responses-proxy 0.1.0

package/dist/provider-request-parameters.js

@@ -0,0 +1,107 @@
+export function resolveMaxOutputTokensRule(capabilities) {
+    const configured = capabilities?.requestParameterPolicy?.maxOutputTokens;
+    if (configured) {
+        return normalizeRequestParameterRule(configured, "max_output_tokens");
+    }
+    if (capabilities?.stripMaxOutputTokens) {
+        return { mode: "strip" };
+    }
+    return { mode: "forward" };
+}
+export function shouldForwardMaxOutputTokens(capabilities) {
+    return resolveMaxOutputTokensRule(capabilities).mode !== "strip";
+}
+export function applyProviderRequestParameterPolicy(body, capabilities) {
+    const rule = resolveMaxOutputTokensRule(capabilities);
+    if (!Object.prototype.hasOwnProperty.call(body, "max_output_tokens")) {
+        return body;
+    }
+    if (rule.mode === "forward") {
+        return body;
+    }
+    const { max_output_tokens: maxOutputTokens, ...rest } = body;
+    if (rule.mode === "strip") {
+        return rest;
+    }
+    const target = rule.target?.trim();
+    if (!target || target === "max_output_tokens") {
+        return body;
+    }
+    return {
+        ...rest,
+        [target]: maxOutputTokens,
+    };
+}
+export function parseProviderRequestParameterPolicyInput(value) {
+    if (!isRecord(value)) {
+        return {};
+    }
+    const maxOutputTokensValue = value.maxOutputTokens ??
+        value.max_output_tokens ??
+        value.maxOutputTokensRule ??
+        value.max_output_tokens_rule;
+    if (maxOutputTokensValue === undefined) {
+        return {};
+    }
+    return {
+        maxOutputTokens: normalizeRequestParameterRule(maxOutputTokensValue, "max_output_tokens"),
+    };
+}
+export function cloneProviderRequestParameterPolicy(policy) {
+    return policy?.maxOutputTokens
+        ? {
+            maxOutputTokens: {
+                mode: policy.maxOutputTokens.mode,
+                ...(policy.maxOutputTokens.target ? { target: policy.maxOutputTokens.target } : {}),
+            },
+        }
+        : {};
+}
+function normalizeRequestParameterRule(value, fallbackTarget) {
+    if (typeof value === "string") {
+        return {
+            mode: normalizeRequestParameterMode(value),
+        };
+    }
+    if (!isRecord(value)) {
+        return { mode: "forward" };
+    }
+    const rawMode = typeof value.mode === "string"
+        ? value.mode
+        : typeof value.action === "string"
+            ? value.action
+            : "forward";
+    const mode = normalizeRequestParameterMode(rawMode);
+    const rawTarget = typeof value.target === "string"
+        ? value.target
+        : typeof value.renameTo === "string"
+            ? value.renameTo
+            : typeof value.rename_to === "string"
+                ? value.rename_to
+                : undefined;
+    const target = rawTarget?.trim() || undefined;
+    if (mode !== "rename") {
+        return { mode };
+    }
+    return {
+        mode,
+        target: normalizeParameterName(target || fallbackTarget),
+    };
+}
+function normalizeRequestParameterMode(value) {
+    const normalized = value.trim().toLowerCase();
+    if (normalized === "forward" || normalized === "strip" || normalized === "rename") {
+        return normalized;
+    }
+    return "forward";
+}
+function normalizeParameterName(value) {
+    const normalized = value.trim();
+    if (!/^[a-z][a-z0-9_]*$/i.test(normalized)) {
+        return "max_output_tokens";
+    }
+    return normalized;
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}

package/dist/provider-request-parameters.test.js

@@ -0,0 +1,26 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { applyProviderRequestParameterPolicy, resolveMaxOutputTokensRule, } from "./provider-request-parameters.js";
+test("request parameter policy can rename max_output_tokens for provider wire compatibility", () => {
+    const rewritten = applyProviderRequestParameterPolicy({
+        model: "gpt-5.4",
+        max_output_tokens: 512,
+    }, {
+        requestParameterPolicy: {
+            maxOutputTokens: {
+                mode: "rename",
+                target: "max_completion_tokens",
+            },
+        },
+    });
+    assert.equal("max_output_tokens" in rewritten, false);
+    assert.equal(rewritten.max_completion_tokens, 512);
+});
+test("legacy stripMaxOutputTokens flag resolves to strip mode for backward compatibility", () => {
+    const rule = resolveMaxOutputTokensRule({
+        stripMaxOutputTokens: true,
+    });
+    assert.deepEqual(rule, {
+        mode: "strip",
+    });
+});

package/dist/provider-routing.js

@@ -0,0 +1,114 @@
+export function readRequestProviderHint(headers, metadata) {
+    const explicitProviderId = readHeaderString(headers["x-provider-id"]) ?? readMetadataString(metadata, "provider_id");
+    const explicitProviderName = readHeaderString(headers["x-provider-name"]) ??
+        readMetadataString(metadata, "provider_name") ??
+        readMetadataString(metadata, "provider");
+    return {
+        providerId: explicitProviderId,
+        providerName: explicitProviderName,
+    };
+}
+export function resolveProviderForRequest(args) {
+    const { providers } = args;
+    if (!providers.length) {
+        return {
+            error: {
+                statusCode: 401,
+                type: "authentication_error",
+                code: "INVALID_ROUTING_API_KEY",
+                message: "Authorization Bearer token must match one of the configured client or provider API keys",
+            },
+        };
+    }
+    const explicitMatch = resolveExplicitProviderMatch(providers, args.explicitProviderId, args.explicitProviderName);
+    if (explicitMatch && "error" in explicitMatch) {
+        return explicitMatch;
+    }
+    if (explicitMatch?.provider) {
+        return explicitMatch;
+    }
+    if (providers.length === 1) {
+        return {
+            provider: providers[0],
+            matchReason: "single_match",
+        };
+    }
+    return {
+        error: {
+            statusCode: 409,
+            type: "validation_error",
+            code: "AMBIGUOUS_PROVIDER_SELECTION",
+            message: "This API key is assigned to multiple providers. Set metadata.provider_id, metadata.provider, x-provider-id, or x-provider-name.",
+        },
+    };
+}
+function resolveExplicitProviderMatch(providers, explicitProviderId, explicitProviderName) {
+    const normalizedProviderId = explicitProviderId?.trim();
+    if (normalizedProviderId) {
+        const matched = providers.find((provider) => provider.id === normalizedProviderId);
+        if (!matched) {
+            return {
+                error: {
+                    statusCode: 403,
+                    type: "authentication_error",
+                    code: "PROVIDER_NOT_ALLOWED_FOR_API_KEY",
+                    message: "The supplied API key is not allowed to access the requested provider",
+                },
+            };
+        }
+        return {
+            provider: matched,
+            matchReason: "explicit_provider",
+        };
+    }
+    const normalizedProviderName = normalizeProviderName(explicitProviderName);
+    if (!normalizedProviderName) {
+        return null;
+    }
+    const matches = providers.filter((provider) => normalizeProviderName(provider.name) === normalizedProviderName ||
+        normalizeProviderName(provider.id) === normalizedProviderName);
+    if (matches.length === 1) {
+        return {
+            provider: matches[0],
+            matchReason: "explicit_provider",
+        };
+    }
+    if (matches.length > 1) {
+        return {
+            error: {
+                statusCode: 409,
+                type: "validation_error",
+                code: "AMBIGUOUS_PROVIDER_NAME",
+                message: "The supplied provider name matches multiple configured providers",
+            },
+        };
+    }
+    return {
+        error: {
+            statusCode: 403,
+            type: "authentication_error",
+            code: "PROVIDER_NOT_ALLOWED_FOR_API_KEY",
+            message: "The supplied API key is not allowed to access the requested provider",
+        },
+    };
+}
+function readHeaderString(value) {
+    if (typeof value === "string" && value.trim()) {
+        return value.trim();
+    }
+    if (Array.isArray(value)) {
+        const first = value.find((entry) => typeof entry === "string" && entry.trim());
+        return typeof first === "string" ? first.trim() : undefined;
+    }
+    return undefined;
+}
+function readMetadataString(value, key) {
+    if (typeof value !== "object" || value === null || Array.isArray(value)) {
+        return undefined;
+    }
+    const result = value[key];
+    return typeof result === "string" && result.trim() ? result.trim() : undefined;
+}
+function normalizeProviderName(value) {
+    return typeof value === "string" && value.trim() ? value.trim().toLowerCase() : undefined;
+}

package/dist/provider-routing.test.js

@@ -0,0 +1,64 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { readRequestProviderHint, resolveProviderForRequest, } from "./provider-routing.js";
+function createProvider(id, name, clientApiKeys) {
+    return {
+        id,
+        name,
+        baseUrl: `https://${id}.example/v1`,
+        responsesUrl: `https://${id}.example/v1/responses`,
+        providerApiKeys: [],
+        clientApiKeys,
+        capabilities: {
+            usageCheckEnabled: false,
+            stripMaxOutputTokens: false,
+            requestParameterPolicy: {},
+            sanitizeReasoningSummary: false,
+            stripModelPrefixes: [],
+        },
+    };
+}
+test("reads explicit provider hint from headers and metadata", () => {
+    assert.deepEqual(readRequestProviderHint({
+        "x-provider-id": "cliproxy",
+        "x-provider-name": "ClipProxy",
+    }, {
+        provider_id: "ignored",
+        provider: "ignored",
+    }), {
+        providerId: "cliproxy",
+        providerName: "ClipProxy",
+    });
+});
+test("resolves a shared API key by explicit provider name", () => {
+    const providers = [
+        createProvider("cliproxy", "cliproxy", ["shared-key"]),
+        createProvider("krouter", "krouter", ["shared-key"]),
+    ];
+    const result = resolveProviderForRequest({
+        providers,
+        explicitProviderName: "krouter",
+    });
+    assert.equal("provider" in result, true);
+    if ("provider" in result) {
+        assert.equal(result.provider.id, "krouter");
+        assert.equal(result.matchReason, "explicit_provider");
+    }
+});
+test("returns a clear error when a shared API key is ambiguous", () => {
+    const providers = [
+        createProvider("cliproxy", "cliproxy", ["shared-key"]),
+        createProvider("krouter", "krouter", ["shared-key"]),
+    ];
+    const result = resolveProviderForRequest({
+        providers,
+    });
+    assert.deepEqual(result, {
+        error: {
+            statusCode: 409,
+            type: "validation_error",
+            code: "AMBIGUOUS_PROVIDER_SELECTION",
+            message: "This API key is assigned to multiple providers. Set metadata.provider_id, metadata.provider, x-provider-id, or x-provider-name.",
+        },
+    });
+});

package/dist/provider-usage.js

@@ -0,0 +1,314 @@
+export class ProviderUsageLimitError extends Error {
+    statusCode = 429;
+    code = "PROVIDER_TOKEN_LIMIT_REACHED";
+    usage;
+    constructor(message, usage) {
+        super(message);
+        this.name = "ProviderUsageLimitError";
+        this.usage = usage;
+    }
+}
+export const OPENAI_ORGANIZATION_USAGE_COMPLETIONS_URL = "https://api.openai.com/v1/organization/usage/completions";
+export async function fetchProviderUsage({ apiKey, requestId, logger, timeoutMs, url, onEvent, }) {
+    if (!apiKey) {
+        return undefined;
+    }
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+    const startedAt = Date.now();
+    try {
+        const response = await fetch(url, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({ apiKey }),
+            signal: controller.signal,
+        });
+        const rawText = await response.text();
+        const rawPayload = parseJsonSafely(rawText);
+        if (!response.ok) {
+            logger.warn({
+                requestId,
+                usageCheckStatus: response.status,
+                usageCheckBody: rawText,
+            }, "provider usage check request failed");
+            await onEvent?.({
+                event: "provider_usage_check_failed",
+                requestId,
+                usageCheckStatus: response.status,
+                usageCheckBody: rawText,
+            });
+            return undefined;
+        }
+        const usage = extractUsageSnapshot(rawPayload);
+        logger.info({
+            requestId,
+            usageCheckStatus: response.status,
+            usageCheckMs: Date.now() - startedAt,
+            usageAllowed: usage.allowed,
+            usageRemaining: usage.remaining,
+            usageLimit: usage.limit,
+            usageUsed: usage.used,
+        }, "provider usage check completed");
+        await onEvent?.({
+            event: "provider_usage_checked",
+            requestId,
+            usageCheckStatus: response.status,
+            usageCheckMs: Date.now() - startedAt,
+            usageAllowed: usage.allowed,
+            usageRemaining: usage.remaining,
+            usageLimit: usage.limit,
+            usageUsed: usage.used,
+        });
+        return usage;
+    }
+    catch (error) {
+        logger.warn({
+            err: error,
+            requestId,
+        }, "provider usage check skipped after request error");
+        await onEvent?.({
+            event: "provider_usage_check_error",
+            requestId,
+            errorMessage: error instanceof Error ? error.message : "Unknown usage check error",
+        });
+        return undefined;
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+export async function fetchOpenAiCompletionsUsage({ accessToken, requestId, logger, timeoutMs, url = OPENAI_ORGANIZATION_USAGE_COMPLETIONS_URL, now = new Date(), }) {
+    if (!accessToken) {
+        return undefined;
+    }
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+    const startedAt = Date.now();
+    const endTime = Math.floor(now.getTime() / 1000);
+    const startTime = endTime - 24 * 60 * 60;
+    const usageUrl = new URL(url);
+    usageUrl.searchParams.set("start_time", String(startTime));
+    usageUrl.searchParams.set("end_time", String(endTime));
+    usageUrl.searchParams.set("bucket_width", "1d");
+    usageUrl.searchParams.set("group_by", "model");
+    try {
+        const response = await fetch(usageUrl, {
+            method: "GET",
+            headers: {
+                Authorization: `Bearer ${accessToken}`,
+            },
+            signal: controller.signal,
+        });
+        const rawText = await response.text();
+        const rawPayload = parseJsonSafely(rawText);
+        if (!response.ok) {
+            logger.warn({
+                requestId,
+                usageCheckStatus: response.status,
+                usageCheckBody: rawText,
+            }, "openai usage request failed");
+            return {
+                allowed: false,
+                raw: rawPayload,
+            };
+        }
+        const usage = extractOpenAiUsageSnapshot(rawPayload);
+        logger.info({
+            requestId,
+            usageCheckStatus: response.status,
+            usageCheckMs: Date.now() - startedAt,
+            usageUsed: usage.used,
+        }, "openai usage request completed");
+        return usage;
+    }
+    catch (error) {
+        logger.warn({
+            err: error,
+            requestId,
+        }, "openai usage request skipped after request error");
+        return undefined;
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+export async function ensureProviderUsageAvailable(args) {
+    const usage = await fetchProviderUsage(args);
+    if (!usage) {
+        return undefined;
+    }
+    if (usage.allowed === false) {
+        throw new ProviderUsageLimitError("Provider API key is not allowed to make more requests", usage);
+    }
+    if (usage.remaining !== undefined && usage.remaining <= 0) {
+        throw new ProviderUsageLimitError("Provider token limit has been reached", usage);
+    }
+    return usage;
+}
+function extractUsageSnapshot(raw) {
+    const limit = firstFiniteNumber(raw, [
+        ["dailyTokenLimit"],
+        ["limit"],
+        ["token_limit"],
+        ["tokens_limit"],
+        ["quota"],
+        ["quota_limit"],
+        ["data", "dailyTokenLimit"],
+        ["data", "limit"],
+        ["data", "token_limit"],
+        ["data", "tokens_limit"],
+        ["data", "quota"],
+        ["result", "dailyTokenLimit"],
+        ["result", "limit"],
+        ["result", "token_limit"],
+    ]);
+    const used = firstFiniteNumber(raw, [
+        ["dailyTokensUsed"],
+        ["used"],
+        ["used_tokens"],
+        ["tokens_used"],
+        ["consumed_tokens"],
+        ["data", "dailyTokensUsed"],
+        ["data", "used"],
+        ["data", "used_tokens"],
+        ["data", "tokens_used"],
+        ["result", "dailyTokensUsed"],
+        ["result", "used"],
+        ["result", "used_tokens"],
+    ]);
+    const remaining = firstFiniteNumber(raw, [
+        ["remaining_tokens"],
+        ["remaining_token"],
+        ["tokens_remaining"],
+        ["token_remaining"],
+        ["remaining"],
+        ["quota_remaining"],
+        ["remaining_quota"],
+        ["dailyTokensRemaining"],
+        ["data", "remaining_tokens"],
+        ["data", "tokens_remaining"],
+        ["data", "remaining"],
+        ["data", "quota_remaining"],
+        ["data", "dailyTokensRemaining"],
+        ["result", "remaining_tokens"],
+        ["result", "tokens_remaining"],
+        ["result", "remaining"],
+        ["result", "dailyTokensRemaining"],
+    ]);
+    const allowed = firstBoolean(raw, [
+        ["allowed"],
+        ["isActive"],
+        ["isExpired"],
+        ["active"],
+        ["valid"],
+        ["enabled"],
+        ["can_use"],
+        ["data", "allowed"],
+        ["data", "isActive"],
+        ["data", "isExpired"],
+        ["data", "active"],
+        ["data", "valid"],
+        ["result", "allowed"],
+        ["result", "isActive"],
+        ["result", "isExpired"],
+        ["result", "active"],
+    ]);
+    const normalizedAllowed = deriveAllowed(raw, allowed);
+    const normalizedRemaining = remaining ?? (limit !== undefined && used !== undefined ? Math.max(limit - used, 0) : undefined);
+    return {
+        allowed: normalizedAllowed,
+        remaining: normalizedRemaining,
+        limit,
+        used,
+        raw,
+    };
+}
+function extractOpenAiUsageSnapshot(raw) {
+    const buckets = isRecord(raw) && Array.isArray(raw.data) ? raw.data : [];
+    let used = 0;
+    for (const bucket of buckets) {
+        if (!isRecord(bucket) || !Array.isArray(bucket.results)) {
+            continue;
+        }
+        for (const result of bucket.results) {
+            if (!isRecord(result)) {
+                continue;
+            }
+            used += toFiniteNumber(result.input_tokens) ?? 0;
+            used += toFiniteNumber(result.output_tokens) ?? 0;
+            used += toFiniteNumber(result.input_audio_tokens) ?? 0;
+            used += toFiniteNumber(result.output_audio_tokens) ?? 0;
+        }
+    }
+    return {
+        allowed: true,
+        used,
+        raw,
+    };
+}
+function deriveAllowed(raw, allowed) {
+    const isExpired = firstBoolean(raw, [["isExpired"], ["data", "isExpired"], ["result", "isExpired"]]);
+    const isActive = firstBoolean(raw, [["isActive"], ["data", "isActive"], ["result", "isActive"]]);
+    if (isExpired === true) {
+        return false;
+    }
+    if (isActive !== undefined) {
+        return isActive;
+    }
+    return allowed;
+}
+function parseJsonSafely(value) {
+    if (!value.trim()) {
+        return undefined;
+    }
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        return value;
+    }
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function firstFiniteNumber(payload, paths) {
+    for (const path of paths) {
+        const value = readPath(payload, path);
+        const parsed = toFiniteNumber(value);
+        if (parsed !== undefined) {
+            return parsed;
+        }
+    }
+    return undefined;
+}
+function firstBoolean(payload, paths) {
+    for (const path of paths) {
+        const value = readPath(payload, path);
+        if (typeof value === "boolean") {
+            return value;
+        }
+    }
+    return undefined;
+}
+function readPath(payload, path) {
+    let current = payload;
+    for (const key of path) {
+        if (typeof current !== "object" || current === null || Array.isArray(current)) {
+            return undefined;
+        }
+        current = current[key];
+    }
+    return current;
+}
+function toFiniteNumber(value) {
+    if (typeof value === "number" && Number.isFinite(value)) {
+        return value;
+    }
+    if (typeof value === "string" && value.trim()) {
+        const parsed = Number(value);
+        return Number.isFinite(parsed) ? parsed : undefined;
+    }
+    return undefined;
+}

package/dist/request-timeout-policy.js

@@ -0,0 +1,61 @@
+const HERMES_SUMMARY_MARKERS = [
+    "you are a summarization agent creating a context checkpoint",
+    "context checkpoint",
+    "generate context summary",
+];
+export function resolveRequestTimeoutMs(body, options) {
+    if (!options.extendHermesSummaryTimeout) {
+        return options.defaultTimeoutMs;
+    }
+    if (!isHermesSummaryRequest(body)) {
+        return options.defaultTimeoutMs;
+    }
+    return Math.max(options.defaultTimeoutMs, options.summaryTimeoutMs);
+}
+export function isHermesSummaryRequest(body) {
+    const input = body.input;
+    if (!Array.isArray(input) || input.length === 0) {
+        return false;
+    }
+    const preview = input
+        .slice(0, 2)
+        .map(extractInputText)
+        .filter((value) => Boolean(value))
+        .join("\n")
+        .toLowerCase();
+    return HERMES_SUMMARY_MARKERS.some((marker) => preview.includes(marker));
+}
+function extractInputText(value) {
+    if (typeof value === "string") {
+        return value;
+    }
+    if (typeof value !== "object" || value === null) {
+        return undefined;
+    }
+    if ("text" in value && typeof value.text === "string") {
+        return value.text;
+    }
+    if ("content" in value) {
+        const content = value.content;
+        if (typeof content === "string") {
+            return content;
+        }
+        if (Array.isArray(content)) {
+            return content
+                .map((entry) => {
+                if (typeof entry === "string") {
+                    return entry;
+                }
+                if (typeof entry === "object" &&
+                    entry !== null &&
+                    "text" in entry &&
+                    typeof entry.text === "string") {
+                    return entry.text;
+                }
+                return "";
+            })
+                .join("\n");
+        }
+    }
+    return undefined;
+}