mirror of
https://github.com/netbirdio/netbird.git
synced 2026-07-17 12:09:58 +00:00
* [agent-network] Shared proto, OpenAPI schema, and generated types * [agent-network] Management: store, manager, synthesizer, policy engine, provider catalog, HTTP/gRPC API Adds the account-scoped agent-network module: provider/policy/budget CRUD and store, the reverse-proxy service synthesizer, policy selection + limit enforcement, the provider catalog (incl. Vertex AI and AWS Bedrock entries), and the management HTTP + proxy gRPC surfaces. * [management] Fix agent-network proxy-peer fan-out on affected-peer recompute The affected-peers resolver loaded only persisted reverse-proxy services, but agent-network services are synthesized on demand and never persisted. As a result the embedded proxy peer was never folded into the affected set when a client's group changed, so the proxy received no network-map update for a newly authorised client and rejected its handshake until a full resync (restart). loadProxyServices now merges the synthesized agent-network services (injected via a registration hook to avoid an import cycle), so proxy peers learn newly authorised clients immediately. * [proxy] Reverse-proxy middleware framework, chain, and request plumbing The per-target middleware chain (slots, dispatcher, mutation gate, metadata merger), body capture, access-log terminal sink, and the proxy wiring that builds + runs chains for synthesized agent-network services. * [proxy] LLM parsers, pricing, and builtin middlewares (OpenAI, Anthropic, Vertex AI, AWS Bedrock) Request/response parsers and SSE/event-stream metering, the embedded pricing table, and the builtin middleware set: request parser, router, policy limit-check/record, cost meter, guardrail, identity inject, response parser. Includes the path-routed providers — Google Vertex AI (keyfile:: service-account OAuth minting) and AWS Bedrock (bearer auth, invoke/converse/streaming, optional /bedrock prefix) — plus the Models allowlist and unmeterable-publisher deny. * [proxy] IPv6 in-place apply and TCP accept-loop hardening on netstack listeners * [agent-network] End-to-end test suite, module docs, and deployment preset * [agent-network] Fix codespell typos and exclude false positives - labelgen word pool: vermillion -> vermilion, racoon -> raccoon. - codespell ignore list: add flate (Go compress/flate package), recordin (a test-local identifier), and unparseable (a valid alternative spelling used consistently across identifiers + a metadata-value constant). * [management] Set LastSeen on injected proxy peer in realstack test (MySQL strict-mode) The injected embedded proxy peer had a PeerStatus with a zero LastSeen, which serializes to '0000-00-00' and is rejected by MySQL in strict mode (SQLite tolerates it). Set LastSeen to a valid time so SaveAccount succeeds on both engines. * [agent-network] Remove e2e shell-script suite from this branch The end-to-end shell scripts under scripts/e2e/ are maintained in a separate testing suite and are not part of this change set. * [agent-network] Polish module docs: remove internal review scaffolding, fix links, verify diagrams Strip PR-review framing, commit references, absolute paths, and stale internal references from the agent-network module docs; fix broken relative links; verify all diagrams against the current architecture. Remove the internal AI-reviewer prompt file. * [management] Refine session expiration handling to support 3-state encoding for SSO deadlines * [agent-network] Relocate agentnetwork package to internals/modules Move management/server/agentnetwork (and its catalog/, labelgen/, types/ subpackages) to management/internals/modules/agentnetwork, alongside the reverse-proxy module, and rewrite all importers. Pure relocation: package names, the synthesizer + affectedpeers registration hook, and store access (shared store.Store) are unchanged, so no import cycle is introduced (affectedpeers still depends only on the agentnetwork/types leaf). * [agent-network] Co-locate HTTP handlers in the module (RegisterEndpoints) Move the agent-network HTTP handlers from server/http/handlers/agentnetwork into the module at internals/modules/agentnetwork/handlers (package handlers) and rename the entrypoint AddEndpoints -> RegisterEndpoints, matching the reverse-proxy module convention. Wiring in http/handler.go updated accordingly.
118 lines
2.6 KiB
Go
118 lines
2.6 KiB
Go
package llm
|
|
|
|
import (
|
|
"bufio"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"strings"
|
|
)
|
|
|
|
// Event represents a single server-sent event. Type is the dispatch name
|
|
// carried on an "event:" line (empty when the stream uses only "data:"
|
|
// lines). Data is the concatenation of every "data:" line that made up the
|
|
// event, joined by a single newline.
|
|
type Event struct {
|
|
Type string
|
|
Data string
|
|
}
|
|
|
|
// Scanner reads SSE events from an underlying byte stream. Events are
|
|
// delimited by a blank line ("\n\n"). CRLF line endings are normalized to LF
|
|
// transparently so fixtures captured from live servers can be replayed.
|
|
//
|
|
// Scanner is not safe for concurrent use.
|
|
type Scanner struct {
|
|
r *bufio.Reader
|
|
maxLine int
|
|
}
|
|
|
|
// NewScanner wraps the given reader. The default underlying buffer size is
|
|
// large enough for typical provider events (~64 KiB); callers needing
|
|
// larger events can wrap the reader in their own bufio.Reader beforehand.
|
|
func NewScanner(r io.Reader) *Scanner {
|
|
return &Scanner{
|
|
r: bufio.NewReaderSize(r, 64*1024),
|
|
maxLine: 1 << 20,
|
|
}
|
|
}
|
|
|
|
// Next returns the next event. It returns io.EOF after the final event has
|
|
// been consumed. A trailing event that is not terminated by a blank line is
|
|
// still returned before io.EOF so that servers which close the connection
|
|
// without a trailing newline are handled correctly.
|
|
func (s *Scanner) Next() (Event, error) {
|
|
var (
|
|
event Event
|
|
dataBuf strings.Builder
|
|
hasData bool
|
|
hasAny bool
|
|
)
|
|
|
|
for {
|
|
line, err := s.readLine()
|
|
if err != nil {
|
|
if errors.Is(err, io.EOF) && hasAny {
|
|
event.Data = dataBuf.String()
|
|
return event, nil
|
|
}
|
|
return Event{}, err
|
|
}
|
|
|
|
if line == "" {
|
|
if !hasAny {
|
|
continue
|
|
}
|
|
event.Data = dataBuf.String()
|
|
return event, nil
|
|
}
|
|
|
|
hasAny = true
|
|
if strings.HasPrefix(line, ":") {
|
|
continue
|
|
}
|
|
|
|
field, value := splitField(line)
|
|
switch field {
|
|
case "event":
|
|
event.Type = value
|
|
case "data":
|
|
if hasData {
|
|
dataBuf.WriteByte('\n')
|
|
}
|
|
dataBuf.WriteString(value)
|
|
hasData = true
|
|
}
|
|
}
|
|
}
|
|
|
|
func (s *Scanner) readLine() (string, error) {
|
|
line, err := s.r.ReadString('\n')
|
|
if err != nil {
|
|
if errors.Is(err, io.EOF) && line != "" {
|
|
return trimEOL(line), nil
|
|
}
|
|
return "", err
|
|
}
|
|
if len(line) > s.maxLine {
|
|
return "", fmt.Errorf("sse line exceeds %d bytes", s.maxLine)
|
|
}
|
|
return trimEOL(line), nil
|
|
}
|
|
|
|
func trimEOL(line string) string {
|
|
line = strings.TrimRight(line, "\n")
|
|
line = strings.TrimRight(line, "\r")
|
|
return line
|
|
}
|
|
|
|
func splitField(line string) (string, string) {
|
|
idx := strings.IndexByte(line, ':')
|
|
if idx < 0 {
|
|
return line, ""
|
|
}
|
|
field := line[:idx]
|
|
value := strings.TrimPrefix(line[idx+1:], " ")
|
|
return field, value
|
|
}
|