lynkr 9.0.2 → 9.1.3

package/src/routing/tenant-policy.js

@@ -0,0 +1,96 @@
+/**
+ * Per-tenant routing policy (Phase 6.1).
+ *
+ * Each tenant can override:
+ *   - tier thresholds (which complexity scores map to which tiers)
+ *   - reward weights (λ for cost, μ for latency in the bandit)
+ *   - max acceptable latency
+ *   - blocked models (never route to these)
+ *
+ * Tenant id is read from the `LYNKR_TENANT_ID` request header. Per-tenant
+ * configs live in data/tenants/<id>.json. Falls back to global config when
+ * the id is absent or the file doesn't exist.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const logger = require('../logger');
+
+const TENANTS_DIR = path.join(__dirname, '../../data/tenants');
+const _cache = new Map();
+const RELOAD_INTERVAL_MS = 60_000;
+
+function _loadTenant(tenantId) {
+  if (!tenantId) return null;
+  const cached = _cache.get(tenantId);
+  if (cached && Date.now() - cached.loadedAt < RELOAD_INTERVAL_MS) return cached.config;
+
+  const file = path.join(TENANTS_DIR, `${tenantId.replace(/[^a-zA-Z0-9_-]/g, '_')}.json`);
+  if (!fs.existsSync(file)) {
+    _cache.set(tenantId, { config: null, loadedAt: Date.now() });
+    return null;
+  }
+  try {
+    const data = JSON.parse(fs.readFileSync(file, 'utf8'));
+    _cache.set(tenantId, { config: data, loadedAt: Date.now() });
+    return data;
+  } catch (err) {
+    logger.warn({ tenantId, err: err.message }, '[TenantPolicy] Load failed');
+    return null;
+  }
+}
+
+function getPolicy(tenantId) {
+  const t = _loadTenant(tenantId);
+  if (!t) return null;
+  return {
+    tenantId,
+    tierRanges: t.tierRanges || null,
+    rewardWeights: t.rewardWeights || null,
+    maxLatencyMs: t.maxLatencyMs ?? null,
+    blockedModels: Array.isArray(t.blockedModels) ? new Set(t.blockedModels) : null,
+    preferredProviders: Array.isArray(t.preferredProviders) ? t.preferredProviders : null,
+  };
+}
+
+/**
+ * Apply tenant overrides to a routing decision after the main algorithm has
+ * produced one. Returns either the decision unchanged or a new decision
+ * respecting the tenant constraints.
+ */
+function applyTenantOverrides(decision, tenantPolicy) {
+  if (!tenantPolicy || !decision) return decision;
+  // Blocked model → fall back to next-cheapest qualifying model in same tier
+  if (tenantPolicy.blockedModels && decision.model && tenantPolicy.blockedModels.has(decision.model)) {
+    const { getCostOptimizer } = require('./cost-optimizer');
+    const optimizer = getCostOptimizer();
+    const cheapest = optimizer.findCheapestForTier(decision.tier, tenantPolicy.preferredProviders || []);
+    if (cheapest && !tenantPolicy.blockedModels.has(cheapest.model)) {
+      return {
+        ...decision,
+        provider: cheapest.provider,
+        model: cheapest.model,
+        method: (decision.method || '') + '+tenant_override',
+        tenantOverride: { reason: 'blocked_model', tenantId: tenantPolicy.tenantId },
+      };
+    }
+  }
+  return decision;
+}
+
+function getTenantId(req) {
+  if (!req) return null;
+  const h = req.headers || req;
+  return (h['lynkr-tenant-id'] || h['LYNKR-Tenant-Id'] || h['x-tenant-id'] || null);
+}
+
+function reloadCache() {
+  _cache.clear();
+}
+
+module.exports = {
+  getPolicy,
+  getTenantId,
+  applyTenantOverrides,
+  reloadCache,
+};

package/src/routing/tokenizer.js

@@ -0,0 +1,162 @@
+/**
+ * Accurate token estimation using js-tiktoken.
+ *
+ * Replaces the chars/4 approximation across the routing path. Falls back to
+ * chars/4 if js-tiktoken is unavailable (graceful degradation — never throws).
+ *
+ * Phase 1.1 of the routing overhaul.
+ *
+ * @module routing/tokenizer
+ */
+
+const logger = require('../logger');
+
+let _tiktoken = null;
+let _tiktokenLoaded = false;
+const _encoderCache = new Map();
+
+function _loadTiktoken() {
+  if (_tiktokenLoaded) return _tiktoken;
+  _tiktokenLoaded = true;
+  try {
+    _tiktoken = require('js-tiktoken');
+  } catch (err) {
+    logger.debug(
+      { err: err.message },
+      '[Tokenizer] js-tiktoken not available, falling back to chars/4'
+    );
+    _tiktoken = null;
+  }
+  return _tiktoken;
+}
+
+function _encodingForModel(model) {
+  if (!model || typeof model !== 'string') return 'cl100k_base';
+  const lower = model.toLowerCase();
+  // GPT-4o family + o-series use o200k_base
+  if (
+    lower.includes('gpt-4o') ||
+    lower.includes('gpt-4.1') ||
+    lower.includes('gpt-5') ||
+    lower.includes('o1') ||
+    lower.includes('o3') ||
+    lower.includes('o4')
+  ) {
+    return 'o200k_base';
+  }
+  // GPT-4 / GPT-3.5 / Anthropic / most others approximate well with cl100k_base
+  return 'cl100k_base';
+}
+
+function _getEncoder(model) {
+  const tiktoken = _loadTiktoken();
+  if (!tiktoken) return null;
+  const encName = _encodingForModel(model);
+  let cached = _encoderCache.get(encName);
+  if (cached) return cached;
+  try {
+    cached = tiktoken.getEncoding(encName);
+    _encoderCache.set(encName, cached);
+    return cached;
+  } catch (err) {
+    logger.debug(
+      { err: err.message, encoding: encName },
+      '[Tokenizer] Encoder load failed, using fallback'
+    );
+    return null;
+  }
+}
+
+/**
+ * Count tokens in a single string.
+ * @param {string} text
+ * @param {string|null} model - optional model name for encoding selection
+ * @returns {number}
+ */
+function countTokens(text, model = null) {
+  if (!text || typeof text !== 'string') return 0;
+  const encoder = _getEncoder(model);
+  if (!encoder) return Math.ceil(text.length / 4);
+  try {
+    return encoder.encode(text).length;
+  } catch (err) {
+    return Math.ceil(text.length / 4);
+  }
+}
+
+function _extractText(content) {
+  if (!content) return '';
+  if (typeof content === 'string') return content;
+  if (Array.isArray(content)) {
+    let combined = '';
+    for (const block of content) {
+      if (!block) continue;
+      if (typeof block === 'string') {
+        combined += block + ' ';
+      } else if (block.type === 'text' && block.text) {
+        combined += block.text + ' ';
+      } else if (typeof block.text === 'string') {
+        combined += block.text + ' ';
+      } else if (block.type === 'tool_use' && block.input) {
+        try {
+          combined += JSON.stringify(block.input) + ' ';
+        } catch {
+          // ignore non-serializable input
+        }
+      } else if (block.type === 'tool_result' && block.content) {
+        combined += _extractText(block.content) + ' ';
+      }
+    }
+    return combined;
+  }
+  return '';
+}
+
+function _imageTokenEstimate(content) {
+  if (!Array.isArray(content)) return 0;
+  let imageBase64Bytes = 0;
+  for (const block of content) {
+    if (block?.type === 'image' && block.source?.data) {
+      imageBase64Bytes += block.source.data.length;
+    }
+  }
+  // Rough heuristic mirroring previous behavior: ~1 token per 6 base64 chars
+  return Math.floor(imageBase64Bytes / 6);
+}
+
+/**
+ * Count tokens across a full Anthropic-format message array + optional system.
+ * @param {Array} messages
+ * @param {string|Array|null} system
+ * @param {string|null} model
+ * @returns {number}
+ */
+function countMessagesTokens(messages = [], system = null, model = null) {
+  let total = 0;
+  if (system) {
+    total += countTokens(_extractText(system), model);
+  }
+  if (Array.isArray(messages)) {
+    for (const msg of messages) {
+      total += countTokens(_extractText(msg?.content), model);
+      total += _imageTokenEstimate(msg?.content);
+    }
+    // Per-message structural overhead (~4 tokens per message in both Anthropic and OpenAI)
+    total += messages.length * 4;
+  }
+  return total;
+}
+
+/**
+ * Count tokens from a full payload object (Anthropic-style with .messages, .system, .model).
+ */
+function countPayloadTokens(payload, model = null) {
+  if (!payload) return 0;
+  return countMessagesTokens(payload.messages, payload.system, model || payload.model);
+}
+
+module.exports = {
+  countTokens,
+  countMessagesTokens,
+  countPayloadTokens,
+};

package/src/server.js

@@ -9,6 +9,8 @@ const { metricsMiddleware } = require("./api/middleware/metrics");
 const { requestLoggingMiddleware } = require("./api/middleware/request-logging");
 const { errorHandlingMiddleware, notFoundHandler } = require("./api/middleware/error-handling");
 const { loadSheddingMiddleware, initializeLoadShedder } = require("./api/middleware/load-shedding");
+const { tenantMiddleware } = require("./api/middleware/tenant");
+const { budgetEnforcer } = require("./api/middleware/budget-enforcer");
 const { livenessCheck, readinessCheck } = require("./api/health");
 const { getMetricsCollector } = require("./observability/metrics");
 const { getShutdownManager } = require("./server/shutdown");
@@ -90,6 +92,13 @@ function createApp() {
     app.use('/v1/messages', budgetMiddleware);
   }
 
+  // Phase 6.1 — per-tenant routing policies (LYNKR-Tenant-Id header).
+  // Runs before message handling so res.locals.tenantPolicy is populated.
+  app.use('/v1/messages', tenantMiddleware);
+
+  // Phase 6.2 — hierarchical budget enforcement (LYNKR_BUDGET_ENFORCER=false to disable).
+  app.use('/v1/messages', budgetEnforcer);
+
   // Health check endpoints
   app.get("/health/live", livenessCheck);
   app.get("/health/ready", readinessCheck);
@@ -147,6 +156,9 @@ function createApp() {
 
   app.use(router);
 
+  // Dashboard UI
+  app.use('/dashboard', require('./dashboard/router'));
+
   // Files API
   const filesRouter = require("./api/files-router");
   app.use("/v1", filesRouter);

package/src/stores/file-store.js

@@ -1,9 +1,11 @@
 const fs = require("fs");
+const fsp = require("fs").promises;
 const path = require("path");
 const crypto = require("crypto");
 const logger = require("../logger");
 
 const STORAGE_DIR = path.resolve(process.env.FILES_STORAGE_PATH || "./data/files");
+const METADATA_FILE = path.join(STORAGE_DIR, "_metadata.json");
 const MAX_FILES = parseInt(process.env.FILES_MAX_COUNT || "1000", 10);
 
 const metadata = new Map();
@@ -14,15 +16,46 @@ function ensureStorageDir() {
   }
 }
 
-function storeFile(buffer, { filename, purpose, mimeType }) {
+function persistMetadata() {
+  try {
+    const entries = Array.from(metadata.values());
+    fs.writeFileSync(METADATA_FILE, JSON.stringify(entries), "utf8");
+  } catch (err) {
+    logger.warn({ err: err.message }, "Failed to persist file metadata");
+  }
+}
+
+function loadMetadata() {
+  ensureStorageDir();
+  try {
+    if (!fs.existsSync(METADATA_FILE)) return;
+    const entries = JSON.parse(fs.readFileSync(METADATA_FILE, "utf8"));
+    for (const entry of entries) {
+      // Only restore entries whose backing file still exists on disk
+      if (fs.existsSync(entry.storage_path)) {
+        metadata.set(entry.id, entry);
+      } else {
+        logger.debug({ fileId: entry.id }, "Dropping orphaned metadata entry (file missing)");
+      }
+    }
+    logger.info({ count: metadata.size }, "File metadata restored from disk");
+  } catch (err) {
+    logger.warn({ err: err.message }, "Could not load file metadata; starting fresh");
+  }
+}
+
+// Restore metadata at module load so restarts don't orphan files
+loadMetadata();
+
+async function storeFile(buffer, { filename, purpose, mimeType }) {
   ensureStorageDir();
   if (metadata.size >= MAX_FILES) {
     const oldest = metadata.keys().next().value;
-    deleteFile(oldest);
+    await deleteFile(oldest);
   }
   const id = `file-${crypto.randomUUID()}`;
   const storagePath = path.join(STORAGE_DIR, id);
-  fs.writeFileSync(storagePath, buffer);
+  await fsp.writeFile(storagePath, buffer);
   const entry = {
     id,
     object: "file",
@@ -34,6 +67,7 @@ function storeFile(buffer, { filename, purpose, mimeType }) {
     storage_path: storagePath,
   };
   metadata.set(id, entry);
+  persistMetadata();
   logger.info({ fileId: id, bytes: buffer.length, filename }, "File stored");
   return entry;
 }
@@ -42,21 +76,22 @@ function getFile(id) {
   return metadata.get(id) || null;
 }
 
-function getFileContent(id) {
+async function getFileContent(id) {
   const entry = metadata.get(id);
   if (!entry) return null;
   try {
-    return fs.readFileSync(entry.storage_path);
+    return await fsp.readFile(entry.storage_path);
   } catch {
     return null;
   }
 }
 
-function deleteFile(id) {
+async function deleteFile(id) {
   const entry = metadata.get(id);
   if (!entry) return false;
-  try { fs.unlinkSync(entry.storage_path); } catch {}
+  try { await fsp.unlink(entry.storage_path); } catch {}
   metadata.delete(id);
+  persistMetadata();
   return true;
 }
 

package/src/tools/smart-selection.js

@@ -280,9 +280,18 @@ function selectToolsSmartly(tools, classification, options = {}) {
 
   // Get relevant tool names for this request type
   const relevantToolNames = TOOL_SELECTION_MAP[requestType] || TOOL_SELECTION_MAP.coding;
+  const relevantLower = new Set(relevantToolNames.map(n => n.toLowerCase()));
 
-  // Filter to relevant tools only
-  let selectedTools = tools.filter(tool => relevantToolNames.includes(tool.name));
+  // Filter to relevant tools only (case-insensitive match so external clients
+  // using lowercase names like Pi's `bash`/`read` aren't filtered out)
+  let selectedTools = tools.filter(tool => relevantLower.has(String(tool.name || '').toLowerCase()));
+
+  // If nothing matched, the caller is using a tool ecosystem we don't recognize
+  // (e.g. Pi's read/write/edit/bash). Pass tools through untouched rather than
+  // deleting them — otherwise the LLM gets no schema and hallucinates defaults.
+  if (selectedTools.length === 0) {
+    return tools;
+  }
 
   // Mode-specific adjustments
   if (config.mode === 'aggressive') {

package/src/training/trajectory-compressor.js

@@ -0,0 +1,266 @@
+/**
+ * Trajectory Compressor
+ *
+ * Reads completed agent sessions out of Lynkr's session DB,
+ * joins with routing telemetry to pick up tier / score / outcome
+ * metadata, and emits JSONL training samples for fine-tuning small
+ * models on tool-call generation and tier-routing decisions.
+ *
+ * Each line of the output JSONL is a self-contained sample:
+ *
+ *   {
+ *     "session_id":     "...",
+ *     "messages":       [{"role": "...", "content": ...}, ...],
+ *     "tool_calls":     [...],
+ *     "outcome":        "success" | "error",
+ *     "tier":           "SIMPLE" | "MEDIUM" | "COMPLEX" | "REASONING",
+ *     "complexity_score": 38,
+ *     "model_used":     "gpt-4o",
+ *     "provider_used":  "azure-openai",
+ *     "tokens_in":      1234,
+ *     "tokens_out":     456,
+ *     "latency_ms":     2400,
+ *     "started_at":     "2026-05-03T10:11:12Z",
+ *     "ended_at":       "2026-05-03T10:11:14Z"
+ *   }
+ *
+ * The compressor is read-only — it never modifies the source DBs.
+ */
+
+const fs = require("fs");
+const path = require("path");
+
+const db = require("../db");
+const telemetry = require("../routing/telemetry");
+
+// Patterns for the optional --anonymize pass. Order matters: more
+// specific patterns first so they don't get clobbered by generic ones.
+const ANONYMIZE_PATTERNS = [
+  // API keys and bearer tokens
+  [/sk-[A-Za-z0-9_-]{20,}/g, "<API_KEY>"],
+  [/Bearer\s+[A-Za-z0-9._\-]+/gi, "Bearer <REDACTED>"],
+  [/dapi_[A-Za-z0-9_-]+/g, "<DATABRICKS_KEY>"],
+  [/eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g, "<JWT>"],
+  // AWS keys
+  [/AKIA[0-9A-Z]{16}/g, "<AWS_ACCESS_KEY>"],
+  // Email addresses
+  [/[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}/g, "<EMAIL>"],
+  // Absolute filesystem paths under /Users/<name>/ or /home/<name>/
+  [/\/Users\/[^/\s]+/g, "/Users/<USER>"],
+  [/\/home\/[^/\s]+/g, "/home/<USER>"],
+  // IPs
+  [/\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/g, "<IP>"],
+  // Hostnames containing service-now / corporate domains (configurable)
+  [/[A-Za-z0-9-]+\.service-now\.com/gi, "<SERVICENOW_HOST>"],
+];
+
+function anonymize(value) {
+  if (typeof value === "string") {
+    let out = value;
+    for (const [re, replacement] of ANONYMIZE_PATTERNS) {
+      out = out.replace(re, replacement);
+    }
+    return out;
+  }
+  if (Array.isArray(value)) return value.map(anonymize);
+  if (value && typeof value === "object") {
+    const out = {};
+    for (const [k, v] of Object.entries(value)) out[k] = anonymize(v);
+    return out;
+  }
+  return value;
+}
+
+function parseJsonSafe(text, fallback = null) {
+  if (text == null) return fallback;
+  try {
+    return JSON.parse(text);
+  } catch {
+    return fallback;
+  }
+}
+
+/**
+ * List session ids in a window, optionally filtered by tier.
+ */
+function listSessions({ since = null, tier = null } = {}) {
+  if (!db) return [];
+
+  const rows = since
+    ? db
+        .prepare(
+          "SELECT id, created_at, updated_at, metadata FROM sessions WHERE updated_at >= ? ORDER BY updated_at DESC"
+        )
+        .all(since)
+    : db.prepare("SELECT id, created_at, updated_at, metadata FROM sessions ORDER BY updated_at DESC").all();
+
+  if (!tier) return rows;
+
+  // Tier filter requires joining against routing telemetry — we do that
+  // per-session lazily so we don't pre-load the whole telemetry table.
+  return rows.filter((s) => sessionTier(s.id) === tier);
+}
+
+/**
+ * Find the dominant tier picked across a session's telemetry rows.
+ */
+function sessionTier(sessionId) {
+  try {
+    const rows = telemetry.query({ session_id: sessionId, limit: 1000 });
+    if (rows.length === 0) return null;
+    const counts = {};
+    for (const r of rows) counts[r.tier || "UNKNOWN"] = (counts[r.tier || "UNKNOWN"] || 0) + 1;
+    return Object.entries(counts).sort((a, b) => b[1] - a[1])[0][0];
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Build one trajectory record for a single session.
+ */
+function buildTrajectory(session, options = {}) {
+  if (!db) return null;
+
+  const historyStmt = db.prepare(
+    "SELECT role, type, status, content, metadata, timestamp FROM session_history WHERE session_id = ? ORDER BY timestamp ASC"
+  );
+  const history = historyStmt.all(session.id);
+
+  // Convert each session_history row into a chat message, preserving
+  // tool-call structure when present in metadata.
+  const messages = [];
+  const toolCalls = [];
+
+  for (const row of history) {
+    const meta = parseJsonSafe(row.metadata) || {};
+    const content = parseJsonSafe(row.content, row.content);
+
+    if (row.role === "tool" || row.type === "tool_use" || row.type === "tool_result") {
+      // Capture tool calls as a separate stream alongside the chat
+      toolCalls.push({
+        type: row.type,
+        timestamp: row.timestamp,
+        content,
+        metadata: meta,
+      });
+    }
+
+    if (row.role === "user" || row.role === "assistant" || row.role === "system") {
+      messages.push({
+        role: row.role,
+        content,
+      });
+    }
+  }
+
+  // Pull telemetry records associated with this session to enrich.
+  const teleRows = telemetry.query({ session_id: session.id, limit: 1000 });
+
+  const totals = teleRows.reduce(
+    (acc, r) => {
+      acc.tokens_in += r.input_tokens || 0;
+      acc.tokens_out += r.output_tokens || 0;
+      acc.latency_ms += r.latency_ms || 0;
+      return acc;
+    },
+    { tokens_in: 0, tokens_out: 0, latency_ms: 0 }
+  );
+
+  // Pick the modal tier (most-used) and the most-recent model/provider.
+  const tier = sessionTier(session.id);
+  const last = teleRows[0]; // telemetry.query orders DESC
+  const errorRow = teleRows.find((r) => r.error_type);
+  const outcome = errorRow ? "error" : "success";
+  const complexityAvg =
+    teleRows.length > 0
+      ? Math.round(
+          teleRows.reduce((sum, r) => sum + (r.complexity_score || 0), 0) /
+            teleRows.length
+        )
+      : null;
+
+  let trajectory = {
+    session_id: session.id,
+    messages,
+    tool_calls: toolCalls,
+    outcome,
+    tier,
+    complexity_score: complexityAvg,
+    model_used: last?.model || null,
+    provider_used: last?.provider || null,
+    tokens_in: totals.tokens_in,
+    tokens_out: totals.tokens_out,
+    latency_ms: totals.latency_ms,
+    started_at: new Date(session.created_at).toISOString(),
+    ended_at: new Date(session.updated_at).toISOString(),
+  };
+
+  if (options.anonymize) {
+    trajectory = anonymize(trajectory);
+  }
+  return trajectory;
+}
+
+/**
+ * Stream trajectories to a writable target (a path or a stream).
+ *
+ * @param {Object} options
+ * @param {string|number|Date} [options.since]   Window start (ms / Date / "Nd")
+ * @param {string} [options.tier]                Filter to one tier
+ * @param {boolean} [options.anonymize=false]    Strip PII / paths / secrets
+ * @param {string|stream.Writable} [options.output="-"]   File path, "-" for stdout, or a stream
+ * @param {function} [options.onProgress]        Optional progress callback (count) => void
+ * @returns {{ count: number, output: string }}
+ */
+function exportJsonl(options = {}) {
+  const since = resolveSince(options.since);
+  const sessions = listSessions({ since, tier: options.tier });
+
+  let stream;
+  let outputPath = "-";
+  let closeStream = false;
+
+  if (!options.output || options.output === "-") {
+    stream = process.stdout;
+  } else if (typeof options.output === "string") {
+    outputPath = options.output;
+    fs.mkdirSync(path.dirname(path.resolve(outputPath)), { recursive: true });
+    stream = fs.createWriteStream(outputPath);
+    closeStream = true;
+  } else {
+    stream = options.output;
+  }
+
+  let count = 0;
+  for (const session of sessions) {
+    const trajectory = buildTrajectory(session, options);
+    if (!trajectory || trajectory.messages.length === 0) continue;
+    stream.write(JSON.stringify(trajectory) + "\n");
+    count++;
+    if (options.onProgress) options.onProgress(count);
+  }
+
+  if (closeStream) stream.end();
+  return { count, output: outputPath };
+}
+
+function resolveSince(value) {
+  if (value == null) return null;
+  if (value instanceof Date) return value.getTime();
+  if (typeof value === "number") return value;
+  if (typeof value === "string") {
+    const m = value.match(/^(\d+)d$/);
+    if (m) return Date.now() - parseInt(m[1], 10) * 24 * 60 * 60 * 1000;
+    const parsed = Date.parse(value);
+    if (!Number.isNaN(parsed)) return parsed;
+  }
+  return null;
+}
+
+module.exports = {
+  exportJsonl,
+  buildTrajectory,
+  listSessions,
+  anonymize,
+};