npm - @uncensoredcode/openbridge - Versions diffs - 0.1.0 - Mend

@uncensoredcode/openbridge 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (145) hide show

package/packages/server/dist/http/routes/admin-routes.js ADDED Viewed

@@ -0,0 +1,135 @@
+import { bridgeModule } from "../../bridge/index.js";
+import { bridgeApiErrorModule } from "../../shared/bridge-api-error.js";
+import { parseRequestModule } from "../parse-request.js";
+const { buildModelListResponse, createModelRequestSchema, buildSessionPackageStatus, createProviderRequestSchema, modelMutationResponseSchema, createSessionRequestSchema, providerDeleteResponseSchema, providerIdParamsSchema, providerListResponseSchema, providerResponseSchema, sessionDeleteResponseSchema, sessionIdParamsSchema, sessionListResponseSchema, sessionPackageDeleteResponseSchema, sessionPackageSchema, sessionPackageStatusResponseSchema, sessionResponseSchema, updateProviderRequestSchema, updateSessionRequestSchema } = bridgeModule;
+const { BridgeApiError } = bridgeApiErrorModule;
+const { parseRequest } = parseRequestModule;
+function registerAdminRoutes(app, context) {
+    app.get("/v1/models", async () => buildModelListResponse(context.providerStore.list()));
+    app.post("/v1/models", async (request, reply) => {
+        const body = parseRequest(createModelRequestSchema, request.body);
+        const provider = requireProvider(context, body.provider);
+        const modelId = body.model.trim();
+        const currentModels = Array.isArray(provider.config.models)
+            ? provider.config.models.filter((value) => typeof value === "string")
+            : [];
+        const nextModels = [...new Set([...currentModels.map((value) => value.trim()), modelId])]
+            .filter(Boolean)
+            .sort((left, right) => left.localeCompare(right));
+        context.providerStore.update(provider.id, {
+            config: {
+                ...provider.config,
+                models: nextModels
+            }
+        });
+        reply.code(201);
+        return modelMutationResponseSchema.parse({
+            ok: true,
+            providerId: provider.id,
+            modelId
+        });
+    });
+    app.get("/v1/providers", async () => providerListResponseSchema.parse({
+        providers: context.providerStore.list()
+    }));
+    app.post("/v1/providers", async (request, reply) => {
+        const body = parseRequest(createProviderRequestSchema, request.body);
+        const provider = context.providerStore.create(body);
+        reply.code(201);
+        return providerResponseSchema.parse({ provider });
+    });
+    app.get("/v1/providers/:id", async (request) => {
+        const params = parseRequest(providerIdParamsSchema, request.params);
+        const provider = context.providerStore.get(params.id);
+        if (!provider) {
+            throw providerNotFoundError(params.id);
+        }
+        return providerResponseSchema.parse({ provider });
+    });
+    app.patch("/v1/providers/:id", async (request) => {
+        const params = parseRequest(providerIdParamsSchema, request.params);
+        const body = parseRequest(updateProviderRequestSchema, request.body);
+        const provider = context.providerStore.update(params.id, body);
+        return providerResponseSchema.parse({ provider });
+    });
+    app.delete("/v1/providers/:id", async (request) => {
+        const params = parseRequest(providerIdParamsSchema, request.params);
+        const deleted = context.providerStore.delete(params.id);
+        return providerDeleteResponseSchema.parse(deleted);
+    });
+    app.put("/v1/providers/:id/session-package", async (request) => {
+        const params = parseRequest(providerIdParamsSchema, request.params);
+        const body = parseRequest(sessionPackageSchema, request.body);
+        const stored = context.sessionPackageStore.put(params.id, body);
+        return sessionPackageStatusResponseSchema.parse(buildSessionPackageStatus(params.id, stored));
+    });
+    app.get("/v1/providers/:id/session-package", async (request) => {
+        const params = parseRequest(providerIdParamsSchema, request.params);
+        requireProvider(context, params.id);
+        const stored = context.sessionPackageStore.getStatus(params.id);
+        if (!stored || !stored.hasSessionPackage) {
+            throw new BridgeApiError({
+                statusCode: 404,
+                code: "session_package_not_found",
+                message: `Provider '${params.id}' does not have a session package.`
+            });
+        }
+        return sessionPackageStatusResponseSchema.parse(buildSessionPackageStatus(params.id, stored));
+    });
+    app.delete("/v1/providers/:id/session-package", async (request) => {
+        const params = parseRequest(providerIdParamsSchema, request.params);
+        requireProvider(context, params.id);
+        return sessionPackageDeleteResponseSchema.parse(context.sessionPackageStore.deleteSession(params.id));
+    });
+    app.get("/v1/sessions", async () => sessionListResponseSchema.parse({
+        sessions: context.sessionStore.list()
+    }));
+    app.post("/v1/sessions", async (request, reply) => {
+        const body = parseRequest(createSessionRequestSchema, request.body);
+        const session = context.sessionStore.create(body);
+        reply.code(201);
+        return sessionResponseSchema.parse({ session });
+    });
+    app.get("/v1/sessions/:id", async (request) => {
+        const params = parseRequest(sessionIdParamsSchema, request.params);
+        const session = context.sessionStore.get(params.id);
+        if (!session) {
+            throw sessionNotFoundError(params.id);
+        }
+        return sessionResponseSchema.parse({ session });
+    });
+    app.patch("/v1/sessions/:id", async (request) => {
+        const params = parseRequest(sessionIdParamsSchema, request.params);
+        const body = parseRequest(updateSessionRequestSchema, request.body);
+        const session = context.sessionStore.update(params.id, body);
+        return sessionResponseSchema.parse({ session });
+    });
+    app.delete("/v1/sessions/:id", async (request) => {
+        const params = parseRequest(sessionIdParamsSchema, request.params);
+        return sessionDeleteResponseSchema.parse(context.sessionStore.delete(params.id));
+    });
+}
+function requireProvider(context, providerId) {
+    const provider = context.providerStore.get(providerId);
+    if (provider) {
+        return provider;
+    }
+    throw providerNotFoundError(providerId);
+}
+function providerNotFoundError(providerId) {
+    return new BridgeApiError({
+        statusCode: 404,
+        code: "provider_not_found",
+        message: `Provider '${providerId}' was not found.`
+    });
+}
+function sessionNotFoundError(sessionId) {
+    return new BridgeApiError({
+        statusCode: 404,
+        code: "session_not_found",
+        message: `Session '${sessionId}' was not found.`
+    });
+}
+export const adminRoutesModule = {
+    registerAdminRoutes
+};

package/packages/server/dist/http/routes/chat-completions-route.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { FastifyInstance } from "fastify";
+import type { BridgeApiRouteContext } from "../bridge-api-route-context.ts";
+declare function registerChatCompletionRoute(app: FastifyInstance, context: BridgeApiRouteContext): void;
+export declare const chatCompletionsRouteModule: {
+    registerChatCompletionRoute: typeof registerChatCompletionRoute;
+};
+export {};

package/packages/server/dist/http/routes/chat-completions-route.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { chatCompletionServiceModule } from "../../bridge/chat-completions/chat-completion-service.js";
+import { fileBridgeStateStoreModule } from "../../bridge/state/file-bridge-state-store.js";
+import { parseRequestModule } from "../parse-request.js";
+const { chatCompletionsRequestSchema, handleBridgeChatCompletionRequest } = chatCompletionServiceModule;
+const { FileBridgeStateStore } = fileBridgeStateStoreModule;
+const { parseRequest } = parseRequestModule;
+function registerChatCompletionRoute(app, context) {
+    const stateStore = new FileBridgeStateStore(context.config.stateRoot);
+    app.post("/v1/chat/completions", async (request, reply) => {
+        const body = parseRequest(chatCompletionsRequestSchema, request.body);
+        const execution = await handleBridgeChatCompletionRequest({
+            body,
+            headers: request.headers,
+            providerStore: context.providerStore,
+            service: context.service,
+            stateStore,
+            request: {
+                method: request.method,
+                url: request.url
+            },
+            onInternalError: context.onInternalError
+        });
+        if (execution.kind === "json") {
+            return execution.response;
+        }
+        reply.hijack();
+        reply.raw.writeHead(200, {
+            "Content-Type": "text/event-stream; charset=utf-8",
+            "Cache-Control": "no-store",
+            Connection: "keep-alive"
+        });
+        reply.raw.flushHeaders?.();
+        try {
+            for await (const event of execution.events) {
+                reply.raw.write(event === "[DONE]" ? "data: [DONE]\n\n" : formatSseData(event));
+            }
+        }
+        finally {
+            reply.raw.end();
+        }
+        return reply;
+    });
+}
+function formatSseData(value) {
+    return `data: ${JSON.stringify(value)}\n\n`;
+}
+export const chatCompletionsRouteModule = {
+    registerChatCompletionRoute
+};

package/packages/server/dist/http/routes/health-routes.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { FastifyInstance } from "fastify";
+declare function registerHealthRoutes(app: FastifyInstance): void;
+export declare const healthRoutesModule: {
+    registerHealthRoutes: typeof registerHealthRoutes;
+};
+export {};

package/packages/server/dist/http/routes/health-routes.js ADDED Viewed

@@ -0,0 +1,7 @@
+function registerHealthRoutes(app) {
+    app.get("/health", async () => ({ ok: true }));
+    app.get("/ready", async () => ({ ok: true }));
+}
+export const healthRoutesModule = {
+    registerHealthRoutes
+};

package/packages/server/dist/http/routes/message-routes.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { FastifyInstance } from "fastify";
+import type { BridgeApiRouteContext } from "../bridge-api-route-context.ts";
+declare function registerMessageRoutes(app: FastifyInstance, context: BridgeApiRouteContext): void;
+export declare const messageRoutesModule: {
+    registerMessageRoutes: typeof registerMessageRoutes;
+};
+export {};

package/packages/server/dist/http/routes/message-routes.js ADDED Viewed

@@ -0,0 +1,7 @@
+function registerMessageRoutes(app, context) {
+    app.post("/v1/respond", async (request) => context.service.respond(request.body));
+    app.post("/v1/sessions/:sessionId/messages", async (request) => context.service.respond(request.body, request.params.sessionId));
+}
+export const messageRoutesModule = {
+    registerMessageRoutes
+};

package/packages/server/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,85 @@
+export declare const bridgeServer: {
+    BridgeApiHttpError: typeof import("./client/bridge-api-client.ts").BridgeApiHttpError;
+    buildHealthUrl: (baseUrl: string) => string;
+    buildSessionMessageUrl: (baseUrl: string, sessionId: string) => string;
+    checkBridgeHealth: (input: import("./client/bridge-api-client.ts").CheckBridgeHealthInput) => Promise<import("./shared/api-schema.ts").BridgeHealthResponse>;
+    sendBridgeMessage: (input: import("./client/bridge-api-client.ts").SendBridgeMessageInput) => Promise<import("./shared/api-schema.ts").BridgeMessageResponse>;
+    loadBridgeServerConfig: (env?: NodeJS.ProcessEnv, overrides?: import("./config/bridge-server-config.ts").BridgeServerConfigOverrides) => import("./config/bridge-server-config.ts").BridgeServerConfig;
+    BridgeApiError: typeof import("./shared/bridge-api-error.ts").BridgeApiError;
+    isBridgeApiError: (error: unknown) => error is import("./shared/bridge-api-error.ts").BridgeApiError;
+    DEFAULT_LIVE_CANARY_EXPECTED_SUBSTRING: string;
+    DEFAULT_LIVE_CANARY_PROMPT: string;
+    formatLiveProviderExtractionCanaryResult: (result: import("./bridge/live-provider-extraction-canary.ts").LiveProviderExtractionCanaryResult) => string;
+    runLiveProviderExtractionCanary: (input: import("./bridge/live-provider-extraction-canary.ts").LiveProviderExtractionCanaryInput) => Promise<import("./bridge/live-provider-extraction-canary.ts").LiveProviderExtractionCanaryResult>;
+    sanitizeBridgeApiOutput: (content: string) => import("@uncensoredcode/openbridge/runtime").VisibleModelOutputSanitizationResult;
+    createBridgeRuntimeService: (dependencies: import("./bridge/bridge-runtime-service.ts").BridgeRuntimeServiceDependencies) => {
+        respond(request: import("./shared/api-schema.ts").BridgeMessageRequest, pathSessionId?: string): Promise<import("./shared/api-schema.ts").BridgeMessageResponse>;
+        execute(request: {
+            sessionId: string;
+            input: string;
+            providerId: string;
+            modelId: string;
+            metadata?: Record<string, unknown>;
+            toolProfile?: import("./shared/api-schema.ts").BridgeApiToolProfile;
+            sessionHistory?: import("@uncensoredcode/openbridge/runtime").BridgeSessionTurn[];
+            persistSession?: boolean;
+        }): Promise<import("./shared/api-schema.ts").BridgeMessageResponse>;
+        completeChatCompletionPacket(request: {
+            sessionId: string;
+            providerId: string;
+            modelId: string;
+            messages: import("@uncensoredcode/openbridge/runtime").CompiledProviderMessage[];
+            tools: import("./shared/api-schema.ts").BridgeChatCompletionTool[];
+            toolChoice?: import("./shared/api-schema.ts").BridgeChatCompletionRequest["tool_choice"];
+            continuation: boolean;
+            toolFollowUp: boolean;
+            metadata?: Record<string, unknown>;
+            persistSession?: boolean;
+        }): Promise<{
+            packet: import("@uncensoredcode/openbridge/runtime").AssistantResponse;
+            providerBindingReused: boolean;
+        }>;
+        streamChatCompletionPacket(request: {
+            sessionId: string;
+            providerId: string;
+            modelId: string;
+            messages: import("@uncensoredcode/openbridge/runtime").CompiledProviderMessage[];
+            tools: import("./shared/api-schema.ts").BridgeChatCompletionTool[];
+            toolChoice?: import("./shared/api-schema.ts").BridgeChatCompletionRequest["tool_choice"];
+            continuation: boolean;
+            toolFollowUp: boolean;
+            metadata?: Record<string, unknown>;
+            persistSession?: boolean;
+        }): Promise<{
+            content: AsyncIterable<import("./bridge/providers/provider-streams.ts").ProviderStreamFragment>;
+            packet: Promise<import("@uncensoredcode/openbridge/runtime").AssistantResponse>;
+            providerBindingReused: boolean;
+        }>;
+        streamChatCompletion(request: {
+            sessionId: string;
+            input: string;
+            providerId: string;
+            modelId: string;
+            metadata?: Record<string, unknown>;
+            toolProfile?: import("./shared/api-schema.ts").BridgeApiToolProfile;
+            sessionHistory?: import("@uncensoredcode/openbridge/runtime").BridgeSessionTurn[];
+            persistSession?: boolean;
+        }): Promise<AsyncIterable<string>>;
+    };
+    createBridgeApiServer: (options?: import("./http/create-bridge-api-server.ts").BridgeApiServerOptions) => import("node:http").Server<typeof import("node:http").IncomingMessage, typeof import("node:http").ServerResponse>;
+    startBridgeApiServer: (options?: import("./http/create-bridge-api-server.ts").BridgeApiServerOptions) => Promise<import("node:http").Server<typeof import("node:http").IncomingMessage, typeof import("node:http").ServerResponse>>;
+    getBridgeServerCliHelpText: () => string;
+    parseBridgeServerCliArgs: (input: {
+        argv: string[];
+        env?: NodeJS.ProcessEnv;
+    }) => import("./cli/run-bridge-server-cli.ts").BridgeServerCliCommand;
+    runBridgeServerCli: (input: import("./cli/run-bridge-server-cli.ts").RunBridgeServerCliInput) => Promise<number>;
+};
+export type { LiveProviderExtractionCanaryInput, LiveProviderExtractionCanaryResult } from "./bridge/index.ts";
+export type { BridgeRuntimeServiceDependencies } from "./bridge/index.ts";
+export type { BridgeServerCliCommand, RunBridgeServerCliInput } from "./cli/index.ts";
+export type { BridgeApiClientFetch, CheckBridgeHealthInput, SendBridgeMessageInput } from "./client/index.ts";
+export type { BridgeServerConfig } from "./config/index.ts";
+export type { BridgeApiServerOptions } from "./http/index.ts";
+export type { BridgeApiErrorResponse, BridgeApiToolProfile, BridgeChatCompletionMessage, BridgeChatCompletionRequest, BridgeChatCompletionResponse, BridgeHealthResponse, BridgeMessageRequest, BridgeMessageResponse, BridgeReadyResponse } from "./shared/api-schema.ts";
+export type { BridgeApiError } from "./shared/bridge-api-error.ts";

package/packages/server/dist/index.js ADDED Viewed

@@ -0,0 +1,28 @@
+import { bridgeModule } from "./bridge/index.js";
+import { cliModule } from "./cli/index.js";
+import { clientModule } from "./client/index.js";
+import { configModule } from "./config/index.js";
+import { httpModule } from "./http/index.js";
+import { bridgeApiErrorModule } from "./shared/bridge-api-error.js";
+import { outputModule } from "./shared/output.js";
+export const bridgeServer = {
+    BridgeApiHttpError: clientModule.BridgeApiHttpError,
+    buildHealthUrl: clientModule.buildHealthUrl,
+    buildSessionMessageUrl: clientModule.buildSessionMessageUrl,
+    checkBridgeHealth: clientModule.checkBridgeHealth,
+    sendBridgeMessage: clientModule.sendBridgeMessage,
+    loadBridgeServerConfig: configModule.loadBridgeServerConfig,
+    BridgeApiError: bridgeApiErrorModule.BridgeApiError,
+    isBridgeApiError: bridgeApiErrorModule.isBridgeApiError,
+    DEFAULT_LIVE_CANARY_EXPECTED_SUBSTRING: bridgeModule.DEFAULT_LIVE_CANARY_EXPECTED_SUBSTRING,
+    DEFAULT_LIVE_CANARY_PROMPT: bridgeModule.DEFAULT_LIVE_CANARY_PROMPT,
+    formatLiveProviderExtractionCanaryResult: bridgeModule.formatLiveProviderExtractionCanaryResult,
+    runLiveProviderExtractionCanary: bridgeModule.runLiveProviderExtractionCanary,
+    sanitizeBridgeApiOutput: outputModule.sanitizeBridgeApiOutput,
+    createBridgeRuntimeService: bridgeModule.createBridgeRuntimeService,
+    createBridgeApiServer: httpModule.createBridgeApiServer,
+    startBridgeApiServer: httpModule.startBridgeApiServer,
+    getBridgeServerCliHelpText: cliModule.getBridgeServerCliHelpText,
+    parseBridgeServerCliArgs: cliModule.parseBridgeServerCliArgs,
+    runBridgeServerCli: cliModule.runBridgeServerCli
+};

package/packages/server/dist/security/bridge-auth.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { IncomingHttpHeaders } from "node:http";
+import type { FastifyRequest } from "fastify";
+declare function isAuthorizedBridgeRequest(headers: IncomingHttpHeaders, configuredToken: string | null | undefined): boolean;
+declare function requiresBridgeAuth(request: FastifyRequest, configuredToken: string | null | undefined): boolean;
+export declare const bridgeAuthModule: {
+    isAuthorizedBridgeRequest: typeof isAuthorizedBridgeRequest;
+    requiresBridgeAuth: typeof requiresBridgeAuth;
+};
+export {};

package/packages/server/dist/security/bridge-auth.js ADDED Viewed

@@ -0,0 +1,41 @@
+import { timingSafeEqual } from "node:crypto";
+function isAuthorizedBridgeRequest(headers, configuredToken) {
+    if (!configuredToken) {
+        return true;
+    }
+    const providedToken = readBearerToken(headers.authorization) ?? readHeaderString(headers["x-bridge-token"]);
+    if (!providedToken) {
+        return false;
+    }
+    const expected = Buffer.from(configuredToken, "utf8");
+    const actual = Buffer.from(providedToken, "utf8");
+    if (expected.length !== actual.length) {
+        return false;
+    }
+    return timingSafeEqual(expected, actual);
+}
+function requiresBridgeAuth(request, configuredToken) {
+    if (!configuredToken) {
+        return false;
+    }
+    const pathname = request.raw.url?.split("?")[0] ?? request.url;
+    return pathname !== "/health" && pathname !== "/ready";
+}
+function readBearerToken(value) {
+    const normalized = readHeaderString(value);
+    if (!normalized || !/^Bearer\s+/i.test(normalized)) {
+        return null;
+    }
+    const token = normalized.replace(/^Bearer\s+/i, "").trim();
+    return token || null;
+}
+function readHeaderString(value) {
+    if (Array.isArray(value)) {
+        return value[0]?.trim() || null;
+    }
+    return value?.trim() || null;
+}
+export const bridgeAuthModule = {
+    isAuthorizedBridgeRequest,
+    requiresBridgeAuth
+};

package/packages/server/dist/security/cors-policy.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+declare function resolveCorsOrigin(origin: string | undefined, configuredOrigins: string[] | undefined): string | null;
+export declare const corsPolicyModule: {
+    resolveCorsOrigin: typeof resolveCorsOrigin;
+};
+export {};

package/packages/server/dist/security/cors-policy.js ADDED Viewed

@@ -0,0 +1,34 @@
+import { configModule } from "../config/index.js";
+const { isLocalBridgeHost, isWildcardCorsOrigins } = configModule;
+function resolveCorsOrigin(origin, configuredOrigins) {
+    const normalizedOrigin = origin?.trim();
+    if (!normalizedOrigin) {
+        return null;
+    }
+    if (isWildcardCorsOrigins(configuredOrigins)) {
+        return "*";
+    }
+    if (configuredOrigins && configuredOrigins.length > 0) {
+        return configuredOrigins.includes(normalizedOrigin) ? normalizedOrigin : null;
+    }
+    return isDefaultAllowedCorsOrigin(normalizedOrigin) ? normalizedOrigin : null;
+}
+function isDefaultAllowedCorsOrigin(origin) {
+    let parsed;
+    try {
+        parsed = new URL(origin);
+    }
+    catch {
+        return false;
+    }
+    if (parsed.protocol === "chrome-extension:" || parsed.protocol === "moz-extension:") {
+        return true;
+    }
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+        return false;
+    }
+    return isLocalBridgeHost(parsed.hostname);
+}
+export const corsPolicyModule = {
+    resolveCorsOrigin
+};

package/packages/server/dist/security/index.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+export declare const securityModule: {
+    isAuthorizedBridgeRequest: (headers: import("node:http").IncomingHttpHeaders, configuredToken: string | null | undefined) => boolean;
+    requiresBridgeAuth: (request: import("fastify").FastifyRequest, configuredToken: string | null | undefined) => boolean;
+    resolveCorsOrigin: (origin: string | undefined, configuredOrigins: string[] | undefined) => string | null;
+    formatBridgeServerErrorLog: (error: unknown, context?: {
+        method?: string;
+        url?: string;
+    }) => string;
+    redactSensitiveValue: (value: unknown, path?: string[]) => unknown;
+    sanitizeBridgeApiErrorPayload: (error: import("../index.ts").BridgeApiError) => {
+        code: string;
+        message: string;
+        details: unknown;
+    };
+    sanitizeSensitiveText: (value: string) => string;
+};

package/packages/server/dist/security/index.js ADDED Viewed

@@ -0,0 +1,12 @@
+import { bridgeAuthModule } from "./bridge-auth.js";
+import { corsPolicyModule } from "./cors-policy.js";
+import { redactSensitiveValuesModule } from "./redact-sensitive-values.js";
+export const securityModule = {
+    isAuthorizedBridgeRequest: bridgeAuthModule.isAuthorizedBridgeRequest,
+    requiresBridgeAuth: bridgeAuthModule.requiresBridgeAuth,
+    resolveCorsOrigin: corsPolicyModule.resolveCorsOrigin,
+    formatBridgeServerErrorLog: redactSensitiveValuesModule.formatBridgeServerErrorLog,
+    redactSensitiveValue: redactSensitiveValuesModule.redactSensitiveValue,
+    sanitizeBridgeApiErrorPayload: redactSensitiveValuesModule.sanitizeBridgeApiErrorPayload,
+    sanitizeSensitiveText: redactSensitiveValuesModule.sanitizeSensitiveText
+};

package/packages/server/dist/security/redact-sensitive-values.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import type { BridgeApiError } from "../shared/bridge-api-error.ts";
+declare function sanitizeBridgeApiErrorPayload(error: BridgeApiError): {
+    code: string;
+    message: string;
+    details: unknown;
+};
+declare function formatBridgeServerErrorLog(error: unknown, context?: {
+    method?: string;
+    url?: string;
+}): string;
+declare function redactSensitiveValue(value: unknown, path?: string[]): unknown;
+declare function sanitizeSensitiveText(value: string): string;
+export declare const redactSensitiveValuesModule: {
+    sanitizeBridgeApiErrorPayload: typeof sanitizeBridgeApiErrorPayload;
+    formatBridgeServerErrorLog: typeof formatBridgeServerErrorLog;
+    redactSensitiveValue: typeof redactSensitiveValue;
+    sanitizeSensitiveText: typeof sanitizeSensitiveText;
+};
+export {};

package/packages/server/dist/security/redact-sensitive-values.js ADDED Viewed

@@ -0,0 +1,67 @@
+const REDACTED = "[REDACTED]";
+const SENSITIVE_KEY_PATTERN = /(authorization|headers?|cookie|cookies|set-cookie|localstorage|token|secret|bearer|session[-_]?package|extraheaders?|ciphertext|authtag|vaultkey|sessionvaultkey)/i;
+function sanitizeBridgeApiErrorPayload(error) {
+    return {
+        code: error.code,
+        message: sanitizeSensitiveText(error.message),
+        details: error.details === undefined ? undefined : redactSensitiveValue(error.details)
+    };
+}
+function formatBridgeServerErrorLog(error, context = {}) {
+    const prefix = [
+        context.method && context.url ? `${context.method} ${context.url}` : (context.url ?? null),
+        "bridge-server error"
+    ]
+        .filter((segment) => Boolean(segment))
+        .join(": ");
+    if (typeof error === "object" && error !== null) {
+        const name = "name" in error && typeof error.name === "string" ? error.name : "Error";
+        const code = "code" in error && typeof error.code === "string" ? error.code : "";
+        const message = "message" in error && typeof error.message === "string" ? error.message : "";
+        const details = "details" in error && error.details !== undefined
+            ? ` details=${JSON.stringify(redactSensitiveValue(error.details))}`
+            : "";
+        return `${prefix}: ${sanitizeSensitiveText([name, code, message].filter(Boolean).join(" "))}${details}`;
+    }
+    return `${prefix}: ${sanitizeSensitiveText(String(error))}`;
+}
+function redactSensitiveValue(value, path = []) {
+    const currentKey = path.at(-1) ?? "";
+    if (isSensitiveKey(currentKey)) {
+        return REDACTED;
+    }
+    if (typeof value === "string") {
+        return sanitizeSensitiveText(value);
+    }
+    if (Array.isArray(value)) {
+        return value.map((entry) => redactSensitiveValue(entry, path));
+    }
+    if (value && typeof value === "object") {
+        const result = {};
+        for (const [key, entry] of Object.entries(value)) {
+            result[key] = redactSensitiveValue(entry, [...path, key]);
+        }
+        return result;
+    }
+    return value;
+}
+function sanitizeSensitiveText(value) {
+    return value
+        .replace(/(Authorization\s*:\s*)Bearer\s+[^\s",]+/gi, "$1Bearer [REDACTED]")
+        .replace(/(["']authorization["']\s*:\s*["'])Bearer\s+[^"']+(["'])/gi, `$1Bearer ${REDACTED}$2`)
+        .replace(/Bearer\s+[^\s",]+/gi, "Bearer [REDACTED]")
+        .replace(/((?:cookie|set-cookie)\s*[:=]\s*)([^"'\n}]+)/gi, (_match, prefix, cookieHeader) => {
+        return `${prefix}${cookieHeader.replace(/([A-Za-z0-9._-]+\s*=)[^;,\s]+/g, `$1${REDACTED}`)}`;
+    })
+        .replace(/(["']?(?:token|access_token|refresh_token|bearerToken)["']?\s*[:=]\s*["']?)[^"',\s}]+/gi, `$1${REDACTED}`)
+        .replace(/((?:session|cookie)\s*=\s*)[^;\s",]+/gi, `$1${REDACTED}`);
+}
+function isSensitiveKey(value) {
+    return SENSITIVE_KEY_PATTERN.test(value);
+}
+export const redactSensitiveValuesModule = {
+    sanitizeBridgeApiErrorPayload,
+    formatBridgeServerErrorLog,
+    redactSensitiveValue,
+    sanitizeSensitiveText
+};