@vantinelai/node-sdk 0.4.5

package/dist/integrations/index.js

@@ -0,0 +1,11 @@
+"use strict";
+/**
+ * Vantinel integrations for major AI frameworks.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.wrapAnthropic = exports.VantinelTracingProcessor = exports.patchOpenAIAgents = void 0;
+var openai_agents_1 = require("./openai-agents");
+Object.defineProperty(exports, "patchOpenAIAgents", { enumerable: true, get: function () { return openai_agents_1.patchOpenAIAgents; } });
+Object.defineProperty(exports, "VantinelTracingProcessor", { enumerable: true, get: function () { return openai_agents_1.VantinelTracingProcessor; } });
+var anthropic_1 = require("./anthropic");
+Object.defineProperty(exports, "wrapAnthropic", { enumerable: true, get: function () { return anthropic_1.wrapAnthropic; } });

package/dist/integrations/openai-agents.d.ts

@@ -0,0 +1,70 @@
+/**
+ * OpenAI Agents SDK integration for Vantinel.
+ *
+ * Usage:
+ *   import { VantinelClient } from '@vantinelai/node-sdk';
+ *   import { patchOpenAIAgents } from '@vantinelai/node-sdk/integrations/openai-agents';
+ *
+ *   const client = new VantinelClient({ apiKey: '...', clientId: '...' });
+ *   patchOpenAIAgents(client);
+ *   // Now all @openai/agents traces are automatically monitored
+ */
+import type { VantinelClient } from '../client';
+interface SpanData {
+    name?: string;
+    model?: string;
+    to_agent?: string;
+    from_agent?: string;
+    triggered_by?: string;
+    usage?: {
+        input_tokens?: number;
+        output_tokens?: number;
+    };
+}
+interface Span {
+    span_id?: string;
+    span_data?: SpanData;
+    started_at?: number;
+    ended_at?: number;
+}
+interface Trace {
+    trace_id?: string;
+    name?: string;
+}
+interface TracingProcessor {
+    onTraceStart(trace: Trace): void | Promise<void>;
+    onTraceEnd(trace: Trace): void | Promise<void>;
+    onSpanStart(span: Span): void | Promise<void>;
+    onSpanEnd(span: Span): void | Promise<void>;
+}
+/**
+ * A TracingProcessor that forwards OpenAI Agents SDK spans to Vantinel.
+ */
+export declare class VantinelTracingProcessor implements TracingProcessor {
+    private client;
+    private spanStarts;
+    private sessionId;
+    constructor(client: VantinelClient, options?: {
+        sessionId?: string;
+        agentId?: string;
+    });
+    onTraceStart(_trace: Trace): void;
+    onTraceEnd(_trace: Trace): void;
+    onSpanStart(span: Span): void;
+    onSpanEnd(span: Span): void;
+    private extractToolName;
+    private extractCost;
+}
+/**
+ * Register Vantinel as a tracing processor for the OpenAI Agents SDK.
+ *
+ * @param client - VantinelClient instance
+ * @param options - Optional session/agent configuration
+ * @returns The registered VantinelTracingProcessor
+ * @throws If @openai/agents is not installed
+ */
+export declare function patchOpenAIAgents(client: VantinelClient, options?: {
+    sessionId?: string;
+    agentId?: string;
+}): VantinelTracingProcessor;
+export {};

package/dist/integrations/openai-agents.js

@@ -0,0 +1,108 @@
+"use strict";
+/**
+ * OpenAI Agents SDK integration for Vantinel.
+ *
+ * Usage:
+ *   import { VantinelClient } from '@vantinelai/node-sdk';
+ *   import { patchOpenAIAgents } from '@vantinelai/node-sdk/integrations/openai-agents';
+ *
+ *   const client = new VantinelClient({ apiKey: '...', clientId: '...' });
+ *   patchOpenAIAgents(client);
+ *   // Now all @openai/agents traces are automatically monitored
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VantinelTracingProcessor = void 0;
+exports.patchOpenAIAgents = patchOpenAIAgents;
+const client_1 = require("../client");
+/**
+ * A TracingProcessor that forwards OpenAI Agents SDK spans to Vantinel.
+ */
+class VantinelTracingProcessor {
+    constructor(client, options) {
+        this.client = client;
+        this.spanStarts = new Map();
+        this.sessionId = options?.sessionId ?? `agents_${Date.now()}`;
+    }
+    onTraceStart(_trace) { }
+    onTraceEnd(_trace) { }
+    onSpanStart(span) {
+        const id = span.span_id ?? String(Math.random());
+        this.spanStarts.set(id, Date.now());
+    }
+    onSpanEnd(span) {
+        const id = span.span_id ?? '';
+        const startMs = this.spanStarts.get(id);
+        this.spanStarts.delete(id);
+        const latencyMs = startMs != null ? Date.now() - startMs : undefined;
+        const spanData = span.span_data;
+        const spanType = spanData?.constructor?.name ?? 'UnknownSpan';
+        const toolName = this.extractToolName(spanData, spanType);
+        if (!toolName)
+            return;
+        const metadata = {
+            framework: 'openai-agents',
+            span_type: spanType,
+            ...(spanData?.name ? { agent_name: spanData.name } : {}),
+            ...(spanData?.model ? { model: spanData.model } : {}),
+            ...(spanData?.to_agent ? { to_agent: spanData.to_agent } : {}),
+            ...(latencyMs != null ? { latency_ms: latencyMs } : {}),
+        };
+        const estimatedCost = this.extractCost(spanData);
+        // Fire-and-forget
+        void this.client.sendEvent({
+            event_type: 'tool_call',
+            tool_name: toolName,
+            tool_args_hash: id || '',
+            session_id: this.sessionId,
+            timestamp: Date.now(),
+            estimated_cost: estimatedCost,
+            latency_ms: latencyMs,
+            metadata,
+        }).catch(() => { });
+    }
+    extractToolName(spanData, spanType) {
+        if (!spanData)
+            return null;
+        if (spanType === 'AgentSpanData')
+            return `agent_run_${spanData.name ?? 'agent'}`;
+        if (spanType === 'FunctionSpanData')
+            return `tool_call_${spanData.name ?? 'function'}`;
+        if (spanType === 'GenerationSpanData')
+            return `llm_generation_${spanData.model ?? 'unknown'}`;
+        if (spanType === 'HandoffSpanData')
+            return `handoff_to_${spanData.to_agent ?? 'unknown'}`;
+        if (spanType === 'GuardrailSpanData')
+            return `guardrail_${spanData.name ?? 'guardrail'}`;
+        return null;
+    }
+    extractCost(spanData) {
+        if (!spanData?.usage)
+            return undefined;
+        const inputTokens = spanData.usage.input_tokens ?? 0;
+        const outputTokens = spanData.usage.output_tokens ?? 0;
+        const model = spanData.model ?? 'gpt-4o';
+        return (0, client_1.estimateCostFromTokens)(model, inputTokens, outputTokens);
+    }
+}
+exports.VantinelTracingProcessor = VantinelTracingProcessor;
+/**
+ * Register Vantinel as a tracing processor for the OpenAI Agents SDK.
+ *
+ * @param client - VantinelClient instance
+ * @param options - Optional session/agent configuration
+ * @returns The registered VantinelTracingProcessor
+ * @throws If @openai/agents is not installed
+ */
+function patchOpenAIAgents(client, options) {
+    let addTracingProcessor;
+    try {
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        ({ addTracingProcessor } = require('@openai/agents'));
+    }
+    catch {
+        throw new Error('patchOpenAIAgents requires the @openai/agents package. Install with: npm install @openai/agents');
+    }
+    const processor = new VantinelTracingProcessor(client, options);
+    addTracingProcessor(processor);
+    return processor;
+}

package/dist/monitor.d.ts

@@ -0,0 +1,41 @@
+import { VantinelConfig } from './client';
+export declare class VantinelMonitor {
+    private client;
+    private sessionId;
+    private config;
+    private globalMetadata;
+    private static instance;
+    constructor(config?: VantinelConfig);
+    static getSingleton(config?: VantinelConfig): VantinelMonitor;
+    setGlobalMetadata(metadata: Record<string, unknown>): void;
+    private mergeMetadata;
+    private hashArgs;
+    private applyDecision;
+    monitor<A extends unknown[], R>(toolName: string, fn: (...args: A) => R | Promise<R>, options?: {
+        traceId?: string;
+        skip?: boolean;
+        costCalculator?: (result: Awaited<R>) => {
+            estimated_cost: number;
+            metadata?: Record<string, unknown>;
+        };
+    }): (...args: A) => Promise<Awaited<R>>;
+    captureError(toolName: string, error: Error, metadata?: Record<string, unknown>): Promise<void>;
+    ping(): Promise<{
+        ok: boolean;
+        latencyMs: number;
+    }>;
+    flush(): Promise<void>;
+    destroy(): Promise<void>;
+    startTrace(): string;
+    wrapOpenAI(openaiClient: any): any;
+    /**
+     * Wrap any LangChain chain (RunnableSequence, LLMChain, etc.) for zero-config monitoring.
+     *
+     * ```ts
+     * const chain = prompt.pipe(llm).pipe(parser);
+     * const monitored = monitor.wrapLangChain(chain);
+     * const result = await monitored.invoke({ question: 'What is AI?' });
+     * ```
+     */
+    wrapLangChain(chain: any): any;
+}

package/dist/monitor.js

@@ -0,0 +1,308 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VantinelMonitor = void 0;
+const client_1 = require("./client");
+const uuid_1 = require("uuid");
+const crypto = __importStar(require("crypto"));
+class VantinelMonitor {
+    constructor(config = {}) {
+        this.config = {
+            apiKey: process.env.VANTINEL_API_KEY,
+            clientId: process.env.VANTINEL_CLIENT_ID,
+            collectorUrl: process.env.VANTINEL_COLLECTOR_URL || 'http://localhost:8000',
+            agentId: process.env.VANTINEL_AGENT_ID || 'default-agent',
+            ...config,
+            dryRun: process.env.VANTINEL_DRY_RUN === 'true' || config.dryRun,
+            shadowMode: process.env.VANTINEL_SHADOW_MODE === 'true' || config.shadowMode,
+        };
+        if (!this.config.apiKey) {
+            console.warn('[Vantinel] No API Key provided. Monitoring disabled.');
+        }
+        this.globalMetadata = {};
+        this.client = new client_1.VantinelClient(this.config);
+        this.sessionId = (0, uuid_1.v4)();
+    }
+    static getSingleton(config) {
+        if (!VantinelMonitor.instance) {
+            VantinelMonitor.instance = new VantinelMonitor(config ?? {});
+        }
+        return VantinelMonitor.instance;
+    }
+    setGlobalMetadata(metadata) {
+        this.globalMetadata = { ...this.globalMetadata, ...metadata };
+    }
+    mergeMetadata(extra) {
+        const merged = { ...this.globalMetadata, ...(extra ?? {}) };
+        return Object.keys(merged).length > 0 ? merged : undefined;
+    }
+    hashArgs(toolName, args) {
+        const argsStr = JSON.stringify(args);
+        return crypto
+            .createHash('sha256')
+            .update(`${toolName}:${argsStr}`)
+            .digest('hex')
+            .slice(0, 32);
+    }
+    async applyDecision(decision, toolName, estimatedCost) {
+        if (this.config.shadowMode) {
+            if (decision.decision === 'block' || decision.decision === 'require_approval') {
+                const costStr = estimatedCost !== undefined ? `$${estimatedCost.toFixed(2)}` : 'unknown';
+                const reason = decision.decision === 'block' ? 'Policy Violation' : 'Approval Required';
+                console.warn(`[Vantinel Shadow] Would have blocked \`${toolName}\` (${reason}). Estimated savings: ${costStr}`);
+                if (this.config.slackWebhookUrl) {
+                    fetch(this.config.slackWebhookUrl, {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json' },
+                        body: JSON.stringify({
+                            text: `🚨 *Vantinel Shadow Alert*: Would have blocked \`${toolName}\` (${reason}). Estimated savings: *${costStr}*\n_Session: ${this.sessionId}_`,
+                        }),
+                    }).catch(() => { }); // fire-and-forget — never block the agent
+                }
+                return { ...decision, decision: 'allow' };
+            }
+        }
+        return decision;
+    }
+    monitor(toolName, fn, options) {
+        const self = this;
+        return async (...args) => {
+            if (options?.skip) {
+                return await fn(...args);
+            }
+            const argsHash = self.hashArgs(toolName, args);
+            const start = Date.now();
+            const preEvent = {
+                session_id: self.sessionId,
+                agent_id: self.config.agentId,
+                tool_name: toolName,
+                tool_args_hash: argsHash,
+                timestamp: Date.now(),
+                ...(options?.traceId ? { trace_id: options.traceId } : {}),
+                metadata: self.mergeMetadata(),
+            };
+            const rawDecision = await self.client.sendEvent(preEvent);
+            const decision = await self.applyDecision(rawDecision, toolName);
+            if (decision.decision === 'block') {
+                throw new Error(`[Vantinel] Tool blocked: ${decision.message || 'Policy violation'}`);
+            }
+            if (decision.decision === 'require_approval') {
+                console.warn('[Vantinel] Approval required but not implemented in SDK yet. Allowing.');
+            }
+            try {
+                const result = await fn(...args);
+                const latencyMs = Date.now() - start;
+                let estimatedCost;
+                let extraMeta;
+                if (options?.costCalculator) {
+                    const calc = options.costCalculator(result);
+                    estimatedCost = calc.estimated_cost;
+                    extraMeta = calc.metadata;
+                }
+                self.client.sendEvent({
+                    session_id: self.sessionId,
+                    agent_id: self.config.agentId,
+                    tool_name: toolName,
+                    tool_args_hash: argsHash,
+                    timestamp: Date.now(),
+                    latency_ms: latencyMs,
+                    ...(estimatedCost !== undefined ? { estimated_cost: estimatedCost } : {}),
+                    ...(options?.traceId ? { trace_id: options.traceId } : {}),
+                    event_type: 'tool_result',
+                    metadata: self.mergeMetadata(extraMeta),
+                }).catch(() => { });
+                return result;
+            }
+            catch (err) {
+                await self.captureError(toolName, err instanceof Error ? err : new Error(String(err))).catch(() => { });
+                throw err;
+            }
+        };
+    }
+    async captureError(toolName, error, metadata) {
+        await this.client.sendEvent({
+            session_id: this.sessionId,
+            agent_id: this.config.agentId,
+            tool_name: toolName,
+            tool_args_hash: crypto
+                .createHash('sha256')
+                .update(toolName + error.message)
+                .digest('hex')
+                .slice(0, 32),
+            timestamp: Date.now(),
+            event_type: 'tool_error',
+            metadata: this.mergeMetadata({
+                error_message: error.message,
+                error_stack: error.stack,
+                ...(metadata ?? {}),
+            }),
+        });
+    }
+    async ping() {
+        return this.client.ping();
+    }
+    async flush() {
+        return this.client.flush();
+    }
+    async destroy() {
+        return this.client.destroy();
+    }
+    startTrace() {
+        return (0, uuid_1.v4)();
+    }
+    wrapOpenAI(openaiClient) {
+        if (!openaiClient?.chat?.completions?.create) {
+            console.warn('[Vantinel] Provided client does not look like an OpenAI client.');
+            return openaiClient;
+        }
+        const self = this;
+        const originalCreate = openaiClient.chat.completions.create.bind(openaiClient.chat.completions);
+        openaiClient.chat.completions.create = async (params, reqOptions) => {
+            const toolName = 'openai_chat';
+            const argsHash = self.hashArgs(toolName, params);
+            const rawDecision = await self.client.sendEvent({
+                session_id: self.sessionId,
+                agent_id: self.config.agentId,
+                tool_name: toolName,
+                tool_args_hash: argsHash,
+                timestamp: Date.now(),
+                metadata: self.mergeMetadata({ model: params.model }),
+            });
+            const decision = await self.applyDecision(rawDecision, toolName);
+            if (decision.decision === 'block') {
+                throw new Error(`[Vantinel] Blocked: ${decision.message}`);
+            }
+            const start = Date.now();
+            const response = await originalCreate(params, reqOptions);
+            const latencyMs = Date.now() - start;
+            self.client.sendEvent({
+                session_id: self.sessionId,
+                agent_id: self.config.agentId,
+                tool_name: toolName,
+                tool_args_hash: argsHash,
+                timestamp: Date.now(),
+                latency_ms: latencyMs,
+                event_type: 'tool_result',
+                metadata: self.mergeMetadata({ model: params.model }),
+            }).catch(() => { });
+            return response;
+        };
+        return openaiClient;
+    }
+    /**
+     * Wrap any LangChain chain (RunnableSequence, LLMChain, etc.) for zero-config monitoring.
+     *
+     * ```ts
+     * const chain = prompt.pipe(llm).pipe(parser);
+     * const monitored = monitor.wrapLangChain(chain);
+     * const result = await monitored.invoke({ question: 'What is AI?' });
+     * ```
+     */
+    wrapLangChain(chain) {
+        const self = this;
+        const chainName = chain.constructor?.name ?? 'chain';
+        const sendLatencyEvent = (toolLabel, argsHash, latencyMs) => {
+            self.client
+                .sendEvent({
+                session_id: self.sessionId,
+                agent_id: self.config.agentId,
+                tool_name: toolLabel,
+                tool_args_hash: argsHash,
+                timestamp: Date.now(),
+                latency_ms: latencyMs,
+                event_type: 'tool_result',
+                metadata: self.mergeMetadata(),
+            })
+                .catch((err) => {
+                console.warn('[Vantinel] Failed to send latency event:', err.message);
+            });
+        };
+        const preCheck = async (toolLabel, argsHash) => {
+            const rawDecision = await self.client.sendEvent({
+                session_id: self.sessionId,
+                agent_id: self.config.agentId,
+                tool_name: toolLabel,
+                tool_args_hash: argsHash,
+                timestamp: Date.now(),
+                metadata: self.mergeMetadata(),
+            });
+            const decision = await self.applyDecision(rawDecision, toolLabel);
+            if (decision.decision === 'block') {
+                throw new Error(`[Vantinel] Blocked: ${decision.message || 'Policy violation'}`);
+            }
+        };
+        const wrapMethod = (methodName) => async (...args) => {
+            const argsHash = crypto
+                .createHash('sha256')
+                .update(JSON.stringify(args))
+                .digest('hex')
+                .slice(0, 32);
+            const toolLabel = `langchain_${chainName}_${methodName}`;
+            await preCheck(toolLabel, argsHash);
+            const start = Date.now();
+            if (methodName === 'stream') {
+                const stream = await chain[methodName](...args);
+                // Wrap the async iterator to measure total stream duration
+                async function* wrappedStream() {
+                    try {
+                        for await (const chunk of stream) {
+                            yield chunk;
+                        }
+                    }
+                    finally {
+                        const latencyMs = Date.now() - start;
+                        sendLatencyEvent(toolLabel, argsHash, latencyMs);
+                    }
+                }
+                return wrappedStream();
+            }
+            const result = await chain[methodName](...args);
+            const latencyMs = Date.now() - start;
+            sendLatencyEvent(toolLabel, argsHash, latencyMs);
+            return result;
+        };
+        return new Proxy(chain, {
+            get(target, prop) {
+                if (prop === 'invoke' || prop === 'call' || prop === 'run' || prop === 'stream') {
+                    return wrapMethod(prop);
+                }
+                const val = target[prop];
+                return typeof val === 'function' ? val.bind(target) : val;
+            },
+        });
+    }
+}
+exports.VantinelMonitor = VantinelMonitor;
+VantinelMonitor.instance = null;

package/dist/security.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Generate HMAC-SHA256 signature for request authentication.
+ * Covers timestamp + body to prevent replay attacks and tampering.
+ */
+export declare function hmacSign(apiKey: string, timestamp: number, body: string, nonce?: string): string;
+/**
+ * Validate that collector URL uses HTTPS for non-local endpoints.
+ */
+export declare function validateCollectorUrl(url: string): string;
+/**
+ * Generate a cryptographically random nonce (16 bytes, hex-encoded).
+ */
+export declare function generateNonce(): string;
+/**
+ * Redact an API key for safe logging.
+ */
+export declare function redactApiKey(apiKey: string): string;

package/dist/security.js

@@ -0,0 +1,82 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hmacSign = hmacSign;
+exports.validateCollectorUrl = validateCollectorUrl;
+exports.generateNonce = generateNonce;
+exports.redactApiKey = redactApiKey;
+const crypto = __importStar(require("crypto"));
+/**
+ * Generate HMAC-SHA256 signature for request authentication.
+ * Covers timestamp + body to prevent replay attacks and tampering.
+ */
+function hmacSign(apiKey, timestamp, body, nonce) {
+    const message = nonce ? `${timestamp}.${nonce}.${body}` : `${timestamp}.${body}`;
+    return crypto.createHmac('sha256', apiKey).update(message).digest('hex');
+}
+/**
+ * Validate that collector URL uses HTTPS for non-local endpoints.
+ */
+function validateCollectorUrl(url) {
+    if (url.startsWith('https://'))
+        return url;
+    const allowedInsecure = [
+        'http://localhost', 'http://127.0.0.1', 'http://0.0.0.0',
+        'http://[::1]', 'http://10.', 'http://192.168.',
+    ];
+    // Include 172.16-31 range
+    for (let i = 16; i <= 31; i++) {
+        allowedInsecure.push(`http://172.${i}.`);
+    }
+    for (const prefix of allowedInsecure) {
+        if (url.startsWith(prefix))
+            return url;
+    }
+    throw new Error(`Collector URL must use HTTPS for non-local endpoints. Got: ${url}`);
+}
+/**
+ * Generate a cryptographically random nonce (16 bytes, hex-encoded).
+ */
+function generateNonce() {
+    return crypto.randomBytes(16).toString('hex');
+}
+/**
+ * Redact an API key for safe logging.
+ */
+function redactApiKey(apiKey) {
+    if (apiKey.length <= 8)
+        return '****';
+    return `${apiKey.slice(0, 4)}****${apiKey.slice(-4)}`;
+}

package/package.json

@@ -0,0 +1,49 @@
+{
+  "name": "@vantinelai/node-sdk",
+  "version": "0.4.5",
+  "description": "Vantinel AI Observability & Guardrails SDK for Node.js",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "build:secure": "tsc && javascript-obfuscator dist/ --output dist/ --compact true --control-flow-flattening true --dead-code-injection true --string-array true --string-array-encoding rc4 --self-defending true",
+    "prepublishOnly": "npm run build",
+    "test": "jest"
+  },
+  "files": [
+    "dist/",
+    "README.md",
+    "LICENSE"
+  ],
+  "keywords": [
+    "ai",
+    "llm",
+    "observability",
+    "guardrails",
+    "agent"
+  ],
+  "author": "Vantinel AI <support@vantinel.com>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/vantinel/vantinel-node.git",
+    "directory": "packages/node-sdk"
+  },
+  "homepage": "https://github.com/vantinel/vantinel-node/tree/main/packages/node-sdk#readme",
+  "bugs": {
+    "url": "https://github.com/vantinel/vantinel-node/issues"
+  },
+  "dependencies": {
+    "axios": "^1.6.0",
+    "uuid": "^9.0.0"
+  },
+  "devDependencies": {
+    "@types/jest": "^30.0.0",
+    "@types/node": "^20.0.0",
+    "@types/uuid": "^9.0.0",
+    "javascript-obfuscator": "^4.1.0",
+    "jest": "^29.0.0",
+    "ts-jest": "^29.0.0",
+    "typescript": "^5.0.0"
+  }
+}