agentid-sdk 0.1.34 → 0.1.36

package/dist/{agentid-M5I7-YqI.d.mts → agentid-JQx2Iy7B.d.mts}

@@ -1,4 +1,19 @@
+type PIIMapping = Record<string, string>;
+declare class PIIManager {
+    /**
+     * Reversible local-first masking using <TYPE_INDEX> placeholders.
+     *
+     * Zero-dependency fallback with strict checksum validation for CEE national IDs.
+     */
+    anonymize(text: string): {
+        maskedText: string;
+        mapping: PIIMapping;
+    };
+    deanonymize(text: string, mapping: PIIMapping): string;
+}
+
 type CapabilityConfig = {
+    version?: number | null;
     shadow_mode: boolean;
     strict_security_mode: boolean;
     failure_mode: "fail_open" | "fail_close";
@@ -105,6 +120,8 @@ type PreparedInput = {
     capabilityConfig: CapabilityConfig;
     sdkConfigFetchMs?: number;
     sdkLocalScanMs?: number;
+    piiMapping?: PIIMapping;
+    shouldDeanonymize?: boolean;
 };
 declare class SecurityBlockError extends Error {
     reason: string;
@@ -140,6 +157,7 @@ declare class AgentID {
     get piiMasking(): boolean | undefined;
     private resolveEffectivePiiMasking;
     getEffectivePiiMasking(options?: RequestOptions): boolean;
+    getEffectivePiiMaskingForConfig(capabilityConfig?: CapabilityConfig): boolean;
     private buildClientCapabilities;
     private resolveApiKey;
     private resolveClientEventId;
@@ -152,7 +170,7 @@ declare class AgentID {
     private resolveEffectiveStrictMode;
     private maybeRaiseStrictIngestDependencyError;
     private shouldRunLocalInjectionScan;
-    private refreshCapabilityConfigBeforeLocalEnforcement;
+    private refreshCapabilityConfigBeforeClientControl;
     private applyLocalPolicyChecks;
     prepareInputForDispatch(params: {
         input: string;
@@ -183,6 +201,10 @@ declare class AgentID {
     private sendIngest;
     private extractStreamChunkText;
     private extractStreamChunkUsage;
+    private isOpenAIStreamFinishChunk;
+    private setOpenAIStreamChunkText;
+    private createSyntheticOpenAIStreamChunk;
+    private rewriteOpenAIStreamChunkForClient;
     private wrapCompletion;
     /**
      * LOG: Sends telemetry after execution.
@@ -215,4 +237,4 @@ declare class AgentID {
     }): T;
 }
 
-export { AgentID as A, DependencyError as D, type GuardParams as G, type LogParams as L, type PreparedInput as P, type RequestOptions as R, SecurityBlockError as S, type TransparencyMetadata as T, type GuardResponse as a };
+export { AgentID as A, DependencyError as D, type GuardParams as G, type LogParams as L, PIIManager as P, type RequestOptions as R, SecurityBlockError as S, type TransparencyMetadata as T, type GuardResponse as a, type PIIMapping as b, type PreparedInput as c };

package/dist/{agentid-M5I7-YqI.d.ts → agentid-JQx2Iy7B.d.ts}

@@ -1,4 +1,19 @@
+type PIIMapping = Record<string, string>;
+declare class PIIManager {
+    /**
+     * Reversible local-first masking using <TYPE_INDEX> placeholders.
+     *
+     * Zero-dependency fallback with strict checksum validation for CEE national IDs.
+     */
+    anonymize(text: string): {
+        maskedText: string;
+        mapping: PIIMapping;
+    };
+    deanonymize(text: string, mapping: PIIMapping): string;
+}
+
 type CapabilityConfig = {
+    version?: number | null;
     shadow_mode: boolean;
     strict_security_mode: boolean;
     failure_mode: "fail_open" | "fail_close";
@@ -105,6 +120,8 @@ type PreparedInput = {
     capabilityConfig: CapabilityConfig;
     sdkConfigFetchMs?: number;
     sdkLocalScanMs?: number;
+    piiMapping?: PIIMapping;
+    shouldDeanonymize?: boolean;
 };
 declare class SecurityBlockError extends Error {
     reason: string;
@@ -140,6 +157,7 @@ declare class AgentID {
     get piiMasking(): boolean | undefined;
     private resolveEffectivePiiMasking;
     getEffectivePiiMasking(options?: RequestOptions): boolean;
+    getEffectivePiiMaskingForConfig(capabilityConfig?: CapabilityConfig): boolean;
     private buildClientCapabilities;
     private resolveApiKey;
     private resolveClientEventId;
@@ -152,7 +170,7 @@ declare class AgentID {
     private resolveEffectiveStrictMode;
     private maybeRaiseStrictIngestDependencyError;
     private shouldRunLocalInjectionScan;
-    private refreshCapabilityConfigBeforeLocalEnforcement;
+    private refreshCapabilityConfigBeforeClientControl;
     private applyLocalPolicyChecks;
     prepareInputForDispatch(params: {
         input: string;
@@ -183,6 +201,10 @@ declare class AgentID {
     private sendIngest;
     private extractStreamChunkText;
     private extractStreamChunkUsage;
+    private isOpenAIStreamFinishChunk;
+    private setOpenAIStreamChunkText;
+    private createSyntheticOpenAIStreamChunk;
+    private rewriteOpenAIStreamChunkForClient;
     private wrapCompletion;
     /**
      * LOG: Sends telemetry after execution.
@@ -215,4 +237,4 @@ declare class AgentID {
     }): T;
 }
 
-export { AgentID as A, DependencyError as D, type GuardParams as G, type LogParams as L, type PreparedInput as P, type RequestOptions as R, SecurityBlockError as S, type TransparencyMetadata as T, type GuardResponse as a };
+export { AgentID as A, DependencyError as D, type GuardParams as G, type LogParams as L, PIIManager as P, type RequestOptions as R, SecurityBlockError as S, type TransparencyMetadata as T, type GuardResponse as a, type PIIMapping as b, type PreparedInput as c };

package/dist/{chunk-FCOSLPMF.mjs → chunk-TY4AXWGS.mjs}

@@ -1810,10 +1810,11 @@ function getInjectionScanner() {
 
 // src/sdk-version.ts
 var FALLBACK_SDK_VERSION = "js-0.0.0-dev";
-var AGENTID_SDK_VERSION_HEADER = "js-0.1.34".trim().length > 0 ? "js-0.1.34" : FALLBACK_SDK_VERSION;
+var AGENTID_SDK_VERSION_HEADER = "js-0.1.36".trim().length > 0 ? "js-0.1.36" : FALLBACK_SDK_VERSION;
 
 // src/local-security-enforcer.ts
 var DEFAULT_FAIL_OPEN_CONFIG = {
+  version: null,
   shadow_mode: false,
   strict_security_mode: false,
   failure_mode: "fail_open",
@@ -1982,6 +1983,25 @@ function readOptionalFailureModeField(body, fallback) {
   }
   return fallback;
 }
+function readOptionalVersionField(body) {
+  if (!("version" in body)) {
+    return null;
+  }
+  const value = body.version;
+  if (value === null || value === void 0 || value === "") {
+    return null;
+  }
+  if (typeof value === "number" && Number.isFinite(value)) {
+    return Math.trunc(value);
+  }
+  if (typeof value === "string") {
+    const parsed = Number.parseInt(value, 10);
+    if (Number.isFinite(parsed)) {
+      return parsed;
+    }
+  }
+  throw new Error("Invalid config field: version");
+}
 function normalizeCapabilityConfig(payload) {
   if (!payload || typeof payload !== "object") {
     throw new Error("Invalid config payload");
@@ -1999,6 +2019,7 @@ function normalizeCapabilityConfig(payload) {
     false
   );
   return {
+    version: readOptionalVersionField(body),
     shadow_mode: readOptionalBooleanField(body, "shadow_mode", false),
     strict_security_mode: effectiveStrictMode,
     failure_mode: effectiveStrictMode ? "fail_close" : "fail_open",
@@ -2281,6 +2302,9 @@ function buildSdkTimingMetadata(params) {
   setFiniteDurationMetadata(metadata, "sdk_local_scan_ms", params.sdkLocalScanMs);
   setFiniteDurationMetadata(metadata, "sdk_guard_ms", params.sdkGuardMs);
   setFiniteDurationMetadata(metadata, "sdk_ingest_ms", params.sdkIngestMs);
+  if (typeof params.sdkConfigVersion === "number" && Number.isFinite(params.sdkConfigVersion)) {
+    metadata.sdk_config_version = Math.trunc(params.sdkConfigVersion);
+  }
   return metadata;
 }
 function resolveConfiguredApiKey(value) {
@@ -2483,6 +2507,57 @@ function createCompletionChunkCollector() {
     result
   };
 }
+function getStreamingPlaceholderCarryLength(buffer, placeholders) {
+  if (!buffer || placeholders.length === 0) {
+    return 0;
+  }
+  let maxPlaceholderLength = 0;
+  for (const placeholder of placeholders) {
+    if (placeholder.length > maxPlaceholderLength) {
+      maxPlaceholderLength = placeholder.length;
+    }
+  }
+  const maxCarryLength = Math.min(buffer.length, Math.max(0, maxPlaceholderLength - 1));
+  let carryLength = 0;
+  for (let candidateLength = 1; candidateLength <= maxCarryLength; candidateLength += 1) {
+    const suffix = buffer.slice(-candidateLength);
+    if (placeholders.some((placeholder) => placeholder.startsWith(suffix))) {
+      carryLength = candidateLength;
+    }
+  }
+  return carryLength;
+}
+function createStreamingPlaceholderRewriter(piiManager, mapping) {
+  const placeholders = Object.keys(mapping).filter((placeholder) => placeholder.length > 0);
+  if (placeholders.length === 0) {
+    return null;
+  }
+  let pending = "";
+  return {
+    consume(chunk) {
+      if (!chunk) {
+        return "";
+      }
+      pending += chunk;
+      const carryLength = getStreamingPlaceholderCarryLength(pending, placeholders);
+      const flushLength = Math.max(0, pending.length - carryLength);
+      if (flushLength === 0) {
+        return "";
+      }
+      const flushable = pending.slice(0, flushLength);
+      pending = pending.slice(flushLength);
+      return piiManager.deanonymize(flushable, mapping);
+    },
+    flush() {
+      if (!pending) {
+        return "";
+      }
+      const remaining = piiManager.deanonymize(pending, mapping);
+      pending = "";
+      return remaining;
+    }
+  };
+}
 var SecurityBlockError = class extends Error {
   constructor(reason = "guard_denied") {
     super(`AgentID: Security Blocked (${reason})`);
@@ -2537,6 +2612,9 @@ var AgentID = class {
   getEffectivePiiMasking(options) {
     return this.resolveEffectivePiiMasking(this.getCachedCapabilityConfig(options));
   }
+  getEffectivePiiMaskingForConfig(capabilityConfig) {
+    return this.resolveEffectivePiiMasking(capabilityConfig);
+  }
   buildClientCapabilities(framework = "js_sdk", hasFeedbackHandler = false, capabilityConfig) {
     return {
       capabilities: {
@@ -2662,7 +2740,7 @@ var AgentID = class {
     }
     return config.block_on_heuristic;
   }
-  async refreshCapabilityConfigBeforeLocalEnforcement(params) {
+  async refreshCapabilityConfigBeforeClientControl(params) {
     const refreshed = await this.getCapabilityConfigWithTelemetry(true, params.options);
     return {
       capabilityConfig: refreshed.capabilityConfig,
@@ -2684,7 +2762,8 @@ var AgentID = class {
         eventId: params.clientEventId,
         clientEventId: params.clientEventId,
         telemetryMetadata: buildSdkTimingMetadata({
-          sdkConfigFetchMs: params.sdkConfigFetchMs
+          sdkConfigFetchMs: params.sdkConfigFetchMs,
+          sdkConfigVersion: params.capabilityConfig.version
         })
       });
     }
@@ -2729,15 +2808,38 @@ var AgentID = class {
       false,
       options
     );
+    let sanitizedInput = params.input;
+    let sdkLocalScanMs = 0;
+    if (this.configuredPiiMasking === null) {
+      const refreshed = await this.refreshCapabilityConfigBeforeClientControl({
+        capabilityConfig,
+        sdkConfigFetchMs,
+        options
+      });
+      capabilityConfig = refreshed.capabilityConfig;
+      sdkConfigFetchMs = refreshed.sdkConfigFetchMs;
+    }
     if (!this.clientFastFail) {
+      const effectivePiiMasking2 = this.resolveEffectivePiiMasking(capabilityConfig);
+      if (!capabilityConfig.block_pii_leakage && effectivePiiMasking2) {
+        const masked = this.pii.anonymize(sanitizedInput);
+        return {
+          sanitizedInput: masked.maskedText,
+          capabilityConfig,
+          sdkConfigFetchMs,
+          sdkLocalScanMs,
+          piiMapping: masked.mapping,
+          shouldDeanonymize: Object.keys(masked.mapping).length > 0
+        };
+      }
       return {
-        sanitizedInput: params.input,
+        sanitizedInput,
         capabilityConfig,
         sdkConfigFetchMs,
-        sdkLocalScanMs: 0
+        sdkLocalScanMs
       };
     }
-    const refreshedConfig = await this.refreshCapabilityConfigBeforeLocalEnforcement({
+    const refreshedConfig = await this.refreshCapabilityConfigBeforeClientControl({
       capabilityConfig,
       sdkConfigFetchMs,
       options
@@ -2754,11 +2856,25 @@ var AgentID = class {
       sdkConfigFetchMs,
       runPromptInjectionCheck: !params.skipInjectionScan
     });
+    sanitizedInput = enforced.sanitizedInput;
+    sdkLocalScanMs = enforced.sdkLocalScanMs;
+    const effectivePiiMasking = this.resolveEffectivePiiMasking(capabilityConfig);
+    if (!capabilityConfig.block_pii_leakage && effectivePiiMasking) {
+      const masked = this.pii.anonymize(sanitizedInput);
+      return {
+        sanitizedInput: masked.maskedText,
+        capabilityConfig,
+        sdkConfigFetchMs,
+        sdkLocalScanMs,
+        piiMapping: masked.mapping,
+        shouldDeanonymize: Object.keys(masked.mapping).length > 0
+      };
+    }
     return {
-      sanitizedInput: enforced.sanitizedInput,
+      sanitizedInput,
       capabilityConfig,
       sdkConfigFetchMs,
-      sdkLocalScanMs: enforced.sdkLocalScanMs
+      sdkLocalScanMs
     };
   }
   async applyLocalFallbackForGuardFailure(params, options) {
@@ -2767,7 +2883,7 @@ var AgentID = class {
       capabilityConfig: params.capabilityConfig,
       sdkConfigFetchMs: params.sdkConfigFetchMs
     } : await this.getCapabilityConfigWithTelemetry(false, options);
-    const refreshedConfig = await this.refreshCapabilityConfigBeforeLocalEnforcement({
+    const refreshedConfig = await this.refreshCapabilityConfigBeforeClientControl({
       capabilityConfig: resolvedConfig.capabilityConfig,
       sdkConfigFetchMs: resolvedConfig.sdkConfigFetchMs,
       options
@@ -2797,7 +2913,7 @@ var AgentID = class {
       false,
       options
     );
-    const refreshedConfig = await this.refreshCapabilityConfigBeforeLocalEnforcement({
+    const refreshedConfig = await this.refreshCapabilityConfigBeforeClientControl({
       capabilityConfig: initialConfig.capabilityConfig,
       sdkConfigFetchMs: initialConfig.sdkConfigFetchMs,
       options
@@ -2818,7 +2934,8 @@ var AgentID = class {
       eventId: options?.clientEventId,
       clientEventId: options?.clientEventId,
       telemetryMetadata: buildSdkTimingMetadata({
-        sdkConfigFetchMs: refreshedConfig.sdkConfigFetchMs
+        sdkConfigFetchMs: refreshedConfig.sdkConfigFetchMs,
+        sdkConfigVersion: refreshedConfig.capabilityConfig.version
       })
     });
   }
@@ -2871,7 +2988,10 @@ var AgentID = class {
         action_taken: params.actionTaken,
         ...buildSdkTimingMetadata({
           sdkConfigFetchMs: params.sdkConfigFetchMs,
-          sdkLocalScanMs: params.sdkLocalScanMs
+          sdkLocalScanMs: params.sdkLocalScanMs,
+          sdkConfigVersion: this.getCachedCapabilityConfig({
+            apiKey: params.apiKey
+          }).version
         })
       }
     }, { apiKey: params.apiKey });
@@ -3210,7 +3330,123 @@ var AgentID = class {
     const usage = chunk.usage;
     return usage && typeof usage === "object" && !Array.isArray(usage) ? usage : void 0;
   }
-  wrapCompletion(completion) {
+  isOpenAIStreamFinishChunk(chunk) {
+    if (!chunk || typeof chunk !== "object") {
+      return false;
+    }
+    const choices = chunk.choices;
+    if (!Array.isArray(choices)) {
+      return false;
+    }
+    return choices.some(
+      (choice) => choice && typeof choice === "object" && typeof choice.finish_reason === "string" && (choice.finish_reason ?? "").length > 0
+    );
+  }
+  setOpenAIStreamChunkText(chunk, text) {
+    if (!chunk || typeof chunk !== "object") {
+      return false;
+    }
+    const choices = chunk.choices;
+    if (!Array.isArray(choices)) {
+      return false;
+    }
+    let assigned = false;
+    const replaceInContainer = (container) => {
+      if (!container || typeof container !== "object") {
+        return false;
+      }
+      const content = container.content;
+      if (typeof content === "string") {
+        if (!assigned) {
+          container.content = text;
+          assigned = true;
+        } else {
+          container.content = "";
+        }
+        return true;
+      }
+      if (Array.isArray(content)) {
+        let replacedInArray = false;
+        for (const part of content) {
+          if (!part || typeof part !== "object") continue;
+          const typedPart = part;
+          if (typeof typedPart.text !== "string") continue;
+          if (!assigned && !replacedInArray) {
+            typedPart.text = text;
+            assigned = true;
+            replacedInArray = true;
+          } else {
+            typedPart.text = "";
+          }
+        }
+        if (!assigned && text.length > 0) {
+          content.unshift({ type: "text", text });
+          assigned = true;
+        }
+        return replacedInArray || assigned;
+      }
+      if (!assigned && text.length > 0) {
+        container.content = text;
+        assigned = true;
+        return true;
+      }
+      return false;
+    };
+    for (const choice of choices) {
+      if (!choice || typeof choice !== "object") {
+        continue;
+      }
+      const typedChoice = choice;
+      const replacedDelta = replaceInContainer(typedChoice.delta);
+      const replacedMessage = replaceInContainer(typedChoice.message);
+      if (!replacedDelta && !replacedMessage && !assigned && text.length > 0) {
+        if (!typedChoice.delta || typeof typedChoice.delta !== "object") {
+          typedChoice.delta = {};
+        }
+        typedChoice.delta.content = text;
+        assigned = true;
+      }
+    }
+    return assigned;
+  }
+  createSyntheticOpenAIStreamChunk(text, template) {
+    const synthetic = {};
+    if (template && typeof template === "object" && !Array.isArray(template)) {
+      const typedTemplate = template;
+      for (const key of ["id", "object", "created", "model"]) {
+        if (Object.prototype.hasOwnProperty.call(typedTemplate, key)) {
+          synthetic[key] = typedTemplate[key];
+        }
+      }
+    }
+    synthetic.choices = [
+      {
+        index: 0,
+        delta: { content: text },
+        finish_reason: null
+      }
+    ];
+    return synthetic;
+  }
+  rewriteOpenAIStreamChunkForClient(chunk, rewriter, isFinishChunk) {
+    const rawText = this.extractStreamChunkText(chunk);
+    const rewrittenText = rawText ? rewriter.consume(rawText) : "";
+    const finalText = isFinishChunk ? `${rewrittenText}${rewriter.flush()}` : rewrittenText;
+    if (typeof chunk === "string") {
+      return finalText ? [finalText] : [];
+    }
+    if (rawText) {
+      if (this.setOpenAIStreamChunkText(chunk, finalText)) {
+        return [chunk];
+      }
+      return finalText.length > 0 ? [this.createSyntheticOpenAIStreamChunk(finalText, chunk), chunk] : [chunk];
+    }
+    if (isFinishChunk && finalText.length > 0) {
+      return [this.createSyntheticOpenAIStreamChunk(finalText, chunk), chunk];
+    }
+    return [chunk];
+  }
+  wrapCompletion(completion, options) {
     if (typeof completion === "string") {
       const masked = this.pii.anonymize(completion);
       return {
@@ -3234,7 +3470,11 @@ var AgentID = class {
     const collector = createCompletionChunkCollector();
     const extractStreamChunkText = this.extractStreamChunkText.bind(this);
     const extractStreamChunkUsage = this.extractStreamChunkUsage.bind(this);
+    const isOpenAIStreamFinishChunk = this.isOpenAIStreamFinishChunk.bind(this);
+    const rewriteOpenAIStreamChunkForClient = this.rewriteOpenAIStreamChunkForClient.bind(this);
+    const createSyntheticOpenAIStreamChunk = this.createSyntheticOpenAIStreamChunk.bind(this);
     const piiManager = this.pii;
+    const streamRewriter = options?.deanonymizeForClient === true && options.piiMapping ? createStreamingPlaceholderRewriter(piiManager, options.piiMapping) : null;
     let lastUsage;
     let resolveDone = null;
     let rejectDone = null;
@@ -3245,17 +3485,44 @@ var AgentID = class {
     const wrapped = {
       [Symbol.asyncIterator]: async function* () {
         try {
+          let finishChunkFlushed = false;
+          let lastChunkTemplate;
           for await (const chunk of source) {
             const chunkText = extractStreamChunkText(chunk);
+            const isFinishChunk = streamRewriter ? isOpenAIStreamFinishChunk(chunk) : false;
             if (chunkText) {
               await collector.push(chunkText);
+              lastChunkTemplate = chunk;
             }
             const chunkUsage = extractStreamChunkUsage(chunk);
             if (chunkUsage) {
               lastUsage = chunkUsage;
             }
+            if (streamRewriter) {
+              const rewrittenChunks = rewriteOpenAIStreamChunkForClient(
+                chunk,
+                streamRewriter,
+                isFinishChunk
+              );
+              if (isFinishChunk) {
+                finishChunkFlushed = true;
+              }
+              for (const rewrittenChunk of rewrittenChunks) {
+                yield rewrittenChunk;
+              }
+              continue;
+            }
             yield chunk;
           }
+          if (streamRewriter && !finishChunkFlushed) {
+            const trailingText = streamRewriter.flush();
+            if (trailingText.length > 0) {
+              yield createSyntheticOpenAIStreamChunk(
+                trailingText,
+                lastChunkTemplate
+              );
+            }
+          }
           await collector.close();
           const rawOutput = await collector.result;
           const masked = piiManager.anonymize(rawOutput);
@@ -3368,6 +3635,8 @@ var AgentID = class {
                   }, requestOptions);
                   capabilityConfig = prepared.capabilityConfig;
                   maskedText = prepared.sanitizedInput;
+                  mapping = prepared.piiMapping ?? {};
+                  shouldDeanonymize = prepared.shouldDeanonymize === true;
                   sdkConfigFetchMs = prepared.sdkConfigFetchMs ?? 0;
                   sdkLocalScanMs = prepared.sdkLocalScanMs ?? 0;
                   if (maskedText !== userText) {
@@ -3379,24 +3648,6 @@ var AgentID = class {
                     nextCreateArgs[0] = maskedReq;
                     createArgs = nextCreateArgs;
                   }
-                  const effectivePiiMasking = this.resolveEffectivePiiMasking(capabilityConfig);
-                  if (!capabilityConfig.block_pii_leakage && effectivePiiMasking) {
-                    if (stream) {
-                      console.warn("AgentID: PII masking is disabled for streaming responses.");
-                    } else {
-                      const masked = this.pii.anonymize(maskedText);
-                      maskedText = masked.maskedText;
-                      mapping = masked.mapping;
-                      shouldDeanonymize = Object.keys(mapping).length > 0;
-                      maskedReq = this.withMaskedOpenAIRequest(
-                        req,
-                        maskedText
-                      );
-                      const nextCreateArgs = [...normalizedCreateArgs];
-                      nextCreateArgs[0] = maskedReq;
-                      createArgs = nextCreateArgs;
-                    }
-                  }
                 }
                 if (!maskedText) {
                   throw new Error(
@@ -3475,7 +3726,11 @@ var AgentID = class {
                       if (typeof streamResponse !== "undefined") {
                         yield streamResponse;
                       }
-                    })()
+                    })(),
+                    {
+                      piiMapping: mapping,
+                      deanonymizeForClient: shouldDeanonymize
+                    }
                   );
                   if (maskedText && wrappedCompletion.mode === "stream") {
                     void wrappedCompletion.done.then(async (result) => {
@@ -3512,7 +3767,8 @@ var AgentID = class {
                           ...buildSdkTimingMetadata({
                             sdkConfigFetchMs,
                             sdkLocalScanMs,
-                            sdkGuardMs: guardLatencyMs
+                            sdkGuardMs: guardLatencyMs,
+                            sdkConfigVersion: capabilityConfig.version
                           })
                         },
                         client_capabilities: this.buildClientCapabilities(
@@ -3579,7 +3835,8 @@ var AgentID = class {
                       ...buildSdkTimingMetadata({
                         sdkConfigFetchMs,
                         sdkLocalScanMs,
-                        sdkGuardMs: guardLatencyMs
+                        sdkGuardMs: guardLatencyMs,
+                        sdkConfigVersion: capabilityConfig.version
                       })
                     },
                     client_capabilities: this.buildClientCapabilities(

package/dist/index.d.mts

@@ -1,18 +1,5 @@
-export { A as AgentID, D as DependencyError, G as GuardParams, a as GuardResponse, L as LogParams, P as PreparedInput, R as RequestOptions, S as SecurityBlockError, T as TransparencyMetadata } from './agentid-M5I7-YqI.mjs';
-
-type PIIMapping = Record<string, string>;
-declare class PIIManager {
-    /**
-     * Reversible local-first masking using <TYPE_INDEX> placeholders.
-     *
-     * Zero-dependency fallback with strict checksum validation for CEE national IDs.
-     */
-    anonymize(text: string): {
-        maskedText: string;
-        mapping: PIIMapping;
-    };
-    deanonymize(text: string, mapping: PIIMapping): string;
-}
+import { P as PIIManager } from './agentid-JQx2Iy7B.mjs';
+export { A as AgentID, D as DependencyError, G as GuardParams, a as GuardResponse, L as LogParams, b as PIIMapping, c as PreparedInput, R as RequestOptions, S as SecurityBlockError, T as TransparencyMetadata } from './agentid-JQx2Iy7B.mjs';
 
 type TokenUsage = Record<string, unknown>;
 interface LLMAdapter {
@@ -60,4 +47,4 @@ declare class InjectionScanner {
 }
 declare function getInjectionScanner(): InjectionScanner;
 
-export { type InjectionScanParams, InjectionScanner, type LLMAdapter, OpenAIAdapter, PIIManager, type PIIMapping, type TokenUsage, getInjectionScanner, scanWithRegex };
+export { type InjectionScanParams, InjectionScanner, type LLMAdapter, OpenAIAdapter, PIIManager, type TokenUsage, getInjectionScanner, scanWithRegex };

package/dist/index.d.ts

@@ -1,18 +1,5 @@
-export { A as AgentID, D as DependencyError, G as GuardParams, a as GuardResponse, L as LogParams, P as PreparedInput, R as RequestOptions, S as SecurityBlockError, T as TransparencyMetadata } from './agentid-M5I7-YqI.js';
-
-type PIIMapping = Record<string, string>;
-declare class PIIManager {
-    /**
-     * Reversible local-first masking using <TYPE_INDEX> placeholders.
-     *
-     * Zero-dependency fallback with strict checksum validation for CEE national IDs.
-     */
-    anonymize(text: string): {
-        maskedText: string;
-        mapping: PIIMapping;
-    };
-    deanonymize(text: string, mapping: PIIMapping): string;
-}
+import { P as PIIManager } from './agentid-JQx2Iy7B.js';
+export { A as AgentID, D as DependencyError, G as GuardParams, a as GuardResponse, L as LogParams, b as PIIMapping, c as PreparedInput, R as RequestOptions, S as SecurityBlockError, T as TransparencyMetadata } from './agentid-JQx2Iy7B.js';
 
 type TokenUsage = Record<string, unknown>;
 interface LLMAdapter {
@@ -60,4 +47,4 @@ declare class InjectionScanner {
 }
 declare function getInjectionScanner(): InjectionScanner;
 
-export { type InjectionScanParams, InjectionScanner, type LLMAdapter, OpenAIAdapter, PIIManager, type PIIMapping, type TokenUsage, getInjectionScanner, scanWithRegex };
+export { type InjectionScanParams, InjectionScanner, type LLMAdapter, OpenAIAdapter, PIIManager, type TokenUsage, getInjectionScanner, scanWithRegex };