ai-sdk proxy

[Rainhunter13]

Note

Introduces an ai-sdk Express service exposing POST /api/generate that routes to multiple model providers with encrypted API keys, packaged via Docker and wired into CI/CD and docker-compose.

• AI SDK Service (ai-sdk/):
  • API: Add Express endpoint POST /api/generate (api.ts) with zod validation, error handling, and 1MB JSON limit.
  • Model Routing: Implement multi-provider support in aisdk.ts (openai, anthropic, gemini, groq, mistral, bedrock, openai-azure), tool parsing (tools), structured output via generateObject, and result normalization.
  • Security: Decrypt provider API keys using XChaCha20-Poly1305 (crypto.ts, AEAD_SECRET_KEY).
  • Types/Config: Add request/response types (types.ts), project config (package.json, tsconfig.json, .env.local.example, .gitignore).
  • Containerization: New Dockerfile to build and run the service.
• CI/CD:
  • Add PR build workflow for ai-sdk/** (.github/workflows/ai-sdk-build-check.yml).
  • Extend release build matrix to include ai-sdk image (.github/workflows/build-push.yml).
• Orchestration:
  • Add ai-sdk service to docker-compose*.yml exposing port 3000 and requiring AEAD_SECRET_KEY.

^{Written by Cursor Bugbot for commit 47c951f. This will update automatically on new commits. Configure here.}

---

Important

Add Dockerized Node/Express AI SDK proxy with multi-provider support, CI/CD integration, and Docker Compose updates.

• AI SDK Service (ai-sdk/):
  • API: New Express server (api.ts) exposing POST /api/generate with Zod validation, tool parsing, structured output support, and bounded body size.
  • Provider integration: Unified request runner (aisdk.ts) supporting openai, anthropic, gemini, groq, mistral, bedrock, and openai-azure; handles tools, toolChoice, structured/object outputs, and parameter normalization.
  • Key management: Decrypts provider API keys via XChaCha20-Poly1305 (crypto.ts) using AEAD_SECRET_KEY.
  • Config/Build: TypeScript config (tsconfig.json), package scripts, .env.local.example, .gitignore, and production build to dist/.
• Docker:
  • New ai-sdk/Dockerfile (multi-stage build) and added ai-sdk service to all docker-compose variants with port 3000 and required env (AEAD_SECRET_KEY).
• CI/CD:
  • New workflow to build ai-sdk on PRs (.github/workflows/ai-sdk-build-check.yml).
  • Included ai-sdk image in release build/push matrix (build-push.yml).

^{This description was created by for 47c951f. You can customize this summary. It will automatically update as commits are pushed.}

[ellipsis-dev]

Caution

Changes requested ❌

Reviewed everything up to ddb0cea in 2 minutes and 19 seconds. Click for details.

• Reviewed 685 lines of code in 14 files
• Skipped 3 files when reviewing.
• Skipped posting 10 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. .github/workflows/ai-sdk.yml:31

• Draft comment:
  Consider using a pinned Node.js version instead of 'lts/*' to ensure reproducible builds.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

2. .github/workflows/build-push.yml:26

• Draft comment:
  The new ai-sdk image build configuration is correctly added.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

3. ai-sdk/aisdk.ts:215

• Draft comment:
  Include the original error details when provider initialization fails to aid debugging.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is purely informative and does not provide a specific suggestion or ask for a specific action. It does not align with the rules for good comments, as it doesn't suggest a change or ask for confirmation of an intention.

4. ai-sdk/aisdk.ts:75

• Draft comment:
  Avoid excessive type assertions; consider refining the types for generateText parameters to improve type safety.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

5. ai-sdk/api.ts:101

• Draft comment:
  Consider logging the complete error stack in the error handler to improve troubleshooting.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

6. ai-sdk/crypto.ts:5

• Draft comment:
  Ensure that the AEAD_SECRET_KEY environment variable is a valid hex string of the expected length to avoid decryption errors.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

7. docker-compose-full.yml:148

• Draft comment:
  Ensure that AEAD_SECRET_KEY is provided securely in production environments for the ai-sdk service.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

8. docker-compose-local-build.yml:142

• Draft comment:
  ai-sdk service configuration is consistent; ensure that AEAD_SECRET_KEY is securely provided in local builds.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

9. docker-compose-local-dev.yml:112

• Draft comment:
  ai-sdk service is set up for local development; confirm that AEAD_SECRET_KEY is correctly set in your environment.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

10. docker-compose.yml:130

• Draft comment:
  The ai-sdk service added is consistent; ensure that AEAD_SECRET_KEY is managed securely for local quickstarts.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

Workflow ID: wflow_WCbMJJ5xiF4bJYz0

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed d9880a3 in 1 minute and 37 seconds. Click for details.

• Reviewed 13 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 1 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. ai-sdk/Dockerfile:15

• Draft comment:
  Splitting 'corepack enable' and 'pnpm build' into separate RUN commands increases layer count. Consider combining them into one RUN (if debugging granularity isn’t required) to optimize image layers.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 20% vs. threshold = 50% The PR author explicitly split these commands, so they likely had a reason (perhaps for debugging, clearer build logs, or better caching granularity). The comment is suggesting to undo this change based on a general Docker best practice about layer count. However, this is a minor optimization concern and the comment even acknowledges uncertainty with "if debugging granularity isn't required". This is speculative - it's saying "consider combining them" without knowing the author's intent. The rules state we should NOT make speculative comments or ask the author to confirm their intention. This comment is essentially questioning why the author made this change, which violates the guidelines. The comment does raise a valid Docker optimization point about layer count. In some contexts, minimizing layers is important for image size and build performance. The author might not have considered this trade-off. While layer optimization is valid, the comment is speculative ("if debugging granularity isn't required") and is essentially asking the author to reconsider their deliberate change. The author clearly chose to split these commands, and without strong evidence that this is wrong, we shouldn't question it. The comment also uses soft language like "Consider combining" which suggests it's not a clear issue. This comment should be deleted. It's questioning a deliberate change made by the PR author without strong evidence that it's incorrect. The speculative nature ("if debugging granularity isn't required") and the fact that it's suggesting to undo the change the author intentionally made violates the guidelines about not making speculative comments or asking authors to confirm their intentions.

Workflow ID: wflow_sKbOkr5yBGhjl7dT

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed 47c951f in 1 minute and 5 seconds. Click for details.

• Reviewed 12 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 1 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. ai-sdk/package.json:14

• Draft comment:
  Removal of the 'packageManager' field may affect reproducibility if the project depends on pnpm. Ensure this change is intentional and document the expected package manager for contributors.
• Reason this comment was not posted:
  Comment looked like it was already resolved.

Workflow ID: wflow_XaTmyM8YD7ccm9rG

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}