npm - @oscharko-dev/keiko-model-gateway - Versions diffs - 0.2.0 - Mend

@oscharko-dev/keiko-model-gateway 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (116) hide show

package/dist/.tsbuildinfo +1 -0
package/dist/capabilities.d.ts +26 -0
package/dist/capabilities.d.ts.map +1 -0
package/dist/capabilities.data.d.ts +3 -0
package/dist/capabilities.data.d.ts.map +1 -0
package/dist/capabilities.data.js +5 -0
package/dist/capabilities.js +169 -0
package/dist/config.d.ts +34 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +733 -0
package/dist/embedding.d.ts +38 -0
package/dist/embedding.d.ts.map +1 -0
package/dist/embedding.js +118 -0
package/dist/gateway.d.ts +23 -0
package/dist/gateway.d.ts.map +1 -0
package/dist/gateway.js +144 -0
package/dist/http.d.ts +24 -0
package/dist/http.d.ts.map +1 -0
package/dist/http.js +666 -0
package/dist/index.d.ts +16 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +34 -0
package/dist/model-selection.d.ts +22 -0
package/dist/model-selection.d.ts.map +1 -0
package/dist/model-selection.js +59 -0
package/dist/normalize.d.ts +9 -0
package/dist/normalize.d.ts.map +1 -0
package/dist/normalize.js +114 -0
package/dist/openai-adapter.d.ts +22 -0
package/dist/openai-adapter.d.ts.map +1 -0
package/dist/openai-adapter.js +382 -0
package/dist/openai-embedding-adapter.d.ts +46 -0
package/dist/openai-embedding-adapter.d.ts.map +1 -0
package/dist/openai-embedding-adapter.js +271 -0
package/dist/promptEnhancer/__tests__/_support.d.ts +15 -0
package/dist/promptEnhancer/__tests__/_support.d.ts.map +1 -0
package/dist/promptEnhancer/__tests__/_support.js +28 -0
package/dist/promptEnhancer/__tests__/fixtures.d.ts +8 -0
package/dist/promptEnhancer/__tests__/fixtures.d.ts.map +1 -0
package/dist/promptEnhancer/__tests__/fixtures.js +58 -0
package/dist/promptEnhancer/__tests__/grounding-fixtures.d.ts +11 -0
package/dist/promptEnhancer/__tests__/grounding-fixtures.d.ts.map +1 -0
package/dist/promptEnhancer/__tests__/grounding-fixtures.js +84 -0
package/dist/promptEnhancer/candidates.d.ts +32 -0
package/dist/promptEnhancer/candidates.d.ts.map +1 -0
package/dist/promptEnhancer/candidates.js +109 -0
package/dist/promptEnhancer/critic.d.ts +22 -0
package/dist/promptEnhancer/critic.d.ts.map +1 -0
package/dist/promptEnhancer/critic.js +237 -0
package/dist/promptEnhancer/generator.d.ts +15 -0
package/dist/promptEnhancer/generator.d.ts.map +1 -0
package/dist/promptEnhancer/generator.js +424 -0
package/dist/promptEnhancer/index.d.ts +16 -0
package/dist/promptEnhancer/index.d.ts.map +1 -0
package/dist/promptEnhancer/index.js +15 -0
package/dist/promptEnhancer/optimize.d.ts +27 -0
package/dist/promptEnhancer/optimize.d.ts.map +1 -0
package/dist/promptEnhancer/optimize.js +203 -0
package/dist/promptEnhancer/planner.d.ts +36 -0
package/dist/promptEnhancer/planner.d.ts.map +1 -0
package/dist/promptEnhancer/planner.js +55 -0
package/dist/promptEnhancer/profiles.d.ts +20 -0
package/dist/promptEnhancer/profiles.d.ts.map +1 -0
package/dist/promptEnhancer/profiles.js +126 -0
package/dist/promptEnhancer/rendering.d.ts +15 -0
package/dist/promptEnhancer/rendering.d.ts.map +1 -0
package/dist/promptEnhancer/rendering.js +72 -0
package/dist/promptEnhancer/validate.d.ts +31 -0
package/dist/promptEnhancer/validate.d.ts.map +1 -0
package/dist/promptEnhancer/validate.js +144 -0
package/dist/qualityIntelligence/budget.d.ts +10 -0
package/dist/qualityIntelligence/budget.d.ts.map +1 -0
package/dist/qualityIntelligence/budget.js +38 -0
package/dist/qualityIntelligence/cancellation.d.ts +7 -0
package/dist/qualityIntelligence/cancellation.d.ts.map +1 -0
package/dist/qualityIntelligence/cancellation.js +58 -0
package/dist/qualityIntelligence/capabilityGate.d.ts +13 -0
package/dist/qualityIntelligence/capabilityGate.d.ts.map +1 -0
package/dist/qualityIntelligence/capabilityGate.js +51 -0
package/dist/qualityIntelligence/capabilityMapping.d.ts +4 -0
package/dist/qualityIntelligence/capabilityMapping.d.ts.map +1 -0
package/dist/qualityIntelligence/capabilityMapping.js +21 -0
package/dist/qualityIntelligence/circuitBreaker.d.ts +26 -0
package/dist/qualityIntelligence/circuitBreaker.d.ts.map +1 -0
package/dist/qualityIntelligence/circuitBreaker.js +78 -0
package/dist/qualityIntelligence/dispatcher.d.ts +38 -0
package/dist/qualityIntelligence/dispatcher.d.ts.map +1 -0
package/dist/qualityIntelligence/dispatcher.js +116 -0
package/dist/qualityIntelligence/index.d.ts +20 -0
package/dist/qualityIntelligence/index.d.ts.map +1 -0
package/dist/qualityIntelligence/index.js +15 -0
package/dist/qualityIntelligence/promptSegmentation.d.ts +13 -0
package/dist/qualityIntelligence/promptSegmentation.d.ts.map +1 -0
package/dist/qualityIntelligence/promptSegmentation.js +70 -0
package/dist/qualityIntelligence/replayCache.d.ts +11 -0
package/dist/qualityIntelligence/replayCache.d.ts.map +1 -0
package/dist/qualityIntelligence/replayCache.js +72 -0
package/dist/qualityIntelligence/routing.d.ts +11 -0
package/dist/qualityIntelligence/routing.d.ts.map +1 -0
package/dist/qualityIntelligence/routing.js +25 -0
package/dist/qualityIntelligence/safeError.d.ts +38 -0
package/dist/qualityIntelligence/safeError.d.ts.map +1 -0
package/dist/qualityIntelligence/safeError.js +63 -0
package/dist/qualityIntelligence/taskProfiles.d.ts +15 -0
package/dist/qualityIntelligence/taskProfiles.d.ts.map +1 -0
package/dist/qualityIntelligence/taskProfiles.js +101 -0
package/dist/resilience.d.ts +26 -0
package/dist/resilience.d.ts.map +1 -0
package/dist/resilience.js +182 -0
package/dist/types.d.ts +59 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +6 -0
package/dist/version.d.ts +2 -0
package/dist/version.d.ts.map +1 -0
package/dist/version.js +3 -0
package/package.json +47 -0

package/dist/index.js ADDED Viewed

@@ -0,0 +1,34 @@
+// Public barrel for the model gateway: wire/config types, the Gateway orchestrator,
+// capability helpers, config loaders, model selection, and the typed error taxonomy.
+// Low-level provider adapters, HTTP transport, response normalization, and retry primitives
+// for PRODUCTIVE chat calls are intentionally kept off this surface so productive calls
+// cannot bypass Gateway routing.
+//
+// Carve-out (#192): the OpenAI-compatible embeddings transport (`requestOpenAIEmbedding`)
+// IS exported as the default `OpenAIEmbeddingAdapter.request` implementation. This is the
+// `OpenAIEmbeddingAdapter` injection port for `verifyEmbeddingCapability` — an out-of-band
+// capability probe, not a productive model call. Productive embedding flows still compose
+// the adapter behind the Local Knowledge Connector orchestrator (#196), so the Gateway-
+// routing invariant is preserved.
+export { KEIKO_MODEL_GATEWAY_VERSION } from "./version.js";
+export { CAPABILITY_REGISTRY, createDefaultChatCapability, explainConversationIneligibility, findCapability, INFILLING_ALIGNMENTS, isAlignedInfillingModel, isAsYouTypeCompletionModel, isConversationEligibleModel, listCapabilities, modelSupportsInfilling, resolveCostClass, selectCheapest, selectCompletionModelFromCapabilities, } from "./capabilities.js";
+export { CAPABILITY_DATA } from "./capabilities.data.js";
+export { apiKeyHeaderValue, DEFAULT_API_KEY_HEADER_NAME, loadConfigFromFile, loadEgressConfigFromFile, normalizeApiKeyHeaderName, parseGatewayConfig, resolveOutboundHttpEgressConfig, toSafeObject, validateBaseUrl, } from "./config.js";
+export { Gateway } from "./gateway.js";
+export { assertConfiguredModel, findConfiguredCapability, listConfiguredCapabilities, selectCompletionModel, selectConfiguredModel, } from "./model-selection.js";
+export { assertCompatibleEmbeddingIdentity, verifyEmbeddingCapability, } from "./embedding.js";
+export { requestOpenAIEmbedding, requestOpenAIEmbeddingBatch, } from "./openai-embedding-adapter.js";
+export { redact } from "@oscharko-dev/keiko-security";
+export { AuthenticationError, CancelledError, CircuitOpenError, ConfigInvalidError, ContextOverflowError, ERROR_CODES, GatewayEgressError, GatewayError, MalformedToolCallError, ModelRefusalError, ProviderError, RateLimitError, TimeoutError, TransportError, UnknownModelError, } from "@oscharko-dev/keiko-security/errors/gateway";
+// Quality Intelligence sub-module (Epic #270, Issue #279). Exposed under a namespace so
+// callers reach typed task profiles, the prompt-segmentation seam, the capability gate,
+// the safe-error taxonomy, and (post-M3) the dispatcher via a single import surface.
+export * as QualityIntelligence from "./qualityIntelligence/index.js";
+// Flat re-exports of the QI dispatcher surface so downstream orchestration packages
+// (Issue #273 keiko-workflows runners) avoid namespace plumbing on hot paths.
+export { QualityIntelligenceSafeErrorException, createInMemoryReplayCache, deriveReplayCacheKey, dispatchQualityIntelligenceRequest, isCacheable, } from "./qualityIntelligence/index.js";
+// Prompt Enhancer sub-module (Epic #1307, Issue #1310; ADR-0044 §1). Exposed under a namespace,
+// mirroring Quality Intelligence, so callers reach the generation-profile execution catalog, the
+// deterministic planner, the structured generator, and the provider-neutral renderers. Model-bound
+// candidate/critic dispatch is added by #1312.
+export * as PromptEnhancer from "./promptEnhancer/index.js";

package/dist/model-selection.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { type CompletionSelectionOptions } from "./capabilities.js";
+import type { CompletionModelSelection, GatewayConfig, ModelCapability, ModelKind } from "./types.js";
+export interface ModelSelectionQuery {
+    readonly kind: ModelKind;
+    readonly toolCalling?: boolean | undefined;
+    readonly structuredOutput?: boolean | undefined;
+    readonly minContextWindow?: number | undefined;
+    readonly supportsImageInput?: boolean | undefined;
+}
+export interface ConfiguredCapabilityProvider {
+    readonly modelId: string;
+}
+export interface ConfiguredCapabilitySource {
+    readonly providers: readonly ConfiguredCapabilityProvider[];
+    readonly capabilities?: readonly ModelCapability[] | undefined;
+}
+export declare function assertConfiguredModel(config: ConfiguredCapabilitySource, modelId: string): void;
+export declare function findConfiguredCapability(config: ConfiguredCapabilitySource, modelId: string): ModelCapability | undefined;
+export declare function listConfiguredCapabilities(config: ConfiguredCapabilitySource): readonly ModelCapability[];
+export declare function selectConfiguredModel(config: ConfiguredCapabilitySource, query: ModelSelectionQuery): string | undefined;
+export declare function selectCompletionModel(config: GatewayConfig, options?: CompletionSelectionOptions): CompletionModelSelection;
+//# sourceMappingURL=model-selection.d.ts.map

package/dist/model-selection.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"model-selection.d.ts","sourceRoot":"","sources":["../src/model-selection.ts"],"names":[],"mappings":"AAAA,OAAO,EAML,KAAK,0BAA0B,EAChC,MAAM,mBAAmB,CAAC;AAE3B,OAAO,KAAK,EACV,wBAAwB,EACxB,aAAa,EACb,eAAe,EACf,SAAS,EACV,MAAM,YAAY,CAAC;AAIpB,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IAC3C,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IAChD,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAG/C,QAAQ,CAAC,kBAAkB,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;CACnD;AAED,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,SAAS,EAAE,SAAS,4BAA4B,EAAE,CAAC;IAC5D,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,eAAe,EAAE,GAAG,SAAS,CAAC;CAChE;AAqBD,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,0BAA0B,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAI/F;AAED,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,0BAA0B,EAClC,OAAO,EAAE,MAAM,GACd,eAAe,GAAG,SAAS,CAU7B;AAED,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,0BAA0B,GACjC,SAAS,eAAe,EAAE,CAI5B;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,0BAA0B,EAClC,KAAK,EAAE,mBAAmB,GACzB,MAAM,GAAG,SAAS,CAWpB;AAMD,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,aAAa,EACrB,OAAO,GAAE,0BAA+B,GACvC,wBAAwB,CAE1B"}

package/dist/model-selection.js ADDED Viewed

@@ -0,0 +1,59 @@
+import { createDefaultChatCapability, createDefaultEmbeddingCapability, isLikelyEmbeddingModelId, listCapabilities, selectCompletionModelFromCapabilities, } from "./capabilities.js";
+import { ConfigInvalidError } from "@oscharko-dev/keiko-security/errors/gateway";
+const COST_RANK = { low: 0, medium: 1, high: 2 };
+function matches(capability, query) {
+    if (capability.kind !== query.kind) {
+        return false;
+    }
+    if (query.toolCalling === true && !capability.toolCalling) {
+        return false;
+    }
+    if (query.structuredOutput === true && !capability.structuredOutput) {
+        return false;
+    }
+    if (query.supportsImageInput === true && !capability.supportsImageInput) {
+        return false;
+    }
+    if (query.minContextWindow !== undefined && capability.contextWindow < query.minContextWindow) {
+        return false;
+    }
+    return true;
+}
+export function assertConfiguredModel(config, modelId) {
+    if (!config.providers.some((provider) => provider.modelId === modelId)) {
+        throw new ConfigInvalidError(`model '${modelId}' is not configured as a provider`);
+    }
+}
+export function findConfiguredCapability(config, modelId) {
+    return (config.capabilities?.find((capability) => capability.id === modelId) ??
+        listCapabilities().find((capability) => capability.id === modelId) ??
+        (config.providers.some((provider) => provider.modelId === modelId)
+            ? isLikelyEmbeddingModelId(modelId)
+                ? createDefaultEmbeddingCapability(modelId)
+                : createDefaultChatCapability(modelId)
+            : undefined));
+}
+export function listConfiguredCapabilities(config) {
+    return config.providers
+        .map((provider) => findConfiguredCapability(config, provider.modelId))
+        .filter((capability) => capability !== undefined);
+}
+export function selectConfiguredModel(config, query) {
+    let best;
+    for (const capability of listConfiguredCapabilities(config)) {
+        if (!matches(capability, query)) {
+            continue;
+        }
+        if (best === undefined || COST_RANK[capability.costClass] < COST_RANK[best.costClass]) {
+            best = capability;
+        }
+    }
+    return best?.id;
+}
+// Completion-oriented model selection (Issue #1210, ADR-0042 D5). Resolves the configured
+// capabilities and applies the infilling-aware decision tree (as-you-type → manual → deterministic)
+// from `selectCompletionModelFromCapabilities`. Only configured providers are eligible, so a
+// capability that names no provider can never be elected. The result is content-free.
+export function selectCompletionModel(config, options = {}) {
+    return selectCompletionModelFromCapabilities(listConfiguredCapabilities(config), options);
+}

package/dist/normalize.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { CostClass, NormalizedResponse } from "./types.js";
+export interface UsageSeed {
+    readonly requestId: string;
+    readonly latencyMs: number;
+    readonly costClass: CostClass;
+}
+export declare function textFromContent(value: unknown): string;
+export declare function normalizeChatResponse(rawPayload: unknown, modelId: string, seed: UsageSeed, expectStructured?: boolean): NormalizedResponse;
+//# sourceMappingURL=normalize.d.ts.map

package/dist/normalize.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"normalize.d.ts","sourceRoot":"","sources":["../src/normalize.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EACV,SAAS,EAET,kBAAkB,EAGnB,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;CAC/B;AAqGD,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAQtD;AAED,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,OAAO,EACnB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,SAAS,EACf,gBAAgB,UAAQ,GACvB,kBAAkB,CAYpB"}

package/dist/normalize.js ADDED Viewed

@@ -0,0 +1,114 @@
+// Provider payload → NormalizedResponse. The internal contract is strict and small
+// so workflows fail closed when a provider response is unsafe or malformed.
+import { MalformedToolCallError, ModelRefusalError, } from "@oscharko-dev/keiko-security/errors/gateway";
+const FINISH_REASONS = new Set([
+    "stop",
+    "tool_calls",
+    "length",
+    "content_filter",
+    "error",
+    "cancelled",
+]);
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function asCount(value) {
+    return typeof value === "number" && Number.isFinite(value) && value >= 0 ? value : 0;
+}
+function mapFinishReason(value) {
+    return typeof value === "string" && FINISH_REASONS.has(value)
+        ? value
+        : "stop";
+}
+function buildUsage(payload, seed) {
+    const usage = isRecord(payload.usage) ? payload.usage : {};
+    return {
+        requestId: seed.requestId,
+        promptTokens: asCount(usage.prompt_tokens),
+        completionTokens: asCount(usage.completion_tokens),
+        latencyMs: seed.latencyMs,
+        costClass: seed.costClass,
+    };
+}
+function parseToolCall(raw) {
+    if (!isRecord(raw) || !isRecord(raw.function)) {
+        throw new MalformedToolCallError("tool call is missing a function descriptor");
+    }
+    const fn = raw.function;
+    const name = typeof fn.name === "string" ? fn.name : "";
+    const id = typeof raw.id === "string" ? raw.id : "";
+    const argsText = typeof fn.arguments === "string" ? fn.arguments : "{}";
+    let parsed;
+    try {
+        parsed = JSON.parse(argsText);
+    }
+    catch {
+        throw new MalformedToolCallError(`tool call '${name}' has non-JSON arguments`);
+    }
+    if (!isRecord(parsed)) {
+        throw new MalformedToolCallError(`tool call '${name}' arguments are not an object`);
+    }
+    return { id, name, arguments: parsed };
+}
+function parseToolCalls(message) {
+    const raw = message.tool_calls;
+    return Array.isArray(raw) ? raw.map(parseToolCall) : [];
+}
+function parseStructuredOutput(content) {
+    try {
+        const parsed = JSON.parse(content);
+        return isRecord(parsed) ? parsed : null;
+    }
+    catch {
+        return null;
+    }
+}
+function assertNotRefusal(message, finishReason) {
+    if (finishReason === "content_filter") {
+        throw new ModelRefusalError("provider filtered the model response");
+    }
+    const refusal = message.refusal;
+    if (typeof refusal === "string" && refusal.length > 0) {
+        throw new ModelRefusalError("provider refused the model request");
+    }
+}
+function firstChoice(payload) {
+    const choices = payload.choices;
+    if (!Array.isArray(choices) || choices.length === 0) {
+        return undefined;
+    }
+    return isRecord(choices[0]) ? choices[0] : undefined;
+}
+function textPart(value) {
+    if (typeof value === "string") {
+        return value;
+    }
+    if (!isRecord(value)) {
+        return "";
+    }
+    if (typeof value.text === "string") {
+        return value.text;
+    }
+    return typeof value.content === "string" ? value.content : "";
+}
+export function textFromContent(value) {
+    if (typeof value === "string") {
+        return value;
+    }
+    if (!Array.isArray(value)) {
+        return "";
+    }
+    return value.map(textPart).join("");
+}
+export function normalizeChatResponse(rawPayload, modelId, seed, expectStructured = false) {
+    const payload = isRecord(rawPayload) ? rawPayload : {};
+    const usage = buildUsage(payload, seed);
+    const choice = firstChoice(payload);
+    const message = choice !== undefined && isRecord(choice.message) ? choice.message : {};
+    const finishReason = mapFinishReason(choice?.finish_reason);
+    assertNotRefusal(message, finishReason);
+    const toolCalls = parseToolCalls(message);
+    const content = textFromContent(message.content);
+    const structuredOutput = expectStructured && content.length > 0 ? parseStructuredOutput(content) : null;
+    return { modelId, content, finishReason, toolCalls, structuredOutput, usage };
+}

package/dist/openai-adapter.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { CostClass, GatewayRequest, GatewayStreamChunk, ModelProviderConfig, NormalizedResponse, ProviderAdapter } from "./types.js";
+export interface AdapterDeps {
+    readonly fetchImpl?: typeof fetch | undefined;
+    readonly requestId: string;
+    readonly costClass: CostClass;
+    readonly now?: (() => number) | undefined;
+}
+export declare class OpenAiAdapter implements ProviderAdapter {
+    private readonly deps;
+    private readonly now;
+    constructor(deps: AdapterDeps);
+    call: (request: GatewayRequest, config: ModelProviderConfig) => Promise<NormalizedResponse>;
+    callStream: (this: OpenAiAdapter, request: GatewayRequest, config: ModelProviderConfig) => AsyncGenerator<GatewayStreamChunk>;
+    private streamDeltas;
+    private assembleResponse;
+    private mapStreamError;
+    private dispatch;
+    private mapDispatchError;
+    private readBody;
+    private readErrorBody;
+}
+//# sourceMappingURL=openai-adapter.d.ts.map

package/dist/openai-adapter.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"openai-adapter.d.ts","sourceRoot":"","sources":["../src/openai-adapter.ts"],"names":[],"mappings":"AA4BA,OAAO,KAAK,EAEV,SAAS,EAET,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAElB,eAAe,EAEhB,MAAM,YAAY,CAAC;AAmBpB,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,KAAK,GAAG,SAAS,CAAC;IAC9C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM,MAAM,CAAC,GAAG,SAAS,CAAC;CAC3C;AA2RD,qBAAa,aAAc,YAAW,eAAe;IAGvC,OAAO,CAAC,QAAQ,CAAC,IAAI;IAFjC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAe;gBAEN,IAAI,EAAE,WAAW;IAI9C,IAAI,GACF,SAAS,cAAc,EACvB,QAAQ,mBAAmB,KAC1B,OAAO,CAAC,kBAAkB,CAAC,CA2B5B;IAKF,UAAU,GACR,MAAM,aAAa,EACnB,SAAS,cAAc,EACvB,QAAQ,mBAAmB,KAC1B,cAAc,CAAC,kBAAkB,CAAC,CAqBnC;YAUa,YAAY;IA+B3B,OAAO,CAAC,gBAAgB;IAwBxB,OAAO,CAAC,cAAc;YAeR,QAAQ;IA6BtB,OAAO,CAAC,gBAAgB;YAuBV,QAAQ;YAYR,aAAa;CAO5B"}

package/dist/openai-adapter.js ADDED Viewed

@@ -0,0 +1,382 @@
+// Zero-dependency OpenAI-compatible HTTP adapter built on globalThis.fetch and
+// AbortSignal. fetch, clock, request-id, and cost class are injected so tests run
+// with no network I/O and no real time. The raw provider body is never echoed into
+// an error; only a redacted, status-level summary is surfaced.
+import { AuthenticationError, CancelledError, ContextOverflowError, ERROR_CODES, GatewayEgressError, ModelRefusalError, ProviderError, RateLimitError, TimeoutError, TransportError, } from "@oscharko-dev/keiko-security/errors/gateway";
+import { apiKeyHeaderValue, DEFAULT_API_KEY_HEADER_NAME } from "./config.js";
+import { gatewayFetch, OutboundHttpEgressError, readJsonCapped, readSseStream, } from "./http.js";
+import { normalizeChatResponse, textFromContent } from "./normalize.js";
+import { redact } from "@oscharko-dev/keiko-security";
+const PROVIDER_EMPTY_ASSISTANT_STATUS = 200;
+const GATEWAY_EGRESS_CODES = {
+    PROXY_UNREACHABLE: ERROR_CODES.PROXY_UNREACHABLE,
+    PROXY_AUTH_REQUIRED: ERROR_CODES.PROXY_AUTH_REQUIRED,
+    PROXY_EGRESS_FAILED: ERROR_CODES.PROXY_EGRESS_FAILED,
+    PROXY_BLOCKED_BY_POLICY: ERROR_CODES.PROXY_BLOCKED_BY_POLICY,
+    TLS_CA_FAILURE: ERROR_CODES.TLS_CA_FAILURE,
+};
+const GATEWAY_EGRESS_MESSAGES = {
+    PROXY_UNREACHABLE: "configured proxy is unreachable",
+    PROXY_AUTH_REQUIRED: "configured proxy requires authentication",
+    PROXY_EGRESS_FAILED: "configured proxy failed outbound egress",
+    PROXY_BLOCKED_BY_POLICY: "configured proxy blocked outbound egress",
+    TLS_CA_FAILURE: "TLS certificate verification failed for outbound egress",
+};
+function buildMessageContent(content, parts) {
+    if (parts === undefined)
+        return content;
+    return parts.map((part) => part.type === "text"
+        ? { type: "text", text: part.text }
+        : { type: "image_url", image_url: { url: part.image_url.url } });
+}
+function buildMessage(message) {
+    const toolCalls = message.toolCalls?.map((call) => ({
+        id: call.id,
+        type: "function",
+        function: { name: call.name, arguments: JSON.stringify(call.arguments) },
+    }));
+    return {
+        role: message.role,
+        content: message.role === "assistant" && toolCalls !== undefined && toolCalls.length > 0
+            ? null
+            : buildMessageContent(message.content, message.contentParts),
+        ...(message.role === "tool" && message.toolCallId !== undefined
+            ? { tool_call_id: message.toolCallId }
+            : {}),
+        ...(toolCalls !== undefined && toolCalls.length > 0 ? { tool_calls: toolCalls } : {}),
+    };
+}
+function buildBody(request) {
+    const messages = request.messages.map(buildMessage);
+    const base = { model: request.modelId, messages };
+    const tools = request.tools === undefined
+        ? undefined
+        : request.tools.map((t) => ({
+            type: "function",
+            function: { name: t.name, description: t.description, parameters: t.parameters },
+        }));
+    const responseFormat = request.responseFormat?.type === "json_schema"
+        ? { type: "json_schema", json_schema: { schema: request.responseFormat.schema } }
+        : undefined;
+    return {
+        ...base,
+        ...(tools ? { tools } : {}),
+        ...(responseFormat ? { response_format: responseFormat } : {}),
+        ...(request.seed !== undefined ? { seed: request.seed } : {}),
+    };
+}
+// Streaming body: identical to buildBody plus the OpenAI/Azure streaming flags.
+// `include_usage` requests a final usage-only chunk so token accounting survives.
+function buildStreamBody(request) {
+    return {
+        ...buildBody(request),
+        stream: true,
+        stream_options: { include_usage: true },
+    };
+}
+const FINISH_REASONS = new Set([
+    "stop",
+    "tool_calls",
+    "length",
+    "content_filter",
+    "error",
+    "cancelled",
+]);
+function firstStreamChoice(chunk) {
+    if (!isRecord(chunk) || !Array.isArray(chunk.choices)) {
+        return undefined;
+    }
+    const choices = chunk.choices;
+    const choice = choices[0];
+    return isRecord(choice) ? choice : undefined;
+}
+// Extracts the assistant content delta from a streaming chunk, when present.
+function deltaFromChunk(chunk) {
+    const choice = firstStreamChoice(chunk);
+    const delta = choice !== undefined && isRecord(choice.delta) ? choice.delta : undefined;
+    if (delta === undefined || !("content" in delta)) {
+        return undefined;
+    }
+    const content = textFromContent(delta.content);
+    return content.length > 0 ? content : undefined;
+}
+function finishReasonFromChunk(chunk) {
+    const choice = firstStreamChoice(chunk);
+    const raw = choice?.finish_reason;
+    return typeof raw === "string" && FINISH_REASONS.has(raw)
+        ? raw
+        : undefined;
+}
+function nonNegativeCount(value) {
+    return typeof value === "number" && Number.isFinite(value) && value >= 0 ? value : 0;
+}
+// Extracts prompt/completion token counts from the include_usage final chunk.
+function usageFromChunk(chunk) {
+    if (!isRecord(chunk) || !isRecord(chunk.usage)) {
+        return undefined;
+    }
+    return {
+        prompt: nonNegativeCount(chunk.usage.prompt_tokens),
+        completion: nonNegativeCount(chunk.usage.completion_tokens),
+    };
+}
+function retryAfterMs(response) {
+    const header = response.headers.get("retry-after");
+    if (header === null) {
+        return null;
+    }
+    const seconds = Number(header);
+    return Number.isFinite(seconds) && seconds >= 0 ? seconds * 1000 : null;
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function redactUnknown(value, secrets) {
+    if (typeof value === "string") {
+        return redact(value, secrets);
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => redactUnknown(item, secrets));
+    }
+    if (isRecord(value)) {
+        return Object.fromEntries(Object.entries(value).map(([key, item]) => [key, redactUnknown(item, secrets)]));
+    }
+    return value;
+}
+function redactRecord(value, secrets) {
+    return value === null ? null : redactUnknown(value, secrets);
+}
+function redactToolCall(call, secrets) {
+    return {
+        ...call,
+        name: redact(call.name, secrets),
+        arguments: redactUnknown(call.arguments, secrets),
+    };
+}
+function redactResponse(response, secrets) {
+    return {
+        ...response,
+        content: redact(response.content, secrets),
+        toolCalls: response.toolCalls.map((call) => redactToolCall(call, secrets)),
+        structuredOutput: redactRecord(response.structuredOutput, secrets),
+    };
+}
+function assertUsableAssistantResponse(response, modelId, secrets) {
+    if (response.content.trim().length > 0 || response.toolCalls.length > 0) {
+        return;
+    }
+    throw new ProviderError(`provider returned an empty assistant response for '${modelId}'`, PROVIDER_EMPTY_ASSISTANT_STATUS, secrets);
+}
+function errorSignal(payload) {
+    const error = isRecord(payload) && isRecord(payload.error) ? payload.error : payload;
+    if (!isRecord(error)) {
+        return "";
+    }
+    return [error.code, error.type, error.message]
+        .filter((value) => typeof value === "string")
+        .join(" ")
+        .toLowerCase();
+}
+function isContextOverflow(response, payload) {
+    if (response.status !== 400 && response.status !== 413 && response.status !== 422) {
+        return false;
+    }
+    return /context[_ -]?length[_ -]?exceeded|context window|context.*exceed|maximum context|too many tokens|prompt too long|context overflow/.test(errorSignal(payload));
+}
+function isModelRefusal(payload) {
+    return /content[_ -]?filter|refus|safety|policy/.test(errorSignal(payload));
+}
+function mapHttpError(response, modelId, secrets, payload) {
+    if (isContextOverflow(response, payload)) {
+        throw new ContextOverflowError(`provider reported context overflow for '${modelId}'`, secrets);
+    }
+    if (isModelRefusal(payload)) {
+        throw new ModelRefusalError(`provider refused the request for '${modelId}'`, secrets);
+    }
+    if (response.status === 401 || response.status === 403) {
+        throw new AuthenticationError(`provider rejected credentials for '${modelId}'`, secrets);
+    }
+    if (response.status === 429) {
+        throw new RateLimitError(`provider rate limited '${modelId}'`, retryAfterMs(response), secrets);
+    }
+    throw new ProviderError(`provider returned HTTP ${String(response.status)} for '${modelId}'`, response.status, secrets);
+}
+function apiKeyHeaders(config) {
+    const headerName = config.apiKeyHeaderName ?? DEFAULT_API_KEY_HEADER_NAME;
+    return { [headerName]: apiKeyHeaderValue(headerName, config.apiKey) };
+}
+function mapOutboundEgressError(error, secrets) {
+    if (!(error instanceof OutboundHttpEgressError))
+        return undefined;
+    return new GatewayEgressError(GATEWAY_EGRESS_CODES[error.code], GATEWAY_EGRESS_MESSAGES[error.code], secrets);
+}
+export class OpenAiAdapter {
+    deps;
+    now;
+    constructor(deps) {
+        this.deps = deps;
+        this.now = deps.now ?? Date.now;
+    }
+    call = async (request, config) => {
+        const secrets = [config.apiKey, config.baseUrl];
+        if (request.cancellationSignal?.aborted === true) {
+            throw new CancelledError(`request for '${config.modelId}' cancelled before dispatch`, secrets);
+        }
+        const start = this.now();
+        const response = await this.dispatch(request, config, secrets);
+        if (!response.ok) {
+            const errorPayload = await this.readErrorBody(response);
+            mapHttpError(response, config.modelId, secrets, errorPayload);
+        }
+        const payload = await this.readBody(response, config, secrets);
+        const normalized = normalizeChatResponse(payload, config.modelId, {
+            requestId: this.deps.requestId,
+            latencyMs: this.now() - start,
+            costClass: this.deps.costClass,
+        }, request.responseFormat?.type === "json_schema");
+        assertUsableAssistantResponse(normalized, config.modelId, secrets);
+        return redactResponse(normalized, secrets);
+    };
+    // Streaming chat path (Layer 1): yields redacted content-delta tokens as they
+    // arrive, then a terminal `done` with the assembled, redacted NormalizedResponse.
+    // Tool-call streaming is out of scope — only `choices[0].delta.content` is surfaced.
+    callStream = async function* (request, config) {
+        const secrets = [config.apiKey, config.baseUrl];
+        if (request.cancellationSignal?.aborted === true) {
+            throw new CancelledError(`request for '${config.modelId}' cancelled before dispatch`, secrets);
+        }
+        const start = this.now();
+        const response = await this.dispatch(request, config, secrets, true);
+        if (!response.ok) {
+            const errorPayload = await this.readErrorBody(response);
+            mapHttpError(response, config.modelId, secrets, errorPayload);
+        }
+        const acc = { content: "", finishReason: "stop", prompt: 0, completion: 0 };
+        for await (const token of this.streamDeltas(response, config, secrets, acc)) {
+            yield { type: "delta", token };
+        }
+        const assembled = this.assembleResponse(config, start, acc);
+        assertUsableAssistantResponse(assembled, config.modelId, secrets);
+        yield { type: "done", response: redactResponse(assembled, secrets) };
+    };
+    // Iterates the SSE stream, yielding redacted content tokens while mutating `acc`.
+    // Redaction is applied to the full accumulated buffer on every delta so that a
+    // configured secret straddling two SSE chunk boundaries is still caught.  We track
+    // how many characters of the REDACTED output we have already emitted and yield only
+    // the new suffix each time.  When a cross-delta match shrinks the redacted string
+    // relative to what was emitted, the cursor overshoots and the tail (containing the
+    // secret or its replacement) is deferred to the terminal `done` chunk, which always
+    // redacts the full `acc.content` independently via redactResponse().
+    async *streamDeltas(response, config, secrets, acc) {
+        let emittedRedactedLength = 0;
+        try {
+            for await (const chunk of readSseStream(response)) {
+                const content = deltaFromChunk(chunk);
+                if (content !== undefined) {
+                    acc.content += content;
+                    const redacted = redact(acc.content, secrets);
+                    if (redacted.length > emittedRedactedLength) {
+                        yield redacted.slice(emittedRedactedLength);
+                        emittedRedactedLength = redacted.length;
+                    }
+                }
+                const finish = finishReasonFromChunk(chunk);
+                if (finish !== undefined)
+                    acc.finishReason = finish;
+                const usage = usageFromChunk(chunk);
+                if (usage !== undefined) {
+                    acc.prompt = usage.prompt;
+                    acc.completion = usage.completion;
+                }
+            }
+        }
+        catch (error) {
+            throw this.mapStreamError(error, config, secrets);
+        }
+    }
+    assembleResponse(config, start, acc) {
+        const usage = {
+            requestId: this.deps.requestId,
+            promptTokens: acc.prompt,
+            completionTokens: acc.completion,
+            latencyMs: this.now() - start,
+            costClass: this.deps.costClass,
+        };
+        return {
+            modelId: config.modelId,
+            content: acc.content,
+            finishReason: acc.finishReason,
+            toolCalls: [],
+            structuredOutput: null,
+            usage,
+        };
+    }
+    // A mid-stream read failure surfaces as a TransportError; an already-typed
+    // cancellation/timeout (e.g. raised by the underlying reader) passes through.
+    mapStreamError(error, config, secrets) {
+        if (error instanceof CancelledError || error instanceof TimeoutError) {
+            return error;
+        }
+        const egressError = mapOutboundEgressError(error, secrets);
+        if (egressError !== undefined) {
+            return egressError;
+        }
+        return new TransportError(`stream read failed for '${config.modelId}'`, secrets);
+    }
+    async dispatch(request, config, secrets, stream = false) {
+        const timeoutSignal = AbortSignal.timeout(config.timeoutMs);
+        const cancel = request.cancellationSignal;
+        const signal = cancel ? AbortSignal.any([timeoutSignal, cancel]) : timeoutSignal;
+        const url = `${config.baseUrl}/chat/completions`;
+        const body = JSON.stringify(stream ? buildStreamBody(request) : buildBody(request));
+        const headers = {
+            "content-type": "application/json",
+            ...apiKeyHeaders(config),
+        };
+        try {
+            return await gatewayFetch(url, {
+                method: "POST",
+                headers,
+                body,
+                signal,
+                fetchImpl: this.deps.fetchImpl,
+                ...(config.egress !== undefined ? { egress: config.egress } : {}),
+            });
+        }
+        catch (error) {
+            throw this.mapDispatchError(error, config, cancel, timeoutSignal, secrets);
+        }
+    }
+    mapDispatchError(error, config, cancel, timeout, secrets) {
+        if (cancel?.aborted === true) {
+            return new CancelledError(`request for '${config.modelId}' cancelled`, secrets);
+        }
+        const egressError = mapOutboundEgressError(error, secrets);
+        if (egressError !== undefined) {
+            return egressError;
+        }
+        if (timeout.aborted) {
+            return new TimeoutError(`request for '${config.modelId}' timed out`, secrets);
+        }
+        if (error instanceof DOMException && error.name === "TimeoutError") {
+            return new TimeoutError(`request for '${config.modelId}' timed out`, secrets);
+        }
+        return new TransportError(`transport failure contacting '${config.modelId}'`, secrets);
+    }
+    async readBody(response, config, secrets) {
+        try {
+            return await readJsonCapped(response);
+        }
+        catch {
+            throw new TransportError(`provider sent an unreadable body for '${config.modelId}'`, secrets);
+        }
+    }
+    async readErrorBody(response) {
+        try {
+            return await readJsonCapped(response);
+        }
+        catch {
+            return null;
+        }
+    }
+}