@warmdrift/kgauto-compiler 2.0.0-alpha.3 → 2.0.0-alpha.31

package/dist/glassbox-routes/index.mjs

@@ -0,0 +1,658 @@
+import {
+  ARCHETYPE_FLOOR_DEFAULT,
+  getDefaultFallbackChain
+} from "../chunk-WXCFWUCN.mjs";
+import {
+  tryGetProfile
+} from "../chunk-JQGRWJZO.mjs";
+import {
+  subscribe,
+  subscribeApp
+} from "../chunk-RO22VFIF.mjs";
+import "../chunk-NBO4R5PC.mjs";
+
+// src/glassbox-routes/auth.ts
+var JSON_HEADERS = { "Content-Type": "application/json" };
+function jsonError(status, code) {
+  return new Response(JSON.stringify({ error: code }), {
+    status,
+    headers: JSON_HEADERS
+  });
+}
+function tokensEqual(a, b) {
+  if (a.length !== b.length) return false;
+  let mismatch = 0;
+  for (let i = 0; i < a.length; i++) {
+    mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return mismatch === 0;
+}
+function checkAuth(req, config) {
+  const authHeader = req.headers.get("Authorization") ?? "";
+  const match = /^Bearer\s+(.+)$/i.exec(authHeader);
+  const provided = match?.[1]?.trim() ?? "";
+  if (!provided || !tokensEqual(provided, config.installToken)) {
+    return jsonError(401, "unauthorized");
+  }
+  const origin = req.headers.get("Origin") ?? "";
+  const xExtId = req.headers.get("X-Glassbox-Extension-Id") ?? "";
+  const expectedOrigin = `chrome-extension://${config.extensionId}`;
+  const originOk = origin === expectedOrigin;
+  const xExtOk = xExtId.length > 0 && tokensEqual(xExtId, config.extensionId);
+  if (!originOk && !xExtOk) {
+    return jsonError(403, "forbidden_origin");
+  }
+  return null;
+}
+
+// src/glassbox-routes/counterfactuals.ts
+var COUNTERFACTUAL_MIN_SAVINGS_RATIO = 0.1;
+var COUNTERFACTUAL_MAX_RESULTS = 2;
+function computeCounterfactuals(args) {
+  const {
+    servedModel,
+    servedCostUsd,
+    archetype,
+    tokensIn,
+    tokensOut,
+    cacheReadInputTokens = 0,
+    toolOrchestration
+  } = args;
+  if (tokensIn <= 0) return [];
+  if (servedCostUsd <= 0) return [];
+  let chain;
+  try {
+    chain = getDefaultFallbackChain({
+      archetype,
+      posture: "open",
+      maxDepth: 10,
+      toolOrchestration
+    });
+  } catch {
+    return [];
+  }
+  const candidates = [];
+  const minSavings = servedCostUsd * COUNTERFACTUAL_MIN_SAVINGS_RATIO;
+  for (const modelId of chain) {
+    if (modelId === servedModel) continue;
+    const profile = tryGetProfile(modelId);
+    if (!profile) continue;
+    const perf = profile.archetypePerf?.[archetype] ?? 5;
+    if (perf < ARCHETYPE_FLOOR_DEFAULT) continue;
+    const estimated = estimateCostUsd({
+      profile,
+      tokensIn,
+      tokensOut,
+      cacheReadInputTokens
+    });
+    if (estimated === void 0) continue;
+    const savings = servedCostUsd - estimated;
+    if (savings < minSavings) continue;
+    const savingsPercent = Math.round(savings / servedCostUsd * 100);
+    const reason = buildReason({
+      modelId,
+      archetype,
+      perf,
+      profile
+    });
+    candidates.push({
+      modelId,
+      estimatedCostUsd: round6(estimated),
+      savingsUsd: round6(savings),
+      savingsPercent,
+      reason
+    });
+  }
+  candidates.sort((a, b) => a.estimatedCostUsd - b.estimatedCostUsd);
+  return candidates.slice(0, COUNTERFACTUAL_MAX_RESULTS);
+}
+function estimateCostUsd(args) {
+  const { profile, tokensIn, tokensOut, cacheReadInputTokens } = args;
+  const cacheableIn = Math.min(cacheReadInputTokens, tokensIn);
+  const nonCachedIn = Math.max(tokensIn - cacheableIn, 0);
+  const discount = profile.lowering.cache.discount ?? 1;
+  const inUsd = nonCachedIn / 1e6 * profile.costInputPer1m + cacheableIn / 1e6 * profile.costInputPer1m * discount;
+  const outUsd = tokensOut / 1e6 * profile.costOutputPer1m;
+  const total = inUsd + outUsd;
+  if (!Number.isFinite(total)) return void 0;
+  if (total < 0) return void 0;
+  return total;
+}
+function round6(n) {
+  return Math.round(n * 1e6) / 1e6;
+}
+function buildReason(args) {
+  const { modelId, archetype, perf, profile } = args;
+  const hook = profile.strengths?.[0];
+  const suffix = hook ? `, ${hook.replace(/_/g, " ")}` : "";
+  return `${modelId} on ${archetype}: archetypePerf=${perf}${suffix}`;
+}
+
+// src/glassbox-routes/projected-cost.ts
+var INSUFFICIENT_VOLUME_THRESHOLD = 5;
+var WINDOW_DAYS = 7;
+async function computeProjectedDailyCost(args) {
+  const {
+    appId,
+    archetype,
+    servedCostUsd,
+    brainEndpoint,
+    brainJwt,
+    brainAnonKey,
+    fetch: fetchImpl
+  } = args;
+  if (!appId || !archetype) return void 0;
+  if (!Number.isFinite(servedCostUsd) || servedCostUsd <= 0) return void 0;
+  const doFetch = fetchImpl ?? ((...a) => globalThis.fetch(...a));
+  const base = brainEndpoint.replace(/\/+$/, "");
+  const cutoffIso = new Date(
+    Date.now() - WINDOW_DAYS * 24 * 60 * 60 * 1e3
+  ).toISOString();
+  const qs = new URLSearchParams();
+  qs.set("app_id", `eq.${appId}`);
+  qs.set("intent_archetype", `eq.${archetype}`);
+  qs.set("created_at", `gte.${cutoffIso}`);
+  qs.set("select", "handle");
+  qs.set("limit", "0");
+  const url = `${base}/rest/v1/compile_outcomes?${qs.toString()}`;
+  let res;
+  try {
+    res = await doFetch(url, {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${brainJwt}`,
+        apikey: brainAnonKey,
+        Accept: "application/json",
+        // Triggers PostgREST exact count in Content-Range header.
+        Prefer: "count=exact"
+      }
+    });
+  } catch {
+    return void 0;
+  }
+  if (!res.ok) return void 0;
+  const contentRange = res.headers.get("content-range");
+  const count = parseContentRangeCount(contentRange);
+  if (count === void 0) return void 0;
+  const avgPerDay = count / WINDOW_DAYS;
+  if (avgPerDay < INSUFFICIENT_VOLUME_THRESHOLD) return void 0;
+  const projected = avgPerDay * servedCostUsd;
+  return Math.round(projected * 1e6) / 1e6;
+}
+function parseContentRangeCount(header) {
+  if (!header) return void 0;
+  const slash = header.lastIndexOf("/");
+  if (slash < 0) return void 0;
+  const tail = header.slice(slash + 1).trim();
+  if (tail === "*" || tail === "") return void 0;
+  const n = Number.parseInt(tail, 10);
+  if (!Number.isFinite(n) || n < 0) return void 0;
+  return n;
+}
+
+// src/glassbox-routes/proxy.ts
+var JSON_HEADERS2 = {
+  "Content-Type": "application/json",
+  "Cache-Control": "no-store"
+};
+var DEFAULT_LIMIT = 20;
+var MAX_LIMIT = 100;
+function jsonResponse(status, body) {
+  return new Response(JSON.stringify(body), { status, headers: JSON_HEADERS2 });
+}
+function jsonError2(status, code) {
+  return jsonResponse(status, { error: code });
+}
+function applyScrub(row, scrub) {
+  if (!scrub || row == null || typeof row !== "object") return row;
+  try {
+    return scrub(row);
+  } catch {
+    return row;
+  }
+}
+function parseLimit(raw) {
+  if (!raw) return DEFAULT_LIMIT;
+  const n = Number.parseInt(raw, 10);
+  if (!Number.isFinite(n) || n <= 0) return DEFAULT_LIMIT;
+  return Math.min(n, MAX_LIMIT);
+}
+function rowToSummary(row) {
+  return {
+    traceId: typeof row.handle === "string" ? row.handle : "",
+    appId: typeof row.app_id === "string" ? row.app_id : "",
+    archetype: typeof row.intent_archetype === "string" ? row.intent_archetype : "",
+    target: typeof row.model === "string" ? row.model : "",
+    createdAt: typeof row.created_at === "string" ? row.created_at : "",
+    tokensIn: typeof row.tokens_in === "number" ? row.tokens_in : 0,
+    tokensOut: typeof row.tokens_out === "number" ? row.tokens_out : 0,
+    estimatedCostUsd: typeof row.cost_usd_actual === "number" ? row.cost_usd_actual : 0
+  };
+}
+var INPUT_RATIO_YELLOW = 0.65;
+var INPUT_RATIO_RED = 0.85;
+var CACHE_HEALTH_MIN_TOKENS = 1e3;
+var CACHE_RATIO_GREEN = 0.5;
+var CACHE_RATIO_YELLOW = 0.1;
+var FALLBACK_REASONS = /* @__PURE__ */ new Set([
+  "rate_limit",
+  "provider_auth_failed",
+  "provider_error",
+  "cliff",
+  "cost_cap",
+  "contract_violation"
+]);
+function asString(v) {
+  return typeof v === "string" && v.length > 0 ? v : void 0;
+}
+function asNumber(v) {
+  return typeof v === "number" && Number.isFinite(v) ? v : void 0;
+}
+function asNumberOrZero(v) {
+  return typeof v === "number" && Number.isFinite(v) ? v : 0;
+}
+function asStringArray(v) {
+  if (!Array.isArray(v)) return [];
+  const out = [];
+  for (const e of v) {
+    if (typeof e === "string") out.push(e);
+  }
+  return out;
+}
+function asFallbackReason(v) {
+  if (typeof v !== "string") return void 0;
+  const candidate = v;
+  if (candidate && FALLBACK_REASONS.has(candidate)) return candidate;
+  return "provider_error";
+}
+function rowToAdvisory(raw) {
+  if (!raw || typeof raw !== "object") return void 0;
+  const r = raw;
+  const level = r.level;
+  const code = r.code;
+  const message = r.message;
+  if (level !== "info" && level !== "warn" && level !== "critical" || typeof code !== "string" || typeof message !== "string") {
+    return void 0;
+  }
+  const out = { level, code, message };
+  const suggestion = asString(r.suggestion);
+  if (suggestion) out.suggestion = suggestion;
+  const docsUrl = asString(r.docs_url ?? r.docsUrl);
+  if (docsUrl) out.docsUrl = docsUrl;
+  const adapter = toAdapter(r.suggested_adaptation ?? r.suggestedAdaptation);
+  if (adapter) out.suggestedAdaptation = adapter;
+  return out;
+}
+var SECTION_KINDS = /* @__PURE__ */ new Set([
+  "role_intro",
+  "tool_call_contract",
+  "narration_contract",
+  "user_turn",
+  "reference",
+  "arbitrary"
+]);
+function summarizeSectionRewrite(kind, rule) {
+  if (kind === "tool_call_contract" && rule === "sequential-tool-cliff-below-floor") {
+    return "Sequential tool pattern applied (model cliff cleared at compile time).";
+  }
+  if (kind === "narration_contract" && rule === "narration-drift-anthropic") {
+    return "Narration tightened for Anthropic dialect (terse-log shape preserved).";
+  }
+  if (kind === "narration_contract" && rule === "narration-thinking-leak-deepseek") {
+    return "Thinking-block suppression applied (DeepSeek V4 internal reasoning kept off-wire).";
+  }
+  return `Translator applied rule "${rule}" to ${kind} section.`;
+}
+function rowToSectionRewrite(raw) {
+  if (!raw || typeof raw !== "object") return void 0;
+  const r = raw;
+  const sectionId = r.sectionId ?? r.section_id;
+  if (typeof sectionId !== "string" || sectionId.length === 0) return void 0;
+  const kind = r.kind;
+  if (typeof kind !== "string" || !SECTION_KINDS.has(kind)) {
+    return void 0;
+  }
+  const rule = r.rule;
+  if (typeof rule !== "string" || rule.length === 0) return void 0;
+  return {
+    sectionId,
+    kind,
+    rule,
+    summary: summarizeSectionRewrite(kind, rule)
+  };
+}
+function toAdapter(raw) {
+  if (!raw || typeof raw !== "object") return void 0;
+  const a = raw;
+  if (a.parameter === "toolOrchestration" && a.value === "sequential" && typeof a.consequence === "string") {
+    return {
+      parameter: "toolOrchestration",
+      value: "sequential",
+      consequence: a.consequence
+    };
+  }
+  return void 0;
+}
+function computeHealth(args) {
+  const {
+    tokensIn,
+    tokensOut,
+    historyCacheableTokens,
+    inputCacheHitRatio,
+    fellOverFrom,
+    target
+  } = args;
+  const total = tokensIn + tokensOut;
+  const ratio = total > 0 ? tokensIn / total : 0;
+  let inputRatioStatus;
+  if (ratio > INPUT_RATIO_RED) inputRatioStatus = "red";
+  else if (ratio > INPUT_RATIO_YELLOW) inputRatioStatus = "yellow";
+  else inputRatioStatus = "green";
+  let cacheStatus;
+  if (historyCacheableTokens <= CACHE_HEALTH_MIN_TOKENS) {
+    cacheStatus = "na";
+  } else if (inputCacheHitRatio >= CACHE_RATIO_GREEN) {
+    cacheStatus = "green";
+  } else if (inputCacheHitRatio >= CACHE_RATIO_YELLOW) {
+    cacheStatus = "yellow";
+  } else {
+    cacheStatus = "red";
+  }
+  const fallbackStatus = fellOverFrom !== void 0 && fellOverFrom !== target ? "red" : "green";
+  return { inputRatioStatus, cacheStatus, fallbackStatus };
+}
+function rowToDetail(row) {
+  const summary = rowToSummary(row);
+  const tokensIn = summary.tokensIn;
+  const tokensOut = summary.tokensOut;
+  const cacheReadInputTokens = asNumberOrZero(row.cache_read_input_tokens);
+  const cacheCreationInputTokens = asNumberOrZero(
+    row.cache_creation_input_tokens
+  );
+  const historyCacheableTokens = asNumberOrZero(row.history_cacheable_tokens);
+  const inputCacheHitRatio = tokensIn > 0 ? cacheReadInputTokens / tokensIn : 0;
+  const fellOverFrom = asString(row.fell_over_from);
+  const fallbackReasonRaw = row.fallback_reason;
+  const fallbackReason = fellOverFrom ? asFallbackReason(fallbackReasonRaw) : void 0;
+  const requestedModel = asString(row.requested_model) ?? fellOverFrom;
+  const advisoriesRaw = Array.isArray(row.advisories) ? row.advisories : [];
+  const advisories = [];
+  for (const a of advisoriesRaw) {
+    const rec = rowToAdvisory(a);
+    if (rec) advisories.push(rec);
+  }
+  const health = computeHealth({
+    tokensIn,
+    tokensOut,
+    cacheReadInputTokens,
+    historyCacheableTokens,
+    inputCacheHitRatio,
+    fellOverFrom,
+    target: summary.target
+  });
+  const sectionRewritesRaw = Array.isArray(row.section_rewrites_applied) ? row.section_rewrites_applied : [];
+  const sectionRewritesApplied = [];
+  for (const e of sectionRewritesRaw) {
+    const rw = rowToSectionRewrite(e);
+    if (rw) sectionRewritesApplied.push(rw);
+  }
+  const detail = {
+    ...summary,
+    mutationsApplied: asStringArray(row.mutations_applied),
+    advisories,
+    rawRequest: asString(row.prompt_preview),
+    rawResponse: asString(row.response_preview),
+    requestedModel,
+    finishReason: asString(row.finish_reason),
+    ttftMs: asNumber(row.ttft_ms),
+    totalMs: asNumber(row.total_ms) ?? asNumber(row.latency_ms),
+    toolsCount: asNumber(row.tools_count),
+    historyDepth: asNumber(row.history_depth),
+    systemPromptChars: asNumber(row.system_prompt_chars),
+    cacheReadInputTokens,
+    cacheCreationInputTokens,
+    historyCacheableTokens,
+    inputCacheHitRatio,
+    fellOverFrom,
+    fallbackReason,
+    sectionRewritesApplied,
+    health
+  };
+  return detail;
+}
+function createProxyHandler(config) {
+  const {
+    installToken,
+    extensionId,
+    brainEndpoint,
+    brainJwt,
+    brainAnonKey,
+    appId,
+    scrub,
+    fetch: fetchImpl
+  } = config;
+  const doFetch = fetchImpl ?? ((...args) => globalThis.fetch(...args));
+  const base = brainEndpoint.replace(/\/+$/, "");
+  return async function proxy(req) {
+    const authFail = checkAuth(req, { installToken, extensionId });
+    if (authFail) return authFail;
+    const url = new URL(req.url);
+    const traceId = url.searchParams.get("traceId");
+    const limit = parseLimit(url.searchParams.get("limit"));
+    const qs = new URLSearchParams();
+    qs.set("app_id", `eq.${appId}`);
+    if (traceId) {
+      qs.set("handle", `eq.${traceId}`);
+    } else {
+      qs.set("order", "created_at.desc");
+      qs.set("limit", String(limit));
+    }
+    const brainUrl = `${base}/rest/v1/compile_outcomes?${qs.toString()}`;
+    let brainRes;
+    try {
+      brainRes = await doFetch(brainUrl, {
+        method: "GET",
+        headers: {
+          // Authorization carries the scoped JWT — drives RLS via app_id claim.
+          Authorization: `Bearer ${brainJwt}`,
+          // apikey MUST be one of the project's known keys (anon or
+          // service_role). Supabase rejects any other JWT here, even when
+          // HS256-signed with the same secret. Pre-alpha.24 this was set to
+          // brainJwt and silently 401'd against real Supabase. See L-117.
+          apikey: brainAnonKey,
+          Accept: "application/json"
+        }
+      });
+    } catch {
+      return jsonError2(502, "brain_unavailable");
+    }
+    if (brainRes.status === 401 || brainRes.status === 403) {
+      return jsonError2(500, "brain_auth_misconfig");
+    }
+    if (brainRes.status >= 500) {
+      return jsonError2(502, "brain_unavailable");
+    }
+    if (!brainRes.ok) {
+      return jsonError2(400, "bad_request");
+    }
+    let rows;
+    try {
+      rows = await brainRes.json();
+    } catch {
+      return jsonError2(502, "brain_unavailable");
+    }
+    if (!Array.isArray(rows)) {
+      return jsonError2(502, "brain_unavailable");
+    }
+    const scrubbed = rows.map(
+      (row) => applyScrub(row, scrub)
+    );
+    if (traceId) {
+      const first = scrubbed[0];
+      if (!first) return jsonError2(404, "not_found");
+      const detail = rowToDetail(first);
+      const counterfactuals = computeCounterfactuals({
+        servedModel: detail.target,
+        servedCostUsd: detail.estimatedCostUsd,
+        archetype: detail.archetype,
+        tokensIn: detail.tokensIn,
+        tokensOut: detail.tokensOut,
+        cacheReadInputTokens: detail.cacheReadInputTokens
+      });
+      detail.counterfactuals = counterfactuals;
+      if (detail.estimatedCostUsd > 0) {
+        const projected = await computeProjectedDailyCost({
+          appId: detail.appId,
+          archetype: detail.archetype,
+          servedCostUsd: detail.estimatedCostUsd,
+          brainEndpoint: base,
+          brainJwt,
+          brainAnonKey,
+          fetch: doFetch
+        });
+        if (projected !== void 0) {
+          detail.projectedDailyCostUsd = projected;
+        }
+      }
+      return jsonResponse(200, detail);
+    }
+    return jsonResponse(200, { traces: scrubbed.map(rowToSummary) });
+  };
+}
+
+// src/glassbox-routes/stream.ts
+var SSE_HEADERS = {
+  "Content-Type": "text/event-stream",
+  "Cache-Control": "no-cache, no-transform",
+  Connection: "keep-alive",
+  "X-Accel-Buffering": "no"
+};
+function applyScrub2(event, scrub) {
+  if (!scrub) return event;
+  try {
+    const out = scrub(event);
+    if (out && typeof out === "object" && typeof out.kind === "string" && typeof out.at === "number") {
+      return out;
+    }
+    return event;
+  } catch {
+    return event;
+  }
+}
+function sseFrame(eventName, data) {
+  const safeName = eventName.replace(/[\r\n]/g, "");
+  return `event: ${safeName}
+data: ${JSON.stringify(data)}
+
+`;
+}
+function createStreamHandler(config, subscribe2, subscribeApp2) {
+  const { installToken, extensionId, appId, scrub } = config;
+  return async function stream(req) {
+    const authFail = checkAuth(req, { installToken, extensionId });
+    if (authFail) return authFail;
+    const url = new URL(req.url);
+    const traceId = url.searchParams.get("traceId");
+    const source = traceId ? subscribe2(traceId) : subscribeApp2({ appId });
+    const encoder = new TextEncoder();
+    let sourceReader;
+    let cancelled = false;
+    const body = new ReadableStream({
+      async start(controller) {
+        controller.enqueue(encoder.encode(sseFrame("ready", {})));
+        sourceReader = source.getReader();
+        const signal = req.signal;
+        if (signal) {
+          if (signal.aborted) {
+            cancelled = true;
+            await sourceReader.cancel();
+            try {
+              controller.close();
+            } catch {
+            }
+            return;
+          }
+          signal.addEventListener(
+            "abort",
+            () => {
+              cancelled = true;
+              sourceReader?.cancel().catch(() => {
+              });
+              try {
+                controller.close();
+              } catch {
+              }
+            },
+            { once: true }
+          );
+        }
+        try {
+          while (!cancelled) {
+            const { value, done } = await sourceReader.read();
+            if (done) break;
+            const scrubbed = applyScrub2(value, scrub);
+            controller.enqueue(
+              encoder.encode(sseFrame(scrubbed.kind, scrubbed))
+            );
+          }
+        } catch {
+        } finally {
+          try {
+            controller.close();
+          } catch {
+          }
+          try {
+            sourceReader?.releaseLock();
+          } catch {
+          }
+        }
+      },
+      cancel() {
+        cancelled = true;
+        sourceReader?.cancel().catch(() => {
+        });
+      }
+    });
+    return new Response(body, { status: 200, headers: SSE_HEADERS });
+  };
+}
+
+// src/glassbox-routes/index.ts
+function requireString(name, value) {
+  if (typeof value !== "string" || value.length === 0) {
+    throw new Error(`createGlassboxRoutes: ${name} is required`);
+  }
+  return value;
+}
+function createGlassboxRoutes(config) {
+  const installToken = requireString("installToken", config.installToken);
+  const extensionId = requireString("extensionId", config.extensionId);
+  const brainEndpoint = requireString("brainEndpoint", config.brainEndpoint);
+  const brainJwt = requireString("brainJwt", config.brainJwt);
+  const brainAnonKey = requireString("brainAnonKey", config.brainAnonKey);
+  const appId = requireString("appId", config.appId);
+  const proxy = createProxyHandler({
+    installToken,
+    extensionId,
+    brainEndpoint,
+    brainJwt,
+    brainAnonKey,
+    appId,
+    scrub: config.scrub,
+    fetch: config.fetch
+  });
+  const stream = createStreamHandler(
+    {
+      installToken,
+      extensionId,
+      appId,
+      scrub: config.scrub
+    },
+    config.subscribe ?? subscribe,
+    config.subscribeApp ?? subscribeApp
+  );
+  return { proxy, stream };
+}
+export {
+  createGlassboxRoutes
+};