@routstr/sdk 0.3.12 → 0.3.13

package/dist/browser.mjs

@@ -1858,15 +1858,27 @@ var BalanceManager = class _BalanceManager {
       clearTimeout(timeoutId);
       const requestId = response.headers.get("x-routstr-request-id") || void 0;
       if (!response.ok) {
-        const errorData = await response.json().catch(() => ({}));
-        this.logger.warn(
-          `fetchRefundToken: non-ok response for ${url} status=${response.status} statusText=${response.statusText}`,
-          errorData
-        );
+        const responseBody = await response.text().catch(() => void 0);
+        let errorData = {};
+        if (responseBody) {
+          try {
+            errorData = JSON.parse(responseBody);
+          } catch {
+            errorData = {};
+          }
+        }
+        this.logger.error("Upstream wallet refund error response", {
+          baseUrl,
+          url,
+          status: response.status,
+          statusText: response.statusText,
+          requestId,
+          body: responseBody ?? "<unable to read response body>"
+        });
         return {
           success: false,
           requestId,
-          error: `API key refund failed: ${errorData?.detail || response.statusText}`
+          error: `API key refund failed: ${errorData?.detail || responseBody || response.statusText}`
         };
       }
       const data = await response.json();
@@ -2202,11 +2214,27 @@ var BalanceManager = class _BalanceManager {
       clearTimeout(timeoutId);
       const requestId = response.headers.get("x-routstr-request-id") || void 0;
       if (!response.ok) {
-        const errorData = await response.json().catch(() => ({}));
+        const responseBody = await response.text().catch(() => void 0);
+        let errorData = {};
+        if (responseBody) {
+          try {
+            errorData = JSON.parse(responseBody);
+          } catch {
+            errorData = {};
+          }
+        }
+        this.logger.error("Upstream wallet topup error response", {
+          baseUrl,
+          url,
+          status: response.status,
+          statusText: response.statusText,
+          requestId,
+          body: responseBody ?? "<unable to read response body>"
+        });
         return {
           success: false,
           requestId,
-          error: errorData?.detail || `Top up failed with status ${response.status}`
+          error: errorData?.detail || responseBody || `Top up failed with status ${response.status}`
         };
       }
       return { success: true, requestId };
@@ -3039,7 +3067,7 @@ var openDatabase = (dbName, storeName) => {
     return Promise.reject(new Error("IndexedDB is not available"));
   }
   return new Promise((resolve, reject) => {
-    const request = indexedDB.open(dbName, 2);
+    const request = indexedDB.open(dbName, 3);
     request.onupgradeneeded = () => {
       const db = request.result;
       if (!db.objectStoreNames.contains(storeName)) {
@@ -3052,6 +3080,7 @@ var openDatabase = (dbName, storeName) => {
         utStore.createIndex("baseUrl", "baseUrl", { unique: false });
         utStore.createIndex("sessionId", "sessionId", { unique: false });
         utStore.createIndex("client", "client", { unique: false });
+        utStore.createIndex("provider", "provider", { unique: false });
       }
       if (storeName !== "sdk_storage" && !db.objectStoreNames.contains("sdk_storage")) {
         db.createObjectStore("sdk_storage");
@@ -4614,6 +4643,29 @@ function extractUsageFromSSEJson(parsed, fallbackSatsCost = 0) {
   }
   return result;
 }
+function extractUsageFromResponseHeaders(headers) {
+  const get = (name) => {
+    if (headers instanceof Headers) return headers.get(name);
+    const lower = name.toLowerCase();
+    for (const [k, v] of Object.entries(headers)) {
+      if (k.toLowerCase() === lower) return v;
+    }
+    return null;
+  };
+  const totalMsats = Number(get("X-Routstr-Cost-Msats"));
+  if (!totalMsats || !Number.isFinite(totalMsats)) return null;
+  return {
+    promptTokens: 0,
+    completionTokens: 0,
+    totalTokens: 0,
+    cost: Number(get("X-Routstr-Cost-Usd")) || 0,
+    satsCost: totalMsats / 1e3,
+    totalMsats,
+    inputMsats: Number(get("X-Routstr-Input-Cost-Msats")) || 0,
+    outputMsats: Number(get("X-Routstr-Output-Cost-Msats")) || 0,
+    totalUsd: Number(get("X-Routstr-Cost-Usd")) || void 0
+  };
+}
 function toUsageStats(usage) {
   if (!usage) return void 0;
   return {
@@ -4700,14 +4752,11 @@ async function inspectSSEWebStream(stream, onUsage, onResponseId, options) {
       }
       const usage = extractUsageFromSSEJson(data);
       if (usage) {
-        console.log("[routstr:sse] \u2192 usage detected:", usage);
         const merged = mergeUsage(capturedUsage, usage);
         if (hasUsageChanged(capturedUsage, merged)) {
           capturedUsage = merged;
-          console.log("[routstr:sse] \u2192 merged (changed):", merged);
           onUsage(merged);
         } else {
-          console.log("[routstr:sse] \u2192 merged (no change)");
         }
       }
     } catch {
@@ -4864,6 +4913,177 @@ function createSSEParserTransform(onUsage, onResponseId) {
   });
 }
 
+// client/TinfoilSecure.ts
+var TINFOIL_MODEL_PREFIX = "tinfoil-";
+var clientCache = /* @__PURE__ */ new Map();
+function isTinfoilModel(modelId) {
+  return modelId.startsWith(TINFOIL_MODEL_PREFIX);
+}
+function getTinfoilUpstreamModelId(modelId) {
+  return modelId.slice(TINFOIL_MODEL_PREFIX.length);
+}
+function normalizeBaseUrl5(baseUrl) {
+  return baseUrl.replace(/\/+$/, "");
+}
+function cacheKey(options) {
+  return JSON.stringify({
+    baseUrl: options.baseUrl,
+    attestationBundleURL: options.attestationBundleURL,
+    enclaveURL: options.enclaveURL,
+    configRepo: options.configRepo
+  });
+}
+function envOrUndefined(name) {
+  const maybeProcess = globalThis;
+  const value = maybeProcess.process?.env?.[name];
+  return value && value.trim() ? value.trim() : void 0;
+}
+function resolveOptions(options) {
+  return {
+    ...options,
+    baseUrl: normalizeBaseUrl5(options.baseUrl),
+    attestationBundleURL: options.attestationBundleURL ?? envOrUndefined("ROUTSTR_TINFOIL_ATTESTATION_BUNDLE_URL"),
+    enclaveURL: options.enclaveURL ?? envOrUndefined("ROUTSTR_TINFOIL_ENCLAVE_URL"),
+    configRepo: options.configRepo ?? envOrUndefined("ROUTSTR_TINFOIL_CONFIG_REPO")
+  };
+}
+async function prepareTinfoilClient(options) {
+  const resolved = resolveOptions(options);
+  const key = cacheKey(resolved);
+  let pending = clientCache.get(key);
+  if (!pending) {
+    pending = (async () => {
+      const { SecureClient } = await import('tinfoil');
+      const client = new SecureClient({
+        // baseURL is the proxy/provider URL that receives the EHBP request.
+        baseURL: resolved.baseUrl,
+        // Leave undefined by default so tinfoil uses its public ATC. If set,
+        // SecureClient will fetch `${attestationBundleURL}/attestation`.
+        attestationBundleURL: resolved.attestationBundleURL,
+        enclaveURL: resolved.enclaveURL,
+        configRepo: resolved.configRepo,
+        transport: "ehbp"
+      });
+      await client.ready();
+      const verification = client.getVerificationDocument();
+      return { client, verification };
+    })();
+    clientCache.set(key, pending);
+  }
+  try {
+    return await pending;
+  } catch (error) {
+    clientCache.delete(key);
+    throw error;
+  }
+}
+function normalizeFetchArgs(input, init) {
+  if (typeof input === "string") {
+    return { url: input, init };
+  }
+  if (input instanceof URL) {
+    return { url: input.toString(), init };
+  }
+  const cloned = input.clone();
+  return {
+    url: cloned.url,
+    init: {
+      method: cloned.method,
+      headers: new Headers(cloned.headers),
+      body: cloned.body ?? void 0,
+      signal: cloned.signal,
+      ...init
+    }
+  };
+}
+function isProblemJsonContentType(contentType) {
+  const mediaType = contentType?.split(";", 1)[0]?.trim().toLowerCase();
+  return mediaType === "application/problem+json";
+}
+async function isEhbpKeyConfigMismatchResponse(response, protocol) {
+  if (response.status !== 422) {
+    return false;
+  }
+  if (!isProblemJsonContentType(response.headers.get("content-type"))) {
+    return false;
+  }
+  try {
+    const problem = await response.clone().json();
+    return problem?.type === protocol.KEY_CONFIG_PROBLEM_TYPE;
+  } catch {
+    return false;
+  }
+}
+async function fetchTinfoilEhbpOnce(context, options, normalized, ehbp) {
+  const { Identity, PROTOCOL, decryptResponseWithToken, extractSessionRecoveryToken } = ehbp;
+  const resolved = resolveOptions(options);
+  const baseURL = context.client.getBaseURL() ?? resolved.baseUrl;
+  const enclaveURL = context.client.getEnclaveURL();
+  const baseOrigin = new URL(baseURL).origin;
+  const allowedOrigins = /* @__PURE__ */ new Set([baseOrigin]);
+  if (enclaveURL) {
+    allowedOrigins.add(new URL(enclaveURL).origin);
+  }
+  const targetUrl = new URL(normalized.url, baseURL);
+  if (!allowedOrigins.has(targetUrl.origin)) {
+    throw new Error(
+      `refusing to send Tinfoil request to ${targetUrl.origin}: client is bound to the verified enclave/proxy`
+    );
+  }
+  const headers = new Headers(normalized.init?.headers);
+  if (enclaveURL && new URL(enclaveURL).origin !== baseOrigin) {
+    headers.set("X-Tinfoil-Enclave-Url", enclaveURL);
+  }
+  const method = normalized.init?.method ?? "GET";
+  const body = normalized.init?.body ?? null;
+  const serverIdentity = await Identity.fromPublicKeyHex(
+    context.verification.hpkePublicKey
+  );
+  const request = new Request(targetUrl.toString(), {
+    method,
+    headers,
+    body,
+    duplex: "half"
+  });
+  const { request: encryptedRequest, context: requestContext } = await serverIdentity.encryptRequestWithContext(request);
+  const response = await fetch(encryptedRequest);
+  if (!requestContext) {
+    return response;
+  }
+  if (await isEhbpKeyConfigMismatchResponse(response, PROTOCOL)) {
+    throw new ehbp.KeyConfigMismatchError("EHBP key configuration mismatch");
+  }
+  if (!response.headers.get(PROTOCOL.RESPONSE_NONCE_HEADER)) {
+    return response;
+  }
+  const token = await extractSessionRecoveryToken(requestContext);
+  return await decryptResponseWithToken(response, token);
+}
+async function fetchTinfoilPreservingPlaintextErrors(options, input, init) {
+  const context = await prepareTinfoilClient(options);
+  const ehbp = await import('ehbp');
+  const normalized = normalizeFetchArgs(input, init);
+  try {
+    return await fetchTinfoilEhbpOnce(context, options, normalized, ehbp);
+  } catch (error) {
+    if (error instanceof ehbp.KeyConfigMismatchError) {
+      context.client.reset();
+      try {
+        await context.client.ready();
+        context.verification = context.client.getVerificationDocument();
+      } catch (reattestError) {
+        clientCache.delete(cacheKey(resolveOptions(options)));
+        throw reattestError;
+      }
+      return await fetchTinfoilEhbpOnce(context, options, normalized, ehbp);
+    }
+    throw error;
+  }
+}
+function clearTinfoilClientCache() {
+  clientCache.clear();
+}
+
 // client/RoutstrClient.ts
 var TOPUP_MARGIN = 1.2;
 var RoutstrClient = class {
@@ -5049,11 +5269,6 @@ var RoutstrClient = class {
         );
       }
     }
-    const { token, tokenBalance, tokenBalanceUnit, tokenBalanceUnknown } = await this._spendToken({
-      mintUrl,
-      amount: requiredSats,
-      baseUrl
-    });
     let requestBody = body;
     if (body && typeof body === "object") {
       const bodyObj = body;
@@ -5062,7 +5277,36 @@ var RoutstrClient = class {
       }
     }
     const baseHeaders = this._buildBaseHeaders();
-    const requestHeaders = this._withAuthHeader(baseHeaders, token);
+    const tinfoilEnabled = Boolean(modelId && isTinfoilModel(modelId));
+    if (tinfoilEnabled) {
+      this._log(
+        "DEBUG",
+        `[RoutstrClient] Attesting Tinfoil model ${modelId} before spend`
+      );
+      const { verification } = await prepareTinfoilClient({ baseUrl });
+      this._log(
+        "DEBUG",
+        `[RoutstrClient] Tinfoil attestation passed, enclave=${verification.enclaveHost}, codeFingerprint=${verification.codeFingerprint.slice(0, 16)}...`
+      );
+      if (requestBody && typeof requestBody === "object" && modelId) {
+        requestBody = {
+          ...requestBody,
+          model: getTinfoilUpstreamModelId(modelId)
+        };
+      }
+    }
+    const spendResult = await this._spendToken({
+      mintUrl,
+      amount: requiredSats,
+      baseUrl
+    });
+    const { token, tokenBalance, tokenBalanceUnit, tokenBalanceUnknown } = spendResult;
+    const finalHeaders = this._withAuthAndTinfoilHeaders(
+      baseHeaders,
+      token,
+      tinfoilEnabled,
+      modelId
+    );
     const response = await this._makeRequest({
       path: requestPath,
       method,
@@ -5071,9 +5315,10 @@ var RoutstrClient = class {
       mintUrl,
       token,
       requiredSats,
-      headers: requestHeaders,
+      headers: finalHeaders,
       baseHeaders,
-      selectedModel
+      selectedModel,
+      tinfoilEnabled
     });
     let tokenBalanceInSats = tokenBalanceUnit === "msat" ? tokenBalance / 1e3 : tokenBalance;
     let initialTokenBalanceUnknown = tokenBalanceUnknown;
@@ -5161,7 +5406,7 @@ var RoutstrClient = class {
    * Make the API request with failover support
    */
   async _makeRequest(params) {
-    const { path, method, body, baseUrl, token, headers } = params;
+    const { path, method, body, baseUrl, token, headers, tinfoilEnabled } = params;
     try {
       const url = `${baseUrl.replace(/\/$/, "")}${path}`;
       const requestBodyText = body === void 0 || method === "GET" ? void 0 : JSON.stringify(body);
@@ -5175,7 +5420,15 @@ var RoutstrClient = class {
         rawBody: requestBodyText
       });
       if (this.mode === "xcashu") this._log("DEBUG", "HEADERS,", headers);
-      const response = await fetch(url, {
+      const response = tinfoilEnabled ? await fetchTinfoilPreservingPlaintextErrors(
+        { baseUrl },
+        url,
+        {
+          method,
+          headers,
+          body: requestBodyText
+        }
+      ) : await fetch(url, {
         method,
         headers,
         body: requestBodyText
@@ -5195,6 +5448,15 @@ var RoutstrClient = class {
         } catch (e) {
           bodyText = void 0;
         }
+        this._log("ERROR", "[RoutstrClient] Upstream error response", {
+          baseUrl,
+          url,
+          path,
+          status: response.status,
+          statusText: response.statusText,
+          requestId,
+          body: bodyText ?? "<unable to read response body>"
+        });
         return await this._handleErrorResponse(
           params,
           token,
@@ -5225,6 +5487,9 @@ var RoutstrClient = class {
       throw error;
     }
   }
+  /**
+   * Store request details to a file in the reqs/ folder before fetch.
+   */
   /**
    * Handle error responses with failover
    */
@@ -5376,7 +5641,12 @@ var RoutstrClient = class {
           return this._makeRequest({
             ...params,
             token: params.token,
-            headers: this._withAuthHeader(params.baseHeaders, params.token),
+            headers: this._withAuthAndTinfoilHeaders(
+              params.baseHeaders,
+              params.token,
+              params.tinfoilEnabled,
+              params.selectedModel?.id
+            ),
             retryCount: retryCount + 1
           });
         } else {
@@ -5437,7 +5707,12 @@ var RoutstrClient = class {
         return this._makeRequest({
           ...params,
           token: retryToken,
-          headers: this._withAuthHeader(params.baseHeaders, retryToken),
+          headers: this._withAuthAndTinfoilHeaders(
+            params.baseHeaders,
+            retryToken,
+            params.tinfoilEnabled,
+            params.selectedModel?.id
+          ),
           retryCount: retryCount + 1
         });
       } else {
@@ -5532,6 +5807,13 @@ var RoutstrClient = class {
         messagesForPricing,
         params.maxTokens
       );
+      if (params.tinfoilEnabled) {
+        this._log(
+          "DEBUG",
+          `[RoutstrClient] _handleErrorResponse: Attesting Tinfoil failover provider ${nextProvider} before spend`
+        );
+        await prepareTinfoilClient({ baseUrl: nextProvider });
+      }
       this._log(
         "DEBUG",
         `[RoutstrClient] _handleErrorResponse: Creating new token for failover provider ${nextProvider}, required sats: ${newRequiredSats}`
@@ -5550,7 +5832,12 @@ var RoutstrClient = class {
         selectedModel: newModel,
         token: spendResult.token,
         requiredSats: newRequiredSats,
-        headers: this._withAuthHeader(params.baseHeaders, spendResult.token),
+        headers: this._withAuthAndTinfoilHeaders(
+          params.baseHeaders,
+          spendResult.token,
+          params.tinfoilEnabled,
+          newModel.id
+        ),
         retryCount: 0
       });
       retryResponse.initialTokenBalanceInSats = spendResult.tokenBalanceUnit === "msat" ? spendResult.tokenBalance / 1e3 : spendResult.tokenBalance;
@@ -5617,10 +5904,10 @@ var RoutstrClient = class {
         if (latestTokenBalance !== void 0) {
           this.storageAdapter.updateApiKeyBalance(baseUrl, latestTokenBalance);
         }
-        satsSpent = latestTokenBalance !== void 0 && !initialTokenBalanceUnknown ? Math.max(0, initialTokenBalance - latestTokenBalance) : fallbackSatsSpent ?? usage?.satsCost ?? 0;
+        satsSpent = latestTokenBalance !== void 0 && !initialTokenBalanceUnknown ? Math.max(0, initialTokenBalance - latestTokenBalance) : fallbackSatsSpent ?? usage?.satsCost ?? this._headerSatsCost(response) ?? 0;
       } catch (e) {
         this._log("WARN", "Could not get updated API key balance:", e);
-        satsSpent = fallbackSatsSpent ?? usage?.satsCost ?? 0;
+        satsSpent = fallbackSatsSpent ?? usage?.satsCost ?? this._headerSatsCost(response) ?? 0;
       }
     }
     await this._trackResponseUsage({
@@ -5637,6 +5924,15 @@ var RoutstrClient = class {
     })();
     return satsSpent;
   }
+  /**
+   * Extract sats cost from EHBP/Tinfoil response headers as a last-resort
+   * fallback when neither balance delta nor SSE/body usage provides a cost.
+   */
+  _headerSatsCost(response) {
+    if (!response) return void 0;
+    const headerUsage = extractUsageFromResponseHeaders(response.headers);
+    return headerUsage?.satsCost;
+  }
   async _trackResponseUsage(params) {
     const {
       token,
@@ -5670,7 +5966,24 @@ var RoutstrClient = class {
         }
       }
       if (!usage) {
-        return;
+        const headerUsage = extractUsageFromResponseHeaders(response.headers);
+        if (headerUsage) {
+          usage = headerUsage;
+        } else {
+          return;
+        }
+      } else {
+        const headerUsage = extractUsageFromResponseHeaders(response.headers);
+        if (headerUsage) {
+          if (headerUsage.totalMsats) {
+            usage.totalMsats = headerUsage.totalMsats;
+            usage.satsCost = headerUsage.satsCost;
+          }
+          if (headerUsage.cost) usage.cost = headerUsage.cost;
+          if (headerUsage.inputMsats) usage.inputMsats = headerUsage.inputMsats;
+          if (headerUsage.outputMsats) usage.outputMsats = headerUsage.outputMsats;
+          if (headerUsage.totalUsd) usage.totalUsd = headerUsage.totalUsd;
+        }
       }
       const finalRequestId = requestId || "unknown";
       const store = this.sdkStore ?? await getDefaultSdkStore();
@@ -5867,6 +6180,19 @@ var RoutstrClient = class {
     }
     return nextHeaders;
   }
+  /**
+   * Attach auth headers and preserve the plaintext model hint required by the
+   * Routstr proxy for Tinfoil/EHBP requests. EHBP encrypts the JSON body, so
+   * retries/failover must not rebuild headers from baseHeaders alone or the
+   * proxy cannot route/price the encrypted request.
+   */
+  _withAuthAndTinfoilHeaders(headers, token, tinfoilEnabled, modelId) {
+    const nextHeaders = this._withAuthHeader(headers, token);
+    if (tinfoilEnabled && modelId) {
+      nextHeaders["X-Routstr-Model"] = modelId;
+    }
+    return nextHeaders;
+  }
 };
 
 // client/StreamProcessor.ts
@@ -6356,6 +6682,6 @@ function extractStream(requestBody) {
   return typeof stream === "boolean" ? stream : void 0;
 }
 
-export { BalanceManager, CashuSpender, FailoverError, InsufficientBalanceError, MintDiscovery, MintDiscoveryError, MintUnreachableError, ModelManager, ModelNotFoundError, NoProvidersAvailableError, ProviderBootstrapError, ProviderError, ProviderManager, RoutstrClient, SDK_STORAGE_KEYS, StreamProcessor, StreamingError, TokenOperationError, consoleLogger, createDiscoveryAdapterFromStore, createIndexedDBDriver, createIndexedDBUsageTrackingDriver, createMemoryDriver, createMemoryUsageTrackingDriver, createProviderRegistryFromDiscoveryAdapter, createProviderRegistryFromStore, createSSEParserTransform, createSdkStore, createShardedDiscoveryAdapter, createStorageAdapterFromStore, extractResponseId, extractUsageFromResponseBody, extractUsageFromSSEJson, fetchAIResponse, filterBaseUrlsForTor, getDefaultDiscoveryAdapter, getDefaultProviderRegistry, getDefaultSdkDriver, getDefaultSdkStore, getDefaultStorageAdapter, getDefaultUsageTrackingDriver, getProviderEndpoints, inspectSSEWebStream, isOnionUrl, isTorContext, localStorageDriver, noopLogger, normalizeProviderUrl, routeRequests, setDefaultUsageTrackingDriver, toUsageStats };
+export { BalanceManager, CashuSpender, FailoverError, InsufficientBalanceError, MintDiscovery, MintDiscoveryError, MintUnreachableError, ModelManager, ModelNotFoundError, NoProvidersAvailableError, ProviderBootstrapError, ProviderError, ProviderManager, RoutstrClient, SDK_STORAGE_KEYS, StreamProcessor, StreamingError, TokenOperationError, clearTinfoilClientCache, consoleLogger, createDiscoveryAdapterFromStore, createIndexedDBDriver, createIndexedDBUsageTrackingDriver, createMemoryDriver, createMemoryUsageTrackingDriver, createProviderRegistryFromDiscoveryAdapter, createProviderRegistryFromStore, createSSEParserTransform, createSdkStore, createShardedDiscoveryAdapter, createStorageAdapterFromStore, extractResponseId, extractUsageFromResponseBody, extractUsageFromResponseHeaders, extractUsageFromSSEJson, fetchAIResponse, fetchTinfoilPreservingPlaintextErrors, filterBaseUrlsForTor, getDefaultDiscoveryAdapter, getDefaultProviderRegistry, getDefaultSdkDriver, getDefaultSdkStore, getDefaultStorageAdapter, getDefaultUsageTrackingDriver, getProviderEndpoints, getTinfoilUpstreamModelId, inspectSSEWebStream, isOnionUrl, isTinfoilModel, isTorContext, localStorageDriver, noopLogger, normalizeProviderUrl, prepareTinfoilClient, routeRequests, setDefaultUsageTrackingDriver, toUsageStats };
 //# sourceMappingURL=browser.mjs.map
 //# sourceMappingURL=browser.mjs.map