@neurosec/sentry 1.0.19 → 1.1.0

package/dist/proxy/proxy-server.js

@@ -0,0 +1,652 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LLMProxyServer = void 0;
+const http_1 = __importDefault(require("http"));
+const https_1 = __importDefault(require("https"));
+const url_1 = __importDefault(require("url"));
+const uuid_1 = require("uuid");
+const fs_1 = __importDefault(require("fs"));
+const types_1 = require("../types");
+const cert_manager_1 = require("./cert-manager");
+const logger_1 = require("../logger");
+class LLMProxyServer {
+    constructor(config, enforcer) {
+        this.server = null;
+        this.httpsServer = null;
+        this.activeRequests = new Map();
+        this.config = config;
+        this.enforcer = enforcer;
+    }
+    async start() {
+        if (this.server)
+            return;
+        this.server = http_1.default.createServer((req, res) => {
+            this.handleRequest(req, res).catch(err => {
+                logger_1.logger.error('Proxy request handler error', { err: err.message });
+                if (!res.headersSent) {
+                    res.writeHead(502, { 'Content-Type': 'application/json' });
+                    res.end(JSON.stringify({ error: 'Proxy error' }));
+                }
+            });
+        });
+        await new Promise((resolve, reject) => {
+            this.server.once('error', reject);
+            this.server.listen(this.config.port, this.config.bindAddress, () => resolve());
+        });
+        if (this.config.interceptHttps) {
+            try {
+                // Auto-provision a local CA on first start so HTTPS interception
+                // works out of the box instead of being a passthrough default (S-C8).
+                const certInfo = (0, cert_manager_1.ensureProxyCertificate)({
+                    certPath: this.config.certPath,
+                    keyPath: this.config.keyPath,
+                });
+                const cert = fs_1.default.readFileSync(certInfo.certPath, 'utf8');
+                const key = fs_1.default.readFileSync(certInfo.keyPath, 'utf8');
+                this.httpsServer = https_1.default.createServer({ cert, key }, (req, res) => {
+                    this.handleRequest(req, res).catch(err => {
+                        logger_1.logger.error('HTTPS proxy handler error', { err: err.message });
+                        if (!res.headersSent) {
+                            res.writeHead(502, { 'Content-Type': 'application/json' });
+                            res.end(JSON.stringify({ error: 'Proxy error' }));
+                        }
+                    });
+                });
+                await new Promise((resolve, reject) => {
+                    this.httpsServer.once('error', reject);
+                    this.httpsServer.listen(this.config.port + 1, this.config.bindAddress, () => resolve());
+                });
+                logger_1.logger.info('HTTPS proxy listening', {
+                    port: this.config.port + 1,
+                    fingerprintSha256: certInfo.fingerprintSha256,
+                    generated: certInfo.generated,
+                    notAfter: certInfo.notAfter,
+                    trustHint: 'Set NODE_EXTRA_CA_CERTS=' + certInfo.certPath + ' on agent hosts',
+                });
+            }
+            catch (err) {
+                logger_1.logger.warn('HTTPS proxy not started (cert provisioning failed)', {
+                    certPath: this.config.certPath,
+                    err: err.message,
+                });
+            }
+        }
+        logger_1.logger.info('LLM Proxy server started', {
+            port: this.config.port,
+            bind: this.config.bindAddress,
+            upstreamTimeoutMs: this.config.upstreamTimeoutMs,
+            maxBufferMb: this.config.maxBufferSizeMb,
+        });
+    }
+    async stop() {
+        if (this.httpsServer) {
+            await new Promise(resolve => this.httpsServer?.close(() => resolve()));
+            this.httpsServer = null;
+        }
+        if (this.server) {
+            await new Promise(resolve => this.server?.close(() => resolve()));
+            this.server = null;
+        }
+        logger_1.logger.info('LLM Proxy server stopped');
+    }
+    async handleRequest(clientReq, clientRes) {
+        const requestId = (0, uuid_1.v4)();
+        const startTime = Date.now();
+        if (this.activeRequests.size >= (this.config.maxConcurrentRequests ?? 100)) {
+            clientRes.writeHead(503, { 'Content-Type': 'application/json' });
+            clientRes.end(JSON.stringify({
+                success: false,
+                error: { code: 'PROXY_BUSY', message: 'Local Sentry proxy concurrency limit reached' },
+            }));
+            return;
+        }
+        const cleanup = () => {
+            this.activeRequests.delete(requestId);
+        };
+        clientRes.once('finish', cleanup);
+        clientRes.once('close', cleanup);
+        clientReq.once('aborted', cleanup);
+        this.activeRequests.set(requestId, {
+            id: requestId,
+            method: clientReq.method ?? 'GET',
+            path: clientReq.url ?? '/',
+            host: String(clientReq.headers['host'] ?? 'unknown'),
+            headers: {},
+            body: '',
+            startTime,
+        });
+        // Collect the request body
+        const body = await this.collectBody(clientReq, this.config.maxBufferSizeMb * 1024 * 1024);
+        const targetUrl = clientReq.url ?? '/';
+        const targetHost = clientReq.headers['host'] ?? 'unknown';
+        const method = clientReq.method ?? 'GET';
+        this.activeRequests.set(requestId, {
+            id: requestId,
+            method,
+            path: targetUrl,
+            host: String(targetHost),
+            headers: this.filterHeaders(clientReq.headers),
+            body,
+            startTime,
+        });
+        logger_1.logger.debug('Proxy request received', {
+            id: requestId,
+            method,
+            path: targetUrl,
+            host: targetHost,
+            size: body.length,
+        });
+        // Detect the LLM provider
+        const providerMatch = (0, types_1.detectProviderFromRequest)(targetUrl, targetHost);
+        // Determine if this is an LLM API call we should intercept
+        const isLLMCall = this.isLLMRequest(targetUrl, method);
+        if (isLLMCall) {
+            // Enforce input policy on the request body
+            const requestDecision = this.enforcer.enforce(body, 'input');
+            if (requestDecision.action === 'block') {
+                logger_1.logger.warn('Request blocked by NeuroShield policy', {
+                    id: requestId,
+                    reason: requestDecision.reason,
+                    threats: requestDecision.threats.length,
+                });
+                clientRes.writeHead(403, { 'Content-Type': 'application/json' });
+                clientRes.end(JSON.stringify({
+                    success: false,
+                    error: {
+                        code: 'FIREWALL_BLOCKED',
+                        message: 'Request blocked by NeuroShield policy',
+                        details: {
+                            reason: requestDecision.reason,
+                            threats: requestDecision.threats.map(t => ({ type: t.type, severity: t.severity })),
+                        },
+                    },
+                }));
+                this.recordProxyEvent(requestId, method, targetUrl, targetHost, body, 403, { 'content-type': 'application/json' }, JSON.stringify({ blocked: true }), requestDecision, 'request', Date.now() - startTime);
+                return;
+            }
+        }
+        // Determine the upstream target
+        const upstream = this.resolveUpstream(targetUrl, targetHost, providerMatch);
+        // Forward the request
+        try {
+            await this.forwardRequest(clientReq, clientRes, {
+                id: requestId,
+                method,
+                path: targetUrl,
+                host: targetHost,
+                headers: this.filterHeaders(clientReq.headers),
+                body,
+                startTime,
+            }, upstream, isLLMCall);
+        }
+        catch (err) {
+            logger_1.logger.error('Upstream request failed', {
+                id: requestId,
+                upstream: upstream?.hostname ?? 'unknown',
+                err: err.message,
+            });
+            if (!clientRes.headersSent) {
+                clientRes.writeHead(502, { 'Content-Type': 'application/json' });
+                clientRes.end(JSON.stringify({
+                    success: false,
+                    error: { code: 'UPSTREAM_ERROR', message: 'Failed to reach LLM provider' },
+                }));
+            }
+        }
+    }
+    async forwardRequest(clientReq, clientRes, pending, upstream, enforceOutput) {
+        if (!upstream) {
+            // No upstream determined: return error
+            clientRes.writeHead(502, { 'Content-Type': 'application/json' });
+            clientRes.end(JSON.stringify({
+                success: false,
+                error: { code: 'NO_UPSTREAM', message: 'Could not determine upstream LLM provider' },
+            }));
+            return;
+        }
+        // For non-LLM traffic, just proxy through without inspection
+        if (!enforceOutput) {
+            const options = {
+                hostname: upstream.hostname,
+                port: upstream.port,
+                path: upstream.path,
+                method: pending.method,
+                headers: pending.headers,
+                timeout: this.config.upstreamTimeoutMs,
+            };
+            const proxyReq = (upstream.protocol === 'https:' ? https_1.default : http_1.default).request(options, (upstreamRes) => {
+                clientRes.writeHead(upstreamRes.statusCode ?? 200, upstreamRes.headers);
+                upstreamRes.pipe(clientRes);
+            });
+            proxyReq.on('error', (err) => {
+                logger_1.logger.error('Proxy forward error', { err: err.message });
+                if (!clientRes.headersSent) {
+                    clientRes.writeHead(502);
+                    clientRes.end();
+                }
+            });
+            proxyReq.write(pending.body);
+            proxyReq.end();
+            return;
+        }
+        // For LLM traffic: forward, buffer response, enforce output policy
+        const options = {
+            hostname: upstream.hostname,
+            port: upstream.port,
+            path: upstream.path,
+            method: pending.method,
+            headers: { ...pending.headers, 'host': upstream.hostname },
+            timeout: this.config.upstreamTimeoutMs,
+        };
+        const proxyReq = (upstream.protocol === 'https:' ? https_1.default : http_1.default).request(options, async (upstreamRes) => {
+            const contentType = Array.isArray(upstreamRes.headers['content-type'])
+                ? upstreamRes.headers['content-type'][0]
+                : upstreamRes.headers['content-type'] ?? '';
+            if (/text\/event-stream/i.test(contentType)) {
+                await this.forwardStreamingResponse(clientRes, upstreamRes, pending);
+                return;
+            }
+            const chunks = [];
+            let totalSize = 0;
+            const maxSize = this.config.maxBufferSizeMb * 1024 * 1024;
+            upstreamRes.on('data', (chunk) => {
+                totalSize += chunk.length;
+                if (totalSize <= maxSize) {
+                    chunks.push(chunk);
+                }
+            });
+            upstreamRes.on('end', () => {
+                const responseBody = Buffer.concat(chunks).toString('utf8');
+                const elapsed = Date.now() - pending.startTime;
+                // Enforce output policy
+                const responseDecision = this.enforcer.enforce(responseBody, 'output');
+                if (responseDecision.action === 'block') {
+                    logger_1.logger.warn('Response blocked by NeuroShield policy', {
+                        id: pending.id,
+                        reason: responseDecision.reason,
+                        threats: responseDecision.threats.length,
+                    });
+                    clientRes.writeHead(403, { 'Content-Type': 'application/json' });
+                    clientRes.end(JSON.stringify({
+                        success: false,
+                        error: {
+                            code: 'FIREWALL_BLOCKED_RESPONSE',
+                            message: 'Response blocked by NeuroShield policy',
+                            details: {
+                                reason: responseDecision.reason,
+                                threats: responseDecision.threats.map(t => ({ type: t.type, severity: t.severity })),
+                            },
+                        },
+                    }));
+                }
+                else {
+                    const responseToSend = responseDecision.action === 'redact'
+                        ? this.applyRedactionToResponse(responseBody, responseDecision)
+                        : responseBody;
+                    const responseHeaders = { ...upstreamRes.headers };
+                    delete responseHeaders['content-length'];
+                    delete responseHeaders['transfer-encoding'];
+                    clientRes.writeHead(upstreamRes.statusCode ?? 200, responseHeaders);
+                    clientRes.end(responseToSend);
+                }
+                this.recordProxyEvent(pending.id, pending.method, pending.path, pending.host, pending.body, upstreamRes.statusCode ?? 200, upstreamRes.headers, responseBody, responseDecision, 'response', elapsed);
+            });
+            upstreamRes.on('error', (err) => {
+                logger_1.logger.error('Upstream response error', { err: err.message });
+                if (!clientRes.headersSent) {
+                    clientRes.writeHead(502);
+                    clientRes.end();
+                }
+            });
+        });
+        proxyReq.on('error', (err) => {
+            logger_1.logger.error('Upstream request error', { err: err.message });
+            if (!clientRes.headersSent) {
+                clientRes.writeHead(502, { 'Content-Type': 'application/json' });
+                clientRes.end(JSON.stringify({ error: 'Upstream connection failed' }));
+            }
+        });
+        proxyReq.on('timeout', () => {
+            proxyReq.destroy();
+            if (!clientRes.headersSent) {
+                clientRes.writeHead(504, { 'Content-Type': 'application/json' });
+                clientRes.end(JSON.stringify({ error: 'Upstream timeout' }));
+            }
+        });
+        proxyReq.write(pending.body);
+        proxyReq.end();
+    }
+    async forwardStreamingResponse(clientRes, upstreamRes, pending) {
+        const responseHeaders = { ...upstreamRes.headers };
+        delete responseHeaders['content-length'];
+        let started = false;
+        let trailing = '';
+        let rawResponseBody = '';
+        let finalDecision = this.allowDecision();
+        const writeHeaders = () => {
+            if (started) {
+                return;
+            }
+            clientRes.writeHead(upstreamRes.statusCode ?? 200, responseHeaders);
+            started = true;
+        };
+        const handleLine = (line) => {
+            const rewritten = this.rewriteStreamingSseLine(line);
+            if (rewritten.decision.action === 'block') {
+                finalDecision = rewritten.decision;
+                if (!started) {
+                    clientRes.writeHead(403, { 'Content-Type': 'application/json' });
+                    clientRes.end(JSON.stringify({
+                        success: false,
+                        error: {
+                            code: 'FIREWALL_BLOCKED_RESPONSE',
+                            message: 'Streaming response blocked by NeuroShield policy',
+                            details: {
+                                reason: rewritten.decision.reason,
+                                threats: rewritten.decision.threats.map(t => ({ type: t.type, severity: t.severity })),
+                            },
+                        },
+                    }));
+                }
+                else {
+                    clientRes.write(`event: error\ndata: ${JSON.stringify({ error: rewritten.decision.reason })}\n\n`);
+                    clientRes.end();
+                }
+                return false;
+            }
+            if (rewritten.decision.action !== 'allow') {
+                finalDecision = rewritten.decision;
+            }
+            writeHeaders();
+            clientRes.write(`${rewritten.line}\n`);
+            return true;
+        };
+        await new Promise((resolve) => {
+            upstreamRes.on('data', (chunk) => {
+                if (clientRes.writableEnded) {
+                    return;
+                }
+                const text = chunk.toString('utf8');
+                rawResponseBody += text;
+                trailing += text;
+                while (true) {
+                    const newlineIndex = trailing.indexOf('\n');
+                    if (newlineIndex === -1) {
+                        break;
+                    }
+                    const line = trailing.slice(0, newlineIndex);
+                    trailing = trailing.slice(newlineIndex + 1);
+                    if (!handleLine(line)) {
+                        upstreamRes.destroy();
+                        resolve();
+                        return;
+                    }
+                }
+            });
+            upstreamRes.on('end', () => {
+                if (!clientRes.writableEnded && trailing.length > 0) {
+                    handleLine(trailing);
+                }
+                if (!clientRes.writableEnded) {
+                    writeHeaders();
+                    clientRes.end();
+                }
+                this.recordProxyEvent(pending.id, pending.method, pending.path, pending.host, pending.body, upstreamRes.statusCode ?? 200, upstreamRes.headers, rawResponseBody, finalDecision, 'response', Date.now() - pending.startTime);
+                resolve();
+            });
+            upstreamRes.on('error', (err) => {
+                logger_1.logger.error('Upstream streaming response error', { err: err.message });
+                if (!clientRes.headersSent) {
+                    clientRes.writeHead(502, { 'Content-Type': 'application/json' });
+                    clientRes.end(JSON.stringify({ error: 'Upstream streaming failed' }));
+                }
+                else if (!clientRes.writableEnded) {
+                    clientRes.end();
+                }
+                resolve();
+            });
+        });
+    }
+    rewriteStreamingSseLine(line) {
+        const match = line.match(/^data:\s*(.*)$/);
+        if (!match) {
+            return { line, decision: this.allowDecision() };
+        }
+        const payload = match[1];
+        if (!payload || payload === '[DONE]') {
+            return { line, decision: this.allowDecision() };
+        }
+        const decision = this.enforcer.enforce(payload, 'output');
+        if (decision.action !== 'redact') {
+            return { line, decision };
+        }
+        const redactor = this.enforcer.getRedactionEngine();
+        const threatTypes = decision.threats.map((threat) => threat.type);
+        try {
+            const parsed = JSON.parse(payload);
+            this._walkAndRedactJson(parsed, redactor, threatTypes);
+            return { line: `data: ${JSON.stringify(parsed)}`, decision };
+        }
+        catch {
+            return { line: `data: ${redactor.redact(payload, threatTypes)}`, decision };
+        }
+    }
+    allowDecision() {
+        return {
+            action: 'allow',
+            reason: 'No policy matched',
+            triggeredRules: [],
+            threats: [],
+            riskScore: 0,
+        };
+    }
+    isLLMRequest(path, method) {
+        if (method !== 'POST')
+            return false;
+        const lower = path.toLowerCase();
+        // OpenAI-compatible chat completions
+        if (lower.includes('/v1/chat/completions') || lower.includes('/chat/completions'))
+            return true;
+        if (lower.includes('/v1/completions') || lower.includes('/completions'))
+            return true;
+        if (lower.includes('/v1/embeddings') || lower.includes('/embeddings'))
+            return true;
+        // Anthropic
+        if (lower.includes('/v1/messages'))
+            return true;
+        return false;
+    }
+    resolveUpstream(path, host, providerMatch) {
+        // If client specified X-NeuroShield-Upstream header, use that
+        // Otherwise derive from host or known provider
+        if (providerMatch) {
+            const parsed = url_1.default.parse(providerMatch.provider.baseUrl);
+            const port = parsed.protocol === 'https:' ? 443 : 80;
+            return {
+                hostname: parsed.hostname ?? 'api.openai.com',
+                port,
+                protocol: parsed.protocol ?? 'https:',
+                path,
+            };
+        }
+        // If the host looks like a known provider, route there
+        for (const [, provider] of Object.entries(types_1.KNOWN_PROVIDERS)) {
+            const parsed = url_1.default.parse(provider.baseUrl);
+            if (host.includes(parsed.hostname ?? '') || host === (parsed.hostname ?? '')) {
+                return {
+                    hostname: parsed.hostname ?? host,
+                    port: parsed.protocol === 'https:' ? 443 : 80,
+                    protocol: parsed.protocol ?? 'https:',
+                    path,
+                };
+            }
+        }
+        // Default: assume it's an OpenAI-compatible endpoint and route based on host
+        return {
+            hostname: host.split(':')[0],
+            port: 443,
+            protocol: 'https:',
+            path,
+        };
+    }
+    collectBody(req, maxBytes) {
+        return new Promise((resolve) => {
+            const chunks = [];
+            let total = 0;
+            req.on('data', (chunk) => {
+                total += chunk.length;
+                if (total <= maxBytes) {
+                    chunks.push(chunk);
+                }
+            });
+            req.on('end', () => {
+                resolve(Buffer.concat(chunks).toString('utf8'));
+            });
+            req.on('error', () => {
+                resolve('');
+            });
+            // Safety timeout
+            setTimeout(() => resolve(Buffer.concat(chunks).toString('utf8')), 10000);
+        });
+    }
+    filterHeaders(headers) {
+        const filtered = {};
+        const skipHeaders = new Set([
+            'host', 'connection', 'transfer-encoding', 'content-length',
+            'proxy-connection', 'keep-alive', 'upgrade',
+        ]);
+        for (const [key, value] of Object.entries(headers)) {
+            if (!skipHeaders.has(key.toLowerCase()) && value !== undefined) {
+                filtered[key] = Array.isArray(value) ? value.join(', ') : value;
+            }
+        }
+        return filtered;
+    }
+    /**
+     * Apply RedactionEngine to a response body while preserving structure.
+     *
+     * For chat-completion / messages JSON responses we walk into known textual
+     * fields (`choices[].message.content`, `choices[].delta.content`, top-level
+     * `content[].text`, Anthropic-style `content[]` blocks) and redact those
+     * strings only. For SSE streams (text/event-stream) we redact each `data:`
+     * line's JSON payload in place. For anything else we redact the raw body.
+     *
+     * The previous TODO that returned the body unchanged caused REDACT decisions
+     * to silently pass through unredacted (S-C6).
+     */
+    applyRedactionToResponse(body, decision) {
+        const threatTypes = decision.threats.map((t) => t.type);
+        const redactor = this.enforcer.getRedactionEngine();
+        // SSE: rewrite each `data: {…}` line's JSON in place; preserve framing.
+        if (body.includes('data:')) {
+            const lines = body.split('\n');
+            const rewritten = lines.map((line) => {
+                const m = line.match(/^data:\s*(.*)$/);
+                if (!m)
+                    return line;
+                const payload = m[1];
+                if (!payload || payload === '[DONE]')
+                    return line;
+                try {
+                    const parsed = JSON.parse(payload);
+                    this._walkAndRedactJson(parsed, redactor, threatTypes);
+                    return `data: ${JSON.stringify(parsed)}`;
+                }
+                catch {
+                    return line; // not JSON; leave untouched
+                }
+            });
+            return rewritten.join('\n');
+        }
+        // Single JSON response
+        if (body.trim().startsWith('{')) {
+            try {
+                const parsed = JSON.parse(body);
+                this._walkAndRedactJson(parsed, redactor, threatTypes);
+                return JSON.stringify(parsed);
+            }
+            catch {
+                // fall through to raw
+            }
+        }
+        return redactor.redact(body, threatTypes);
+    }
+    /**
+     * Walk a parsed JSON tree and replace text content in known LLM response
+     * shapes with redacted versions. We modify in place to preserve the rest
+     * of the object structure (function_call, tool_calls, finish_reason, etc.).
+     */
+    _walkAndRedactJson(node, redactor, threatTypes) {
+        if (!node || typeof node !== 'object')
+            return;
+        const obj = node;
+        // OpenAI: choices[].message.content / choices[].delta.content
+        if (Array.isArray(obj.choices)) {
+            for (const choice of obj.choices) {
+                if (!choice || typeof choice !== 'object')
+                    continue;
+                const message = choice.message;
+                if (message && typeof message.content === 'string') {
+                    message.content = redactor.redact(message.content, threatTypes);
+                }
+                const messageFunctionCall = message?.function_call;
+                if (messageFunctionCall && typeof messageFunctionCall.arguments === 'string') {
+                    messageFunctionCall.arguments = redactor.redact(messageFunctionCall.arguments, threatTypes);
+                }
+                const messageToolCalls = message?.tool_calls;
+                if (Array.isArray(messageToolCalls)) {
+                    for (const toolCall of messageToolCalls) {
+                        const fn = toolCall?.function;
+                        if (fn && typeof fn.arguments === 'string') {
+                            fn.arguments = redactor.redact(fn.arguments, threatTypes);
+                        }
+                    }
+                }
+                const delta = choice.delta;
+                if (delta && typeof delta.content === 'string') {
+                    delta.content = redactor.redact(delta.content, threatTypes);
+                }
+                const deltaFunctionCall = delta?.function_call;
+                if (deltaFunctionCall && typeof deltaFunctionCall.arguments === 'string') {
+                    deltaFunctionCall.arguments = redactor.redact(deltaFunctionCall.arguments, threatTypes);
+                }
+                const deltaToolCalls = delta?.tool_calls;
+                if (Array.isArray(deltaToolCalls)) {
+                    for (const toolCall of deltaToolCalls) {
+                        const fn = toolCall?.function;
+                        if (fn && typeof fn.arguments === 'string') {
+                            fn.arguments = redactor.redact(fn.arguments, threatTypes);
+                        }
+                    }
+                }
+            }
+        }
+        // Anthropic / generic: top-level content[].text
+        if (Array.isArray(obj.content)) {
+            for (const block of obj.content) {
+                if (block && typeof block === 'object' && typeof block.text === 'string') {
+                    block.text = redactor.redact(block.text, threatTypes);
+                }
+            }
+        }
+        // Top-level text field
+        if (typeof obj.text === 'string') {
+            obj.text = redactor.redact(obj.text, threatTypes);
+        }
+    }
+    recordProxyEvent(_id, _method, _path, _host, _reqBody, _statusCode, _resHeaders, _resBody, _decision, _direction, _latencyMs) {
+        logger_1.logger.debug('Proxy event', {
+            id: _id,
+            direction: _direction,
+            action: _decision.action,
+            threats: _decision.threats.length,
+            latencyMs: _latencyMs,
+            statusCode: _statusCode,
+        });
+    }
+}
+exports.LLMProxyServer = LLMProxyServer;
+//# sourceMappingURL=proxy-server.js.map