@aictrl/hush 0.1.0 → 0.1.6

package/tests/proxy.test.ts

@@ -0,0 +1,258 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import request from 'supertest';
+import nock from 'nock';
+import { app } from '../src/index';
+
+// Deterministic token for bulat@aictrl.dev (SHA-256 first 6 hex chars)
+const EMAIL_TOKEN = '[USER_EMAIL_f22c5a]';
+
+describe('Hush Proxy E2E Tests', () => {
+
+  beforeEach(() => {
+    nock.cleanAll();
+  });
+
+  afterEach(() => {
+    nock.restore();
+    nock.activate();
+  });
+
+  describe('Anthropic Proxy (/v1/messages)', () => {
+    it('should redact outbound messages and rehydrate inbound results', async () => {
+      // Mock Anthropic API
+      const scope = nock('https://api.anthropic.com')
+        .post('/v1/messages', (body) => {
+          // Verify redaction happened before forwarding
+          return JSON.stringify(body).includes('[USER_EMAIL_');
+        })
+        .reply(200, {
+          id: 'msg_123',
+          content: [{ type: 'text', text: `Hello ${EMAIL_TOKEN}` }]
+        });
+
+      const response = await request(app)
+        .post('/v1/messages')
+        .set('x-api-key', 'test-key')
+        .send({
+          model: 'claude-3-5-sonnet-latest',
+          messages: [{ role: 'user', content: 'My email is bulat@aictrl.dev' }]
+        });
+
+      expect(response.status).toBe(200);
+      // Verify rehydration happened on the way back
+      expect(response.body.content[0].text).toBe('Hello bulat@aictrl.dev');
+      expect(scope.isDone()).toBe(true);
+    });
+
+    it('should handle streaming responses with rehydration', async () => {
+        // 1. Mock the first seeding request
+        nock('https://api.anthropic.com')
+          .post('/v1/messages')
+          .reply(200, {
+            id: 'msg_seed',
+            content: [{ type: 'text', text: 'OK' }]
+          });
+
+        // 2. Mock the second streaming response
+        const streamData = [
+          'data: {"type": "message_start", "message": {"id": "msg_123"}}\n\n',
+          `data: {"type": "content_block_delta", "delta": {"type": "text_delta", "text": "Hello ${EMAIL_TOKEN}"}}\n\n`,
+          'data: {"type": "message_stop"}\n\n'
+        ];
+
+        nock('https://api.anthropic.com')
+          .post('/v1/messages')
+          .reply(200, streamData.join(''), {
+            'Content-Type': 'text/event-stream'
+          });
+
+        // Seed the vault first
+        await request(app)
+          .post('/v1/messages')
+          .set('x-api-key', 'test-key')
+          .send({
+            messages: [{ role: 'user', content: 'bulat@aictrl.dev' }]
+          });
+
+        // Execute streaming request
+        const response = await request(app)
+          .post('/v1/messages')
+          .set('x-api-key', 'test-key')
+          .send({
+            stream: true,
+            messages: [{ role: 'user', content: 'hi' }]
+          });
+
+        expect(response.status).toBe(200);
+        expect(response.text).toContain('Hello bulat@aictrl.dev');
+    });
+  });
+
+  describe('OpenAI Proxy (/v1/chat/completions)', () => {
+    it('should redact and proxy OpenAI requests', async () => {
+      const scope = nock('https://api.openai.com')
+        .post('/v1/chat/completions')
+        .reply(200, {
+          choices: [{ message: { content: `Rehydrated: ${EMAIL_TOKEN}` } }]
+        });
+
+      const response = await request(app)
+        .post('/v1/chat/completions')
+        .set('Authorization', 'Bearer test-token')
+        .send({
+          model: 'gpt-4o',
+          messages: [{ role: 'user', content: 'Email is bulat@aictrl.dev' }]
+        });
+
+      expect(response.status).toBe(200);
+      expect(response.body.choices[0].message.content).toBe('Rehydrated: bulat@aictrl.dev');
+      expect(scope.isDone()).toBe(true);
+    });
+
+    it('should forward upstream error status and body', async () => {
+      nock('https://api.openai.com')
+        .post('/v1/chat/completions')
+        .reply(429, { error: { message: 'Rate limit exceeded' } });
+
+      const response = await request(app)
+        .post('/v1/chat/completions')
+        .set('Authorization', 'Bearer test-token')
+        .send({ model: 'gpt-4o', messages: [{ role: 'user', content: 'hi' }] });
+
+      expect(response.status).toBe(429);
+      expect(JSON.parse(response.text).error.message).toBe('Rate limit exceeded');
+    });
+  });
+
+  describe('ZhipuAI GLM Proxy (/api/paas/v4/chat/completions)', () => {
+    it('should redact PII and proxy GLM-5 requests', async () => {
+      const scope = nock('https://api.z.ai')
+        .post('/api/paas/v4/chat/completions', (body) => {
+          return JSON.stringify(body).includes('[USER_EMAIL_');
+        })
+        .reply(200, {
+          id: 'chatcmpl-glm5-abc123',
+          model: 'glm-5',
+          choices: [{ message: { role: 'assistant', content: `Got it, your email is ${EMAIL_TOKEN}` } }],
+          usage: { prompt_tokens: 15, completion_tokens: 12, total_tokens: 27 }
+        });
+
+      const response = await request(app)
+        .post('/api/paas/v4/chat/completions')
+        .set('Authorization', 'Bearer zhipu-test-key')
+        .send({
+          model: 'glm-5',
+          messages: [{ role: 'user', content: 'My email is bulat@aictrl.dev' }]
+        });
+
+      expect(response.status).toBe(200);
+      expect(response.body.choices[0].message.content).toBe('Got it, your email is bulat@aictrl.dev');
+      expect(scope.isDone()).toBe(true);
+    });
+
+    it('should redact multiple PII types in GLM requests', async () => {
+      const scope = nock('https://api.z.ai')
+        .post('/api/paas/v4/chat/completions', (body) => {
+          const bodyStr = JSON.stringify(body);
+          // Verify ALL PII types were redacted before reaching upstream
+          return bodyStr.includes('[USER_EMAIL_') &&
+                 bodyStr.includes('[NETWORK_IP_') &&
+                 !bodyStr.includes('bulat@aictrl.dev') &&
+                 !bodyStr.includes('192.168.1.100');
+        })
+        .reply(200, {
+          id: 'chatcmpl-glm5-multi',
+          model: 'glm-5',
+          choices: [{ message: { role: 'assistant', content: 'I will not store any of that information.' } }],
+          usage: { prompt_tokens: 30, completion_tokens: 10, total_tokens: 40 }
+        });
+
+      const response = await request(app)
+        .post('/api/paas/v4/chat/completions')
+        .set('Authorization', 'Bearer zhipu-test-key')
+        .send({
+          model: 'glm-5',
+          messages: [{ role: 'user', content: 'Server bulat@aictrl.dev is at 192.168.1.100' }]
+        });
+
+      expect(response.status).toBe(200);
+      expect(scope.isDone()).toBe(true);
+    });
+
+    it('should handle GLM streaming responses with rehydration', async () => {
+      // 1. Seed the vault via a non-streaming request
+      nock('https://api.z.ai')
+        .post('/api/paas/v4/chat/completions')
+        .reply(200, {
+          id: 'chatcmpl-glm5-seed',
+          model: 'glm-5',
+          choices: [{ message: { content: 'OK' } }]
+        });
+
+      // 2. Mock streaming response that echoes back the token
+      const streamData = [
+        `data: {"id":"chatcmpl-glm5-stream","model":"glm-5","choices":[{"delta":{"content":"Hello ${EMAIL_TOKEN}"}}]}\n\n`,
+        'data: [DONE]\n\n'
+      ];
+
+      nock('https://api.z.ai')
+        .post('/api/paas/v4/chat/completions')
+        .reply(200, streamData.join(''), {
+          'Content-Type': 'text/event-stream'
+        });
+
+      // Seed the vault
+      await request(app)
+        .post('/api/paas/v4/chat/completions')
+        .set('Authorization', 'Bearer zhipu-test-key')
+        .send({
+          model: 'glm-5',
+          messages: [{ role: 'user', content: 'bulat@aictrl.dev' }]
+        });
+
+      // Execute streaming request
+      const response = await request(app)
+        .post('/api/paas/v4/chat/completions')
+        .set('Authorization', 'Bearer zhipu-test-key')
+        .send({
+          stream: true,
+          model: 'glm-5',
+          messages: [{ role: 'user', content: 'hi' }]
+        });
+
+      expect(response.status).toBe(200);
+      expect(response.text).toContain('Hello bulat@aictrl.dev');
+    });
+
+    it('should forward GLM upstream errors', async () => {
+      nock('https://api.z.ai')
+        .post('/api/paas/v4/chat/completions')
+        .reply(429, { error: { message: 'Rate limit exceeded', code: '1261' } });
+
+      const response = await request(app)
+        .post('/api/paas/v4/chat/completions')
+        .set('Authorization', 'Bearer zhipu-test-key')
+        .send({ model: 'glm-5', messages: [{ role: 'user', content: 'hi' }] });
+
+      expect(response.status).toBe(429);
+      expect(JSON.parse(response.text).error.message).toBe('Rate limit exceeded');
+    });
+
+    it('should reject requests without Authorization header', async () => {
+      const response = await request(app)
+        .post('/api/paas/v4/chat/completions')
+        .send({ model: 'glm-5', messages: [{ role: 'user', content: 'hi' }] });
+
+      expect(response.status).toBe(401);
+      expect(response.body.error).toBe('Missing ZhipuAI Authorization');
+    });
+  });
+
+  describe('Health Check', () => {
+    it('should return running status', async () => {
+      const response = await request(app).get('/health');
+      expect(response.status).toBe(200);
+      expect(response.body.status).toBe('running');
+    });
+  });
+});

package/tests/redaction.test.ts

@@ -0,0 +1,102 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { Redactor } from '../src/middleware/redactor';
+import { TokenVault } from '../src/vault/token-vault';
+
+describe('Semantic Security Flow (Redaction + Rehydration)', () => {
+  let redactor: Redactor;
+  let vault: TokenVault;
+
+  beforeEach(() => {
+    redactor = new Redactor();
+    vault = new TokenVault();
+  });
+
+  it('should redact common PII types from tool arguments', () => {
+    const args = {
+      email: 'user@example.com',
+      ipv4: '192.168.1.1',
+      ipv6: '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
+      config: {
+        apiKey: 'sk-1234567890abcdef12345',
+        secretToken: 'very-secret-string-of-length-32'
+      },
+      message: 'Contact me at support@company.org or visit 10.0.0.1'
+    };
+
+    const { content, hasRedacted, tokens } = redactor.redact(args);
+
+    expect(hasRedacted).toBe(true);
+    expect(content.email).toMatch(/^\[USER_EMAIL_[a-f0-9]{6}\]$/);
+    expect(content.ipv4).toMatch(/^\[NETWORK_IP_[a-f0-9]{6}\]$/);
+    expect(content.ipv6).toMatch(/^\[NETWORK_IP_V6_[a-f0-9]{6}\]$/);
+    expect(content.config.apiKey).toMatch(/\[SENSITIVE_SECRET_[a-f0-9]{6}\]/);
+    expect(content.config.secretToken).toMatch(/\[SENSITIVE_SECRET_[a-f0-9]{6}\]/);
+    expect(content.message).toMatch(/\[USER_EMAIL_[a-f0-9]{6}\]/);
+    expect(content.message).toMatch(/\[NETWORK_IP_[a-f0-9]{6}\]/);
+    expect(tokens.size).toBe(7);
+  });
+
+  it('should redact credit card numbers', () => {
+    const input = 'My card is 4111-1111-1111-1111 and it expires soon';
+    const { content, hasRedacted } = redactor.redact(input);
+
+    expect(hasRedacted).toBe(true);
+    expect(content).toMatch(/My card is \[PAYMENT_CARD_[a-f0-9]{6}\] and it expires soon/);
+  });
+
+  it('should redact phone numbers including complex formats', () => {
+    const input = 'Call me at 555-010-0199 or +1 (555) 123-4567. UK: +44 20 7946 0958';
+    const { content, hasRedacted } = redactor.redact(input);
+
+    expect(hasRedacted).toBe(true);
+    expect(content).toMatch(/\[PHONE_NUMBER_[a-f0-9]{6}\]/);
+  });
+
+  it('should not redact numeric IDs that look like partial phones', () => {
+    const input = 'User ID: 12345678, Version: 1.0-alpha';
+    const { hasRedacted } = redactor.redact(input);
+
+    expect(hasRedacted).toBe(false);
+  });
+
+  it('should re-hydrate redacted content accurately using the vault', () => {
+    const rawArgs = {
+      user: 'bulat@aictrl.dev',
+      key: 'api-key: super-secret-key-12345'
+    };
+
+    // 1. Redact outbound (to LLM/Server)
+    const { content: redacted, tokens } = redactor.redact(rawArgs);
+    vault.saveTokens(tokens);
+
+    expect(redacted.user).toMatch(/^\[USER_EMAIL_[a-f0-9]{6}\]$/);
+    expect(redacted.key).toMatch(/\[SENSITIVE_SECRET_[a-f0-9]{6}\]/);
+
+    // 2. Simulate result containing tokens coming back
+    const resultWithTokens = {
+      status: 'Success',
+      log: `Processing request for ${redacted.user} with key ${redacted.key.match(/\[SENSITIVE_SECRET_[a-f0-9]{6}\]/)![0]}`
+    };
+
+    // 3. Re-hydrate locally for developer visibility
+    const finalResult = vault.rehydrate(resultWithTokens);
+
+    expect(finalResult.log).toBe('Processing request for bulat@aictrl.dev with key super-secret-key-12345');
+  });
+
+  it('should produce deterministic tokens for the same input', () => {
+    const { content: first } = redactor.redact('email: test@foo.com');
+    const { content: second } = redactor.redact('email: test@foo.com');
+
+    // Same input → same hash → same token
+    expect(first).toBe(second);
+  });
+
+  it('should handle non-object inputs gracefully', () => {
+    const input = 'Call 192.168.0.1';
+    const { content, hasRedacted } = redactor.redact(input);
+
+    expect(hasRedacted).toBe(true);
+    expect(content).toMatch(/^Call \[NETWORK_IP_[a-f0-9]{6}\]$/);
+  });
+});

package/tests/universal-proxy.test.ts

@@ -0,0 +1,160 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import request from 'supertest';
+import nock from 'nock';
+import { app } from '../src/index';
+
+describe('Universal Proxy Mode', () => {
+  beforeEach(() => {
+    nock.cleanAll();
+  });
+
+  afterEach(() => {
+    nock.restore();
+    nock.activate();
+  });
+
+  describe('Method-agnostic proxyRequest', () => {
+    it('should forward GET requests without a body', async () => {
+      const scope = nock('https://api.anthropic.com')
+        .get('/v1/models')
+        .reply(200, { models: ['claude-3'] });
+
+      // GET /v1/models is not a known route, so it hits the catch-all.
+      // We need HUSH_UPSTREAM set to Anthropic for this test, but since
+      // env is already set at module load, we test via the catch-all going to Google.
+      // Instead, test via a known route that we can mock as GET — but existing
+      // routes are POST only. So let's test via catch-all to Google.
+      const scope2 = nock('https://generativelanguage.googleapis.com')
+        .get('/v1/some-endpoint')
+        .reply(200, { result: 'ok' });
+
+      const response = await request(app)
+        .get('/v1/some-endpoint');
+
+      expect(response.status).toBe(200);
+      expect(response.body.result).toBe('ok');
+      expect(scope2.isDone()).toBe(true);
+    });
+
+    it('should forward DELETE requests without a body', async () => {
+      const scope = nock('https://generativelanguage.googleapis.com')
+        .delete('/v1/some-resource/123')
+        .reply(200, { deleted: true });
+
+      const response = await request(app)
+        .delete('/v1/some-resource/123');
+
+      expect(response.status).toBe(200);
+      expect(response.body.deleted).toBe(true);
+      expect(scope.isDone()).toBe(true);
+    });
+
+    it('should forward PUT requests with body and redaction', async () => {
+      const scope = nock('https://generativelanguage.googleapis.com')
+        .put('/v1/some-resource/123', (body) => {
+          // Verify email was redacted
+          return JSON.stringify(body).includes('[USER_EMAIL_');
+        })
+        .reply(200, { updated: true });
+
+      const response = await request(app)
+        .put('/v1/some-resource/123')
+        .send({ data: 'Contact me at bulat@aictrl.dev' });
+
+      expect(response.status).toBe(200);
+      expect(response.body.updated).toBe(true);
+      expect(scope.isDone()).toBe(true);
+    });
+  });
+
+  describe('Auth header passthrough', () => {
+    it('should forward Authorization header through catch-all', async () => {
+      const scope = nock('https://generativelanguage.googleapis.com', {
+        reqheaders: {
+          'Authorization': 'Bearer my-secret-token',
+        },
+      })
+        .get('/v1/some-protected')
+        .reply(200, { access: 'granted' });
+
+      const response = await request(app)
+        .get('/v1/some-protected')
+        .set('Authorization', 'Bearer my-secret-token');
+
+      expect(response.status).toBe(200);
+      expect(response.body.access).toBe('granted');
+      expect(scope.isDone()).toBe(true);
+    });
+
+    it('should forward x-api-key header through catch-all', async () => {
+      const scope = nock('https://generativelanguage.googleapis.com', {
+        reqheaders: {
+          'x-api-key': 'sk-ant-test-key',
+        },
+      })
+        .get('/v1/some-api')
+        .reply(200, { ok: true });
+
+      const response = await request(app)
+        .get('/v1/some-api')
+        .set('x-api-key', 'sk-ant-test-key');
+
+      expect(response.status).toBe(200);
+      expect(scope.isDone()).toBe(true);
+    });
+  });
+
+  describe('Catch-all with redaction', () => {
+    it('should redact PII in catch-all POST requests', async () => {
+      const scope = nock('https://generativelanguage.googleapis.com')
+        .post('/v1/unknown-endpoint', (body) => {
+          const bodyStr = JSON.stringify(body);
+          return bodyStr.includes('[USER_EMAIL_') && !bodyStr.includes('bulat@aictrl.dev');
+        })
+        .reply(200, { processed: true });
+
+      const response = await request(app)
+        .post('/v1/unknown-endpoint')
+        .send({ message: 'Email me at bulat@aictrl.dev' });
+
+      expect(response.status).toBe(200);
+      expect(response.body.processed).toBe(true);
+      expect(scope.isDone()).toBe(true);
+    });
+
+    it('should rehydrate tokens in catch-all responses', async () => {
+      // First, seed the vault via a known route
+      nock('https://api.anthropic.com')
+        .post('/v1/messages')
+        .reply(200, {
+          id: 'msg_seed',
+          content: [{ type: 'text', text: 'OK' }],
+        });
+
+      await request(app)
+        .post('/v1/messages')
+        .set('x-api-key', 'test-key')
+        .send({ messages: [{ role: 'user', content: 'bulat@aictrl.dev' }] });
+
+      // Now test catch-all rehydration
+      nock('https://generativelanguage.googleapis.com')
+        .post('/v1/custom-endpoint')
+        .reply(200, { response: 'Your email is [USER_EMAIL_f22c5a]' });
+
+      const response = await request(app)
+        .post('/v1/custom-endpoint')
+        .send({ query: 'what is my email?' });
+
+      expect(response.status).toBe(200);
+      expect(response.body.response).toBe('Your email is bulat@aictrl.dev');
+    });
+  });
+
+  describe('Health check unaffected', () => {
+    it('should still return health status', async () => {
+      const response = await request(app).get('/health');
+      expect(response.status).toBe(200);
+      expect(response.body.status).toBe('running');
+    });
+  });
+});

package/tests/vault.test.ts

@@ -0,0 +1,73 @@
+import { describe, it, expect, vi } from 'vitest';
+import { TokenVault } from '../src/vault/token-vault';
+
+describe('TokenVault TTL and Pruning', () => {
+  it('should expire tokens after TTL', async () => {
+    // Set a very short TTL: 100ms
+    const vault = new TokenVault(100);
+    const tokens = new Map([['[TOKEN_1]', 'secret-value']]);
+
+    vault.saveTokens(tokens);
+    expect(vault.get('[TOKEN_1]')).toBe('secret-value');
+
+    // Fast-forward time by 150ms
+    vi.useFakeTimers();
+    vi.advanceTimersByTime(150);
+
+    // Pruning happens during the next save
+    vault.saveTokens(new Map([['[TOKEN_2]', 'other-value']]));
+
+    expect(vault.get('[TOKEN_1]')).toBeUndefined();
+    expect(vault.get('[TOKEN_2]')).toBe('other-value');
+    
+    vi.useRealTimers();
+  });
+
+  it('should rehydrate using non-expired tokens', () => {
+    const vault = new TokenVault(1000);
+    const tokens = new Map([['[TOKEN_1]', 'bulat@aictrl.dev']]);
+    vault.saveTokens(tokens);
+
+    const input = 'Hello [TOKEN_1]';
+    expect(vault.rehydrate(input)).toBe('Hello bulat@aictrl.dev');
+  });
+});
+
+describe('StreamingRehydrator', () => {
+  it('should rehydrate tokens split across chunks', () => {
+    const vault = new TokenVault();
+    vault.saveTokens(new Map([['[HUSH_EML_1234]', 'test@example.com']]));
+    
+    const rehydrator = vault.createStreamingRehydrator();
+    
+    // Chunk 1: Ends mid-token
+    const chunk1 = 'My email is [HUSH_E';
+    expect(rehydrator(chunk1)).toBe('My email is ');
+
+    // Chunk 2: Completes token and adds more text
+    const chunk2 = 'ML_1234] and more.';
+    expect(rehydrator(chunk2)).toBe('test@example.com and more.');
+  });
+
+  it('should handle multiple tokens and partial starts', () => {
+    const vault = new TokenVault();
+    vault.saveTokens(new Map([
+      ['[HUSH_SEC_1]', 'secret-1'],
+      ['[HUSH_SEC_2]', 'secret-2']
+    ]));
+
+    const rehydrator = vault.createStreamingRehydrator();
+
+    expect(rehydrator('Part 1: [HU')).toBe('Part 1: ');
+    expect(rehydrator('SH_SEC_1] and [')).toBe('secret-1 and ');
+    expect(rehydrator('HUSH_SEC_2] done.')).toBe('secret-2 done.');
+  });
+
+  it('should release non-token text immediately', () => {
+    const vault = new TokenVault();
+    const rehydrator = vault.createStreamingRehydrator();
+
+    expect(rehydrator('Hello World. ')).toBe('Hello World. ');
+    expect(rehydrator('No tokens here.')).toBe('No tokens here.');
+  });
+});

package/tsconfig.json

@@ -0,0 +1,25 @@
+{
+  "compilerOptions": {
+    "module": "nodenext",
+    "target": "esnext",
+    "rootDir": "src",
+    "outDir": "dist",
+    "lib": ["esnext"],
+    "types": ["node"],
+
+    "sourceMap": true,
+    "declaration": true,
+    "declarationMap": true,
+
+    "noUncheckedIndexedAccess": true,
+
+    "strict": true,
+    "verbatimModuleSyntax": true,
+    "isolatedModules": true,
+    "noUncheckedSideEffectImports": true,
+    "moduleDetection": "force",
+    "skipLibCheck": true,
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "tests"]
+}

package/vitest.config.ts

@@ -0,0 +1,12 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    globals: true,
+    environment: 'node',
+    coverage: {
+      reporter: ['text', 'json', 'html', 'json-summary'],
+      exclude: ['node_modules', 'dist', 'tests'],
+    },
+  },
+});