risicare 0.4.0 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/dist/frameworks/instructor.cjs +94 -81
  2. package/dist/frameworks/instructor.cjs.map +1 -1
  3. package/dist/frameworks/instructor.d.cts +19 -7
  4. package/dist/frameworks/instructor.d.ts +19 -7
  5. package/dist/frameworks/instructor.js +94 -83
  6. package/dist/frameworks/instructor.js.map +1 -1
  7. package/dist/frameworks/langchain.cjs +192 -101
  8. package/dist/frameworks/langchain.cjs.map +1 -1
  9. package/dist/frameworks/langchain.d.cts +97 -3
  10. package/dist/frameworks/langchain.d.ts +97 -3
  11. package/dist/frameworks/langchain.js +196 -101
  12. package/dist/frameworks/langchain.js.map +1 -1
  13. package/dist/frameworks/langgraph.cjs +192 -101
  14. package/dist/frameworks/langgraph.cjs.map +1 -1
  15. package/dist/frameworks/langgraph.js +196 -101
  16. package/dist/frameworks/langgraph.js.map +1 -1
  17. package/dist/frameworks/llamaindex.cjs +92 -74
  18. package/dist/frameworks/llamaindex.cjs.map +1 -1
  19. package/dist/frameworks/llamaindex.d.cts +33 -17
  20. package/dist/frameworks/llamaindex.d.ts +33 -17
  21. package/dist/frameworks/llamaindex.js +92 -76
  22. package/dist/frameworks/llamaindex.js.map +1 -1
  23. package/dist/index.cjs +2681 -2367
  24. package/dist/index.cjs.map +1 -1
  25. package/dist/index.d.cts +35 -1
  26. package/dist/index.d.ts +35 -1
  27. package/dist/index.js +2613 -2318
  28. package/dist/index.js.map +1 -1
  29. package/dist/providers/anthropic/index.cjs +41 -49
  30. package/dist/providers/anthropic/index.cjs.map +1 -1
  31. package/dist/providers/anthropic/index.js +41 -51
  32. package/dist/providers/anthropic/index.js.map +1 -1
  33. package/dist/providers/bedrock/index.cjs +64 -59
  34. package/dist/providers/bedrock/index.cjs.map +1 -1
  35. package/dist/providers/bedrock/index.d.cts +13 -1
  36. package/dist/providers/bedrock/index.d.ts +13 -1
  37. package/dist/providers/bedrock/index.js +63 -61
  38. package/dist/providers/bedrock/index.js.map +1 -1
  39. package/dist/providers/cerebras/index.cjs +41 -49
  40. package/dist/providers/cerebras/index.cjs.map +1 -1
  41. package/dist/providers/cerebras/index.js +41 -51
  42. package/dist/providers/cerebras/index.js.map +1 -1
  43. package/dist/providers/cohere/index.cjs +43 -51
  44. package/dist/providers/cohere/index.cjs.map +1 -1
  45. package/dist/providers/cohere/index.js +43 -53
  46. package/dist/providers/cohere/index.js.map +1 -1
  47. package/dist/providers/google/index.cjs +41 -49
  48. package/dist/providers/google/index.cjs.map +1 -1
  49. package/dist/providers/google/index.js +41 -51
  50. package/dist/providers/google/index.js.map +1 -1
  51. package/dist/providers/groq/index.cjs +41 -49
  52. package/dist/providers/groq/index.cjs.map +1 -1
  53. package/dist/providers/groq/index.js +41 -51
  54. package/dist/providers/groq/index.js.map +1 -1
  55. package/dist/providers/huggingface/index.cjs +41 -49
  56. package/dist/providers/huggingface/index.cjs.map +1 -1
  57. package/dist/providers/huggingface/index.js +41 -51
  58. package/dist/providers/huggingface/index.js.map +1 -1
  59. package/dist/providers/mistral/index.cjs +45 -53
  60. package/dist/providers/mistral/index.cjs.map +1 -1
  61. package/dist/providers/mistral/index.js +45 -55
  62. package/dist/providers/mistral/index.js.map +1 -1
  63. package/dist/providers/ollama/index.cjs +49 -49
  64. package/dist/providers/ollama/index.cjs.map +1 -1
  65. package/dist/providers/ollama/index.js +49 -51
  66. package/dist/providers/ollama/index.js.map +1 -1
  67. package/dist/providers/openai/index.cjs +44 -50
  68. package/dist/providers/openai/index.cjs.map +1 -1
  69. package/dist/providers/openai/index.js +44 -52
  70. package/dist/providers/openai/index.js.map +1 -1
  71. package/dist/providers/together/index.cjs +41 -49
  72. package/dist/providers/together/index.cjs.map +1 -1
  73. package/dist/providers/together/index.js +41 -51
  74. package/dist/providers/together/index.js.map +1 -1
  75. package/dist/providers/vercel-ai/index.cjs +28 -43
  76. package/dist/providers/vercel-ai/index.cjs.map +1 -1
  77. package/dist/providers/vercel-ai/index.js +28 -45
  78. package/dist/providers/vercel-ai/index.js.map +1 -1
  79. package/package.json +94 -33
package/dist/index.d.cts CHANGED
@@ -873,6 +873,13 @@ interface ApplyResult {
873
873
  fixType?: string;
874
874
  modifications: Record<string, unknown>;
875
875
  error?: string;
876
+ /**
877
+ * Guard-only: human-readable reason a guard failed (passed=false). Used
878
+ * by GuardRejectedError to surface an actionable message to the customer.
879
+ * `error` carries the raw exception text; `reason` carries the audit
880
+ * category ('guard_exception', 'content_filter', 'format_check', etc.).
881
+ */
882
+ reason?: string;
876
883
  }
877
884
  declare class FixApplier {
878
885
  private readonly _config;
@@ -1024,6 +1031,33 @@ declare class FixLoader {
1024
1031
  * Port of Python SDK's runtime/interceptors.py adapted for Node.js.
1025
1032
  */
1026
1033
 
1034
+ /**
1035
+ * Thrown by the fix interceptor when a guard fix returns `passed: false`.
1036
+ *
1037
+ * PR-4+5 review B2 (2026-05-25): pre-fix, `applyGuardFix` returned
1038
+ * `passed:false` correctly but no caller read `passed` — the provider
1039
+ * patcher consumed `result.messages` / `result.params` and proceeded to the
1040
+ * LLM with the attacker payload anyway. The `fail-CLOSED` was advisory only.
1041
+ *
1042
+ * Now the interceptor THROWS this error on both pre-call and post-call
1043
+ * guard rejection. The provider patcher's surrounding span.startSpan
1044
+ * already catches and records exceptions, so the customer sees a
1045
+ * `GuardRejectedError` propagated out of their `openai.chat.completions.create`
1046
+ * call — the LLM is NEVER invoked.
1047
+ *
1048
+ * Customers who want to handle rejection gracefully can:
1049
+ * try { await openai.chat.completions.create({ ... }); }
1050
+ * catch (e) {
1051
+ * if (e instanceof GuardRejectedError) { ... fallback ... }
1052
+ * else throw e;
1053
+ * }
1054
+ */
1055
+ declare class GuardRejectedError extends Error {
1056
+ readonly guardId: string;
1057
+ readonly reason: string;
1058
+ readonly phase: 'pre_call' | 'post_call';
1059
+ constructor(guardId: string, reason: string, phase: 'pre_call' | 'post_call');
1060
+ }
1027
1061
  interface InterceptContext {
1028
1062
  /** Type of operation: "llm_call", "tool_call", "agent_delegate" */
1029
1063
  operationType: string;
@@ -1319,4 +1353,4 @@ type WebhookPayload = Uint8Array | ArrayBuffer | string;
1319
1353
  */
1320
1354
  declare function verifyWebhookSignature(payload: WebhookPayload, headers: HeaderLookup, secret: string, opts?: VerifyWebhookOptions): void;
1321
1355
 
1322
- export { type ActiveFix, type AgentContext, type AgentOptions, AgentRole, DEFAULT_TIMESTAMP_TOLERANCE_S, type FixRuntimeConfig, type HeaderLookup, MessageType, type RisicareConfig, SemanticPhase, type SessionContext, type SessionOptions, Span, SpanKind, type SpanOptions, SpanStatus, type StartSpanOptions, type TraceContext, type TracedStreamOptions, Tracer, type VerifyWebhookOptions, type WebhookPayload, WebhookVerificationError, agent, disable, enable, extractTraceContext, flush, getCurrentAgent, getCurrentAgentId, getCurrentContext, getCurrentPhase, getCurrentSession, getCurrentSessionId, getCurrentSpan, getCurrentSpanId, getCurrentTraceId, getFixRuntime, getMetrics, getSpanById, getTraceContent, getTraceContext, getTracer, init, initFixRuntime, injectTraceContext, isEnabled, isProviderInstrumentationSuppressed, registerSpan, reportError, score, session, shutdown, shutdownFixRuntime, suppressProviderInstrumentation, traceAct, traceCoordinate, traceDecide, traceDelegate, traceMessage, traceObserve, traceThink, tracedStream, unregisterSpan, verifyWebhookSignature, withAgent, withPhase, withSession };
1356
+ export { type ActiveFix, type AgentContext, type AgentOptions, AgentRole, DEFAULT_TIMESTAMP_TOLERANCE_S, type FixRuntimeConfig, GuardRejectedError, type HeaderLookup, MessageType, type RisicareConfig, SemanticPhase, type SessionContext, type SessionOptions, Span, SpanKind, type SpanOptions, SpanStatus, type StartSpanOptions, type TraceContext, type TracedStreamOptions, Tracer, type VerifyWebhookOptions, type WebhookPayload, WebhookVerificationError, agent, disable, enable, extractTraceContext, flush, getCurrentAgent, getCurrentAgentId, getCurrentContext, getCurrentPhase, getCurrentSession, getCurrentSessionId, getCurrentSpan, getCurrentSpanId, getCurrentTraceId, getFixRuntime, getMetrics, getSpanById, getTraceContent, getTraceContext, getTracer, init, initFixRuntime, injectTraceContext, isEnabled, isProviderInstrumentationSuppressed, registerSpan, reportError, score, session, shutdown, shutdownFixRuntime, suppressProviderInstrumentation, traceAct, traceCoordinate, traceDecide, traceDelegate, traceMessage, traceObserve, traceThink, tracedStream, unregisterSpan, verifyWebhookSignature, withAgent, withPhase, withSession };
package/dist/index.d.ts CHANGED
@@ -873,6 +873,13 @@ interface ApplyResult {
873
873
  fixType?: string;
874
874
  modifications: Record<string, unknown>;
875
875
  error?: string;
876
+ /**
877
+ * Guard-only: human-readable reason a guard failed (passed=false). Used
878
+ * by GuardRejectedError to surface an actionable message to the customer.
879
+ * `error` carries the raw exception text; `reason` carries the audit
880
+ * category ('guard_exception', 'content_filter', 'format_check', etc.).
881
+ */
882
+ reason?: string;
876
883
  }
877
884
  declare class FixApplier {
878
885
  private readonly _config;
@@ -1024,6 +1031,33 @@ declare class FixLoader {
1024
1031
  * Port of Python SDK's runtime/interceptors.py adapted for Node.js.
1025
1032
  */
1026
1033
 
1034
+ /**
1035
+ * Thrown by the fix interceptor when a guard fix returns `passed: false`.
1036
+ *
1037
+ * PR-4+5 review B2 (2026-05-25): pre-fix, `applyGuardFix` returned
1038
+ * `passed:false` correctly but no caller read `passed` — the provider
1039
+ * patcher consumed `result.messages` / `result.params` and proceeded to the
1040
+ * LLM with the attacker payload anyway. The `fail-CLOSED` was advisory only.
1041
+ *
1042
+ * Now the interceptor THROWS this error on both pre-call and post-call
1043
+ * guard rejection. The provider patcher's surrounding span.startSpan
1044
+ * already catches and records exceptions, so the customer sees a
1045
+ * `GuardRejectedError` propagated out of their `openai.chat.completions.create`
1046
+ * call — the LLM is NEVER invoked.
1047
+ *
1048
+ * Customers who want to handle rejection gracefully can:
1049
+ * try { await openai.chat.completions.create({ ... }); }
1050
+ * catch (e) {
1051
+ * if (e instanceof GuardRejectedError) { ... fallback ... }
1052
+ * else throw e;
1053
+ * }
1054
+ */
1055
+ declare class GuardRejectedError extends Error {
1056
+ readonly guardId: string;
1057
+ readonly reason: string;
1058
+ readonly phase: 'pre_call' | 'post_call';
1059
+ constructor(guardId: string, reason: string, phase: 'pre_call' | 'post_call');
1060
+ }
1027
1061
  interface InterceptContext {
1028
1062
  /** Type of operation: "llm_call", "tool_call", "agent_delegate" */
1029
1063
  operationType: string;
@@ -1319,4 +1353,4 @@ type WebhookPayload = Uint8Array | ArrayBuffer | string;
1319
1353
  */
1320
1354
  declare function verifyWebhookSignature(payload: WebhookPayload, headers: HeaderLookup, secret: string, opts?: VerifyWebhookOptions): void;
1321
1355
 
1322
- export { type ActiveFix, type AgentContext, type AgentOptions, AgentRole, DEFAULT_TIMESTAMP_TOLERANCE_S, type FixRuntimeConfig, type HeaderLookup, MessageType, type RisicareConfig, SemanticPhase, type SessionContext, type SessionOptions, Span, SpanKind, type SpanOptions, SpanStatus, type StartSpanOptions, type TraceContext, type TracedStreamOptions, Tracer, type VerifyWebhookOptions, type WebhookPayload, WebhookVerificationError, agent, disable, enable, extractTraceContext, flush, getCurrentAgent, getCurrentAgentId, getCurrentContext, getCurrentPhase, getCurrentSession, getCurrentSessionId, getCurrentSpan, getCurrentSpanId, getCurrentTraceId, getFixRuntime, getMetrics, getSpanById, getTraceContent, getTraceContext, getTracer, init, initFixRuntime, injectTraceContext, isEnabled, isProviderInstrumentationSuppressed, registerSpan, reportError, score, session, shutdown, shutdownFixRuntime, suppressProviderInstrumentation, traceAct, traceCoordinate, traceDecide, traceDelegate, traceMessage, traceObserve, traceThink, tracedStream, unregisterSpan, verifyWebhookSignature, withAgent, withPhase, withSession };
1356
+ export { type ActiveFix, type AgentContext, type AgentOptions, AgentRole, DEFAULT_TIMESTAMP_TOLERANCE_S, type FixRuntimeConfig, GuardRejectedError, type HeaderLookup, MessageType, type RisicareConfig, SemanticPhase, type SessionContext, type SessionOptions, Span, SpanKind, type SpanOptions, SpanStatus, type StartSpanOptions, type TraceContext, type TracedStreamOptions, Tracer, type VerifyWebhookOptions, type WebhookPayload, WebhookVerificationError, agent, disable, enable, extractTraceContext, flush, getCurrentAgent, getCurrentAgentId, getCurrentContext, getCurrentPhase, getCurrentSession, getCurrentSessionId, getCurrentSpan, getCurrentSpanId, getCurrentTraceId, getFixRuntime, getMetrics, getSpanById, getTraceContent, getTraceContext, getTracer, init, initFixRuntime, injectTraceContext, isEnabled, isProviderInstrumentationSuppressed, registerSpan, reportError, score, session, shutdown, shutdownFixRuntime, suppressProviderInstrumentation, traceAct, traceCoordinate, traceDecide, traceDelegate, traceMessage, traceObserve, traceThink, tracedStream, unregisterSpan, verifyWebhookSignature, withAgent, withPhase, withSession };