blazen-cabi 0.5.2

Hand-rolled C ABI over blazen-uniffi for the Ruby gem (via cbindgen + FFI gem) and any other FFI host
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378

//! C ABI wrapper for [`blazen_llm::providers::BaseProvider`].
//!
//! `BaseProvider` wraps an `Arc<dyn CompletionModel>` and applies a
//! [`CompletionProviderDefaults`](blazen_llm::providers::CompletionProviderDefaults)
//! to every completion call. For V1 we cannot construct a `BaseProvider` from
//! C alone — the `Arc<dyn CompletionModel>` it needs has no FFI representation
//! today. The wrapper therefore exposes only:
//!
//! - Builder-style setters (system prompt / tools / response format / defaults).
//! - Read-only getters for the configured defaults and inner model identity.
//! - `_free`.
//!
//! Constructors will land in Phase B, where the cabi gains `CustomProvider`
//! factories that return `BlazenBaseProvider` handles. Phase C wires hooks
//! through a vtable.
//!
//! ## Builder mutation pattern
//!
//! The inner `BaseProvider::with_*` methods consume `self` and return `Self`.
//! Since the C side owns the handle as a `*mut BlazenBaseProvider`, we mutate
//! in place by using `std::ptr::read` to take ownership of the inner
//! `BaseProvider`, running the builder, and writing the result back with
//! `std::ptr::write`. The pointer remains valid and continues to identify the
//! same handle slot — the caller does not need to re-bind their pointer.

#![allow(dead_code)]

use std::ffi::c_char;

use blazen_llm::providers::base::BaseProvider;
use blazen_llm::traits::CompletionModel;
use blazen_llm::types::{ChatMessage, CompletionRequest, ToolDefinition};

use crate::error::BlazenError;
use crate::future::BlazenFuture;
use crate::provider_defaults::BlazenCompletionProviderDefaults;
use crate::string::{alloc_cstring, cstr_to_str};

// ---------------------------------------------------------------------------
// Handle
// ---------------------------------------------------------------------------

/// Opaque wrapper around [`BaseProvider`].
#[repr(C)]
pub struct BlazenBaseProvider(pub(crate) BaseProvider);

impl BlazenBaseProvider {
    pub(crate) fn into_ptr(self) -> *mut BlazenBaseProvider {
        Box::into_raw(Box::new(self))
    }
}

impl From<BaseProvider> for BlazenBaseProvider {
    fn from(inner: BaseProvider) -> Self {
        Self(inner)
    }
}

// ---------------------------------------------------------------------------
// Internal builder helper
// ---------------------------------------------------------------------------

/// Run a builder method (`fn(BaseProvider) -> BaseProvider`) against the
/// inner provider behind the supplied handle, mutating the slot in place.
///
/// # Safety
///
/// `handle` must be a non-null pointer to a live `BlazenBaseProvider`.
unsafe fn with_inner<F: FnOnce(BaseProvider) -> BaseProvider>(
    handle: *mut BlazenBaseProvider,
    f: F,
) {
    // SAFETY: caller has guaranteed `handle` is non-null and live. We take
    // the inner `BaseProvider` by value (`ptr::read`), run the builder, then
    // write the new value back into the same slot. Between the read and the
    // write there are no other live references to the slot, so this is a
    // straight-line move that preserves the handle pointer's identity.
    unsafe {
        let bp = std::ptr::read(&raw const (*handle).0);
        let new_bp = f(bp);
        std::ptr::write(&raw mut (*handle).0, new_bp);
    }
}

// ---------------------------------------------------------------------------
// Builder setters (in-place mutation; pointer remains valid)
// ---------------------------------------------------------------------------

/// Sets the `system_prompt` field on the inner defaults. Null `s` is a no-op
/// (use [`blazen_completion_provider_defaults_set_system_prompt`] via
/// `_set_defaults` if you need to clear).
///
/// # Safety
///
/// `handle` must be null OR a live `BlazenBaseProvider`. `s` must be null OR
/// a valid NUL-terminated UTF-8 buffer.
#[unsafe(no_mangle)]
pub unsafe extern "C" fn blazen_base_provider_with_system_prompt(
    handle: *mut BlazenBaseProvider,
    s: *const c_char,
) {
    if handle.is_null() {
        return;
    }
    // SAFETY: caller upholds the borrow contract on `s`.
    let Some(s) = (unsafe { cstr_to_str(s) }) else {
        return;
    };
    let owned = s.to_owned();
    // SAFETY: caller guarantees live handle.
    unsafe { with_inner(handle, |bp| bp.with_system_prompt(owned)) }
}

/// Replaces the `tools` list by parsing `json` as a JSON array of
/// [`ToolDefinition`] values. Null `json` is a no-op; invalid JSON clears the
/// list.
///
/// # Safety
///
/// `handle` must be null OR a live `BlazenBaseProvider`. `json` must be null
/// OR a valid NUL-terminated UTF-8 buffer.
#[unsafe(no_mangle)]
pub unsafe extern "C" fn blazen_base_provider_with_tools_json(
    handle: *mut BlazenBaseProvider,
    json: *const c_char,
) {
    if handle.is_null() {
        return;
    }
    // SAFETY: caller upholds the borrow contract on `json`.
    let Some(s) = (unsafe { cstr_to_str(json) }) else {
        return;
    };
    let tools = serde_json::from_str::<Vec<ToolDefinition>>(s).unwrap_or_default();
    // SAFETY: caller guarantees live handle.
    unsafe { with_inner(handle, |bp| bp.with_tools(tools)) }
}

/// Replaces the `response_format` field by parsing `json`. Null `json` is a
/// no-op; invalid JSON stores `Value::Null`.
///
/// # Safety
///
/// `handle` must be null OR a live `BlazenBaseProvider`. `json` must be null
/// OR a valid NUL-terminated UTF-8 buffer.
#[unsafe(no_mangle)]
pub unsafe extern "C" fn blazen_base_provider_with_response_format_json(
    handle: *mut BlazenBaseProvider,
    json: *const c_char,
) {
    if handle.is_null() {
        return;
    }
    // SAFETY: caller upholds the borrow contract on `json`.
    let Some(s) = (unsafe { cstr_to_str(json) }) else {
        return;
    };
    let value = serde_json::from_str::<serde_json::Value>(s).unwrap_or(serde_json::Value::Null);
    // SAFETY: caller guarantees live handle.
    unsafe { with_inner(handle, |bp| bp.with_response_format(value)) }
}

/// Replaces the entire `CompletionProviderDefaults` on the provider with a
/// clone of the supplied handle. Null `d` is a no-op.
///
/// # Safety
///
/// `handle` must be null OR a live `BlazenBaseProvider`. `d` must be null OR
/// a live `BlazenCompletionProviderDefaults`.
#[unsafe(no_mangle)]
pub unsafe extern "C" fn blazen_base_provider_with_defaults(
    handle: *mut BlazenBaseProvider,
    d: *const BlazenCompletionProviderDefaults,
) {
    if handle.is_null() || d.is_null() {
        return;
    }
    // SAFETY: caller guarantees live `d`.
    let defaults_clone = unsafe { &*d }.0.clone();
    // SAFETY: caller guarantees live handle.
    unsafe { with_inner(handle, |bp| bp.set_defaults(defaults_clone)) }
}

// ---------------------------------------------------------------------------
// Getters
// ---------------------------------------------------------------------------

/// Returns a clone of the configured `CompletionProviderDefaults`. Caller owns
/// the returned handle and must free with
/// [`crate::provider_defaults::blazen_completion_provider_defaults_free`].
///
/// # Safety
///
/// `handle` must be null OR a live `BlazenBaseProvider`.
#[unsafe(no_mangle)]
pub unsafe extern "C" fn blazen_base_provider_defaults(
    handle: *const BlazenBaseProvider,
) -> *mut BlazenCompletionProviderDefaults {
    if handle.is_null() {
        return std::ptr::null_mut();
    }
    // SAFETY: caller guarantees live handle.
    let r = unsafe { &*handle };
    BlazenCompletionProviderDefaults::from(r.0.defaults().clone()).into_ptr()
}

/// Returns the inner model's `model_id` as a caller-owned C string. Free with
/// [`crate::string::blazen_string_free`].
///
/// # Safety
///
/// `handle` must be null OR a live `BlazenBaseProvider`.
#[unsafe(no_mangle)]
pub unsafe extern "C" fn blazen_base_provider_model_id(
    handle: *const BlazenBaseProvider,
) -> *mut c_char {
    if handle.is_null() {
        return std::ptr::null_mut();
    }
    // SAFETY: caller guarantees live handle.
    let r = unsafe { &*handle };
    alloc_cstring(r.0.model_id())
}

/// Returns the inner model's `provider_id` as a caller-owned C string. The
/// `CompletionModel` trait surfaces this through `model_id()` plus the
/// provider's own identification; for V1 we return the same string as
/// [`blazen_base_provider_model_id`]. Free with
/// [`crate::string::blazen_string_free`].
///
/// # Safety
///
/// `handle` must be null OR a live `BlazenBaseProvider`.
#[unsafe(no_mangle)]
pub unsafe extern "C" fn blazen_base_provider_provider_id(
    handle: *const BlazenBaseProvider,
) -> *mut c_char {
    if handle.is_null() {
        return std::ptr::null_mut();
    }
    // SAFETY: caller guarantees live handle.
    let r = unsafe { &*handle };
    alloc_cstring(r.0.model_id())
}

// ---------------------------------------------------------------------------
// Free
// ---------------------------------------------------------------------------

/// Frees a `BlazenBaseProvider`. No-op on null.
///
/// # Safety
///
/// `handle` must be null OR a pointer produced by a Phase B `CustomProvider`
/// factory that returns `BlazenBaseProvider`.
#[unsafe(no_mangle)]
pub unsafe extern "C" fn blazen_base_provider_free(handle: *mut BlazenBaseProvider) {
    if handle.is_null() {
        return;
    }
    // SAFETY: per the contract, `handle` came from `Box::into_raw`.
    drop(unsafe { Box::from_raw(handle) });
}

// ---------------------------------------------------------------------------
// Typed extract
// ---------------------------------------------------------------------------

/// Spawns an async `extract(schema, messages)` against the wrapped provider.
///
/// `schema_json` must be a JSON Schema string (the same shape a typed
/// language binding would build via Pydantic's `model_json_schema()` or
/// zod's `zodToJsonSchema`). `messages_json` must be a JSON-encoded
/// `Vec<ChatMessage>`.
///
/// The implementation:
///
/// 1. Parses both JSON inputs.
/// 2. Builds a [`CompletionRequest`] with `response_format = schema`.
/// 3. Awaits the provider's `complete(...)`.
/// 4. Returns the response's `content` string (the model's JSON output) as
///    the future's typed result.
///
/// Pop the result with [`blazen_future_take_extract_result`]. The Ruby (or
/// any host-language) caller is then responsible for `JSON.parse`-ing the
/// content and validating against the schema.
///
/// Returns null if any argument is null OR if either JSON blob fails to
/// parse (`schema` must be valid JSON, `messages` must decode into
/// `Vec<ChatMessage>`).
///
/// # Safety
///
/// `handle` must be null OR a live `BlazenBaseProvider`. `schema_json` and
/// `messages_json` must each be a valid NUL-terminated UTF-8 buffer.
#[unsafe(no_mangle)]
pub unsafe extern "C" fn blazen_base_provider_extract(
    handle: *const BlazenBaseProvider,
    schema_json: *const c_char,
    messages_json: *const c_char,
) -> *mut BlazenFuture {
    if handle.is_null() {
        return std::ptr::null_mut();
    }
    // SAFETY: caller upholds the NUL-termination + UTF-8 contract.
    let Some(schema_str) = (unsafe { cstr_to_str(schema_json) }) else {
        return std::ptr::null_mut();
    };
    // SAFETY: same.
    let Some(messages_str) = (unsafe { cstr_to_str(messages_json) }) else {
        return std::ptr::null_mut();
    };
    let Ok(schema) = serde_json::from_str::<serde_json::Value>(schema_str) else {
        return std::ptr::null_mut();
    };
    let Ok(messages) = serde_json::from_str::<Vec<ChatMessage>>(messages_str) else {
        return std::ptr::null_mut();
    };

    // Clone the BaseProvider out of the handle so the spawned task owns its
    // own copy; the original handle stays usable afterwards.
    // SAFETY: caller guarantees live handle.
    let provider = unsafe { &*handle }.0.clone();

    let request = CompletionRequest::new(messages).with_response_format(schema);

    BlazenFuture::spawn::<String, _>(async move {
        let resp = provider.complete(request).await?;
        // Surface `content` to the host. An empty/None content path is
        // treated as Ok("") rather than an error — the host can decide
        // whether an empty string is a validation failure.
        Ok(resp.content.unwrap_or_default())
    })
}

/// Pops the [`String`] result of [`blazen_base_provider_extract`] out of
/// `fut`. On success returns `0` and writes a caller-owned `*mut c_char`
/// (NUL-terminated UTF-8, JSON-encoded content) into `out`; on failure
/// returns `-1` and writes a caller-owned `*mut BlazenError` into `err`.
///
/// Either out-pointer may be null to discard. The C string is released via
/// [`crate::string::blazen_string_free`]; the error via
/// [`crate::error::blazen_error_free`].
///
/// # Safety
///
/// `fut` must be a non-null pointer produced by
/// [`blazen_base_provider_extract`], not yet freed, and not concurrently
/// freed from another thread. `out` / `err` must be null OR writable
/// pointers to the appropriate slot.
#[unsafe(no_mangle)]
pub unsafe extern "C" fn blazen_future_take_extract_result(
    fut: *mut BlazenFuture,
    out: *mut *mut c_char,
    err: *mut *mut BlazenError,
) -> i32 {
    // SAFETY: caller upholds the live-future-pointer contract.
    match unsafe { BlazenFuture::take_typed::<String>(fut) } {
        Ok(s) => {
            if !out.is_null() {
                // SAFETY: caller has guaranteed `out` is writable.
                unsafe {
                    *out = alloc_cstring(&s);
                }
            }
            0
        }
        Err(e) => {
            if !err.is_null() {
                // SAFETY: caller has guaranteed `err` is writable.
                unsafe {
                    *err = BlazenError::from(e).into_ptr();
                }
            }
            -1
        }
    }
}