@safekeylab/sdk 1.0.0

package/dist/integrations/openai.mjs

@@ -0,0 +1,321 @@
+// src/types.ts
+var SafeKeyLabError = class extends Error {
+  constructor(message, code, statusCode) {
+    super(message);
+    this.code = code;
+    this.statusCode = statusCode;
+    this.name = "SafeKeyLabError";
+  }
+};
+var PIIBlockedError = class extends SafeKeyLabError {
+  constructor(detections) {
+    super(
+      `Request blocked: PII detected (${detections.map((d) => d.type).join(", ")})`,
+      "PII_BLOCKED"
+    );
+    this.detections = detections;
+    this.name = "PIIBlockedError";
+  }
+};
+var ThreatBlockedError = class extends SafeKeyLabError {
+  constructor(threats) {
+    super(
+      `Request blocked: Threat detected (${threats.map((t) => t.type).join(", ")})`,
+      "THREAT_BLOCKED"
+    );
+    this.threats = threats;
+    this.name = "ThreatBlockedError";
+  }
+};
+
+// src/client.ts
+var DEFAULT_BASE_URL = "https://api.safekeylab.com";
+var DEFAULT_TIMEOUT = 3e4;
+var SafeKeyLab = class {
+  constructor(config) {
+    if (!config.apiKey) {
+      throw new SafeKeyLabError("API key is required", "MISSING_API_KEY");
+    }
+    this.apiKey = config.apiKey;
+    this.baseUrl = config.baseUrl || DEFAULT_BASE_URL;
+    this.timeout = config.timeout || DEFAULT_TIMEOUT;
+    this.debug = config.debug || false;
+  }
+  log(...args) {
+    if (this.debug) {
+      console.log("[SafeKeyLab]", ...args);
+    }
+  }
+  async request(method, endpoint, body) {
+    const url = `${this.baseUrl}${endpoint}`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    this.log(`${method} ${url}`, body);
+    try {
+      const response = await fetch(url, {
+        method,
+        headers: {
+          "Authorization": `Bearer ${this.apiKey}`,
+          "Content-Type": "application/json",
+          "User-Agent": "@safekeylab/sdk/1.0.0"
+        },
+        body: body ? JSON.stringify(body) : void 0,
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      const data = await response.json();
+      if (!response.ok) {
+        throw new SafeKeyLabError(
+          data.error || data.message || "Request failed",
+          data.code || "API_ERROR",
+          response.status
+        );
+      }
+      this.log("Response:", data);
+      return data;
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof SafeKeyLabError) {
+        throw error;
+      }
+      if (error instanceof Error) {
+        if (error.name === "AbortError") {
+          throw new SafeKeyLabError("Request timeout", "TIMEOUT");
+        }
+        throw new SafeKeyLabError(error.message, "NETWORK_ERROR");
+      }
+      throw new SafeKeyLabError("Unknown error", "UNKNOWN_ERROR");
+    }
+  }
+  /**
+   * Detect PII in text
+   */
+  async detect(request) {
+    return this.request("POST", "/v1/detect", request);
+  }
+  /**
+   * Detect PII in text (convenience method)
+   */
+  async detectPII(text, options) {
+    return this.detect({ text, ...options });
+  }
+  /**
+   * Redact/protect PII in text
+   */
+  async protect(request) {
+    return this.request("POST", "/v1/protect", request);
+  }
+  /**
+   * Redact PII from text (convenience method)
+   */
+  async redact(text, options) {
+    const response = await this.protect({ text, ...options });
+    return response.redacted_text;
+  }
+  /**
+   * Validate a prompt for security threats
+   */
+  async validatePrompt(request) {
+    return this.request("POST", "/v1/validate-prompt", request);
+  }
+  /**
+   * Check if a prompt is safe (convenience method)
+   */
+  async isPromptSafe(prompt, context) {
+    const response = await this.validatePrompt({ prompt, context });
+    return response.is_safe;
+  }
+  /**
+   * Scan LLM output for issues
+   */
+  async scanOutput(request) {
+    return this.request("POST", "/v1/scan-output", request);
+  }
+  /**
+   * Full protection pipeline: validate input, redact PII, return protected text
+   */
+  async protectInput(text) {
+    const [detectResult, validateResult] = await Promise.all([
+      this.detect({ text }),
+      this.validatePrompt({ prompt: text })
+    ]);
+    let protectedText = text;
+    let wasModified = false;
+    if (detectResult.count > 0) {
+      const protectResult = await this.protect({ text });
+      protectedText = protectResult.redacted_text;
+      wasModified = true;
+    }
+    return {
+      text: protectedText,
+      wasModified,
+      detections: detectResult.detections,
+      threats: validateResult.threats
+    };
+  }
+  /**
+   * Create a sandbox client (no API key required, rate limited)
+   */
+  static sandbox(options) {
+    return new SafeKeyLabSandbox(options);
+  }
+};
+var SafeKeyLabSandbox = class {
+  constructor(config) {
+    this.baseUrl = config?.baseUrl || DEFAULT_BASE_URL;
+    this.timeout = config?.timeout || DEFAULT_TIMEOUT;
+    this.debug = config?.debug || false;
+  }
+  log(...args) {
+    if (this.debug) {
+      console.log("[SafeKeyLab:Sandbox]", ...args);
+    }
+  }
+  async request(method, endpoint, body) {
+    const url = `${this.baseUrl}${endpoint}`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    this.log(`${method} ${url}`, body);
+    try {
+      const response = await fetch(url, {
+        method,
+        headers: {
+          "Content-Type": "application/json",
+          "User-Agent": "@safekeylab/sdk/1.0.0"
+        },
+        body: body ? JSON.stringify(body) : void 0,
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      const data = await response.json();
+      if (!response.ok) {
+        throw new SafeKeyLabError(
+          data.error || data.message || "Request failed",
+          data.code || "API_ERROR",
+          response.status
+        );
+      }
+      this.log("Response:", data);
+      return data;
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof SafeKeyLabError) {
+        throw error;
+      }
+      if (error instanceof Error) {
+        if (error.name === "AbortError") {
+          throw new SafeKeyLabError("Request timeout", "TIMEOUT");
+        }
+        throw new SafeKeyLabError(error.message, "NETWORK_ERROR");
+      }
+      throw new SafeKeyLabError("Unknown error", "UNKNOWN_ERROR");
+    }
+  }
+  async detect(request) {
+    return this.request("POST", "/sandbox/v1/detect", request);
+  }
+  async protect(request) {
+    return this.request("POST", "/sandbox/v1/protect", request);
+  }
+  async validatePrompt(request) {
+    return this.request("POST", "/sandbox/v1/validate-prompt", request);
+  }
+};
+
+// src/integrations/openai.ts
+function wrapOpenAI(openai, options) {
+  const safekeylab = new SafeKeyLab({
+    apiKey: options.apiKey,
+    baseUrl: options.baseUrl,
+    timeout: options.timeout,
+    debug: options.debug
+  });
+  const config = {
+    blockOnPII: options.blockOnPII ?? false,
+    blockOnThreat: options.blockOnThreat ?? true,
+    piiTypes: options.piiTypes,
+    scanOutputs: options.scanOutputs ?? true,
+    onError: options.onError,
+    onPIIDetected: options.onPIIDetected,
+    onThreatDetected: options.onThreatDetected
+  };
+  const originalCreate = openai.chat.completions.create.bind(openai.chat.completions);
+  const protectedCreate = async (params) => {
+    const allDetections = [];
+    const allThreats = [];
+    const protectedMessages = await Promise.all(
+      params.messages.map(async (message) => {
+        const content = extractContent(message.content);
+        if (!content) return message;
+        const [detectResult, validateResult] = await Promise.all([
+          safekeylab.detect({ text: content, types: config.piiTypes }),
+          safekeylab.validatePrompt({ prompt: content })
+        ]);
+        if (detectResult.detections.length > 0) {
+          allDetections.push(...detectResult.detections);
+          config.onPIIDetected?.(detectResult.detections);
+          if (config.blockOnPII) {
+            throw new PIIBlockedError(detectResult.detections);
+          }
+        }
+        if (validateResult.threats.length > 0) {
+          allThreats.push(...validateResult.threats);
+          config.onThreatDetected?.(validateResult.threats);
+          if (config.blockOnThreat) {
+            throw new ThreatBlockedError(validateResult.threats);
+          }
+        }
+        if (detectResult.detections.length > 0) {
+          const protectResult = await safekeylab.protect({ text: content });
+          return {
+            ...message,
+            content: protectResult.redacted_text
+          };
+        }
+        return message;
+      })
+    );
+    const response = await originalCreate({
+      ...params,
+      messages: protectedMessages
+    });
+    if (config.scanOutputs) {
+      for (const choice of response.choices) {
+        const outputContent = choice.message?.content;
+        if (outputContent) {
+          const scanResult = await safekeylab.scanOutput({ output: outputContent });
+          if (!scanResult.is_safe) {
+            choice._safekeylab = {
+              output_issues: scanResult.issues
+            };
+          }
+        }
+      }
+    }
+    response._safekeylab = {
+      pii_detected: allDetections,
+      threats_detected: allThreats,
+      inputs_modified: allDetections.length > 0
+    };
+    return response;
+  };
+  openai.chat.completions.create = protectedCreate;
+  return openai;
+}
+function extractContent(content) {
+  if (typeof content === "string") {
+    return content;
+  }
+  if (Array.isArray(content)) {
+    return content.filter((part) => part.type === "text" && part.text).map((part) => part.text).join("\n");
+  }
+  return null;
+}
+function createProtectedOpenAI(options) {
+  return (openai) => wrapOpenAI(openai, options);
+}
+var openai_default = wrapOpenAI;
+
+export { createProtectedOpenAI, openai_default as default, wrapOpenAI };
+//# sourceMappingURL=openai.mjs.map
+//# sourceMappingURL=openai.mjs.map

package/dist/integrations/openai.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/types.ts","../../src/client.ts","../../src/integrations/openai.ts"],"names":[],"mappings":";AAgIO,IAAM,eAAA,GAAN,cAA8B,KAAA,CAAM;AAAA,EACzC,WAAA,CACE,OAAA,EACO,IAAA,EACA,UAAA,EACP;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAHN,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AACA,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAGP,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AAAA,EACd;AACF,CAAA;AAEO,IAAM,eAAA,GAAN,cAA8B,eAAA,CAAgB;AAAA,EACnD,YACS,UAAA,EACP;AACA,IAAA,KAAA;AAAA,MACE,CAAA,+BAAA,EAAkC,WAAW,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,IAAI,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA,CAAA;AAAA,MACxE;AAAA,KACF;AALO,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAMP,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AAAA,EACd;AACF,CAAA;AAEO,IAAM,kBAAA,GAAN,cAAiC,eAAA,CAAgB;AAAA,EACtD,YACS,OAAA,EACP;AACA,IAAA,KAAA;AAAA,MACE,CAAA,kCAAA,EAAqC,QAAQ,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,IAAI,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA,CAAA;AAAA,MACxE;AAAA,KACF;AALO,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAMP,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AAAA,EACd;AACF,CAAA;;;AChJA,IAAM,gBAAA,GAAmB,4BAAA;AACzB,IAAM,eAAA,GAAkB,GAAA;AAEjB,IAAM,aAAN,MAAiB;AAAA,EAMtB,YAAY,MAAA,EAA0B;AACpC,IAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAClB,MAAA,MAAM,IAAI,eAAA,CAAgB,qBAAA,EAAuB,iBAAiB,CAAA;AAAA,IACpE;AACA,IAAA,IAAA,CAAK,SAAS,MAAA,CAAO,MAAA;AACrB,IAAA,IAAA,CAAK,OAAA,GAAU,OAAO,OAAA,IAAW,gBAAA;AACjC,IAAA,IAAA,CAAK,OAAA,GAAU,OAAO,OAAA,IAAW,eAAA;AACjC,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAO,KAAA,IAAS,KAAA;AAAA,EAC/B;AAAA,EAEQ,OAAO,IAAA,EAAuB;AACpC,IAAA,IAAI,KAAK,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,GAAG,IAAI,CAAA;AAAA,IACrC;AAAA,EACF;AAAA,EAEA,MAAc,OAAA,CACZ,MAAA,EACA,QAAA,EACA,IAAA,EACY;AACZ,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,OAAO,GAAG,QAAQ,CAAA,CAAA;AACtC,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,YAAY,UAAA,CAAW,MAAM,WAAW,KAAA,EAAM,EAAG,KAAK,OAAO,CAAA;AAEnE,IAAA,IAAA,CAAK,IAAI,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,GAAG,IAAI,IAAI,CAAA;AAEjC,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,QAChC,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACP,eAAA,EAAiB,CAAA,OAAA,EAAU,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,UACtC,cAAA,EAAgB,kBAAA;AAAA,UAChB,YAAA,EAAc;AAAA,SAChB;AAAA,QACA,IAAA,EAAM,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,GAAI,KAAA,CAAA;AAAA,QACpC,QAAQ,UAAA,CAAW;AAAA,OACpB,CAAA;AAED,MAAA,YAAA,CAAa,SAAS,CAAA;AAEtB,MAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAEjC,MAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,QAAA,MAAM,IAAI,eAAA;AAAA,UACP,IAAA,CAAK,KAAA,IAAqB,IAAA,CAAK,OAAA,IAAsB,gBAAA;AAAA,UACrD,KAAK,IAAA,IAAmB,WAAA;AAAA,UACzB,QAAA,CAAS;AAAA,SACX;AAAA,MACF;AAEA,MAAA,IAAA,CAAK,GAAA,CAAI,aAAa,IAAI,CAAA;AAC1B,MAAA,OAAO,IAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,YAAA,CAAa,SAAS,CAAA;AACtB,MAAA,IAAI,iBAAiB,eAAA,EAAiB;AACpC,QAAA,MAAM,KAAA;AAAA,MACR;AACA,MAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,QAAA,IAAI,KAAA,CAAM,SAAS,YAAA,EAAc;AAC/B,UAAA,MAAM,IAAI,eAAA,CAAgB,iBAAA,EAAmB,SAAS,CAAA;AAAA,QACxD;AACA,QAAA,MAAM,IAAI,eAAA,CAAgB,KAAA,CAAM,OAAA,EAAS,eAAe,CAAA;AAAA,MAC1D;AACA,MAAA,MAAM,IAAI,eAAA,CAAgB,eAAA,EAAiB,eAAe,CAAA;AAAA,IAC5D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,OAAA,EAAiD;AAC5D,IAAA,OAAO,IAAA,CAAK,OAAA,CAAwB,MAAA,EAAQ,YAAA,EAAc,OAAO,CAAA;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAA,CAAU,IAAA,EAAc,OAAA,EAAgE;AAC5F,IAAA,OAAO,KAAK,MAAA,CAAO,EAAE,IAAA,EAAM,GAAG,SAAS,CAAA;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAQ,OAAA,EAAmD;AAC/D,IAAA,OAAO,IAAA,CAAK,OAAA,CAAyB,MAAA,EAAQ,aAAA,EAAe,OAAO,CAAA;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAA,CAAO,IAAA,EAAc,OAAA,EAAyD;AAClF,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAE,IAAA,EAAM,GAAG,SAAS,CAAA;AACxD,IAAA,OAAO,QAAA,CAAS,aAAA;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,OAAA,EAAiE;AACpF,IAAA,OAAO,IAAA,CAAK,OAAA,CAAgC,MAAA,EAAQ,qBAAA,EAAuB,OAAO,CAAA;AAAA,EACpF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAA,CAAa,MAAA,EAAgB,OAAA,EAAoC;AACrE,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,eAAe,EAAE,MAAA,EAAQ,SAAS,CAAA;AAC9D,IAAA,OAAO,QAAA,CAAS,OAAA;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,OAAA,EAAyD;AACxE,IAAA,OAAO,IAAA,CAAK,OAAA,CAA4B,MAAA,EAAQ,iBAAA,EAAmB,OAAO,CAAA;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,IAAA,EAKhB;AAED,IAAA,MAAM,CAAC,YAAA,EAAc,cAAc,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MACvD,IAAA,CAAK,MAAA,CAAO,EAAE,IAAA,EAAM,CAAA;AAAA,MACpB,IAAA,CAAK,cAAA,CAAe,EAAE,MAAA,EAAQ,MAAM;AAAA,KACrC,CAAA;AAED,IAAA,IAAI,aAAA,GAAgB,IAAA;AACpB,IAAA,IAAI,WAAA,GAAc,KAAA;AAGlB,IAAA,IAAI,YAAA,CAAa,QAAQ,CAAA,EAAG;AAC1B,MAAA,MAAM,gBAAgB,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAE,MAAM,CAAA;AACjD,MAAA,aAAA,GAAgB,aAAA,CAAc,aAAA;AAC9B,MAAA,WAAA,GAAc,IAAA;AAAA,IAChB;AAEA,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,aAAA;AAAA,MACN,WAAA;AAAA,MACA,YAAY,YAAA,CAAa,UAAA;AAAA,MACzB,SAAS,cAAA,CAAe;AAAA,KAC1B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,QAAQ,OAAA,EAA+D;AAC5E,IAAA,OAAO,IAAI,kBAAkB,OAAO,CAAA;AAAA,EACtC;AACF,CAAA;AAKO,IAAM,oBAAN,MAAwB;AAAA,EAK7B,YAAY,MAAA,EAA2C;AACrD,IAAA,IAAA,CAAK,OAAA,GAAU,QAAQ,OAAA,IAAW,gBAAA;AAClC,IAAA,IAAA,CAAK,OAAA,GAAU,QAAQ,OAAA,IAAW,eAAA;AAClC,IAAA,IAAA,CAAK,KAAA,GAAQ,QAAQ,KAAA,IAAS,KAAA;AAAA,EAChC;AAAA,EAEQ,OAAO,IAAA,EAAuB;AACpC,IAAA,IAAI,KAAK,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,GAAA,CAAI,sBAAA,EAAwB,GAAG,IAAI,CAAA;AAAA,IAC7C;AAAA,EACF;AAAA,EAEA,MAAc,OAAA,CACZ,MAAA,EACA,QAAA,EACA,IAAA,EACY;AACZ,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,OAAO,GAAG,QAAQ,CAAA,CAAA;AACtC,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,YAAY,UAAA,CAAW,MAAM,WAAW,KAAA,EAAM,EAAG,KAAK,OAAO,CAAA;AAEnE,IAAA,IAAA,CAAK,IAAI,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,GAAG,IAAI,IAAI,CAAA;AAEjC,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,QAChC,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,YAAA,EAAc;AAAA,SAChB;AAAA,QACA,IAAA,EAAM,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,GAAI,KAAA,CAAA;AAAA,QACpC,QAAQ,UAAA,CAAW;AAAA,OACpB,CAAA;AAED,MAAA,YAAA,CAAa,SAAS,CAAA;AACtB,MAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAEjC,MAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,QAAA,MAAM,IAAI,eAAA;AAAA,UACP,IAAA,CAAK,KAAA,IAAqB,IAAA,CAAK,OAAA,IAAsB,gBAAA;AAAA,UACrD,KAAK,IAAA,IAAmB,WAAA;AAAA,UACzB,QAAA,CAAS;AAAA,SACX;AAAA,MACF;AAEA,MAAA,IAAA,CAAK,GAAA,CAAI,aAAa,IAAI,CAAA;AAC1B,MAAA,OAAO,IAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,YAAA,CAAa,SAAS,CAAA;AACtB,MAAA,IAAI,iBAAiB,eAAA,EAAiB;AACpC,QAAA,MAAM,KAAA;AAAA,MACR;AACA,MAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,QAAA,IAAI,KAAA,CAAM,SAAS,YAAA,EAAc;AAC/B,UAAA,MAAM,IAAI,eAAA,CAAgB,iBAAA,EAAmB,SAAS,CAAA;AAAA,QACxD;AACA,QAAA,MAAM,IAAI,eAAA,CAAgB,KAAA,CAAM,OAAA,EAAS,eAAe,CAAA;AAAA,MAC1D;AACA,MAAA,MAAM,IAAI,eAAA,CAAgB,eAAA,EAAiB,eAAe,CAAA;AAAA,IAC5D;AAAA,EACF;AAAA,EAEA,MAAM,OAAO,OAAA,EAAiD;AAC5D,IAAA,OAAO,IAAA,CAAK,OAAA,CAAwB,MAAA,EAAQ,oBAAA,EAAsB,OAAO,CAAA;AAAA,EAC3E;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAmD;AAC/D,IAAA,OAAO,IAAA,CAAK,OAAA,CAAyB,MAAA,EAAQ,qBAAA,EAAuB,OAAO,CAAA;AAAA,EAC7E;AAAA,EAEA,MAAM,eAAe,OAAA,EAAiE;AACpF,IAAA,OAAO,IAAA,CAAK,OAAA,CAAgC,MAAA,EAAQ,6BAAA,EAA+B,OAAO,CAAA;AAAA,EAC5F;AACF,CAAA;;;AC9LO,SAAS,UAAA,CACd,QACA,OAAA,EACG;AACH,EAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW;AAAA,IAChC,QAAQ,OAAA,CAAQ,MAAA;AAAA,IAChB,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,OAAO,OAAA,CAAQ;AAAA,GAChB,CAAA;AAED,EAAA,MAAM,MAAA,GAAwB;AAAA,IAC5B,UAAA,EAAY,QAAQ,UAAA,IAAc,KAAA;AAAA,IAClC,aAAA,EAAe,QAAQ,aAAA,IAAiB,IAAA;AAAA,IACxC,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,WAAA,EAAa,QAAQ,WAAA,IAAe,IAAA;AAAA,IACpC,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,eAAe,OAAA,CAAQ,aAAA;AAAA,IACvB,kBAAkB,OAAA,CAAQ;AAAA,GAC5B;AAGA,EAAA,MAAM,cAAA,GAAiB,OAAO,IAAA,CAAK,WAAA,CAAY,OAAO,IAAA,CAAK,MAAA,CAAO,KAAK,WAAW,CAAA;AAElF,EAAA,MAAM,eAAA,GAAkB,OACtB,MAAA,KACkC;AAClC,IAAA,MAAM,gBAAgC,EAAC;AACvC,IAAA,MAAM,aAAuB,EAAC;AAG9B,IAAA,MAAM,iBAAA,GAAoB,MAAM,OAAA,CAAQ,GAAA;AAAA,MACtC,MAAA,CAAO,QAAA,CAAS,GAAA,CAAI,OAAO,OAAA,KAAY;AACrC,QAAA,MAAM,OAAA,GAAU,cAAA,CAAe,OAAA,CAAQ,OAAO,CAAA;AAC9C,QAAA,IAAI,CAAC,SAAS,OAAO,OAAA;AAGrB,QAAA,MAAM,CAAC,YAAA,EAAc,cAAc,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,UACvD,UAAA,CAAW,OAAO,EAAE,IAAA,EAAM,SAAS,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA;AAAA,UAC3D,UAAA,CAAW,cAAA,CAAe,EAAE,MAAA,EAAQ,SAAS;AAAA,SAC9C,CAAA;AAGD,QAAA,IAAI,YAAA,CAAa,UAAA,CAAW,MAAA,GAAS,CAAA,EAAG;AACtC,UAAA,aAAA,CAAc,IAAA,CAAK,GAAG,YAAA,CAAa,UAAU,CAAA;AAC7C,UAAA,MAAA,CAAO,aAAA,GAAgB,aAAa,UAAU,CAAA;AAE9C,UAAA,IAAI,OAAO,UAAA,EAAY;AACrB,YAAA,MAAM,IAAI,eAAA,CAAgB,YAAA,CAAa,UAAU,CAAA;AAAA,UACnD;AAAA,QACF;AAGA,QAAA,IAAI,cAAA,CAAe,OAAA,CAAQ,MAAA,GAAS,CAAA,EAAG;AACrC,UAAA,UAAA,CAAW,IAAA,CAAK,GAAG,cAAA,CAAe,OAAO,CAAA;AACzC,UAAA,MAAA,CAAO,gBAAA,GAAmB,eAAe,OAAO,CAAA;AAEhD,UAAA,IAAI,OAAO,aAAA,EAAe;AACxB,YAAA,MAAM,IAAI,kBAAA,CAAmB,cAAA,CAAe,OAAO,CAAA;AAAA,UACrD;AAAA,QACF;AAGA,QAAA,IAAI,YAAA,CAAa,UAAA,CAAW,MAAA,GAAS,CAAA,EAAG;AACtC,UAAA,MAAM,gBAAgB,MAAM,UAAA,CAAW,QAAQ,EAAE,IAAA,EAAM,SAAS,CAAA;AAChE,UAAA,OAAO;AAAA,YACL,GAAG,OAAA;AAAA,YACH,SAAS,aAAA,CAAc;AAAA,WACzB;AAAA,QACF;AAEA,QAAA,OAAO,OAAA;AAAA,MACT,CAAC;AAAA,KACH;AAGA,IAAA,MAAM,QAAA,GAAW,MAAM,cAAA,CAAe;AAAA,MACpC,GAAG,MAAA;AAAA,MACH,QAAA,EAAU;AAAA,KACX,CAAA;AAGD,IAAA,IAAI,OAAO,WAAA,EAAa;AACtB,MAAA,KAAA,MAAW,MAAA,IAAU,SAAS,OAAA,EAAS;AACrC,QAAA,MAAM,aAAA,GAAgB,OAAO,OAAA,EAAS,OAAA;AACtC,QAAA,IAAI,aAAA,EAAe;AACjB,UAAA,MAAM,aAAa,MAAM,UAAA,CAAW,WAAW,EAAE,MAAA,EAAQ,eAAe,CAAA;AACxE,UAAA,IAAI,CAAC,WAAW,OAAA,EAAS;AAEvB,YAAC,OAAmC,WAAA,GAAc;AAAA,cAChD,eAAe,UAAA,CAAW;AAAA,aAC5B;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAC,SAAqC,WAAA,GAAc;AAAA,MAClD,YAAA,EAAc,aAAA;AAAA,MACd,gBAAA,EAAkB,UAAA;AAAA,MAClB,eAAA,EAAiB,cAAc,MAAA,GAAS;AAAA,KAC1C;AAEA,IAAA,OAAO,QAAA;AAAA,EACT,CAAA;AAGA,EAAA,MAAA,CAAO,IAAA,CAAK,YAAY,MAAA,GAAS,eAAA;AAEjC,EAAA,OAAO,MAAA;AACT;AAKA,SAAS,eACP,OAAA,EACe;AACf,EAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,EAAG;AAC1B,IAAA,OAAO,QACJ,MAAA,CAAO,CAAC,IAAA,KAAS,IAAA,CAAK,SAAS,MAAA,IAAU,IAAA,CAAK,IAAI,CAAA,CAClD,IAAI,CAAC,IAAA,KAAS,KAAK,IAAI,CAAA,CACvB,KAAK,IAAI,CAAA;AAAA,EACd;AACA,EAAA,OAAO,IAAA;AACT;AAKO,SAAS,sBAAsB,OAAA,EAA+B;AACnE,EAAA,OAAO,CAAyB,MAAA,KAAiB,UAAA,CAAW,MAAA,EAAQ,OAAO,CAAA;AAC7E;AAEA,IAAO,cAAA,GAAQ","file":"openai.mjs","sourcesContent":["/**\n * SafeKeyLab SDK Types\n */\n\nexport interface SafeKeyLabConfig {\n  /** API key for authentication */\n  apiKey: string;\n  /** Base URL for the API (default: https://api.safekeylab.com) */\n  baseUrl?: string;\n  /** Request timeout in milliseconds (default: 30000) */\n  timeout?: number;\n  /** Enable debug logging (default: false) */\n  debug?: boolean;\n}\n\nexport interface PIIDetection {\n  /** Type of PII detected (EMAIL, PHONE, SSN, etc.) */\n  type: string;\n  /** The detected value */\n  value: string;\n  /** Start position in text */\n  start: number;\n  /** End position in text */\n  end: number;\n  /** Confidence score (0-1) */\n  confidence: number;\n}\n\nexport interface DetectRequest {\n  /** Text to scan for PII */\n  text: string;\n  /** Types of PII to detect (default: all) */\n  types?: string[];\n  /** Minimum confidence threshold (default: 0.5) */\n  minConfidence?: number;\n}\n\nexport interface DetectResponse {\n  success: boolean;\n  detections: PIIDetection[];\n  count: number;\n  processing_time_ms: number;\n}\n\nexport interface ProtectRequest {\n  /** Text to redact PII from */\n  text: string;\n  /** Types of PII to redact (default: all) */\n  types?: string[];\n  /** Redaction style: 'placeholder' | 'mask' | 'hash' (default: placeholder) */\n  style?: 'placeholder' | 'mask' | 'hash';\n}\n\nexport interface Redaction {\n  type: string;\n  original: string;\n  start: number;\n  end: number;\n}\n\nexport interface ProtectResponse {\n  success: boolean;\n  redacted_text: string;\n  redactions: Redaction[];\n  redactions_count: number;\n  original_length: number;\n  redacted_length: number;\n  processing_time_ms: number;\n}\n\nexport interface ValidatePromptRequest {\n  /** Prompt to validate */\n  prompt: string;\n  /** Additional context for validation */\n  context?: string;\n}\n\nexport interface Threat {\n  type: string;\n  severity: 'low' | 'medium' | 'high' | 'critical';\n  description: string;\n  matched?: string;\n}\n\nexport interface ValidatePromptResponse {\n  success: boolean;\n  is_safe: boolean;\n  threats: Threat[];\n  threats_detected: number;\n  recommendation: 'allow' | 'review' | 'block';\n  processing_time_ms: number;\n}\n\nexport interface ScanOutputRequest {\n  /** LLM output to scan */\n  output: string;\n  /** Original prompt for context */\n  prompt?: string;\n}\n\nexport interface ScanOutputResponse {\n  success: boolean;\n  is_safe: boolean;\n  issues: Array<{\n    type: string;\n    severity: string;\n    description: string;\n  }>;\n  processing_time_ms: number;\n}\n\nexport interface WrapperConfig {\n  /** Block requests containing PII (default: false, will redact instead) */\n  blockOnPII?: boolean;\n  /** Block requests with detected threats (default: true) */\n  blockOnThreat?: boolean;\n  /** Types of PII to detect/redact */\n  piiTypes?: string[];\n  /** Scan LLM outputs for issues (default: true) */\n  scanOutputs?: boolean;\n  /** Custom error handler */\n  onError?: (error: Error) => void;\n  /** Callback when PII is detected */\n  onPIIDetected?: (detections: PIIDetection[]) => void;\n  /** Callback when threat is detected */\n  onThreatDetected?: (threats: Threat[]) => void;\n}\n\nexport class SafeKeyLabError extends Error {\n  constructor(\n    message: string,\n    public code: string,\n    public statusCode?: number\n  ) {\n    super(message);\n    this.name = 'SafeKeyLabError';\n  }\n}\n\nexport class PIIBlockedError extends SafeKeyLabError {\n  constructor(\n    public detections: PIIDetection[]\n  ) {\n    super(\n      `Request blocked: PII detected (${detections.map(d => d.type).join(', ')})`,\n      'PII_BLOCKED'\n    );\n    this.name = 'PIIBlockedError';\n  }\n}\n\nexport class ThreatBlockedError extends SafeKeyLabError {\n  constructor(\n    public threats: Threat[]\n  ) {\n    super(\n      `Request blocked: Threat detected (${threats.map(t => t.type).join(', ')})`,\n      'THREAT_BLOCKED'\n    );\n    this.name = 'ThreatBlockedError';\n  }\n}\n","/**\n * SafeKeyLab API Client\n */\n\nimport {\n  SafeKeyLabConfig,\n  DetectRequest,\n  DetectResponse,\n  ProtectRequest,\n  ProtectResponse,\n  ValidatePromptRequest,\n  ValidatePromptResponse,\n  ScanOutputRequest,\n  ScanOutputResponse,\n  SafeKeyLabError,\n} from './types';\n\nconst DEFAULT_BASE_URL = 'https://api.safekeylab.com';\nconst DEFAULT_TIMEOUT = 30000;\n\nexport class SafeKeyLab {\n  private apiKey: string;\n  private baseUrl: string;\n  private timeout: number;\n  private debug: boolean;\n\n  constructor(config: SafeKeyLabConfig) {\n    if (!config.apiKey) {\n      throw new SafeKeyLabError('API key is required', 'MISSING_API_KEY');\n    }\n    this.apiKey = config.apiKey;\n    this.baseUrl = config.baseUrl || DEFAULT_BASE_URL;\n    this.timeout = config.timeout || DEFAULT_TIMEOUT;\n    this.debug = config.debug || false;\n  }\n\n  private log(...args: unknown[]): void {\n    if (this.debug) {\n      console.log('[SafeKeyLab]', ...args);\n    }\n  }\n\n  private async request<T>(\n    method: string,\n    endpoint: string,\n    body?: unknown\n  ): Promise<T> {\n    const url = `${this.baseUrl}${endpoint}`;\n    const controller = new AbortController();\n    const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n\n    this.log(`${method} ${url}`, body);\n\n    try {\n      const response = await fetch(url, {\n        method,\n        headers: {\n          'Authorization': `Bearer ${this.apiKey}`,\n          'Content-Type': 'application/json',\n          'User-Agent': '@safekeylab/sdk/1.0.0',\n        },\n        body: body ? JSON.stringify(body) : undefined,\n        signal: controller.signal,\n      });\n\n      clearTimeout(timeoutId);\n\n      const data = await response.json() as Record<string, unknown>;\n\n      if (!response.ok) {\n        throw new SafeKeyLabError(\n          (data.error as string) || (data.message as string) || 'Request failed',\n          (data.code as string) || 'API_ERROR',\n          response.status\n        );\n      }\n\n      this.log('Response:', data);\n      return data as T;\n    } catch (error) {\n      clearTimeout(timeoutId);\n      if (error instanceof SafeKeyLabError) {\n        throw error;\n      }\n      if (error instanceof Error) {\n        if (error.name === 'AbortError') {\n          throw new SafeKeyLabError('Request timeout', 'TIMEOUT');\n        }\n        throw new SafeKeyLabError(error.message, 'NETWORK_ERROR');\n      }\n      throw new SafeKeyLabError('Unknown error', 'UNKNOWN_ERROR');\n    }\n  }\n\n  /**\n   * Detect PII in text\n   */\n  async detect(request: DetectRequest): Promise<DetectResponse> {\n    return this.request<DetectResponse>('POST', '/v1/detect', request);\n  }\n\n  /**\n   * Detect PII in text (convenience method)\n   */\n  async detectPII(text: string, options?: Omit<DetectRequest, 'text'>): Promise<DetectResponse> {\n    return this.detect({ text, ...options });\n  }\n\n  /**\n   * Redact/protect PII in text\n   */\n  async protect(request: ProtectRequest): Promise<ProtectResponse> {\n    return this.request<ProtectResponse>('POST', '/v1/protect', request);\n  }\n\n  /**\n   * Redact PII from text (convenience method)\n   */\n  async redact(text: string, options?: Omit<ProtectRequest, 'text'>): Promise<string> {\n    const response = await this.protect({ text, ...options });\n    return response.redacted_text;\n  }\n\n  /**\n   * Validate a prompt for security threats\n   */\n  async validatePrompt(request: ValidatePromptRequest): Promise<ValidatePromptResponse> {\n    return this.request<ValidatePromptResponse>('POST', '/v1/validate-prompt', request);\n  }\n\n  /**\n   * Check if a prompt is safe (convenience method)\n   */\n  async isPromptSafe(prompt: string, context?: string): Promise<boolean> {\n    const response = await this.validatePrompt({ prompt, context });\n    return response.is_safe;\n  }\n\n  /**\n   * Scan LLM output for issues\n   */\n  async scanOutput(request: ScanOutputRequest): Promise<ScanOutputResponse> {\n    return this.request<ScanOutputResponse>('POST', '/v1/scan-output', request);\n  }\n\n  /**\n   * Full protection pipeline: validate input, redact PII, return protected text\n   */\n  async protectInput(text: string): Promise<{\n    text: string;\n    wasModified: boolean;\n    detections: DetectResponse['detections'];\n    threats: ValidatePromptResponse['threats'];\n  }> {\n    // Run detection and validation in parallel\n    const [detectResult, validateResult] = await Promise.all([\n      this.detect({ text }),\n      this.validatePrompt({ prompt: text }),\n    ]);\n\n    let protectedText = text;\n    let wasModified = false;\n\n    // Redact if PII found\n    if (detectResult.count > 0) {\n      const protectResult = await this.protect({ text });\n      protectedText = protectResult.redacted_text;\n      wasModified = true;\n    }\n\n    return {\n      text: protectedText,\n      wasModified,\n      detections: detectResult.detections,\n      threats: validateResult.threats,\n    };\n  }\n\n  /**\n   * Create a sandbox client (no API key required, rate limited)\n   */\n  static sandbox(options?: Omit<SafeKeyLabConfig, 'apiKey'>): SafeKeyLabSandbox {\n    return new SafeKeyLabSandbox(options);\n  }\n}\n\n/**\n * Sandbox client for testing (no API key required)\n */\nexport class SafeKeyLabSandbox {\n  private baseUrl: string;\n  private timeout: number;\n  private debug: boolean;\n\n  constructor(config?: Omit<SafeKeyLabConfig, 'apiKey'>) {\n    this.baseUrl = config?.baseUrl || DEFAULT_BASE_URL;\n    this.timeout = config?.timeout || DEFAULT_TIMEOUT;\n    this.debug = config?.debug || false;\n  }\n\n  private log(...args: unknown[]): void {\n    if (this.debug) {\n      console.log('[SafeKeyLab:Sandbox]', ...args);\n    }\n  }\n\n  private async request<T>(\n    method: string,\n    endpoint: string,\n    body?: unknown\n  ): Promise<T> {\n    const url = `${this.baseUrl}${endpoint}`;\n    const controller = new AbortController();\n    const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n\n    this.log(`${method} ${url}`, body);\n\n    try {\n      const response = await fetch(url, {\n        method,\n        headers: {\n          'Content-Type': 'application/json',\n          'User-Agent': '@safekeylab/sdk/1.0.0',\n        },\n        body: body ? JSON.stringify(body) : undefined,\n        signal: controller.signal,\n      });\n\n      clearTimeout(timeoutId);\n      const data = await response.json() as Record<string, unknown>;\n\n      if (!response.ok) {\n        throw new SafeKeyLabError(\n          (data.error as string) || (data.message as string) || 'Request failed',\n          (data.code as string) || 'API_ERROR',\n          response.status\n        );\n      }\n\n      this.log('Response:', data);\n      return data as T;\n    } catch (error) {\n      clearTimeout(timeoutId);\n      if (error instanceof SafeKeyLabError) {\n        throw error;\n      }\n      if (error instanceof Error) {\n        if (error.name === 'AbortError') {\n          throw new SafeKeyLabError('Request timeout', 'TIMEOUT');\n        }\n        throw new SafeKeyLabError(error.message, 'NETWORK_ERROR');\n      }\n      throw new SafeKeyLabError('Unknown error', 'UNKNOWN_ERROR');\n    }\n  }\n\n  async detect(request: DetectRequest): Promise<DetectResponse> {\n    return this.request<DetectResponse>('POST', '/sandbox/v1/detect', request);\n  }\n\n  async protect(request: ProtectRequest): Promise<ProtectResponse> {\n    return this.request<ProtectResponse>('POST', '/sandbox/v1/protect', request);\n  }\n\n  async validatePrompt(request: ValidatePromptRequest): Promise<ValidatePromptResponse> {\n    return this.request<ValidatePromptResponse>('POST', '/sandbox/v1/validate-prompt', request);\n  }\n}\n\nexport default SafeKeyLab;\n","/**\n * SafeKeyLab OpenAI Integration\n *\n * Wraps the OpenAI client to automatically protect inputs and scan outputs\n *\n * @example\n * ```typescript\n * import OpenAI from 'openai';\n * import { wrapOpenAI } from '@safekeylab/sdk/openai';\n *\n * const openai = wrapOpenAI(new OpenAI(), {\n *   apiKey: 'sk_live_...',\n * });\n *\n * // All calls are now protected\n * const response = await openai.chat.completions.create({\n *   model: 'gpt-4',\n *   messages: [{ role: 'user', content: 'My email is john@example.com' }],\n * });\n * // Input is automatically redacted to: \"My email is [EMAIL]\"\n * ```\n */\n\nimport { SafeKeyLab } from '../client';\nimport {\n  SafeKeyLabConfig,\n  WrapperConfig,\n  PIIDetection,\n  Threat,\n  PIIBlockedError,\n  ThreatBlockedError,\n} from '../types';\n\n// Type definitions for OpenAI SDK\ninterface OpenAIMessage {\n  role: string;\n  content: string | null | Array<{ type: string; text?: string; [key: string]: unknown }>;\n  [key: string]: unknown;\n}\n\ninterface OpenAIChatCompletionParams {\n  model: string;\n  messages: OpenAIMessage[];\n  [key: string]: unknown;\n}\n\ninterface OpenAIChoice {\n  message: {\n    content: string | null;\n    [key: string]: unknown;\n  };\n  [key: string]: unknown;\n}\n\ninterface OpenAIChatCompletion {\n  choices: OpenAIChoice[];\n  [key: string]: unknown;\n}\n\ninterface OpenAIChatCompletions {\n  create(params: OpenAIChatCompletionParams): Promise<OpenAIChatCompletion>;\n}\n\ninterface OpenAIChat {\n  completions: OpenAIChatCompletions;\n}\n\ninterface OpenAIClient {\n  chat: OpenAIChat;\n  [key: string]: unknown;\n}\n\nexport interface OpenAIWrapperOptions extends Partial<SafeKeyLabConfig>, WrapperConfig {}\n\n/**\n * Wrap an OpenAI client with SafeKeyLab protection\n */\nexport function wrapOpenAI<T extends OpenAIClient>(\n  openai: T,\n  options: OpenAIWrapperOptions\n): T {\n  const safekeylab = new SafeKeyLab({\n    apiKey: options.apiKey!,\n    baseUrl: options.baseUrl,\n    timeout: options.timeout,\n    debug: options.debug,\n  });\n\n  const config: WrapperConfig = {\n    blockOnPII: options.blockOnPII ?? false,\n    blockOnThreat: options.blockOnThreat ?? true,\n    piiTypes: options.piiTypes,\n    scanOutputs: options.scanOutputs ?? true,\n    onError: options.onError,\n    onPIIDetected: options.onPIIDetected,\n    onThreatDetected: options.onThreatDetected,\n  };\n\n  // Create a proxy for the chat.completions.create method\n  const originalCreate = openai.chat.completions.create.bind(openai.chat.completions);\n\n  const protectedCreate = async (\n    params: OpenAIChatCompletionParams\n  ): Promise<OpenAIChatCompletion> => {\n    const allDetections: PIIDetection[] = [];\n    const allThreats: Threat[] = [];\n\n    // Process each message\n    const protectedMessages = await Promise.all(\n      params.messages.map(async (message) => {\n        const content = extractContent(message.content);\n        if (!content) return message;\n\n        // Detect PII and validate prompt in parallel\n        const [detectResult, validateResult] = await Promise.all([\n          safekeylab.detect({ text: content, types: config.piiTypes }),\n          safekeylab.validatePrompt({ prompt: content }),\n        ]);\n\n        // Collect detections\n        if (detectResult.detections.length > 0) {\n          allDetections.push(...detectResult.detections);\n          config.onPIIDetected?.(detectResult.detections);\n\n          if (config.blockOnPII) {\n            throw new PIIBlockedError(detectResult.detections);\n          }\n        }\n\n        // Collect threats\n        if (validateResult.threats.length > 0) {\n          allThreats.push(...validateResult.threats);\n          config.onThreatDetected?.(validateResult.threats);\n\n          if (config.blockOnThreat) {\n            throw new ThreatBlockedError(validateResult.threats);\n          }\n        }\n\n        // Redact PII if found\n        if (detectResult.detections.length > 0) {\n          const protectResult = await safekeylab.protect({ text: content });\n          return {\n            ...message,\n            content: protectResult.redacted_text,\n          };\n        }\n\n        return message;\n      })\n    );\n\n    // Make the API call with protected messages\n    const response = await originalCreate({\n      ...params,\n      messages: protectedMessages,\n    });\n\n    // Scan outputs if enabled\n    if (config.scanOutputs) {\n      for (const choice of response.choices) {\n        const outputContent = choice.message?.content;\n        if (outputContent) {\n          const scanResult = await safekeylab.scanOutput({ output: outputContent });\n          if (!scanResult.is_safe) {\n            // Attach metadata to response\n            (choice as Record<string, unknown>)._safekeylab = {\n              output_issues: scanResult.issues,\n            };\n          }\n        }\n      }\n    }\n\n    // Attach metadata to response\n    (response as Record<string, unknown>)._safekeylab = {\n      pii_detected: allDetections,\n      threats_detected: allThreats,\n      inputs_modified: allDetections.length > 0,\n    };\n\n    return response;\n  };\n\n  // Replace the create method\n  openai.chat.completions.create = protectedCreate as typeof openai.chat.completions.create;\n\n  return openai;\n}\n\n/**\n * Extract text content from OpenAI message content\n */\nfunction extractContent(\n  content: string | null | Array<{ type: string; text?: string; [key: string]: unknown }>\n): string | null {\n  if (typeof content === 'string') {\n    return content;\n  }\n  if (Array.isArray(content)) {\n    return content\n      .filter((part) => part.type === 'text' && part.text)\n      .map((part) => part.text)\n      .join('\\n');\n  }\n  return null;\n}\n\n/**\n * Create a protected OpenAI client factory\n */\nexport function createProtectedOpenAI(options: OpenAIWrapperOptions) {\n  return <T extends OpenAIClient>(openai: T): T => wrapOpenAI(openai, options);\n}\n\nexport default wrapOpenAI;\n"]}

package/dist/integrations/vercel-ai.d.mts

@@ -0,0 +1,80 @@
+import { S as SafeKeyLabConfig, W as WrapperConfig } from '../types-CtDYLaOX.mjs';
+
+/**
+ * SafeKeyLab Vercel AI SDK Integration
+ *
+ * Provides middleware and wrappers for the Vercel AI SDK
+ *
+ * @example
+ * ```typescript
+ * import { openai } from '@ai-sdk/openai';
+ * import { generateText } from 'ai';
+ * import { withSafeKeyLab } from '@safekeylab/sdk/vercel-ai';
+ *
+ * // Wrap the model with SafeKeyLab protection
+ * const protectedModel = withSafeKeyLab(openai('gpt-4'), {
+ *   apiKey: 'sk_live_...',
+ * });
+ *
+ * const { text } = await generateText({
+ *   model: protectedModel,
+ *   prompt: 'My email is john@example.com',
+ * });
+ * // Input is automatically protected
+ * ```
+ */
+
+interface LanguageModelV1 {
+    specificationVersion: 'v1';
+    provider: string;
+    modelId: string;
+    defaultObjectGenerationMode?: 'json' | 'tool' | 'grammar';
+    doGenerate(options: DoGenerateOptions): Promise<DoGenerateResult>;
+    doStream?(options: DoGenerateOptions): Promise<DoStreamResult>;
+}
+interface DoGenerateOptions {
+    inputFormat: 'prompt' | 'messages';
+    mode: {
+        type: string;
+        [key: string]: unknown;
+    };
+    prompt: LanguageModelPrompt;
+    [key: string]: unknown;
+}
+interface LanguageModelPrompt {
+    system?: string;
+    messages?: Array<{
+        role: 'user' | 'assistant' | 'system' | 'tool';
+        content: string | Array<{
+            type: string;
+            text?: string;
+            [key: string]: unknown;
+        }>;
+    }>;
+}
+interface DoGenerateResult {
+    text?: string;
+    toolCalls?: unknown[];
+    finishReason: string;
+    usage: {
+        promptTokens: number;
+        completionTokens: number;
+    };
+    [key: string]: unknown;
+}
+interface DoStreamResult {
+    stream: ReadableStream;
+    [key: string]: unknown;
+}
+interface VercelAIWrapperOptions extends Partial<SafeKeyLabConfig>, WrapperConfig {
+}
+/**
+ * Wrap a Vercel AI SDK model with SafeKeyLab protection
+ */
+declare function withSafeKeyLab<T extends LanguageModelV1>(model: T, options: VercelAIWrapperOptions): T;
+/**
+ * Create a middleware function for Vercel AI SDK
+ */
+declare function createSafeKeyLabMiddleware(options: VercelAIWrapperOptions): <T extends LanguageModelV1>(model: T) => T;
+
+export { type VercelAIWrapperOptions, createSafeKeyLabMiddleware, withSafeKeyLab as default, withSafeKeyLab };

package/dist/integrations/vercel-ai.d.ts

@@ -0,0 +1,80 @@
+import { S as SafeKeyLabConfig, W as WrapperConfig } from '../types-CtDYLaOX.js';
+
+/**
+ * SafeKeyLab Vercel AI SDK Integration
+ *
+ * Provides middleware and wrappers for the Vercel AI SDK
+ *
+ * @example
+ * ```typescript
+ * import { openai } from '@ai-sdk/openai';
+ * import { generateText } from 'ai';
+ * import { withSafeKeyLab } from '@safekeylab/sdk/vercel-ai';
+ *
+ * // Wrap the model with SafeKeyLab protection
+ * const protectedModel = withSafeKeyLab(openai('gpt-4'), {
+ *   apiKey: 'sk_live_...',
+ * });
+ *
+ * const { text } = await generateText({
+ *   model: protectedModel,
+ *   prompt: 'My email is john@example.com',
+ * });
+ * // Input is automatically protected
+ * ```
+ */
+
+interface LanguageModelV1 {
+    specificationVersion: 'v1';
+    provider: string;
+    modelId: string;
+    defaultObjectGenerationMode?: 'json' | 'tool' | 'grammar';
+    doGenerate(options: DoGenerateOptions): Promise<DoGenerateResult>;
+    doStream?(options: DoGenerateOptions): Promise<DoStreamResult>;
+}
+interface DoGenerateOptions {
+    inputFormat: 'prompt' | 'messages';
+    mode: {
+        type: string;
+        [key: string]: unknown;
+    };
+    prompt: LanguageModelPrompt;
+    [key: string]: unknown;
+}
+interface LanguageModelPrompt {
+    system?: string;
+    messages?: Array<{
+        role: 'user' | 'assistant' | 'system' | 'tool';
+        content: string | Array<{
+            type: string;
+            text?: string;
+            [key: string]: unknown;
+        }>;
+    }>;
+}
+interface DoGenerateResult {
+    text?: string;
+    toolCalls?: unknown[];
+    finishReason: string;
+    usage: {
+        promptTokens: number;
+        completionTokens: number;
+    };
+    [key: string]: unknown;
+}
+interface DoStreamResult {
+    stream: ReadableStream;
+    [key: string]: unknown;
+}
+interface VercelAIWrapperOptions extends Partial<SafeKeyLabConfig>, WrapperConfig {
+}
+/**
+ * Wrap a Vercel AI SDK model with SafeKeyLab protection
+ */
+declare function withSafeKeyLab<T extends LanguageModelV1>(model: T, options: VercelAIWrapperOptions): T;
+/**
+ * Create a middleware function for Vercel AI SDK
+ */
+declare function createSafeKeyLabMiddleware(options: VercelAIWrapperOptions): <T extends LanguageModelV1>(model: T) => T;
+
+export { type VercelAIWrapperOptions, createSafeKeyLabMiddleware, withSafeKeyLab as default, withSafeKeyLab };