import { createLLMFirewall } from "llm-firewall-js"

const firewall = createLLMFirewall()

export default async function handler(req, res) {
  firewall.setCors(req, res)

  if (req.method === "OPTIONS") {
    res.status(204).end()
    return
  }

  if (req.method !== "POST") {
    res.status(405).json({ error: "Method not allowed." })
    return
  }

  const body = typeof req.body === "string" ? JSON.parse(req.body) : req.body || {}

  const inputCheck = await firewall.inspectInput({
    request: req,
    body,
    text: body.question || body.prompt || body.message || "",
  })

  if (!inputCheck.ok) {
    firewall.reject(res, inputCheck)
    return
  }

  const modelData = await callYourLLMProvider(body)
  const outputCheck = firewall.inspectOutput(modelData)

  if (!outputCheck.ok) {
    firewall.reject(res, outputCheck)
    return
  }

  res.status(200).json(outputCheck.data)
}

async function callYourLLMProvider(body) {
  return {
    message: `Replace this with your LLM provider call. User asked: ${body.question || body.prompt || body.message || ""}`,
  }
}