aigetwey 1.0.1

package/src/routes/health.ts

@@ -0,0 +1,5 @@
+import type { FastifyInstance } from "fastify";
+
+export function registerHealthRoute(app: FastifyInstance): void {
+  app.get("/health", () => ({ ok: true }));
+}

package/src/routes/index.ts

@@ -0,0 +1,24 @@
+import type { FastifyInstance } from "fastify";
+import { registerHealthRoute } from "./health.js";
+import { registerV1Routes } from "./v1.js";
+import { registerAdminRoutes } from "./admin.js";
+import type { GatewayState } from "../core/state.js";
+import type { UsageDB } from "../db.js";
+import type { AuthStore } from "../core/authStore.js";
+
+export function registerRoutes(
+  app: FastifyInstance,
+  state: GatewayState,
+  db: UsageDB | undefined,
+  auth: AuthStore,
+): void {
+  registerHealthRoute(app);
+  registerV1Routes(app, state, db);
+  registerAdminRoutes(app, { state, db, auth });
+
+  if (state.config.server.api_keys.length === 0) {
+    app.log.warn(
+      "server.api_keys is empty — gateway auth is DISABLED. Safe only on localhost; set keys before exposing remotely.",
+    );
+  }
+}

package/src/routes/v1.ts

@@ -0,0 +1,87 @@
+import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
+import { checkAuth } from "../middleware/auth.js";
+import type { GatewayState } from "../core/state.js";
+import { handle, GatewayError, type HandleDeps } from "../core/handler.js";
+import type { WireFormat } from "../core/canonical.js";
+import type { UsageDB } from "../db.js";
+
+/**
+ * /v1 proxy surface. Auth-gates on the gateway's own keys (read from state each
+ * request so a hot-reload takes effect immediately), then runs the translation
+ * pipeline (non-stream JSON or SSE stream).
+ */
+export function registerV1Routes(app: FastifyInstance, state: GatewayState, db?: UsageDB): void {
+  const requireAuth = {
+    preHandler: (req: FastifyRequest, reply: FastifyReply, done: (err?: Error) => void) => {
+      const res = checkAuth(req, state.config.server.api_keys);
+      if (!res.ok) {
+        reply.code(res.status ?? 401).send({ error: res.error });
+        return; // skip done() to short-circuit the route
+      }
+      done();
+    },
+  };
+
+  // build deps from the live holder per request (never close over config/pool).
+  const depsNow = (): HandleDeps => ({
+    config: state.config,
+    pool: state.pool,
+    quota: state.quota,
+    db,
+    log: (msg) => app.log.info(msg),
+  });
+
+  app.post("/v1/chat/completions", requireAuth, (req, reply) => dispatch(depsNow(), "openai", req, reply));
+  app.post("/v1/messages", requireAuth, (req, reply) => dispatch(depsNow(), "anthropic", req, reply));
+}
+
+const SSE_HEADERS = {
+  "content-type": "text/event-stream; charset=utf-8",
+  "cache-control": "no-cache, no-transform",
+  connection: "keep-alive",
+};
+
+async function dispatch(
+  deps: HandleDeps,
+  clientFormat: WireFormat,
+  req: FastifyRequest,
+  reply: FastifyReply,
+): Promise<void> {
+  const controller = new AbortController();
+  // abort upstream only if the CLIENT disconnects before we finish the reply.
+  reply.raw.on("close", () => {
+    if (!reply.raw.writableFinished) controller.abort();
+  });
+
+  let result;
+  try {
+    result = await handle(deps, clientFormat, req.body, controller.signal);
+  } catch (e) {
+    if (e instanceof GatewayError) {
+      reply.code(e.status).send(e.payload);
+      return;
+    }
+    req.log.error(e);
+    reply.code(500).send({ error: "internal gateway error" });
+    return;
+  }
+
+  if (result.sse) {
+    reply.raw.writeHead(result.status, SSE_HEADERS);
+    try {
+      for await (const bytes of result.sse) {
+        // respect backpressure: wait for drain when the socket buffer is full.
+        if (!reply.raw.write(bytes)) {
+          await new Promise((r) => reply.raw.once("drain", r));
+        }
+      }
+    } catch (e) {
+      req.log.error(e, "stream error");
+    } finally {
+      reply.raw.end();
+    }
+    return;
+  }
+
+  reply.code(result.status).send(result.json);
+}

package/src/rtk/detect.ts

@@ -0,0 +1,55 @@
+/**
+ * RTK (tool-output) autodetect. Peeks the first window of a tool_result string
+ * and classifies its format so the matching filter can compress it. Patterns are
+ * tried in order; the first match wins. Returns null when nothing matches (the
+ * text is then left untouched).
+ */
+
+export type ToolOutputShape = "git-diff" | "git-status" | "grep" | "tree" | "ls" | "find";
+
+const DETECT_WINDOW = 1024;
+
+interface Detector {
+  shape: ToolOutputShape;
+  test: (head: string) => boolean;
+}
+
+const DETECTORS: Detector[] = [
+  // unified diff: `diff --git a/... b/...` or leading `--- ` / `+++ `
+  { shape: "git-diff", test: (h) => /^diff --git /m.test(h) || /^--- .+\n\+\+\+ /m.test(h) },
+  // git status --porcelain: two status columns then a path
+  { shape: "git-status", test: (h) => /^[ MADRCU?!][ MADRCU?!] \S/m.test(h) },
+  // grep -n / rg: `path:line:content` on most lines
+  {
+    shape: "grep",
+    test: (h) => {
+      const lines = h.split("\n").filter((l) => l.trim()).slice(0, 8);
+      if (lines.length < 2) return false;
+      const hits = lines.filter((l) => /^[^:\n]+:\d+:/.test(l)).length;
+      return hits >= Math.ceil(lines.length / 2);
+    },
+  },
+  // tree: box-drawing branch glyphs
+  { shape: "tree", test: (h) => /[│├└]── /.test(h) },
+  // ls -l: permission string at line start
+  { shape: "ls", test: (h) => /^[-dlbcps][rwx-]{9}[ @.+]?\s/m.test(h) },
+  // find / plain path list: most lines look like paths, no `:line:`
+  {
+    shape: "find",
+    test: (h) => {
+      const lines = h.split("\n").filter((l) => l.trim()).slice(0, 8);
+      if (lines.length < 3) return false;
+      const paths = lines.filter((l) => /^\.?\/?[\w.-]+(\/[\w.-]+)+\/?$/.test(l.trim())).length;
+      return paths >= Math.ceil(lines.length / 2);
+    },
+  },
+];
+
+export function detectShape(text: string): ToolOutputShape | null {
+  if (!text) return null;
+  const head = text.slice(0, DETECT_WINDOW);
+  for (const d of DETECTORS) {
+    if (d.test(head)) return d.shape;
+  }
+  return null;
+}

package/src/rtk/filters.ts

@@ -0,0 +1,94 @@
+/**
+ * RTK per-format compressors. Each takes a tool-output string and returns a
+ * shorter equivalent, trimming redundant bulk a model rarely needs while keeping
+ * the signal. Callers apply a safety net (never empty, never larger); filters
+ * here just do the format-specific trimming.
+ */
+import type { ToolOutputShape } from "./detect.js";
+
+const MAX_HUNK_LINES = 80; // per diff hunk
+const MAX_GREP_PER_FILE = 10; // matches kept per file
+const MAX_LIST_LINES = 200; // ls / find / tree entries
+
+function elide(n: number, noun: string): string {
+  return `… (${n} more ${noun} elided by rtk)`;
+}
+
+/** Truncate long hunks in a unified diff, keeping headers + a bounded body. */
+function filterGitDiff(text: string): string {
+  const lines = text.split("\n");
+  const out: string[] = [];
+  let hunkBody = 0;
+  for (const line of lines) {
+    if (line.startsWith("diff --git ") || line.startsWith("@@")) {
+      hunkBody = 0;
+      out.push(line);
+      continue;
+    }
+    if (/^(---|\+\+\+|index |new file|deleted file|similarity|rename) /.test(line)) {
+      out.push(line);
+      continue;
+    }
+    hunkBody++;
+    if (hunkBody <= MAX_HUNK_LINES) out.push(line);
+    else if (hunkBody === MAX_HUNK_LINES + 1) out.push(elide(0, "hunk lines"));
+  }
+  return out.join("\n");
+}
+
+/** git status --porcelain is already terse; just cap pathological lengths. */
+function filterGitStatus(text: string): string {
+  return capLines(text, MAX_LIST_LINES, "changes");
+}
+
+/** Cap matches per file in grep/rg output, keeping the file grouping. */
+function filterGrep(text: string): string {
+  const perFile = new Map<string, number>();
+  const out: string[] = [];
+  let skipped = 0;
+  for (const line of text.split("\n")) {
+    const m = /^([^:\n]+):(\d+):/.exec(line);
+    if (!m) {
+      out.push(line);
+      continue;
+    }
+    const file = m[1]!;
+    const n = (perFile.get(file) ?? 0) + 1;
+    perFile.set(file, n);
+    if (n <= MAX_GREP_PER_FILE) out.push(line);
+    else skipped++;
+  }
+  if (skipped > 0) out.push(elide(skipped, "matches"));
+  return out.join("\n");
+}
+
+function filterTree(text: string): string {
+  return capLines(text, MAX_LIST_LINES, "entries");
+}
+function filterLs(text: string): string {
+  return capLines(text, MAX_LIST_LINES, "entries");
+}
+function filterFind(text: string): string {
+  return capLines(text, MAX_LIST_LINES, "paths");
+}
+
+function capLines(text: string, max: number, noun: string): string {
+  const lines = text.split("\n");
+  if (lines.length <= max) return text;
+  const kept = lines.slice(0, max);
+  kept.push(elide(lines.length - max, noun));
+  return kept.join("\n");
+}
+
+const FILTERS: Record<ToolOutputShape, (t: string) => string> = {
+  "git-diff": filterGitDiff,
+  "git-status": filterGitStatus,
+  grep: filterGrep,
+  tree: filterTree,
+  ls: filterLs,
+  find: filterFind,
+};
+
+export function applyFilter(shape: ToolOutputShape, text: string): string {
+  return FILTERS[shape](text);
+}

package/src/rtk/index.ts

@@ -0,0 +1,58 @@
+/**
+ * RTK token saver. Compresses tool-output text inside tool messages before the
+ * request is sent upstream, trimming redundant bulk (long diffs, huge grep
+ * dumps, directory listings) that inflates input tokens without adding signal.
+ *
+ * Operates on the canonical request, so it's format-agnostic: an Anthropic
+ * tool_result and an OpenAI tool message both arrive here as role="tool".
+ *
+ * Fail-open + safety net: a filtered result is only used when it's non-empty AND
+ * smaller than the original. A detector/filter that throws is swallowed and the
+ * original text kept — RTK must never break a request.
+ */
+import type { CanonicalMessage } from "../core/canonical.js";
+import { detectShape } from "./detect.js";
+import { applyFilter } from "./filters.js";
+
+export interface RtkStats {
+  /** number of tool outputs compressed */
+  hits: number;
+  bytesIn: number;
+  bytesOut: number;
+  shapes: string[];
+}
+
+function compressText(text: string, stats: RtkStats): string {
+  let filtered: string;
+  try {
+    const shape = detectShape(text);
+    if (!shape) return text;
+    filtered = applyFilter(shape, text);
+    // safety: never blank the content, never grow it
+    if (!filtered || filtered.length >= text.length) return text;
+
+    stats.hits++;
+    stats.bytesIn += text.length;
+    stats.bytesOut += filtered.length;
+    stats.shapes.push(shape);
+    return filtered;
+  } catch {
+    // fail-open: a buggy filter must not break the request
+    return text;
+  }
+}
+
+/**
+ * Compress tool-output content in place. Returns stats (hits=0 when nothing was
+ * compressible). Only touches role="tool" messages with string content.
+ */
+export function compressMessages(messages: CanonicalMessage[]): RtkStats {
+  const stats: RtkStats = { hits: 0, bytesIn: 0, bytesOut: 0, shapes: [] };
+  for (const msg of messages) {
+    if (msg.role !== "tool") continue;
+    if (typeof msg.content === "string") {
+      msg.content = compressText(msg.content, stats);
+    }
+  }
+  return stats;
+}

package/src/server.ts

@@ -0,0 +1,108 @@
+import Fastify from "fastify";
+import { resolve, join } from "node:path";
+import { loadConfig } from "./config.js";
+import { registerRoutes } from "./routes/index.js";
+import { GatewayState } from "./core/state.js";
+import { UsageDB } from "./db.js";
+import { QuotaTracker } from "./core/quota.js";
+import { AuthStore } from "./core/authStore.js";
+import { consoleBuffer } from "./core/console-buffer.js";
+
+async function main(): Promise<void> {
+  const configPath = resolve(process.env.AIGETWEY_CONFIG ?? "config.yaml");
+
+  let config;
+  try {
+    config = loadConfig(configPath);
+  } catch (e) {
+    console.error((e as Error).message);
+    process.exit(1);
+  }
+
+  // Tee pino's output into the console buffer for the dashboard's live SSE viewer.
+  // pino (sonic-boom) writes straight to fd 1, bypassing process.stdout.write — so
+  // we hand it an explicit destination stream instead of patching stdout, otherwise
+  // app.log.* lines never reach the buffer and the Server Console looks dead.
+  const logStream = {
+    write(line: string): boolean {
+      process.stdout.write(line);
+      for (const raw of line.split("\n")) {
+        if (!raw.trim()) continue;
+        try {
+          const o = JSON.parse(raw) as { level?: number; msg?: unknown; reqId?: string };
+          const lvl =
+            (o.level ?? 30) >= 50 ? "ERROR" : (o.level ?? 30) >= 40 ? "WARN" : (o.level ?? 30) >= 20 ? "INFO" : "DEBUG";
+          const msg = typeof o.msg === "string" ? o.msg : o.msg !== undefined ? JSON.stringify(o.msg) : raw.trim();
+          consoleBuffer.push(lvl, o.reqId ? `[${o.reqId}] ${msg}` : msg);
+        } catch {
+          consoleBuffer.push("LOG", raw.trim());
+        }
+      }
+      return true;
+    },
+  };
+
+  const app = Fastify({
+    logger: { level: process.env.LOG_LEVEL ?? "info", stream: logStream },
+    // gateway proxies large prompts; raise the JSON body cap.
+    bodyLimit: 32 * 1024 * 1024,
+  });
+
+  // unified data dir (default ./data); usage tracking lives here.
+  const dataDir = resolve(process.env.AIGETWEY_DATA_DIR ?? "data");
+  const db = new UsageDB(join(dataDir, "usage.sqlite"));
+
+  // quota counts persist via the DB so a restart within a window keeps the budget.
+  const quota = new QuotaTracker(Date.now, {
+    load: () => db.loadQuota(),
+    save: (id, start, consumed) => db.saveQuota(id, start, consumed),
+  });
+
+  // holder enables runtime config edits (hot-reload) from the dashboard.
+  const state = new GatewayState(configPath, config, quota);
+  // admin password lives in a hash store (seeded from the env on first run,
+  // changeable at runtime from the dashboard).
+  const auth = AuthStore.open(dataDir, process.env.AIGETWEY_ADMIN_PASSWORD);
+
+  registerRoutes(app, state, db, auth);
+
+  // Single-URL mode: when the launcher runs the dashboard on an internal port,
+  // reverse-proxy everything the gateway doesn't own (the UI, /api/gw, /_next…)
+  // to it. The API routes above (/v1, /admin, /health) are more specific than the
+  // proxy's catch-all, so client traffic stays direct on Fastify — only the
+  // low-traffic dashboard is proxied. One address serves both.
+  const dashUpstream = process.env.AIGETWEY_DASHBOARD_PORT;
+  if (dashUpstream) {
+    await app.register(import("@fastify/http-proxy"), {
+      upstream: `http://127.0.0.1:${dashUpstream}`,
+      prefix: "/",
+      // forward the whole HTTP surface the dashboard needs (pages + its API).
+      httpMethods: ["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS"],
+      // keep the ORIGINAL Host so Next builds redirects (e.g. → /login) against
+      // the gateway's address, not the internal dashboard port.
+      replyOptions: {
+        rewriteRequestHeaders: (req, headers) => ({ ...headers, host: req.headers.host ?? headers.host }),
+      },
+    });
+  }
+
+  const close = () => {
+    db.close();
+    process.exit(0);
+  };
+  process.on("SIGINT", close);
+  process.on("SIGTERM", close);
+
+  try {
+    // AIGETWEY_PORT (set by the CLI launcher) overrides the config port so the
+    // launcher can pin the gateway port without editing config.yaml.
+    const port = process.env.AIGETWEY_PORT ? Number(process.env.AIGETWEY_PORT) : config.server.port;
+    await app.listen({ host: config.server.host, port });
+    app.log.info(`aigetwey listening on http://${config.server.host}:${port}`);
+  } catch (e) {
+    app.log.error(e);
+    process.exit(1);
+  }
+}
+
+main();