npm - @intranefr/superbackend - Versions diffs - 1.4.3 - Mend

@intranefr/superbackend 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/.commiat +4 -0
package/.env.example +47 -0
package/README.md +110 -0
package/index.js +94 -0
package/package.json +67 -0
package/public/css/styles.css +139 -0
package/public/js/animations.js +41 -0
package/sdk/error-tracking/browser/package.json +16 -0
package/sdk/error-tracking/browser/src/core.js +270 -0
package/sdk/error-tracking/browser/src/embed.js +18 -0
package/sdk/error-tracking/browser/src/index.js +1 -0
package/server.js +5 -0
package/src/admin/endpointRegistry.js +300 -0
package/src/controllers/admin.controller.js +321 -0
package/src/controllers/adminAssets.controller.js +530 -0
package/src/controllers/adminAssetsStorage.controller.js +260 -0
package/src/controllers/adminEjsVirtual.controller.js +354 -0
package/src/controllers/adminFeatureFlags.controller.js +155 -0
package/src/controllers/adminHeadless.controller.js +1071 -0
package/src/controllers/adminI18n.controller.js +604 -0
package/src/controllers/adminJsonConfigs.controller.js +97 -0
package/src/controllers/adminLlm.controller.js +273 -0
package/src/controllers/adminMigration.controller.js +257 -0
package/src/controllers/adminSeoConfig.controller.js +515 -0
package/src/controllers/adminStats.controller.js +121 -0
package/src/controllers/adminUploadNamespaces.controller.js +208 -0
package/src/controllers/assets.controller.js +248 -0
package/src/controllers/auth.controller.js +93 -0
package/src/controllers/billing.controller.js +223 -0
package/src/controllers/featureFlags.controller.js +35 -0
package/src/controllers/forms.controller.js +217 -0
package/src/controllers/globalSettings.controller.js +252 -0
package/src/controllers/headlessCrud.controller.js +126 -0
package/src/controllers/i18n.controller.js +12 -0
package/src/controllers/invite.controller.js +249 -0
package/src/controllers/jsonConfigs.controller.js +19 -0
package/src/controllers/metrics.controller.js +149 -0
package/src/controllers/notificationAdmin.controller.js +264 -0
package/src/controllers/notifications.controller.js +131 -0
package/src/controllers/org.controller.js +357 -0
package/src/controllers/orgAdmin.controller.js +491 -0
package/src/controllers/stripeAdmin.controller.js +410 -0
package/src/controllers/user.controller.js +361 -0
package/src/controllers/userAdmin.controller.js +277 -0
package/src/controllers/waitingList.controller.js +167 -0
package/src/controllers/webhook.controller.js +200 -0
package/src/middleware/auth.js +66 -0
package/src/middleware/errorCapture.js +170 -0
package/src/middleware/headlessApiTokenAuth.js +57 -0
package/src/middleware/org.js +108 -0
package/src/middleware.js +901 -0
package/src/models/ActionEvent.js +31 -0
package/src/models/ActivityLog.js +41 -0
package/src/models/Asset.js +84 -0
package/src/models/AuditEvent.js +93 -0
package/src/models/EmailLog.js +28 -0
package/src/models/ErrorAggregate.js +72 -0
package/src/models/FormSubmission.js +41 -0
package/src/models/GlobalSetting.js +38 -0
package/src/models/HeadlessApiToken.js +24 -0
package/src/models/HeadlessModelDefinition.js +41 -0
package/src/models/I18nEntry.js +77 -0
package/src/models/I18nLocale.js +33 -0
package/src/models/Invite.js +70 -0
package/src/models/JsonConfig.js +46 -0
package/src/models/Notification.js +60 -0
package/src/models/Organization.js +57 -0
package/src/models/OrganizationMember.js +43 -0
package/src/models/StripeCatalogItem.js +77 -0
package/src/models/StripeWebhookEvent.js +57 -0
package/src/models/User.js +89 -0
package/src/models/VirtualEjsFile.js +60 -0
package/src/models/VirtualEjsFileVersion.js +43 -0
package/src/models/VirtualEjsGroupChange.js +32 -0
package/src/models/WaitingList.js +41 -0
package/src/models/Webhook.js +63 -0
package/src/models/Workflow.js +29 -0
package/src/models/WorkflowExecution.js +12 -0
package/src/routes/admin.routes.js +26 -0
package/src/routes/adminAssets.routes.js +28 -0
package/src/routes/adminAssetsStorage.routes.js +13 -0
package/src/routes/adminAudit.routes.js +196 -0
package/src/routes/adminEjsVirtual.routes.js +17 -0
package/src/routes/adminErrors.routes.js +164 -0
package/src/routes/adminFeatureFlags.routes.js +12 -0
package/src/routes/adminHeadless.routes.js +38 -0
package/src/routes/adminI18n.routes.js +22 -0
package/src/routes/adminJsonConfigs.routes.js +15 -0
package/src/routes/adminLlm.routes.js +12 -0
package/src/routes/adminMigration.routes.js +81 -0
package/src/routes/adminSeoConfig.routes.js +20 -0
package/src/routes/adminUploadNamespaces.routes.js +13 -0
package/src/routes/assets.routes.js +21 -0
package/src/routes/auth.routes.js +12 -0
package/src/routes/billing.routes.js +11 -0
package/src/routes/errorTracking.routes.js +31 -0
package/src/routes/featureFlags.routes.js +9 -0
package/src/routes/forms.routes.js +9 -0
package/src/routes/formsAdmin.routes.js +13 -0
package/src/routes/globalSettings.routes.js +18 -0
package/src/routes/headless.routes.js +15 -0
package/src/routes/i18n.routes.js +8 -0
package/src/routes/invite.routes.js +9 -0
package/src/routes/jsonConfigs.routes.js +8 -0
package/src/routes/log.routes.js +111 -0
package/src/routes/metrics.routes.js +9 -0
package/src/routes/notificationAdmin.routes.js +15 -0
package/src/routes/notifications.routes.js +12 -0
package/src/routes/org.routes.js +31 -0
package/src/routes/orgAdmin.routes.js +20 -0
package/src/routes/publicAssets.routes.js +7 -0
package/src/routes/stripeAdmin.routes.js +20 -0
package/src/routes/user.routes.js +22 -0
package/src/routes/userAdmin.routes.js +15 -0
package/src/routes/waitingList.routes.js +13 -0
package/src/routes/waitingListAdmin.routes.js +9 -0
package/src/routes/webhook.routes.js +32 -0
package/src/routes/workflowWebhook.routes.js +54 -0
package/src/routes/workflows.routes.js +110 -0
package/src/services/assets.service.js +110 -0
package/src/services/audit.service.js +62 -0
package/src/services/auditLogger.js +165 -0
package/src/services/ejsVirtual.service.js +614 -0
package/src/services/email.service.js +351 -0
package/src/services/errorLogger.js +221 -0
package/src/services/featureFlags.service.js +202 -0
package/src/services/forms.service.js +214 -0
package/src/services/globalSettings.service.js +49 -0
package/src/services/headlessApiTokens.service.js +158 -0
package/src/services/headlessCrypto.service.js +31 -0
package/src/services/headlessModels.service.js +356 -0
package/src/services/i18n.service.js +314 -0
package/src/services/i18nInferredKeys.service.js +337 -0
package/src/services/jsonConfigs.service.js +392 -0
package/src/services/llm.service.js +749 -0
package/src/services/migration.service.js +581 -0
package/src/services/migrationAssets/fsLocal.js +58 -0
package/src/services/migrationAssets/index.js +134 -0
package/src/services/migrationAssets/s3.js +75 -0
package/src/services/migrationAssets/sftp.js +92 -0
package/src/services/notification.service.js +212 -0
package/src/services/objectStorage.service.js +514 -0
package/src/services/seoConfig.service.js +402 -0
package/src/services/storage.js +150 -0
package/src/services/stripe.service.js +185 -0
package/src/services/stripeHelper.service.js +264 -0
package/src/services/uploadNamespaces.service.js +326 -0
package/src/services/webhook.service.js +157 -0
package/src/services/workflow.service.js +271 -0
package/src/utils/asyncHandler.js +5 -0
package/src/utils/encryption.js +80 -0
package/src/utils/jwt.js +40 -0
package/src/utils/orgRoles.js +156 -0
package/src/utils/validation.js +26 -0
package/src/utils/webhookRetry.js +93 -0
package/views/admin-assets.ejs +444 -0
package/views/admin-audit.ejs +283 -0
package/views/admin-coolify-deploy.ejs +207 -0
package/views/admin-dashboard-home.ejs +291 -0
package/views/admin-dashboard.ejs +397 -0
package/views/admin-ejs-virtual.ejs +280 -0
package/views/admin-errors.ejs +368 -0
package/views/admin-feature-flags.ejs +390 -0
package/views/admin-forms.ejs +526 -0
package/views/admin-global-settings.ejs +436 -0
package/views/admin-headless.ejs +2020 -0
package/views/admin-i18n-locales.ejs +221 -0
package/views/admin-i18n.ejs +728 -0
package/views/admin-json-configs.ejs +410 -0
package/views/admin-llm.ejs +884 -0
package/views/admin-metrics.ejs +274 -0
package/views/admin-migration.ejs +814 -0
package/views/admin-notifications.ejs +430 -0
package/views/admin-organizations.ejs +984 -0
package/views/admin-seo-config.ejs +673 -0
package/views/admin-stripe-pricing.ejs +558 -0
package/views/admin-test.ejs +342 -0
package/views/admin-users.ejs +452 -0
package/views/admin-waiting-list.ejs +547 -0
package/views/admin-webhooks.ejs +329 -0
package/views/admin-workflows.ejs +310 -0
package/views/partials/admin-assets-script.ejs +2022 -0
package/views/partials/admin-test-sidebar.ejs +14 -0
package/views/partials/dashboard/nav-items.ejs +66 -0
package/views/partials/dashboard/palette.ejs +63 -0
package/views/partials/dashboard/sidebar.ejs +21 -0
package/views/partials/dashboard/tab-bar.ejs +26 -0
package/views/partials/footer.ejs +3 -0

package/src/services/llm.service.js ADDED Viewed

@@ -0,0 +1,749 @@
+const axios = require("axios");
+const AuditEvent = require("../models/AuditEvent");
+const GlobalSetting = require("../models/GlobalSetting");
+const { decryptString } = require("../utils/encryption");
+const PROVIDERS_KEY = "llm.providers";
+const PROMPTS_KEY = "llm.prompts";
+let cache = {
+  providers: null,
+  prompts: null,
+  ts: 0,
+};
+const CACHE_TTL = 60000;
+function computeCompletionURL(baseUrl) {
+  const trimmed = baseUrl.replace(/\/$/, "");
+  // Perplexity: already exposes /chat/completions
+  if (trimmed.includes('perplex')) {
+    if (trimmed.endsWith('/chat/completions')) return trimmed;
+    return trimmed + "/chat/completions";
+  }
+  // If base already includes /v1 (e.g., https://openrouter.ai/api/v1), do not append another /v1
+  if (/(?:^|\/)v1$/.test(trimmed)) {
+    return trimmed + "/chat/completions";
+  }
+  if (trimmed.endsWith('/v1/chat/completions')) return trimmed;
+  return trimmed + "/v1/chat/completions";
+}
+async function loadConfig() {
+  const now = Date.now();
+  if (cache.ts && now - cache.ts < CACHE_TTL && cache.providers && cache.prompts) {
+    return { providers: cache.providers, prompts: cache.prompts };
+  }
+  const keys = [PROVIDERS_KEY, PROMPTS_KEY];
+  const docs = await GlobalSetting.find({ key: { $in: keys } })
+    .select("key value")
+    .lean();
+  const byKey = Array.isArray(docs)
+    ? Object.fromEntries(docs.map((d) => [d.key, d.value]))
+    : {};
+  let providers = {};
+  let prompts = {};
+  try {
+    providers = byKey[PROVIDERS_KEY]
+      ? JSON.parse(byKey[PROVIDERS_KEY])
+      : {};
+  } catch (e) {
+    providers = {};
+  }
+  try {
+    prompts = byKey[PROMPTS_KEY] ? JSON.parse(byKey[PROMPTS_KEY]) : {};
+  } catch (e) {
+    prompts = {};
+  }
+  // Load encrypted API keys for providers
+  try {
+    const apiKeyDocs = await GlobalSetting.find({
+      key: { $regex: /^llm\.provider\..+\.apiKey$/ },
+      type: "encrypted",
+    })
+      .select("key value type")
+      .lean();
+    if (Array.isArray(apiKeyDocs)) {
+      for (const doc of apiKeyDocs) {
+        const key = String(doc.key || "");
+        const match = key.match(/^llm\.provider\.(.+)\.apiKey$/);
+        if (!match) continue;
+        const providerKey = match[1];
+        if (!providerKey) continue;
+        try {
+          const payload = JSON.parse(doc.value);
+          const apiKey = decryptString(payload);
+          if (!providers[providerKey]) {
+            providers[providerKey] = {};
+          }
+          providers[providerKey].apiKey = apiKey;
+        } catch (e) {
+          // Ignore decryption errors for individual providers
+        }
+      }
+    }
+  } catch (e) {
+    // Do not fail overall config load if encrypted keys query fails
+  }
+  cache = { providers, prompts, ts: now };
+  return { providers, prompts };
+}
+function interpolateTemplate(template, variables) {
+  const v = variables || {};
+  return String(template || "").replace(/\{([^}]+)\}/g, (match, key) => {
+    const k = String(key || "").trim();
+    if (!Object.prototype.hasOwnProperty.call(v, k)) {
+      return "";
+    }
+    const value = v[k];
+    if (value === null || value === undefined) return "";
+    return String(value);
+  });
+}
+function normalizeProviderConfig(rawProviders) {
+  const providers = {};
+  const input = rawProviders && typeof rawProviders === "object" ? rawProviders : {};
+  for (const [key, value] of Object.entries(input)) {
+    if (!value || typeof value !== "object") continue;
+    const baseUrl = String(value.baseUrl || value.base_url || "").trim();
+    if (!baseUrl) continue;
+    providers[key] = {
+      key,
+      label: value.label || key,
+      preset: value.preset || "custom",
+      baseUrl,
+      apiKey: value.apiKey || value.api_key || "",
+      defaultModel: value.defaultModel || value.default_model || "",
+      enabled: value.enabled !== false,
+      modelPricing: value.modelPricing || value.model_pricing || {},
+      extraHeaders: value.extraHeaders || {},
+      timeoutMs: Number(value.timeoutMs || 60000),
+    };
+  }
+  return providers;
+}
+function normalizeUsage(rawUsage) {
+  if (!rawUsage || typeof rawUsage !== "object") return null;
+  const promptTokens = Number(rawUsage.prompt_tokens);
+  const completionTokens = Number(rawUsage.completion_tokens);
+  const totalTokens = Number(rawUsage.total_tokens);
+  const normalized = {
+    prompt_tokens: Number.isFinite(promptTokens) ? promptTokens : null,
+    completion_tokens: Number.isFinite(completionTokens) ? completionTokens : null,
+    total_tokens: Number.isFinite(totalTokens)
+      ? totalTokens
+      : (Number.isFinite(promptTokens) && Number.isFinite(completionTokens)
+          ? promptTokens + completionTokens
+          : null),
+  };
+  if (rawUsage.cost !== undefined && rawUsage.cost !== null) {
+    const cost = Number(rawUsage.cost);
+    if (Number.isFinite(cost)) {
+      normalized.cost = cost;
+    }
+  }
+  if (rawUsage.is_byok !== undefined) {
+    normalized.is_byok = Boolean(rawUsage.is_byok);
+  }
+  normalized.raw = rawUsage;
+  return normalized;
+}
+function computeCostFromPricing({ prompt_tokens, completion_tokens }, modelPricing) {
+  if (!modelPricing || typeof modelPricing !== "object") return null;
+  const promptTokens = Number(prompt_tokens);
+  const completionTokens = Number(completion_tokens);
+  if (!Number.isFinite(promptTokens) && !Number.isFinite(completionTokens)) return null;
+  const inRate = Number(modelPricing.costPerMillionIn);
+  const outRate = Number(modelPricing.costPerMillionOut);
+  if (!Number.isFinite(inRate) && !Number.isFinite(outRate)) return null;
+  const costIn = Number.isFinite(promptTokens) && Number.isFinite(inRate)
+    ? (promptTokens / 1_000_000) * inRate
+    : 0;
+  const costOut = Number.isFinite(completionTokens) && Number.isFinite(outRate)
+    ? (completionTokens / 1_000_000) * outRate
+    : 0;
+  const total = costIn + costOut;
+  return Number.isFinite(total) ? total : null;
+}
+function normalizePrompts(rawPrompts) {
+  const prompts = {};
+  const input = rawPrompts && typeof rawPrompts === "object" ? rawPrompts : {};
+  for (const [key, value] of Object.entries(input)) {
+    if (!value || typeof value !== "object") continue;
+    const template = String(value.template || "");
+    if (!template) continue;
+    prompts[key] = {
+      key,
+      label: value.label || key,
+      description: value.description || "",
+      template,
+      providerKey: value.providerKey || value.provider || "",
+      model: value.model || "",
+      defaultOptions: value.defaultOptions || {},
+      inputSchema: value.inputSchema || null,
+      enabled: value.enabled !== false,
+    };
+  }
+  return prompts;
+}
+async function logAuditEntry({
+  promptKey,
+  providerKey,
+  model,
+  variables,
+  requestOptions,
+  outcome,
+  errorMessage,
+  usage,
+}) {
+  try {
+    const event = new AuditEvent({
+      actorType: "system",
+      action: "llm.completion",
+      outcome: outcome || (errorMessage ? "failure" : "success"),
+      meta: {
+        promptKey,
+        providerKey,
+        model,
+        variables: variables || {},
+        requestOptions: requestOptions || {},
+        errorMessage,
+        usage: usage || null,
+      },
+    });
+    await event.save();
+  } catch (e) {
+    // Do not throw on audit failure
+  }
+}
+async function call(promptKey, variables = {}, runtimeOptions = {}) {
+  const { providers: rawProviders, prompts: rawPrompts } = await loadConfig();
+  const providers = normalizeProviderConfig(rawProviders);
+  const prompts = normalizePrompts(rawPrompts);
+  const prompt = prompts[promptKey];
+  if (!prompt || prompt.enabled === false) {
+    throw new Error("Prompt not found or disabled");
+  }
+  const provider = providers[prompt.providerKey];
+  if (!provider || provider.enabled === false || !provider.apiKey) {
+    throw new Error("Provider not found, disabled, or missing apiKey");
+  }
+  const mergedOptions = {
+    ...(prompt.defaultOptions || {}),
+    ...(runtimeOptions || {}),
+  };
+  const model =
+    mergedOptions.model || prompt.model || provider.defaultModel || "";
+  if (!model) {
+    throw new Error("Model is not configured");
+  }
+  const content = interpolateTemplate(prompt.template, variables);
+  const url = computeCompletionURL(provider.baseUrl);
+  const body = {
+    model,
+    messages: [
+      {
+        role: "user",
+        content,
+      },
+    ],
+  };
+  const allowedOptions = [
+    "temperature",
+    "top_p",
+    "max_tokens",
+    "presence_penalty",
+    "frequency_penalty",
+    "stop",
+    "n",
+    "stream",
+  ];
+  for (const key of allowedOptions) {
+    if (mergedOptions[key] !== undefined) {
+      body[key] = mergedOptions[key];
+    }
+  }
+  let response;
+  let text = "";
+  let usage = null;
+  try {
+    // Debug: log curl equivalent
+    const curlHeaders = [
+      `-H "Authorization: Bearer ${provider.apiKey}"`,
+      `-H "Content-Type: application/json"`,
+      ...Object.entries(provider.extraHeaders || {}).map(([k, v]) => `-H "${k}: ${v}"`),
+    ].join(' ');
+    console.log(`[llm.service] curl equivalent:\n  curl -X POST ${url} ${curlHeaders} -d '${JSON.stringify(body)}'\n`);
+    response = await axios.post(url, body, {
+      headers: {
+        Authorization: `Bearer ${provider.apiKey}`,
+        "Content-Type": "application/json",
+        ...provider.extraHeaders,
+      },
+      timeout: provider.timeoutMs,
+    });
+    const data = response && response.data ? response.data : {};
+    const choice =
+      Array.isArray(data.choices) && data.choices.length > 0
+        ? data.choices[0]
+        : null;
+    text =
+      choice && choice.message && typeof choice.message.content === "string"
+        ? choice.message.content
+        : "";
+    const rawUsage = data.usage || null;
+    const normalized = normalizeUsage(rawUsage);
+    if (normalized && normalized.cost === undefined) {
+      const pricing =
+        provider.modelPricing && typeof provider.modelPricing === "object"
+          ? provider.modelPricing[model]
+          : null;
+      const computedCost = pricing
+        ? computeCostFromPricing(normalized, pricing)
+        : null;
+      if (computedCost !== null) {
+        normalized.cost = computedCost;
+        normalized.cost_source = "computed";
+      }
+    }
+    if (normalized && normalized.cost !== undefined && normalized.cost_source === undefined) {
+      normalized.cost_source = "provider";
+    }
+    usage = normalized;
+    await logAuditEntry({
+      promptKey,
+      providerKey: provider.key,
+      model,
+      variables,
+      requestOptions: mergedOptions,
+      outcome: "success",
+      usage,
+    });
+  } catch (error) {
+    const message =
+      (error.response && error.response.data && error.response.data.error &&
+        error.response.data.error.message) ||
+      error.message ||
+      "LLM request failed";
+    await logAuditEntry({
+      promptKey,
+      providerKey: provider.key,
+      model,
+      variables,
+      requestOptions: mergedOptions,
+      outcome: "failure",
+      errorMessage: message,
+    });
+    throw new Error(message);
+  }
+  return {
+    content: text,
+    model,
+    providerKey: provider.key,
+    usage,
+    raw: response && response.data ? response.data : null,
+  };
+}
+async function callAdhoc(
+  {
+    providerKey,
+    model,
+    messages,
+    promptKeyForAudit,
+  },
+  runtimeOptions = {},
+) {
+  const { providers: rawProviders } = await loadConfig();
+  const providers = normalizeProviderConfig(rawProviders);
+  const key = String(providerKey || "").trim();
+  let provider = providers[key];
+  console.log('[llm.service] callAdhoc providerKey:', key);
+  console.log('[llm.service] callAdhoc available provider keys:', Object.keys(providers));
+  console.log('[llm.service] callAdhoc found provider:', !!provider, provider ? { enabled: provider.enabled, hasApiKey: !!provider.apiKey } : null);
+  // Apply runtime overrides for provider if possible
+  if (runtimeOptions.apiKey || runtimeOptions.baseUrl) {
+    provider = {
+      ...(provider || { key: key || 'custom', enabled: true, baseUrl: 'https://openrouter.ai/api/v1' }),
+      ...(runtimeOptions.apiKey ? { apiKey: runtimeOptions.apiKey } : {}),
+      ...(runtimeOptions.baseUrl ? { baseUrl: runtimeOptions.baseUrl } : {}),
+    };
+  }
+  if (!provider || provider.enabled === false || !provider.apiKey) {
+    throw new Error("Provider not found, disabled, or missing apiKey");
+  }
+  const resolvedModel = String(model || runtimeOptions.model || provider.defaultModel || "google/gemini-2.5-flash-lite").trim();
+  if (!resolvedModel) {
+    throw new Error("Model is not configured");
+  }
+  const inputMessages = Array.isArray(messages) ? messages : [];
+  if (!inputMessages.length) {
+    throw new Error("messages is required");
+  }
+  const mergedOptions = {
+    ...(runtimeOptions || {}),
+  };
+  const url = computeCompletionURL(provider.baseUrl);
+  const body = {
+    model: resolvedModel,
+    messages: inputMessages,
+  };
+  const allowedOptions = [
+    "temperature",
+    "top_p",
+    "max_tokens",
+    "presence_penalty",
+    "frequency_penalty",
+    "stop",
+    "n",
+    "stream",
+  ];
+  for (const key of allowedOptions) {
+    if (mergedOptions[key] !== undefined) {
+      body[key] = mergedOptions[key];
+    }
+  }
+  let response;
+  let text = "";
+  let usage = null;
+  try {
+    // Debug: log curl equivalent
+    const curlHeaders = [
+      `-H "Authorization: Bearer ${provider.apiKey}"`,
+      `-H "Content-Type: application/json"`,
+      ...Object.entries(provider.extraHeaders || {}).map(([k, v]) => `-H "${k}: ${v}"`),
+    ].join(' ');
+    console.log(`[llm.service] adhoc curl equivalent:\n  curl -X POST ${url} ${curlHeaders} -d '${JSON.stringify(body)}'\n`);
+    response = await axios.post(url, body, {
+      headers: {
+        Authorization: `Bearer ${provider.apiKey}`,
+        "Content-Type": "application/json",
+        ...provider.extraHeaders,
+      },
+      timeout: provider.timeoutMs,
+    });
+    const data = response && response.data ? response.data : {};
+    const choice =
+      Array.isArray(data.choices) && data.choices.length > 0
+        ? data.choices[0]
+        : null;
+    text =
+      choice && choice.message && typeof choice.message.content === "string"
+        ? choice.message.content
+        : "";
+    const rawUsage = data.usage || null;
+    const normalized = normalizeUsage(rawUsage);
+    if (normalized && normalized.cost === undefined) {
+      const pricing =
+        provider.modelPricing && typeof provider.modelPricing === "object"
+          ? provider.modelPricing[resolvedModel]
+          : null;
+      const computedCost = pricing
+        ? computeCostFromPricing(normalized, pricing)
+        : null;
+      if (computedCost !== null) {
+        normalized.cost = computedCost;
+        normalized.cost_source = "computed";
+      }
+    }
+    if (normalized && normalized.cost !== undefined && normalized.cost_source === undefined) {
+      normalized.cost_source = "provider";
+    }
+    usage = normalized;
+    await logAuditEntry({
+      promptKey: String(promptKeyForAudit || "adhoc"),
+      providerKey: provider.key,
+      model: resolvedModel,
+      variables: {},
+      requestOptions: mergedOptions,
+      outcome: "success",
+      usage,
+    });
+  } catch (error) {
+    const message =
+      (error.response && error.response.data && error.response.data.error &&
+        error.response.data.error.message) ||
+      error.message ||
+      "LLM request failed";
+    await logAuditEntry({
+      promptKey: String(promptKeyForAudit || "adhoc"),
+      providerKey: provider && provider.key,
+      model: resolvedModel,
+      variables: {},
+      requestOptions: mergedOptions || {},
+      outcome: "failure",
+      errorMessage: message,
+    });
+    throw new Error(message);
+  }
+  return {
+    content: text,
+    model: resolvedModel,
+    providerKey: provider.key,
+    usage,
+    raw: response && response.data ? response.data : null,
+  };
+}
+async function testPrompt(definition, variables = {}, runtimeOptions = {}) {
+  // Bypass cache to ensure we see latest settings
+  cache.ts = 0;
+  return call(definition.key, variables, runtimeOptions);
+}
+async function stream(promptKey, variables = {}, runtimeOptions = {}, { onToken } = {}) {
+  if (typeof onToken !== "function") {
+    throw new Error("onToken callback is required for streaming");
+  }
+  const { providers: rawProviders, prompts: rawPrompts } = await loadConfig();
+  const providers = normalizeProviderConfig(rawProviders);
+  const prompts = normalizePrompts(rawPrompts);
+  const prompt = prompts[promptKey];
+  if (!prompt || prompt.enabled === false) {
+    throw new Error("Prompt not found or disabled");
+  }
+  const provider = providers[prompt.providerKey];
+  if (!provider || provider.enabled === false || !provider.apiKey) {
+    throw new Error("Provider not found, disabled, or missing apiKey");
+  }
+  const mergedOptions = {
+    ...(prompt.defaultOptions || {}),
+    ...(runtimeOptions || {}),
+    stream: true,
+  };
+  const model =
+    mergedOptions.model || prompt.model || provider.defaultModel || "";
+  if (!model) {
+    throw new Error("Model is not configured");
+  }
+  const content = interpolateTemplate(prompt.template, variables);
+  const url = computeCompletionURL(provider.baseUrl);
+  const body = {
+    model,
+    stream: true,
+    messages: [
+      {
+        role: "user",
+        content,
+      },
+    ],
+  };
+  const allowedOptions = [
+    "temperature",
+    "top_p",
+    "max_tokens",
+    "presence_penalty",
+    "frequency_penalty",
+    "stop",
+    "n",
+  ];
+  for (const key of allowedOptions) {
+    if (mergedOptions[key] !== undefined) {
+      body[key] = mergedOptions[key];
+    }
+  }
+  let errorMessage = null;
+  let lastUsage = null;
+  try {
+    // Debug: log curl equivalent for streaming
+    const curlHeaders = [
+      `-H "Authorization: Bearer ${provider.apiKey}"`,
+      `-H "Content-Type: application/json"`,
+      ...Object.entries(provider.extraHeaders || {}).map(([k, v]) => `-H "${k}: ${v}"`),
+    ].join(' ');
+    console.log(`[llm.service] streaming curl equivalent:\n  curl -X POST ${url} ${curlHeaders} -d '${JSON.stringify(body)}'\n`);
+    const response = await axios.post(url, body, {
+      headers: {
+        Authorization: `Bearer ${provider.apiKey}`,
+        "Content-Type": "application/json",
+        ...provider.extraHeaders,
+      },
+      timeout: provider.timeoutMs,
+      responseType: "stream",
+    });
+    await new Promise((resolve, reject) => {
+      let buffer = "";
+      response.data.on("data", (chunk) => {
+        buffer += chunk.toString("utf8");
+        const lines = buffer.split(/\r?\n/);
+        buffer = lines.pop() || "";
+        for (const line of lines) {
+          const trimmed = line.trim();
+          if (!trimmed || !trimmed.startsWith("data:")) continue;
+          const payload = trimmed.slice(5).trim();
+          if (payload === "[DONE]") {
+            continue;
+          }
+          try {
+            const parsed = JSON.parse(payload);
+            if (parsed && parsed.usage && typeof parsed.usage === "object") {
+              lastUsage = parsed.usage;
+            }
+            const choice =
+              Array.isArray(parsed.choices) && parsed.choices.length > 0
+                ? parsed.choices[0]
+                : null;
+            const delta = choice && choice.delta ? choice.delta : {};
+            const text = typeof delta.content === "string" ? delta.content : "";
+            if (text) {
+              onToken(text, parsed);
+            }
+          } catch (e) {
+            // Ignore parse errors for individual chunks
+          }
+        }
+      });
+      response.data.on("end", () => resolve());
+      response.data.on("error", (err) => {
+        errorMessage = err.message || "Stream error";
+        reject(err);
+      });
+    });
+    await logAuditEntry({
+      promptKey,
+      providerKey: provider.key,
+      model,
+      variables,
+      requestOptions: mergedOptions,
+      outcome: "success",
+      usage: (() => {
+        const normalized = normalizeUsage(lastUsage);
+        if (!normalized) return null;
+        if (normalized.cost === undefined) {
+          const pricing =
+            provider.modelPricing && typeof provider.modelPricing === "object"
+              ? provider.modelPricing[model]
+              : null;
+          const computedCost = pricing
+            ? computeCostFromPricing(normalized, pricing)
+            : null;
+          if (computedCost !== null) {
+            normalized.cost = computedCost;
+            normalized.cost_source = "computed";
+          }
+        }
+        if (normalized.cost !== undefined && normalized.cost_source === undefined) {
+          normalized.cost_source = "provider";
+        }
+        return normalized;
+      })(),
+    });
+  } catch (error) {
+    const message =
+      (error.response && error.response.data && error.response.data.error &&
+        error.response.data.error.message) ||
+      error.message ||
+      errorMessage ||
+      "LLM streaming request failed";
+    await logAuditEntry({
+      promptKey,
+      providerKey: provider && provider.key,
+      model,
+      variables,
+      requestOptions: mergedOptions || {},
+      outcome: "failure",
+      errorMessage: message,
+    });
+    throw new Error(message);
+  }
+}
+module.exports = {
+  call,
+  testPrompt,
+  callAdhoc,
+  stream,
+};