npm - @smythos/sre - Versions diffs - 1.5.53 → 1.5.54 - Mend

@smythos/sre 1.5.53 → 1.5.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (223) hide show

package/CHANGELOG +98 -98
package/LICENSE +18 -18
package/README.md +135 -135
package/dist/bundle-analysis-lazy.html +4949 -0
package/dist/bundle-analysis.html +4949 -0
package/dist/index.js +3 -3
package/dist/index.js.map +1 -1
package/dist/types/subsystems/LLMManager/LLM.service/connectors/openai/OpenAIConnector.class.d.ts +1 -6
package/dist/types/utils/package-manager.utils.d.ts +26 -0
package/package.json +1 -1
package/src/Components/APICall/APICall.class.ts +157 -157
package/src/Components/APICall/AccessTokenManager.ts +166 -166
package/src/Components/APICall/ArrayBufferResponse.helper.ts +58 -58
package/src/Components/APICall/OAuth.helper.ts +447 -447
package/src/Components/APICall/mimeTypeCategories.ts +46 -46
package/src/Components/APICall/parseData.ts +167 -167
package/src/Components/APICall/parseHeaders.ts +41 -41
package/src/Components/APICall/parseProxy.ts +68 -68
package/src/Components/APICall/parseUrl.ts +91 -91
package/src/Components/APIEndpoint.class.ts +234 -234
package/src/Components/APIOutput.class.ts +58 -58
package/src/Components/AgentPlugin.class.ts +102 -102
package/src/Components/Async.class.ts +155 -155
package/src/Components/Await.class.ts +90 -90
package/src/Components/Classifier.class.ts +158 -158
package/src/Components/Component.class.ts +132 -132
package/src/Components/ComponentHost.class.ts +38 -38
package/src/Components/DataSourceCleaner.class.ts +92 -92
package/src/Components/DataSourceIndexer.class.ts +181 -181
package/src/Components/DataSourceLookup.class.ts +161 -161
package/src/Components/ECMASandbox.class.ts +71 -71
package/src/Components/FEncDec.class.ts +29 -29
package/src/Components/FHash.class.ts +33 -33
package/src/Components/FSign.class.ts +80 -80
package/src/Components/FSleep.class.ts +25 -25
package/src/Components/FTimestamp.class.ts +25 -25
package/src/Components/FileStore.class.ts +78 -78
package/src/Components/ForEach.class.ts +97 -97
package/src/Components/GPTPlugin.class.ts +70 -70
package/src/Components/GenAILLM.class.ts +586 -586
package/src/Components/HuggingFace.class.ts +314 -314
package/src/Components/Image/imageSettings.config.ts +70 -70
package/src/Components/ImageGenerator.class.ts +502 -502
package/src/Components/JSONFilter.class.ts +54 -54
package/src/Components/LLMAssistant.class.ts +213 -213
package/src/Components/LogicAND.class.ts +28 -28
package/src/Components/LogicAtLeast.class.ts +85 -85
package/src/Components/LogicAtMost.class.ts +86 -86
package/src/Components/LogicOR.class.ts +29 -29
package/src/Components/LogicXOR.class.ts +34 -34
package/src/Components/MCPClient.class.ts +138 -138
package/src/Components/MemoryDeleteKeyVal.class.ts +70 -70
package/src/Components/MemoryReadKeyVal.class.ts +66 -66
package/src/Components/MemoryWriteKeyVal.class.ts +62 -62
package/src/Components/MemoryWriteObject.class.ts +97 -97
package/src/Components/MultimodalLLM.class.ts +128 -128
package/src/Components/OpenAPI.class.ts +72 -72
package/src/Components/PromptGenerator.class.ts +122 -122
package/src/Components/ScrapflyWebScrape.class.ts +159 -159
package/src/Components/ServerlessCode.class.ts +123 -123
package/src/Components/TavilyWebSearch.class.ts +98 -98
package/src/Components/VisionLLM.class.ts +104 -104
package/src/Components/ZapierAction.class.ts +127 -127
package/src/Components/index.ts +97 -97
package/src/Core/AgentProcess.helper.ts +240 -240
package/src/Core/Connector.class.ts +123 -123
package/src/Core/ConnectorsService.ts +197 -197
package/src/Core/DummyConnector.ts +49 -49
package/src/Core/HookService.ts +105 -105
package/src/Core/SmythRuntime.class.ts +235 -235
package/src/Core/SystemEvents.ts +16 -16
package/src/Core/boot.ts +56 -56
package/src/config.ts +15 -15
package/src/constants.ts +126 -126
package/src/data/hugging-face.params.json +579 -579
package/src/helpers/AWSLambdaCode.helper.ts +590 -590
package/src/helpers/BinaryInput.helper.ts +331 -331
package/src/helpers/Conversation.helper.ts +1119 -1119
package/src/helpers/ECMASandbox.helper.ts +54 -54
package/src/helpers/JsonContent.helper.ts +97 -97
package/src/helpers/LocalCache.helper.ts +97 -97
package/src/helpers/Log.helper.ts +274 -274
package/src/helpers/OpenApiParser.helper.ts +150 -150
package/src/helpers/S3Cache.helper.ts +147 -147
package/src/helpers/SmythURI.helper.ts +5 -5
package/src/helpers/Sysconfig.helper.ts +77 -77
package/src/helpers/TemplateString.helper.ts +243 -243
package/src/helpers/TypeChecker.helper.ts +329 -329
package/src/index.ts +3 -3
package/src/index.ts.bak +3 -3
package/src/subsystems/AgentManager/Agent.class.ts +1114 -1114
package/src/subsystems/AgentManager/Agent.helper.ts +3 -3
package/src/subsystems/AgentManager/AgentData.service/AgentDataConnector.ts +230 -230
package/src/subsystems/AgentManager/AgentData.service/connectors/CLIAgentDataConnector.class.ts +66 -66
package/src/subsystems/AgentManager/AgentData.service/connectors/LocalAgentDataConnector.class.ts +142 -142
package/src/subsystems/AgentManager/AgentData.service/connectors/NullAgentData.class.ts +39 -39
package/src/subsystems/AgentManager/AgentData.service/index.ts +18 -18
package/src/subsystems/AgentManager/AgentLogger.class.ts +301 -297
package/src/subsystems/AgentManager/AgentRequest.class.ts +51 -51
package/src/subsystems/AgentManager/AgentRuntime.class.ts +559 -559
package/src/subsystems/AgentManager/AgentSSE.class.ts +101 -101
package/src/subsystems/AgentManager/AgentSettings.class.ts +52 -52
package/src/subsystems/AgentManager/Component.service/ComponentConnector.ts +32 -32
package/src/subsystems/AgentManager/Component.service/connectors/LocalComponentConnector.class.ts +60 -60
package/src/subsystems/AgentManager/Component.service/index.ts +11 -11
package/src/subsystems/AgentManager/EmbodimentSettings.class.ts +47 -47
package/src/subsystems/AgentManager/ForkedAgent.class.ts +154 -154
package/src/subsystems/AgentManager/OSResourceMonitor.ts +77 -77
package/src/subsystems/ComputeManager/Code.service/CodeConnector.ts +98 -98
package/src/subsystems/ComputeManager/Code.service/connectors/AWSLambdaCode.class.ts +172 -172
package/src/subsystems/ComputeManager/Code.service/connectors/ECMASandbox.class.ts +131 -131
package/src/subsystems/ComputeManager/Code.service/index.ts +13 -13
package/src/subsystems/IO/CLI.service/CLIConnector.ts +47 -47
package/src/subsystems/IO/CLI.service/index.ts +9 -9
package/src/subsystems/IO/Log.service/LogConnector.ts +32 -32
package/src/subsystems/IO/Log.service/connectors/ConsoleLog.class.ts +28 -28
package/src/subsystems/IO/Log.service/index.ts +13 -13
package/src/subsystems/IO/NKV.service/NKVConnector.ts +43 -43
package/src/subsystems/IO/NKV.service/connectors/NKVLocalStorage.class.ts +234 -234
package/src/subsystems/IO/NKV.service/connectors/NKVRAM.class.ts +204 -204
package/src/subsystems/IO/NKV.service/connectors/NKVRedis.class.ts +182 -182
package/src/subsystems/IO/NKV.service/index.ts +14 -14
package/src/subsystems/IO/Router.service/RouterConnector.ts +21 -21
package/src/subsystems/IO/Router.service/connectors/ExpressRouter.class.ts +48 -48
package/src/subsystems/IO/Router.service/connectors/NullRouter.class.ts +40 -40
package/src/subsystems/IO/Router.service/index.ts +11 -11
package/src/subsystems/IO/Storage.service/SmythFS.class.ts +489 -489
package/src/subsystems/IO/Storage.service/StorageConnector.ts +66 -66
package/src/subsystems/IO/Storage.service/connectors/LocalStorage.class.ts +327 -327
package/src/subsystems/IO/Storage.service/connectors/S3Storage.class.ts +482 -482
package/src/subsystems/IO/Storage.service/index.ts +13 -13
package/src/subsystems/IO/VectorDB.service/VectorDBConnector.ts +108 -108
package/src/subsystems/IO/VectorDB.service/connectors/MilvusVectorDB.class.ts +454 -454
package/src/subsystems/IO/VectorDB.service/connectors/PineconeVectorDB.class.ts +384 -384
package/src/subsystems/IO/VectorDB.service/connectors/RAMVecrtorDB.class.ts +421 -421
package/src/subsystems/IO/VectorDB.service/embed/BaseEmbedding.ts +107 -107
package/src/subsystems/IO/VectorDB.service/embed/OpenAIEmbedding.ts +109 -109
package/src/subsystems/IO/VectorDB.service/embed/index.ts +21 -21
package/src/subsystems/IO/VectorDB.service/index.ts +14 -14
package/src/subsystems/LLMManager/LLM.helper.ts +251 -251
package/src/subsystems/LLMManager/LLM.inference.ts +339 -339
package/src/subsystems/LLMManager/LLM.service/LLMConnector.ts +489 -489
package/src/subsystems/LLMManager/LLM.service/LLMCredentials.helper.ts +171 -171
package/src/subsystems/LLMManager/LLM.service/connectors/Anthropic.class.ts +659 -659
package/src/subsystems/LLMManager/LLM.service/connectors/Bedrock.class.ts +400 -400
package/src/subsystems/LLMManager/LLM.service/connectors/Echo.class.ts +77 -77
package/src/subsystems/LLMManager/LLM.service/connectors/GoogleAI.class.ts +757 -757
package/src/subsystems/LLMManager/LLM.service/connectors/Groq.class.ts +304 -304
package/src/subsystems/LLMManager/LLM.service/connectors/Perplexity.class.ts +250 -250
package/src/subsystems/LLMManager/LLM.service/connectors/VertexAI.class.ts +423 -423
package/src/subsystems/LLMManager/LLM.service/connectors/openai/OpenAIConnector.class.ts +488 -488
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/ChatCompletionsApiInterface.ts +524 -524
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/OpenAIApiInterface.ts +100 -100
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/OpenAIApiInterfaceFactory.ts +81 -81
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/ResponsesApiInterface.ts +1145 -1145
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/constants.ts +13 -13
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/index.ts +4 -4
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/utils.ts +11 -11
package/src/subsystems/LLMManager/LLM.service/connectors/openai/types.ts +32 -32
package/src/subsystems/LLMManager/LLM.service/connectors/xAI.class.ts +471 -471
package/src/subsystems/LLMManager/LLM.service/index.ts +44 -44
package/src/subsystems/LLMManager/ModelsProvider.service/ModelsProviderConnector.ts +300 -300
package/src/subsystems/LLMManager/ModelsProvider.service/connectors/JSONModelsProvider.class.ts +252 -252
package/src/subsystems/LLMManager/ModelsProvider.service/index.ts +11 -11
package/src/subsystems/LLMManager/custom-models.ts +854 -854
package/src/subsystems/LLMManager/models.ts +2540 -2540
package/src/subsystems/LLMManager/paramMappings.ts +69 -69
package/src/subsystems/MemoryManager/Cache.service/CacheConnector.ts +86 -86
package/src/subsystems/MemoryManager/Cache.service/connectors/LocalStorageCache.class.ts +297 -297
package/src/subsystems/MemoryManager/Cache.service/connectors/RAMCache.class.ts +201 -201
package/src/subsystems/MemoryManager/Cache.service/connectors/RedisCache.class.ts +252 -252
package/src/subsystems/MemoryManager/Cache.service/connectors/S3Cache.class.ts +373 -373
package/src/subsystems/MemoryManager/Cache.service/index.ts +15 -15
package/src/subsystems/MemoryManager/LLMCache.ts +72 -72
package/src/subsystems/MemoryManager/LLMContext.ts +124 -124
package/src/subsystems/MemoryManager/LLMMemory.service/LLMMemoryConnector.ts +26 -26
package/src/subsystems/MemoryManager/RuntimeContext.ts +266 -266
package/src/subsystems/Security/AccessControl/ACL.class.ts +208 -208
package/src/subsystems/Security/AccessControl/AccessCandidate.class.ts +82 -82
package/src/subsystems/Security/AccessControl/AccessRequest.class.ts +52 -52
package/src/subsystems/Security/Account.service/AccountConnector.ts +44 -44
package/src/subsystems/Security/Account.service/connectors/AWSAccount.class.ts +76 -76
package/src/subsystems/Security/Account.service/connectors/DummyAccount.class.ts +130 -130
package/src/subsystems/Security/Account.service/connectors/JSONFileAccount.class.ts +159 -159
package/src/subsystems/Security/Account.service/index.ts +14 -14
package/src/subsystems/Security/Credentials.helper.ts +62 -62
package/src/subsystems/Security/ManagedVault.service/ManagedVaultConnector.ts +38 -38
package/src/subsystems/Security/ManagedVault.service/connectors/NullManagedVault.class.ts +53 -53
package/src/subsystems/Security/ManagedVault.service/connectors/SecretManagerManagedVault.ts +154 -154
package/src/subsystems/Security/ManagedVault.service/index.ts +12 -12
package/src/subsystems/Security/SecureConnector.class.ts +110 -110
package/src/subsystems/Security/Vault.service/Vault.helper.ts +30 -30
package/src/subsystems/Security/Vault.service/VaultConnector.ts +29 -29
package/src/subsystems/Security/Vault.service/connectors/HashicorpVault.class.ts +46 -46
package/src/subsystems/Security/Vault.service/connectors/JSONFileVault.class.ts +221 -221
package/src/subsystems/Security/Vault.service/connectors/NullVault.class.ts +54 -54
package/src/subsystems/Security/Vault.service/connectors/SecretsManager.class.ts +140 -140
package/src/subsystems/Security/Vault.service/index.ts +12 -12
package/src/types/ACL.types.ts +104 -104
package/src/types/AWS.types.ts +10 -10
package/src/types/Agent.types.ts +61 -61
package/src/types/AgentLogger.types.ts +17 -17
package/src/types/Cache.types.ts +1 -1
package/src/types/Common.types.ts +2 -2
package/src/types/LLM.types.ts +496 -496
package/src/types/Redis.types.ts +8 -8
package/src/types/SRE.types.ts +64 -64
package/src/types/Security.types.ts +14 -14
package/src/types/Storage.types.ts +5 -5
package/src/types/VectorDB.types.ts +86 -86
package/src/utils/base64.utils.ts +275 -275
package/src/utils/cli.utils.ts +68 -68
package/src/utils/data.utils.ts +322 -322
package/src/utils/date-time.utils.ts +22 -22
package/src/utils/general.utils.ts +238 -238
package/src/utils/index.ts +12 -12
package/src/utils/lazy-client.ts +261 -261
package/src/utils/numbers.utils.ts +13 -13
package/src/utils/oauth.utils.ts +35 -35
package/src/utils/string.utils.ts +414 -414
package/src/utils/url.utils.ts +19 -19
package/src/utils/validation.utils.ts +74 -74
package/dist/types/subsystems/LLMManager/ModelsProvider.service/connectors/SmythModelsProvider.class.d.ts +0 -39

package/src/subsystems/LLMManager/LLM.service/LLMCredentials.helper.ts CHANGED Viewed

@@ -1,171 +1,171 @@
-import { ConnectorService } from '@sre/Core/ConnectorsService';
-import { AccessCandidate } from '@sre/Security/AccessControl/AccessCandidate.class';
-import { TBedrockSettings, TCustomLLMModel, TLLMCredentials, TLLMModel, TVertexAISettings } from '@sre/types/LLM.types';
-export async function getLLMCredentials(candidate: AccessCandidate, modelInfo: TLLMModel | TCustomLLMModel) {
-    //create a credentials list that we can iterate over
-    //if the credentials are not provided, we will use None as a default in order to return empty credentials
-    const credentialsList: any[] = !Array.isArray(modelInfo.credentials)
-        ? [modelInfo.credentials || TLLMCredentials.Internal]
-        : modelInfo.credentials || [TLLMCredentials.Internal];
-    for (let credentialsMode of credentialsList) {
-        if (typeof credentialsMode === 'object') {
-            //credentials passed directly
-            return credentialsMode;
-        }
-        switch (credentialsMode) {
-            case TLLMCredentials.None: {
-                return { apiKey: '' };
-            }
-            case TLLMCredentials.Internal: {
-                const credentials = await getEnvCredentials(candidate, modelInfo as TLLMModel);
-                if (credentials) return credentials;
-                break;
-            }
-            case TLLMCredentials.Vault: {
-                const credentials = await getStandardLLMCredentials(candidate, modelInfo as TLLMModel);
-                if (credentials) return credentials;
-                break;
-            }
-            case TLLMCredentials.BedrockVault: {
-                const credentials = await getBedrockCredentials(candidate, modelInfo as TCustomLLMModel);
-                if (credentials) return credentials;
-                break;
-            }
-            case TLLMCredentials.VertexAIVault: {
-                const credentials = await getVertexAICredentials(candidate, modelInfo as TCustomLLMModel);
-                if (credentials) return credentials;
-                break;
-            }
-        }
-    }
-    return {};
-}
-/**
- * Legacy API keys
- * TODO : move this to a special vault entry
- */
-const SMYTHOS_API_KEYS = {
-    echo: '',
-    openai: process.env.OPENAI_API_KEY,
-    anthropic: process.env.ANTHROPIC_API_KEY,
-    googleai: process.env.GOOGLE_AI_API_KEY,
-    togetherai: process.env.TOGETHER_AI_API_KEY,
-    groq: process.env.GROQ_API_KEY,
-    xai: process.env.XAI_API_KEY,
-    perplexity: process.env.PERPLEXITY_API_KEY,
-};
-async function getEnvCredentials(candidate: AccessCandidate, modelInfo: TLLMModel): Promise<{ apiKey: string }> {
-    const provider = (modelInfo.provider || modelInfo.llm)?.toLowerCase();
-    const apiKey = SMYTHOS_API_KEYS?.[provider] || '';
-    if (!apiKey) return null;
-    return { apiKey };
-}
-/**
- * Retrieves API key credentials for standard LLM providers from the vault
- * @param candidate - The access candidate requesting the credentials
- * @param provider - The LLM provider name (e.g., 'openai', 'anthropic')
- * @returns Promise resolving to an object containing the provider's API key
- * @throws {Error} If vault connector is unavailable (handled in parent method)
- * @remarks Returns an empty string as API key if vault access fails
- * @private
- */
-async function getStandardLLMCredentials(candidate: AccessCandidate, modelInfo: TLLMModel): Promise<{ apiKey: string; isUserKey: boolean }> {
-    const provider = (modelInfo.provider || modelInfo.llm)?.toLowerCase();
-    const vaultConnector = ConnectorService.getVaultConnector();
-    const apiKey = await vaultConnector
-        .requester(candidate)
-        .get(provider)
-        .catch(() => '');
-    if (!apiKey) return null;
-    return { apiKey, isUserKey: true };
-}
-/**
- * Retrieves AWS Bedrock credentials from the vault for authentication
- * @param candidate - The access candidate requesting the credentials
- * @param modelInfo - The Bedrock model information containing credential key names in settings
- * @returns Promise resolving to AWS credentials object
- * @returns {Promise<Object>} credentials
- * @returns {string} credentials.accessKeyId - AWS access key ID
- * @returns {string} credentials.secretAccessKey - AWS secret access key
- * @returns {string} [credentials.sessionToken] - Optional AWS session token
- * @throws {Error} If vault connector is unavailable (handled in parent method)
- * @private
- */
-async function getBedrockCredentials(
-    candidate: AccessCandidate,
-    modelInfo: TCustomLLMModel
-): Promise<{ accessKeyId: string; secretAccessKey: string; sessionToken?: string; isUserKey: boolean }> {
-    const keyIdName = (modelInfo.settings as TBedrockSettings)?.keyIDName;
-    const secretKeyName = (modelInfo.settings as TBedrockSettings)?.secretKeyName;
-    const sessionKeyName = (modelInfo.settings as TBedrockSettings)?.sessionKeyName;
-    const vaultConnector = ConnectorService.getVaultConnector();
-    const [accessKeyId, secretAccessKey, sessionToken] = await Promise.all([
-        vaultConnector
-            .requester(candidate)
-            .get(keyIdName)
-            .catch(() => ''),
-        vaultConnector
-            .requester(candidate)
-            .get(secretKeyName)
-            .catch(() => ''),
-        vaultConnector
-            .requester(candidate)
-            .get(sessionKeyName)
-            .catch(() => ''),
-    ]);
-    let credentials: {
-        accessKeyId: string;
-        secretAccessKey: string;
-        sessionToken?: string;
-        isUserKey: boolean;
-    } = {
-        accessKeyId,
-        secretAccessKey,
-        isUserKey: true,
-    };
-    if (sessionToken) {
-        credentials.sessionToken = sessionToken;
-    }
-    if (!accessKeyId || !secretAccessKey) return null;
-    return credentials;
-}
-/**
- * Retrieves the credentials required for VertexAI authentication from the vault
- * @param candidate - The access candidate requesting the credentials
- * @param modelInfo - The VertexAI model information containing settings
- * @returns Promise resolving to the parsed JSON credentials for VertexAI
- * @throws {Error} If vault connector is unavailable (handled in parent method)
- * @throws {Error} If JSON parsing fails or credentials are malformed
- * @remarks Returns empty credentials if vault access fails
- * @private
- */
-async function getVertexAICredentials(candidate: AccessCandidate, modelInfo: TCustomLLMModel): Promise<any> {
-    const jsonCredentialsName = (modelInfo.settings as TVertexAISettings)?.jsonCredentialsName;
-    const vaultConnector = ConnectorService.getVaultConnector();
-    let jsonCredentials = await vaultConnector
-        .requester(candidate)
-        .get(jsonCredentialsName)
-        .catch(() => '');
-    const credentials = JSON.parse(jsonCredentials);
-    if (!credentials) return null;
-    return { ...credentials, isUserKey: true };
-}
+import { ConnectorService } from '@sre/Core/ConnectorsService';
+import { AccessCandidate } from '@sre/Security/AccessControl/AccessCandidate.class';
+import { TBedrockSettings, TCustomLLMModel, TLLMCredentials, TLLMModel, TVertexAISettings } from '@sre/types/LLM.types';
+export async function getLLMCredentials(candidate: AccessCandidate, modelInfo: TLLMModel | TCustomLLMModel) {
+    //create a credentials list that we can iterate over
+    //if the credentials are not provided, we will use None as a default in order to return empty credentials
+    const credentialsList: any[] = !Array.isArray(modelInfo.credentials)
+        ? [modelInfo.credentials || TLLMCredentials.Internal]
+        : modelInfo.credentials || [TLLMCredentials.Internal];
+    for (let credentialsMode of credentialsList) {
+        if (typeof credentialsMode === 'object') {
+            //credentials passed directly
+            return credentialsMode;
+        }
+        switch (credentialsMode) {
+            case TLLMCredentials.None: {
+                return { apiKey: '' };
+            }
+            case TLLMCredentials.Internal: {
+                const credentials = await getEnvCredentials(candidate, modelInfo as TLLMModel);
+                if (credentials) return credentials;
+                break;
+            }
+            case TLLMCredentials.Vault: {
+                const credentials = await getStandardLLMCredentials(candidate, modelInfo as TLLMModel);
+                if (credentials) return credentials;
+                break;
+            }
+            case TLLMCredentials.BedrockVault: {
+                const credentials = await getBedrockCredentials(candidate, modelInfo as TCustomLLMModel);
+                if (credentials) return credentials;
+                break;
+            }
+            case TLLMCredentials.VertexAIVault: {
+                const credentials = await getVertexAICredentials(candidate, modelInfo as TCustomLLMModel);
+                if (credentials) return credentials;
+                break;
+            }
+        }
+    }
+    return {};
+}
+/**
+ * Legacy API keys
+ * TODO : move this to a special vault entry
+ */
+const SMYTHOS_API_KEYS = {
+    echo: '',
+    openai: process.env.OPENAI_API_KEY,
+    anthropic: process.env.ANTHROPIC_API_KEY,
+    googleai: process.env.GOOGLE_AI_API_KEY,
+    togetherai: process.env.TOGETHER_AI_API_KEY,
+    groq: process.env.GROQ_API_KEY,
+    xai: process.env.XAI_API_KEY,
+    perplexity: process.env.PERPLEXITY_API_KEY,
+};
+async function getEnvCredentials(candidate: AccessCandidate, modelInfo: TLLMModel): Promise<{ apiKey: string }> {
+    const provider = (modelInfo.provider || modelInfo.llm)?.toLowerCase();
+    const apiKey = SMYTHOS_API_KEYS?.[provider] || '';
+    if (!apiKey) return null;
+    return { apiKey };
+}
+/**
+ * Retrieves API key credentials for standard LLM providers from the vault
+ * @param candidate - The access candidate requesting the credentials
+ * @param provider - The LLM provider name (e.g., 'openai', 'anthropic')
+ * @returns Promise resolving to an object containing the provider's API key
+ * @throws {Error} If vault connector is unavailable (handled in parent method)
+ * @remarks Returns an empty string as API key if vault access fails
+ * @private
+ */
+async function getStandardLLMCredentials(candidate: AccessCandidate, modelInfo: TLLMModel): Promise<{ apiKey: string; isUserKey: boolean }> {
+    const provider = (modelInfo.provider || modelInfo.llm)?.toLowerCase();
+    const vaultConnector = ConnectorService.getVaultConnector();
+    const apiKey = await vaultConnector
+        .requester(candidate)
+        .get(provider)
+        .catch(() => '');
+    if (!apiKey) return null;
+    return { apiKey, isUserKey: true };
+}
+/**
+ * Retrieves AWS Bedrock credentials from the vault for authentication
+ * @param candidate - The access candidate requesting the credentials
+ * @param modelInfo - The Bedrock model information containing credential key names in settings
+ * @returns Promise resolving to AWS credentials object
+ * @returns {Promise<Object>} credentials
+ * @returns {string} credentials.accessKeyId - AWS access key ID
+ * @returns {string} credentials.secretAccessKey - AWS secret access key
+ * @returns {string} [credentials.sessionToken] - Optional AWS session token
+ * @throws {Error} If vault connector is unavailable (handled in parent method)
+ * @private
+ */
+async function getBedrockCredentials(
+    candidate: AccessCandidate,
+    modelInfo: TCustomLLMModel
+): Promise<{ accessKeyId: string; secretAccessKey: string; sessionToken?: string; isUserKey: boolean }> {
+    const keyIdName = (modelInfo.settings as TBedrockSettings)?.keyIDName;
+    const secretKeyName = (modelInfo.settings as TBedrockSettings)?.secretKeyName;
+    const sessionKeyName = (modelInfo.settings as TBedrockSettings)?.sessionKeyName;
+    const vaultConnector = ConnectorService.getVaultConnector();
+    const [accessKeyId, secretAccessKey, sessionToken] = await Promise.all([
+        vaultConnector
+            .requester(candidate)
+            .get(keyIdName)
+            .catch(() => ''),
+        vaultConnector
+            .requester(candidate)
+            .get(secretKeyName)
+            .catch(() => ''),
+        vaultConnector
+            .requester(candidate)
+            .get(sessionKeyName)
+            .catch(() => ''),
+    ]);
+    let credentials: {
+        accessKeyId: string;
+        secretAccessKey: string;
+        sessionToken?: string;
+        isUserKey: boolean;
+    } = {
+        accessKeyId,
+        secretAccessKey,
+        isUserKey: true,
+    };
+    if (sessionToken) {
+        credentials.sessionToken = sessionToken;
+    }
+    if (!accessKeyId || !secretAccessKey) return null;
+    return credentials;
+}
+/**
+ * Retrieves the credentials required for VertexAI authentication from the vault
+ * @param candidate - The access candidate requesting the credentials
+ * @param modelInfo - The VertexAI model information containing settings
+ * @returns Promise resolving to the parsed JSON credentials for VertexAI
+ * @throws {Error} If vault connector is unavailable (handled in parent method)
+ * @throws {Error} If JSON parsing fails or credentials are malformed
+ * @remarks Returns empty credentials if vault access fails
+ * @private
+ */
+async function getVertexAICredentials(candidate: AccessCandidate, modelInfo: TCustomLLMModel): Promise<any> {
+    const jsonCredentialsName = (modelInfo.settings as TVertexAISettings)?.jsonCredentialsName;
+    const vaultConnector = ConnectorService.getVaultConnector();
+    let jsonCredentials = await vaultConnector
+        .requester(candidate)
+        .get(jsonCredentialsName)
+        .catch(() => '');
+    const credentials = JSON.parse(jsonCredentials);
+    if (!credentials) return null;
+    return { ...credentials, isUserKey: true };
+}