@spendguard/sdk 0.5.0

package/dist/otel.d.ts

@@ -0,0 +1,118 @@
+import { Span, Tracer } from '@opentelemetry/api';
+import { X as SpanRecord } from './cache-DOnw8QtJ.js';
+import '@grpc/grpc-js';
+import './adapter-D9T3yEEw.js';
+import '@protobuf-ts/runtime-rpc';
+import '@protobuf-ts/runtime';
+
+/**
+ * Frozen set of OTel attribute keys that `withOtelSpan` honors. The keys
+ * match the table in design.md §6.4 verbatim — adapters that change them
+ * break the span-attribute contract that observability dashboards consume.
+ *
+ * The values are intentionally lowercase + dotted to match OpenTelemetry
+ * semantic-convention style (`<vendor>.<subsystem>.<field>`); they are
+ * NOT prefixed with `attr_` or similar.
+ */
+declare const SPENDGUARD_OTEL_ATTR: {
+    readonly TENANT_ID: "spendguard.tenant_id";
+    readonly DECISION_ID: "spendguard.decision_id";
+    readonly TRIGGER: "spendguard.trigger";
+    readonly OUTCOME_DECISION: "spendguard.outcome.decision";
+    readonly OUTCOME_REASON_CODES: "spendguard.outcome.reason_codes";
+    readonly SDK_VERSION: "spendguard.sdk.version";
+    readonly RESERVATION_ID: "spendguard.reservation_id";
+    readonly SCOPE_ID: "spendguard.scope_id";
+};
+/**
+ * Attribute primitive set OTel accepts on `Span.setAttribute`.
+ *
+ * Mirrors `SpanAttributeValue` from `@opentelemetry/api` without importing
+ * the runtime type (the type-only import path is already covered by the
+ * function signature).
+ */
+type OtelAttributeValue = string | number | boolean | string[] | number[] | boolean[];
+/**
+ * Span attributes for the `withOtelSpan` wrapper. Keys SHOULD use the
+ * `spendguard.*` prefix per design.md §6.4 attribute table; values are
+ * standard OTel attribute primitives.
+ */
+type OtelAttributes = Readonly<Record<string, OtelAttributeValue | undefined>>;
+/**
+ * Wrap `fn()` in an OTel span named `spendguard.<rpcName>`. When `tracer`
+ * is `undefined`, returns `await fn()` directly — no span, no attribute
+ * encoding, no allocation overhead.
+ *
+ * Per design.md §6.4 (line 422), `@opentelemetry/api` is a
+ * `peerDependenciesMeta.optional` dep; the type-only import above is erased
+ * at build time so callers that never enable OTel pay zero install/runtime
+ * cost.
+ *
+ * Span lifecycle:
+ *   - `tracer.startSpan(name, { attributes })` opens the span.
+ *   - Exceptions from `fn()` are recorded via `span.recordException(err)` +
+ *     `span.setStatus({ code: ERROR, message })`, then re-thrown — the
+ *     RPC failure is observable, the original throw semantics are preserved.
+ *   - `span.end()` is always invoked from the `finally` block so a thrown
+ *     exception does NOT leak the span (a leaked span would never appear
+ *     in the trace export; adapters debugging missing spans waste hours).
+ *
+ * Span attribute encoding:
+ *   - Undefined-valued attributes are skipped (no `null` propagation onto the
+ *     span — OTel treats missing keys identically and omitting them keeps the
+ *     wire payload tighter).
+ *
+ * Lightweight `onSpan` observer:
+ *   - When `onSpan` is provided (and `tracer` is not — the two are mutually
+ *     exclusive per `SpendGuardClientConfig`), each call emits exactly one
+ *     `SpanRecord` to `onSpan` in the `finally` block with the wall-clock
+ *     `startTimeMs` / `durationMs`, the same (scalar) attribute map, and the
+ *     thrown `error` if `fn()` failed. This is the no-OTel-dep tracing path
+ *     advertised by `SpendGuardClientConfig.onSpan`.
+ *   - When BOTH `tracer` and `onSpan` are undefined, `fn()` runs unwrapped
+ *     with zero timing/allocation overhead (unchanged fast path).
+ *
+ * @param tracer Optional OTel `Tracer`. When `undefined`, no OTel span is
+ *   created. When defined, MUST be an `@opentelemetry/api` v1.9+ tracer.
+ * @param rpcName Bare RPC name; the span name is `spendguard.<rpcName>`.
+ *   Caller MUST NOT prefix with `spendguard.` themselves (this function
+ *   does it).
+ * @param attributes Span attributes to set at start-time. Undefined values
+ *   are filtered out.
+ * @param fn The RPC implementation. Its return value is the function's
+ *   return value; its throws are recorded and re-thrown.
+ * @param onSpan Optional `SpanRecord` observer (the lighter-weight tracing
+ *   path for adapters that don't pull `@opentelemetry/api`). Invoked once per
+ *   call in `finally`. Mutually exclusive with `tracer` at the config layer.
+ *
+ * @returns The result of `fn()`. Rethrows whatever `fn()` throws.
+ *
+ * @example
+ *   await withOtelSpan(cfg.otelTracer, "reserve", {
+ *     [SPENDGUARD_OTEL_ATTR.TENANT_ID]: cfg.tenantId,
+ *     [SPENDGUARD_OTEL_ATTR.DECISION_ID]: req.decisionId,
+ *   }, async () => {
+ *     return await client.requestDecision(...);
+ *   }, cfg.onSpan);
+ */
+declare function withOtelSpan<T>(tracer: Tracer | undefined, rpcName: string, attributes: OtelAttributes, fn: () => Promise<T>, onSpan?: (span: SpanRecord) => void): Promise<T>;
+/**
+ * Set additional attributes on the active span after start-time. Used for
+ * outcome-side attributes (`spendguard.outcome.decision` /
+ * `spendguard.outcome.reason_codes`) that are only known after the RPC
+ * returns. Silently no-ops when `tracer` is undefined.
+ *
+ * The active span lookup is intentionally NOT done via `trace.getActiveSpan()`
+ * — that requires importing the OTel runtime, defeating the peer-optional
+ * dep cost guarantee. Instead, callers thread the span explicitly via the
+ * `withOtelSpan` callback (the span is in scope inside the callback closure).
+ *
+ * SLICE 9 may add a thread-local span variant if the egress proxy / projector
+ * surface needs it; for v0.1.x, `withOtelSpan` is the only surface.
+ *
+ * @param span The active span. When `undefined`, this function is a no-op.
+ * @param attributes Attributes to add. Undefined values are skipped.
+ */
+declare function setOtelSpanAttributes(span: Span | undefined, attributes: OtelAttributes): void;
+
+export { type OtelAttributeValue, type OtelAttributes, SPENDGUARD_OTEL_ATTR, setOtelSpanAttributes, withOtelSpan };

package/dist/otel.js

@@ -0,0 +1,84 @@
+// src/otel.ts
+var SPENDGUARD_OTEL_ATTR = {
+  TENANT_ID: "spendguard.tenant_id",
+  DECISION_ID: "spendguard.decision_id",
+  TRIGGER: "spendguard.trigger",
+  OUTCOME_DECISION: "spendguard.outcome.decision",
+  OUTCOME_REASON_CODES: "spendguard.outcome.reason_codes",
+  SDK_VERSION: "spendguard.sdk.version",
+  RESERVATION_ID: "spendguard.reservation_id",
+  SCOPE_ID: "spendguard.scope_id"
+};
+var SPAN_STATUS_ERROR = 2;
+async function withOtelSpan(tracer, rpcName, attributes, fn, onSpan) {
+  if (tracer === void 0 && onSpan === void 0) return await fn();
+  const spanName = `spendguard.${rpcName}`;
+  const filtered = {};
+  for (const [k, v] of Object.entries(attributes)) {
+    if (v !== void 0) filtered[k] = v;
+  }
+  if (tracer === void 0) {
+    const startTimeMs2 = Date.now();
+    let error;
+    try {
+      return await fn();
+    } catch (err) {
+      error = err instanceof Error ? err : new Error(String(err));
+      throw err;
+    } finally {
+      emitSpanRecord(onSpan, spanName, startTimeMs2, filtered, error);
+    }
+  }
+  const startTimeMs = Date.now();
+  let observerError;
+  const span = tracer.startSpan(spanName, { attributes: filtered });
+  try {
+    const result = await fn();
+    return result;
+  } catch (err) {
+    if (err instanceof Error) {
+      observerError = err;
+      span.recordException(err);
+      span.setStatus({ code: SPAN_STATUS_ERROR, message: err.message });
+    } else {
+      const message = typeof err === "string" ? err : String(err);
+      observerError = new Error(message);
+      span.recordException({ name: "SpendGuardError", message });
+      span.setStatus({ code: SPAN_STATUS_ERROR, message });
+    }
+    throw err;
+  } finally {
+    span.end();
+    emitSpanRecord(onSpan, spanName, startTimeMs, filtered, observerError);
+  }
+}
+function emitSpanRecord(onSpan, name, startTimeMs, filtered, error) {
+  if (onSpan === void 0) return;
+  const attributes = {};
+  for (const [k, v] of Object.entries(filtered)) {
+    if (typeof v === "string" || typeof v === "number" || typeof v === "boolean") {
+      attributes[k] = v;
+    }
+  }
+  const record = {
+    name,
+    startTimeMs,
+    durationMs: Date.now() - startTimeMs,
+    attributes,
+    ...error !== void 0 ? { error } : {}
+  };
+  try {
+    onSpan(record);
+  } catch {
+  }
+}
+function setOtelSpanAttributes(span, attributes) {
+  if (span === void 0) return;
+  for (const [k, v] of Object.entries(attributes)) {
+    if (v !== void 0) span.setAttribute(k, v);
+  }
+}
+
+export { SPENDGUARD_OTEL_ATTR, setOtelSpanAttributes, withOtelSpan };
+//# sourceMappingURL=otel.js.map
+//# sourceMappingURL=otel.js.map

package/dist/pricing/demo.d.ts

@@ -0,0 +1,26 @@
+import { PricingLookup } from '../pricing.js';
+
+/**
+ * Snapshot version pinned from `deploy/demo/init/pricing/seed.yaml`
+ * `pricing_version` field. Adapters that mint receipts with `pricingVersion`
+ * SHOULD prefer this constant so the demo wire matches the snapshot exactly.
+ */
+declare const DEMO_PRICING_VERSION = "v2026.05.09-1";
+/**
+ * Demo `PricingLookup` instance — ready to call.
+ *
+ * Use in dev / examples to compute USD-micros without wiring a control-plane
+ * pricing fetch. Source of truth: `deploy/demo/init/pricing/seed.yaml` at
+ * pricing_version `v2026.05.09-1`.
+ *
+ * @example
+ *   import { DEMO_PRICING } from "@spendguard/sdk/pricing/demo";
+ *   const micros = DEMO_PRICING.usdMicrosForCall({
+ *     provider: "openai", model: "gpt-4o-mini",
+ *     inputTokens: 1000, outputTokens: 500,
+ *   });
+ *   // 150 + 300 = 450 µUSD
+ */
+declare const DEMO_PRICING: PricingLookup;
+
+export { DEMO_PRICING, DEMO_PRICING_VERSION };

package/dist/pricing/demo.js

@@ -0,0 +1,138 @@
+// src/errors.ts
+var SpendGuardError = class extends Error {
+  name = "SpendGuardError";
+  constructor(message, opts) {
+    super(message);
+    if (opts?.cause !== void 0) {
+      this.cause = opts.cause;
+    }
+    Object.defineProperty(this, "name", {
+      value: this.name,
+      enumerable: true,
+      configurable: true,
+      writable: true
+    });
+  }
+};
+var PricingMissingError = class extends SpendGuardError {
+  name = "PricingMissingError";
+  provider;
+  model;
+  tokenKind;
+  constructor(args, opts) {
+    super(
+      `no price configured for provider=${JSON.stringify(args.provider)} model=${JSON.stringify(args.model)} tokenKind=${JSON.stringify(args.tokenKind)} (neither the specific kind nor the default kind has a price); refusing to charge $0 \u2014 supply a price for this model or handle PricingMissingError`,
+      opts
+    );
+    this.provider = args.provider;
+    this.model = args.model;
+    this.tokenKind = args.tokenKind;
+  }
+};
+
+// src/pricing.ts
+var USD_MICROS_PER_USD = 1e6;
+var PricingLookup = class {
+  table;
+  defaultKind;
+  constructor(table, opts) {
+    this.table = table;
+    this.defaultKind = opts?.defaultKind ?? "output";
+  }
+  /** Return $/1M-tokens or `null` if `(provider, model, kind)` is missing. */
+  pricePerMillion(provider, model, tokenKind) {
+    const v = this.table.get(`${provider}|${model}|${tokenKind}`);
+    return v === void 0 ? null : v;
+  }
+  /**
+   * Compute the µUSD cost of a single LLM call.
+   *
+   * Charges per-kind when prices are available; falls back to the default
+   * kind (typically `"output"`) for any token bucket without a configured
+   * price. Result is rounded UP to the nearest µUSD (fail-safe for the
+   * customer — never under-charge due to FP truncation). The minimum
+   * returned value is `1` (we never claim zero cost on a non-zero token
+   * count).
+   *
+   * Fail-closed: when a token bucket has a non-zero count but NEITHER the
+   * specific kind NOR the default kind has a configured price, this throws
+   * {@link PricingMissingError} instead of silently charging $0. Coercing a
+   * missing price to 0 would under-count the budget — the exact under-charge
+   * the guardrail exists to prevent — and unknown/new models are precisely
+   * the ones most likely to be mispriced. Buckets with a zero count never
+   * trigger this (no charge is attributed, so a missing price is irrelevant).
+   *
+   * @throws {@link PricingMissingError} when a non-zero token bucket has no
+   *   resolvable price.
+   */
+  usdMicrosForCall(args) {
+    let usd = 0;
+    const charge = (kind, count) => {
+      if (count <= 0) return;
+      const p = this.pricePerMillion(args.provider, args.model, kind) ?? this.pricePerMillion(args.provider, args.model, this.defaultKind);
+      if (p === null) {
+        throw new PricingMissingError({
+          provider: args.provider,
+          model: args.model,
+          tokenKind: kind
+        });
+      }
+      usd += count * p / 1e6;
+    };
+    charge("input", args.inputTokens ?? 0);
+    charge("output", args.outputTokens ?? 0);
+    charge("cached_input", args.cachedInputTokens ?? 0);
+    if (usd <= 0) return 0;
+    return Math.max(1, Math.ceil(usd * USD_MICROS_PER_USD));
+  }
+};
+
+// src/pricing/demo.ts
+var DEMO_PRICING_VERSION = "v2026.05.09-1";
+var DEMO_PRICE_ENTRIES = Object.freeze([
+  // ============== OpenAI ==============
+  ["openai|gpt-4o-mini|input", 0.15],
+  ["openai|gpt-4o-mini|cached_input", 0.075],
+  ["openai|gpt-4o-mini|output", 0.6],
+  ["openai|gpt-4o|input", 2.5],
+  ["openai|gpt-4o|cached_input", 1.25],
+  ["openai|gpt-4o|output", 10],
+  ["openai|o1|input", 15],
+  ["openai|o1|cached_input", 7.5],
+  ["openai|o1|output", 60],
+  ["openai|o1|reasoning", 60],
+  ["openai|o3-mini|input", 1.1],
+  ["openai|o3-mini|cached_input", 0.55],
+  ["openai|o3-mini|output", 4.4],
+  ["openai|o3-mini|reasoning", 4.4],
+  // ============== Anthropic ==============
+  ["anthropic|claude-haiku-4-5-20251001|input", 1],
+  ["anthropic|claude-haiku-4-5-20251001|cached_input", 0.1],
+  ["anthropic|claude-haiku-4-5-20251001|output", 5],
+  ["anthropic|claude-sonnet-4-5-20250929|input", 3],
+  ["anthropic|claude-sonnet-4-5-20250929|cached_input", 0.3],
+  ["anthropic|claude-sonnet-4-5-20250929|output", 15],
+  ["anthropic|claude-opus-4-7|input", 15],
+  ["anthropic|claude-opus-4-7|cached_input", 1.5],
+  ["anthropic|claude-opus-4-7|output", 75],
+  // ============== Azure OpenAI ==============
+  ["azure_openai|gpt-4o-mini|input", 0.15],
+  ["azure_openai|gpt-4o-mini|cached_input", 0.075],
+  ["azure_openai|gpt-4o-mini|output", 0.6],
+  ["azure_openai|gpt-4o|input", 2.5],
+  ["azure_openai|gpt-4o|output", 10],
+  // ============== AWS Bedrock ==============
+  ["bedrock|anthropic.claude-haiku-4-5|input", 1],
+  ["bedrock|anthropic.claude-haiku-4-5|output", 5],
+  ["bedrock|anthropic.claude-sonnet-4-5|input", 3],
+  ["bedrock|anthropic.claude-sonnet-4-5|output", 15],
+  // ============== Google Gemini ==============
+  ["gemini|gemini-2.0-flash|input", 0.1],
+  ["gemini|gemini-2.0-flash|cached_input", 0.025],
+  ["gemini|gemini-2.0-flash|output", 0.4]
+]);
+var DEMO_PRICING = new PricingLookup(new Map(DEMO_PRICE_ENTRIES));
+
+export { DEMO_PRICING, DEMO_PRICING_VERSION };
+//# sourceMappingURL=demo.js.map
+//# sourceMappingURL=demo.js.map

package/dist/pricing.d.ts

@@ -0,0 +1,70 @@
+/** USD micros per USD — 1 USD = 1,000,000 µUSD. */
+declare const USD_MICROS_PER_USD = 1000000;
+/**
+ * Composite lookup key for the pricing table.
+ *
+ * `(provider, model, tokenKind)` triples key the `PriceTable`. `tokenKind`
+ * is one of `"input"`, `"output"`, `"cached_input"`, `"vision_input"`,
+ * `"audio_input"`, `"reasoning"`.
+ *
+ * The `PriceTable` Map serializes the triple to a `${provider}|${model}|${kind}`
+ * string — JS Map keys do not support tuple identity, so we flatten.
+ */
+type PriceKey = readonly [provider: string, model: string, tokenKind: string];
+/**
+ * Frozen-at-construction pricing table.
+ *
+ * Keys: `${provider}|${model}|${tokenKind}` strings.
+ * Values: USD price per million tokens (e.g. `0.15` = $0.15 / 1M tokens).
+ */
+type PriceTable = ReadonlyMap<string, number>;
+/**
+ * Frozen pricing table → USD-micros computation.
+ *
+ * The lookup is not side-effecting — there is no DB query, no network call.
+ * Callers fetch + cache pricing once (e.g., at handshake time) and pass it in.
+ * Mirrors Python `PricingLookup` semantics including:
+ *   - default kind fallback (typically `"output"`) when a token kind has no
+ *     configured price.
+ *   - per-kind charging for input / output / cached_input buckets.
+ *   - round-up to the nearest µUSD so the customer is never under-charged.
+ */
+declare class PricingLookup {
+    private readonly table;
+    private readonly defaultKind;
+    constructor(table: PriceTable, opts?: {
+        defaultKind?: string;
+    });
+    /** Return $/1M-tokens or `null` if `(provider, model, kind)` is missing. */
+    pricePerMillion(provider: string, model: string, tokenKind: string): number | null;
+    /**
+     * Compute the µUSD cost of a single LLM call.
+     *
+     * Charges per-kind when prices are available; falls back to the default
+     * kind (typically `"output"`) for any token bucket without a configured
+     * price. Result is rounded UP to the nearest µUSD (fail-safe for the
+     * customer — never under-charge due to FP truncation). The minimum
+     * returned value is `1` (we never claim zero cost on a non-zero token
+     * count).
+     *
+     * Fail-closed: when a token bucket has a non-zero count but NEITHER the
+     * specific kind NOR the default kind has a configured price, this throws
+     * {@link PricingMissingError} instead of silently charging $0. Coercing a
+     * missing price to 0 would under-count the budget — the exact under-charge
+     * the guardrail exists to prevent — and unknown/new models are precisely
+     * the ones most likely to be mispriced. Buckets with a zero count never
+     * trigger this (no charge is attributed, so a missing price is irrelevant).
+     *
+     * @throws {@link PricingMissingError} when a non-zero token bucket has no
+     *   resolvable price.
+     */
+    usdMicrosForCall(args: {
+        provider: string;
+        model: string;
+        inputTokens?: number;
+        outputTokens?: number;
+        cachedInputTokens?: number;
+    }): number;
+}
+
+export { type PriceKey, type PriceTable, PricingLookup, USD_MICROS_PER_USD };

package/dist/pricing.js

@@ -0,0 +1,92 @@
+// src/errors.ts
+var SpendGuardError = class extends Error {
+  name = "SpendGuardError";
+  constructor(message, opts) {
+    super(message);
+    if (opts?.cause !== void 0) {
+      this.cause = opts.cause;
+    }
+    Object.defineProperty(this, "name", {
+      value: this.name,
+      enumerable: true,
+      configurable: true,
+      writable: true
+    });
+  }
+};
+var PricingMissingError = class extends SpendGuardError {
+  name = "PricingMissingError";
+  provider;
+  model;
+  tokenKind;
+  constructor(args, opts) {
+    super(
+      `no price configured for provider=${JSON.stringify(args.provider)} model=${JSON.stringify(args.model)} tokenKind=${JSON.stringify(args.tokenKind)} (neither the specific kind nor the default kind has a price); refusing to charge $0 \u2014 supply a price for this model or handle PricingMissingError`,
+      opts
+    );
+    this.provider = args.provider;
+    this.model = args.model;
+    this.tokenKind = args.tokenKind;
+  }
+};
+
+// src/pricing.ts
+var USD_MICROS_PER_USD = 1e6;
+var PricingLookup = class {
+  table;
+  defaultKind;
+  constructor(table, opts) {
+    this.table = table;
+    this.defaultKind = opts?.defaultKind ?? "output";
+  }
+  /** Return $/1M-tokens or `null` if `(provider, model, kind)` is missing. */
+  pricePerMillion(provider, model, tokenKind) {
+    const v = this.table.get(`${provider}|${model}|${tokenKind}`);
+    return v === void 0 ? null : v;
+  }
+  /**
+   * Compute the µUSD cost of a single LLM call.
+   *
+   * Charges per-kind when prices are available; falls back to the default
+   * kind (typically `"output"`) for any token bucket without a configured
+   * price. Result is rounded UP to the nearest µUSD (fail-safe for the
+   * customer — never under-charge due to FP truncation). The minimum
+   * returned value is `1` (we never claim zero cost on a non-zero token
+   * count).
+   *
+   * Fail-closed: when a token bucket has a non-zero count but NEITHER the
+   * specific kind NOR the default kind has a configured price, this throws
+   * {@link PricingMissingError} instead of silently charging $0. Coercing a
+   * missing price to 0 would under-count the budget — the exact under-charge
+   * the guardrail exists to prevent — and unknown/new models are precisely
+   * the ones most likely to be mispriced. Buckets with a zero count never
+   * trigger this (no charge is attributed, so a missing price is irrelevant).
+   *
+   * @throws {@link PricingMissingError} when a non-zero token bucket has no
+   *   resolvable price.
+   */
+  usdMicrosForCall(args) {
+    let usd = 0;
+    const charge = (kind, count) => {
+      if (count <= 0) return;
+      const p = this.pricePerMillion(args.provider, args.model, kind) ?? this.pricePerMillion(args.provider, args.model, this.defaultKind);
+      if (p === null) {
+        throw new PricingMissingError({
+          provider: args.provider,
+          model: args.model,
+          tokenKind: kind
+        });
+      }
+      usd += count * p / 1e6;
+    };
+    charge("input", args.inputTokens ?? 0);
+    charge("output", args.outputTokens ?? 0);
+    charge("cached_input", args.cachedInputTokens ?? 0);
+    if (usd <= 0) return 0;
+    return Math.max(1, Math.ceil(usd * USD_MICROS_PER_USD));
+  }
+};
+
+export { PricingLookup, USD_MICROS_PER_USD };
+//# sourceMappingURL=pricing.js.map
+//# sourceMappingURL=pricing.js.map

package/dist/promptHash.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Compute the lowercase hex HMAC-SHA256 of a normalized prompt with the
+ * tenant key.
+ *
+ * Determinism: `computePromptHash(s, t) === computePromptHash(s, t)` for any
+ * (s, t).
+ *
+ * Cross-language: byte-for-byte identical to:
+ *   - Python `spendguard.prompt_hash.compute(s, t)`
+ *   - Rust `services::sidecar::prompt_hash::compute(s, t)`
+ *
+ * Cross-tenant: two tenants asking the same prompt produce different
+ * hashes.
+ *
+ * @param promptText The raw prompt text. Leading/trailing ASCII whitespace
+ *   is stripped before hashing.
+ * @param tenantId The tenant identifier. If a canonical UUID, lowercased
+ *   before keying the HMAC; otherwise passed through verbatim.
+ * @returns 64-char lowercase hex string.
+ */
+declare function computePromptHash(promptText: string, tenantId: string): string;
+
+export { computePromptHash };

package/dist/promptHash.js

@@ -0,0 +1,25 @@
+import { createHmac } from 'crypto';
+
+// src/promptHash.ts
+var ASCII_WHITESPACE = /* @__PURE__ */ new Set([" ", "	", "\n", "\f", "\r"]);
+var UUID_RE = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/;
+function canonicalizeTenant(tenantId) {
+  if (UUID_RE.test(tenantId)) return tenantId.toLowerCase();
+  return tenantId;
+}
+function stripAscii(s) {
+  let i = 0;
+  while (i < s.length && ASCII_WHITESPACE.has(s.charAt(i))) i++;
+  let j = s.length;
+  while (j > i && ASCII_WHITESPACE.has(s.charAt(j - 1))) j--;
+  return s.slice(i, j);
+}
+function computePromptHash(promptText, tenantId) {
+  const key = canonicalizeTenant(tenantId);
+  const trimmed = stripAscii(promptText);
+  return createHmac("sha256", key).update(trimmed, "utf8").digest("hex");
+}
+
+export { computePromptHash };
+//# sourceMappingURL=promptHash.js.map
+//# sourceMappingURL=promptHash.js.map