npm - @tenova/swt3-ai - Versions diffs - 0.3.3 → 0.3.5 - Mend

@tenova/swt3-ai 0.3.3 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +77 -2
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -8,7 +8,7 @@ Witness your AI. Prove it followed the rules. Cryptographic accountability for e
 **SWT3 AI Witness SDK for TypeScript**: tamper-proof evidence that your AI is doing what you say it does. Every inference hashed. Every tool call recorded. Every resource access checked against scope. No prompts or responses ever leave your infrastructure.
-Works with OpenAI, Anthropic, Vercel AI SDK, and any OpenAI-compatible endpoint (vLLM, Ollama, Azure, Llama.cpp).
+Works with OpenAI, Anthropic, AWS Bedrock, Vercel AI SDK, and any OpenAI-compatible endpoint (vLLM, Ollama, Azure, Llama.cpp).
 The EU AI Act takes effect **August 2, 2026**. When regulators ask "prove your AI followed the rules," you need more than logs. You need cryptographic proof.
@@ -178,6 +178,75 @@ The `agentId` survives all clearing levels. The `signingKey` produces a cryptogr
 - Fleet-wide governance dashboards
 - Agent-scoped evidence packages for auditors
+## Gatekeeper Mode (Pre-Call Enforcement)
+New in v0.3.4. Require guardrails to be active *before* the model is called, not just observed after:
+```typescript
+import { Witness, GatekeeperError } from "@tenova/swt3-ai";
+const witness = new Witness({
+  endpoint: "...",
+  apiKey: "axm_...",
+  tenantId: "...",
+  strict: true,
+  guardrailsRequired: 2,
+  guardrailNames: ["content-filter", "pii-scanner"],
+});
+const client = witness.wrap(new OpenAI()) as OpenAI;
+// If fewer than 2 guardrails are active, this throws GatekeeperError
+// BEFORE the model call happens. No inference runs without safeguards.
+try {
+  const response = await client.chat.completions.create({
+    model: "gpt-4o",
+    messages: [{ role: "user", content: "..." }],
+  });
+} catch (e) {
+  if (e instanceof GatekeeperError) {
+    console.log(`Blocked: ${e.message}`);
+    // An AI-GRD.3 FAIL anchor is minted recording the gate failure
+  }
+}
+```
+Gatekeeper mode mints an **AI-GRD.3** anchor with:
+- **factor_a** = required guardrail count
+- **factor_b** = actual guardrail count
+- **factor_c** = 1 if gate passed, 0 if blocked
+## Multi-Agent Chain Linking
+New in v0.3.4. Link anchors across agents in a multi-step pipeline using `cycleId`:
+```typescript
+const witness = new Witness({
+  endpoint: "...",
+  apiKey: "axm_...",
+  tenantId: "...",
+  agentId: "step-1-classifier",
+  cycleId: "txn-review-abc123",  // shared across all agents in the chain
+});
+```
+The `cycleId` survives all clearing levels and appears in every anchor. An auditor can reconstruct the full decision chain by filtering on a single cycle ID.
+## Policy Version Binding
+New in v0.3.4. Tie every anchor to the specific policy configuration that was in effect:
+```typescript
+const witness = new Witness({
+  endpoint: "...",
+  apiKey: "axm_...",
+  tenantId: "...",
+  policyVersion: "v2.1.0-prod-2026-04-20",
+});
+```
+The SDK hashes the policy version string (SHA-256, first 12 characters) and includes it in every payload. When policies change between audit periods, the hash changes — proving which rules were in effect for each inference.
 ## What Gets Witnessed
 Each inference produces anchors for these checks. Every check maps to a regulation.
@@ -249,6 +318,7 @@ Translation: "Access attempt occurred. Target was outside declared scope. Access
 | AI-MDL.2 | 1 (required) | 1 if version recorded | 0 | PASS if b >= a |
 | AI-GRD.1 | Required count | Active count | 1 if all passed | PASS if b >= a |
 | AI-GRD.2 | 1 (clean expected) | 0 if refusal | 0 | PASS if b >= a |
+| AI-GRD.3 | Required count | Active count | 1=passed, 0=blocked | PASS if b >= a AND c == 1 |
 | AI-TOOL.1 | 1 (called) | Latency (ms) | 1=success, 0=error | PASS if b >= a |
 | AI-ACC.1 | 1 (accessed) | 1=in scope, 0=out | 1=granted, 0=denied | PASS if b >= a |
 | AI-ID.1 | 1 (required) | 1 if identity present | 0 | PASS if b >= a |
@@ -372,6 +442,11 @@ const witness = new Witness({
 | `guardrailNames` | [] | Active guardrail names |
 | `agentId` | - | Agent identity (survives all clearing levels) |
 | `signingKey` | - | HMAC-SHA256 key for payload signing |
+| `cycleId` | - | Multi-agent chain link (survives all clearing levels) |
+| `policyVersion` | - | Policy config identifier (hashed in payloads) |
+| `strict` | false | Gatekeeper mode: block inference if guardrails insufficient |
+| `latencyThresholdMs` | 30000 | AI-INF.2 latency limit (ms) |
+| `guardrailsRequired` | 0 | AI-GRD.1 minimum guardrail count |
 | `factorHandoff` | - | "file" for local factor export |
 | `factorHandoffPath` | - | Directory for handoff files |
@@ -379,7 +454,7 @@ const witness = new Witness({
 | Method | Description |
 |--------|-------------|
-| `witness.wrap(client)` | Returns a Proxy that behaves identically to the original client. Supports OpenAI and Anthropic. |
+| `witness.wrap(client)` | Returns a Proxy that behaves identically to the original client. Supports OpenAI, Anthropic, and AWS Bedrock. |
 | `witness.wrapTool(fn, name?)` | Wraps a function for tool call witnessing (AI-TOOL.1). |
 | `witness.wrapAccess(fn, resource?, scope?)` | Wraps a function for resource access witnessing (AI-ACC.1). |
 | `witness.vercelOnFinish(opts?)` | Returns an onFinish callback for Vercel AI SDK streamText/generateText. |

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tenova/swt3-ai",
-  "version": "0.3.3",
+  "version": "0.3.5",
   "description": "SWT3 AI Witness SDK: cryptographic attestation for AI inference",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",