@vellumai/assistant 0.4.23 → 0.4.26

package/src/tools/network/script-proxy/connect-tunnel.ts

@@ -1,82 +1 @@
-/**
- * CONNECT tunnel handler — establishes a raw TCP tunnel between the
- * client and a remote host for HTTPS pass-through (no MITM).
- */
-
-import type { IncomingMessage } from 'node:http';
-import { connect, type Socket } from 'node:net';
-
-/**
- * Parse and validate a CONNECT target of the form `host:port`.
- * Returns null if the target is malformed.
- * Strips brackets from IPv6 literals (e.g. `[::1]:443` -> `::1`).
- */
-function parseTarget(url: string | undefined): { host: string; port: number } | null {
-  if (!url) return null;
-
-  const colonIdx = url.lastIndexOf(':');
-  if (colonIdx <= 0) return null; // no port separator, or leading colon only
-
-  let host = url.slice(0, colonIdx);
-  const portStr = url.slice(colonIdx + 1);
-
-  if (!host || !portStr) return null;
-
-  const port = Number(portStr);
-  if (!Number.isInteger(port) || port < 1 || port > 65535) return null;
-
-  // Strip brackets from IPv6 literals — net.connect expects the raw address
-  if (host.startsWith('[') && host.endsWith(']')) {
-    host = host.slice(1, -1);
-    if (!host) return null;
-  }
-
-  return { host, port };
-}
-
-/**
- * Handle an HTTP CONNECT request by establishing a bidirectional TCP
- * tunnel to the requested target.
- */
-export function handleConnect(
-  req: IncomingMessage,
-  clientSocket: Socket,
-  head: Buffer,
-): void {
-  const target = parseTarget(req.url);
-
-  if (!target) {
-    clientSocket.write('HTTP/1.1 400 Bad Request\r\n\r\n');
-    clientSocket.destroy();
-    return;
-  }
-
-  let tunnelEstablished = false;
-
-  const upstream = connect(target.port, target.host, () => {
-    tunnelEstablished = true;
-    clientSocket.write('HTTP/1.1 200 Connection Established\r\n\r\n');
-
-    // Forward any data already buffered by the HTTP parser
-    if (head.length > 0) {
-      upstream.write(head);
-    }
-
-    // Bidirectional piping
-    upstream.pipe(clientSocket);
-    clientSocket.pipe(upstream);
-  });
-
-  upstream.on('error', () => {
-    // Only send HTTP error if the tunnel hasn't been established yet;
-    // once established the client expects raw TLS, not HTTP framing
-    if (!tunnelEstablished && clientSocket.writable) {
-      clientSocket.write('HTTP/1.1 502 Bad Gateway\r\n\r\n');
-    }
-    clientSocket.destroy();
-  });
-
-  clientSocket.on('error', () => {
-    upstream.destroy();
-  });
-}
+export { handleConnect } from "@vellumai/proxy-sidecar";

package/src/tools/network/script-proxy/http-forwarder.ts

@@ -1,151 +1,2 @@
-/**
- * HTTP proxy forwarder — parses absolute-URL proxy requests and forwards
- * them to the upstream server with full body streaming.
- */
-
-import { type IncomingMessage, request as httpRequest, type ServerResponse } from 'node:http';
-import { URL } from 'node:url';
-
-/** Hop-by-hop headers that MUST NOT be forwarded between proxy hops. */
-const HOP_BY_HOP = new Set([
-  'connection',
-  'keep-alive',
-  'proxy-authenticate',
-  'proxy-authorization',
-  'proxy-connection',
-  'te',
-  'trailer',
-  'transfer-encoding',
-  'upgrade',
-]);
-
-/**
- * Optional callback for credential injection or policy gating.
- * Called before the upstream request is sent. Returns extra headers
- * to merge, or null to reject the request.
- */
-export type PolicyCallback = (
-  hostname: string,
-  port: number | null,
-  path: string,
-  scheme: 'http' | 'https',
-) => Promise<Record<string, string> | null>;
-
-/**
- * Strip hop-by-hop headers and Connection-token headers (RFC 7230 s6.1)
- * from an incoming header set, preserving multi-value arrays.
- */
-function filterHeaders(raw: IncomingMessage['headers']): Record<string, string | string[]> {
-  // Collect extra headers listed in the Connection header (RFC 7230 s6.1)
-  const connectionTokens = new Set<string>();
-  const connValue = raw['connection'];
-  if (connValue) {
-    const values = Array.isArray(connValue) ? connValue : [connValue];
-    for (const v of values) {
-      for (const token of v.split(',')) {
-        connectionTokens.add(token.trim().toLowerCase());
-      }
-    }
-  }
-
-  const out: Record<string, string | string[]> = {};
-  for (const [key, value] of Object.entries(raw)) {
-    const lower = key.toLowerCase();
-    if (HOP_BY_HOP.has(lower)) continue;
-    if (connectionTokens.has(lower)) continue;
-    if (value === undefined) continue;
-    out[key] = value;
-  }
-  return out;
-}
-
-/**
- * Forward a plain HTTP proxy request (absolute-URL form) to the upstream
- * server and stream the response back to the client.
- */
-export function forwardHttpRequest(
-  clientReq: IncomingMessage,
-  clientRes: ServerResponse,
-  policyCallback?: PolicyCallback,
-): void {
-  const urlStr = clientReq.url;
-  if (!urlStr) {
-    clientRes.writeHead(400, { 'Content-Type': 'text/plain' });
-    clientRes.end('Bad Request');
-    return;
-  }
-
-  let parsed: URL;
-  try {
-    parsed = new URL(urlStr);
-  } catch {
-    clientRes.writeHead(400, { 'Content-Type': 'text/plain' });
-    clientRes.end('Bad Request');
-    return;
-  }
-
-  if (parsed.protocol !== 'http:') {
-    clientRes.writeHead(400, { 'Content-Type': 'text/plain' });
-    clientRes.end('Only HTTP is supported for non-CONNECT proxy requests');
-    return;
-  }
-
-  const hostname = parsed.hostname;
-  const port = parsed.port ? Number(parsed.port) : 80;
-  const path = parsed.pathname + parsed.search;
-
-  const doForward = (extraHeaders: Record<string, string> = {}) => {
-    const headers = { ...filterHeaders(clientReq.headers), ...extraHeaders };
-    // Ensure Host header matches the upstream target
-    headers['host'] = parsed.host;
-
-    const upstreamReq = httpRequest(
-      {
-        hostname,
-        port,
-        path,
-        method: clientReq.method,
-        headers,
-      },
-      (upstreamRes: IncomingMessage) => {
-        const responseHeaders = filterHeaders(upstreamRes.headers);
-        clientRes.writeHead(upstreamRes.statusCode ?? 502, responseHeaders);
-        upstreamRes.on('error', () => {
-          clientRes.destroy();
-        });
-        upstreamRes.pipe(clientRes);
-      },
-    );
-
-    upstreamReq.on('error', () => {
-      // Don't leak internal error details — generic 502
-      if (!clientRes.headersSent) {
-        clientRes.writeHead(502, { 'Content-Type': 'text/plain' });
-      }
-      clientRes.end('Bad Gateway');
-    });
-
-    // Stream client body to upstream
-    clientReq.pipe(upstreamReq);
-  };
-
-  if (policyCallback) {
-    policyCallback(hostname, parsed.port ? Number(parsed.port) : null, path, 'http')
-      .then((extraHeaders) => {
-        if (extraHeaders == null) {
-          clientRes.writeHead(403, { 'Content-Type': 'text/plain' });
-          clientRes.end('Forbidden');
-          return;
-        }
-        doForward(extraHeaders);
-      })
-      .catch(() => {
-        if (!clientRes.headersSent) {
-          clientRes.writeHead(502, { 'Content-Type': 'text/plain' });
-        }
-        clientRes.end('Bad Gateway');
-      });
-  } else {
-    doForward();
-  }
-}
+export type { PolicyCallback } from "@vellumai/proxy-sidecar";
+export { forwardHttpRequest } from "@vellumai/proxy-sidecar";

package/src/tools/network/script-proxy/logging.ts

@@ -1,196 +1,12 @@
-/**
- * Safe diagnostic logging helpers for the proxy subsystem.
- *
- * All sanitizers and trace builders are designed to NEVER include secret
- * values by construction — sanitizers redact sensitive header/query values,
- * and trace builders only reference host patterns, decision kinds, and
- * candidate counts.
- */
-
-const REDACTED = '[REDACTED]';
-
-/**
- * Replace values of sensitive header keys with a redaction placeholder.
- *
- * Matching is case-insensitive — "Authorization" and "authorization"
- * are both caught. The caller supplies the set of sensitive key names
- * (lowercased) because different credential templates inject into
- * different headers.
- */
-export function sanitizeHeaders(
-  headers: Record<string, string>,
-  sensitiveKeys: string[],
-): Record<string, string> {
-  const lower = new Set(sensitiveKeys.map((k) => k.toLowerCase()));
-  const out: Record<string, string> = {};
-
-  for (const [key, value] of Object.entries(headers)) {
-    out[key] = lower.has(key.toLowerCase()) ? REDACTED : value;
-  }
-
-  return out;
-}
-
-/**
- * Redact query-parameter values for sensitive param names.
- *
- * Returns a URL string where the values of `sensitiveParams` are
- * replaced with the redaction placeholder. Non-sensitive params and
- * the rest of the URL are preserved verbatim.
- */
-export function sanitizeUrl(
-  url: string,
-  sensitiveParams: string[],
-): string {
-  if (sensitiveParams.length === 0) return url;
-
-  // Guard against malformed input — return the URL unchanged if it
-  // doesn't contain a query string at all.
-  const qIdx = url.indexOf('?');
-  if (qIdx === -1) return url;
-
-  try {
-    // Build a full URL if given an absolute path, otherwise parse as-is
-    const parseable = url.startsWith('/') ? `http://placeholder${url}` : url;
-    const parsed = new URL(parseable);
-    const lower = new Set(sensitiveParams.map((p) => p.toLowerCase()));
-
-    for (const key of Array.from(parsed.searchParams.keys())) {
-      if (lower.has(key.toLowerCase())) {
-        parsed.searchParams.set(key, REDACTED);
-      }
-    }
-
-    // Reconstruct the original shape: if the input was a path we strip
-    // the placeholder origin so the caller gets back a relative path.
-    if (url.startsWith('/')) {
-      return parsed.pathname + parsed.search;
-    }
-    return parsed.toString();
-  } catch {
-    // Fail closed: if we can't parse the URL, strip the query string
-    // entirely rather than risk leaking secrets in log output.
-    return url.slice(0, qIdx);
-  }
-}
-
-/**
- * Build a log-safe snapshot of an outbound proxy request.
- *
- * `sensitiveKeys` should include header names and query param names
- * that carry credential values (e.g. "Authorization", "api_key").
- */
-export function createSafeLogEntry(
-  req: { method: string; url: string; headers: Record<string, string> },
-  sensitiveKeys: string[],
-): { method: string; url: string; headers: Record<string, string> } {
-  return {
-    method: req.method,
-    url: sanitizeUrl(req.url, sensitiveKeys),
-    headers: sanitizeHeaders(req.headers, sensitiveKeys),
-  };
-}
-
-// ---------------------------------------------------------------------------
-// Policy/rewrite decision trace
-// ---------------------------------------------------------------------------
-
-import type { PolicyDecision } from './types.js';
-
-export interface ProxyDecisionTrace {
-  /** Target hostname. */
-  host: string;
-  /** Target port (null = default for scheme). */
-  port: number | null;
-  /** Request path. */
-  path: string;
-  /** Protocol scheme. */
-  scheme: 'http' | 'https';
-  /** The decision kind emitted by the policy engine. */
-  decisionKind: PolicyDecision['kind'];
-  /** Number of candidate templates that matched before disambiguation. */
-  candidateCount: number;
-  /** The host pattern of the selected template, if any. */
-  selectedPattern: string | null;
-  /** The credential ID of the selected credential, if any. */
-  selectedCredentialId: string | null;
-}
-
-/**
- * Strip the query string from a URL path so that secrets passed as
- * query parameters (API keys, tokens) are never recorded in traces.
- */
-export function stripQueryString(p: string): string {
-  const idx = p.indexOf('?');
-  return idx === -1 ? p : p.slice(0, idx);
-}
-
-/**
- * Build a structured trace record from a policy decision.
- *
- * Intentionally excludes all secret-bearing fields (header values,
- * storage keys, injected tokens) — only patterns, counts, and
- * decision metadata are included. Query parameters are stripped from
- * the path to prevent leaking secrets (API keys, tokens) into logs.
- */
-export function buildDecisionTrace(
-  host: string,
-  port: number | null,
-  path: string,
-  scheme: 'http' | 'https',
-  decision: PolicyDecision,
-): ProxyDecisionTrace {
-  let candidateCount = 0;
-  let selectedPattern: string | null = null;
-  let selectedCredentialId: string | null = null;
-
-  switch (decision.kind) {
-    case 'matched':
-      candidateCount = 1;
-      selectedPattern = decision.template.hostPattern;
-      selectedCredentialId = decision.credentialId;
-      break;
-    case 'ambiguous':
-      candidateCount = decision.candidates.length;
-      break;
-    case 'ask_missing_credential':
-      candidateCount = decision.matchingPatterns.length;
-      break;
-    // 'missing', 'unauthenticated', 'ask_unauthenticated' — no candidates
-  }
-
-  return {
-    host,
-    port,
-    path: stripQueryString(path),
-    scheme,
-    decisionKind: decision.kind,
-    candidateCount,
-    selectedPattern,
-    selectedCredentialId,
-  };
-}
-
-// ---------------------------------------------------------------------------
-// Credential ref resolution trace
-// ---------------------------------------------------------------------------
-
-export interface CredentialRefTrace {
-  /** The raw refs provided by the caller. */
-  rawRefs: string[];
-  /** The resolved canonical UUIDs. */
-  resolvedIds: string[];
-  /** Any refs that could not be resolved. */
-  unresolvedRefs: string[];
-}
-
-/**
- * Build a credential ref resolution trace for diagnostic logging.
- */
-export function buildCredentialRefTrace(
-  rawRefs: string[],
-  resolvedIds: string[],
-  unresolvedRefs: string[],
-): CredentialRefTrace {
-  return { rawRefs, resolvedIds, unresolvedRefs };
-}
+export type {
+  CredentialRefTrace,
+  ProxyDecisionTrace,
+} from "@vellumai/proxy-sidecar";
+export {
+  buildCredentialRefTrace,
+  buildDecisionTrace,
+  createSafeLogEntry,
+  sanitizeHeaders,
+  sanitizeUrl,
+  stripQueryString,
+} from "@vellumai/proxy-sidecar";