npm - @premai/api-sdk - Versions diffs - 1.0.47 → 1.0.48 - Mend

@premai/api-sdk 1.0.47 → 1.0.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/README.md +57 -7
package/dist/bare.cjs +20 -5
package/dist/bare.mjs +20 -5
package/dist/cli-claude.mjs +419 -3008
package/dist/cli.mjs +2767 -2203
package/dist/core.browser.cjs +26 -6
package/dist/core.browser.mjs +20 -5
package/dist/core.d.ts +2 -2
package/dist/files/index.d.ts +3 -3
package/dist/index.cjs +455 -36
package/dist/index.mjs +467 -37
package/dist/launcher/proxy-subprocess.d.ts +4 -2
package/dist/server/create-app.d.ts +1 -0
package/dist/server/create-drain-wrapper.d.ts +5 -0
package/dist/server/discovery.d.ts +2 -0
package/dist/server/request-debug.d.ts +2 -0
package/dist/server/runtime.d.ts +2 -2
package/dist/server/shutdown-route.d.ts +6 -0
package/dist/server/start.d.ts +7 -4
package/dist/server.d.ts +2 -0
package/dist/tools/index.d.ts +1 -1
package/dist/types.d.ts +17 -1
package/dist/utils/crypto.d.ts +1 -1
package/dist/utils/debug.d.ts +5 -0
package/dist/utils/dek-store.d.ts +1 -1
package/dist/utils/poll-ready.d.ts +2 -0
package/dist/utils/state-file.d.ts +13 -0
package/package.json +2 -1

package/README.md CHANGED Viewed

@@ -37,6 +37,7 @@ Environment Variables:
 * JSON_BODY_LIMIT (optional, default: `32mb`)
 * HOST (optional)
 * PORT (optional)
+* CONFIDENTIAL_PROXY_LOG_LEVEL (optional: `error`, `warn`, `info`, `http`, `verbose`, `debug`, `silly`; default: `info`)
 Run as a standalone server with automatic DEK store management per API key:
@@ -55,8 +56,21 @@ bun i -g @premai/api-sdk
 # Server runs on http://127.0.0.1:8000
 ```
+### CLI Commands
+The `confidential-proxy` CLI provides four commands:
+| Command | Description |
+|---------|-------------|
+| `confidential-proxy` (default) | Run the server in the foreground (attached to the terminal) |
+| `confidential-proxy start` | Start the server as a background daemon |
+| `confidential-proxy stop` | Gracefully stop the running daemon |
+| `confidential-proxy status` | Check if the daemon is running and reachable |
 ### CLI Options
+All commands accept the same server options:
 ```bash
 # Basic usage
 confidential-proxy --host 127.0.0.1 --port 8000
@@ -78,8 +92,34 @@ confidential-proxy --kek your-kek
 # JSON body size limit
 confidential-proxy --json-body-limit 64mb
+# Daemon-specific options (start/stop/status)
+confidential-proxy start --pid-file /path/to/pid --log-file /path/to/logs
+confidential-proxy start --shutdown-timeout 60000 --log-level debug
+confidential-proxy stop --pid-file /path/to/pid
+confidential-proxy status --host 127.0.0.1 --port 8787
 ```
+#### Daemon Lifecycle
+The `start` command runs the proxy in the background:
+1. Checks for an existing PID file and ensures no duplicate process is running
+2. Spawns itself as a child process with logs directed to a configurable log file
+3. Writes a PID file and polls the HTTP endpoint until the server is reachable
+4. Exits cleanly, leaving the child process running as a daemon
+The `stop` command sends SIGTERM and waits up to 5 seconds for graceful shutdown. If the process does not exit, it escalates to SIGKILL and cleans up the PID file. The `status` command checks both process liveness and HTTP reachability.
+**Daemon options:**
+| Option | Default | Description |
+|--------|---------|-------------|
+| `--pid-file` | `<data-dir>/proxy.pid` | Custom PID file path |
+| `--log-file` | stdout/stderr | File to write daemon logs (when using `start`) |
+| `--log-level` | `info` | Log verbosity (`error`, `warn`, `info`, `http`, `verbose`, `debug`, `silly`) |
+| `--shutdown-timeout` | `30000` | Max ms to wait for in-flight requests during graceful shutdown |
 ### Compatibility Modes
 The server supports three compatibility modes via `--compat`:
@@ -190,11 +230,12 @@ confidential-claude
 The launcher:
 1. Reads `.env` from application directory or environment variables (prompts interactively if missing)
-2. Spawns an encrypted proxy subprocess in Anthropic-only mode
-3. Fetches the available model list and lets you pick one
-4. Launches `claude` wired to the confidential gateway
+2. Checks if a proxy is already running at the configured host/port; reuses it if available
+3. If no running proxy is found, spawns one as a child subprocess in Anthropic-only mode (port 8787)
+4. Fetches the available model list and lets you pick one
+5. Launches `claude` wired to the confidential gateway
-All traffic remains end-to-end encrypted. The proxy subprocess is cleaned up when Claude Code exits.
+All traffic remains end-to-end encrypted. The proxy subprocess persists after Claude Code exits — use `confidential-proxy stop` to clean it up or `confidential-proxy start` to pre-start it before launching.
 Any extra arguments are forwarded to `claude` directly:
@@ -213,9 +254,14 @@ To use `confidential-proxy` as a custom provider in [Hermes](https://hermes-agen
 **1. Start `confidential-proxy` in the background**
 ```bash
-confidential-proxy --compat openai &
-# or with npx/bunx without a global install:
-bunx -p @premai/api-sdk confidential-proxy --compat openai &
+# Daemon mode (runs in background, keeps a PID file)
+confidential-proxy start --compat openai
+# Check it's running
+confidential-proxy status
+# Or with npx/bunx without a global install:
+bunx -p @premai/api-sdk confidential-proxy start --compat openai
 ```
 The proxy listens on `http://localhost:8000` by default.
@@ -251,6 +297,10 @@ Hermes will now route requests through the encrypted proxy at `localhost:8000`.
 - RAG Support - Encrypted document retrieval with persistent RAG DEK
 - Attestation - Enclave attestation is always enabled for security
 - TypeScript - Full type safety
+- Daemon Mode - Run as a background service with PID file lifecycle management
+- Structured Logging - Request/response logging with configurable log levels (winston)
+- Graceful Shutdown - Drain in-flight requests before stopping (configurable timeout)
+- CLI Lifecycle - `start`, `stop`, `status` commands for managing the proxy daemon
 ## Chat Completions

package/dist/bare.cjs CHANGED Viewed

@@ -5507,7 +5507,10 @@ function createAudioClient(apiKey, encryptionKeys, requestTimeoutMs = DEFAULT_RE
     const controller = new AbortController;
     const timeoutId = setTimeout(() => controller.abort(), requestTimeoutMs);
     try {
-      const sessionId = await attest(apiKey, { model: body.model, enabled: attest2 });
+      const sessionId = await attest(apiKey, {
+        model: body.model,
+        enabled: attest2
+      });
       const encryptedRequest = await preprocessAudioRequest(body, encryptionKeys);
       const response = await fetch(`${endpoints.proxy}/rvenc/audio/transcriptions`, {
         method: "POST",
@@ -5539,7 +5542,10 @@ function createAudioClient(apiKey, encryptionKeys, requestTimeoutMs = DEFAULT_RE
     const controller = new AbortController;
     const timeoutId = setTimeout(() => controller.abort(), requestTimeoutMs);
     try {
-      const sessionId = await attest(apiKey, { model: body.model, enabled: attest2 });
+      const sessionId = await attest(apiKey, {
+        model: body.model,
+        enabled: attest2
+      });
       const encryptedRequest = await preprocessAudioTranslationRequest(body, encryptionKeys);
       const response = await fetch(`${endpoints.proxy}/rvenc/audio/translations`, {
         method: "POST",
@@ -25491,7 +25497,10 @@ function createRvencChatClient(apiKey, encryptionKeys, requestTimeoutMs = DEFAUL
     const controller = new AbortController;
     const timeoutId = setTimeout(() => controller.abort(), requestTimeoutMs);
     try {
-      const sessionId = await attest(apiKey, { model: body.model, enabled: attest2 });
+      const sessionId = await attest(apiKey, {
+        model: body.model,
+        enabled: attest2
+      });
       const encryptedRequest = preprocessRequest(body, encryptionKeys);
       const response = await fetch(`${endpoints.proxy}/rvenc/chat/completions`, {
         method: "POST",
@@ -25612,7 +25621,11 @@ async function* createDecryptedStreamGenerator(reader, sharedSecret, nonce, maxB
 }
 // src/tools/index.ts
-var FILE_OUTPUT_TOOLS = ["generateImage", "audioGenerateFromText", "createFileForUser"];
+var FILE_OUTPUT_TOOLS = [
+  "generateImage",
+  "audioGenerateFromText",
+  "createFileForUser"
+];
 var FILE_INPUT_TOOLS = [
   "imageDescribeAndCaption",
   "imageDescribeAndCaptionFallback",
@@ -25671,7 +25684,9 @@ async function downloadEncryptedFile(fileId, apiKey, timeoutMs) {
     if (!downloadUrl) {
       throw new Error("No download URL in response");
     }
-    const fileResponse = await fetch(downloadUrl, { signal: controller.signal });
+    const fileResponse = await fetch(downloadUrl, {
+      signal: controller.signal
+    });
     if (!fileResponse.ok) {
       throw new Error(`Failed to download file: ${fileResponse.status}`);
     }

package/dist/bare.mjs CHANGED Viewed

@@ -5449,7 +5449,10 @@ function createAudioClient(apiKey, encryptionKeys, requestTimeoutMs = DEFAULT_RE
     const controller = new AbortController;
     const timeoutId = setTimeout(() => controller.abort(), requestTimeoutMs);
     try {
-      const sessionId = await attest(apiKey, { model: body.model, enabled: attest2 });
+      const sessionId = await attest(apiKey, {
+        model: body.model,
+        enabled: attest2
+      });
       const encryptedRequest = await preprocessAudioRequest(body, encryptionKeys);
       const response = await fetch(`${endpoints.proxy}/rvenc/audio/transcriptions`, {
         method: "POST",
@@ -5481,7 +5484,10 @@ function createAudioClient(apiKey, encryptionKeys, requestTimeoutMs = DEFAULT_RE
     const controller = new AbortController;
     const timeoutId = setTimeout(() => controller.abort(), requestTimeoutMs);
     try {
-      const sessionId = await attest(apiKey, { model: body.model, enabled: attest2 });
+      const sessionId = await attest(apiKey, {
+        model: body.model,
+        enabled: attest2
+      });
       const encryptedRequest = await preprocessAudioTranslationRequest(body, encryptionKeys);
       const response = await fetch(`${endpoints.proxy}/rvenc/audio/translations`, {
         method: "POST",
@@ -25433,7 +25439,10 @@ function createRvencChatClient(apiKey, encryptionKeys, requestTimeoutMs = DEFAUL
     const controller = new AbortController;
     const timeoutId = setTimeout(() => controller.abort(), requestTimeoutMs);
     try {
-      const sessionId = await attest(apiKey, { model: body.model, enabled: attest2 });
+      const sessionId = await attest(apiKey, {
+        model: body.model,
+        enabled: attest2
+      });
       const encryptedRequest = preprocessRequest(body, encryptionKeys);
       const response = await fetch(`${endpoints.proxy}/rvenc/chat/completions`, {
         method: "POST",
@@ -25554,7 +25563,11 @@ async function* createDecryptedStreamGenerator(reader, sharedSecret, nonce, maxB
 }
 // src/tools/index.ts
-var FILE_OUTPUT_TOOLS = ["generateImage", "audioGenerateFromText", "createFileForUser"];
+var FILE_OUTPUT_TOOLS = [
+  "generateImage",
+  "audioGenerateFromText",
+  "createFileForUser"
+];
 var FILE_INPUT_TOOLS = [
   "imageDescribeAndCaption",
   "imageDescribeAndCaptionFallback",
@@ -25613,7 +25626,9 @@ async function downloadEncryptedFile(fileId, apiKey, timeoutMs) {
     if (!downloadUrl) {
       throw new Error("No download URL in response");
     }
-    const fileResponse = await fetch(downloadUrl, { signal: controller.signal });
+    const fileResponse = await fetch(downloadUrl, {
+      signal: controller.signal
+    });
     if (!fileResponse.ok) {
       throw new Error(`Failed to download file: ${fileResponse.status}`);
     }