blockintel-gate-sdk 0.3.6 → 0.3.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -0
- package/dist/index.cjs +397 -145
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +107 -3
- package/dist/index.d.ts +107 -3
- package/dist/index.js +395 -145
- package/dist/index.js.map +1 -1
- package/package.json +3 -7
package/README.md
CHANGED
|
@@ -13,6 +13,12 @@ npm install @blockintel/gate-sdk
|
|
|
13
13
|
- Node.js >= 18.0.0 (uses global `fetch` API)
|
|
14
14
|
- TypeScript >= 5.0.0 (optional, for type definitions)
|
|
15
15
|
|
|
16
|
+
### Hot Path compatibility
|
|
17
|
+
|
|
18
|
+
- **Mode**: Default is `SHADOW` (Hot Path returns ALLOW with reason codes for would-block decisions). Set `mode: 'ENFORCE'` or `GATE_MODE=ENFORCE` for real BLOCK responses.
|
|
19
|
+
- **signingContext**: Hot Path requires `actorPrincipal` and `signerId`. The SDK defaults them when missing (`gate-sdk-client` or from `signingContext.signerId`).
|
|
20
|
+
- **ESM**: HMAC and SHA-256 use `node:crypto` (no `require('crypto')`), so the SDK works in ESM (`"type": "module"`) and in bundled canary apps.
|
|
21
|
+
|
|
16
22
|
## Quick Start
|
|
17
23
|
|
|
18
24
|
### HMAC Authentication
|
|
@@ -203,6 +209,9 @@ When step-up is disabled, the SDK treats `REQUIRE_STEP_UP` as `BLOCK` by default
|
|
|
203
209
|
GATE_BASE_URL=https://gate.blockintelai.com
|
|
204
210
|
GATE_TENANT_ID=your-tenant-id
|
|
205
211
|
|
|
212
|
+
# Heartbeat (required when not using local mode; parity with Python GATE_HEARTBEAT_KEY)
|
|
213
|
+
GATE_HEARTBEAT_KEY=your-heartbeat-key
|
|
214
|
+
|
|
206
215
|
# HMAC Authentication
|
|
207
216
|
GATE_KEY_ID=your-key-id
|
|
208
217
|
GATE_HMAC_SECRET=your-secret
|
|
@@ -376,6 +385,21 @@ The SDK automatically retries failed requests:
|
|
|
376
385
|
- Same `requestId` is used across all retries
|
|
377
386
|
- Ensures idempotency on Gate server
|
|
378
387
|
|
|
388
|
+
## Degraded Mode / X-BlockIntel-Degraded
|
|
389
|
+
|
|
390
|
+
When the SDK is in a degraded situation, it logs `X-BlockIntel-Degraded: true` with a `reason` for **logs and telemetry only**. This is **never sent as an HTTP request header** to the Gate server.
|
|
391
|
+
|
|
392
|
+
**Reasons:** `retry`, `429`, `fail_open`, `fail_safe_allow`.
|
|
393
|
+
|
|
394
|
+
**Example (one line):**
|
|
395
|
+
`[GATE SDK] X-BlockIntel-Degraded: true (reason=retry) attempt=1/3 status=503 err=RATE_LIMITED`
|
|
396
|
+
|
|
397
|
+
**How to observe:**
|
|
398
|
+
- **Logs:** `[GATE SDK] X-BlockIntel-Degraded: true (reason: <reason>)` via `console.warn`. Pipe stderr to your log aggregator.
|
|
399
|
+
- **Metrics:** Use `onMetrics`; metrics include `timeouts`, `errors`, `failOpen`, etc. Correlate with log lines if you ship both.
|
|
400
|
+
|
|
401
|
+
**Manual check (retry):** Point the SDK at an endpoint that returns 5xx; confirm one degraded log per retry attempt including `attempt`, `max`, and `status`/`err`.
|
|
402
|
+
|
|
379
403
|
## Heartbeat System
|
|
380
404
|
|
|
381
405
|
The SDK includes a **Heartbeat Manager** that automatically acquires and refreshes heartbeat tokens from the Gate Control Plane. Heartbeat tokens are required for all signing operations and ensure that Gate is alive and enforcing policy.
|