Merge branch 'main' of github.com:Portkey-AI/gateway into feat/ft-batch-improvements

Author: b4s36t4

README.md

@@ -22,7 +22,7 @@
 [![npm version](https://badge.fury.io/js/%40portkey-ai%2Fgateway.svg)](https://portkey.wiki/gh-8)
 [![Better Stack Badge](https://uptime.betterstack.com/status-badges/v1/monitor/q94g.svg)](https://portkey.wiki/gh-9)
 
-<a href="https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/quickcreate?stackName=portkey-gateway&templateURL=https://portkey-gateway-ec2-quicklaunch.s3.us-east-1.amazonaws.com/portkey-gateway-ec2-quicklaunch.template.yaml"><img src="https://img.shields.io/badge/Deploy_to_EC2-232F3E?style=for-the-badge&logo=amazonwebservices&logoColor=white" alt="Deploy to AWS EC2" /></a>
+<a href="https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/quickcreate?stackName=portkey-gateway&templateURL=https://portkey-gateway-ec2-quicklaunch.s3.us-east-1.amazonaws.com/portkey-gateway-ec2-quicklaunch.template.yaml"><img src="https://img.shields.io/badge/Deploy_to_EC2-232F3E?style=for-the-badge&logo=amazonwebservices&logoColor=white" alt="Deploy to AWS EC2" width="105"/></a> [![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/Portkey-AI/gateway)
 </div>
 
 <br/>

package-lock.json

@@ -1,3 +1,4 @@
+import { Agent } from 'https';
 import {
   HookEventType,
   PluginContext,
@@ -63,7 +64,7 @@ export const handler: PluginHandler<{
 
   const apiVersion = parameters.apiVersion || '2024-11-01';
 
-  const url = `https://${credentials.resourceName}.cognitiveservices.azure.com/contentsafety/text:analyze?api-version=${apiVersion}`;
+  const url = `${credentials.customHost || `https://${credentials.resourceName}.cognitiveservices.azure.com`}/contentsafety/text:analyze?api-version=${apiVersion}`;
 
   const { token, error: tokenError } = await getAccessToken(
     credentials as any,
@@ -80,6 +81,17 @@ export const handler: PluginHandler<{
     };
   }
 
+  let agent: Agent | null = null;
+  // privatelink doesn't contain a valid certificate, skipping verification if it's customHost.
+  // SECURITY NOTE: The following disables SSL certificate validation for custom hosts.
+  // This is necessary for Azure Private Link endpoints that may use self-signed certificates,
+  // but should only be used with trusted private endpoints.
+  if (credentials.customHost) {
+    agent = new Agent({
+      rejectUnauthorized: false,
+    });
+  }
+
   const headers: Record<string, string> = {
     'Content-Type': 'application/json',
     'User-Agent': 'portkey-ai-plugin/',
@@ -100,7 +112,12 @@ export const handler: PluginHandler<{
   const timeout = parameters.timeout || 5000;
   let response;
   try {
-    response = await post(url, request, { headers }, timeout);
+    response = await post(
+      url,
+      request,
+      { headers, dispatcher: agent },
+      timeout
+    );
   } catch (e) {
     return { error: e, verdict: true, data };
   }

plugins/azure/contentSafety.ts

@@ -123,6 +123,10 @@
         "tenantId": {
           "type": "string",
           "description": "Tenant ID for Azure Entra ID authentication"
+        },
+        "customHost": {
+          "type": "string",
+          "description": "Custom host for Azure AI services (Private Link etc.)"
         }
       },
       "anyOf": [

plugins/azure/manifest.json

@@ -1,3 +1,4 @@
+import { Agent } from 'https';
 import {
   HookEventType,
   PluginContext,
@@ -29,7 +30,7 @@ const redact = async (
 
   const apiVersion = parameters.apiVersion || '2024-11-01';
 
-  const url = `https://${credentials?.resourceName}.cognitiveservices.azure.com/language/:analyze-text?api-version=${apiVersion}`;
+  const url = `${credentials?.customHost || `https://${credentials?.resourceName}.cognitiveservices.azure.com`}/language/:analyze-text?api-version=${apiVersion}`;
 
   const { token, error: tokenError } = await getAccessToken(
     credentials as any,
@@ -53,8 +54,24 @@ const redact = async (
     throw new Error('Unable to get access token');
   }
 
+  let agent: Agent | null = null;
+  // privatelink doesn't contain a valid certificate, skipping verification if it's customHost.
+  // SECURITY NOTE: The following disables SSL certificate validation for custom hosts.
+  // This is necessary for Azure Private Link endpoints that may use self-signed certificates,
+  // but should only be used with trusted private endpoints.
+  if (credentials?.customHost) {
+    agent = new Agent({
+      rejectUnauthorized: false,
+    });
+  }
+
   const timeout = parameters.timeout || 5000;
-  const response = await post(url, body, { headers }, timeout);
+  const response = await post(
+    url,
+    body,
+    { headers, dispatcher: agent },
+    timeout
+  );
   return response;
 };
 

plugins/azure/pii.ts

@@ -5,4 +5,5 @@ export interface AzureCredentials {
   clientId?: string;
   clientSecret?: string;
   tenantId?: string;
+  customHost?: string;
 }

plugins/azure/types.ts

@@ -2,14 +2,18 @@
   "id": "panwPrismaAirs",
   "name": "PANW Prisma AIRS Guardrail",
   "description": "Blocks prompt/response when Palo Alto Networks Prisma AI Runtime Security returns action=block.",
-  "credentials": [
-    {
-      "id": "AIRS_API_KEY",
-      "name": "AIRS API Key",
-      "type": "string",
-      "required": true
-    }
-  ],
+  "credentials": {
+    "type": "object",
+    "properties": {
+      "AIRS_API_KEY": {
+        "type": "string",
+        "label": "AIRS API Key",
+        "description": "The API key for Palo Alto Networks Prisma AI Runtime Security",
+        "encrypted": true
+      }
+    },
+    "required": ["AIRS_API_KEY"]
+  },
   "functions": [
     {
       "id": "intercept",

plugins/panw-prisma-airs/manifest.json

@@ -2,6 +2,7 @@ import { HookEventType, PluginContext } from './types';
 
 interface PostOptions extends RequestInit {
   headers?: Record<string, string>;
+  [key: string]: any;
 }
 
 export interface ErrorResponse {

plugins/utils.ts

@@ -92,7 +92,9 @@ export const RECRAFTAI: string = 'recraft-ai';
 export const MILVUS: string = 'milvus';
 export const REPLICATE: string = 'replicate';
 export const LEPTON: string = 'lepton';
+export const KLUSTER_AI: string = 'kluster-ai';
 export const NSCALE: string = 'nscale';
+export const HYPERBOLIC: string = 'hyperbolic';
 
 export const VALID_PROVIDERS = [
   ANTHROPIC,
@@ -150,7 +152,9 @@ export const VALID_PROVIDERS = [
   REPLICATE,
   POWERED_BY,
   LEPTON,
+  KLUSTER_AI,
   NSCALE,
+  HYPERBOLIC,
 ];
 
 export const CONTENT_TYPES = {

src/globals.ts

@@ -324,6 +324,7 @@ export async function tryPost(
       fn,
       c,
       gatewayRequestURL: c.req.url,
+      params: params,
     }));
   const endpoint =
     fn === 'proxy'