eve-ai-governance
v0.2.0
Published
EVE AI Core Governance SDK — Deterministic AI enforcement in one API call
Maintainers
Readme
eve-ai-governance
EVE AI Core Governance SDK (Node/TypeScript) — deterministic AI decision enforcement in one API call, plus offline proof verification.
npm install eve-ai-governanceZero-config, dependency-light, ships ESM + CJS + type declarations.
Enforce a decision
import { GovernanceClient, RateLimitError, PaymentRequiredError } from 'eve-ai-governance';
const client = new GovernanceClient({ apiKey: 'eve_sk_...' });
const result = await client.evaluate({
request_id: 'req-001',
tenant_id: 'bank_001',
proposed_action: { type: 'loan_approval', amount: 250000 },
model_output: { decision: 'approve', confidence: 0.91 },
context: { credit_score: 580, debt_to_income: 0.52 },
policy_set: 'lending_v1',
});
// result.decision.status -> "ALLOWED" | "BLOCKED" | "MODIFIED"
// Billing / rate-limit metadata from the most recent call:
client.subscriptionState; // 'active' | 'past_due' | ...
client.rateLimit; // { limit, remaining } | { limit: null, ... }
client.quotaWarning; // null | 'payment_past_due'Auth is Authorization: Bearer eve_...; the org/tenant is derived from the key
server-side. See the Response-Header Contract
for the full status-code and accessor reference (RateLimitError on 429,
PaymentRequiredError on 402).
Verify a proof offline
verifyProof recomputes the canonical content hash and checks the HMAC-SHA256
signature locally — no network call. The canonicalization is byte-for-byte
compatible with the Python SDKs (json.dumps(sort_keys=True)), so a proof signed
by EVE verifies here and vice-versa. Tampering any field (including nested ones)
fails; a wrong/empty signature returns false (never throws).
import { GovernanceClient } from 'eve-ai-governance';
const ok = GovernanceClient.verifyProof(proofBundle, sharedSigningKey); // booleanThe same canonicalizer is exported as canonicalizeForHash for custom tooling.
License
Proprietary. See LICENSE.
