npm - @chatpanel/gateway - Versions diffs - 0.2.2 → 0.3.0 - Mend

@chatpanel/gateway 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@chatpanel/gateway",
-  "version": "0.2.2",
+  "version": "0.3.0",
   "description": "Local privacy gateway — redacts PII out of OpenAI/Anthropic API traffic before it reaches a model, then restores it in the reply. Point opencode, codex, aider, Claude Code, etc. at it.",
   "type": "module",
   "bin": {

package/src/openai.js CHANGED Viewed

@@ -37,6 +37,22 @@ export function toTurn(body) {
   return { messages: Array.isArray(body?.messages) ? body.messages : [], system: '' };
 }
+// Tool-relay: the client's tool definitions, and (on a follow-up request) the
+// most recent tool result the client sent back.
+export function extractTools(body) {
+  return Array.isArray(body?.tools) ? body.tools : [];
+}
+export function extractLatestToolResult(body) {
+  const msgs = Array.isArray(body?.messages) ? body.messages : [];
+  for (let i = msgs.length - 1; i >= 0; i--) {
+    const m = msgs[i];
+    if (m?.role === 'tool' && m.tool_call_id) {
+      return { tool_call_id: m.tool_call_id, content: typeof m.content === 'string' ? m.content : JSON.stringify(m.content) };
+    }
+  }
+  return null;
+}
 // Restore a buffered (non-streaming) response: assistant text + tool-call args.
 export function restoreResponse(json, vault) {
   for (const choice of json?.choices || []) {

package/src/server.js CHANGED Viewed

@@ -21,8 +21,9 @@ import { createServer } from 'node:http';
 import { loadConfig } from './config.js';
 import { redactSegments } from './redact.js';
 import { pipeRestoredStream, makeTokenRestorer } from './stream.js';
-import { restoreText } from '@chatpanel/pii';
-import { streamBridgeChat, readBridgeToken } from './bridge.js';
+import { restoreText, effectiveTier, gatedDictionary } from '@chatpanel/pii';
+import { streamBridgeChat, readBridgeToken, openBridgeChat } from './bridge.js';
+import { createRelaySession, getRelaySession, endRelaySession, pumpBridgeStream, deliverToolResult, toolsToSpecs, parseToolCallId } from './toolrelay.js';
 import { shaperFor } from './shape.js';
 import { startNer } from './ner.js';
 import { resolvePro, meter, usage } from './freegate.js';
@@ -32,7 +33,7 @@ import * as openai from './openai.js';
 import * as responses from './responses.js';
 import * as anthropic from './anthropic.js';
-export const VERSION = '0.2.2';
+export const VERSION = '0.3.0';
 const KNOWN_AGENTS = new Set(['codex', 'claude', 'opencode', 'pi', 'kiro', 'antigravity']);
@@ -67,6 +68,14 @@ function setCors(res, origin) {
 const STARTED_AT = Date.now();
+// In-memory ring of recent request SUMMARIES for the extension's monitoring view.
+// Counts only — never any prompt/response text or values.
+const recentRequests = [];
+function recordRequest(entry) {
+  recentRequests.push(entry);
+  if (recentRequests.length > 50) recentRequests.shift();
+}
 // Classify a request: which protocol kind + adapter, whether it's a redactable
 // chat endpoint, and (api backend) which upstream base URL.
 function route(pathname, headers, cfg) {
@@ -123,11 +132,70 @@ function forwardHeaders(headers, base) {
 // ---- backend: bridge -------------------------------------------------------
-async function handleBridge(req, res, { kind, adapter, redactable, pathname, agentOverride }, body, vault, cfg) {
+// Stream the bridge SSE through the OpenAI shaper, parking on a tool call.
+async function pumpRelay(res, s, shaper) {
+  const restorer = makeTokenRestorer(s.vault);
+  await pumpBridgeStream(s, {
+    onText: (text) => { const r = restorer.push(text); if (r) res.write(shaper.sseDelta(r)); },
+    onToolRequest: ({ name, restoredArgs, toolId }) => {
+      const tail = restorer.flush(); if (tail) res.write(shaper.sseDelta(tail));
+      res.write(shaper.sseToolCalls([{ id: toolId, name, arguments: JSON.stringify(restoredArgs) }]));
+      res.write(shaper.sseToolFinish());
+      res.end(); // park: turn ends with tool_calls; the session stays alive for the follow-up
+    },
+    onDone: () => { const tail = restorer.flush(); if (tail) res.write(shaper.sseDelta(tail)); res.write(shaper.sseTail()); res.end(); endRelaySession(s.id); },
+    onError: (e) => { res.write(`data: ${JSON.stringify({ error: { message: e.message, type: 'bridge_error' } })}\n\n`); res.end(); endRelaySession(s.id); },
+  });
+}
+// New tool-enabled turn: open the bridge with the client's tools as MCP specs.
+async function startRelay(req, res, { kind, adapter, agent }, body, vault, cfg, isPro, tools) {
+  const { messages, system } = adapter.toTurn(body);
+  const token = readBridgeToken(cfg.bridge.token);
+  const shaper = shaperFor(kind, body?.model || agent);
+  const redactOpts = { tier: effectiveTier({ tier: cfg.redaction.tier }, isPro), dictionary: gatedDictionary(cfg.redaction, isPro), entities: [] };
+  const s = createRelaySession({ vault, redactOpts, bridgeUrl: cfg.bridge.url, token });
+  const ttl = setTimeout(() => endRelaySession(s.id), 135_000); // bridge tool-call timeout is 120s
+  let resp;
+  try {
+    resp = await openBridgeChat({ bridgeUrl: cfg.bridge.url, agent, token, messages, system, specs: toolsToSpecs(tools), options: {}, signal: undefined });
+  } catch (e) { clearTimeout(ttl); endRelaySession(s.id); return sendJson(res, 502, { error: { message: `bridge: ${e.message}`, type: 'bridge_error' } }); }
+  s.reader = resp.body.getReader();
+  res.writeHead(200, { 'content-type': 'text/event-stream', 'cache-control': 'no-cache', connection: 'keep-alive' });
+  res.write(shaper.sseHead());
+  return pumpRelay(res, s, shaper);
+}
+// Follow-up turn carrying a tool result: feed it to the parked agent + resume.
+async function resumeRelay(res, s, toolContent, model) {
+  try { await deliverToolResult(s, toolContent); }
+  catch (e) { endRelaySession(s.id); return sendJson(res, 502, { error: { message: `tool-result: ${e.message}`, type: 'bridge_error' } }); }
+  const shaper = shaperFor('openai', model || 'codex');
+  res.writeHead(200, { 'content-type': 'text/event-stream', 'cache-control': 'no-cache', connection: 'keep-alive' });
+  res.write(shaper.sseHead());
+  return pumpRelay(res, s, shaper);
+}
+async function handleBridge(req, res, { kind, adapter, redactable, pathname, agentOverride }, body, vault, cfg, isPro) {
   if (!redactable) {
     return sendJson(res, 404, { error: `endpoint ${pathname} not supported by the bridge backend` });
   }
+  // Tool relay (OpenAI protocol + agent destinations). A follow-up request carries
+  // a tool result for a parked session; a new request with `tools` starts one.
+  if (kind === 'openai') {
+    const toolResult = adapter.extractLatestToolResult(body);
+    if (toolResult) {
+      const parsed = parseToolCallId(toolResult.tool_call_id);
+      const s = parsed && getRelaySession(parsed.gwId);
+      if (s) return resumeRelay(res, s, toolResult.content, body?.model);
+    }
+    const tools = adapter.extractTools(body);
+    if (tools.length && body?.stream === true) {
+      return startRelay(req, res, { kind, adapter, agent: agentOverride || pickAgent(body?.model, cfg) }, body, vault, cfg, isPro, tools);
+    }
+  }
   const { messages, system } = adapter.toTurn(body);
   const agent = agentOverride || pickAgent(body?.model, cfg);
   const wantStream = body?.stream === true;
@@ -237,6 +305,9 @@ export function createGateway(cfg = loadConfig()) {
         uptimeSeconds: Math.floor((Date.now() - STARTED_AT) / 1000),
       });
     }
+    if (pathname === '/logs' && req.method === 'GET') {
+      return sendJson(res, 200, { entries: [...recentRequests].reverse() }); // newest first; counts only
+    }
     if (pathname === '/config' && req.method === 'GET') {
       const proUnlocked = await resolvePro(cfg.pro?.entitlementToken);
       return sendJson(res, 200, publicConfig(cfg, { proUnlocked }));
@@ -270,11 +341,13 @@ export function createGateway(cfg = loadConfig()) {
     let vault = null;
     let body = null;
     let outBody = raw;
+    let redactedCount = 0;
+    let isPro = true;
     if (r.redactable && req.method === 'POST' && raw.length) {
       try { body = JSON.parse(raw.toString('utf8')); } catch { body = null; }
       if (body) {
         // Free/Pro gate: meter the request and pick the effective tier.
-        const isPro = await resolvePro(cfg.pro?.entitlementToken);
+        isPro = await resolvePro(cfg.pro?.entitlementToken);
         const allow = meter(cfg, isPro);
         if (!allow.allowed) {
           return sendJson(res, 402, { error: {
@@ -287,6 +360,7 @@ export function createGateway(cfg = loadConfig()) {
         req.on('close', () => ac.abort());
         const { vault: v, count } = await redactSegments(segs, cfg.redaction, { signal: ac.signal, isPro });
         vault = v;
+        redactedCount = count;
         outBody = Buffer.from(JSON.stringify(body), 'utf8');
       }
     }
@@ -294,8 +368,9 @@ export function createGateway(cfg = loadConfig()) {
     // Route by the requested model → a destination (agent via the bridge, or an
     // API we forward to). Falls back to the legacy backend when none configured.
     const dest = resolveDestination(body?.model, cfg, r.kind);
-    if (cfg.logRequests) {
-      console.log(`[gateway] ${req.method} ${pathname} · model=${body?.model || '-'} → ${dest ? `${dest.id}(${dest.type})` : 'none'}`);
+    if (cfg.logRequests && r.redactable) {
+      recordRequest({ t: Date.now(), model: body?.model || null, dest: dest ? dest.id : null, type: dest ? dest.type : null, redacted: redactedCount });
+      console.log(`[gateway] ${req.method} ${pathname} · model=${body?.model || '-'} → ${dest ? `${dest.id}(${dest.type})` : 'none'} · redacted ${redactedCount}`);
     }
     if (dest && dest.type === 'api') {
       if (!dest.baseUrl) return sendJson(res, 502, { error: `destination "${dest.id}" has no baseUrl` });
@@ -304,7 +379,7 @@ export function createGateway(cfg = loadConfig()) {
       }
       return handleApi(req, res, { ...r, pathname, search: url.search, base: dest.baseUrl, destKey: dest.apiKey, destProtocol: dest.protocol }, outBody, vault);
     }
-    return handleBridge(req, res, { ...r, pathname, agentOverride: dest?.agent }, body, vault, cfg);
+    return handleBridge(req, res, { ...r, pathname, agentOverride: dest?.agent }, body, vault, cfg, isPro);
   });
 }

package/src/shape.js CHANGED Viewed

@@ -38,6 +38,14 @@ export function openaiChat(model) {
     sseTail() {
       return sse({ ...base, choices: [{ index: 0, delta: {}, finish_reason: 'stop' }] }) + 'data: [DONE]\n\n';
     },
+    // Tool-relay (agent destinations): emit the agent's tool call as an OpenAI
+    // tool_calls delta, then end the turn with finish_reason:tool_calls.
+    sseToolCalls(calls) {
+      return sse({ ...base, choices: [{ index: 0, delta: { tool_calls: calls.map((c, i) => ({ index: i, id: c.id, type: 'function', function: { name: c.name, arguments: c.arguments } })) }, finish_reason: null }] });
+    },
+    sseToolFinish() {
+      return sse({ ...base, choices: [{ index: 0, delta: {}, finish_reason: 'tool_calls' }] }) + 'data: [DONE]\n\n';
+    },
   };
 }