blackriver-gateway 3.8.46
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +2070 -0
- package/@omniroute/opencode-plugin/LICENSE +21 -0
- package/@omniroute/opencode-plugin/README.md +296 -0
- package/@omniroute/opencode-plugin/package-lock.json +1930 -0
- package/@omniroute/opencode-plugin/package.json +73 -0
- package/@omniroute/opencode-plugin/src/index.ts +4685 -0
- package/@omniroute/opencode-plugin/src/logger.ts +74 -0
- package/@omniroute/opencode-plugin/src/naming.ts +301 -0
- package/@omniroute/opencode-plugin/tsconfig.json +20 -0
- package/@omniroute/opencode-plugin/tsup.config.ts +20 -0
- package/@omniroute/opencode-provider/LICENSE +21 -0
- package/@omniroute/opencode-provider/README.md +156 -0
- package/@omniroute/opencode-provider/package-lock.json +1514 -0
- package/@omniroute/opencode-provider/package.json +63 -0
- package/@omniroute/opencode-provider/src/index.ts +908 -0
- package/@omniroute/opencode-provider/tsconfig.json +20 -0
- package/@omniroute/opencode-provider/tsup.config.ts +18 -0
- package/LICENSE +22 -0
- package/README.md +1265 -0
- package/bin/_ops-common.sh +70 -0
- package/bin/cli/CONVENTIONS.md +224 -0
- package/bin/cli/README.md +146 -0
- package/bin/cli/api-commands/agent-skills.mjs +70 -0
- package/bin/cli/api-commands/agentbridge.mjs +155 -0
- package/bin/cli/api-commands/api-keys.mjs +42 -0
- package/bin/cli/api-commands/audio.mjs +40 -0
- package/bin/cli/api-commands/chat.mjs +58 -0
- package/bin/cli/api-commands/cli-tools.mjs +361 -0
- package/bin/cli/api-commands/cloud.mjs +81 -0
- package/bin/cli/api-commands/combos.mjs +69 -0
- package/bin/cli/api-commands/compression.mjs +128 -0
- package/bin/cli/api-commands/embedded-services.mjs +202 -0
- package/bin/cli/api-commands/embeddings.mjs +42 -0
- package/bin/cli/api-commands/fallback.mjs +49 -0
- package/bin/cli/api-commands/images.mjs +42 -0
- package/bin/cli/api-commands/memory.mjs +251 -0
- package/bin/cli/api-commands/messages.mjs +40 -0
- package/bin/cli/api-commands/models.mjs +89 -0
- package/bin/cli/api-commands/moderations.mjs +24 -0
- package/bin/cli/api-commands/oauth.mjs +114 -0
- package/bin/cli/api-commands/playground.mjs +83 -0
- package/bin/cli/api-commands/pricing.mjs +44 -0
- package/bin/cli/api-commands/provider-nodes.mjs +62 -0
- package/bin/cli/api-commands/providers.mjs +148 -0
- package/bin/cli/api-commands/quota.mjs +154 -0
- package/bin/cli/api-commands/registry.mjs +75 -0
- package/bin/cli/api-commands/rerank.mjs +24 -0
- package/bin/cli/api-commands/responses.mjs +24 -0
- package/bin/cli/api-commands/settings.mjs +228 -0
- package/bin/cli/api-commands/system.mjs +320 -0
- package/bin/cli/api-commands/telemetry.mjs +26 -0
- package/bin/cli/api-commands/traffic-inspector.mjs +307 -0
- package/bin/cli/api-commands/translator.mjs +65 -0
- package/bin/cli/api-commands/usage.mjs +117 -0
- package/bin/cli/api.mjs +269 -0
- package/bin/cli/commands/a2a.mjs +323 -0
- package/bin/cli/commands/audit.mjs +203 -0
- package/bin/cli/commands/autostart.mjs +57 -0
- package/bin/cli/commands/backup.mjs +469 -0
- package/bin/cli/commands/batches.mjs +235 -0
- package/bin/cli/commands/cache.mjs +102 -0
- package/bin/cli/commands/chat.mjs +162 -0
- package/bin/cli/commands/cloud.mjs +233 -0
- package/bin/cli/commands/combo.mjs +361 -0
- package/bin/cli/commands/completion.mjs +346 -0
- package/bin/cli/commands/compression.mjs +247 -0
- package/bin/cli/commands/config.mjs +351 -0
- package/bin/cli/commands/configure.mjs +180 -0
- package/bin/cli/commands/connect.mjs +132 -0
- package/bin/cli/commands/context-eng.mjs +182 -0
- package/bin/cli/commands/contexts.mjs +271 -0
- package/bin/cli/commands/cost.mjs +144 -0
- package/bin/cli/commands/dashboard.mjs +65 -0
- package/bin/cli/commands/doctor.mjs +527 -0
- package/bin/cli/commands/env.mjs +100 -0
- package/bin/cli/commands/eval.mjs +278 -0
- package/bin/cli/commands/files.mjs +144 -0
- package/bin/cli/commands/health.mjs +123 -0
- package/bin/cli/commands/keys.mjs +599 -0
- package/bin/cli/commands/launch-codex.mjs +201 -0
- package/bin/cli/commands/launch.mjs +155 -0
- package/bin/cli/commands/login.mjs +192 -0
- package/bin/cli/commands/logs.mjs +183 -0
- package/bin/cli/commands/mcp.mjs +273 -0
- package/bin/cli/commands/memory.mjs +244 -0
- package/bin/cli/commands/models.mjs +92 -0
- package/bin/cli/commands/nodes.mjs +177 -0
- package/bin/cli/commands/oauth.mjs +258 -0
- package/bin/cli/commands/oneproxy.mjs +120 -0
- package/bin/cli/commands/open.mjs +75 -0
- package/bin/cli/commands/openapi.mjs +168 -0
- package/bin/cli/commands/plugin.mjs +219 -0
- package/bin/cli/commands/policy.mjs +216 -0
- package/bin/cli/commands/pricing.mjs +123 -0
- package/bin/cli/commands/provider-cmd.mjs +18 -0
- package/bin/cli/commands/providers.mjs +706 -0
- package/bin/cli/commands/quota.mjs +100 -0
- package/bin/cli/commands/redis.mjs +294 -0
- package/bin/cli/commands/registry.mjs +162 -0
- package/bin/cli/commands/repl.mjs +19 -0
- package/bin/cli/commands/reset-encrypted-columns.mjs +88 -0
- package/bin/cli/commands/resilience.mjs +208 -0
- package/bin/cli/commands/restart.mjs +25 -0
- package/bin/cli/commands/runtime.mjs +98 -0
- package/bin/cli/commands/serve.mjs +426 -0
- package/bin/cli/commands/sessions.mjs +108 -0
- package/bin/cli/commands/setup-aider.mjs +146 -0
- package/bin/cli/commands/setup-claude.mjs +219 -0
- package/bin/cli/commands/setup-cline.mjs +160 -0
- package/bin/cli/commands/setup-codex.mjs +387 -0
- package/bin/cli/commands/setup-continue.mjs +173 -0
- package/bin/cli/commands/setup-crush.mjs +148 -0
- package/bin/cli/commands/setup-cursor.mjs +108 -0
- package/bin/cli/commands/setup-goose.mjs +150 -0
- package/bin/cli/commands/setup-kilo.mjs +178 -0
- package/bin/cli/commands/setup-open-code.mjs +398 -0
- package/bin/cli/commands/setup-opencode.mjs +129 -0
- package/bin/cli/commands/setup-qwen.mjs +156 -0
- package/bin/cli/commands/setup-roo.mjs +172 -0
- package/bin/cli/commands/setup.mjs +211 -0
- package/bin/cli/commands/simulate.mjs +125 -0
- package/bin/cli/commands/skills.mjs +373 -0
- package/bin/cli/commands/status.mjs +95 -0
- package/bin/cli/commands/stop.mjs +96 -0
- package/bin/cli/commands/stream.mjs +166 -0
- package/bin/cli/commands/sync.mjs +230 -0
- package/bin/cli/commands/tags.mjs +116 -0
- package/bin/cli/commands/telemetry.mjs +74 -0
- package/bin/cli/commands/test-provider.mjs +242 -0
- package/bin/cli/commands/tokens.mjs +118 -0
- package/bin/cli/commands/translator.mjs +131 -0
- package/bin/cli/commands/tray.mjs +36 -0
- package/bin/cli/commands/tunnel.mjs +347 -0
- package/bin/cli/commands/update.mjs +194 -0
- package/bin/cli/commands/usage.mjs +331 -0
- package/bin/cli/commands/webhooks.mjs +196 -0
- package/bin/cli/contexts.mjs +60 -0
- package/bin/cli/data-dir.mjs +59 -0
- package/bin/cli/encryption.mjs +67 -0
- package/bin/cli/i18n.mjs +106 -0
- package/bin/cli/io.mjs +83 -0
- package/bin/cli/locales/ar.json +32 -0
- package/bin/cli/locales/az.json +32 -0
- package/bin/cli/locales/bg.json +32 -0
- package/bin/cli/locales/bn.json +5 -0
- package/bin/cli/locales/cs.json +32 -0
- package/bin/cli/locales/da.json +32 -0
- package/bin/cli/locales/de.json +32 -0
- package/bin/cli/locales/en.json +1289 -0
- package/bin/cli/locales/es.json +32 -0
- package/bin/cli/locales/fa.json +32 -0
- package/bin/cli/locales/fi.json +32 -0
- package/bin/cli/locales/fr.json +32 -0
- package/bin/cli/locales/gu.json +5 -0
- package/bin/cli/locales/he.json +5 -0
- package/bin/cli/locales/hi.json +32 -0
- package/bin/cli/locales/hu.json +32 -0
- package/bin/cli/locales/id.json +32 -0
- package/bin/cli/locales/in.json +5 -0
- package/bin/cli/locales/it.json +32 -0
- package/bin/cli/locales/ja.json +32 -0
- package/bin/cli/locales/ko.json +32 -0
- package/bin/cli/locales/mr.json +5 -0
- package/bin/cli/locales/ms.json +5 -0
- package/bin/cli/locales/nl.json +32 -0
- package/bin/cli/locales/no.json +32 -0
- package/bin/cli/locales/phi.json +5 -0
- package/bin/cli/locales/pl.json +32 -0
- package/bin/cli/locales/pt-BR.json +1286 -0
- package/bin/cli/locales/pt.json +32 -0
- package/bin/cli/locales/ro.json +32 -0
- package/bin/cli/locales/ru.json +32 -0
- package/bin/cli/locales/sk.json +32 -0
- package/bin/cli/locales/sv.json +32 -0
- package/bin/cli/locales/sw.json +5 -0
- package/bin/cli/locales/ta.json +5 -0
- package/bin/cli/locales/te.json +5 -0
- package/bin/cli/locales/th.json +32 -0
- package/bin/cli/locales/tr.json +32 -0
- package/bin/cli/locales/uk-UA.json +32 -0
- package/bin/cli/locales/ur.json +5 -0
- package/bin/cli/locales/vi.json +32 -0
- package/bin/cli/locales/zh-CN.json +1262 -0
- package/bin/cli/output.mjs +200 -0
- package/bin/cli/plugins.mjs +90 -0
- package/bin/cli/program.mjs +40 -0
- package/bin/cli/provider-catalog.mjs +175 -0
- package/bin/cli/provider-store.mjs +312 -0
- package/bin/cli/provider-test.mjs +181 -0
- package/bin/cli/runtime/index.mjs +19 -0
- package/bin/cli/runtime/magicBytes.mjs +47 -0
- package/bin/cli/runtime/nativeDeps.mjs +137 -0
- package/bin/cli/runtime/processSupervisor.mjs +136 -0
- package/bin/cli/runtime/sqliteRuntime.mjs +129 -0
- package/bin/cli/runtime/supervisorPolicy.mjs +56 -0
- package/bin/cli/runtime/trayRuntime.ts +94 -0
- package/bin/cli/runtime.mjs +61 -0
- package/bin/cli/schemas/output-schemas.mjs +56 -0
- package/bin/cli/scripts/generate-locales.mjs +911 -0
- package/bin/cli/settings-store.mjs +45 -0
- package/bin/cli/spinner.mjs +30 -0
- package/bin/cli/sqlite.mjs +158 -0
- package/bin/cli/tray/autostart.mjs +410 -0
- package/bin/cli/tray/autostart.ts +18 -0
- package/bin/cli/tray/icon.png +0 -0
- package/bin/cli/tray/index.mjs +28 -0
- package/bin/cli/tray/tray.ps1 +99 -0
- package/bin/cli/tray/tray.ts +186 -0
- package/bin/cli/tray/traySystray.mjs +135 -0
- package/bin/cli/tray/trayWin.ts +91 -0
- package/bin/cli/tray/trayWindows.mjs +75 -0
- package/bin/cli/tui/Dashboard.jsx +70 -0
- package/bin/cli/tui/EvalWatch.jsx +171 -0
- package/bin/cli/tui/InterfaceMenu.jsx +55 -0
- package/bin/cli/tui/OAuthFlow.jsx +193 -0
- package/bin/cli/tui/ProvidersTestAll.jsx +190 -0
- package/bin/cli/tui/Repl.jsx +392 -0
- package/bin/cli/tui/session.mjs +54 -0
- package/bin/cli/tui/tabs/Combos.jsx +47 -0
- package/bin/cli/tui/tabs/Cost.jsx +52 -0
- package/bin/cli/tui/tabs/Health.jsx +53 -0
- package/bin/cli/tui/tabs/Keys.jsx +48 -0
- package/bin/cli/tui/tabs/Logs.jsx +60 -0
- package/bin/cli/tui/tabs/Overview.jsx +80 -0
- package/bin/cli/tui/tabs/Providers.jsx +48 -0
- package/bin/cli/tui-components/CodeBlock.jsx +15 -0
- package/bin/cli/tui-components/ConfirmDialog.jsx +40 -0
- package/bin/cli/tui-components/DataTable.jsx +50 -0
- package/bin/cli/tui-components/HeaderSwr.jsx +25 -0
- package/bin/cli/tui-components/KeyMaskedDisplay.jsx +12 -0
- package/bin/cli/tui-components/MarkdownView.jsx +13 -0
- package/bin/cli/tui-components/MenuSelect.jsx +38 -0
- package/bin/cli/tui-components/MultilineInput.jsx +18 -0
- package/bin/cli/tui-components/ProgressBar.jsx +15 -0
- package/bin/cli/tui-components/Sparkline.jsx +15 -0
- package/bin/cli/tui-components/StatusBadge.jsx +17 -0
- package/bin/cli/tui-components/TokenCounter.jsx +18 -0
- package/bin/cli/tui-components/theme.jsx +11 -0
- package/bin/cli/utils/cliToken.mjs +22 -0
- package/bin/cli/utils/clipboard.mjs +35 -0
- package/bin/cli/utils/environment.mjs +50 -0
- package/bin/cli/utils/pid.mjs +110 -0
- package/bin/cli/utils/storageKeyProvision.mjs +31 -0
- package/bin/cold-start-bench.sh +82 -0
- package/bin/mcp-server.mjs +71 -0
- package/bin/nodeRuntimeSupport.mjs +84 -0
- package/bin/omniroute.mjs +237 -0
- package/bin/reset-password.mjs +137 -0
- package/bin/restore-data.sh +64 -0
- package/bin/restore-policies.sh +77 -0
- package/bin/rollback.sh +102 -0
- package/bin/snapshot-data.sh +61 -0
- package/open-sse/config/agyModels.ts +157 -0
- package/open-sse/config/anthropicHeaders.ts +127 -0
- package/open-sse/config/antigravityModelAliases.ts +309 -0
- package/open-sse/config/antigravityUpstream.ts +20 -0
- package/open-sse/config/audioRegistry.ts +547 -0
- package/open-sse/config/azureAi.ts +49 -0
- package/open-sse/config/bedrock.ts +196 -0
- package/open-sse/config/cliFingerprints.ts +405 -0
- package/open-sse/config/codexClient.ts +49 -0
- package/open-sse/config/codexIdentity.ts +87 -0
- package/open-sse/config/codexInstructions.ts +122 -0
- package/open-sse/config/codexQuotaScopes.ts +87 -0
- package/open-sse/config/constants.ts +281 -0
- package/open-sse/config/contextEditing.ts +156 -0
- package/open-sse/config/credentialLoader.ts +123 -0
- package/open-sse/config/datarobot.ts +69 -0
- package/open-sse/config/defaultThinkingSignature.ts +8 -0
- package/open-sse/config/embeddingRegistry.ts +434 -0
- package/open-sse/config/errorConfig.ts +201 -0
- package/open-sse/config/freeModelCatalog.data.ts +467 -0
- package/open-sse/config/freeModelCatalog.ts +142 -0
- package/open-sse/config/freeTierCatalog.ts +101 -0
- package/open-sse/config/geminiRateLimits.json +34 -0
- package/open-sse/config/glmProvider.ts +488 -0
- package/open-sse/config/imageRegistry.ts +752 -0
- package/open-sse/config/maritalk.ts +18 -0
- package/open-sse/config/mediaServiceKinds.ts +70 -0
- package/open-sse/config/moderationRegistry.ts +89 -0
- package/open-sse/config/musicRegistry.ts +115 -0
- package/open-sse/config/oci.ts +44 -0
- package/open-sse/config/ocrRegistry.ts +82 -0
- package/open-sse/config/ollamaModels.ts +28 -0
- package/open-sse/config/providerErrorRules.ts +218 -0
- package/open-sse/config/providerFieldStrips.ts +42 -0
- package/open-sse/config/providerHeaderProfiles.ts +188 -0
- package/open-sse/config/providerModels.ts +199 -0
- package/open-sse/config/providerPluginManifest.ts +186 -0
- package/open-sse/config/providerPluginManifestRegistry.ts +31 -0
- package/open-sse/config/providerPluginManifestUrl.ts +26 -0
- package/open-sse/config/providerRegistry.ts +257 -0
- package/open-sse/config/providers/index.ts +377 -0
- package/open-sse/config/providers/registry/adapta-web/index.ts +20 -0
- package/open-sse/config/providers/registry/agentrouter/index.ts +24 -0
- package/open-sse/config/providers/registry/agy/index.ts +28 -0
- package/open-sse/config/providers/registry/ai21/index.ts +13 -0
- package/open-sse/config/providers/registry/aimlapi/index.ts +21 -0
- package/open-sse/config/providers/registry/alibaba/cn/index.ts +15 -0
- package/open-sse/config/providers/registry/alibaba/index.ts +15 -0
- package/open-sse/config/providers/registry/anthropic/index.ts +52 -0
- package/open-sse/config/providers/registry/antigravity/index.ts +28 -0
- package/open-sse/config/providers/registry/api-airforce/index.ts +57 -0
- package/open-sse/config/providers/registry/auggie/index.ts +38 -0
- package/open-sse/config/providers/registry/bai/index.ts +14 -0
- package/open-sse/config/providers/registry/baichuan/index.ts +20 -0
- package/open-sse/config/providers/registry/baidu/index.ts +31 -0
- package/open-sse/config/providers/registry/bailian-coding-plan/index.ts +27 -0
- package/open-sse/config/providers/registry/baseten/index.ts +13 -0
- package/open-sse/config/providers/registry/bazaarlink/index.ts +48 -0
- package/open-sse/config/providers/registry/bedrock/index.ts +49 -0
- package/open-sse/config/providers/registry/blackbox/index.ts +25 -0
- package/open-sse/config/providers/registry/blackbox/web/index.ts +19 -0
- package/open-sse/config/providers/registry/bluesminds/index.ts +39 -0
- package/open-sse/config/providers/registry/byteplus/index.ts +21 -0
- package/open-sse/config/providers/registry/bytez/index.ts +17 -0
- package/open-sse/config/providers/registry/cerebras/index.ts +16 -0
- package/open-sse/config/providers/registry/charm-hyper/index.ts +14 -0
- package/open-sse/config/providers/registry/chatgpt-web/index.ts +23 -0
- package/open-sse/config/providers/registry/chipotle/index.ts +14 -0
- package/open-sse/config/providers/registry/chutes/index.ts +12 -0
- package/open-sse/config/providers/registry/claude/index.ts +102 -0
- package/open-sse/config/providers/registry/claude/web/index.ts +16 -0
- package/open-sse/config/providers/registry/cline/index.ts +45 -0
- package/open-sse/config/providers/registry/clinepass/index.ts +47 -0
- package/open-sse/config/providers/registry/cloudflare-ai/index.ts +33 -0
- package/open-sse/config/providers/registry/codebuddy-cn/index.ts +151 -0
- package/open-sse/config/providers/registry/codestral/index.ts +13 -0
- package/open-sse/config/providers/registry/codex/index.ts +115 -0
- package/open-sse/config/providers/registry/cohere/index.ts +28 -0
- package/open-sse/config/providers/registry/command-code/index.ts +143 -0
- package/open-sse/config/providers/registry/copilot-m365-web/index.ts +12 -0
- package/open-sse/config/providers/registry/copilot-web/index.ts +16 -0
- package/open-sse/config/providers/registry/coze/index.ts +12 -0
- package/open-sse/config/providers/registry/crof/index.ts +38 -0
- package/open-sse/config/providers/registry/cursor/index.ts +111 -0
- package/open-sse/config/providers/registry/databricks/index.ts +13 -0
- package/open-sse/config/providers/registry/deepinfra/index.ts +13 -0
- package/open-sse/config/providers/registry/deepseek/index.ts +15 -0
- package/open-sse/config/providers/registry/deepseek/web/index.ts +35 -0
- package/open-sse/config/providers/registry/devin-cli/index.ts +68 -0
- package/open-sse/config/providers/registry/dgrid/index.ts +15 -0
- package/open-sse/config/providers/registry/dify/index.ts +12 -0
- package/open-sse/config/providers/registry/digitalocean/index.ts +11 -0
- package/open-sse/config/providers/registry/dit/index.ts +41 -0
- package/open-sse/config/providers/registry/doubao/index.ts +28 -0
- package/open-sse/config/providers/registry/doubao/web/index.ts +15 -0
- package/open-sse/config/providers/registry/duckduckgo-web/index.ts +19 -0
- package/open-sse/config/providers/registry/factory/index.ts +33 -0
- package/open-sse/config/providers/registry/featherless-ai/index.ts +13 -0
- package/open-sse/config/providers/registry/fireworks/index.ts +35 -0
- package/open-sse/config/providers/registry/freeaiapikey/index.ts +38 -0
- package/open-sse/config/providers/registry/freemodel-dev/index.ts +19 -0
- package/open-sse/config/providers/registry/friendliai/index.ts +16 -0
- package/open-sse/config/providers/registry/galadriel/index.ts +13 -0
- package/open-sse/config/providers/registry/gemini/index.ts +63 -0
- package/open-sse/config/providers/registry/gemini/web/index.ts +16 -0
- package/open-sse/config/providers/registry/gigachat/index.ts +13 -0
- package/open-sse/config/providers/registry/github/index.ts +161 -0
- package/open-sse/config/providers/registry/github/models/index.ts +38 -0
- package/open-sse/config/providers/registry/gitlab-duo/index.ts +29 -0
- package/open-sse/config/providers/registry/gitlawb/gmi/index.ts +19 -0
- package/open-sse/config/providers/registry/gitlawb/index.ts +18 -0
- package/open-sse/config/providers/registry/glhf/index.ts +12 -0
- package/open-sse/config/providers/registry/glm/cn/index.ts +17 -0
- package/open-sse/config/providers/registry/glm/index.ts +16 -0
- package/open-sse/config/providers/registry/glm/t/index.ts +16 -0
- package/open-sse/config/providers/registry/grok-cli/index.ts +32 -0
- package/open-sse/config/providers/registry/grok-web/index.ts +18 -0
- package/open-sse/config/providers/registry/groq/index.ts +25 -0
- package/open-sse/config/providers/registry/hackclub/index.ts +19 -0
- package/open-sse/config/providers/registry/haiper/index.ts +15 -0
- package/open-sse/config/providers/registry/hcnsec/index.ts +11 -0
- package/open-sse/config/providers/registry/heroku/index.ts +13 -0
- package/open-sse/config/providers/registry/huggingchat/index.ts +143 -0
- package/open-sse/config/providers/registry/huggingface/index.ts +20 -0
- package/open-sse/config/providers/registry/hyperbolic/index.ts +21 -0
- package/open-sse/config/providers/registry/ideogram/index.ts +15 -0
- package/open-sse/config/providers/registry/iflytek/index.ts +21 -0
- package/open-sse/config/providers/registry/inclusionai/index.ts +12 -0
- package/open-sse/config/providers/registry/inference-net/index.ts +13 -0
- package/open-sse/config/providers/registry/inner-ai/index.ts +43 -0
- package/open-sse/config/providers/registry/kenari/index.ts +14 -0
- package/open-sse/config/providers/registry/kie/index.ts +27 -0
- package/open-sse/config/providers/registry/kilo-gateway/index.ts +21 -0
- package/open-sse/config/providers/registry/kilocode/index.ts +43 -0
- package/open-sse/config/providers/registry/kimi/coding/index.ts +17 -0
- package/open-sse/config/providers/registry/kimi/coding-apikey/index.ts +9 -0
- package/open-sse/config/providers/registry/kimi/index.ts +17 -0
- package/open-sse/config/providers/registry/kimi/web/index.ts +27 -0
- package/open-sse/config/providers/registry/kiro/index.ts +50 -0
- package/open-sse/config/providers/registry/kluster/index.ts +12 -0
- package/open-sse/config/providers/registry/lambda-ai/index.ts +13 -0
- package/open-sse/config/providers/registry/leonardo/index.ts +15 -0
- package/open-sse/config/providers/registry/liquid/index.ts +12 -0
- package/open-sse/config/providers/registry/llamagate/index.ts +13 -0
- package/open-sse/config/providers/registry/llm7/index.ts +27 -0
- package/open-sse/config/providers/registry/longcat/index.ts +24 -0
- package/open-sse/config/providers/registry/maritalk/index.ts +13 -0
- package/open-sse/config/providers/registry/meta-llama/index.ts +13 -0
- package/open-sse/config/providers/registry/mimocode/index.ts +16 -0
- package/open-sse/config/providers/registry/minimax/cn/index.ts +24 -0
- package/open-sse/config/providers/registry/minimax/index.ts +24 -0
- package/open-sse/config/providers/registry/mistral/index.ts +18 -0
- package/open-sse/config/providers/registry/modal/index.ts +12 -0
- package/open-sse/config/providers/registry/modelscope/index.ts +24 -0
- package/open-sse/config/providers/registry/monsterapi/index.ts +17 -0
- package/open-sse/config/providers/registry/moonshot/index.ts +13 -0
- package/open-sse/config/providers/registry/morph/index.ts +13 -0
- package/open-sse/config/providers/registry/muse-spark-web/index.ts +24 -0
- package/open-sse/config/providers/registry/nanogpt/index.ts +13 -0
- package/open-sse/config/providers/registry/nebius/index.ts +9 -0
- package/open-sse/config/providers/registry/nlpcloud/index.ts +19 -0
- package/open-sse/config/providers/registry/nous-research/index.ts +15 -0
- package/open-sse/config/providers/registry/novita/index.ts +15 -0
- package/open-sse/config/providers/registry/nscale/index.ts +13 -0
- package/open-sse/config/providers/registry/nube/index.ts +17 -0
- package/open-sse/config/providers/registry/nvidia/index.ts +36 -0
- package/open-sse/config/providers/registry/ollama-cloud/index.ts +27 -0
- package/open-sse/config/providers/registry/openadapter/index.ts +25 -0
- package/open-sse/config/providers/registry/openai/index.ts +43 -0
- package/open-sse/config/providers/registry/opencode/go/index.ts +61 -0
- package/open-sse/config/providers/registry/opencode/index.ts +51 -0
- package/open-sse/config/providers/registry/opencode/zen/index.ts +98 -0
- package/open-sse/config/providers/registry/openrouter/index.ts +17 -0
- package/open-sse/config/providers/registry/orcarouter/index.ts +87 -0
- package/open-sse/config/providers/registry/ovhcloud/index.ts +13 -0
- package/open-sse/config/providers/registry/perplexity/index.ts +22 -0
- package/open-sse/config/providers/registry/perplexity/web/index.ts +23 -0
- package/open-sse/config/providers/registry/pioneer/index.ts +41 -0
- package/open-sse/config/providers/registry/pollinations/index.ts +51 -0
- package/open-sse/config/providers/registry/predibase/index.ts +13 -0
- package/open-sse/config/providers/registry/publicai/index.ts +13 -0
- package/open-sse/config/providers/registry/puter/index.ts +70 -0
- package/open-sse/config/providers/registry/qianfan/index.ts +18 -0
- package/open-sse/config/providers/registry/qiniu/index.ts +15 -0
- package/open-sse/config/providers/registry/qoder/index.ts +37 -0
- package/open-sse/config/providers/registry/qwen/index.ts +25 -0
- package/open-sse/config/providers/registry/qwen/web/index.ts +24 -0
- package/open-sse/config/providers/registry/reka/index.ts +18 -0
- package/open-sse/config/providers/registry/requesty/index.ts +11 -0
- package/open-sse/config/providers/registry/sambanova/index.ts +13 -0
- package/open-sse/config/providers/registry/scaleway/index.ts +20 -0
- package/open-sse/config/providers/registry/sensenova/index.ts +27 -0
- package/open-sse/config/providers/registry/siliconflow/index.ts +84 -0
- package/open-sse/config/providers/registry/snowflake/index.ts +13 -0
- package/open-sse/config/providers/registry/sparkdesk/index.ts +20 -0
- package/open-sse/config/providers/registry/stepfun/index.ts +20 -0
- package/open-sse/config/providers/registry/sumopod/index.ts +15 -0
- package/open-sse/config/providers/registry/suno/index.ts +18 -0
- package/open-sse/config/providers/registry/synthetic/index.ts +21 -0
- package/open-sse/config/providers/registry/t3-web/index.ts +45 -0
- package/open-sse/config/providers/registry/tencent/index.ts +25 -0
- package/open-sse/config/providers/registry/theoldllm/index.ts +51 -0
- package/open-sse/config/providers/registry/together/index.ts +20 -0
- package/open-sse/config/providers/registry/tokenrouter/index.ts +44 -0
- package/open-sse/config/providers/registry/trae/index.ts +24 -0
- package/open-sse/config/providers/registry/udio/index.ts +12 -0
- package/open-sse/config/providers/registry/uncloseai/index.ts +19 -0
- package/open-sse/config/providers/registry/upstage/index.ts +13 -0
- package/open-sse/config/providers/registry/v0-vercel/index.ts +13 -0
- package/open-sse/config/providers/registry/venice/index.ts +13 -0
- package/open-sse/config/providers/registry/veoaifree-web/index.ts +15 -0
- package/open-sse/config/providers/registry/vercel-ai-gateway/index.ts +13 -0
- package/open-sse/config/providers/registry/vertex/index.ts +33 -0
- package/open-sse/config/providers/registry/vertex/partner/index.ts +22 -0
- package/open-sse/config/providers/registry/volcengine/index.ts +13 -0
- package/open-sse/config/providers/registry/wafer/index.ts +19 -0
- package/open-sse/config/providers/registry/wandb/index.ts +13 -0
- package/open-sse/config/providers/registry/windsurf/index.ts +119 -0
- package/open-sse/config/providers/registry/x5lab/index.ts +15 -0
- package/open-sse/config/providers/registry/xai/index.ts +18 -0
- package/open-sse/config/providers/registry/xiaomi-mimo/index.ts +13 -0
- package/open-sse/config/providers/registry/yi/index.ts +12 -0
- package/open-sse/config/providers/registry/yuanbao-web/index.ts +37 -0
- package/open-sse/config/providers/registry/zai/index.ts +28 -0
- package/open-sse/config/providers/registry/zed-hosted/index.ts +35 -0
- package/open-sse/config/providers/registry/zenmux/index.ts +87 -0
- package/open-sse/config/providers/registry/zenmux-free/index.ts +40 -0
- package/open-sse/config/providers/shared.ts +766 -0
- package/open-sse/config/registryUtils.ts +134 -0
- package/open-sse/config/rerankRegistry.ts +196 -0
- package/open-sse/config/runway.ts +39 -0
- package/open-sse/config/sap.ts +58 -0
- package/open-sse/config/searchRegistry.ts +317 -0
- package/open-sse/config/toolCloaking.ts +253 -0
- package/open-sse/config/videoRegistry.ts +229 -0
- package/open-sse/config/watsonx.ts +43 -0
- package/open-sse/executors/adapta-web.ts +564 -0
- package/open-sse/executors/antigravity/sseCollect.ts +148 -0
- package/open-sse/executors/antigravity.ts +1716 -0
- package/open-sse/executors/antigravityUpstreamError.ts +25 -0
- package/open-sse/executors/auggie.ts +573 -0
- package/open-sse/executors/azure-openai.ts +48 -0
- package/open-sse/executors/base/headers.ts +93 -0
- package/open-sse/executors/base/reasoningEffort.ts +160 -0
- package/open-sse/executors/base.ts +1315 -0
- package/open-sse/executors/bedrock.ts +714 -0
- package/open-sse/executors/blackbox-web.ts +708 -0
- package/open-sse/executors/chatgpt-web/models.ts +133 -0
- package/open-sse/executors/chatgpt-web.ts +3107 -0
- package/open-sse/executors/chatgptWebErrors.ts +18 -0
- package/open-sse/executors/chatgptWebTools.ts +127 -0
- package/open-sse/executors/chipotle.ts +432 -0
- package/open-sse/executors/claude-web/payload.ts +230 -0
- package/open-sse/executors/claude-web-with-auto-refresh.ts +117 -0
- package/open-sse/executors/claude-web.ts +833 -0
- package/open-sse/executors/claudeIdentity.ts +445 -0
- package/open-sse/executors/cliproxyapi.ts +466 -0
- package/open-sse/executors/cloudflare-ai.ts +97 -0
- package/open-sse/executors/codebuddy-cn.ts +53 -0
- package/open-sse/executors/codex/quota.ts +114 -0
- package/open-sse/executors/codex/tools.ts +165 -0
- package/open-sse/executors/codex.ts +1270 -0
- package/open-sse/executors/commandCode.ts +716 -0
- package/open-sse/executors/copilot-m365-connection.ts +271 -0
- package/open-sse/executors/copilot-m365-frames.ts +279 -0
- package/open-sse/executors/copilot-m365-web.ts +341 -0
- package/open-sse/executors/copilot-web.ts +722 -0
- package/open-sse/executors/cursor/composer.ts +53 -0
- package/open-sse/executors/cursor/prompt.ts +75 -0
- package/open-sse/executors/cursor.ts +1465 -0
- package/open-sse/executors/deepseek-web/stream-format.ts +44 -0
- package/open-sse/executors/deepseek-web-with-auto-refresh.ts +184 -0
- package/open-sse/executors/deepseek-web.ts +1123 -0
- package/open-sse/executors/default/urlNormalizers.ts +64 -0
- package/open-sse/executors/default.ts +873 -0
- package/open-sse/executors/devin-cli.ts +470 -0
- package/open-sse/executors/doubao-web.ts +665 -0
- package/open-sse/executors/duckduckgo-web/challenge.ts +151 -0
- package/open-sse/executors/duckduckgo-web.ts +782 -0
- package/open-sse/executors/firecrawl-fetch.ts +177 -0
- package/open-sse/executors/forceResponsesUpstream.ts +60 -0
- package/open-sse/executors/gemini-business.ts +446 -0
- package/open-sse/executors/gemini-web.ts +413 -0
- package/open-sse/executors/github.ts +376 -0
- package/open-sse/executors/gitlab.ts +793 -0
- package/open-sse/executors/gitlabResponses.ts +191 -0
- package/open-sse/executors/glm.ts +520 -0
- package/open-sse/executors/grok-cli.ts +253 -0
- package/open-sse/executors/grok-web/native-tools.ts +182 -0
- package/open-sse/executors/grok-web/text-cleanup.ts +137 -0
- package/open-sse/executors/grok-web/tool-bridge.ts +666 -0
- package/open-sse/executors/grok-web/types.ts +47 -0
- package/open-sse/executors/grok-web.ts +883 -0
- package/open-sse/executors/huggingchat/jsonlStream.ts +221 -0
- package/open-sse/executors/huggingchat.ts +593 -0
- package/open-sse/executors/index.ts +232 -0
- package/open-sse/executors/inner-ai.ts +764 -0
- package/open-sse/executors/jina-reader-fetch.ts +119 -0
- package/open-sse/executors/kie.ts +109 -0
- package/open-sse/executors/kimi-web.ts +455 -0
- package/open-sse/executors/kimi.ts +133 -0
- package/open-sse/executors/kiro/eventstream.ts +192 -0
- package/open-sse/executors/kiro.ts +821 -0
- package/open-sse/executors/kiroThinking.ts +116 -0
- package/open-sse/executors/lmarena.ts +511 -0
- package/open-sse/executors/mimocode.ts +560 -0
- package/open-sse/executors/muse-spark-web/response-parser.ts +383 -0
- package/open-sse/executors/muse-spark-web.ts +928 -0
- package/open-sse/executors/ninerouter.ts +212 -0
- package/open-sse/executors/nlpcloud.ts +546 -0
- package/open-sse/executors/opencode.ts +336 -0
- package/open-sse/executors/perplexity-web/protocol.ts +503 -0
- package/open-sse/executors/perplexity-web.ts +545 -0
- package/open-sse/executors/poe-web.ts +158 -0
- package/open-sse/executors/pollinations.ts +119 -0
- package/open-sse/executors/puter.ts +59 -0
- package/open-sse/executors/qoder.ts +416 -0
- package/open-sse/executors/qwen-web.ts +474 -0
- package/open-sse/executors/t3-chat-web.ts +582 -0
- package/open-sse/executors/tavily-fetch.ts +103 -0
- package/open-sse/executors/theoldllm.ts +354 -0
- package/open-sse/executors/tinyfish-fetch.ts +131 -0
- package/open-sse/executors/trae.ts +481 -0
- package/open-sse/executors/v0-vercel-web.ts +164 -0
- package/open-sse/executors/venice-web.ts +165 -0
- package/open-sse/executors/veoaifree-web.ts +397 -0
- package/open-sse/executors/vertex.ts +208 -0
- package/open-sse/executors/vertexMedia.ts +341 -0
- package/open-sse/executors/windsurf.ts +706 -0
- package/open-sse/executors/xai.ts +94 -0
- package/open-sse/executors/yuanbao-web.ts +504 -0
- package/open-sse/executors/zed-hosted.ts +364 -0
- package/open-sse/executors/zenmux-free.ts +283 -0
- package/open-sse/handlers/audioSpeech.ts +1060 -0
- package/open-sse/handlers/audioTranscription.ts +554 -0
- package/open-sse/handlers/audioTranslation.ts +135 -0
- package/open-sse/handlers/chatCore/attemptLogging.ts +210 -0
- package/open-sse/handlers/chatCore/backgroundRedirect.ts +41 -0
- package/open-sse/handlers/chatCore/cacheUsageMeta.ts +65 -0
- package/open-sse/handlers/chatCore/cavemanOutputAnalytics.ts +47 -0
- package/open-sse/handlers/chatCore/claudeClassifierCompat.ts +99 -0
- package/open-sse/handlers/chatCore/claudeEffortVariant.ts +62 -0
- package/open-sse/handlers/chatCore/claudeMessageTypes.ts +15 -0
- package/open-sse/handlers/chatCore/claudeSystemRole.ts +48 -0
- package/open-sse/handlers/chatCore/claudeToolDefaults.ts +27 -0
- package/open-sse/handlers/chatCore/claudeUpstreamMessages.ts +143 -0
- package/open-sse/handlers/chatCore/clientUsageBuffer.ts +54 -0
- package/open-sse/handlers/chatCore/clineResponseEnvelope.ts +25 -0
- package/open-sse/handlers/chatCore/codexFailover.ts +41 -0
- package/open-sse/handlers/chatCore/codexQuota.ts +85 -0
- package/open-sse/handlers/chatCore/comboContextCache.ts +63 -0
- package/open-sse/handlers/chatCore/compressionAnalyticsWrite.ts +149 -0
- package/open-sse/handlers/chatCore/compressionCacheStats.ts +53 -0
- package/open-sse/handlers/chatCore/compressionComboPredicates.ts +41 -0
- package/open-sse/handlers/chatCore/compressionSettings.ts +35 -0
- package/open-sse/handlers/chatCore/compressionUsageReceipt.ts +27 -0
- package/open-sse/handlers/chatCore/contextEditingTelemetry.ts +40 -0
- package/open-sse/handlers/chatCore/cooldownClassification.ts +26 -0
- package/open-sse/handlers/chatCore/executionCredentials.ts +72 -0
- package/open-sse/handlers/chatCore/executorClientHeaders.ts +36 -0
- package/open-sse/handlers/chatCore/executorHelpers.ts +151 -0
- package/open-sse/handlers/chatCore/executorProxy.ts +117 -0
- package/open-sse/handlers/chatCore/failureUsage.ts +41 -0
- package/open-sse/handlers/chatCore/gamificationEvent.ts +28 -0
- package/open-sse/handlers/chatCore/headers.ts +65 -0
- package/open-sse/handlers/chatCore/idempotency.ts +65 -0
- package/open-sse/handlers/chatCore/jsonBodyToSse.ts +161 -0
- package/open-sse/handlers/chatCore/keyHealth.ts +113 -0
- package/open-sse/handlers/chatCore/logTruncation.ts +93 -0
- package/open-sse/handlers/chatCore/memoryExtraction.ts +131 -0
- package/open-sse/handlers/chatCore/memorySkillsInjection.ts +165 -0
- package/open-sse/handlers/chatCore/nonStreamingJsonResponse.ts +16 -0
- package/open-sse/handlers/chatCore/nonStreamingResponseBody.ts +155 -0
- package/open-sse/handlers/chatCore/nonStreamingResponseHeaders.ts +46 -0
- package/open-sse/handlers/chatCore/nonStreamingResponseParse.ts +135 -0
- package/open-sse/handlers/chatCore/nonStreamingSse.ts +171 -0
- package/open-sse/handlers/chatCore/nonStreamingUsageStats.ts +90 -0
- package/open-sse/handlers/chatCore/outputStyleTelemetry.ts +53 -0
- package/open-sse/handlers/chatCore/passthroughHelpers.ts +83 -0
- package/open-sse/handlers/chatCore/passthroughToolNames.ts +65 -0
- package/open-sse/handlers/chatCore/pluginOnRequest.ts +65 -0
- package/open-sse/handlers/chatCore/pluginOnResponse.ts +34 -0
- package/open-sse/handlers/chatCore/postCallGuardrailContext.ts +47 -0
- package/open-sse/handlers/chatCore/quotaShareConsumption.ts +41 -0
- package/open-sse/handlers/chatCore/requestFormat.ts +111 -0
- package/open-sse/handlers/chatCore/requestSetup.ts +51 -0
- package/open-sse/handlers/chatCore/responseHeaders.ts +138 -0
- package/open-sse/handlers/chatCore/sanitization.ts +63 -0
- package/open-sse/handlers/chatCore/semanticCache.ts +98 -0
- package/open-sse/handlers/chatCore/semanticCacheStore.ts +73 -0
- package/open-sse/handlers/chatCore/serviceTier.ts +70 -0
- package/open-sse/handlers/chatCore/skillsFormat.ts +33 -0
- package/open-sse/handlers/chatCore/stageTrace.ts +30 -0
- package/open-sse/handlers/chatCore/streamErrorResult.ts +58 -0
- package/open-sse/handlers/chatCore/streamFinalize.ts +48 -0
- package/open-sse/handlers/chatCore/streamingCost.ts +37 -0
- package/open-sse/handlers/chatCore/streamingPipeline.ts +99 -0
- package/open-sse/handlers/chatCore/streamingQuotaShare.ts +54 -0
- package/open-sse/handlers/chatCore/streamingResponseHeaders.ts +39 -0
- package/open-sse/handlers/chatCore/streamingSemanticCacheStore.ts +95 -0
- package/open-sse/handlers/chatCore/streamingUsageStats.ts +79 -0
- package/open-sse/handlers/chatCore/targetFormat.ts +34 -0
- package/open-sse/handlers/chatCore/telemetryHelpers.ts +78 -0
- package/open-sse/handlers/chatCore/upstreamBody.ts +168 -0
- package/open-sse/handlers/chatCore/upstreamExecuteHeaders.ts +71 -0
- package/open-sse/handlers/chatCore/upstreamTimeouts.ts +158 -0
- package/open-sse/handlers/chatCore.ts +4452 -0
- package/open-sse/handlers/embeddings.ts +378 -0
- package/open-sse/handlers/imageGeneration/providers/chatgptWeb.ts +187 -0
- package/open-sse/handlers/imageGeneration/providers/comfyUI.ts +116 -0
- package/open-sse/handlers/imageGeneration/providers/haiper.ts +120 -0
- package/open-sse/handlers/imageGeneration/providers/huggingface.ts +90 -0
- package/open-sse/handlers/imageGeneration/providers/hyperbolic.ts +100 -0
- package/open-sse/handlers/imageGeneration/providers/ideogram.ts +96 -0
- package/open-sse/handlers/imageGeneration/providers/imagen3.ts +136 -0
- package/open-sse/handlers/imageGeneration/providers/leonardo.ts +140 -0
- package/open-sse/handlers/imageGeneration/providers/nvidiaNim.ts +286 -0
- package/open-sse/handlers/imageGeneration/providers/sdWebUI.ts +94 -0
- package/open-sse/handlers/imageGeneration.ts +2880 -0
- package/open-sse/handlers/moderations.ts +82 -0
- package/open-sse/handlers/musicGeneration.ts +640 -0
- package/open-sse/handlers/ocr.ts +79 -0
- package/open-sse/handlers/rerank.ts +210 -0
- package/open-sse/handlers/responseSanitizer/reasoning.ts +149 -0
- package/open-sse/handlers/responseSanitizer.ts +1086 -0
- package/open-sse/handlers/responseTranslator.ts +640 -0
- package/open-sse/handlers/responsesHandler.ts +92 -0
- package/open-sse/handlers/search.ts +1545 -0
- package/open-sse/handlers/sseParser.ts +825 -0
- package/open-sse/handlers/usageExtractor.ts +93 -0
- package/open-sse/handlers/videoGeneration/googleFlow.ts +219 -0
- package/open-sse/handlers/videoGeneration/googleFlowHandler.ts +145 -0
- package/open-sse/handlers/videoGeneration.ts +1264 -0
- package/open-sse/handlers/webFetch.ts +130 -0
- package/open-sse/index.ts +170 -0
- package/open-sse/lib/deepseek-pow-solver.cjs +3 -0
- package/open-sse/lib/deepseek-pow.ts +189 -0
- package/open-sse/lib/sha3_wasm_bg.wasm +0 -0
- package/open-sse/mcp-server/README.md +611 -0
- package/open-sse/mcp-server/audit.ts +478 -0
- package/open-sse/mcp-server/catalog.ts +290 -0
- package/open-sse/mcp-server/descriptionCompressor.ts +243 -0
- package/open-sse/mcp-server/httpAuthContext.ts +42 -0
- package/open-sse/mcp-server/httpTransport.ts +306 -0
- package/open-sse/mcp-server/index.ts +19 -0
- package/open-sse/mcp-server/mcpCallerIdentity.ts +53 -0
- package/open-sse/mcp-server/runtimeHeartbeat.ts +162 -0
- package/open-sse/mcp-server/schemas/a2a.ts +203 -0
- package/open-sse/mcp-server/schemas/audit.ts +121 -0
- package/open-sse/mcp-server/schemas/index.ts +116 -0
- package/open-sse/mcp-server/schemas/pickFastestModel.ts +110 -0
- package/open-sse/mcp-server/schemas/toolDefinition.ts +31 -0
- package/open-sse/mcp-server/schemas/toolSearch.ts +37 -0
- package/open-sse/mcp-server/schemas/tools.ts +1481 -0
- package/open-sse/mcp-server/scopeEnforcement.ts +135 -0
- package/open-sse/mcp-server/server.ts +1370 -0
- package/open-sse/mcp-server/toolCardinality.ts +254 -0
- package/open-sse/mcp-server/toolSearch/catalog.ts +98 -0
- package/open-sse/mcp-server/toolSearch/handler.ts +18 -0
- package/open-sse/mcp-server/toolSearch/index.ts +5 -0
- package/open-sse/mcp-server/toolSearch/register.ts +36 -0
- package/open-sse/mcp-server/toolSearch/search.ts +96 -0
- package/open-sse/mcp-server/toolSearch/signature.ts +92 -0
- package/open-sse/mcp-server/tools/advancedTools.ts +1119 -0
- package/open-sse/mcp-server/tools/agentSkillTools.ts +83 -0
- package/open-sse/mcp-server/tools/compressionTools.ts +451 -0
- package/open-sse/mcp-server/tools/gamificationTools.ts +148 -0
- package/open-sse/mcp-server/tools/githubSkillTools.ts +141 -0
- package/open-sse/mcp-server/tools/memoryTools.ts +137 -0
- package/open-sse/mcp-server/tools/notionTools.ts +106 -0
- package/open-sse/mcp-server/tools/obsidianTools.ts +327 -0
- package/open-sse/mcp-server/tools/pickFastestModel.ts +293 -0
- package/open-sse/mcp-server/tools/pluginTools.ts +216 -0
- package/open-sse/mcp-server/tools/poolTools.ts +205 -0
- package/open-sse/mcp-server/tools/skillTools.ts +119 -0
- package/open-sse/package.json +17 -0
- package/open-sse/services/AGENTS.md +78 -0
- package/open-sse/services/accountFallback.ts +1863 -0
- package/open-sse/services/accountSelector.ts +80 -0
- package/open-sse/services/accountSemaphore.ts +367 -0
- package/open-sse/services/antigravity429Engine.ts +178 -0
- package/open-sse/services/antigravityClientProfile.ts +167 -0
- package/open-sse/services/antigravityCredits.ts +68 -0
- package/open-sse/services/antigravityHeaderScrub.ts +75 -0
- package/open-sse/services/antigravityHeaders.ts +121 -0
- package/open-sse/services/antigravityIdentity.ts +127 -0
- package/open-sse/services/antigravityObfuscation.ts +64 -0
- package/open-sse/services/antigravityProjectBootstrap.ts +145 -0
- package/open-sse/services/antigravityQuotaFamily.ts +56 -0
- package/open-sse/services/antigravityVersion.ts +163 -0
- package/open-sse/services/apiKeyRotator.ts +385 -0
- package/open-sse/services/autoCombo/autoPrefix.ts +61 -0
- package/open-sse/services/autoCombo/builtinCatalog.ts +126 -0
- package/open-sse/services/autoCombo/complexityRouter.ts +111 -0
- package/open-sse/services/autoCombo/engine.ts +314 -0
- package/open-sse/services/autoCombo/index.ts +18 -0
- package/open-sse/services/autoCombo/modePacks.ts +105 -0
- package/open-sse/services/autoCombo/modelFamily.ts +95 -0
- package/open-sse/services/autoCombo/paidModelFilter.ts +44 -0
- package/open-sse/services/autoCombo/persistence.ts +124 -0
- package/open-sse/services/autoCombo/pipelineRouter.ts +418 -0
- package/open-sse/services/autoCombo/providerDiversity.ts +170 -0
- package/open-sse/services/autoCombo/providerRegistryAccessor.ts +9 -0
- package/open-sse/services/autoCombo/requestControls.ts +80 -0
- package/open-sse/services/autoCombo/routerStrategy.ts +375 -0
- package/open-sse/services/autoCombo/scoring.ts +242 -0
- package/open-sse/services/autoCombo/selfHealing.ts +167 -0
- package/open-sse/services/autoCombo/speedRanking.ts +327 -0
- package/open-sse/services/autoCombo/suffixComposition.ts +147 -0
- package/open-sse/services/autoCombo/taskFitness.ts +407 -0
- package/open-sse/services/autoCombo/virtualFactory.ts +446 -0
- package/open-sse/services/autoRefreshDaemon.ts +206 -0
- package/open-sse/services/backgroundTaskDetector.ts +263 -0
- package/open-sse/services/bailianQuotaFetcher.ts +333 -0
- package/open-sse/services/batchProcessor.ts +914 -0
- package/open-sse/services/bedrock.ts +160 -0
- package/open-sse/services/browserBackedChat.ts +849 -0
- package/open-sse/services/browserPool.ts +501 -0
- package/open-sse/services/ccBridgeTransforms.ts +581 -0
- package/open-sse/services/ccWireImageBuiltins.ts +26 -0
- package/open-sse/services/chatgptImageCache.ts +143 -0
- package/open-sse/services/chatgptTlsClient.ts +628 -0
- package/open-sse/services/claudeAdaptiveThinking.ts +52 -0
- package/open-sse/services/claudeCodeCCH.ts +49 -0
- package/open-sse/services/claudeCodeCompatible.ts +1198 -0
- package/open-sse/services/claudeCodeCompatibleBeta.ts +23 -0
- package/open-sse/services/claudeCodeCompatibleThinkingDisplay.ts +34 -0
- package/open-sse/services/claudeCodeConstraints.ts +144 -0
- package/open-sse/services/claudeCodeExtraRemap.ts +18 -0
- package/open-sse/services/claudeCodeFingerprint.ts +46 -0
- package/open-sse/services/claudeCodeObfuscation.ts +116 -0
- package/open-sse/services/claudeCodeToolRemapper.ts +339 -0
- package/open-sse/services/claudeHaikuConstraints.ts +88 -0
- package/open-sse/services/claudeTlsClient.ts +590 -0
- package/open-sse/services/claudeTurnstileSolver.ts +206 -0
- package/open-sse/services/claudeUsageCooldown.ts +51 -0
- package/open-sse/services/claudeWebAutoRefresh.ts +224 -0
- package/open-sse/services/clinepassModels.ts +76 -0
- package/open-sse/services/cloudCodeHeaders.ts +41 -0
- package/open-sse/services/cloudCodeThinking.ts +71 -0
- package/open-sse/services/codeAssistSubscription.ts +83 -0
- package/open-sse/services/codexQuotaFetcher.ts +523 -0
- package/open-sse/services/codexUsageQuotas.ts +270 -0
- package/open-sse/services/codexVerbosity.ts +59 -0
- package/open-sse/services/combo/applyStrategyOrdering.ts +226 -0
- package/open-sse/services/combo/autoConfig.ts +62 -0
- package/open-sse/services/combo/autoStrategy.ts +475 -0
- package/open-sse/services/combo/comboCompatFallback.ts +82 -0
- package/open-sse/services/combo/comboCooldownRetry.ts +237 -0
- package/open-sse/services/combo/comboData.ts +24 -0
- package/open-sse/services/combo/comboPredicates.ts +211 -0
- package/open-sse/services/combo/comboSetup.ts +135 -0
- package/open-sse/services/combo/comboStructure.ts +766 -0
- package/open-sse/services/combo/concurrencyCaps.ts +76 -0
- package/open-sse/services/combo/context.ts +46 -0
- package/open-sse/services/combo/fingerprintExpansion.ts +105 -0
- package/open-sse/services/combo/headroomRanking.ts +91 -0
- package/open-sse/services/combo/providerWildcard.ts +253 -0
- package/open-sse/services/combo/quotaExhaustionCutoff.ts +140 -0
- package/open-sse/services/combo/quotaScoring.ts +311 -0
- package/open-sse/services/combo/quotaShareConcurrency.ts +74 -0
- package/open-sse/services/combo/quotaShareInflight.ts +133 -0
- package/open-sse/services/combo/quotaShareStrategy.ts +349 -0
- package/open-sse/services/combo/quotaStrategies.ts +647 -0
- package/open-sse/services/combo/resolveAutoStrategy.ts +334 -0
- package/open-sse/services/combo/responseValidation.ts +206 -0
- package/open-sse/services/combo/rrState.ts +98 -0
- package/open-sse/services/combo/runtimeUnits.ts +269 -0
- package/open-sse/services/combo/sessionStickiness.ts +301 -0
- package/open-sse/services/combo/shadowRouting.ts +179 -0
- package/open-sse/services/combo/targetExhaustion.ts +160 -0
- package/open-sse/services/combo/targetSorters.ts +174 -0
- package/open-sse/services/combo/targetTimeoutRunner.ts +91 -0
- package/open-sse/services/combo/types.ts +175 -0
- package/open-sse/services/combo/validateQuality.ts +445 -0
- package/open-sse/services/combo.ts +3085 -0
- package/open-sse/services/comboAgentMiddleware.ts +214 -0
- package/open-sse/services/comboConfig.ts +248 -0
- package/open-sse/services/comboManifestMetrics.ts +13 -0
- package/open-sse/services/comboMetrics.ts +480 -0
- package/open-sse/services/compression/adaptiveCompression/computeTarget.ts +31 -0
- package/open-sse/services/compression/adaptiveCompression/ladder.ts +59 -0
- package/open-sse/services/compression/adaptiveCompression/resolveAdaptivePlan.ts +104 -0
- package/open-sse/services/compression/adaptiveCompression/types.ts +61 -0
- package/open-sse/services/compression/aggressive.ts +204 -0
- package/open-sse/services/compression/bodyAdapter.ts +354 -0
- package/open-sse/services/compression/cacheAwareConfig.ts +60 -0
- package/open-sse/services/compression/cachingAware.ts +130 -0
- package/open-sse/services/compression/caveman.ts +602 -0
- package/open-sse/services/compression/cavemanRules.ts +432 -0
- package/open-sse/services/compression/deriveDefaultPlan.ts +59 -0
- package/open-sse/services/compression/diffHelper.ts +219 -0
- package/open-sse/services/compression/engineBreakdown.ts +29 -0
- package/open-sse/services/compression/engineCatalog.ts +91 -0
- package/open-sse/services/compression/engines/cavemanAdapter.ts +454 -0
- package/open-sse/services/compression/engines/ccr/ccrQuery.ts +110 -0
- package/open-sse/services/compression/engines/ccr/index.ts +460 -0
- package/open-sse/services/compression/engines/headroom/encoderComparison.ts +72 -0
- package/open-sse/services/compression/engines/headroom/gcf/decode_generic.ts +711 -0
- package/open-sse/services/compression/engines/headroom/gcf/generic.ts +332 -0
- package/open-sse/services/compression/engines/headroom/gcf/index.ts +9 -0
- package/open-sse/services/compression/engines/headroom/gcf/scalar.ts +336 -0
- package/open-sse/services/compression/engines/headroom/index.ts +286 -0
- package/open-sse/services/compression/engines/headroom/smartcrusher.ts +255 -0
- package/open-sse/services/compression/engines/headroom/tabular.ts +263 -0
- package/open-sse/services/compression/engines/headroom/toon.ts +43 -0
- package/open-sse/services/compression/engines/index.ts +42 -0
- package/open-sse/services/compression/engines/ionizer/index.ts +124 -0
- package/open-sse/services/compression/engines/ionizer/sample.ts +200 -0
- package/open-sse/services/compression/engines/llm/index.ts +346 -0
- package/open-sse/services/compression/engines/llmlingua/constants.ts +55 -0
- package/open-sse/services/compression/engines/llmlingua/index.ts +474 -0
- package/open-sse/services/compression/engines/llmlingua/modelStore.ts +67 -0
- package/open-sse/services/compression/engines/llmlingua/onnxWorker.ts +117 -0
- package/open-sse/services/compression/engines/llmlingua/ultraEntry.ts +109 -0
- package/open-sse/services/compression/engines/llmlingua/worker.ts +373 -0
- package/open-sse/services/compression/engines/mcpAccessibility/collapseRepeated.ts +121 -0
- package/open-sse/services/compression/engines/mcpAccessibility/constants.ts +63 -0
- package/open-sse/services/compression/engines/mcpAccessibility/index.ts +52 -0
- package/open-sse/services/compression/engines/readLifecycle/index.ts +299 -0
- package/open-sse/services/compression/engines/registry.ts +87 -0
- package/open-sse/services/compression/engines/relevance/configSchema.ts +63 -0
- package/open-sse/services/compression/engines/relevance/index.ts +185 -0
- package/open-sse/services/compression/engines/relevance/scorer.ts +85 -0
- package/open-sse/services/compression/engines/rtk/codeStripper.ts +145 -0
- package/open-sse/services/compression/engines/rtk/commandDetector.ts +482 -0
- package/open-sse/services/compression/engines/rtk/configSchema.ts +117 -0
- package/open-sse/services/compression/engines/rtk/deduplicator.ts +37 -0
- package/open-sse/services/compression/engines/rtk/discover.ts +150 -0
- package/open-sse/services/compression/engines/rtk/filterLoader.ts +245 -0
- package/open-sse/services/compression/engines/rtk/filterSchema.ts +207 -0
- package/open-sse/services/compression/engines/rtk/filters/aws.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/biome.json +35 -0
- package/open-sse/services/compression/engines/rtk/filters/build-eslint.json +37 -0
- package/open-sse/services/compression/engines/rtk/filters/build-typescript.json +33 -0
- package/open-sse/services/compression/engines/rtk/filters/build-vite.json +41 -0
- package/open-sse/services/compression/engines/rtk/filters/build-webpack.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/bundle-install.json +35 -0
- package/open-sse/services/compression/engines/rtk/filters/composer.json +81 -0
- package/open-sse/services/compression/engines/rtk/filters/curl.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/df.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/docker-build.json +78 -0
- package/open-sse/services/compression/engines/rtk/filters/docker-logs.json +42 -0
- package/open-sse/services/compression/engines/rtk/filters/docker-ps.json +33 -0
- package/open-sse/services/compression/engines/rtk/filters/dotnet.json +47 -0
- package/open-sse/services/compression/engines/rtk/filters/du.json +33 -0
- package/open-sse/services/compression/engines/rtk/filters/error-stacktrace.json +41 -0
- package/open-sse/services/compression/engines/rtk/filters/gcloud.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/generic-output.json +32 -0
- package/open-sse/services/compression/engines/rtk/filters/gh.json +98 -0
- package/open-sse/services/compression/engines/rtk/filters/git-branch.json +45 -0
- package/open-sse/services/compression/engines/rtk/filters/git-diff.json +33 -0
- package/open-sse/services/compression/engines/rtk/filters/git-log.json +33 -0
- package/open-sse/services/compression/engines/rtk/filters/git-status.json +40 -0
- package/open-sse/services/compression/engines/rtk/filters/golangci-lint.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/gradle.json +47 -0
- package/open-sse/services/compression/engines/rtk/filters/json-output.json +40 -0
- package/open-sse/services/compression/engines/rtk/filters/kubectl.json +99 -0
- package/open-sse/services/compression/engines/rtk/filters/make.json +38 -0
- package/open-sse/services/compression/engines/rtk/filters/mypy.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/npm-audit.json +43 -0
- package/open-sse/services/compression/engines/rtk/filters/npm-install.json +41 -0
- package/open-sse/services/compression/engines/rtk/filters/nx.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/pip.json +41 -0
- package/open-sse/services/compression/engines/rtk/filters/playwright.json +42 -0
- package/open-sse/services/compression/engines/rtk/filters/poetry-install.json +35 -0
- package/open-sse/services/compression/engines/rtk/filters/prettier.json +40 -0
- package/open-sse/services/compression/engines/rtk/filters/ps.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/rsync.json +33 -0
- package/open-sse/services/compression/engines/rtk/filters/rubocop.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/ruff.json +40 -0
- package/open-sse/services/compression/engines/rtk/filters/shell-find.json +33 -0
- package/open-sse/services/compression/engines/rtk/filters/shell-grep.json +37 -0
- package/open-sse/services/compression/engines/rtk/filters/shell-ls.json +33 -0
- package/open-sse/services/compression/engines/rtk/filters/ssh.json +43 -0
- package/open-sse/services/compression/engines/rtk/filters/systemctl-status.json +43 -0
- package/open-sse/services/compression/engines/rtk/filters/terraform-plan.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/test-cargo.json +42 -0
- package/open-sse/services/compression/engines/rtk/filters/test-go.json +41 -0
- package/open-sse/services/compression/engines/rtk/filters/test-jest.json +43 -0
- package/open-sse/services/compression/engines/rtk/filters/test-pytest.json +41 -0
- package/open-sse/services/compression/engines/rtk/filters/test-vitest.json +43 -0
- package/open-sse/services/compression/engines/rtk/filters/tofu-plan.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/turbo.json +34 -0
- package/open-sse/services/compression/engines/rtk/filters/uv-sync.json +35 -0
- package/open-sse/services/compression/engines/rtk/filters/wget.json +34 -0
- package/open-sse/services/compression/engines/rtk/grouper.ts +99 -0
- package/open-sse/services/compression/engines/rtk/index.ts +706 -0
- package/open-sse/services/compression/engines/rtk/learn.ts +290 -0
- package/open-sse/services/compression/engines/rtk/lineFilter.ts +178 -0
- package/open-sse/services/compression/engines/rtk/rawOutput.ts +208 -0
- package/open-sse/services/compression/engines/rtk/renderers/gitDiff.ts +39 -0
- package/open-sse/services/compression/engines/rtk/renderers/index.ts +50 -0
- package/open-sse/services/compression/engines/rtk/renderers/structuredTable.ts +96 -0
- package/open-sse/services/compression/engines/rtk/renderers/terraformPlan.ts +40 -0
- package/open-sse/services/compression/engines/rtk/renderers/testGreen.ts +70 -0
- package/open-sse/services/compression/engines/rtk/renderers/types.ts +13 -0
- package/open-sse/services/compression/engines/rtk/smartTruncate.ts +67 -0
- package/open-sse/services/compression/engines/rtk/splitCompositeCommand.ts +111 -0
- package/open-sse/services/compression/engines/rtk/verify.ts +107 -0
- package/open-sse/services/compression/engines/session-dedup/fuzzy.ts +153 -0
- package/open-sse/services/compression/engines/session-dedup/index.ts +435 -0
- package/open-sse/services/compression/engines/types.ts +77 -0
- package/open-sse/services/compression/entrypointWrap.ts +43 -0
- package/open-sse/services/compression/eval/aggregate.ts +62 -0
- package/open-sse/services/compression/eval/corpus.ts +45 -0
- package/open-sse/services/compression/eval/costMeter.ts +31 -0
- package/open-sse/services/compression/eval/executorModelClient.ts +44 -0
- package/open-sse/services/compression/eval/fidelityCheck.ts +61 -0
- package/open-sse/services/compression/eval/grader.ts +27 -0
- package/open-sse/services/compression/eval/judge.ts +68 -0
- package/open-sse/services/compression/eval/report.ts +44 -0
- package/open-sse/services/compression/eval/runner.ts +135 -0
- package/open-sse/services/compression/eval/savings.ts +30 -0
- package/open-sse/services/compression/eval/seedCorpus.ts +60 -0
- package/open-sse/services/compression/eval/types.ts +65 -0
- package/open-sse/services/compression/fidelityGate.ts +124 -0
- package/open-sse/services/compression/fidelityGateStep.ts +44 -0
- package/open-sse/services/compression/hardBudget.ts +196 -0
- package/open-sse/services/compression/harness/benchmark.ts +318 -0
- package/open-sse/services/compression/harness/budgetGate.ts +62 -0
- package/open-sse/services/compression/harness/index.ts +52 -0
- package/open-sse/services/compression/harness/measure.ts +98 -0
- package/open-sse/services/compression/harness/replay.ts +72 -0
- package/open-sse/services/compression/harness/runner.ts +58 -0
- package/open-sse/services/compression/index.ts +165 -0
- package/open-sse/services/compression/languageDetector.ts +51 -0
- package/open-sse/services/compression/lite.ts +241 -0
- package/open-sse/services/compression/messageContent.ts +89 -0
- package/open-sse/services/compression/outputMode.ts +175 -0
- package/open-sse/services/compression/outputStyles/apply.ts +135 -0
- package/open-sse/services/compression/outputStyles/backCompat.ts +29 -0
- package/open-sse/services/compression/outputStyles/catalog.ts +76 -0
- package/open-sse/services/compression/outputStyles/telemetry.ts +50 -0
- package/open-sse/services/compression/pipelineEngineBreaker.ts +139 -0
- package/open-sse/services/compression/pipelineGuards.ts +45 -0
- package/open-sse/services/compression/planResolution.ts +128 -0
- package/open-sse/services/compression/prefixFreeze.ts +124 -0
- package/open-sse/services/compression/preservation.ts +0 -0
- package/open-sse/services/compression/preserveSystemPromptMode.ts +72 -0
- package/open-sse/services/compression/progressiveAging.ts +145 -0
- package/open-sse/services/compression/quantumLock/index.ts +17 -0
- package/open-sse/services/compression/quantumLock/quantumLock.ts +58 -0
- package/open-sse/services/compression/quantumLock/quantumLockStep.ts +72 -0
- package/open-sse/services/compression/quantumLock/quantumPatterns.ts +80 -0
- package/open-sse/services/compression/quantumLock/strategyWrap.ts +72 -0
- package/open-sse/services/compression/resolveCompressionPlan.ts +28 -0
- package/open-sse/services/compression/resultMemo.ts +83 -0
- package/open-sse/services/compression/riskGate/index.ts +3 -0
- package/open-sse/services/compression/riskGate/riskGate.ts +136 -0
- package/open-sse/services/compression/riskGate/riskGateStep.ts +115 -0
- package/open-sse/services/compression/riskGate/riskPatterns.ts +61 -0
- package/open-sse/services/compression/riskGate/strategyWrap.ts +44 -0
- package/open-sse/services/compression/ruleLoader.ts +273 -0
- package/open-sse/services/compression/rules/_schema.json +31 -0
- package/open-sse/services/compression/rules/de/context.json +38 -0
- package/open-sse/services/compression/rules/de/dedup.json +38 -0
- package/open-sse/services/compression/rules/de/filler.json +70 -0
- package/open-sse/services/compression/rules/de/structural.json +30 -0
- package/open-sse/services/compression/rules/de/ultra.json +107 -0
- package/open-sse/services/compression/rules/en/context.json +88 -0
- package/open-sse/services/compression/rules/en/dedup.json +38 -0
- package/open-sse/services/compression/rules/en/filler.json +129 -0
- package/open-sse/services/compression/rules/en/structural.json +102 -0
- package/open-sse/services/compression/rules/en/ultra.json +107 -0
- package/open-sse/services/compression/rules/es/context.json +87 -0
- package/open-sse/services/compression/rules/es/dedup.json +38 -0
- package/open-sse/services/compression/rules/es/filler.json +110 -0
- package/open-sse/services/compression/rules/es/structural.json +105 -0
- package/open-sse/services/compression/rules/es/ultra.json +107 -0
- package/open-sse/services/compression/rules/fr/context.json +38 -0
- package/open-sse/services/compression/rules/fr/dedup.json +38 -0
- package/open-sse/services/compression/rules/fr/filler.json +70 -0
- package/open-sse/services/compression/rules/fr/structural.json +30 -0
- package/open-sse/services/compression/rules/fr/ultra.json +107 -0
- package/open-sse/services/compression/rules/id/context.json +113 -0
- package/open-sse/services/compression/rules/id/dedup.json +38 -0
- package/open-sse/services/compression/rules/id/filler.json +138 -0
- package/open-sse/services/compression/rules/id/structural.json +111 -0
- package/open-sse/services/compression/rules/id/ultra.json +252 -0
- package/open-sse/services/compression/rules/ja/context.json +38 -0
- package/open-sse/services/compression/rules/ja/dedup.json +38 -0
- package/open-sse/services/compression/rules/ja/filler.json +70 -0
- package/open-sse/services/compression/rules/ja/structural.json +30 -0
- package/open-sse/services/compression/rules/ja/ultra.json +86 -0
- package/open-sse/services/compression/rules/pt-BR/context.json +69 -0
- package/open-sse/services/compression/rules/pt-BR/dedup.json +51 -0
- package/open-sse/services/compression/rules/pt-BR/filler.json +151 -0
- package/open-sse/services/compression/rules/pt-BR/structural.json +78 -0
- package/open-sse/services/compression/rules/pt-BR/ultra.json +192 -0
- package/open-sse/services/compression/rules/zh/dedup.json +38 -0
- package/open-sse/services/compression/rules/zh/filler.json +54 -0
- package/open-sse/services/compression/rules/zh/ultra.json +55 -0
- package/open-sse/services/compression/stackedStepCore.ts +87 -0
- package/open-sse/services/compression/stats.ts +59 -0
- package/open-sse/services/compression/strategySelector.ts +1007 -0
- package/open-sse/services/compression/summarizer.ts +244 -0
- package/open-sse/services/compression/toolResultCompressor.ts +283 -0
- package/open-sse/services/compression/types.ts +479 -0
- package/open-sse/services/compression/ultra.ts +321 -0
- package/open-sse/services/compression/ultraHeuristic.ts +157 -0
- package/open-sse/services/compression/validation.ts +432 -0
- package/open-sse/services/contextHandoff.ts +770 -0
- package/open-sse/services/contextManager.ts +617 -0
- package/open-sse/services/credentialGate.ts +84 -0
- package/open-sse/services/crofUsageFetcher.ts +182 -0
- package/open-sse/services/cursorSessionManager.ts +208 -0
- package/open-sse/services/deepseekQuotaFetcher.ts +244 -0
- package/open-sse/services/deviceTracker.ts +307 -0
- package/open-sse/services/emergencyFallback.ts +162 -0
- package/open-sse/services/errorClassifier.ts +198 -0
- package/open-sse/services/evalRouting.ts +276 -0
- package/open-sse/services/freeWebSearch.ts +154 -0
- package/open-sse/services/fusion.ts +337 -0
- package/open-sse/services/geminiRateLimitTracker.ts +145 -0
- package/open-sse/services/geminiThoughtSignatureStore.ts +329 -0
- package/open-sse/services/genericQuotaFetcher.ts +215 -0
- package/open-sse/services/gigachatAuth.ts +113 -0
- package/open-sse/services/githubCopilotModels.ts +162 -0
- package/open-sse/services/gpt5SamplingGuard.ts +81 -0
- package/open-sse/services/grokTlsClient.ts +607 -0
- package/open-sse/services/hfModelSuggestions.ts +63 -0
- package/open-sse/services/inAppLoginService.ts +256 -0
- package/open-sse/services/intentClassifier.ts +665 -0
- package/open-sse/services/ipFilter.ts +340 -0
- package/open-sse/services/keyGroupAuth.ts +84 -0
- package/open-sse/services/kiroModels.ts +195 -0
- package/open-sse/services/manifestAdapter.ts +134 -0
- package/open-sse/services/mimoThinking.ts +54 -0
- package/open-sse/services/model.ts +738 -0
- package/open-sse/services/modelCapabilities.ts +5 -0
- package/open-sse/services/modelDeprecation.ts +173 -0
- package/open-sse/services/modelFamilyFallback.ts +240 -0
- package/open-sse/services/modelStrip.ts +60 -0
- package/open-sse/services/modelscopePolicy.ts +97 -0
- package/open-sse/services/opencodeOllamaUsage.ts +562 -0
- package/open-sse/services/opencodeQuotaFetcher.ts +351 -0
- package/open-sse/services/payloadRules.ts +474 -0
- package/open-sse/services/perplexityTlsClient.ts +593 -0
- package/open-sse/services/pipeline.ts +189 -0
- package/open-sse/services/provider.ts +460 -0
- package/open-sse/services/providerCooldownTracker.ts +198 -0
- package/open-sse/services/providerCostData.ts +52 -0
- package/open-sse/services/providerDefaultRateLimit.ts +94 -0
- package/open-sse/services/providerRequestDefaults.ts +88 -0
- package/open-sse/services/proxyAutoSelector.ts +58 -0
- package/open-sse/services/qoderCli.ts +987 -0
- package/open-sse/services/qoderCliResolve.ts +111 -0
- package/open-sse/services/quotaFetchThrottle.ts +118 -0
- package/open-sse/services/quotaMonitor.ts +377 -0
- package/open-sse/services/quotaPreflight.ts +349 -0
- package/open-sse/services/qwenThinking.ts +44 -0
- package/open-sse/services/rateLimitManager/headers.ts +94 -0
- package/open-sse/services/rateLimitManager.ts +945 -0
- package/open-sse/services/rateLimitSemaphore.ts +231 -0
- package/open-sse/services/reasoningCache.ts +514 -0
- package/open-sse/services/reasoningTokenBuffer.ts +50 -0
- package/open-sse/services/refreshSerializer.ts +131 -0
- package/open-sse/services/requestDedup.ts +127 -0
- package/open-sse/services/responseModelEcho.ts +79 -0
- package/open-sse/services/responsesInputSanitizer.ts +145 -0
- package/open-sse/services/retryAfterJson.ts +44 -0
- package/open-sse/services/roleNormalizer.ts +283 -0
- package/open-sse/services/searchCache.ts +150 -0
- package/open-sse/services/sessionManager.ts +380 -0
- package/open-sse/services/sessionPool/fingerprintRotator.ts +126 -0
- package/open-sse/services/sessionPool/index.ts +28 -0
- package/open-sse/services/sessionPool/poolRegistry.ts +93 -0
- package/open-sse/services/sessionPool/session.ts +119 -0
- package/open-sse/services/sessionPool/sessionFactory.ts +57 -0
- package/open-sse/services/sessionPool/sessionPool.ts +326 -0
- package/open-sse/services/sessionPool/types.ts +100 -0
- package/open-sse/services/sessionPool/webExecutorWrapper.ts +132 -0
- package/open-sse/services/signatureCache.ts +189 -0
- package/open-sse/services/slidingWindowLimiter.ts +84 -0
- package/open-sse/services/specificityDetector.ts +89 -0
- package/open-sse/services/specificityRules.ts +257 -0
- package/open-sse/services/specificityTypes.ts +43 -0
- package/open-sse/services/streamRecovery.ts +545 -0
- package/open-sse/services/systemPrompt.ts +187 -0
- package/open-sse/services/systemTransforms.ts +532 -0
- package/open-sse/services/taskAwareRouter.ts +326 -0
- package/open-sse/services/taskAwareRouting.ts +553 -0
- package/open-sse/services/thinkingBudget.ts +391 -0
- package/open-sse/services/tierConfig.ts +124 -0
- package/open-sse/services/tierDefaults.json +26 -0
- package/open-sse/services/tierResolver.ts +144 -0
- package/open-sse/services/tierTypes.ts +40 -0
- package/open-sse/services/tlsClientProxy.ts +30 -0
- package/open-sse/services/tokenExtractionConfig.ts +398 -0
- package/open-sse/services/tokenLimitCounter.ts +342 -0
- package/open-sse/services/tokenRefresh.ts +2180 -0
- package/open-sse/services/toolLatencyTracker.ts +89 -0
- package/open-sse/services/toolLimitDetector.ts +87 -0
- package/open-sse/services/toolSchemaSanitizer.ts +165 -0
- package/open-sse/services/usage/antigravity.ts +794 -0
- package/open-sse/services/usage/claude.ts +216 -0
- package/open-sse/services/usage/codebuddy-cn.ts +199 -0
- package/open-sse/services/usage/codex.ts +75 -0
- package/open-sse/services/usage/cursor.ts +161 -0
- package/open-sse/services/usage/glm.ts +220 -0
- package/open-sse/services/usage/kimi.ts +209 -0
- package/open-sse/services/usage/kiro.ts +243 -0
- package/open-sse/services/usage/minimax.ts +346 -0
- package/open-sse/services/usage/quota.ts +85 -0
- package/open-sse/services/usage/scalars.ts +75 -0
- package/open-sse/services/usage.ts +1058 -0
- package/open-sse/services/volumeDetector.ts +224 -0
- package/open-sse/services/webSearchFallback.ts +246 -0
- package/open-sse/services/webSearchRouting.ts +68 -0
- package/open-sse/services/webSessionPoolHealth.ts +287 -0
- package/open-sse/services/wildcardRouter.ts +136 -0
- package/open-sse/services/workflowFSM.ts +340 -0
- package/open-sse/shared/zedAuth.ts +535 -0
- package/open-sse/transformer/responsesTransformer.ts +667 -0
- package/open-sse/translator/bootstrap.ts +27 -0
- package/open-sse/translator/deepseekWebTools.ts +486 -0
- package/open-sse/translator/formats.ts +12 -0
- package/open-sse/translator/helpers/claudeHelper.ts +563 -0
- package/open-sse/translator/helpers/geminiHelper.ts +657 -0
- package/open-sse/translator/helpers/geminiToolsSanitizer.ts +255 -0
- package/open-sse/translator/helpers/jsonUtil.ts +18 -0
- package/open-sse/translator/helpers/maxTokensHelper.ts +21 -0
- package/open-sse/translator/helpers/openaiHelper.ts +244 -0
- package/open-sse/translator/helpers/responsesApiHelper.ts +9 -0
- package/open-sse/translator/helpers/schemaCoercion.ts +408 -0
- package/open-sse/translator/helpers/toolCallHelper.ts +224 -0
- package/open-sse/translator/helpers/toolCallShim.ts +113 -0
- package/open-sse/translator/image/sizeMapper.ts +22 -0
- package/open-sse/translator/index.ts +614 -0
- package/open-sse/translator/paramSupport.ts +70 -0
- package/open-sse/translator/registry.ts +41 -0
- package/open-sse/translator/request/antigravity-to-openai.ts +357 -0
- package/open-sse/translator/request/claude-to-gemini.ts +236 -0
- package/open-sse/translator/request/claude-to-openai.ts +534 -0
- package/open-sse/translator/request/gemini-to-openai.ts +193 -0
- package/open-sse/translator/request/openai-responses/helpers.ts +69 -0
- package/open-sse/translator/request/openai-responses/toResponses.ts +357 -0
- package/open-sse/translator/request/openai-responses.ts +533 -0
- package/open-sse/translator/request/openai-to-claude/thinkingBudget.ts +89 -0
- package/open-sse/translator/request/openai-to-claude/toolResultAdjacency.ts +106 -0
- package/open-sse/translator/request/openai-to-claude.ts +747 -0
- package/open-sse/translator/request/openai-to-cursor.ts +226 -0
- package/open-sse/translator/request/openai-to-gemini/helpers.ts +142 -0
- package/open-sse/translator/request/openai-to-gemini.ts +753 -0
- package/open-sse/translator/request/openai-to-kiro/messageHelpers.ts +109 -0
- package/open-sse/translator/request/openai-to-kiro.ts +889 -0
- package/open-sse/translator/response/claude-to-openai.ts +327 -0
- package/open-sse/translator/response/cursor-to-openai.ts +30 -0
- package/open-sse/translator/response/gemini-to-claude.ts +199 -0
- package/open-sse/translator/response/gemini-to-openai.ts +765 -0
- package/open-sse/translator/response/kiro-to-openai.ts +211 -0
- package/open-sse/translator/response/openai-responses/pureHelpers.ts +92 -0
- package/open-sse/translator/response/openai-responses.ts +1011 -0
- package/open-sse/translator/response/openai-to-antigravity.ts +145 -0
- package/open-sse/translator/response/openai-to-claude.ts +289 -0
- package/open-sse/translator/response/openai-to-gemini-sse.ts +431 -0
- package/open-sse/translator/webTools.ts +531 -0
- package/open-sse/tsconfig.json +25 -0
- package/open-sse/types.d.ts +139 -0
- package/open-sse/utils/agentGoalPolicy.ts +112 -0
- package/open-sse/utils/aiSdkCompat.ts +179 -0
- package/open-sse/utils/anthropicHost.ts +25 -0
- package/open-sse/utils/awsSigV4.ts +139 -0
- package/open-sse/utils/bypassHandler.ts +300 -0
- package/open-sse/utils/cacheControlPolicy.ts +374 -0
- package/open-sse/utils/claudeCodeMetaRequests.ts +87 -0
- package/open-sse/utils/clinepassEnvelope.ts +59 -0
- package/open-sse/utils/comfyuiClient.ts +126 -0
- package/open-sse/utils/composerToolCalls.ts +307 -0
- package/open-sse/utils/cors.ts +13 -0
- package/open-sse/utils/cursorAgentProtobuf/wire.ts +143 -0
- package/open-sse/utils/cursorAgentProtobuf.ts +1400 -0
- package/open-sse/utils/cursorChecksum.ts +139 -0
- package/open-sse/utils/cursorImages.ts +354 -0
- package/open-sse/utils/cursorVersionDetector.ts +74 -0
- package/open-sse/utils/diagnostics.ts +288 -0
- package/open-sse/utils/earlyStreamKeepalive.ts +228 -0
- package/open-sse/utils/error.ts +515 -0
- package/open-sse/utils/estimateSize.ts +35 -0
- package/open-sse/utils/finishReason.ts +36 -0
- package/open-sse/utils/flattenToolHistory.ts +116 -0
- package/open-sse/utils/headers.ts +61 -0
- package/open-sse/utils/heapPressure.ts +81 -0
- package/open-sse/utils/jsonToSse.ts +127 -0
- package/open-sse/utils/keepaliveThreshold.ts +62 -0
- package/open-sse/utils/kieTask.ts +127 -0
- package/open-sse/utils/kiroSanitizer.ts +127 -0
- package/open-sse/utils/logger.ts +190 -0
- package/open-sse/utils/networkProxy.ts +75 -0
- package/open-sse/utils/noThinkingAlias.ts +153 -0
- package/open-sse/utils/number.ts +4 -0
- package/open-sse/utils/ollamaTransform.ts +122 -0
- package/open-sse/utils/opencodeHeaders.ts +98 -0
- package/open-sse/utils/passthroughTailProcessor.ts +299 -0
- package/open-sse/utils/progressTracker.ts +112 -0
- package/open-sse/utils/providerRequestLogging.ts +272 -0
- package/open-sse/utils/proxyDispatcher.ts +507 -0
- package/open-sse/utils/proxyDispatcherCache.ts +124 -0
- package/open-sse/utils/proxyFallback.ts +418 -0
- package/open-sse/utils/proxyFamily.ts +24 -0
- package/open-sse/utils/proxyFamilyResolve.ts +39 -0
- package/open-sse/utils/proxyFetch.ts +666 -0
- package/open-sse/utils/publicCreds.ts +215 -0
- package/open-sse/utils/reasoningContentInjector.ts +73 -0
- package/open-sse/utils/reasoningFields.ts +72 -0
- package/open-sse/utils/requestLogger.ts +386 -0
- package/open-sse/utils/responsesInputNormalization.ts +94 -0
- package/open-sse/utils/responsesStatePolicy.ts +75 -0
- package/open-sse/utils/responsesStreamHelpers.ts +166 -0
- package/open-sse/utils/setupPolyfill.ts +33 -0
- package/open-sse/utils/sha3-512.ts +164 -0
- package/open-sse/utils/sleep.ts +9 -0
- package/open-sse/utils/socksConnectorWithFamily.ts +89 -0
- package/open-sse/utils/sseHeartbeat.ts +119 -0
- package/open-sse/utils/stream.ts +2791 -0
- package/open-sse/utils/streamFailureFinalization.ts +174 -0
- package/open-sse/utils/streamHandler.ts +680 -0
- package/open-sse/utils/streamHelpers.ts +460 -0
- package/open-sse/utils/streamPayloadCollector.ts +700 -0
- package/open-sse/utils/streamReadiness.ts +385 -0
- package/open-sse/utils/streamReadinessPolicy.ts +132 -0
- package/open-sse/utils/textualToolCall.ts +112 -0
- package/open-sse/utils/thinkCloseMarker.ts +77 -0
- package/open-sse/utils/thinkTagParser.ts +146 -0
- package/open-sse/utils/tlsClient.ts +243 -0
- package/open-sse/utils/toolCallArguments.ts +32 -0
- package/open-sse/utils/toolSources.ts +69 -0
- package/open-sse/utils/upstreamResponseHeaders.ts +47 -0
- package/open-sse/utils/urlSanitize.ts +24 -0
- package/open-sse/utils/usageTracking.ts +596 -0
- package/package.json +393 -0
- package/scripts/build/build-next-isolated.mjs +322 -0
- package/scripts/build/colocateOptionals.mjs +144 -0
- package/scripts/build/native-binary-compat.mjs +167 -0
- package/scripts/build/postinstall.mjs +357 -0
- package/scripts/build/postinstallSupport.mjs +45 -0
- package/scripts/build/runtime-env.mjs +140 -0
- package/scripts/build/sync-env.mjs +3 -0
- package/scripts/check/check-supported-node-runtime.ts +20 -0
- package/scripts/dev/responses-ws-proxy.mjs +907 -0
- package/scripts/dev/sync-env.mjs +362 -0
- package/scripts/dev/tls-options.mjs +92 -0
- package/scripts/postinstall.mjs +27 -0
- package/src/domain/assessment/assessor.ts +206 -0
- package/src/domain/assessment/categorizer.ts +118 -0
- package/src/domain/assessment/index.ts +24 -0
- package/src/domain/assessment/migration.ts +111 -0
- package/src/domain/assessment/selfHealer.ts +261 -0
- package/src/domain/assessment/types.ts +361 -0
- package/src/domain/comboResolver.ts +106 -0
- package/src/domain/configAudit.ts +285 -0
- package/src/domain/connectionModelRules.ts +82 -0
- package/src/domain/costRules.ts +631 -0
- package/src/domain/degradation.ts +253 -0
- package/src/domain/fallbackPolicy.ts +160 -0
- package/src/domain/lockoutPolicy.ts +208 -0
- package/src/domain/modelAvailability.ts +41 -0
- package/src/domain/omnirouteResponseMeta.ts +202 -0
- package/src/domain/pipeline.ts +307 -0
- package/src/domain/policyEngine.ts +195 -0
- package/src/domain/prompts.ts +103 -0
- package/src/domain/providerExpiration.ts +255 -0
- package/src/domain/quotaCache.ts +553 -0
- package/src/domain/responses.ts +139 -0
- package/src/domain/tagRouter.ts +64 -0
- package/src/domain/types.ts +123 -0
- package/src/lib/a2a/README.md +748 -0
- package/src/lib/a2a/routingLogger.ts +67 -0
- package/src/lib/a2a/skills/costAnalysis.ts +162 -0
- package/src/lib/a2a/skills/healthReport.ts +155 -0
- package/src/lib/a2a/skills/listCapabilities.ts +72 -0
- package/src/lib/a2a/skills/providerDiscovery.ts +202 -0
- package/src/lib/a2a/skills/quotaManagement.ts +121 -0
- package/src/lib/a2a/skills/smartRouting.ts +89 -0
- package/src/lib/a2a/streaming.ts +149 -0
- package/src/lib/a2a/taskExecution.ts +64 -0
- package/src/lib/a2a/taskManager.ts +240 -0
- package/src/lib/accessTokens/scopes.ts +51 -0
- package/src/lib/acp/index.ts +11 -0
- package/src/lib/acp/manager.ts +202 -0
- package/src/lib/acp/registry.ts +384 -0
- package/src/lib/agentSkills/catalog.ts +256 -0
- package/src/lib/agentSkills/cliRegistryParser.ts +242 -0
- package/src/lib/agentSkills/generator.ts +367 -0
- package/src/lib/agentSkills/openapiParser.ts +201 -0
- package/src/lib/agentSkills/schemas.ts +36 -0
- package/src/lib/agentSkills/types.ts +101 -0
- package/src/lib/api/comboErrorResponse.ts +80 -0
- package/src/lib/api/errorResponse.ts +54 -0
- package/src/lib/api/modelTestRunner.ts +390 -0
- package/src/lib/api/proxyRegistryRouteHandlers.ts +142 -0
- package/src/lib/api/requireCliToolsAuth.ts +5 -0
- package/src/lib/api/requireManagementAuth.ts +118 -0
- package/src/lib/api/serverErrorMessage.ts +36 -0
- package/src/lib/apiBridgeServer.ts +233 -0
- package/src/lib/apiKeyExposure.ts +19 -0
- package/src/lib/arenaEloSync.ts +564 -0
- package/src/lib/audit/activityIcons.ts +69 -0
- package/src/lib/audit/highLevelActions.ts +57 -0
- package/src/lib/audit/timeline.ts +132 -0
- package/src/lib/auth/managementPassword.ts +117 -0
- package/src/lib/batches/costEstimator.ts +130 -0
- package/src/lib/batches/csvToJsonl.ts +248 -0
- package/src/lib/batches/dispatch.ts +53 -0
- package/src/lib/batches/retryFailed.ts +77 -0
- package/src/lib/batches/schemas.ts +38 -0
- package/src/lib/batches/types.ts +78 -0
- package/src/lib/batches/validateJsonl.ts +154 -0
- package/src/lib/benchmarks.ts +33 -0
- package/src/lib/build-profile/featureDisabled.ts +23 -0
- package/src/lib/cacheControlSettings.ts +25 -0
- package/src/lib/cacheLayer.ts +220 -0
- package/src/lib/catalog/openrouterCatalog.ts +177 -0
- package/src/lib/cli-helper/claudeProfileAutoSync.ts +92 -0
- package/src/lib/cli-helper/codexProfileAutoSync.ts +80 -0
- package/src/lib/cli-helper/config-generator/claude.ts +25 -0
- package/src/lib/cli-helper/config-generator/cline.ts +23 -0
- package/src/lib/cli-helper/config-generator/codex.ts +34 -0
- package/src/lib/cli-helper/config-generator/continue.ts +37 -0
- package/src/lib/cli-helper/config-generator/hermes-agent.ts +210 -0
- package/src/lib/cli-helper/config-generator/hermes.ts +47 -0
- package/src/lib/cli-helper/config-generator/hermesHome.ts +40 -0
- package/src/lib/cli-helper/config-generator/index.ts +124 -0
- package/src/lib/cli-helper/config-generator/kilocode.ts +23 -0
- package/src/lib/cli-helper/config-generator/opencode.ts +443 -0
- package/src/lib/cli-helper/doctor/checks.ts +41 -0
- package/src/lib/cli-helper/log-streamer.ts +78 -0
- package/src/lib/cli-helper/tool-detector.ts +165 -0
- package/src/lib/cliTools/batchStatusCache.ts +47 -0
- package/src/lib/cliTools/checkToolConfigStatus.ts +112 -0
- package/src/lib/cloudAgent/agents/codex.ts +148 -0
- package/src/lib/cloudAgent/agents/cursor.ts +205 -0
- package/src/lib/cloudAgent/agents/devin.ts +137 -0
- package/src/lib/cloudAgent/agents/jules.ts +354 -0
- package/src/lib/cloudAgent/api.ts +86 -0
- package/src/lib/cloudAgent/baseAgent.ts +98 -0
- package/src/lib/cloudAgent/credentials.ts +89 -0
- package/src/lib/cloudAgent/db.ts +145 -0
- package/src/lib/cloudAgent/index.ts +8 -0
- package/src/lib/cloudAgent/julesApi.ts +7 -0
- package/src/lib/cloudAgent/registry.ts +29 -0
- package/src/lib/cloudAgent/types.ts +90 -0
- package/src/lib/cloudSync.stub.ts +31 -0
- package/src/lib/cloudSync.ts +210 -0
- package/src/lib/cloudflaredTunnel.ts +933 -0
- package/src/lib/combos/autoPromote.ts +92 -0
- package/src/lib/combos/builderDraft.ts +242 -0
- package/src/lib/combos/builderOptions.ts +681 -0
- package/src/lib/combos/compositeTiers.ts +200 -0
- package/src/lib/combos/controlCenter.ts +271 -0
- package/src/lib/combos/intelligentRouting.ts +192 -0
- package/src/lib/combos/steps.ts +322 -0
- package/src/lib/combos/testHealth.ts +190 -0
- package/src/lib/compliance/index.ts +637 -0
- package/src/lib/compliance/noLog.ts +86 -0
- package/src/lib/compliance/providerAudit.ts +98 -0
- package/src/lib/compression/judgeModelClient.ts +43 -0
- package/src/lib/config/hotReload.ts +115 -0
- package/src/lib/config/runtimeSettings.ts +551 -0
- package/src/lib/consoleInterceptor.ts +136 -0
- package/src/lib/container.ts +122 -0
- package/src/lib/contextWindowResolver.ts +147 -0
- package/src/lib/copilot/codegraphKnowledge.ts +229 -0
- package/src/lib/copilot/engine.ts +372 -0
- package/src/lib/copilot/systemPrompt.ts +189 -0
- package/src/lib/copilot/tools.ts +415 -0
- package/src/lib/credentialHealth/cache.ts +206 -0
- package/src/lib/credentialHealth/scheduler.ts +328 -0
- package/src/lib/dataPaths.ts +122 -0
- package/src/lib/db/AGENTS.md +70 -0
- package/src/lib/db/_rowTypes.ts +45 -0
- package/src/lib/db/accessTokens.ts +183 -0
- package/src/lib/db/adapters/betterSqliteAdapter.ts +58 -0
- package/src/lib/db/adapters/driverFactory.ts +98 -0
- package/src/lib/db/adapters/nodeSqliteAdapter.ts +60 -0
- package/src/lib/db/adapters/nodeSqliteShared.ts +148 -0
- package/src/lib/db/adapters/sqljsAdapter.ts +232 -0
- package/src/lib/db/adapters/types.ts +34 -0
- package/src/lib/db/agentBridgeBypass.ts +81 -0
- package/src/lib/db/agentBridgeMappings.ts +47 -0
- package/src/lib/db/agentBridgeState.ts +115 -0
- package/src/lib/db/apiKeyColumnFallbacks.ts +47 -0
- package/src/lib/db/apiKeyContextSources.ts +107 -0
- package/src/lib/db/apiKeyGroups.ts +318 -0
- package/src/lib/db/apiKeyUsageLimitFields.ts +65 -0
- package/src/lib/db/apiKeys/modelPermissions.ts +122 -0
- package/src/lib/db/apiKeys/rowParsers.ts +161 -0
- package/src/lib/db/apiKeys/types.ts +21 -0
- package/src/lib/db/apiKeys.ts +1492 -0
- package/src/lib/db/backup.ts +708 -0
- package/src/lib/db/batches.ts +450 -0
- package/src/lib/db/callLogStats.ts +235 -0
- package/src/lib/db/caseMapping.ts +80 -0
- package/src/lib/db/cleanup.ts +584 -0
- package/src/lib/db/cliToolState.ts +159 -0
- package/src/lib/db/comboForecast.ts +119 -0
- package/src/lib/db/combos.ts +339 -0
- package/src/lib/db/commandCodeAuth.ts +209 -0
- package/src/lib/db/compression.ts +780 -0
- package/src/lib/db/compressionAnalytics.ts +661 -0
- package/src/lib/db/compressionCacheStats.ts +112 -0
- package/src/lib/db/compressionCombos.ts +491 -0
- package/src/lib/db/compressionRunTelemetry.ts +126 -0
- package/src/lib/db/contextHandoffs.ts +233 -0
- package/src/lib/db/core.ts +1520 -0
- package/src/lib/db/creditBalance.ts +92 -0
- package/src/lib/db/databaseSettings.ts +309 -0
- package/src/lib/db/detailedLogs.ts +170 -0
- package/src/lib/db/discovery.ts +97 -0
- package/src/lib/db/discoveryResults.ts +176 -0
- package/src/lib/db/domainState.ts +630 -0
- package/src/lib/db/encryption.ts +327 -0
- package/src/lib/db/evals.ts +786 -0
- package/src/lib/db/featureFlags.ts +82 -0
- package/src/lib/db/files.ts +170 -0
- package/src/lib/db/freeProxies.ts +360 -0
- package/src/lib/db/gamification.ts +613 -0
- package/src/lib/db/healthCheck.ts +565 -0
- package/src/lib/db/inspectorCustomHosts.ts +88 -0
- package/src/lib/db/inspectorSessions.ts +161 -0
- package/src/lib/db/jsonMigration.ts +321 -0
- package/src/lib/db/memoryVec.ts +138 -0
- package/src/lib/db/middleware.ts +239 -0
- package/src/lib/db/migrationRunner/constants.ts +118 -0
- package/src/lib/db/migrationRunner.ts +1069 -0
- package/src/lib/db/migrations/001_initial_schema.sql +226 -0
- package/src/lib/db/migrations/002_mcp_a2a_tables.sql +95 -0
- package/src/lib/db/migrations/003_provider_node_custom_paths.sql +5 -0
- package/src/lib/db/migrations/004_proxy_registry.sql +31 -0
- package/src/lib/db/migrations/005_combo_agent_fields.sql +19 -0
- package/src/lib/db/migrations/006_detailed_request_logs.sql +42 -0
- package/src/lib/db/migrations/007_search_request_type.sql +4 -0
- package/src/lib/db/migrations/008_registered_keys.sql +65 -0
- package/src/lib/db/migrations/009_requested_model.sql +9 -0
- package/src/lib/db/migrations/010_model_combo_mappings.sql +19 -0
- package/src/lib/db/migrations/011_webhooks.sql +15 -0
- package/src/lib/db/migrations/012_fix_token_input_cache_tokens.sql +15 -0
- package/src/lib/db/migrations/013_quota_snapshots.sql +19 -0
- package/src/lib/db/migrations/014_unified_log_artifacts.sql +15 -0
- package/src/lib/db/migrations/015_create_memories.sql +22 -0
- package/src/lib/db/migrations/016_create_skills.sql +37 -0
- package/src/lib/db/migrations/017_version_manager_upstream_proxy.sql +56 -0
- package/src/lib/db/migrations/018_call_logs_detailed_tokens.sql +6 -0
- package/src/lib/db/migrations/019_context_handoffs.sql +28 -0
- package/src/lib/db/migrations/020_combo_sort_order.sql +16 -0
- package/src/lib/db/migrations/021_combo_call_log_targets.sql +5 -0
- package/src/lib/db/migrations/022_add_memory_fts5.sql +33 -0
- package/src/lib/db/migrations/023_fix_memory_fts_uuid.sql +55 -0
- package/src/lib/db/migrations/024_create_sync_tokens.sql +15 -0
- package/src/lib/db/migrations/025_call_logs_summary_storage.sql +145 -0
- package/src/lib/db/migrations/027_skill_mode_and_metadata.sql +10 -0
- package/src/lib/db/migrations/028_create_files_and_batches.sql +51 -0
- package/src/lib/db/migrations/029_provider_connection_max_concurrent.sql +10 -0
- package/src/lib/db/migrations/030_create_eval_runs.sql +28 -0
- package/src/lib/db/migrations/031_create_eval_suites.sql +27 -0
- package/src/lib/db/migrations/032_apikey_lifecycle.sql +24 -0
- package/src/lib/db/migrations/033_create_reasoning_cache.sql +27 -0
- package/src/lib/db/migrations/034_compression_settings.sql +10 -0
- package/src/lib/db/migrations/035_standard_compression_config.sql +9 -0
- package/src/lib/db/migrations/036_aggressive_compression.sql +4 -0
- package/src/lib/db/migrations/037_ultra_compression.sql +6 -0
- package/src/lib/db/migrations/038_compression_analytics.sql +13 -0
- package/src/lib/db/migrations/039_compression_cache_stats.sql +15 -0
- package/src/lib/db/migrations/040_oneproxy_proxy_fields.sql +24 -0
- package/src/lib/db/migrations/041_compression_receipts.sql +18 -0
- package/src/lib/db/migrations/042_compression_combos.sql +43 -0
- package/src/lib/db/migrations/043_default_compression_combo_pipeline.sql +12 -0
- package/src/lib/db/migrations/044_usage_history_api_key_backfill.sql +27 -0
- package/src/lib/db/migrations/045_compression_tokens.sql +4 -0
- package/src/lib/db/migrations/046_database_settings.sql +44 -0
- package/src/lib/db/migrations/047_aggregation_tables.sql +44 -0
- package/src/lib/db/migrations/048_summary_indexes.sql +29 -0
- package/src/lib/db/migrations/049_compression_analytics_indexes.sql +10 -0
- package/src/lib/db/migrations/050_session_account_affinity.sql +11 -0
- package/src/lib/db/migrations/051_hot_path_db_indexes.sql +10 -0
- package/src/lib/db/migrations/052_api_key_combo_throttle.sql +4 -0
- package/src/lib/db/migrations/053_remove_status_from_files.sql +2 -0
- package/src/lib/db/migrations/054_usage_history_service_tier.sql +4 -0
- package/src/lib/db/migrations/056_mcp_accessibility_compression.sql +8 -0
- package/src/lib/db/migrations/057_provider_connection_quota_window_thresholds.sql +14 -0
- package/src/lib/db/migrations/058_command_code_auth_sessions.sql +19 -0
- package/src/lib/db/migrations/059_manifest_routing.sql +21 -0
- package/src/lib/db/migrations/060_create_gamification.sql +94 -0
- package/src/lib/db/migrations/061_cloud_agent_credentials.sql +9 -0
- package/src/lib/db/migrations/062_usage_history_combo_strategy.sql +4 -0
- package/src/lib/db/migrations/063_add_last_model_to_handoffs.sql +7 -0
- package/src/lib/db/migrations/064_create_session_model_history.sql +19 -0
- package/src/lib/db/migrations/065_middleware_hooks.sql +45 -0
- package/src/lib/db/migrations/066_api_key_groups.sql +47 -0
- package/src/lib/db/migrations/067_relay_proxies.sql +56 -0
- package/src/lib/db/migrations/068_free_proxies.sql +52 -0
- package/src/lib/db/migrations/069_webhook_deliveries.sql +15 -0
- package/src/lib/db/migrations/070_webhooks_kind_metadata.sql +3 -0
- package/src/lib/db/migrations/071_services.sql +19 -0
- package/src/lib/db/migrations/072_free_proxies_fk.sql +27 -0
- package/src/lib/db/migrations/073_per_model_token_limits.sql +61 -0
- package/src/lib/db/migrations/074_discovery_results.sql +20 -0
- package/src/lib/db/migrations/075_api_key_self_service_usage_scopes.sql +51 -0
- package/src/lib/db/migrations/076_create_plugins.sql +31 -0
- package/src/lib/db/migrations/077_api_key_stream_default_mode.sql +3 -0
- package/src/lib/db/migrations/078_quota_consumption.sql +24 -0
- package/src/lib/db/migrations/079_provider_plans.sql +19 -0
- package/src/lib/db/migrations/080_agent_bridge.sql +24 -0
- package/src/lib/db/migrations/081_inspector_custom_hosts.sql +11 -0
- package/src/lib/db/migrations/082_inspector_sessions.sql +18 -0
- package/src/lib/db/migrations/083_memory_vec.sql +26 -0
- package/src/lib/db/migrations/084_playground_presets.sql +15 -0
- package/src/lib/db/migrations/085_quota_pools.sql +39 -0
- package/src/lib/db/migrations/086_api_key_allowed_quotas.sql +8 -0
- package/src/lib/db/migrations/087_quota_pool_connections.sql +21 -0
- package/src/lib/db/migrations/088_quota_groups.sql +28 -0
- package/src/lib/db/migrations/089_add_disable_non_public_to_api_keys.sql +3 -0
- package/src/lib/db/migrations/090_plugin_metrics.sql +9 -0
- package/src/lib/db/migrations/091_plugin_analytics.sql +23 -0
- package/src/lib/db/migrations/092_api_key_context_sources.sql +13 -0
- package/src/lib/db/migrations/093_proxy_enable_toggles.sql +17 -0
- package/src/lib/db/migrations/094_per_key_proxy_toggles.sql +12 -0
- package/src/lib/db/migrations/095_provider_node_custom_headers.sql +5 -0
- package/src/lib/db/migrations/096_sync_context_cache_protection.sql +9 -0
- package/src/lib/db/migrations/097_model_intelligence.sql +25 -0
- package/src/lib/db/migrations/098_clear_semantic_cache_for_key_isolation.sql +4 -0
- package/src/lib/db/migrations/099_proxy_family.sql +5 -0
- package/src/lib/db/migrations/100_cli_access_tokens.sql +18 -0
- package/src/lib/db/migrations/101_api_key_usage_limits.sql +4 -0
- package/src/lib/db/migrations/102_compression_engines_map.sql +5 -0
- package/src/lib/db/migrations/103_strip_legacy_combo_config_keys.sql +54 -0
- package/src/lib/db/migrations/104_normalize_database_cache_size.sql +10 -0
- package/src/lib/db/migrations/105_usage_history_endpoint.sql +6 -0
- package/src/lib/db/migrations/106_quota_allocation_model_caps.sql +32 -0
- package/src/lib/db/migrations/107_quota_combos_quota_share_strategy.sql +25 -0
- package/src/lib/db/migrations/108_provider_quota_reset_events.sql +26 -0
- package/src/lib/db/migrations/109_call_logs_correlation_id.sql +2 -0
- package/src/lib/db/migrations/110_model_context_overrides.sql +17 -0
- package/src/lib/db/migrations/111_memory_typed_decay.sql +10 -0
- package/src/lib/db/migrations/112_batch_item_checkpoints.sql +18 -0
- package/src/lib/db/migrations/113_provider_node_icon_url.sql +5 -0
- package/src/lib/db/migrations/114_mux_service_seed.sql +12 -0
- package/src/lib/db/migrations/115_bifrost_service.sql +9 -0
- package/src/lib/db/migrations/116_call_logs_reasoning_source.sql +13 -0
- package/src/lib/db/migrations/117_proxy_pool_rotation.sql +53 -0
- package/src/lib/db/modelComboMappings.ts +255 -0
- package/src/lib/db/modelContextOverrides.ts +133 -0
- package/src/lib/db/modelIntelligence.ts +232 -0
- package/src/lib/db/models/aliases.ts +61 -0
- package/src/lib/db/models/compat.ts +249 -0
- package/src/lib/db/models/mitmAlias.ts +32 -0
- package/src/lib/db/models/shared.ts +19 -0
- package/src/lib/db/models.ts +936 -0
- package/src/lib/db/notion.ts +48 -0
- package/src/lib/db/obsidian.ts +283 -0
- package/src/lib/db/oneproxy.ts +293 -0
- package/src/lib/db/optimizationSettings.ts +284 -0
- package/src/lib/db/playgroundPresets.ts +167 -0
- package/src/lib/db/pluginMetrics.ts +88 -0
- package/src/lib/db/plugins.ts +280 -0
- package/src/lib/db/prompts.ts +302 -0
- package/src/lib/db/providerLimits.ts +131 -0
- package/src/lib/db/providerNodeSelect.ts +48 -0
- package/src/lib/db/providerPlans.ts +149 -0
- package/src/lib/db/providerStats.ts +68 -0
- package/src/lib/db/providers/columns.ts +116 -0
- package/src/lib/db/providers/nodes.ts +169 -0
- package/src/lib/db/providers/rateLimit.ts +198 -0
- package/src/lib/db/providers.ts +803 -0
- package/src/lib/db/proxies/mappers.ts +181 -0
- package/src/lib/db/proxies/types.ts +78 -0
- package/src/lib/db/proxies.ts +1176 -0
- package/src/lib/db/proxyLogs.ts +35 -0
- package/src/lib/db/quotaConsumption.ts +274 -0
- package/src/lib/db/quotaGroups.ts +147 -0
- package/src/lib/db/quotaModelCaps.ts +128 -0
- package/src/lib/db/quotaPools.ts +548 -0
- package/src/lib/db/quotaResetEvents.ts +334 -0
- package/src/lib/db/quotaSnapshots.ts +209 -0
- package/src/lib/db/readCache.ts +202 -0
- package/src/lib/db/reasoningCache.ts +276 -0
- package/src/lib/db/recovery.ts +33 -0
- package/src/lib/db/registeredKeys.ts +532 -0
- package/src/lib/db/relayProxies.ts +364 -0
- package/src/lib/db/schemaColumns.ts +226 -0
- package/src/lib/db/secrets.ts +28 -0
- package/src/lib/db/semanticCache.ts +117 -0
- package/src/lib/db/serviceModels.ts +79 -0
- package/src/lib/db/sessionAccountAffinity.ts +212 -0
- package/src/lib/db/settings/cacheMetrics.ts +235 -0
- package/src/lib/db/settings/lkgp.ts +49 -0
- package/src/lib/db/settings/pricing.ts +254 -0
- package/src/lib/db/settings/shared.ts +9 -0
- package/src/lib/db/settings.ts +661 -0
- package/src/lib/db/skills.ts +62 -0
- package/src/lib/db/stateReset.ts +30 -0
- package/src/lib/db/stats.ts +71 -0
- package/src/lib/db/syncTokens.ts +163 -0
- package/src/lib/db/tierConfig.ts +88 -0
- package/src/lib/db/tokenLimits.ts +295 -0
- package/src/lib/db/upstreamProxy.ts +247 -0
- package/src/lib/db/usageAnalytics/sources.ts +208 -0
- package/src/lib/db/usageAnalytics.ts +723 -0
- package/src/lib/db/usageLogs.ts +94 -0
- package/src/lib/db/usageSummary.ts +18 -0
- package/src/lib/db/vacuumScheduler.ts +326 -0
- package/src/lib/db/versionManager.ts +377 -0
- package/src/lib/db/webSessionDedup.ts +57 -0
- package/src/lib/db/webhookDeliveries.ts +77 -0
- package/src/lib/db/webhooks.ts +178 -0
- package/src/lib/discovery/index.ts +137 -0
- package/src/lib/display/names.ts +73 -0
- package/src/lib/display/useProviderNodeMap.ts +68 -0
- package/src/lib/docsI18nPath.ts +33 -0
- package/src/lib/docsSanitizer.ts +42 -0
- package/src/lib/embeddings/familyGuard.ts +24 -0
- package/src/lib/embeddings/service.ts +288 -0
- package/src/lib/env/runtimeEnv.ts +166 -0
- package/src/lib/evals/evalRunner/builtinSuites.ts +676 -0
- package/src/lib/evals/evalRunner.ts +301 -0
- package/src/lib/evals/runtime.ts +311 -0
- package/src/lib/events/eventBus.ts +148 -0
- package/src/lib/events/types.ts +181 -0
- package/src/lib/freeProviderRankings.ts +340 -0
- package/src/lib/freeProxyProviders/index.ts +24 -0
- package/src/lib/freeProxyProviders/iplocate.ts +107 -0
- package/src/lib/freeProxyProviders/oneproxy.ts +127 -0
- package/src/lib/freeProxyProviders/proxifly.ts +143 -0
- package/src/lib/freeProxyProviders/types.ts +33 -0
- package/src/lib/freeProxyProviders/webshare.ts +148 -0
- package/src/lib/gamification/antiCheat.ts +160 -0
- package/src/lib/gamification/badges.ts +542 -0
- package/src/lib/gamification/events.ts +187 -0
- package/src/lib/gamification/index.ts +37 -0
- package/src/lib/gamification/invites.ts +127 -0
- package/src/lib/gamification/leaderboard.ts +64 -0
- package/src/lib/gamification/notifications.ts +118 -0
- package/src/lib/gamification/servers.ts +179 -0
- package/src/lib/gamification/sharing.ts +56 -0
- package/src/lib/gamification/streaks.ts +164 -0
- package/src/lib/gamification/xp.ts +152 -0
- package/src/lib/gracefulShutdown.ts +151 -0
- package/src/lib/guardrails/base.ts +65 -0
- package/src/lib/guardrails/index.ts +4 -0
- package/src/lib/guardrails/piiMasker.ts +208 -0
- package/src/lib/guardrails/promptInjection.ts +285 -0
- package/src/lib/guardrails/registry.ts +282 -0
- package/src/lib/guardrails/visionBridge.ts +237 -0
- package/src/lib/guardrails/visionBridgeHelpers.ts +499 -0
- package/src/lib/guardrails/visionBridgeRouter.ts +271 -0
- package/src/lib/headroom/detect.ts +214 -0
- package/src/lib/headroom/process.ts +177 -0
- package/src/lib/idempotencyLayer.ts +105 -0
- package/src/lib/images/imageRouteModel.ts +168 -0
- package/src/lib/initCloudSync.ts +52 -0
- package/src/lib/inspector/agentBridgeMaintenanceApi.ts +70 -0
- package/src/lib/inspector/captureState.ts +90 -0
- package/src/lib/inspector/configPortability.ts +86 -0
- package/src/lib/inspector/harExport.ts +188 -0
- package/src/lib/inspector/matchesTrafficFilter.ts +37 -0
- package/src/lib/inspector/secretMask.ts +6 -0
- package/src/lib/inspector/tproxyCaptureApi.ts +60 -0
- package/src/lib/ipUtils.ts +94 -0
- package/src/lib/jobs/budgetResetJob.ts +40 -0
- package/src/lib/jobs/reasoningCacheCleanupJob.ts +40 -0
- package/src/lib/localDb.ts +797 -0
- package/src/lib/localHealthCheck.ts +267 -0
- package/src/lib/logEnv.ts +164 -0
- package/src/lib/logPayloads.ts +110 -0
- package/src/lib/logRotation.ts +206 -0
- package/src/lib/machineToken.ts +53 -0
- package/src/lib/memory/cache.ts +76 -0
- package/src/lib/memory/embedding/cache.ts +77 -0
- package/src/lib/memory/embedding/index.ts +281 -0
- package/src/lib/memory/embedding/remote.ts +95 -0
- package/src/lib/memory/embedding/staticPotion.ts +253 -0
- package/src/lib/memory/embedding/transformersLocal.ts +153 -0
- package/src/lib/memory/embedding/types.ts +40 -0
- package/src/lib/memory/extraction.ts +195 -0
- package/src/lib/memory/injection.ts +211 -0
- package/src/lib/memory/qdrant.ts +521 -0
- package/src/lib/memory/reindex.ts +102 -0
- package/src/lib/memory/retrieval/scoring.ts +104 -0
- package/src/lib/memory/retrieval.ts +1072 -0
- package/src/lib/memory/schemas.ts +39 -0
- package/src/lib/memory/settings.ts +184 -0
- package/src/lib/memory/store.ts +621 -0
- package/src/lib/memory/summarization.ts +202 -0
- package/src/lib/memory/typedDecay.ts +245 -0
- package/src/lib/memory/types.ts +45 -0
- package/src/lib/memory/vectorStore.ts +425 -0
- package/src/lib/memory/verify.ts +56 -0
- package/src/lib/middleware/cliTokenAuth.ts +91 -0
- package/src/lib/middleware/registry.ts +432 -0
- package/src/lib/middleware/types.ts +129 -0
- package/src/lib/modelAliasSeed.ts +82 -0
- package/src/lib/modelCapabilities.ts +481 -0
- package/src/lib/modelMetadataRegistry.ts +574 -0
- package/src/lib/modelsDevSync/transform.ts +279 -0
- package/src/lib/modelsDevSync.ts +677 -0
- package/src/lib/monitoring/comboHealthAutopilot.ts +494 -0
- package/src/lib/monitoring/observability.ts +336 -0
- package/src/lib/monitoring/providerHealthAutopilot.ts +743 -0
- package/src/lib/monitoring/providerHealthMatrix.ts +621 -0
- package/src/lib/ngrokTunnel.ts +142 -0
- package/src/lib/notion/api.ts +247 -0
- package/src/lib/oauth/codexDeviceFlow.ts +316 -0
- package/src/lib/oauth/config/index.ts +31 -0
- package/src/lib/oauth/connectionPersistence.ts +114 -0
- package/src/lib/oauth/constants/oauth.ts +494 -0
- package/src/lib/oauth/credentialBlob.ts +105 -0
- package/src/lib/oauth/deviceFlowTickets.ts +110 -0
- package/src/lib/oauth/gitlab.ts +103 -0
- package/src/lib/oauth/pasteCredentials.ts +51 -0
- package/src/lib/oauth/providers/agy.ts +15 -0
- package/src/lib/oauth/providers/antigravity.ts +159 -0
- package/src/lib/oauth/providers/claude.ts +170 -0
- package/src/lib/oauth/providers/cline.ts +91 -0
- package/src/lib/oauth/providers/codebuddy-cn.ts +123 -0
- package/src/lib/oauth/providers/codex.ts +214 -0
- package/src/lib/oauth/providers/cursor.ts +15 -0
- package/src/lib/oauth/providers/github.ts +89 -0
- package/src/lib/oauth/providers/gitlab-duo.ts +124 -0
- package/src/lib/oauth/providers/grok-cli.ts +155 -0
- package/src/lib/oauth/providers/index.ts +59 -0
- package/src/lib/oauth/providers/kilocode.ts +77 -0
- package/src/lib/oauth/providers/kimi-coding.ts +135 -0
- package/src/lib/oauth/providers/kiro.ts +185 -0
- package/src/lib/oauth/providers/qoder.ts +81 -0
- package/src/lib/oauth/providers/qwen.ts +82 -0
- package/src/lib/oauth/providers/trae.ts +78 -0
- package/src/lib/oauth/providers/windsurf.ts +64 -0
- package/src/lib/oauth/providers/zed-hosted.ts +89 -0
- package/src/lib/oauth/providers/zed.ts +35 -0
- package/src/lib/oauth/providers.ts +278 -0
- package/src/lib/oauth/services/codexImport.ts +222 -0
- package/src/lib/oauth/services/cursor.ts +219 -0
- package/src/lib/oauth/services/kiro.ts +441 -0
- package/src/lib/oauth/utils/agyAuthImport.ts +259 -0
- package/src/lib/oauth/utils/banner.ts +62 -0
- package/src/lib/oauth/utils/claudeAuthFile.ts +334 -0
- package/src/lib/oauth/utils/claudeAuthImport.ts +259 -0
- package/src/lib/oauth/utils/claudeAuthZipExtract.ts +5 -0
- package/src/lib/oauth/utils/cliProxyAuthImport.ts +142 -0
- package/src/lib/oauth/utils/codexAuthFile.ts +352 -0
- package/src/lib/oauth/utils/codexAuthImport.ts +294 -0
- package/src/lib/oauth/utils/codexAuthZipExtract.ts +5 -0
- package/src/lib/oauth/utils/jsonZipExtract.ts +89 -0
- package/src/lib/oauth/utils/pkce.ts +37 -0
- package/src/lib/oauth/utils/server.ts +122 -0
- package/src/lib/oauth/utils/ui.ts +47 -0
- package/src/lib/obsidian/api.ts +390 -0
- package/src/lib/obsidianSync.ts +110 -0
- package/src/lib/oneproxyRotator.ts +19 -0
- package/src/lib/oneproxySync.ts +182 -0
- package/src/lib/piiSanitizer.ts +416 -0
- package/src/lib/playground/codeExport.ts +408 -0
- package/src/lib/playground/promptImprover.ts +147 -0
- package/src/lib/playground/streamMetrics.ts +61 -0
- package/src/lib/playground/types.ts +114 -0
- package/src/lib/plugins/devMode.ts +65 -0
- package/src/lib/plugins/doctor.ts +138 -0
- package/src/lib/plugins/errors.ts +38 -0
- package/src/lib/plugins/hooks.ts +322 -0
- package/src/lib/plugins/index.ts +72 -0
- package/src/lib/plugins/loader.ts +326 -0
- package/src/lib/plugins/logger.ts +50 -0
- package/src/lib/plugins/manager.ts +579 -0
- package/src/lib/plugins/manifest.ts +213 -0
- package/src/lib/plugins/marketplace.ts +202 -0
- package/src/lib/plugins/pluginWorker.ts +246 -0
- package/src/lib/plugins/sandbox.ts +29 -0
- package/src/lib/plugins/scanner.ts +110 -0
- package/src/lib/plugins/sdk.ts +88 -0
- package/src/lib/plugins/signing.ts +34 -0
- package/src/lib/plugins/testRunner.ts +95 -0
- package/src/lib/plugins/watcher.ts +90 -0
- package/src/lib/pricingSync.ts +456 -0
- package/src/lib/promptCache/index.ts +1 -0
- package/src/lib/promptCache/prefixAnalyzer.ts +81 -0
- package/src/lib/providerModels/cursorAgent.ts +166 -0
- package/src/lib/providerModels/geminiModelsParser.ts +91 -0
- package/src/lib/providerModels/managedAvailableModels.ts +165 -0
- package/src/lib/providerModels/managedModelImport.ts +349 -0
- package/src/lib/providerModels/modelDiscovery.ts +151 -0
- package/src/lib/providers/catalog.ts +246 -0
- package/src/lib/providers/claudeExtraUsage.ts +160 -0
- package/src/lib/providers/claudeFastMode.ts +75 -0
- package/src/lib/providers/codexConnectionDefaults.ts +85 -0
- package/src/lib/providers/codexFastTier.ts +210 -0
- package/src/lib/providers/imageValidation.ts +160 -0
- package/src/lib/providers/managedAvailableModels.ts +21 -0
- package/src/lib/providers/modelListingCapability.ts +26 -0
- package/src/lib/providers/nvidiaValidationModel.ts +24 -0
- package/src/lib/providers/requestDefaults.ts +318 -0
- package/src/lib/providers/serviceKindIndex.ts +0 -0
- package/src/lib/providers/staticModels.ts +170 -0
- package/src/lib/providers/validation/anthropicFormat.ts +319 -0
- package/src/lib/providers/validation/audioMiscProviders.ts +582 -0
- package/src/lib/providers/validation/cloudProviders.ts +669 -0
- package/src/lib/providers/validation/cozeError.ts +56 -0
- package/src/lib/providers/validation/directChatProbe.ts +47 -0
- package/src/lib/providers/validation/embeddingProviders.ts +143 -0
- package/src/lib/providers/validation/headers.ts +122 -0
- package/src/lib/providers/validation/metaAi.ts +117 -0
- package/src/lib/providers/validation/openaiFormat.ts +500 -0
- package/src/lib/providers/validation/searchProviders.ts +199 -0
- package/src/lib/providers/validation/transport.ts +109 -0
- package/src/lib/providers/validation/urlHelpers.ts +114 -0
- package/src/lib/providers/validation/webProvidersA.ts +808 -0
- package/src/lib/providers/validation/webProvidersB.ts +536 -0
- package/src/lib/providers/validation.ts +772 -0
- package/src/lib/providers/webCookieAuth.ts +157 -0
- package/src/lib/providers/xai/thinking.ts +127 -0
- package/src/lib/providers/xai/translators/claude.ts +368 -0
- package/src/lib/providers/xai/translators/gemini.ts +371 -0
- package/src/lib/providers/xai/translators/openai-chat.ts +310 -0
- package/src/lib/providers/xai/translators/openai-responses.ts +77 -0
- package/src/lib/proxyEgress.ts +388 -0
- package/src/lib/proxyHealth/decision.ts +77 -0
- package/src/lib/proxyHealth/scheduler.ts +207 -0
- package/src/lib/proxyHealth/statusPolicy.ts +41 -0
- package/src/lib/proxyHealth.ts +173 -0
- package/src/lib/proxyLogger.ts +240 -0
- package/src/lib/proxyRelay/cloudflareWorkerScript.ts +107 -0
- package/src/lib/quota/QuotaStore.ts +23 -0
- package/src/lib/quota/accountBuckets.ts +225 -0
- package/src/lib/quota/burnRate.ts +111 -0
- package/src/lib/quota/connectionProvider.ts +32 -0
- package/src/lib/quota/connectionRecovery.ts +303 -0
- package/src/lib/quota/dimensions.ts +61 -0
- package/src/lib/quota/enforce.ts +401 -0
- package/src/lib/quota/fairShare.ts +186 -0
- package/src/lib/quota/planRegistry.ts +107 -0
- package/src/lib/quota/planResolver.ts +78 -0
- package/src/lib/quota/quotaCombos.ts +414 -0
- package/src/lib/quota/quotaKey.ts +202 -0
- package/src/lib/quota/quotaModelNaming.ts +84 -0
- package/src/lib/quota/redisQuotaStore.ts +352 -0
- package/src/lib/quota/saturationSignals.ts +559 -0
- package/src/lib/quota/spendRecorder.ts +131 -0
- package/src/lib/quota/sqliteQuotaStore.ts +282 -0
- package/src/lib/quota/storeFactory.ts +124 -0
- package/src/lib/quota/types.ts +94 -0
- package/src/lib/resilience/modelLockoutSettings.ts +95 -0
- package/src/lib/resilience/settings/normalize.ts +359 -0
- package/src/lib/resilience/settings/types.ts +182 -0
- package/src/lib/resilience/settings.ts +386 -0
- package/src/lib/runtime/ports.ts +32 -0
- package/src/lib/search/executeWebSearch.ts +270 -0
- package/src/lib/security/localEndpoints.ts +82 -0
- package/src/lib/semanticCache.ts +377 -0
- package/src/lib/services/ServiceSupervisor.ts +243 -0
- package/src/lib/services/apiKey.ts +40 -0
- package/src/lib/services/bootstrap.ts +133 -0
- package/src/lib/services/embedPath.ts +19 -0
- package/src/lib/services/embedWsProxy.ts +285 -0
- package/src/lib/services/healthCheck.ts +79 -0
- package/src/lib/services/htmlRewriter.ts +185 -0
- package/src/lib/services/installers/bifrost.ts +145 -0
- package/src/lib/services/installers/cliproxy.ts +116 -0
- package/src/lib/services/installers/mux.ts +178 -0
- package/src/lib/services/installers/ninerouter.stub.ts +17 -0
- package/src/lib/services/installers/ninerouter.ts +157 -0
- package/src/lib/services/installers/utils.ts +167 -0
- package/src/lib/services/modelSync.ts +105 -0
- package/src/lib/services/portProbe.ts +104 -0
- package/src/lib/services/registry.ts +42 -0
- package/src/lib/services/reverseProxy.ts +180 -0
- package/src/lib/services/ringBuffer.ts +91 -0
- package/src/lib/services/types.ts +50 -0
- package/src/lib/settingsCache.ts +62 -0
- package/src/lib/skills/a2a.ts +34 -0
- package/src/lib/skills/builtin/browser.ts +22 -0
- package/src/lib/skills/builtins.ts +493 -0
- package/src/lib/skills/custom.ts +41 -0
- package/src/lib/skills/executor.ts +196 -0
- package/src/lib/skills/githubCollector.ts +426 -0
- package/src/lib/skills/hybrid.ts +67 -0
- package/src/lib/skills/injection.ts +307 -0
- package/src/lib/skills/interception.ts +343 -0
- package/src/lib/skills/providerSettings.ts +14 -0
- package/src/lib/skills/registry.ts +398 -0
- package/src/lib/skills/sandbox.ts +178 -0
- package/src/lib/skills/schemas.ts +43 -0
- package/src/lib/skills/skillssh.ts +73 -0
- package/src/lib/skills/types.ts +61 -0
- package/src/lib/source.ts +7 -0
- package/src/lib/spend/batchWriter.ts +208 -0
- package/src/lib/sseTextTransform.ts +346 -0
- package/src/lib/streamingPiiTransform.ts +350 -0
- package/src/lib/sync/bundle.ts +208 -0
- package/src/lib/sync/tokens.ts +107 -0
- package/src/lib/system/autoUpdate.ts +400 -0
- package/src/lib/system/globalPackagePath.ts +49 -0
- package/src/lib/system/versionCheck.ts +163 -0
- package/src/lib/tailscaleTunnel.ts +1201 -0
- package/src/lib/tokenHealthCheck.ts +829 -0
- package/src/lib/toolPolicy.ts +150 -0
- package/src/lib/translator/streamTransform.ts +27 -0
- package/src/lib/translatorEvents.ts +40 -0
- package/src/lib/usage/aggregateHistory.ts +212 -0
- package/src/lib/usage/apiKeySelfService.ts +420 -0
- package/src/lib/usage/apiKeyUsageLimits.ts +578 -0
- package/src/lib/usage/callLogArtifacts.ts +337 -0
- package/src/lib/usage/callLogs/format.ts +129 -0
- package/src/lib/usage/callLogs.ts +928 -0
- package/src/lib/usage/callLogsBoundedQueries.ts +42 -0
- package/src/lib/usage/codexResetCredits.ts +355 -0
- package/src/lib/usage/comboForecast.ts +441 -0
- package/src/lib/usage/comboHealth.ts +545 -0
- package/src/lib/usage/comboHealthDashboard.ts +109 -0
- package/src/lib/usage/comboScoringInspector.ts +416 -0
- package/src/lib/usage/completedRequestDetails.ts +103 -0
- package/src/lib/usage/costCalculator.ts +279 -0
- package/src/lib/usage/fetcher.ts +483 -0
- package/src/lib/usage/flatRateProviders.ts +59 -0
- package/src/lib/usage/internalUsageCommand.ts +788 -0
- package/src/lib/usage/migrations.ts +471 -0
- package/src/lib/usage/pendingRequestScope.ts +26 -0
- package/src/lib/usage/providerLimits/quotaNormalize.ts +72 -0
- package/src/lib/usage/providerLimits.ts +997 -0
- package/src/lib/usage/providerWindowCosts.ts +571 -0
- package/src/lib/usage/resilienceExplain.ts +468 -0
- package/src/lib/usage/routeExplain.ts +747 -0
- package/src/lib/usage/tokenAccounting.ts +212 -0
- package/src/lib/usage/usageEvents.ts +91 -0
- package/src/lib/usage/usageHistory/helpers.ts +85 -0
- package/src/lib/usage/usageHistory.ts +916 -0
- package/src/lib/usage/usageStats.ts +581 -0
- package/src/lib/usageAnalytics.ts +372 -0
- package/src/lib/usageDb.ts +38 -0
- package/src/lib/versionManager/binaryManager.ts +240 -0
- package/src/lib/versionManager/healthMonitor.ts +71 -0
- package/src/lib/versionManager/index.ts +155 -0
- package/src/lib/versionManager/processManager.ts +155 -0
- package/src/lib/versionManager/releaseChecker.ts +98 -0
- package/src/lib/vscode/familyFirstModelIds.ts +92 -0
- package/src/lib/vscode/modelPresentation.ts +132 -0
- package/src/lib/vscode/reasoningMetadata.ts +183 -0
- package/src/lib/vscode/serviceTierVariants.ts +202 -0
- package/src/lib/vscode/tokenizedRequest.ts +79 -0
- package/src/lib/webhookDispatcher.ts +221 -0
- package/src/lib/webhooks/eventDescriptions.ts +76 -0
- package/src/lib/webhooks/integrations/discord.ts +49 -0
- package/src/lib/webhooks/integrations/slack.ts +45 -0
- package/src/lib/webhooks/integrations/telegram.ts +67 -0
- package/src/lib/ws/handshake.ts +129 -0
- package/src/lib/zed-oauth/confirmedAccounts.ts +38 -0
- package/src/lib/zed-oauth/credentialFingerprint.ts +23 -0
- package/src/lib/zed-oauth/dockerDetect.ts +38 -0
- package/src/lib/zed-oauth/importUtils.ts +46 -0
- package/src/lib/zed-oauth/keychain-reader.stub.ts +28 -0
- package/src/lib/zed-oauth/keychain-reader.ts +231 -0
- package/src/mitm/_internal/bypass.cjs +170 -0
- package/src/mitm/_internal/forwardTarget.cjs +55 -0
- package/src/mitm/_internal/ingest.cjs +82 -0
- package/src/mitm/cert/generate.ts +41 -0
- package/src/mitm/cert/install.stub.ts +23 -0
- package/src/mitm/cert/install.ts +440 -0
- package/src/mitm/dataDir.ts +41 -0
- package/src/mitm/detection/antigravity.ts +33 -0
- package/src/mitm/detection/claudeCode.ts +25 -0
- package/src/mitm/detection/codex.ts +25 -0
- package/src/mitm/detection/copilot.ts +39 -0
- package/src/mitm/detection/cursor.ts +31 -0
- package/src/mitm/detection/index.ts +53 -0
- package/src/mitm/detection/kiro.ts +30 -0
- package/src/mitm/detection/openCode.ts +32 -0
- package/src/mitm/detection/zed.ts +26 -0
- package/src/mitm/dns/dnsConfig.ts +242 -0
- package/src/mitm/dns/provision.ts +92 -0
- package/src/mitm/handlers/antigravity.ts +192 -0
- package/src/mitm/handlers/base.ts +333 -0
- package/src/mitm/handlers/claudeCode.ts +56 -0
- package/src/mitm/handlers/codex.ts +55 -0
- package/src/mitm/handlers/copilot.ts +55 -0
- package/src/mitm/handlers/cursor.ts +55 -0
- package/src/mitm/handlers/kiro.ts +58 -0
- package/src/mitm/handlers/openCode.ts +55 -0
- package/src/mitm/handlers/trae.ts +24 -0
- package/src/mitm/handlers/zed.ts +55 -0
- package/src/mitm/inspector/agentBridgeHook.ts +137 -0
- package/src/mitm/inspector/buffer.ts +201 -0
- package/src/mitm/inspector/contextKey.ts +98 -0
- package/src/mitm/inspector/conversationNormalizer.ts +393 -0
- package/src/mitm/inspector/diagnostics.ts +67 -0
- package/src/mitm/inspector/httpProxyServer.ts +272 -0
- package/src/mitm/inspector/kindDetector.ts +87 -0
- package/src/mitm/inspector/llmMetadataExtractor.ts +183 -0
- package/src/mitm/inspector/pricing.ts +57 -0
- package/src/mitm/inspector/processAttribution.ts +107 -0
- package/src/mitm/inspector/sseMerger.ts +316 -0
- package/src/mitm/inspector/systemProxyConfig.ts +316 -0
- package/src/mitm/inspector/types.ts +112 -0
- package/src/mitm/manager.runtime.ts +5 -0
- package/src/mitm/manager.stub.ts +44 -0
- package/src/mitm/manager.ts +762 -0
- package/src/mitm/maskSecrets.ts +31 -0
- package/src/mitm/passthrough.ts +76 -0
- package/src/mitm/sanitizeHeaders.ts +61 -0
- package/src/mitm/server.cjs +786 -0
- package/src/mitm/socketTimeouts.ts +24 -0
- package/src/mitm/systemCommands.ts +280 -0
- package/src/mitm/targets/antigravity.ts +85 -0
- package/src/mitm/targets/claudeCode.ts +37 -0
- package/src/mitm/targets/codex.ts +30 -0
- package/src/mitm/targets/copilot.ts +32 -0
- package/src/mitm/targets/cursor.ts +33 -0
- package/src/mitm/targets/index.ts +75 -0
- package/src/mitm/targets/kiro.ts +64 -0
- package/src/mitm/targets/openCode.ts +34 -0
- package/src/mitm/targets/trae.ts +32 -0
- package/src/mitm/targets/zed.ts +32 -0
- package/src/mitm/tproxy/caTrust.ts +120 -0
- package/src/mitm/tproxy/captureManager.ts +118 -0
- package/src/mitm/tproxy/captureMode.ts +226 -0
- package/src/mitm/tproxy/commands.ts +122 -0
- package/src/mitm/tproxy/dynamicCert.ts +119 -0
- package/src/mitm/tproxy/native/README.md +55 -0
- package/src/mitm/tproxy/native/binding.gyp +9 -0
- package/src/mitm/tproxy/native/transparent.c +147 -0
- package/src/mitm/tproxy/setup.ts +68 -0
- package/src/mitm/tproxy/tlsCapture.ts +368 -0
- package/src/mitm/tproxy/transparentSocket.ts +131 -0
- package/src/mitm/types.ts +75 -0
- package/src/mitm/upstreamTrust.ts +40 -0
- package/src/models/index.ts +29 -0
- package/src/server/auth/loginGuard.ts +130 -0
- package/src/server/authz/accessScopes.ts +62 -0
- package/src/server/authz/accessTokenAuth.ts +67 -0
- package/src/server/authz/assertAuth.ts +88 -0
- package/src/server/authz/classify.ts +135 -0
- package/src/server/authz/context.ts +44 -0
- package/src/server/authz/csrf.ts +85 -0
- package/src/server/authz/headers.ts +76 -0
- package/src/server/authz/peerStamp.ts +99 -0
- package/src/server/authz/pipeline.ts +370 -0
- package/src/server/authz/policies/clientApi.ts +72 -0
- package/src/server/authz/policies/management.ts +298 -0
- package/src/server/authz/policies/public.ts +9 -0
- package/src/server/authz/routeGuard.ts +233 -0
- package/src/server/authz/types.ts +77 -0
- package/src/server/cors/origins.ts +172 -0
- package/src/server/origin/publicOrigin.ts +270 -0
- package/src/server/ws/liveServer.ts +630 -0
- package/src/server/ws/liveServerAllowList.ts +106 -0
- package/src/server/ws/types.ts +57 -0
- package/src/shared/components/Avatar.tsx +81 -0
- package/src/shared/components/Badge.tsx +68 -0
- package/src/shared/components/Breadcrumbs.tsx +103 -0
- package/src/shared/components/Button.tsx +85 -0
- package/src/shared/components/Card.tsx +141 -0
- package/src/shared/components/Checkbox.tsx +38 -0
- package/src/shared/components/CloudSyncStatus.tsx +104 -0
- package/src/shared/components/Collapsible.tsx +93 -0
- package/src/shared/components/CollapsibleSection.tsx +66 -0
- package/src/shared/components/ColumnToggle.tsx +100 -0
- package/src/shared/components/CommandPalette.tsx +375 -0
- package/src/shared/components/ConsoleLogViewer.tsx +326 -0
- package/src/shared/components/CursorAuthModal.tsx +198 -0
- package/src/shared/components/DataTable.tsx +195 -0
- package/src/shared/components/DegradationBadge.tsx +41 -0
- package/src/shared/components/DistributeProxiesButton.tsx +74 -0
- package/src/shared/components/EmptyState.tsx +121 -0
- package/src/shared/components/ErrorPageScaffold.tsx +91 -0
- package/src/shared/components/FilterBar.tsx +197 -0
- package/src/shared/components/Footer.tsx +169 -0
- package/src/shared/components/Header.tsx +284 -0
- package/src/shared/components/InfoTooltip.tsx +34 -0
- package/src/shared/components/Input.tsx +155 -0
- package/src/shared/components/KiroAuthModal.tsx +425 -0
- package/src/shared/components/KiroOAuthWrapper.tsx +116 -0
- package/src/shared/components/KiroSocialOAuthModal.tsx +202 -0
- package/src/shared/components/LanguageSelector.tsx +106 -0
- package/src/shared/components/LinkifiedText.tsx +30 -0
- package/src/shared/components/Loading.tsx +128 -0
- package/src/shared/components/LocaleAutoDetect.tsx +43 -0
- package/src/shared/components/MaintenanceBanner.tsx +87 -0
- package/src/shared/components/ManualConfigModal.tsx +51 -0
- package/src/shared/components/Modal.tsx +240 -0
- package/src/shared/components/ModelRoutingSection.tsx +323 -0
- package/src/shared/components/ModelSelectModal.tsx +618 -0
- package/src/shared/components/MonacoEditor.tsx +23 -0
- package/src/shared/components/NavigationProgress.tsx +105 -0
- package/src/shared/components/NoAuthAccountCard.tsx +539 -0
- package/src/shared/components/NoAuthProviderCard.tsx +40 -0
- package/src/shared/components/NoAuthProviderToggle.tsx +36 -0
- package/src/shared/components/NotificationToast.tsx +206 -0
- package/src/shared/components/OAuthModal.tsx +992 -0
- package/src/shared/components/OmniRouteLogo.tsx +86 -0
- package/src/shared/components/PresetSlider.tsx +64 -0
- package/src/shared/components/PricingModal.tsx +211 -0
- package/src/shared/components/ProviderIcon.tsx +263 -0
- package/src/shared/components/ProviderTestSlideOver.tsx +560 -0
- package/src/shared/components/ProxyConfigModal.tsx +781 -0
- package/src/shared/components/ProxyLogDetail.tsx +192 -0
- package/src/shared/components/ProxyLogger.tsx +573 -0
- package/src/shared/components/PwaRegister.tsx +22 -0
- package/src/shared/components/RequestLoggerDetail.tsx +797 -0
- package/src/shared/components/RequestLoggerV2.tsx +1628 -0
- package/src/shared/components/RiskNoticeModal.tsx +81 -0
- package/src/shared/components/SegmentedControl.tsx +69 -0
- package/src/shared/components/Select.tsx +110 -0
- package/src/shared/components/Sidebar.tsx +726 -0
- package/src/shared/components/SkillsConceptCard.tsx +84 -0
- package/src/shared/components/SystemMonitor.tsx +179 -0
- package/src/shared/components/Textarea.tsx +29 -0
- package/src/shared/components/ThemeProvider.tsx +14 -0
- package/src/shared/components/ThemeToggle.tsx +52 -0
- package/src/shared/components/Toggle.tsx +102 -0
- package/src/shared/components/TokenHealthBadge.tsx +113 -0
- package/src/shared/components/Tooltip.tsx +193 -0
- package/src/shared/components/TraeAuthModal.tsx +334 -0
- package/src/shared/components/UsageAnalytics.tsx +414 -0
- package/src/shared/components/UsageStats.tsx +693 -0
- package/src/shared/components/analytics/ApiKeyFilterDropdown.tsx +205 -0
- package/src/shared/components/analytics/CustomRangePicker.tsx +195 -0
- package/src/shared/components/analytics/TimeRangeSelector.tsx +49 -0
- package/src/shared/components/analytics/chartColors.ts +12 -0
- package/src/shared/components/analytics/charts.tsx +1023 -0
- package/src/shared/components/analytics/index.tsx +28 -0
- package/src/shared/components/analytics/rechartsCore.tsx +85 -0
- package/src/shared/components/analytics/rechartsDonuts.tsx +195 -0
- package/src/shared/components/analytics/rechartsUsageCharts.tsx +312 -0
- package/src/shared/components/cli/CliComparisonCard.tsx +82 -0
- package/src/shared/components/cli/CliConceptCard.tsx +58 -0
- package/src/shared/components/cli/CliToolCard.tsx +152 -0
- package/src/shared/components/cli/index.ts +8 -0
- package/src/shared/components/compression/CompressionPipelineEditor.tsx +175 -0
- package/src/shared/components/compression/EngineConfigForm.tsx +78 -0
- package/src/shared/components/compression/EngineConfigPage.tsx +411 -0
- package/src/shared/components/compression/compressionPipelineModel.ts +78 -0
- package/src/shared/components/docs/APIReference.stories.tsx +35 -0
- package/src/shared/components/docs/APIReference.tsx +83 -0
- package/src/shared/components/docs/Callout.stories.tsx +40 -0
- package/src/shared/components/docs/Callout.tsx +38 -0
- package/src/shared/components/docs/CodeBlock.stories.tsx +25 -0
- package/src/shared/components/docs/CodeBlock.tsx +52 -0
- package/src/shared/components/docs/DocsBreadcrumbs.stories.tsx +20 -0
- package/src/shared/components/docs/DocsBreadcrumbs.tsx +46 -0
- package/src/shared/components/docs/DocsSidebar.stories.tsx +31 -0
- package/src/shared/components/docs/DocsSidebar.tsx +77 -0
- package/src/shared/components/docs/DocsThemeProvider.tsx +21 -0
- package/src/shared/components/docs/Tabs.stories.tsx +26 -0
- package/src/shared/components/docs/Tabs.tsx +50 -0
- package/src/shared/components/docs/tokens.ts +38 -0
- package/src/shared/components/flow/FlowCanvas.tsx +151 -0
- package/src/shared/components/flow/StatusDot.tsx +36 -0
- package/src/shared/components/flow/edgeStyles.ts +32 -0
- package/src/shared/components/index.tsx +49 -0
- package/src/shared/components/layouts/AuthLayout.tsx +28 -0
- package/src/shared/components/layouts/DashboardLayout.tsx +131 -0
- package/src/shared/components/layouts/index.tsx +3 -0
- package/src/shared/components/lobeProviderIcons.ts +488 -0
- package/src/shared/components/logTableStyles.ts +7 -0
- package/src/shared/components/modelSelectModalHelpers.ts +75 -0
- package/src/shared/components/oauthBlobSubmit.ts +42 -0
- package/src/shared/components/proxyAssignment.ts +40 -0
- package/src/shared/components/requestLoggerPreferences.ts +44 -0
- package/src/shared/components/requestLoggerSignature.ts +56 -0
- package/src/shared/constants/agentSkills.ts +457 -0
- package/src/shared/constants/antigravityClientProfile.ts +29 -0
- package/src/shared/constants/apiKeyPolicyScopes.ts +5 -0
- package/src/shared/constants/appConfig.ts +12 -0
- package/src/shared/constants/batch.ts +1 -0
- package/src/shared/constants/batchEndpoints.ts +11 -0
- package/src/shared/constants/bodySize.ts +39 -0
- package/src/shared/constants/cliCompatProviders.ts +88 -0
- package/src/shared/constants/cliTools.ts +862 -0
- package/src/shared/constants/clientIdentityProfiles.ts +89 -0
- package/src/shared/constants/colors.ts +147 -0
- package/src/shared/constants/comboConfigMode.ts +9 -0
- package/src/shared/constants/config.ts +44 -0
- package/src/shared/constants/dashboardCsrf.ts +1 -0
- package/src/shared/constants/endpointCategories.ts +133 -0
- package/src/shared/constants/errorCodes.ts +245 -0
- package/src/shared/constants/featureFlagDefinitions.ts +495 -0
- package/src/shared/constants/headers.ts +16 -0
- package/src/shared/constants/homeWidgets.ts +5 -0
- package/src/shared/constants/index.ts +4 -0
- package/src/shared/constants/managementScopes.ts +31 -0
- package/src/shared/constants/mcpScopes.ts +78 -0
- package/src/shared/constants/mitmToolHosts.ts +31 -0
- package/src/shared/constants/modal.ts +5 -0
- package/src/shared/constants/modelCompat.ts +9 -0
- package/src/shared/constants/modelSpecs.ts +607 -0
- package/src/shared/constants/models.ts +40 -0
- package/src/shared/constants/openRouterPreset.ts +11 -0
- package/src/shared/constants/pricing/default-pricing.ts +16 -0
- package/src/shared/constants/pricing/frontier-labs.ts +386 -0
- package/src/shared/constants/pricing/inference-hosts.ts +208 -0
- package/src/shared/constants/pricing/oauth-subscriptions.ts +599 -0
- package/src/shared/constants/pricing/regional.ts +168 -0
- package/src/shared/constants/pricing/shared-tiers.ts +162 -0
- package/src/shared/constants/pricing.ts +40 -0
- package/src/shared/constants/providers/apikey/enterprise-cloud.ts +214 -0
- package/src/shared/constants/providers/apikey/frontier-labs.ts +253 -0
- package/src/shared/constants/providers/apikey/gateways.ts +662 -0
- package/src/shared/constants/providers/apikey/index.ts +21 -0
- package/src/shared/constants/providers/apikey/inference-hosts.ts +328 -0
- package/src/shared/constants/providers/apikey/regional.ts +372 -0
- package/src/shared/constants/providers/apikey/specialty-media.ts +266 -0
- package/src/shared/constants/providers/audio.ts +71 -0
- package/src/shared/constants/providers/cloud-agent.ts +36 -0
- package/src/shared/constants/providers/local.ts +162 -0
- package/src/shared/constants/providers/noauth.ts +123 -0
- package/src/shared/constants/providers/oauth.ts +231 -0
- package/src/shared/constants/providers/search.ts +125 -0
- package/src/shared/constants/providers/system.ts +16 -0
- package/src/shared/constants/providers/upstream-proxy.ts +36 -0
- package/src/shared/constants/providers/web-cookie.ts +364 -0
- package/src/shared/constants/providers.ts +449 -0
- package/src/shared/constants/publicApiRoutes.ts +62 -0
- package/src/shared/constants/responsesPreviousResponseId.ts +5 -0
- package/src/shared/constants/routingStrategies.ts +216 -0
- package/src/shared/constants/selfServiceScopes.ts +20 -0
- package/src/shared/constants/serviceKinds.ts +34 -0
- package/src/shared/constants/sidebarGroupVisibility.ts +31 -0
- package/src/shared/constants/sidebarVisibility/sections.ts +769 -0
- package/src/shared/constants/sidebarVisibility/types.ts +161 -0
- package/src/shared/constants/sidebarVisibility.ts +291 -0
- package/src/shared/constants/spawnCapablePrefixes.ts +35 -0
- package/src/shared/constants/statusColors.ts +17 -0
- package/src/shared/constants/upstreamHeaders.ts +42 -0
- package/src/shared/constants/visionBridgeDefaults.ts +88 -0
- package/src/shared/constants/visionModels.ts +68 -0
- package/src/shared/contracts/quota.ts +138 -0
- package/src/shared/hooks/cli/useToolBatchStatuses.ts +54 -0
- package/src/shared/hooks/index.ts +3 -0
- package/src/shared/hooks/useCopyToClipboard.ts +38 -0
- package/src/shared/hooks/useDisplayBaseUrl.ts +49 -0
- package/src/shared/hooks/useElectron.ts +197 -0
- package/src/shared/hooks/useTheme.ts +59 -0
- package/src/shared/http/apiErrorMessage.ts +19 -0
- package/src/shared/lib/persistLocale.ts +19 -0
- package/src/shared/middleware/bodySizeGuard.ts +97 -0
- package/src/shared/middleware/chatBodyAdmission.ts +161 -0
- package/src/shared/middleware/correlationId.ts +43 -0
- package/src/shared/network/outboundUrlGuard.ts +276 -0
- package/src/shared/network/remoteImageFetch.ts +182 -0
- package/src/shared/network/safeOutboundFetch.ts +372 -0
- package/src/shared/providers/webSessionCredentials.ts +308 -0
- package/src/shared/reasoning/effortStandardization.ts +124 -0
- package/src/shared/schemas/agentBridge.ts +37 -0
- package/src/shared/schemas/cliCatalog.ts +66 -0
- package/src/shared/schemas/inspector.ts +47 -0
- package/src/shared/schemas/memory.ts +142 -0
- package/src/shared/schemas/playground.ts +67 -0
- package/src/shared/schemas/qdrant.ts +39 -0
- package/src/shared/schemas/quota.ts +61 -0
- package/src/shared/schemas/searchTools.ts +39 -0
- package/src/shared/schemas/validation.ts +154 -0
- package/src/shared/services/apiKeyResolver.ts +44 -0
- package/src/shared/services/backupService.ts +233 -0
- package/src/shared/services/claudeCliConfig.ts +17 -0
- package/src/shared/services/cliRuntime.ts +1099 -0
- package/src/shared/services/cloudSyncScheduler.ts +135 -0
- package/src/shared/services/droidCustomModels.ts +118 -0
- package/src/shared/services/initializeCloudSync.ts +31 -0
- package/src/shared/services/loginShellPath.ts +87 -0
- package/src/shared/services/modelSyncScheduler.ts +225 -0
- package/src/shared/services/opencodeConfig.ts +140 -0
- package/src/shared/services/providerLimitsSyncScheduler.ts +72 -0
- package/src/shared/types/cliBatchStatus.ts +18 -0
- package/src/shared/types/index.ts +3 -0
- package/src/shared/types/pagination.ts +61 -0
- package/src/shared/types/utilization.ts +405 -0
- package/src/shared/utils/a11yAudit.ts +140 -0
- package/src/shared/utils/api.ts +112 -0
- package/src/shared/utils/apiAuth.ts +354 -0
- package/src/shared/utils/apiKey.ts +92 -0
- package/src/shared/utils/apiKeyPolicy.ts +680 -0
- package/src/shared/utils/apiResponse.ts +79 -0
- package/src/shared/utils/bulkApiKeyParser.ts +113 -0
- package/src/shared/utils/circuitBreaker.ts +611 -0
- package/src/shared/utils/classify429.ts +253 -0
- package/src/shared/utils/cliCompat.ts +5 -0
- package/src/shared/utils/clineAuth.ts +62 -0
- package/src/shared/utils/clipboard.ts +49 -0
- package/src/shared/utils/cloud.ts +41 -0
- package/src/shared/utils/cn.ts +12 -0
- package/src/shared/utils/codexBaseUrl.ts +32 -0
- package/src/shared/utils/codexConfig.ts +30 -0
- package/src/shared/utils/compressionHeaderEcho.ts +59 -0
- package/src/shared/utils/cors.ts +24 -0
- package/src/shared/utils/costEstimator.ts +126 -0
- package/src/shared/utils/dashboardCsrf.ts +196 -0
- package/src/shared/utils/featureFlags.ts +113 -0
- package/src/shared/utils/fetchError.ts +26 -0
- package/src/shared/utils/fetchTimeout.ts +78 -0
- package/src/shared/utils/formatting.ts +183 -0
- package/src/shared/utils/freeModels.ts +112 -0
- package/src/shared/utils/index.ts +39 -0
- package/src/shared/utils/inputSanitizer.ts +339 -0
- package/src/shared/utils/linkify.ts +54 -0
- package/src/shared/utils/logRedaction.ts +108 -0
- package/src/shared/utils/logger.ts +173 -0
- package/src/shared/utils/machine.ts +5 -0
- package/src/shared/utils/machineId.ts +167 -0
- package/src/shared/utils/maskEmail.ts +77 -0
- package/src/shared/utils/modelCatalogSearch.ts +84 -0
- package/src/shared/utils/noAuthProviders.ts +79 -0
- package/src/shared/utils/nodeRuntimeSupport.ts +112 -0
- package/src/shared/utils/parseApiKeys.ts +41 -0
- package/src/shared/utils/providerDisplayLabel.ts +41 -0
- package/src/shared/utils/providerHints.ts +73 -0
- package/src/shared/utils/providerModelAliases.ts +68 -0
- package/src/shared/utils/rateLimiter.ts +243 -0
- package/src/shared/utils/releaseNotes.ts +53 -0
- package/src/shared/utils/requestId.ts +102 -0
- package/src/shared/utils/requestTelemetry.ts +189 -0
- package/src/shared/utils/requestTimeout.ts +64 -0
- package/src/shared/utils/resolveOmniRouteBaseUrl.ts +24 -0
- package/src/shared/utils/runtimeTimeouts.ts +257 -0
- package/src/shared/utils/secretsValidator.ts +135 -0
- package/src/shared/utils/secureRandom.ts +66 -0
- package/src/shared/utils/serviceTierLabels.ts +42 -0
- package/src/shared/utils/shuffleDeck.ts +147 -0
- package/src/shared/utils/sidebarRouteMatch.ts +43 -0
- package/src/shared/utils/streamTracker.ts +187 -0
- package/src/shared/utils/structuredLogger.ts +219 -0
- package/src/shared/utils/tiktokenCounter.ts +21 -0
- package/src/shared/utils/turkishText.ts +66 -0
- package/src/shared/utils/upstreamError.ts +112 -0
- package/src/shared/validation/compressionConfigSchemas.ts +234 -0
- package/src/shared/validation/freeProxySchemas.ts +111 -0
- package/src/shared/validation/helpers.ts +117 -0
- package/src/shared/validation/oneproxySchemas.ts +14 -0
- package/src/shared/validation/providerSchema.ts +51 -0
- package/src/shared/validation/providerSpecificData.ts +354 -0
- package/src/shared/validation/schemas/apiV1.ts +297 -0
- package/src/shared/validation/schemas/auth.ts +200 -0
- package/src/shared/validation/schemas/cli.ts +86 -0
- package/src/shared/validation/schemas/cloud.ts +53 -0
- package/src/shared/validation/schemas/combo.ts +373 -0
- package/src/shared/validation/schemas/evals.ts +86 -0
- package/src/shared/validation/schemas/gemini.ts +59 -0
- package/src/shared/validation/schemas/keys.ts +144 -0
- package/src/shared/validation/schemas/misc.ts +203 -0
- package/src/shared/validation/schemas/payloadRules.ts +64 -0
- package/src/shared/validation/schemas/pricing.ts +40 -0
- package/src/shared/validation/schemas/provider.ts +430 -0
- package/src/shared/validation/schemas/proxy.ts +243 -0
- package/src/shared/validation/schemas/routing.ts +88 -0
- package/src/shared/validation/schemas/settings.ts +267 -0
- package/src/shared/validation/schemas/translator.ts +44 -0
- package/src/shared/validation/schemas.ts +18 -0
- package/src/shared/validation/settingsSchemas.ts +396 -0
- package/src/sse/handlers/chat.ts +1750 -0
- package/src/sse/handlers/chatHelpers.ts +859 -0
- package/src/sse/handlers/requestBody.ts +24 -0
- package/src/sse/handlers/resolveRoutingModel.ts +17 -0
- package/src/sse/services/auth.ts +2446 -0
- package/src/sse/services/cooldownAwareRetry.ts +162 -0
- package/src/sse/services/model.ts +254 -0
- package/src/sse/services/noAuthProviderSettings.ts +18 -0
- package/src/sse/services/noAuthProxyResolution.ts +111 -0
- package/src/sse/services/sessionAffinityPin.ts +247 -0
- package/src/sse/services/streamState.ts +218 -0
- package/src/sse/services/tokenRefresh.ts +275 -0
- package/src/sse/utils/logger.ts +37 -0
- package/src/types/databaseSettings.ts +124 -0
- package/src/types/global.d.ts +122 -0
- package/src/types/index.ts +10 -0
- package/src/types/provider.ts +9 -0
- package/src/types/sqljs.d.ts +32 -0
|
@@ -0,0 +1,1492 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* db/apiKeys.js — API key management.
|
|
3
|
+
*/
|
|
4
|
+
|
|
5
|
+
import { createHash } from "crypto";
|
|
6
|
+
import { v4 as uuidv4 } from "uuid";
|
|
7
|
+
import { getDbInstance, rowToCamel } from "./core";
|
|
8
|
+
import { backupDbFile } from "./backup";
|
|
9
|
+
import { registerDbStateResetter } from "./stateReset";
|
|
10
|
+
import { getKeyGroupsForApiKey, checkKeyModelAccess } from "./apiKeyGroups";
|
|
11
|
+
import { API_KEY_COLUMN_FALLBACKS } from "./apiKeyColumnFallbacks";
|
|
12
|
+
import {
|
|
13
|
+
appendUsageLimitUpdates,
|
|
14
|
+
hasUsageLimitUpdate,
|
|
15
|
+
parseApiKeyUsageLimitFields,
|
|
16
|
+
} from "./apiKeyUsageLimitFields";
|
|
17
|
+
import { setNoLog } from "../compliance/noLog";
|
|
18
|
+
import { resolveModelAlias } from "@omniroute/open-sse/services/modelDeprecation.ts";
|
|
19
|
+
import { getSyncedAvailableModelsByConnection, getCustomModels, getModelIsHidden } from "./models";
|
|
20
|
+
import {
|
|
21
|
+
CLAUDE_CODE_PROVIDER_PREFIXES,
|
|
22
|
+
preferClaudeCodeForUnprefixedClaudeModels,
|
|
23
|
+
stripExtendedContextSuffix,
|
|
24
|
+
isPotentialUnprefixedClaudeCodeModel,
|
|
25
|
+
addModelCandidate,
|
|
26
|
+
modelPatternMatches,
|
|
27
|
+
hasClaudeCodeWildcardPermission,
|
|
28
|
+
matchesWildcardPattern,
|
|
29
|
+
} from "./apiKeys/modelPermissions";
|
|
30
|
+
import {
|
|
31
|
+
parseAllowedModels,
|
|
32
|
+
parseAllowedCombos,
|
|
33
|
+
parseNoLog,
|
|
34
|
+
parseAutoResolve,
|
|
35
|
+
parseDisableNonPublicModels,
|
|
36
|
+
parseAllowUsageCommand,
|
|
37
|
+
parseIsActive,
|
|
38
|
+
parseAccessSchedule,
|
|
39
|
+
parseRateLimits,
|
|
40
|
+
parseAllowedConnections,
|
|
41
|
+
parseAllowedQuotas,
|
|
42
|
+
parseStringList,
|
|
43
|
+
parseNullableTimestamp,
|
|
44
|
+
parseIsBanned,
|
|
45
|
+
parseStreamDefaultMode,
|
|
46
|
+
} from "./apiKeys/rowParsers";
|
|
47
|
+
import type { AccessSchedule, RateLimitRule } from "./apiKeys/types";
|
|
48
|
+
|
|
49
|
+
// ──────────────── Performance Optimizations ────────────────
|
|
50
|
+
|
|
51
|
+
// Schema check memoization - only run once
|
|
52
|
+
let _schemaChecked = false;
|
|
53
|
+
|
|
54
|
+
type JsonRecord = Record<string, unknown>;
|
|
55
|
+
|
|
56
|
+
interface CacheEntry<TValue> {
|
|
57
|
+
timestamp: number;
|
|
58
|
+
value: TValue;
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
// Re-exported for the historical public surface (moved to ./apiKeys/types).
|
|
62
|
+
export type { AccessSchedule, RateLimitRule } from "./apiKeys/types";
|
|
63
|
+
|
|
64
|
+
interface ApiKeyMetadata {
|
|
65
|
+
id: string;
|
|
66
|
+
name: string;
|
|
67
|
+
machineId: string | null;
|
|
68
|
+
allowedModels: string[];
|
|
69
|
+
blockedModels: string[];
|
|
70
|
+
allowedCombos: string[];
|
|
71
|
+
allowedConnections: string[];
|
|
72
|
+
allowedQuotas: string[];
|
|
73
|
+
noLog: boolean;
|
|
74
|
+
autoResolve: boolean;
|
|
75
|
+
isActive: boolean;
|
|
76
|
+
accessSchedule: AccessSchedule | null;
|
|
77
|
+
maxRequestsPerDay: number | null;
|
|
78
|
+
maxRequestsPerMinute: number | null;
|
|
79
|
+
throttleDelayMs: number | null;
|
|
80
|
+
rateLimits: RateLimitRule[] | null;
|
|
81
|
+
// T08: Per-key max concurrent sticky sessions (0 = unlimited)
|
|
82
|
+
maxSessions: number;
|
|
83
|
+
// Phase 3 lifecycle/policy fields
|
|
84
|
+
revokedAt: string | null;
|
|
85
|
+
expiresAt: string | null;
|
|
86
|
+
ipAllowlist: string[];
|
|
87
|
+
scopes: string[];
|
|
88
|
+
isBanned: boolean;
|
|
89
|
+
keyHash: string | null;
|
|
90
|
+
proxyId: string | null;
|
|
91
|
+
allowedEndpoints: string[];
|
|
92
|
+
streamDefaultMode: "legacy" | "json";
|
|
93
|
+
disableNonPublicModels: boolean;
|
|
94
|
+
allowUsageCommand: boolean;
|
|
95
|
+
usageLimitEnabled: boolean;
|
|
96
|
+
dailyUsageLimitUsd: number | null;
|
|
97
|
+
weeklyUsageLimitUsd: number | null;
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
interface ApiKeyRow extends JsonRecord {
|
|
101
|
+
id?: unknown;
|
|
102
|
+
name?: unknown;
|
|
103
|
+
key?: unknown;
|
|
104
|
+
machine_id?: unknown;
|
|
105
|
+
machineId?: unknown;
|
|
106
|
+
allowed_models?: unknown;
|
|
107
|
+
allowedModels?: unknown;
|
|
108
|
+
blocked_models?: unknown;
|
|
109
|
+
blockedModels?: unknown;
|
|
110
|
+
allowed_combos?: unknown;
|
|
111
|
+
allowedCombos?: unknown;
|
|
112
|
+
allowed_connections?: unknown;
|
|
113
|
+
allowedConnections?: unknown;
|
|
114
|
+
allowed_quotas?: unknown;
|
|
115
|
+
allowedQuotas?: unknown;
|
|
116
|
+
no_log?: unknown;
|
|
117
|
+
noLog?: unknown;
|
|
118
|
+
auto_resolve?: unknown;
|
|
119
|
+
autoResolve?: unknown;
|
|
120
|
+
is_active?: unknown;
|
|
121
|
+
isActive?: unknown;
|
|
122
|
+
access_schedule?: unknown;
|
|
123
|
+
accessSchedule?: unknown;
|
|
124
|
+
rate_limits?: unknown;
|
|
125
|
+
rateLimits?: unknown;
|
|
126
|
+
proxy_id?: unknown;
|
|
127
|
+
stream_default_mode?: unknown;
|
|
128
|
+
streamDefaultMode?: unknown;
|
|
129
|
+
allow_usage_command?: unknown;
|
|
130
|
+
allowUsageCommand?: unknown;
|
|
131
|
+
usage_limit_enabled?: unknown;
|
|
132
|
+
usageLimitEnabled?: unknown;
|
|
133
|
+
daily_usage_limit_usd?: unknown;
|
|
134
|
+
dailyUsageLimitUsd?: unknown;
|
|
135
|
+
weekly_usage_limit_usd?: unknown;
|
|
136
|
+
weeklyUsageLimitUsd?: unknown;
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
interface StatementLike<TRow = unknown> {
|
|
140
|
+
all: (...params: unknown[]) => TRow[];
|
|
141
|
+
get: (...params: unknown[]) => TRow | undefined;
|
|
142
|
+
run: (...params: unknown[]) => { changes?: number };
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
interface ApiKeysDbLike {
|
|
146
|
+
prepare: <TRow = unknown>(sql: string) => StatementLike<TRow>;
|
|
147
|
+
exec: (sql: string) => void;
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
interface ApiKeysStatements {
|
|
151
|
+
getAllKeys: StatementLike<ApiKeyRow>;
|
|
152
|
+
getKeyById: StatementLike<ApiKeyRow>;
|
|
153
|
+
validateKey: StatementLike<JsonRecord>;
|
|
154
|
+
getKeyMetadata: StatementLike<ApiKeyRow>;
|
|
155
|
+
insertKey: StatementLike;
|
|
156
|
+
deleteKey: StatementLike;
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
interface ApiKeyView extends JsonRecord {
|
|
160
|
+
id?: string;
|
|
161
|
+
allowedModels: string[];
|
|
162
|
+
blockedModels: string[];
|
|
163
|
+
allowedCombos: string[];
|
|
164
|
+
allowedConnections: string[];
|
|
165
|
+
allowedQuotas: string[];
|
|
166
|
+
noLog: boolean;
|
|
167
|
+
autoResolve: boolean;
|
|
168
|
+
isActive: boolean;
|
|
169
|
+
accessSchedule: AccessSchedule | null;
|
|
170
|
+
throttleDelayMs?: number | null;
|
|
171
|
+
rateLimits: RateLimitRule[] | null;
|
|
172
|
+
scopes: string[];
|
|
173
|
+
proxyId?: string | null;
|
|
174
|
+
isBanned?: boolean;
|
|
175
|
+
expiresAt?: string | null;
|
|
176
|
+
allowedEndpoints: string[];
|
|
177
|
+
streamDefaultMode: "legacy" | "json";
|
|
178
|
+
disableNonPublicModels?: boolean;
|
|
179
|
+
allowUsageCommand?: boolean;
|
|
180
|
+
usageLimitEnabled?: boolean;
|
|
181
|
+
dailyUsageLimitUsd?: number | null;
|
|
182
|
+
weeklyUsageLimitUsd?: number | null;
|
|
183
|
+
}
|
|
184
|
+
|
|
185
|
+
// LRU cache for API key validation (valid keys only)
|
|
186
|
+
const _keyValidationCache = new Map<string, { valid: boolean; timestamp: number }>();
|
|
187
|
+
const _keyMetadataCache = new Map<string, CacheEntry<ApiKeyMetadata>>();
|
|
188
|
+
const _lastUsedUpdateCache = new Map<string, number>();
|
|
189
|
+
const CACHE_TTL = 60 * 1000; // 1 minute TTL
|
|
190
|
+
const LAST_USED_UPDATE_TTL = 5 * 60 * 1000;
|
|
191
|
+
const MAX_CACHE_SIZE = 1000;
|
|
192
|
+
|
|
193
|
+
// Wildcard scope matching is now handled by `matchesWildcardPattern`
|
|
194
|
+
// (deterministic, no RegExp from dynamic strings).
|
|
195
|
+
|
|
196
|
+
// Cache for model permission checks
|
|
197
|
+
const _modelPermissionCache = new Map<string, { allowed: boolean; timestamp: number }>();
|
|
198
|
+
|
|
199
|
+
// Prepared statements cache
|
|
200
|
+
let _stmtGetAllKeys: ApiKeysStatements["getAllKeys"] | null = null;
|
|
201
|
+
let _stmtGetKeyById: ApiKeysStatements["getKeyById"] | null = null;
|
|
202
|
+
let _stmtValidateKey: ApiKeysStatements["validateKey"] | null = null;
|
|
203
|
+
let _stmtGetKeyMetadata: ApiKeysStatements["getKeyMetadata"] | null = null;
|
|
204
|
+
let _stmtInsertKey: ApiKeysStatements["insertKey"] | null = null;
|
|
205
|
+
let _stmtDeleteKey: ApiKeysStatements["deleteKey"] | null = null;
|
|
206
|
+
|
|
207
|
+
/**
|
|
208
|
+
* Clear all caches (called on key create/update/delete)
|
|
209
|
+
*/
|
|
210
|
+
function invalidateCaches() {
|
|
211
|
+
_keyValidationCache.clear();
|
|
212
|
+
_keyMetadataCache.clear();
|
|
213
|
+
_modelPermissionCache.clear();
|
|
214
|
+
_lastUsedUpdateCache.clear();
|
|
215
|
+
}
|
|
216
|
+
|
|
217
|
+
function toRecord(value: unknown): JsonRecord {
|
|
218
|
+
return value && typeof value === "object" ? (value as JsonRecord) : {};
|
|
219
|
+
}
|
|
220
|
+
|
|
221
|
+
function isConfiguredEnvApiKey(key: string): boolean {
|
|
222
|
+
const envKey = process.env.OMNIROUTE_API_KEY || process.env.ROUTER_API_KEY;
|
|
223
|
+
return Boolean(envKey && key === envKey);
|
|
224
|
+
}
|
|
225
|
+
|
|
226
|
+
function isRedisAuthCacheEnabled(): boolean {
|
|
227
|
+
return (
|
|
228
|
+
process.env.OMNIROUTE_DISABLE_REDIS_AUTH_CACHE !== "1" &&
|
|
229
|
+
process.env.NODE_ENV !== "test" &&
|
|
230
|
+
process.env.DISABLE_SQLITE_AUTO_BACKUP !== "true"
|
|
231
|
+
);
|
|
232
|
+
}
|
|
233
|
+
|
|
234
|
+
async function deleteRedisAuthCacheEntry(keyHash: unknown): Promise<void> {
|
|
235
|
+
if (!isRedisAuthCacheEnabled() || typeof keyHash !== "string" || keyHash.trim() === "") return;
|
|
236
|
+
|
|
237
|
+
try {
|
|
238
|
+
const { getRedisClient, isRedisConfigured } = await import("@/shared/utils/rateLimiter");
|
|
239
|
+
if (!isRedisConfigured()) return;
|
|
240
|
+
const redis = getRedisClient();
|
|
241
|
+
await redis.del(`auth:api_key:${keyHash}`);
|
|
242
|
+
} catch {
|
|
243
|
+
// Redis is an optimization for auth caching; SQLite remains authoritative.
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
|
|
247
|
+
async function deleteRedisAuthCacheEntries(...keyHashes: unknown[]): Promise<void> {
|
|
248
|
+
await Promise.all(keyHashes.map((keyHash) => deleteRedisAuthCacheEntry(keyHash)));
|
|
249
|
+
}
|
|
250
|
+
|
|
251
|
+
async function deleteRedisAuthCacheForKeyId(db: ApiKeysDbLike, id: string): Promise<void> {
|
|
252
|
+
if (!isRedisAuthCacheEnabled()) return;
|
|
253
|
+
|
|
254
|
+
const row = db
|
|
255
|
+
.prepare<{ key_hash: string | null }>("SELECT key_hash FROM api_keys WHERE id = ?")
|
|
256
|
+
.get(id);
|
|
257
|
+
await deleteRedisAuthCacheEntry(row?.key_hash);
|
|
258
|
+
}
|
|
259
|
+
|
|
260
|
+
function markApiKeyUsed(db: ApiKeysDbLike, id: unknown, now: number): void {
|
|
261
|
+
if (typeof id !== "string" || id.trim() === "") return;
|
|
262
|
+
|
|
263
|
+
const lastUpdate = _lastUsedUpdateCache.get(id);
|
|
264
|
+
if (lastUpdate && now - lastUpdate < LAST_USED_UPDATE_TTL) return;
|
|
265
|
+
|
|
266
|
+
db.prepare("UPDATE api_keys SET last_used_at = @lastUsedAt WHERE id = @id").run({
|
|
267
|
+
id,
|
|
268
|
+
lastUsedAt: new Date(now).toISOString(),
|
|
269
|
+
});
|
|
270
|
+
_lastUsedUpdateCache.set(id, now);
|
|
271
|
+
}
|
|
272
|
+
|
|
273
|
+
/**
|
|
274
|
+
* LRU eviction for cache
|
|
275
|
+
*/
|
|
276
|
+
function evictIfNeeded<TKey, TValue>(cache: Map<TKey, TValue>) {
|
|
277
|
+
if (cache.size > MAX_CACHE_SIZE) {
|
|
278
|
+
// Remove oldest 20% of entries
|
|
279
|
+
const entriesToRemove = Math.floor(MAX_CACHE_SIZE * 0.2);
|
|
280
|
+
let i = 0;
|
|
281
|
+
for (const key of cache.keys()) {
|
|
282
|
+
if (i++ >= entriesToRemove) break;
|
|
283
|
+
cache.delete(key);
|
|
284
|
+
}
|
|
285
|
+
}
|
|
286
|
+
}
|
|
287
|
+
|
|
288
|
+
async function getModelPermissionCandidates(modelId: string): Promise<string[]> {
|
|
289
|
+
const candidates = new Set<string>();
|
|
290
|
+
addModelCandidate(candidates, modelId);
|
|
291
|
+
|
|
292
|
+
const cleanModelId = stripExtendedContextSuffix(modelId.trim());
|
|
293
|
+
if (!cleanModelId) return Array.from(candidates);
|
|
294
|
+
|
|
295
|
+
if (cleanModelId.includes("/")) {
|
|
296
|
+
const firstSlash = cleanModelId.indexOf("/");
|
|
297
|
+
const providerOrAlias = cleanModelId.slice(0, firstSlash);
|
|
298
|
+
const providerScopedModel = cleanModelId.slice(firstSlash + 1);
|
|
299
|
+
if (CLAUDE_CODE_PROVIDER_PREFIXES.has(providerOrAlias) && providerScopedModel) {
|
|
300
|
+
addModelCandidate(candidates, providerScopedModel);
|
|
301
|
+
addModelCandidate(candidates, `cc/${providerScopedModel}`);
|
|
302
|
+
addModelCandidate(candidates, `claude/${providerScopedModel}`);
|
|
303
|
+
}
|
|
304
|
+
return Array.from(candidates);
|
|
305
|
+
}
|
|
306
|
+
|
|
307
|
+
if (
|
|
308
|
+
isPotentialUnprefixedClaudeCodeModel(cleanModelId) &&
|
|
309
|
+
(await preferClaudeCodeForUnprefixedClaudeModels())
|
|
310
|
+
) {
|
|
311
|
+
addModelCandidate(candidates, `cc/${cleanModelId}`);
|
|
312
|
+
addModelCandidate(candidates, `claude/${cleanModelId}`);
|
|
313
|
+
}
|
|
314
|
+
|
|
315
|
+
return Array.from(candidates);
|
|
316
|
+
}
|
|
317
|
+
|
|
318
|
+
async function getPublishedModelLookupTarget(
|
|
319
|
+
modelId: string
|
|
320
|
+
): Promise<{ providerId: string; modelId: string } | null> {
|
|
321
|
+
const cleanModelId = stripExtendedContextSuffix(modelId.trim());
|
|
322
|
+
if (!cleanModelId) return null;
|
|
323
|
+
|
|
324
|
+
if (cleanModelId.includes("/")) {
|
|
325
|
+
const firstSlash = cleanModelId.indexOf("/");
|
|
326
|
+
const providerOrAlias = cleanModelId.slice(0, firstSlash);
|
|
327
|
+
const providerScopedModel = cleanModelId.slice(firstSlash + 1);
|
|
328
|
+
if (!providerScopedModel) return null;
|
|
329
|
+
const providerId = CLAUDE_CODE_PROVIDER_PREFIXES.has(providerOrAlias)
|
|
330
|
+
? "claude"
|
|
331
|
+
: providerOrAlias;
|
|
332
|
+
return { providerId, modelId: providerScopedModel };
|
|
333
|
+
}
|
|
334
|
+
|
|
335
|
+
if (
|
|
336
|
+
isPotentialUnprefixedClaudeCodeModel(cleanModelId) &&
|
|
337
|
+
(await preferClaudeCodeForUnprefixedClaudeModels())
|
|
338
|
+
) {
|
|
339
|
+
return { providerId: "claude", modelId: cleanModelId };
|
|
340
|
+
}
|
|
341
|
+
|
|
342
|
+
return null;
|
|
343
|
+
}
|
|
344
|
+
|
|
345
|
+
function ensureApiKeyColumn(
|
|
346
|
+
db: ApiKeysDbLike,
|
|
347
|
+
columnNames: Set<string>,
|
|
348
|
+
column: (typeof API_KEY_COLUMN_FALLBACKS)[number]
|
|
349
|
+
): void {
|
|
350
|
+
if (columnNames.has(column.name)) return;
|
|
351
|
+
db.exec(`ALTER TABLE api_keys ADD COLUMN ${column.definition}`);
|
|
352
|
+
console.log(`[DB] Added api_keys.${column.name} column`);
|
|
353
|
+
}
|
|
354
|
+
|
|
355
|
+
// Ensure api_keys extension columns exist (memoized)
|
|
356
|
+
function ensureApiKeysColumns(db: ApiKeysDbLike) {
|
|
357
|
+
if (_schemaChecked) return;
|
|
358
|
+
|
|
359
|
+
try {
|
|
360
|
+
const columns = db.prepare<ApiKeyRow>("PRAGMA table_info(api_keys)").all();
|
|
361
|
+
const columnNames = new Set(columns.map((column) => String(column.name ?? "")));
|
|
362
|
+
for (const column of API_KEY_COLUMN_FALLBACKS) {
|
|
363
|
+
ensureApiKeyColumn(db, columnNames, column);
|
|
364
|
+
}
|
|
365
|
+
_schemaChecked = true;
|
|
366
|
+
} catch (error) {
|
|
367
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
368
|
+
console.warn("[DB] Failed to verify api_keys schema:", message);
|
|
369
|
+
}
|
|
370
|
+
}
|
|
371
|
+
|
|
372
|
+
/**
|
|
373
|
+
* Initialize prepared statements (lazy initialization)
|
|
374
|
+
* Re-creates statements if the underlying DB connection changed (HMR, backup restore).
|
|
375
|
+
*/
|
|
376
|
+
let _stmtDb: ApiKeysDbLike | null = null;
|
|
377
|
+
function getPreparedStatements(db: ApiKeysDbLike): ApiKeysStatements {
|
|
378
|
+
ensureApiKeysColumns(db);
|
|
379
|
+
|
|
380
|
+
if (
|
|
381
|
+
!_stmtGetAllKeys ||
|
|
382
|
+
!_stmtGetKeyById ||
|
|
383
|
+
!_stmtValidateKey ||
|
|
384
|
+
!_stmtGetKeyMetadata ||
|
|
385
|
+
!_stmtInsertKey ||
|
|
386
|
+
!_stmtDeleteKey ||
|
|
387
|
+
_stmtDb !== db
|
|
388
|
+
) {
|
|
389
|
+
_stmtDb = db;
|
|
390
|
+
_stmtGetAllKeys = db.prepare<ApiKeyRow>("SELECT * FROM api_keys ORDER BY created_at");
|
|
391
|
+
_stmtGetKeyById = db.prepare<ApiKeyRow>("SELECT * FROM api_keys WHERE id = ?");
|
|
392
|
+
_stmtValidateKey = db.prepare<JsonRecord>(
|
|
393
|
+
"SELECT id, expires_at, revoked_at, is_active, is_banned FROM api_keys WHERE key = ? OR key_hash = ?"
|
|
394
|
+
);
|
|
395
|
+
_stmtGetKeyMetadata = db.prepare<ApiKeyRow>(
|
|
396
|
+
"SELECT id, name, machine_id, allowed_models, blocked_models, allowed_combos, allowed_connections, allowed_quotas, no_log, auto_resolve, is_active, access_schedule, max_requests_per_day, max_requests_per_minute, throttle_delay_ms, max_sessions, revoked_at, expires_at, ip_allowlist, scopes, rate_limits, is_banned, key_hash, allowed_endpoints, stream_default_mode, disable_non_public_models, allow_usage_command, usage_limit_enabled, daily_usage_limit_usd, weekly_usage_limit_usd, proxy_id FROM api_keys WHERE key = ? OR key_hash = ?"
|
|
397
|
+
);
|
|
398
|
+
_stmtInsertKey = db.prepare(
|
|
399
|
+
"INSERT INTO api_keys (id, name, key, machine_id, allowed_models, no_log, created_at, key_prefix, key_hash, scopes) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
|
|
400
|
+
);
|
|
401
|
+
_stmtDeleteKey = db.prepare("DELETE FROM api_keys WHERE id = ?");
|
|
402
|
+
}
|
|
403
|
+
|
|
404
|
+
if (
|
|
405
|
+
!_stmtGetAllKeys ||
|
|
406
|
+
!_stmtGetKeyById ||
|
|
407
|
+
!_stmtValidateKey ||
|
|
408
|
+
!_stmtGetKeyMetadata ||
|
|
409
|
+
!_stmtInsertKey ||
|
|
410
|
+
!_stmtDeleteKey
|
|
411
|
+
) {
|
|
412
|
+
throw new Error("Failed to initialize API key prepared statements");
|
|
413
|
+
}
|
|
414
|
+
|
|
415
|
+
return {
|
|
416
|
+
getAllKeys: _stmtGetAllKeys,
|
|
417
|
+
getKeyById: _stmtGetKeyById,
|
|
418
|
+
validateKey: _stmtValidateKey,
|
|
419
|
+
getKeyMetadata: _stmtGetKeyMetadata,
|
|
420
|
+
insertKey: _stmtInsertKey,
|
|
421
|
+
deleteKey: _stmtDeleteKey,
|
|
422
|
+
};
|
|
423
|
+
}
|
|
424
|
+
|
|
425
|
+
export async function getApiKeys() {
|
|
426
|
+
const db = getDbInstance() as ApiKeysDbLike;
|
|
427
|
+
const stmt = getPreparedStatements(db);
|
|
428
|
+
const rows = stmt.getAllKeys.all();
|
|
429
|
+
return rows.map((row) => {
|
|
430
|
+
const camelRow = toRecord(rowToCamel(row)) as ApiKeyView;
|
|
431
|
+
camelRow.allowedModels = parseAllowedModels(camelRow.allowedModels);
|
|
432
|
+
camelRow.blockedModels = parseAllowedModels(camelRow.blockedModels);
|
|
433
|
+
camelRow.allowedCombos = parseAllowedCombos(camelRow.allowedCombos);
|
|
434
|
+
camelRow.allowedConnections = parseAllowedConnections(camelRow.allowedConnections);
|
|
435
|
+
camelRow.allowedQuotas = parseAllowedQuotas((camelRow as JsonRecord).allowedQuotas);
|
|
436
|
+
camelRow.noLog = parseNoLog(camelRow.noLog);
|
|
437
|
+
camelRow.autoResolve = parseAutoResolve(camelRow.autoResolve);
|
|
438
|
+
camelRow.isActive = parseIsActive(camelRow.isActive);
|
|
439
|
+
camelRow.accessSchedule = parseAccessSchedule(camelRow.accessSchedule);
|
|
440
|
+
camelRow.rateLimits = parseRateLimits(camelRow.rateLimits);
|
|
441
|
+
camelRow.isBanned = parseIsBanned(camelRow.isBanned);
|
|
442
|
+
camelRow.scopes = parseStringList((camelRow as JsonRecord).scopes);
|
|
443
|
+
camelRow.allowedEndpoints = parseStringList((camelRow as JsonRecord).allowedEndpoints);
|
|
444
|
+
camelRow.streamDefaultMode = parseStreamDefaultMode((camelRow as JsonRecord).streamDefaultMode);
|
|
445
|
+
camelRow.disableNonPublicModels = parseDisableNonPublicModels(
|
|
446
|
+
(camelRow as JsonRecord).disableNonPublicModels
|
|
447
|
+
);
|
|
448
|
+
camelRow.allowUsageCommand = parseAllowUsageCommand((camelRow as JsonRecord).allowUsageCommand);
|
|
449
|
+
Object.assign(camelRow, parseApiKeyUsageLimitFields(camelRow));
|
|
450
|
+
if (typeof camelRow.id === "string" && camelRow.id.length > 0) {
|
|
451
|
+
setNoLog(camelRow.id, camelRow.noLog === true);
|
|
452
|
+
}
|
|
453
|
+
return camelRow;
|
|
454
|
+
});
|
|
455
|
+
}
|
|
456
|
+
|
|
457
|
+
/**
|
|
458
|
+
* Select an API key for internal OmniRoute operations (combo health checks,
|
|
459
|
+
* cloud-sync verify pings, etc.).
|
|
460
|
+
*
|
|
461
|
+
* Naive selection of `getApiKeys()[0]` is unsafe because the first row is
|
|
462
|
+
* whatever happened to be inserted first — usually a regular `self:usage`
|
|
463
|
+
* key with a restricted model allowlist. Internal probes that reuse that
|
|
464
|
+
* key to call `/v1/chat/completions` then hit
|
|
465
|
+
* Model "X" is not allowed for this API key
|
|
466
|
+
* from `shared/utils/apiKeyPolicy.ts` even when the upstream combo path is
|
|
467
|
+
* healthy. Likewise, cloud-sync verify pings flip to "disconnected"
|
|
468
|
+
* because the arbitrary key is rejected upstream.
|
|
469
|
+
*
|
|
470
|
+
* Selection rules (first match wins):
|
|
471
|
+
* 1. Active, non-revoked key whose `scopes` includes "manage"
|
|
472
|
+
* (management keys are by policy not subject to model allowlists).
|
|
473
|
+
* 2. Active, non-revoked key with empty allowedModels (allow-all).
|
|
474
|
+
* 3. Active, non-revoked key with the most recent `lastUsedAt`.
|
|
475
|
+
* 4. First active, non-revoked key (legacy fallback — preserves prior
|
|
476
|
+
* behavior when no key matches the better rules above).
|
|
477
|
+
*
|
|
478
|
+
* The selector is deliberately conservative: it never promotes a revoked,
|
|
479
|
+
* inactive, or banned key, and it never widens a key's allowedModels.
|
|
480
|
+
*/
|
|
481
|
+
export async function pickApiKeyForInternalUse(
|
|
482
|
+
purpose:
|
|
483
|
+
| "combo-health-check"
|
|
484
|
+
| "cloud-sync-verify"
|
|
485
|
+
| "internal-probe" = "internal-probe"
|
|
486
|
+
): Promise<string | null> {
|
|
487
|
+
try {
|
|
488
|
+
const keys = (await getApiKeys()) as Array<{
|
|
489
|
+
key?: string;
|
|
490
|
+
isActive?: boolean;
|
|
491
|
+
revokedAt?: string | null;
|
|
492
|
+
isBanned?: boolean;
|
|
493
|
+
scopes?: string[];
|
|
494
|
+
allowedModels?: string[];
|
|
495
|
+
lastUsedAt?: string | number | null;
|
|
496
|
+
}>;
|
|
497
|
+
|
|
498
|
+
const isUsable = (k: (typeof keys)[number]) =>
|
|
499
|
+
Boolean(k.key) && k.isActive !== false && !k.revokedAt && k.isBanned !== true;
|
|
500
|
+
|
|
501
|
+
// 1. Management-scoped key (preferred for any internal probe).
|
|
502
|
+
const manageKey = keys.find(
|
|
503
|
+
(k) =>
|
|
504
|
+
isUsable(k) && Array.isArray(k.scopes) && k.scopes.includes("manage"),
|
|
505
|
+
);
|
|
506
|
+
if (manageKey?.key) return manageKey.key;
|
|
507
|
+
|
|
508
|
+
// 2. Allow-all key (empty allowedModels means no model restrictions).
|
|
509
|
+
const allowAllKey = keys.find(
|
|
510
|
+
(k) =>
|
|
511
|
+
isUsable(k) &&
|
|
512
|
+
Array.isArray(k.allowedModels) &&
|
|
513
|
+
k.allowedModels.length === 0,
|
|
514
|
+
);
|
|
515
|
+
if (allowAllKey?.key) return allowAllKey.key;
|
|
516
|
+
|
|
517
|
+
// 3. Most recently used (proxy for "the user actually wants this one
|
|
518
|
+
// working right now").
|
|
519
|
+
const byRecency = [...keys]
|
|
520
|
+
.filter(isUsable)
|
|
521
|
+
.sort((a, b) => {
|
|
522
|
+
const aT = typeof a.lastUsedAt === "number" ? a.lastUsedAt : 0;
|
|
523
|
+
const bT = typeof b.lastUsedAt === "number" ? b.lastUsedAt : 0;
|
|
524
|
+
return bT - aT;
|
|
525
|
+
});
|
|
526
|
+
if (byRecency[0]?.key) return byRecency[0].key;
|
|
527
|
+
|
|
528
|
+
// 4. Legacy fallback: first active key. Keeps the function working
|
|
529
|
+
// for setups with no managed/allow-all/recently-used key.
|
|
530
|
+
const firstActive = keys.find(isUsable);
|
|
531
|
+
return firstActive?.key ?? null;
|
|
532
|
+
} catch {
|
|
533
|
+
return null;
|
|
534
|
+
}
|
|
535
|
+
}
|
|
536
|
+
|
|
537
|
+
export async function getApiKeyById(id: string) {
|
|
538
|
+
const db = getDbInstance() as ApiKeysDbLike;
|
|
539
|
+
const stmt = getPreparedStatements(db);
|
|
540
|
+
const row = stmt.getKeyById.get(id);
|
|
541
|
+
if (!row) return null;
|
|
542
|
+
const camelRow = toRecord(rowToCamel(row)) as ApiKeyView;
|
|
543
|
+
camelRow.allowedModels = parseAllowedModels(camelRow.allowedModels);
|
|
544
|
+
camelRow.blockedModels = parseAllowedModels(camelRow.blockedModels);
|
|
545
|
+
camelRow.allowedCombos = parseAllowedCombos(camelRow.allowedCombos);
|
|
546
|
+
camelRow.allowedConnections = parseAllowedConnections(camelRow.allowedConnections);
|
|
547
|
+
camelRow.allowedQuotas = parseAllowedQuotas((camelRow as JsonRecord).allowedQuotas);
|
|
548
|
+
camelRow.noLog = parseNoLog(camelRow.noLog);
|
|
549
|
+
camelRow.autoResolve = parseAutoResolve(camelRow.autoResolve);
|
|
550
|
+
camelRow.isActive = parseIsActive(camelRow.isActive);
|
|
551
|
+
camelRow.accessSchedule = parseAccessSchedule(camelRow.accessSchedule);
|
|
552
|
+
camelRow.rateLimits = parseRateLimits(camelRow.rateLimits);
|
|
553
|
+
camelRow.isBanned = parseIsBanned(camelRow.isBanned);
|
|
554
|
+
camelRow.scopes = parseStringList((camelRow as JsonRecord).scopes);
|
|
555
|
+
camelRow.allowedEndpoints = parseStringList((camelRow as JsonRecord).allowedEndpoints);
|
|
556
|
+
camelRow.streamDefaultMode = parseStreamDefaultMode((camelRow as JsonRecord).streamDefaultMode);
|
|
557
|
+
camelRow.disableNonPublicModels = parseDisableNonPublicModels(
|
|
558
|
+
(camelRow as JsonRecord).disableNonPublicModels
|
|
559
|
+
);
|
|
560
|
+
camelRow.allowUsageCommand = parseAllowUsageCommand((camelRow as JsonRecord).allowUsageCommand);
|
|
561
|
+
Object.assign(camelRow, parseApiKeyUsageLimitFields(camelRow));
|
|
562
|
+
if (typeof camelRow.id === "string" && camelRow.id.length > 0) {
|
|
563
|
+
setNoLog(camelRow.id, camelRow.noLog === true);
|
|
564
|
+
}
|
|
565
|
+
return camelRow;
|
|
566
|
+
}
|
|
567
|
+
|
|
568
|
+
async function hashKey(key: string): Promise<string> {
|
|
569
|
+
if (!key || typeof key !== "string") return "";
|
|
570
|
+
// CodeQL: This is intentionally SHA-256, NOT password hashing. API keys are
|
|
571
|
+
// high-entropy random tokens (not user-chosen passwords) and need fast O(1)
|
|
572
|
+
// comparison for per-request validation. bcrypt/scrypt would add ~100ms per
|
|
573
|
+
// request, which is unacceptable for an API proxy.
|
|
574
|
+
// lgtm[js/insufficient-password-hash]
|
|
575
|
+
return createHash("sha256").update(key).digest("hex"); // nosemgrep: insufficient-password-hash
|
|
576
|
+
}
|
|
577
|
+
|
|
578
|
+
export async function createApiKey(name: string, machineId: string, scopes: string[] = []) {
|
|
579
|
+
if (!machineId) {
|
|
580
|
+
throw new Error("machineId is required");
|
|
581
|
+
}
|
|
582
|
+
|
|
583
|
+
const db = getDbInstance() as ApiKeysDbLike;
|
|
584
|
+
const now = new Date().toISOString();
|
|
585
|
+
|
|
586
|
+
const { generateApiKeyWithMachine } = await import("@/shared/utils/apiKey");
|
|
587
|
+
const result = generateApiKeyWithMachine(machineId);
|
|
588
|
+
|
|
589
|
+
const apiKey = {
|
|
590
|
+
id: uuidv4(),
|
|
591
|
+
name: name,
|
|
592
|
+
key: result.key,
|
|
593
|
+
machineId: machineId,
|
|
594
|
+
allowedModels: [], // Empty array means all models allowed
|
|
595
|
+
allowedCombos: [], // Empty array means no explicit combo restriction
|
|
596
|
+
allowedConnections: [], // Empty array means all connections allowed
|
|
597
|
+
noLog: false,
|
|
598
|
+
allowUsageCommand: false,
|
|
599
|
+
createdAt: now,
|
|
600
|
+
scopes,
|
|
601
|
+
};
|
|
602
|
+
|
|
603
|
+
const stmt = getPreparedStatements(db);
|
|
604
|
+
stmt.insertKey.run(
|
|
605
|
+
apiKey.id,
|
|
606
|
+
apiKey.name,
|
|
607
|
+
apiKey.key,
|
|
608
|
+
apiKey.machineId,
|
|
609
|
+
"[]",
|
|
610
|
+
0,
|
|
611
|
+
apiKey.createdAt,
|
|
612
|
+
apiKey.key.slice(0, 12),
|
|
613
|
+
await hashKey(apiKey.key),
|
|
614
|
+
JSON.stringify(scopes)
|
|
615
|
+
);
|
|
616
|
+
setNoLog(apiKey.id, false);
|
|
617
|
+
|
|
618
|
+
backupDbFile("pre-write");
|
|
619
|
+
return apiKey;
|
|
620
|
+
}
|
|
621
|
+
|
|
622
|
+
export async function regenerateApiKey(id: string) {
|
|
623
|
+
const db = getDbInstance() as ApiKeysDbLike;
|
|
624
|
+
const stmt = getPreparedStatements(db);
|
|
625
|
+
const row = stmt.getKeyById.get(id) as ApiKeyRow | undefined;
|
|
626
|
+
if (!row) return null;
|
|
627
|
+
|
|
628
|
+
const { generateApiKeyWithMachine } = await import("@/shared/utils/apiKey");
|
|
629
|
+
const machineId = (row.machine_id || row.machineId || "0000000000000000") as string;
|
|
630
|
+
const { key: newKey } = generateApiKeyWithMachine(machineId);
|
|
631
|
+
const newHash = await hashKey(newKey);
|
|
632
|
+
const newPrefix = newKey.slice(0, 12);
|
|
633
|
+
|
|
634
|
+
// Update in DB
|
|
635
|
+
const updateStmt = db.prepare(
|
|
636
|
+
"UPDATE api_keys SET key = ?, key_hash = ?, key_prefix = ? WHERE id = ?"
|
|
637
|
+
);
|
|
638
|
+
updateStmt.run(newKey, newHash, newPrefix, id);
|
|
639
|
+
|
|
640
|
+
// Invalidate all caches
|
|
641
|
+
clearApiKeyCaches();
|
|
642
|
+
|
|
643
|
+
await deleteRedisAuthCacheEntries(row.key_hash, newHash);
|
|
644
|
+
|
|
645
|
+
const { logAuditEvent } = await import("@/lib/compliance");
|
|
646
|
+
logAuditEvent({
|
|
647
|
+
action: "apiKey.regenerate",
|
|
648
|
+
target: id,
|
|
649
|
+
details: { name: String(row.name || "") },
|
|
650
|
+
});
|
|
651
|
+
|
|
652
|
+
return { id, key: newKey };
|
|
653
|
+
}
|
|
654
|
+
|
|
655
|
+
export async function updateApiKeyPermissions(
|
|
656
|
+
id: string,
|
|
657
|
+
update:
|
|
658
|
+
| string[]
|
|
659
|
+
| {
|
|
660
|
+
name?: string;
|
|
661
|
+
allowedModels?: string[];
|
|
662
|
+
blockedModels?: string[];
|
|
663
|
+
allowedCombos?: string[];
|
|
664
|
+
allowedConnections?: string[];
|
|
665
|
+
allowedQuotas?: string[];
|
|
666
|
+
noLog?: boolean;
|
|
667
|
+
autoResolve?: boolean;
|
|
668
|
+
isActive?: boolean;
|
|
669
|
+
accessSchedule?: AccessSchedule | null;
|
|
670
|
+
maxRequestsPerDay?: number | null;
|
|
671
|
+
maxRequestsPerMinute?: number | null;
|
|
672
|
+
throttleDelayMs?: number | null;
|
|
673
|
+
rateLimits?: RateLimitRule[] | null;
|
|
674
|
+
isBanned?: boolean;
|
|
675
|
+
expiresAt?: string | null;
|
|
676
|
+
// T08: max concurrent sessions for this key (0 = unlimited)
|
|
677
|
+
maxSessions?: number | null;
|
|
678
|
+
scopes?: string[] | null;
|
|
679
|
+
proxyId?: string | null;
|
|
680
|
+
allowedEndpoints?: string[] | null;
|
|
681
|
+
streamDefaultMode?: "legacy" | "json" | null;
|
|
682
|
+
disableNonPublicModels?: boolean;
|
|
683
|
+
allowUsageCommand?: boolean;
|
|
684
|
+
usageLimitEnabled?: boolean;
|
|
685
|
+
dailyUsageLimitUsd?: number | null;
|
|
686
|
+
weeklyUsageLimitUsd?: number | null;
|
|
687
|
+
}
|
|
688
|
+
) {
|
|
689
|
+
const db = getDbInstance() as ApiKeysDbLike;
|
|
690
|
+
getPreparedStatements(db);
|
|
691
|
+
|
|
692
|
+
const normalized =
|
|
693
|
+
Array.isArray(update) || update === undefined
|
|
694
|
+
? { allowedModels: update || [] }
|
|
695
|
+
: {
|
|
696
|
+
name: update.name,
|
|
697
|
+
allowedModels: update.allowedModels,
|
|
698
|
+
blockedModels: update.blockedModels,
|
|
699
|
+
allowedCombos: update.allowedCombos,
|
|
700
|
+
allowedConnections: update.allowedConnections,
|
|
701
|
+
allowedQuotas: (update as { allowedQuotas?: string[] }).allowedQuotas,
|
|
702
|
+
noLog: update.noLog,
|
|
703
|
+
autoResolve: update.autoResolve,
|
|
704
|
+
isActive: update.isActive,
|
|
705
|
+
accessSchedule: update.accessSchedule,
|
|
706
|
+
maxRequestsPerDay: update.maxRequestsPerDay,
|
|
707
|
+
maxRequestsPerMinute: update.maxRequestsPerMinute,
|
|
708
|
+
throttleDelayMs: update.throttleDelayMs,
|
|
709
|
+
rateLimits: update.rateLimits,
|
|
710
|
+
isBanned: update.isBanned,
|
|
711
|
+
expiresAt: update.expiresAt,
|
|
712
|
+
maxSessions: (update as { maxSessions?: number | null }).maxSessions,
|
|
713
|
+
scopes: (update as { scopes?: string[] | null }).scopes,
|
|
714
|
+
proxyId: (update as { proxyId?: string | null }).proxyId,
|
|
715
|
+
allowedEndpoints: (update as { allowedEndpoints?: string[] | null }).allowedEndpoints,
|
|
716
|
+
streamDefaultMode: (update as { streamDefaultMode?: "legacy" | "json" | null })
|
|
717
|
+
.streamDefaultMode,
|
|
718
|
+
disableNonPublicModels: (update as { disableNonPublicModels?: boolean })
|
|
719
|
+
.disableNonPublicModels,
|
|
720
|
+
allowUsageCommand: (update as { allowUsageCommand?: boolean }).allowUsageCommand,
|
|
721
|
+
usageLimitEnabled: (update as { usageLimitEnabled?: boolean }).usageLimitEnabled,
|
|
722
|
+
dailyUsageLimitUsd: (update as { dailyUsageLimitUsd?: number | null }).dailyUsageLimitUsd,
|
|
723
|
+
weeklyUsageLimitUsd: (update as { weeklyUsageLimitUsd?: number | null })
|
|
724
|
+
.weeklyUsageLimitUsd,
|
|
725
|
+
};
|
|
726
|
+
|
|
727
|
+
if (
|
|
728
|
+
normalized.name === undefined &&
|
|
729
|
+
normalized.allowedModels === undefined &&
|
|
730
|
+
normalized.blockedModels === undefined &&
|
|
731
|
+
normalized.allowedCombos === undefined &&
|
|
732
|
+
normalized.allowedConnections === undefined &&
|
|
733
|
+
(normalized as Record<string, unknown>).allowedQuotas === undefined &&
|
|
734
|
+
normalized.noLog === undefined &&
|
|
735
|
+
normalized.autoResolve === undefined &&
|
|
736
|
+
normalized.isActive === undefined &&
|
|
737
|
+
normalized.accessSchedule === undefined &&
|
|
738
|
+
normalized.maxRequestsPerDay === undefined &&
|
|
739
|
+
normalized.maxRequestsPerMinute === undefined &&
|
|
740
|
+
normalized.throttleDelayMs === undefined &&
|
|
741
|
+
normalized.rateLimits === undefined &&
|
|
742
|
+
normalized.isBanned === undefined &&
|
|
743
|
+
normalized.expiresAt === undefined &&
|
|
744
|
+
(normalized as Record<string, unknown>).maxSessions === undefined &&
|
|
745
|
+
(normalized as Record<string, unknown>).scopes === undefined &&
|
|
746
|
+
(normalized as Record<string, unknown>).proxyId === undefined &&
|
|
747
|
+
(normalized as Record<string, unknown>).allowedEndpoints === undefined &&
|
|
748
|
+
(normalized as Record<string, unknown>).streamDefaultMode === undefined &&
|
|
749
|
+
normalized.disableNonPublicModels === undefined &&
|
|
750
|
+
normalized.allowUsageCommand === undefined &&
|
|
751
|
+
!hasUsageLimitUpdate(normalized as Record<string, unknown>)
|
|
752
|
+
) {
|
|
753
|
+
return false;
|
|
754
|
+
}
|
|
755
|
+
|
|
756
|
+
const updates: string[] = [];
|
|
757
|
+
const params: {
|
|
758
|
+
id: string;
|
|
759
|
+
name?: string;
|
|
760
|
+
allowedModels?: string;
|
|
761
|
+
blockedModels?: string;
|
|
762
|
+
allowedCombos?: string;
|
|
763
|
+
allowedConnections?: string;
|
|
764
|
+
allowedQuotas?: string;
|
|
765
|
+
noLog?: number;
|
|
766
|
+
autoResolve?: number;
|
|
767
|
+
isActive?: number;
|
|
768
|
+
accessSchedule?: string | null;
|
|
769
|
+
maxRequestsPerDay?: number | null;
|
|
770
|
+
maxRequestsPerMinute?: number | null;
|
|
771
|
+
throttleDelayMs?: number | null;
|
|
772
|
+
rateLimits?: string | null;
|
|
773
|
+
isBanned?: number;
|
|
774
|
+
maxSessions?: number;
|
|
775
|
+
expiresAt?: string | null;
|
|
776
|
+
scopes?: string;
|
|
777
|
+
proxyId?: string | null;
|
|
778
|
+
streamDefaultMode?: "legacy" | "json";
|
|
779
|
+
disableNonPublicModels?: number;
|
|
780
|
+
allowUsageCommand?: number;
|
|
781
|
+
usageLimitEnabled?: number;
|
|
782
|
+
dailyUsageLimitUsd?: number | null;
|
|
783
|
+
weeklyUsageLimitUsd?: number | null;
|
|
784
|
+
} = { id };
|
|
785
|
+
|
|
786
|
+
if (normalized.name !== undefined) {
|
|
787
|
+
updates.push("name = @name");
|
|
788
|
+
params.name = normalized.name;
|
|
789
|
+
}
|
|
790
|
+
|
|
791
|
+
if (normalized.allowedModels !== undefined) {
|
|
792
|
+
// Empty array means all models are allowed
|
|
793
|
+
updates.push("allowed_models = @allowedModels");
|
|
794
|
+
params.allowedModels = JSON.stringify(normalized.allowedModels || []);
|
|
795
|
+
}
|
|
796
|
+
|
|
797
|
+
if (normalized.blockedModels !== undefined) {
|
|
798
|
+
// Deny-list patterns always take precedence over allowed_models.
|
|
799
|
+
updates.push("blocked_models = @blockedModels");
|
|
800
|
+
params.blockedModels = JSON.stringify(normalized.blockedModels || []);
|
|
801
|
+
}
|
|
802
|
+
|
|
803
|
+
if (normalized.allowedCombos !== undefined) {
|
|
804
|
+
// Empty array means no explicit combo restriction; legacy allowed_models rules still apply.
|
|
805
|
+
updates.push("allowed_combos = @allowedCombos");
|
|
806
|
+
params.allowedCombos = JSON.stringify(normalized.allowedCombos || []);
|
|
807
|
+
}
|
|
808
|
+
|
|
809
|
+
if (normalized.allowedConnections !== undefined) {
|
|
810
|
+
// Empty array means all connections are allowed
|
|
811
|
+
updates.push("allowed_connections = @allowedConnections");
|
|
812
|
+
params.allowedConnections = JSON.stringify(normalized.allowedConnections || []);
|
|
813
|
+
}
|
|
814
|
+
|
|
815
|
+
const allowedQuotasUpdate = (normalized as Record<string, unknown>).allowedQuotas;
|
|
816
|
+
if (allowedQuotasUpdate !== undefined) {
|
|
817
|
+
// Empty array means no quota-pool restriction; non-empty restricts to listed pools
|
|
818
|
+
updates.push("allowed_quotas = @allowedQuotas");
|
|
819
|
+
const nextQuotas: string[] = Array.isArray(allowedQuotasUpdate)
|
|
820
|
+
? (allowedQuotasUpdate as unknown[]).filter((s): s is string => typeof s === "string")
|
|
821
|
+
: [];
|
|
822
|
+
params.allowedQuotas = JSON.stringify(nextQuotas);
|
|
823
|
+
}
|
|
824
|
+
|
|
825
|
+
if (normalized.noLog !== undefined) {
|
|
826
|
+
updates.push("no_log = @noLog");
|
|
827
|
+
params.noLog = normalized.noLog ? 1 : 0;
|
|
828
|
+
}
|
|
829
|
+
|
|
830
|
+
if (normalized.autoResolve !== undefined) {
|
|
831
|
+
updates.push("auto_resolve = @autoResolve");
|
|
832
|
+
params.autoResolve = normalized.autoResolve ? 1 : 0;
|
|
833
|
+
}
|
|
834
|
+
|
|
835
|
+
if (normalized.isActive !== undefined) {
|
|
836
|
+
updates.push("is_active = @isActive");
|
|
837
|
+
params.isActive = normalized.isActive ? 1 : 0;
|
|
838
|
+
}
|
|
839
|
+
|
|
840
|
+
if (normalized.accessSchedule !== undefined) {
|
|
841
|
+
updates.push("access_schedule = @accessSchedule");
|
|
842
|
+
params.accessSchedule =
|
|
843
|
+
normalized.accessSchedule !== null ? JSON.stringify(normalized.accessSchedule) : null;
|
|
844
|
+
}
|
|
845
|
+
|
|
846
|
+
if (normalized.maxRequestsPerDay !== undefined) {
|
|
847
|
+
updates.push("max_requests_per_day = @maxRequestsPerDay");
|
|
848
|
+
params.maxRequestsPerDay = normalized.maxRequestsPerDay;
|
|
849
|
+
}
|
|
850
|
+
|
|
851
|
+
if (normalized.maxRequestsPerMinute !== undefined) {
|
|
852
|
+
updates.push("max_requests_per_minute = @maxRequestsPerMinute");
|
|
853
|
+
params.maxRequestsPerMinute = normalized.maxRequestsPerMinute;
|
|
854
|
+
}
|
|
855
|
+
|
|
856
|
+
if (normalized.throttleDelayMs !== undefined) {
|
|
857
|
+
updates.push("throttle_delay_ms = @throttleDelayMs");
|
|
858
|
+
params.throttleDelayMs = normalized.throttleDelayMs;
|
|
859
|
+
}
|
|
860
|
+
|
|
861
|
+
if (normalized.rateLimits !== undefined) {
|
|
862
|
+
updates.push("rate_limits = @rateLimits");
|
|
863
|
+
params.rateLimits =
|
|
864
|
+
normalized.rateLimits !== null ? JSON.stringify(normalized.rateLimits) : null;
|
|
865
|
+
}
|
|
866
|
+
|
|
867
|
+
if (normalized.isBanned !== undefined) {
|
|
868
|
+
updates.push("is_banned = @isBanned");
|
|
869
|
+
params.isBanned = normalized.isBanned ? 1 : 0;
|
|
870
|
+
}
|
|
871
|
+
|
|
872
|
+
if (normalized.expiresAt !== undefined) {
|
|
873
|
+
updates.push("expires_at = @expiresAt");
|
|
874
|
+
params.expiresAt = normalized.expiresAt;
|
|
875
|
+
}
|
|
876
|
+
|
|
877
|
+
if (normalized.disableNonPublicModels !== undefined) {
|
|
878
|
+
updates.push("disable_non_public_models = @disableNonPublicModels");
|
|
879
|
+
params.disableNonPublicModels = normalized.disableNonPublicModels ? 1 : 0;
|
|
880
|
+
}
|
|
881
|
+
|
|
882
|
+
if (normalized.allowUsageCommand !== undefined) {
|
|
883
|
+
updates.push("allow_usage_command = @allowUsageCommand");
|
|
884
|
+
params.allowUsageCommand = normalized.allowUsageCommand ? 1 : 0;
|
|
885
|
+
}
|
|
886
|
+
|
|
887
|
+
appendUsageLimitUpdates(normalized as Record<string, unknown>, updates, params);
|
|
888
|
+
|
|
889
|
+
const maxSessionsUpdate = (normalized as Record<string, unknown>).maxSessions;
|
|
890
|
+
if (maxSessionsUpdate !== undefined) {
|
|
891
|
+
updates.push("max_sessions = @maxSessions");
|
|
892
|
+
params.maxSessions = typeof maxSessionsUpdate === "number" ? Math.max(0, maxSessionsUpdate) : 0;
|
|
893
|
+
}
|
|
894
|
+
|
|
895
|
+
const proxyIdUpdate = (normalized as Record<string, unknown>).proxyId;
|
|
896
|
+
if (proxyIdUpdate !== undefined) {
|
|
897
|
+
updates.push("proxy_id = @proxyId");
|
|
898
|
+
params.proxyId =
|
|
899
|
+
typeof proxyIdUpdate === "string" && proxyIdUpdate.trim() !== "" ? proxyIdUpdate : null;
|
|
900
|
+
}
|
|
901
|
+
|
|
902
|
+
const allowedEndpointsUpdate = (normalized as Record<string, unknown>).allowedEndpoints;
|
|
903
|
+
if (allowedEndpointsUpdate !== undefined) {
|
|
904
|
+
updates.push("allowed_endpoints = @allowedEndpoints");
|
|
905
|
+
const nextEndpoints: string[] = Array.isArray(allowedEndpointsUpdate)
|
|
906
|
+
? (allowedEndpointsUpdate as unknown[]).filter((s): s is string => typeof s === "string")
|
|
907
|
+
: [];
|
|
908
|
+
(params as Record<string, unknown>).allowedEndpoints = JSON.stringify(nextEndpoints);
|
|
909
|
+
}
|
|
910
|
+
|
|
911
|
+
const streamDefaultModeUpdate = (normalized as Record<string, unknown>).streamDefaultMode;
|
|
912
|
+
if (streamDefaultModeUpdate !== undefined) {
|
|
913
|
+
updates.push("stream_default_mode = @streamDefaultMode");
|
|
914
|
+
params.streamDefaultMode = parseStreamDefaultMode(streamDefaultModeUpdate);
|
|
915
|
+
}
|
|
916
|
+
|
|
917
|
+
const scopesUpdate = (normalized as Record<string, unknown>).scopes;
|
|
918
|
+
const nextScopes: string[] = Array.isArray(scopesUpdate)
|
|
919
|
+
? (scopesUpdate as unknown[]).filter((s): s is string => typeof s === "string")
|
|
920
|
+
: [];
|
|
921
|
+
// Capture previous scopes BEFORE the UPDATE so we can compare for the audit
|
|
922
|
+
// event below. We only fetch when the caller is actually changing scopes —
|
|
923
|
+
// a privileged change ("manage" grants management API surface access) that
|
|
924
|
+
// must always leave an audit trail per OWASP A09 / SOC2 CC7.2.
|
|
925
|
+
//
|
|
926
|
+
// The previous-scopes SELECT and the row UPDATE are wrapped in a single
|
|
927
|
+
// transaction so a concurrent writer cannot slip in between and make the
|
|
928
|
+
// audit log lie about what changed. SQLite is single-writer in practice,
|
|
929
|
+
// but the transaction also gives us atomicity if the underlying driver
|
|
930
|
+
// ever swaps to a backend that allows multiple writers (sqljsAdapter /
|
|
931
|
+
// nodeSqliteAdapter fall-back per v3.8.1 db driver cascade).
|
|
932
|
+
let previousScopes: string[] = [];
|
|
933
|
+
let changedRows = 0;
|
|
934
|
+
if (scopesUpdate !== undefined) {
|
|
935
|
+
updates.push("scopes = @scopes");
|
|
936
|
+
params.scopes = JSON.stringify(nextScopes);
|
|
937
|
+
|
|
938
|
+
// SELECT-then-UPDATE wrapped in an explicit transaction so a concurrent
|
|
939
|
+
// writer can't slip between the read and the write and make the audit
|
|
940
|
+
// log lie about what changed. `exec("BEGIN"/"COMMIT")` works across all
|
|
941
|
+
// driver backends (better-sqlite3 / node:sqlite / sql.js) wired by the
|
|
942
|
+
// v3.8.1 db driver cascade — none of them expose `db.transaction()` via
|
|
943
|
+
// ApiKeysDbLike, which is intentionally minimal.
|
|
944
|
+
db.exec("BEGIN IMMEDIATE");
|
|
945
|
+
try {
|
|
946
|
+
const prevRow = db
|
|
947
|
+
.prepare<{ scopes: string | null }>("SELECT scopes FROM api_keys WHERE id = ?")
|
|
948
|
+
.get(id);
|
|
949
|
+
previousScopes = parseStringList(prevRow?.scopes ?? null);
|
|
950
|
+
const upd = db
|
|
951
|
+
.prepare(`UPDATE api_keys SET ${updates.join(", ")} WHERE id = @id`)
|
|
952
|
+
.run(params);
|
|
953
|
+
changedRows = upd.changes ?? 0;
|
|
954
|
+
db.exec("COMMIT");
|
|
955
|
+
} catch (err) {
|
|
956
|
+
// Guard the ROLLBACK: if it throws (e.g. transaction already ended
|
|
957
|
+
// due to an implicit commit, or backend in a bad state), the original
|
|
958
|
+
// error from the try block is the actionable one — don't shadow it.
|
|
959
|
+
try {
|
|
960
|
+
db.exec("ROLLBACK");
|
|
961
|
+
} catch {
|
|
962
|
+
// swallow: original error is more important
|
|
963
|
+
}
|
|
964
|
+
throw err;
|
|
965
|
+
}
|
|
966
|
+
} else {
|
|
967
|
+
const upd = db.prepare(`UPDATE api_keys SET ${updates.join(", ")} WHERE id = @id`).run(params);
|
|
968
|
+
changedRows = upd.changes ?? 0;
|
|
969
|
+
}
|
|
970
|
+
|
|
971
|
+
if (changedRows === 0) return false;
|
|
972
|
+
|
|
973
|
+
const { logAuditEvent } = await import("@/lib/compliance");
|
|
974
|
+
|
|
975
|
+
if (normalized.isBanned !== undefined) {
|
|
976
|
+
logAuditEvent({
|
|
977
|
+
action: normalized.isBanned ? "apiKey.ban" : "apiKey.unban",
|
|
978
|
+
target: id,
|
|
979
|
+
});
|
|
980
|
+
}
|
|
981
|
+
|
|
982
|
+
if (normalized.isActive !== undefined) {
|
|
983
|
+
logAuditEvent({
|
|
984
|
+
action: normalized.isActive ? "apiKey.activate" : "apiKey.deactivate",
|
|
985
|
+
target: id,
|
|
986
|
+
});
|
|
987
|
+
}
|
|
988
|
+
|
|
989
|
+
if (scopesUpdate !== undefined) {
|
|
990
|
+
// Compare prev vs next scope sets and emit a dedicated audit event when
|
|
991
|
+
// the privileged "manage" scope is granted or revoked. Other scope
|
|
992
|
+
// mutations also emit a generic "apiKey.scopes.update" so the audit log
|
|
993
|
+
// captures the full change history (action + details).
|
|
994
|
+
const hadManage = previousScopes.includes("manage");
|
|
995
|
+
const hasManage = nextScopes.includes("manage");
|
|
996
|
+
if (!hadManage && hasManage) {
|
|
997
|
+
logAuditEvent({
|
|
998
|
+
action: "apiKey.scopes.grant",
|
|
999
|
+
target: id,
|
|
1000
|
+
details: { scopes: nextScopes, previous: previousScopes },
|
|
1001
|
+
});
|
|
1002
|
+
} else if (hadManage && !hasManage) {
|
|
1003
|
+
logAuditEvent({
|
|
1004
|
+
action: "apiKey.scopes.revoke",
|
|
1005
|
+
target: id,
|
|
1006
|
+
details: { scopes: nextScopes, previous: previousScopes },
|
|
1007
|
+
});
|
|
1008
|
+
} else if (
|
|
1009
|
+
previousScopes.length !== nextScopes.length ||
|
|
1010
|
+
previousScopes.some((s) => !nextScopes.includes(s)) ||
|
|
1011
|
+
nextScopes.some((s) => !previousScopes.includes(s))
|
|
1012
|
+
) {
|
|
1013
|
+
logAuditEvent({
|
|
1014
|
+
action: "apiKey.scopes.update",
|
|
1015
|
+
target: id,
|
|
1016
|
+
details: { scopes: nextScopes, previous: previousScopes },
|
|
1017
|
+
});
|
|
1018
|
+
}
|
|
1019
|
+
}
|
|
1020
|
+
|
|
1021
|
+
if (normalized.noLog !== undefined) {
|
|
1022
|
+
setNoLog(id, normalized.noLog);
|
|
1023
|
+
}
|
|
1024
|
+
|
|
1025
|
+
// Invalidate caches since permissions changed
|
|
1026
|
+
invalidateCaches();
|
|
1027
|
+
|
|
1028
|
+
await deleteRedisAuthCacheForKeyId(db, id);
|
|
1029
|
+
|
|
1030
|
+
backupDbFile("pre-write");
|
|
1031
|
+
return true;
|
|
1032
|
+
}
|
|
1033
|
+
|
|
1034
|
+
export async function deleteApiKey(id: string) {
|
|
1035
|
+
const db = getDbInstance() as ApiKeysDbLike;
|
|
1036
|
+
const stmt = getPreparedStatements(db);
|
|
1037
|
+
const row = stmt.getKeyById.get(id) as ApiKeyRow | undefined;
|
|
1038
|
+
const result = stmt.deleteKey.run(id);
|
|
1039
|
+
|
|
1040
|
+
if (result.changes === 0) return false;
|
|
1041
|
+
|
|
1042
|
+
db.prepare("DELETE FROM domain_budgets WHERE api_key_id = ?").run(id);
|
|
1043
|
+
db.prepare("DELETE FROM domain_cost_history WHERE api_key_id = ?").run(id);
|
|
1044
|
+
setNoLog(id, false);
|
|
1045
|
+
|
|
1046
|
+
// Invalidate caches since a key was removed
|
|
1047
|
+
invalidateCaches();
|
|
1048
|
+
await deleteRedisAuthCacheEntry(row?.key_hash);
|
|
1049
|
+
|
|
1050
|
+
backupDbFile("pre-write");
|
|
1051
|
+
return true;
|
|
1052
|
+
}
|
|
1053
|
+
|
|
1054
|
+
/**
|
|
1055
|
+
* Revoke an API key by id. Logical, not destructive: the row stays so it can
|
|
1056
|
+
* be audited, but validateApiKey() rejects it immediately after caches expire
|
|
1057
|
+
* (or sooner because invalidateCaches() runs here).
|
|
1058
|
+
*/
|
|
1059
|
+
export async function revokeApiKey(id: string): Promise<boolean> {
|
|
1060
|
+
const db = getDbInstance() as ApiKeysDbLike;
|
|
1061
|
+
getPreparedStatements(db);
|
|
1062
|
+
|
|
1063
|
+
const result = db
|
|
1064
|
+
.prepare(
|
|
1065
|
+
"UPDATE api_keys SET revoked_at = COALESCE(revoked_at, @ts), is_active = 0 WHERE id = @id"
|
|
1066
|
+
)
|
|
1067
|
+
.run({ id, ts: new Date().toISOString() });
|
|
1068
|
+
|
|
1069
|
+
if ((result.changes ?? 0) === 0) return false;
|
|
1070
|
+
|
|
1071
|
+
invalidateCaches();
|
|
1072
|
+
await deleteRedisAuthCacheForKeyId(db, id);
|
|
1073
|
+
backupDbFile("pre-write");
|
|
1074
|
+
return true;
|
|
1075
|
+
}
|
|
1076
|
+
|
|
1077
|
+
/**
|
|
1078
|
+
* Set or clear the expiry of an API key. Pass null to remove the expiry.
|
|
1079
|
+
*/
|
|
1080
|
+
export async function setApiKeyExpiry(id: string, expiresAt: string | null): Promise<boolean> {
|
|
1081
|
+
const db = getDbInstance() as ApiKeysDbLike;
|
|
1082
|
+
getPreparedStatements(db);
|
|
1083
|
+
|
|
1084
|
+
const result = db
|
|
1085
|
+
.prepare("UPDATE api_keys SET expires_at = @expiresAt WHERE id = @id")
|
|
1086
|
+
.run({ id, expiresAt });
|
|
1087
|
+
|
|
1088
|
+
if ((result.changes ?? 0) === 0) return false;
|
|
1089
|
+
|
|
1090
|
+
invalidateCaches();
|
|
1091
|
+
await deleteRedisAuthCacheForKeyId(db, id);
|
|
1092
|
+
backupDbFile("pre-write");
|
|
1093
|
+
return true;
|
|
1094
|
+
}
|
|
1095
|
+
|
|
1096
|
+
/**
|
|
1097
|
+
* Validate API key with lifecycle gates and caching.
|
|
1098
|
+
*
|
|
1099
|
+
* A key is valid only when ALL of the following are true:
|
|
1100
|
+
* - the row exists,
|
|
1101
|
+
* - is_active = 1,
|
|
1102
|
+
* - revoked_at IS NULL,
|
|
1103
|
+
* - expires_at IS NULL OR expires_at > now.
|
|
1104
|
+
*
|
|
1105
|
+
* Cache TTL is short (CACHE_TTL) and the metadata cache is also invalidated
|
|
1106
|
+
* by revokeApiKey/updateApiKeyPermissions/deleteApiKey, so a revoke takes
|
|
1107
|
+
* effect within at most CACHE_TTL even without an explicit clear in the
|
|
1108
|
+
* caller.
|
|
1109
|
+
*/
|
|
1110
|
+
export async function validateApiKey(key: string | null | undefined) {
|
|
1111
|
+
if (!key || typeof key !== "string") return false;
|
|
1112
|
+
|
|
1113
|
+
if (isConfiguredEnvApiKey(key)) return true;
|
|
1114
|
+
|
|
1115
|
+
const now = Date.now();
|
|
1116
|
+
const hashedKey = await hashKey(key);
|
|
1117
|
+
const cacheKey = hashedKey;
|
|
1118
|
+
|
|
1119
|
+
const cached = _keyValidationCache.get(cacheKey);
|
|
1120
|
+
if (cached && now - cached.timestamp < CACHE_TTL) {
|
|
1121
|
+
return cached.valid;
|
|
1122
|
+
}
|
|
1123
|
+
|
|
1124
|
+
if (isRedisAuthCacheEnabled()) {
|
|
1125
|
+
// Try Redis cache for multi-instance consistency
|
|
1126
|
+
try {
|
|
1127
|
+
const { getRedisClient, isRedisConfigured } = await import("@/shared/utils/rateLimiter");
|
|
1128
|
+
if (isRedisConfigured()) {
|
|
1129
|
+
const redis = getRedisClient();
|
|
1130
|
+
const redisKey = `auth:api_key:${hashedKey}`;
|
|
1131
|
+
const redisData = await redis.get(redisKey);
|
|
1132
|
+
if (redisData) {
|
|
1133
|
+
const data = JSON.parse(redisData);
|
|
1134
|
+
const isBanned = !!data.isBanned;
|
|
1135
|
+
const isActive = !!data.isActive;
|
|
1136
|
+
const revokedAt = data.revokedAt;
|
|
1137
|
+
const expiresAt = data.expiresAt;
|
|
1138
|
+
|
|
1139
|
+
if (isBanned || !isActive) return false;
|
|
1140
|
+
if (typeof revokedAt === "string" && revokedAt.trim() !== "") return false;
|
|
1141
|
+
if (typeof expiresAt === "string" && expiresAt.trim() !== "") {
|
|
1142
|
+
const expiresMs = Date.parse(expiresAt);
|
|
1143
|
+
if (Number.isFinite(expiresMs) && expiresMs <= now) return false;
|
|
1144
|
+
}
|
|
1145
|
+
return true;
|
|
1146
|
+
}
|
|
1147
|
+
}
|
|
1148
|
+
} catch {
|
|
1149
|
+
// Redis lookup failures fall through to SQLite.
|
|
1150
|
+
}
|
|
1151
|
+
}
|
|
1152
|
+
|
|
1153
|
+
const db = getDbInstance() as ApiKeysDbLike;
|
|
1154
|
+
const stmt = getPreparedStatements(db);
|
|
1155
|
+
const row = stmt.validateKey.get(key, hashedKey) as JsonRecord | undefined;
|
|
1156
|
+
|
|
1157
|
+
if (!row) return false;
|
|
1158
|
+
|
|
1159
|
+
const isBanned = parseIsBanned(row.is_banned ?? row.isBanned);
|
|
1160
|
+
if (isBanned) return false;
|
|
1161
|
+
|
|
1162
|
+
const isActive = parseIsActive(row.is_active ?? row.isActive);
|
|
1163
|
+
if (!isActive) return false;
|
|
1164
|
+
|
|
1165
|
+
const revokedAt = row.revoked_at ?? row.revokedAt;
|
|
1166
|
+
if (typeof revokedAt === "string" && revokedAt.trim() !== "") return false;
|
|
1167
|
+
|
|
1168
|
+
const expiresAt = row.expires_at ?? row.expiresAt;
|
|
1169
|
+
if (typeof expiresAt === "string" && expiresAt.trim() !== "") {
|
|
1170
|
+
const expiresMs = Date.parse(expiresAt);
|
|
1171
|
+
if (Number.isFinite(expiresMs) && expiresMs <= now) return false;
|
|
1172
|
+
}
|
|
1173
|
+
|
|
1174
|
+
evictIfNeeded(_keyValidationCache);
|
|
1175
|
+
_keyValidationCache.set(cacheKey, { valid: true, timestamp: now });
|
|
1176
|
+
|
|
1177
|
+
if (isRedisAuthCacheEnabled()) {
|
|
1178
|
+
// Update Redis cache for fast validation
|
|
1179
|
+
try {
|
|
1180
|
+
const { getRedisClient, isRedisConfigured } = await import("@/shared/utils/rateLimiter");
|
|
1181
|
+
if (isRedisConfigured()) {
|
|
1182
|
+
const redis = getRedisClient();
|
|
1183
|
+
const redisKey = `auth:api_key:${hashedKey}`;
|
|
1184
|
+
await redis.set(
|
|
1185
|
+
redisKey,
|
|
1186
|
+
JSON.stringify({
|
|
1187
|
+
id: row.id,
|
|
1188
|
+
isBanned: parseIsBanned(row.is_banned),
|
|
1189
|
+
isActive: parseIsActive(row.is_active),
|
|
1190
|
+
expiresAt: row.expires_at,
|
|
1191
|
+
revokedAt: row.revoked_at,
|
|
1192
|
+
}),
|
|
1193
|
+
"EX",
|
|
1194
|
+
3600 // 1 hour cache
|
|
1195
|
+
);
|
|
1196
|
+
}
|
|
1197
|
+
} catch {
|
|
1198
|
+
// Redis cache update failures do not block successful SQLite validation.
|
|
1199
|
+
}
|
|
1200
|
+
}
|
|
1201
|
+
|
|
1202
|
+
markApiKeyUsed(db, row.id, now);
|
|
1203
|
+
|
|
1204
|
+
return true;
|
|
1205
|
+
}
|
|
1206
|
+
|
|
1207
|
+
/**
|
|
1208
|
+
* Get API key metadata with caching for performance
|
|
1209
|
+
*/
|
|
1210
|
+
export async function getApiKeyMetadata(
|
|
1211
|
+
key: string | null | undefined
|
|
1212
|
+
): Promise<ApiKeyMetadata | null> {
|
|
1213
|
+
if (!key || typeof key !== "string") return null;
|
|
1214
|
+
|
|
1215
|
+
const now = Date.now();
|
|
1216
|
+
|
|
1217
|
+
// persistent env-var key support (persistent passthrough keys) (#1350)
|
|
1218
|
+
if (isConfiguredEnvApiKey(key)) {
|
|
1219
|
+
// ─── Env-key management-scope bypass ──────────────────────────────────
|
|
1220
|
+
// The deployment-time env key (`OMNIROUTE_API_KEY` / `ROUTER_API_KEY`)
|
|
1221
|
+
// is granted the "manage" scope unconditionally. This is intentional:
|
|
1222
|
+
//
|
|
1223
|
+
// 1. The env key never exists in the SQLite `api_keys` table, so the
|
|
1224
|
+
// DB-backed scopes column does not apply. We synthesize the
|
|
1225
|
+
// metadata record here.
|
|
1226
|
+
// 2. The operator who set the env var is presumed to be the deployment
|
|
1227
|
+
// owner; rotating (or unsetting) the env var is the only way to
|
|
1228
|
+
// rotate this privilege. There is no UI to change it.
|
|
1229
|
+
// 3. Management API access via the env key still passes through
|
|
1230
|
+
// `requireManagementAuth` → `hasManageScope`, so policy decisions
|
|
1231
|
+
// remain centralised in `src/server/authz/*`.
|
|
1232
|
+
// 4. Requests authenticated by the env key are tagged with
|
|
1233
|
+
// `id: "env-key"` for downstream audit-log emitters, making it
|
|
1234
|
+
// possible to distinguish env-key activity from user-created keys
|
|
1235
|
+
// that happen to also hold "manage".
|
|
1236
|
+
//
|
|
1237
|
+
// DO NOT remove "manage" from this list — that would break the
|
|
1238
|
+
// deployment-time bootstrap path that operators rely on for headless
|
|
1239
|
+
// / CI / first-boot scenarios. If you need to disable env-key access,
|
|
1240
|
+
// unset the env var instead.
|
|
1241
|
+
return {
|
|
1242
|
+
id: "env-key",
|
|
1243
|
+
name: "Environment Key",
|
|
1244
|
+
machineId: "server-env",
|
|
1245
|
+
allowedModels: [],
|
|
1246
|
+
blockedModels: [],
|
|
1247
|
+
allowedCombos: [],
|
|
1248
|
+
allowedConnections: [],
|
|
1249
|
+
allowedQuotas: [],
|
|
1250
|
+
noLog: false,
|
|
1251
|
+
autoResolve: true,
|
|
1252
|
+
isActive: true,
|
|
1253
|
+
accessSchedule: null,
|
|
1254
|
+
rateLimits: null,
|
|
1255
|
+
maxRequestsPerDay: null,
|
|
1256
|
+
maxRequestsPerMinute: null,
|
|
1257
|
+
throttleDelayMs: null,
|
|
1258
|
+
maxSessions: 0,
|
|
1259
|
+
revokedAt: null,
|
|
1260
|
+
expiresAt: null,
|
|
1261
|
+
ipAllowlist: [],
|
|
1262
|
+
isBanned: false,
|
|
1263
|
+
keyHash: null,
|
|
1264
|
+
scopes: ["manage"],
|
|
1265
|
+
proxyId: null,
|
|
1266
|
+
allowedEndpoints: [],
|
|
1267
|
+
streamDefaultMode: "legacy",
|
|
1268
|
+
disableNonPublicModels: false,
|
|
1269
|
+
allowUsageCommand: false,
|
|
1270
|
+
usageLimitEnabled: false,
|
|
1271
|
+
dailyUsageLimitUsd: null,
|
|
1272
|
+
weeklyUsageLimitUsd: null,
|
|
1273
|
+
};
|
|
1274
|
+
}
|
|
1275
|
+
|
|
1276
|
+
// Check cache first
|
|
1277
|
+
const hashedKey = await hashKey(key);
|
|
1278
|
+
const cached = _keyMetadataCache.get(hashedKey);
|
|
1279
|
+
if (cached && now - cached.timestamp < CACHE_TTL) {
|
|
1280
|
+
return cached.value;
|
|
1281
|
+
}
|
|
1282
|
+
|
|
1283
|
+
const db = getDbInstance() as ApiKeysDbLike;
|
|
1284
|
+
const stmt = getPreparedStatements(db);
|
|
1285
|
+
const row = stmt.getKeyMetadata.get(key, hashedKey);
|
|
1286
|
+
|
|
1287
|
+
if (!row) return null;
|
|
1288
|
+
|
|
1289
|
+
const record = toRecord(row) as ApiKeyRow;
|
|
1290
|
+
const metadataId = typeof record.id === "string" ? record.id : "";
|
|
1291
|
+
const metadataName = typeof record.name === "string" ? record.name : "";
|
|
1292
|
+
const machineIdRaw = record.machine_id ?? record.machineId;
|
|
1293
|
+
const metadataMachineId = typeof machineIdRaw === "string" ? machineIdRaw : null;
|
|
1294
|
+
|
|
1295
|
+
const rawMaxRPD = record.max_requests_per_day ?? record.maxRequestsPerDay;
|
|
1296
|
+
const rawMaxRPM = record.max_requests_per_minute ?? record.maxRequestsPerMinute;
|
|
1297
|
+
const rawThrottleDelayMs = record.throttle_delay_ms ?? (record as JsonRecord).throttleDelayMs;
|
|
1298
|
+
|
|
1299
|
+
const rawMaxSessions = record.max_sessions ?? record.maxSessions;
|
|
1300
|
+
|
|
1301
|
+
const metadata: ApiKeyMetadata = {
|
|
1302
|
+
id: metadataId,
|
|
1303
|
+
name: metadataName,
|
|
1304
|
+
machineId: metadataMachineId,
|
|
1305
|
+
allowedModels: parseAllowedModels(record.allowed_models ?? record.allowedModels),
|
|
1306
|
+
blockedModels: parseAllowedModels(record.blocked_models ?? record.blockedModels),
|
|
1307
|
+
allowedCombos: parseAllowedCombos(record.allowed_combos ?? record.allowedCombos),
|
|
1308
|
+
allowedConnections: parseAllowedConnections(
|
|
1309
|
+
record.allowed_connections ?? record.allowedConnections
|
|
1310
|
+
),
|
|
1311
|
+
allowedQuotas: parseAllowedQuotas(
|
|
1312
|
+
(record as JsonRecord).allowed_quotas ?? (record as JsonRecord).allowedQuotas
|
|
1313
|
+
),
|
|
1314
|
+
noLog: parseNoLog(record.no_log ?? record.noLog),
|
|
1315
|
+
autoResolve: parseAutoResolve(record.auto_resolve ?? record.autoResolve),
|
|
1316
|
+
isActive: parseIsActive(record.is_active ?? record.isActive),
|
|
1317
|
+
accessSchedule: parseAccessSchedule(record.access_schedule ?? record.accessSchedule),
|
|
1318
|
+
rateLimits: parseRateLimits(record.rate_limits ?? (record as JsonRecord).rateLimits),
|
|
1319
|
+
maxRequestsPerDay: typeof rawMaxRPD === "number" && rawMaxRPD > 0 ? rawMaxRPD : null,
|
|
1320
|
+
maxRequestsPerMinute: typeof rawMaxRPM === "number" && rawMaxRPM > 0 ? rawMaxRPM : null,
|
|
1321
|
+
throttleDelayMs:
|
|
1322
|
+
typeof rawThrottleDelayMs === "number" && rawThrottleDelayMs > 0 ? rawThrottleDelayMs : null,
|
|
1323
|
+
// T08: max concurrent sessions; 0 = unlimited (default & backward-compatible)
|
|
1324
|
+
maxSessions: typeof rawMaxSessions === "number" && rawMaxSessions > 0 ? rawMaxSessions : 0,
|
|
1325
|
+
revokedAt: parseNullableTimestamp(record.revoked_at ?? (record as JsonRecord).revokedAt),
|
|
1326
|
+
expiresAt: parseNullableTimestamp(record.expires_at ?? (record as JsonRecord).expiresAt),
|
|
1327
|
+
ipAllowlist: parseStringList(record.ip_allowlist ?? (record as JsonRecord).ipAllowlist),
|
|
1328
|
+
scopes: parseStringList((record as JsonRecord).scopes),
|
|
1329
|
+
isBanned: parseIsBanned(record.is_banned ?? (record as JsonRecord).isBanned),
|
|
1330
|
+
keyHash: (record.key_hash ?? (record as JsonRecord).keyHash) as string | null,
|
|
1331
|
+
proxyId:
|
|
1332
|
+
typeof record.proxy_id === "string" && record.proxy_id.trim() !== "" ? record.proxy_id : null,
|
|
1333
|
+
allowedEndpoints: parseStringList(
|
|
1334
|
+
(record as JsonRecord).allowed_endpoints ?? (record as JsonRecord).allowedEndpoints
|
|
1335
|
+
),
|
|
1336
|
+
streamDefaultMode: parseStreamDefaultMode(
|
|
1337
|
+
(record as JsonRecord).stream_default_mode ?? (record as JsonRecord).streamDefaultMode
|
|
1338
|
+
),
|
|
1339
|
+
disableNonPublicModels: parseDisableNonPublicModels(
|
|
1340
|
+
(record as JsonRecord).disable_non_public_models ??
|
|
1341
|
+
(record as JsonRecord).disableNonPublicModels
|
|
1342
|
+
),
|
|
1343
|
+
allowUsageCommand: parseAllowUsageCommand(
|
|
1344
|
+
(record as JsonRecord).allow_usage_command ?? (record as JsonRecord).allowUsageCommand
|
|
1345
|
+
),
|
|
1346
|
+
...parseApiKeyUsageLimitFields(record as JsonRecord),
|
|
1347
|
+
};
|
|
1348
|
+
|
|
1349
|
+
if (!metadata.id) {
|
|
1350
|
+
return null;
|
|
1351
|
+
}
|
|
1352
|
+
|
|
1353
|
+
setNoLog(metadata.id, metadata.noLog === true);
|
|
1354
|
+
|
|
1355
|
+
// Cache the result
|
|
1356
|
+
evictIfNeeded(_keyMetadataCache);
|
|
1357
|
+
_keyMetadataCache.set(hashedKey, { value: metadata, timestamp: now });
|
|
1358
|
+
|
|
1359
|
+
return metadata;
|
|
1360
|
+
}
|
|
1361
|
+
|
|
1362
|
+
/**
|
|
1363
|
+
* Check if a model is allowed for a given API key
|
|
1364
|
+
* @param {string} key - The API key
|
|
1365
|
+
* @param {string} modelId - The model ID to check
|
|
1366
|
+
* @returns {boolean} - true if allowed, false if not
|
|
1367
|
+
*/
|
|
1368
|
+
export async function isModelAllowedForKey(
|
|
1369
|
+
key: string | null | undefined,
|
|
1370
|
+
modelId: string | null | undefined
|
|
1371
|
+
) {
|
|
1372
|
+
// If no key provided, allow (request may be using different auth method like JWT)
|
|
1373
|
+
// If no modelId provided, deny (invalid request)
|
|
1374
|
+
if (!key) return true;
|
|
1375
|
+
if (!modelId) return false;
|
|
1376
|
+
|
|
1377
|
+
// Create cache key
|
|
1378
|
+
const cacheKey = `${key}:${modelId}`;
|
|
1379
|
+
const now = Date.now();
|
|
1380
|
+
const usesSettingDependentClaudeRouting = isPotentialUnprefixedClaudeCodeModel(modelId);
|
|
1381
|
+
|
|
1382
|
+
// Check permission cache
|
|
1383
|
+
const cached = _modelPermissionCache.get(cacheKey);
|
|
1384
|
+
if (!usesSettingDependentClaudeRouting && cached && now - cached.timestamp < CACHE_TTL) {
|
|
1385
|
+
return cached.allowed;
|
|
1386
|
+
}
|
|
1387
|
+
|
|
1388
|
+
const metadata = await getApiKeyMetadata(key);
|
|
1389
|
+
// SECURITY: Key not found in database = deny access (invalid/non-existent key)
|
|
1390
|
+
if (!metadata) return false;
|
|
1391
|
+
|
|
1392
|
+
const { allowedModels, blockedModels, disableNonPublicModels } = metadata;
|
|
1393
|
+
const modelPermissionCandidates = await getModelPermissionCandidates(modelId);
|
|
1394
|
+
|
|
1395
|
+
// Deny-list patterns win over any allow-list entry. This lets operators keep
|
|
1396
|
+
// broad dynamic scopes like cc/* while excluding expensive families.
|
|
1397
|
+
if (blockedModels?.some((pattern) => modelPatternMatches(pattern, modelPermissionCandidates))) {
|
|
1398
|
+
return false;
|
|
1399
|
+
}
|
|
1400
|
+
|
|
1401
|
+
// Check disableNonPublicModels flag
|
|
1402
|
+
if (disableNonPublicModels) {
|
|
1403
|
+
const resolvedModelId = resolveModelAlias(modelId);
|
|
1404
|
+
const effectiveModelId = resolvedModelId || modelId;
|
|
1405
|
+
|
|
1406
|
+
if (!hasClaudeCodeWildcardPermission(allowedModels, modelPermissionCandidates)) {
|
|
1407
|
+
const lookupTarget = await getPublishedModelLookupTarget(effectiveModelId);
|
|
1408
|
+
const providerId = lookupTarget?.providerId || effectiveModelId.split("/")[0];
|
|
1409
|
+
const shortModelId = lookupTarget?.modelId || effectiveModelId.split("/").slice(1).join("/");
|
|
1410
|
+
if (!providerId || !shortModelId) return false;
|
|
1411
|
+
|
|
1412
|
+
const syncedModelsByConnection = await getSyncedAvailableModelsByConnection(providerId);
|
|
1413
|
+
const customModels = await getCustomModels(providerId);
|
|
1414
|
+
|
|
1415
|
+
// Combine synced and custom models
|
|
1416
|
+
const allDiscoveredModels = Object.values(syncedModelsByConnection)
|
|
1417
|
+
.flat()
|
|
1418
|
+
.concat(customModels);
|
|
1419
|
+
const discovered = allDiscoveredModels.some((m) => m.id === shortModelId);
|
|
1420
|
+
if (!discovered) return false;
|
|
1421
|
+
|
|
1422
|
+
const isPublic = !getModelIsHidden(providerId, shortModelId);
|
|
1423
|
+
if (!isPublic) return false;
|
|
1424
|
+
}
|
|
1425
|
+
}
|
|
1426
|
+
|
|
1427
|
+
// Empty array means all models allowed
|
|
1428
|
+
if (!allowedModels || allowedModels.length === 0) {
|
|
1429
|
+
return true;
|
|
1430
|
+
}
|
|
1431
|
+
|
|
1432
|
+
let allowed = false;
|
|
1433
|
+
|
|
1434
|
+
// Check if model matches each allowed pattern
|
|
1435
|
+
// Support exact match and prefix match (e.g., "openai/*" allows all OpenAI models)
|
|
1436
|
+
for (const pattern of allowedModels) {
|
|
1437
|
+
if (modelPatternMatches(pattern, modelPermissionCandidates)) {
|
|
1438
|
+
allowed = true;
|
|
1439
|
+
break;
|
|
1440
|
+
}
|
|
1441
|
+
}
|
|
1442
|
+
|
|
1443
|
+
// If key belongs to groups, also check group-level permissions
|
|
1444
|
+
if (metadata.id) {
|
|
1445
|
+
const groupAccess = checkKeyModelAccess(metadata.id, modelId || "");
|
|
1446
|
+
if (!groupAccess.allowed) {
|
|
1447
|
+
allowed = false;
|
|
1448
|
+
}
|
|
1449
|
+
}
|
|
1450
|
+
// Cache the result
|
|
1451
|
+
if (!usesSettingDependentClaudeRouting) {
|
|
1452
|
+
evictIfNeeded(_modelPermissionCache);
|
|
1453
|
+
_modelPermissionCache.set(cacheKey, { allowed, timestamp: now });
|
|
1454
|
+
}
|
|
1455
|
+
|
|
1456
|
+
return allowed;
|
|
1457
|
+
}
|
|
1458
|
+
|
|
1459
|
+
/**
|
|
1460
|
+
* Clear prepared statements cache (called on database reset/restore)
|
|
1461
|
+
* Prepared statements are bound to a specific database connection,
|
|
1462
|
+
* so they must be cleared when the connection is reset.
|
|
1463
|
+
*/
|
|
1464
|
+
function clearPreparedStatementCache() {
|
|
1465
|
+
_stmtGetAllKeys = null;
|
|
1466
|
+
_stmtGetKeyById = null;
|
|
1467
|
+
_stmtValidateKey = null;
|
|
1468
|
+
_stmtGetKeyMetadata = null;
|
|
1469
|
+
_stmtInsertKey = null;
|
|
1470
|
+
_stmtDeleteKey = null;
|
|
1471
|
+
_schemaChecked = false; // Also reset schema check for new connection
|
|
1472
|
+
}
|
|
1473
|
+
|
|
1474
|
+
/**
|
|
1475
|
+
* Clear all caches (exported for testing/debugging)
|
|
1476
|
+
*/
|
|
1477
|
+
export function clearApiKeyCaches() {
|
|
1478
|
+
invalidateCaches();
|
|
1479
|
+
_lastUsedUpdateCache.clear();
|
|
1480
|
+
_modelPermissionCache.clear();
|
|
1481
|
+
}
|
|
1482
|
+
|
|
1483
|
+
/**
|
|
1484
|
+
* Reset all cached state for database connection reset/restore.
|
|
1485
|
+
* Called by backup.ts when the database is restored.
|
|
1486
|
+
*/
|
|
1487
|
+
export function resetApiKeyState() {
|
|
1488
|
+
clearPreparedStatementCache();
|
|
1489
|
+
clearApiKeyCaches();
|
|
1490
|
+
}
|
|
1491
|
+
|
|
1492
|
+
registerDbStateResetter(resetApiKeyState);
|