@opentrust/gateway 7.1.0

package/src/handlers/models.ts

@@ -0,0 +1,31 @@
+/**
+ * Model list proxy — GET /v1/models
+ */
+
+import type { ServerResponse } from "node:http";
+import type { GatewayConfig } from "../types.js";
+import { sendError } from "../utils/http.js";
+
+export async function handleModelsRequest(
+  res: ServerResponse,
+  config: GatewayConfig,
+): Promise<void> {
+  try {
+    const backend = config.backends.openrouter ?? config.backends.openai;
+    if (!backend) { sendError(res, 500, "No OpenAI-compatible backend configured"); return; }
+
+    const headers: Record<string, string> = { Authorization: `Bearer ${backend.apiKey}` };
+    if (config.backends.openrouter) {
+      const or = config.backends.openrouter;
+      if (or.referer) headers["HTTP-Referer"] = or.referer;
+      if (or.title) headers["X-Title"] = or.title;
+    }
+
+    const response = await fetch(`${backend.baseUrl}/v1/models`, { headers });
+    res.writeHead(response.status, { "Content-Type": "application/json" });
+    res.end(await response.text());
+  } catch (error) {
+    console.error("[opentrust-gateway] Models request error:", error);
+    sendError(res, 500, error instanceof Error ? error.message : String(error));
+  }
+}

package/src/handlers/openai.ts

@@ -0,0 +1,55 @@
+/**
+ * OpenAI Chat Completions handler — POST /v1/chat/completions
+ * Also compatible with OpenRouter, Kimi, DeepSeek, etc.
+ */
+
+import type { IncomingMessage, ServerResponse } from "node:http";
+import type { MappingTable } from "../types.js";
+import { sanitize } from "../sanitizer/index.js";
+import { readBody, sendError, forwardError } from "../utils/http.js";
+import { handleSSEStream, handleJSONResponse } from "../utils/stream.js";
+
+export type OpenAICompatibleBackend = { baseUrl: string; apiKey: string };
+
+export async function handleOpenAIRequest(
+  req: IncomingMessage,
+  res: ServerResponse,
+  backend: OpenAICompatibleBackend,
+  extraHeaders?: Record<string, string>,
+): Promise<void> {
+  try {
+    const { model, messages, tools, tool_choice, temperature, max_tokens, stream = false, ...rest } =
+      JSON.parse(await readBody(req));
+
+    const { sanitized: sanitizedMessages, mappingTable } = sanitize(messages);
+
+    const headers: Record<string, string> = {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${backend.apiKey}`,
+      ...extraHeaders,
+    };
+
+    const response = await fetch(`${backend.baseUrl}/v1/chat/completions`, {
+      method: "POST",
+      headers,
+      body: JSON.stringify({
+        model,
+        messages: sanitizedMessages,
+        ...(tools && { tools }),
+        ...(tool_choice && { tool_choice }),
+        ...(temperature !== undefined && { temperature }),
+        ...(max_tokens && { max_tokens }),
+        stream,
+        ...rest,
+      }),
+    });
+
+    if (!response.ok) { await forwardError(res, response); return; }
+
+    if (stream) await handleSSEStream(response, res, mappingTable);
+    else await handleJSONResponse(response, res, mappingTable);
+  } catch (error) {
+    console.error("[opentrust-gateway] OpenAI handler error:", error);
+    sendError(res, 500, error instanceof Error ? error.message : String(error));
+  }
+}

package/src/index.ts

@@ -0,0 +1,115 @@
+#!/usr/bin/env node
+/**
+ * OpenTrust AI Security Gateway
+ *
+ * Local HTTP proxy that intercepts LLM API calls, sanitizes sensitive data
+ * before sending to providers, and restores it in responses.
+ */
+
+import { createServer } from "node:http";
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { loadConfig, validateConfig } from "./config.js";
+import type { GatewayConfig } from "./types.js";
+import { handleAnthropicRequest } from "./handlers/anthropic.js";
+import { handleOpenAIRequest } from "./handlers/openai.js";
+import { handleGeminiRequest } from "./handlers/gemini.js";
+import { handleModelsRequest } from "./handlers/models.js";
+import { sendJSON, sendError } from "./utils/http.js";
+
+const LOG = "[opentrust-gateway]";
+let config: GatewayConfig;
+
+async function handleRequest(req: IncomingMessage, res: ServerResponse): Promise<void> {
+  const { method, url } = req;
+  console.log(`${LOG} ${method} ${url}`);
+
+  // CORS
+  res.setHeader("Access-Control-Allow-Origin", "*");
+  res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+  res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, x-api-key, anthropic-version");
+
+  if (method === "OPTIONS") { res.writeHead(204); res.end(); return; }
+
+  if (url === "/health") { sendJSON(res, 200, { status: "ok", version: "7.0.0" }); return; }
+
+  if (method === "GET" && url === "/v1/models") { await handleModelsRequest(res, config); return; }
+
+  if (method !== "POST") { sendError(res, 405, "Method not allowed"); return; }
+
+  try {
+    if (url === "/v1/messages") {
+      await handleAnthropicRequest(req, res, config);
+    } else if (url === "/v1/chat/completions") {
+      await routeOpenAI(req, res);
+    } else if (url?.match(/^\/v1\/models\/(.+):generateContent$/)) {
+      const modelName = url.match(/^\/v1\/models\/(.+):generateContent$/)?.[1];
+      if (modelName) await handleGeminiRequest(req, res, config, modelName);
+      else sendError(res, 404, "Model name required");
+    } else {
+      sendError(res, 404, `Not found: ${url}`);
+    }
+  } catch (error) {
+    console.error(`${LOG} Request handler error:`, error);
+    sendError(res, 500, error instanceof Error ? error.message : String(error));
+  }
+}
+
+async function routeOpenAI(req: IncomingMessage, res: ServerResponse): Promise<void> {
+  const explicit = config.routing?.["/v1/chat/completions"];
+
+  if (explicit === "openrouter" || (!explicit && config.backends.openrouter)) {
+    const backend = config.backends.openrouter;
+    if (!backend) { sendError(res, 500, "No OpenRouter backend configured"); return; }
+    const extra: Record<string, string> = {};
+    if (backend.referer) extra["HTTP-Referer"] = backend.referer;
+    if (backend.title) extra["X-Title"] = backend.title;
+    await handleOpenAIRequest(req, res, backend, extra);
+  } else if (explicit === "openai" || (!explicit && config.backends.openai)) {
+    const backend = config.backends.openai;
+    if (!backend) { sendError(res, 500, "No OpenAI backend configured"); return; }
+    await handleOpenAIRequest(req, res, backend);
+  } else {
+    sendError(res, 500, "No OpenAI-compatible backend configured");
+  }
+}
+
+export function startGateway(configPath?: string): void {
+  try {
+    config = loadConfig(configPath);
+    validateConfig(config);
+
+    console.log(`${LOG} Configuration loaded:`);
+    console.log(`  Port: ${config.port}`);
+    console.log(`  Backends: ${Object.keys(config.backends).join(", ") || "(none)"}`);
+
+    const server = createServer(handleRequest);
+    const host = process.env.GATEWAY_HOST || "127.0.0.1";
+    server.listen(config.port, host, () => {
+      console.log(`${LOG} Listening on http://${host}:${config.port}`);
+      console.log(`  POST /v1/messages            — Anthropic`);
+      console.log(`  POST /v1/chat/completions    — OpenAI / OpenRouter`);
+      console.log(`  POST /v1/models/:m:generate  — Gemini`);
+      console.log(`  GET  /v1/models              — List models`);
+      console.log(`  GET  /health                 — Health check`);
+    });
+
+    const shutdown = () => {
+      console.log(`\n${LOG} Shutting down...`);
+      server.close(() => process.exit(0));
+    };
+    process.on("SIGINT", shutdown);
+    process.on("SIGTERM", shutdown);
+  } catch (error) {
+    console.error(`${LOG} Failed to start:`, error);
+    process.exit(1);
+  }
+}
+
+// Re-exports
+export { sanitize, sanitizeMessages } from "./sanitizer/index.js";
+export { restore, restoreJSON, restoreSSELine } from "./restorer.js";
+export type { GatewayConfig, MappingTable, SanitizeResult, EntityMatch } from "./types.js";
+
+if (import.meta.url === `file://${process.argv[1]}`) {
+  startGateway(process.argv[2]);
+}

package/src/restorer.ts

@@ -0,0 +1,49 @@
+/**
+ * Content restorer — replaces placeholders back to original values.
+ */
+
+import type { MappingTable } from "./types.js";
+
+function restoreText(text: string, map: MappingTable): string {
+  let out = text;
+  const keys = Array.from(map.keys()).sort((a, b) => b.length - a.length);
+  for (const k of keys) out = out.split(k).join(map.get(k)!);
+  return out;
+}
+
+function restoreValue(value: any, map: MappingTable): any {
+  if (typeof value === "string") return restoreText(value, map);
+  if (Array.isArray(value)) return value.map((v) => restoreValue(v, map));
+  if (value !== null && typeof value === "object") {
+    const out: any = {};
+    for (const [k, v] of Object.entries(value)) out[k] = restoreValue(v, map);
+    return out;
+  }
+  return value;
+}
+
+export function restore(content: any, map: MappingTable): any {
+  if (map.size === 0) return content;
+  return restoreValue(content, map);
+}
+
+export function restoreJSON(jsonString: string, map: MappingTable): string {
+  if (map.size === 0) return jsonString;
+  try {
+    return JSON.stringify(restore(JSON.parse(jsonString), map));
+  } catch {
+    return restoreText(jsonString, map);
+  }
+}
+
+export function restoreSSELine(line: string, map: MappingTable): string {
+  if (map.size === 0) return line;
+  if (!line.startsWith("data: ")) return line;
+  const data = line.slice(6);
+  if (data === "[DONE]") return line;
+  try {
+    return `data: ${JSON.stringify(restore(JSON.parse(data), map))}\n`;
+  } catch {
+    return `data: ${restoreText(data, map)}\n`;
+  }
+}

package/src/sanitizer/core.ts

@@ -0,0 +1,102 @@
+/**
+ * Sanitizer core — entity definitions, pattern matching, entropy detection.
+ * Shared between gateway (reversible) and guards (one-way).
+ */
+
+import type { EntityMatch } from "../types.js";
+
+// ---------------------------------------------------------------------------
+// Entity Definitions
+// ---------------------------------------------------------------------------
+
+type Entity = {
+  category: string;
+  categoryKey: string;
+  pattern: RegExp;
+};
+
+const ENTITIES: Entity[] = [
+  { category: "URL", categoryKey: "url", pattern: /https?:\/\/[^\s<>"{}|\\^`\[\]]+/g },
+  { category: "EMAIL", categoryKey: "email", pattern: /[A-Za-z0-9._%+\-]+@[A-Za-z0-9.\-]+\.[A-Za-z]{2,}/g },
+  { category: "CREDIT_CARD", categoryKey: "credit_card", pattern: /\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/g },
+  { category: "BANK_CARD", categoryKey: "bank_card", pattern: /\b\d{16,19}\b/g },
+  { category: "SSN", categoryKey: "ssn", pattern: /\b\d{3}-\d{2}-\d{4}\b/g },
+  { category: "IBAN", categoryKey: "iban", pattern: /\b[A-Z]{2}\d{2}[A-Z0-9]{4}\d{7}[A-Z0-9]{0,16}\b/g },
+  { category: "IP_ADDRESS", categoryKey: "ip", pattern: /\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/g },
+  { category: "PHONE", categoryKey: "phone", pattern: /[+]?[0-9]{1,3}?[-\s.]?[(]?[0-9]{3}[)]?[-\s.][0-9]{3,4}[-\s.][0-9]{4,6}\b/g },
+];
+
+// ---------------------------------------------------------------------------
+// Secret detection
+// ---------------------------------------------------------------------------
+
+export const SECRET_PREFIXES = [
+  "sk-", "sk_", "pk_", "ghp_", "AKIA", "xox", "SG.", "hf_",
+  "api-", "token-", "secret-",
+];
+
+const BEARER_PATTERN = /Bearer\s+[A-Za-z0-9\-_.~+/]+=*/g;
+
+const SECRET_PREFIX_PATTERN = new RegExp(
+  `(?:${SECRET_PREFIXES.map((p) => p.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")).join("|")})[A-Za-z0-9\\-_.~+/]{8,}=*`,
+  "g",
+);
+
+// ---------------------------------------------------------------------------
+// Shannon entropy
+// ---------------------------------------------------------------------------
+
+export function shannonEntropy(s: string): number {
+  if (s.length === 0) return 0;
+  const freq = new Map<string, number>();
+  for (const ch of s) freq.set(ch, (freq.get(ch) ?? 0) + 1);
+  let entropy = 0;
+  for (const count of freq.values()) {
+    const p = count / s.length;
+    entropy -= p * Math.log2(p);
+  }
+  return entropy;
+}
+
+// ---------------------------------------------------------------------------
+// Match collection (public — used by both gateway and guards)
+// ---------------------------------------------------------------------------
+
+export function collectMatches(content: string): EntityMatch[] {
+  const matches: EntityMatch[] = [];
+
+  for (const entity of ENTITIES) {
+    entity.pattern.lastIndex = 0;
+    let m: RegExpExecArray | null;
+    while ((m = entity.pattern.exec(content)) !== null) {
+      matches.push({ originalText: m[0], category: entity.categoryKey, placeholder: "" });
+    }
+  }
+
+  SECRET_PREFIX_PATTERN.lastIndex = 0;
+  let m: RegExpExecArray | null;
+  while ((m = SECRET_PREFIX_PATTERN.exec(content)) !== null) {
+    matches.push({ originalText: m[0], category: "secret", placeholder: "" });
+  }
+
+  BEARER_PATTERN.lastIndex = 0;
+  while ((m = BEARER_PATTERN.exec(content)) !== null) {
+    matches.push({ originalText: m[0], category: "secret", placeholder: "" });
+  }
+
+  // High-entropy tokens
+  const tokenPattern = /\b[A-Za-z0-9\-_.~+/]{20,}={0,3}\b/g;
+  tokenPattern.lastIndex = 0;
+  while ((m = tokenPattern.exec(content)) !== null) {
+    const token = m[0];
+    if (matches.some((e) => e.originalText === token)) continue;
+    if (/^[a-z]+$/.test(token)) continue;
+    if (shannonEntropy(token) >= 4.0) {
+      matches.push({ originalText: token, category: "secret", placeholder: "" });
+    }
+  }
+
+  return matches;
+}
+
+export { ENTITIES };

package/src/sanitizer/index.ts

@@ -0,0 +1,2 @@
+export { collectMatches, shannonEntropy, SECRET_PREFIXES } from "./core.js";
+export { sanitize, sanitizeMessages } from "./reversible.js";

package/src/sanitizer/reversible.ts

@@ -0,0 +1,78 @@
+/**
+ * Reversible sanitizer — replaces sensitive data with numbered placeholders
+ * and returns a mapping table for later restoration.
+ */
+
+import type { SanitizeResult, MappingTable, EntityMatch } from "../types.js";
+import { collectMatches } from "./core.js";
+
+// ---------------------------------------------------------------------------
+// Text-level sanitization
+// ---------------------------------------------------------------------------
+
+function sanitizeText(
+  text: string,
+  mappingTable: MappingTable,
+  counters: Map<string, number>,
+): string {
+  const matches = collectMatches(text);
+  if (matches.length === 0) return text;
+
+  // Deduplicate by original text
+  const unique = new Map<string, EntityMatch>();
+  for (const m of matches) {
+    if (!unique.has(m.originalText)) unique.set(m.originalText, m);
+  }
+
+  // Sort longest-first to avoid partial replacement
+  const sorted = [...unique.values()].sort(
+    (a, b) => b.originalText.length - a.originalText.length,
+  );
+
+  let sanitized = text;
+  for (const match of sorted) {
+    const n = (counters.get(match.category) ?? 0) + 1;
+    counters.set(match.category, n);
+    const placeholder = `__${match.category}_${n}__`;
+    const parts = sanitized.split(match.originalText);
+    if (parts.length > 1) {
+      sanitized = parts.join(placeholder);
+      mappingTable.set(placeholder, match.originalText);
+    }
+  }
+  return sanitized;
+}
+
+// ---------------------------------------------------------------------------
+// Recursive value sanitization
+// ---------------------------------------------------------------------------
+
+function sanitizeValue(
+  value: any,
+  mappingTable: MappingTable,
+  counters: Map<string, number>,
+): any {
+  if (typeof value === "string") return sanitizeText(value, mappingTable, counters);
+  if (Array.isArray(value)) return value.map((v) => sanitizeValue(v, mappingTable, counters));
+  if (value !== null && typeof value === "object") {
+    const out: any = {};
+    for (const [k, v] of Object.entries(value)) out[k] = sanitizeValue(v, mappingTable, counters);
+    return out;
+  }
+  return value;
+}
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+export function sanitize(content: any): SanitizeResult {
+  const mappingTable: MappingTable = new Map();
+  const counters = new Map<string, number>();
+  const sanitized = sanitizeValue(content, mappingTable, counters);
+  return { sanitized, mappingTable, redactionCount: mappingTable.size };
+}
+
+export function sanitizeMessages(messages: any[]): SanitizeResult {
+  return sanitize(messages);
+}

package/src/types.ts

@@ -0,0 +1,33 @@
+/**
+ * AI Security Gateway types
+ */
+
+export type MappingTable = Map<string, string>;
+
+export type SanitizeResult = {
+  sanitized: any;
+  mappingTable: MappingTable;
+  redactionCount: number;
+};
+
+export type GatewayConfig = {
+  port: number;
+  backends: {
+    anthropic?: { baseUrl: string; apiKey: string };
+    openai?: { baseUrl: string; apiKey: string };
+    gemini?: { baseUrl: string; apiKey: string };
+    openrouter?: {
+      baseUrl: string;
+      apiKey: string;
+      referer?: string;
+      title?: string;
+    };
+  };
+  routing?: { [path: string]: keyof GatewayConfig["backends"] };
+};
+
+export type EntityMatch = {
+  originalText: string;
+  category: string;
+  placeholder: string;
+};

package/src/utils/http.ts

@@ -0,0 +1,41 @@
+/**
+ * HTTP utilities shared across handlers.
+ */
+
+import type { IncomingMessage, ServerResponse } from "node:http";
+
+const MAX_BODY_BYTES = 10 * 1024 * 1024; // 10 MB
+
+export function readBody(req: IncomingMessage, maxBytes = MAX_BODY_BYTES): Promise<string> {
+  return new Promise((resolve, reject) => {
+    let body = "";
+    let bytes = 0;
+    req.on("data", (chunk: Buffer) => {
+      bytes += chunk.length;
+      if (bytes > maxBytes) {
+        req.destroy();
+        reject(new Error(`Request body exceeds ${maxBytes} bytes`));
+        return;
+      }
+      body += chunk.toString();
+    });
+    req.on("end", () => resolve(body));
+    req.on("error", reject);
+  });
+}
+
+export function sendJSON(res: ServerResponse, status: number, data: unknown): void {
+  res.writeHead(status, { "Content-Type": "application/json" });
+  res.end(JSON.stringify(data));
+}
+
+export function sendError(res: ServerResponse, status: number, message: string): void {
+  sendJSON(res, status, { error: message });
+}
+
+export function forwardError(res: ServerResponse, upstream: Response): Promise<void> {
+  return upstream.text().then((body) => {
+    res.writeHead(upstream.status, { "Content-Type": "application/json" });
+    res.end(body);
+  });
+}

package/src/utils/stream.ts

@@ -0,0 +1,64 @@
+/**
+ * SSE streaming and JSON response utilities shared across handlers.
+ */
+
+import type { ServerResponse } from "node:http";
+import type { MappingTable } from "../types.js";
+import { restore, restoreSSELine } from "../restorer.js";
+
+/**
+ * Pipe an upstream SSE stream to the client, restoring placeholders per line.
+ */
+export async function handleSSEStream(
+  upstream: Response,
+  res: ServerResponse,
+  mappingTable: MappingTable,
+): Promise<void> {
+  res.writeHead(200, {
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache",
+    Connection: "keep-alive",
+  });
+
+  const reader = upstream.body?.getReader();
+  if (!reader) { res.end(); return; }
+
+  const decoder = new TextDecoder();
+  let buffer = "";
+
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+
+      buffer += decoder.decode(value, { stream: true });
+      const lines = buffer.split("\n");
+      buffer = lines.pop() || "";
+
+      for (const line of lines) {
+        if (!line.trim()) { res.write("\n"); continue; }
+        res.write(restoreSSELine(line, mappingTable) + "\n");
+      }
+    }
+    if (buffer.trim()) {
+      res.write(restoreSSELine(buffer, mappingTable) + "\n");
+    }
+  } catch (err) {
+    console.error("[opentrust-gateway] Stream error:", err);
+  }
+  res.end();
+}
+
+/**
+ * Read a full JSON response from upstream, restore placeholders, and send it back.
+ */
+export async function handleJSONResponse(
+  upstream: Response,
+  res: ServerResponse,
+  mappingTable: MappingTable,
+): Promise<void> {
+  const data = JSON.parse(await upstream.text());
+  const restored = restore(data, mappingTable);
+  res.writeHead(200, { "Content-Type": "application/json" });
+  res.end(JSON.stringify(restored));
+}