@vaikora/sdk 0.2.0

package/dist/index.js

@@ -0,0 +1,1780 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AgentFrozenError: () => AgentFrozenError,
+  AgentIdentity: () => AgentIdentity,
+  ApprovalDeniedException: () => ApprovalDeniedException,
+  ApprovalRequiredException: () => ApprovalRequiredException,
+  ApprovalStatus: () => ApprovalStatus,
+  AuthenticationError: () => AuthenticationError,
+  AuthorizationError: () => AuthorizationError,
+  CircuitBreaker: () => CircuitBreaker,
+  CircuitBreakerOpenError: () => CircuitBreakerOpenError,
+  CircuitState: () => CircuitState,
+  ConflictError: () => ConflictError,
+  ContextLevel: () => ContextLevel,
+  EmergencyController: () => EmergencyController,
+  ExecutionContext: () => ExecutionContext,
+  ExecutionMode: () => ExecutionMode,
+  FreezeReason: () => FreezeReason,
+  FreezeScope: () => FreezeScope,
+  InterceptorAction: () => InterceptorAction,
+  NetworkError: () => NetworkError,
+  NotFoundError: () => NotFoundError,
+  PolicyDeniedException: () => PolicyDeniedException,
+  PolicyViolationError: () => PolicyViolationError,
+  RateLimitError: () => RateLimitError,
+  ServerError: () => ServerError,
+  TimeoutError: () => TimeoutError,
+  VaikoraClient: () => VaikoraClient,
+  VaikoraError: () => VaikoraError,
+  VaikoraInterceptor: () => VaikoraInterceptor,
+  ValidationError: () => ValidationError,
+  ValidationException: () => ValidationException,
+  assertNotFrozen: () => assertNotFrozen,
+  clearContext: () => clearContext,
+  configure: () => configure,
+  createInterceptor: () => createInterceptor,
+  freezeAgent: () => freezeAgent,
+  frozenGuard: () => frozenGuard,
+  getAgentId: () => getAgentId,
+  getClient: () => getClient,
+  getCurrentContext: () => getCurrentContext,
+  getFreezeState: () => getFreezeState,
+  interceptor: () => interceptor,
+  isAgentFrozen: () => isAgentFrozen,
+  raiseForStatus: () => raiseForStatus,
+  register: () => register,
+  resumeAgent: () => resumeAgent,
+  secureAction: () => secureAction,
+  setAgentId: () => setAgentId,
+  setCurrentContext: () => setCurrentContext,
+  submitAction: () => submitAction,
+  validateData: () => validateData,
+  withContext: () => withContext,
+  withContextScope: () => withContextScope,
+  wrapAction: () => wrapAction
+});
+module.exports = __toCommonJS(index_exports);
+var import_axios = __toESM(require("axios"));
+var import_axios_retry = __toESM(require("axios-retry"));
+
+// src/errors.ts
+var VaikoraError = class extends Error {
+  statusCode;
+  responseData;
+  constructor(message, statusCode, responseData) {
+    super(message);
+    this.name = "VaikoraError";
+    this.statusCode = statusCode;
+    this.responseData = responseData;
+  }
+};
+var AuthenticationError = class extends VaikoraError {
+  constructor(message, statusCode, responseData) {
+    super(message, statusCode, responseData);
+    this.name = "AuthenticationError";
+  }
+};
+var AuthorizationError = class extends VaikoraError {
+  constructor(message, statusCode, responseData) {
+    super(message, statusCode, responseData);
+    this.name = "AuthorizationError";
+  }
+};
+var RateLimitError = class extends VaikoraError {
+  retryAfter;
+  constructor(message, retryAfter, statusCode, responseData) {
+    super(message, statusCode, responseData);
+    this.name = "RateLimitError";
+    this.retryAfter = retryAfter;
+  }
+};
+var PolicyViolationError = class extends VaikoraError {
+  policyId;
+  policyName;
+  constructor(message, policyId, policyName, statusCode, responseData) {
+    super(message, statusCode, responseData);
+    this.name = "PolicyViolationError";
+    this.policyId = policyId;
+    this.policyName = policyName;
+  }
+};
+var NetworkError = class extends VaikoraError {
+  constructor(message) {
+    super(message);
+    this.name = "NetworkError";
+  }
+};
+var TimeoutError = class extends NetworkError {
+  constructor(message) {
+    super(message);
+    this.name = "TimeoutError";
+  }
+};
+var ValidationError = class extends VaikoraError {
+  errors;
+  constructor(message, errors, statusCode, responseData) {
+    super(message, statusCode, responseData);
+    this.name = "ValidationError";
+    this.errors = errors;
+  }
+};
+var NotFoundError = class extends VaikoraError {
+  constructor(message, statusCode, responseData) {
+    super(message, statusCode, responseData);
+    this.name = "NotFoundError";
+  }
+};
+var ConflictError = class extends VaikoraError {
+  constructor(message, statusCode, responseData) {
+    super(message, statusCode, responseData);
+    this.name = "ConflictError";
+  }
+};
+var ServerError = class extends VaikoraError {
+  constructor(message, statusCode, responseData) {
+    super(message, statusCode, responseData);
+    this.name = "ServerError";
+  }
+};
+function raiseForStatus(statusCode, responseData) {
+  const message = responseData.detail || responseData.message || "Unknown error";
+  if (statusCode === 401) {
+    throw new AuthenticationError(message, statusCode, responseData);
+  } else if (statusCode === 403) {
+    throw new AuthorizationError(message, statusCode, responseData);
+  } else if (statusCode === 404) {
+    throw new NotFoundError(message, statusCode, responseData);
+  } else if (statusCode === 409) {
+    throw new ConflictError(message, statusCode, responseData);
+  } else if (statusCode === 422) {
+    const errors = responseData.errors || responseData.detail;
+    const errorList = Array.isArray(errors) ? errors : typeof errors === "string" ? [{ msg: errors }] : [];
+    throw new ValidationError(message, errorList, statusCode, responseData);
+  } else if (statusCode === 429) {
+    const retryAfter = responseData.retry_after;
+    throw new RateLimitError(message, retryAfter, statusCode, responseData);
+  } else if (statusCode >= 400 && statusCode < 500) {
+    if (message.toLowerCase().includes("policy") || responseData.policy_id) {
+      throw new PolicyViolationError(
+        message,
+        responseData.policy_id,
+        responseData.policy_name,
+        statusCode,
+        responseData
+      );
+    }
+    throw new VaikoraError(message, statusCode, responseData);
+  } else if (statusCode >= 500) {
+    throw new ServerError(message, statusCode, responseData);
+  }
+  throw new VaikoraError(message, statusCode, responseData);
+}
+
+// src/utils.ts
+function toCamelCase(str) {
+  return str.replace(/_([a-z])/g, (_, letter) => letter.toUpperCase());
+}
+function toSnakeCase(str) {
+  return str.replace(/[A-Z]/g, (letter) => `_${letter.toLowerCase()}`);
+}
+function transformKeysToCamel(obj) {
+  if (Array.isArray(obj)) {
+    return obj.map((item) => transformKeysToCamel(item));
+  }
+  if (obj !== null && typeof obj === "object") {
+    return Object.entries(obj).reduce(
+      (acc, [key, value]) => ({
+        ...acc,
+        [toCamelCase(key)]: transformKeysToCamel(value)
+      }),
+      {}
+    );
+  }
+  return obj;
+}
+function transformKeysToSnake(obj) {
+  if (Array.isArray(obj)) {
+    return obj.map((item) => transformKeysToSnake(item));
+  }
+  if (obj !== null && typeof obj === "object") {
+    return Object.entries(obj).reduce(
+      (acc, [key, value]) => ({
+        ...acc,
+        [toSnakeCase(key)]: transformKeysToSnake(value)
+      }),
+      {}
+    );
+  }
+  return obj;
+}
+function removeUndefined(obj) {
+  return Object.fromEntries(
+    Object.entries(obj).filter(([, value]) => value !== void 0)
+  );
+}
+function formatDate(date) {
+  if (!date) return void 0;
+  if (typeof date === "string") return date;
+  return date.toISOString();
+}
+
+// src/emergency.ts
+var FreezeReason = /* @__PURE__ */ ((FreezeReason2) => {
+  FreezeReason2["MANUAL"] = "manual";
+  FreezeReason2["POLICY_VIOLATION"] = "policy_violation";
+  FreezeReason2["ANOMALY_DETECTED"] = "anomaly_detected";
+  FreezeReason2["RATE_LIMIT"] = "rate_limit";
+  FreezeReason2["SECURITY_THREAT"] = "security_threat";
+  FreezeReason2["SYSTEM_OVERLOAD"] = "system_overload";
+  FreezeReason2["CIRCUIT_BREAKER"] = "circuit_breaker";
+  FreezeReason2["MAINTENANCE"] = "maintenance";
+  return FreezeReason2;
+})(FreezeReason || {});
+var FreezeScope = /* @__PURE__ */ ((FreezeScope2) => {
+  FreezeScope2["ALL_ACTIONS"] = "all_actions";
+  FreezeScope2["WRITE_ACTIONS"] = "write_actions";
+  FreezeScope2["SPECIFIC_RESOURCE"] = "specific_resource";
+  FreezeScope2["SPECIFIC_ACTION_TYPE"] = "specific_action_type";
+  return FreezeScope2;
+})(FreezeScope || {});
+var CircuitState = /* @__PURE__ */ ((CircuitState2) => {
+  CircuitState2["CLOSED"] = "closed";
+  CircuitState2["OPEN"] = "open";
+  CircuitState2["HALF_OPEN"] = "half_open";
+  return CircuitState2;
+})(CircuitState || {});
+var CircuitBreaker = class {
+  name;
+  config;
+  state = "closed" /* CLOSED */;
+  failureCount = 0;
+  successCount = 0;
+  lastFailureTime;
+  halfOpenCalls = 0;
+  constructor(name, config) {
+    this.name = name;
+    this.config = {
+      failureThreshold: config?.failureThreshold ?? 5,
+      successThreshold: config?.successThreshold ?? 3,
+      timeoutSeconds: config?.timeoutSeconds ?? 60,
+      halfOpenMaxCalls: config?.halfOpenMaxCalls ?? 3
+    };
+  }
+  /**
+   * Check if circuit is open (blocking).
+   */
+  isOpen() {
+    if (this.state === "open" /* OPEN */) {
+      if (this.lastFailureTime) {
+        const elapsed = (Date.now() - this.lastFailureTime) / 1e3;
+        if (elapsed >= this.config.timeoutSeconds) {
+          this.state = "half_open" /* HALF_OPEN */;
+          this.halfOpenCalls = 0;
+          return false;
+        }
+      }
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Record a successful call.
+   */
+  recordSuccess() {
+    if (this.state === "half_open" /* HALF_OPEN */) {
+      this.successCount++;
+      if (this.successCount >= this.config.successThreshold) {
+        this.state = "closed" /* CLOSED */;
+        this.failureCount = 0;
+        this.successCount = 0;
+      }
+    } else if (this.state === "closed" /* CLOSED */) {
+      this.failureCount = Math.max(0, this.failureCount - 1);
+    }
+  }
+  /**
+   * Record a failed call.
+   */
+  recordFailure() {
+    this.failureCount++;
+    this.lastFailureTime = Date.now();
+    if (this.state === "half_open" /* HALF_OPEN */) {
+      this.state = "open" /* OPEN */;
+      this.successCount = 0;
+    } else if (this.failureCount >= this.config.failureThreshold) {
+      this.state = "open" /* OPEN */;
+      this.successCount = 0;
+    }
+  }
+  /**
+   * Check if request should be allowed.
+   */
+  allowRequest() {
+    if (this.isOpen()) {
+      return false;
+    }
+    if (this.state === "half_open" /* HALF_OPEN */) {
+      if (this.halfOpenCalls >= this.config.halfOpenMaxCalls) {
+        return false;
+      }
+      this.halfOpenCalls++;
+    }
+    return true;
+  }
+  /**
+   * Wrap a function with circuit breaker protection.
+   */
+  wrap(fn) {
+    if (!this.allowRequest()) {
+      return Promise.reject(new CircuitBreakerOpenError(`Circuit breaker '${this.name}' is open`));
+    }
+    return fn().then((result) => {
+      this.recordSuccess();
+      return result;
+    }).catch((error) => {
+      this.recordFailure();
+      throw error;
+    });
+  }
+};
+var CircuitBreakerOpenError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "CircuitBreakerOpenError";
+  }
+};
+var AgentFrozenError = class extends Error {
+  freezeState;
+  constructor(message, freezeState) {
+    super(message);
+    this.name = "AgentFrozenError";
+    this.freezeState = freezeState;
+  }
+};
+var EmergencyController = class {
+  agentId;
+  freezeState;
+  circuitBreakers = /* @__PURE__ */ new Map();
+  freezeCallbacks = [];
+  resumeCallbacks = [];
+  rateLimits = /* @__PURE__ */ new Map();
+  constructor(agentId) {
+    this.agentId = agentId;
+    this.freezeState = {
+      isFrozen: false,
+      scope: "all_actions" /* ALL_ACTIONS */,
+      affectedResources: [],
+      affectedActionTypes: [],
+      metadata: {}
+    };
+  }
+  /**
+   * Check if agent is currently frozen.
+   */
+  get isFrozen() {
+    if (this.isExpired()) {
+      this.autoUnfreeze();
+    }
+    return this.freezeState.isFrozen;
+  }
+  /**
+   * Get current freeze state.
+   */
+  getFreezeState() {
+    return { ...this.freezeState };
+  }
+  /**
+   * Check if freeze has expired.
+   */
+  isExpired() {
+    if (!this.freezeState.freezeUntil) return false;
+    return /* @__PURE__ */ new Date() > this.freezeState.freezeUntil;
+  }
+  /**
+   * Freeze the agent immediately.
+   */
+  freeze(options) {
+    const now = /* @__PURE__ */ new Date();
+    let freezeUntil;
+    if (options.durationSeconds) {
+      freezeUntil = new Date(now.getTime() + options.durationSeconds * 1e3);
+    }
+    this.freezeState = {
+      isFrozen: true,
+      reason: options.reason,
+      scope: options.scope ?? "all_actions" /* ALL_ACTIONS */,
+      frozenAt: now,
+      frozenBy: options.frozenBy ?? "system",
+      freezeUntil,
+      affectedResources: options.affectedResources ?? [],
+      affectedActionTypes: options.affectedActionTypes ?? [],
+      message: options.message,
+      metadata: options.metadata ?? {}
+    };
+    console.warn(
+      `Agent ${this.agentId} FROZEN: reason=${options.reason}, scope=${options.scope ?? "all_actions"}, by=${options.frozenBy ?? "system"}`
+    );
+    for (const callback of this.freezeCallbacks) {
+      try {
+        callback(this.freezeState);
+      } catch (e) {
+        console.error("Freeze callback failed:", e);
+      }
+    }
+    return this.getFreezeState();
+  }
+  /**
+   * Resume agent operations.
+   */
+  resume(options = {}) {
+    if (!this.freezeState.isFrozen) {
+      return this.getFreezeState();
+    }
+    if (options.verificationPassed === false) {
+      console.warn(`Resume denied for agent ${this.agentId}: verification failed`);
+      return this.getFreezeState();
+    }
+    const oldState = { ...this.freezeState };
+    this.freezeState = {
+      isFrozen: false,
+      scope: "all_actions" /* ALL_ACTIONS */,
+      affectedResources: [],
+      affectedActionTypes: [],
+      metadata: {}
+    };
+    console.info(
+      `Agent ${this.agentId} RESUMED: by=${options.resumedBy ?? "system"}, was_frozen_for=${oldState.reason ?? "unknown"}`
+    );
+    for (const callback of this.resumeCallbacks) {
+      try {
+        callback(oldState, options.notes);
+      } catch (e) {
+        console.error("Resume callback failed:", e);
+      }
+    }
+    return this.getFreezeState();
+  }
+  /**
+   * Auto-unfreeze when time expires.
+   */
+  autoUnfreeze() {
+    console.info(`Agent ${this.agentId} auto-unfreezing (time expired)`);
+    this.freezeState = {
+      isFrozen: false,
+      scope: "all_actions" /* ALL_ACTIONS */,
+      affectedResources: [],
+      affectedActionTypes: [],
+      metadata: {}
+    };
+  }
+  /**
+   * Check if a specific action is blocked.
+   */
+  isActionBlocked(actionType, resource) {
+    if (!this.isFrozen) {
+      return { blocked: false };
+    }
+    const state = this.freezeState;
+    if (state.scope === "all_actions" /* ALL_ACTIONS */) {
+      return { blocked: true, message: state.message || `Agent frozen: ${state.reason}` };
+    }
+    if (state.scope === "write_actions" /* WRITE_ACTIONS */) {
+      const writeActions = ["create", "update", "delete", "write", "modify", "insert"];
+      if (writeActions.some((w) => actionType.toLowerCase().includes(w))) {
+        return { blocked: true, message: state.message || "Write actions frozen" };
+      }
+    }
+    if (state.scope === "specific_resource" /* SPECIFIC_RESOURCE */) {
+      if (resource && state.affectedResources.includes(resource)) {
+        return { blocked: true, message: state.message || `Resource ${resource} is frozen` };
+      }
+    }
+    if (state.scope === "specific_action_type" /* SPECIFIC_ACTION_TYPE */) {
+      if (state.affectedActionTypes.includes(actionType)) {
+        return { blocked: true, message: state.message || `Action type ${actionType} is frozen` };
+      }
+    }
+    return { blocked: false };
+  }
+  /**
+   * Register a callback for freeze events.
+   */
+  onFreeze(callback) {
+    this.freezeCallbacks.push(callback);
+  }
+  /**
+   * Register a callback for resume events.
+   */
+  onResume(callback) {
+    this.resumeCallbacks.push(callback);
+  }
+  /**
+   * Get or create a circuit breaker.
+   */
+  getCircuitBreaker(name, config) {
+    if (!this.circuitBreakers.has(name)) {
+      this.circuitBreakers.set(name, new CircuitBreaker(name, config));
+    }
+    return this.circuitBreakers.get(name);
+  }
+  /**
+   * Check if rate limit is exceeded.
+   */
+  checkRateLimit(key, maxRequests, windowSeconds) {
+    const now = Date.now();
+    const cutoff = now - windowSeconds * 1e3;
+    if (!this.rateLimits.has(key)) {
+      this.rateLimits.set(key, []);
+    }
+    const timestamps = this.rateLimits.get(key).filter((t) => t > cutoff);
+    this.rateLimits.set(key, timestamps);
+    if (timestamps.length >= maxRequests) {
+      return { allowed: false, remaining: 0 };
+    }
+    timestamps.push(now);
+    return { allowed: true, remaining: maxRequests - timestamps.length };
+  }
+  /**
+   * Get agent ID.
+   */
+  getAgentId() {
+    return this.agentId;
+  }
+};
+function assertNotFrozen(controller, actionType, resource) {
+  const { blocked, message } = controller.isActionBlocked(actionType, resource);
+  if (blocked) {
+    throw new AgentFrozenError(message || "Agent is frozen", controller.getFreezeState());
+  }
+}
+function frozenGuard(controller, actionType, resource) {
+  return function(fn) {
+    return async function(...args) {
+      assertNotFrozen(controller, actionType, resource);
+      return fn.apply(this, args);
+    };
+  };
+}
+
+// src/types.ts
+var ApprovalStatus = /* @__PURE__ */ ((ApprovalStatus2) => {
+  ApprovalStatus2["PENDING"] = "pending";
+  ApprovalStatus2["APPROVED"] = "approved";
+  ApprovalStatus2["DENIED"] = "denied";
+  ApprovalStatus2["EXPIRED"] = "expired";
+  return ApprovalStatus2;
+})(ApprovalStatus || {});
+
+// src/identity.ts
+var import_crypto = __toESM(require("crypto"));
+var AgentIdentity = class _AgentIdentity {
+  static NONCE_LENGTH = 16;
+  static MAX_TIMESTAMP_DRIFT_SECONDS = 300;
+  // 5 minutes
+  agentId;
+  apiKey;
+  secretKey;
+  environment;
+  requestCounter = 0;
+  usedNonces = /* @__PURE__ */ new Set();
+  nonceExpiry = /* @__PURE__ */ new Map();
+  constructor(agentId, apiKey, secretKey, environment = "production") {
+    this.agentId = agentId;
+    this.apiKey = apiKey;
+    this.secretKey = secretKey || this.generateSecretKey();
+    this.environment = environment;
+  }
+  /**
+   * Generate a cryptographically secure secret key.
+   */
+  generateSecretKey() {
+    return import_crypto.default.randomBytes(32).toString("base64url");
+  }
+  /**
+   * Generate a unique nonce for request signing.
+   */
+  generateNonce() {
+    return import_crypto.default.randomBytes(_AgentIdentity.NONCE_LENGTH).toString("base64url");
+  }
+  /**
+   * Get current timestamp in ISO format.
+   */
+  getTimestamp() {
+    return (/* @__PURE__ */ new Date()).toISOString();
+  }
+  /**
+   * Create SHA-256 hash of payload.
+   */
+  hashPayload(payload) {
+    let payloadStr;
+    if (payload === null || payload === void 0) {
+      payloadStr = "";
+    } else if (typeof payload === "string") {
+      payloadStr = payload;
+    } else {
+      payloadStr = JSON.stringify(payload);
+    }
+    return import_crypto.default.createHash("sha256").update(payloadStr).digest("hex");
+  }
+  /**
+   * Sign an API request.
+   */
+  signRequest(method, path, payload, additionalHeaders) {
+    const timestamp = this.getTimestamp();
+    const nonce = this.generateNonce();
+    const payloadHash = this.hashPayload(payload);
+    this.requestCounter++;
+    const requestId = `${this.agentId}-${Date.now()}-${String(this.requestCounter).padStart(6, "0")}`;
+    const canonicalString = [
+      method.toUpperCase(),
+      path,
+      timestamp,
+      nonce,
+      payloadHash,
+      this.agentId
+    ].join("\n");
+    const signature = import_crypto.default.createHmac("sha256", this.secretKey).update(canonicalString).digest("hex");
+    const signedHeaders = {
+      "X-Vaikora-Agent-ID": this.agentId,
+      "X-Vaikora-Request-ID": requestId,
+      "X-Vaikora-Timestamp": timestamp,
+      "X-Vaikora-Nonce": nonce,
+      "X-Vaikora-Signature": signature,
+      "X-Vaikora-Payload-Hash": payloadHash,
+      ...additionalHeaders
+    };
+    const signatureDetails = {
+      requestId,
+      agentId: this.agentId,
+      timestamp,
+      signature,
+      payloadHash,
+      nonce
+    };
+    this.usedNonces.add(nonce);
+    this.nonceExpiry.set(nonce, Date.now() + _AgentIdentity.MAX_TIMESTAMP_DRIFT_SECONDS * 1e3);
+    this.cleanupNonces();
+    return { headers: signedHeaders, signature: signatureDetails };
+  }
+  /**
+   * Verify a signed request.
+   */
+  verifySignature(method, path, timestamp, nonce, payloadHash, providedSignature, agentId) {
+    if (agentId !== this.agentId) {
+      return { isValid: false, errorMessage: "Agent ID mismatch" };
+    }
+    try {
+      const requestTime = new Date(timestamp);
+      const now = /* @__PURE__ */ new Date();
+      const driftSeconds = Math.abs((now.getTime() - requestTime.getTime()) / 1e3);
+      if (driftSeconds > _AgentIdentity.MAX_TIMESTAMP_DRIFT_SECONDS) {
+        return { isValid: false, errorMessage: `Timestamp too old: ${driftSeconds}s drift` };
+      }
+    } catch (e) {
+      return { isValid: false, errorMessage: `Invalid timestamp format: ${e}` };
+    }
+    if (this.usedNonces.has(nonce)) {
+      return { isValid: false, errorMessage: "Nonce already used (possible replay attack)" };
+    }
+    const canonicalString = [
+      method.toUpperCase(),
+      path,
+      timestamp,
+      nonce,
+      payloadHash,
+      agentId
+    ].join("\n");
+    const expectedSignature = import_crypto.default.createHmac("sha256", this.secretKey).update(canonicalString).digest("hex");
+    if (!import_crypto.default.timingSafeEqual(Buffer.from(expectedSignature), Buffer.from(providedSignature))) {
+      return { isValid: false, errorMessage: "Signature mismatch" };
+    }
+    this.usedNonces.add(nonce);
+    this.nonceExpiry.set(nonce, Date.now() + _AgentIdentity.MAX_TIMESTAMP_DRIFT_SECONDS * 1e3);
+    return { isValid: true };
+  }
+  /**
+   * Clean up expired nonces.
+   */
+  cleanupNonces() {
+    const now = Date.now();
+    for (const [nonce, expiry] of this.nonceExpiry.entries()) {
+      if (expiry < now) {
+        this.usedNonces.delete(nonce);
+        this.nonceExpiry.delete(nonce);
+      }
+    }
+  }
+  /**
+   * Create a signed attestation of claims.
+   */
+  createAttestation(claims) {
+    const attestation = {
+      agentId: this.agentId,
+      claims,
+      issuedAt: this.getTimestamp(),
+      environment: this.environment
+    };
+    const payload = JSON.stringify(attestation);
+    const signature = import_crypto.default.createHmac("sha256", this.secretKey).update(payload).digest("hex");
+    attestation.signature = signature;
+    return Buffer.from(JSON.stringify(attestation)).toString("base64url");
+  }
+  /**
+   * Verify a signed attestation.
+   */
+  verifyAttestation(encodedAttestation) {
+    try {
+      const decoded = JSON.parse(Buffer.from(encodedAttestation, "base64url").toString());
+      const providedSignature = decoded.signature;
+      if (!providedSignature) {
+        return { isValid: false };
+      }
+      delete decoded.signature;
+      const payload = JSON.stringify(decoded);
+      const expectedSignature = import_crypto.default.createHmac("sha256", this.secretKey).update(payload).digest("hex");
+      if (!import_crypto.default.timingSafeEqual(Buffer.from(expectedSignature), Buffer.from(providedSignature))) {
+        return { isValid: false };
+      }
+      return { isValid: true, attestation: decoded };
+    } catch (e) {
+      return { isValid: false };
+    }
+  }
+  /**
+   * Rotate the secret key.
+   */
+  rotateSecret() {
+    this.secretKey = this.generateSecretKey();
+    this.usedNonces.clear();
+    this.nonceExpiry.clear();
+    return this.secretKey;
+  }
+  /**
+   * Get identity information (without secrets).
+   */
+  getIdentityInfo() {
+    return {
+      agentId: this.agentId,
+      apiKey: this.apiKey,
+      environment: this.environment,
+      requestCount: this.requestCounter
+    };
+  }
+  /**
+   * Get the agent ID.
+   */
+  getAgentId() {
+    return this.agentId;
+  }
+};
+
+// src/context.ts
+var import_crypto2 = require("crypto");
+var uuidv4 = () => (0, import_crypto2.randomUUID)();
+var ExecutionMode = /* @__PURE__ */ ((ExecutionMode2) => {
+  ExecutionMode2["ENFORCE"] = "enforce";
+  ExecutionMode2["MONITOR"] = "monitor";
+  ExecutionMode2["SIMULATE"] = "simulate";
+  return ExecutionMode2;
+})(ExecutionMode || {});
+var ContextLevel = /* @__PURE__ */ ((ContextLevel2) => {
+  ContextLevel2["ROOT"] = "root";
+  ContextLevel2["CHILD"] = "child";
+  ContextLevel2["NESTED"] = "nested";
+  return ContextLevel2;
+})(ContextLevel || {});
+var ExecutionContext = class _ExecutionContext {
+  // Identity
+  agentId;
+  sessionId;
+  // Execution settings
+  mode;
+  environment;
+  // Tracing
+  traceId;
+  spanId;
+  parentSpanId;
+  // Context level
+  level;
+  depth;
+  // Metadata
+  userId;
+  tenantId;
+  correlationId;
+  // Timing
+  createdAt;
+  timeoutSeconds;
+  deadline;
+  // Custom context
+  attributes;
+  baggage;
+  // Internal state
+  traces = [];
+  activeTrace;
+  constructor(options) {
+    this.agentId = options.agentId;
+    this.sessionId = options.sessionId || uuidv4();
+    this.mode = options.mode || "enforce" /* ENFORCE */;
+    this.environment = options.environment || "production";
+    this.traceId = options.traceId || uuidv4();
+    this.spanId = options.spanId || uuidv4().substring(0, 16);
+    this.parentSpanId = options.parentSpanId;
+    this.level = options.level || "root" /* ROOT */;
+    this.depth = options.depth || 0;
+    this.userId = options.userId;
+    this.tenantId = options.tenantId;
+    this.correlationId = options.correlationId;
+    this.createdAt = /* @__PURE__ */ new Date();
+    this.timeoutSeconds = options.timeoutSeconds;
+    this.attributes = options.attributes || {};
+    this.baggage = options.baggage || {};
+    if (options.timeoutSeconds) {
+      this.deadline = new Date(Date.now() + options.timeoutSeconds * 1e3);
+    }
+  }
+  /**
+   * Check if this is a dry-run (simulate mode).
+   */
+  isDryRun() {
+    return this.mode === "simulate" /* SIMULATE */;
+  }
+  /**
+   * Check if policy enforcement is active.
+   */
+  shouldEnforce() {
+    return this.mode === "enforce" /* ENFORCE */;
+  }
+  /**
+   * Check if violations should block execution.
+   */
+  shouldBlockViolations() {
+    return this.mode === "enforce" /* ENFORCE */;
+  }
+  /**
+   * Check if context deadline has passed.
+   */
+  isExpired() {
+    if (!this.deadline) return false;
+    return /* @__PURE__ */ new Date() > this.deadline;
+  }
+  /**
+   * Get remaining time before deadline.
+   */
+  remainingTimeSeconds() {
+    if (!this.deadline) return void 0;
+    const remaining = (this.deadline.getTime() - Date.now()) / 1e3;
+    return Math.max(0, remaining);
+  }
+  /**
+   * Start a new trace span.
+   */
+  startSpan(operationName, tags) {
+    const trace = {
+      traceId: this.traceId,
+      spanId: uuidv4().substring(0, 16),
+      parentSpanId: this.activeTrace?.spanId || this.spanId,
+      operationName,
+      startTime: Date.now(),
+      status: "pending",
+      tags: tags || {},
+      logs: []
+    };
+    this.traces.push(trace);
+    this.activeTrace = trace;
+    return trace;
+  }
+  /**
+   * End the current trace span.
+   */
+  endSpan(status = "ok") {
+    if (this.activeTrace) {
+      this.activeTrace.endTime = Date.now();
+      this.activeTrace.durationMs = this.activeTrace.endTime - this.activeTrace.startTime;
+      this.activeTrace.status = status;
+      this.activeTrace = void 0;
+    }
+  }
+  /**
+   * Add a log entry to the current trace.
+   */
+  addLog(message, level = "info") {
+    if (this.activeTrace) {
+      this.activeTrace.logs.push({
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        level,
+        message
+      });
+    }
+  }
+  /**
+   * Create a child context for nested operations.
+   */
+  childContext(_operation) {
+    return new _ExecutionContext({
+      agentId: this.agentId,
+      sessionId: this.sessionId,
+      mode: this.mode,
+      environment: this.environment,
+      traceId: this.traceId,
+      spanId: uuidv4().substring(0, 16),
+      parentSpanId: this.spanId,
+      level: this.level === "root" /* ROOT */ ? "child" /* CHILD */ : "nested" /* NESTED */,
+      depth: this.depth + 1,
+      userId: this.userId,
+      tenantId: this.tenantId,
+      correlationId: this.correlationId,
+      timeoutSeconds: this.remainingTimeSeconds(),
+      attributes: { ...this.attributes },
+      baggage: { ...this.baggage }
+    });
+  }
+  /**
+   * Create a new context with different execution mode.
+   */
+  withMode(mode) {
+    const ctx = this.childContext();
+    ctx.mode = mode;
+    return ctx;
+  }
+  /**
+   * Set a context attribute.
+   */
+  setAttribute(key, value) {
+    this.attributes[key] = value;
+  }
+  /**
+   * Get a context attribute.
+   */
+  getAttribute(key, defaultValue) {
+    return this.attributes[key] || defaultValue;
+  }
+  /**
+   * Set baggage (propagated across service boundaries).
+   */
+  setBaggage(key, value) {
+    this.baggage[key] = value;
+  }
+  /**
+   * Get baggage value.
+   */
+  getBaggage(key, defaultValue = "") {
+    return this.baggage[key] || defaultValue;
+  }
+  /**
+   * Export context to HTTP headers for propagation.
+   */
+  toHeaders() {
+    const headers = {
+      "X-Vaikora-Trace-ID": this.traceId,
+      "X-Vaikora-Span-ID": this.spanId,
+      "X-Vaikora-Agent-ID": this.agentId,
+      "X-Vaikora-Session-ID": this.sessionId,
+      "X-Vaikora-Mode": this.mode
+    };
+    if (this.parentSpanId) {
+      headers["X-Vaikora-Parent-Span-ID"] = this.parentSpanId;
+    }
+    if (this.correlationId) {
+      headers["X-Vaikora-Correlation-ID"] = this.correlationId;
+    }
+    if (this.tenantId) {
+      headers["X-Vaikora-Tenant-ID"] = this.tenantId;
+    }
+    for (const [key, value] of Object.entries(this.baggage)) {
+      headers[`X-Vaikora-Baggage-${key}`] = value;
+    }
+    return headers;
+  }
+  /**
+   * Create context from HTTP headers.
+   */
+  static fromHeaders(headers, agentId) {
+    const modeStr = headers["X-Vaikora-Mode"] || headers["x-vaikora-mode"] || "enforce";
+    let mode;
+    try {
+      mode = modeStr;
+    } catch {
+      mode = "enforce" /* ENFORCE */;
+    }
+    const baggage = {};
+    for (const [key, value] of Object.entries(headers)) {
+      const lowerKey = key.toLowerCase();
+      if (lowerKey.startsWith("x-vaikora-baggage-")) {
+        const baggageKey = key.substring(18);
+        baggage[baggageKey] = value;
+      }
+    }
+    return new _ExecutionContext({
+      agentId,
+      sessionId: headers["X-Vaikora-Session-ID"] || headers["x-vaikora-session-id"],
+      mode,
+      traceId: headers["X-Vaikora-Trace-ID"] || headers["x-vaikora-trace-id"],
+      parentSpanId: headers["X-Vaikora-Span-ID"] || headers["x-vaikora-span-id"],
+      correlationId: headers["X-Vaikora-Correlation-ID"] || headers["x-vaikora-correlation-id"],
+      tenantId: headers["X-Vaikora-Tenant-ID"] || headers["x-vaikora-tenant-id"],
+      level: "child" /* CHILD */,
+      baggage
+    });
+  }
+  /**
+   * Export context to dictionary.
+   */
+  toDict() {
+    return {
+      agentId: this.agentId,
+      sessionId: this.sessionId,
+      mode: this.mode,
+      environment: this.environment,
+      traceId: this.traceId,
+      spanId: this.spanId,
+      parentSpanId: this.parentSpanId,
+      level: this.level,
+      depth: this.depth,
+      userId: this.userId,
+      tenantId: this.tenantId,
+      correlationId: this.correlationId,
+      createdAt: this.createdAt.toISOString(),
+      attributes: this.attributes,
+      baggage: this.baggage,
+      traceCount: this.traces.length
+    };
+  }
+  /**
+   * Get all traces.
+   */
+  getTraces() {
+    return [...this.traces];
+  }
+};
+var currentContext;
+function getCurrentContext() {
+  return currentContext;
+}
+function setCurrentContext(ctx) {
+  currentContext = ctx;
+}
+function clearContext() {
+  currentContext = void 0;
+}
+async function withContextScope(ctx, fn) {
+  const previousContext = currentContext;
+  currentContext = ctx;
+  try {
+    return await fn();
+  } finally {
+    currentContext = previousContext;
+  }
+}
+function withContext(mode = "enforce" /* ENFORCE */, timeoutSeconds) {
+  return function(target, context) {
+    return async function(...args) {
+      const existing = getCurrentContext();
+      let ctx;
+      if (existing) {
+        ctx = existing.childContext();
+      } else {
+        ctx = new ExecutionContext({ agentId: "unknown" });
+      }
+      ctx.mode = mode;
+      if (timeoutSeconds) {
+        ctx.setAttribute("_requestedTimeout", timeoutSeconds);
+      }
+      ctx.startSpan(context?.name || "anonymous");
+      return withContextScope(ctx, async () => {
+        try {
+          const result = await target.apply(this, args);
+          ctx.endSpan("ok");
+          return result;
+        } catch (error) {
+          ctx.endSpan("error");
+          ctx.addLog(String(error), "error");
+          throw error;
+        }
+      });
+    };
+  };
+}
+
+// src/interceptor.ts
+var InterceptorAction = /* @__PURE__ */ ((InterceptorAction2) => {
+  InterceptorAction2["BLOCK"] = "block";
+  InterceptorAction2["WARN"] = "warn";
+  InterceptorAction2["QUEUE"] = "queue";
+  InterceptorAction2["FALLBACK"] = "fallback";
+  return InterceptorAction2;
+})(InterceptorAction || {});
+var PolicyDeniedException = class extends Error {
+  constructor(message, policyId, actionId) {
+    super(message);
+    this.policyId = policyId;
+    this.actionId = actionId;
+    this.name = "PolicyDeniedException";
+  }
+};
+var ValidationException = class extends Error {
+  constructor(message, issues) {
+    super(message);
+    this.issues = issues;
+    this.name = "ValidationException";
+  }
+};
+var ApprovalRequiredException = class extends Error {
+  constructor(message, approvalId, actionId) {
+    super(message);
+    this.approvalId = approvalId;
+    this.actionId = actionId;
+    this.name = "ApprovalRequiredException";
+  }
+};
+var ApprovalDeniedException = class extends Error {
+  constructor(message, approvalId, reason) {
+    super(message);
+    this.approvalId = approvalId;
+    this.reason = reason;
+    this.name = "ApprovalDeniedException";
+  }
+};
+var VaikoraInterceptor = class {
+  client;
+  config;
+  constructor(client, config) {
+    this.client = client;
+    this.config = {
+      actionType: config.actionType,
+      resource: config.resource || "",
+      agentId: config.agentId || client.getDefaultAgentId() || "",
+      validateInputs: config.validateInputs ?? true,
+      validateOutputs: config.validateOutputs ?? false,
+      validationStrict: config.validationStrict ?? false,
+      checkPii: config.checkPii ?? true,
+      checkAnomalies: config.checkAnomalies ?? true,
+      checkToxicity: config.checkToxicity ?? true,
+      autoClean: config.autoClean ?? false,
+      evaluatePolicy: config.evaluatePolicy ?? true,
+      onPolicyDeny: config.onPolicyDeny ?? "block" /* BLOCK */,
+      requireApproval: config.requireApproval ?? false,
+      approvalTimeoutSeconds: config.approvalTimeoutSeconds ?? 3600,
+      approvalNotifyChannels: config.approvalNotifyChannels ?? ["email"],
+      approvalMessage: config.approvalMessage || "",
+      fallbackFunction: config.fallbackFunction,
+      metadata: config.metadata ?? {},
+      tags: config.tags ?? []
+    };
+  }
+  /**
+   * Wrap a function with Vaikora security
+   */
+  wrap(fn) {
+    return async (...args) => {
+      const startTime = Date.now();
+      const result = {
+        success: false,
+        validationIssues: [],
+        approvalRequired: false,
+        executionTimeMs: 0
+      };
+      try {
+        if (this.config.validateInputs) {
+          const validationResult = await this.validateData(args);
+          if (!validationResult.isValid && this.config.validationStrict) {
+            throw new ValidationException(
+              "Input validation failed",
+              validationResult.issues || []
+            );
+          }
+          result.validationIssues.push(...validationResult.issues || []);
+        }
+        if (this.config.evaluatePolicy) {
+          const actionResult = await this.client.actions.submit({
+            agentId: this.config.agentId,
+            actionType: this.config.actionType,
+            resource: this.config.resource,
+            payload: { args },
+            metadata: {
+              ...this.config.metadata,
+              function: fn.name || "anonymous",
+              tags: this.config.tags
+            }
+          });
+          result.actionId = actionResult.actionId;
+          if (!actionResult.approved) {
+            result.policyViolation = actionResult.denialReason || "Policy denied";
+            if (this.config.onPolicyDeny === "block" /* BLOCK */) {
+              throw new PolicyDeniedException(
+                result.policyViolation,
+                actionResult.policyId ?? void 0,
+                actionResult.actionId
+              );
+            }
+            if (this.config.onPolicyDeny === "fallback" /* FALLBACK */ && this.config.fallbackFunction) {
+              result.result = await this.config.fallbackFunction(...args);
+              result.success = true;
+              result.executionTimeMs = Date.now() - startTime;
+              return result;
+            }
+            if (this.config.onPolicyDeny === "warn" /* WARN */) {
+              console.warn(`[Vaikora] Policy warning: ${result.policyViolation}`);
+            }
+          }
+          const extResult = actionResult;
+          if (this.config.requireApproval && extResult.requiresApproval) {
+            result.approvalRequired = true;
+            result.approvalId = extResult.approvalId;
+            const approved = await this.waitForApproval(extResult.approvalId);
+            if (!approved) {
+              throw new ApprovalDeniedException(
+                "Approval denied",
+                extResult.approvalId
+              );
+            }
+          }
+        }
+        result.result = await fn(...args);
+        if (this.config.validateOutputs && result.result !== void 0) {
+          const outputValidation = await this.validateData([result.result]);
+          if (!outputValidation.isValid && this.config.validationStrict) {
+            throw new ValidationException(
+              "Output validation failed",
+              outputValidation.issues || []
+            );
+          }
+          result.validationIssues.push(...outputValidation.issues || []);
+        }
+        if (result.actionId) {
+          await this.client.actions.complete(result.actionId, {
+            status: "executed",
+            executionTimeMs: Date.now() - startTime
+          });
+        }
+        result.success = true;
+      } catch (error) {
+        result.error = error instanceof Error ? error.message : String(error);
+        if (result.actionId) {
+          await this.client.actions.complete(result.actionId, {
+            status: "failed",
+            executionTimeMs: Date.now() - startTime,
+            errorMessage: result.error
+          });
+        }
+        throw error;
+      } finally {
+        result.executionTimeMs = Date.now() - startTime;
+      }
+      return result;
+    };
+  }
+  /**
+   * Validate data using Vaikora API
+   */
+  async validateData(data) {
+    try {
+      const response = await this.client.request(
+        "POST",
+        "/validate",
+        {
+          data: data.length === 1 ? data[0] : data,
+          check_pii: this.config.checkPii,
+          check_anomalies: this.config.checkAnomalies,
+          check_toxicity: this.config.checkToxicity,
+          auto_clean: this.config.autoClean
+        }
+      );
+      const issues = [];
+      if (response.piiDetected) {
+        issues.push(`PII detected: ${response.piiDetections?.length || 0} items`);
+      }
+      if (response.anomalyDetected) {
+        issues.push(`Anomalies detected: ${response.anomalyDetections?.length || 0} items`);
+      }
+      if (response.toxicityDetected) {
+        issues.push(`Toxicity detected: ${response.toxicityDetections?.length || 0} items`);
+      }
+      return {
+        isValid: issues.length === 0,
+        issues
+      };
+    } catch (error) {
+      console.warn("[Vaikora] Validation failed:", error);
+      return { isValid: true, issues: [] };
+    }
+  }
+  /**
+   * Wait for approval to be granted or denied
+   */
+  async waitForApproval(approvalId) {
+    const timeout = this.config.approvalTimeoutSeconds * 1e3;
+    const pollInterval = 5e3;
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeout) {
+      try {
+        const response = await this.client.request(
+          "GET",
+          `/approvals/${approvalId}/status`
+        );
+        if (response.status === "approved" /* APPROVED */) {
+          return true;
+        }
+        if (response.status === "denied" /* DENIED */) {
+          return false;
+        }
+        await new Promise((resolve) => setTimeout(resolve, pollInterval));
+      } catch (error) {
+        console.warn("[Vaikora] Error checking approval status:", error);
+        await new Promise((resolve) => setTimeout(resolve, pollInterval));
+      }
+    }
+    throw new ApprovalRequiredException(
+      "Approval request timed out",
+      approvalId
+    );
+  }
+};
+function createInterceptor(client, config) {
+  const interceptor2 = new VaikoraInterceptor(client, config);
+  return (fn) => interceptor2.wrap(fn);
+}
+function interceptor(client, config) {
+  return function(_target, _propertyKey, descriptor) {
+    const originalMethod = descriptor.value;
+    const interceptorInstance = new VaikoraInterceptor(client, config);
+    descriptor.value = async function(...args) {
+      const result = await interceptorInstance.wrap(originalMethod.bind(this))(...args);
+      return result.result;
+    };
+    return descriptor;
+  };
+}
+
+// src/index.ts
+var DEFAULT_BASE_URL = "https://api.vaikora.com";
+var DEFAULT_TIMEOUT = 3e4;
+var DEFAULT_RETRY_COUNT = 3;
+var AgentsAPI = class {
+  constructor(client) {
+    this.client = client;
+  }
+  async register(data) {
+    const response = await this.client.request("POST", "/agents", transformKeysToSnake(data));
+    return response;
+  }
+  async get(agentId) {
+    return this.client.request("GET", `/agents/${agentId}`);
+  }
+  async list(params = {}) {
+    const queryParams = removeUndefined({
+      page: params.page,
+      page_size: params.pageSize,
+      status: params.status,
+      agent_type: params.agentType
+    });
+    return this.client.request("GET", "/agents", void 0, queryParams);
+  }
+  async update(agentId, data) {
+    const updateData = removeUndefined(transformKeysToSnake(data));
+    return this.client.request("PATCH", `/agents/${agentId}`, updateData);
+  }
+  async deactivate(agentId) {
+    return this.update(agentId, { status: "inactive" });
+  }
+  async delete(agentId) {
+    await this.client.request("DELETE", `/agents/${agentId}`);
+  }
+};
+var ActionsAPI = class {
+  constructor(client) {
+    this.client = client;
+  }
+  async submit(data) {
+    const requestData = removeUndefined({
+      agent_id: data.agentId,
+      action_type: data.actionType,
+      resource: data.resource,
+      payload: data.payload || {},
+      metadata: data.metadata || {}
+    });
+    return this.client.request("POST", "/actions/evaluate", requestData);
+  }
+  async submitSandbox(data) {
+    const requestData = removeUndefined({
+      agent_id: data.agentId,
+      action_type: data.actionType,
+      resource: data.resource,
+      payload: data.payload || {},
+      metadata: data.metadata || {}
+    });
+    return this.client.request("POST", "/actions/sandbox", requestData);
+  }
+  async get(actionId) {
+    return this.client.request("GET", `/actions/${actionId}`);
+  }
+  async list(params = {}) {
+    const queryParams = removeUndefined({
+      page: params.page,
+      page_size: params.pageSize,
+      agent_id: params.agentId,
+      action_type: params.actionType,
+      status: params.status,
+      is_anomaly: params.isAnomaly,
+      start_date: formatDate(params.startDate),
+      end_date: formatDate(params.endDate)
+    });
+    return this.client.request("GET", "/actions", void 0, queryParams);
+  }
+  async complete(actionId, data) {
+    const requestData = removeUndefined({
+      status: data.status,
+      execution_time_ms: data.executionTimeMs,
+      error_message: data.errorMessage,
+      result_metadata: data.resultMetadata || {}
+    });
+    return this.client.request("POST", `/actions/${actionId}/complete`, requestData);
+  }
+};
+var PoliciesAPI = class {
+  constructor(client) {
+    this.client = client;
+  }
+  async list(params = {}) {
+    const queryParams = removeUndefined({
+      page: params.page,
+      page_size: params.pageSize,
+      enabled: params.enabled,
+      policy_type: params.policyType
+    });
+    return this.client.request("GET", "/policies", void 0, queryParams);
+  }
+  async get(policyId) {
+    return this.client.request("GET", `/policies/${policyId}`);
+  }
+};
+var AlertsAPI = class {
+  constructor(client) {
+    this.client = client;
+  }
+  async list(params = {}) {
+    const queryParams = removeUndefined({
+      page: params.page,
+      page_size: params.pageSize,
+      status: params.status,
+      severity: params.severity,
+      agent_id: params.agentId
+    });
+    return this.client.request("GET", "/alerts", void 0, queryParams);
+  }
+  async get(alertId) {
+    return this.client.request("GET", `/alerts/${alertId}`);
+  }
+  async acknowledge(alertId) {
+    return this.client.request("POST", `/alerts/${alertId}/acknowledge`);
+  }
+  async resolve(alertId, options) {
+    const data = options?.notes ? { resolution_notes: options.notes } : {};
+    return this.client.request("POST", `/alerts/${alertId}/resolve`, data);
+  }
+  async ignore(alertId) {
+    return this.client.request("POST", `/alerts/${alertId}/ignore`);
+  }
+};
+var VaikoraClient = class {
+  httpClient;
+  defaultAgentId;
+  agents;
+  actions;
+  policies;
+  alerts;
+  constructor(config) {
+    const baseURL = (config.baseUrl || DEFAULT_BASE_URL).replace(/\/$/, "") + "/api/v1";
+    const timeout = config.timeout || DEFAULT_TIMEOUT;
+    const retryCount = config.retryCount || DEFAULT_RETRY_COUNT;
+    this.defaultAgentId = config.agentId;
+    this.httpClient = import_axios.default.create({
+      baseURL,
+      timeout,
+      headers: {
+        "Authorization": `Bearer ${config.apiKey}`,
+        "X-API-Key": config.apiKey,
+        "Content-Type": "application/json",
+        "User-Agent": "@vaikora/sdk/0.1.0"
+      }
+    });
+    (0, import_axios_retry.default)(this.httpClient, {
+      retries: retryCount,
+      retryDelay: import_axios_retry.default.exponentialDelay,
+      retryCondition: (error) => {
+        return import_axios_retry.default.isNetworkOrIdempotentRequestError(error) || error.response?.status === 429 || error.response?.status !== void 0 && error.response.status >= 500;
+      }
+    });
+    this.agents = new AgentsAPI(this);
+    this.actions = new ActionsAPI(this);
+    this.policies = new PoliciesAPI(this);
+    this.alerts = new AlertsAPI(this);
+  }
+  /**
+   * Make an HTTP request
+   */
+  async request(method, path, data, params) {
+    try {
+      const response = await this.httpClient.request({
+        method,
+        url: path,
+        data,
+        params
+      });
+      if (response.status === 204) {
+        return {};
+      }
+      return transformKeysToCamel(response.data);
+    } catch (error) {
+      if (error instanceof import_axios.AxiosError) {
+        if (error.code === "ECONNABORTED") {
+          throw new TimeoutError(`Request timed out: ${error.message}`);
+        }
+        if (!error.response) {
+          throw new NetworkError(`Network error: ${error.message}`);
+        }
+        const responseData = error.response.data || {};
+        raiseForStatus(error.response.status, responseData);
+      }
+      throw error;
+    }
+  }
+  /**
+   * Get the default agent ID
+   */
+  getDefaultAgentId() {
+    return this.defaultAgentId;
+  }
+};
+function secureAction(client, options) {
+  return (fn) => {
+    return async (...args) => {
+      const agentId = options.agentId || client.getDefaultAgentId();
+      if (!agentId) {
+        throw new Error("agentId must be provided either to secureAction or client");
+      }
+      const startTime = Date.now();
+      const result = await client.actions.submit({
+        agentId,
+        actionType: options.actionType,
+        resource: options.resource,
+        payload: { args },
+        metadata: { function: fn.name || "anonymous" }
+      });
+      if (!result.approved) {
+        throw new PolicyViolationError(
+          result.denialReason || "Action denied by policy",
+          result.policyId || void 0,
+          void 0
+        );
+      }
+      try {
+        const output = await fn(...args);
+        const executionTimeMs = Date.now() - startTime;
+        await client.actions.complete(result.actionId, {
+          status: "executed",
+          executionTimeMs
+        });
+        return output;
+      } catch (err) {
+        const executionTimeMs = Date.now() - startTime;
+        await client.actions.complete(result.actionId, {
+          status: "failed",
+          executionTimeMs,
+          errorMessage: err instanceof Error ? err.message : String(err)
+        });
+        throw err;
+      }
+    };
+  };
+}
+var globalClient = null;
+var globalAgentId = null;
+function configure(apiKey, options = {}) {
+  globalClient = new VaikoraClient({
+    apiKey,
+    baseUrl: options.baseUrl,
+    timeout: options.timeout,
+    retryCount: options.retryCount
+  });
+  return globalClient;
+}
+function getClient() {
+  if (!globalClient) {
+    throw new Error(
+      "Vaikora client not configured. Call configure(apiKey) first."
+    );
+  }
+  return globalClient;
+}
+async function register(options) {
+  const client = getClient();
+  const agent = await client.agents.register({
+    name: options.name,
+    agentType: options.agentType || "autonomous",
+    capabilities: options.capabilities || [],
+    metadata: options.metadata || {}
+  });
+  globalAgentId = agent.id;
+  return agent;
+}
+function getAgentId() {
+  return globalAgentId;
+}
+function setAgentId(agentId) {
+  globalAgentId = agentId;
+}
+async function validateData(data, options = {}) {
+  const client = getClient();
+  return client.request("POST", "/validate", {
+    data,
+    check_pii: options.checkPii ?? true,
+    check_anomalies: options.checkAnomalies ?? true,
+    check_toxicity: options.checkToxicity ?? true,
+    auto_clean: options.autoClean ?? false
+  });
+}
+async function submitAction(options) {
+  const client = getClient();
+  const agentId = options.agentId || globalAgentId;
+  if (!agentId) {
+    throw new Error(
+      "No agent ID available. Call register() first or provide agentId in options."
+    );
+  }
+  return client.actions.submit({
+    agentId,
+    actionType: options.actionType,
+    resource: options.resource,
+    payload: options.payload || {},
+    metadata: options.metadata || {}
+  });
+}
+function wrapAction(options, fn) {
+  const client = getClient();
+  const effectiveOptions = {
+    ...options,
+    agentId: options.agentId || globalAgentId || void 0
+  };
+  return secureAction(client, effectiveOptions)(fn);
+}
+var globalEmergencyController = null;
+function getEmergencyController() {
+  if (!globalEmergencyController) {
+    if (!globalAgentId) {
+      throw new Error("Agent not registered. Call register() first.");
+    }
+    globalEmergencyController = new EmergencyController(globalAgentId);
+  }
+  return globalEmergencyController;
+}
+function freezeAgent(options) {
+  const controller = getEmergencyController();
+  return controller.freeze(options);
+}
+function resumeAgent(options = {}) {
+  const controller = getEmergencyController();
+  return controller.resume(options);
+}
+function isAgentFrozen() {
+  try {
+    const controller = getEmergencyController();
+    return controller.isFrozen;
+  } catch {
+    return false;
+  }
+}
+function getFreezeState() {
+  try {
+    const controller = getEmergencyController();
+    return controller.getFreezeState();
+  } catch {
+    return null;
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AgentFrozenError,
+  AgentIdentity,
+  ApprovalDeniedException,
+  ApprovalRequiredException,
+  ApprovalStatus,
+  AuthenticationError,
+  AuthorizationError,
+  CircuitBreaker,
+  CircuitBreakerOpenError,
+  CircuitState,
+  ConflictError,
+  ContextLevel,
+  EmergencyController,
+  ExecutionContext,
+  ExecutionMode,
+  FreezeReason,
+  FreezeScope,
+  InterceptorAction,
+  NetworkError,
+  NotFoundError,
+  PolicyDeniedException,
+  PolicyViolationError,
+  RateLimitError,
+  ServerError,
+  TimeoutError,
+  VaikoraClient,
+  VaikoraError,
+  VaikoraInterceptor,
+  ValidationError,
+  ValidationException,
+  assertNotFrozen,
+  clearContext,
+  configure,
+  createInterceptor,
+  freezeAgent,
+  frozenGuard,
+  getAgentId,
+  getClient,
+  getCurrentContext,
+  getFreezeState,
+  interceptor,
+  isAgentFrozen,
+  raiseForStatus,
+  register,
+  resumeAgent,
+  secureAction,
+  setAgentId,
+  setCurrentContext,
+  submitAction,
+  validateData,
+  withContext,
+  withContextScope,
+  wrapAction
+});