npm - trusera-sdk - Versions diffs - 0.1.0 → 1.0.0 - Mend

trusera-sdk 0.1.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/README.md +67 -5
package/dist/index.cjs +1420 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +167 -0
package/dist/index.d.ts +167 -8
package/dist/index.js +1382 -13
package/dist/index.js.map +1 -1
package/package.json +31 -6
package/dist/client.d.ts +0 -31
package/dist/client.d.ts.map +0 -1
package/dist/client.js +0 -135
package/dist/client.js.map +0 -1
package/dist/events.d.ts +0 -19
package/dist/events.d.ts.map +0 -1
package/dist/events.js +0 -39
package/dist/events.js.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/integrations/langchain.d.ts +0 -28
package/dist/integrations/langchain.d.ts.map +0 -1
package/dist/integrations/langchain.js +0 -132
package/dist/integrations/langchain.js.map +0 -1
package/dist/interceptor.d.ts +0 -23
package/dist/interceptor.d.ts.map +0 -1
package/dist/interceptor.js +0 -215
package/dist/interceptor.js.map +0 -1

package/README.md CHANGED Viewed

@@ -1,5 +1,7 @@
 # Trusera SDK for JavaScript/TypeScript
+> **Beta** — This SDK is under active development. Expected GA: April 2026.
 [![npm version](https://badge.fury.io/js/trusera-sdk.svg)](https://www.npmjs.com/package/trusera-sdk)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
@@ -7,9 +9,10 @@ The official TypeScript/JavaScript SDK for monitoring AI agents with [Trusera](h
 ## Key Features
-- **Transparent HTTP Interception**: Zero-code instrumentation of all outbound HTTP calls
+- **Transparent HTTP Interception**: Zero-code instrumentation via `fetch`, `axios`, and `undici`
 - **Policy Enforcement**: Runtime evaluation against Cedar policies with configurable enforcement modes
-- **LangChain.js Integration**: First-class support for LangChain.js callbacks
+- **LangChain.js Integration**: First-class support for LangChain.js callbacks with optional Cedar enforcement
+- **ESM + CJS**: Dual-format output (built with tsup) -- works in any Node.js or Bun environment
 - **Rich Event Tracking**: Track LLM calls, tool executions, data access, and custom events
 - **Batched Transmission**: Automatic event batching and retry logic
 - **Type-Safe**: Full TypeScript support with strict typing
@@ -74,6 +77,54 @@ await model.invoke("What are the top AI security risks?");
 await client.close();
 ```
+### Axios and Undici Interception
+The interceptor automatically detects and patches `axios` and `undici` if they
+are installed. No additional configuration is needed:
+```typescript
+import axios from "axios";
+import { TruseraClient, TruseraInterceptor } from "trusera-sdk";
+const client = new TruseraClient({ apiKey: "tsk_xxx" });
+const interceptor = new TruseraInterceptor();
+interceptor.install(client, { enforcement: "warn" });
+// axios requests are now tracked automatically
+await axios.get("https://api.openai.com/v1/models");
+// undici requests too (if undici is installed)
+// import { request } from "undici";
+// await request("https://api.openai.com/v1/models");
+await client.close();
+interceptor.uninstall();
+```
+Libraries are detected via `require()` at install-time. If a library is not
+installed, it is silently skipped with no errors.
+### LangChain.js with Cedar Enforcement
+Add Cedar policy enforcement to tool and LLM calls:
+```typescript
+import { TruseraClient, TruseraLangChainHandler, CedarEvaluator } from "trusera-sdk";
+const evaluator = new CedarEvaluator();
+await evaluator.loadPolicy(`
+  forbid (principal, action == Action::"*", resource)
+  when { resource.hostname == "langchain" };
+`);
+const handler = new TruseraLangChainHandler(client, {
+  enforcement: "block",
+  cedarEvaluator: evaluator,
+});
+// Denied tool/LLM calls throw in block mode
+```
 ### Manual Event Tracking
 For custom instrumentation:
@@ -282,17 +333,28 @@ The SDK tracks six core event types:
 #### Methods
-- `install(client: TruseraClient, options?: InterceptorOptions): void`: Install HTTP interceptor
-- `uninstall(): void`: Restore original fetch and remove interceptor
+- `install(client: TruseraClient, options?: InterceptorOptions): void`: Install HTTP interceptor for `fetch`, `axios` (if available), and `undici` (if available)
+- `uninstall(): void`: Restore original fetch, eject axios interceptors, and restore undici functions
 ### `TruseraLangChainHandler`
 #### Methods
-- `constructor(client: TruseraClient)`: Create handler for LangChain callbacks
+- `constructor(client: TruseraClient, options?: LangChainHandlerOptions)`: Create handler for LangChain callbacks with optional Cedar enforcement
 - `getPendingEventCount(): number`: Get count of incomplete events
 - `clearPendingEvents(): void`: Clear all pending events
+#### LangChainHandlerOptions
+```typescript
+interface LangChainHandlerOptions {
+  enforcement?: "block" | "warn" | "log";
+  cedarEvaluator?: CedarEvaluator;
+}
+```
+When `enforcement` is `"block"` and a Cedar policy denies a tool/LLM call, the handler throws an `Error`. In `"warn"` mode it logs via `console.warn`. In `"log"` mode (default) violations are tracked silently.
 ### Utility Functions
 - `createEvent(type: EventType, name: string, payload?, metadata?): Event`: Create a well-formed event