npm - forma-sdk - Versions diffs - 1.0.0 - Mend

forma-sdk 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/gate.js ADDED Viewed

@@ -0,0 +1,137 @@
+"use strict";
+/**
+ * FORMA Local Gate — TypeScript port of Python gate_local.py
+ * Evaluates prompts locally in <1ms — no network hop on the critical path.
+ * PII patterns + threat detection keep sensitive data from leaving the process.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PII_PACKS = exports.PACK_FLAGS = void 0;
+exports.normalize = normalize;
+exports.detectPii = detectPii;
+exports.detectThreat = detectThreat;
+exports.buildBootstrapPolicy = buildBootstrapPolicy;
+exports.evaluateLocal = evaluateLocal;
+// ── Unicode normalization + homoglyph defence ─────────────────────────────────
+const HOMOGLYPHS = {
+    "І": "I", "і": "i", "р": "p", "Р": "P", "а": "a", "А": "A",
+    "е": "e", "Е": "E", "о": "o", "О": "O", "с": "c", "С": "C",
+    "х": "x", "Х": "X", "ѕ": "s", "ν": "v", "ɑ": "a", "ɡ": "g",
+};
+function normalize(text) {
+    // Replace Cyrillic/Greek homoglyphs with ASCII equivalents before scanning
+    return Array.from(text).map(ch => { var _a; return (_a = HOMOGLYPHS[ch]) !== null && _a !== void 0 ? _a : ch; }).join("");
+}
+const PII_PATTERNS = [
+    // Core India PII
+    { label: "Aadhaar number", pattern: /\b(?:\d{4}[\s,./]?\d{4}[\s,./]?\d{4}|\d(?:[\s,.]\d){11})\b/g },
+    { label: "Indian PAN", pattern: /\b[A-Z]{5}\d{4}[A-Z]\b/g },
+    { label: "SSN", pattern: /\b\d{3}-\d{2}-\d{4}\b/g },
+    { label: "Email address", pattern: /\b[A-Za-z0-9._%+\-]+@[A-Za-z0-9.\-]+\.[A-Za-z]{2,}\b/g },
+    { label: "Phone number", pattern: /\b(?:\+?91[\-\s]?)?[6-9]\d{4}[\s\-]?\d{5}\b/g },
+    // India additions (DPDP moat)
+    { label: "GSTIN", pattern: /\b\d{2}[A-Z]{5}\d{4}[A-Z][A-Z\d]Z[A-Z\d]\b/g },
+    { label: "UPI ID", pattern: /\b[a-zA-Z0-9][a-zA-Z0-9.\-_]{1,98}@(?:ok[a-z]+|paytm|ybl|apl|upi|ibl|axl|sbi|hdfcbank|hdfc|icici|axisbank|axis|kotak|fbl|yapl|jupiteraxis|barodampay|airtel|jio|freecharge|cnrb|idfcfirst|dbs|indus|abfspay|kbl|federal|pingpay|naviaxis|rmhdfc|waaxis|yesg|timecosmos)\b/gi },
+    { label: "Indian Passport", pattern: /\b[A-PR-WY][1-9]\d\s?\d{4}[1-9]\b/g },
+    { label: "IFSC code", pattern: /\b[A-Z]{4}0[A-Z0-9]{6}\b/g },
+    { label: "Driving License", pattern: /\bDL[-\s]?\d{13}\b/gi },
+    { label: "Date of birth", pattern: /(?:dob|date[\s._-]?of[\s._-]?birth)[:\s]*\d{1,2}[/\-]\d{1,2}[/\-]\d{2,4}/gi },
+    // Cards (space-separated only — dashes = ref numbers)
+    { label: "Visa card", pattern: /(?<![0-9\-])4\d{3}\s?\d{4}\s?\d{4}\s?\d{1,4}(?![0-9\-])/g },
+    { label: "Mastercard", pattern: /(?<![0-9\-])5[1-5]\d{2}\s?\d{4}\s?\d{4}\s?\d{4}(?![0-9\-])/g },
+    { label: "Amex", pattern: /(?<![0-9\-])3[47]\d{2}\s?\d{6}\s?\d{5}(?![0-9\-])/g },
+    { label: "CVV", pattern: /(?:cvv|cvc|security[\s._-]?code)\D{0,15}\d{3,4}/gi },
+    { label: "Credit/Debit card", pattern: /\b(?:\d\s?){13,16}\b/g },
+    // International
+    { label: "IBAN", pattern: /\b[A-Z]{2}\d{2}[A-Z0-9]{11,30}\b/g },
+    { label: "Passport number", pattern: /\b[A-Z]\d{7}\b/g },
+];
+function detectPii(text) {
+    const normalized = normalize(text);
+    for (const { label, pattern } of PII_PATTERNS) {
+        pattern.lastIndex = 0;
+        if (pattern.test(normalized))
+            return label;
+    }
+    return null;
+}
+// ── Threat detection ─────────────────────────────────────────────────────────
+const FLAGS = "i";
+const INJECTION_PATTERNS = [
+    { label: "prompt_injection", pattern: new RegExp(String.raw `ignore\s.{0,40}(safety|constraint|guard|rule|policy|previous|instruction|system)`, FLAGS) },
+    { label: "jailbreak", pattern: new RegExp(String.raw `(jailbreak|bypass|disable|override|circumvent)\s.{0,40}(safety|constraint|filter|guard|policy|system|rule)`, FLAGS) },
+    { label: "credential_extract", pattern: new RegExp(String.raw `(reveal|expose|dump|show|leak|exfiltrate)\s.{0,40}(password|secret|api.?key|credential|token|key)`, FLAGS) },
+    { label: "role_switch", pattern: new RegExp(String.raw `(you are now|act as|pretend to be|roleplay as|switch to)\s.{0,40}(admin|root|unrestricted|jailbreak|DAN|god mode)`, FLAGS) },
+    { label: "system_prompt_leak", pattern: new RegExp(String.raw `(print|output|repeat|show|tell me)\s.{0,30}(your\s)?(system\s)?prompt|instruction`, FLAGS) },
+    { label: "approval_bypass", pattern: new RegExp(String.raw `(skip|bypass|without|no need for)\s.{0,20}(human\s)?(approval|review|sign.off|authorization)|auto[\s-]?(approve|authorize)`, FLAGS) },
+    { label: "compliance_bypass", pattern: new RegExp(String.raw `(disable|bypass|skip|ignore)\s.{0,20}(compliance|regulatory|gdpr|dpdp|rbi|pci|hipaa|policy|guardrail)`, FLAGS) },
+    { label: "tool_abuse", pattern: new RegExp(String.raw `(exec|execute|run|shell|bash|rm|delete|drop|truncate|disable)\s.{0,20}(command|script|database|table|server|system|production)`, FLAGS) },
+];
+function detectThreat(text) {
+    const normalized = normalize(text);
+    for (const { label, pattern } of INJECTION_PATTERNS) {
+        if (pattern.test(normalized)) {
+            return {
+                decision: "block",
+                rule_id: `threat_${label}`,
+                reason: `Blocked by FORMA Gate — ${label.replace(/_/g, " ")} detected.`,
+            };
+        }
+    }
+    return { decision: "allow", rule_id: null, reason: "No threat detected." };
+}
+// ── Pack → framework flags ────────────────────────────────────────────────────
+exports.PACK_FLAGS = {
+    ai_safety: "ai_safety", dpdp: "dpdp", dpdp_act: "dpdp", dpdp_act_2023: "dpdp",
+    rbi: "rbi", rbi_ml_risk: "rbi", rbi_mrm: "rbi",
+    eu_ai_act: "eu_ai_act", euaiact: "eu_ai_act",
+    gdpr: "gdpr", hipaa: "hipaa", pci_dss: "pci_dss",
+    iso42001: "iso42001", soc2: "soc2", nist: "nist",
+};
+exports.PII_PACKS = new Set(["ai_safety", "dpdp", "eu_ai_act", "gdpr", "hipaa", "pci_dss"]);
+function buildBootstrapPolicy(agentName, packs, authorizedActions) {
+    const flags = packs.map(p => { var _a; return (_a = exports.PACK_FLAGS[p.toLowerCase()]) !== null && _a !== void 0 ? _a : p.toLowerCase(); });
+    return {
+        agentName,
+        piiCheck: flags.some(f => exports.PII_PACKS.has(f)),
+        injectionCheck: true,
+        killActive: false,
+        authorizedActions: authorizedActions !== null && authorizedActions !== void 0 ? authorizedActions : null,
+        frameworks: [...new Set(flags)],
+        enforce_packs: packs,
+    };
+}
+function evaluateLocal(policy, opts) {
+    var _a;
+    if (policy.killActive) {
+        return { decision: "block", rule_id: "kill_switch", reason: "Kill switch active — all actions blocked." };
+    }
+    if (opts.actionType === "tool_call" && opts.toolName && policy.authorizedActions) {
+        if (!policy.authorizedActions.includes(opts.toolName)) {
+            return { decision: "block", rule_id: "unauthorized_tool",
+                reason: `Tool '${opts.toolName}' is not in the authorized actions list.` };
+        }
+    }
+    // Injection check
+    if (policy.injectionCheck) {
+        const scanText = (_a = opts.prompt) !== null && _a !== void 0 ? _a : (opts.toolArgs ? JSON.stringify(opts.toolArgs) : "");
+        if (scanText) {
+            const threat = detectThreat(scanText);
+            if (threat.decision === "block")
+                return threat;
+        }
+    }
+    // PII check
+    if (policy.piiCheck) {
+        const scanText = [opts.prompt, opts.toolArgs ? JSON.stringify(opts.toolArgs) : ""].filter(Boolean).join(" ");
+        const pii = detectPii(scanText);
+        if (pii) {
+            return {
+                decision: "block",
+                rule_id: "pii_in_prompt",
+                reason: `PII detected: ${pii}. Blocked by FORMA Gate (${[...policy.frameworks].join(", ") || "PII protection"}).`,
+            };
+        }
+    }
+    return { decision: "allow", rule_id: null, reason: "Action permitted — all compliance checks passed." };
+}
+//# sourceMappingURL=gate.js.map

package/dist/gate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gate.js","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AASH,8BAGC;AAiCD,8BAOC;AAsBD,oCAYC;AAwBD,oDAWC;AAQD,sCAsCC;AArKD,iFAAiF;AACjF,MAAM,UAAU,GAA2B;IACzC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IAC1D,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IAC1D,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;CAC3D,CAAC;AAEF,SAAgB,SAAS,CAAC,IAAY;IACpC,2EAA2E;IAC3E,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,WAAC,OAAA,MAAA,UAAU,CAAC,EAAE,CAAC,mCAAI,EAAE,CAAA,EAAA,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACnE,CAAC;AAKD,MAAM,YAAY,GAAiB;IACjC,iBAAiB;IACjB,EAAE,KAAK,EAAE,gBAAgB,EAAG,OAAO,EAAE,6DAA6D,EAAE;IACpG,EAAE,KAAK,EAAE,YAAY,EAAO,OAAO,EAAE,yBAAyB,EAAE;IAChE,EAAE,KAAK,EAAE,KAAK,EAAc,OAAO,EAAE,wBAAwB,EAAE;IAC/D,EAAE,KAAK,EAAE,eAAe,EAAI,OAAO,EAAE,uDAAuD,EAAE;IAC9F,EAAE,KAAK,EAAE,cAAc,EAAK,OAAO,EAAE,8CAA8C,EAAE;IAErF,8BAA8B;IAC9B,EAAE,KAAK,EAAE,OAAO,EAAY,OAAO,EAAE,6CAA6C,EAAE;IACpF,EAAE,KAAK,EAAE,QAAQ,EAAW,OAAO,EAAE,6QAA6Q,EAAE;IACpT,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,oCAAoC,EAAE;IAC3E,EAAE,KAAK,EAAE,WAAW,EAAQ,OAAO,EAAE,2BAA2B,EAAE;IAClE,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,sBAAsB,EAAE;IAC7D,EAAE,KAAK,EAAE,eAAe,EAAI,OAAO,EAAE,4EAA4E,EAAE;IAEnH,sDAAsD;IACtD,EAAE,KAAK,EAAE,WAAW,EAAQ,OAAO,EAAE,0DAA0D,EAAE;IACjG,EAAE,KAAK,EAAE,YAAY,EAAO,OAAO,EAAE,6DAA6D,EAAE;IACpG,EAAE,KAAK,EAAE,MAAM,EAAa,OAAO,EAAE,oDAAoD,EAAE;IAC3F,EAAE,KAAK,EAAE,KAAK,EAAc,OAAO,EAAE,mDAAmD,EAAE;IAC1F,EAAE,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,uBAAuB,EAAE;IAEhE,gBAAgB;IAChB,EAAE,KAAK,EAAE,MAAM,EAAa,OAAO,EAAE,mCAAmC,EAAE;IAC1E,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE;CACzD,CAAC;AAEF,SAAgB,SAAS,CAAC,IAAY;IACpC,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IACnC,KAAK,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,YAAY,EAAE,CAAC;QAC9C,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;IAC7C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,gFAAgF;AAChF,MAAM,KAAK,GAAG,GAAG,CAAC;AAElB,MAAM,kBAAkB,GAA8C;IACpE,EAAE,KAAK,EAAE,kBAAkB,EAAK,OAAO,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAA,kFAAkF,EAAE,KAAK,CAAC,EAAE;IAC1J,EAAE,KAAK,EAAE,WAAW,EAAW,OAAO,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAA,4GAA4G,EAAE,KAAK,CAAC,EAAE;IACnL,EAAE,KAAK,EAAE,oBAAoB,EAAE,OAAO,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAA,mGAAmG,EAAE,KAAK,CAAC,EAAE;IAC1K,EAAE,KAAK,EAAE,aAAa,EAAS,OAAO,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAA,mHAAmH,EAAE,KAAK,CAAC,EAAE;IAC1L,EAAE,KAAK,EAAE,oBAAoB,EAAE,OAAO,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAA,mFAAmF,EAAE,KAAK,CAAC,EAAE;IAC1J,EAAE,KAAK,EAAE,iBAAiB,EAAK,OAAO,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAA,4HAA4H,EAAE,KAAK,CAAC,EAAE;IACnM,EAAE,KAAK,EAAE,mBAAmB,EAAG,OAAO,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAA,uGAAuG,EAAE,KAAK,CAAC,EAAE;IAC9K,EAAE,KAAK,EAAE,YAAY,EAAU,OAAO,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAA,gIAAgI,EAAE,KAAK,CAAC,EAAE;CACxM,CAAC;AAQF,SAAgB,YAAY,CAAC,IAAY;IACvC,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IACnC,KAAK,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACpD,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7B,OAAO;gBACL,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,UAAU,KAAK,EAAE;gBAC1B,MAAM,EAAE,2BAA2B,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,YAAY;aACxE,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;AAC7E,CAAC;AAED,iFAAiF;AACpE,QAAA,UAAU,GAA2B;IAChD,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM;IAC7E,GAAG,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;IAC9C,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,WAAW;IAC5C,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS;IAChD,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM;CACjD,CAAC;AAEW,QAAA,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC;AAajG,SAAgB,oBAAoB,CAAC,SAAiB,EAAE,KAAe,EAAE,iBAA4B;IACnG,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,WAAC,OAAA,MAAA,kBAAU,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,mCAAI,CAAC,CAAC,WAAW,EAAE,CAAA,EAAA,CAAC,CAAC;IAC7E,OAAO;QACL,SAAS;QACT,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,iBAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC3C,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,KAAK;QACjB,iBAAiB,EAAE,iBAAiB,aAAjB,iBAAiB,cAAjB,iBAAiB,GAAI,IAAI;QAC5C,UAAU,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC/B,aAAa,EAAE,KAAK;KACrB,CAAC;AACJ,CAAC;AAQD,SAAgB,aAAa,CAC3B,MAAc,EACd,IAAoF;;IAEpF,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,2CAA2C,EAAE,CAAC;IAC5G,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACjF,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACtD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,mBAAmB;gBACtD,MAAM,EAAE,SAAS,IAAI,CAAC,QAAQ,0CAA0C,EAAE,CAAC;QAC/E,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,MAAA,IAAI,CAAC,MAAM,mCAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACrF,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;YACtC,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO;gBAAE,OAAO,MAAM,CAAC;QACjD,CAAC;IACH,CAAC;IAED,YAAY;IACZ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7G,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAChC,IAAI,GAAG,EAAE,CAAC;YACR,OAAO;gBACL,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,eAAe;gBACxB,MAAM,EAAE,iBAAiB,GAAG,4BAA4B,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,gBAAgB,IAAI;aAClH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,kDAAkD,EAAE,CAAC;AAC1G,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,81 @@
+/**
+ * FORMA SDK for Node.js — The AI Agent Firewall
+ *
+ * Blocks unauthorized actions, PII leaks, and risky decisions before
+ * they execute. One line of code. Works with OpenAI, Anthropic and any
+ * Node.js application.
+ *
+ * @example
+ * ```typescript
+ * import * as forma from "forma-sdk";
+ *
+ * // Zero-config (after `forma setup`):
+ * forma.init();
+ *
+ * // Or explicit:
+ * forma.init({ apiKey: "tl_live_...", preset: "india_fintech" });
+ *
+ * // Gate any action:
+ * await forma.gate("loan-agent", { prompt: userInput });
+ *
+ * // Wrap OpenAI — every call auto-gated:
+ * const openai = forma.wrapOpenAI(new OpenAI({ apiKey: "..." }));
+ *
+ * // Preview (dry-run, never throws):
+ * const r = forma.preview("Aadhaar 2341 1234 1236");
+ * // r.decision === "block"
+ *
+ * // Verify enforcement is live:
+ * const v = forma.verify();
+ * // v.verified === true, v.probes_passed === 4
+ * ```
+ *
+ * @module forma-sdk
+ */
+export { FormaClient, FormaGateBlock, FormaAPIError, } from "./client";
+export type { FormaConfig, GateOpts, GateResult, PreviewResult, VerifyResult, StatusResult, StepRecord, } from "./client";
+import { FormaClient, FormaConfig, GateOpts, GateResult, PreviewResult, VerifyResult, StatusResult } from "./client";
+/** Initialize FORMA — call once at the top of your app. */
+export declare function init(config?: FormaConfig): FormaClient;
+/** Returns the active client (throws if init() not called). */
+export declare function getClient(): FormaClient;
+/**
+ * Gate an action — checks locally (instant) then server.
+ * Throws FormaGateBlock if blocked (raiseOnBlock=true by default).
+ */
+export declare function gate(agentId: string, opts?: GateOpts): Promise<GateResult>;
+/**
+ * Dry-run gate check — never throws, never blocks, returns the decision.
+ * Use this to test FORMA without affecting your application flow.
+ */
+export declare function preview(prompt: string, actionType?: "llm_call" | "tool_call"): PreviewResult;
+/**
+ * Run adversarial probes against the local gate.
+ * Returns { verified: true } when all probes pass — Aadhaar/PAN block + clean allow.
+ */
+export declare function verify(): VerifyResult;
+/** Real-time enforcement status — active packs, pii_check, frameworks etc. */
+export declare function status(): StatusResult;
+/**
+ * Wrap an OpenAI client so every chat.completions.create() is auto-gated.
+ * @example
+ * const openai = forma.wrapOpenAI(new OpenAI({ apiKey: "sk-..." }), "loan-agent");
+ */
+export declare function wrapOpenAI<T extends {
+    chat: {
+        completions: {
+            create: (...args: unknown[]) => unknown;
+        };
+    };
+}>(client: T, agentId?: string): T;
+/**
+ * Wrap an Anthropic client so every messages.create() is auto-gated.
+ * @example
+ * const anthropic = forma.wrapAnthropic(new Anthropic({ apiKey: "sk-ant-..." }), "kyc-agent");
+ */
+export declare function wrapAnthropic<T extends {
+    messages: {
+        create: (...args: unknown[]) => unknown;
+    };
+}>(client: T, agentId?: string): T;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,OAAO,EACL,WAAW,EACX,cAAc,EACd,aAAa,GACd,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,WAAW,EACX,QAAQ,EACR,UAAU,EACV,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,UAAU,GACX,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAMrH,2DAA2D;AAC3D,wBAAgB,IAAI,CAAC,MAAM,GAAE,WAAgB,GAAG,WAAW,CAG1D;AAED,+DAA+D;AAC/D,wBAAgB,SAAS,IAAI,WAAW,CAMvC;AAED;;;GAGG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,GAAE,QAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CAEpF;AAED;;;GAGG;AACH,wBAAgB,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,GAAE,UAAU,GAAG,WAAwB,GAAG,aAAa,CAExG;AAED;;;GAGG;AACH,wBAAgB,MAAM,IAAI,YAAY,CAErC;AAED,8EAA8E;AAC9E,wBAAgB,MAAM,IAAI,YAAY,CAErC;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,CAAC,SAAS;IAAE,IAAI,EAAE;QAAE,WAAW,EAAE;YAAE,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAA;SAAE,CAAA;KAAE,CAAA;CAAE,EACzG,MAAM,EAAE,CAAC,EAAE,OAAO,SAAiB,GAClC,CAAC,CAEH;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,CAAC,SAAS;IAAE,QAAQ,EAAE;QAAE,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAA;KAAE,CAAA;CAAE,EAC/F,MAAM,EAAE,CAAC,EAAE,OAAO,SAAoB,GACrC,CAAC,CAEH"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,107 @@
+"use strict";
+/**
+ * FORMA SDK for Node.js — The AI Agent Firewall
+ *
+ * Blocks unauthorized actions, PII leaks, and risky decisions before
+ * they execute. One line of code. Works with OpenAI, Anthropic and any
+ * Node.js application.
+ *
+ * @example
+ * ```typescript
+ * import * as forma from "forma-sdk";
+ *
+ * // Zero-config (after `forma setup`):
+ * forma.init();
+ *
+ * // Or explicit:
+ * forma.init({ apiKey: "tl_live_...", preset: "india_fintech" });
+ *
+ * // Gate any action:
+ * await forma.gate("loan-agent", { prompt: userInput });
+ *
+ * // Wrap OpenAI — every call auto-gated:
+ * const openai = forma.wrapOpenAI(new OpenAI({ apiKey: "..." }));
+ *
+ * // Preview (dry-run, never throws):
+ * const r = forma.preview("Aadhaar 2341 1234 1236");
+ * // r.decision === "block"
+ *
+ * // Verify enforcement is live:
+ * const v = forma.verify();
+ * // v.verified === true, v.probes_passed === 4
+ * ```
+ *
+ * @module forma-sdk
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FormaAPIError = exports.FormaGateBlock = exports.FormaClient = void 0;
+exports.init = init;
+exports.getClient = getClient;
+exports.gate = gate;
+exports.preview = preview;
+exports.verify = verify;
+exports.status = status;
+exports.wrapOpenAI = wrapOpenAI;
+exports.wrapAnthropic = wrapAnthropic;
+var client_1 = require("./client");
+Object.defineProperty(exports, "FormaClient", { enumerable: true, get: function () { return client_1.FormaClient; } });
+Object.defineProperty(exports, "FormaGateBlock", { enumerable: true, get: function () { return client_1.FormaGateBlock; } });
+Object.defineProperty(exports, "FormaAPIError", { enumerable: true, get: function () { return client_1.FormaAPIError; } });
+const client_2 = require("./client");
+// ── Module-level client (tl.init() / tl.preview() style) ─────────────────────
+let _client = null;
+/** Initialize FORMA — call once at the top of your app. */
+function init(config = {}) {
+    _client = new client_2.FormaClient(config);
+    return _client;
+}
+/** Returns the active client (throws if init() not called). */
+function getClient() {
+    if (!_client) {
+        // Auto-init from env/config file with no enforce — still useful for API calls
+        _client = new client_2.FormaClient({});
+    }
+    return _client;
+}
+/**
+ * Gate an action — checks locally (instant) then server.
+ * Throws FormaGateBlock if blocked (raiseOnBlock=true by default).
+ */
+async function gate(agentId, opts = {}) {
+    return getClient().gate(agentId, opts);
+}
+/**
+ * Dry-run gate check — never throws, never blocks, returns the decision.
+ * Use this to test FORMA without affecting your application flow.
+ */
+function preview(prompt, actionType = "llm_call") {
+    return getClient().preview(prompt, actionType);
+}
+/**
+ * Run adversarial probes against the local gate.
+ * Returns { verified: true } when all probes pass — Aadhaar/PAN block + clean allow.
+ */
+function verify() {
+    return getClient().verify();
+}
+/** Real-time enforcement status — active packs, pii_check, frameworks etc. */
+function status() {
+    return getClient().status();
+}
+/**
+ * Wrap an OpenAI client so every chat.completions.create() is auto-gated.
+ * @example
+ * const openai = forma.wrapOpenAI(new OpenAI({ apiKey: "sk-..." }), "loan-agent");
+ */
+function wrapOpenAI(client, agentId = "openai-agent") {
+    return getClient().wrapOpenAI(client, agentId);
+}
+/**
+ * Wrap an Anthropic client so every messages.create() is auto-gated.
+ * @example
+ * const anthropic = forma.wrapAnthropic(new Anthropic({ apiKey: "sk-ant-..." }), "kyc-agent");
+ */
+function wrapAnthropic(client, agentId = "anthropic-agent") {
+    return getClient().wrapAnthropic(client, agentId);
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;;;AAyBH,oBAGC;AAGD,8BAMC;AAMD,oBAEC;AAMD,0BAEC;AAMD,wBAEC;AAGD,wBAEC;AAOD,gCAIC;AAOD,sCAIC;AAtFD,mCAIkB;AAHhB,qGAAA,WAAW,OAAA;AACX,wGAAA,cAAc,OAAA;AACd,uGAAA,aAAa,OAAA;AAaf,qCAAqH;AAErH,gFAAgF;AAEhF,IAAI,OAAO,GAAuB,IAAI,CAAC;AAEvC,2DAA2D;AAC3D,SAAgB,IAAI,CAAC,SAAsB,EAAE;IAC3C,OAAO,GAAG,IAAI,oBAAW,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,+DAA+D;AAC/D,SAAgB,SAAS;IACvB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,8EAA8E;QAC9E,OAAO,GAAG,IAAI,oBAAW,CAAC,EAAE,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,IAAI,CAAC,OAAe,EAAE,OAAiB,EAAE;IAC7D,OAAO,SAAS,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AACzC,CAAC;AAED;;;GAGG;AACH,SAAgB,OAAO,CAAC,MAAc,EAAE,aAAuC,UAAU;IACvF,OAAO,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;AACjD,CAAC;AAED;;;GAGG;AACH,SAAgB,MAAM;IACpB,OAAO,SAAS,EAAE,CAAC,MAAM,EAAE,CAAC;AAC9B,CAAC;AAED,8EAA8E;AAC9E,SAAgB,MAAM;IACpB,OAAO,SAAS,EAAE,CAAC,MAAM,EAAE,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,SAAgB,UAAU,CACxB,MAAS,EAAE,OAAO,GAAG,cAAc;IAEnC,OAAO,SAAS,EAAE,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;GAIG;AACH,SAAgB,aAAa,CAC3B,MAAS,EAAE,OAAO,GAAG,iBAAiB;IAEtC,OAAO,SAAS,EAAE,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,25 @@
+{
+  "name": "forma-sdk",
+  "version": "1.0.0",
+  "description": "FORMA — The AI Agent Firewall for Node.js. Blocks Aadhaar/PAN/PII leaks, jailbreaks, and unauthorized actions before they execute. DPDP & RBI enforcement built in.",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": ["ai", "agents", "governance", "compliance", "observability", "eu-ai-act", "dpdp", "llm"],
+  "author": "FORMA <sdk@formaai.in>",
+  "license": "MIT",
+  "homepage": "https://formaai.in",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/forma-ai/forma-sdk-node"
+  },
+  "files": ["dist", "src"],
+  "engines": { "node": ">=16" },
+  "devDependencies": {
+    "typescript": "^5.0.0",
+    "@types/node": "^20.0.0"
+  }
+}