sentinelayer-cli 0.6.2 → 0.8.0

package/src/ai/proxy.js

@@ -1,137 +1,137 @@
-/**
- * SentinelLayer LLM proxy provider.
- *
- * Routes LLM calls through POST /api/v1/proxy/llm using the stored
- * sentinelayer_token. Users never need their own OpenAI/Anthropic key.
- *
- * Request:  { model, system_prompt, user_content, max_tokens, temperature }
- * Response: { content, usage: { model, provider, tokens_in, tokens_out, cost_usd, latency_ms } }
- */
-
-import { resolveActiveAuthSession } from "../auth/service.js";
-import { authLoginHint } from "../ui/command-hints.js";
-
-const DEFAULT_PROXY_MODEL = "gpt-5.3-codex";
-const PROXY_TIMEOUT_MS = 120_000;
-const PROXY_MAX_RETRIES = 2;
-const PROXY_RETRY_STATUSES = new Set([429, 502, 503, 504]);
-
-/**
- * Invoke LLM via SentinelLayer proxy.
- *
- * @param {object} options
- * @param {string} options.prompt - The user content / prompt text
- * @param {string} [options.systemPrompt] - System prompt
- * @param {string} [options.model] - Model ID (default: gpt-5.3-codex)
- * @param {number} [options.maxTokens] - Max output tokens (default: 4096)
- * @param {number} [options.temperature] - Temperature (default: 0.1)
- * @param {string} [options.apiUrl] - Override API URL
- * @param {string} [options.token] - Override Bearer token
- * @returns {Promise<{ text: string, usage: { inputTokens: number, outputTokens: number, costUsd: number, model: string, provider: string, latencyMs: number } }>}
- */
-export async function invokeViaProxy({
-  prompt,
-  systemPrompt = "",
-  model = DEFAULT_PROXY_MODEL,
-  maxTokens = 4096,
-  temperature = 0.1,
-  apiUrl = "",
-  token = "",
-} = {}) {
-  // Resolve credentials from session if not provided
-  let resolvedApiUrl = String(apiUrl || "").trim();
-  let resolvedToken = String(token || "").trim();
-
-  if (!resolvedApiUrl || !resolvedToken) {
-    const session = await resolveActiveAuthSession({
-      cwd: process.cwd(),
-      env: process.env,
-      autoRotate: false,
-    });
-    if (!session || !session.token) {
-      throw new Error(
-        `SentinelLayer LLM proxy requires authentication. Run '${authLoginHint()}' first.`
-      );
-    }
-    if (!resolvedApiUrl) resolvedApiUrl = String(session.apiUrl || "https://api.sentinelayer.com").trim();
-    if (!resolvedToken) resolvedToken = String(session.token).trim();
-  }
-
-  const url = `${resolvedApiUrl.replace(/\/+$/, "")}/api/v1/proxy/llm`;
-
-  const body = JSON.stringify({
-    model,
-    system_prompt: systemPrompt || "You are a code reviewer.",
-    user_content: String(prompt || ""),
-    max_tokens: maxTokens,
-    temperature,
-  });
-
-  let response = null;
-  let lastError = null;
-
-  for (let attempt = 0; attempt <= PROXY_MAX_RETRIES; attempt++) {
-    try {
-      const controller = new AbortController();
-      const timeoutHandle = setTimeout(() => controller.abort(), PROXY_TIMEOUT_MS);
-      try {
-        response = await fetch(url, {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json",
-            Authorization: `Bearer ${resolvedToken}`,
-            Accept: "application/json",
-          },
-          body,
-          signal: controller.signal,
-        });
-      } finally {
-        clearTimeout(timeoutHandle);
-      }
-
-      if (PROXY_RETRY_STATUSES.has(response.status) && attempt < PROXY_MAX_RETRIES) {
-        const retryAfter = response.headers.get("Retry-After");
-        const delay = retryAfter && !isNaN(retryAfter) ? Math.min(Number(retryAfter), 5) * 1000 : 500 * (attempt + 1);
-        await new Promise((r) => setTimeout(r, delay));
-        continue;
-      }
-
-      break;
-    } catch (err) {
-      lastError = err;
-      if (attempt >= PROXY_MAX_RETRIES) break;
-      await new Promise((r) => setTimeout(r, 500 * (attempt + 1)));
-    }
-  }
-
-  if (!response) {
-    throw new Error(`SentinelLayer LLM proxy request failed: ${lastError?.message || "no response"}`);
-  }
-
-  if (!response.ok) {
-    let detail = "";
-    try {
-      const errBody = await response.json();
-      detail = errBody?.error?.message || errBody?.detail || JSON.stringify(errBody).slice(0, 200);
-    } catch {
-      detail = await response.text().catch(() => "");
-    }
-    throw new Error(`SentinelLayer LLM proxy error (${response.status}): ${detail}`);
-  }
-
-  const result = await response.json();
-
-  return {
-    text: String(result.content || ""),
-    usage: {
-      inputTokens: result.usage?.tokens_in || 0,
-      outputTokens: result.usage?.tokens_out || 0,
-      costUsd: result.usage?.cost_usd || 0,
-      model: result.usage?.model || model,
-      provider: result.usage?.provider || "sentinelayer",
-      latencyMs: result.usage?.latency_ms || 0,
-    },
-  };
-}
-
-export { DEFAULT_PROXY_MODEL };
+/**
+ * SentinelLayer LLM proxy provider.
+ *
+ * Routes LLM calls through POST /api/v1/proxy/llm using the stored
+ * sentinelayer_token. Users never need their own OpenAI/Anthropic key.
+ *
+ * Request:  { model, system_prompt, user_content, max_tokens, temperature }
+ * Response: { content, usage: { model, provider, tokens_in, tokens_out, cost_usd, latency_ms } }
+ */
+
+import { resolveActiveAuthSession } from "../auth/service.js";
+import { authLoginHint } from "../ui/command-hints.js";
+
+const DEFAULT_PROXY_MODEL = "gpt-5.3-codex";
+const PROXY_TIMEOUT_MS = 120_000;
+const PROXY_MAX_RETRIES = 2;
+const PROXY_RETRY_STATUSES = new Set([429, 502, 503, 504]);
+
+/**
+ * Invoke LLM via SentinelLayer proxy.
+ *
+ * @param {object} options
+ * @param {string} options.prompt - The user content / prompt text
+ * @param {string} [options.systemPrompt] - System prompt
+ * @param {string} [options.model] - Model ID (default: gpt-5.3-codex)
+ * @param {number} [options.maxTokens] - Max output tokens (default: 4096)
+ * @param {number} [options.temperature] - Temperature (default: 0.1)
+ * @param {string} [options.apiUrl] - Override API URL
+ * @param {string} [options.token] - Override Bearer token
+ * @returns {Promise<{ text: string, usage: { inputTokens: number, outputTokens: number, costUsd: number, model: string, provider: string, latencyMs: number } }>}
+ */
+export async function invokeViaProxy({
+  prompt,
+  systemPrompt = "",
+  model = DEFAULT_PROXY_MODEL,
+  maxTokens = 4096,
+  temperature = 0.1,
+  apiUrl = "",
+  token = "",
+} = {}) {
+  // Resolve credentials from session if not provided
+  let resolvedApiUrl = String(apiUrl || "").trim();
+  let resolvedToken = String(token || "").trim();
+
+  if (!resolvedApiUrl || !resolvedToken) {
+    const session = await resolveActiveAuthSession({
+      cwd: process.cwd(),
+      env: process.env,
+      autoRotate: false,
+    });
+    if (!session || !session.token) {
+      throw new Error(
+        `SentinelLayer LLM proxy requires authentication. Run '${authLoginHint()}' first.`
+      );
+    }
+    if (!resolvedApiUrl) resolvedApiUrl = String(session.apiUrl || "https://api.sentinelayer.com").trim();
+    if (!resolvedToken) resolvedToken = String(session.token).trim();
+  }
+
+  const url = `${resolvedApiUrl.replace(/\/+$/, "")}/api/v1/proxy/llm`;
+
+  const body = JSON.stringify({
+    model,
+    system_prompt: systemPrompt || "You are a code reviewer.",
+    user_content: String(prompt || ""),
+    max_tokens: maxTokens,
+    temperature,
+  });
+
+  let response = null;
+  let lastError = null;
+
+  for (let attempt = 0; attempt <= PROXY_MAX_RETRIES; attempt++) {
+    try {
+      const controller = new AbortController();
+      const timeoutHandle = setTimeout(() => controller.abort(), PROXY_TIMEOUT_MS);
+      try {
+        response = await fetch(url, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${resolvedToken}`,
+            Accept: "application/json",
+          },
+          body,
+          signal: controller.signal,
+        });
+      } finally {
+        clearTimeout(timeoutHandle);
+      }
+
+      if (PROXY_RETRY_STATUSES.has(response.status) && attempt < PROXY_MAX_RETRIES) {
+        const retryAfter = response.headers.get("Retry-After");
+        const delay = retryAfter && !isNaN(retryAfter) ? Math.min(Number(retryAfter), 5) * 1000 : 500 * (attempt + 1);
+        await new Promise((r) => setTimeout(r, delay));
+        continue;
+      }
+
+      break;
+    } catch (err) {
+      lastError = err;
+      if (attempt >= PROXY_MAX_RETRIES) break;
+      await new Promise((r) => setTimeout(r, 500 * (attempt + 1)));
+    }
+  }
+
+  if (!response) {
+    throw new Error(`SentinelLayer LLM proxy request failed: ${lastError?.message || "no response"}`);
+  }
+
+  if (!response.ok) {
+    let detail = "";
+    try {
+      const errBody = await response.json();
+      detail = errBody?.error?.message || errBody?.detail || JSON.stringify(errBody).slice(0, 200);
+    } catch {
+      detail = await response.text().catch(() => "");
+    }
+    throw new Error(`SentinelLayer LLM proxy error (${response.status}): ${detail}`);
+  }
+
+  const result = await response.json();
+
+  return {
+    text: String(result.content || ""),
+    usage: {
+      inputTokens: result.usage?.tokens_in || 0,
+      outputTokens: result.usage?.tokens_out || 0,
+      costUsd: result.usage?.cost_usd || 0,
+      model: result.usage?.model || model,
+      provider: result.usage?.provider || "sentinelayer",
+      latencyMs: result.usage?.latency_ms || 0,
+    },
+  };
+}
+
+export { DEFAULT_PROXY_MODEL };

package/src/ai/site-store.js

@@ -1,145 +1,145 @@
-import fsp from "node:fs/promises";
-import path from "node:path";
-
-const REGISTRY_SCHEMA_VERSION = "1.0.0";
-
-function normalizeString(value) {
-  return String(value || "").trim();
-}
-
-function normalizeSiteRecord(record = {}) {
-  return {
-    siteId: normalizeString(record.siteId),
-    projectId: normalizeString(record.projectId) || null,
-    identityId: normalizeString(record.identityId) || null,
-    domainId: normalizeString(record.domainId) || null,
-    host: normalizeString(record.host) || null,
-    callbackPath: normalizeString(record.callbackPath) || null,
-    callbackUrl: normalizeString(record.callbackUrl) || null,
-    status: normalizeString(record.status) || "UNKNOWN",
-    dnsCleanupStatus: normalizeString(record.dnsCleanupStatus) || "UNKNOWN",
-    expiresAt: normalizeString(record.expiresAt) || null,
-    teardownReason: normalizeString(record.teardownReason) || null,
-    teardownAt: normalizeString(record.teardownAt) || null,
-    createdAt: normalizeString(record.createdAt) || new Date().toISOString(),
-    lastUpdatedAt: normalizeString(record.lastUpdatedAt) || new Date().toISOString(),
-    dnsCleanupContract:
-      record.dnsCleanupContract && typeof record.dnsCleanupContract === "object"
-        ? record.dnsCleanupContract
-        : {},
-    metadata: record.metadata && typeof record.metadata === "object" ? record.metadata : {},
-  };
-}
-
-export function resolveSiteRegistryPath({ outputRoot } = {}) {
-  const resolvedOutputRoot = path.resolve(String(outputRoot || "."));
-  return path.join(resolvedOutputRoot, "aidenid", "site-registry.json");
-}
-
-async function loadRegistryInternal(filePath) {
-  try {
-    const raw = await fsp.readFile(filePath, "utf-8");
-    const parsed = JSON.parse(raw);
-    const sites = Array.isArray(parsed.sites)
-      ? parsed.sites.map((item) => normalizeSiteRecord(item)).filter((item) => item.siteId)
-      : [];
-    return {
-      schemaVersion: normalizeString(parsed.schemaVersion) || REGISTRY_SCHEMA_VERSION,
-      generatedAt: normalizeString(parsed.generatedAt) || new Date().toISOString(),
-      sites,
-    };
-  } catch (error) {
-    if (error && typeof error === "object" && error.code === "ENOENT") {
-      return {
-        schemaVersion: REGISTRY_SCHEMA_VERSION,
-        generatedAt: new Date().toISOString(),
-        sites: [],
-      };
-    }
-    throw error;
-  }
-}
-
-async function writeRegistryInternal(filePath, registry = {}) {
-  const normalized = {
-    schemaVersion: REGISTRY_SCHEMA_VERSION,
-    generatedAt: new Date().toISOString(),
-    sites: Array.isArray(registry.sites) ? registry.sites.map(normalizeSiteRecord) : [],
-  };
-  await fsp.mkdir(path.dirname(filePath), { recursive: true });
-  await fsp.writeFile(filePath, `${JSON.stringify(normalized, null, 2)}\n`, "utf-8");
-  return normalized;
-}
-
-export async function listSites({ outputRoot, identityId = "" } = {}) {
-  const registryPath = resolveSiteRegistryPath({ outputRoot });
-  const registry = await loadRegistryInternal(registryPath);
-  const normalizedIdentityId = normalizeString(identityId);
-  const filteredSites = normalizedIdentityId
-    ? registry.sites.filter((item) => item.identityId === normalizedIdentityId)
-    : registry.sites;
-  return {
-    registryPath,
-    sites: filteredSites,
-  };
-}
-
-export async function recordTemporarySite({
-  outputRoot,
-  site = {},
-  context = {},
-} = {}) {
-  const siteId = normalizeString(site.id || context.siteId);
-  if (!siteId) {
-    throw new Error("Cannot record temporary site without site.id.");
-  }
-
-  const registryPath = resolveSiteRegistryPath({ outputRoot });
-  const registry = await loadRegistryInternal(registryPath);
-  const nowIso = new Date().toISOString();
-  const nextRecord = normalizeSiteRecord({
-    siteId,
-    projectId: site.projectId || context.projectId,
-    identityId: site.identityId || context.identityId,
-    domainId: site.domainId || context.domainId,
-    host: site.host,
-    callbackPath: site.callbackPath,
-    callbackUrl: site.callbackUrl,
-    status: site.status,
-    dnsCleanupStatus: site.dnsCleanupStatus,
-    expiresAt: site.expiresAt,
-    teardownReason: site.teardownReason,
-    teardownAt: site.teardownAt,
-    createdAt: nowIso,
-    lastUpdatedAt: nowIso,
-    dnsCleanupContract: site.dnsCleanupContract,
-    metadata: {
-      ...(site.metadata && typeof site.metadata === "object" ? site.metadata : {}),
-      source: normalizeString(context.source) || "site-create",
-      idempotencyKey: context.idempotencyKey || null,
-    },
-  });
-
-  const index = registry.sites.findIndex((item) => item.siteId === siteId);
-  if (index >= 0) {
-    const existing = registry.sites[index];
-    registry.sites[index] = normalizeSiteRecord({
-      ...existing,
-      ...nextRecord,
-      createdAt: existing.createdAt || nextRecord.createdAt,
-      metadata: {
-        ...existing.metadata,
-        ...nextRecord.metadata,
-      },
-    });
-  } else {
-    registry.sites.push(nextRecord);
-  }
-
-  const saved = await writeRegistryInternal(registryPath, registry);
-  const savedSite = saved.sites.find((item) => item.siteId === siteId) || null;
-  return {
-    registryPath,
-    site: savedSite,
-  };
-}
+import fsp from "node:fs/promises";
+import path from "node:path";
+
+const REGISTRY_SCHEMA_VERSION = "1.0.0";
+
+function normalizeString(value) {
+  return String(value || "").trim();
+}
+
+function normalizeSiteRecord(record = {}) {
+  return {
+    siteId: normalizeString(record.siteId),
+    projectId: normalizeString(record.projectId) || null,
+    identityId: normalizeString(record.identityId) || null,
+    domainId: normalizeString(record.domainId) || null,
+    host: normalizeString(record.host) || null,
+    callbackPath: normalizeString(record.callbackPath) || null,
+    callbackUrl: normalizeString(record.callbackUrl) || null,
+    status: normalizeString(record.status) || "UNKNOWN",
+    dnsCleanupStatus: normalizeString(record.dnsCleanupStatus) || "UNKNOWN",
+    expiresAt: normalizeString(record.expiresAt) || null,
+    teardownReason: normalizeString(record.teardownReason) || null,
+    teardownAt: normalizeString(record.teardownAt) || null,
+    createdAt: normalizeString(record.createdAt) || new Date().toISOString(),
+    lastUpdatedAt: normalizeString(record.lastUpdatedAt) || new Date().toISOString(),
+    dnsCleanupContract:
+      record.dnsCleanupContract && typeof record.dnsCleanupContract === "object"
+        ? record.dnsCleanupContract
+        : {},
+    metadata: record.metadata && typeof record.metadata === "object" ? record.metadata : {},
+  };
+}
+
+export function resolveSiteRegistryPath({ outputRoot } = {}) {
+  const resolvedOutputRoot = path.resolve(String(outputRoot || "."));
+  return path.join(resolvedOutputRoot, "aidenid", "site-registry.json");
+}
+
+async function loadRegistryInternal(filePath) {
+  try {
+    const raw = await fsp.readFile(filePath, "utf-8");
+    const parsed = JSON.parse(raw);
+    const sites = Array.isArray(parsed.sites)
+      ? parsed.sites.map((item) => normalizeSiteRecord(item)).filter((item) => item.siteId)
+      : [];
+    return {
+      schemaVersion: normalizeString(parsed.schemaVersion) || REGISTRY_SCHEMA_VERSION,
+      generatedAt: normalizeString(parsed.generatedAt) || new Date().toISOString(),
+      sites,
+    };
+  } catch (error) {
+    if (error && typeof error === "object" && error.code === "ENOENT") {
+      return {
+        schemaVersion: REGISTRY_SCHEMA_VERSION,
+        generatedAt: new Date().toISOString(),
+        sites: [],
+      };
+    }
+    throw error;
+  }
+}
+
+async function writeRegistryInternal(filePath, registry = {}) {
+  const normalized = {
+    schemaVersion: REGISTRY_SCHEMA_VERSION,
+    generatedAt: new Date().toISOString(),
+    sites: Array.isArray(registry.sites) ? registry.sites.map(normalizeSiteRecord) : [],
+  };
+  await fsp.mkdir(path.dirname(filePath), { recursive: true });
+  await fsp.writeFile(filePath, `${JSON.stringify(normalized, null, 2)}\n`, "utf-8");
+  return normalized;
+}
+
+export async function listSites({ outputRoot, identityId = "" } = {}) {
+  const registryPath = resolveSiteRegistryPath({ outputRoot });
+  const registry = await loadRegistryInternal(registryPath);
+  const normalizedIdentityId = normalizeString(identityId);
+  const filteredSites = normalizedIdentityId
+    ? registry.sites.filter((item) => item.identityId === normalizedIdentityId)
+    : registry.sites;
+  return {
+    registryPath,
+    sites: filteredSites,
+  };
+}
+
+export async function recordTemporarySite({
+  outputRoot,
+  site = {},
+  context = {},
+} = {}) {
+  const siteId = normalizeString(site.id || context.siteId);
+  if (!siteId) {
+    throw new Error("Cannot record temporary site without site.id.");
+  }
+
+  const registryPath = resolveSiteRegistryPath({ outputRoot });
+  const registry = await loadRegistryInternal(registryPath);
+  const nowIso = new Date().toISOString();
+  const nextRecord = normalizeSiteRecord({
+    siteId,
+    projectId: site.projectId || context.projectId,
+    identityId: site.identityId || context.identityId,
+    domainId: site.domainId || context.domainId,
+    host: site.host,
+    callbackPath: site.callbackPath,
+    callbackUrl: site.callbackUrl,
+    status: site.status,
+    dnsCleanupStatus: site.dnsCleanupStatus,
+    expiresAt: site.expiresAt,
+    teardownReason: site.teardownReason,
+    teardownAt: site.teardownAt,
+    createdAt: nowIso,
+    lastUpdatedAt: nowIso,
+    dnsCleanupContract: site.dnsCleanupContract,
+    metadata: {
+      ...(site.metadata && typeof site.metadata === "object" ? site.metadata : {}),
+      source: normalizeString(context.source) || "site-create",
+      idempotencyKey: context.idempotencyKey || null,
+    },
+  });
+
+  const index = registry.sites.findIndex((item) => item.siteId === siteId);
+  if (index >= 0) {
+    const existing = registry.sites[index];
+    registry.sites[index] = normalizeSiteRecord({
+      ...existing,
+      ...nextRecord,
+      createdAt: existing.createdAt || nextRecord.createdAt,
+      metadata: {
+        ...existing.metadata,
+        ...nextRecord.metadata,
+      },
+    });
+  } else {
+    registry.sites.push(nextRecord);
+  }
+
+  const saved = await writeRegistryInternal(registryPath, registry);
+  const savedSite = saved.sites.find((item) => item.siteId === siteId) || null;
+  return {
+    registryPath,
+    site: savedSite,
+  };
+}