mlua-batteries 0.3.0

Batteries-included standard library modules for mlua
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

//! Shared helper functions for LLM providers.

use secrecy::{ExposeSecret, SecretString};
use std::time::Duration;

use super::types::*;

pub(super) fn effective_base_url<'a>(
    provider: &'a dyn LlmProvider,
    explicit: &'a Option<String>,
) -> &'a str {
    if let Some(url) = explicit {
        return url;
    }
    provider.default_base_url().unwrap_or_default()
}

/// Resolve the API key from the request or a fallback environment variable.
///
/// # Note on `EnvPolicy` bypass
///
/// This function reads the environment variable via [`std::env::var`]
/// directly, intentionally **bypassing** the [`EnvPolicy`](crate::policy::EnvPolicy).
/// Rationale: API keys are infrastructure credentials supplied by the host
/// application, not user-controlled data. Routing them through `EnvPolicy`
/// would require the Lua sandbox operator to explicitly allow sensitive
/// variable names (e.g. `OPENAI_API_KEY`) in the allow-list, which is
/// counter-intuitive — those variables should *not* be readable by Lua
/// scripts. The LLM module needs the key to authenticate, but never
/// exposes it to Lua land (it is wrapped in [`SecretString`]).
pub(super) fn resolve_api_key(
    request_key: &Option<SecretString>,
    env_var: &str,
) -> Result<SecretString, String> {
    if let Some(key) = request_key {
        if !key.expose_secret().is_empty() {
            return Ok(key.clone());
        }
    }
    match std::env::var(env_var) {
        Ok(key) if !key.is_empty() => Ok(SecretString::from(key)),
        _ => Err(format!("{env_var} not set and no api_key provided")),
    }
}

/// Merge `extra` fields into the request body.
///
/// # Warning
///
/// `extra` can override **any** field in the request body, including
/// `model` and `messages`.  If your application needs to restrict
/// which fields are overridable, validate `extra` before passing it
/// to the provider.
///
/// # Rationale
///
/// This intentionally allows overriding core fields.  The caller
/// already controls the API key and all request parameters — there
/// is no security boundary between the Lua script and the provider
/// request.  No major LLM vendor guards against client-side field
/// override either, so restricting it here would add complexity
/// without real benefit.
pub(super) fn merge_extra(body: &mut serde_json::Value, extra: &Option<serde_json::Value>) {
    if let (Some(serde_json::Value::Object(extra_map)), serde_json::Value::Object(body_map)) =
        (extra, body)
    {
        for (k, v) in extra_map {
            body_map.insert(k.clone(), v.clone());
        }
    }
}

/// Create an [`ureq::Agent`] with a per-request timeout, reusing the
/// provider's default agent when the timeout matches.
pub(super) fn agent_with_timeout(
    default: &ureq::Agent,
    default_secs: u64,
    request_secs: u64,
) -> ureq::Agent {
    if request_secs == default_secs {
        default.clone()
    } else {
        let config = ureq::Agent::config_builder()
            .timeout_global(Some(Duration::from_secs(request_secs)))
            .build();
        ureq::Agent::new_with_config(config)
    }
}

/// Saturating conversion from u64 to u32.
pub(super) fn sat_u32(val: u64) -> u32 {
    val.min(u32::MAX as u64) as u32
}

/// Send a JSON POST request and parse the response as JSON.
///
/// Handles serialization, header injection, body reading with limit,
/// and deserialization — the common request/response path shared by
/// all LLM providers.
pub(super) fn post_json(
    agent: &ureq::Agent,
    url: &str,
    body: &serde_json::Value,
    headers: &[(&str, &str)],
    max_response_bytes: u64,
) -> Result<serde_json::Value, String> {
    let body_str = serde_json::to_string(body).map_err(|e| format!("json serialize: {e}"))?;
    let mut req = agent.post(url).content_type("application/json");
    for &(k, v) in headers {
        req = req.header(k, v);
    }
    let mut resp = req.send(body_str.as_bytes()).map_err(|e| e.to_string())?;
    let resp_body = resp
        .body_mut()
        .with_config()
        .limit(max_response_bytes)
        .read_to_string()
        .map_err(|e| format!("read body: {e}"))?;
    serde_json::from_str(&resp_body).map_err(|e| format!("json parse: {e}"))
}

/// Check for an API error in the response JSON.
///
/// Supports two common formats:
/// - OpenAI / Anthropic: `{"error": {"message": "..."}}`
/// - Ollama: `{"error": "..."}`
///
/// `provider` is used to prefix the error message so that callers can
/// identify which provider returned the error (e.g. `"openai: invalid key"`).
///
/// Returns `Err(message)` if an error field is present.
pub(super) fn check_api_error(json: &serde_json::Value, provider: &str) -> Result<(), String> {
    if let Some(err) = json.get("error") {
        let detail = err
            .get("message")
            .and_then(|m| m.as_str())
            .or_else(|| err.as_str())
            .unwrap_or("unknown error");
        return Err(format!("{provider}: {detail}"));
    }
    Ok(())
}

pub(super) fn parse_finish_reason_openai(s: &str) -> FinishReason {
    match s {
        "stop" => FinishReason::Stop,
        "length" => FinishReason::MaxTokens,
        "content_filter" => FinishReason::ContentFilter,
        _ => FinishReason::Error,
    }
}