@blackbelt-technology/pi-agent-dashboard 0.5.0 → 0.5.2

package/packages/server/src/model-proxy/convert/openai-out.ts

@@ -0,0 +1,151 @@
+/* Lifted from BlackBeltTechnology/pi-model-proxy@179d450, MIT licensed.
+ * See model-proxy/convert/UPSTREAM.md for divergences.
+ */
+
+/**
+ * Track tool call indices across the stream for proper multi-tool-call support.
+ */
+export class ToolCallIndexTracker {
+  private idToIndex = new Map<string, number>();
+  private nextIndex = 0;
+
+  getIndex(toolCallId: string): number {
+    if (!this.idToIndex.has(toolCallId)) {
+      this.idToIndex.set(toolCallId, this.nextIndex++);
+    }
+    return this.idToIndex.get(toolCallId)!;
+  }
+
+  getIndexByContentIndex(contentIndex: number, partialContent: any[]): number {
+    const item = partialContent[contentIndex];
+    if (item?.type === "toolCall" && item.id) {
+      return this.getIndex(item.id);
+    }
+    return 0;
+  }
+}
+
+/**
+ * Convert a single pi-ai event to OpenAI SSE chunk strings.
+ */
+export function eventToSSEChunks(
+  event: any, // pi-ai AssistantMessageEvent
+  model: string,
+  msgId: string,
+  tracker: ToolCallIndexTracker,
+): string[] {
+  const chunks: string[] = [];
+
+  const makeChunk = (delta: any, finishReason: string | null = null, usage?: any) => {
+    const chunk: any = {
+      id: `chatcmpl-${msgId}`,
+      object: "chat.completion.chunk",
+      created: Math.floor(Date.now() / 1000),
+      model,
+      choices: [{ index: 0, delta, finish_reason: finishReason }],
+    };
+    if (usage) chunk.usage = usage;
+    return `data: ${JSON.stringify(chunk)}\n\n`;
+  };
+
+  switch (event.type) {
+    case "start":
+      chunks.push(makeChunk({ role: "assistant" }));
+      break;
+
+    case "text_delta":
+      chunks.push(makeChunk({ content: event.delta }));
+      break;
+
+    case "thinking_delta":
+      chunks.push(makeChunk({ reasoning_content: event.delta }));
+      break;
+
+    case "toolcall_start": {
+      const tc = event.partial.content[event.contentIndex];
+      const idx = tracker.getIndex(tc.id);
+      chunks.push(makeChunk({
+        tool_calls: [{
+          index: idx,
+          id: tc.id,
+          type: "function",
+          function: { name: tc.name, arguments: "" },
+        }],
+      }));
+      break;
+    }
+
+    case "toolcall_delta": {
+      const idx = tracker.getIndexByContentIndex(event.contentIndex, event.partial.content);
+      chunks.push(makeChunk({
+        tool_calls: [{
+          index: idx,
+          function: { arguments: event.delta },
+        }],
+      }));
+      break;
+    }
+
+    case "done": {
+      const msg = event.message;
+      const finishReason = msg.stopReason === "toolUse" ? "tool_calls"
+        : msg.stopReason === "length" ? "length"
+          : "stop";
+      const usage = {
+        prompt_tokens: msg.usage.input,
+        completion_tokens: msg.usage.output,
+        total_tokens: msg.usage.input + msg.usage.output,
+      };
+      chunks.push(makeChunk({}, finishReason, usage));
+      chunks.push("data: [DONE]\n\n");
+      break;
+    }
+
+    case "error":
+      chunks.push(makeChunk({}, "stop"));
+      chunks.push("data: [DONE]\n\n");
+      break;
+  }
+
+  return chunks;
+}
+
+/**
+ * Convert a completed pi-ai AssistantMessage to a non-streaming OpenAI response.
+ */
+export function eventToNonStreamingResponse(finalMsg: any, model: string, msgId: string): any {
+  const textParts = finalMsg.content.filter((c: any) => c.type === "text");
+  const toolCalls = finalMsg.content.filter((c: any) => c.type === "toolCall");
+
+  const message: any = {
+    role: "assistant",
+    content: textParts.map((t: any) => t.text).join("") || null,
+  };
+
+  if (toolCalls.length > 0) {
+    message.tool_calls = toolCalls.map((tc: any) => ({
+      id: tc.id,
+      type: "function",
+      function: { name: tc.name, arguments: JSON.stringify(tc.arguments) },
+    }));
+  }
+
+  return {
+    id: `chatcmpl-${msgId}`,
+    object: "chat.completion",
+    created: Math.floor(Date.now() / 1000),
+    model,
+    choices: [{
+      index: 0,
+      message,
+      finish_reason: finalMsg.stopReason === "toolUse" ? "tool_calls"
+        : finalMsg.stopReason === "length" ? "length"
+          : "stop",
+    }],
+    usage: {
+      prompt_tokens: finalMsg.usage.input,
+      completion_tokens: finalMsg.usage.output,
+      total_tokens: finalMsg.usage.input + finalMsg.usage.output,
+    },
+  };
+}

package/packages/server/src/model-proxy/convert/types.ts

@@ -0,0 +1,70 @@
+/* Lifted from BlackBeltTechnology/pi-model-proxy@179d450, MIT licensed.
+ * See model-proxy/convert/UPSTREAM.md for divergences.
+ *
+ * Local type definitions mirroring upstream's types.ts for the convert/ module.
+ * These types are used by the converter functions and map to the wire protocol
+ * types in rest-api.ts. Pi-ai types are referenced via `any` since pi-ai is
+ * runtime-resolved.
+ */
+
+// ── OpenAI types ────────────────────────────────────────────────────────────
+
+export interface OpenAIMessage {
+  role: "system" | "user" | "assistant" | "tool";
+  content: string | OpenAIContentPart[] | null;
+  tool_calls?: OpenAIToolCall[];
+  tool_call_id?: string;
+  name?: string;
+}
+
+export interface OpenAIContentPart {
+  type: "text" | "image_url";
+  text?: string;
+  image_url?: { url: string };
+}
+
+export interface OpenAIToolCall {
+  id: string;
+  type: "function";
+  function: { name: string; arguments: string };
+}
+
+export interface OpenAITool {
+  type: "function";
+  function: {
+    name: string;
+    description?: string;
+    parameters?: any;
+  };
+}
+
+// ── Anthropic types ─────────────────────────────────────────────────────────
+
+export interface AnthropicMessagesRequest {
+  model?: string;
+  messages: AnthropicMessage[];
+  system?: string | AnthropicContentBlock[];
+  max_tokens: number;
+  temperature?: number;
+  stream?: boolean;
+  tools?: AnthropicTool[];
+  tool_choice?: any;
+}
+
+export interface AnthropicMessage {
+  role: "user" | "assistant";
+  content: string | AnthropicContentBlock[];
+}
+
+export type AnthropicContentBlock =
+  | { type: "text"; text: string; [key: string]: any }
+  | { type: "image"; source: { type: "base64"; media_type: string; data: string }; [key: string]: any }
+  | { type: "tool_use"; id: string; name: string; input: Record<string, any>; [key: string]: any }
+  | { type: "tool_result"; tool_use_id: string; content?: string | { type: "text"; text: string }[]; is_error?: boolean; [key: string]: any }
+  | { type: "thinking"; thinking: string; [key: string]: any };
+
+export interface AnthropicTool {
+  name: string;
+  description?: string;
+  input_schema: any;
+}

package/packages/server/src/model-proxy/failed-auth-backoff.ts

@@ -0,0 +1,45 @@
+/**
+ * Per-source-IP exponential backoff for failed proxy auth attempts.
+ *
+ * Doubles from 10ms, caps at 10s. Resets on successful auth.
+ * In-memory only — does not survive dashboard restart.
+ *
+ * See change: add-dashboard-model-proxy.
+ */
+
+interface BackoffEntry {
+  count: number;
+  lastFailureAt: number;
+}
+
+const BASE_DELAY_MS = 10;
+const MAX_DELAY_MS = 10_000;
+
+export class FailedAuthBackoff {
+  private entries = new Map<string, BackoffEntry>();
+
+  /** Record a failure. Returns the current delay in ms. */
+  record(ip: string): number {
+    const existing = this.entries.get(ip);
+    const count = (existing?.count ?? 0) + 1;
+    this.entries.set(ip, { count, lastFailureAt: Date.now() });
+    return this.computeDelay(count);
+  }
+
+  /** Reset on successful auth. */
+  reset(ip: string): void {
+    this.entries.delete(ip);
+  }
+
+  /** Get current delay without mutation. Returns 0 if no failures recorded. */
+  getDelayMs(ip: string): number {
+    const entry = this.entries.get(ip);
+    if (!entry) return 0;
+    return this.computeDelay(entry.count);
+  }
+
+  private computeDelay(count: number): number {
+    const delay = BASE_DELAY_MS * Math.pow(2, count - 1);
+    return Math.min(delay, MAX_DELAY_MS);
+  }
+}

package/packages/server/src/model-proxy/internal-auth-storage.ts

@@ -0,0 +1,146 @@
+/**
+ * Server-resident auth storage for the model proxy.
+ *
+ * Reads credentials from ~/.pi/agent/auth.json via provider-auth-storage.ts.
+ * For OAuth providers, handles token refresh when expired and persists
+ * the new token via the existing writeCredential writer (single-writer contract).
+ *
+ * See change: add-dashboard-model-proxy, design §1.
+ */
+import {
+  readAuthJson,
+  writeCredential,
+  type AuthData,
+  type AuthCredential,
+  type OAuthCredential,
+} from "../provider-auth-storage.js";
+
+/** Minimal pi-ai OAuth module surface (runtime-resolved from pi-ai/oauth). */
+export interface PiAiOAuthModule {
+  getOAuthProvider: (id: string) => { refreshToken: (creds: any) => Promise<any> } | undefined;
+  refreshOAuthToken: (providerId: string, credentials: any) => Promise<any>;
+}
+
+/** OAuth provider ID mapping — pi uses these internal IDs for auth.json keys. */
+const OAUTH_PROVIDER_MAP: Record<string, string> = {
+  anthropic: "anthropic",
+  "openai-codex": "openai-codex",
+  "github-copilot": "github-copilot",
+};
+
+/** Buffer before expiry to trigger preemptive refresh (30s). */
+const REFRESH_BUFFER_MS = 30_000;
+
+export class InternalAuthStorage {
+  private oauthModule: PiAiOAuthModule | null;
+  private cachedAuth: AuthData | null = null;
+  /** Serializes concurrent refresh attempts per provider. */
+  private refreshLocks = new Map<string, Promise<OAuthCredential>>();
+
+  constructor(oauthModule: PiAiOAuthModule | null) {
+    this.oauthModule = oauthModule;
+  }
+
+  async getApiKeyAndHeaders(
+    model: any,
+  ): Promise<{ apiKey: string; headers: Record<string, string> }> {
+    const auth = this.getAuth();
+    const cred = auth[model.provider];
+    if (!cred) {
+      throw new Error(`No credentials for provider "${model.provider}"`);
+    }
+
+    const modelHeaders = model.headers ?? {};
+
+    if (cred.type === "api_key") {
+      return { apiKey: cred.key, headers: { ...modelHeaders } };
+    }
+
+    if (cred.type === "oauth") {
+      const oauthCred = await this.ensureFreshOAuth(model.provider, cred);
+      return { apiKey: oauthCred.access, headers: { ...modelHeaders } };
+    }
+
+    throw new Error(`Unknown credential type for provider "${model.provider}"`);
+  }
+
+  async reload(): Promise<void> {
+    this.cachedAuth = null;
+  }
+
+  // ── Private ─────────────────────────────────────────────────────────
+
+  private getAuth(): AuthData {
+    if (!this.cachedAuth) {
+      this.cachedAuth = readAuthJson();
+    }
+    return this.cachedAuth;
+  }
+
+  private async ensureFreshOAuth(
+    provider: string,
+    cred: OAuthCredential,
+  ): Promise<OAuthCredential> {
+    const now = Date.now();
+    if (cred.expires && cred.expires > now + REFRESH_BUFFER_MS) {
+      return cred;
+    }
+
+    // Serialize concurrent refreshes for the same provider
+    const existing = this.refreshLocks.get(provider);
+    if (existing) return existing;
+
+    const refreshPromise = this.refreshOAuth(provider, cred);
+    this.refreshLocks.set(provider, refreshPromise);
+    try {
+      return await refreshPromise;
+    } finally {
+      this.refreshLocks.delete(provider);
+    }
+  }
+
+  private async refreshOAuth(
+    provider: string,
+    cred: OAuthCredential,
+  ): Promise<OAuthCredential> {
+    if (!this.oauthModule) {
+      throw new Error(`OAuth refresh needed for "${provider}" but pi-ai oauth module unavailable`);
+    }
+
+    const oauthId = OAUTH_PROVIDER_MAP[provider] ?? provider;
+    let refreshed: any;
+
+    // Try provider-specific refresh via getOAuthProvider
+    const oauthProvider = this.oauthModule.getOAuthProvider(oauthId);
+    if (oauthProvider?.refreshToken) {
+      refreshed = await oauthProvider.refreshToken({
+        accessToken: cred.access,
+        refreshToken: cred.refresh,
+        expiresAt: cred.expires,
+      });
+    } else {
+      // Fall back to generic refreshOAuthToken
+      refreshed = await this.oauthModule.refreshOAuthToken(oauthId, {
+        accessToken: cred.access,
+        refreshToken: cred.refresh,
+        expiresAt: cred.expires,
+      });
+    }
+
+    // Map refreshed credentials back to storage format
+    const newCred: OAuthCredential = {
+      type: "oauth",
+      refresh: refreshed.refreshToken ?? cred.refresh,
+      access: refreshed.accessToken ?? refreshed.access ?? cred.access,
+      expires: refreshed.expiresAt ?? refreshed.expires ?? Date.now() + 3600_000,
+    };
+
+    // Persist via existing single-writer path
+    writeCredential(provider, newCred);
+
+    // Invalidate cache so next read picks up the new token
+    this.cachedAuth = null;
+
+    return newCred;
+  }
+}

package/packages/server/src/model-proxy/internal-registry.ts

@@ -0,0 +1,157 @@
+/**
+ * Server-resident model registry built on pi-ai primitives.
+ *
+ * Composes pi-ai's built-in providers with custom providers (~/.pi/agent/providers.json),
+ * custom models (~/.pi/agent/models.json), and auth state (~/.pi/agent/auth.json).
+ * Only models whose provider has valid auth are exposed.
+ *
+ * See change: add-dashboard-model-proxy, design §1.
+ */
+import type { InternalAuthStorage } from "./internal-auth-storage.js";
+
+/**
+ * Minimal surface expected from the pi-ai module (runtime-resolved).
+ * Using `any` for Model<Api> since pi-ai types are not available at compile time.
+ */
+export interface PiAiModule {
+  registerBuiltInApiProviders: () => void;
+  getModels: (provider: string) => any[];
+  getProviders: () => string[];
+  getModel: (provider: string, modelId: string) => any;
+  registerApiProvider: (provider: any, sourceId?: string) => void;
+  unregisterApiProviders: (sourceId: string) => void;
+  streamSimple: (model: any, context: any, options?: any) => AsyncIterable<any>;
+}
+
+export interface CustomProviderEntry {
+  baseUrl: string;
+  apiKey: string;
+  api?: string;
+}
+
+export interface CustomModelEntry {
+  id: string;
+  provider: string;
+  api?: string;
+  baseUrl?: string;
+  contextWindow?: number;
+  maxTokens?: number;
+  reasoning?: boolean;
+  cost?: { input: number; output: number; cacheRead?: number; cacheWrite?: number };
+  input?: string[];
+  headers?: Record<string, string>;
+}
+
+export interface InternalRegistryDeps {
+  readProviders: () => Record<string, CustomProviderEntry>;
+  readModels: () => CustomModelEntry[];
+  readAuth: () => Record<string, any>;
+}
+
+export class InternalRegistry {
+  private piAi: PiAiModule;
+  private authStorage: InternalAuthStorage;
+  private deps: InternalRegistryDeps;
+  private cachedModels: any[] | null = null;
+  private cachedAllModels: any[] | null = null;
+
+  constructor(piAi: PiAiModule, authStorage: InternalAuthStorage, deps: InternalRegistryDeps) {
+    this.piAi = piAi;
+    this.authStorage = authStorage;
+    this.deps = deps;
+    // Ensure built-in providers are registered
+    this.piAi.registerBuiltInApiProviders();
+  }
+
+  /**
+   * Models with valid auth (api_key or oauth) in auth.json.
+   */
+  async getAvailable(): Promise<any[]> {
+    if (this.cachedModels) return this.cachedModels;
+    const all = this.getAllModels();
+    const auth = this.deps.readAuth();
+    const filtered = all.filter((m: any) => this.hasAuth(m.provider, auth));
+    this.cachedModels = filtered;
+    return filtered;
+  }
+
+  async find(provider: string, modelId: string): Promise<any | null> {
+    const available = await this.getAvailable();
+    return available.find((m: any) => m.provider === provider && m.id === modelId) ?? null;
+  }
+
+  async getApiKeyAndHeaders(model: any): Promise<{ apiKey: string; headers: Record<string, string> }> {
+    return this.authStorage.getApiKeyAndHeaders(model);
+  }
+
+  async refresh(): Promise<void> {
+    this.cachedModels = null;
+    this.cachedAllModels = null;
+    await this.authStorage.reload();
+  }
+
+  /** All models regardless of auth state (diagnostics). */
+  getAll(): any[] {
+    return this.getAllModels();
+  }
+
+  // ── Private ─────────────────────────────────────────────────────────
+
+  private getAllModels(): any[] {
+    if (this.cachedAllModels) return this.cachedAllModels;
+
+    const models: any[] = [];
+
+    // 1. Built-in models from pi-ai
+    for (const provider of this.piAi.getProviders()) {
+      try {
+        models.push(...this.piAi.getModels(provider));
+      } catch {
+        // Provider may not have models registered
+      }
+    }
+
+    // 2. Custom provider models — register providers from providers.json
+    const customProviders = this.deps.readProviders();
+    for (const [name, entry] of Object.entries(customProviders)) {
+      // Custom providers are already in providers.json; models from them
+      // are added via models.json (step 3). The baseUrl/api is used when
+      // the model references this provider.
+    }
+
+    // 3. Custom models from models.json
+    const customModels = this.deps.readModels();
+    for (const cm of customModels) {
+      // Look up base URL from custom providers if available
+      const providerEntry = customProviders[cm.provider];
+      const baseUrl = cm.baseUrl || providerEntry?.baseUrl || "";
+      const api = cm.api || providerEntry?.api || "openai-completions";
+
+      const model: any = {
+        id: cm.id,
+        name: cm.id,
+        api,
+        provider: cm.provider,
+        baseUrl,
+        reasoning: cm.reasoning ?? false,
+        input: cm.input ?? ["text"],
+        cost: cm.cost ?? { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+        contextWindow: cm.contextWindow ?? 128000,
+        maxTokens: cm.maxTokens ?? 8192,
+        ...(cm.headers ? { headers: cm.headers } : {}),
+      };
+      models.push(model);
+    }
+
+    this.cachedAllModels = models;
+    return models;
+  }
+
+  private hasAuth(provider: string, auth: Record<string, any>): boolean {
+    const cred = auth[provider];
+    if (!cred) return false;
+    if (cred.type === "api_key" && cred.key) return true;
+    if (cred.type === "oauth" && (cred.access || cred.refresh)) return true;
+    return false;
+  }
+}

package/packages/server/src/model-proxy/recursion-guard.ts

@@ -0,0 +1,72 @@
+/**
+ * Recursion guard: prevent custom providers from pointing back at the dashboard.
+ *
+ * See change: add-dashboard-model-proxy.
+ */
+import os from "node:os";
+
+/**
+ * Collect all addresses the dashboard listens on.
+ * Includes localhost variants, LAN IPs, and optional mDNS/tunnel hostnames.
+ */
+export function collectDashboardOrigins(
+  port: number,
+  opts?: { tunnelHostname?: string; mdnsHostname?: string },
+): string[] {
+  const origins: string[] = [
+    `localhost:${port}`,
+    `127.0.0.1:${port}`,
+    `[::1]:${port}`,
+  ];
+
+  // Add LAN IPs
+  try {
+    const interfaces = os.networkInterfaces();
+    for (const entries of Object.values(interfaces)) {
+      if (!entries) continue;
+      for (const entry of entries) {
+        if (entry.internal) continue;
+        const addr = entry.family === "IPv6" ? `[${entry.address}]` : entry.address;
+        origins.push(`${addr}:${port}`);
+      }
+    }
+  } catch {
+    // Best effort
+  }
+
+  if (opts?.tunnelHostname) origins.push(opts.tunnelHostname);
+  if (opts?.mdnsHostname) origins.push(`${opts.mdnsHostname}:${port}`);
+
+  return origins;
+}
+
+/**
+ * Check if a baseUrl points back to the dashboard.
+ */
+export function isSelfPointing(baseUrl: string, dashboardOrigins: string[]): boolean {
+  try {
+    const url = new URL(baseUrl);
+    // Normalize: lowercase host, remove default ports
+    const host = url.hostname.toLowerCase();
+    const port = url.port || (url.protocol === "https:" ? "443" : "80");
+    const normalized = `${host}:${port}`;
+
+    // Also check without port for tunnel hostnames (which include no port)
+    const normalizedHostOnly = host;
+
+    for (const origin of dashboardOrigins) {
+      const originLower = origin.toLowerCase();
+      if (originLower === normalized) return true;
+      if (originLower === normalizedHostOnly) return true;
+      // Handle origin with port vs normalized
+      if (originLower.includes(":")) {
+        if (originLower === normalized) return true;
+      } else {
+        if (originLower === normalizedHostOnly) return true;
+      }
+    }
+    return false;
+  } catch {
+    return false; // Malformed URL — not self-pointing
+  }
+}