agentid-sdk 0.1.24 → 0.1.26

package/dist/index.mjs

@@ -1,12 +1,13 @@
 import {
   AgentID,
+  DependencyError,
   InjectionScanner,
   OpenAIAdapter,
   PIIManager,
   SecurityBlockError,
   getInjectionScanner,
   scanWithRegex
-} from "./chunk-JLHAS2EE.mjs";
+} from "./chunk-JIQGHFHI.mjs";
 
 // src/transparency-badge.tsx
 import * as React from "react";
@@ -169,6 +170,7 @@ function AgentIDTransparencyBadge(props) {
 export {
   AgentID,
   AgentIDTransparencyBadge,
+  DependencyError,
   InjectionScanner,
   OpenAIAdapter,
   PIIManager,

package/dist/langchain.d.mts

@@ -1,5 +1,5 @@
 import { BaseCallbackHandler } from '@langchain/core/callbacks/base';
-import { A as AgentID } from './agentid-BGCUoYV7.mjs';
+import { A as AgentID } from './agentid-DviYzyAM.mjs';
 
 /**
  * LangChainJS callback handler (dependency-free shape).
@@ -12,9 +12,12 @@ declare class AgentIDCallbackHandler extends BaseCallbackHandler {
     private agent;
     private systemId;
     private apiKeyOverride?;
+    private expectedLanguages?;
     private runs;
     constructor(agent: AgentID, options: {
         system_id: string;
+        expected_languages?: string[];
+        expectedLanguages?: string[];
         apiKey?: string;
         api_key?: string;
     });

package/dist/langchain.d.ts

@@ -1,5 +1,5 @@
 import { BaseCallbackHandler } from '@langchain/core/callbacks/base';
-import { A as AgentID } from './agentid-BGCUoYV7.js';
+import { A as AgentID } from './agentid-DviYzyAM.js';
 
 /**
  * LangChainJS callback handler (dependency-free shape).
@@ -12,9 +12,12 @@ declare class AgentIDCallbackHandler extends BaseCallbackHandler {
     private agent;
     private systemId;
     private apiKeyOverride?;
+    private expectedLanguages?;
     private runs;
     constructor(agent: AgentID, options: {
         system_id: string;
+        expected_languages?: string[];
+        expectedLanguages?: string[];
         apiKey?: string;
         api_key?: string;
     });

package/dist/langchain.js

@@ -27,7 +27,7 @@ var import_base = require("@langchain/core/callbacks/base");
 
 // src/sdk-version.ts
 var FALLBACK_SDK_VERSION = "js-0.0.0-dev";
-var AGENTID_SDK_VERSION_HEADER = "js-0.1.24".trim().length > 0 ? "js-0.1.24" : FALLBACK_SDK_VERSION;
+var AGENTID_SDK_VERSION_HEADER = "js-0.1.26".trim().length > 0 ? "js-0.1.26" : FALLBACK_SDK_VERSION;
 
 // src/pii-national-identifiers.ts
 var REGION_ANCHORS = {
@@ -215,6 +215,15 @@ var SecurityBlockError = class extends Error {
 function safeString(val) {
   return typeof val === "string" ? val : "";
 }
+function normalizeExpectedLanguages(value) {
+  if (!Array.isArray(value)) {
+    return void 0;
+  }
+  const normalized = [...new Set(
+    value.map((entry) => typeof entry === "string" ? entry.trim() : "").filter((entry) => entry.length > 0)
+  )];
+  return normalized.length > 0 ? normalized : void 0;
+}
 function coerceTransparencyMetadata(value) {
   if (!value || typeof value !== "object" || Array.isArray(value)) {
     return void 0;
@@ -245,6 +254,14 @@ function logCallbackDebug(message, details) {
   }
   console.log(`[AgentID][LC] ${message}`);
 }
+function setFiniteDurationMetadata(metadata, key, value) {
+  if (typeof value === "number" && Number.isFinite(value)) {
+    metadata[key] = Math.max(0, Math.trunc(value));
+  }
+}
+function isGuardFailureEligibleForLocalFallback(reason) {
+  return reason === "network_error_strict_mode" || reason === "server_error" || reason === "system_failure" || reason === "system_failure_db_unavailable" || reason === "logging_failed" || reason === "guard_unreachable" || reason === "api_key_pepper_missing" || reason === "encryption_key_missing";
+}
 function extractTextFromContent(content) {
   if (typeof content === "string") {
     return content;
@@ -452,15 +469,16 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
     this.runs = /* @__PURE__ */ new Map();
     this.agent = agent;
     this.systemId = options.system_id;
+    this.expectedLanguages = normalizeExpectedLanguages(
+      options.expected_languages ?? options.expectedLanguages
+    );
     this.apiKeyOverride = options.apiKey?.trim() || options.api_key?.trim() || void 0;
   }
   get requestOptions() {
     return this.apiKeyOverride ? { apiKey: this.apiKeyOverride } : void 0;
   }
   getLangchainCapabilities() {
-    const piiMaskingEnabled = Boolean(
-      this.agent.piiMasking
-    );
+    const piiMaskingEnabled = this.agent.getEffectivePiiMasking(this.requestOptions);
     return {
       capabilities: {
         has_feedback_handler: true,
@@ -469,15 +487,14 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
       }
     };
   }
-  async preflight(input, stream) {
-    await this.agent.scanPromptInjection(input, this.requestOptions);
+  async preflight(input, stream, clientEventId) {
     const prepared = await this.agent.prepareInputForDispatch({
       input,
       systemId: this.systemId,
       stream,
-      skipInjectionScan: true
+      clientEventId
     }, this.requestOptions);
-    return prepared.sanitizedInput;
+    return prepared;
   }
   async handleLLMStart(serialized, prompts, runId, _parentRunId, extraParams) {
     const input = extractPromptFromPrompts(prompts);
@@ -486,8 +503,10 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
     if (!input) {
       return;
     }
+    const requestedClientEventId = isUuidLike(id) ? id.trim() : createClientEventId();
     const stream = extractStreamFlag(serialized, extraParams);
-    const sanitizedInput = await this.preflight(input, stream);
+    const prepared = await this.preflight(input, stream, requestedClientEventId);
+    const sanitizedInput = prepared.sanitizedInput;
     if (sanitizedInput !== input) {
       const mutated = setPromptInPrompts(prompts, sanitizedInput);
       if (!mutated) {
@@ -496,7 +515,6 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
         );
       }
     }
-    const requestedClientEventId = isUuidLike(id) ? id.trim() : createClientEventId();
     const modelName = extractModel(serialized, extraParams);
     const pipelineStartedAtMs = Date.now();
     const verdict = await this.agent.guard({
@@ -504,20 +522,47 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
       system_id: this.systemId,
       model: modelName,
       client_event_id: requestedClientEventId,
+      expected_languages: this.expectedLanguages,
       client_capabilities: this.getLangchainCapabilities()
     }, this.requestOptions);
+    let transformedForRun = sanitizedInput;
+    let sdkLocalScanMs = prepared.sdkLocalScanMs;
+    let localFallbackApplied = false;
+    let localFallbackReason = null;
     if (!verdict.allowed) {
-      throw new SecurityBlockError(verdict.reason ?? "guard_denied");
+      const fallbackEligible = isGuardFailureEligibleForLocalFallback(verdict.reason) && verdict.reason !== "guard_denied";
+      if (fallbackEligible) {
+        const fallback = await this.agent.applyLocalFallbackForGuardFailure({
+          input: sanitizedInput,
+          systemId: this.systemId,
+          stream,
+          clientEventId: requestedClientEventId,
+          capabilityConfig: prepared.capabilityConfig,
+          sdkConfigFetchMs: prepared.sdkConfigFetchMs
+        }, this.requestOptions);
+        transformedForRun = fallback.sanitizedInput;
+        sdkLocalScanMs = fallback.sdkLocalScanMs;
+        localFallbackApplied = true;
+        localFallbackReason = verdict.reason ?? "guard_unreachable";
+      } else {
+        throw new SecurityBlockError(verdict.reason ?? "guard_denied");
+      }
+    }
+    if (transformedForRun !== sanitizedInput) {
+      const mutated = setPromptInPrompts(prompts, transformedForRun);
+      if (!mutated) {
+        transformedForRun = sanitizedInput;
+      }
     }
     const canonicalClientEventId = isUuidLike(verdict.client_event_id) ? verdict.client_event_id.trim() : requestedClientEventId;
     const guardEventId = typeof verdict.guard_event_id === "string" && verdict.guard_event_id.length > 0 ? verdict.guard_event_id : void 0;
     const guardLatencyMs = typeof verdict.guard_latency_ms === "number" && Number.isFinite(verdict.guard_latency_ms) ? Math.max(0, Math.trunc(verdict.guard_latency_ms)) : Math.max(0, Date.now() - pipelineStartedAtMs);
     const transparency = coerceTransparencyMetadata(verdict.transparency);
-    let transformedInput = typeof verdict.transformed_input === "string" && verdict.transformed_input.length > 0 ? verdict.transformed_input : sanitizedInput;
-    if (transformedInput !== sanitizedInput) {
+    let transformedInput = typeof verdict.transformed_input === "string" && verdict.transformed_input.length > 0 ? verdict.transformed_input : transformedForRun;
+    if (transformedInput !== transformedForRun) {
       const mutated = setPromptInPrompts(prompts, transformedInput);
       if (!mutated) {
-        transformedInput = sanitizedInput;
+        transformedInput = transformedForRun;
       }
     }
     this.runs.set(id, {
@@ -525,6 +570,10 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
       startedAtMs: Date.now(),
       pipelineStartedAtMs,
       guardLatencyMs,
+      sdkConfigFetchMs: prepared.sdkConfigFetchMs,
+      sdkLocalScanMs,
+      localFallbackApplied,
+      localFallbackReason,
       model: modelName,
       clientEventId: canonicalClientEventId,
       guardEventId,
@@ -543,8 +592,10 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
     if (!input) {
       return;
     }
+    const requestedClientEventId = isUuidLike(id) ? id.trim() : createClientEventId();
     const stream = extractStreamFlag(serialized, extraParams);
-    const sanitizedInput = await this.preflight(input, stream);
+    const prepared = await this.preflight(input, stream, requestedClientEventId);
+    const sanitizedInput = prepared.sanitizedInput;
     if (sanitizedInput !== input) {
       const mutated = setPromptInMessages(messages, sanitizedInput);
       if (!mutated) {
@@ -553,7 +604,6 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
         );
       }
     }
-    const requestedClientEventId = isUuidLike(id) ? id.trim() : createClientEventId();
     const modelName = extractModel(serialized, extraParams);
     const pipelineStartedAtMs = Date.now();
     const verdict = await this.agent.guard({
@@ -561,20 +611,47 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
       system_id: this.systemId,
       model: modelName,
       client_event_id: requestedClientEventId,
+      expected_languages: this.expectedLanguages,
       client_capabilities: this.getLangchainCapabilities()
     }, this.requestOptions);
+    let transformedForRun = sanitizedInput;
+    let sdkLocalScanMs = prepared.sdkLocalScanMs;
+    let localFallbackApplied = false;
+    let localFallbackReason = null;
     if (!verdict.allowed) {
-      throw new SecurityBlockError(verdict.reason ?? "guard_denied");
+      const fallbackEligible = isGuardFailureEligibleForLocalFallback(verdict.reason) && verdict.reason !== "guard_denied";
+      if (fallbackEligible) {
+        const fallback = await this.agent.applyLocalFallbackForGuardFailure({
+          input: sanitizedInput,
+          systemId: this.systemId,
+          stream,
+          clientEventId: requestedClientEventId,
+          capabilityConfig: prepared.capabilityConfig,
+          sdkConfigFetchMs: prepared.sdkConfigFetchMs
+        }, this.requestOptions);
+        transformedForRun = fallback.sanitizedInput;
+        sdkLocalScanMs = fallback.sdkLocalScanMs;
+        localFallbackApplied = true;
+        localFallbackReason = verdict.reason ?? "guard_unreachable";
+      } else {
+        throw new SecurityBlockError(verdict.reason ?? "guard_denied");
+      }
+    }
+    if (transformedForRun !== sanitizedInput) {
+      const mutated = setPromptInMessages(messages, transformedForRun);
+      if (!mutated) {
+        transformedForRun = sanitizedInput;
+      }
     }
     const canonicalClientEventId = isUuidLike(verdict.client_event_id) ? verdict.client_event_id.trim() : requestedClientEventId;
     const guardEventId = typeof verdict.guard_event_id === "string" && verdict.guard_event_id.length > 0 ? verdict.guard_event_id : void 0;
     const guardLatencyMs = typeof verdict.guard_latency_ms === "number" && Number.isFinite(verdict.guard_latency_ms) ? Math.max(0, Math.trunc(verdict.guard_latency_ms)) : Math.max(0, Date.now() - pipelineStartedAtMs);
     const transparency = coerceTransparencyMetadata(verdict.transparency);
-    let transformedInput = typeof verdict.transformed_input === "string" && verdict.transformed_input.length > 0 ? verdict.transformed_input : sanitizedInput;
-    if (transformedInput !== sanitizedInput) {
+    let transformedInput = typeof verdict.transformed_input === "string" && verdict.transformed_input.length > 0 ? verdict.transformed_input : transformedForRun;
+    if (transformedInput !== transformedForRun) {
       const mutated = setPromptInMessages(messages, transformedInput);
       if (!mutated) {
-        transformedInput = sanitizedInput;
+        transformedInput = transformedForRun;
       }
     }
     this.runs.set(id, {
@@ -582,6 +659,10 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
       startedAtMs: Date.now(),
       pipelineStartedAtMs,
       guardLatencyMs,
+      sdkConfigFetchMs: prepared.sdkConfigFetchMs,
+      sdkLocalScanMs,
+      localFallbackApplied,
+      localFallbackReason,
       model: modelName,
       clientEventId: canonicalClientEventId,
       guardEventId,
@@ -618,7 +699,12 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
     }
     if (typeof state.guardLatencyMs === "number" && Number.isFinite(state.guardLatencyMs)) {
       metadata.guard_latency_ms = state.guardLatencyMs;
+      metadata.sdk_guard_ms = state.guardLatencyMs;
     }
+    setFiniteDurationMetadata(metadata, "sdk_config_fetch_ms", state.sdkConfigFetchMs);
+    setFiniteDurationMetadata(metadata, "sdk_local_scan_ms", state.sdkLocalScanMs);
+    metadata.sdk_local_fallback_applied = state.localFallbackApplied === true;
+    metadata.sdk_local_fallback_reason = state.localFallbackReason ?? null;
     if (state.transparency) {
       metadata.transparency = state.transparency;
     }
@@ -658,7 +744,12 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
     }
     if (typeof state?.guardLatencyMs === "number" && Number.isFinite(state.guardLatencyMs)) {
       metadata.guard_latency_ms = state.guardLatencyMs;
+      metadata.sdk_guard_ms = state.guardLatencyMs;
     }
+    setFiniteDurationMetadata(metadata, "sdk_config_fetch_ms", state?.sdkConfigFetchMs);
+    setFiniteDurationMetadata(metadata, "sdk_local_scan_ms", state?.sdkLocalScanMs);
+    metadata.sdk_local_fallback_applied = state?.localFallbackApplied === true;
+    metadata.sdk_local_fallback_reason = state?.localFallbackReason ?? null;
     if (state?.transparency) {
       metadata.transparency = state.transparency;
     }

package/dist/langchain.mjs

@@ -1,12 +1,21 @@
 import {
   SecurityBlockError
-} from "./chunk-JLHAS2EE.mjs";
+} from "./chunk-JIQGHFHI.mjs";
 
 // src/langchain.ts
 import { BaseCallbackHandler } from "@langchain/core/callbacks/base";
 function safeString(val) {
   return typeof val === "string" ? val : "";
 }
+function normalizeExpectedLanguages(value) {
+  if (!Array.isArray(value)) {
+    return void 0;
+  }
+  const normalized = [...new Set(
+    value.map((entry) => typeof entry === "string" ? entry.trim() : "").filter((entry) => entry.length > 0)
+  )];
+  return normalized.length > 0 ? normalized : void 0;
+}
 function coerceTransparencyMetadata(value) {
   if (!value || typeof value !== "object" || Array.isArray(value)) {
     return void 0;
@@ -37,6 +46,14 @@ function logCallbackDebug(message, details) {
   }
   console.log(`[AgentID][LC] ${message}`);
 }
+function setFiniteDurationMetadata(metadata, key, value) {
+  if (typeof value === "number" && Number.isFinite(value)) {
+    metadata[key] = Math.max(0, Math.trunc(value));
+  }
+}
+function isGuardFailureEligibleForLocalFallback(reason) {
+  return reason === "network_error_strict_mode" || reason === "server_error" || reason === "system_failure" || reason === "system_failure_db_unavailable" || reason === "logging_failed" || reason === "guard_unreachable" || reason === "api_key_pepper_missing" || reason === "encryption_key_missing";
+}
 function extractTextFromContent(content) {
   if (typeof content === "string") {
     return content;
@@ -244,15 +261,16 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
     this.runs = /* @__PURE__ */ new Map();
     this.agent = agent;
     this.systemId = options.system_id;
+    this.expectedLanguages = normalizeExpectedLanguages(
+      options.expected_languages ?? options.expectedLanguages
+    );
     this.apiKeyOverride = options.apiKey?.trim() || options.api_key?.trim() || void 0;
   }
   get requestOptions() {
     return this.apiKeyOverride ? { apiKey: this.apiKeyOverride } : void 0;
   }
   getLangchainCapabilities() {
-    const piiMaskingEnabled = Boolean(
-      this.agent.piiMasking
-    );
+    const piiMaskingEnabled = this.agent.getEffectivePiiMasking(this.requestOptions);
     return {
       capabilities: {
         has_feedback_handler: true,
@@ -261,15 +279,14 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
       }
     };
   }
-  async preflight(input, stream) {
-    await this.agent.scanPromptInjection(input, this.requestOptions);
+  async preflight(input, stream, clientEventId) {
     const prepared = await this.agent.prepareInputForDispatch({
       input,
       systemId: this.systemId,
       stream,
-      skipInjectionScan: true
+      clientEventId
     }, this.requestOptions);
-    return prepared.sanitizedInput;
+    return prepared;
   }
   async handleLLMStart(serialized, prompts, runId, _parentRunId, extraParams) {
     const input = extractPromptFromPrompts(prompts);
@@ -278,8 +295,10 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
     if (!input) {
       return;
     }
+    const requestedClientEventId = isUuidLike(id) ? id.trim() : createClientEventId();
     const stream = extractStreamFlag(serialized, extraParams);
-    const sanitizedInput = await this.preflight(input, stream);
+    const prepared = await this.preflight(input, stream, requestedClientEventId);
+    const sanitizedInput = prepared.sanitizedInput;
     if (sanitizedInput !== input) {
       const mutated = setPromptInPrompts(prompts, sanitizedInput);
       if (!mutated) {
@@ -288,7 +307,6 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
         );
       }
     }
-    const requestedClientEventId = isUuidLike(id) ? id.trim() : createClientEventId();
     const modelName = extractModel(serialized, extraParams);
     const pipelineStartedAtMs = Date.now();
     const verdict = await this.agent.guard({
@@ -296,20 +314,47 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
       system_id: this.systemId,
       model: modelName,
       client_event_id: requestedClientEventId,
+      expected_languages: this.expectedLanguages,
       client_capabilities: this.getLangchainCapabilities()
     }, this.requestOptions);
+    let transformedForRun = sanitizedInput;
+    let sdkLocalScanMs = prepared.sdkLocalScanMs;
+    let localFallbackApplied = false;
+    let localFallbackReason = null;
     if (!verdict.allowed) {
-      throw new SecurityBlockError(verdict.reason ?? "guard_denied");
+      const fallbackEligible = isGuardFailureEligibleForLocalFallback(verdict.reason) && verdict.reason !== "guard_denied";
+      if (fallbackEligible) {
+        const fallback = await this.agent.applyLocalFallbackForGuardFailure({
+          input: sanitizedInput,
+          systemId: this.systemId,
+          stream,
+          clientEventId: requestedClientEventId,
+          capabilityConfig: prepared.capabilityConfig,
+          sdkConfigFetchMs: prepared.sdkConfigFetchMs
+        }, this.requestOptions);
+        transformedForRun = fallback.sanitizedInput;
+        sdkLocalScanMs = fallback.sdkLocalScanMs;
+        localFallbackApplied = true;
+        localFallbackReason = verdict.reason ?? "guard_unreachable";
+      } else {
+        throw new SecurityBlockError(verdict.reason ?? "guard_denied");
+      }
+    }
+    if (transformedForRun !== sanitizedInput) {
+      const mutated = setPromptInPrompts(prompts, transformedForRun);
+      if (!mutated) {
+        transformedForRun = sanitizedInput;
+      }
     }
     const canonicalClientEventId = isUuidLike(verdict.client_event_id) ? verdict.client_event_id.trim() : requestedClientEventId;
     const guardEventId = typeof verdict.guard_event_id === "string" && verdict.guard_event_id.length > 0 ? verdict.guard_event_id : void 0;
     const guardLatencyMs = typeof verdict.guard_latency_ms === "number" && Number.isFinite(verdict.guard_latency_ms) ? Math.max(0, Math.trunc(verdict.guard_latency_ms)) : Math.max(0, Date.now() - pipelineStartedAtMs);
     const transparency = coerceTransparencyMetadata(verdict.transparency);
-    let transformedInput = typeof verdict.transformed_input === "string" && verdict.transformed_input.length > 0 ? verdict.transformed_input : sanitizedInput;
-    if (transformedInput !== sanitizedInput) {
+    let transformedInput = typeof verdict.transformed_input === "string" && verdict.transformed_input.length > 0 ? verdict.transformed_input : transformedForRun;
+    if (transformedInput !== transformedForRun) {
       const mutated = setPromptInPrompts(prompts, transformedInput);
       if (!mutated) {
-        transformedInput = sanitizedInput;
+        transformedInput = transformedForRun;
       }
     }
     this.runs.set(id, {
@@ -317,6 +362,10 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
       startedAtMs: Date.now(),
       pipelineStartedAtMs,
       guardLatencyMs,
+      sdkConfigFetchMs: prepared.sdkConfigFetchMs,
+      sdkLocalScanMs,
+      localFallbackApplied,
+      localFallbackReason,
       model: modelName,
       clientEventId: canonicalClientEventId,
       guardEventId,
@@ -335,8 +384,10 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
     if (!input) {
       return;
     }
+    const requestedClientEventId = isUuidLike(id) ? id.trim() : createClientEventId();
     const stream = extractStreamFlag(serialized, extraParams);
-    const sanitizedInput = await this.preflight(input, stream);
+    const prepared = await this.preflight(input, stream, requestedClientEventId);
+    const sanitizedInput = prepared.sanitizedInput;
     if (sanitizedInput !== input) {
       const mutated = setPromptInMessages(messages, sanitizedInput);
       if (!mutated) {
@@ -345,7 +396,6 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
         );
       }
     }
-    const requestedClientEventId = isUuidLike(id) ? id.trim() : createClientEventId();
     const modelName = extractModel(serialized, extraParams);
     const pipelineStartedAtMs = Date.now();
     const verdict = await this.agent.guard({
@@ -353,20 +403,47 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
       system_id: this.systemId,
       model: modelName,
       client_event_id: requestedClientEventId,
+      expected_languages: this.expectedLanguages,
       client_capabilities: this.getLangchainCapabilities()
     }, this.requestOptions);
+    let transformedForRun = sanitizedInput;
+    let sdkLocalScanMs = prepared.sdkLocalScanMs;
+    let localFallbackApplied = false;
+    let localFallbackReason = null;
     if (!verdict.allowed) {
-      throw new SecurityBlockError(verdict.reason ?? "guard_denied");
+      const fallbackEligible = isGuardFailureEligibleForLocalFallback(verdict.reason) && verdict.reason !== "guard_denied";
+      if (fallbackEligible) {
+        const fallback = await this.agent.applyLocalFallbackForGuardFailure({
+          input: sanitizedInput,
+          systemId: this.systemId,
+          stream,
+          clientEventId: requestedClientEventId,
+          capabilityConfig: prepared.capabilityConfig,
+          sdkConfigFetchMs: prepared.sdkConfigFetchMs
+        }, this.requestOptions);
+        transformedForRun = fallback.sanitizedInput;
+        sdkLocalScanMs = fallback.sdkLocalScanMs;
+        localFallbackApplied = true;
+        localFallbackReason = verdict.reason ?? "guard_unreachable";
+      } else {
+        throw new SecurityBlockError(verdict.reason ?? "guard_denied");
+      }
+    }
+    if (transformedForRun !== sanitizedInput) {
+      const mutated = setPromptInMessages(messages, transformedForRun);
+      if (!mutated) {
+        transformedForRun = sanitizedInput;
+      }
     }
     const canonicalClientEventId = isUuidLike(verdict.client_event_id) ? verdict.client_event_id.trim() : requestedClientEventId;
     const guardEventId = typeof verdict.guard_event_id === "string" && verdict.guard_event_id.length > 0 ? verdict.guard_event_id : void 0;
     const guardLatencyMs = typeof verdict.guard_latency_ms === "number" && Number.isFinite(verdict.guard_latency_ms) ? Math.max(0, Math.trunc(verdict.guard_latency_ms)) : Math.max(0, Date.now() - pipelineStartedAtMs);
     const transparency = coerceTransparencyMetadata(verdict.transparency);
-    let transformedInput = typeof verdict.transformed_input === "string" && verdict.transformed_input.length > 0 ? verdict.transformed_input : sanitizedInput;
-    if (transformedInput !== sanitizedInput) {
+    let transformedInput = typeof verdict.transformed_input === "string" && verdict.transformed_input.length > 0 ? verdict.transformed_input : transformedForRun;
+    if (transformedInput !== transformedForRun) {
       const mutated = setPromptInMessages(messages, transformedInput);
       if (!mutated) {
-        transformedInput = sanitizedInput;
+        transformedInput = transformedForRun;
       }
     }
     this.runs.set(id, {
@@ -374,6 +451,10 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
       startedAtMs: Date.now(),
       pipelineStartedAtMs,
       guardLatencyMs,
+      sdkConfigFetchMs: prepared.sdkConfigFetchMs,
+      sdkLocalScanMs,
+      localFallbackApplied,
+      localFallbackReason,
       model: modelName,
       clientEventId: canonicalClientEventId,
       guardEventId,
@@ -410,7 +491,12 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
     }
     if (typeof state.guardLatencyMs === "number" && Number.isFinite(state.guardLatencyMs)) {
       metadata.guard_latency_ms = state.guardLatencyMs;
+      metadata.sdk_guard_ms = state.guardLatencyMs;
     }
+    setFiniteDurationMetadata(metadata, "sdk_config_fetch_ms", state.sdkConfigFetchMs);
+    setFiniteDurationMetadata(metadata, "sdk_local_scan_ms", state.sdkLocalScanMs);
+    metadata.sdk_local_fallback_applied = state.localFallbackApplied === true;
+    metadata.sdk_local_fallback_reason = state.localFallbackReason ?? null;
     if (state.transparency) {
       metadata.transparency = state.transparency;
     }
@@ -450,7 +536,12 @@ var AgentIDCallbackHandler = class extends BaseCallbackHandler {
     }
     if (typeof state?.guardLatencyMs === "number" && Number.isFinite(state.guardLatencyMs)) {
       metadata.guard_latency_ms = state.guardLatencyMs;
+      metadata.sdk_guard_ms = state.guardLatencyMs;
     }
+    setFiniteDurationMetadata(metadata, "sdk_config_fetch_ms", state?.sdkConfigFetchMs);
+    setFiniteDurationMetadata(metadata, "sdk_local_scan_ms", state?.sdkLocalScanMs);
+    metadata.sdk_local_fallback_applied = state?.localFallbackApplied === true;
+    metadata.sdk_local_fallback_reason = state?.localFallbackReason ?? null;
     if (state?.transparency) {
       metadata.transparency = state.transparency;
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentid-sdk",
-  "version": "0.1.24",
+  "version": "0.1.26",
   "description": "AgentID JavaScript/TypeScript SDK for guard, ingest, tracing, and analytics.",
   "license": "MIT",
   "homepage": "https://agentid.ai",