feat(engine): merge cloudflare-migration — paradigm D engine, BYOK proxy, story persistence (#95)

Squash-merge the cloudflare-migration branch (7 commits by Kai ki) into
staging with conflict resolution, feature integration, and bug fixes.

Engine:
- Paradigm D: single-stream Writer replacing dual-phase Plan/Beats
- Delete Architect agent; story bible generated via Writer <plan> tag
- Modular prompt architecture (segments/registry/builder)
- StreamRouter for tagged stream splitting (<plan>/<story>/<choices>)

Infrastructure:
- Cloudflare Workers deployment (wrangler.jsonc, OpenNext adapter)
- D1 database schema + Drizzle ORM (scaffolded, not yet active)
- R2 storage helpers (scaffolded, not yet active)
- Story persistence API routes + client-side persistence

BYOK (Bring Your Own Key):
- /api/llm/user-proxy with SSRF-protected LLM proxy (+ requireUser auth)
- CORS-aware fetch in ai-client: auto-detect CORS failure, fallback to
  server proxy transparently via OpenAI SDK custom fetch
- BYO config support added to classify-freeform and vision routes
- SettingsModal CORS privacy notice (keys never logged/stored)

SSE streaming:
- engineClient.ts: fetchSSE helper for progressive scene events
- startSession/requestScene accept optional emit callback
- Fix SSE error event field name (error → message) in scene/start routes

i18n integration:
- Wire buildLanguageDirective into paradigm D's prompt builder
- Update corsNotice i18n keys (zh-CN/en/ja) with CORS proxy privacy text
- Preserve Session.language + LanguageSwitcher from i18n commit

Co-authored-by: Kai ki <155355644+zbf1009@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Zonghao Yuan
2026-06-18 18:05:38 +08:00
committed by GitHub
parent 05bd7e229c
commit 0e4c2ebef4
78 changed files with 7396 additions and 919 deletions
+168
View File
@@ -0,0 +1,168 @@
import "server-only";
/**
* BYOK (Bring Your Own Key) LLM Proxy
* Core logic for proxying user-provided API keys to upstream LLM providers.
* Handles SSRF防护, base URL normalization, and SSE streaming.
*/
// ── SSRF Protection ──────────────────────────────────────────────────────
const INTERNAL_IP_PATTERNS = [
/^127\./, // localhost
/^10\./, // 10.0.0.0/8
/^172\.(1[6-9]|2\d|3[01])\./, // 172.16.0.0/12
/^192\.168\./, // 192.168.0.0/16
/^169\.254\./, // link-local
/^::1$/, // IPv6 localhost
/^fe80:/, // IPv6 link-local
/^fc00:/, // IPv6 private
];
/**
* Validate upstream URL to prevent SSRF attacks.
* Only allows https:// and rejects internal IPs.
*/
export function validateUpstreamUrl(url: string): { valid: boolean; error?: string } {
try {
const parsed = new URL(url);
// Only https allowed (no http, file, etc.)
if (parsed.protocol !== "https:") {
return { valid: false, error: "Only https:// URLs are allowed" };
}
// Reject internal IPs
const hostname = parsed.hostname.toLowerCase();
if (hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1") {
return { valid: false, error: "Localhost not allowed" };
}
// Check IP patterns
for (const pattern of INTERNAL_IP_PATTERNS) {
if (pattern.test(hostname)) {
return { valid: false, error: "Internal IP ranges not allowed" };
}
}
return { valid: true };
} catch {
return { valid: false, error: "Invalid URL" };
}
}
// ── Base URL Normalization ───────────────────────────────────────────────
/**
* Normalize base URL: add https:// prefix if missing, strip trailing slashes.
*/
export function normalizeBaseUrl(url: string): string {
let cleaned = url.trim().replace(/\/+$/, "");
if (cleaned && !/^https?:\/\//i.test(cleaned)) {
cleaned = `https://${cleaned}`;
}
return cleaned;
}
/**
* Strip known API path suffixes from base URL (longest match first).
*/
function stripSuffixes(url: string, suffixes: string[]): string {
let cleaned = url.replace(/\/+$/, "");
for (const s of [...suffixes].sort((a, b) => b.length - a.length)) {
if (cleaned.endsWith(s)) {
cleaned = cleaned.slice(0, -s.length);
break;
}
}
return cleaned.replace(/\/+$/, "");
}
const OPENAI_SUFFIXES = ["/v1/chat/completions", "/v1/models", "/v1"];
const CLAUDE_SUFFIXES = ["/v1/messages", "/v1/models", "/v1"];
const GEMINI_SUFFIXES = ["/v1beta/models", "/v1beta", "/v1/models", "/v1"];
// ── Proxy Core ───────────────────────────────────────────────────────────
export interface ProxyLLMParams {
provider: "openai" | "claude" | "gemini";
apiKey: string;
baseUrl: string;
body: Record<string, unknown>;
model?: string; // Required for Gemini (model name in URL)
stream?: boolean; // Default true
}
/**
* Proxy LLM request to upstream provider.
* Transparently forwards both streaming (SSE) and non-streaming responses.
*/
export async function proxyLLM(params: ProxyLLMParams): Promise<Response> {
const { provider, apiKey, baseUrl, body, model, stream = true } = params;
// Validate base URL
const validation = validateUpstreamUrl(baseUrl);
if (!validation.valid) {
return new Response(
JSON.stringify({ error: validation.error }),
{ status: 400, headers: { "Content-Type": "application/json" } },
);
}
// Build upstream URL and headers
let upstreamUrl: string;
const headers: Record<string, string> = { "Content-Type": "application/json" };
switch (provider) {
case "openai": {
const base = stripSuffixes(baseUrl, OPENAI_SUFFIXES);
upstreamUrl = `${base}/v1/chat/completions`;
headers["Authorization"] = `Bearer ${apiKey}`;
break;
}
case "claude": {
const base = stripSuffixes(baseUrl, CLAUDE_SUFFIXES);
upstreamUrl = `${base}/v1/messages`;
headers["x-api-key"] = apiKey;
headers["anthropic-version"] = "2023-06-01";
break;
}
case "gemini": {
const base = stripSuffixes(baseUrl, GEMINI_SUFFIXES);
const modelName = model || "gemini-2.0-flash";
const action = stream ? "streamGenerateContent" : "generateContent";
const streamParam = stream ? "&alt=sse" : "";
upstreamUrl = `${base}/v1beta/models/${modelName}:${action}?key=${apiKey}${streamParam}`;
break;
}
default:
return new Response(
JSON.stringify({ error: `Unsupported provider: ${provider}` }),
{ status: 400, headers: { "Content-Type": "application/json" } },
);
}
// Forward to upstream
try {
const upstreamResponse = await fetch(upstreamUrl, {
method: "POST",
headers,
body: JSON.stringify(body),
});
// Transparent proxy: strip content-encoding/length, forward body as-is
const responseHeaders = new Headers(upstreamResponse.headers);
responseHeaders.delete("content-encoding");
responseHeaders.delete("content-length");
return new Response(upstreamResponse.body, {
status: upstreamResponse.status,
headers: responseHeaders,
});
} catch (error) {
return new Response(
JSON.stringify({ error: error instanceof Error ? error.message : "Proxy error" }),
{ status: 502, headers: { "Content-Type": "application/json" } },
);
}
}