@yan162/changewayguard 6.8.26 → 6.8.27

package/dist/gateway/dist/handlers/openai.js

@@ -0,0 +1,254 @@
+/**
+ * AI Security Gateway - OpenAI Chat Completions API handler
+ *
+ * Handles POST /v1/chat/completions requests in OpenAI's format.
+ * Also compatible with OpenAI-compatible APIs (Kimi, DeepSeek, etc.)
+ */
+import { sanitize } from "../sanitizer.js";
+import { restore, createStreamRestorer } from "../restorer.js";
+import { generateRequestId, logSanitizeEvent, logRestoreEvent } from "../activity.js";
+/**
+ * Handle OpenAI API request
+ *
+ * @param backend - Config for OpenAI-compatible backend
+ * @param extraHeaders - Optional additional headers (e.g., OpenRouter attribution)
+ */
+export async function handleOpenAIRequest(req, res, backend, extraHeaders) {
+    try {
+        const requestId = generateRequestId();
+        const sanitizeStart = Date.now();
+        // 1. Parse request body
+        const body = await readBody(req);
+        const requestData = JSON.parse(body);
+        const { model, messages, tools, tool_choice, temperature, max_tokens, stream = false, ...rest } = requestData;
+        // 2. Sanitize messages
+        const { sanitized: sanitizedMessages, mappingTable, redactionCount } = sanitize(messages);
+        // Debug: log what was sanitized
+        console.log(`[ai-security-gateway] Sanitized ${redactionCount} items`);
+        if (mappingTable.size > 0) {
+            for (const [placeholder, original] of mappingTable.entries()) {
+                console.log(`[ai-security-gateway]   ${placeholder} <- (${original.length} chars)`);
+            }
+        }
+        // Log sanitization event
+        if (redactionCount > 0) {
+            logSanitizeEvent({
+                requestId,
+                backend: "openai",
+                endpoint: "/v1/chat/completions",
+                model,
+                mappingTable,
+                redactionCount,
+                durationMs: Date.now() - sanitizeStart,
+            });
+        }
+        // 3. Build sanitized request
+        const sanitizedRequest = {
+            model,
+            messages: sanitizedMessages,
+            ...(tools && { tools }),
+            ...(tool_choice && { tool_choice }),
+            ...(temperature !== undefined && { temperature }),
+            ...(max_tokens && { max_tokens }),
+            stream,
+            ...rest,
+        };
+        // 4. Use provided backend config
+        // Note: baseUrl already includes the full path prefix (e.g., /v1 or /v1/coding)
+        const apiUrl = `${backend.baseUrl}/chat/completions`;
+        const headers = {
+            "Content-Type": "application/json",
+            "Authorization": `Bearer ${backend.apiKey}`,
+        };
+        // Merge extra headers (e.g., OpenRouter attribution headers)
+        if (extraHeaders) {
+            Object.assign(headers, extraHeaders);
+        }
+        const response = await fetch(apiUrl, {
+            method: "POST",
+            headers,
+            body: JSON.stringify(sanitizedRequest),
+        });
+        if (!response.ok) {
+            // Forward error response
+            res.writeHead(response.status, { "Content-Type": "application/json" });
+            const errorBody = await response.text();
+            res.end(errorBody);
+            return;
+        }
+        // 6. Handle streaming or non-streaming response
+        if (stream) {
+            await handleOpenAIStream(response, res, mappingTable, requestId, model);
+        }
+        else {
+            await handleOpenAINonStream(response, res, mappingTable, requestId, model);
+        }
+    }
+    catch (error) {
+        console.error("[ai-security-gateway] OpenAI handler error:", error);
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({
+            error: "Internal gateway error",
+            message: error instanceof Error ? error.message : String(error),
+        }));
+    }
+}
+/**
+ * Handle streaming response (SSE) with smart placeholder restoration
+ *
+ * Uses StreamRestorer to detect `__` and buffer potential placeholders.
+ * Only buffers when necessary, maintaining streaming UX.
+ */
+async function handleOpenAIStream(response, res, mappingTable, requestId, model) {
+    const restoreStart = Date.now();
+    // Debug: log mapping table
+    if (mappingTable.size > 0) {
+        console.log(`[ai-security-gateway] Streaming with ${mappingTable.size} placeholders to restore`);
+    }
+    // Set SSE headers
+    res.writeHead(200, {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        "Connection": "keep-alive",
+    });
+    const reader = response.body?.getReader();
+    if (!reader) {
+        res.end();
+        return;
+    }
+    const decoder = new TextDecoder();
+    let lineBuffer = "";
+    // Create stream restorer for text content
+    const streamRestorer = createStreamRestorer(mappingTable);
+    // Buffer for SSE chunks waiting for restoration
+    const pendingChunks = [];
+    try {
+        while (true) {
+            const { done, value } = await reader.read();
+            if (done)
+                break;
+            // Decode chunk
+            lineBuffer += decoder.decode(value, { stream: true });
+            // Process complete lines
+            const lines = lineBuffer.split("\n");
+            lineBuffer = lines.pop() || ""; // Keep incomplete line in buffer
+            for (const line of lines) {
+                if (!line.trim()) {
+                    // Flush pending chunks before empty line
+                    flushPendingChunks(pendingChunks, streamRestorer, res);
+                    res.write("\n");
+                    continue;
+                }
+                if (!line.startsWith("data: ")) {
+                    res.write(line + "\n");
+                    continue;
+                }
+                const dataContent = line.slice(6);
+                if (dataContent === "[DONE]") {
+                    // Finalize any pending content
+                    flushPendingChunks(pendingChunks, streamRestorer, res);
+                    res.write(line + "\n");
+                    continue;
+                }
+                try {
+                    const parsed = JSON.parse(dataContent);
+                    const textContent = parsed.choices?.[0]?.delta?.content;
+                    if (textContent !== undefined && mappingTable.size > 0) {
+                        // Process text through stream restorer
+                        const restored = streamRestorer.process(textContent);
+                        if (restored.length > 0) {
+                            // We have restorable content - flush it
+                            const restoredChunk = { ...parsed };
+                            restoredChunk.choices = parsed.choices.map((c, i) => i === 0 ? { ...c, delta: { ...c.delta, content: restored } } : c);
+                            res.write(`data: ${JSON.stringify(restoredChunk)}\n`);
+                        }
+                        // If restorer is buffering, we don't output anything yet
+                        // Content will be output when buffer is flushed
+                    }
+                    else {
+                        // No text content or no mappings - pass through
+                        res.write(line + "\n");
+                    }
+                }
+                catch {
+                    // Not valid JSON, pass through
+                    res.write(line + "\n");
+                }
+            }
+        }
+        // Write any remaining line buffer
+        if (lineBuffer.trim()) {
+            res.write(lineBuffer + "\n");
+        }
+        // Finalize stream restorer - flush any remaining buffered content
+        const finalContent = streamRestorer.finalize();
+        if (finalContent.length > 0) {
+            // Create a final chunk with remaining content
+            const finalChunk = {
+                choices: [{ delta: { content: finalContent }, index: 0, finish_reason: null }],
+            };
+            res.write(`data: ${JSON.stringify(finalChunk)}\n`);
+        }
+        // Log restoration event
+        if (mappingTable.size > 0) {
+            logRestoreEvent({
+                requestId,
+                backend: "openai",
+                endpoint: "/v1/chat/completions",
+                model,
+                mappingTable,
+                restorationCount: mappingTable.size,
+                durationMs: Date.now() - restoreStart,
+            });
+        }
+        res.end();
+    }
+    catch (error) {
+        console.error("[ai-security-gateway] Stream error:", error);
+        res.end();
+    }
+}
+/**
+ * Flush pending chunks with restored content
+ */
+function flushPendingChunks(_pendingChunks, _streamRestorer, _res) {
+    // Currently unused - StreamRestorer handles buffering internally
+}
+/**
+ * Handle non-streaming response
+ */
+async function handleOpenAINonStream(response, res, mappingTable, requestId, model) {
+    const restoreStart = Date.now();
+    const responseBody = await response.text();
+    const responseData = JSON.parse(responseBody);
+    // Restore placeholders in response
+    const restoredData = restore(responseData, mappingTable);
+    // Log restoration event
+    if (mappingTable.size > 0) {
+        logRestoreEvent({
+            requestId,
+            backend: "openai",
+            endpoint: "/v1/chat/completions",
+            model,
+            mappingTable,
+            restorationCount: mappingTable.size,
+            durationMs: Date.now() - restoreStart,
+        });
+    }
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify(restoredData));
+}
+/**
+ * Read request body as string
+ */
+function readBody(req) {
+    return new Promise((resolve, reject) => {
+        let body = "";
+        req.on("data", (chunk) => {
+            body += chunk.toString();
+        });
+        req.on("end", () => resolve(body));
+        req.on("error", reject);
+    });
+}
+//# sourceMappingURL=openai.js.map

package/dist/gateway/dist/handlers/openai.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai.js","sourceRoot":"","sources":["../../src/handlers/openai.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEtF;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,GAAoB,EACpB,GAAmB,EACnB,OAAsB,EACtB,YAAqC;IAErC,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;QACtC,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEjC,wBAAwB;QACxB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAErC,MAAM,EACJ,KAAK,EACL,QAAQ,EACR,KAAK,EACL,WAAW,EACX,WAAW,EACX,UAAU,EACV,MAAM,GAAG,KAAK,EACd,GAAG,IAAI,EACR,GAAG,WAAW,CAAC;QAEhB,uBAAuB;QACvB,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,YAAY,EAAE,cAAc,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAE1F,gCAAgC;QAChC,OAAO,CAAC,GAAG,CAAC,mCAAmC,cAAc,QAAQ,CAAC,CAAC;QACvE,IAAI,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC1B,KAAK,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,IAAI,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC7D,OAAO,CAAC,GAAG,CAAC,2BAA2B,WAAW,QAAQ,QAAQ,CAAC,MAAM,SAAS,CAAC,CAAC;YACtF,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,cAAc,GAAG,CAAC,EAAE,CAAC;YACvB,gBAAgB,CAAC;gBACf,SAAS;gBACT,OAAO,EAAE,QAAQ;gBACjB,QAAQ,EAAE,sBAAsB;gBAChC,KAAK;gBACL,YAAY;gBACZ,cAAc;gBACd,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa;aACvC,CAAC,CAAC;QACL,CAAC;QAED,6BAA6B;QAC7B,MAAM,gBAAgB,GAAG;YACvB,KAAK;YACL,QAAQ,EAAE,iBAAiB;YAC3B,GAAG,CAAC,KAAK,IAAI,EAAE,KAAK,EAAE,CAAC;YACvB,GAAG,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,CAAC;YACnC,GAAG,CAAC,WAAW,KAAK,SAAS,IAAI,EAAE,WAAW,EAAE,CAAC;YACjD,GAAG,CAAC,UAAU,IAAI,EAAE,UAAU,EAAE,CAAC;YACjC,MAAM;YACN,GAAG,IAAI;SACR,CAAC;QAEF,iCAAiC;QACjC,gFAAgF;QAChF,MAAM,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,mBAAmB,CAAC;QACrD,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;YAClC,eAAe,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE;SAC5C,CAAC;QACF,6DAA6D;QAC7D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACvC,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;YACnC,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,yBAAyB;YACzB,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YACvE,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACnB,OAAO;QACT,CAAC;QAED,gDAAgD;QAChD,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,kBAAkB,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,MAAM,qBAAqB,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;QACpE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,wBAAwB;YAC/B,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAChE,CAAC,CACH,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,kBAAkB,CAC/B,QAAkB,EAClB,GAAmB,EACnB,YAA0B,EAC1B,SAAiB,EACjB,KAAc;IAEd,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEhC,2BAA2B;IAC3B,IAAI,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,wCAAwC,YAAY,CAAC,IAAI,0BAA0B,CAAC,CAAC;IACnG,CAAC;IAED,kBAAkB;IAClB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;QACjB,cAAc,EAAE,mBAAmB;QACnC,eAAe,EAAE,UAAU;QAC3B,YAAY,EAAE,YAAY;KAC3B,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,IAAI,UAAU,GAAG,EAAE,CAAC;IAEpB,0CAA0C;IAC1C,MAAM,cAAc,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAE1D,gDAAgD;IAChD,MAAM,aAAa,GAA4D,EAAE,CAAC;IAElF,IAAI,CAAC;QACH,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,IAAI;gBAAE,MAAM;YAEhB,eAAe;YACf,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;YAEtD,yBAAyB;YACzB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACrC,UAAU,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,iCAAiC;YAEjE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;oBACjB,yCAAyC;oBACzC,kBAAkB,CAAC,aAAa,EAAE,cAAc,EAAE,GAAG,CAAC,CAAC;oBACvD,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAChB,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC/B,GAAG,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;oBACvB,SAAS;gBACX,CAAC;gBAED,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAClC,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;oBAC7B,+BAA+B;oBAC/B,kBAAkB,CAAC,aAAa,EAAE,cAAc,EAAE,GAAG,CAAC,CAAC;oBACvD,GAAG,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;oBACvB,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAmB,CAAC;oBACzD,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC;oBAExD,IAAI,WAAW,KAAK,SAAS,IAAI,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;wBACvD,uCAAuC;wBACvC,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;wBAErD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACxB,wCAAwC;4BACxC,MAAM,aAAa,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;4BACpC,aAAa,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAClD,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,KAAK,EAAE,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CACjE,CAAC;4BACF,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;wBACxD,CAAC;wBAED,yDAAyD;wBACzD,gDAAgD;oBAClD,CAAC;yBAAM,CAAC;wBACN,gDAAgD;wBAChD,GAAG,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;oBACzB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,+BAA+B;oBAC/B,GAAG,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,IAAI,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC;YACtB,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;QAC/B,CAAC;QAED,kEAAkE;QAClE,MAAM,YAAY,GAAG,cAAc,CAAC,QAAQ,EAAE,CAAC;QAC/C,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,8CAA8C;YAC9C,MAAM,UAAU,GAAmB;gBACjC,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;aAC/E,CAAC;YACF,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACrD,CAAC;QAED,wBAAwB;QACxB,IAAI,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC1B,eAAe,CAAC;gBACd,SAAS;gBACT,OAAO,EAAE,QAAQ;gBACjB,QAAQ,EAAE,sBAAsB;gBAChC,KAAK;gBACL,YAAY;gBACZ,gBAAgB,EAAE,YAAY,CAAC,IAAI;gBACnC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY;aACtC,CAAC,CAAC;QACL,CAAC;QAED,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;QAC5D,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAcD;;GAEG;AACH,SAAS,kBAAkB,CACzB,cAAuE,EACvE,eAAwD,EACxD,IAAoB;IAEpB,iEAAiE;AACnE,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,QAAkB,EAClB,GAAmB,EACnB,YAA0B,EAC1B,SAAiB,EACjB,KAAc;IAEd,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAChC,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAE9C,mCAAmC;IACnC,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAEzD,wBAAwB;IACxB,IAAI,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC1B,eAAe,CAAC;YACd,SAAS;YACT,OAAO,EAAE,QAAQ;YACjB,QAAQ,EAAE,sBAAsB;YAChC,KAAK;YACL,YAAY;YACZ,gBAAgB,EAAE,YAAY,CAAC,IAAI;YACnC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY;SACtC,CAAC,CAAC;IACL,CAAC;IAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,GAAoB;IACpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;YACvB,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACnC,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/gateway/dist/index.d.ts

@@ -0,0 +1,27 @@
+#!/usr/bin/env node
+/**
+ * OpenGuardrails AI Security Gateway
+ *
+ * Local HTTP proxy that intercepts LLM API calls, sanitizes sensitive data
+ * before sending to providers, and restores it in responses.
+ * Supports Anthropic, OpenAI, and Gemini protocols.
+ */
+/**
+ * Stop the gateway server
+ */
+export declare function stopGateway(): Promise<void>;
+/**
+ * Check if gateway is running
+ */
+export declare function isGatewayServerRunning(): boolean;
+/**
+ * Start gateway server
+ * @param configPath - Path to config file
+ * @param embedded - If true, don't call process.exit on errors (for in-process use)
+ */
+export declare function startGateway(configPath?: string, embedded?: boolean): void;
+export { sanitize, sanitizeMessages } from "./sanitizer.js";
+export { restore, restoreJSON, restoreSSELine } from "./restorer.js";
+export { addActivityListener, removeActivityListener, clearActivityListeners, } from "./activity.js";
+export type { GatewayConfig, MappingTable, SanitizeResult, EntityMatch, GatewayActivityEvent, ActivityListener, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/gateway/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;GAMG;AAwMH;;GAEG;AACH,wBAAgB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAY3C;AAED;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,OAAO,CAEhD;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,QAAQ,UAAQ,GAAG,IAAI,CAmFxE;AAGD,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,eAAe,CAAC;AAEvB,YAAY,EACV,aAAa,EACb,YAAY,EACZ,cAAc,EACd,WAAW,EACX,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,YAAY,CAAC"}

package/dist/gateway/dist/index.js

@@ -0,0 +1,290 @@
+#!/usr/bin/env node
+/**
+ * OpenGuardrails AI Security Gateway
+ *
+ * Local HTTP proxy that intercepts LLM API calls, sanitizes sensitive data
+ * before sending to providers, and restores it in responses.
+ * Supports Anthropic, OpenAI, and Gemini protocols.
+ */
+import { createServer } from "node:http";
+import { loadConfig, validateConfig, findBackendByApiKey, findDefaultBackend, findBackendByPathPrefix } from "./config.js";
+import { handleAnthropicRequest } from "./handlers/anthropic.js";
+import { handleOpenAIRequest } from "./handlers/openai.js";
+import { handleGeminiRequest } from "./handlers/gemini.js";
+import { handleModelsRequest } from "./handlers/models.js";
+let config;
+let currentServer = null;
+/**
+ * Extract API key from request headers
+ */
+function extractApiKey(req) {
+    // Try x-api-key header (Anthropic style)
+    const xApiKey = req.headers["x-api-key"];
+    if (xApiKey && typeof xApiKey === "string") {
+        return xApiKey;
+    }
+    // Try Authorization: Bearer (OpenAI style)
+    const auth = req.headers["authorization"];
+    if (auth && typeof auth === "string" && auth.startsWith("Bearer ")) {
+        return auth.slice(7);
+    }
+    // Try x-goog-api-key (Gemini style)
+    const googKey = req.headers["x-goog-api-key"];
+    if (googKey && typeof googKey === "string") {
+        return googKey;
+    }
+    return null;
+}
+/**
+ * Resolve backend for a request based on path prefix, API key, or defaults
+ * Priority: pathPrefix > apiKey > defaultBackend
+ */
+function resolveBackend(req, apiType) {
+    const url = req.url || "";
+    // 1. Try to find backend by path prefix (most specific)
+    const byPath = findBackendByPathPrefix(url, config);
+    if (byPath) {
+        return byPath;
+    }
+    // 2. Try to find backend by API key
+    const apiKey = extractApiKey(req);
+    if (apiKey) {
+        const byKey = findBackendByApiKey(apiKey, config);
+        if (byKey) {
+            return byKey;
+        }
+    }
+    // 3. Fall back to default backend for the API type
+    return findDefaultBackend(apiType, config);
+}
+/**
+ * Main request handler
+ */
+async function handleRequest(req, res) {
+    const { method, url } = req;
+    // Log request (skip health checks to reduce noise)
+    if (url !== "/health") {
+        console.log(`[ai-security-gateway] ${method} ${url}`);
+    }
+    // CORS headers (for browser-based clients)
+    res.setHeader("Access-Control-Allow-Origin", "*");
+    res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, x-api-key, anthropic-version");
+    // Handle OPTIONS for CORS preflight
+    if (method === "OPTIONS") {
+        res.writeHead(204);
+        res.end();
+        return;
+    }
+    // Health check (allow GET)
+    if (url === "/health") {
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ status: "ok", version: "1.0.0" }));
+        return;
+    }
+    // Handle GET /v1/models — proxy to configured backend's models endpoint
+    if (method === "GET" && url === "/v1/models") {
+        await handleModelsRequest(res, config);
+        return;
+    }
+    // Only allow POST for API endpoints
+    if (method !== "POST") {
+        res.writeHead(405, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Method not allowed" }));
+        return;
+    }
+    // Route to appropriate handler based on path suffix
+    // This allows flexible path prefixes (e.g., /v1/coding/chat/completions)
+    try {
+        if (url?.endsWith("/messages")) {
+            // Anthropic Messages API (matches /v1/messages, /v1/xxx/messages, etc.)
+            const resolved = resolveBackend(req, "anthropic");
+            if (!resolved) {
+                res.writeHead(500, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({ error: "No Anthropic-compatible backend configured" }));
+                return;
+            }
+            await handleAnthropicRequest(req, res, resolved.backend);
+        }
+        else if (url?.endsWith("/chat/completions")) {
+            // OpenAI/OpenRouter Chat Completions API
+            // Try to extract backend name from URL: /backend/{name}/chat/completions
+            const backendMatch = url.match(/^\/backend\/([^/]+)\//);
+            let resolved = null;
+            if (backendMatch) {
+                const backendName = backendMatch[1];
+                const backend = config.backends[backendName];
+                if (backend) {
+                    resolved = { name: backendName, backend };
+                    console.log(`[ai-security-gateway] Backend from URL: ${backendName}`);
+                }
+            }
+            // Fallback to path prefix or default
+            if (!resolved) {
+                resolved = resolveBackend(req, "openai");
+                console.log(`[ai-security-gateway] Resolved backend: ${resolved?.name}`);
+            }
+            // Check explicit routing config
+            const explicitBackendName = config.routing?.["/v1/chat/completions"];
+            const backend = explicitBackendName
+                ? config.backends[explicitBackendName]
+                : resolved?.backend;
+            if (!backend) {
+                res.writeHead(500, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({ error: "No OpenAI-compatible backend configured" }));
+                return;
+            }
+            const extraHeaders = {};
+            if (backend.referer) {
+                extraHeaders["HTTP-Referer"] = backend.referer;
+            }
+            if (backend.title) {
+                extraHeaders["X-Title"] = backend.title;
+            }
+            await handleOpenAIRequest(req, res, backend, extraHeaders);
+        }
+        else if (url?.match(/\/models\/(.+):generateContent$/)) {
+            // Gemini API (matches any path ending with /models/{model}:generateContent)
+            const match = url.match(/\/models\/(.+):generateContent$/);
+            const modelName = match?.[1];
+            if (modelName) {
+                const resolved = resolveBackend(req, "gemini");
+                if (!resolved) {
+                    res.writeHead(500, { "Content-Type": "application/json" });
+                    res.end(JSON.stringify({ error: "No Gemini backend configured" }));
+                    return;
+                }
+                await handleGeminiRequest(req, res, resolved.backend, modelName);
+            }
+            else {
+                res.writeHead(404, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({ error: "Model name required" }));
+            }
+        }
+        else {
+            // Unknown endpoint
+            res.writeHead(404, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: "Not found", url }));
+        }
+    }
+    catch (error) {
+        console.error("[ai-security-gateway] Request handler error:", error);
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({
+            error: "Internal server error",
+            message: error instanceof Error ? error.message : String(error),
+        }));
+    }
+}
+/**
+ * Stop the gateway server
+ */
+export function stopGateway() {
+    return new Promise((resolve) => {
+        if (currentServer) {
+            currentServer.close(() => {
+                currentServer = null;
+                console.log("[ai-security-gateway] Server stopped");
+                resolve();
+            });
+        }
+        else {
+            resolve();
+        }
+    });
+}
+/**
+ * Check if gateway is running
+ */
+export function isGatewayServerRunning() {
+    return currentServer !== null;
+}
+/**
+ * Start gateway server
+ * @param configPath - Path to config file
+ * @param embedded - If true, don't call process.exit on errors (for in-process use)
+ */
+export function startGateway(configPath, embedded = false) {
+    // Stop existing server if running (same process)
+    if (currentServer) {
+        if (!embedded)
+            console.log("[ai-security-gateway] Stopping existing server for restart...");
+        currentServer.close();
+        currentServer = null;
+    }
+    try {
+        // Load and validate configuration
+        config = loadConfig(configPath);
+        validateConfig(config);
+        if (!embedded) {
+            console.log("[ai-security-gateway] Configuration loaded:");
+            console.log(`  Port: ${config.port}`);
+            console.log(`  Backends: ${Object.keys(config.backends).join(", ") || "(none)"}`);
+        }
+        // Create HTTP server
+        const server = createServer(handleRequest);
+        currentServer = server;
+        // Handle server errors
+        server.on("error", (err) => {
+            console.error("[ai-security-gateway] Server error:", err);
+            currentServer = null;
+            if (!embedded) {
+                process.exit(1);
+            }
+            throw err;
+        });
+        // Start listening
+        server.listen(config.port, "127.0.0.1", () => {
+            if (!embedded) {
+                console.log(`[ai-security-gateway] Server listening on http://127.0.0.1:${config.port}`);
+                console.log("[ai-security-gateway] Ready to proxy requests");
+                console.log("");
+                console.log("Endpoints:");
+                console.log(`  POST http://127.0.0.1:${config.port}/v1/messages - Anthropic`);
+                console.log(`  POST http://127.0.0.1:${config.port}/v1/chat/completions - OpenAI / OpenRouter`);
+                console.log(`  POST http://127.0.0.1:${config.port}/v1/models/:model:generateContent - Gemini`);
+                console.log(`  GET  http://127.0.0.1:${config.port}/v1/models - List models (OpenAI / OpenRouter)`);
+                console.log(`  GET  http://127.0.0.1:${config.port}/health - Health check`);
+            }
+        });
+        // In embedded mode, don't let the server prevent process exit
+        if (embedded) {
+            server.unref();
+        }
+        // Only register shutdown handlers if not embedded
+        if (!embedded) {
+            process.on("SIGINT", () => {
+                console.log("\n[ai-security-gateway] Shutting down...");
+                server.close(() => {
+                    console.log("[ai-security-gateway] Server stopped");
+                    process.exit(0);
+                });
+            });
+            process.on("SIGTERM", () => {
+                console.log("\n[ai-security-gateway] Shutting down...");
+                server.close(() => {
+                    console.log("[ai-security-gateway] Server stopped");
+                    process.exit(0);
+                });
+            });
+        }
+    }
+    catch (error) {
+        console.error("[ai-security-gateway] Failed to start:", error);
+        currentServer = null;
+        if (!embedded) {
+            process.exit(1);
+        }
+        throw error;
+    }
+}
+// Re-export for programmatic use
+export { sanitize, sanitizeMessages } from "./sanitizer.js";
+export { restore, restoreJSON, restoreSSELine } from "./restorer.js";
+export { addActivityListener, removeActivityListener, clearActivityListeners, } from "./activity.js";
+// Start if run directly
+if (import.meta.url === `file://${process.argv[1]}`) {
+    const configPath = process.argv[2];
+    startGateway(configPath);
+}
+//# sourceMappingURL=index.js.map

package/dist/gateway/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAEzC,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,uBAAuB,EAAqB,MAAM,aAAa,CAAC;AAE9I,OAAO,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAE3D,IAAI,MAAqB,CAAC;AAC1B,IAAI,aAAa,GAA2C,IAAI,CAAC;AAEjE;;GAEG;AACH,SAAS,aAAa,CAAC,GAAoB;IACzC,yCAAyC;IACzC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACzC,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC3C,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,2CAA2C;IAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAC1C,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACnE,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IAED,oCAAoC;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC9C,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC3C,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CACrB,GAAoB,EACpB,OAAgB;IAEhB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC;IAE1B,wDAAwD;IACxD,MAAM,MAAM,GAAG,uBAAuB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACpD,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,oCAAoC;IACpC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,mBAAmB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAClD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,mDAAmD;IACnD,OAAO,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAoB,EACpB,GAAmB;IAEnB,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;IAE5B,mDAAmD;IACnD,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,yBAAyB,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,2CAA2C;IAC3C,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;IAClD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,oBAAoB,CAAC,CAAC;IACpE,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,2DAA2D,CAAC,CAAC;IAE3G,oCAAoC;IACpC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO;IACT,CAAC;IAED,2BAA2B;IAC3B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QAC5D,OAAO;IACT,CAAC;IAED,wEAAwE;IACxE,IAAI,MAAM,KAAK,KAAK,IAAI,GAAG,KAAK,YAAY,EAAE,CAAC;QAC7C,MAAM,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACvC,OAAO;IACT,CAAC;IAED,oCAAoC;IACpC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC;QACzD,OAAO;IACT,CAAC;IAED,oDAAoD;IACpD,yEAAyE;IACzE,IAAI,CAAC;QACH,IAAI,GAAG,EAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/B,wEAAwE;YACxE,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;YAClD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC,CAAC;gBACjF,OAAO;YACT,CAAC;YACD,MAAM,sBAAsB,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,GAAG,EAAE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC9C,yCAAyC;YACzC,yEAAyE;YACzE,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACxD,IAAI,QAAQ,GAAoD,IAAI,CAAC;YAErE,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,WAAW,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;gBACpC,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC7C,IAAI,OAAO,EAAE,CAAC;oBACZ,QAAQ,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;oBAC1C,OAAO,CAAC,GAAG,CAAC,2CAA2C,WAAW,EAAE,CAAC,CAAC;gBACxE,CAAC;YACH,CAAC;YAED,qCAAqC;YACrC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,QAAQ,GAAG,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;gBACzC,OAAO,CAAC,GAAG,CAAC,2CAA2C,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;YAC3E,CAAC;YAED,gCAAgC;YAChC,MAAM,mBAAmB,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,sBAAsB,CAAC,CAAC;YACrE,MAAM,OAAO,GAAG,mBAAmB;gBACjC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAC;gBACtC,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC;YAEtB,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC,CAAC;gBAC9E,OAAO;YACT,CAAC;YAED,MAAM,YAAY,GAA2B,EAAE,CAAC;YAChD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACpB,YAAY,CAAC,cAAc,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;YACjD,CAAC;YACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,YAAY,CAAC,SAAS,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC;YAC1C,CAAC;YACD,MAAM,mBAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC;aAAM,IAAI,GAAG,EAAE,KAAK,CAAC,iCAAiC,CAAC,EAAE,CAAC;YACzD,4EAA4E;YAC5E,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;YAC3D,MAAM,SAAS,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7B,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;gBAC/C,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACd,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,mBAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YACnE,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;aAAM,CAAC;YACN,mBAAmB;YACnB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,KAAK,CAAC,CAAC;QACrE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAChE,CAAC,CACH,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,IAAI,aAAa,EAAE,CAAC;YAClB,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE;gBACvB,aAAa,GAAG,IAAI,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;gBACpD,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO,aAAa,KAAK,IAAI,CAAC;AAChC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,UAAmB,EAAE,QAAQ,GAAG,KAAK;IAChE,iDAAiD;IACjD,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC,QAAQ;YAAE,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;QAC5F,aAAa,CAAC,KAAK,EAAE,CAAC;QACtB,aAAa,GAAG,IAAI,CAAC;IACvB,CAAC;IAED,IAAI,CAAC;QACH,kCAAkC;QAClC,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QAChC,cAAc,CAAC,MAAM,CAAC,CAAC;QAEvB,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YACtC,OAAO,CAAC,GAAG,CACT,eAAe,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,EAAE,CACrE,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,MAAM,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;QAC3C,aAAa,GAAG,MAAM,CAAC;QAEvB,uBAAuB;QACvB,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;YAChD,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,GAAG,CAAC,CAAC;YAC1D,aAAa,GAAG,IAAI,CAAC;YACrB,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC,CAAC;QAEH,kBAAkB;QAClB,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;YAC3C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CACT,8DAA8D,MAAM,CAAC,IAAI,EAAE,CAC5E,CAAC;gBACF,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;gBAC7D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,2BAA2B,MAAM,CAAC,IAAI,0BAA0B,CAAC,CAAC;gBAC9E,OAAO,CAAC,GAAG,CAAC,2BAA2B,MAAM,CAAC,IAAI,4CAA4C,CAAC,CAAC;gBAChG,OAAO,CAAC,GAAG,CAAC,2BAA2B,MAAM,CAAC,IAAI,4CAA4C,CAAC,CAAC;gBAChG,OAAO,CAAC,GAAG,CAAC,2BAA2B,MAAM,CAAC,IAAI,gDAAgD,CAAC,CAAC;gBACpG,OAAO,CAAC,GAAG,CAAC,2BAA2B,MAAM,CAAC,IAAI,wBAAwB,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,8DAA8D;QAC9D,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QAED,kDAAkD;QAClD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACxB,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;gBACxD,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;oBAChB,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACzB,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;gBACxD,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;oBAChB,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,KAAK,CAAC,CAAC;QAC/D,aAAa,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,iCAAiC;AACjC,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,eAAe,CAAC;AAWvB,wBAAwB;AACxB,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,UAAU,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IACpD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnC,YAAY,CAAC,UAAU,CAAC,CAAC;AAC3B,CAAC"}

package/dist/gateway/dist/mapping-store.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Persistent Mapping Store
+ *
+ * Maintains a global mapping between original values and placeholders.
+ * This ensures the same sensitive data always gets the same placeholder,
+ * allowing restoration to work across multiple requests in a conversation.
+ */
+import type { MappingTable } from "./types.js";
+/**
+ * Get or create a placeholder for an original value
+ * If the value was seen before, returns the same placeholder
+ */
+export declare function getOrCreatePlaceholder(originalValue: string, entityType: string): string;
+/**
+ * Get the original value for a placeholder
+ */
+export declare function getOriginalValue(placeholder: string): string | undefined;
+/**
+ * Check if a string is a known placeholder
+ */
+export declare function isKnownPlaceholder(text: string): boolean;
+/**
+ * Get all placeholders and their original values as a MappingTable
+ * This is used for restoration
+ */
+export declare function getGlobalMappingTable(): MappingTable;
+/**
+ * Get current statistics
+ */
+export declare function getMappingStats(): {
+    totalMappings: number;
+    byType: Record<string, number>;
+};
+/**
+ * Clear all mappings (for testing or reset)
+ */
+export declare function clearMappings(): void;
+//# sourceMappingURL=mapping-store.d.ts.map

package/dist/gateway/dist/mapping-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mapping-store.d.ts","sourceRoot":"","sources":["../src/mapping-store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAW/C;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,aAAa,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAmBxF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAExE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAExD;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,YAAY,CAEpD;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI;IAAE,aAAa,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,CAS3F;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,IAAI,CAIpC"}