npm - eric-sdk - Versions diffs - 0.1.5 → 0.1.7 - Mend

eric-sdk 0.1.5 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -2,21 +2,38 @@
 All notable changes to the Eric SDK are documented here.
-This project follows semantic versioning.
-Pre-1.0 releases may introduce intentional breaking changes as the API surface evolves.
+This project follows semantic versioning.
+Pre-1.0 releases may introduce breaking changes as the API surface and governance model stabilize.
 ---
-## [0.1.5] – 2026-02-24
+## [0.1.7] – 2026-05-06
+### Documentation
+- Rewrote README to better reflect the SDK's role as an execution control layer.
+**Rationale:** The previous README underemphasized the governance model and led with authentication rather than how the SDK actually works. Updated to open with the execution pipeline, added a "How it works" section covering all five enforcement steps, expanded the security section with specific properties, and restructured usage examples to lead with a complete quick start. No runtime behavior changes.
+---
+## [0.1.6] – 2026-02-25
 ### Changed
-* Narrowed `type` in response shape from `string` to `"structured" | "text"`.
+Added `repository`, `homepage`, and `issues` metadata to `package.json`.
+**Rationale:** Improves npm package transparency by linking the SDK to its public GitHub source, issue tracker, and documentation. No runtime behavior changes.
+---
+## [0.1.5] – 2026-02-24
+### Changed
-### Rationale
+- Narrowed `type` in response shape from `string` to `"structured" | "text"`.
-Response format classification is now explicitly constrained.
-This prevents accidental drift in output types and strengthens the SDK’s deterministic contract.
+**Rationale:** Response format classification is now explicitly constrained. Prevents accidental drift in output types and strengthens the SDK's deterministic contract.
 ---
@@ -24,73 +41,56 @@ This prevents accidental drift in output types and strengthens the SDK’s deter
 ### Changed
-- Added `engines` field specifying Node.js >=20.
+- Added `engines` field specifying `node >=20`.
 ---
 ## [0.1.3] – 2026-02-06
-### Changed:
-* **Removed `client` from request payload**: The SDK no longer includes `client` in the request body when calling `decide()`.
-### Rationale:
+### Changed
-`client` is infrastructure identity and is now treated as authoritative header-only metadata (`x-api-client`).
-This change removes ambiguity, prevents spoofing, and aligns the SDK with Eric’s control-plane model, where execution authority lives outside user-provided input.
+- Removed `client` from the `decide()` request payload.
-### Notes:
+**Rationale:** `client` is infrastructure identity and is now treated as authoritative header-only metadata (`x-api-client`). Removing it from the request body prevents spoofing and aligns the SDK with Eric's control-plane model, where execution authority lives outside user-provided input.
-* Applications must continue to provide `x-api-client` and `x-api-key` headers.
-* Requests that previously included `client` in the body may be rejected by strict API validation.
+**Note:** Requests that previously included `client` in the body may be rejected by strict API validation.
 ---
 ## [0.1.2] – 2026-02-03
-### What's New:
-* **Updated API Endpoint**: The SDK now calls the API endpoint at `https://us-central1-eric-ai-prod.cloudfunctions.net/decide` for decision-making flows.
+### Changed
-### Breaking Changes:
+- Updated API endpoint to `https://us-central1-eric-ai-prod.cloudfunctions.net/decide`.
-* **Endpoint Change**: If you were using the previous `decide` endpoint, please update the SDK configuration to use the new endpoint.
+**Note:** If you were calling the previous endpoint directly, update your SDK to this version.
 ---
 ## [0.1.1] – 2026-01-30
-### Changed:
-* Removed explicit `flow: "decisionRouter"` from SDK requests.
+### Changed
-### Rationale:
+- Removed explicit `flow: "decisionRouter"` from SDK requests.
-The Eric API no longer accepts direct flow invocations.
-All requests are now treated as intent submissions and are routed through the internal decision router by default. This change simplifies the SDK payload and prevents accidental coupling to internal execution details.
+**Rationale:** The Eric API no longer accepts direct flow invocations. All requests are now treated as intent submissions and routed through the internal decision router by default. Simplifies the SDK payload and prevents coupling to internal execution details.
 ---
 ## [0.1.0] – 2026-01-27
-### Changed:
-* Removed `client.call()` to prevent direct flow invocation.
-* All executions must now be routed through `decide()`.
+### Changed
-### Rationale:
+- Removed `client.call()`. Direct flow invocation is no longer supported.
+- All executions must now be routed through `decide()`.
-Direct flow execution allowed applications to bypass policy enforcement. Eric is designed as a governance and control layer, and all execution must pass through policy evaluation to ensure deterministic, auditable outcomes. This release intentionally narrows the public API to reflect Eric’s execution model.
+**Rationale:** Direct flow execution allowed applications to bypass policy enforcement. Eric is a governance and control layer — all execution must pass through policy evaluation to ensure deterministic, auditable outcomes. This release intentionally narrows the public API to reflect that model.
 ---
 ## [0.0.5] – 2025-12-14
-### Added:
-* Initial public SDK release.
-* `decide()` with policy-based routing and optional execution bounds.
----
+### Added
-This version ensures clarity and consistency across all sections while providing users with the necessary context on each update.
+- Initial public SDK release.
+- `decide()` with policy-based routing and optional execution bounds via `allowedFlows`.

package/README.md CHANGED Viewed

@@ -1,11 +1,10 @@
 # Eric SDK (JavaScript / TypeScript)
-Official SDK for interacting with **Eric AI**, a policy-governed execution layer for AI systems.
+Official SDK for **Eric AI** — the execution control plane for production AI systems.
-Eric is designed for environments where AI behavior must be **controlled, deterministic, and auditable**.
-All requests are evaluated against configured policy before any capability is executed.
+Every request is evaluated against declared policy before any capability executes. No model is invoked until intent is classified, policy is cleared, and a registered capability is matched. Every execution — allowed or blocked — is logged with an immutable audit trail.
-This SDK exposes a single, safe interaction model that enforces those guarantees by default.
+Built for environments where AI behavior must be **controlled, deterministic, and auditable**.
 ---
@@ -15,11 +14,11 @@ This SDK exposes a single, safe interaction model that enforces those guarantees
 npm install eric-sdk
 ```
----
+Requires an Eric-issued API key. [Request access →](https://ericaicontrol.dev)
-## Authentication
+---
-You will need an Eric-issued API key.
+## Quick start
 ```ts
 import { EricSDK } from "eric-sdk";
@@ -28,41 +27,38 @@ const eric = new EricSDK({
   apiKey: process.env.ERIC_API_KEY!,
   client: "your-app-id",
 });
-```
-API keys are scoped and governed server-side.
-Keys should be treated as secrets and stored securely.
----
-## Security Notice
+const result = await eric.decide({
+  text: "Summarize the provided patient record",
+  requestType: "clinicalSummary",
+});
-This SDK enforces server-side policy and execution controls.
+// result.flow     — resolved capability
+// result.type     — "structured" | "text"
+// result.data     — schema-validated output
+```
-API keys must be stored securely and never embedded in public repositories.
+API keys are scoped and governed server-side. Never embed them in client-side code or public repositories.
 ---
-## Usage
+## How it works
-### Policy-Governed Execution
+Your application calls `decide()`. Eric handles the rest:
-All interactions with Eric are routed through `decide()`.
+1. **Intent classification** — the request is classified before any routing occurs
+2. **Policy gate** — declared policy is evaluated in code, not in prompts
+3. **Capability routing** — the request is routed deterministically to a registered capability
+4. **Output validation** — the response is validated against a typed schema before it is returned
+5. **Audit log** — every execution is recorded at the moment it occurs, immutably
-Eric evaluates each request against policy, routing constraints, and execution bounds before selecting and invoking an approved capability.
-```ts
-const result = await eric.decide({
-  text: "summarize the provided content",
-  requestType: "summary",
-});
-```
+If any check fails, execution stops. No fallbacks. No silent substitutions. No model is invoked.
 ---
-### Optional Execution Bounds
+## Restricting execution to specific capabilities
-You may optionally restrict which capabilities are eligible for execution.
+Use `allowedFlows` to restrict which capabilities are eligible for a given request.
 ```ts
 await eric.decide({
@@ -73,36 +69,45 @@ await eric.decide({
 When `allowedFlows` is provided:
-- Only capabilities in the allowed set are eligible for execution.
-- If resolution falls outside the allowed set, execution is denied.
-- No fallback or automatic substitution occurs.
+- Only capabilities in the allowed set are eligible
+- If no match is found, execution is denied and logged
+- No fallback or automatic substitution occurs
+This is equivalent to registering a capability restriction at the request level. For deployment-level restrictions, capability registration is handled during onboarding.
 ---
-## Response Shape
+## Response shape
 ```ts
 {
-  flow: string;                     // resolved capability
-  type: "structured" | "text";      // output format classification
-  data: unknown;                    // structured object or text result
+  flow: string;                     // resolved capability name
+  type: "structured" | "text";      // output format
+  data: unknown;                    // schema-validated output
 }
 ```
-All responses conform to pre-approved output contracts.
+All responses conform to pre-approved output contracts defined at the capability level. Every field is guaranteed to be present according to the executed capability's schema.
-All fields are guaranteed to be present according to the executed capability’s contract.
+---
+## Security
+- Policy is enforced server-side. The SDK cannot bypass or override execution controls.
+- API keys are scoped per client and governed server-side.
+- All executions — including blocked ones — are logged with a structured, timestamped, attributable record.
+- Customer data is not used to train third-party models.
+- BYOK (Bring Your Own Key) is supported for model providers. See onboarding documentation.
 ---
-## Design Principles
+## Design principles
-* **Policy-first execution** — no direct or bypassed calls
-* **Deterministic behavior** — predictable outputs by design
-* **Auditability** — every decision and execution is logged
-* **Infrastructure-grade** — built for production systems, not chatbots
-* **Intent-based API** — clients describe what they want, not what to run
+- **Policy-first** — no direct model calls, no bypassed executions
+- **Deterministic** — the same request under the same policy produces the same routing decision
+- **Auditable** — every decision is logged at execution time, not reconstructed after
+- **Infrastructure-grade** — built for regulated production systems, not prototypes
+- **Intent-based** — clients describe what they want; the control plane decides what runs
 ---
@@ -110,7 +115,7 @@ All fields are guaranteed to be present according to the executed capability’s
 The Eric SDK follows semantic versioning.
-Breaking changes reflect deliberate enforcement of governance and safety guarantees.
+Breaking changes reflect deliberate updates to governance and safety guarantees, not implementation convenience.
 Pre-1.0 versions were experimental and are not supported.
@@ -120,7 +125,4 @@ See `CHANGELOG.md` for details.
 ## Support
-For access, onboarding, or documentation:
-[https://ericaicontrol.dev](https://ericaicontrol.dev)
+For access, onboarding, or documentation: [https://ericaicontrol.dev](https://ericaicontrol.dev)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "eric-sdk",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "Official SDK for enforcing policy-governed AI execution using the Eric AI governance layer",
   "author": "Rod Bridges",
   "license": "MIT",
@@ -31,5 +31,12 @@
     "tsup": "^8.5.1",
     "typescript": "^5.9.3"
   },
-  "homepage": "https://ericaicontrol.dev"
+  "homepage": "https://github.com/eric-ai-control/eric-sdk#readme",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/eric-ai-control/eric-sdk.git"
+  },
+  "bugs": {
+    "url": "https://github.com/eric-ai-control/eric-sdk/issues"
+  }
 }