govyn 0.0.1 → 0.2.5

package/dist/policy-types.d.ts

@@ -0,0 +1,216 @@
+/**
+ * Policy type definitions for the Govyn policy engine.
+ *
+ * These types define the schema for YAML policy files and the
+ * results of parsing/validating them.
+ */
+/** The seven policy types supported by Govyn (Phase 6 defines skeletons; Phase 7 adds evaluators; Phase 10 adds require_approval) */
+export type PolicyType = 'block' | 'rate_limit' | 'budget_limit' | 'content_filter' | 'time_window' | 'model_route' | 'require_approval';
+/** Policy scope — determines which requests a policy applies to */
+export interface PolicyScope {
+    /** 'global' applies to all requests; 'agent' scopes to a specific agent; 'target' scopes to a provider */
+    level: 'global' | 'agent' | 'target';
+    /** The agent name (when level='agent') or target provider (when level='target'), undefined for global */
+    value?: string;
+}
+/** Base fields shared by all policy definitions */
+export interface PolicyBase {
+    /** Unique policy name (must be unique across all loaded policies) */
+    name: string;
+    /** Human-readable description of what this policy does */
+    description?: string;
+    /** Whether this policy is active (default: true) */
+    enabled: boolean;
+    /** The type of policy rule */
+    type: PolicyType;
+    /** Scoping: who/what this policy applies to */
+    scope: PolicyScope;
+}
+/** Block policy — denies requests matching configured criteria with AND logic */
+export interface BlockPolicy extends PolicyBase {
+    type: 'block';
+    match?: {
+        body?: string;
+        headers?: Record<string, string>;
+        provider?: string;
+        path?: string;
+        model?: string;
+        action_type?: string;
+        regex?: boolean;
+    };
+    message?: string;
+}
+/** Rate limit policy — throttles requests per sliding window */
+export interface RateLimitPolicy extends PolicyBase {
+    type: 'rate_limit';
+    limit: number;
+    window_seconds: number;
+}
+/** Budget limit policy — enforces spending limits per period */
+export interface BudgetLimitPolicy extends PolicyBase {
+    type: 'budget_limit';
+    limit: number;
+    period: 'daily' | 'weekly' | 'monthly';
+}
+/** Content filter policy — scans request body JSON string values for PII and custom patterns */
+export interface ContentFilterPolicy extends PolicyBase {
+    type: 'content_filter';
+    patterns: string[];
+    reveal_pattern?: boolean;
+}
+/** Time window policy — schedule-based access control with timezone support */
+export interface TimeWindowPolicy extends PolicyBase {
+    type: 'time_window';
+    start: string;
+    end: string;
+    days: string[];
+    timezone: string;
+    mode: 'allow' | 'deny';
+}
+/** A single routing rule with criteria and target model */
+export interface ModelRoutingRule {
+    when?: {
+        input_tokens_estimate?: string;
+        system_prompt_contains?: string[];
+        no_system_prompt_contains?: string[];
+        user_prompt_contains?: string[];
+        no_user_prompt_contains?: string[];
+        agent?: string;
+        time_of_day?: string;
+        tool_calls_present?: boolean;
+        conversation_turns?: string;
+        provider?: string;
+    };
+    route_to: string;
+    default?: 'passthrough';
+}
+/** Model route policy — smart model routing per ADR-021 */
+export interface ModelRoutePolicy extends PolicyBase {
+    type: 'model_route';
+    rules: ModelRoutingRule[];
+    model_aliases?: Record<string, string>;
+    max_downgrade_level?: string;
+    routing_opt_out_agents?: string[];
+}
+/** Require approval policy — flags matching requests for human approval before forwarding */
+export interface RequireApprovalPolicy extends PolicyBase {
+    type: 'require_approval';
+    match?: {
+        provider?: string;
+        model?: string;
+        action_type?: string;
+        path?: string;
+        regex?: boolean;
+    };
+    timeout_seconds?: number;
+    store_payload?: boolean;
+    message?: string;
+}
+/** Union type of all policy variants */
+export type Policy = BlockPolicy | RateLimitPolicy | BudgetLimitPolicy | ContentFilterPolicy | TimeWindowPolicy | ModelRoutePolicy | RequireApprovalPolicy;
+/** Context about the current request, passed to the engine for evaluation */
+export interface PolicyRequestContext {
+    /** The agent making the request */
+    agentId: string;
+    /** The target provider (e.g., 'openai', 'anthropic') */
+    provider: string;
+    /** The upstream path being requested */
+    path: string;
+    /** HTTP method */
+    method: string;
+    /** Model name from the request (for block matching on model) */
+    model?: string;
+    /** Request body as string (for content matching) */
+    body?: string;
+    /** Request headers (for header matching) */
+    headers?: Record<string, string>;
+    /** Estimated input token count (for model routing criteria) */
+    inputTokensEstimate?: number;
+    /** Whether tool/function definitions are present in the request */
+    toolCallsPresent?: boolean;
+    /** Number of conversation turns (messages) in the request */
+    conversationTurns?: number;
+    /** System prompt content (for keyword matching) */
+    systemPrompt?: string;
+    /** User message content (for keyword matching) */
+    userPrompt?: string;
+}
+/** Result of evaluating a single policy against a request */
+export interface SinglePolicyResult {
+    /** The policy that was evaluated */
+    policyName: string;
+    /** The policy type */
+    policyType: PolicyType;
+    /** Whether this policy allows the request */
+    allowed: boolean;
+    /** Reason for denial (if blocked) */
+    reason?: string;
+    /** The deny message from the policy (if any) */
+    message?: string;
+    /** For rate_limit type — seconds until retry is allowed */
+    retryAfterSeconds?: number;
+}
+/** Result extension for model_route evaluations */
+export interface ModelRouteResult extends SinglePolicyResult {
+    policyType: 'model_route';
+    /** The model to route to (undefined = passthrough, no rewrite) */
+    routeTo?: string;
+    /** The original model requested by the agent */
+    requestedModel?: string;
+    /** The rule index that matched (for logging) */
+    matchedRuleIndex?: number;
+}
+/** Result extension for require_approval evaluations */
+export interface ApprovalPolicyResult extends SinglePolicyResult {
+    policyType: 'require_approval';
+    /** Whether this request requires human approval */
+    requiresApproval: true;
+    /** Timeout in seconds before auto-deny */
+    timeoutSeconds: number;
+    /** Whether to store the full request payload */
+    storePayload: boolean;
+}
+/** Aggregate result of evaluating all matching policies */
+export interface PolicyEvaluationResult {
+    /** Whether the request is allowed (true only if ALL matching policies allow) */
+    allowed: boolean;
+    /** Number of policies that were evaluated */
+    evaluatedCount: number;
+    /** Number of policies that matched the request scope */
+    matchedCount: number;
+    /** If denied, the first denying policy result (most-restrictive-wins) */
+    denied?: SinglePolicyResult;
+    /** All individual policy results */
+    results: SinglePolicyResult[];
+    /** Time taken for evaluation in milliseconds */
+    evaluationTimeMs: number;
+}
+/** Top-level policy file structure */
+export interface PolicyFile {
+    /** Schema version — must be 1 per ADR-018 */
+    version: number;
+    /** Array of policy definitions */
+    policies: Policy[];
+}
+/** A policy parse error with location information */
+export interface PolicyParseError {
+    /** Human-readable error message */
+    message: string;
+    /** Line number in the YAML file (1-indexed), if available */
+    line?: number;
+    /** Column number (1-indexed), if available */
+    column?: number;
+    /** The policy name this error relates to, if applicable */
+    policyName?: string;
+}
+/** Result of parsing a policy file */
+export interface PolicyParseResult {
+    /** Whether parsing succeeded without errors */
+    success: boolean;
+    /** Parsed policies (empty if success=false) */
+    policies: Policy[];
+    /** Validation errors (empty if success=true) */
+    errors: PolicyParseError[];
+    /** Non-fatal warnings */
+    warnings: PolicyParseError[];
+}

package/dist/policy-types.js

@@ -0,0 +1,8 @@
+/**
+ * Policy type definitions for the Govyn policy engine.
+ *
+ * These types define the schema for YAML policy files and the
+ * results of parsing/validating them.
+ */
+export {};
+//# sourceMappingURL=policy-types.js.map

package/dist/policy-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-types.js","sourceRoot":"","sources":["../src/policy-types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/policy-watcher.d.ts

@@ -0,0 +1,54 @@
+/**
+ * PolicyWatcher — file-watch hot reload for policy YAML files.
+ *
+ * Watches a policy YAML file for changes using Node.js fs.watch() and
+ * reloads policies into the PolicyEngine on valid changes. Invalid
+ * changes are rejected with error logging, preserving previous policies.
+ *
+ * Features:
+ * - Debounced file change detection (coalesces rapid saves)
+ * - Atomic reload via PolicyEngine.loadFromFile() (only replaces on success)
+ * - Event emission via govynEvents for observability
+ * - Clean start/stop lifecycle with no resource leaks
+ */
+import type { PolicyEngine } from './policy-engine.js';
+export interface PolicyWatcherOptions {
+    /** Debounce interval in milliseconds (default: 200ms). */
+    debounceMs?: number;
+}
+export declare class PolicyWatcher {
+    private engine;
+    private filePath;
+    private debounceMs;
+    private watcher;
+    private debounceTimer;
+    constructor(engine: PolicyEngine, filePath: string, options?: PolicyWatcherOptions);
+    /**
+     * Begin watching the policy file for changes.
+     *
+     * Uses fs.watch() for event-driven, sub-second detection.
+     * Both 'change' and 'rename' events trigger reload (handles OS quirks
+     * where some editors fire 'rename' on save).
+     */
+    start(): void;
+    /**
+     * Stop watching the file and clean up resources.
+     * Idempotent — safe to call multiple times.
+     */
+    stop(): void;
+    /**
+     * Returns true if the watcher is currently active.
+     */
+    isWatching(): boolean;
+    /**
+     * Schedule a debounced reload. Resets the timer on each call
+     * so that rapid file changes are coalesced into a single reload.
+     */
+    private scheduleReload;
+    /**
+     * Perform the actual policy reload from the file.
+     * On success, emits policy_reloaded event.
+     * On failure, emits policy_reload_failed event and keeps previous policies.
+     */
+    private reload;
+}

package/dist/policy-watcher.js

@@ -0,0 +1,116 @@
+/**
+ * PolicyWatcher — file-watch hot reload for policy YAML files.
+ *
+ * Watches a policy YAML file for changes using Node.js fs.watch() and
+ * reloads policies into the PolicyEngine on valid changes. Invalid
+ * changes are rejected with error logging, preserving previous policies.
+ *
+ * Features:
+ * - Debounced file change detection (coalesces rapid saves)
+ * - Atomic reload via PolicyEngine.loadFromFile() (only replaces on success)
+ * - Event emission via govynEvents for observability
+ * - Clean start/stop lifecycle with no resource leaks
+ */
+import * as fs from 'node:fs';
+import { govynEvents } from './events.js';
+export class PolicyWatcher {
+    engine;
+    filePath;
+    debounceMs;
+    watcher = null;
+    debounceTimer = null;
+    constructor(engine, filePath, options) {
+        this.engine = engine;
+        this.filePath = filePath;
+        this.debounceMs = options?.debounceMs ?? 200;
+    }
+    /**
+     * Begin watching the policy file for changes.
+     *
+     * Uses fs.watch() for event-driven, sub-second detection.
+     * Both 'change' and 'rename' events trigger reload (handles OS quirks
+     * where some editors fire 'rename' on save).
+     */
+    start() {
+        if (this.watcher)
+            return; // Already watching
+        // Check file exists before starting watcher
+        if (!fs.existsSync(this.filePath)) {
+            console.log(`[govyn] Policy watcher: file not found, skipping watch: ${this.filePath}`);
+            return;
+        }
+        try {
+            this.watcher = fs.watch(this.filePath, (_eventType) => {
+                // Treat both 'change' and 'rename' as triggers (OS quirk handling)
+                this.scheduleReload();
+            });
+            // Handle watcher errors gracefully (e.g., file deleted while watching)
+            this.watcher.on('error', (err) => {
+                console.error(`[govyn] Policy watcher error: ${err.message}`);
+            });
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            console.error(`[govyn] Policy watcher failed to start: ${message}`);
+        }
+    }
+    /**
+     * Stop watching the file and clean up resources.
+     * Idempotent — safe to call multiple times.
+     */
+    stop() {
+        if (this.debounceTimer !== null) {
+            clearTimeout(this.debounceTimer);
+            this.debounceTimer = null;
+        }
+        if (this.watcher) {
+            this.watcher.close();
+            this.watcher = null;
+        }
+    }
+    /**
+     * Returns true if the watcher is currently active.
+     */
+    isWatching() {
+        return this.watcher !== null;
+    }
+    /**
+     * Schedule a debounced reload. Resets the timer on each call
+     * so that rapid file changes are coalesced into a single reload.
+     */
+    scheduleReload() {
+        if (this.debounceTimer !== null) {
+            clearTimeout(this.debounceTimer);
+        }
+        this.debounceTimer = setTimeout(() => {
+            this.debounceTimer = null;
+            this.reload();
+        }, this.debounceMs);
+    }
+    /**
+     * Perform the actual policy reload from the file.
+     * On success, emits policy_reloaded event.
+     * On failure, emits policy_reload_failed event and keeps previous policies.
+     */
+    reload() {
+        const result = this.engine.loadFromFile(this.filePath);
+        if (result.success) {
+            console.log(`[govyn] Policy file reloaded: ${result.policies.length} policies loaded from ${this.filePath}`);
+            govynEvents.emit('event', {
+                type: 'policy_reloaded',
+                filePath: this.filePath,
+                policyCount: result.policies.length,
+            });
+        }
+        else {
+            const firstError = result.errors.length > 0 ? result.errors[0].message : 'Unknown error';
+            console.log(`[govyn] Policy reload failed (keeping previous policies): ${firstError}`);
+            govynEvents.emit('event', {
+                type: 'policy_reload_failed',
+                filePath: this.filePath,
+                error: firstError,
+            });
+        }
+    }
+}
+//# sourceMappingURL=policy-watcher.js.map

package/dist/policy-watcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-watcher.js","sourceRoot":"","sources":["../src/policy-watcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAO1C,MAAM,OAAO,aAAa;IAChB,MAAM,CAAe;IACrB,QAAQ,CAAS;IACjB,UAAU,CAAS;IACnB,OAAO,GAAwB,IAAI,CAAC;IACpC,aAAa,GAAyC,IAAI,CAAC;IAEnE,YAAY,MAAoB,EAAE,QAAgB,EAAE,OAA8B;QAChF,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,GAAG,CAAC;IAC/C,CAAC;IAED;;;;;;OAMG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO,CAAC,mBAAmB;QAE7C,4CAA4C;QAC5C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CAAC,2DAA2D,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YACxF,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,UAAU,EAAE,EAAE;gBACpD,mEAAmE;gBACnE,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,CAAC,CAAC,CAAC;YAEH,uEAAuE;YACvE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC/B,OAAO,CAAC,KAAK,CAAC,iCAAiC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,KAAK,CAAC,2CAA2C,OAAO,EAAE,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YAChC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACjC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACtB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC;IAC/B,CAAC;IAED;;;OAGG;IACK,cAAc;QACpB,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YAChC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACnC,CAAC;QACD,IAAI,CAAC,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE;YACnC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACtB,CAAC;IAED;;;;OAIG;IACK,MAAM;QACZ,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEvD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CACT,iCAAiC,MAAM,CAAC,QAAQ,CAAC,MAAM,yBAAyB,IAAI,CAAC,QAAQ,EAAE,CAChG,CAAC;YACF,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE;gBACxB,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;aACpC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACzF,OAAO,CAAC,GAAG,CACT,6DAA6D,UAAU,EAAE,CAC1E,CAAC;YACF,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE;gBACxB,IAAI,EAAE,sBAAsB;gBAC5B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,UAAU;aAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;CACF"}

package/dist/pricing.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Pricing table and cost calculation engine for the Govyn proxy server.
+ *
+ * Provides built-in default pricing for major models, config overrides,
+ * and accurate cost calculation from token usage data.
+ */
+import type { TokenUsage } from './types.js';
+/**
+ * Pricing configuration for a single model.
+ */
+export interface ModelPricing {
+    /** The model identifier */
+    model: string;
+    /** Price per 1,000,000 input tokens (USD) */
+    inputPricePerMillion: number;
+    /** Price per 1,000,000 output tokens (USD) */
+    outputPricePerMillion: number;
+}
+/**
+ * Pricing table: model name -> pricing configuration.
+ */
+export type PricingTable = Map<string, ModelPricing>;
+/**
+ * Result of a cost calculation.
+ */
+export interface CostResult {
+    /** Cost for input tokens (USD) */
+    inputCost: number;
+    /** Cost for output tokens (USD) */
+    outputCost: number;
+    /** Total cost (inputCost + outputCost) in USD */
+    totalCost: number;
+    /** The model that was used */
+    model: string;
+    /** Whether the model was found in the pricing table */
+    priced: boolean;
+}
+/**
+ * Returns the built-in default pricing table for major models.
+ *
+ * All prices are per 1,000,000 tokens in USD.
+ * Sources: Public pricing as of February 2026.
+ */
+export declare function getDefaultPricing(): PricingTable;
+/**
+ * Load a pricing table, starting from built-in defaults and applying config overrides.
+ *
+ * Config prices override defaults for the same model name, allowing users to:
+ * - Override default pricing for known models
+ * - Add pricing for custom/private models
+ *
+ * @param configPricing - Optional pricing from YAML config (per-million-token pricing)
+ * @returns Complete pricing table with defaults and config overrides applied
+ */
+export declare function loadPricing(configPricing?: Record<string, {
+    input: number;
+    output: number;
+}>): PricingTable;
+/**
+ * Calculate the cost of a request from token usage and a pricing table.
+ *
+ * For known models: computes cost = (tokens / 1,000,000) * pricePerMillion
+ * For unknown models: logs a warning, returns totalCost 0 with priced = false
+ *
+ * @param usage - Token usage extracted from a provider response
+ * @param pricingTable - Pricing table (from loadPricing)
+ * @returns Cost result with breakdown and pricing status
+ */
+export declare function calculateCost(usage: TokenUsage, pricingTable: PricingTable): CostResult;

package/dist/pricing.js

@@ -0,0 +1,93 @@
+/**
+ * Pricing table and cost calculation engine for the Govyn proxy server.
+ *
+ * Provides built-in default pricing for major models, config overrides,
+ * and accurate cost calculation from token usage data.
+ */
+/**
+ * Returns the built-in default pricing table for major models.
+ *
+ * All prices are per 1,000,000 tokens in USD.
+ * Sources: Public pricing as of February 2026.
+ */
+export function getDefaultPricing() {
+    const table = new Map();
+    const defaults = [
+        // [model, inputPricePerMillion, outputPricePerMillion]
+        ['gpt-4o', 2.50, 10.00],
+        ['gpt-4o-mini', 0.15, 0.60],
+        ['gpt-4.1', 2.00, 8.00],
+        ['gpt-4.1-mini', 0.40, 1.60],
+        ['gpt-4.1-nano', 0.10, 0.40],
+        ['o3', 2.00, 8.00],
+        ['o3-mini', 1.10, 4.40],
+        ['o4-mini', 1.10, 4.40],
+        ['claude-sonnet-4-20250514', 3.00, 15.00],
+        ['claude-haiku-3-5-20241022', 0.80, 4.00],
+        ['claude-opus-4-20250514', 15.00, 75.00],
+    ];
+    for (const [model, inputPricePerMillion, outputPricePerMillion] of defaults) {
+        table.set(model, { model, inputPricePerMillion, outputPricePerMillion });
+    }
+    return table;
+}
+/**
+ * Load a pricing table, starting from built-in defaults and applying config overrides.
+ *
+ * Config prices override defaults for the same model name, allowing users to:
+ * - Override default pricing for known models
+ * - Add pricing for custom/private models
+ *
+ * @param configPricing - Optional pricing from YAML config (per-million-token pricing)
+ * @returns Complete pricing table with defaults and config overrides applied
+ */
+export function loadPricing(configPricing) {
+    const table = getDefaultPricing();
+    if (configPricing) {
+        for (const [model, prices] of Object.entries(configPricing)) {
+            if (typeof model !== 'string')
+                continue;
+            if (typeof prices?.input !== 'number' || typeof prices?.output !== 'number')
+                continue;
+            table.set(model, {
+                model,
+                inputPricePerMillion: prices.input,
+                outputPricePerMillion: prices.output,
+            });
+        }
+    }
+    return table;
+}
+/**
+ * Calculate the cost of a request from token usage and a pricing table.
+ *
+ * For known models: computes cost = (tokens / 1,000,000) * pricePerMillion
+ * For unknown models: logs a warning, returns totalCost 0 with priced = false
+ *
+ * @param usage - Token usage extracted from a provider response
+ * @param pricingTable - Pricing table (from loadPricing)
+ * @returns Cost result with breakdown and pricing status
+ */
+export function calculateCost(usage, pricingTable) {
+    const pricing = pricingTable.get(usage.model);
+    if (!pricing) {
+        console.warn(`[govyn] WARNING: Unknown model "${usage.model}" — cost marked as unpriced`);
+        return {
+            inputCost: 0,
+            outputCost: 0,
+            totalCost: 0,
+            model: usage.model,
+            priced: false,
+        };
+    }
+    const inputCost = (usage.inputTokens / 1_000_000) * pricing.inputPricePerMillion;
+    const outputCost = (usage.outputTokens / 1_000_000) * pricing.outputPricePerMillion;
+    return {
+        inputCost,
+        outputCost,
+        totalCost: inputCost + outputCost,
+        model: usage.model,
+        priced: true,
+    };
+}
+//# sourceMappingURL=pricing.js.map

package/dist/pricing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pricing.js","sourceRoot":"","sources":["../src/pricing.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAqCH;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,KAAK,GAAG,IAAI,GAAG,EAAwB,CAAC;IAE9C,MAAM,QAAQ,GAAoC;QAChD,uDAAuD;QACvD,CAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC;QACvB,CAAC,aAAa,EAAE,IAAI,EAAE,IAAI,CAAC;QAC3B,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC;QACvB,CAAC,cAAc,EAAE,IAAI,EAAE,IAAI,CAAC;QAC5B,CAAC,cAAc,EAAE,IAAI,EAAE,IAAI,CAAC;QAC5B,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC;QAClB,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC;QACvB,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC;QACvB,CAAC,0BAA0B,EAAE,IAAI,EAAE,KAAK,CAAC;QACzC,CAAC,2BAA2B,EAAE,IAAI,EAAE,IAAI,CAAC;QACzC,CAAC,wBAAwB,EAAE,KAAK,EAAE,KAAK,CAAC;KACzC,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,oBAAoB,EAAE,qBAAqB,CAAC,IAAI,QAAQ,EAAE,CAAC;QAC5E,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CACzB,aAAiE;IAEjE,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;IAElC,IAAI,aAAa,EAAE,CAAC;QAClB,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YAC5D,IAAI,OAAO,KAAK,KAAK,QAAQ;gBAAE,SAAS;YACxC,IAAI,OAAO,MAAM,EAAE,KAAK,KAAK,QAAQ,IAAI,OAAO,MAAM,EAAE,MAAM,KAAK,QAAQ;gBAAE,SAAS;YACtF,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE;gBACf,KAAK;gBACL,oBAAoB,EAAE,MAAM,CAAC,KAAK;gBAClC,qBAAqB,EAAE,MAAM,CAAC,MAAM;aACrC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,aAAa,CAAC,KAAiB,EAAE,YAA0B;IACzE,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAE9C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,mCAAmC,KAAK,CAAC,KAAK,6BAA6B,CAAC,CAAC;QAC1F,OAAO;YACL,SAAS,EAAE,CAAC;YACZ,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,CAAC;YACZ,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,MAAM,EAAE,KAAK;SACd,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,CAAC,KAAK,CAAC,WAAW,GAAG,SAAS,CAAC,GAAG,OAAO,CAAC,oBAAoB,CAAC;IACjF,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,YAAY,GAAG,SAAS,CAAC,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAEpF,OAAO;QACL,SAAS;QACT,UAAU;QACV,SAAS,EAAE,SAAS,GAAG,UAAU;QACjC,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,MAAM,EAAE,IAAI;KACb,CAAC;AACJ,CAAC"}

package/dist/prompt.d.ts

@@ -0,0 +1,6 @@
+export interface Prompt {
+    ask: (question: string) => Promise<string>;
+    askHidden: (question: string) => Promise<string>;
+    close: () => void;
+}
+export declare function createPrompt(): Prompt;

package/dist/prompt.js

@@ -0,0 +1,47 @@
+import * as readline from 'node:readline';
+export function createPrompt() {
+    const output = process.stdout;
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output,
+        terminal: true,
+    });
+    const originalWrite = rl._writeToOutput?.bind(rl) ??
+        ((stringToWrite) => {
+            output.write(stringToWrite);
+        });
+    rl.stdoutMuted = false;
+    rl._writeToOutput = (stringToWrite) => {
+        if (!rl.stdoutMuted) {
+            originalWrite(stringToWrite);
+            return;
+        }
+        if (stringToWrite.includes('\n')) {
+            output.write('\n');
+            return;
+        }
+        output.write('*');
+    };
+    function ask(question) {
+        return new Promise((resolve) => {
+            rl.question(question, (answer) => {
+                resolve(answer.trim());
+            });
+        });
+    }
+    function askHidden(question) {
+        return new Promise((resolve) => {
+            rl.stdoutMuted = true;
+            rl.question(question, (answer) => {
+                rl.stdoutMuted = false;
+                output.write('\n');
+                resolve(answer.trim());
+            });
+        });
+    }
+    function close() {
+        rl.close();
+    }
+    return { ask, askHidden, close };
+}
+//# sourceMappingURL=prompt.js.map

package/dist/prompt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt.js","sourceRoot":"","sources":["../src/prompt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAC;AAa1C,MAAM,UAAU,YAAY;IAC1B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;QAClC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM;QACN,QAAQ,EAAE,IAAI;KACf,CAAoB,CAAC;IAEtB,MAAM,aAAa,GACjB,EAAE,CAAC,cAAc,EAAE,IAAI,CAAC,EAAE,CAAC;QAC3B,CAAC,CAAC,aAAqB,EAAE,EAAE;YACzB,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;IAEL,EAAE,CAAC,WAAW,GAAG,KAAK,CAAC;IACvB,EAAE,CAAC,cAAc,GAAG,CAAC,aAAqB,EAAE,EAAE;QAC5C,IAAI,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;YACpB,aAAa,CAAC,aAAa,CAAC,CAAC;YAC7B,OAAO;QACT,CAAC;QAED,IAAI,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACnB,OAAO;QACT,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC,CAAC;IAEF,SAAS,GAAG,CAAC,QAAgB;QAC3B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAc,EAAE,EAAE;gBACvC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YACzB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,SAAS,CAAC,QAAgB;QACjC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,EAAE,CAAC,WAAW,GAAG,IAAI,CAAC;YACtB,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAc,EAAE,EAAE;gBACvC,EAAE,CAAC,WAAW,GAAG,KAAK,CAAC;gBACvB,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACnB,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YACzB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,KAAK;QACZ,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AACnC,CAAC"}

package/dist/providers/anthropic.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Anthropic provider configuration and header mapping.
+ */
+import type { ProviderConfig } from '../types.js';
+import type { IncomingHttpHeaders } from 'node:http';
+/**
+ * Default Anthropic provider configuration.
+ */
+export declare const anthropicProvider: ProviderConfig;
+/**
+ * Map incoming request headers for Anthropic upstream requests.
+ *
+ * - Sets x-api-key: {ANTHROPIC_API_KEY} from env var
+ * - Sets anthropic-version header if not already present
+ * - Forwards Content-Type and other relevant headers
+ * - Does NOT forward the Host header (uses upstream host)
+ */
+export declare function mapAnthropicHeaders(incomingHeaders: IncomingHttpHeaders, apiKeyEnv: string | null): Record<string, string>;