@wytness/sdk 0.5.0 → 0.7.0

package/dist/index.cjs

@@ -163,7 +163,7 @@ async function sendOne(apiUrl, apiKey, body) {
     body,
     signal: AbortSignal.timeout(1e4)
   });
-  if (resp.status !== 201) {
+  if (resp.status !== 201 && resp.status !== 202) {
     throw new Error(`HTTP ${resp.status}`);
   }
   return true;
@@ -284,7 +284,7 @@ var SessionTokenizer = class {
   pseudonymizeValue(value, fieldPath = "") {
     if (!value || !value.trim())
       return value;
-    if (this._piiFields.includes(fieldPath)) {
+    if (this.matchPiiField(fieldPath)) {
       if (this._reverseMap[value])
         return this._reverseMap[value];
       const pseudonym = hmacPseudonym(value, this._hmacSecret);
@@ -293,6 +293,19 @@ var SessionTokenizer = class {
     }
     return value;
   }
+  matchPiiField(path) {
+    if (!path)
+      return false;
+    if (this._piiFields.includes(path))
+      return true;
+    const stripped = path.replace(/\[\d+\]/g, "");
+    if (this._piiFields.includes(stripped))
+      return true;
+    const wildcarded = path.replace(/\[\d+\]/g, "[]");
+    if (this._piiFields.includes(wildcarded))
+      return true;
+    return false;
+  }
   pseudonymizeText(text) {
     if (!text)
       return text;
@@ -316,20 +329,46 @@ var SessionTokenizer = class {
     }
     return text;
   }
+  /**
+   * Pseudonymize tool parameters, preserving nested structure.
+   *
+   * Walks objects and arrays recursively. Keys whose names match
+   * SECRET_PATTERN are replaced with "[REDACTED]". Primitive string values
+   * at paths listed in piiFields are fully pseudonymized; other strings are
+   * scanned with regex patterns.
+   *
+   * Paths use dot notation ("fields.abn") and [index] for arrays
+   * ("entities[0].name"). A piiFields entry matches by exact path, by
+   * index-stripped path ("entities.name"), or wildcard ("entities[].name").
+   */
   pseudonymizeParams(params) {
-    const result = {};
-    for (const [k, v] of Object.entries(params)) {
-      if (SECRET_PATTERN.test(k)) {
-        result[k] = "[REDACTED]";
-      } else if (this._piiFields.includes(k)) {
-        const val = String(v).slice(0, 500);
-        result[k] = this.pseudonymizeValue(val, k);
-      } else {
-        const val = String(v).slice(0, 500);
-        result[k] = this.pseudonymizeText(val);
+    return this.walk(params, "");
+  }
+  walk(value, path) {
+    if (value === null || value === void 0)
+      return value;
+    if (typeof value === "boolean" || typeof value === "number")
+      return value;
+    if (Array.isArray(value)) {
+      return value.map((item, i) => this.walk(item, `${path}[${i}]`));
+    }
+    if (typeof value === "object") {
+      const out = {};
+      for (const [k, v] of Object.entries(value)) {
+        if (SECRET_PATTERN.test(k)) {
+          out[k] = "[REDACTED]";
+          continue;
+        }
+        const childPath = path ? `${path}.${k}` : k;
+        out[k] = this.walk(v, childPath);
       }
+      return out;
     }
-    return result;
+    const text = String(value).slice(0, 500);
+    if (this.matchPiiField(path)) {
+      return this.pseudonymizeValue(text, path);
+    }
+    return this.pseudonymizeText(text);
   }
   /**
    * Encrypt the token map with the customer's X25519 public key.
@@ -430,10 +469,21 @@ var AuditClient = class {
   get tokenizer() {
     return this._tokenizer;
   }
-  /** Record an audit event. Never throws — errors are logged and swallowed. */
+  /**
+   * Record an audit event. Never throws — errors are logged and swallowed.
+   *
+   * If the client was configured with pseudonymization (piiHmacSecret +
+   * encryptionPublicKey), the event is automatically pseudonymized before
+   * signing — tool_parameters and response/prompt are walked and declared
+   * piiFields (supports dotted paths for nested keys) are replaced with
+   * deterministic tokens. The encrypted token map is attached.
+   */
   record(event) {
     try {
-      const d = { ...event };
+      let d = { ...event };
+      if (this._tokenizer) {
+        d = this.applyTokenizer(d);
+      }
       d["prev_event_hash"] = this._prevEventHash;
       d["signature"] = signEvent(d, this._secretKey);
       this._prevEventHash = computeEventHash(d);
@@ -442,6 +492,22 @@ var AuditClient = class {
       console.error(`wytness: failed to record event: ${e}`);
     }
   }
+  applyTokenizer(d) {
+    const tokenizer = this._tokenizer;
+    const params = d["tool_parameters"] ?? {};
+    d["tool_parameters"] = tokenizer.pseudonymizeParams(params);
+    const prompt = d["prompt"];
+    if (prompt) {
+      d["prompt"] = tokenizer.pseudonymizeText(String(prompt));
+    }
+    const response = d["response"];
+    if (response) {
+      d["response"] = tokenizer.pseudonymizeText(String(response).slice(0, 5e3));
+    }
+    d["encrypted_token_map"] = tokenizer.encryptTokenMap();
+    d["pseudonymization_version"] = d["pseudonymization_version"] || "1.0";
+    return d;
+  }
   /**
    * Wait for all pending HTTP requests to complete.
    * Call this before process exit in serverless/short-lived environments
@@ -492,9 +558,7 @@ function recordEvent(client, toolName, taskId, prompt, args, start, status, erro
   const outputsHash = result != null ? hashValue(result) : "";
   const tokenizer = client.tokenizer;
   if (tokenizer) {
-    const pseudonymizedParams = tokenizer.pseudonymizeParams(params);
-    const pseudonymizedPrompt = prompt ? tokenizer.pseudonymizeText(prompt) : "";
-    const response = result != null ? tokenizer.pseudonymizeText(String(result).slice(0, RESPONSE_MAX_CHARS)) : "";
+    const responseRaw = result != null ? String(result).slice(0, RESPONSE_MAX_CHARS) : "";
     const event = AuditEventSchema.parse({
       agent_id: client.agentId,
       agent_version: client.agentVersion,
@@ -502,16 +566,14 @@ function recordEvent(client, toolName, taskId, prompt, args, start, status, erro
       task_id: taskId,
       session_id: client.sessionId,
       tool_name: toolName,
-      tool_parameters: pseudonymizedParams,
-      prompt: pseudonymizedPrompt,
+      tool_parameters: params,
+      prompt,
       inputs_hash: hashValue(args),
       outputs_hash: outputsHash,
-      response,
+      response: responseRaw,
       status,
       error_code: errorCode,
-      duration_ms: Math.round(performance.now() - start),
-      encrypted_token_map: tokenizer.encryptTokenMap(),
-      pseudonymization_version: "1.0"
+      duration_ms: Math.round(performance.now() - start)
     });
     client.record(event);
   } else {

package/dist/index.d.cts

@@ -134,8 +134,22 @@ declare class SessionTokenizer {
     get tokenMap(): Record<string, string>;
     private addMapping;
     pseudonymizeValue(value: string, fieldPath?: string): string;
+    private matchPiiField;
     pseudonymizeText(text: string): string;
-    pseudonymizeParams(params: Record<string, unknown>): Record<string, unknown>;
+    /**
+     * Pseudonymize tool parameters, preserving nested structure.
+     *
+     * Walks objects and arrays recursively. Keys whose names match
+     * SECRET_PATTERN are replaced with "[REDACTED]". Primitive string values
+     * at paths listed in piiFields are fully pseudonymized; other strings are
+     * scanned with regex patterns.
+     *
+     * Paths use dot notation ("fields.abn") and [index] for arrays
+     * ("entities[0].name"). A piiFields entry matches by exact path, by
+     * index-stripped path ("entities.name"), or wildcard ("entities[].name").
+     */
+    pseudonymizeParams(params: unknown): unknown;
+    private walk;
     /**
      * Encrypt the token map with the customer's X25519 public key.
      *
@@ -178,8 +192,17 @@ declare class AuditClient {
     constructor(options: AuditClientOptions);
     get sessionId(): string;
     get tokenizer(): SessionTokenizer | null;
-    /** Record an audit event. Never throws — errors are logged and swallowed. */
+    /**
+     * Record an audit event. Never throws — errors are logged and swallowed.
+     *
+     * If the client was configured with pseudonymization (piiHmacSecret +
+     * encryptionPublicKey), the event is automatically pseudonymized before
+     * signing — tool_parameters and response/prompt are walked and declared
+     * piiFields (supports dotted paths for nested keys) are replaced with
+     * deterministic tokens. The encrypted token map is attached.
+     */
     record(event: AuditEvent): void;
+    private applyTokenizer;
     /**
      * Wait for all pending HTTP requests to complete.
      * Call this before process exit in serverless/short-lived environments

package/dist/index.d.ts

@@ -134,8 +134,22 @@ declare class SessionTokenizer {
     get tokenMap(): Record<string, string>;
     private addMapping;
     pseudonymizeValue(value: string, fieldPath?: string): string;
+    private matchPiiField;
     pseudonymizeText(text: string): string;
-    pseudonymizeParams(params: Record<string, unknown>): Record<string, unknown>;
+    /**
+     * Pseudonymize tool parameters, preserving nested structure.
+     *
+     * Walks objects and arrays recursively. Keys whose names match
+     * SECRET_PATTERN are replaced with "[REDACTED]". Primitive string values
+     * at paths listed in piiFields are fully pseudonymized; other strings are
+     * scanned with regex patterns.
+     *
+     * Paths use dot notation ("fields.abn") and [index] for arrays
+     * ("entities[0].name"). A piiFields entry matches by exact path, by
+     * index-stripped path ("entities.name"), or wildcard ("entities[].name").
+     */
+    pseudonymizeParams(params: unknown): unknown;
+    private walk;
     /**
      * Encrypt the token map with the customer's X25519 public key.
      *
@@ -178,8 +192,17 @@ declare class AuditClient {
     constructor(options: AuditClientOptions);
     get sessionId(): string;
     get tokenizer(): SessionTokenizer | null;
-    /** Record an audit event. Never throws — errors are logged and swallowed. */
+    /**
+     * Record an audit event. Never throws — errors are logged and swallowed.
+     *
+     * If the client was configured with pseudonymization (piiHmacSecret +
+     * encryptionPublicKey), the event is automatically pseudonymized before
+     * signing — tool_parameters and response/prompt are walked and declared
+     * piiFields (supports dotted paths for nested keys) are replaced with
+     * deterministic tokens. The encrypted token map is attached.
+     */
     record(event: AuditEvent): void;
+    private applyTokenizer;
     /**
      * Wait for all pending HTTP requests to complete.
      * Call this before process exit in serverless/short-lived environments

package/dist/index.js

@@ -115,7 +115,7 @@ async function sendOne(apiUrl, apiKey, body) {
     body,
     signal: AbortSignal.timeout(1e4)
   });
-  if (resp.status !== 201) {
+  if (resp.status !== 201 && resp.status !== 202) {
     throw new Error(`HTTP ${resp.status}`);
   }
   return true;
@@ -236,7 +236,7 @@ var SessionTokenizer = class {
   pseudonymizeValue(value, fieldPath = "") {
     if (!value || !value.trim())
       return value;
-    if (this._piiFields.includes(fieldPath)) {
+    if (this.matchPiiField(fieldPath)) {
       if (this._reverseMap[value])
         return this._reverseMap[value];
       const pseudonym = hmacPseudonym(value, this._hmacSecret);
@@ -245,6 +245,19 @@ var SessionTokenizer = class {
     }
     return value;
   }
+  matchPiiField(path) {
+    if (!path)
+      return false;
+    if (this._piiFields.includes(path))
+      return true;
+    const stripped = path.replace(/\[\d+\]/g, "");
+    if (this._piiFields.includes(stripped))
+      return true;
+    const wildcarded = path.replace(/\[\d+\]/g, "[]");
+    if (this._piiFields.includes(wildcarded))
+      return true;
+    return false;
+  }
   pseudonymizeText(text) {
     if (!text)
       return text;
@@ -268,20 +281,46 @@ var SessionTokenizer = class {
     }
     return text;
   }
+  /**
+   * Pseudonymize tool parameters, preserving nested structure.
+   *
+   * Walks objects and arrays recursively. Keys whose names match
+   * SECRET_PATTERN are replaced with "[REDACTED]". Primitive string values
+   * at paths listed in piiFields are fully pseudonymized; other strings are
+   * scanned with regex patterns.
+   *
+   * Paths use dot notation ("fields.abn") and [index] for arrays
+   * ("entities[0].name"). A piiFields entry matches by exact path, by
+   * index-stripped path ("entities.name"), or wildcard ("entities[].name").
+   */
   pseudonymizeParams(params) {
-    const result = {};
-    for (const [k, v] of Object.entries(params)) {
-      if (SECRET_PATTERN.test(k)) {
-        result[k] = "[REDACTED]";
-      } else if (this._piiFields.includes(k)) {
-        const val = String(v).slice(0, 500);
-        result[k] = this.pseudonymizeValue(val, k);
-      } else {
-        const val = String(v).slice(0, 500);
-        result[k] = this.pseudonymizeText(val);
+    return this.walk(params, "");
+  }
+  walk(value, path) {
+    if (value === null || value === void 0)
+      return value;
+    if (typeof value === "boolean" || typeof value === "number")
+      return value;
+    if (Array.isArray(value)) {
+      return value.map((item, i) => this.walk(item, `${path}[${i}]`));
+    }
+    if (typeof value === "object") {
+      const out = {};
+      for (const [k, v] of Object.entries(value)) {
+        if (SECRET_PATTERN.test(k)) {
+          out[k] = "[REDACTED]";
+          continue;
+        }
+        const childPath = path ? `${path}.${k}` : k;
+        out[k] = this.walk(v, childPath);
       }
+      return out;
     }
-    return result;
+    const text = String(value).slice(0, 500);
+    if (this.matchPiiField(path)) {
+      return this.pseudonymizeValue(text, path);
+    }
+    return this.pseudonymizeText(text);
   }
   /**
    * Encrypt the token map with the customer's X25519 public key.
@@ -382,10 +421,21 @@ var AuditClient = class {
   get tokenizer() {
     return this._tokenizer;
   }
-  /** Record an audit event. Never throws — errors are logged and swallowed. */
+  /**
+   * Record an audit event. Never throws — errors are logged and swallowed.
+   *
+   * If the client was configured with pseudonymization (piiHmacSecret +
+   * encryptionPublicKey), the event is automatically pseudonymized before
+   * signing — tool_parameters and response/prompt are walked and declared
+   * piiFields (supports dotted paths for nested keys) are replaced with
+   * deterministic tokens. The encrypted token map is attached.
+   */
   record(event) {
     try {
-      const d = { ...event };
+      let d = { ...event };
+      if (this._tokenizer) {
+        d = this.applyTokenizer(d);
+      }
       d["prev_event_hash"] = this._prevEventHash;
       d["signature"] = signEvent(d, this._secretKey);
       this._prevEventHash = computeEventHash(d);
@@ -394,6 +444,22 @@ var AuditClient = class {
       console.error(`wytness: failed to record event: ${e}`);
     }
   }
+  applyTokenizer(d) {
+    const tokenizer = this._tokenizer;
+    const params = d["tool_parameters"] ?? {};
+    d["tool_parameters"] = tokenizer.pseudonymizeParams(params);
+    const prompt = d["prompt"];
+    if (prompt) {
+      d["prompt"] = tokenizer.pseudonymizeText(String(prompt));
+    }
+    const response = d["response"];
+    if (response) {
+      d["response"] = tokenizer.pseudonymizeText(String(response).slice(0, 5e3));
+    }
+    d["encrypted_token_map"] = tokenizer.encryptTokenMap();
+    d["pseudonymization_version"] = d["pseudonymization_version"] || "1.0";
+    return d;
+  }
   /**
    * Wait for all pending HTTP requests to complete.
    * Call this before process exit in serverless/short-lived environments
@@ -444,9 +510,7 @@ function recordEvent(client, toolName, taskId, prompt, args, start, status, erro
   const outputsHash = result != null ? hashValue(result) : "";
   const tokenizer = client.tokenizer;
   if (tokenizer) {
-    const pseudonymizedParams = tokenizer.pseudonymizeParams(params);
-    const pseudonymizedPrompt = prompt ? tokenizer.pseudonymizeText(prompt) : "";
-    const response = result != null ? tokenizer.pseudonymizeText(String(result).slice(0, RESPONSE_MAX_CHARS)) : "";
+    const responseRaw = result != null ? String(result).slice(0, RESPONSE_MAX_CHARS) : "";
     const event = AuditEventSchema.parse({
       agent_id: client.agentId,
       agent_version: client.agentVersion,
@@ -454,16 +518,14 @@ function recordEvent(client, toolName, taskId, prompt, args, start, status, erro
       task_id: taskId,
       session_id: client.sessionId,
       tool_name: toolName,
-      tool_parameters: pseudonymizedParams,
-      prompt: pseudonymizedPrompt,
+      tool_parameters: params,
+      prompt,
       inputs_hash: hashValue(args),
       outputs_hash: outputsHash,
-      response,
+      response: responseRaw,
       status,
       error_code: errorCode,
-      duration_ms: Math.round(performance.now() - start),
-      encrypted_token_map: tokenizer.encryptTokenMap(),
-      pseudonymization_version: "1.0"
+      duration_ms: Math.round(performance.now() - start)
     });
     client.record(event);
   } else {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wytness/sdk",
-  "version": "0.5.0",
+  "version": "0.7.0",
   "description": "TypeScript SDK for Wytness — audit logging for AI agents with cryptographic signing and chain integrity",
   "license": "MIT",
   "author": "Wytness <hello@wytness.dev>",