agentid-sdk 0.1.3 → 0.1.5

package/README.md

@@ -39,9 +39,16 @@ import { AgentID } from "agentid-sdk";
 import OpenAI from "openai";
 
 const openai = new OpenAI();
-const agent = new AgentID({ apiKey: "ag_prod_..." });
-
-const proxiedOpenAI = agent.wrapOpenAI(openai, { system_id: "sys_..." });
+const agent = new AgentID({
+  apiKey: "ag_prod_...",
+  strictMode: false, // default (fail-open on timeout/unreachable AgentID API)
+  // strictMode: true, // fail-closed for high-risk workloads
+});
+
+const proxiedOpenAI = agent.wrapOpenAI(openai, {
+  system_id: "sys_...",
+  user_id: "system-auto-summary", // optional service/user identity
+});
 ```
 
 ## 🔒 Klíčové vlastnosti
@@ -49,3 +56,4 @@ const proxiedOpenAI = agent.wrapOpenAI(openai, { system_id: "sys_..." });
 - PII Scrubbing: Automatická redakce e-mailů, rodných čísel a hesel před odesláním do cloudu.
 - Crypto-Shredding: Možnost nenávratně smazat citlivá data z logů na žádost uživatele (GDPR).
 - Fail-Safe architektura: Inteligentní přepínání mezi bezpečností a dostupností (Fail-Open/Closed).
+- Strict mode: při timeoutu Guard API můžeš vynutit fail-closed (`strictMode: true`).

package/dist/index.d.mts

@@ -1,4 +1,4 @@
-export { A as AgentID, a as AgentIDCallbackHandler, G as GuardParams, b as GuardResponse, L as LogParams, P as PreparedInput, R as RequestOptions } from './langchain-ranVjrg4.mjs';
+export { A as AgentID, a as AgentIDCallbackHandler, G as GuardParams, b as GuardResponse, L as LogParams, P as PreparedInput, R as RequestOptions } from './langchain-CIIL2j4R.mjs';
 
 type PIIMapping = Record<string, string>;
 declare class PIIManager {

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { A as AgentID, a as AgentIDCallbackHandler, G as GuardParams, b as GuardResponse, L as LogParams, P as PreparedInput, R as RequestOptions } from './langchain-ranVjrg4.js';
+export { A as AgentID, a as AgentIDCallbackHandler, G as GuardParams, b as GuardResponse, L as LogParams, P as PreparedInput, R as RequestOptions } from './langchain-CIIL2j4R.js';
 
 type PIIMapping = Record<string, string>;
 declare class PIIManager {

package/dist/index.js

@@ -389,9 +389,19 @@ var LocalSecurityEnforcer = class {
 
 // src/capability-config.ts
 var CONFIG_TTL_MS = 5 * 60 * 1e3;
-var CONFIG_TIMEOUT_MS = 2e3;
+var CONFIG_TIMEOUT_MS = 8e3;
+var CONFIG_RETRY_DELAY_MS = 1e3;
 var MAX_CAPABILITY_CACHE_ENTRIES = 500;
 var AGENTID_SDK_VERSION_HEADER = "js-1.0.4";
+var CapabilityConfigFetchError = class extends Error {
+  constructor(message, params) {
+    super(message);
+    this.name = "CapabilityConfigFetchError";
+    this.status = params.status;
+    this.retryable = params.retryable;
+    this.timeout = params.timeout;
+  }
+};
 function normalizeBaseUrl(baseUrl) {
   return baseUrl.replace(/\/+$/, "");
 }
@@ -447,10 +457,13 @@ function enforceCacheBound(cache) {
   }
   cache.clear();
 }
-async function fetchCapabilityConfigWithTimeout(params) {
-  if (typeof fetch !== "function") {
-    throw new Error("fetch is unavailable in this runtime");
-  }
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function isAbortError(error) {
+  return !!error && typeof error === "object" && error.name === "AbortError";
+}
+async function fetchCapabilityConfigAttempt(params) {
   const controller = new AbortController();
   const timeoutId = setTimeout(() => controller.abort(), params.timeoutMs);
   try {
@@ -465,13 +478,52 @@ async function fetchCapabilityConfigWithTimeout(params) {
     });
     const payload = await safeReadJson(res);
     if (!res.ok) {
-      throw new Error(`Config API Error ${res.status}`);
+      const retryable = res.status >= 500 || res.status === 429 || res.status === 408;
+      throw new CapabilityConfigFetchError(`Config API Error ${res.status}`, {
+        status: res.status,
+        retryable,
+        timeout: false
+      });
     }
     return normalizeCapabilityConfig(payload);
+  } catch (error) {
+    if (error instanceof CapabilityConfigFetchError) {
+      throw error;
+    }
+    if (isAbortError(error)) {
+      throw new CapabilityConfigFetchError(
+        "AgentID SDK failed to initialize: Connection timeout during configuration fetch. Please check your network or AgentID API status.",
+        {
+          retryable: true,
+          timeout: true
+        }
+      );
+    }
+    throw new CapabilityConfigFetchError(
+      error instanceof Error ? error.message : "Configuration fetch failed.",
+      {
+        retryable: true,
+        timeout: false
+      }
+    );
   } finally {
     clearTimeout(timeoutId);
   }
 }
+async function fetchCapabilityConfigWithTimeout(params) {
+  if (typeof fetch !== "function") {
+    throw new Error("fetch is unavailable in this runtime");
+  }
+  try {
+    return await fetchCapabilityConfigAttempt(params);
+  } catch (firstError) {
+    if (firstError instanceof CapabilityConfigFetchError && firstError.retryable) {
+      await sleep(CONFIG_RETRY_DELAY_MS);
+      return await fetchCapabilityConfigAttempt(params);
+    }
+    throw firstError;
+  }
+}
 function getCachedCapabilityConfig(params) {
   const key = getCacheKey(params.apiKey, params.baseUrl);
   const entry = getGlobalCache().get(key);
@@ -503,7 +555,8 @@ async function ensureCapabilityConfig(params) {
     enforceCacheBound(cache);
     return resolved;
   }).catch((error) => {
-    console.warn("AgentID Config unreachable. Defaulting to STRICT MODE.", error);
+    const message = error instanceof Error ? error.message : String(error);
+    console.warn("AgentID Config unreachable. Defaulting to STRICT MODE.", message);
     cache.set(key, {
       config: DEFAULT_STRICT_CONFIG,
       expiresAt: Date.now() + ttlMs,
@@ -931,6 +984,10 @@ var AGENTID_SDK_VERSION_HEADER2 = "js-1.0.4";
 function normalizeBaseUrl3(baseUrl) {
   return baseUrl.replace(/\/+$/, "");
 }
+function isInfrastructureGuardReason(reason) {
+  if (!reason) return false;
+  return reason === "system_failure" || reason === "system_failure_db_unavailable" || reason === "logging_failed" || reason === "server_error" || reason === "guard_unreachable" || reason === "api_key_pepper_missing" || reason === "encryption_key_missing";
+}
 async function safeReadJson2(response) {
   try {
     return await response.json();
@@ -947,6 +1004,7 @@ var AgentID = class {
     this.checkInjection = config.checkInjection !== false;
     this.aiScanEnabled = config.aiScanEnabled !== false;
     this.storePii = config.storePii === true;
+    this.strictMode = config.strictMode === true;
     this.pii = new PIIManager();
     this.localEnforcer = new LocalSecurityEnforcer(this.pii);
     void this.getCapabilityConfig();
@@ -1093,7 +1151,8 @@ var AgentID = class {
   }
   /**
    * GUARD: Checks limits, PII, and security before execution.
-   * FAIL-CLOSED: Returns allowed=false if the API fails.
+   * strictMode=false (default): FAIL-OPEN on connectivity/timeouts.
+   * strictMode=true: FAIL-CLOSED and throws on connectivity/timeouts.
    */
   async guard(params, options) {
     const effectiveApiKey = this.resolveApiKey(options?.apiKey);
@@ -1116,15 +1175,37 @@ var AgentID = class {
       });
       const responseBody = await safeReadJson2(res);
       if (responseBody && typeof responseBody.allowed === "boolean") {
-        return responseBody;
+        const verdict = responseBody;
+        if (!this.strictMode && verdict.allowed === false && (isInfrastructureGuardReason(verdict.reason) || res.status >= 500)) {
+          console.warn(
+            `[AgentID] Guard API infrastructure fallback in fail-open mode (${verdict.reason ?? `http_${res.status}`}).`
+          );
+          return { allowed: true, reason: "system_failure_fail_open" };
+        }
+        return verdict;
       }
       if (!res.ok) {
         throw new Error(`API Error ${res.status}`);
       }
       throw new Error("Invalid guard response");
     } catch (error) {
-      console.warn("[AgentID] Guard check failed (Fail-Closed active):", error);
-      return { allowed: false, reason: "guard_unreachable" };
+      const isAbortError2 = error && typeof error === "object" && error.name === "AbortError";
+      if (isAbortError2) {
+        const timeoutMessage = "AgentID API Warning: Connection timeout exceeded.";
+        if (this.strictMode) {
+          throw new Error(timeoutMessage);
+        }
+        console.warn(timeoutMessage);
+        return { allowed: true, reason: "timeout_fallback" };
+      }
+      if (this.strictMode) {
+        if (error instanceof Error) {
+          throw error;
+        }
+        throw new Error("AgentID API Error: Guard request failed.");
+      }
+      console.warn("[AgentID] Guard check failed (Fail-Open active):", error);
+      return { allowed: true, reason: "guard_unreachable" };
     } finally {
       clearTimeout(timeoutId);
     }
@@ -1255,6 +1336,7 @@ var AgentID = class {
                 const verdict = await this.guard({
                   input: maskedText,
                   system_id: systemId,
+                  user_id: options.user_id,
                   client_capabilities: this.buildClientCapabilities("openai", false)
                 }, requestOptions);
                 if (!verdict.allowed) {
@@ -1277,6 +1359,7 @@ var AgentID = class {
                   const usage = adapter.getTokenUsage(res);
                   this.log({
                     system_id: systemId,
+                    user_id: options.user_id,
                     input: maskedText,
                     output,
                     model,

package/dist/index.mjs

@@ -351,9 +351,19 @@ var LocalSecurityEnforcer = class {
 
 // src/capability-config.ts
 var CONFIG_TTL_MS = 5 * 60 * 1e3;
-var CONFIG_TIMEOUT_MS = 2e3;
+var CONFIG_TIMEOUT_MS = 8e3;
+var CONFIG_RETRY_DELAY_MS = 1e3;
 var MAX_CAPABILITY_CACHE_ENTRIES = 500;
 var AGENTID_SDK_VERSION_HEADER = "js-1.0.4";
+var CapabilityConfigFetchError = class extends Error {
+  constructor(message, params) {
+    super(message);
+    this.name = "CapabilityConfigFetchError";
+    this.status = params.status;
+    this.retryable = params.retryable;
+    this.timeout = params.timeout;
+  }
+};
 function normalizeBaseUrl(baseUrl) {
   return baseUrl.replace(/\/+$/, "");
 }
@@ -409,10 +419,13 @@ function enforceCacheBound(cache) {
   }
   cache.clear();
 }
-async function fetchCapabilityConfigWithTimeout(params) {
-  if (typeof fetch !== "function") {
-    throw new Error("fetch is unavailable in this runtime");
-  }
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function isAbortError(error) {
+  return !!error && typeof error === "object" && error.name === "AbortError";
+}
+async function fetchCapabilityConfigAttempt(params) {
   const controller = new AbortController();
   const timeoutId = setTimeout(() => controller.abort(), params.timeoutMs);
   try {
@@ -427,13 +440,52 @@ async function fetchCapabilityConfigWithTimeout(params) {
     });
     const payload = await safeReadJson(res);
     if (!res.ok) {
-      throw new Error(`Config API Error ${res.status}`);
+      const retryable = res.status >= 500 || res.status === 429 || res.status === 408;
+      throw new CapabilityConfigFetchError(`Config API Error ${res.status}`, {
+        status: res.status,
+        retryable,
+        timeout: false
+      });
     }
     return normalizeCapabilityConfig(payload);
+  } catch (error) {
+    if (error instanceof CapabilityConfigFetchError) {
+      throw error;
+    }
+    if (isAbortError(error)) {
+      throw new CapabilityConfigFetchError(
+        "AgentID SDK failed to initialize: Connection timeout during configuration fetch. Please check your network or AgentID API status.",
+        {
+          retryable: true,
+          timeout: true
+        }
+      );
+    }
+    throw new CapabilityConfigFetchError(
+      error instanceof Error ? error.message : "Configuration fetch failed.",
+      {
+        retryable: true,
+        timeout: false
+      }
+    );
   } finally {
     clearTimeout(timeoutId);
   }
 }
+async function fetchCapabilityConfigWithTimeout(params) {
+  if (typeof fetch !== "function") {
+    throw new Error("fetch is unavailable in this runtime");
+  }
+  try {
+    return await fetchCapabilityConfigAttempt(params);
+  } catch (firstError) {
+    if (firstError instanceof CapabilityConfigFetchError && firstError.retryable) {
+      await sleep(CONFIG_RETRY_DELAY_MS);
+      return await fetchCapabilityConfigAttempt(params);
+    }
+    throw firstError;
+  }
+}
 function getCachedCapabilityConfig(params) {
   const key = getCacheKey(params.apiKey, params.baseUrl);
   const entry = getGlobalCache().get(key);
@@ -465,7 +517,8 @@ async function ensureCapabilityConfig(params) {
     enforceCacheBound(cache);
     return resolved;
   }).catch((error) => {
-    console.warn("AgentID Config unreachable. Defaulting to STRICT MODE.", error);
+    const message = error instanceof Error ? error.message : String(error);
+    console.warn("AgentID Config unreachable. Defaulting to STRICT MODE.", message);
     cache.set(key, {
       config: DEFAULT_STRICT_CONFIG,
       expiresAt: Date.now() + ttlMs,
@@ -893,6 +946,10 @@ var AGENTID_SDK_VERSION_HEADER2 = "js-1.0.4";
 function normalizeBaseUrl3(baseUrl) {
   return baseUrl.replace(/\/+$/, "");
 }
+function isInfrastructureGuardReason(reason) {
+  if (!reason) return false;
+  return reason === "system_failure" || reason === "system_failure_db_unavailable" || reason === "logging_failed" || reason === "server_error" || reason === "guard_unreachable" || reason === "api_key_pepper_missing" || reason === "encryption_key_missing";
+}
 async function safeReadJson2(response) {
   try {
     return await response.json();
@@ -909,6 +966,7 @@ var AgentID = class {
     this.checkInjection = config.checkInjection !== false;
     this.aiScanEnabled = config.aiScanEnabled !== false;
     this.storePii = config.storePii === true;
+    this.strictMode = config.strictMode === true;
     this.pii = new PIIManager();
     this.localEnforcer = new LocalSecurityEnforcer(this.pii);
     void this.getCapabilityConfig();
@@ -1055,7 +1113,8 @@ var AgentID = class {
   }
   /**
    * GUARD: Checks limits, PII, and security before execution.
-   * FAIL-CLOSED: Returns allowed=false if the API fails.
+   * strictMode=false (default): FAIL-OPEN on connectivity/timeouts.
+   * strictMode=true: FAIL-CLOSED and throws on connectivity/timeouts.
    */
   async guard(params, options) {
     const effectiveApiKey = this.resolveApiKey(options?.apiKey);
@@ -1078,15 +1137,37 @@ var AgentID = class {
       });
       const responseBody = await safeReadJson2(res);
       if (responseBody && typeof responseBody.allowed === "boolean") {
-        return responseBody;
+        const verdict = responseBody;
+        if (!this.strictMode && verdict.allowed === false && (isInfrastructureGuardReason(verdict.reason) || res.status >= 500)) {
+          console.warn(
+            `[AgentID] Guard API infrastructure fallback in fail-open mode (${verdict.reason ?? `http_${res.status}`}).`
+          );
+          return { allowed: true, reason: "system_failure_fail_open" };
+        }
+        return verdict;
       }
       if (!res.ok) {
         throw new Error(`API Error ${res.status}`);
       }
       throw new Error("Invalid guard response");
     } catch (error) {
-      console.warn("[AgentID] Guard check failed (Fail-Closed active):", error);
-      return { allowed: false, reason: "guard_unreachable" };
+      const isAbortError2 = error && typeof error === "object" && error.name === "AbortError";
+      if (isAbortError2) {
+        const timeoutMessage = "AgentID API Warning: Connection timeout exceeded.";
+        if (this.strictMode) {
+          throw new Error(timeoutMessage);
+        }
+        console.warn(timeoutMessage);
+        return { allowed: true, reason: "timeout_fallback" };
+      }
+      if (this.strictMode) {
+        if (error instanceof Error) {
+          throw error;
+        }
+        throw new Error("AgentID API Error: Guard request failed.");
+      }
+      console.warn("[AgentID] Guard check failed (Fail-Open active):", error);
+      return { allowed: true, reason: "guard_unreachable" };
     } finally {
       clearTimeout(timeoutId);
     }
@@ -1217,6 +1298,7 @@ var AgentID = class {
                 const verdict = await this.guard({
                   input: maskedText,
                   system_id: systemId,
+                  user_id: options.user_id,
                   client_capabilities: this.buildClientCapabilities("openai", false)
                 }, requestOptions);
                 if (!verdict.allowed) {
@@ -1239,6 +1321,7 @@ var AgentID = class {
                   const usage = adapter.getTokenUsage(res);
                   this.log({
                     system_id: systemId,
+                    user_id: options.user_id,
                     input: maskedText,
                     output,
                     model,

package/dist/{langchain-ranVjrg4.d.mts → langchain-CIIL2j4R.d.mts}

@@ -54,6 +54,7 @@ type AgentIDConfig = {
     checkInjection?: boolean;
     aiScanEnabled?: boolean;
     storePii?: boolean;
+    strictMode?: boolean;
 };
 
 type PreparedInput = {
@@ -67,6 +68,7 @@ declare class AgentID {
     private checkInjection;
     private aiScanEnabled;
     private storePii;
+    private strictMode;
     private pii;
     private localEnforcer;
     private injectionScanner;
@@ -86,7 +88,8 @@ declare class AgentID {
     private logSecurityPolicyViolation;
     /**
      * GUARD: Checks limits, PII, and security before execution.
-     * FAIL-CLOSED: Returns allowed=false if the API fails.
+     * strictMode=false (default): FAIL-OPEN on connectivity/timeouts.
+     * strictMode=true: FAIL-CLOSED and throws on connectivity/timeouts.
      */
     guard(params: GuardParams, options?: RequestOptions): Promise<GuardResponse>;
     /**
@@ -110,6 +113,7 @@ declare class AgentID {
      */
     wrapOpenAI<T>(openai: T, options: {
         system_id: string;
+        user_id?: string;
         apiKey?: string;
         api_key?: string;
         resolveApiKey?: (request: Record<string, unknown>) => string | undefined;

package/dist/{langchain-ranVjrg4.d.ts → langchain-CIIL2j4R.d.ts}

@@ -54,6 +54,7 @@ type AgentIDConfig = {
     checkInjection?: boolean;
     aiScanEnabled?: boolean;
     storePii?: boolean;
+    strictMode?: boolean;
 };
 
 type PreparedInput = {
@@ -67,6 +68,7 @@ declare class AgentID {
     private checkInjection;
     private aiScanEnabled;
     private storePii;
+    private strictMode;
     private pii;
     private localEnforcer;
     private injectionScanner;
@@ -86,7 +88,8 @@ declare class AgentID {
     private logSecurityPolicyViolation;
     /**
      * GUARD: Checks limits, PII, and security before execution.
-     * FAIL-CLOSED: Returns allowed=false if the API fails.
+     * strictMode=false (default): FAIL-OPEN on connectivity/timeouts.
+     * strictMode=true: FAIL-CLOSED and throws on connectivity/timeouts.
      */
     guard(params: GuardParams, options?: RequestOptions): Promise<GuardResponse>;
     /**
@@ -110,6 +113,7 @@ declare class AgentID {
      */
     wrapOpenAI<T>(openai: T, options: {
         system_id: string;
+        user_id?: string;
         apiKey?: string;
         api_key?: string;
         resolveApiKey?: (request: Record<string, unknown>) => string | undefined;

package/dist/langchain.d.mts

@@ -1 +1 @@
-export { a as AgentIDCallbackHandler } from './langchain-ranVjrg4.mjs';
+export { a as AgentIDCallbackHandler } from './langchain-CIIL2j4R.mjs';

package/dist/langchain.d.ts

@@ -1 +1 @@
-export { a as AgentIDCallbackHandler } from './langchain-ranVjrg4.js';
+export { a as AgentIDCallbackHandler } from './langchain-CIIL2j4R.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentid-sdk",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "AgentID JavaScript/TypeScript SDK for guard, ingest, tracing, and analytics.",
   "license": "MIT",
   "homepage": "https://agentid.ai",