npm - @elsium-ai/gateway - Versions diffs - 0.2.3 → 0.4.0 - Mend

@elsium-ai/gateway 0.2.3 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/batch.d.ts +24 -0
package/dist/batch.d.ts.map +1 -0
package/dist/cache.d.ts +26 -0
package/dist/cache.d.ts.map +1 -0
package/dist/gateway.d.ts +2 -1
package/dist/gateway.d.ts.map +1 -1
package/dist/index.d.ts +8 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +719 -212
package/dist/middleware.d.ts +2 -1
package/dist/middleware.d.ts.map +1 -1
package/dist/output-guardrails.d.ts +23 -0
package/dist/output-guardrails.d.ts.map +1 -0
package/dist/pricing.d.ts +1 -0
package/dist/pricing.d.ts.map +1 -1
package/dist/providers/anthropic.d.ts.map +1 -1
package/dist/providers/google.d.ts.map +1 -1
package/dist/providers/openai.d.ts.map +1 -1
package/dist/security.d.ts.map +1 -1
package/package.json +2 -2

package/dist/index.js CHANGED Viewed

@@ -394,6 +394,94 @@ function createLogger(options = {}) {
     }
   };
 }
+// ../core/src/schema.ts
+var log = createLogger();
+function zodDefKind(def) {
+  return typeof def.type === "string" ? def.type : def.typeName;
+}
+function zodObjectToJsonSchema(schema, convert) {
+  const shape = typeof schema.shape === "function" ? schema.shape() : schema.shape;
+  const properties = {};
+  const required = [];
+  for (const [key, value] of Object.entries(shape)) {
+    const fieldSchema = value;
+    properties[key] = convert(fieldSchema);
+    const fieldDef = fieldSchema._def;
+    const fieldKind = zodDefKind(fieldDef);
+    if (fieldKind !== "optional" && fieldKind !== "ZodOptional" && fieldKind !== "default" && fieldKind !== "ZodDefault") {
+      required.push(key);
+    }
+    if (fieldDef.description) {
+      properties[key].description = fieldDef.description;
+    }
+  }
+  return { type: "object", properties, required };
+}
+function zodToJsonSchema(schema) {
+  if (!("_def" in schema))
+    return { type: "object" };
+  const def = schema._def;
+  const kind = zodDefKind(def);
+  switch (kind) {
+    case "object":
+    case "ZodObject":
+      return zodObjectToJsonSchema(def, zodToJsonSchema);
+    case "string":
+    case "ZodString":
+      return { type: "string" };
+    case "number":
+    case "ZodNumber":
+      return { type: "number" };
+    case "boolean":
+    case "ZodBoolean":
+      return { type: "boolean" };
+    case "array":
+    case "ZodArray":
+      return {
+        type: "array",
+        items: zodToJsonSchema(def.element ?? def.type)
+      };
+    case "enum":
+    case "ZodEnum": {
+      const values = def.values ?? (def.entries ? Object.values(def.entries) : []);
+      return { type: "string", enum: values };
+    }
+    case "optional":
+    case "ZodOptional":
+      return zodToJsonSchema(def.innerType);
+    case "default":
+    case "ZodDefault":
+      return zodToJsonSchema(def.innerType);
+    case "nullable":
+    case "ZodNullable": {
+      const inner = zodToJsonSchema(def.innerType);
+      return { ...inner, nullable: true };
+    }
+    case "ZodLiteral":
+      return { type: typeof def.value, const: def.value };
+    case "ZodUnion": {
+      const options = def.options.map(zodToJsonSchema);
+      return { anyOf: options };
+    }
+    case "ZodRecord":
+      return {
+        type: "object",
+        additionalProperties: def.valueType ? zodToJsonSchema(def.valueType) : { type: "string" }
+      };
+    case "ZodTuple": {
+      const items = (def.items ?? []).map(zodToJsonSchema);
+      return { type: "array", prefixItems: items, minItems: items.length, maxItems: items.length };
+    }
+    case "ZodDate":
+      return { type: "string", format: "date-time" };
+    default:
+      log.warn(`zodToJsonSchema: unsupported type ${kind}, defaulting to string`);
+      return { type: "string" };
+  }
+}
+// ../core/src/registry.ts
+var log2 = createLogger();
+var BLOCKED_KEYS = new Set(["__proto__", "constructor", "prototype"]);
 // ../core/src/circuit-breaker.ts
 function defaultShouldCount(error) {
   if (error && typeof error === "object" && "retryable" in error) {
@@ -559,17 +647,28 @@ function composeMiddleware(middlewares) {
     return dispatch(0);
   };
 }
+function composeStreamMiddleware(middlewares) {
+  return (ctx, source, finalNext) => {
+    function dispatch(i, currentCtx, currentSource) {
+      if (i >= middlewares.length) {
+        return finalNext(currentCtx, currentSource);
+      }
+      return middlewares[i](currentCtx, currentSource, (c, s) => dispatch(i + 1, c, s));
+    }
+    return dispatch(0, ctx, source);
+  };
+}
 function loggingMiddleware(logger) {
-  const log = logger ?? createLogger({ level: "info" });
+  const log3 = logger ?? createLogger({ level: "info" });
   return async (ctx, next) => {
-    log.info("LLM request", {
+    log3.info("LLM request", {
       provider: ctx.provider,
       model: ctx.model,
       traceId: ctx.traceId,
       messageCount: ctx.request.messages.length
     });
     const response = await next(ctx);
-    log.info("LLM response", {
+    log3.info("LLM response", {
       provider: ctx.provider,
       model: ctx.model,
       traceId: ctx.traceId,
@@ -705,7 +804,7 @@ function xrayMiddleware(options = {}) {
 }
 // src/pricing.ts
-var log = createLogger();
+var log3 = createLogger();
 var PRICING = {
   "claude-opus-4-6": { inputPerMillion: 15, outputPerMillion: 75 },
   "claude-sonnet-4-6": { inputPerMillion: 3, outputPerMillion: 15 },
@@ -743,7 +842,7 @@ function resolveModelName(model) {
 function calculateCost(model, usage) {
   const pricing = PRICING[resolveModelName(model)];
   if (!pricing) {
-    log.warn(`Unknown model "${model}" — cost will be reported as $0. Register pricing with registerPricing().`);
+    log3.warn(`Unknown model "${model}" — cost will be reported as $0. Register pricing with registerPricing().`);
     return {
       inputCost: 0,
       outputCost: 0,
@@ -763,6 +862,12 @@ function calculateCost(model, usage) {
 function registerPricing(model, pricing) {
   PRICING[model] = pricing;
 }
+function estimateCost(model, tokenCount) {
+  const pricing = PRICING[resolveModelName(model)];
+  if (!pricing)
+    return 0;
+  return tokenCount / 1e6 * pricing.inputPerMillion;
+}
 // src/providers/anthropic.ts
 var DEFAULT_BASE_URL = "https://api.anthropic.com";
@@ -837,15 +942,33 @@ function createAnthropicProvider(config) {
     if (part.type === "text")
       return { type: "text", text: part.text };
     if (part.type === "image" && part.source?.type === "base64") {
+      const src = part.source;
       return {
         type: "image",
         source: {
           type: "base64",
-          media_type: part.source.mediaType,
-          data: part.source.data
+          media_type: src.mediaType,
+          data: src.data
         }
       };
     }
+    if (part.type === "document" && part.source) {
+      if (part.source.type === "base64") {
+        const src = part.source;
+        return {
+          type: "document",
+          source: {
+            type: "base64",
+            media_type: src.mediaType,
+            data: src.data
+          }
+        };
+      }
+      return { type: "text", text: "[document: url source not supported by Anthropic]" };
+    }
+    if (part.type === "audio") {
+      return { type: "text", text: "[audio content not supported by this provider]" };
+    }
     return { type: "text", text: "[unsupported content]" };
   }
   function formatMultipartContent(msg, role) {
@@ -888,6 +1011,52 @@ function createAnthropicProvider(config) {
       input_schema: t.inputSchema
     }));
   }
+  function buildOptionalParams(req) {
+    const params = {};
+    if (req.temperature !== undefined)
+      params.temperature = req.temperature;
+    if (req.topP !== undefined)
+      params.top_p = req.topP;
+    if (req.stopSequences?.length)
+      params.stop_sequences = req.stopSequences;
+    return params;
+  }
+  function applyStructuredOutput(body, req, tools) {
+    if (!req.schema)
+      return;
+    const jsonSchema = zodToJsonSchema(req.schema);
+    const structuredTool = {
+      name: "_structured_output",
+      description: "Return structured output matching the required schema",
+      input_schema: jsonSchema
+    };
+    body.tools = [...tools ?? [], structuredTool];
+    body.tool_choice = { type: "tool", name: "_structured_output" };
+  }
+  function buildRequestBody(req) {
+    const { system, messages } = formatMessages(req.messages);
+    const model = req.model ?? "claude-sonnet-4-6";
+    const body = {
+      model,
+      messages,
+      max_tokens: req.maxTokens ?? DEFAULT_MAX_TOKENS,
+      ...system || req.system ? { system: req.system ?? system } : {},
+      ...buildOptionalParams(req),
+      ...buildSeedMetadata(req)
+    };
+    const tools = formatTools(req.tools);
+    if (tools)
+      body.tools = tools;
+    applyStructuredOutput(body, req, tools);
+    return body;
+  }
+  function executeWithTimeout(fn, reqSignal) {
+    const controller = new AbortController;
+    const timer = setTimeout(() => controller.abort(), timeout);
+    const signals = [controller.signal, reqSignal].filter(Boolean);
+    const mergedSignal = signals.length > 1 ? AbortSignal.any(signals) : signals[0];
+    return fn(mergedSignal).finally(() => clearTimeout(timer));
+  }
   function extractContentBlocks(content) {
     const toolCalls = [];
     const textParts = [];
@@ -939,34 +1108,12 @@ function createAnthropicProvider(config) {
       authStyle: "x-api-key"
     },
     async complete(req) {
-      const { system, messages } = formatMessages(req.messages);
-      const model = req.model ?? "claude-sonnet-4-6";
-      const body = {
-        model,
-        messages,
-        max_tokens: req.maxTokens ?? DEFAULT_MAX_TOKENS,
-        ...system || req.system ? { system: req.system ?? system } : {},
-        ...req.temperature !== undefined ? { temperature: req.temperature } : {},
-        ...req.topP !== undefined ? { top_p: req.topP } : {},
-        ...req.stopSequences?.length ? { stop_sequences: req.stopSequences } : {},
-        ...buildSeedMetadata(req)
-      };
-      const tools = formatTools(req.tools);
-      if (tools)
-        body.tools = tools;
+      const body = buildRequestBody(req);
       const startTime = performance.now();
-      const raw = await retry(async () => {
-        const controller = new AbortController;
-        const timer = setTimeout(() => controller.abort(), timeout);
-        try {
-          const signals = [controller.signal, req.signal].filter(Boolean);
-          const mergedSignal = signals.length > 1 ? AbortSignal.any(signals) : signals[0];
-          const resp = await request("/messages", body, mergedSignal);
-          return await resp.json();
-        } finally {
-          clearTimeout(timer);
-        }
-      }, {
+      const raw = await retry(() => executeWithTimeout(async (signal) => {
+        const resp = await request("/messages", body, signal);
+        return await resp.json();
+      }, req.signal), {
         maxRetries,
         baseDelayMs: 1000,
         shouldRetry: (e) => e instanceof ElsiumError && e.retryable
@@ -975,29 +1122,12 @@ function createAnthropicProvider(config) {
       return parseResponse(raw, latencyMs);
     },
     stream(req) {
-      const { system, messages } = formatMessages(req.messages);
-      const model = req.model ?? "claude-sonnet-4-6";
-      const body = {
-        model,
-        messages,
-        max_tokens: req.maxTokens ?? DEFAULT_MAX_TOKENS,
-        stream: true,
-        ...system || req.system ? { system: req.system ?? system } : {},
-        ...req.temperature !== undefined ? { temperature: req.temperature } : {},
-        ...req.topP !== undefined ? { top_p: req.topP } : {},
-        ...req.stopSequences?.length ? { stop_sequences: req.stopSequences } : {},
-        ...buildSeedMetadata(req)
-      };
-      const tools = formatTools(req.tools);
-      if (tools)
-        body.tools = tools;
+      const body = buildRequestBody(req);
+      body.stream = true;
+      const model = body.model ?? "claude-sonnet-4-6";
       return createStream(async (emit) => {
-        const controller = new AbortController;
-        const timer = setTimeout(() => controller.abort(), timeout);
-        try {
-          const signals = [controller.signal, req.signal].filter(Boolean);
-          const mergedSignal = signals.length > 1 ? AbortSignal.any(signals) : signals[0];
-          const resp = await request("/messages", body, mergedSignal);
+        await executeWithTimeout(async (signal) => {
+          const resp = await request("/messages", body, signal);
           if (!resp.body)
             throw new ElsiumError({
               code: "STREAM_ERROR",
@@ -1006,9 +1136,7 @@ function createAnthropicProvider(config) {
               retryable: false
             });
           await processAnthropicSSEStream(resp.body, model, emit);
-        } finally {
-          clearTimeout(timer);
-        }
+        }, req.signal);
       });
     },
     async listModels() {
@@ -1162,19 +1290,38 @@ function createGoogleProvider(config) {
     }
     return { role, parts };
   }
+  function convertGeminiImagePart(p) {
+    if (p.source.type === "base64") {
+      return { inlineData: { mimeType: p.source.mediaType, data: p.source.data } };
+    }
+    return { fileData: { mimeType: "image/jpeg", fileUri: p.source.url } };
+  }
+  function convertGeminiMediaPart(p) {
+    if (p.source.type === "base64") {
+      return { inlineData: { mimeType: p.source.mediaType, data: p.source.data } };
+    }
+    const urlSource = p.source;
+    return { fileData: { mimeType: "application/octet-stream", fileUri: urlSource.url } };
+  }
+  function convertGeminiContentPart(p) {
+    if (p.type === "text") {
+      return { text: p.text };
+    }
+    if (p.type === "image") {
+      return convertGeminiImagePart(p);
+    }
+    if (p.type === "audio" || p.type === "document") {
+      return convertGeminiMediaPart(p);
+    }
+    return null;
+  }
   function formatGeminiMultipartContent(msg, role) {
+    const content = msg.content;
     const parts = [];
-    for (const p of msg.content) {
-      if (p.type === "text") {
-        parts.push({ text: p.text });
-      } else if (p.type === "image") {
-        const img = p;
-        if (img.source.type === "base64") {
-          parts.push({ inlineData: { mimeType: img.source.mediaType, data: img.source.data } });
-        } else {
-          parts.push({ fileData: { mimeType: "image/jpeg", fileUri: img.source.url } });
-        }
-      }
+    for (const p of content) {
+      const converted = convertGeminiContentPart(p);
+      if (converted)
+        parts.push(converted);
     }
     return { role, parts };
   }
@@ -1272,6 +1419,10 @@ function createGoogleProvider(config) {
       config2.topP = req.topP;
     if (req.stopSequences?.length)
       config2.stopSequences = req.stopSequences;
+    if (req.schema) {
+      config2.responseMimeType = "application/json";
+      config2.responseSchema = zodToJsonSchema(req.schema);
+    }
     return config2;
   }
   function buildRequestBody(req) {
@@ -1537,21 +1688,48 @@ function createOpenAIProvider(config) {
     }
     return openaiMsg;
   }
+  function convertImagePart(part) {
+    if (part.source.type === "base64") {
+      const url = `data:${part.source.mediaType};base64,${part.source.data}`;
+      return { type: "image_url", image_url: { url } };
+    }
+    return { type: "image_url", image_url: { url: part.source.url } };
+  }
+  function convertAudioPart(part) {
+    if (part.source.type === "base64") {
+      const format = part.source.mediaType.split("/")[1] ?? "wav";
+      return { type: "input_audio", input_audio: { data: part.source.data, format } };
+    }
+    return { type: "text", text: "[audio: url source requires file upload]" };
+  }
+  function convertDocumentPart(part) {
+    if (part.source.type === "base64") {
+      return {
+        type: "text",
+        text: `[document: ${part.source.mediaType} content attached as base64]`
+      };
+    }
+    return { type: "text", text: `[document: ${part.source.url}]` };
+  }
+  function convertContentPart(part) {
+    if (part.type === "text")
+      return { type: "text", text: part.text };
+    if (part.type === "image")
+      return convertImagePart(part);
+    if (part.type === "audio")
+      return convertAudioPart(part);
+    if (part.type === "document")
+      return convertDocumentPart(part);
+    return null;
+  }
   function formatUserContent(msg) {
     if (typeof msg.content === "string")
       return msg.content;
     const parts = [];
     for (const part of msg.content) {
-      if (part.type === "text") {
-        parts.push({ type: "text", text: part.text });
-      } else if (part.type === "image") {
-        if (part.source.type === "base64") {
-          const url = `data:${part.source.mediaType};base64,${part.source.data}`;
-          parts.push({ type: "image_url", image_url: { url } });
-        } else {
-          parts.push({ type: "image_url", image_url: { url: part.source.url } });
-        }
-      }
+      const converted = convertContentPart(part);
+      if (converted)
+        parts.push(converted);
     }
     return parts;
   }
@@ -1586,6 +1764,49 @@ function createOpenAIProvider(config) {
       }
     }));
   }
+  function buildOptionalParams(req) {
+    const params = {};
+    if (req.temperature !== undefined)
+      params.temperature = req.temperature;
+    if (req.seed !== undefined)
+      params.seed = req.seed;
+    if (req.topP !== undefined)
+      params.top_p = req.topP;
+    if (req.stopSequences?.length)
+      params.stop = req.stopSequences;
+    return params;
+  }
+  function applyResponseFormat(body, req) {
+    if (!req.schema)
+      return;
+    const jsonSchema = zodToJsonSchema(req.schema);
+    body.response_format = {
+      type: "json_schema",
+      json_schema: {
+        name: "structured_output",
+        strict: true,
+        schema: jsonSchema
+      }
+    };
+  }
+  function buildRequestBody(req) {
+    const messages = formatMessages(req.messages);
+    const model = req.model ?? "gpt-4o";
+    if (req.system) {
+      messages.unshift({ role: "system", content: req.system });
+    }
+    const body = {
+      model,
+      messages,
+      max_tokens: req.maxTokens ?? DEFAULT_MAX_TOKENS2,
+      ...buildOptionalParams(req)
+    };
+    const tools = formatTools(req.tools);
+    if (tools)
+      body.tools = tools;
+    applyResponseFormat(body, req);
+    return body;
+  }
   function parseResponse(raw, latencyMs) {
     const traceId = generateTraceId();
     const choice = raw.choices[0];
@@ -1630,23 +1851,7 @@ function createOpenAIProvider(config) {
       authStyle: "bearer"
     },
     async complete(req) {
-      const messages = formatMessages(req.messages);
-      const model = req.model ?? "gpt-4o";
-      if (req.system) {
-        messages.unshift({ role: "system", content: req.system });
-      }
-      const body = {
-        model,
-        messages,
-        max_tokens: req.maxTokens ?? DEFAULT_MAX_TOKENS2,
-        ...req.temperature !== undefined ? { temperature: req.temperature } : {},
-        ...req.seed !== undefined ? { seed: req.seed } : {},
-        ...req.topP !== undefined ? { top_p: req.topP } : {},
-        ...req.stopSequences?.length ? { stop: req.stopSequences } : {}
-      };
-      const tools = formatTools(req.tools);
-      if (tools)
-        body.tools = tools;
+      const body = buildRequestBody(req);
       const startTime = performance.now();
       const raw = await retry(async () => {
         const controller = new AbortController;
@@ -1668,25 +1873,10 @@ function createOpenAIProvider(config) {
       return parseResponse(raw, latencyMs);
     },
     stream(req) {
-      const messages = formatMessages(req.messages);
-      const model = req.model ?? "gpt-4o";
-      if (req.system) {
-        messages.unshift({ role: "system", content: req.system });
-      }
-      const body = {
-        model,
-        messages,
-        max_tokens: req.maxTokens ?? DEFAULT_MAX_TOKENS2,
-        stream: true,
-        stream_options: { include_usage: true },
-        ...req.temperature !== undefined ? { temperature: req.temperature } : {},
-        ...req.seed !== undefined ? { seed: req.seed } : {},
-        ...req.topP !== undefined ? { top_p: req.topP } : {},
-        ...req.stopSequences?.length ? { stop: req.stopSequences } : {}
-      };
-      const tools = formatTools(req.tools);
-      if (tools)
-        body.tools = tools;
+      const body = buildRequestBody(req);
+      body.stream = true;
+      body.stream_options = { include_usage: true };
+      const model = body.model ?? "gpt-4o";
       return createStream(async (emit) => {
         const controller = new AbortController;
         const timer = setTimeout(() => controller.abort(), timeout);
@@ -1806,15 +1996,32 @@ var PROVIDER_FACTORIES = {
   openai: createOpenAIProvider,
   google: createGoogleProvider
 };
+registerProviderMetadata("anthropic", {
+  baseUrl: "https://api.anthropic.com/v1/messages",
+  capabilities: ["tools", "vision", "streaming", "system"],
+  authStyle: "x-api-key"
+});
+registerProviderMetadata("openai", {
+  baseUrl: "https://api.openai.com/v1/chat/completions",
+  capabilities: ["tools", "vision", "streaming", "system", "json_mode"],
+  authStyle: "bearer"
+});
+registerProviderMetadata("google", {
+  baseUrl: "https://generativelanguage.googleapis.com/v1beta/models",
+  capabilities: ["tools", "vision", "streaming", "system"],
+  authStyle: "bearer"
+});
 function registerProviderFactory(name, factory) {
   PROVIDER_FACTORIES[name] = factory;
 }
 function validateGatewayConfig(config) {
-  const factory = PROVIDER_FACTORIES[config.provider];
+  const factory = PROVIDER_FACTORIES[config.provider] ?? getProviderFactory(config.provider);
   if (!factory) {
+    const available = [...Object.keys(PROVIDER_FACTORIES), ...listProviders()];
+    const unique = [...new Set(available)];
     throw new ElsiumError({
       code: "CONFIG_ERROR",
-      message: `Unknown provider: ${config.provider}. Available: ${Object.keys(PROVIDER_FACTORIES).join(", ")}`,
+      message: `Unknown provider: ${config.provider}. Available: ${unique.join(", ")}`,
       retryable: false
     });
   }
@@ -1892,6 +2099,24 @@ async function accumulateStreamEvents(stream, emit) {
   }
   return { textContent, usage, stopReason, id };
 }
+function extractFromToolCalls(response) {
+  if (response.stopReason !== "tool_use" || !response.message.toolCalls?.length) {
+    return;
+  }
+  const structuredCall = response.message.toolCalls.find((tc) => tc.name === "_structured_output");
+  return structuredCall?.arguments;
+}
+function extractJsonFromText(response) {
+  let text = typeof response.message.content === "string" ? response.message.content : "";
+  text = text.replace(/^```(?:json)?\s*\n?([\s\S]*?)\n?\s*```$/gm, "$1").trim();
+  const jsonMatch = text.match(/(\{[\s\S]*\}|\[[\s\S]*\])/);
+  if (!jsonMatch) {
+    throw ElsiumError.validation("LLM response did not contain valid JSON", {
+      response: text
+    });
+  }
+  return JSON.parse(jsonMatch[0]);
+}
 function gateway(config) {
   const factory = validateGatewayConfig(config);
   const provider = factory({
@@ -1913,6 +2138,7 @@ function gateway(config) {
     allMiddleware.push(xm);
   }
   const composedMiddleware = allMiddleware.length ? composeMiddleware(allMiddleware) : null;
+  const composedStreamMiddleware = config.streamMiddleware?.length ? composeStreamMiddleware(config.streamMiddleware) : null;
   async function executeWithMiddleware(request) {
     const req = { ...request, model: request.model ?? defaultModel };
     if (!composedMiddleware) {
@@ -1937,11 +2163,11 @@ function gateway(config) {
       validateRequestLimits(request, maxMessages, maxInputTokens);
       const req = { ...request, model: request.model ?? defaultModel };
       if (composedMiddleware) {
-        const ctx = buildMiddlewareContext(req, provider.name, defaultModel, request.metadata ?? {});
+        const ctx2 = buildMiddlewareContext(req, provider.name, defaultModel, request.metadata ?? {});
         return createStream(async (emit) => {
-          await composedMiddleware(ctx, async (c) => {
+          await composedMiddleware(ctx2, async (c) => {
             const result = await accumulateStreamEvents(provider.stream(c.request), emit);
-            const latencyMs = Math.round(performance.now() - ctx.startTime);
+            const latencyMs = Math.round(performance.now() - ctx2.startTime);
             return {
               id: result.id,
               message: { role: "assistant", content: result.textContent },
@@ -1951,116 +2177,48 @@ function gateway(config) {
               provider: provider.name,
               stopReason: result.stopReason,
               latencyMs,
-              traceId: ctx.traceId
+              traceId: ctx2.traceId
             };
           });
         });
       }
-      return provider.stream(req);
+      const rawStream = provider.stream(req);
+      if (!composedStreamMiddleware)
+        return rawStream;
+      const ctx = buildMiddlewareContext(req, provider.name, defaultModel, request.metadata ?? {});
+      return createStream(async (emit) => {
+        const processed = composedStreamMiddleware(ctx, rawStream, (_c, s) => s);
+        for await (const event of processed) {
+          emit(event);
+        }
+      });
     },
     async generate(request) {
       const { schema, ...rest } = request;
-      const jsonSchema = schemaToJsonSchema(schema);
-      const systemPrompt = [
-        rest.system ?? "",
-        "You MUST respond with valid JSON matching this schema:",
-        JSON.stringify(jsonSchema, null, 2),
-        "Respond ONLY with the JSON object, no markdown or explanation."
-      ].filter(Boolean).join(`
-`);
+      const jsonSchema = zodToJsonSchema(schema);
       const response = await executeWithMiddleware({
         ...rest,
-        system: systemPrompt
+        schema,
+        system: [
+          rest.system ?? "",
+          "You MUST respond with valid JSON matching this schema:",
+          JSON.stringify(jsonSchema, null, 2),
+          "Respond ONLY with the JSON object, no markdown or explanation."
+        ].filter(Boolean).join(`
+`)
       });
-      const text = typeof response.message.content === "string" ? response.message.content : "";
-      const jsonMatch = text.match(/\{[\s\S]*\}/);
-      if (!jsonMatch) {
-        throw ElsiumError.validation("LLM response did not contain valid JSON", {
-          response: text
-        });
-      }
-      const parsed = JSON.parse(jsonMatch[0]);
+      const parsed = extractFromToolCalls(response) ?? extractJsonFromText(response);
       const result = schema.safeParse(parsed);
       if (!result.success) {
         throw ElsiumError.validation("LLM response did not match schema", {
-          errors: result.error.issues,
-          response: text
+          errors: result.error.issues
         });
       }
       return { data: result.data, response };
     }
   };
 }
-function schemaToJsonSchema(schema) {
-  try {
-    if ("_def" in schema) {
-      const def = schema._def;
-      const result = convertZodDef(def);
-      if (result)
-        return result;
-    }
-  } catch {}
-  return { type: "string" };
-}
-function zodDefKind(def) {
-  return typeof def.type === "string" ? def.type : def.typeName;
-}
-function convertZodDef(def) {
-  const kind = zodDefKind(def);
-  switch (kind) {
-    case "object":
-    case "ZodObject":
-      return convertZodObject(def);
-    case "string":
-    case "ZodString":
-      return { type: "string" };
-    case "number":
-    case "ZodNumber":
-      return { type: "number" };
-    case "boolean":
-    case "ZodBoolean":
-      return { type: "boolean" };
-    case "array":
-    case "ZodArray":
-      return convertZodArray(def);
-    case "enum":
-    case "ZodEnum": {
-      const values = def.values ?? (def.entries ? Object.values(def.entries) : []);
-      return { type: "string", enum: values };
-    }
-    case "optional":
-    case "ZodOptional":
-      return convertZodOptional(def);
-    default:
-      return null;
-  }
-}
-function convertZodObject(def) {
-  if (!def.shape)
-    return null;
-  const shape = typeof def.shape === "function" ? def.shape() : def.shape;
-  const properties = {};
-  const required = [];
-  for (const [key, value] of Object.entries(shape)) {
-    properties[key] = schemaToJsonSchema(value);
-    const valDef = value._def;
-    const valKind = zodDefKind(valDef);
-    if (valKind !== "optional" && valKind !== "ZodOptional") {
-      required.push(key);
-    }
-  }
-  return { type: "object", properties, required };
-}
-function convertZodArray(def) {
-  return {
-    type: "array",
-    items: schemaToJsonSchema(def.element ?? def.type)
-  };
-}
-function convertZodOptional(def) {
-  return schemaToJsonSchema(def.innerType ?? def.innerType);
-}
 // src/security.ts
 var INJECTION_PATTERNS = [
   {
@@ -2118,6 +2276,21 @@ var SECRET_PATTERNS = [
     detail: "API public key detected",
     replacement: "[REDACTED_API_KEY]"
   },
+  {
+    pattern: /\bghp_[a-zA-Z0-9]{36,}\b/g,
+    detail: "GitHub personal access token detected",
+    replacement: "[REDACTED_GITHUB_TOKEN]"
+  },
+  {
+    pattern: /\bgho_[a-zA-Z0-9]{36,}\b/g,
+    detail: "GitHub OAuth token detected",
+    replacement: "[REDACTED_GITHUB_TOKEN]"
+  },
+  {
+    pattern: /\bgithub_pat_[a-zA-Z0-9_]{20,}\b/g,
+    detail: "GitHub fine-grained token detected",
+    replacement: "[REDACTED_GITHUB_TOKEN]"
+  },
   {
     pattern: /\bapi_key[=:]\s*["']?[a-zA-Z0-9_-]{16,}["']?/gi,
     detail: "API key assignment detected",
@@ -2423,6 +2596,334 @@ function bulkheadMiddleware(config) {
     return bulkhead.execute(() => next(ctx));
   };
 }
+// src/cache.ts
+import { createHash } from "node:crypto";
+var log4 = createLogger();
+function createInMemoryCache(maxSize = 1000) {
+  const cache = new Map;
+  function evict() {
+    if (cache.size <= maxSize)
+      return;
+    const firstKey = cache.keys().next().value;
+    if (firstKey !== undefined)
+      cache.delete(firstKey);
+  }
+  return {
+    async get(key) {
+      const entry = cache.get(key);
+      if (!entry)
+        return null;
+      if (Date.now() > entry.expiresAt) {
+        cache.delete(key);
+        return null;
+      }
+      cache.delete(key);
+      cache.set(key, entry);
+      return entry.value;
+    },
+    async set(key, value, ttlMs) {
+      cache.set(key, { value, expiresAt: Date.now() + ttlMs });
+      evict();
+    },
+    async delete(key) {
+      cache.delete(key);
+    },
+    async clear() {
+      cache.clear();
+    }
+  };
+}
+function defaultCacheKey(ctx) {
+  const data = JSON.stringify({
+    provider: ctx.provider,
+    model: ctx.model,
+    messages: ctx.request.messages,
+    system: ctx.request.system,
+    temperature: ctx.request.temperature
+  });
+  return createHash("sha256").update(data).digest("hex");
+}
+function defaultShouldCache(_ctx, response) {
+  const temp = _ctx.request.temperature;
+  if (temp !== undefined && temp !== 0)
+    return false;
+  return response.stopReason === "end_turn";
+}
+function cacheMiddleware(config) {
+  const ttlMs = config?.ttlMs ?? 3600000;
+  const adapter = config?.adapter ?? createInMemoryCache(config?.maxSize ?? 1000);
+  const keyFn = config?.keyFn ?? defaultCacheKey;
+  const shouldCache = config?.shouldCache ?? defaultShouldCache;
+  let hits = 0;
+  let misses = 0;
+  const middleware = async (ctx, next) => {
+    if (ctx.request.stream) {
+      return next(ctx);
+    }
+    const key = keyFn(ctx);
+    const cached = await adapter.get(key);
+    if (cached) {
+      hits++;
+      log4.debug("Cache hit", { key: key.slice(0, 8), provider: ctx.provider });
+      return cached;
+    }
+    misses++;
+    const response = await next(ctx);
+    if (shouldCache(ctx, response)) {
+      await adapter.set(key, response, ttlMs);
+    }
+    return response;
+  };
+  return Object.assign(middleware, {
+    adapter,
+    stats() {
+      const total = hits + misses;
+      return {
+        hits,
+        misses,
+        size: 0,
+        hitRate: total > 0 ? hits / total : 0
+      };
+    }
+  });
+}
+// src/output-guardrails.ts
+var log5 = createLogger();
+var PII_PATTERNS2 = [
+  {
+    pattern: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/g,
+    label: "email",
+    replacement: "[REDACTED_EMAIL]"
+  },
+  {
+    pattern: /(?:\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}\b/g,
+    label: "phone",
+    replacement: "[REDACTED_PHONE]"
+  },
+  {
+    pattern: /\b\d{3}-\d{2}-\d{4}\b/g,
+    label: "ssn",
+    replacement: "[REDACTED_SSN]"
+  },
+  {
+    pattern: /\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b/g,
+    label: "credit_card",
+    replacement: "[REDACTED_CC]"
+  }
+];
+var SECRET_PATTERNS2 = [
+  {
+    pattern: /\bsk-[A-Za-z0-9]{20,}\b/g,
+    label: "api_key",
+    replacement: "[REDACTED_API_KEY]"
+  },
+  {
+    pattern: /\bpk-[A-Za-z0-9]{20,}\b/g,
+    label: "api_key",
+    replacement: "[REDACTED_API_KEY]"
+  },
+  {
+    pattern: /\bAKIA[A-Z0-9]{16}\b/g,
+    label: "aws_key",
+    replacement: "[REDACTED_AWS_KEY]"
+  }
+];
+function detectPII(text) {
+  const violations = [];
+  const normalized = text.normalize("NFKC");
+  for (const { pattern, label } of [...PII_PATTERNS2, ...SECRET_PATTERNS2]) {
+    const regex = new RegExp(pattern.source, pattern.flags);
+    if (regex.test(normalized)) {
+      violations.push({
+        type: "pii",
+        detail: `Detected ${label} in output`,
+        pattern: label
+      });
+    }
+  }
+  return violations;
+}
+function redactPII(text) {
+  let result = text;
+  for (const { pattern, replacement } of [...PII_PATTERNS2, ...SECRET_PATTERNS2]) {
+    const regex = new RegExp(pattern.source, pattern.flags);
+    result = result.replace(regex, replacement);
+  }
+  return result;
+}
+function checkContentPolicy(text, policy) {
+  const violations = [];
+  if (policy.maxResponseLength && text.length > policy.maxResponseLength) {
+    violations.push({
+      type: "content_policy",
+      detail: `Response length ${text.length} exceeds max ${policy.maxResponseLength}`
+    });
+  }
+  if (policy.blockedPatterns) {
+    for (const pattern of policy.blockedPatterns) {
+      if (pattern.test(text)) {
+        violations.push({
+          type: "content_policy",
+          detail: `Response matches blocked pattern: ${pattern.source}`,
+          pattern: pattern.source
+        });
+      }
+    }
+  }
+  return violations;
+}
+function checkCustomRules(text, rules) {
+  const violations = [];
+  for (const rule of rules) {
+    if (rule.pattern.test(text)) {
+      violations.push({
+        type: "custom_rule",
+        detail: rule.message ?? `Output matched custom rule: ${rule.name}`,
+        pattern: rule.pattern.source
+      });
+    }
+  }
+  return violations;
+}
+function outputGuardrailMiddleware(config) {
+  const mode = config.onViolation ?? "block";
+  return async (ctx, next) => {
+    const response = await next(ctx);
+    const text = extractText(response.message.content);
+    const violations = [];
+    if (config.piiDetection) {
+      violations.push(...detectPII(text));
+    }
+    if (config.contentPolicy) {
+      violations.push(...checkContentPolicy(text, config.contentPolicy));
+    }
+    if (config.customRules?.length) {
+      violations.push(...checkCustomRules(text, config.customRules));
+    }
+    if (violations.length === 0)
+      return response;
+    for (const v of violations) {
+      config.onViolationCallback?.(v);
+    }
+    switch (mode) {
+      case "block":
+        throw ElsiumError.validation(`Output guardrail violation: ${violations.map((v) => v.detail).join("; ")}`, { violations });
+      case "redact": {
+        let redacted = text;
+        if (config.piiDetection) {
+          redacted = redactPII(redacted);
+        }
+        return {
+          ...response,
+          message: { ...response.message, content: redacted }
+        };
+      }
+      case "warn":
+        log5.warn("Output guardrail violations detected", { violations });
+        return response;
+    }
+  };
+}
+// src/batch.ts
+var log6 = createLogger();
+function makeCancelledItem(index) {
+  return { index, success: false, error: "Batch cancelled" };
+}
+function makeFailedItem(index, error) {
+  return { index, success: false, error };
+}
+async function attemptRequest(gateway2, request, retryPerItem) {
+  let lastError;
+  for (let attempt = 0;attempt <= retryPerItem; attempt++) {
+    try {
+      const response = await gateway2.complete(request);
+      return { response };
+    } catch (err2) {
+      lastError = err2 instanceof Error ? err2.message : String(err2);
+      const isRetryable = attempt < retryPerItem && err2 instanceof ElsiumError && err2.retryable;
+      if (!isRetryable)
+        break;
+    }
+  }
+  return { error: lastError };
+}
+function cancelRemaining(results, fromIndex, total) {
+  let cancelled = 0;
+  for (let i = fromIndex;i < total; i++) {
+    results[i] = makeCancelledItem(i);
+    cancelled++;
+  }
+  return cancelled;
+}
+function createBatch(gateway2, config) {
+  const concurrency = config?.concurrency ?? 5;
+  const retryPerItem = config?.retryPerItem ?? 0;
+  return {
+    async execute(requests) {
+      const startTime = performance.now();
+      const results = new Array(requests.length);
+      let completed = 0;
+      let totalSucceeded = 0;
+      let totalFailed = 0;
+      let running = 0;
+      let nextIndex = 0;
+      const signal = config?.signal;
+      async function processItem(index) {
+        if (signal?.aborted) {
+          results[index] = makeCancelledItem(index);
+          totalFailed++;
+          return;
+        }
+        const result = await attemptRequest(gateway2, requests[index], retryPerItem);
+        if (result.response) {
+          results[index] = { index, success: true, response: result.response };
+          totalSucceeded++;
+        } else {
+          results[index] = makeFailedItem(index, result.error);
+          totalFailed++;
+        }
+      }
+      return new Promise((resolve) => {
+        function scheduleNext() {
+          while (running < concurrency && nextIndex < requests.length) {
+            if (signal?.aborted) {
+              totalFailed += cancelRemaining(results, nextIndex, requests.length);
+              nextIndex = requests.length;
+              break;
+            }
+            const idx = nextIndex++;
+            running++;
+            processItem(idx).then(() => {
+              running--;
+              completed++;
+              config?.onProgress?.(completed, requests.length);
+              if (completed === requests.length) {
+                resolve({
+                  results,
+                  totalSucceeded,
+                  totalFailed,
+                  totalDurationMs: Math.round(performance.now() - startTime)
+                });
+              } else {
+                scheduleNext();
+              }
+            });
+          }
+        }
+        if (requests.length === 0) {
+          resolve({
+            results: [],
+            totalSucceeded: 0,
+            totalFailed: 0,
+            totalDurationMs: 0
+          });
+          return;
+        }
+        scheduleNext();
+      });
+    }
+  };
+}
 // src/router.ts
 var REASONING_KEYWORDS = /\b(prove|explain why|analyze|compare|contrast|evaluate|critique|debate|reason|deduce|infer|justify|argue|synthesize|hypothesize|derive)\b/i;
 var CODE_KEYWORDS = /\b(implement|refactor|debug|optimize|architect|design pattern|algorithm|data structure|write code|code review|fix the bug|type system)\b/i;
@@ -2678,22 +3179,28 @@ export {
   registerProvider,
   registerPricing,
   redactSecrets,
+  outputGuardrailMiddleware,
   loggingMiddleware,
   listProviders,
   getProviderMetadata,
   getProviderFactory,
   gateway,
+  estimateCost,
   detectPromptInjection,
   detectJailbreak,
   createProviderMesh,
   createOpenAIProvider,
+  createInMemoryCache,
   createGoogleProvider,
   createBulkhead,
+  createBatch,
   createAnthropicProvider,
   costTrackingMiddleware,
+  composeStreamMiddleware,
   composeMiddleware,
   classifyContent,
   checkBlockedPatterns,
   calculateCost,
+  cacheMiddleware,
   bulkheadMiddleware
 };