@yan162/changewayguard 6.8.25

package/gateway/src/config.ts

@@ -0,0 +1,246 @@
+/**
+ * Gateway configuration management
+ */
+
+import { readFileSync, existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import type { GatewayConfig, ApiType } from "./types.js";
+
+const DEFAULT_CONFIG_PATH = join(homedir(), ".openclaw", "extensions", "moltguard", "data", "gateway.json");
+
+/**
+ * Load gateway configuration from file or environment
+ */
+export function loadConfig(configPath?: string): GatewayConfig {
+  const path = configPath || DEFAULT_CONFIG_PATH;
+
+  // Default configuration
+  const defaultConfig: GatewayConfig = {
+    port: parseInt(process.env.GATEWAY_PORT || "53669", 10),
+    backends: {},
+  };
+
+  // Try to load from file
+  if (existsSync(path)) {
+    try {
+      const fileContent = readFileSync(path, "utf-8");
+      const fileConfig = JSON.parse(fileContent);
+      return mergeConfig(defaultConfig, fileConfig);
+    } catch (error) {
+      console.warn(
+        `[ai-security-gateway] Failed to load config from ${path}:`,
+        error,
+      );
+    }
+  }
+
+  // Load from environment variables
+  return loadFromEnv(defaultConfig);
+}
+
+/**
+ * Load backend configs from environment variables
+ */
+function loadFromEnv(config: GatewayConfig): GatewayConfig {
+  // Anthropic
+  if (process.env.ANTHROPIC_API_KEY) {
+    config.backends.anthropic = {
+      baseUrl: process.env.ANTHROPIC_BASE_URL || "https://api.anthropic.com",
+      apiKey: process.env.ANTHROPIC_API_KEY,
+      type: "anthropic",
+    };
+  }
+
+  // OpenAI
+  if (process.env.OPENAI_API_KEY) {
+    config.backends.openai = {
+      baseUrl: process.env.OPENAI_BASE_URL || "https://api.openai.com",
+      apiKey: process.env.OPENAI_API_KEY,
+      type: "openai",
+    };
+  }
+
+  // Kimi (Moonshot) — only set if openai backend not already configured
+  if (
+    (process.env.KIMI_API_KEY || process.env.MOONSHOT_API_KEY) &&
+    !config.backends.openai
+  ) {
+    config.backends.kimi = {
+      baseUrl: process.env.KIMI_BASE_URL || "https://api.moonshot.cn",
+      apiKey: process.env.KIMI_API_KEY || process.env.MOONSHOT_API_KEY || "",
+      type: "openai",
+    };
+  }
+
+  // Gemini
+  if (process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY) {
+    config.backends.gemini = {
+      baseUrl:
+        process.env.GEMINI_BASE_URL ||
+        "https://generativelanguage.googleapis.com",
+      apiKey: process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY || "",
+      type: "gemini",
+    };
+  }
+
+  // OpenRouter
+  if (process.env.OPENROUTER_API_KEY) {
+    config.backends.openrouter = {
+      baseUrl: process.env.OPENROUTER_BASE_URL || "https://openrouter.ai/api",
+      apiKey: process.env.OPENROUTER_API_KEY,
+      type: "openai",
+      ...(process.env.OPENROUTER_REFERER && {
+        referer: process.env.OPENROUTER_REFERER,
+      }),
+      ...(process.env.OPENROUTER_TITLE && {
+        title: process.env.OPENROUTER_TITLE,
+      }),
+    };
+  }
+
+  return config;
+}
+
+/**
+ * Merge file config with default config
+ */
+function mergeConfig(
+  defaultConfig: GatewayConfig,
+  fileConfig: Partial<GatewayConfig>,
+): GatewayConfig {
+  return {
+    port: fileConfig.port ?? defaultConfig.port,
+    backends: {
+      ...defaultConfig.backends,
+      ...fileConfig.backends,
+    },
+    routing: fileConfig.routing,
+    defaultBackends: fileConfig.defaultBackends,
+  };
+}
+
+/**
+ * Validate configuration
+ */
+export function validateConfig(config: GatewayConfig): void {
+  if (config.port < 1 || config.port > 65535) {
+    throw new Error(`Invalid port: ${config.port}`);
+  }
+
+  // Note: Backends are now optional. Gateway will act as transparent proxy.
+  // If no backends configured, gateway will forward requests based on routing rules
+  // or pass through to the original target.
+
+  // Validate each backend (if any)
+  for (const [name, backend] of Object.entries(config.backends)) {
+    if (!backend.baseUrl) {
+      throw new Error(`Backend ${name} missing baseUrl`);
+    }
+    if (!backend.apiKey) {
+      throw new Error(`Backend ${name} missing apiKey`);
+    }
+  }
+}
+
+/**
+ * Infer API type from backend name
+ */
+export function inferApiType(name: string): ApiType {
+  const lower = name.toLowerCase();
+  if (lower.includes("anthropic") || lower.includes("claude")) {
+    return "anthropic";
+  }
+  if (lower.includes("gemini") || lower.includes("google")) {
+    return "gemini";
+  }
+  // Default to OpenAI-compatible for everything else
+  return "openai";
+}
+
+/**
+ * Get API type for a backend
+ */
+export function getBackendApiType(name: string, config: GatewayConfig): ApiType {
+  const backend = config.backends[name];
+  if (backend?.type) {
+    return backend.type;
+  }
+  return inferApiType(name);
+}
+
+/**
+ * Find backend by API key
+ */
+export function findBackendByApiKey(
+  apiKey: string,
+  config: GatewayConfig,
+): { name: string; backend: typeof config.backends[string] } | null {
+  for (const [name, backend] of Object.entries(config.backends)) {
+    if (backend.apiKey === apiKey) {
+      return { name, backend };
+    }
+  }
+  return null;
+}
+
+/**
+ * Find default backend for an API type
+ */
+export function findDefaultBackend(
+  apiType: ApiType,
+  config: GatewayConfig,
+): { name: string; backend: typeof config.backends[string] } | null {
+  // Check explicit default first
+  const defaultName = config.defaultBackends?.[apiType];
+  if (defaultName && config.backends[defaultName]) {
+    return { name: defaultName, backend: config.backends[defaultName] };
+  }
+
+  // Find first backend matching the API type
+  for (const [name, backend] of Object.entries(config.backends)) {
+    if (getBackendApiType(name, config) === apiType) {
+      return { name, backend };
+    }
+  }
+
+  return null;
+}
+
+/**
+ * Find backend by request path prefix
+ * Matches the longest pathPrefix that is a prefix of the request path
+ */
+export function findBackendByPathPrefix(
+  requestPath: string,
+  config: GatewayConfig,
+): { name: string; backend: typeof config.backends[string] } | null {
+  let bestMatch: { name: string; backend: typeof config.backends[string] } | null = null;
+  let bestMatchLength = 0;
+
+  for (const [name, backend] of Object.entries(config.backends)) {
+    if (backend.pathPrefix && requestPath.startsWith(backend.pathPrefix)) {
+      if (backend.pathPrefix.length > bestMatchLength) {
+        bestMatch = { name, backend };
+        bestMatchLength = backend.pathPrefix.length;
+      }
+    }
+  }
+
+  return bestMatch;
+}
+
+/**
+ * Find backend by model name
+ */
+export function findBackendByModel(
+  modelName: string,
+  config: GatewayConfig,
+): { name: string; backend: typeof config.backends[string] } | null {
+  for (const [name, backend] of Object.entries(config.backends)) {
+    if (backend.models?.includes(modelName)) {
+      return { name, backend };
+    }
+  }
+  return null;
+}

package/gateway/src/handlers/anthropic.ts

@@ -0,0 +1,328 @@
+/**
+ * AI Security Gateway - Anthropic Messages API handler
+ *
+ * Handles POST /v1/messages requests in Anthropic's native format.
+ */
+
+import type { IncomingMessage, ServerResponse } from "node:http";
+import type { BackendConfig, MappingTable } from "../types.js";
+import { sanitize } from "../sanitizer.js";
+import { restore, createStreamRestorer } from "../restorer.js";
+import { generateRequestId, logSanitizeEvent, logRestoreEvent } from "../activity.js";
+
+/**
+ * Handle Anthropic API request
+ */
+export async function handleAnthropicRequest(
+  req: IncomingMessage,
+  res: ServerResponse,
+  backend: BackendConfig,
+): Promise<void> {
+  try {
+    const requestId = generateRequestId();
+    const sanitizeStart = Date.now();
+
+    // 1. Parse request body
+    const body = await readBody(req);
+    const requestData = JSON.parse(body);
+
+    const {
+      model,
+      messages,
+      system,
+      tools,
+      max_tokens,
+      temperature,
+      stream = false,
+      ...rest
+    } = requestData;
+
+    // 2. Sanitize messages
+    const { sanitized: sanitizedMessages, mappingTable, redactionCount } = sanitize(messages);
+
+    // 3. Sanitize system prompt if present
+    let systemRedactionCount = 0;
+    const sanitizedSystem = system
+      ? (() => {
+          const result = sanitize(system);
+          systemRedactionCount = result.redactionCount;
+          return result.sanitized;
+        })()
+      : system;
+
+    const totalRedactionCount = redactionCount + systemRedactionCount;
+
+    // Log sanitization event
+    if (totalRedactionCount > 0) {
+      logSanitizeEvent({
+        requestId,
+        backend: "anthropic",
+        endpoint: "/v1/messages",
+        model,
+        mappingTable,
+        redactionCount: totalRedactionCount,
+        durationMs: Date.now() - sanitizeStart,
+      });
+    }
+
+    // Note: We reuse the same mapping table so placeholders are consistent
+
+    // Debug: log what was sanitized
+    if (totalRedactionCount > 0) {
+      console.log(`[ai-security-gateway] Sanitized ${totalRedactionCount} items`);
+    }
+
+    // 4. Build sanitized request
+    const sanitizedRequest = {
+      model,
+      messages: sanitizedMessages,
+      ...(system && { system: sanitizedSystem }),
+      ...(tools && { tools }),
+      max_tokens,
+      ...(temperature !== undefined && { temperature }),
+      stream,
+      ...rest,
+    };
+
+    // 5. Forward to real Anthropic API
+    // Note: baseUrl already includes the full path prefix (e.g., /v1)
+    const apiUrl = `${backend.baseUrl}/messages`;
+    const response = await fetch(apiUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "anthropic-version": req.headers["anthropic-version"] as string || "2023-06-01",
+        "x-api-key": backend.apiKey,
+      },
+      body: JSON.stringify(sanitizedRequest),
+    });
+
+    if (!response.ok) {
+      // Forward error response
+      res.writeHead(response.status, { "Content-Type": "application/json" });
+      const errorBody = await response.text();
+      res.end(errorBody);
+      return;
+    }
+
+    // 7. Handle streaming or non-streaming response
+    if (stream) {
+      await handleAnthropicStream(response, res, mappingTable, requestId, model);
+    } else {
+      await handleAnthropicNonStream(response, res, mappingTable, requestId, model);
+    }
+  } catch (error) {
+    console.error("[ai-security-gateway] Anthropic handler error:", error);
+    res.writeHead(500, { "Content-Type": "application/json" });
+    res.end(
+      JSON.stringify({
+        error: "Internal gateway error",
+        message: error instanceof Error ? error.message : String(error),
+      }),
+    );
+  }
+}
+
+/**
+ * Handle streaming response with smart placeholder restoration
+ *
+ * Uses StreamRestorer to detect `__` and buffer potential placeholders.
+ * Only buffers when necessary, maintaining streaming UX.
+ */
+async function handleAnthropicStream(
+  response: Response,
+  res: ServerResponse,
+  mappingTable: MappingTable,
+  requestId: string,
+  model?: string,
+): Promise<void> {
+  const restoreStart = Date.now();
+
+  // Debug: log mapping table size
+  if (mappingTable.size > 0) {
+    console.log(`[ai-security-gateway] Streaming with ${mappingTable.size} placeholders to restore`);
+  }
+
+  // Set SSE headers
+  res.writeHead(200, {
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache",
+    "Connection": "keep-alive",
+  });
+
+  const reader = response.body?.getReader();
+  if (!reader) {
+    res.end();
+    return;
+  }
+
+  const decoder = new TextDecoder();
+  let lineBuffer = "";
+
+  // Create stream restorer for text content
+  const streamRestorer = createStreamRestorer(mappingTable);
+
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+
+      // Decode chunk
+      lineBuffer += decoder.decode(value, { stream: true });
+
+      // Process complete lines
+      const lines = lineBuffer.split("\n");
+      lineBuffer = lines.pop() || ""; // Keep incomplete line in buffer
+
+      for (const line of lines) {
+        if (!line.trim()) {
+          res.write("\n");
+          continue;
+        }
+
+        // Handle event lines (pass through)
+        if (line.startsWith("event:")) {
+          res.write(line + "\n");
+          continue;
+        }
+
+        // Handle data lines
+        if (!line.startsWith("data: ")) {
+          res.write(line + "\n");
+          continue;
+        }
+
+        const dataContent = line.slice(6);
+
+        try {
+          const parsed = JSON.parse(dataContent) as AnthropicSSEChunk;
+
+          // Check for text delta
+          if (parsed.type === "content_block_delta" && parsed.delta?.type === "text_delta") {
+            const textContent = parsed.delta.text;
+
+            if (textContent !== undefined && mappingTable.size > 0) {
+              // Process text through stream restorer
+              const restored = streamRestorer.process(textContent);
+
+              if (restored.length > 0) {
+                // We have restorable content - output it
+                const restoredChunk = {
+                  ...parsed,
+                  delta: { ...parsed.delta, text: restored },
+                };
+                res.write(`data: ${JSON.stringify(restoredChunk)}\n`);
+              }
+              // If restorer is buffering, don't output anything yet
+            } else {
+              // No text content or no mappings - pass through
+              res.write(line + "\n");
+            }
+          } else {
+            // Non-text events - pass through
+            res.write(line + "\n");
+          }
+        } catch {
+          // Not valid JSON, pass through
+          res.write(line + "\n");
+        }
+      }
+    }
+
+    // Write any remaining line buffer
+    if (lineBuffer.trim()) {
+      res.write(lineBuffer + "\n");
+    }
+
+    // Finalize stream restorer - flush any remaining buffered content
+    const finalContent = streamRestorer.finalize();
+    if (finalContent.length > 0) {
+      // Create a final text delta chunk with remaining content
+      const finalChunk: AnthropicSSEChunk = {
+        type: "content_block_delta",
+        index: 0,
+        delta: { type: "text_delta", text: finalContent },
+      };
+      res.write(`data: ${JSON.stringify(finalChunk)}\n`);
+    }
+
+    // Log restoration event
+    if (mappingTable.size > 0) {
+      logRestoreEvent({
+        requestId,
+        backend: "anthropic",
+        endpoint: "/v1/messages",
+        model,
+        mappingTable,
+        restorationCount: mappingTable.size,
+        durationMs: Date.now() - restoreStart,
+      });
+    }
+
+    res.end();
+  } catch (error) {
+    console.error("[ai-security-gateway] Stream error:", error);
+    res.end();
+  }
+}
+
+/**
+ * Anthropic SSE chunk structure
+ */
+interface AnthropicSSEChunk {
+  type: string;
+  index?: number;
+  delta?: {
+    type: string;
+    text?: string;
+  };
+  [key: string]: unknown;
+}
+
+/**
+ * Handle non-streaming response
+ */
+async function handleAnthropicNonStream(
+  response: Response,
+  res: ServerResponse,
+  mappingTable: MappingTable,
+  requestId: string,
+  model?: string,
+): Promise<void> {
+  const restoreStart = Date.now();
+  const responseBody = await response.text();
+  const responseData = JSON.parse(responseBody);
+
+  // Restore placeholders in response
+  const restoredData = restore(responseData, mappingTable);
+
+  // Log restoration event
+  if (mappingTable.size > 0) {
+    logRestoreEvent({
+      requestId,
+      backend: "anthropic",
+      endpoint: "/v1/messages",
+      model,
+      mappingTable,
+      restorationCount: mappingTable.size,
+      durationMs: Date.now() - restoreStart,
+    });
+  }
+
+  res.writeHead(200, { "Content-Type": "application/json" });
+  res.end(JSON.stringify(restoredData));
+}
+
+/**
+ * Read request body as string
+ */
+function readBody(req: IncomingMessage): Promise<string> {
+  return new Promise((resolve, reject) => {
+    let body = "";
+    req.on("data", (chunk) => {
+      body += chunk.toString();
+    });
+    req.on("end", () => resolve(body));
+    req.on("error", reject);
+  });
+}

package/gateway/src/handlers/gemini.ts

@@ -0,0 +1,122 @@
+/**
+ * AI Security Gateway - Google Gemini API handler
+ *
+ * Handles POST /v1/models/:model:generateContent requests in Gemini's format.
+ */
+
+import type { IncomingMessage, ServerResponse } from "node:http";
+import type { BackendConfig, MappingTable } from "../types.js";
+import { sanitize } from "../sanitizer.js";
+import { restore } from "../restorer.js";
+import { generateRequestId, logSanitizeEvent, logRestoreEvent } from "../activity.js";
+
+/**
+ * Handle Gemini API request
+ */
+export async function handleGeminiRequest(
+  req: IncomingMessage,
+  res: ServerResponse,
+  backend: BackendConfig,
+  modelName: string,
+): Promise<void> {
+  try {
+    const requestId = generateRequestId();
+    const sanitizeStart = Date.now();
+
+    // 1. Parse request body
+    const body = await readBody(req);
+    const requestData = JSON.parse(body);
+
+    const { contents, tools, generationConfig, ...rest } = requestData;
+
+    // 2. Sanitize contents (Gemini uses "contents" instead of "messages")
+    const { sanitized: sanitizedContents, mappingTable, redactionCount } = sanitize(contents);
+
+    // Log sanitization event
+    if (redactionCount > 0) {
+      logSanitizeEvent({
+        requestId,
+        backend: "gemini",
+        endpoint: `/v1/models/${modelName}:generateContent`,
+        model: modelName,
+        mappingTable,
+        redactionCount,
+        durationMs: Date.now() - sanitizeStart,
+      });
+    }
+
+    // 3. Build sanitized request
+    const sanitizedRequest = {
+      contents: sanitizedContents,
+      ...(tools && { tools }),
+      ...(generationConfig && { generationConfig }),
+      ...rest,
+    };
+
+    // 4. Forward to Gemini API
+    const apiUrl = `${backend.baseUrl}/v1/models/${modelName}:generateContent`;
+    const response = await fetch(apiUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "x-goog-api-key": backend.apiKey,
+      },
+      body: JSON.stringify(sanitizedRequest),
+    });
+
+    if (!response.ok) {
+      // Forward error response
+      res.writeHead(response.status, { "Content-Type": "application/json" });
+      const errorBody = await response.text();
+      res.end(errorBody);
+      return;
+    }
+
+    // 6. Handle response (Gemini typically doesn't stream in same way)
+    const restoreStart = Date.now();
+    const responseBody = await response.text();
+    const responseData = JSON.parse(responseBody);
+
+    // Restore placeholders in response
+    const restoredData = restore(responseData, mappingTable);
+
+    // Log restoration event
+    if (mappingTable.size > 0) {
+      logRestoreEvent({
+        requestId,
+        backend: "gemini",
+        endpoint: `/v1/models/${modelName}:generateContent`,
+        model: modelName,
+        mappingTable,
+        restorationCount: mappingTable.size,
+        durationMs: Date.now() - restoreStart,
+      });
+    }
+
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify(restoredData));
+  } catch (error) {
+    console.error("[ai-security-gateway] Gemini handler error:", error);
+    res.writeHead(500, { "Content-Type": "application/json" });
+    res.end(
+      JSON.stringify({
+        error: "Internal gateway error",
+        message: error instanceof Error ? error.message : String(error),
+      }),
+    );
+  }
+}
+
+/**
+ * Read request body as string
+ */
+function readBody(req: IncomingMessage): Promise<string> {
+  return new Promise((resolve, reject) => {
+    let body = "";
+    req.on("data", (chunk) => {
+      body += chunk.toString();
+    });
+    req.on("end", () => resolve(body));
+    req.on("error", reject);
+  });
+}