monora-ai 1.0.1 → 1.3.0

package/README.md

@@ -52,12 +52,25 @@ This generates a `monora.yml` you can load with `loadConfig({ configPath: './mon
 
 ### Reports & Security Review
 
+The runtime automatically generates compliance reports at trace completion (default: `./monora_reports/<trace_id>/compliance.json`) and emits a `trust_summary` event. Configure behavior with the `reporting` section in `monora.yml`.
+
 ```bash
 npx monora-ai report --input events.jsonl --output report.json
 npx monora-ai report --input events.jsonl --output report.md --format markdown
 
 npx monora-ai security-review --input events.jsonl --output security.json
 npx monora-ai security-review --input events.jsonl --output security.json --sign gpg --gpg-key "you@example.com"
+
+npx monora-ai trust-package --input events.jsonl --trace-id trc_123 --output trust.json --config monora.yml
+```
+
+```typescript
+import { exportTrustPackage } from 'monora-ai';
+
+const trustPackage = exportTrustPackage('trc_123', {
+  inputPath: 'events.jsonl',
+  configPath: 'monora.yml',
+});
 ```
 
 ### Data Handling + Alerts

package/dist/ai_act_report.d.ts

@@ -0,0 +1,66 @@
+/**
+ * EU AI Act transparency report generation.
+ *
+ * This module provides tools for generating transparency reports compliant with
+ * the EU AI Act (Regulation 2024/1689), specifically addressing requirements from
+ * Articles 13, 52, and Annex IV.
+ */
+import { MonoraConfig } from './config';
+export interface RiskCategorySummary {
+    minimal: number;
+    limited: number;
+    high: number;
+    unacceptable: number;
+}
+export interface ModelUsageSummary {
+    model: string;
+    provider: string;
+    riskCategory: string;
+    callCount: number;
+    firstUsed?: string;
+    lastUsed?: string;
+    capabilities: string[];
+}
+export interface AIActTransparencyReport {
+    reportVersion: string;
+    generatedAt: string;
+    organizationName?: string;
+    contactEmail?: string;
+    reportingPeriodStart?: string;
+    reportingPeriodEnd?: string;
+    totalAiInteractions: number;
+    uniqueModelsUsed: number;
+    uniqueTraces: number;
+    riskCategorySummary: RiskCategorySummary;
+    highRiskModels: string[];
+    unacceptableRiskModels: string[];
+    modelsUsed: ModelUsageSummary[];
+    policyViolationsCount: number;
+    policyViolationsByModel: Record<string, number>;
+    dataClassificationsUsed: Record<string, number>;
+}
+/**
+ * Build AI Act transparency report from event log.
+ *
+ * @param events - Array of Monora event objects.
+ * @param config - Optional Monora configuration containing ai_act and registry settings.
+ * @returns AIActTransparencyReport with populated fields.
+ *
+ * @example
+ * ```typescript
+ * const events = loadJsonl("events.jsonl");
+ * const config = loadConfig({ configPath: "monora.yml" });
+ * const report = buildAIActReport(events, config);
+ * writeAIActReport(report, "transparency_report.json");
+ * ```
+ */
+export declare function buildAIActReport(events: Array<Record<string, any>>, config?: MonoraConfig): AIActTransparencyReport;
+/**
+ * Write AI Act report to file.
+ *
+ * @param report - The transparency report to write.
+ * @param filePath - Output file path.
+ * @param format - Output format - 'json' or 'markdown'.
+ */
+export declare function writeAIActReport(report: AIActTransparencyReport, filePath: string, format?: 'json' | 'markdown'): void;
+//# sourceMappingURL=ai_act_report.d.ts.map

package/dist/ai_act_report.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai_act_report.d.ts","sourceRoot":"","sources":["../src/ai_act_report.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,uBAAuB;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChD,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjD;AASD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAClC,MAAM,CAAC,EAAE,YAAY,GACpB,uBAAuB,CA0JzB;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,uBAAuB,EAC/B,QAAQ,EAAE,MAAM,EAChB,MAAM,GAAE,MAAM,GAAG,UAAmB,GACnC,IAAI,CAcN"}

package/dist/ai_act_report.js

@@ -0,0 +1,294 @@
+"use strict";
+/**
+ * EU AI Act transparency report generation.
+ *
+ * This module provides tools for generating transparency reports compliant with
+ * the EU AI Act (Regulation 2024/1689), specifically addressing requirements from
+ * Articles 13, 52, and Annex IV.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildAIActReport = buildAIActReport;
+exports.writeAIActReport = writeAIActReport;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+/**
+ * Build AI Act transparency report from event log.
+ *
+ * @param events - Array of Monora event objects.
+ * @param config - Optional Monora configuration containing ai_act and registry settings.
+ * @returns AIActTransparencyReport with populated fields.
+ *
+ * @example
+ * ```typescript
+ * const events = loadJsonl("events.jsonl");
+ * const config = loadConfig({ configPath: "monora.yml" });
+ * const report = buildAIActReport(events, config);
+ * writeAIActReport(report, "transparency_report.json");
+ * ```
+ */
+function buildAIActReport(events, config) {
+    const aiActConfig = config?.ai_act || {};
+    const registryConfig = config?.registry || {};
+    const report = {
+        reportVersion: '1.0',
+        generatedAt: new Date().toISOString(),
+        organizationName: aiActConfig.organization_name || undefined,
+        contactEmail: aiActConfig.contact_email || undefined,
+        reportingPeriodStart: undefined,
+        reportingPeriodEnd: undefined,
+        totalAiInteractions: 0,
+        uniqueModelsUsed: 0,
+        uniqueTraces: 0,
+        riskCategorySummary: { minimal: 0, limited: 0, high: 0, unacceptable: 0 },
+        highRiskModels: [],
+        unacceptableRiskModels: [],
+        modelsUsed: [],
+        policyViolationsCount: 0,
+        policyViolationsByModel: {},
+        dataClassificationsUsed: {},
+    };
+    // Build provider risk category and capabilities maps
+    const providerRisk = {};
+    const providerCapabilities = {};
+    const defaultRisk = aiActConfig.default_risk_category || 'limited';
+    for (const provider of registryConfig.providers || []) {
+        const name = provider.name || '';
+        providerRisk[name] = provider.risk_category || defaultRisk;
+        providerCapabilities[name] = provider.capabilities || [];
+    }
+    // Process events
+    const traceIds = new Set();
+    const modelStats = {};
+    const timestamps = [];
+    for (const event of events) {
+        // Skip trust summary events
+        if (event.event_type === 'trust_summary') {
+            continue;
+        }
+        // Track trace IDs
+        if (event.trace_id) {
+            traceIds.add(event.trace_id);
+        }
+        // Track timestamps
+        if (event.timestamp) {
+            timestamps.push(event.timestamp);
+        }
+        const body = event.body || {};
+        // Track LLM calls
+        if (event.event_type === 'llm_call') {
+            const model = body.model || 'unknown';
+            const provider = body.provider || 'unknown';
+            const ts = event.timestamp;
+            if (!modelStats[model]) {
+                modelStats[model] = {
+                    provider,
+                    count: 0,
+                    firstUsed: ts,
+                    lastUsed: ts,
+                };
+            }
+            // increment count always
+            modelStats[model].count++;
+            // update firstUsed/lastUsed defensively using min/max comparison
+            if (ts) {
+                if (!modelStats[model].firstUsed || ts < modelStats[model].firstUsed) {
+                    modelStats[model].firstUsed = ts;
+                }
+                if (!modelStats[model].lastUsed || ts > modelStats[model].lastUsed) {
+                    modelStats[model].lastUsed = ts;
+                }
+            }
+        }
+        // Track policy violations
+        if (body.status === 'policy_violation') {
+            report.policyViolationsCount++;
+            const model = body.model || 'unknown';
+            report.policyViolationsByModel[model] =
+                (report.policyViolationsByModel[model] || 0) + 1;
+        }
+        // Track data classifications
+        const dataClass = event.data_classification;
+        if (dataClass) {
+            report.dataClassificationsUsed[dataClass] =
+                (report.dataClassificationsUsed[dataClass] || 0) + 1;
+        }
+    }
+    // Set reporting period
+    if (timestamps.length > 0) {
+        timestamps.sort();
+        report.reportingPeriodStart = timestamps[0];
+        report.reportingPeriodEnd = timestamps[timestamps.length - 1];
+    }
+    // Build model summaries with risk categorization
+    for (const [model, stats] of Object.entries(modelStats)) {
+        const provider = stats.provider;
+        const risk = providerRisk[provider] || defaultRisk;
+        const caps = providerCapabilities[provider] || [];
+        const summary = {
+            model,
+            provider,
+            riskCategory: risk,
+            callCount: stats.count,
+            firstUsed: stats.firstUsed,
+            lastUsed: stats.lastUsed,
+            capabilities: [...caps],
+        };
+        report.modelsUsed.push(summary);
+        // Update risk category counts
+        if (risk === 'minimal') {
+            report.riskCategorySummary.minimal += stats.count;
+        }
+        else if (risk === 'limited') {
+            report.riskCategorySummary.limited += stats.count;
+        }
+        else if (risk === 'high') {
+            report.riskCategorySummary.high += stats.count;
+            if (!report.highRiskModels.includes(model)) {
+                report.highRiskModels.push(model);
+            }
+        }
+        else if (risk === 'unacceptable') {
+            report.riskCategorySummary.unacceptable += stats.count;
+            if (!report.unacceptableRiskModels.includes(model)) {
+                report.unacceptableRiskModels.push(model);
+            }
+        }
+    }
+    // Set summary counts
+    report.totalAiInteractions = Object.values(modelStats).reduce((sum, s) => sum + s.count, 0);
+    report.uniqueModelsUsed = Object.keys(modelStats).length;
+    report.uniqueTraces = traceIds.size;
+    return report;
+}
+/**
+ * Write AI Act report to file.
+ *
+ * @param report - The transparency report to write.
+ * @param filePath - Output file path.
+ * @param format - Output format - 'json' or 'markdown'.
+ */
+function writeAIActReport(report, filePath, format = 'json') {
+    // Ensure output directory exists
+    const outputDir = path.dirname(filePath);
+    if (outputDir) {
+        fs.mkdirSync(outputDir, { recursive: true });
+    }
+    if (format === 'json') {
+        writeJson(report, filePath);
+    }
+    else if (format === 'markdown') {
+        writeMarkdown(report, filePath);
+    }
+    else {
+        throw new Error(`Unsupported format: ${format}`);
+    }
+}
+function writeJson(report, filePath) {
+    fs.writeFileSync(filePath, JSON.stringify(report, null, 2));
+}
+function writeMarkdown(report, filePath) {
+    const lines = [
+        '# EU AI Act Transparency Report',
+        '',
+        `**Generated:** ${report.generatedAt}`,
+        `**Organization:** ${report.organizationName || 'N/A'}`,
+        `**Contact:** ${report.contactEmail || 'N/A'}`,
+        '',
+        `**Reporting Period:** ${report.reportingPeriodStart || 'N/A'} to ${report.reportingPeriodEnd || 'N/A'}`,
+        '',
+        '---',
+        '',
+        '## Summary',
+        '',
+        `- **Total AI Interactions:** ${report.totalAiInteractions}`,
+        `- **Unique Models Used:** ${report.uniqueModelsUsed}`,
+        `- **Unique Traces:** ${report.uniqueTraces}`,
+        `- **Policy Violations:** ${report.policyViolationsCount}`,
+        '',
+        '---',
+        '',
+        '## Risk Category Breakdown',
+        '',
+        '| Category | Interactions |',
+        '|----------|--------------|',
+        `| Minimal Risk | ${report.riskCategorySummary.minimal} |`,
+        `| Limited Risk | ${report.riskCategorySummary.limited} |`,
+        `| High Risk | ${report.riskCategorySummary.high} |`,
+        `| Unacceptable Risk | ${report.riskCategorySummary.unacceptable} |`,
+        '',
+    ];
+    // High risk models warning
+    if (report.highRiskModels.length > 0) {
+        lines.push('### High Risk Models Used', '');
+        for (const model of report.highRiskModels) {
+            lines.push(`- ${model}`);
+        }
+        lines.push('');
+    }
+    // Unacceptable risk models warning
+    if (report.unacceptableRiskModels.length > 0) {
+        lines.push('### Unacceptable Risk Models Used', '');
+        for (const model of report.unacceptableRiskModels) {
+            lines.push(`- ${model}`);
+        }
+        lines.push('');
+    }
+    // Model inventory
+    lines.push('---', '', '## Model Inventory', '', '| Model | Provider | Risk Category | Calls | Capabilities |', '|-------|----------|---------------|-------|--------------|');
+    for (const m of report.modelsUsed) {
+        const esc = (v) => (v ? String(v).replace(/\|/g, '\\|') : 'N/A');
+        const caps = m.capabilities.length > 0 ? m.capabilities.map(c => String(c).replace(/\|/g, '\\|')).join(', ') : 'N/A';
+        lines.push(`| ${esc(m.model)} | ${esc(m.provider)} | ${esc(m.riskCategory)} | ${m.callCount} | ${caps} |`);
+    }
+    // Data classifications
+    if (Object.keys(report.dataClassificationsUsed).length > 0) {
+        lines.push('', '---', '', '## Data Classifications', '', '| Classification | Events |', '|----------------|--------|');
+        for (const [classification, count] of Object.entries(report.dataClassificationsUsed).sort((a, b) => String(a[0]).localeCompare(String(b[0])))) {
+            const escClass = String(classification || 'N/A').replace(/\|/g, '\\|');
+            lines.push(`| ${escClass} | ${count} |`);
+        }
+    }
+    // Policy violations by model
+    if (Object.keys(report.policyViolationsByModel).length > 0) {
+        lines.push('', '---', '', '## Policy Violations by Model', '', '| Model | Violations |', '|-------|------------|');
+        for (const [model, count] of Object.entries(report.policyViolationsByModel).sort((a, b) => String(a[0]).localeCompare(String(b[0])))) {
+            const escModel = String(model || 'N/A').replace(/\|/g, '\\|');
+            lines.push(`| ${escModel} | ${count} |`);
+        }
+    }
+    lines.push('', '---', '', '*Report generated by Monora SDK*');
+    fs.writeFileSync(filePath, lines.join('\n'));
+}

package/dist/api.d.ts

@@ -0,0 +1,102 @@
+/**
+ * Direct callable API for Node.js SDK
+ * Provides non-decorator functions for immediate execution with Monora governance
+ */
+/**
+ * Execute an LLM API call with Monora governance (direct callable).
+ *
+ * This function provides a direct, non-decorator way to instrument LLM calls.
+ * It wraps the execution with policy enforcement, data handling, and event logging.
+ *
+ * @param callFn - The function to execute (e.g., client.chat.completions.create)
+ * @param callArgs - Arguments to pass to callFn
+ * @param options - Monora governance options
+ * @returns The result from callFn (preserves sync/async nature)
+ *
+ * @example
+ * ```typescript
+ * import * as monora from 'monora-ai';
+ * import OpenAI from 'openai';
+ *
+ * const client = new OpenAI();
+ *
+ * const response = await monora.callLlm(
+ *   client.chat.completions.create.bind(client.chat.completions),
+ *   {
+ *     model: "gpt-4o-mini",
+ *     messages: [{ role: "user", content: "Hello" }]
+ *   },
+ *   {
+ *     purpose: "CUSTOMER_SUPPORT",
+ *     dataClassification: "PUBLIC"
+ *   }
+ * );
+ * ```
+ */
+export declare function callLlm<T>(callFn: (...args: any[]) => T | Promise<T>, callArgs: Record<string, any> | any[] | undefined, options: {
+    model?: string;
+    dataClassification?: string;
+    purpose: string;
+    reason?: string;
+    explainFn?: (response: Record<string, any>) => string;
+}): T | Promise<T>;
+/**
+ * Execute a tool call with Monora governance (direct callable).
+ *
+ * This function provides a direct, non-decorator way to instrument tool calls.
+ * It wraps the execution with data handling and event logging.
+ *
+ * @param callFn - The function to execute
+ * @param callArgs - Arguments to pass to callFn
+ * @param options - Monora governance options
+ * @returns The result from callFn (preserves sync/async nature)
+ *
+ * @example
+ * ```typescript
+ * const result = await monora.callTool(
+ *   fetchFromDatabase,
+ *   { customerId: "123" },
+ *   {
+ *     toolName: "customer_lookup",
+ *     purpose: "CUSTOMER_SUPPORT"
+ *   }
+ * );
+ * ```
+ */
+export declare function callTool<T>(callFn: (...args: any[]) => T | Promise<T>, callArgs: Record<string, any> | any[] | undefined, options: {
+    toolName: string;
+    dataClassification?: string;
+    purpose: string;
+    reason?: string;
+}): T | Promise<T>;
+/**
+ * Execute an agent step with Monora governance (direct callable).
+ *
+ * This function provides a direct, non-decorator way to instrument agent steps.
+ * It wraps the execution with data handling, step counting, and event logging.
+ *
+ * @param callFn - The function to execute
+ * @param callArgs - Arguments to pass to callFn
+ * @param options - Monora governance options
+ * @returns The result from callFn (preserves sync/async nature)
+ *
+ * @example
+ * ```typescript
+ * const thought = await monora.callAgent(
+ *   reasoningFunction,
+ *   { context: { customer: "Acme Corp" } },
+ *   {
+ *     agentName: "sales_agent",
+ *     stepType: "planning",
+ *     purpose: "SALES_AUTOMATION"
+ *   }
+ * );
+ * ```
+ */
+export declare function callAgent<T>(callFn: (...args: any[]) => T | Promise<T>, callArgs: Record<string, any> | any[] | undefined, options: {
+    agentName: string;
+    stepType: string;
+    dataClassification?: string;
+    purpose: string;
+}): T | Promise<T>;
+//# sourceMappingURL=api.d.ts.map

package/dist/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,OAAO,CAAC,CAAC,EACvB,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,EAC1C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,GAAG,SAAS,EACjD,OAAO,EAAE;IACP,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,MAAM,CAAC;CACvD,GACA,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAUhB;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,QAAQ,CAAC,CAAC,EACxB,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,EAC1C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,GAAG,SAAS,EACjD,OAAO,EAAE;IACP,QAAQ,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GACA,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAShB;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,SAAS,CAAC,CAAC,EACzB,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,EAC1C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,GAAG,SAAS,EACjD,OAAO,EAAE;IACP,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;CACjB,GACA,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAShB"}

package/dist/api.js

@@ -0,0 +1,125 @@
+"use strict";
+/**
+ * Direct callable API for Node.js SDK
+ * Provides non-decorator functions for immediate execution with Monora governance
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.callLlm = callLlm;
+exports.callTool = callTool;
+exports.callAgent = callAgent;
+const runtime_1 = require("./runtime");
+/**
+ * Execute an LLM API call with Monora governance (direct callable).
+ *
+ * This function provides a direct, non-decorator way to instrument LLM calls.
+ * It wraps the execution with policy enforcement, data handling, and event logging.
+ *
+ * @param callFn - The function to execute (e.g., client.chat.completions.create)
+ * @param callArgs - Arguments to pass to callFn
+ * @param options - Monora governance options
+ * @returns The result from callFn (preserves sync/async nature)
+ *
+ * @example
+ * ```typescript
+ * import * as monora from 'monora-ai';
+ * import OpenAI from 'openai';
+ *
+ * const client = new OpenAI();
+ *
+ * const response = await monora.callLlm(
+ *   client.chat.completions.create.bind(client.chat.completions),
+ *   {
+ *     model: "gpt-4o-mini",
+ *     messages: [{ role: "user", content: "Hello" }]
+ *   },
+ *   {
+ *     purpose: "CUSTOMER_SUPPORT",
+ *     dataClassification: "PUBLIC"
+ *   }
+ * );
+ * ```
+ */
+function callLlm(callFn, callArgs, options) {
+    const args = normalizeArgs(callArgs);
+    const wrapped = (0, runtime_1.llmCall)({
+        model: options.model,
+        dataClassification: options.dataClassification,
+        purpose: options.purpose,
+        reason: options.reason,
+        explainFn: options.explainFn,
+    })((...fnArgs) => callFn(...fnArgs));
+    return wrapped(...args);
+}
+/**
+ * Execute a tool call with Monora governance (direct callable).
+ *
+ * This function provides a direct, non-decorator way to instrument tool calls.
+ * It wraps the execution with data handling and event logging.
+ *
+ * @param callFn - The function to execute
+ * @param callArgs - Arguments to pass to callFn
+ * @param options - Monora governance options
+ * @returns The result from callFn (preserves sync/async nature)
+ *
+ * @example
+ * ```typescript
+ * const result = await monora.callTool(
+ *   fetchFromDatabase,
+ *   { customerId: "123" },
+ *   {
+ *     toolName: "customer_lookup",
+ *     purpose: "CUSTOMER_SUPPORT"
+ *   }
+ * );
+ * ```
+ */
+function callTool(callFn, callArgs, options) {
+    const args = normalizeArgs(callArgs);
+    const wrapped = (0, runtime_1.toolCall)({
+        toolName: options.toolName,
+        dataClassification: options.dataClassification,
+        purpose: options.purpose,
+        reason: options.reason,
+    })((...fnArgs) => callFn(...fnArgs));
+    return wrapped(...args);
+}
+/**
+ * Execute an agent step with Monora governance (direct callable).
+ *
+ * This function provides a direct, non-decorator way to instrument agent steps.
+ * It wraps the execution with data handling, step counting, and event logging.
+ *
+ * @param callFn - The function to execute
+ * @param callArgs - Arguments to pass to callFn
+ * @param options - Monora governance options
+ * @returns The result from callFn (preserves sync/async nature)
+ *
+ * @example
+ * ```typescript
+ * const thought = await monora.callAgent(
+ *   reasoningFunction,
+ *   { context: { customer: "Acme Corp" } },
+ *   {
+ *     agentName: "sales_agent",
+ *     stepType: "planning",
+ *     purpose: "SALES_AUTOMATION"
+ *   }
+ * );
+ * ```
+ */
+function callAgent(callFn, callArgs, options) {
+    const args = normalizeArgs(callArgs);
+    const wrapped = (0, runtime_1.agentStep)({
+        agentName: options.agentName,
+        stepType: options.stepType,
+        dataClassification: options.dataClassification,
+        purpose: options.purpose,
+    })((...fnArgs) => callFn(...fnArgs));
+    return wrapped(...args);
+}
+function normalizeArgs(value) {
+    if (value === undefined) {
+        return [];
+    }
+    return Array.isArray(value) ? value : [value];
+}

package/dist/attestation.d.ts

@@ -16,5 +16,30 @@ export declare function signReportGpg(reportBytes: Buffer, options?: {
     keyId?: string;
     gpgHome?: string;
 }): SignatureResult;
-export declare function buildAttestationBundle(report: Record<string, any>, reportBytes: Buffer, signature: SignatureResult): Record<string, any>;
+/**
+ * Options for building attestation bundles.
+ */
+export interface AttestationBundleOptions {
+    chainProof?: Record<string, any>;
+    eventsDigest?: Record<string, any>;
+    traceInfo?: Record<string, any>;
+    events?: Array<Record<string, any>>;
+}
+/**
+ * Build attestation bundle with optional chain proof (v2.0.0 format).
+ *
+ * @param report - Compliance report
+ * @param reportBytes - Serialized report
+ * @param signature - Optional GPG signature
+ * @param options - Optional v2.0.0 fields (chainProof, eventsDigest, traceInfo, events)
+ * @returns Trust proof bundle (v2.0.0 format if chainProof provided, v1.0.0 otherwise)
+ */
+export declare function buildAttestationBundle(report: Record<string, any>, reportBytes: Buffer, signature?: SignatureResult, options?: AttestationBundleOptions): Record<string, any>;
+/**
+ * Extract key compliance metrics for bundle.
+ *
+ * @param report - Full compliance report
+ * @returns Compact compliance summary
+ */
+export declare function extractComplianceSummary(report: Record<string, any>): Record<string, any>;
 //# sourceMappingURL=attestation.d.ts.map

package/dist/attestation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attestation.d.ts","sourceRoot":"","sources":["../src/attestation.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAEnE;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAGrD;AAED,wBAAgB,aAAa,CAC3B,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7C,eAAe,CAsDjB;AAED,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,eAAe,GACzB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAcrB"}
+{"version":3,"file":"attestation.d.ts","sourceRoot":"","sources":["../src/attestation.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAEnE;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAGrD;AAED,wBAAgB,aAAa,CAC3B,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7C,eAAe,CAsDjB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAChC,MAAM,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;CACrC;AAED;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,WAAW,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,eAAe,EAC3B,OAAO,CAAC,EAAE,wBAAwB,GACjC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAiFrB;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAYzF"}