feat: add defender config option to StackOneToolSet

Adds a `defender` option to the `StackOneToolSet` constructor that allows
controlling prompt injection detection behavior at the toolset level.

- Add `DefenderConfig` interface with `enabled`, `blockHighRisk`,
  `useTier1Classification`, and `useTier2Classification` fields —
  matching canonical `DefenderSettings` names from `@stackone/core`
- Add `defender_enabled` to `rpcActionRequestSchema` so it is no longer
  silently dropped by Zod validation
- Forward `defender_enabled` through `RpcClient.rpcAction()` request body
- Thread `defenderConfig.enabled` → `defender_enabled` in every RPC call
  made by `createRpcBackedTool`
- Export `DefenderConfig` from the package index

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: hiskudin

src/index.ts

@@ -32,6 +32,7 @@ export {
 export type {
 	AISDKToolDefinition,
 	AISDKToolResult,
+	DefenderConfig,
 	ExecuteConfig,
 	ExecuteOptions,
 	JsonObject,

src/rpc-client.ts

@@ -50,10 +50,13 @@ export class RpcClient {
 			const requestBody = {
 				action: validatedRequest.action,
 				body: validatedRequest.body,
+				...(validatedRequest.defender_enabled !== undefined
+					? { defender_enabled: validatedRequest.defender_enabled }
+					: {}),
 				headers: validatedRequest.headers,
 				path: validatedRequest.path,
 				query: validatedRequest.query,
-			} as const satisfies RpcActionRequest;
+			} satisfies RpcActionRequest;
 
 			// Forward StackOne-specific headers as HTTP headers
 			const requestHeaders = validatedRequest.headers;

src/schema.ts

@@ -8,6 +8,7 @@ import { stackOneHeadersSchema } from './headers';
 export const rpcActionRequestSchema = z.object({
 	action: z.string(),
 	body: z.optional(z.record(z.string(), z.unknown())),
+	defender_enabled: z.optional(z.boolean()),
 	headers: z.optional(stackOneHeadersSchema),
 	path: z.optional(z.record(z.string(), z.unknown())),
 	query: z.optional(z.record(z.string(), z.unknown())),

src/toolsets.ts

@@ -13,6 +13,7 @@ import {
 } from './semantic-search';
 import { BaseTool, Tools } from './tool';
 import type {
+	DefenderConfig,
 	ExecuteOptions,
 	JsonObject,
 	JsonSchemaProperties,
@@ -141,6 +142,13 @@ interface StackOneToolSetBaseConfig extends BaseToolSetConfig {
 	 * Per-call options always override these defaults.
 	 */
 	search?: SearchConfig | null;
+	/**
+	 * Defender configuration. Controls prompt injection detection behavior.
+	 * Overrides the project-level defender settings for all tool calls made by this toolset.
+	 *
+	 * - Omit or pass `undefined` → uses the project defender settings
+	 */
+	defender?: DefenderConfig;
 }
 
 /**
@@ -261,6 +269,7 @@ export class StackOneToolSet {
 	private headers: Record<string, string>;
 	private rpcClient?: RpcClient;
 	private readonly searchConfig: SearchConfig | null;
+	private readonly defenderConfig?: DefenderConfig;
 
 	/**
 	 * Account ID for StackOne API
@@ -320,6 +329,8 @@ export class StackOneToolSet {
 		// Resolve search config: undefined → defaults, null → disabled, object → custom
 		this.searchConfig = config?.search === null ? null : { method: 'auto', ...config?.search };
 
+		this.defenderConfig = config?.defender;
+
 		// Set Authentication headers if provided
 		if (this.authentication) {
 			// Only set auth headers if they don't already exist in custom headers
@@ -965,6 +976,9 @@ export class StackOneToolSet {
 				const response = await actionsClient.actions.rpcAction({
 					action: name,
 					body: rpcBody,
+					...(this.defenderConfig?.enabled !== undefined
+						? { defender_enabled: this.defenderConfig.enabled }
+						: {}),
 					headers: actionHeaders,
 					path: pathParams ?? undefined,
 					query: queryParams ?? undefined,

src/types.ts

@@ -234,3 +234,33 @@ export interface ClaudeAgentSdkOptions {
 	 */
 	serverVersion?: string;
 }
+
+/**
+ * Defender configuration for controlling prompt injection detection behavior.
+ * Field names match the canonical `DefenderSettings` from `@stackone/core`.
+ *
+ * Note: only `enabled` is applied per-request via the `defender_enabled` API field.
+ * The remaining fields are included for forward compatibility and documentation.
+ */
+export interface DefenderConfig {
+	/**
+	 * Whether to enable defender. Maps to `defender_enabled` in the RPC request.
+	 * Defaults to the project setting.
+	 */
+	enabled?: boolean;
+	/**
+	 * Whether to block tool execution when a HIGH risk score is detected.
+	 * Defaults to the project setting.
+	 */
+	blockHighRisk?: boolean;
+	/**
+	 * Whether to enable tier 1 pattern-based (regex) detection.
+	 * Defaults to the project setting.
+	 */
+	useTier1Classification?: boolean;
+	/**
+	 * Whether to enable tier 2 ML-based detection.
+	 * Defaults to the project setting.
+	 */
+	useTier2Classification?: boolean;
+}