aira-sdk 2.4.0 → 3.1.0

package/dist/client.d.ts

@@ -1,4 +1,4 @@
-import { Authorization, ActionReceipt, ActionDetail, AgentDetail, AgentVersion, CosignResult, EvidencePackage, ComplianceSnapshot, EscrowAccount, EscrowTransaction, VerifyResult, PaginatedList, ComplianceReport, ComplianceReportListResponse, ComplianceReportVerification, ActionExplanation, ExplanationVerification, OutputPolicy, OutputPolicyUpdate } from "./types";
+import { Authorization, ActionReceipt, ActionDetail, AgentDetail, AgentVersion, CosignResult, EvidencePackage, ComplianceSnapshot, EscrowAccount, EscrowTransaction, VerifyResult, PaginatedList, ComplianceReport, ComplianceReportListResponse, ComplianceReportVerification, ActionExplanation, ExplanationVerification, OutputPolicy, OutputPolicyUpdate, DoraIncident, IctThirdParty, DoraTest } from "./types";
 import { AiraSession } from "./session";
 export interface AiraOptions {
     apiKey: string;
@@ -24,7 +24,7 @@ export declare class Aira {
      *
      * Returns an `Authorization` with a status:
      *  - "authorized"       → safe to execute the action, then call `notarize()`
-     *  - "pending_approval" → enqueue `action_id` and wait for human approval
+     *  - "pending_approval" → enqueue `action_uuid` and wait for human approval
      *
      * If a policy denies the action, this throws `AiraError` with code
      * `POLICY_DENIED` (HTTP 403). Duplicate idempotent requests throw
@@ -326,6 +326,103 @@ export declare class Aira {
      * required server-side.
      */
     updateOutputPolicy(updates: OutputPolicyUpdate): Promise<OutputPolicy>;
+    /** Open a new DORA ICT incident (Article 17). */
+    createDoraIncident(params: {
+        title: string;
+        description: string;
+        detectedAt: string;
+        affectedServices?: string[];
+        clientsAffectedCount?: number;
+        geographicScope?: string[];
+        relatedActionUuids?: string[];
+    }): Promise<DoraIncident>;
+    /** List DORA incidents with optional filters. */
+    listDoraIncidents(params?: {
+        status?: string;
+        severity?: string;
+        isMajor?: boolean;
+        limit?: number;
+        offset?: number;
+    }): Promise<{
+        items: DoraIncident[];
+        total: number;
+        limit: number;
+        offset: number;
+        request_id: string;
+    }>;
+    /** Get one DORA incident. */
+    getDoraIncident(incidentUuid: string): Promise<DoraIncident>;
+    /** Classify a detected incident (Article 18). */
+    classifyDoraIncident(incidentUuid: string, params: {
+        severity: "critical" | "high" | "medium" | "low";
+        category: string;
+        isMajor?: boolean;
+        rootCauseSummary?: string;
+        rootCauseClassification?: string;
+        thirdPartyUuid?: string;
+    }): Promise<DoraIncident>;
+    /** Mark an incident resolved + record post-mortem fields. */
+    resolveDoraIncident(incidentUuid: string, params: {
+        resolutionSummary: string;
+        lessonsLearned?: string;
+        resolvedAt?: string;
+    }): Promise<DoraIncident>;
+    /** Generate (if needed) and download the major-incident PDF for ESA submission. */
+    downloadDoraIncidentReport(incidentUuid: string): Promise<Uint8Array>;
+    /** Add a vendor to the ICT third-party register (Article 28). */
+    createIctThirdParty(params: {
+        vendorName: string;
+        serviceDescription: string;
+        serviceType: string;
+        criticality: "critical" | "non_critical" | "supporting";
+        contractStartDate?: string;
+        contractEndDate?: string;
+        exitStrategySummary?: string;
+        subcontractors?: string[];
+        dataCategories?: string[];
+        jurisdiction?: string;
+    }): Promise<IctThirdParty>;
+    /** List ICT third-party register entries. */
+    listIctThirdParties(params?: {
+        criticality?: string;
+        isActive?: boolean;
+        limit?: number;
+        offset?: number;
+    }): Promise<{
+        items: IctThirdParty[];
+        total: number;
+        limit: number;
+        offset: number;
+        request_id: string;
+    }>;
+    getIctThirdParty(thirdPartyUuid: string): Promise<IctThirdParty>;
+    /** PATCH semantics — only supplied fields change. */
+    updateIctThirdParty(thirdPartyUuid: string, fields: Partial<IctThirdParty> & {
+        is_active?: boolean;
+    }): Promise<IctThirdParty>;
+    /** Log a DORA resilience test (Articles 24-27). */
+    createDoraTest(params: {
+        testType: string;
+        title: string;
+        scope: string;
+        conductedAt: string;
+        conductedBy: string;
+        status: "passed" | "failed" | "partial";
+        findingsSummary?: string;
+        remediationPlan?: string;
+        remediationDueAt?: string;
+    }): Promise<DoraTest>;
+    listDoraTests(params?: {
+        testType?: string;
+        limit?: number;
+        offset?: number;
+    }): Promise<{
+        items: DoraTest[];
+        total: number;
+        limit: number;
+        offset: number;
+        request_id: string;
+    }>;
     /**
      * Article 6 right-to-explanation for a single action.
      *

package/dist/client.js

@@ -138,7 +138,7 @@ class Aira {
      *
      * Returns an `Authorization` with a status:
      *  - "authorized"       → safe to execute the action, then call `notarize()`
-     *  - "pending_approval" → enqueue `action_id` and wait for human approval
+     *  - "pending_approval" → enqueue `action_uuid` and wait for human approval
      *
      * If a policy denies the action, this throws `AiraError` with code
      * `POLICY_DENIED` (HTTP 403). Duplicate idempotent requests throw
@@ -153,7 +153,7 @@ class Aira {
             instruction_hash: params.instructionHash,
             model_id: params.modelId,
             model_version: params.modelVersion,
-            parent_action_id: params.parentActionId,
+            parent_action_uuid: params.parentActionId,
             endpoint_url: params.endpointUrl,
             store_details: params.storeDetails || undefined,
             idempotency_key: params.idempotencyKey,
@@ -247,7 +247,7 @@ class Aira {
         return this.post(`/agents/${slug}/decommission`, {});
     }
     async transferAgent(slug, toOrgId, reason) {
-        return this.post(`/agents/${slug}/transfer`, buildBody({ to_org_id: toOrgId, reason }));
+        return this.post(`/agents/${slug}/transfer`, buildBody({ to_org_uuid: toOrgId, reason }));
     }
     async getAgentActions(slug, page = 1) {
         const data = await this.get(`/agents/${slug}/actions`, { page });
@@ -277,7 +277,7 @@ class Aira {
     // ==================== Evidence ====================
     async createEvidencePackage(params) {
         return this.post("/evidence/packages", buildBody({
-            title: params.title, action_ids: params.actionIds, description: params.description, agent_slugs: params.agentSlugs,
+            title: params.title, action_uuids: params.actionIds, description: params.description, agent_slugs: params.agentSlugs,
         }));
     }
     async listEvidencePackages(page = 1) {
@@ -327,7 +327,7 @@ class Aira {
     async createEscrowAccount(params) {
         return this.post("/escrow/accounts", buildBody({
             purpose: params?.purpose, currency: params?.currency ?? "EUR",
-            agent_id: params?.agentId, counterparty_org_id: params?.counterpartyOrgId,
+            agent_id: params?.agentId, counterparty_org_uuid: params?.counterpartyOrgId,
         }));
     }
     async listEscrowAccounts(page = 1) {
@@ -339,17 +339,17 @@ class Aira {
     }
     async escrowDeposit(accountId, amount, description, referenceActionId) {
         return this.post(`/escrow/accounts/${accountId}/deposit`, buildBody({
-            amount, description, reference_action_id: referenceActionId,
+            amount, description, reference_action_uuid: referenceActionId,
         }));
     }
     async escrowRelease(accountId, amount, description, referenceActionId) {
         return this.post(`/escrow/accounts/${accountId}/release`, buildBody({
-            amount, description, reference_action_id: referenceActionId,
+            amount, description, reference_action_uuid: referenceActionId,
         }));
     }
     async escrowDispute(accountId, amount, description, referenceActionId) {
         return this.post(`/escrow/accounts/${accountId}/dispute`, buildBody({
-            amount, description, reference_action_id: referenceActionId,
+            amount, description, reference_action_uuid: referenceActionId,
         }));
     }
     // ==================== Chat ====================
@@ -419,7 +419,7 @@ class Aira {
     /** Submit a signed attestation of a successful interaction. */
     async attestReputation(slug, counterpartyDid, actionId, attestation, signature) {
         return this.post(`/agents/${slug}/reputation/attest`, {
-            counterparty_did: counterpartyDid, action_id: actionId, attestation, signature,
+            counterparty_did: counterpartyDid, action_uuid: actionId, attestation, signature,
         });
     }
     /** Verify a reputation score by returning inputs and score_hash. */
@@ -549,7 +549,7 @@ class Aira {
             framework: params.framework,
             period_start: params.periodStart,
             period_end: params.periodEnd,
-            action_id: params.actionId,
+            action_uuid: params.actionId,
             agent_filter: params.agentFilter,
         });
         return this.post("/compliance/reports", body);
@@ -624,6 +624,146 @@ class Aira {
         }
         return this.patch("/output-policies", body);
     }
+    // ==================== DORA (EU 2022/2554) ====================
+    /** Open a new DORA ICT incident (Article 17). */
+    async createDoraIncident(params) {
+        const body = buildBody({
+            title: params.title,
+            description: params.description,
+            detected_at: params.detectedAt,
+            affected_services: params.affectedServices,
+            clients_affected_count: params.clientsAffectedCount,
+            geographic_scope: params.geographicScope,
+            related_action_uuids: params.relatedActionUuids,
+        });
+        return this.post("/dora/incidents", body);
+    }
+    /** List DORA incidents with optional filters. */
+    async listDoraIncidents(params) {
+        const qs = new URLSearchParams();
+        if (params?.status)
+            qs.append("status", params.status);
+        if (params?.severity)
+            qs.append("severity", params.severity);
+        if (params?.isMajor !== undefined)
+            qs.append("is_major", String(params.isMajor));
+        if (params?.limit !== undefined)
+            qs.append("limit", String(params.limit));
+        if (params?.offset !== undefined)
+            qs.append("offset", String(params.offset));
+        const path = qs.toString() ? `/dora/incidents?${qs}` : "/dora/incidents";
+        return this.get(path);
+    }
+    /** Get one DORA incident. */
+    async getDoraIncident(incidentUuid) {
+        return this.get(`/dora/incidents/${incidentUuid}`);
+    }
+    /** Classify a detected incident (Article 18). */
+    async classifyDoraIncident(incidentUuid, params) {
+        const body = buildBody({
+            severity: params.severity,
+            category: params.category,
+            is_major: params.isMajor,
+            root_cause_summary: params.rootCauseSummary,
+            root_cause_classification: params.rootCauseClassification,
+            third_party_uuid: params.thirdPartyUuid,
+        });
+        return this.put(`/dora/incidents/${incidentUuid}/classify`, body);
+    }
+    /** Mark an incident resolved + record post-mortem fields. */
+    async resolveDoraIncident(incidentUuid, params) {
+        const body = buildBody({
+            resolution_summary: params.resolutionSummary,
+            lessons_learned: params.lessonsLearned,
+            resolved_at: params.resolvedAt,
+        });
+        return this.put(`/dora/incidents/${incidentUuid}/resolve`, body);
+    }
+    /** Generate (if needed) and download the major-incident PDF for ESA submission. */
+    async downloadDoraIncidentReport(incidentUuid) {
+        if (this.queue) {
+            throw new types_1.AiraError(0, "OFFLINE", "Downloads not available offline");
+        }
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), this.timeout);
+        try {
+            const res = await fetchWithRetry(() => fetch(`${this.baseUrl}/dora/incidents/${incidentUuid}/report`, {
+                method: "GET",
+                headers: { Authorization: `Bearer ${this.apiKey}` },
+                signal: controller.signal,
+            }));
+            if (!res.ok) {
+                throw new types_1.AiraError(res.status, "DOWNLOAD_FAILED", res.statusText);
+            }
+            return new Uint8Array(await res.arrayBuffer());
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+    /** Add a vendor to the ICT third-party register (Article 28). */
+    async createIctThirdParty(params) {
+        const body = buildBody({
+            vendor_name: params.vendorName,
+            service_description: params.serviceDescription,
+            service_type: params.serviceType,
+            criticality: params.criticality,
+            contract_start_date: params.contractStartDate,
+            contract_end_date: params.contractEndDate,
+            exit_strategy_summary: params.exitStrategySummary,
+            subcontractors: params.subcontractors,
+            data_categories: params.dataCategories,
+            jurisdiction: params.jurisdiction,
+        });
+        return this.post("/dora/third-parties", body);
+    }
+    /** List ICT third-party register entries. */
+    async listIctThirdParties(params) {
+        const qs = new URLSearchParams();
+        if (params?.criticality)
+            qs.append("criticality", params.criticality);
+        if (params?.isActive !== undefined)
+            qs.append("is_active", String(params.isActive));
+        if (params?.limit !== undefined)
+            qs.append("limit", String(params.limit));
+        if (params?.offset !== undefined)
+            qs.append("offset", String(params.offset));
+        const path = qs.toString() ? `/dora/third-parties?${qs}` : "/dora/third-parties";
+        return this.get(path);
+    }
+    async getIctThirdParty(thirdPartyUuid) {
+        return this.get(`/dora/third-parties/${thirdPartyUuid}`);
+    }
+    /** PATCH semantics — only supplied fields change. */
+    async updateIctThirdParty(thirdPartyUuid, fields) {
+        return this.put(`/dora/third-parties/${thirdPartyUuid}`, fields);
+    }
+    /** Log a DORA resilience test (Articles 24-27). */
+    async createDoraTest(params) {
+        const body = buildBody({
+            test_type: params.testType,
+            title: params.title,
+            scope: params.scope,
+            conducted_at: params.conductedAt,
+            conducted_by: params.conductedBy,
+            status: params.status,
+            findings_summary: params.findingsSummary,
+            remediation_plan: params.remediationPlan,
+            remediation_due_at: params.remediationDueAt,
+        });
+        return this.post("/dora/tests", body);
+    }
+    async listDoraTests(params) {
+        const qs = new URLSearchParams();
+        if (params?.testType)
+            qs.append("test_type", params.testType);
+        if (params?.limit !== undefined)
+            qs.append("limit", String(params.limit));
+        if (params?.offset !== undefined)
+            qs.append("offset", String(params.offset));
+        const path = qs.toString() ? `/dora/tests?${qs}` : "/dora/tests";
+        return this.get(path);
+    }
     /**
      * Article 6 right-to-explanation for a single action.
      *

package/dist/extras/langchain.d.ts

@@ -16,7 +16,7 @@
  * This handler implements the two-step flow as follows:
  *
  *   1. handleToolStart  → aira.authorize()
- *       - If the backend returns "authorized" we cache the action_id
+ *       - If the backend returns "authorized" we cache the action_uuid
  *         keyed by LangChain's `runId`, then return so the tool executes.
  *       - If the backend throws POLICY_DENIED we propagate the error,
  *         which prevents the tool from running at all (real gate).
@@ -51,7 +51,7 @@ export declare class AiraCallbackHandler {
     private actionTypes;
     private trustPolicy?;
     private strict;
-    /** runId → action_id cache so handleEnd can notarize the right action. */
+    /** runId → action_uuid cache so handleEnd can notarize the right action. */
     private inFlight;
     constructor(client: Aira, agentId: string, options?: AiraCallbackHandlerOptions);
     /**

package/dist/extras/langchain.js

@@ -17,7 +17,7 @@
  * This handler implements the two-step flow as follows:
  *
  *   1. handleToolStart  → aira.authorize()
- *       - If the backend returns "authorized" we cache the action_id
+ *       - If the backend returns "authorized" we cache the action_uuid
  *         keyed by LangChain's `runId`, then return so the tool executes.
  *       - If the backend throws POLICY_DENIED we propagate the error,
  *         which prevents the tool from running at all (real gate).
@@ -46,7 +46,7 @@ class AiraCallbackHandler {
     actionTypes;
     trustPolicy;
     strict;
-    /** runId → action_id cache so handleEnd can notarize the right action. */
+    /** runId → action_uuid cache so handleEnd can notarize the right action. */
     inFlight = new Map();
     constructor(client, agentId, options) {
         this.client = client;
@@ -81,11 +81,11 @@ class AiraCallbackHandler {
             });
             if (auth.status === "pending_approval") {
                 // Real gate — block the tool from running until a human approves.
-                const err = new Error(`Aira: action '${actionType}' is pending human approval (action_id=${auth.action_id}). Tool execution blocked.`);
+                const err = new Error(`Aira: action '${actionType}' is pending human approval (action_uuid=${auth.action_uuid}). Tool execution blocked.`);
                 err.code = "PENDING_APPROVAL";
                 throw err;
             }
-            this.inFlight.set(runId, auth.action_id);
+            this.inFlight.set(runId, auth.action_uuid);
         }
         catch (e) {
             const err = e;

package/dist/extras/mcp.js

@@ -39,7 +39,7 @@ function getTools() {
     return [
         {
             name: "authorize_action",
-            description: "Step 1 of the Aira two-step flow. Authorize an action BEFORE it executes. Returns an action_id with status 'authorized' or 'pending_approval'. Throws POLICY_DENIED if a policy blocks the action.",
+            description: "Step 1 of the Aira two-step flow. Authorize an action BEFORE it executes. Returns an action_uuid with status 'authorized' or 'pending_approval'. Throws POLICY_DENIED if a policy blocks the action.",
             inputSchema: {
                 type: "object",
                 properties: {
@@ -59,11 +59,11 @@ function getTools() {
             inputSchema: {
                 type: "object",
                 properties: {
-                    action_id: { type: "string", description: "action_id returned from authorize_action" },
+                    action_uuid: { type: "string", description: "action_uuid returned from authorize_action" },
                     outcome: { type: "string", enum: ["completed", "failed"], description: "Did the action succeed?" },
                     outcome_details: { type: "string", description: "Optional description of the outcome" },
                 },
-                required: ["action_id"],
+                required: ["action_uuid"],
             },
         },
         {
@@ -72,9 +72,9 @@ function getTools() {
             inputSchema: {
                 type: "object",
                 properties: {
-                    action_id: { type: "string", description: "Action UUID" },
+                    action_uuid: { type: "string", description: "Action UUID" },
                 },
-                required: ["action_id"],
+                required: ["action_uuid"],
             },
         },
         {
@@ -83,9 +83,9 @@ function getTools() {
             inputSchema: {
                 type: "object",
                 properties: {
-                    action_id: { type: "string", description: "Action UUID" },
+                    action_uuid: { type: "string", description: "Action UUID" },
                 },
-                required: ["action_id"],
+                required: ["action_uuid"],
             },
         },
         {
@@ -94,9 +94,9 @@ function getTools() {
             inputSchema: {
                 type: "object",
                 properties: {
-                    receipt_id: { type: "string", description: "Receipt UUID" },
+                    receipt_uuid: { type: "string", description: "Receipt UUID" },
                 },
-                required: ["receipt_id"],
+                required: ["receipt_uuid"],
             },
         },
         {
@@ -138,10 +138,10 @@ function getTools() {
             inputSchema: {
                 type: "object",
                 properties: {
-                    action_id: { type: "string", description: "Action UUID to co-sign" },
+                    action_uuid: { type: "string", description: "Action UUID to co-sign" },
                     counterparty_did: { type: "string", description: "DID of the counterparty agent" },
                 },
-                required: ["action_id", "counterparty_did"],
+                required: ["action_uuid", "counterparty_did"],
             },
         },
     ];
@@ -162,22 +162,22 @@ async function handleToolCall(client, name, args) {
         }
         if (name === "notarize_action") {
             const result = await client.notarize({
-                actionId: args.action_id,
+                actionId: args.action_uuid,
                 outcome: args.outcome ?? "completed",
                 outcomeDetails: args.outcome_details,
             });
             return [{ type: "text", text: JSON.stringify(result) }];
         }
         if (name === "get_action") {
-            const result = await client.getAction(args.action_id);
+            const result = await client.getAction(args.action_uuid);
             return [{ type: "text", text: JSON.stringify(result) }];
         }
         if (name === "verify_action") {
-            const result = await client.verifyAction(args.action_id);
+            const result = await client.verifyAction(args.action_uuid);
             return [{ type: "text", text: JSON.stringify(result) }];
         }
         if (name === "get_receipt") {
-            const result = await client.getReceipt(args.receipt_id);
+            const result = await client.getReceipt(args.receipt_uuid);
             return [{ type: "text", text: JSON.stringify(result) }];
         }
         if (name === "resolve_did") {
@@ -194,7 +194,7 @@ async function handleToolCall(client, name, args) {
             return [{ type: "text", text: JSON.stringify(result) }];
         }
         if (name === "request_mutual_sign") {
-            const result = await client.requestMutualSign(args.action_id, args.counterparty_did);
+            const result = await client.requestMutualSign(args.action_uuid, args.counterparty_did);
             return [{ type: "text", text: JSON.stringify(result) }];
         }
         return [{ type: "text", text: JSON.stringify({ error: `Unknown tool: ${name}` }) }];

package/dist/extras/openai-agents.d.ts

@@ -49,7 +49,7 @@ export declare class AiraGuardrail {
     /**
      * REAL GATE: call `authorize()` for a tool invocation.
      *
-     * Returns the action_id on success, throws on POLICY_DENIED or
+     * Returns the action_uuid on success, throws on POLICY_DENIED or
      * pending_approval. Arg keys are logged (not values) to avoid leaking
      * sensitive user input into audit trails.
      */

package/dist/extras/openai-agents.js

@@ -56,7 +56,7 @@ class AiraGuardrail {
     /**
      * REAL GATE: call `authorize()` for a tool invocation.
      *
-     * Returns the action_id on success, throws on POLICY_DENIED or
+     * Returns the action_uuid on success, throws on POLICY_DENIED or
      * pending_approval. Arg keys are logged (not values) to avoid leaking
      * sensitive user input into audit trails.
      */
@@ -70,11 +70,11 @@ class AiraGuardrail {
                 modelId: this.modelId,
             });
             if (auth.status === "pending_approval") {
-                const err = new Error(`Aira: tool '${toolName}' is pending human approval (action_id=${auth.action_id}). Tool execution blocked.`);
+                const err = new Error(`Aira: tool '${toolName}' is pending human approval (action_uuid=${auth.action_uuid}). Tool execution blocked.`);
                 err.code = "PENDING_APPROVAL";
                 throw err;
             }
-            return auth.action_id;
+            return auth.action_uuid;
         }
         catch (e) {
             const err = e;

package/dist/extras/vercel-ai.js

@@ -69,7 +69,7 @@ class AiraVercelMiddleware {
                 modelId: this.modelId,
             });
             if (auth.status === "authorized") {
-                await this.client.notarize({ actionId: auth.action_id, outcome: "completed" });
+                await this.client.notarize({ actionId: auth.action_uuid, outcome: "completed" });
             }
             // If pending_approval — just leave it; nothing to execute for audit-only.
         }
@@ -134,11 +134,11 @@ class AiraVercelMiddleware {
                     modelId: self.modelId,
                 });
                 if (auth.status === "pending_approval") {
-                    const err = new Error(`Aira: tool '${toolName}' is pending human approval (action_id=${auth.action_id}). Tool execution blocked.`);
+                    const err = new Error(`Aira: tool '${toolName}' is pending human approval (action_uuid=${auth.action_uuid}). Tool execution blocked.`);
                     err.code = "PENDING_APPROVAL";
                     throw err;
                 }
-                actionId = auth.action_id;
+                actionId = auth.action_uuid;
             }
             catch (e) {
                 const err = e;

package/dist/index.d.ts

@@ -3,4 +3,4 @@ export type { AiraOptions } from "./client";
 export { AiraSession } from "./session";
 export { OfflineQueue } from "./offline";
 export type { QueuedRequest } from "./offline";
-export { AiraError, FRAMEWORK_ANNEX_IV, FRAMEWORK_ART12, FRAMEWORK_ART9, FRAMEWORK_ART6, type Authorization, type ActionReceipt, type ActionDetail, type AgentDetail, type AgentVersion, type CosignResult, type EvidencePackage, type ComplianceSnapshot, type EscrowAccount, type EscrowTransaction, type VerifyResult, type PaginatedList, type ComplianceReport, type ComplianceReportListResponse, type ComplianceReportVerification, type ActionExplanation, type ExplanationEnvelope, type ExplanationVerification, type OutputPolicy, type OutputPolicyUpdate, type OutputScanFlags, type OutputScanHit, } from "./types";
+export { AiraError, FRAMEWORK_ANNEX_IV, FRAMEWORK_ART12, FRAMEWORK_ART9, FRAMEWORK_ART6, type Authorization, type ActionReceipt, type ActionDetail, type AgentDetail, type AgentVersion, type CosignResult, type EvidencePackage, type ComplianceSnapshot, type EscrowAccount, type EscrowTransaction, type VerifyResult, type PaginatedList, type ComplianceReport, type ComplianceReportListResponse, type ComplianceReportVerification, type ActionExplanation, type ExplanationEnvelope, type ExplanationVerification, type OutputPolicy, type OutputPolicyUpdate, type OutputScanFlags, type OutputScanHit, type DoraIncident, type IctThirdParty, type DoraTest, } from "./types";

package/dist/session.d.ts

@@ -2,7 +2,7 @@
  * AiraSession — scoped session with pre-filled defaults for `authorize()`.
  *
  * Under the two-step flow, only `authorize()` takes agent/model metadata;
- * `notarize()` operates on an existing action_id. This session therefore
+ * `notarize()` operates on an existing action_uuid. This session therefore
  * merges defaults on `authorize()` only and provides a thin passthrough
  * for `notarize()` so callers can use a single object end-to-end.
  */

package/dist/session.js

@@ -3,7 +3,7 @@
  * AiraSession — scoped session with pre-filled defaults for `authorize()`.
  *
  * Under the two-step flow, only `authorize()` takes agent/model metadata;
- * `notarize()` operates on an existing action_id. This session therefore
+ * `notarize()` operates on an existing action_uuid. This session therefore
  * merges defaults on `authorize()` only and provides a thin passthrough
  * for `notarize()` so callers can use a single object end-to-end.
  */

package/dist/types.d.ts

@@ -13,12 +13,12 @@ export declare const FRAMEWORK_ANNEX_IV: "eu_ai_act_annex_iv";
  *
  * Status tells you what to do next:
  *  - "authorized"       → execute the action, then call `notarize()`
- *  - "pending_approval" → enqueue the action_id and wait for human approval
+ *  - "pending_approval" → enqueue the action_uuid and wait for human approval
  *
  * POLICY_DENIED is raised as an `AiraError` — not returned as a status.
  */
 export interface Authorization {
-    action_id: string;
+    action_uuid: string;
     status: "authorized" | "pending_approval";
     created_at: string;
     request_id: string;
@@ -31,11 +31,11 @@ export interface Authorization {
  * the receipt fields stay null — only the audit trail is recorded.
  */
 export interface ActionReceipt {
-    action_id: string;
+    action_uuid: string;
     status: "notarized" | "failed";
     created_at: string;
     request_id: string;
-    receipt_id: string | null;
+    receipt_uuid: string | null;
     payload_hash: string | null;
     signature: string | null;
     timestamp_token: string | null;
@@ -72,6 +72,62 @@ export interface OutputPolicy {
     redact_severity_threshold: "info" | "warning" | "critical";
     request_id: string;
 }
+export interface DoraIncident {
+    uuid: string;
+    title: string;
+    status: "detected" | "classified" | "resolved" | "reported";
+    severity: "critical" | "high" | "medium" | "low" | null;
+    category: string | null;
+    is_major: boolean;
+    detected_at: string;
+    classified_at: string | null;
+    resolved_at: string | null;
+    reported_at: string | null;
+    clients_affected_count: number;
+    has_report: boolean;
+    created_at: string;
+    org_uuid?: string | null;
+    description?: string | null;
+    affected_services?: string[] | null;
+    geographic_scope?: string[] | null;
+    root_cause_summary?: string | null;
+    root_cause_classification?: string | null;
+    third_party_uuid?: string | null;
+    resolution_summary?: string | null;
+    lessons_learned?: string | null;
+    related_action_uuids?: string[] | null;
+    report_content_hash?: string | null;
+    report_signature?: string | null;
+    report_signing_key_id?: string | null;
+    report_signed_at?: string | null;
+    report_pdf_size_bytes?: number | null;
+    request_id?: string;
+}
+export interface IctThirdParty {
+    uuid: string;
+    org_uuid: string;
+    vendor_name: string;
+    service_description: string;
+    service_type: string;
+    criticality: "critical" | "non_critical" | "supporting";
+    contract_start_date: string | null;
+    contract_end_date: string | null;
+    exit_strategy_summary: string | null;
+    subcontractors: string[] | null;
+    data_categories: string[] | null;
+    jurisdiction: string | null;
+    is_active: boolean;
+    created_at: string;
+    request_id?: string;
+}
+export interface DoraTest {
+    uuid: string;
+    test_type: string;
+    title: string;
+    conducted_at: string;
+    conducted_by: string;
+    status: "passed" | "failed" | "partial";
+}
 export interface OutputPolicyUpdate {
     enabled?: boolean;
     mode?: "flag" | "deny" | "redact";
@@ -81,19 +137,19 @@ export interface OutputPolicyUpdate {
 }
 /** Full action details including receipt and authorizations. */
 export interface ActionDetail {
-    action_id: string;
-    org_id: string;
+    action_uuid: string;
+    org_uuid: string;
     action_type: string;
     action_details_hash: string;
     agent_id: string | null;
     model_id: string | null;
     instruction_hash: string | null;
-    parent_action_id: string | null;
+    parent_action_uuid: string | null;
     status: string;
     legal_hold: boolean;
     created_at: string;
     receipt: {
-        receipt_id: string;
+        receipt_uuid: string;
         payload_hash: string;
         signature: string;
         public_key_id: string;
@@ -144,7 +200,7 @@ export interface EvidencePackage {
     id: string;
     title: string;
     description: string | null;
-    action_ids: string[];
+    action_uuids: string[];
     package_hash: string;
     signature: string;
     status: string;
@@ -174,7 +230,7 @@ export interface EscrowAccount {
     created_at: string;
     request_id: string;
     agent_id?: string | null;
-    counterparty_org_id?: string | null;
+    counterparty_org_uuid?: string | null;
     purpose?: string | null;
     transactions?: EscrowTransaction[];
 }
@@ -189,7 +245,7 @@ export interface EscrowTransaction {
     status: string;
     created_at: string;
     description?: string | null;
-    reference_action_id?: string | null;
+    reference_action_uuid?: string | null;
 }
 /**
  * Result of a public action receipt verification.
@@ -209,8 +265,8 @@ export interface VerifyResult {
     message: string;
     verified_at: string;
     request_id: string;
-    receipt_id?: string | null;
-    action_id?: string | null;
+    receipt_uuid?: string | null;
+    action_uuid?: string | null;
     payload_hash?: string | null;
     signature?: string | null;
     public_key?: string | null;
@@ -239,8 +295,8 @@ export interface PaginatedList<T = Record<string, unknown>> {
  * (and optionally already notarized).
  */
 export interface CosignResult {
-    cosignature_id: string;
-    action_id: string;
+    cosignature_uuid: string;
+    action_uuid: string;
     cosigner_email: string;
     cosigned_at: string;
     request_id: string;
@@ -257,7 +313,7 @@ export declare class AiraError extends Error {
     statusCode: number;
     /** Error code string (e.g. "POLICY_DENIED", "INVALID_STATE"). */
     code: string;
-    /** Optional backend-supplied context (policy_id, action_id, etc.). */
+    /** Optional backend-supplied context (policy_uuid, action_uuid, etc.). */
     details: Record<string, unknown>;
     constructor(statusCode: number, code: string, message: string, details?: Record<string, unknown>);
 }
@@ -267,10 +323,10 @@ export interface ComplianceReport {
     status: "pending" | "generating" | "ready" | "failed";
     created_at: string;
     request_id?: string;
-    org_id?: string;
+    org_uuid?: string;
     period_start?: string | null;
     period_end?: string | null;
-    action_id?: string | null;
+    action_uuid?: string | null;
     agent_filter?: string[] | null;
     receipt_count?: number | null;
     pdf_size_bytes?: number | null;
@@ -291,7 +347,7 @@ export interface ComplianceReportListResponse {
     request_id: string;
 }
 export interface ComplianceReportVerification {
-    report_id: string;
+    report_uuid: string;
     valid: boolean;
     checks: Record<string, unknown>;
     descriptor?: Record<string, unknown> | null;

package/dist/types.js

@@ -23,7 +23,7 @@ class AiraError extends Error {
     statusCode;
     /** Error code string (e.g. "POLICY_DENIED", "INVALID_STATE"). */
     code;
-    /** Optional backend-supplied context (policy_id, action_id, etc.). */
+    /** Optional backend-supplied context (policy_uuid, action_uuid, etc.). */
     details;
     constructor(statusCode, code, message, details = {}) {
         super(`[${code}] ${message}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aira-sdk",
-  "version": "2.4.0",
+  "version": "3.1.0",
   "description": "The authorization and audit layer for AI agents",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",