responses-proxy 0.1.0

package/dist/customer-key-access.js

@@ -0,0 +1,126 @@
+import { normalizeClientRouteKey, } from "./runtime-provider-repository.js";
+export function resolveCustomerRoutingAccess(args) {
+    const customerKey = args.routingApiKey
+        ? args.customerKeyRepository.getByApiKey(args.routingApiKey)
+        : undefined;
+    if (!customerKey) {
+        return {
+            kind: "operator",
+            clientRoute: args.resolvedClientRoute,
+            providers: args.providerRepository.findProvidersByAccessKey(args.routingApiKey),
+        };
+    }
+    if (customerKey.status !== "active") {
+        return {
+            error: {
+                statusCode: 403,
+                body: buildCustomerKeyError(customerKey.status),
+            },
+        };
+    }
+    const workspace = args.workspaceRepository.getById(customerKey.workspaceId);
+    if (!workspace) {
+        return {
+            error: {
+                statusCode: 404,
+                body: {
+                    error: {
+                        type: "not_found_error",
+                        code: "CUSTOMER_WORKSPACE_NOT_FOUND",
+                        message: "Customer workspace was not found for this API key.",
+                        retryable: false,
+                    },
+                },
+            },
+        };
+    }
+    if (workspace.status !== "active") {
+        return {
+            error: {
+                statusCode: 403,
+                body: {
+                    error: {
+                        type: "authentication_error",
+                        code: "CUSTOMER_WORKSPACE_SUSPENDED",
+                        message: "This customer workspace is not active.",
+                        retryable: false,
+                    },
+                },
+            },
+        };
+    }
+    const entitlement = args.billingRepository.getActiveEntitlementForWorkspace(workspace.id);
+    const usableEntitlement = args.billingRepository.getUsableActiveEntitlementForWorkspace(workspace.id);
+    if (!entitlement || !usableEntitlement) {
+        return {
+            error: {
+                statusCode: 403,
+                body: {
+                    error: {
+                        type: "billing_error",
+                        code: entitlement ? "TOKEN_LOT_QUOTA_EXHAUSTED" : "SUBSCRIPTION_REQUIRED",
+                        message: entitlement
+                            ? "No active token lot with remaining quota was found for this customer API key."
+                            : "No active entitlement was found for this customer API key.",
+                        retryable: false,
+                    },
+                },
+            },
+        };
+    }
+    const clientRoute = normalizeClientRouteKey(customerKey.clientRoute);
+    const provider = args.providerRepository.getProviderForClient(clientRoute);
+    if (!provider) {
+        return {
+            error: {
+                statusCode: 403,
+                body: {
+                    error: {
+                        type: "authentication_error",
+                        code: "CUSTOMER_CLIENT_ROUTE_UNBOUND",
+                        message: "This customer API key is not bound to an active provider route.",
+                        retryable: false,
+                    },
+                },
+            },
+        };
+    }
+    return {
+        kind: "customer",
+        customerKey,
+        workspace,
+        entitlement: usableEntitlement,
+        clientRoute,
+        providers: [provider],
+    };
+}
+function buildCustomerKeyError(status) {
+    if (status === "revoked") {
+        return {
+            error: {
+                type: "authentication_error",
+                code: "API_KEY_REVOKED",
+                message: "This customer API key has been revoked.",
+                retryable: false,
+            },
+        };
+    }
+    if (status === "expired") {
+        return {
+            error: {
+                type: "billing_error",
+                code: "SUBSCRIPTION_EXPIRED",
+                message: "This customer API key has expired.",
+                retryable: false,
+            },
+        };
+    }
+    return {
+        error: {
+            type: "authentication_error",
+            code: "API_KEY_SUSPENDED",
+            message: "This customer API key is suspended.",
+            retryable: false,
+        },
+    };
+}

package/dist/customer-key-access.test.js

@@ -0,0 +1,178 @@
+import assert from "node:assert/strict";
+import { mkdtempSync, rmSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import test from "node:test";
+import { BillingRepository } from "./billing.js";
+import { CustomerKeyRepository } from "./customer-keys.js";
+import { resolveCustomerRoutingAccess } from "./customer-key-access.js";
+import { RuntimeProviderRepository } from "./runtime-provider-repository.js";
+import { CustomerWorkspaceRepository } from "./telegram-bot/customer-workspace-repository.js";
+function createProvider(id) {
+    return {
+        id,
+        name: id,
+        baseUrl: `https://${id}.example/v1`,
+        responsesUrl: `https://${id}.example/v1/responses`,
+        providerApiKeys: [`${id}-provider-key`],
+        clientApiKeys: [],
+        capabilities: {
+            usageCheckEnabled: false,
+            stripMaxOutputTokens: false,
+            requestParameterPolicy: {},
+            sanitizeReasoningSummary: false,
+            stripModelPrefixes: [],
+        },
+    };
+}
+async function createRepositories() {
+    const dir = mkdtempSync(path.join(os.tmpdir(), "customer-key-access-"));
+    const providerDbFile = path.join(dir, "app.sqlite");
+    const workspaceDbFile = path.join(dir, "bot.sqlite");
+    const legacyStateFile = path.join(dir, "providers.json");
+    const providerRepository = await RuntimeProviderRepository.create({
+        dbFile: providerDbFile,
+        legacyStateFile,
+        baseProviders: [createProvider("provider-a"), createProvider("provider-b")],
+    });
+    providerRepository.setClientRoute("customers", "provider-a");
+    return {
+        dir,
+        providerRepository,
+        customerKeys: CustomerKeyRepository.create(workspaceDbFile),
+        workspaces: CustomerWorkspaceRepository.create(workspaceDbFile),
+        billing: BillingRepository.create(workspaceDbFile),
+    };
+}
+test("customer key resolves to its bound client route provider", async () => {
+    const repos = await createRepositories();
+    try {
+        const workspace = repos.workspaces.ensureDefaultWorkspace({
+            ownerTelegramUserId: "42",
+            defaultClientRoute: "customers",
+            status: "active",
+        });
+        const created = repos.customerKeys.createKey({
+            workspaceId: workspace.id,
+            telegramUserId: "42",
+            clientRoute: "customers",
+        });
+        repos.billing.grantSubscription({
+            workspaceId: workspace.id,
+            planId: "basic",
+            days: 30,
+            now: new Date(),
+        });
+        const result = resolveCustomerRoutingAccess({
+            routingApiKey: created.apiKey,
+            resolvedClientRoute: "default",
+            providerRepository: repos.providerRepository,
+            customerKeyRepository: repos.customerKeys,
+            workspaceRepository: repos.workspaces,
+            billingRepository: repos.billing,
+        });
+        assert.equal("kind" in result && result.kind, "customer");
+        if ("kind" in result && result.kind === "customer") {
+            assert.equal(result.clientRoute, "customers");
+            assert.equal(result.providers[0]?.id, "provider-a");
+            assert.equal(result.entitlement.workspaceId, workspace.id);
+        }
+    }
+    finally {
+        rmSync(repos.dir, { recursive: true, force: true });
+    }
+});
+test("suspended customer key is rejected before operator routing", async () => {
+    const repos = await createRepositories();
+    try {
+        const workspace = repos.workspaces.ensureDefaultWorkspace({
+            ownerTelegramUserId: "42",
+            defaultClientRoute: "customers",
+            status: "active",
+        });
+        const created = repos.customerKeys.createKey({
+            workspaceId: workspace.id,
+            telegramUserId: "42",
+            clientRoute: "customers",
+        });
+        repos.customerKeys.setStatus(created.record.id, "suspended");
+        const result = resolveCustomerRoutingAccess({
+            routingApiKey: created.apiKey,
+            resolvedClientRoute: "default",
+            providerRepository: repos.providerRepository,
+            customerKeyRepository: repos.customerKeys,
+            workspaceRepository: repos.workspaces,
+            billingRepository: repos.billing,
+        });
+        assert.equal("error" in result, true);
+        if ("error" in result) {
+            assert.equal(result.error.statusCode, 403);
+            assert.equal(result.error.body.error.code, "API_KEY_SUSPENDED");
+        }
+    }
+    finally {
+        rmSync(repos.dir, { recursive: true, force: true });
+    }
+});
+test("customer key without active entitlement is rejected", async () => {
+    const repos = await createRepositories();
+    try {
+        const workspace = repos.workspaces.ensureDefaultWorkspace({
+            ownerTelegramUserId: "42",
+            defaultClientRoute: "customers",
+            status: "active",
+        });
+        const created = repos.customerKeys.createKey({
+            workspaceId: workspace.id,
+            telegramUserId: "42",
+            clientRoute: "customers",
+        });
+        const result = resolveCustomerRoutingAccess({
+            routingApiKey: created.apiKey,
+            resolvedClientRoute: "default",
+            providerRepository: repos.providerRepository,
+            customerKeyRepository: repos.customerKeys,
+            workspaceRepository: repos.workspaces,
+            billingRepository: repos.billing,
+        });
+        assert.equal("error" in result, true);
+        if ("error" in result) {
+            assert.equal(result.error.statusCode, 403);
+            assert.equal(result.error.body.error.code, "SUBSCRIPTION_REQUIRED");
+        }
+    }
+    finally {
+        rmSync(repos.dir, { recursive: true, force: true });
+    }
+});
+test("operator keys continue to use runtime provider repository access", async () => {
+    const dir = mkdtempSync(path.join(os.tmpdir(), "customer-key-access-operator-"));
+    try {
+        const dbFile = path.join(dir, "app.sqlite");
+        const legacyStateFile = path.join(dir, "providers.json");
+        const botDbFile = path.join(dir, "bot.sqlite");
+        const providerRepository = await RuntimeProviderRepository.create({
+            dbFile,
+            legacyStateFile,
+            baseProviders: [createProvider("provider-a")],
+        });
+        providerRepository.setClientRoute("default", "provider-a");
+        providerRepository.setClientRouteApiKeys("default", ["operator-key"]);
+        const result = resolveCustomerRoutingAccess({
+            routingApiKey: "operator-key",
+            resolvedClientRoute: "default",
+            providerRepository,
+            customerKeyRepository: CustomerKeyRepository.create(botDbFile),
+            workspaceRepository: CustomerWorkspaceRepository.create(botDbFile),
+            billingRepository: BillingRepository.create(botDbFile),
+        });
+        assert.equal("kind" in result && result.kind, "operator");
+        if ("kind" in result && result.kind === "operator") {
+            assert.equal(result.clientRoute, "default");
+            assert.equal(result.providers[0]?.id, "provider-a");
+        }
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+});

package/dist/customer-keys.js

@@ -0,0 +1,209 @@
+import { createHash, randomBytes, randomUUID } from "node:crypto";
+import { mkdirSync } from "node:fs";
+import path from "node:path";
+import BetterSqlite3 from "better-sqlite3";
+export class CustomerKeyRepository {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    static create(dbFile) {
+        mkdirSync(path.dirname(dbFile), { recursive: true });
+        const db = new BetterSqlite3(dbFile);
+        ensureCustomerKeySchema(db);
+        return new CustomerKeyRepository(db);
+    }
+    createKey(input) {
+        const apiKey = input.apiKey?.trim() || generateCustomerApiKey();
+        const now = (input.now ?? new Date()).toISOString();
+        const status = normalizeStatus(input.status ?? "active");
+        const id = randomUUID();
+        this.db
+            .prepare(`INSERT INTO customer_api_keys (
+          id,
+          workspace_id,
+          telegram_user_id,
+          telegram_chat_id,
+          client_route,
+          api_key_hash,
+          api_key_preview,
+          api_key_secret,
+          name,
+          status,
+          expires_at,
+          created_at,
+          updated_at
+        )
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
+            .run(id, input.workspaceId, input.telegramUserId ?? null, input.telegramChatId ?? null, normalizeClientRoute(input.clientRoute), hashApiKey(apiKey), previewApiKey(apiKey), apiKey, input.name ?? null, status, input.expiresAt ?? null, now, now);
+        return {
+            record: this.getById(id),
+            apiKey,
+        };
+    }
+    getById(id) {
+        const row = this.db
+            .prepare(`SELECT *
+         FROM customer_api_keys
+         WHERE id = ?`)
+            .get(id);
+        return row ? mapCustomerApiKeyRow(row) : undefined;
+    }
+    getByApiKey(apiKey) {
+        return this.getByHash(hashApiKey(apiKey));
+    }
+    getByHash(apiKeyHash) {
+        const row = this.db
+            .prepare(`SELECT *
+         FROM customer_api_keys
+         WHERE api_key_hash = ?`)
+            .get(apiKeyHash);
+        return row ? mapCustomerApiKeyRow(row) : undefined;
+    }
+    getApiKeySecret(id) {
+        const row = this.db
+            .prepare(`SELECT api_key_secret
+         FROM customer_api_keys
+         WHERE id = ?`)
+            .get(id);
+        return row?.api_key_secret ?? undefined;
+    }
+    getActiveKeyForUser(telegramUserId) {
+        const row = this.db
+            .prepare(`SELECT *
+         FROM customer_api_keys
+         WHERE telegram_user_id = ?
+           AND status = 'active'
+         ORDER BY created_at DESC
+         LIMIT 1`)
+            .get(telegramUserId);
+        return row ? mapCustomerApiKeyRow(row) : undefined;
+    }
+    getLatestKeyForUser(telegramUserId) {
+        const row = this.db
+            .prepare(`SELECT *
+         FROM customer_api_keys
+         WHERE telegram_user_id = ?
+         ORDER BY created_at DESC
+         LIMIT 1`)
+            .get(telegramUserId);
+        return row ? mapCustomerApiKeyRow(row) : undefined;
+    }
+    listKeysByUser(telegramUserId) {
+        const rows = this.db
+            .prepare(`SELECT *
+         FROM customer_api_keys
+         WHERE telegram_user_id = ?
+         ORDER BY created_at DESC`)
+            .all(telegramUserId);
+        return rows.map(mapCustomerApiKeyRow);
+    }
+    listKeysByWorkspace(workspaceId) {
+        const rows = this.db
+            .prepare(`SELECT *
+         FROM customer_api_keys
+         WHERE workspace_id = ?
+         ORDER BY created_at DESC`)
+            .all(workspaceId);
+        return rows.map(mapCustomerApiKeyRow);
+    }
+    listRecentKeys(limit = 10) {
+        const rows = this.db
+            .prepare(`SELECT *
+         FROM customer_api_keys
+         ORDER BY created_at DESC
+         LIMIT ?`)
+            .all(Math.max(1, Math.min(50, Math.floor(limit))));
+        return rows.map(mapCustomerApiKeyRow);
+    }
+    setStatus(id, status, options = {}) {
+        const now = (options.now ?? new Date()).toISOString();
+        this.db
+            .prepare(`UPDATE customer_api_keys
+         SET status = ?,
+             updated_at = ?,
+             revoked_at = CASE WHEN ? = 'revoked' THEN ? ELSE revoked_at END
+         WHERE id = ?`)
+            .run(status, now, status, now, id);
+        return this.getById(id);
+    }
+    markUsed(id, now = new Date()) {
+        this.db
+            .prepare(`UPDATE customer_api_keys
+         SET last_used_at = ?,
+             updated_at = ?
+         WHERE id = ?`)
+            .run(now.toISOString(), now.toISOString(), id);
+    }
+}
+export function hashApiKey(apiKey) {
+    return createHash("sha256").update(apiKey).digest("hex");
+}
+function generateCustomerApiKey() {
+    return `sk-customer-${randomBytes(24).toString("hex")}`;
+}
+function previewApiKey(apiKey) {
+    return `${apiKey.slice(0, 12)}...${apiKey.slice(-6)}`;
+}
+function normalizeClientRoute(value) {
+    return (value
+        .trim()
+        .toLowerCase()
+        .replace(/[^a-z0-9_-]+/g, "-")
+        .replace(/^-+|-+$/g, "") || "customers");
+}
+function ensureCustomerKeySchema(db) {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS customer_api_keys (
+      id TEXT PRIMARY KEY,
+      workspace_id TEXT NOT NULL,
+      telegram_user_id TEXT,
+      telegram_chat_id TEXT,
+      client_route TEXT NOT NULL,
+      api_key_hash TEXT NOT NULL UNIQUE,
+      api_key_preview TEXT NOT NULL,
+      api_key_secret TEXT,
+      name TEXT,
+      status TEXT NOT NULL DEFAULT 'active',
+      expires_at TEXT,
+      last_used_at TEXT,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      revoked_at TEXT
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_customer_api_keys_user_status
+      ON customer_api_keys(telegram_user_id, status, created_at);
+
+    CREATE INDEX IF NOT EXISTS idx_customer_api_keys_workspace
+      ON customer_api_keys(workspace_id, status);
+  `);
+    const columns = db.prepare("PRAGMA table_info(customer_api_keys)").all();
+    if (!columns.some((column) => column.name === "api_key_secret")) {
+        db.prepare("ALTER TABLE customer_api_keys ADD COLUMN api_key_secret TEXT").run();
+    }
+}
+function mapCustomerApiKeyRow(row) {
+    return {
+        id: row.id,
+        workspaceId: row.workspace_id,
+        telegramUserId: row.telegram_user_id ?? undefined,
+        telegramChatId: row.telegram_chat_id ?? undefined,
+        clientRoute: row.client_route,
+        apiKeyHash: row.api_key_hash,
+        apiKeyPreview: row.api_key_preview,
+        apiKeySecret: row.api_key_secret ?? undefined,
+        name: row.name ?? undefined,
+        status: normalizeStatus(row.status),
+        expiresAt: row.expires_at ?? undefined,
+        lastUsedAt: row.last_used_at ?? undefined,
+        createdAt: row.created_at,
+        updatedAt: row.updated_at,
+        revokedAt: row.revoked_at ?? undefined,
+    };
+}
+function normalizeStatus(value) {
+    return value === "active" || value === "suspended" || value === "revoked" || value === "expired"
+        ? value
+        : "suspended";
+}

package/dist/customer-keys.test.js

@@ -0,0 +1,68 @@
+import { mkdtempSync, rmSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import assert from "node:assert/strict";
+import test from "node:test";
+import BetterSqlite3 from "better-sqlite3";
+import { CustomerKeyRepository, hashApiKey } from "./customer-keys.js";
+function withRepository(fn) {
+    const dir = mkdtempSync(path.join(os.tmpdir(), "customer-keys-"));
+    try {
+        const dbFile = path.join(dir, "keys.sqlite");
+        fn(CustomerKeyRepository.create(dbFile), dbFile);
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+}
+test("CustomerKeyRepository creates keys and stores revealable plaintext secrets", () => {
+    withRepository((repo, dbFile) => {
+        const created = repo.createKey({
+            workspaceId: "workspace-1",
+            telegramUserId: "1283361952",
+            clientRoute: "Paid Customers",
+            now: new Date("2026-04-27T00:00:00.000Z"),
+        });
+        assert.match(created.apiKey, /^sk-customer-/);
+        assert.equal(created.record.clientRoute, "paid-customers");
+        assert.equal(created.record.apiKeyHash, hashApiKey(created.apiKey));
+        assert.equal(created.record.apiKeySecret, created.apiKey);
+        assert.equal(repo.getApiKeySecret(created.record.id), created.apiKey);
+        assert.equal(created.record.status, "active");
+        const db = new BetterSqlite3(dbFile);
+        const raw = JSON.stringify(db.prepare("SELECT * FROM customer_api_keys").all());
+        db.close();
+        assert.equal(raw.includes(created.apiKey), true);
+    });
+});
+test("CustomerKeyRepository looks up keys by raw key and hash", () => {
+    withRepository((repo) => {
+        const created = repo.createKey({
+            workspaceId: "workspace-1",
+            telegramUserId: "42",
+            clientRoute: "customers",
+        });
+        assert.equal(repo.getByApiKey(created.apiKey)?.id, created.record.id);
+        assert.equal(repo.getByHash(hashApiKey(created.apiKey))?.id, created.record.id);
+        assert.equal(repo.getActiveKeyForUser("42")?.id, created.record.id);
+    });
+});
+test("CustomerKeyRepository supports lifecycle status changes", () => {
+    withRepository((repo) => {
+        const created = repo.createKey({
+            workspaceId: "workspace-1",
+            telegramUserId: "42",
+            clientRoute: "customers",
+        });
+        const suspended = repo.setStatus(created.record.id, "suspended");
+        assert.equal(suspended?.status, "suspended");
+        assert.equal(repo.getActiveKeyForUser("42"), undefined);
+        const active = repo.setStatus(created.record.id, "active");
+        assert.equal(active?.status, "active");
+        const revoked = repo.setStatus(created.record.id, "revoked", {
+            now: new Date("2026-04-27T00:00:00.000Z"),
+        });
+        assert.equal(revoked?.status, "revoked");
+        assert.equal(revoked?.revokedAt, "2026-04-27T00:00:00.000Z");
+    });
+});

package/dist/customer-usage.js

@@ -0,0 +1,18 @@
+import { extractUsageTotals } from "./client-token-limits.js";
+export function recordCustomerUsageFromPayload(args) {
+    if (args.access.kind !== "customer") {
+        return undefined;
+    }
+    const usage = extractUsageTotals(args.usagePayload);
+    if (!usage) {
+        return undefined;
+    }
+    const updates = args.billingRepository.consumeWorkspaceUsage({
+        workspaceId: args.access.workspace.id,
+        customerApiKeyId: args.access.customerKey.id,
+        inputTokens: usage.inputTokens ?? 0,
+        outputTokens: usage.outputTokens ?? 0,
+        totalTokens: usage.totalTokens ?? 0,
+    });
+    return updates[0];
+}

package/dist/customer-usage.test.js

@@ -0,0 +1,55 @@
+import assert from "node:assert/strict";
+import { mkdtempSync, rmSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import test from "node:test";
+import { BillingRepository } from "./billing.js";
+import { recordCustomerUsageFromPayload } from "./customer-usage.js";
+function withRepository(fn) {
+    const dir = mkdtempSync(path.join(os.tmpdir(), "customer-usage-"));
+    try {
+        fn(BillingRepository.create(path.join(dir, "billing.sqlite")));
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+}
+test("recordCustomerUsageFromPayload returns zero change for operator access", () => {
+    withRepository((repo) => {
+        const usage = recordCustomerUsageFromPayload({
+            billingRepository: repo,
+            usagePayload: { usage: { input_tokens: 1, output_tokens: 2, total_tokens: 3 } },
+            access: { kind: "operator" },
+        });
+        assert.equal(usage, undefined);
+    });
+});
+test("recordCustomerUsageFromPayload increments customer entitlement usage after a request", () => {
+    withRepository((repo) => {
+        const granted = repo.grantSubscription({
+            workspaceId: "workspace-1",
+            planId: "basic",
+            days: 30,
+            now: new Date(),
+        });
+        const usage = recordCustomerUsageFromPayload({
+            billingRepository: repo,
+            usagePayload: {
+                usage: {
+                    input_tokens: 12,
+                    output_tokens: 8,
+                    total_tokens: 20,
+                },
+            },
+            access: {
+                kind: "customer",
+                workspace: { id: "workspace-1" },
+                entitlement: { id: granted.entitlement.id },
+                customerKey: { id: "key-1" },
+            },
+        });
+        assert.ok(usage);
+        assert.equal(usage.totalTokens, 20);
+        assert.equal(repo.getEntitlementUsage(granted.entitlement.id)?.totalTokens, 20);
+    });
+});