llm.rb 8.0.0 → 8.1.0

data/lib/llm/providers/bedrock/response_adapter/completion.rb

@@ -0,0 +1,143 @@
+# frozen_string_literal: true
+
+module LLM::Bedrock::ResponseAdapter
+  ##
+  # Adapts Bedrock Converse API completion responses.
+  #
+  # The Bedrock Converse response body looks like:
+  #   {
+  #     "output" => {"message" => {
+  #       "role" => "assistant",
+  #       "content" => [{"text" => "..."}, {"toolUse" => {...}}]
+  #     }},
+  #     "usage" => {"inputTokens" => N, "outputTokens" => N},
+  #     "modelId" => "anthropic.claude-sonnet-4-20250514-v1:0",
+  #     "stopReason" => "end_turn"
+  #   }
+  module Completion
+    ##
+    # (see LLM::Contract::Completion#messages)
+    def messages
+      source = texts.empty? && tools.any? ? [{"text" => ""}] : texts
+      source.map.with_index do |choice, index|
+        extra = {
+          index:, response: self,
+          reasoning_content:,
+          tool_calls: adapt_tool_calls(tools),
+          original_tool_calls: tools
+        }
+        LLM::Message.new(role, choice["text"], extra)
+      end
+    end
+    alias_method :choices, :messages
+
+    ##
+    # Returns the Bedrock request id when present.
+    # @return [String, nil]
+    def id
+      res["x-amzn-requestid"] || res["x-amzn-request-id"]
+    end
+
+    ##
+    # (see LLM::Contract::Completion#input_tokens)
+    def input_tokens
+      body.usage&.inputTokens || 0
+    end
+
+    ##
+    # (see LLM::Contract::Completion#output_tokens)
+    def output_tokens
+      body.usage&.outputTokens || 0
+    end
+
+    ##
+    # (see LLM::Contract::Completion#reasoning_tokens)
+    def reasoning_tokens
+      0
+    end
+
+    ##
+    # (see LLM::Contract::Completion#total_tokens)
+    def total_tokens
+      input_tokens + output_tokens
+    end
+
+    ##
+    # (see LLM::Contract::Completion#usage)
+    def usage
+      super
+    end
+
+    ##
+    # (see LLM::Contract::Completion#model)
+    def model
+      body.modelId
+    end
+
+    ##
+    # (see LLM::Contract::Completion#content)
+    def content
+      super
+    end
+
+    ##
+    # (see LLM::Contract::Completion#reasoning_content)
+    def reasoning_content
+      @reasoning_content ||= begin
+        text = parts.filter_map { _1.dig("reasoningContent", "text") }.join
+        text.empty? ? nil : text
+      end
+    end
+
+    ##
+    # (see LLM::Contract::Completion#content!)
+    def content!
+      super
+    end
+
+    private
+
+    def adapt_tool_calls(tools)
+      (tools || []).filter_map do |tool|
+        next unless tool["toolUse"]
+        {
+          id: tool["toolUse"]["toolUseId"],
+          name: tool["toolUse"]["name"],
+          arguments: parse_tool_input(tool["toolUse"]["input"])
+        }
+      end
+    end
+
+    def parse_tool_input(input)
+      case input
+      when Hash then input
+      when String
+        parsed = LLM.json.load(input)
+        Hash === parsed ? parsed : {}
+      when nil then {}
+      else input.respond_to?(:to_h) ? input.to_h : {}
+      end
+    rescue *LLM.json.parser_error
+      {}
+    end
+
+    def parts
+      raw = body.output&.message&.content || []
+      raw.is_a?(Array) ? raw : [raw].compact
+    end
+
+    def texts
+      @texts ||= parts.select { |b| b["text"] }
+    end
+
+    def tools
+      @tools ||= parts.select { |b| b["toolUse"] }
+    end
+
+    def role
+      body.output&.message&.role || "assistant"
+    end
+
+    include LLM::Contract::Completion
+  end
+end

data/lib/llm/providers/bedrock/response_adapter/models.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module LLM::Bedrock::ResponseAdapter
+  ##
+  # Adapts Bedrock ListFoundationModels API responses to llm.rb's
+  # normalized model collection format.
+  #
+  # The Bedrock ListFoundationModels response looks like:
+  #   {
+  #     "modelSummaries": [{
+  #       "modelId": "anthropic.claude-sonnet-4-20250514-v1:0",
+  #       "modelName": "Claude Sonnet 4",
+  #       "providerName": "Anthropic",
+  #       "inputModalities": ["TEXT", "IMAGE"],
+  #       "outputModalities": ["TEXT"],
+  #       ...
+  #     }]
+  #   }
+  module Models
+    include LLM::Model::Collection
+
+    private
+
+    def raw_models
+      (body.modelSummaries || []).map do |summary|
+        LLM::Object.from({
+          id: summary.modelId,
+          name: summary.modelName,
+          provider_name: summary.providerName
+        })
+      end
+    end
+  end
+end

data/lib/llm/providers/bedrock/response_adapter.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+class LLM::Bedrock
+  ##
+  # Adapts Bedrock Converse API responses to llm.rb's Response format.
+  #
+  # Bedrock Converse returns:
+  #   {
+  #     output: {message: {role: "assistant", content: [{...}, ...]}},
+  #     usage: {inputTokens: N, outputTokens: N},
+  #     modelId: "anthropic.claude-...",
+  #     stopReason: "end_turn" | "tool_use" | "max_tokens" | ...
+  #   }
+  #
+  # @api private
+  module ResponseAdapter
+    module_function
+
+    ##
+    # @param [LLM::Response, Net::HTTPResponse] res
+    # @param [Symbol] type
+    # @return [LLM::Response]
+    def adapt(res, type:)
+      response = (LLM::Response === res) ? res : LLM::Response.new(res)
+      response.extend(select(type))
+    end
+
+    ##
+    # @api private
+    def select(type)
+      case type
+      when :completion then LLM::Bedrock::ResponseAdapter::Completion
+      when :models then LLM::Bedrock::ResponseAdapter::Models
+      else
+        raise ArgumentError,
+              "Unknown response adapter type: #{type.inspect}"
+      end
+    end
+  end
+end

data/lib/llm/providers/bedrock/signature.rb

@@ -0,0 +1,166 @@
+# frozen_string_literal: true
+
+require "digest"
+require "openssl"
+
+class LLM::Bedrock
+  ##
+  # Signs HTTP requests and headers with AWS Signature V4.
+  #
+  # Returns the signed headers as a Hash through #to_h, ready to merge
+  # into a Net::HTTPRequest or other HTTP client. Everything else is
+  # private.
+  #
+  # Uses only Ruby's stdlib (openssl, digest) with no external deps.
+  #
+  # @example
+  #   signature = LLM::Bedrock::Signature.new(
+  #     credentials: LLM::Object.from(
+  #       access_key_id: ENV["AWS_ACCESS_KEY_ID"],
+  #       secret_access_key: ENV["AWS_SECRET_ACCESS_KEY"],
+  #       aws_region: "us-east-1",
+  #       host: "bedrock-runtime.us-east-1.amazonaws.com",
+  #       session_token: nil
+  #     ),
+  #     method: "POST",
+  #     path: "/model/anthropic.claude-3/converse",
+  #     body: '{"messages":[...]}'
+  #   )
+  #   signature.sign!(req)
+  #
+  # @api private
+  class Signature
+    SERVICE = "bedrock"
+
+    ##
+    # @param [LLM::Object] credentials AWS signing credentials and host
+    # @param [String] method HTTP method ("POST", "GET", etc.)
+    # @param [String] path Request path (e.g. "/model/.../converse")
+    # @param [String] body Raw request body
+    # @param [String, nil] query Canonical query string
+    def initialize(credentials:, method:, path:, body:, query: nil)
+      @credentials = credentials
+      @method = method
+      @path = path
+      @query = query
+      @body = body
+    end
+
+    ##
+    # Returns the signed headers as a plain Hash.
+    #
+    # Call this once per request and merge the result into your
+    # HTTP headers. Each call recomputes the signature with the
+    # current time, so call it immediately before sending.
+    #
+    # @return [Hash{String => String}]
+    def to_h
+      now = Time.now.utc
+      amz_date = now.strftime("%Y%m%dT%H%M%SZ")
+      date_stamp = now.strftime("%Y%m%d")
+      payload_hash = Digest::SHA256.hexdigest(@body)
+      headers = {
+        "X-Amz-Date" => amz_date,
+        "X-Amz-Content-Sha256" => payload_hash,
+        "Content-Type" => "application/json",
+        "Host" => @credentials.host
+      }
+      headers["X-Amz-Security-Token"] = @credentials.session_token if @credentials.session_token
+      signed_headers = build_signed_headers
+      canonical_headers = build_canonical_headers(headers, signed_headers)
+      canonical_uri = build_canonical_uri
+      canonical_query = build_canonical_query
+      canonical_request = build_canonical_request(
+        canonical_uri, canonical_query, canonical_headers, signed_headers, payload_hash
+      )
+      credential_scope = "#{date_stamp}/#{@credentials.aws_region}/#{SERVICE}/aws4_request"
+      string_to_sign = build_string_to_sign(
+        amz_date, credential_scope, canonical_request
+      )
+      signing_key = derive_signing_key(date_stamp)
+      signature = OpenSSL::HMAC.hexdigest(
+        "sha256", signing_key, string_to_sign
+      )
+      headers["Authorization"] =
+        "AWS4-HMAC-SHA256 " \
+        "Credential=#{@credentials.access_key_id}/#{credential_scope}, " \
+        "SignedHeaders=#{signed_headers}, Signature=#{signature}"
+      headers
+    end
+
+    ##
+    # @param [Net::HTTPRequest] req
+    # @return [Net::HTTPRequest]
+    def sign!(req)
+      to_h.each { |k, v| req[k] = v }
+      req
+    end
+
+    private
+
+    def build_signed_headers
+      %w[host x-amz-date x-amz-content-sha256].tap do |h|
+        h << "x-amz-security-token" if @credentials.session_token
+        h << "content-type"
+      end.sort.join(";")
+    end
+
+    def build_canonical_headers(headers, signed_headers)
+      headers = headers.transform_keys(&:downcase)
+      signed_headers.split(";").map do |key|
+        "#{key}:#{headers[key].to_s.strip}\n"
+      end.join
+    end
+
+    def build_canonical_uri
+      path = @path
+      return "/" if path.nil? || path.empty?
+      segments = path.split("/", -1).map { |s| uri_encode(s) }
+      canonical = segments.join("/")
+      canonical.start_with?("/") ? canonical : "/#{canonical}"
+    end
+
+    def build_canonical_query
+      return "" if @query.to_s.empty?
+      URI.decode_www_form(@query).sort.map do |key, value|
+        "#{uri_encode(key)}=#{uri_encode(value)}"
+      end.join("&")
+    end
+
+    def build_canonical_request(uri, query, canonical_headers,
+                                signed_headers, payload_hash)
+      [
+        @method,
+        uri,
+        query,
+        canonical_headers,
+        signed_headers,
+        payload_hash
+      ].join("\n")
+    end
+
+    def build_string_to_sign(amz_date, credential_scope, canonical_request)
+      [
+        "AWS4-HMAC-SHA256",
+        amz_date,
+        credential_scope,
+        Digest::SHA256.hexdigest(canonical_request)
+      ].join("\n")
+    end
+
+    def derive_signing_key(date_stamp)
+      k_date = OpenSSL::HMAC.digest(
+        "sha256", "AWS4#{@credentials.secret_access_key}", date_stamp
+      )
+      k_region = OpenSSL::HMAC.digest("sha256", k_date, @credentials.aws_region)
+      k_service = OpenSSL::HMAC.digest("sha256", k_region, SERVICE)
+      OpenSSL::HMAC.digest("sha256", k_service, "aws4_request")
+    end
+
+    def uri_encode(str)
+      URI.encode_www_form_component(str.to_s)
+        .gsub("+", "%20")
+        .gsub("%7E", "~")
+    end
+  end
+end

data/lib/llm/providers/bedrock/stream_decoder.rb

@@ -0,0 +1,140 @@
+# frozen_string_literal: true
+
+require "digest"
+
+class LLM::Bedrock
+  ##
+  # Decodes AWS Event Stream binary frames.
+  #
+  # Bedrock Converse Stream uses the AWS Event Stream protocol,
+  # a binary framing format (not SSE). Each message has:
+  #   - total length (4 bytes, big-endian)
+  #   - headers length (4 bytes, big-endian)
+  #   - prelude CRC (4 bytes)
+  #   - headers (variable)
+  #   - payload (variable, usually JSON)
+  #   - message CRC (4 bytes)
+  #
+  # Implements #<< to match the interface expected by llm.rb's
+  # streaming transport, so it can replace the SSE-based
+  # StreamDecoder when streaming from Bedrock.
+  #
+  # @api private
+  class StreamDecoder
+    ##
+    # @return [LLM::Bedrock::StreamParser]
+    attr_reader :parser
+
+    ##
+    # @param [LLM::Bedrock::StreamParser] parser
+    def initialize(parser)
+      @buffer = +"".b
+      @parser = parser
+    end
+
+    ##
+    # Feeds a raw binary chunk into the decoder.
+    # Accumulates data until complete frames are available,
+    # then decodes them and passes the JSON payload to the parser.
+    #
+    # @param [String] chunk Raw binary data
+    # @return [void]
+    def <<(chunk)
+      @buffer << chunk
+      decode_frames
+    end
+
+    ##
+    # @return [Hash] The fully constructed response body
+    def body
+      parser.body
+    end
+
+    ##
+    # @return [void]
+    def free
+      @buffer.clear
+      parser.free if parser.respond_to?(:free)
+    end
+
+    private
+
+    def decode_frames
+      loop do
+        break if @buffer.bytesize < 12
+        total_length = @buffer[0, 4].unpack1("N")
+        break if @buffer.bytesize < total_length
+        # headers_length = @buffer[4, 4].unpack1("N")
+        # prelude_crc = @buffer[8, 4].unpack1("N")
+        headers = decode_headers
+        payload_start = 12 + headers[:length]
+        payload_length = total_length - payload_start - 4
+        payload = @buffer[payload_start, payload_length] if payload_length > 0
+        # message_crc from last 4 bytes, not needed for our purposes
+        json = payload ? LLM.json.load(payload) : {}
+        parser.parse!(json, event_type: headers[:event_type]) if json.is_a?(Hash)
+        @buffer = @buffer[total_length..] || +"".b
+      end
+    end
+
+    def decode_headers
+      headers_length = @buffer[4, 4].unpack1("N")
+      offset = 12
+      end_offset = offset + headers_length
+      result = {event_type: nil, length: headers_length}
+      while offset < end_offset
+        name_len = @buffer.getbyte(offset)
+        offset += 1
+        break if offset + name_len > end_offset
+        name = @buffer[offset, name_len]
+        offset += name_len
+        break if offset >= end_offset
+        value_type = @buffer.getbyte(offset)
+        offset += 1
+        value = case value_type
+        when 7 # string
+          str_len = @buffer[offset, 2].unpack1("n")
+          offset += 2
+          str = @buffer[offset, str_len]
+          offset += str_len
+          str
+        when 8 # binary
+          bin_len = @buffer[offset, 2].unpack1("n")
+          offset += 2
+          bin = @buffer[offset, bin_len]
+          offset += bin_len
+          bin
+        when 9 # boolean true
+          true
+        when 1 # boolean false
+          false
+        when 2 # byte
+          val = @buffer.getbyte(offset)
+          offset += 1
+          val
+        when 3 # int16
+          val = @buffer[offset, 2].unpack1("s>")
+          offset += 2
+          val
+        when 4 # int32
+          val = @buffer[offset, 4].unpack1("l>")
+          offset += 4
+          val
+        when 6 # byte array (as raw string)
+          bin_len = @buffer[offset, 2].unpack1("n")
+          offset += 2
+          bin = @buffer[offset, bin_len]
+          offset += bin_len
+          bin
+        else
+          # Unknown type, skip to end of headers
+          offset = end_offset
+          nil
+        end
+        result[:event_type] = value if name == ":event-type"
+        result[name] = value if name
+      end
+      result
+    end
+  end
+end