npm - @trustloopguard/sdk - Versions diffs - 0.0.1 - Mend

@trustloopguard/sdk 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (242) hide show

package/dist/client.d.ts +98 -0
package/dist/client.js +198 -0
package/dist/errors.d.ts +46 -0
package/dist/errors.js +187 -0
package/dist/generated/AgentAuthority.d.ts +4 -0
package/dist/generated/AgentAuthority.js +2 -0
package/dist/generated/AgentListResponse.d.ts +4 -0
package/dist/generated/AgentListResponse.js +1 -0
package/dist/generated/AgentProfile.d.ts +29 -0
package/dist/generated/AgentProfile.js +1 -0
package/dist/generated/AgentScope.d.ts +4 -0
package/dist/generated/AgentScope.js +2 -0
package/dist/generated/AgentTone.d.ts +4 -0
package/dist/generated/AgentTone.js +2 -0
package/dist/generated/ApiError.d.ts +25 -0
package/dist/generated/ApiError.js +1 -0
package/dist/generated/ApiErrorCode.d.ts +6 -0
package/dist/generated/ApiErrorCode.js +2 -0
package/dist/generated/ApiKeyBatchRevokeRequest.d.ts +3 -0
package/dist/generated/ApiKeyBatchRevokeRequest.js +2 -0
package/dist/generated/ApiKeyBatchRevokeResponse.d.ts +4 -0
package/dist/generated/ApiKeyBatchRevokeResponse.js +1 -0
package/dist/generated/ApiKeyListResponse.d.ts +4 -0
package/dist/generated/ApiKeyListResponse.js +1 -0
package/dist/generated/AuthRequest.d.ts +15 -0
package/dist/generated/AuthRequest.js +2 -0
package/dist/generated/AuthResponse.d.ts +16 -0
package/dist/generated/AuthResponse.js +2 -0
package/dist/generated/ChangePasswordRequest.d.ts +15 -0
package/dist/generated/ChangePasswordRequest.js +2 -0
package/dist/generated/Channel.d.ts +8 -0
package/dist/generated/Channel.js +2 -0
package/dist/generated/CheckRequest.d.ts +21 -0
package/dist/generated/CheckRequest.js +1 -0
package/dist/generated/CreateApiKeyRequest.d.ts +3 -0
package/dist/generated/CreateApiKeyRequest.js +2 -0
package/dist/generated/CreateApiKeyResponse.d.ts +8 -0
package/dist/generated/CreateApiKeyResponse.js +1 -0
package/dist/generated/CreateInviteRequest.d.ts +8 -0
package/dist/generated/CreateInviteRequest.js +1 -0
package/dist/generated/CreateInviteResponse.d.ts +18 -0
package/dist/generated/CreateInviteResponse.js +1 -0
package/dist/generated/CreateKnowledgeSourceRequest.d.ts +9 -0
package/dist/generated/CreateKnowledgeSourceRequest.js +1 -0
package/dist/generated/CreateRunEventRequest.d.ts +13 -0
package/dist/generated/CreateRunEventRequest.js +1 -0
package/dist/generated/CreateRunRequest.d.ts +9 -0
package/dist/generated/CreateRunRequest.js +1 -0
package/dist/generated/CreateWorkspaceRequest.d.ts +7 -0
package/dist/generated/CreateWorkspaceRequest.js +2 -0
package/dist/generated/DashboardApiKey.d.ts +15 -0
package/dist/generated/DashboardApiKey.js +2 -0
package/dist/generated/DashboardKnowledgeSourceKind.d.ts +1 -0
package/dist/generated/DashboardKnowledgeSourceKind.js +2 -0
package/dist/generated/Decision.d.ts +17 -0
package/dist/generated/Decision.js +1 -0
package/dist/generated/GuardrailGenerateResponse.d.ts +11 -0
package/dist/generated/GuardrailGenerateResponse.js +1 -0
package/dist/generated/GuardrailListResponse.d.ts +7 -0
package/dist/generated/GuardrailListResponse.js +1 -0
package/dist/generated/InviteListResponse.d.ts +4 -0
package/dist/generated/InviteListResponse.js +1 -0
package/dist/generated/InviteStatus.d.ts +4 -0
package/dist/generated/InviteStatus.js +2 -0
package/dist/generated/KnowledgeFileInput.d.ts +5 -0
package/dist/generated/KnowledgeFileInput.js +2 -0
package/dist/generated/KnowledgeFileMetadata.d.ts +6 -0
package/dist/generated/KnowledgeFileMetadata.js +2 -0
package/dist/generated/KnowledgeSource.d.ts +7 -0
package/dist/generated/KnowledgeSource.js +1 -0
package/dist/generated/KnowledgeSourceDocument.d.ts +22 -0
package/dist/generated/KnowledgeSourceDocument.js +1 -0
package/dist/generated/KnowledgeSourceFileResponse.d.ts +6 -0
package/dist/generated/KnowledgeSourceFileResponse.js +2 -0
package/dist/generated/KnowledgeSourceKind.d.ts +1 -0
package/dist/generated/KnowledgeSourceKind.js +2 -0
package/dist/generated/KnowledgeSourceListResponse.d.ts +4 -0
package/dist/generated/KnowledgeSourceListResponse.js +1 -0
package/dist/generated/KnowledgeSourceStatus.d.ts +1 -0
package/dist/generated/KnowledgeSourceStatus.js +2 -0
package/dist/generated/MemberListResponse.d.ts +4 -0
package/dist/generated/MemberListResponse.js +1 -0
package/dist/generated/MyWorkspace.d.ts +12 -0
package/dist/generated/MyWorkspace.js +1 -0
package/dist/generated/MyWorkspacesResponse.d.ts +4 -0
package/dist/generated/MyWorkspacesResponse.js +1 -0
package/dist/generated/PolicyAction.d.ts +4 -0
package/dist/generated/PolicyAction.js +2 -0
package/dist/generated/PolicyBatchSetEnabledRequest.d.ts +4 -0
package/dist/generated/PolicyBatchSetEnabledRequest.js +2 -0
package/dist/generated/PolicyBatchSetEnabledResponse.d.ts +4 -0
package/dist/generated/PolicyBatchSetEnabledResponse.js +1 -0
package/dist/generated/PolicyDocument.d.ts +8 -0
package/dist/generated/PolicyDocument.js +1 -0
package/dist/generated/PolicyDraft.d.ts +17 -0
package/dist/generated/PolicyDraft.js +1 -0
package/dist/generated/PolicyDraftRequest.d.ts +6 -0
package/dist/generated/PolicyDraftRequest.js +2 -0
package/dist/generated/PolicyDraftResponse.d.ts +4 -0
package/dist/generated/PolicyDraftResponse.js +1 -0
package/dist/generated/PolicyListResponse.d.ts +4 -0
package/dist/generated/PolicyListResponse.js +1 -0
package/dist/generated/PolicyMatchType.d.ts +5 -0
package/dist/generated/PolicyMatchType.js +2 -0
package/dist/generated/PolicySetEnabledRequest.d.ts +3 -0
package/dist/generated/PolicySetEnabledRequest.js +2 -0
package/dist/generated/PolicySummary.d.ts +9 -0
package/dist/generated/PolicySummary.js +1 -0
package/dist/generated/PolicyValidateResponse.d.ts +6 -0
package/dist/generated/PolicyValidateResponse.js +1 -0
package/dist/generated/PolicyValidationIssue.d.ts +4 -0
package/dist/generated/PolicyValidationIssue.js +2 -0
package/dist/generated/RunDetail.d.ts +8 -0
package/dist/generated/RunDetail.js +1 -0
package/dist/generated/RunEventKind.d.ts +1 -0
package/dist/generated/RunEventKind.js +2 -0
package/dist/generated/RunEventListResponse.d.ts +4 -0
package/dist/generated/RunEventListResponse.js +1 -0
package/dist/generated/RunEventSummary.d.ts +20 -0
package/dist/generated/RunEventSummary.js +1 -0
package/dist/generated/RunKind.d.ts +1 -0
package/dist/generated/RunKind.js +2 -0
package/dist/generated/RunListResponse.d.ts +4 -0
package/dist/generated/RunListResponse.js +1 -0
package/dist/generated/RunStatus.d.ts +1 -0
package/dist/generated/RunStatus.js +2 -0
package/dist/generated/RunSummary.d.ts +32 -0
package/dist/generated/RunSummary.js +1 -0
package/dist/generated/Severity.d.ts +1 -0
package/dist/generated/Severity.js +2 -0
package/dist/generated/Tier.d.ts +4 -0
package/dist/generated/Tier.js +2 -0
package/dist/generated/TierResult.d.ts +12 -0
package/dist/generated/TierResult.js +1 -0
package/dist/generated/TierStatus.d.ts +4 -0
package/dist/generated/TierStatus.js +2 -0
package/dist/generated/TraceListResponse.d.ts +4 -0
package/dist/generated/TraceListResponse.js +1 -0
package/dist/generated/TraceSummary.d.ts +13 -0
package/dist/generated/TraceSummary.js +2 -0
package/dist/generated/TriggeredPolicy.d.ts +6 -0
package/dist/generated/TriggeredPolicy.js +1 -0
package/dist/generated/UpdateRunRequest.d.ts +10 -0
package/dist/generated/UpdateRunRequest.js +1 -0
package/dist/generated/Verdict.d.ts +4 -0
package/dist/generated/Verdict.js +2 -0
package/dist/generated/WorkspaceInvite.d.ts +20 -0
package/dist/generated/WorkspaceInvite.js +1 -0
package/dist/generated/WorkspaceMember.d.ts +13 -0
package/dist/generated/WorkspaceMember.js +1 -0
package/dist/generated/WorkspaceRole.d.ts +5 -0
package/dist/generated/WorkspaceRole.js +2 -0
package/dist/generated/WorkspaceSettings.d.ts +11 -0
package/dist/generated/WorkspaceSettings.js +2 -0
package/dist/guard.d.ts +193 -0
package/dist/guard.js +211 -0
package/dist/index.d.ts +64 -0
package/dist/index.js +64 -0
package/dist/retry.d.ts +18 -0
package/dist/retry.js +48 -0
package/package.json +39 -0
package/src/client.ts +453 -0
package/src/errors.ts +202 -0
package/src/generated/AgentAuthority.ts +3 -0
package/src/generated/AgentListResponse.ts +4 -0
package/src/generated/AgentProfile.ts +23 -0
package/src/generated/AgentScope.ts +3 -0
package/src/generated/AgentTone.ts +3 -0
package/src/generated/ApiError.ts +24 -0
package/src/generated/ApiErrorCode.ts +8 -0
package/src/generated/ApiKeyBatchRevokeRequest.ts +3 -0
package/src/generated/ApiKeyBatchRevokeResponse.ts +4 -0
package/src/generated/ApiKeyListResponse.ts +4 -0
package/src/generated/AuthRequest.ts +16 -0
package/src/generated/AuthResponse.ts +15 -0
package/src/generated/ChangePasswordRequest.ts +15 -0
package/src/generated/Channel.ts +10 -0
package/src/generated/CheckRequest.ts +11 -0
package/src/generated/CreateApiKeyRequest.ts +3 -0
package/src/generated/CreateApiKeyResponse.ts +8 -0
package/src/generated/CreateInviteRequest.ts +7 -0
package/src/generated/CreateInviteResponse.ts +14 -0
package/src/generated/CreateKnowledgeSourceRequest.ts +5 -0
package/src/generated/CreateRunEventRequest.ts +8 -0
package/src/generated/CreateRunRequest.ts +5 -0
package/src/generated/CreateWorkspaceRequest.ts +7 -0
package/src/generated/DashboardApiKey.ts +11 -0
package/src/generated/DashboardKnowledgeSourceKind.ts +3 -0
package/src/generated/Decision.ts +12 -0
package/src/generated/GuardrailGenerateResponse.ts +11 -0
package/src/generated/GuardrailListResponse.ts +7 -0
package/src/generated/InviteListResponse.ts +4 -0
package/src/generated/InviteStatus.ts +6 -0
package/src/generated/KnowledgeFileInput.ts +3 -0
package/src/generated/KnowledgeFileMetadata.ts +3 -0
package/src/generated/KnowledgeSource.ts +4 -0
package/src/generated/KnowledgeSourceDocument.ts +17 -0
package/src/generated/KnowledgeSourceFileResponse.ts +3 -0
package/src/generated/KnowledgeSourceKind.ts +3 -0
package/src/generated/KnowledgeSourceListResponse.ts +4 -0
package/src/generated/KnowledgeSourceStatus.ts +3 -0
package/src/generated/MemberListResponse.ts +4 -0
package/src/generated/MyWorkspace.ts +8 -0
package/src/generated/MyWorkspacesResponse.ts +4 -0
package/src/generated/PolicyAction.ts +6 -0
package/src/generated/PolicyBatchSetEnabledRequest.ts +3 -0
package/src/generated/PolicyBatchSetEnabledResponse.ts +4 -0
package/src/generated/PolicyDocument.ts +4 -0
package/src/generated/PolicyDraft.ts +11 -0
package/src/generated/PolicyDraftRequest.ts +6 -0
package/src/generated/PolicyDraftResponse.ts +4 -0
package/src/generated/PolicyListResponse.ts +4 -0
package/src/generated/PolicyMatchType.ts +7 -0
package/src/generated/PolicySetEnabledRequest.ts +3 -0
package/src/generated/PolicySummary.ts +4 -0
package/src/generated/PolicyValidateResponse.ts +4 -0
package/src/generated/PolicyValidationIssue.ts +3 -0
package/src/generated/README.md +1 -0
package/src/generated/RunDetail.ts +6 -0
package/src/generated/RunEventKind.ts +3 -0
package/src/generated/RunEventListResponse.ts +4 -0
package/src/generated/RunEventSummary.ts +12 -0
package/src/generated/RunKind.ts +3 -0
package/src/generated/RunListResponse.ts +4 -0
package/src/generated/RunStatus.ts +3 -0
package/src/generated/RunSummary.ts +21 -0
package/src/generated/Severity.ts +3 -0
package/src/generated/Tier.ts +6 -0
package/src/generated/TierResult.ts +9 -0
package/src/generated/TierStatus.ts +6 -0
package/src/generated/TraceListResponse.ts +4 -0
package/src/generated/TraceSummary.ts +7 -0
package/src/generated/TriggeredPolicy.ts +4 -0
package/src/generated/UpdateRunRequest.ts +9 -0
package/src/generated/Verdict.ts +6 -0
package/src/generated/WorkspaceInvite.ts +14 -0
package/src/generated/WorkspaceMember.ts +11 -0
package/src/generated/WorkspaceRole.ts +7 -0
package/src/generated/WorkspaceSettings.ts +7 -0
package/src/guard.ts +492 -0
package/src/index.ts +97 -0
package/src/retry.ts +67 -0

package/dist/client.d.ts ADDED Viewed

@@ -0,0 +1,98 @@
+import type { CheckRequest } from './generated/CheckRequest';
+import type { Decision } from './generated/Decision';
+import type { AgentListResponse } from './generated/AgentListResponse';
+import type { AgentProfile } from './generated/AgentProfile';
+import type { ApiKeyBatchRevokeResponse } from './generated/ApiKeyBatchRevokeResponse';
+import type { GuardrailGenerateResponse } from './generated/GuardrailGenerateResponse';
+import type { GuardrailListResponse } from './generated/GuardrailListResponse';
+import type { PolicyDocument } from './generated/PolicyDocument';
+import type { PolicyBatchSetEnabledResponse } from './generated/PolicyBatchSetEnabledResponse';
+import type { PolicyDraftResponse } from './generated/PolicyDraftResponse';
+import type { PolicyListResponse } from './generated/PolicyListResponse';
+import type { PolicyValidateResponse } from './generated/PolicyValidateResponse';
+import type { CreateRunEventRequest } from './generated/CreateRunEventRequest';
+import type { CreateRunRequest } from './generated/CreateRunRequest';
+import type { RunDetail } from './generated/RunDetail';
+import type { RunEventListResponse } from './generated/RunEventListResponse';
+import type { RunEventSummary } from './generated/RunEventSummary';
+import type { RunListResponse } from './generated/RunListResponse';
+import type { RunStatus } from './generated/RunStatus';
+import type { RunSummary } from './generated/RunSummary';
+import type { TraceListResponse } from './generated/TraceListResponse';
+import type { UpdateRunRequest } from './generated/UpdateRunRequest';
+import { SdkError } from './errors';
+import { type RetryConfig } from './retry';
+export interface ClientOptions {
+    baseUrl: string;
+    apiKey?: string;
+    fetchImpl?: typeof fetch;
+    retry?: RetryConfig;
+    /**
+     * Hook invoked once per retry decision. Useful for surfacing retry
+     * activity in logs / OpenTelemetry without forcing a logger
+     * dependency on the SDK.
+     */
+    onRetry?: (info: {
+        attempt: number;
+        delayS: number;
+        error: SdkError;
+    }) => void;
+}
+export declare class Client {
+    private readonly baseUrl;
+    private readonly apiKey;
+    private readonly fetchImpl;
+    private readonly retry;
+    private readonly onRetry;
+    constructor(opts: ClientOptions);
+    check(req: CheckRequest, signal?: AbortSignal): Promise<Decision>;
+    startRun(req: Omit<CreateRunRequest, 'metadata'> & {
+        metadata?: Record<string, unknown>;
+    }, signal?: AbortSignal): Promise<RunSummary>;
+    listRuns(signal?: AbortSignal): Promise<RunListResponse>;
+    getRun(runId: string, signal?: AbortSignal): Promise<RunDetail>;
+    updateRun(runId: string, req: UpdateRunRequest, signal?: AbortSignal): Promise<RunSummary>;
+    finishRun(runId: string, status?: Extract<RunStatus, 'completed' | 'failed' | 'canceled'>, signal?: AbortSignal): Promise<RunSummary>;
+    createRunEvent(runId: string, req: Omit<CreateRunEventRequest, 'metadata'> & {
+        metadata?: Record<string, unknown>;
+    }, signal?: AbortSignal): Promise<RunEventSummary>;
+    listRunEvents(runId: string, signal?: AbortSignal): Promise<RunEventListResponse>;
+    listRunTraces(runId: string, signal?: AbortSignal): Promise<TraceListResponse>;
+    validatePolicy(source: string, signal?: AbortSignal): Promise<PolicyValidateResponse>;
+    listPolicies(signal?: AbortSignal): Promise<PolicyListResponse>;
+    listAgents(signal?: AbortSignal): Promise<AgentListResponse>;
+    upsertAgent(profile: AgentProfile, signal?: AbortSignal): Promise<AgentProfile>;
+    getPolicy(policyId: string, signal?: AbortSignal): Promise<PolicyDocument>;
+    upsertPolicy(source: string, signal?: AbortSignal): Promise<PolicyDocument>;
+    setPolicyEnabled(policyId: string, enabled: boolean, signal?: AbortSignal): Promise<PolicyDocument>;
+    batchSetPolicyEnabled(policyIds: string[], enabled: boolean, signal?: AbortSignal): Promise<PolicyBatchSetEnabledResponse>;
+    /**
+     * LLM-draft a policy skeleton from a natural-language prompt. The
+     * server holds the provider key; the response is a strict, typed
+     * `PolicyDraftResponse`. Returns a 503-mapped `Unavailable` error when
+     * the deployment has no LLM configured.
+     */
+    draftPolicy(prompt: string, signal?: AbortSignal): Promise<PolicyDraftResponse>;
+    /**
+     * Derive a guardrail policy set from the agent's stored `system_prompt`,
+     * auto-persist each draft with `enabled=false`, and return what was
+     * saved. The caller must have previously registered the agent (with a
+     * non-empty `system_prompt`) via `POST /v1/agents`.
+     *
+     * Errors:
+     * - `NotFound` (404) — agent is not registered.
+     * - `Unprocessable` (422) — agent has no `system_prompt`.
+     * - `Unavailable` (503) — the deployment has no LLM configured.
+     */
+    generateGuardrails(agentId: string, signal?: AbortSignal): Promise<GuardrailGenerateResponse>;
+    /**
+     * List policies owned by an agent. Empty when the agent has none or
+     * doesn't exist — existence is the caller's concern.
+     */
+    listGuardrails(agentId: string, signal?: AbortSignal): Promise<GuardrailListResponse>;
+    deletePolicy(policyId: string, signal?: AbortSignal): Promise<void>;
+    batchRevokeApiKeys(apiKeyIds: string[], signal?: AbortSignal): Promise<ApiKeyBatchRevokeResponse>;
+    private withRetry;
+    private sendText;
+    private sendJson;
+}

package/dist/client.js ADDED Viewed

@@ -0,0 +1,198 @@
+// Thin HTTP client. Mirrors the `Guard.check(draft, ctx)` plugin contract.
+//
+// Retry policy mirrors tl-sdk-rust and the Python SDK — same defaults,
+// same `nextDelay` semantics. Voice callers should pass
+// `{ ...DEFAULT_RETRY, maxAttempts: 1 }` to opt out.
+import { Decode, SdkError, Transport, fromResponse, parseRetryAfter } from './errors';
+import { DEFAULT_RETRY, nextDelay } from './retry';
+export class Client {
+    baseUrl;
+    apiKey;
+    fetchImpl;
+    retry;
+    onRetry;
+    constructor(opts) {
+        this.baseUrl = opts.baseUrl.replace(/\/$/, '');
+        this.apiKey = opts.apiKey;
+        this.fetchImpl = opts.fetchImpl ?? globalThis.fetch.bind(globalThis);
+        this.retry = opts.retry ?? DEFAULT_RETRY;
+        this.onRetry = opts.onRetry;
+    }
+    async check(req, signal) {
+        return this.withRetry((signal) => this.sendJson('/v1/check', {
+            method: 'POST',
+            body: JSON.stringify(req),
+        }, signal), signal);
+    }
+    async startRun(req, signal) {
+        return this.withRetry((signal) => this.sendJson('/v1/runs', {
+            method: 'POST',
+            body: JSON.stringify({ metadata: {}, ...req }),
+        }, signal), signal);
+    }
+    async listRuns(signal) {
+        return this.withRetry((signal) => this.sendJson('/v1/runs', { method: 'GET' }, signal), signal);
+    }
+    async getRun(runId, signal) {
+        return this.withRetry((signal) => this.sendJson(`/v1/runs/${encodeURIComponent(runId)}`, { method: 'GET' }, signal), signal);
+    }
+    async updateRun(runId, req, signal) {
+        return this.withRetry((signal) => this.sendJson(`/v1/runs/${encodeURIComponent(runId)}`, {
+            method: 'PATCH',
+            body: JSON.stringify(req),
+        }, signal), signal);
+    }
+    async finishRun(runId, status = 'completed', signal) {
+        return this.updateRun(runId, { status }, signal);
+    }
+    async createRunEvent(runId, req, signal) {
+        return this.withRetry((signal) => this.sendJson(`/v1/runs/${encodeURIComponent(runId)}/events`, {
+            method: 'POST',
+            body: JSON.stringify({ metadata: {}, ...req }),
+        }, signal), signal);
+    }
+    async listRunEvents(runId, signal) {
+        return this.withRetry((signal) => this.sendJson(`/v1/runs/${encodeURIComponent(runId)}/events`, { method: 'GET' }, signal), signal);
+    }
+    async listRunTraces(runId, signal) {
+        return this.withRetry((signal) => this.sendJson(`/v1/runs/${encodeURIComponent(runId)}/traces`, { method: 'GET' }, signal), signal);
+    }
+    async validatePolicy(source, signal) {
+        return this.withRetry((signal) => this.sendText('/v1/policies/validate', 'POST', source, 'application/yaml', signal), signal);
+    }
+    async listPolicies(signal) {
+        return this.withRetry((signal) => this.sendJson('/v1/policies', { method: 'GET' }, signal), signal);
+    }
+    async listAgents(signal) {
+        return this.withRetry((signal) => this.sendJson('/v1/agents', { method: 'GET' }, signal), signal);
+    }
+    async upsertAgent(profile, signal) {
+        return this.withRetry((signal) => this.sendJson('/v1/agents', {
+            method: 'POST',
+            body: JSON.stringify(profile),
+        }, signal), signal);
+    }
+    async getPolicy(policyId, signal) {
+        return this.withRetry((signal) => this.sendJson(`/v1/policies/${encodeURIComponent(policyId)}`, { method: 'GET' }, signal), signal);
+    }
+    async upsertPolicy(source, signal) {
+        return this.withRetry((signal) => this.sendText('/v1/policies', 'POST', source, 'application/yaml', signal), signal);
+    }
+    async setPolicyEnabled(policyId, enabled, signal) {
+        return this.withRetry((signal) => this.sendJson(`/v1/policies/${encodeURIComponent(policyId)}/enabled`, {
+            method: 'PATCH',
+            body: JSON.stringify({ enabled }),
+        }, signal), signal);
+    }
+    async batchSetPolicyEnabled(policyIds, enabled, signal) {
+        return this.withRetry((signal) => this.sendJson('/v1/policies/batch/enabled', {
+            method: 'PATCH',
+            body: JSON.stringify({ ids: policyIds, enabled }),
+        }, signal), signal);
+    }
+    /**
+     * LLM-draft a policy skeleton from a natural-language prompt. The
+     * server holds the provider key; the response is a strict, typed
+     * `PolicyDraftResponse`. Returns a 503-mapped `Unavailable` error when
+     * the deployment has no LLM configured.
+     */
+    async draftPolicy(prompt, signal) {
+        return this.withRetry((signal) => this.sendJson('/v1/policies/draft', {
+            method: 'POST',
+            body: JSON.stringify({ prompt }),
+        }, signal), signal);
+    }
+    /**
+     * Derive a guardrail policy set from the agent's stored `system_prompt`,
+     * auto-persist each draft with `enabled=false`, and return what was
+     * saved. The caller must have previously registered the agent (with a
+     * non-empty `system_prompt`) via `POST /v1/agents`.
+     *
+     * Errors:
+     * - `NotFound` (404) — agent is not registered.
+     * - `Unprocessable` (422) — agent has no `system_prompt`.
+     * - `Unavailable` (503) — the deployment has no LLM configured.
+     */
+    async generateGuardrails(agentId, signal) {
+        return this.withRetry((signal) => this.sendJson(`/v1/agents/${encodeURIComponent(agentId)}/guardrails/generate`, { method: 'POST' }, signal), signal);
+    }
+    /**
+     * List policies owned by an agent. Empty when the agent has none or
+     * doesn't exist — existence is the caller's concern.
+     */
+    async listGuardrails(agentId, signal) {
+        return this.withRetry((signal) => this.sendJson(`/v1/agents/${encodeURIComponent(agentId)}/guardrails`, { method: 'GET' }, signal), signal);
+    }
+    async deletePolicy(policyId, signal) {
+        return this.withRetry((signal) => this.sendJson(`/v1/policies/${encodeURIComponent(policyId)}`, { method: 'DELETE' }, signal), signal);
+    }
+    async batchRevokeApiKeys(apiKeyIds, signal) {
+        return this.withRetry((signal) => this.sendJson('/v1/api-keys/batch/revoke', {
+            method: 'PATCH',
+            body: JSON.stringify({ ids: apiKeyIds }),
+        }, signal), signal);
+    }
+    async withRetry(send, signal) {
+        const start = performance.now();
+        let attempt = 0;
+        while (true) {
+            attempt += 1;
+            try {
+                return await send(signal);
+            }
+            catch (e) {
+                if (!(e instanceof SdkError))
+                    throw e;
+                const elapsedS = (performance.now() - start) / 1000;
+                const delay = nextDelay(this.retry, attempt, elapsedS, e, Math.random());
+                if (delay === undefined)
+                    throw e;
+                this.onRetry?.({ attempt, delayS: delay, error: e });
+                await new Promise((resolve) => setTimeout(resolve, delay * 1000));
+            }
+        }
+    }
+    async sendText(path, method, body, contentType, signal) {
+        return this.sendJson(path, {
+            method,
+            headers: { 'content-type': contentType },
+            body,
+        }, signal);
+    }
+    async sendJson(path, init, signal) {
+        const headers = {
+            'content-type': 'application/json',
+            ...(init.headers ?? {}),
+        };
+        if (this.apiKey !== undefined) {
+            headers['authorization'] = `Bearer ${this.apiKey}`;
+        }
+        const requestInit = {
+            ...init,
+            headers,
+        };
+        if (signal !== undefined) {
+            requestInit.signal = signal;
+        }
+        let res;
+        try {
+            res = await this.fetchImpl(`${this.baseUrl}${path}`, requestInit);
+        }
+        catch (e) {
+            throw new Transport(e instanceof Error ? e.message : String(e));
+        }
+        if (res.status === 204)
+            return undefined;
+        if (res.ok) {
+            try {
+                return (await res.json());
+            }
+            catch (e) {
+                throw new Decode(`failed to parse response: ${String(e)}`);
+            }
+        }
+        const retryAfter = parseRetryAfter(res.headers.get('retry-after'));
+        const body = await res.text().catch(() => '');
+        throw fromResponse(res.status, body, retryAfter);
+    }
+}

package/dist/errors.d.ts ADDED Viewed

@@ -0,0 +1,46 @@
+import type { ApiError } from './generated/ApiError';
+import type { ApiErrorCode } from './generated/ApiErrorCode';
+export declare function codeFromHttpStatus(status: number): ApiErrorCode;
+export declare function synthesizeApiError(status: number, body: string): ApiError;
+export declare class SdkError extends Error {
+    readonly error: ApiError;
+    constructor(error: ApiError);
+    get code(): ApiErrorCode;
+    isRetriable(): boolean;
+}
+export declare class Invalid extends SdkError {
+    constructor(error: ApiError);
+}
+export declare class Unauthorized extends SdkError {
+    constructor(error: ApiError);
+}
+export declare class Forbidden extends SdkError {
+    constructor(error: ApiError);
+}
+export declare class NotFound extends SdkError {
+    constructor(error: ApiError);
+}
+export declare class Gone extends SdkError {
+    constructor(error: ApiError);
+}
+export declare class Unprocessable extends SdkError {
+    constructor(error: ApiError);
+}
+export declare class RateLimited extends SdkError {
+    readonly retryAfter: number | undefined;
+    constructor(error: ApiError, retryAfter?: number);
+}
+export declare class Internal extends SdkError {
+    constructor(error: ApiError);
+}
+export declare class Unavailable extends SdkError {
+    constructor(error: ApiError);
+}
+export declare class Transport extends SdkError {
+    constructor(message: string);
+}
+export declare class Decode extends SdkError {
+    constructor(message: string);
+}
+export declare function fromResponse(status: number, body: string, retryAfter?: number): SdkError;
+export declare function parseRetryAfter(header: string | null | undefined): number | undefined;

package/dist/errors.js ADDED Viewed

@@ -0,0 +1,187 @@
+// Typed errors for the TrustLoopGuard TypeScript SDK.
+//
+// Mirrors `tl-sdk-rust`'s `SdkError` and the Python SDK's exception
+// hierarchy. Callers branch on `instanceof` (or on `error.code`) instead
+// of inspecting status codes:
+//
+//   try {
+//     await client.check(req);
+//   } catch (e) {
+//     if (e instanceof RateLimited) {
+//       await sleep((e.retryAfter ?? 1) * 1000);
+//     } else if (e instanceof Unauthorized) {
+//       refreshToken();
+//     }
+//   }
+//
+// The status -> code fallback table and retriable-by-default set are kept
+// in lockstep with `tl-core::ApiErrorCode::from_http_status` and the
+// Python `_STATUS_TO_CODE` dict — the parity is asserted by tests in
+// every SDK so they cannot drift silently.
+const STATUS_TO_CODE = {
+    400: 'invalid',
+    401: 'unauthorized',
+    403: 'forbidden',
+    404: 'not_found',
+    410: 'gone',
+    422: 'unprocessable',
+    429: 'rate_limited',
+    500: 'internal',
+    501: 'internal',
+    502: 'unavailable',
+    503: 'unavailable',
+    504: 'unavailable',
+};
+const DEFAULT_RETRIABLE = new Set([
+    'rate_limited',
+    'unavailable',
+]);
+export function codeFromHttpStatus(status) {
+    if (status in STATUS_TO_CODE) {
+        return STATUS_TO_CODE[status];
+    }
+    if (status >= 500 && status < 600)
+        return 'internal';
+    return 'invalid';
+}
+export function synthesizeApiError(status, body) {
+    const code = codeFromHttpStatus(status);
+    return {
+        code,
+        message: body || `server returned status ${status}`,
+        retriable: DEFAULT_RETRIABLE.has(code),
+        details: null,
+    };
+}
+export class SdkError extends Error {
+    error;
+    constructor(error) {
+        super(`${error.code}: ${error.message}`);
+        this.name = 'SdkError';
+        this.error = error;
+        // Preserve prototype chain for `instanceof` to work after transpile.
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+    get code() {
+        return this.error.code;
+    }
+    isRetriable() {
+        return this.error.retriable;
+    }
+}
+// One subclass per ApiErrorCode. The classes carry no extra behavior
+// beyond their name — they exist so callers can use `instanceof` and
+// stack traces are labeled. RateLimited is the one exception: it carries
+// the parsed Retry-After value.
+export class Invalid extends SdkError {
+    constructor(error) {
+        super(error);
+        this.name = 'Invalid';
+    }
+}
+export class Unauthorized extends SdkError {
+    constructor(error) {
+        super(error);
+        this.name = 'Unauthorized';
+    }
+}
+export class Forbidden extends SdkError {
+    constructor(error) {
+        super(error);
+        this.name = 'Forbidden';
+    }
+}
+export class NotFound extends SdkError {
+    constructor(error) {
+        super(error);
+        this.name = 'NotFound';
+    }
+}
+export class Gone extends SdkError {
+    constructor(error) {
+        super(error);
+        this.name = 'Gone';
+    }
+}
+export class Unprocessable extends SdkError {
+    constructor(error) {
+        super(error);
+        this.name = 'Unprocessable';
+    }
+}
+export class RateLimited extends SdkError {
+    retryAfter;
+    constructor(error, retryAfter) {
+        super(error);
+        this.name = 'RateLimited';
+        this.retryAfter = retryAfter;
+    }
+}
+export class Internal extends SdkError {
+    constructor(error) {
+        super(error);
+        this.name = 'Internal';
+    }
+}
+export class Unavailable extends SdkError {
+    constructor(error) {
+        super(error);
+        this.name = 'Unavailable';
+    }
+}
+export class Transport extends SdkError {
+    constructor(message) {
+        super({ code: 'unavailable', message, retriable: true, details: null });
+        this.name = 'Transport';
+    }
+}
+export class Decode extends SdkError {
+    constructor(message) {
+        super({ code: 'internal', message, retriable: false, details: null });
+        this.name = 'Decode';
+    }
+}
+const CODE_TO_CLASS = {
+    invalid: Invalid,
+    unauthorized: Unauthorized,
+    forbidden: Forbidden,
+    not_found: NotFound,
+    gone: Gone,
+    unprocessable: Unprocessable,
+    rate_limited: RateLimited,
+    internal: Internal,
+    unavailable: Unavailable,
+};
+function isApiError(value) {
+    if (typeof value !== 'object' || value === null)
+        return false;
+    const v = value;
+    return (typeof v.code === 'string' &&
+        typeof v.message === 'string' &&
+        typeof v.retriable === 'boolean' &&
+        v.code in CODE_TO_CLASS);
+}
+export function fromResponse(status, body, retryAfter) {
+    let apiErr;
+    try {
+        const parsed = JSON.parse(body);
+        apiErr = isApiError(parsed) ? parsed : synthesizeApiError(status, body);
+    }
+    catch {
+        apiErr = synthesizeApiError(status, body);
+    }
+    if (apiErr.code === 'rate_limited') {
+        return new RateLimited(apiErr, retryAfter);
+    }
+    const Cls = CODE_TO_CLASS[apiErr.code];
+    return new Cls(apiErr);
+}
+export function parseRetryAfter(header) {
+    if (header === null || header === undefined)
+        return undefined;
+    const trimmed = header.trim();
+    const n = Number(trimmed);
+    if (!Number.isFinite(n))
+        return undefined;
+    return n;
+}

package/dist/generated/AgentAuthority.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export type AgentAuthority = {
+    can_promise: Array<string>;
+    cannot_promise: Array<string>;
+};

package/dist/generated/AgentAuthority.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
2	+ export {};

package/dist/generated/AgentListResponse.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { AgentProfile } from "./AgentProfile";
+export type AgentListResponse = {
+    agents: Array<AgentProfile>;
+};

package/dist/generated/AgentListResponse.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/generated/AgentProfile.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import type { AgentAuthority } from "./AgentAuthority";
+import type { AgentScope } from "./AgentScope";
+import type { AgentTone } from "./AgentTone";
+import type { KnowledgeSource } from "./KnowledgeSource";
+/**
+ * What an agent is, what it may claim, and how it should sound.
+ *
+ * Authored as YAML by the customer (see `policies/agents/*.yaml`), parsed
+ * by `tl-policy::load_agent_str`, persisted in Postgres, cached in process,
+ * and consulted by Tier 2 (out-of-scope embedding lookup) and Tier 3
+ * (LLM judge ground truth).
+ */
+export type AgentProfile = {
+    agent_id: string;
+    display_name: string;
+    scope: AgentScope;
+    authority: AgentAuthority;
+    tone: AgentTone;
+    knowledge_sources: Array<KnowledgeSource>;
+    escalation_triggers: Array<string>;
+    /**
+     * Raw system prompt the customer ships to their LLM. Source of truth
+     * for auto-generating guardrails: `POST /v1/agents/{id}/guardrails:generate`
+     * reads this and asks an LLM to derive a policy set tailored to it.
+     * Optional at the type level so existing profiles keep deserializing;
+     * the generate endpoint enforces presence at call time.
+     */
+    system_prompt?: string;
+};

package/dist/generated/AgentProfile.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/generated/AgentScope.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export type AgentScope = {
+    in_scope: Array<string>;
+    out_of_scope: Array<string>;
+};

package/dist/generated/AgentScope.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
2	+ export {};

package/dist/generated/AgentTone.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export type AgentTone = {
+    target: string;
+    forbidden: Array<string>;
+};

package/dist/generated/AgentTone.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
2	+ export {};

package/dist/generated/ApiError.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import type { ApiErrorCode } from "./ApiErrorCode";
+/**
+ * Canonical error envelope returned on non-2xx responses from every
+ * TrustLoopGuard endpoint. SDKs deserialize this body to produce typed
+ * errors; integrators don't have to inspect status codes by hand.
+ *
+ * The shape is intentionally minimal — `code` drives SDK-side fan-out,
+ * `message` is for logs, `retriable` tells callers whether the same
+ * request may be retried, and `details` is opaque so the server can
+ * add validation field paths without breaking SDKs.
+ */
+export type ApiError = {
+    code: ApiErrorCode;
+    message: string;
+    /**
+     * Whether the caller may retry the same request without modification.
+     * SDKs honor `Retry-After` when present in addition to this flag.
+     */
+    retriable: boolean;
+    /**
+     * Opaque structured details (e.g. validation field path).
+     * Defaults to `null`; servers may add fields without breaking SDKs.
+     */
+    details: Record<string, unknown> | null;
+};

package/dist/generated/ApiError.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/generated/ApiErrorCode.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Stable error code dictionary. Add variants here when introducing new
+ * failure modes; never repurpose an existing variant — SDK callers may
+ * be branching on it.
+ */
+export type ApiErrorCode = "invalid" | "unauthorized" | "forbidden" | "not_found" | "gone" | "unprocessable" | "rate_limited" | "internal" | "unavailable";

package/dist/generated/ApiErrorCode.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
2	+ export {};

package/dist/generated/ApiKeyBatchRevokeRequest.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export type ApiKeyBatchRevokeRequest = {
+    ids: Array<string>;
+};

package/dist/generated/ApiKeyBatchRevokeRequest.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
2	+ export {};

package/dist/generated/ApiKeyBatchRevokeResponse.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { DashboardApiKey } from "./DashboardApiKey";
+export type ApiKeyBatchRevokeResponse = {
+    api_keys: Array<DashboardApiKey>;
+};

package/dist/generated/ApiKeyBatchRevokeResponse.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/generated/ApiKeyListResponse.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { DashboardApiKey } from "./DashboardApiKey";
+export type ApiKeyListResponse = {
+    api_keys: Array<DashboardApiKey>;
+};

package/dist/generated/ApiKeyListResponse.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};