@vettly/supabase 0.1.0

package/README.md

@@ -0,0 +1,266 @@
+# @vettly/supabase
+
+Vettly content moderation for Supabase Edge Functions. Deno-compatible, fetch-based client.
+
+## Installation
+
+```bash
+npm install @vettly/supabase
+```
+
+Or with Deno in your Edge Function:
+
+```typescript
+import { moderate } from 'npm:@vettly/supabase'
+```
+
+## Quick Start
+
+### One-liner Edge Function
+
+```typescript
+import { createModerationHandler } from '@vettly/supabase'
+
+// Moderate all incoming content
+Deno.serve(createModerationHandler({
+  policyId: 'default',
+  onBlock: (result) => new Response(JSON.stringify({
+    error: 'Content blocked',
+    reason: result.categories.filter(c => c.flagged)
+  }), { status: 403, headers: { 'Content-Type': 'application/json' } })
+}))
+```
+
+### Manual Control
+
+```typescript
+import { moderate } from '@vettly/supabase'
+
+Deno.serve(async (req) => {
+  const { content, userId } = await req.json()
+
+  // Moderate content first
+  const result = await moderate(content, { policyId: 'strict' })
+
+  if (result.action === 'block') {
+    return new Response('Content blocked', { status: 403 })
+  }
+
+  // Content is safe, continue with your logic
+  // await supabase.from('posts').insert({ content, userId })
+
+  return new Response(JSON.stringify({ success: true }), {
+    headers: { 'Content-Type': 'application/json' }
+  })
+})
+```
+
+### Middleware Pattern
+
+```typescript
+import { withModeration } from '@vettly/supabase'
+
+const handler = withModeration(
+  async (req, moderationResult) => {
+    // Content already passed moderation
+    const { content, userId } = await req.json()
+
+    // Insert into database...
+    // await supabase.from('posts').insert({ content, userId })
+
+    return new Response(JSON.stringify({
+      success: true,
+      moderation: {
+        decisionId: moderationResult.decisionId,
+        safe: moderationResult.safe
+      }
+    }), { headers: { 'Content-Type': 'application/json' } })
+  },
+  { policyId: 'user-content' }
+)
+
+Deno.serve(handler)
+```
+
+## Configuration
+
+### Environment Variable
+
+Set `VETTLY_API_KEY` in your Supabase project secrets:
+
+```bash
+supabase secrets set VETTLY_API_KEY=your_api_key
+```
+
+### Programmatic Configuration
+
+```typescript
+import { createClient } from '@vettly/supabase'
+
+const vettly = createClient({
+  apiKey: Deno.env.get('VETTLY_API_KEY')!,
+  apiUrl: 'https://api.vettly.dev', // optional
+  timeout: 30000 // optional, in ms
+})
+
+const result = await vettly.check('Hello world', { policyId: 'default' })
+```
+
+## API Reference
+
+### `moderate(content, options?)`
+
+Moderate text content using the default client.
+
+```typescript
+const result = await moderate('User generated content', {
+  policyId: 'strict',      // Policy to use (default: 'default')
+  contentType: 'text',     // 'text' | 'image' | 'video'
+  language: 'en',          // ISO 639-1 language code
+  metadata: { userId: '123' }
+})
+
+// Result:
+// {
+//   decisionId: 'dec_123',
+//   safe: true,
+//   flagged: false,
+//   action: 'allow',
+//   categories: [{ category: 'hate_speech', score: 0.01, flagged: false }],
+//   provider: 'openai',
+//   latency: 150,
+//   cost: 0.0001
+// }
+```
+
+### `moderateImage(imageUrl, options?)`
+
+Moderate an image by URL.
+
+```typescript
+const result = await moderateImage('https://example.com/image.jpg', {
+  policyId: 'images'
+})
+```
+
+### `createModerationHandler(config)`
+
+Create an Edge Function handler that moderates incoming requests.
+
+```typescript
+import { createModerationHandler } from '@vettly/supabase'
+
+Deno.serve(createModerationHandler({
+  apiKey: Deno.env.get('VETTLY_API_KEY'),  // Optional, uses env var by default
+  policyId: 'default',
+
+  // Custom content extraction (default: reads req.json().content)
+  getContent: async (req) => {
+    const { message } = await req.json()
+    return message
+  },
+
+  // Handle blocked content
+  onBlock: (result, req) => {
+    return new Response(JSON.stringify({ blocked: true }), { status: 403 })
+  },
+
+  // Handle flagged content (logged but allowed)
+  onFlag: (result, req) => {
+    console.log('Flagged content:', result.decisionId)
+  },
+
+  // Handle warnings
+  onWarn: (result, req) => {
+    console.log('Warning:', result.categories)
+  },
+
+  // Handle allowed content
+  onAllow: (result, req) => {
+    return new Response(JSON.stringify({ success: true }))
+  },
+
+  // Handle errors
+  onError: (error, req) => {
+    console.error('Moderation error:', error)
+    return new Response('Error', { status: 500 })
+  }
+}))
+```
+
+### `withModeration(handler, config)`
+
+Middleware-style handler that moderates content before passing to your handler.
+
+```typescript
+import { withModeration } from '@vettly/supabase'
+
+const handler = withModeration(
+  async (req, moderationResult) => {
+    // Your handler receives the moderation result
+    console.log('Decision ID:', moderationResult.decisionId)
+    console.log('Safe:', moderationResult.safe)
+
+    // Process the request...
+    return new Response(JSON.stringify({ success: true }))
+  },
+  { policyId: 'user-content' }
+)
+
+Deno.serve(handler)
+```
+
+### `createClient(config)`
+
+Create a configured Vettly client for more control.
+
+```typescript
+const client = createClient({
+  apiKey: 'vettly_...',
+  apiUrl: 'https://api.vettly.dev',
+  timeout: 30000
+})
+
+// Text moderation
+const textResult = await client.check('Hello world', { policyId: 'default' })
+
+// Image moderation
+const imageResult = await client.checkImage('https://...', { policyId: 'images' })
+```
+
+## Error Handling
+
+```typescript
+import { moderate, VettlyError, VettlyAuthError, VettlyRateLimitError } from '@vettly/supabase'
+
+try {
+  const result = await moderate('content')
+} catch (error) {
+  if (error instanceof VettlyAuthError) {
+    console.error('Invalid API key')
+  } else if (error instanceof VettlyRateLimitError) {
+    console.error('Rate limited, retry after:', error.retryAfter)
+  } else if (error instanceof VettlyError) {
+    console.error('Vettly error:', error.code, error.message)
+  }
+}
+```
+
+## TypeScript Types
+
+```typescript
+import type {
+  ModerationResult,
+  ModerationOptions,
+  Action,
+  Category,
+  CategoryScore,
+  VettlyConfig,
+  EdgeHandlerOptions,
+  ModerationHandlerConfig
+} from '@vettly/supabase'
+```
+
+## License
+
+MIT

package/dist/chunk-LTC3D75K.js

@@ -0,0 +1,368 @@
+// src/types.ts
+var VettlyError = class extends Error {
+  code;
+  statusCode;
+  responseBody;
+  constructor(message, code, statusCode, responseBody) {
+    super(message);
+    this.name = "VettlyError";
+    this.code = code;
+    this.statusCode = statusCode;
+    this.responseBody = responseBody;
+  }
+};
+var VettlyAuthError = class extends VettlyError {
+  constructor(message = "Invalid API key") {
+    super(message, "AUTH_ERROR", 401);
+    this.name = "VettlyAuthError";
+  }
+};
+var VettlyRateLimitError = class extends VettlyError {
+  retryAfter;
+  constructor(message = "Rate limit exceeded", retryAfter) {
+    super(message, "RATE_LIMIT", 429);
+    this.name = "VettlyRateLimitError";
+    this.retryAfter = retryAfter;
+  }
+};
+var VettlyValidationError = class extends VettlyError {
+  errors;
+  constructor(message, errors) {
+    super(message, "VALIDATION_ERROR", 422);
+    this.name = "VettlyValidationError";
+    this.errors = errors;
+  }
+};
+
+// src/client.ts
+var DEFAULT_API_URL = "https://api.vettly.dev";
+var DEFAULT_TIMEOUT = 3e4;
+var SDK_VERSION = "0.1.0";
+function createClient(config) {
+  const apiUrl = config.apiUrl ?? DEFAULT_API_URL;
+  const timeout = config.timeout ?? DEFAULT_TIMEOUT;
+  const apiKey = config.apiKey;
+  if (!apiKey) {
+    throw new VettlyError(
+      "API key is required",
+      "CONFIG_ERROR",
+      500
+    );
+  }
+  async function request(method, path, body) {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeout);
+    try {
+      const response = await fetch(`${apiUrl}${path}`, {
+        method,
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${apiKey}`,
+          "User-Agent": `@vettly/supabase/${SDK_VERSION}`,
+          "X-Vettly-SDK-Version": SDK_VERSION
+        },
+        body: body ? JSON.stringify(body) : void 0,
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const errorBody = await response.json().catch(() => ({}));
+        switch (response.status) {
+          case 401:
+            throw new VettlyAuthError(errorBody.error || "Invalid API key");
+          case 429: {
+            const retryAfter = response.headers.get("Retry-After");
+            throw new VettlyRateLimitError(
+              errorBody.error || "Rate limit exceeded",
+              retryAfter ? parseInt(retryAfter, 10) : void 0
+            );
+          }
+          case 422:
+            throw new VettlyValidationError(
+              errorBody.error || "Validation error",
+              Array.isArray(errorBody.details) ? errorBody.details : []
+            );
+          default:
+            throw new VettlyError(
+              errorBody.error || `Request failed with status ${response.status}`,
+              errorBody.code || "API_ERROR",
+              response.status,
+              errorBody
+            );
+        }
+      }
+      return response.json();
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof VettlyError) {
+        throw error;
+      }
+      if (error instanceof Error && error.name === "AbortError") {
+        throw new VettlyError(
+          `Request timed out after ${timeout}ms`,
+          "TIMEOUT",
+          408
+        );
+      }
+      throw new VettlyError(
+        error instanceof Error ? error.message : "Unknown error",
+        "NETWORK_ERROR",
+        500
+      );
+    }
+  }
+  return {
+    /**
+     * Moderate text content
+     */
+    async check(content, options = {}) {
+      return request("POST", "/v1/moderate", {
+        content,
+        policyId: options.policyId ?? "default",
+        contentType: options.contentType ?? "text",
+        language: options.language,
+        metadata: options.metadata,
+        requestId: options.requestId
+      });
+    },
+    /**
+     * Moderate an image
+     */
+    async checkImage(imageUrl, options = {}) {
+      return request("POST", "/v1/moderate", {
+        content: imageUrl,
+        policyId: options.policyId ?? "default",
+        contentType: "image",
+        metadata: options.metadata,
+        requestId: options.requestId
+      });
+    }
+  };
+}
+var defaultClient = null;
+function getDefaultClient() {
+  if (defaultClient) {
+    return defaultClient;
+  }
+  const apiKey = typeof Deno !== "undefined" ? Deno.env.get("VETTLY_API_KEY") : typeof process !== "undefined" ? process.env.VETTLY_API_KEY : void 0;
+  if (!apiKey) {
+    throw new VettlyError(
+      "VETTLY_API_KEY environment variable is not set",
+      "CONFIG_ERROR",
+      500
+    );
+  }
+  defaultClient = createClient({ apiKey });
+  return defaultClient;
+}
+async function moderate(content, options = {}) {
+  return getDefaultClient().check(content, options);
+}
+async function moderateImage(imageUrl, options = {}) {
+  return getDefaultClient().checkImage(imageUrl, options);
+}
+
+// src/edge.ts
+async function defaultGetContent(req) {
+  try {
+    const body = await req.json();
+    return typeof body.content === "string" ? body.content : null;
+  } catch {
+    return null;
+  }
+}
+function createModerationHandler(config = {}) {
+  const {
+    apiKey,
+    policyId = "default",
+    getContent = defaultGetContent,
+    onBlock,
+    onFlag,
+    onWarn,
+    onAllow,
+    onError
+  } = config;
+  const resolvedApiKey = apiKey ?? (typeof Deno !== "undefined" ? Deno.env.get("VETTLY_API_KEY") : typeof process !== "undefined" ? process.env.VETTLY_API_KEY : void 0);
+  if (!resolvedApiKey) {
+    throw new VettlyError(
+      "API key is required. Set VETTLY_API_KEY env var or pass apiKey in config.",
+      "CONFIG_ERROR",
+      500
+    );
+  }
+  const client = createClient({ apiKey: resolvedApiKey });
+  return async (req) => {
+    if (req.method === "OPTIONS") {
+      return new Response(null, {
+        status: 204,
+        headers: {
+          "Access-Control-Allow-Origin": "*",
+          "Access-Control-Allow-Methods": "POST, OPTIONS",
+          "Access-Control-Allow-Headers": "Content-Type, Authorization"
+        }
+      });
+    }
+    if (req.method !== "POST") {
+      return new Response(
+        JSON.stringify({ error: "Method not allowed" }),
+        {
+          status: 405,
+          headers: { "Content-Type": "application/json" }
+        }
+      );
+    }
+    try {
+      const content = await getContent(req);
+      if (!content) {
+        return new Response(
+          JSON.stringify({ error: "No content to moderate" }),
+          {
+            status: 400,
+            headers: { "Content-Type": "application/json" }
+          }
+        );
+      }
+      const result = await client.check(content, { policyId });
+      if (result.action === "block") {
+        if (onBlock) {
+          return onBlock(result, req);
+        }
+        return new Response(
+          JSON.stringify({
+            error: "Content blocked",
+            categories: result.categories.filter((c) => c.flagged)
+          }),
+          {
+            status: 403,
+            headers: { "Content-Type": "application/json" }
+          }
+        );
+      }
+      if (result.action === "flag" && onFlag) {
+        await onFlag(result, req);
+      }
+      if (result.action === "warn" && onWarn) {
+        await onWarn(result, req);
+      }
+      if (onAllow) {
+        return onAllow(result, req);
+      }
+      return new Response(
+        JSON.stringify({
+          success: true,
+          moderation: {
+            safe: result.safe,
+            action: result.action,
+            decisionId: result.decisionId
+          }
+        }),
+        {
+          status: 200,
+          headers: { "Content-Type": "application/json" }
+        }
+      );
+    } catch (error) {
+      if (onError) {
+        return onError(error instanceof Error ? error : new Error(String(error)), req);
+      }
+      console.error("[Vettly] Moderation error:", error);
+      return new Response(
+        JSON.stringify({
+          error: "Moderation service error",
+          message: error instanceof Error ? error.message : "Unknown error"
+        }),
+        {
+          status: 500,
+          headers: { "Content-Type": "application/json" }
+        }
+      );
+    }
+  };
+}
+function withModeration(handler, config = {}) {
+  const {
+    apiKey,
+    policyId = "default",
+    getContent = defaultGetContent,
+    onBlock,
+    onError
+  } = config;
+  const resolvedApiKey = apiKey ?? (typeof Deno !== "undefined" ? Deno.env.get("VETTLY_API_KEY") : typeof process !== "undefined" ? process.env.VETTLY_API_KEY : void 0);
+  if (!resolvedApiKey) {
+    throw new VettlyError(
+      "API key is required. Set VETTLY_API_KEY env var or pass apiKey in config.",
+      "CONFIG_ERROR",
+      500
+    );
+  }
+  const client = createClient({ apiKey: resolvedApiKey });
+  return async (req) => {
+    if (req.method === "OPTIONS") {
+      return new Response(null, {
+        status: 204,
+        headers: {
+          "Access-Control-Allow-Origin": "*",
+          "Access-Control-Allow-Methods": "POST, OPTIONS",
+          "Access-Control-Allow-Headers": "Content-Type, Authorization"
+        }
+      });
+    }
+    try {
+      const clonedReq = req.clone();
+      const content = await getContent(clonedReq);
+      if (!content) {
+        return new Response(
+          JSON.stringify({ error: "No content to moderate" }),
+          {
+            status: 400,
+            headers: { "Content-Type": "application/json" }
+          }
+        );
+      }
+      const result = await client.check(content, { policyId });
+      if (result.action === "block") {
+        if (onBlock) {
+          return onBlock(result, req);
+        }
+        return new Response(
+          JSON.stringify({
+            error: "Content blocked",
+            categories: result.categories.filter((c) => c.flagged)
+          }),
+          {
+            status: 403,
+            headers: { "Content-Type": "application/json" }
+          }
+        );
+      }
+      return handler(req, result);
+    } catch (error) {
+      if (onError) {
+        return onError(error instanceof Error ? error : new Error(String(error)), req);
+      }
+      console.error("[Vettly] Moderation error:", error);
+      return new Response(
+        JSON.stringify({
+          error: "Moderation service error",
+          message: error instanceof Error ? error.message : "Unknown error"
+        }),
+        {
+          status: 500,
+          headers: { "Content-Type": "application/json" }
+        }
+      );
+    }
+  };
+}
+
+export {
+  VettlyError,
+  VettlyAuthError,
+  VettlyRateLimitError,
+  VettlyValidationError,
+  createClient,
+  moderate,
+  moderateImage,
+  createModerationHandler,
+  withModeration
+};