@chatpanel/gateway 0.2.0 → 0.2.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chatpanel/gateway",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Local privacy gateway — redacts PII out of OpenAI/Anthropic API traffic before it reaches a model, then restores it in the reply. Point opencode, codex, aider, Claude Code, etc. at it.",
   "type": "module",
   "bin": {

package/src/configstore.js

@@ -29,7 +29,8 @@ export function persistConfig(cfg, path = configPath()) {
 export function publicConfig(cfg, { proUnlocked = false } = {}) {
   return {
     backend: cfg.backend,
-    destinations: Array.isArray(cfg.destinations) ? cfg.destinations : [],
+    // Strip per-destination apiKey (write-only).
+    destinations: (Array.isArray(cfg.destinations) ? cfg.destinations : []).map((d) => { const { apiKey, ...rest } = d; return { ...rest, hasKey: !!apiKey }; }),
     bridge: { url: cfg.bridge?.url, agent: cfg.bridge?.agent, hasToken: !!cfg.bridge?.token },
     upstreams: cfg.upstreams,
     redaction: {
@@ -50,14 +51,22 @@ export function publicConfig(cfg, { proUnlocked = false } = {}) {
 export function applyConfigPatch(cfg, patch = {}) {
   if (patch.backend === 'bridge' || patch.backend === 'api') cfg.backend = patch.backend;
   if (Array.isArray(patch.destinations)) {
+    // Preserve a destination's apiKey when the patch omits it (it's write-only —
+    // publicConfig strips it, so the UI never round-trips it back).
+    const prev = new Map((Array.isArray(cfg.destinations) ? cfg.destinations : []).map((d) => [d.id, d]));
     cfg.destinations = patch.destinations
       .filter((d) => d && typeof d.id === 'string' && (d.type === 'agent' || d.type === 'api'))
-      .map((d) => ({
-        id: d.id, type: d.type,
-        ...(d.type === 'agent' ? { agent: d.agent || d.id } : {}),
-        ...(d.type === 'api' ? { baseUrl: String(d.baseUrl || ''), protocol: d.protocol === 'anthropic' ? 'anthropic' : 'openai' } : {}),
-        models: Array.isArray(d.models) ? d.models.filter((m) => typeof m === 'string' && m) : [],
-      }));
+      .map((d) => {
+        const out = { id: d.id, type: d.type, models: Array.isArray(d.models) ? d.models.filter((m) => typeof m === 'string' && m) : [] };
+        if (d.type === 'agent') out.agent = d.agent || d.id;
+        if (d.type === 'api') {
+          out.baseUrl = String(d.baseUrl || '');
+          out.protocol = d.protocol === 'anthropic' ? 'anthropic' : 'openai';
+          const key = (typeof d.apiKey === 'string' && d.apiKey) ? d.apiKey : prev.get(d.id)?.apiKey;
+          if (key) out.apiKey = key;
+        }
+        return out;
+      });
   }
   if (patch.bridge && typeof patch.bridge === 'object') {
     if (typeof patch.bridge.url === 'string') cfg.bridge.url = patch.bridge.url;

package/src/router.js

@@ -41,17 +41,44 @@ export function resolveDestination(model, cfg, kind) {
   );
 }
 
-// Aggregate every destination's models for GET /v1/models.
+// Aggregate every destination's models for GET /v1/models. Agents expose their
+// own name as the model; APIs expose ONLY real model ids (never the destination
+// id — that's a provider name, not a model).
 export function aggregateModels(cfg) {
   const data = [];
   const seen = new Set();
+  const add = (id, owner) => { if (id && !seen.has(id)) { seen.add(id); data.push({ id, object: 'model', owned_by: owner }); } };
   for (const d of listDestinations(cfg)) {
-    const models = (Array.isArray(d.models) && d.models.length) ? d.models : [d.id];
-    for (const m of models) {
-      if (!m || seen.has(m)) continue;
-      seen.add(m);
-      data.push({ id: m, object: 'model', owned_by: d.type === 'agent' ? 'chatpanel-bridge' : (d.id || 'api') });
-    }
+    if (d.type === 'agent') for (const m of (d.models?.length ? d.models : [d.id])) add(m, 'chatpanel-bridge');
+    else for (const m of (d.models || [])) add(m, d.id);
   }
   return { object: 'list', data };
 }
+
+// Async variant: also PROXIES each API destination's own /v1/models to discover
+// real model ids (using its saved key). Fail-open per destination.
+export async function aggregateModelsAsync(cfg, { timeoutMs = 4000 } = {}) {
+  const base = aggregateModels(cfg);
+  const seen = new Set(base.data.map((m) => m.id));
+  const dests = listDestinations(cfg).filter((d) => d.type === 'api' && d.baseUrl);
+  await Promise.all(dests.map(async (d) => {
+    const ctrl = new AbortController();
+    const t = setTimeout(() => ctrl.abort(), timeoutMs);
+    try {
+      const headers = { 'content-type': 'application/json' };
+      if (d.apiKey) {
+        if (d.protocol === 'anthropic') { headers['x-api-key'] = d.apiKey; headers['anthropic-version'] = '2023-06-01'; }
+        else headers.authorization = `Bearer ${d.apiKey}`;
+      }
+      const res = await fetch(`${d.baseUrl.replace(/\/$/, '')}/models`, { headers, signal: ctrl.signal });
+      if (!res.ok) return;
+      const j = await res.json();
+      const list = Array.isArray(j?.data) ? j.data : (Array.isArray(j?.models) ? j.models : []);
+      for (const m of list) {
+        const id = typeof m === 'string' ? m : m?.id;
+        if (id && !seen.has(id)) { seen.add(id); base.data.push({ id, object: 'model', owned_by: d.id }); }
+      }
+    } catch { /* fail-open */ } finally { clearTimeout(t); }
+  }));
+  return base;
+}

package/src/server.js

@@ -27,12 +27,12 @@ import { shaperFor } from './shape.js';
 import { startNer } from './ner.js';
 import { resolvePro, meter, usage } from './freegate.js';
 import { publicConfig, applyConfigPatch, persistConfig, configPath } from './configstore.js';
-import { resolveDestination, aggregateModels } from './router.js';
+import { resolveDestination, aggregateModelsAsync } from './router.js';
 import * as openai from './openai.js';
 import * as responses from './responses.js';
 import * as anthropic from './anthropic.js';
 
-export const VERSION = '0.2.0';
+export const VERSION = '0.2.2';
 
 const KNOWN_AGENTS = new Set(['codex', 'claude', 'opencode', 'pi', 'kiro', 'antigravity']);
 
@@ -71,18 +71,30 @@ const STARTED_AT = Date.now();
 // chat endpoint, and (api backend) which upstream base URL.
 function route(pathname, headers, cfg) {
   if (anthropic.matches(pathname) || 'anthropic-version' in headers) {
-    return { kind: 'anthropic', adapter: anthropic, redactable: anthropic.matches(pathname), base: cfg.upstreams.anthropic.baseUrl };
+    return { kind: 'anthropic', adapter: anthropic, redactable: anthropic.matches(pathname), base: cfg.upstreams?.anthropic?.baseUrl };
   }
   if (responses.matches(pathname)) {
-    return { kind: 'responses', adapter: responses, redactable: true, base: cfg.upstreams.openai.baseUrl };
+    return { kind: 'responses', adapter: responses, redactable: true, base: cfg.upstreams?.openai?.baseUrl };
   }
-  return { kind: 'openai', adapter: openai, redactable: openai.matches(pathname), base: cfg.upstreams.openai.baseUrl };
+  return { kind: 'openai', adapter: openai, redactable: openai.matches(pathname), base: cfg.upstreams?.openai?.baseUrl };
 }
 
 function pickAgent(model, cfg) {
   return KNOWN_AGENTS.has(model) ? model : cfg.bridge.agent;
 }
 
+// Guard against an api destination pointing back at THIS gateway (loopback host +
+// our own port) — forwarding there would loop forever.
+function isSelfUrl(baseUrl, cfg) {
+  try {
+    const u = new URL(baseUrl);
+    const host = u.hostname.replace(/^\[|\]$/g, '');
+    const loop = host === '127.0.0.1' || host === 'localhost' || host === '::1';
+    const port = u.port || (u.protocol === 'https:' ? '443' : '80');
+    return loop && String(port) === String(cfg.port);
+  } catch { return false; }
+}
+
 async function readBody(req, maxBytes) {
   const chunks = [];
   let size = 0;
@@ -156,12 +168,19 @@ async function handleBridge(req, res, { kind, adapter, redactable, pathname, age
 
 // ---- backend: api ----------------------------------------------------------
 
-async function handleApi(req, res, { adapter, pathname, search, base }, outBody, vault) {
+async function handleApi(req, res, { adapter, pathname, search, base, destKey, destProtocol }, outBody, vault) {
   let upstream;
   try {
+    const headers = forwardHeaders(req.headers, base);
+    // If the destination carries its own key (imported from a configured API),
+    // forward WITH it instead of relying on the client's auth header.
+    if (destKey) {
+      if (destProtocol === 'anthropic') { headers['x-api-key'] = destKey; delete headers.authorization; }
+      else { headers.authorization = `Bearer ${destKey}`; }
+    }
     upstream = await fetch(base.replace(/\/$/, '') + pathname + search, {
       method: req.method,
-      headers: forwardHeaders(req.headers, base),
+      headers,
       body: ['GET', 'HEAD'].includes(req.method) ? undefined : outBody,
     });
   } catch (e) {
@@ -234,7 +253,7 @@ export function createGateway(cfg = loadConfig()) {
 
     // Model discovery — aggregate every destination's models.
     if (req.method === 'GET' && /\/models$/.test(pathname)) {
-      return sendJson(res, 200, aggregateModels(cfg));
+      return sendJson(res, 200, await aggregateModelsAsync(cfg));
     }
 
     const r = route(pathname, req.headers, cfg);
@@ -280,7 +299,10 @@ export function createGateway(cfg = loadConfig()) {
     }
     if (dest && dest.type === 'api') {
       if (!dest.baseUrl) return sendJson(res, 502, { error: `destination "${dest.id}" has no baseUrl` });
-      return handleApi(req, res, { ...r, pathname, search: url.search, base: dest.baseUrl }, outBody, vault);
+      if (isSelfUrl(dest.baseUrl, cfg)) {
+        return sendJson(res, 508, { error: { message: `destination "${dest.id}" points back at the gateway (${dest.baseUrl}) — refusing to forward (would loop).`, type: 'loop_detected' } });
+      }
+      return handleApi(req, res, { ...r, pathname, search: url.search, base: dest.baseUrl, destKey: dest.apiKey, destProtocol: dest.protocol }, outBody, vault);
     }
     return handleBridge(req, res, { ...r, pathname, agentOverride: dest?.agent }, body, vault, cfg);
   });