feat(proxy-router/mobile): add OpenAI-compatible chat completion and embeddings request handling

morpheusrogue · alex-sandrk · commit be75e799f97a · 2026-04-30T19:37:27.000+03:00
- Introduced `ChatCompletionRequestExtra` and `EmbeddingsRequest` types to facilitate building requests without internal package imports.
- Implemented `SendChatCompletion` method to forward chat completion requests, preserving original JSON structure and allowing for upstream provider compatibility.
- Added `SendEmbeddings` method to handle embeddings requests, returning the full response JSON verbatim.
- Enhanced error handling for nil requests and callbacks, ensuring robust request processing.

This update enhances the SDK's capabilities for interacting with OpenAI-compatible gateways, improving flexibility for external callers.
diff --git a/proxy-router/mobile/redact.go b/proxy-router/mobile/redact.go
@@ -0,0 +1,95 @@
+package mobile
+
+import "regexp"
+
+// Provider-identifying address redaction at the SDK boundary.
+//
+// Errors that bubble up from the proxy-router routinely include the
+// upstream provider's endpoint URL or raw IPv4 + port (e.g.
+// `dial tcp 216.81.245.17:18788: connect: connection refused`). Surfacing
+// that to external consumers — local OpenAI-compatible gateways, chat UIs,
+// MCP servers, anyone embedding this SDK — leaks provider infrastructure
+// for no upside; the failure mode (`connection refused`, `i/o timeout`,
+// HTTP status) is what callers actually need.
+//
+// This file applies the redaction to errors that cross the public SDK
+// boundary outward. Internal proxy-router logging continues to see the
+// raw addresses so operators can still debug. The patterns mirror
+// nodeneo/lib/utils/error_redaction.dart and
+// nodeneo/go/internal/gateway/redact.go — keep all three in lockstep.
+
+const (
+	providerPlaceholder = "<provider endpoint>"
+	shortPlaceholder    = "<provider>"
+)
+
+var (
+	httpURLPattern = regexp.MustCompile(
+		`(?i)https?://(?:\[[^\]\s]+\]|[A-Za-z0-9._\-]+)(?::\d+)?(?:/[^\s"\)\],;]*)?`,
+	)
+	hostPortPattern = regexp.MustCompile(
+		`([^A-Za-z0-9./@\-]|^)((?:[A-Za-z0-9\-]+\.)+[A-Za-z0-9\-]+:\d{2,5})([^A-Za-z0-9]|$)`,
+	)
+	bareIPPattern = regexp.MustCompile(
+		`([^\d.]|^)(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})([^\d.]|$)`,
+	)
+)
+
+// redactProviderEndpointsString replaces provider URLs / host:port pairs /
+// bare IPv4s in s with neutral placeholders. Order matters: full URLs are
+// stripped first so the host-level passes can't eat fragments of an
+// already-cleaned URL. RE2 has no lookbehind, so the host:port and bare-IP
+// patterns capture surrounding boundary characters and re-emit them via
+// ReplaceAllStringFunc.
+func redactProviderEndpointsString(s string) string {
+	if s == "" {
+		return s
+	}
+	out := httpURLPattern.ReplaceAllString(s, providerPlaceholder)
+	out = hostPortPattern.ReplaceAllStringFunc(out, func(m string) string {
+		groups := hostPortPattern.FindStringSubmatch(m)
+		if len(groups) < 4 {
+			return m
+		}
+		return groups[1] + shortPlaceholder + groups[3]
+	})
+	out = bareIPPattern.ReplaceAllStringFunc(out, func(m string) string {
+		groups := bareIPPattern.FindStringSubmatch(m)
+		if len(groups) < 4 {
+			return m
+		}
+		return groups[1] + shortPlaceholder + groups[3]
+	})
+	return out
+}
+
+// redactedError is a small error wrapper that returns a redacted message
+// while preserving the underlying error chain for errors.Is / errors.As.
+// Wrapping (rather than allocating a new errors.New) means consumers that
+// switch on sentinel errors (e.g. `errors.Is(err, ErrProvider)`) still
+// match — only the human-readable string changes.
+type redactedError struct {
+	original error
+	message  string
+}
+
+func (e *redactedError) Error() string { return e.message }
+func (e *redactedError) Unwrap() error { return e.original }
+
+// redactError returns nil for nil input; otherwise returns an error whose
+// message has provider-identifying addresses scrubbed. The original error
+// chain is preserved via Unwrap so `errors.Is` / `errors.As` still match.
+func redactError(err error) error {
+	if err == nil {
+		return nil
+	}
+	cleaned := redactProviderEndpointsString(err.Error())
+	if cleaned == err.Error() {
+		return err
+	}
+	return &redactedError{original: err, message: cleaned}
+}
+
+// Compile-time interface assertion so future error-wrapper helpers in this
+// package don't accidentally regress the Unwrap contract.
+var _ interface{ Unwrap() error } = (*redactedError)(nil)
diff --git a/proxy-router/mobile/redact_test.go b/proxy-router/mobile/redact_test.go
@@ -0,0 +1,116 @@
+package mobile
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+	"testing"
+)
+
+// TestRedactProviderEndpointsString_KeepInLockstep documents the exact
+// shape of the redaction output. The same patterns are mirrored on the
+// gateway side (nodeneo/go/internal/gateway/redact.go) and the Flutter UI
+// (nodeneo/lib/utils/error_redaction.dart). Updating one without updating
+// the others creates inconsistent error rendering.
+func TestRedactProviderEndpointsString_KeepInLockstep(t *testing.T) {
+	cases := []struct {
+		name string
+		in   string
+		want string
+	}{
+		{
+			name: "full URL with IPv4 + port + path",
+			in:   `Post "http://216.81.245.17:18788/embeddings": dial tcp 216.81.245.17:18788: connect: connection refused`,
+			want: `Post "<provider endpoint>": dial tcp <provider>: connect: connection refused`,
+		},
+		{
+			name: "https with FQDN host",
+			in:   "could not connect to https://provider.mor.org:3333/v1 again",
+			want: "could not connect to <provider endpoint> again",
+		},
+		{
+			name: "bare host:port",
+			in:   "dial tcp provider.example.com:36318: i/o timeout",
+			want: "dial tcp <provider>: i/o timeout",
+		},
+		{
+			name: "bare IPv4",
+			in:   "no route to host 74.48.78.46 — try again",
+			want: "no route to host <provider> — try again",
+		},
+		{
+			name: "non-matching text untouched",
+			in:   "insufficient MOR balance — your wallet does not have enough MOR",
+			want: "insufficient MOR balance — your wallet does not have enough MOR",
+		},
+		{
+			name: "version numbers and timestamps NOT mistaken for IPs",
+			in:   "v1.2.3 released at 12:34:56",
+			want: "v1.2.3 released at 12:34:56",
+		},
+		{
+			name: "empty input",
+			in:   "",
+			want: "",
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			got := redactProviderEndpointsString(tc.in)
+			if got != tc.want {
+				t.Errorf("\n  in:   %q\n  got:  %q\n  want: %q", tc.in, got, tc.want)
+			}
+		})
+	}
+}
+
+// TestRedactError_PreservesErrorChain ensures the wrapped error still
+// matches errors.Is/As against the original sentinel. Callers (notably
+// the proxy-router itself) use sentinels like ErrProvider; if redaction
+// broke those checks we'd silently change behaviour for retry / rate-limit
+// logic that depends on identity comparisons.
+func TestRedactError_PreservesErrorChain(t *testing.T) {
+	sentinel := errors.New("provider request failed")
+	wrapped := fmt.Errorf("%w: dial tcp 216.81.245.17:18788: connect: connection refused", sentinel)
+
+	red := redactError(wrapped)
+	if red == nil {
+		t.Fatal("redactError returned nil for non-nil input")
+	}
+
+	msg := red.Error()
+	for _, leaked := range []string{"216.81.245.17", "18788"} {
+		if strings.Contains(msg, leaked) {
+			t.Errorf("redacted message still leaks %q: %s", leaked, msg)
+		}
+	}
+	if !strings.Contains(msg, "<provider>") && !strings.Contains(msg, "<provider endpoint>") {
+		t.Errorf("redacted message missing placeholder: %s", msg)
+	}
+
+	if !errors.Is(red, sentinel) {
+		t.Errorf("redacted error must still match original sentinel via errors.Is")
+	}
+}
+
+// TestRedactError_NilInput is a fast guard against the dumb mistake of
+// dereferencing a nil error during wrapping.
+func TestRedactError_NilInput(t *testing.T) {
+	if got := redactError(nil); got != nil {
+		t.Errorf("redactError(nil) = %v, want nil", got)
+	}
+}
+
+// TestRedactError_NoChangeIsPassthrough verifies that messages without any
+// provider-identifying tokens are returned unchanged (same pointer, no
+// wrapper allocated). This keeps the cost of the SDK-boundary redaction
+// effectively zero on the common case where errors never carried provider
+// info to begin with (e.g. "insufficient MOR balance").
+func TestRedactError_NoChangeIsPassthrough(t *testing.T) {
+	original := errors.New("insufficient MOR balance — your wallet does not have enough MOR")
+	got := redactError(original)
+	if got != original {
+		t.Errorf("clean error should be returned as-is, got wrapper %T", got)
+	}
+}
diff --git a/proxy-router/mobile/sdk_chat.go b/proxy-router/mobile/sdk_chat.go
@@ -174,3 +174,132 @@ func extractReasoningContent(chunk gcs.Chunk) string {
 	}
 	return ""
 }
+
+// ChatCompletionRequestExtra is the OpenAI chat completion request type used by
+// the embedded gateway. It is exported as an alias so external callers (the
+// NodeNeo gateway) can build requests without importing internal packages.
+// All fields from openai.ChatCompletionRequest are honoured (Tools, ToolChoice,
+// ParallelToolCalls, ResponseFormat, StreamOptions, Seed, LogitBias, …) plus
+// any unknown JSON keys captured in Extra.
+type ChatCompletionRequestExtra = gcs.OpenAICompletionRequestExtra
+
+// RawChunkCallback receives upstream chat completion chunks verbatim, suitable
+// for an OpenAI-compatible gateway that needs to relay provider fields the
+// typed structs may not capture (delta.tool_calls, delta.reasoning_content,
+// stream usage events, finish_reason, custom Morpheus extensions, etc.).
+//
+// chunkJSON is the raw JSON of either a streaming delta
+// (ChatCompletionStreamResponseExtra) or a non-streaming response
+// (ChatCompletionResponseExtra), preserving the original key order and any
+// provider-specific fields. isLast is true on the terminal control chunk; in
+// that case chunkJSON is nil — the caller should write the SSE [DONE] sentinel
+// or close the response.
+type RawChunkCallback func(chunkJSON json.RawMessage, isLast bool) error
+
+// SendChatCompletion forwards an OpenAI-compatible chat completion request to
+// the upstream Morpheus provider and surfaces each response chunk verbatim via
+// cb. This is the entry point for OpenAI-compatible local gateways (e.g. the
+// NodeNeo AI Gateway used by Cursor / Zed / Claude Desktop / LangChain).
+//
+// Compared to SendPromptWithMessagesAndParams, this method:
+//   - Accepts the full request object (including Tools, ToolChoice,
+//     ResponseFormat, StreamOptions, ParallelToolCalls, Seed, LogitBias and
+//     any vendor-specific fields preserved in Extra).
+//   - Relays each chunk's original JSON unchanged so tool_calls,
+//     reasoning_content, finish_reason, and usage flow through untouched.
+//
+// req.Model is overwritten with sessionID so the proxy-router can route, which
+// matches what the existing SendPrompt* methods do; the upstream provider
+// rewrites it again to its own model name before responding.
+func (s *SDK) SendChatCompletion(ctx context.Context, sessionID string, req *ChatCompletionRequestExtra, cb RawChunkCallback) error {
+	if req == nil {
+		return fmt.Errorf("nil chat completion request")
+	}
+	if cb == nil {
+		return fmt.Errorf("nil chunk callback")
+	}
+
+	id := common.HexToHash(sessionID)
+	if err := s.ensureProviderForSession(ctx, id); err != nil {
+		return redactError(err)
+	}
+
+	req.Model = sessionID
+
+	internalCB := func(ctx context.Context, chunk gcs.Chunk, errResp *gcs.AiEngineErrorResponse) error {
+		if errResp != nil {
+			// errResp.ProviderModelError can include the upstream's
+			// raw URL/IP — redact before bubbling to consumers.
+			return fmt.Errorf("provider error: %s", redactProviderEndpointsString(fmt.Sprintf("%v", errResp.ProviderModelError)))
+		}
+		if chunk.Type() == gcs.ChunkTypeControl {
+			return cb(nil, true)
+		}
+
+		data := chunk.Data()
+		if data == nil {
+			return nil
+		}
+		raw, err := json.Marshal(data)
+		if err != nil {
+			return fmt.Errorf("marshal chunk: %w", err)
+		}
+
+		return cb(raw, !chunk.IsStreaming())
+	}
+
+	_, err := s.proxySender.SendPromptV2(ctx, id, req, internalCB)
+	return redactError(err)
+}
+
+// EmbeddingsRequest is the OpenAI embeddings request type used by the embedded
+// gateway. Exported as an alias so external callers do not need to import
+// internal proxy-router packages. All fields from openai.EmbeddingRequest are
+// honoured, plus any unknown JSON keys captured in Extra.
+type EmbeddingsRequest = gcs.EmbeddingsRequest
+
+// SendEmbeddings forwards an OpenAI-compatible embeddings request to the
+// upstream Morpheus provider and returns the response JSON verbatim. Embeddings
+// are non-streaming: the upstream emits a single response chunk followed by a
+// control chunk.
+//
+// The returned RawMessage is the provider's full EmbeddingsResponse (id,
+// object, data:[…vectors…], model, usage, plus any vendor-specific extras).
+// The caller is expected to relay it to its HTTP client unchanged.
+func (s *SDK) SendEmbeddings(ctx context.Context, sessionID string, req *EmbeddingsRequest) (json.RawMessage, error) {
+	if req == nil {
+		return nil, fmt.Errorf("nil embeddings request")
+	}
+
+	id := common.HexToHash(sessionID)
+	if err := s.ensureProviderForSession(ctx, id); err != nil {
+		return nil, redactError(err)
+	}
+
+	var responseJSON json.RawMessage
+
+	internalCB := func(ctx context.Context, chunk gcs.Chunk, errResp *gcs.AiEngineErrorResponse) error {
+		if errResp != nil {
+			return fmt.Errorf("provider error: %s", redactProviderEndpointsString(fmt.Sprintf("%v", errResp.ProviderModelError)))
+		}
+		if chunk.Type() == gcs.ChunkTypeControl {
+			return nil
+		}
+		data := chunk.Data()
+		if data == nil {
+			return nil
+		}
+		b, err := json.Marshal(data)
+		if err != nil {
+			return fmt.Errorf("marshal embeddings chunk: %w", err)
+		}
+		responseJSON = b
+		return nil
+	}
+
+	_, err := s.proxySender.SendEmbeddings(ctx, id, req, internalCB)
+	if err != nil {
+		return nil, redactError(err)
+	}
+	return responseJSON, nil
+}
