cipher-security 2.0.0

package/lib/gateway/client.js

@@ -0,0 +1,309 @@
+// Copyright (c) 2026 defconxt. All rights reserved.
+// Licensed under AGPL-3.0 — see LICENSE file for details.
+// CIPHER is a trademark of defconxt.
+
+/**
+ * client.js — LLM client factory for CIPHER gateway.
+ *
+ * Ports Python gateway/client.py:
+ * - makeClient(config) → { client, model }
+ * - Claude: Anthropic SDK
+ * - Ollama: Anthropic SDK with baseURL
+ * - LiteLLM: OpenAI SDK with adapter presenting Anthropic-compatible interface
+ *
+ * All SDK imports are lazy (dynamic import()) to preserve cold start <200ms.
+ * API keys are treated as opaque strings — never logged.
+ *
+ * @module gateway/client
+ */
+
+const debug = process.env.CIPHER_DEBUG === '1'
+  ? (/** @type {string} */ msg) => process.stderr.write(`[bridge:node] ${msg}\n`)
+  : () => {};
+
+// ---------------------------------------------------------------------------
+// LiteLLM → Anthropic adapter
+// ---------------------------------------------------------------------------
+
+/**
+ * Converts Anthropic-style (system + messages) to OpenAI-style messages.
+ *
+ * @param {string|null} system
+ * @param {Array<{role: string, content: string}>} messages
+ * @returns {Array<{role: string, content: string}>}
+ */
+function toOpenAIMessages(system, messages) {
+  const result = [];
+  if (system) result.push({ role: 'system', content: system });
+  for (const msg of messages) {
+    result.push({ role: msg.role, content: msg.content });
+  }
+  return result;
+}
+
+/**
+ * Convert Anthropic tool schema to OpenAI function-calling format.
+ *
+ * Anthropic: { name, description, input_schema: {...} }
+ * OpenAI:    { type: "function", function: { name, description, parameters: {...} } }
+ *
+ * @param {Array<{name: string, description: string, input_schema: Object}>} tools
+ * @returns {Array<{type: string, function: {name: string, description: string, parameters: Object}}>}
+ */
+function toOpenAITools(tools) {
+  return tools.map(t => ({
+    type: 'function',
+    function: {
+      name: t.name,
+      description: t.description || '',
+      parameters: t.input_schema || { type: 'object', properties: {} },
+    },
+  }));
+}
+
+/**
+ * Map OpenAI finish_reason to Anthropic stop_reason.
+ * @param {string} finishReason
+ * @returns {string}
+ */
+function mapStopReason(finishReason) {
+  if (finishReason === 'tool_calls') return 'tool_use';
+  if (finishReason === 'length') return 'max_tokens';
+  return 'end_turn';
+}
+
+/**
+ * Build a LiteLLM adapter that presents an Anthropic-SDK-compatible interface.
+ *
+ * client.messages.create() and client.messages.stream() work identically
+ * to the Anthropic SDK from the Gateway's perspective.
+ *
+ * @param {Object} openaiClient - OpenAI SDK instance
+ * @param {string} model
+ * @param {number} timeout
+ * @returns {Object}
+ */
+function buildLiteLLMAdapter(openaiClient, model, timeout) {
+  return {
+    messages: {
+      /**
+       * Non-streaming completion with optional tool-use support.
+       *
+       * When `tools` is provided, forwards them to the OpenAI API in
+       * function-calling format and maps any tool_calls in the response
+       * back to Anthropic-style content blocks.
+       *
+       * @param {Object} opts
+       * @param {string} opts.model
+       * @param {number} opts.max_tokens
+       * @param {string} [opts.system]
+       * @param {Array} opts.messages
+       * @param {Array} [opts.tools] - Anthropic-format tool schemas
+       * @returns {Promise<Object>} Anthropic-shaped response
+       */
+      async create({ model: m, max_tokens, system, messages, tools }) {
+        const reqParams = {
+          model: m,
+          messages: toOpenAIMessages(system || null, messages),
+          max_tokens,
+        };
+
+        // Forward tools when provided
+        if (tools && tools.length > 0) {
+          reqParams.tools = toOpenAITools(tools);
+        }
+
+        const response = await openaiClient.chat.completions.create(reqParams);
+
+        const choice = response.choices?.[0];
+        const message = choice?.message || {};
+        const finishReason = choice?.finish_reason || 'stop';
+
+        // Build Anthropic-style content blocks
+        const content = [];
+
+        // Text content
+        if (message.content) {
+          content.push({ text: message.content, type: 'text' });
+        }
+
+        // Tool calls → Anthropic tool_use blocks
+        if (message.tool_calls && message.tool_calls.length > 0) {
+          for (const tc of message.tool_calls) {
+            let input = {};
+            try {
+              input = typeof tc.function.arguments === 'string'
+                ? JSON.parse(tc.function.arguments)
+                : tc.function.arguments || {};
+            } catch {
+              input = {};
+            }
+            content.push({
+              type: 'tool_use',
+              id: tc.id,
+              name: tc.function.name,
+              input,
+            });
+          }
+        }
+
+        // If no content blocks at all, add empty text
+        if (content.length === 0) {
+          content.push({ text: '', type: 'text' });
+        }
+
+        return {
+          content,
+          model: m,
+          role: 'assistant',
+          stop_reason: mapStopReason(finishReason),
+          usage: {
+            input_tokens: response.usage?.prompt_tokens || 0,
+            output_tokens: response.usage?.completion_tokens || 0,
+          },
+        };
+      },
+
+      /**
+       * Streaming completion — returns object with .on('text', cb) pattern.
+       *
+       * The Anthropic Node.js SDK uses .on('text', cb) for streaming.
+       * This adapter internally iterates the OpenAI stream and calls the cb.
+       *
+       * @param {Object} opts
+       * @param {string} opts.model
+       * @param {number} opts.max_tokens
+       * @param {string} [opts.system]
+       * @param {Array<{role: string, content: string}>} opts.messages
+       * @returns {Object} Stream-like object with .on() and async iteration
+       */
+      stream({ model: m, max_tokens, system, messages }) {
+        /** @type {Array<{event: string, cb: Function}>} */
+        const listeners = [];
+        let finalMessageCb = null;
+        let streamPromise = null;
+
+        const streamObj = {
+          /**
+           * Register event listener. Supported events: 'text', 'finalMessage'.
+           */
+          on(event, cb) {
+            if (event === 'finalMessage') {
+              finalMessageCb = cb;
+            } else {
+              listeners.push({ event, cb });
+            }
+            return streamObj;
+          },
+
+          /**
+           * Consume the stream — awaiting this drives the iteration.
+           */
+          async finalMessage() {
+            if (!streamPromise) {
+              streamPromise = _consumeStream();
+            }
+            return streamPromise;
+          },
+
+          /**
+           * Async iterator for text chunks.
+           */
+          async *[Symbol.asyncIterator]() {
+            const response = await openaiClient.chat.completions.create({
+              model: m,
+              messages: toOpenAIMessages(system || null, messages),
+              max_tokens,
+              stream: true,
+            });
+
+            for await (const chunk of response) {
+              const delta = chunk.choices?.[0]?.delta?.content;
+              if (delta) yield delta;
+            }
+          },
+        };
+
+        async function _consumeStream() {
+          const fullText = [];
+          const response = await openaiClient.chat.completions.create({
+            model: m,
+            messages: toOpenAIMessages(system || null, messages),
+            max_tokens,
+            stream: true,
+          });
+
+          for await (const chunk of response) {
+            const delta = chunk.choices?.[0]?.delta?.content;
+            if (delta) {
+              fullText.push(delta);
+              for (const { event, cb } of listeners) {
+                if (event === 'text') cb(delta);
+              }
+            }
+          }
+
+          const msg = {
+            content: [{ text: fullText.join(''), type: 'text' }],
+            model: m,
+            role: 'assistant',
+          };
+
+          if (finalMessageCb) finalMessageCb(msg);
+          return msg;
+        }
+
+        return streamObj;
+      },
+    },
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Public factory
+// ---------------------------------------------------------------------------
+
+/**
+ * Build a client for the configured backend.
+ *
+ * All SDK imports are lazy — called only when this function runs.
+ *
+ * @param {import('./config-validate.js').GatewayConfig} config
+ * @returns {Promise<{client: Object, model: string}>}
+ */
+export async function makeClient(config) {
+  if (config.backend === 'ollama') {
+    const { default: Anthropic } = await import('@anthropic-ai/sdk');
+    const client = new Anthropic({
+      baseURL: config.ollama_base_url,
+      apiKey: 'ollama', // Ollama ignores the key; SDK constructor requires it
+      timeout: config.ollama_timeout * 1000, // SDK expects milliseconds
+    });
+    debug(`client: ollama at ${config.ollama_base_url}, model=${config.ollama_model}`);
+    return { client, model: config.ollama_model };
+  }
+
+  if (config.backend === 'litellm') {
+    const { default: OpenAI } = await import('openai');
+    const openaiClient = new OpenAI({
+      apiKey: config.litellm_api_key || 'unused',
+      baseURL: config.litellm_api_base || undefined,
+      timeout: config.litellm_timeout * 1000,
+    });
+    const client = buildLiteLLMAdapter(openaiClient, config.litellm_model, config.litellm_timeout);
+    debug(`client: litellm, model=${config.litellm_model}`);
+    return { client, model: config.litellm_model };
+  }
+
+  // backend === 'claude'
+  const { default: Anthropic } = await import('@anthropic-ai/sdk');
+  const client = new Anthropic({
+    apiKey: config.claude_api_key,
+    timeout: config.claude_timeout * 1000,
+  });
+  debug(`client: claude, model=${config.claude_model}`);
+  return { client, model: config.claude_model };
+}
+
+// Exported for testing only
+export { buildLiteLLMAdapter as _buildLiteLLMAdapter };