npm - @opentrust/gateway - Versions diffs - 7.1.0 - Mend

@opentrust/gateway 7.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/dist/config.d.ts +7 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +81 -0
package/dist/config.js.map +1 -0
package/dist/handlers/anthropic.d.ts +7 -0
package/dist/handlers/anthropic.d.ts.map +1 -0
package/dist/handlers/anthropic.js +49 -0
package/dist/handlers/anthropic.js.map +1 -0
package/dist/handlers/gemini.d.ts +7 -0
package/dist/handlers/gemini.d.ts.map +1 -0
package/dist/handlers/gemini.js +41 -0
package/dist/handlers/gemini.js.map +1 -0
package/dist/handlers/models.d.ts +7 -0
package/dist/handlers/models.d.ts.map +1 -0
package/dist/handlers/models.js +29 -0
package/dist/handlers/models.js.map +1 -0
package/dist/handlers/openai.d.ts +11 -0
package/dist/handlers/openai.d.ts.map +1 -0
package/dist/handlers/openai.js +45 -0
package/dist/handlers/openai.js.map +1 -0
package/dist/index.d.ts +12 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +126 -0
package/dist/index.js.map +1 -0
package/dist/restorer.d.ts +8 -0
package/dist/restorer.d.ts.map +1 -0
package/dist/restorer.js +54 -0
package/dist/restorer.js.map +1 -0
package/dist/sanitizer/core.d.ts +16 -0
package/dist/sanitizer/core.d.ts.map +1 -0
package/dist/sanitizer/core.js +77 -0
package/dist/sanitizer/core.js.map +1 -0
package/dist/sanitizer/index.d.ts +3 -0
package/dist/sanitizer/index.d.ts.map +1 -0
package/dist/sanitizer/index.js +3 -0
package/dist/sanitizer/index.js.map +1 -0
package/dist/sanitizer/reversible.d.ts +8 -0
package/dist/sanitizer/reversible.d.ts.map +1 -0
package/dist/sanitizer/reversible.js +62 -0
package/dist/sanitizer/reversible.js.map +1 -0
package/dist/types.d.ts +41 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +5 -0
package/dist/types.js.map +1 -0
package/dist/utils/http.d.ts +9 -0
package/dist/utils/http.d.ts.map +1 -0
package/dist/utils/http.js +35 -0
package/dist/utils/http.js.map +1 -0
package/dist/utils/stream.d.ts +14 -0
package/dist/utils/stream.d.ts.map +1 -0
package/dist/utils/stream.js +55 -0
package/dist/utils/stream.js.map +1 -0
package/package.json +53 -0
package/src/config.ts +91 -0
package/src/handlers/anthropic.ts +53 -0
package/src/handlers/gemini.ts +46 -0
package/src/handlers/models.ts +31 -0
package/src/handlers/openai.ts +55 -0
package/src/index.ts +115 -0
package/src/restorer.ts +49 -0
package/src/sanitizer/core.ts +102 -0
package/src/sanitizer/index.ts +2 -0
package/src/sanitizer/reversible.ts +78 -0
package/src/types.ts +33 -0
package/src/utils/http.ts +41 -0
package/src/utils/stream.ts +64 -0

package/dist/sanitizer/core.js ADDED Viewed

@@ -0,0 +1,77 @@
+/**
+ * Sanitizer core — entity definitions, pattern matching, entropy detection.
+ * Shared between gateway (reversible) and guards (one-way).
+ */
+const ENTITIES = [
+    { category: "URL", categoryKey: "url", pattern: /https?:\/\/[^\s<>"{}|\\^`\[\]]+/g },
+    { category: "EMAIL", categoryKey: "email", pattern: /[A-Za-z0-9._%+\-]+@[A-Za-z0-9.\-]+\.[A-Za-z]{2,}/g },
+    { category: "CREDIT_CARD", categoryKey: "credit_card", pattern: /\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/g },
+    { category: "BANK_CARD", categoryKey: "bank_card", pattern: /\b\d{16,19}\b/g },
+    { category: "SSN", categoryKey: "ssn", pattern: /\b\d{3}-\d{2}-\d{4}\b/g },
+    { category: "IBAN", categoryKey: "iban", pattern: /\b[A-Z]{2}\d{2}[A-Z0-9]{4}\d{7}[A-Z0-9]{0,16}\b/g },
+    { category: "IP_ADDRESS", categoryKey: "ip", pattern: /\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/g },
+    { category: "PHONE", categoryKey: "phone", pattern: /[+]?[0-9]{1,3}?[-\s.]?[(]?[0-9]{3}[)]?[-\s.][0-9]{3,4}[-\s.][0-9]{4,6}\b/g },
+];
+// ---------------------------------------------------------------------------
+// Secret detection
+// ---------------------------------------------------------------------------
+export const SECRET_PREFIXES = [
+    "sk-", "sk_", "pk_", "ghp_", "AKIA", "xox", "SG.", "hf_",
+    "api-", "token-", "secret-",
+];
+const BEARER_PATTERN = /Bearer\s+[A-Za-z0-9\-_.~+/]+=*/g;
+const SECRET_PREFIX_PATTERN = new RegExp(`(?:${SECRET_PREFIXES.map((p) => p.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")).join("|")})[A-Za-z0-9\\-_.~+/]{8,}=*`, "g");
+// ---------------------------------------------------------------------------
+// Shannon entropy
+// ---------------------------------------------------------------------------
+export function shannonEntropy(s) {
+    if (s.length === 0)
+        return 0;
+    const freq = new Map();
+    for (const ch of s)
+        freq.set(ch, (freq.get(ch) ?? 0) + 1);
+    let entropy = 0;
+    for (const count of freq.values()) {
+        const p = count / s.length;
+        entropy -= p * Math.log2(p);
+    }
+    return entropy;
+}
+// ---------------------------------------------------------------------------
+// Match collection (public — used by both gateway and guards)
+// ---------------------------------------------------------------------------
+export function collectMatches(content) {
+    const matches = [];
+    for (const entity of ENTITIES) {
+        entity.pattern.lastIndex = 0;
+        let m;
+        while ((m = entity.pattern.exec(content)) !== null) {
+            matches.push({ originalText: m[0], category: entity.categoryKey, placeholder: "" });
+        }
+    }
+    SECRET_PREFIX_PATTERN.lastIndex = 0;
+    let m;
+    while ((m = SECRET_PREFIX_PATTERN.exec(content)) !== null) {
+        matches.push({ originalText: m[0], category: "secret", placeholder: "" });
+    }
+    BEARER_PATTERN.lastIndex = 0;
+    while ((m = BEARER_PATTERN.exec(content)) !== null) {
+        matches.push({ originalText: m[0], category: "secret", placeholder: "" });
+    }
+    // High-entropy tokens
+    const tokenPattern = /\b[A-Za-z0-9\-_.~+/]{20,}={0,3}\b/g;
+    tokenPattern.lastIndex = 0;
+    while ((m = tokenPattern.exec(content)) !== null) {
+        const token = m[0];
+        if (matches.some((e) => e.originalText === token))
+            continue;
+        if (/^[a-z]+$/.test(token))
+            continue;
+        if (shannonEntropy(token) >= 4.0) {
+            matches.push({ originalText: token, category: "secret", placeholder: "" });
+        }
+    }
+    return matches;
+}
+export { ENTITIES };
+//# sourceMappingURL=core.js.map

package/dist/sanitizer/core.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"core.js","sourceRoot":"","sources":["../../src/sanitizer/core.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAcH,MAAM,QAAQ,GAAa;IACzB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,kCAAkC,EAAE;IACpF,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,mDAAmD,EAAE;IACzG,EAAE,QAAQ,EAAE,aAAa,EAAE,WAAW,EAAE,aAAa,EAAE,OAAO,EAAE,6CAA6C,EAAE;IAC/G,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,EAAE;IAC9E,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,wBAAwB,EAAE;IAC1E,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,kDAAkD,EAAE;IACtG,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,oCAAoC,EAAE;IAC5F,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,2EAA2E,EAAE;CAClI,CAAC;AAEF,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IACxD,MAAM,EAAE,QAAQ,EAAE,SAAS;CAC5B,CAAC;AAEF,MAAM,cAAc,GAAG,iCAAiC,CAAC;AAEzD,MAAM,qBAAqB,GAAG,IAAI,MAAM,CACtC,MAAM,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,4BAA4B,EAChH,GAAG,CACJ,CAAC;AAEF,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,MAAM,UAAU,cAAc,CAAC,CAAS;IACtC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAC7B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,EAAE,IAAI,CAAC;QAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QAC3B,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,8DAA8D;AAC9D,8EAA8E;AAE9E,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,MAAM,OAAO,GAAkB,EAAE,CAAC;IAElC,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAC7B,IAAI,CAAyB,CAAC;QAC9B,OAAO,CAAC,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,WAAW,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAED,qBAAqB,CAAC,SAAS,GAAG,CAAC,CAAC;IACpC,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,cAAc,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7B,OAAO,CAAC,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnD,OAAO,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAG,oCAAoC,CAAC;IAC1D,YAAY,CAAC,SAAS,GAAG,CAAC,CAAC;IAC3B,OAAO,CAAC,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,KAAK,CAAC;YAAE,SAAS;QAC5D,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,SAAS;QACrC,IAAI,cAAc,CAAC,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,OAAO,EAAE,QAAQ,EAAE,CAAC"}

package/dist/sanitizer/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export { collectMatches, shannonEntropy, SECRET_PREFIXES } from "./core.js";
+export { sanitize, sanitizeMessages } from "./reversible.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/sanitizer/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5E,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/sanitizer/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export { collectMatches, shannonEntropy, SECRET_PREFIXES } from "./core.js";
+export { sanitize, sanitizeMessages } from "./reversible.js";
+//# sourceMappingURL=index.js.map

package/dist/sanitizer/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5E,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/sanitizer/reversible.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Reversible sanitizer — replaces sensitive data with numbered placeholders
+ * and returns a mapping table for later restoration.
+ */
+import type { SanitizeResult } from "../types.js";
+export declare function sanitize(content: any): SanitizeResult;
+export declare function sanitizeMessages(messages: any[]): SanitizeResult;
+//# sourceMappingURL=reversible.d.ts.map

package/dist/sanitizer/reversible.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"reversible.d.ts","sourceRoot":"","sources":["../../src/sanitizer/reversible.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,cAAc,EAA6B,MAAM,aAAa,CAAC;AA+D7E,wBAAgB,QAAQ,CAAC,OAAO,EAAE,GAAG,GAAG,cAAc,CAKrD;AAED,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,GAAG,EAAE,GAAG,cAAc,CAEhE"}

package/dist/sanitizer/reversible.js ADDED Viewed

@@ -0,0 +1,62 @@
+/**
+ * Reversible sanitizer — replaces sensitive data with numbered placeholders
+ * and returns a mapping table for later restoration.
+ */
+import { collectMatches } from "./core.js";
+// ---------------------------------------------------------------------------
+// Text-level sanitization
+// ---------------------------------------------------------------------------
+function sanitizeText(text, mappingTable, counters) {
+    const matches = collectMatches(text);
+    if (matches.length === 0)
+        return text;
+    // Deduplicate by original text
+    const unique = new Map();
+    for (const m of matches) {
+        if (!unique.has(m.originalText))
+            unique.set(m.originalText, m);
+    }
+    // Sort longest-first to avoid partial replacement
+    const sorted = [...unique.values()].sort((a, b) => b.originalText.length - a.originalText.length);
+    let sanitized = text;
+    for (const match of sorted) {
+        const n = (counters.get(match.category) ?? 0) + 1;
+        counters.set(match.category, n);
+        const placeholder = `__${match.category}_${n}__`;
+        const parts = sanitized.split(match.originalText);
+        if (parts.length > 1) {
+            sanitized = parts.join(placeholder);
+            mappingTable.set(placeholder, match.originalText);
+        }
+    }
+    return sanitized;
+}
+// ---------------------------------------------------------------------------
+// Recursive value sanitization
+// ---------------------------------------------------------------------------
+function sanitizeValue(value, mappingTable, counters) {
+    if (typeof value === "string")
+        return sanitizeText(value, mappingTable, counters);
+    if (Array.isArray(value))
+        return value.map((v) => sanitizeValue(v, mappingTable, counters));
+    if (value !== null && typeof value === "object") {
+        const out = {};
+        for (const [k, v] of Object.entries(value))
+            out[k] = sanitizeValue(v, mappingTable, counters);
+        return out;
+    }
+    return value;
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+export function sanitize(content) {
+    const mappingTable = new Map();
+    const counters = new Map();
+    const sanitized = sanitizeValue(content, mappingTable, counters);
+    return { sanitized, mappingTable, redactionCount: mappingTable.size };
+}
+export function sanitizeMessages(messages) {
+    return sanitize(messages);
+}
+//# sourceMappingURL=reversible.js.map

package/dist/sanitizer/reversible.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"reversible.js","sourceRoot":"","sources":["../../src/sanitizer/reversible.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3C,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,SAAS,YAAY,CACnB,IAAY,EACZ,YAA0B,EAC1B,QAA6B;IAE7B,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,+BAA+B;IAC/B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC9C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IACjE,CAAC;IAED,kDAAkD;IAClD,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,YAAY,CAAC,MAAM,CACxD,CAAC;IAEF,IAAI,SAAS,GAAG,IAAI,CAAC;IACrB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAClD,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAChC,MAAM,WAAW,GAAG,KAAK,KAAK,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC;QACjD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAClD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACpC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8EAA8E;AAC9E,+BAA+B;AAC/B,8EAA8E;AAE9E,SAAS,aAAa,CACpB,KAAU,EACV,YAA0B,EAC1B,QAA6B;IAE7B,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,YAAY,CAAC,KAAK,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;IAClF,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC5F,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,GAAG,GAAQ,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;YAAE,GAAG,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QAC9F,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E,MAAM,UAAU,QAAQ,CAAC,OAAY;IACnC,MAAM,YAAY,GAAiB,IAAI,GAAG,EAAE,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC3C,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;IACjE,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE,YAAY,CAAC,IAAI,EAAE,CAAC;AACxE,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAe;IAC9C,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC5B,CAAC"}

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * AI Security Gateway types
+ */
+export type MappingTable = Map<string, string>;
+export type SanitizeResult = {
+    sanitized: any;
+    mappingTable: MappingTable;
+    redactionCount: number;
+};
+export type GatewayConfig = {
+    port: number;
+    backends: {
+        anthropic?: {
+            baseUrl: string;
+            apiKey: string;
+        };
+        openai?: {
+            baseUrl: string;
+            apiKey: string;
+        };
+        gemini?: {
+            baseUrl: string;
+            apiKey: string;
+        };
+        openrouter?: {
+            baseUrl: string;
+            apiKey: string;
+            referer?: string;
+            title?: string;
+        };
+    };
+    routing?: {
+        [path: string]: keyof GatewayConfig["backends"];
+    };
+};
+export type EntityMatch = {
+    originalText: string;
+    category: string;
+    placeholder: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE/C,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,GAAG,CAAC;IACf,YAAY,EAAE,YAAY,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE;QACR,SAAS,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC;QAChD,MAAM,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC;QAC7C,MAAM,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC;QAC7C,UAAU,CAAC,EAAE;YACX,OAAO,EAAE,MAAM,CAAC;YAChB,MAAM,EAAE,MAAM,CAAC;YACf,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,KAAK,CAAC,EAAE,MAAM,CAAC;SAChB,CAAC;KACH,CAAC;IACF,OAAO,CAAC,EAAE;QAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAA;KAAE,CAAC;CAC/D,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC"}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,5 @@
+/**
+ * AI Security Gateway types
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/utils/http.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * HTTP utilities shared across handlers.
+ */
+import type { IncomingMessage, ServerResponse } from "node:http";
+export declare function readBody(req: IncomingMessage, maxBytes?: number): Promise<string>;
+export declare function sendJSON(res: ServerResponse, status: number, data: unknown): void;
+export declare function sendError(res: ServerResponse, status: number, message: string): void;
+export declare function forwardError(res: ServerResponse, upstream: Response): Promise<void>;
+//# sourceMappingURL=http.d.ts.map

package/dist/utils/http.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/utils/http.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAIjE,wBAAgB,QAAQ,CAAC,GAAG,EAAE,eAAe,EAAE,QAAQ,SAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,CAgBzF;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI,CAGjF;AAED,wBAAgB,SAAS,CAAC,GAAG,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAEpF;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAKnF"}

package/dist/utils/http.js ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * HTTP utilities shared across handlers.
+ */
+const MAX_BODY_BYTES = 10 * 1024 * 1024; // 10 MB
+export function readBody(req, maxBytes = MAX_BODY_BYTES) {
+    return new Promise((resolve, reject) => {
+        let body = "";
+        let bytes = 0;
+        req.on("data", (chunk) => {
+            bytes += chunk.length;
+            if (bytes > maxBytes) {
+                req.destroy();
+                reject(new Error(`Request body exceeds ${maxBytes} bytes`));
+                return;
+            }
+            body += chunk.toString();
+        });
+        req.on("end", () => resolve(body));
+        req.on("error", reject);
+    });
+}
+export function sendJSON(res, status, data) {
+    res.writeHead(status, { "Content-Type": "application/json" });
+    res.end(JSON.stringify(data));
+}
+export function sendError(res, status, message) {
+    sendJSON(res, status, { error: message });
+}
+export function forwardError(res, upstream) {
+    return upstream.text().then((body) => {
+        res.writeHead(upstream.status, { "Content-Type": "application/json" });
+        res.end(body);
+    });
+}
+//# sourceMappingURL=http.js.map

package/dist/utils/http.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/utils/http.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,cAAc,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,QAAQ;AAEjD,MAAM,UAAU,QAAQ,CAAC,GAAoB,EAAE,QAAQ,GAAG,cAAc;IACtE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,KAAK,IAAI,KAAK,CAAC,MAAM,CAAC;YACtB,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;gBACrB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,QAAQ,QAAQ,CAAC,CAAC,CAAC;gBAC5D,OAAO;YACT,CAAC;YACD,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACnC,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,GAAmB,EAAE,MAAc,EAAE,IAAa;IACzE,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC9D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,GAAmB,EAAE,MAAc,EAAE,OAAe;IAC5E,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAmB,EAAE,QAAkB;IAClE,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;QACnC,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACvE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/utils/stream.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * SSE streaming and JSON response utilities shared across handlers.
+ */
+import type { ServerResponse } from "node:http";
+import type { MappingTable } from "../types.js";
+/**
+ * Pipe an upstream SSE stream to the client, restoring placeholders per line.
+ */
+export declare function handleSSEStream(upstream: Response, res: ServerResponse, mappingTable: MappingTable): Promise<void>;
+/**
+ * Read a full JSON response from upstream, restore placeholders, and send it back.
+ */
+export declare function handleJSONResponse(upstream: Response, res: ServerResponse, mappingTable: MappingTable): Promise<void>;
+//# sourceMappingURL=stream.d.ts.map

package/dist/utils/stream.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"stream.d.ts","sourceRoot":"","sources":["../../src/utils/stream.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGhD;;GAEG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,cAAc,EACnB,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,IAAI,CAAC,CAkCf;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,cAAc,EACnB,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,IAAI,CAAC,CAKf"}

package/dist/utils/stream.js ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * SSE streaming and JSON response utilities shared across handlers.
+ */
+import { restore, restoreSSELine } from "../restorer.js";
+/**
+ * Pipe an upstream SSE stream to the client, restoring placeholders per line.
+ */
+export async function handleSSEStream(upstream, res, mappingTable) {
+    res.writeHead(200, {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        Connection: "keep-alive",
+    });
+    const reader = upstream.body?.getReader();
+    if (!reader) {
+        res.end();
+        return;
+    }
+    const decoder = new TextDecoder();
+    let buffer = "";
+    try {
+        while (true) {
+            const { done, value } = await reader.read();
+            if (done)
+                break;
+            buffer += decoder.decode(value, { stream: true });
+            const lines = buffer.split("\n");
+            buffer = lines.pop() || "";
+            for (const line of lines) {
+                if (!line.trim()) {
+                    res.write("\n");
+                    continue;
+                }
+                res.write(restoreSSELine(line, mappingTable) + "\n");
+            }
+        }
+        if (buffer.trim()) {
+            res.write(restoreSSELine(buffer, mappingTable) + "\n");
+        }
+    }
+    catch (err) {
+        console.error("[opentrust-gateway] Stream error:", err);
+    }
+    res.end();
+}
+/**
+ * Read a full JSON response from upstream, restore placeholders, and send it back.
+ */
+export async function handleJSONResponse(upstream, res, mappingTable) {
+    const data = JSON.parse(await upstream.text());
+    const restored = restore(data, mappingTable);
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify(restored));
+}
+//# sourceMappingURL=stream.js.map

package/dist/utils/stream.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"stream.js","sourceRoot":"","sources":["../../src/utils/stream.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEzD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAkB,EAClB,GAAmB,EACnB,YAA0B;IAE1B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;QACjB,cAAc,EAAE,mBAAmB;QACnC,eAAe,EAAE,UAAU;QAC3B,UAAU,EAAE,YAAY;KACzB,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QAAC,GAAG,CAAC,GAAG,EAAE,CAAC;QAAC,OAAO;IAAC,CAAC;IAEnC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,IAAI,CAAC;QACH,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,IAAI;gBAAE,MAAM;YAEhB,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;YAClD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjC,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;YAE3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;oBAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAAC,SAAS;gBAAC,CAAC;gBAChD,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAClB,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,GAAG,CAAC,CAAC;IAC1D,CAAC;IACD,GAAG,CAAC,GAAG,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,QAAkB,EAClB,GAAmB,EACnB,YAA0B;IAE1B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;AACpC,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,53 @@
+{
+  "name": "@opentrust/gateway",
+  "version": "7.1.0",
+  "description": "AI Security Gateway - secure proxy for LLM APIs with PII sanitization and credential detection",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": "./dist/index.js",
+    "./sanitizer/core": "./dist/sanitizer/core.js"
+  },
+  "bin": {
+    "opentrust-gateway": "dist/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/index.ts",
+    "start": "node dist/index.js",
+    "typecheck": "tsc --noEmit",
+    "test": "tsx test/sanitizer.test.ts",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "ai-security",
+    "ai-gateway",
+    "llm-proxy",
+    "pii-sanitization",
+    "credential-detection",
+    "opentrust",
+    "anthropic",
+    "openai",
+    "gemini"
+  ],
+  "author": "OpenTrust",
+  "license": "Apache-2.0",
+  "homepage": "https://github.com/opentrust/opentrust#readme",
+  "repository": { "type": "git", "url": "git+https://github.com/opentrust/opentrust.git", "directory": "gateway" },
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "dist/",
+    "src/"
+  ],
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsx": "^4.0.0",
+    "typescript": "^5.6.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}

package/src/config.ts ADDED Viewed

@@ -0,0 +1,91 @@
+/**
+ * Gateway configuration management
+ */
+import { readFileSync, existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import type { GatewayConfig } from "./types.js";
+const CONFIG_PATH = join(homedir(), ".opentrust", "gateway.json");
+const LEGACY_CONFIG_PATH = join(homedir(), ".opentrust-legacy", "gateway.json");
+export function loadConfig(configPath?: string): GatewayConfig {
+  const defaults: GatewayConfig = {
+    port: parseInt(process.env.GATEWAY_PORT || "8900", 10),
+    backends: {},
+  };
+  // Try explicit path, then new path, then legacy path
+  for (const p of [configPath, CONFIG_PATH, LEGACY_CONFIG_PATH]) {
+    if (p && existsSync(p)) {
+      try {
+        const file = JSON.parse(readFileSync(p, "utf-8"));
+        return applyEnvOverrides(merge(defaults, file));
+      } catch (err) {
+        console.warn(`[opentrust-gateway] Failed to load config from ${p}:`, err);
+      }
+    }
+  }
+  return applyEnvOverrides(defaults);
+}
+function applyEnvOverrides(config: GatewayConfig): GatewayConfig {
+  const env = process.env;
+  if (env.ANTHROPIC_API_KEY) {
+    config.backends.anthropic = {
+      baseUrl: env.ANTHROPIC_BASE_URL || "https://api.anthropic.com",
+      apiKey: env.ANTHROPIC_API_KEY,
+    };
+  }
+  if (env.OPENAI_API_KEY) {
+    config.backends.openai = {
+      baseUrl: env.OPENAI_BASE_URL || "https://api.openai.com",
+      apiKey: env.OPENAI_API_KEY,
+    };
+  }
+  if ((env.KIMI_API_KEY || env.MOONSHOT_API_KEY) && !config.backends.openai) {
+    config.backends.openai = {
+      baseUrl: env.KIMI_BASE_URL || "https://api.moonshot.cn",
+      apiKey: env.KIMI_API_KEY || env.MOONSHOT_API_KEY || "",
+    };
+  }
+  if (env.GEMINI_API_KEY || env.GOOGLE_API_KEY) {
+    config.backends.gemini = {
+      baseUrl: env.GEMINI_BASE_URL || "https://generativelanguage.googleapis.com",
+      apiKey: env.GEMINI_API_KEY || env.GOOGLE_API_KEY || "",
+    };
+  }
+  if (env.OPENROUTER_API_KEY) {
+    config.backends.openrouter = {
+      baseUrl: env.OPENROUTER_BASE_URL || "https://openrouter.ai/api",
+      apiKey: env.OPENROUTER_API_KEY,
+      ...(env.OPENROUTER_REFERER && { referer: env.OPENROUTER_REFERER }),
+      ...(env.OPENROUTER_TITLE && { title: env.OPENROUTER_TITLE }),
+    };
+  }
+  return config;
+}
+function merge(base: GatewayConfig, file: Partial<GatewayConfig>): GatewayConfig {
+  return {
+    port: file.port ?? base.port,
+    backends: { ...base.backends, ...file.backends },
+    routing: file.routing,
+  };
+}
+export function validateConfig(config: GatewayConfig): void {
+  if (config.port < 1 || config.port > 65535) throw new Error(`Invalid port: ${config.port}`);
+  for (const [name, backend] of Object.entries(config.backends)) {
+    if (!backend.baseUrl) throw new Error(`Backend ${name} missing baseUrl`);
+    if (!backend.apiKey) throw new Error(`Backend ${name} missing apiKey`);
+  }
+}

package/src/handlers/anthropic.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * Anthropic Messages API handler — POST /v1/messages
+ */
+import type { IncomingMessage, ServerResponse } from "node:http";
+import type { GatewayConfig } from "../types.js";
+import { sanitize } from "../sanitizer/index.js";
+import { readBody, sendError, forwardError } from "../utils/http.js";
+import { handleSSEStream, handleJSONResponse } from "../utils/stream.js";
+export async function handleAnthropicRequest(
+  req: IncomingMessage,
+  res: ServerResponse,
+  config: GatewayConfig,
+): Promise<void> {
+  try {
+    const { model, messages, system, tools, max_tokens, temperature, stream = false, ...rest } =
+      JSON.parse(await readBody(req));
+    const { sanitized: sanitizedMessages, mappingTable } = sanitize(messages);
+    const sanitizedSystem = system ? sanitize(system).sanitized : system;
+    const backend = config.backends.anthropic;
+    if (!backend) { sendError(res, 500, "Anthropic backend not configured"); return; }
+    const response = await fetch(`${backend.baseUrl}/v1/messages`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "anthropic-version": (req.headers["anthropic-version"] as string) || "2023-06-01",
+        "x-api-key": backend.apiKey,
+      },
+      body: JSON.stringify({
+        model,
+        messages: sanitizedMessages,
+        ...(system && { system: sanitizedSystem }),
+        ...(tools && { tools }),
+        max_tokens,
+        ...(temperature !== undefined && { temperature }),
+        stream,
+        ...rest,
+      }),
+    });
+    if (!response.ok) { await forwardError(res, response); return; }
+    if (stream) await handleSSEStream(response, res, mappingTable);
+    else await handleJSONResponse(response, res, mappingTable);
+  } catch (error) {
+    console.error("[opentrust-gateway] Anthropic handler error:", error);
+    sendError(res, 500, error instanceof Error ? error.message : String(error));
+  }
+}

package/src/handlers/gemini.ts ADDED Viewed

@@ -0,0 +1,46 @@
+/**
+ * Google Gemini handler — POST /v1/models/:model:generateContent
+ */
+import type { IncomingMessage, ServerResponse } from "node:http";
+import type { GatewayConfig } from "../types.js";
+import { sanitize } from "../sanitizer/index.js";
+import { restore } from "../restorer.js";
+import { readBody, sendError, forwardError, sendJSON } from "../utils/http.js";
+export async function handleGeminiRequest(
+  req: IncomingMessage,
+  res: ServerResponse,
+  config: GatewayConfig,
+  modelName: string,
+): Promise<void> {
+  try {
+    const { contents, tools, generationConfig, ...rest } = JSON.parse(await readBody(req));
+    const { sanitized: sanitizedContents, mappingTable } = sanitize(contents);
+    const backend = config.backends.gemini;
+    if (!backend) { sendError(res, 500, "Gemini backend not configured"); return; }
+    const response = await fetch(`${backend.baseUrl}/v1/models/${modelName}:generateContent`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "x-goog-api-key": backend.apiKey,
+      },
+      body: JSON.stringify({
+        contents: sanitizedContents,
+        ...(tools && { tools }),
+        ...(generationConfig && { generationConfig }),
+        ...rest,
+      }),
+    });
+    if (!response.ok) { await forwardError(res, response); return; }
+    const data = JSON.parse(await response.text());
+    sendJSON(res, 200, restore(data, mappingTable));
+  } catch (error) {
+    console.error("[opentrust-gateway] Gemini handler error:", error);
+    sendError(res, 500, error instanceof Error ? error.message : String(error));
+  }
+}