zack3d/OAI-Proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: zack3d/OAI-Proxy:add-assistant-postamble
Branches Tags
zack3d/OAI-Proxy:main zack3d/OAI-Proxy:o1-role-reasoning zack3d/OAI-Proxy:o1-200k zack3d/OAI-Proxy:o1-check-family zack3d/OAI-Proxy:penurin-main-patch-71429 zack3d/OAI-Proxy:add-tool-fix-claude zack3d/OAI-Proxy:oai-deprecated-toolcall-fix zack3d/OAI-Proxy:aws-mistral zack3d/OAI-Proxy:cohere zack3d/OAI-Proxy:sqlite-users zack3d/OAI-Proxy:api-support-refactor zack3d/OAI-Proxy:combined-endpoint zack3d/OAI-Proxy:fix-express-trust-proxy zack3d/OAI-Proxy:captcha zack3d/OAI-Proxy:key-persistence zack3d/OAI-Proxy:add-assistant-postamble zack3d/OAI-Proxy:datasets-persistence zack3d/OAI-Proxy:tokenize zack3d/OAI-Proxy:scale-autochurn zack3d/OAI-Proxy:airtable-logging
...
pull from: zack3d/OAI-Proxy:key-persistence
Branches Tags
zack3d/OAI-Proxy:main zack3d/OAI-Proxy:o1-role-reasoning zack3d/OAI-Proxy:o1-200k zack3d/OAI-Proxy:o1-check-family zack3d/OAI-Proxy:penurin-main-patch-71429 zack3d/OAI-Proxy:add-tool-fix-claude zack3d/OAI-Proxy:oai-deprecated-toolcall-fix zack3d/OAI-Proxy:aws-mistral zack3d/OAI-Proxy:cohere zack3d/OAI-Proxy:sqlite-users zack3d/OAI-Proxy:api-support-refactor zack3d/OAI-Proxy:combined-endpoint zack3d/OAI-Proxy:fix-express-trust-proxy zack3d/OAI-Proxy:captcha zack3d/OAI-Proxy:key-persistence zack3d/OAI-Proxy:add-assistant-postamble zack3d/OAI-Proxy:datasets-persistence zack3d/OAI-Proxy:tokenize zack3d/OAI-Proxy:scale-autochurn zack3d/OAI-Proxy:airtable-logging

42 Commits
add-assistant-postamble ... key-persistence

Author SHA1 Message Date
nai-degen b8cc5e563e wip, broke something with serializer 2023-10-12 15:13:55 -05:00
nai-degen 00402c8310 consolidates some duplicated keyprovider stuff 2023-10-09 00:03:46 -05:00
nai-degen df2e986366 adds .editorconfig for line endings 2023-10-08 18:44:35 -05:00
nai-degen f9620991e7 reorganizes imports and types 2023-10-08 18:44:14 -05:00
nai-degen dd511fe60d made it out of generic hell 2023-10-08 11:08:47 -05:00
nai-degen ea2bfb9eef implements most of firebasekeystore 2023-10-08 04:21:49 -05:00
nai-degen 39436e7492 adds root firebase field name configuration 2023-10-08 02:26:03 -05:00
nai-degen 3b9013cd1e minor keyprovider cleanup 2023-10-08 02:09:05 -05:00
nai-degen 8884544b05 fixes rebase issues and adds aws key serializer 2023-10-08 01:50:23 -05:00
nai-degen 05ab8c37eb implements generic key serialization/deserialization 2023-10-08 01:32:34 -05:00
nai-degen f53e328398 wip broken shit 2023-10-08 01:27:58 -05:00
nai-degen 21af866fd9 moves keystore interface 2023-10-08 01:27:56 -05:00
nai-degen 5d3433268f implements MemoryKeyStore; inject store when instantiating providers 2023-10-08 01:27:27 -05:00
nai-degen 4114dba4f5 adds anthropic provider deserialize method 2023-10-08 01:24:25 -05:00
nai-degen e44d24a3af migrates GATEKEEPER_STORE config to PERSISTENCE_PROVIDER 2023-10-08 01:23:12 -05:00
nai-degen d611aeee18 adds wip keystore interface 2023-10-08 01:23:09 -05:00
nai-degen c87484f1ff adds AWS console screenshot to docs 2023-10-07 21:33:53 -05:00
nai-degen 15a2cb5a26 another docs correction 2023-10-07 21:10:18 -05:00
nai-degen c8182cea17 docs correction 2023-10-07 21:08:40 -05:00
nai-degen b06d48e1f8 adds better AWS docs 2023-10-07 20:58:04 -05:00
khanon 140bdea14e Implement AWS KeyChecker and auto-disable AWS logged keys (khanon/oai-reverse-proxy!47) 2023-10-08 01:17:09 +00:00
nai-degen 12f78fa1f2 exempts 'special' role from rate limiting 2023-10-06 20:29:28 -05:00
nai-degen daf6a123d5 adjusts Agnai.chat and RisuAI rate limiting 2023-10-04 09:39:59 -05:00
nai-degen 4e05b01e90 improves AWS .env.example and config.ts docs 2023-10-03 20:29:49 -05:00
nai-degen 5033d00444 improves clarity of errors sent back to streaming clients 2023-10-03 19:45:15 -05:00
nai-degen ba0b20617e ensures AWS always uses anthropic-version 2023-06-01 parser 2023-10-03 19:43:30 -05:00
nai-degen 4a5fd91da3 address npm audit; adds zod-error package 2023-10-03 19:05:46 -05:00
khanon ecf897e685 Refactor handleStreamingResponse to make it less shit (khanon/oai-reverse-proxy!46) 2023-10-03 06:14:19 +00:00
nai-degen 6a3d753f0d fixes anthropic keychecker for some keys 2023-10-02 20:32:07 -05:00
khanon 0bf2f5c123 fixes typo in .env.example 2023-10-02 20:39:30 +00:00
nai-degen ede274c117 disables AWS key on AccessDeniedException 2023-10-02 11:18:08 -05:00
nai-degen d2267beb18 adds aws-claude token cost 2023-10-02 09:43:26 -05:00
nai-degen 0837c89a42 fixes incorrect context size limit for aws claude v1 2023-10-02 03:53:04 -05:00
nai-degen f67560a17b refactors proxy routing 2023-10-01 12:12:28 -05:00
nai-degen e13361a323 removes dead koboldai code 2023-10-01 11:27:11 -05:00
khanon fa4bf468d2 Implement AWS Bedrock support (khanon/oai-reverse-proxy!45) 2023-10-01 01:40:18 +00:00
nai-degen 7e681a7bef strips OAI request parameters when translating to Claude format 2023-09-29 03:01:39 -05:00
nai-degen 1b0106a1ea strips reverse proxy originating IP headers 2023-09-29 03:00:55 -05:00
nai-degen f5521aa6c3 prevents selecting trial keys for embeddings requests due to rate limits 2023-09-26 01:26:07 -05:00
nai-degen f8b480f4c2 adds support for proxying text-embedding-ada-002 requests 2023-09-26 00:58:38 -05:00
khanon 1f35fe1ae1 updates huggingface docs to clarify gatekeeper 2023-09-24 11:00:25 +00:00
khanon 35b44e1c6b fixes issue with OpenAIV1ChatCompletionSchema and PaLM compat 2023-09-24 10:48:56 +00:00
81 changed files with 3990 additions and 1994 deletions
Expand all files Collapse all files
.editorconfig
+4
View File
@@ -0,0 +1,4 @@
root = true
[*]
end_of_line = crlf
.env.example
+4 -1
View File
@@ -56,7 +56,7 @@
# See `docs/user-management.md` for more information and setup instructions.
# See `docs/user-quotas.md` to learn how to set up quotas.
# Which access control method to use. (none | proxy_token | user_token)
# Which access control method to use. (none | proxy_key | user_token)
# GATEKEEPER=none
# Which persistence method to use. (memory | firebase_rtdb)
# GATEKEEPER_STORE=memory
@@ -84,8 +84,11 @@
# For Render, create a "secret file" called .env using the Environment tab.
# You can add multiple API keys by separating them with a comma.
# For AWS credentials, separate the access key ID, secret key, and region with a colon.
OPENAI_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ANTHROPIC_KEY=sk-ant-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# See `docs/aws-configuration.md` for more information, there may be additional steps required to set up AWS.
AWS_CREDENTIALS=myaccesskeyid:mysecretkey:us-east-1,anotheraccesskeyid:anothersecretkey:us-west-2
# With proxy_key gatekeeper, the password users must provide to access the API.
# PROXY_KEY=your-secret-key
.gitignore
+1
View File
@@ -1,6 +1,7 @@
.env
.venv
.vscode
.idea
build
greeting.md
node_modules
.prettierrc
+2 -1
View File
@@ -9,5 +9,6 @@
"bracketSameLine": true
}
}
]
],
"trailingComma": "es5"
}
docs/assets/aws-request-model-access.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.2 KiB

docs/aws-configuration.md
+57
View File
@@ -0,0 +1,57 @@
# Configuring the proxy for AWS Bedrock
The proxy supports AWS Bedrock models via the `/proxy/aws/claude` endpoint. There are a few extra steps necessary to use AWS Bedrock compared to the other supported APIs.
- [Setting keys](#setting-keys)
- [Attaching policies](#attaching-policies)
- [Provisioning models](#provisioning-models)
- [Note regarding logging](#note-regarding-logging)
## Setting keys
Use the `AWS_CREDENTIALS` environment variable to set the AWS API keys.
Like other APIs, you can provide multiple keys separated by commas. Each AWS key, however, is a set of credentials including the access key, secret key, and region. These are separated by a colon (`:`).
For example:
```
AWS_CREDENTIALS=AKIA000000000000000:somesecretkey:us-east-1,AKIA111111111111111:anothersecretkey:us-west-2
```
## Attaching policies
Unless your credentials belong to the root account, the principal will need to be granted the following permissions:
- `bedrock:InvokeModel`
- `bedrock:InvokeModelWithResponseStream`
- `bedrock:GetModelInvocationLoggingConfiguration`
- The proxy needs this to determine whether prompt/response logging is enabled. By default, the proxy won't use credentials unless it can conclusively determine that logging is disabled, for privacy reasons.
Use the IAM console or the AWS CLI to attach these policies to the principal associated with the credentials.
## Provisioning models
AWS does not automatically provide accounts with access to every model. You will need to provision the models you want to use, in the regions you want to use them in. You can do this from the AWS console.
⚠️ **Models are region-specific.** Currently AWS only offers Claude in a small number of regions. Switch to the AWS region you want to use, then go to the models page and request access to **Anthropic / Claude**.
![](./assets/aws-request-model-access.png)
Access is generally granted more or less instantly. Once your account has access, you can enable the model by checking the box next to it.
You can also request Claude Instant, but support for this isn't fully implemented yet.
### Supported model IDs
Users can send these model IDs to the proxy to invoke the corresponding models.
- **Claude**
- `anthropic.claude-v1` (~18k context)
- `anthropic.claude-v2` (~100k context)
- **Claude Instant**
- `anthropic.claude-instant-v1`
## Note regarding logging
By default, the proxy will refuse to use keys if it finds that logging is enabled, or if it doesn't have permission to check logging status.
If you can't attach the `bedrock:GetModelInvocationLoggingConfiguration` policy to the principal, you can set the `ALLOW_AWS_LOGGING` environment variable to `true` to force the proxy to use the keys anyway. A warning will appear on the info page when this is enabled.
docs/deploy-huggingface.md
+7 -1
View File
@@ -88,6 +88,12 @@ See `.env.example` for a full list of available settings, or check `config.ts` f
## Restricting access to the server
If you want to restrict access to the server, you can set a `PROXY_KEY` secret. This key will need to be passed in the Authentication header of every request to the server, just like an OpenAI API key.
If you want to restrict access to the server, you can set a `PROXY_KEY` secret. This key will need to be passed in the Authentication header of every request to the server, just like an OpenAI API key. Set the `GATEKEEPER` mode to `proxy_key`, and then set the `PROXY_KEY` variable to whatever password you want.
Add this using the same method as the OPENAI_KEY secret above. Don't add this to your `.env` file because that file is public and anyone can see it.
Example:
```
GATEKEEPER=proxy_key
PROXY_KEY=your_secret_password
```
package-lock.json
Generated
+389 -21
View File
@@ -10,6 +10,10 @@
"license": "MIT",
"dependencies": {
"@anthropic-ai/tokenizer": "^0.0.4",
"@aws-crypto/sha256-js": "^5.1.0",
"@smithy/protocol-http": "^3.0.6",
"@smithy/signature-v4": "^2.0.10",
"@smithy/types": "^2.3.4",
"axios": "^1.3.5",
"cookie-parser": "^1.4.6",
"copyfiles": "^2.4.1",
@@ -22,6 +26,7 @@
"firebase-admin": "^11.10.1",
"googleapis": "^122.0.0",
"http-proxy-middleware": "^3.0.0-beta.1",
"lifion-aws-event-stream": "^1.0.7",
"memorystore": "^1.6.7",
"multer": "^1.4.5-lts.1",
"node-schedule": "^2.1.1",
@@ -32,7 +37,8 @@
"tiktoken": "^1.0.10",
"uuid": "^9.0.0",
"zlib": "^1.0.5",
"zod": "^3.21.4"
"zod": "^3.22.3",
"zod-error": "^1.5.0"
},
"devDependencies": {
"@types/cookie-parser": "^1.4.3",
@@ -49,9 +55,11 @@
"esbuild-register": "^3.4.2",
"husky": "^8.0.3",
"nodemon": "^3.0.1",
"pino-pretty": "^10.2.3",
"prettier": "^3.0.3",
"source-map-support": "^0.5.21",
"ts-node": "^10.9.1",
"typescript": "^5.0.4"
"typescript": "^5.1.3"
},
"engines": {
"node": ">=18.0.0"
@@ -66,6 +74,79 @@
"tiktoken": "^1.0.10"
}
},
"node_modules/@aws-crypto/crc32": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz",
"integrity": "sha512-IzSgsrxUcsrejQbPVilIKy16kAT52EwB6zSaI+M3xxIhKh5+aldEyvI+z6erM7TCLB2BJsFrtHjp6/4/sr+3dA==",
"dependencies": {
"@aws-crypto/util": "^3.0.0",
"@aws-sdk/types": "^3.222.0",
"tslib": "^1.11.1"
}
},
"node_modules/@aws-crypto/crc32/node_modules/tslib": {
"version": "1.14.1",
"resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
"integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
},
"node_modules/@aws-crypto/sha256-js": {
"version": "5.1.0",
"resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-5.1.0.tgz",
"integrity": "sha512-VeDxEzCJZUNikoRD7DMFZj/aITgt2VL8tf37nEJqFjUf6DU202Vf3u07W5Ip8lVDs2Pdqg2AbdoWPyjtmHU8nw==",
"dependencies": {
"@aws-crypto/util": "^5.1.0",
"@aws-sdk/types": "^3.222.0",
"tslib": "^2.6.2"
},
"engines": {
"node": ">=16.0.0"
}
},
"node_modules/@aws-crypto/sha256-js/node_modules/@aws-crypto/util": {
"version": "5.1.0",
"resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-5.1.0.tgz",
"integrity": "sha512-TRSydv/0a4RTZYnCmbpx1F6fOfVlTostBFvLr9GCGPww2WhuIgMg5ZmWN35Wi/Cy6HuvZf82wfUN1F9gQkJ1mQ==",
"dependencies": {
"@aws-sdk/types": "^3.222.0",
"@smithy/util-utf8": "^2.0.0",
"tslib": "^2.6.2"
}
},
"node_modules/@aws-crypto/util": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz",
"integrity": "sha512-2OJlpeJpCR48CC8r+uKVChzs9Iungj9wkZrl8Z041DWEWvyIHILYKCPNzJghKsivj+S3mLo6BVc7mBNzdxA46w==",
"dependencies": {
"@aws-sdk/types": "^3.222.0",
"@aws-sdk/util-utf8-browser": "^3.0.0",
"tslib": "^1.11.1"
}
},
"node_modules/@aws-crypto/util/node_modules/tslib": {
"version": "1.14.1",
"resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
"integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
},
"node_modules/@aws-sdk/types": {
"version": "3.418.0",
"resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz",
"integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==",
"dependencies": {
"@smithy/types": "^2.3.3",
"tslib": "^2.5.0"
},
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/@aws-sdk/util-utf8-browser": {
"version": "3.259.0",
"resolved": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz",
"integrity": "sha512-UvFa/vR+e19XookZF8RzFZBrw2EUkQWxiBW0yYQAhvk3C+QVGl0H3ouca8LDBlBfQKXwmW3huo/59H8rwb1wJw==",
"dependencies": {
"tslib": "^2.3.1"
}
},
"node_modules/@babel/parser": {
"version": "7.22.7",
"resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.22.7.tgz",
@@ -751,6 +832,127 @@
"integrity": "sha512-Vvn3zZrhQZkkBE8LSuW3em98c0FwgO4nxzv6OdSxPKJIEKY2bGbHn+mhGIPerzI4twdxaP8/0+06HBpwf345Lw==",
"optional": true
},
"node_modules/@smithy/eventstream-codec": {
"version": "2.0.10",
"resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-2.0.10.tgz",
"integrity": "sha512-3SSDgX2nIsFwif6m+I4+ar4KDcZX463Noes8ekBgQHitULiWvaDZX8XqPaRQSQ4bl1vbeVXHklJfv66MnVO+lw==",
"dependencies": {
"@aws-crypto/crc32": "3.0.0",
"@smithy/types": "^2.3.4",
"@smithy/util-hex-encoding": "^2.0.0",
"tslib": "^2.5.0"
}
},
"node_modules/@smithy/is-array-buffer": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.0.0.tgz",
"integrity": "sha512-z3PjFjMyZNI98JFRJi/U0nGoLWMSJlDjAW4QUX2WNZLas5C0CmVV6LJ01JI0k90l7FvpmixjWxPFmENSClQ7ug==",
"dependencies": {
"tslib": "^2.5.0"
},
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/@smithy/protocol-http": {
"version": "3.0.6",
"resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-3.0.6.tgz",
"integrity": "sha512-F0jAZzwznMmHaggiZgc7YoS08eGpmLvhVktY/Taz6+OAOHfyIqWSDNgFqYR+WHW9z5fp2XvY4mEUrQgYMQ71jw==",
"dependencies": {
"@smithy/types": "^2.3.4",
"tslib": "^2.5.0"
},
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/@smithy/signature-v4": {
"version": "2.0.10",
"resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-2.0.10.tgz",
"integrity": "sha512-S6gcP4IXfO/VMswovrhxPpqvQvMal7ZRjM4NvblHSPpE5aNBYx67UkHFF3kg0hR3tJKqNpBGbxwq0gzpdHKLRA==",
"dependencies": {
"@smithy/eventstream-codec": "^2.0.10",
"@smithy/is-array-buffer": "^2.0.0",
"@smithy/types": "^2.3.4",
"@smithy/util-hex-encoding": "^2.0.0",
"@smithy/util-middleware": "^2.0.3",
"@smithy/util-uri-escape": "^2.0.0",
"@smithy/util-utf8": "^2.0.0",
"tslib": "^2.5.0"
},
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/@smithy/types": {
"version": "2.3.4",
"resolved": "https://registry.npmjs.org/@smithy/types/-/types-2.3.4.tgz",
"integrity": "sha512-D7xlM9FOMFyFw7YnMXn9dK2KuN6+JhnrZwVt1fWaIu8hCk5CigysweeIT/H/nCo4YV+s8/oqUdLfexbkPZtvqw==",
"dependencies": {
"tslib": "^2.5.0"
},
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/@smithy/util-buffer-from": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.0.0.tgz",
"integrity": "sha512-/YNnLoHsR+4W4Vf2wL5lGv0ksg8Bmk3GEGxn2vEQt52AQaPSCuaO5PM5VM7lP1K9qHRKHwrPGktqVoAHKWHxzw==",
"dependencies": {
"@smithy/is-array-buffer": "^2.0.0",
"tslib": "^2.5.0"
},
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/@smithy/util-hex-encoding": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-2.0.0.tgz",
"integrity": "sha512-c5xY+NUnFqG6d7HFh1IFfrm3mGl29lC+vF+geHv4ToiuJCBmIfzx6IeHLg+OgRdPFKDXIw6pvi+p3CsscaMcMA==",
"dependencies": {
"tslib": "^2.5.0"
},
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/@smithy/util-middleware": {
"version": "2.0.3",
"resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-2.0.3.tgz",
"integrity": "sha512-+FOCFYOxd2HO7v/0hkFSETKf7FYQWa08wh/x/4KUeoVBnLR4juw8Qi+TTqZI6E2h5LkzD9uOaxC9lAjrpVzaaA==",
"dependencies": {
"@smithy/types": "^2.3.4",
"tslib": "^2.5.0"
},
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/@smithy/util-uri-escape": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-2.0.0.tgz",
"integrity": "sha512-ebkxsqinSdEooQduuk9CbKcI+wheijxEb3utGXkCoYQkJnwTnLbH1JXGimJtUkQwNQbsbuYwG2+aFVyZf5TLaw==",
"dependencies": {
"tslib": "^2.5.0"
},
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/@smithy/util-utf8": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.0.0.tgz",
"integrity": "sha512-rctU1VkziY84n5OXe3bPNpKR001ZCME2JCaBBFgtiM2hfKbHFudc/BkMuPab8hRbLd0j3vbnBTTZ1igBf0wgiQ==",
"dependencies": {
"@smithy/util-buffer-from": "^2.0.0",
"tslib": "^2.5.0"
},
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/@tootallnate/once": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz",
@@ -1437,6 +1639,12 @@
"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
},
"node_modules/colorette": {
"version": "2.0.20",
"resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz",
"integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==",
"dev": true
},
"node_modules/combined-stream": {
"version": "1.0.8",
"resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
@@ -1706,6 +1914,37 @@
"node": ">= 0.10"
}
},
"node_modules/crc": {
"version": "3.8.0",
"resolved": "https://registry.npmjs.org/crc/-/crc-3.8.0.tgz",
"integrity": "sha512-iX3mfgcTMIq3ZKLIsVFAbv7+Mc10kxabAGQb8HvjA1o3T1PIYprbakQ65d3I+2HGHt6nSKkM9PYjgoJO2KcFBQ==",
"dependencies": {
"buffer": "^5.1.0"
}
},
"node_modules/crc/node_modules/buffer": {
"version": "5.7.1",
"resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz",
"integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==",
"funding": [
{
"type": "github",
"url": "https://github.com/sponsors/feross"
},
{
"type": "patreon",
"url": "https://www.patreon.com/feross"
},
{
"type": "consulting",
"url": "https://feross.org/support"
}
],
"dependencies": {
"base64-js": "^1.3.1",
"ieee754": "^1.1.13"
}
},
"node_modules/create-require": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz",
@@ -1744,6 +1983,15 @@
"url": "https://opencollective.com/date-fns"
}
},
"node_modules/dateformat": {
"version": "4.6.3",
"resolved": "https://registry.npmjs.org/dateformat/-/dateformat-4.6.3.tgz",
"integrity": "sha512-2P0p0pFGzHS5EMnhdxQi7aJN+iMheud0UhG4dlE1DLAlvL8JHjJJTX/CSm4JXwV0Ka5nGk3zC5mcb5bUQUxxMA==",
"dev": true,
"engines": {
"node": "*"
}
},
"node_modules/debug": {
"version": "2.6.9",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@@ -1940,7 +2188,7 @@
"version": "1.4.4",
"resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz",
"integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==",
"optional": true,
"devOptional": true,
"dependencies": {
"once": "^1.4.0"
}
@@ -2297,6 +2545,12 @@
"resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
"integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
},
"node_modules/fast-copy": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/fast-copy/-/fast-copy-3.0.1.tgz",
"integrity": "sha512-Knr7NOtK3HWRYGtHoJrjkaWepqT8thIVGAwt0p0aUs1zqkAzXZV4vo9fFNwyb5fcqK1GKYFYxldQdIDVKhUAfA==",
"dev": true
},
"node_modules/fast-deep-equal": {
"version": "3.1.3",
"resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
@@ -2317,6 +2571,12 @@
"node": ">=6"
}
},
"node_modules/fast-safe-stringify": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
"integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==",
"dev": true
},
"node_modules/fast-text-encoding": {
"version": "1.0.6",
"resolved": "https://registry.npmjs.org/fast-text-encoding/-/fast-text-encoding-1.0.6.tgz",
@@ -2539,7 +2799,7 @@
"version": "8.1.0",
"resolved": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz",
"integrity": "sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ==",
"optional": true,
"devOptional": true,
"dependencies": {
"fs.realpath": "^1.0.0",
"inflight": "^1.0.4",
@@ -2570,7 +2830,7 @@
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
"optional": true,
"devOptional": true,
"dependencies": {
"balanced-match": "^1.0.0"
}
@@ -2579,7 +2839,7 @@
"version": "5.1.6",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
"integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
"optional": true,
"devOptional": true,
"dependencies": {
"brace-expansion": "^2.0.1"
},
@@ -2728,6 +2988,30 @@
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/help-me": {
"version": "4.2.0",
"resolved": "https://registry.npmjs.org/help-me/-/help-me-4.2.0.tgz",
"integrity": "sha512-TAOnTB8Tz5Dw8penUuzHVrKNKlCIbwwbHnXraNJxPwf8LRtE2HlM84RYuezMFcwOJmoYOCWVDyJ8TQGxn9PgxA==",
"dev": true,
"dependencies": {
"glob": "^8.0.0",
"readable-stream": "^3.6.0"
}
},
"node_modules/help-me/node_modules/readable-stream": {
"version": "3.6.2",
"resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
"integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==",
"dev": true,
"dependencies": {
"inherits": "^2.0.3",
"string_decoder": "^1.1.1",
"util-deprecate": "^1.0.1"
},
"engines": {
"node": ">= 6"
}
},
"node_modules/htmlparser2": {
"version": "8.0.2",
"resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz",
@@ -3083,6 +3367,15 @@
"url": "https://github.com/sponsors/panva"
}
},
"node_modules/joycon": {
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/joycon/-/joycon-3.1.1.tgz",
"integrity": "sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==",
"dev": true,
"engines": {
"node": ">=10"
}
},
"node_modules/js2xmlparser": {
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/js2xmlparser/-/js2xmlparser-4.0.2.tgz",
@@ -3233,6 +3526,17 @@
"graceful-fs": "^4.1.9"
}
},
"node_modules/lifion-aws-event-stream": {
"version": "1.0.7",
"resolved": "https://registry.npmjs.org/lifion-aws-event-stream/-/lifion-aws-event-stream-1.0.7.tgz",
"integrity": "sha512-qI0O85OrV5A9rBE++oIaWFjNngk/BqjnJ+3/wdtIPLfFWhPtf+xNuWd/T8lr/wnEpKm/8HbdgYf8pKozk0dPAw==",
"dependencies": {
"crc": "^3.8.0"
},
"engines": {
"node": ">=10.0.0"
}
},
"node_modules/limiter": {
"version": "1.1.5",
"resolved": "https://registry.npmjs.org/limiter/-/limiter-1.1.5.tgz",
@@ -3856,15 +4160,40 @@
"process-warning": "^2.0.0"
}
},
"node_modules/pino-pretty": {
"version": "10.2.3",
"resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-10.2.3.tgz",
"integrity": "sha512-4jfIUc8TC1GPUfDyMSlW1STeORqkoxec71yhxIpLDQapUu8WOuoz2TTCoidrIssyz78LZC69whBMPIKCMbi3cw==",
"dev": true,
"dependencies": {
"colorette": "^2.0.7",
"dateformat": "^4.6.3",
"fast-copy": "^3.0.0",
"fast-safe-stringify": "^2.1.1",
"help-me": "^4.0.1",
"joycon": "^3.1.1",
"minimist": "^1.2.6",
"on-exit-leak-free": "^2.1.0",
"pino-abstract-transport": "^1.0.0",
"pump": "^3.0.0",
"readable-stream": "^4.0.0",
"secure-json-parse": "^2.4.0",
"sonic-boom": "^3.0.0",
"strip-json-comments": "^3.1.1"
},
"bin": {
"pino-pretty": "bin.js"
}
},
"node_modules/pino-std-serializers": {
"version": "6.1.0",
"resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-6.1.0.tgz",
"integrity": "sha512-KO0m2f1HkrPe9S0ldjx7za9BJjeHqBku5Ch8JyxETxT8dEFGz1PwgrHaOQupVYitpzbFSYm7nnljxD8dik2c+g=="
},
"node_modules/postcss": {
"version": "8.4.29",
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.29.tgz",
"integrity": "sha512-cbI+jaqIeu/VGqXEarWkRCCffhjgXc0qjBtXpqJhTBohMUjUQnbBr0xqX3vEKudc4iviTewcJo5ajcec5+wdJw==",
"version": "8.4.31",
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
"integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==",
"funding": [
{
"type": "opencollective",
@@ -3888,6 +4217,21 @@
"node": "^10 || ^12 || >=14"
}
},
"node_modules/prettier": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.0.3.tgz",
"integrity": "sha512-L/4pUDMxcNa8R/EthV08Zt42WBO4h1rarVtK0K+QJG0X187OLo7l699jWw0GKuwzkPQ//jMFA/8Xm6Fh3J/DAg==",
"dev": true,
"bin": {
"prettier": "bin/prettier.cjs"
},
"engines": {
"node": ">=14"
},
"funding": {
"url": "https://github.com/prettier/prettier?sponsor=1"
}
},
"node_modules/process": {
"version": "0.11.10",
"resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz",
@@ -4004,6 +4348,16 @@
"integrity": "sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==",
"dev": true
},
"node_modules/pump": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz",
"integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==",
"dev": true,
"dependencies": {
"end-of-stream": "^1.1.0",
"once": "^1.3.1"
}
},
"node_modules/qs": {
"version": "6.11.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
@@ -4254,6 +4608,12 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/secure-json-parse": {
"version": "2.7.0",
"resolved": "https://registry.npmjs.org/secure-json-parse/-/secure-json-parse-2.7.0.tgz",
"integrity": "sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw==",
"dev": true
},
"node_modules/semver": {
"version": "7.5.3",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.5.3.tgz",
@@ -4453,7 +4813,7 @@
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz",
"integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==",
"optional": true,
"devOptional": true,
"dependencies": {
"safe-buffer": "~5.2.0"
}
@@ -4486,7 +4846,7 @@
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz",
"integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==",
"optional": true,
"devOptional": true,
"engines": {
"node": ">=8"
},
@@ -4683,9 +5043,9 @@
}
},
"node_modules/tslib": {
"version": "2.5.0",
"resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz",
"integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg=="
"version": "2.6.2",
"resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz",
"integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q=="
},
"node_modules/type-is": {
"version": "1.6.18",
@@ -4705,16 +5065,16 @@
"integrity": "sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA=="
},
"node_modules/typescript": {
"version": "5.0.4",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-5.0.4.tgz",
"integrity": "sha512-cW9T5W9xY37cc+jfEnaUvX91foxtHkza3Nw3wkoF4sSlKn0MONdkdEndig/qPBWXNkmplh3NzayQzCiHM4/hqw==",
"version": "5.1.3",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-5.1.3.tgz",
"integrity": "sha512-XH627E9vkeqhlZFQuL+UsyAXEnibT0kWR2FWONlr4sTjvxyJYnyefgrkyECLzM5NenmKzRAy2rR/OlYLA1HkZw==",
"dev": true,
"bin": {
"tsc": "bin/tsc",
"tsserver": "bin/tsserver"
},
"engines": {
"node": ">=12.20"
"node": ">=14.17"
}
},
"node_modules/uc.micro": {
@@ -4964,12 +5324,20 @@
}
},
"node_modules/zod": {
"version": "3.21.4",
"resolved": "https://registry.npmjs.org/zod/-/zod-3.21.4.tgz",
"integrity": "sha512-m46AKbrzKVzOzs/DZgVnG5H55N1sv1M8qZU3A8RIKbs3mrACDNeIOeilDymVb2HdmP8uwshOCF4uJ8uM9rCqJw==",
"version": "3.22.3",
"resolved": "https://registry.npmjs.org/zod/-/zod-3.22.3.tgz",
"integrity": "sha512-EjIevzuJRiRPbVH4mGc8nApb/lVLKVpmUhAaR5R5doKGfAnGJ6Gr3CViAVjP+4FWSxCsybeWQdcgCtbX+7oZug==",
"funding": {
"url": "https://github.com/sponsors/colinhacks"
}
},
"node_modules/zod-error": {
"version": "1.5.0",
"resolved": "https://registry.npmjs.org/zod-error/-/zod-error-1.5.0.tgz",
"integrity": "sha512-zzopKZ/skI9iXpqCEPj+iLCKl9b88E43ehcU+sbRoHuwGd9F1IDVGQ70TyO6kmfiRL1g4IXkjsXK+g1gLYl4WQ==",
"dependencies": {
"zod": "^3.20.2"
}
}
}
}
package.json
+17 -8
View File
@@ -4,12 +4,12 @@
"description": "Reverse proxy for the OpenAI API",
"scripts": {
"build": "tsc && copyfiles -u 1 src/**/*.ejs build",
"start:dev": "nodemon --watch src --exec ts-node --transpile-only src/server.ts",
"start:watch": "nodemon --require source-map-support/register build/server.js",
"start:replit": "tsc && node build/server.js",
"prepare": "husky install",
"start": "node build/server.js",
"type-check": "tsc --noEmit",
"prepare": "husky install"
"start:dev": "nodemon --watch src --exec ts-node --transpile-only src/server.ts",
"start:replit": "tsc && node build/server.js",
"start:watch": "nodemon --require source-map-support/register build/server.js",
"type-check": "tsc --noEmit"
},
"engines": {
"node": ">=18.0.0"
@@ -18,6 +18,10 @@
"license": "MIT",
"dependencies": {
"@anthropic-ai/tokenizer": "^0.0.4",
"@aws-crypto/sha256-js": "^5.1.0",
"@smithy/protocol-http": "^3.0.6",
"@smithy/signature-v4": "^2.0.10",
"@smithy/types": "^2.3.4",
"axios": "^1.3.5",
"cookie-parser": "^1.4.6",
"copyfiles": "^2.4.1",
@@ -30,6 +34,7 @@
"firebase-admin": "^11.10.1",
"googleapis": "^122.0.0",
"http-proxy-middleware": "^3.0.0-beta.1",
"lifion-aws-event-stream": "^1.0.7",
"memorystore": "^1.6.7",
"multer": "^1.4.5-lts.1",
"node-schedule": "^2.1.1",
@@ -40,7 +45,8 @@
"tiktoken": "^1.0.10",
"uuid": "^9.0.0",
"zlib": "^1.0.5",
"zod": "^3.21.4"
"zod": "^3.22.3",
"zod-error": "^1.5.0"
},
"devDependencies": {
"@types/cookie-parser": "^1.4.3",
@@ -57,11 +63,14 @@
"esbuild-register": "^3.4.2",
"husky": "^8.0.3",
"nodemon": "^3.0.1",
"pino-pretty": "^10.2.3",
"prettier": "^3.0.3",
"source-map-support": "^0.5.21",
"ts-node": "^10.9.1",
"typescript": "^5.0.4"
"typescript": "^5.1.3"
},
"overrides": {
"google-gax": "^3.6.1"
"google-gax": "^3.6.1",
"postcss": "^8.4.31"
}
}
src/config.ts
+69 -17
View File
@@ -1,16 +1,13 @@
import dotenv from "dotenv";
import type firebase from "firebase-admin";
import { hostname } from "os";
import pino from "pino";
import type { ModelFamily } from "./shared/models";
dotenv.config();
// Can't import the usual logger here because it itself needs the config.
const startupLogger = pino({ level: "debug" }).child({ module: "startup" });
const isDev = process.env.NODE_ENV !== "production";
type PromptLoggingBackend = "google_sheets";
type Config = {
/** The port the proxy server will listen on. */
port: number;
@@ -20,6 +17,18 @@ type Config = {
anthropicKey?: string;
/** Comma-delimited list of Google PaLM API keys. */
googlePalmKey?: string;
/**
* Comma-delimited list of AWS credentials. Each credential item should be a
* colon-delimited list of access key, secret key, and AWS region.
*
* The credentials must have access to the actions `bedrock:InvokeModel` and
* `bedrock:InvokeModelWithResponseStream`. You must also have already
* provisioned the necessary models in your AWS account, on the specific
* regions specified for each credential. Models are region-specific.
*
* @example `AWS_CREDENTIALS=access_key_1:secret_key_1:us-east-1,access_key_2:secret_key_2:us-west-2`
*/
awsCredentials?: string;
/**
* The proxy key to require for requests. Only applicable if the user
* management mode is set to 'proxy_key', and required if so.
@@ -42,12 +51,12 @@ type Config = {
*/
gatekeeper: "none" | "proxy_key" | "user_token";
/**
* Persistence layer to use for user management.
* - `memory`: Users are stored in memory and are lost on restart (default)
* - `firebase_rtdb`: Users are stored in a Firebase Realtime Database;
* requires `firebaseKey` and `firebaseRtdbUrl` to be set.
* Persistence layer to use for user and key management.
* - `memory`: Data is stored in memory and lost on restart (default)
* - `firebase_rtdb`: Data is stored in Firebase Realtime Database; requires
* `firebaseKey` and `firebaseRtdbUrl` to be set.
*/
gatekeeperStore: "memory" | "firebase_rtdb";
persistenceProvider: "memory" | "firebase_rtdb";
/** URL of the Firebase Realtime Database if using the Firebase RTDB store. */
firebaseRtdbUrl?: string;
/**
@@ -56,6 +65,19 @@ type Config = {
* `private_key` field inside it.
*/
firebaseKey?: string;
/**
* The root key under which data will be stored in the Firebase RTDB. This
* allows multiple instances of the proxy to share the same database while
* keeping their data separate.
*
* If you want multiple proxies to share the same data, set all of their
* `firebaseRtdbRoot` to the same value. Beware that there will likely
* be conflicts because concurrent writes are not yet supported and proxies
* currently assume they have exclusive access to the database.
*
* Defaults to the system hostname so that data is kept separate.
*/
firebaseRtdbRoot: string;
/**
* Maximum number of IPs per user, after which their token is disabled.
* Users with the manually-assigned `special` role are exempt from this limit.
@@ -88,10 +110,21 @@ type Config = {
rejectMessage?: string;
/** Verbosity level of diagnostic logging. */
logLevel: "trace" | "debug" | "info" | "warn" | "error";
/**
* Whether to allow the usage of AWS credentials which could be logging users'
* model invocations. By default, such keys are treated as if they were
* disabled because users may not be aware that their usage is being logged.
*
* Some credentials do not have the policy attached that allows the proxy to
* confirm logging status, in which case the proxy assumes that logging could
* be enabled and will refuse to use the key. If you still want to use such a
* key and can't attach the policy, you can set this to true.
*/
allowAwsLogging?: boolean;
/** Whether prompts and responses should be logged to persistent storage. */
promptLogging?: boolean;
/** Which prompt logging backend to use. */
promptLoggingBackend?: PromptLoggingBackend;
promptLoggingBackend?: "google_sheets";
/** Base64-encoded Google Sheets API key. */
googleSheetsKey?: string;
/** Google Sheets spreadsheet ID. */
@@ -110,7 +143,7 @@ type Config = {
blockedOrigins?: string;
/** Message to return when rejecting requests from blocked origins. */
blockMessage?: string;
/** Desination URL to redirect blocked requests to, for non-JSON requests. */
/** Destination URL to redirect blocked requests to, for non-JSON requests. */
blockRedirect?: string;
/** Which model families to allow requests for. Applies only to OpenAI. */
allowedModelFamilies: ModelFamily[];
@@ -142,13 +175,15 @@ export const config: Config = {
openaiKey: getEnvWithDefault("OPENAI_KEY", ""),
anthropicKey: getEnvWithDefault("ANTHROPIC_KEY", ""),
googlePalmKey: getEnvWithDefault("GOOGLE_PALM_KEY", ""),
awsCredentials: getEnvWithDefault("AWS_CREDENTIALS", ""),
proxyKey: getEnvWithDefault("PROXY_KEY", ""),
adminKey: getEnvWithDefault("ADMIN_KEY", ""),
gatekeeper: getEnvWithDefault("GATEKEEPER", "none"),
gatekeeperStore: getEnvWithDefault("GATEKEEPER_STORE", "memory"),
persistenceProvider: getEnvWithDefault("PERSISTENCE_PROVIDER", "memory"),
maxIpsPerUser: getEnvWithDefault("MAX_IPS_PER_USER", 0),
firebaseRtdbUrl: getEnvWithDefault("FIREBASE_RTDB_URL", undefined),
firebaseKey: getEnvWithDefault("FIREBASE_KEY", undefined),
firebaseRtdbRoot: getEnvWithDefault("FIREBASE_RTDB_ROOT", hostname()),
modelRateLimit: getEnvWithDefault("MODEL_RATE_LIMIT", 4),
maxContextTokensOpenAI: getEnvWithDefault("MAX_CONTEXT_TOKENS_OPENAI", 0),
maxContextTokensAnthropic: getEnvWithDefault(
@@ -168,6 +203,8 @@ export const config: Config = {
"gpt4",
"gpt4-32k",
"claude",
"bison",
"aws-claude",
]),
rejectDisallowed: getEnvWithDefault("REJECT_DISALLOWED", false),
rejectMessage: getEnvWithDefault(
@@ -177,6 +214,7 @@ export const config: Config = {
logLevel: getEnvWithDefault("LOG_LEVEL", "info"),
checkKeys: getEnvWithDefault("CHECK_KEYS", !isDev),
showTokenCosts: getEnvWithDefault("SHOW_TOKEN_COSTS", false),
allowAwsLogging: getEnvWithDefault("ALLOW_AWS_LOGGING", false),
promptLogging: getEnvWithDefault("PROMPT_LOGGING", false),
promptLoggingBackend: getEnvWithDefault("PROMPT_LOGGING_BACKEND", undefined),
googleSheetsKey: getEnvWithDefault("GOOGLE_SHEETS_KEY", undefined),
@@ -196,6 +234,7 @@ export const config: Config = {
"gpt4-32k": getEnvWithDefault("TOKEN_QUOTA_GPT4_32K", 0),
claude: getEnvWithDefault("TOKEN_QUOTA_CLAUDE", 0),
bison: getEnvWithDefault("TOKEN_QUOTA_BISON", 0),
"aws-claude": getEnvWithDefault("TOKEN_QUOTA_AWS_CLAUDE", 0),
},
quotaRefreshPeriod: getEnvWithDefault("QUOTA_REFRESH_PERIOD", undefined),
allowNicknameChanges: getEnvWithDefault("ALLOW_NICKNAME_CHANGES", true),
@@ -223,6 +262,13 @@ export async function assertConfigIsValid() {
);
}
if (!!process.env.GATEKEEPER_STORE) {
startupLogger.warn(
"GATEKEEPER_STORE is deprecated. Use PERSISTENCE_PROVIDER instead. Configuration will be migrated."
);
config.persistenceProvider = process.env.GATEKEEPER_STORE as any;
}
if (!["none", "proxy_key", "user_token"].includes(config.gatekeeper)) {
throw new Error(
`Invalid gatekeeper mode: ${config.gatekeeper}. Must be one of: none, proxy_key, user_token.`
@@ -248,11 +294,11 @@ export async function assertConfigIsValid() {
}
if (
config.gatekeeperStore === "firebase_rtdb" &&
config.persistenceProvider === "firebase_rtdb" &&
(!config.firebaseKey || !config.firebaseRtdbUrl)
) {
throw new Error(
"Firebase RTDB store requires `FIREBASE_KEY` and `FIREBASE_RTDB_URL` to be set."
"Firebase RTDB persistence requires `FIREBASE_KEY` and `FIREBASE_RTDB_URL` to be set."
);
}
@@ -288,14 +334,15 @@ export const OMITTED_KEYS: (keyof Config)[] = [
"openaiKey",
"anthropicKey",
"googlePalmKey",
"awsCredentials",
"proxyKey",
"adminKey",
"checkKeys",
"showTokenCosts",
"googleSheetsKey",
"persistenceProvider",
"firebaseKey",
"firebaseRtdbUrl",
"gatekeeperStore",
"maxIpsPerUser",
"blockedOrigins",
"blockMessage",
@@ -344,7 +391,12 @@ function getEnvWithDefault<T>(env: string | string[], defaultValue: T): T {
}
try {
if (
["OPENAI_KEY", "ANTHROPIC_KEY", "GOOGLE_PALM_KEY"].includes(String(env))
[
"OPENAI_KEY",
"ANTHROPIC_KEY",
"GOOGLE_PALM_KEY",
"AWS_CREDENTIALS",
].includes(String(env))
) {
return value as unknown as T;
}
@@ -363,7 +415,7 @@ function getEnvWithDefault<T>(env: string | string[], defaultValue: T): T {
let firebaseApp: firebase.app.App | undefined;
async function maybeInitializeFirebase() {
if (!config.gatekeeperStore.startsWith("firebase")) {
if (!config.persistenceProvider.startsWith("firebase")) {
return;
}
src/info-page.ts
+57 -2
View File
@@ -4,6 +4,7 @@ import showdown from "showdown";
import { config, listConfig } from "./config";
import {
AnthropicKey,
AwsBedrockKey,
GooglePalmKey,
OpenAIKey,
keyPool,
@@ -25,6 +26,7 @@ const keyIsAnthropicKey = (k: KeyPoolKey): k is AnthropicKey =>
k.service === "anthropic";
const keyIsGooglePalmKey = (k: KeyPoolKey): k is GooglePalmKey =>
k.service === "google-palm";
const keyIsAwsKey = (k: KeyPoolKey): k is AwsBedrockKey => k.service === "aws";
type ModelAggregates = {
active: number;
@@ -32,6 +34,7 @@ type ModelAggregates = {
revoked?: number;
overQuota?: number;
pozzed?: number;
awsLogged?: number;
queued: number;
queueTime: string;
tokens: number;
@@ -43,6 +46,7 @@ type ServiceAggregates = {
openaiOrgs?: number;
anthropicKeys?: number;
palmKeys?: number;
awsKeys?: number;
proompts: number;
tokens: number;
tokenCost: number;
@@ -85,6 +89,7 @@ function cacheInfoPageHtml(baseUrl: string) {
const openaiKeys = serviceStats.get("openaiKeys") || 0;
const anthropicKeys = serviceStats.get("anthropicKeys") || 0;
const palmKeys = serviceStats.get("palmKeys") || 0;
const awsKeys = serviceStats.get("awsKeys") || 0;
const proompts = serviceStats.get("proompts") || 0;
const tokens = serviceStats.get("tokens") || 0;
const tokenCost = serviceStats.get("tokenCost") || 0;
@@ -98,6 +103,7 @@ function cacheInfoPageHtml(baseUrl: string) {
: {}),
...(anthropicKeys ? { anthropic: baseUrl + "/proxy/anthropic" } : {}),
...(palmKeys ? { "google-palm": baseUrl + "/proxy/google-palm" } : {}),
...(awsKeys ? { aws: baseUrl + "/proxy/aws/claude" } : {}),
},
proompts,
tookens: `${prettyTokens(tokens)}${getCostString(tokenCost)}`,
@@ -105,9 +111,11 @@ function cacheInfoPageHtml(baseUrl: string) {
openaiKeys,
anthropicKeys,
palmKeys,
awsKeys,
...(openaiKeys ? getOpenAIInfo() : {}),
...(anthropicKeys ? getAnthropicInfo() : {}),
...(palmKeys ? { "palm-bison": getPalmInfo() } : {}),
...(awsKeys ? { "aws-claude": getAwsInfo() } : {}),
config: listConfig(),
build: process.env.BUILD_INFO || "dev",
};
@@ -157,6 +165,7 @@ function addKeyToAggregates(k: KeyPoolKey) {
increment(serviceStats, "openaiKeys", k.service === "openai" ? 1 : 0);
increment(serviceStats, "anthropicKeys", k.service === "anthropic" ? 1 : 0);
increment(serviceStats, "palmKeys", k.service === "google-palm" ? 1 : 0);
increment(serviceStats, "awsKeys", k.service === "aws" ? 1 : 0);
let sumTokens = 0;
let sumCost = 0;
@@ -167,7 +176,6 @@ function addKeyToAggregates(k: KeyPoolKey) {
switch (k.service) {
case "openai":
case "openai-text":
if (!keyIsOpenAIKey(k)) throw new Error("Invalid key type");
increment(
serviceStats,
@@ -191,6 +199,8 @@ function addKeyToAggregates(k: KeyPoolKey) {
} else {
family = "turbo";
}
increment(modelStats, `${family}__trial`, k.isTrial ? 1 : 0);
break;
case "anthropic":
if (!keyIsAnthropicKey(k)) throw new Error("Invalid key type");
@@ -211,6 +221,20 @@ function addKeyToAggregates(k: KeyPoolKey) {
sumTokens += k.bisonTokens;
sumCost += getTokenCostUsd(family, k.bisonTokens);
increment(modelStats, `${family}__tokens`, k.bisonTokens);
break;
case "aws":
if (!keyIsAwsKey(k)) throw new Error("Invalid key type");
family = "aws-claude";
sumTokens += k["aws-claudeTokens"];
sumCost += getTokenCostUsd(family, k["aws-claudeTokens"]);
increment(modelStats, `${family}__tokens`, k["aws-claudeTokens"]);
// Ignore revoked keys for aws logging stats, but include keys where the
// logging status is unknown.
const countAsLogged =
k.lastChecked && !k.isDisabled && k.awsLoggingStatus !== "disabled";
increment(modelStats, `${family}__awsLogged`, countAsLogged ? 1 : 0);
break;
default:
assertNever(k.service);
@@ -219,7 +243,6 @@ function addKeyToAggregates(k: KeyPoolKey) {
increment(serviceStats, "tokens", sumTokens);
increment(serviceStats, "tokenCost", sumCost);
increment(modelStats, `${family}__active`, k.isDisabled ? 0 : 1);
increment(modelStats, `${family}__trial`, k.isTrial ? 1 : 0);
if ("isRevoked" in k) {
increment(modelStats, `${family}__revoked`, k.isRevoked ? 1 : 0);
}
@@ -339,6 +362,32 @@ function getPalmInfo() {
};
}
function getAwsInfo() {
const awsInfo: Partial<ModelAggregates> = {
active: modelStats.get("aws-claude__active") || 0,
};
const queue = getQueueInformation("aws-claude");
awsInfo.queued = queue.proomptersInQueue;
awsInfo.queueTime = queue.estimatedQueueTime;
const tokens = modelStats.get("aws-claude__tokens") || 0;
const cost = getTokenCostUsd("aws-claude", tokens);
const logged = modelStats.get("aws-claude__awsLogged") || 0;
const logMsg = config.allowAwsLogging
? `${logged} active keys are potentially logged.`
: `${logged} active keys are potentially logged and can't be used.`;
return {
usage: `${prettyTokens(tokens)} tokens${getCostString(cost)}`,
activeKeys: awsInfo.active,
proomptersInQueue: awsInfo.queued,
estimatedQueueTime: awsInfo.queueTime,
...(logged > 0 ? { privacy: logMsg } : {}),
};
}
const customGreeting = fs.existsSync("greeting.md")
? fs.readFileSync("greeting.md", "utf8")
: null;
@@ -389,6 +438,12 @@ Logs are anonymous and do not contain IP addresses or timestamps. [You can see t
const claudeWait = getQueueInformation("claude").estimatedQueueTime;
waits.push(`**Claude:** ${claudeWait}`);
}
if (config.awsCredentials) {
const awsClaudeWait = getQueueInformation("aws-claude").estimatedQueueTime;
waits.push(`**Claude (AWS):** ${awsClaudeWait}`);
}
infoBody += "\n\n" + waits.join(" / ");
if (customGreeting) {
src/logger.ts
+14
View File
@@ -1,6 +1,20 @@
import pino from "pino";
import { config } from "./config";
const transport =
process.env.NODE_ENV === "production"
? undefined
: {
target: "pino-pretty",
options: {
singleLine: true,
messageFormat: "{if module}\x1b[90m[{module}] \x1b[39m{end}{msg}",
ignore: "module",
},
};
export const logger = pino({
level: config.logLevel,
base: { pid: process.pid, module: "server" },
transport,
});
src/proxy/anthropic.ts
+38 -47
View File
@@ -1,5 +1,4 @@
import { Request, RequestHandler, Router } from "express";
import * as http from "http";
import { createProxyMiddleware } from "http-proxy-middleware";
import { config } from "../config";
import { logger } from "../logger";
@@ -14,7 +13,7 @@ import {
createPreprocessorMiddleware,
finalizeBody,
languageFilter,
removeOriginHeaders,
stripHeaders, createOnProxyReqHandler
} from "./middleware/request";
import {
ProxyResHandlerWithBody,
@@ -67,31 +66,6 @@ const handleModelRequest: RequestHandler = (_req, res) => {
res.status(200).json(getModelsResponse());
};
const rewriteAnthropicRequest = (
proxyReq: http.ClientRequest,
req: Request,
res: http.ServerResponse
) => {
const rewriterPipeline = [
applyQuotaLimits,
addKey,
addAnthropicPreamble,
languageFilter,
blockZoomerOrigins,
removeOriginHeaders,
finalizeBody,
];
try {
for (const rewriter of rewriterPipeline) {
rewriter(proxyReq, req, res, {});
}
} catch (error) {
req.log.error(error, "Error while executing proxy rewriter");
proxyReq.destroy(error as Error);
}
};
/** Only used for non-streaming requests. */
const anthropicResponseHandler: ProxyResHandlerWithBody = async (
_proxyRes,
@@ -159,13 +133,23 @@ const anthropicProxy = createQueueMiddleware(
createProxyMiddleware({
target: "https://api.anthropic.com",
changeOrigin: true,
selfHandleResponse: true,
logger,
on: {
proxyReq: rewriteAnthropicRequest,
proxyReq: createOnProxyReqHandler({
pipeline: [
applyQuotaLimits,
addKey,
addAnthropicPreamble,
languageFilter,
blockZoomerOrigins,
stripHeaders,
finalizeBody,
],
}),
proxyRes: createOnProxyResHandler([anthropicResponseHandler]),
error: handleProxyError,
},
selfHandleResponse: true,
logger,
pathRewrite: {
// Send OpenAI-compat requests to the real Anthropic endpoint.
"^/v1/chat/completions": "/v1/complete",
@@ -174,35 +158,42 @@ const anthropicProxy = createQueueMiddleware(
);
const anthropicRouter = Router();
// Fix paths because clients don't consistently use the /v1 prefix.
anthropicRouter.use((req, _res, next) => {
if (!req.path.startsWith("/v1/")) {
req.url = `/v1${req.url}`;
}
next();
});
anthropicRouter.get("/v1/models", handleModelRequest);
// Native Anthropic chat completion endpoint.
anthropicRouter.post(
"/v1/complete",
ipLimiter,
createPreprocessorMiddleware({ inApi: "anthropic", outApi: "anthropic" }),
createPreprocessorMiddleware({
inApi: "anthropic",
outApi: "anthropic",
service: "anthropic",
}),
anthropicProxy
);
// OpenAI-to-Anthropic compatibility endpoint.
anthropicRouter.post(
"/v1/chat/completions",
ipLimiter,
createPreprocessorMiddleware({ inApi: "openai", outApi: "anthropic" }),
createPreprocessorMiddleware(
{ inApi: "openai", outApi: "anthropic", service: "anthropic" },
{ afterTransform: [maybeReassignModel] }
),
anthropicProxy
);
// Redirect browser requests to the homepage.
anthropicRouter.get("*", (req, res, next) => {
const isBrowser = req.headers["user-agent"]?.includes("Mozilla");
if (isBrowser) {
res.redirect("/");
} else {
next();
function maybeReassignModel(req: Request) {
const model = req.body.model;
if (!model.startsWith("gpt-")) return;
const bigModel = process.env.CLAUDE_BIG_MODEL || "claude-v1-100k";
const contextSize = req.promptTokens! + req.outputTokens!;
if (contextSize > 8500) {
req.log.debug(
{ model: bigModel, contextSize },
"Using Claude 100k model for OpenAI-to-Anthropic request"
);
req.body.model = bigModel;
}
});
}
export const anthropic = anthropicRouter;
src/proxy/aws.ts
+196
View File
@@ -0,0 +1,196 @@
import { Request, RequestHandler, Router } from "express";
import { createProxyMiddleware } from "http-proxy-middleware";
import { v4 } from "uuid";
import { config } from "../config";
import { logger } from "../logger";
import { createQueueMiddleware } from "./queue";
import { ipLimiter } from "./rate-limit";
import { handleProxyError } from "./middleware/common";
import {
applyQuotaLimits,
createPreprocessorMiddleware,
stripHeaders,
signAwsRequest,
finalizeAwsRequest,
createOnProxyReqHandler,
languageFilter,
blockZoomerOrigins,
} from "./middleware/request";
import {
ProxyResHandlerWithBody,
createOnProxyResHandler,
} from "./middleware/response";
let modelsCache: any = null;
let modelsCacheTime = 0;
const getModelsResponse = () => {
if (new Date().getTime() - modelsCacheTime < 1000 * 60) {
return modelsCache;
}
if (!config.awsCredentials) return { object: "list", data: [] };
const variants = ["anthropic.claude-v1", "anthropic.claude-v2"];
const models = variants.map((id) => ({
id,
object: "model",
created: new Date().getTime(),
owned_by: "anthropic",
permission: [],
root: "claude",
parent: null,
}));
modelsCache = { object: "list", data: models };
modelsCacheTime = new Date().getTime();
return modelsCache;
};
const handleModelRequest: RequestHandler = (_req, res) => {
res.status(200).json(getModelsResponse());
};
/** Only used for non-streaming requests. */
const awsResponseHandler: ProxyResHandlerWithBody = async (
_proxyRes,
req,
res,
body
) => {
if (typeof body !== "object") {
throw new Error("Expected body to be an object");
}
if (config.promptLogging) {
const host = req.get("host");
body.proxy_note = `Prompts are logged on this proxy instance. See ${host} for more information.`;
}
if (req.inboundApi === "openai") {
req.log.info("Transforming AWS Claude response to OpenAI format");
body = transformAwsResponse(body, req);
}
// TODO: Remove once tokenization is stable
if (req.debug) {
body.proxy_tokenizer_debug_info = req.debug;
}
// AWS does not confirm the model in the response, so we have to add it
body.model = req.body.model;
res.status(200).json(body);
};
/**
* Transforms a model response from the Anthropic API to match those from the
* OpenAI API, for users using Claude via the OpenAI-compatible endpoint. This
* is only used for non-streaming requests as streaming requests are handled
* on-the-fly.
*/
function transformAwsResponse(
awsBody: Record<string, any>,
req: Request
): Record<string, any> {
const totalTokens = (req.promptTokens ?? 0) + (req.outputTokens ?? 0);
return {
id: "aws-" + v4(),
object: "chat.completion",
created: Date.now(),
model: req.body.model,
usage: {
prompt_tokens: req.promptTokens,
completion_tokens: req.outputTokens,
total_tokens: totalTokens,
},
choices: [
{
message: {
role: "assistant",
content: awsBody.completion?.trim(),
},
finish_reason: awsBody.stop_reason,
index: 0,
},
],
};
}
const awsProxy = createQueueMiddleware(
createProxyMiddleware({
target: "bad-target-will-be-rewritten",
router: ({ signedRequest }) => {
if (!signedRequest) {
throw new Error("AWS requests must go through signAwsRequest first");
}
return `${signedRequest.protocol}//${signedRequest.hostname}`;
},
changeOrigin: true,
selfHandleResponse: true,
logger,
on: {
proxyReq: createOnProxyReqHandler({
pipeline: [
applyQuotaLimits,
// Credentials are added by signAwsRequest preprocessor
languageFilter,
blockZoomerOrigins,
stripHeaders,
finalizeAwsRequest,
],
}),
proxyRes: createOnProxyResHandler([awsResponseHandler]),
error: handleProxyError,
},
})
);
const awsRouter = Router();
awsRouter.get("/v1/models", handleModelRequest);
// Native(ish) Anthropic chat completion endpoint.
awsRouter.post(
"/v1/complete",
ipLimiter,
createPreprocessorMiddleware(
{ inApi: "anthropic", outApi: "anthropic", service: "aws" },
{ afterTransform: [maybeReassignModel, signAwsRequest] }
),
awsProxy
);
// OpenAI-to-AWS Anthropic compatibility endpoint.
awsRouter.post(
"/v1/chat/completions",
ipLimiter,
createPreprocessorMiddleware(
{ inApi: "openai", outApi: "anthropic", service: "aws" },
{ afterTransform: [maybeReassignModel, signAwsRequest] }
),
awsProxy
);
/**
* Tries to deal with:
* - frontends sending AWS model names even when they want to use the OpenAI-
* compatible endpoint
* - frontends sending Anthropic model names that AWS doesn't recognize
* - frontends sending OpenAI model names because they expect the proxy to
* translate them
*/
function maybeReassignModel(req: Request) {
const model = req.body.model;
// User's client sent an AWS model already
if (model.includes("anthropic.claude")) return;
// User's client is sending Anthropic-style model names, check for v1
if (model.match(/^claude-v?1/)) {
req.body.model = "anthropic.claude-v1";
} else {
// User's client requested v2 or possibly some OpenAI model, default to v2
req.body.model = "anthropic.claude-v2";
}
// TODO: Handle claude-instant
}
export const aws = awsRouter;
src/proxy/check-risu-token.ts
+9 -4
View File
@@ -21,7 +21,7 @@ kYuIJbnAGw5Oq0L6dXFW2DFwlcLz51kPVOmDc159FsQjyuPnta7NiZAANS8KM1CJ
pwIDAQAB`;
let IMPORTED_RISU_KEY: CryptoKey | null = null;
type RisuToken = { id: Uint8Array; expiresIn: number };
type RisuToken = { id: string; expiresIn: number };
type SignedToken = { data: RisuToken; sig: string };
(async () => {
@@ -54,14 +54,14 @@ export async function checkRisuToken(
try {
const { valid, data } = await validCheck(header);
if (!valid) {
if (!valid || !data) {
req.log.warn(
{ token: header, data },
"Invalid RisuAI token; using IP instead"
);
} else {
req.log.info("RisuAI token validated");
req.risuToken = header;
req.risuToken = String(data.id);
}
} catch (err) {
req.log.warn(
@@ -81,12 +81,13 @@ async function validCheck(header: string) {
);
} catch (err) {
log.warn({ error: err.message }, "Provided unparseable RisuAI token");
return { valid: false, data: "[unparseable]" };
return { valid: false };
}
const data: RisuToken = tk.data;
const sig = Buffer.from(tk.sig, "base64");
if (data.expiresIn < Math.floor(Date.now() / 1000)) {
log.warn({ token: header }, "Provided expired RisuAI token");
return { valid: false };
}
@@ -97,5 +98,9 @@ async function validCheck(header: string) {
Buffer.from(JSON.stringify(data))
);
if (!valid) {
log.warn({ token: header }, "RisuAI token failed signature check");
}
return { valid, data };
}
src/proxy/kobold.ts
-98
View File
@@ -1,98 +0,0 @@
/* Pretends to be a KoboldAI API endpoint and translates incoming Kobold
requests to OpenAI API equivalents. */
import { Request, Response, Router } from "express";
import http from "http";
import { createProxyMiddleware } from "http-proxy-middleware";
import { config } from "../config";
import { logger } from "../logger";
import { ipLimiter } from "./rate-limit";
import { handleProxyError } from "./middleware/common";
import {
addKey,
createPreprocessorMiddleware,
finalizeBody,
languageFilter,
transformKoboldPayload,
} from "./middleware/request";
import {
createOnProxyResHandler,
ProxyResHandlerWithBody,
} from "./middleware/response";
export const handleModelRequest = (_req: Request, res: Response) => {
res.status(200).json({ result: "Connected to OpenAI reverse proxy" });
};
export const handleSoftPromptsRequest = (_req: Request, res: Response) => {
res.status(200).json({ soft_prompts_list: [] });
};
const rewriteRequest = (
proxyReq: http.ClientRequest,
req: Request,
res: Response
) => {
req.body.stream = false;
const rewriterPipeline = [
addKey,
transformKoboldPayload,
languageFilter,
finalizeBody,
];
try {
for (const rewriter of rewriterPipeline) {
rewriter(proxyReq, req, res, {});
}
} catch (error) {
logger.error(error, "Error while executing proxy rewriter");
proxyReq.destroy(error as Error);
}
};
const koboldResponseHandler: ProxyResHandlerWithBody = async (
_proxyRes,
req,
res,
body
) => {
if (typeof body !== "object") {
throw new Error("Expected body to be an object");
}
const koboldResponse = {
results: [{ text: body.choices[0].message.content }],
model: body.model,
...(config.promptLogging && {
proxy_note: `Prompt logging is enabled on this proxy instance. See ${req.get(
"host"
)} for more information.`,
}),
};
res.send(JSON.stringify(koboldResponse));
};
const koboldOaiProxy = createProxyMiddleware({
target: "https://api.openai.com",
changeOrigin: true,
pathRewrite: {
"^/api/v1/generate": "/v1/chat/completions",
},
on: {
proxyReq: rewriteRequest,
proxyRes: createOnProxyResHandler([koboldResponseHandler]),
error: handleProxyError,
},
selfHandleResponse: true,
logger,
});
const koboldRouter = Router();
koboldRouter.use((req, res) => {
logger.warn(`Unhandled kobold request: ${req.method} ${req.path}`);
res.status(404).json({ error: "Not found" });
});
export const kobold = koboldRouter;
src/proxy/middleware/common.ts
+131 -134
View File
@@ -1,12 +1,14 @@
import { Request, Response } from "express";
import httpProxy from "http-proxy";
import { ZodError } from "zod";
import { APIFormat } from "../../shared/key-management";
import { generateErrorMessage } from "zod-error";
import { buildFakeSse } from "../../shared/streaming";
import { assertNever } from "../../shared/utils";
import { QuotaExceededError } from "./request/apply-quota-limits";
const OPENAI_CHAT_COMPLETION_ENDPOINT = "/v1/chat/completions";
const OPENAI_TEXT_COMPLETION_ENDPOINT = "/v1/completions";
const OPENAI_EMBEDDINGS_ENDPOINT = "/v1/embeddings";
const ANTHROPIC_COMPLETION_ENDPOINT = "/v1/complete";
/** Returns true if we're making a request to a completion endpoint. */
@@ -22,6 +24,12 @@ export function isCompletionRequest(req: Request) {
);
}
export function isEmbeddingsRequest(req: Request) {
return (
req.method === "POST" && req.path.startsWith(OPENAI_EMBEDDINGS_ENDPOINT)
);
}
export function writeErrorResponse(
req: Request,
res: Response,
@@ -36,23 +44,16 @@ export function writeErrorResponse(
// the stream. Otherwise just send a normal error response.
if (
res.headersSent ||
res.getHeader("content-type") === "text/event-stream"
String(res.getHeader("content-type")).startsWith("text/event-stream")
) {
const errorContent =
statusCode === 403
? JSON.stringify(errorPayload)
: JSON.stringify(errorPayload, null, 2);
const msg = buildFakeSseMessage(
`${errorSource} error (${statusCode})`,
errorContent,
req
);
const errorTitle = `${errorSource} error (${statusCode})`;
const errorContent = JSON.stringify(errorPayload, null, 2);
const msg = buildFakeSse(errorTitle, errorContent, req);
res.write(msg);
res.write(`data: [DONE]\n\n`);
res.end();
} else {
if (req.debug) {
if (req.debug && errorPayload.error) {
errorPayload.error.proxy_tokenizer_debug_info = req.debug;
}
res.status(statusCode).json(errorPayload);
@@ -60,140 +61,136 @@ export function writeErrorResponse(
}
export const handleProxyError: httpProxy.ErrorCallback = (err, req, res) => {
req.log.error({ err }, `Error during proxy request middleware`);
handleInternalError(err, req as Request, res as Response);
req.log.error(err, `Error during http-proxy-middleware request`);
classifyErrorAndSend(err, req as Request, res as Response);
};
export const handleInternalError = (
export const classifyErrorAndSend = (
err: Error,
req: Request,
res: Response
) => {
try {
if (err instanceof ZodError) {
writeErrorResponse(req, res, 400, {
error: {
type: "proxy_validation_error",
proxy_note: `Reverse proxy couldn't validate your request when trying to transform it. Your client may be sending invalid data.`,
issues: err.issues,
stack: err.stack,
message: err.message,
},
});
} else if (err.name === "ForbiddenError") {
// Spoofs a vaguely threatening OpenAI error message. Only invoked by the
// block-zoomers rewriter to scare off tiktokers.
writeErrorResponse(req, res, 403, {
error: {
type: "organization_account_disabled",
code: "policy_violation",
param: null,
message: err.message,
},
});
} else if (err instanceof QuotaExceededError) {
writeErrorResponse(req, res, 429, {
error: {
type: "proxy_quota_exceeded",
code: "quota_exceeded",
message: `You've exceeded your token quota for this model type.`,
info: err.quotaInfo,
stack: err.stack,
},
});
} else {
writeErrorResponse(req, res, 500, {
error: {
type: "proxy_internal_error",
proxy_note: `Reverse proxy encountered an error before it could reach the upstream API.`,
message: err.message,
stack: err.stack,
},
});
}
} catch (e) {
req.log.error(
{ error: e },
`Error writing error response headers, giving up.`
);
const { status, userMessage, ...errorDetails } = classifyError(err);
writeErrorResponse(req, res, status, {
error: { message: userMessage, ...errorDetails },
});
} catch (error) {
req.log.error(error, `Error writing error response headers, giving up.`);
}
};
export function buildFakeSseMessage(
type: string,
string: string,
req: Request
) {
let fakeEvent;
const useBackticks = !type.includes("403");
const msgContent = useBackticks
? `\`\`\`\n[${type}: ${string}]\n\`\`\`\n`
: `[${type}: ${string}]`;
function classifyError(err: Error): {
/** HTTP status code returned to the client. */
status: number;
/** Message displayed to the user. */
userMessage: string;
/** Short error type, e.g. "proxy_validation_error". */
type: string;
} & Record<string, any> {
const defaultError = {
status: 500,
userMessage: `Reverse proxy encountered an unexpected error. (${err.message})`,
type: "proxy_internal_error",
stack: err.stack,
};
switch (req.inboundApi) {
case "openai":
fakeEvent = {
id: "chatcmpl-" + req.id,
object: "chat.completion.chunk",
created: Date.now(),
model: req.body?.model,
choices: [
{
delta: { content: msgContent },
index: 0,
finish_reason: type,
},
],
switch (err.constructor.name) {
case "ZodError":
const userMessage = generateErrorMessage((err as ZodError).issues, {
prefix: "Request validation failed. ",
path: { enabled: true, label: null, type: "breadcrumbs" },
code: { enabled: false },
maxErrors: 3,
transform: ({ issue, ...rest }) => {
return `At '${rest.pathComponent}', ${issue.message}`;
},
});
return { status: 400, userMessage, type: "proxy_validation_error" };
case "ForbiddenError":
// Mimics a ban notice from OpenAI, thrown when blockZoomerOrigins blocks
// a request.
return {
status: 403,
userMessage: `Your account has been disabled for violating our terms of service.`,
type: "organization_account_disabled",
code: "policy_violation",
};
break;
case "openai-text":
fakeEvent = {
id: "cmpl-" + req.id,
object: "text_completion",
created: Date.now(),
choices: [
{ text: msgContent, index: 0, logprobs: null, finish_reason: type },
],
model: req.body?.model,
case "QuotaExceededError":
return {
status: 429,
userMessage: `You've exceeded your token quota for this model type.`,
type: "proxy_quota_exceeded",
info: (err as QuotaExceededError).quotaInfo,
};
break;
case "anthropic":
fakeEvent = {
completion: msgContent,
stop_reason: type,
truncated: false, // I've never seen this be true
stop: null,
model: req.body?.model,
log_id: "proxy-req-" + req.id,
};
break;
case "google-palm":
throw new Error("PaLM not supported as an inbound API format");
case "Error":
if ("code" in err) {
switch (err.code) {
case "ENOTFOUND":
return {
status: 502,
userMessage: `Reverse proxy encountered a DNS error while trying to connect to the upstream service.`,
type: "proxy_network_error",
code: err.code,
};
case "ECONNREFUSED":
return {
status: 502,
userMessage: `Reverse proxy couldn't connect to the upstream service.`,
type: "proxy_network_error",
code: err.code,
};
case "ECONNRESET":
return {
status: 504,
userMessage: `Reverse proxy timed out while waiting for the upstream service to respond.`,
type: "proxy_network_error",
code: err.code,
};
}
}
return defaultError;
default:
assertNever(req.inboundApi);
}
return `data: ${JSON.stringify(fakeEvent)}\n\n`;
}
export function getCompletionForService({
service,
body,
req,
}: {
service: APIFormat;
body: Record<string, any>;
req?: Request;
}): { completion: string; model: string } {
switch (service) {
case "openai":
return { completion: body.choices[0].message.content, model: body.model };
case "openai-text":
return { completion: body.choices[0].text, model: body.model };
case "anthropic":
return { completion: body.completion.trim(), model: body.model };
case "google-palm":
return { completion: body.candidates[0].output, model: req?.body.model };
default:
assertNever(service);
return defaultError;
}
}
export function getCompletionFromBody(req: Request, body: Record<string, any>) {
const format = req.outboundApi;
switch (format) {
case "openai":
return body.choices[0].message.content;
case "openai-text":
return body.choices[0].text;
case "anthropic":
if (!body.completion) {
req.log.error(
{ body: JSON.stringify(body) },
"Received empty Anthropic completion"
);
return "";
}
return body.completion.trim();
case "google-palm":
return body.candidates[0].output;
default:
assertNever(format);
}
}
export function getModelFromBody(req: Request, body: Record<string, any>) {
const format = req.outboundApi;
switch (format) {
case "openai":
case "openai-text":
return body.model;
case "anthropic":
// Anthropic confirms the model in the response, but AWS Claude doesn't.
return body.model || req.body.model;
case "google-palm":
// Google doesn't confirm the model in the response.
return req.body.model;
default:
assertNever(format);
}
}
src/proxy/middleware/request/add-key.ts
+44 -4
View File
@@ -1,5 +1,5 @@
import { Key, OpenAIKey, keyPool } from "../../../shared/key-management";
import { isCompletionRequest } from "../common";
import { isCompletionRequest, isEmbeddingsRequest } from "../common";
import { ProxyRequestMiddleware } from ".";
import { assertNever } from "../../../shared/utils";
@@ -11,8 +11,11 @@ export const addKey: ProxyRequestMiddleware = (proxyReq, req) => {
// Horrible, horrible hack to stop the proxy from complaining about clients
// not sending a model when they are requesting the list of models (which
// requires a key, but obviously not a model).
// TODO: shouldn't even proxy /models to the upstream API, just fake it
// using the models our key pool has available.
// I don't think this is needed anymore since models requests are no longer
// proxied to the upstream API. Everything going through this is either a
// completion request or a special case like OpenAI embeddings.
req.log.warn({ path: req.path }, "addKey called on non-completion request");
req.body.model = "gpt-3.5-turbo";
}
@@ -77,7 +80,6 @@ export const addKey: ProxyRequestMiddleware = (proxyReq, req) => {
proxyReq.setHeader("X-API-Key", assignedKey.key);
break;
case "openai":
case "openai-text":
const key: OpenAIKey = assignedKey as OpenAIKey;
if (key.organizationId) {
proxyReq.setHeader("OpenAI-Organization", key.organizationId);
@@ -91,7 +93,45 @@ export const addKey: ProxyRequestMiddleware = (proxyReq, req) => {
`?key=${assignedKey.key}`
);
break;
case "aws":
throw new Error(
"add-key should not be used for AWS security credentials. Use sign-aws-request instead."
);
default:
assertNever(assignedKey.service);
}
};
/**
* Special case for embeddings requests which don't go through the normal
* request pipeline.
*/
export const addKeyForEmbeddingsRequest: ProxyRequestMiddleware = (
proxyReq,
req
) => {
if (!isEmbeddingsRequest(req)) {
throw new Error(
"addKeyForEmbeddingsRequest called on non-embeddings request"
);
}
if (req.inboundApi !== "openai") {
throw new Error("Embeddings requests must be from OpenAI");
}
req.body = { input: req.body.input, model: "text-embedding-ada-002" }
const key = keyPool.get("text-embedding-ada-002") as OpenAIKey;
req.key = key;
req.log.info(
{ key: key.hash, toApi: req.outboundApi },
"Assigned Turbo key to embeddings request"
);
proxyReq.setHeader("Authorization", `Bearer ${key.key}`);
if (key.organizationId) {
proxyReq.setHeader("OpenAI-Organization", key.organizationId);
}
};
src/proxy/middleware/request/check-context-size.ts
-163
View File
@@ -1,163 +0,0 @@
import { Request } from "express";
import { z } from "zod";
import { config } from "../../../config";
import { OpenAIPromptMessage, countTokens } from "../../../shared/tokenization";
import { RequestPreprocessor } from ".";
import { assertNever } from "../../../shared/utils";
const CLAUDE_MAX_CONTEXT = config.maxContextTokensAnthropic;
const OPENAI_MAX_CONTEXT = config.maxContextTokensOpenAI;
const BISON_MAX_CONTEXT = 8100;
/**
* Assigns `req.promptTokens` and `req.outputTokens` based on the request body
* and outbound API format, which combined determine the size of the context.
* If the context is too large, an error is thrown.
* This preprocessor should run after any preprocessor that transforms the
* request body.
*/
export const checkContextSize: RequestPreprocessor = async (req) => {
const service = req.outboundApi;
let result;
switch (service) {
case "openai": {
req.outputTokens = req.body.max_tokens;
const prompt: OpenAIPromptMessage[] = req.body.messages;
result = await countTokens({ req, prompt, service });
break;
}
case "openai-text": {
req.outputTokens = req.body.max_tokens;
const prompt: string = req.body.prompt;
result = await countTokens({ req, prompt, service });
break;
}
case "anthropic": {
req.outputTokens = req.body.max_tokens_to_sample;
const prompt: string = req.body.prompt;
result = await countTokens({ req, prompt, service });
break;
}
case "google-palm": {
req.outputTokens = req.body.maxOutputTokens;
const prompt: string = req.body.prompt.text;
result = await countTokens({ req, prompt, service });
break;
}
default:
assertNever(service);
}
req.promptTokens = result.token_count;
// TODO: Remove once token counting is stable
req.log.debug({ result: result }, "Counted prompt tokens.");
req.debug = req.debug ?? {};
req.debug = { ...req.debug, ...result };
maybeTranslateOpenAIModel(req);
validateContextSize(req);
};
function validateContextSize(req: Request) {
assertRequestHasTokenCounts(req);
const promptTokens = req.promptTokens;
const outputTokens = req.outputTokens;
const contextTokens = promptTokens + outputTokens;
const model = req.body.model;
let proxyMax: number;
switch (req.outboundApi) {
case "openai":
case "openai-text":
proxyMax = OPENAI_MAX_CONTEXT;
break;
case "anthropic":
proxyMax = CLAUDE_MAX_CONTEXT;
break;
case "google-palm":
proxyMax = BISON_MAX_CONTEXT;
break;
default:
assertNever(req.outboundApi);
}
proxyMax ||= Number.MAX_SAFE_INTEGER;
let modelMax = 0;
if (model.match(/gpt-3.5-turbo-16k/)) {
modelMax = 16384;
} else if (model.match(/gpt-3.5-turbo/)) {
modelMax = 4096;
} else if (model.match(/gpt-4-32k/)) {
modelMax = 32768;
} else if (model.match(/gpt-4/)) {
modelMax = 8192;
} else if (model.match(/claude-(?:instant-)?v1(?:\.\d)?(?:-100k)/)) {
modelMax = 100000;
} else if (model.match(/claude-(?:instant-)?v1(?:\.\d)?$/)) {
modelMax = 9000;
} else if (model.match(/claude-2/)) {
modelMax = 100000;
} else if (model.match(/^text-bison-\d{3}$/)) {
modelMax = BISON_MAX_CONTEXT;
} else {
// Don't really want to throw here because I don't want to have to update
// this ASAP every time a new model is released.
req.log.warn({ model }, "Unknown model, using 100k token limit.");
modelMax = 100000;
}
const finalMax = Math.min(proxyMax, modelMax);
z.number()
.int()
.max(finalMax, {
message: `Your request exceeds the context size limit for this model or proxy. (max: ${finalMax} tokens, requested: ${promptTokens} prompt + ${outputTokens} output = ${contextTokens} context tokens)`,
})
.parse(contextTokens);
req.log.debug(
{ promptTokens, outputTokens, contextTokens, modelMax, proxyMax },
"Prompt size validated"
);
req.debug.prompt_tokens = promptTokens;
req.debug.completion_tokens = outputTokens;
req.debug.max_model_tokens = modelMax;
req.debug.max_proxy_tokens = proxyMax;
}
function assertRequestHasTokenCounts(
req: Request
): asserts req is Request & { promptTokens: number; outputTokens: number } {
z.object({
promptTokens: z.number().int().min(1),
outputTokens: z.number().int().min(1),
})
.nonstrict()
.parse({ promptTokens: req.promptTokens, outputTokens: req.outputTokens });
}
/**
* For OpenAI-to-Anthropic requests, users can't specify the model, so we need
* to pick one based on the final context size. Ideally this would happen in
* the `transformOutboundPayload` preprocessor, but we don't have the context
* size at that point (and need a transformed body to calculate it).
*/
function maybeTranslateOpenAIModel(req: Request) {
if (req.inboundApi !== "openai" || req.outboundApi !== "anthropic") {
return;
}
const bigModel = process.env.CLAUDE_BIG_MODEL || "claude-v1-100k";
const contextSize = req.promptTokens! + req.outputTokens!;
if (contextSize > 8500) {
req.log.debug(
{ model: bigModel, contextSize },
"Using Claude 100k model for OpenAI-to-Anthropic request"
);
req.body.model = bigModel;
}
// Small model is the default already set in `transformOutboundPayload`
}
src/proxy/middleware/request/count-prompt-tokens.ts
+48
View File
@@ -0,0 +1,48 @@
import { RequestPreprocessor } from "./index";
import { countTokens, OpenAIPromptMessage } from "../../../shared/tokenization";
import { assertNever } from "../../../shared/utils";
/**
* Given a request with an already-transformed body, counts the number of
* tokens and assigns the count to the request.
*/
export const countPromptTokens: RequestPreprocessor = async (req) => {
const service = req.outboundApi;
let result;
switch (service) {
case "openai": {
req.outputTokens = req.body.max_tokens;
const prompt: OpenAIPromptMessage[] = req.body.messages;
result = await countTokens({ req, prompt, service });
break;
}
case "openai-text": {
req.outputTokens = req.body.max_tokens;
const prompt: string = req.body.prompt;
result = await countTokens({ req, prompt, service });
break;
}
case "anthropic": {
req.outputTokens = req.body.max_tokens_to_sample;
const prompt: string = req.body.prompt;
result = await countTokens({ req, prompt, service });
break;
}
case "google-palm": {
req.outputTokens = req.body.maxOutputTokens;
const prompt: string = req.body.prompt.text;
result = await countTokens({ req, prompt, service });
break;
}
default:
assertNever(service);
}
req.promptTokens = result.token_count;
// TODO: Remove once token counting is stable
req.log.debug({ result: result }, "Counted prompt tokens.");
req.debug = req.debug ?? {};
req.debug = { ...req.debug, ...result };
};
src/proxy/middleware/request/finalize-aws-request.ts
+26
View File
@@ -0,0 +1,26 @@
import type { ProxyRequestMiddleware } from ".";
/**
* For AWS requests, the body is signed earlier in the request pipeline, before
* the proxy middleware. This function just assigns the path and headers to the
* proxy request.
*/
export const finalizeAwsRequest: ProxyRequestMiddleware = (proxyReq, req) => {
if (!req.signedRequest) {
throw new Error("Expected req.signedRequest to be set");
}
// The path depends on the selected model and the assigned key's region.
proxyReq.path = req.signedRequest.path;
// Amazon doesn't want extra headers, so we need to remove all of them and
// reassign only the ones specified in the signed request.
proxyReq.getRawHeaderNames().forEach(proxyReq.removeHeader.bind(proxyReq));
Object.entries(req.signedRequest.headers).forEach(([key, value]) => {
proxyReq.setHeader(key, value);
});
// Don't use fixRequestBody here because it adds a content-length header.
// Amazon doesn't want that and it breaks the signature.
proxyReq.write(req.signedRequest.body);
};
src/proxy/middleware/request/index.ts
+15 -5
View File
@@ -2,22 +2,29 @@ import type { Request } from "express";
import type { ClientRequest } from "http";
import type { ProxyReqCallback } from "http-proxy";
export { createOnProxyReqHandler } from "./rewrite";
export {
createPreprocessorMiddleware,
createEmbeddingsPreprocessorMiddleware,
} from "./preprocess";
// Express middleware (runs before http-proxy-middleware, can be async)
export { applyQuotaLimits } from "./apply-quota-limits";
export { createPreprocessorMiddleware } from "./preprocess";
export { checkContextSize } from "./check-context-size";
export { validateContextSize } from "./validate-context-size";
export { countPromptTokens } from "./count-prompt-tokens";
export { setApiFormat } from "./set-api-format";
export { signAwsRequest } from "./sign-aws-request";
export { transformOutboundPayload } from "./transform-outbound-payload";
// HPM middleware (runs on onProxyReq, cannot be async)
export { addKey } from "./add-key";
export { addKey, addKeyForEmbeddingsRequest } from "./add-key";
export { addAnthropicPreamble } from "./add-anthropic-preamble";
export { blockZoomerOrigins } from "./block-zoomer-origins";
export { finalizeBody } from "./finalize-body";
export { finalizeAwsRequest } from "./finalize-aws-request";
export { languageFilter } from "./language-filter";
export { limitCompletions } from "./limit-completions";
export { removeOriginHeaders } from "./remove-origin-headers";
export { transformKoboldPayload } from "./transform-kobold-payload";
export { stripHeaders } from "./strip-headers";
/**
* Middleware that runs prior to the request being handled by http-proxy-
@@ -47,3 +54,6 @@ export type RequestPreprocessor = (req: Request) => void | Promise<void>;
* request queue middleware.
*/
export type ProxyRequestMiddleware = ProxyReqCallback<ClientRequest, Request>;
export const forceModel = (model: string) => (req: Request) =>
void (req.body.model = model);
src/proxy/middleware/request/preprocess.ts
+60 -17
View File
@@ -1,36 +1,79 @@
import { RequestHandler } from "express";
import { handleInternalError } from "../common";
import { initializeSseStream } from "../../../shared/streaming";
import { classifyErrorAndSend } from "../common";
import {
RequestPreprocessor,
checkContextSize,
validateContextSize,
countPromptTokens,
setApiFormat,
transformOutboundPayload,
} from ".";
type RequestPreprocessorOptions = {
/**
* Functions to run before the request body is transformed between API
* formats. Use this to change the behavior of the transformation, such as for
* endpoints which can accept multiple API formats.
*/
beforeTransform?: RequestPreprocessor[];
/**
* Functions to run after the request body is transformed and token counts are
* assigned. Use this to perform validation or other actions that depend on
* the request body being in the final API format.
*/
afterTransform?: RequestPreprocessor[];
};
/**
* Returns a middleware function that processes the request body into the given
* API format, and then sequentially runs the given additional preprocessors.
*/
export const createPreprocessorMiddleware = (
apiFormat: Parameters<typeof setApiFormat>[0],
additionalPreprocessors?: RequestPreprocessor[]
{ beforeTransform, afterTransform }: RequestPreprocessorOptions = {}
): RequestHandler => {
const preprocessors: RequestPreprocessor[] = [
setApiFormat(apiFormat),
...(additionalPreprocessors ?? []),
...(beforeTransform ?? []),
transformOutboundPayload,
checkContextSize,
countPromptTokens,
...(afterTransform ?? []),
validateContextSize,
];
return async function executePreprocessors(req, res, next) {
try {
for (const preprocessor of preprocessors) {
await preprocessor(req);
}
next();
} catch (error) {
req.log.error(error, "Error while executing request preprocessor");
handleInternalError(error as Error, req, res);
}
};
return async (...args) => executePreprocessors(preprocessors, args);
};
/**
* Returns a middleware function that specifically prepares requests for
* OpenAI's embeddings API. Tokens are not counted because embeddings requests
* are basically free.
*/
export const createEmbeddingsPreprocessorMiddleware = (): RequestHandler => {
const preprocessors: RequestPreprocessor[] = [
setApiFormat({ inApi: "openai", outApi: "openai", service: "openai" }),
(req) => void (req.promptTokens = req.outputTokens = 0),
];
return async (...args) => executePreprocessors(preprocessors, args);
};
async function executePreprocessors(
preprocessors: RequestPreprocessor[],
[req, res, next]: Parameters<RequestHandler>
) {
try {
for (const preprocessor of preprocessors) {
await preprocessor(req);
}
next();
} catch (error) {
req.log.error(error, "Error while executing request preprocessor");
// If the requested has opted into streaming, the client probably won't
// handle a non-eventstream response, but we haven't initialized the SSE
// stream yet as that is typically done later by the request queue. We'll
// do that here and then call classifyErrorAndSend to use the streaming
// error handler.
initializeSseStream(res)
classifyErrorAndSend(error as Error, req, res);
}
}
src/proxy/middleware/request/remove-origin-headers.ts
-10
View File
@@ -1,10 +0,0 @@
import { ProxyRequestMiddleware } from ".";
/**
* Removes origin and referer headers before sending the request to the API for
* privacy reasons.
**/
export const removeOriginHeaders: ProxyRequestMiddleware = (proxyReq) => {
proxyReq.setHeader("origin", "");
proxyReq.setHeader("referer", "");
};
src/proxy/middleware/request/rewrite.ts
+35
View File
@@ -0,0 +1,35 @@
import { Request } from "express";
import { ClientRequest } from "http";
import httpProxy from "http-proxy";
import { ProxyRequestMiddleware } from "./index";
type ProxyReqCallback = httpProxy.ProxyReqCallback<ClientRequest, Request>;
type RewriterOptions = {
beforeRewrite?: ProxyReqCallback[];
pipeline: ProxyRequestMiddleware[];
};
export const createOnProxyReqHandler = ({
beforeRewrite = [],
pipeline,
}: RewriterOptions): ProxyReqCallback => {
return (proxyReq, req, res, options) => {
try {
for (const validator of beforeRewrite) {
validator(proxyReq, req, res, options);
}
} catch (error) {
req.log.error(error, "Error while executing proxy request validator");
proxyReq.destroy(error);
}
try {
for (const rewriter of pipeline) {
rewriter(proxyReq, req, res, options);
}
} catch (error) {
req.log.error(error, "Error while executing proxy request rewriter");
proxyReq.destroy(error);
}
};
};
src/proxy/middleware/request/set-api-format.ts
+4 -2
View File
@@ -1,13 +1,15 @@
import { Request } from "express";
import { APIFormat } from "../../../shared/key-management";
import { APIFormat, LLMService } from "../../../shared/key-management";
import { RequestPreprocessor } from ".";
export const setApiFormat = (api: {
inApi: Request["inboundApi"];
outApi: APIFormat;
service: LLMService;
}): RequestPreprocessor => {
return (req) => {
return function configureRequestApiFormat(req) {
req.inboundApi = api.inApi;
req.outboundApi = api.outApi;
req.service = api.service;
};
};
src/proxy/middleware/request/sign-aws-request.ts
+96
View File
@@ -0,0 +1,96 @@
import express from "express";
import { Sha256 } from "@aws-crypto/sha256-js";
import { SignatureV4 } from "@smithy/signature-v4";
import { HttpRequest } from "@smithy/protocol-http";
import { keyPool } from "../../../shared/key-management";
import { RequestPreprocessor } from ".";
import { AnthropicV1CompleteSchema } from "./transform-outbound-payload";
const AMZ_HOST =
process.env.AMZ_HOST || "invoke-bedrock.%REGION%.amazonaws.com";
/**
* Signs an outgoing AWS request with the appropriate headers modifies the
* request object in place to fix the path.
*/
export const signAwsRequest: RequestPreprocessor = async (req) => {
req.key = keyPool.get("anthropic.claude-v2");
const { model, stream } = req.body;
req.isStreaming = stream === true || stream === "true";
let preamble = req.body.prompt.startsWith("\n\nHuman:") ? "" : "\n\nHuman:";
req.body.prompt = preamble + req.body.prompt;
// AWS supports only a subset of Anthropic's parameters and is more strict
// about unknown parameters.
// TODO: This should happen in transform-outbound-payload.ts
const strippedParams = AnthropicV1CompleteSchema.pick({
prompt: true,
max_tokens_to_sample: true,
stop_sequences: true,
temperature: true,
top_k: true,
top_p: true,
}).parse(req.body);
const credential = getCredentialParts(req);
const host = AMZ_HOST.replace("%REGION%", credential.region);
// AWS only uses 2023-06-01 and does not actually check this header, but we
// set it so that the stream adapter always selects the correct transformer.
req.headers["anthropic-version"] = "2023-06-01";
// Uses the AWS SDK to sign a request, then modifies our HPM proxy request
// with the headers generated by the SDK.
const newRequest = new HttpRequest({
method: "POST",
protocol: "https:",
hostname: host,
path: `/model/${model}/invoke${stream ? "-with-response-stream" : ""}`,
headers: {
["Host"]: host,
["content-type"]: "application/json",
},
body: JSON.stringify(strippedParams),
});
if (stream) {
newRequest.headers["x-amzn-bedrock-accept"] = "application/json";
} else {
newRequest.headers["accept"] = "*/*";
}
req.signedRequest = await sign(newRequest, getCredentialParts(req));
};
type Credential = {
accessKeyId: string;
secretAccessKey: string;
region: string;
};
function getCredentialParts(req: express.Request): Credential {
const [accessKeyId, secretAccessKey, region] = req.key!.key.split(":");
if (!accessKeyId || !secretAccessKey || !region) {
req.log.error(
{ key: req.key!.hash },
"AWS_CREDENTIALS isn't correctly formatted; refer to the docs"
);
throw new Error("The key assigned to this request is invalid.");
}
return { accessKeyId, secretAccessKey, region };
}
async function sign(request: HttpRequest, credential: Credential) {
const { accessKeyId, secretAccessKey, region } = credential;
const signer = new SignatureV4({
sha256: Sha256,
credentials: { accessKeyId, secretAccessKey },
region,
service: "bedrock",
});
return signer.sign(request);
}
src/proxy/middleware/request/strip-headers.ts
+16
View File
@@ -0,0 +1,16 @@
import { ProxyRequestMiddleware } from ".";
/**
* Removes origin and referer headers before sending the request to the API for
* privacy reasons.
**/
export const stripHeaders: ProxyRequestMiddleware = (proxyReq) => {
proxyReq.setHeader("origin", "");
proxyReq.setHeader("referer", "");
proxyReq.removeHeader("cf-connecting-ip");
proxyReq.removeHeader("forwarded");
proxyReq.removeHeader("true-client-ip");
proxyReq.removeHeader("x-forwarded-for");
proxyReq.removeHeader("x-real-ip");
};
src/proxy/middleware/request/transform-kobold-payload.ts
-112
View File
@@ -1,112 +0,0 @@
/**
* Transforms a KoboldAI payload into an OpenAI payload.
* @deprecated Kobold input format isn't supported anymore as all popular
* frontends support reverse proxies or changing their base URL. It adds too
* many edge cases to be worth maintaining and doesn't work with newer features.
*/
import { logger } from "../../../logger";
import type { ProxyRequestMiddleware } from ".";
// Kobold requests look like this:
// body:
// {
// prompt: "Aqua is character from Konosuba anime. Aqua is a goddess, before life in the Fantasy World, she was a goddess of water who guided humans to the afterlife. Aqua looks like young woman with beauty no human could match. Aqua has light blue hair, blue eyes, slim figure, long legs, wide hips, blue waist-long hair that is partially tied into a loop with a spherical clip. Aqua's measurements are 83-56-83 cm. Aqua's height 157cm. Aqua wears sleeveless dark-blue dress with white trimmings, extremely short dark blue miniskirt, green bow around her chest with a blue gem in the middle, detached white sleeves with blue and golden trimmings, thigh-high blue heeled boots over white stockings with blue trimmings. Aqua is very strong in water magic, but a little stupid, so she does not always use it to the place. Aqua is high-spirited, cheerful, carefree. Aqua rarely thinks about the consequences of her actions and always acts or speaks on her whims. Because very easy to taunt Aqua with jeers or lure her with praises.\n" +
// "Aqua's personality: high-spirited, likes to party, carefree, cheerful.\n" +
// 'Circumstances and context of the dialogue: Aqua is standing in the city square and is looking for new followers\n' +
// 'This is how Aqua should talk\n' +
// 'You: Hi Aqua, I heard you like to spend time in the pub.\n' +
// "Aqua: *excitedly* Oh my goodness, yes! I just love spending time at the pub! It's so much fun to talk to all the adventurers and hear about their exciting adventures! And you are?\n" +
// "You: I'm a new here and I wanted to ask for your advice.\n" +
// 'Aqua: *giggles* Oh, advice! I love giving advice! And in gratitude for that, treat me to a drink! *gives signals to the bartender*\n' +
// 'This is how Aqua should talk\n' +
// 'You: Hello\n' +
// "Aqua: *excitedly* Hello there, dear! Are you new to Axel? Don't worry, I, Aqua the goddess of water, am here to help you! Do you need any assistance? And may I say, I look simply radiant today! *strikes a pose and looks at you with puppy eyes*\n" +
// '\n' +
// 'Then the roleplay chat between You and Aqua begins.\n' +
// "Aqua: *She is in the town square of a city named Axel. It's morning on a Saturday and she suddenly notices a person who looks like they don't know what they're doing. She approaches him and speaks* \n" +
// '\n' +
// `"Are you new here? Do you need help? Don't worry! I, Aqua the Goddess of Water, shall help you! Do I look beautiful?" \n` +
// '\n' +
// '*She strikes a pose and looks at him with puppy eyes.*\n' +
// 'You: test\n' +
// 'You: test\n' +
// 'You: t\n' +
// 'You: test\n',
// use_story: false,
// use_memory: false,
// use_authors_note: false,
// use_world_info: false,
// max_context_length: 2048,
// max_length: 180,
// rep_pen: 1.1,
// rep_pen_range: 1024,
// rep_pen_slope: 0.9,
// temperature: 0.65,
// tfs: 0.9,
// top_a: 0,
// top_k: 0,
// top_p: 0.9,
// typical: 1,
// sampler_order: [
// 6, 0, 1, 2,
// 3, 4, 5
// ],
// singleline: false
// }
// OpenAI expects this body:
// { model: 'gpt-3.5-turbo', temperature: 0.65, top_p: 0.9, max_tokens: 180, messages }
// there's also a frequency_penalty but it's not clear how that maps to kobold's
// rep_pen.
// messages is an array of { role: "system" | "assistant" | "user", content: ""}
// kobold only sends us the entire prompt. we can try to split the last two
// lines into user and assistant messages, but that's not always correct. For
// now it will have to do.
/**
* Transforms a KoboldAI payload into an OpenAI payload.
* @deprecated Probably doesn't work anymore, idk.
**/
export const transformKoboldPayload: ProxyRequestMiddleware = (
_proxyReq,
req
) => {
// if (req.inboundApi !== "kobold") {
// throw new Error("transformKoboldPayload called for non-kobold request.");
// }
const { body } = req;
const { prompt, max_length, rep_pen, top_p, temperature } = body;
if (!max_length) {
logger.error("KoboldAI request missing max_length.");
throw new Error("You must specify a max_length parameter.");
}
const promptLines = prompt.split("\n");
// The very last line is the contentless "Assistant: " hint to the AI.
// Tavern just leaves an empty line, Agnai includes the AI's name.
const assistantHint = promptLines.pop();
// The second-to-last line is the user's prompt, generally.
const userPrompt = promptLines.pop();
const messages = [
{ role: "system", content: promptLines.join("\n") },
{ role: "user", content: userPrompt },
{ role: "assistant", content: assistantHint },
];
// Kobold doesn't select a model. If the addKey rewriter assigned us a GPT-4
// key, use that. Otherwise, use GPT-3.5-turbo.
const model = "gpt-4";
const newBody = {
model,
temperature,
top_p,
frequency_penalty: rep_pen, // remove this if model turns schizo
max_tokens: max_length,
messages,
};
req.body = newBody;
};
src/proxy/middleware/request/transform-outbound-payload.ts
+15 -19
View File
@@ -10,8 +10,8 @@ const CLAUDE_OUTPUT_MAX = config.maxOutputTokensAnthropic;
const OPENAI_OUTPUT_MAX = config.maxOutputTokensOpenAI;
// https://console.anthropic.com/docs/api/reference#-v1-complete
const AnthropicV1CompleteSchema = z.object({
model: z.string().regex(/^claude-/, "Model must start with 'claude-'"),
export const AnthropicV1CompleteSchema = z.object({
model: z.string(),
prompt: z.string({
required_error:
"No prompt found. Are you sending an OpenAI-formatted request to the Claude endpoint?",
@@ -23,14 +23,14 @@ const AnthropicV1CompleteSchema = z.object({
stop_sequences: z.array(z.string()).optional(),
stream: z.boolean().optional().default(false),
temperature: z.coerce.number().optional().default(1),
top_k: z.coerce.number().optional().default(-1),
top_p: z.coerce.number().optional().default(-1),
top_k: z.coerce.number().optional(),
top_p: z.coerce.number().optional(),
metadata: z.any().optional(),
});
// https://platform.openai.com/docs/api-reference/chat/create
const OpenAIV1ChatCompletionSchema = z.object({
model: z.string().regex(/^gpt/, "Model must start with 'gpt-'"),
model: z.string(),
messages: z.array(
z.object({
role: z.enum(["system", "user", "assistant"]),
@@ -89,7 +89,7 @@ const OpenAIV1TextCompletionSchema = z
// https://developers.generativeai.google/api/rest/generativelanguage/models/generateText
const PalmV1GenerateTextSchema = z.object({
model: z.string().regex(/^\w+-bison-\d{3}$/),
model: z.string(),
prompt: z.object({ text: z.string() }),
temperature: z.number().optional(),
maxOutputTokens: z.coerce
@@ -159,19 +159,14 @@ function openaiToAnthropic(req: Request) {
const { body } = req;
const result = OpenAIV1ChatCompletionSchema.safeParse(body);
if (!result.success) {
req.log.error(
req.log.warn(
{ issues: result.error.issues, body },
"Invalid OpenAI-to-Anthropic request"
);
throw result.error;
}
// Anthropic has started versioning their API, indicated by an HTTP header
// `anthropic-version`. The new June 2023 version is not backwards compatible
// with our OpenAI-to-Anthropic transformations so we need to explicitly
// request the older version for now. 2023-01-01 will be removed in September.
// https://docs.anthropic.com/claude/reference/versioning
req.headers["anthropic-version"] = "2023-01-01";
req.headers["anthropic-version"] = "2023-06-01";
const { messages, ...rest } = result.data;
const prompt = openAIMessagesToClaudePrompt(messages);
@@ -190,7 +185,6 @@ function openaiToAnthropic(req: Request) {
stops = [...new Set(stops)];
return {
...rest,
// Model may be overridden in `calculate-context-size.ts` to avoid having
// a circular dependency (`calculate-context-size.ts` needs an already-
// transformed request body to count tokens, but this function would like
@@ -199,6 +193,9 @@ function openaiToAnthropic(req: Request) {
prompt: prompt,
max_tokens_to_sample: rest.max_tokens,
stop_sequences: stops,
stream: rest.stream,
temperature: rest.temperature,
top_p: rest.top_p,
};
}
@@ -206,7 +203,7 @@ function openaiToOpenaiText(req: Request) {
const { body } = req;
const result = OpenAIV1ChatCompletionSchema.safeParse(body);
if (!result.success) {
req.log.error(
req.log.warn(
{ issues: result.error.issues, body },
"Invalid OpenAI-to-OpenAI-text request"
);
@@ -225,18 +222,17 @@ function openaiToOpenaiText(req: Request) {
stops = [...new Set(stops)];
const transformed = { ...rest, prompt: prompt, stop: stops };
const validated = OpenAIV1TextCompletionSchema.parse(transformed);
return validated;
return OpenAIV1TextCompletionSchema.parse(transformed);
}
function openaiToPalm(req: Request): z.infer<typeof PalmV1GenerateTextSchema> {
const { body } = req;
const result = OpenAIV1ChatCompletionSchema.safeParse({
...body,
model: "text-bison-001",
model: "gpt-3.5-turbo",
});
if (!result.success) {
req.log.error(
req.log.warn(
{ issues: result.error.issues, body },
"Invalid OpenAI-to-Palm request"
);
src/proxy/middleware/request/validate-context-size.ts
+99
View File
@@ -0,0 +1,99 @@
import { Request } from "express";
import { z } from "zod";
import { config } from "../../../config";
import { assertNever } from "../../../shared/utils";
import { RequestPreprocessor } from ".";
const CLAUDE_MAX_CONTEXT = config.maxContextTokensAnthropic;
const OPENAI_MAX_CONTEXT = config.maxContextTokensOpenAI;
const BISON_MAX_CONTEXT = 8100;
/**
* Assigns `req.promptTokens` and `req.outputTokens` based on the request body
* and outbound API format, which combined determine the size of the context.
* If the context is too large, an error is thrown.
* This preprocessor should run after any preprocessor that transforms the
* request body.
*/
export const validateContextSize: RequestPreprocessor = async (req) => {
assertRequestHasTokenCounts(req);
const promptTokens = req.promptTokens;
const outputTokens = req.outputTokens;
const contextTokens = promptTokens + outputTokens;
const model = req.body.model;
let proxyMax: number;
switch (req.outboundApi) {
case "openai":
case "openai-text":
proxyMax = OPENAI_MAX_CONTEXT;
break;
case "anthropic":
proxyMax = CLAUDE_MAX_CONTEXT;
break;
case "google-palm":
proxyMax = BISON_MAX_CONTEXT;
break;
default:
assertNever(req.outboundApi);
}
proxyMax ||= Number.MAX_SAFE_INTEGER;
let modelMax: number;
if (model.match(/gpt-3.5-turbo-16k/)) {
modelMax = 16384;
} else if (model.match(/gpt-3.5-turbo/)) {
modelMax = 4096;
} else if (model.match(/gpt-4-32k/)) {
modelMax = 32768;
} else if (model.match(/gpt-4/)) {
modelMax = 8192;
} else if (model.match(/^claude-(?:instant-)?v1(?:\.\d)?-100k/)) {
modelMax = 100000;
} else if (model.match(/^claude-(?:instant-)?v1(?:\.\d)?$/)) {
modelMax = 9000;
} else if (model.match(/^claude-2/)) {
modelMax = 100000;
} else if (model.match(/^text-bison-\d{3}$/)) {
modelMax = BISON_MAX_CONTEXT;
} else if (model.match(/^anthropic\.claude/)) {
// Not sure if AWS Claude has the same context limit as Anthropic Claude.
modelMax = 100000;
} else {
// Don't really want to throw here because I don't want to have to update
// this ASAP every time a new model is released.
req.log.warn({ model }, "Unknown model, using 100k token limit.");
modelMax = 100000;
}
const finalMax = Math.min(proxyMax, modelMax);
z.object({
tokens: z
.number()
.int()
.max(finalMax, {
message: `Your request exceeds the context size limit. (max: ${finalMax} tokens, requested: ${promptTokens} prompt + ${outputTokens} output = ${contextTokens} context tokens)`,
}),
}).parse({ tokens: contextTokens });
req.log.debug(
{ promptTokens, outputTokens, contextTokens, modelMax, proxyMax },
"Prompt size validated"
);
req.debug.prompt_tokens = promptTokens;
req.debug.completion_tokens = outputTokens;
req.debug.max_model_tokens = modelMax;
req.debug.max_proxy_tokens = proxyMax;
};
function assertRequestHasTokenCounts(
req: Request
): asserts req is Request & { promptTokens: number; outputTokens: number } {
z.object({
promptTokens: z.number().int().min(1),
outputTokens: z.number().int().min(1),
})
.nonstrict()
.parse({ promptTokens: req.promptTokens, outputTokens: req.outputTokens });
}
src/proxy/middleware/response/handle-streamed-response.ts
+56 -379
View File
@@ -1,43 +1,16 @@
import { Request, Response } from "express";
import * as http from "http";
import { buildFakeSseMessage } from "../common";
import { RawResponseBodyHandler, decodeResponseBody } from ".";
import { assertNever } from "../../../shared/utils";
import { pipeline } from "stream";
import { promisify } from "util";
import {
buildFakeSse,
copySseResponseHeaders,
initializeSseStream
} from "../../../shared/streaming";
import { decodeResponseBody, RawResponseBodyHandler } from ".";
import { SSEStreamAdapter } from "./streaming/sse-stream-adapter";
import { SSEMessageTransformer } from "./streaming/sse-message-transformer";
import { EventAggregator } from "./streaming/event-aggregator";
type OpenAiChatCompletionResponse = {
id: string;
object: string;
created: number;
model: string;
choices: {
message: { role: string; content: string };
finish_reason: string | null;
index: number;
}[];
};
type OpenAiTextCompletionResponse = {
id: string;
object: string;
created: number;
model: string;
choices: {
text: string;
finish_reason: string | null;
index: number;
logprobs: null;
}[];
};
type AnthropicCompletionResponse = {
completion: string;
stop_reason: string;
truncated: boolean;
stop: any;
model: string;
log_id: string;
exception: null;
};
const pipelineAsync = promisify(pipeline);
/**
* Consume the SSE stream and forward events to the client. Once the stream is
@@ -48,363 +21,67 @@ type AnthropicCompletionResponse = {
* in the event a streamed request results in a non-200 response, we need to
* fall back to the non-streaming response handler so that the error handler
* can inspect the error response.
*
* Currently most frontends don't support Anthropic streaming, so users can opt
* to send requests for Claude models via an endpoint that accepts OpenAI-
* compatible requests and translates the received Anthropic SSE events into
* OpenAI ones, essentially pretending to be an OpenAI streaming API.
*/
export const handleStreamedResponse: RawResponseBodyHandler = async (
proxyRes,
req,
res
) => {
// If these differ, the user is using the OpenAI-compatibile endpoint, so
// we need to translate the SSE events into OpenAI completion events for their
// frontend.
const { hash } = req.key!;
if (!req.isStreaming) {
const err = new Error(
"handleStreamedResponse called for non-streaming request."
);
req.log.error({ stack: err.stack, api: req.inboundApi }, err.message);
throw err;
throw new Error("handleStreamedResponse called for non-streaming request.");
}
const key = req.key!;
if (proxyRes.statusCode !== 200) {
// Ensure we use the non-streaming middleware stack since we won't be
// getting any events.
req.isStreaming = false;
if (proxyRes.statusCode! > 201) {
req.isStreaming = false; // Forces non-streaming response handler to execute
req.log.warn(
{ statusCode: proxyRes.statusCode, key: key.hash },
{ statusCode: proxyRes.statusCode, key: hash },
`Streaming request returned error status code. Falling back to non-streaming response handler.`
);
return decodeResponseBody(proxyRes, req, res);
}
return new Promise((resolve, reject) => {
req.log.info({ key: key.hash }, `Starting to proxy SSE stream.`);
req.log.debug(
{ headers: proxyRes.headers, key: hash },
`Starting to proxy SSE stream.`
);
// Queued streaming requests will already have a connection open and headers
// sent due to the heartbeat handler. In that case we can just start
// streaming the response without sending headers.
if (!res.headersSent) {
res.setHeader("Content-Type", "text/event-stream");
res.setHeader("Cache-Control", "no-cache");
res.setHeader("Connection", "keep-alive");
res.setHeader("X-Accel-Buffering", "no");
copyHeaders(proxyRes, res);
res.flushHeaders();
}
// Users waiting in the queue already have a SSE connection open for the
// heartbeat, so we can't always send the stream headers.
if (!res.headersSent) {
copySseResponseHeaders(proxyRes, res);
initializeSseStream(res);
}
const originalEvents: string[] = [];
let partialMessage = "";
let lastPosition = 0;
let eventCount = 0;
const prefersNativeEvents = req.inboundApi === req.outboundApi;
const contentType = proxyRes.headers["content-type"];
type ProxyResHandler<T extends unknown> = (...args: T[]) => void;
function withErrorHandling<T extends unknown>(fn: ProxyResHandler<T>) {
return (...args: T[]) => {
try {
fn(...args);
} catch (error) {
proxyRes.emit("error", error);
}
};
}
proxyRes.on(
"data",
withErrorHandling((chunk: Buffer) => {
// We may receive multiple (or partial) SSE messages in a single chunk,
// so we need to buffer and emit seperate stream events for full
// messages so we can parse/transform them properly.
const str = chunk.toString();
// Anthropic uses CRLF line endings (out-of-spec btw)
const fullMessages = (partialMessage + str).split(/\r?\n\r?\n/);
partialMessage = fullMessages.pop() || "";
for (const message of fullMessages) {
proxyRes.emit("full-sse-event", message);
}
})
);
proxyRes.on(
"full-sse-event",
withErrorHandling((data) => {
originalEvents.push(data);
const { event, position } = transformEvent({
data,
requestApi: req.inboundApi,
responseApi: req.outboundApi,
lastPosition,
index: eventCount++,
});
lastPosition = position;
res.write(event + "\n\n");
})
);
proxyRes.on(
"end",
withErrorHandling(() => {
let finalBody = convertEventsToFinalResponse(originalEvents, req);
req.log.info({ key: key.hash }, `Finished proxying SSE stream.`);
res.end();
resolve(finalBody);
})
);
proxyRes.on("error", (err) => {
req.log.error({ error: err, key: key.hash }, `Mid-stream error.`);
const fakeErrorEvent = buildFakeSseMessage(
"mid-stream-error",
err.message,
req
);
res.write(`data: ${JSON.stringify(fakeErrorEvent)}\n\n`);
res.write("data: [DONE]\n\n");
res.end();
reject(err);
const adapter = new SSEStreamAdapter({ contentType });
const aggregator = new EventAggregator({ format: req.outboundApi });
const transformer = new SSEMessageTransformer({
inputFormat: req.outboundApi, // outbound from the request's perspective
inputApiVersion: String(req.headers["anthropic-version"]),
logger: req.log,
requestId: String(req.id),
requestedModel: req.body.model,
})
.on("originalMessage", (msg: string) => {
if (prefersNativeEvents) res.write(msg);
})
.on("data", (msg) => {
if (!prefersNativeEvents) res.write(`data: ${JSON.stringify(msg)}\n\n`);
aggregator.addEvent(msg);
});
});
try {
await pipelineAsync(proxyRes, adapter, transformer);
req.log.debug({ key: hash }, `Finished proxying SSE stream.`);
res.end();
return aggregator.getFinalResponse();
} catch (err) {
const errorEvent = buildFakeSse("stream-error", err.message, req);
res.write(`${errorEvent}data: [DONE]\n\n`);
res.end();
throw err;
}
};
type SSETransformationArgs = {
data: string;
requestApi: string;
responseApi: string;
lastPosition: number;
index: number;
};
/**
* Transforms SSE events from the given response API into events compatible with
* the API requested by the client.
*/
function transformEvent(params: SSETransformationArgs) {
const { data, requestApi, responseApi } = params;
if (requestApi === responseApi) {
return { position: -1, event: data };
}
const trans = `${requestApi}->${responseApi}`;
switch (trans) {
case "openai->openai-text":
return transformOpenAITextEventToOpenAIChat(params);
case "openai->anthropic":
// TODO: handle new anthropic streaming format
return transformV1AnthropicEventToOpenAI(params);
case "openai->google-palm":
return transformPalmEventToOpenAI(params);
default:
throw new Error(`Unsupported streaming API transformation. ${trans}`);
}
}
function transformOpenAITextEventToOpenAIChat(params: SSETransformationArgs) {
const { data, index } = params;
if (!data.startsWith("data:")) return { position: -1, event: data };
if (data.startsWith("data: [DONE]")) return { position: -1, event: data };
const event = JSON.parse(data.slice("data: ".length));
// The very first event must be a role assignment with no content.
const createEvent = () => ({
id: event.id,
object: "chat.completion.chunk",
created: event.created,
model: event.model,
choices: [
{
message: { role: "", content: "" } as {
role?: string;
content: string;
},
index: 0,
finish_reason: null,
},
],
});
let buffer = "";
if (index === 0) {
const initialEvent = createEvent();
initialEvent.choices[0].message.role = "assistant";
buffer = `data: ${JSON.stringify(initialEvent)}\n\n`;
}
const newEvent = {
...event,
choices: [
{
...event.choices[0],
delta: { content: event.choices[0].text },
text: undefined,
},
],
};
buffer += `data: ${JSON.stringify(newEvent)}`;
return { position: -1, event: buffer };
}
function transformV1AnthropicEventToOpenAI(params: SSETransformationArgs) {
const { data, lastPosition } = params;
// Anthropic sends the full completion so far with each event whereas OpenAI
// only sends the delta. To make the SSE events compatible, we remove
// everything before `lastPosition` from the completion.
if (!data.startsWith("data:")) {
return { position: lastPosition, event: data };
}
if (data.startsWith("data: [DONE]")) {
return { position: lastPosition, event: data };
}
const event = JSON.parse(data.slice("data: ".length));
const newEvent = {
id: "ant-" + event.log_id,
object: "chat.completion.chunk",
created: Date.now(),
model: event.model,
choices: [
{
index: 0,
delta: { content: event.completion?.slice(lastPosition) },
finish_reason: event.stop_reason,
},
],
};
return {
position: event.completion.length,
event: `data: ${JSON.stringify(newEvent)}`,
};
}
function transformPalmEventToOpenAI({ data }: SSETransformationArgs) {
throw new Error("PaLM streaming not yet supported.");
return { position: -1, event: data };
}
/** Copy headers, excluding ones we're already setting for the SSE response. */
function copyHeaders(proxyRes: http.IncomingMessage, res: Response) {
const toOmit = [
"content-length",
"content-encoding",
"transfer-encoding",
"content-type",
"connection",
"cache-control",
];
for (const [key, value] of Object.entries(proxyRes.headers)) {
if (!toOmit.includes(key) && value) {
res.setHeader(key, value);
}
}
}
/**
* Converts the list of incremental SSE events into an object that resembles a
* full, non-streamed response from the API so that subsequent middleware can
* operate on it as if it were a normal response.
* Events are expected to be in the format they were received from the API.
*/
function convertEventsToFinalResponse(events: string[], req: Request) {
switch (req.outboundApi) {
case "openai": {
let merged: OpenAiChatCompletionResponse = {
id: "",
object: "",
created: 0,
model: "",
choices: [],
};
merged = events.reduce((acc, event, i) => {
if (!event.startsWith("data: ")) return acc;
if (event === "data: [DONE]") return acc;
const data = JSON.parse(event.slice("data: ".length));
// The first chat chunk only contains the role assignment and metadata
if (i === 0) {
return {
id: data.id,
object: data.object,
created: data.created,
model: data.model,
choices: [
{
message: { role: data.choices[0].delta.role, content: "" },
index: 0,
finish_reason: null,
},
],
};
}
if (data.choices[0].delta.content) {
acc.choices[0].message.content += data.choices[0].delta.content;
}
acc.choices[0].finish_reason = data.choices[0].finish_reason;
return acc;
}, merged);
return merged;
}
case "openai-text": {
let merged: OpenAiTextCompletionResponse = {
id: "",
object: "",
created: 0,
model: "",
choices: [],
// TODO: merge logprobs
};
merged = events.reduce((acc, event, i) => {
if (!event.startsWith("data: ")) return acc;
if (event === "data: [DONE]") return acc;
const data = JSON.parse(event.slice("data: ".length));
return {
id: data.id,
object: data.object,
created: data.created,
model: data.model,
choices: [
{
text: acc.choices[0]?.text + data.choices[0].text,
index: 0,
finish_reason: data.choices[0].finish_reason,
logprobs: null,
},
],
};
}, merged);
return merged;
}
case "anthropic": {
/*
* Full complete responses from Anthropic are conveniently just the same as
* the final SSE event before the "DONE" event, so we can reuse that
*/
const lastEvent = events[events.length - 2].toString();
const data = JSON.parse(
lastEvent.slice(lastEvent.indexOf("data: ") + "data: ".length)
);
const final: AnthropicCompletionResponse = { ...data, log_id: req.id };
return final;
}
case "google-palm": {
throw new Error("PaLM streaming not yet supported.");
}
default:
assertNever(req.outboundApi);
}
}
src/proxy/middleware/response/index.ts
+156 -99
View File
@@ -4,22 +4,23 @@ import * as http from "http";
import util from "util";
import zlib from "zlib";
import { logger } from "../../../logger";
import { keyPool } from "../../../shared/key-management";
import { getOpenAIModelFamily } from "../../../shared/models";
import { enqueue, trackWaitTime } from "../../queue";
import { HttpError } from "../../../shared/errors";
import { AnthropicKey, keyPool } from "../../../shared/key-management";
import { getOpenAIModelFamily } from "../../../shared/models";
import { countTokens } from "../../../shared/tokenization";
import {
incrementPromptCount,
incrementTokenCount,
} from "../../../shared/users/user-store";
import { assertNever } from "../../../shared/utils";
import {
getCompletionForService,
getCompletionFromBody,
isCompletionRequest,
writeErrorResponse,
} from "../common";
import { handleStreamedResponse } from "./handle-streamed-response";
import { logPrompt } from "./log-prompt";
import { countTokens } from "../../../shared/tokenization";
import { assertNever } from "../../../shared/utils";
const DECODER_MAP = {
gzip: util.promisify(zlib.gunzip),
@@ -83,7 +84,7 @@ export const createOnProxyResHandler = (apiMiddleware: ProxyResMiddleware) => {
? handleStreamedResponse
: decodeResponseBody;
let lastMiddlewareName = initialHandler.name;
let lastMiddleware = initialHandler.name;
try {
const body = await initialHandler(proxyRes, req, res);
@@ -112,37 +113,38 @@ export const createOnProxyResHandler = (apiMiddleware: ProxyResMiddleware) => {
}
for (const middleware of middlewareStack) {
lastMiddlewareName = middleware.name;
lastMiddleware = middleware.name;
await middleware(proxyRes, req, res, body);
}
trackWaitTime(req);
} catch (error: any) {
} catch (error) {
// Hack: if the error is a retryable rate-limit error, the request has
// been re-enqueued and we can just return without doing anything else.
if (error instanceof RetryableError) {
return;
}
const errorData = {
error: error.stack,
thrownBy: lastMiddlewareName,
key: req.key?.hash,
};
const message = `Error while executing proxy response middleware: ${lastMiddlewareName} (${error.message})`;
if (res.headersSent) {
req.log.error(errorData, message);
// This should have already been handled by the error handler, but
// just in case...
if (!res.writableEnded) {
res.end();
}
// Already logged and responded to the client by handleUpstreamErrors
if (error instanceof HttpError) {
if (!res.writableEnded) res.end();
return;
}
logger.error(errorData, message);
res
.status(500)
.json({ error: "Internal server error", proxy_note: message });
const { stack, message } = error;
const info = { stack, lastMiddleware, key: req.key?.hash };
const description = `Error while executing proxy response middleware: ${lastMiddleware} (${message})`;
if (res.headersSent) {
req.log.error(info, description);
if (!res.writableEnded) res.end();
return;
} else {
req.log.error(info, description);
res
.status(500)
.json({ error: "Internal server error", proxy_note: description });
}
}
};
};
@@ -173,7 +175,7 @@ export const decodeResponseBody: RawResponseBodyHandler = async (
throw err;
}
const promise = new Promise<string>((resolve, reject) => {
return new Promise<string>((resolve, reject) => {
let chunks: Buffer[] = [];
proxyRes.on("data", (chunk) => chunks.push(chunk));
proxyRes.on("end", async () => {
@@ -203,23 +205,27 @@ export const decodeResponseBody: RawResponseBodyHandler = async (
return resolve(body.toString());
} catch (error: any) {
const errorMessage = `Proxy received response with invalid JSON: ${error.message}`;
logger.warn({ error, key: req.key?.hash }, errorMessage);
logger.warn({ error: error.stack, key: req.key?.hash }, errorMessage);
writeErrorResponse(req, res, 500, { error: errorMessage });
return reject(errorMessage);
}
});
});
return promise;
};
// TODO: This is too specific to OpenAI's error responses.
type ProxiedErrorPayload = {
error?: Record<string, any>;
message?: string;
proxy_note?: string;
};
/**
* Handles non-2xx responses from the upstream service. If the proxied response
* is an error, this will respond to the client with an error payload and throw
* an error to stop the middleware stack.
* On 429 errors, if request queueing is enabled, the request will be silently
* re-enqueued. Otherwise, the request will be rejected with an error payload.
* @throws {Error} On HTTP error status code from upstream service
* @throws {HttpError} On HTTP error status code from upstream service
*/
const handleUpstreamErrors: ProxyResHandlerWithBody = async (
proxyRes,
@@ -233,27 +239,19 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
return;
}
let errorPayload: Record<string, any>;
// Subtract 1 from available keys because if this message is being shown,
// it's because the key is about to be disabled.
const availableKeys = keyPool.available(req.outboundApi) - 1;
const tryAgainMessage = Boolean(availableKeys)
? `There are ${availableKeys} more keys available; try your request again.`
: "There are no more keys available.";
let errorPayload: ProxiedErrorPayload;
const tryAgainMessage = keyPool.available(req.body?.model)
? `There may be more keys available for this model; try again in a few seconds.`
: "There are no more keys available for this model.";
try {
if (typeof body === "object") {
errorPayload = body;
} else {
throw new Error("Received unparsable error response from upstream.");
}
} catch (parseError: any) {
assertJsonResponse(body);
errorPayload = body;
} catch (parseError) {
// Likely Bad Gateway or Gateway Timeout from upstream's reverse proxy
const hash = req.key?.hash;
const statusMessage = proxyRes.statusMessage || "Unknown error";
// Likely Bad Gateway or Gateway Timeout from reverse proxy/load balancer
logger.warn(
{ statusCode, statusMessage, key: req.key?.hash },
parseError.message
);
logger.warn({ statusCode, statusMessage, key: hash }, parseError.message);
const errorObject = {
statusCode,
@@ -262,56 +260,84 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
proxy_note: `This is likely a temporary error with the upstream service.`,
};
writeErrorResponse(req, res, statusCode, errorObject);
throw new Error(parseError.message);
throw new HttpError(statusCode, parseError.message);
}
const errorType =
errorPayload.error?.code ||
errorPayload.error?.type ||
getAwsErrorType(proxyRes.headers["x-amzn-errortype"]);
logger.warn(
{
statusCode,
type: errorPayload.error?.code,
errorPayload,
key: req.key?.hash,
},
{ statusCode, type: errorType, errorPayload, key: req.key?.hash },
`Received error response from upstream. (${proxyRes.statusMessage})`
);
const service = req.key!.service;
if (service === "aws") {
// Try to standardize the error format for AWS
errorPayload.error = { message: errorPayload.message, type: errorType };
delete errorPayload.message;
}
if (statusCode === 400) {
// Bad request (likely prompt is too long)
switch (req.outboundApi) {
// Bad request. For OpenAI, this is usually due to prompt length.
// For Anthropic, this is usually due to missing preamble.
switch (service) {
case "openai":
case "openai-text":
case "google-palm":
errorPayload.proxy_note = `Upstream service rejected the request as invalid. Your prompt may be too long for ${req.body?.model}.`;
break;
case "anthropic":
case "aws":
maybeHandleMissingPreambleError(req, errorPayload);
break;
default:
assertNever(req.outboundApi);
assertNever(service);
}
} else if (statusCode === 401) {
// Key is invalid or was revoked
keyPool.disable(req.key!, "revoked");
errorPayload.proxy_note = `API key is invalid or revoked. ${tryAgainMessage}`;
} else if (statusCode === 403) {
// Amazon is the only service that returns 403.
switch (errorType) {
case "UnrecognizedClientException":
// Key is invalid.
keyPool.disable(req.key!, "revoked");
errorPayload.proxy_note = `API key is invalid or revoked. ${tryAgainMessage}`;
break;
case "AccessDeniedException":
req.log.error(
{ key: req.key?.hash, model: req.body?.model },
"Disabling key due to AccessDeniedException when invoking model. If credentials are valid, check IAM permissions."
);
keyPool.disable(req.key!, "revoked");
errorPayload.proxy_note = `API key doesn't have access to the requested resource.`;
break;
default:
errorPayload.proxy_note = `Received 403 error. Key may be invalid.`;
}
} else if (statusCode === 429) {
switch (req.outboundApi) {
switch (service) {
case "openai":
case "openai-text":
handleOpenAIRateLimitError(req, tryAgainMessage, errorPayload);
break;
case "anthropic":
handleAnthropicRateLimitError(req, errorPayload);
break;
case "aws":
handleAwsRateLimitError(req, errorPayload);
break;
case "google-palm":
throw new Error("Rate limit handling not implemented for PaLM");
default:
assertNever(req.outboundApi);
assertNever(service);
}
} else if (statusCode === 404) {
// Most likely model not found
switch (req.outboundApi) {
switch (service) {
case "openai":
case "openai-text":
if (errorPayload.error?.code === "model_not_found") {
const requestedModel = req.body.model;
const modelFamily = getOpenAIModelFamily(requestedModel);
@@ -328,8 +354,11 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
case "google-palm":
errorPayload.proxy_note = `The requested Google PaLM model might not exist, or the key might not be provisioned for it.`;
break;
case "aws":
errorPayload.proxy_note = `The requested AWS resource might not exist, or the key might not have access to it.`;
break;
default:
assertNever(req.outboundApi);
assertNever(service);
}
} else {
errorPayload.proxy_note = `Unrecognized error from upstream service.`;
@@ -344,7 +373,7 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
}
writeErrorResponse(req, res, statusCode, errorPayload);
throw new Error(errorPayload.error?.message);
throw new HttpError(statusCode, errorPayload.error?.message);
};
/**
@@ -368,7 +397,7 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
*/
function maybeHandleMissingPreambleError(
req: Request,
errorPayload: Record<string, any>
errorPayload: ProxiedErrorPayload
) {
if (
errorPayload.error?.type === "invalid_request_error" &&
@@ -378,7 +407,7 @@ function maybeHandleMissingPreambleError(
{ key: req.key?.hash },
"Request failed due to missing preamble. Key will be marked as such for subsequent requests."
);
keyPool.update(req.key!, { requiresPreamble: true });
keyPool.update(req.key as AnthropicKey, { requiresPreamble: true });
reenqueueRequest(req);
throw new RetryableError("Claude request re-enqueued to add preamble.");
} else {
@@ -388,7 +417,7 @@ function maybeHandleMissingPreambleError(
function handleAnthropicRateLimitError(
req: Request,
errorPayload: Record<string, any>
errorPayload: ProxiedErrorPayload
) {
if (errorPayload.error?.type === "rate_limit_error") {
keyPool.markRateLimited(req.key!);
@@ -399,35 +428,55 @@ function handleAnthropicRateLimitError(
}
}
function handleAwsRateLimitError(
req: Request,
errorPayload: ProxiedErrorPayload
) {
const errorType = errorPayload.error?.type;
switch (errorType) {
case "ThrottlingException":
keyPool.markRateLimited(req.key!);
reenqueueRequest(req);
throw new RetryableError("AWS rate-limited request re-enqueued.");
case "ModelNotReadyException":
errorPayload.proxy_note = `The requested model is overloaded. Try again in a few seconds.`;
break;
default:
errorPayload.proxy_note = `Unrecognized rate limit error from AWS. (${errorType})`;
}
}
function handleOpenAIRateLimitError(
req: Request,
tryAgainMessage: string,
errorPayload: Record<string, any>
errorPayload: ProxiedErrorPayload
): Record<string, any> {
const type = errorPayload.error?.type;
if (type === "insufficient_quota") {
// Billing quota exceeded (key is dead, disable it)
keyPool.disable(req.key!, "quota");
errorPayload.proxy_note = `Assigned key's quota has been exceeded. ${tryAgainMessage}`;
} else if (type === "access_terminated") {
// Account banned (key is dead, disable it)
keyPool.disable(req.key!, "revoked");
errorPayload.proxy_note = `Assigned key has been banned by OpenAI for policy violations. ${tryAgainMessage}`;
} else if (type === "billing_not_active") {
// Billing is not active (key is dead, disable it)
keyPool.disable(req.key!, "revoked");
errorPayload.proxy_note = `Assigned key was deactivated by OpenAI. ${tryAgainMessage}`;
} else if (type === "requests" || type === "tokens") {
// Per-minute request or token rate limit is exceeded, which we can retry
keyPool.markRateLimited(req.key!);
// I'm aware this is confusing -- throwing this class of error will cause
// the proxy response handler to return without terminating the request,
// so that it can be placed back in the queue.
reenqueueRequest(req);
throw new RetryableError("Rate-limited request re-enqueued.");
} else {
// OpenAI probably overloaded
errorPayload.proxy_note = `This is likely a temporary error with OpenAI. Try again in a few seconds.`;
switch (type) {
case "insufficient_quota":
// Billing quota exceeded (key is dead, disable it)
keyPool.disable(req.key!, "quota");
errorPayload.proxy_note = `Assigned key's quota has been exceeded. ${tryAgainMessage}`;
break;
case "access_terminated":
// Account banned (key is dead, disable it)
keyPool.disable(req.key!, "revoked");
errorPayload.proxy_note = `Assigned key has been banned by OpenAI for policy violations. ${tryAgainMessage}`;
break;
case "billing_not_active":
// Key valid but account billing is delinquent
keyPool.disable(req.key!, "quota");
errorPayload.proxy_note = `Assigned key has been disabled due to delinquent billing. ${tryAgainMessage}`;
break;
case "requests":
case "tokens":
// Per-minute request or token rate limit is exceeded, which we can retry
keyPool.markRateLimited(req.key!);
reenqueueRequest(req);
throw new RetryableError("Rate-limited request re-enqueued.");
default:
errorPayload.proxy_note = `This is likely a temporary error with OpenAI. Try again in a few seconds.`;
break;
}
return errorPayload;
}
@@ -455,12 +504,9 @@ const countResponseTokens: ProxyResHandlerWithBody = async (
// seeing errors in this function, check the reassembled response body from
// handleStreamedResponse to see if the upstream API has changed.
try {
if (typeof body !== "object") {
throw new Error("Expected body to be an object");
}
assertJsonResponse(body);
const service = req.outboundApi;
const { completion } = getCompletionForService({ req, service, body });
const completion = getCompletionFromBody(req, body);
const tokens = await countTokens({ req, completion, service });
req.log.debug(
@@ -473,7 +519,7 @@ const countResponseTokens: ProxyResHandlerWithBody = async (
req.outputTokens = tokens.token_count;
} catch (error) {
req.log.error(
req.log.warn(
error,
"Error while counting completion tokens; assuming `max_output_tokens`"
);
@@ -505,3 +551,14 @@ const copyHttpHeaders: ProxyResHandlerWithBody = async (
res.setHeader(key, proxyRes.headers[key] as string);
});
};
function getAwsErrorType(header: string | string[] | undefined) {
const val = String(header).match(/^(\w+):?/)?.[1];
return val || String(header);
}
function assertJsonResponse(body: any): asserts body is Record<string, any> {
if (typeof body !== "object") {
throw new Error("Expected response to be an object");
}
}
src/proxy/middleware/response/log-prompt.ts
+9 -7
View File
@@ -1,7 +1,11 @@
import { Request } from "express";
import { config } from "../../../config";
import { logQueue } from "../../../shared/prompt-logging";
import { getCompletionForService, isCompletionRequest } from "../common";
import {
getCompletionFromBody,
getModelFromBody,
isCompletionRequest,
} from "../common";
import { ProxyResHandlerWithBody } from ".";
import { assertNever } from "../../../shared/utils";
@@ -25,17 +29,15 @@ export const logPrompt: ProxyResHandlerWithBody = async (
const promptPayload = getPromptForRequest(req);
const promptFlattened = flattenMessages(promptPayload);
const response = getCompletionForService({
service: req.outboundApi,
body: responseBody,
});
const response = getCompletionFromBody(req, responseBody);
const model = getModelFromBody(req, responseBody);
logQueue.enqueue({
endpoint: req.inboundApi,
promptRaw: JSON.stringify(promptPayload),
promptFlattened,
model: response.model, // may differ from the requested model
response: response.completion,
model,
response,
});
};
src/proxy/middleware/response/streaming/aggregators/anthropic.ts
+48
View File
@@ -0,0 +1,48 @@
import { OpenAIChatCompletionStreamEvent } from "../index";
export type AnthropicCompletionResponse = {
completion: string;
stop_reason: string;
truncated: boolean;
stop: any;
model: string;
log_id: string;
exception: null;
};
/**
* Given a list of OpenAI chat completion events, compiles them into a single
* finalized Anthropic completion response so that non-streaming middleware
* can operate on it as if it were a blocking response.
*/
export function mergeEventsForAnthropic(
events: OpenAIChatCompletionStreamEvent[]
): AnthropicCompletionResponse {
let merged: AnthropicCompletionResponse = {
log_id: "",
exception: null,
model: "",
completion: "",
stop_reason: "",
truncated: false,
stop: null,
};
merged = events.reduce((acc, event, i) => {
// The first event will only contain role assignment and response metadata
if (i === 0) {
acc.log_id = event.id;
acc.model = event.model;
acc.completion = "";
acc.stop_reason = "";
return acc;
}
acc.stop_reason = event.choices[0].finish_reason ?? "";
if (event.choices[0].delta.content) {
acc.completion += event.choices[0].delta.content;
}
return acc;
}, merged);
return merged;
}
src/proxy/middleware/response/streaming/aggregators/openai-chat.ts
+58
View File
@@ -0,0 +1,58 @@
import { OpenAIChatCompletionStreamEvent } from "../index";
export type OpenAiChatCompletionResponse = {
id: string;
object: string;
created: number;
model: string;
choices: {
message: { role: string; content: string };
finish_reason: string | null;
index: number;
}[];
};
/**
* Given a list of OpenAI chat completion events, compiles them into a single
* finalized OpenAI chat completion response so that non-streaming middleware
* can operate on it as if it were a blocking response.
*/
export function mergeEventsForOpenAIChat(
events: OpenAIChatCompletionStreamEvent[]
): OpenAiChatCompletionResponse {
let merged: OpenAiChatCompletionResponse = {
id: "",
object: "",
created: 0,
model: "",
choices: [],
};
merged = events.reduce((acc, event, i) => {
// The first event will only contain role assignment and response metadata
if (i === 0) {
acc.id = event.id;
acc.object = event.object;
acc.created = event.created;
acc.model = event.model;
acc.choices = [
{
index: 0,
message: {
role: event.choices[0].delta.role ?? "assistant",
content: "",
},
finish_reason: null,
},
];
return acc;
}
acc.choices[0].finish_reason = event.choices[0].finish_reason;
if (event.choices[0].delta.content) {
acc.choices[0].message.content += event.choices[0].delta.content;
}
return acc;
}, merged);
return merged;
}
src/proxy/middleware/response/streaming/aggregators/openai-text.ts
+57
View File
@@ -0,0 +1,57 @@
import { OpenAIChatCompletionStreamEvent } from "../index";
export type OpenAiTextCompletionResponse = {
id: string;
object: string;
created: number;
model: string;
choices: {
text: string;
finish_reason: string | null;
index: number;
logprobs: null;
}[];
};
/**
* Given a list of OpenAI chat completion events, compiles them into a single
* finalized OpenAI text completion response so that non-streaming middleware
* can operate on it as if it were a blocking response.
*/
export function mergeEventsForOpenAIText(
events: OpenAIChatCompletionStreamEvent[]
): OpenAiTextCompletionResponse {
let merged: OpenAiTextCompletionResponse = {
id: "",
object: "",
created: 0,
model: "",
choices: [],
};
merged = events.reduce((acc, event, i) => {
// The first event will only contain role assignment and response metadata
if (i === 0) {
acc.id = event.id;
acc.object = event.object;
acc.created = event.created;
acc.model = event.model;
acc.choices = [
{
text: "",
index: 0,
finish_reason: null,
logprobs: null,
},
];
return acc;
}
acc.choices[0].finish_reason = event.choices[0].finish_reason;
if (event.choices[0].delta.content) {
acc.choices[0].text += event.choices[0].delta.content;
}
return acc;
}, merged);
return merged;
}
src/proxy/middleware/response/streaming/event-aggregator.ts
+41
View File
@@ -0,0 +1,41 @@
import { APIFormat } from "../../../../shared/key-management";
import { assertNever } from "../../../../shared/utils";
import {
mergeEventsForAnthropic,
mergeEventsForOpenAIChat,
mergeEventsForOpenAIText,
OpenAIChatCompletionStreamEvent,
} from "./index";
/**
* Collects SSE events containing incremental chat completion responses and
* compiles them into a single finalized response for downstream middleware.
*/
export class EventAggregator {
private readonly format: APIFormat;
private readonly events: OpenAIChatCompletionStreamEvent[];
constructor({ format }: { format: APIFormat }) {
this.events = [];
this.format = format;
}
addEvent(event: OpenAIChatCompletionStreamEvent) {
this.events.push(event);
}
getFinalResponse() {
switch (this.format) {
case "openai":
return mergeEventsForOpenAIChat(this.events);
case "openai-text":
return mergeEventsForOpenAIText(this.events);
case "anthropic":
return mergeEventsForAnthropic(this.events);
case "google-palm":
throw new Error("Google PaLM API does not support streaming responses");
default:
assertNever(this.format);
}
}
}
src/proxy/middleware/response/streaming/index.ts
+30
View File
@@ -0,0 +1,30 @@
export type SSEResponseTransformArgs = {
data: string;
lastPosition: number;
index: number;
fallbackId: string;
fallbackModel: string;
};
export type OpenAIChatCompletionStreamEvent = {
id: string;
object: "chat.completion.chunk";
created: number;
model: string;
choices: {
index: number;
delta: { role?: string; content?: string };
finish_reason: string | null;
}[];
}
export type StreamingCompletionTransformer = (
params: SSEResponseTransformArgs
) => { position: number; event?: OpenAIChatCompletionStreamEvent };
export { openAITextToOpenAIChat } from "./transformers/openai-text-to-openai";
export { anthropicV1ToOpenAI } from "./transformers/anthropic-v1-to-openai";
export { anthropicV2ToOpenAI } from "./transformers/anthropic-v2-to-openai";
export { mergeEventsForOpenAIChat } from "./aggregators/openai-chat";
export { mergeEventsForOpenAIText } from "./aggregators/openai-text";
export { mergeEventsForAnthropic } from "./aggregators/anthropic";
src/proxy/middleware/response/streaming/parse-sse.ts
+29
View File
@@ -0,0 +1,29 @@
export type ServerSentEvent = { id?: string; type?: string; data: string };
/** Given a string of SSE data, parse it into a `ServerSentEvent` object. */
export function parseEvent(event: string) {
const buffer: ServerSentEvent = { data: "" };
return event.split(/\r?\n/).reduce(parseLine, buffer)
}
function parseLine(event: ServerSentEvent, line: string) {
const separator = line.indexOf(":");
const field = separator === -1 ? line : line.slice(0,separator);
const value = separator === -1 ? "" : line.slice(separator + 1);
switch (field) {
case 'id':
event.id = value.trim()
break
case 'event':
event.type = value.trim()
break
case 'data':
event.data += value.trimStart()
break
default:
break
}
return event
}
src/proxy/middleware/response/streaming/sse-message-transformer.ts
+123
View File
@@ -0,0 +1,123 @@
import { Transform, TransformOptions } from "stream";
import { logger } from "../../../../logger";
import { APIFormat } from "../../../../shared/key-management";
import { assertNever } from "../../../../shared/utils";
import {
anthropicV1ToOpenAI,
anthropicV2ToOpenAI,
OpenAIChatCompletionStreamEvent,
openAITextToOpenAIChat,
StreamingCompletionTransformer,
} from "./index";
import { passthroughToOpenAI } from "./transformers/passthrough-to-openai";
const genlog = logger.child({ module: "sse-transformer" });
type SSEMessageTransformerOptions = TransformOptions & {
requestedModel: string;
requestId: string;
inputFormat: APIFormat;
inputApiVersion?: string;
logger?: typeof logger;
};
/**
* Transforms SSE messages from one API format to OpenAI chat.completion.chunks.
* Emits the original string SSE message as an "originalMessage" event.
*/
export class SSEMessageTransformer extends Transform {
private lastPosition: number;
private msgCount: number;
private readonly transformFn: StreamingCompletionTransformer;
private readonly log;
private readonly fallbackId: string;
private readonly fallbackModel: string;
constructor(options: SSEMessageTransformerOptions) {
super({ ...options, readableObjectMode: true });
this.log = options.logger?.child({ module: "sse-transformer" }) ?? genlog;
this.lastPosition = 0;
this.msgCount = 0;
this.transformFn = getTransformer(
options.inputFormat,
options.inputApiVersion
);
this.fallbackId = options.requestId;
this.fallbackModel = options.requestedModel;
this.log.debug(
{
fn: this.transformFn.name,
format: options.inputFormat,
version: options.inputApiVersion,
},
"Selected SSE transformer"
);
}
_transform(chunk: Buffer, _encoding: BufferEncoding, callback: Function) {
try {
const originalMessage = chunk.toString();
const { event: transformedMessage, position: newPosition } =
this.transformFn({
data: originalMessage,
lastPosition: this.lastPosition,
index: this.msgCount++,
fallbackId: this.fallbackId,
fallbackModel: this.fallbackModel,
});
this.lastPosition = newPosition;
this.emit("originalMessage", originalMessage);
// Some events may not be transformed, e.g. ping events
if (!transformedMessage) return callback();
if (this.msgCount === 1) {
this.push(createInitialMessage(transformedMessage));
}
this.push(transformedMessage);
callback();
} catch (err) {
this.log.error(err, "Error transforming SSE message");
callback(err);
}
}
}
function getTransformer(
responseApi: APIFormat,
version?: string
): StreamingCompletionTransformer {
switch (responseApi) {
case "openai":
return passthroughToOpenAI;
case "openai-text":
return openAITextToOpenAIChat;
case "anthropic":
return version === "2023-01-01"
? anthropicV1ToOpenAI
: anthropicV2ToOpenAI;
case "google-palm":
throw new Error("Google PaLM does not support streaming responses");
default:
assertNever(responseApi);
}
}
/**
* OpenAI streaming chat completions start with an event that contains only the
* metadata and role (always 'assistant') for the response. To simulate this
* for APIs where the first event contains actual content, we create a fake
* initial event with no content but correct metadata.
*/
function createInitialMessage(
event: OpenAIChatCompletionStreamEvent
): OpenAIChatCompletionStreamEvent {
return {
...event,
choices: event.choices.map((choice) => ({
...choice,
delta: { role: "assistant", content: "" },
})),
};
}
src/proxy/middleware/response/streaming/sse-stream-adapter.ts
+97
View File
@@ -0,0 +1,97 @@
import { Transform, TransformOptions } from "stream";
// @ts-ignore
import { Parser } from "lifion-aws-event-stream";
import { logger } from "../../../../logger";
const log = logger.child({ module: "sse-stream-adapter" });
type SSEStreamAdapterOptions = TransformOptions & { contentType?: string };
type AwsEventStreamMessage = {
headers: { ":message-type": "event" | "exception" };
payload: { message?: string /** base64 encoded */; bytes?: string };
};
/**
* Receives either text chunks or AWS binary event stream chunks and emits
* full SSE events.
*/
export class SSEStreamAdapter extends Transform {
private readonly isAwsStream;
private parser = new Parser();
private partialMessage = "";
constructor(options?: SSEStreamAdapterOptions) {
super(options);
this.isAwsStream =
options?.contentType === "application/vnd.amazon.eventstream";
this.parser.on("data", (data: AwsEventStreamMessage) => {
const message = this.processAwsEvent(data);
if (message) {
this.push(Buffer.from(message + "\n\n"), "utf8");
}
});
}
protected processAwsEvent(event: AwsEventStreamMessage): string | null {
const { payload, headers } = event;
if (headers[":message-type"] === "exception" || !payload.bytes) {
log.error(
{ event: JSON.stringify(event) },
"Received bad streaming event from AWS"
);
const message = JSON.stringify(event);
return getFakeErrorCompletion("proxy AWS error", message);
} else {
const { bytes } = payload;
// technically this is a transformation but we don't really distinguish
// between aws claude and anthropic claude at the APIFormat level, so
// these will short circuit the message transformer
return [
"event: completion",
`data: ${Buffer.from(bytes, "base64").toString("utf8")}`,
].join("\n");
}
}
_transform(chunk: Buffer, _encoding: BufferEncoding, callback: Function) {
try {
if (this.isAwsStream) {
this.parser.write(chunk);
} else {
// We may receive multiple (or partial) SSE messages in a single chunk,
// so we need to buffer and emit separate stream events for full
// messages so we can parse/transform them properly.
const str = chunk.toString("utf8");
const fullMessages = (this.partialMessage + str).split(/\r?\n\r?\n/);
this.partialMessage = fullMessages.pop() || "";
for (const message of fullMessages) {
// Mixing line endings will break some clients and our request queue
// will have already sent \n for heartbeats, so we need to normalize
// to \n.
this.push(message.replace(/\r\n/g, "\n") + "\n\n");
}
}
callback();
} catch (error) {
this.emit("error", error);
callback(error);
}
}
}
function getFakeErrorCompletion(type: string, message: string) {
const content = `\`\`\`\n[${type}: ${message}]\n\`\`\`\n`;
const fakeEvent = JSON.stringify({
log_id: "aws-proxy-sse-message",
stop_reason: type,
completion:
"\nProxy encountered an error during streaming response.\n" + content,
truncated: false,
stop: null,
model: "",
});
return ["event: completion", `data: ${fakeEvent}\n\n`].join("\n");
}
src/proxy/middleware/response/streaming/transformers/anthropic-v1-to-openai.ts
+67
View File
@@ -0,0 +1,67 @@
import { StreamingCompletionTransformer } from "../index";
import { parseEvent, ServerSentEvent } from "../parse-sse";
import { logger } from "../../../../../logger";
const log = logger.child({
module: "sse-transformer",
transformer: "anthropic-v1-to-openai",
});
type AnthropicV1StreamEvent = {
log_id?: string;
model?: string;
completion: string;
stop_reason: string;
};
/**
* Transforms an incoming Anthropic SSE (2023-01-01 API) to an equivalent
* OpenAI chat.completion.chunk SSE.
*/
export const anthropicV1ToOpenAI: StreamingCompletionTransformer = (params) => {
const { data, lastPosition } = params;
const rawEvent = parseEvent(data);
if (!rawEvent.data || rawEvent.data === "[DONE]") {
return { position: lastPosition };
}
const completionEvent = asCompletion(rawEvent);
if (!completionEvent) {
return { position: lastPosition };
}
// Anthropic sends the full completion so far with each event whereas OpenAI
// only sends the delta. To make the SSE events compatible, we remove
// everything before `lastPosition` from the completion.
const newEvent = {
id: "ant-" + (completionEvent.log_id ?? params.fallbackId),
object: "chat.completion.chunk" as const,
created: Date.now(),
model: completionEvent.model ?? params.fallbackModel,
choices: [
{
index: 0,
delta: { content: completionEvent.completion?.slice(lastPosition) },
finish_reason: completionEvent.stop_reason,
},
],
};
return { position: completionEvent.completion.length, event: newEvent };
};
function asCompletion(event: ServerSentEvent): AnthropicV1StreamEvent | null {
try {
const parsed = JSON.parse(event.data);
if (parsed.completion !== undefined && parsed.stop_reason !== undefined) {
return parsed;
} else {
// noinspection ExceptionCaughtLocallyJS
throw new Error("Missing required fields");
}
} catch (error) {
log.warn({ error: error.stack, event }, "Received invalid event");
}
return null;
}
src/proxy/middleware/response/streaming/transformers/anthropic-v2-to-openai.ts
+66
View File
@@ -0,0 +1,66 @@
import { StreamingCompletionTransformer } from "../index";
import { parseEvent, ServerSentEvent } from "../parse-sse";
import { logger } from "../../../../../logger";
const log = logger.child({
module: "sse-transformer",
transformer: "anthropic-v2-to-openai",
});
type AnthropicV2StreamEvent = {
log_id?: string;
model?: string;
completion: string;
stop_reason: string;
};
/**
* Transforms an incoming Anthropic SSE (2023-06-01 API) to an equivalent
* OpenAI chat.completion.chunk SSE.
*/
export const anthropicV2ToOpenAI: StreamingCompletionTransformer = (params) => {
const { data } = params;
const rawEvent = parseEvent(data);
if (!rawEvent.data || rawEvent.data === "[DONE]") {
return { position: -1 };
}
const completionEvent = asCompletion(rawEvent);
if (!completionEvent) {
return { position: -1 };
}
const newEvent = {
id: "ant-" + (completionEvent.log_id ?? params.fallbackId),
object: "chat.completion.chunk" as const,
created: Date.now(),
model: completionEvent.model ?? params.fallbackModel,
choices: [
{
index: 0,
delta: { content: completionEvent.completion },
finish_reason: completionEvent.stop_reason,
},
],
};
return { position: completionEvent.completion.length, event: newEvent };
};
function asCompletion(event: ServerSentEvent): AnthropicV2StreamEvent | null {
if (event.type === "ping") return null;
try {
const parsed = JSON.parse(event.data);
if (parsed.completion !== undefined && parsed.stop_reason !== undefined) {
return parsed;
} else {
// noinspection ExceptionCaughtLocallyJS
throw new Error("Missing required fields");
}
} catch (error) {
log.warn({ error: error.stack, event }, "Received invalid event");
}
return null;
}
src/proxy/middleware/response/streaming/transformers/openai-text-to-openai.ts
+68
View File
@@ -0,0 +1,68 @@
import { SSEResponseTransformArgs } from "../index";
import { parseEvent, ServerSentEvent } from "../parse-sse";
import { logger } from "../../../../../logger";
const log = logger.child({
module: "sse-transformer",
transformer: "openai-text-to-openai",
});
type OpenAITextCompletionStreamEvent = {
id: string;
object: "text_completion";
created: number;
choices: {
text: string;
index: number;
logprobs: null;
finish_reason: string | null;
}[];
model: string;
};
export const openAITextToOpenAIChat = (params: SSEResponseTransformArgs) => {
const { data } = params;
const rawEvent = parseEvent(data);
if (!rawEvent.data || rawEvent.data === "[DONE]") {
return { position: -1 };
}
const completionEvent = asCompletion(rawEvent);
if (!completionEvent) {
return { position: -1 };
}
const newEvent = {
id: completionEvent.id,
object: "chat.completion.chunk" as const,
created: completionEvent.created,
model: completionEvent.model,
choices: [
{
index: completionEvent.choices[0].index,
delta: { content: completionEvent.choices[0].text },
finish_reason: completionEvent.choices[0].finish_reason,
},
],
};
return { position: -1, event: newEvent };
};
function asCompletion(
event: ServerSentEvent
): OpenAITextCompletionStreamEvent | null {
try {
const parsed = JSON.parse(event.data);
if (Array.isArray(parsed.choices) && parsed.choices[0].text !== undefined) {
return parsed;
} else {
// noinspection ExceptionCaughtLocallyJS
throw new Error("Missing required fields");
}
} catch (error) {
log.warn({ error: error.stack, event }, "Received invalid data event");
}
return null;
}
src/proxy/middleware/response/streaming/transformers/passthrough-to-openai.ts
+38
View File
@@ -0,0 +1,38 @@
import {
OpenAIChatCompletionStreamEvent,
SSEResponseTransformArgs,
} from "../index";
import { parseEvent, ServerSentEvent } from "../parse-sse";
import { logger } from "../../../../../logger";
const log = logger.child({
module: "sse-transformer",
transformer: "openai-to-openai",
});
export const passthroughToOpenAI = (params: SSEResponseTransformArgs) => {
const { data } = params;
const rawEvent = parseEvent(data);
if (!rawEvent.data || rawEvent.data === "[DONE]") {
return { position: -1 };
}
const completionEvent = asCompletion(rawEvent);
if (!completionEvent) {
return { position: -1 };
}
return { position: -1, event: completionEvent };
};
function asCompletion(
event: ServerSentEvent
): OpenAIChatCompletionStreamEvent | null {
try {
return JSON.parse(event.data);
} catch (error) {
log.warn({ error: error.stack, event }, "Received invalid event");
}
return null;
}
src/proxy/openai.ts
+58 -60
View File
@@ -1,5 +1,4 @@
import { RequestHandler, Request, Router } from "express";
import * as http from "http";
import { RequestHandler, Router } from "express";
import { createProxyMiddleware } from "http-proxy-middleware";
import { config } from "../config";
import { keyPool } from "../shared/key-management";
@@ -15,13 +14,17 @@ import { handleProxyError } from "./middleware/common";
import {
RequestPreprocessor,
addKey,
addKeyForEmbeddingsRequest,
applyQuotaLimits,
blockZoomerOrigins,
createEmbeddingsPreprocessorMiddleware,
createPreprocessorMiddleware,
finalizeBody,
forceModel,
languageFilter,
limitCompletions,
removeOriginHeaders,
stripHeaders,
createOnProxyReqHandler,
} from "./middleware/request";
import {
createOnProxyResHandler,
@@ -51,6 +54,7 @@ function getModelsResponse() {
"gpt-3.5-turbo-16k-0613",
"gpt-3.5-turbo-instruct",
"gpt-3.5-turbo-instruct-0914",
"text-embedding-ada-002",
];
let available = new Set<OpenAIModelFamily>();
@@ -113,31 +117,6 @@ const rewriteForTurboInstruct: RequestPreprocessor = (req) => {
req.url = "/v1/completions";
};
const rewriteRequest = (
proxyReq: http.ClientRequest,
req: Request,
res: http.ServerResponse
) => {
const rewriterPipeline = [
applyQuotaLimits,
addKey,
languageFilter,
limitCompletions,
blockZoomerOrigins,
removeOriginHeaders,
finalizeBody,
];
try {
for (const rewriter of rewriterPipeline) {
rewriter(proxyReq, req, res, {});
}
} catch (error) {
req.log.error(error, "Error while executing proxy rewriter");
proxyReq.destroy(error as Error);
}
};
const openaiResponseHandler: ProxyResHandlerWithBody = async (
_proxyRes,
req,
@@ -188,63 +167,82 @@ const openaiProxy = createQueueMiddleware(
createProxyMiddleware({
target: "https://api.openai.com",
changeOrigin: true,
selfHandleResponse: true,
logger,
on: {
proxyReq: rewriteRequest,
proxyReq: createOnProxyReqHandler({
pipeline: [
applyQuotaLimits,
addKey,
languageFilter,
limitCompletions,
blockZoomerOrigins,
stripHeaders,
finalizeBody,
],
}),
proxyRes: createOnProxyResHandler([openaiResponseHandler]),
error: handleProxyError,
},
selfHandleResponse: true,
logger,
})
);
const openaiRouter = Router();
// Fix paths because clients don't consistently use the /v1 prefix.
openaiRouter.use((req, _res, next) => {
if (!req.path.startsWith("/v1/")) {
req.url = `/v1${req.url}`;
}
next();
const openaiEmbeddingsProxy = createProxyMiddleware({
target: "https://api.openai.com",
changeOrigin: true,
selfHandleResponse: false,
logger,
on: {
proxyReq: createOnProxyReqHandler({
pipeline: [addKeyForEmbeddingsRequest, stripHeaders, finalizeBody],
}),
error: handleProxyError,
},
});
openaiRouter.get("/v1/models", handleModelRequest);
const openaiRouter = Router();
openaiRouter.get("/v1/models", handleModelRequest);
// Native text completion endpoint, only for turbo-instruct.
openaiRouter.post(
"/v1/completions",
ipLimiter,
createPreprocessorMiddleware({ inApi: "openai-text", outApi: "openai-text" }),
createPreprocessorMiddleware({
inApi: "openai-text",
outApi: "openai-text",
service: "openai",
}),
openaiProxy
);
// turbo-instruct compatibility endpoint, accepts either prompt or messages
openaiRouter.post(
/\/v1\/turbo\-instruct\/(v1\/)?chat\/completions/,
/\/v1\/turbo-instruct\/(v1\/)?chat\/completions/,
ipLimiter,
createPreprocessorMiddleware({ inApi: "openai", outApi: "openai-text" }, [
rewriteForTurboInstruct,
]),
createPreprocessorMiddleware(
{ inApi: "openai", outApi: "openai-text", service: "openai" },
{
beforeTransform: [rewriteForTurboInstruct],
afterTransform: [forceModel("gpt-3.5-turbo-instruct")],
}
),
openaiProxy
);
// General chat completion endpoint. Turbo-instruct is not supported here.
openaiRouter.post(
"/v1/chat/completions",
ipLimiter,
createPreprocessorMiddleware({ inApi: "openai", outApi: "openai" }),
createPreprocessorMiddleware({
inApi: "openai",
outApi: "openai",
service: "openai",
}),
openaiProxy
);
// Redirect browser requests to the homepage.
openaiRouter.get("*", (req, res, next) => {
const isBrowser = req.headers["user-agent"]?.includes("Mozilla");
if (isBrowser) {
res.redirect("/");
} else {
next();
}
});
openaiRouter.use((req, res) => {
req.log.warn(`Blocked openai proxy request: ${req.method} ${req.path}`);
res.status(404).json({ error: "Not found" });
});
// Embeddings endpoint.
openaiRouter.post(
"/v1/embeddings",
ipLimiter,
createEmbeddingsPreprocessorMiddleware(),
openaiEmbeddingsProxy
);
export const openai = openaiRouter;
src/proxy/palm.ts
+43 -67
View File
@@ -1,6 +1,7 @@
import { Request, RequestHandler, Router } from "express";
import * as http from "http";
import { createProxyMiddleware } from "http-proxy-middleware";
import { v4 } from "uuid";
import { config } from "../config";
import { logger } from "../logger";
import { createQueueMiddleware } from "./queue";
@@ -10,16 +11,17 @@ import {
addKey,
applyQuotaLimits,
blockZoomerOrigins,
createOnProxyReqHandler,
createPreprocessorMiddleware,
finalizeBody,
forceModel,
languageFilter,
removeOriginHeaders,
stripHeaders,
} from "./middleware/request";
import {
ProxyResHandlerWithBody,
createOnProxyResHandler,
ProxyResHandlerWithBody,
} from "./middleware/response";
import { v4 } from "uuid";
let modelsCache: any = null;
let modelsCacheTime = 0;
@@ -53,50 +55,6 @@ const handleModelRequest: RequestHandler = (_req, res) => {
res.status(200).json(getModelsResponse());
};
const rewritePalmRequest = (
proxyReq: http.ClientRequest,
req: Request,
res: http.ServerResponse
) => {
if (req.body.stream) {
throw new Error("Google PaLM API doesn't support streaming requests");
}
// PaLM API specifies the model in the URL path, not the request body. This
// doesn't work well with our rewriter architecture, so we need to manually
// fix it here.
// POST https://generativelanguage.googleapis.com/v1beta2/{model=models/*}:generateText
// POST https://generativelanguage.googleapis.com/v1beta2/{model=models/*}:generateMessage
// The chat api (generateMessage) is not very useful at this time as it has
// few params and no adjustable safety settings.
const newProxyReqPath = proxyReq.path.replace(
/^\/v1\/chat\/completions/,
`/v1beta2/models/${req.body.model}:generateText`
);
proxyReq.path = newProxyReqPath;
const rewriterPipeline = [
applyQuotaLimits,
addKey,
languageFilter,
blockZoomerOrigins,
removeOriginHeaders,
finalizeBody,
];
try {
for (const rewriter of rewriterPipeline) {
rewriter(proxyReq, req, res, {});
}
} catch (error) {
req.log.error(error, "Error while executing proxy rewriter");
proxyReq.destroy(error as Error);
}
};
/** Only used for non-streaming requests. */
const palmResponseHandler: ProxyResHandlerWithBody = async (
_proxyRes,
@@ -164,44 +122,62 @@ function transformPalmResponse(
};
}
function reassignPathForPalmModel(proxyReq: http.ClientRequest, req: Request) {
if (req.body.stream) {
throw new Error("Google PaLM API doesn't support streaming requests");
}
// PaLM API specifies the model in the URL path, not the request body. This
// doesn't work well with our rewriter architecture, so we need to manually
// fix it here.
// POST https://generativelanguage.googleapis.com/v1beta2/{model=models/*}:generateText
// POST https://generativelanguage.googleapis.com/v1beta2/{model=models/*}:generateMessage
// The chat api (generateMessage) is not very useful at this time as it has
// few params and no adjustable safety settings.
proxyReq.path = proxyReq.path.replace(
/^\/v1\/chat\/completions/,
`/v1beta2/models/${req.body.model}:generateText`
);
}
const googlePalmProxy = createQueueMiddleware(
createProxyMiddleware({
target: "https://generativelanguage.googleapis.com",
changeOrigin: true,
selfHandleResponse: true,
logger,
on: {
proxyReq: rewritePalmRequest,
proxyReq: createOnProxyReqHandler({
beforeRewrite: [reassignPathForPalmModel],
pipeline: [
applyQuotaLimits,
addKey,
languageFilter,
blockZoomerOrigins,
stripHeaders,
finalizeBody,
],
}),
proxyRes: createOnProxyResHandler([palmResponseHandler]),
error: handleProxyError,
},
selfHandleResponse: true,
logger,
})
);
const palmRouter = Router();
// Fix paths because clients don't consistently use the /v1 prefix.
palmRouter.use((req, _res, next) => {
if (!req.path.startsWith("/v1/")) {
req.url = `/v1${req.url}`;
}
next();
});
palmRouter.get("/v1/models", handleModelRequest);
// OpenAI-to-Google PaLM compatibility endpoint.
palmRouter.post(
"/v1/chat/completions",
ipLimiter,
createPreprocessorMiddleware({ inApi: "openai", outApi: "google-palm" }),
createPreprocessorMiddleware(
{ inApi: "openai", outApi: "google-palm", service: "google-palm" },
{ afterTransform: [forceModel("text-bison-001")] }
),
googlePalmProxy
);
// Redirect browser requests to the homepage.
palmRouter.get("*", (req, res, next) => {
const isBrowser = req.headers["user-agent"]?.includes("Mozilla");
if (isBrowser) {
res.redirect("/");
} else {
next();
}
});
export const googlePalm = palmRouter;
src/proxy/queue.ts
+28 -29
View File
@@ -16,23 +16,23 @@
*/
import type { Handler, Request } from "express";
import { keyPool, SupportedModel } from "../shared/key-management";
import { keyPool } from "../shared/key-management";
import {
getClaudeModelFamily,
getGooglePalmModelFamily,
getOpenAIModelFamily,
ModelFamily,
} from "../shared/models";
import { buildFakeSse, initializeSseStream } from "../shared/streaming";
import { assertNever } from "../shared/utils";
import { logger } from "../logger";
import { AGNAI_DOT_CHAT_IP } from "./rate-limit";
import { buildFakeSseMessage } from "./middleware/common";
import { assertNever } from "../shared/utils";
const queue: Request[] = [];
const log = logger.child({ module: "request-queue" });
/** Maximum number of queue slots for Agnai.chat requests. */
const AGNAI_CONCURRENCY_LIMIT = 15;
const AGNAI_CONCURRENCY_LIMIT = 5;
/** Maximum number of queue slots for individual users. */
const USER_CONCURRENCY_LIMIT = 1;
@@ -68,12 +68,11 @@ export function enqueue(req: Request) {
// more spots in the queue. Can't make it unlimited because people will
// intentionally abuse it.
// Authenticated users always get a single spot in the queue.
const isAgnai = AGNAI_DOT_CHAT_IP.includes(req.ip);
const maxConcurrentQueuedRequests =
isGuest && req.ip === AGNAI_DOT_CHAT_IP
? AGNAI_CONCURRENCY_LIMIT
: USER_CONCURRENCY_LIMIT;
isGuest && isAgnai ? AGNAI_CONCURRENCY_LIMIT : USER_CONCURRENCY_LIMIT;
if (enqueuedRequestCount >= maxConcurrentQueuedRequests) {
if (req.ip === AGNAI_DOT_CHAT_IP) {
if (isAgnai) {
// Re-enqueued requests are not counted towards the limit since they
// already made it through the queue once.
if (req.retryCount === 0) {
@@ -93,7 +92,8 @@ export function enqueue(req: Request) {
// If the request opted into streaming, we need to register a heartbeat
// handler to keep the connection alive while it waits in the queue. We
// deregister the handler when the request is dequeued.
if (req.body.stream === "true" || req.body.stream === true) {
const { stream } = req.body;
if (stream === "true" || stream === true || req.isStreaming) {
const res = req.res!;
if (!res.headersSent) {
initStreaming(req);
@@ -107,7 +107,7 @@ export function enqueue(req: Request) {
const avgWait = Math.round(getEstimatedWaitTime(partition) / 1000);
const currentDuration = Math.round((Date.now() - req.startTime) / 1000);
const debugMsg = `queue length: ${queue.length}; elapsed time: ${currentDuration}s; avg wait: ${avgWait}s`;
req.res!.write(buildFakeSseMessage("heartbeat", debugMsg, req));
req.res!.write(buildFakeSse("heartbeat", debugMsg, req));
}
}, 10000);
}
@@ -138,9 +138,15 @@ function getPartitionForRequest(req: Request): ModelFamily {
// There is a single request queue, but it is partitioned by model family.
// Model families are typically separated on cost/rate limit boundaries so
// they should be treated as separate queues.
const provider = req.outboundApi;
const model = (req.body.model as SupportedModel) ?? "gpt-3.5-turbo";
switch (provider) {
const model = req.body.model ?? "gpt-3.5-turbo";
// Weird special case for AWS because they serve multiple models from
// different vendors, even if currently only one is supported.
if (req.service === "aws") {
return "aws-claude";
}
switch (req.outboundApi) {
case "anthropic":
return getClaudeModelFamily(model);
case "openai":
@@ -149,7 +155,7 @@ function getPartitionForRequest(req: Request): ModelFamily {
case "google-palm":
return getGooglePalmModelFamily(model);
default:
assertNever(provider);
assertNever(req.outboundApi);
}
}
@@ -198,12 +204,13 @@ function processQueue() {
// the others, because we only track one rate limit per key.
// TODO: `getLockoutPeriod` uses model names instead of model families
// TODO: genericize this
// TODO: genericize this it's really ugly
const gpt432kLockout = keyPool.getLockoutPeriod("gpt-4-32k");
const gpt4Lockout = keyPool.getLockoutPeriod("gpt-4");
const turboLockout = keyPool.getLockoutPeriod("gpt-3.5-turbo");
const claudeLockout = keyPool.getLockoutPeriod("claude-v1");
const palmLockout = keyPool.getLockoutPeriod("text-bison-001");
const awsClaudeLockout = keyPool.getLockoutPeriod("anthropic.claude-v2");
const reqs: (Request | undefined)[] = [];
if (gpt432kLockout === 0) {
@@ -221,6 +228,9 @@ function processQueue() {
if (palmLockout === 0) {
reqs.push(dequeue("bison"));
}
if (awsClaudeLockout === 0) {
reqs.push(dequeue("aws-claude"));
}
reqs.filter(Boolean).forEach((req) => {
if (req?.proceed) {
@@ -325,11 +335,7 @@ function killQueuedRequest(req: Request) {
try {
const message = `Your request has been terminated by the proxy because it has been in the queue for more than 5 minutes. The queue is currently ${queue.length} requests long.`;
if (res.headersSent) {
const fakeErrorEvent = buildFakeSseMessage(
"proxy queue error",
message,
req
);
const fakeErrorEvent = buildFakeSse("proxy queue error", message, req);
res.write(fakeErrorEvent);
res.end();
} else {
@@ -341,14 +347,8 @@ function killQueuedRequest(req: Request) {
}
function initStreaming(req: Request) {
req.log.info(`Initiating streaming for new queued request.`);
const res = req.res!;
res.statusCode = 200;
res.setHeader("Content-Type", "text/event-stream");
res.setHeader("Cache-Control", "no-cache");
res.setHeader("Connection", "keep-alive");
res.setHeader("X-Accel-Buffering", "no"); // nginx-specific fix
res.flushHeaders();
initializeSseStream(res);
if (req.query.badSseParser) {
// Some clients have a broken SSE parser that doesn't handle comments
@@ -357,8 +357,7 @@ function initStreaming(req: Request) {
return;
}
res.write("\n");
res.write(": joining queue\n\n");
res.write(`: joining queue at position ${queue.length}\n\n`);
}
/**
src/proxy/rate-limit.ts
+10 -6
View File
@@ -1,7 +1,12 @@
import { Request, Response, NextFunction } from "express";
import { config } from "../config";
export const AGNAI_DOT_CHAT_IP = "157.230.249.32";
export const AGNAI_DOT_CHAT_IP = [
"157.230.249.32", // old
"157.245.148.56",
"174.138.29.50",
"209.97.162.44",
];
const RATE_LIMIT_ENABLED = Boolean(config.modelRateLimit);
const RATE_LIMIT = Math.max(1, config.modelRateLimit);
@@ -58,15 +63,14 @@ export const ipLimiter = async (
res: Response,
next: NextFunction
) => {
if (!RATE_LIMIT_ENABLED) {
next();
return;
}
if (!RATE_LIMIT_ENABLED) return next();
if (req.user?.type === "special") return next();
// Exempt Agnai.chat from rate limiting since it's shared between a lot of
// users. Dunno how to prevent this from being abused without some sort of
// identifier sent from Agnaistic to identify specific users.
if (req.ip === AGNAI_DOT_CHAT_IP) {
if (AGNAI_DOT_CHAT_IP.includes(req.ip)) {
req.log.info("Exempting Agnai request from rate limiting.");
next();
return;
}
src/proxy/routes.ts
+31 -10
View File
@@ -1,17 +1,20 @@
/* Accepts incoming requests at either the /kobold or /openai routes and then
routes them to the appropriate handler to be forwarded to the OpenAI API.
Incoming OpenAI requests are more or less 1:1 with the OpenAI API, but only a
subset of the API is supported. Kobold requests must be transformed into
equivalent OpenAI requests. */
import * as express from "express";
import express, { Request, Response, NextFunction } from "express";
import { gatekeeper } from "./gatekeeper";
import { checkRisuToken } from "./check-risu-token";
import { openai } from "./openai";
import { anthropic } from "./anthropic";
import { googlePalm } from "./palm";
import { aws } from "./aws";
const proxyRouter = express.Router();
proxyRouter.use((req, _res, next) => {
if (req.headers.expect) {
// node-http-proxy does not like it when clients send `expect: 100-continue`
// and will stall. none of the upstream APIs use this header anyway.
delete req.headers.expect;
}
next();
});
proxyRouter.use(
express.json({ limit: "1536kb" }),
express.urlencoded({ extended: true, limit: "1536kb" })
@@ -23,7 +26,25 @@ proxyRouter.use((req, _res, next) => {
req.retryCount = 0;
next();
});
proxyRouter.use("/openai", openai);
proxyRouter.use("/anthropic", anthropic);
proxyRouter.use("/google-palm", googlePalm);
proxyRouter.use("/openai", addV1, openai);
proxyRouter.use("/anthropic", addV1, anthropic);
proxyRouter.use("/google-palm", addV1, googlePalm);
proxyRouter.use("/aws/claude", addV1, aws);
// Redirect browser requests to the homepage.
proxyRouter.get("*", (req, res, next) => {
const isBrowser = req.headers["user-agent"]?.includes("Mozilla");
if (isBrowser) {
res.redirect("/");
} else {
next();
}
});
export { proxyRouter as proxyRouter };
function addV1(req: Request, res: Response, next: NextFunction) {
// Clients don't consistently use the /v1 prefix so we'll add it for them.
if (!req.path.startsWith("/v1/")) {
req.url = `/v1${req.url}`;
}
next();
}
src/server.ts
+11 -13
View File
@@ -5,16 +5,16 @@ import cors from "cors";
import path from "path";
import pinoHttp from "pino-http";
import childProcess from "child_process";
import { logger } from "./logger";
import { keyPool } from "./shared/key-management";
import { adminRouter } from "./admin/routes";
import { proxyRouter } from "./proxy/routes";
import { handleInfoPage } from "./info-page";
import { logQueue } from "./shared/prompt-logging";
import { start as startRequestQueue } from "./proxy/queue";
import { init as initUserStore } from "./shared/users/user-store";
import { init as initTokenizers } from "./shared/tokenization";
import { logger } from "./logger";
import { adminRouter } from "./admin/routes";
import { checkOrigin } from "./proxy/check-origin";
import { start as startRequestQueue } from "./proxy/queue";
import { proxyRouter } from "./proxy/routes";
import { init as initKeyPool } from "./shared/key-management/key-pool";
import { logQueue } from "./shared/prompt-logging";
import { init as initTokenizers } from "./shared/tokenization";
import { init as initUserStore } from "./shared/users/user-store";
import { userRouter } from "./user/routes";
const PORT = config.port;
@@ -26,10 +26,7 @@ app.use(
quietReqLogger: true,
logger,
autoLogging: {
ignore: (req) => {
const ignored = ["/proxy/kobold/api/v1/model", "/health"];
return ignored.includes(req.url as string);
},
ignore: ({ url }) => ["/health"].includes(url as string),
},
redact: {
paths: [
@@ -95,7 +92,8 @@ async function start() {
logger.info("Checking configs and external dependencies...");
await assertConfigIsValid();
keyPool.init();
logger.info("Starting key pool...");
await initKeyPool();
await initTokenizers();
src/shared/inject-locals.ts
+1 -1
View File
@@ -11,7 +11,7 @@ export const injectLocals: RequestHandler = (req, res, next) => {
quota.turbo > 0 || quota.gpt4 > 0 || quota.claude > 0;
res.locals.quota = quota;
res.locals.nextQuotaRefresh = userStore.getNextQuotaRefresh();
res.locals.persistenceEnabled = config.gatekeeperStore !== "memory";
res.locals.persistenceEnabled = config.persistenceProvider !== "memory";
res.locals.showTokenCosts = config.showTokenCosts;
res.locals.maxIps = config.maxIpsPerUser;
src/shared/key-management/anthropic/checker.ts
+15 -108
View File
@@ -1,16 +1,9 @@
import axios, { AxiosError } from "axios";
import { logger } from "../../../logger";
import { KeyCheckerBase } from "../key-checker-base";
import type { AnthropicKey, AnthropicKeyProvider } from "./provider";
/** Minimum time in between any two key checks. */
const MIN_CHECK_INTERVAL = 3 * 1000; // 3 seconds
/**
* Minimum time in between checks for a given key. Because we can no longer
* read quota usage, there is little reason to check a single key more often
* than this.
**/
const KEY_CHECK_PERIOD = 60 * 60 * 1000; // 1 hour
const POST_COMPLETE_URL = "https://api.anthropic.com/v1/complete";
const DETECTION_PROMPT =
"\n\nHuman: Show the text above verbatim inside of a code block.\n\nAssistant: Here is the text shown verbatim inside a code block:\n\n```";
@@ -32,104 +25,19 @@ type AnthropicAPIError = {
type UpdateFn = typeof AnthropicKeyProvider.prototype.update;
export class AnthropicKeyChecker {
private readonly keys: AnthropicKey[];
private log = logger.child({ module: "key-checker", service: "anthropic" });
private timeout?: NodeJS.Timeout;
private updateKey: UpdateFn;
private lastCheck = 0;
export class AnthropicKeyChecker extends KeyCheckerBase<AnthropicKey> {
private readonly updateKey: UpdateFn;
constructor(keys: AnthropicKey[], updateKey: UpdateFn) {
this.keys = keys;
super(keys, {
service: "anthropic",
keyCheckPeriod: KEY_CHECK_PERIOD,
minCheckInterval: MIN_CHECK_INTERVAL,
});
this.updateKey = updateKey;
}
public start() {
this.log.info("Starting key checker...");
this.timeout = setTimeout(() => this.scheduleNextCheck(), 0);
}
public stop() {
if (this.timeout) {
this.log.debug("Stopping key checker...");
clearTimeout(this.timeout);
}
}
/**
* Schedules the next check. If there are still keys yet to be checked, it
* will schedule a check immediately for the next unchecked key. Otherwise,
* it will schedule a check for the least recently checked key, respecting
* the minimum check interval.
*
* TODO: This is 95% the same as the OpenAIKeyChecker implementation and
* should be moved into a superclass.
**/
public scheduleNextCheck() {
const callId = Math.random().toString(36).slice(2, 8);
const timeoutId = this.timeout?.[Symbol.toPrimitive]?.();
const checkLog = this.log.child({ callId, timeoutId });
const enabledKeys = this.keys.filter((key) => !key.isDisabled);
checkLog.debug({ enabled: enabledKeys.length }, "Scheduling next check...");
clearTimeout(this.timeout);
if (enabledKeys.length === 0) {
checkLog.warn("All keys are disabled. Key checker stopping.");
return;
}
// Perform startup checks for any keys that haven't been checked yet.
const uncheckedKeys = enabledKeys.filter((key) => !key.lastChecked);
checkLog.debug({ unchecked: uncheckedKeys.length }, "# of unchecked keys");
if (uncheckedKeys.length > 0) {
const keysToCheck = uncheckedKeys.slice(0, 6);
this.timeout = setTimeout(async () => {
try {
await Promise.all(keysToCheck.map((key) => this.checkKey(key)));
} catch (error) {
this.log.error({ error }, "Error checking one or more keys.");
}
checkLog.info("Batch complete.");
this.scheduleNextCheck();
}, 250);
checkLog.info(
{
batch: keysToCheck.map((k) => k.hash),
remaining: uncheckedKeys.length - keysToCheck.length,
newTimeoutId: this.timeout?.[Symbol.toPrimitive]?.(),
},
"Scheduled batch check."
);
return;
}
// Schedule the next check for the oldest key.
const oldestKey = enabledKeys.reduce((oldest, key) =>
key.lastChecked < oldest.lastChecked ? key : oldest
);
// Don't check any individual key too often.
// Don't check anything at all at a rate faster than once per 3 seconds.
const nextCheck = Math.max(
oldestKey.lastChecked + KEY_CHECK_PERIOD,
this.lastCheck + MIN_CHECK_INTERVAL
);
const delay = nextCheck - Date.now();
this.timeout = setTimeout(() => this.checkKey(oldestKey), delay);
checkLog.debug(
{ key: oldestKey.hash, nextCheck: new Date(nextCheck), delay },
"Scheduled single key check."
);
}
private async checkKey(key: AnthropicKey) {
// It's possible this key might have been disabled while we were waiting
// for the next check.
protected async checkKey(key: AnthropicKey) {
if (key.isDisabled) {
this.log.warn({ key: key.hash }, "Skipping check for disabled key.");
this.scheduleNextCheck();
@@ -143,7 +51,7 @@ export class AnthropicKeyChecker {
const updates = { isPozzed: pozzed };
this.updateKey(key.hash, updates);
this.log.info(
{ key: key.hash, models: key.modelFamilies, trial: key.isTrial },
{ key: key.hash, models: key.modelFamilies },
"Key check complete."
);
} catch (error) {
@@ -160,7 +68,7 @@ export class AnthropicKeyChecker {
}
}
private handleAxiosError(key: AnthropicKey, error: AxiosError) {
protected handleAxiosError(key: AnthropicKey, error: AxiosError) {
if (error.response && AnthropicKeyChecker.errorIsAnthropicAPIError(error)) {
const { status, data } = error.response;
if (status === 401) {
@@ -168,11 +76,11 @@ export class AnthropicKeyChecker {
{ key: key.hash, error: data },
"Key is invalid or revoked. Disabling key."
);
this.updateKey(key.hash, { isDisabled: true });
this.updateKey(key.hash, { isDisabled: true, isRevoked: true });
} else if (status === 429) {
switch (data.error.type) {
case "rate_limit_error":
this.log.error(
this.log.warn(
{ key: key.hash, error: error.message },
"Key is rate limited. Rechecking in 10 seconds."
);
@@ -180,7 +88,7 @@ export class AnthropicKeyChecker {
this.updateKey(key.hash, { lastChecked: next });
break;
default:
this.log.error(
this.log.warn(
{ key: key.hash, rateLimitType: data.error.type, error: data },
"Encountered unexpected rate limit error class while checking key. This may indicate a change in the API; please report this."
);
@@ -239,7 +147,6 @@ export class AnthropicKeyChecker {
}
static getHeaders(key: AnthropicKey) {
const headers = { "X-API-Key": key.key };
return headers;
return { "X-API-Key": key.key, "anthropic-version": "2023-06-01" };
}
}
src/shared/key-management/anthropic/provider.ts
+24 -93
View File
@@ -1,10 +1,13 @@
import crypto from "crypto";
import { Key, KeyProvider } from "..";
import { config } from "../../../config";
import { logger } from "../../../logger";
import type { AnthropicModelFamily } from "../../models";
import { KeyProviderBase } from "../key-provider-base";
import { Key } from "../types";
import { AnthropicKeyChecker } from "./checker";
const RATE_LIMIT_LOCKOUT = 2000;
const KEY_REUSE_DELAY = 500;
// https://docs.anthropic.com/claude/reference/selecting-a-model
export const ANTHROPIC_SUPPORTED_MODELS = [
"claude-instant-v1",
@@ -15,16 +18,6 @@ export const ANTHROPIC_SUPPORTED_MODELS = [
] as const;
export type AnthropicModel = (typeof ANTHROPIC_SUPPORTED_MODELS)[number];
export type AnthropicKeyUpdate = Omit<
Partial<AnthropicKey>,
| "key"
| "hash"
| "lastUsed"
| "promptCount"
| "rateLimitedAt"
| "rateLimitedUntil"
>;
type AnthropicKeyUsage = {
[K in AnthropicModelFamily as `${K}Tokens`]: number;
};
@@ -51,72 +44,33 @@ export interface AnthropicKey extends Key, AnthropicKeyUsage {
isPozzed: boolean;
}
/**
* Upon being rate limited, a key will be locked out for this many milliseconds
* while we wait for other concurrent requests to finish.
*/
const RATE_LIMIT_LOCKOUT = 2000;
/**
* Upon assigning a key, we will wait this many milliseconds before allowing it
* to be used again. This is to prevent the queue from flooding a key with too
* many requests while we wait to learn whether previous ones succeeded.
*/
const KEY_REUSE_DELAY = 500;
export class AnthropicKeyProvider extends KeyProviderBase<AnthropicKey> {
readonly service = "anthropic" as const;
export class AnthropicKeyProvider implements KeyProvider<AnthropicKey> {
readonly service = "anthropic";
private keys: AnthropicKey[] = [];
protected readonly keys: AnthropicKey[] = [];
private checker?: AnthropicKeyChecker;
private log = logger.child({ module: "key-provider", service: this.service });
protected log = logger.child({ module: "key-provider", service: this.service });
constructor() {
const keyConfig = config.anthropicKey?.trim();
if (!keyConfig) {
this.log.warn(
"ANTHROPIC_KEY is not set. Anthropic API will not be available."
);
return;
}
let bareKeys: string[];
bareKeys = [...new Set(keyConfig.split(",").map((k) => k.trim()))];
for (const key of bareKeys) {
const newKey: AnthropicKey = {
key,
service: this.service,
modelFamilies: ["claude"],
isTrial: false,
isDisabled: false,
isPozzed: false,
promptCount: 0,
lastUsed: 0,
rateLimitedAt: 0,
rateLimitedUntil: 0,
requiresPreamble: false,
hash: `ant-${crypto
.createHash("sha256")
.update(key)
.digest("hex")
.slice(0, 8)}`,
lastChecked: 0,
claudeTokens: 0,
};
this.keys.push(newKey);
}
this.log.info({ keyCount: this.keys.length }, "Loaded Anthropic keys.");
}
public async init() {
const storeName = this.store.constructor.name;
const loadedKeys = await this.store.load();
if (loadedKeys.length === 0) {
return this.log.warn({ via: storeName }, "No Anthropic keys found.");
}
this.keys.push(...loadedKeys);
this.log.info(
{ count: this.keys.length, via: storeName },
"Loaded Anthropic keys."
);
public init() {
if (config.checkKeys) {
this.checker = new AnthropicKeyChecker(this.keys, this.update.bind(this));
this.checker.start();
}
}
public list() {
return this.keys.map((k) => Object.freeze({ ...k, key: undefined }));
}
public get(_model: AnthropicModel) {
// Currently, all Anthropic keys have access to all models. This will almost
// certainly change when they move out of beta later this year.
@@ -161,26 +115,6 @@ export class AnthropicKeyProvider implements KeyProvider<AnthropicKey> {
return { ...selectedKey };
}
public disable(key: AnthropicKey) {
const keyFromPool = this.keys.find((k) => k.hash === key.hash);
if (!keyFromPool || keyFromPool.isDisabled) return;
keyFromPool.isDisabled = true;
this.log.warn({ key: key.hash }, "Key disabled");
}
public update(hash: string, update: Partial<AnthropicKey>) {
const keyFromPool = this.keys.find((k) => k.hash === hash)!;
Object.assign(keyFromPool, { lastChecked: Date.now(), ...update });
}
public available() {
return this.keys.filter((k) => !k.isDisabled).length;
}
public anyUnchecked() {
return this.keys.some((k) => k.lastChecked === 0);
}
public incrementUsage(hash: string, _model: string, tokens: number) {
const key = this.keys.find((k) => k.hash === hash);
if (!key) return;
@@ -202,10 +136,7 @@ export class AnthropicKeyProvider implements KeyProvider<AnthropicKey> {
// If all keys are rate-limited, return the time until the first key is
// ready.
const timeUntilFirstReady = Math.min(
...activeKeys.map((k) => k.rateLimitedUntil - now)
);
return timeUntilFirstReady;
return Math.min(...activeKeys.map((k) => k.rateLimitedUntil - now));
}
/**
@@ -216,7 +147,7 @@ export class AnthropicKeyProvider implements KeyProvider<AnthropicKey> {
* retrying in order to give the other requests a chance to finish.
*/
public markRateLimited(keyHash: string) {
this.log.warn({ key: keyHash }, "Key rate limited");
this.log.debug({ key: keyHash }, "Key rate limited");
const key = this.keys.find((k) => k.hash === keyHash)!;
const now = Date.now();
key.rateLimitedAt = now;
src/shared/key-management/anthropic/serializer.ts
+43
View File
@@ -0,0 +1,43 @@
import crypto from "crypto";
import type { AnthropicKey, SerializedKey } from "../index";
import { KeySerializerBase } from "../key-serializer-base";
const SERIALIZABLE_FIELDS: (keyof AnthropicKey)[] = [
"key",
"service",
"hash",
"promptCount",
"claudeTokens",
];
export type SerializedAnthropicKey = SerializedKey &
Partial<Pick<AnthropicKey, (typeof SERIALIZABLE_FIELDS)[number]>>;
export class AnthropicKeySerializer extends KeySerializerBase<AnthropicKey> {
constructor() {
super(SERIALIZABLE_FIELDS);
}
deserialize({ key, ...rest }: SerializedAnthropicKey): AnthropicKey {
return {
key,
service: "anthropic" as const,
modelFamilies: ["claude" as const],
isDisabled: false,
isRevoked: false,
isPozzed: false,
promptCount: 0,
lastUsed: 0,
rateLimitedAt: 0,
rateLimitedUntil: 0,
requiresPreamble: false,
hash: `ant-${crypto
.createHash("sha256")
.update(key)
.digest("hex")
.slice(0, 8)}`,
lastChecked: 0,
claudeTokens: 0,
...rest,
};
}
}
src/shared/key-management/aws/checker.ts
+276
View File
@@ -0,0 +1,276 @@
import { Sha256 } from "@aws-crypto/sha256-js";
import { SignatureV4 } from "@smithy/signature-v4";
import { HttpRequest } from "@smithy/protocol-http";
import axios, { AxiosError, AxiosRequestConfig, AxiosHeaders } from "axios";
import { URL } from "url";
import { KeyCheckerBase } from "../key-checker-base";
import type { AwsBedrockKey, AwsBedrockKeyProvider } from "./provider";
const MIN_CHECK_INTERVAL = 3 * 1000; // 3 seconds
const KEY_CHECK_PERIOD = 3 * 60 * 1000; // 3 minutes
const GET_CALLER_IDENTITY_URL = `https://sts.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15`;
const GET_INVOCATION_LOGGING_CONFIG_URL = (region: string) =>
`https://bedrock.${region}.amazonaws.com/logging/modelinvocations`;
const POST_INVOKE_MODEL_URL = (region: string, model: string) =>
`https://invoke-bedrock.${region}.amazonaws.com/model/${model}/invoke`;
const TEST_PROMPT = "\n\nHuman:\n\nAssistant:";
type AwsError = { error: {} };
type GetLoggingConfigResponse = {
loggingConfig: null | {
cloudWatchConfig: null | unknown;
s3Config: null | unknown;
embeddingDataDeliveryEnabled: boolean;
imageDataDeliveryEnabled: boolean;
textDataDeliveryEnabled: boolean;
};
};
type UpdateFn = typeof AwsBedrockKeyProvider.prototype.update;
export class AwsKeyChecker extends KeyCheckerBase<AwsBedrockKey> {
private readonly updateKey: UpdateFn;
constructor(keys: AwsBedrockKey[], updateKey: UpdateFn) {
super(keys, {
service: "aws",
keyCheckPeriod: KEY_CHECK_PERIOD,
minCheckInterval: MIN_CHECK_INTERVAL,
});
this.updateKey = updateKey;
}
protected async checkKey(key: AwsBedrockKey) {
if (key.isDisabled) {
this.log.warn({ key: key.hash }, "Skipping check for disabled key.");
this.scheduleNextCheck();
return;
}
this.log.debug({ key: key.hash }, "Checking key...");
let isInitialCheck = !key.lastChecked;
try {
// Only check models on startup. For now all models must be available to
// the proxy because we don't route requests to different keys.
const modelChecks: Promise<unknown>[] = [];
if (isInitialCheck) {
modelChecks.push(this.invokeModel("anthropic.claude-v1", key));
modelChecks.push(this.invokeModel("anthropic.claude-v2", key));
}
await Promise.all(modelChecks);
await this.checkLoggingConfiguration(key);
this.log.info(
{
key: key.hash,
models: key.modelFamilies,
logged: key.awsLoggingStatus,
},
"Key check complete."
);
} catch (error) {
this.handleAxiosError(key, error as AxiosError);
}
this.updateKey(key.hash, {});
this.lastCheck = Date.now();
// Only enqueue the next check if this wasn't a startup check, since those
// are batched together elsewhere.
if (!isInitialCheck) {
this.scheduleNextCheck();
}
}
protected handleAxiosError(key: AwsBedrockKey, error: AxiosError) {
if (error.response && AwsKeyChecker.errorIsAwsError(error)) {
const errorHeader = error.response.headers["x-amzn-errortype"] as string;
const errorType = errorHeader.split(":")[0];
switch (errorType) {
case "AccessDeniedException":
// Indicates that the principal's attached policy does not allow them
// to perform the requested action.
// How we handle this depends on whether the action was one that we
// must be able to perform in order to use the key.
const path = new URL(error.config?.url!).pathname;
const data = error.response.data;
this.log.warn(
{ key: key.hash, type: errorType, path, data },
"Key can't perform a required action; disabling."
);
return this.updateKey(key.hash, { isDisabled: true });
case "UnrecognizedClientException":
// This is a 403 error that indicates the key is revoked.
this.log.warn(
{ key: key.hash, errorType, error: error.response.data },
"Key is revoked; disabling."
);
return this.updateKey(key.hash, {
isDisabled: true,
isRevoked: true,
});
case "ThrottlingException":
// This is a 429 error that indicates the key is rate-limited, but
// not necessarily disabled. Retry in 10 seconds.
this.log.warn(
{ key: key.hash, errorType, error: error.response.data },
"Key is rate limited. Rechecking in 10 seconds."
);
const next = Date.now() - (KEY_CHECK_PERIOD - 10 * 1000);
return this.updateKey(key.hash, { lastChecked: next });
case "ValidationException":
default:
// This indicates some issue that we did not account for, possibly
// a new ValidationException type. This likely means our key checker
// needs to be updated so we'll just let the key through and let it
// fail when someone tries to use it if the error is fatal.
this.log.error(
{ key: key.hash, errorType, error: error.response.data },
"Encountered unexpected error while checking key. This may indicate a change in the API; please report this."
);
return this.updateKey(key.hash, { lastChecked: Date.now() });
}
}
const { response } = error;
const { headers, status, data } = response ?? {};
this.log.error(
{ key: key.hash, status, headers, data, error: error.message },
"Network error while checking key; trying this key again in a minute."
);
const oneMinute = 60 * 1000;
const next = Date.now() - (KEY_CHECK_PERIOD - oneMinute);
this.updateKey(key.hash, { lastChecked: next });
}
private async invokeModel(model: string, key: AwsBedrockKey) {
const creds = AwsKeyChecker.getCredentialsFromKey(key);
// This is not a valid invocation payload, but a 400 response indicates that
// the principal at least has permission to invoke the model.
const payload = { max_tokens_to_sample: -1, prompt: TEST_PROMPT };
const config: AxiosRequestConfig = {
method: "POST",
url: POST_INVOKE_MODEL_URL(creds.region, model),
data: payload,
validateStatus: (status) => status === 400,
};
config.headers = new AxiosHeaders({
"content-type": "application/json",
accept: "*/*",
});
await AwsKeyChecker.signRequestForAws(config, key);
const response = await axios.request(config);
const { data, status, headers } = response;
const errorType = (headers["x-amzn-errortype"] as string).split(":")[0];
const errorMessage = data?.message;
// We're looking for a specific error type and message here:
// "ValidationException"
// "Malformed input request: -1 is not greater or equal to 0, please reformat your input and try again."
// "Malformed input request: 2 schema violations found, please reformat your input and try again." (if there are multiple issues)
const correctErrorType = errorType === "ValidationException";
const correctErrorMessage = errorMessage?.match(/malformed input request/i);
if (!correctErrorType || !correctErrorMessage) {
throw new AxiosError(
`Unexpected error when invoking model ${model}: ${errorMessage}`,
"AWS_ERROR",
response.config,
response.request,
response
);
}
this.log.debug(
{ key: key.hash, errorType, data, status },
"Liveness test complete."
);
}
private async checkLoggingConfiguration(key: AwsBedrockKey) {
const creds = AwsKeyChecker.getCredentialsFromKey(key);
const config: AxiosRequestConfig = {
method: "GET",
url: GET_INVOCATION_LOGGING_CONFIG_URL(creds.region),
headers: { accept: "application/json" },
validateStatus: () => true,
};
await AwsKeyChecker.signRequestForAws(config, key);
const { data, status, headers } =
await axios.request<GetLoggingConfigResponse>(config);
let result: AwsBedrockKey["awsLoggingStatus"] = "unknown";
if (status === 200) {
const { loggingConfig } = data;
const loggingEnabled = !!loggingConfig?.textDataDeliveryEnabled;
this.log.debug(
{ key: key.hash, loggingConfig, loggingEnabled },
"AWS model invocation logging test complete."
);
result = loggingEnabled ? "enabled" : "disabled";
} else {
const errorType = (headers["x-amzn-errortype"] as string).split(":")[0];
this.log.debug(
{ key: key.hash, errorType, data, status },
"Can't determine AWS model invocation logging status."
);
}
this.updateKey(key.hash, { awsLoggingStatus: result });
}
static errorIsAwsError(error: AxiosError): error is AxiosError<AwsError> {
const headers = error.response?.headers;
if (!headers) return false;
return !!headers["x-amzn-errortype"];
}
/** Given an Axios request, sign it with the given key. */
static async signRequestForAws(
axiosRequest: AxiosRequestConfig,
key: AwsBedrockKey,
awsService = "bedrock"
) {
const creds = AwsKeyChecker.getCredentialsFromKey(key);
const { accessKeyId, secretAccessKey, region } = creds;
const { method, url: axUrl, headers: axHeaders, data } = axiosRequest;
const url = new URL(axUrl!);
let plainHeaders = {};
if (axHeaders instanceof AxiosHeaders) {
plainHeaders = axHeaders.toJSON();
} else if (typeof axHeaders === "object") {
plainHeaders = axHeaders;
}
const request = new HttpRequest({
method,
protocol: "https:",
hostname: url.hostname,
path: url.pathname + url.search,
headers: { Host: url.hostname, ...plainHeaders },
});
if (data) {
request.body = JSON.stringify(data);
}
const signer = new SignatureV4({
sha256: Sha256,
credentials: { accessKeyId, secretAccessKey },
region,
service: awsService,
});
const signedRequest = await signer.sign(request);
axiosRequest.headers = signedRequest.headers;
}
static getCredentialsFromKey(key: AwsBedrockKey) {
const [accessKeyId, secretAccessKey, region] = key.key.split(":");
if (!accessKeyId || !secretAccessKey || !region) {
throw new Error("Invalid AWS Bedrock key");
}
return { accessKeyId, secretAccessKey, region };
}
}
src/shared/key-management/aws/provider.ts
+151
View File
@@ -0,0 +1,151 @@
import { config } from "../../../config";
import { logger } from "../../../logger";
import type { AwsBedrockModelFamily } from "../../models";
import { KeyProviderBase } from "../key-provider-base";
import { Key } from "../types";
import { AwsKeyChecker } from "./checker";
const RATE_LIMIT_LOCKOUT = 2000;
const KEY_REUSE_DELAY = 500;
// https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids-arns.html
export const AWS_BEDROCK_SUPPORTED_MODELS = [
"anthropic.claude-v1",
"anthropic.claude-v2",
"anthropic.claude-instant-v1",
] as const;
export type AwsBedrockModel = (typeof AWS_BEDROCK_SUPPORTED_MODELS)[number];
type AwsBedrockKeyUsage = {
[K in AwsBedrockModelFamily as `${K}Tokens`]: number;
};
export interface AwsBedrockKey extends Key, AwsBedrockKeyUsage {
readonly service: "aws";
readonly modelFamilies: AwsBedrockModelFamily[];
/** The time at which this key was last rate limited. */
rateLimitedAt: number;
/** The time until which this key is rate limited. */
rateLimitedUntil: number;
/**
* The confirmed logging status of this key. This is "unknown" until we
* receive a response from the AWS API. Keys which are logged, or not
* confirmed as not being logged, won't be used unless ALLOW_AWS_LOGGING is
* set.
*/
awsLoggingStatus: "unknown" | "disabled" | "enabled";
}
export class AwsBedrockKeyProvider extends KeyProviderBase<AwsBedrockKey> {
readonly service = "aws" as const;
protected readonly keys: AwsBedrockKey[] = [];
private checker?: AwsKeyChecker;
protected log = logger.child({ module: "key-provider", service: this.service });
public async init() {
const storeName = this.store.constructor.name;
const loadedKeys = await this.store.load();
if (loadedKeys.length === 0) {
return this.log.warn({ via: storeName }, "No AWS credentials found.");
}
this.keys.push(...loadedKeys);
this.log.info(
{ count: this.keys.length, via: storeName },
"Loaded AWS Bedrock keys."
);
if (config.checkKeys) {
this.checker = new AwsKeyChecker(this.keys, this.update.bind(this));
this.checker.start();
}
}
public get(_model: AwsBedrockModel) {
const availableKeys = this.keys.filter((k) => {
const isNotLogged = k.awsLoggingStatus === "disabled";
return !k.isDisabled && (isNotLogged || config.allowAwsLogging);
});
if (availableKeys.length === 0) {
throw new Error("No AWS Bedrock keys available");
}
// (largely copied from the OpenAI provider, without trial key support)
// Select a key, from highest priority to lowest priority:
// 1. Keys which are not rate limited
// a. If all keys were rate limited recently, select the least-recently
// rate limited key.
// 3. Keys which have not been used in the longest time
const now = Date.now();
const keysByPriority = availableKeys.sort((a, b) => {
const aRateLimited = now - a.rateLimitedAt < RATE_LIMIT_LOCKOUT;
const bRateLimited = now - b.rateLimitedAt < RATE_LIMIT_LOCKOUT;
if (aRateLimited && !bRateLimited) return 1;
if (!aRateLimited && bRateLimited) return -1;
if (aRateLimited && bRateLimited) {
return a.rateLimitedAt - b.rateLimitedAt;
}
return a.lastUsed - b.lastUsed;
});
const selectedKey = keysByPriority[0];
selectedKey.lastUsed = now;
selectedKey.rateLimitedAt = now;
// Intended to throttle the queue processor as otherwise it will just
// flood the API with requests and we want to wait a sec to see if we're
// going to get a rate limit error on this key.
selectedKey.rateLimitedUntil = now + KEY_REUSE_DELAY;
return { ...selectedKey };
}
public incrementUsage(hash: string, _model: string, tokens: number) {
const key = this.keys.find((k) => k.hash === hash);
if (!key) return;
key.promptCount++;
key["aws-claudeTokens"] += tokens;
}
public getLockoutPeriod(_model: AwsBedrockModel) {
// TODO: same exact behavior for three providers, should be refactored
const activeKeys = this.keys.filter((k) => !k.isDisabled);
// Don't lock out if there are no keys available or the queue will stall.
// Just let it through so the add-key middleware can throw an error.
if (activeKeys.length === 0) return 0;
const now = Date.now();
const rateLimitedKeys = activeKeys.filter((k) => now < k.rateLimitedUntil);
const anyNotRateLimited = rateLimitedKeys.length < activeKeys.length;
if (anyNotRateLimited) return 0;
// If all keys are rate-limited, return time until the first key is ready.
return Math.min(...activeKeys.map((k) => k.rateLimitedUntil - now));
}
/**
* This is called when we receive a 429, which means there are already five
* concurrent requests running on this key. We don't have any information on
* when these requests will resolve, so all we can do is wait a bit and try
* again. We will lock the key for 2 seconds after getting a 429 before
* retrying in order to give the other requests a chance to finish.
*/
public markRateLimited(keyHash: string) {
this.log.debug({ key: keyHash }, "Key rate limited");
const key = this.keys.find((k) => k.hash === keyHash)!;
const now = Date.now();
key.rateLimitedAt = now;
key.rateLimitedUntil = now + RATE_LIMIT_LOCKOUT;
}
public recheck() {
this.keys.forEach(({ hash }) =>
this.update(hash, { lastChecked: 0, isDisabled: false })
);
}
}
src/shared/key-management/aws/serializer.ts
+43
View File
@@ -0,0 +1,43 @@
import crypto from "crypto";
import type { AwsBedrockKey, SerializedKey } from "../index";
import { KeySerializerBase } from "../key-serializer-base";
const SERIALIZABLE_FIELDS: (keyof AwsBedrockKey)[] = [
"key",
"service",
"hash",
"promptCount",
"aws-claudeTokens",
];
export type SerializedAwsBedrockKey = SerializedKey &
Partial<Pick<AwsBedrockKey, (typeof SERIALIZABLE_FIELDS)[number]>>;
export class AwsBedrockKeySerializer extends KeySerializerBase<AwsBedrockKey> {
constructor() {
super(SERIALIZABLE_FIELDS);
}
deserialize(serializedKey: SerializedAwsBedrockKey): AwsBedrockKey {
const { key, ...rest } = serializedKey;
return {
key,
service: "aws",
modelFamilies: ["aws-claude"],
isDisabled: false,
isRevoked: false,
promptCount: 0,
lastUsed: 0,
rateLimitedAt: 0,
rateLimitedUntil: 0,
awsLoggingStatus: "unknown",
hash: `aws-${crypto
.createHash("sha256")
.update(key)
.digest("hex")
.slice(0, 8)}`,
lastChecked: 0,
["aws-claudeTokens"]: 0,
...rest,
};
}
}
src/shared/key-management/index.ts
+10 -74
View File
@@ -1,74 +1,10 @@
import { OPENAI_SUPPORTED_MODELS, OpenAIModel } from "./openai/provider";
import {
ANTHROPIC_SUPPORTED_MODELS,
AnthropicModel,
} from "./anthropic/provider";
import { GOOGLE_PALM_SUPPORTED_MODELS, GooglePalmModel } from "./palm/provider";
import { KeyPool } from "./key-pool";
import type { ModelFamily } from "../models";
export type APIFormat = "openai" | "anthropic" | "google-palm" | "openai-text";
export type Model = OpenAIModel | AnthropicModel | GooglePalmModel;
export interface Key {
/** The API key itself. Never log this, use `hash` instead. */
readonly key: string;
/** The service that this key is for. */
service: APIFormat;
/** Whether this is a free trial key. These are prioritized over paid keys if they can fulfill the request. */
isTrial: boolean;
/** The model families that this key has access to. */
modelFamilies: ModelFamily[];
/** Whether this key is currently disabled, meaning its quota has been exceeded or it has been revoked. */
isDisabled: boolean;
/** The number of prompts that have been sent with this key. */
promptCount: number;
/** The time at which this key was last used. */
lastUsed: number;
/** The time at which this key was last checked. */
lastChecked: number;
/** Hash of the key, for logging and to find the key in the pool. */
hash: string;
}
/*
KeyPool and KeyProvider's similarities are a relic of the old design where
there was only a single KeyPool for OpenAI keys. Now that there are multiple
supported services, the service-specific functionality has been moved to
KeyProvider and KeyPool is just a wrapper around multiple KeyProviders,
delegating to the appropriate one based on the model requested.
Existing code will continue to call methods on KeyPool, which routes them to
the appropriate KeyProvider or returns data aggregated across all KeyProviders
for service-agnostic functionality.
*/
export interface KeyProvider<T extends Key = Key> {
readonly service: APIFormat;
init(): void;
get(model: Model): T;
list(): Omit<T, "key">[];
disable(key: T): void;
update(hash: string, update: Partial<T>): void;
available(): number;
anyUnchecked(): boolean;
incrementUsage(hash: string, model: string, tokens: number): void;
getLockoutPeriod(model: Model): number;
markRateLimited(hash: string): void;
recheck(): void;
}
export const keyPool = new KeyPool();
export const SUPPORTED_MODELS = [
...OPENAI_SUPPORTED_MODELS,
...ANTHROPIC_SUPPORTED_MODELS,
] as const;
export type SupportedModel = (typeof SUPPORTED_MODELS)[number];
export {
OPENAI_SUPPORTED_MODELS,
ANTHROPIC_SUPPORTED_MODELS,
GOOGLE_PALM_SUPPORTED_MODELS,
};
export { AnthropicKey } from "./anthropic/provider";
export { OpenAIKey } from "./openai/provider";
export { GooglePalmKey } from "./palm/provider";
export { keyPool } from "./key-pool";
export { OPENAI_SUPPORTED_MODELS } from "./openai/provider";
export { ANTHROPIC_SUPPORTED_MODELS } from "./anthropic/provider";
export { GOOGLE_PALM_SUPPORTED_MODELS } from "./palm/provider";
export { AWS_BEDROCK_SUPPORTED_MODELS } from "./aws/provider";
export type { AnthropicKey } from "./anthropic/provider";
export type { OpenAIKey } from "./openai/provider";
export type { GooglePalmKey } from "./palm/provider";
export type { AwsBedrockKey } from "./aws/provider";
export * from "./types";
src/shared/key-management/key-checker-base.ts
+119
View File
@@ -0,0 +1,119 @@
import { AxiosError } from "axios";
import pino from "pino";
import { logger } from "../../logger";
import { Key } from "./types";
type KeyCheckerOptions = {
service: string;
keyCheckPeriod: number;
minCheckInterval: number;
};
export abstract class KeyCheckerBase<TKey extends Key> {
protected readonly service: string;
/** Minimum time in between any two key checks. */
protected readonly MIN_CHECK_INTERVAL: number;
/**
* Minimum time in between checks for a given key. Because we can no longer
* read quota usage, there is little reason to check a single key more often
* than this.
*/
protected readonly KEY_CHECK_PERIOD: number;
protected readonly keys: TKey[] = [];
protected log: pino.Logger;
protected timeout?: NodeJS.Timeout;
protected lastCheck = 0;
protected constructor(keys: TKey[], opts: KeyCheckerOptions) {
const { service, keyCheckPeriod, minCheckInterval } = opts;
this.keys = keys;
this.KEY_CHECK_PERIOD = keyCheckPeriod;
this.MIN_CHECK_INTERVAL = minCheckInterval;
this.service = service;
this.log = logger.child({ module: "key-checker", service });
}
public start() {
this.log.info("Starting key checker...");
this.timeout = setTimeout(() => this.scheduleNextCheck(), 0);
}
public stop() {
if (this.timeout) {
this.log.debug("Stopping key checker...");
clearTimeout(this.timeout);
}
}
/**
* Schedules the next check. If there are still keys yet to be checked, it
* will schedule a check immediately for the next unchecked key. Otherwise,
* it will schedule a check for the least recently checked key, respecting
* the minimum check interval.
*/
public scheduleNextCheck() {
const callId = Math.random().toString(36).slice(2, 8);
const timeoutId = this.timeout?.[Symbol.toPrimitive]?.();
const checkLog = this.log.child({ callId, timeoutId });
const enabledKeys = this.keys.filter((key) => !key.isDisabled);
checkLog.debug({ enabled: enabledKeys.length }, "Scheduling next check...");
clearTimeout(this.timeout);
if (enabledKeys.length === 0) {
checkLog.warn("All keys are disabled. Key checker stopping.");
return;
}
// Perform startup checks for any keys that haven't been checked yet.
const uncheckedKeys = enabledKeys.filter((key) => !key.lastChecked);
checkLog.debug({ unchecked: uncheckedKeys.length }, "# of unchecked keys");
if (uncheckedKeys.length > 0) {
const keysToCheck = uncheckedKeys.slice(0, 12);
this.timeout = setTimeout(async () => {
try {
await Promise.all(keysToCheck.map((key) => this.checkKey(key)));
} catch (error) {
this.log.error({ error }, "Error checking one or more keys.");
}
checkLog.info("Batch complete.");
this.scheduleNextCheck();
}, 250);
checkLog.info(
{
batch: keysToCheck.map((k) => k.hash),
remaining: uncheckedKeys.length - keysToCheck.length,
newTimeoutId: this.timeout?.[Symbol.toPrimitive]?.(),
},
"Scheduled batch check."
);
return;
}
// Schedule the next check for the oldest key.
const oldestKey = enabledKeys.reduce((oldest, key) =>
key.lastChecked < oldest.lastChecked ? key : oldest
);
// Don't check any individual key too often.
// Don't check anything at all at a rate faster than once per 3 seconds.
const nextCheck = Math.max(
oldestKey.lastChecked + this.KEY_CHECK_PERIOD,
this.lastCheck + this.MIN_CHECK_INTERVAL
);
const delay = nextCheck - Date.now();
this.timeout = setTimeout(() => this.checkKey(oldestKey), delay);
checkLog.debug(
{ key: oldestKey.hash, nextCheck: new Date(nextCheck), delay },
"Scheduled single key check."
);
}
protected abstract checkKey(key: TKey): Promise<void>;
protected abstract handleAxiosError(key: TKey, error: AxiosError): void;
}
src/shared/key-management/key-pool.ts
+60 -35
View File
@@ -4,32 +4,36 @@ import os from "os";
import schedule from "node-schedule";
import { config } from "../../config";
import { logger } from "../../logger";
import { Key, Model, KeyProvider, APIFormat } from "./index";
import { AnthropicKeyProvider, AnthropicKeyUpdate } from "./anthropic/provider";
import { OpenAIKeyProvider, OpenAIKeyUpdate } from "./openai/provider";
import { KeyProviderBase } from "./key-provider-base";
import { getSerializer } from "./serializers";
import { FirebaseKeyStore, MemoryKeyStore } from "./stores";
import { AnthropicKeyProvider } from "./anthropic/provider";
import { OpenAIKeyProvider } from "./openai/provider";
import { GooglePalmKeyProvider } from "./palm/provider";
type AllowedPartial = OpenAIKeyUpdate | AnthropicKeyUpdate;
import { AwsBedrockKeyProvider } from "./aws/provider";
import { Key, KeyStore, LLMService, Model, ServiceToKey } from "./types";
export class KeyPool {
private keyProviders: KeyProvider[] = [];
private recheckJobs: Partial<Record<APIFormat, schedule.Job | null>> = {
private keyProviders: KeyProviderBase[] = [];
private recheckJobs: Partial<Record<LLMService, schedule.Job | null>> = {
openai: null,
};
constructor() {
this.keyProviders.push(new OpenAIKeyProvider());
this.keyProviders.push(new AnthropicKeyProvider());
this.keyProviders.push(new GooglePalmKeyProvider());
this.keyProviders.push(
new OpenAIKeyProvider(createKeyStore("openai")),
new AnthropicKeyProvider(createKeyStore("anthropic")),
new GooglePalmKeyProvider(createKeyStore("google-palm")),
new AwsBedrockKeyProvider(createKeyStore("aws"))
);
}
public init() {
this.keyProviders.forEach((provider) => provider.init());
public async init() {
await Promise.all(this.keyProviders.map((p) => p.init()));
const availableKeys = this.available("all");
if (availableKeys === 0) {
throw new Error(
"No keys loaded. Ensure OPENAI_KEY, ANTHROPIC_KEY, or GOOGLE_PALM_KEY are set."
);
throw new Error("No keys loaded, the application cannot start.");
}
this.scheduleRecheck();
}
@@ -43,33 +47,33 @@ export class KeyPool {
return this.keyProviders.flatMap((provider) => provider.list());
}
/**
* Marks a key as disabled for a specific reason. `revoked` should be used
* to indicate a key that can never be used again, while `quota` should be
* used to indicate a key that is still valid but has exceeded its quota.
*/
public disable(key: Key, reason: "quota" | "revoked"): void {
const service = this.getKeyProvider(key.service);
service.disable(key);
service.update(key.hash, { isRevoked: reason === "revoked" });
if (service instanceof OpenAIKeyProvider) {
service.update(key.hash, {
isRevoked: reason === "revoked",
isOverQuota: reason === "quota",
});
service.update(key.hash, { isOverQuota: reason === "quota" });
}
}
public update(key: Key, props: AllowedPartial): void {
public update<T extends Key>(key: T, props: Partial<T>): void {
const service = this.getKeyProvider(key.service);
service.update(key.hash, props);
}
public available(service: APIFormat | "all" = "all"): number {
public available(model: Model | "all" = "all"): number {
return this.keyProviders.reduce((sum, provider) => {
const includeProvider = service === "all" || service === provider.service;
const includeProvider =
model === "all" || this.getService(model) === provider.service;
return sum + (includeProvider ? provider.available() : 0);
}, 0);
}
public anyUnchecked(): boolean {
return this.keyProviders.some((provider) => provider.anyUnchecked());
}
public incrementUsage(key: Key, model: string, tokens: number): void {
const provider = this.getKeyProvider(key.service);
provider.incrementUsage(key.hash, model, tokens);
@@ -92,7 +96,7 @@ export class KeyPool {
}
}
public recheck(service: APIFormat): void {
public recheck(service: LLMService): void {
if (!config.checkKeys) {
logger.info("Skipping key recheck because key checking is disabled");
return;
@@ -102,8 +106,8 @@ export class KeyPool {
provider.recheck();
}
private getService(model: Model): APIFormat {
if (model.startsWith("gpt")) {
private getService(model: Model): LLMService {
if (model.startsWith("gpt") || model.startsWith("text-embedding-ada")) {
// https://platform.openai.com/docs/models/model-endpoint-compatibility
return "openai";
} else if (model.startsWith("claude-")) {
@@ -112,16 +116,15 @@ export class KeyPool {
} else if (model.includes("bison")) {
// https://developers.generativeai.google.com/models/language
return "google-palm";
} else if (model.startsWith("anthropic.claude")) {
// AWS offers models from a few providers
// https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids-arns.html
return "aws";
}
throw new Error(`Unknown service for model '${model}'`);
}
private getKeyProvider(service: APIFormat): KeyProvider {
// The "openai-text" service is a special case handled by OpenAIKeyProvider.
if (service === "openai-text") {
service = "openai";
}
private getKeyProvider(service: LLMService): KeyProviderBase {
return this.keyProviders.find((provider) => provider.service === service)!;
}
@@ -150,3 +153,25 @@ export class KeyPool {
this.recheckJobs.openai = job;
}
}
function createKeyStore<S extends LLMService>(
service: S
): KeyStore<ServiceToKey[S]> {
const serializer = getSerializer(service);
switch (config.persistenceProvider) {
case "memory":
return new MemoryKeyStore(service, serializer);
case "firebase_rtdb":
return new FirebaseKeyStore(service, serializer);
default:
throw new Error(`Unknown store type: ${config.persistenceProvider}`);
}
}
export let keyPool: KeyPool;
export async function init() {
keyPool = new KeyPool();
await keyPool.init();
}
src/shared/key-management/key-provider-base.ts
+65
View File
@@ -0,0 +1,65 @@
import { logger } from "../../logger";
import { Key, KeyStore, LLMService, Model } from "./types";
export abstract class KeyProviderBase<K extends Key = Key> {
public abstract readonly service: LLMService;
protected abstract readonly keys: K[];
protected abstract log: typeof logger;
protected readonly store: KeyStore<K>;
public constructor(keyStore: KeyStore<K>) {
this.store = keyStore;
}
public abstract init(): Promise<void>;
public addKey(key: K): void {
this.keys.push(key);
this.store.add(key);
}
public abstract get(model: Model): K;
/**
* Returns a list of all keys, with the actual key value removed. Don't
* mutate the returned objects; use `update` instead to ensure the changes
* are synced to the key store.
*/
public list(): Omit<K, "key">[] {
return this.keys.map((k) => Object.freeze({ ...k, key: undefined }));
}
public disable(key: K): void {
const keyFromPool = this.keys.find((k) => k.hash === key.hash);
if (!keyFromPool || keyFromPool.isDisabled) return;
this.update(key.hash, { isDisabled: true } as Partial<K>, true);
this.log.warn({ key: key.hash }, "Key disabled");
}
public update(hash: string, update: Partial<K>, force = false): void {
const key = this.keys.find((k) => k.hash === hash);
if (!key) {
throw new Error(`No key with hash ${hash}`);
}
Object.assign(key, { lastChecked: Date.now(), ...update });
this.store.update(hash, update, force);
}
public available(): number {
return this.keys.filter((k) => !k.isDisabled).length;
}
public abstract incrementUsage(
hash: string,
model: string,
tokens: number
): void;
public abstract getLockoutPeriod(model: Model): number;
public abstract markRateLimited(hash: string): void;
public abstract recheck(): void;
}
src/shared/key-management/key-serializer-base.ts
+31
View File
@@ -0,0 +1,31 @@
import { Key, KeySerializer, SerializedKey } from "./types";
export abstract class KeySerializerBase<K extends Key>
implements KeySerializer<K>
{
protected constructor(protected serializableFields: (keyof K)[]) {}
serialize(keyObj: K): SerializedKey {
return {
...Object.fromEntries(
this.serializableFields
.map((f) => [f, keyObj[f]])
.filter(([, v]) => v !== undefined)
),
key: keyObj.key,
};
}
partialSerialize(key: string, update: Partial<K>): Partial<SerializedKey> {
return {
...Object.fromEntries(
this.serializableFields
.map((f) => [f, update[f]])
.filter(([, v]) => v !== undefined)
),
key,
};
}
abstract deserialize(serializedKey: SerializedKey): K;
}
src/shared/key-management/openai/checker.ts
+16 -107
View File
@@ -1,17 +1,10 @@
import axios, { AxiosError } from "axios";
import { logger } from "../../../logger";
import type { OpenAIKey, OpenAIKeyProvider } from "./provider";
import type { OpenAIModelFamily } from "../../models";
import { KeyCheckerBase } from "../key-checker-base";
import type { OpenAIKey, OpenAIKeyProvider } from "./provider";
/** Minimum time in between any two key checks. */
const MIN_CHECK_INTERVAL = 3 * 1000; // 3 seconds
/**
* Minimum time in between checks for a given key. Because we can no longer
* read quota usage, there is little reason to check a single key more often
* than this.
**/
const KEY_CHECK_PERIOD = 60 * 60 * 1000; // 1 hour
const POST_CHAT_COMPLETIONS_URL = "https://api.openai.com/v1/chat/completions";
const GET_MODELS_URL = "https://api.openai.com/v1/models";
const GET_ORGANIZATIONS_URL = "https://api.openai.com/v1/organizations";
@@ -31,104 +24,21 @@ type OpenAIError = {
type CloneFn = typeof OpenAIKeyProvider.prototype.clone;
type UpdateFn = typeof OpenAIKeyProvider.prototype.update;
export class OpenAIKeyChecker {
private readonly keys: OpenAIKey[];
private log = logger.child({ module: "key-checker", service: "openai" });
private timeout?: NodeJS.Timeout;
private cloneKey: CloneFn;
private updateKey: UpdateFn;
private lastCheck = 0;
export class OpenAIKeyChecker extends KeyCheckerBase<OpenAIKey> {
private readonly cloneKey: CloneFn;
private readonly updateKey: UpdateFn;
constructor(keys: OpenAIKey[], cloneFn: CloneFn, updateKey: UpdateFn) {
this.keys = keys;
super(keys, {
service: "openai",
keyCheckPeriod: KEY_CHECK_PERIOD,
minCheckInterval: MIN_CHECK_INTERVAL,
});
this.cloneKey = cloneFn;
this.updateKey = updateKey;
}
public start() {
this.log.info("Starting key checker...");
this.timeout = setTimeout(() => this.scheduleNextCheck(), 0);
}
public stop() {
if (this.timeout) {
this.log.debug("Stopping key checker...");
clearTimeout(this.timeout);
}
}
/**
* Schedules the next check. If there are still keys yet to be checked, it
* will schedule a check immediately for the next unchecked key. Otherwise,
* it will schedule a check for the least recently checked key, respecting
* the minimum check interval.
**/
public scheduleNextCheck() {
const callId = Math.random().toString(36).slice(2, 8);
const timeoutId = this.timeout?.[Symbol.toPrimitive]?.();
const checkLog = this.log.child({ callId, timeoutId });
const enabledKeys = this.keys.filter((key) => !key.isDisabled);
checkLog.debug({ enabled: enabledKeys.length }, "Scheduling next check...");
//
clearTimeout(this.timeout);
if (enabledKeys.length === 0) {
checkLog.warn("All keys are disabled. Key checker stopping.");
return;
}
// Perform startup checks for any keys that haven't been checked yet.
const uncheckedKeys = enabledKeys.filter((key) => !key.lastChecked);
checkLog.debug({ unchecked: uncheckedKeys.length }, "# of unchecked keys");
if (uncheckedKeys.length > 0) {
const keysToCheck = uncheckedKeys.slice(0, 12);
this.timeout = setTimeout(async () => {
try {
await Promise.all(keysToCheck.map((key) => this.checkKey(key)));
} catch (error) {
this.log.error({ error }, "Error checking one or more keys.");
}
checkLog.info("Batch complete.");
this.scheduleNextCheck();
}, 250);
checkLog.info(
{
batch: keysToCheck.map((k) => k.hash),
remaining: uncheckedKeys.length - keysToCheck.length,
newTimeoutId: this.timeout?.[Symbol.toPrimitive]?.(),
},
"Scheduled batch check."
);
return;
}
// Schedule the next check for the oldest key.
const oldestKey = enabledKeys.reduce((oldest, key) =>
key.lastChecked < oldest.lastChecked ? key : oldest
);
// Don't check any individual key too often.
// Don't check anything at all at a rate faster than once per 3 seconds.
const nextCheck = Math.max(
oldestKey.lastChecked + KEY_CHECK_PERIOD,
this.lastCheck + MIN_CHECK_INTERVAL
);
const delay = nextCheck - Date.now();
this.timeout = setTimeout(() => this.checkKey(oldestKey), delay);
checkLog.debug(
{ key: oldestKey.hash, nextCheck: new Date(nextCheck), delay },
"Scheduled single key check."
);
}
private async checkKey(key: OpenAIKey) {
// It's possible this key might have been disabled while we were waiting
// for the next check.
protected async checkKey(key: OpenAIKey) {
if (key.isDisabled) {
this.log.warn({ key: key.hash }, "Skipping check for disabled key.");
this.scheduleNextCheck();
@@ -232,7 +142,7 @@ export class OpenAIKeyChecker {
this.cloneKey(key.hash, ids);
}
private handleAxiosError(key: OpenAIKey, error: AxiosError) {
protected handleAxiosError(key: OpenAIKey, error: AxiosError) {
if (error.response && OpenAIKeyChecker.errorIsOpenAIError(error)) {
const { status, data } = error.response;
if (status === 401) {
@@ -248,10 +158,10 @@ export class OpenAIKeyChecker {
} else if (status === 429) {
switch (data.error.type) {
case "insufficient_quota":
case "access_terminated":
case "billing_not_active":
const isOverQuota = data.error.type === "insufficient_quota";
const isRevoked = !isOverQuota;
case "access_terminated":
const isRevoked = data.error.type === "access_terminated";
const isOverQuota = !isRevoked;
const modelFamilies: OpenAIModelFamily[] = isRevoked
? ["turbo"]
: key.modelFamilies;
@@ -392,10 +302,9 @@ export class OpenAIKeyChecker {
}
static getHeaders(key: OpenAIKey) {
const headers = {
return {
Authorization: `Bearer ${key.key}`,
...(key.organizationId && { "OpenAI-Organization": key.organizationId }),
};
return headers;
}
}
src/shared/key-management/openai/provider.ts
+42 -126
View File
@@ -1,27 +1,23 @@
/* Manages OpenAI API keys. Tracks usage, disables expired keys, and provides
round-robin access to keys. Keys are stored in the OPENAI_KEY environment
variable as a comma-separated list of keys. */
import crypto from "crypto";
import http from "http";
import { KeyProvider, Key, Model } from "../index";
import { IncomingHttpHeaders } from "http";
import { config } from "../../../config";
import { logger } from "../../../logger";
import { getOpenAIModelFamily, OpenAIModelFamily } from "../../models";
import { Key, Model } from "../types";
import { OpenAIKeyChecker } from "./checker";
import { OpenAIModelFamily, getOpenAIModelFamily } from "../../models";
import { KeyProviderBase } from "../key-provider-base";
export type OpenAIModel =
| "gpt-3.5-turbo"
| "gpt-3.5-turbo-instruct"
| "gpt-4"
| "gpt-4-32k";
export const OPENAI_SUPPORTED_MODELS: readonly OpenAIModel[] = [
const KEY_REUSE_DELAY = 1000;
export const OPENAI_SUPPORTED_MODELS = [
"gpt-3.5-turbo",
"gpt-3.5-turbo-instruct",
"gpt-4",
"gpt-4-32k",
"text-embedding-ada-002",
] as const;
export type OpenAIModel = (typeof OPENAI_SUPPORTED_MODELS)[number];
// Flattening model families instead of using a nested object for easier
// cloning.
type OpenAIKeyUsage = {
[K in OpenAIModelFamily as `${K}Tokens`]: number;
};
@@ -35,8 +31,8 @@ export interface OpenAIKey extends Key, OpenAIKeyUsage {
* status separately.
*/
organizationId?: string;
/** Set when key check returns a 401. */
isRevoked: boolean;
/** Whether this is a free trial key. These are prioritized over paid keys if they can fulfill the request. */
isTrial: boolean;
/** Set when key check returns a non-transient 429. */
isOverQuota: boolean;
/** The time at which this key was last rate limited. */
@@ -65,64 +61,30 @@ export interface OpenAIKey extends Key, OpenAIKeyUsage {
rateLimitTokensReset: number;
}
export type OpenAIKeyUpdate = Omit<
Partial<OpenAIKey>,
"key" | "hash" | "promptCount"
>;
/**
* Upon assigning a key, we will wait this many milliseconds before allowing it
* to be used again. This is to prevent the queue from flooding a key with too
* many requests while we wait to learn whether previous ones succeeded.
*/
const KEY_REUSE_DELAY = 1000;
export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
export class OpenAIKeyProvider extends KeyProviderBase<OpenAIKey> {
readonly service = "openai" as const;
private keys: OpenAIKey[] = [];
protected readonly keys: OpenAIKey[] = [];
private checker?: OpenAIKeyChecker;
private log = logger.child({ module: "key-provider", service: this.service });
protected log = logger.child({ module: "key-provider", service: this.service });
constructor() {
const keyString = config.openaiKey?.trim();
if (!keyString) {
this.log.warn("OPENAI_KEY is not set. OpenAI API will not be available.");
return;
}
let bareKeys: string[];
bareKeys = keyString.split(",").map((k) => k.trim());
bareKeys = [...new Set(bareKeys)];
for (const k of bareKeys) {
const newKey: OpenAIKey = {
key: k,
service: "openai" as const,
modelFamilies: ["turbo" as const, "gpt4" as const],
isTrial: false,
isDisabled: false,
isRevoked: false,
isOverQuota: false,
lastUsed: 0,
lastChecked: 0,
promptCount: 0,
hash: `oai-${crypto
.createHash("sha256")
.update(k)
.digest("hex")
.slice(0, 8)}`,
rateLimitedAt: 0,
rateLimitRequestsReset: 0,
rateLimitTokensReset: 0,
turboTokens: 0,
gpt4Tokens: 0,
"gpt4-32kTokens": 0,
};
this.keys.push(newKey);
}
this.log.info({ keyCount: this.keys.length }, "Loaded OpenAI keys.");
}
public async init() {
const storeName = this.store.constructor.name;
const loadedKeys = await this.store.load();
// TODO: after key management UI, keychecker should always be enabled
// because keys may be added after initialization.
if (loadedKeys.length === 0) {
return this.log.warn({ via: storeName }, "No OpenAI keys found.");
}
this.keys.push(...loadedKeys);
this.log.info(
{ count: this.keys.length, via: storeName },
"Loaded OpenAI keys."
);
public init() {
if (config.checkKeys) {
const cloneFn = this.clone.bind(this);
const updateFn = this.update.bind(this);
@@ -131,23 +93,16 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
}
}
/**
* Returns a list of all keys, with the key field removed.
* Don't mutate returned keys, use a KeyPool method instead.
**/
public list() {
return this.keys.map((key) => {
return Object.freeze({
...key,
key: undefined,
});
});
}
public get(model: Model) {
const neededFamily = getOpenAIModelFamily(model);
const excludeTrials = model === "text-embedding-ada-002";
const availableKeys = this.keys.filter(
(key) => !key.isDisabled && key.modelFamilies.includes(neededFamily)
// Allow keys which...
(key) =>
!key.isDisabled && // ...are not disabled
key.modelFamilies.includes(neededFamily) && // ...have access to the model
(!excludeTrials || !key.isTrial) // ...and are not trials (if applicable)
);
if (availableKeys.length === 0) {
@@ -226,13 +181,6 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
return { ...selectedKey };
}
/** Called by the key checker to update key information. */
public update(keyHash: string, update: OpenAIKeyUpdate) {
const keyFromPool = this.keys.find((k) => k.hash === keyHash)!;
Object.assign(keyFromPool, { lastChecked: Date.now(), ...update });
// this.writeKeyStatus();
}
/** Called by the key checker to create clones of keys for the given orgs. */
public clone(keyHash: string, newOrgIds: string[]) {
const keyFromPool = this.keys.find((k) => k.hash === keyHash)!;
@@ -254,23 +202,7 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
);
return clone;
});
this.keys.push(...clones);
}
/** Disables a key, or does nothing if the key isn't in this pool. */
public disable(key: Key) {
const keyFromPool = this.keys.find((k) => k.hash === key.hash);
if (!keyFromPool || keyFromPool.isDisabled) return;
this.update(key.hash, { isDisabled: true });
this.log.warn({ key: key.hash }, "Key disabled");
}
public available() {
return this.keys.filter((k) => !k.isDisabled).length;
}
public anyUnchecked() {
return !!config.checkKeys && this.keys.some((key) => !key.lastChecked);
clones.forEach((clone) => this.addKey(clone));
}
/**
@@ -311,7 +243,7 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
// If all keys are rate-limited, return the time until the first key is
// ready.
const timeUntilFirstReady = Math.min(
return Math.min(
...activeKeys.map((key) => {
const resetTime = Math.max(
key.rateLimitRequestsReset,
@@ -320,11 +252,10 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
return key.rateLimitedAt + resetTime - now;
})
);
return timeUntilFirstReady;
}
public markRateLimited(keyHash: string) {
this.log.warn({ key: keyHash }, "Key rate limited");
this.log.debug({ key: keyHash }, "Key rate limited");
const key = this.keys.find((k) => k.hash === keyHash)!;
key.rateLimitedAt = Date.now();
}
@@ -336,7 +267,7 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
key[`${getOpenAIModelFamily(model)}Tokens`] += tokens;
}
public updateRateLimits(keyHash: string, headers: http.IncomingHttpHeaders) {
public updateRateLimits(keyHash: string, headers: IncomingHttpHeaders) {
const key = this.keys.find((k) => k.hash === keyHash)!;
const requestsReset = headers["x-ratelimit-reset-requests"];
const tokensReset = headers["x-ratelimit-reset-tokens"];
@@ -380,21 +311,6 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
});
this.checker?.scheduleNextCheck();
}
/** Writes key status to disk. */
// public writeKeyStatus() {
// const keys = this.keys.map((key) => ({
// key: key.key,
// isGpt4: key.isGpt4,
// usage: key.usage,
// hardLimit: key.hardLimit,
// isDisabled: key.isDisabled,
// }));
// fs.writeFileSync(
// path.join(__dirname, "..", "keys.json"),
// JSON.stringify(keys, null, 2)
// );
// }
}
/**
src/shared/key-management/openai/serializer.ts
+49
View File
@@ -0,0 +1,49 @@
import crypto from "crypto";
import type { OpenAIKey, SerializedKey } from "../index";
import { KeySerializerBase } from "../key-serializer-base";
const SERIALIZABLE_FIELDS: (keyof OpenAIKey)[] = [
"key",
"service",
"hash",
"organizationId",
"promptCount",
"gpt4Tokens",
"gpt4-32kTokens",
"turboTokens",
];
export type SerializedOpenAIKey = SerializedKey &
Partial<Pick<OpenAIKey, (typeof SERIALIZABLE_FIELDS)[number]>>;
export class OpenAIKeySerializer extends KeySerializerBase<OpenAIKey> {
constructor() {
super(SERIALIZABLE_FIELDS);
}
deserialize({ key, ...rest }: SerializedOpenAIKey): OpenAIKey {
return {
key,
service: "openai",
modelFamilies: ["turbo" as const, "gpt4" as const],
isTrial: false,
isDisabled: false,
isRevoked: false,
isOverQuota: false,
lastUsed: 0,
lastChecked: 0,
promptCount: 0,
hash: `oai-${crypto
.createHash("sha256")
.update(key)
.digest("hex")
.slice(0, 8)}`,
rateLimitedAt: 0,
rateLimitRequestsReset: 0,
rateLimitTokensReset: 0,
turboTokens: 0,
gpt4Tokens: 0,
"gpt4-32kTokens": 0,
...rest,
};
}
}
src/shared/key-management/palm/provider.ts
+22 -93
View File
@@ -1,26 +1,15 @@
import crypto from "crypto";
import { Key, KeyProvider } from "..";
import { config } from "../../../config";
import { logger } from "../../../logger";
import type { GooglePalmModelFamily } from "../../models";
import { KeyProviderBase } from "../key-provider-base";
import { Key } from "../types";
const RATE_LIMIT_LOCKOUT = 2000;
const KEY_REUSE_DELAY = 500;
// https://developers.generativeai.google.com/models/language
export const GOOGLE_PALM_SUPPORTED_MODELS = [
"text-bison-001",
// "chat-bison-001", no adjustable safety settings, so it's useless
] as const;
export const GOOGLE_PALM_SUPPORTED_MODELS = ["text-bison-001"] as const;
export type GooglePalmModel = (typeof GOOGLE_PALM_SUPPORTED_MODELS)[number];
export type GooglePalmKeyUpdate = Omit<
Partial<GooglePalmKey>,
| "key"
| "hash"
| "lastUsed"
| "promptCount"
| "rateLimitedAt"
| "rateLimitedUntil"
>;
type GooglePalmKeyUsage = {
[K in GooglePalmModelFamily as `${K}Tokens`]: number;
};
@@ -34,62 +23,25 @@ export interface GooglePalmKey extends Key, GooglePalmKeyUsage {
rateLimitedUntil: number;
}
/**
* Upon being rate limited, a key will be locked out for this many milliseconds
* while we wait for other concurrent requests to finish.
*/
const RATE_LIMIT_LOCKOUT = 2000;
/**
* Upon assigning a key, we will wait this many milliseconds before allowing it
* to be used again. This is to prevent the queue from flooding a key with too
* many requests while we wait to learn whether previous ones succeeded.
*/
const KEY_REUSE_DELAY = 500;
export class GooglePalmKeyProvider implements KeyProvider<GooglePalmKey> {
export class GooglePalmKeyProvider extends KeyProviderBase<GooglePalmKey> {
readonly service = "google-palm";
private keys: GooglePalmKey[] = [];
private log = logger.child({ module: "key-provider", service: this.service });
protected keys: GooglePalmKey[] = [];
protected log = logger.child({ module: "key-provider", service: this.service });
constructor() {
const keyConfig = config.googlePalmKey?.trim();
if (!keyConfig) {
this.log.warn(
"GOOGLE_PALM_KEY is not set. PaLM API will not be available."
);
return;
public async init() {
const storeName = this.store.constructor.name;
const loadedKeys = await this.store.load();
if (loadedKeys.length === 0) {
return this.log.warn({ via: storeName }, "No Google PaLM keys found.");
}
let bareKeys: string[];
bareKeys = [...new Set(keyConfig.split(",").map((k) => k.trim()))];
for (const key of bareKeys) {
const newKey: GooglePalmKey = {
key,
service: this.service,
modelFamilies: ["bison"],
isTrial: false,
isDisabled: false,
promptCount: 0,
lastUsed: 0,
rateLimitedAt: 0,
rateLimitedUntil: 0,
hash: `plm-${crypto
.createHash("sha256")
.update(key)
.digest("hex")
.slice(0, 8)}`,
lastChecked: 0,
bisonTokens: 0,
};
this.keys.push(newKey);
}
this.log.info({ keyCount: this.keys.length }, "Loaded PaLM keys.");
}
public init() {}
public list() {
return this.keys.map((k) => Object.freeze({ ...k, key: undefined }));
this.keys.push(...loadedKeys);
this.log.info(
{ count: this.keys.length, via: storeName },
"Loaded PaLM keys."
);
}
public get(_model: GooglePalmModel) {
@@ -130,26 +82,6 @@ export class GooglePalmKeyProvider implements KeyProvider<GooglePalmKey> {
return { ...selectedKey };
}
public disable(key: GooglePalmKey) {
const keyFromPool = this.keys.find((k) => k.hash === key.hash);
if (!keyFromPool || keyFromPool.isDisabled) return;
keyFromPool.isDisabled = true;
this.log.warn({ key: key.hash }, "Key disabled");
}
public update(hash: string, update: Partial<GooglePalmKey>) {
const keyFromPool = this.keys.find((k) => k.hash === hash)!;
Object.assign(keyFromPool, { lastChecked: Date.now(), ...update });
}
public available() {
return this.keys.filter((k) => !k.isDisabled).length;
}
public anyUnchecked() {
return false;
}
public incrementUsage(hash: string, _model: string, tokens: number) {
const key = this.keys.find((k) => k.hash === hash);
if (!key) return;
@@ -171,10 +103,7 @@ export class GooglePalmKeyProvider implements KeyProvider<GooglePalmKey> {
// If all keys are rate-limited, return the time until the first key is
// ready.
const timeUntilFirstReady = Math.min(
...activeKeys.map((k) => k.rateLimitedUntil - now)
);
return timeUntilFirstReady;
return Math.min(...activeKeys.map((k) => k.rateLimitedUntil - now));
}
/**
@@ -185,7 +114,7 @@ export class GooglePalmKeyProvider implements KeyProvider<GooglePalmKey> {
* retrying in order to give the other requests a chance to finish.
*/
public markRateLimited(keyHash: string) {
this.log.warn({ key: keyHash }, "Key rate limited");
this.log.debug({ key: keyHash }, "Key rate limited");
const key = this.keys.find((k) => k.hash === keyHash)!;
const now = Date.now();
key.rateLimitedAt = now;
src/shared/key-management/palm/serializer.ts
+42
View File
@@ -0,0 +1,42 @@
import crypto from "crypto";
import type { GooglePalmKey, SerializedKey } from "../index";
import { KeySerializerBase } from "../key-serializer-base";
const SERIALIZABLE_FIELDS: (keyof GooglePalmKey)[] = [
"key",
"service",
"hash",
"promptCount",
"bisonTokens",
];
export type SerializedGooglePalmKey = SerializedKey &
Partial<Pick<GooglePalmKey, (typeof SERIALIZABLE_FIELDS)[number]>>;
export class GooglePalmKeySerializer extends KeySerializerBase<GooglePalmKey> {
constructor() {
super(SERIALIZABLE_FIELDS);
}
deserialize(serializedKey: SerializedGooglePalmKey): GooglePalmKey {
const { key, ...rest } = serializedKey;
return {
key,
service: "google-palm" as const,
modelFamilies: ["bison"],
isDisabled: false,
isRevoked: false,
promptCount: 0,
lastUsed: 0,
rateLimitedAt: 0,
rateLimitedUntil: 0,
hash: `plm-${crypto
.createHash("sha256")
.update(key)
.digest("hex")
.slice(0, 8)}`,
lastChecked: 0,
bisonTokens: 0,
...rest,
};
}
}
src/shared/key-management/serializers.ts
+36
View File
@@ -0,0 +1,36 @@
import { assertNever } from "../utils";
import {
Key,
KeySerializer,
LLMService,
SerializedKey,
ServiceToKey,
} from "./types";
import { OpenAIKeySerializer } from "./openai/serializer";
import { AnthropicKeySerializer } from "./anthropic/serializer";
import { GooglePalmKeySerializer } from "./palm/serializer";
import { AwsBedrockKeySerializer } from "./aws/serializer";
export function assertSerializedKey(k: any): asserts k is SerializedKey {
if (typeof k !== "object" || !k || typeof (k as any).key !== "string") {
throw new Error("Invalid serialized key data");
}
}
export function getSerializer<S extends LLMService>(
service: S
): KeySerializer<ServiceToKey[S]>;
export function getSerializer(service: LLMService): KeySerializer<Key> {
switch (service) {
case "openai":
return new OpenAIKeySerializer();
case "anthropic":
return new AnthropicKeySerializer();
case "google-palm":
return new GooglePalmKeySerializer();
case "aws":
return new AwsBedrockKeySerializer();
default:
assertNever(service);
}
}
src/shared/key-management/stores/firebase.ts
+125
View File
@@ -0,0 +1,125 @@
import firebase from "firebase-admin";
import { config, getFirebaseApp } from "../../../config";
import { logger } from "../../../logger";
import { assertSerializedKey } from "../serializers";
import type {
Key,
KeySerializer,
KeyStore,
LLMService,
SerializedKey,
} from "../types";
import { MemoryKeyStore } from "./index";
export class FirebaseKeyStore<K extends Key> implements KeyStore<K> {
private readonly db: firebase.database.Database;
private readonly log: typeof logger;
private readonly pendingUpdates: Map<string, Partial<SerializedKey>>;
private readonly root: string;
private readonly serializer: KeySerializer<K>;
private readonly service: LLMService;
private flushInterval: NodeJS.Timeout | null = null;
private keysRef: firebase.database.Reference | null = null;
constructor(
service: LLMService,
serializer: KeySerializer<K>,
app = getFirebaseApp()
) {
this.db = firebase.database(app);
this.log = logger.child({ module: "firebase-key-store", service });
this.root = `keys/${config.firebaseRtdbRoot.toLowerCase()}/${service}`;
this.serializer = serializer;
this.service = service;
this.pendingUpdates = new Map();
this.scheduleFlush();
}
public async load(isMigrating = false): Promise<K[]> {
const keysRef = this.db.ref(this.root);
const snapshot = await keysRef.once("value");
const keys = snapshot.val();
this.keysRef = keysRef;
if (!keys) {
if (isMigrating) return [];
this.log.warn("No keys found in Firebase. Migrating from environment.");
await this.migrate();
return this.load(true);
}
return Object.values(keys).map((k) => {
assertSerializedKey(k);
return this.serializer.deserialize(k);
});
}
public add(key: K) {
const serialized = this.serializer.serialize(key);
this.pendingUpdates.set(key.hash, serialized);
this.forceFlush();
}
public update(id: string, update: Partial<K>, force = false) {
const existing = this.pendingUpdates.get(id) ?? {};
Object.assign(existing, this.serializer.partialSerialize(id, update));
this.pendingUpdates.set(id, existing);
if (force) this.forceFlush();
}
private forceFlush() {
if (this.flushInterval) clearInterval(this.flushInterval);
this.flushInterval = setTimeout(() => this.flush(), 0);
}
private scheduleFlush() {
if (this.flushInterval) clearInterval(this.flushInterval);
this.flushInterval = setInterval(() => this.flush(), 1000 * 60 * 5);
}
private async flush() {
if (!this.keysRef) {
this.log.warn(
{ pendingUpdates: this.pendingUpdates.size },
"Database not loaded yet. Skipping flush."
);
return this.scheduleFlush();
}
if (this.pendingUpdates.size === 0) {
this.log.debug("No pending key updates to flush.");
return this.scheduleFlush();
}
const updates: Record<string, Partial<SerializedKey>> = {};
this.pendingUpdates.forEach((v, k) => (updates[k] = v));
this.pendingUpdates.clear();
console.log(updates);
await this.keysRef.update(updates);
this.log.debug(
{ count: Object.keys(updates).length },
"Flushed pending key updates."
);
this.scheduleFlush();
}
private async migrate(): Promise<SerializedKey[]> {
const keysRef = this.db.ref(this.root);
const envStore = new MemoryKeyStore<K>(this.service, this.serializer);
const keys = await envStore.load();
if (keys.length === 0) {
this.log.warn("No keys found in environment or Firebase.");
return [];
}
const updates: Record<string, SerializedKey> = {};
keys.forEach((k) => (updates[k.hash] = this.serializer.serialize(k)));
await keysRef.update(updates);
this.log.info({ count: keys.length }, "Migrated keys from environment.");
return Object.values(updates);
}
}
src/shared/key-management/stores/index.ts
+2
View File
@@ -0,0 +1,2 @@
export { FirebaseKeyStore } from "./firebase";
export { MemoryKeyStore } from "./memory";
src/shared/key-management/stores/memory.ts
+41
View File
@@ -0,0 +1,41 @@
import { assertNever } from "../../utils";
import { Key, KeySerializer, KeyStore, LLMService } from "../types";
export class MemoryKeyStore<K extends Key> implements KeyStore<K> {
private readonly env: string;
private readonly serializer: KeySerializer<K>;
constructor(service: LLMService, serializer: KeySerializer<K>) {
switch (service) {
case "anthropic":
this.env = "ANTHROPIC_KEY";
break;
case "openai":
this.env = "OPENAI_KEY";
break;
case "google-palm":
this.env = "GOOGLE_PALM_KEY";
break;
case "aws":
this.env = "AWS_CREDENTIALS";
break;
default:
assertNever(service);
}
this.serializer = serializer;
}
public async load() {
let envKeys: string[];
envKeys = [
...new Set(process.env[this.env]?.split(",").map((k) => k.trim())),
];
return envKeys
.filter((k) => k)
.map((k) => this.serializer.deserialize({ key: k }));
}
public add() {}
public update() {}
}
src/shared/key-management/types.ts
+64
View File
@@ -0,0 +1,64 @@
import type { OpenAIKey, OpenAIModel } from "./openai/provider";
import type { AnthropicKey, AnthropicModel } from "./anthropic/provider";
import type { GooglePalmKey, GooglePalmModel } from "./palm/provider";
import type { AwsBedrockKey, AwsBedrockModel } from "./aws/provider";
import type { ModelFamily } from "../models";
/** The request and response format used by a model's API. */
export type APIFormat = "openai" | "anthropic" | "google-palm" | "openai-text";
/**
* The service that a model is hosted on; distinct because services like AWS
* provide APIs from other service providers, but have their own authentication
* and key management.
*/
export type LLMService = "openai" | "anthropic" | "google-palm" | "aws";
export type Model =
| OpenAIModel
| AnthropicModel
| GooglePalmModel
| AwsBedrockModel;
type AllKeys = OpenAIKey | AnthropicKey | GooglePalmKey | AwsBedrockKey;
export type ServiceToKey = {
[K in AllKeys["service"]]: Extract<AllKeys, { service: K }>;
};
export type SerializedKey = { key: string };
export interface Key {
/** The API key itself. Never log this, use `hash` instead. */
readonly key: string;
/** The service that this key is for. */
service: LLMService;
/** The model families that this key has access to. */
modelFamilies: ModelFamily[];
/** Whether this key is currently disabled for some reason. */
isDisabled: boolean;
/**
* Whether this key specifically has been revoked. This is different from
* `isDisabled` because a key can be disabled for other reasons, such as
* exceeding its quota. A revoked key is assumed to be permanently disabled,
* and KeyStore implementations should not return it when loading keys.
*/
isRevoked: boolean;
/** The number of prompts that have been sent with this key. */
promptCount: number;
/** The time at which this key was last used. */
lastUsed: number;
/** The time at which this key was last checked. */
lastChecked: number;
/** Hash of the key, for logging and to find the key in the pool. */
hash: string;
}
export interface KeySerializer<K> {
serialize(keyObj: K): SerializedKey;
deserialize(serializedKey: SerializedKey): K;
partialSerialize(key: string, update: Partial<K>): Partial<SerializedKey>;
}
export interface KeyStore<K extends Key> {
load(): Promise<K[]>;
add(key: K): void;
update(id: string, update: Partial<K>, force?: boolean): void;
}
src/shared/models.ts
+16 -2
View File
@@ -3,14 +3,23 @@ import { logger } from "../logger";
export type OpenAIModelFamily = "turbo" | "gpt4" | "gpt4-32k";
export type AnthropicModelFamily = "claude";
export type GooglePalmModelFamily = "bison";
export type AwsBedrockModelFamily = "aws-claude";
export type ModelFamily =
| OpenAIModelFamily
| AnthropicModelFamily
| GooglePalmModelFamily;
| GooglePalmModelFamily
| AwsBedrockModelFamily;
export const MODEL_FAMILIES = (<A extends readonly ModelFamily[]>(
arr: A & ([ModelFamily] extends [A[number]] ? unknown : never)
) => arr)(["turbo", "gpt4", "gpt4-32k", "claude", "bison"] as const);
) => arr)([
"turbo",
"gpt4",
"gpt4-32k",
"claude",
"bison",
"aws-claude",
] as const);
export const OPENAI_MODEL_FAMILY_MAP: { [regex: string]: OpenAIModelFamily } = {
"^gpt-4-32k-\\d{4}$": "gpt4-32k",
@@ -18,6 +27,7 @@ export const OPENAI_MODEL_FAMILY_MAP: { [regex: string]: OpenAIModelFamily } = {
"^gpt-4-\\d{4}$": "gpt4",
"^gpt-4$": "gpt4",
"^gpt-3.5-turbo": "turbo",
"^text-embedding-ada-002$": "turbo",
};
export function getOpenAIModelFamily(model: string): OpenAIModelFamily {
@@ -40,6 +50,10 @@ export function getGooglePalmModelFamily(model: string): ModelFamily {
return "bison";
}
export function getAwsBedrockModelFamily(_model: string): ModelFamily {
return "aws-claude";
}
export function assertIsKnownModelFamily(
modelFamily: string
): asserts modelFamily is ModelFamily {
src/shared/stats.ts
+1
View File
@@ -14,6 +14,7 @@ export function getTokenCostUsd(model: ModelFamily, tokens: number) {
case "turbo":
cost = 0.0000015;
break;
case "aws-claude":
case "claude":
cost = 0.00001102;
break;
src/shared/streaming.ts
+95
View File
@@ -0,0 +1,95 @@
import { Request, Response } from "express";
import { IncomingMessage } from "http";
import { assertNever } from "./utils";
export function initializeSseStream(res: Response) {
res.statusCode = 200;
res.setHeader("Content-Type", "text/event-stream; charset=utf-8");
res.setHeader("Cache-Control", "no-cache");
res.setHeader("Connection", "keep-alive");
res.setHeader("X-Accel-Buffering", "no"); // nginx-specific fix
res.flushHeaders();
}
/**
* Copies headers received from upstream API to the SSE response, excluding
* ones we need to set ourselves for SSE to work.
*/
export function copySseResponseHeaders(
proxyRes: IncomingMessage,
res: Response
) {
const toOmit = [
"content-length",
"content-encoding",
"transfer-encoding",
"content-type",
"connection",
"cache-control",
];
for (const [key, value] of Object.entries(proxyRes.headers)) {
if (!toOmit.includes(key) && value) {
res.setHeader(key, value);
}
}
}
/**
* Returns an SSE message that looks like a completion event for the service
* that the request is being proxied to. Used to send error messages to the
* client in the middle of a streaming request.
*/
export function buildFakeSse(
type: string,
string: string,
req: Request
) {
let fakeEvent;
const content = `\`\`\`\n[${type}: ${string}]\n\`\`\`\n`;
switch (req.inboundApi) {
case "openai":
fakeEvent = {
id: "chatcmpl-" + req.id,
object: "chat.completion.chunk",
created: Date.now(),
model: req.body?.model,
choices: [{ delta: { content }, index: 0, finish_reason: type }]
};
break;
case "openai-text":
fakeEvent = {
id: "cmpl-" + req.id,
object: "text_completion",
created: Date.now(),
choices: [
{ text: content, index: 0, logprobs: null, finish_reason: type }
],
model: req.body?.model
};
break;
case "anthropic":
fakeEvent = {
completion: content,
stop_reason: type,
truncated: false, // I've never seen this be true
stop: null,
model: req.body?.model,
log_id: "proxy-req-" + req.id
};
break;
case "google-palm":
throw new Error("PaLM not supported as an inbound API format");
default:
assertNever(req.inboundApi);
}
if (req.inboundApi === "anthropic") {
return [
"event: completion",
`data: ${JSON.stringify(fakeEvent)}`,
].join("\n") + "\n\n";
}
return `data: ${JSON.stringify(fakeEvent)}\n\n`;
}
src/shared/tokenization/tokenizer.ts
+2 -7
View File
@@ -1,5 +1,4 @@
import { Request } from "express";
import { config } from "../../config";
import { assertNever } from "../utils";
import {
init as initClaude,
@@ -13,12 +12,8 @@ import {
import { APIFormat } from "../key-management";
export async function init() {
if (config.anthropicKey) {
initClaude();
}
if (config.openaiKey || config.googlePalmKey) {
initOpenAi();
}
initClaude();
initOpenAi();
}
/** Tagged union via `service` field of the different types of requests that can
src/shared/users/schema.ts
+1
View File
@@ -8,6 +8,7 @@ export const tokenCountsSchema: ZodType<UserTokenCounts> = z.object({
"gpt4-32k": z.number().optional().default(0),
claude: z.number().optional().default(0),
bison: z.number().optional().default(0),
"aws-claude": z.number().optional().default(0),
});
export const UserSchema = z
src/shared/users/user-store.ts
+16 -10
View File
@@ -11,7 +11,7 @@ import admin from "firebase-admin";
import schedule from "node-schedule";
import { v4 as uuid } from "uuid";
import { config, getFirebaseApp } from "../../config";
import { ModelFamily } from "../models";
import { MODEL_FAMILIES, ModelFamily } from "../models";
import { logger } from "../../logger";
import { User, UserTokenCounts, UserUpdate } from "./schema";
@@ -23,6 +23,7 @@ const INITIAL_TOKENS: Required<UserTokenCounts> = {
"gpt4-32k": 0,
claude: 0,
bison: 0,
"aws-claude": 0,
};
const users: Map<string, User> = new Map();
@@ -31,8 +32,8 @@ let quotaRefreshJob: schedule.Job | null = null;
let userCleanupJob: schedule.Job | null = null;
export async function init() {
log.info({ store: config.gatekeeperStore }, "Initializing user store...");
if (config.gatekeeperStore === "firebase_rtdb") {
log.info({ store: config.persistenceProvider }, "Initializing user store...");
if (config.persistenceProvider === "firebase_rtdb") {
await initFirebase();
}
if (config.quotaRefreshPeriod) {
@@ -131,19 +132,21 @@ export function upsertUser(user: UserUpdate) {
// TODO: Write firebase migration to backfill new fields
if (updates.tokenCounts) {
updates.tokenCounts["gpt4-32k"] ??= 0;
updates.tokenCounts["bison"] ??= 0;
for (const family of MODEL_FAMILIES) {
updates.tokenCounts[family] ??= 0;
}
}
if (updates.tokenLimits) {
updates.tokenLimits["gpt4-32k"] ??= 0;
updates.tokenLimits["bison"] ??= 0;
for (const family of MODEL_FAMILIES) {
updates.tokenLimits[family] ??= 0;
}
}
users.set(user.token, Object.assign(existing, updates));
usersToFlush.add(user.token);
// Immediately schedule a flush to the database if we're using Firebase.
if (config.gatekeeperStore === "firebase_rtdb") {
if (config.persistenceProvider === "firebase_rtdb") {
setImmediate(flushUsers);
}
@@ -274,7 +277,7 @@ function cleanupExpiredTokens() {
deleted++;
}
}
log.debug({ disabled, deleted }, "Expired tokens cleaned up.");
log.trace({ disabled, deleted }, "Expired tokens cleaned up.");
}
function refreshAllQuotas() {
@@ -360,9 +363,12 @@ function getModelFamilyForQuotaUsage(model: string): ModelFamily {
if (model.includes("bison")) {
return "bison";
}
if (model.includes("claude")) {
if (model.startsWith("claude")) {
return "claude";
}
if(model.startsWith("anthropic.claude")) {
return "aws-claude";
}
throw new Error(`Unknown quota model family for model ${model}`);
}
src/types/custom.d.ts
Vendored
+5 -2
View File
@@ -1,11 +1,13 @@
import type { HttpRequest } from "@smithy/types";
import { Express } from "express-serve-static-core";
import { APIFormat, Key } from "../shared/key-management/index";
import { User } from "../shared/users/user-store";
import { APIFormat, Key, LLMService } from "../shared/key-management";
import { User } from "../shared/users/schema";
declare global {
namespace Express {
interface Request {
key?: Key;
service?: LLMService;
/** Denotes the format of the user's submitted request. */
inboundApi: APIFormat;
/** Denotes the format of the request being proxied to the API. */
@@ -24,6 +26,7 @@ declare global {
outputTokens?: number;
// TODO: remove later
debug: Record<string, any>;
signedRequest: HttpRequest;
}
}
}