context-lens 0.2.0 → 0.3.0

package/dist/core/routing.js

@@ -0,0 +1,132 @@
+/**
+ * URL path segments that represent API resources rather than "source tool" prefixes.
+ *
+ * Example: `/v1/messages` should not treat `v1` as a source tag.
+ */
+export const API_PATH_SEGMENTS = new Set([
+    "v1",
+    "v1beta",
+    "v1alpha",
+    "v1internal",
+    "responses",
+    "chat",
+    "models",
+    "embeddings",
+    "backend-api",
+    "api",
+]);
+/**
+ * Infer provider based on request path + headers.
+ *
+ * This is used for routing (choosing which upstream base URL to use) and parsing.
+ */
+export function detectProvider(pathname, headers) {
+    return classifyRequest(pathname, headers).provider;
+}
+/**
+ * Infer the API "format" (schema family) from the request path.
+ *
+ * This is distinct from provider: e.g. OpenAI can be `responses` or `chat-completions`.
+ */
+export function detectApiFormat(pathname) {
+    return classifyRequest(pathname, {}).apiFormat;
+}
+/**
+ * Classify an incoming request into `{ provider, apiFormat }`.
+ *
+ * Keep all path/format heuristics in one place to avoid drift between
+ * routing decisions and parsing decisions.
+ */
+export function classifyRequest(pathname, headers) {
+    // ChatGPT backend traffic (Codex subscription)
+    if (pathname.match(/^\/(api|backend-api)\//))
+        return { provider: "chatgpt", apiFormat: "chatgpt-backend" };
+    // Anthropic Messages API
+    if (pathname.includes("/v1/messages"))
+        return { provider: "anthropic", apiFormat: "anthropic-messages" };
+    if (pathname.includes("/v1/complete"))
+        return { provider: "anthropic", apiFormat: "unknown" };
+    if (headers["anthropic-version"])
+        return { provider: "anthropic", apiFormat: "unknown" };
+    // Gemini: must come BEFORE openai catch-all (which matches /models/)
+    const isGeminiPath = pathname.includes(":generateContent") ||
+        pathname.includes(":streamGenerateContent") ||
+        pathname.match(/\/v1(beta|alpha)\/models\//) ||
+        pathname.includes("/v1internal:");
+    if (isGeminiPath || headers["x-goog-api-key"])
+        return { provider: "gemini", apiFormat: "gemini" };
+    // OpenAI
+    if (pathname.includes("/responses"))
+        return { provider: "openai", apiFormat: "responses" };
+    if (pathname.includes("/chat/completions"))
+        return { provider: "openai", apiFormat: "chat-completions" };
+    if (pathname.match(/\/(models|embeddings)/))
+        return { provider: "openai", apiFormat: "unknown" };
+    if (headers.authorization?.startsWith("Bearer sk-"))
+        return { provider: "openai", apiFormat: "unknown" };
+    return { provider: "unknown", apiFormat: "unknown" };
+}
+/**
+ * Extract a "source tool" tag from a request path.
+ *
+ * Example: `/claude/v1/messages` => `{ source: 'claude', cleanPath: '/v1/messages' }`.
+ *
+ * This tag is used for attribution in the UI/LHAR and for per-tool grouping.
+ */
+export function extractSource(pathname) {
+    const match = pathname.match(/^\/([^/]+)(\/.*)?$/);
+    if (match?.[2] && !API_PATH_SEGMENTS.has(match[1])) {
+        // `decodeURIComponent` may introduce `/` via `%2f` (path traversal) or throw on bad encodings.
+        // Treat suspicious/invalid tags as "no source tag" and route the request normally.
+        let decoded = match[1];
+        try {
+            decoded = decodeURIComponent(match[1]);
+        }
+        catch {
+            decoded = match[1];
+        }
+        if (decoded.includes("/") ||
+            decoded.includes("\\") ||
+            decoded.includes("..")) {
+            return { source: null, cleanPath: pathname };
+        }
+        return { source: decoded, cleanPath: match[2] || "/" };
+    }
+    return { source: null, cleanPath: pathname };
+}
+/**
+ * Determine the final upstream target URL for a request.
+ *
+ * @param parsedUrl - Path + query extracted from the incoming request.
+ * @param headers - Headers used for detection and optional override.
+ * @param upstreams - Base URLs for each provider.
+ * @returns `{ targetUrl, provider }`.
+ */
+export function resolveTargetUrl(parsedUrl, headers, upstreams) {
+    const provider = classifyRequest(parsedUrl.pathname, headers).provider;
+    const search = parsedUrl.search || "";
+    let targetUrl = headers["x-target-url"];
+    if (!targetUrl) {
+        if (provider === "chatgpt") {
+            targetUrl = upstreams.chatgpt + parsedUrl.pathname + search;
+        }
+        else if (provider === "anthropic") {
+            targetUrl = upstreams.anthropic + parsedUrl.pathname + search;
+        }
+        else if (provider === "gemini") {
+            const isCodeAssist = parsedUrl.pathname.includes("/v1internal");
+            targetUrl =
+                (isCodeAssist ? upstreams.geminiCodeAssist : upstreams.gemini) +
+                    parsedUrl.pathname +
+                    search;
+        }
+        else {
+            targetUrl = upstreams.openai + parsedUrl.pathname + search;
+        }
+    }
+    else if (!targetUrl.startsWith("http")) {
+        targetUrl = targetUrl + parsedUrl.pathname + search;
+    }
+    return { targetUrl, provider };
+}
+//# sourceMappingURL=routing.js.map

package/dist/core/routing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"routing.js","sourceRoot":"","sources":["../../src/core/routing.ts"],"names":[],"mappings":"AASA;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IACvC,IAAI;IACJ,QAAQ;IACR,SAAS;IACT,YAAY;IACZ,WAAW;IACX,MAAM;IACN,QAAQ;IACR,YAAY;IACZ,aAAa;IACb,KAAK;CACN,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAC5B,QAAgB,EAChB,OAA2C;IAE3C,OAAO,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC;AACrD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,OAAO,eAAe,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAgB,EAChB,OAA2C;IAE3C,+CAA+C;IAC/C,IAAI,QAAQ,CAAC,KAAK,CAAC,wBAAwB,CAAC;QAC1C,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,iBAAiB,EAAE,CAAC;IAE/D,yBAAyB;IACzB,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC;QACnC,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,oBAAoB,EAAE,CAAC;IACpE,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC;QACnC,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IACzD,IAAI,OAAO,CAAC,mBAAmB,CAAC;QAC9B,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAEzD,qEAAqE;IACrE,MAAM,YAAY,GAChB,QAAQ,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QACrC,QAAQ,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QAC3C,QAAQ,CAAC,KAAK,CAAC,4BAA4B,CAAC;QAC5C,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IACpC,IAAI,YAAY,IAAI,OAAO,CAAC,gBAAgB,CAAC;QAC3C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;IAErD,SAAS;IACT,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC;QACjC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC;IACxD,IAAI,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC;QACxC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC;IAC/D,IAAI,QAAQ,CAAC,KAAK,CAAC,uBAAuB,CAAC;QACzC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IACtD,IAAI,OAAO,CAAC,aAAa,EAAE,UAAU,CAAC,YAAY,CAAC;QACjD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAEtD,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACvD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACnD,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnD,+FAA+F;QAC/F,mFAAmF;QACnF,IAAI,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,IAAI,CAAC;YACH,OAAO,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC;QACD,IACE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;YACrB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;YACtB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EACtB,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QAC/C,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,CAAC;IACzD,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AAC/C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAC9B,SAAoB,EACpB,OAA2C,EAC3C,SAAoB;IAEpB,MAAM,QAAQ,GAAG,eAAe,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC;IACvE,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,IAAI,EAAE,CAAC;IACtC,IAAI,SAAS,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IACxC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,SAAS,GAAG,SAAS,CAAC,OAAO,GAAG,SAAS,CAAC,QAAQ,GAAG,MAAM,CAAC;QAC9D,CAAC;aAAM,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;YACpC,SAAS,GAAG,SAAS,CAAC,SAAS,GAAG,SAAS,CAAC,QAAQ,GAAG,MAAM,CAAC;QAChE,CAAC;aAAM,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,YAAY,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YAChE,SAAS;gBACP,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC;oBAC9D,SAAS,CAAC,QAAQ;oBAClB,MAAM,CAAC;QACX,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,SAAS,CAAC,MAAM,GAAG,SAAS,CAAC,QAAQ,GAAG,MAAM,CAAC;QAC7D,CAAC;IACH,CAAC;SAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACzC,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC,QAAQ,GAAG,MAAM,CAAC;IACtD,CAAC;IACD,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AACjC,CAAC"}

package/dist/core/security.d.ts

@@ -0,0 +1,8 @@
+import type { ContextInfo, SecurityResult } from "../types.js";
+/**
+ * Scan all messages in a context for prompt injection patterns.
+ *
+ * This is the main entry point, called from Store.storeRequest() before compaction.
+ */
+export declare function scanSecurity(contextInfo: ContextInfo): SecurityResult;
+//# sourceMappingURL=security.d.ts.map

package/dist/core/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/core/security.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,WAAW,EAGX,cAAc,EAEf,MAAM,aAAa,CAAC;AA2PrB;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,WAAW,EAAE,WAAW,GAAG,cAAc,CAkBrE"}

package/dist/core/security.js

@@ -0,0 +1,222 @@
+const TIER1_PATTERNS = [
+    // Role hijacking
+    {
+        id: "role_hijack_ignore",
+        severity: "high",
+        pattern: /ignore\s+(?:all\s+)?(?:previous|prior|above|earlier|preceding)\s+instructions/i,
+    },
+    {
+        id: "role_hijack_disregard",
+        severity: "high",
+        pattern: /disregard\s+(?:all\s+)?(?:previous|prior|above|earlier|your)\s+(?:instructions|directives|rules|guidelines)/i,
+    },
+    {
+        id: "role_hijack_forget",
+        severity: "high",
+        pattern: /forget\s+(?:all\s+)?(?:previous|prior|above|earlier|your)\s+(?:instructions|directives|rules|context)/i,
+    },
+    {
+        id: "role_hijack_new_instructions",
+        severity: "high",
+        pattern: /(?:your\s+new\s+instructions\s+are|from\s+now\s+on\s+you\s+(?:are|will|must|should))/i,
+    },
+    {
+        id: "role_hijack_override",
+        severity: "high",
+        pattern: /system\s*prompt\s*override/i,
+    },
+    {
+        id: "role_hijack_act_as",
+        severity: "high",
+        pattern: /(?:you\s+are\s+now|act\s+as|pretend\s+(?:to\s+be|you\s+are))\s+(?:DAN|an?\s+unrestricted|an?\s+unfiltered|jailbroken|evil)/i,
+    },
+    // Known jailbreak templates
+    {
+        id: "jailbreak_dan",
+        severity: "high",
+        pattern: /\bDAN\s*(?:mode|prompt|jailbreak|\d+\.\d+)\b/i,
+    },
+    {
+        id: "jailbreak_developer_mode",
+        severity: "high",
+        pattern: /(?:developer|god)\s*mode\s*(?:enabled|activated|on)\b/i,
+    },
+    {
+        id: "jailbreak_do_anything_now",
+        severity: "high",
+        pattern: /do\s+anything\s+now/i,
+    },
+    // Chat template tokens in content (should never appear in user/tool messages)
+    {
+        id: "chat_template_inst",
+        severity: "high",
+        pattern: /\[INST\]|\[\/INST\]/,
+    },
+    {
+        id: "chat_template_im",
+        severity: "high",
+        pattern: /<\|im_start\|>|<\|im_end\|>/,
+    },
+    {
+        id: "chat_template_special",
+        severity: "high",
+        pattern: /<\|(?:system|user|assistant|endof(?:text|turn)|sep|pad)\|>/,
+    },
+    // Base64-encoded instruction blocks (heuristic: long base64 string > 100 chars)
+    {
+        id: "base64_block",
+        severity: "medium",
+        pattern: /(?:^|[\s:=])([A-Za-z0-9+/]{100,}={0,2})(?:$|[\s])/m,
+    },
+    // HTML/Markdown injection hiding content
+    {
+        id: "html_hidden_text",
+        severity: "medium",
+        pattern: /<!--[\s\S]*?(?:ignore|instruction|system|prompt|override)[\s\S]*?-->/i,
+    },
+    {
+        id: "html_invisible_style",
+        severity: "medium",
+        pattern: /style\s*=\s*["'][^"']*(?:font-size\s*:\s*0|display\s*:\s*none|visibility\s*:\s*hidden|color\s*:\s*(?:white|#fff(?:fff)?|rgba?\([^)]*,\s*0\)))[^"']*["']/i,
+    },
+    // Prompt leaking attempts
+    {
+        id: "prompt_leak_request",
+        severity: "medium",
+        pattern: /(?:reveal|show|display|output|print|repeat|echo)\s+(?:your\s+)?(?:system\s+prompt|instructions|initial\s+prompt|hidden\s+prompt|original\s+prompt)/i,
+    },
+];
+// ---------------------------------------------------------------------------
+// Tier 2: Heuristic analysis for structural anomalies
+// ---------------------------------------------------------------------------
+/**
+ * Detect role confusion: imperative AI instructions appearing in tool results.
+ * Only scans tool_result content blocks.
+ */
+const ROLE_CONFUSION_PATTERNS = [
+    /\bas\s+an?\s+AI\b.*?\byou\s+(?:must|should|will|are)\b/i,
+    /\byou\s+are\s+an?\s+(?:helpful|AI|language\s+model|assistant)\b/i,
+    /\brespond\s+(?:only\s+)?(?:in|with)\b.*?\bformat\b/i,
+    /\balways\s+(?:respond|reply|answer|say)\b/i,
+    /\bnever\s+(?:mention|reveal|disclose|say|tell)\b/i,
+];
+/**
+ * Detect unusual Unicode: zero-width characters, RTL overrides, homoglyphs.
+ */
+const SUSPICIOUS_UNICODE = /[\u200B-\u200F\u2028-\u202F\uFEFF\u061C\u115F\u1160\u17B4\u17B5\u180E\u2000-\u200A\u2060-\u2064\u2066-\u2069\u206A-\u206F]|\u00AD|\u034F/;
+// ---------------------------------------------------------------------------
+// Scanner
+// ---------------------------------------------------------------------------
+function extractToolName(msg, allMessages) {
+    if (!msg.contentBlocks)
+        return null;
+    // Build tool_use_id -> name map from all messages
+    const nameMap = new Map();
+    for (const m of allMessages) {
+        if (m.contentBlocks) {
+            for (const b of m.contentBlocks) {
+                if (b.type === "tool_use" && b.id && b.name) {
+                    nameMap.set(b.id, b.name);
+                }
+            }
+        }
+    }
+    for (const b of msg.contentBlocks) {
+        if (b.type === "tool_use" && b.name)
+            return b.name;
+        if (b.type === "tool_result" && b.tool_use_id) {
+            return nameMap.get(b.tool_use_id) || null;
+        }
+    }
+    return null;
+}
+function isToolResultMessage(msg) {
+    if (!msg.contentBlocks)
+        return false;
+    return msg.contentBlocks.some((b) => b.type === "tool_result");
+}
+function truncateMatch(text, start, length) {
+    const snippet = text.slice(start, start + length);
+    return snippet.length > 120 ? `${snippet.slice(0, 117)}...` : snippet;
+}
+function scanMessage(msg, messageIndex, allMessages) {
+    const alerts = [];
+    const content = msg.content || "";
+    if (!content)
+        return alerts;
+    // Skip system messages; they are authored by the developer, not injected.
+    if (msg.role === "system" || msg.role === "developer")
+        return alerts;
+    const toolName = extractToolName(msg, allMessages);
+    const isToolResult = isToolResultMessage(msg);
+    // --- Tier 1: Pattern matching ---
+    for (const rule of TIER1_PATTERNS) {
+        const match = rule.pattern.exec(content);
+        if (match) {
+            alerts.push({
+                messageIndex,
+                role: msg.role,
+                toolName,
+                severity: rule.severity,
+                pattern: rule.id,
+                match: truncateMatch(content, match.index, match[0].length),
+                offset: match.index,
+                length: match[0].length,
+            });
+        }
+    }
+    // --- Tier 2: Role confusion (only in tool results) ---
+    if (isToolResult) {
+        for (const pat of ROLE_CONFUSION_PATTERNS) {
+            const match = pat.exec(content);
+            if (match) {
+                alerts.push({
+                    messageIndex,
+                    role: msg.role,
+                    toolName,
+                    severity: "medium",
+                    pattern: "role_confusion",
+                    match: truncateMatch(content, match.index, match[0].length),
+                    offset: match.index,
+                    length: match[0].length,
+                });
+                break; // One role confusion alert per message is enough
+            }
+        }
+    }
+    // --- Tier 2: Suspicious Unicode ---
+    const unicodeMatch = SUSPICIOUS_UNICODE.exec(content);
+    if (unicodeMatch) {
+        // Count total suspicious chars
+        const count = (content.match(new RegExp(SUSPICIOUS_UNICODE.source, "g")) || []).length;
+        alerts.push({
+            messageIndex,
+            role: msg.role,
+            toolName,
+            severity: "info",
+            pattern: "suspicious_unicode",
+            match: `${count} suspicious Unicode character${count > 1 ? "s" : ""} (zero-width, RTL override, etc.)`,
+            offset: unicodeMatch.index,
+            length: 1,
+        });
+    }
+    return alerts;
+}
+/**
+ * Scan all messages in a context for prompt injection patterns.
+ *
+ * This is the main entry point, called from Store.storeRequest() before compaction.
+ */
+export function scanSecurity(contextInfo) {
+    const alerts = [];
+    for (let i = 0; i < contextInfo.messages.length; i++) {
+        const msgAlerts = scanMessage(contextInfo.messages[i], i, contextInfo.messages);
+        alerts.push(...msgAlerts);
+    }
+    const summary = { high: 0, medium: 0, info: 0 };
+    for (const alert of alerts) {
+        summary[alert.severity]++;
+    }
+    return { alerts, summary };
+}
+//# sourceMappingURL=security.js.map

package/dist/core/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/core/security.ts"],"names":[],"mappings":"AAmBA,MAAM,cAAc,GAAkB;IACpC,iBAAiB;IACjB;QACE,EAAE,EAAE,oBAAoB;QACxB,QAAQ,EAAE,MAAM;QAChB,OAAO,EACL,gFAAgF;KACnF;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,QAAQ,EAAE,MAAM;QAChB,OAAO,EACL,8GAA8G;KACjH;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,QAAQ,EAAE,MAAM;QAChB,OAAO,EACL,wGAAwG;KAC3G;IACD;QACE,EAAE,EAAE,8BAA8B;QAClC,QAAQ,EAAE,MAAM;QAChB,OAAO,EACL,uFAAuF;KAC1F;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,6BAA6B;KACvC;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,QAAQ,EAAE,MAAM;QAChB,OAAO,EACL,6HAA6H;KAChI;IAED,4BAA4B;IAC5B;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,+CAA+C;KACzD;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,wDAAwD;KAClE;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,sBAAsB;KAChC;IAED,8EAA8E;IAC9E;QACE,EAAE,EAAE,oBAAoB;QACxB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,qBAAqB;KAC/B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,6BAA6B;KACvC;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,4DAA4D;KACtE;IAED,gFAAgF;IAChF;QACE,EAAE,EAAE,cAAc;QAClB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,oDAAoD;KAC9D;IAED,yCAAyC;IACzC;QACE,EAAE,EAAE,kBAAkB;QACtB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EACL,uEAAuE;KAC1E;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,QAAQ,EAAE,QAAQ;QAClB,OAAO,EACL,0JAA0J;KAC7J;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,qBAAqB;QACzB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EACL,qJAAqJ;KACxJ;CACF,CAAC;AAEF,8EAA8E;AAC9E,sDAAsD;AACtD,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,uBAAuB,GAAa;IACxC,yDAAyD;IACzD,kEAAkE;IAClE,qDAAqD;IACrD,4CAA4C;IAC5C,mDAAmD;CACpD,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GACtB,0IAA0I,CAAC;AAE7I,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,eAAe,CACtB,GAAkB,EAClB,WAA4B;IAE5B,IAAI,CAAC,GAAG,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IAEpC,kDAAkD;IAClD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;YACpB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;gBAChC,IAAI,CAAC,CAAC,IAAI,KAAK,UAAU,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;oBAC5C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;QAClC,IAAI,CAAC,CAAC,IAAI,KAAK,UAAU,IAAI,CAAC,CAAC,IAAI;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC;QACnD,IAAI,CAAC,CAAC,IAAI,KAAK,aAAa,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;QAC5C,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAkB;IAC7C,IAAI,CAAC,GAAG,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACrC,OAAO,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,aAAa,CAAC,IAAY,EAAE,KAAa,EAAE,MAAc;IAChE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM,CAAC,CAAC;IAClD,OAAO,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC;AACxE,CAAC;AAED,SAAS,WAAW,CAClB,GAAkB,EAClB,YAAoB,EACpB,WAA4B;IAE5B,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAClC,IAAI,CAAC,OAAO;QAAE,OAAO,MAAM,CAAC;IAE5B,0EAA0E;IAC1E,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW;QAAE,OAAO,MAAM,CAAC;IAErE,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACnD,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAE9C,mCAAmC;IACnC,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,IAAI,CAAC;gBACV,YAAY;gBACZ,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,QAAQ;gBACR,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,OAAO,EAAE,IAAI,CAAC,EAAE;gBAChB,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBAC3D,MAAM,EAAE,KAAK,CAAC,KAAK;gBACnB,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM;aACxB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,IAAI,YAAY,EAAE,CAAC;QACjB,KAAK,MAAM,GAAG,IAAI,uBAAuB,EAAE,CAAC;YAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAChC,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,CAAC;oBACV,YAAY;oBACZ,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,QAAQ;oBACR,QAAQ,EAAE,QAAQ;oBAClB,OAAO,EAAE,gBAAgB;oBACzB,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;oBAC3D,MAAM,EAAE,KAAK,CAAC,KAAK;oBACnB,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM;iBACxB,CAAC,CAAC;gBACH,MAAM,CAAC,iDAAiD;YAC1D,CAAC;QACH,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtD,IAAI,YAAY,EAAE,CAAC;QACjB,+BAA+B;QAC/B,MAAM,KAAK,GAAG,CACZ,OAAO,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAChE,CAAC,MAAM,CAAC;QACT,MAAM,CAAC,IAAI,CAAC;YACV,YAAY;YACZ,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,QAAQ;YACR,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,oBAAoB;YAC7B,KAAK,EAAE,GAAG,KAAK,gCAAgC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,mCAAmC;YACtG,MAAM,EAAE,YAAY,CAAC,KAAK;YAC1B,MAAM,EAAE,CAAC;SACV,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,WAAwB;IACnD,MAAM,MAAM,GAAoB,EAAE,CAAC;IAEnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrD,MAAM,SAAS,GAAG,WAAW,CAC3B,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,EACvB,CAAC,EACD,WAAW,CAAC,QAAQ,CACrB,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;IAC5B,CAAC;IAED,MAAM,OAAO,GAAoB,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACjE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC5B,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;AAC7B,CAAC"}

package/dist/core/source.d.ts

@@ -0,0 +1,22 @@
+import type { ContextInfo, HeaderSignature, SourceSignature } from "../types.js";
+/**
+ * Header signatures used to infer which CLI/tool produced a request.
+ *
+ * This is best-effort: many tools do not have stable identifiers.
+ */
+export declare const HEADER_SIGNATURES: HeaderSignature[];
+/**
+ * System-prompt signatures used as a fallback when headers are missing/ambiguous.
+ */
+export declare const SOURCE_SIGNATURES: SourceSignature[];
+/**
+ * Infer a human-friendly "source tool" label (claude/codex/gemini/aider/...) for attribution.
+ *
+ * Priority:
+ * 1. explicit source tag if provided and not `"unknown"`
+ * 2. request header signatures
+ * 3. system prompt signatures
+ * 4. fallback to `"unknown"`
+ */
+export declare function detectSource(contextInfo: ContextInfo, source: string | null, headers?: Record<string, string>): string;
+//# sourceMappingURL=source.d.ts.map

package/dist/core/source.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"source.d.ts","sourceRoot":"","sources":["../../src/core/source.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EACX,eAAe,EACf,eAAe,EAChB,MAAM,aAAa,CAAC;AAErB;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,EAAE,eAAe,EAK9C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,eAAe,EAK9C,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAC1B,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,GAAG,IAAI,EACrB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC/B,MAAM,CA0BR"}

package/dist/core/source.js

@@ -0,0 +1,56 @@
+/**
+ * Header signatures used to infer which CLI/tool produced a request.
+ *
+ * This is best-effort: many tools do not have stable identifiers.
+ */
+export const HEADER_SIGNATURES = [
+    { header: "user-agent", pattern: /^claude-cli\//, source: "claude" },
+    { header: "user-agent", pattern: /aider/i, source: "aider" },
+    { header: "user-agent", pattern: /kimi/i, source: "kimi" },
+    { header: "user-agent", pattern: /^GeminiCLI\//, source: "gemini" },
+];
+/**
+ * System-prompt signatures used as a fallback when headers are missing/ambiguous.
+ */
+export const SOURCE_SIGNATURES = [
+    { pattern: "Act as an expert software developer", source: "aider" },
+    { pattern: "You are Claude Code", source: "claude" },
+    { pattern: "You are Kimi Code CLI", source: "kimi" },
+    { pattern: "operating inside pi, a coding agent harness", source: "pi" },
+];
+/**
+ * Infer a human-friendly "source tool" label (claude/codex/gemini/aider/...) for attribution.
+ *
+ * Priority:
+ * 1. explicit source tag if provided and not `"unknown"`
+ * 2. request header signatures
+ * 3. system prompt signatures
+ * 4. fallback to `"unknown"`
+ */
+export function detectSource(contextInfo, source, headers) {
+    if (source && source !== "unknown")
+        return source;
+    // Primary: check request headers
+    if (headers) {
+        for (const sig of HEADER_SIGNATURES) {
+            const val = headers[sig.header];
+            if (!val)
+                continue;
+            if (sig.pattern instanceof RegExp
+                ? sig.pattern.test(val)
+                : val.includes(sig.pattern)) {
+                return sig.source;
+            }
+        }
+    }
+    // Fallback: check system prompt content
+    const systemText = (contextInfo.systemPrompts || [])
+        .map((sp) => sp.content)
+        .join("\n");
+    for (const sig of SOURCE_SIGNATURES) {
+        if (systemText.includes(sig.pattern))
+            return sig.source;
+    }
+    return source || "unknown";
+}
+//# sourceMappingURL=source.js.map

package/dist/core/source.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"source.js","sourceRoot":"","sources":["../../src/core/source.ts"],"names":[],"mappings":"AAMA;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAsB;IAClD,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE;IACpE,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;IAC5D,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE;IAC1D,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;CACpE,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAsB;IAClD,EAAE,OAAO,EAAE,qCAAqC,EAAE,MAAM,EAAE,OAAO,EAAE;IACnE,EAAE,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,QAAQ,EAAE;IACpD,EAAE,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,MAAM,EAAE;IACpD,EAAE,OAAO,EAAE,6CAA6C,EAAE,MAAM,EAAE,IAAI,EAAE;CACzE,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAC1B,WAAwB,EACxB,MAAqB,EACrB,OAAgC;IAEhC,IAAI,MAAM,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAElD,iCAAiC;IACjC,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;YACpC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChC,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnB,IACE,GAAG,CAAC,OAAO,YAAY,MAAM;gBAC3B,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACvB,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAC7B,CAAC;gBACD,OAAO,GAAG,CAAC,MAAM,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,MAAM,UAAU,GAAG,CAAC,WAAW,CAAC,aAAa,IAAI,EAAE,CAAC;SACjD,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC;SACvB,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;QACpC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,OAAO,GAAG,CAAC,MAAM,CAAC;IAC1D,CAAC;IACD,OAAO,MAAM,IAAI,SAAS,CAAC;AAC7B,CAAC"}

package/dist/core/tokens.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Lightweight token estimator used throughout Context Lens.
+ *
+ * Approximates tokens as `ceil(chars / 4)`. For image content blocks,
+ * uses a fixed per-image estimate instead of stringifying base64 data.
+ *
+ * @param text - Value to estimate tokens for. Objects are stringified as JSON.
+ * @returns Estimated token count (>= 0).
+ */
+export declare function estimateTokens(text: unknown): number;
+/**
+ * Rescale all token sub-fields in a ContextInfo so they are internally
+ * consistent with an authoritative total (typically from API usage data).
+ *
+ * Adjusts `systemTokens`, `toolsTokens`, per-message `.tokens`, and
+ * `messagesTokens` proportionally, then applies a rounding residual fix
+ * to `messagesTokens` so the invariant
+ * `totalTokens === systemTokens + toolsTokens + messagesTokens` holds exactly.
+ */
+export declare function rescaleContextTokens(ci: {
+    systemTokens: number;
+    toolsTokens: number;
+    messagesTokens: number;
+    totalTokens: number;
+    messages: {
+        tokens: number;
+    }[];
+}, authoritative: number): void;
+//# sourceMappingURL=tokens.d.ts.map

package/dist/core/tokens.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../../src/core/tokens.ts"],"names":[],"mappings":"AA8DA;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CAqBpD;AAiCD;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,EAAE,EAAE;IACF,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAChC,EACD,aAAa,EAAE,MAAM,GACpB,IAAI,CAyCN"}

package/dist/core/tokens.js

@@ -0,0 +1,163 @@
+/**
+ * Approximate token cost for a single image.
+ *
+ * Anthropic charges based on image dimensions (~1,600 tokens per 512x512 tile).
+ * Since we don't decode image data, we use a conservative flat estimate of 1,600
+ * tokens (one tile). Most screenshots cost 2,000-6,400 tokens, so this slightly
+ * under-counts but is far better than stringifying megabytes of base64.
+ */
+const IMAGE_TOKEN_ESTIMATE = 1_600;
+/**
+ * Return true if the value looks like an image content block.
+ *
+ * Matches Anthropic `{type:"image", source:{type:"base64", data:"..."}}`,
+ * OpenAI `{type:"image_url", image_url:{url:"data:..."}}`,
+ * and Gemini `{inlineData:{...}}` / `{fileData:{...}}`.
+ */
+function isImageBlock(val) {
+    if (!val || typeof val !== "object" || Array.isArray(val))
+        return false;
+    const obj = val;
+    if (obj.type === "image" || obj.type === "image_url")
+        return true;
+    if (obj.inlineData || obj.fileData)
+        return true;
+    return false;
+}
+/**
+ * Strip base64 image data from a value before stringifying for token estimation.
+ *
+ * Walks arrays and recognizes image blocks at any nesting level (top-level content
+ * arrays, tool_result content arrays, Gemini parts). Image blocks are replaced with
+ * a sentinel so the rest of the structure is still counted.
+ */
+function stripImageData(val) {
+    if (!val || typeof val !== "object")
+        return val;
+    if (Array.isArray(val)) {
+        return val.map(stripImageData);
+    }
+    // Image block: return a lightweight placeholder
+    if (isImageBlock(val)) {
+        return {
+            type: val.type || "image",
+            _image: true,
+        };
+    }
+    const obj = val;
+    // tool_result blocks can nest image blocks inside their content array
+    if (obj.type === "tool_result" && Array.isArray(obj.content)) {
+        return { ...obj, content: obj.content.map(stripImageData) };
+    }
+    // Gemini turn: parts array may contain inlineData
+    if (Array.isArray(obj.parts)) {
+        return { ...obj, parts: obj.parts.map(stripImageData) };
+    }
+    return obj;
+}
+/**
+ * Lightweight token estimator used throughout Context Lens.
+ *
+ * Approximates tokens as `ceil(chars / 4)`. For image content blocks,
+ * uses a fixed per-image estimate instead of stringifying base64 data.
+ *
+ * @param text - Value to estimate tokens for. Objects are stringified as JSON.
+ * @returns Estimated token count (>= 0).
+ */
+export function estimateTokens(text) {
+    if (!text)
+        return 0;
+    // Fast path: plain strings never contain image data
+    if (typeof text === "string") {
+        return Math.ceil(text.length / 4);
+    }
+    // Single image block
+    if (isImageBlock(text)) {
+        return IMAGE_TOKEN_ESTIMATE;
+    }
+    // Object/array: strip image data, then stringify the rest
+    const cleaned = stripImageData(text);
+    const s = JSON.stringify(cleaned);
+    const baseTokens = Math.ceil(s.length / 4);
+    // Count image blocks and add fixed estimate for each
+    const imageCount = countImages(text);
+    return baseTokens + imageCount * IMAGE_TOKEN_ESTIMATE;
+}
+/**
+ * Count the number of image blocks in a value (recursive).
+ */
+function countImages(val) {
+    if (!val || typeof val !== "object")
+        return 0;
+    if (isImageBlock(val))
+        return 1;
+    if (Array.isArray(val)) {
+        let count = 0;
+        for (const item of val) {
+            count += countImages(item);
+        }
+        return count;
+    }
+    const obj = val;
+    // Check nested content in tool_result blocks
+    if (obj.type === "tool_result" && Array.isArray(obj.content)) {
+        return countImages(obj.content);
+    }
+    // Check Gemini parts
+    if (Array.isArray(obj.parts)) {
+        return countImages(obj.parts);
+    }
+    return 0;
+}
+/**
+ * Rescale all token sub-fields in a ContextInfo so they are internally
+ * consistent with an authoritative total (typically from API usage data).
+ *
+ * Adjusts `systemTokens`, `toolsTokens`, per-message `.tokens`, and
+ * `messagesTokens` proportionally, then applies a rounding residual fix
+ * to `messagesTokens` so the invariant
+ * `totalTokens === systemTokens + toolsTokens + messagesTokens` holds exactly.
+ */
+export function rescaleContextTokens(ci, authoritative) {
+    const estimated = ci.systemTokens + ci.toolsTokens + ci.messagesTokens;
+    if (estimated === 0 || authoritative === 0) {
+        ci.systemTokens = 0;
+        ci.toolsTokens = 0;
+        ci.messagesTokens = 0;
+        ci.totalTokens = authoritative;
+        for (const msg of ci.messages) {
+            msg.tokens = 0;
+        }
+        return;
+    }
+    if (authoritative === estimated) {
+        ci.totalTokens = authoritative;
+        return;
+    }
+    const scale = authoritative / estimated;
+    ci.systemTokens = Math.round(ci.systemTokens * scale);
+    ci.toolsTokens = Math.round(ci.toolsTokens * scale);
+    for (const msg of ci.messages) {
+        msg.tokens = Math.round(msg.tokens * scale);
+    }
+    ci.messagesTokens = ci.messages.reduce((s, m) => s + m.tokens, 0);
+    ci.totalTokens = authoritative;
+    // Fix rounding residual so both invariants hold:
+    //   totalTokens === systemTokens + toolsTokens + messagesTokens
+    //   messagesTokens === sum(msg.tokens)
+    const residual = authoritative - (ci.systemTokens + ci.toolsTokens + ci.messagesTokens);
+    if (residual !== 0) {
+        ci.messagesTokens += residual;
+        // Push the residual into the largest per-message entry (or first if tied)
+        // so sum(msg.tokens) stays equal to messagesTokens.
+        if (ci.messages.length > 0) {
+            let maxIdx = 0;
+            for (let i = 1; i < ci.messages.length; i++) {
+                if (ci.messages[i].tokens > ci.messages[maxIdx].tokens)
+                    maxIdx = i;
+            }
+            ci.messages[maxIdx].tokens += residual;
+        }
+    }
+}
+//# sourceMappingURL=tokens.js.map