mobygate 0.7.3 → 0.8.1

package/server.js

@@ -76,8 +76,10 @@ import {
   makeStreamTranslator,
   hasAnthropicTools,
   mapStopReason,
+  extractSdkUsage,
 } from './lib/anthropic.js';
 import { resolveSessionKey } from './lib/session-derive.js';
+import { captureRequest, captureResponse, isCaptureEnabled, CAPTURE_DIR_PATH } from './lib/request-capture.js';
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -444,6 +446,10 @@ async function handleStreaming(req, res, body, requestId, sessionKey) {
   let resolvedModel = model;
   let capturedSessionId = existing?.sdkSessionId || null;
   let clientDisconnected = false;
+  let inputTokens = 0;
+  let outputTokens = 0;
+  let cacheReadTokens = 0;
+  let cacheCreateTokens = 0;
 
   res.on('close', () => {
     clientDisconnected = true;
@@ -568,6 +574,11 @@ async function handleStreaming(req, res, body, requestId, sessionKey) {
           isFirst = false;
         }
         if (toolsEnabled && !bufferedText && message.result) bufferedText = message.result;
+        const usage = extractSdkUsage(message);
+        inputTokens = usage.input_tokens;
+        outputTokens = usage.output_tokens;
+        cacheReadTokens = usage.cache_read_input_tokens;
+        cacheCreateTokens = usage.cache_creation_input_tokens;
         break;
       }
     }
@@ -627,6 +638,13 @@ async function handleStreaming(req, res, body, requestId, sessionKey) {
     }
     res.write('data: [DONE]\n\n');
     res.end();
+    captureResponse({
+      requestId,
+      usage: { input_tokens: inputTokens, output_tokens: outputTokens, cache_read_input_tokens: cacheReadTokens, cache_creation_input_tokens: cacheCreateTokens },
+      status: 'ok',
+      stopReason: collectedToolCalls.length > 0 ? 'tool_use' : 'end_turn',
+      model: resolvedModel,
+    });
     return;
   }
 
@@ -635,6 +653,14 @@ async function handleStreaming(req, res, body, requestId, sessionKey) {
     res.write('data: [DONE]\n\n');
     res.end();
   }
+
+  captureResponse({
+    requestId,
+    usage: { input_tokens: inputTokens, output_tokens: outputTokens, cache_read_input_tokens: cacheReadTokens, cache_creation_input_tokens: cacheCreateTokens },
+    status: clientDisconnected ? 'client_disconnect' : 'ok',
+    stopReason: 'end_turn',
+    model: resolvedModel,
+  });
 }
 
 // ---------------------------------------------------------------------------
@@ -670,6 +696,9 @@ async function handleNonStreaming(res, body, requestId, sessionKey) {
   let resolvedModel = model;
   let inputTokens = 0;
   let outputTokens = 0;
+  let cacheReadTokens = 0;
+  let cacheCreateTokens = 0;
+  let stopReason = 'end_turn';
   let capturedSessionId = existing?.sdkSessionId || null;
   const abortController = new AbortController();
 
@@ -750,8 +779,12 @@ async function handleNonStreaming(res, body, requestId, sessionKey) {
         if (isAuthFailureText(resultText)) {
           throw new AuthFailureInResultText(resultText);
         }
-        inputTokens = message.input_tokens || 0;
-        outputTokens = message.output_tokens || 0;
+        const usage = extractSdkUsage(message);
+        inputTokens = usage.input_tokens;
+        outputTokens = usage.output_tokens;
+        cacheReadTokens = usage.cache_read_input_tokens;
+        cacheCreateTokens = usage.cache_creation_input_tokens;
+        if (message.subtype) stopReason = message.subtype;
         break;
       }
     }
@@ -818,6 +851,14 @@ async function handleNonStreaming(res, body, requestId, sessionKey) {
     }],
     usage: { prompt_tokens: inputTokens, completion_tokens: outputTokens, total_tokens: inputTokens + outputTokens },
   });
+
+  captureResponse({
+    requestId,
+    usage: { input_tokens: inputTokens, output_tokens: outputTokens, cache_read_input_tokens: cacheReadTokens, cache_creation_input_tokens: cacheCreateTokens },
+    status: 'ok',
+    stopReason,
+    model: resolvedModel,
+  });
 }
 
 // ---------------------------------------------------------------------------
@@ -870,6 +911,8 @@ async function handleAnthropicNonStreaming(res, body, requestId, sessionKey) {
   let resolvedModel = model;
   let inputTokens = 0;
   let outputTokens = 0;
+  let cacheReadTokens = 0;
+  let cacheCreateTokens = 0;
   let capturedSessionId = existing?.sdkSessionId || null;
   let stopReason = 'end_turn';
   const abortController = new AbortController();
@@ -950,8 +993,11 @@ async function handleAnthropicNonStreaming(res, body, requestId, sessionKey) {
         if (isAuthFailureText(resultText)) {
           throw new AuthFailureInResultText(resultText);
         }
-        inputTokens = message.input_tokens || 0;
-        outputTokens = message.output_tokens || 0;
+        const usage = extractSdkUsage(message);
+        inputTokens = usage.input_tokens;
+        outputTokens = usage.output_tokens;
+        cacheReadTokens = usage.cache_read_input_tokens;
+        cacheCreateTokens = usage.cache_creation_input_tokens;
         stopReason = mapStopReason(message);
         break;
       }
@@ -990,6 +1036,14 @@ async function handleAnthropicNonStreaming(res, body, requestId, sessionKey) {
     requestId,
     stopReason,
   }));
+
+  captureResponse({
+    requestId,
+    usage: { input_tokens: inputTokens, output_tokens: outputTokens, cache_read_input_tokens: cacheReadTokens, cache_creation_input_tokens: cacheCreateTokens },
+    status: 'ok',
+    stopReason,
+    model: resolvedModel,
+  });
 }
 
 async function handleAnthropicStreaming(req, res, body, requestId, sessionKey) {
@@ -1033,6 +1087,8 @@ async function handleAnthropicStreaming(req, res, body, requestId, sessionKey) {
   let capturedSessionId = existing?.sdkSessionId || null;
   let inputTokens = 0;
   let outputTokens = 0;
+  let cacheReadTokens = 0;
+  let cacheCreateTokens = 0;
   let stopReason = 'end_turn';
   let clientDisconnected = false;
   let textEmittedSoFar = ''; // dedup against same-message reflow from SDK
@@ -1182,8 +1238,11 @@ async function handleAnthropicStreaming(req, res, body, requestId, sessionKey) {
         if (isAuthFailureText(message.result || '') && !tx.hasStarted) {
           throw new AuthFailureInResultText(message.result);
         }
-        inputTokens = message.input_tokens || 0;
-        outputTokens = message.output_tokens || 0;
+        const usage = extractSdkUsage(message);
+        inputTokens = usage.input_tokens;
+        outputTokens = usage.output_tokens;
+        cacheReadTokens = usage.cache_read_input_tokens;
+        cacheCreateTokens = usage.cache_creation_input_tokens;
         if (!toolUseEmitted) stopReason = mapStopReason(message);
         break;
       }
@@ -1214,6 +1273,14 @@ async function handleAnthropicStreaming(req, res, body, requestId, sessionKey) {
   }
 
   tx.finish({ stopReason, usage: { output_tokens: outputTokens } });
+
+  captureResponse({
+    requestId,
+    usage: { input_tokens: inputTokens, output_tokens: outputTokens, cache_read_input_tokens: cacheReadTokens, cache_creation_input_tokens: cacheCreateTokens },
+    status: 'ok',
+    stopReason,
+    model: resolvedModel,
+  });
 }
 
 // ---------------------------------------------------------------------------
@@ -1311,6 +1378,19 @@ app.get('/', async (_req, res) => {
   }
 });
 
+// /inspector — session inspector UI for browsing captures.
+// Backed by /dashboard/captures and /dashboard/captures/:filename.
+app.get('/inspector', async (_req, res) => {
+  res.setHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
+  try {
+    const { readFile } = await import('fs/promises');
+    const html = await readFile(join(__dirname, 'inspector.html'), 'utf8');
+    res.type('html').send(html);
+  } catch (e) {
+    res.status(404).type('text').send(`inspector.html not found at ${join(__dirname, 'inspector.html')}`);
+  }
+});
+
 // POST /v1/chat/completions
 app.post('/v1/chat/completions', async (req, res) => {
   const requestId = uuidv4().replace(/-/g, '').slice(0, 24);
@@ -1339,6 +1419,9 @@ app.post('/v1/chat/completions', async (req, res) => {
 
   console.log(`[${new Date().toISOString()}] ${body.stream ? 'stream' : 'sync'} | model=${body.model} → ${resolveModel(body.model)} | msgs=${body.messages.length}${sessionTag}`);
 
+  // Diagnostic capture — off by default, enable with MOBY_CAPTURE=1.
+  captureRequest({ path: '/v1/chat/completions', body, requestId, sessionKey, sessionKeySource });
+
   // Dashboard: request.start
   const startedAt = Date.now();
   const imageBlocks = collectImages(body.messages).length;
@@ -1411,6 +1494,10 @@ app.post('/v1/messages', async (req, res) => {
 
   console.log(`[${new Date().toISOString()}] anthropic ${body.stream ? 'stream' : 'sync'} | model=${body.model} → ${resolveModel(body.model)} | msgs=${body.messages.length}${sessionTag}`);
 
+  // Diagnostic capture — off by default, enable with MOBY_CAPTURE=1.
+  // Writes raw body + summary to ~/.mobygate/captures/.
+  captureRequest({ path: '/v1/messages', body, requestId, sessionKey, sessionKeySource });
+
   // Dashboard event — same shape as the OpenAI route, just labeled by path.
   const startedAt = Date.now();
   const imageBlocks = collectAnthropicImages(body.messages || []).length;
@@ -1659,6 +1746,158 @@ app.get('/dashboard/logs', requireLocalOrigin, async (req, res) => {
   }
 });
 
+// ---------------------------------------------------------------------------
+// Captures — diagnostic request/response inspector for the dashboard
+// ---------------------------------------------------------------------------
+//
+// These endpoints back the session-inspector UI. They expose the contents
+// of `~/.mobygate/captures/` (created by lib/request-capture.js) so the
+// dashboard can list past requests, drill into individual ones, and
+// toggle capture on/off live without restarting mobygate.
+//
+// All capture endpoints require local-origin (DNS-rebinding protection)
+// because they expose full request bodies including conversation content.
+
+// Helper: parse a capture filename and return its components.
+//   "2026-04-28_03-49-05_v1-chat-completions_abc123.json" → { ts, slug, requestId }
+function parseCaptureFilename(name) {
+  const match = name.match(/^(\d{4}-\d{2}-\d{2}_\d{2}-\d{2}-\d{2})_([\w-]+)_([0-9a-f]+)\.(json|summary\.txt)$/);
+  if (!match) return null;
+  return {
+    timestamp: match[1].replace('_', 'T').replace(/-/g, (m, i) => i < 10 ? '-' : ':') + 'Z',
+    slug: '/' + match[2].replace(/-/g, '/'),
+    requestId: match[3],
+    type: match[4],
+  };
+}
+
+// Quick-read a summary.txt for the listing card (avoid loading the full JSON).
+async function readSummaryQuick(summaryPath) {
+  const { readFile } = await import('fs/promises');
+  const text = await readFile(summaryPath, 'utf8');
+  const grab = (re, dflt = null) => { const m = text.match(re); return m ? m[1].trim() : dflt; };
+  return {
+    sessionKey:   grab(/^session_key:\s+(\S+)/m),
+    sessionSrc:   grab(/^session_source:\s+(\S+)/m),
+    model:        grab(/^model:\s+(.+?)$/m),
+    stream:       grab(/^stream:\s+(\S+)/m) === 'true',
+    msgCount:     parseInt(grab(/^messages:\s+(\d+)/m, '0'), 10),
+    sysBytes:     parseInt(grab(/^\s*system:\s+(\d+)/m, '0'), 10),
+    grandBytes:   parseInt(grab(/^grand total:\s+(\d+)/m, '0'), 10),
+    grandTokens:  parseInt(grab(/≈\s+(\d+)\s+input/, '0'), 10),
+    cacheControlSystem: grab(/cache_control:\s+(\d+\/\d+)\s+system/),
+    // Response side (only present after captureResponse fires)
+    inputTokens:  parseInt(grab(/input_tokens \(uncached\):\s+(\d+)/, '0'), 10),
+    cacheRead:    parseInt(grab(/cache_read_input_tokens:\s+(\d+)/, '0'), 10),
+    cacheCreate:  parseInt(grab(/cache_creation_input_tokens:\s+(\d+)/, '0'), 10),
+    outputTokens: parseInt(grab(/output_tokens:\s+(\d+)/, '0'), 10),
+    cacheHitPct:  grab(/cache hit rate:\s+([\d.]+)%/),
+    durationMs:   parseInt(grab(/^duration:\s+(\d+) ms/m, '0'), 10),
+    status:       grab(/^status:\s+(\S+)/m),
+    stopReason:   grab(/^stop_reason:\s+(\S+)/m),
+  };
+}
+
+// GET /dashboard/captures — list captures (newest first), with summary stats.
+app.get('/dashboard/captures', requireLocalOrigin, async (req, res) => {
+  try {
+    const { readdir, stat } = await import('fs/promises');
+    const { CAPTURE_DIR_PATH } = await import('./lib/request-capture.js');
+    const limit = Math.min(500, parseInt(req.query.limit || '100', 10));
+
+    let entries;
+    try {
+      entries = await readdir(CAPTURE_DIR_PATH);
+    } catch {
+      return res.json({ captures: [], dir: CAPTURE_DIR_PATH, note: 'capture dir does not exist (capture has not run yet)' });
+    }
+
+    // Pair .json with .summary.txt by matching the base name.
+    const jsonFiles = entries.filter((n) => n.endsWith('.json'));
+    const items = [];
+    for (const jsonName of jsonFiles) {
+      const summaryName = jsonName.replace(/\.json$/, '.summary.txt');
+      if (!entries.includes(summaryName)) continue;
+      const meta = parseCaptureFilename(jsonName);
+      if (!meta) continue;
+      const fullJson = join(CAPTURE_DIR_PATH, jsonName);
+      const fullSummary = join(CAPTURE_DIR_PATH, summaryName);
+      try {
+        const [stJson, stSummary, summary] = await Promise.all([
+          stat(fullJson),
+          stat(fullSummary),
+          readSummaryQuick(fullSummary),
+        ]);
+        items.push({
+          filename: jsonName,
+          summaryFilename: summaryName,
+          ts: stJson.mtimeMs,
+          path: meta.slug,
+          requestId: meta.requestId,
+          jsonBytes: stJson.size,
+          ...summary,
+        });
+      } catch {}
+    }
+    items.sort((a, b) => b.ts - a.ts);
+    res.json({ captures: items.slice(0, limit), total: items.length, dir: CAPTURE_DIR_PATH });
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+});
+
+// GET /dashboard/captures/:filename — full body + summary for one capture.
+// Filename must end in .json (we serve the body and infer the summary path).
+app.get('/dashboard/captures/:filename', requireLocalOrigin, async (req, res) => {
+  try {
+    const { readFile } = await import('fs/promises');
+    const { CAPTURE_DIR_PATH } = await import('./lib/request-capture.js');
+    const filename = req.params.filename;
+    // Defense in depth: reject anything with path separators or .. — must
+    // be a bare filename within the capture dir.
+    if (!/^[\w.-]+\.json$/.test(filename)) {
+      return res.status(400).json({ error: 'invalid filename' });
+    }
+    const jsonPath = join(CAPTURE_DIR_PATH, filename);
+    const summaryPath = join(CAPTURE_DIR_PATH, filename.replace(/\.json$/, '.summary.txt'));
+    const [bodyRaw, summaryRaw] = await Promise.all([
+      readFile(jsonPath, 'utf8'),
+      readFile(summaryPath, 'utf8').catch(() => '(summary not found)'),
+    ]);
+    res.json({
+      filename,
+      body: JSON.parse(bodyRaw),
+      summary: summaryRaw,
+    });
+  } catch (e) {
+    res.status(404).json({ error: e.message });
+  }
+});
+
+// GET /dashboard/captures-state — is capture currently enabled?
+app.get('/dashboard/captures-state', requireLocalOrigin, async (_req, res) => {
+  const { isCaptureEnabled, CAPTURE_DIR_PATH, CAPTURE_TOGGLE_FILE } = await import('./lib/request-capture.js');
+  res.json({
+    enabled: isCaptureEnabled(),
+    captureDir: CAPTURE_DIR_PATH,
+    toggleFile: CAPTURE_TOGGLE_FILE,
+    envVar: !!(process.env.MOBY_CAPTURE === '1' || process.env.MOBY_CAPTURE === 'true'),
+  });
+});
+
+// POST /dashboard/captures-toggle — flip the touch file on/off.
+// Body: { enabled: true | false }
+app.post('/dashboard/captures-toggle', requireLocalOrigin, async (req, res) => {
+  try {
+    const { setCaptureEnabled } = await import('./lib/request-capture.js');
+    const target = !!req.body?.enabled;
+    const newState = await setCaptureEnabled(target);
+    res.json({ enabled: newState });
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+});
+
 // ---------------------------------------------------------------------------
 // Updater — dashboard-driven "update available → update now" flow
 // ---------------------------------------------------------------------------
@@ -1727,6 +1966,9 @@ app.listen(PORT, BIND, async () => {
   console.log(`    model        ${DEFAULT_MODEL}`);
   console.log(`    session TTL  ${ttlMin} min`);
   console.log(`    dashboard    http://localhost:${PORT}`);
+  if (isCaptureEnabled()) {
+    console.log(`    capture      ON → ${CAPTURE_DIR_PATH.replace(process.env.HOME || '', '~')}`);
+  }
   console.log('');
   dashboardBus.emitEvent({ type: 'server.boot', port: PORT, bind: BIND, defaultModel: DEFAULT_MODEL });
 });