@premai/api-sdk 1.0.41 → 1.0.43

package/README.md

@@ -34,6 +34,7 @@ Environment Variables:
 * ENCLAVE_URL
 * PROXY_URL
 * CLIENT_KEK
+* JSON_BODY_LIMIT (optional, default: `32mb`)
 * HOST (optional)
 * PORT (optional)
 
@@ -42,8 +43,8 @@ Run as a standalone server with automatic DEK store management per API key:
 ```bash
 # ways to run the termination proxy
 ## run command from local/remote NPM package
-bunx -p @premai/api-sdk pcci-proxy
-npx -p @premai/api-sdk pcci-proxy
+bunx -p @premai/api-sdk confidential-proxy
+npx -p @premai/api-sdk confidential-proxy
 
 ## install globally
 ## make sure to have the "global bin dir" in your PATH
@@ -51,13 +52,54 @@ npx -p @premai/api-sdk pcci-proxy
 npm i -g @premai/api-sdk
 bun i -g @premai/api-sdk
 
-# Server runs on http://localhost:3000
+# Server runs on http://127.0.0.1:8000
 ```
 
-Use with any OpenAI-compatible client:
+### CLI Options
 
 ```bash
-curl http://localhost:3000/v1/chat/completions \
+# Basic usage
+confidential-proxy --host 127.0.0.1 --port 8000
+
+# Anthropic compatibility mode
+confidential-proxy --compat anthropic
+
+# Both OpenAI and Anthropic (served under /openai and /anthropic prefixes)
+confidential-proxy --compat both
+
+# Custom route prefixes
+confidential-proxy --compat both --openai-prefix /openai --anthropic-prefix /anthropic
+
+# Custom backend URLs
+confidential-proxy --proxy-url https://proxy.example.com --enclave-url https://enclave.example.com
+
+# Client KEK
+confidential-proxy --kek your-kek
+
+# JSON body size limit
+confidential-proxy --json-body-limit 64mb
+```
+
+### Compatibility Modes
+
+The server supports three compatibility modes via `--compat`:
+
+| Mode | Description | Routes |
+|------|-------------|--------|
+| `openai` | OpenAI-compatible API only | `/v1/*` |
+| `anthropic` | Anthropic-compatible API only | `/v1/*` |
+| `both` | Both APIs side-by-side | `/openai/v1/*` and `/anthropic/v1/*` |
+
+When using `--compat both`, the server exposes both OpenAI and Anthropic APIs under separate route prefixes to avoid conflicts. Custom prefixes can be set with `--openai-prefix` and `--anthropic-prefix`.
+
+The Anthropic API translates incoming Anthropic Messages requests to the internal OpenAI-compatible enclave, then pipes the response back as Anthropic SSE events.
+
+### OpenAI API Usage
+
+Use with any OpenAI-compatible client via curl:
+
+```bash
+curl http://127.0.0.1:8000/v1/chat/completions \
   -H "Authorization: Bearer your-api-key" \
   -H "Content-Type: application/json" \
   -d '{
@@ -76,7 +118,7 @@ import OpenAI from "openai";
 
 const client = new OpenAI({
   apiKey: "your-api-key",
-  baseURL: "http://localhost:3000/v1",
+  baseURL: "http://127.0.0.1:8000/v1",
 });
 
 const stream = await client.chat.completions.create({
@@ -90,19 +132,92 @@ for await (const chunk of stream) {
 }
 ```
 
+### Anthropic API Usage
+
+When `--compat anthropic` or `--compat both`, the server exposes an Anthropic-compatible Messages API:
+
+```bash
+curl http://127.0.0.1:8000/v1/messages \
+  -H "x-api-key: your-api-key" \
+  -H "anthropic-version: 2023-06-01" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "claude-sonnet-4-6",
+    "max_tokens": 1024,
+    "messages": [
+      {"role": "user", "content": "Hello!"}
+    ]
+  }'
+```
+
+With streaming:
+
+```bash
+curl -N http://127.0.0.1:8000/v1/messages \
+  -H "x-api-key: your-api-key" \
+  -H "anthropic-version: 2023-06-01" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "claude-sonnet-4-6",
+    "max_tokens": 1024,
+    "messages": [
+      {"role": "user", "content": "Count to 10"}
+    ],
+    "stream": true
+  }'
+```
+
+The server supports system prompts, tool use, image inputs, stop sequences, temperature, and top_p. Response events follow the Anthropic SSE format (`message_start`, `content_block_start`, `content_block_delta`, `content_block_stop`, `message_delta`, `message_stop`).
+
 The server caches clients in memory per API key for better performance.
 
+## confidential-claude — Claude Code Launcher
+
+Run [Claude Code](https://docs.anthropic.com/en/docs/claude-code/overview) through the encrypted proxy with zero configuration:
+
+```bash
+# run without installing
+bunx -p @premai/api-sdk confidential-claude
+npx -p @premai/api-sdk confidential-claude
+
+# or install globally first
+npm i -g @premai/api-sdk
+bun i -g @premai/api-sdk
+
+confidential-claude
+```
+
+The launcher:
+
+1. Reads `.env` from application directory or environment variables (prompts interactively if missing)
+2. Spawns an encrypted proxy subprocess in Anthropic-only mode
+3. Fetches the available model list and lets you pick one
+4. Launches `claude` wired to the confidential gateway
+
+All traffic remains end-to-end encrypted. The proxy subprocess is cleaned up when Claude Code exits.
+
+Any extra arguments are forwarded to `claude` directly:
+
+```bash
+# Run in a specific directory
+confidential-claude -p /path/to/project
+
+# Run a one-shot command
+confidential-claude --print "summarize the changed files"
+```
+
 ## Features
 
-- ✅ **Chat Completions** - OpenAI-compatible API with streaming support
-- ✅ **Models** - List available models
-- ✅ **File Management** - Upload, list, get, and delete encrypted files
-- ✅ **File Upload** - Client-side encrypted file uploads with per-file DEKs
-- ✅ **Tools** - Image generation, transcription, RAG search, and more
-- ✅ **End-to-end Encryption** - Post-quantum cryptography (XWing)
-- ✅ **KEK Architecture** - Key Encryption Key wraps all file DEKs
-- ✅ **RAG Support** - Encrypted document retrieval with persistent RAG DEK
-- ✅ **TypeScript** - Full type safety
+- Chat Completions - OpenAI and Anthropic compatible APIs with streaming support
+- Models - List available models
+- File Management - Upload, list, get, and delete encrypted files
+- File Upload - Client-side encrypted file uploads with per-file DEKs
+- Tools - Image generation, transcription, RAG search, and more
+- End-to-end Encryption - Post-quantum cryptography (XWing)
+- KEK Architecture - Key Encryption Key wraps all file DEKs
+- RAG Support - Encrypted document retrieval with persistent RAG DEK
+- Attestation - Enclave attestation is always enabled for security
+- TypeScript - Full type safety
 
 ## Chat Completions
 
@@ -224,7 +339,7 @@ const client = await createRvencClient({
 const serializedStore = serializeDEKStore(client.dekStore);
 fs.writeFileSync("./dek-store.json", serializedStore);
 
-console.log("✅ DEK store saved. Keep this file secure!");
+console.log("DEK store saved. Keep this file secure!");
 ```
 
 ### Subsequent Usage
@@ -263,7 +378,7 @@ console.log("Uploaded:", result.id);
 // ⚠️ IMPORTANT: Save dekStore after upload to persist file DEKs
 const serialized = serializeDEKStore(client.dekStore);
 fs.writeFileSync("./dek-store.json", serialized);
-console.log("✅ DEK store updated with file encryption keys");
+console.log("DEK store updated with file encryption keys");
 ```
 
 ### Upload Files with RAG Indexing
@@ -357,7 +472,7 @@ console.log(file.mime_type);
 console.log(file.created_at);
 
 // Get file with signed download URL
-const fileWithUrl = await client.files.get({ 
+const fileWithUrl = await client.files.get({
   id: 'file-id-123',
   url: true  // Include signed download URL
 });
@@ -409,9 +524,9 @@ const indexResult = await client.files.index({
 // Check results
 indexResult.data.results.forEach(result => {
   if (result.success) {
-    console.log(`✓ File ${result.file_id}: ${result.rag_status}`);
+    console.log(`File ${result.file_id}: ${result.rag_status}`);
   } else {
-    console.error(`✗ File ${result.file_id} failed: ${result.error}`);
+    console.error(`File ${result.file_id} failed: ${result.error}`);
   }
 });
 ```
@@ -440,14 +555,14 @@ await client.files.index({
 // Option 3: Provide custom fileDEK for specific files
 await client.files.index({
   files: [
-    { 
-      fileId: 'file-id-1', 
+    {
+      fileId: 'file-id-1',
       filePath: 's3/path/file1.enc',
       fileDEK: customFileDEK  // Custom DEK for this file
     },
-    { 
-      fileId: 'file-id-2', 
-      filePath: 's3/path/file2.enc' 
+    {
+      fileId: 'file-id-2',
+      filePath: 's3/path/file2.enc'
       // Uses dekStore for this file
     },
   ],
@@ -504,9 +619,9 @@ const deleteResult = await client.files.deleteIndex({
 // Check results
 deleteResult.data.results.forEach(result => {
   if (result.success) {
-    console.log(`✓ File ${result.file_id} removed from index`);
+    console.log(`File ${result.file_id} removed from index`);
   } else {
-    console.error(`✗ File ${result.file_id} failed: ${result.error}`);
+    console.error(`File ${result.file_id} failed: ${result.error}`);
   }
 });
 ```
@@ -701,8 +816,9 @@ console.log(ragResults);
 |--------|------|---------|-------------|
 | `apiKey` | `string` | **required** | Authorization token |
 | `encryptionKeys` | `EncryptionKeys` | auto-generated | Pre-generated ML-KEM keys |
+| `clientKEK` | `string` | `CLIENT_KEK` env | Key Encryption Key for wrapping file DEKs |
 | `dekStore` | `DEKStore` | auto-generated | DEKs for files and RAG |
-| `requestTimeoutMs` | `number` | `30000` | Request timeout in milliseconds |
+| `requestTimeoutMs` | `number` | `600000` | Request timeout in milliseconds (10 min) |
 | `maxBufferSize` | `number` | `10485760` | Max SSE buffer size (10MB) |
 
 ## DEK Store Management
@@ -775,6 +891,15 @@ fs.writeFileSync("dek-store.json", serialized);
 3. **Encrypted Transport**: Sends `{ cipherText, encryptedInference, nonce }` to proxy
 4. **Response Decryption**: Decrypts response (streaming SSE or JSON) using shared secret
 
+### Anthropic API Compatibility
+
+The server translates Anthropic Messages requests to OpenAI-compatible format internally:
+
+1. **Request conversion**: Anthropic system blocks, tool_use, image inputs, and tool_result blocks are mapped to OpenAI equivalents
+2. **Enclave call**: The translated request is dispatched through the encrypted OpenAI pipeline
+3. **Response conversion**: OpenAI completions (or chunk streams) are translated back to Anthropic SSE events with proper `content_block_start`, `content_block_delta`, and `content_block_stop` framing
+4. **Tool streaming**: OpenAI tool_call chunks are replayed as Anthropic `input_json_delta` events with incremental argument flushing
+
 ### File Upload
 
 1. **DEK Generation**: Generates random 32-byte DEK for this file
@@ -801,7 +926,7 @@ fs.writeFileSync("dek-store.json", serialized);
 4. **Enclave Decrypts**: Enclave decrypts fileDEK, then decrypts file from S3
 5. **Response**: Returns encrypted result, SDK decrypts with shared secret
 
-#### File-Producing Tools  
+#### File-Producing Tools
 1. **Generate DEK**: Creates random DEK for output file
 2. **Encrypt Request**: Encrypts tool parameters with shared secret
 3. **Enclave Executes**: Generates file, encrypts with provided DEK
@@ -824,10 +949,10 @@ try {
     apiKey: "your-api-key",
     clientKEK: "your-kek" // You can pass clientKEK here or as an env variable CLIENT_KEK
   });
-  
+
   const image = await client.tools.generateImage("mountain landscape");
   fs.writeFileSync(image.fileName, image.content);
-  
+
 } catch (error) {
   if (error.message.includes("timeout")) {
     console.error("Request timed out");
@@ -839,14 +964,15 @@ try {
 
 ## Security Notes
 
-- ⚠️ **Use environment variables** for API keys & client KEK
-- ⚠️ **Always persist dekStore after file uploads** - file DEKs must be saved
-- ⚠️ **Backup your dekStore** - losing it means losing access to uploaded files
-- ✅ All encryption happens client-side (zero-knowledge)
-- ✅ Files are encrypted with unique DEKs before upload
-- ✅ KEK-based architecture - KEK wraps all file DEKs
-- ✅ Tool responses are automatically decrypted
-- ✅ Post-quantum secure (XWing: ML-KEM768 + X25519)
+- **Use environment variables** for API keys & client KEK
+- **Always persist dekStore after file uploads** - file DEKs must be saved
+- **Backup your dekStore** - losing it means losing access to uploaded files
+- All encryption happens client-side (zero-knowledge)
+- Files are encrypted with unique DEKs before upload
+- KEK-based architecture - KEK wraps all file DEKs
+- Tool responses are automatically decrypted
+- Post-quantum secure (XWing: ML-KEM768 + X25519)
+- Enclave attestation is always enabled and cannot be disabled
 
 ### Encryption Architecture
 
@@ -897,3 +1023,22 @@ import type {
   PaginationInfo,
 } from "@premai/api-sdk";
 ```
+
+## BareKit (mobile)
+
+When running this SDK inside a [react-native-bare-kit](https://github.com/holepunchto/react-native-bare-kit) worklet, pass an `assets` directory to `new Worklet(...)`. bare-kit extracts bundled assets to that directory at startup and rewrites resolutions to real `file://` URLs — this lets WASM to load directly from disk on the fast path:
+
+```js
+import { Worklet } from 'react-native-bare-kit';
+import * as FileSystem from 'expo-file-system'
+
+const cacheDir = new FileSystem.Directory(FileSystem.Paths.cache, 'reticle-assets')
+if (!cacheDir.exists) cacheDir.create()
+
+const worklet = new Worklet({
+  assets: cacheDir.uri.replace(/^file:\/\//, ''),
+});
+await worklet.start('/worklet.bundle', source);
+```
+
+If `assets` is omitted, the SDK falls back to an inline base64 copy of the WASM bytes shipped inside the module.

package/dist/anthropic/count-tokens-route.d.ts

@@ -0,0 +1,3 @@
+import type { Router } from "express";
+import type { RvencServerDeps } from "../server/create-app";
+export declare function registerAnthropicCountTokensRoute(router: Router, _deps: RvencServerDeps): void;

package/dist/anthropic/from-openai.d.ts

@@ -0,0 +1,33 @@
+import type { Response } from "express";
+import type OpenAI from "openai";
+export type AnthropicUsage = {
+    input_tokens: number;
+    output_tokens: number;
+};
+export type AnthropicTextContentBlock = {
+    type: "text";
+    text: string;
+};
+export type AnthropicToolUseContentBlock = {
+    type: "tool_use";
+    id: string;
+    name: string;
+    input: unknown;
+};
+export type AnthropicAssistantContentBlock = AnthropicTextContentBlock | AnthropicToolUseContentBlock;
+export type AnthropicMessagePayload = {
+    id: string;
+    type: "message";
+    role: "assistant";
+    content: AnthropicAssistantContentBlock[];
+    model: string;
+    stop_reason: AnthropicStopReason | null;
+    stop_sequence: string | null;
+    usage: AnthropicUsage;
+};
+export type AnthropicStopReason = "end_turn" | "max_tokens" | "stop_sequence" | "tool_use" | "pause_turn" | "refusal";
+export declare function openAIChatCompletionToAnthropicMessage(completion: OpenAI.Chat.ChatCompletion, requestModel: string): AnthropicMessagePayload;
+export declare function pipeOpenAIChunkStreamToAnthropicSse(res: Response, stream: AsyncIterable<OpenAI.Chat.Completions.ChatCompletionChunk>, options: {
+    anthropicModel: string;
+    messageId: string;
+}): Promise<void>;

package/dist/anthropic/http.d.ts

@@ -0,0 +1,19 @@
+import type { Request, Response } from "express";
+export declare const ANTHROPIC_VERSION_DEFAULT = "2023-06-01";
+export declare function isAnthropicApiVersionSupported(version: string): boolean;
+export declare function newAnthropicRequestId(): string;
+export declare function newAnthropicMessageId(): string;
+export declare function extractAnthropicApiKey(req: Request): string | null;
+export declare function getAnthropicVersionHeader(req: Request): string | null;
+export type AnthropicVersionResult = {
+    ok: true;
+    version: string;
+} | {
+    ok: false;
+    message: string;
+};
+export declare function resolveAnthropicVersion(req: Request): AnthropicVersionResult;
+export declare function sendAnthropicHttpError(res: Response, status: number, errorType: string, message: string, requestId: string): void;
+export declare function httpStatusToAnthropicErrorType(status: number): string;
+export declare function mapUnknownErrorToAnthropicResponse(err: unknown, res: Response, requestId: string): void;
+export declare function writeAnthropicSseEvent(res: Response, event: string, data: Record<string, unknown>): void;

package/dist/anthropic/messages-route.d.ts

@@ -0,0 +1,3 @@
+import type { Router } from "express";
+import type { RvencServerDeps } from "../server/create-app";
+export declare function registerAnthropicMessagesRoute(router: Router, deps: RvencServerDeps): void;

package/dist/anthropic/models-route.d.ts

@@ -0,0 +1,3 @@
+import type { Router } from "express";
+import type { RvencServerDeps } from "../server/create-app";
+export declare function registerAnthropicModelsRoute(router: Router, deps: RvencServerDeps): void;

package/dist/anthropic/to-openai.d.ts

@@ -0,0 +1,35 @@
+import type OpenAI from "openai";
+export type AnthropicTextBlock = {
+    type: "text";
+    text: string;
+};
+type AnthropicContentPart = AnthropicTextBlock | {
+    type: string;
+    [key: string]: unknown;
+};
+export type AnthropicMessage = {
+    role: "user" | "assistant";
+    content: string | AnthropicContentPart[];
+};
+export type AnthropicMessagesCreateBody = {
+    model: string;
+    max_tokens: number;
+    messages: AnthropicMessage[];
+    system?: string | AnthropicTextBlock | AnthropicTextBlock[];
+    stream?: boolean;
+    metadata?: unknown;
+    stop_sequences?: string[];
+    temperature?: number;
+    top_p?: number;
+    top_k?: number;
+    tools?: unknown;
+    tool_choice?: unknown;
+    [key: string]: unknown;
+};
+export declare class AnthropicRequestValidationError extends Error {
+    readonly status = 400;
+    readonly anthropicType = "invalid_request_error";
+    constructor(message: string);
+}
+export declare function anthropicMessagesCreateToOpenAI(body: AnthropicMessagesCreateBody): OpenAI.Chat.ChatCompletionCreateParams;
+export {};