traicebox 0.1.0

package/dist/logging-jyk2svr4.json

@@ -0,0 +1,35 @@
+{
+  "version": 1,
+  "disable_existing_loggers": false,
+  "formatters": {
+    "default": {
+      "()": "uvicorn.logging.DefaultFormatter",
+      "fmt": "%(levelprefix)s %(message)s",
+      "use_colors": null
+    }
+  },
+  "handlers": {
+    "default": {
+      "class": "logging.StreamHandler",
+      "formatter": "default",
+      "stream": "ext://sys.stderr"
+    }
+  },
+  "loggers": {
+    "uvicorn": {
+      "handlers": ["default"],
+      "level": "WARNING",
+      "propagate": false
+    },
+    "uvicorn.error": {
+      "handlers": ["default"],
+      "level": "WARNING",
+      "propagate": false
+    },
+    "uvicorn.access": {
+      "handlers": [],
+      "level": "WARNING",
+      "propagate": false
+    }
+  }
+}

package/dist/request_session_metadata_callback-wfkph4zx.py

@@ -0,0 +1,109 @@
+from typing import Optional
+
+from litellm.integrations.custom_logger import CustomLogger
+from litellm.litellm_core_utils.llm_request_utils import (
+    get_proxy_server_request_headers,
+)
+from litellm.proxy.proxy_server import DualCache, UserAPIKeyAuth
+from litellm.types.utils import CallTypesLiteral
+
+
+SESSION_HEADER_CANDIDATES = (
+    "x-litellm-trace-id",
+    "x-litellm-session-id",
+    "x-session-affinity",
+    "x-opencode-session",
+)
+
+
+def _normalize_headers(headers: dict) -> dict[str, str]:
+    normalized_headers: dict[str, str] = {}
+    for key, value in headers.items():
+        if key is None or value is None:
+            continue
+        normalized_headers[str(key).lower()] = str(value).strip()
+    return normalized_headers
+
+
+def _extract_session_id(headers: dict[str, str]) -> Optional[str]:
+    for header_name in SESSION_HEADER_CANDIDATES:
+        value = headers.get(header_name)
+        if value:
+            return value
+    return None
+
+
+def _get_incoming_headers(data: dict) -> dict[str, str]:
+    secret_fields = data.get("secret_fields")
+    if isinstance(secret_fields, dict):
+        raw_headers = secret_fields.get("raw_headers")
+        if isinstance(raw_headers, dict) and raw_headers:
+            return _normalize_headers(raw_headers)
+
+    litellm_params = data.get("litellm_params")
+    if isinstance(litellm_params, dict):
+        headers = get_proxy_server_request_headers(litellm_params)
+        if headers:
+            return _normalize_headers(headers)
+
+    proxy_server_request = data.get("proxy_server_request")
+    if isinstance(proxy_server_request, dict):
+        headers = proxy_server_request.get("headers")
+        if isinstance(headers, dict) and headers:
+            return _normalize_headers(headers)
+
+    return {}
+
+
+def _ensure_mapping(data: dict, key: str) -> dict:
+    current_value = data.get(key)
+    if isinstance(current_value, dict):
+        return current_value
+
+    replacement: dict = {}
+    data[key] = replacement
+    return replacement
+
+
+class RequestSessionMetadataCallback(CustomLogger):
+    async def async_pre_call_hook(
+        self,
+        user_api_key_dict: UserAPIKeyAuth,
+        cache: DualCache,
+        data: dict,
+        call_type: CallTypesLiteral,
+    ):
+        del user_api_key_dict, cache, call_type
+
+        if data.get("litellm_session_id"):
+            return data
+
+        metadata = _ensure_mapping(data, "metadata")
+        if metadata.get("session_id"):
+            return data
+
+        litellm_metadata = _ensure_mapping(data, "litellm_metadata")
+        if litellm_metadata.get("session_id"):
+            return data
+
+        headers = _get_incoming_headers(data)
+        session_id = _extract_session_id(headers)
+        if not session_id:
+            return data
+
+        parent_session_id = headers.get("x-parent-session-id")
+        data["litellm_session_id"] = session_id
+        data["litellm_trace_id"] = session_id
+        metadata.setdefault("session_id", session_id)
+        metadata.setdefault("trace_id", session_id)
+        litellm_metadata.setdefault("session_id", session_id)
+        litellm_metadata.setdefault("trace_id", session_id)
+
+        if parent_session_id:
+            metadata.setdefault("parent_session_id", parent_session_id)
+            litellm_metadata.setdefault("parent_session_id", parent_session_id)
+
+        return data
+
+
+proxy_handler_instance = RequestSessionMetadataCallback()

package/dist/server-bm43enwc.ts

@@ -0,0 +1,257 @@
+const upstreamOrigin = requiredEnv("LANGFUSE_UPSTREAM_ORIGIN");
+const publicOrigin = requiredEnv("LANGFUSE_PUBLIC_ORIGIN");
+const adminEmail = requiredEnv("LANGFUSE_INIT_USER_EMAIL");
+const adminPassword = requiredEnv("LANGFUSE_INIT_USER_PASSWORD");
+const autoLoginEnabled = envFlag("LANGFUSE_PROXY_AUTOLOGIN", true);
+const port = Number(Bun.env.PORT ?? "3000");
+const retryDelayMs = Number(Bun.env.LANGFUSE_PROXY_RETRY_DELAY_MS ?? "500");
+const maxRetries = Number(Bun.env.LANGFUSE_PROXY_MAX_RETRIES ?? "20");
+
+const sessionCookieNames = [
+  "__Secure-authjs.session-token",
+  "authjs.session-token",
+  "__Secure-next-auth.session-token",
+  "next-auth.session-token",
+];
+
+function requiredEnv(name: string): string {
+  const value = Bun.env[name];
+  if (!value) {
+    throw new Error(`Missing required environment variable: ${name}`);
+  }
+  return value;
+}
+
+function envFlag(name: string, fallback: boolean): boolean {
+  const value = Bun.env[name];
+  if (value == null || value === "") {
+    return fallback;
+  }
+  return !["0", "false", "no", "off"].includes(value.toLowerCase());
+}
+
+function getSetCookies(headers: Headers): string[] {
+  const bunHeaders = headers as Headers & { getSetCookie?: () => string[] };
+  if (typeof bunHeaders.getSetCookie === "function") {
+    return bunHeaders.getSetCookie();
+  }
+
+  const singleValue = headers.get("set-cookie");
+  return singleValue ? [singleValue] : [];
+}
+
+function serializeCookieHeader(setCookies: string[]): string {
+  return setCookies
+    .map((cookie) => cookie.split(";", 1)[0]?.trim())
+    .filter((cookie): cookie is string => Boolean(cookie))
+    .join("; ");
+}
+
+function hasSessionCookie(request: Request): boolean {
+  const cookieHeader = request.headers.get("cookie");
+  if (!cookieHeader) {
+    return false;
+  }
+
+  return sessionCookieNames.some((name) => cookieHeader.includes(`${name}=`));
+}
+
+function appendSetCookies(headers: Headers, cookies: string[]): void {
+  for (const cookie of cookies) {
+    headers.append("set-cookie", cookie);
+  }
+}
+
+function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function fetchWithRetry(url: URL, init: RequestInit): Promise<Response> {
+  let lastError: unknown;
+
+  for (let attempt = 1; attempt <= maxRetries; attempt += 1) {
+    try {
+      return await fetch(url, init);
+    } catch (error) {
+      lastError = error;
+      if (attempt === maxRetries) {
+        break;
+      }
+      await sleep(retryDelayMs);
+    }
+  }
+
+  throw lastError;
+}
+
+function copyRequestHeaders(request: Request): Headers {
+  const headers = new Headers(request.headers);
+  headers.delete("host");
+  headers.delete("connection");
+  headers.delete("content-length");
+  return headers;
+}
+
+async function loginToLangfuse(): Promise<string[]> {
+  const csrfResponse = await fetchWithRetry(
+    new URL("/api/auth/csrf", upstreamOrigin),
+    {
+      redirect: "manual",
+    },
+  );
+
+  if (!csrfResponse.ok) {
+    throw new Error(`Langfuse CSRF request failed with ${csrfResponse.status}`);
+  }
+
+  const csrfPayload = (await csrfResponse.json()) as { csrfToken?: string };
+  if (!csrfPayload.csrfToken) {
+    throw new Error("Langfuse CSRF response did not include csrfToken");
+  }
+
+  const csrfCookies = getSetCookies(csrfResponse.headers);
+  const callbackBody = new URLSearchParams({
+    email: adminEmail,
+    password: adminPassword,
+    csrfToken: csrfPayload.csrfToken,
+    callbackUrl: publicOrigin,
+    json: "true",
+  });
+
+  const callbackResponse = await fetchWithRetry(
+    new URL("/api/auth/callback/credentials?json=true", upstreamOrigin),
+    {
+      method: "POST",
+      redirect: "manual",
+      headers: {
+        "content-type": "application/x-www-form-urlencoded",
+        cookie: serializeCookieHeader(csrfCookies),
+      },
+      body: callbackBody.toString(),
+    },
+  );
+
+  if (callbackResponse.status >= 400) {
+    throw new Error(
+      `Langfuse credentials callback failed with ${callbackResponse.status}`,
+    );
+  }
+
+  const mergedCookies = [
+    ...csrfCookies,
+    ...getSetCookies(callbackResponse.headers),
+  ];
+  if (!serializeCookieHeader(mergedCookies)) {
+    throw new Error("Langfuse login callback did not return any cookies");
+  }
+
+  return mergedCookies;
+}
+
+async function checkLangfuseReadiness(): Promise<void> {
+  const loginCookies = autoLoginEnabled ? await loginToLangfuse() : [];
+  const headers = new Headers();
+  const cookieHeader = serializeCookieHeader(loginCookies);
+  if (cookieHeader) {
+    headers.set("cookie", cookieHeader);
+  }
+
+  const response = await fetchWithRetry(new URL("/", upstreamOrigin), {
+    headers,
+    redirect: "manual",
+  });
+
+  const contentType = response.headers.get("content-type") ?? "";
+  if (response.status >= 400 || !contentType.includes("text/html")) {
+    throw new Error(`Langfuse readiness failed with ${response.status}`);
+  }
+}
+
+async function proxyRequest(
+  request: Request,
+  extraCookies: string[] = [],
+): Promise<Response> {
+  const upstreamUrl = new URL(request.url);
+  upstreamUrl.protocol = new URL(upstreamOrigin).protocol;
+  upstreamUrl.host = new URL(upstreamOrigin).host;
+
+  const headers = copyRequestHeaders(request);
+  if (extraCookies.length > 0) {
+    const existingCookies = request.headers.get("cookie");
+    const loginCookies = serializeCookieHeader(extraCookies);
+    const combinedCookies = [existingCookies, loginCookies]
+      .filter(Boolean)
+      .join("; ");
+    if (combinedCookies) {
+      headers.set("cookie", combinedCookies);
+    }
+  }
+
+  const response = await fetchWithRetry(upstreamUrl, {
+    method: request.method,
+    headers,
+    body:
+      request.method === "GET" || request.method === "HEAD"
+        ? undefined
+        : request.body,
+    redirect: "manual",
+  });
+
+  const responseHeaders = new Headers(response.headers);
+  responseHeaders.delete("content-encoding");
+  responseHeaders.delete("content-length");
+
+  return new Response(response.body, {
+    status: response.status,
+    statusText: response.statusText,
+    headers: responseHeaders,
+  });
+}
+
+const server = Bun.serve({
+  port,
+  async fetch(request: Request): Promise<Response> {
+    const url = new URL(request.url);
+
+    if (url.pathname === "/healthz") {
+      return new Response("ok");
+    }
+
+    if (url.pathname === "/readyz") {
+      try {
+        await checkLangfuseReadiness();
+        return new Response("ok");
+      } catch (error) {
+        console.error("[langfuse-proxy] readiness check failed", error);
+        return new Response("not ready", { status: 503 });
+      }
+    }
+
+    if (!autoLoginEnabled || url.pathname.startsWith("/api/auth/")) {
+      return proxyRequest(request);
+    }
+
+    if (hasSessionCookie(request)) {
+      return proxyRequest(request);
+    }
+
+    try {
+      const loginCookies = await loginToLangfuse();
+      const response = await proxyRequest(request, loginCookies);
+      const headers = new Headers(response.headers);
+      appendSetCookies(headers, loginCookies);
+      headers.set("cache-control", "no-store");
+
+      return new Response(response.body, {
+        status: response.status,
+        statusText: response.statusText,
+        headers,
+      });
+    } catch (error) {
+      console.error("[langfuse-proxy] auto-login failed", error);
+      return new Response("Langfuse auto-login failed", { status: 502 });
+    }
+  },
+});
+
+console.log(`[langfuse-proxy] listening on :${server.port}`);

package/dist/server-d2v9t7c1.ts

@@ -0,0 +1,257 @@
+const upstreamOrigin = requiredEnv("LANGFUSE_UPSTREAM_ORIGIN");
+const publicOrigin = requiredEnv("LANGFUSE_PUBLIC_ORIGIN");
+const adminEmail = requiredEnv("LANGFUSE_INIT_USER_EMAIL");
+const adminPassword = requiredEnv("LANGFUSE_INIT_USER_PASSWORD");
+const autoLoginEnabled = envFlag("LANGFUSE_PROXY_AUTOLOGIN", true);
+const port = Number(Bun.env.PORT ?? "3000");
+const retryDelayMs = Number(Bun.env.LANGFUSE_PROXY_RETRY_DELAY_MS ?? "500");
+const maxRetries = Number(Bun.env.LANGFUSE_PROXY_MAX_RETRIES ?? "20");
+
+const sessionCookieNames = [
+  "__Secure-authjs.session-token",
+  "authjs.session-token",
+  "__Secure-next-auth.session-token",
+  "next-auth.session-token",
+];
+
+function requiredEnv(name: string): string {
+  const value = Bun.env[name];
+  if (!value) {
+    throw new Error(`Missing required environment variable: ${name}`);
+  }
+  return value;
+}
+
+function envFlag(name: string, fallback: boolean): boolean {
+  const value = Bun.env[name];
+  if (value == null || value === "") {
+    return fallback;
+  }
+  return !["0", "false", "no", "off"].includes(value.toLowerCase());
+}
+
+function getSetCookies(headers: Headers): string[] {
+  const bunHeaders = headers as Headers & { getSetCookie?: () => string[] };
+  if (typeof bunHeaders.getSetCookie === "function") {
+    return bunHeaders.getSetCookie();
+  }
+
+  const singleValue = headers.get("set-cookie");
+  return singleValue ? [singleValue] : [];
+}
+
+function serializeCookieHeader(setCookies: string[]): string {
+  return setCookies
+    .map((cookie) => cookie.split(";", 1)[0]?.trim())
+    .filter((cookie): cookie is string => Boolean(cookie))
+    .join("; ");
+}
+
+function hasSessionCookie(request: Request): boolean {
+  const cookieHeader = request.headers.get("cookie");
+  if (!cookieHeader) {
+    return false;
+  }
+
+  return sessionCookieNames.some((name) => cookieHeader.includes(`${name}=`));
+}
+
+function appendSetCookies(headers: Headers, cookies: string[]): void {
+  for (const cookie of cookies) {
+    headers.append("set-cookie", cookie);
+  }
+}
+
+function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function fetchWithRetry(url: URL, init: RequestInit): Promise<Response> {
+  let lastError: unknown;
+
+  for (let attempt = 1; attempt <= maxRetries; attempt += 1) {
+    try {
+      return await fetch(url, init);
+    } catch (error) {
+      lastError = error;
+      if (attempt === maxRetries) {
+        break;
+      }
+      await sleep(retryDelayMs);
+    }
+  }
+
+  throw lastError;
+}
+
+function copyRequestHeaders(request: Request): Headers {
+  const headers = new Headers(request.headers);
+  headers.delete("host");
+  headers.delete("connection");
+  headers.delete("content-length");
+  return headers;
+}
+
+async function loginToLangfuse(): Promise<string[]> {
+  const csrfResponse = await fetchWithRetry(
+    new URL("/api/auth/csrf", upstreamOrigin),
+    {
+      redirect: "manual",
+    },
+  );
+
+  if (!csrfResponse.ok) {
+    throw new Error(`Langfuse CSRF request failed with ${csrfResponse.status}`);
+  }
+
+  const csrfPayload = (await csrfResponse.json()) as { csrfToken?: string };
+  if (!csrfPayload.csrfToken) {
+    throw new Error("Langfuse CSRF response did not include csrfToken");
+  }
+
+  const csrfCookies = getSetCookies(csrfResponse.headers);
+  const callbackBody = new URLSearchParams({
+    email: adminEmail,
+    password: adminPassword,
+    csrfToken: csrfPayload.csrfToken,
+    callbackUrl: publicOrigin,
+    json: "true",
+  });
+
+  const callbackResponse = await fetchWithRetry(
+    new URL("/api/auth/callback/credentials?json=true", upstreamOrigin),
+    {
+      method: "POST",
+      redirect: "manual",
+      headers: {
+        "content-type": "application/x-www-form-urlencoded",
+        cookie: serializeCookieHeader(csrfCookies),
+      },
+      body: callbackBody.toString(),
+    },
+  );
+
+  if (callbackResponse.status >= 400) {
+    throw new Error(
+      `Langfuse credentials callback failed with ${callbackResponse.status}`,
+    );
+  }
+
+  const mergedCookies = [
+    ...csrfCookies,
+    ...getSetCookies(callbackResponse.headers),
+  ];
+  if (!serializeCookieHeader(mergedCookies)) {
+    throw new Error("Langfuse login callback did not return any cookies");
+  }
+
+  return mergedCookies;
+}
+
+async function checkLangfuseReadiness(): Promise<void> {
+  const loginCookies = autoLoginEnabled ? await loginToLangfuse() : [];
+  const headers = new Headers();
+  const cookieHeader = serializeCookieHeader(loginCookies);
+  if (cookieHeader) {
+    headers.set("cookie", cookieHeader);
+  }
+
+  const response = await fetchWithRetry(new URL("/", upstreamOrigin), {
+    headers,
+    redirect: "manual",
+  });
+
+  const contentType = response.headers.get("content-type") ?? "";
+  if (response.status >= 400 || !contentType.includes("text/html")) {
+    throw new Error(`Langfuse readiness failed with ${response.status}`);
+  }
+}
+
+async function proxyRequest(
+  request: Request,
+  extraCookies: string[] = [],
+): Promise<Response> {
+  const upstreamUrl = new URL(request.url);
+  upstreamUrl.protocol = new URL(upstreamOrigin).protocol;
+  upstreamUrl.host = new URL(upstreamOrigin).host;
+
+  const headers = copyRequestHeaders(request);
+  if (extraCookies.length > 0) {
+    const existingCookies = request.headers.get("cookie");
+    const loginCookies = serializeCookieHeader(extraCookies);
+    const combinedCookies = [existingCookies, loginCookies]
+      .filter(Boolean)
+      .join("; ");
+    if (combinedCookies) {
+      headers.set("cookie", combinedCookies);
+    }
+  }
+
+  const response = await fetchWithRetry(upstreamUrl, {
+    method: request.method,
+    headers,
+    body:
+      request.method === "GET" || request.method === "HEAD"
+        ? undefined
+        : request.body,
+    redirect: "manual",
+  });
+
+  const responseHeaders = new Headers(response.headers);
+  responseHeaders.delete("content-encoding");
+  responseHeaders.delete("content-length");
+
+  return new Response(response.body, {
+    status: response.status,
+    statusText: response.statusText,
+    headers: responseHeaders,
+  });
+}
+
+const server = Bun.serve({
+  port,
+  async fetch(request: Request): Promise<Response> {
+    const url = new URL(request.url);
+
+    if (url.pathname === "/healthz") {
+      return new Response("ok");
+    }
+
+    if (url.pathname === "/readyz") {
+      try {
+        await checkLangfuseReadiness();
+        return new Response("ok");
+      } catch (error) {
+        console.error("[langfuse-proxy] readiness check failed", error);
+        return new Response("not ready", { status: 503 });
+      }
+    }
+
+    if (!autoLoginEnabled || url.pathname.startsWith("/api/auth/")) {
+      return proxyRequest(request);
+    }
+
+    if (hasSessionCookie(request)) {
+      return proxyRequest(request);
+    }
+
+    try {
+      const loginCookies = await loginToLangfuse();
+      const response = await proxyRequest(request, loginCookies);
+      const headers = new Headers(response.headers);
+      appendSetCookies(headers, loginCookies);
+      headers.set("cache-control", "no-store");
+
+      return new Response(response.body, {
+        status: response.status,
+        statusText: response.statusText,
+        headers,
+      });
+    } catch (error) {
+      console.error("[langfuse-proxy] auto-login failed", error);
+      return new Response("Langfuse auto-login failed", { status: 502 });
+    }
+  },
+});
+
+console.log(`[langfuse-proxy] listening on :${server.port}`);