manifest 5.35.2 → 5.36.1

package/dist/backend/auth/auth.instance.js

@@ -10,6 +10,7 @@ const local_mode_constants_1 = require("../common/constants/local-mode.constants
 const isLocalMode = process.env['MANIFEST_MODE'] === 'local';
 const port = process.env['PORT'] ?? '3001';
 const isDev = (process.env['NODE_ENV'] ?? '') !== 'production';
+const hasEmailProvider = !!(process.env['MAILGUN_API_KEY'] && process.env['MAILGUN_DOMAIN']);
 function createDatabaseConnection() {
     if (isLocalMode) {
         return null;
@@ -61,7 +62,7 @@ const authInstance = isLocalMode
         emailAndPassword: {
             enabled: true,
             minPasswordLength: 8,
-            requireEmailVerification: !isDev && !isLocalMode,
+            requireEmailVerification: !isDev && !isLocalMode && hasEmailProvider,
             sendResetPassword: async ({ user, url }) => {
                 const element = (0, reset_password_1.ResetPasswordEmail)({
                     userName: user.name,
@@ -78,7 +79,7 @@ const authInstance = isLocalMode
             },
         },
         emailVerification: {
-            sendOnSignUp: !isLocalMode,
+            sendOnSignUp: !isLocalMode && hasEmailProvider,
             autoSignInAfterVerification: true,
             sendVerificationEmail: async ({ user, url }) => {
                 const element = (0, verify_email_1.VerifyEmailEmail)({

package/dist/backend/database/models-dev-sync.service.js

@@ -176,7 +176,7 @@ let ModelsDevSyncService = ModelsDevSyncService_1 = class ModelsDevSyncService {
         }
         const outputMods = model.modalities?.output?.map((m) => m.toLowerCase());
         if (outputMods && outputMods.length > 0) {
-            return outputMods.every((m) => m === 'text');
+            return outputMods.includes('text');
         }
         return true;
     }

package/dist/backend/database/pricing-sync.service.js

@@ -98,7 +98,7 @@ let PricingSyncService = PricingSyncService_1 = class PricingSyncService {
         }
         const outputModalities = model.architecture?.output_modalities?.map((m) => m.toLowerCase());
         if (outputModalities && outputModalities.length > 0) {
-            return outputModalities.every((m) => m === 'text');
+            return outputModalities.includes('text');
         }
         return true;
     }

package/dist/backend/model-discovery/model-discovery.service.js

@@ -123,11 +123,17 @@ let ModelDiscoveryService = ModelDiscoveryService_1 = class ModelDiscoveryServic
             ...this.enrichModel(model, provider.provider),
             authType: authType,
         }));
-        provider.cached_models = enriched;
+        const filtered = enriched.filter((model) => {
+            const mdEntry = this.modelsDevSync?.lookupModel(provider.provider, model.id);
+            if (mdEntry && mdEntry.toolCall === false)
+                return false;
+            return true;
+        });
+        provider.cached_models = filtered;
         provider.models_fetched_at = new Date().toISOString();
         await this.providerRepo.save(provider);
-        this.logger.log(`Discovered ${enriched.length} models for provider ${provider.provider} (agent ${provider.agent_id})`);
-        return enriched;
+        this.logger.log(`Discovered ${filtered.length} models for provider ${provider.provider} (agent ${provider.agent_id})`);
+        return filtered;
     }
     async discoverAllForAgent(agentId) {
         const providers = await this.providerRepo.find({

package/dist/backend/model-discovery/provider-model-fetcher.service.js

@@ -7,7 +7,8 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 };
 var ProviderModelFetcherService_1;
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ProviderModelFetcherService = exports.PROVIDER_CONFIGS = void 0;
+exports.ProviderModelFetcherService = exports.PROVIDER_CONFIGS = exports.PROVIDER_NON_CHAT = exports.UNIVERSAL_NON_CHAT_RE = void 0;
+exports.filterNonChatModels = filterNonChatModels;
 const common_1 = require("@nestjs/common");
 const ollama_1 = require("../common/constants/ollama");
 const provider_base_url_1 = require("../routing/provider-base-url");
@@ -48,11 +49,10 @@ const parseOpenAI = createModelParser({
     getId: (entry) => entry.id,
     getDisplayName: (_entry, id) => id,
 });
-const OPENAI_NON_CHAT_RE = /(?:embed|tts|whisper|dall-e|moderation|davinci|babbage|^text-|audio|realtime|-transcribe|^sora|^gpt-3\.5-turbo-instruct)/i;
 const OPENAI_DATE_SUFFIX_RE = /-\d{4}-\d{2}-\d{2}$/;
 const OPENAI_RESPONSES_ONLY_RE = /(?:-codex(?!-mini-latest)|^gpt-5[^/]*-pro(?:-|$))/i;
-function parseOpenAIChatOnly(body, provider) {
-    const filtered = parseOpenAI(body, provider).filter((m) => !OPENAI_NON_CHAT_RE.test(m.id) && !OPENAI_RESPONSES_ONLY_RE.test(m.id));
+function parseOpenAIDeduped(body, provider) {
+    const filtered = parseOpenAI(body, provider).filter((m) => !OPENAI_RESPONSES_ONLY_RE.test(m.id));
     const ids = new Set(filtered.map((m) => m.id));
     return filtered.filter((m) => {
         if (!OPENAI_DATE_SUFFIX_RE.test(m.id))
@@ -61,9 +61,22 @@ function parseOpenAIChatOnly(body, provider) {
         return !ids.has(alias);
     });
 }
-const MISTRAL_NON_CHAT_RE = /(?:^mistral-ocr|embed)/i;
-function parseMistralChatOnly(body, provider) {
-    return parseOpenAI(body, provider).filter((m) => !MISTRAL_NON_CHAT_RE.test(m.id));
+exports.UNIVERSAL_NON_CHAT_RE = /(?:embed|tts|whisper|dall-e|imagen|cogview|wanx|sambert|paraformer|text-embedding|speech-to|voice-|audio-turbo)/i;
+exports.PROVIDER_NON_CHAT = {
+    openai: /(?:moderation|davinci|babbage|^text-|realtime|-transcribe|^sora|^gpt-3\.5-turbo-instruct|audio)/i,
+    'openai-subscription': /(?:moderation|davinci|babbage|^text-|realtime|-transcribe|^sora|audio)/i,
+    gemini: /(?:^aqs-|nano-banana)/i,
+    mistral: /(?:^mistral-ocr)/i,
+};
+function filterNonChatModels(models, configKey) {
+    const providerFilter = exports.PROVIDER_NON_CHAT[configKey];
+    return models.filter((m) => {
+        if (exports.UNIVERSAL_NON_CHAT_RE.test(m.id))
+            return false;
+        if (providerFilter && providerFilter.test(m.id))
+            return false;
+        return true;
+    });
 }
 function bearerHeaders(key) {
     return { Authorization: `Bearer ${key}` };
@@ -174,7 +187,7 @@ exports.PROVIDER_CONFIGS = {
     openai: {
         endpoint: 'https://api.openai.com/v1/models',
         buildHeaders: bearerHeaders,
-        parse: parseOpenAIChatOnly,
+        parse: parseOpenAIDeduped,
     },
     'openai-subscription': {
         endpoint: 'https://chatgpt.com/backend-api/codex/models?client_version=0.99.0',
@@ -194,7 +207,7 @@ exports.PROVIDER_CONFIGS = {
     mistral: {
         endpoint: 'https://api.mistral.ai/v1/models',
         buildHeaders: bearerHeaders,
-        parse: parseMistralChatOnly,
+        parse: parseOpenAI,
     },
     moonshot: {
         endpoint: 'https://api.moonshot.ai/v1/models',
@@ -321,7 +334,7 @@ let ProviderModelFetcherService = ProviderModelFetcherService_1 = class Provider
                 return [];
             }
             const body = await res.json();
-            return config.parse(body, providerId);
+            return filterNonChatModels(config.parse(body, providerId), configKey);
         }
         catch (err) {
             const message = err instanceof Error ? err.message : String(err);

package/dist/backend/routing/proxy/google-adapter.js

@@ -60,7 +60,7 @@ function mapRole(role) {
         return 'user';
     return 'user';
 }
-function messageToContent(msg) {
+function messageToContent(msg, signatureLookup) {
     const parts = [];
     if (typeof msg.content === 'string') {
         parts.push({ text: msg.content });
@@ -74,12 +74,20 @@ function messageToContent(msg) {
     }
     if (Array.isArray(msg.tool_calls)) {
         for (const tc of msg.tool_calls) {
-            parts.push({
-                functionCall: {
-                    name: tc.function.name,
-                    args: safeParseArgs(tc.function.arguments),
-                },
-            });
+            const functionCall = {
+                name: tc.function.name,
+                args: safeParseArgs(tc.function.arguments),
+            };
+            const sig = tc.thought_signature;
+            if (sig) {
+                functionCall.thought_signature = sig;
+            }
+            else if (signatureLookup) {
+                const cached = signatureLookup(tc.id);
+                if (cached)
+                    functionCall.thought_signature = cached;
+            }
+            parts.push({ functionCall });
         }
     }
     if (msg.role === 'tool' && typeof msg.content === 'string') {
@@ -118,7 +126,7 @@ function convertTools(tools) {
         return undefined;
     return [{ functionDeclarations: declarations }];
 }
-function toGoogleRequest(body, _model) {
+function toGoogleRequest(body, _model, signatureLookup) {
     const messages = body.messages || [];
     const contents = [];
     const systemMsgs = messages.filter((m) => m.role === 'system');
@@ -129,7 +137,7 @@ function toGoogleRequest(body, _model) {
     for (const msg of messages) {
         if (msg.role === 'system')
             continue;
-        const content = messageToContent(msg);
+        const content = messageToContent(msg, signatureLookup);
         if (content)
             contents.push(content);
     }
@@ -174,16 +182,28 @@ function fromGoogleResponse(googleResp, model) {
             textContent += part.text;
         if (part.functionCall) {
             const fc = part.functionCall;
-            toolCalls.push({
+            const toolCall = {
                 id: `call_${(0, crypto_1.randomUUID)()}`,
                 type: 'function',
                 function: { name: fc.name, arguments: JSON.stringify(fc.args) },
-            });
+            };
+            if (fc.thought_signature)
+                toolCall.thought_signature = fc.thought_signature;
+            toolCalls.push(toolCall);
         }
     }
     const message = { role: 'assistant', content: textContent || null };
     if (toolCalls.length > 0)
         message.tool_calls = toolCalls;
+    const extractedSignatures = [];
+    for (const tc of toolCalls) {
+        if (tc.thought_signature && typeof tc.id === 'string') {
+            extractedSignatures.push({
+                toolCallId: tc.id,
+                signature: tc.thought_signature,
+            });
+        }
+    }
     const usage = googleResp.usageMetadata;
     return {
         id: `chatcmpl-${(0, crypto_1.randomUUID)()}`,
@@ -203,6 +223,7 @@ function fromGoogleResponse(googleResp, model) {
                 cache_creation_tokens: 0,
             }
             : undefined,
+        ...(extractedSignatures.length > 0 ? { _extractedSignatures: extractedSignatures } : {}),
     };
 }
 function mapFinishReason(candidate, hasToolCalls = false) {
@@ -236,12 +257,15 @@ function transformGoogleStreamChunk(chunk, model) {
     for (const part of parts) {
         if (part.functionCall) {
             const fc = part.functionCall;
-            toolCalls.push({
+            const toolCall = {
                 index: toolCalls.length,
                 id: `call_${(0, crypto_1.randomUUID)()}`,
                 type: 'function',
                 function: { name: fc.name, arguments: JSON.stringify(fc.args ?? {}) },
-            });
+            };
+            if (fc.thought_signature)
+                toolCall.thought_signature = fc.thought_signature;
+            toolCalls.push(toolCall);
         }
     }
     let result = '';

package/dist/backend/routing/proxy/provider-client.js

@@ -22,7 +22,7 @@ function stripModelPrefix(model, endpointKey) {
 let ProviderClient = ProviderClient_1 = class ProviderClient {
     logger = new common_1.Logger(ProviderClient_1.name);
     async forward(opts) {
-        const { provider, apiKey, model, body, stream, signal, extraHeaders, customEndpoint, authType, } = opts;
+        const { provider, apiKey, model, body, stream, signal, extraHeaders, customEndpoint, authType, signatureLookup, } = opts;
         let endpoint;
         let endpointKey;
         if (customEndpoint) {
@@ -55,7 +55,7 @@ let ProviderClient = ProviderClient_1 = class ProviderClient {
             if (stream)
                 url += '&alt=sse';
             headers = endpoint.buildHeaders(apiKey, authType);
-            requestBody = (0, provider_client_converters_1.toGoogleRequest)(body, bareModel);
+            requestBody = (0, provider_client_converters_1.toGoogleRequest)(body, bareModel, signatureLookup);
         }
         else if (isAnthropic) {
             url = `${endpoint.baseUrl}${endpoint.buildPath(bareModel)}`;

package/dist/backend/routing/proxy/proxy-exception.filter.js

@@ -0,0 +1,67 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProxyExceptionFilter = void 0;
+const common_1 = require("@nestjs/common");
+const config_1 = require("@nestjs/config");
+const proxy_friendly_response_1 = require("./proxy-friendly-response");
+const AUTH_ERROR_MESSAGES = {
+    'Authorization header required': 'Missing API key. Set your Manifest key (starts with mnfst_) as the Bearer token.',
+    'Empty token': 'Bearer token is empty — paste your Manifest API key into the authorization field.',
+    'Invalid API key format': 'That doesn\'t look like a Manifest key. They start with "mnfst_" — check your dashboard.',
+    'API key expired': 'This API key expired. Generate a new one from your Manifest dashboard',
+    'Invalid API key': "This API key wasn't recognized — it may have been rotated or deleted. Check your dashboard for the current key.",
+};
+const PASSTHROUGH_STATUSES = new Set([429]);
+let ProxyExceptionFilter = class ProxyExceptionFilter {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    catch(exception, host) {
+        const ctx = host.switchToHttp();
+        const req = ctx.getRequest();
+        const res = ctx.getResponse();
+        const status = exception.getStatus();
+        const message = exception.message;
+        if (PASSTHROUGH_STATUSES.has(status)) {
+            const response = exception.getResponse();
+            res
+                .status(status)
+                .json(typeof response === 'string'
+                ? { error: { message: response, type: 'proxy_error' } }
+                : response);
+            return;
+        }
+        const isStream = req.body?.stream === true;
+        const ingestionCtx = req
+            .ingestionContext;
+        const agentName = ingestionCtx?.agentName;
+        const friendly = AUTH_ERROR_MESSAGES[message];
+        if (friendly) {
+            const dashboardUrl = (0, proxy_friendly_response_1.getDashboardUrl)(this.config, agentName);
+            const content = message === 'API key expired'
+                ? `${friendly}: ${dashboardUrl}`
+                : `${friendly}\n\nDashboard: ${dashboardUrl}`;
+            (0, proxy_friendly_response_1.sendFriendlyResponse)(res, content, isStream);
+            return;
+        }
+        const content = status >= 500 ? 'Something broke on our end. Try again shortly.' : message;
+        (0, proxy_friendly_response_1.sendFriendlyResponse)(res, content, isStream);
+    }
+};
+exports.ProxyExceptionFilter = ProxyExceptionFilter;
+exports.ProxyExceptionFilter = ProxyExceptionFilter = __decorate([
+    (0, common_1.Injectable)(),
+    (0, common_1.Catch)(common_1.HttpException),
+    __metadata("design:paramtypes", [config_1.ConfigService])
+], ProxyExceptionFilter);
+//# sourceMappingURL=proxy-exception.filter.js.map

package/dist/backend/routing/proxy/proxy-fallback.service.js

@@ -52,7 +52,7 @@ let ProxyFallbackService = ProxyFallbackService_1 = class ProxyFallbackService {
         this.copilotToken = copilotToken;
         this.pricingCache = pricingCache;
     }
-    async tryFallbacks(agentId, userId, fallbackModels, body, stream, sessionKey, primaryModel, signal, primaryProvider, primaryAuthType) {
+    async tryFallbacks(agentId, userId, fallbackModels, body, stream, sessionKey, primaryModel, signal, primaryProvider, primaryAuthType, signatureLookup) {
         const failures = [];
         const failedAuthByProvider = new Map();
         if (primaryProvider && primaryAuthType) {
@@ -101,6 +101,7 @@ let ProxyFallbackService = ProxyFallbackService_1 = class ProxyFallbackService {
                 authType,
                 resourceUrl: resolvedCredentials.resourceUrl,
                 providerRegion,
+                signatureLookup,
             });
             if (forward.response.ok) {
                 return { success: { forward, model, provider, fallbackIndex: i }, failures };
@@ -143,7 +144,7 @@ let ProxyFallbackService = ProxyFallbackService_1 = class ProxyFallbackService {
         }
     }
     async forwardToProvider(opts) {
-        const { provider, body, stream, signal, authType, resourceUrl, providerRegion } = opts;
+        const { provider, body, stream, signal, authType, resourceUrl, providerRegion, signatureLookup, } = opts;
         const extraHeaders = {};
         if (provider === 'xai') {
             extraHeaders['x-grok-conv-id'] = opts.sessionKey;
@@ -188,6 +189,7 @@ let ProxyFallbackService = ProxyFallbackService_1 = class ProxyFallbackService {
             extraHeaders: hasExtraHeaders ? extraHeaders : undefined,
             customEndpoint,
             authType,
+            signatureLookup,
         });
     }
 };

package/dist/backend/routing/proxy/proxy-friendly-response.js

@@ -0,0 +1,115 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getDashboardUrl = getDashboardUrl;
+exports.buildFriendlyResponse = buildFriendlyResponse;
+exports.sendFriendlyResponse = sendFriendlyResponse;
+const crypto_1 = require("crypto");
+function getDashboardUrl(config, agentName) {
+    const baseUrl = config.get('app.betterAuthUrl') ||
+        `http://localhost:${config.get('app.port', 3001)}`;
+    const path = agentName ? `/agents/${encodeURIComponent(agentName)}` : '/routing';
+    return `${baseUrl}${path}`;
+}
+function buildFriendlyResponse(content, stream, reason = 'friendly_error') {
+    const id = `chatcmpl-manifest-${(0, crypto_1.randomUUID)()}`;
+    const created = Math.floor(Date.now() / 1000);
+    const meta = {
+        tier: 'simple',
+        model: 'manifest',
+        provider: 'manifest',
+        confidence: 1,
+        reason,
+    };
+    if (stream) {
+        const chunk = {
+            id,
+            object: 'chat.completion.chunk',
+            created,
+            model: 'manifest',
+            choices: [{ index: 0, delta: { role: 'assistant', content }, finish_reason: 'stop' }],
+        };
+        const ssePayload = `data: ${JSON.stringify(chunk)}\n\ndata: [DONE]\n\n`;
+        const encoder = new TextEncoder();
+        const body = new ReadableStream({
+            start(controller) {
+                controller.enqueue(encoder.encode(ssePayload));
+                controller.close();
+            },
+        });
+        return {
+            forward: {
+                response: new Response(body, {
+                    status: 200,
+                    headers: { 'Content-Type': 'text/event-stream' },
+                }),
+                isGoogle: false,
+                isAnthropic: false,
+                isChatGpt: false,
+            },
+            meta,
+        };
+    }
+    const responseBody = {
+        id,
+        object: 'chat.completion',
+        created,
+        model: 'manifest',
+        choices: [
+            {
+                index: 0,
+                message: { role: 'assistant', content },
+                finish_reason: 'stop',
+            },
+        ],
+        usage: { prompt_tokens: 0, completion_tokens: 0, total_tokens: 0 },
+    };
+    return {
+        forward: {
+            response: new Response(JSON.stringify(responseBody), {
+                status: 200,
+                headers: { 'Content-Type': 'application/json' },
+            }),
+            isGoogle: false,
+            isAnthropic: false,
+            isChatGpt: false,
+        },
+        meta,
+    };
+}
+function sendFriendlyResponse(res, content, stream) {
+    const id = `chatcmpl-manifest-${(0, crypto_1.randomUUID)()}`;
+    const created = Math.floor(Date.now() / 1000);
+    if (stream) {
+        const chunk = {
+            id,
+            object: 'chat.completion.chunk',
+            created,
+            model: 'manifest',
+            choices: [{ index: 0, delta: { role: 'assistant', content }, finish_reason: 'stop' }],
+        };
+        const ssePayload = `data: ${JSON.stringify(chunk)}\n\ndata: [DONE]\n\n`;
+        res.setHeader('Content-Type', 'text/event-stream');
+        res.setHeader('Cache-Control', 'no-cache');
+        res.setHeader('Connection', 'keep-alive');
+        res.status(200).send(ssePayload);
+    }
+    else {
+        const responseBody = {
+            id,
+            object: 'chat.completion',
+            created,
+            model: 'manifest',
+            choices: [
+                {
+                    index: 0,
+                    message: { role: 'assistant', content },
+                    finish_reason: 'stop',
+                },
+            ],
+            usage: { prompt_tokens: 0, completion_tokens: 0, total_tokens: 0 },
+        };
+        res.setHeader('Content-Type', 'application/json');
+        res.status(200).json(responseBody);
+    }
+}
+//# sourceMappingURL=proxy-friendly-response.js.map

package/dist/backend/routing/proxy/proxy-rate-limiter.js

@@ -36,7 +36,7 @@ let ProxyRateLimiter = class ProxyRateLimiter {
             entry = { count: 0, windowStart: now };
         }
         if (entry.count >= RATE_MAX_REQUESTS) {
-            throw new common_1.HttpException('Rate limit exceeded. Try again later.', common_1.HttpStatus.TOO_MANY_REQUESTS);
+            throw new common_1.HttpException('Too many requests — wait a few seconds and retry.', common_1.HttpStatus.TOO_MANY_REQUESTS);
         }
         entry.count++;
         this.rates.set(userId, entry);
@@ -45,7 +45,7 @@ let ProxyRateLimiter = class ProxyRateLimiter {
     acquireSlot(userId) {
         const current = this.concurrency.get(userId) ?? 0;
         if (current >= CONCURRENCY_MAX) {
-            throw new common_1.HttpException('Too many concurrent requests. Try again later.', common_1.HttpStatus.TOO_MANY_REQUESTS);
+            throw new common_1.HttpException('Too many concurrent requests. Give it a moment.', common_1.HttpStatus.TOO_MANY_REQUESTS);
         }
         this.concurrency.set(userId, current + 1);
     }

package/dist/backend/routing/proxy/proxy-response-handler.js

@@ -107,10 +107,22 @@ function recordFallbackFailures(ctx, meta, failedFallbacks, recorder) {
     }
     return new Date(fallbackBaseTime + (failures.length + 1) * 100).toISOString();
 }
-async function handleStreamResponse(res, forward, meta, metaHeaders, providerClient) {
+async function handleStreamResponse(res, forward, meta, metaHeaders, providerClient, signatureCache, sessionKey) {
     (0, stream_writer_1.initSseHeaders)(res, metaHeaders);
     if (forward.isGoogle) {
-        return (0, stream_writer_1.pipeStream)(forward.response.body, res, (chunk) => providerClient.convertGoogleStreamChunk(chunk, meta.model));
+        return (0, stream_writer_1.pipeStream)(forward.response.body, res, (chunk) => {
+            const result = providerClient.convertGoogleStreamChunk(chunk, meta.model);
+            if (signatureCache && sessionKey && result) {
+                const sigRe = /"thought_signature"\s*:\s*"([^"]+)"/g;
+                const idRe = /"id"\s*:\s*"([^"]+)"/g;
+                const ids = [...result.matchAll(idRe)].map((m) => m[1]);
+                const sigs = [...result.matchAll(sigRe)].map((m) => m[1]);
+                for (let i = 0; i < Math.min(ids.length, sigs.length); i++) {
+                    signatureCache.store(sessionKey, ids[i], sigs[i]);
+                }
+            }
+            return result;
+        });
     }
     if (forward.isAnthropic) {
         return (0, stream_writer_1.pipeStream)(forward.response.body, res, providerClient.createAnthropicStreamTransformer(meta.model));
@@ -120,11 +132,19 @@ async function handleStreamResponse(res, forward, meta, metaHeaders, providerCli
     }
     return (0, stream_writer_1.pipeStream)(forward.response.body, res);
 }
-async function handleNonStreamResponse(res, forward, meta, metaHeaders, providerClient) {
+async function handleNonStreamResponse(res, forward, meta, metaHeaders, providerClient, signatureCache, sessionKey) {
     let responseBody;
     if (forward.isGoogle) {
         const googleData = (await forward.response.json());
         responseBody = providerClient.convertGoogleResponse(googleData, meta.model);
+        if (signatureCache && sessionKey) {
+            const sigs = responseBody?._extractedSignatures;
+            if (sigs) {
+                for (const s of sigs)
+                    signatureCache.store(sessionKey, s.toolCallId, s.signature);
+                delete responseBody._extractedSignatures;
+            }
+        }
     }
     else if (forward.isAnthropic) {
         const anthropicData = (await forward.response.json());

package/dist/backend/routing/proxy/proxy.controller.js

@@ -22,7 +22,10 @@ const proxy_service_1 = require("./proxy.service");
 const proxy_rate_limiter_1 = require("./proxy-rate-limiter");
 const provider_client_1 = require("./provider-client");
 const proxy_message_recorder_1 = require("./proxy-message-recorder");
+const thought_signature_cache_1 = require("./thought-signature-cache");
 const proxy_response_handler_1 = require("./proxy-response-handler");
+const proxy_exception_filter_1 = require("./proxy-exception.filter");
+const proxy_friendly_response_1 = require("./proxy-friendly-response");
 const MAX_SEEN_USERS = 10_000;
 const SEEN_USER_TTL_MS = 24 * 60 * 60 * 1000;
 let ProxyController = ProxyController_1 = class ProxyController {
@@ -30,13 +33,15 @@ let ProxyController = ProxyController_1 = class ProxyController {
     rateLimiter;
     providerClient;
     recorder;
+    signatureCache;
     logger = new common_1.Logger(ProxyController_1.name);
     seenUsers = new Map();
-    constructor(proxyService, rateLimiter, providerClient, recorder) {
+    constructor(proxyService, rateLimiter, providerClient, recorder, signatureCache) {
         this.proxyService = proxyService;
         this.rateLimiter = rateLimiter;
         this.providerClient = providerClient;
         this.recorder = recorder;
+        this.signatureCache = signatureCache;
     }
     async chatCompletions(req, res) {
         const { userId } = req.ingestionContext;
@@ -74,10 +79,10 @@ let ProxyController = ProxyController_1 = class ProxyController {
             let streamUsage = null;
             if (isStream && providerResponse.body) {
                 headersSent = true;
-                streamUsage = await (0, proxy_response_handler_1.handleStreamResponse)(res, forward, meta, metaHeaders, this.providerClient);
+                streamUsage = await (0, proxy_response_handler_1.handleStreamResponse)(res, forward, meta, metaHeaders, this.providerClient, this.signatureCache, sessionKey);
             }
             else {
-                streamUsage = await (0, proxy_response_handler_1.handleNonStreamResponse)(res, forward, meta, metaHeaders, this.providerClient);
+                streamUsage = await (0, proxy_response_handler_1.handleNonStreamResponse)(res, forward, meta, metaHeaders, this.providerClient, this.signatureCache, sessionKey);
             }
             (0, proxy_response_handler_1.recordSuccess)(req.ingestionContext, meta, streamUsage, fallbackSuccessTs, this.recorder, traceId, sessionKey, startTime);
         }
@@ -98,10 +103,18 @@ let ProxyController = ProxyController_1 = class ProxyController {
                     res.end();
                 return;
             }
-            const clientMessage = status >= 500 ? 'Internal proxy error' : message;
-            res.status(status).json({
-                error: { message: clientMessage, type: 'proxy_error' },
-            });
+            if (status === 429) {
+                const response = err instanceof common_1.HttpException ? err.getResponse() : message;
+                res
+                    .status(429)
+                    .json(typeof response === 'string'
+                    ? { error: { message: response, type: 'proxy_error' } }
+                    : response);
+                return;
+            }
+            const isStream = req.body?.stream === true;
+            const clientMessage = status >= 500 ? 'Something broke on our end. Try again shortly.' : message;
+            (0, proxy_friendly_response_1.sendFriendlyResponse)(res, clientMessage, isStream);
         }
         finally {
             if (slotAcquired)
@@ -150,10 +163,12 @@ exports.ProxyController = ProxyController = ProxyController_1 = __decorate([
     (0, common_1.Controller)('v1'),
     (0, public_decorator_1.Public)(),
     (0, common_1.UseGuards)(agent_key_auth_guard_1.AgentKeyAuthGuard),
+    (0, common_1.UseFilters)(proxy_exception_filter_1.ProxyExceptionFilter),
     (0, throttler_1.SkipThrottle)(),
     __metadata("design:paramtypes", [proxy_service_1.ProxyService,
         proxy_rate_limiter_1.ProxyRateLimiter,
         provider_client_1.ProviderClient,
-        proxy_message_recorder_1.ProxyMessageRecorder])
+        proxy_message_recorder_1.ProxyMessageRecorder,
+        thought_signature_cache_1.ThoughtSignatureCache])
 ], ProxyController);
 //# sourceMappingURL=proxy.controller.js.map

package/dist/backend/routing/proxy/proxy.module.js

@@ -27,6 +27,8 @@ const proxy_message_recorder_1 = require("./proxy-message-recorder");
 const proxy_message_dedup_1 = require("./proxy-message-dedup");
 const session_momentum_service_1 = require("./session-momentum.service");
 const copilot_token_service_1 = require("./copilot-token.service");
+const thought_signature_cache_1 = require("./thought-signature-cache");
+const proxy_exception_filter_1 = require("./proxy-exception.filter");
 let ProxyModule = class ProxyModule {
 };
 exports.ProxyModule = ProxyModule;
@@ -52,6 +54,8 @@ exports.ProxyModule = ProxyModule = __decorate([
             proxy_message_dedup_1.ProxyMessageDedup,
             session_momentum_service_1.SessionMomentumService,
             copilot_token_service_1.CopilotTokenService,
+            thought_signature_cache_1.ThoughtSignatureCache,
+            proxy_exception_filter_1.ProxyExceptionFilter,
         ],
     })
 ], ProxyModule);