@valence-ai/sdk 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +15 -15
  2. package/package.json +3 -3
package/README.md CHANGED
@@ -2,16 +2,16 @@
2
2
 
3
3
  The Valence SDK is the integration layer for connecting an application to Valence AI.
4
4
 
5
- It is designed for teams that want one integration path across development and production. You use the SDK to run or report security scans, upload findings into Valence AI, send live runtime signals, and optionally add runtime review hooks around sensitive actions. The goal is to give your application a direct path into the Valence AI control plane without requiring persistent repo handover.
5
+ It is designed for teams that need a single integration path across development, CI, and live environments. The SDK provides the primitives required to run or report security scans, ingest security issues into Valence AI, stream live runtime telemetry, and optionally enforce review gates around sensitive actions. The objective is to connect an application directly to the Valence AI control plane without requiring persistent repository handover.
6
6
 
7
7
  It supports the full Valence AI flow:
8
8
 
9
9
  - run local or CI security scans
10
- - upload findings into Valence AI
10
+ - ingest security issues into Valence AI
11
11
  - send live runtime signals from local, staging, or production
12
12
  - add runtime review hooks for sensitive actions when needed
13
13
 
14
- Valence AI is findings-first. Start with scans and runtime reporting, then add runtime review controls only for the workflows that need them.
14
+ Valence AI is security-issue first. Start with scan ingestion and runtime reporting, then enable runtime review controls only for workflows that require pre-execution validation.
15
15
 
16
16
  ## Package
17
17
 
@@ -53,7 +53,7 @@ const client = createValenceClient({
53
53
 
54
54
  ## Run a local scan
55
55
 
56
- Use `runLocalSecurityScan` to scan the current project and upload findings to Valence AI through the shared findings pipeline.
56
+ Use `runLocalSecurityScan` to scan the current project and ingest security issues into Valence AI through the shared issue pipeline.
57
57
 
58
58
  ```ts
59
59
  import { createValenceClient, runLocalSecurityScan } from '@valence-ai/sdk';
@@ -79,7 +79,7 @@ const result = await runLocalSecurityScan(
79
79
  }
80
80
  );
81
81
 
82
- console.log(`Uploaded ${result.findings.length} findings`);
82
+ console.log(`Uploaded ${result.findings.length} security issues`);
83
83
  ```
84
84
 
85
85
  Current local scan coverage includes:
@@ -88,9 +88,9 @@ Current local scan coverage includes:
88
88
  - public environment variable exposure checks
89
89
  - dependency issues from `npm audit`
90
90
 
91
- ## Report findings directly
91
+ ## Report security issues directly
92
92
 
93
- If your CI job or custom scanner already produced findings, upload them directly with `reportFindings`.
93
+ If your CI job or custom scanner already produced issue records, upload them directly with `reportFindings`.
94
94
 
95
95
  ```ts
96
96
  await client.reportFindings({
@@ -118,13 +118,13 @@ await client.reportFindings({
118
118
  });
119
119
  ```
120
120
 
121
- ## Report runtime findings
121
+ ## Report runtime security issues
122
122
 
123
- Use runtime finding helpers when you want live application behavior to show up in Valence AI alongside scan results.
123
+ Use the runtime issue helpers when you want live application behavior to appear in Valence AI alongside scan results.
124
124
 
125
125
  ### Hook runtime decisions automatically
126
126
 
127
- Use `createRuntimeFindingHooks` to turn runtime decisions into findings uploaded through the shared `/api/findings` pipeline.
127
+ Use `createRuntimeFindingHooks` to convert runtime decisions into security issues ingested through the shared `/api/findings` pipeline.
128
128
 
129
129
  ```ts
130
130
  import {
@@ -156,7 +156,7 @@ const guard = createToolExecutionGuard(
156
156
  );
157
157
  ```
158
158
 
159
- By default, runtime findings are created for:
159
+ By default, runtime security issues are created for:
160
160
 
161
161
  - blocked actions
162
162
  - review-required actions
@@ -281,13 +281,13 @@ type DecisionResponse = {
281
281
 
282
282
  ## Runtime behavior
283
283
 
284
- - local scan findings go to `/api/findings`
285
- - CI findings go to `/api/findings`
286
- - runtime findings go to `/api/findings`
284
+ - local scan issues go to `/api/findings`
285
+ - CI issues go to `/api/findings`
286
+ - runtime issues go to `/api/findings`
287
287
  - sensitive runtime reviews go to `/api/decide`
288
288
  - `dryRun: true` uses `/api/simulate`
289
289
 
290
- The main product path is findings ingestion. The decision endpoints only matter when you enable runtime review hooks for sensitive actions.
290
+ The primary product path is security-issue ingestion. The decision endpoints only matter when you enable runtime review hooks for sensitive actions.
291
291
 
292
292
  ## Error handling
293
293
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@valence-ai/sdk",
3
- "version": "0.2.0",
4
- "description": "SDK for connecting applications to Valence AI for findings, runtime signals, and optional runtime review flows.",
3
+ "version": "0.2.1",
4
+ "description": "SDK for connecting applications to Valence AI for security issues, runtime signals, and optional runtime review flows.",
5
5
  "repository": {
6
6
  "type": "git",
7
7
  "url": "git+https://github.com/praveensahu-dev/Valence-AI.git",
@@ -44,7 +44,7 @@
44
44
  "sdk",
45
45
  "security",
46
46
  "appsec",
47
- "findings",
47
+ "issues",
48
48
  "runtime",
49
49
  "scanner",
50
50
  "guardrails"