qati-sdk 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -634,7 +634,7 @@ var TrustStateResource = class {
634
634
  /**
635
635
  * Fetches the latest trust state for one entity.
636
636
  *
637
- * @param entityType - Lowercase entity class: `user`, `device`, `account`, `model`, `session`, or `service` (see {@link EntityTypeLowerCase}).
637
+ * @param entityType - Lowercase entity class (see {@link EntityTypeLowerCase}).
638
638
  * @param entityId - Id for the entity(Required)
639
639
  * @param options - Optional contributor limits/window.
640
640
  * @returns {@link TrustState} including `current_closure_score`, `risk_tier`, and `top_contributors`.
@@ -655,7 +655,7 @@ var TrustStateResource = class {
655
655
  /**
656
656
  * Fetches trust states for many entities in one request.
657
657
  *
658
- * @param entityType - Lowercase entity class: `user`, `device`, `account`, `model`, `session`, or `service` (see {@link EntityTypeLowerCase}).
658
+ * @param entityType - Lowercase entity class (see {@link EntityTypeLowerCase}).
659
659
  * @param entityIds - Distinct ids to query. Prefer length ≤ 100 or the server may reject the request.
660
660
  * @param options - Optional contributor limits/window.
661
661
  * @returns Array of {@link TrustState} in server-defined order; empty array when `entityIds` is empty.
@@ -774,6 +774,9 @@ var Session = class {
774
774
  return new Client(this._config, httpClients ?? {});
775
775
  }
776
776
  };
777
+ var fraction01 = () => z.number().min(0).max(1);
778
+ var fraction01Nullable = () => fraction01().nullable().optional();
779
+ var nonEmptyString = () => z.string().min(1);
777
780
 
778
781
  // src/shared/types/signal-type.ts
779
782
  var SIGNAL_TYPES = [
@@ -783,7 +786,16 @@ var SIGNAL_TYPES = [
783
786
  "SYSTEM_TELEMETRY",
784
787
  "MODEL_OUTPUT",
785
788
  "ANOMALY_FLAG",
786
- "NETWORK_EVENT"
789
+ "NETWORK_EVENT",
790
+ "SESSION",
791
+ "PROMPT_INPUT",
792
+ "CONTEXT_INTEGRITY",
793
+ "TOOL_CALL",
794
+ "RAG_RETRIEVAL",
795
+ "POLICY_EVENT",
796
+ "USER_FEEDBACK",
797
+ "WORKFLOW_ACTION",
798
+ "API_CALL"
787
799
  ];
788
800
 
789
801
  // src/shared/types/provenance-mode.ts
@@ -810,8 +822,13 @@ var EventPrincipalSchema = z.object({
810
822
  device_id: z.string().min(1).optional(),
811
823
  session_id: z.string().min(1).optional(),
812
824
  model_id: z.string().min(1).optional(),
813
- service_id: z.string().min(1).optional()
814
- });
825
+ service_id: z.string().min(1).optional(),
826
+ conversation_id: z.string().min(1).optional(),
827
+ document_id: z.string().min(1).optional(),
828
+ tool_id: z.string().min(1).optional(),
829
+ workflow_id: z.string().min(1).optional(),
830
+ api_key_id: z.string().min(1).optional()
831
+ }).strict();
815
832
 
816
833
  // src/v1/schemas/raw-event.ts
817
834
  var BaseEventSchema = z.object({
@@ -832,103 +849,15 @@ var RawEventRequestSchema = z.object({
832
849
  payload: z.record(z.any()).describe("JSON payload (stored as JSONB in DB).")
833
850
  });
834
851
 
835
- // src/v1/schemas/signal-payload.ts
836
- var TransactionSignalPayloadSchema = z.object({
837
- amount: z.number().nonnegative().default(0),
838
- amount_minor: z.number().int().nonnegative().nullable().optional(),
839
- amount_usd: z.number().nonnegative().nullable().optional(),
840
- currency: z.string().nullable().optional(),
841
- merchant_category: z.string().nullable().optional(),
842
- merchant_id: z.string().nullable().optional(),
843
- channel: z.string().nullable().optional(),
844
- country: z.string().nullable().optional(),
845
- velocity: z.number().nonnegative().nullable().optional(),
846
- external_anomaly_score: z.number().nullable().optional(),
847
- geo_distance: z.number().nonnegative().nullable().optional(),
848
- geo_distance_km: z.number().nonnegative().nullable().optional(),
849
- records_accessed: z.number().int().nonnegative().nullable().optional(),
850
- baseline_records_accessed: z.number().int().nonnegative().nullable().optional(),
851
- sensitivity_level: z.string().nullable().optional(),
852
- export_count: z.number().int().nonnegative().nullable().optional(),
853
- bulk_export: z.boolean().optional().default(false),
854
- contains_phi: z.boolean().optional().default(false),
855
- control_command: z.string().nullable().optional(),
856
- authorized: z.boolean().nullable().optional(),
857
- safety_critical: z.boolean().optional().default(false)
858
- });
859
- var AuthSignalPayloadSchema = z.object({
860
- result: z.string().nullable().optional(),
861
- auth_method: z.string().nullable().optional(),
862
- mfa_used: z.boolean().nullable().optional(),
863
- mfa_bypassed: z.boolean().optional().default(false),
864
- failed_attempts: z.number().int().nonnegative().optional().default(0),
865
- ip: z.string().nullable().optional(),
866
- country: z.string().nullable().optional(),
867
- user_agent: z.string().nullable().optional(),
868
- unusual_location: z.boolean().optional().default(false),
869
- after_hours_login: z.boolean().optional().default(false)
870
- });
871
- var ModelOutputSignalPayloadSchema = z.object({
872
- missing_citations_rate: z.number().min(0).max(1).nullable().optional(),
873
- citation_rate: z.number().min(0).max(1).nullable().optional(),
874
- expected_citation_rate: z.number().min(0).max(1).nullable().optional(),
875
- policy_violations: z.number().int().nonnegative().optional().default(0),
876
- policy_violation_rate: z.number().min(0).max(1).nullable().optional(),
877
- tool_call_inconsistency: z.number().min(0).max(1).optional().default(0),
878
- tool_inconsistency_rate: z.number().min(0).max(1).nullable().optional(),
879
- tool_miss_rate: z.number().min(0).max(1).nullable().optional(),
880
- eval_window_n: z.number().int().min(1).nullable().optional()
881
- });
882
- var SystemTelemetrySignalPayloadSchema = z.object({
883
- metric_name: z.string().nullable().optional(),
884
- value: z.number().nullable().optional(),
885
- baseline: z.number().nullable().optional(),
886
- window_seconds: z.number().int().min(1).nullable().optional(),
887
- error_rate: z.number().min(0).max(1).optional().default(0),
888
- baseline_error_rate: z.number().min(0).max(1).nullable().optional(),
889
- unusual_auth_rate: z.number().min(0).max(1).optional().default(0),
890
- firmware_hash_changed: z.boolean().optional().default(false),
891
- expected_hash_match: z.boolean().nullable().optional(),
892
- sensor_deviation_score: z.number().min(0).max(1).nullable().optional()
893
- });
852
+ // src/v1/schemas/anomaly-flag.ts
894
853
  var AnomalyFlagSignalPayloadSchema = z.object({
895
- severity: z.number().min(0).max(1)
896
- });
897
- var BehaviorSignalPayloadSchema = z.object({
898
- deviation_score: z.number().min(0).max(1)
899
- });
900
- var NetworkSignalPayloadSchema = z.object({
901
- ip: z.string().nullable().optional(),
902
- asn: z.string().nullable().optional(),
903
- reputation_score: z.number().min(0).max(1).nullable().optional(),
904
- threat_score: z.number().min(0).max(1).nullable().optional(),
905
- is_datacenter: z.boolean().nullable().optional(),
906
- is_untrusted_segment: z.boolean().optional().default(false),
907
- asn_reputation: z.number().min(0).max(1).nullable().optional()
908
- });
909
- BaseEventSchema.extend({
910
- signal_payload: TransactionSignalPayloadSchema
854
+ severity: fraction01()
911
855
  });
912
856
  BaseEventSchema.extend({
913
857
  signal_payload: AnomalyFlagSignalPayloadSchema
914
858
  });
915
- BaseEventSchema.extend({
916
- signal_payload: AuthSignalPayloadSchema
917
- });
918
- BaseEventSchema.extend({
919
- signal_payload: BehaviorSignalPayloadSchema
920
- });
921
- BaseEventSchema.extend({
922
- signal_payload: NetworkSignalPayloadSchema
923
- });
924
- BaseEventSchema.extend({
925
- signal_payload: ModelOutputSignalPayloadSchema
926
- });
927
- BaseEventSchema.extend({
928
- signal_payload: SystemTelemetrySignalPayloadSchema
929
- });
930
859
 
931
- // src/v1/builders/event-builder.ts
860
+ // src/v1/builders/_common.ts
932
861
  var buildRawEventPayload = (event, signalPayload, signalType) => {
933
862
  const rawEventPayload = {
934
863
  timestamp: event.timestamp,
@@ -954,36 +883,296 @@ var buildRawEventRequest = (event, signalPayload, signalType) => {
954
883
  payload: rawEventPayload
955
884
  };
956
885
  };
957
- var createAuthEvent = (event) => {
958
- const signalPayload = AuthSignalPayloadSchema.parse(event.signal_payload);
959
- return buildRawEventRequest(event, signalPayload, "AUTH");
960
- };
961
- function createTransactionEvent(event) {
962
- const signalPayload = TransactionSignalPayloadSchema.parse(
963
- event.signal_payload
964
- );
965
- return buildRawEventRequest(event, signalPayload, "TRANSACTION");
966
- }
886
+
887
+ // src/v1/builders/anomaly-flag-builder.ts
967
888
  var createAnomalyFlagEvent = (event) => {
968
889
  const signalPayload = AnomalyFlagSignalPayloadSchema.parse(
969
890
  event.signal_payload
970
891
  );
971
892
  return buildRawEventRequest(event, signalPayload, "ANOMALY_FLAG");
972
893
  };
894
+
895
+ // src/shared/types/http-method.ts
896
+ var HTTP_METHODS = ["GET", "POST", "PUT", "PATCH", "DELETE"];
897
+
898
+ // src/v1/schemas/api-call.ts
899
+ var ApiCallSignalPayloadSchema = z.object({
900
+ service_id: nonEmptyString(),
901
+ endpoint: nonEmptyString(),
902
+ method: z.enum(HTTP_METHODS),
903
+ status_code: z.number().int().min(100).max(599),
904
+ authorized: z.boolean().nullable(),
905
+ authentication_present: z.boolean().nullable().optional(),
906
+ rate_limited: z.boolean().nullable().optional(),
907
+ external_side_effect: z.boolean().nullable().optional(),
908
+ records_returned: z.number().int().nonnegative().nullable().optional(),
909
+ records_modified: z.number().int().nonnegative().nullable().optional(),
910
+ contains_sensitive_data: z.boolean().nullable().optional(),
911
+ latency_ms: z.number().nonnegative().nullable().optional(),
912
+ retry_count: z.number().int().nonnegative().nullable().optional(),
913
+ api_key_id: z.string().nullable().optional()
914
+ });
915
+ BaseEventSchema.extend({
916
+ signal_payload: ApiCallSignalPayloadSchema
917
+ });
918
+
919
+ // src/v1/builders/api-call-builder.ts
920
+ var createApiCallEvent = (event) => {
921
+ const signalPayload = ApiCallSignalPayloadSchema.parse(event.signal_payload);
922
+ return buildRawEventRequest(event, signalPayload, "API_CALL");
923
+ };
924
+ var AuthSignalPayloadSchema = z.object({
925
+ result: z.string().nullable().optional(),
926
+ auth_method: z.string().nullable().optional(),
927
+ mfa_used: z.boolean().nullable().optional(),
928
+ mfa_bypassed: z.boolean().optional().default(false),
929
+ failed_attempts: z.number().int().nonnegative().optional().default(0),
930
+ ip: z.string().nullable().optional(),
931
+ country: z.string().nullable().optional(),
932
+ user_agent: z.string().nullable().optional(),
933
+ unusual_location: z.boolean().optional().default(false),
934
+ after_hours_login: z.boolean().optional().default(false)
935
+ });
936
+ BaseEventSchema.extend({
937
+ signal_payload: AuthSignalPayloadSchema
938
+ });
939
+
940
+ // src/v1/builders/auth-builder.ts
941
+ var createAuthEvent = (event) => {
942
+ const signalPayload = AuthSignalPayloadSchema.parse(event.signal_payload);
943
+ return buildRawEventRequest(event, signalPayload, "AUTH");
944
+ };
945
+ var BehaviorSignalPayloadSchema = z.object({
946
+ deviation_score: fraction01()
947
+ });
948
+ BaseEventSchema.extend({
949
+ signal_payload: BehaviorSignalPayloadSchema
950
+ });
951
+
952
+ // src/v1/builders/behavior-builder.ts
973
953
  var createBehaviorEvent = (event) => {
974
954
  const signalPayload = BehaviorSignalPayloadSchema.parse(event.signal_payload);
975
955
  return buildRawEventRequest(event, signalPayload, "BEHAVIOR");
976
956
  };
977
- var createNetworkEvent = (event) => {
978
- const signalPayload = NetworkSignalPayloadSchema.parse(event.signal_payload);
979
- return buildRawEventRequest(event, signalPayload, "NETWORK_EVENT");
957
+
958
+ // src/shared/types/context-integrity.ts
959
+ var CONTEXT_SOURCES = [
960
+ "CONVERSATION_HISTORY",
961
+ "RETRIEVED_DOCUMENT",
962
+ "TOOL_OUTPUT",
963
+ "SYSTEM",
964
+ "DEVELOPER",
965
+ "USER"
966
+ ];
967
+
968
+ // src/v1/schemas/context-integrity.ts
969
+ var ContextIntegritySignalPayloadSchema = z.object({
970
+ context_source: z.enum(CONTEXT_SOURCES),
971
+ instruction_conflict_detected: z.boolean(),
972
+ untrusted_instruction_detected: z.boolean(),
973
+ context_priority_violation: z.boolean(),
974
+ recursive_instruction_pattern: z.boolean().optional().default(false),
975
+ context_drift_score: fraction01Nullable(),
976
+ system_prompt_conflict_score: fraction01Nullable(),
977
+ developer_prompt_conflict_score: fraction01Nullable(),
978
+ retrieved_instruction_count: z.number().int().nonnegative().optional().default(0),
979
+ hidden_instruction_score: fraction01Nullable(),
980
+ source_document_id: z.string().nullable().optional(),
981
+ untrusted_source_count: z.number().int().nonnegative().optional().default(0),
982
+ source_trust_score: fraction01Nullable(),
983
+ lowest_source_trust_score: fraction01Nullable(),
984
+ recursive_pattern_score: fraction01Nullable(),
985
+ prompt_injection_score: fraction01Nullable(),
986
+ contains_instruction_override: z.boolean().optional().default(false),
987
+ context_injection_score: fraction01Nullable()
988
+ });
989
+ BaseEventSchema.extend({
990
+ signal_payload: ContextIntegritySignalPayloadSchema
991
+ });
992
+
993
+ // src/v1/builders/context-integrity-builder.ts
994
+ var createContextIntegrityEvent = (event) => {
995
+ const signalPayload = ContextIntegritySignalPayloadSchema.parse(
996
+ event.signal_payload
997
+ );
998
+ return buildRawEventRequest(event, signalPayload, "CONTEXT_INTEGRITY");
980
999
  };
1000
+ var ModelOutputSignalPayloadSchema = z.object({
1001
+ missing_citations_rate: fraction01Nullable(),
1002
+ citation_rate: fraction01Nullable(),
1003
+ expected_citation_rate: fraction01Nullable(),
1004
+ policy_violations: z.number().int().nonnegative().optional().default(0),
1005
+ policy_violation_rate: fraction01Nullable(),
1006
+ tool_call_inconsistency: fraction01().optional().default(0),
1007
+ tool_inconsistency_rate: fraction01Nullable(),
1008
+ tool_miss_rate: fraction01Nullable(),
1009
+ eval_window_n: z.number().int().min(1).nullable().optional(),
1010
+ hallucination_risk_score: fraction01Nullable(),
1011
+ self_contradiction_score: fraction01Nullable(),
1012
+ grounding_score: fraction01Nullable(),
1013
+ contains_unsupported_claims: z.boolean().optional().default(false)
1014
+ });
1015
+ BaseEventSchema.extend({
1016
+ signal_payload: ModelOutputSignalPayloadSchema
1017
+ });
1018
+
1019
+ // src/v1/builders/model-output-builder.ts
981
1020
  var createModelOutputEvent = (event) => {
982
1021
  const signalPayload = ModelOutputSignalPayloadSchema.parse(
983
1022
  event.signal_payload
984
1023
  );
985
1024
  return buildRawEventRequest(event, signalPayload, "MODEL_OUTPUT");
986
1025
  };
1026
+ var NetworkSignalPayloadSchema = z.object({
1027
+ ip: z.string().nullable().optional(),
1028
+ asn: z.string().nullable().optional(),
1029
+ reputation_score: fraction01Nullable(),
1030
+ threat_score: fraction01Nullable(),
1031
+ is_datacenter: z.boolean().nullable().optional(),
1032
+ is_untrusted_segment: z.boolean().optional().default(false),
1033
+ asn_reputation: fraction01Nullable()
1034
+ });
1035
+ BaseEventSchema.extend({
1036
+ signal_payload: NetworkSignalPayloadSchema
1037
+ });
1038
+
1039
+ // src/v1/builders/network-builder.ts
1040
+ var createNetworkEvent = (event) => {
1041
+ const signalPayload = NetworkSignalPayloadSchema.parse(event.signal_payload);
1042
+ return buildRawEventRequest(event, signalPayload, "NETWORK_EVENT");
1043
+ };
1044
+
1045
+ // src/shared/types/policy-event.ts
1046
+ var POLICY_CATEGORIES = [
1047
+ "SAFETY",
1048
+ "PRIVACY",
1049
+ "SECURITY",
1050
+ "COMPLIANCE",
1051
+ "CONTENT",
1052
+ "OTHER"
1053
+ ];
1054
+ var POLICY_RESULTS = ["PASS", "WARN", "FAIL", "BLOCKED"];
1055
+
1056
+ // src/v1/schemas/policy-event.ts
1057
+ var PolicyEventSignalPayloadSchema = z.object({
1058
+ policy_check_name: nonEmptyString(),
1059
+ policy_category: z.enum(POLICY_CATEGORIES),
1060
+ policy_result: z.enum(POLICY_RESULTS),
1061
+ severity: fraction01(),
1062
+ blocked: z.boolean().optional().default(false),
1063
+ violation_count: z.number().int().nonnegative().optional().default(0),
1064
+ policy_confidence: fraction01Nullable(),
1065
+ redaction_applied: z.boolean().optional().default(false)
1066
+ });
1067
+ BaseEventSchema.extend({
1068
+ signal_payload: PolicyEventSignalPayloadSchema
1069
+ });
1070
+
1071
+ // src/v1/builders/policy-event-builder.ts
1072
+ var createPolicyEvent = (event) => {
1073
+ const signalPayload = PolicyEventSignalPayloadSchema.parse(
1074
+ event.signal_payload
1075
+ );
1076
+ return buildRawEventRequest(event, signalPayload, "POLICY_EVENT");
1077
+ };
1078
+ var promptHashSchema = z.string().regex(/^[a-fA-F0-9]{64}$/).optional();
1079
+ var PromptInputSignalPayloadSchema = z.object({
1080
+ prompt_length_chars: z.number().int().nonnegative(),
1081
+ conversation_turn_index: z.number().int().nonnegative(),
1082
+ contains_instruction_override: z.boolean(),
1083
+ contains_tool_request: z.boolean().optional().default(false),
1084
+ contains_secret_request: z.boolean().optional().default(false),
1085
+ contains_policy_challenge: z.boolean().optional().default(false),
1086
+ recursive_pattern_score: fraction01Nullable(),
1087
+ prompt_injection_score: fraction01Nullable(),
1088
+ sensitive_domain: z.boolean().optional().default(false),
1089
+ complexity_score: fraction01Nullable(),
1090
+ prompt_hash: promptHashSchema
1091
+ });
1092
+ BaseEventSchema.extend({
1093
+ signal_payload: PromptInputSignalPayloadSchema
1094
+ });
1095
+
1096
+ // src/v1/builders/prompt-input-builder.ts
1097
+ var createPromptInputEvent = (event) => {
1098
+ const signalPayload = PromptInputSignalPayloadSchema.parse(
1099
+ event.signal_payload
1100
+ );
1101
+ return buildRawEventRequest(event, signalPayload, "PROMPT_INPUT");
1102
+ };
1103
+ var RagRetrievalSignalPayloadSchema = z.object({
1104
+ retriever_id: nonEmptyString(),
1105
+ query_hash: z.string().nullable().optional(),
1106
+ documents_retrieved: z.number().int().nonnegative(),
1107
+ top_k: z.number().int().min(1),
1108
+ average_relevance_score: fraction01(),
1109
+ source_trust_score: fraction01(),
1110
+ lowest_source_trust_score: fraction01Nullable(),
1111
+ untrusted_source_count: z.number().int().nonnegative().optional().default(0),
1112
+ retrieved_context_tokens: z.number().int().nonnegative().optional().default(0),
1113
+ context_injection_score: fraction01().optional().default(0),
1114
+ document_ids: z.array(z.string()).optional().default([])
1115
+ });
1116
+ BaseEventSchema.extend({
1117
+ signal_payload: RagRetrievalSignalPayloadSchema
1118
+ });
1119
+
1120
+ // src/v1/builders/rag-retrieval-builder.ts
1121
+ var createRagRetrievalEvent = (event) => {
1122
+ const signalPayload = RagRetrievalSignalPayloadSchema.parse(
1123
+ event.signal_payload
1124
+ );
1125
+ return buildRawEventRequest(event, signalPayload, "RAG_RETRIEVAL");
1126
+ };
1127
+
1128
+ // src/shared/types/session.ts
1129
+ var SESSION_STATUSES = [
1130
+ "STARTED",
1131
+ "ACTIVE",
1132
+ "ENDED",
1133
+ "TIMEOUT",
1134
+ "ABANDONED"
1135
+ ];
1136
+
1137
+ // src/v1/schemas/session.ts
1138
+ var SessionSignalPayloadSchema = z.object({
1139
+ session_status: z.enum(SESSION_STATUSES),
1140
+ session_age_seconds: z.number().nonnegative().optional().default(0),
1141
+ turn_count: z.number().int().nonnegative().optional().default(0),
1142
+ messages_last_minute: z.number().nonnegative().optional().default(0),
1143
+ avg_seconds_between_turns: z.number().nonnegative().nullable().optional(),
1144
+ restart_count_10m: z.number().int().nonnegative().optional().default(0),
1145
+ session_timeout: z.boolean().optional().default(false),
1146
+ abandoned: z.boolean().optional().default(false),
1147
+ conversation_id: z.string().nullable().optional(),
1148
+ user_id: z.string().nullable().optional()
1149
+ });
1150
+ BaseEventSchema.extend({
1151
+ signal_payload: SessionSignalPayloadSchema
1152
+ });
1153
+
1154
+ // src/v1/builders/session-builder.ts
1155
+ var createSessionEvent = (event) => {
1156
+ const signalPayload = SessionSignalPayloadSchema.parse(event.signal_payload);
1157
+ return buildRawEventRequest(event, signalPayload, "SESSION");
1158
+ };
1159
+ var SystemTelemetrySignalPayloadSchema = z.object({
1160
+ metric_name: z.string().nullable().optional(),
1161
+ value: z.number().nullable().optional(),
1162
+ baseline: z.number().nullable().optional(),
1163
+ window_seconds: z.number().int().min(1).nullable().optional(),
1164
+ error_rate: fraction01().optional().default(0),
1165
+ baseline_error_rate: fraction01Nullable(),
1166
+ unusual_auth_rate: fraction01().optional().default(0),
1167
+ firmware_hash_changed: z.boolean().optional().default(false),
1168
+ expected_hash_match: z.boolean().nullable().optional(),
1169
+ sensor_deviation_score: fraction01Nullable()
1170
+ });
1171
+ BaseEventSchema.extend({
1172
+ signal_payload: SystemTelemetrySignalPayloadSchema
1173
+ });
1174
+
1175
+ // src/v1/builders/system-telemetry-builder.ts
987
1176
  var createSystemTelemetryEvent = (event) => {
988
1177
  const signalPayload = SystemTelemetrySignalPayloadSchema.parse(
989
1178
  event.signal_payload
@@ -991,6 +1180,172 @@ var createSystemTelemetryEvent = (event) => {
991
1180
  return buildRawEventRequest(event, signalPayload, "SYSTEM_TELEMETRY");
992
1181
  };
993
1182
 
994
- export { API_REGISTRY, QatiAPIError, QatiAuthError, QatiConfigError, QatiNotFoundError, QatiRateLimitError, QatiSDKError, QatiServerError, RawEventRequestSchema, Session, baseUrlFor, createAnomalyFlagEvent, createAuthEvent, createBehaviorEvent, createModelOutputEvent, createNetworkEvent, createSystemTelemetryEvent, createTransactionEvent, parseQatiConfig, resolveQatiConfig };
1183
+ // src/shared/types/tool-call.ts
1184
+ var TOOL_CATEGORIES = [
1185
+ "RETRIEVAL",
1186
+ "DATABASE",
1187
+ "PAYMENT",
1188
+ "MESSAGING",
1189
+ "CODE_EXECUTION",
1190
+ "FILE",
1191
+ "EXTERNAL_API",
1192
+ "OTHER"
1193
+ ];
1194
+
1195
+ // src/v1/schemas/tool-call.ts
1196
+ var ToolCallSignalPayloadSchema = z.object({
1197
+ tool_name: nonEmptyString(),
1198
+ tool_category: z.enum(TOOL_CATEGORIES),
1199
+ action: nonEmptyString(),
1200
+ authorized: z.boolean().nullable(),
1201
+ safety_critical: z.boolean(),
1202
+ external_side_effect: z.boolean(),
1203
+ tool_call_success: z.boolean().nullable().optional(),
1204
+ latency_ms: z.number().nonnegative().nullable().optional(),
1205
+ error_code: z.string().nullable().optional(),
1206
+ argument_risk_score: fraction01Nullable(),
1207
+ result_size_bytes: z.number().int().nonnegative().nullable().optional(),
1208
+ records_accessed: z.number().int().nonnegative().optional().default(0),
1209
+ contains_sensitive_data: z.boolean().optional().default(false),
1210
+ action_category: z.string().nullable().optional(),
1211
+ method: z.string().nullable().optional(),
1212
+ sensitive_data_involved: z.boolean().optional().default(false),
1213
+ contains_phi: z.boolean().optional().default(false),
1214
+ sensitive_domain: z.boolean().optional().default(false)
1215
+ });
1216
+ BaseEventSchema.extend({
1217
+ signal_payload: ToolCallSignalPayloadSchema
1218
+ });
1219
+
1220
+ // src/v1/builders/tool-call-builder.ts
1221
+ var createToolCallEvent = (event) => {
1222
+ const signalPayload = ToolCallSignalPayloadSchema.parse(event.signal_payload);
1223
+ return buildRawEventRequest(event, signalPayload, "TOOL_CALL");
1224
+ };
1225
+ var TransactionSignalPayloadSchema = z.object({
1226
+ amount: z.number().nonnegative().default(0),
1227
+ amount_minor: z.number().int().nonnegative().nullable().optional(),
1228
+ amount_usd: z.number().nonnegative().nullable().optional(),
1229
+ currency: z.string().nullable().optional(),
1230
+ merchant_category: z.string().nullable().optional(),
1231
+ merchant_id: z.string().nullable().optional(),
1232
+ channel: z.string().nullable().optional(),
1233
+ country: z.string().nullable().optional(),
1234
+ velocity: z.number().nonnegative().nullable().optional(),
1235
+ external_anomaly_score: z.number().nullable().optional(),
1236
+ geo_distance: z.number().nonnegative().nullable().optional(),
1237
+ geo_distance_km: z.number().nonnegative().nullable().optional(),
1238
+ records_accessed: z.number().int().nonnegative().nullable().optional(),
1239
+ baseline_records_accessed: z.number().int().nonnegative().nullable().optional(),
1240
+ sensitivity_level: z.string().nullable().optional(),
1241
+ export_count: z.number().int().nonnegative().nullable().optional(),
1242
+ bulk_export: z.boolean().optional().default(false),
1243
+ contains_phi: z.boolean().optional().default(false),
1244
+ control_command: z.string().nullable().optional(),
1245
+ authorized: z.boolean().nullable().optional(),
1246
+ safety_critical: z.boolean().optional().default(false)
1247
+ });
1248
+ BaseEventSchema.extend({
1249
+ signal_payload: TransactionSignalPayloadSchema
1250
+ });
1251
+
1252
+ // src/v1/builders/transaction-builder.ts
1253
+ var createTransactionEvent = (event) => {
1254
+ const signalPayload = TransactionSignalPayloadSchema.parse(
1255
+ event.signal_payload
1256
+ );
1257
+ return buildRawEventRequest(event, signalPayload, "TRANSACTION");
1258
+ };
1259
+
1260
+ // src/shared/types/user-feedback.ts
1261
+ var FEEDBACK_TYPES = [
1262
+ "THUMBS_UP",
1263
+ "THUMBS_DOWN",
1264
+ "REPORT",
1265
+ "CORRECTION",
1266
+ "RATING"
1267
+ ];
1268
+ var FEEDBACK_ISSUE_TYPES = [
1269
+ "HALLUCINATION",
1270
+ "UNSAFE",
1271
+ "IRRELEVANT",
1272
+ "PRIVACY",
1273
+ "OFFENSIVE",
1274
+ "OTHER"
1275
+ ];
1276
+
1277
+ // src/v1/schemas/user-feedback.ts
1278
+ var UserFeedbackSignalPayloadSchema = z.object({
1279
+ feedback_type: z.enum(FEEDBACK_TYPES),
1280
+ rating: z.number().nullable().optional(),
1281
+ reported_issue: z.boolean().optional().default(false),
1282
+ issue_type: z.enum(FEEDBACK_ISSUE_TYPES).nullable().optional(),
1283
+ severity: fraction01Nullable(),
1284
+ response_id: z.string().nullable().optional(),
1285
+ user_comment_hash: z.string().nullable().optional()
1286
+ });
1287
+ BaseEventSchema.extend({
1288
+ signal_payload: UserFeedbackSignalPayloadSchema
1289
+ });
1290
+
1291
+ // src/v1/builders/user-feedback-builder.ts
1292
+ var createUserFeedbackEvent = (event) => {
1293
+ const signalPayload = UserFeedbackSignalPayloadSchema.parse(
1294
+ event.signal_payload
1295
+ );
1296
+ return buildRawEventRequest(event, signalPayload, "USER_FEEDBACK");
1297
+ };
1298
+
1299
+ // src/shared/types/workflow-action.ts
1300
+ var WORKFLOW_ACTION_CATEGORIES = [
1301
+ "FINANCIAL",
1302
+ "DATA_ACCESS",
1303
+ "COMMUNICATION",
1304
+ "ADMIN",
1305
+ "SECURITY",
1306
+ "CODE",
1307
+ "OTHER"
1308
+ ];
1309
+ var WORKFLOW_ACTION_STAGES = [
1310
+ "PROPOSED",
1311
+ "PRE_EXECUTION",
1312
+ "EXECUTED",
1313
+ "FAILED",
1314
+ "ROLLED_BACK"
1315
+ ];
1316
+ var WORKFLOW_ACTOR_TYPES = ["USER", "AI_AGENT", "SYSTEM"];
1317
+
1318
+ // src/v1/schemas/workflow-action.ts
1319
+ var WorkflowActionSignalPayloadSchema = z.object({
1320
+ workflow_id: nonEmptyString(),
1321
+ workflow_type: nonEmptyString(),
1322
+ action_name: nonEmptyString(),
1323
+ action_category: z.enum(WORKFLOW_ACTION_CATEGORIES),
1324
+ action_stage: z.enum(WORKFLOW_ACTION_STAGES),
1325
+ actor_type: z.enum(WORKFLOW_ACTOR_TYPES),
1326
+ requires_approval: z.boolean().optional().default(false),
1327
+ approval_present: z.boolean().optional().default(false),
1328
+ external_side_effect: z.boolean().nullable().optional(),
1329
+ safety_critical: z.boolean().nullable().optional(),
1330
+ amount_usd: z.number().nonnegative().nullable().optional(),
1331
+ sensitive_data_involved: z.boolean().optional().default(false),
1332
+ new_counterparty: z.boolean().optional().default(false),
1333
+ is_new_vendor: z.boolean().optional().default(false),
1334
+ is_new_recipient: z.boolean().optional().default(false),
1335
+ is_new_endpoint: z.boolean().optional().default(false)
1336
+ });
1337
+ BaseEventSchema.extend({
1338
+ signal_payload: WorkflowActionSignalPayloadSchema
1339
+ });
1340
+
1341
+ // src/v1/builders/workflow-action-builder.ts
1342
+ var createWorkflowActionEvent = (event) => {
1343
+ const signalPayload = WorkflowActionSignalPayloadSchema.parse(
1344
+ event.signal_payload
1345
+ );
1346
+ return buildRawEventRequest(event, signalPayload, "WORKFLOW_ACTION");
1347
+ };
1348
+
1349
+ export { API_REGISTRY, QatiAPIError, QatiAuthError, QatiConfigError, QatiNotFoundError, QatiRateLimitError, QatiSDKError, QatiServerError, RawEventRequestSchema, Session, baseUrlFor, createAnomalyFlagEvent, createApiCallEvent, createAuthEvent, createBehaviorEvent, createContextIntegrityEvent, createModelOutputEvent, createNetworkEvent, createPolicyEvent, createPromptInputEvent, createRagRetrievalEvent, createSessionEvent, createSystemTelemetryEvent, createToolCallEvent, createTransactionEvent, createUserFeedbackEvent, createWorkflowActionEvent, parseQatiConfig, resolveQatiConfig };
995
1350
  //# sourceMappingURL=index.js.map
996
1351
  //# sourceMappingURL=index.js.map