npm - eric-sdk - Versions diffs - 0.1.6 → 0.1.8 - Mend

eric-sdk 0.1.6 → 0.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -2,34 +2,52 @@
 All notable changes to the Eric SDK are documented here.
-This project follows semantic versioning.
-Pre-1.0 releases may introduce intentional breaking changes as the API surface evolves.
+This project follows semantic versioning.
+Pre-1.0 releases may introduce breaking changes as the API surface and governance model stabilize.
 ---
-## [0.1.6] – 2026-02-25
+## [0.1.8] – 2026-06-09
+### Documentation
-## Changed
+- Repositioned README around centralized AI governance.
+- Updated SDK description to reflect Eric's role as a governance layer across applications and AI models.
+- Added governance-focused overview and architecture explanation.
+- Renamed capability section to emphasize approved capability governance.
+- Expanded design principles with centralized governance and model-agnostic operation.
-Added repository, homepage, and issues metadata to package.json.
+**Rationale:** Eric's platform positioning has evolved from an execution-control-focused runtime description to a centralized governance layer for AI applications. The README now leads with the organizational problem Eric solves—governance fragmentation across applications—while preserving the existing technical implementation details. No runtime behavior changes.
+---
-Rationale
+## [0.1.7] – 2026-05-06
-Improves npm package transparency and traceability by linking the SDK to its public GitHub source, issue tracking, and documentation.
-No runtime behavior changes.
+### Documentation
+- Rewrote README to better reflect the SDK's role as an execution control layer.
+**Rationale:** The previous README underemphasized the governance model and led with authentication rather than how the SDK actually works. Updated to open with the execution pipeline, added a "How it works" section covering all five enforcement steps, expanded the security section with specific properties, and restructured usage examples to lead with a complete quick start. No runtime behavior changes.
 ---
-## [0.1.5] – 2026-02-24
+## [0.1.6] – 2026-02-25
 ### Changed
-* Narrowed `type` in response shape from `string` to `"structured" | "text"`.
+Added `repository`, `homepage`, and `issues` metadata to `package.json`.
+**Rationale:** Improves npm package transparency by linking the SDK to its public GitHub source, issue tracker, and documentation. No runtime behavior changes.
+---
-### Rationale
+## [0.1.5] – 2026-02-24
+### Changed
-Response format classification is now explicitly constrained.
-This prevents accidental drift in output types and strengthens the SDK’s deterministic contract.
+- Narrowed `type` in response shape from `string` to `"structured" | "text"`.
+**Rationale:** Response format classification is now explicitly constrained. Prevents accidental drift in output types and strengthens the SDK's deterministic contract.
 ---
@@ -37,73 +55,56 @@ This prevents accidental drift in output types and strengthens the SDK’s deter
 ### Changed
-- Added `engines` field specifying Node.js >=20.
+- Added `engines` field specifying `node >=20`.
 ---
 ## [0.1.3] – 2026-02-06
-### Changed:
-* **Removed `client` from request payload**: The SDK no longer includes `client` in the request body when calling `decide()`.
-### Rationale:
+### Changed
-`client` is infrastructure identity and is now treated as authoritative header-only metadata (`x-api-client`).
-This change removes ambiguity, prevents spoofing, and aligns the SDK with Eric’s control-plane model, where execution authority lives outside user-provided input.
+- Removed `client` from the `decide()` request payload.
-### Notes:
+**Rationale:** `client` is infrastructure identity and is now treated as authoritative header-only metadata (`x-api-client`). Removing it from the request body prevents spoofing and aligns the SDK with Eric's control-plane model, where execution authority lives outside user-provided input.
-* Applications must continue to provide `x-api-client` and `x-api-key` headers.
-* Requests that previously included `client` in the body may be rejected by strict API validation.
+**Note:** Requests that previously included `client` in the body may be rejected by strict API validation.
 ---
 ## [0.1.2] – 2026-02-03
-### What's New:
-* **Updated API Endpoint**: The SDK now calls the API endpoint at `https://us-central1-eric-ai-prod.cloudfunctions.net/decide` for decision-making flows.
+### Changed
-### Breaking Changes:
+- Updated API endpoint to `https://us-central1-eric-ai-prod.cloudfunctions.net/decide`.
-* **Endpoint Change**: If you were using the previous `decide` endpoint, please update the SDK configuration to use the new endpoint.
+**Note:** If you were calling the previous endpoint directly, update your SDK to this version.
 ---
 ## [0.1.1] – 2026-01-30
-### Changed:
-* Removed explicit `flow: "decisionRouter"` from SDK requests.
+### Changed
-### Rationale:
+- Removed explicit `flow: "decisionRouter"` from SDK requests.
-The Eric API no longer accepts direct flow invocations.
-All requests are now treated as intent submissions and are routed through the internal decision router by default. This change simplifies the SDK payload and prevents accidental coupling to internal execution details.
+**Rationale:** The Eric API no longer accepts direct flow invocations. All requests are now treated as intent submissions and routed through the internal decision router by default. Simplifies the SDK payload and prevents coupling to internal execution details.
 ---
 ## [0.1.0] – 2026-01-27
-### Changed:
-* Removed `client.call()` to prevent direct flow invocation.
-* All executions must now be routed through `decide()`.
+### Changed
-### Rationale:
+- Removed `client.call()`. Direct flow invocation is no longer supported.
+- All executions must now be routed through `decide()`.
-Direct flow execution allowed applications to bypass policy enforcement. Eric is designed as a governance and control layer, and all execution must pass through policy evaluation to ensure deterministic, auditable outcomes. This release intentionally narrows the public API to reflect Eric’s execution model.
+**Rationale:** Direct flow execution allowed applications to bypass policy enforcement. Eric is a governance and control layer — all execution must pass through policy evaluation to ensure deterministic, auditable outcomes. This release intentionally narrows the public API to reflect that model.
 ---
 ## [0.0.5] – 2025-12-14
-### Added:
-* Initial public SDK release.
-* `decide()` with policy-based routing and optional execution bounds.
----
+### Added
-This version ensures clarity and consistency across all sections while providing users with the necessary context on each update.
+- Initial public SDK release.
+- `decide()` with policy-based routing and optional execution bounds via `allowedFlows`.

package/README.md CHANGED Viewed

@@ -1,11 +1,14 @@
 # Eric SDK (JavaScript / TypeScript)
-Official SDK for interacting with **Eric AI**, a policy-governed execution layer for AI systems.
+Official SDK for **Eric AI** - a centralized governance layer for AI applications.
-Eric is designed for environments where AI behavior must be **controlled, deterministic, and auditable**.
-All requests are evaluated against configured policy before any capability is executed.
+Most organizations don't have one AI application anymore. They have many.
-This SDK exposes a single, safe interaction model that enforces those guarantees by default.
+As AI adoption grows, governance becomes fragmented. Different applications implement different controls, different audit trails, different policies, and often different AI providers.
+Eric sits between applications and AI models, applying capability authorization, policy enforcement, output compliance, and audit logging consistently before execution reaches a model.
+**One Governance Layer. Every Application. Any Model.**
 ---
@@ -15,11 +18,11 @@ This SDK exposes a single, safe interaction model that enforces those guarantees
 npm install eric-sdk
 ```
----
+Requires an Eric-issued API key. [Request access →](https://ericaicontrol.dev)
-## Authentication
+---
-You will need an Eric-issued API key.
+## Quick start
 ```ts
 import { EricSDK } from "eric-sdk";
@@ -28,81 +31,100 @@ const eric = new EricSDK({
   apiKey: process.env.ERIC_API_KEY!,
   client: "your-app-id",
 });
+const result = await eric.decide({
+  text: "Summarize the provided patient record",
+  requestType: "clinicalSummary",
+});
+// result.flow     - resolved capability
+// result.type     - "structured" | "text"
+// result.data     - schema-validated output
 ```
-API keys are scoped and governed server-side.
-Keys should be treated as secrets and stored securely.
+API keys are scoped and governed server-side. Never embed them in client-side code or public repositories.
 ---
-## Security Notice
+## How it works
-This SDK enforces server-side policy and execution controls.
+Applications invoke Eric through a single API.
-API keys must be stored securely and never embedded in public repositories.
+Eric applies governance before any model is executed.
----
+1. **Intent classification** - determine the requested business capability
+2. **Authorization** - verify the capability is approved for the client and application
+3. **Policy enforcement** - evaluate execution policy before model invocation
+4. **Capability routing** - route deterministically to the registered capability
+5. **Model execution** - invoke the configured AI provider
+6. **Output validation** - validate the response against the capability schema
+7. **Audit logging** - record the execution outcome with a complete audit trail
-## Usage
+If any governance check fails, execution stops. No fallback. No silent substitution. No model is invoked.
-### Policy-Governed Execution
+---
-All interactions with Eric are routed through `decide()`.
+## Governing approved capabilities
-Eric evaluates each request against policy, routing constraints, and execution bounds before selecting and invoking an approved capability.
+Applications do not invoke models directly.
-```ts
-const result = await eric.decide({
-  text: "summarize the provided content",
-  requestType: "summary",
-});
-```
----
+Applications invoke approved capabilities.
-### Optional Execution Bounds
+Eric determines whether a capability is authorized, applies governance controls, and routes execution to the appropriate AI provider.
-You may optionally restrict which capabilities are eligible for execution.
+Use `allowedFlows` to further restrict which capabilities are eligible for a specific request.
 ```ts
 await eric.decide({
-  text: "Generate a structured daily summary for the provided input",
+  text: "Generate a structured daily summary",
   allowedFlows: ["dailySummary"],
 });
 ```
 When `allowedFlows` is provided:
-- Only capabilities in the allowed set are eligible for execution.
-- If resolution falls outside the allowed set, execution is denied.
-- No fallback or automatic substitution occurs.
+- Only capabilities in the allowed set are eligible
+- If no match is found, execution is denied and logged
+- No fallback or automatic substitution occurs
+This provides request-level governance on top of deployment-level capability controls.
 ---
-## Response Shape
+## Response shape
 ```ts
 {
-  flow: string;                     // resolved capability
-  type: "structured" | "text";      // output format classification
-  data: unknown;                    // structured object or text result
+  flow: string;                // resolved capability
+  type: "structured" | "text"; // output format
+  data: unknown;               // schema-validated output
 }
 ```
-All responses conform to pre-approved output contracts.
+All responses conform to capability-level output contracts. Every field is validated before being returned to the application.
+---
+## Security & Governance
-All fields are guaranteed to be present according to the executed capability’s contract.
+- Authorization and policy enforcement occur server-side
+- API keys are scoped per client and governed centrally
+- All executions - including blocked executions - are logged
+- Customer data is never used to train third-party models
+- BYOK (Bring Your Own Key) is supported for model providers
+- Governance remains consistent regardless of underlying model provider
 ---
-## Design Principles
+## Design principles
-* **Policy-first execution** — no direct or bypassed calls
-* **Deterministic behavior** — predictable outputs by design
-* **Auditability** — every decision and execution is logged
-* **Infrastructure-grade** — built for production systems, not chatbots
-* **Intent-based API** — clients describe what they want, not what to run
+- **Centralized governance** - one governance layer across applications
+- **Capability-first** - applications invoke approved capabilities, not models
+- **Policy-enforced** - execution controls are applied before model invocation
+- **Deterministic** - the same request under the same policy produces the same routing decision
+- **Auditable** - every decision is recorded at execution time
+- **Model-agnostic** - governance remains consistent across providers
+- **Infrastructure-grade** - built for production and regulated environments
 ---
@@ -110,9 +132,7 @@ All fields are guaranteed to be present according to the executed capability’s
 The Eric SDK follows semantic versioning.
-Breaking changes reflect deliberate enforcement of governance and safety guarantees.
-Pre-1.0 versions were experimental and are not supported.
+Breaking changes reflect deliberate updates to governance guarantees and platform behavior, not implementation convenience.
 See `CHANGELOG.md` for details.
@@ -121,6 +141,11 @@ See `CHANGELOG.md` for details.
 ## Support
 For access, onboarding, or documentation:
-[https://ericaicontrol.dev](https://ericaicontrol.dev)
+https://ericaicontrol.dev
+---
+**Eric AI**
+*One Governance Layer. Every Application. Any Model.*

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "eric-sdk",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "description": "Official SDK for enforcing policy-governed AI execution using the Eric AI governance layer",
   "author": "Rod Bridges",
   "license": "MIT",