@burtson-labs/bandit-engine 2.0.40 → 2.0.41

package/README.md

@@ -20,7 +20,7 @@ An AI chat toolkit built for speed, design, and control. Power branded AI assist
 - 🔌 Plug-and-play React chat, modal, and management surfaces
 - 🧠 Memory, vector knowledge, and provider switching behind a secure gateway
 - 🎨 Full MUI theming, dark mode, and branding controls out of the box
-- 🌐 Multimodal support (voice, images, documents) with Ollama, OpenAI, Azure OpenAI, Anthropic, and xAI today — tell us which providers you need next so we can prioritize them
+- 🌐 Multimodal support (voice, images, documents) with Bandit AI, Ollama, OpenAI, Azure OpenAI, Anthropic, and xAI today — tell us which providers you need next so we can prioritize them
 - 🛠️ CLI scaffolding, sample gateway, and docs to launch in minutes
 
 ## Quick Links
@@ -44,7 +44,7 @@ npx @burtson-labs/bandit-engine create my-bandit-app
 What you get out of the box:
 
 - Vite + React project wired with `Chat`, `ChatModal`, and `ChatProvider`
-- Express gateway that proxies OpenAI, Azure OpenAI, Anthropic, xAI, or Ollama behind `/api`
+- Express gateway that proxies Bandit AI, OpenAI, Azure OpenAI, Anthropic, xAI, or Ollama behind `/api`
 - Next.js App Router gateway scaffold (in `server/next-app/`) ready to copy into a Next project
 - Branding + persona config in `public/config.json`, ready for your logo or prompts
 
@@ -58,7 +58,7 @@ Customize the output with options such as:
 
 > 📦 The generated project installs directly from `https://registry.npmjs.org/` — no GitHub npm token is required once the package is public.
 
-> ⚠️ The scaffolded gateway focuses on OpenAI/xAI/Ollama chat and model discovery. All advanced routes (file storage uploads, vector embedding, voice, MCP, etc.) are generated as `501` placeholders so you can wire them to your own infrastructure. Implement the contracts below before turning on those features in production.
+> ⚠️ The scaffolded gateway focuses on Bandit AI/OpenAI/xAI/Ollama chat and model discovery. All advanced routes (file storage uploads, vector embedding, voice, MCP, etc.) are generated as `501` placeholders so you can wire them to your own infrastructure. Implement the contracts below before turning on those features in production.
 
 Check out the [CLI quick start guide](./docs/05_cli_quickstart.md) for the full walkthrough, option matrix, and project anatomy.
 
@@ -125,7 +125,7 @@ const chatPackageSettings = {
   aiProvider: {
     type: "gateway" as const,
     gatewayUrl: import.meta.env.VITE_GATEWAY_API_URL!,
-    provider: "openai" // Backend: openai, azure-openai, anthropic, ollama
+    provider: "bandit" // Backend: bandit, openai, azure-openai, anthropic, xai, ollama
   },
   
   // Direct Ollama configuration (development only)
@@ -168,7 +168,7 @@ ReactDOM.createRoot(document.getElementById("root")!).render(
 aiProvider: {
   type: "gateway",
   gatewayUrl: "https://your-api-gateway.com", // Your backend API
-  provider: "openai" // Specify which AI provider to use
+  provider: "bandit" // Specify which AI provider to use (bandit, openai, azure-openai, anthropic, xai, ollama)
 }
 ```
 
@@ -189,10 +189,10 @@ aiProvider: {
   - `GET /api/memory` — hydrate personal memory when the feature is enabled
 - **Chat & text generation**
   - `POST /api/chat/completions` — default provider routing
-  - `POST /api/{provider}/chat/completions` — provider-specific routing (e.g. `openai`, `azure-openai`, `anthropic`)
+  - `POST /api/{provider}/chat/completions` — provider-specific routing (e.g. `bandit`, `openai`, `azure-openai`, `anthropic`, `xai`)
   - `POST /api/ollama/chat` — native Ollama chat format
   - `POST /api/generate` — non-chat generation (conversation starters, summaries, etc.)
-  - `POST /api/{provider}/generate` — same contract, but scoped per provider (required for conversation starters to respect OpenAI vs. Ollama routing)
+  - `POST /api/{provider}/generate` — same contract, but scoped per provider (required for conversation starters to respect Bandit/OpenAI/Azure routing)
 - **Knowledge & vector search** (required for memories, knowledge management, and MCP document tools)
   - `POST /api/embedding/embed-memory`
   - `POST /api/embedding/batch-embed-memories`
@@ -211,6 +211,7 @@ aiProvider: {
   - `GET /subscription/{userId}` and `PUT /subscription/{userId}` — synchronize subscription tiers used by the feature-flag system
 
 > **⚠️ Important:** The Bandit Engine automatically routes to provider-specific endpoints:
+> - **Bandit AI** → `/api/bandit/chat/completions` (OpenAI format, token or API key)
 > - **Ollama** → `/api/ollama/chat` (native Ollama format)
 > - **OpenAI/Azure/xAI/Anthropic** → `/api/{provider}/chat/completions` (OpenAI format)
 > - **TTS/STT** → Technology-agnostic endpoints that work with any backend implementation
@@ -674,10 +675,12 @@ Bandit Engine features a unified, gateway-based AI provider architecture that su
 ### Supported Providers
 
 - **🌟 Gateway Provider** (Recommended): Routes all requests through your secure backend
+- **Bandit AI**: Bandit Core models served through the secure gateway
 - **Ollama**: Self-hosted models and Ollama-compatible endpoints
 - **OpenAI**: GPT models via OpenAI API
 - **Azure OpenAI**: Azure-hosted OpenAI models
 - **Anthropic**: Claude models via Anthropic API
+- **xAI**: Grok models via xAI API
 
 > We do not support every AI provider yet. Let us know which services you rely on—community interest directly shapes the integration roadmap.
 
@@ -691,7 +694,7 @@ const chatPackageSettings = {
   aiProvider: {
     type: "gateway" as const,
     gatewayUrl: "https://your-gateway-api.example.com", 
-    provider: "openai" // Backend provider: openai, azure-openai, anthropic, ollama
+    provider: "bandit" // Backend provider: bandit, openai, azure-openai, anthropic, xai, ollama
   },
   // ... other settings
 };
@@ -709,7 +712,7 @@ Your gateway API can be built with any technology (Node.js, Python, .NET, Java,
 - `GET /api/health` — Health check endpoint that lists available providers.
 - `GET /api/models` and `GET /api/models/{provider}` — Model discovery for the management UI.
 - `POST /api/chat/completions` and `POST /api/generate` — Default OpenAI-style routes when no provider override is present.
-- `POST /api/{provider}/chat/completions` and `POST /api/{provider}/generate` — Provider-specific routing for `openai`, `azure-openai`, and `anthropic`.
+- `POST /api/{provider}/chat/completions` and `POST /api/{provider}/generate` — Provider-specific routing for `bandit`, `openai`, `azure-openai`, `anthropic`, and `xai`.
 - `POST /api/ollama/chat` and `POST /api/ollama/generate` — Native Ollama routes (no `/chat/completions` suffix).
 
 ### Legacy Direct Providers
@@ -1135,7 +1138,7 @@ const chatPackageSettings = {
   aiProvider: {
     type: "gateway",
     gatewayUrl: "https://your-api-gateway.com",
-    provider: "openai" // or "anthropic", "azure-openai", "ollama"
+    provider: "bandit" // or "openai", "anthropic", "azure-openai", "xai", "ollama"
   },
   gatewayApiUrl: "https://your-api-gateway.com", // Same URL for TTS/STT services
   // No API keys in frontend code
@@ -1157,7 +1160,7 @@ const oldSettings = {
 
 // ✅ Recommended (unified gateway approach)
 const newSettings = {
-  aiProvider: { type: "gateway", gatewayUrl: "https://your-gateway.com", provider: "openai" },
+  aiProvider: { type: "gateway", gatewayUrl: "https://your-gateway.com", provider: "bandit" },
   gatewayApiUrl: "https://your-gateway.com", // Handles TTS, STT, and MCP
 };
 ```

package/dist/{aiProviderStore-JMA5RWX7.mjs → aiProviderStore-UQI33C5E.mjs}

@@ -1,9 +1,9 @@
 import {
   useAIProviderStore
-} from "./chunk-QJYPWWA5.mjs";
+} from "./chunk-54ZQ3FSN.mjs";
 import "./chunk-KCI46M23.mjs";
 import "./chunk-BJTO5JO5.mjs";
 export {
   useAIProviderStore
 };
-//# sourceMappingURL=aiProviderStore-JMA5RWX7.mjs.map
+//# sourceMappingURL=aiProviderStore-UQI33C5E.mjs.map

package/dist/{chat-JMWPOSQ4.mjs → chat-T5ANWWYQ.mjs}

@@ -1,15 +1,15 @@
 import {
   chat_default
-} from "./chunk-26QQ4CLA.mjs";
+} from "./chunk-QFNEHSY4.mjs";
 import "./chunk-ONQMRE2G.mjs";
 import "./chunk-RTQDQ6TC.mjs";
-import "./chunk-VIYBZO5W.mjs";
-import "./chunk-2ZCR2TDY.mjs";
+import "./chunk-LYWVYBKU.mjs";
+import "./chunk-CX3INLYJ.mjs";
 import "./chunk-XUBYA5I7.mjs";
-import "./chunk-QJYPWWA5.mjs";
+import "./chunk-54ZQ3FSN.mjs";
 import "./chunk-KCI46M23.mjs";
 import "./chunk-BJTO5JO5.mjs";
 export {
   chat_default as default
 };
-//# sourceMappingURL=chat-JMWPOSQ4.mjs.map
+//# sourceMappingURL=chat-T5ANWWYQ.mjs.map

package/dist/chat-provider.js

@@ -2222,61 +2222,15 @@ var init_gateway_service = __esm({
        */
       chat(request) {
         const endpoint = request.provider === "ollama" ? `/api/${request.provider}/chat` : request.provider ? `/api/${request.provider}/chat/completions` : "/api/chat/completions";
-        const url = `${this._baseUrl}${endpoint}`;
+        const fallbackEndpoint = request.provider === "bandit" ? "/completions" : null;
         const normalizedModel = request.provider === "bandit" ? (() => {
           const trimmed = (request.model ?? "").replace(/^bandit:/, "").trim();
           return trimmed !== "" ? trimmed : "bandit-core-1";
         })() : request.model;
-        debugLogger.debug(`Gateway chat request to ${url} with provider: ${request.provider || "default"}`, {
-          model: normalizedModel,
-          messageCount: request.messages.length,
-          hasImages: !!(request.images && request.images.length > 0),
-          imageCount: request.images?.length || 0
-        });
         const requestBody = { ...request, model: normalizedModel, stream: request.stream !== false };
         return new import_rxjs6.Observable((observer) => {
           const controller = new AbortController();
-          const task = fetch(url, {
-            method: "POST",
-            headers: this._getHeaders(),
-            body: JSON.stringify(requestBody),
-            signal: controller.signal
-          });
-          task.then(async (response) => {
-            debugLogger.debug(`Gateway chat response status: ${response.status} for provider: ${request.provider || "default"}`);
-            if (!response.ok) {
-              let errorText = "";
-              let errorData = null;
-              try {
-                errorText = await response.text();
-                debugLogger.error("GatewayService chat error response body", {
-                  status: response.status,
-                  statusText: response.statusText,
-                  url: response.url,
-                  body: errorText
-                });
-              } catch (readError) {
-                debugLogger.error("GatewayService chat failed to read error response body", { error: readError });
-                errorText = `Request failed with status ${response.status}`;
-              }
-              try {
-                errorData = JSON.parse(errorText);
-                debugLogger.error("GatewayService chat parsed error payload", errorData);
-              } catch (parseError) {
-                debugLogger.error("GatewayService chat error payload was not valid JSON");
-                errorData = { message: errorText };
-              }
-              const error = this._createHttpError(
-                `POST ${url} failed: ${response.status} ${response.statusText ?? ""}`,
-                {
-                  status: response.status,
-                  statusText: response.statusText ?? "",
-                  data: errorData,
-                  url
-                }
-              );
-              throw error;
-            }
+          const handleStreamingResponse = async (response) => {
             const reader = response.body?.getReader();
             const decoder = new TextDecoder();
             let buffer = "";
@@ -2351,14 +2305,75 @@ var init_gateway_service = __esm({
               }).catch((err) => observer.error(err));
             };
             read();
-          }).catch((err) => {
-            debugLogger.error("GatewayService chat fetch error", {
-              error: err,
-              url,
-              provider: request.provider
+          };
+          const sendRequest = (targetEndpoint, allowFallback) => {
+            const url = `${this._baseUrl}${targetEndpoint}`;
+            debugLogger.debug(`Gateway chat request to ${url} with provider: ${request.provider || "default"}`, {
+              model: normalizedModel,
+              messageCount: request.messages.length,
+              hasImages: !!(request.images && request.images.length > 0),
+              imageCount: request.images?.length || 0
             });
-            observer.error(err);
-          });
+            fetch(url, {
+              method: "POST",
+              headers: this._getHeaders(),
+              body: JSON.stringify(requestBody),
+              signal: controller.signal
+            }).then(async (response) => {
+              debugLogger.debug(`Gateway chat response status: ${response.status} for provider: ${request.provider || "default"}`);
+              if (response.status === 404 && allowFallback && fallbackEndpoint) {
+                debugLogger.warn("GatewayService chat endpoint returned 404, attempting fallback route", {
+                  provider: request.provider,
+                  attemptedEndpoint: targetEndpoint,
+                  fallbackEndpoint
+                });
+                sendRequest(fallbackEndpoint, false);
+                return;
+              }
+              if (!response.ok) {
+                let errorText = "";
+                let errorData = null;
+                try {
+                  errorText = await response.text();
+                  debugLogger.error("GatewayService chat error response body", {
+                    status: response.status,
+                    statusText: response.statusText,
+                    url: response.url,
+                    body: errorText
+                  });
+                } catch (readError) {
+                  debugLogger.error("GatewayService chat failed to read error response body", { error: readError });
+                  errorText = `Request failed with status ${response.status}`;
+                }
+                try {
+                  errorData = JSON.parse(errorText);
+                  debugLogger.error("GatewayService chat parsed error payload", errorData);
+                } catch (parseError) {
+                  debugLogger.error("GatewayService chat error payload was not valid JSON");
+                  errorData = { message: errorText };
+                }
+                const error = this._createHttpError(
+                  `POST ${url} failed: ${response.status} ${response.statusText ?? ""}`,
+                  {
+                    status: response.status,
+                    statusText: response.statusText ?? "",
+                    data: errorData,
+                    url
+                  }
+                );
+                throw error;
+              }
+              await handleStreamingResponse(response);
+            }).catch((err) => {
+              debugLogger.error("GatewayService chat fetch error", {
+                error: err,
+                url,
+                provider: request.provider
+              });
+              observer.error(err);
+            });
+          };
+          sendRequest(endpoint, true);
           return () => {
             try {
               controller.abort();
@@ -2491,18 +2506,46 @@ var init_gateway_service = __esm({
         );
       }
       _getHeaders() {
-        const token = this._tokenFactory();
+        const rawToken2 = this._tokenFactory();
         const headers = {
           "Content-Type": "application/json"
         };
-        if (token && token.trim() !== "") {
-          headers["Authorization"] = `Bearer ${token}`;
-          debugLogger.debug("Authorization header set with token");
-        } else {
+        if (!rawToken2) {
           debugLogger.warn("GatewayService: No token found, skipping Authorization header");
+          return headers;
+        }
+        const token = rawToken2.trim();
+        if (token === "") {
+          debugLogger.warn("GatewayService: Token factory returned empty string");
+          return headers;
+        }
+        if (/^(Bearer|ApiKey)\s+/i.test(token)) {
+          headers["Authorization"] = token;
+          debugLogger.debug("GatewayService: Authorization header set with explicit scheme");
+          return headers;
         }
+        if (this._isLikelyBanditApiKey(token)) {
+          headers["Authorization"] = `ApiKey ${token}`;
+          headers["X-Burtson-Api-Key"] = token;
+          debugLogger.debug("GatewayService: Authorization header set using API key");
+          return headers;
+        }
+        if (this._isLikelyJwt(token)) {
+          headers["Authorization"] = `Bearer ${token}`;
+          debugLogger.debug("GatewayService: Authorization header set using bearer token");
+          return headers;
+        }
+        headers["Authorization"] = `Bearer ${token}`;
+        debugLogger.debug("GatewayService: Authorization header defaulted to bearer scheme");
         return headers;
       }
+      _isLikelyJwt(token) {
+        const segments = token.split(".");
+        return segments.length === 3 && segments.every((segment) => segment.length > 0);
+      }
+      _isLikelyBanditApiKey(value) {
+        return /^bai_[a-z0-9]{10,}$/i.test(value);
+      }
       /**
        * Submit feedback to the gateway API
        */
@@ -9764,26 +9807,7 @@ var AIProviderInitService = class _AIProviderInitService {
           if (providerConfig.type === "anthropic" /* ANTHROPIC */) {
             providerConfig = this.convertAnthropicConfig(providerConfig, settings?.gatewayApiUrl);
           }
-          if ((providerConfig.type === "ollama" /* OLLAMA */ || providerConfig.type === "gateway" /* GATEWAY */) && !providerConfig.tokenFactory) {
-            providerConfig.tokenFactory = () => {
-              let token = authenticationService.getToken();
-              if (!token) {
-                token = localStorage.getItem("authToken");
-              }
-              if (!token) {
-                try {
-                  const { useAuthenticationStore: useAuthenticationStore2 } = require("../../store/authenticationStore");
-                  const authStore = useAuthenticationStore2.getState();
-                  token = authStore.token;
-                } catch (e) {
-                }
-              }
-              debugLogger.info("AI Provider Init: IndexedDB config token factory", {
-                hasToken: !!token
-              });
-              return token;
-            };
-          }
+          providerConfig = this.ensureTokenFactory(providerConfig);
           try {
             const { createProvider } = useAIProviderStore.getState();
             createProvider(providerConfig);
@@ -9811,27 +9835,7 @@ var AIProviderInitService = class _AIProviderInitService {
       if (providerConfig.type === "anthropic" /* ANTHROPIC */) {
         providerConfig = this.convertAnthropicConfig(providerConfig, settings.gatewayApiUrl);
       }
-      if (providerConfig.type === "ollama" /* OLLAMA */ && !providerConfig.tokenFactory) {
-        providerConfig.tokenFactory = () => {
-          let token = authenticationService.getToken();
-          if (!token) {
-            token = localStorage.getItem("authToken");
-          }
-          if (!token) {
-            try {
-              const { useAuthenticationStore: useAuthenticationStore2 } = require("../../store/authenticationStore");
-              const authStore = useAuthenticationStore2.getState();
-              token = authStore.token;
-            } catch (e) {
-            }
-          }
-          debugLogger.info("AIProviderInit: Explicit config tokenFactory", {
-            hasToken: !!token,
-            localStorage: !!localStorage.getItem("authToken")
-          });
-          return token;
-        };
-      }
+      providerConfig = this.ensureTokenFactory(providerConfig);
       debugLogger.info("Using explicit AI provider config", providerConfig);
     } else {
       providerConfig = {
@@ -9943,9 +9947,10 @@ var AIProviderInitService = class _AIProviderInitService {
    */
   switchProvider(config) {
     try {
+      const normalizedConfig = this.ensureTokenFactory({ ...config });
       const { switchProvider } = useAIProviderStore.getState();
-      switchProvider(config);
-      debugLogger.info(`Switched to AI provider: ${config.type}`);
+      switchProvider(normalizedConfig);
+      debugLogger.info(`Switched to AI provider: ${normalizedConfig.type}`);
     } catch (error) {
       debugLogger.error("Failed to switch AI provider:", { error });
       throw error;
@@ -9979,6 +9984,49 @@ var AIProviderInitService = class _AIProviderInitService {
     debugLogger.info("AI Provider Init: Converted direct Anthropic provider to gateway configuration");
     return normalized;
   }
+  /**
+   * Ensure providers that require auth have a token factory configured.
+   * Handles both UI auth tokens and API key scenarios.
+   */
+  ensureTokenFactory(config) {
+    if (config.type === "ollama" /* OLLAMA */ || config.type === "gateway" /* GATEWAY */) {
+      const existingFactory = config.tokenFactory;
+      if (existingFactory) {
+        return config;
+      }
+      if (typeof config.apiKey === "string" && config.apiKey.trim() !== "") {
+        const key = config.apiKey.trim();
+        config.tokenFactory = () => key;
+        debugLogger.info("AIProviderInit: Using API key for token factory", {
+          type: config.type,
+          hasKey: true
+        });
+        return config;
+      }
+      config.tokenFactory = () => {
+        let token = authenticationService.getToken();
+        if (!token && typeof localStorage !== "undefined") {
+          try {
+            token = localStorage.getItem("authToken");
+          } catch {
+          }
+        }
+        if (!token) {
+          try {
+            const { useAuthenticationStore: useAuthenticationStore2 } = require("../../store/authenticationStore");
+            const authStore = useAuthenticationStore2.getState();
+            token = authStore.token;
+          } catch {
+          }
+        }
+        debugLogger.info("AIProviderInit: Token factory resolved auth token", {
+          hasToken: !!token
+        });
+        return token;
+      };
+    }
+    return config;
+  }
 };
 var aiProviderInitService = AIProviderInitService.getInstance();