@byoky/core 0.2.0 → 0.4.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 byoky contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.cjs

@@ -24,19 +24,39 @@ __export(index_exports, {
   BYOKY_PROVIDER_KEY: () => BYOKY_PROVIDER_KEY,
   ByokyError: () => ByokyError,
   ByokyErrorCode: () => ByokyErrorCode,
+  MIN_PASSWORD_LENGTH: () => MIN_PASSWORD_LENGTH,
   PROVIDERS: () => PROVIDERS,
+  WS_READY_STATE: () => WS_READY_STATE,
+  buildHeaders: () => buildHeaders,
+  checkPasswordStrength: () => checkPasswordStrength,
+  computeAllowanceCheck: () => computeAllowanceCheck,
   createConnectRequest: () => createConnectRequest,
   createConnectResponse: () => createConnectResponse,
   createErrorMessage: () => createErrorMessage,
+  createGiftLink: () => createGiftLink,
   createMessage: () => createMessage,
+  decodeGiftLink: () => decodeGiftLink,
   decrypt: () => decrypt,
   deriveKey: () => deriveKey,
+  encodeGiftLink: () => encodeGiftLink,
   encrypt: () => encrypt,
+  extractUsageFromParsed: () => extractUsageFromParsed,
   getProvider: () => getProvider,
   getProviderIds: () => getProviderIds,
+  giftBudgetPercent: () => giftBudgetPercent,
+  giftBudgetRemaining: () => giftBudgetRemaining,
+  giftLinkToUrl: () => giftLinkToUrl,
   hashPassword: () => hashPassword,
   isByokyMessage: () => isByokyMessage,
+  isGiftBudgetExhausted: () => isGiftBudgetExhausted,
+  isGiftExpired: () => isGiftExpired,
   maskKey: () => maskKey,
+  parseModel: () => parseModel,
+  parseRelayMessage: () => parseRelayMessage,
+  parseUsage: () => parseUsage,
+  sendRelayMessage: () => sendRelayMessage,
+  validateGiftLink: () => validateGiftLink,
+  validateProxyUrl: () => validateProxyUrl,
   verifyPassword: () => verifyPassword
 });
 module.exports = __toCommonJS(index_exports);
@@ -52,6 +72,8 @@ var ByokyErrorCode = /* @__PURE__ */ ((ByokyErrorCode2) => {
   ByokyErrorCode2["INVALID_KEY"] = "INVALID_KEY";
   ByokyErrorCode2["TOKEN_EXPIRED"] = "TOKEN_EXPIRED";
   ByokyErrorCode2["PROXY_ERROR"] = "PROXY_ERROR";
+  ByokyErrorCode2["RELAY_CONNECTION_FAILED"] = "RELAY_CONNECTION_FAILED";
+  ByokyErrorCode2["RELAY_DISCONNECTED"] = "RELAY_DISCONNECTED";
   ByokyErrorCode2["UNKNOWN"] = "UNKNOWN";
   return ByokyErrorCode2;
 })(ByokyErrorCode || {});
@@ -136,7 +158,11 @@ async function verifyPassword(password, storedHash) {
   const originalHash = combined.slice(SALT_LENGTH);
   const newHash = await deriveRawHash(password, salt);
   if (originalHash.length !== newHash.length) return false;
-  return originalHash.every((byte, i) => byte === newHash[i]);
+  let result = 0;
+  for (let i = 0; i < originalHash.length; i++) {
+    result |= originalHash[i] ^ newHash[i];
+  }
+  return result === 0;
 }
 function maskKey(key) {
   if (key.length <= 8) return "****";
@@ -204,6 +230,18 @@ var ByokyError = class _ByokyError extends Error {
       { providerId }
     );
   }
+  static relayConnectionFailed(reason) {
+    return new _ByokyError(
+      "RELAY_CONNECTION_FAILED" /* RELAY_CONNECTION_FAILED */,
+      `Relay connection failed${reason ? `: ${reason}` : ""}`
+    );
+  }
+  static relayDisconnected() {
+    return new _ByokyError(
+      "RELAY_DISCONNECTED" /* RELAY_DISCONNECTED */,
+      "Relay connection was closed"
+    );
+  }
 };
 
 // src/protocol.ts
@@ -247,8 +285,93 @@ var PROVIDERS = {
   gemini: {
     id: "gemini",
     name: "Google Gemini",
+    authMethods: ["api_key", "oauth"],
+    baseUrl: "https://generativelanguage.googleapis.com",
+    oauthConfig: {
+      clientId: "699663966637-gr4d994198r4g6jvip25ffg85kree6ck.apps.googleusercontent.com",
+      authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+      tokenUrl: "https://oauth2.googleapis.com/token",
+      scopes: ["https://www.googleapis.com/auth/generative-language"],
+      extraAuthParams: { access_type: "offline", prompt: "consent" }
+    }
+  },
+  mistral: {
+    id: "mistral",
+    name: "Mistral",
+    authMethods: ["api_key"],
+    baseUrl: "https://api.mistral.ai"
+  },
+  cohere: {
+    id: "cohere",
+    name: "Cohere",
+    authMethods: ["api_key"],
+    baseUrl: "https://api.cohere.com"
+  },
+  xai: {
+    id: "xai",
+    name: "xAI (Grok)",
+    authMethods: ["api_key"],
+    baseUrl: "https://api.x.ai"
+  },
+  deepseek: {
+    id: "deepseek",
+    name: "DeepSeek",
+    authMethods: ["api_key"],
+    baseUrl: "https://api.deepseek.com"
+  },
+  perplexity: {
+    id: "perplexity",
+    name: "Perplexity",
+    authMethods: ["api_key"],
+    baseUrl: "https://api.perplexity.ai"
+  },
+  groq: {
+    id: "groq",
+    name: "Groq",
+    authMethods: ["api_key"],
+    baseUrl: "https://api.groq.com"
+  },
+  together: {
+    id: "together",
+    name: "Together AI",
     authMethods: ["api_key"],
-    baseUrl: "https://generativelanguage.googleapis.com"
+    baseUrl: "https://api.together.xyz"
+  },
+  fireworks: {
+    id: "fireworks",
+    name: "Fireworks AI",
+    authMethods: ["api_key"],
+    baseUrl: "https://api.fireworks.ai"
+  },
+  replicate: {
+    id: "replicate",
+    name: "Replicate",
+    authMethods: ["api_key"],
+    baseUrl: "https://api.replicate.com"
+  },
+  openrouter: {
+    id: "openrouter",
+    name: "OpenRouter",
+    authMethods: ["api_key"],
+    baseUrl: "https://openrouter.ai/api"
+  },
+  huggingface: {
+    id: "huggingface",
+    name: "Hugging Face",
+    authMethods: ["api_key", "oauth"],
+    baseUrl: "https://api-inference.huggingface.co",
+    oauthConfig: {
+      clientId: "031aeb11-725b-498a-93f9-d3599d84f57c",
+      authorizationUrl: "https://huggingface.co/oauth/authorize",
+      tokenUrl: "https://huggingface.co/oauth/token",
+      scopes: ["inference-api"]
+    }
+  },
+  azure_openai: {
+    id: "azure_openai",
+    name: "Azure OpenAI",
+    authMethods: ["api_key"],
+    baseUrl: "https://YOUR_RESOURCE.openai.azure.com"
   }
 };
 function getProvider(id) {
@@ -257,25 +380,369 @@ function getProvider(id) {
 function getProviderIds() {
   return Object.keys(PROVIDERS);
 }
+
+// src/relay.ts
+var WS_READY_STATE = {
+  CONNECTING: 0,
+  OPEN: 1,
+  CLOSING: 2,
+  CLOSED: 3
+};
+function parseRelayMessage(data) {
+  try {
+    const raw = typeof data === "string" ? JSON.parse(data) : data;
+    if (!raw || typeof raw !== "object" || typeof raw.type !== "string" || !raw.type.startsWith("relay:")) {
+      return null;
+    }
+    switch (raw.type) {
+      case "relay:hello":
+        if (typeof raw.sessionId !== "string") return null;
+        break;
+      case "relay:request":
+        if (typeof raw.requestId !== "string" || typeof raw.providerId !== "string" || typeof raw.url !== "string" || typeof raw.method !== "string") return null;
+        break;
+      case "relay:response:meta":
+        if (typeof raw.requestId !== "string" || typeof raw.status !== "number") return null;
+        break;
+      case "relay:response:chunk":
+        if (typeof raw.requestId !== "string" || typeof raw.chunk !== "string") return null;
+        break;
+      case "relay:response:done":
+      case "relay:response:error":
+        if (typeof raw.requestId !== "string") return null;
+        break;
+      case "relay:ping":
+      case "relay:pong":
+        if (typeof raw.ts !== "number") return null;
+        break;
+      default:
+        return null;
+    }
+    return raw;
+  } catch {
+    return null;
+  }
+}
+function sendRelayMessage(ws, msg) {
+  if (ws.readyState === WS_READY_STATE.OPEN) {
+    ws.send(JSON.stringify(msg));
+  }
+}
+
+// src/password-strength.ts
+var COMMON_PASSWORDS = /* @__PURE__ */ new Set([
+  "password",
+  "12345678",
+  "qwerty12",
+  "letmein12",
+  "welcome1",
+  "monkey12",
+  "dragon12",
+  "master12",
+  "abc12345",
+  "password1",
+  "password12",
+  "iloveyou1",
+  "sunshine1",
+  "trustno1",
+  "princess1",
+  "football1",
+  "shadow123",
+  "michael1",
+  "jordan123",
+  "superman1"
+]);
+function checkPasswordStrength(password) {
+  const feedback = [];
+  let score = 0;
+  if (password.length < 12) {
+    feedback.push("Use at least 12 characters");
+    if (password.length < 8) {
+      return { score: 0, label: "Too weak", feedback };
+    }
+  } else {
+    score++;
+    if (password.length >= 16) score++;
+  }
+  if (COMMON_PASSWORDS.has(password.toLowerCase())) {
+    feedback.push("This is a commonly used password");
+    return { score: 0, label: "Too weak", feedback };
+  }
+  const hasLower = /[a-z]/.test(password);
+  const hasUpper = /[A-Z]/.test(password);
+  const hasDigit = /\d/.test(password);
+  const hasSymbol = /[^a-zA-Z0-9]/.test(password);
+  const charTypes = [hasLower, hasUpper, hasDigit, hasSymbol].filter(Boolean).length;
+  if (charTypes < 2) {
+    feedback.push("Mix uppercase, lowercase, numbers, and symbols");
+  } else if (charTypes >= 3) {
+    score++;
+  }
+  if (charTypes >= 4) {
+    score++;
+  }
+  if (/(.)\1{3,}/.test(password)) {
+    feedback.push("Avoid repeated characters");
+    score = Math.max(0, score - 1);
+  }
+  if (/(?:012|123|234|345|456|567|678|789|abc|bcd|cde|def)/i.test(password)) {
+    feedback.push("Avoid sequential patterns");
+    score = Math.max(0, score - 1);
+  }
+  const capped = Math.min(4, Math.max(0, score));
+  const labels = {
+    0: "Too weak",
+    1: "Weak",
+    2: "Fair",
+    3: "Strong",
+    4: "Very strong"
+  };
+  if (feedback.length === 0 && capped < 3) {
+    feedback.push("Add more character variety or length");
+  }
+  return { score: capped, label: labels[capped], feedback };
+}
+var MIN_PASSWORD_LENGTH = 12;
+
+// src/proxy-utils.ts
+function validateProxyUrl(providerId, url) {
+  const provider = PROVIDERS[providerId];
+  if (!provider) return false;
+  try {
+    const target = new URL(url);
+    if (target.protocol !== "https:") return false;
+    const base = new URL(provider.baseUrl);
+    return target.origin === base.origin;
+  } catch {
+    return false;
+  }
+}
+function buildHeaders(providerId, requestHeaders, apiKey, authMethod = "api_key") {
+  const headers = {};
+  for (const [key, value] of Object.entries(requestHeaders)) {
+    headers[key.toLowerCase()] = value;
+  }
+  delete headers["authorization"];
+  delete headers["x-api-key"];
+  delete headers["api-key"];
+  delete headers["origin"];
+  delete headers["referer"];
+  for (const key of Object.keys(headers)) {
+    if (key.startsWith("x-stainless-")) delete headers[key];
+  }
+  delete headers["sec-fetch-mode"];
+  delete headers["accept-language"];
+  delete headers["accept-encoding"];
+  delete headers["content-length"];
+  if (providerId === "anthropic") {
+    if (authMethod === "oauth") {
+      headers["authorization"] = `Bearer ${apiKey}`;
+      headers["user-agent"] = "claude-cli/2.1.76";
+      headers["x-app"] = "cli";
+      headers["accept"] = "application/json";
+      headers["anthropic-beta"] = "claude-code-20250219,oauth-2025-04-20,fine-grained-tool-streaming-2025-05-14,interleaved-thinking-2025-05-14";
+      headers["anthropic-dangerous-direct-browser-access"] = "true";
+    } else {
+      headers["x-api-key"] = apiKey;
+    }
+    headers["anthropic-version"] = headers["anthropic-version"] ?? "2023-06-01";
+  } else if (providerId === "azure_openai") {
+    headers["api-key"] = apiKey;
+  } else {
+    headers["authorization"] = `Bearer ${apiKey}`;
+  }
+  return headers;
+}
+function parseModel(body) {
+  if (!body) return void 0;
+  try {
+    const parsed = JSON.parse(body);
+    return parsed.model ?? void 0;
+  } catch {
+    return void 0;
+  }
+}
+function parseUsage(providerId, body) {
+  try {
+    if (body.includes("data: ")) {
+      const lines = body.split("\n").filter((l) => l.startsWith("data: ") && !l.includes("[DONE]"));
+      for (let i = lines.length - 1; i >= 0; i--) {
+        const json = lines[i].replace("data: ", "");
+        try {
+          const parsed2 = JSON.parse(json);
+          const usage = extractUsageFromParsed(providerId, parsed2);
+          if (usage) return usage;
+        } catch {
+          continue;
+        }
+      }
+      return void 0;
+    }
+    const parsed = JSON.parse(body);
+    return extractUsageFromParsed(providerId, parsed);
+  } catch {
+    return void 0;
+  }
+}
+function extractUsageFromParsed(providerId, parsed) {
+  if (providerId === "anthropic") {
+    const usage2 = parsed.usage;
+    if (usage2?.input_tokens != null && usage2?.output_tokens != null) {
+      return { inputTokens: usage2.input_tokens, outputTokens: usage2.output_tokens };
+    }
+  }
+  if (providerId === "gemini") {
+    const meta = parsed.usageMetadata;
+    if (meta?.promptTokenCount != null) {
+      return {
+        inputTokens: meta.promptTokenCount,
+        outputTokens: meta.candidatesTokenCount ?? 0
+      };
+    }
+  }
+  const usage = parsed.usage;
+  if (usage?.prompt_tokens != null && usage?.completion_tokens != null) {
+    return { inputTokens: usage.prompt_tokens, outputTokens: usage.completion_tokens };
+  }
+  return void 0;
+}
+function computeAllowanceCheck(allowance, entries, providerId) {
+  if (!allowance) return { allowed: true };
+  let totalUsed = 0;
+  const byProvider = {};
+  for (const entry of entries) {
+    const tokens = (entry.inputTokens ?? 0) + (entry.outputTokens ?? 0);
+    totalUsed += tokens;
+    byProvider[entry.providerId] = (byProvider[entry.providerId] ?? 0) + tokens;
+  }
+  if (allowance.totalLimit != null && totalUsed >= allowance.totalLimit) {
+    return { allowed: false, reason: `Token allowance exceeded for ${allowance.origin}` };
+  }
+  const providerLimit = allowance.providerLimits?.[providerId];
+  if (providerLimit != null && (byProvider[providerId] ?? 0) >= providerLimit) {
+    return { allowed: false, reason: `Token allowance for ${providerId} exceeded` };
+  }
+  return { allowed: true };
+}
+
+// src/gift.ts
+function encodeGiftLink(link) {
+  const json = JSON.stringify(link);
+  const bytes = new TextEncoder().encode(json);
+  return base64UrlEncode(bytes);
+}
+function decodeGiftLink(encoded) {
+  try {
+    const clean = encoded.replace(/^byoky:\/\/gift\//, "");
+    const bytes = base64UrlDecode(clean);
+    const json = new TextDecoder().decode(bytes);
+    const parsed = JSON.parse(json);
+    if (parsed.v !== 1) return null;
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+function giftLinkToUrl(encoded) {
+  return `byoky://gift/${encoded}`;
+}
+function validateGiftLink(link) {
+  if (link.v !== 1) return { valid: false, reason: "Unsupported gift version" };
+  if (!link.id || typeof link.id !== "string") return { valid: false, reason: "Missing gift ID" };
+  if (!link.p || typeof link.p !== "string") return { valid: false, reason: "Missing provider" };
+  if (!link.t || typeof link.t !== "string") return { valid: false, reason: "Missing auth token" };
+  if (!link.r || typeof link.r !== "string") return { valid: false, reason: "Missing relay URL" };
+  if (typeof link.m !== "number" || link.m <= 0) return { valid: false, reason: "Invalid token budget" };
+  if (typeof link.e !== "number" || link.e <= Date.now()) return { valid: false, reason: "Gift has expired" };
+  try {
+    const url = new URL(link.r);
+    if (url.protocol !== "ws:" && url.protocol !== "wss:") {
+      return { valid: false, reason: "Relay URL must use ws:// or wss://" };
+    }
+  } catch {
+    return { valid: false, reason: "Invalid relay URL" };
+  }
+  return { valid: true };
+}
+function isGiftExpired(gift) {
+  return gift.expiresAt <= Date.now();
+}
+function isGiftBudgetExhausted(gift) {
+  return gift.usedTokens >= gift.maxTokens;
+}
+function giftBudgetRemaining(gift) {
+  return Math.max(0, gift.maxTokens - gift.usedTokens);
+}
+function giftBudgetPercent(gift) {
+  if (gift.maxTokens === 0) return 100;
+  return Math.min(100, Math.round(gift.usedTokens / gift.maxTokens * 100));
+}
+function createGiftLink(gift) {
+  const provider = PROVIDERS[gift.providerId];
+  const link = {
+    v: 1,
+    id: gift.id,
+    p: gift.providerId,
+    n: provider?.name ?? gift.providerId,
+    s: gift.label,
+    t: gift.authToken,
+    m: gift.maxTokens,
+    e: gift.expiresAt,
+    r: gift.relayUrl
+  };
+  return { encoded: encodeGiftLink(link), link };
+}
+function base64UrlEncode(bytes) {
+  let binary = "";
+  for (const byte of bytes) binary += String.fromCharCode(byte);
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function base64UrlDecode(str) {
+  const padded = str.replace(/-/g, "+").replace(/_/g, "/");
+  const binary = atob(padded);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+  return bytes;
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   BYOKY_MESSAGE_PREFIX,
   BYOKY_PROVIDER_KEY,
   ByokyError,
   ByokyErrorCode,
+  MIN_PASSWORD_LENGTH,
   PROVIDERS,
+  WS_READY_STATE,
+  buildHeaders,
+  checkPasswordStrength,
+  computeAllowanceCheck,
   createConnectRequest,
   createConnectResponse,
   createErrorMessage,
+  createGiftLink,
   createMessage,
+  decodeGiftLink,
   decrypt,
   deriveKey,
+  encodeGiftLink,
   encrypt,
+  extractUsageFromParsed,
   getProvider,
   getProviderIds,
+  giftBudgetPercent,
+  giftBudgetRemaining,
+  giftLinkToUrl,
   hashPassword,
   isByokyMessage,
+  isGiftBudgetExhausted,
+  isGiftExpired,
   maskKey,
+  parseModel,
+  parseRelayMessage,
+  parseUsage,
+  sendRelayMessage,
+  validateGiftLink,
+  validateProxyUrl,
   verifyPassword
 });
 //# sourceMappingURL=index.cjs.map