@spendguard/sdk 0.5.0

package/dist/errors.d.ts

@@ -0,0 +1,269 @@
+/**
+ * Root of the SpendGuard error hierarchy. Every error thrown by the SDK
+ * inherits from this class so adapters can route with one `instanceof` check.
+ */
+declare class SpendGuardError extends Error {
+    name: string;
+    constructor(message: string, opts?: {
+        cause?: unknown;
+    });
+}
+/**
+ * Constructor-time configuration error. Thrown synchronously from
+ * `new SpendGuardClient(...)` or `SpendGuardClient.fromEnv()` when:
+ *   - `socketPath` is missing and `SPENDGUARD_SOCKET_PATH` /
+ *     `SPENDGUARD_SIDECAR_UDS` are unset.
+ *   - `tenantId` is missing and `SPENDGUARD_TENANT_ID` is unset.
+ *   - `otelTracer` and `onSpan` are both provided (mutually exclusive).
+ *   - `SPENDGUARD_DECISION_TIMEOUT_MS` is not a finite non-negative integer.
+ */
+declare class SpendGuardConfigError extends SpendGuardError {
+    name: string;
+}
+/**
+ * Connection-layer failure: the UDS / gRPC channel could not be opened,
+ * the sidecar is unreachable, the deadline expired before reply, or the
+ * server cancelled mid-flight.
+ *
+ * Adapters typically map `SidecarUnavailable` → 503 upstream (the `statusCode`
+ * is the conventional HTTP analog; the SDK itself does not speak HTTP).
+ *
+ * Raised by `mapGrpcStatusToError` (SLICE 5) for:
+ *   - gRPC `UNAVAILABLE` — channel torn down / sidecar gone.
+ *   - gRPC `DEADLINE_EXCEEDED` — request timed out before reply.
+ *   - gRPC `CANCELLED` — server (or client) cancelled mid-flight.
+ *
+ * The original `RpcError` is preserved in `cause` so adapters can dig into
+ * the underlying gRPC trailer metadata if they need to.
+ *
+ * SLICE 8 wires retry classification for the same cluster into this class
+ * via `_classify_rpc_error` parity.
+ */
+declare class SidecarUnavailable extends SpendGuardError {
+    name: string;
+    readonly statusCode: 503;
+}
+/**
+ * Connection-not-established error. Thrown when the caller invokes an RPC
+ * before `connect()` (or attempts to read `sessionId` before `handshake()`).
+ */
+declare class SpendGuardConnectionError extends SpendGuardError {
+    name: string;
+}
+/**
+ * Handshake-protocol failure: the sidecar replied with a protocol-version
+ * mismatch, a capability level the adapter cannot satisfy, or an unsigned
+ * announcement when one was required.
+ *
+ * SLICE 4 wires the handshake payload mapping; the class itself is locked here.
+ */
+declare class HandshakeError extends SpendGuardError {
+    name: string;
+}
+/**
+ * Init payload for `DecisionDenied` (and its subclasses). All decision-typed
+ * errors carry the audit chain coordinates so adapters can correlate with the
+ * sidecar's emitted CloudEvents.
+ */
+interface DecisionDeniedInit {
+    decisionId: string;
+    reasonCodes?: readonly string[];
+    auditDecisionEventId?: string;
+    matchedRuleIds?: readonly string[];
+}
+/**
+ * Decision-time denial. Thrown when the sidecar returns a non-`CONTINUE` /
+ * non-`DEGRADE` outcome. Subclasses discriminate by terminal kind:
+ * `DecisionStopped` (STOP / STOP_RUN_PROJECTION), `DecisionSkipped` (SKIP),
+ * `ApprovalRequired` (REQUIRE_APPROVAL).
+ *
+ * SLICE 4 wires the mapping from `DecisionResponse.decision` enum to the
+ * concrete subclass; this base class is locked here.
+ */
+declare class DecisionDenied extends SpendGuardError {
+    name: string;
+    readonly statusCode: 403;
+    readonly decisionId: string;
+    readonly reasonCodes: readonly string[];
+    readonly auditDecisionEventId?: string;
+    readonly matchedRuleIds: readonly string[];
+    constructor(message: string, init: DecisionDeniedInit, opts?: {
+        cause?: unknown;
+    });
+}
+/**
+ * Sidecar returned `STOP` or `STOP_RUN_PROJECTION`. Run loop must unwind
+ * without further LLM / tool calls. `reasonCodes` carry the contract-DSL
+ * matched-rule outcomes (`projection.run.over_threshold`, etc.).
+ */
+declare class DecisionStopped extends DecisionDenied {
+    name: string;
+}
+/**
+ * Sidecar returned `SKIP` — current step / call must be skipped but the run
+ * may continue. Treated as a terminal decision for the in-flight boundary
+ * only.
+ */
+declare class DecisionSkipped extends DecisionDenied {
+    name: string;
+}
+/**
+ * Init payload for `ApprovalRequired`. Carries the approval bookkeeping the
+ * adapter needs to drive the human-in-the-loop resume round-trip.
+ */
+interface ApprovalRequiredInit extends DecisionDeniedInit {
+    approvalRequestId: string;
+    approverRole?: string;
+    tenantId?: string;
+}
+/**
+ * Minimal client shape that `ApprovalRequired.resume()` needs. Avoids a
+ * circular import between `errors.ts` and `client.ts`; the real
+ * `SpendGuardClient` satisfies this contract.
+ */
+interface ApprovalResumeClient {
+    resumeAfterApproval(req: {
+        approvalId: string;
+        tenantId: string;
+        decisionId: string;
+    }): Promise<unknown>;
+}
+/**
+ * Sidecar returned `REQUIRE_APPROVAL`. The adapter must surface the approval
+ * to a human operator (Slack / control plane / etc.) and call
+ * `await err.resume(client)` after the operator acts.
+ *
+ * `tenantId` is carried explicitly so the resume round-trip can scope the
+ * GetApprovalForResume lookup against tenant (per Python `client.py` round-2
+ * #9 part 2 PR 9d).
+ */
+declare class ApprovalRequired extends DecisionDenied {
+    name: string;
+    readonly approvalRequestId: string;
+    readonly approverRole?: string;
+    readonly tenantId?: string;
+    constructor(message: string, init: ApprovalRequiredInit, opts?: {
+        cause?: unknown;
+    });
+    /**
+     * Resume the decision after a human operator has acted. Delegates to
+     * `client.resumeAfterApproval(...)`.
+     *
+     * @throws ApprovalDeniedError when the operator rejected.
+     * @throws ApprovalLapsedError when the approval expired / was cancelled.
+     * @throws ApprovalBundleHotReloadedError when bundle rotated mid-approval.
+     */
+    resume(client: ApprovalResumeClient): Promise<unknown>;
+}
+/**
+ * Operator explicitly denied the approval. Carries `approverSubject` and
+ * `approverReason` from the audit row so the adapter can surface them upstream.
+ *
+ * Reason codes are forced to include `approval_denied` as the first entry per
+ * Python parity.
+ */
+declare class ApprovalDeniedError extends DecisionDenied {
+    name: string;
+    readonly approverSubject?: string;
+    readonly approverReason?: string;
+    constructor(message: string, init: DecisionDeniedInit & {
+        approverSubject?: string;
+        approverReason?: string;
+    }, opts?: {
+        cause?: unknown;
+    });
+}
+/**
+ * Approval state was non-terminal at the time the adapter polled. State is
+ * one of `pending` / `expired` / `cancelled` / `unknown`; the reason codes
+ * include `approval_lapsed_<state>` per Python parity.
+ */
+declare class ApprovalLapsedError extends DecisionDenied {
+    name: string;
+    readonly state: "pending" | "expired" | "cancelled" | "unknown";
+    constructor(message: string, init: DecisionDeniedInit & {
+        state: "pending" | "expired" | "cancelled" | "unknown";
+    }, opts?: {
+        cause?: unknown;
+    });
+}
+/**
+ * Approval was issued under one contract-bundle hash but the sidecar's
+ * currently-installed bundle differs. The adapter MUST refuse to resume —
+ * re-evaluation may produce a different decision that the operator did not
+ * see when they approved.
+ *
+ * Raised by `mapGrpcStatusToError` (SLICE 5) when a release / reserve trip
+ * surfaces gRPC `FAILED_PRECONDITION` with the reason-code metadata field
+ * set to `BUNDLE_HOT_RELOADED`. When the bundle hashes are not carried in
+ * trailer metadata the constructor receives empty strings; adapters should
+ * treat that as "hashes unavailable" and re-fetch from the handshake cache.
+ */
+declare class ApprovalBundleHotReloadedError extends SpendGuardError {
+    name: string;
+    readonly originalBundleHash: string;
+    readonly currentBundleHash: string;
+    constructor(message: string, init: {
+        originalBundleHash: string;
+        currentBundleHash: string;
+    }, opts?: {
+        cause?: unknown;
+    });
+}
+/**
+ * Adapter's `publish_effect` step failed to apply the mutation patch. The
+ * adapter should call `client.safeConfirmApplyFailed(...)` to anchor the
+ * rollback in the audit chain.
+ *
+ * Raised by `mapGrpcStatusToError` (SLICE 5) when a release / reserve trip
+ * surfaces gRPC `FAILED_PRECONDITION` with the reason-code metadata field set
+ * to `IDEMPOTENCY_CONFLICT` (replay of a release with a different request
+ * body), `BUDGET_EXCEEDED` (reservation can no longer be released against the
+ * current ledger state), or any unknown FAILED_PRECONDITION reason — the
+ * latter is the conservative default so adapters never see a bare
+ * `SpendGuardError` for FAILED_PRECONDITION trips.
+ */
+declare class MutationApplyFailed extends SpendGuardError {
+    name: string;
+}
+/**
+ * Decision-time wrapper for arbitrary post-decision errors that don't fit the
+ * `DecisionDenied` hierarchy. Provided as a discriminated subtype so adapters
+ * that want a single `catch (e: SpendGuardDecisionError)` block work without
+ * pattern-matching on the structural `DecisionDenied` chain.
+ *
+ * SLICE 4 may extend this with concrete subclasses; in SLICE 3 it exists only
+ * as the discriminated-subtype contract the slice doc requires.
+ */
+declare class SpendGuardDecisionError extends SpendGuardError {
+    name: string;
+}
+/**
+ * Thrown by `PricingLookup.usdMicrosForCall` when a token bucket has a
+ * non-zero count but NO configured price for either the specific token kind
+ * or the default kind.
+ *
+ * Fail-closed rationale: the previous behavior silently coerced the missing
+ * price to `0`, booking a `$0` charge for the call and under-counting the
+ * budget — exactly the under-charge failure mode the guardrail exists to
+ * prevent. Unknown / new models (the most likely to be mispriced) were
+ * precisely the ones that escaped accounting. Refusing loudly forces the
+ * adapter to supply a price (or explicitly handle the gap) rather than leak
+ * spend. Carries the offending `provider` / `model` / `tokenKind` so the
+ * caller can pinpoint the missing pricing-table row.
+ */
+declare class PricingMissingError extends SpendGuardError {
+    name: string;
+    readonly provider: string;
+    readonly model: string;
+    readonly tokenKind: string;
+    constructor(args: {
+        provider: string;
+        model: string;
+        tokenKind: string;
+    }, opts?: {
+        cause?: unknown;
+    });
+}
+
+export { ApprovalBundleHotReloadedError, ApprovalDeniedError, ApprovalLapsedError, ApprovalRequired, type ApprovalRequiredInit, type ApprovalResumeClient, DecisionDenied, type DecisionDeniedInit, DecisionSkipped, DecisionStopped, HandshakeError, MutationApplyFailed, PricingMissingError, SidecarUnavailable, SpendGuardConfigError, SpendGuardConnectionError, SpendGuardDecisionError, SpendGuardError };

package/dist/errors.js

@@ -0,0 +1,148 @@
+// src/errors.ts
+var SpendGuardError = class extends Error {
+  name = "SpendGuardError";
+  constructor(message, opts) {
+    super(message);
+    if (opts?.cause !== void 0) {
+      this.cause = opts.cause;
+    }
+    Object.defineProperty(this, "name", {
+      value: this.name,
+      enumerable: true,
+      configurable: true,
+      writable: true
+    });
+  }
+};
+var SpendGuardConfigError = class extends SpendGuardError {
+  name = "SpendGuardConfigError";
+};
+var SidecarUnavailable = class extends SpendGuardError {
+  name = "SidecarUnavailable";
+  statusCode = 503;
+};
+var SpendGuardConnectionError = class extends SpendGuardError {
+  name = "SpendGuardConnectionError";
+};
+var HandshakeError = class extends SpendGuardError {
+  name = "HandshakeError";
+};
+var DecisionDenied = class extends SpendGuardError {
+  name = "DecisionDenied";
+  statusCode = 403;
+  decisionId;
+  reasonCodes;
+  auditDecisionEventId;
+  matchedRuleIds;
+  constructor(message, init, opts) {
+    super(message, opts);
+    this.decisionId = init.decisionId;
+    this.reasonCodes = init.reasonCodes ?? [];
+    if (init.auditDecisionEventId !== void 0) {
+      this.auditDecisionEventId = init.auditDecisionEventId;
+    }
+    this.matchedRuleIds = init.matchedRuleIds ?? [];
+  }
+};
+var DecisionStopped = class extends DecisionDenied {
+  name = "DecisionStopped";
+};
+var DecisionSkipped = class extends DecisionDenied {
+  name = "DecisionSkipped";
+};
+var ApprovalRequired = class extends DecisionDenied {
+  name = "ApprovalRequired";
+  approvalRequestId;
+  approverRole;
+  tenantId;
+  constructor(message, init, opts) {
+    super(message, init, opts);
+    this.approvalRequestId = init.approvalRequestId;
+    if (init.approverRole !== void 0) {
+      this.approverRole = init.approverRole;
+    }
+    if (init.tenantId !== void 0) {
+      this.tenantId = init.tenantId;
+    }
+  }
+  /**
+   * Resume the decision after a human operator has acted. Delegates to
+   * `client.resumeAfterApproval(...)`.
+   *
+   * @throws ApprovalDeniedError when the operator rejected.
+   * @throws ApprovalLapsedError when the approval expired / was cancelled.
+   * @throws ApprovalBundleHotReloadedError when bundle rotated mid-approval.
+   */
+  async resume(client) {
+    return client.resumeAfterApproval({
+      approvalId: this.approvalRequestId,
+      tenantId: this.tenantId ?? "",
+      decisionId: this.decisionId
+    });
+  }
+};
+var ApprovalDeniedError = class extends DecisionDenied {
+  name = "ApprovalDeniedError";
+  approverSubject;
+  approverReason;
+  constructor(message, init, opts) {
+    super(
+      message,
+      { ...init, reasonCodes: ["approval_denied", ...init.reasonCodes ?? []] },
+      opts
+    );
+    if (init.approverSubject !== void 0) {
+      this.approverSubject = init.approverSubject;
+    }
+    if (init.approverReason !== void 0) {
+      this.approverReason = init.approverReason;
+    }
+  }
+};
+var ApprovalLapsedError = class extends DecisionDenied {
+  name = "ApprovalLapsedError";
+  state;
+  constructor(message, init, opts) {
+    super(
+      message,
+      { ...init, reasonCodes: [`approval_lapsed_${init.state}`, ...init.reasonCodes ?? []] },
+      opts
+    );
+    this.state = init.state;
+  }
+};
+var ApprovalBundleHotReloadedError = class extends SpendGuardError {
+  name = "ApprovalBundleHotReloadedError";
+  originalBundleHash;
+  currentBundleHash;
+  constructor(message, init, opts) {
+    super(message, opts);
+    this.originalBundleHash = init.originalBundleHash;
+    this.currentBundleHash = init.currentBundleHash;
+  }
+};
+var MutationApplyFailed = class extends SpendGuardError {
+  name = "MutationApplyFailed";
+};
+var SpendGuardDecisionError = class extends SpendGuardError {
+  name = "SpendGuardDecisionError";
+};
+var PricingMissingError = class extends SpendGuardError {
+  name = "PricingMissingError";
+  provider;
+  model;
+  tokenKind;
+  constructor(args, opts) {
+    super(
+      `no price configured for provider=${JSON.stringify(args.provider)} model=${JSON.stringify(args.model)} tokenKind=${JSON.stringify(args.tokenKind)} (neither the specific kind nor the default kind has a price); refusing to charge $0 \u2014 supply a price for this model or handle PricingMissingError`,
+      opts
+    );
+    this.provider = args.provider;
+    this.model = args.model;
+    this.tokenKind = args.tokenKind;
+  }
+};
+
+export { ApprovalBundleHotReloadedError, ApprovalDeniedError, ApprovalLapsedError, ApprovalRequired, DecisionDenied, DecisionSkipped, DecisionStopped, HandshakeError, MutationApplyFailed, PricingMissingError, SidecarUnavailable, SpendGuardConfigError, SpendGuardConnectionError, SpendGuardDecisionError, SpendGuardError };
+//# sourceMappingURL=errors.js.map
+//# sourceMappingURL=errors.js.map

package/dist/ids.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Mint a UUIDv7 per RFC 9562 §5.7.
+ *
+ * Layout (128 bits, big-endian):
+ *   - 48 bits unix epoch ms
+ *   - 4 bits version (0b0111)
+ *   - 12 bits random
+ *   - 2 bits variant (0b10)
+ *   - 62 bits random
+ *
+ * Two calls within the same ms are time-ordered to ms precision but
+ * randomised within the ms slot. Returned in canonical 36-char hex form
+ * (`xxxxxxxx-xxxx-7xxx-yxxx-xxxxxxxxxxxx`).
+ */
+declare function newUuid7(): string;
+/**
+ * Deterministic idempotency key for a trigger boundary.
+ *
+ * Same `(tenantId, sessionId, runId, stepId, llmCallId, trigger)` →
+ * same key. A retry of the SAME logical step within an agent framework's
+ * run loop MUST reuse this so the sidecar's cache short-circuits + the
+ * ledger's `UNIQUE` returns Replay.
+ *
+ * Returns `"sg-"` + 32 hex chars (128-bit BLAKE2b digest).
+ *
+ * **Cross-language gate (P0 — review-standards §2.2)**: the TS output for
+ * any given input is byte-identical to Python
+ * `derive_idempotency_key(**kwargs)` (which uses `hashlib.blake2b(...,
+ * digest_size=16)`). The implementation here calls the audited
+ * `@noble/hashes` BLAKE2b primitive with `dkLen: 16` — the same 128-bit
+ * personalised-output mode Python's hashlib exposes. Verified byte-for-byte
+ * against `derive_idempotency_key(**kwargs)` for 7 fixtures in
+ * `tests/ids.test.ts` (FX1–FX7).
+ */
+declare function deriveIdempotencyKey(args: {
+    tenantId: string;
+    sessionId: string;
+    runId: string;
+    stepId: string;
+    llmCallId: string;
+    trigger: string;
+}): string;
+/**
+ * Derive a stable UUID (v4-shaped) from a content signature + scope namespace.
+ *
+ * Used for content-derived `decision_id` / `llm_call_id` slots where a retry
+ * of the SAME `Model.request()` MUST produce the same UUID across retries.
+ * Scope ("decision_id", "llm_call_id", etc.) namespaces the output so
+ * different identifier slots never collide for the same signature.
+ *
+ * Same `(signature, scope)` → same UUID. Byte-equivalent to Python
+ * `spendguard.ids.derive_uuid_from_signature(signature, scope=scope)`:
+ * BLAKE2b-128 over `f"{scope}|{signature}"`, with RFC 4122 v4 version (0x4)
+ * and variant (0b10) nibbles overlaid on bytes 6 + 8. Verified against
+ * 5 fixtures in `tests/ids.test.ts` (FXU1–FXU5).
+ */
+declare function deriveUuidFromSignature(signature: string, args: {
+    scope: string;
+}): string;
+/**
+ * Sidecar workload identity hint.
+ *
+ * The adapter asserts this in handshake; the sidecar verifies against
+ * SO_PEERCRED + signed manifest. Reads `SPENDGUARD_WORKLOAD_INSTANCE_ID`
+ * env var; returns empty string when unset.
+ */
+declare function workloadInstanceId(): string;
+
+export { deriveIdempotencyKey, deriveUuidFromSignature, newUuid7, workloadInstanceId };

package/dist/ids.js

@@ -0,0 +1,61 @@
+import { randomBytes } from 'crypto';
+import { blake2b } from '@noble/hashes/blake2';
+
+// src/ids.ts
+function newUuid7() {
+  const tsMs = BigInt(Date.now()) & (1n << 48n) - 1n;
+  const randA = randomBytes(2).readUInt16BE(0) & 4095;
+  const randB = randomBytes(8);
+  randB[0] = randB[0] & 63 | 128;
+  const hi = tsMs << 16n | BigInt(randA);
+  const buf = Buffer.alloc(16);
+  buf.writeBigUInt64BE(hi, 0);
+  buf[6] = buf[6] & 15 | 112;
+  randB.copy(buf, 8);
+  return [
+    buf.toString("hex", 0, 4),
+    buf.toString("hex", 4, 6),
+    buf.toString("hex", 6, 8),
+    buf.toString("hex", 8, 10),
+    buf.toString("hex", 10, 16)
+  ].join("-");
+}
+var FIELD_SEP = "";
+function deriveIdempotencyKey(args) {
+  const canonical = [
+    "v1",
+    args.tenantId,
+    args.sessionId,
+    args.runId,
+    args.stepId,
+    args.llmCallId,
+    args.trigger
+  ].join(FIELD_SEP);
+  const digest = blake2b(new TextEncoder().encode(canonical), { dkLen: 16 });
+  let hex = "";
+  for (let i = 0; i < digest.length; i++) {
+    hex += digest[i].toString(16).padStart(2, "0");
+  }
+  return `sg-${hex}`;
+}
+function deriveUuidFromSignature(signature, args) {
+  const canonical = `${args.scope}|${signature}`;
+  const digest = blake2b(new TextEncoder().encode(canonical), { dkLen: 16 });
+  const buf = Buffer.from(digest);
+  buf[6] = buf[6] & 15 | 64;
+  buf[8] = buf[8] & 63 | 128;
+  return [
+    buf.toString("hex", 0, 4),
+    buf.toString("hex", 4, 6),
+    buf.toString("hex", 6, 8),
+    buf.toString("hex", 8, 10),
+    buf.toString("hex", 10, 16)
+  ].join("-");
+}
+function workloadInstanceId() {
+  return process.env.SPENDGUARD_WORKLOAD_INSTANCE_ID ?? "";
+}
+
+export { deriveIdempotencyKey, deriveUuidFromSignature, newUuid7, workloadInstanceId };
+//# sourceMappingURL=ids.js.map
+//# sourceMappingURL=ids.js.map

package/dist/index.d.ts

@@ -0,0 +1,61 @@
+import { R as RunProjectionPolicy } from './cache-DOnw8QtJ.js';
+export { A as ApplyFailedRequest, B as BudgetClaim, C as ClaimEstimate, a as CommitEstimatedRequest, b as CommitSessionDeltaOutcome, c as CommitSessionDeltaRequest, D as DEFAULT_CACHE_MAX_ENTRIES, d as DEFAULT_CACHE_TTL_MS, e as DEFAULT_CAPABILITY_LEVEL, f as DEFAULT_DECISION_TIMEOUT_MS, g as DEFAULT_HANDSHAKE_TIMEOUT_MS, h as DEFAULT_MAX_PENDING_SESSION_DELTAS, i as DEFAULT_PROTOCOL_VERSION, j as DEFAULT_PUBLISH_TIMEOUT_MS, k as DEFAULT_TRACE_TIMEOUT_MS, l as DecisionOutcome, E as EmitLlmCallPostRequest, H as HandshakeOutcome, I as IdempotencyCache, m as InMemoryIdempotencyCache, n as InMemoryIdempotencyCacheOptions, N as NoopIdempotencyCache, P as PendingSessionDelta, o as PricingFreeze, p as PublishOutcomeRequest, Q as QueryBudgetRequest, q as QueryBudgetResult, r as ReleaseOutcome, s as ReleaseRequest, t as ReleaseSessionOutcome, u as ReleaseSessionRequest, v as ReserveRequest, w as ReserveSessionOutcome, x as ReserveSessionRequest, y as ResolvedConfig, z as ResumeAfterApprovalRequest, S as SessionCommitOutcome, F as SessionDeltaCommitClient, G as SessionDeltaCommitInput, J as SessionPendingDeltaLimitError, K as SessionReleaseClient, L as SessionReleaseInput, M as SessionReservationHandle, O as SessionReservationHandleError, T as SessionReservationHandleOptions, U as SessionReservationHandleSnapshot, V as SessionReservationReleasedError, W as SessionReservationReplayMismatchError, X as SpanRecord, Y as SpendGuardClient, Z as SpendGuardClientConfig, _ as SpendGuardClientOptions, $ as UnitRef, a0 as buildCommitSessionDeltaRequest, a1 as buildReleaseSessionRequest, a2 as buildReserveSessionRequest } from './cache-DOnw8QtJ.js';
+export { ApprovalBundleHotReloadedError, ApprovalDeniedError, ApprovalLapsedError, ApprovalRequired, ApprovalRequiredInit, ApprovalResumeClient, DecisionDenied, DecisionDeniedInit, DecisionSkipped, DecisionStopped, HandshakeError, MutationApplyFailed, PricingMissingError, SidecarUnavailable, SpendGuardConfigError, SpendGuardConnectionError, SpendGuardDecisionError, SpendGuardError } from './errors.js';
+export { deriveIdempotencyKey, deriveUuidFromSignature, newUuid7, workloadInstanceId } from './ids.js';
+export { computePromptHash } from './promptHash.js';
+export { PriceKey, PriceTable, PricingLookup, USD_MICROS_PER_USD } from './pricing.js';
+export { RunPlan, currentRunPlan, withRunPlan } from './runPlan.js';
+export { OtelAttributeValue, OtelAttributes, SPENDGUARD_OTEL_ATTR, setOtelSpanAttributes, withOtelSpan } from './otel.js';
+export { RpcErrorClassification, RunWithRetryOptions, TRANSIENT_STATUS_CODES, classifyRpcError, runWithRetry } from './retry.js';
+import '@grpc/grpc-js';
+import '@opentelemetry/api';
+import './adapter-D9T3yEEw.js';
+import '@protobuf-ts/runtime-rpc';
+import '@protobuf-ts/runtime';
+
+/**
+ * Default UDS path used by `SpendGuardClient.fromEnv()` when neither
+ * `SPENDGUARD_SOCKET_PATH` nor `SPENDGUARD_SIDECAR_UDS` is set. Matches the
+ * sidecar Helm chart's default volume mount per slice spec.
+ */
+declare const DEFAULT_SOCKET_PATH: "/var/run/spendguard/adapter.sock";
+/**
+ * Resolved env-var snapshot. Every field is optional because the env may be
+ * sparsely populated; the constructor combines this snapshot with the explicit
+ * options and validates the union.
+ *
+ * `runProjectionDefault` is typed as the same `RunProjectionPolicy` literal
+ * union surfaced by `SpendGuardClientConfig` so the env path produces the
+ * same shape the explicit-options path produces (no `string` vs literal-union
+ * drift between the two entry points).
+ */
+interface ResolvedEnvConfig {
+    socketPath?: string;
+    tenantId?: string;
+    workloadInstanceId?: string;
+    decisionTimeoutMs?: number;
+    handshakeTimeoutMs?: number;
+    runProjectionDefault?: RunProjectionPolicy;
+    disabled?: boolean;
+    /**
+     * Deployment profile, read verbatim from `SPENDGUARD_PROFILE`. The
+     * constructor uses this to gate the env-var disable path: a bare
+     * `SPENDGUARD_DISABLE` ONLY takes effect when `SPENDGUARD_PROFILE=demo`,
+     * mirroring the Rust signing service's `DisabledSigner::for_profile`
+     * (`services/signing/src/lib.rs`) so a single mis-set env var cannot defeat
+     * enforcement in production. Lowercased for case-insensitive comparison;
+     * `undefined` when unset.
+     */
+    profile?: string;
+}
+
+/**
+ * The published `@spendguard/sdk` version. Mirror of the Python SDK
+ * `spendguard.__version__` (which lives at `0.5.1` on PyPI as of 2026-05-31).
+ *
+ * SLICE 10 (`COV_S05_10`) wires the publish pipeline. First npm release is
+ * `0.5.0`, chosen to track the Python SDK line (PyPI is at 0.6.0).
+ */
+declare const VERSION: "0.5.0";
+
+export { DEFAULT_SOCKET_PATH, type ResolvedEnvConfig, RunProjectionPolicy, VERSION };