npm - agentid-sdk - Versions diffs - 0.1.41 → 0.1.42 - Mend

agentid-sdk 0.1.41 → 0.1.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +83 -2
package/dist/{agentid-Mjh8rXn0.d.mts → agentid-DbTWrLnN.d.mts} +29 -0
package/dist/{agentid-Mjh8rXn0.d.ts → agentid-DbTWrLnN.d.ts} +29 -0
package/dist/{chunk-L2WVWRAC.mjs → chunk-C5U4L4JY.mjs} +566 -418
package/dist/index.d.mts +27 -3
package/dist/index.d.ts +27 -3
package/dist/index.js +598 -422
package/dist/index.mjs +32 -5
package/dist/langchain.d.mts +8 -1
package/dist/langchain.d.ts +8 -1
package/dist/langchain.js +301 -71
package/dist/langchain.mjs +129 -44
package/dist/transparency-badge.d.mts +1 -1
package/dist/transparency-badge.d.ts +1 -1
package/package.json +2 -1

package/dist/langchain.js CHANGED Viewed

@@ -27,7 +27,7 @@ var import_base = require("@langchain/core/callbacks/base");
 // src/sdk-version.ts
 var FALLBACK_SDK_VERSION = "js-0.0.0-dev";
-var AGENTID_SDK_VERSION_HEADER = "js-0.1.41".trim().length > 0 ? "js-0.1.41" : FALLBACK_SDK_VERSION;
+var AGENTID_SDK_VERSION_HEADER = "js-0.1.42".trim().length > 0 ? "js-0.1.42" : FALLBACK_SDK_VERSION;
 // src/pii-national-identifiers.ts
 var MAX_CANDIDATES_PER_RULE = 256;
@@ -895,49 +895,49 @@ function detectNationalIdentifiers(text, options = {}) {
 var SDK_SECRET_PATTERN_DEFINITIONS = [
   {
     id: "openai_api_key",
-    placeholderType: "OPENAI_API_KEY",
+    placeholderType: "SECRET",
     patternSource: "\\bsk-(?:proj-)?[A-Za-z0-9_-]{20,}\\b",
     flags: "iu",
     prefilterTerms: ["sk-", "proj-", "openai"]
   },
   {
     id: "aws_access_key",
-    placeholderType: "AWS_ACCESS_KEY",
+    placeholderType: "SECRET",
     patternSource: "\\b(?:AKIA|ASIA)[A-Z0-9]{16}\\b",
     flags: "iu",
     prefilterTerms: ["akia", "asia", "aws"]
   },
   {
     id: "github_token",
-    placeholderType: "GITHUB_TOKEN",
+    placeholderType: "SECRET",
     patternSource: "\\b(?:gh[pousr]_[A-Za-z0-9]{24,255}|github_pat_[A-Za-z0-9_]{20,255})\\b",
     flags: "iu",
     prefilterTerms: ["ghp_", "gho_", "ghu_", "ghs_", "ghr_", "github_pat_"]
   },
   {
     id: "slack_token",
-    placeholderType: "SLACK_TOKEN",
+    placeholderType: "SECRET",
     patternSource: "\\bxox(?:a|b|p|r|s)-[A-Za-z0-9-]{10,200}\\b",
     flags: "iu",
     prefilterTerms: ["xoxa-", "xoxb-", "xoxp-", "xoxr-", "xoxs-", "slack"]
   },
   {
     id: "slack_webhook_url",
-    placeholderType: "SLACK_WEBHOOK_URL",
+    placeholderType: "SECRET",
     patternSource: "https:\\/\\/hooks\\.slack\\.com\\/services\\/[A-Za-z0-9/_-]{20,}",
     flags: "iu",
     prefilterTerms: ["hooks.slack.com/services", "slack"]
   },
   {
     id: "discord_webhook_url",
-    placeholderType: "DISCORD_WEBHOOK_URL",
+    placeholderType: "SECRET",
     patternSource: "https:\\/\\/discord(?:app)?\\.com\\/api\\/webhooks\\/\\d+\\/[A-Za-z0-9_-]{16,}",
     flags: "iu",
     prefilterTerms: ["discord.com/api/webhooks", "discordapp.com/api/webhooks", "discord"]
   },
   {
     id: "stripe_secret_key",
-    placeholderType: "STRIPE_SECRET_KEY",
+    placeholderType: "SECRET",
     patternSource: "\\b(?:sk|pk|ak|rk)_(?:live|test)_[A-Za-z0-9]+\\b",
     flags: "iu",
     prefilterTerms: [
@@ -954,49 +954,49 @@ var SDK_SECRET_PATTERN_DEFINITIONS = [
   },
   {
     id: "google_api_key",
-    placeholderType: "GOOGLE_API_KEY",
+    placeholderType: "SECRET",
     patternSource: "\\bAIza[0-9A-Za-z_-]{35}\\b",
     flags: "iu",
     prefilterTerms: ["aiza", "google"]
   },
   {
     id: "anthropic_api_key",
-    placeholderType: "ANTHROPIC_API_KEY",
+    placeholderType: "SECRET",
     patternSource: "\\bsk-ant-(?:api\\d{2}-)?[A-Za-z0-9_-]{20,}\\b",
     flags: "iu",
     prefilterTerms: ["sk-ant-", "anthropic"]
   },
   {
     id: "evm_private_key",
-    placeholderType: "EVM_PRIVATE_KEY",
+    placeholderType: "SECRET",
     patternSource: "\\b0x[a-fA-F0-9]{64}\\b",
     flags: "iu",
     prefilterTerms: ["0x", "ethereum", "evm", "private key"]
   },
   {
     id: "jwt_token",
-    placeholderType: "JWT_TOKEN",
+    placeholderType: "SECRET",
     patternSource: "\\beyJ[A-Za-z0-9_-]{6,}\\.[A-Za-z0-9_-]{8,}\\.[A-Za-z0-9_-]{8,}\\b",
     flags: "iu",
     prefilterTerms: ["eyj", "jwt", "bearer"]
   },
   {
     id: "bearer_token",
-    placeholderType: "BEARER_TOKEN",
+    placeholderType: "SECRET",
     patternSource: "\\bauthorization\\b\\s*[:=]\\s*bearer\\s+[A-Za-z0-9._~+\\/-]{16,}|\\bbearer\\s+[A-Za-z0-9._~+\\/-]{24,}",
     flags: "iu",
     prefilterTerms: ["authorization", "bearer"]
   },
   {
     id: "api_key_header",
-    placeholderType: "API_KEY_HEADER",
+    placeholderType: "SECRET",
     patternSource: "\\bx[-_]?api[-_]?key\\b\\s*[:=]\\s*[A-Za-z0-9._~+\\/-]{16,}",
     flags: "iu",
     prefilterTerms: ["x-api-key", "api-key", "x_api_key", "api_key"]
   },
   {
     id: "credential_assignment",
-    placeholderType: "CREDENTIAL_ASSIGNMENT",
+    placeholderType: "SECRET",
     patternSource: `(?:\\b|["'])(?:api(?:[_-]?|\\s+)key|access(?:[_-]?|\\s+)token|auth(?:[_-]?|\\s+)token|client(?:[_-]?|\\s+)secret|private(?:[_-]?|\\s+)key)(?:\\b|["'])\\s*(?::|=|=>)\\s*(?:"[A-Za-z0-9._~+\\/=:-]{16,}"|'[A-Za-z0-9._~+\\/=:-]{16,}'|[A-Za-z0-9._~+\\/=:-]{16,})`,
     flags: "iu",
     prefilterTerms: [
@@ -1012,28 +1012,28 @@ var SDK_SECRET_PATTERN_DEFINITIONS = [
   },
   {
     id: "password_assignment",
-    placeholderType: "PASSWORD_ASSIGNMENT",
+    placeholderType: "PASSWORD",
     patternSource: `(?:\\b|["'])(?:password|passwd|pwd|heslo)(?:\\b|["'])\\s*(?:(?::|=|=>)|(?:is|are|was|were|je)\\b)?\\s*(?:"[A-Za-z0-9._~!@#$%^&*+=\\/-]{8,}"|'[A-Za-z0-9._~!@#$%^&*+=\\/-]{8,}'|[A-Za-z0-9._~!@#$%^&*+=\\/-]{8,})`,
     flags: "iu",
     prefilterTerms: ["password", "passwd", "pwd", "heslo"]
   },
   {
     id: "private_key_material",
-    placeholderType: "PRIVATE_KEY_MATERIAL",
+    placeholderType: "SECRET",
     patternSource: "-----BEGIN (?:(?:RSA |EC |OPENSSH |DSA )?PRIVATE KEY|PGP PRIVATE KEY BLOCK|CERTIFICATE)-----[\\s\\S]{20,12000}(?:-----END (?:(?:RSA |EC |OPENSSH |DSA )?PRIVATE KEY|PGP PRIVATE KEY BLOCK|CERTIFICATE)-----|$)",
     flags: "iu",
     prefilterTerms: ["begin private key", "begin pgp private key block", "private key"]
   },
   {
     id: "azure_connection_string",
-    placeholderType: "AZURE_CONNECTION_STRING",
+    placeholderType: "SECRET",
     patternSource: "\\bDefaultEndpointsProtocol=https;AccountName=[A-Za-z0-9.-]{3,};AccountKey=[A-Za-z0-9+/=]{20,}(?:;EndpointSuffix=[A-Za-z0-9.-]+)?\\b",
     flags: "iu",
     prefilterTerms: ["defaultendpointsprotocol", "accountname", "accountkey", "azure"]
   },
   {
     id: "azure_sas_token",
-    placeholderType: "AZURE_SAS_TOKEN",
+    placeholderType: "SECRET",
     patternSource: "\\bsv=[^\\s&]{2,}&[^\\s]{0,200}\\bsig=[A-Za-z0-9%/+_-]{16,}",
     flags: "iu",
     prefilterTerms: ["sv=", "sig=", "accountkey", "azure"]
@@ -1096,19 +1096,70 @@ function rangesOverlap(left, right) {
   return left.start < right.end && right.start < left.end;
 }
 function detectionPriority(type) {
-  if (/^(?:OPENAI_API_KEY|AWS_ACCESS_KEY|GITHUB_TOKEN|SLACK_TOKEN|SLACK_WEBHOOK_URL|DISCORD_WEBHOOK_URL|STRIPE_SECRET_KEY|GOOGLE_API_KEY|ANTHROPIC_API_KEY|EVM_PRIVATE_KEY|JWT_TOKEN|BEARER_TOKEN|API_KEY_HEADER|AZURE_CONNECTION_STRING|AZURE_SAS_TOKEN)$/u.test(
-    type
-  )) {
+  const normalizedType = toPlaceholderType(type);
+  if (normalizedType === "SECRET") {
     return 100;
   }
-  if (/^(?:CREDENTIAL_ASSIGNMENT|PASSWORD_ASSIGNMENT|PRIVATE_KEY_MATERIAL|ENV_SECRET_ASSIGNMENT)$/u.test(type)) {
+  if (normalizedType === "PASSWORD") {
+    return 90;
+  }
+  if (/^(?:CREDENTIAL_ASSIGNMENT|PRIVATE_KEY_MATERIAL|ENV_SECRET_ASSIGNMENT)$/u.test(
+    normalizedType
+  )) {
     return 80;
   }
-  if (type === "PERSON_NAME" || type === "PERSON") {
+  if (normalizedType === "PERSON_NAME" || normalizedType === "PERSON") {
     return 10;
   }
   return 50;
 }
+function isPasswordPlaceholderType(type) {
+  return /^(?:PASSWORD_ASSIGNMENT|BASIC_AUTH_PASSWORD)$/u.test(type);
+}
+function isGenericSecretPlaceholderType(type) {
+  return /^(?:OPENAI_API_KEY|AWS_ACCESS_KEY|GITHUB_TOKEN|SLACK_TOKEN|SLACK_WEBHOOK_URL|DISCORD_WEBHOOK_URL|STRIPE_SECRET_KEY|GOOGLE_API_KEY|ANTHROPIC_API_KEY|EVM_PRIVATE_KEY|JWT_TOKEN|BEARER_TOKEN|API_KEY_HEADER|CREDENTIAL_ASSIGNMENT|PRIVATE_KEY_MATERIAL|ENV_SECRET_ASSIGNMENT|AZURE_CONNECTION_STRING|AZURE_SAS_TOKEN|DISCORD_WEBHOOK_TOKEN)$/u.test(
+    type
+  );
+}
+function toPlaceholderType(type) {
+  const normalized = String(type ?? "").trim().toUpperCase();
+  if (isPasswordPlaceholderType(normalized)) {
+    return "PASSWORD";
+  }
+  if (isGenericSecretPlaceholderType(normalized)) {
+    return "SECRET";
+  }
+  return normalized || "PII";
+}
+function trimLeadingAddressContext(value) {
+  const trimmed = value.replace(
+    /^(?:(?:na\s+)?adrese|(?:se\s+)?(?:s[ií]dlem|bydli[sš]t[ěe]m|bytem|adresa(?:\s+bydli[sš]t[ěe])?))\s*[:,-]?\s*/iu,
+    ""
+  );
+  if (!trimmed || trimmed === value) {
+    return { text: value, offset: 0 };
+  }
+  return {
+    text: trimmed,
+    offset: value.indexOf(trimmed)
+  };
+}
+function normalizeDetection(detection) {
+  if (detection.type !== "ADDRESS") {
+    return detection;
+  }
+  const trimmed = trimLeadingAddressContext(detection.text);
+  if (trimmed.offset <= 0 || trimmed.text === detection.text) {
+    return detection;
+  }
+  const start = detection.start + trimmed.offset;
+  return {
+    ...detection,
+    start,
+    end: start + trimmed.text.length,
+    text: trimmed.text
+  };
+}
 var PHONE_CONTEXT_KEYWORDS = [
   "tel",
   "phone",
@@ -1223,6 +1274,19 @@ var PERSON_NAME_STOPWORDS = /* @__PURE__ */ new Set([
   "security",
   "instructions",
   "instruction",
+  "authorized",
+  "audit",
+  "article",
+  "compliance",
+  "global",
+  "governance",
+  "charter",
+  "initialization",
+  "sequence",
+  "prefix",
+  "prefixes",
+  "priority",
+  "violation",
   "google",
   "form",
   "forms",
@@ -1297,6 +1361,21 @@ var TECHNICAL_CONTEXT_SYMBOL_REGEX = /:\/\/|`|\{|\}|\[|\]|\(|\)|;|\$|=>|::|\/\//
 var NAME_LABEL_QUESTION_CONTEXT_REGEX = /\b(?:jak(?:e|y|a|ou)|kter(?:e|y|a|ou)|co|what|which|whose|wie|welch(?:e|er|es|en|em)?|quel(?:le|s|les)?|que|cual(?:es)?|wat|welke|jaki|jakie|jaka)\b[\s\S]{0,80}\b(?:jmeno|prijmeni|name|names|namen|nom|nombre|nome|naam|imie|nazwisko|meno)\b[\s\S]{0,96}\b(?:napsal\p{L}*|napsan\p{L}*|psal\p{L}*|pouzil\p{L}*|pouzili\p{L}*|write|wrote|written|type|typed|enter(?:ed)?|use(?:d)?|say|said|geschrieben|getippt|eingetragen|ecrit|escrib\p{L}*|scritt\p{L}*)\b/iu;
 var NAME_VALUE_ASSIGNMENT_BEFORE_CANDIDATE_REGEX = /(?:[:=]|=>|-|\b(?:is|was|je|jsou|jmenuje|called|named|ist|sind|lautet|est|es)\b)\s*$/iu;
 var BIRTH_NUMBER_CONTEXT_RE = /\b(?:rodn[eé]\s*(?:č[ií]slo|cislo)|r\.?\s*c\.?|birth\s+number)\b[^0-9]{0,80}(\d{6}(?:\/?\d{3,4})?)\b/giu;
+var ADDRESS_HOUSE_NUMBER_PATTERN = String.raw`\d{1,5}(?:\/\d{1,5}[A-Za-z]?)?[A-Za-z]?`;
+var ADDRESS_POSTAL_CODE_PATTERN = String.raw`(?:\d{3}\s?\d{2}|\d{5})`;
+var ADDRESS_STREET_LABEL_PATTERN = String.raw`(?:ulici|ulice|ul\.?|street|st\.?|road|rd\.?|avenue|ave\.?|n[aá]m[eě]st[ií]|t[řr][íi]da|alej|n[aá]b[řr]ež[ií])`;
+var ADDRESS_WITH_ANCHOR_RE = new RegExp(
+  String.raw`\b(?:bydl[ií]m\s+na|bydlim\s+na|bytem|bydli[sš]t[eě]|adresa|na\s+ulici|v\s+ulici|doru[cč]ovac[ií]\s+adresa|koresponden[cč]n[ií]\s+adresa|faktura[cč]n[ií]\s+adresa|se\s+s[ií]dlem|z[ií]ju\s+v|ziju\s+v|zjiu\s+v)\b[\s,:-]{0,12}((?:(?:${ADDRESS_STREET_LABEL_PATTERN})\s+)?(?:\p{L}[\p{L}'’-]{2,}\s+){0,4}${ADDRESS_HOUSE_NUMBER_PATTERN}(?:(?:,\s*|\s+)(?:${ADDRESS_POSTAL_CODE_PATTERN}))?(?:(?:,\s*|\s+)(?:v|ve)\s+)?(?:(?:,\s*|\s+)(?:\p{L}[\p{L}'’-]{2,})(?:\s+\p{L}[\p{L}'’-]{2,}){0,2})?)`,
+  "giu"
+);
+var ADDRESS_CITY_NUMBER_WITH_ANCHOR_RE = new RegExp(
+  String.raw`\b(?:z[ií]ju\s+v|ziju\s+v|zjiu\s+v|v\s+obci|v\s+katastru\s+obce)\b[\s,:-]{0,12}((?:\p{L}[\p{L}'’-]{2,})(?:\s+\p{L}[\p{L}'’-]{2,}){0,2}\s+${ADDRESS_HOUSE_NUMBER_PATTERN})`,
+  "giu"
+);
+var ADDRESS_STANDALONE_RE = new RegExp(
+  String.raw`\b((?:(?:${ADDRESS_STREET_LABEL_PATTERN})\s+)?(?:\p{L}[\p{L}'’-]{2,}\s+){0,4}${ADDRESS_HOUSE_NUMBER_PATTERN}(?:,\s*|\s+)(?:${ADDRESS_POSTAL_CODE_PATTERN})(?:,\s*|\s+)(?:\p{L}[\p{L}'’-]{2,}(?:\s+\p{L}[\p{L}'’-]{2,}){0,2}))`,
+  "gu"
+);
 function hasPhoneContext(text, matchStartIndex, windowSize = 50) {
   const start = Math.max(0, matchStartIndex - windowSize);
   const windowLower = text.slice(start, matchStartIndex).toLowerCase();
@@ -1348,6 +1427,26 @@ function isLikelyPersonNameCandidate(candidate, contextWindow) {
   }
   return true;
 }
+function isLikelyAddressCandidate(candidate) {
+  if (!/\d/u.test(candidate)) {
+    return false;
+  }
+  const normalized = normalizePersonWord(candidate);
+  const words = candidate.trim().split(/\s+/).filter(Boolean);
+  if (words.length < 2) {
+    return false;
+  }
+  const numberIndex = words.findIndex((word) => /\d/u.test(word));
+  if (numberIndex <= 0) {
+    return false;
+  }
+  const letterWordRe = /^\p{L}[\p{L}'’-]*$/u;
+  const beforeCount = words.slice(0, numberIndex).filter((word) => letterWordRe.test(word)).length;
+  const afterCount = words.slice(numberIndex + 1).filter((word) => letterWordRe.test(word)).length;
+  return /\b(?:ulici|ulice|ul\.|street|road|avenue|namesti|trida|alej|nabrezi)\b/iu.test(
+    normalized
+  ) || /\b\d{3}\s?\d{2}\b|\b\d{5}\b/u.test(candidate) || beforeCount >= 1 && afterCount >= 1;
+}
 var PIIManager = class {
   /**
    * Reversible local-first masking using <TYPE_INDEX> placeholders.
@@ -1428,13 +1527,55 @@ var PIIManager = class {
         });
         for (const match of nationalIdMatches) {
           if (match.start < 0 || match.end <= match.start) continue;
+          const detectionType = match.type === "address_postal" ? "ADDRESS" : match.type === "birth_number" ? "BIRTH_NUMBER" : "NATIONAL_ID";
           detections.push({
             start: match.start,
             end: match.end,
-            type: "NATIONAL_ID",
+            type: detectionType,
             text: text.slice(match.start, match.end)
           });
         }
+        ADDRESS_WITH_ANCHOR_RE.lastIndex = 0;
+        for (const match of text.matchAll(ADDRESS_WITH_ANCHOR_RE)) {
+          if (match.index == null) continue;
+          const value = match[1] ?? "";
+          if (!value || !isLikelyAddressCandidate(value)) continue;
+          const localIndex = match[0].lastIndexOf(value);
+          const start = match.index + Math.max(0, localIndex);
+          detections.push({
+            start,
+            end: start + value.length,
+            type: "ADDRESS",
+            text: value
+          });
+        }
+        ADDRESS_CITY_NUMBER_WITH_ANCHOR_RE.lastIndex = 0;
+        for (const match of text.matchAll(ADDRESS_CITY_NUMBER_WITH_ANCHOR_RE)) {
+          if (match.index == null) continue;
+          const value = match[1] ?? "";
+          if (!value || !isLikelyAddressCandidate(value)) continue;
+          const localIndex = match[0].lastIndexOf(value);
+          const start = match.index + Math.max(0, localIndex);
+          detections.push({
+            start,
+            end: start + value.length,
+            type: "ADDRESS",
+            text: value
+          });
+        }
+        ADDRESS_STANDALONE_RE.lastIndex = 0;
+        for (const match of text.matchAll(ADDRESS_STANDALONE_RE)) {
+          if (match.index == null) continue;
+          const value = match[1] ?? match[0];
+          if (!value || !isLikelyAddressCandidate(value)) continue;
+          const start = match.index;
+          detections.push({
+            start,
+            end: start + value.length,
+            type: "ADDRESS",
+            text: value
+          });
+        }
       }
       if (resolvedOptions.secrets) {
         BASIC_AUTH_PASSWORD_RE.lastIndex = 0;
@@ -1484,13 +1625,17 @@ var PIIManager = class {
           }
         }
       }
-      const kept = normalizeDetections(text, detections);
+      const kept = normalizeDetections(
+        text,
+        detections.map((detection) => normalizeDetection(detection))
+      );
       if (!kept.length) return { maskedText: text, mapping: {} };
       const counters = {};
       const mapping = {};
       const replacements = kept.map((d) => {
-        counters[d.type] = (counters[d.type] ?? 0) + 1;
-        const placeholder = `<${d.type}_${counters[d.type]}>`;
+        const placeholderType = toPlaceholderType(d.type);
+        counters[placeholderType] = (counters[placeholderType] ?? 0) + 1;
+        const placeholder = `<${placeholderType}_${counters[placeholderType]}>`;
         mapping[placeholder] = d.text;
         return { ...d, placeholder };
       });
@@ -1637,6 +1782,18 @@ var SecurityBlockError = class extends Error {
 // src/langchain.ts
 var piiManager = new PIIManager();
 var LANGCHAIN_TELEMETRY_FIELD = "agentid_telemetry";
+var MAX_PROMPT_CONTEXT_CHARS = 64e3;
+function getZeroRetentionInput(rawInput, candidateInput) {
+  const raw = typeof rawInput === "string" ? rawInput : "";
+  const candidate = typeof candidateInput === "string" ? candidateInput : "";
+  if (candidate.length > 0 && candidate !== raw) {
+    return candidate;
+  }
+  return "[REDACTED]";
+}
+function isFailOpenGuardBypassReason(reason) {
+  return reason === "timeout_fallback" || reason === "guard_unreachable" || reason === "system_failure_fail_open";
+}
 function safeString(val) {
   return typeof val === "string" ? val : "";
 }
@@ -1807,9 +1964,6 @@ function setFiniteDurationMetadata(metadata, key, value) {
     metadata[key] = Math.max(0, Math.trunc(value));
   }
 }
-function isGuardFailureEligibleForLocalFallback(reason) {
-  return reason === "network_error_strict_mode" || reason === "server_error" || reason === "system_failure" || reason === "system_failure_db_unavailable" || reason === "logging_failed" || reason === "guard_unreachable" || reason === "api_key_pepper_missing" || reason === "encryption_key_missing";
-}
 function extractTextFromContent(content) {
   if (typeof content === "string") {
     return content;
@@ -1859,6 +2013,26 @@ function extractPromptFromPrompts(prompts) {
   }
   return "";
 }
+function truncatePromptContext(value) {
+  if (value.length <= MAX_PROMPT_CONTEXT_CHARS) {
+    return value;
+  }
+  const headChars = Math.floor((MAX_PROMPT_CONTEXT_CHARS - 32) / 2);
+  const tailChars = MAX_PROMPT_CONTEXT_CHARS - headChars - 32;
+  return `${value.slice(0, headChars)}
+[...TRUNCATED CONTEXT...]
+${value.slice(-tailChars)}`;
+}
+function extractPromptContextFromPrompts(prompts) {
+  if (!Array.isArray(prompts)) {
+    return "";
+  }
+  const sections = prompts.map((prompt, index) => {
+    const text = safeString(prompt);
+    return text ? `[prompt_${index + 1}] ${text}` : null;
+  }).filter((section) => section !== null);
+  return sections.length > 0 ? truncatePromptContext(sections.join("\n\n")) : "";
+}
 function extractPromptFromMessages(messages) {
   const flat = [];
   if (Array.isArray(messages)) {
@@ -1884,6 +2058,28 @@ function extractPromptFromMessages(messages) {
   const typedLast = last;
   return extractTextFromContent(typedLast.content ?? typedLast.text);
 }
+function extractPromptContextFromMessages(messages) {
+  const flat = [];
+  if (Array.isArray(messages)) {
+    for (const item of messages) {
+      if (Array.isArray(item)) {
+        flat.push(...item);
+      } else {
+        flat.push(item);
+      }
+    }
+  }
+  const sections = flat.map((message) => {
+    const role = getMessageRole(message) ?? "message";
+    const typed = message;
+    const text = extractTextFromContent(typed?.content ?? typed?.text);
+    return text ? `[${role}] ${text}` : null;
+  }).filter((section) => section !== null);
+  return sections.length > 0 ? truncatePromptContext(sections.join("\n\n")) : "";
+}
+function maskPromptContext(promptContext, options) {
+  return promptContext;
+}
 function setPromptInPrompts(prompts, sanitizedInput) {
   if (!Array.isArray(prompts) || prompts.length === 0) {
     return false;
@@ -2013,6 +2209,12 @@ function deanonymizeText(text, mapping) {
   }
   return piiManager.deanonymize(text, mapping);
 }
+function textContainsMappingPlaceholder(text, mapping) {
+  if (!text || !mapping) {
+    return false;
+  }
+  return Object.keys(mapping).some((placeholder) => placeholder.length > 0 && text.includes(placeholder));
+}
 function deanonymizeContent(content, mapping) {
   if (!mapping) {
     return content;
@@ -2135,6 +2337,7 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
     );
     this.apiKeyOverride = options.apiKey?.trim() || options.api_key?.trim() || void 0;
     this.telemetry = createAgentIdTelemetryContext(options.telemetry);
+    this.deanonymizeOutputForClient = options.deanonymizeOutputForClient === true || options.deanonymize_output_for_client === true;
   }
   get requestOptions() {
     return this.apiKeyOverride ? { apiKey: this.apiKeyOverride } : void 0;
@@ -2168,9 +2371,10 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
     }
     return false;
   }
-  async preflight(input, stream, clientEventId, telemetryMetadata) {
+  async preflight(input, stream, clientEventId, telemetryMetadata, promptContext) {
     const prepared = await this.agent.prepareInputForDispatch({
       input,
+      promptContext,
       systemId: this.systemId,
       stream,
       clientEventId,
@@ -2231,6 +2435,7 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
   }
   async handleLLMStart(serialized, prompts, runId, _parentRunId, extraParams) {
     const input = extractPromptFromPrompts(prompts);
+    const rawPromptContext = extractPromptContextFromPrompts(prompts);
     const id = String(runId ?? "");
     logCallbackDebug("handleLLMStart", { runId: id, hasInput: input.length > 0 });
     if (!input) {
@@ -2243,7 +2448,8 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
       input,
       stream,
       requestedClientEventId,
-      telemetryMetadata
+      telemetryMetadata,
+      rawPromptContext
     );
     const sanitizedInput = prepared.sanitizedInput;
     const piiMaskingEnabled = this.resolvePreparedPiiMaskingEnabled(prepared);
@@ -2256,10 +2462,18 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
         );
       }
     }
+    const promptContextForGuard = maskPromptContext(
+      extractPromptContextFromPrompts(prompts),
+      {
+        pii: piiMaskingEnabled,
+        secrets: secretMaskingEnabled
+      }
+    );
     const modelName = extractModel(serialized, extraParams);
     const pipelineStartedAtMs = Date.now();
     const verdict = await this.agent.guard({
       input: sanitizedInput,
+      prompt_context: promptContextForGuard || void 0,
       system_id: this.systemId,
       model: modelName,
       client_event_id: requestedClientEventId,
@@ -2271,28 +2485,30 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
       )
     }, this.requestOptions);
     let transformedForRun = sanitizedInput;
-    let sdkLocalScanMs = prepared.sdkLocalScanMs;
+    let sdkConfigFetchMs = prepared.sdkConfigFetchMs ?? 0;
+    let sdkLocalScanMs = prepared.sdkLocalScanMs ?? 0;
     let localFallbackApplied = false;
     let localFallbackReason = null;
     if (!verdict.allowed) {
-      const fallbackEligible = isGuardFailureEligibleForLocalFallback(verdict.reason) && verdict.reason !== "guard_denied";
-      if (fallbackEligible) {
-        const fallback = await this.agent.applyLocalFallbackForGuardFailure({
-          input: sanitizedInput,
+      throw new SecurityBlockError(verdict.reason ?? "guard_denied");
+    }
+    if (isFailOpenGuardBypassReason(verdict.reason)) {
+      const fallback = await this.agent.runLocalPromptInjectionFallback(
+        {
+          input,
+          promptContext: rawPromptContext,
           systemId: this.systemId,
-          stream,
           clientEventId: requestedClientEventId,
           capabilityConfig: prepared.capabilityConfig,
-          sdkConfigFetchMs: prepared.sdkConfigFetchMs,
+          sdkConfigFetchMs,
           telemetryMetadata
-        }, this.requestOptions);
-        transformedForRun = fallback.sanitizedInput;
-        sdkLocalScanMs = fallback.sdkLocalScanMs;
-        localFallbackApplied = true;
-        localFallbackReason = verdict.reason ?? "guard_unreachable";
-      } else {
-        throw new SecurityBlockError(verdict.reason ?? "guard_denied");
-      }
+        },
+        this.requestOptions
+      );
+      sdkConfigFetchMs = fallback.sdkConfigFetchMs;
+      sdkLocalScanMs += fallback.sdkLocalScanMs;
+      localFallbackApplied = true;
+      localFallbackReason = verdict.reason ?? null;
     }
     if (transformedForRun !== sanitizedInput) {
       const mutated = setPromptInPrompts(prompts, transformedForRun);
@@ -2311,12 +2527,13 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
         transformedInput = transformedForRun;
       }
     }
+    const retainedInput = getZeroRetentionInput(input, transformedInput);
     this.runs.set(id, {
-      input: transformedInput,
+      input: retainedInput,
       startedAtMs: Date.now(),
       pipelineStartedAtMs,
       guardLatencyMs,
-      sdkConfigFetchMs: prepared.sdkConfigFetchMs,
+      sdkConfigFetchMs,
       sdkLocalScanMs,
       localFallbackApplied,
       localFallbackReason,
@@ -2326,7 +2543,7 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
       telemetryMetadata,
       transparency,
       piiMapping: normalizePiiMapping(prepared.piiMapping),
-      shouldDeanonymize: prepared.shouldDeanonymize === true,
+      shouldDeanonymize: this.deanonymizeOutputForClient && prepared.shouldDeanonymize === true,
       responseStreamed: stream,
       sdkConfigVersion: prepared.capabilityConfig?.version ?? null,
       piiMaskingEnabled,
@@ -2340,6 +2557,7 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
   }
   async handleChatModelStart(serialized, messages, runId, _parentRunId, extraParams) {
     const input = extractPromptFromMessages(messages);
+    const rawPromptContext = extractPromptContextFromMessages(messages);
     const id = String(runId ?? "");
     logCallbackDebug("handleChatModelStart", { runId: id, hasInput: input.length > 0 });
     if (!input) {
@@ -2352,7 +2570,8 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
       input,
       stream,
       requestedClientEventId,
-      telemetryMetadata
+      telemetryMetadata,
+      rawPromptContext
     );
     const sanitizedInput = prepared.sanitizedInput;
     const piiMaskingEnabled = this.resolvePreparedPiiMaskingEnabled(prepared);
@@ -2365,10 +2584,18 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
         );
       }
     }
+    const promptContextForGuard = maskPromptContext(
+      extractPromptContextFromMessages(messages),
+      {
+        pii: piiMaskingEnabled,
+        secrets: secretMaskingEnabled
+      }
+    );
     const modelName = extractModel(serialized, extraParams);
     const pipelineStartedAtMs = Date.now();
     const verdict = await this.agent.guard({
       input: sanitizedInput,
+      prompt_context: promptContextForGuard || void 0,
       system_id: this.systemId,
       model: modelName,
       client_event_id: requestedClientEventId,
@@ -2380,28 +2607,30 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
       )
     }, this.requestOptions);
     let transformedForRun = sanitizedInput;
-    let sdkLocalScanMs = prepared.sdkLocalScanMs;
+    let sdkConfigFetchMs = prepared.sdkConfigFetchMs ?? 0;
+    let sdkLocalScanMs = prepared.sdkLocalScanMs ?? 0;
     let localFallbackApplied = false;
     let localFallbackReason = null;
     if (!verdict.allowed) {
-      const fallbackEligible = isGuardFailureEligibleForLocalFallback(verdict.reason) && verdict.reason !== "guard_denied";
-      if (fallbackEligible) {
-        const fallback = await this.agent.applyLocalFallbackForGuardFailure({
-          input: sanitizedInput,
+      throw new SecurityBlockError(verdict.reason ?? "guard_denied");
+    }
+    if (isFailOpenGuardBypassReason(verdict.reason)) {
+      const fallback = await this.agent.runLocalPromptInjectionFallback(
+        {
+          input,
+          promptContext: rawPromptContext,
           systemId: this.systemId,
-          stream,
           clientEventId: requestedClientEventId,
           capabilityConfig: prepared.capabilityConfig,
-          sdkConfigFetchMs: prepared.sdkConfigFetchMs,
+          sdkConfigFetchMs,
           telemetryMetadata
-        }, this.requestOptions);
-        transformedForRun = fallback.sanitizedInput;
-        sdkLocalScanMs = fallback.sdkLocalScanMs;
-        localFallbackApplied = true;
-        localFallbackReason = verdict.reason ?? "guard_unreachable";
-      } else {
-        throw new SecurityBlockError(verdict.reason ?? "guard_denied");
-      }
+        },
+        this.requestOptions
+      );
+      sdkConfigFetchMs = fallback.sdkConfigFetchMs;
+      sdkLocalScanMs += fallback.sdkLocalScanMs;
+      localFallbackApplied = true;
+      localFallbackReason = verdict.reason ?? null;
     }
     if (transformedForRun !== sanitizedInput) {
       const mutated = setPromptInMessages(messages, transformedForRun);
@@ -2420,12 +2649,13 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
         transformedInput = transformedForRun;
       }
     }
+    const retainedInput = getZeroRetentionInput(input, transformedInput);
     this.runs.set(id, {
-      input: transformedInput,
+      input: retainedInput,
       startedAtMs: Date.now(),
       pipelineStartedAtMs,
       guardLatencyMs,
-      sdkConfigFetchMs: prepared.sdkConfigFetchMs,
+      sdkConfigFetchMs,
       sdkLocalScanMs,
       localFallbackApplied,
       localFallbackReason,
@@ -2435,7 +2665,7 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
       telemetryMetadata,
       transparency,
       piiMapping: normalizePiiMapping(prepared.piiMapping),
-      shouldDeanonymize: prepared.shouldDeanonymize === true,
+      shouldDeanonymize: this.deanonymizeOutputForClient && prepared.shouldDeanonymize === true,
       responseStreamed: stream,
       sdkConfigVersion: prepared.capabilityConfig?.version ?? null,
       piiMaskingEnabled,
@@ -2492,7 +2722,7 @@ var AgentIDCallbackHandler = class extends import_base.BaseCallbackHandler {
     }
     metadata.response_streamed = state.responseStreamed === true;
     metadata.transformed_output = maskedOutputText;
-    metadata.output_masked = maskedOutputText !== clientOutputText;
+    metadata.output_masked = maskedOutputText !== clientOutputText || textContainsMappingPlaceholder(maskedOutputText, state.piiMapping);
     metadata.model_latency_ms = modelLatencyMs;
     metadata.total_pipeline_latency_ms = totalPipelineLatencyMs;
     const resolvedModel = state.model ?? extractModelFromOutput(output) ?? "unknown";