sentinelayer-cli 0.4.5 → 0.8.0

package/src/agents/shared-tools/shell.js

@@ -0,0 +1,383 @@
+import { execSync } from "node:child_process";
+import path from "node:path";
+
+const DEFAULT_TIMEOUT_MS = 120_000;
+const MAX_OUTPUT_CHARS = 30_000;
+const DEFAULT_ALLOWED_FETCH_HOSTS = [
+  "github.com",
+  "api.github.com",
+  "raw.githubusercontent.com",
+  "*.githubusercontent.com",
+  "registry.npmjs.org",
+  "registry.yarnpkg.com",
+  "pypi.org",
+  "files.pythonhosted.org",
+  "rubygems.org",
+  "crates.io",
+  "static.crates.io",
+];
+
+/**
+ * Patterns that are BLOCKED unconditionally.
+ * Sourced from review/local-review.js security rules + src bash security patterns.
+ */
+const BLOCKED_PATTERNS = [
+  { pattern: /rm\s+(-[rR]f?|--recursive)\s+\/($|\s)/, desc: "rm -rf /" },
+  { pattern: /:\(\)\s*\{[^}]*\}\s*;?\s*:/, desc: "fork bomb" },
+  { pattern: /\beval\s*\(/, desc: "eval injection" },
+  { pattern: /curl[^|]*\|\s*(ba)?sh/, desc: "pipe to shell" },
+  { pattern: /wget[^|]*\|\s*(ba)?sh/, desc: "wget pipe to shell" },
+  { pattern: />\s*\/dev\/sd[a-z]/, desc: "write to raw device" },
+  { pattern: /mkfs\./, desc: "filesystem format" },
+  { pattern: /dd\s+.*of=\/dev\//, desc: "dd to device" },
+  { pattern: /chmod\s+777\s+\//, desc: "chmod 777 root" },
+  { pattern: />\s*\/etc\//, desc: "write to /etc" },
+  { pattern: /rm\s+-rf?\s+~/, desc: "rm home directory" },
+  { pattern: /git\s+push\s+.*--force\s+.*main/, desc: "force push to main" },
+  { pattern: /git\s+reset\s+--hard/, desc: "git reset hard" },
+  { pattern: /DROP\s+TABLE|DROP\s+DATABASE/i, desc: "SQL drop" },
+  { pattern: /TRUNCATE\s+TABLE/i, desc: "SQL truncate" },
+];
+
+/**
+ * Patterns that trigger a WARNING but are allowed.
+ */
+const WARN_PATTERNS = [
+  { pattern: /npm\s+install|yarn\s+add|pnpm\s+add/, desc: "package install" },
+  { pattern: /git\s+push/, desc: "git push" },
+  { pattern: /curl\s|wget\s|fetch\(/, desc: "network request" },
+  { pattern: /rm\s+-/, desc: "file deletion" },
+  { pattern: /sudo\s/, desc: "elevated privileges" },
+];
+
+/**
+ * Environment variables to strip from child process env.
+ * Prevents credential leakage to spawned commands.
+ */
+const EXACT_ENV_KEYS_TO_STRIP = new Set([
+  "ANTHROPIC_API_KEY",
+  "OPENAI_API_KEY",
+  "GOOGLE_API_KEY",
+  "GEMINI_API_KEY",
+  "SENTINELAYER_TOKEN",
+  "AIDENID_API_KEY",
+  "AIDENID_TOKEN",
+  "AWS_ACCESS_KEY_ID",
+  "AWS_SECRET_ACCESS_KEY",
+  "AWS_SESSION_TOKEN",
+  "AWS_WEB_IDENTITY_TOKEN_FILE",
+  "AZURE_CLIENT_SECRET",
+  "GOOGLE_APPLICATION_CREDENTIALS",
+  "GITHUB_TOKEN",
+  "GH_TOKEN",
+  "GITLAB_TOKEN",
+  "BITBUCKET_TOKEN",
+  "NPM_TOKEN",
+  "NODE_AUTH_TOKEN",
+  "PYPI_API_TOKEN",
+  "RUBYGEMS_API_KEY",
+  "CARGO_REGISTRY_TOKEN",
+  "ACTIONS_ID_TOKEN_REQUEST_TOKEN",
+  "ACTIONS_RUNTIME_TOKEN",
+  "CI_JOB_TOKEN",
+  "CI_JOB_JWT",
+  "STRIPE_SECRET_KEY",
+  "SLACK_BOT_TOKEN",
+  "TELEGRAM_BOT_TOKEN",
+  "DISCORD_BOT_TOKEN",
+  "TWILIO_AUTH_TOKEN",
+  "SENDGRID_API_KEY",
+  "RESEND_API_KEY",
+  "DATABASE_URL",
+  "REDIS_URL",
+  "MONGODB_URI",
+  "SSH_SIGNING_KEY",
+  "SSH_PRIVATE_KEY",
+  "KUBECONFIG",
+  "KUBE_CONFIG_DATA",
+]);
+
+const ENV_KEY_PREFIX_PATTERNS = [
+  /^AIDENID_/i,
+  /^SENTINELAYER_/i,
+  /^OPENAI_/i,
+  /^ANTHROPIC_/i,
+  /^GOOGLE_/i,
+  /^GITHUB_/i,
+  /^GH_/i,
+  /^AWS_/i,
+  /^AZURE_/i,
+  /^SLACK_/i,
+  /^STRIPE_/i,
+  /^TELEGRAM_/i,
+  /^DISCORD_/i,
+  /^TWILIO_/i,
+  /^SENDGRID_/i,
+  /^RESEND_/i,
+];
+
+const ENV_KEY_SUFFIX_PATTERNS = [
+  /_TOKEN$/i,
+  /_API_KEY$/i,
+  /_SECRET$/i,
+  /_SECRET_KEY$/i,
+  /_PASSWORD$/i,
+  /_PRIVATE_KEY$/i,
+  /_ACCESS_KEY$/i,
+  /_AUTH_TOKEN$/i,
+  /_SESSION_TOKEN$/i,
+];
+
+/**
+ * Execute a shell command with security analysis, timeout, and env scrubbing.
+ *
+ * @param {object} input
+ * @param {string} input.command - The shell command to execute.
+ * @param {string} [input.cwd] - Working directory (default: process.cwd()).
+ * @param {number} [input.timeout] - Timeout in ms (default: 120000).
+ * @returns {{ stdout, stderr, exitCode, durationMs, command, security }}
+ */
+export function shell(input) {
+  if (!input.command || typeof input.command !== "string") {
+    throw new ShellError("command is required and must be a non-empty string.");
+  }
+
+  const command = input.command.trim();
+  const cwd = input.cwd ? path.resolve(input.cwd) : process.cwd();
+  const timeout = input.timeout ?? DEFAULT_TIMEOUT_MS;
+
+  // Security analysis
+  const security = analyzeCommand(command);
+  if (security.risk === "blocked") {
+    throw new ShellBlockedError(
+      `Command blocked: ${security.patterns[0].desc}`,
+      security,
+    );
+  }
+
+  // Build scrubbed environment
+  const env = buildScrubbedEnv();
+
+  const startMs = Date.now();
+  let stdout = "";
+  let stderr = "";
+  let exitCode = 0;
+
+  try {
+    stdout = execSync(command, {
+      cwd,
+      encoding: "utf-8",
+      timeout,
+      env,
+      maxBuffer: 10 * 1024 * 1024,
+      stdio: ["pipe", "pipe", "pipe"],
+    });
+  } catch (err) {
+    exitCode = err.status ?? 1;
+    stdout = err.stdout ?? "";
+    stderr = err.stderr ?? "";
+    if (err.killed) {
+      stderr += `\n[Process killed: timeout after ${timeout}ms]`;
+    }
+  }
+
+  const durationMs = Date.now() - startMs;
+
+  // Truncate large outputs
+  if (stdout.length > MAX_OUTPUT_CHARS) {
+    stdout = stdout.slice(0, MAX_OUTPUT_CHARS) + "\n[... truncated]";
+  }
+  if (stderr.length > MAX_OUTPUT_CHARS) {
+    stderr = stderr.slice(0, MAX_OUTPUT_CHARS) + "\n[... truncated]";
+  }
+
+  return { stdout, stderr, exitCode, durationMs, command, security };
+}
+
+/**
+ * Analyze a command for security risks.
+ * @param {object} [options]
+ * @param {Record<string, string|undefined>} [options.env]
+ * @returns {{ risk: "safe"|"warn"|"blocked", patterns: Array<{desc}>, networkPolicy?: object }}
+ */
+export function analyzeCommand(command, options = {}) {
+  const networkPolicy = evaluateNetworkPolicy(command, options.env);
+  if (networkPolicy.blocking) {
+    return {
+      risk: "blocked",
+      patterns: [{ desc: networkPolicy.reason }],
+      networkPolicy,
+    };
+  }
+
+  for (const rule of BLOCKED_PATTERNS) {
+    if (rule.pattern.test(command)) {
+      return { risk: "blocked", patterns: [rule], networkPolicy };
+    }
+  }
+
+  const warnings = [];
+  for (const rule of WARN_PATTERNS) {
+    if (rule.pattern.test(command)) {
+      warnings.push(rule);
+    }
+  }
+
+  if (warnings.length > 0) {
+    return { risk: "warn", patterns: warnings, networkPolicy };
+  }
+
+  return { risk: "safe", patterns: [], networkPolicy };
+}
+
+export function buildScrubbedEnv(sourceEnv = process.env) {
+  const env = { ...sourceEnv };
+  for (const key of Object.keys(env)) {
+    if (shouldStripEnvKey(key)) {
+      delete env[key];
+    }
+  }
+  return env;
+}
+
+function shouldStripEnvKey(key) {
+  if (!key) {
+    return false;
+  }
+
+  const upperKey = String(key).toUpperCase();
+  if (EXACT_ENV_KEYS_TO_STRIP.has(upperKey)) {
+    return true;
+  }
+
+  if (upperKey.startsWith("INPUT_")) {
+    const baseKey = upperKey.slice("INPUT_".length);
+    if (EXACT_ENV_KEYS_TO_STRIP.has(baseKey)) {
+      return true;
+    }
+    if (ENV_KEY_PREFIX_PATTERNS.some((pattern) => pattern.test(baseKey))) {
+      return true;
+    }
+    if (ENV_KEY_SUFFIX_PATTERNS.some((pattern) => pattern.test(baseKey))) {
+      return true;
+    }
+  }
+
+  if (ENV_KEY_PREFIX_PATTERNS.some((pattern) => pattern.test(upperKey))) {
+    return true;
+  }
+
+  return ENV_KEY_SUFFIX_PATTERNS.some((pattern) => pattern.test(upperKey));
+}
+
+function evaluateNetworkPolicy(command, sourceEnv = process.env) {
+  if (!/\b(curl|wget)\b/i.test(command)) {
+    return {
+      blocking: false,
+      hosts: [],
+      deniedHosts: [],
+    };
+  }
+
+  const hosts = extractNetworkHosts(command);
+  if (hosts.length === 0) {
+    return {
+      blocking: true,
+      hosts: [],
+      deniedHosts: [],
+      reason: "network command requires explicit URL host",
+    };
+  }
+
+  const allowlist = resolveAllowedFetchHosts(sourceEnv);
+  const deniedHosts = hosts.filter((host) => !isAllowedHost(host, allowlist));
+  if (deniedHosts.length > 0) {
+    return {
+      blocking: true,
+      hosts,
+      deniedHosts,
+      reason: `network host not allowlisted: ${deniedHosts.join(", ")}`,
+    };
+  }
+
+  return {
+    blocking: false,
+    hosts,
+    deniedHosts: [],
+  };
+}
+
+function resolveAllowedFetchHosts(sourceEnv = process.env) {
+  const configured = String(sourceEnv.SENTINELAYER_ALLOWED_FETCH_HOSTS || "")
+    .split(",")
+    .map((item) => normalizeHostPattern(item))
+    .filter(Boolean);
+
+  const allPatterns = [...DEFAULT_ALLOWED_FETCH_HOSTS, ...configured]
+    .map((item) => normalizeHostPattern(item))
+    .filter(Boolean);
+  return Array.from(new Set(allPatterns));
+}
+
+function extractNetworkHosts(command) {
+  const matches = command.matchAll(/\bhttps?:\/\/([^\s"'`]+)/gi);
+  const hosts = new Set();
+  for (const match of matches) {
+    const candidate = match?.[0];
+    if (!candidate) {
+      continue;
+    }
+    try {
+      const parsed = new URL(candidate);
+      const host = normalizeHostPattern(parsed.hostname);
+      if (host) {
+        hosts.add(host);
+      }
+    } catch {
+      // Skip malformed URL segments.
+    }
+  }
+  return Array.from(hosts);
+}
+
+function isAllowedHost(host, allowlist) {
+  const normalizedHost = normalizeHostPattern(host);
+  if (!normalizedHost) {
+    return false;
+  }
+
+  return allowlist.some((pattern) => {
+    if (!pattern) {
+      return false;
+    }
+
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(2);
+      return normalizedHost === suffix || normalizedHost.endsWith(`.${suffix}`);
+    }
+
+    return normalizedHost === pattern;
+  });
+}
+
+function normalizeHostPattern(value) {
+  return String(value || "")
+    .trim()
+    .toLowerCase()
+    .replace(/\.$/, "");
+}
+
+export class ShellError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ShellError";
+  }
+}
+
+export class ShellBlockedError extends ShellError {
+  constructor(message, security) {
+    super(message);
+    this.name = "ShellBlockedError";
+    this.security = security;
+  }
+}

package/src/ai/aidenid.js

@@ -1,4 +1,5 @@
 import process from "node:process";
+import { authLoginHint } from "../ui/command-hints.js";
 
 export const DEFAULT_AIDENID_API_URL = "https://api.aidenid.com";
 
@@ -158,16 +159,55 @@ export function buildChildIdentityPayload({
   };
 }
 
+async function resolveSessionCredentialContext({
+  env,
+  session,
+  fetchCredentials,
+  autoResolveSession = true,
+}) {
+  let resolvedSession = session;
+  let resolvedFetcher = typeof fetchCredentials === "function" ? fetchCredentials : null;
+
+  if (!autoResolveSession) {
+    return { session: resolvedSession, fetchCredentials: resolvedFetcher };
+  }
+
+  try {
+    const { resolveActiveAuthSession, fetchAidenIdCredentials } = await import("../auth/service.js");
+    const activeSession = await resolveActiveAuthSession({
+      cwd: process.cwd(),
+      env,
+      autoRotate: false,
+    });
+    if (activeSession && activeSession.token) {
+      resolvedSession = activeSession;
+    }
+    if (resolvedSession && resolvedSession.token && (!resolvedFetcher || activeSession?.token)) {
+      resolvedFetcher = () =>
+        fetchAidenIdCredentials({
+          apiUrl: resolvedSession.apiUrl || "https://api.sentinelayer.com",
+          token: resolvedSession.token,
+        });
+    }
+  } catch {
+    // Auth context resolution is best-effort.
+  }
+
+  return { session: resolvedSession, fetchCredentials: resolvedFetcher };
+}
+
 /**
  * Resolve AIdenID credentials with precedence:
  * 1. Explicit flags (--api-key, --org-id, --project-id)
  * 2. Environment vars (AIDENID_API_KEY, AIDENID_ORG_ID, AIDENID_PROJECT_ID)
- * 3. Session metadata (org_id, project_id from local store) + lazy-fetch secret from SL API
+ * 3. Session metadata (org_id, project_id) + lazy-fetch secret from SL API
+ *    using active auth source resolution (env -> config -> stored session)
  * 4. Error with guidance
  *
  * @param {object} options
  * @param {object} [options.session] - Stored session from readStoredSession(), may contain aidenid metadata
  * @param {Function} [options.fetchCredentials] - Async function to lazy-fetch secret from SL API
+ * @param {boolean} [options.autoResolveSession] - Auto-discover active SL auth session from local context
  */
 export async function resolveAidenIdCredentials(
   {
@@ -178,19 +218,28 @@ export async function resolveAidenIdCredentials(
     requireAll = true,
     session = null,
     fetchCredentials = null,
+    autoResolveSession = true,
   } = {}
 ) {
-  const sessionAidenId = session && session.aidenid ? session.aidenid : null;
-  const hasSessionToken = Boolean(String(session && session.token ? session.token : "").trim());
+  const sessionContext = await resolveSessionCredentialContext({
+    env,
+    session,
+    fetchCredentials,
+    autoResolveSession,
+  });
+  const activeSession = sessionContext.session;
+  const activeFetchCredentials = sessionContext.fetchCredentials;
+  const sessionAidenId = activeSession && activeSession.aidenid ? activeSession.aidenid : null;
+  const hasSessionToken = Boolean(String(activeSession && activeSession.token ? activeSession.token : "").trim());
 
   let resolvedApiKey = String(apiKey || env.AIDENID_API_KEY || "").trim();
   let resolvedOrgId = String(orgId || env.AIDENID_ORG_ID || (sessionAidenId && sessionAidenId.orgId) || "").trim();
   let resolvedProjectId = String(projectId || env.AIDENID_PROJECT_ID || (sessionAidenId && sessionAidenId.projectId) || "").trim();
 
   // Lazy-fetch secret from SentinelLayer API when a CLI session token is available.
-  if (!resolvedApiKey && hasSessionToken && typeof fetchCredentials === "function") {
+  if (!resolvedApiKey && hasSessionToken && typeof activeFetchCredentials === "function") {
     try {
-      const fetched = await fetchCredentials();
+      const fetched = await activeFetchCredentials();
       if (fetched && fetched.apiKey) {
         resolvedApiKey = String(fetched.apiKey).trim();
         if (!resolvedOrgId && fetched.orgId) resolvedOrgId = String(fetched.orgId).trim();
@@ -208,8 +257,8 @@ export async function resolveAidenIdCredentials(
 
   if (requireAll && missing.length > 0) {
     const hint = hasSessionToken
-      ? " (session token exists but AIdenID credential fetch failed — check network or run 'sl auth login' again)"
-      : " (run 'sl auth login' to auto-provision, or set env vars manually)";
+      ? ` (session token exists but AIdenID credential fetch failed — check network or run '${authLoginHint()}' again)`
+      : ` (run '${authLoginHint()}' to auto-provision, or set env vars manually)`;
     throw new Error(`Missing AIdenID credentials: ${missing.join(", ")}.${hint}`);
   }
 

package/src/ai/client.js

@@ -1,13 +1,17 @@
+import { invokeViaProxy, DEFAULT_PROXY_MODEL } from "./proxy.js";
+
 const PROVIDER_ENV_KEYS = Object.freeze({
   openai: "OPENAI_API_KEY",
   anthropic: "ANTHROPIC_API_KEY",
   google: "GOOGLE_API_KEY",
+  sentinelayer: "SENTINELAYER_TOKEN",
 });
 
 const DEFAULT_MODELS = Object.freeze({
   openai: "gpt-4o",
   anthropic: "claude-sonnet-4",
   google: "gemini-2.5-pro",
+  sentinelayer: DEFAULT_PROXY_MODEL,
 });
 
 const SUPPORTED_PROVIDERS = Object.freeze(Object.keys(PROVIDER_ENV_KEYS));
@@ -308,6 +312,30 @@ export function resolveProvider({ provider, configProvider, env = process.env }
   return "openai";
 }
 
+/**
+ * Async version of resolveProvider that also checks for stored sentinelayer session.
+ * Use this when you can await (e.g., in command handlers).
+ */
+export async function resolveProviderAsync({ provider, configProvider, env = process.env } = {}) {
+  const sync = resolveProvider({ provider, configProvider, env });
+  if (sync !== "openai" || provider || configProvider) {
+    return sync; // explicit or env-detected, no need to check session
+  }
+
+  // No explicit provider and no env keys — check for stored session
+  try {
+    const { readStoredSessionMetadata } = await import("../auth/session-store.js");
+    const meta = await readStoredSessionMetadata();
+    if (meta && meta.tokenId) {
+      return "sentinelayer";
+    }
+  } catch {
+    // No session — fall through
+  }
+
+  return sync;
+}
+
 /**
  * Resolve model precedence for a provider: explicit -> config -> provider default.
  *
@@ -401,6 +429,23 @@ export class MultiProviderApiClient {
   } = {}) {
     const resolvedProvider = resolveProvider({ provider, env });
     const resolvedModel = resolveModel({ provider: resolvedProvider, model });
+
+    // SentinelLayer proxy: delegate to proxy.js instead of direct API call
+    if (resolvedProvider === "sentinelayer") {
+      const result = await invokeViaProxy({
+        prompt,
+        systemPrompt: "",
+        model: resolvedModel,
+        maxTokens: 4096,
+      });
+      return {
+        text: result.text,
+        usage: result.usage,
+        provider: "sentinelayer",
+        model: resolvedModel,
+      };
+    }
+
     const resolvedApiKey = resolveApiKey({
       provider: resolvedProvider,
       explicitApiKey: apiKey,

package/src/ai/proxy.js

@@ -0,0 +1,137 @@
+/**
+ * SentinelLayer LLM proxy provider.
+ *
+ * Routes LLM calls through POST /api/v1/proxy/llm using the stored
+ * sentinelayer_token. Users never need their own OpenAI/Anthropic key.
+ *
+ * Request:  { model, system_prompt, user_content, max_tokens, temperature }
+ * Response: { content, usage: { model, provider, tokens_in, tokens_out, cost_usd, latency_ms } }
+ */
+
+import { resolveActiveAuthSession } from "../auth/service.js";
+import { authLoginHint } from "../ui/command-hints.js";
+
+const DEFAULT_PROXY_MODEL = "gpt-5.3-codex";
+const PROXY_TIMEOUT_MS = 120_000;
+const PROXY_MAX_RETRIES = 2;
+const PROXY_RETRY_STATUSES = new Set([429, 502, 503, 504]);
+
+/**
+ * Invoke LLM via SentinelLayer proxy.
+ *
+ * @param {object} options
+ * @param {string} options.prompt - The user content / prompt text
+ * @param {string} [options.systemPrompt] - System prompt
+ * @param {string} [options.model] - Model ID (default: gpt-5.3-codex)
+ * @param {number} [options.maxTokens] - Max output tokens (default: 4096)
+ * @param {number} [options.temperature] - Temperature (default: 0.1)
+ * @param {string} [options.apiUrl] - Override API URL
+ * @param {string} [options.token] - Override Bearer token
+ * @returns {Promise<{ text: string, usage: { inputTokens: number, outputTokens: number, costUsd: number, model: string, provider: string, latencyMs: number } }>}
+ */
+export async function invokeViaProxy({
+  prompt,
+  systemPrompt = "",
+  model = DEFAULT_PROXY_MODEL,
+  maxTokens = 4096,
+  temperature = 0.1,
+  apiUrl = "",
+  token = "",
+} = {}) {
+  // Resolve credentials from session if not provided
+  let resolvedApiUrl = String(apiUrl || "").trim();
+  let resolvedToken = String(token || "").trim();
+
+  if (!resolvedApiUrl || !resolvedToken) {
+    const session = await resolveActiveAuthSession({
+      cwd: process.cwd(),
+      env: process.env,
+      autoRotate: false,
+    });
+    if (!session || !session.token) {
+      throw new Error(
+        `SentinelLayer LLM proxy requires authentication. Run '${authLoginHint()}' first.`
+      );
+    }
+    if (!resolvedApiUrl) resolvedApiUrl = String(session.apiUrl || "https://api.sentinelayer.com").trim();
+    if (!resolvedToken) resolvedToken = String(session.token).trim();
+  }
+
+  const url = `${resolvedApiUrl.replace(/\/+$/, "")}/api/v1/proxy/llm`;
+
+  const body = JSON.stringify({
+    model,
+    system_prompt: systemPrompt || "You are a code reviewer.",
+    user_content: String(prompt || ""),
+    max_tokens: maxTokens,
+    temperature,
+  });
+
+  let response = null;
+  let lastError = null;
+
+  for (let attempt = 0; attempt <= PROXY_MAX_RETRIES; attempt++) {
+    try {
+      const controller = new AbortController();
+      const timeoutHandle = setTimeout(() => controller.abort(), PROXY_TIMEOUT_MS);
+      try {
+        response = await fetch(url, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${resolvedToken}`,
+            Accept: "application/json",
+          },
+          body,
+          signal: controller.signal,
+        });
+      } finally {
+        clearTimeout(timeoutHandle);
+      }
+
+      if (PROXY_RETRY_STATUSES.has(response.status) && attempt < PROXY_MAX_RETRIES) {
+        const retryAfter = response.headers.get("Retry-After");
+        const delay = retryAfter && !isNaN(retryAfter) ? Math.min(Number(retryAfter), 5) * 1000 : 500 * (attempt + 1);
+        await new Promise((r) => setTimeout(r, delay));
+        continue;
+      }
+
+      break;
+    } catch (err) {
+      lastError = err;
+      if (attempt >= PROXY_MAX_RETRIES) break;
+      await new Promise((r) => setTimeout(r, 500 * (attempt + 1)));
+    }
+  }
+
+  if (!response) {
+    throw new Error(`SentinelLayer LLM proxy request failed: ${lastError?.message || "no response"}`);
+  }
+
+  if (!response.ok) {
+    let detail = "";
+    try {
+      const errBody = await response.json();
+      detail = errBody?.error?.message || errBody?.detail || JSON.stringify(errBody).slice(0, 200);
+    } catch {
+      detail = await response.text().catch(() => "");
+    }
+    throw new Error(`SentinelLayer LLM proxy error (${response.status}): ${detail}`);
+  }
+
+  const result = await response.json();
+
+  return {
+    text: String(result.content || ""),
+    usage: {
+      inputTokens: result.usage?.tokens_in || 0,
+      outputTokens: result.usage?.tokens_out || 0,
+      costUsd: result.usage?.cost_usd || 0,
+      model: result.usage?.model || model,
+      provider: result.usage?.provider || "sentinelayer",
+      latencyMs: result.usage?.latency_ms || 0,
+    },
+  };
+}
+
+export { DEFAULT_PROXY_MODEL };