@chatpanel/gateway 0.1.9 → 0.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chatpanel/gateway",
-  "version": "0.1.9",
+  "version": "0.2.0",
   "description": "Local privacy gateway — redacts PII out of OpenAI/Anthropic API traffic before it reaches a model, then restores it in the reply. Point opencode, codex, aider, Claude Code, etc. at it.",
   "type": "module",
   "bin": {

package/src/bridge.js

@@ -45,6 +45,28 @@ export function toBridgeMessages(messages) {
     .map((m) => ({ role: m.role, content: flattenContent(m.content) }));
 }
 
+// Open a bridge /chat stream WITH tool specs (pageTools), returning the raw fetch
+// Response so the tool-relay can hold the reader open across the OpenAI round-trip.
+export async function openBridgeChat({ bridgeUrl, agent, token, messages, system, specs, options, signal }) {
+  const res = await fetch(`${bridgeUrl.replace(/\/$/, '')}/chat`, {
+    method: 'POST',
+    headers: { 'content-type': 'application/json', ...(token ? { authorization: `Bearer ${token}` } : {}) },
+    body: JSON.stringify({
+      agent,
+      messages: toBridgeMessages(messages),
+      system: system || '',
+      options: options || {},
+      ...(Array.isArray(specs) && specs.length ? { pageTools: { specs } } : {}),
+    }),
+    signal,
+  });
+  if (!res.ok || !res.body) {
+    const detail = await res.text().catch(() => '');
+    throw new Error(`bridge /chat HTTP ${res.status}${detail ? `: ${detail.slice(0, 200)}` : ''}`);
+  }
+  return res;
+}
+
 // Stream a turn through the bridge. Calls onText(restorableChunk) for each delta
 // of model text and returns the full (un-restored) text. Throws on bridge error.
 export async function streamBridgeChat({ bridgeUrl, agent, token, messages, system, options, signal }, onText) {

package/src/config.js

@@ -20,6 +20,12 @@ const DEFAULTS = {
   //            BYO keys, OpenRouter, …). Client passes its own auth through.
   backend: 'bridge',
 
+  // Model router: the gateway routes each request to a destination by the model
+  // name the client asks for. Empty = derive destinations from backend/bridge/
+  // upstreams below (back-compat). Each entry:
+  //   { id, type:'agent'|'api', agent?, baseUrl?, protocol?, models:[..] }
+  destinations: [],
+
   // Security: legitimate clients (opencode/pi/codex/SDKs) are local processes that
   // send NO Origin header. A browser always attaches one. So we REJECT any request
   // bearing an Origin not in this allowlist — this stops a malicious web page from

package/src/configstore.js

@@ -29,6 +29,7 @@ export function persistConfig(cfg, path = configPath()) {
 export function publicConfig(cfg, { proUnlocked = false } = {}) {
   return {
     backend: cfg.backend,
+    destinations: Array.isArray(cfg.destinations) ? cfg.destinations : [],
     bridge: { url: cfg.bridge?.url, agent: cfg.bridge?.agent, hasToken: !!cfg.bridge?.token },
     upstreams: cfg.upstreams,
     redaction: {
@@ -48,6 +49,16 @@ export function publicConfig(cfg, { proUnlocked = false } = {}) {
 // Merge an editable patch into the live cfg. Only known fields; ignores the rest.
 export function applyConfigPatch(cfg, patch = {}) {
   if (patch.backend === 'bridge' || patch.backend === 'api') cfg.backend = patch.backend;
+  if (Array.isArray(patch.destinations)) {
+    cfg.destinations = patch.destinations
+      .filter((d) => d && typeof d.id === 'string' && (d.type === 'agent' || d.type === 'api'))
+      .map((d) => ({
+        id: d.id, type: d.type,
+        ...(d.type === 'agent' ? { agent: d.agent || d.id } : {}),
+        ...(d.type === 'api' ? { baseUrl: String(d.baseUrl || ''), protocol: d.protocol === 'anthropic' ? 'anthropic' : 'openai' } : {}),
+        models: Array.isArray(d.models) ? d.models.filter((m) => typeof m === 'string' && m) : [],
+      }));
+  }
   if (patch.bridge && typeof patch.bridge === 'object') {
     if (typeof patch.bridge.url === 'string') cfg.bridge.url = patch.bridge.url;
     if (typeof patch.bridge.agent === 'string') cfg.bridge.agent = patch.bridge.agent;

package/src/router.js

@@ -0,0 +1,57 @@
+// Model router: the gateway exposes one localhost endpoint, and routes each
+// request to a DESTINATION by the model name the client asks for. A destination
+// is either a CLI agent (driven via the bridge, subscription login) or an API
+// (forwarded to a provider/local server, client brings the key).
+//
+//   destination = {
+//     id,                       unique name (also a valid model alias)
+//     type: 'agent' | 'api',
+//     agent,                    (agent) bridge agent id: codex/claude/opencode/pi
+//     baseUrl, protocol,        (api) where to forward + 'openai'|'anthropic'
+//     models: [..],             models this destination serves (for /v1/models)
+//   }
+//
+// /v1/models aggregates every destination's models so clients can discover them.
+
+// Back-compat: if no destinations are configured, synthesize them from the legacy
+// backend/upstreams config so existing installs keep working unchanged.
+export function listDestinations(cfg) {
+  if (Array.isArray(cfg.destinations) && cfg.destinations.length) return cfg.destinations;
+  if (cfg.backend === 'api') {
+    return [
+      { id: 'openai', type: 'api', protocol: 'openai', baseUrl: cfg.upstreams?.openai?.baseUrl, models: [] },
+      { id: 'anthropic', type: 'api', protocol: 'anthropic', baseUrl: cfg.upstreams?.anthropic?.baseUrl, models: [] },
+    ];
+  }
+  const agents = [...new Set([cfg.bridge?.agent || 'codex', 'codex', 'claude', 'opencode', 'pi'])];
+  return agents.map((a) => ({ id: a, type: 'agent', agent: a, models: [a] }));
+}
+
+// Pick the destination that serves `model` (explicit membership → id/agent match →
+// a same-protocol fallback → the first destination).
+export function resolveDestination(model, cfg, kind) {
+  const dests = listDestinations(cfg);
+  const wantsAnthropic = kind === 'anthropic';
+  return (
+    (model && dests.find((d) => Array.isArray(d.models) && d.models.includes(model)))
+    || (model && dests.find((d) => d.id === model || d.agent === model))
+    || dests.find((d) => d.type === 'agent' || (wantsAnthropic ? d.protocol === 'anthropic' : d.protocol !== 'anthropic'))
+    || dests[0]
+    || null
+  );
+}
+
+// Aggregate every destination's models for GET /v1/models.
+export function aggregateModels(cfg) {
+  const data = [];
+  const seen = new Set();
+  for (const d of listDestinations(cfg)) {
+    const models = (Array.isArray(d.models) && d.models.length) ? d.models : [d.id];
+    for (const m of models) {
+      if (!m || seen.has(m)) continue;
+      seen.add(m);
+      data.push({ id: m, object: 'model', owned_by: d.type === 'agent' ? 'chatpanel-bridge' : (d.id || 'api') });
+    }
+  }
+  return { object: 'list', data };
+}

package/src/server.js

@@ -27,11 +27,12 @@ import { shaperFor } from './shape.js';
 import { startNer } from './ner.js';
 import { resolvePro, meter, usage } from './freegate.js';
 import { publicConfig, applyConfigPatch, persistConfig, configPath } from './configstore.js';
+import { resolveDestination, aggregateModels } from './router.js';
 import * as openai from './openai.js';
 import * as responses from './responses.js';
 import * as anthropic from './anthropic.js';
 
-export const VERSION = '0.1.9';
+export const VERSION = '0.2.0';
 
 const KNOWN_AGENTS = new Set(['codex', 'claude', 'opencode', 'pi', 'kiro', 'antigravity']);
 
@@ -110,17 +111,13 @@ function forwardHeaders(headers, base) {
 
 // ---- backend: bridge -------------------------------------------------------
 
-async function handleBridge(req, res, { kind, adapter, redactable, pathname }, body, vault, cfg) {
+async function handleBridge(req, res, { kind, adapter, redactable, pathname, agentOverride }, body, vault, cfg) {
   if (!redactable) {
-    if (/\/models$/.test(pathname)) {
-      const agents = [...new Set([cfg.bridge.agent, 'codex', 'claude', 'opencode', 'pi'])];
-      return sendJson(res, 200, { object: 'list', data: agents.map((id) => ({ id, object: 'model', owned_by: 'chatpanel-bridge' })) });
-    }
     return sendJson(res, 404, { error: `endpoint ${pathname} not supported by the bridge backend` });
   }
 
   const { messages, system } = adapter.toTurn(body);
-  const agent = pickAgent(body?.model, cfg);
+  const agent = agentOverride || pickAgent(body?.model, cfg);
   const wantStream = body?.stream === true;
   const shaper = shaperFor(kind, body?.model || agent);
   const token = readBridgeToken(cfg.bridge.token);
@@ -235,6 +232,11 @@ export function createGateway(cfg = loadConfig()) {
       return sendJson(res, 200, publicConfig(cfg, { proUnlocked }));
     }
 
+    // Model discovery — aggregate every destination's models.
+    if (req.method === 'GET' && /\/models$/.test(pathname)) {
+      return sendJson(res, 200, aggregateModels(cfg));
+    }
+
     const r = route(pathname, req.headers, cfg);
     let raw;
     try {
@@ -267,17 +269,20 @@ export function createGateway(cfg = loadConfig()) {
         const { vault: v, count } = await redactSegments(segs, cfg.redaction, { signal: ac.signal, isPro });
         vault = v;
         outBody = Buffer.from(JSON.stringify(body), 'utf8');
-        if (cfg.logRequests) console.log(`[gateway] ${req.method} ${pathname} · redacted ${count}/${segs.length} segment(s) · ${cfg.backend}`);
       }
-    } else if (cfg.logRequests) {
-      console.log(`[gateway] ${req.method} ${pathname} · ${cfg.backend}`);
     }
 
-    if (cfg.backend === 'bridge') {
-      return handleBridge(req, res, { ...r, pathname }, body, vault, cfg);
+    // Route by the requested model → a destination (agent via the bridge, or an
+    // API we forward to). Falls back to the legacy backend when none configured.
+    const dest = resolveDestination(body?.model, cfg, r.kind);
+    if (cfg.logRequests) {
+      console.log(`[gateway] ${req.method} ${pathname} · model=${body?.model || '-'} → ${dest ? `${dest.id}(${dest.type})` : 'none'}`);
+    }
+    if (dest && dest.type === 'api') {
+      if (!dest.baseUrl) return sendJson(res, 502, { error: `destination "${dest.id}" has no baseUrl` });
+      return handleApi(req, res, { ...r, pathname, search: url.search, base: dest.baseUrl }, outBody, vault);
     }
-    if (!r.base) return sendJson(res, 502, { error: 'no upstream configured' });
-    return handleApi(req, res, { ...r, pathname, search: url.search }, outBody, vault);
+    return handleBridge(req, res, { ...r, pathname, agentOverride: dest?.agent }, body, vault, cfg);
   });
 }
 

package/src/toolrelay.js

@@ -0,0 +1,99 @@
+// Tool-call relay for the bridge backend.
+//
+// The bridge relays a CLI agent's tool calls MID-SESSION: it emits a
+// `tool_request` over the /chat SSE and pauses the agent until a POST /tool-result
+// arrives. OpenAI function-calling is the opposite — the model returns `tool_calls`,
+// the response ENDS, and the client re-requests with results. To bridge the two we
+// keep the codex /chat stream OPEN across the OpenAI round-trip:
+//
+//   1. open bridge /chat with the client's tools as pageTools.specs
+//   2. read SSE; on `tool_request` → emit OpenAI tool_calls, finish_reason:tool_calls,
+//      and PARK the session (reader stays open; codex is paused on the bridge side)
+//   3. on the client's follow-up request (carrying the tool result + tool_call_id) →
+//      POST /tool-result to the bridge and RESUME reading the same stream
+//
+// Tool args are restored on the way out (so the client runs on real values) and
+// the result is redacted on the way back (so codex only sees placeholders).
+
+import { randomUUID } from 'node:crypto';
+import { restoreDeep, redactText, createVault } from '@chatpanel/pii';
+
+const sessions = new Map(); // gwSessionId -> { reader, decoder, buf, bridgeSessionId, toolId, vault, redactOpts, bridgeUrl, token }
+
+// Encode/decode the gateway session into the OpenAI tool_call id so the client
+// echoes it back on the follow-up request, letting us find the parked session.
+const encodeToolCallId = (gwId, toolId) => `gwtr_${gwId}_${toolId}`;
+export function parseToolCallId(id) {
+  const m = /^gwtr_([^_]+)_(.+)$/.exec(String(id || ''));
+  return m ? { gwId: m[1], toolId: m[2] } : null;
+}
+
+// Map OpenAI `tools` → the bridge's pageTools.specs ({ name, description, parameters }).
+export function toolsToSpecs(tools) {
+  return (Array.isArray(tools) ? tools : [])
+    .filter((t) => t && t.type === 'function' && t.function?.name)
+    .map((t) => ({ name: t.function.name, description: t.function.description || '', parameters: t.function.parameters || { type: 'object', properties: {} } }));
+}
+
+export function createRelaySession({ vault, redactOpts, bridgeUrl, token }) {
+  const id = randomUUID().slice(0, 8);
+  const s = { id, reader: null, decoder: new TextDecoder(), buf: '', bridgeSessionId: null, toolId: null, vault: vault || createVault(), redactOpts: redactOpts || { tier: 'basic' }, bridgeUrl, token, done: false };
+  sessions.set(id, s);
+  return s;
+}
+export const getRelaySession = (id) => sessions.get(id);
+export function endRelaySession(id) {
+  const s = sessions.get(id);
+  if (s?.reader) { try { s.reader.cancel(); } catch { /* ignore */ } }
+  sessions.delete(id);
+}
+
+// Drain one SSE event block ("data: {json}\n\n") at a time from the held reader,
+// dispatching to handlers until a tool_request parks us or the stream is done.
+//   handlers: { onText(restorableText), onToolRequest({name, restoredArgs, toolId, bridgeSessionId}), onDone(), onError(err) }
+// Returns 'parked' (hit a tool_request) or 'done'.
+export async function pumpBridgeStream(s, handlers) {
+  for (;;) {
+    let nl;
+    while ((nl = s.buf.indexOf('\n\n')) !== -1) {
+      const block = s.buf.slice(0, nl);
+      s.buf = s.buf.slice(nl + 2);
+      for (const line of block.split('\n')) {
+        const t = line.trim();
+        if (!t.startsWith('data:')) continue;
+        const payload = t.slice(5).trim();
+        if (!payload || payload === '[DONE]') continue;
+        let evt; try { evt = JSON.parse(payload); } catch { continue; }
+        if (evt.type === 'delta' && typeof evt.text === 'string') {
+          handlers.onText(evt.text);
+        } else if (evt.type === 'tool_request') {
+          s.bridgeSessionId = evt.session; s.toolId = evt.id;
+          // restore placeholders so the CLIENT runs the tool on REAL values
+          const restoredArgs = restoreDeep(evt.input ?? {}, s.vault);
+          handlers.onToolRequest({ name: evt.name, restoredArgs, toolId: encodeToolCallId(s.id, evt.id) });
+          return 'parked';
+        } else if (evt.type === 'done') {
+          s.done = true; handlers.onDone?.(); return 'done';
+        } else if (evt.type === 'error') {
+          handlers.onError?.(new Error(evt.error || 'bridge error')); return 'done';
+        }
+        // status / reasoning / tool (summary) events are ignored
+      }
+    }
+    const { done, value } = await s.reader.read();
+    if (done) { s.done = true; handlers.onDone?.(); return 'done'; }
+    s.buf += s.decoder.decode(value, { stream: true });
+  }
+}
+
+// Deliver a client's tool result back to the parked codex session: redact it (so
+// codex sees placeholders) and POST /tool-result; the bridge then resumes the run.
+export async function deliverToolResult(s, content) {
+  const redacted = redactText(typeof content === 'string' ? content : JSON.stringify(content), s.vault, s.redactOpts);
+  const res = await fetch(`${s.bridgeUrl.replace(/\/$/, '')}/tool-result`, {
+    method: 'POST',
+    headers: { 'content-type': 'application/json', ...(s.token ? { authorization: `Bearer ${s.token}` } : {}) },
+    body: JSON.stringify({ session: s.bridgeSessionId, id: s.toolId, result: redacted }),
+  });
+  if (!res.ok) throw new Error(`bridge /tool-result HTTP ${res.status}`);
+}