npm - aira-sdk - Versions diffs - 3.0.0 → 3.2.0 - Mend

aira-sdk 3.0.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/client.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { Authorization, ActionReceipt, ActionDetail, AgentDetail, AgentVersion, CosignResult, EvidencePackage, ComplianceSnapshot, EscrowAccount, EscrowTransaction, VerifyResult, PaginatedList, ComplianceReport, ComplianceReportListResponse, ComplianceReportVerification, ActionExplanation, ExplanationVerification, OutputPolicy, OutputPolicyUpdate } from "./types";
+import { Authorization, ActionReceipt, ActionDetail, AgentDetail, AgentVersion, CosignResult, EvidencePackage, ComplianceSnapshot, EscrowAccount, EscrowTransaction, VerifyResult, PaginatedList, ComplianceReport, ComplianceReportListResponse, ComplianceReportVerification, ActionExplanation, ExplanationVerification, OutputPolicy, OutputPolicyUpdate, DoraIncident, IctThirdParty, DoraTest } from "./types";
 import { AiraSession } from "./session";
 export interface AiraOptions {
     apiKey: string;
@@ -326,6 +326,103 @@ export declare class Aira {
      * required server-side.
      */
     updateOutputPolicy(updates: OutputPolicyUpdate): Promise<OutputPolicy>;
+    /** Open a new DORA ICT incident (Article 17). */
+    createDoraIncident(params: {
+        title: string;
+        description: string;
+        detectedAt: string;
+        affectedServices?: string[];
+        clientsAffectedCount?: number;
+        geographicScope?: string[];
+        relatedActionUuids?: string[];
+    }): Promise<DoraIncident>;
+    /** List DORA incidents with optional filters. */
+    listDoraIncidents(params?: {
+        status?: string;
+        severity?: string;
+        isMajor?: boolean;
+        limit?: number;
+        offset?: number;
+    }): Promise<{
+        items: DoraIncident[];
+        total: number;
+        limit: number;
+        offset: number;
+        request_id: string;
+    }>;
+    /** Get one DORA incident. */
+    getDoraIncident(incidentUuid: string): Promise<DoraIncident>;
+    /** Classify a detected incident (Article 18). */
+    classifyDoraIncident(incidentUuid: string, params: {
+        severity: "critical" | "high" | "medium" | "low";
+        category: string;
+        isMajor?: boolean;
+        rootCauseSummary?: string;
+        rootCauseClassification?: string;
+        thirdPartyUuid?: string;
+    }): Promise<DoraIncident>;
+    /** Mark an incident resolved + record post-mortem fields. */
+    resolveDoraIncident(incidentUuid: string, params: {
+        resolutionSummary: string;
+        lessonsLearned?: string;
+        resolvedAt?: string;
+    }): Promise<DoraIncident>;
+    /** Generate (if needed) and download the major-incident PDF for ESA submission. */
+    downloadDoraIncidentReport(incidentUuid: string): Promise<Uint8Array>;
+    /** Add a vendor to the ICT third-party register (Article 28). */
+    createIctThirdParty(params: {
+        vendorName: string;
+        serviceDescription: string;
+        serviceType: string;
+        criticality: "critical" | "non_critical" | "supporting";
+        contractStartDate?: string;
+        contractEndDate?: string;
+        exitStrategySummary?: string;
+        subcontractors?: string[];
+        dataCategories?: string[];
+        jurisdiction?: string;
+    }): Promise<IctThirdParty>;
+    /** List ICT third-party register entries. */
+    listIctThirdParties(params?: {
+        criticality?: string;
+        isActive?: boolean;
+        limit?: number;
+        offset?: number;
+    }): Promise<{
+        items: IctThirdParty[];
+        total: number;
+        limit: number;
+        offset: number;
+        request_id: string;
+    }>;
+    getIctThirdParty(thirdPartyUuid: string): Promise<IctThirdParty>;
+    /** PATCH semantics — only supplied fields change. */
+    updateIctThirdParty(thirdPartyUuid: string, fields: Partial<IctThirdParty> & {
+        is_active?: boolean;
+    }): Promise<IctThirdParty>;
+    /** Log a DORA resilience test (Articles 24-27). */
+    createDoraTest(params: {
+        testType: string;
+        title: string;
+        scope: string;
+        conductedAt: string;
+        conductedBy: string;
+        status: "passed" | "failed" | "partial";
+        findingsSummary?: string;
+        remediationPlan?: string;
+        remediationDueAt?: string;
+    }): Promise<DoraTest>;
+    listDoraTests(params?: {
+        testType?: string;
+        limit?: number;
+        offset?: number;
+    }): Promise<{
+        items: DoraTest[];
+        total: number;
+        limit: number;
+        offset: number;
+        request_id: string;
+    }>;
     /**
      * Article 6 right-to-explanation for a single action.
      *

package/dist/client.js CHANGED Viewed

@@ -624,6 +624,146 @@ class Aira {
         }
         return this.patch("/output-policies", body);
     }
+    // ==================== DORA (EU 2022/2554) ====================
+    /** Open a new DORA ICT incident (Article 17). */
+    async createDoraIncident(params) {
+        const body = buildBody({
+            title: params.title,
+            description: params.description,
+            detected_at: params.detectedAt,
+            affected_services: params.affectedServices,
+            clients_affected_count: params.clientsAffectedCount,
+            geographic_scope: params.geographicScope,
+            related_action_uuids: params.relatedActionUuids,
+        });
+        return this.post("/dora/incidents", body);
+    }
+    /** List DORA incidents with optional filters. */
+    async listDoraIncidents(params) {
+        const qs = new URLSearchParams();
+        if (params?.status)
+            qs.append("status", params.status);
+        if (params?.severity)
+            qs.append("severity", params.severity);
+        if (params?.isMajor !== undefined)
+            qs.append("is_major", String(params.isMajor));
+        if (params?.limit !== undefined)
+            qs.append("limit", String(params.limit));
+        if (params?.offset !== undefined)
+            qs.append("offset", String(params.offset));
+        const path = qs.toString() ? `/dora/incidents?${qs}` : "/dora/incidents";
+        return this.get(path);
+    }
+    /** Get one DORA incident. */
+    async getDoraIncident(incidentUuid) {
+        return this.get(`/dora/incidents/${incidentUuid}`);
+    }
+    /** Classify a detected incident (Article 18). */
+    async classifyDoraIncident(incidentUuid, params) {
+        const body = buildBody({
+            severity: params.severity,
+            category: params.category,
+            is_major: params.isMajor,
+            root_cause_summary: params.rootCauseSummary,
+            root_cause_classification: params.rootCauseClassification,
+            third_party_uuid: params.thirdPartyUuid,
+        });
+        return this.put(`/dora/incidents/${incidentUuid}/classify`, body);
+    }
+    /** Mark an incident resolved + record post-mortem fields. */
+    async resolveDoraIncident(incidentUuid, params) {
+        const body = buildBody({
+            resolution_summary: params.resolutionSummary,
+            lessons_learned: params.lessonsLearned,
+            resolved_at: params.resolvedAt,
+        });
+        return this.put(`/dora/incidents/${incidentUuid}/resolve`, body);
+    }
+    /** Generate (if needed) and download the major-incident PDF for ESA submission. */
+    async downloadDoraIncidentReport(incidentUuid) {
+        if (this.queue) {
+            throw new types_1.AiraError(0, "OFFLINE", "Downloads not available offline");
+        }
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), this.timeout);
+        try {
+            const res = await fetchWithRetry(() => fetch(`${this.baseUrl}/dora/incidents/${incidentUuid}/report`, {
+                method: "GET",
+                headers: { Authorization: `Bearer ${this.apiKey}` },
+                signal: controller.signal,
+            }));
+            if (!res.ok) {
+                throw new types_1.AiraError(res.status, "DOWNLOAD_FAILED", res.statusText);
+            }
+            return new Uint8Array(await res.arrayBuffer());
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+    /** Add a vendor to the ICT third-party register (Article 28). */
+    async createIctThirdParty(params) {
+        const body = buildBody({
+            vendor_name: params.vendorName,
+            service_description: params.serviceDescription,
+            service_type: params.serviceType,
+            criticality: params.criticality,
+            contract_start_date: params.contractStartDate,
+            contract_end_date: params.contractEndDate,
+            exit_strategy_summary: params.exitStrategySummary,
+            subcontractors: params.subcontractors,
+            data_categories: params.dataCategories,
+            jurisdiction: params.jurisdiction,
+        });
+        return this.post("/dora/third-parties", body);
+    }
+    /** List ICT third-party register entries. */
+    async listIctThirdParties(params) {
+        const qs = new URLSearchParams();
+        if (params?.criticality)
+            qs.append("criticality", params.criticality);
+        if (params?.isActive !== undefined)
+            qs.append("is_active", String(params.isActive));
+        if (params?.limit !== undefined)
+            qs.append("limit", String(params.limit));
+        if (params?.offset !== undefined)
+            qs.append("offset", String(params.offset));
+        const path = qs.toString() ? `/dora/third-parties?${qs}` : "/dora/third-parties";
+        return this.get(path);
+    }
+    async getIctThirdParty(thirdPartyUuid) {
+        return this.get(`/dora/third-parties/${thirdPartyUuid}`);
+    }
+    /** PATCH semantics — only supplied fields change. */
+    async updateIctThirdParty(thirdPartyUuid, fields) {
+        return this.put(`/dora/third-parties/${thirdPartyUuid}`, fields);
+    }
+    /** Log a DORA resilience test (Articles 24-27). */
+    async createDoraTest(params) {
+        const body = buildBody({
+            test_type: params.testType,
+            title: params.title,
+            scope: params.scope,
+            conducted_at: params.conductedAt,
+            conducted_by: params.conductedBy,
+            status: params.status,
+            findings_summary: params.findingsSummary,
+            remediation_plan: params.remediationPlan,
+            remediation_due_at: params.remediationDueAt,
+        });
+        return this.post("/dora/tests", body);
+    }
+    async listDoraTests(params) {
+        const qs = new URLSearchParams();
+        if (params?.testType)
+            qs.append("test_type", params.testType);
+        if (params?.limit !== undefined)
+            qs.append("limit", String(params.limit));
+        if (params?.offset !== undefined)
+            qs.append("offset", String(params.offset));
+        const path = qs.toString() ? `/dora/tests?${qs}` : "/dora/tests";
+        return this.get(path);
+    }
     /**
      * Article 6 right-to-explanation for a single action.
      *

package/dist/gateway.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Helpers for routing LLM SDK calls through Aira Gateway.
+ *
+ * Usage (OpenAI):
+ *   import OpenAI from "openai";
+ *   import { gatewayOpenAIConfig } from "aira-sdk/gateway";
+ *   const client = new OpenAI({
+ *     ...gatewayOpenAIConfig({ airaApiKey: "aira_live_..." }),
+ *     apiKey: "sk-...",
+ *   });
+ *
+ * Usage (Anthropic):
+ *   import Anthropic from "@anthropic-ai/sdk";
+ *   import { gatewayAnthropicConfig } from "aira-sdk/gateway";
+ *   const client = new Anthropic({
+ *     ...gatewayAnthropicConfig({ airaApiKey: "aira_live_..." }),
+ *     apiKey: "sk-ant-...",
+ *   });
+ */
+export declare function gatewayOpenAIConfig(opts: {
+    airaApiKey: string;
+    gatewayUrl?: string;
+}): {
+    baseURL: string;
+    defaultHeaders: Record<string, string>;
+};
+export declare function gatewayAnthropicConfig(opts: {
+    airaApiKey: string;
+    gatewayUrl?: string;
+}): {
+    baseURL: string;
+    defaultHeaders: Record<string, string>;
+};

package/dist/gateway.js ADDED Viewed

@@ -0,0 +1,38 @@
+"use strict";
+/**
+ * Helpers for routing LLM SDK calls through Aira Gateway.
+ *
+ * Usage (OpenAI):
+ *   import OpenAI from "openai";
+ *   import { gatewayOpenAIConfig } from "aira-sdk/gateway";
+ *   const client = new OpenAI({
+ *     ...gatewayOpenAIConfig({ airaApiKey: "aira_live_..." }),
+ *     apiKey: "sk-...",
+ *   });
+ *
+ * Usage (Anthropic):
+ *   import Anthropic from "@anthropic-ai/sdk";
+ *   import { gatewayAnthropicConfig } from "aira-sdk/gateway";
+ *   const client = new Anthropic({
+ *     ...gatewayAnthropicConfig({ airaApiKey: "aira_live_..." }),
+ *     apiKey: "sk-ant-...",
+ *   });
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.gatewayOpenAIConfig = gatewayOpenAIConfig;
+exports.gatewayAnthropicConfig = gatewayAnthropicConfig;
+const DEFAULT_GATEWAY_URL = "https://api.airaproof.com";
+function gatewayOpenAIConfig(opts) {
+    const base = (opts.gatewayUrl ?? DEFAULT_GATEWAY_URL).replace(/\/$/, "");
+    return {
+        baseURL: `${base}/gateway/openai/v1`,
+        defaultHeaders: { "X-Aira-Api-Key": opts.airaApiKey },
+    };
+}
+function gatewayAnthropicConfig(opts) {
+    const base = (opts.gatewayUrl ?? DEFAULT_GATEWAY_URL).replace(/\/$/, "");
+    return {
+        baseURL: `${base}/gateway/anthropic/v1`,
+        defaultHeaders: { "X-Aira-Api-Key": opts.airaApiKey },
+    };
+}

package/dist/index.d.ts CHANGED Viewed

@@ -3,4 +3,5 @@ export type { AiraOptions } from "./client";
 export { AiraSession } from "./session";
 export { OfflineQueue } from "./offline";
 export type { QueuedRequest } from "./offline";
-export { AiraError, FRAMEWORK_ANNEX_IV, FRAMEWORK_ART12, FRAMEWORK_ART9, FRAMEWORK_ART6, type Authorization, type ActionReceipt, type ActionDetail, type AgentDetail, type AgentVersion, type CosignResult, type EvidencePackage, type ComplianceSnapshot, type EscrowAccount, type EscrowTransaction, type VerifyResult, type PaginatedList, type ComplianceReport, type ComplianceReportListResponse, type ComplianceReportVerification, type ActionExplanation, type ExplanationEnvelope, type ExplanationVerification, type OutputPolicy, type OutputPolicyUpdate, type OutputScanFlags, type OutputScanHit, } from "./types";
+export { gatewayOpenAIConfig, gatewayAnthropicConfig } from "./gateway";
+export { AiraError, FRAMEWORK_ANNEX_IV, FRAMEWORK_ART12, FRAMEWORK_ART9, FRAMEWORK_ART6, type Authorization, type ActionReceipt, type ActionDetail, type AgentDetail, type AgentVersion, type CosignResult, type EvidencePackage, type ComplianceSnapshot, type EscrowAccount, type EscrowTransaction, type VerifyResult, type PaginatedList, type ComplianceReport, type ComplianceReportListResponse, type ComplianceReportVerification, type ActionExplanation, type ExplanationEnvelope, type ExplanationVerification, type OutputPolicy, type OutputPolicyUpdate, type OutputScanFlags, type OutputScanHit, type DoraIncident, type IctThirdParty, type DoraTest, } from "./types";

package/dist/index.js CHANGED Viewed

@@ -1,12 +1,15 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.FRAMEWORK_ART6 = exports.FRAMEWORK_ART9 = exports.FRAMEWORK_ART12 = exports.FRAMEWORK_ANNEX_IV = exports.AiraError = exports.OfflineQueue = exports.AiraSession = exports.Aira = void 0;
+exports.FRAMEWORK_ART6 = exports.FRAMEWORK_ART9 = exports.FRAMEWORK_ART12 = exports.FRAMEWORK_ANNEX_IV = exports.AiraError = exports.gatewayAnthropicConfig = exports.gatewayOpenAIConfig = exports.OfflineQueue = exports.AiraSession = exports.Aira = void 0;
 var client_1 = require("./client");
 Object.defineProperty(exports, "Aira", { enumerable: true, get: function () { return client_1.Aira; } });
 var session_1 = require("./session");
 Object.defineProperty(exports, "AiraSession", { enumerable: true, get: function () { return session_1.AiraSession; } });
 var offline_1 = require("./offline");
 Object.defineProperty(exports, "OfflineQueue", { enumerable: true, get: function () { return offline_1.OfflineQueue; } });
+var gateway_1 = require("./gateway");
+Object.defineProperty(exports, "gatewayOpenAIConfig", { enumerable: true, get: function () { return gateway_1.gatewayOpenAIConfig; } });
+Object.defineProperty(exports, "gatewayAnthropicConfig", { enumerable: true, get: function () { return gateway_1.gatewayAnthropicConfig; } });
 var types_1 = require("./types");
 Object.defineProperty(exports, "AiraError", { enumerable: true, get: function () { return types_1.AiraError; } });
 Object.defineProperty(exports, "FRAMEWORK_ANNEX_IV", { enumerable: true, get: function () { return types_1.FRAMEWORK_ANNEX_IV; } });

package/dist/types.d.ts CHANGED Viewed

@@ -72,6 +72,62 @@ export interface OutputPolicy {
     redact_severity_threshold: "info" | "warning" | "critical";
     request_id: string;
 }
+export interface DoraIncident {
+    uuid: string;
+    title: string;
+    status: "detected" | "classified" | "resolved" | "reported";
+    severity: "critical" | "high" | "medium" | "low" | null;
+    category: string | null;
+    is_major: boolean;
+    detected_at: string;
+    classified_at: string | null;
+    resolved_at: string | null;
+    reported_at: string | null;
+    clients_affected_count: number;
+    has_report: boolean;
+    created_at: string;
+    org_uuid?: string | null;
+    description?: string | null;
+    affected_services?: string[] | null;
+    geographic_scope?: string[] | null;
+    root_cause_summary?: string | null;
+    root_cause_classification?: string | null;
+    third_party_uuid?: string | null;
+    resolution_summary?: string | null;
+    lessons_learned?: string | null;
+    related_action_uuids?: string[] | null;
+    report_content_hash?: string | null;
+    report_signature?: string | null;
+    report_signing_key_id?: string | null;
+    report_signed_at?: string | null;
+    report_pdf_size_bytes?: number | null;
+    request_id?: string;
+}
+export interface IctThirdParty {
+    uuid: string;
+    org_uuid: string;
+    vendor_name: string;
+    service_description: string;
+    service_type: string;
+    criticality: "critical" | "non_critical" | "supporting";
+    contract_start_date: string | null;
+    contract_end_date: string | null;
+    exit_strategy_summary: string | null;
+    subcontractors: string[] | null;
+    data_categories: string[] | null;
+    jurisdiction: string | null;
+    is_active: boolean;
+    created_at: string;
+    request_id?: string;
+}
+export interface DoraTest {
+    uuid: string;
+    test_type: string;
+    title: string;
+    conducted_at: string;
+    conducted_by: string;
+    status: "passed" | "failed" | "partial";
+}
 export interface OutputPolicyUpdate {
     enabled?: boolean;
     mode?: "flag" | "deny" | "redact";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "aira-sdk",
-  "version": "3.0.0",
+  "version": "3.2.0",
   "description": "The authorization and audit layer for AI agents",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -9,6 +9,10 @@
       "types": "./dist/index.d.ts",
       "default": "./dist/index.js"
     },
+    "./gateway": {
+      "types": "./dist/gateway.d.ts",
+      "default": "./dist/gateway.js"
+    },
     "./extras/langchain": {
       "types": "./dist/extras/langchain.d.ts",
       "default": "./dist/extras/langchain.js"