highflame_shield/

client.rs

//! [`ShieldClient`] — async HTTP client for highflame-shield.

use std::{sync::Arc, time::Duration};

use reqwest::header::{HeaderMap, HeaderValue, ACCEPT, AUTHORIZATION};
use serde_json::json;
use tokio::sync::Mutex;

use crate::{
    error::ShieldError,
    stream::{parse_sse_response, ShieldStreamEvent},
    types::{
        HealthResponse, ListDetectorsResponse, ShieldRequest, ShieldResponse, ToolContext,
        TokenResponse,
    },
};

// ── Constants ─────────────────────────────────────────────────────────────────

const DEFAULT_TIMEOUT: Duration = Duration::from_secs(30);
const DEFAULT_MAX_RETRIES: u32 = 2;
/// Refresh the token this many seconds before it actually expires.
const TOKEN_REFRESH_BUFFER: Duration = Duration::from_secs(60);
/// HTTP status codes that trigger a retry.
const RETRY_STATUS_CODES: &[u16] = &[429, 500, 502, 503, 504];

const SAAS_BASE_URL: &str = "https://shield.api.highflame.ai";
const SAAS_TOKEN_URL: &str = "https://studio.api.highflame.ai/api/cli-auth/token";

// ── Token cache ───────────────────────────────────────────────────────────────

#[derive(Debug, Clone)]
struct CachedToken {
    access_token: String,
    /// Uses `tokio::time::Instant` so `tokio::time::pause()` / `advance()` work
    /// in tests.
    expires_at: tokio::time::Instant,
    account_id: String,
    project_id: String,
    #[allow(dead_code)]
    gateway_id: String,
}

// ── Options ───────────────────────────────────────────────────────────────────

/// Configuration for [`ShieldClient`].
///
/// ```no_run
/// use highflame_shield::ShieldClientOptions;
/// use std::time::Duration;
///
/// let opts = ShieldClientOptions::new("hf_sk_my_key")
///     .base_url("https://shield.self-hosted.example.com")
///     .timeout(Duration::from_secs(10))
///     .max_retries(1);
/// ```
#[derive(Debug, Clone)]
pub struct ShieldClientOptions {
    pub(crate) api_key: String,
    pub(crate) base_url: Option<String>,
    pub(crate) token_url: Option<String>,
    pub(crate) timeout: Option<Duration>,
    pub(crate) max_retries: Option<u32>,
    pub(crate) account_id: Option<String>,
    pub(crate) project_id: Option<String>,
}

impl ShieldClientOptions {
    /// Create options from just an API key; all other fields take defaults.
    pub fn new(api_key: impl Into<String>) -> Self {
        Self {
            api_key: api_key.into(),
            base_url: None,
            token_url: None,
            timeout: None,
            max_retries: None,
            account_id: None,
            project_id: None,
        }
    }

    /// Override the guard service base URL (default: Highflame SaaS endpoint).
    pub fn base_url(mut self, url: impl Into<String>) -> Self {
        self.base_url = Some(url.into());
        self
    }

    /// Override the token exchange URL (default: Highflame SaaS endpoint).
    /// Only used when `api_key` starts with `hf_sk`.
    pub fn token_url(mut self, url: impl Into<String>) -> Self {
        self.token_url = Some(url.into());
        self
    }

    /// Request timeout (default: 30 s).
    pub fn timeout(mut self, t: Duration) -> Self {
        self.timeout = Some(t);
        self
    }

    /// Number of retries on 429 / 5xx (default: 2).
    pub fn max_retries(mut self, n: u32) -> Self {
        self.max_retries = Some(n);
        self
    }

    /// Override `X-Account-ID` header; takes precedence over the token exchange
    /// value.
    pub fn account_id(mut self, id: impl Into<String>) -> Self {
        self.account_id = Some(id.into());
        self
    }

    /// Override `X-Project-ID` header; takes precedence over the token exchange
    /// value.
    pub fn project_id(mut self, id: impl Into<String>) -> Self {
        self.project_id = Some(id.into());
        self
    }
}

// ── Inner shared state ────────────────────────────────────────────────────────

struct Inner {
    base_url: String,
    api_key: String,
    /// `Some` only when the service-key exchange flow is active.
    token_url: Option<String>,
    timeout: Duration,
    max_retries: u32,
    override_account_id: Option<String>,
    override_project_id: Option<String>,
    /// Pre-built headers for the direct-JWT path (no token exchange).
    static_headers: HeaderMap,
    /// Shared, connection-pooled HTTP client.
    http: reqwest::Client,
    /// Token cache for the service-key flow.
    ///
    /// `tokio::sync::Mutex` is held across the `await` in `exchange_token` so
    /// that concurrent callers block behind the mutex rather than all issuing
    /// their own exchange request.  Once the first caller refreshes the token
    /// and releases the lock, all queued callers find a fresh token on the
    /// fast-path check and return immediately.
    token_cache: Mutex<Option<CachedToken>>,
}

// ── Client ────────────────────────────────────────────────────────────────────

/// Async HTTP client for highflame-shield.
///
/// Cheap to clone — all clones share the underlying connection pool and token
/// cache via [`Arc`].
///
/// # Service key flow
///
/// Keys starting with `hf_sk` are automatically exchanged for a short-lived
/// RS256 JWT via `POST <token_url>`.  The JWT is cached and auto-refreshed 60 s
/// before expiry.  Concurrent callers share a single [`tokio::sync::Mutex`];
/// only one exchange is ever in-flight at a time.
///
/// # Direct JWT flow
///
/// Any other `api_key` value is sent directly as `Authorization: Bearer <key>`,
/// useful when you already hold a short-lived token.
#[derive(Clone)]
pub struct ShieldClient {
    inner: Arc<Inner>,
}

impl ShieldClient {
    /// Create a new [`ShieldClient`].
    pub fn new(options: ShieldClientOptions) -> Self {
        let base_url = options
            .base_url
            .unwrap_or_else(|| SAAS_BASE_URL.to_string());
        let base_url = base_url.trim_end_matches('/').to_string();

        let token_url = if options.api_key.starts_with("hf_sk") {
            Some(
                options
                    .token_url
                    .unwrap_or_else(|| SAAS_TOKEN_URL.to_string()),
            )
        } else {
            None
        };

        let timeout = options.timeout.unwrap_or(DEFAULT_TIMEOUT);
        let max_retries = options.max_retries.unwrap_or(DEFAULT_MAX_RETRIES);

        // Pre-build headers for the direct-JWT (non-exchange) path.
        let mut static_headers = HeaderMap::new();
        static_headers.insert(
            AUTHORIZATION,
            HeaderValue::from_str(&format!("Bearer {}", options.api_key))
                .expect("api_key contains invalid header characters"),
        );
        static_headers.insert(ACCEPT, HeaderValue::from_static("application/json"));
        if let Some(ref id) = options.account_id {
            static_headers.insert(
                reqwest::header::HeaderName::from_static("x-account-id"),
                HeaderValue::from_str(id).expect("account_id contains invalid header characters"),
            );
        }
        if let Some(ref id) = options.project_id {
            static_headers.insert(
                reqwest::header::HeaderName::from_static("x-project-id"),
                HeaderValue::from_str(id).expect("project_id contains invalid header characters"),
            );
        }

        let http = reqwest::Client::builder()
            .build()
            .expect("failed to build reqwest client");

        Self {
            inner: Arc::new(Inner {
                base_url,
                api_key: options.api_key,
                token_url,
                timeout,
                max_retries,
                override_account_id: options.account_id,
                override_project_id: options.project_id,
                static_headers,
                http,
                token_cache: Mutex::new(None),
            }),
        }
    }

    // ── Public accessors ──────────────────────────────────────────────────────

    /// Account ID from the last token exchange, or the constructor override.
    /// Empty when using the direct-JWT flow or before the first exchange.
    pub async fn account_id(&self) -> String {
        if let Some(ref id) = self.inner.override_account_id {
            return id.clone();
        }
        self.inner
            .token_cache
            .lock()
            .await
            .as_ref()
            .map(|t| t.account_id.clone())
            .unwrap_or_default()
    }

    /// Project ID from the last token exchange, or the constructor override.
    /// Empty when using the direct-JWT flow or before the first exchange.
    pub async fn project_id(&self) -> String {
        if let Some(ref id) = self.inner.override_project_id {
            return id.clone();
        }
        self.inner
            .token_cache
            .lock()
            .await
            .as_ref()
            .map(|t| t.project_id.clone())
            .unwrap_or_default()
    }

    // ── Token exchange ────────────────────────────────────────────────────────

    fn build_token_headers(&self, token: &CachedToken) -> Result<HeaderMap, ShieldError> {
        let mut headers = HeaderMap::new();
        headers.insert(
            AUTHORIZATION,
            HeaderValue::from_str(&format!("Bearer {}", token.access_token))
                .map_err(|e| ShieldError::Connection(e.to_string()))?,
        );
        headers.insert(ACCEPT, HeaderValue::from_static("application/json"));

        let account_id = self
            .inner
            .override_account_id
            .as_deref()
            .or_else(|| (!token.account_id.is_empty()).then_some(token.account_id.as_str()));
        let project_id = self
            .inner
            .override_project_id
            .as_deref()
            .or_else(|| (!token.project_id.is_empty()).then_some(token.project_id.as_str()));

        if let Some(id) = account_id {
            headers.insert(
                reqwest::header::HeaderName::from_static("x-account-id"),
                HeaderValue::from_str(id).map_err(|e| ShieldError::Connection(e.to_string()))?,
            );
        }
        if let Some(id) = project_id {
            headers.insert(
                reqwest::header::HeaderName::from_static("x-project-id"),
                HeaderValue::from_str(id).map_err(|e| ShieldError::Connection(e.to_string()))?,
            );
        }
        Ok(headers)
    }

    async fn exchange_token(&self) -> Result<CachedToken, ShieldError> {
        let url = self
            .inner
            .token_url
            .as_ref()
            .expect("exchange_token called without a token_url");

        let resp = self
            .inner
            .http
            .post(url)
            .json(&json!({ "grant_type": "api_key", "api_key": self.inner.api_key }))
            .timeout(self.inner.timeout)
            .send()
            .await
            .map_err(|e| ShieldError::Connection(e.to_string()))?;

        if !resp.status().is_success() {
            return Err(parse_api_error(resp).await);
        }

        let tok: TokenResponse = resp.json().await?;
        let ttl = Duration::from_secs(tok.expires_in).saturating_sub(TOKEN_REFRESH_BUFFER);
        Ok(CachedToken {
            access_token: tok.access_token,
            expires_at: tokio::time::Instant::now() + ttl,
            account_id: tok.account_id,
            project_id: tok.project_id,
            gateway_id: tok.gateway_id,
        })
    }

    /// Return auth headers, exchanging or refreshing the JWT as needed.
    ///
    /// The `tokio::sync::Mutex` on the token cache is held across the `await`
    /// in [`exchange_token`] so that:
    /// - Only one exchange is ever in-flight at a time.
    /// - Concurrent callers that see an expired token block behind the mutex;
    ///   once the first completes, the rest find a fresh token on the fast-path
    ///   check and return immediately without re-exchanging.
    ///
    /// Exposed publicly so callers can forward Shield credentials to their own
    /// HTTP clients (e.g. a reverse proxy).
    pub async fn get_auth_headers(&self) -> Result<HeaderMap, ShieldError> {
        if self.inner.token_url.is_none() {
            return Ok(self.inner.static_headers.clone());
        }

        let mut cache = self.inner.token_cache.lock().await;

        // Fast path: token is still valid.
        if let Some(ref token) = *cache {
            if tokio::time::Instant::now() < token.expires_at {
                return self.build_token_headers(token);
            }
        }

        // Token absent or expired — exchange while holding the lock.
        let new_token = self.exchange_token().await?;
        let headers = self.build_token_headers(&new_token)?;
        *cache = Some(new_token);
        Ok(headers)
    }

    // ── Request helpers ───────────────────────────────────────────────────────

    async fn send_with_retry(
        &self,
        method: reqwest::Method,
        path: &str,
        json_body: Option<&serde_json::Value>,
    ) -> Result<reqwest::Response, ShieldError> {
        let url = format!("{}{}", self.inner.base_url, path);
        let mut last_err =
            ShieldError::Connection("request failed after all retries".to_string());

        for attempt in 0..=self.inner.max_retries {
            if attempt > 0 {
                let delay = Duration::from_millis(1_000 * 2u64.pow(attempt - 1));
                tokio::time::sleep(delay).await;
            }

            let headers = self.get_auth_headers().await?;
            let mut req = self
                .inner
                .http
                .request(method.clone(), &url)
                .headers(headers)
                .timeout(self.inner.timeout);

            if let Some(body) = json_body {
                req = req.json(body);
            }

            let resp = match req.send().await {
                Ok(r) => r,
                Err(e) if e.is_timeout() => {
                    last_err = ShieldError::Connection(format!("request timed out: {e}"));
                    continue;
                }
                Err(e) => return Err(ShieldError::Connection(e.to_string())),
            };

            if !RETRY_STATUS_CODES.contains(&resp.status().as_u16()) {
                return Ok(resp);
            }

            last_err = parse_api_error(resp).await;
        }

        Err(last_err)
    }

    // ── Public API ────────────────────────────────────────────────────────────

    /// Evaluate content against guard policies.
    ///
    /// `POST /v1/guard` — full detect + Cedar evaluate.
    pub async fn guard(&self, request: &ShieldRequest) -> Result<ShieldResponse, ShieldError> {
        let body = serde_json::to_value(request)?;
        let resp = self
            .send_with_retry(reqwest::Method::POST, "/v1/guard", Some(&body))
            .await?;
        if !resp.status().is_success() {
            return Err(parse_api_error(resp).await);
        }
        Ok(resp.json().await?)
    }

    /// Shorthand: evaluate a user prompt.
    ///
    /// Equivalent to [`guard`] with `content_type: "prompt"` and
    /// `action: "process_prompt"`.
    pub async fn guard_prompt(
        &self,
        content: &str,
        mode: Option<&str>,
        session_id: Option<&str>,
    ) -> Result<ShieldResponse, ShieldError> {
        self.guard(&ShieldRequest {
            content: content.to_string(),
            content_type: "prompt".to_string(),
            action: "process_prompt".to_string(),
            mode: mode.map(str::to_string),
            session_id: session_id.map(str::to_string),
            ..Default::default()
        })
        .await
    }

    /// Shorthand: evaluate a tool call.
    ///
    /// Equivalent to [`guard`] with `content_type: "tool_call"` and
    /// `action: "call_tool"`.
    pub async fn guard_tool_call(
        &self,
        tool_name: &str,
        arguments: Option<std::collections::HashMap<String, serde_json::Value>>,
        mode: Option<&str>,
        session_id: Option<&str>,
    ) -> Result<ShieldResponse, ShieldError> {
        self.guard(&ShieldRequest {
            content: format!("Tool call: {tool_name}"),
            content_type: "tool_call".to_string(),
            action: "call_tool".to_string(),
            mode: mode.map(str::to_string),
            session_id: session_id.map(str::to_string),
            tool: Some(ToolContext {
                name: tool_name.to_string(),
                arguments,
                ..Default::default()
            }),
            ..Default::default()
        })
        .await
    }

    /// Evaluate content with SSE streaming.
    ///
    /// `POST /v1/guard/stream` — returns a `Stream` of [`ShieldStreamEvent`]s.
    /// The first `Err` in the stream terminates it.
    pub async fn stream(
        &self,
        request: &ShieldRequest,
    ) -> Result<
        impl futures_util::Stream<Item = Result<ShieldStreamEvent, ShieldError>>,
        ShieldError,
    > {
        let url = format!("{}/v1/guard/stream", self.inner.base_url);
        let mut headers = self.get_auth_headers().await?;
        headers.insert(ACCEPT, HeaderValue::from_static("text/event-stream"));

        let resp = self
            .inner
            .http
            .post(&url)
            .headers(headers)
            .json(request)
            .timeout(self.inner.timeout)
            .send()
            .await
            .map_err(|e| ShieldError::Connection(e.to_string()))?;

        if !resp.status().is_success() {
            return Err(parse_api_error(resp).await);
        }

        Ok(parse_sse_response(resp))
    }

    /// Get detailed service health.
    ///
    /// `GET /v1/health` — returns detector statuses and evaluator state.
    pub async fn health(&self) -> Result<HealthResponse, ShieldError> {
        let resp = self
            .send_with_retry(reqwest::Method::GET, "/v1/health", None)
            .await?;
        if !resp.status().is_success() {
            return Err(parse_api_error(resp).await);
        }
        Ok(resp.json().await?)
    }

    /// List available detectors.
    ///
    /// `GET /v1/detectors` — returns detector names, tiers, and health.
    pub async fn list_detectors(&self) -> Result<ListDetectorsResponse, ShieldError> {
        let resp = self
            .send_with_retry(reqwest::Method::GET, "/v1/detectors", None)
            .await?;
        if !resp.status().is_success() {
            return Err(parse_api_error(resp).await);
        }
        Ok(resp.json().await?)
    }
}

// ── Helpers ───────────────────────────────────────────────────────────────────

/// Parse an RFC 9457 Problem Details body from a non-2xx response.
async fn parse_api_error(resp: reqwest::Response) -> ShieldError {
    let status = resp.status().as_u16();
    match resp.json::<serde_json::Value>().await {
        Ok(body) => ShieldError::Api {
            status,
            title: body["title"].as_str().unwrap_or("Error").to_string(),
            detail: body["detail"].as_str().unwrap_or("").to_string(),
        },
        Err(_) => ShieldError::Api {
            status,
            title: "Error".to_string(),
            detail: String::new(),
        },
    }
}