agentid-sdk 0.1.38 → 0.1.41
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +102 -11
- package/dist/{agentid-CxVUF_eo.d.mts → agentid-Mjh8rXn0.d.mts} +3 -1
- package/dist/{agentid-CxVUF_eo.d.ts → agentid-Mjh8rXn0.d.ts} +3 -1
- package/dist/{chunk-AIGMQSAV.mjs → chunk-L2WVWRAC.mjs} +226 -119
- package/dist/index.d.mts +12 -3
- package/dist/index.d.ts +12 -3
- package/dist/index.js +280 -119
- package/dist/index.mjs +54 -1
- package/dist/langchain.d.mts +1 -1
- package/dist/langchain.d.ts +1 -1
- package/dist/langchain.js +5 -3
- package/dist/langchain.mjs +1 -1
- package/dist/transparency-badge.d.mts +1 -1
- package/dist/transparency-badge.d.ts +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -111,6 +111,10 @@ console.log(response.choices[0]?.message?.content ?? "");
|
|
|
111
111
|
By default, official AgentID SDK integrations inherit `enable_sdk_pii_masking`
|
|
112
112
|
from the dashboard/runtime config. You only need to set `piiMasking: true` in
|
|
113
113
|
code if you want to force local masking on even when the dashboard policy is off.
|
|
114
|
+
Starting with `agentid-sdk@0.1.40`, fail-open dependency fallback keeps local
|
|
115
|
+
deterministic PII and secret masking enabled when `/agent/config` or `/guard`
|
|
116
|
+
is unreachable. Fail-open can preserve availability, but official wrappers must
|
|
117
|
+
not treat it as permission to send raw sensitive text to the provider.
|
|
114
118
|
|
|
115
119
|
When SDK-side masking is enabled, the wrapper now masks both classic PII and
|
|
116
120
|
high-confidence secret material before the request leaves your process:
|
|
@@ -121,10 +125,86 @@ high-confidence secret material before the request leaves your process:
|
|
|
121
125
|
- password / credential assignments, PEM private keys, Azure connection strings and SAS tokens
|
|
122
126
|
|
|
123
127
|
The masked form is what gets sent to `/guard`, logged to AgentID ingest, and
|
|
124
|
-
forwarded to the model provider.
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
+
forwarded to the model provider. The wrapper also protects returned completion
|
|
129
|
+
text before it is logged or returned from the wrapped call when SDK-side masking
|
|
130
|
+
is enabled.
|
|
131
|
+
|
|
132
|
+
Important: this applies only to the wrapped call. If your app sends raw prompt
|
|
133
|
+
or raw chat history through a separate direct provider call, AgentID cannot
|
|
134
|
+
protect that bypass.
|
|
135
|
+
|
|
136
|
+
Correct:
|
|
137
|
+
|
|
138
|
+
```ts
|
|
139
|
+
const secured = agent.wrapOpenAI(openai, {
|
|
140
|
+
system_id: process.env.AGENTID_SYSTEM_ID!,
|
|
141
|
+
});
|
|
142
|
+
|
|
143
|
+
await secured.chat.completions.create({
|
|
144
|
+
model: "gpt-4o-mini",
|
|
145
|
+
messages: fullConversationHistory,
|
|
146
|
+
});
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
Incorrect:
|
|
150
|
+
|
|
151
|
+
```ts
|
|
152
|
+
// Raw history reaches the provider.
|
|
153
|
+
await openai.chat.completions.create({
|
|
154
|
+
model: "gpt-4o-mini",
|
|
155
|
+
messages: rawConversationHistory,
|
|
156
|
+
});
|
|
157
|
+
|
|
158
|
+
// Logging a masked copy later does not protect the model call above.
|
|
159
|
+
await agent.log({ system_id: systemId, input: maskedInput, output: maskedOutput });
|
|
160
|
+
```
|
|
161
|
+
|
|
162
|
+
For chat apps and agent workflows, protect the full message history, not just
|
|
163
|
+
the latest text field. If a previous user/assistant/tool/memory message contains
|
|
164
|
+
raw PII, the model can still repeat it later.
|
|
165
|
+
|
|
166
|
+
If you cannot use `wrapOpenAI()` and need a manual integration, call
|
|
167
|
+
`protectMessageHistory()` on the exact history that will be sent to the
|
|
168
|
+
provider. Then pass `protected.messages` to the provider, not the raw
|
|
169
|
+
`body.messages`.
|
|
170
|
+
|
|
171
|
+
```ts
|
|
172
|
+
import { AgentID, protectMessageHistory } from "agentid-sdk";
|
|
173
|
+
|
|
174
|
+
const agent = new AgentID();
|
|
175
|
+
const protectedHistory = protectMessageHistory(body.messages, {
|
|
176
|
+
pii: true,
|
|
177
|
+
secrets: true,
|
|
178
|
+
});
|
|
179
|
+
|
|
180
|
+
const latestUserInput = extractLatestUserInput(protectedHistory.messages);
|
|
181
|
+
const verdict = await agent.guard({
|
|
182
|
+
system_id: process.env.AGENTID_SYSTEM_ID!,
|
|
183
|
+
input: latestUserInput,
|
|
184
|
+
model: "gpt-4o-mini",
|
|
185
|
+
metadata: {
|
|
186
|
+
runtime_surface: "manual_provider_integration",
|
|
187
|
+
full_history_protected: true,
|
|
188
|
+
messages_count: Array.isArray(protectedHistory.messages)
|
|
189
|
+
? protectedHistory.messages.length
|
|
190
|
+
: undefined,
|
|
191
|
+
protected_messages_count: Array.isArray(protectedHistory.messages)
|
|
192
|
+
? protectedHistory.messages.length
|
|
193
|
+
: undefined,
|
|
194
|
+
prompt_text_parts_count: protectedHistory.textPartsCount,
|
|
195
|
+
transformed_prompt_text_parts_count:
|
|
196
|
+
protectedHistory.transformedTextPartsCount,
|
|
197
|
+
},
|
|
198
|
+
});
|
|
199
|
+
if (!verdict.allowed) throw new Error(`Blocked: ${verdict.reason}`);
|
|
200
|
+
|
|
201
|
+
const response = await openai.chat.completions.create({
|
|
202
|
+
model: "gpt-4o-mini",
|
|
203
|
+
messages: protectedHistory.messages,
|
|
204
|
+
});
|
|
205
|
+
```
|
|
206
|
+
|
|
207
|
+
Wrapped OpenAI calls persist telemetry for both regular and streamed completions. For `stream: true`, logging happens when the stream finishes.
|
|
128
208
|
|
|
129
209
|
> Scope note: AgentID compliance/risk controls apply to the specific SDK-wrapped LLM calls (`guard()`, `wrapOpenAI()`, LangChain callback-wrapped flows). They do not automatically classify unrelated code paths in your whole monolithic application.
|
|
130
210
|
|
|
@@ -198,17 +278,28 @@ import { AgentID } from "agentid-sdk";
|
|
|
198
278
|
|
|
199
279
|
const agent = new AgentID();
|
|
200
280
|
|
|
201
|
-
await agent.log({
|
|
202
|
-
system_id: process.env.AGENTID_SYSTEM_ID!,
|
|
203
|
-
event_type: "complete",
|
|
204
|
-
severity: "info",
|
|
205
|
-
model: "gpt-4o-mini",
|
|
206
|
-
input: "Raw telemetry prompt",
|
|
207
|
-
output: '{"ok": true}',
|
|
281
|
+
await agent.log({
|
|
282
|
+
system_id: process.env.AGENTID_SYSTEM_ID!,
|
|
283
|
+
event_type: "complete",
|
|
284
|
+
severity: "info",
|
|
285
|
+
model: "gpt-4o-mini",
|
|
286
|
+
input: "Raw telemetry prompt",
|
|
287
|
+
output: '{"ok": true}',
|
|
288
|
+
usage: {
|
|
289
|
+
prompt_tokens: 33,
|
|
290
|
+
completion_tokens: 9,
|
|
291
|
+
total_tokens: 42,
|
|
292
|
+
},
|
|
293
|
+
latency: 1450,
|
|
208
294
|
metadata: { agent_role: "batch-worker", channel: "manual_ingest" },
|
|
209
295
|
});
|
|
210
296
|
```
|
|
211
297
|
|
|
298
|
+
For manual integrations, preserve provider usage. Without `usage` or
|
|
299
|
+
normalized `tokens`, AgentID can store Activity but cannot compute token totals,
|
|
300
|
+
`cost_usd`, Total Spend, or ROI. ROI also requires the system business context
|
|
301
|
+
fields `human_hourly_rate` and `human_time_per_task_min`.
|
|
302
|
+
|
|
212
303
|
### Agent workflow and tool events
|
|
213
304
|
|
|
214
305
|
Use `logOperation()` when an agent calls tools or performs operational work outside the wrapped LLM call. Reuse the same `workflowRunId` across steps.
|
|
@@ -263,6 +263,7 @@ declare class AgentID {
|
|
|
263
263
|
private localEnforcer;
|
|
264
264
|
private injectionScanner;
|
|
265
265
|
private recentGuardVerdicts;
|
|
266
|
+
private pendingGuardRequests;
|
|
266
267
|
constructor(config?: AgentIDConfig);
|
|
267
268
|
get piiMasking(): boolean | undefined;
|
|
268
269
|
get secretMasking(): boolean | undefined;
|
|
@@ -281,6 +282,7 @@ declare class AgentID {
|
|
|
281
282
|
private getCapabilityConfigWithTelemetry;
|
|
282
283
|
private getCachedCapabilityConfig;
|
|
283
284
|
private resolveEffectiveStrictMode;
|
|
285
|
+
private buildFailOpenGuardVerdict;
|
|
284
286
|
private maybeRaiseStrictIngestDependencyError;
|
|
285
287
|
private shouldRunLocalInjectionScan;
|
|
286
288
|
private refreshCapabilityConfigBeforeClientControl;
|
|
@@ -396,4 +398,4 @@ declare class AgentIDWorkflowTrail {
|
|
|
396
398
|
}
|
|
397
399
|
declare function createAgentIdWorkflowTrail(options: AgentIDWorkflowTrailOptions): AgentIDWorkflowTrail;
|
|
398
400
|
|
|
399
|
-
export { type AgentEventType as A, DependencyError as D, type GuardAttachment as G, type LogParams as L, type OperationLogParams as O,
|
|
401
|
+
export { type AgentEventType as A, DependencyError as D, type GuardAttachment as G, type LogParams as L, type OperationLogParams as O, type PIIAnonymizeOptions as P, type RequestOptions as R, SecurityBlockError as S, type TransparencyMetadata as T, type WrapOpenAIOptions as W, PIIManager as a, AgentID as b, type AgentIDWorkflowRunHooks as c, AgentIDWorkflowStep as d, type AgentIDWorkflowStepParams as e, AgentIDWorkflowTrail as f, type AgentIDWorkflowTrailOptions as g, type AgentOperationCategory as h, type AgentOperationStatus as i, type AgentTelemetryContext as j, type GuardParams as k, type GuardResponse as l, type PIIMapping as m, type PreparedInput as n, createAgentIdCorrelationId as o, createAgentIdOperationLog as p, createAgentIdTelemetryContext as q, createAgentIdWorkflowTrail as r };
|
|
@@ -263,6 +263,7 @@ declare class AgentID {
|
|
|
263
263
|
private localEnforcer;
|
|
264
264
|
private injectionScanner;
|
|
265
265
|
private recentGuardVerdicts;
|
|
266
|
+
private pendingGuardRequests;
|
|
266
267
|
constructor(config?: AgentIDConfig);
|
|
267
268
|
get piiMasking(): boolean | undefined;
|
|
268
269
|
get secretMasking(): boolean | undefined;
|
|
@@ -281,6 +282,7 @@ declare class AgentID {
|
|
|
281
282
|
private getCapabilityConfigWithTelemetry;
|
|
282
283
|
private getCachedCapabilityConfig;
|
|
283
284
|
private resolveEffectiveStrictMode;
|
|
285
|
+
private buildFailOpenGuardVerdict;
|
|
284
286
|
private maybeRaiseStrictIngestDependencyError;
|
|
285
287
|
private shouldRunLocalInjectionScan;
|
|
286
288
|
private refreshCapabilityConfigBeforeClientControl;
|
|
@@ -396,4 +398,4 @@ declare class AgentIDWorkflowTrail {
|
|
|
396
398
|
}
|
|
397
399
|
declare function createAgentIdWorkflowTrail(options: AgentIDWorkflowTrailOptions): AgentIDWorkflowTrail;
|
|
398
400
|
|
|
399
|
-
export { type AgentEventType as A, DependencyError as D, type GuardAttachment as G, type LogParams as L, type OperationLogParams as O,
|
|
401
|
+
export { type AgentEventType as A, DependencyError as D, type GuardAttachment as G, type LogParams as L, type OperationLogParams as O, type PIIAnonymizeOptions as P, type RequestOptions as R, SecurityBlockError as S, type TransparencyMetadata as T, type WrapOpenAIOptions as W, PIIManager as a, AgentID as b, type AgentIDWorkflowRunHooks as c, AgentIDWorkflowStep as d, type AgentIDWorkflowStepParams as e, AgentIDWorkflowTrail as f, type AgentIDWorkflowTrailOptions as g, type AgentOperationCategory as h, type AgentOperationStatus as i, type AgentTelemetryContext as j, type GuardParams as k, type GuardResponse as l, type PIIMapping as m, type PreparedInput as n, createAgentIdCorrelationId as o, createAgentIdOperationLog as p, createAgentIdTelemetryContext as q, createAgentIdWorkflowTrail as r };
|