agentid-sdk 0.1.38 → 0.1.41
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +102 -11
- package/dist/{agentid-CxVUF_eo.d.mts → agentid-Mjh8rXn0.d.mts} +3 -1
- package/dist/{agentid-CxVUF_eo.d.ts → agentid-Mjh8rXn0.d.ts} +3 -1
- package/dist/{chunk-AIGMQSAV.mjs → chunk-L2WVWRAC.mjs} +226 -119
- package/dist/index.d.mts +12 -3
- package/dist/index.d.ts +12 -3
- package/dist/index.js +280 -119
- package/dist/index.mjs +54 -1
- package/dist/langchain.d.mts +1 -1
- package/dist/langchain.d.ts +1 -1
- package/dist/langchain.js +5 -3
- package/dist/langchain.mjs +1 -1
- package/dist/transparency-badge.d.mts +1 -1
- package/dist/transparency-badge.d.ts +1 -1
- package/package.json +1 -1
|
@@ -1124,9 +1124,9 @@ var SDK_SECRET_PATTERN_DEFINITIONS = [
|
|
|
1124
1124
|
{
|
|
1125
1125
|
id: "password_assignment",
|
|
1126
1126
|
placeholderType: "PASSWORD_ASSIGNMENT",
|
|
1127
|
-
patternSource: `(?:\\b|["'])(?:password|passwd|pwd)(?:\\b|["'])\\s*(?:(?::|=|=>)|(?:is|are|was|were)\\b)
|
|
1127
|
+
patternSource: `(?:\\b|["'])(?:password|passwd|pwd|heslo)(?:\\b|["'])\\s*(?:(?::|=|=>)|(?:is|are|was|were|je)\\b)?\\s*(?:"[A-Za-z0-9._~!@#$%^&*+=\\/-]{8,}"|'[A-Za-z0-9._~!@#$%^&*+=\\/-]{8,}'|[A-Za-z0-9._~!@#$%^&*+=\\/-]{8,})`,
|
|
1128
1128
|
flags: "iu",
|
|
1129
|
-
prefilterTerms: ["password", "passwd", "pwd"]
|
|
1129
|
+
prefilterTerms: ["password", "passwd", "pwd", "heslo"]
|
|
1130
1130
|
},
|
|
1131
1131
|
{
|
|
1132
1132
|
id: "private_key_material",
|
|
@@ -1228,6 +1228,8 @@ var PHONE_CONTEXT_KEYWORDS = [
|
|
|
1228
1228
|
"call",
|
|
1229
1229
|
"contact",
|
|
1230
1230
|
"number",
|
|
1231
|
+
"cislo",
|
|
1232
|
+
"\u010D\xEDslo",
|
|
1231
1233
|
"hotline",
|
|
1232
1234
|
"support",
|
|
1233
1235
|
"infoline",
|
|
@@ -2288,7 +2290,7 @@ function getInjectionScanner() {
|
|
|
2288
2290
|
|
|
2289
2291
|
// src/sdk-version.ts
|
|
2290
2292
|
var FALLBACK_SDK_VERSION = "js-0.0.0-dev";
|
|
2291
|
-
var AGENTID_SDK_VERSION_HEADER = "js-0.1.
|
|
2293
|
+
var AGENTID_SDK_VERSION_HEADER = "js-0.1.41".trim().length > 0 ? "js-0.1.41" : FALLBACK_SDK_VERSION;
|
|
2292
2294
|
|
|
2293
2295
|
// src/local-security-enforcer.ts
|
|
2294
2296
|
var DEFAULT_FAIL_OPEN_CONFIG = {
|
|
@@ -2299,9 +2301,9 @@ var DEFAULT_FAIL_OPEN_CONFIG = {
|
|
|
2299
2301
|
block_on_heuristic: false,
|
|
2300
2302
|
inject_transparency_metadata: false,
|
|
2301
2303
|
block_pii_leakage: false,
|
|
2302
|
-
enable_sdk_pii_masking:
|
|
2304
|
+
enable_sdk_pii_masking: true,
|
|
2303
2305
|
block_secret_leakage: false,
|
|
2304
|
-
enable_sdk_secret_masking:
|
|
2306
|
+
enable_sdk_secret_masking: true,
|
|
2305
2307
|
block_db_access: false,
|
|
2306
2308
|
block_code_execution: false,
|
|
2307
2309
|
block_toxicity: false
|
|
@@ -2706,7 +2708,7 @@ var GUARD_MAX_ATTEMPTS = 3;
|
|
|
2706
2708
|
var GUARD_RETRY_DELAYS_MS = [250, 500];
|
|
2707
2709
|
var INGEST_MAX_ATTEMPTS = 3;
|
|
2708
2710
|
var INGEST_RETRY_DELAYS_MS = [250, 500];
|
|
2709
|
-
var GUARD_VERDICT_CACHE_TTL_MS =
|
|
2711
|
+
var GUARD_VERDICT_CACHE_TTL_MS = 1500;
|
|
2710
2712
|
var MAX_INGEST_TEXT_CHARS = 32e3;
|
|
2711
2713
|
var OPENAI_TELEMETRY_FIELD = "agentid_telemetry";
|
|
2712
2714
|
function normalizeBaseUrl3(baseUrl) {
|
|
@@ -3554,6 +3556,7 @@ var AgentID = class {
|
|
|
3554
3556
|
constructor(config = {}) {
|
|
3555
3557
|
this.injectionScanner = getInjectionScanner();
|
|
3556
3558
|
this.recentGuardVerdicts = /* @__PURE__ */ new Map();
|
|
3559
|
+
this.pendingGuardRequests = /* @__PURE__ */ new Map();
|
|
3557
3560
|
this.apiKey = resolveConfiguredApiKey(config.apiKey);
|
|
3558
3561
|
this.baseUrl = normalizeBaseUrl3(config.baseUrl ?? "https://app.getagentid.com/api/v1");
|
|
3559
3562
|
this.configuredPiiMasking = typeof config.piiMasking === "boolean" ? config.piiMasking : null;
|
|
@@ -3644,13 +3647,14 @@ var AgentID = class {
|
|
|
3644
3647
|
}
|
|
3645
3648
|
return createEventId2();
|
|
3646
3649
|
}
|
|
3647
|
-
buildGuardCacheKey(params) {
|
|
3650
|
+
buildGuardCacheKey(params, apiKey) {
|
|
3648
3651
|
if (!params.system_id || !params.input) {
|
|
3649
3652
|
return null;
|
|
3650
3653
|
}
|
|
3651
3654
|
const userId = params.user_id?.trim() ?? "";
|
|
3652
|
-
const normalizedInput = params.input.slice(0, 2048);
|
|
3653
|
-
|
|
3655
|
+
const normalizedInput = params.input.trim().replace(/\s+/g, " ").slice(0, 2048);
|
|
3656
|
+
const keyPrefix = apiKey?.slice(0, 24) ?? "";
|
|
3657
|
+
return `${keyPrefix}|${params.system_id}|${userId}|${normalizedInput.length}|${normalizedInput}`;
|
|
3654
3658
|
}
|
|
3655
3659
|
readCachedGuardVerdict(cacheKey) {
|
|
3656
3660
|
if (!cacheKey) return null;
|
|
@@ -3663,7 +3667,7 @@ var AgentID = class {
|
|
|
3663
3667
|
return cached.verdict;
|
|
3664
3668
|
}
|
|
3665
3669
|
cacheGuardVerdict(cacheKey, verdict) {
|
|
3666
|
-
if (!cacheKey ||
|
|
3670
|
+
if (!cacheKey || GUARD_VERDICT_CACHE_TTL_MS <= 0) {
|
|
3667
3671
|
return;
|
|
3668
3672
|
}
|
|
3669
3673
|
this.recentGuardVerdicts.set(cacheKey, {
|
|
@@ -3711,6 +3715,23 @@ var AgentID = class {
|
|
|
3711
3715
|
const config = await this.getCapabilityConfig(false, options);
|
|
3712
3716
|
return config.strict_security_mode || config.failure_mode === "fail_close";
|
|
3713
3717
|
}
|
|
3718
|
+
buildFailOpenGuardVerdict(reason, input, options) {
|
|
3719
|
+
const capabilityConfig = this.getCachedCapabilityConfig(options);
|
|
3720
|
+
const shouldMaskPii = capabilityConfig.block_pii_leakage || this.resolveEffectivePiiMasking(capabilityConfig);
|
|
3721
|
+
const shouldMaskSecrets = capabilityConfig.block_secret_leakage === true || this.resolveEffectiveSecretMasking(capabilityConfig);
|
|
3722
|
+
const response = { allowed: true, reason };
|
|
3723
|
+
if (input && (shouldMaskPii || shouldMaskSecrets)) {
|
|
3724
|
+
const masked = this.pii.anonymize(input, {
|
|
3725
|
+
pii: shouldMaskPii,
|
|
3726
|
+
secrets: shouldMaskSecrets
|
|
3727
|
+
});
|
|
3728
|
+
if (masked.maskedText !== input) {
|
|
3729
|
+
response.transformed_input = masked.maskedText;
|
|
3730
|
+
response.detected_pii = Object.keys(masked.mapping).length > 0;
|
|
3731
|
+
}
|
|
3732
|
+
}
|
|
3733
|
+
return response;
|
|
3734
|
+
}
|
|
3714
3735
|
maybeRaiseStrictIngestDependencyError(params) {
|
|
3715
3736
|
if (params.result.ok) {
|
|
3716
3737
|
return;
|
|
@@ -3951,12 +3972,43 @@ var AgentID = class {
|
|
|
3951
3972
|
})
|
|
3952
3973
|
});
|
|
3953
3974
|
}
|
|
3954
|
-
withMaskedOpenAIRequest(req, maskedText) {
|
|
3975
|
+
withMaskedOpenAIRequest(req, maskedText, options) {
|
|
3955
3976
|
const messages = Array.isArray(req?.messages) ? req.messages : null;
|
|
3956
3977
|
if (!messages) {
|
|
3957
3978
|
return req;
|
|
3958
3979
|
}
|
|
3959
|
-
const newMessages =
|
|
3980
|
+
const newMessages = messages.map((message2) => {
|
|
3981
|
+
if (!message2 || typeof message2 !== "object") {
|
|
3982
|
+
return message2;
|
|
3983
|
+
}
|
|
3984
|
+
const typedMessage = message2;
|
|
3985
|
+
const currentContent2 = typedMessage.content;
|
|
3986
|
+
if (typeof currentContent2 === "string") {
|
|
3987
|
+
return {
|
|
3988
|
+
...typedMessage,
|
|
3989
|
+
content: this.pii.anonymize(currentContent2, options).maskedText
|
|
3990
|
+
};
|
|
3991
|
+
}
|
|
3992
|
+
if (Array.isArray(currentContent2)) {
|
|
3993
|
+
return {
|
|
3994
|
+
...typedMessage,
|
|
3995
|
+
content: currentContent2.map((part) => {
|
|
3996
|
+
if (!part || typeof part !== "object") {
|
|
3997
|
+
return part;
|
|
3998
|
+
}
|
|
3999
|
+
const typedPart = part;
|
|
4000
|
+
if (typeof typedPart.text !== "string") {
|
|
4001
|
+
return part;
|
|
4002
|
+
}
|
|
4003
|
+
return {
|
|
4004
|
+
...typedPart,
|
|
4005
|
+
text: this.pii.anonymize(typedPart.text, options).maskedText
|
|
4006
|
+
};
|
|
4007
|
+
})
|
|
4008
|
+
};
|
|
4009
|
+
}
|
|
4010
|
+
return message2;
|
|
4011
|
+
});
|
|
3960
4012
|
let lastUserIdx = null;
|
|
3961
4013
|
for (let i = 0; i < newMessages.length; i += 1) {
|
|
3962
4014
|
const msg = newMessages[i];
|
|
@@ -4113,138 +4165,185 @@ var AgentID = class {
|
|
|
4113
4165
|
...params,
|
|
4114
4166
|
client_capabilities: params.client_capabilities ?? this.buildClientCapabilities()
|
|
4115
4167
|
};
|
|
4116
|
-
const guardCacheKey = this.buildGuardCacheKey(payload);
|
|
4168
|
+
const guardCacheKey = this.buildGuardCacheKey(payload, effectiveApiKey);
|
|
4117
4169
|
const cachedVerdict = this.readCachedGuardVerdict(guardCacheKey);
|
|
4118
4170
|
if (cachedVerdict) {
|
|
4119
4171
|
return withGuardLatency(cachedVerdict);
|
|
4120
4172
|
}
|
|
4121
|
-
const
|
|
4122
|
-
|
|
4123
|
-
|
|
4124
|
-
|
|
4125
|
-
|
|
4126
|
-
const
|
|
4127
|
-
|
|
4128
|
-
|
|
4129
|
-
|
|
4130
|
-
|
|
4131
|
-
|
|
4132
|
-
|
|
4133
|
-
|
|
4134
|
-
|
|
4135
|
-
"
|
|
4136
|
-
|
|
4137
|
-
|
|
4138
|
-
|
|
4139
|
-
|
|
4140
|
-
|
|
4141
|
-
|
|
4142
|
-
|
|
4143
|
-
|
|
4144
|
-
|
|
4145
|
-
|
|
4146
|
-
|
|
4147
|
-
|
|
4148
|
-
|
|
4149
|
-
|
|
4150
|
-
|
|
4151
|
-
|
|
4152
|
-
|
|
4153
|
-
|
|
4154
|
-
|
|
4155
|
-
if (
|
|
4173
|
+
const pendingGuardRequest = guardCacheKey ? this.pendingGuardRequests.get(guardCacheKey) : void 0;
|
|
4174
|
+
if (pendingGuardRequest) {
|
|
4175
|
+
return withGuardLatency(await pendingGuardRequest.promise);
|
|
4176
|
+
}
|
|
4177
|
+
const executeGuardRequest = async () => {
|
|
4178
|
+
const correlationId = createCorrelationId(payload.client_event_id);
|
|
4179
|
+
let lastStatusCode = null;
|
|
4180
|
+
let lastAbort = false;
|
|
4181
|
+
let lastError = null;
|
|
4182
|
+
for (let attempt = 0; attempt < GUARD_MAX_ATTEMPTS; attempt += 1) {
|
|
4183
|
+
const controller = new AbortController();
|
|
4184
|
+
const timeoutId = setTimeout(() => controller.abort(), this.guardTimeoutMs);
|
|
4185
|
+
try {
|
|
4186
|
+
const res = await fetch(`${this.baseUrl}/guard`, {
|
|
4187
|
+
method: "POST",
|
|
4188
|
+
headers: {
|
|
4189
|
+
"Content-Type": "application/json",
|
|
4190
|
+
"x-agentid-api-key": effectiveApiKey,
|
|
4191
|
+
"X-AgentID-SDK-Version": AGENTID_SDK_VERSION_HEADER,
|
|
4192
|
+
"x-correlation-id": correlationId
|
|
4193
|
+
},
|
|
4194
|
+
body: JSON.stringify(payload),
|
|
4195
|
+
signal: controller.signal
|
|
4196
|
+
});
|
|
4197
|
+
lastStatusCode = res.status;
|
|
4198
|
+
const responseBody = await safeReadJson2(res);
|
|
4199
|
+
if (responseBody && typeof responseBody.allowed === "boolean") {
|
|
4200
|
+
const rawVerdict = responseBody;
|
|
4201
|
+
const transparency = coerceTransparencyMetadata(rawVerdict.transparency);
|
|
4202
|
+
const verdict = {
|
|
4203
|
+
...rawVerdict,
|
|
4204
|
+
...transparency ? { transparency } : {}
|
|
4205
|
+
};
|
|
4206
|
+
const infrastructureFailure = verdict.allowed === false && (isInfrastructureGuardReason(verdict.reason) || !verdict.reason && res.status >= 500);
|
|
4207
|
+
if (infrastructureFailure) {
|
|
4208
|
+
if (attempt < GUARD_MAX_ATTEMPTS - 1) {
|
|
4209
|
+
await waitForRetry(attempt);
|
|
4210
|
+
continue;
|
|
4211
|
+
}
|
|
4212
|
+
if (effectiveStrictMode) {
|
|
4213
|
+
console.warn(
|
|
4214
|
+
`[AgentID] Guard API infrastructure failure in strict mode (${verdict.reason ?? `http_${res.status}`}). Blocking request.`
|
|
4215
|
+
);
|
|
4216
|
+
return withGuardLatency({
|
|
4217
|
+
allowed: false,
|
|
4218
|
+
reason: verdict.reason ?? "network_error_strict_mode"
|
|
4219
|
+
});
|
|
4220
|
+
}
|
|
4156
4221
|
console.warn(
|
|
4157
|
-
`[AgentID] Guard API infrastructure
|
|
4222
|
+
`[AgentID] Guard API infrastructure fallback in fail-open mode (${verdict.reason ?? `http_${res.status}`}).`
|
|
4158
4223
|
);
|
|
4159
|
-
|
|
4160
|
-
|
|
4161
|
-
|
|
4224
|
+
this.logGuardFallback({
|
|
4225
|
+
reason: verdict.reason ?? `http_${res.status}`,
|
|
4226
|
+
status: "upstream_error",
|
|
4227
|
+
guardParams: params,
|
|
4228
|
+
apiKey: effectiveApiKey
|
|
4162
4229
|
});
|
|
4230
|
+
return withGuardLatency(
|
|
4231
|
+
this.buildFailOpenGuardVerdict(
|
|
4232
|
+
"system_failure_fail_open",
|
|
4233
|
+
params.input,
|
|
4234
|
+
{ apiKey: effectiveApiKey }
|
|
4235
|
+
)
|
|
4236
|
+
);
|
|
4163
4237
|
}
|
|
4164
|
-
|
|
4165
|
-
|
|
4166
|
-
|
|
4238
|
+
this.cacheGuardVerdict(guardCacheKey, verdict);
|
|
4239
|
+
return withGuardLatency(verdict);
|
|
4240
|
+
}
|
|
4241
|
+
if (!res.ok) {
|
|
4242
|
+
if (res.status >= 500 && attempt < GUARD_MAX_ATTEMPTS - 1) {
|
|
4243
|
+
await waitForRetry(attempt);
|
|
4244
|
+
continue;
|
|
4245
|
+
}
|
|
4246
|
+
throw new Error(`API Error ${res.status}`);
|
|
4247
|
+
}
|
|
4248
|
+
throw new Error("Invalid guard response");
|
|
4249
|
+
} catch (error) {
|
|
4250
|
+
lastError = error;
|
|
4251
|
+
const isAbortError2 = Boolean(
|
|
4252
|
+
error && typeof error === "object" && error.name === "AbortError"
|
|
4253
|
+
);
|
|
4254
|
+
lastAbort = isAbortError2;
|
|
4255
|
+
if (attempt < GUARD_MAX_ATTEMPTS - 1) {
|
|
4256
|
+
await waitForRetry(attempt);
|
|
4257
|
+
continue;
|
|
4258
|
+
}
|
|
4259
|
+
if (isAbortError2) {
|
|
4260
|
+
const timeoutMessage = "AgentID API Warning: Connection timeout exceeded.";
|
|
4261
|
+
console.warn(timeoutMessage);
|
|
4167
4262
|
this.logGuardFallback({
|
|
4168
|
-
reason:
|
|
4169
|
-
status: "
|
|
4263
|
+
reason: "timeout_fallback",
|
|
4264
|
+
status: "latency_timeout",
|
|
4170
4265
|
guardParams: params,
|
|
4171
4266
|
apiKey: effectiveApiKey
|
|
4172
4267
|
});
|
|
4173
|
-
|
|
4174
|
-
|
|
4175
|
-
|
|
4176
|
-
|
|
4177
|
-
|
|
4178
|
-
|
|
4179
|
-
|
|
4180
|
-
|
|
4181
|
-
continue;
|
|
4268
|
+
if (effectiveStrictMode) {
|
|
4269
|
+
return withGuardLatency({ allowed: false, reason: "network_error_strict_mode" });
|
|
4270
|
+
}
|
|
4271
|
+
return withGuardLatency(
|
|
4272
|
+
this.buildFailOpenGuardVerdict("timeout_fallback", params.input, {
|
|
4273
|
+
apiKey: effectiveApiKey
|
|
4274
|
+
})
|
|
4275
|
+
);
|
|
4182
4276
|
}
|
|
4183
|
-
|
|
4184
|
-
|
|
4185
|
-
|
|
4186
|
-
|
|
4187
|
-
lastError = error;
|
|
4188
|
-
const isAbortError2 = Boolean(
|
|
4189
|
-
error && typeof error === "object" && error.name === "AbortError"
|
|
4190
|
-
);
|
|
4191
|
-
lastAbort = isAbortError2;
|
|
4192
|
-
if (attempt < GUARD_MAX_ATTEMPTS - 1) {
|
|
4193
|
-
await waitForRetry(attempt);
|
|
4194
|
-
continue;
|
|
4195
|
-
}
|
|
4196
|
-
if (isAbortError2) {
|
|
4197
|
-
const timeoutMessage = "AgentID API Warning: Connection timeout exceeded.";
|
|
4198
|
-
console.warn(timeoutMessage);
|
|
4277
|
+
console.warn(
|
|
4278
|
+
effectiveStrictMode ? "[AgentID] Guard check failed (Strict mode active):" : "[AgentID] Guard check failed (Fail-Open active):",
|
|
4279
|
+
error
|
|
4280
|
+
);
|
|
4199
4281
|
this.logGuardFallback({
|
|
4200
|
-
reason: "
|
|
4201
|
-
status: "
|
|
4282
|
+
reason: "guard_unreachable",
|
|
4283
|
+
status: "guard_unreachable",
|
|
4202
4284
|
guardParams: params,
|
|
4203
4285
|
apiKey: effectiveApiKey
|
|
4204
4286
|
});
|
|
4205
4287
|
if (effectiveStrictMode) {
|
|
4206
4288
|
return withGuardLatency({ allowed: false, reason: "network_error_strict_mode" });
|
|
4207
4289
|
}
|
|
4208
|
-
return withGuardLatency(
|
|
4290
|
+
return withGuardLatency(
|
|
4291
|
+
this.buildFailOpenGuardVerdict("guard_unreachable", params.input, {
|
|
4292
|
+
apiKey: effectiveApiKey
|
|
4293
|
+
})
|
|
4294
|
+
);
|
|
4295
|
+
} finally {
|
|
4296
|
+
clearTimeout(timeoutId);
|
|
4209
4297
|
}
|
|
4210
|
-
|
|
4211
|
-
|
|
4212
|
-
error
|
|
4213
|
-
);
|
|
4214
|
-
this.logGuardFallback({
|
|
4215
|
-
reason: "guard_unreachable",
|
|
4216
|
-
status: "guard_unreachable",
|
|
4217
|
-
guardParams: params,
|
|
4218
|
-
apiKey: effectiveApiKey
|
|
4219
|
-
});
|
|
4298
|
+
}
|
|
4299
|
+
if (lastAbort) {
|
|
4220
4300
|
if (effectiveStrictMode) {
|
|
4221
4301
|
return withGuardLatency({ allowed: false, reason: "network_error_strict_mode" });
|
|
4222
4302
|
}
|
|
4223
|
-
return withGuardLatency(
|
|
4224
|
-
|
|
4225
|
-
|
|
4303
|
+
return withGuardLatency(
|
|
4304
|
+
this.buildFailOpenGuardVerdict("timeout_fallback", params.input, {
|
|
4305
|
+
apiKey: effectiveApiKey
|
|
4306
|
+
})
|
|
4307
|
+
);
|
|
4226
4308
|
}
|
|
4227
|
-
|
|
4228
|
-
|
|
4309
|
+
if (typeof lastStatusCode === "number" && lastStatusCode >= 500) {
|
|
4310
|
+
if (effectiveStrictMode) {
|
|
4311
|
+
return withGuardLatency({ allowed: false, reason: "server_error" });
|
|
4312
|
+
}
|
|
4313
|
+
return withGuardLatency(
|
|
4314
|
+
this.buildFailOpenGuardVerdict(
|
|
4315
|
+
"system_failure_fail_open",
|
|
4316
|
+
params.input,
|
|
4317
|
+
{ apiKey: effectiveApiKey }
|
|
4318
|
+
)
|
|
4319
|
+
);
|
|
4320
|
+
}
|
|
4321
|
+
console.warn(
|
|
4322
|
+
effectiveStrictMode ? "[AgentID] Guard check failed (Strict mode active):" : "[AgentID] Guard check failed (Fail-Open active):",
|
|
4323
|
+
lastError
|
|
4324
|
+
);
|
|
4229
4325
|
if (effectiveStrictMode) {
|
|
4230
4326
|
return withGuardLatency({ allowed: false, reason: "network_error_strict_mode" });
|
|
4231
4327
|
}
|
|
4232
|
-
return withGuardLatency(
|
|
4328
|
+
return withGuardLatency(
|
|
4329
|
+
this.buildFailOpenGuardVerdict("guard_unreachable", params.input, {
|
|
4330
|
+
apiKey: effectiveApiKey
|
|
4331
|
+
})
|
|
4332
|
+
);
|
|
4333
|
+
};
|
|
4334
|
+
if (!guardCacheKey) {
|
|
4335
|
+
return executeGuardRequest();
|
|
4233
4336
|
}
|
|
4234
|
-
|
|
4235
|
-
|
|
4236
|
-
|
|
4337
|
+
const promise = executeGuardRequest();
|
|
4338
|
+
this.pendingGuardRequests.set(guardCacheKey, { promise });
|
|
4339
|
+
try {
|
|
4340
|
+
return await promise;
|
|
4341
|
+
} finally {
|
|
4342
|
+
const pending = this.pendingGuardRequests.get(guardCacheKey);
|
|
4343
|
+
if (pending?.promise === promise) {
|
|
4344
|
+
this.pendingGuardRequests.delete(guardCacheKey);
|
|
4237
4345
|
}
|
|
4238
|
-
return withGuardLatency({ allowed: true, reason: "system_failure_fail_open" });
|
|
4239
|
-
}
|
|
4240
|
-
console.warn(
|
|
4241
|
-
effectiveStrictMode ? "[AgentID] Guard check failed (Strict mode active):" : "[AgentID] Guard check failed (Fail-Open active):",
|
|
4242
|
-
lastError
|
|
4243
|
-
);
|
|
4244
|
-
if (effectiveStrictMode) {
|
|
4245
|
-
return withGuardLatency({ allowed: false, reason: "network_error_strict_mode" });
|
|
4246
4346
|
}
|
|
4247
|
-
return withGuardLatency({ allowed: true, reason: "guard_unreachable" });
|
|
4248
4347
|
}
|
|
4249
4348
|
async sendIngest(params, options, internal) {
|
|
4250
4349
|
const ingestStartedAt = Date.now();
|
|
@@ -4749,6 +4848,7 @@ var AgentID = class {
|
|
|
4749
4848
|
let mapping = {};
|
|
4750
4849
|
let sdkConfigFetchMs = 0;
|
|
4751
4850
|
let sdkLocalScanMs = 0;
|
|
4851
|
+
let providerMaskingOptions;
|
|
4752
4852
|
if (hasGuardContent) {
|
|
4753
4853
|
const prepared = await this.prepareInputForDispatch({
|
|
4754
4854
|
input: userText ?? "",
|
|
@@ -4758,6 +4858,10 @@ var AgentID = class {
|
|
|
4758
4858
|
telemetryMetadata
|
|
4759
4859
|
}, requestOptions);
|
|
4760
4860
|
capabilityConfig = prepared.capabilityConfig;
|
|
4861
|
+
providerMaskingOptions = {
|
|
4862
|
+
pii: !capabilityConfig.block_pii_leakage && this.resolveEffectivePiiMasking(capabilityConfig),
|
|
4863
|
+
secrets: !capabilityConfig.block_secret_leakage && this.resolveEffectiveSecretMasking(capabilityConfig)
|
|
4864
|
+
};
|
|
4761
4865
|
maskedText = prepared.sanitizedInput;
|
|
4762
4866
|
mapping = prepared.piiMapping ?? {};
|
|
4763
4867
|
sdkConfigFetchMs = prepared.sdkConfigFetchMs ?? 0;
|
|
@@ -4765,7 +4869,8 @@ var AgentID = class {
|
|
|
4765
4869
|
if (maskedText !== (userText ?? "")) {
|
|
4766
4870
|
maskedReq = this.withMaskedOpenAIRequest(
|
|
4767
4871
|
providerReq,
|
|
4768
|
-
maskedText
|
|
4872
|
+
maskedText,
|
|
4873
|
+
providerMaskingOptions
|
|
4769
4874
|
);
|
|
4770
4875
|
const nextCreateArgs = [...createArgs];
|
|
4771
4876
|
nextCreateArgs[0] = maskedReq;
|
|
@@ -4839,10 +4944,11 @@ var AgentID = class {
|
|
|
4839
4944
|
}
|
|
4840
4945
|
}
|
|
4841
4946
|
const currentRequestInput = adapter.extractInput(maskedReq) ?? "";
|
|
4842
|
-
if (maskedText !== currentRequestInput) {
|
|
4947
|
+
if (maskedText !== currentRequestInput || providerMaskingOptions?.pii === true || providerMaskingOptions?.secrets === true) {
|
|
4843
4948
|
maskedReq = this.withMaskedOpenAIRequest(
|
|
4844
4949
|
providerReq,
|
|
4845
|
-
maskedText
|
|
4950
|
+
maskedText,
|
|
4951
|
+
providerMaskingOptions
|
|
4846
4952
|
);
|
|
4847
4953
|
const nextCreateArgs = [...createArgs];
|
|
4848
4954
|
nextCreateArgs[0] = maskedReq;
|
|
@@ -4865,7 +4971,8 @@ var AgentID = class {
|
|
|
4865
4971
|
maskedText = transformedInput;
|
|
4866
4972
|
maskedReq = this.withMaskedOpenAIRequest(
|
|
4867
4973
|
providerReq,
|
|
4868
|
-
transformedInput
|
|
4974
|
+
transformedInput,
|
|
4975
|
+
providerMaskingOptions
|
|
4869
4976
|
);
|
|
4870
4977
|
const nextCreateArgs = [...createArgs];
|
|
4871
4978
|
nextCreateArgs[0] = maskedReq;
|
|
@@ -4912,7 +5019,7 @@ var AgentID = class {
|
|
|
4912
5019
|
void wrappedCompletion.done.then(async (result) => {
|
|
4913
5020
|
const modelLatencyMs2 = Math.max(0, Date.now() - modelStartedAt2);
|
|
4914
5021
|
const totalPipelineLatencyMs2 = Math.max(0, Date.now() - pipelineStartedAt);
|
|
4915
|
-
const outputForLog =
|
|
5022
|
+
const outputForLog = result.transformedOutput;
|
|
4916
5023
|
const ingestResult = await this.sendIngest({
|
|
4917
5024
|
event_id: canonicalClientEventId,
|
|
4918
5025
|
system_id: systemId,
|
|
@@ -4986,7 +5093,7 @@ var AgentID = class {
|
|
|
4986
5093
|
});
|
|
4987
5094
|
const model = adapter.getModelName(maskedReq, res);
|
|
4988
5095
|
const usage = adapter.getTokenUsage(res);
|
|
4989
|
-
const outputForLog =
|
|
5096
|
+
const outputForLog = wrappedCompletion.transformedOutput;
|
|
4990
5097
|
const ingestResult = await this.sendIngest({
|
|
4991
5098
|
event_id: canonicalClientEventId,
|
|
4992
5099
|
system_id: systemId,
|
package/dist/index.d.mts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { P as PIIManager } from './agentid-
|
|
2
|
-
export { A as AgentEventType,
|
|
1
|
+
import { P as PIIAnonymizeOptions, a as PIIManager } from './agentid-Mjh8rXn0.mjs';
|
|
2
|
+
export { A as AgentEventType, b as AgentID, c as AgentIDWorkflowRunHooks, d as AgentIDWorkflowStep, e as AgentIDWorkflowStepParams, f as AgentIDWorkflowTrail, g as AgentIDWorkflowTrailOptions, h as AgentOperationCategory, i as AgentOperationStatus, j as AgentTelemetryContext, D as DependencyError, G as GuardAttachment, k as GuardParams, l as GuardResponse, L as LogParams, O as OperationLogParams, m as PIIMapping, n as PreparedInput, R as RequestOptions, S as SecurityBlockError, T as TransparencyMetadata, W as WrapOpenAIOptions, o as createAgentIdCorrelationId, p as createAgentIdOperationLog, q as createAgentIdTelemetryContext, r as createAgentIdWorkflowTrail } from './agentid-Mjh8rXn0.mjs';
|
|
3
3
|
|
|
4
4
|
type TokenUsage = Record<string, unknown>;
|
|
5
5
|
type ExtractedGuardAttachment = {
|
|
@@ -24,6 +24,15 @@ declare class OpenAIAdapter implements LLMAdapter {
|
|
|
24
24
|
isStream(req: any): boolean;
|
|
25
25
|
}
|
|
26
26
|
|
|
27
|
+
type ProtectMessageHistoryOptions = PIIAnonymizeOptions;
|
|
28
|
+
type ProtectMessageHistoryResult<T> = {
|
|
29
|
+
messages: T;
|
|
30
|
+
transformed: boolean;
|
|
31
|
+
textPartsCount: number;
|
|
32
|
+
transformedTextPartsCount: number;
|
|
33
|
+
};
|
|
34
|
+
declare function protectMessageHistory<T>(messages: T, options?: ProtectMessageHistoryOptions): ProtectMessageHistoryResult<T>;
|
|
35
|
+
|
|
27
36
|
type InjectionScanParams = {
|
|
28
37
|
prompt: string;
|
|
29
38
|
apiKey: string;
|
|
@@ -54,4 +63,4 @@ declare class InjectionScanner {
|
|
|
54
63
|
}
|
|
55
64
|
declare function getInjectionScanner(): InjectionScanner;
|
|
56
65
|
|
|
57
|
-
export { type ExtractedGuardAttachment, type InjectionScanParams, InjectionScanner, type LLMAdapter, OpenAIAdapter, PIIManager, type TokenUsage, getInjectionScanner, scanWithRegex };
|
|
66
|
+
export { type ExtractedGuardAttachment, type InjectionScanParams, InjectionScanner, type LLMAdapter, OpenAIAdapter, PIIAnonymizeOptions, PIIManager, type ProtectMessageHistoryOptions, type ProtectMessageHistoryResult, type TokenUsage, getInjectionScanner, protectMessageHistory, scanWithRegex };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { P as PIIManager } from './agentid-
|
|
2
|
-
export { A as AgentEventType,
|
|
1
|
+
import { P as PIIAnonymizeOptions, a as PIIManager } from './agentid-Mjh8rXn0.js';
|
|
2
|
+
export { A as AgentEventType, b as AgentID, c as AgentIDWorkflowRunHooks, d as AgentIDWorkflowStep, e as AgentIDWorkflowStepParams, f as AgentIDWorkflowTrail, g as AgentIDWorkflowTrailOptions, h as AgentOperationCategory, i as AgentOperationStatus, j as AgentTelemetryContext, D as DependencyError, G as GuardAttachment, k as GuardParams, l as GuardResponse, L as LogParams, O as OperationLogParams, m as PIIMapping, n as PreparedInput, R as RequestOptions, S as SecurityBlockError, T as TransparencyMetadata, W as WrapOpenAIOptions, o as createAgentIdCorrelationId, p as createAgentIdOperationLog, q as createAgentIdTelemetryContext, r as createAgentIdWorkflowTrail } from './agentid-Mjh8rXn0.js';
|
|
3
3
|
|
|
4
4
|
type TokenUsage = Record<string, unknown>;
|
|
5
5
|
type ExtractedGuardAttachment = {
|
|
@@ -24,6 +24,15 @@ declare class OpenAIAdapter implements LLMAdapter {
|
|
|
24
24
|
isStream(req: any): boolean;
|
|
25
25
|
}
|
|
26
26
|
|
|
27
|
+
type ProtectMessageHistoryOptions = PIIAnonymizeOptions;
|
|
28
|
+
type ProtectMessageHistoryResult<T> = {
|
|
29
|
+
messages: T;
|
|
30
|
+
transformed: boolean;
|
|
31
|
+
textPartsCount: number;
|
|
32
|
+
transformedTextPartsCount: number;
|
|
33
|
+
};
|
|
34
|
+
declare function protectMessageHistory<T>(messages: T, options?: ProtectMessageHistoryOptions): ProtectMessageHistoryResult<T>;
|
|
35
|
+
|
|
27
36
|
type InjectionScanParams = {
|
|
28
37
|
prompt: string;
|
|
29
38
|
apiKey: string;
|
|
@@ -54,4 +63,4 @@ declare class InjectionScanner {
|
|
|
54
63
|
}
|
|
55
64
|
declare function getInjectionScanner(): InjectionScanner;
|
|
56
65
|
|
|
57
|
-
export { type ExtractedGuardAttachment, type InjectionScanParams, InjectionScanner, type LLMAdapter, OpenAIAdapter, PIIManager, type TokenUsage, getInjectionScanner, scanWithRegex };
|
|
66
|
+
export { type ExtractedGuardAttachment, type InjectionScanParams, InjectionScanner, type LLMAdapter, OpenAIAdapter, PIIAnonymizeOptions, PIIManager, type ProtectMessageHistoryOptions, type ProtectMessageHistoryResult, type TokenUsage, getInjectionScanner, protectMessageHistory, scanWithRegex };
|