, Pattern, PromotionGateStatus, Run, SavingsSummary, SideEffectLevel, SideEffectRecord, SomDiff, SomSnapshot, TraceEvent, TraceEventType, TrustLane, WebActionIntent, WebActionResult } from "./types";
9
+ export type * from "./types";
10
+ export interface PunkOptions {
11
+ /** Gateway base URL. Default: http://localhost:4100 */
12
+ baseUrl?: string;
13
+ /** Bearer token (only needed when the gateway sets PUNK_API_KEY). */
14
+ apiKey?: string;
15
+ /** Logical application name, sent as X-Punk-App. Default: "default-app". */
16
+ app?: string;
17
+ /** Agent identity, sent as X-Punk-Agent. */
18
+ agent?: string;
19
+ /** Pseudonymous end-user identifier, sent as X-Punk-Subject. */
20
+ subject?: string;
21
+ }
22
+ export declare const PUNK_CHORUS_MODEL: "punk/chorus";
23
+ /** @deprecated Use PUNK_CHORUS_MODEL. */
24
+ export declare const PUNK_MODEL: "punk/chorus";
25
+ export type PunkLatencyMode = "fast" | "balanced" | "deep" | "maximum_quality" | (string & {});
26
+ export type PunkQualityMode = "economy" | "balanced" | "frontier_optional" | "maximum_quality" | (string & {});
27
+ export type PunkReceiptMode = "off" | "none" | "summary" | "full" | (string & {});
28
+ export type PunkCircuitMode = "off" | "reuse" | "learn" | (string & {});
29
+ export type PunkAuditLevel = "minimal" | "standard" | "full" | (string & {});
30
+ export type PunkResearchMode = "off" | "som" | "plasmate" | "deep" | (string & {});
31
+ export type PunkModelClass = "commercial" | "frontier" | "open_weight" | "local" | (string & {});
32
+ export interface PunkChorusMetadata {
33
+ requestId?: string;
34
+ workflowId?: string;
35
+ tenantHint?: string;
36
+ labels?: string[];
37
+ [key: string]: unknown;
38
+ }
39
+ export interface PunkChorusOptions {
40
+ budget_limit_usd?: number;
41
+ latency_mode?: PunkLatencyMode;
42
+ quality_mode?: PunkQualityMode;
43
+ policy_profile?: string;
44
+ receipt_mode?: PunkReceiptMode;
45
+ circuit_mode?: PunkCircuitMode;
46
+ shadow_mode?: boolean;
47
+ audit_level?: PunkAuditLevel;
48
+ /** Enable the governed SOTA mix preset for maximum-quality Chorus runs. */
49
+ sota_mix?: boolean;
50
+ research_mode?: PunkResearchMode;
51
+ research_max_queries?: number;
52
+ research_max_sources?: number;
53
+ research_context_chars?: number;
54
+ live_panel_models?: string[] | string;
55
+ live_synthesis_model?: string;
56
+ live_synthesis_required?: boolean;
57
+ live_synthesis_max_tokens?: number;
58
+ /** Compatibility alias for live_synthesis_model. */
59
+ answer_model?: string;
60
+ /** Compatibility alias for live_synthesis_max_tokens. */
61
+ answer_max_tokens?: number;
62
+ local_only?: boolean;
63
+ allowed_model_classes?: PunkModelClass[];
64
+ blocked_providers?: string[];
65
+ /** Punk Chorus metadata forwarded in the OpenAI-compatible request body. */
66
+ chorus?: PunkChorusMetadata;
67
+ }
68
+ export interface ChatParams extends PunkChorusOptions {
69
+ model: string;
70
+ messages: Array<{
71
+ role: string;
72
+ content: string;
73
+ }>;
74
+ temperature?: number;
75
+ max_tokens?: number;
76
+ max_completion_tokens?: number;
77
+ top_p?: number;
78
+ response_format?: unknown;
79
+ tools?: ChatTool[];
80
+ tool_choice?: unknown;
81
+ }
82
+ export interface ChatTool {
83
+ type?: "function";
84
+ function?: {
85
+ name: string;
86
+ description?: string;
87
+ parameters?: Record<string, unknown>;
88
+ sideEffectLevel?: SideEffectLevel;
89
+ ttlSeconds?: number;
90
+ };
91
+ name?: string;
92
+ description?: string;
93
+ parameters?: Record<string, unknown>;
94
+ sideEffectLevel?: SideEffectLevel;
95
+ ttlSeconds?: number;
96
+ }
97
+ export interface ChatToolCall {
98
+ id: string;
99
+ type: "function";
100
+ function: {
101
+ name: string;
102
+ arguments: string;
103
+ };
104
+ }
105
+ export interface ChatResult {
106
+ content: string;
107
+ toolCalls: ChatToolCall[];
108
+ runId: string;
109
+ route: string;
110
+ raw: any;
111
+ }
112
+ export interface PunkReceipt {
113
+ id?: string;
114
+ runId?: string;
115
+ route?: string;
116
+ chorus?: PunkChorusMetadata;
117
+ metadata?: Record<string, unknown>;
118
+ [key: string]: unknown;
119
+ }
120
+ export interface EvidencePacket {
121
+ punkEvidencePacket?: number;
122
+ summary?: Record<string, unknown>;
123
+ routeExplanation?: unknown;
124
+ events?: unknown[];
125
+ chorus?: PunkChorusMetadata;
126
+ metadata?: Record<string, unknown>;
127
+ [key: string]: unknown;
128
+ }
129
+ export interface WebFetchResult {
130
+ som: SomSnapshot;
131
+ source: string;
132
+ cached: boolean;
133
+ /** Canonical observed URL after redirects and fragment normalization. */
134
+ url: string;
135
+ /** Caller-supplied URL after server-side trim/canonicalization, before redirects. */
136
+ requestedUrl: string;
137
+ htmlBytes: number;
138
+ somBytes: number;
139
+ tokensSavedEstimate: number;
140
+ diff?: SomDiff;
141
+ context: string;
142
+ }
143
+ export interface WebSessionSummary {
144
+ id: string;
145
+ url: string;
146
+ source: string;
147
+ openedAt: number;
148
+ ageMs: number;
149
+ }
150
+ export interface WebSessionOpenResult {
151
+ sessionId: string;
152
+ som: SomSnapshot;
153
+ source: string;
154
+ session: WebSessionSummary;
155
+ context: string;
156
+ }
157
+ export interface WebActResult {
158
+ result: WebActionResult;
159
+ som: SomSnapshot;
160
+ diff?: SomDiff;
161
+ session: WebSessionSummary;
162
+ context: string;
163
+ }
164
+ export interface LearningReport {
165
+ artifactsSynthesized: number;
166
+ promotionsEligible: string[];
167
+ autoPromoted: string[];
168
+ synthesisReports?: Array<Record<string, unknown>>;
169
+ [key: string]: unknown;
170
+ }
171
+ export interface RunDetail {
172
+ run: Run;
173
+ events: TraceEvent[];
174
+ sideEffects: SideEffectRecord[];
175
+ }
176
+ export interface ArtifactDetail {
177
+ artifact: Artifact;
178
+ evaluations: ArtifactEvaluation[];
179
+ pattern: Pattern | null;
180
+ promotionGate?: PromotionGateStatus;
181
+ }
182
+ export interface CacheStats {
183
+ stats: Array<{
184
+ cacheType: string;
185
+ entries: number;
186
+ hits: number;
187
+ }>;
188
+ }
189
+ export interface ToolDefinition<TArgs, TResult> {
190
+ name: string;
191
+ /** 0 pure … 4 high-impact. Undeclared tools are treated as level 3 (conservative). */
192
+ sideEffectLevel?: SideEffectLevel;
193
+ /** Read-only tools (level <= 1) with a TTL participate in the tool-result cache. */
194
+ ttlSeconds?: number;
195
+ /** Optional schema/version fingerprint used to isolate tool-result cache entries across contract changes. */
196
+ schemaFp?: string;
197
+ execute: (args: TArgs) => Promise<TResult> | TResult;
198
+ }
199
+ export type TracedTool<TArgs, TResult> = (args: TArgs, ctx?: {
200
+ runId?: string;
201
+ }) => Promise<TResult>;
202
+ export declare function punkChorusChat(params: Omit<ChatParams, "model"> & {
203
+ model?: typeof PUNK_CHORUS_MODEL;
204
+ }): ChatParams;
205
+ /** @deprecated Use punkChorusChat. */
206
+ export declare const punkModelChat: typeof punkChorusChat;
207
+ export declare class Punk {
208
+ readonly baseUrl: string;
209
+ readonly app: string;
210
+ readonly agent?: string;
211
+ readonly subject?: string;
212
+ private readonly apiKey?;
213
+ constructor(opts?: PunkOptions);
214
+ /** Send an OpenAI-compatible chat completion through the gateway. */
215
+ chat(params: ChatParams): Promise<ChatResult>;
216
+ /**
217
+ * Wrap a tool so every invocation is traced into the run it belongs to, and
218
+ * explicitly declared read-only results (level <= 1 with a TTL) flow
219
+ * through the tool-result cache. Tracing requires `ctx.runId`; without it
220
+ * the tool still executes, silently untraced and uncached.
221
+ */
222
+ traceTool<TArgs, TResult>(def: ToolDefinition<TArgs, TResult>): TracedTool<TArgs, TResult>;
223
+ /** Append a trace event to a run. */
224
+ trace(runId: string, type: TraceEventType | string, payload: Record<string, unknown>): Promise<void>;
225
+ feedback(runId: string, rating: 1 | -1, correction?: string): Promise<void>;
226
+ fetchSom(url: string, opts?: {
227
+ bypassCache?: boolean;
228
+ }): Promise<WebFetchResult>;
229
+ /**
230
+ * Web sessions & actions — the perception→action loop. Open a session,
231
+ * act on SOM element ids (click/type/select/submit), close it. Actions are
232
+ * policy-governed server-side: type/select and read-only clicks are
233
+ * "read:web" (side-effect level 0–1); submit and submit-button clicks are
234
+ * "write:web" at level 3 and can be denied/held by policy (403).
235
+ * Observe-mode keys cannot perform web writes.
236
+ */
237
+ readonly web: {
238
+ openSession: (url: string) => Promise<WebSessionOpenResult>;
239
+ act: (sessionId: string, intent: WebActionIntent) => Promise<WebActResult>;
240
+ closeSession: (sessionId: string) => Promise<{
241
+ ok: true;
242
+ }>;
243
+ listSessions: () => Promise<{
244
+ sessions: WebSessionSummary[];
245
+ }>;
246
+ };
247
+ /**
248
+ * The gateway's external-MCP registry: register servers (admin), test
249
+ * connections (connect + list_tools), and let workflow tool_call nodes use
250
+ * them. Note: stdio servers execute their command on the GATEWAY host —
251
+ * registration is an operator-level action.
252
+ */
253
+ readonly mcp: {
254
+ listServers: () => Promise<McpServerRecord[]>;
255
+ createServer: (server: {
256
+ name: string;
257
+ transport: "stdio" | "http";
258
+ command?: string;
259
+ args?: string[];
260
+ url?: string;
261
+ /** Values may be cred:<credentialId> references (resolved at connect time). */
262
+ env?: Record<string, string>;
263
+ headers?: Record<string, string>;
264
+ enabled?: boolean;
265
+ }) => Promise<McpServerRecord>;
266
+ /** Connect + list_tools (throwaway connection); persists the server's status. */
267
+ testServer: (id: string) => Promise<McpTestResult>;
268
+ };
269
+ /**
270
+ * Declare what memory/context influenced a run, tagged with its trust lane.
271
+ * Recording is ALWAYS allowed (cheap, useful telemetry). When the tenant
272
+ * enables memory quarantine, low-trust influence (untrusted/observed) on a
273
+ * run gates that run's high-impact (side-effect ≥ threshold) actions to
274
+ * approval_required — "untrusted web content can't trigger a payment".
275
+ */
276
+ readonly memory: {
277
+ recordInfluence: (runId: string, influence: {
278
+ source: string;
279
+ trustLane: TrustLane;
280
+ contentHash?: string;
281
+ }) => Promise<{
282
+ ok: boolean;
283
+ influence: {
284
+ id: string;
285
+ runId: string;
286
+ source: string;
287
+ trustLane: TrustLane;
288
+ };
289
+ }>;
290
+ };
291
+ /**
292
+ * Ingest an externally-handled prompt (Claude Code / Claude app / any
293
+ * client) as a completed OBSERVED run: $0 cost, model "external", redaction
294
+ * honored. Returns the created run id.
295
+ */
296
+ ingestPrompt(source: string, prompt: string, opts?: {
297
+ sessionId?: string;
298
+ metadata?: Record<string, unknown>;
299
+ }): Promise<{
300
+ runId: string;
301
+ }>;
302
+ savings(): Promise<SavingsSummary>;
303
+ patterns(): Promise<Pattern[]>;
304
+ artifacts(): Promise<Artifact[]>;
305
+ artifactDetail(id: string): Promise<ArtifactDetail>;
306
+ runDetail(id: string): Promise<RunDetail>;
307
+ receipt(id: string): Promise<PunkReceipt>;
308
+ evidencePacket(runId: string): Promise<EvidencePacket>;
309
+ cacheStats(): Promise<CacheStats>;
310
+ learningTick(): Promise<LearningReport>;
311
+ promoteArtifact(id: string): Promise<Artifact>;
312
+ /** Best-effort cache lookup; network failures degrade to a miss. */
313
+ toolCacheCheck(toolName: string, args: unknown, sideEffectLevel?: SideEffectLevel, schemaFp?: string): Promise<{
314
+ hit: boolean;
315
+ result?: unknown;
316
+ }>;
317
+ /** Best-effort cache store; failures are swallowed. */
318
+ toolCacheStore(toolName: string, args: unknown, result: unknown, ttlSeconds?: number, sideEffectLevel?: SideEffectLevel, schemaFp?: string): Promise<void>;
319
+ private headers;
320
+ private request;
321
+ private parseJsonResponse;
322
+ private toError;
323
+ private toTransportError;
324
+ private responseErrorMessage;
325
+ /** Tracing is observability, not control flow — failures are swallowed. */
326
+ private tryTrace;
327
+ /**
328
+ * Trace a tool call and return Punk's governance decision when one is
329
+ * provided. Transport/API failures still fail open so telemetry outages do
330
+ * not break tools; explicit deny/approval decisions remain control flow.
331
+ */
332
+ private tryTraceDecision;
333
+ }
334
+ export default Punk;