@hebo-ai/gateway 0.10.6 → 0.11.0

package/README.md

@@ -16,12 +16,12 @@ Learn more in our blog post: [Yet Another AI Gateway?](https://hebo.ai/blog/2601
 - 💬 Open Responses `/responses` endpoint (stateless), including /conversations.
 - 🗨️ Anthropic-compatible `/messages` endpoint.
 - 🔌 Integrate into your existing Hono, Elysia, Next.js & TanStack apps.
-- 🧩 Provider registry compatible with Vercel AI SDK providers.
+- 🧩 Provider registry compatible with any Vercel AI SDK providers.
 - 🧭 Canonical model IDs and parameter naming across providers.
 - 🗂️ Model catalog with extensible metadata capabilities.
 - 🪝 Hook system to customize routing, auth, rate limits, and shape responses.
-- 🧰 Low-level OpenAI-compatible schema, converters, and middleware helpers.
 - 👁️ Observability via OTel GenAI semantic conventions (Langfuse-compatible).
+- 🧰 Low-level OpenAI-compatible schema, converters, and middleware helpers.
 
 ## 📦 Installation
 
@@ -34,7 +34,7 @@ bun install @hebo-ai/gateway
 - Quickstart
   - [Setup A Gateway Instance](#setup-a-gateway-instance) | [Mount Route Handlers](#mount-route-handlers) | [Call the Gateway](#call-the-gateway)
 - Configuration Reference
-  - [Providers](#providers) | [Models](#models) | [Hooks](#hooks) | [Storage](#storage) | [Logger](#logger-settings) | [Observability](#observability) | [Timeouts](#timeout-settings)
+  - [Providers](#providers) | [Models](#models) | [Hooks](#hooks) | [Storage](#storage) | [Logger](#logger-settings) | [Observability](#observability) | [Advanced](#advanced-settings)
 - Framework Support
   - [ElysiaJS](#elysiajs) | [Hono](#hono) | [Next.js](#nextjs) | [TanStack Start](#tanstack-start)
 - Runtime Support
@@ -71,21 +71,14 @@ export const gw = gateway({
 
   // MODEL CATALOG
   models: defineModelCatalog(
-    // Choose a pre-configured preset for common SOTA models
+    // Choose a pre-configured preset
     gptOss20b,
-    // Or add a whole model family with your own provider list
-    gptOss["all"].map((preset) =>
-      preset({
-        providers: ["groq"],
-      }),
-    ),
+    // Or add a whole model family
+    gptOss["all"],
   ),
 });
 ```
 
-> [!NOTE]
-> Don't forget to install the Groq provider package too: `@ai-sdk/groq`.
-
 > [!TIP]
 > Why `withCanonicalIdsForX`? In most cases you want your gateway to route using model IDs that are consistent across providers (e.g. `openai/gpt-oss-20b` rather than `openai.gpt-oss-20b-v1:0`). We call that `Canonical IDs` - they are what enable routing, fallbacks, and policy rules. Without this wrapper, providers only understands their native IDs, which would make cross-provider routing impossible.
 
@@ -110,11 +103,13 @@ const app = new Elysia().mount("/v1/gateway/", gw.handler).listen(3000);
 console.log(`🐒 Hebo Gateway is running with Elysia at ${app.server?.url}`);
 ```
 
+See [Framework Support](#-framework-support) for all supported framework examples.
+
 ### Call the Gateway
 
-Since Hebo Gateway exposes OpenAI-compatible endpoints, it can be used with a broad set of common AI SDKs like **Vercel AI SDK**, **TanStack AI**, **LangChain**, the official **OpenAI SDK** and others.
+Since Hebo Gateway exposes OpenAI-compatible and Anthropic-compatible endpoints, it can be used with a broad set of common AI SDKs like **Vercel AI SDK**, **TanStack AI**, **LangChain**, the official **OpenAI SDK**, the official **Anthropic SDK**, and others.
 
-Here is a quick example using the Vercel AI SDK:
+Here is a quick example using the Vercel AI SDK against the OpenAI-compatible surface:
 
 ```ts
 import { createOpenAICompatible } from "@ai-sdk/openai-compatible";
@@ -139,20 +134,22 @@ console.log(text);
 
 ### Providers
 
-Hebo Gateway’s provider registry accepts any **Vercel AI SDK Provider**. For Hebo to be able to route a model across different providers, the names need to be canonicalized to a common form, for example 'openai/gpt-4.1-mini' instead of 'gpt-4.1-mini'.
+For most setups, start with one of the built-in canonical provider adapters. They wrap a provider SDK and let the gateway route using stable canonical model IDs like `openai/gpt-4.1-mini` instead of provider-native IDs.
+
+Built-in adapters are available for `Alibaba`, `Anthropic`, `Bedrock`, `Chutes`, `Cohere`, `DeepInfra`, `DeepSeek`, `Fireworks`, `Groq`, `MiniMax`, `Moonshot`, `OpenAI`, `Together AI`, `Vertex`, `Voyage`, `xAI`, and `Z.ai`.
 
-We currently provide out-of-the-box canonical providers for: `Bedrock`, `Anthropic`, `Cohere`, `Vertex`, `Groq`, `OpenAI`, and `Voyage`. Import the helper from the matching package path:
+Import the helper from the matching package path:
 
 ```ts
 // pattern: @hebo-ai/gateway/providers/<provider>
 import { withCanonicalIdsForGroq } from "@hebo-ai/gateway/providers/groq";
 ```
 
-If an adapter is not yet provided, you can create your own by wrapping the provider instance with the `withCanonicalIds` helper and define your custom canonicalization mapping & rules.
+If you need a provider that is not on that list, Hebo Gateway’s provider registry also accepts any **Vercel AI SDK Provider**.
 
 For Azure, use `createAzure` from `@ai-sdk/azure` directly. Name each [Azure AI Foundry](https://learn.microsoft.com/en-us/azure/ai-foundry/foundry-models/concepts/endpoints) deployment after its Hebo canonical ID (e.g. `anthropic/claude-sonnet-4.5`).
 
-For other providers, use `withCanonicalIds` with an explicit `mapping`:
+For custom provider setups, wrap the provider instance with `withCanonicalIds` and define your own canonicalization mapping and rules:
 
 ```ts
 import { createOpenAICompatible } from "@ai-sdk/openai-compatible";
@@ -184,11 +181,13 @@ const gw = gateway({
 
 ### Models
 
-Register models to tell the gateway what's available, under which canonical ID and what capabilities each one has.
+Start with the built-in model presets when possible. They give you ready-to-use catalog entries with canonical IDs, metadata, and default provider lists.
+
+Built-in preset families are available for `Alibaba Qwen`, `Amazon Nova`, `Anthropic Claude`, `Cohere Command/Embed`, `DeepSeek`, `Google Gemini`, `Meta Llama`, `MiniMax`, `Moonshot Kimi`, `OpenAI GPT/GPT-OSS`, `Voyage`, `xAI Grok`, and `Z.ai GLM`.
 
 #### Model Presets
 
-To simplify the registration, Hebo Gateway ships a set of model presets under `@hebo-ai/gateway/models`. Use these when you want ready-to-use catalog entries with sane defaults for common SOTA models.
+Hebo Gateway ships a set of model presets under `@hebo-ai/gateway/models`. Use these when you want ready-to-use catalog entries with sane defaults for common SOTA models.
 
 Presets come in two forms:
 
@@ -214,6 +213,9 @@ const modelsFromFamily = defineModelCatalog(
 
 Out-of-the-box model presets:
 
+- **Alibaba** — `@hebo-ai/gateway/models/alibaba`  
+  Qwen: `qwen` (`v3`, `v3.5`, `v3.6`, `v3.x`, `coder`, `vl`, `embedding`, `embeddings`, `latest`, `all`)
+
 - **Amazon** — `@hebo-ai/gateway/models/amazon`  
   Nova: `nova` (`v1`, `v2`, `v1.x`, `v2.x`, `latest`, `embeddings`, `all`)
 
@@ -224,23 +226,39 @@ Out-of-the-box model presets:
   Command: `command` (`A`, `R`, `latest`, `all`)
   Embed: `embed` (`v4`, `v3`, `latest`, `all`)
 
+- **DeepSeek** — `@hebo-ai/gateway/models/deepseek`  
+  DeepSeek: `deepseek` (`v3.2`, `latest`, `all`)
+
 - **Google** — `@hebo-ai/gateway/models/google`  
   Gemini: `gemini` (`v2.5`, `v3-preview`, `v2.x`, `v3.x`, `embeddings`, `latest`, `preview`, `all`)
+  Gemma: `gemma` (`v3`, `v4`, `v3.x`, `v4.x`, `latest`, `all`)
 
 - **Meta** — `@hebo-ai/gateway/models/meta`  
   Llama: `llama` (`v3.1`, `v3.2`, `v3.3`, `v4`, `v3.x`, `v4.x`, `latest`, `all`)
 
+- **MiniMax** — `@hebo-ai/gateway/models/minimax`  
+  MiniMax: `minimax` (`v2`, `v2.x`, `latest`, `all`)
+
+- **Moonshot** — `@hebo-ai/gateway/models/moonshot`  
+  Kimi: `kimi` (`k2.5`, `k2.6`, `k2.x`, `latest`, `all`)
+
 - **OpenAI** — `@hebo-ai/gateway/models/openai`  
-  GPT: `gpt` (`v5`, `v5.1`, `v5.2`, `v5.3`, `v5.x`, `chat`, `codex`, `pro`, `latest`, `all`)  
+  GPT: `gpt` (`v5`, `v5.1`, `v5.2`, `v5.3`, `v5.4`, `v5.x`, `chat`, `codex`, `pro`, `latest`, `all`)  
   GPT-OSS: `gptOss` (`v1`, `v1.x`, `latest`, `all`)
   Embeddings: `textEmbeddings` (`v3`, `v3.x`, `latest`, `all`)
 
 - **Voyage** — `@hebo-ai/gateway/models/voyage`  
   Voyage: `voyage` (`v2`, `v3`, `v3.5`, `v4`, `v2.x`, `v3.x`, `v4.x`, `latest`, `all`)
 
+- **xAI** — `@hebo-ai/gateway/models/xai`  
+  Grok: `grok` (`v4.1`, `v4.2`, `latest`, `all`)
+
+- **Z.ai** — `@hebo-ai/gateway/models/zai`  
+  GLM: `glm` (`v5`, `v5.1`, `v5.x`, `latest`, `all`)
+
 #### User-defined Models
 
-As the ecosystem is moving faster than anyone can keep-up with, you can always register your own model entries by following the `CatalogModel` type.
+If a built-in preset does not exist yet, you can always register your own model entries by following the `CatalogModel` type.
 
 ```ts
 const gw = gateway({
@@ -808,32 +826,7 @@ Provider behavior:
 
 ### Compressed Requests
 
-The gateway supports gzip and deflate compressed request bodies via the Web Compression Streams API. The `maxBodySize` option controls the maximum _decompressed_ body size for these compressed requests, protecting against gzip bombs and oversized payloads.
-
-```ts
-import { gateway } from "@hebo-ai/gateway";
-
-const gw = gateway({
-  // ...
-  // Maximum decompressed body size in bytes (default: 10 MB).
-  // Set to 0 to disable the decompressed size limit.
-  maxBodySize: 10 * 1024 * 1024,
-});
-```
-
-Compressed requests that exceed this limit after decompression receive an HTTP `413 Payload Too Large` response. Unsupported `Content-Encoding` values return HTTP `415 Unsupported Media Type`.
-
-> [!IMPORTANT]
-> **Plain (uncompressed) request body size limits** are _not_ enforced by the gateway — they should be configured at the framework or server level. The gateway only enforces `maxBodySize` on decompressed output, since the framework cannot know the decompressed size ahead of time.
->
-> Framework-level configuration examples:
->
-> - **Bun** — [`Bun.serve({ maxRequestBodySize: 10_485_760 })`](https://bun.sh/docs/api/http#bun-serve)
-> - **Elysia** — inherits from Bun's `maxRequestBodySize`
-> - **Hono** — [`bodyLimit` middleware](https://hono.dev/docs/middleware/builtin/body-limit): `app.use(bodyLimit({ maxSize: 10 * 1024 * 1024 }))`
-> - **Express** — [`express.json({ limit: '10mb' })`](https://expressjs.com/en/api.html#express.json)
-> - **Fastify** — [`fastify({ bodyLimit: 10485760 })`](https://fastify.dev/docs/latest/Reference/Server/#bodylimit)
-> - **Node.js `http`** — [`server.maxRequestSize`](https://nodejs.org/api/http.html) (v22.6+), or use a reverse proxy like nginx (`client_max_body_size 10m`)
+The gateway supports gzip and deflate compressed request bodies via the Web Compression Streams API. The [`advanced.maxBodySize`](#max-body-size) option controls the maximum _decompressed_ body size for these compressed requests, protecting against gzip bombs and oversized payloads. See [Advanced Settings](#advanced-settings) for configuration details.
 
 ## 🧪 Advanced Usage
 
@@ -1034,25 +1027,38 @@ const gw = gateway({
 
 Langfuse credentials are read from environment variables by the Langfuse OTel SDK (`LANGFUSE_PUBLIC_KEY`, `LANGFUSE_SECRET_KEY`, `LANGFUSE_BASE_URL`).
 
-### Timeout Settings
+### Advanced Settings
 
-You can configure request timeouts via the `timeouts` field:
+The `advanced` field groups optional settings for timeouts, body size limits, and header forwarding.
 
 ```ts
 import { gateway } from "@hebo-ai/gateway";
 
 const gw = gateway({
   // ...
-  // default timeout is 300_000 (5 minutes).
-  // You can set one timeout for all tiers...
+  advanced: {
+    timeouts: { normal: 60_000, flex: 180_000 },
+    maxBodySize: 10 * 1024 * 1024,
+    forwardHeaders: ["x-my-custom-trace-id", "x-internal-team"],
+  },
+});
+```
+
+#### Timeouts
+
+Controls upstream request timeouts. Accepts a number (milliseconds), `null` (disabled), or a tiered object. Default is `300_000` (5 minutes).
+
+```ts
+advanced: {
+  // Single timeout for all tiers
   timeouts: 60_000,
-  // ...disable timeouts completely:
+  // ...or disable completely:
   // timeouts: null,
   // ...or split by service tier:
   // - normal: all non-flex tiers (set null to disable)
   // - flex: defaults to 3x normal when omitted (set null to disable)
   // timeouts: { normal: 30_000, flex: null },
-});
+}
 ```
 
 > [!NOTE]
@@ -1065,6 +1071,42 @@ const gw = gateway({
 > **Provider/service timeout limits**
 > Serverless platforms (e.g. Cloudflare Workers, Vercel Edge/Serverless, AWS Lambda) also enforce platform time limits (roughly ~25-100s on edge paths, ~300s for streaming, and up to ~900s configurable for some).
 
+#### Max Body Size
+
+Maximum _decompressed_ request body size in bytes for gzip/deflate-encoded requests. Protects against gzip bombs and oversized payloads. Default is `10_485_760` (10 MB). Set to `0` to disable.
+
+Compressed requests that exceed this limit after decompression receive an HTTP `413 Payload Too Large` response. Unsupported `Content-Encoding` values return HTTP `415 Unsupported Media Type`.
+
+> [!IMPORTANT]
+> **Plain (uncompressed) request body size limits** are _not_ enforced by the gateway — they should be configured at the framework or server level. The gateway only enforces `maxBodySize` on decompressed output, since the framework cannot know the decompressed size ahead of time.
+>
+> Framework-level configuration examples:
+>
+> - **Bun** — [`Bun.serve({ maxRequestBodySize: 10_485_760 })`](https://bun.sh/docs/api/http#bun-serve)
+> - **Elysia** — inherits from Bun's `maxRequestBodySize`
+> - **Hono** — [`bodyLimit` middleware](https://hono.dev/docs/middleware/builtin/body-limit): `app.use(bodyLimit({ maxSize: 10 * 1024 * 1024 }))`
+> - **Express** — [`express.json({ limit: '10mb' })`](https://expressjs.com/en/api.html#express.json)
+> - **Fastify** — [`fastify({ bodyLimit: 10485760 })`](https://fastify.dev/docs/latest/Reference/Server/#bodylimit)
+> - **Node.js `http`** — no built-in request-body size option; enforce a limit while reading the request stream, or use a reverse proxy like nginx (`client_max_body_size 10m`)
+
+#### Forward Headers
+
+Additional headers to forward to upstream providers, merged with the built-in allowlist at startup. Header names are matched case-insensitively. The merge is computed once at config parse time, not per-request.
+
+> [!CAUTION]
+> Only add non-sensitive headers. Any header listed in `advanced.forwardHeaders` is forwarded to upstream providers when present on the incoming request — avoid credentials, cookies, user tokens, or raw PII.
+
+The gateway ships a built-in allowlist covering common provider, agent, and SDK headers (OpenAI, Anthropic, Bedrock, Vertex, OpenRouter, Cohere, Stainless, Google, Kilo Code, Cline, Roo Code, Goose, Claude Code). Use `forwardHeaders` to extend it with your own headers without modifying the gateway source.
+
+```ts
+advanced: {
+  forwardHeaders: [
+    "x-my-custom-trace-id",
+    "x-internal-team",
+  ],
+}
+```
+
 ### Passing Framework State to Hooks
 
 You can pass per-request info from your framework into the gateway via the second `state` argument on the handler, then read it in hooks through `ctx.state`.
@@ -1170,32 +1212,3 @@ Non-streaming versions are available via `toChatCompletionsResponse`. Equivalent
 
 > [!TIP]
 > Since Zod v4.3 you can generate a JSON Schema from any zod object by calling `z.toJSONSchema(...)`. This is useful for producing OpenAPI documentation from the same source of truth.
-
-### Request Body Size
-
-The gateway supports gzip and deflate compressed request bodies via the Web Compression Streams API. The `maxBodySize` option controls the maximum _decompressed_ body size for these compressed requests, protecting against gzip bombs and oversized payloads.
-
-```ts
-import { gateway } from "@hebo-ai/gateway";
-
-const gw = gateway({
-  // ...
-  // Maximum decompressed body size in bytes (default: 10 MB).
-  // Set to 0 to disable the decompressed size limit.
-  maxBodySize: 10 * 1024 * 1024,
-});
-```
-
-Compressed requests that exceed this limit after decompression receive an HTTP `413 Payload Too Large` response. Unsupported `Content-Encoding` values return HTTP `415 Unsupported Media Type`.
-
-> [!IMPORTANT]
-> **Plain (uncompressed) request body size limits** are _not_ enforced by the gateway — they should be configured at the framework or server level. The gateway only enforces `maxBodySize` on decompressed output, since the framework cannot know the decompressed size ahead of time.
->
-> Framework-level configuration examples:
->
-> - **Bun** — [`Bun.serve({ maxRequestBodySize: 10_485_760 })`](https://bun.sh/docs/api/http#bun-serve)
-> - **Elysia** — inherits from Bun's `maxRequestBodySize`
-> - **Hono** — [`bodyLimit` middleware](https://hono.dev/docs/middleware/builtin/body-limit): `app.use(bodyLimit({ maxSize: 10 * 1024 * 1024 }))`
-> - **Express** — [`express.json({ limit: '10mb' })`](https://expressjs.com/en/api.html#express.json)
-> - **Fastify** — [`fastify({ bodyLimit: 10485760 })`](https://fastify.dev/docs/latest/Reference/Server/#bodylimit)
-> - **Node.js `http`** — [`server.maxRequestSize`](https://nodejs.org/api/http.html) (v22.6+), or use a reverse proxy like nginx (`client_max_body_size 10m`)

package/dist/config.js

@@ -4,6 +4,7 @@ import { createDefaultLogger } from "./logger/default";
 import { installAiSdkWarningLogger } from "./telemetry/ai-sdk";
 import { DEFAULT_CHAT_TIMEOUT_MS, kParsed, } from "./types";
 import { DEFAULT_MAX_BODY_SIZE } from "./utils/body";
+import { FORWARD_HEADER_ALLOWLIST } from "./utils/request";
 export const parseConfig = (config) => {
     // If it has been parsed before, just return.
     if (kParsed in config)
@@ -72,7 +73,7 @@ export const parseConfig = (config) => {
     // Default timeouts
     let normal;
     let flex;
-    const t = config.timeouts;
+    const t = config.advanced?.timeouts;
     if (t === null) {
         normal = flex = undefined;
     }
@@ -96,7 +97,7 @@ export const parseConfig = (config) => {
     }
     const parsedTimeouts = { normal, flex };
     // Body size limit
-    const rawMax = config.maxBodySize;
+    const rawMax = config.advanced?.maxBodySize;
     let maxBodySize;
     if (typeof rawMax === "number" && Number.isFinite(rawMax) && rawMax >= 0) {
         maxBodySize = rawMax;
@@ -107,11 +108,27 @@ export const parseConfig = (config) => {
             logger.warn(`[config] invalid maxBodySize (${rawMax}), using default ${DEFAULT_MAX_BODY_SIZE}`);
         }
     }
+    // Merge forward header allowlist once.
+    const customHeaders = config.advanced?.forwardHeaders ?? [];
+    const forwardHeaders = new Set(FORWARD_HEADER_ALLOWLIST);
+    for (const header of customHeaders) {
+        try {
+            void new Headers([[header, ""]]);
+        }
+        catch {
+            logger.warn(`[config] invalid advanced.forwardHeaders entry ignored: ${JSON.stringify(header)}`);
+            continue;
+        }
+        forwardHeaders.add(header.trim().toLowerCase());
+    }
     // Return parsed config.
     return {
         ...config,
-        timeouts: parsedTimeouts,
-        maxBodySize,
+        advanced: {
+            timeouts: parsedTimeouts,
+            maxBodySize,
+            forwardHeaders: [...forwardHeaders],
+        },
         telemetry: {
             ...config.telemetry,
             enabled: telemetryEnabled,

package/dist/endpoints/chat-completions/handler.js

@@ -24,7 +24,7 @@ export const chatCompletions = (config) => {
             throw new GatewayError("Method Not Allowed", 405);
         }
         // Parse + validate input (handles Content-Encoding decompression + body size limits).
-        ctx.body = (await parseRequestBody(ctx.request, cfg.maxBodySize));
+        ctx.body = (await parseRequestBody(ctx.request, cfg.advanced.maxBodySize));
         logger.trace({ requestId: ctx.requestId, body: ctx.body }, "[chat] ChatCompletionsBody");
         addSpanEvent("hebo.request.deserialized");
         const parsed = ChatCompletionsBodySchema.safeParse(ctx.body);
@@ -81,10 +81,12 @@ export const chatCompletions = (config) => {
             let ttft = 0;
             const result = streamText({
                 model: languageModelWithMiddleware,
-                headers: prepareForwardHeaders(ctx.request),
+                headers: prepareForwardHeaders(ctx.request, cfg.advanced.forwardHeaders),
                 abortSignal: ctx.request.signal,
                 timeout: {
-                    totalMs: ctx.body.service_tier === "flex" ? cfg.timeouts.flex : cfg.timeouts.normal,
+                    totalMs: ctx.body.service_tier === "flex"
+                        ? cfg.advanced.timeouts.flex
+                        : cfg.advanced.timeouts.normal,
                 },
                 onAbort: () => {
                     throw new DOMException("The operation was aborted.", "AbortError");
@@ -122,9 +124,11 @@ export const chatCompletions = (config) => {
         addSpanEvent("hebo.ai-sdk.started");
         const result = await generateText({
             model: languageModelWithMiddleware,
-            headers: prepareForwardHeaders(ctx.request),
+            headers: prepareForwardHeaders(ctx.request, cfg.advanced.forwardHeaders),
             abortSignal: ctx.request.signal,
-            timeout: ctx.body.service_tier === "flex" ? cfg.timeouts.flex : cfg.timeouts.normal,
+            timeout: ctx.body.service_tier === "flex"
+                ? cfg.advanced.timeouts.flex
+                : cfg.advanced.timeouts.normal,
             experimental_include: {
                 requestBody: false,
                 responseBody: false,

package/dist/endpoints/conversations/handler.js

@@ -43,7 +43,7 @@ export const conversations = (config) => {
         };
     }
     async function create(ctx) {
-        const body = await parseRequestBody(ctx.request, parsedConfig.maxBodySize);
+        const body = await parseRequestBody(ctx.request, parsedConfig.advanced.maxBodySize);
         addSpanEvent("hebo.request.deserialized");
         const parsed = ConversationCreateParamsSchema.safeParse(body);
         if (!parsed.success) {
@@ -67,7 +67,7 @@ export const conversations = (config) => {
         return toConversation(entity);
     }
     async function update(ctx, conversationId) {
-        const body = await parseRequestBody(ctx.request, parsedConfig.maxBodySize);
+        const body = await parseRequestBody(ctx.request, parsedConfig.advanced.maxBodySize);
         addSpanEvent("hebo.request.deserialized");
         const parsed = ConversationUpdateBodySchema.safeParse(body);
         if (!parsed.success) {
@@ -139,7 +139,7 @@ export const conversations = (config) => {
         };
     }
     async function addItems(ctx, conversationId) {
-        const body = await parseRequestBody(ctx.request, parsedConfig.maxBodySize);
+        const body = await parseRequestBody(ctx.request, parsedConfig.advanced.maxBodySize);
         addSpanEvent("hebo.request.deserialized");
         const parsed = ConversationItemsAddBodySchema.safeParse(body);
         if (!parsed.success) {

package/dist/endpoints/embeddings/handler.js

@@ -24,7 +24,7 @@ export const embeddings = (config) => {
             throw new GatewayError("Method Not Allowed", 405);
         }
         // Parse + validate input (handles Content-Encoding decompression + body size limits).
-        ctx.body = (await parseRequestBody(ctx.request, cfg.maxBodySize));
+        ctx.body = (await parseRequestBody(ctx.request, cfg.advanced.maxBodySize));
         logger.trace({ requestId: ctx.requestId, result: ctx.body }, "[chat] EmbeddingsBody");
         addSpanEvent("hebo.request.deserialized");
         const parsed = EmbeddingsBodySchema.safeParse(ctx.body);
@@ -75,7 +75,7 @@ export const embeddings = (config) => {
         addSpanEvent("hebo.ai-sdk.started");
         const result = await embedMany({
             model: embeddingModelWithMiddleware,
-            headers: prepareForwardHeaders(ctx.request),
+            headers: prepareForwardHeaders(ctx.request, cfg.advanced.forwardHeaders),
             abortSignal: ctx.request.signal,
             ...embedOptions,
         });

package/dist/endpoints/messages/converters.js

@@ -133,34 +133,30 @@ export function convertToModelMessages(messages, system) {
     return modelMessages;
 }
 function fromUserMessage(message, toolNameMap) {
-    const result = [];
     if (typeof message.content === "string") {
-        result.push({ role: "user", content: message.content });
-        return result;
+        return [{ role: "user", content: message.content }];
     }
-    const userParts = [];
-    const toolResultParts = [];
+    const result = [];
+    let currentParts = [];
+    let currentRole;
     for (const block of message.content) {
-        if (block.type === "tool_result") {
-            toolResultParts.push(fromToolResultBlock(block, toolNameMap));
+        const isToolResult = block.type === "tool_result";
+        const role = isToolResult ? "tool" : "user";
+        const part = isToolResult
+            ? fromToolResultBlock(block, toolNameMap)
+            : fromUserContentBlock(block);
+        if (!part)
+            continue;
+        if (role === currentRole) {
+            currentParts.push(part);
         }
         else {
-            const part = fromUserContentBlock(block);
-            if (part)
-                userParts.push(part);
+            currentParts = [part];
+            currentRole = role;
+            result.push({ role, content: currentParts });
         }
     }
-    if (userParts.length > 0) {
-        result.push({ role: "user", content: userParts });
-    }
-    if (toolResultParts.length > 0) {
-        result.push({ role: "tool", content: toolResultParts });
-    }
-    // If only tool results and no user parts, still valid
-    if (userParts.length === 0 && toolResultParts.length === 0) {
-        result.push({ role: "user", content: "" });
-    }
-    return result;
+    return result.length > 0 ? result : [{ role: "user", content: "" }];
 }
 function fromUserContentBlock(block) {
     // tool_result blocks are handled separately in fromUserMessage

package/dist/endpoints/messages/handler.js

@@ -23,7 +23,7 @@ export const messages = (config) => {
             throw new GatewayError("Method Not Allowed", 405);
         }
         // Parse + validate input (handles Content-Encoding decompression + body size limits).
-        ctx.body = (await parseRequestBody(ctx.request, cfg.maxBodySize));
+        ctx.body = (await parseRequestBody(ctx.request, cfg.advanced.maxBodySize));
         logger.trace({ requestId: ctx.requestId, body: ctx.body }, "[messages] MessagesBody");
         addSpanEvent("hebo.request.deserialized");
         const parsed = MessagesBodySchema.safeParse(ctx.body);
@@ -72,10 +72,10 @@ export const messages = (config) => {
             let ttft = 0;
             const result = streamText({
                 model: languageModelWithMiddleware,
-                headers: prepareForwardHeaders(ctx.request),
+                headers: prepareForwardHeaders(ctx.request, cfg.advanced.forwardHeaders),
                 abortSignal: ctx.request.signal,
                 timeout: {
-                    totalMs: cfg.timeouts.normal,
+                    totalMs: cfg.advanced.timeouts.normal,
                 },
                 onAbort: () => {
                     throw new DOMException("The operation was aborted.", "AbortError");
@@ -113,9 +113,9 @@ export const messages = (config) => {
         addSpanEvent("hebo.ai-sdk.started");
         const result = await generateText({
             model: languageModelWithMiddleware,
-            headers: prepareForwardHeaders(ctx.request),
+            headers: prepareForwardHeaders(ctx.request, cfg.advanced.forwardHeaders),
             abortSignal: ctx.request.signal,
-            timeout: cfg.timeouts.normal,
+            timeout: cfg.advanced.timeouts.normal,
             experimental_include: {
                 requestBody: false,
                 responseBody: false,

package/dist/endpoints/responses/handler.js

@@ -23,7 +23,7 @@ export const responses = (config) => {
             throw new GatewayError("Method Not Allowed", 405);
         }
         // Parse + validate input (handles Content-Encoding decompression + body size limits).
-        ctx.body = (await parseRequestBody(ctx.request, cfg.maxBodySize));
+        ctx.body = (await parseRequestBody(ctx.request, cfg.advanced.maxBodySize));
         logger.trace({ requestId: ctx.requestId, body: ctx.body }, "[responses] ResponsesBody");
         addSpanEvent("hebo.request.deserialized");
         const parsed = ResponsesBodySchema.safeParse(ctx.body);
@@ -71,10 +71,12 @@ export const responses = (config) => {
             let ttft = 0;
             const result = streamText({
                 model: languageModelWithMiddleware,
-                headers: prepareForwardHeaders(ctx.request),
+                headers: prepareForwardHeaders(ctx.request, cfg.advanced.forwardHeaders),
                 abortSignal: ctx.request.signal,
                 timeout: {
-                    totalMs: ctx.body.service_tier === "flex" ? cfg.timeouts.flex : cfg.timeouts.normal,
+                    totalMs: ctx.body.service_tier === "flex"
+                        ? cfg.advanced.timeouts.flex
+                        : cfg.advanced.timeouts.normal,
                 },
                 onAbort: () => {
                     throw new DOMException("The operation was aborted.", "AbortError");
@@ -112,9 +114,11 @@ export const responses = (config) => {
         addSpanEvent("hebo.ai-sdk.started");
         const result = await generateText({
             model: languageModelWithMiddleware,
-            headers: prepareForwardHeaders(ctx.request),
+            headers: prepareForwardHeaders(ctx.request, cfg.advanced.forwardHeaders),
             abortSignal: ctx.request.signal,
-            timeout: ctx.body.service_tier === "flex" ? cfg.timeouts.flex : cfg.timeouts.normal,
+            timeout: ctx.body.service_tier === "flex"
+                ? cfg.advanced.timeouts.flex
+                : cfg.advanced.timeouts.normal,
             experimental_include: {
                 requestBody: false,
                 responseBody: false,

package/dist/index.d.ts

@@ -10,3 +10,4 @@ export * from "./models/catalog";
 export * from "./models/types";
 export * from "./providers/registry";
 export * from "./providers/types";
+export { FORWARD_HEADER_ALLOWLIST } from "./utils";

package/dist/index.js

@@ -9,3 +9,4 @@ export * from "./models/catalog";
 export * from "./models/types";
 export * from "./providers/registry";
 export * from "./providers/types";
+export { FORWARD_HEADER_ALLOWLIST } from "./utils";

package/dist/lifecycle.js

@@ -54,8 +54,7 @@ export const winterCgHandler = (run, config) => {
                     requestId: ctx.requestId,
                     err: reason ?? ctx.request.signal.reason,
                 });
-                const isUpstreamError = reason instanceof GatewayError && reason.statusText.startsWith("UPSTREAM_");
-                span.recordError(reason, realStatus >= 500 || isUpstreamError);
+                span.recordError(reason, true);
             }
             span.setAttributes({ "http.response.status_code_effective": realStatus });
             if (ctx.operation === "chat" ||

package/dist/models/alibaba/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./presets";
+export * from "./middleware";

package/dist/models/alibaba/index.js

@@ -0,0 +1,2 @@
+export * from "./presets";
+export * from "./middleware";

package/dist/models/alibaba/middleware.d.ts

@@ -0,0 +1,2 @@
+import type { LanguageModelMiddleware } from "ai";
+export declare const qwenReasoningMiddleware: LanguageModelMiddleware;

package/dist/models/alibaba/middleware.js

@@ -0,0 +1,31 @@
+import { modelMiddlewareMatcher } from "../../middleware/matcher";
+import { calculateReasoningBudgetFromEffort } from "../../middleware/utils";
+const QWEN_DEFAULT_MAX_OUTPUT_TOKENS = 16384;
+export const qwenReasoningMiddleware = {
+    specificationVersion: "v3",
+    // oxlint-disable-next-line require-await
+    transformParams: async ({ params }) => {
+        const unknown = params.providerOptions?.["unknown"];
+        if (!unknown)
+            return params;
+        const reasoning = unknown["reasoning"];
+        if (!reasoning)
+            return params;
+        const target = (params.providerOptions["alibaba"] ??= {});
+        if (!reasoning.enabled || reasoning.effort === "none") {
+            target.enableThinking = false;
+            delete target.thinkingBudget;
+        }
+        else {
+            target.enableThinking = true;
+            target.thinkingBudget =
+                reasoning.max_tokens ??
+                    calculateReasoningBudgetFromEffort(reasoning.effort ?? "medium", params.maxOutputTokens ?? QWEN_DEFAULT_MAX_OUTPUT_TOKENS);
+        }
+        delete unknown["reasoning"];
+        return params;
+    },
+};
+modelMiddlewareMatcher.useForModel("alibaba/qwen*", {
+    language: [qwenReasoningMiddleware],
+});