@burtson-labs/bandit-engine 2.0.39 → 2.0.40

package/dist/{cli/cli.js → cli.js}

@@ -30,7 +30,7 @@ var import_commander = require("commander");
 // package.json
 var package_default = {
   name: "@burtson-labs/bandit-engine",
-  version: "2.0.39",
+  version: "2.0.40",
   license: "BUSL-1.1",
   main: "dist/index.js",
   module: "dist/index.mjs",
@@ -263,6 +263,10 @@ var buildEnvExample = (ctx) => {
       lines.push("XAI_API_KEY=");
       lines.push("XAI_BASE_URL=https://api.x.ai/v1");
       break;
+    case "bandit":
+      lines.push("BANDIT_API_KEY=");
+      lines.push("BANDIT_BASE_URL=https://api.burtson.ai");
+      break;
     case "ollama":
     default:
       lines.push("OLLAMA_URL=http://localhost:11434");
@@ -472,7 +476,7 @@ const gatewayBaseUrl = (import.meta.env.VITE_GATEWAY_URL ?? "${ctx.defaultGatewa
 const defaultModelId = import.meta.env.VITE_DEFAULT_MODEL ?? "${ctx.defaultModelId}";
 const fallbackModelId = import.meta.env.VITE_FALLBACK_MODEL ?? ${ctx.fallbackModelId ? `${QUOTE}${ctx.fallbackModelId}${QUOTE}` : "undefined"};
 const brandingText = import.meta.env.VITE_BRANDING_TEXT ?? "${ctx.brandingText}";
-const provider = (import.meta.env.VITE_GATEWAY_PROVIDER ?? "${ctx.defaultProvider}") as "openai" | "ollama" | "azure" | "anthropic" | "xai";
+const provider = (import.meta.env.VITE_GATEWAY_PROVIDER ?? "${ctx.defaultProvider}") as "openai" | "ollama" | "azure" | "anthropic" | "xai" | "bandit";
 
 const gatewayApiUrl = gatewayBaseUrl.endsWith("/api") ? gatewayBaseUrl : gatewayBaseUrl + "/api";
 const banditHeadLogoUrl = "https://cdn.burtson.ai/images/bandit-head.png";
@@ -654,7 +658,7 @@ function App() {
               {brandingText}
             </Typography>
             <Typography variant="body1" color="text.secondary">
-              Build, brand, and launch your assistant with a drop-in chat surface plus a secure gateway for OpenAI, Azure OpenAI, Anthropic, XAI, or Ollama.
+              Build, brand, and launch your assistant with a drop-in chat surface plus a secure gateway for Bandit AI, OpenAI, Azure OpenAI, Anthropic, XAI, or Ollama.
             </Typography>
             <Stack direction={{ xs: "column", sm: "row" }} spacing={2}>
               <Button component={RouterLink} to="/chat" variant="contained" color="primary">
@@ -701,7 +705,7 @@ function App() {
                 Ship secure gateways
               </Typography>
               <Typography variant="body2" color="text.secondary">
-                Keep API keys server-side while proxying requests to OpenAI, Azure OpenAI, Anthropic, XAI, or Ollama through the included Express gateway.
+                Keep API keys server-side while proxying requests to Bandit AI, OpenAI, Azure OpenAI, Anthropic, XAI, or Ollama through the included Express gateway.
               </Typography>
             </CardContent>
           </Card>
@@ -887,6 +891,48 @@ const ANTHROPIC_MAX_TOKENS = Number.isFinite(Number(process.env.ANTHROPIC_MAX_TO
   : 1024;
 const XAI_API_KEY = process.env.XAI_API_KEY;
 const XAI_BASE_URL = (process.env.XAI_BASE_URL ?? "https://api.x.ai/v1").replace(/\\/$/, "");
+const BANDIT_API_KEY = process.env.BANDIT_API_KEY;
+const BANDIT_BASE_URL = (process.env.BANDIT_BASE_URL ?? "https://api.burtson.ai").replace(/\\/$/, "");
+
+const normalizeGatewayImageUrl = (value: unknown): string => {
+  if (!value) {
+    return "";
+  }
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    if (!trimmed) {
+      return "";
+    }
+    if (/^data:/i.test(trimmed) || /^https?:/i.test(trimmed)) {
+      return trimmed;
+    }
+    return 'data:image/jpeg;base64,' + trimmed;
+  }
+  if (typeof value === "object") {
+    const possibleUrl =
+      typeof (value as { url?: string }).url === "string"
+        ? (value as { url: string }).url
+        : (value as { image_url?: { url?: string } }).image_url && typeof (value as { image_url?: { url?: string } }).image_url?.url === "string"
+          ? ((value as { image_url: { url: string } }).image_url.url)
+          : "";
+    return normalizeGatewayImageUrl(possibleUrl);
+  }
+  return "";
+};
+
+const extractGatewayImageDetail = (value: unknown): string | undefined => {
+  if (value && typeof value === "object") {
+    const record = value as Record<string, unknown>;
+    if (typeof record.detail === "string" && record.detail.trim()) {
+      return record.detail;
+    }
+    const nested = record.image_url;
+    if (nested && typeof (nested as Record<string, unknown>).detail === "string" && (nested as Record<string, unknown>).detail.trim()) {
+      return (nested as Record<string, unknown>).detail as string;
+    }
+  }
+  return undefined;
+};
 
 interface GatewayChatBody {
   provider?: string;
@@ -907,12 +953,13 @@ interface GatewayChatBody {
   [key: string]: unknown;
 }
 
-const normalizeProvider = (input: string): "openai" | "azure" | "anthropic" | "ollama" | "xai" => {
+const normalizeProvider = (input: string): "openai" | "azure" | "anthropic" | "ollama" | "xai" | "bandit" => {
   const value = input.toLowerCase();
   if (value === "azure-openai" || value === "azureopenai" || value === "azure") return "azure";
   if (value === "anthropic" || value === "claude") return "anthropic";
   if (value === "ollama") return "ollama";
   if (value === "xai" || value === "grok") return "xai";
+  if (value === "bandit" || value === "banditai" || value === "bandit-ai") return "bandit";
   return "openai";
 };
 
@@ -930,6 +977,13 @@ const requireOpenAIKey = () => {
   return OPENAI_API_KEY;
 };
 
+const requireBanditKey = () => {
+  if (!BANDIT_API_KEY) {
+    throw new Error("Missing BANDIT_API_KEY. Add it to your .env file to route requests to Bandit AI.");
+  }
+  return BANDIT_API_KEY;
+};
+
 const requireXAIKey = () => {
   if (!XAI_API_KEY) {
     throw new Error("Missing XAI_API_KEY. Add it to your .env file to route requests to xAI.");
@@ -1116,6 +1170,72 @@ export async function POST(request: NextRequest) {
         return stream ? passthroughResponse(response) : jsonResponse(response);
       }
 
+      case "bandit": {
+        const banditKey = requireBanditKey();
+        const { provider: _provider, ...cleanBody } = body;
+        const providerName = typeof body.provider === "string" ? body.provider : "bandit";
+        const requestBody = {
+          ...cleanBody,
+          stream,
+          model: stripPrefix(body.model ?? DEFAULT_MODEL, "bandit", "bandit-core-1"),
+        };
+
+        if (
+          providerName !== "ollama" &&
+          Array.isArray(requestBody.images) &&
+          requestBody.images.length > 0 &&
+          Array.isArray(requestBody.messages)
+        ) {
+          const lastUserIndex = requestBody.messages.map((message) => message?.role).lastIndexOf("user");
+          if (lastUserIndex !== -1) {
+            const targetMessage = requestBody.messages[lastUserIndex] ?? {};
+            const baseContent = Array.isArray(targetMessage.content)
+              ? targetMessage.content.filter(Boolean)
+              : typeof targetMessage.content === "string" && targetMessage.content.trim().length > 0
+                ? [{ type: "text", text: targetMessage.content }]
+                : [];
+
+            const imageContent = requestBody.images
+              .map((entry) => {
+                const url = normalizeGatewayImageUrl(entry);
+                if (!url) {
+                  return null;
+                }
+                return {
+                  type: "image_url",
+                  image_url: {
+                    url,
+                    detail: extractGatewayImageDetail(entry) ?? "auto"
+                  }
+                };
+              })
+              .filter(Boolean);
+
+            if (imageContent.length > 0) {
+              requestBody.messages[lastUserIndex] = {
+                ...targetMessage,
+                content: [...baseContent, ...imageContent]
+              };
+            }
+          }
+          delete requestBody.images;
+        }
+
+        const response = await fetch(BANDIT_BASE_URL + "/completions", {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: \`Bearer \${banditKey}\`,
+          },
+          body: JSON.stringify(requestBody),
+        });
+        if (!response.ok) {
+          const details = await response.text();
+          return NextResponse.json({ error: \`Bandit chat failed: \${response.status}\`, details }, { status: response.status });
+        }
+        return stream ? passthroughResponse(response) : jsonResponse(response);
+      }
+
       case "xai": {
         const xaiKey = requireXAIKey();
         const { provider: _provider, ...cleanBody } = body;
@@ -1490,14 +1610,14 @@ This directory contains a minimal Next.js App Router implementation of the Bandi
 ## Routes
 
 - \`app/api/health/route.ts\` \u2013 provider health and availability checks
-- \`app/api/chat/completions/route.ts\` \u2013 provider-aware chat completions endpoint (OpenAI, Azure OpenAI, Anthropic, xAI, Ollama)
+- \`app/api/chat/completions/route.ts\` \u2013 provider-aware chat completions endpoint (Bandit AI, OpenAI, Azure OpenAI, Anthropic, xAI, Ollama)
 - \`app/api/models/route.ts\` \u2013 exposes the scaffolded gateway model metadata used by the frontend
 
 ## Usage
 
 1. Copy the contents of \`server/next-app/\` into the \`app/\` directory of a Next.js project.
 2. Ensure the environment variables listed in \`.env.example\` are available to the Next.js runtime. At minimum you will want the
-   provider API keys you plan to use (OpenAI, Azure OpenAI, Anthropic, xAI, or Ollama).
+   provider API keys you plan to use (Bandit AI, OpenAI, Azure OpenAI, Anthropic, xAI, or Ollama).
 3. Start Next.js with \`npm run dev\` (or your project\u2019s equivalent). The routes are server-only (\`export const dynamic = "force-dynamic"\`)
    and can coexist with any frontend pages.
 
@@ -1537,6 +1657,8 @@ app.use(express.urlencoded({ limit: '50mb', extended: true }));
 const QUICKSTART_VERSION = "0.1.0";
 const DEFAULT_PROVIDER = "${ctx.defaultProvider}";
 const BASE_GATEWAY_MODELS = ${modelsDefinition};
+const BANDIT_API_KEY = process.env.BANDIT_API_KEY;
+const BANDIT_BASE_URL = (process.env.BANDIT_BASE_URL ?? "https://api.burtson.ai").replace(/\\/$/, "");
 const OLLAMA_BASE_URL = (process.env.OLLAMA_URL ?? "http://localhost:11434").replace(/\\/$/, "");
 const AZURE_OPENAI_ENDPOINT = process.env.AZURE_OPENAI_ENDPOINT ? process.env.AZURE_OPENAI_ENDPOINT.replace(/\\/$/, "") : undefined;
 const AZURE_OPENAI_API_KEY = process.env.AZURE_OPENAI_API_KEY;
@@ -1572,6 +1694,13 @@ const toGatewayModels = () =>
 const stripAzureModelPrefix = (value) =>
   typeof value === "string" ? value.replace(/^azure:/, "") : undefined;
 
+const requireBanditKey = () => {
+  if (!BANDIT_API_KEY) {
+    throw new Error("Missing BANDIT_API_KEY. Add it to your .env file to route requests to Bandit AI.");
+  }
+  return BANDIT_API_KEY;
+};
+
 const isAzureConfigured = () => Boolean(AZURE_OPENAI_ENDPOINT && AZURE_OPENAI_API_KEY);
 
 const requireAzureBaseConfig = () => {
@@ -1662,6 +1791,45 @@ const flattenGatewayContent = (content) => {
   return "";
 };
 
+const normalizeGatewayImageUrl = (value) => {
+  if (!value) {
+    return "";
+  }
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    if (!trimmed) {
+      return "";
+    }
+    if (/^data:/i.test(trimmed) || /^https?:/i.test(trimmed)) {
+      return trimmed;
+    }
+    return 'data:image/jpeg;base64,' + trimmed;
+  }
+  if (typeof value === "object") {
+    const possibleUrl =
+      typeof value.url === "string"
+        ? value.url
+        : value.image_url && typeof value.image_url.url === "string"
+          ? value.image_url.url
+          : "";
+    return normalizeGatewayImageUrl(possibleUrl);
+  }
+  return "";
+};
+
+const extractGatewayImageDetail = (value) => {
+  if (value && typeof value === "object") {
+    const record = value;
+    if (typeof record.detail === "string" && record.detail.trim()) {
+      return record.detail;
+    }
+    if (record.image_url && typeof record.image_url.detail === "string" && record.image_url.detail.trim()) {
+      return record.image_url.detail;
+    }
+  }
+  return undefined;
+};
+
 const toAnthropicMessages = (messages = []) => {
   const anthropicMessages = [];
   let systemPrompt = "";
@@ -2742,6 +2910,240 @@ app.get("/api/xai/models", async (_req, res) => {
   }
 });
 
+// ============================================================================
+// BANDIT AI ROUTES
+// ============================================================================
+
+app.get("/api/bandit/health", async (_req, res) => {
+  try {
+    const banditKey = requireBanditKey();
+    const response = await fetch(BANDIT_BASE_URL + "/models", {
+      headers: { "Authorization": \`Bearer \${banditKey}\` }
+    });
+    const isHealthy = response.ok;
+    res.json({
+      status: isHealthy ? "healthy" : "unhealthy",
+      bandit_status: isHealthy,
+      provider: "bandit",
+      endpoint: BANDIT_BASE_URL
+    });
+  } catch (error) {
+    res.status(503).json({
+      status: "unhealthy",
+      bandit_status: false,
+      error: error instanceof Error ? error.message : String(error),
+      provider: "bandit",
+      endpoint: BANDIT_BASE_URL
+    });
+  }
+});
+
+app.post("/api/bandit/chat/completions", async (req, res) => {
+  try {
+    const banditKey = requireBanditKey();
+    const isStreaming = req.body?.stream === true;
+    const { provider, ...cleanBody } = req.body ?? {};
+    const providerName = typeof provider === "string" ? provider : "bandit";
+    const requestBody = {
+      ...cleanBody,
+      model: req.body?.model?.replace(/^bandit:/, "") || "bandit-core-1"
+    };
+
+    if (
+      providerName !== "ollama" &&
+      Array.isArray(requestBody.images) &&
+      requestBody.images.length > 0 &&
+      Array.isArray(requestBody.messages)
+    ) {
+      const lastUserIndex = requestBody.messages.map((message) => message?.role).lastIndexOf("user");
+      if (lastUserIndex !== -1) {
+        const targetMessage = requestBody.messages[lastUserIndex] ?? {};
+        const baseContent = Array.isArray(targetMessage.content)
+          ? targetMessage.content.filter(Boolean)
+          : typeof targetMessage.content === "string" && targetMessage.content.trim().length > 0
+            ? [{ type: "text", text: targetMessage.content }]
+            : [];
+
+        const imageContent = requestBody.images
+          .map((entry) => {
+            const url = normalizeGatewayImageUrl(entry);
+            if (!url) {
+              return null;
+            }
+            return {
+              type: "image_url",
+              image_url: {
+                url,
+                detail: extractGatewayImageDetail(entry) ?? "auto"
+              }
+            };
+          })
+          .filter(Boolean);
+
+          if (imageContent.length > 0) {
+            requestBody.messages[lastUserIndex] = {
+              ...targetMessage,
+              content: [...baseContent, ...imageContent]
+            };
+          }
+        }
+        delete requestBody.images;
+      }
+
+    const response = await fetch(BANDIT_BASE_URL + "/completions", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": \`Bearer \${banditKey}\`
+      },
+      body: JSON.stringify(requestBody)
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      return res.status(response.status).json({
+        error: \`Bandit chat failed: \${response.status}\`,
+        details: errorText
+      });
+    }
+
+    if (isStreaming) {
+      await handleStreamingResponse(response, res);
+    } else {
+      const text = await response.text();
+      res.setHeader('Content-Type', 'application/json');
+      res.send(text);
+    }
+  } catch (error) {
+    res.status(500).json({ error: error instanceof Error ? error.message : String(error) });
+  }
+});
+
+app.post("/api/bandit/chat", async (req, res) => {
+  req.url = "/api/bandit/chat/completions";
+  return app._router.handle(req, res);
+});
+
+app.post("/api/bandit/completions", async (req, res) => {
+  try {
+    const banditKey = requireBanditKey();
+    const isStreaming = req.body?.stream === true;
+    const { provider, ...cleanBody } = req.body ?? {};
+    const requestBody = {
+      ...cleanBody,
+      model: req.body?.model?.replace(/^bandit:/, "") || "bandit-core-1"
+    };
+
+    const response = await fetch(BANDIT_BASE_URL + "/completions", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": \`Bearer \${banditKey}\`
+      },
+      body: JSON.stringify(requestBody)
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      return res.status(response.status).json({
+        error: \`Bandit completions failed: \${response.status}\`,
+        details: errorText
+      });
+    }
+
+    if (isStreaming) {
+      await handleStreamingResponse(response, res);
+    } else {
+      const text = await response.text();
+      res.setHeader('Content-Type', 'application/json');
+      res.send(text);
+    }
+  } catch (error) {
+    res.status(500).json({ error: error instanceof Error ? error.message : String(error) });
+  }
+});
+
+app.post("/api/bandit/generate", async (req, res) => {
+  try {
+    const banditKey = requireBanditKey();
+    const prompt = req.body?.prompt || "";
+    const model = req.body?.model?.replace(/^bandit:/, "") || "bandit-core-1";
+    const isStreaming = req.body?.stream === true;
+
+    const chatBody = {
+      model,
+      messages: [
+        { role: "user", content: prompt }
+      ],
+      stream: isStreaming,
+      max_tokens: req.body?.max_tokens || 256,
+      temperature: req.body?.temperature ?? 0.7
+    };
+
+    const response = await fetch(BANDIT_BASE_URL + "/completions", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": \`Bearer \${banditKey}\`
+      },
+      body: JSON.stringify(chatBody)
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      return res.status(response.status).json({
+        error: \`Bandit generate failed: \${response.status}\`,
+        details: errorText
+      });
+    }
+
+    if (isStreaming) {
+      await handleStreamingResponse(response, res);
+    } else {
+      const data = await response.json();
+      const generateResponse = {
+        model,
+        created_at: new Date().toISOString(),
+        response: data.choices?.[0]?.message?.content || "",
+        done: true,
+        context: [],
+        total_duration: 0,
+        load_duration: 0,
+        prompt_eval_count: data.usage?.prompt_tokens || 0,
+        prompt_eval_duration: 0,
+        eval_count: data.usage?.completion_tokens || 0,
+        eval_duration: 0
+      };
+      res.json(generateResponse);
+    }
+  } catch (error) {
+    res.status(500).json({ error: error instanceof Error ? error.message : String(error) });
+  }
+});
+
+app.get("/api/bandit/models", async (_req, res) => {
+  try {
+    const banditKey = requireBanditKey();
+    const response = await fetch(BANDIT_BASE_URL + "/models", {
+      headers: { "Authorization": \`Bearer \${banditKey}\` }
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      return res.status(response.status).json({
+        error: \`Bandit models failed: \${response.status}\`,
+        details: errorText
+      });
+    }
+
+    const text = await response.text();
+    res.setHeader('Content-Type', 'application/json');
+    res.send(text);
+  } catch (error) {
+    res.status(500).json({ error: error instanceof Error ? error.message : String(error) });
+  }
+});
+
 // ============================================================================
 // OPENAI ROUTES
 // ============================================================================
@@ -3264,8 +3666,9 @@ app.all("/api/anthropic/*", (_req, res) => {
 const port = Number(process.env.PORT ?? ${ctx.gatewayPort});
 app.listen(port, () => {
   console.log("\u26A1 Bandit quickstart gateway ready on http://localhost:" + port);
-  console.log("\u{1F4E1} Supported providers: OpenAI, Azure OpenAI, Anthropic, XAI, Ollama");
+  console.log("\u{1F4E1} Supported providers: Bandit AI, OpenAI, Azure OpenAI, Anthropic, XAI, Ollama");
   console.log("\u{1F517} Provider-specific routes:");
+  console.log("   \u2022 /api/bandit/* - Bandit AI endpoints");
   console.log("   \u2022 /api/openai/* - OpenAI endpoints");
   console.log("   \u2022 /api/azure/* - Azure OpenAI endpoints");
   console.log("   \u2022 /api/anthropic/* - Anthropic endpoints");
@@ -3297,7 +3700,7 @@ This project was generated by the Bandit Engine CLI. It ships with a React + Vit
 ## \u{1F680} Next steps
 - \`npm install\`
 - \`cp .env.example .env\`
-- Fill in your OpenAI, Azure OpenAI, Anthropic, or xAI credentials (or point \`OLLAMA_URL\` at your local server)
+- Fill in your Bandit AI, OpenAI, Azure OpenAI, Anthropic, or xAI credentials (or point \`OLLAMA_URL\` at your local server)
 - \`npm run dev\`
 
 The command runs the gateway and the frontend together. Visit http://localhost:${ctx.frontendPort} to see the chat and modal in action.
@@ -3310,7 +3713,7 @@ The command runs the gateway and the frontend together. Visit http://localhost:$
 ## \u{1F4E6} What\u2019s inside
 - React + Vite 5 with Material UI theming
 - Bandit chat surface + modal wired via \`ChatProvider\`
-- Express gateway proxying OpenAI, Azure OpenAI, Anthropic, XAI, or Ollama to keep API keys server-side
+- Express gateway proxying Bandit AI, OpenAI, Azure OpenAI, Anthropic, XAI, or Ollama to keep API keys server-side
 - Next.js App Router gateway scaffold in 'server/next-app/' for projects that prefer Next
 - Friendly defaults you can evolve into your production stack
 
@@ -3406,6 +3809,9 @@ var normalizeProvider = (value) => {
   if (normalized === "xai" || normalized === "grok") {
     return "xai";
   }
+  if (normalized === "bandit" || normalized === "banditai" || normalized === "bandit-ai") {
+    return "bandit";
+  }
   return "openai";
 };
 var inferDefaultModelId = (provider) => {
@@ -3421,6 +3827,9 @@ var inferDefaultModelId = (provider) => {
   if (provider === "xai") {
     return "xai:grok-2-latest";
   }
+  if (provider === "bandit") {
+    return "bandit-core-1";
+  }
   return "openai:gpt-4o-mini";
 };
 var inferFallbackModelId = (provider, defaultId) => {
@@ -3440,12 +3849,16 @@ var inferFallbackModelId = (provider, defaultId) => {
   if (provider === "xai") {
     return defaultId === "xai:grok-2-mini" ? "xai:grok-2-latest" : "xai:grok-2-mini";
   }
+  if (provider === "bandit") {
+    return void 0;
+  }
   return defaultId === "openai:gpt-4.1-mini" ? "openai:gpt-4o-mini" : "openai:gpt-4.1-mini";
 };
 var promptForProvider = async () => {
   const providerOptions = [
     { label: "Ollama (self-hosted) \u2014 default", value: "ollama" },
     { label: "OpenAI", value: "openai" },
+    { label: "Bandit AI (Bandit Core)", value: "bandit" },
     { label: "Azure OpenAI", value: "azure" },
     { label: "Anthropic", value: "anthropic" },
     { label: "xAI (Grok)", value: "xai" }