agentid-sdk 0.1.22 → 0.1.23

package/README.md

@@ -205,6 +205,56 @@ By default, AgentID is designed to keep your application running if the AgentID
 - Local prompt-injection heuristics are enabled only when dashboard policy enables injection blocking (`block_on_heuristic` / legacy injection flags). `strictMode` does not force local heuristic blocking.
 - Ingest retries transient failures (5xx/429) and logs warnings if persistence fails.
 
+### Event Identity Model
+
+For consistent lifecycle correlation in Activity/Prompts, use this model:
+
+- `client_event_id`: external correlation ID for one end-to-end action.
+- `guard_event_id`: ID of the preflight guard event returned by `guard()`.
+- `event_id` on `log()`: idempotency key for ingest. In the JS SDK it is canonicalized to `client_event_id` for stable one-row lifecycle updates.
+
+SDK behavior:
+
+- `guard()` sends `client_event_id` and returns canonical `client_event_id` + `guard_event_id`.
+- `log()` sends:
+  - `event_id = canonical client_event_id`
+  - `metadata.client_event_id`
+  - `metadata.guard_event_id` (when available from wrappers/callbacks)
+  - `x-correlation-id = client_event_id`
+- SDK requests include `x-agentid-sdk-version` for telemetry/version diagnostics.
+
+This keeps Guard + Complete linked under one correlation key while preserving internal event linkage in the dashboard.
+
+### Policy-Pack Runtime Telemetry
+
+When the backend uses compiled policy packs, runtime metadata includes:
+
+- `policy_pack_version`: active compiled artifact version.
+- `policy_pack_fallback`: `true` means fallback detector path was used.
+- `policy_pack_details`: optional diagnostic detail for fallback/decision trace.
+
+Latency interpretation:
+
+- Activity `Latency (ms)` maps to synchronous processing (`processing_time_ms`).
+- Async AI audit time is separate (`ai_audit_duration_ms`) and can be higher.
+- First request after warm-up boundaries can be slower than steady-state requests.
+
+### Monorepo QA Commands (Maintainers)
+
+If you are validating runtime in the AgentID monorepo:
+
+```bash
+npm run qa:policy-pack-bootstrap -- --base-url=http://127.0.0.1:3000/api/v1 --system-id=<SYSTEM_UUID>
+npm run bench:policy-pack-hotpath
+```
+
+PowerShell diagnostics:
+
+```powershell
+powershell -ExecutionPolicy Bypass -File .\scripts\qa\run-guard-diagnostic.ps1 -BaseUrl http://127.0.0.1:3000/api/v1 -ApiKey $env:AGENTID_API_KEY -SystemId $env:AGENTID_SYSTEM_ID -SkipBenchmark
+powershell -ExecutionPolicy Bypass -File .\scripts\qa\run-ai-label-audit-check.ps1 -BaseUrl http://127.0.0.1:3000/api/v1 -ApiKey $env:AGENTID_API_KEY -SystemId $env:AGENTID_SYSTEM_ID -Model gpt-4o-mini
+```
+
 ## 7. Security & Compliance
 
 - Optional local PII masking and local policy enforcement before model dispatch.

package/dist/{chunk-FVTL572H.mjs → chunk-4FSEYTEC.mjs}

@@ -970,11 +970,87 @@ var PHONE_CONTEXT_RE = new RegExp(
   `(?:^|[^\\p{L}])(?:${PHONE_CONTEXT_KEYWORDS.map(escapeRegex).join("|")})(?:$|[^\\p{L}])`,
   "iu"
 );
+var PERSON_NAME_STOPWORDS = /* @__PURE__ */ new Set([
+  "write",
+  "code",
+  "script",
+  "query",
+  "curl",
+  "http",
+  "https",
+  "import",
+  "python",
+  "javascript",
+  "typescript",
+  "node",
+  "bash",
+  "powershell",
+  "shell",
+  "command",
+  "example",
+  "demo",
+  "developer",
+  "mode",
+  "system",
+  "prompt",
+  "policy",
+  "security",
+  "instructions",
+  "instruction",
+  "rules",
+  "rule",
+  "json",
+  "output",
+  "input",
+  "database",
+  "sql",
+  "mongo",
+  "openai",
+  "agentid",
+  "risk",
+  "score",
+  "summary"
+]);
+var TECHNICAL_CONTEXT_WORD_REGEX = /\b(?:curl|http|https|import|python|javascript|typescript|sql|nosql|mongo|database|query|script|code|os\.system|eval|exec|node|npm|api|endpoint|regex|json|xml|yaml|bash|powershell)\b/i;
+var TECHNICAL_CONTEXT_SYMBOL_REGEX = /:\/\/|`|\{|\}|\[|\]|\(|\)|;|\$|=>|::|\/\//;
 function hasPhoneContext(text, matchStartIndex, windowSize = 50) {
   const start = Math.max(0, matchStartIndex - windowSize);
   const windowLower = text.slice(start, matchStartIndex).toLowerCase();
   return PHONE_CONTEXT_RE.test(windowLower);
 }
+function normalizePersonWord(value) {
+  return value.normalize("NFD").replace(/\p{M}+/gu, "").toLowerCase();
+}
+function buildContextWindow(source, index, length) {
+  const start = Math.max(0, index - 28);
+  const end = Math.min(source.length, index + length + 28);
+  return source.slice(start, end);
+}
+function isTechnicalContext(contextWindow) {
+  return TECHNICAL_CONTEXT_WORD_REGEX.test(contextWindow) || TECHNICAL_CONTEXT_SYMBOL_REGEX.test(contextWindow);
+}
+function isLikelyPersonNameCandidate(candidate, contextWindow) {
+  const words = candidate.trim().split(/\s+/);
+  if (words.length !== 2) {
+    return false;
+  }
+  if (isTechnicalContext(contextWindow)) {
+    return false;
+  }
+  for (const rawWord of words) {
+    const normalized = normalizePersonWord(rawWord);
+    if (normalized.length < 2) {
+      return false;
+    }
+    if (PERSON_NAME_STOPWORDS.has(normalized)) {
+      return false;
+    }
+    if (!/^\p{L}[\p{L}'-]+$/u.test(rawWord)) {
+      return false;
+    }
+  }
+  return true;
+}
 var PIIManager = class {
   /**
    * Reversible local-first masking using <TYPE_INDEX> placeholders.
@@ -1019,7 +1095,12 @@ var PIIManager = class {
       const personRe = /(?<!\p{L})\p{Lu}\p{Ll}{2,}\s+\p{Lu}\p{Ll}{2,}(?!\p{L})/gu;
       for (const m of text.matchAll(personRe)) {
         if (m.index == null) continue;
-        detections.push({ start: m.index, end: m.index + m[0].length, type: "PERSON", text: m[0] });
+        const candidate = m[0];
+        const contextWindow = buildContextWindow(text, m.index, candidate.length);
+        if (!isLikelyPersonNameCandidate(candidate, contextWindow)) {
+          continue;
+        }
+        detections.push({ start: m.index, end: m.index + candidate.length, type: "PERSON", text: candidate });
       }
       const nationalIdMatches = detectNationalIdentifiers(text, {
         deadlineMs: defaultScanDeadlineMs,
@@ -1090,15 +1171,15 @@ var DE_STOPWORDS = /* @__PURE__ */ new Set(["bitte", "anweisung", "system", "reg
 var HEURISTIC_RULES = [
   {
     name: "heuristic_combo_ignore_instructions",
-    re: /\b(ignore|disregard|forget|override|bypass|disable|jailbreak|dan|ignoruj|zapomen|obejdi|prepis)\b[\s\S]{0,120}\b(instruction(?:s)?|previous|system|developer|policy|rules|guardrails|safety|instrukce|pokyny|pravidla|syst[eé]m|bezpecnost|politika)\b/i
+    re: /\b(ignore|disregard|forget|override|bypass|disable|jailbreak|dan|ignoruj|zapomen|obejdi|prepis)\b[\s\S]{0,160}\b(instruction(?:s)?|previous|system|developer|policy|rules?|guardrails|safety|instrukce|pokyny|pravidla|systemove?|bezpecnost(?:ni)?|politika)\b/i
   },
   {
     name: "heuristic_combo_instruction_override_reverse",
-    re: /\b(instruction(?:s)?|previous|system|developer|policy|rules|guardrails|safety|instrukce|pokyny|pravidla|syst[eé]m|bezpecnost|politika)\b[\s\S]{0,120}\b(ignore|disregard|forget|override|bypass|disable|jailbreak|dan|ignoruj|zapomen|obejdi|prepis)\b/i
+    re: /\b(instruction(?:s)?|previous|system|developer|policy|rules?|guardrails|safety|instrukce|pokyny|pravidla|systemove?|bezpecnost(?:ni)?|politika)\b[\s\S]{0,160}\b(ignore|disregard|forget|override|bypass|disable|jailbreak|dan|ignoruj|zapomen|obejdi|prepis)\b/i
   },
   {
     name: "heuristic_combo_exfil_system_prompt",
-    re: /\b(show|reveal|print|dump|leak|display|expose|tell|extract|ukaz|zobraz|vypis|odhal|prozrad)\b[\s\S]{0,140}\b(system prompt|system instruction(?:s)?|developer message|hidden prompt|internal instruction(?:s)?|policy|guardrails|intern[ií] instrukce)\b/i
+    re: /\b(show|reveal|print|dump|leak|display|expose|tell|extract|ukaz|zobraz|vypis|odhal|prozrad)\b[\s\S]{0,180}\b(system prompt|system instruction(?:s)?|developer message|hidden prompt|internal instruction(?:s)?|policy|guardrails|interni instrukce|systemove nastaveni)\b/i
   },
   {
     name: "heuristic_role_prefix_system_developer",
@@ -1107,6 +1188,14 @@ var HEURISTIC_RULES = [
   {
     name: "heuristic_delimiter_system_prompt",
     re: /\b(begin|start)\s+(system|developer)\s+prompt\b|\bend\s+(system|developer)\s+prompt\b/i
+  },
+  {
+    name: "heuristic_developer_mode_override",
+    re: /\b(developer\s*mode|dev\s*mode)\b[\s\S]{0,200}\b(ignore|bypass|disable|override|ignoruj|obejdi|zapomen)\b/i
+  },
+  {
+    name: "heuristic_czech_injection_phrase",
+    re: /\b(zapomen|ignoruj)\b[\s\S]{0,220}\b(predchozi\s+instrukce|bezpecnostni\s+pravidla|systemove\s+nastaveni)\b/i
   }
 ];
 var scannerSingleton = null;
@@ -1157,6 +1246,9 @@ ${input.slice(-WINDOW_SLICE_SIZE)}`;
 [...]
 ${input.slice(tailStart)}`;
 }
+function normalizeForHeuristics(input) {
+  return input.toLowerCase().normalize("NFD").replace(/[\u0300-\u036f]/g, "").replace(/\s+/g, " ").trim();
+}
 function scoreStopwords(tokens, stopwords) {
   let score = 0;
   for (const token of tokens) {
@@ -1199,9 +1291,10 @@ function findRegexMatch(prompt) {
   if (!prompt) {
     return null;
   }
+  const normalizedPrompt = normalizeForHeuristics(prompt);
   for (const rule of HEURISTIC_RULES) {
     try {
-      const match = rule.re.exec(prompt);
+      const match = rule.re.exec(normalizedPrompt);
       if (match && typeof match[0] === "string" && match[0].trim()) {
         return {
           rule: rule.name,
@@ -1462,7 +1555,7 @@ function getInjectionScanner() {
 
 // src/sdk-version.ts
 var FALLBACK_SDK_VERSION = "js-0.0.0-dev";
-var AGENTID_SDK_VERSION_HEADER = "js-0.1.22".trim().length > 0 ? "js-0.1.22" : FALLBACK_SDK_VERSION;
+var AGENTID_SDK_VERSION_HEADER = "js-0.1.23".trim().length > 0 ? "js-0.1.23" : FALLBACK_SDK_VERSION;
 
 // src/local-security-enforcer.ts
 var DEFAULT_FAIL_OPEN_CONFIG = {
@@ -1476,6 +1569,14 @@ var DEFAULT_FAIL_OPEN_CONFIG = {
   block_toxicity: false
 };
 var SQL_DATABASE_ACCESS_PATTERN = /\b(SELECT|INSERT|UPDATE|DELETE|DROP|UNION|ALTER)\b[\s\S]+?\b(FROM|INTO|TABLE|DATABASE|VIEW|INDEX)\b/i;
+var NOSQL_DATABASE_ACCESS_PATTERNS = [
+  /\bdb\.[A-Za-z_][A-Za-z0-9_]*\.(find|findOne|aggregate|updateOne|updateMany|deleteOne|deleteMany|insertOne|insertMany)\s*\(/i,
+  /\b(collection|mongodb)\.(find|findOne|aggregate|updateOne|updateMany|deleteOne|deleteMany|insertOne|insertMany)\s*\(/i,
+  /\b\$where\b/i,
+  /\b\$expr\b/i,
+  /\b\$regex\b/i,
+  /\bMongoClient\.connect\s*\(/i
+];
 var PYTHON_GENERAL_RCE_PATTERN = /(import\s+(os|sys|subprocess)|from\s+(os|sys|subprocess)\s+import|exec\s*\(|eval\s*\(|__import__)/i;
 var SHELL_BASH_RCE_PATTERN = /(wget\s+|curl\s+|rm\s+-rf|chmod\s+\+x|cat\s+\/etc\/passwd|\/bin\/sh|\/bin\/bash)/i;
 var JAVASCRIPT_RCE_PATTERN = /(new\s+Function\(|process\.env|child_process)/i;
@@ -1489,8 +1590,15 @@ var SecurityPolicyViolationError = class extends Error {
   }
 };
 function detectCapabilityViolation(text, config) {
-  if (config.block_db_access && SQL_DATABASE_ACCESS_PATTERN.test(text)) {
-    return "SQL_INJECTION_ATTEMPT";
+  if (config.block_db_access) {
+    if (SQL_DATABASE_ACCESS_PATTERN.test(text)) {
+      return "SQL_INJECTION_ATTEMPT";
+    }
+    for (const pattern of NOSQL_DATABASE_ACCESS_PATTERNS) {
+      if (pattern.test(text)) {
+        return "SQL_INJECTION_ATTEMPT";
+      }
+    }
   }
   if (config.block_code_execution && (PYTHON_GENERAL_RCE_PATTERN.test(text) || SHELL_BASH_RCE_PATTERN.test(text) || JAVASCRIPT_RCE_PATTERN.test(text))) {
     return "RCE_ATTEMPT";
@@ -2415,13 +2523,18 @@ var AgentID = class {
     const metadata = {
       ...params.metadata ?? {}
     };
+    const metadataClientEventId = typeof metadata.client_event_id === "string" && isUuidLike(metadata.client_event_id) ? metadata.client_event_id : null;
+    const canonicalClientEventId = metadataClientEventId ?? eventId;
+    if (!metadataClientEventId) {
+      metadata.client_event_id = canonicalClientEventId;
+    }
     if (!Object.prototype.hasOwnProperty.call(metadata, "agentid_base_url")) {
       metadata.agentid_base_url = this.baseUrl;
     }
     void this.getCapabilityConfig(false, { apiKey: effectiveApiKey }).catch(() => void 0);
     const payload = {
       ...params,
-      event_id: eventId,
+      event_id: canonicalClientEventId,
       timestamp,
       input: sanitizeIngestText(params.input),
       output: sanitizeIngestText(params.output),
@@ -2438,6 +2551,7 @@ var AgentID = class {
           headers: {
             "Content-Type": "application/json",
             "x-agentid-api-key": effectiveApiKey,
+            "x-correlation-id": canonicalClientEventId,
             "X-AgentID-SDK-Version": AGENTID_SDK_VERSION_HEADER
           },
           body: JSON.stringify(payload),

package/dist/index.js

@@ -84,7 +84,7 @@ var OpenAIAdapter = class {
 
 // src/sdk-version.ts
 var FALLBACK_SDK_VERSION = "js-0.0.0-dev";
-var AGENTID_SDK_VERSION_HEADER = "js-0.1.22".trim().length > 0 ? "js-0.1.22" : FALLBACK_SDK_VERSION;
+var AGENTID_SDK_VERSION_HEADER = "js-0.1.23".trim().length > 0 ? "js-0.1.23" : FALLBACK_SDK_VERSION;
 
 // src/pii-national-identifiers.ts
 var MAX_CANDIDATES_PER_RULE = 256;
@@ -1016,11 +1016,87 @@ var PHONE_CONTEXT_RE = new RegExp(
   `(?:^|[^\\p{L}])(?:${PHONE_CONTEXT_KEYWORDS.map(escapeRegex).join("|")})(?:$|[^\\p{L}])`,
   "iu"
 );
+var PERSON_NAME_STOPWORDS = /* @__PURE__ */ new Set([
+  "write",
+  "code",
+  "script",
+  "query",
+  "curl",
+  "http",
+  "https",
+  "import",
+  "python",
+  "javascript",
+  "typescript",
+  "node",
+  "bash",
+  "powershell",
+  "shell",
+  "command",
+  "example",
+  "demo",
+  "developer",
+  "mode",
+  "system",
+  "prompt",
+  "policy",
+  "security",
+  "instructions",
+  "instruction",
+  "rules",
+  "rule",
+  "json",
+  "output",
+  "input",
+  "database",
+  "sql",
+  "mongo",
+  "openai",
+  "agentid",
+  "risk",
+  "score",
+  "summary"
+]);
+var TECHNICAL_CONTEXT_WORD_REGEX = /\b(?:curl|http|https|import|python|javascript|typescript|sql|nosql|mongo|database|query|script|code|os\.system|eval|exec|node|npm|api|endpoint|regex|json|xml|yaml|bash|powershell)\b/i;
+var TECHNICAL_CONTEXT_SYMBOL_REGEX = /:\/\/|`|\{|\}|\[|\]|\(|\)|;|\$|=>|::|\/\//;
 function hasPhoneContext(text, matchStartIndex, windowSize = 50) {
   const start = Math.max(0, matchStartIndex - windowSize);
   const windowLower = text.slice(start, matchStartIndex).toLowerCase();
   return PHONE_CONTEXT_RE.test(windowLower);
 }
+function normalizePersonWord(value) {
+  return value.normalize("NFD").replace(/\p{M}+/gu, "").toLowerCase();
+}
+function buildContextWindow(source, index, length) {
+  const start = Math.max(0, index - 28);
+  const end = Math.min(source.length, index + length + 28);
+  return source.slice(start, end);
+}
+function isTechnicalContext(contextWindow) {
+  return TECHNICAL_CONTEXT_WORD_REGEX.test(contextWindow) || TECHNICAL_CONTEXT_SYMBOL_REGEX.test(contextWindow);
+}
+function isLikelyPersonNameCandidate(candidate, contextWindow) {
+  const words = candidate.trim().split(/\s+/);
+  if (words.length !== 2) {
+    return false;
+  }
+  if (isTechnicalContext(contextWindow)) {
+    return false;
+  }
+  for (const rawWord of words) {
+    const normalized = normalizePersonWord(rawWord);
+    if (normalized.length < 2) {
+      return false;
+    }
+    if (PERSON_NAME_STOPWORDS.has(normalized)) {
+      return false;
+    }
+    if (!/^\p{L}[\p{L}'-]+$/u.test(rawWord)) {
+      return false;
+    }
+  }
+  return true;
+}
 var PIIManager = class {
   /**
    * Reversible local-first masking using <TYPE_INDEX> placeholders.
@@ -1065,7 +1141,12 @@ var PIIManager = class {
       const personRe = /(?<!\p{L})\p{Lu}\p{Ll}{2,}\s+\p{Lu}\p{Ll}{2,}(?!\p{L})/gu;
       for (const m of text.matchAll(personRe)) {
         if (m.index == null) continue;
-        detections.push({ start: m.index, end: m.index + m[0].length, type: "PERSON", text: m[0] });
+        const candidate = m[0];
+        const contextWindow = buildContextWindow(text, m.index, candidate.length);
+        if (!isLikelyPersonNameCandidate(candidate, contextWindow)) {
+          continue;
+        }
+        detections.push({ start: m.index, end: m.index + candidate.length, type: "PERSON", text: candidate });
       }
       const nationalIdMatches = detectNationalIdentifiers(text, {
         deadlineMs: defaultScanDeadlineMs,
@@ -1126,6 +1207,14 @@ var DEFAULT_FAIL_OPEN_CONFIG = {
   block_toxicity: false
 };
 var SQL_DATABASE_ACCESS_PATTERN = /\b(SELECT|INSERT|UPDATE|DELETE|DROP|UNION|ALTER)\b[\s\S]+?\b(FROM|INTO|TABLE|DATABASE|VIEW|INDEX)\b/i;
+var NOSQL_DATABASE_ACCESS_PATTERNS = [
+  /\bdb\.[A-Za-z_][A-Za-z0-9_]*\.(find|findOne|aggregate|updateOne|updateMany|deleteOne|deleteMany|insertOne|insertMany)\s*\(/i,
+  /\b(collection|mongodb)\.(find|findOne|aggregate|updateOne|updateMany|deleteOne|deleteMany|insertOne|insertMany)\s*\(/i,
+  /\b\$where\b/i,
+  /\b\$expr\b/i,
+  /\b\$regex\b/i,
+  /\bMongoClient\.connect\s*\(/i
+];
 var PYTHON_GENERAL_RCE_PATTERN = /(import\s+(os|sys|subprocess)|from\s+(os|sys|subprocess)\s+import|exec\s*\(|eval\s*\(|__import__)/i;
 var SHELL_BASH_RCE_PATTERN = /(wget\s+|curl\s+|rm\s+-rf|chmod\s+\+x|cat\s+\/etc\/passwd|\/bin\/sh|\/bin\/bash)/i;
 var JAVASCRIPT_RCE_PATTERN = /(new\s+Function\(|process\.env|child_process)/i;
@@ -1139,8 +1228,15 @@ var SecurityPolicyViolationError = class extends Error {
   }
 };
 function detectCapabilityViolation(text, config) {
-  if (config.block_db_access && SQL_DATABASE_ACCESS_PATTERN.test(text)) {
-    return "SQL_INJECTION_ATTEMPT";
+  if (config.block_db_access) {
+    if (SQL_DATABASE_ACCESS_PATTERN.test(text)) {
+      return "SQL_INJECTION_ATTEMPT";
+    }
+    for (const pattern of NOSQL_DATABASE_ACCESS_PATTERNS) {
+      if (pattern.test(text)) {
+        return "SQL_INJECTION_ATTEMPT";
+      }
+    }
   }
   if (config.block_code_execution && (PYTHON_GENERAL_RCE_PATTERN.test(text) || SHELL_BASH_RCE_PATTERN.test(text) || JAVASCRIPT_RCE_PATTERN.test(text))) {
     return "RCE_ATTEMPT";
@@ -1473,15 +1569,15 @@ var DE_STOPWORDS = /* @__PURE__ */ new Set(["bitte", "anweisung", "system", "reg
 var HEURISTIC_RULES = [
   {
     name: "heuristic_combo_ignore_instructions",
-    re: /\b(ignore|disregard|forget|override|bypass|disable|jailbreak|dan|ignoruj|zapomen|obejdi|prepis)\b[\s\S]{0,120}\b(instruction(?:s)?|previous|system|developer|policy|rules|guardrails|safety|instrukce|pokyny|pravidla|syst[eé]m|bezpecnost|politika)\b/i
+    re: /\b(ignore|disregard|forget|override|bypass|disable|jailbreak|dan|ignoruj|zapomen|obejdi|prepis)\b[\s\S]{0,160}\b(instruction(?:s)?|previous|system|developer|policy|rules?|guardrails|safety|instrukce|pokyny|pravidla|systemove?|bezpecnost(?:ni)?|politika)\b/i
   },
   {
     name: "heuristic_combo_instruction_override_reverse",
-    re: /\b(instruction(?:s)?|previous|system|developer|policy|rules|guardrails|safety|instrukce|pokyny|pravidla|syst[eé]m|bezpecnost|politika)\b[\s\S]{0,120}\b(ignore|disregard|forget|override|bypass|disable|jailbreak|dan|ignoruj|zapomen|obejdi|prepis)\b/i
+    re: /\b(instruction(?:s)?|previous|system|developer|policy|rules?|guardrails|safety|instrukce|pokyny|pravidla|systemove?|bezpecnost(?:ni)?|politika)\b[\s\S]{0,160}\b(ignore|disregard|forget|override|bypass|disable|jailbreak|dan|ignoruj|zapomen|obejdi|prepis)\b/i
   },
   {
     name: "heuristic_combo_exfil_system_prompt",
-    re: /\b(show|reveal|print|dump|leak|display|expose|tell|extract|ukaz|zobraz|vypis|odhal|prozrad)\b[\s\S]{0,140}\b(system prompt|system instruction(?:s)?|developer message|hidden prompt|internal instruction(?:s)?|policy|guardrails|intern[ií] instrukce)\b/i
+    re: /\b(show|reveal|print|dump|leak|display|expose|tell|extract|ukaz|zobraz|vypis|odhal|prozrad)\b[\s\S]{0,180}\b(system prompt|system instruction(?:s)?|developer message|hidden prompt|internal instruction(?:s)?|policy|guardrails|interni instrukce|systemove nastaveni)\b/i
   },
   {
     name: "heuristic_role_prefix_system_developer",
@@ -1490,6 +1586,14 @@ var HEURISTIC_RULES = [
   {
     name: "heuristic_delimiter_system_prompt",
     re: /\b(begin|start)\s+(system|developer)\s+prompt\b|\bend\s+(system|developer)\s+prompt\b/i
+  },
+  {
+    name: "heuristic_developer_mode_override",
+    re: /\b(developer\s*mode|dev\s*mode)\b[\s\S]{0,200}\b(ignore|bypass|disable|override|ignoruj|obejdi|zapomen)\b/i
+  },
+  {
+    name: "heuristic_czech_injection_phrase",
+    re: /\b(zapomen|ignoruj)\b[\s\S]{0,220}\b(predchozi\s+instrukce|bezpecnostni\s+pravidla|systemove\s+nastaveni)\b/i
   }
 ];
 var scannerSingleton = null;
@@ -1540,6 +1644,9 @@ ${input.slice(-WINDOW_SLICE_SIZE)}`;
 [...]
 ${input.slice(tailStart)}`;
 }
+function normalizeForHeuristics(input) {
+  return input.toLowerCase().normalize("NFD").replace(/[\u0300-\u036f]/g, "").replace(/\s+/g, " ").trim();
+}
 function scoreStopwords(tokens, stopwords) {
   let score = 0;
   for (const token of tokens) {
@@ -1582,9 +1689,10 @@ function findRegexMatch(prompt) {
   if (!prompt) {
     return null;
   }
+  const normalizedPrompt = normalizeForHeuristics(prompt);
   for (const rule of HEURISTIC_RULES) {
     try {
-      const match = rule.re.exec(prompt);
+      const match = rule.re.exec(normalizedPrompt);
       if (match && typeof match[0] === "string" && match[0].trim()) {
         return {
           rule: rule.name,
@@ -2457,13 +2565,18 @@ var AgentID = class {
     const metadata = {
       ...params.metadata ?? {}
     };
+    const metadataClientEventId = typeof metadata.client_event_id === "string" && isUuidLike(metadata.client_event_id) ? metadata.client_event_id : null;
+    const canonicalClientEventId = metadataClientEventId ?? eventId;
+    if (!metadataClientEventId) {
+      metadata.client_event_id = canonicalClientEventId;
+    }
     if (!Object.prototype.hasOwnProperty.call(metadata, "agentid_base_url")) {
       metadata.agentid_base_url = this.baseUrl;
     }
     void this.getCapabilityConfig(false, { apiKey: effectiveApiKey }).catch(() => void 0);
     const payload = {
       ...params,
-      event_id: eventId,
+      event_id: canonicalClientEventId,
       timestamp,
       input: sanitizeIngestText(params.input),
       output: sanitizeIngestText(params.output),
@@ -2480,6 +2593,7 @@ var AgentID = class {
           headers: {
             "Content-Type": "application/json",
             "x-agentid-api-key": effectiveApiKey,
+            "x-correlation-id": canonicalClientEventId,
             "X-AgentID-SDK-Version": AGENTID_SDK_VERSION_HEADER
           },
           body: JSON.stringify(payload),

package/dist/index.mjs

@@ -6,7 +6,7 @@ import {
   SecurityBlockError,
   getInjectionScanner,
   scanWithRegex
-} from "./chunk-FVTL572H.mjs";
+} from "./chunk-4FSEYTEC.mjs";
 export {
   AgentID,
   InjectionScanner,

package/dist/langchain.js

@@ -27,7 +27,7 @@ var import_base = require("@langchain/core/callbacks/base");
 
 // src/sdk-version.ts
 var FALLBACK_SDK_VERSION = "js-0.0.0-dev";
-var AGENTID_SDK_VERSION_HEADER = "js-0.1.22".trim().length > 0 ? "js-0.1.22" : FALLBACK_SDK_VERSION;
+var AGENTID_SDK_VERSION_HEADER = "js-0.1.23".trim().length > 0 ? "js-0.1.23" : FALLBACK_SDK_VERSION;
 
 // src/pii-national-identifiers.ts
 var REGION_ANCHORS = {

package/dist/langchain.mjs

@@ -1,6 +1,6 @@
 import {
   SecurityBlockError
-} from "./chunk-FVTL572H.mjs";
+} from "./chunk-4FSEYTEC.mjs";
 
 // src/langchain.ts
 import { BaseCallbackHandler } from "@langchain/core/callbacks/base";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentid-sdk",
-  "version": "0.1.22",
+  "version": "0.1.23",
   "description": "AgentID JavaScript/TypeScript SDK for guard, ingest, tracing, and analytics.",
   "license": "MIT",
   "homepage": "https://agentid.ai",
@@ -40,8 +40,8 @@
   },
   "peerDependencies": {
     "@langchain/core": "^0.3.0 || ^1.0.0",
-    "openai": "^4.0.0 || ^5.0.0 || ^6.0.0",
-    "langchain": "^0.1.0"
+    "langchain": "^0.1.0",
+    "openai": "^4.0.0 || ^5.0.0 || ^6.0.0"
   },
   "peerDependenciesMeta": {
     "@langchain/core": {
@@ -54,5 +54,8 @@
   "devDependencies": {
     "tsup": "^8.3.5",
     "typescript": "^5.0.0"
+  },
+  "dependencies": {
+    "agentid-sdk": "^0.1.21"
   }
 }